From 6dc0bdbfa377eef1198063bccd41bd86a0858800 Mon Sep 17 00:00:00 2001
From: Tomasz Orzechowski <tomasz@moonfox.pl>
Date: Tue, 9 Jan 2024 22:03:24 +0100
Subject: [PATCH 001/755] Proper number of threads regex.

---
 helper-scripts/backup_and_restore.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/helper-scripts/backup_and_restore.sh b/helper-scripts/backup_and_restore.sh
index ee9f0202d..9a0561059 100755
--- a/helper-scripts/backup_and_restore.sh
+++ b/helper-scripts/backup_and_restore.sh
@@ -54,10 +54,10 @@ COMPOSE_FILE=${SCRIPT_DIR}/../docker-compose.yml
 ENV_FILE=${SCRIPT_DIR}/../.env
 THREADS=$(echo ${THREADS:-1})
 
-if ! [[ "${THREADS}" =~ ^[1-9]+$ ]] ; then
+if ! [[ "${THREADS}" =~ ^[1-9][0-9]?$ ]] ; then
   echo "Thread input is not a number!"
   exit 1
-elif [[ "${THREADS}" =~ ^[1-9]+$ ]] ; then
+elif [[ "${THREADS}" =~ ^[1-9][0-9]?$ ]] ; then
   echo "Using ${THREADS} Thread(s) for this run."
   echo "Notice: You can set the Thread count with the THREADS Variable before you run this script."
 fi

From ed493f9c3a63d94ef10b149829fe3a752c3532e3 Mon Sep 17 00:00:00 2001
From: KagurazakaNyaa <dev@kagurazakanyaa.com>
Date: Thu, 18 Jan 2024 23:28:03 +0800
Subject: [PATCH 002/755] Allow user skip unbound healthcheck

---
 data/Dockerfiles/unbound/healthcheck.sh | 10 ++++++++++
 generate_config.sh                      |  4 ++++
 2 files changed, 14 insertions(+)

diff --git a/data/Dockerfiles/unbound/healthcheck.sh b/data/Dockerfiles/unbound/healthcheck.sh
index ea94f63b3..760aa02bb 100644
--- a/data/Dockerfiles/unbound/healthcheck.sh
+++ b/data/Dockerfiles/unbound/healthcheck.sh
@@ -1,5 +1,10 @@
 #!/bin/bash
 
+# Skipping DNS check
+if [[ "${SKIP_DNS_CHECK}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+    SKIP_DNS_CHECK=y
+fi
+
 # Declare log function for logfile inside container
 function log_to_file() {
     echo "$(date +"%Y-%m-%d %H:%M:%S"): $1" > /var/log/healthcheck.log
@@ -66,6 +71,11 @@ function check_netcat() {
 
 }
 
+if [[ ${SKIP_DNS_CHECK} == "y" ]]; then
+    log_to_file "Healthcheck: ALL CHECKS WERE SKIPPED! Unbound is healthy!"
+    exit 0
+fi
+
 # run checks, if check is not returning 0 (return value if check is ok), healthcheck will exit with 1 (marked in docker as unhealthy)
 check_ping
 
diff --git a/generate_config.sh b/generate_config.sh
index 2986f1689..0c8a9bcfe 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -363,6 +363,10 @@ SKIP_IP_CHECK=n
 
 SKIP_HTTP_VERIFICATION=n
 
+# Skip DNS check in Unbound container - y/n
+
+SKIP_DNS_CHECK=n
+
 # Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n
 
 SKIP_CLAMD=${SKIP_CLAMD}

From b89d71e6e4d42d1082f92914ff453d1272c67088 Mon Sep 17 00:00:00 2001
From: KagurazakaNyaa <dev@kagurazakanyaa.com>
Date: Thu, 18 Jan 2024 23:48:59 +0800
Subject: [PATCH 003/755] change variable name

---
 data/Dockerfiles/unbound/healthcheck.sh | 8 ++++----
 generate_config.sh                      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/data/Dockerfiles/unbound/healthcheck.sh b/data/Dockerfiles/unbound/healthcheck.sh
index 760aa02bb..a96eaab41 100644
--- a/data/Dockerfiles/unbound/healthcheck.sh
+++ b/data/Dockerfiles/unbound/healthcheck.sh
@@ -1,8 +1,8 @@
 #!/bin/bash
 
-# Skipping DNS check
-if [[ "${SKIP_DNS_CHECK}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-    SKIP_DNS_CHECK=y
+# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!)
+if [[ "${SKIP_UNBOUND_HEALTHCHECK}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+    SKIP_UNBOUND_HEALTHCHECK=y
 fi
 
 # Declare log function for logfile inside container
@@ -71,7 +71,7 @@ function check_netcat() {
 
 }
 
-if [[ ${SKIP_DNS_CHECK} == "y" ]]; then
+if [[ ${SKIP_UNBOUND_HEALTHCHECK} == "y" ]]; then
     log_to_file "Healthcheck: ALL CHECKS WERE SKIPPED! Unbound is healthy!"
     exit 0
 fi
diff --git a/generate_config.sh b/generate_config.sh
index 0c8a9bcfe..e936348ec 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -365,7 +365,7 @@ SKIP_HTTP_VERIFICATION=n
 
 # Skip DNS check in Unbound container - y/n
 
-SKIP_DNS_CHECK=n
+SKIP_UNBOUND_HEALTHCHECK=n
 
 # Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n
 

From aa1d92dfbbcb555caf5f1a39032b7361254240aa Mon Sep 17 00:00:00 2001
From: KagurazakaNyaa <dev@kagurazakanyaa.com>
Date: Thu, 18 Jan 2024 23:50:26 +0800
Subject: [PATCH 004/755] add SKIP_UNBOUND_HEALTHCHECK to docker-compose.yml

---
 docker-compose.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index 5a0730c7e..4f5a4d31c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,6 +5,7 @@ services:
       image: mailcow/unbound:1.19.1
       environment:
         - TZ=${TZ}
+        - SKIP_UNBOUND_HEALTHCHECK=${SKIP_UNBOUND_HEALTHCHECK:-n}
       volumes:
         - ./data/hooks/unbound:/hooks:Z
         - ./data/conf/unbound/unbound.conf:/etc/unbound/unbound.conf:ro,Z

From d2edf359ac3ebdc51d56aab488ffc5dd927db13b Mon Sep 17 00:00:00 2001
From: KagurazakaNyaa <dev@kagurazakanyaa.com>
Date: Thu, 18 Jan 2024 23:53:08 +0800
Subject: [PATCH 005/755] update config comment

---
 generate_config.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/generate_config.sh b/generate_config.sh
index e936348ec..e62d16892 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -363,7 +363,7 @@ SKIP_IP_CHECK=n
 
 SKIP_HTTP_VERIFICATION=n
 
-# Skip DNS check in Unbound container - y/n
+# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n
 
 SKIP_UNBOUND_HEALTHCHECK=n
 

From 9d4055fc4d3a67221160f0d8342f41f77e28dd8e Mon Sep 17 00:00:00 2001
From: KagurazakaNyaa <dev@kagurazakanyaa.com>
Date: Fri, 19 Jan 2024 00:07:51 +0800
Subject: [PATCH 006/755] add parameter SKIP_UNBOUND_HEALTHCHECK to old
 installations

---
 update.sh | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/update.sh b/update.sh
index 623242d5b..ad77beac7 100755
--- a/update.sh
+++ b/update.sh
@@ -480,6 +480,7 @@ CONFIG_ARRAY=(
   "WATCHDOG_VERBOSE"
   "WEBAUTHN_ONLY_TRUSTED_VENDORS"
   "SPAMHAUS_DQS_KEY"
+  "SKIP_UNBOUND_HEALTHCHECK"
 )
 
 detect_bad_asn
@@ -747,6 +748,12 @@ for option in ${CONFIG_ARRAY[@]}; do
       echo '# Enable watchdog verbose logging' >> mailcow.conf
       echo 'WATCHDOG_VERBOSE=n' >> mailcow.conf
     fi
+  elif [[ ${option} == "SKIP_UNBOUND_HEALTHCHECK" ]]; then
+    if ! grep -q ${option} mailcow.conf; then
+      echo "Adding new option \"${option}\" to mailcow.conf"
+      echo '# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n' >> mailcow.conf
+      echo 'SKIP_UNBOUND_HEALTHCHECK=n' >> mailcow.conf
+    fi
   elif ! grep -q ${option} mailcow.conf; then
     echo "Adding new option \"${option}\" to mailcow.conf"
     echo "${option}=n" >> mailcow.conf

From 25bdc4c9ed93392e71ee0b32bcdb51572bd75172 Mon Sep 17 00:00:00 2001
From: Luca Barbato <lu_zero@gentoo.org>
Date: Mon, 22 Jan 2024 09:50:24 +0100
Subject: [PATCH 007/755] Test for openrc configuration file instead of alpine

This way other distro using openrc can be supported.
---
 update.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/update.sh b/update.sh
index 623242d5b..4e16f1193 100755
--- a/update.sh
+++ b/update.sh
@@ -116,11 +116,11 @@ migrate_docker_nat() {
       echo "Working on IPv6 NAT, please wait..."
       echo ${NAT_CONFIG} > /etc/docker/daemon.json
       ip6tables -F -t nat
-      [[ -e /etc/alpine-release ]] && rc-service docker restart || systemctl restart docker.service
+      [[ -e /etc/rc.conf ]] && rc-service docker restart || systemctl restart docker.service
       if [[ $? -ne 0 ]]; then
         echo -e "\e[31mError:\e[0m Failed to activate IPv6 NAT! Reverting and exiting."
         rm /etc/docker/daemon.json
-        if [[ -e /etc/alpine-release ]]; then
+        if [[ -e /etc/rc.conf ]]; then
           rc-service docker restart
         else
           systemctl reset-failed docker.service

From 53be119e39b0db25c45bb0f058f5259e6b9d1347 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Mon, 22 Jan 2024 10:22:24 +0100
Subject: [PATCH 008/755] compose: bump unbound version

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 4f5a4d31c..4e7420567 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,7 +2,7 @@ version: '2.1'
 services:
 
     unbound-mailcow:
-      image: mailcow/unbound:1.19.1
+      image: mailcow/unbound:1.20
       environment:
         - TZ=${TZ}
         - SKIP_UNBOUND_HEALTHCHECK=${SKIP_UNBOUND_HEALTHCHECK:-n}

From 6e7a0eb66222e52d8144802c132c2131d1badd45 Mon Sep 17 00:00:00 2001
From: Nya Candy <dev@candinya.com>
Date: Thu, 18 Jan 2024 15:00:54 +0800
Subject: [PATCH 009/755] fix: watchdog webhook body variables injector

---
 data/Dockerfiles/watchdog/watchdog.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/watchdog/watchdog.sh b/data/Dockerfiles/watchdog/watchdog.sh
index d43cb38ac..cb342c138 100755
--- a/data/Dockerfiles/watchdog/watchdog.sh
+++ b/data/Dockerfiles/watchdog/watchdog.sh
@@ -170,7 +170,7 @@ function notify_error() {
     fi
 
     # Replace subject and body placeholders
-    WEBHOOK_BODY=$(echo ${WATCHDOG_NOTIFY_WEBHOOK_BODY} | sed "s|\$SUBJECT\|\${SUBJECT}|$SUBJECT|g" | sed "s|\$BODY\|\${BODY}|$BODY|")
+    WEBHOOK_BODY=$(echo ${WATCHDOG_NOTIFY_WEBHOOK_BODY} | sed "s/\$SUBJECT\|\${SUBJECT}/$SUBJECT/g" | sed "s/\$BODY\|\${BODY}/$BODY/g")
     
     # POST to webhook
     curl -X POST -H "Content-Type: application/json" ${CURL_VERBOSE} -d "${WEBHOOK_BODY}" ${WATCHDOG_NOTIFY_WEBHOOK}

From 7da5e3697e4373fb8220bbc5bcfa79aa98793743 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Mon, 22 Jan 2024 10:31:27 +0100
Subject: [PATCH 010/755] compose: bump watchdog version

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 5a0730c7e..7dbfe0e5f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -457,7 +457,7 @@ services:
         - /lib/modules:/lib/modules:ro
 
     watchdog-mailcow:
-      image: mailcow/watchdog:2.01
+      image: mailcow/watchdog:2.02
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       tmpfs:

From a0613e4b1085d3a4de8f5872b0a6deeed8efc066 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Mon, 22 Jan 2024 11:26:26 +0100
Subject: [PATCH 011/755] fix: rollback of Alpine 3.19 were possible

---
 data/Dockerfiles/acme/Dockerfile     | 2 +-
 data/Dockerfiles/phpfpm/Dockerfile   | 2 +-
 data/Dockerfiles/unbound/Dockerfile  | 2 +-
 data/Dockerfiles/watchdog/Dockerfile | 2 +-
 docker-compose.yml                   | 4 ++--
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/data/Dockerfiles/acme/Dockerfile b/data/Dockerfiles/acme/Dockerfile
index 08271bddb..254b5b331 100644
--- a/data/Dockerfiles/acme/Dockerfile
+++ b/data/Dockerfiles/acme/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.18
 
 LABEL maintainer "The Infrastructure Company GmbH GmbH <info@servercow.de>"
 
diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index c1a35f4d3..22036b9b3 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:8.2-fpm-alpine3.19
+FROM php:8.2-fpm-alpine3.18
 LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 # renovate: datasource=github-tags depName=krakjoe/apcu versioning=semver-coerced extractVersion=^v(?<version>.*)$
diff --git a/data/Dockerfiles/unbound/Dockerfile b/data/Dockerfiles/unbound/Dockerfile
index 4411a1d26..f56cbc6e5 100644
--- a/data/Dockerfiles/unbound/Dockerfile
+++ b/data/Dockerfiles/unbound/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.18
 
 LABEL maintainer "The Infrastructure Company GmbH GmbH <info@servercow.de>"
 
diff --git a/data/Dockerfiles/watchdog/Dockerfile b/data/Dockerfiles/watchdog/Dockerfile
index b94789aac..73acde68f 100644
--- a/data/Dockerfiles/watchdog/Dockerfile
+++ b/data/Dockerfiles/watchdog/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.18
 LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 # Installation
diff --git a/docker-compose.yml b/docker-compose.yml
index 739108bcb..c1883f907 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -108,7 +108,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.86
+      image: mailcow/phpfpm:1.87
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow
@@ -399,7 +399,7 @@ services:
           condition: service_started
         unbound-mailcow:
           condition: service_healthy
-      image: mailcow/acme:1.86
+      image: mailcow/acme:1.87
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:

From deb6f0babc5017a2d140d971a8dbab289e5f3072 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Tue, 23 Jan 2024 08:46:06 +0100
Subject: [PATCH 012/755] issue: added architecture as dropdown

---
 .github/ISSUE_TEMPLATE/Bug_report.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.yml b/.github/ISSUE_TEMPLATE/Bug_report.yml
index 3cfbbe0dc..afa1a27f8 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/Bug_report.yml
@@ -62,6 +62,16 @@ body:
         - nightly
     validations:
       required: true
+  - type: dropdown
+    attributes:
+      label: "Which architecture are you using?"
+      description: "#### `uname -m`"
+      multiple: false
+      options:
+        - x86
+        - ARM64 (aarch64)
+    validations:
+      required: true
   - type: input
     attributes:
       label: "Operating System:"

From f74573f5d04cf578e4101a5e32a0814d9fd849ae Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 31 Jan 2024 16:14:42 +0100
Subject: [PATCH 013/755] chore(deps): update peter-evans/create-pull-request
 action to v6 (#5683)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/update_postscreen_access_list.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/update_postscreen_access_list.yml b/.github/workflows/update_postscreen_access_list.yml
index 42502f303..ddfa7ac86 100644
--- a/.github/workflows/update_postscreen_access_list.yml
+++ b/.github/workflows/update_postscreen_access_list.yml
@@ -22,7 +22,7 @@ jobs:
           bash helper-scripts/update_postscreen_whitelist.sh
 
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v5
+      uses: peter-evans/create-pull-request@v6
       with:
         token: ${{ secrets.mailcow_action_Update_postscreen_access_cidr_pat }}
         commit-message: update postscreen_access.cidr

From cc77caad671f0ae40068351861d81712da8f2b9e Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Thu, 1 Feb 2024 00:13:51 +0000
Subject: [PATCH 014/755] update postscreen_access.cidr

---
 data/conf/postfix/postscreen_access.cidr | 81 +++++++++++++++++-------
 1 file changed, 59 insertions(+), 22 deletions(-)

diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr
index 0497e64a0..e8273ecc5 100644
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@@ -1,9 +1,10 @@
-# Whitelist generated by Postwhite v3.4 on Mon Jan  1 00:15:22 UTC 2024
+# Whitelist generated by Postwhite v3.4 on Thu Feb  1 00:13:50 UTC 2024
 # https://github.com/stevejenkins/postwhite/
-# 2052 total rules
+# 2089 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
 2a01:111:f403:8000::/50	permit
+2a01:111:f403:8000::/51	permit
 2a01:111:f403::/49	permit
 2a01:111:f403:c000::/51	permit
 2a01:111:f403:f000::/52	permit
@@ -116,7 +117,6 @@
 40.92.0.0/16	permit
 40.107.0.0/16	permit
 40.112.65.63	permit
-40.117.80.0/24	permit
 43.228.184.0/22	permit
 44.206.138.57	permit
 44.209.42.157	permit
@@ -206,7 +206,6 @@
 52.95.49.88/29	permit
 52.96.91.34	permit
 52.96.111.82	permit
-52.96.172.98	permit
 52.96.214.50	permit
 52.96.222.194	permit
 52.96.222.226	permit
@@ -405,7 +404,6 @@
 66.196.81.228/30	permit
 66.196.81.232/31	permit
 66.196.81.234	permit
-66.211.168.230/31	permit
 66.211.170.88/29	permit
 66.211.184.0/23	permit
 66.218.74.64/30	permit
@@ -594,9 +592,10 @@
 74.112.67.243	permit
 74.125.0.0/16	permit
 74.202.227.40	permit
-74.208.4.192/26	permit
-74.208.5.64/26	permit
-74.208.122.0/26	permit
+74.208.4.200	permit
+74.208.4.201	permit
+74.208.4.220	permit
+74.208.4.221	permit
 74.209.250.0/24	permit
 75.2.70.75	permit
 76.223.128.0/19	permit
@@ -624,12 +623,20 @@
 77.238.189.148/30	permit
 81.7.169.128/25	permit
 81.223.46.0/27	permit
-82.165.159.0/24	permit
-82.165.159.0/26	permit
-82.165.229.31	permit
-82.165.229.130	permit
-82.165.230.21	permit
-82.165.230.22	permit
+82.165.159.2	permit
+82.165.159.3	permit
+82.165.159.4	permit
+82.165.159.12	permit
+82.165.159.13	permit
+82.165.159.14	permit
+82.165.159.34	permit
+82.165.159.35	permit
+82.165.159.40	permit
+82.165.159.41	permit
+82.165.159.42	permit
+82.165.159.45	permit
+82.165.159.130	permit
+82.165.159.131	permit
 84.116.6.0/23	permit
 84.116.36.0/24	permit
 84.116.50.0/23	permit
@@ -1430,6 +1437,7 @@
 135.84.216.0/22	permit
 136.143.160.0/24	permit
 136.143.161.0/24	permit
+136.143.178.49	permit
 136.143.182.0/23	permit
 136.143.184.0/24	permit
 136.143.188.0/24	permit
@@ -1952,12 +1960,41 @@
 212.82.111.228/31	permit
 212.82.111.230	permit
 212.123.28.40	permit
-212.227.15.0/24	permit
-212.227.15.0/25	permit
-212.227.17.0/27	permit
-212.227.126.128/25	permit
+212.227.15.3	permit
+212.227.15.4	permit
+212.227.15.5	permit
+212.227.15.6	permit
+212.227.15.14	permit
+212.227.15.15	permit
+212.227.15.18	permit
+212.227.15.19	permit
+212.227.15.25	permit
+212.227.15.26	permit
+212.227.15.29	permit
+212.227.15.44	permit
+212.227.15.45	permit
+212.227.15.46	permit
+212.227.15.47	permit
+212.227.15.50	permit
+212.227.15.52	permit
+212.227.15.53	permit
+212.227.15.54	permit
+212.227.15.55	permit
+212.227.17.11	permit
+212.227.17.12	permit
+212.227.17.18	permit
+212.227.17.19	permit
+212.227.17.20	permit
+212.227.17.21	permit
+212.227.17.22	permit
+212.227.17.26	permit
+212.227.17.28	permit
+212.227.17.29	permit
+212.227.126.224	permit
+212.227.126.225	permit
+212.227.126.226	permit
+212.227.126.227	permit
 213.46.255.0/24	permit
-213.165.64.0/23	permit
 213.199.128.139	permit
 213.199.128.145	permit
 213.199.138.181	permit
@@ -2021,10 +2058,10 @@
 216.203.30.55	permit
 216.203.33.178/31	permit
 216.205.24.0/24	permit
+216.221.160.0/19	permit
 216.239.32.0/19	permit
-217.72.192.64/26	permit
-217.72.192.248/29	permit
-217.72.207.0/27	permit
+217.72.192.77	permit
+217.72.192.78	permit
 217.77.141.52	permit
 217.77.141.59	permit
 217.175.194.0/24	permit

From 93e4d586060aa1045395aae1bcf7a7126bbdc9f1 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Thu, 1 Feb 2024 08:41:11 +0100
Subject: [PATCH 015/755] sogo: fix ACL allow authenticated users + rebuild on
 Bookworm

---
 data/Dockerfiles/sogo/Dockerfile | 7 ++++---
 docker-compose.yml               | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/data/Dockerfiles/sogo/Dockerfile b/data/Dockerfiles/sogo/Dockerfile
index 54d676b9a..a4601c405 100644
--- a/data/Dockerfiles/sogo/Dockerfile
+++ b/data/Dockerfiles/sogo/Dockerfile
@@ -1,7 +1,8 @@
-FROM debian:bullseye-slim
+FROM debian:bookworm-slim
 LABEL maintainer "The Infrastructure Company GmbH GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
+ARG DEBIAN_VERSION=bookworm
 ARG SOGO_DEBIAN_REPOSITORY=http://www.axis.cz/linux/debian
 # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced extractVersion=^(?<version>.*)$
 ARG GOSU_VERSION=1.17
@@ -21,7 +22,7 @@ RUN echo "Building from repository $SOGO_DEBIAN_REPOSITORY" \
   syslog-ng-core \
   syslog-ng-mod-redis \
   dirmngr \
-  netcat \
+  netcat-traditional \
   psmisc \
   wget \
   patch \
@@ -32,7 +33,7 @@ RUN echo "Building from repository $SOGO_DEBIAN_REPOSITORY" \
   && mkdir /usr/share/doc/sogo \
   && touch /usr/share/doc/sogo/empty.sh \
   && apt-key adv --keyserver keys.openpgp.org --recv-key 74FFC6D72B925A34B5D356BDF8A27B36A6E2EAE9 \
-  && echo "deb [trusted=yes] ${SOGO_DEBIAN_REPOSITORY} bullseye sogo-v5" > /etc/apt/sources.list.d/sogo.list \
+  && echo "deb [trusted=yes] ${SOGO_DEBIAN_REPOSITORY} ${DEBIAN_VERSION} sogo-v5" > /etc/apt/sources.list.d/sogo.list \
   && apt-get update && apt-get install -y --no-install-recommends \
     sogo \
     sogo-activesync \
diff --git a/docker-compose.yml b/docker-compose.yml
index c1883f907..8dc193ebe 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -172,7 +172,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.121
+      image: mailcow/sogo:1.122
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}

From b236fd3ac683ea1434521807c5d118040b54882c Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 30 Jan 2024 10:15:33 +0100
Subject: [PATCH 016/755] [Netfilter] add mailcow isolation rule to MAILCOW
 chain

[Netfilter] add mailcow rule to docker-user chain

[Netfilter] add mailcow isolation rule to MAILCOW chain

[Netfilter] add mailcow isolation rule to MAILCOW chain

[Netfilter] set mailcow isolation rule before redis

[Netfilter] clear bans in redis after connecting

[Netfilter] simplify mailcow isolation rule for compatibility with iptables-nft

[Netfilter] stop container after mariadb, redis, dovecot, solr

[Netfilter] simplify mailcow isolation rule for compatibility with iptables-nft

[Netfilter] add exception for mailcow isolation rule for HA setups

[Netfilter] add exception for mailcow isolation rule for HA setups

[Netfilter] add DISABLE_NETFILTER_ISOLATION_RULE

[Netfilter] fix wrong var name

[Netfilter] add DISABLE_NETFILTER_ISOLATION_RULE to update and generate_config sh
---
 .gitignore                                    |   1 +
 data/Dockerfiles/dovecot/docker-entrypoint.sh |   9 +
 data/Dockerfiles/netfilter/main.py            |  90 ++++++----
 .../Dockerfiles/netfilter/modules/IPTables.py |  39 +++++
 data/Dockerfiles/netfilter/modules/Logger.py  |   3 +-
 .../Dockerfiles/netfilter/modules/NFTables.py | 165 +++++++++++++++++-
 data/conf/dovecot/dovecot.conf                |   3 +
 docker-compose.yml                            |  16 +-
 generate_config.sh                            |   3 +
 update.sh                                     |   8 +
 10 files changed, 290 insertions(+), 47 deletions(-)

diff --git a/.gitignore b/.gitignore
index 3595ecb1e..e25639a70 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,6 +13,7 @@ data/conf/dovecot/acl_anyone
 data/conf/dovecot/dovecot-master.passwd
 data/conf/dovecot/dovecot-master.userdb
 data/conf/dovecot/extra.conf
+data/conf/dovecot/mail_replica.conf
 data/conf/dovecot/global_sieve_*
 data/conf/dovecot/last_login
 data/conf/dovecot/lua
diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index f1e2e9668..a9545f338 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -335,6 +335,15 @@ sys.exit()
 EOF
 fi
 
+# Set mail_replica for HA setups
+if [[ -n ${MAILCOW_REPLICA_IP} && -n ${DOVEADM_REPLICA_PORT} ]]; then
+  cat <<EOF > /etc/dovecot/mail_replica.conf
+# Autogenerated by mailcow
+mail_replica = tcp:${MAILCOW_REPLICA_IP}:${DOVEADM_REPLICA_PORT}
+EOF
+fi
+
+
 # 401 is user dovecot
 if [[ ! -s /mail_crypt/ecprivkey.pem || ! -s /mail_crypt/ecpubkey.pem ]]; then
 	openssl ecparam -name prime256v1 -genkey | openssl pkey -out /mail_crypt/ecprivkey.pem
diff --git a/data/Dockerfiles/netfilter/main.py b/data/Dockerfiles/netfilter/main.py
index d5c1db502..8480c9efa 100644
--- a/data/Dockerfiles/netfilter/main.py
+++ b/data/Dockerfiles/netfilter/main.py
@@ -21,28 +21,6 @@ from modules.IPTables import IPTables
 from modules.NFTables import NFTables
 
 
-# connect to redis
-while True:
-  try:
-    redis_slaveof_ip = os.getenv('REDIS_SLAVEOF_IP', '')
-    redis_slaveof_port = os.getenv('REDIS_SLAVEOF_PORT', '')
-    if "".__eq__(redis_slaveof_ip):
-      r = redis.StrictRedis(host=os.getenv('IPV4_NETWORK', '172.22.1') + '.249', decode_responses=True, port=6379, db=0)
-    else:
-      r = redis.StrictRedis(host=redis_slaveof_ip, decode_responses=True, port=redis_slaveof_port, db=0)
-    r.ping()
-  except Exception as ex:
-    print('%s - trying again in 3 seconds'  % (ex))
-    time.sleep(3)
-  else:
-    break
-pubsub = r.pubsub()
-
-# rename fail2ban to netfilter
-if r.exists('F2B_LOG'):
-  r.rename('F2B_LOG', 'NETFILTER_LOG')
-
-
 # globals
 WHITELIST = []
 BLACKLIST= []
@@ -50,18 +28,8 @@ bans = {}
 quit_now = False
 exit_code = 0
 lock = Lock()
-
-
-# init Logger
-logger = Logger(r)
-# init backend
-backend = sys.argv[1]
-if backend == "nftables":
-  logger.logInfo('Using NFTables backend')
-  tables = NFTables("MAILCOW", logger)
-else:
-  logger.logInfo('Using IPTables backend')
-  tables = IPTables("MAILCOW", logger)
+chain_name = "MAILCOW"
+r = None
 
 
 def refreshF2boptions():
@@ -250,9 +218,10 @@ def clear():
   with lock:
     tables.clearIPv4Table()
     tables.clearIPv6Table()
-    r.delete('F2B_ACTIVE_BANS')
-    r.delete('F2B_PERM_BANS')
-    pubsub.unsubscribe()
+    if r:
+      r.delete('F2B_ACTIVE_BANS')
+      r.delete('F2B_PERM_BANS')
+      pubsub.unsubscribe()
 
 def watch():
   logger.logInfo('Watching Redis channel F2B_CHANNEL')
@@ -409,15 +378,60 @@ def quit(signum, frame):
 
 
 if __name__ == '__main__':
-  refreshF2boptions()
+  # init Logger
+  logger = Logger(None)
+
+  # init backend
+  backend = sys.argv[1]
+  if backend == "nftables":
+    logger.logInfo('Using NFTables backend')
+    tables = NFTables(chain_name, logger)
+  else:
+    logger.logInfo('Using IPTables backend')
+    tables = IPTables(chain_name, logger)
+
   # In case a previous session was killed without cleanup
   clear()
+
   # Reinit MAILCOW chain
   # Is called before threads start, no locking
   logger.logInfo("Initializing mailcow netfilter chain")
   tables.initChainIPv4()
   tables.initChainIPv6()
 
+  if os.getenv("DISABLE_NETFILTER_ISOLATION_RULE").lower() in ("y", "yes"):
+    logger.logInfo(f"Skipping {chain_name} isolation")
+  else:
+    logger.logInfo(f"Setting {chain_name} isolation")
+    tables.create_mailcow_isolation_rule("br-mailcow", [3306, 6379, 8983, 12345], os.getenv("MAILCOW_REPLICA_IP"))
+
+  # connect to redis
+  while True:
+    try:
+      redis_slaveof_ip = os.getenv('REDIS_SLAVEOF_IP', '')
+      redis_slaveof_port = os.getenv('REDIS_SLAVEOF_PORT', '')
+      if "".__eq__(redis_slaveof_ip):
+        r = redis.StrictRedis(host=os.getenv('IPV4_NETWORK', '172.22.1') + '.249', decode_responses=True, port=6379, db=0)
+      else:
+        r = redis.StrictRedis(host=redis_slaveof_ip, decode_responses=True, port=redis_slaveof_port, db=0)
+      r.ping()
+    except Exception as ex:
+      print('%s - trying again in 3 seconds'  % (ex))
+      time.sleep(3)
+    else:
+      break
+  pubsub = r.pubsub()
+  Logger.r = r
+
+  # rename fail2ban to netfilter
+  if r.exists('F2B_LOG'):
+    r.rename('F2B_LOG', 'NETFILTER_LOG')
+  # clear bans in redis
+  r.delete('F2B_ACTIVE_BANS')
+  r.delete('F2B_PERM_BANS')
+  
+  refreshF2boptions()
+
   watch_thread = Thread(target=watch)
   watch_thread.daemon = True
   watch_thread.start()
diff --git a/data/Dockerfiles/netfilter/modules/IPTables.py b/data/Dockerfiles/netfilter/modules/IPTables.py
index c60ecc613..29a9fb65a 100644
--- a/data/Dockerfiles/netfilter/modules/IPTables.py
+++ b/data/Dockerfiles/netfilter/modules/IPTables.py
@@ -1,5 +1,6 @@
 import iptc
 import time
+import os
 
 class IPTables:
   def __init__(self, chain_name, logger):
@@ -211,3 +212,41 @@ class IPTables:
     target = rule.create_target("SNAT")
     target.to_source = snat_target
     return rule
+
+  def create_mailcow_isolation_rule(self, _interface:str, _dports:list, _allow:str = ""):
+    try:
+      chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), self.chain_name)
+
+      # insert mailcow isolation rule
+      rule = iptc.Rule()
+      rule.in_interface = f'! {_interface}'
+      rule.out_interface = _interface
+      rule.protocol = 'tcp'
+      rule.create_target("DROP")
+      match = rule.create_match("multiport")
+      match.dports = ','.join(map(str, _dports))
+
+      if rule in chain.rules:
+        chain.delete_rule(rule)
+      chain.insert_rule(rule, position=0)
+
+      # insert mailcow isolation exception rule
+      if _allow != "":
+        rule = iptc.Rule()
+        rule.src = _allow
+        rule.in_interface = f'! {_interface}'
+        rule.out_interface = _interface
+        rule.protocol = 'tcp'
+        rule.create_target("ACCEPT")
+        match = rule.create_match("multiport")
+        match.dports = ','.join(map(str, _dports))
+
+        if rule in chain.rules:
+          chain.delete_rule(rule)
+        chain.insert_rule(rule, position=0)
+
+
+      return True
+    except Exception as e:
+      self.logger.logCrit(f"Error adding {self.chain_name} isolation: {e}")
+      return False
\ No newline at end of file
diff --git a/data/Dockerfiles/netfilter/modules/Logger.py b/data/Dockerfiles/netfilter/modules/Logger.py
index d60d52fad..2a40de0ce 100644
--- a/data/Dockerfiles/netfilter/modules/Logger.py
+++ b/data/Dockerfiles/netfilter/modules/Logger.py
@@ -10,7 +10,8 @@ class Logger:
     tolog['time'] = int(round(time.time()))
     tolog['priority'] = priority
     tolog['message'] = message
-    self.r.lpush('NETFILTER_LOG', json.dumps(tolog, ensure_ascii=False))
+    if self.r:
+      self.r.lpush('NETFILTER_LOG', json.dumps(tolog, ensure_ascii=False))
     print(message)
 
   def logWarn(self, message):
diff --git a/data/Dockerfiles/netfilter/modules/NFTables.py b/data/Dockerfiles/netfilter/modules/NFTables.py
index d341dc36b..e8e02c476 100644
--- a/data/Dockerfiles/netfilter/modules/NFTables.py
+++ b/data/Dockerfiles/netfilter/modules/NFTables.py
@@ -1,5 +1,6 @@
 import nftables
 import ipaddress
+import os
 
 class NFTables:
   def __init__(self, chain_name, logger):
@@ -266,6 +267,17 @@ class NFTables:
 
     return self.nft_exec_dict(delete_command)
 
+  def delete_filter_rule(self, _family:str, _chain: str, _handle:str):
+    delete_command = self.get_base_dict()
+    _rule_opts = {'family': _family,
+                  'table': 'filter',
+                  'chain': _chain,
+                  'handle': _handle  }
+    _delete = {'delete': {'rule': _rule_opts} }
+    delete_command["nftables"].append(_delete)
+
+    return self.nft_exec_dict(delete_command)
+
   def snat_rule(self, _family: str, snat_target: str, source_address: str):
     chain_name = self.nft_chain_names[_family]['nat']['postrouting']
 
@@ -381,7 +393,7 @@ class NFTables:
           break
     return chain_handle
 
-  def get_rules_handle(self, _family: str, _table: str, chain_name: str):
+  def get_rules_handle(self, _family: str, _table: str, chain_name: str, _comment_filter = "mailcow"):
     rule_handle = []
     # Command: 'nft list chain {family} {table} {chain_name}'
     _chain_opts = {'family': _family, 'table': _table, 'name': chain_name}
@@ -397,7 +409,7 @@ class NFTables:
 
         rule = _object["rule"]
         if rule["family"] == _family and rule["table"] == _table and rule["chain"] == chain_name:
-          if rule.get("comment") and rule["comment"] == "mailcow":
+          if rule.get("comment") and rule["comment"] == _comment_filter:
             rule_handle.append(rule["handle"])
     return rule_handle
 
@@ -493,3 +505,152 @@ class NFTables:
         position+=1
 
     return position if rule_found else False
+
+  def create_mailcow_isolation_rule(self, _interface:str, _dports:list, _allow:str = ""):
+    family = "ip"
+    table = "filter"
+    comment_filter_drop = "mailcow isolation"
+    comment_filter_allow = "mailcow isolation allow"
+    json_command = self.get_base_dict()
+
+    # Delete old mailcow isolation rules
+    handles = self.get_rules_handle(family, table, self.chain_name, comment_filter_drop)
+    for handle in handles:
+      self.delete_filter_rule(family, self.chain_name, handle)
+    handles = self.get_rules_handle(family, table, self.chain_name, comment_filter_allow)
+    for handle in handles:
+      self.delete_filter_rule(family, self.chain_name, handle)
+
+    # insert mailcow isolation rule
+    _match_dict_drop = [
+      {
+        "match": {
+          "op": "!=",
+          "left": {
+            "meta": {
+              "key": "iifname"
+            }
+          },
+          "right": _interface
+        }
+      },
+      {
+        "match": {
+          "op": "==",
+          "left": {
+            "meta": {
+              "key": "oifname"
+            }
+          },
+          "right": _interface
+        }
+      },
+      {
+        "match": {
+          "op": "==",
+          "left": {
+            "payload": {
+              "protocol": "tcp",
+              "field": "dport"
+            }
+          },
+          "right": {
+            "set": _dports
+          }
+        }
+      },
+      {
+        "counter": {
+          "packets": 0,
+          "bytes": 0
+        }
+      },
+      {
+        "drop": None
+      }
+    ]
+    rule_drop = { "insert": { "rule": {
+      "family": family,
+      "table": table,
+      "chain": self.chain_name,
+      "comment": comment_filter_drop,
+      "expr": _match_dict_drop
+    }}}
+    json_command["nftables"].append(rule_drop)
+
+    # insert mailcow isolation allow rule
+    if _allow != "":
+      _match_dict_allow = [
+        {
+          "match": {
+            "op": "==",
+            "left": {
+              "payload": {
+                "protocol": "ip",
+                "field": "saddr"
+              }
+            },
+            "right": _allow
+          }
+        },
+        {
+          "match": {
+            "op": "!=",
+            "left": {
+              "meta": {
+                "key": "iifname"
+              }
+            },
+            "right": _interface
+          }
+        },
+        {
+          "match": {
+            "op": "==",
+            "left": {
+              "meta": {
+                "key": "oifname"
+              }
+            },
+            "right": _interface
+          }
+        },
+        {
+          "match": {
+            "op": "==",
+            "left": {
+              "payload": {
+                "protocol": "tcp",
+                "field": "dport"
+              }
+            },
+            "right": {
+              "set": _dports
+            }
+          }
+        },
+        {
+          "counter": {
+            "packets": 0,
+            "bytes": 0
+          }
+        },
+        {
+          "accept": None
+        }
+      ]
+      rule_allow = { "insert": { "rule": {
+        "family": family,
+        "table": table,
+        "chain": self.chain_name,
+        "comment": comment_filter_allow,
+        "expr": _match_dict_allow
+      }}}
+      json_command["nftables"].append(rule_allow)
+
+    success = self.nft_exec_dict(json_command)
+    if success == False:
+      self.logger.logCrit(f"Error adding {self.chain_name} isolation")
+      return False
+
+    return True
\ No newline at end of file
diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf
index 159e39f41..729686fb1 100644
--- a/data/conf/dovecot/dovecot.conf
+++ b/data/conf/dovecot/dovecot.conf
@@ -247,6 +247,9 @@ plugin {
   mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
   mail_log_fields = uid box msgid size
   mail_log_cached_only = yes
+
+  # Try set mail_replica
+  !include_try /etc/dovecot/mail_replica.conf
 }
 service quota-warning {
   executable = script /usr/local/bin/quota_notify.py
diff --git a/docker-compose.yml b/docker-compose.yml
index c1883f907..fa92546ad 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -21,6 +21,7 @@ services:
       image: mariadb:10.5
       depends_on:
         - unbound-mailcow
+        - netfilter-mailcow
       stop_grace_period: 45s
       volumes:
         - mysql-vol-1:/var/lib/mysql/
@@ -46,6 +47,8 @@ services:
       volumes:
         - redis-vol-1:/data/
       restart: always
+      depends_on:
+        - netfilter-mailcow
       ports:
         - "${REDIS_PORT:-127.0.0.1:7654}:6379"
       environment:
@@ -222,6 +225,7 @@ services:
       image: mailcow/dovecot:1.27
       depends_on:
         - mysql-mailcow
+        - netfilter-mailcow
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       cap_add:
@@ -242,6 +246,8 @@ services:
       environment:
         - DOVECOT_MASTER_USER=${DOVECOT_MASTER_USER:-}
         - DOVECOT_MASTER_PASS=${DOVECOT_MASTER_PASS:-}
+        - MAILCOW_REPLICA_IP=${MAILCOW_REPLICA_IP:-}
+        - DOVEADM_REPLICA_PORT=${DOVEADM_REPLICA_PORT:-}
         - LOG_LINES=${LOG_LINES:-9999}
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}
@@ -437,12 +443,6 @@ services:
     netfilter-mailcow:
       image: mailcow/netfilter:1.55
       stop_grace_period: 30s
-      depends_on:
-        - dovecot-mailcow
-        - postfix-mailcow
-        - sogo-mailcow
-        - php-fpm-mailcow
-        - redis-mailcow
       restart: always
       privileged: true
       environment:
@@ -453,6 +453,8 @@ services:
         - SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
         - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
         - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
+        - MAILCOW_REPLICA_IP=${MAILCOW_REPLICA_IP:-}
+        - DISABLE_NETFILTER_ISOLATION_RULE=${DISABLE_NETFILTER_ISOLATION_RULE:-n}
       network_mode: "host"
       volumes:
         - /lib/modules:/lib/modules:ro
@@ -553,6 +555,8 @@ services:
     solr-mailcow:
       image: mailcow/solr:1.8.2
       restart: always
+      depends_on:
+        - netfilter-mailcow
       volumes:
         - solr-vol-1:/opt/solr/server/solr/dovecot-fts/data
       ports:
diff --git a/generate_config.sh b/generate_config.sh
index e62d16892..05d9ee2f1 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -494,6 +494,9 @@ WEBAUTHN_ONLY_TRUSTED_VENDORS=n
 # Otherwise it will work normally.
 SPAMHAUS_DQS_KEY=
 
+# Prevent netfilter from setting an iptables/nftables rule to isolate the mailcow docker network - y/n
+# CAUTION: Disabling this may expose container ports to other neighbors on the same subnet, even if the ports are bound to localhost
+DISABLE_NETFILTER_ISOLATION_RULE=n
 EOF
 
 mkdir -p data/assets/ssl
diff --git a/update.sh b/update.sh
index 5df32e00e..f1e31652c 100755
--- a/update.sh
+++ b/update.sh
@@ -481,6 +481,7 @@ CONFIG_ARRAY=(
   "WEBAUTHN_ONLY_TRUSTED_VENDORS"
   "SPAMHAUS_DQS_KEY"
   "SKIP_UNBOUND_HEALTHCHECK"
+  "DISABLE_NETFILTER_ISOLATION_RULE"
 )
 
 detect_bad_asn
@@ -754,6 +755,13 @@ for option in ${CONFIG_ARRAY[@]}; do
       echo '# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n' >> mailcow.conf
       echo 'SKIP_UNBOUND_HEALTHCHECK=n' >> mailcow.conf
     fi
+  elif [[ ${option} == "DISABLE_NETFILTER_ISOLATION_RULE" ]]; then
+    if ! grep -q ${option} mailcow.conf; then
+      echo "Adding new option \"${option}\" to mailcow.conf"
+      echo '# Prevent netfilter from setting an iptables/nftables rule to isolate the mailcow docker network - y/n' >> mailcow.conf
+      echo '# CAUTION: Disabling this may expose container ports to other neighbors on the same subnet, even if the ports are bound to localhost' >> mailcow.conf
+      echo 'DISABLE_NETFILTER_ISOLATION_RULE=n' >> mailcow.conf
+    fi 
   elif ! grep -q ${option} mailcow.conf; then
     echo "Adding new option \"${option}\" to mailcow.conf"
     echo "${option}=n" >> mailcow.conf

From 2072301d89683cdbe9a398150b199630d1109d81 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 2 Feb 2024 11:08:44 +0100
Subject: [PATCH 017/755] [Netfilter] only perform cleanup at exit if SIGTERM
 was recieved

---
 data/Dockerfiles/netfilter/main.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/netfilter/main.py b/data/Dockerfiles/netfilter/main.py
index 8480c9efa..7f8dd9fbf 100644
--- a/data/Dockerfiles/netfilter/main.py
+++ b/data/Dockerfiles/netfilter/main.py
@@ -376,6 +376,11 @@ def quit(signum, frame):
   global quit_now
   quit_now = True
 
+def quit_clear(signum, frame):
+  global exit_code
+  clear()
+  sys.exit(exit_code)
+
 
 if __name__ == '__main__':
   # init Logger
@@ -474,8 +479,7 @@ if __name__ == '__main__':
   whitelistupdate_thread.daemon = True
   whitelistupdate_thread.start()
 
-  signal.signal(signal.SIGTERM, quit)
-  atexit.register(clear)
+  signal.signal(signal.SIGTERM, quit_clear)
 
   while not quit_now:
     time.sleep(0.5)

From 2e57325dde15062fbecdf5ca49e29072f70a4814 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Fri, 2 Feb 2024 11:27:46 +0100
Subject: [PATCH 018/755] docker-compose.yml: Bump dovecot + netfilter version

---
 docker-compose.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index fa92546ad..31923d46c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -222,7 +222,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:1.27
+      image: mailcow/dovecot:1.28
       depends_on:
         - mysql-mailcow
         - netfilter-mailcow
@@ -441,7 +441,7 @@ services:
             - acme
 
     netfilter-mailcow:
-      image: mailcow/netfilter:1.55
+      image: mailcow/netfilter:1.56
       stop_grace_period: 30s
       restart: always
       privileged: true

From 39589bd441291c7068f6642782be6edff0bcb371 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 2 Feb 2024 12:46:50 +0100
Subject: [PATCH 019/755] [Netfilter] only perform cleanup at exit if SIGTERM
 was recieved

---
 data/Dockerfiles/netfilter/main.py | 37 +++++++++++++++++++-----------
 1 file changed, 23 insertions(+), 14 deletions(-)

diff --git a/data/Dockerfiles/netfilter/main.py b/data/Dockerfiles/netfilter/main.py
index 7f8dd9fbf..c3b19c4e8 100644
--- a/data/Dockerfiles/netfilter/main.py
+++ b/data/Dockerfiles/netfilter/main.py
@@ -30,6 +30,8 @@ exit_code = 0
 lock = Lock()
 chain_name = "MAILCOW"
 r = None
+pubsub = None
+clear_before_quit = False
 
 
 def refreshF2boptions():
@@ -218,10 +220,12 @@ def clear():
   with lock:
     tables.clearIPv4Table()
     tables.clearIPv6Table()
-    if r:
-      r.delete('F2B_ACTIVE_BANS')
-      r.delete('F2B_PERM_BANS')
-      pubsub.unsubscribe()
+    try:
+      if r is not None:
+        r.delete('F2B_ACTIVE_BANS')
+        r.delete('F2B_PERM_BANS')
+    except Exception as ex:
+      logger.logWarn('Error clearing redis keys F2B_ACTIVE_BANS and F2B_PERM_BANS: %s' % ex)
 
 def watch():
   logger.logInfo('Watching Redis channel F2B_CHANNEL')
@@ -229,6 +233,7 @@ def watch():
 
   global quit_now
   global exit_code
+  global pubsub
 
   while not quit_now:
     try:
@@ -249,6 +254,7 @@ def watch():
               ban(addr)
     except Exception as ex:
       logger.logWarn('Error reading log line from pubsub: %s' % ex)
+      pubsub = None
       quit_now = True
       exit_code = 2
 
@@ -372,17 +378,22 @@ def blacklistUpdate():
           permBan(net=net, unban=True)
     time.sleep(60.0 - ((time.time() - start_time) % 60.0))
 
-def quit(signum, frame):
-  global quit_now
-  quit_now = True
-
-def quit_clear(signum, frame):
-  global exit_code
-  clear()
+def sigterm_quit(signum, frame):
+  global clear_before_quit
+  clear_before_quit = True
   sys.exit(exit_code)
 
+def berfore_quit():
+  if clear_before_quit:
+    clear()
+  if pubsub is not None:
+    pubsub.unsubscribe()
+
 
 if __name__ == '__main__':
+  atexit.register(berfore_quit)
+  signal.signal(signal.SIGTERM, sigterm_quit)
+
   # init Logger
   logger = Logger(None)
 
@@ -420,12 +431,12 @@ if __name__ == '__main__':
       else:
         r = redis.StrictRedis(host=redis_slaveof_ip, decode_responses=True, port=redis_slaveof_port, db=0)
       r.ping()
+      pubsub = r.pubsub()
     except Exception as ex:
       print('%s - trying again in 3 seconds'  % (ex))
       time.sleep(3)
     else:
       break
-  pubsub = r.pubsub()
   Logger.r = r
 
   # rename fail2ban to netfilter
@@ -479,8 +490,6 @@ if __name__ == '__main__':
   whitelistupdate_thread.daemon = True
   whitelistupdate_thread.start()
 
-  signal.signal(signal.SIGTERM, quit_clear)
-
   while not quit_now:
     time.sleep(0.5)
 

From c941e802d4177a7d8278f3a80359d833d9770bec Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 2 Feb 2024 12:57:21 +0100
Subject: [PATCH 020/755] [Netfilter] only perform cleanup at exit if SIGTERM
 was recieved

---
 data/Dockerfiles/netfilter/main.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/data/Dockerfiles/netfilter/main.py b/data/Dockerfiles/netfilter/main.py
index c3b19c4e8..f4acd4612 100644
--- a/data/Dockerfiles/netfilter/main.py
+++ b/data/Dockerfiles/netfilter/main.py
@@ -228,12 +228,12 @@ def clear():
       logger.logWarn('Error clearing redis keys F2B_ACTIVE_BANS and F2B_PERM_BANS: %s' % ex)
 
 def watch():
-  logger.logInfo('Watching Redis channel F2B_CHANNEL')
-  pubsub.subscribe('F2B_CHANNEL')
-
+  global pubsub
   global quit_now
   global exit_code
-  global pubsub
+
+  logger.logInfo('Watching Redis channel F2B_CHANNEL')
+  pubsub.subscribe('F2B_CHANNEL')
 
   while not quit_now:
     try:

From a3104934850cd6663c9e7347478f6f8902def03a Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 2 Feb 2024 16:52:41 +0100
Subject: [PATCH 021/755] [Dovecot] fix repl_health.sh

---
 data/Dockerfiles/dovecot/repl_health.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/dovecot/repl_health.sh b/data/Dockerfiles/dovecot/repl_health.sh
index 05d891421..93b66da49 100755
--- a/data/Dockerfiles/dovecot/repl_health.sh
+++ b/data/Dockerfiles/dovecot/repl_health.sh
@@ -11,7 +11,7 @@ fi
 
 # Is replication active?
 # grep on file is less expensive than doveconf
-if ! grep -qi mail_replica /etc/dovecot/dovecot.conf; then
+if [ -n ${MAILCOW_REPLICA_IP} ]; then
   ${REDIS_CMDLINE} SET DOVECOT_REPL_HEALTH 1 > /dev/null
   exit
 fi

From 909f07939e93af0135cc9bd6b5aeb2f9ee50d8fe Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Fri, 2 Feb 2024 17:06:31 +0100
Subject: [PATCH 022/755] dovecot: bump version for repl fix

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index d75d61cb2..26a224b53 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -222,7 +222,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:1.28
+      image: mailcow/dovecot:1.28.1
       depends_on:
         - mysql-mailcow
         - netfilter-mailcow

From 57e67ea8f79a1fe218cb0f0ea8ad95a53b9f0179 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 2 Feb 2024 17:40:44 +0100
Subject: [PATCH 023/755] [Netfilter] fix mailcow isolation rule for iptables

---
 data/Dockerfiles/netfilter/modules/IPTables.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/netfilter/modules/IPTables.py b/data/Dockerfiles/netfilter/modules/IPTables.py
index 29a9fb65a..3d3d43974 100644
--- a/data/Dockerfiles/netfilter/modules/IPTables.py
+++ b/data/Dockerfiles/netfilter/modules/IPTables.py
@@ -219,7 +219,7 @@ class IPTables:
 
       # insert mailcow isolation rule
       rule = iptc.Rule()
-      rule.in_interface = f'! {_interface}'
+      rule.in_interface = f'!{_interface}'
       rule.out_interface = _interface
       rule.protocol = 'tcp'
       rule.create_target("DROP")
@@ -234,7 +234,7 @@ class IPTables:
       if _allow != "":
         rule = iptc.Rule()
         rule.src = _allow
-        rule.in_interface = f'! {_interface}'
+        rule.in_interface = f'!{_interface}'
         rule.out_interface = _interface
         rule.protocol = 'tcp'
         rule.create_target("ACCEPT")

From 464b6f2e9328b64b0548deba7ab1c9edb096bf62 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 5 Feb 2024 09:47:19 +0100
Subject: [PATCH 024/755] [Netfilter] fix redis logs

---
 data/Dockerfiles/netfilter/main.py           | 4 ++--
 data/Dockerfiles/netfilter/modules/Logger.py | 7 +++++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/data/Dockerfiles/netfilter/main.py b/data/Dockerfiles/netfilter/main.py
index f4acd4612..62e0dda75 100644
--- a/data/Dockerfiles/netfilter/main.py
+++ b/data/Dockerfiles/netfilter/main.py
@@ -395,7 +395,7 @@ if __name__ == '__main__':
   signal.signal(signal.SIGTERM, sigterm_quit)
 
   # init Logger
-  logger = Logger(None)
+  logger = Logger()
 
   # init backend
   backend = sys.argv[1]
@@ -437,7 +437,7 @@ if __name__ == '__main__':
       time.sleep(3)
     else:
       break
-  Logger.r = r
+  logger.set_redis(r)
 
   # rename fail2ban to netfilter
   if r.exists('F2B_LOG'):
diff --git a/data/Dockerfiles/netfilter/modules/Logger.py b/data/Dockerfiles/netfilter/modules/Logger.py
index 2a40de0ce..25562965f 100644
--- a/data/Dockerfiles/netfilter/modules/Logger.py
+++ b/data/Dockerfiles/netfilter/modules/Logger.py
@@ -2,7 +2,10 @@ import time
 import json
 
 class Logger:
-  def __init__(self, redis):
+  def __init__(self):
+    self.r = None
+
+  def set_redis(self, redis):
     self.r = redis
 
   def log(self, priority, message):
@@ -10,7 +13,7 @@ class Logger:
     tolog['time'] = int(round(time.time()))
     tolog['priority'] = priority
     tolog['message'] = message
-    if self.r:
+    if self.r is not None:
       self.r.lpush('NETFILTER_LOG', json.dumps(tolog, ensure_ascii=False))
     print(message)
 

From 77e6ef218c9d5b0ceeb873b43435aee4173cc86c Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 5 Feb 2024 09:54:16 +0100
Subject: [PATCH 025/755] [Netfilter] Update to 1.57

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 26a224b53..17559bedd 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -441,7 +441,7 @@ services:
             - acme
 
     netfilter-mailcow:
-      image: mailcow/netfilter:1.56
+      image: mailcow/netfilter:1.57
       stop_grace_period: 30s
       restart: always
       privileged: true

From 38cc85fa4ca08723363c7a672a36383fccf259e2 Mon Sep 17 00:00:00 2001
From: vicente <vicente@arinmedia.es>
Date: Wed, 7 Feb 2024 15:36:04 +0100
Subject: [PATCH 026/755] set strict=False

---
 data/Dockerfiles/netfilter/modules/NFTables.py | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/data/Dockerfiles/netfilter/modules/NFTables.py b/data/Dockerfiles/netfilter/modules/NFTables.py
index e8e02c476..38b31ebff 100644
--- a/data/Dockerfiles/netfilter/modules/NFTables.py
+++ b/data/Dockerfiles/netfilter/modules/NFTables.py
@@ -309,8 +309,8 @@ class NFTables:
       rule_handle = rule["handle"]
       break
 
-    dest_net = ipaddress.ip_network(source_address)
-    target_net = ipaddress.ip_network(snat_target)
+    dest_net = ipaddress.ip_network(source_address, strict=False)
+    target_net = ipaddress.ip_network(snat_target, strict=False)
 
     if rule_found:
       saddr_ip = rule["expr"][0]["match"]["right"]["prefix"]["addr"]
@@ -321,9 +321,9 @@ class NFTables:
 
       target_ip = rule["expr"][3]["snat"]["addr"]
 
-      saddr_net = ipaddress.ip_network(saddr_ip + '/' + str(saddr_len))
-      daddr_net = ipaddress.ip_network(daddr_ip + '/' + str(daddr_len))
-      current_target_net = ipaddress.ip_network(target_ip)
+      saddr_net = ipaddress.ip_network(saddr_ip + '/' + str(saddr_len), strict=False)
+      daddr_net = ipaddress.ip_network(daddr_ip + '/' + str(daddr_len), strict=False)
+      current_target_net = ipaddress.ip_network(target_ip, strict=False)
 
       match = all((
                 dest_net == saddr_net,
@@ -417,7 +417,7 @@ class NFTables:
     json_command = self.get_base_dict()
 
     expr_opt = []
-    ipaddr_net = ipaddress.ip_network(ipaddr)
+    ipaddr_net = ipaddress.ip_network(ipaddr, strict=False)
     right_dict = {'prefix': {'addr': str(ipaddr_net.network_address), 'len': int(ipaddr_net.prefixlen) } }
 
     left_dict = {'payload': {'protocol': _family, 'field': 'saddr'} }
@@ -466,7 +466,7 @@ class NFTables:
         current_rule_net = ipaddress.ip_network(current_rule_ip)
 
         # ip to ban
-        candidate_net = ipaddress.ip_network(ipaddr)
+        candidate_net = ipaddress.ip_network(ipaddr, strict=False)
 
         if current_rule_net == candidate_net:
           rule_handle = _object["rule"]["handle"]

From eb91d9905bc1f4dbdde486e635592bea4ee02726 Mon Sep 17 00:00:00 2001
From: vicente <vicente@arinmedia.es>
Date: Wed, 7 Feb 2024 15:48:49 +0100
Subject: [PATCH 027/755] fix typpo in chain order message

---
 data/Dockerfiles/netfilter/modules/NFTables.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/Dockerfiles/netfilter/modules/NFTables.py b/data/Dockerfiles/netfilter/modules/NFTables.py
index 38b31ebff..4cb0110ae 100644
--- a/data/Dockerfiles/netfilter/modules/NFTables.py
+++ b/data/Dockerfiles/netfilter/modules/NFTables.py
@@ -41,6 +41,7 @@ class NFTables:
         exit_code = 2
 
       if chain_position > 0:
+        chain_position += 1
         self.logger.logCrit(f'MAILCOW target is in position {chain_position} in the {filter_table} {chain} table, restarting container to fix it...')
         err = True
         exit_code = 2

From 5a9702771cba4fedbc79331e92ff757f734df58e Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Wed, 7 Feb 2024 17:18:20 +0100
Subject: [PATCH 028/755] [SOGo] Fixed SOGo crash on older kernels < 5.10.0-X

---
 data/Dockerfiles/sogo/Dockerfile | 4 ++--
 docker-compose.yml               | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/data/Dockerfiles/sogo/Dockerfile b/data/Dockerfiles/sogo/Dockerfile
index a4601c405..59fc66804 100644
--- a/data/Dockerfiles/sogo/Dockerfile
+++ b/data/Dockerfiles/sogo/Dockerfile
@@ -1,8 +1,8 @@
-FROM debian:bookworm-slim
+FROM debian:bullseye-slim
 LABEL maintainer "The Infrastructure Company GmbH GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG DEBIAN_VERSION=bookworm
+ARG DEBIAN_VERSION=bullseye
 ARG SOGO_DEBIAN_REPOSITORY=http://www.axis.cz/linux/debian
 # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced extractVersion=^(?<version>.*)$
 ARG GOSU_VERSION=1.17
diff --git a/docker-compose.yml b/docker-compose.yml
index 17559bedd..b36f45b8b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -175,7 +175,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.122
+      image: mailcow/sogo:1.122.1
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}

From d08ccbce789880eb81ebebca48d440637ab36983 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Wed, 7 Feb 2024 17:28:49 +0100
Subject: [PATCH 029/755] dovecot: fix wrong timestamps inside logs

---
 data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf | 1 +
 data/Dockerfiles/dovecot/syslog-ng.conf             | 1 +
 2 files changed, 2 insertions(+)

diff --git a/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf b/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf
index f7fc20b7e..519928954 100644
--- a/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf
+++ b/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf
@@ -7,6 +7,7 @@ options {
   use_fqdn(no);
   owner("root"); group("adm"); perm(0640);
   stats(freq(0));
+  keep_timestamp(no);
   bad_hostname("^gconfd$");
 };
 source s_dgram {
diff --git a/data/Dockerfiles/dovecot/syslog-ng.conf b/data/Dockerfiles/dovecot/syslog-ng.conf
index fcc13587d..3e929e7b9 100644
--- a/data/Dockerfiles/dovecot/syslog-ng.conf
+++ b/data/Dockerfiles/dovecot/syslog-ng.conf
@@ -7,6 +7,7 @@ options {
   use_fqdn(no);
   owner("root"); group("adm"); perm(0640);
   stats(freq(0));
+  keep_timestamp(no);
   bad_hostname("^gconfd$");
 };
 source s_dgram {

From 583c5b48a00bb1f1a61cbc411bc90532fce3ca3b Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Wed, 7 Feb 2024 17:29:36 +0100
Subject: [PATCH 030/755] dovecot: bump to docker image 1.28.1

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index b36f45b8b..0dfd344b5 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -222,7 +222,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:1.28.1
+      image: mailcow/dovecot:1.28.2
       depends_on:
         - mysql-mailcow
         - netfilter-mailcow

From 63bb8e8cefb4afebd50f12a485f6af5d12c98125 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Thu, 8 Feb 2024 12:23:46 +0100
Subject: [PATCH 031/755] unbound: increase check interval to 30s

---
 data/Dockerfiles/unbound/Dockerfile | 4 ++--
 docker-compose.yml                  | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/data/Dockerfiles/unbound/Dockerfile b/data/Dockerfiles/unbound/Dockerfile
index f56cbc6e5..f6d072cc6 100644
--- a/data/Dockerfiles/unbound/Dockerfile
+++ b/data/Dockerfiles/unbound/Dockerfile
@@ -20,10 +20,10 @@ EXPOSE 53/udp 53/tcp
 
 COPY docker-entrypoint.sh /docker-entrypoint.sh
 
-# healthcheck (nslookup)
+# healthcheck (dig, ping, nc)
 COPY healthcheck.sh /healthcheck.sh
 RUN chmod +x /healthcheck.sh
-HEALTHCHECK --interval=5s --timeout=30s CMD [ "/healthcheck.sh" ]
+HEALTHCHECK --interval=30s --timeout=30s CMD [ "/healthcheck.sh" ]
 
 ENTRYPOINT ["/docker-entrypoint.sh"]
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 0dfd344b5..df545c15e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,7 +2,7 @@ version: '2.1'
 services:
 
     unbound-mailcow:
-      image: mailcow/unbound:1.20
+      image: mailcow/unbound:1.21
       environment:
         - TZ=${TZ}
         - SKIP_UNBOUND_HEALTHCHECK=${SKIP_UNBOUND_HEALTHCHECK:-n}

From c90d637a48cdac86363e4937bdd787db8bc94c37 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 16 Feb 2023 15:32:53 +0100
Subject: [PATCH 032/755] [Web] redirect to sogo after failed sogo-auth

---
 data/web/sogo-auth.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/data/web/sogo-auth.php b/data/web/sogo-auth.php
index 40fff5856..c34a60def 100644
--- a/data/web/sogo-auth.php
+++ b/data/web/sogo-auth.php
@@ -65,8 +65,7 @@ elseif (isset($_GET['login'])) {
       }
     }
   }
-  header('HTTP/1.0 403 Forbidden');
-  echo "Forbidden";
+  header("Location: /SOGo/");
   exit;
 }
 // only check for admin-login on sogo GUI requests

From cfce7086a578bc4d3883527b969d80a3067b00fb Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 16 Feb 2023 15:34:47 +0100
Subject: [PATCH 033/755] [Web] few style changes

---
 data/web/css/build/013-datatables.css |  3 ---
 data/web/css/build/014-mailcow.css    | 20 ++++++++++++++++++++
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/data/web/css/build/013-datatables.css b/data/web/css/build/013-datatables.css
index 57e2b6d94..2b19ba24e 100644
--- a/data/web/css/build/013-datatables.css
+++ b/data/web/css/build/013-datatables.css
@@ -8,9 +8,6 @@
 .dtr-details {
     width: 100%;
 }
-.table-striped>tbody>tr:nth-of-type(odd) {
-    background-color: #F2F2F2;
-}
 td.child>ul>li {
     display: flex;
 }
diff --git a/data/web/css/build/014-mailcow.css b/data/web/css/build/014-mailcow.css
index 6c70a2a55..8c1d7c2af 100644
--- a/data/web/css/build/014-mailcow.css
+++ b/data/web/css/build/014-mailcow.css
@@ -33,6 +33,13 @@
        url('/fonts/noto-sans-v12-latin_greek_cyrillic-700italic.woff2') format('woff2'),
        url('/fonts/noto-sans-v12-latin_greek_cyrillic-700italic.woff') format('woff');
 }
+
+body {
+  min-height: 100vh;
+  display: flex;
+  flex-direction: column;
+  background-color: #fbfbfb;
+}
 #maxmsgsize { min-width: 80px; }
 #slider1 .slider-selection {
 	background: #FFD700;
@@ -78,6 +85,19 @@
 .navbar-fixed-top .navbar-collapse {
   max-height: 1000px
 }
+.nav-tabs .nav-link, .nav-tabs .nav-link.disabled, .nav-tabs .nav-link.disabled:hover, .nav-tabs .nav-link.disabled:focus {
+  border-color: #dfdfdf;
+}
+.nav-tabs .nav-link.active, .nav-tabs .nav-item.show .nav-link {
+  border-color: #dfdfdf;
+  border-bottom: 1px solid #ffffff;
+}
+.nav-tabs .nav-link:hover, .nav-tabs .nav-link:focus {
+  border-color: #dfdfdf;
+}
+.nav-tabs {
+  border-bottom: 1px solid #dfdfdf;
+}
 .bi {
   display: inline-block;
   font-size: 12pt;

From 415c1d057499a4f927d4eb4edbca467785fee6a7 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 16 Feb 2023 15:39:12 +0100
Subject: [PATCH 034/755] [Web] add seperate link for logged in users

---
 data/web/inc/functions.customize.inc.php      | 25 +++++++++--
 data/web/inc/header.inc.php                   |  9 ++++
 data/web/js/site/admin.js                     |  1 +
 .../templates/admin/tab-config-customize.twig |  5 ++-
 data/web/templates/base.twig                  | 41 +++++++++++--------
 data/web/templates/index.twig                 |  4 +-
 6 files changed, 64 insertions(+), 21 deletions(-)

diff --git a/data/web/inc/functions.customize.inc.php b/data/web/inc/functions.customize.inc.php
index b72923573..c4df924d9 100644
--- a/data/web/inc/functions.customize.inc.php
+++ b/data/web/inc/functions.customize.inc.php
@@ -122,10 +122,14 @@ function customize($_action, $_item, $_data = null) {
         case 'app_links':
           $apps = (array)$_data['app'];
           $links = (array)$_data['href'];
+          $user_links = (array)$_data['user_href'];
           $out = array();
-          if (count($apps) == count($links)) {
+          if (count($apps) == count($links) && count($apps) == count($user_links)) {
             for ($i = 0; $i < count($apps); $i++) {
-              $out[] = array($apps[$i] => $links[$i]);
+              $out[] = array($apps[$i] => array(
+                'link' => $links[$i],
+                'user_link' => $user_links[$i]
+              ));
             }
             try {
               $redis->set('APP_LINKS', json_encode($out));
@@ -256,7 +260,22 @@ function customize($_action, $_item, $_data = null) {
             );
             return false;
           }
-          return ($app_links) ? $app_links : false;
+
+          if (empty($app_links)){
+            return false;
+          }
+
+          foreach($app_links as $key => $value){
+            foreach($value as $app => $details){
+              if (empty($details['user_link']) || empty($_SESSION['mailcow_cc_username'])){
+                $app_links[$key][$app]['user_link'] = $app_links[$key][$app]['link'];
+              } else {
+                $app_links[$key][$app]['user_link'] = str_replace('%u', $_SESSION['mailcow_cc_username'], $app_links[$key][$app]['user_link']);
+              }
+            }
+          }
+
+          return $app_links;
         break;
         case 'main_logo':
         case 'main_logo_dark':
diff --git a/data/web/inc/header.inc.php b/data/web/inc/header.inc.php
index 9afc288dd..c0e166403 100644
--- a/data/web/inc/header.inc.php
+++ b/data/web/inc/header.inc.php
@@ -30,6 +30,14 @@ if(!file_exists($CSSPath)) {
   cleanupCSS($hash);
 }
 
+$mailcow_apps_processed = $MAILCOW_APPS;
+for ($i = 0; $i < count($mailcow_apps_processed); $i++) {
+  if (!empty($_SESSION['mailcow_cc_username'])){
+    $mailcow_apps_processed[$i]['user_link'] = str_replace('%u', $_SESSION['mailcow_cc_username'], $mailcow_apps_processed[$i]['user_link']);
+  }
+}
+
+
 $globalVariables = [
   'mailcow_hostname' => getenv('MAILCOW_HOSTNAME'),
   'mailcow_locale' => @$_SESSION['mailcow_locale'],
@@ -45,6 +53,7 @@ $globalVariables = [
   'lang' => $lang,
   'skip_sogo' => (getenv('SKIP_SOGO') == 'y'),
   'allow_admin_email_login' => (getenv('ALLOW_ADMIN_EMAIL_LOGIN') == 'n'),
+  'mailcow_apps_processed' => $mailcow_apps_processed,
   'mailcow_apps' => $MAILCOW_APPS,
   'app_links' => customize('get', 'app_links'),
   'is_root_uri' => (parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH) == '/'),
diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index 80da64167..095557311 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -711,6 +711,7 @@ jQuery(function($){
     if (type == "app_link") {
       cols = '<td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="app" required></td>';
       cols += '<td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="href" required></td>';
+      cols += '<td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="user_href" required></td>';
       cols += '<td><a href="#" role="button" class="btn btn-sm btn-xs-lg btn-secondary h-100 w-100" type="button">' + lang.remove_row + '</a></td>';
     } else if (type == "f2b_regex") {
       cols = '<td><input style="text-align:center" class="input-sm input-xs-lg form-control" data-id="f2b_regex" type="text" value="+" disabled></td>';
diff --git a/data/web/templates/admin/tab-config-customize.twig b/data/web/templates/admin/tab-config-customize.twig
index 7fc990a64..4b8f53231 100644
--- a/data/web/templates/admin/tab-config-customize.twig
+++ b/data/web/templates/admin/tab-config-customize.twig
@@ -58,13 +58,15 @@
           <tr>
             <th>{{ lang.admin.app_name }}</th>
             <th>{{ lang.admin.link }}</th>
+            <th>{{ lang.admin.user_link }}</th>
             <th style="width:100px;">&nbsp;</th>
           </tr>
           {% for row in app_links %}
             {% for key, val in row %}
               <tr>
                 <td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="app" required value="{{ key }}"></td>
-                <td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="href" required value="{{ val }}"></td>
+                <td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="href" required value="{{ val.link }}"></td>
+                <td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="user_href" required value="{{ val.user_link }}"></td>
                 <td><a href="#" role="button" class="btn btn-sm btn-xs-lg btn-secondary h-100 w-100" type="button">{{ lang.admin.remove_row }}</a></td>
               </tr>
             {% endfor %}
@@ -73,6 +75,7 @@
             <tr>
               <td><input class="input-sm input-xs-lg form-control" value="{{ app.name }}" disabled></td>
               <td><input class="input-sm input-xs-lg form-control" value="{{ app.link }}" disabled></td>
+              <td><input class="input-sm input-xs-lg form-control" value="{{ app.user_link }}" disabled></td>
               <td><a href="#" role="button" class="btn btn-sm btn-xs-lg btn-secondary h-100 w-100 disabled" type="button">{{ lang.admin.remove_row }}</a></td>
             </tr>
           {% endfor %}
diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig
index ca744d2a3..1c027138c 100644
--- a/data/web/templates/base.twig
+++ b/data/web/templates/base.twig
@@ -29,7 +29,7 @@
 <body>
 <div class="overlay"></div>
 {% block navbar %}
-<nav class="navbar navbar-expand-lg navbar-light bg-light navbar-fixed-top p-0">
+<nav class="navbar navbar-expand-lg navbar-light bg-light sticky-top p-0">
   <div class="container-fluid">
     <a class="navbar-brand" href="/">
       <img class="main-logo" alt="mailcow-logo" src="{{ logo|default('/img/cow_mailcow.svg') }}">
@@ -60,49 +60,58 @@
           </ul>
         </li>
         {% endif %}
+
         {% if mailcow_cc_role %}
+        {% if mailcow_cc_role == 'admin' %}
         <li class="nav-item dropdown">
           <a href="#" class="nav-link dropdown-toggle" data-bs-toggle="dropdown" role="button" aria-expanded="false">{{ lang.header.mailcow_system }}</a>
           <ul class="dropdown-menu">
-            {% if mailcow_cc_role == 'admin' %}
             <li><a href="/debug" class="dropdown-item {% if is_uri('debug') %}active{% endif %}">{{ lang.header.debug }}</a></li>
             <li><a href="/admin" class="dropdown-item {% if is_uri('admin') %}active{% endif %}">{{ lang.header.mailcow_config }}</a></li>
-            {% endif %}
-            {% if mailcow_cc_role != 'admin' %}
-            <li><a href="/user" class="dropdown-item {% if is_uri('user') %}active{% endif %}">{{ lang.header.user_settings }}</a></li>
-            {% endif %}
           </ul>
         </li>
+        {% endif %}
+        {% if mailcow_cc_role != 'admin' %}
+        <li class="nav-item dropdown">
+          <a href="/user" class="nav-link" role="button" aria-expanded="false">{{ lang.header.user_settings }}</a>
+        </li>
+        {% endif %}
+
+        {% if mailcow_cc_role == 'admin' or mailcow_cc_role == 'domainadmin' %}
         <li class="nav-item dropdown">
           <a href="#" class="nav-link dropdown-toggle" data-bs-toggle="dropdown" role="button" aria-expanded="false">{{ lang.header.email }}</a>
           <ul class="dropdown-menu">
-            {% if mailcow_cc_role == 'admin' or mailcow_cc_role == 'domainadmin' %}
             <li><a href="/mailbox" class="dropdown-item {% if is_uri('mailbox') %}active{% endif %}">{{ lang.header.mailcow_config }}</a></li>
-            {% endif %}
             <li><a href="/quarantine" class="dropdown-item {% if is_uri('quarantine') %}active{% endif %}">{{ lang.header.quarantine }}</a></li>
             {% if mailcow_cc_role == 'admin' %}
             <li><a href="/queue" class="dropdown-item {% if is_uri('queue') %}active{% endif %}">{{ lang.queue.queue_manager }}</a></li>
-            {% endif %}
-            {% if mailcow_cc_role == 'admin' %}
             <li><a href="#" class="dropdown-item" data-bs-toggle="modal" data-container="sogo-mailcow" data-bs-target="#RestartContainer">{{ lang.header.restart_sogo }}</a></li>
             {% endif %}
           </ul>
         </li>
         {% endif %}
-        {% if mailcow_apps or app_links %}
+
+        {% if mailcow_cc_role == 'user' %}
+        <li class="nav-item dropdown">
+          <a href="/quarantine" class="nav-link">{{ lang.header.quarantine }}</a>
+        </li>
+        {% endif %}
+        {% endif %}
+
+        {% if mailcow_apps_processed or app_links %}
         <li class="nav-item dropdown">
           <a href="#" class="nav-link dropdown-toggle" data-bs-toggle="dropdown" role="button" aria-expanded="false"><i class="bi bi-link-45deg me-2"></i> {{ ui_texts.apps_name|raw }}</a>
           <ul class="dropdown-menu">
-            {% for app in mailcow_apps %}
-              {% if not skip_sogo or not is_uri('SOGo', app.link) %}
+            {% for app in mailcow_apps_processed %}
+              {% if not skip_sogo or not is_uri('SOGo', app.user_link) %}
               <li {% if app.description %}title="{{ app.description }}"{% endif %}>
-                <a href="{{ app.link }}" class="dropdown-item">{{ app.name }}</a>
+                <a href="{{ app.user_link }}" class="dropdown-item">{{ app.name }}</a>
               </li>
               {% endif %}
             {% endfor %}
             {% for row in app_links %}
               {% for key, val in row %}
-              <li><a href="{{ val }}" class="dropdown-item">{{ key }}</a></li>
+              <li><a href="{{ val.user_link }}" class="dropdown-item">{{ key }}</a></li>
               {% endfor %}
             {% endfor %}
           </ul>
@@ -132,7 +141,7 @@
 </div>
 {% endif %}
 
-<div class="container my-4">
+<div class="container flex-grow-1 my-4">
 {% block content %}{% endblock %}
 </div>
 
diff --git a/data/web/templates/index.twig b/data/web/templates/index.twig
index aa282547c..bd4f87818 100644
--- a/data/web/templates/index.twig
+++ b/data/web/templates/index.twig
@@ -77,7 +77,9 @@
           {% endfor %}
           {% for row in app_links %}
             {% for key, val in row %}
-              <a href="{{ val }}" role="button" class="btn btn-primary">{{ key }}</a>
+              <div class="m-2">
+                <a href="{{ val.link }}" role="button" class="btn btn-primary btn-block">{{ key }}</a>
+              </div>
             {% endfor %}
           {% endfor %}
         </div>

From 6e35574c721971216aa10da1ba6ace663ad4ca13 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 10 Mar 2023 15:53:09 +0100
Subject: [PATCH 035/755] [Web] add app hide option

---
 data/web/inc/functions.customize.inc.php      |  6 +++--
 data/web/inc/header.inc.php                   | 24 +++++++++++++++++--
 data/web/inc/vars.inc.php                     |  4 +++-
 data/web/js/site/admin.js                     | 14 +++++++++++
 .../templates/admin/tab-config-customize.twig | 12 ++++++++++
 data/web/templates/index.twig                 | 12 +++++++---
 6 files changed, 64 insertions(+), 8 deletions(-)

diff --git a/data/web/inc/functions.customize.inc.php b/data/web/inc/functions.customize.inc.php
index c4df924d9..5aef7d720 100644
--- a/data/web/inc/functions.customize.inc.php
+++ b/data/web/inc/functions.customize.inc.php
@@ -123,12 +123,14 @@ function customize($_action, $_item, $_data = null) {
           $apps = (array)$_data['app'];
           $links = (array)$_data['href'];
           $user_links = (array)$_data['user_href'];
+          $hide = (array)$_data['hide'];
           $out = array();
-          if (count($apps) == count($links) && count($apps) == count($user_links)) {
+          if (count($apps) == count($links) && count($apps) == count($user_links) && count($apps) == count($hide)) {
             for ($i = 0; $i < count($apps); $i++) {
               $out[] = array($apps[$i] => array(
                 'link' => $links[$i],
-                'user_link' => $user_links[$i]
+                'user_link' => $user_links[$i],
+                'hide' => ($hide[$i] === '0' || $hide[$i] === 0) ? false : true
               ));
             }
             try {
diff --git a/data/web/inc/header.inc.php b/data/web/inc/header.inc.php
index c0e166403..3f80423ec 100644
--- a/data/web/inc/header.inc.php
+++ b/data/web/inc/header.inc.php
@@ -31,11 +31,29 @@ if(!file_exists($CSSPath)) {
 }
 
 $mailcow_apps_processed = $MAILCOW_APPS;
+$app_links = customize('get', 'app_links');
+$app_links_processed = $app_links;
+$hide_mailcow_apps = true;
 for ($i = 0; $i < count($mailcow_apps_processed); $i++) {
+  if ($hide_mailcow_apps && !$mailcow_apps_processed[$i]['hide']){
+    $hide_mailcow_apps = false;
+  }
   if (!empty($_SESSION['mailcow_cc_username'])){
     $mailcow_apps_processed[$i]['user_link'] = str_replace('%u', $_SESSION['mailcow_cc_username'], $mailcow_apps_processed[$i]['user_link']);
   }
 }
+if ($app_links_processed){
+  for ($i = 0; $i < count($app_links_processed); $i++) {
+    $key = array_key_first($app_links_processed[$i]);
+    if ($hide_mailcow_apps && !$app_links_processed[$i][$key]['hide']){
+      $hide_mailcow_apps = false;
+    }
+    if (!empty($_SESSION['mailcow_cc_username'])){
+      $app_links_processed[$i][$key]['user_link'] = str_replace('%u', $_SESSION['mailcow_cc_username'], $app_links_processed[$i][$key]['user_link']);
+    }
+  }
+}
+
 
 
 $globalVariables = [
@@ -53,9 +71,11 @@ $globalVariables = [
   'lang' => $lang,
   'skip_sogo' => (getenv('SKIP_SOGO') == 'y'),
   'allow_admin_email_login' => (getenv('ALLOW_ADMIN_EMAIL_LOGIN') == 'n'),
-  'mailcow_apps_processed' => $mailcow_apps_processed,
+  'hide_mailcow_apps' => $hide_mailcow_apps,
   'mailcow_apps' => $MAILCOW_APPS,
-  'app_links' => customize('get', 'app_links'),
+  'mailcow_apps_processed' => $mailcow_apps_processed,
+  'app_links' => $app_links,
+  'app_links_processed' => $app_links_processed,
   'is_root_uri' => (parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH) == '/'),
   'uri' => $_SERVER['REQUEST_URI'],
   'last_login' => last_login('get', $_SESSION['mailcow_cc_username'], 7, 0)['ui']['time']
diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php
index afc801e44..18bc63285 100644
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@@ -122,7 +122,9 @@ $SHOW_DKIM_PRIV_KEYS = false;
 $MAILCOW_APPS = array(
   array(
     'name' => 'Webmail',
-    'link' => '/SOGo/',
+    'link' => '/SOGo/so/',
+    'user_link' => '/sogo-auth.php?login=%u',
+    'hide' => true
   )
 );
 
diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index 095557311..dd6dcce4b 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -706,20 +706,34 @@ jQuery(function($){
     }
   })
   // App links
+  // setup eventlistener
+  setAppHideEvent();
+  function setAppHideEvent(){ 
+    $('.app_hide').off('change');
+    $('.app_hide').on('change', function (e) {
+      var value = $(this).is(':checked') ? '1' : '0';
+      console.log(value)
+      $(this).parent().children(':first-child').val(value);
+    })
+  }
   function add_table_row(table_id, type) {
     var row = $('<tr />');
     if (type == "app_link") {
       cols = '<td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="app" required></td>';
       cols += '<td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="href" required></td>';
       cols += '<td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="user_href" required></td>';
+      cols += '<td><div class="d-flex align-items-center justify-content-center" style="height: 33.5px"><input data-id="app_links" type="hidden" name="hide" value="0"><input class="form-check-input app_hide" type="checkbox" value="1"></div></td>';
       cols += '<td><a href="#" role="button" class="btn btn-sm btn-xs-lg btn-secondary h-100 w-100" type="button">' + lang.remove_row + '</a></td>';
     } else if (type == "f2b_regex") {
       cols = '<td><input style="text-align:center" class="input-sm input-xs-lg form-control" data-id="f2b_regex" type="text" value="+" disabled></td>';
       cols += '<td><input class="input-sm input-xs-lg form-control regex-input" data-id="f2b_regex" type="text" name="regex" required></td>';
       cols += '<td><a href="#" role="button" class="btn btn-sm btn-xs-lg btn-secondary h-100 w-100" type="button">' + lang.remove_row + '</a></td>';
     }
+
     row.append(cols);
     table_id.append(row);
+    if (type == "app_link")
+      setAppHideEvent();
   }
   $('#app_link_table').on('click', 'tr a', function (e) {
     e.preventDefault();
diff --git a/data/web/templates/admin/tab-config-customize.twig b/data/web/templates/admin/tab-config-customize.twig
index 4b8f53231..93da2bfdb 100644
--- a/data/web/templates/admin/tab-config-customize.twig
+++ b/data/web/templates/admin/tab-config-customize.twig
@@ -59,6 +59,7 @@
             <th>{{ lang.admin.app_name }}</th>
             <th>{{ lang.admin.link }}</th>
             <th>{{ lang.admin.user_link }}</th>
+            <th>{{ lang.admin.app_hide }}</th>
             <th style="width:100px;">&nbsp;</th>
           </tr>
           {% for row in app_links %}
@@ -67,6 +68,12 @@
                 <td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="app" required value="{{ key }}"></td>
                 <td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="href" required value="{{ val.link }}"></td>
                 <td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="user_href" required value="{{ val.user_link }}"></td>
+                <td>
+                  <div class="d-flex align-items-center justify-content-center" style="height: 33.5px">
+                    <input data-id="app_links" type="hidden" name="hide" {% if val.hide %}value="1"{% else %}value="0"{% endif %}>
+                    <input class="form-check-input app_hide" type="checkbox" value="1" {% if val.hide %}checked{% endif %}>
+                  </div>
+                </td>
                 <td><a href="#" role="button" class="btn btn-sm btn-xs-lg btn-secondary h-100 w-100" type="button">{{ lang.admin.remove_row }}</a></td>
               </tr>
             {% endfor %}
@@ -76,6 +83,11 @@
               <td><input class="input-sm input-xs-lg form-control" value="{{ app.name }}" disabled></td>
               <td><input class="input-sm input-xs-lg form-control" value="{{ app.link }}" disabled></td>
               <td><input class="input-sm input-xs-lg form-control" value="{{ app.user_link }}" disabled></td>
+              <td>
+                <div class="d-flex align-items-center justify-content-center" style="height: 33.5px">
+                  <input class="form-check-input" data-id="app_links" type="checkbox" name="hide" value="1" disabled {% if app.hide %}checked{% endif %}>
+                </div>
+              </td>
               <td><a href="#" role="button" class="btn btn-sm btn-xs-lg btn-secondary h-100 w-100 disabled" type="button">{{ lang.admin.remove_row }}</a></td>
             </tr>
           {% endfor %}
diff --git a/data/web/templates/index.twig b/data/web/templates/index.twig
index bd4f87818..420bd5318 100644
--- a/data/web/templates/index.twig
+++ b/data/web/templates/index.twig
@@ -67,19 +67,25 @@
         <p><div class="my-4 alert alert-info">{{ lang.login.delayed|format(login_delay) }}</b></div></p>
         {% endif %}
         <div class="my-4" id="fido2-alerts"></div>
-        {% if not oauth2_request and (mailcow_apps or app_links) %}
+        {% if not oauth2_request and (mailcow_apps or app_links) and not hide_mailcow_apps %}
         <legend><i class="bi bi-link-45deg"></i> {{ ui_texts.apps_name|raw }}</legend><hr />
         <div class="my-2 d-grid gap-2 d-sm-block apps">
           {% for app in mailcow_apps %}
-            {% if not skip_sogo or not is_uri('SOGo', app.link) %}
-              <a href="{{ app.link }}" role="button" {% if app.description %}title="{{ app.description }}"{% endif %} class="btn btn-primary">{{ app.name }}</a>
+            {% if not app.hide %}
+              {% if not skip_sogo or not is_uri('SOGo', app.link) %}
+              <div class="m-2">
+                <a href="{{ app.link }}" role="button" {% if app.description %}title="{{ app.description }}"{% endif %} class="btn btn-primary btn-block">{{ app.name }}</a>
+              </div>
             {% endif %}
+          {% endif %}
           {% endfor %}
           {% for row in app_links %}
             {% for key, val in row %}
+            {% if not val.hide %}
               <div class="m-2">
                 <a href="{{ val.link }}" role="button" class="btn btn-primary btn-block">{{ key }}</a>
               </div>
+            {% endif %}
             {% endfor %}
           {% endfor %}
         </div>

From 84ff6ff2c5b591bbbc693e22e739e51cff835cca Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 10 Mar 2023 15:53:59 +0100
Subject: [PATCH 036/755] [Web] fix user login history

---
 data/web/inc/functions.inc.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 3cff09b95..ee1aab236 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -960,12 +960,16 @@ function check_login($user, $pass, $app_passwd_data = false) {
           );
           return "pending";
         } else if (!isset($authenticators['additional']) || !is_array($authenticators['additional']) || count($authenticators['additional']) == 0) {
+          unset($_SESSION['ldelay']);
           // no authenticators found, login successfull
           // Reactivate TFA if it was set to "deactivate TFA for next login"
           $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
           $stmt->execute(array(':user' => $user));
-
-          unset($_SESSION['ldelay']);
+          $_SESSION['return'][] =  array(
+            'type' => 'success',
+            'log' => array(__FUNCTION__, $user, '*'),
+            'msg' => array('logged_in_as', $user)
+          );
           return "user";
         }
       } elseif ($app_passwd_data['eas'] === true || $app_passwd_data['dav'] === true) {

From 56a9f1a4115194c63d37ee8c451c7e432a3291c5 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 10 Mar 2023 17:10:05 +0100
Subject: [PATCH 037/755] [Web] organize user landing

---
 data/web/css/build/014-mailcow.css         |   1 +
 data/web/js/site/user.js                   |  30 +-
 data/web/templates/domainadmin.twig        | 141 +++++-----
 data/web/templates/user.twig               |   1 -
 data/web/templates/user/Spamfilter.twig    |   8 +-
 data/web/templates/user/tab-user-auth.twig | 310 ++++++++++++---------
 6 files changed, 271 insertions(+), 220 deletions(-)

diff --git a/data/web/css/build/014-mailcow.css b/data/web/css/build/014-mailcow.css
index 8c1d7c2af..d1d6ac45d 100644
--- a/data/web/css/build/014-mailcow.css
+++ b/data/web/css/build/014-mailcow.css
@@ -386,6 +386,7 @@ button[aria-expanded='true'] > .caret {
     background-color: #f0f0f0;
 }
 .btn.btn-outline-secondary {
+  color: #000000 !important;
   border-color: #cfcfcf !important;  
 }
 .btn-check:checked+.btn-outline-secondary, .btn-check:active+.btn-outline-secondary, .btn-outline-secondary:active, .btn-outline-secondary.active, .btn-outline-secondary.dropdown-toggle.show {
diff --git a/data/web/js/site/user.js b/data/web/js/site/user.js
index 088321cd3..850570ef4 100644
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@@ -77,11 +77,11 @@ jQuery(function($){
   acl_data = JSON.parse(acl);
 
   $('.clear-last-logins').on('click', function () {if (confirm(lang.delete_ays)) {last_logins('reset');}})
-  $(".login-history").on('click', function(e) {e.preventDefault(); last_logins('get', $(this).data('days'));$(this).addClass('active').siblings().removeClass('active');});
+  $(".login-history").on('click', function(e) {e.preventDefault(); last_logins('get', $(this).data('days'));$(this).parent().find('li a').removeClass('active');$(this).children(':first-child').addClass('active')});
 
   function last_logins(action, days = 7) {
     if (action == 'get') {
-      $('.last-login').html('<i class="bi bi-hourglass"></i>' +  lang.waiting);
+      $('#spinner-last-login').removeClass('d-none');
       $.ajax({
         dataType: 'json',
         url: '/api/v1/get/last-login/' + encodeURIComponent(mailcow_cc_username) + '/' + days,
@@ -90,26 +90,38 @@ jQuery(function($){
           console.log('error reading last logins');
         },
         success: function (data) {
-          $('.last-login').html();
+          $('.last-ui-login').html('');
+          $('.last-sasl-login').html('');
           if (data.ui.time) {
-            $('.last-login').html('<i class="bi bi-person-fill"></i> ' + lang.last_ui_login + ': ' + unix_time_format(data.ui.time));
+            $('.last-ui-login').html('<i class="bi bi-person-fill"></i> ' + lang.last_ui_login + ': ' + unix_time_format(data.ui.time));
           } else {
-            $('.last-login').text(lang.no_last_login);
+            $('.last-ui-login').text(lang.no_last_login);
           }
           if (data.sasl) {
-            $('.last-login').append('<ul class="list-group">');
+            $('.last-sasl-login').append('<ul class="list-group">');
             $.each(data.sasl, function (i, item) {
               var datetime = new Date(item.datetime.replace(/-/g, "/"));
               var local_datetime = datetime.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-              var service = '<div class="badge fs-6 bg-secondary">' + item.service.toUpperCase() + '</div>';
+              var service = '<div class="badge bg-secondary">' + item.service.toUpperCase() + '</div>';
               var app_password = item.app_password ? ' <a href="/edit/app-passwd/' + item.app_password + '"><i class="bi bi-app-indicator"></i> ' + escapeHtml(item.app_password_name || "App") + '</a>' : '';
               var real_rip = item.real_rip.startsWith("Web") ? item.real_rip : '<a href="https://bgp.he.net/ip/' + item.real_rip + '" target="_blank">' + item.real_rip + "</a>";
               var ip_location = item.location ? ' <span class="flag-icon flag-icon-' + item.location.toLowerCase() + '"></span>' : '';
               var ip_data = real_rip + ip_location + app_password;
-              $(".last-login").append('<li class="list-group-item">' + local_datetime + " " + service + " " + lang.from + " " + ip_data + "</li>");
+
+              $(".last-sasl-login").append(`
+                <li class="list-group-item d-flex justify-content-between align-items-start">
+                  <div class="ms-2 me-auto d-flex flex-column">
+                    <div class="fw-bold">` + real_rip + `</div>
+                    <small class="fst-italic mt-2">` + service + ` ` + local_datetime + `</small>
+                  </div>
+                  <span>` + ip_location + `</span>
+                </li>
+              `);
             })
-            $('.last-login').append('</ul>');
+            $('.last-sasl-login').append('</ul>');
           }
+
+          $('#spinner-last-login').addClass('d-none');
         }
       })
     } else if (action == 'reset') {
diff --git a/data/web/templates/domainadmin.twig b/data/web/templates/domainadmin.twig
index 070bf00cd..9cfd25599 100644
--- a/data/web/templates/domainadmin.twig
+++ b/data/web/templates/domainadmin.twig
@@ -1,80 +1,83 @@
 {% extends 'base.twig' %}
 
 {% block content %}
-<h3>{{ lang.user.user_settings }}</h3>
-<div class="card">
-  <div class="card-header">{{ lang.user.user_settings }}</div>
-  <div class="card-body">
-    <div class="row">
-      <div class="offset-sm-3 col-sm-9">
-        <p><a href="#pwChangeModal" data-bs-toggle="modal">[{{ lang.user.change_password }}]</a></p>
-        <div class="last-login"></div>
-        <span class="clear-last-logins">{{ lang.user.clear_recent_successful_connections }}</span>
-      </div>
-    </div>
-    <hr>
+<div class="row">
+  <div class="col-md-12">
+    <div class="card">
+      <div class="card-header">{{ lang.user.user_settings }}</div>
+      <div class="card-body">
+        <div class="row">
+          <div class="offset-sm-3 col-sm-9">
+            <p><a href="#pwChangeModal" data-bs-toggle="modal">[{{ lang.user.change_password }}]</a></p>
+            <div class="last-ui-login"></div>
+            <span class="clear-last-logins">{{ lang.user.clear_recent_successful_connections }}</span>
+          </div>
+        </div>
+        <hr>
 
-    {# TFA #}
-    <div class="row">
-      <div class="col-sm-3 col-5 text-end">{{ lang.tfa.tfa }}</div>
-      <div class="col-sm-9 col-7">
-        <p id="tfa_pretty">{{ tfa_data.pretty }}</p>
-        {% include 'tfa_keys.twig' %}
-        <br>
-      </div>
-    </div>
-    <div class="row">
-      <div class="col-sm-3 col-5 text-end">{{ lang.tfa.set_tfa }}</div>
-      <div class="col-sm-9 col-7">
-        <select id="selectTFA" class="selectpicker" title="{{ lang.tfa.select }}">
-          <option value="yubi_otp">{{ lang.tfa.yubi_otp }}</option>
-          <option value="webauthn">{{ lang.tfa.webauthn }}</option>
-          <option value="totp">{{ lang.tfa.totp }}</option>
-          <option value="none">{{ lang.tfa.none }}</option>
-        </select>
-      </div>
-    </div>
+        {# TFA #}
+        <div class="row">
+          <div class="col-sm-3 col-5 text-end">{{ lang.tfa.tfa }}</div>
+          <div class="col-sm-9 col-7">
+            <p id="tfa_pretty">{{ tfa_data.pretty }}</p>
+            {% include 'tfa_keys.twig' %}
+            <br>
+          </div>
+        </div>
+        <div class="row">
+          <div class="col-sm-3 col-5 text-end">{{ lang.tfa.set_tfa }}</div>
+          <div class="col-sm-9 col-7">
+            <select id="selectTFA" class="selectpicker" title="{{ lang.tfa.select }}">
+              <option value="yubi_otp">{{ lang.tfa.yubi_otp }}</option>
+              <option value="webauthn">{{ lang.tfa.webauthn }}</option>
+              <option value="totp">{{ lang.tfa.totp }}</option>
+              <option value="none">{{ lang.tfa.none }}</option>
+            </select>
+          </div>
+        </div>
 
-    <hr>
-    {# FIDO2 #}
-    <div class="row">
-      <div class="col-sm-3 col-5 text-end">
-        <p><i class="bi bi-shield-fill-check"></i> {{ lang.fido2.fido2_auth }}</p>
-      </div>
-    </div>
-    <div class="row">
-      <div class="col-sm-3 col-5 text-end">{{ lang.fido2.known_ids }}:</div>
-      <div class="col-sm-9 col-7">
-        <div class="table-responsive">
-          <table class="table table-striped table-hover table-condensed w-100" id="fido2_keys">
-            <tr>
-              <th>ID</th>
-              <th style="min-width:240px;text-align: right">{{ lang.admin.action }}</th>
-            </tr>
-            {% include 'fido2.twig' %}
-        </table>
-      </div>
-      <br>
-    </div>
-  </div>
-    <div class="row">
-      <div class="offset-sm-3 col-sm-9">
-        <div class="btn-group">
-          <button class="btn btn-sm btn-primary" id="register-fido2">{{ lang.fido2.set_fido2 }}</button>
-          <button type="button" class="btn btn-sm btn-xs-lg btn-primary dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false"></button>
-          <ul class="dropdown-menu">
-            <li><a class="dropdown-item" href="#" id="register-fido2-touchid"><i class="bi bi-shield-fill-check"></i> {{ lang.fido2.set_fido2_touchid }}</a></li>
-          </ul>
+        <hr>
+        {# FIDO2 #}
+        <div class="row">
+          <div class="col-sm-3 col-5 text-end">
+            <p><i class="bi bi-shield-fill-check"></i> {{ lang.fido2.fido2_auth }}</p>
+          </div>
+        </div>
+        <div class="row">
+          <div class="col-sm-3 col-5 text-end">{{ lang.fido2.known_ids }}:</div>
+          <div class="col-sm-9 col-7">
+            <div class="table-responsive">
+              <table class="table table-striped table-hover table-condensed w-100" id="fido2_keys">
+                <tr>
+                  <th>ID</th>
+                  <th style="min-width:240px;text-align: right">{{ lang.admin.action }}</th>
+                </tr>
+                {% include 'fido2.twig' %}
+            </table>
+          </div>
+          <br>
         </div>
       </div>
-    </div>
-    <br>
-    <div class="row" id="status-fido2">
-      <div class="col-sm-3 col-5 text-end">{{ lang.fido2.register_status }}:</div>
-      <div class="col-sm-9 col-7">
-        <div id="fido2-alerts">-</div>
+        <div class="row">
+          <div class="offset-sm-3 col-sm-9">
+            <div class="btn-group">
+              <button class="btn btn-sm btn-primary" id="register-fido2">{{ lang.fido2.set_fido2 }}</button>
+              <button type="button" class="btn btn-sm btn-xs-lg btn-primary dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false"></button>
+              <ul class="dropdown-menu">
+                <li><a class="dropdown-item" href="#" id="register-fido2-touchid"><i class="bi bi-shield-fill-check"></i> {{ lang.fido2.set_fido2_touchid }}</a></li>
+              </ul>
+            </div>
+          </div>
+        </div>
+        <br>
+        <div class="row" id="status-fido2">
+          <div class="col-sm-3 col-5 text-end">{{ lang.fido2.register_status }}:</div>
+          <div class="col-sm-9 col-7">
+            <div id="fido2-alerts">-</div>
+          </div>
+          <br>
+        </div>
       </div>
-      <br>
     </div>
   </div>
 </div>
diff --git a/data/web/templates/user.twig b/data/web/templates/user.twig
index 5536abe4e..a79c5a2c5 100644
--- a/data/web/templates/user.twig
+++ b/data/web/templates/user.twig
@@ -43,7 +43,6 @@
       </div>
     </div>
   </div>
-  <div style="margin-bottom:200px;"></div>
   {% include 'user_domainadmin_common.twig' %}
 </div>
   {% endblock %}
diff --git a/data/web/templates/user/Spamfilter.twig b/data/web/templates/user/Spamfilter.twig
index 280b90032..1f69df95f 100644
--- a/data/web/templates/user/Spamfilter.twig
+++ b/data/web/templates/user/Spamfilter.twig
@@ -39,10 +39,10 @@
       </div>
       <hr>
       <div class="row">
-        <div class="col-lg-6 my-3">
+        <div class="col-lg-6 my-3 d-flex flex-column">
           <h4>{{ lang.user.spamfilter_wl }}</h4>
           <p>{{ lang.user.spamfilter_wl_desc|raw }}</p>
-          <form class="form-inline mb-4" data-id="add_wl_policy_mailbox">
+          <form class="form-inline mb-4 mt-auto" data-id="add_wl_policy_mailbox">
             <div class="input-group" data-acl="{{ acl.spam_policy }}">
               <input type="text" class="form-control" name="object_from" placeholder="*@example.org" required>
               <button class="btn btn-secondary" data-action="add_item" data-id="add_wl_policy_mailbox" data-api-url='add/mailbox-policy' data-api-attr='{"username": {{ mailcow_cc_username|json_encode|raw }},"object_list":"wl"}' href="#"><i class="bi bi-plus-lg"></i> {{ lang.user.spamfilter_table_add }}</button>
@@ -61,10 +61,10 @@
             </div>
           </div>
         </div>
-        <div class="col-lg-6 my-3">
+        <div class="col-lg-6 my-3 d-flex flex-column">
           <h4>{{ lang.user.spamfilter_bl }}</h4>
           <p>{{ lang.user.spamfilter_bl_desc|raw }}</p>
-          <form class="form-inline mb-4" data-id="add_bl_policy_mailbox">
+          <form class="form-inline mb-4 mt-auto" data-id="add_bl_policy_mailbox">
             <div class="input-group" data-acl="{{ acl.spam_policy }}">
               <input type="text" class="form-control" name="object_from" placeholder="*@example.org" required>
               <button class="btn btn-secondary" data-action="add_item" data-id="add_bl_policy_mailbox" data-api-url='add/mailbox-policy' data-api-attr='{"username": {{ mailcow_cc_username|json_encode|raw }},"object_list":"bl"}' href="#"><i class="bi bi-plus-lg"></i> {{ lang.user.spamfilter_table_add }}</button>
diff --git a/data/web/templates/user/tab-user-auth.twig b/data/web/templates/user/tab-user-auth.twig
index 4d55b7090..c39f10086 100644
--- a/data/web/templates/user/tab-user-auth.twig
+++ b/data/web/templates/user/tab-user-auth.twig
@@ -8,157 +8,193 @@
     </div>
     <div id="collapse-tab-user-auth" class="card-body collapse" data-bs-parent="#user-content">
       {% if mailboxdata.attributes.force_pw_update == '1' %}
-          <div class="alert alert-danger">{{ lang.user.force_pw_update|raw }}</div>
+        <div class="alert alert-danger">{{ lang.user.force_pw_update|raw }}</div>
       {% endif %}
-      {% if not skip_sogo %}
       <div class="row">
-        <div class="hidden-xs col-md-3 col-xs-5 text-right"></div>
-        <div class="col-md-3 col-xs-12">
-          {% if dual_login and allow_admin_email_login == 'n' or mailboxdata.attributes.force_pw_update == '1' %}
-            <button disabled class="btn btn-secondary btn-block btn-xs-lg">
-              <i class="bi bi-inbox-fill"></i> {{ lang.user.open_webmail_sso }}
-            </button>
-          {% else %}
-            <a target="_blank" href="/sogo-auth.php?login={{ mailcow_cc_username }}" role="button" class="btn btn-secondary btn-block btn-xs-lg">
-              <i class="bi bi-inbox-fill"></i> {{ lang.user.open_webmail_sso }}
-            </a>
+        <div class="col-xl-9 col-lg-7 col-md-12 col-12 d-flex flex-column mb-4">
+          {% if not skip_sogo %}
+          <div class="row mb-4">
+            <div class="col-12 col-lg-6 col-xl-4">
+              {% if dual_login and allow_admin_email_login == 'n' or mailboxdata.attributes.force_pw_update == '1' %}
+                <button disabled class="btn btn-secondary btn-block btn-xs-lg w-100">
+                  {{ lang.user.open_webmail_sso }} <i class="bi bi-arrow-right"></i>
+                </button>
+              {% else %}
+                <a target="_blank" href="/sogo-auth.php?login={{ mailcow_cc_username }}" role="button" class="btn btn-primary btn-lg btn-block btn-xs-lg w-100">
+                  {{ lang.user.open_webmail_sso }} <i class="bi bi-arrow-right"></i>
+                </a>
+              {% endif %}
+            </div>
+          </div>
           {% endif %}
-        </div>
-      </div>
-      <hr>
-      <div class="row">
-        <div class="d-none d-sm-flex col-md-3 col-5 text-end"></div>
-        <div class="col-md-9 col-12">
-          <p class="text-muted text-muted-mt-0">{{ lang.user.direct_protocol_access|raw }}</p>
-          {% if mailboxdata.attributes.imap_access == 1 %}<div class="badge fs-6 bg-success mb-2">IMAP <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger">IMAP <i class="bi bi-x-lg"></i></div>{% endif %}
-          {% if mailboxdata.attributes.smtp_access == 1 %}<div class="badge fs-6 bg-success mb-2">SMTP <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger">SMTP <i class="bi bi-x-lg"></i></div>{% endif %}
-          {% if mailboxdata.attributes.sieve_access == 1 %}<div class="badge fs-6 bg-success mb-2">Sieve <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger">Sieve <i class="bi bi-x-lg"></i></div>{% endif %}
-          {% if mailboxdata.attributes.pop3_access == 1 %}<div class="badge fs-6 bg-success mb-2">POP3 <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger">POP3 <i class="bi bi-x-lg"></i></div>{% endif %}
-          {% if mailboxdata.attributes.sogo_access == 1 %}<div class="badge fs-6 bg-success mb-2">SOGo <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger">SOGo <i class="bi bi-x-lg"></i></div>{% endif %}
-        </div>
-      </div>
-      <hr>
-      {% endif %}
-      <div class="row">
-        <div class="col-md-3 col-12 text-sm-end text-start mb-4">{{ lang.user.in_use }}:</div>
-        <div class="col-md-5 col-12">
-          <div class="progress">
+
+          <legend>{{ lang.user.overview }}</legend>
+          <hr>
+          <div class="d-flex">
+            <h5><i class="bi bi-envelope-fill"></i> {{ mailboxdata.messages }} {{ lang.user.messages }}</h5>
+            <h5 class="ms-auto">{{ mailboxdata.quota_used|formatBytes(2) }} / {% if mailboxdata.quota == 0 %}∞{% else %}{{ mailboxdata.quota|formatBytes(2) }}{% endif %}</h5>
+          </div>
+          <div class="progress mb-4" style="height: 20px";>
             <div class="progress-bar bg-{{ mailboxdata.percent_class }}" role="progressbar" aria-valuenow="{{ mailboxdata.percent_in_use }}" aria-valuemin="0" aria-valuemax="100" style="min-width:2em;width: {{ mailboxdata.percent_in_use }}%;">
               {{ mailboxdata.percent_in_use }}%
             </div>
           </div>
-          <p>{{ mailboxdata.quota_used|formatBytes(2) }} / {% if mailboxdata.quota == 0 %}∞{% else %}{{ mailboxdata.quota|formatBytes(2) }}{% endif %}<br>{{ mailboxdata.messages }} {{ lang.user.messages }}</p>
+          
+          <div class="row">
+            <div class="col-12 col-md-3 d-flex">
+              <span class="mt-2 w-100 text-md-end">{{ lang.user.protocols }}:</span>
+            </div>
+            <div class="col-12 col-md-9 d-flex">
+              <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill m-2 ms-0" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.user.direct_protocol_access|raw }}"></i>
+              <div class="d-flex flex-wrap">
+              {% if mailboxdata.attributes.imap_access == 1 %}<div class="badge fs-6 bg-success m-2">IMAP <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger">IMAP <i class="bi bi-x-lg"></i></div>{% endif %}
+              {% if mailboxdata.attributes.smtp_access == 1 %}<div class="badge fs-6 bg-success m-2">SMTP <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger">SMTP <i class="bi bi-x-lg"></i></div>{% endif %}
+              {% if mailboxdata.attributes.sieve_access == 1 %}<div class="badge fs-6 bg-success m-2">Sieve <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger">Sieve <i class="bi bi-x-lg"></i></div>{% endif %}
+              {% if mailboxdata.attributes.pop3_access == 1 %}<div class="badge fs-6 bg-success m-2">POP3 <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger">POP3 <i class="bi bi-x-lg"></i></div>{% endif %}
+              {% if not skip_sogo %}{% if mailboxdata.attributes.sogo_access == 1 %}<div class="badge fs-6 bg-success m-2">SOGo <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger">SOGo <i class="bi bi-x-lg"></i></div>{% endif %}{% endif %}       
+              </div>
+            </div>
+          </div>
+          <div class="row mt-2">
+            <div class="col-12 col-md-3 d-flex">
+              <span class="mt-2 w-100 text-md-end">{{ lang.user.apple_connection_profile }}:</span>
+            </div>
+            <div class="col-12 col-md-8">
+              <div class="d-flex">
+                <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill me-2" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.user.apple_connection_profile_mailonly }}"></i> 
+                <a href="/mobileconfig.php?only_email">{{ lang.user.email }} <small>[IMAP, SMTP]</small></a>
+              </div> 
+              {% if not skip_sogo %}
+              <div class="d-flex">
+                <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill me-2" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.user.apple_connection_profile_complete }}"></i>  
+                <a href="/mobileconfig.php">{{ lang.user.email_and_dav }} <small>[IMAP, SMTP, Cal/CardDAV]</small></a>
+              </div>
+              {% endif %}
+            </div>
+          </div>
+          <div class="row mt-2">
+            <div class="col-12 col-md-3 d-flex">
+              <span class="mt-2 w-100 text-md-end">{{ lang.user.apple_connection_profile }}<br>{{ lang.user.with_app_password }}:</span>
+            </div>
+            <div class="col-12 col-md-9">
+              <div class="d-flex">
+                <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill me-2" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.user.apple_connection_profile_mailonly }} {{ lang.user.apple_connection_profile_with_app_password }}"></i> 
+                <a href="/mobileconfig.php?only_email&amp;app_password">{{ lang.user.email }} <small>[IMAP, SMTP]</small></a>
+              </div>
+              {% if not skip_sogo %}
+              <div class="d-flex">
+                <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill me-2" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.user.apple_connection_profile_complete }} {{ lang.user.apple_connection_profile_with_app_password }}"></i> 
+                <a href="/mobileconfig.php?app_password">{{ lang.user.email_and_dav }} <small>[IMAP, SMTP, Cal/CardDAV]</small></a>
+              </div>
+              {% endif %}
+            </div>
+          </div>
+          <div class="row">
+            <div class="col-12 d-flex flex-column text-center align-items-center mt-4">
+              <a target="_blank" href="https://mailcow.github.io/mailcow-dockerized-docs/client/client/#{{ clientconfigstr }}">{{ lang.user.client_configuration }}</a>
+              <a class="mt-2" href="#userFilterModal" data-bs-toggle="modal">{{ lang.user.show_sieve_filters }}</a>
+            </div>
+          </div>
+
+          {# TFA #}
+          <legend class="mt-4">{{ lang.user.authentication }}</legend>
           <hr>
-          <p><a href="#pwChangeModal" data-bs-toggle="modal"><i class="bi bi-pencil-fill"></i> {{ lang.user.change_password }}</a></p>
-        </div>
-      </div>
-      <hr>
-      {# TFA #}
-      <div class="row">
-        <div class="col-sm-3 col-xs-5 text-right">{{ lang.tfa.tfa }}:</div>
-        <div class="col-sm-9 col-xs-7">
-          <p id="tfa_pretty">{{ tfa_data.pretty }}</p>
-          {% include 'tfa_keys.twig' %}
-          <br>
-        </div>
-      </div>
-      <div class="row">
-        <div class="col-sm-3 col-xs-5 text-right">{{ lang.tfa.set_tfa }}:</div>
-        <div class="col-sm-9 col-xs-7">
-          <select data-style="btn btn-sm dropdown-toggle bs-placeholder btn-secondary" data-width="fit" id="selectTFA" class="selectpicker" title="{{ lang.tfa.select }}">
-            <option value="yubi_otp">{{ lang.tfa.yubi_otp }}</option>
-            <option value="webauthn">{{ lang.tfa.webauthn }}</option>
-            <option value="totp">{{ lang.tfa.totp }}</option>
-            <option value="none">{{ lang.tfa.none }}</option>
-          </select>
-        </div>
-      </div>
-      <hr>
-      {# FIDO2 #}
-      <div class="row">
-        <div class="col-sm-3 col-12 text-sm-end text-start">
-          <p><i class="bi bi-shield-fill-check"></i> {{ lang.fido2.fido2_auth }}</p>
-        </div>
-      </div>
-      <div class="row">
-        <div class="col-sm-3 col-12 text-sm-end text-start mb-4">
-          {{ lang.fido2.known_ids }}:
-        </div>
-        <div class="col-sm-9 col-12">
-          <div class="table-responsive">
-            <table class="table table-striped table-hover table-condensed" id="fido2_keys">
-              <tr>
-                <th>ID</th>
-                <th style="min-width:240px;text-align: right">{{ lang.admin.action }}</th>
-              </tr>
-              {% include 'fido2.twig' %}
-            </table>
+          <div class="row">
+            <div class="col-12 col-md-3 d-flex"></div>
+            <div class="col-12 col-md-9 d-flex flex-wrap justify-content-center justify-content-sm-start">
+              <a class="btn btn-secondary" href="#pwChangeModal" data-bs-toggle="modal"><i class="bi bi-pencil-fill"></i> {{ lang.user.change_password }}</a>
+            </div>
+          </div>
+          <div class="row mt-4">
+            <div class="col-12 col-md-3 d-flex">
+              <span class="mt-2 w-100 text-md-end">{{ lang.tfa.tfa }}:</span>
+            </div>
+            <div class="col-12 col-md-9 d-flex flex-wrap justify-content-center justify-content-sm-start">
+              <span id="tfa_pretty">{{ tfa_data.pretty }}</span>
+              {% include 'tfa_keys.twig' %}
+            </div>
+          </div>
+          <div class="row mt-2 mb-4">
+            <div class="col-12 col-md-3 d-flex">
+              <span class="mt-2 w-100 text-md-end">{{ lang.tfa.set_tfa }}:</span>
+            </div>
+            <div class="col-12 col-md-9 d-flex flex-wrap align-items-center justify-content-center justify-content-sm-start">
+              <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill m-2 ms-0" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.user.tfa_info|raw }}"></i>
+              <select data-style="ms-2 btn btn-sm dropdown-toggle bs-placeholder btn-secondary" data-width="fit" id="selectTFA" class="selectpicker" title="{{ lang.tfa.select }}">
+                <option value="yubi_otp">{{ lang.tfa.yubi_otp }}</option>
+                <option value="webauthn">{{ lang.tfa.webauthn }}</option>
+                <option value="totp">{{ lang.tfa.totp }}</option>
+                <option value="none">{{ lang.tfa.none }}</option>
+              </select>
+            </div>
+          </div>
+          {# FIDO2 #}
+          <div class="row mt-4">
+            <div class="col-sm-3 col-12 text-sm-end text-start">
+              <p><i class="bi bi-shield-fill-check"></i> {{ lang.fido2.fido2_auth }}</p>
+            </div>
+          </div>
+          <div class="row">
+            <div class="col-sm-3 col-12 text-sm-end text-start mb-4">
+              {{ lang.fido2.known_ids }}:
+            </div>
+            <div class="col-sm-9 col-12">
+              <div class="table-responsive">
+                <table class="table table-striped table-hover table-condensed" id="fido2_keys">
+                  <tr>
+                    <th>ID</th>
+                    <th style="min-width:240px;text-align: right">{{ lang.admin.action }}</th>
+                  </tr>
+                  {% include 'fido2.twig' %}
+                </table>
+              </div>
+              <br>
+            </div>
+          </div>
+          <div class="row">
+            <div class="offset-sm-3 col-sm-9">
+              <div class="btn-group nowrap">
+                <button class="btn btn-sm btn-primary d-block d-sm-inline" id="register-fido2">{{ lang.fido2.set_fido2 }}</button>
+                <button type="button" class="btn btn-sm btn-xs-lg btn-primary dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false"></button>
+                <ul class="dropdown-menu">
+                  <li><a class="dropdown-item" href="#" id="register-fido2-touchid"><i class="bi bi-apple"></i> {{ lang.fido2.set_fido2_touchid }}</a></li>
+                </ul>
+              </div>
+            </div>
           </div>
           <br>
-        </div>
-      </div>
-      <div class="row">
-        <div class="offset-sm-3 col-sm-9">
-          <div class="btn-group nowrap">
-            <button class="btn btn-sm btn-primary d-block d-sm-inline" id="register-fido2">{{ lang.fido2.set_fido2 }}</button>
-            <button type="button" class="btn btn-sm btn-xs-lg btn-primary dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false"></button>
-            <ul class="dropdown-menu">
-              <li><a class="dropdown-item" href="#" id="register-fido2-touchid"><i class="bi bi-apple"></i> {{ lang.fido2.set_fido2_touchid }}</a></li>
-            </ul>
+          <div class="row" id="status-fido2">
+            <div class="col-sm-3 col-5 text-end">{{ lang.fido2.register_status }}:</div>
+            <div class="col-sm-9 col-7">
+              <div id="fido2-alerts">-</div>
+            </div>
+            <br>
           </div>
         </div>
-      </div>
-      <br>
-      <div class="row" id="status-fido2">
-        <div class="col-sm-3 col-5 text-end">{{ lang.fido2.register_status }}:</div>
-        <div class="col-sm-9 col-7">
-          <div id="fido2-alerts">-</div>
-        </div>
-        <br>
-      </div>
-      <hr>
-      <div class="row">
-        <div class="col-md-3 col-12 text-sm-end text-start mb-4"><i class="bi bi-file-earmark-text"></i> {{ lang.user.apple_connection_profile }}:</div>
-        <div class="col-md-9 col-12">
-          <p><i class="bi bi-file-earmark-post"></i> <a href="/mobileconfig.php?only_email">{{ lang.user.email }}</a> <small>IMAP, SMTP</small></p>
-          <p class="text-muted">{{ lang.user.apple_connection_profile_mailonly }}</p>
-          {% if not skip_sogo %}
-          <p><i class="bi bi-file-earmark-post"></i> <a href="/mobileconfig.php">{{ lang.user.email_and_dav }}</a> <small>IMAP, SMTP, Cal/CardDAV</small></p>
-          <p class="text-muted">{{ lang.user.apple_connection_profile_complete }}</p>
-          {% endif %}
-        </div>
-      </div>
-      <div class="row">
-        <div class="col-md-3 col-12 text-sm-end text-start mb-4"><i class="bi bi-file-earmark-text"></i> {{ lang.user.apple_connection_profile }}<br class="d-none d-lg-block" />{{ lang.user.with_app_password }}:</div>
-        <div class="col-md-9 col-12">
-          <p><i class="bi bi-file-earmark-post"></i> <a href="/mobileconfig.php?only_email&amp;app_password">{{ lang.user.email }}</a> <small>IMAP, SMTP</small></p>
-          <p class="text-muted">{{ lang.user.apple_connection_profile_mailonly }}<br /> {{ lang.user.apple_connection_profile_with_app_password }}</p>
-          {% if not skip_sogo %}
-          <p><i class="bi bi-file-earmark-post"></i> <a href="/mobileconfig.php?app_password">{{ lang.user.email_and_dav }}</a> <small>IMAP, SMTP, Cal/CardDAV</small></p>
-          <p class="text-muted">{{ lang.user.apple_connection_profile_complete }}<br /> {{ lang.user.apple_connection_profile_with_app_password }}</p>
-          {% endif %}
-        </div>
-      </div>
-      <hr>
-      <div class="row">
-        <div class="offset-sm-3 col-sm-9">
-          <p><a target="_blank" href="https://docs.mailcow.email/client/client/#{{ clientconfigstr }}">[{{ lang.user.client_configuration }}]</a></p>
-          <p><a href="#userFilterModal" data-bs-toggle="modal">[{{ lang.user.show_sieve_filters }}]</a></p>
+        <div class="ms-auto col-xl-3 col-lg-5 col-md-12 col-12 d-flex flex-column well flex-grow-1">
+          <legend class="d-flex">
+            <span>{{ lang.user.recent_successful_connections }}</span>
+            <div id="spinner-last-login" class="ms-auto my-auto spinner-border spinner-border-sm d-none" role="status">
+              <span class="visually-hidden">Loading...</span>
+            </div>
+          </legend>
           <hr>
-          <h4 class="recent-login-success">{{ lang.user.recent_successful_connections }}</h4>
-          <div class="dropdown mt-2">
-            <button class="btn btn-secondary btn-xs btn-xs-lg dropdown-toggle" type="button" id="history_sasl_days" data-bs-toggle="dropdown">{{ lang.user.login_history }}</button>
-            <ul class="dropdown-menu">
-              <li class="login-history" data-days="1"><a class="dropdown-item" href="#">1 {{ lang.user.day }}</a></li>
-              <li class="login-history" data-days="7"><a class="dropdown-item active" href="#">1 {{ lang.user.week }}</a></li>
-              <li class="login-history" data-days="14"><a class="dropdown-item" href="#">2 {{ lang.user.weeks }}</a></li>
-              <li class="login-history" data-days="31"><a class="dropdown-item" href="#">1 {{ lang.user.month }}</a></li>
-            </ul>
+          <h6 class="last-ui-login"></h6>
+          <div class="d-flex">
+            <span class="clear-last-logins mt-auto mb-2">
+              {{ lang.user.clear_recent_successful_connections }}
+            </span>
+            <div class="dropdown mt-4 mb-2 ms-auto">
+              <button class="btn btn-secondary btn-xs btn-xs-lg dropdown-toggle" type="button" id="history_sasl_days" data-bs-toggle="dropdown">{{ lang.user.login_history }}</button>
+              <ul class="dropdown-menu">
+                <li class="login-history" data-days="1"><a class="dropdown-item" href="#">1 {{ lang.user.day }}</a></li>
+                <li class="login-history" data-days="7"><a class="dropdown-item active" href="#">1 {{ lang.user.week }}</a></li>
+                <li class="login-history" data-days="14"><a class="dropdown-item" href="#">2 {{ lang.user.weeks }}</a></li>
+                <li class="login-history" data-days="31"><a class="dropdown-item" href="#">1 {{ lang.user.month }}</a></li>
+              </ul>
+            </div>
           </div>
-          <div class="last-login mt-4"></div>
-          <span class="clear-last-logins mt-2">
-            {{ lang.user.clear_recent_successful_connections }}
-          </span>
+          <ul class="list-group last-sasl-login overflow-auto" style="flex: 1 1 0; min-height: 400px;"></ul>
         </div>
       </div>
     </div>

From 50d4d596266eb32fab55aec6d085689390bbcd50 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 10 Mar 2023 17:18:00 +0100
Subject: [PATCH 038/755] [Web] update de-de + en-gb lang

---
 data/web/lang/lang.de-de.json                      | 5 +++++
 data/web/lang/lang.en-gb.json                      | 6 ++++++
 data/web/templates/admin/tab-config-customize.twig | 2 +-
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index ddadfac63..3813871ce 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -138,6 +138,7 @@
         "api_info": "Die API befindet sich noch in Entwicklung, die Dokumentation kann unter <a href=\"/api\">/api</a> abgerufen werden.",
         "api_key": "API-Key",
         "api_skip_ip_check": "IP-Check für API nicht ausführen",
+        "app_hide": "Für Login verstecken",
         "app_links": "App-Links",
         "app_name": "App-Name",
         "apps_name": "\"mailcow Apps\" Name",
@@ -1146,6 +1147,7 @@
         "apple_connection_profile_mailonly": "Dieses Verbindungsprofil beinhaltet IMAP- und SMTP-Konfigurationen für ein Apple-Gerät.",
         "apple_connection_profile_with_app_password": "Es wird ein neues App-Passwort erzeugt und in das Profil eingefügt, damit bei der Einrichtung kein Passwort eingegeben werden muss. Geben Sie das Profil nicht weiter, da es einen vollständigen Zugriff auf Ihr Postfach ermöglicht.",
         "attribute": "Attribut",
+        "authentication": "Authentifizierung",
         "change_password": "Passwort ändern",
         "change_password_hint_app_passwords": "Ihre Mailbox hat %d App-Passwörter, die nicht geändert werden. Um diese zu verwalten, gehen Sie bitte zum App-Passwörter-Tab.",
         "clear_recent_successful_connections": "Alle erfolgreichen Verbindungen bereinigen",
@@ -1199,9 +1201,11 @@
         "no_last_login": "Keine letzte UI-Anmeldung gespeichert",
         "no_record": "Kein Eintrag",
         "open_webmail_sso": "In Webmail einloggen",
+        "overview": "Übersicht",
         "password": "Passwort",
         "password_now": "Aktuelles Passwort (Änderungen bestätigen)",
         "password_repeat": "Passwort (Wiederholung)",
+        "protocols": "Protokolle",
         "pushover_evaluate_x_prio": "Hohe Priorität eskalieren [<code>X-Priority: 1</code>]",
         "pushover_info": "Push-Benachrichtungen werden angewendet auf alle nicht-Spam Nachrichten zugestellt an <b>%s</b>, einschließlich Alias-Adressen (shared, non-shared, tagged).",
         "pushover_only_x_prio": "Nur Mail mit hoher Priorität berücksichtigen [<code>X-Priority: 1</code>]",
@@ -1258,6 +1262,7 @@
         "tag_in_subfolder": "In Unterordner",
         "tag_in_subject": "In Betreff",
         "text": "Text",
+        "tfa_info": "Zwei-Faktor-Authentifizierung hilft dabei, Ihr Konto zu schützen. Wenn Sie sie aktivieren, benötigen Sie möglicherweise App-Passwörter, um sich bei Apps oder Diensten anzumelden, die die Zwei-Faktor-Authentifizierung nicht unterstützen (z.B. Mailclients).",
         "title": "Title",
         "tls_enforce_in": "TLS eingehend erzwingen",
         "tls_enforce_out": "TLS ausgehend erzwingen",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index ec97d0aef..851b98aa1 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -142,6 +142,7 @@
         "api_read_only": "Read-Only Access",
         "api_read_write": "Read-Write Access",
         "api_skip_ip_check": "Skip IP check for API",
+        "app_hide": "Hide for login",
         "app_links": "App links",
         "app_name": "App name",
         "apps_name": "\"mailcow Apps\" name",
@@ -349,6 +350,7 @@
         "unchanged_if_empty": "If unchanged leave blank",
         "upload": "Upload",
         "username": "Username",
+        "user_link": "User-Link",
         "validate_license_now": "Validate GUID against license server",
         "verify": "Verify",
         "yes": "&#10003;"
@@ -1153,6 +1155,7 @@
         "apple_connection_profile_mailonly": "This connection profile includes IMAP and SMTP configuration parameters for an Apple device.",
         "apple_connection_profile_with_app_password": "A new app password is generated and added to the profile so that no password needs to be entered when setting up your device. Please do not share the file as it grants full access to your mailbox.",
         "attribute": "Attribute",
+        "authentication": "Authentication",
         "change_password": "Change password",
         "change_password_hint_app_passwords": "Your account has %d app passwords that will not be changed. To manage these, go to the App passwords tab.",
         "clear_recent_successful_connections": "Clear seen successful connections",
@@ -1207,9 +1210,11 @@
         "no_record": "No record",
         "open_logs": "Open logs",
         "open_webmail_sso": "Login to webmail",
+        "overview": "Overview",
         "password": "Password",
         "password_now": "Current password (confirm changes)",
         "password_repeat": "Password (repeat)",
+        "protocols": "Protocols",
         "pushover_evaluate_x_prio": "Escalate high priority mail [<code>X-Priority: 1</code>]",
         "pushover_info": "Push notification settings will apply to all clean (non-spam) mail delivered to <b>%s</b> including aliases (shared, non-shared, tagged).",
         "pushover_only_x_prio": "Only consider high priority mail [<code>X-Priority: 1</code>]",
@@ -1276,6 +1281,7 @@
         "tag_in_subfolder": "In subfolder",
         "tag_in_subject": "In subject",
         "text": "Text",
+        "tfa_info": "Two-factor authentication helps protect your account. If you enable it, you may need app passwords to log in to apps or services that don't support two-factor authentication (e.g. Mailclients).",
         "title": "Title",
         "tls_enforce_in": "Enforce TLS incoming",
         "tls_enforce_out": "Enforce TLS outgoing",
diff --git a/data/web/templates/admin/tab-config-customize.twig b/data/web/templates/admin/tab-config-customize.twig
index 93da2bfdb..c2071c399 100644
--- a/data/web/templates/admin/tab-config-customize.twig
+++ b/data/web/templates/admin/tab-config-customize.twig
@@ -59,7 +59,7 @@
             <th>{{ lang.admin.app_name }}</th>
             <th>{{ lang.admin.link }}</th>
             <th>{{ lang.admin.user_link }}</th>
-            <th>{{ lang.admin.app_hide }}</th>
+            <th style="width:125px;">{{ lang.admin.app_hide }}</th>
             <th style="width:100px;">&nbsp;</th>
           </tr>
           {% for row in app_links %}

From 6adad79e5cd50ae11bfc975ebb1ee7486e37a1a7 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Sun, 12 Mar 2023 19:06:03 +0100
Subject: [PATCH 039/755] [Web] organize auth functions+api auth w/ dovecot

---
 data/Dockerfiles/dovecot/Dockerfile           |   1 +
 data/Dockerfiles/dovecot/docker-entrypoint.sh | 150 ++++------
 data/web/inc/functions.auth.inc.php           | 278 ++++++++++++++++++
 data/web/inc/functions.inc.php                | 198 -------------
 data/web/inc/functions.mailbox.inc.php        |  25 +-
 data/web/inc/init_db.inc.php                  |   1 +
 data/web/inc/prerequisites.inc.php            |   1 +
 data/web/json_api.php                         |  20 ++
 data/web/sogo-auth.php                        |   3 +-
 data/web/templates/edit/mailbox.twig          |   8 +-
 data/web/templates/modals/mailbox.twig        |   9 +
 11 files changed, 400 insertions(+), 294 deletions(-)
 create mode 100644 data/web/inc/functions.auth.inc.php

diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index 9433dd2ea..a35589689 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -26,6 +26,7 @@ RUN addgroup -g 5000 vmail \
   curl \
   jq \
   lua \
+  lua-json \
   lua-cjson \
   lua-socket \
   lua-sql-mysql \
diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index a9545f338..f146a8a01 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -129,114 +129,86 @@ iterate_query = SELECT username FROM mailbox WHERE active = '1' OR active = '2';
 EOF
 
 cat <<EOF > /etc/dovecot/lua/passwd-verify.lua
-function auth_password_verify(req, pass)
-
-  if req.domain == nil then
+function auth_password_verify(request, password)
+  if request.domain == nil then
     return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "No such user"
   end
 
-  if cur == nil then
-    script_init()
-  end
-
-  if req.user == nil then
-    req.user = ''
-  end
-
-  respbody = {}
+  json = require "json"
+  ltn12 = require "ltn12"
+  http = require "socket.http"
+  http.TIMEOUT = 5
+  mysql = require "luasql.mysql"
+  env  = mysql.mysql()
+  con = env:connect("__DBNAME__","__DBUSER__","__DBPASS__","localhost")
 
+  local req = {
+    username = request.user,
+    password = password
+  }
+  local req_json = json.encode(req)
+  local res = {} 
+  
   -- check against mailbox passwds
-  local cur,errorString = con:execute(string.format([[SELECT password FROM mailbox
-    WHERE username = '%s'
-      AND active = '1'
-      AND domain IN (SELECT domain FROM domain WHERE domain='%s' AND active='1')
-      AND IFNULL(JSON_UNQUOTE(JSON_VALUE(mailbox.attributes, '$.force_pw_update')), 0) != '1'
-      AND IFNULL(JSON_UNQUOTE(JSON_VALUE(attributes, '$.%s_access')), 1) = '1']], con:escape(req.user), con:escape(req.domain), con:escape(req.service)))
-  local row = cur:fetch ({}, "a")
-  while row do
-    if req.password_verify(req, row.password, pass) == 1 then
-      con:execute(string.format([[REPLACE INTO sasl_log (service, app_password, username, real_rip)
-        VALUES ("%s", 0, "%s", "%s")]], con:escape(req.service), con:escape(req.user), con:escape(req.real_rip)))
-      cur:close()
-      con:close()
-      return dovecot.auth.PASSDB_RESULT_OK, ""
-    end
-    row = cur:fetch (row, "a")
+  local b, c = http.request {
+    method = "POST",
+    url = "https://nginx/api/v1/process/login",
+    source = ltn12.source.string(req_json),
+    headers = {
+      ["content-type"] = "application/json",
+      ["content-length"] = tostring(#req_json)
+    },
+    sink = ltn12.sink.table(res)
+  }
+  local api_response = json.decode(table.concat(res))
+  if api_response.role == 'user' then
+    con:execute(string.format([[REPLACE INTO sasl_log (service, app_password, username, real_rip)
+      VALUES ("%s", 0, "%s", "%s")]], con:escape(request.service), con:escape(request.user), con:escape(request.real_rip)))
+    con:close()
+    return dovecot.auth.PASSDB_RESULT_OK, "password=" .. password
   end
 
+  
   -- check against app passwds for imap and smtp
   -- app passwords are only available for imap, smtp, sieve and pop3 when using sasl
-  if req.service == "smtp" or req.service == "imap" or req.service == "sieve" or req.service == "pop3" then
-    local cur,errorString = con:execute(string.format([[SELECT app_passwd.id, %s_access AS has_prot_access, app_passwd.password FROM app_passwd
-      INNER JOIN mailbox ON mailbox.username = app_passwd.mailbox
-      WHERE mailbox = '%s'
-        AND app_passwd.active = '1'
-        AND mailbox.active = '1'
-        AND app_passwd.domain IN (SELECT domain FROM domain WHERE domain='%s' AND active='1')]], con:escape(req.service), con:escape(req.user), con:escape(req.domain)))
-    local row = cur:fetch ({}, "a")
-    while row do
-      if req.password_verify(req, row.password, pass) == 1 then
-        -- if password is valid and protocol access is 1 OR real_rip matches SOGo, proceed
-        if tostring(req.real_rip) == "__IPV4_SOGO__" then
-          cur:close()
-          con:close()
-          return dovecot.auth.PASSDB_RESULT_OK, ""
-        elseif row.has_prot_access == "1" then
-          con:execute(string.format([[REPLACE INTO sasl_log (service, app_password, username, real_rip)
-            VALUES ("%s", %d, "%s", "%s")]], con:escape(req.service), row.id, con:escape(req.user), con:escape(req.real_rip)))
-          cur:close()
-          con:close()
-          return dovecot.auth.PASSDB_RESULT_OK, ""
-        end
+  if request.service == "smtp" or request.service == "imap" or request.service == "sieve" or request.service == "pop3" then
+    req.protocol = {}
+    req.protocol[request.service] = true
+    req_json = json.encode(req)
+
+    req.protocol.ignore_hasaccess = false
+    if tostring(req.real_rip) == "__IPV4_SOGO__" then
+      req.protocol.ignore_hasaccess = true
+    end
+
+    local b, c = http.request {
+      method = "POST",
+      url = "https://nginx/api/v1/process/login",
+      source = ltn12.source.string(req_json),
+      headers = {
+        ["content-type"] = "application/json",
+        ["content-length"] = tostring(#req_json)
+      },
+      sink = ltn12.sink.table(res)
+    }
+    local api_response = json.decode(table.concat(res))
+    if api_response.role == 'user' then
+      if req.protocol.ignore_hasaccess == false then
+        con:execute(string.format([[REPLACE INTO sasl_log (service, app_password, username, real_rip)
+          VALUES ("%s", %d, "%s", "%s")]], con:escape(req.service), row.id, con:escape(req.user), con:escape(req.real_rip)))
       end
-      row = cur:fetch (row, "a")
+      con:close()
+      return dovecot.auth.PASSDB_RESULT_OK, "password=" .. password
     end
   end
-
-  cur:close()
+  
   con:close()
-
   return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, "Failed to authenticate"
-
-  -- PoC
-  -- local reqbody = string.format([[{
-  --   "success":0,
-  --   "service":"%s",
-  --   "app_password":false,
-  --   "username":"%s",
-  --   "real_rip":"%s"
-  -- }]], con:escape(req.service), con:escape(req.user), con:escape(req.real_rip))
-  -- http.request {
-  --   method = "POST",
-  --   url = "http://nginx:8081/sasl_log.php",
-  --   source = ltn12.source.string(reqbody),
-  --   headers = {
-  --     ["content-type"] = "application/json",
-  --     ["content-length"] = tostring(#reqbody)
-  --   },
-  --   sink = ltn12.sink.table(respbody)
-  -- }
-
 end
 
 function auth_passdb_lookup(req)
    return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, ""
 end
-
-function script_init()
-  mysql = require "luasql.mysql"
-  http = require "socket.http"
-  http.TIMEOUT = 5
-  ltn12 = require "ltn12"
-  env  = mysql.mysql()
-  con = env:connect("__DBNAME__","__DBUSER__","__DBPASS__","localhost")
-  return 0
-end
-
-function script_deinit()
-  con:close()
-  env:close()
-end
 EOF
 
 # Replace patterns in app-passdb.lua
diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
new file mode 100644
index 000000000..3f4f2f3b7
--- /dev/null
+++ b/data/web/inc/functions.auth.inc.php
@@ -0,0 +1,278 @@
+<?php
+function check_login($user, $pass, $app_passwd_data = false) {
+  global $pdo;
+  global $redis;
+
+  if (!filter_var($user, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) {
+    $_SESSION['return'][] =  array(
+      'type' => 'danger',
+      'log' => array(__FUNCTION__, $user, '*'),
+      'msg' => 'malformed_username'
+    );
+    return false;
+  }
+
+  // Validate admin
+  $result = mailcow_admin_login($user, $pass);
+  if ($result){
+    return $result;
+  }
+
+  // Validate domain admin
+  $result = mailcow_domainadmin_login($user, $pass);
+  if ($result){
+    return $result;
+  }
+
+  // Validate mailbox user
+  // skip log & ldelay if requests comes from dovecot
+  $is_dovecot = false;
+  $request_ip =  ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR']);
+  if ($request_ip == getenv('IPV4_NETWORK').'.250'){
+    $is_dovecot = true;
+  }
+  // check authsource
+  $stmt = $pdo->prepare("SELECT authsource FROM `mailbox`
+      INNER JOIN domain on mailbox.domain = domain.domain
+      WHERE `kind` NOT REGEXP 'location|thing|group'
+        AND `mailbox`.`active`='1'
+        AND `domain`.`active`='1'
+        AND `username` = :user");
+  $stmt->execute(array(':user' => $user));
+  $row = $stmt->fetch(PDO::FETCH_ASSOC);
+  if ($row['authsource'] == 'keycloak'){
+    $result = keycloak_mbox_login($user, $pass, $is_dovecot);
+    if ($result){
+      return $result;
+    }
+  } else {
+    $result = mailcow_mbox_login($user, $pass, $app_passwd_data, $is_dovecot);
+    if ($result){
+      return $result;
+    }
+  }
+
+  // skip log and only return false
+  // netfilter uses dovecot error log for banning
+  if ($is_dovecot){
+    return false;
+  }
+  if (!isset($_SESSION['ldelay'])) {
+    $_SESSION['ldelay'] = "0";
+    $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
+    error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
+  }
+  elseif (!isset($_SESSION['mailcow_cc_username'])) {
+    $_SESSION['ldelay'] = $_SESSION['ldelay']+0.5;
+    $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
+    error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
+  }
+  $_SESSION['return'][] =  array(
+    'type' => 'danger',
+    'log' => array(__FUNCTION__, $user, '*'),
+    'msg' => 'login_failed'
+  );
+
+  sleep($_SESSION['ldelay']);
+  return false;
+}
+
+function mailcow_mbox_login($user, $pass, $app_passwd_data = false, $is_internal = false){
+  global $pdo;
+
+  $stmt = $pdo->prepare("SELECT * FROM `mailbox`
+      INNER JOIN domain on mailbox.domain = domain.domain
+      WHERE `kind` NOT REGEXP 'location|thing|group'
+        AND `mailbox`.`active`='1'
+        AND `domain`.`active`='1'
+        AND (`mailbox`.`authsource`='mailcow' OR `mailbox`.`authsource` IS NULL)
+        AND `username` = :user");
+  $stmt->execute(array(':user' => $user));
+  $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+  // check if password is app password
+  $is_app_passwd = false;
+  if ($app_passwd_data['eas']){
+    $is_app_passwd = 'eas';
+  } else if ($app_passwd_data['dav']){
+    $is_app_passwd = 'dav';
+  } else if ($app_passwd_data['smtp']){
+    $is_app_passwd = 'smtp';
+  } else if ($app_passwd_data['imap']){
+    $is_app_passwd = 'imap';
+  } else if ($app_passwd_data['sieve']){
+    $is_app_passwd = 'sieve';
+  } else if ($app_passwd_data['pop3']){
+    $is_app_passwd = 'pop3';
+  }
+  if ($is_app_passwd){
+    // fetch app password data
+    $app_passwd_query = "SELECT `app_passwd`.`password` as `password`, `app_passwd`.`id` as `app_passwd_id` FROM `app_passwd`
+      INNER JOIN `mailbox` ON `mailbox`.`username` = `app_passwd`.`mailbox`
+      INNER JOIN `domain` ON `mailbox`.`domain` = `domain`.`domain`
+      WHERE `mailbox`.`kind` NOT REGEXP 'location|thing|group'
+        AND `mailbox`.`active` = '1'
+        AND `domain`.`active` = '1'
+        AND `app_passwd`.`active` = '1'
+        AND `app_passwd`.`mailbox` = :user";
+    // check if app password has protocol access
+    // skip if $app_passwd_data['ignore_hasaccess'] is true and the call is not external
+    if (!$app_passwd_data['ignore_hasaccess'] || !$is_internal){
+      $app_passwd_query = $app_passwd_query . " AND `app_passwd`.`" . $is_app_passwd . "_access` = '1'";
+    }
+    // fetch password data
+    $stmt = $pdo->prepare($app_passwd_query);
+    $stmt->execute(array(':user' => $user));
+    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+  }
+
+  foreach ($rows as $row) { 
+    // verify password
+    if (verify_hash($row['password'], $pass) !== false) {
+      if (!$is_app_passwd){ 
+        // password is not a app password
+        // check for tfa authenticators
+        $authenticators = get_tfa($user);
+        if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$is_internal) {
+          // authenticators found, init TFA flow
+          $_SESSION['pending_mailcow_cc_username'] = $user;
+          $_SESSION['pending_mailcow_cc_role'] = "user";
+          $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
+          unset($_SESSION['ldelay']);
+          $_SESSION['return'][] =  array(
+            'type' => 'success',
+            'log' => array(__FUNCTION__, $user, '*'),
+            'msg' => array('logged_in_as', $user)
+          );
+          return "pending";
+        } else if (!isset($authenticators['additional']) || !is_array($authenticators['additional']) || count($authenticators['additional']) == 0) {
+          // no authenticators found, login successfull
+          if (!$is_internal){
+            unset($_SESSION['ldelay']);
+            // Reactivate TFA if it was set to "deactivate TFA for next login"
+            $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
+            $stmt->execute(array(':user' => $user));
+              // skip log
+              $_SESSION['return'][] =  array(
+                'type' => 'success',
+                'log' => array(__FUNCTION__, $user, '*'),
+                'msg' => array('logged_in_as', $user)
+              );
+          }
+          return "user";
+        }
+      } elseif ($is_app_passwd) {
+        // password is a app password
+        if ($is_internal){
+          // skip log
+          return "user";
+        }
+
+        $service = strtoupper($is_app_passwd);
+        $stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES (:service, :app_id, :username, :remote_addr)");
+        $stmt->execute(array(
+          ':service' => $service,
+          ':app_id' => $row['app_passwd_id'],
+          ':username' => $user,
+          ':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'])
+        ));
+
+        unset($_SESSION['ldelay']);
+        return "user";
+      }
+    }
+  }
+
+  return false;
+}
+function mailcow_domainadmin_login($user, $pass){
+  global $pdo;
+
+  $stmt = $pdo->prepare("SELECT `password` FROM `admin`
+      WHERE `superadmin` = '0'
+      AND `active`='1'
+      AND `username` = :user");
+  $stmt->execute(array(':user' => $user));
+  $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+  foreach ($rows as $row) {
+    // verify password
+    if (verify_hash($row['password'], $pass) !== false) {
+      // check for tfa authenticators
+      $authenticators = get_tfa($user);
+      if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) {
+        $_SESSION['pending_mailcow_cc_username'] = $user;
+        $_SESSION['pending_mailcow_cc_role'] = "domainadmin";
+        $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
+        unset($_SESSION['ldelay']);
+        $_SESSION['return'][] =  array(
+          'type' => 'info',
+          'log' => array(__FUNCTION__, $user, '*'),
+          'msg' => 'awaiting_tfa_confirmation'
+        );
+        return "pending";
+      }
+      else {
+        unset($_SESSION['ldelay']);
+        // Reactivate TFA if it was set to "deactivate TFA for next login"
+        $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
+        $stmt->execute(array(':user' => $user));
+        $_SESSION['return'][] =  array(
+          'type' => 'success',
+          'log' => array(__FUNCTION__, $user, '*'),
+          'msg' => array('logged_in_as', $user)
+        );
+        return "domainadmin";
+      }
+    }
+  }
+
+  return false;
+}
+function mailcow_admin_login($user, $pass){
+  global $pdo;
+
+  $user = strtolower(trim($user));
+  $stmt = $pdo->prepare("SELECT `password` FROM `admin`
+      WHERE `superadmin` = '1'
+      AND `active` = '1'
+      AND `username` = :user");
+  $stmt->execute(array(':user' => $user));
+  $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+  foreach ($rows as $row) {
+    // verify password
+    if (verify_hash($row['password'], $pass)) {
+      // check for tfa authenticators
+      $authenticators = get_tfa($user);
+      if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) {
+        // active tfa authenticators found, set pending user login
+        $_SESSION['pending_mailcow_cc_username'] = $user;
+        $_SESSION['pending_mailcow_cc_role'] = "admin";
+        $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
+        unset($_SESSION['ldelay']);
+        $_SESSION['return'][] =  array(
+          'type' => 'info',
+          'log' => array(__FUNCTION__, $user, '*'),
+          'msg' => 'awaiting_tfa_confirmation'
+        );
+        return "pending";
+      } else {
+        unset($_SESSION['ldelay']);
+        // Reactivate TFA if it was set to "deactivate TFA for next login"
+        $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
+        $stmt->execute(array(':user' => $user));
+        $_SESSION['return'][] =  array(
+          'type' => 'success',
+          'log' => array(__FUNCTION__, $user, '*'),
+          'msg' => array('logged_in_as', $user)
+        );
+        return "admin";
+      }
+    }
+  }
+
+  return false;
+}
+
+function keycloak_mbox_login($user, $pass, $is_internal = false){
+  return false;
+}
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index ee1aab236..28cdc1797 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -811,204 +811,6 @@ function verify_hash($hash, $password) {
   }
   return false;
 }
-function check_login($user, $pass, $app_passwd_data = false) {
-  global $pdo;
-  global $redis;
-  global $imap_server;
-
-  if (!filter_var($user, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) {
-    $_SESSION['return'][] =  array(
-      'type' => 'danger',
-      'log' => array(__FUNCTION__, $user, '*'),
-      'msg' => 'malformed_username'
-    );
-    return false;
-  }
-
-  // Validate admin
-  $user = strtolower(trim($user));
-  $stmt = $pdo->prepare("SELECT `password` FROM `admin`
-      WHERE `superadmin` = '1'
-      AND `active` = '1'
-      AND `username` = :user");
-  $stmt->execute(array(':user' => $user));
-  $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-  foreach ($rows as $row) {
-    // verify password
-    if (verify_hash($row['password'], $pass)) {
-      // check for tfa authenticators
-      $authenticators = get_tfa($user);
-      if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) {
-        // active tfa authenticators found, set pending user login
-        $_SESSION['pending_mailcow_cc_username'] = $user;
-        $_SESSION['pending_mailcow_cc_role'] = "admin";
-        $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
-        unset($_SESSION['ldelay']);
-        $_SESSION['return'][] =  array(
-          'type' => 'info',
-          'log' => array(__FUNCTION__, $user, '*'),
-          'msg' => 'awaiting_tfa_confirmation'
-        );
-        return "pending";
-      } else {
-        unset($_SESSION['ldelay']);
-        // Reactivate TFA if it was set to "deactivate TFA for next login"
-        $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
-        $stmt->execute(array(':user' => $user));
-        $_SESSION['return'][] =  array(
-          'type' => 'success',
-          'log' => array(__FUNCTION__, $user, '*'),
-          'msg' => array('logged_in_as', $user)
-        );
-        return "admin";
-      }
-    }
-  }
-
-  // Validate domain admin
-  $stmt = $pdo->prepare("SELECT `password` FROM `admin`
-      WHERE `superadmin` = '0'
-      AND `active`='1'
-      AND `username` = :user");
-  $stmt->execute(array(':user' => $user));
-  $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-  foreach ($rows as $row) {
-    // verify password
-    if (verify_hash($row['password'], $pass) !== false) {
-      // check for tfa authenticators
-      $authenticators = get_tfa($user);
-      if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) {
-        $_SESSION['pending_mailcow_cc_username'] = $user;
-        $_SESSION['pending_mailcow_cc_role'] = "domainadmin";
-        $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
-        unset($_SESSION['ldelay']);
-        $_SESSION['return'][] =  array(
-          'type' => 'info',
-          'log' => array(__FUNCTION__, $user, '*'),
-          'msg' => 'awaiting_tfa_confirmation'
-        );
-        return "pending";
-      }
-      else {
-        unset($_SESSION['ldelay']);
-        // Reactivate TFA if it was set to "deactivate TFA for next login"
-        $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
-        $stmt->execute(array(':user' => $user));
-        $_SESSION['return'][] =  array(
-          'type' => 'success',
-          'log' => array(__FUNCTION__, $user, '*'),
-          'msg' => array('logged_in_as', $user)
-        );
-        return "domainadmin";
-      }
-    }
-  }
-
-  // Validate mailbox user
-  $stmt = $pdo->prepare("SELECT `password` FROM `mailbox`
-      INNER JOIN domain on mailbox.domain = domain.domain
-      WHERE `kind` NOT REGEXP 'location|thing|group'
-        AND `mailbox`.`active`='1'
-        AND `domain`.`active`='1'
-        AND `username` = :user");
-  $stmt->execute(array(':user' => $user));
-  $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-  if ($app_passwd_data['eas'] === true) {
-    $stmt = $pdo->prepare("SELECT `app_passwd`.`password` as `password`, `app_passwd`.`id` as `app_passwd_id` FROM `app_passwd`
-        INNER JOIN `mailbox` ON `mailbox`.`username` = `app_passwd`.`mailbox`
-        INNER JOIN `domain` ON `mailbox`.`domain` = `domain`.`domain`
-        WHERE `mailbox`.`kind` NOT REGEXP 'location|thing|group'
-          AND `mailbox`.`active` = '1'
-          AND `domain`.`active` = '1'
-          AND `app_passwd`.`active` = '1'
-          AND `app_passwd`.`eas_access` = '1'
-          AND `app_passwd`.`mailbox` = :user");
-    $stmt->execute(array(':user' => $user));
-    $rows = array_merge($rows, $stmt->fetchAll(PDO::FETCH_ASSOC));
-  }
-  elseif ($app_passwd_data['dav'] === true) {
-    $stmt = $pdo->prepare("SELECT `app_passwd`.`password` as `password`, `app_passwd`.`id` as `app_passwd_id` FROM `app_passwd`
-        INNER JOIN `mailbox` ON `mailbox`.`username` = `app_passwd`.`mailbox`
-        INNER JOIN `domain` ON `mailbox`.`domain` = `domain`.`domain`
-        WHERE `mailbox`.`kind` NOT REGEXP 'location|thing|group'
-          AND `mailbox`.`active` = '1'
-          AND `domain`.`active` = '1'
-          AND `app_passwd`.`active` = '1'
-          AND `app_passwd`.`dav_access` = '1'
-          AND `app_passwd`.`mailbox` = :user");
-    $stmt->execute(array(':user' => $user));
-    $rows = array_merge($rows, $stmt->fetchAll(PDO::FETCH_ASSOC));
-  }
-  foreach ($rows as $row) { 
-    // verify password
-    if (verify_hash($row['password'], $pass) !== false) {
-      if (!array_key_exists("app_passwd_id", $row)){ 
-        // password is not a app password
-        // check for tfa authenticators
-        $authenticators = get_tfa($user);
-        if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 &&
-            $app_passwd_data['eas'] !== true && $app_passwd_data['dav'] !== true) {
-          // authenticators found, init TFA flow
-          $_SESSION['pending_mailcow_cc_username'] = $user;
-          $_SESSION['pending_mailcow_cc_role'] = "user";
-          $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
-          unset($_SESSION['ldelay']);
-          $_SESSION['return'][] =  array(
-            'type' => 'success',
-            'log' => array(__FUNCTION__, $user, '*'),
-            'msg' => array('logged_in_as', $user)
-          );
-          return "pending";
-        } else if (!isset($authenticators['additional']) || !is_array($authenticators['additional']) || count($authenticators['additional']) == 0) {
-          unset($_SESSION['ldelay']);
-          // no authenticators found, login successfull
-          // Reactivate TFA if it was set to "deactivate TFA for next login"
-          $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
-          $stmt->execute(array(':user' => $user));
-          $_SESSION['return'][] =  array(
-            'type' => 'success',
-            'log' => array(__FUNCTION__, $user, '*'),
-            'msg' => array('logged_in_as', $user)
-          );
-          return "user";
-        }
-      } elseif ($app_passwd_data['eas'] === true || $app_passwd_data['dav'] === true) {
-        // password is a app password
-        $service = ($app_passwd_data['eas'] === true) ? 'EAS' : 'DAV';
-        $stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES (:service, :app_id, :username, :remote_addr)");
-        $stmt->execute(array(
-          ':service' => $service,
-          ':app_id' => $row['app_passwd_id'],
-          ':username' => $user,
-          ':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'])
-        ));
-
-        unset($_SESSION['ldelay']);
-        return "user";
-      }
-    }
-  }
-
-  if (!isset($_SESSION['ldelay'])) {
-    $_SESSION['ldelay'] = "0";
-    $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
-    error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
-  }
-  elseif (!isset($_SESSION['mailcow_cc_username'])) {
-    $_SESSION['ldelay'] = $_SESSION['ldelay']+0.5;
-    $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
-    error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
-  }
-
-  $_SESSION['return'][] =  array(
-    'type' => 'danger',
-    'log' => array(__FUNCTION__, $user, '*'),
-    'msg' => 'login_failed'
-  );
-
-  sleep($_SESSION['ldelay']);
-  return false;
-}
 function formatBytes($size, $precision = 2) {
   if(!is_numeric($size)) {
     return "0";
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 0f48efbd5..a38094022 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1002,6 +1002,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           $local_part   = strtolower(trim($_data['local_part']));
           $domain       = idn_to_ascii(strtolower(trim($_data['domain'])), 0, INTL_IDNA_VARIANT_UTS46);
           $username     = $local_part . '@' . $domain;
+          $authsource   = 'mailcow';
           if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
             $_SESSION['return'][] = array(
               'type' => 'danger',
@@ -1018,6 +1019,9 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             );
             return false;
           }
+          if (in_array($_data['authsource'], array('mailcow', 'keycloak'))){
+            $authsource = $_data['authsource'];
+          }
           if (empty($name)) {
             $name = $local_part;
           }
@@ -1035,6 +1039,11 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           $name         = ltrim(rtrim($_data['name'], '>'), '<');
           $tags         = (isset($_data['tags'])) ? $_data['tags'] : $MAILBOX_DEFAULT_ATTRIBUTES['tags'];
           $quota_m      = (isset($_data['quota'])) ? intval($_data['quota']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['quota']) / 1024 ** 2;
+          if ($authsource != 'mailcow'){
+            $password = '';
+            $password2 = '';
+            $password_hashed = '';
+          }
           if ((!isset($_SESSION['acl']['unlimited_quota']) || $_SESSION['acl']['unlimited_quota'] != "1") && $quota_m === 0) {
             $_SESSION['return'][] = array(
               'type' => 'danger',
@@ -1153,10 +1162,12 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             );
             return false;
           }
-          if (password_check($password, $password2) !== true) {
-            return false;
+          if ($authsource == 'mailcow'){
+            if (password_check($password, $password2) !== true) {
+              return false;
+            }
+            $password_hashed = hash_password($password);
           }
-          $password_hashed = hash_password($password);
           if ($MailboxData['count'] >= $DomainData['mailboxes']) {
             $_SESSION['return'][] = array(
               'type' => 'danger',
@@ -1182,8 +1193,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             );
             return false;
           }
-          $stmt = $pdo->prepare("INSERT INTO `mailbox` (`username`, `password`, `name`, `quota`, `local_part`, `domain`, `attributes`, `active`)
-            VALUES (:username, :password_hashed, :name, :quota_b, :local_part, :domain, :mailbox_attrs, :active)");
+          $stmt = $pdo->prepare("INSERT INTO `mailbox` (`username`, `password`, `name`, `quota`, `local_part`, `domain`, `attributes`, `authsource`, `active`)
+            VALUES (:username, :password_hashed, :name, :quota_b, :local_part, :domain, :mailbox_attrs, :authsource, :active)");
           $stmt->execute(array(
             ':username' => $username,
             ':password_hashed' => $password_hashed,
@@ -1192,6 +1203,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             ':local_part' => $local_part,
             ':domain' => $domain,
             ':mailbox_attrs' => $mailbox_attrs,
+            ':authsource' => $authsource,
             ':active' => $active
           ));
           $stmt = $pdo->prepare("UPDATE `mailbox` SET
@@ -4422,6 +4434,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               `mailbox`.`quota`,
               `mailbox`.`created`,
               `mailbox`.`modified`,
+              `mailbox`.`authsource`,
               `quota2`.`bytes`,
               `attributes`,
               `custom_attributes`,
@@ -4443,6 +4456,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               `mailbox`.`quota`,
               `mailbox`.`created`,
               `mailbox`.`modified`,
+              `mailbox`.`authsource`,
               `quota2replica`.`bytes`,
               `attributes`,
               `custom_attributes`,
@@ -4472,6 +4486,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           $mailboxdata['percent_in_use'] = ($row['quota'] == 0) ? '- ' : round((intval($row['bytes']) / intval($row['quota'])) * 100);
           $mailboxdata['created'] = $row['created'];
           $mailboxdata['modified'] = $row['modified'];
+          $mailboxdata['authsource'] = ($row['authsource']) ? $row['authsource'] : 'mailcow';
 
           if ($mailboxdata['percent_in_use'] === '- ') {
             $mailboxdata['percent_class'] = "info";
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 6fec0c2f8..f7bd86d2d 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -362,6 +362,7 @@ function init_db_schema() {
           "custom_attributes" => "JSON NOT NULL DEFAULT ('{}')",
           "kind" => "VARCHAR(100) NOT NULL DEFAULT ''",
           "multiple_bookings" => "INT NOT NULL DEFAULT -1",
+          "authsource" => "ENUM('mailcow', 'keycloak') DEFAULT 'mailcow'",
           "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
           "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
           "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php
index 9c5203e7f..1a18ba92c 100644
--- a/data/web/inc/prerequisites.inc.php
+++ b/data/web/inc/prerequisites.inc.php
@@ -177,6 +177,7 @@ function get_remote_ip() {
 
 // Load core functions first
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.auth.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/sessions.inc.php';
 
 // IMAP lib
diff --git a/data/web/json_api.php b/data/web/json_api.php
index 28f8cac56..0b80bafd9 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -401,6 +401,26 @@ if (isset($_GET['query'])) {
           );
           echo json_encode($return);
         break;
+        case "login":
+          header('Content-Type: application/json');
+          $post = trim(file_get_contents('php://input'));
+          if ($post) {
+            $post = json_decode($post, true);
+          }
+
+          $return = array("success" => false, "role" => false);
+          if(!isset($post['username']) || !isset($post['password'])){
+            echo json_encode($return); 
+            return;
+          }
+          $result = check_login($post['username'], $post['password'], $post['protocol']);
+          if ($result) {
+            $return = array("success" => true, "role" => $result);
+          }
+
+          echo json_encode($return); 
+          return;
+        break;
       }
     break;
     case "get":
diff --git a/data/web/sogo-auth.php b/data/web/sogo-auth.php
index c34a60def..af6f851ba 100644
--- a/data/web/sogo-auth.php
+++ b/data/web/sogo-auth.php
@@ -11,7 +11,8 @@ $session_var_pass = 'sogo-sso-pass';
 // validate credentials for basic auth requests
 if (isset($_SERVER['PHP_AUTH_USER'])) {
   // load prerequisites only when required
-  require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+  require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.inc.php';
+  require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.auth.inc.php';
   $username = $_SERVER['PHP_AUTH_USER'];
   $password = $_SERVER['PHP_AUTH_PW'];
   $is_eas = false;
diff --git a/data/web/templates/edit/mailbox.twig b/data/web/templates/edit/mailbox.twig
index 8960ee938..52b4096cc 100644
--- a/data/web/templates/edit/mailbox.twig
+++ b/data/web/templates/edit/mailbox.twig
@@ -24,7 +24,13 @@
                   <input type="hidden" value="default" name="sender_acl">
                   <input type="hidden" value="0" name="force_pw_update">
                   <input type="hidden" value="0" name="sogo_access">
-                  <input type="hidden" value="0" name="protocol_access">
+                  <input type="hidden" value="0" name="protocol_access">      
+                  <div class="row mb-2">
+                    <label class="control-label col-sm-2">{{ lang.edit.full_name }}</label>
+                    <div class="col-sm-10">
+                      <span>{{ result.authsource }}</span>
+                    </div>
+                  </div>
                   <div class="row mb-2">
                     <label class="control-label col-sm-2" for="name">{{ lang.edit.full_name }}</label>
                     <div class="col-sm-10">
diff --git a/data/web/templates/modals/mailbox.twig b/data/web/templates/modals/mailbox.twig
index 22807c8d3..5d6ea535b 100644
--- a/data/web/templates/modals/mailbox.twig
+++ b/data/web/templates/modals/mailbox.twig
@@ -28,6 +28,15 @@
               </select>
             </div>
           </div>
+          <div class="row mb-2">
+            <label class="control-label col-sm-2 text-sm-end text-sm-end" for="authsource">{{ lang.add.domain }}</label>
+            <div class="col-sm-10">
+              <select class="full-width-select" data-live-search="true" id="addAuthsource" name="authsource" required>
+                <option selected>mailcow</option>
+                <option>keycloak</option>
+              </select>
+            </div>
+          </div>
           <div class="row mb-4">
             <label class="control-label col-sm-2 text-sm-end text-sm-end" for="name">{{ lang.add.full_name }}</label>
             <div class="col-sm-10">

From f6869da3a02b937d8f498476be1d7e95ab418e33 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Sun, 12 Mar 2023 19:08:09 +0100
Subject: [PATCH 040/755] [Web] manage keycloak identity provider

---
 data/web/admin.php                            |  3 +
 data/web/inc/functions.inc.php                | 68 +++++++++++++++++++
 data/web/inc/init_db.inc.php                  | 14 ++++
 data/web/inc/prerequisites.inc.php            | 18 +++++
 data/web/json_api.php                         |  4 ++
 data/web/templates/admin.twig                 |  2 +
 .../admin/tab-config-identity-providers.twig  | 58 ++++++++++++++++
 7 files changed, 167 insertions(+)
 create mode 100644 data/web/templates/admin/tab-config-identity-providers.twig

diff --git a/data/web/admin.php b/data/web/admin.php
index d0fcbc992..278ab61b8 100644
--- a/data/web/admin.php
+++ b/data/web/admin.php
@@ -86,6 +86,8 @@ $cors_settings['allowed_origins'] = str_replace(", ", "\n", $cors_settings['allo
 $cors_settings['allowed_methods'] = explode(", ", $cors_settings['allowed_methods']);
 
 $f2b_data = fail2ban('get');
+// identity provider
+$identity_provider_settings = identity_provider('get');
 
 $template = 'admin.twig';
 $template_data = [
@@ -117,6 +119,7 @@ $template_data = [
   'show_rspamd_global_filters' => @$_SESSION['show_rspamd_global_filters'],
   'cors_settings' => $cors_settings,
   'is_https' => isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on',
+  'identity_provider_settings' => $identity_provider_settings,
   'lang_admin' => json_encode($lang['admin']),
   'lang_datatables' => json_encode($lang['datatables'])
 ];
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 28cdc1797..11e0b5053 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2067,6 +2067,74 @@ function uuid4() {
 
   return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4));
 }
+function identity_provider($_action, $_data = null) {
+  global $pdo;
+
+  if ($_SESSION['mailcow_cc_role'] != "admin") {
+    $_SESSION['return'][] = array(
+      'type' => 'danger',
+      'log' => array(__FUNCTION__, $_action, $_data),
+      'msg' => 'access_denied'
+    );
+    return false;
+  }
+
+  switch ($_action) {
+    case 'get':
+      $settings = array();
+      $stmt = $pdo->prepare("SELECT * FROM `identity_provider`;");
+      $stmt->execute();
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      foreach($rows as $row){
+        $settings[$row["key"]] = $row["value"];
+      }
+      $_SESSION['return'][] =  array(
+        'type' => 'success',
+        'log' => array(__FUNCTION__, $_action, $settings),
+        'msg' => 'admin_api_modified'
+      );
+      return $settings;
+    case 'edit':
+      $required_settings = array('server_url', 'authsource', 'realm', 'client_id', 'client_secret', 'redirect_url', 'version');
+      foreach($required_settings as $setting){
+        if (!$_data[$setting]){
+          return false;
+        }
+      }
+      try {
+        $_SESSION['return'][] =  array(
+          'type' => 'success',
+          'log' => array(__FUNCTION__, $_action, $_data),
+          'msg' => '2'
+        );
+        $stmt = $pdo->prepare("INSERT INTO identity_provider (`key`, `value`) VALUES (:key, :value) ON DUPLICATE KEY UPDATE `value` = VALUES(`value`);");
+        $_SESSION['return'][] =  array(
+          'type' => 'success',
+          'log' => array(__FUNCTION__, $_action, $_data),
+          'msg' => '3'
+        );
+      } catch (Exception $e){
+        $_SESSION['return'][] =  array(
+          'type' => 'success',
+          'log' => array(__FUNCTION__, $_action, $_data, $e->getMessage()),
+          'msg' => 'post'
+        );
+        return;
+      }
+
+      foreach($_data as $key => $value){
+        if (!in_array($key, $required_settings)){
+          continue;
+        }
+
+        $stmt->bindParam(':key', $key);
+        $stmt->bindParam(':value', $value);
+        $stmt->execute();
+      }
+      return true;
+    break;
+  }
+}
 
 function get_logs($application, $lines = false) {
   if ($lines === false) {
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index f7bd86d2d..5cfb1cd62 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -568,6 +568,20 @@ function init_db_schema() {
         ),
         "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
       ),
+      "identity_provider" => array(
+        "cols" => array(
+          "key" => "VARCHAR(255) NOT NULL",
+          "value" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("key")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
       "logs" => array(
         "cols" => array(
           "id" => "INT NOT NULL AUTO_INCREMENT",
diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php
index 1a18ba92c..eac35be77 100644
--- a/data/web/inc/prerequisites.inc.php
+++ b/data/web/inc/prerequisites.inc.php
@@ -180,6 +180,24 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.auth.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/sessions.inc.php';
 
+// Init Keycloak Provider
+$identity_provider_settings = identity_provider('get');
+$keycloak_provider = null;
+if ($identity_provider_settings['server_url'] && $identity_provider_settings['realm'] && $identity_provider_settings['client_id'] &&
+    $identity_provider_settings['client_secret'] && $identity_provider_settings['redirect_url'] && $identity_provider_settings['version']){
+  $keycloak_provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
+    'authServerUrl'         => $identity_provider_settings['server_url'],
+    'realm'                 => $identity_provider_settings['realm'],
+    'clientId'              => $identity_provider_settings['client_id'],
+    'clientSecret'          => $identity_provider_settings['client_secret'],
+    'redirectUri'           => $identity_provider_settings['redirect_url'],
+    'version'               => $identity_provider_settings['version'],                            
+    // 'encryptionAlgorithm'   => 'RS256',                             // optional
+    // 'encryptionKeyPath'     => '../key.pem'                         // optional
+    // 'encryptionKey'         => 'contents_of_key_or_certificate'     // optional
+  ]);
+}
+
 // IMAP lib
 // use Ddeboer\Imap\Server;
 // $imap_server = new Server('dovecot', 143, '/imap/tls/novalidate-cert');
diff --git a/data/web/json_api.php b/data/web/json_api.php
index 0b80bafd9..769775cee 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -1710,6 +1710,8 @@ if (isset($_GET['query'])) {
             if ($score)
               $score = array("score" => preg_replace("/\s+/", "", $score));
             process_get_return($score);
+          case "identity_provider":
+            process_get_return(identity_provider('get'));
           break;
         break;
         // return no route found if no case is matched
@@ -2082,6 +2084,8 @@ if (isset($_GET['query'])) {
         break;
         case "cors":
           process_edit_return(cors('edit', $attr));
+        case "identity_provider":
+          process_edit_return(identity_provider('edit', $attr));
         break;
         // return no route found if no case is matched
         default:
diff --git a/data/web/templates/admin.twig b/data/web/templates/admin.twig
index 33f2422b5..53fdeadc1 100644
--- a/data/web/templates/admin.twig
+++ b/data/web/templates/admin.twig
@@ -7,6 +7,7 @@
       <a class="nav-link dropdown-toggle active" data-bs-toggle="dropdown" href="#" role="button" aria-expanded="false">{{ lang.admin.access }}</a>
       <ul class="dropdown-menu">
         <li><button class="dropdown-item active" data-bs-target="#tab-config-admins" aria-selected="false" aria-controls="tab-config-admins" role="tab" data-bs-toggle="tab">{{ lang.admin.admins }}</button></li>
+        <li><button class="dropdown-item" data-bs-target="#tab-config-identity-providers" aria-selected="false" aria-controls="tab-config-identity-providers" role="tab" data-bs-toggle="tab">Identity Providers</button></li>
         <!-- <li><button class="dropdown-item" data-bs-target="#tab-config-ldap-admins" aria-controls="tab-config-ldap-admins" role="tab" data-bs-toggle="tab">{{ lang.admin.admins_ldap }}</button></li> -->
         <li><button class="dropdown-item" data-bs-target="#tab-config-oauth2" aria-selected="false" aria-controls="tab-config-oauth2" role="tab" data-bs-toggle="tab">{{ lang.admin.oauth2_apps }}</button></li>
         <li><button class="dropdown-item" data-bs-target="#tab-config-rspamd" aria-selected="false" aria-controls="tab-config-rspamd" role="tab" data-bs-toggle="tab">Rspamd UI</button></li>
@@ -40,6 +41,7 @@
     <div class="col-md-12">
       <div class="tab-content" style="padding-top:20px">
         {% include 'admin/tab-config-admins.twig' %}
+        {% include 'admin/tab-config-identity-providers.twig' %}
         {# {% include 'admin/tab-ldap.twig' %} #}
         {% include 'admin/tab-config-oauth2.twig' %}
         {% include 'admin/tab-config-rspamd.twig' %}
diff --git a/data/web/templates/admin/tab-config-identity-providers.twig b/data/web/templates/admin/tab-config-identity-providers.twig
new file mode 100644
index 000000000..c81978db9
--- /dev/null
+++ b/data/web/templates/admin/tab-config-identity-providers.twig
@@ -0,0 +1,58 @@
+<div role="tabpanel" class="tab-pane fade" id="tab-config-identity-providers" role="tabpanel" aria-labelledby="tab-config-identity-providers">
+  <div class="card mb-4">
+    <div class="card-header d-flex fs-5">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-identity-providers" data-bs-toggle="collapse" aria-controls="collapse-tab-config-identity-providers">
+        {{ lang.admin.oauth2_apps }}
+      </button>
+      <span class="d-none d-md-block">{{ lang.admin.oauth2_apps }}</span>
+    </div>
+    <div id="collapse-tab-config-identity-providers" class="card-body collapse" data-bs-parent="#admin-content">
+      <form class="form-horizontal" autocapitalize="none" data-id="keycloak_sso" autocorrect="off" role="form" method="post">
+        <input type="hidden" name="authsource" value="keycloak">
+        <div class="row mb-2">
+          <label class="control-label col-sm-3 text-sm-end" for="keycloak_url">Server URL:</label>
+          <div class="col-sm-4">
+            <input type="text" class="form-control" id="keycloak_url" name="server_url" value="{{ identity_provider_settings.server_url }}" required>
+          </div>
+        </div>
+        <div class="row mb-2">
+          <label class="control-label col-sm-3 text-sm-end" for="keycloak_realm">Realm:</label>
+          <div class="col-sm-4">
+            <input type="text" class="form-control" id="keycloak_realm" name="realm" value="{{ identity_provider_settings.realm }}" required>
+          </div>
+        </div>
+        <div class="row mb-2">
+          <label class="control-label col-sm-3 text-sm-end" for="keycloak_client_id">Client Id:</label>
+          <div class="col-sm-4">
+            <input type="text" class="form-control" id="keycloak_client_id" name="client_id" value="{{ identity_provider_settings.client_id }}" required>
+          </div>
+        </div>
+        <div class="row mb-2">
+          <label class="control-label col-sm-3 text-sm-end" for="keycloak_client_secret">Client Secret:</label>
+          <div class="col-sm-4">
+            <input type="text" class="form-control" id="keycloak_client_secret" name="client_secret" value="{{ identity_provider_settings.client_secret }}" required>
+          </div>
+        </div>
+        <div class="row mb-2">
+          <label class="control-label col-sm-3 text-sm-end" for="keycloak_redirect_url">Redirect Url:</label>
+          <div class="col-sm-4">
+            <input type="text" class="form-control" id="keycloak_redirect_url" name="redirect_url" value="{{ identity_provider_settings.redirect_url }}" required>
+          </div>
+        </div>
+        <div class="row mb-2">
+          <label class="control-label col-sm-3 text-sm-end" for="keycloak_version">Keycloak Version:</label>
+          <div class="col-sm-4">
+            <input type="text" class="form-control" id="keycloak_version" name="version" value="{{ identity_provider_settings.version }}" required>
+          </div>
+        </div>
+        <div class="row mt-4 mb-2">
+          <div class="offset-sm-3 col-sm-9">
+            <div class="btn-group">
+              <button class="btn btn-sm d-block d-sm-inline btn-success" data-item="keycloak_sso" data-action="edit_selected" data-id="keycloak_sso" data-api-url='edit/identity_provider' data-api-attr='{}' href="#"><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
+            </div>
+          </div>
+        </div>
+      </form>
+    </div>
+  </div>
+</div>

From 0a77cad2dd7285b3cde1d5b382870e4e9fc1c21b Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 13 Mar 2023 08:54:50 +0100
Subject: [PATCH 041/755] [Web] limit identity_provider function better

---
 data/web/inc/functions.inc.php | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 11e0b5053..793e3e6b1 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2068,16 +2068,9 @@ function uuid4() {
   return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4));
 }
 function identity_provider($_action, $_data = null) {
+function identity_provider($_action, $_data = null, $hide_secret = false) {
   global $pdo;
 
-  if ($_SESSION['mailcow_cc_role'] != "admin") {
-    $_SESSION['return'][] = array(
-      'type' => 'danger',
-      'log' => array(__FUNCTION__, $_action, $_data),
-      'msg' => 'access_denied'
-    );
-    return false;
-  }
 
   switch ($_action) {
     case 'get':
@@ -2088,13 +2081,20 @@ function identity_provider($_action, $_data = null) {
       foreach($rows as $row){
         $settings[$row["key"]] = $row["value"];
       }
-      $_SESSION['return'][] =  array(
-        'type' => 'success',
-        'log' => array(__FUNCTION__, $_action, $settings),
-        'msg' => 'admin_api_modified'
-      );
+      if ($hide_secret){
+        $settings['client_secret'] = '***********************';
+      }
       return $settings;
     case 'edit':
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+
       $required_settings = array('server_url', 'authsource', 'realm', 'client_id', 'client_secret', 'redirect_url', 'version');
       foreach($required_settings as $setting){
         if (!$_data[$setting]){

From 9d8c1a01ace42d30710e7d301e81c0becaeab152 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 13 Mar 2023 08:58:39 +0100
Subject: [PATCH 042/755] [Web] remove u2f lib

---
 data/web/inc/lib/composer.lock                |  93 +--
 .../lib/vendor/composer/autoload_classmap.php |   5 -
 .../lib/vendor/composer/autoload_static.php   |   5 -
 .../inc/lib/vendor/composer/installed.json    |  93 ---
 .../web/inc/lib/vendor/composer/installed.php |  22 +-
 .../vendor/paragonie/random_compat/LICENSE    |  22 -
 .../paragonie/random_compat/build-phar.sh     |   5 -
 .../paragonie/random_compat/composer.json     |  34 -
 .../dist/random_compat.phar.pubkey            |   5 -
 .../dist/random_compat.phar.pubkey.asc        |  11 -
 .../paragonie/random_compat/lib/random.php    |  32 -
 .../random_compat/other/build_phar.php        |  57 --
 .../random_compat/psalm-autoload.php          |   9 -
 .../vendor/paragonie/random_compat/psalm.xml  |  19 -
 .../vendor/yubico/u2flib-server/.gitignore    |   7 -
 .../vendor/yubico/u2flib-server/.travis.yml   |  23 -
 .../inc/lib/vendor/yubico/u2flib-server/BLURB |   9 -
 .../lib/vendor/yubico/u2flib-server/COPYING   |  26 -
 .../inc/lib/vendor/yubico/u2flib-server/NEWS  |  34 -
 .../lib/vendor/yubico/u2flib-server/README    |  34 -
 .../vendor/yubico/u2flib-server/README.adoc   |   1 -
 .../vendor/yubico/u2flib-server/apigen.neon   |  13 -
 .../vendor/yubico/u2flib-server/composer.json |  18 -
 .../yubico/u2flib-server/do-source-release.sh |  40 --
 .../u2flib-server/examples/assets/u2f-api.js  | 651 ------------------
 .../examples/cli/u2f-server.phps              |  83 ---
 .../examples/localstorage/index.phps          | 186 -----
 .../u2flib-server/examples/pdo/index.phps     | 204 ------
 .../vendor/yubico/u2flib-server/phpunit.xml   |   9 -
 .../lib/vendor/yubico/u2flib-server/psalm.xml |  48 --
 .../u2flib-server/src/u2flib_server/U2F.php   | 563 ---------------
 31 files changed, 3 insertions(+), 2358 deletions(-)
 delete mode 100644 data/web/inc/lib/vendor/paragonie/random_compat/LICENSE
 delete mode 100755 data/web/inc/lib/vendor/paragonie/random_compat/build-phar.sh
 delete mode 100644 data/web/inc/lib/vendor/paragonie/random_compat/composer.json
 delete mode 100644 data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey
 delete mode 100644 data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey.asc
 delete mode 100644 data/web/inc/lib/vendor/paragonie/random_compat/lib/random.php
 delete mode 100644 data/web/inc/lib/vendor/paragonie/random_compat/other/build_phar.php
 delete mode 100644 data/web/inc/lib/vendor/paragonie/random_compat/psalm-autoload.php
 delete mode 100644 data/web/inc/lib/vendor/paragonie/random_compat/psalm.xml
 delete mode 100644 data/web/inc/lib/vendor/yubico/u2flib-server/.gitignore
 delete mode 100644 data/web/inc/lib/vendor/yubico/u2flib-server/.travis.yml
 delete mode 100644 data/web/inc/lib/vendor/yubico/u2flib-server/BLURB
 delete mode 100644 data/web/inc/lib/vendor/yubico/u2flib-server/COPYING
 delete mode 100644 data/web/inc/lib/vendor/yubico/u2flib-server/NEWS
 delete mode 100644 data/web/inc/lib/vendor/yubico/u2flib-server/README
 delete mode 120000 data/web/inc/lib/vendor/yubico/u2flib-server/README.adoc
 delete mode 100644 data/web/inc/lib/vendor/yubico/u2flib-server/apigen.neon
 delete mode 100644 data/web/inc/lib/vendor/yubico/u2flib-server/composer.json
 delete mode 100755 data/web/inc/lib/vendor/yubico/u2flib-server/do-source-release.sh
 delete mode 100644 data/web/inc/lib/vendor/yubico/u2flib-server/examples/assets/u2f-api.js
 delete mode 100755 data/web/inc/lib/vendor/yubico/u2flib-server/examples/cli/u2f-server.phps
 delete mode 100644 data/web/inc/lib/vendor/yubico/u2flib-server/examples/localstorage/index.phps
 delete mode 100644 data/web/inc/lib/vendor/yubico/u2flib-server/examples/pdo/index.phps
 delete mode 100644 data/web/inc/lib/vendor/yubico/u2flib-server/phpunit.xml
 delete mode 100644 data/web/inc/lib/vendor/yubico/u2flib-server/psalm.xml
 delete mode 100644 data/web/inc/lib/vendor/yubico/u2flib-server/src/u2flib_server/U2F.php

diff --git a/data/web/inc/lib/composer.lock b/data/web/inc/lib/composer.lock
index 758535375..7be7a7d43 100644
--- a/data/web/inc/lib/composer.lock
+++ b/data/web/inc/lib/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "139c1e5dec323144cd778ce80fd1847e",
+    "content-hash": "6c4a1dce9b5f22b95c5cd87ecf0eb333",
     "packages": [
         {
             "name": "bshaffer/oauth2-server-php",
@@ -541,56 +541,6 @@
             ],
             "time": "2022-02-13T18:13:33+00:00"
         },
-        {
-            "name": "paragonie/random_compat",
-            "version": "v9.99.100",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/paragonie/random_compat.git",
-                "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/paragonie/random_compat/zipball/996434e5492cb4c3edcb9168db6fbb1359ef965a",
-                "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a",
-                "shasum": ""
-            },
-            "require": {
-                "php": ">= 7"
-            },
-            "require-dev": {
-                "phpunit/phpunit": "4.*|5.*",
-                "vimeo/psalm": "^1"
-            },
-            "suggest": {
-                "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
-            },
-            "type": "library",
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "Paragon Initiative Enterprises",
-                    "email": "security@paragonie.com",
-                    "homepage": "https://paragonie.com"
-                }
-            ],
-            "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
-            "keywords": [
-                "csprng",
-                "polyfill",
-                "pseudorandom",
-                "random"
-            ],
-            "support": {
-                "email": "info@paragonie.com",
-                "issues": "https://github.com/paragonie/random_compat/issues",
-                "source": "https://github.com/paragonie/random_compat"
-            },
-            "time": "2020-10-15T08:29:30+00:00"
-        },
         {
             "name": "php-mime-mail-parser/php-mime-mail-parser",
             "version": "7.0.0",
@@ -1677,47 +1627,6 @@
                 }
             ],
             "time": "2022-09-28T08:42:51+00:00"
-        },
-        {
-            "name": "yubico/u2flib-server",
-            "version": "1.0.2",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/Yubico/php-u2flib-server.git",
-                "reference": "55d813acf68212ad2cadecde07551600d6971939"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/Yubico/php-u2flib-server/zipball/55d813acf68212ad2cadecde07551600d6971939",
-                "reference": "55d813acf68212ad2cadecde07551600d6971939",
-                "shasum": ""
-            },
-            "require": {
-                "ext-openssl": "*",
-                "paragonie/random_compat": ">= 1",
-                "php": ">=5.6"
-            },
-            "require-dev": {
-                "phpunit/phpunit": "~5.7",
-                "vimeo/psalm": "^0|^1|^2"
-            },
-            "type": "library",
-            "autoload": {
-                "classmap": [
-                    "src/"
-                ]
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "BSD-2-Clause"
-            ],
-            "description": "Library for U2F implementation",
-            "homepage": "https://developers.yubico.com/php-u2flib-server",
-            "support": {
-                "issues": "https://github.com/Yubico/php-u2flib-server/issues",
-                "source": "https://github.com/Yubico/php-u2flib-server/tree/1.0.2"
-            },
-            "time": "2018-09-07T08:16:44+00:00"
         }
     ],
     "packages-dev": [],
diff --git a/data/web/inc/lib/vendor/composer/autoload_classmap.php b/data/web/inc/lib/vendor/composer/autoload_classmap.php
index f3327f110..a986241bd 100644
--- a/data/web/inc/lib/vendor/composer/autoload_classmap.php
+++ b/data/web/inc/lib/vendor/composer/autoload_classmap.php
@@ -11,9 +11,4 @@ return array(
     'Stringable' => $vendorDir . '/symfony/polyfill-php80/Resources/stubs/Stringable.php',
     'UnhandledMatchError' => $vendorDir . '/symfony/polyfill-php80/Resources/stubs/UnhandledMatchError.php',
     'ValueError' => $vendorDir . '/symfony/polyfill-php80/Resources/stubs/ValueError.php',
-    'u2flib_server\\Error' => $vendorDir . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
-    'u2flib_server\\RegisterRequest' => $vendorDir . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
-    'u2flib_server\\Registration' => $vendorDir . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
-    'u2flib_server\\SignRequest' => $vendorDir . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
-    'u2flib_server\\U2F' => $vendorDir . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
 );
diff --git a/data/web/inc/lib/vendor/composer/autoload_static.php b/data/web/inc/lib/vendor/composer/autoload_static.php
index 94606e831..a819adf63 100644
--- a/data/web/inc/lib/vendor/composer/autoload_static.php
+++ b/data/web/inc/lib/vendor/composer/autoload_static.php
@@ -174,11 +174,6 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
         'Stringable' => __DIR__ . '/..' . '/symfony/polyfill-php80/Resources/stubs/Stringable.php',
         'UnhandledMatchError' => __DIR__ . '/..' . '/symfony/polyfill-php80/Resources/stubs/UnhandledMatchError.php',
         'ValueError' => __DIR__ . '/..' . '/symfony/polyfill-php80/Resources/stubs/ValueError.php',
-        'u2flib_server\\Error' => __DIR__ . '/..' . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
-        'u2flib_server\\RegisterRequest' => __DIR__ . '/..' . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
-        'u2flib_server\\Registration' => __DIR__ . '/..' . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
-        'u2flib_server\\SignRequest' => __DIR__ . '/..' . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
-        'u2flib_server\\U2F' => __DIR__ . '/..' . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
     );
 
     public static function getInitializer(ClassLoader $loader)
diff --git a/data/web/inc/lib/vendor/composer/installed.json b/data/web/inc/lib/vendor/composer/installed.json
index e21edcc68..d910fa544 100644
--- a/data/web/inc/lib/vendor/composer/installed.json
+++ b/data/web/inc/lib/vendor/composer/installed.json
@@ -551,59 +551,6 @@
             ],
             "install-path": "../nesbot/carbon"
         },
-        {
-            "name": "paragonie/random_compat",
-            "version": "v9.99.100",
-            "version_normalized": "9.99.100.0",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/paragonie/random_compat.git",
-                "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/paragonie/random_compat/zipball/996434e5492cb4c3edcb9168db6fbb1359ef965a",
-                "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a",
-                "shasum": ""
-            },
-            "require": {
-                "php": ">= 7"
-            },
-            "require-dev": {
-                "phpunit/phpunit": "4.*|5.*",
-                "vimeo/psalm": "^1"
-            },
-            "suggest": {
-                "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
-            },
-            "time": "2020-10-15T08:29:30+00:00",
-            "type": "library",
-            "installation-source": "dist",
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "Paragon Initiative Enterprises",
-                    "email": "security@paragonie.com",
-                    "homepage": "https://paragonie.com"
-                }
-            ],
-            "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
-            "keywords": [
-                "csprng",
-                "polyfill",
-                "pseudorandom",
-                "random"
-            ],
-            "support": {
-                "email": "info@paragonie.com",
-                "issues": "https://github.com/paragonie/random_compat/issues",
-                "source": "https://github.com/paragonie/random_compat"
-            },
-            "install-path": "../paragonie/random_compat"
-        },
         {
             "name": "php-mime-mail-parser/php-mime-mail-parser",
             "version": "7.0.0",
@@ -1730,46 +1677,6 @@
                 }
             ],
             "install-path": "../twig/twig"
-        },
-        {
-            "name": "yubico/u2flib-server",
-            "version": "1.0.2",
-            "version_normalized": "1.0.2.0",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/Yubico/php-u2flib-server.git",
-                "reference": "55d813acf68212ad2cadecde07551600d6971939"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/Yubico/php-u2flib-server/zipball/55d813acf68212ad2cadecde07551600d6971939",
-                "reference": "55d813acf68212ad2cadecde07551600d6971939",
-                "shasum": ""
-            },
-            "require": {
-                "ext-openssl": "*",
-                "paragonie/random_compat": ">= 1",
-                "php": ">=5.6"
-            },
-            "require-dev": {
-                "phpunit/phpunit": "~5.7",
-                "vimeo/psalm": "^0|^1|^2"
-            },
-            "time": "2018-09-07T08:16:44+00:00",
-            "type": "library",
-            "installation-source": "dist",
-            "autoload": {
-                "classmap": [
-                    "src/"
-                ]
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "BSD-2-Clause"
-            ],
-            "description": "Library for U2F implementation",
-            "homepage": "https://developers.yubico.com/php-u2flib-server",
-            "install-path": "../yubico/u2flib-server"
         }
     ],
     "dev": true,
diff --git a/data/web/inc/lib/vendor/composer/installed.php b/data/web/inc/lib/vendor/composer/installed.php
index c45f177e2..fa2ed8e5e 100644
--- a/data/web/inc/lib/vendor/composer/installed.php
+++ b/data/web/inc/lib/vendor/composer/installed.php
@@ -3,7 +3,7 @@
         'name' => '__root__',
         'pretty_version' => 'dev-master',
         'version' => 'dev-master',
-        'reference' => '8e0b1d8aee4af02311692cb031695cc2ac3850fd',
+        'reference' => 'a7e309f1c89c5579653fae00ec9655bb5f992ec6',
         'type' => 'library',
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
@@ -13,7 +13,7 @@
         '__root__' => array(
             'pretty_version' => 'dev-master',
             'version' => 'dev-master',
-            'reference' => '8e0b1d8aee4af02311692cb031695cc2ac3850fd',
+            'reference' => 'a7e309f1c89c5579653fae00ec9655bb5f992ec6',
             'type' => 'library',
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),
@@ -103,15 +103,6 @@
             'aliases' => array(),
             'dev_requirement' => false,
         ),
-        'paragonie/random_compat' => array(
-            'pretty_version' => 'v9.99.100',
-            'version' => '9.99.100.0',
-            'reference' => '996434e5492cb4c3edcb9168db6fbb1359ef965a',
-            'type' => 'library',
-            'install_path' => __DIR__ . '/../paragonie/random_compat',
-            'aliases' => array(),
-            'dev_requirement' => false,
-        ),
         'php-mime-mail-parser/php-mime-mail-parser' => array(
             'pretty_version' => '7.0.0',
             'version' => '7.0.0.0',
@@ -253,14 +244,5 @@
             'aliases' => array(),
             'dev_requirement' => false,
         ),
-        'yubico/u2flib-server' => array(
-            'pretty_version' => '1.0.2',
-            'version' => '1.0.2.0',
-            'reference' => '55d813acf68212ad2cadecde07551600d6971939',
-            'type' => 'library',
-            'install_path' => __DIR__ . '/../yubico/u2flib-server',
-            'aliases' => array(),
-            'dev_requirement' => false,
-        ),
     ),
 );
diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/LICENSE b/data/web/inc/lib/vendor/paragonie/random_compat/LICENSE
deleted file mode 100644
index 45c7017df..000000000
--- a/data/web/inc/lib/vendor/paragonie/random_compat/LICENSE
+++ /dev/null
@@ -1,22 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2015 Paragon Initiative Enterprises
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
-
diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/build-phar.sh b/data/web/inc/lib/vendor/paragonie/random_compat/build-phar.sh
deleted file mode 100755
index b4a5ba31c..000000000
--- a/data/web/inc/lib/vendor/paragonie/random_compat/build-phar.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/usr/bin/env bash
-
-basedir=$( dirname $( readlink -f ${BASH_SOURCE[0]} ) )
-
-php -dphar.readonly=0 "$basedir/other/build_phar.php" $*
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/composer.json b/data/web/inc/lib/vendor/paragonie/random_compat/composer.json
deleted file mode 100644
index f2b9c4e51..000000000
--- a/data/web/inc/lib/vendor/paragonie/random_compat/composer.json
+++ /dev/null
@@ -1,34 +0,0 @@
-{
-  "name":         "paragonie/random_compat",
-  "description":  "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
-  "keywords": [
-    "csprng",
-    "random",
-    "polyfill",
-    "pseudorandom"
-  ],
-  "license":      "MIT",
-  "type":         "library",
-  "authors": [
-    {
-      "name":     "Paragon Initiative Enterprises",
-      "email":    "security@paragonie.com",
-      "homepage": "https://paragonie.com"
-    }
-  ],
-  "support": {
-    "issues":     "https://github.com/paragonie/random_compat/issues",
-    "email":      "info@paragonie.com",
-    "source":     "https://github.com/paragonie/random_compat"
-  },
-  "require": {
-    "php": ">= 7"
-  },
-  "require-dev": {
-    "vimeo/psalm": "^1",
-    "phpunit/phpunit": "4.*|5.*"
-  },
-  "suggest": {
-    "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
-  }
-}
diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey b/data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey
deleted file mode 100644
index eb50ebfcd..000000000
--- a/data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN PUBLIC KEY-----
-MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEEd+wCqJDrx5B4OldM0dQE0ZMX+lx1ZWm
-pui0SUqD4G29L3NGsz9UhJ/0HjBdbnkhIK5xviT0X5vtjacF6ajgcCArbTB+ds+p
-+h7Q084NuSuIpNb6YPfoUFgC/CL9kAoc
------END PUBLIC KEY-----
diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey.asc b/data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey.asc
deleted file mode 100644
index 6a1d7f300..000000000
--- a/data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey.asc
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.22 (MingW32)
-
-iQEcBAABAgAGBQJWtW1hAAoJEGuXocKCZATaJf0H+wbZGgskK1dcRTsuVJl9IWip
-QwGw/qIKI280SD6/ckoUMxKDCJiFuPR14zmqnS36k7N5UNPnpdTJTS8T11jttSpg
-1LCmgpbEIpgaTah+cELDqFCav99fS+bEiAL5lWDAHBTE/XPjGVCqeehyPYref4IW
-NDBIEsvnHPHPLsn6X5jq4+Yj5oUixgxaMPiR+bcO4Sh+RzOVB6i2D0upWfRXBFXA
-NNnsg9/zjvoC7ZW73y9uSH+dPJTt/Vgfeiv52/v41XliyzbUyLalf02GNPY+9goV
-JHG1ulEEBJOCiUD9cE1PUIJwHA/HqyhHIvV350YoEFiHl8iSwm7SiZu5kPjaq74=
-=B6+8
------END PGP SIGNATURE-----
diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/lib/random.php b/data/web/inc/lib/vendor/paragonie/random_compat/lib/random.php
deleted file mode 100644
index c7731a56f..000000000
--- a/data/web/inc/lib/vendor/paragonie/random_compat/lib/random.php
+++ /dev/null
@@ -1,32 +0,0 @@
-<?php
-/**
- * Random_* Compatibility Library
- * for using the new PHP 7 random_* API in PHP 5 projects
- *
- * @version 2.99.99
- * @released 2018-06-06
- *
- * The MIT License (MIT)
- *
- * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-// NOP
diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/other/build_phar.php b/data/web/inc/lib/vendor/paragonie/random_compat/other/build_phar.php
deleted file mode 100644
index 70ef4b2ed..000000000
--- a/data/web/inc/lib/vendor/paragonie/random_compat/other/build_phar.php
+++ /dev/null
@@ -1,57 +0,0 @@
-<?php
-$dist = dirname(__DIR__).'/dist';
-if (!is_dir($dist)) {
-    mkdir($dist, 0755);
-}
-if (file_exists($dist.'/random_compat.phar')) {
-    unlink($dist.'/random_compat.phar');
-}
-$phar = new Phar(
-    $dist.'/random_compat.phar',
-    FilesystemIterator::CURRENT_AS_FILEINFO | \FilesystemIterator::KEY_AS_FILENAME,
-    'random_compat.phar'
-);
-rename(
-    dirname(__DIR__).'/lib/random.php', 
-    dirname(__DIR__).'/lib/index.php'
-);
-$phar->buildFromDirectory(dirname(__DIR__).'/lib');
-rename(
-    dirname(__DIR__).'/lib/index.php', 
-    dirname(__DIR__).'/lib/random.php'
-);
-
-/**
- * If we pass an (optional) path to a private key as a second argument, we will
- * sign the Phar with OpenSSL.
- * 
- * If you leave this out, it will produce an unsigned .phar!
- */
-if ($argc > 1) {
-    if (!@is_readable($argv[1])) {
-        echo 'Could not read the private key file:', $argv[1], "\n";
-        exit(255);
-    }
-    $pkeyFile = file_get_contents($argv[1]);
-    
-    $private = openssl_get_privatekey($pkeyFile);
-    if ($private !== false) {
-        $pkey = '';
-        openssl_pkey_export($private, $pkey);
-        $phar->setSignatureAlgorithm(Phar::OPENSSL, $pkey);
-        
-        /**
-         * Save the corresponding public key to the file
-         */
-        if (!@is_readable($dist.'/random_compat.phar.pubkey')) {
-            $details = openssl_pkey_get_details($private);
-            file_put_contents(
-                $dist.'/random_compat.phar.pubkey',
-                $details['key']
-            );
-        }
-    } else {
-        echo 'An error occurred reading the private key from OpenSSL.', "\n";
-        exit(255);
-    }
-}
diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/psalm-autoload.php b/data/web/inc/lib/vendor/paragonie/random_compat/psalm-autoload.php
deleted file mode 100644
index d71d1b818..000000000
--- a/data/web/inc/lib/vendor/paragonie/random_compat/psalm-autoload.php
+++ /dev/null
@@ -1,9 +0,0 @@
-<?php
-
-require_once 'lib/byte_safe_strings.php';
-require_once 'lib/cast_to_int.php';
-require_once 'lib/error_polyfill.php';
-require_once 'other/ide_stubs/libsodium.php';
-require_once 'lib/random.php';
-
-$int = random_int(0, 65536);
diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/psalm.xml b/data/web/inc/lib/vendor/paragonie/random_compat/psalm.xml
deleted file mode 100644
index 596d99dd6..000000000
--- a/data/web/inc/lib/vendor/paragonie/random_compat/psalm.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<?xml version="1.0"?>
-<psalm
-    autoloader="psalm-autoload.php"
-    stopOnFirstError="false"
-    useDocblockTypes="true"
->
-    <projectFiles>
-        <directory name="lib" />
-    </projectFiles>
-    <issueHandlers>
-        <RedundantConditionGivenDocblockType errorLevel="info" />
-        <UnresolvableInclude errorLevel="info" />
-        <DuplicateClass errorLevel="info" />
-        <InvalidOperand errorLevel="info" />
-        <UndefinedConstant errorLevel="info" />
-        <MissingReturnType errorLevel="info" />
-        <InvalidReturnType errorLevel="info" />
-    </issueHandlers>
-</psalm>
diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/.gitignore b/data/web/inc/lib/vendor/yubico/u2flib-server/.gitignore
deleted file mode 100644
index 0d968f1a6..000000000
--- a/data/web/inc/lib/vendor/yubico/u2flib-server/.gitignore
+++ /dev/null
@@ -1,7 +0,0 @@
-composer.lock
-vendor/
-.*.swp
-php-u2flib-server-*.tar.gz
-php-u2flib-server-*.tar.gz.sig
-apidocs/
-build/
diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/.travis.yml b/data/web/inc/lib/vendor/yubico/u2flib-server/.travis.yml
deleted file mode 100644
index beade3b00..000000000
--- a/data/web/inc/lib/vendor/yubico/u2flib-server/.travis.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-language: php
-sudo: false
-php:
-  - 7.0
-  - 7.1
-  - 7.2
-  - hhvm
-matrix:
-  include:
-    - php: 5.6
-      env: COVERALLS=true
-  allow_failures:
-    - php: hhvm
-
-before_script:
-  - composer install
-
-script:
-  - ./vendor/bin/psalm
-  - ./vendor/phpunit/phpunit/phpunit -c phpunit.xml
-
-after_success:
-  - test -z $COVERALLS || (composer require satooshi/php-coveralls && vendor/bin/coveralls -v)
diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/BLURB b/data/web/inc/lib/vendor/yubico/u2flib-server/BLURB
deleted file mode 100644
index c57974215..000000000
--- a/data/web/inc/lib/vendor/yubico/u2flib-server/BLURB
+++ /dev/null
@@ -1,9 +0,0 @@
-Author: Yubico
-Basename: php-u2flib-server
-Homepage: https://developers.yubico.com/php-u2flib-server
-License: BSD-2-Clause
-Name: Native U2F library in PHP
-Project: php-u2flib-server
-Summary: Native U2F library in PHP
-Yubico-Category: U2F projects
-Travis: https://travis-ci.org/Yubico/php-u2flib-server
diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/COPYING b/data/web/inc/lib/vendor/yubico/u2flib-server/COPYING
deleted file mode 100644
index 427c91756..000000000
--- a/data/web/inc/lib/vendor/yubico/u2flib-server/COPYING
+++ /dev/null
@@ -1,26 +0,0 @@
-Copyright (c) 2014 Yubico AB
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-    * Redistributions of source code must retain the above copyright
-      notice, this list of conditions and the following disclaimer.
-
-    * Redistributions in binary form must reproduce the above
-      copyright notice, this list of conditions and the following
-      disclaimer in the documentation and/or other materials provided
-      with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/NEWS b/data/web/inc/lib/vendor/yubico/u2flib-server/NEWS
deleted file mode 100644
index 496175edf..000000000
--- a/data/web/inc/lib/vendor/yubico/u2flib-server/NEWS
+++ /dev/null
@@ -1,34 +0,0 @@
-php-u2flib-server NEWS -- History of user-visible changes.
-
-* Version 1.0.2 (released 2018-09-07)
- ** Additional error checks.
- ** Add user presence check.
- ** Support single files for attestation root.
- ** Type safety, CSPRNG, avoid chr().
-
-* Version 1.0.1 (released 2017-05-09)
- ** Move examples to phps so they don't execute by default
- ** Use common challenge for multiple registrations
-
-* Version 1.0.0 (released 2016-02-19)
- ** Give an early error on openssl < 1.0
- ** Support devices with initial counter 0
- ** Fixes to examples
- ** Handle errorCode: 0 correctly
-
-* Version 0.1.0 (released 2015-03-03)
- ** Use openssl for all crypto instead of third party extensions.
- ** Properly check the request challenge on authenticate.
- ** Switch from returning error codes to throwing exceptions.
- ** Stop recommending composer for installation.
-
-* Version 0.0.2 (released 2014-10-24)
- ** Refactor the API to return objects instead of encoded objects.
- ** Add a second example that uses PDO to store registrations.
- ** Add documentation to the API.
- ** Check that randomness returned is good.
- ** Drop the unneeded mcrypt extension.
- ** More tests.
-
-* Version 0.0.1 (released 2014-10-16)
- ** Initial release.
diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/README b/data/web/inc/lib/vendor/yubico/u2flib-server/README
deleted file mode 100644
index 0116a270c..000000000
--- a/data/web/inc/lib/vendor/yubico/u2flib-server/README
+++ /dev/null
@@ -1,34 +0,0 @@
-php-u2flib-server
------------------
-
-image:https://travis-ci.org/Yubico/php-u2flib-server.svg?branch=master["Build Status", link="https://travis-ci.org/Yubico/php-u2flib-server"]
-image:https://coveralls.io/repos/Yubico/php-u2flib-server/badge.svg?branch=master&service=github["Coverage", link="https://coveralls.io/github/Yubico/php-u2flib-server?branch=master"]
-image:https://scrutinizer-ci.com/g/Yubico/php-u2flib-server/badges/quality-score.png?b=master["Scrutinizer Code Quality", link="https://scrutinizer-ci.com/g/Yubico/php-u2flib-server/?branch=master"]
-
-=== Introduction ===
-
-Serverside U2F library for PHP. Provides functionality for registering
-tokens and authentication with said tokens.
-
-To read more about U2F and how to use a U2F library, visit
-link:http://developers.yubico.com/U2F[developers.yubico.com/U2F].
-
-=== License ===
-
-The project is licensed under a BSD license.  See the file COPYING for
-exact wording.  For any copyright year range specified as YYYY-ZZZZ in
-this package note that the range specifies every single year in that
-closed interval.
-
-=== Dependencies ===
-
-The only dependency is the openssl extension to PHP that has to be enabled.
-
-A composer.json is included in the distribution to make things simpler for
-other project using composer.
-
-=== Tests ===
-
-To run the test suite link:https://phpunit.de[PHPUnit] is required. To run it, type:
-
- $ phpunit
diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/README.adoc b/data/web/inc/lib/vendor/yubico/u2flib-server/README.adoc
deleted file mode 120000
index 100b93820..000000000
--- a/data/web/inc/lib/vendor/yubico/u2flib-server/README.adoc
+++ /dev/null
@@ -1 +0,0 @@
-README
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/apigen.neon b/data/web/inc/lib/vendor/yubico/u2flib-server/apigen.neon
deleted file mode 100644
index bbb7071b5..000000000
--- a/data/web/inc/lib/vendor/yubico/u2flib-server/apigen.neon
+++ /dev/null
@@ -1,13 +0,0 @@
-destination: apidocs
-
-source:
-  - src/u2flib_server
-
-exclude:
-  - "*/tests/*"
-
-groups: none
-
-tree: false
-
-title: php-u2flib-server API
diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/composer.json b/data/web/inc/lib/vendor/yubico/u2flib-server/composer.json
deleted file mode 100644
index 3f2d9eab7..000000000
--- a/data/web/inc/lib/vendor/yubico/u2flib-server/composer.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-  "name":"yubico/u2flib-server",
-  "description":"Library for U2F implementation",
-  "homepage":"https://developers.yubico.com/php-u2flib-server",
-  "license":"BSD-2-Clause",
-  "require": {
-    "ext-openssl":"*",
-    "paragonie/random_compat": ">= 1",
-    "php": ">=5.6"
-  },
-  "autoload": {
-    "classmap": ["src/"]
-  },
-  "require-dev": {
-    "phpunit/phpunit": "~5.7",
-    "vimeo/psalm": "^0|^1|^2"
-  }
-}
diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/do-source-release.sh b/data/web/inc/lib/vendor/yubico/u2flib-server/do-source-release.sh
deleted file mode 100755
index 7e5017364..000000000
--- a/data/web/inc/lib/vendor/yubico/u2flib-server/do-source-release.sh
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/bin/sh
-
-set -e
-
-VERSION=$1
-PGP_KEYID=$2
-
-if [ "x$PGP_KEYID" = "x" ]; then
-  echo "try with $0 VERSION PGP_KEYID"
-  echo "example: $0 0.0.1 B2168C0A"
-  exit
-fi
-
-if ! head -3 NEWS  | grep -q "Version $VERSION .released `date -I`"; then
-  echo "You need to update date/version in NEWS"
-  exit
-fi
-
-if [ "x$YUBICO_GITHUB_REPO" = "x" ]; then
-  echo "you need to define YUBICO_GITHUB_REPO"
-  exit
-fi
-
-releasename=php-u2flib-server-${VERSION}
-
-git push
-git tag -u ${PGP_KEYID} -m $VERSION $VERSION
-git push --tags
-tmpdir=`mktemp -d /tmp/release.XXXXXX`
-releasedir=${tmpdir}/${releasename}
-mkdir -p $releasedir
-git archive $VERSION --format=tar | tar -xC $releasedir
-git2cl > $releasedir/ChangeLog
-cd $releasedir
-apigen generate
-cd -
-tar -cz --directory=$tmpdir --file=${releasename}.tar.gz $releasename
-gpg --detach-sign --default-key $PGP_KEYID ${releasename}.tar.gz
-$YUBICO_GITHUB_REPO/publish php-u2flib-server $VERSION ${releasename}.tar.gz*
-rm -rf $tmpdir
diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/examples/assets/u2f-api.js b/data/web/inc/lib/vendor/yubico/u2flib-server/examples/assets/u2f-api.js
deleted file mode 100644
index 0f06f50d6..000000000
--- a/data/web/inc/lib/vendor/yubico/u2flib-server/examples/assets/u2f-api.js
+++ /dev/null
@@ -1,651 +0,0 @@
-// Copyright 2014-2015 Google Inc. All rights reserved.
-//
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file or at
-// https://developers.google.com/open-source/licenses/bsd
-
-/**
- * @fileoverview The U2F api.
- */
-
-'use strict';
-
-/** Namespace for the U2F api.
- * @type {Object}
- */
-var u2f = u2f || {};
-
-/**
- * The U2F extension id
- * @type {string}
- * @const
- */
-u2f.EXTENSION_ID = 'kmendfapggjehodndflmmgagdbamhnfd';
-
-/**
- * Message types for messsages to/from the extension
- * @const
- * @enum {string}
- */
-u2f.MessageTypes = {
-    'U2F_REGISTER_REQUEST': 'u2f_register_request',
-    'U2F_SIGN_REQUEST': 'u2f_sign_request',
-    'U2F_REGISTER_RESPONSE': 'u2f_register_response',
-    'U2F_SIGN_RESPONSE': 'u2f_sign_response'
-};
-
-/**
- * Response status codes
- * @const
- * @enum {number}
- */
-u2f.ErrorCodes = {
-    'OK': 0,
-    'OTHER_ERROR': 1,
-    'BAD_REQUEST': 2,
-    'CONFIGURATION_UNSUPPORTED': 3,
-    'DEVICE_INELIGIBLE': 4,
-    'TIMEOUT': 5
-};
-
-/**
- * A message type for registration requests
- * @typedef {{
- *   type: u2f.MessageTypes,
- *   signRequests: Array<u2f.SignRequest>,
- *   registerRequests: ?Array<u2f.RegisterRequest>,
- *   timeoutSeconds: ?number,
- *   requestId: ?number
- * }}
- */
-u2f.Request;
-
-/**
- * A message for registration responses
- * @typedef {{
- *   type: u2f.MessageTypes,
- *   responseData: (u2f.Error | u2f.RegisterResponse | u2f.SignResponse),
- *   requestId: ?number
- * }}
- */
-u2f.Response;
-
-/**
- * An error object for responses
- * @typedef {{
- *   errorCode: u2f.ErrorCodes,
- *   errorMessage: ?string
- * }}
- */
-u2f.Error;
-
-/**
- * Data object for a single sign request.
- * @typedef {{
- *   version: string,
- *   challenge: string,
- *   keyHandle: string,
- *   appId: string
- * }}
- */
-u2f.SignRequest;
-
-/**
- * Data object for a sign response.
- * @typedef {{
- *   keyHandle: string,
- *   signatureData: string,
- *   clientData: string
- * }}
- */
-u2f.SignResponse;
-
-/**
- * Data object for a registration request.
- * @typedef {{
- *   version: string,
- *   challenge: string,
- *   appId: string
- * }}
- */
-u2f.RegisterRequest;
-
-/**
- * Data object for a registration response.
- * @typedef {{
- *   registrationData: string,
- *   clientData: string
- * }}
- */
-u2f.RegisterResponse;
-
-
-// Low level MessagePort API support
-
-/**
- * Sets up a MessagePort to the U2F extension using the
- * available mechanisms.
- * @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback
- */
-u2f.getMessagePort = function(callback) {
-    if (typeof chrome != 'undefined' && chrome.runtime) {
-        // The actual message here does not matter, but we need to get a reply
-        // for the callback to run. Thus, send an empty signature request
-        // in order to get a failure response.
-        var msg = {
-            type: u2f.MessageTypes.U2F_SIGN_REQUEST,
-            signRequests: []
-        };
-        chrome.runtime.sendMessage(u2f.EXTENSION_ID, msg, function() {
-            if (!chrome.runtime.lastError) {
-                // We are on a whitelisted origin and can talk directly
-                // with the extension.
-                u2f.getChromeRuntimePort_(callback);
-            } else {
-                // chrome.runtime was available, but we couldn't message
-                // the extension directly, use iframe
-                u2f.getIframePort_(callback);
-            }
-        });
-    } else if (u2f.isAndroidChrome_()) {
-        u2f.getAuthenticatorPort_(callback);
-    } else {
-        // chrome.runtime was not available at all, which is normal
-        // when this origin doesn't have access to any extensions.
-        u2f.getIframePort_(callback);
-    }
-};
-
-/**
- * Detect chrome running on android based on the browser's useragent.
- * @private
- */
-u2f.isAndroidChrome_ = function() {
-    var userAgent = navigator.userAgent;
-    return userAgent.indexOf('Chrome') != -1 &&
-        userAgent.indexOf('Android') != -1;
-};
-
-/**
- * Connects directly to the extension via chrome.runtime.connect
- * @param {function(u2f.WrappedChromeRuntimePort_)} callback
- * @private
- */
-u2f.getChromeRuntimePort_ = function(callback) {
-    var port = chrome.runtime.connect(u2f.EXTENSION_ID,
-        {'includeTlsChannelId': true});
-    setTimeout(function() {
-        callback(new u2f.WrappedChromeRuntimePort_(port));
-    }, 0);
-};
-
-/**
- * Return a 'port' abstraction to the Authenticator app.
- * @param {function(u2f.WrappedAuthenticatorPort_)} callback
- * @private
- */
-u2f.getAuthenticatorPort_ = function(callback) {
-    setTimeout(function() {
-        callback(new u2f.WrappedAuthenticatorPort_());
-    }, 0);
-};
-
-/**
- * A wrapper for chrome.runtime.Port that is compatible with MessagePort.
- * @param {Port} port
- * @constructor
- * @private
- */
-u2f.WrappedChromeRuntimePort_ = function(port) {
-    this.port_ = port;
-};
-
-/**
- * Format a return a sign request.
- * @param {Array<u2f.SignRequest>} signRequests
- * @param {number} timeoutSeconds
- * @param {number} reqId
- * @return {Object}
- */
-u2f.WrappedChromeRuntimePort_.prototype.formatSignRequest_ =
-    function(signRequests, timeoutSeconds, reqId) {
-        return {
-            type: u2f.MessageTypes.U2F_SIGN_REQUEST,
-            signRequests: signRequests,
-            timeoutSeconds: timeoutSeconds,
-            requestId: reqId
-        };
-    };
-
-/**
- * Format a return a register request.
- * @param {Array<u2f.SignRequest>} signRequests
- * @param {Array<u2f.RegisterRequest>} signRequests
- * @param {number} timeoutSeconds
- * @param {number} reqId
- * @return {Object}
- */
-u2f.WrappedChromeRuntimePort_.prototype.formatRegisterRequest_ =
-    function(signRequests, registerRequests, timeoutSeconds, reqId) {
-        return {
-            type: u2f.MessageTypes.U2F_REGISTER_REQUEST,
-            signRequests: signRequests,
-            registerRequests: registerRequests,
-            timeoutSeconds: timeoutSeconds,
-            requestId: reqId
-        };
-    };
-
-/**
- * Posts a message on the underlying channel.
- * @param {Object} message
- */
-u2f.WrappedChromeRuntimePort_.prototype.postMessage = function(message) {
-    this.port_.postMessage(message);
-};
-
-/**
- * Emulates the HTML 5 addEventListener interface. Works only for the
- * onmessage event, which is hooked up to the chrome.runtime.Port.onMessage.
- * @param {string} eventName
- * @param {function({data: Object})} handler
- */
-u2f.WrappedChromeRuntimePort_.prototype.addEventListener =
-    function(eventName, handler) {
-        var name = eventName.toLowerCase();
-        if (name == 'message' || name == 'onmessage') {
-            this.port_.onMessage.addListener(function(message) {
-                // Emulate a minimal MessageEvent object
-                handler({'data': message});
-            });
-        } else {
-            console.error('WrappedChromeRuntimePort only supports onMessage');
-        }
-    };
-
-/**
- * Wrap the Authenticator app with a MessagePort interface.
- * @constructor
- * @private
- */
-u2f.WrappedAuthenticatorPort_ = function() {
-    this.requestId_ = -1;
-    this.requestObject_ = null;
-}
-
-/**
- * Launch the Authenticator intent.
- * @param {Object} message
- */
-u2f.WrappedAuthenticatorPort_.prototype.postMessage = function(message) {
-    var intentLocation = /** @type {string} */ (message);
-    document.location = intentLocation;
-};
-
-/**
- * Emulates the HTML 5 addEventListener interface.
- * @param {string} eventName
- * @param {function({data: Object})} handler
- */
-u2f.WrappedAuthenticatorPort_.prototype.addEventListener =
-    function(eventName, handler) {
-        var name = eventName.toLowerCase();
-        if (name == 'message') {
-            var self = this;
-            /* Register a callback to that executes when
-             * chrome injects the response. */
-            window.addEventListener(
-                'message', self.onRequestUpdate_.bind(self, handler), false);
-        } else {
-            console.error('WrappedAuthenticatorPort only supports message');
-        }
-    };
-
-/**
- * Callback invoked  when a response is received from the Authenticator.
- * @param function({data: Object}) callback
- * @param {Object} message message Object
- */
-u2f.WrappedAuthenticatorPort_.prototype.onRequestUpdate_ =
-    function(callback, message) {
-        var messageObject = JSON.parse(message.data);
-        var intentUrl = messageObject['intentURL'];
-
-        var errorCode = messageObject['errorCode'];
-        var responseObject = null;
-        if (messageObject.hasOwnProperty('data')) {
-            responseObject = /** @type {Object} */ (
-                JSON.parse(messageObject['data']));
-            responseObject['requestId'] = this.requestId_;
-        }
-
-        /* Sign responses from the authenticator do not conform to U2F,
-         * convert to U2F here. */
-        responseObject = this.doResponseFixups_(responseObject);
-        callback({'data': responseObject});
-    };
-
-/**
- * Fixup the response provided by the Authenticator to conform with
- * the U2F spec.
- * @param {Object} responseData
- * @return {Object} the U2F compliant response object
- */
-u2f.WrappedAuthenticatorPort_.prototype.doResponseFixups_ =
-    function(responseObject) {
-        if (responseObject.hasOwnProperty('responseData')) {
-            return responseObject;
-        } else if (this.requestObject_['type'] != u2f.MessageTypes.U2F_SIGN_REQUEST) {
-            // Only sign responses require fixups.  If this is not a response
-            // to a sign request, then an internal error has occurred.
-            return {
-                'type': u2f.MessageTypes.U2F_REGISTER_RESPONSE,
-                'responseData': {
-                    'errorCode': u2f.ErrorCodes.OTHER_ERROR,
-                    'errorMessage': 'Internal error: invalid response from Authenticator'
-                }
-            };
-        }
-
-        /* Non-conformant sign response, do fixups. */
-        var encodedChallengeObject = responseObject['challenge'];
-        if (typeof encodedChallengeObject !== 'undefined') {
-            var challengeObject = JSON.parse(atob(encodedChallengeObject));
-            var serverChallenge = challengeObject['challenge'];
-            var challengesList = this.requestObject_['signData'];
-            var requestChallengeObject = null;
-            for (var i = 0; i < challengesList.length; i++) {
-                var challengeObject = challengesList[i];
-                if (challengeObject['keyHandle'] == responseObject['keyHandle']) {
-                    requestChallengeObject = challengeObject;
-                    break;
-                }
-            }
-        }
-        var responseData = {
-            'errorCode': responseObject['resultCode'],
-            'keyHandle': responseObject['keyHandle'],
-            'signatureData': responseObject['signature'],
-            'clientData': encodedChallengeObject
-        };
-        return {
-            'type': u2f.MessageTypes.U2F_SIGN_RESPONSE,
-            'responseData': responseData,
-            'requestId': responseObject['requestId']
-        }
-    };
-
-/**
- * Base URL for intents to Authenticator.
- * @const
- * @private
- */
-u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ =
-    'intent:#Intent;action=com.google.android.apps.authenticator.AUTHENTICATE';
-
-/**
- * Format a return a sign request.
- * @param {Array<u2f.SignRequest>} signRequests
- * @param {number} timeoutSeconds (ignored for now)
- * @param {number} reqId
- * @return {string}
- */
-u2f.WrappedAuthenticatorPort_.prototype.formatSignRequest_ =
-    function(signRequests, timeoutSeconds, reqId) {
-        if (!signRequests || signRequests.length == 0) {
-            return null;
-        }
-        /* TODO(fixme): stash away requestId, as the authenticator app does
-         * not return it for sign responses. */
-        this.requestId_ = reqId;
-        /* TODO(fixme): stash away the signRequests, to deal with the legacy
-         * response format returned by the Authenticator app. */
-        this.requestObject_ = {
-            'type': u2f.MessageTypes.U2F_SIGN_REQUEST,
-            'signData': signRequests,
-            'requestId': reqId,
-            'timeout': timeoutSeconds
-        };
-
-        var appId = signRequests[0]['appId'];
-        var intentUrl =
-            u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ +
-            ';S.appId=' + encodeURIComponent(appId) +
-            ';S.eventId=' + reqId +
-            ';S.challenges=' +
-            encodeURIComponent(
-                JSON.stringify(this.getBrowserDataList_(signRequests))) + ';end';
-        return intentUrl;
-    };
-
-/**
- * Get the browser data objects from the challenge list
- * @param {Array} challenges list of challenges
- * @return {Array} list of browser data objects
- * @private
- */
-u2f.WrappedAuthenticatorPort_
-    .prototype.getBrowserDataList_ = function(challenges) {
-    return challenges
-        .map(function(challenge) {
-            var browserData = {
-                'typ': 'navigator.id.getAssertion',
-                'challenge': challenge['challenge']
-            };
-            var challengeObject = {
-                'challenge' : browserData,
-                'keyHandle' : challenge['keyHandle']
-            };
-            return challengeObject;
-        });
-};
-
-/**
- * Format a return a register request.
- * @param {Array<u2f.SignRequest>} signRequests
- * @param {Array<u2f.RegisterRequest>} enrollChallenges
- * @param {number} timeoutSeconds (ignored for now)
- * @param {number} reqId
- * @return {Object}
- */
-u2f.WrappedAuthenticatorPort_.prototype.formatRegisterRequest_ =
-    function(signRequests, enrollChallenges, timeoutSeconds, reqId) {
-        if (!enrollChallenges || enrollChallenges.length == 0) {
-            return null;
-        }
-        // Assume the appId is the same for all enroll challenges.
-        var appId = enrollChallenges[0]['appId'];
-        var registerRequests = [];
-        for (var i = 0; i < enrollChallenges.length; i++) {
-            var registerRequest = {
-                'challenge': enrollChallenges[i]['challenge'],
-                'version': enrollChallenges[i]['version']
-            };
-            if (enrollChallenges[i]['appId'] != appId) {
-                // Only include the appId when it differs from the first appId.
-                registerRequest['appId'] = enrollChallenges[i]['appId'];
-            }
-            registerRequests.push(registerRequest);
-        }
-        var registeredKeys = [];
-        if (signRequests) {
-            for (i = 0; i < signRequests.length; i++) {
-                var key = {
-                    'keyHandle': signRequests[i]['keyHandle'],
-                    'version': signRequests[i]['version']
-                };
-                // Only include the appId when it differs from the appId that's
-                // being registered now.
-                if (signRequests[i]['appId'] != appId) {
-                    key['appId'] = signRequests[i]['appId'];
-                }
-                registeredKeys.push(key);
-            }
-        }
-        var request = {
-            'type': u2f.MessageTypes.U2F_REGISTER_REQUEST,
-            'appId': appId,
-            'registerRequests': registerRequests,
-            'registeredKeys': registeredKeys,
-            'requestId': reqId,
-            'timeoutSeconds': timeoutSeconds
-        };
-        var intentUrl =
-            u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ +
-            ';S.request=' + encodeURIComponent(JSON.stringify(request)) +
-            ';end';
-        /* TODO(fixme): stash away requestId, this is is not necessary for
-         * register requests, but here to keep parity with sign.
-         */
-        this.requestId_ = reqId;
-        return intentUrl;
-    };
-
-
-/**
- * Sets up an embedded trampoline iframe, sourced from the extension.
- * @param {function(MessagePort)} callback
- * @private
- */
-u2f.getIframePort_ = function(callback) {
-    // Create the iframe
-    var iframeOrigin = 'chrome-extension://' + u2f.EXTENSION_ID;
-    var iframe = document.createElement('iframe');
-    iframe.src = iframeOrigin + '/u2f-comms.html';
-    iframe.setAttribute('style', 'display:none');
-    document.body.appendChild(iframe);
-
-    var channel = new MessageChannel();
-    var ready = function(message) {
-        if (message.data == 'ready') {
-            channel.port1.removeEventListener('message', ready);
-            callback(channel.port1);
-        } else {
-            console.error('First event on iframe port was not "ready"');
-        }
-    };
-    channel.port1.addEventListener('message', ready);
-    channel.port1.start();
-
-    iframe.addEventListener('load', function() {
-        // Deliver the port to the iframe and initialize
-        iframe.contentWindow.postMessage('init', iframeOrigin, [channel.port2]);
-    });
-};
-
-
-// High-level JS API
-
-/**
- * Default extension response timeout in seconds.
- * @const
- */
-u2f.EXTENSION_TIMEOUT_SEC = 30;
-
-/**
- * A singleton instance for a MessagePort to the extension.
- * @type {MessagePort|u2f.WrappedChromeRuntimePort_}
- * @private
- */
-u2f.port_ = null;
-
-/**
- * Callbacks waiting for a port
- * @type {Array<function((MessagePort|u2f.WrappedChromeRuntimePort_))>}
- * @private
- */
-u2f.waitingForPort_ = [];
-
-/**
- * A counter for requestIds.
- * @type {number}
- * @private
- */
-u2f.reqCounter_ = 0;
-
-/**
- * A map from requestIds to client callbacks
- * @type {Object.<number,(function((u2f.Error|u2f.RegisterResponse))
- *                       |function((u2f.Error|u2f.SignResponse)))>}
- * @private
- */
-u2f.callbackMap_ = {};
-
-/**
- * Creates or retrieves the MessagePort singleton to use.
- * @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback
- * @private
- */
-u2f.getPortSingleton_ = function(callback) {
-    if (u2f.port_) {
-        callback(u2f.port_);
-    } else {
-        if (u2f.waitingForPort_.length == 0) {
-            u2f.getMessagePort(function(port) {
-                u2f.port_ = port;
-                u2f.port_.addEventListener('message',
-                    /** @type {function(Event)} */ (u2f.responseHandler_));
-
-                // Careful, here be async callbacks. Maybe.
-                while (u2f.waitingForPort_.length)
-                    u2f.waitingForPort_.shift()(u2f.port_);
-            });
-        }
-        u2f.waitingForPort_.push(callback);
-    }
-};
-
-/**
- * Handles response messages from the extension.
- * @param {MessageEvent.<u2f.Response>} message
- * @private
- */
-u2f.responseHandler_ = function(message) {
-    var response = message.data;
-    var reqId = response['requestId'];
-    if (!reqId || !u2f.callbackMap_[reqId]) {
-        console.error('Unknown or missing requestId in response.');
-        return;
-    }
-    var cb = u2f.callbackMap_[reqId];
-    delete u2f.callbackMap_[reqId];
-    cb(response['responseData']);
-};
-
-/**
- * Dispatches an array of sign requests to available U2F tokens.
- * @param {Array<u2f.SignRequest>} signRequests
- * @param {function((u2f.Error|u2f.SignResponse))} callback
- * @param {number=} opt_timeoutSeconds
- */
-u2f.sign = function(signRequests, callback, opt_timeoutSeconds) {
-    u2f.getPortSingleton_(function(port) {
-        var reqId = ++u2f.reqCounter_;
-        u2f.callbackMap_[reqId] = callback;
-        var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ?
-            opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC);
-        var req = port.formatSignRequest_(signRequests, timeoutSeconds, reqId);
-        port.postMessage(req);
-    });
-};
-
-/**
- * Dispatches register requests to available U2F tokens. An array of sign
- * requests identifies already registered tokens.
- * @param {Array<u2f.RegisterRequest>} registerRequests
- * @param {Array<u2f.SignRequest>} signRequests
- * @param {function((u2f.Error|u2f.RegisterResponse))} callback
- * @param {number=} opt_timeoutSeconds
- */
-u2f.register = function(registerRequests, signRequests,
-                        callback, opt_timeoutSeconds) {
-    u2f.getPortSingleton_(function(port) {
-        var reqId = ++u2f.reqCounter_;
-        u2f.callbackMap_[reqId] = callback;
-        var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ?
-            opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC);
-        var req = port.formatRegisterRequest_(
-            signRequests, registerRequests, timeoutSeconds, reqId);
-        port.postMessage(req);
-    });
-};
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/examples/cli/u2f-server.phps b/data/web/inc/lib/vendor/yubico/u2flib-server/examples/cli/u2f-server.phps
deleted file mode 100755
index 8acb66a4d..000000000
--- a/data/web/inc/lib/vendor/yubico/u2flib-server/examples/cli/u2f-server.phps
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/usr/bin/php
-<?php
-
- /* Copyright (c) 2015 Yubico AB
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are
- * met:
- *
- *   * Redistributions of source code must retain the above copyright
- *     notice, this list of conditions and the following disclaimer.
- *
- *   * Redistributions in binary form must reproduce the above
- *     copyright notice, this list of conditions and the following
- *     disclaimer in the documentation and/or other materials provided
- *     with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * This is a basic example of a u2f-server command line that can be used 
- * with the u2f-host binary to perform regitrations and authentications.
- */ 
-
-require_once('../../src/u2flib_server/U2F.php');
-
-$options = getopt("rao:R:");
-$mode;
-$challenge;
-$response;
-$result;
-$regs;
-
-if(array_key_exists('r', $options)) {
-  $mode = "register";
-} elseif(array_key_exists('a', $options)) {
-  if(!array_key_exists('R', $options)) {
-    print "a registration must be supplied with -R";
-    exit(1);
-  }
-  $regs = json_decode('[' . $options['R'] . ']');
-  $mode = "authenticate";
-} else {
-  print "-r or -a must be used\n";
-  exit(1);
-}
-if(!array_key_exists('o', $options)) {
-  print "origin must be supplied with -o\n";
-  exit(1);
-}
-
-$u2f = new u2flib_server\U2F($options['o']);
-
-if($mode === "register") {
-  $challenge = $u2f->getRegisterData();
-} elseif($mode === "authenticate") {
-  $challenge = $u2f->getAuthenticateData($regs);
-}
-
-print json_encode($challenge[0]) . "\n";
-$response = fgets(STDIN);
-
-if($mode === "register") {
-  $result = $u2f->doRegister($challenge[0], json_decode($response));
-} elseif($mode === "authenticate") {
-  $result = $u2f->doAuthenticate($challenge, $regs, json_decode($response));
-}
-
-print json_encode($result) . "\n";
-
-?>
diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/examples/localstorage/index.phps b/data/web/inc/lib/vendor/yubico/u2flib-server/examples/localstorage/index.phps
deleted file mode 100644
index d840dd36a..000000000
--- a/data/web/inc/lib/vendor/yubico/u2flib-server/examples/localstorage/index.phps
+++ /dev/null
@@ -1,186 +0,0 @@
-<?php
-/**
- * Copyright (c) 2014 Yubico AB
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are
- * met:
- *
- *   * Redistributions of source code must retain the above copyright
- *     notice, this list of conditions and the following disclaimer.
- *
- *   * Redistributions in binary form must reproduce the above
- *     copyright notice, this list of conditions and the following
- *     disclaimer in the documentation and/or other materials provided
- *     with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * This is a minimal example of U2F registration and authentication.
- * The data that has to be stored between registration and authentication
- * is stored in browser localStorage, so there's nothing real-world
- * about this.
- */
-require_once('../../src/u2flib_server/U2F.php');
-$scheme = isset($_SERVER['HTTPS']) ? "https://" : "http://";
-$u2f = new u2flib_server\U2F($scheme . $_SERVER['HTTP_HOST']);
-?>
-<html>
-<head>
-    <title>PHP U2F Demo</title>
-
-    <script src="../assets/u2f-api.js"></script>
-
-    <script>
-        function addRegistration(reg) {
-            var existing = localStorage.getItem('u2fregistration');
-            var regobj = JSON.parse(reg);
-            var data = null;
-            if(existing) {
-                data = JSON.parse(existing);
-                if(Array.isArray(data)) {
-                    for (var i = 0; i < data.length; i++) {
-                        if(data[i].keyHandle === regobj.keyHandle) {
-                            data.splice(i,1);
-                            break;
-                        }
-                    }
-                    data.push(regobj);
-                } else {
-                    data = null;
-                }
-            }
-            if(data == null) {
-                data = [regobj];
-            }
-            localStorage.setItem('u2fregistration', JSON.stringify(data));
-        }
-        <?php
-        function fixupArray($data) {
-            $ret = array();
-            $decoded = json_decode($data);
-            foreach ($decoded as $d) {
-                $ret[] = json_encode($d);
-            }
-            return $ret;
-        }
-        if($_SERVER['REQUEST_METHOD'] === 'POST') {
-            if(isset($_POST['startRegister'])) {
-                $regs = json_decode($_POST['registrations']) ? : array();
-                list($data, $reqs) = $u2f->getRegisterData($regs);
-                echo "var request = " . json_encode($data) . ";\n";
-                echo "var signs = " . json_encode($reqs) . ";\n";
-        ?>
-        setTimeout(function() {
-            console.log("Register: ", request);
-            u2f.register([request], signs, function(data) {
-                var form = document.getElementById('form');
-                var reg = document.getElementById('doRegister');
-                var req = document.getElementById('request');
-                console.log("Register callback", data);
-                if(data.errorCode && data.errorCode != 0) {
-                    alert("registration failed with errror: " + data.errorCode);
-                    return;
-                }
-                reg.value=JSON.stringify(data);
-                req.value=JSON.stringify(request);
-                form.submit();
-            });
-        }, 1000);
-        <?php
-            } else if($_POST['doRegister']) {
-                try {
-                    $data = $u2f->doRegister(json_decode($_POST['request']), json_decode($_POST['doRegister']));
-                    echo "var registration = '" . json_encode($data) . "';\n";
-        ?>
-        addRegistration(registration);
-        alert("registration successful!");
-        <?php
-                } catch(u2flib_server\Error $e) {
-                    echo "alert('error:" . $e->getMessage() . "');\n";
-                }
-            } else if(isset($_POST['startAuthenticate'])) {
-                $regs = json_decode($_POST['registrations']);
-                $data = $u2f->getAuthenticateData($regs);
-                echo "var registrations = " . $_POST['registrations'] . ";\n";
-                echo "var request = " . json_encode($data) . ";\n";
-        ?>
-        setTimeout(function() {
-            console.log("sign: ", request);
-            u2f.sign(request, function(data) {
-                var form = document.getElementById('form');
-                var reg = document.getElementById('doAuthenticate');
-                var req = document.getElementById('request');
-                var regs = document.getElementById('registrations');
-                console.log("Authenticate callback", data);
-                reg.value=JSON.stringify(data);
-                req.value=JSON.stringify(request);
-                regs.value=JSON.stringify(registrations);
-                form.submit();
-            });
-        }, 1000);
-        <?php
-            } else if($_POST['doAuthenticate']) {
-                $reqs = json_decode($_POST['request']);
-                $regs = json_decode($_POST['registrations']);
-                try {
-                    $data = $u2f->doAuthenticate($reqs, $regs, json_decode($_POST['doAuthenticate']));
-                    echo "var registration = '" . json_encode($data) . "';\n";
-                    echo "addRegistration(registration);\n";
-                    echo "alert('Authentication successful, counter:" . $data->counter . "');\n";
-                } catch(u2flib_server\Error $e) {
-                    echo "alert('error:" . $e->getMessage() . "');\n";
-                }
-            }
-        }
-        ?>
-    </script>
-
-</head>
-<body>
-<form method="POST" id="form">
-    <button name="startRegister" type="submit">Register</button>
-    <input type="hidden" name="doRegister" id="doRegister"/>
-    <button name="startAuthenticate" type="submit" id="startAuthenticate">Authenticate</button>
-    <input type="hidden" name="doAuthenticate" id="doAuthenticate"/>
-    <input type="hidden" name="request" id="request"/>
-    <input type="hidden" name="registrations" id="registrations"/>
-</form>
-
-<p>
-    <span id="registered">0</span> Authenticators currently registered.
-</p>
-
-<script>
-    var reg = localStorage.getItem('u2fregistration');
-    var auth = document.getElementById('startAuthenticate');
-    if(reg == null) {
-        auth.disabled = true;
-    } else {
-        var regs = document.getElementById('registrations');
-        decoded = JSON.parse(reg);
-        if(!Array.isArray(decoded)) {
-            auth.disabled = true;
-        } else {
-            regs.value = reg;
-            console.log("set the registrations to : ", reg);
-            var regged = document.getElementById('registered');
-            regged.innerHTML = decoded.length;
-        }
-    }
-</script>
-</body>
-</html>
diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/examples/pdo/index.phps b/data/web/inc/lib/vendor/yubico/u2flib-server/examples/pdo/index.phps
deleted file mode 100644
index c04d63e24..000000000
--- a/data/web/inc/lib/vendor/yubico/u2flib-server/examples/pdo/index.phps
+++ /dev/null
@@ -1,204 +0,0 @@
-<?php
-/**
- * Copyright (c) 2014 Yubico AB
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are
- * met:
- *
- *   * Redistributions of source code must retain the above copyright
- *     notice, this list of conditions and the following disclaimer.
- *
- *   * Redistributions in binary form must reproduce the above
- *     copyright notice, this list of conditions and the following
- *     disclaimer in the documentation and/or other materials provided
- *     with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * This is a simple example using PDO and a sqlite database for storing
- * registrations. It supports multiple registrations associated with each user.
- */
-
-require_once('../../src/u2flib_server/U2F.php');
-
-$dbfile = '/var/tmp/u2f-pdo.sqlite';
-
-$pdo = new PDO("sqlite:$dbfile");
-$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
-$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ);
-
-$pdo->exec("create table if not exists users (id integer primary key, name varchar(255))");
-$pdo->exec("create table if not exists registrations (id integer primary key, user_id integer, keyHandle varchar(255), publicKey varchar(255), certificate text, counter integer)");
-
-$scheme = isset($_SERVER['HTTPS']) ? "https://" : "http://";
-$u2f = new u2flib_server\U2F($scheme . $_SERVER['HTTP_HOST']);
-
-session_start();
-
-function createAndGetUser($name) {
-    global $pdo;
-    $sel = $pdo->prepare("select * from users where name = ?");
-    $sel->execute(array($name));
-    $user = $sel->fetch();
-    if(!$user) {
-        $ins = $pdo->prepare("insert into users (name) values(?)");
-        $ins->execute(array($name));
-        $sel->execute(array($name));
-        $user = $sel->fetch();
-    }
-    return $user;
-}
-
-function getRegs($user_id) {
-    global $pdo;
-    $sel = $pdo->prepare("select * from registrations where user_id = ?");
-    $sel->execute(array($user_id));
-    return $sel->fetchAll();
-}
-
-function addReg($user_id, $reg) {
-    global $pdo;
-    $ins = $pdo->prepare("insert into registrations (user_id, keyHandle, publicKey, certificate, counter) values (?, ?, ?, ?, ?)");
-    $ins->execute(array($user_id, $reg->keyHandle, $reg->publicKey, $reg->certificate, $reg->counter));
-}
-
-function updateReg($reg) {
-    global $pdo;
-    $upd = $pdo->prepare("update registrations set counter = ? where id = ?");
-    $upd->execute(array($reg->counter, $reg->id));
-}
-
-?>
-
-<html>
-<head>
-    <title>PHP U2F example</title>
-
-    <script src="../assets/u2f-api.js"></script>
-
-    <script>
-        <?php
-
-        if($_SERVER['REQUEST_METHOD'] === 'POST') {
-          if(!$_POST['username']) {
-            echo "alert('no username provided!');";
-          } else if(!isset($_POST['action']) && !isset($_POST['register2']) && !isset($_POST['authenticate2'])) {
-            echo "alert('no action provided!');";
-          } else {
-            $user = createAndGetUser($_POST['username']);
-
-            if(isset($_POST['action'])) {
-              switch($_POST['action']):
-                case 'register':
-                  try {
-                    $data = $u2f->getRegisterData(getRegs($user->id));
-
-                    list($req,$sigs) = $data;
-                    $_SESSION['regReq'] = json_encode($req);
-                    echo "var req = " . json_encode($req) . ";";
-                    echo "var sigs = " . json_encode($sigs) . ";";
-                    echo "var username = '" . $user->name . "';";
-        ?>
-        setTimeout(function() {
-            console.log("Register: ", req);
-            u2f.register([req], sigs, function(data) {
-                var form = document.getElementById('form');
-                var reg = document.getElementById('register2');
-                var user = document.getElementById('username');
-                console.log("Register callback", data);
-                if(data.errorCode && errorCode != 0) {
-                    alert("registration failed with errror: " + data.errorCode);
-                    return;
-                }
-                reg.value = JSON.stringify(data);
-                user.value = username;
-                form.submit();
-            });
-        }, 1000);
-        <?php
-                  } catch( Exception $e ) {
-                    echo "alert('error: " . $e->getMessage() . "');";
-                  }
-
-                  break;
-
-                case 'authenticate':
-                  try {
-                    $reqs = json_encode($u2f->getAuthenticateData(getRegs($user->id)));
-
-                    $_SESSION['authReq'] = $reqs;
-                    echo "var req = $reqs;";
-                    echo "var username = '" . $user->name . "';";
-        ?>
-        setTimeout(function() {
-            console.log("sign: ", req);
-            u2f.sign(req, function(data) {
-                var form = document.getElementById('form');
-                var auth = document.getElementById('authenticate2');
-                var user = document.getElementById('username');
-                console.log("Authenticate callback", data);
-                auth.value=JSON.stringify(data);
-                user.value = username;
-                form.submit();
-            });
-        }, 1000);
-        <?php
-                  } catch( Exception $e ) {
-                    echo "alert('error: " . $e->getMessage() . "');";
-                  }
-
-                  break;
-
-              endswitch;
-            } else if($_POST['register2']) {
-              try {
-                $reg = $u2f->doRegister(json_decode($_SESSION['regReq']), json_decode($_POST['register2']));
-                addReg($user->id, $reg);
-              } catch( Exception $e ) {
-                echo "alert('error: " . $e->getMessage() . "');";
-              } finally {
-                $_SESSION['regReq'] = null;
-              }
-            } else if($_POST['authenticate2']) {
-              try {
-                $reg = $u2f->doAuthenticate(json_decode($_SESSION['authReq']), getRegs($user->id), json_decode($_POST['authenticate2']));
-                updateReg($reg);
-                echo "alert('success: " . $reg->counter . "');";
-              } catch( Exception $e ) {
-                echo "alert('error: " . $e->getMessage() . "');";
-              } finally {
-                $_SESSION['authReq'] = null;
-              }
-            }
-          }
-        }
-        ?>
-    </script>
-</head>
-<body>
-
-<form method="POST" id="form">
-    username: <input name="username" id="username"/><br/>
-    register: <input value="register" name="action" type="radio"/><br/>
-    authenticate: <input value="authenticate" name="action" type="radio"/><br/>
-    <input type="hidden" name="register2" id="register2"/>
-    <input type="hidden" name="authenticate2" id="authenticate2"/>
-    <button type="submit">Submit!</button>
-</form>
-
-</body>
-</html>
diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/phpunit.xml b/data/web/inc/lib/vendor/yubico/u2flib-server/phpunit.xml
deleted file mode 100644
index fa6f08e83..000000000
--- a/data/web/inc/lib/vendor/yubico/u2flib-server/phpunit.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<phpunit
-    colors="true">
-    <testsuite name="tests">
-        <directory suffix="test.php">tests</directory>
-    </testsuite>
-    <logging>
-        <log type="coverage-clover" target="build/logs/clover.xml"/>
-    </logging>
-</phpunit>
diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/psalm.xml b/data/web/inc/lib/vendor/yubico/u2flib-server/psalm.xml
deleted file mode 100644
index 6b6234cfb..000000000
--- a/data/web/inc/lib/vendor/yubico/u2flib-server/psalm.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<?xml version="1.0"?>
-<psalm
-    totallyTyped="false"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns="https://getpsalm.org/schema/config"
-    xsi:schemaLocation="https://getpsalm.org/schema/config file:///mnt/share/php-u2flib-server/vendor/vimeo/psalm/config.xsd"
->
-    <projectFiles>
-        <directory name="src" />
-        <ignoreFiles>
-            <directory name="vendor" />
-        </ignoreFiles>
-    </projectFiles>
-
-    <issueHandlers>
-        <LessSpecificReturnType errorLevel="info" />
-
-        <!-- level 3 issues - slightly lazy code writing, but provably low false-negatives -->
-
-        <DeprecatedMethod errorLevel="info" />
-        <DeprecatedProperty errorLevel="info" />
-        <DeprecatedClass errorLevel="info" />
-        <DeprecatedInterface errorLevel="info" />
-
-        <MissingClosureReturnType errorLevel="info" />
-        <MissingReturnType errorLevel="info" />
-        <MissingPropertyType errorLevel="info" />
-        <InvalidDocblock errorLevel="info" />
-        <MisplacedRequiredParam errorLevel="info" />
-
-        <PropertyNotSetInConstructor errorLevel="info" />
-        <MissingConstructor errorLevel="info" />
-        <MissingClosureParamType errorLevel="info" />
-        <MissingParamType errorLevel="info" />
-
-        <RedundantCondition errorLevel="info" />
-
-        <DocblockTypeContradiction errorLevel="suppress" />
-        <RedundantConditionGivenDocblockType errorLevel="suppress" />
-
-        <UnresolvableInclude errorLevel="info" />
-
-        <RawObjectIteration errorLevel="info" />
-
-        <!-- psalm seems to wrongly complain about this, set the errorLevel to info for now -->
-        <UndefinedConstant errorLevel="info" />
-    </issueHandlers>
-</psalm>
diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/src/u2flib_server/U2F.php b/data/web/inc/lib/vendor/yubico/u2flib-server/src/u2flib_server/U2F.php
deleted file mode 100644
index 8583fff2e..000000000
--- a/data/web/inc/lib/vendor/yubico/u2flib-server/src/u2flib_server/U2F.php
+++ /dev/null
@@ -1,563 +0,0 @@
-<?php
-/* Copyright (c) 2014 Yubico AB
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are
- * met:
- *
- *   * Redistributions of source code must retain the above copyright
- *     notice, this list of conditions and the following disclaimer.
- *
- *   * Redistributions in binary form must reproduce the above
- *     copyright notice, this list of conditions and the following
- *     disclaimer in the documentation and/or other materials provided
- *     with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-namespace u2flib_server;
-
-/** Constant for the version of the u2f protocol */
-const U2F_VERSION = "U2F_V2";
-
-/** Constant for the type value in registration clientData */
-const REQUEST_TYPE_REGISTER = "navigator.id.finishEnrollment";
-
-/** Constant for the type value in authentication clientData */
-const REQUEST_TYPE_AUTHENTICATE = "navigator.id.getAssertion";
-
-/** Error for the authentication message not matching any outstanding
- * authentication request */
-const ERR_NO_MATCHING_REQUEST = 1;
-
-/** Error for the authentication message not matching any registration */
-const ERR_NO_MATCHING_REGISTRATION = 2;
-
-/** Error for the signature on the authentication message not verifying with
- * the correct key */
-const ERR_AUTHENTICATION_FAILURE = 3;
-
-/** Error for the challenge in the registration message not matching the
- * registration challenge */
-const ERR_UNMATCHED_CHALLENGE = 4;
-
-/** Error for the attestation signature on the registration message not
- * verifying */
-const ERR_ATTESTATION_SIGNATURE = 5;
-
-/** Error for the attestation verification not verifying */
-const ERR_ATTESTATION_VERIFICATION = 6;
-
-/** Error for not getting good random from the system */
-const ERR_BAD_RANDOM = 7;
-
-/** Error when the counter is lower than expected */
-const ERR_COUNTER_TOO_LOW = 8;
-
-/** Error decoding public key */
-const ERR_PUBKEY_DECODE = 9;
-
-/** Error user-agent returned error */
-const ERR_BAD_UA_RETURNING = 10;
-
-/** Error old OpenSSL version */
-const ERR_OLD_OPENSSL = 11;
-
-/** Error for the origin not matching the appId */
-const ERR_NO_MATCHING_ORIGIN = 12;
-
-/** Error for the type in clientData being invalid */
-const ERR_BAD_TYPE = 13;
-
-/** Error for bad user presence byte value */
-const ERR_BAD_USER_PRESENCE = 14;
-
-/** @internal */
-const PUBKEY_LEN = 65;
-
-class U2F
-{
-    /** @var string  */
-    private $appId;
-
-    /** @var null|string */
-    private $attestDir;
-
-    /** @internal */
-    private $FIXCERTS = array(
-        '349bca1031f8c82c4ceca38b9cebf1a69df9fb3b94eed99eb3fb9aa3822d26e8',
-        'dd574527df608e47ae45fbba75a2afdd5c20fd94a02419381813cd55a2a3398f',
-        '1d8764f0f7cd1352df6150045c8f638e517270e8b5dda1c63ade9c2280240cae',
-        'd0edc9a91a1677435a953390865d208c55b3183c6759c9b5a7ff494c322558eb',
-        '6073c436dcd064a48127ddbf6032ac1a66fd59a0c24434f070d4e564c124c897',
-        'ca993121846c464d666096d35f13bf44c1b05af205f9b4a1e00cf6cc10c5e511'
-    );
-
-    /**
-     * @param string $appId Application id for the running application
-     * @param string|null $attestDir Directory where trusted attestation roots may be found
-     * @throws Error If OpenSSL older than 1.0.0 is used
-     */
-    public function __construct($appId, $attestDir = null)
-    {
-        if(OPENSSL_VERSION_NUMBER < 0x10000000) {
-            throw new Error('OpenSSL has to be at least version 1.0.0, this is ' . OPENSSL_VERSION_TEXT, ERR_OLD_OPENSSL);
-        }
-        $this->appId = $appId;
-        $this->attestDir = $attestDir;
-    }
-
-    /**
-     * Called to get a registration request to send to a user.
-     * Returns an array of one registration request and a array of sign requests.
-     *
-     * @param array $registrations List of current registrations for this
-     * user, to prevent the user from registering the same authenticator several
-     * times.
-     * @return array An array of two elements, the first containing a
-     * RegisterRequest the second being an array of SignRequest
-     * @throws Error
-     */
-    public function getRegisterData(array $registrations = array())
-    {
-        $challenge = $this->createChallenge();
-        $request = new RegisterRequest($challenge, $this->appId);
-        $signs = $this->getAuthenticateData($registrations);
-        return array($request, $signs);
-    }
-
-    /**
-     * Called to verify and unpack a registration message.
-     *
-     * @param RegisterRequest $request this is a reply to
-     * @param object $response response from a user
-     * @param bool $includeCert set to true if the attestation certificate should be
-     * included in the returned Registration object
-     * @return Registration
-     * @throws Error
-     */
-    public function doRegister($request, $response, $includeCert = true)
-    {
-        if( !is_object( $request ) ) {
-            throw new \InvalidArgumentException('$request of doRegister() method only accepts object.');
-        }
-
-        if( !is_object( $response ) ) {
-            throw new \InvalidArgumentException('$response of doRegister() method only accepts object.');
-        }
-
-        if( property_exists( $response, 'errorCode') && $response->errorCode !== 0 ) {
-            throw new Error('User-agent returned error. Error code: ' . $response->errorCode, ERR_BAD_UA_RETURNING );
-        }
-
-        if( !is_bool( $includeCert ) ) {
-            throw new \InvalidArgumentException('$include_cert of doRegister() method only accepts boolean.');
-        }
-
-        $rawReg = $this->base64u_decode($response->registrationData);
-        $regData = array_values(unpack('C*', $rawReg));
-        $clientData = $this->base64u_decode($response->clientData);
-        $cli = json_decode($clientData);
-
-        if($cli->challenge !== $request->challenge) {
-            throw new Error('Registration challenge does not match', ERR_UNMATCHED_CHALLENGE );
-        }
-
-        if(isset($cli->typ) && $cli->typ !== REQUEST_TYPE_REGISTER) {
-            throw new Error('ClientData type is invalid', ERR_BAD_TYPE);
-        }
-
-        if(isset($cli->origin) && $cli->origin !== $request->appId) {
-            throw new Error('App ID does not match the origin', ERR_NO_MATCHING_ORIGIN);
-        }
-
-        $registration = new Registration();
-        $offs = 1;
-        $pubKey = substr($rawReg, $offs, PUBKEY_LEN);
-        $offs += PUBKEY_LEN;
-        // decode the pubKey to make sure it's good
-        $tmpKey = $this->pubkey_to_pem($pubKey);
-        if($tmpKey === null) {
-            throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE );
-        }
-        $registration->publicKey = base64_encode($pubKey);
-        $khLen = $regData[$offs++];
-        $kh = substr($rawReg, $offs, $khLen);
-        $offs += $khLen;
-        $registration->keyHandle = $this->base64u_encode($kh);
-
-        // length of certificate is stored in byte 3 and 4 (excluding the first 4 bytes)
-        $certLen = 4;
-        $certLen += ($regData[$offs + 2] << 8);
-        $certLen += $regData[$offs + 3];
-
-        $rawCert = $this->fixSignatureUnusedBits(substr($rawReg, $offs, $certLen));
-        $offs += $certLen;
-        $pemCert  = "-----BEGIN CERTIFICATE-----\r\n";
-        $pemCert .= chunk_split(base64_encode($rawCert), 64);
-        $pemCert .= "-----END CERTIFICATE-----";
-        if($includeCert) {
-            $registration->certificate = base64_encode($rawCert);
-        }
-        if($this->attestDir) {
-            if(openssl_x509_checkpurpose($pemCert, -1, $this->get_certs()) !== true) {
-                throw new Error('Attestation certificate can not be validated', ERR_ATTESTATION_VERIFICATION );
-            }
-        }
-
-        if(!openssl_pkey_get_public($pemCert)) {
-            throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE );
-        }
-        $signature = substr($rawReg, $offs);
-
-        $dataToVerify  = pack('C', 0);
-        $dataToVerify .= hash('sha256', $request->appId, true);
-        $dataToVerify .= hash('sha256', $clientData, true);
-        $dataToVerify .= $kh;
-        $dataToVerify .= $pubKey;
-
-        if(openssl_verify($dataToVerify, $signature, $pemCert, 'sha256') === 1) {
-            return $registration;
-        } else {
-            throw new Error('Attestation signature does not match', ERR_ATTESTATION_SIGNATURE );
-        }
-    }
-
-    /**
-     * Called to get an authentication request.
-     *
-     * @param array $registrations An array of the registrations to create authentication requests for.
-     * @return array An array of SignRequest
-     * @throws Error
-     */
-    public function getAuthenticateData(array $registrations)
-    {
-        $sigs = array();
-        $challenge = $this->createChallenge();
-        foreach ($registrations as $reg) {
-            if( !is_object( $reg ) ) {
-                throw new \InvalidArgumentException('$registrations of getAuthenticateData() method only accepts array of object.');
-            }
-            /** @var Registration $reg */
-
-            $sig = new SignRequest();
-            $sig->appId = $this->appId;
-            $sig->keyHandle = $reg->keyHandle;
-            $sig->challenge = $challenge;
-            $sigs[] = $sig;
-        }
-        return $sigs;
-    }
-
-    /**
-     * Called to verify an authentication response
-     *
-     * @param array $requests An array of outstanding authentication requests
-     * @param array $registrations An array of current registrations
-     * @param object $response A response from the authenticator
-     * @return Registration
-     * @throws Error
-     *
-     * The Registration object returned on success contains an updated counter
-     * that should be saved for future authentications.
-     * If the Error returned is ERR_COUNTER_TOO_LOW this is an indication of
-     * token cloning or similar and appropriate action should be taken.
-     */
-    public function doAuthenticate(array $requests, array $registrations, $response)
-    {
-        if( !is_object( $response ) ) {
-            throw new \InvalidArgumentException('$response of doAuthenticate() method only accepts object.');
-        }
-
-        if( property_exists( $response, 'errorCode') && $response->errorCode !== 0 ) {
-            throw new Error('User-agent returned error. Error code: ' . $response->errorCode, ERR_BAD_UA_RETURNING );
-        }
-
-        /** @var object|null $req */
-        $req = null;
-
-        /** @var object|null $reg */
-        $reg = null;
-
-        $clientData = $this->base64u_decode($response->clientData);
-        $decodedClient = json_decode($clientData);
-
-        if(isset($decodedClient->typ) && $decodedClient->typ !== REQUEST_TYPE_AUTHENTICATE) {
-            throw new Error('ClientData type is invalid', ERR_BAD_TYPE);
-        }
-
-        foreach ($requests as $req) {
-            if( !is_object( $req ) ) {
-                throw new \InvalidArgumentException('$requests of doAuthenticate() method only accepts array of object.');
-            }
-
-            if($req->keyHandle === $response->keyHandle && $req->challenge === $decodedClient->challenge) {
-                break;
-            }
-
-            $req = null;
-        }
-        if($req === null) {
-            throw new Error('No matching request found', ERR_NO_MATCHING_REQUEST );
-        }
-        if(isset($decodedClient->origin) && $decodedClient->origin !== $req->appId) {
-            throw new Error('App ID does not match the origin', ERR_NO_MATCHING_ORIGIN);
-        }
-        foreach ($registrations as $reg) {
-            if( !is_object( $reg ) ) {
-                throw new \InvalidArgumentException('$registrations of doAuthenticate() method only accepts array of object.');
-            }
-
-            if($reg->keyHandle === $response->keyHandle) {
-                break;
-            }
-            $reg = null;
-        }
-        if($reg === null) {
-            throw new Error('No matching registration found', ERR_NO_MATCHING_REGISTRATION );
-        }
-        $pemKey = $this->pubkey_to_pem($this->base64u_decode($reg->publicKey));
-        if($pemKey === null) {
-            throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE );
-        }
-
-        $signData = $this->base64u_decode($response->signatureData);
-        $dataToVerify  = hash('sha256', $req->appId, true);
-        $dataToVerify .= substr($signData, 0, 5);
-        $dataToVerify .= hash('sha256', $clientData, true);
-        $signature = substr($signData, 5);
-
-        if(openssl_verify($dataToVerify, $signature, $pemKey, 'sha256') === 1) {
-            $upb = unpack("Cupb", substr($signData, 0, 1)); 
-            if($upb['upb'] !== 1) { 
-                throw new Error('User presence byte value is invalid', ERR_BAD_USER_PRESENCE );
-            }
-            $ctr = unpack("Nctr", substr($signData, 1, 4));
-            $counter = $ctr['ctr'];
-            /* TODO: wrap-around should be handled somehow.. */
-            if($counter > $reg->counter) {
-                $reg->counter = $counter;
-                return self::castObjectToRegistration($reg);
-            } else {
-                throw new Error('Counter too low.', ERR_COUNTER_TOO_LOW );
-            }
-        } else {
-            throw new Error('Authentication failed', ERR_AUTHENTICATION_FAILURE );
-        }
-    }
-
-    /**
-     * @param object $object
-     * @return Registration
-     */
-    protected static function castObjectToRegistration($object)
-    {
-        $reg = new Registration();
-        if (property_exists($object, 'publicKey')) {
-            $reg->publicKey = $object->publicKey;
-        }
-        if (property_exists($object, 'certificate')) {
-            $reg->certificate = $object->certificate;
-        }
-        if (property_exists($object, 'counter')) {
-            $reg->counter = $object->counter;
-        }
-        if (property_exists($object, 'keyHandle')) {
-            $reg->keyHandle = $object->keyHandle;
-        }
-        return $reg;
-    }
-
-    /**
-     * @return array
-     */
-    private function get_certs()
-    {
-        $files = array();
-        $dir = $this->attestDir;
-        if($dir !== null && is_dir($dir) && $handle = opendir($dir)) {
-            while(false !== ($entry = readdir($handle))) {
-                if(is_file("$dir/$entry")) {
-                    $files[] = "$dir/$entry";
-                }
-            }
-            closedir($handle);
-        } elseif (is_file("$dir")) {
-            $files[] = "$dir";
-        }
-        return $files;
-    }
-
-    /**
-     * @param string $data
-     * @return string
-     */
-    private function base64u_encode($data)
-    {
-        return trim(strtr(base64_encode($data), '+/', '-_'), '=');
-    }
-
-    /**
-     * @param string $data
-     * @return string
-     */
-    private function base64u_decode($data)
-    {
-        return base64_decode(strtr($data, '-_', '+/'));
-    }
-
-    /**
-     * @param string $key
-     * @return null|string
-     */
-    private function pubkey_to_pem($key)
-    {
-        if(strlen($key) !== PUBKEY_LEN || $key[0] !== "\x04") {
-            return null;
-        }
-
-        /*
-         * Convert the public key to binary DER format first
-         * Using the ECC SubjectPublicKeyInfo OIDs from RFC 5480
-         *
-         *  SEQUENCE(2 elem)                        30 59
-         *   SEQUENCE(2 elem)                       30 13
-         *    OID1.2.840.10045.2.1 (id-ecPublicKey) 06 07 2a 86 48 ce 3d 02 01
-         *    OID1.2.840.10045.3.1.7 (secp256r1)    06 08 2a 86 48 ce 3d 03 01 07
-         *   BIT STRING(520 bit)                    03 42 ..key..
-         */
-        $der  = "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01";
-        $der .= "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42";
-        $der .= "\0".$key;
-
-        $pem  = "-----BEGIN PUBLIC KEY-----\r\n";
-        $pem .= chunk_split(base64_encode($der), 64);
-        $pem .= "-----END PUBLIC KEY-----";
-
-        return $pem;
-    }
-
-    /**
-     * @return string
-     * @throws Error
-     */
-    private function createChallenge()
-    {
-        $challenge = random_bytes(32);
-        $challenge = $this->base64u_encode( $challenge );
-
-        return $challenge;
-    }
-
-    /**
-     * Fixes a certificate where the signature contains unused bits.
-     *
-     * @param string $cert
-     * @return mixed
-     */
-    private function fixSignatureUnusedBits($cert)
-    {
-        if(in_array(hash('sha256', $cert), $this->FIXCERTS, true)) {
-            $cert[strlen($cert) - 257] = "\0";
-        }
-        return $cert;
-    }
-}
-
-/**
- * Class for building a registration request
- *
- * @package u2flib_server
- */
-class RegisterRequest
-{
-    /** @var string Protocol version */
-    public $version = U2F_VERSION;
-
-    /** @var string Registration challenge */
-    public $challenge;
-
-    /** @var string Application id */
-    public $appId;
-
-    /**
-     * @param string $challenge
-     * @param string $appId
-     * @internal
-     */
-    public function __construct($challenge, $appId)
-    {
-        $this->challenge = $challenge;
-        $this->appId = $appId;
-    }
-}
-
-/**
- * Class for building up an authentication request
- *
- * @package u2flib_server
- */
-class SignRequest
-{
-    /** @var string Protocol version */
-    public $version = U2F_VERSION;
-
-    /** @var string Authentication challenge */
-    public $challenge = '';
-
-    /** @var string Key handle of a registered authenticator */
-    public $keyHandle = '';
-
-    /** @var string Application id */
-    public $appId = '';
-}
-
-/**
- * Class returned for successful registrations
- *
- * @package u2flib_server
- */
-class Registration
-{
-    /** @var string The key handle of the registered authenticator */
-    public $keyHandle = '';
-
-    /** @var string The public key of the registered authenticator */
-    public $publicKey = '';
-
-    /** @var string The attestation certificate of the registered authenticator */
-    public $certificate = '';
-
-    /** @var int The counter associated with this registration */
-    public $counter = -1;
-}
-
-/**
- * Error class, returned on errors
- *
- * @package u2flib_server
- */
-class Error extends \Exception
-{
-    /**
-     * Override constructor and make message and code mandatory
-     * @param string $message
-     * @param int $code
-     * @param \Exception|null $previous
-     */
-    public function __construct($message, $code, \Exception $previous = null) {
-        parent::__construct($message, $code, $previous);
-    }
-}

From cd3660a96d4cfb7158ede6a282378de23bbac98e Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 13 Mar 2023 09:02:32 +0100
Subject: [PATCH 043/755] [Web] add oauth2-keycloak lib

---
 data/web/inc/lib/composer.json                |    4 +-
 data/web/inc/lib/composer.lock                |  841 ++++++++-
 .../lib/vendor/composer/autoload_files.php    |    4 +
 .../inc/lib/vendor/composer/autoload_psr4.php |    8 +
 .../lib/vendor/composer/autoload_static.php   |   51 +
 .../inc/lib/vendor/composer/installed.json    |  875 ++++++++++
 .../web/inc/lib/vendor/composer/installed.php |  130 +-
 .../lib/vendor/composer/platform_check.php    |    4 +-
 .../inc/lib/vendor/firebase/php-jwt/LICENSE   |   30 +
 .../inc/lib/vendor/firebase/php-jwt/README.md |  289 ++++
 .../lib/vendor/firebase/php-jwt/composer.json |   36 +
 .../php-jwt/src/BeforeValidException.php      |    7 +
 .../firebase/php-jwt/src/ExpiredException.php |    7 +
 .../lib/vendor/firebase/php-jwt/src/JWK.php   |  172 ++
 .../lib/vendor/firebase/php-jwt/src/JWT.php   |  611 +++++++
 .../lib/vendor/firebase/php-jwt/src/Key.php   |   59 +
 .../php-jwt/src/SignatureInvalidException.php |    7 +
 .../lib/vendor/guzzlehttp/guzzle/CHANGELOG.md | 1519 +++++++++++++++++
 .../inc/lib/vendor/guzzlehttp/guzzle/LICENSE  |   27 +
 .../lib/vendor/guzzlehttp/guzzle/README.md    |   94 +
 .../lib/vendor/guzzlehttp/guzzle/UPGRADING.md | 1253 ++++++++++++++
 .../vendor/guzzlehttp/guzzle/composer.json    |  105 ++
 .../guzzlehttp/guzzle/src/BodySummarizer.php  |   28 +
 .../guzzle/src/BodySummarizerInterface.php    |   13 +
 .../vendor/guzzlehttp/guzzle/src/Client.php   |  477 ++++++
 .../guzzlehttp/guzzle/src/ClientInterface.php |   84 +
 .../guzzlehttp/guzzle/src/ClientTrait.php     |  241 +++
 .../guzzle/src/Cookie/CookieJar.php           |  317 ++++
 .../guzzle/src/Cookie/CookieJarInterface.php  |   79 +
 .../guzzle/src/Cookie/FileCookieJar.php       |  101 ++
 .../guzzle/src/Cookie/SessionCookieJar.php    |   77 +
 .../guzzle/src/Cookie/SetCookie.php           |  446 +++++
 .../src/Exception/BadResponseException.php    |   39 +
 .../guzzle/src/Exception/ClientException.php  |   10 +
 .../guzzle/src/Exception/ConnectException.php |   56 +
 .../guzzle/src/Exception/GuzzleException.php  |    9 +
 .../Exception/InvalidArgumentException.php    |    7 +
 .../guzzle/src/Exception/RequestException.php |  166 ++
 .../guzzle/src/Exception/ServerException.php  |   10 +
 .../Exception/TooManyRedirectsException.php   |    7 +
 .../src/Exception/TransferException.php       |    7 +
 .../guzzle/src/Handler/CurlFactory.php        |  595 +++++++
 .../src/Handler/CurlFactoryInterface.php      |   25 +
 .../guzzle/src/Handler/CurlHandler.php        |   49 +
 .../guzzle/src/Handler/CurlMultiHandler.php   |  262 +++
 .../guzzle/src/Handler/EasyHandle.php         |  112 ++
 .../guzzle/src/Handler/HeaderProcessor.php    |   42 +
 .../guzzle/src/Handler/MockHandler.php        |  211 +++
 .../guzzlehttp/guzzle/src/Handler/Proxy.php   |   51 +
 .../guzzle/src/Handler/StreamHandler.php      |  593 +++++++
 .../guzzlehttp/guzzle/src/HandlerStack.php    |  275 +++
 .../guzzle/src/MessageFormatter.php           |  198 +++
 .../guzzle/src/MessageFormatterInterface.php  |   18 +
 .../guzzlehttp/guzzle/src/Middleware.php      |  260 +++
 .../lib/vendor/guzzlehttp/guzzle/src/Pool.php |  125 ++
 .../guzzle/src/PrepareBodyMiddleware.php      |  104 ++
 .../guzzle/src/RedirectMiddleware.php         |  228 +++
 .../guzzlehttp/guzzle/src/RequestOptions.php  |  264 +++
 .../guzzlehttp/guzzle/src/RetryMiddleware.php |  116 ++
 .../guzzlehttp/guzzle/src/TransferStats.php   |  133 ++
 .../vendor/guzzlehttp/guzzle/src/Utils.php    |  385 +++++
 .../guzzlehttp/guzzle/src/functions.php       |  167 ++
 .../guzzle/src/functions_include.php          |    6 +
 .../vendor/guzzlehttp/promises/CHANGELOG.md   |  110 ++
 .../lib/vendor/guzzlehttp/promises/LICENSE    |   24 +
 .../lib/vendor/guzzlehttp/promises/README.md  |  546 ++++++
 .../vendor/guzzlehttp/promises/composer.json  |   58 +
 .../promises/src/AggregateException.php       |   17 +
 .../promises/src/CancellationException.php    |   10 +
 .../guzzlehttp/promises/src/Coroutine.php     |  169 ++
 .../vendor/guzzlehttp/promises/src/Create.php |   84 +
 .../vendor/guzzlehttp/promises/src/Each.php   |   90 +
 .../guzzlehttp/promises/src/EachPromise.php   |  247 +++
 .../promises/src/FulfilledPromise.php         |   84 +
 .../lib/vendor/guzzlehttp/promises/src/Is.php |   46 +
 .../guzzlehttp/promises/src/Promise.php       |  278 +++
 .../promises/src/PromiseInterface.php         |   97 ++
 .../promises/src/PromisorInterface.php        |   16 +
 .../promises/src/RejectedPromise.php          |   91 +
 .../promises/src/RejectionException.php       |   48 +
 .../guzzlehttp/promises/src/TaskQueue.php     |   67 +
 .../promises/src/TaskQueueInterface.php       |   24 +
 .../vendor/guzzlehttp/promises/src/Utils.php  |  276 +++
 .../guzzlehttp/promises/src/functions.php     |  363 ++++
 .../promises/src/functions_include.php        |    6 +
 .../lib/vendor/guzzlehttp/psr7/CHANGELOG.md   |  402 +++++
 .../inc/lib/vendor/guzzlehttp/psr7/LICENSE    |   26 +
 .../inc/lib/vendor/guzzlehttp/psr7/README.md  |  880 ++++++++++
 .../lib/vendor/guzzlehttp/psr7/composer.json  |   96 ++
 .../guzzlehttp/psr7/src/AppendStream.php      |  248 +++
 .../guzzlehttp/psr7/src/BufferStream.php      |  149 ++
 .../guzzlehttp/psr7/src/CachingStream.php     |  153 ++
 .../guzzlehttp/psr7/src/DroppingStream.php    |   49 +
 .../src/Exception/MalformedUriException.php   |   14 +
 .../vendor/guzzlehttp/psr7/src/FnStream.php   |  180 ++
 .../lib/vendor/guzzlehttp/psr7/src/Header.php |  134 ++
 .../guzzlehttp/psr7/src/HttpFactory.php       |  100 ++
 .../guzzlehttp/psr7/src/InflateStream.php     |   37 +
 .../guzzlehttp/psr7/src/LazyOpenStream.php    |   49 +
 .../guzzlehttp/psr7/src/LimitStream.php       |  157 ++
 .../vendor/guzzlehttp/psr7/src/Message.php    |  246 +++
 .../guzzlehttp/psr7/src/MessageTrait.php      |  264 +++
 .../vendor/guzzlehttp/psr7/src/MimeType.php   | 1237 ++++++++++++++
 .../guzzlehttp/psr7/src/MultipartStream.php   |  159 ++
 .../guzzlehttp/psr7/src/NoSeekStream.php      |   28 +
 .../vendor/guzzlehttp/psr7/src/PumpStream.php |  179 ++
 .../lib/vendor/guzzlehttp/psr7/src/Query.php  |  113 ++
 .../vendor/guzzlehttp/psr7/src/Request.php    |  157 ++
 .../vendor/guzzlehttp/psr7/src/Response.php   |  160 ++
 .../vendor/guzzlehttp/psr7/src/Rfc7230.php    |   23 +
 .../guzzlehttp/psr7/src/ServerRequest.php     |  344 ++++
 .../lib/vendor/guzzlehttp/psr7/src/Stream.php |  282 +++
 .../psr7/src/StreamDecoratorTrait.php         |  155 ++
 .../guzzlehttp/psr7/src/StreamWrapper.php     |  175 ++
 .../guzzlehttp/psr7/src/UploadedFile.php      |  211 +++
 .../lib/vendor/guzzlehttp/psr7/src/Uri.php    |  740 ++++++++
 .../guzzlehttp/psr7/src/UriComparator.php     |   52 +
 .../guzzlehttp/psr7/src/UriNormalizer.php     |  220 +++
 .../guzzlehttp/psr7/src/UriResolver.php       |  211 +++
 .../lib/vendor/guzzlehttp/psr7/src/Utils.php  |  459 +++++
 .../lib/vendor/league/oauth2-client/LICENSE   |   21 +
 .../lib/vendor/league/oauth2-client/README.md |   58 +
 .../vendor/league/oauth2-client/composer.json |   58 +
 .../oauth2-client/src/Grant/AbstractGrant.php |   80 +
 .../src/Grant/AuthorizationCode.php           |   41 +
 .../src/Grant/ClientCredentials.php           |   39 +
 .../Grant/Exception/InvalidGrantException.php |   26 +
 .../oauth2-client/src/Grant/GrantFactory.php  |  104 ++
 .../oauth2-client/src/Grant/Password.php      |   42 +
 .../oauth2-client/src/Grant/RefreshToken.php  |   41 +
 .../HttpBasicAuthOptionProvider.php           |   42 +
 .../OptionProviderInterface.php               |   30 +
 .../OptionProvider/PostAuthOptionProvider.php |   51 +
 .../src/Provider/AbstractProvider.php         |  843 +++++++++
 .../Exception/IdentityProviderException.php   |   48 +
 .../src/Provider/GenericProvider.php          |  233 +++
 .../src/Provider/GenericResourceOwner.php     |   61 +
 .../src/Provider/ResourceOwnerInterface.php   |   36 +
 .../oauth2-client/src/Token/AccessToken.php   |  243 +++
 .../src/Token/AccessTokenInterface.php        |   74 +
 .../ResourceOwnerAccessTokenInterface.php     |   25 +
 .../src/Tool/ArrayAccessorTrait.php           |   52 +
 .../src/Tool/BearerAuthorizationTrait.php     |   36 +
 .../src/Tool/GuardedPropertyTrait.php         |   70 +
 .../src/Tool/MacAuthorizationTrait.php        |   83 +
 .../src/Tool/ProviderRedirectTrait.php        |  122 ++
 .../src/Tool/QueryBuilderTrait.php            |   33 +
 .../oauth2-client/src/Tool/RequestFactory.php |   87 +
 .../src/Tool/RequiredParameterTrait.php       |   56 +
 .../vendor/paragonie/random_compat/LICENSE    |   22 +
 .../paragonie/random_compat/build-phar.sh     |    5 +
 .../paragonie/random_compat/composer.json     |   34 +
 .../dist/random_compat.phar.pubkey            |    5 +
 .../dist/random_compat.phar.pubkey.asc        |   11 +
 .../paragonie/random_compat/lib/random.php    |   32 +
 .../random_compat/other/build_phar.php        |   57 +
 .../random_compat/psalm-autoload.php          |    9 +
 .../vendor/paragonie/random_compat/psalm.xml  |   19 +
 .../lib/vendor/psr/http-client/CHANGELOG.md   |   23 +
 .../inc/lib/vendor/psr/http-client/LICENSE    |   19 +
 .../inc/lib/vendor/psr/http-client/README.md  |   12 +
 .../lib/vendor/psr/http-client/composer.json  |   27 +
 .../src/ClientExceptionInterface.php          |   10 +
 .../psr/http-client/src/ClientInterface.php   |   20 +
 .../src/NetworkExceptionInterface.php         |   24 +
 .../src/RequestExceptionInterface.php         |   24 +
 .../lib/vendor/psr/http-factory/.gitignore    |    2 +
 .../vendor/psr/http-factory/.pullapprove.yml  |    7 +
 .../inc/lib/vendor/psr/http-factory/LICENSE   |   21 +
 .../inc/lib/vendor/psr/http-factory/README.md |   10 +
 .../lib/vendor/psr/http-factory/composer.json |   35 +
 .../src/RequestFactoryInterface.php           |   18 +
 .../src/ResponseFactoryInterface.php          |   18 +
 .../src/ServerRequestFactoryInterface.php     |   24 +
 .../src/StreamFactoryInterface.php            |   45 +
 .../src/UploadedFileFactoryInterface.php      |   34 +
 .../http-factory/src/UriFactoryInterface.php  |   17 +
 .../lib/vendor/psr/http-message/CHANGELOG.md  |   36 +
 .../inc/lib/vendor/psr/http-message/LICENSE   |   19 +
 .../inc/lib/vendor/psr/http-message/README.md |   13 +
 .../lib/vendor/psr/http-message/composer.json |   26 +
 .../psr/http-message/src/MessageInterface.php |  187 ++
 .../psr/http-message/src/RequestInterface.php |  129 ++
 .../http-message/src/ResponseInterface.php    |   68 +
 .../src/ServerRequestInterface.php            |  261 +++
 .../psr/http-message/src/StreamInterface.php  |  158 ++
 .../src/UploadedFileInterface.php             |  123 ++
 .../psr/http-message/src/UriInterface.php     |  323 ++++
 .../vendor/ralouphie/getallheaders/LICENSE    |   21 +
 .../vendor/ralouphie/getallheaders/README.md  |   27 +
 .../ralouphie/getallheaders/composer.json     |   26 +
 .../getallheaders/src/getallheaders.php       |   46 +
 .../stevenmaguire/oauth2-keycloak/.gitignore  |    4 +
 .../oauth2-keycloak/.scrutinizer.yml          |   35 +
 .../stevenmaguire/oauth2-keycloak/.travis.yml |   26 +
 .../oauth2-keycloak/CHANGELOG.md              |   74 +
 .../oauth2-keycloak/CONTRIBUTING.md           |   42 +
 .../stevenmaguire/oauth2-keycloak/LICENSE     |   21 +
 .../stevenmaguire/oauth2-keycloak/README.md   |  175 ++
 .../oauth2-keycloak/composer.json             |   44 +
 .../oauth2-keycloak/examples/index.php        |   53 +
 .../oauth2-keycloak/phpunit.xml.dist          |   38 +
 .../EncryptionConfigurationException.php      |   22 +
 .../oauth2-keycloak/src/Provider/Keycloak.php |  387 +++++
 .../src/Provider/KeycloakResourceOwner.php    |   65 +
 .../test/src/Provider/KeycloakTest.php        |  306 ++++
 .../deprecation-contracts/CHANGELOG.md        |    5 +
 .../symfony/deprecation-contracts/LICENSE     |   19 +
 .../symfony/deprecation-contracts/README.md   |   26 +
 .../deprecation-contracts/composer.json       |   35 +
 .../deprecation-contracts/function.php        |   27 +
 211 files changed, 29545 insertions(+), 7 deletions(-)
 create mode 100644 data/web/inc/lib/vendor/firebase/php-jwt/LICENSE
 create mode 100644 data/web/inc/lib/vendor/firebase/php-jwt/README.md
 create mode 100644 data/web/inc/lib/vendor/firebase/php-jwt/composer.json
 create mode 100644 data/web/inc/lib/vendor/firebase/php-jwt/src/BeforeValidException.php
 create mode 100644 data/web/inc/lib/vendor/firebase/php-jwt/src/ExpiredException.php
 create mode 100644 data/web/inc/lib/vendor/firebase/php-jwt/src/JWK.php
 create mode 100644 data/web/inc/lib/vendor/firebase/php-jwt/src/JWT.php
 create mode 100644 data/web/inc/lib/vendor/firebase/php-jwt/src/Key.php
 create mode 100644 data/web/inc/lib/vendor/firebase/php-jwt/src/SignatureInvalidException.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/CHANGELOG.md
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/LICENSE
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/README.md
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/UPGRADING.md
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/composer.json
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/BodySummarizer.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/BodySummarizerInterface.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Client.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/ClientInterface.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/ClientTrait.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Cookie/CookieJar.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Cookie/CookieJarInterface.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Cookie/FileCookieJar.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Cookie/SessionCookieJar.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Cookie/SetCookie.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/BadResponseException.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/ClientException.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/ConnectException.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/GuzzleException.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/InvalidArgumentException.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/ServerException.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/TooManyRedirectsException.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/TransferException.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/CurlFactoryInterface.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/CurlHandler.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/CurlMultiHandler.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/EasyHandle.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/HeaderProcessor.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/MockHandler.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/Proxy.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/StreamHandler.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/HandlerStack.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/MessageFormatter.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/MessageFormatterInterface.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Middleware.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Pool.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/RedirectMiddleware.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/RequestOptions.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/RetryMiddleware.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/TransferStats.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Utils.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/functions.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/guzzle/src/functions_include.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/promises/CHANGELOG.md
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/promises/LICENSE
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/promises/README.md
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/promises/composer.json
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/promises/src/AggregateException.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/promises/src/CancellationException.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/promises/src/Coroutine.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/promises/src/Create.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/promises/src/Each.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/promises/src/EachPromise.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/promises/src/FulfilledPromise.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/promises/src/Is.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/promises/src/Promise.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/promises/src/PromiseInterface.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/promises/src/PromisorInterface.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/promises/src/RejectedPromise.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/promises/src/RejectionException.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/promises/src/TaskQueue.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/promises/src/TaskQueueInterface.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/promises/src/Utils.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/promises/src/functions.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/promises/src/functions_include.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/CHANGELOG.md
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/LICENSE
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/README.md
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/composer.json
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/AppendStream.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/BufferStream.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/CachingStream.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/DroppingStream.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/Exception/MalformedUriException.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/FnStream.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/Header.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/HttpFactory.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/InflateStream.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/LazyOpenStream.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/LimitStream.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/Message.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/MessageTrait.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/MimeType.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/MultipartStream.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/NoSeekStream.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/PumpStream.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/Query.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/Request.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/Response.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/Rfc7230.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/ServerRequest.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/Stream.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/StreamDecoratorTrait.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/StreamWrapper.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/UploadedFile.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/Uri.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/UriComparator.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/UriNormalizer.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/UriResolver.php
 create mode 100644 data/web/inc/lib/vendor/guzzlehttp/psr7/src/Utils.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/LICENSE
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/README.md
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/composer.json
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/Grant/AbstractGrant.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/Grant/AuthorizationCode.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/Grant/ClientCredentials.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/Grant/Exception/InvalidGrantException.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/Grant/GrantFactory.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/Grant/Password.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/Grant/RefreshToken.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/OptionProvider/HttpBasicAuthOptionProvider.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/OptionProvider/OptionProviderInterface.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/OptionProvider/PostAuthOptionProvider.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/Provider/AbstractProvider.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/Provider/Exception/IdentityProviderException.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/Provider/GenericProvider.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/Provider/GenericResourceOwner.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/Provider/ResourceOwnerInterface.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/Token/AccessToken.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/Token/AccessTokenInterface.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/Token/ResourceOwnerAccessTokenInterface.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/Tool/ArrayAccessorTrait.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/Tool/BearerAuthorizationTrait.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/Tool/GuardedPropertyTrait.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/Tool/MacAuthorizationTrait.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/Tool/ProviderRedirectTrait.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/Tool/QueryBuilderTrait.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/Tool/RequestFactory.php
 create mode 100644 data/web/inc/lib/vendor/league/oauth2-client/src/Tool/RequiredParameterTrait.php
 create mode 100644 data/web/inc/lib/vendor/paragonie/random_compat/LICENSE
 create mode 100755 data/web/inc/lib/vendor/paragonie/random_compat/build-phar.sh
 create mode 100644 data/web/inc/lib/vendor/paragonie/random_compat/composer.json
 create mode 100644 data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey
 create mode 100644 data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey.asc
 create mode 100644 data/web/inc/lib/vendor/paragonie/random_compat/lib/random.php
 create mode 100644 data/web/inc/lib/vendor/paragonie/random_compat/other/build_phar.php
 create mode 100644 data/web/inc/lib/vendor/paragonie/random_compat/psalm-autoload.php
 create mode 100644 data/web/inc/lib/vendor/paragonie/random_compat/psalm.xml
 create mode 100644 data/web/inc/lib/vendor/psr/http-client/CHANGELOG.md
 create mode 100644 data/web/inc/lib/vendor/psr/http-client/LICENSE
 create mode 100644 data/web/inc/lib/vendor/psr/http-client/README.md
 create mode 100644 data/web/inc/lib/vendor/psr/http-client/composer.json
 create mode 100644 data/web/inc/lib/vendor/psr/http-client/src/ClientExceptionInterface.php
 create mode 100644 data/web/inc/lib/vendor/psr/http-client/src/ClientInterface.php
 create mode 100644 data/web/inc/lib/vendor/psr/http-client/src/NetworkExceptionInterface.php
 create mode 100644 data/web/inc/lib/vendor/psr/http-client/src/RequestExceptionInterface.php
 create mode 100644 data/web/inc/lib/vendor/psr/http-factory/.gitignore
 create mode 100644 data/web/inc/lib/vendor/psr/http-factory/.pullapprove.yml
 create mode 100644 data/web/inc/lib/vendor/psr/http-factory/LICENSE
 create mode 100644 data/web/inc/lib/vendor/psr/http-factory/README.md
 create mode 100644 data/web/inc/lib/vendor/psr/http-factory/composer.json
 create mode 100644 data/web/inc/lib/vendor/psr/http-factory/src/RequestFactoryInterface.php
 create mode 100644 data/web/inc/lib/vendor/psr/http-factory/src/ResponseFactoryInterface.php
 create mode 100644 data/web/inc/lib/vendor/psr/http-factory/src/ServerRequestFactoryInterface.php
 create mode 100644 data/web/inc/lib/vendor/psr/http-factory/src/StreamFactoryInterface.php
 create mode 100644 data/web/inc/lib/vendor/psr/http-factory/src/UploadedFileFactoryInterface.php
 create mode 100644 data/web/inc/lib/vendor/psr/http-factory/src/UriFactoryInterface.php
 create mode 100644 data/web/inc/lib/vendor/psr/http-message/CHANGELOG.md
 create mode 100644 data/web/inc/lib/vendor/psr/http-message/LICENSE
 create mode 100644 data/web/inc/lib/vendor/psr/http-message/README.md
 create mode 100644 data/web/inc/lib/vendor/psr/http-message/composer.json
 create mode 100644 data/web/inc/lib/vendor/psr/http-message/src/MessageInterface.php
 create mode 100644 data/web/inc/lib/vendor/psr/http-message/src/RequestInterface.php
 create mode 100644 data/web/inc/lib/vendor/psr/http-message/src/ResponseInterface.php
 create mode 100644 data/web/inc/lib/vendor/psr/http-message/src/ServerRequestInterface.php
 create mode 100644 data/web/inc/lib/vendor/psr/http-message/src/StreamInterface.php
 create mode 100644 data/web/inc/lib/vendor/psr/http-message/src/UploadedFileInterface.php
 create mode 100644 data/web/inc/lib/vendor/psr/http-message/src/UriInterface.php
 create mode 100644 data/web/inc/lib/vendor/ralouphie/getallheaders/LICENSE
 create mode 100644 data/web/inc/lib/vendor/ralouphie/getallheaders/README.md
 create mode 100644 data/web/inc/lib/vendor/ralouphie/getallheaders/composer.json
 create mode 100644 data/web/inc/lib/vendor/ralouphie/getallheaders/src/getallheaders.php
 create mode 100644 data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/.gitignore
 create mode 100644 data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/.scrutinizer.yml
 create mode 100644 data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/.travis.yml
 create mode 100644 data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/CHANGELOG.md
 create mode 100644 data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/CONTRIBUTING.md
 create mode 100644 data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/LICENSE
 create mode 100644 data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/README.md
 create mode 100644 data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/composer.json
 create mode 100644 data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/examples/index.php
 create mode 100644 data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/phpunit.xml.dist
 create mode 100644 data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/src/Provider/Exception/EncryptionConfigurationException.php
 create mode 100644 data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/src/Provider/Keycloak.php
 create mode 100644 data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/src/Provider/KeycloakResourceOwner.php
 create mode 100644 data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/test/src/Provider/KeycloakTest.php
 create mode 100644 data/web/inc/lib/vendor/symfony/deprecation-contracts/CHANGELOG.md
 create mode 100644 data/web/inc/lib/vendor/symfony/deprecation-contracts/LICENSE
 create mode 100644 data/web/inc/lib/vendor/symfony/deprecation-contracts/README.md
 create mode 100644 data/web/inc/lib/vendor/symfony/deprecation-contracts/composer.json
 create mode 100644 data/web/inc/lib/vendor/symfony/deprecation-contracts/function.php

diff --git a/data/web/inc/lib/composer.json b/data/web/inc/lib/composer.json
index 78033ec9b..cc1fc7dd4 100644
--- a/data/web/inc/lib/composer.json
+++ b/data/web/inc/lib/composer.json
@@ -1,7 +1,6 @@
 {
     "require": {
         "robthree/twofactorauth": "^1.6",
-        "yubico/u2flib-server": "^1.0",
         "phpmailer/phpmailer": "^6.1",
         "php-mime-mail-parser/php-mime-mail-parser": "^7",
         "soundasleep/html2text": "^0.5.0",
@@ -10,6 +9,7 @@
         "bshaffer/oauth2-server-php": "^1.11",
         "mustangostang/spyc": "^0.6.3",
         "directorytree/ldaprecord": "^2.4",
-        "twig/twig": "^3.0"
+        "twig/twig": "^3.0",
+        "stevenmaguire/oauth2-keycloak": "^3.2"
     }
 }
diff --git a/data/web/inc/lib/composer.lock b/data/web/inc/lib/composer.lock
index 7be7a7d43..c03fe1c29 100644
--- a/data/web/inc/lib/composer.lock
+++ b/data/web/inc/lib/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "6c4a1dce9b5f22b95c5cd87ecf0eb333",
+    "content-hash": "65fe6638523a3a93c55e67a061725223",
     "packages": [
         {
             "name": "bshaffer/oauth2-server-php",
@@ -216,6 +216,394 @@
             ],
             "time": "2022-02-25T16:00:51+00:00"
         },
+        {
+            "name": "firebase/php-jwt",
+            "version": "v5.5.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/firebase/php-jwt.git",
+                "reference": "83b609028194aa042ea33b5af2d41a7427de80e6"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/firebase/php-jwt/zipball/83b609028194aa042ea33b5af2d41a7427de80e6",
+                "reference": "83b609028194aa042ea33b5af2d41a7427de80e6",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.3.0"
+            },
+            "require-dev": {
+                "phpunit/phpunit": ">=4.8 <=9"
+            },
+            "suggest": {
+                "paragonie/sodium_compat": "Support EdDSA (Ed25519) signatures when libsodium is not present"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Firebase\\JWT\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "BSD-3-Clause"
+            ],
+            "authors": [
+                {
+                    "name": "Neuman Vong",
+                    "email": "neuman+pear@twilio.com",
+                    "role": "Developer"
+                },
+                {
+                    "name": "Anant Narayanan",
+                    "email": "anant@php.net",
+                    "role": "Developer"
+                }
+            ],
+            "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.",
+            "homepage": "https://github.com/firebase/php-jwt",
+            "keywords": [
+                "jwt",
+                "php"
+            ],
+            "support": {
+                "issues": "https://github.com/firebase/php-jwt/issues",
+                "source": "https://github.com/firebase/php-jwt/tree/v5.5.1"
+            },
+            "time": "2021-11-08T20:18:51+00:00"
+        },
+        {
+            "name": "guzzlehttp/guzzle",
+            "version": "7.5.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/guzzle/guzzle.git",
+                "reference": "b50a2a1251152e43f6a37f0fa053e730a67d25ba"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b50a2a1251152e43f6a37f0fa053e730a67d25ba",
+                "reference": "b50a2a1251152e43f6a37f0fa053e730a67d25ba",
+                "shasum": ""
+            },
+            "require": {
+                "ext-json": "*",
+                "guzzlehttp/promises": "^1.5",
+                "guzzlehttp/psr7": "^1.9 || ^2.4",
+                "php": "^7.2.5 || ^8.0",
+                "psr/http-client": "^1.0",
+                "symfony/deprecation-contracts": "^2.2 || ^3.0"
+            },
+            "provide": {
+                "psr/http-client-implementation": "1.0"
+            },
+            "require-dev": {
+                "bamarni/composer-bin-plugin": "^1.8.1",
+                "ext-curl": "*",
+                "php-http/client-integration-tests": "^3.0",
+                "phpunit/phpunit": "^8.5.29 || ^9.5.23",
+                "psr/log": "^1.1 || ^2.0 || ^3.0"
+            },
+            "suggest": {
+                "ext-curl": "Required for CURL handler support",
+                "ext-intl": "Required for Internationalized Domain Name (IDN) support",
+                "psr/log": "Required for using the Log middleware"
+            },
+            "type": "library",
+            "extra": {
+                "bamarni-bin": {
+                    "bin-links": true,
+                    "forward-command": false
+                },
+                "branch-alias": {
+                    "dev-master": "7.5-dev"
+                }
+            },
+            "autoload": {
+                "files": [
+                    "src/functions_include.php"
+                ],
+                "psr-4": {
+                    "GuzzleHttp\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Graham Campbell",
+                    "email": "hello@gjcampbell.co.uk",
+                    "homepage": "https://github.com/GrahamCampbell"
+                },
+                {
+                    "name": "Michael Dowling",
+                    "email": "mtdowling@gmail.com",
+                    "homepage": "https://github.com/mtdowling"
+                },
+                {
+                    "name": "Jeremy Lindblom",
+                    "email": "jeremeamia@gmail.com",
+                    "homepage": "https://github.com/jeremeamia"
+                },
+                {
+                    "name": "George Mponos",
+                    "email": "gmponos@gmail.com",
+                    "homepage": "https://github.com/gmponos"
+                },
+                {
+                    "name": "Tobias Nyholm",
+                    "email": "tobias.nyholm@gmail.com",
+                    "homepage": "https://github.com/Nyholm"
+                },
+                {
+                    "name": "Márk Sági-Kazár",
+                    "email": "mark.sagikazar@gmail.com",
+                    "homepage": "https://github.com/sagikazarmark"
+                },
+                {
+                    "name": "Tobias Schultze",
+                    "email": "webmaster@tubo-world.de",
+                    "homepage": "https://github.com/Tobion"
+                }
+            ],
+            "description": "Guzzle is a PHP HTTP client library",
+            "keywords": [
+                "client",
+                "curl",
+                "framework",
+                "http",
+                "http client",
+                "psr-18",
+                "psr-7",
+                "rest",
+                "web service"
+            ],
+            "support": {
+                "issues": "https://github.com/guzzle/guzzle/issues",
+                "source": "https://github.com/guzzle/guzzle/tree/7.5.0"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/GrahamCampbell",
+                    "type": "github"
+                },
+                {
+                    "url": "https://github.com/Nyholm",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/guzzle",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2022-08-28T15:39:27+00:00"
+        },
+        {
+            "name": "guzzlehttp/promises",
+            "version": "1.5.2",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/guzzle/promises.git",
+                "reference": "b94b2807d85443f9719887892882d0329d1e2598"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/b94b2807d85443f9719887892882d0329d1e2598",
+                "reference": "b94b2807d85443f9719887892882d0329d1e2598",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.5"
+            },
+            "require-dev": {
+                "symfony/phpunit-bridge": "^4.4 || ^5.1"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.5-dev"
+                }
+            },
+            "autoload": {
+                "files": [
+                    "src/functions_include.php"
+                ],
+                "psr-4": {
+                    "GuzzleHttp\\Promise\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Graham Campbell",
+                    "email": "hello@gjcampbell.co.uk",
+                    "homepage": "https://github.com/GrahamCampbell"
+                },
+                {
+                    "name": "Michael Dowling",
+                    "email": "mtdowling@gmail.com",
+                    "homepage": "https://github.com/mtdowling"
+                },
+                {
+                    "name": "Tobias Nyholm",
+                    "email": "tobias.nyholm@gmail.com",
+                    "homepage": "https://github.com/Nyholm"
+                },
+                {
+                    "name": "Tobias Schultze",
+                    "email": "webmaster@tubo-world.de",
+                    "homepage": "https://github.com/Tobion"
+                }
+            ],
+            "description": "Guzzle promises library",
+            "keywords": [
+                "promise"
+            ],
+            "support": {
+                "issues": "https://github.com/guzzle/promises/issues",
+                "source": "https://github.com/guzzle/promises/tree/1.5.2"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/GrahamCampbell",
+                    "type": "github"
+                },
+                {
+                    "url": "https://github.com/Nyholm",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/promises",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2022-08-28T14:55:35+00:00"
+        },
+        {
+            "name": "guzzlehttp/psr7",
+            "version": "2.4.4",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/guzzle/psr7.git",
+                "reference": "3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf",
+                "reference": "3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.2.5 || ^8.0",
+                "psr/http-factory": "^1.0",
+                "psr/http-message": "^1.0",
+                "ralouphie/getallheaders": "^3.0"
+            },
+            "provide": {
+                "psr/http-factory-implementation": "1.0",
+                "psr/http-message-implementation": "1.0"
+            },
+            "require-dev": {
+                "bamarni/composer-bin-plugin": "^1.8.1",
+                "http-interop/http-factory-tests": "^0.9",
+                "phpunit/phpunit": "^8.5.29 || ^9.5.23"
+            },
+            "suggest": {
+                "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
+            },
+            "type": "library",
+            "extra": {
+                "bamarni-bin": {
+                    "bin-links": true,
+                    "forward-command": false
+                },
+                "branch-alias": {
+                    "dev-master": "2.4-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "GuzzleHttp\\Psr7\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Graham Campbell",
+                    "email": "hello@gjcampbell.co.uk",
+                    "homepage": "https://github.com/GrahamCampbell"
+                },
+                {
+                    "name": "Michael Dowling",
+                    "email": "mtdowling@gmail.com",
+                    "homepage": "https://github.com/mtdowling"
+                },
+                {
+                    "name": "George Mponos",
+                    "email": "gmponos@gmail.com",
+                    "homepage": "https://github.com/gmponos"
+                },
+                {
+                    "name": "Tobias Nyholm",
+                    "email": "tobias.nyholm@gmail.com",
+                    "homepage": "https://github.com/Nyholm"
+                },
+                {
+                    "name": "Márk Sági-Kazár",
+                    "email": "mark.sagikazar@gmail.com",
+                    "homepage": "https://github.com/sagikazarmark"
+                },
+                {
+                    "name": "Tobias Schultze",
+                    "email": "webmaster@tubo-world.de",
+                    "homepage": "https://github.com/Tobion"
+                },
+                {
+                    "name": "Márk Sági-Kazár",
+                    "email": "mark.sagikazar@gmail.com",
+                    "homepage": "https://sagikazarmark.hu"
+                }
+            ],
+            "description": "PSR-7 message implementation that also provides common utility methods",
+            "keywords": [
+                "http",
+                "message",
+                "psr-7",
+                "request",
+                "response",
+                "stream",
+                "uri",
+                "url"
+            ],
+            "support": {
+                "issues": "https://github.com/guzzle/psr7/issues",
+                "source": "https://github.com/guzzle/psr7/tree/2.4.4"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/GrahamCampbell",
+                    "type": "github"
+                },
+                {
+                    "url": "https://github.com/Nyholm",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/psr7",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2023-03-09T13:19:02+00:00"
+        },
         {
             "name": "illuminate/contracts",
             "version": "v9.3.0",
@@ -264,6 +652,76 @@
             },
             "time": "2022-02-22T14:45:39+00:00"
         },
+        {
+            "name": "league/oauth2-client",
+            "version": "2.6.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/thephpleague/oauth2-client.git",
+                "reference": "2334c249907190c132364f5dae0287ab8666aa19"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/thephpleague/oauth2-client/zipball/2334c249907190c132364f5dae0287ab8666aa19",
+                "reference": "2334c249907190c132364f5dae0287ab8666aa19",
+                "shasum": ""
+            },
+            "require": {
+                "guzzlehttp/guzzle": "^6.0 || ^7.0",
+                "paragonie/random_compat": "^1 || ^2 || ^9.99",
+                "php": "^5.6 || ^7.0 || ^8.0"
+            },
+            "require-dev": {
+                "mockery/mockery": "^1.3.5",
+                "php-parallel-lint/php-parallel-lint": "^1.3.1",
+                "phpunit/phpunit": "^5.7 || ^6.0 || ^9.5",
+                "squizlabs/php_codesniffer": "^2.3 || ^3.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-2.x": "2.0.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "League\\OAuth2\\Client\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Alex Bilbie",
+                    "email": "hello@alexbilbie.com",
+                    "homepage": "http://www.alexbilbie.com",
+                    "role": "Developer"
+                },
+                {
+                    "name": "Woody Gilk",
+                    "homepage": "https://github.com/shadowhand",
+                    "role": "Contributor"
+                }
+            ],
+            "description": "OAuth 2.0 Client Library",
+            "keywords": [
+                "Authentication",
+                "SSO",
+                "authorization",
+                "identity",
+                "idp",
+                "oauth",
+                "oauth2",
+                "single sign on"
+            ],
+            "support": {
+                "issues": "https://github.com/thephpleague/oauth2-client/issues",
+                "source": "https://github.com/thephpleague/oauth2-client/tree/2.6.1"
+            },
+            "time": "2021-12-22T16:42:49+00:00"
+        },
         {
             "name": "matthiasmullie/minify",
             "version": "1.3.66",
@@ -541,6 +999,56 @@
             ],
             "time": "2022-02-13T18:13:33+00:00"
         },
+        {
+            "name": "paragonie/random_compat",
+            "version": "v9.99.100",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/paragonie/random_compat.git",
+                "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/paragonie/random_compat/zipball/996434e5492cb4c3edcb9168db6fbb1359ef965a",
+                "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">= 7"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "4.*|5.*",
+                "vimeo/psalm": "^1"
+            },
+            "suggest": {
+                "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
+            },
+            "type": "library",
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Paragon Initiative Enterprises",
+                    "email": "security@paragonie.com",
+                    "homepage": "https://paragonie.com"
+                }
+            ],
+            "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
+            "keywords": [
+                "csprng",
+                "polyfill",
+                "pseudorandom",
+                "random"
+            ],
+            "support": {
+                "email": "info@paragonie.com",
+                "issues": "https://github.com/paragonie/random_compat/issues",
+                "source": "https://github.com/paragonie/random_compat"
+            },
+            "time": "2020-10-15T08:29:30+00:00"
+        },
         {
             "name": "php-mime-mail-parser/php-mime-mail-parser",
             "version": "7.0.0",
@@ -763,6 +1271,166 @@
             },
             "time": "2021-11-05T16:47:00+00:00"
         },
+        {
+            "name": "psr/http-client",
+            "version": "1.0.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/php-fig/http-client.git",
+                "reference": "2dfb5f6c5eff0e91e20e913f8c5452ed95b86621"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/php-fig/http-client/zipball/2dfb5f6c5eff0e91e20e913f8c5452ed95b86621",
+                "reference": "2dfb5f6c5eff0e91e20e913f8c5452ed95b86621",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.0 || ^8.0",
+                "psr/http-message": "^1.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.0.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Psr\\Http\\Client\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "PHP-FIG",
+                    "homepage": "http://www.php-fig.org/"
+                }
+            ],
+            "description": "Common interface for HTTP clients",
+            "homepage": "https://github.com/php-fig/http-client",
+            "keywords": [
+                "http",
+                "http-client",
+                "psr",
+                "psr-18"
+            ],
+            "support": {
+                "source": "https://github.com/php-fig/http-client/tree/master"
+            },
+            "time": "2020-06-29T06:28:15+00:00"
+        },
+        {
+            "name": "psr/http-factory",
+            "version": "1.0.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/php-fig/http-factory.git",
+                "reference": "12ac7fcd07e5b077433f5f2bee95b3a771bf61be"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/php-fig/http-factory/zipball/12ac7fcd07e5b077433f5f2bee95b3a771bf61be",
+                "reference": "12ac7fcd07e5b077433f5f2bee95b3a771bf61be",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=7.0.0",
+                "psr/http-message": "^1.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.0.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Psr\\Http\\Message\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "PHP-FIG",
+                    "homepage": "http://www.php-fig.org/"
+                }
+            ],
+            "description": "Common interfaces for PSR-7 HTTP message factories",
+            "keywords": [
+                "factory",
+                "http",
+                "message",
+                "psr",
+                "psr-17",
+                "psr-7",
+                "request",
+                "response"
+            ],
+            "support": {
+                "source": "https://github.com/php-fig/http-factory/tree/master"
+            },
+            "time": "2019-04-30T12:38:16+00:00"
+        },
+        {
+            "name": "psr/http-message",
+            "version": "1.0.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/php-fig/http-message.git",
+                "reference": "f6561bf28d520154e4b0ec72be95418abe6d9363"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/php-fig/http-message/zipball/f6561bf28d520154e4b0ec72be95418abe6d9363",
+                "reference": "f6561bf28d520154e4b0ec72be95418abe6d9363",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.3.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.0.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Psr\\Http\\Message\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "PHP-FIG",
+                    "homepage": "http://www.php-fig.org/"
+                }
+            ],
+            "description": "Common interface for HTTP messages",
+            "homepage": "https://github.com/php-fig/http-message",
+            "keywords": [
+                "http",
+                "http-message",
+                "psr",
+                "psr-7",
+                "request",
+                "response"
+            ],
+            "support": {
+                "source": "https://github.com/php-fig/http-message/tree/master"
+            },
+            "time": "2016-08-06T14:39:51+00:00"
+        },
         {
             "name": "psr/log",
             "version": "3.0.0",
@@ -864,6 +1532,50 @@
             },
             "time": "2021-10-29T13:22:09+00:00"
         },
+        {
+            "name": "ralouphie/getallheaders",
+            "version": "3.0.3",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/ralouphie/getallheaders.git",
+                "reference": "120b605dfeb996808c31b6477290a714d356e822"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/ralouphie/getallheaders/zipball/120b605dfeb996808c31b6477290a714d356e822",
+                "reference": "120b605dfeb996808c31b6477290a714d356e822",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.6"
+            },
+            "require-dev": {
+                "php-coveralls/php-coveralls": "^2.1",
+                "phpunit/phpunit": "^5 || ^6.5"
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "src/getallheaders.php"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Ralph Khattar",
+                    "email": "ralph.khattar@gmail.com"
+                }
+            ],
+            "description": "A polyfill for getallheaders.",
+            "support": {
+                "issues": "https://github.com/ralouphie/getallheaders/issues",
+                "source": "https://github.com/ralouphie/getallheaders/tree/develop"
+            },
+            "time": "2019-03-08T08:55:37+00:00"
+        },
         {
             "name": "robthree/twofactorauth",
             "version": "1.8.1",
@@ -989,6 +1701,133 @@
             },
             "time": "2017-04-19T22:01:50+00:00"
         },
+        {
+            "name": "stevenmaguire/oauth2-keycloak",
+            "version": "3.2.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/stevenmaguire/oauth2-keycloak.git",
+                "reference": "34e4824f5fa26aa8e90f1258859c75570c12d27a"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/stevenmaguire/oauth2-keycloak/zipball/34e4824f5fa26aa8e90f1258859c75570c12d27a",
+                "reference": "34e4824f5fa26aa8e90f1258859c75570c12d27a",
+                "shasum": ""
+            },
+            "require": {
+                "firebase/php-jwt": "~4.0|~5.0",
+                "league/oauth2-client": "^2.0"
+            },
+            "require-dev": {
+                "mockery/mockery": "~0.9",
+                "phpunit/phpunit": "~4.0",
+                "squizlabs/php_codesniffer": "~2.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.0.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Stevenmaguire\\OAuth2\\Client\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Steven Maguire",
+                    "email": "stevenmaguire@gmail.com",
+                    "homepage": "https://github.com/stevenmaguire"
+                }
+            ],
+            "description": "Keycloak OAuth 2.0 Client Provider for The PHP League OAuth2-Client",
+            "keywords": [
+                "authorisation",
+                "authorization",
+                "client",
+                "keycloak",
+                "oauth",
+                "oauth2"
+            ],
+            "support": {
+                "issues": "https://github.com/stevenmaguire/oauth2-keycloak/issues",
+                "source": "https://github.com/stevenmaguire/oauth2-keycloak/tree/3.2.0"
+            },
+            "time": "2022-12-16T12:46:38+00:00"
+        },
+        {
+            "name": "symfony/deprecation-contracts",
+            "version": "v3.2.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/deprecation-contracts.git",
+                "reference": "e2d1534420bd723d0ef5aec58a22c5fe60ce6f5e"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/e2d1534420bd723d0ef5aec58a22c5fe60ce6f5e",
+                "reference": "e2d1534420bd723d0ef5aec58a22c5fe60ce6f5e",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=8.1"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-main": "3.3-dev"
+                },
+                "thanks": {
+                    "name": "symfony/contracts",
+                    "url": "https://github.com/symfony/contracts"
+                }
+            },
+            "autoload": {
+                "files": [
+                    "function.php"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "A generic function and convention to trigger deprecation notices",
+            "homepage": "https://symfony.com",
+            "support": {
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.2.1"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2023-03-01T10:25:55+00:00"
+        },
         {
             "name": "symfony/polyfill-ctype",
             "version": "v1.24.0",
diff --git a/data/web/inc/lib/vendor/composer/autoload_files.php b/data/web/inc/lib/vendor/composer/autoload_files.php
index 502893f7d..2730ec34b 100644
--- a/data/web/inc/lib/vendor/composer/autoload_files.php
+++ b/data/web/inc/lib/vendor/composer/autoload_files.php
@@ -7,6 +7,10 @@ $baseDir = dirname($vendorDir);
 
 return array(
     '0e6d7bf4a5811bfa5cf40c5ccd6fae6a' => $vendorDir . '/symfony/polyfill-mbstring/bootstrap.php',
+    '7b11c4dc42b3b3023073cb14e519683c' => $vendorDir . '/ralouphie/getallheaders/src/getallheaders.php',
+    'c964ee0ededf28c96ebd9db5099ef910' => $vendorDir . '/guzzlehttp/promises/src/functions_include.php',
+    '6e3fae29631ef280660b3cdad06f25a8' => $vendorDir . '/symfony/deprecation-contracts/function.php',
+    '37a3dc5111fe8f707ab4c132ef1dbc62' => $vendorDir . '/guzzlehttp/guzzle/src/functions_include.php',
     'a4a119a56e50fbb293281d9a48007e0e' => $vendorDir . '/symfony/polyfill-php80/bootstrap.php',
     'a1105708a18b76903365ca1c4aa61b02' => $vendorDir . '/symfony/translation/Resources/functions.php',
     '667aeda72477189d0494fecd327c3641' => $vendorDir . '/symfony/var-dumper/Resources/functions/dump.php',
diff --git a/data/web/inc/lib/vendor/composer/autoload_psr4.php b/data/web/inc/lib/vendor/composer/autoload_psr4.php
index 83d1f5655..6112acbac 100644
--- a/data/web/inc/lib/vendor/composer/autoload_psr4.php
+++ b/data/web/inc/lib/vendor/composer/autoload_psr4.php
@@ -14,17 +14,25 @@ return array(
     'Symfony\\Contracts\\Translation\\' => array($vendorDir . '/symfony/translation-contracts'),
     'Symfony\\Component\\VarDumper\\' => array($vendorDir . '/symfony/var-dumper'),
     'Symfony\\Component\\Translation\\' => array($vendorDir . '/symfony/translation'),
+    'Stevenmaguire\\OAuth2\\Client\\' => array($vendorDir . '/stevenmaguire/oauth2-keycloak/src'),
     'RobThree\\Auth\\' => array($vendorDir . '/robthree/twofactorauth/lib'),
     'Psr\\SimpleCache\\' => array($vendorDir . '/psr/simple-cache/src'),
     'Psr\\Log\\' => array($vendorDir . '/psr/log/src'),
+    'Psr\\Http\\Message\\' => array($vendorDir . '/psr/http-message/src', $vendorDir . '/psr/http-factory/src'),
+    'Psr\\Http\\Client\\' => array($vendorDir . '/psr/http-client/src'),
     'Psr\\Container\\' => array($vendorDir . '/psr/container/src'),
     'PhpMimeMailParser\\' => array($vendorDir . '/php-mime-mail-parser/php-mime-mail-parser/src'),
     'PHPMailer\\PHPMailer\\' => array($vendorDir . '/phpmailer/phpmailer/src'),
     'MatthiasMullie\\PathConverter\\' => array($vendorDir . '/matthiasmullie/path-converter/src'),
     'MatthiasMullie\\Minify\\' => array($vendorDir . '/matthiasmullie/minify/src'),
+    'League\\OAuth2\\Client\\' => array($vendorDir . '/league/oauth2-client/src'),
     'LdapRecord\\' => array($vendorDir . '/directorytree/ldaprecord/src'),
     'Illuminate\\Contracts\\' => array($vendorDir . '/illuminate/contracts'),
     'Html2Text\\' => array($vendorDir . '/soundasleep/html2text/src'),
+    'GuzzleHttp\\Psr7\\' => array($vendorDir . '/guzzlehttp/psr7/src'),
+    'GuzzleHttp\\Promise\\' => array($vendorDir . '/guzzlehttp/promises/src'),
+    'GuzzleHttp\\' => array($vendorDir . '/guzzlehttp/guzzle/src'),
+    'Firebase\\JWT\\' => array($vendorDir . '/firebase/php-jwt/src'),
     'Ddeboer\\Imap\\' => array($vendorDir . '/ddeboer/imap/src'),
     'Carbon\\' => array($vendorDir . '/nesbot/carbon/src/Carbon'),
 );
diff --git a/data/web/inc/lib/vendor/composer/autoload_static.php b/data/web/inc/lib/vendor/composer/autoload_static.php
index a819adf63..440edffbc 100644
--- a/data/web/inc/lib/vendor/composer/autoload_static.php
+++ b/data/web/inc/lib/vendor/composer/autoload_static.php
@@ -8,6 +8,10 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
 {
     public static $files = array (
         '0e6d7bf4a5811bfa5cf40c5ccd6fae6a' => __DIR__ . '/..' . '/symfony/polyfill-mbstring/bootstrap.php',
+        '7b11c4dc42b3b3023073cb14e519683c' => __DIR__ . '/..' . '/ralouphie/getallheaders/src/getallheaders.php',
+        'c964ee0ededf28c96ebd9db5099ef910' => __DIR__ . '/..' . '/guzzlehttp/promises/src/functions_include.php',
+        '6e3fae29631ef280660b3cdad06f25a8' => __DIR__ . '/..' . '/symfony/deprecation-contracts/function.php',
+        '37a3dc5111fe8f707ab4c132ef1dbc62' => __DIR__ . '/..' . '/guzzlehttp/guzzle/src/functions_include.php',
         'a4a119a56e50fbb293281d9a48007e0e' => __DIR__ . '/..' . '/symfony/polyfill-php80/bootstrap.php',
         'a1105708a18b76903365ca1c4aa61b02' => __DIR__ . '/..' . '/symfony/translation/Resources/functions.php',
         '667aeda72477189d0494fecd327c3641' => __DIR__ . '/..' . '/symfony/var-dumper/Resources/functions/dump.php',
@@ -31,6 +35,7 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
             'Symfony\\Contracts\\Translation\\' => 30,
             'Symfony\\Component\\VarDumper\\' => 28,
             'Symfony\\Component\\Translation\\' => 30,
+            'Stevenmaguire\\OAuth2\\Client\\' => 28,
         ),
         'R' => 
         array (
@@ -40,6 +45,8 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
         array (
             'Psr\\SimpleCache\\' => 16,
             'Psr\\Log\\' => 8,
+            'Psr\\Http\\Message\\' => 17,
+            'Psr\\Http\\Client\\' => 16,
             'Psr\\Container\\' => 14,
             'PhpMimeMailParser\\' => 18,
             'PHPMailer\\PHPMailer\\' => 20,
@@ -51,6 +58,7 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
         ),
         'L' => 
         array (
+            'League\\OAuth2\\Client\\' => 21,
             'LdapRecord\\' => 11,
         ),
         'I' => 
@@ -61,6 +69,16 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
         array (
             'Html2Text\\' => 10,
         ),
+        'G' => 
+        array (
+            'GuzzleHttp\\Psr7\\' => 16,
+            'GuzzleHttp\\Promise\\' => 19,
+            'GuzzleHttp\\' => 11,
+        ),
+        'F' => 
+        array (
+            'Firebase\\JWT\\' => 13,
+        ),
         'D' => 
         array (
             'Ddeboer\\Imap\\' => 13,
@@ -104,6 +122,10 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
         array (
             0 => __DIR__ . '/..' . '/symfony/translation',
         ),
+        'Stevenmaguire\\OAuth2\\Client\\' => 
+        array (
+            0 => __DIR__ . '/..' . '/stevenmaguire/oauth2-keycloak/src',
+        ),
         'RobThree\\Auth\\' => 
         array (
             0 => __DIR__ . '/..' . '/robthree/twofactorauth/lib',
@@ -116,6 +138,15 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
         array (
             0 => __DIR__ . '/..' . '/psr/log/src',
         ),
+        'Psr\\Http\\Message\\' => 
+        array (
+            0 => __DIR__ . '/..' . '/psr/http-message/src',
+            1 => __DIR__ . '/..' . '/psr/http-factory/src',
+        ),
+        'Psr\\Http\\Client\\' => 
+        array (
+            0 => __DIR__ . '/..' . '/psr/http-client/src',
+        ),
         'Psr\\Container\\' => 
         array (
             0 => __DIR__ . '/..' . '/psr/container/src',
@@ -136,6 +167,10 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
         array (
             0 => __DIR__ . '/..' . '/matthiasmullie/minify/src',
         ),
+        'League\\OAuth2\\Client\\' => 
+        array (
+            0 => __DIR__ . '/..' . '/league/oauth2-client/src',
+        ),
         'LdapRecord\\' => 
         array (
             0 => __DIR__ . '/..' . '/directorytree/ldaprecord/src',
@@ -148,6 +183,22 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
         array (
             0 => __DIR__ . '/..' . '/soundasleep/html2text/src',
         ),
+        'GuzzleHttp\\Psr7\\' => 
+        array (
+            0 => __DIR__ . '/..' . '/guzzlehttp/psr7/src',
+        ),
+        'GuzzleHttp\\Promise\\' => 
+        array (
+            0 => __DIR__ . '/..' . '/guzzlehttp/promises/src',
+        ),
+        'GuzzleHttp\\' => 
+        array (
+            0 => __DIR__ . '/..' . '/guzzlehttp/guzzle/src',
+        ),
+        'Firebase\\JWT\\' => 
+        array (
+            0 => __DIR__ . '/..' . '/firebase/php-jwt/src',
+        ),
         'Ddeboer\\Imap\\' => 
         array (
             0 => __DIR__ . '/..' . '/ddeboer/imap/src',
diff --git a/data/web/inc/lib/vendor/composer/installed.json b/data/web/inc/lib/vendor/composer/installed.json
index d910fa544..cec6e781d 100644
--- a/data/web/inc/lib/vendor/composer/installed.json
+++ b/data/web/inc/lib/vendor/composer/installed.json
@@ -215,6 +215,406 @@
             ],
             "install-path": "../directorytree/ldaprecord"
         },
+        {
+            "name": "firebase/php-jwt",
+            "version": "v5.5.1",
+            "version_normalized": "5.5.1.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/firebase/php-jwt.git",
+                "reference": "83b609028194aa042ea33b5af2d41a7427de80e6"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/firebase/php-jwt/zipball/83b609028194aa042ea33b5af2d41a7427de80e6",
+                "reference": "83b609028194aa042ea33b5af2d41a7427de80e6",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.3.0"
+            },
+            "require-dev": {
+                "phpunit/phpunit": ">=4.8 <=9"
+            },
+            "suggest": {
+                "paragonie/sodium_compat": "Support EdDSA (Ed25519) signatures when libsodium is not present"
+            },
+            "time": "2021-11-08T20:18:51+00:00",
+            "type": "library",
+            "installation-source": "dist",
+            "autoload": {
+                "psr-4": {
+                    "Firebase\\JWT\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "BSD-3-Clause"
+            ],
+            "authors": [
+                {
+                    "name": "Neuman Vong",
+                    "email": "neuman+pear@twilio.com",
+                    "role": "Developer"
+                },
+                {
+                    "name": "Anant Narayanan",
+                    "email": "anant@php.net",
+                    "role": "Developer"
+                }
+            ],
+            "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.",
+            "homepage": "https://github.com/firebase/php-jwt",
+            "keywords": [
+                "jwt",
+                "php"
+            ],
+            "support": {
+                "issues": "https://github.com/firebase/php-jwt/issues",
+                "source": "https://github.com/firebase/php-jwt/tree/v5.5.1"
+            },
+            "install-path": "../firebase/php-jwt"
+        },
+        {
+            "name": "guzzlehttp/guzzle",
+            "version": "7.5.0",
+            "version_normalized": "7.5.0.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/guzzle/guzzle.git",
+                "reference": "b50a2a1251152e43f6a37f0fa053e730a67d25ba"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b50a2a1251152e43f6a37f0fa053e730a67d25ba",
+                "reference": "b50a2a1251152e43f6a37f0fa053e730a67d25ba",
+                "shasum": ""
+            },
+            "require": {
+                "ext-json": "*",
+                "guzzlehttp/promises": "^1.5",
+                "guzzlehttp/psr7": "^1.9 || ^2.4",
+                "php": "^7.2.5 || ^8.0",
+                "psr/http-client": "^1.0",
+                "symfony/deprecation-contracts": "^2.2 || ^3.0"
+            },
+            "provide": {
+                "psr/http-client-implementation": "1.0"
+            },
+            "require-dev": {
+                "bamarni/composer-bin-plugin": "^1.8.1",
+                "ext-curl": "*",
+                "php-http/client-integration-tests": "^3.0",
+                "phpunit/phpunit": "^8.5.29 || ^9.5.23",
+                "psr/log": "^1.1 || ^2.0 || ^3.0"
+            },
+            "suggest": {
+                "ext-curl": "Required for CURL handler support",
+                "ext-intl": "Required for Internationalized Domain Name (IDN) support",
+                "psr/log": "Required for using the Log middleware"
+            },
+            "time": "2022-08-28T15:39:27+00:00",
+            "type": "library",
+            "extra": {
+                "bamarni-bin": {
+                    "bin-links": true,
+                    "forward-command": false
+                },
+                "branch-alias": {
+                    "dev-master": "7.5-dev"
+                }
+            },
+            "installation-source": "dist",
+            "autoload": {
+                "files": [
+                    "src/functions_include.php"
+                ],
+                "psr-4": {
+                    "GuzzleHttp\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Graham Campbell",
+                    "email": "hello@gjcampbell.co.uk",
+                    "homepage": "https://github.com/GrahamCampbell"
+                },
+                {
+                    "name": "Michael Dowling",
+                    "email": "mtdowling@gmail.com",
+                    "homepage": "https://github.com/mtdowling"
+                },
+                {
+                    "name": "Jeremy Lindblom",
+                    "email": "jeremeamia@gmail.com",
+                    "homepage": "https://github.com/jeremeamia"
+                },
+                {
+                    "name": "George Mponos",
+                    "email": "gmponos@gmail.com",
+                    "homepage": "https://github.com/gmponos"
+                },
+                {
+                    "name": "Tobias Nyholm",
+                    "email": "tobias.nyholm@gmail.com",
+                    "homepage": "https://github.com/Nyholm"
+                },
+                {
+                    "name": "Márk Sági-Kazár",
+                    "email": "mark.sagikazar@gmail.com",
+                    "homepage": "https://github.com/sagikazarmark"
+                },
+                {
+                    "name": "Tobias Schultze",
+                    "email": "webmaster@tubo-world.de",
+                    "homepage": "https://github.com/Tobion"
+                }
+            ],
+            "description": "Guzzle is a PHP HTTP client library",
+            "keywords": [
+                "client",
+                "curl",
+                "framework",
+                "http",
+                "http client",
+                "psr-18",
+                "psr-7",
+                "rest",
+                "web service"
+            ],
+            "support": {
+                "issues": "https://github.com/guzzle/guzzle/issues",
+                "source": "https://github.com/guzzle/guzzle/tree/7.5.0"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/GrahamCampbell",
+                    "type": "github"
+                },
+                {
+                    "url": "https://github.com/Nyholm",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/guzzle",
+                    "type": "tidelift"
+                }
+            ],
+            "install-path": "../guzzlehttp/guzzle"
+        },
+        {
+            "name": "guzzlehttp/promises",
+            "version": "1.5.2",
+            "version_normalized": "1.5.2.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/guzzle/promises.git",
+                "reference": "b94b2807d85443f9719887892882d0329d1e2598"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/b94b2807d85443f9719887892882d0329d1e2598",
+                "reference": "b94b2807d85443f9719887892882d0329d1e2598",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.5"
+            },
+            "require-dev": {
+                "symfony/phpunit-bridge": "^4.4 || ^5.1"
+            },
+            "time": "2022-08-28T14:55:35+00:00",
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.5-dev"
+                }
+            },
+            "installation-source": "dist",
+            "autoload": {
+                "files": [
+                    "src/functions_include.php"
+                ],
+                "psr-4": {
+                    "GuzzleHttp\\Promise\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Graham Campbell",
+                    "email": "hello@gjcampbell.co.uk",
+                    "homepage": "https://github.com/GrahamCampbell"
+                },
+                {
+                    "name": "Michael Dowling",
+                    "email": "mtdowling@gmail.com",
+                    "homepage": "https://github.com/mtdowling"
+                },
+                {
+                    "name": "Tobias Nyholm",
+                    "email": "tobias.nyholm@gmail.com",
+                    "homepage": "https://github.com/Nyholm"
+                },
+                {
+                    "name": "Tobias Schultze",
+                    "email": "webmaster@tubo-world.de",
+                    "homepage": "https://github.com/Tobion"
+                }
+            ],
+            "description": "Guzzle promises library",
+            "keywords": [
+                "promise"
+            ],
+            "support": {
+                "issues": "https://github.com/guzzle/promises/issues",
+                "source": "https://github.com/guzzle/promises/tree/1.5.2"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/GrahamCampbell",
+                    "type": "github"
+                },
+                {
+                    "url": "https://github.com/Nyholm",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/promises",
+                    "type": "tidelift"
+                }
+            ],
+            "install-path": "../guzzlehttp/promises"
+        },
+        {
+            "name": "guzzlehttp/psr7",
+            "version": "2.4.4",
+            "version_normalized": "2.4.4.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/guzzle/psr7.git",
+                "reference": "3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf",
+                "reference": "3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.2.5 || ^8.0",
+                "psr/http-factory": "^1.0",
+                "psr/http-message": "^1.0",
+                "ralouphie/getallheaders": "^3.0"
+            },
+            "provide": {
+                "psr/http-factory-implementation": "1.0",
+                "psr/http-message-implementation": "1.0"
+            },
+            "require-dev": {
+                "bamarni/composer-bin-plugin": "^1.8.1",
+                "http-interop/http-factory-tests": "^0.9",
+                "phpunit/phpunit": "^8.5.29 || ^9.5.23"
+            },
+            "suggest": {
+                "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
+            },
+            "time": "2023-03-09T13:19:02+00:00",
+            "type": "library",
+            "extra": {
+                "bamarni-bin": {
+                    "bin-links": true,
+                    "forward-command": false
+                },
+                "branch-alias": {
+                    "dev-master": "2.4-dev"
+                }
+            },
+            "installation-source": "dist",
+            "autoload": {
+                "psr-4": {
+                    "GuzzleHttp\\Psr7\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Graham Campbell",
+                    "email": "hello@gjcampbell.co.uk",
+                    "homepage": "https://github.com/GrahamCampbell"
+                },
+                {
+                    "name": "Michael Dowling",
+                    "email": "mtdowling@gmail.com",
+                    "homepage": "https://github.com/mtdowling"
+                },
+                {
+                    "name": "George Mponos",
+                    "email": "gmponos@gmail.com",
+                    "homepage": "https://github.com/gmponos"
+                },
+                {
+                    "name": "Tobias Nyholm",
+                    "email": "tobias.nyholm@gmail.com",
+                    "homepage": "https://github.com/Nyholm"
+                },
+                {
+                    "name": "Márk Sági-Kazár",
+                    "email": "mark.sagikazar@gmail.com",
+                    "homepage": "https://github.com/sagikazarmark"
+                },
+                {
+                    "name": "Tobias Schultze",
+                    "email": "webmaster@tubo-world.de",
+                    "homepage": "https://github.com/Tobion"
+                },
+                {
+                    "name": "Márk Sági-Kazár",
+                    "email": "mark.sagikazar@gmail.com",
+                    "homepage": "https://sagikazarmark.hu"
+                }
+            ],
+            "description": "PSR-7 message implementation that also provides common utility methods",
+            "keywords": [
+                "http",
+                "message",
+                "psr-7",
+                "request",
+                "response",
+                "stream",
+                "uri",
+                "url"
+            ],
+            "support": {
+                "issues": "https://github.com/guzzle/psr7/issues",
+                "source": "https://github.com/guzzle/psr7/tree/2.4.4"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/GrahamCampbell",
+                    "type": "github"
+                },
+                {
+                    "url": "https://github.com/Nyholm",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/psr7",
+                    "type": "tidelift"
+                }
+            ],
+            "install-path": "../guzzlehttp/psr7"
+        },
         {
             "name": "illuminate/contracts",
             "version": "v9.3.0",
@@ -266,6 +666,79 @@
             },
             "install-path": "../illuminate/contracts"
         },
+        {
+            "name": "league/oauth2-client",
+            "version": "2.6.1",
+            "version_normalized": "2.6.1.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/thephpleague/oauth2-client.git",
+                "reference": "2334c249907190c132364f5dae0287ab8666aa19"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/thephpleague/oauth2-client/zipball/2334c249907190c132364f5dae0287ab8666aa19",
+                "reference": "2334c249907190c132364f5dae0287ab8666aa19",
+                "shasum": ""
+            },
+            "require": {
+                "guzzlehttp/guzzle": "^6.0 || ^7.0",
+                "paragonie/random_compat": "^1 || ^2 || ^9.99",
+                "php": "^5.6 || ^7.0 || ^8.0"
+            },
+            "require-dev": {
+                "mockery/mockery": "^1.3.5",
+                "php-parallel-lint/php-parallel-lint": "^1.3.1",
+                "phpunit/phpunit": "^5.7 || ^6.0 || ^9.5",
+                "squizlabs/php_codesniffer": "^2.3 || ^3.0"
+            },
+            "time": "2021-12-22T16:42:49+00:00",
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-2.x": "2.0.x-dev"
+                }
+            },
+            "installation-source": "dist",
+            "autoload": {
+                "psr-4": {
+                    "League\\OAuth2\\Client\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Alex Bilbie",
+                    "email": "hello@alexbilbie.com",
+                    "homepage": "http://www.alexbilbie.com",
+                    "role": "Developer"
+                },
+                {
+                    "name": "Woody Gilk",
+                    "homepage": "https://github.com/shadowhand",
+                    "role": "Contributor"
+                }
+            ],
+            "description": "OAuth 2.0 Client Library",
+            "keywords": [
+                "Authentication",
+                "SSO",
+                "authorization",
+                "identity",
+                "idp",
+                "oauth",
+                "oauth2",
+                "single sign on"
+            ],
+            "support": {
+                "issues": "https://github.com/thephpleague/oauth2-client/issues",
+                "source": "https://github.com/thephpleague/oauth2-client/tree/2.6.1"
+            },
+            "install-path": "../league/oauth2-client"
+        },
         {
             "name": "matthiasmullie/minify",
             "version": "1.3.66",
@@ -551,6 +1024,59 @@
             ],
             "install-path": "../nesbot/carbon"
         },
+        {
+            "name": "paragonie/random_compat",
+            "version": "v9.99.100",
+            "version_normalized": "9.99.100.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/paragonie/random_compat.git",
+                "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/paragonie/random_compat/zipball/996434e5492cb4c3edcb9168db6fbb1359ef965a",
+                "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">= 7"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "4.*|5.*",
+                "vimeo/psalm": "^1"
+            },
+            "suggest": {
+                "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
+            },
+            "time": "2020-10-15T08:29:30+00:00",
+            "type": "library",
+            "installation-source": "dist",
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Paragon Initiative Enterprises",
+                    "email": "security@paragonie.com",
+                    "homepage": "https://paragonie.com"
+                }
+            ],
+            "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
+            "keywords": [
+                "csprng",
+                "polyfill",
+                "pseudorandom",
+                "random"
+            ],
+            "support": {
+                "email": "info@paragonie.com",
+                "issues": "https://github.com/paragonie/random_compat/issues",
+                "source": "https://github.com/paragonie/random_compat"
+            },
+            "install-path": "../paragonie/random_compat"
+        },
         {
             "name": "php-mime-mail-parser/php-mime-mail-parser",
             "version": "7.0.0",
@@ -782,6 +1308,175 @@
             },
             "install-path": "../psr/container"
         },
+        {
+            "name": "psr/http-client",
+            "version": "1.0.1",
+            "version_normalized": "1.0.1.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/php-fig/http-client.git",
+                "reference": "2dfb5f6c5eff0e91e20e913f8c5452ed95b86621"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/php-fig/http-client/zipball/2dfb5f6c5eff0e91e20e913f8c5452ed95b86621",
+                "reference": "2dfb5f6c5eff0e91e20e913f8c5452ed95b86621",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.0 || ^8.0",
+                "psr/http-message": "^1.0"
+            },
+            "time": "2020-06-29T06:28:15+00:00",
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.0.x-dev"
+                }
+            },
+            "installation-source": "dist",
+            "autoload": {
+                "psr-4": {
+                    "Psr\\Http\\Client\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "PHP-FIG",
+                    "homepage": "http://www.php-fig.org/"
+                }
+            ],
+            "description": "Common interface for HTTP clients",
+            "homepage": "https://github.com/php-fig/http-client",
+            "keywords": [
+                "http",
+                "http-client",
+                "psr",
+                "psr-18"
+            ],
+            "support": {
+                "source": "https://github.com/php-fig/http-client/tree/master"
+            },
+            "install-path": "../psr/http-client"
+        },
+        {
+            "name": "psr/http-factory",
+            "version": "1.0.1",
+            "version_normalized": "1.0.1.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/php-fig/http-factory.git",
+                "reference": "12ac7fcd07e5b077433f5f2bee95b3a771bf61be"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/php-fig/http-factory/zipball/12ac7fcd07e5b077433f5f2bee95b3a771bf61be",
+                "reference": "12ac7fcd07e5b077433f5f2bee95b3a771bf61be",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=7.0.0",
+                "psr/http-message": "^1.0"
+            },
+            "time": "2019-04-30T12:38:16+00:00",
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.0.x-dev"
+                }
+            },
+            "installation-source": "dist",
+            "autoload": {
+                "psr-4": {
+                    "Psr\\Http\\Message\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "PHP-FIG",
+                    "homepage": "http://www.php-fig.org/"
+                }
+            ],
+            "description": "Common interfaces for PSR-7 HTTP message factories",
+            "keywords": [
+                "factory",
+                "http",
+                "message",
+                "psr",
+                "psr-17",
+                "psr-7",
+                "request",
+                "response"
+            ],
+            "support": {
+                "source": "https://github.com/php-fig/http-factory/tree/master"
+            },
+            "install-path": "../psr/http-factory"
+        },
+        {
+            "name": "psr/http-message",
+            "version": "1.0.1",
+            "version_normalized": "1.0.1.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/php-fig/http-message.git",
+                "reference": "f6561bf28d520154e4b0ec72be95418abe6d9363"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/php-fig/http-message/zipball/f6561bf28d520154e4b0ec72be95418abe6d9363",
+                "reference": "f6561bf28d520154e4b0ec72be95418abe6d9363",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.3.0"
+            },
+            "time": "2016-08-06T14:39:51+00:00",
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.0.x-dev"
+                }
+            },
+            "installation-source": "dist",
+            "autoload": {
+                "psr-4": {
+                    "Psr\\Http\\Message\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "PHP-FIG",
+                    "homepage": "http://www.php-fig.org/"
+                }
+            ],
+            "description": "Common interface for HTTP messages",
+            "homepage": "https://github.com/php-fig/http-message",
+            "keywords": [
+                "http",
+                "http-message",
+                "psr",
+                "psr-7",
+                "request",
+                "response"
+            ],
+            "support": {
+                "source": "https://github.com/php-fig/http-message/tree/master"
+            },
+            "install-path": "../psr/http-message"
+        },
         {
             "name": "psr/log",
             "version": "3.0.0",
@@ -889,6 +1584,53 @@
             },
             "install-path": "../psr/simple-cache"
         },
+        {
+            "name": "ralouphie/getallheaders",
+            "version": "3.0.3",
+            "version_normalized": "3.0.3.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/ralouphie/getallheaders.git",
+                "reference": "120b605dfeb996808c31b6477290a714d356e822"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/ralouphie/getallheaders/zipball/120b605dfeb996808c31b6477290a714d356e822",
+                "reference": "120b605dfeb996808c31b6477290a714d356e822",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.6"
+            },
+            "require-dev": {
+                "php-coveralls/php-coveralls": "^2.1",
+                "phpunit/phpunit": "^5 || ^6.5"
+            },
+            "time": "2019-03-08T08:55:37+00:00",
+            "type": "library",
+            "installation-source": "dist",
+            "autoload": {
+                "files": [
+                    "src/getallheaders.php"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Ralph Khattar",
+                    "email": "ralph.khattar@gmail.com"
+                }
+            ],
+            "description": "A polyfill for getallheaders.",
+            "support": {
+                "issues": "https://github.com/ralouphie/getallheaders/issues",
+                "source": "https://github.com/ralouphie/getallheaders/tree/develop"
+            },
+            "install-path": "../ralouphie/getallheaders"
+        },
         {
             "name": "robthree/twofactorauth",
             "version": "1.8.1",
@@ -1015,6 +1757,139 @@
             ],
             "install-path": "../soundasleep/html2text"
         },
+        {
+            "name": "stevenmaguire/oauth2-keycloak",
+            "version": "3.2.0",
+            "version_normalized": "3.2.0.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/stevenmaguire/oauth2-keycloak.git",
+                "reference": "34e4824f5fa26aa8e90f1258859c75570c12d27a"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/stevenmaguire/oauth2-keycloak/zipball/34e4824f5fa26aa8e90f1258859c75570c12d27a",
+                "reference": "34e4824f5fa26aa8e90f1258859c75570c12d27a",
+                "shasum": ""
+            },
+            "require": {
+                "firebase/php-jwt": "~4.0|~5.0",
+                "league/oauth2-client": "^2.0"
+            },
+            "require-dev": {
+                "mockery/mockery": "~0.9",
+                "phpunit/phpunit": "~4.0",
+                "squizlabs/php_codesniffer": "~2.0"
+            },
+            "time": "2022-12-16T12:46:38+00:00",
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.0.x-dev"
+                }
+            },
+            "installation-source": "dist",
+            "autoload": {
+                "psr-4": {
+                    "Stevenmaguire\\OAuth2\\Client\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Steven Maguire",
+                    "email": "stevenmaguire@gmail.com",
+                    "homepage": "https://github.com/stevenmaguire"
+                }
+            ],
+            "description": "Keycloak OAuth 2.0 Client Provider for The PHP League OAuth2-Client",
+            "keywords": [
+                "authorisation",
+                "authorization",
+                "client",
+                "keycloak",
+                "oauth",
+                "oauth2"
+            ],
+            "support": {
+                "issues": "https://github.com/stevenmaguire/oauth2-keycloak/issues",
+                "source": "https://github.com/stevenmaguire/oauth2-keycloak/tree/3.2.0"
+            },
+            "install-path": "../stevenmaguire/oauth2-keycloak"
+        },
+        {
+            "name": "symfony/deprecation-contracts",
+            "version": "v3.2.1",
+            "version_normalized": "3.2.1.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/deprecation-contracts.git",
+                "reference": "e2d1534420bd723d0ef5aec58a22c5fe60ce6f5e"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/e2d1534420bd723d0ef5aec58a22c5fe60ce6f5e",
+                "reference": "e2d1534420bd723d0ef5aec58a22c5fe60ce6f5e",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=8.1"
+            },
+            "time": "2023-03-01T10:25:55+00:00",
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-main": "3.3-dev"
+                },
+                "thanks": {
+                    "name": "symfony/contracts",
+                    "url": "https://github.com/symfony/contracts"
+                }
+            },
+            "installation-source": "dist",
+            "autoload": {
+                "files": [
+                    "function.php"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "A generic function and convention to trigger deprecation notices",
+            "homepage": "https://symfony.com",
+            "support": {
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.2.1"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "install-path": "../symfony/deprecation-contracts"
+        },
         {
             "name": "symfony/polyfill-ctype",
             "version": "v1.24.0",
diff --git a/data/web/inc/lib/vendor/composer/installed.php b/data/web/inc/lib/vendor/composer/installed.php
index fa2ed8e5e..07db23e07 100644
--- a/data/web/inc/lib/vendor/composer/installed.php
+++ b/data/web/inc/lib/vendor/composer/installed.php
@@ -3,7 +3,7 @@
         'name' => '__root__',
         'pretty_version' => 'dev-master',
         'version' => 'dev-master',
-        'reference' => 'a7e309f1c89c5579653fae00ec9655bb5f992ec6',
+        'reference' => 'ea394d702dd7fe05f9b28c818fd912c5a60e71f4',
         'type' => 'library',
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
@@ -13,7 +13,7 @@
         '__root__' => array(
             'pretty_version' => 'dev-master',
             'version' => 'dev-master',
-            'reference' => 'a7e309f1c89c5579653fae00ec9655bb5f992ec6',
+            'reference' => 'ea394d702dd7fe05f9b28c818fd912c5a60e71f4',
             'type' => 'library',
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),
@@ -52,6 +52,42 @@
                 0 => '*',
             ),
         ),
+        'firebase/php-jwt' => array(
+            'pretty_version' => 'v5.5.1',
+            'version' => '5.5.1.0',
+            'reference' => '83b609028194aa042ea33b5af2d41a7427de80e6',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../firebase/php-jwt',
+            'aliases' => array(),
+            'dev_requirement' => false,
+        ),
+        'guzzlehttp/guzzle' => array(
+            'pretty_version' => '7.5.0',
+            'version' => '7.5.0.0',
+            'reference' => 'b50a2a1251152e43f6a37f0fa053e730a67d25ba',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../guzzlehttp/guzzle',
+            'aliases' => array(),
+            'dev_requirement' => false,
+        ),
+        'guzzlehttp/promises' => array(
+            'pretty_version' => '1.5.2',
+            'version' => '1.5.2.0',
+            'reference' => 'b94b2807d85443f9719887892882d0329d1e2598',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../guzzlehttp/promises',
+            'aliases' => array(),
+            'dev_requirement' => false,
+        ),
+        'guzzlehttp/psr7' => array(
+            'pretty_version' => '2.4.4',
+            'version' => '2.4.4.0',
+            'reference' => '3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../guzzlehttp/psr7',
+            'aliases' => array(),
+            'dev_requirement' => false,
+        ),
         'illuminate/contracts' => array(
             'pretty_version' => 'v9.3.0',
             'version' => '9.3.0.0',
@@ -61,6 +97,15 @@
             'aliases' => array(),
             'dev_requirement' => false,
         ),
+        'league/oauth2-client' => array(
+            'pretty_version' => '2.6.1',
+            'version' => '2.6.1.0',
+            'reference' => '2334c249907190c132364f5dae0287ab8666aa19',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../league/oauth2-client',
+            'aliases' => array(),
+            'dev_requirement' => false,
+        ),
         'matthiasmullie/minify' => array(
             'pretty_version' => '1.3.66',
             'version' => '1.3.66.0',
@@ -103,6 +148,15 @@
             'aliases' => array(),
             'dev_requirement' => false,
         ),
+        'paragonie/random_compat' => array(
+            'pretty_version' => 'v9.99.100',
+            'version' => '9.99.100.0',
+            'reference' => '996434e5492cb4c3edcb9168db6fbb1359ef965a',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../paragonie/random_compat',
+            'aliases' => array(),
+            'dev_requirement' => false,
+        ),
         'php-mime-mail-parser/php-mime-mail-parser' => array(
             'pretty_version' => '7.0.0',
             'version' => '7.0.0.0',
@@ -130,6 +184,51 @@
             'aliases' => array(),
             'dev_requirement' => false,
         ),
+        'psr/http-client' => array(
+            'pretty_version' => '1.0.1',
+            'version' => '1.0.1.0',
+            'reference' => '2dfb5f6c5eff0e91e20e913f8c5452ed95b86621',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../psr/http-client',
+            'aliases' => array(),
+            'dev_requirement' => false,
+        ),
+        'psr/http-client-implementation' => array(
+            'dev_requirement' => false,
+            'provided' => array(
+                0 => '1.0',
+            ),
+        ),
+        'psr/http-factory' => array(
+            'pretty_version' => '1.0.1',
+            'version' => '1.0.1.0',
+            'reference' => '12ac7fcd07e5b077433f5f2bee95b3a771bf61be',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../psr/http-factory',
+            'aliases' => array(),
+            'dev_requirement' => false,
+        ),
+        'psr/http-factory-implementation' => array(
+            'dev_requirement' => false,
+            'provided' => array(
+                0 => '1.0',
+            ),
+        ),
+        'psr/http-message' => array(
+            'pretty_version' => '1.0.1',
+            'version' => '1.0.1.0',
+            'reference' => 'f6561bf28d520154e4b0ec72be95418abe6d9363',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../psr/http-message',
+            'aliases' => array(),
+            'dev_requirement' => false,
+        ),
+        'psr/http-message-implementation' => array(
+            'dev_requirement' => false,
+            'provided' => array(
+                0 => '1.0',
+            ),
+        ),
         'psr/log' => array(
             'pretty_version' => '3.0.0',
             'version' => '3.0.0.0',
@@ -148,6 +247,15 @@
             'aliases' => array(),
             'dev_requirement' => false,
         ),
+        'ralouphie/getallheaders' => array(
+            'pretty_version' => '3.0.3',
+            'version' => '3.0.3.0',
+            'reference' => '120b605dfeb996808c31b6477290a714d356e822',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../ralouphie/getallheaders',
+            'aliases' => array(),
+            'dev_requirement' => false,
+        ),
         'robthree/twofactorauth' => array(
             'pretty_version' => '1.8.1',
             'version' => '1.8.1.0',
@@ -166,6 +274,24 @@
             'aliases' => array(),
             'dev_requirement' => false,
         ),
+        'stevenmaguire/oauth2-keycloak' => array(
+            'pretty_version' => '3.2.0',
+            'version' => '3.2.0.0',
+            'reference' => '34e4824f5fa26aa8e90f1258859c75570c12d27a',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../stevenmaguire/oauth2-keycloak',
+            'aliases' => array(),
+            'dev_requirement' => false,
+        ),
+        'symfony/deprecation-contracts' => array(
+            'pretty_version' => 'v3.2.1',
+            'version' => '3.2.1.0',
+            'reference' => 'e2d1534420bd723d0ef5aec58a22c5fe60ce6f5e',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/deprecation-contracts',
+            'aliases' => array(),
+            'dev_requirement' => false,
+        ),
         'symfony/polyfill-ctype' => array(
             'pretty_version' => 'v1.24.0',
             'version' => '1.24.0.0',
diff --git a/data/web/inc/lib/vendor/composer/platform_check.php b/data/web/inc/lib/vendor/composer/platform_check.php
index b168ddd5d..4c3a5d68f 100644
--- a/data/web/inc/lib/vendor/composer/platform_check.php
+++ b/data/web/inc/lib/vendor/composer/platform_check.php
@@ -4,8 +4,8 @@
 
 $issues = array();
 
-if (!(PHP_VERSION_ID >= 80002)) {
-    $issues[] = 'Your Composer dependencies require a PHP version ">= 8.0.2". You are running ' . PHP_VERSION . '.';
+if (!(PHP_VERSION_ID >= 80100)) {
+    $issues[] = 'Your Composer dependencies require a PHP version ">= 8.1.0". You are running ' . PHP_VERSION . '.';
 }
 
 if ($issues) {
diff --git a/data/web/inc/lib/vendor/firebase/php-jwt/LICENSE b/data/web/inc/lib/vendor/firebase/php-jwt/LICENSE
new file mode 100644
index 000000000..11c014665
--- /dev/null
+++ b/data/web/inc/lib/vendor/firebase/php-jwt/LICENSE
@@ -0,0 +1,30 @@
+Copyright (c) 2011, Neuman Vong
+
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above
+      copyright notice, this list of conditions and the following
+      disclaimer in the documentation and/or other materials provided
+      with the distribution.
+
+    * Neither the name of the copyright holder nor the names of other
+      contributors may be used to endorse or promote products derived
+      from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/data/web/inc/lib/vendor/firebase/php-jwt/README.md b/data/web/inc/lib/vendor/firebase/php-jwt/README.md
new file mode 100644
index 000000000..1d392cd12
--- /dev/null
+++ b/data/web/inc/lib/vendor/firebase/php-jwt/README.md
@@ -0,0 +1,289 @@
+[![Build Status](https://travis-ci.org/firebase/php-jwt.png?branch=master)](https://travis-ci.org/firebase/php-jwt)
+[![Latest Stable Version](https://poser.pugx.org/firebase/php-jwt/v/stable)](https://packagist.org/packages/firebase/php-jwt)
+[![Total Downloads](https://poser.pugx.org/firebase/php-jwt/downloads)](https://packagist.org/packages/firebase/php-jwt)
+[![License](https://poser.pugx.org/firebase/php-jwt/license)](https://packagist.org/packages/firebase/php-jwt)
+
+PHP-JWT
+=======
+A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to [RFC 7519](https://tools.ietf.org/html/rfc7519).
+
+Installation
+------------
+
+Use composer to manage your dependencies and download PHP-JWT:
+
+```bash
+composer require firebase/php-jwt
+```
+
+Optionally, install the `paragonie/sodium_compat` package from composer if your
+php is < 7.2 or does not have libsodium installed:
+
+```bash
+composer require paragonie/sodium_compat
+```
+
+Example
+-------
+```php
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+
+$key = "example_key";
+$payload = array(
+    "iss" => "http://example.org",
+    "aud" => "http://example.com",
+    "iat" => 1356999524,
+    "nbf" => 1357000000
+);
+
+/**
+ * IMPORTANT:
+ * You must specify supported algorithms for your application. See
+ * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40
+ * for a list of spec-compliant algorithms.
+ */
+$jwt = JWT::encode($payload, $key, 'HS256');
+$decoded = JWT::decode($jwt, new Key($key, 'HS256'));
+
+print_r($decoded);
+
+/*
+ NOTE: This will now be an object instead of an associative array. To get
+ an associative array, you will need to cast it as such:
+*/
+
+$decoded_array = (array) $decoded;
+
+/**
+ * You can add a leeway to account for when there is a clock skew times between
+ * the signing and verifying servers. It is recommended that this leeway should
+ * not be bigger than a few minutes.
+ *
+ * Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef
+ */
+JWT::$leeway = 60; // $leeway in seconds
+$decoded = JWT::decode($jwt, new Key($key, 'HS256'));
+```
+Example with RS256 (openssl)
+----------------------------
+```php
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+
+$privateKey = <<<EOD
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC8kGa1pSjbSYZVebtTRBLxBz5H4i2p/llLCrEeQhta5kaQu/Rn
+vuER4W8oDH3+3iuIYW4VQAzyqFpwuzjkDI+17t5t0tyazyZ8JXw+KgXTxldMPEL9
+5+qVhgXvwtihXC1c5oGbRlEDvDF6Sa53rcFVsYJ4ehde/zUxo6UvS7UrBQIDAQAB
+AoGAb/MXV46XxCFRxNuB8LyAtmLDgi/xRnTAlMHjSACddwkyKem8//8eZtw9fzxz
+bWZ/1/doQOuHBGYZU8aDzzj59FZ78dyzNFoF91hbvZKkg+6wGyd/LrGVEB+Xre0J
+Nil0GReM2AHDNZUYRv+HYJPIOrB0CRczLQsgFJ8K6aAD6F0CQQDzbpjYdx10qgK1
+cP59UHiHjPZYC0loEsk7s+hUmT3QHerAQJMZWC11Qrn2N+ybwwNblDKv+s5qgMQ5
+5tNoQ9IfAkEAxkyffU6ythpg/H0Ixe1I2rd0GbF05biIzO/i77Det3n4YsJVlDck
+ZkcvY3SK2iRIL4c9yY6hlIhs+K9wXTtGWwJBAO9Dskl48mO7woPR9uD22jDpNSwe
+k90OMepTjzSvlhjbfuPN1IdhqvSJTDychRwn1kIJ7LQZgQ8fVz9OCFZ/6qMCQGOb
+qaGwHmUK6xzpUbbacnYrIM6nLSkXgOAwv7XXCojvY614ILTK3iXiLBOxPu5Eu13k
+eUz9sHyD6vkgZzjtxXECQAkp4Xerf5TGfQXGXhxIX52yH+N2LtujCdkQZjXAsGdm
+B2zNzvrlgRmgBrklMTrMYgm1NPcW+bRLGcwgW2PTvNM=
+-----END RSA PRIVATE KEY-----
+EOD;
+
+$publicKey = <<<EOD
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8kGa1pSjbSYZVebtTRBLxBz5H
+4i2p/llLCrEeQhta5kaQu/RnvuER4W8oDH3+3iuIYW4VQAzyqFpwuzjkDI+17t5t
+0tyazyZ8JXw+KgXTxldMPEL95+qVhgXvwtihXC1c5oGbRlEDvDF6Sa53rcFVsYJ4
+ehde/zUxo6UvS7UrBQIDAQAB
+-----END PUBLIC KEY-----
+EOD;
+
+$payload = array(
+    "iss" => "example.org",
+    "aud" => "example.com",
+    "iat" => 1356999524,
+    "nbf" => 1357000000
+);
+
+$jwt = JWT::encode($payload, $privateKey, 'RS256');
+echo "Encode:\n" . print_r($jwt, true) . "\n";
+
+$decoded = JWT::decode($jwt, new Key($publicKey, 'RS256'));
+
+/*
+ NOTE: This will now be an object instead of an associative array. To get
+ an associative array, you will need to cast it as such:
+*/
+
+$decoded_array = (array) $decoded;
+echo "Decode:\n" . print_r($decoded_array, true) . "\n";
+```
+
+Example with a passphrase
+-------------------------
+
+```php
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+
+// Your passphrase
+$passphrase = '[YOUR_PASSPHRASE]';
+
+// Your private key file with passphrase
+// Can be generated with "ssh-keygen -t rsa -m pem"
+$privateKeyFile = '/path/to/key-with-passphrase.pem';
+
+// Create a private key of type "resource"
+$privateKey = openssl_pkey_get_private(
+    file_get_contents($privateKeyFile),
+    $passphrase
+);
+
+$payload = array(
+    "iss" => "example.org",
+    "aud" => "example.com",
+    "iat" => 1356999524,
+    "nbf" => 1357000000
+);
+
+$jwt = JWT::encode($payload, $privateKey, 'RS256');
+echo "Encode:\n" . print_r($jwt, true) . "\n";
+
+// Get public key from the private key, or pull from from a file.
+$publicKey = openssl_pkey_get_details($privateKey)['key'];
+
+$decoded = JWT::decode($jwt, new Key($publicKey, 'RS256'));
+echo "Decode:\n" . print_r((array) $decoded, true) . "\n";
+```
+
+Example with EdDSA (libsodium and Ed25519 signature)
+----------------------------
+```php
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+
+// Public and private keys are expected to be Base64 encoded. The last
+// non-empty line is used so that keys can be generated with
+// sodium_crypto_sign_keypair(). The secret keys generated by other tools may
+// need to be adjusted to match the input expected by libsodium.
+
+$keyPair = sodium_crypto_sign_keypair();
+
+$privateKey = base64_encode(sodium_crypto_sign_secretkey($keyPair));
+
+$publicKey = base64_encode(sodium_crypto_sign_publickey($keyPair));
+
+$payload = array(
+    "iss" => "example.org",
+    "aud" => "example.com",
+    "iat" => 1356999524,
+    "nbf" => 1357000000
+);
+
+$jwt = JWT::encode($payload, $privateKey, 'EdDSA');
+echo "Encode:\n" . print_r($jwt, true) . "\n";
+
+$decoded = JWT::decode($jwt, new Key($publicKey, 'EdDSA'));
+echo "Decode:\n" . print_r((array) $decoded, true) . "\n";
+````
+
+Using JWKs
+----------
+
+```php
+use Firebase\JWT\JWK;
+use Firebase\JWT\JWT;
+
+// Set of keys. The "keys" key is required. For example, the JSON response to
+// this endpoint: https://www.gstatic.com/iap/verify/public_key-jwk
+$jwks = ['keys' => []];
+
+// JWK::parseKeySet($jwks) returns an associative array of **kid** to private
+// key. Pass this as the second parameter to JWT::decode.
+// NOTE: The deprecated $supportedAlgorithm must be supplied when parsing from JWK.
+JWT::decode($payload, JWK::parseKeySet($jwks), $supportedAlgorithm);
+```
+
+Changelog
+---------
+
+#### 5.0.0 / 2017-06-26
+- Support RS384 and RS512.
+  See [#117](https://github.com/firebase/php-jwt/pull/117). Thanks [@joostfaassen](https://github.com/joostfaassen)!
+- Add an example for RS256 openssl.
+  See [#125](https://github.com/firebase/php-jwt/pull/125). Thanks [@akeeman](https://github.com/akeeman)!
+- Detect invalid Base64 encoding in signature.
+  See [#162](https://github.com/firebase/php-jwt/pull/162). Thanks [@psignoret](https://github.com/psignoret)!
+- Update `JWT::verify` to handle OpenSSL errors.
+  See [#159](https://github.com/firebase/php-jwt/pull/159). Thanks [@bshaffer](https://github.com/bshaffer)!
+- Add `array` type hinting to `decode` method
+  See [#101](https://github.com/firebase/php-jwt/pull/101). Thanks [@hywak](https://github.com/hywak)!
+- Add all JSON error types.
+  See [#110](https://github.com/firebase/php-jwt/pull/110). Thanks [@gbalduzzi](https://github.com/gbalduzzi)!
+- Bugfix 'kid' not in given key list.
+  See [#129](https://github.com/firebase/php-jwt/pull/129). Thanks [@stampycode](https://github.com/stampycode)!
+- Miscellaneous cleanup, documentation and test fixes.
+  See [#107](https://github.com/firebase/php-jwt/pull/107), [#115](https://github.com/firebase/php-jwt/pull/115),
+  [#160](https://github.com/firebase/php-jwt/pull/160), [#161](https://github.com/firebase/php-jwt/pull/161), and
+  [#165](https://github.com/firebase/php-jwt/pull/165). Thanks [@akeeman](https://github.com/akeeman),
+  [@chinedufn](https://github.com/chinedufn), and [@bshaffer](https://github.com/bshaffer)!
+
+#### 4.0.0 / 2016-07-17
+- Add support for late static binding. See [#88](https://github.com/firebase/php-jwt/pull/88) for details. Thanks to [@chappy84](https://github.com/chappy84)!
+- Use static `$timestamp` instead of `time()` to improve unit testing. See [#93](https://github.com/firebase/php-jwt/pull/93) for details. Thanks to [@josephmcdermott](https://github.com/josephmcdermott)!
+- Fixes to exceptions classes. See [#81](https://github.com/firebase/php-jwt/pull/81) for details. Thanks to [@Maks3w](https://github.com/Maks3w)!
+- Fixes to PHPDoc. See [#76](https://github.com/firebase/php-jwt/pull/76) for details. Thanks to [@akeeman](https://github.com/akeeman)!
+
+#### 3.0.0 / 2015-07-22
+- Minimum PHP version updated from `5.2.0` to `5.3.0`.
+- Add `\Firebase\JWT` namespace. See
+[#59](https://github.com/firebase/php-jwt/pull/59) for details. Thanks to
+[@Dashron](https://github.com/Dashron)!
+- Require a non-empty key to decode and verify a JWT. See
+[#60](https://github.com/firebase/php-jwt/pull/60) for details. Thanks to
+[@sjones608](https://github.com/sjones608)!
+- Cleaner documentation blocks in the code. See
+[#62](https://github.com/firebase/php-jwt/pull/62) for details. Thanks to
+[@johanderuijter](https://github.com/johanderuijter)!
+
+#### 2.2.0 / 2015-06-22
+- Add support for adding custom, optional JWT headers to `JWT::encode()`. See
+[#53](https://github.com/firebase/php-jwt/pull/53/files) for details. Thanks to
+[@mcocaro](https://github.com/mcocaro)!
+
+#### 2.1.0 / 2015-05-20
+- Add support for adding a leeway to `JWT:decode()` that accounts for clock skew
+between signing and verifying entities. Thanks to [@lcabral](https://github.com/lcabral)!
+- Add support for passing an object implementing the `ArrayAccess` interface for
+`$keys` argument in `JWT::decode()`. Thanks to [@aztech-dev](https://github.com/aztech-dev)!
+
+#### 2.0.0 / 2015-04-01
+- **Note**: It is strongly recommended that you update to > v2.0.0 to address
+  known security vulnerabilities in prior versions when both symmetric and
+  asymmetric keys are used together.
+- Update signature for `JWT::decode(...)` to require an array of supported
+  algorithms to use when verifying token signatures.
+
+
+Tests
+-----
+Run the tests using phpunit:
+
+```bash
+$ pear install PHPUnit
+$ phpunit --configuration phpunit.xml.dist
+PHPUnit 3.7.10 by Sebastian Bergmann.
+.....
+Time: 0 seconds, Memory: 2.50Mb
+OK (5 tests, 5 assertions)
+```
+
+New Lines in private keys
+-----
+
+If your private key contains `\n` characters, be sure to wrap it in double quotes `""`
+and not single quotes `''` in order to properly interpret the escaped characters.
+
+License
+-------
+[3-Clause BSD](http://opensource.org/licenses/BSD-3-Clause).
diff --git a/data/web/inc/lib/vendor/firebase/php-jwt/composer.json b/data/web/inc/lib/vendor/firebase/php-jwt/composer.json
new file mode 100644
index 000000000..6146e2dcc
--- /dev/null
+++ b/data/web/inc/lib/vendor/firebase/php-jwt/composer.json
@@ -0,0 +1,36 @@
+{
+    "name": "firebase/php-jwt",
+    "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.",
+    "homepage": "https://github.com/firebase/php-jwt",
+    "keywords": [
+        "php",
+        "jwt"
+    ],
+    "authors": [
+        {
+            "name": "Neuman Vong",
+            "email": "neuman+pear@twilio.com",
+            "role": "Developer"
+        },
+        {
+            "name": "Anant Narayanan",
+            "email": "anant@php.net",
+            "role": "Developer"
+        }
+    ],
+    "license": "BSD-3-Clause",
+    "require": {
+        "php": ">=5.3.0"
+    },
+    "suggest": {
+        "paragonie/sodium_compat": "Support EdDSA (Ed25519) signatures when libsodium is not present"
+    },
+    "autoload": {
+        "psr-4": {
+            "Firebase\\JWT\\": "src"
+        }
+    },
+    "require-dev": {
+        "phpunit/phpunit": ">=4.8 <=9"
+    }
+}
diff --git a/data/web/inc/lib/vendor/firebase/php-jwt/src/BeforeValidException.php b/data/web/inc/lib/vendor/firebase/php-jwt/src/BeforeValidException.php
new file mode 100644
index 000000000..c147852b9
--- /dev/null
+++ b/data/web/inc/lib/vendor/firebase/php-jwt/src/BeforeValidException.php
@@ -0,0 +1,7 @@
+<?php
+
+namespace Firebase\JWT;
+
+class BeforeValidException extends \UnexpectedValueException
+{
+}
diff --git a/data/web/inc/lib/vendor/firebase/php-jwt/src/ExpiredException.php b/data/web/inc/lib/vendor/firebase/php-jwt/src/ExpiredException.php
new file mode 100644
index 000000000..81ba52d43
--- /dev/null
+++ b/data/web/inc/lib/vendor/firebase/php-jwt/src/ExpiredException.php
@@ -0,0 +1,7 @@
+<?php
+
+namespace Firebase\JWT;
+
+class ExpiredException extends \UnexpectedValueException
+{
+}
diff --git a/data/web/inc/lib/vendor/firebase/php-jwt/src/JWK.php b/data/web/inc/lib/vendor/firebase/php-jwt/src/JWK.php
new file mode 100644
index 000000000..981a9ba7f
--- /dev/null
+++ b/data/web/inc/lib/vendor/firebase/php-jwt/src/JWK.php
@@ -0,0 +1,172 @@
+<?php
+
+namespace Firebase\JWT;
+
+use DomainException;
+use InvalidArgumentException;
+use UnexpectedValueException;
+
+/**
+ * JSON Web Key implementation, based on this spec:
+ * https://tools.ietf.org/html/draft-ietf-jose-json-web-key-41
+ *
+ * PHP version 5
+ *
+ * @category Authentication
+ * @package  Authentication_JWT
+ * @author   Bui Sy Nguyen <nguyenbs@gmail.com>
+ * @license  http://opensource.org/licenses/BSD-3-Clause 3-clause BSD
+ * @link     https://github.com/firebase/php-jwt
+ */
+class JWK
+{
+    /**
+     * Parse a set of JWK keys
+     *
+     * @param array $jwks The JSON Web Key Set as an associative array
+     *
+     * @return array An associative array that represents the set of keys
+     *
+     * @throws InvalidArgumentException     Provided JWK Set is empty
+     * @throws UnexpectedValueException     Provided JWK Set was invalid
+     * @throws DomainException              OpenSSL failure
+     *
+     * @uses parseKey
+     */
+    public static function parseKeySet(array $jwks)
+    {
+        $keys = array();
+
+        if (!isset($jwks['keys'])) {
+            throw new UnexpectedValueException('"keys" member must exist in the JWK Set');
+        }
+        if (empty($jwks['keys'])) {
+            throw new InvalidArgumentException('JWK Set did not contain any keys');
+        }
+
+        foreach ($jwks['keys'] as $k => $v) {
+            $kid = isset($v['kid']) ? $v['kid'] : $k;
+            if ($key = self::parseKey($v)) {
+                $keys[$kid] = $key;
+            }
+        }
+
+        if (0 === \count($keys)) {
+            throw new UnexpectedValueException('No supported algorithms found in JWK Set');
+        }
+
+        return $keys;
+    }
+
+    /**
+     * Parse a JWK key
+     *
+     * @param array $jwk An individual JWK
+     *
+     * @return resource|array An associative array that represents the key
+     *
+     * @throws InvalidArgumentException     Provided JWK is empty
+     * @throws UnexpectedValueException     Provided JWK was invalid
+     * @throws DomainException              OpenSSL failure
+     *
+     * @uses createPemFromModulusAndExponent
+     */
+    public static function parseKey(array $jwk)
+    {
+        if (empty($jwk)) {
+            throw new InvalidArgumentException('JWK must not be empty');
+        }
+        if (!isset($jwk['kty'])) {
+            throw new UnexpectedValueException('JWK must contain a "kty" parameter');
+        }
+
+        switch ($jwk['kty']) {
+            case 'RSA':
+                if (!empty($jwk['d'])) {
+                    throw new UnexpectedValueException('RSA private keys are not supported');
+                }
+                if (!isset($jwk['n']) || !isset($jwk['e'])) {
+                    throw new UnexpectedValueException('RSA keys must contain values for both "n" and "e"');
+                }
+
+                $pem = self::createPemFromModulusAndExponent($jwk['n'], $jwk['e']);
+                $publicKey = \openssl_pkey_get_public($pem);
+                if (false === $publicKey) {
+                    throw new DomainException(
+                        'OpenSSL error: ' . \openssl_error_string()
+                    );
+                }
+                return $publicKey;
+            default:
+                // Currently only RSA is supported
+                break;
+        }
+    }
+
+    /**
+     * Create a public key represented in PEM format from RSA modulus and exponent information
+     *
+     * @param string $n The RSA modulus encoded in Base64
+     * @param string $e The RSA exponent encoded in Base64
+     *
+     * @return string The RSA public key represented in PEM format
+     *
+     * @uses encodeLength
+     */
+    private static function createPemFromModulusAndExponent($n, $e)
+    {
+        $modulus = JWT::urlsafeB64Decode($n);
+        $publicExponent = JWT::urlsafeB64Decode($e);
+
+        $components = array(
+            'modulus' => \pack('Ca*a*', 2, self::encodeLength(\strlen($modulus)), $modulus),
+            'publicExponent' => \pack('Ca*a*', 2, self::encodeLength(\strlen($publicExponent)), $publicExponent)
+        );
+
+        $rsaPublicKey = \pack(
+            'Ca*a*a*',
+            48,
+            self::encodeLength(\strlen($components['modulus']) + \strlen($components['publicExponent'])),
+            $components['modulus'],
+            $components['publicExponent']
+        );
+
+        // sequence(oid(1.2.840.113549.1.1.1), null)) = rsaEncryption.
+        $rsaOID = \pack('H*', '300d06092a864886f70d0101010500'); // hex version of MA0GCSqGSIb3DQEBAQUA
+        $rsaPublicKey = \chr(0) . $rsaPublicKey;
+        $rsaPublicKey = \chr(3) . self::encodeLength(\strlen($rsaPublicKey)) . $rsaPublicKey;
+
+        $rsaPublicKey = \pack(
+            'Ca*a*',
+            48,
+            self::encodeLength(\strlen($rsaOID . $rsaPublicKey)),
+            $rsaOID . $rsaPublicKey
+        );
+
+        $rsaPublicKey = "-----BEGIN PUBLIC KEY-----\r\n" .
+            \chunk_split(\base64_encode($rsaPublicKey), 64) .
+            '-----END PUBLIC KEY-----';
+
+        return $rsaPublicKey;
+    }
+
+    /**
+     * DER-encode the length
+     *
+     * DER supports lengths up to (2**8)**127, however, we'll only support lengths up to (2**8)**4.  See
+     * {@link http://itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#p=13 X.690 paragraph 8.1.3} for more information.
+     *
+     * @param int $length
+     * @return string
+     */
+    private static function encodeLength($length)
+    {
+        if ($length <= 0x7F) {
+            return \chr($length);
+        }
+
+        $temp = \ltrim(\pack('N', $length), \chr(0));
+
+        return \pack('Ca*', 0x80 | \strlen($temp), $temp);
+    }
+}
diff --git a/data/web/inc/lib/vendor/firebase/php-jwt/src/JWT.php b/data/web/inc/lib/vendor/firebase/php-jwt/src/JWT.php
new file mode 100644
index 000000000..ec1641bc4
--- /dev/null
+++ b/data/web/inc/lib/vendor/firebase/php-jwt/src/JWT.php
@@ -0,0 +1,611 @@
+<?php
+
+namespace Firebase\JWT;
+
+use ArrayAccess;
+use DomainException;
+use Exception;
+use InvalidArgumentException;
+use OpenSSLAsymmetricKey;
+use UnexpectedValueException;
+use DateTime;
+
+/**
+ * JSON Web Token implementation, based on this spec:
+ * https://tools.ietf.org/html/rfc7519
+ *
+ * PHP version 5
+ *
+ * @category Authentication
+ * @package  Authentication_JWT
+ * @author   Neuman Vong <neuman@twilio.com>
+ * @author   Anant Narayanan <anant@php.net>
+ * @license  http://opensource.org/licenses/BSD-3-Clause 3-clause BSD
+ * @link     https://github.com/firebase/php-jwt
+ */
+class JWT
+{
+    const ASN1_INTEGER = 0x02;
+    const ASN1_SEQUENCE = 0x10;
+    const ASN1_BIT_STRING = 0x03;
+
+    /**
+     * When checking nbf, iat or expiration times,
+     * we want to provide some extra leeway time to
+     * account for clock skew.
+     */
+    public static $leeway = 0;
+
+    /**
+     * Allow the current timestamp to be specified.
+     * Useful for fixing a value within unit testing.
+     *
+     * Will default to PHP time() value if null.
+     */
+    public static $timestamp = null;
+
+    public static $supported_algs = array(
+        'ES384' => array('openssl', 'SHA384'),
+        'ES256' => array('openssl', 'SHA256'),
+        'HS256' => array('hash_hmac', 'SHA256'),
+        'HS384' => array('hash_hmac', 'SHA384'),
+        'HS512' => array('hash_hmac', 'SHA512'),
+        'RS256' => array('openssl', 'SHA256'),
+        'RS384' => array('openssl', 'SHA384'),
+        'RS512' => array('openssl', 'SHA512'),
+        'EdDSA' => array('sodium_crypto', 'EdDSA'),
+    );
+
+    /**
+     * Decodes a JWT string into a PHP object.
+     *
+     * @param string                    $jwt            The JWT
+     * @param Key|array<Key>|mixed      $keyOrKeyArray  The Key or array of Key objects.
+     *                                                  If the algorithm used is asymmetric, this is the public key
+     *                                                  Each Key object contains an algorithm and matching key.
+     *                                                  Supported algorithms are 'ES384','ES256', 'HS256', 'HS384',
+     *                                                  'HS512', 'RS256', 'RS384', and 'RS512'
+     * @param array                     $allowed_algs   [DEPRECATED] List of supported verification algorithms. Only
+     *                                                  should be used for backwards  compatibility.
+     *
+     * @return object The JWT's payload as a PHP object
+     *
+     * @throws InvalidArgumentException     Provided JWT was empty
+     * @throws UnexpectedValueException     Provided JWT was invalid
+     * @throws SignatureInvalidException    Provided JWT was invalid because the signature verification failed
+     * @throws BeforeValidException         Provided JWT is trying to be used before it's eligible as defined by 'nbf'
+     * @throws BeforeValidException         Provided JWT is trying to be used before it's been created as defined by 'iat'
+     * @throws ExpiredException             Provided JWT has since expired, as defined by the 'exp' claim
+     *
+     * @uses jsonDecode
+     * @uses urlsafeB64Decode
+     */
+    public static function decode($jwt, $keyOrKeyArray, array $allowed_algs = array())
+    {
+        $timestamp = \is_null(static::$timestamp) ? \time() : static::$timestamp;
+
+        if (empty($keyOrKeyArray)) {
+            throw new InvalidArgumentException('Key may not be empty');
+        }
+        $tks = \explode('.', $jwt);
+        if (\count($tks) != 3) {
+            throw new UnexpectedValueException('Wrong number of segments');
+        }
+        list($headb64, $bodyb64, $cryptob64) = $tks;
+        if (null === ($header = static::jsonDecode(static::urlsafeB64Decode($headb64)))) {
+            throw new UnexpectedValueException('Invalid header encoding');
+        }
+        if (null === $payload = static::jsonDecode(static::urlsafeB64Decode($bodyb64))) {
+            throw new UnexpectedValueException('Invalid claims encoding');
+        }
+        if (false === ($sig = static::urlsafeB64Decode($cryptob64))) {
+            throw new UnexpectedValueException('Invalid signature encoding');
+        }
+        if (empty($header->alg)) {
+            throw new UnexpectedValueException('Empty algorithm');
+        }
+        if (empty(static::$supported_algs[$header->alg])) {
+            throw new UnexpectedValueException('Algorithm not supported');
+        }
+
+        list($keyMaterial, $algorithm) = self::getKeyMaterialAndAlgorithm(
+            $keyOrKeyArray,
+            empty($header->kid) ? null : $header->kid
+        );
+
+        if (empty($algorithm)) {
+            // Use deprecated "allowed_algs" to determine if the algorithm is supported.
+            // This opens up the possibility of an attack in some implementations.
+            // @see https://github.com/firebase/php-jwt/issues/351
+            if (!\in_array($header->alg, $allowed_algs)) {
+                throw new UnexpectedValueException('Algorithm not allowed');
+            }
+        } else {
+            // Check the algorithm
+            if (!self::constantTimeEquals($algorithm, $header->alg)) {
+                // See issue #351
+                throw new UnexpectedValueException('Incorrect key for this algorithm');
+            }
+        }
+        if ($header->alg === 'ES256' || $header->alg === 'ES384') {
+            // OpenSSL expects an ASN.1 DER sequence for ES256/ES384 signatures
+            $sig = self::signatureToDER($sig);
+        }
+
+        if (!static::verify("$headb64.$bodyb64", $sig, $keyMaterial, $header->alg)) {
+            throw new SignatureInvalidException('Signature verification failed');
+        }
+
+        // Check the nbf if it is defined. This is the time that the
+        // token can actually be used. If it's not yet that time, abort.
+        if (isset($payload->nbf) && $payload->nbf > ($timestamp + static::$leeway)) {
+            throw new BeforeValidException(
+                'Cannot handle token prior to ' . \date(DateTime::ISO8601, $payload->nbf)
+            );
+        }
+
+        // Check that this token has been created before 'now'. This prevents
+        // using tokens that have been created for later use (and haven't
+        // correctly used the nbf claim).
+        if (isset($payload->iat) && $payload->iat > ($timestamp + static::$leeway)) {
+            throw new BeforeValidException(
+                'Cannot handle token prior to ' . \date(DateTime::ISO8601, $payload->iat)
+            );
+        }
+
+        // Check if this token has expired.
+        if (isset($payload->exp) && ($timestamp - static::$leeway) >= $payload->exp) {
+            throw new ExpiredException('Expired token');
+        }
+
+        return $payload;
+    }
+
+    /**
+     * Converts and signs a PHP object or array into a JWT string.
+     *
+     * @param object|array      $payload    PHP object or array
+     * @param string|resource   $key        The secret key.
+     *                                      If the algorithm used is asymmetric, this is the private key
+     * @param string            $alg        The signing algorithm.
+     *                                      Supported algorithms are 'ES384','ES256', 'HS256', 'HS384',
+     *                                      'HS512', 'RS256', 'RS384', and 'RS512'
+     * @param mixed             $keyId
+     * @param array             $head       An array with header elements to attach
+     *
+     * @return string A signed JWT
+     *
+     * @uses jsonEncode
+     * @uses urlsafeB64Encode
+     */
+    public static function encode($payload, $key, $alg = 'HS256', $keyId = null, $head = null)
+    {
+        $header = array('typ' => 'JWT', 'alg' => $alg);
+        if ($keyId !== null) {
+            $header['kid'] = $keyId;
+        }
+        if (isset($head) && \is_array($head)) {
+            $header = \array_merge($head, $header);
+        }
+        $segments = array();
+        $segments[] = static::urlsafeB64Encode(static::jsonEncode($header));
+        $segments[] = static::urlsafeB64Encode(static::jsonEncode($payload));
+        $signing_input = \implode('.', $segments);
+
+        $signature = static::sign($signing_input, $key, $alg);
+        $segments[] = static::urlsafeB64Encode($signature);
+
+        return \implode('.', $segments);
+    }
+
+    /**
+     * Sign a string with a given key and algorithm.
+     *
+     * @param string            $msg    The message to sign
+     * @param string|resource   $key    The secret key
+     * @param string            $alg    The signing algorithm.
+     *                                  Supported algorithms are 'ES384','ES256', 'HS256', 'HS384',
+     *                                  'HS512', 'RS256', 'RS384', and 'RS512'
+     *
+     * @return string An encrypted message
+     *
+     * @throws DomainException Unsupported algorithm or bad key was specified
+     */
+    public static function sign($msg, $key, $alg = 'HS256')
+    {
+        if (empty(static::$supported_algs[$alg])) {
+            throw new DomainException('Algorithm not supported');
+        }
+        list($function, $algorithm) = static::$supported_algs[$alg];
+        switch ($function) {
+            case 'hash_hmac':
+                return \hash_hmac($algorithm, $msg, $key, true);
+            case 'openssl':
+                $signature = '';
+                $success = \openssl_sign($msg, $signature, $key, $algorithm);
+                if (!$success) {
+                    throw new DomainException("OpenSSL unable to sign data");
+                }
+                if ($alg === 'ES256') {
+                    $signature = self::signatureFromDER($signature, 256);
+                } elseif ($alg === 'ES384') {
+                    $signature = self::signatureFromDER($signature, 384);
+                }
+                return $signature;
+            case 'sodium_crypto':
+                if (!function_exists('sodium_crypto_sign_detached')) {
+                    throw new DomainException('libsodium is not available');
+                }
+                try {
+                    // The last non-empty line is used as the key.
+                    $lines = array_filter(explode("\n", $key));
+                    $key = base64_decode(end($lines));
+                    return sodium_crypto_sign_detached($msg, $key);
+                } catch (Exception $e) {
+                    throw new DomainException($e->getMessage(), 0, $e);
+                }
+        }
+    }
+
+    /**
+     * Verify a signature with the message, key and method. Not all methods
+     * are symmetric, so we must have a separate verify and sign method.
+     *
+     * @param string            $msg        The original message (header and body)
+     * @param string            $signature  The original signature
+     * @param string|resource   $key        For HS*, a string key works. for RS*, must be a resource of an openssl public key
+     * @param string            $alg        The algorithm
+     *
+     * @return bool
+     *
+     * @throws DomainException Invalid Algorithm, bad key, or OpenSSL failure
+     */
+    private static function verify($msg, $signature, $key, $alg)
+    {
+        if (empty(static::$supported_algs[$alg])) {
+            throw new DomainException('Algorithm not supported');
+        }
+
+        list($function, $algorithm) = static::$supported_algs[$alg];
+        switch ($function) {
+            case 'openssl':
+                $success = \openssl_verify($msg, $signature, $key, $algorithm);
+                if ($success === 1) {
+                    return true;
+                } elseif ($success === 0) {
+                    return false;
+                }
+                // returns 1 on success, 0 on failure, -1 on error.
+                throw new DomainException(
+                    'OpenSSL error: ' . \openssl_error_string()
+                );
+            case 'sodium_crypto':
+              if (!function_exists('sodium_crypto_sign_verify_detached')) {
+                  throw new DomainException('libsodium is not available');
+              }
+              try {
+                  // The last non-empty line is used as the key.
+                  $lines = array_filter(explode("\n", $key));
+                  $key = base64_decode(end($lines));
+                  return sodium_crypto_sign_verify_detached($signature, $msg, $key);
+              } catch (Exception $e) {
+                  throw new DomainException($e->getMessage(), 0, $e);
+              }
+            case 'hash_hmac':
+            default:
+                $hash = \hash_hmac($algorithm, $msg, $key, true);
+                return self::constantTimeEquals($signature, $hash);
+        }
+    }
+
+    /**
+     * Decode a JSON string into a PHP object.
+     *
+     * @param string $input JSON string
+     *
+     * @return object Object representation of JSON string
+     *
+     * @throws DomainException Provided string was invalid JSON
+     */
+    public static function jsonDecode($input)
+    {
+        if (\version_compare(PHP_VERSION, '5.4.0', '>=') && !(\defined('JSON_C_VERSION') && PHP_INT_SIZE > 4)) {
+            /** In PHP >=5.4.0, json_decode() accepts an options parameter, that allows you
+             * to specify that large ints (like Steam Transaction IDs) should be treated as
+             * strings, rather than the PHP default behaviour of converting them to floats.
+             */
+            $obj = \json_decode($input, false, 512, JSON_BIGINT_AS_STRING);
+        } else {
+            /** Not all servers will support that, however, so for older versions we must
+             * manually detect large ints in the JSON string and quote them (thus converting
+             *them to strings) before decoding, hence the preg_replace() call.
+             */
+            $max_int_length = \strlen((string) PHP_INT_MAX) - 1;
+            $json_without_bigints = \preg_replace('/:\s*(-?\d{'.$max_int_length.',})/', ': "$1"', $input);
+            $obj = \json_decode($json_without_bigints);
+        }
+
+        if ($errno = \json_last_error()) {
+            static::handleJsonError($errno);
+        } elseif ($obj === null && $input !== 'null') {
+            throw new DomainException('Null result with non-null input');
+        }
+        return $obj;
+    }
+
+    /**
+     * Encode a PHP object into a JSON string.
+     *
+     * @param object|array $input A PHP object or array
+     *
+     * @return string JSON representation of the PHP object or array
+     *
+     * @throws DomainException Provided object could not be encoded to valid JSON
+     */
+    public static function jsonEncode($input)
+    {
+        $json = \json_encode($input);
+        if ($errno = \json_last_error()) {
+            static::handleJsonError($errno);
+        } elseif ($json === 'null' && $input !== null) {
+            throw new DomainException('Null result with non-null input');
+        }
+        return $json;
+    }
+
+    /**
+     * Decode a string with URL-safe Base64.
+     *
+     * @param string $input A Base64 encoded string
+     *
+     * @return string A decoded string
+     */
+    public static function urlsafeB64Decode($input)
+    {
+        $remainder = \strlen($input) % 4;
+        if ($remainder) {
+            $padlen = 4 - $remainder;
+            $input .= \str_repeat('=', $padlen);
+        }
+        return \base64_decode(\strtr($input, '-_', '+/'));
+    }
+
+    /**
+     * Encode a string with URL-safe Base64.
+     *
+     * @param string $input The string you want encoded
+     *
+     * @return string The base64 encode of what you passed in
+     */
+    public static function urlsafeB64Encode($input)
+    {
+        return \str_replace('=', '', \strtr(\base64_encode($input), '+/', '-_'));
+    }
+
+
+    /**
+     * Determine if an algorithm has been provided for each Key
+     *
+     * @param Key|array<Key>|mixed $keyOrKeyArray
+     * @param string|null $kid
+     *
+     * @throws UnexpectedValueException
+     *
+     * @return array containing the keyMaterial and algorithm
+     */
+    private static function getKeyMaterialAndAlgorithm($keyOrKeyArray, $kid = null)
+    {
+        if (
+            is_string($keyOrKeyArray)
+            || is_resource($keyOrKeyArray)
+            || $keyOrKeyArray instanceof OpenSSLAsymmetricKey
+        ) {
+            return array($keyOrKeyArray, null);
+        }
+
+        if ($keyOrKeyArray instanceof Key) {
+            return array($keyOrKeyArray->getKeyMaterial(), $keyOrKeyArray->getAlgorithm());
+        }
+
+        if (is_array($keyOrKeyArray) || $keyOrKeyArray instanceof ArrayAccess) {
+            if (!isset($kid)) {
+                throw new UnexpectedValueException('"kid" empty, unable to lookup correct key');
+            }
+            if (!isset($keyOrKeyArray[$kid])) {
+                throw new UnexpectedValueException('"kid" invalid, unable to lookup correct key');
+            }
+
+            $key = $keyOrKeyArray[$kid];
+
+            if ($key instanceof Key) {
+                return array($key->getKeyMaterial(), $key->getAlgorithm());
+            }
+
+            return array($key, null);
+        }
+
+        throw new UnexpectedValueException(
+            '$keyOrKeyArray must be a string|resource key, an array of string|resource keys, '
+            . 'an instance of Firebase\JWT\Key key or an array of Firebase\JWT\Key keys'
+        );
+    }
+
+    /**
+     * @param string $left
+     * @param string $right
+     * @return bool
+     */
+    public static function constantTimeEquals($left, $right)
+    {
+        if (\function_exists('hash_equals')) {
+            return \hash_equals($left, $right);
+        }
+        $len = \min(static::safeStrlen($left), static::safeStrlen($right));
+
+        $status = 0;
+        for ($i = 0; $i < $len; $i++) {
+            $status |= (\ord($left[$i]) ^ \ord($right[$i]));
+        }
+        $status |= (static::safeStrlen($left) ^ static::safeStrlen($right));
+
+        return ($status === 0);
+    }
+
+    /**
+     * Helper method to create a JSON error.
+     *
+     * @param int $errno An error number from json_last_error()
+     *
+     * @return void
+     */
+    private static function handleJsonError($errno)
+    {
+        $messages = array(
+            JSON_ERROR_DEPTH => 'Maximum stack depth exceeded',
+            JSON_ERROR_STATE_MISMATCH => 'Invalid or malformed JSON',
+            JSON_ERROR_CTRL_CHAR => 'Unexpected control character found',
+            JSON_ERROR_SYNTAX => 'Syntax error, malformed JSON',
+            JSON_ERROR_UTF8 => 'Malformed UTF-8 characters' //PHP >= 5.3.3
+        );
+        throw new DomainException(
+            isset($messages[$errno])
+            ? $messages[$errno]
+            : 'Unknown JSON error: ' . $errno
+        );
+    }
+
+    /**
+     * Get the number of bytes in cryptographic strings.
+     *
+     * @param string $str
+     *
+     * @return int
+     */
+    private static function safeStrlen($str)
+    {
+        if (\function_exists('mb_strlen')) {
+            return \mb_strlen($str, '8bit');
+        }
+        return \strlen($str);
+    }
+
+    /**
+     * Convert an ECDSA signature to an ASN.1 DER sequence
+     *
+     * @param   string $sig The ECDSA signature to convert
+     * @return  string The encoded DER object
+     */
+    private static function signatureToDER($sig)
+    {
+        // Separate the signature into r-value and s-value
+        list($r, $s) = \str_split($sig, (int) (\strlen($sig) / 2));
+
+        // Trim leading zeros
+        $r = \ltrim($r, "\x00");
+        $s = \ltrim($s, "\x00");
+
+        // Convert r-value and s-value from unsigned big-endian integers to
+        // signed two's complement
+        if (\ord($r[0]) > 0x7f) {
+            $r = "\x00" . $r;
+        }
+        if (\ord($s[0]) > 0x7f) {
+            $s = "\x00" . $s;
+        }
+
+        return self::encodeDER(
+            self::ASN1_SEQUENCE,
+            self::encodeDER(self::ASN1_INTEGER, $r) .
+            self::encodeDER(self::ASN1_INTEGER, $s)
+        );
+    }
+
+    /**
+     * Encodes a value into a DER object.
+     *
+     * @param   int     $type DER tag
+     * @param   string  $value the value to encode
+     * @return  string  the encoded object
+     */
+    private static function encodeDER($type, $value)
+    {
+        $tag_header = 0;
+        if ($type === self::ASN1_SEQUENCE) {
+            $tag_header |= 0x20;
+        }
+
+        // Type
+        $der = \chr($tag_header | $type);
+
+        // Length
+        $der .= \chr(\strlen($value));
+
+        return $der . $value;
+    }
+
+    /**
+     * Encodes signature from a DER object.
+     *
+     * @param   string  $der binary signature in DER format
+     * @param   int     $keySize the number of bits in the key
+     * @return  string  the signature
+     */
+    private static function signatureFromDER($der, $keySize)
+    {
+        // OpenSSL returns the ECDSA signatures as a binary ASN.1 DER SEQUENCE
+        list($offset, $_) = self::readDER($der);
+        list($offset, $r) = self::readDER($der, $offset);
+        list($offset, $s) = self::readDER($der, $offset);
+
+        // Convert r-value and s-value from signed two's compliment to unsigned
+        // big-endian integers
+        $r = \ltrim($r, "\x00");
+        $s = \ltrim($s, "\x00");
+
+        // Pad out r and s so that they are $keySize bits long
+        $r = \str_pad($r, $keySize / 8, "\x00", STR_PAD_LEFT);
+        $s = \str_pad($s, $keySize / 8, "\x00", STR_PAD_LEFT);
+
+        return $r . $s;
+    }
+
+    /**
+     * Reads binary DER-encoded data and decodes into a single object
+     *
+     * @param string $der the binary data in DER format
+     * @param int $offset the offset of the data stream containing the object
+     * to decode
+     * @return array [$offset, $data] the new offset and the decoded object
+     */
+    private static function readDER($der, $offset = 0)
+    {
+        $pos = $offset;
+        $size = \strlen($der);
+        $constructed = (\ord($der[$pos]) >> 5) & 0x01;
+        $type = \ord($der[$pos++]) & 0x1f;
+
+        // Length
+        $len = \ord($der[$pos++]);
+        if ($len & 0x80) {
+            $n = $len & 0x1f;
+            $len = 0;
+            while ($n-- && $pos < $size) {
+                $len = ($len << 8) | \ord($der[$pos++]);
+            }
+        }
+
+        // Value
+        if ($type == self::ASN1_BIT_STRING) {
+            $pos++; // Skip the first contents octet (padding indicator)
+            $data = \substr($der, $pos, $len - 1);
+            $pos += $len - 1;
+        } elseif (!$constructed) {
+            $data = \substr($der, $pos, $len);
+            $pos += $len;
+        } else {
+            $data = null;
+        }
+
+        return array($pos, $data);
+    }
+}
diff --git a/data/web/inc/lib/vendor/firebase/php-jwt/src/Key.php b/data/web/inc/lib/vendor/firebase/php-jwt/src/Key.php
new file mode 100644
index 000000000..f1ede6f27
--- /dev/null
+++ b/data/web/inc/lib/vendor/firebase/php-jwt/src/Key.php
@@ -0,0 +1,59 @@
+<?php
+
+namespace Firebase\JWT;
+
+use InvalidArgumentException;
+use OpenSSLAsymmetricKey;
+
+class Key
+{
+    /** @var string $algorithm */
+    private $algorithm;
+
+    /** @var string|resource|OpenSSLAsymmetricKey $keyMaterial */
+    private $keyMaterial;
+
+    /**
+     * @param string|resource|OpenSSLAsymmetricKey $keyMaterial
+     * @param string $algorithm
+     */
+    public function __construct($keyMaterial, $algorithm)
+    {
+        if (
+            !is_string($keyMaterial)
+            && !is_resource($keyMaterial)
+            && !$keyMaterial instanceof OpenSSLAsymmetricKey
+        ) {
+            throw new InvalidArgumentException('Type error: $keyMaterial must be a string, resource, or OpenSSLAsymmetricKey');
+        }
+
+        if (empty($keyMaterial)) {
+            throw new InvalidArgumentException('Type error: $keyMaterial must not be empty');
+        }
+
+        if (!is_string($algorithm)|| empty($keyMaterial)) {
+            throw new InvalidArgumentException('Type error: $algorithm must be a string');
+        }
+
+        $this->keyMaterial = $keyMaterial;
+        $this->algorithm = $algorithm;
+    }
+
+    /**
+     * Return the algorithm valid for this key
+     *
+     * @return string
+     */
+    public function getAlgorithm()
+    {
+        return $this->algorithm;
+    }
+
+    /**
+     * @return string|resource|OpenSSLAsymmetricKey
+     */
+    public function getKeyMaterial()
+    {
+        return $this->keyMaterial;
+    }
+}
diff --git a/data/web/inc/lib/vendor/firebase/php-jwt/src/SignatureInvalidException.php b/data/web/inc/lib/vendor/firebase/php-jwt/src/SignatureInvalidException.php
new file mode 100644
index 000000000..d35dee9f1
--- /dev/null
+++ b/data/web/inc/lib/vendor/firebase/php-jwt/src/SignatureInvalidException.php
@@ -0,0 +1,7 @@
+<?php
+
+namespace Firebase\JWT;
+
+class SignatureInvalidException extends \UnexpectedValueException
+{
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/CHANGELOG.md b/data/web/inc/lib/vendor/guzzlehttp/guzzle/CHANGELOG.md
new file mode 100644
index 000000000..12949ba67
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/CHANGELOG.md
@@ -0,0 +1,1519 @@
+# Change Log
+
+Please refer to [UPGRADING](UPGRADING.md) guide for upgrading to a major version.
+
+## 7.5.0 - 2022-08-28
+
+### Added
+
+- Support PHP 8.2
+- Add request to delay closure params
+
+## 7.4.5 - 2022-06-20
+
+* Fix change in port should be considered a change in origin
+* Fix `CURLOPT_HTTPAUTH` option not cleared on change of origin
+
+## 7.4.4 - 2022-06-09
+
+* Fix failure to strip Authorization header on HTTP downgrade
+* Fix failure to strip the Cookie header on change in host or HTTP downgrade
+
+## 7.4.3 - 2022-05-25
+
+* Fix cross-domain cookie leakage
+
+## 7.4.2 - 2022-03-20
+
+### Fixed
+
+- Remove curl auth on cross-domain redirects to align with the Authorization HTTP header
+- Reject non-HTTP schemes in StreamHandler
+- Set a default ssl.peer_name context in StreamHandler to allow `force_ip_resolve`
+
+## 7.4.1 - 2021-12-06
+
+### Changed
+
+- Replaced implicit URI to string coercion [#2946](https://github.com/guzzle/guzzle/pull/2946)
+- Allow `symfony/deprecation-contracts` version 3 [#2961](https://github.com/guzzle/guzzle/pull/2961)
+
+### Fixed
+
+- Only close curl handle if it's done [#2950](https://github.com/guzzle/guzzle/pull/2950)
+
+## 7.4.0 - 2021-10-18
+
+### Added
+
+- Support PHP 8.1 [#2929](https://github.com/guzzle/guzzle/pull/2929), [#2939](https://github.com/guzzle/guzzle/pull/2939)
+- Support `psr/log` version 2 and 3 [#2943](https://github.com/guzzle/guzzle/pull/2943)
+
+### Fixed
+
+- Make sure we always call `restore_error_handler()` [#2915](https://github.com/guzzle/guzzle/pull/2915)
+- Fix progress parameter type compatibility between the cURL and stream handlers [#2936](https://github.com/guzzle/guzzle/pull/2936)
+- Throw `InvalidArgumentException` when an incorrect `headers` array is provided [#2916](https://github.com/guzzle/guzzle/pull/2916), [#2942](https://github.com/guzzle/guzzle/pull/2942)
+
+### Changed
+
+- Be more strict with types [#2914](https://github.com/guzzle/guzzle/pull/2914), [#2917](https://github.com/guzzle/guzzle/pull/2917), [#2919](https://github.com/guzzle/guzzle/pull/2919), [#2945](https://github.com/guzzle/guzzle/pull/2945)
+
+## 7.3.0 - 2021-03-23
+
+### Added
+
+- Support for DER and P12 certificates [#2413](https://github.com/guzzle/guzzle/pull/2413)
+- Support the cURL (http://) scheme for StreamHandler proxies [#2850](https://github.com/guzzle/guzzle/pull/2850)
+- Support for `guzzlehttp/psr7:^2.0` [#2878](https://github.com/guzzle/guzzle/pull/2878)
+
+### Fixed
+
+- Handle exceptions on invalid header consistently between PHP versions and handlers [#2872](https://github.com/guzzle/guzzle/pull/2872)
+
+## 7.2.0 - 2020-10-10
+
+### Added
+
+- Support for PHP 8 [#2712](https://github.com/guzzle/guzzle/pull/2712), [#2715](https://github.com/guzzle/guzzle/pull/2715), [#2789](https://github.com/guzzle/guzzle/pull/2789)
+- Support passing a body summarizer to the http errors middleware [#2795](https://github.com/guzzle/guzzle/pull/2795)
+
+### Fixed
+
+- Handle exceptions during response creation [#2591](https://github.com/guzzle/guzzle/pull/2591)
+- Fix CURLOPT_ENCODING not to be overwritten [#2595](https://github.com/guzzle/guzzle/pull/2595)
+- Make sure the Request always has a body object [#2804](https://github.com/guzzle/guzzle/pull/2804)
+
+### Changed
+
+- The `TooManyRedirectsException` has a response [#2660](https://github.com/guzzle/guzzle/pull/2660)
+- Avoid "functions" from dependencies [#2712](https://github.com/guzzle/guzzle/pull/2712)
+
+### Deprecated
+
+- Using environment variable GUZZLE_CURL_SELECT_TIMEOUT [#2786](https://github.com/guzzle/guzzle/pull/2786)
+
+## 7.1.1 - 2020-09-30
+
+### Fixed
+
+- Incorrect EOF detection for response body streams on Windows.
+
+### Changed
+
+- We dont connect curl `sink` on HEAD requests.
+- Removed some PHP 5 workarounds
+
+## 7.1.0 - 2020-09-22
+
+### Added
+
+- `GuzzleHttp\MessageFormatterInterface`
+
+### Fixed
+
+- Fixed issue that caused cookies with no value not to be stored.
+- On redirects, we allow all safe methods like GET, HEAD and OPTIONS.
+- Fixed logging on empty responses.
+- Make sure MessageFormatter::format returns string
+
+### Deprecated
+
+- All functions in `GuzzleHttp` has been deprecated. Use static methods on `Utils` instead.
+- `ClientInterface::getConfig()`
+- `Client::getConfig()`
+- `Client::__call()`
+- `Utils::defaultCaBundle()`
+- `CurlFactory::LOW_CURL_VERSION_NUMBER`
+
+## 7.0.1 - 2020-06-27
+
+* Fix multiply defined functions fatal error [#2699](https://github.com/guzzle/guzzle/pull/2699)
+
+## 7.0.0 - 2020-06-27
+
+No changes since 7.0.0-rc1.
+
+## 7.0.0-rc1 - 2020-06-15
+
+### Changed
+
+* Use error level for logging errors in Middleware [#2629](https://github.com/guzzle/guzzle/pull/2629)
+* Disabled IDN support by default and require ext-intl to use it [#2675](https://github.com/guzzle/guzzle/pull/2675)
+
+## 7.0.0-beta2 - 2020-05-25
+
+### Added
+
+* Using `Utils` class instead of functions in the `GuzzleHttp` namespace. [#2546](https://github.com/guzzle/guzzle/pull/2546)
+* `ClientInterface::MAJOR_VERSION` [#2583](https://github.com/guzzle/guzzle/pull/2583)
+
+### Changed
+
+* Avoid the `getenv` function when unsafe [#2531](https://github.com/guzzle/guzzle/pull/2531)
+* Added real client methods [#2529](https://github.com/guzzle/guzzle/pull/2529)
+* Avoid functions due to global install conflicts [#2546](https://github.com/guzzle/guzzle/pull/2546)
+* Use Symfony intl-idn polyfill [#2550](https://github.com/guzzle/guzzle/pull/2550)
+* Adding methods for HTTP verbs like `Client::get()`, `Client::head()`, `Client::patch()` etc [#2529](https://github.com/guzzle/guzzle/pull/2529)
+* `ConnectException` extends `TransferException` [#2541](https://github.com/guzzle/guzzle/pull/2541)
+* Updated the default User Agent to "GuzzleHttp/7" [#2654](https://github.com/guzzle/guzzle/pull/2654)
+
+### Fixed
+
+* Various intl icu issues [#2626](https://github.com/guzzle/guzzle/pull/2626)
+
+### Removed
+
+* Pool option `pool_size` [#2528](https://github.com/guzzle/guzzle/pull/2528)
+
+## 7.0.0-beta1 - 2019-12-30
+
+The diff might look very big but 95% of Guzzle users will be able to upgrade without modification.
+Please see [the upgrade document](UPGRADING.md) that describes all BC breaking changes.
+
+### Added
+
+* Implement PSR-18 and dropped PHP 5 support [#2421](https://github.com/guzzle/guzzle/pull/2421) [#2474](https://github.com/guzzle/guzzle/pull/2474)
+* PHP 7 types [#2442](https://github.com/guzzle/guzzle/pull/2442) [#2449](https://github.com/guzzle/guzzle/pull/2449) [#2466](https://github.com/guzzle/guzzle/pull/2466) [#2497](https://github.com/guzzle/guzzle/pull/2497) [#2499](https://github.com/guzzle/guzzle/pull/2499)
+* IDN support for redirects [2424](https://github.com/guzzle/guzzle/pull/2424)
+
+### Changed
+
+* Dont allow passing null as third argument to `BadResponseException::__construct()` [#2427](https://github.com/guzzle/guzzle/pull/2427)
+* Use SAPI constant instead of method call [#2450](https://github.com/guzzle/guzzle/pull/2450)
+* Use native function invocation [#2444](https://github.com/guzzle/guzzle/pull/2444)
+* Better defaults for PHP installations with old ICU lib [2454](https://github.com/guzzle/guzzle/pull/2454)
+* Added visibility to all constants [#2462](https://github.com/guzzle/guzzle/pull/2462)
+* Dont allow passing `null` as URI to `Client::request()` and `Client::requestAsync()` [#2461](https://github.com/guzzle/guzzle/pull/2461)
+* Widen the exception argument to throwable [#2495](https://github.com/guzzle/guzzle/pull/2495)
+
+### Fixed
+
+* Logging when Promise rejected with a string [#2311](https://github.com/guzzle/guzzle/pull/2311)
+
+### Removed
+
+* Class `SeekException` [#2162](https://github.com/guzzle/guzzle/pull/2162)
+* `RequestException::getResponseBodySummary()` [#2425](https://github.com/guzzle/guzzle/pull/2425)
+* `CookieJar::getCookieValue()` [#2433](https://github.com/guzzle/guzzle/pull/2433)
+* `uri_template()` and `UriTemplate` [#2440](https://github.com/guzzle/guzzle/pull/2440)
+* Request options `save_to` and `exceptions` [#2464](https://github.com/guzzle/guzzle/pull/2464)
+
+## 6.5.2 - 2019-12-23
+
+* idn_to_ascii() fix for old PHP versions [#2489](https://github.com/guzzle/guzzle/pull/2489)
+
+## 6.5.1 - 2019-12-21
+
+* Better defaults for PHP installations with old ICU lib [#2454](https://github.com/guzzle/guzzle/pull/2454)
+* IDN support for redirects [#2424](https://github.com/guzzle/guzzle/pull/2424)
+
+## 6.5.0 - 2019-12-07
+
+* Improvement: Added support for reset internal queue in MockHandler. [#2143](https://github.com/guzzle/guzzle/pull/2143)
+* Improvement: Added support to pass arbitrary options to `curl_multi_init`. [#2287](https://github.com/guzzle/guzzle/pull/2287)
+* Fix: Gracefully handle passing `null` to the `header` option. [#2132](https://github.com/guzzle/guzzle/pull/2132)
+* Fix: `RetryMiddleware` did not do exponential delay between retires due unit mismatch. [#2132](https://github.com/guzzle/guzzle/pull/2132)
+* Fix: Prevent undefined offset when using array for ssl_key options. [#2348](https://github.com/guzzle/guzzle/pull/2348)
+* Deprecated `ClientInterface::VERSION`
+
+## 6.4.1 - 2019-10-23
+
+* No `guzzle.phar` was created in 6.4.0 due expired API token. This release will fix that
+* Added `parent::__construct()` to `FileCookieJar` and `SessionCookieJar`
+
+## 6.4.0 - 2019-10-23
+
+* Improvement: Improved error messages when using curl < 7.21.2 [#2108](https://github.com/guzzle/guzzle/pull/2108)
+* Fix: Test if response is readable before returning a summary in `RequestException::getResponseBodySummary()` [#2081](https://github.com/guzzle/guzzle/pull/2081)
+* Fix: Add support for GUZZLE_CURL_SELECT_TIMEOUT environment variable [#2161](https://github.com/guzzle/guzzle/pull/2161)
+* Improvement: Added `GuzzleHttp\Exception\InvalidArgumentException` [#2163](https://github.com/guzzle/guzzle/pull/2163)
+* Improvement: Added `GuzzleHttp\_current_time()` to use `hrtime()` if that function exists. [#2242](https://github.com/guzzle/guzzle/pull/2242)
+* Improvement: Added curl's `appconnect_time` in `TransferStats` [#2284](https://github.com/guzzle/guzzle/pull/2284)
+* Improvement: Make GuzzleException extend Throwable wherever it's available [#2273](https://github.com/guzzle/guzzle/pull/2273)
+* Fix: Prevent concurrent writes to file when saving `CookieJar` [#2335](https://github.com/guzzle/guzzle/pull/2335)
+* Improvement: Update `MockHandler` so we can test transfer time [#2362](https://github.com/guzzle/guzzle/pull/2362)
+
+## 6.3.3 - 2018-04-22
+
+* Fix: Default headers when decode_content is specified
+
+
+## 6.3.2 - 2018-03-26
+
+* Fix: Release process
+
+
+## 6.3.1 - 2018-03-26
+
+* Bug fix: Parsing 0 epoch expiry times in cookies [#2014](https://github.com/guzzle/guzzle/pull/2014)
+* Improvement: Better ConnectException detection [#2012](https://github.com/guzzle/guzzle/pull/2012)
+* Bug fix: Malformed domain that contains a "/" [#1999](https://github.com/guzzle/guzzle/pull/1999)
+* Bug fix: Undefined offset when a cookie has no first key-value pair [#1998](https://github.com/guzzle/guzzle/pull/1998)
+* Improvement: Support PHPUnit 6 [#1953](https://github.com/guzzle/guzzle/pull/1953)
+* Bug fix: Support empty headers [#1915](https://github.com/guzzle/guzzle/pull/1915)
+* Bug fix: Ignore case during header modifications [#1916](https://github.com/guzzle/guzzle/pull/1916)
+
++ Minor code cleanups, documentation fixes and clarifications.
+
+
+## 6.3.0 - 2017-06-22
+
+* Feature: force IP resolution (ipv4 or ipv6) [#1608](https://github.com/guzzle/guzzle/pull/1608), [#1659](https://github.com/guzzle/guzzle/pull/1659)
+* Improvement: Don't include summary in exception message when body is empty [#1621](https://github.com/guzzle/guzzle/pull/1621)
+* Improvement: Handle `on_headers` option in MockHandler [#1580](https://github.com/guzzle/guzzle/pull/1580)
+* Improvement: Added SUSE Linux CA path [#1609](https://github.com/guzzle/guzzle/issues/1609)
+* Improvement: Use class reference for getting the name of the class instead of using hardcoded strings [#1641](https://github.com/guzzle/guzzle/pull/1641)
+* Feature: Added `read_timeout` option [#1611](https://github.com/guzzle/guzzle/pull/1611)
+* Bug fix: PHP 7.x fixes [#1685](https://github.com/guzzle/guzzle/pull/1685), [#1686](https://github.com/guzzle/guzzle/pull/1686), [#1811](https://github.com/guzzle/guzzle/pull/1811)
+* Deprecation: BadResponseException instantiation without a response [#1642](https://github.com/guzzle/guzzle/pull/1642)
+* Feature: Added NTLM auth [#1569](https://github.com/guzzle/guzzle/pull/1569)
+* Feature: Track redirect HTTP status codes [#1711](https://github.com/guzzle/guzzle/pull/1711)
+* Improvement: Check handler type during construction [#1745](https://github.com/guzzle/guzzle/pull/1745)
+* Improvement: Always include the Content-Length if there's a body [#1721](https://github.com/guzzle/guzzle/pull/1721)
+* Feature: Added convenience method to access a cookie by name [#1318](https://github.com/guzzle/guzzle/pull/1318)
+* Bug fix: Fill `CURLOPT_CAPATH` and `CURLOPT_CAINFO` properly [#1684](https://github.com/guzzle/guzzle/pull/1684)
+* Improvement:  	Use `\GuzzleHttp\Promise\rejection_for` function instead of object init [#1827](https://github.com/guzzle/guzzle/pull/1827)
+
+
++ Minor code cleanups, documentation fixes and clarifications.
+
+## 6.2.3 - 2017-02-28
+
+* Fix deprecations with guzzle/psr7 version 1.4
+
+## 6.2.2 - 2016-10-08
+
+* Allow to pass nullable Response to delay callable
+* Only add scheme when host is present
+* Fix drain case where content-length is the literal string zero
+* Obfuscate in-URL credentials in exceptions
+
+## 6.2.1 - 2016-07-18
+
+* Address HTTP_PROXY security vulnerability, CVE-2016-5385:
+  https://httpoxy.org/
+* Fixing timeout bug with StreamHandler:
+  https://github.com/guzzle/guzzle/pull/1488
+* Only read up to `Content-Length` in PHP StreamHandler to avoid timeouts when
+  a server does not honor `Connection: close`.
+* Ignore URI fragment when sending requests.
+
+## 6.2.0 - 2016-03-21
+
+* Feature: added `GuzzleHttp\json_encode` and `GuzzleHttp\json_decode`.
+  https://github.com/guzzle/guzzle/pull/1389
+* Bug fix: Fix sleep calculation when waiting for delayed requests.
+  https://github.com/guzzle/guzzle/pull/1324
+* Feature: More flexible history containers.
+  https://github.com/guzzle/guzzle/pull/1373
+* Bug fix: defer sink stream opening in StreamHandler.
+  https://github.com/guzzle/guzzle/pull/1377
+* Bug fix: do not attempt to escape cookie values.
+  https://github.com/guzzle/guzzle/pull/1406
+* Feature: report original content encoding and length on decoded responses.
+  https://github.com/guzzle/guzzle/pull/1409
+* Bug fix: rewind seekable request bodies before dispatching to cURL.
+  https://github.com/guzzle/guzzle/pull/1422
+* Bug fix: provide an empty string to `http_build_query` for HHVM workaround.
+  https://github.com/guzzle/guzzle/pull/1367
+
+## 6.1.1 - 2015-11-22
+
+* Bug fix: Proxy::wrapSync() now correctly proxies to the appropriate handler
+  https://github.com/guzzle/guzzle/commit/911bcbc8b434adce64e223a6d1d14e9a8f63e4e4
+* Feature: HandlerStack is now more generic.
+  https://github.com/guzzle/guzzle/commit/f2102941331cda544745eedd97fc8fd46e1ee33e
+* Bug fix: setting verify to false in the StreamHandler now disables peer
+  verification. https://github.com/guzzle/guzzle/issues/1256
+* Feature: Middleware now uses an exception factory, including more error
+  context. https://github.com/guzzle/guzzle/pull/1282
+* Feature: better support for disabled functions.
+  https://github.com/guzzle/guzzle/pull/1287
+* Bug fix: fixed regression where MockHandler was not using `sink`.
+  https://github.com/guzzle/guzzle/pull/1292
+
+## 6.1.0 - 2015-09-08
+
+* Feature: Added the `on_stats` request option to provide access to transfer
+  statistics for requests. https://github.com/guzzle/guzzle/pull/1202
+* Feature: Added the ability to persist session cookies in CookieJars.
+  https://github.com/guzzle/guzzle/pull/1195
+* Feature: Some compatibility updates for Google APP Engine
+  https://github.com/guzzle/guzzle/pull/1216
+* Feature: Added support for NO_PROXY to prevent the use of a proxy based on
+  a simple set of rules. https://github.com/guzzle/guzzle/pull/1197
+* Feature: Cookies can now contain square brackets.
+  https://github.com/guzzle/guzzle/pull/1237
+* Bug fix: Now correctly parsing `=` inside of quotes in Cookies.
+  https://github.com/guzzle/guzzle/pull/1232
+* Bug fix: Cusotm cURL options now correctly override curl options of the
+  same name. https://github.com/guzzle/guzzle/pull/1221
+* Bug fix: Content-Type header is now added when using an explicitly provided
+  multipart body. https://github.com/guzzle/guzzle/pull/1218
+* Bug fix: Now ignoring Set-Cookie headers that have no name.
+* Bug fix: Reason phrase is no longer cast to an int in some cases in the
+  cURL handler. https://github.com/guzzle/guzzle/pull/1187
+* Bug fix: Remove the Authorization header when redirecting if the Host
+  header changes. https://github.com/guzzle/guzzle/pull/1207
+* Bug fix: Cookie path matching fixes
+  https://github.com/guzzle/guzzle/issues/1129
+* Bug fix: Fixing the cURL `body_as_string` setting
+  https://github.com/guzzle/guzzle/pull/1201
+* Bug fix: quotes are no longer stripped when parsing cookies.
+  https://github.com/guzzle/guzzle/issues/1172
+* Bug fix: `form_params` and `query` now always uses the `&` separator.
+  https://github.com/guzzle/guzzle/pull/1163
+* Bug fix: Adding a Content-Length to PHP stream wrapper requests if not set.
+  https://github.com/guzzle/guzzle/pull/1189
+
+## 6.0.2 - 2015-07-04
+
+* Fixed a memory leak in the curl handlers in which references to callbacks
+  were not being removed by `curl_reset`.
+* Cookies are now extracted properly before redirects.
+* Cookies now allow more character ranges.
+* Decoded Content-Encoding responses are now modified to correctly reflect
+  their state if the encoding was automatically removed by a handler. This
+  means that the `Content-Encoding` header may be removed an the
+  `Content-Length` modified to reflect the message size after removing the
+  encoding.
+* Added a more explicit error message when trying to use `form_params` and
+  `multipart` in the same request.
+* Several fixes for HHVM support.
+* Functions are now conditionally required using an additional level of
+  indirection to help with global Composer installations.
+
+## 6.0.1 - 2015-05-27
+
+* Fixed a bug with serializing the `query` request option where the `&`
+  separator was missing.
+* Added a better error message for when `body` is provided as an array. Please
+  use `form_params` or `multipart` instead.
+* Various doc fixes.
+
+## 6.0.0 - 2015-05-26
+
+* See the UPGRADING.md document for more information.
+* Added `multipart` and `form_params` request options.
+* Added `synchronous` request option.
+* Added the `on_headers` request option.
+* Fixed `expect` handling.
+* No longer adding default middlewares in the client ctor. These need to be
+  present on the provided handler in order to work.
+* Requests are no longer initiated when sending async requests with the
+  CurlMultiHandler. This prevents unexpected recursion from requests completing
+  while ticking the cURL loop.
+* Removed the semantics of setting `default` to `true`. This is no longer
+  required now that the cURL loop is not ticked for async requests.
+* Added request and response logging middleware.
+* No longer allowing self signed certificates when using the StreamHandler.
+* Ensuring that `sink` is valid if saving to a file.
+* Request exceptions now include a "handler context" which provides handler
+  specific contextual information.
+* Added `GuzzleHttp\RequestOptions` to allow request options to be applied
+  using constants.
+* `$maxHandles` has been removed from CurlMultiHandler.
+* `MultipartPostBody` is now part of the `guzzlehttp/psr7` package.
+
+## 5.3.0 - 2015-05-19
+
+* Mock now supports `save_to`
+* Marked `AbstractRequestEvent::getTransaction()` as public.
+* Fixed a bug in which multiple headers using different casing would overwrite
+  previous headers in the associative array.
+* Added `Utils::getDefaultHandler()`
+* Marked `GuzzleHttp\Client::getDefaultUserAgent` as deprecated.
+* URL scheme is now always lowercased.
+
+## 6.0.0-beta.1
+
+* Requires PHP >= 5.5
+* Updated to use PSR-7
+  * Requires immutable messages, which basically means an event based system
+    owned by a request instance is no longer possible.
+  * Utilizing the [Guzzle PSR-7 package](https://github.com/guzzle/psr7).
+  * Removed the dependency on `guzzlehttp/streams`. These stream abstractions
+    are available in the `guzzlehttp/psr7` package under the `GuzzleHttp\Psr7`
+    namespace.
+* Added middleware and handler system
+  * Replaced the Guzzle event and subscriber system with a middleware system.
+  * No longer depends on RingPHP, but rather places the HTTP handlers directly
+    in Guzzle, operating on PSR-7 messages.
+  * Retry logic is now encapsulated in `GuzzleHttp\Middleware::retry`, which
+    means the `guzzlehttp/retry-subscriber` is now obsolete.
+  * Mocking responses is now handled using `GuzzleHttp\Handler\MockHandler`.
+* Asynchronous responses
+  * No longer supports the `future` request option to send an async request.
+    Instead, use one of the `*Async` methods of a client (e.g., `requestAsync`,
+    `getAsync`, etc.).
+  * Utilizing `GuzzleHttp\Promise` instead of React's promise library to avoid
+    recursion required by chaining and forwarding react promises. See
+    https://github.com/guzzle/promises
+  * Added `requestAsync` and `sendAsync` to send request asynchronously.
+  * Added magic methods for `getAsync()`, `postAsync()`, etc. to send requests
+    asynchronously.
+* Request options
+  * POST and form updates
+    * Added the `form_fields` and `form_files` request options.
+    * Removed the `GuzzleHttp\Post` namespace.
+    * The `body` request option no longer accepts an array for POST requests.
+  * The `exceptions` request option has been deprecated in favor of the
+    `http_errors` request options.
+  * The `save_to` request option has been deprecated in favor of `sink` request
+    option.
+* Clients no longer accept an array of URI template string and variables for
+  URI variables. You will need to expand URI templates before passing them
+  into a client constructor or request method.
+* Client methods `get()`, `post()`, `put()`, `patch()`, `options()`, etc. are
+  now magic methods that will send synchronous requests.
+* Replaced `Utils.php` with plain functions in `functions.php`.
+* Removed `GuzzleHttp\Collection`.
+* Removed `GuzzleHttp\BatchResults`. Batched pool results are now returned as
+  an array.
+* Removed `GuzzleHttp\Query`. Query string handling is now handled using an
+  associative array passed into the `query` request option. The query string
+  is serialized using PHP's `http_build_query`. If you need more control, you
+  can pass the query string in as a string.
+* `GuzzleHttp\QueryParser` has been replaced with the
+  `GuzzleHttp\Psr7\parse_query`.
+
+## 5.2.0 - 2015-01-27
+
+* Added `AppliesHeadersInterface` to make applying headers to a request based
+  on the body more generic and not specific to `PostBodyInterface`.
+* Reduced the number of stack frames needed to send requests.
+* Nested futures are now resolved in the client rather than the RequestFsm
+* Finishing state transitions is now handled in the RequestFsm rather than the
+  RingBridge.
+* Added a guard in the Pool class to not use recursion for request retries.
+
+## 5.1.0 - 2014-12-19
+
+* Pool class no longer uses recursion when a request is intercepted.
+* The size of a Pool can now be dynamically adjusted using a callback.
+  See https://github.com/guzzle/guzzle/pull/943.
+* Setting a request option to `null` when creating a request with a client will
+  ensure that the option is not set. This allows you to overwrite default
+  request options on a per-request basis.
+  See https://github.com/guzzle/guzzle/pull/937.
+* Added the ability to limit which protocols are allowed for redirects by
+  specifying a `protocols` array in the `allow_redirects` request option.
+* Nested futures due to retries are now resolved when waiting for synchronous
+  responses. See https://github.com/guzzle/guzzle/pull/947.
+* `"0"` is now an allowed URI path. See
+  https://github.com/guzzle/guzzle/pull/935.
+* `Query` no longer typehints on the `$query` argument in the constructor,
+  allowing for strings and arrays.
+* Exceptions thrown in the `end` event are now correctly wrapped with Guzzle
+  specific exceptions if necessary.
+
+## 5.0.3 - 2014-11-03
+
+This change updates query strings so that they are treated as un-encoded values
+by default where the value represents an un-encoded value to send over the
+wire. A Query object then encodes the value before sending over the wire. This
+means that even value query string values (e.g., ":") are url encoded. This
+makes the Query class match PHP's http_build_query function. However, if you
+want to send requests over the wire using valid query string characters that do
+not need to be encoded, then you can provide a string to Url::setQuery() and
+pass true as the second argument to specify that the query string is a raw
+string that should not be parsed or encoded (unless a call to getQuery() is
+subsequently made, forcing the query-string to be converted into a Query
+object).
+
+## 5.0.2 - 2014-10-30
+
+* Added a trailing `\r\n` to multipart/form-data payloads. See
+  https://github.com/guzzle/guzzle/pull/871
+* Added a `GuzzleHttp\Pool::send()` convenience method to match the docs.
+* Status codes are now returned as integers. See
+  https://github.com/guzzle/guzzle/issues/881
+* No longer overwriting an existing `application/x-www-form-urlencoded` header
+  when sending POST requests, allowing for customized headers. See
+  https://github.com/guzzle/guzzle/issues/877
+* Improved path URL serialization.
+
+  * No longer double percent-encoding characters in the path or query string if
+    they are already encoded.
+  * Now properly encoding the supplied path to a URL object, instead of only
+    encoding ' ' and '?'.
+  * Note: This has been changed in 5.0.3 to now encode query string values by
+    default unless the `rawString` argument is provided when setting the query
+    string on a URL: Now allowing many more characters to be present in the
+    query string without being percent encoded. See https://tools.ietf.org/html/rfc3986#appendix-A
+
+## 5.0.1 - 2014-10-16
+
+Bugfix release.
+
+* Fixed an issue where connection errors still returned response object in
+  error and end events event though the response is unusable. This has been
+  corrected so that a response is not returned in the `getResponse` method of
+  these events if the response did not complete. https://github.com/guzzle/guzzle/issues/867
+* Fixed an issue where transfer statistics were not being populated in the
+  RingBridge. https://github.com/guzzle/guzzle/issues/866
+
+## 5.0.0 - 2014-10-12
+
+Adding support for non-blocking responses and some minor API cleanup.
+
+### New Features
+
+* Added support for non-blocking responses based on `guzzlehttp/guzzle-ring`.
+* Added a public API for creating a default HTTP adapter.
+* Updated the redirect plugin to be non-blocking so that redirects are sent
+  concurrently. Other plugins like this can now be updated to be non-blocking.
+* Added a "progress" event so that you can get upload and download progress
+  events.
+* Added `GuzzleHttp\Pool` which implements FutureInterface and transfers
+  requests concurrently using a capped pool size as efficiently as possible.
+* Added `hasListeners()` to EmitterInterface.
+* Removed `GuzzleHttp\ClientInterface::sendAll` and marked
+  `GuzzleHttp\Client::sendAll` as deprecated (it's still there, just not the
+  recommended way).
+
+### Breaking changes
+
+The breaking changes in this release are relatively minor. The biggest thing to
+look out for is that request and response objects no longer implement fluent
+interfaces.
+
+* Removed the fluent interfaces (i.e., `return $this`) from requests,
+  responses, `GuzzleHttp\Collection`, `GuzzleHttp\Url`,
+  `GuzzleHttp\Query`, `GuzzleHttp\Post\PostBody`, and
+  `GuzzleHttp\Cookie\SetCookie`. This blog post provides a good outline of
+  why I did this: https://ocramius.github.io/blog/fluent-interfaces-are-evil/.
+  This also makes the Guzzle message interfaces compatible with the current
+  PSR-7 message proposal.
+* Removed "functions.php", so that Guzzle is truly PSR-4 compliant. Except
+  for the HTTP request functions from function.php, these functions are now
+  implemented in `GuzzleHttp\Utils` using camelCase. `GuzzleHttp\json_decode`
+  moved to `GuzzleHttp\Utils::jsonDecode`. `GuzzleHttp\get_path` moved to
+  `GuzzleHttp\Utils::getPath`. `GuzzleHttp\set_path` moved to
+  `GuzzleHttp\Utils::setPath`. `GuzzleHttp\batch` should now be
+  `GuzzleHttp\Pool::batch`, which returns an `objectStorage`. Using functions.php
+  caused problems for many users: they aren't PSR-4 compliant, require an
+  explicit include, and needed an if-guard to ensure that the functions are not
+  declared multiple times.
+* Rewrote adapter layer.
+    * Removing all classes from `GuzzleHttp\Adapter`, these are now
+      implemented as callables that are stored in `GuzzleHttp\Ring\Client`.
+    * Removed the concept of "parallel adapters". Sending requests serially or
+      concurrently is now handled using a single adapter.
+    * Moved `GuzzleHttp\Adapter\Transaction` to `GuzzleHttp\Transaction`. The
+      Transaction object now exposes the request, response, and client as public
+      properties. The getters and setters have been removed.
+* Removed the "headers" event. This event was only useful for changing the
+  body a response once the headers of the response were known. You can implement
+  a similar behavior in a number of ways. One example might be to use a
+  FnStream that has access to the transaction being sent. For example, when the
+  first byte is written, you could check if the response headers match your
+  expectations, and if so, change the actual stream body that is being
+  written to.
+* Removed the `asArray` parameter from
+  `GuzzleHttp\Message\MessageInterface::getHeader`. If you want to get a header
+  value as an array, then use the newly added `getHeaderAsArray()` method of
+  `MessageInterface`. This change makes the Guzzle interfaces compatible with
+  the PSR-7 interfaces.
+* `GuzzleHttp\Message\MessageFactory` no longer allows subclasses to add
+  custom request options using double-dispatch (this was an implementation
+  detail). Instead, you should now provide an associative array to the
+  constructor which is a mapping of the request option name mapping to a
+  function that applies the option value to a request.
+* Removed the concept of "throwImmediately" from exceptions and error events.
+  This control mechanism was used to stop a transfer of concurrent requests
+  from completing. This can now be handled by throwing the exception or by
+  cancelling a pool of requests or each outstanding future request individually.
+* Updated to "GuzzleHttp\Streams" 3.0.
+    * `GuzzleHttp\Stream\StreamInterface::getContents()` no longer accepts a
+      `maxLen` parameter. This update makes the Guzzle streams project
+      compatible with the current PSR-7 proposal.
+    * `GuzzleHttp\Stream\Stream::__construct`,
+      `GuzzleHttp\Stream\Stream::factory`, and
+      `GuzzleHttp\Stream\Utils::create` no longer accept a size in the second
+      argument. They now accept an associative array of options, including the
+      "size" key and "metadata" key which can be used to provide custom metadata.
+
+## 4.2.2 - 2014-09-08
+
+* Fixed a memory leak in the CurlAdapter when reusing cURL handles.
+* No longer using `request_fulluri` in stream adapter proxies.
+* Relative redirects are now based on the last response, not the first response.
+
+## 4.2.1 - 2014-08-19
+
+* Ensuring that the StreamAdapter does not always add a Content-Type header
+* Adding automated github releases with a phar and zip
+
+## 4.2.0 - 2014-08-17
+
+* Now merging in default options using a case-insensitive comparison.
+  Closes https://github.com/guzzle/guzzle/issues/767
+* Added the ability to automatically decode `Content-Encoding` response bodies
+  using the `decode_content` request option. This is set to `true` by default
+  to decode the response body if it comes over the wire with a
+  `Content-Encoding`. Set this value to `false` to disable decoding the
+  response content, and pass a string to provide a request `Accept-Encoding`
+  header and turn on automatic response decoding. This feature now allows you
+  to pass an `Accept-Encoding` header in the headers of a request but still
+  disable automatic response decoding.
+  Closes https://github.com/guzzle/guzzle/issues/764
+* Added the ability to throw an exception immediately when transferring
+  requests in parallel. Closes https://github.com/guzzle/guzzle/issues/760
+* Updating guzzlehttp/streams dependency to ~2.1
+* No longer utilizing the now deprecated namespaced methods from the stream
+  package.
+
+## 4.1.8 - 2014-08-14
+
+* Fixed an issue in the CurlFactory that caused setting the `stream=false`
+  request option to throw an exception.
+  See: https://github.com/guzzle/guzzle/issues/769
+* TransactionIterator now calls rewind on the inner iterator.
+  See: https://github.com/guzzle/guzzle/pull/765
+* You can now set the `Content-Type` header to `multipart/form-data`
+  when creating POST requests to force multipart bodies.
+  See https://github.com/guzzle/guzzle/issues/768
+
+## 4.1.7 - 2014-08-07
+
+* Fixed an error in the HistoryPlugin that caused the same request and response
+  to be logged multiple times when an HTTP protocol error occurs.
+* Ensuring that cURL does not add a default Content-Type when no Content-Type
+  has been supplied by the user. This prevents the adapter layer from modifying
+  the request that is sent over the wire after any listeners may have already
+  put the request in a desired state (e.g., signed the request).
+* Throwing an exception when you attempt to send requests that have the
+  "stream" set to true in parallel using the MultiAdapter.
+* Only calling curl_multi_select when there are active cURL handles. This was
+  previously changed and caused performance problems on some systems due to PHP
+  always selecting until the maximum select timeout.
+* Fixed a bug where multipart/form-data POST fields were not correctly
+  aggregated (e.g., values with "&").
+
+## 4.1.6 - 2014-08-03
+
+* Added helper methods to make it easier to represent messages as strings,
+  including getting the start line and getting headers as a string.
+
+## 4.1.5 - 2014-08-02
+
+* Automatically retrying cURL "Connection died, retrying a fresh connect"
+  errors when possible.
+* cURL implementation cleanup
+* Allowing multiple event subscriber listeners to be registered per event by
+  passing an array of arrays of listener configuration.
+
+## 4.1.4 - 2014-07-22
+
+* Fixed a bug that caused multi-part POST requests with more than one field to
+  serialize incorrectly.
+* Paths can now be set to "0"
+* `ResponseInterface::xml` now accepts a `libxml_options` option and added a
+  missing default argument that was required when parsing XML response bodies.
+* A `save_to` stream is now created lazily, which means that files are not
+  created on disk unless a request succeeds.
+
+## 4.1.3 - 2014-07-15
+
+* Various fixes to multipart/form-data POST uploads
+* Wrapping function.php in an if-statement to ensure Guzzle can be used
+  globally and in a Composer install
+* Fixed an issue with generating and merging in events to an event array
+* POST headers are only applied before sending a request to allow you to change
+  the query aggregator used before uploading
+* Added much more robust query string parsing
+* Fixed various parsing and normalization issues with URLs
+* Fixing an issue where multi-valued headers were not being utilized correctly
+  in the StreamAdapter
+
+## 4.1.2 - 2014-06-18
+
+* Added support for sending payloads with GET requests
+
+## 4.1.1 - 2014-06-08
+
+* Fixed an issue related to using custom message factory options in subclasses
+* Fixed an issue with nested form fields in a multi-part POST
+* Fixed an issue with using the `json` request option for POST requests
+* Added `ToArrayInterface` to `GuzzleHttp\Cookie\CookieJar`
+
+## 4.1.0 - 2014-05-27
+
+* Added a `json` request option to easily serialize JSON payloads.
+* Added a `GuzzleHttp\json_decode()` wrapper to safely parse JSON.
+* Added `setPort()` and `getPort()` to `GuzzleHttp\Message\RequestInterface`.
+* Added the ability to provide an emitter to a client in the client constructor.
+* Added the ability to persist a cookie session using $_SESSION.
+* Added a trait that can be used to add event listeners to an iterator.
+* Removed request method constants from RequestInterface.
+* Fixed warning when invalid request start-lines are received.
+* Updated MessageFactory to work with custom request option methods.
+* Updated cacert bundle to latest build.
+
+4.0.2 (2014-04-16)
+------------------
+
+* Proxy requests using the StreamAdapter now properly use request_fulluri (#632)
+* Added the ability to set scalars as POST fields (#628)
+
+## 4.0.1 - 2014-04-04
+
+* The HTTP status code of a response is now set as the exception code of
+  RequestException objects.
+* 303 redirects will now correctly switch from POST to GET requests.
+* The default parallel adapter of a client now correctly uses the MultiAdapter.
+* HasDataTrait now initializes the internal data array as an empty array so
+  that the toArray() method always returns an array.
+
+## 4.0.0 - 2014-03-29
+
+* For information on changes and upgrading, see:
+  https://github.com/guzzle/guzzle/blob/master/UPGRADING.md#3x-to-40
+* Added `GuzzleHttp\batch()` as a convenience function for sending requests in
+  parallel without needing to write asynchronous code.
+* Restructured how events are added to `GuzzleHttp\ClientInterface::sendAll()`.
+  You can now pass a callable or an array of associative arrays where each
+  associative array contains the "fn", "priority", and "once" keys.
+
+## 4.0.0.rc-2 - 2014-03-25
+
+* Removed `getConfig()` and `setConfig()` from clients to avoid confusion
+  around whether things like base_url, message_factory, etc. should be able to
+  be retrieved or modified.
+* Added `getDefaultOption()` and `setDefaultOption()` to ClientInterface
+* functions.php functions were renamed using snake_case to match PHP idioms
+* Added support for `HTTP_PROXY`, `HTTPS_PROXY`, and
+  `GUZZLE_CURL_SELECT_TIMEOUT` environment variables
+* Added the ability to specify custom `sendAll()` event priorities
+* Added the ability to specify custom stream context options to the stream
+  adapter.
+* Added a functions.php function for `get_path()` and `set_path()`
+* CurlAdapter and MultiAdapter now use a callable to generate curl resources
+* MockAdapter now properly reads a body and emits a `headers` event
+* Updated Url class to check if a scheme and host are set before adding ":"
+  and "//". This allows empty Url (e.g., "") to be serialized as "".
+* Parsing invalid XML no longer emits warnings
+* Curl classes now properly throw AdapterExceptions
+* Various performance optimizations
+* Streams are created with the faster `Stream\create()` function
+* Marked deprecation_proxy() as internal
+* Test server is now a collection of static methods on a class
+
+## 4.0.0-rc.1 - 2014-03-15
+
+* See https://github.com/guzzle/guzzle/blob/master/UPGRADING.md#3x-to-40
+
+## 3.8.1 - 2014-01-28
+
+* Bug: Always using GET requests when redirecting from a 303 response
+* Bug: CURLOPT_SSL_VERIFYHOST is now correctly set to false when setting `$certificateAuthority` to false in
+  `Guzzle\Http\ClientInterface::setSslVerification()`
+* Bug: RedirectPlugin now uses strict RFC 3986 compliance when combining a base URL with a relative URL
+* Bug: The body of a request can now be set to `"0"`
+* Sending PHP stream requests no longer forces `HTTP/1.0`
+* Adding more information to ExceptionCollection exceptions so that users have more context, including a stack trace of
+  each sub-exception
+* Updated the `$ref` attribute in service descriptions to merge over any existing parameters of a schema (rather than
+  clobbering everything).
+* Merging URLs will now use the query string object from the relative URL (thus allowing custom query aggregators)
+* Query strings are now parsed in a way that they do no convert empty keys with no value to have a dangling `=`.
+  For example `foo&bar=baz` is now correctly parsed and recognized as `foo&bar=baz` rather than `foo=&bar=baz`.
+* Now properly escaping the regular expression delimiter when matching Cookie domains.
+* Network access is now disabled when loading XML documents
+
+## 3.8.0 - 2013-12-05
+
+* Added the ability to define a POST name for a file
+* JSON response parsing now properly walks additionalProperties
+* cURL error code 18 is now retried automatically in the BackoffPlugin
+* Fixed a cURL error when URLs contain fragments
+* Fixed an issue in the BackoffPlugin retry event where it was trying to access all exceptions as if they were
+  CurlExceptions
+* CURLOPT_PROGRESS function fix for PHP 5.5 (69fcc1e)
+* Added the ability for Guzzle to work with older versions of cURL that do not support `CURLOPT_TIMEOUT_MS`
+* Fixed a bug that was encountered when parsing empty header parameters
+* UriTemplate now has a `setRegex()` method to match the docs
+* The `debug` request parameter now checks if it is truthy rather than if it exists
+* Setting the `debug` request parameter to true shows verbose cURL output instead of using the LogPlugin
+* Added the ability to combine URLs using strict RFC 3986 compliance
+* Command objects can now return the validation errors encountered by the command
+* Various fixes to cache revalidation (#437 and 29797e5)
+* Various fixes to the AsyncPlugin
+* Cleaned up build scripts
+
+## 3.7.4 - 2013-10-02
+
+* Bug fix: 0 is now an allowed value in a description parameter that has a default value (#430)
+* Bug fix: SchemaFormatter now returns an integer when formatting to a Unix timestamp
+  (see https://github.com/aws/aws-sdk-php/issues/147)
+* Bug fix: Cleaned up and fixed URL dot segment removal to properly resolve internal dots
+* Minimum PHP version is now properly specified as 5.3.3 (up from 5.3.2) (#420)
+* Updated the bundled cacert.pem (#419)
+* OauthPlugin now supports adding authentication to headers or query string (#425)
+
+## 3.7.3 - 2013-09-08
+
+* Added the ability to get the exception associated with a request/command when using `MultiTransferException` and
+  `CommandTransferException`.
+* Setting `additionalParameters` of a response to false is now honored when parsing responses with a service description
+* Schemas are only injected into response models when explicitly configured.
+* No longer guessing Content-Type based on the path of a request. Content-Type is now only guessed based on the path of
+  an EntityBody.
+* Bug fix: ChunkedIterator can now properly chunk a \Traversable as well as an \Iterator.
+* Bug fix: FilterIterator now relies on `\Iterator` instead of `\Traversable`.
+* Bug fix: Gracefully handling malformed responses in RequestMediator::writeResponseBody()
+* Bug fix: Replaced call to canCache with canCacheRequest in the CallbackCanCacheStrategy of the CachePlugin
+* Bug fix: Visiting XML attributes first before visiting XML children when serializing requests
+* Bug fix: Properly parsing headers that contain commas contained in quotes
+* Bug fix: mimetype guessing based on a filename is now case-insensitive
+
+## 3.7.2 - 2013-08-02
+
+* Bug fix: Properly URL encoding paths when using the PHP-only version of the UriTemplate expander
+  See https://github.com/guzzle/guzzle/issues/371
+* Bug fix: Cookie domains are now matched correctly according to RFC 6265
+  See https://github.com/guzzle/guzzle/issues/377
+* Bug fix: GET parameters are now used when calculating an OAuth signature
+* Bug fix: Fixed an issue with cache revalidation where the If-None-Match header was being double quoted
+* `Guzzle\Common\AbstractHasDispatcher::dispatch()` now returns the event that was dispatched
+* `Guzzle\Http\QueryString::factory()` now guesses the most appropriate query aggregator to used based on the input.
+  See https://github.com/guzzle/guzzle/issues/379
+* Added a way to add custom domain objects to service description parsing using the `operation.parse_class` event. See
+  https://github.com/guzzle/guzzle/pull/380
+* cURL multi cleanup and optimizations
+
+## 3.7.1 - 2013-07-05
+
+* Bug fix: Setting default options on a client now works
+* Bug fix: Setting options on HEAD requests now works. See #352
+* Bug fix: Moving stream factory before send event to before building the stream. See #353
+* Bug fix: Cookies no longer match on IP addresses per RFC 6265
+* Bug fix: Correctly parsing header parameters that are in `<>` and quotes
+* Added `cert` and `ssl_key` as request options
+* `Host` header can now diverge from the host part of a URL if the header is set manually
+* `Guzzle\Service\Command\LocationVisitor\Request\XmlVisitor` was rewritten to change from using SimpleXML to XMLWriter
+* OAuth parameters are only added via the plugin if they aren't already set
+* Exceptions are now thrown when a URL cannot be parsed
+* Returning `false` if `Guzzle\Http\EntityBody::getContentMd5()` fails
+* Not setting a `Content-MD5` on a command if calculating the Content-MD5 fails via the CommandContentMd5Plugin
+
+## 3.7.0 - 2013-06-10
+
+* See UPGRADING.md for more information on how to upgrade.
+* Requests now support the ability to specify an array of $options when creating a request to more easily modify a
+  request. You can pass a 'request.options' configuration setting to a client to apply default request options to
+  every request created by a client (e.g. default query string variables, headers, curl options, etc.).
+* Added a static facade class that allows you to use Guzzle with static methods and mount the class to `\Guzzle`.
+  See `Guzzle\Http\StaticClient::mount`.
+* Added `command.request_options` to `Guzzle\Service\Command\AbstractCommand` to pass request options to requests
+      created by a command (e.g. custom headers, query string variables, timeout settings, etc.).
+* Stream size in `Guzzle\Stream\PhpStreamRequestFactory` will now be set if Content-Length is returned in the
+  headers of a response
+* Added `Guzzle\Common\Collection::setPath($path, $value)` to set a value into an array using a nested key
+  (e.g. `$collection->setPath('foo/baz/bar', 'test'); echo $collection['foo']['bar']['bar'];`)
+* ServiceBuilders now support storing and retrieving arbitrary data
+* CachePlugin can now purge all resources for a given URI
+* CachePlugin can automatically purge matching cached items when a non-idempotent request is sent to a resource
+* CachePlugin now uses the Vary header to determine if a resource is a cache hit
+* `Guzzle\Http\Message\Response` now implements `\Serializable`
+* Added `Guzzle\Cache\CacheAdapterFactory::fromCache()` to more easily create cache adapters
+* `Guzzle\Service\ClientInterface::execute()` now accepts an array, single command, or Traversable
+* Fixed a bug in `Guzzle\Http\Message\Header\Link::addLink()`
+* Better handling of calculating the size of a stream in `Guzzle\Stream\Stream` using fstat() and caching the size
+* `Guzzle\Common\Exception\ExceptionCollection` now creates a more readable exception message
+* Fixing BC break: Added back the MonologLogAdapter implementation rather than extending from PsrLog so that older
+  Symfony users can still use the old version of Monolog.
+* Fixing BC break: Added the implementation back in for `Guzzle\Http\Message\AbstractMessage::getTokenizedHeader()`.
+  Now triggering an E_USER_DEPRECATED warning when used. Use `$message->getHeader()->parseParams()`.
+* Several performance improvements to `Guzzle\Common\Collection`
+* Added an `$options` argument to the end of the following methods of `Guzzle\Http\ClientInterface`:
+  createRequest, head, delete, put, patch, post, options, prepareRequest
+* Added an `$options` argument to the end of `Guzzle\Http\Message\Request\RequestFactoryInterface::createRequest()`
+* Added an `applyOptions()` method to `Guzzle\Http\Message\Request\RequestFactoryInterface`
+* Changed `Guzzle\Http\ClientInterface::get($uri = null, $headers = null, $body = null)` to
+  `Guzzle\Http\ClientInterface::get($uri = null, $headers = null, $options = array())`. You can still pass in a
+  resource, string, or EntityBody into the $options parameter to specify the download location of the response.
+* Changed `Guzzle\Common\Collection::__construct($data)` to no longer accepts a null value for `$data` but a
+  default `array()`
+* Added `Guzzle\Stream\StreamInterface::isRepeatable`
+* Removed `Guzzle\Http\ClientInterface::setDefaultHeaders(). Use
+  $client->getConfig()->setPath('request.options/headers/{header_name}', 'value')`. or
+  $client->getConfig()->setPath('request.options/headers', array('header_name' => 'value'))`.
+* Removed `Guzzle\Http\ClientInterface::getDefaultHeaders(). Use $client->getConfig()->getPath('request.options/headers')`.
+* Removed `Guzzle\Http\ClientInterface::expandTemplate()`
+* Removed `Guzzle\Http\ClientInterface::setRequestFactory()`
+* Removed `Guzzle\Http\ClientInterface::getCurlMulti()`
+* Removed `Guzzle\Http\Message\RequestInterface::canCache`
+* Removed `Guzzle\Http\Message\RequestInterface::setIsRedirect`
+* Removed `Guzzle\Http\Message\RequestInterface::isRedirect`
+* Made `Guzzle\Http\Client::expandTemplate` and `getUriTemplate` protected methods.
+* You can now enable E_USER_DEPRECATED warnings to see if you are using a deprecated method by setting
+  `Guzzle\Common\Version::$emitWarnings` to true.
+* Marked `Guzzle\Http\Message\Request::isResponseBodyRepeatable()` as deprecated. Use
+      `$request->getResponseBody()->isRepeatable()` instead.
+* Marked `Guzzle\Http\Message\Request::canCache()` as deprecated. Use
+  `Guzzle\Plugin\Cache\DefaultCanCacheStrategy->canCacheRequest()` instead.
+* Marked `Guzzle\Http\Message\Request::canCache()` as deprecated. Use
+  `Guzzle\Plugin\Cache\DefaultCanCacheStrategy->canCacheRequest()` instead.
+* Marked `Guzzle\Http\Message\Request::setIsRedirect()` as deprecated. Use the HistoryPlugin instead.
+* Marked `Guzzle\Http\Message\Request::isRedirect()` as deprecated. Use the HistoryPlugin instead.
+* Marked `Guzzle\Cache\CacheAdapterFactory::factory()` as deprecated
+* Marked 'command.headers', 'command.response_body' and 'command.on_complete' as deprecated for AbstractCommand.
+  These will work through Guzzle 4.0
+* Marked 'request.params' for `Guzzle\Http\Client` as deprecated. Use [request.options][params].
+* Marked `Guzzle\Service\Client::enableMagicMethods()` as deprecated. Magic methods can no longer be disabled on a Guzzle\Service\Client.
+* Marked `Guzzle\Service\Client::getDefaultHeaders()` as deprecated. Use $client->getConfig()->getPath('request.options/headers')`.
+* Marked `Guzzle\Service\Client::setDefaultHeaders()` as deprecated. Use $client->getConfig()->setPath('request.options/headers/{header_name}', 'value')`.
+* Marked `Guzzle\Parser\Url\UrlParser` as deprecated. Just use PHP's `parse_url()` and percent encode your UTF-8.
+* Marked `Guzzle\Common\Collection::inject()` as deprecated.
+* Marked `Guzzle\Plugin\CurlAuth\CurlAuthPlugin` as deprecated. Use `$client->getConfig()->setPath('request.options/auth', array('user', 'pass', 'Basic|Digest');`
+* CacheKeyProviderInterface and DefaultCacheKeyProvider are no longer used. All of this logic is handled in a
+  CacheStorageInterface. These two objects and interface will be removed in a future version.
+* Always setting X-cache headers on cached responses
+* Default cache TTLs are now handled by the CacheStorageInterface of a CachePlugin
+* `CacheStorageInterface::cache($key, Response $response, $ttl = null)` has changed to `cache(RequestInterface
+  $request, Response $response);`
+* `CacheStorageInterface::fetch($key)` has changed to `fetch(RequestInterface $request);`
+* `CacheStorageInterface::delete($key)` has changed to `delete(RequestInterface $request);`
+* Added `CacheStorageInterface::purge($url)`
+* `DefaultRevalidation::__construct(CacheKeyProviderInterface $cacheKey, CacheStorageInterface $cache, CachePlugin
+  $plugin)` has changed to `DefaultRevalidation::__construct(CacheStorageInterface $cache,
+  CanCacheStrategyInterface $canCache = null)`
+* Added `RevalidationInterface::shouldRevalidate(RequestInterface $request, Response $response)`
+
+## 3.6.0 - 2013-05-29
+
+* ServiceDescription now implements ToArrayInterface
+* Added command.hidden_params to blacklist certain headers from being treated as additionalParameters
+* Guzzle can now correctly parse incomplete URLs
+* Mixed casing of headers are now forced to be a single consistent casing across all values for that header.
+* Messages internally use a HeaderCollection object to delegate handling case-insensitive header resolution
+* Removed the whole changedHeader() function system of messages because all header changes now go through addHeader().
+* Specific header implementations can be created for complex headers. When a message creates a header, it uses a
+  HeaderFactory which can map specific headers to specific header classes. There is now a Link header and
+  CacheControl header implementation.
+* Removed from interface: Guzzle\Http\ClientInterface::setUriTemplate
+* Removed from interface: Guzzle\Http\ClientInterface::setCurlMulti()
+* Removed Guzzle\Http\Message\Request::receivedRequestHeader() and implemented this functionality in
+  Guzzle\Http\Curl\RequestMediator
+* Removed the optional $asString parameter from MessageInterface::getHeader(). Just cast the header to a string.
+* Removed the optional $tryChunkedTransfer option from Guzzle\Http\Message\EntityEnclosingRequestInterface
+* Removed the $asObjects argument from Guzzle\Http\Message\MessageInterface::getHeaders()
+* Removed Guzzle\Parser\ParserRegister::get(). Use getParser()
+* Removed Guzzle\Parser\ParserRegister::set(). Use registerParser().
+* All response header helper functions return a string rather than mixing Header objects and strings inconsistently
+* Removed cURL blacklist support. This is no longer necessary now that Expect, Accept, etc. are managed by Guzzle
+  directly via interfaces
+* Removed the injecting of a request object onto a response object. The methods to get and set a request still exist
+  but are a no-op until removed.
+* Most classes that used to require a `Guzzle\Service\Command\CommandInterface` typehint now request a
+  `Guzzle\Service\Command\ArrayCommandInterface`.
+* Added `Guzzle\Http\Message\RequestInterface::startResponse()` to the RequestInterface to handle injecting a response
+  on a request while the request is still being transferred
+* The ability to case-insensitively search for header values
+* Guzzle\Http\Message\Header::hasExactHeader
+* Guzzle\Http\Message\Header::raw. Use getAll()
+* Deprecated cache control specific methods on Guzzle\Http\Message\AbstractMessage. Use the CacheControl header object
+  instead.
+* `Guzzle\Service\Command\CommandInterface` now extends from ToArrayInterface and ArrayAccess
+* Added the ability to cast Model objects to a string to view debug information.
+
+## 3.5.0 - 2013-05-13
+
+* Bug: Fixed a regression so that request responses are parsed only once per oncomplete event rather than multiple times
+* Bug: Better cleanup of one-time events across the board (when an event is meant to fire once, it will now remove
+  itself from the EventDispatcher)
+* Bug: `Guzzle\Log\MessageFormatter` now properly writes "total_time" and "connect_time" values
+* Bug: Cloning an EntityEnclosingRequest now clones the EntityBody too
+* Bug: Fixed an undefined index error when parsing nested JSON responses with a sentAs parameter that reference a
+  non-existent key
+* Bug: All __call() method arguments are now required (helps with mocking frameworks)
+* Deprecating Response::getRequest() and now using a shallow clone of a request object to remove a circular reference
+  to help with refcount based garbage collection of resources created by sending a request
+* Deprecating ZF1 cache and log adapters. These will be removed in the next major version.
+* Deprecating `Response::getPreviousResponse()` (method signature still exists, but it's deprecated). Use the
+  HistoryPlugin for a history.
+* Added a `responseBody` alias for the `response_body` location
+* Refactored internals to no longer rely on Response::getRequest()
+* HistoryPlugin can now be cast to a string
+* HistoryPlugin now logs transactions rather than requests and responses to more accurately keep track of the requests
+  and responses that are sent over the wire
+* Added `getEffectiveUrl()` and `getRedirectCount()` to Response objects
+
+## 3.4.3 - 2013-04-30
+
+* Bug fix: Fixing bug introduced in 3.4.2 where redirect responses are duplicated on the final redirected response
+* Added a check to re-extract the temp cacert bundle from the phar before sending each request
+
+## 3.4.2 - 2013-04-29
+
+* Bug fix: Stream objects now work correctly with "a" and "a+" modes
+* Bug fix: Removing `Transfer-Encoding: chunked` header when a Content-Length is present
+* Bug fix: AsyncPlugin no longer forces HEAD requests
+* Bug fix: DateTime timezones are now properly handled when using the service description schema formatter
+* Bug fix: CachePlugin now properly handles stale-if-error directives when a request to the origin server fails
+* Setting a response on a request will write to the custom request body from the response body if one is specified
+* LogPlugin now writes to php://output when STDERR is undefined
+* Added the ability to set multiple POST files for the same key in a single call
+* application/x-www-form-urlencoded POSTs now use the utf-8 charset by default
+* Added the ability to queue CurlExceptions to the MockPlugin
+* Cleaned up how manual responses are queued on requests (removed "queued_response" and now using request.before_send)
+* Configuration loading now allows remote files
+
+## 3.4.1 - 2013-04-16
+
+* Large refactoring to how CurlMulti handles work. There is now a proxy that sits in front of a pool of CurlMulti
+  handles. This greatly simplifies the implementation, fixes a couple bugs, and provides a small performance boost.
+* Exceptions are now properly grouped when sending requests in parallel
+* Redirects are now properly aggregated when a multi transaction fails
+* Redirects now set the response on the original object even in the event of a failure
+* Bug fix: Model names are now properly set even when using $refs
+* Added support for PHP 5.5's CurlFile to prevent warnings with the deprecated @ syntax
+* Added support for oauth_callback in OAuth signatures
+* Added support for oauth_verifier in OAuth signatures
+* Added support to attempt to retrieve a command first literally, then ucfirst, the with inflection
+
+## 3.4.0 - 2013-04-11
+
+* Bug fix: URLs are now resolved correctly based on https://tools.ietf.org/html/rfc3986#section-5.2. #289
+* Bug fix: Absolute URLs with a path in a service description will now properly override the base URL. #289
+* Bug fix: Parsing a query string with a single PHP array value will now result in an array. #263
+* Bug fix: Better normalization of the User-Agent header to prevent duplicate headers. #264.
+* Bug fix: Added `number` type to service descriptions.
+* Bug fix: empty parameters are removed from an OAuth signature
+* Bug fix: Revalidating a cache entry prefers the Last-Modified over the Date header
+* Bug fix: Fixed "array to string" error when validating a union of types in a service description
+* Bug fix: Removed code that attempted to determine the size of a stream when data is written to the stream
+* Bug fix: Not including an `oauth_token` if the value is null in the OauthPlugin.
+* Bug fix: Now correctly aggregating successful requests and failed requests in CurlMulti when a redirect occurs.
+* The new default CURLOPT_TIMEOUT setting has been increased to 150 seconds so that Guzzle works on poor connections.
+* Added a feature to EntityEnclosingRequest::setBody() that will automatically set the Content-Type of the request if
+  the Content-Type can be determined based on the entity body or the path of the request.
+* Added the ability to overwrite configuration settings in a client when grabbing a throwaway client from a builder.
+* Added support for a PSR-3 LogAdapter.
+* Added a `command.after_prepare` event
+* Added `oauth_callback` parameter to the OauthPlugin
+* Added the ability to create a custom stream class when using a stream factory
+* Added a CachingEntityBody decorator
+* Added support for `additionalParameters` in service descriptions to define how custom parameters are serialized.
+* The bundled SSL certificate is now provided in the phar file and extracted when running Guzzle from a phar.
+* You can now send any EntityEnclosingRequest with POST fields or POST files and cURL will handle creating bodies
+* POST requests using a custom entity body are now treated exactly like PUT requests but with a custom cURL method. This
+  means that the redirect behavior of POST requests with custom bodies will not be the same as POST requests that use
+  POST fields or files (the latter is only used when emulating a form POST in the browser).
+* Lots of cleanup to CurlHandle::factory and RequestFactory::createRequest
+
+## 3.3.1 - 2013-03-10
+
+* Added the ability to create PHP streaming responses from HTTP requests
+* Bug fix: Running any filters when parsing response headers with service descriptions
+* Bug fix: OauthPlugin fixes to allow for multi-dimensional array signing, and sorting parameters before signing
+* Bug fix: Removed the adding of default empty arrays and false Booleans to responses in order to be consistent across
+  response location visitors.
+* Bug fix: Removed the possibility of creating configuration files with circular dependencies
+* RequestFactory::create() now uses the key of a POST file when setting the POST file name
+* Added xmlAllowEmpty to serialize an XML body even if no XML specific parameters are set
+
+## 3.3.0 - 2013-03-03
+
+* A large number of performance optimizations have been made
+* Bug fix: Added 'wb' as a valid write mode for streams
+* Bug fix: `Guzzle\Http\Message\Response::json()` now allows scalar values to be returned
+* Bug fix: Fixed bug in `Guzzle\Http\Message\Response` where wrapping quotes were stripped from `getEtag()`
+* BC: Removed `Guzzle\Http\Utils` class
+* BC: Setting a service description on a client will no longer modify the client's command factories.
+* BC: Emitting IO events from a RequestMediator is now a parameter that must be set in a request's curl options using
+  the 'emit_io' key. This was previously set under a request's parameters using 'curl.emit_io'
+* BC: `Guzzle\Stream\Stream::getWrapper()` and `Guzzle\Stream\Stream::getSteamType()` are no longer converted to
+  lowercase
+* Operation parameter objects are now lazy loaded internally
+* Added ErrorResponsePlugin that can throw errors for responses defined in service description operations' errorResponses
+* Added support for instantiating responseType=class responseClass classes. Classes must implement
+  `Guzzle\Service\Command\ResponseClassInterface`
+* Added support for additionalProperties for top-level parameters in responseType=model responseClasses. These
+  additional properties also support locations and can be used to parse JSON responses where the outermost part of the
+  JSON is an array
+* Added support for nested renaming of JSON models (rename sentAs to name)
+* CachePlugin
+    * Added support for stale-if-error so that the CachePlugin can now serve stale content from the cache on error
+    * Debug headers can now added to cached response in the CachePlugin
+
+## 3.2.0 - 2013-02-14
+
+* CurlMulti is no longer reused globally. A new multi object is created per-client. This helps to isolate clients.
+* URLs with no path no longer contain a "/" by default
+* Guzzle\Http\QueryString does no longer manages the leading "?". This is now handled in Guzzle\Http\Url.
+* BadResponseException no longer includes the full request and response message
+* Adding setData() to Guzzle\Service\Description\ServiceDescriptionInterface
+* Adding getResponseBody() to Guzzle\Http\Message\RequestInterface
+* Various updates to classes to use ServiceDescriptionInterface type hints rather than ServiceDescription
+* Header values can now be normalized into distinct values when multiple headers are combined with a comma separated list
+* xmlEncoding can now be customized for the XML declaration of a XML service description operation
+* Guzzle\Http\QueryString now uses Guzzle\Http\QueryAggregator\QueryAggregatorInterface objects to add custom value
+  aggregation and no longer uses callbacks
+* The URL encoding implementation of Guzzle\Http\QueryString can now be customized
+* Bug fix: Filters were not always invoked for array service description parameters
+* Bug fix: Redirects now use a target response body rather than a temporary response body
+* Bug fix: The default exponential backoff BackoffPlugin was not giving when the request threshold was exceeded
+* Bug fix: Guzzle now takes the first found value when grabbing Cache-Control directives
+
+## 3.1.2 - 2013-01-27
+
+* Refactored how operation responses are parsed. Visitors now include a before() method responsible for parsing the
+  response body. For example, the XmlVisitor now parses the XML response into an array in the before() method.
+* Fixed an issue where cURL would not automatically decompress responses when the Accept-Encoding header was sent
+* CURLOPT_SSL_VERIFYHOST is never set to 1 because it is deprecated (see 5e0ff2ef20f839e19d1eeb298f90ba3598784444)
+* Fixed a bug where redirect responses were not chained correctly using getPreviousResponse()
+* Setting default headers on a client after setting the user-agent will not erase the user-agent setting
+
+## 3.1.1 - 2013-01-20
+
+* Adding wildcard support to Guzzle\Common\Collection::getPath()
+* Adding alias support to ServiceBuilder configs
+* Adding Guzzle\Service\Resource\CompositeResourceIteratorFactory and cleaning up factory interface
+
+## 3.1.0 - 2013-01-12
+
+* BC: CurlException now extends from RequestException rather than BadResponseException
+* BC: Renamed Guzzle\Plugin\Cache\CanCacheStrategyInterface::canCache() to canCacheRequest() and added CanCacheResponse()
+* Added getData to ServiceDescriptionInterface
+* Added context array to RequestInterface::setState()
+* Bug: Removing hard dependency on the BackoffPlugin from Guzzle\Http
+* Bug: Adding required content-type when JSON request visitor adds JSON to a command
+* Bug: Fixing the serialization of a service description with custom data
+* Made it easier to deal with exceptions thrown when transferring commands or requests in parallel by providing
+  an array of successful and failed responses
+* Moved getPath from Guzzle\Service\Resource\Model to Guzzle\Common\Collection
+* Added Guzzle\Http\IoEmittingEntityBody
+* Moved command filtration from validators to location visitors
+* Added `extends` attributes to service description parameters
+* Added getModels to ServiceDescriptionInterface
+
+## 3.0.7 - 2012-12-19
+
+* Fixing phar detection when forcing a cacert to system if null or true
+* Allowing filename to be passed to `Guzzle\Http\Message\Request::setResponseBody()`
+* Cleaning up `Guzzle\Common\Collection::inject` method
+* Adding a response_body location to service descriptions
+
+## 3.0.6 - 2012-12-09
+
+* CurlMulti performance improvements
+* Adding setErrorResponses() to Operation
+* composer.json tweaks
+
+## 3.0.5 - 2012-11-18
+
+* Bug: Fixing an infinite recursion bug caused from revalidating with the CachePlugin
+* Bug: Response body can now be a string containing "0"
+* Bug: Using Guzzle inside of a phar uses system by default but now allows for a custom cacert
+* Bug: QueryString::fromString now properly parses query string parameters that contain equal signs
+* Added support for XML attributes in service description responses
+* DefaultRequestSerializer now supports array URI parameter values for URI template expansion
+* Added better mimetype guessing to requests and post files
+
+## 3.0.4 - 2012-11-11
+
+* Bug: Fixed a bug when adding multiple cookies to a request to use the correct glue value
+* Bug: Cookies can now be added that have a name, domain, or value set to "0"
+* Bug: Using the system cacert bundle when using the Phar
+* Added json and xml methods to Response to make it easier to parse JSON and XML response data into data structures
+* Enhanced cookie jar de-duplication
+* Added the ability to enable strict cookie jars that throw exceptions when invalid cookies are added
+* Added setStream to StreamInterface to actually make it possible to implement custom rewind behavior for entity bodies
+* Added the ability to create any sort of hash for a stream rather than just an MD5 hash
+
+## 3.0.3 - 2012-11-04
+
+* Implementing redirects in PHP rather than cURL
+* Added PECL URI template extension and using as default parser if available
+* Bug: Fixed Content-Length parsing of Response factory
+* Adding rewind() method to entity bodies and streams. Allows for custom rewinding of non-repeatable streams.
+* Adding ToArrayInterface throughout library
+* Fixing OauthPlugin to create unique nonce values per request
+
+## 3.0.2 - 2012-10-25
+
+* Magic methods are enabled by default on clients
+* Magic methods return the result of a command
+* Service clients no longer require a base_url option in the factory
+* Bug: Fixed an issue with URI templates where null template variables were being expanded
+
+## 3.0.1 - 2012-10-22
+
+* Models can now be used like regular collection objects by calling filter, map, etc.
+* Models no longer require a Parameter structure or initial data in the constructor
+* Added a custom AppendIterator to get around a PHP bug with the `\AppendIterator`
+
+## 3.0.0 - 2012-10-15
+
+* Rewrote service description format to be based on Swagger
+    * Now based on JSON schema
+    * Added nested input structures and nested response models
+    * Support for JSON and XML input and output models
+    * Renamed `commands` to `operations`
+    * Removed dot class notation
+    * Removed custom types
+* Broke the project into smaller top-level namespaces to be more component friendly
+* Removed support for XML configs and descriptions. Use arrays or JSON files.
+* Removed the Validation component and Inspector
+* Moved all cookie code to Guzzle\Plugin\Cookie
+* Magic methods on a Guzzle\Service\Client now return the command un-executed.
+* Calling getResult() or getResponse() on a command will lazily execute the command if needed.
+* Now shipping with cURL's CA certs and using it by default
+* Added previousResponse() method to response objects
+* No longer sending Accept and Accept-Encoding headers on every request
+* Only sending an Expect header by default when a payload is greater than 1MB
+* Added/moved client options:
+    * curl.blacklist to curl.option.blacklist
+    * Added ssl.certificate_authority
+* Added a Guzzle\Iterator component
+* Moved plugins from Guzzle\Http\Plugin to Guzzle\Plugin
+* Added a more robust backoff retry strategy (replaced the ExponentialBackoffPlugin)
+* Added a more robust caching plugin
+* Added setBody to response objects
+* Updating LogPlugin to use a more flexible MessageFormatter
+* Added a completely revamped build process
+* Cleaning up Collection class and removing default values from the get method
+* Fixed ZF2 cache adapters
+
+## 2.8.8 - 2012-10-15
+
+* Bug: Fixed a cookie issue that caused dot prefixed domains to not match where popular browsers did
+
+## 2.8.7 - 2012-09-30
+
+* Bug: Fixed config file aliases for JSON includes
+* Bug: Fixed cookie bug on a request object by using CookieParser to parse cookies on requests
+* Bug: Removing the path to a file when sending a Content-Disposition header on a POST upload
+* Bug: Hardening request and response parsing to account for missing parts
+* Bug: Fixed PEAR packaging
+* Bug: Fixed Request::getInfo
+* Bug: Fixed cases where CURLM_CALL_MULTI_PERFORM return codes were causing curl transactions to fail
+* Adding the ability for the namespace Iterator factory to look in multiple directories
+* Added more getters/setters/removers from service descriptions
+* Added the ability to remove POST fields from OAuth signatures
+* OAuth plugin now supports 2-legged OAuth
+
+## 2.8.6 - 2012-09-05
+
+* Added the ability to modify and build service descriptions
+* Added the use of visitors to apply parameters to locations in service descriptions using the dynamic command
+* Added a `json` parameter location
+* Now allowing dot notation for classes in the CacheAdapterFactory
+* Using the union of two arrays rather than an array_merge when extending service builder services and service params
+* Ensuring that a service is a string before doing strpos() checks on it when substituting services for references
+  in service builder config files.
+* Services defined in two different config files that include one another will by default replace the previously
+  defined service, but you can now create services that extend themselves and merge their settings over the previous
+* The JsonLoader now supports aliasing filenames with different filenames. This allows you to alias something like
+  '_default' with a default JSON configuration file.
+
+## 2.8.5 - 2012-08-29
+
+* Bug: Suppressed empty arrays from URI templates
+* Bug: Added the missing $options argument from ServiceDescription::factory to enable caching
+* Added support for HTTP responses that do not contain a reason phrase in the start-line
+* AbstractCommand commands are now invokable
+* Added a way to get the data used when signing an Oauth request before a request is sent
+
+## 2.8.4 - 2012-08-15
+
+* Bug: Custom delay time calculations are no longer ignored in the ExponentialBackoffPlugin
+* Added the ability to transfer entity bodies as a string rather than streamed. This gets around curl error 65. Set `body_as_string` in a request's curl options to enable.
+* Added a StreamInterface, EntityBodyInterface, and added ftell() to Guzzle\Common\Stream
+* Added an AbstractEntityBodyDecorator and a ReadLimitEntityBody decorator to transfer only a subset of a decorated stream
+* Stream and EntityBody objects will now return the file position to the previous position after a read required operation (e.g. getContentMd5())
+* Added additional response status codes
+* Removed SSL information from the default User-Agent header
+* DELETE requests can now send an entity body
+* Added an EventDispatcher to the ExponentialBackoffPlugin and added an ExponentialBackoffLogger to log backoff retries
+* Added the ability of the MockPlugin to consume mocked request bodies
+* LogPlugin now exposes request and response objects in the extras array
+
+## 2.8.3 - 2012-07-30
+
+* Bug: Fixed a case where empty POST requests were sent as GET requests
+* Bug: Fixed a bug in ExponentialBackoffPlugin that caused fatal errors when retrying an EntityEnclosingRequest that does not have a body
+* Bug: Setting the response body of a request to null after completing a request, not when setting the state of a request to new
+* Added multiple inheritance to service description commands
+* Added an ApiCommandInterface and added `getParamNames()` and `hasParam()`
+* Removed the default 2mb size cutoff from the Md5ValidatorPlugin so that it now defaults to validating everything
+* Changed CurlMulti::perform to pass a smaller timeout to CurlMulti::executeHandles
+
+## 2.8.2 - 2012-07-24
+
+* Bug: Query string values set to 0 are no longer dropped from the query string
+* Bug: A Collection object is no longer created each time a call is made to `Guzzle\Service\Command\AbstractCommand::getRequestHeaders()`
+* Bug: `+` is now treated as an encoded space when parsing query strings
+* QueryString and Collection performance improvements
+* Allowing dot notation for class paths in filters attribute of a service descriptions
+
+## 2.8.1 - 2012-07-16
+
+* Loosening Event Dispatcher dependency
+* POST redirects can now be customized using CURLOPT_POSTREDIR
+
+## 2.8.0 - 2012-07-15
+
+* BC: Guzzle\Http\Query
+    * Query strings with empty variables will always show an equal sign unless the variable is set to QueryString::BLANK (e.g. ?acl= vs ?acl)
+    * Changed isEncodingValues() and isEncodingFields() to isUrlEncoding()
+    * Changed setEncodeValues(bool) and setEncodeFields(bool) to useUrlEncoding(bool)
+    * Changed the aggregation functions of QueryString to be static methods
+    * Can now use fromString() with querystrings that have a leading ?
+* cURL configuration values can be specified in service descriptions using `curl.` prefixed parameters
+* Content-Length is set to 0 before emitting the request.before_send event when sending an empty request body
+* Cookies are no longer URL decoded by default
+* Bug: URI template variables set to null are no longer expanded
+
+## 2.7.2 - 2012-07-02
+
+* BC: Moving things to get ready for subtree splits. Moving Inflection into Common. Moving Guzzle\Http\Parser to Guzzle\Parser.
+* BC: Removing Guzzle\Common\Batch\Batch::count() and replacing it with isEmpty()
+* CachePlugin now allows for a custom request parameter function to check if a request can be cached
+* Bug fix: CachePlugin now only caches GET and HEAD requests by default
+* Bug fix: Using header glue when transferring headers over the wire
+* Allowing deeply nested arrays for composite variables in URI templates
+* Batch divisors can now return iterators or arrays
+
+## 2.7.1 - 2012-06-26
+
+* Minor patch to update version number in UA string
+* Updating build process
+
+## 2.7.0 - 2012-06-25
+
+* BC: Inflection classes moved to Guzzle\Inflection. No longer static methods. Can now inject custom inflectors into classes.
+* BC: Removed magic setX methods from commands
+* BC: Magic methods mapped to service description commands are now inflected in the command factory rather than the client __call() method
+* Verbose cURL options are no longer enabled by default. Set curl.debug to true on a client to enable.
+* Bug: Now allowing colons in a response start-line (e.g. HTTP/1.1 503 Service Unavailable: Back-end server is at capacity)
+* Guzzle\Service\Resource\ResourceIteratorApplyBatched now internally uses the Guzzle\Common\Batch namespace
+* Added Guzzle\Service\Plugin namespace and a PluginCollectionPlugin
+* Added the ability to set POST fields and files in a service description
+* Guzzle\Http\EntityBody::factory() now accepts objects with a __toString() method
+* Adding a command.before_prepare event to clients
+* Added BatchClosureTransfer and BatchClosureDivisor
+* BatchTransferException now includes references to the batch divisor and transfer strategies
+* Fixed some tests so that they pass more reliably
+* Added Guzzle\Common\Log\ArrayLogAdapter
+
+## 2.6.6 - 2012-06-10
+
+* BC: Removing Guzzle\Http\Plugin\BatchQueuePlugin
+* BC: Removing Guzzle\Service\Command\CommandSet
+* Adding generic batching system (replaces the batch queue plugin and command set)
+* Updating ZF cache and log adapters and now using ZF's composer repository
+* Bug: Setting the name of each ApiParam when creating through an ApiCommand
+* Adding result_type, result_doc, deprecated, and doc_url to service descriptions
+* Bug: Changed the default cookie header casing back to 'Cookie'
+
+## 2.6.5 - 2012-06-03
+
+* BC: Renaming Guzzle\Http\Message\RequestInterface::getResourceUri() to getResource()
+* BC: Removing unused AUTH_BASIC and AUTH_DIGEST constants from
+* BC: Guzzle\Http\Cookie is now used to manage Set-Cookie data, not Cookie data
+* BC: Renaming methods in the CookieJarInterface
+* Moving almost all cookie logic out of the CookiePlugin and into the Cookie or CookieJar implementations
+* Making the default glue for HTTP headers ';' instead of ','
+* Adding a removeValue to Guzzle\Http\Message\Header
+* Adding getCookies() to request interface.
+* Making it easier to add event subscribers to HasDispatcherInterface classes. Can now directly call addSubscriber()
+
+## 2.6.4 - 2012-05-30
+
+* BC: Cleaning up how POST files are stored in EntityEnclosingRequest objects. Adding PostFile class.
+* BC: Moving ApiCommand specific functionality from the Inspector and on to the ApiCommand
+* Bug: Fixing magic method command calls on clients
+* Bug: Email constraint only validates strings
+* Bug: Aggregate POST fields when POST files are present in curl handle
+* Bug: Fixing default User-Agent header
+* Bug: Only appending or prepending parameters in commands if they are specified
+* Bug: Not requiring response reason phrases or status codes to match a predefined list of codes
+* Allowing the use of dot notation for class namespaces when using instance_of constraint
+* Added any_match validation constraint
+* Added an AsyncPlugin
+* Passing request object to the calculateWait method of the ExponentialBackoffPlugin
+* Allowing the result of a command object to be changed
+* Parsing location and type sub values when instantiating a service description rather than over and over at runtime
+
+## 2.6.3 - 2012-05-23
+
+* [BC] Guzzle\Common\FromConfigInterface no longer requires any config options.
+* [BC] Refactoring how POST files are stored on an EntityEnclosingRequest. They are now separate from POST fields.
+* You can now use an array of data when creating PUT request bodies in the request factory.
+* Removing the requirement that HTTPS requests needed a Cache-Control: public directive to be cacheable.
+* [Http] Adding support for Content-Type in multipart POST uploads per upload
+* [Http] Added support for uploading multiple files using the same name (foo[0], foo[1])
+* Adding more POST data operations for easier manipulation of POST data.
+* You can now set empty POST fields.
+* The body of a request is only shown on EntityEnclosingRequest objects that do not use POST files.
+* Split the Guzzle\Service\Inspector::validateConfig method into two methods. One to initialize when a command is created, and one to validate.
+* CS updates
+
+## 2.6.2 - 2012-05-19
+
+* [Http] Better handling of nested scope requests in CurlMulti.  Requests are now always prepares in the send() method rather than the addRequest() method.
+
+## 2.6.1 - 2012-05-19
+
+* [BC] Removing 'path' support in service descriptions.  Use 'uri'.
+* [BC] Guzzle\Service\Inspector::parseDocBlock is now protected. Adding getApiParamsForClass() with cache.
+* [BC] Removing Guzzle\Common\NullObject.  Use https://github.com/mtdowling/NullObject if you need it.
+* [BC] Removing Guzzle\Common\XmlElement.
+* All commands, both dynamic and concrete, have ApiCommand objects.
+* Adding a fix for CurlMulti so that if all of the connections encounter some sort of curl error, then the loop exits.
+* Adding checks to EntityEnclosingRequest so that empty POST files and fields are ignored.
+* Making the method signature of Guzzle\Service\Builder\ServiceBuilder::factory more flexible.
+
+## 2.6.0 - 2012-05-15
+
+* [BC] Moving Guzzle\Service\Builder to Guzzle\Service\Builder\ServiceBuilder
+* [BC] Executing a Command returns the result of the command rather than the command
+* [BC] Moving all HTTP parsing logic to Guzzle\Http\Parsers. Allows for faster C implementations if needed.
+* [BC] Changing the Guzzle\Http\Message\Response::setProtocol() method to accept a protocol and version in separate args.
+* [BC] Moving ResourceIterator* to Guzzle\Service\Resource
+* [BC] Completely refactored ResourceIterators to iterate over a cloned command object
+* [BC] Moved Guzzle\Http\UriTemplate to Guzzle\Http\Parser\UriTemplate\UriTemplate
+* [BC] Guzzle\Guzzle is now deprecated
+* Moving Guzzle\Common\Guzzle::inject to Guzzle\Common\Collection::inject
+* Adding Guzzle\Version class to give version information about Guzzle
+* Adding Guzzle\Http\Utils class to provide getDefaultUserAgent() and getHttpDate()
+* Adding Guzzle\Curl\CurlVersion to manage caching curl_version() data
+* ServiceDescription and ServiceBuilder are now cacheable using similar configs
+* Changing the format of XML and JSON service builder configs.  Backwards compatible.
+* Cleaned up Cookie parsing
+* Trimming the default Guzzle User-Agent header
+* Adding a setOnComplete() method to Commands that is called when a command completes
+* Keeping track of requests that were mocked in the MockPlugin
+* Fixed a caching bug in the CacheAdapterFactory
+* Inspector objects can be injected into a Command object
+* Refactoring a lot of code and tests to be case insensitive when dealing with headers
+* Adding Guzzle\Http\Message\HeaderComparison for easy comparison of HTTP headers using a DSL
+* Adding the ability to set global option overrides to service builder configs
+* Adding the ability to include other service builder config files from within XML and JSON files
+* Moving the parseQuery method out of Url and on to QueryString::fromString() as a static factory method.
+
+## 2.5.0 - 2012-05-08
+
+* Major performance improvements
+* [BC] Simplifying Guzzle\Common\Collection.  Please check to see if you are using features that are now deprecated.
+* [BC] Using a custom validation system that allows a flyweight implementation for much faster validation. No longer using Symfony2 Validation component.
+* [BC] No longer supporting "{{ }}" for injecting into command or UriTemplates.  Use "{}"
+* Added the ability to passed parameters to all requests created by a client
+* Added callback functionality to the ExponentialBackoffPlugin
+* Using microtime in ExponentialBackoffPlugin to allow more granular backoff strategies.
+* Rewinding request stream bodies when retrying requests
+* Exception is thrown when JSON response body cannot be decoded
+* Added configurable magic method calls to clients and commands.  This is off by default.
+* Fixed a defect that added a hash to every parsed URL part
+* Fixed duplicate none generation for OauthPlugin.
+* Emitting an event each time a client is generated by a ServiceBuilder
+* Using an ApiParams object instead of a Collection for parameters of an ApiCommand
+* cache.* request parameters should be renamed to params.cache.*
+* Added the ability to set arbitrary curl options on requests (disable_wire, progress, etc.). See CurlHandle.
+* Added the ability to disable type validation of service descriptions
+* ServiceDescriptions and ServiceBuilders are now Serializable
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/LICENSE b/data/web/inc/lib/vendor/guzzlehttp/guzzle/LICENSE
new file mode 100644
index 000000000..fd2375d88
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/LICENSE
@@ -0,0 +1,27 @@
+The MIT License (MIT)
+
+Copyright (c) 2011 Michael Dowling <mtdowling@gmail.com>
+Copyright (c) 2012 Jeremy Lindblom <jeremeamia@gmail.com>
+Copyright (c) 2014 Graham Campbell <hello@gjcampbell.co.uk>
+Copyright (c) 2015 Márk Sági-Kazár <mark.sagikazar@gmail.com>
+Copyright (c) 2015 Tobias Schultze <webmaster@tubo-world.de>
+Copyright (c) 2016 Tobias Nyholm <tobias.nyholm@gmail.com>
+Copyright (c) 2016 George Mponos <gmponos@gmail.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/README.md b/data/web/inc/lib/vendor/guzzlehttp/guzzle/README.md
new file mode 100644
index 000000000..f287fa98d
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/README.md
@@ -0,0 +1,94 @@
+![Guzzle](.github/logo.png?raw=true)
+
+# Guzzle, PHP HTTP client
+
+[![Latest Version](https://img.shields.io/github/release/guzzle/guzzle.svg?style=flat-square)](https://github.com/guzzle/guzzle/releases)
+[![Build Status](https://img.shields.io/github/workflow/status/guzzle/guzzle/CI?label=ci%20build&style=flat-square)](https://github.com/guzzle/guzzle/actions?query=workflow%3ACI)
+[![Total Downloads](https://img.shields.io/packagist/dt/guzzlehttp/guzzle.svg?style=flat-square)](https://packagist.org/packages/guzzlehttp/guzzle)
+
+Guzzle is a PHP HTTP client that makes it easy to send HTTP requests and
+trivial to integrate with web services.
+
+- Simple interface for building query strings, POST requests, streaming large
+  uploads, streaming large downloads, using HTTP cookies, uploading JSON data,
+  etc...
+- Can send both synchronous and asynchronous requests using the same interface.
+- Uses PSR-7 interfaces for requests, responses, and streams. This allows you
+  to utilize other PSR-7 compatible libraries with Guzzle.
+- Supports PSR-18 allowing interoperability between other PSR-18 HTTP Clients.
+- Abstracts away the underlying HTTP transport, allowing you to write
+  environment and transport agnostic code; i.e., no hard dependency on cURL,
+  PHP streams, sockets, or non-blocking event loops.
+- Middleware system allows you to augment and compose client behavior.
+
+```php
+$client = new \GuzzleHttp\Client();
+$response = $client->request('GET', 'https://api.github.com/repos/guzzle/guzzle');
+
+echo $response->getStatusCode(); // 200
+echo $response->getHeaderLine('content-type'); // 'application/json; charset=utf8'
+echo $response->getBody(); // '{"id": 1420053, "name": "guzzle", ...}'
+
+// Send an asynchronous request.
+$request = new \GuzzleHttp\Psr7\Request('GET', 'http://httpbin.org');
+$promise = $client->sendAsync($request)->then(function ($response) {
+    echo 'I completed! ' . $response->getBody();
+});
+
+$promise->wait();
+```
+
+## Help and docs
+
+We use GitHub issues only to discuss bugs and new features. For support please refer to:
+
+- [Documentation](https://docs.guzzlephp.org)
+- [Stack Overflow](https://stackoverflow.com/questions/tagged/guzzle)
+- [#guzzle](https://app.slack.com/client/T0D2S9JCT/CE6UAAKL4) channel on [PHP-HTTP Slack](https://slack.httplug.io/)
+- [Gitter](https://gitter.im/guzzle/guzzle)
+
+
+## Installing Guzzle
+
+The recommended way to install Guzzle is through
+[Composer](https://getcomposer.org/).
+
+```bash
+composer require guzzlehttp/guzzle
+```
+
+
+## Version Guidance
+
+| Version | Status         | Packagist           | Namespace    | Repo                | Docs                | PSR-7 | PHP Version  |
+|---------|----------------|---------------------|--------------|---------------------|---------------------|-------|--------------|
+| 3.x     | EOL            | `guzzle/guzzle`     | `Guzzle`     | [v3][guzzle-3-repo] | [v3][guzzle-3-docs] | No    | >=5.3.3,<7.0 |
+| 4.x     | EOL            | `guzzlehttp/guzzle` | `GuzzleHttp` | [v4][guzzle-4-repo] | N/A                 | No    | >=5.4,<7.0   |
+| 5.x     | EOL            | `guzzlehttp/guzzle` | `GuzzleHttp` | [v5][guzzle-5-repo] | [v5][guzzle-5-docs] | No    | >=5.4,<7.4   |
+| 6.x     | Security fixes | `guzzlehttp/guzzle` | `GuzzleHttp` | [v6][guzzle-6-repo] | [v6][guzzle-6-docs] | Yes   | >=5.5,<8.0   |
+| 7.x     | Latest         | `guzzlehttp/guzzle` | `GuzzleHttp` | [v7][guzzle-7-repo] | [v7][guzzle-7-docs] | Yes   | >=7.2.5,<8.2 |
+
+[guzzle-3-repo]: https://github.com/guzzle/guzzle3
+[guzzle-4-repo]: https://github.com/guzzle/guzzle/tree/4.x
+[guzzle-5-repo]: https://github.com/guzzle/guzzle/tree/5.3
+[guzzle-6-repo]: https://github.com/guzzle/guzzle/tree/6.5
+[guzzle-7-repo]: https://github.com/guzzle/guzzle
+[guzzle-3-docs]: https://guzzle3.readthedocs.io/
+[guzzle-5-docs]: https://docs.guzzlephp.org/en/5.3/
+[guzzle-6-docs]: https://docs.guzzlephp.org/en/6.5/
+[guzzle-7-docs]: https://docs.guzzlephp.org/en/latest/
+
+
+## Security
+
+If you discover a security vulnerability within this package, please send an email to security@tidelift.com. All security vulnerabilities will be promptly addressed. Please do not disclose security-related issues publicly until a fix has been announced. Please see [Security Policy](https://github.com/guzzle/guzzle/security/policy) for more information.
+
+## License
+
+Guzzle is made available under the MIT License (MIT). Please see [License File](LICENSE) for more information.
+
+## For Enterprise
+
+Available as part of the Tidelift Subscription
+
+The maintainers of Guzzle and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. [Learn more.](https://tidelift.com/subscription/pkg/packagist-guzzlehttp-guzzle?utm_source=packagist-guzzlehttp-guzzle&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/UPGRADING.md b/data/web/inc/lib/vendor/guzzlehttp/guzzle/UPGRADING.md
new file mode 100644
index 000000000..45417a7e1
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/UPGRADING.md
@@ -0,0 +1,1253 @@
+Guzzle Upgrade Guide
+====================
+
+6.0 to 7.0
+----------
+
+In order to take advantage of the new features of PHP, Guzzle dropped the support
+of PHP 5. The minimum supported PHP version is now PHP 7.2. Type hints and return
+types for functions and methods have been added wherever possible. 
+
+Please make sure:
+- You are calling a function or a method with the correct type.
+- If you extend a class of Guzzle; update all signatures on methods you override.
+
+#### Other backwards compatibility breaking changes
+
+- Class `GuzzleHttp\UriTemplate` is removed.
+- Class `GuzzleHttp\Exception\SeekException` is removed.
+- Classes `GuzzleHttp\Exception\BadResponseException`, `GuzzleHttp\Exception\ClientException`, 
+  `GuzzleHttp\Exception\ServerException` can no longer be initialized with an empty
+  Response as argument.
+- Class `GuzzleHttp\Exception\ConnectException` now extends `GuzzleHttp\Exception\TransferException`
+  instead of `GuzzleHttp\Exception\RequestException`.
+- Function `GuzzleHttp\Exception\ConnectException::getResponse()` is removed.
+- Function `GuzzleHttp\Exception\ConnectException::hasResponse()` is removed.
+- Constant `GuzzleHttp\ClientInterface::VERSION` is removed. Added `GuzzleHttp\ClientInterface::MAJOR_VERSION` instead.
+- Function `GuzzleHttp\Exception\RequestException::getResponseBodySummary` is removed.
+  Use `\GuzzleHttp\Psr7\get_message_body_summary` as an alternative.
+- Function `GuzzleHttp\Cookie\CookieJar::getCookieValue` is removed.
+- Request option `exception` is removed. Please use `http_errors`.
+- Request option `save_to` is removed. Please use `sink`.
+- Pool option `pool_size` is removed. Please use `concurrency`.
+- We now look for environment variables in the `$_SERVER` super global, due to thread safety issues with `getenv`. We continue to fallback to `getenv` in CLI environments, for maximum compatibility.
+- The `get`, `head`, `put`, `post`, `patch`, `delete`, `getAsync`, `headAsync`, `putAsync`, `postAsync`, `patchAsync`, and `deleteAsync` methods are now implemented as genuine methods on `GuzzleHttp\Client`, with strong typing. The original `__call` implementation remains unchanged for now, for maximum backwards compatibility, but won't be invoked under normal operation.
+- The `log` middleware will log the errors with level `error` instead of `notice` 
+- Support for international domain names (IDN) is now disabled by default, and enabling it requires installing ext-intl, linked against a modern version of the C library (ICU 4.6 or higher).
+
+#### Native functions calls
+
+All internal native functions calls of Guzzle are now prefixed with a slash. This
+change makes it impossible for method overloading by other libraries or applications.
+Example:
+
+```php
+// Before:
+curl_version();
+
+// After:
+\curl_version();
+```
+
+For the full diff you can check [here](https://github.com/guzzle/guzzle/compare/6.5.4..master).
+
+5.0 to 6.0
+----------
+
+Guzzle now uses [PSR-7](https://www.php-fig.org/psr/psr-7/) for HTTP messages.
+Due to the fact that these messages are immutable, this prompted a refactoring
+of Guzzle to use a middleware based system rather than an event system. Any
+HTTP message interaction (e.g., `GuzzleHttp\Message\Request`) need to be
+updated to work with the new immutable PSR-7 request and response objects. Any
+event listeners or subscribers need to be updated to become middleware
+functions that wrap handlers (or are injected into a
+`GuzzleHttp\HandlerStack`).
+
+- Removed `GuzzleHttp\BatchResults`
+- Removed `GuzzleHttp\Collection`
+- Removed `GuzzleHttp\HasDataTrait`
+- Removed `GuzzleHttp\ToArrayInterface`
+- The `guzzlehttp/streams` dependency has been removed. Stream functionality
+  is now present in the `GuzzleHttp\Psr7` namespace provided by the
+  `guzzlehttp/psr7` package.
+- Guzzle no longer uses ReactPHP promises and now uses the
+  `guzzlehttp/promises` library. We use a custom promise library for three
+  significant reasons:
+  1. React promises (at the time of writing this) are recursive. Promise
+     chaining and promise resolution will eventually blow the stack. Guzzle
+     promises are not recursive as they use a sort of trampolining technique.
+     Note: there has been movement in the React project to modify promises to
+     no longer utilize recursion.
+  2. Guzzle needs to have the ability to synchronously block on a promise to
+     wait for a result. Guzzle promises allows this functionality (and does
+     not require the use of recursion).
+  3. Because we need to be able to wait on a result, doing so using React
+     promises requires wrapping react promises with RingPHP futures. This
+     overhead is no longer needed, reducing stack sizes, reducing complexity,
+     and improving performance.
+- `GuzzleHttp\Mimetypes` has been moved to a function in
+  `GuzzleHttp\Psr7\mimetype_from_extension` and
+  `GuzzleHttp\Psr7\mimetype_from_filename`.
+- `GuzzleHttp\Query` and `GuzzleHttp\QueryParser` have been removed. Query
+  strings must now be passed into request objects as strings, or provided to
+  the `query` request option when creating requests with clients. The `query`
+  option uses PHP's `http_build_query` to convert an array to a string. If you
+  need a different serialization technique, you will need to pass the query
+  string in as a string. There are a couple helper functions that will make
+  working with query strings easier: `GuzzleHttp\Psr7\parse_query` and
+  `GuzzleHttp\Psr7\build_query`.
+- Guzzle no longer has a dependency on RingPHP. Due to the use of a middleware
+  system based on PSR-7, using RingPHP and it's middleware system as well adds
+  more complexity than the benefits it provides. All HTTP handlers that were
+  present in RingPHP have been modified to work directly with PSR-7 messages
+  and placed in the `GuzzleHttp\Handler` namespace. This significantly reduces
+  complexity in Guzzle, removes a dependency, and improves performance. RingPHP
+  will be maintained for Guzzle 5 support, but will no longer be a part of
+  Guzzle 6.
+- As Guzzle now uses a middleware based systems the event system and RingPHP
+  integration has been removed. Note: while the event system has been removed,
+  it is possible to add your own type of event system that is powered by the
+  middleware system.
+  - Removed the `Event` namespace.
+  - Removed the `Subscriber` namespace.
+  - Removed `Transaction` class
+  - Removed `RequestFsm`
+  - Removed `RingBridge`
+  - `GuzzleHttp\Subscriber\Cookie` is now provided by
+    `GuzzleHttp\Middleware::cookies`
+  - `GuzzleHttp\Subscriber\HttpError` is now provided by
+    `GuzzleHttp\Middleware::httpError`
+  - `GuzzleHttp\Subscriber\History` is now provided by
+    `GuzzleHttp\Middleware::history`
+  - `GuzzleHttp\Subscriber\Mock` is now provided by
+    `GuzzleHttp\Handler\MockHandler`
+  - `GuzzleHttp\Subscriber\Prepare` is now provided by
+    `GuzzleHttp\PrepareBodyMiddleware`
+  - `GuzzleHttp\Subscriber\Redirect` is now provided by
+    `GuzzleHttp\RedirectMiddleware`
+- Guzzle now uses `Psr\Http\Message\UriInterface` (implements in
+  `GuzzleHttp\Psr7\Uri`) for URI support. `GuzzleHttp\Url` is now gone.
+- Static functions in `GuzzleHttp\Utils` have been moved to namespaced
+  functions under the `GuzzleHttp` namespace. This requires either a Composer
+  based autoloader or you to include functions.php.
+- `GuzzleHttp\ClientInterface::getDefaultOption` has been renamed to
+  `GuzzleHttp\ClientInterface::getConfig`.
+- `GuzzleHttp\ClientInterface::setDefaultOption` has been removed.
+- The `json` and `xml` methods of response objects has been removed. With the
+  migration to strictly adhering to PSR-7 as the interface for Guzzle messages,
+  adding methods to message interfaces would actually require Guzzle messages
+  to extend from PSR-7 messages rather then work with them directly.
+
+## Migrating to middleware
+
+The change to PSR-7 unfortunately required significant refactoring to Guzzle
+due to the fact that PSR-7 messages are immutable. Guzzle 5 relied on an event
+system from plugins. The event system relied on mutability of HTTP messages and
+side effects in order to work. With immutable messages, you have to change your
+workflow to become more about either returning a value (e.g., functional
+middlewares) or setting a value on an object. Guzzle v6 has chosen the
+functional middleware approach.
+
+Instead of using the event system to listen for things like the `before` event,
+you now create a stack based middleware function that intercepts a request on
+the way in and the promise of the response on the way out. This is a much
+simpler and more predictable approach than the event system and works nicely
+with PSR-7 middleware. Due to the use of promises, the middleware system is
+also asynchronous.
+
+v5:
+
+```php
+use GuzzleHttp\Event\BeforeEvent;
+$client = new GuzzleHttp\Client();
+// Get the emitter and listen to the before event.
+$client->getEmitter()->on('before', function (BeforeEvent $e) {
+    // Guzzle v5 events relied on mutation
+    $e->getRequest()->setHeader('X-Foo', 'Bar');
+});
+```
+
+v6:
+
+In v6, you can modify the request before it is sent using the `mapRequest`
+middleware. The idiomatic way in v6 to modify the request/response lifecycle is
+to setup a handler middleware stack up front and inject the handler into a
+client.
+
+```php
+use GuzzleHttp\Middleware;
+// Create a handler stack that has all of the default middlewares attached
+$handler = GuzzleHttp\HandlerStack::create();
+// Push the handler onto the handler stack
+$handler->push(Middleware::mapRequest(function (RequestInterface $request) {
+    // Notice that we have to return a request object
+    return $request->withHeader('X-Foo', 'Bar');
+}));
+// Inject the handler into the client
+$client = new GuzzleHttp\Client(['handler' => $handler]);
+```
+
+## POST Requests
+
+This version added the [`form_params`](http://guzzle.readthedocs.org/en/latest/request-options.html#form_params)
+and `multipart` request options. `form_params` is an associative array of
+strings or array of strings and is used to serialize an
+`application/x-www-form-urlencoded` POST request. The
+[`multipart`](http://guzzle.readthedocs.org/en/latest/request-options.html#multipart)
+option is now used to send a multipart/form-data POST request.
+
+`GuzzleHttp\Post\PostFile` has been removed. Use the `multipart` option to add
+POST files to a multipart/form-data request.
+
+The `body` option no longer accepts an array to send POST requests. Please use
+`multipart` or `form_params` instead.
+
+The `base_url` option has been renamed to `base_uri`.
+
+4.x to 5.0
+----------
+
+## Rewritten Adapter Layer
+
+Guzzle now uses [RingPHP](http://ringphp.readthedocs.org/en/latest) to send
+HTTP requests. The `adapter` option in a `GuzzleHttp\Client` constructor
+is still supported, but it has now been renamed to `handler`. Instead of
+passing a `GuzzleHttp\Adapter\AdapterInterface`, you must now pass a PHP
+`callable` that follows the RingPHP specification.
+
+## Removed Fluent Interfaces
+
+[Fluent interfaces were removed](https://ocramius.github.io/blog/fluent-interfaces-are-evil/)
+from the following classes:
+
+- `GuzzleHttp\Collection`
+- `GuzzleHttp\Url`
+- `GuzzleHttp\Query`
+- `GuzzleHttp\Post\PostBody`
+- `GuzzleHttp\Cookie\SetCookie`
+
+## Removed functions.php
+
+Removed "functions.php", so that Guzzle is truly PSR-4 compliant. The following
+functions can be used as replacements.
+
+- `GuzzleHttp\json_decode` -> `GuzzleHttp\Utils::jsonDecode`
+- `GuzzleHttp\get_path` -> `GuzzleHttp\Utils::getPath`
+- `GuzzleHttp\Utils::setPath` -> `GuzzleHttp\set_path`
+- `GuzzleHttp\Pool::batch` -> `GuzzleHttp\batch`. This function is, however,
+  deprecated in favor of using `GuzzleHttp\Pool::batch()`.
+
+The "procedural" global client has been removed with no replacement (e.g.,
+`GuzzleHttp\get()`, `GuzzleHttp\post()`, etc.). Use a `GuzzleHttp\Client`
+object as a replacement.
+
+## `throwImmediately` has been removed
+
+The concept of "throwImmediately" has been removed from exceptions and error
+events. This control mechanism was used to stop a transfer of concurrent
+requests from completing. This can now be handled by throwing the exception or
+by cancelling a pool of requests or each outstanding future request
+individually.
+
+## headers event has been removed
+
+Removed the "headers" event. This event was only useful for changing the
+body a response once the headers of the response were known. You can implement
+a similar behavior in a number of ways. One example might be to use a
+FnStream that has access to the transaction being sent. For example, when the
+first byte is written, you could check if the response headers match your
+expectations, and if so, change the actual stream body that is being
+written to.
+
+## Updates to HTTP Messages
+
+Removed the `asArray` parameter from
+`GuzzleHttp\Message\MessageInterface::getHeader`. If you want to get a header
+value as an array, then use the newly added `getHeaderAsArray()` method of
+`MessageInterface`. This change makes the Guzzle interfaces compatible with
+the PSR-7 interfaces.
+
+3.x to 4.0
+----------
+
+## Overarching changes:
+
+- Now requires PHP 5.4 or greater.
+- No longer requires cURL to send requests.
+- Guzzle no longer wraps every exception it throws. Only exceptions that are
+  recoverable are now wrapped by Guzzle.
+- Various namespaces have been removed or renamed.
+- No longer requiring the Symfony EventDispatcher. A custom event dispatcher
+  based on the Symfony EventDispatcher is
+  now utilized in `GuzzleHttp\Event\EmitterInterface` (resulting in significant
+  speed and functionality improvements).
+
+Changes per Guzzle 3.x namespace are described below.
+
+## Batch
+
+The `Guzzle\Batch` namespace has been removed. This is best left to
+third-parties to implement on top of Guzzle's core HTTP library.
+
+## Cache
+
+The `Guzzle\Cache` namespace has been removed. (Todo: No suitable replacement
+has been implemented yet, but hoping to utilize a PSR cache interface).
+
+## Common
+
+- Removed all of the wrapped exceptions. It's better to use the standard PHP
+  library for unrecoverable exceptions.
+- `FromConfigInterface` has been removed.
+- `Guzzle\Common\Version` has been removed. The VERSION constant can be found
+  at `GuzzleHttp\ClientInterface::VERSION`.
+
+### Collection
+
+- `getAll` has been removed. Use `toArray` to convert a collection to an array.
+- `inject` has been removed.
+- `keySearch` has been removed.
+- `getPath` no longer supports wildcard expressions. Use something better like
+  JMESPath for this.
+- `setPath` now supports appending to an existing array via the `[]` notation.
+
+### Events
+
+Guzzle no longer requires Symfony's EventDispatcher component. Guzzle now uses
+`GuzzleHttp\Event\Emitter`.
+
+- `Symfony\Component\EventDispatcher\EventDispatcherInterface` is replaced by
+  `GuzzleHttp\Event\EmitterInterface`.
+- `Symfony\Component\EventDispatcher\EventDispatcher` is replaced by
+  `GuzzleHttp\Event\Emitter`.
+- `Symfony\Component\EventDispatcher\Event` is replaced by
+  `GuzzleHttp\Event\Event`, and Guzzle now has an EventInterface in
+  `GuzzleHttp\Event\EventInterface`.
+- `AbstractHasDispatcher` has moved to a trait, `HasEmitterTrait`, and
+  `HasDispatcherInterface` has moved to `HasEmitterInterface`. Retrieving the
+  event emitter of a request, client, etc. now uses the `getEmitter` method
+  rather than the `getDispatcher` method.
+
+#### Emitter
+
+- Use the `once()` method to add a listener that automatically removes itself
+  the first time it is invoked.
+- Use the `listeners()` method to retrieve a list of event listeners rather than
+  the `getListeners()` method.
+- Use `emit()` instead of `dispatch()` to emit an event from an emitter.
+- Use `attach()` instead of `addSubscriber()` and `detach()` instead of
+  `removeSubscriber()`.
+
+```php
+$mock = new Mock();
+// 3.x
+$request->getEventDispatcher()->addSubscriber($mock);
+$request->getEventDispatcher()->removeSubscriber($mock);
+// 4.x
+$request->getEmitter()->attach($mock);
+$request->getEmitter()->detach($mock);
+```
+
+Use the `on()` method to add a listener rather than the `addListener()` method.
+
+```php
+// 3.x
+$request->getEventDispatcher()->addListener('foo', function (Event $event) { /* ... */ } );
+// 4.x
+$request->getEmitter()->on('foo', function (Event $event, $name) { /* ... */ } );
+```
+
+## Http
+
+### General changes
+
+- The cacert.pem certificate has been moved to `src/cacert.pem`.
+- Added the concept of adapters that are used to transfer requests over the
+  wire.
+- Simplified the event system.
+- Sending requests in parallel is still possible, but batching is no longer a
+  concept of the HTTP layer. Instead, you must use the `complete` and `error`
+  events to asynchronously manage parallel request transfers.
+- `Guzzle\Http\Url` has moved to `GuzzleHttp\Url`.
+- `Guzzle\Http\QueryString` has moved to `GuzzleHttp\Query`.
+- QueryAggregators have been rewritten so that they are simply callable
+  functions.
+- `GuzzleHttp\StaticClient` has been removed. Use the functions provided in
+  `functions.php` for an easy to use static client instance.
+- Exceptions in `GuzzleHttp\Exception` have been updated to all extend from
+  `GuzzleHttp\Exception\TransferException`.
+
+### Client
+
+Calling methods like `get()`, `post()`, `head()`, etc. no longer create and
+return a request, but rather creates a request, sends the request, and returns
+the response.
+
+```php
+// 3.0
+$request = $client->get('/');
+$response = $request->send();
+
+// 4.0
+$response = $client->get('/');
+
+// or, to mirror the previous behavior
+$request = $client->createRequest('GET', '/');
+$response = $client->send($request);
+```
+
+`GuzzleHttp\ClientInterface` has changed.
+
+- The `send` method no longer accepts more than one request. Use `sendAll` to
+  send multiple requests in parallel.
+- `setUserAgent()` has been removed. Use a default request option instead. You
+  could, for example, do something like:
+  `$client->setConfig('defaults/headers/User-Agent', 'Foo/Bar ' . $client::getDefaultUserAgent())`.
+- `setSslVerification()` has been removed. Use default request options instead,
+  like `$client->setConfig('defaults/verify', true)`.
+
+`GuzzleHttp\Client` has changed.
+
+- The constructor now accepts only an associative array. You can include a
+  `base_url` string or array to use a URI template as the base URL of a client.
+  You can also specify a `defaults` key that is an associative array of default
+  request options. You can pass an `adapter` to use a custom adapter,
+  `batch_adapter` to use a custom adapter for sending requests in parallel, or
+  a `message_factory` to change the factory used to create HTTP requests and
+  responses.
+- The client no longer emits a `client.create_request` event.
+- Creating requests with a client no longer automatically utilize a URI
+  template. You must pass an array into a creational method (e.g.,
+  `createRequest`, `get`, `put`, etc.) in order to expand a URI template.
+
+### Messages
+
+Messages no longer have references to their counterparts (i.e., a request no
+longer has a reference to it's response, and a response no loger has a
+reference to its request). This association is now managed through a
+`GuzzleHttp\Adapter\TransactionInterface` object. You can get references to
+these transaction objects using request events that are emitted over the
+lifecycle of a request.
+
+#### Requests with a body
+
+- `GuzzleHttp\Message\EntityEnclosingRequest` and
+  `GuzzleHttp\Message\EntityEnclosingRequestInterface` have been removed. The
+  separation between requests that contain a body and requests that do not
+  contain a body has been removed, and now `GuzzleHttp\Message\RequestInterface`
+  handles both use cases.
+- Any method that previously accepts a `GuzzleHttp\Response` object now accept a
+  `GuzzleHttp\Message\ResponseInterface`.
+- `GuzzleHttp\Message\RequestFactoryInterface` has been renamed to
+  `GuzzleHttp\Message\MessageFactoryInterface`. This interface is used to create
+  both requests and responses and is implemented in
+  `GuzzleHttp\Message\MessageFactory`.
+- POST field and file methods have been removed from the request object. You
+  must now use the methods made available to `GuzzleHttp\Post\PostBodyInterface`
+  to control the format of a POST body. Requests that are created using a
+  standard `GuzzleHttp\Message\MessageFactoryInterface` will automatically use
+  a `GuzzleHttp\Post\PostBody` body if the body was passed as an array or if
+  the method is POST and no body is provided.
+
+```php
+$request = $client->createRequest('POST', '/');
+$request->getBody()->setField('foo', 'bar');
+$request->getBody()->addFile(new PostFile('file_key', fopen('/path/to/content', 'r')));
+```
+
+#### Headers
+
+- `GuzzleHttp\Message\Header` has been removed. Header values are now simply
+  represented by an array of values or as a string. Header values are returned
+  as a string by default when retrieving a header value from a message. You can
+  pass an optional argument of `true` to retrieve a header value as an array
+  of strings instead of a single concatenated string.
+- `GuzzleHttp\PostFile` and `GuzzleHttp\PostFileInterface` have been moved to
+  `GuzzleHttp\Post`. This interface has been simplified and now allows the
+  addition of arbitrary headers.
+- Custom headers like `GuzzleHttp\Message\Header\Link` have been removed. Most
+  of the custom headers are now handled separately in specific
+  subscribers/plugins, and `GuzzleHttp\Message\HeaderValues::parseParams()` has
+  been updated to properly handle headers that contain parameters (like the
+  `Link` header).
+
+#### Responses
+
+- `GuzzleHttp\Message\Response::getInfo()` and
+  `GuzzleHttp\Message\Response::setInfo()` have been removed. Use the event
+  system to retrieve this type of information.
+- `GuzzleHttp\Message\Response::getRawHeaders()` has been removed.
+- `GuzzleHttp\Message\Response::getMessage()` has been removed.
+- `GuzzleHttp\Message\Response::calculateAge()` and other cache specific
+  methods have moved to the CacheSubscriber.
+- Header specific helper functions like `getContentMd5()` have been removed.
+  Just use `getHeader('Content-MD5')` instead.
+- `GuzzleHttp\Message\Response::setRequest()` and
+  `GuzzleHttp\Message\Response::getRequest()` have been removed. Use the event
+  system to work with request and response objects as a transaction.
+- `GuzzleHttp\Message\Response::getRedirectCount()` has been removed. Use the
+  Redirect subscriber instead.
+- `GuzzleHttp\Message\Response::isSuccessful()` and other related methods have
+  been removed. Use `getStatusCode()` instead.
+
+#### Streaming responses
+
+Streaming requests can now be created by a client directly, returning a
+`GuzzleHttp\Message\ResponseInterface` object that contains a body stream
+referencing an open PHP HTTP stream.
+
+```php
+// 3.0
+use Guzzle\Stream\PhpStreamRequestFactory;
+$request = $client->get('/');
+$factory = new PhpStreamRequestFactory();
+$stream = $factory->fromRequest($request);
+$data = $stream->read(1024);
+
+// 4.0
+$response = $client->get('/', ['stream' => true]);
+// Read some data off of the stream in the response body
+$data = $response->getBody()->read(1024);
+```
+
+#### Redirects
+
+The `configureRedirects()` method has been removed in favor of a
+`allow_redirects` request option.
+
+```php
+// Standard redirects with a default of a max of 5 redirects
+$request = $client->createRequest('GET', '/', ['allow_redirects' => true]);
+
+// Strict redirects with a custom number of redirects
+$request = $client->createRequest('GET', '/', [
+    'allow_redirects' => ['max' => 5, 'strict' => true]
+]);
+```
+
+#### EntityBody
+
+EntityBody interfaces and classes have been removed or moved to
+`GuzzleHttp\Stream`. All classes and interfaces that once required
+`GuzzleHttp\EntityBodyInterface` now require
+`GuzzleHttp\Stream\StreamInterface`. Creating a new body for a request no
+longer uses `GuzzleHttp\EntityBody::factory` but now uses
+`GuzzleHttp\Stream\Stream::factory` or even better:
+`GuzzleHttp\Stream\create()`.
+
+- `Guzzle\Http\EntityBodyInterface` is now `GuzzleHttp\Stream\StreamInterface`
+- `Guzzle\Http\EntityBody` is now `GuzzleHttp\Stream\Stream`
+- `Guzzle\Http\CachingEntityBody` is now `GuzzleHttp\Stream\CachingStream`
+- `Guzzle\Http\ReadLimitEntityBody` is now `GuzzleHttp\Stream\LimitStream`
+- `Guzzle\Http\IoEmittyinEntityBody` has been removed.
+
+#### Request lifecycle events
+
+Requests previously submitted a large number of requests. The number of events
+emitted over the lifecycle of a request has been significantly reduced to make
+it easier to understand how to extend the behavior of a request. All events
+emitted during the lifecycle of a request now emit a custom
+`GuzzleHttp\Event\EventInterface` object that contains context providing
+methods and a way in which to modify the transaction at that specific point in
+time (e.g., intercept the request and set a response on the transaction).
+
+- `request.before_send` has been renamed to `before` and now emits a
+  `GuzzleHttp\Event\BeforeEvent`
+- `request.complete` has been renamed to `complete` and now emits a
+  `GuzzleHttp\Event\CompleteEvent`.
+- `request.sent` has been removed. Use `complete`.
+- `request.success` has been removed. Use `complete`.
+- `error` is now an event that emits a `GuzzleHttp\Event\ErrorEvent`.
+- `request.exception` has been removed. Use `error`.
+- `request.receive.status_line` has been removed.
+- `curl.callback.progress` has been removed. Use a custom `StreamInterface` to
+  maintain a status update.
+- `curl.callback.write` has been removed. Use a custom `StreamInterface` to
+  intercept writes.
+- `curl.callback.read` has been removed. Use a custom `StreamInterface` to
+  intercept reads.
+
+`headers` is a new event that is emitted after the response headers of a
+request have been received before the body of the response is downloaded. This
+event emits a `GuzzleHttp\Event\HeadersEvent`.
+
+You can intercept a request and inject a response using the `intercept()` event
+of a `GuzzleHttp\Event\BeforeEvent`, `GuzzleHttp\Event\CompleteEvent`, and
+`GuzzleHttp\Event\ErrorEvent` event.
+
+See: http://docs.guzzlephp.org/en/latest/events.html
+
+## Inflection
+
+The `Guzzle\Inflection` namespace has been removed. This is not a core concern
+of Guzzle.
+
+## Iterator
+
+The `Guzzle\Iterator` namespace has been removed.
+
+- `Guzzle\Iterator\AppendIterator`, `Guzzle\Iterator\ChunkedIterator`, and
+  `Guzzle\Iterator\MethodProxyIterator` are nice, but not a core requirement of
+  Guzzle itself.
+- `Guzzle\Iterator\FilterIterator` is no longer needed because an equivalent
+  class is shipped with PHP 5.4.
+- `Guzzle\Iterator\MapIterator` is not really needed when using PHP 5.5 because
+  it's easier to just wrap an iterator in a generator that maps values.
+
+For a replacement of these iterators, see https://github.com/nikic/iter
+
+## Log
+
+The LogPlugin has moved to https://github.com/guzzle/log-subscriber. The
+`Guzzle\Log` namespace has been removed. Guzzle now relies on
+`Psr\Log\LoggerInterface` for all logging. The MessageFormatter class has been
+moved to `GuzzleHttp\Subscriber\Log\Formatter`.
+
+## Parser
+
+The `Guzzle\Parser` namespace has been removed. This was previously used to
+make it possible to plug in custom parsers for cookies, messages, URI
+templates, and URLs; however, this level of complexity is not needed in Guzzle
+so it has been removed.
+
+- Cookie: Cookie parsing logic has been moved to
+  `GuzzleHttp\Cookie\SetCookie::fromString`.
+- Message: Message parsing logic for both requests and responses has been moved
+  to `GuzzleHttp\Message\MessageFactory::fromMessage`. Message parsing is only
+  used in debugging or deserializing messages, so it doesn't make sense for
+  Guzzle as a library to add this level of complexity to parsing messages.
+- UriTemplate: URI template parsing has been moved to
+  `GuzzleHttp\UriTemplate`. The Guzzle library will automatically use the PECL
+  URI template library if it is installed.
+- Url: URL parsing is now performed in `GuzzleHttp\Url::fromString` (previously
+  it was `Guzzle\Http\Url::factory()`). If custom URL parsing is necessary,
+  then developers are free to subclass `GuzzleHttp\Url`.
+
+## Plugin
+
+The `Guzzle\Plugin` namespace has been renamed to `GuzzleHttp\Subscriber`.
+Several plugins are shipping with the core Guzzle library under this namespace.
+
+- `GuzzleHttp\Subscriber\Cookie`: Replaces the old CookiePlugin. Cookie jar
+  code has moved to `GuzzleHttp\Cookie`.
+- `GuzzleHttp\Subscriber\History`: Replaces the old HistoryPlugin.
+- `GuzzleHttp\Subscriber\HttpError`: Throws errors when a bad HTTP response is
+  received.
+- `GuzzleHttp\Subscriber\Mock`: Replaces the old MockPlugin.
+- `GuzzleHttp\Subscriber\Prepare`: Prepares the body of a request just before
+  sending. This subscriber is attached to all requests by default.
+- `GuzzleHttp\Subscriber\Redirect`: Replaces the RedirectPlugin.
+
+The following plugins have been removed (third-parties are free to re-implement
+these if needed):
+
+- `GuzzleHttp\Plugin\Async` has been removed.
+- `GuzzleHttp\Plugin\CurlAuth` has been removed.
+- `GuzzleHttp\Plugin\ErrorResponse\ErrorResponsePlugin` has been removed. This
+  functionality should instead be implemented with event listeners that occur
+  after normal response parsing occurs in the guzzle/command package.
+
+The following plugins are not part of the core Guzzle package, but are provided
+in separate repositories:
+
+- `Guzzle\Http\Plugin\BackoffPlugin` has been rewritten to be much simpler
+  to build custom retry policies using simple functions rather than various
+  chained classes. See: https://github.com/guzzle/retry-subscriber
+- `Guzzle\Http\Plugin\Cache\CachePlugin` has moved to
+  https://github.com/guzzle/cache-subscriber
+- `Guzzle\Http\Plugin\Log\LogPlugin` has moved to
+  https://github.com/guzzle/log-subscriber
+- `Guzzle\Http\Plugin\Md5\Md5Plugin` has moved to
+  https://github.com/guzzle/message-integrity-subscriber
+- `Guzzle\Http\Plugin\Mock\MockPlugin` has moved to
+  `GuzzleHttp\Subscriber\MockSubscriber`.
+- `Guzzle\Http\Plugin\Oauth\OauthPlugin` has moved to
+  https://github.com/guzzle/oauth-subscriber
+
+## Service
+
+The service description layer of Guzzle has moved into two separate packages:
+
+- http://github.com/guzzle/command Provides a high level abstraction over web
+  services by representing web service operations using commands.
+- http://github.com/guzzle/guzzle-services Provides an implementation of
+  guzzle/command that provides request serialization and response parsing using
+  Guzzle service descriptions.
+
+## Stream
+
+Stream have moved to a separate package available at
+https://github.com/guzzle/streams.
+
+`Guzzle\Stream\StreamInterface` has been given a large update to cleanly take
+on the responsibilities of `Guzzle\Http\EntityBody` and
+`Guzzle\Http\EntityBodyInterface` now that they have been removed. The number
+of methods implemented by the `StreamInterface` has been drastically reduced to
+allow developers to more easily extend and decorate stream behavior.
+
+## Removed methods from StreamInterface
+
+- `getStream` and `setStream` have been removed to better encapsulate streams.
+- `getMetadata` and `setMetadata` have been removed in favor of
+  `GuzzleHttp\Stream\MetadataStreamInterface`.
+- `getWrapper`, `getWrapperData`, `getStreamType`, and `getUri` have all been
+  removed. This data is accessible when
+  using streams that implement `GuzzleHttp\Stream\MetadataStreamInterface`.
+- `rewind` has been removed. Use `seek(0)` for a similar behavior.
+
+## Renamed methods
+
+- `detachStream` has been renamed to `detach`.
+- `feof` has been renamed to `eof`.
+- `ftell` has been renamed to `tell`.
+- `readLine` has moved from an instance method to a static class method of
+  `GuzzleHttp\Stream\Stream`.
+
+## Metadata streams
+
+`GuzzleHttp\Stream\MetadataStreamInterface` has been added to denote streams
+that contain additional metadata accessible via `getMetadata()`.
+`GuzzleHttp\Stream\StreamInterface::getMetadata` and
+`GuzzleHttp\Stream\StreamInterface::setMetadata` have been removed.
+
+## StreamRequestFactory
+
+The entire concept of the StreamRequestFactory has been removed. The way this
+was used in Guzzle 3 broke the actual interface of sending streaming requests
+(instead of getting back a Response, you got a StreamInterface). Streaming
+PHP requests are now implemented through the `GuzzleHttp\Adapter\StreamAdapter`.
+
+3.6 to 3.7
+----------
+
+### Deprecations
+
+- You can now enable E_USER_DEPRECATED warnings to see if you are using any deprecated methods.:
+
+```php
+\Guzzle\Common\Version::$emitWarnings = true;
+```
+
+The following APIs and options have been marked as deprecated:
+
+- Marked `Guzzle\Http\Message\Request::isResponseBodyRepeatable()` as deprecated. Use `$request->getResponseBody()->isRepeatable()` instead.
+- Marked `Guzzle\Http\Message\Request::canCache()` as deprecated. Use `Guzzle\Plugin\Cache\DefaultCanCacheStrategy->canCacheRequest()` instead.
+- Marked `Guzzle\Http\Message\Request::canCache()` as deprecated. Use `Guzzle\Plugin\Cache\DefaultCanCacheStrategy->canCacheRequest()` instead.
+- Marked `Guzzle\Http\Message\Request::setIsRedirect()` as deprecated. Use the HistoryPlugin instead.
+- Marked `Guzzle\Http\Message\Request::isRedirect()` as deprecated. Use the HistoryPlugin instead.
+- Marked `Guzzle\Cache\CacheAdapterFactory::factory()` as deprecated
+- Marked `Guzzle\Service\Client::enableMagicMethods()` as deprecated. Magic methods can no longer be disabled on a Guzzle\Service\Client.
+- Marked `Guzzle\Parser\Url\UrlParser` as deprecated. Just use PHP's `parse_url()` and percent encode your UTF-8.
+- Marked `Guzzle\Common\Collection::inject()` as deprecated.
+- Marked `Guzzle\Plugin\CurlAuth\CurlAuthPlugin` as deprecated. Use
+  `$client->getConfig()->setPath('request.options/auth', array('user', 'pass', 'Basic|Digest|NTLM|Any'));` or
+  `$client->setDefaultOption('auth', array('user', 'pass', 'Basic|Digest|NTLM|Any'));`
+
+3.7 introduces `request.options` as a parameter for a client configuration and as an optional argument to all creational
+request methods. When paired with a client's configuration settings, these options allow you to specify default settings
+for various aspects of a request. Because these options make other previous configuration options redundant, several
+configuration options and methods of a client and AbstractCommand have been deprecated.
+
+- Marked `Guzzle\Service\Client::getDefaultHeaders()` as deprecated. Use `$client->getDefaultOption('headers')`.
+- Marked `Guzzle\Service\Client::setDefaultHeaders()` as deprecated. Use `$client->setDefaultOption('headers/{header_name}', 'value')`.
+- Marked 'request.params' for `Guzzle\Http\Client` as deprecated. Use `$client->setDefaultOption('params/{param_name}', 'value')`
+- Marked 'command.headers', 'command.response_body' and 'command.on_complete' as deprecated for AbstractCommand. These will work through Guzzle 4.0
+
+        $command = $client->getCommand('foo', array(
+            'command.headers' => array('Test' => '123'),
+            'command.response_body' => '/path/to/file'
+        ));
+
+        // Should be changed to:
+
+        $command = $client->getCommand('foo', array(
+            'command.request_options' => array(
+                'headers' => array('Test' => '123'),
+                'save_as' => '/path/to/file'
+            )
+        ));
+
+### Interface changes
+
+Additions and changes (you will need to update any implementations or subclasses you may have created):
+
+- Added an `$options` argument to the end of the following methods of `Guzzle\Http\ClientInterface`:
+  createRequest, head, delete, put, patch, post, options, prepareRequest
+- Added an `$options` argument to the end of `Guzzle\Http\Message\Request\RequestFactoryInterface::createRequest()`
+- Added an `applyOptions()` method to `Guzzle\Http\Message\Request\RequestFactoryInterface`
+- Changed `Guzzle\Http\ClientInterface::get($uri = null, $headers = null, $body = null)` to
+  `Guzzle\Http\ClientInterface::get($uri = null, $headers = null, $options = array())`. You can still pass in a
+  resource, string, or EntityBody into the $options parameter to specify the download location of the response.
+- Changed `Guzzle\Common\Collection::__construct($data)` to no longer accepts a null value for `$data` but a
+  default `array()`
+- Added `Guzzle\Stream\StreamInterface::isRepeatable`
+- Made `Guzzle\Http\Client::expandTemplate` and `getUriTemplate` protected methods.
+
+The following methods were removed from interfaces. All of these methods are still available in the concrete classes
+that implement them, but you should update your code to use alternative methods:
+
+- Removed `Guzzle\Http\ClientInterface::setDefaultHeaders(). Use
+  `$client->getConfig()->setPath('request.options/headers/{header_name}', 'value')`. or
+  `$client->getConfig()->setPath('request.options/headers', array('header_name' => 'value'))` or
+  `$client->setDefaultOption('headers/{header_name}', 'value')`. or
+  `$client->setDefaultOption('headers', array('header_name' => 'value'))`.
+- Removed `Guzzle\Http\ClientInterface::getDefaultHeaders(). Use `$client->getConfig()->getPath('request.options/headers')`.
+- Removed `Guzzle\Http\ClientInterface::expandTemplate()`. This is an implementation detail.
+- Removed `Guzzle\Http\ClientInterface::setRequestFactory()`. This is an implementation detail.
+- Removed `Guzzle\Http\ClientInterface::getCurlMulti()`. This is a very specific implementation detail.
+- Removed `Guzzle\Http\Message\RequestInterface::canCache`. Use the CachePlugin.
+- Removed `Guzzle\Http\Message\RequestInterface::setIsRedirect`. Use the HistoryPlugin.
+- Removed `Guzzle\Http\Message\RequestInterface::isRedirect`. Use the HistoryPlugin.
+
+### Cache plugin breaking changes
+
+- CacheKeyProviderInterface and DefaultCacheKeyProvider are no longer used. All of this logic is handled in a
+  CacheStorageInterface. These two objects and interface will be removed in a future version.
+- Always setting X-cache headers on cached responses
+- Default cache TTLs are now handled by the CacheStorageInterface of a CachePlugin
+- `CacheStorageInterface::cache($key, Response $response, $ttl = null)` has changed to `cache(RequestInterface
+  $request, Response $response);`
+- `CacheStorageInterface::fetch($key)` has changed to `fetch(RequestInterface $request);`
+- `CacheStorageInterface::delete($key)` has changed to `delete(RequestInterface $request);`
+- Added `CacheStorageInterface::purge($url)`
+- `DefaultRevalidation::__construct(CacheKeyProviderInterface $cacheKey, CacheStorageInterface $cache, CachePlugin
+  $plugin)` has changed to `DefaultRevalidation::__construct(CacheStorageInterface $cache,
+  CanCacheStrategyInterface $canCache = null)`
+- Added `RevalidationInterface::shouldRevalidate(RequestInterface $request, Response $response)`
+
+3.5 to 3.6
+----------
+
+* Mixed casing of headers are now forced to be a single consistent casing across all values for that header.
+* Messages internally use a HeaderCollection object to delegate handling case-insensitive header resolution
+* Removed the whole changedHeader() function system of messages because all header changes now go through addHeader().
+  For example, setHeader() first removes the header using unset on a HeaderCollection and then calls addHeader().
+  Keeping the Host header and URL host in sync is now handled by overriding the addHeader method in Request.
+* Specific header implementations can be created for complex headers. When a message creates a header, it uses a
+  HeaderFactory which can map specific headers to specific header classes. There is now a Link header and
+  CacheControl header implementation.
+* Moved getLinks() from Response to just be used on a Link header object.
+
+If you previously relied on Guzzle\Http\Message\Header::raw(), then you will need to update your code to use the
+HeaderInterface (e.g. toArray(), getAll(), etc.).
+
+### Interface changes
+
+* Removed from interface: Guzzle\Http\ClientInterface::setUriTemplate
+* Removed from interface: Guzzle\Http\ClientInterface::setCurlMulti()
+* Removed Guzzle\Http\Message\Request::receivedRequestHeader() and implemented this functionality in
+  Guzzle\Http\Curl\RequestMediator
+* Removed the optional $asString parameter from MessageInterface::getHeader(). Just cast the header to a string.
+* Removed the optional $tryChunkedTransfer option from Guzzle\Http\Message\EntityEnclosingRequestInterface
+* Removed the $asObjects argument from Guzzle\Http\Message\MessageInterface::getHeaders()
+
+### Removed deprecated functions
+
+* Removed Guzzle\Parser\ParserRegister::get(). Use getParser()
+* Removed Guzzle\Parser\ParserRegister::set(). Use registerParser().
+
+### Deprecations
+
+* The ability to case-insensitively search for header values
+* Guzzle\Http\Message\Header::hasExactHeader
+* Guzzle\Http\Message\Header::raw. Use getAll()
+* Deprecated cache control specific methods on Guzzle\Http\Message\AbstractMessage. Use the CacheControl header object
+  instead.
+
+### Other changes
+
+* All response header helper functions return a string rather than mixing Header objects and strings inconsistently
+* Removed cURL blacklist support. This is no longer necessary now that Expect, Accept, etc. are managed by Guzzle
+  directly via interfaces
+* Removed the injecting of a request object onto a response object. The methods to get and set a request still exist
+  but are a no-op until removed.
+* Most classes that used to require a `Guzzle\Service\Command\CommandInterface` typehint now request a
+  `Guzzle\Service\Command\ArrayCommandInterface`.
+* Added `Guzzle\Http\Message\RequestInterface::startResponse()` to the RequestInterface to handle injecting a response
+  on a request while the request is still being transferred
+* `Guzzle\Service\Command\CommandInterface` now extends from ToArrayInterface and ArrayAccess
+
+3.3 to 3.4
+----------
+
+Base URLs of a client now follow the rules of https://tools.ietf.org/html/rfc3986#section-5.2.2 when merging URLs.
+
+3.2 to 3.3
+----------
+
+### Response::getEtag() quote stripping removed
+
+`Guzzle\Http\Message\Response::getEtag()` no longer strips quotes around the ETag response header
+
+### Removed `Guzzle\Http\Utils`
+
+The `Guzzle\Http\Utils` class was removed. This class was only used for testing.
+
+### Stream wrapper and type
+
+`Guzzle\Stream\Stream::getWrapper()` and `Guzzle\Stream\Stream::getStreamType()` are no longer converted to lowercase.
+
+### curl.emit_io became emit_io
+
+Emitting IO events from a RequestMediator is now a parameter that must be set in a request's curl options using the
+'emit_io' key. This was previously set under a request's parameters using 'curl.emit_io'
+
+3.1 to 3.2
+----------
+
+### CurlMulti is no longer reused globally
+
+Before 3.2, the same CurlMulti object was reused globally for each client. This can cause issue where plugins added
+to a single client can pollute requests dispatched from other clients.
+
+If you still wish to reuse the same CurlMulti object with each client, then you can add a listener to the
+ServiceBuilder's `service_builder.create_client` event to inject a custom CurlMulti object into each client as it is
+created.
+
+```php
+$multi = new Guzzle\Http\Curl\CurlMulti();
+$builder = Guzzle\Service\Builder\ServiceBuilder::factory('/path/to/config.json');
+$builder->addListener('service_builder.create_client', function ($event) use ($multi) {
+    $event['client']->setCurlMulti($multi);
+}
+});
+```
+
+### No default path
+
+URLs no longer have a default path value of '/' if no path was specified.
+
+Before:
+
+```php
+$request = $client->get('http://www.foo.com');
+echo $request->getUrl();
+// >> http://www.foo.com/
+```
+
+After:
+
+```php
+$request = $client->get('http://www.foo.com');
+echo $request->getUrl();
+// >> http://www.foo.com
+```
+
+### Less verbose BadResponseException
+
+The exception message for `Guzzle\Http\Exception\BadResponseException` no longer contains the full HTTP request and
+response information. You can, however, get access to the request and response object by calling `getRequest()` or
+`getResponse()` on the exception object.
+
+### Query parameter aggregation
+
+Multi-valued query parameters are no longer aggregated using a callback function. `Guzzle\Http\Query` now has a
+setAggregator() method that accepts a `Guzzle\Http\QueryAggregator\QueryAggregatorInterface` object. This object is
+responsible for handling the aggregation of multi-valued query string variables into a flattened hash.
+
+2.8 to 3.x
+----------
+
+### Guzzle\Service\Inspector
+
+Change `\Guzzle\Service\Inspector::fromConfig` to `\Guzzle\Common\Collection::fromConfig`
+
+**Before**
+
+```php
+use Guzzle\Service\Inspector;
+
+class YourClient extends \Guzzle\Service\Client
+{
+    public static function factory($config = array())
+    {
+        $default = array();
+        $required = array('base_url', 'username', 'api_key');
+        $config = Inspector::fromConfig($config, $default, $required);
+
+        $client = new self(
+            $config->get('base_url'),
+            $config->get('username'),
+            $config->get('api_key')
+        );
+        $client->setConfig($config);
+
+        $client->setDescription(ServiceDescription::factory(__DIR__ . DIRECTORY_SEPARATOR . 'client.json'));
+
+        return $client;
+    }
+```
+
+**After**
+
+```php
+use Guzzle\Common\Collection;
+
+class YourClient extends \Guzzle\Service\Client
+{
+    public static function factory($config = array())
+    {
+        $default = array();
+        $required = array('base_url', 'username', 'api_key');
+        $config = Collection::fromConfig($config, $default, $required);
+
+        $client = new self(
+            $config->get('base_url'),
+            $config->get('username'),
+            $config->get('api_key')
+        );
+        $client->setConfig($config);
+
+        $client->setDescription(ServiceDescription::factory(__DIR__ . DIRECTORY_SEPARATOR . 'client.json'));
+
+        return $client;
+    }
+```
+
+### Convert XML Service Descriptions to JSON
+
+**Before**
+
+```xml
+<?xml version="1.0" encoding="UTF-8"?>
+<client>
+    <commands>
+        <!-- Groups -->
+        <command name="list_groups" method="GET" uri="groups.json">
+            <doc>Get a list of groups</doc>
+        </command>
+        <command name="search_groups" method="GET" uri='search.json?query="{{query}} type:group"'>
+            <doc>Uses a search query to get a list of groups</doc>
+            <param name="query" type="string" required="true" />
+        </command>
+        <command name="create_group" method="POST" uri="groups.json">
+            <doc>Create a group</doc>
+            <param name="data" type="array" location="body" filters="json_encode" doc="Group JSON"/>
+            <param name="Content-Type" location="header" static="application/json"/>
+        </command>
+        <command name="delete_group" method="DELETE" uri="groups/{{id}}.json">
+            <doc>Delete a group by ID</doc>
+            <param name="id" type="integer" required="true"/>
+        </command>
+        <command name="get_group" method="GET" uri="groups/{{id}}.json">
+            <param name="id" type="integer" required="true"/>
+        </command>
+        <command name="update_group" method="PUT" uri="groups/{{id}}.json">
+            <doc>Update a group</doc>
+            <param name="id" type="integer" required="true"/>
+            <param name="data" type="array" location="body" filters="json_encode" doc="Group JSON"/>
+            <param name="Content-Type" location="header" static="application/json"/>
+        </command>
+    </commands>
+</client>
+```
+
+**After**
+
+```json
+{
+    "name":       "Zendesk REST API v2",
+    "apiVersion": "2012-12-31",
+    "description":"Provides access to Zendesk views, groups, tickets, ticket fields, and users",
+    "operations": {
+        "list_groups":  {
+            "httpMethod":"GET",
+            "uri":       "groups.json",
+            "summary":   "Get a list of groups"
+        },
+        "search_groups":{
+            "httpMethod":"GET",
+            "uri":       "search.json?query=\"{query} type:group\"",
+            "summary":   "Uses a search query to get a list of groups",
+            "parameters":{
+                "query":{
+                    "location":   "uri",
+                    "description":"Zendesk Search Query",
+                    "type":       "string",
+                    "required":   true
+                }
+            }
+        },
+        "create_group": {
+            "httpMethod":"POST",
+            "uri":       "groups.json",
+            "summary":   "Create a group",
+            "parameters":{
+                "data":        {
+                    "type":       "array",
+                    "location":   "body",
+                    "description":"Group JSON",
+                    "filters":    "json_encode",
+                    "required":   true
+                },
+                "Content-Type":{
+                    "type":    "string",
+                    "location":"header",
+                    "static":  "application/json"
+                }
+            }
+        },
+        "delete_group": {
+            "httpMethod":"DELETE",
+            "uri":       "groups/{id}.json",
+            "summary":   "Delete a group",
+            "parameters":{
+                "id":{
+                    "location":   "uri",
+                    "description":"Group to delete by ID",
+                    "type":       "integer",
+                    "required":   true
+                }
+            }
+        },
+        "get_group":    {
+            "httpMethod":"GET",
+            "uri":       "groups/{id}.json",
+            "summary":   "Get a ticket",
+            "parameters":{
+                "id":{
+                    "location":   "uri",
+                    "description":"Group to get by ID",
+                    "type":       "integer",
+                    "required":   true
+                }
+            }
+        },
+        "update_group": {
+            "httpMethod":"PUT",
+            "uri":       "groups/{id}.json",
+            "summary":   "Update a group",
+            "parameters":{
+                "id":          {
+                    "location":   "uri",
+                    "description":"Group to update by ID",
+                    "type":       "integer",
+                    "required":   true
+                },
+                "data":        {
+                    "type":       "array",
+                    "location":   "body",
+                    "description":"Group JSON",
+                    "filters":    "json_encode",
+                    "required":   true
+                },
+                "Content-Type":{
+                    "type":    "string",
+                    "location":"header",
+                    "static":  "application/json"
+                }
+            }
+        }
+}
+```
+
+### Guzzle\Service\Description\ServiceDescription
+
+Commands are now called Operations
+
+**Before**
+
+```php
+use Guzzle\Service\Description\ServiceDescription;
+
+$sd = new ServiceDescription();
+$sd->getCommands();     // @returns ApiCommandInterface[]
+$sd->hasCommand($name);
+$sd->getCommand($name); // @returns ApiCommandInterface|null
+$sd->addCommand($command); // @param ApiCommandInterface $command
+```
+
+**After**
+
+```php
+use Guzzle\Service\Description\ServiceDescription;
+
+$sd = new ServiceDescription();
+$sd->getOperations();           // @returns OperationInterface[]
+$sd->hasOperation($name);
+$sd->getOperation($name);       // @returns OperationInterface|null
+$sd->addOperation($operation);  // @param OperationInterface $operation
+```
+
+### Guzzle\Common\Inflection\Inflector
+
+Namespace is now `Guzzle\Inflection\Inflector`
+
+### Guzzle\Http\Plugin
+
+Namespace is now `Guzzle\Plugin`. Many other changes occur within this namespace and are detailed in their own sections below.
+
+### Guzzle\Http\Plugin\LogPlugin and Guzzle\Common\Log
+
+Now `Guzzle\Plugin\Log\LogPlugin` and `Guzzle\Log` respectively.
+
+**Before**
+
+```php
+use Guzzle\Common\Log\ClosureLogAdapter;
+use Guzzle\Http\Plugin\LogPlugin;
+
+/** @var \Guzzle\Http\Client */
+$client;
+
+// $verbosity is an integer indicating desired message verbosity level
+$client->addSubscriber(new LogPlugin(new ClosureLogAdapter(function($m) { echo $m; }, $verbosity = LogPlugin::LOG_VERBOSE);
+```
+
+**After**
+
+```php
+use Guzzle\Log\ClosureLogAdapter;
+use Guzzle\Log\MessageFormatter;
+use Guzzle\Plugin\Log\LogPlugin;
+
+/** @var \Guzzle\Http\Client */
+$client;
+
+// $format is a string indicating desired message format -- @see MessageFormatter
+$client->addSubscriber(new LogPlugin(new ClosureLogAdapter(function($m) { echo $m; }, $format = MessageFormatter::DEBUG_FORMAT);
+```
+
+### Guzzle\Http\Plugin\CurlAuthPlugin
+
+Now `Guzzle\Plugin\CurlAuth\CurlAuthPlugin`.
+
+### Guzzle\Http\Plugin\ExponentialBackoffPlugin
+
+Now `Guzzle\Plugin\Backoff\BackoffPlugin`, and other changes.
+
+**Before**
+
+```php
+use Guzzle\Http\Plugin\ExponentialBackoffPlugin;
+
+$backoffPlugin = new ExponentialBackoffPlugin($maxRetries, array_merge(
+        ExponentialBackoffPlugin::getDefaultFailureCodes(), array(429)
+    ));
+
+$client->addSubscriber($backoffPlugin);
+```
+
+**After**
+
+```php
+use Guzzle\Plugin\Backoff\BackoffPlugin;
+use Guzzle\Plugin\Backoff\HttpBackoffStrategy;
+
+// Use convenient factory method instead -- see implementation for ideas of what
+// you can do with chaining backoff strategies
+$backoffPlugin = BackoffPlugin::getExponentialBackoff($maxRetries, array_merge(
+        HttpBackoffStrategy::getDefaultFailureCodes(), array(429)
+    ));
+$client->addSubscriber($backoffPlugin);
+```
+
+### Known Issues
+
+#### [BUG] Accept-Encoding header behavior changed unintentionally.
+
+(See #217) (Fixed in 09daeb8c666fb44499a0646d655a8ae36456575e)
+
+In version 2.8 setting the `Accept-Encoding` header would set the CURLOPT_ENCODING option, which permitted cURL to
+properly handle gzip/deflate compressed responses from the server. In versions affected by this bug this does not happen.
+See issue #217 for a workaround, or use a version containing the fix.
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/composer.json b/data/web/inc/lib/vendor/guzzlehttp/guzzle/composer.json
new file mode 100644
index 000000000..f369ce67e
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/composer.json
@@ -0,0 +1,105 @@
+{
+    "name": "guzzlehttp/guzzle",
+    "description": "Guzzle is a PHP HTTP client library",
+    "keywords": [
+        "framework",
+        "http",
+        "rest",
+        "web service",
+        "curl",
+        "client",
+        "HTTP client",
+        "PSR-7",
+        "PSR-18"
+    ],
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Graham Campbell",
+            "email": "hello@gjcampbell.co.uk",
+            "homepage": "https://github.com/GrahamCampbell"
+        },
+        {
+            "name": "Michael Dowling",
+            "email": "mtdowling@gmail.com",
+            "homepage": "https://github.com/mtdowling"
+        },
+        {
+            "name": "Jeremy Lindblom",
+            "email": "jeremeamia@gmail.com",
+            "homepage": "https://github.com/jeremeamia"
+        },
+        {
+            "name": "George Mponos",
+            "email": "gmponos@gmail.com",
+            "homepage": "https://github.com/gmponos"
+        },
+        {
+            "name": "Tobias Nyholm",
+            "email": "tobias.nyholm@gmail.com",
+            "homepage": "https://github.com/Nyholm"
+        },
+        {
+            "name": "Márk Sági-Kazár",
+            "email": "mark.sagikazar@gmail.com",
+            "homepage": "https://github.com/sagikazarmark"
+        },
+        {
+            "name": "Tobias Schultze",
+            "email": "webmaster@tubo-world.de",
+            "homepage": "https://github.com/Tobion"
+        }
+    ],
+    "require": {
+        "php": "^7.2.5 || ^8.0",
+        "ext-json": "*",
+        "guzzlehttp/promises": "^1.5",
+        "guzzlehttp/psr7": "^1.9 || ^2.4",
+        "psr/http-client": "^1.0",
+        "symfony/deprecation-contracts": "^2.2 || ^3.0"
+    },
+    "provide": {
+        "psr/http-client-implementation": "1.0"
+    },
+    "require-dev": {
+        "ext-curl": "*",
+        "bamarni/composer-bin-plugin": "^1.8.1",
+        "php-http/client-integration-tests": "^3.0",
+        "phpunit/phpunit": "^8.5.29 || ^9.5.23",
+        "psr/log": "^1.1 || ^2.0 || ^3.0"
+    },
+    "suggest": {
+        "ext-curl": "Required for CURL handler support",
+        "ext-intl": "Required for Internationalized Domain Name (IDN) support",
+        "psr/log": "Required for using the Log middleware"
+    },
+    "config": {
+        "allow-plugins": {
+            "bamarni/composer-bin-plugin": true
+        },
+        "preferred-install": "dist",
+        "sort-packages": true
+    },
+    "extra": {
+        "bamarni-bin": {
+            "bin-links": true,
+            "forward-command": false
+        },
+        "branch-alias": {
+            "dev-master": "7.5-dev"
+        }
+    },
+    "autoload": {
+        "psr-4": {
+            "GuzzleHttp\\": "src/"
+        },
+        "files": [
+            "src/functions_include.php"
+        ]
+    },
+    "autoload-dev": {
+        "psr-4": {
+            "GuzzleHttp\\Tests\\": "tests/"
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/BodySummarizer.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/BodySummarizer.php
new file mode 100644
index 000000000..6eca94ef9
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/BodySummarizer.php
@@ -0,0 +1,28 @@
+<?php
+
+namespace GuzzleHttp;
+
+use Psr\Http\Message\MessageInterface;
+
+final class BodySummarizer implements BodySummarizerInterface
+{
+    /**
+     * @var int|null
+     */
+    private $truncateAt;
+
+    public function __construct(int $truncateAt = null)
+    {
+        $this->truncateAt = $truncateAt;
+    }
+
+    /**
+     * Returns a summarized message body.
+     */
+    public function summarize(MessageInterface $message): ?string
+    {
+        return $this->truncateAt === null
+            ? \GuzzleHttp\Psr7\Message::bodySummary($message)
+            : \GuzzleHttp\Psr7\Message::bodySummary($message, $this->truncateAt);
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/BodySummarizerInterface.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/BodySummarizerInterface.php
new file mode 100644
index 000000000..3e02e036e
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/BodySummarizerInterface.php
@@ -0,0 +1,13 @@
+<?php
+
+namespace GuzzleHttp;
+
+use Psr\Http\Message\MessageInterface;
+
+interface BodySummarizerInterface
+{
+    /**
+     * Returns a summarized message body.
+     */
+    public function summarize(MessageInterface $message): ?string;
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Client.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Client.php
new file mode 100644
index 000000000..58f1d891a
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Client.php
@@ -0,0 +1,477 @@
+<?php
+
+namespace GuzzleHttp;
+
+use GuzzleHttp\Cookie\CookieJar;
+use GuzzleHttp\Exception\GuzzleException;
+use GuzzleHttp\Exception\InvalidArgumentException;
+use GuzzleHttp\Promise as P;
+use GuzzleHttp\Promise\PromiseInterface;
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\UriInterface;
+
+/**
+ * @final
+ */
+class Client implements ClientInterface, \Psr\Http\Client\ClientInterface
+{
+    use ClientTrait;
+
+    /**
+     * @var array Default request options
+     */
+    private $config;
+
+    /**
+     * Clients accept an array of constructor parameters.
+     *
+     * Here's an example of creating a client using a base_uri and an array of
+     * default request options to apply to each request:
+     *
+     *     $client = new Client([
+     *         'base_uri'        => 'http://www.foo.com/1.0/',
+     *         'timeout'         => 0,
+     *         'allow_redirects' => false,
+     *         'proxy'           => '192.168.16.1:10'
+     *     ]);
+     *
+     * Client configuration settings include the following options:
+     *
+     * - handler: (callable) Function that transfers HTTP requests over the
+     *   wire. The function is called with a Psr7\Http\Message\RequestInterface
+     *   and array of transfer options, and must return a
+     *   GuzzleHttp\Promise\PromiseInterface that is fulfilled with a
+     *   Psr7\Http\Message\ResponseInterface on success.
+     *   If no handler is provided, a default handler will be created
+     *   that enables all of the request options below by attaching all of the
+     *   default middleware to the handler.
+     * - base_uri: (string|UriInterface) Base URI of the client that is merged
+     *   into relative URIs. Can be a string or instance of UriInterface.
+     * - **: any request option
+     *
+     * @param array $config Client configuration settings.
+     *
+     * @see \GuzzleHttp\RequestOptions for a list of available request options.
+     */
+    public function __construct(array $config = [])
+    {
+        if (!isset($config['handler'])) {
+            $config['handler'] = HandlerStack::create();
+        } elseif (!\is_callable($config['handler'])) {
+            throw new InvalidArgumentException('handler must be a callable');
+        }
+
+        // Convert the base_uri to a UriInterface
+        if (isset($config['base_uri'])) {
+            $config['base_uri'] = Psr7\Utils::uriFor($config['base_uri']);
+        }
+
+        $this->configureDefaults($config);
+    }
+
+    /**
+     * @param string $method
+     * @param array  $args
+     *
+     * @return PromiseInterface|ResponseInterface
+     *
+     * @deprecated Client::__call will be removed in guzzlehttp/guzzle:8.0.
+     */
+    public function __call($method, $args)
+    {
+        if (\count($args) < 1) {
+            throw new InvalidArgumentException('Magic request methods require a URI and optional options array');
+        }
+
+        $uri = $args[0];
+        $opts = $args[1] ?? [];
+
+        return \substr($method, -5) === 'Async'
+            ? $this->requestAsync(\substr($method, 0, -5), $uri, $opts)
+            : $this->request($method, $uri, $opts);
+    }
+
+    /**
+     * Asynchronously send an HTTP request.
+     *
+     * @param array $options Request options to apply to the given
+     *                       request and to the transfer. See \GuzzleHttp\RequestOptions.
+     */
+    public function sendAsync(RequestInterface $request, array $options = []): PromiseInterface
+    {
+        // Merge the base URI into the request URI if needed.
+        $options = $this->prepareDefaults($options);
+
+        return $this->transfer(
+            $request->withUri($this->buildUri($request->getUri(), $options), $request->hasHeader('Host')),
+            $options
+        );
+    }
+
+    /**
+     * Send an HTTP request.
+     *
+     * @param array $options Request options to apply to the given
+     *                       request and to the transfer. See \GuzzleHttp\RequestOptions.
+     *
+     * @throws GuzzleException
+     */
+    public function send(RequestInterface $request, array $options = []): ResponseInterface
+    {
+        $options[RequestOptions::SYNCHRONOUS] = true;
+        return $this->sendAsync($request, $options)->wait();
+    }
+
+    /**
+     * The HttpClient PSR (PSR-18) specify this method.
+     *
+     * @inheritDoc
+     */
+    public function sendRequest(RequestInterface $request): ResponseInterface
+    {
+        $options[RequestOptions::SYNCHRONOUS] = true;
+        $options[RequestOptions::ALLOW_REDIRECTS] = false;
+        $options[RequestOptions::HTTP_ERRORS] = false;
+
+        return $this->sendAsync($request, $options)->wait();
+    }
+
+    /**
+     * Create and send an asynchronous HTTP request.
+     *
+     * Use an absolute path to override the base path of the client, or a
+     * relative path to append to the base path of the client. The URL can
+     * contain the query string as well. Use an array to provide a URL
+     * template and additional variables to use in the URL template expansion.
+     *
+     * @param string              $method  HTTP method
+     * @param string|UriInterface $uri     URI object or string.
+     * @param array               $options Request options to apply. See \GuzzleHttp\RequestOptions.
+     */
+    public function requestAsync(string $method, $uri = '', array $options = []): PromiseInterface
+    {
+        $options = $this->prepareDefaults($options);
+        // Remove request modifying parameter because it can be done up-front.
+        $headers = $options['headers'] ?? [];
+        $body = $options['body'] ?? null;
+        $version = $options['version'] ?? '1.1';
+        // Merge the URI into the base URI.
+        $uri = $this->buildUri(Psr7\Utils::uriFor($uri), $options);
+        if (\is_array($body)) {
+            throw $this->invalidBody();
+        }
+        $request = new Psr7\Request($method, $uri, $headers, $body, $version);
+        // Remove the option so that they are not doubly-applied.
+        unset($options['headers'], $options['body'], $options['version']);
+
+        return $this->transfer($request, $options);
+    }
+
+    /**
+     * Create and send an HTTP request.
+     *
+     * Use an absolute path to override the base path of the client, or a
+     * relative path to append to the base path of the client. The URL can
+     * contain the query string as well.
+     *
+     * @param string              $method  HTTP method.
+     * @param string|UriInterface $uri     URI object or string.
+     * @param array               $options Request options to apply. See \GuzzleHttp\RequestOptions.
+     *
+     * @throws GuzzleException
+     */
+    public function request(string $method, $uri = '', array $options = []): ResponseInterface
+    {
+        $options[RequestOptions::SYNCHRONOUS] = true;
+        return $this->requestAsync($method, $uri, $options)->wait();
+    }
+
+    /**
+     * Get a client configuration option.
+     *
+     * These options include default request options of the client, a "handler"
+     * (if utilized by the concrete client), and a "base_uri" if utilized by
+     * the concrete client.
+     *
+     * @param string|null $option The config option to retrieve.
+     *
+     * @return mixed
+     *
+     * @deprecated Client::getConfig will be removed in guzzlehttp/guzzle:8.0.
+     */
+    public function getConfig(?string $option = null)
+    {
+        return $option === null
+            ? $this->config
+            : ($this->config[$option] ?? null);
+    }
+
+    private function buildUri(UriInterface $uri, array $config): UriInterface
+    {
+        if (isset($config['base_uri'])) {
+            $uri = Psr7\UriResolver::resolve(Psr7\Utils::uriFor($config['base_uri']), $uri);
+        }
+
+        if (isset($config['idn_conversion']) && ($config['idn_conversion'] !== false)) {
+            $idnOptions = ($config['idn_conversion'] === true) ? \IDNA_DEFAULT : $config['idn_conversion'];
+            $uri = Utils::idnUriConvert($uri, $idnOptions);
+        }
+
+        return $uri->getScheme() === '' && $uri->getHost() !== '' ? $uri->withScheme('http') : $uri;
+    }
+
+    /**
+     * Configures the default options for a client.
+     */
+    private function configureDefaults(array $config): void
+    {
+        $defaults = [
+            'allow_redirects' => RedirectMiddleware::$defaultSettings,
+            'http_errors'     => true,
+            'decode_content'  => true,
+            'verify'          => true,
+            'cookies'         => false,
+            'idn_conversion'  => false,
+        ];
+
+        // Use the standard Linux HTTP_PROXY and HTTPS_PROXY if set.
+
+        // We can only trust the HTTP_PROXY environment variable in a CLI
+        // process due to the fact that PHP has no reliable mechanism to
+        // get environment variables that start with "HTTP_".
+        if (\PHP_SAPI === 'cli' && ($proxy = Utils::getenv('HTTP_PROXY'))) {
+            $defaults['proxy']['http'] = $proxy;
+        }
+
+        if ($proxy = Utils::getenv('HTTPS_PROXY')) {
+            $defaults['proxy']['https'] = $proxy;
+        }
+
+        if ($noProxy = Utils::getenv('NO_PROXY')) {
+            $cleanedNoProxy = \str_replace(' ', '', $noProxy);
+            $defaults['proxy']['no'] = \explode(',', $cleanedNoProxy);
+        }
+
+        $this->config = $config + $defaults;
+
+        if (!empty($config['cookies']) && $config['cookies'] === true) {
+            $this->config['cookies'] = new CookieJar();
+        }
+
+        // Add the default user-agent header.
+        if (!isset($this->config['headers'])) {
+            $this->config['headers'] = ['User-Agent' => Utils::defaultUserAgent()];
+        } else {
+            // Add the User-Agent header if one was not already set.
+            foreach (\array_keys($this->config['headers']) as $name) {
+                if (\strtolower($name) === 'user-agent') {
+                    return;
+                }
+            }
+            $this->config['headers']['User-Agent'] = Utils::defaultUserAgent();
+        }
+    }
+
+    /**
+     * Merges default options into the array.
+     *
+     * @param array $options Options to modify by reference
+     */
+    private function prepareDefaults(array $options): array
+    {
+        $defaults = $this->config;
+
+        if (!empty($defaults['headers'])) {
+            // Default headers are only added if they are not present.
+            $defaults['_conditional'] = $defaults['headers'];
+            unset($defaults['headers']);
+        }
+
+        // Special handling for headers is required as they are added as
+        // conditional headers and as headers passed to a request ctor.
+        if (\array_key_exists('headers', $options)) {
+            // Allows default headers to be unset.
+            if ($options['headers'] === null) {
+                $defaults['_conditional'] = [];
+                unset($options['headers']);
+            } elseif (!\is_array($options['headers'])) {
+                throw new InvalidArgumentException('headers must be an array');
+            }
+        }
+
+        // Shallow merge defaults underneath options.
+        $result = $options + $defaults;
+
+        // Remove null values.
+        foreach ($result as $k => $v) {
+            if ($v === null) {
+                unset($result[$k]);
+            }
+        }
+
+        return $result;
+    }
+
+    /**
+     * Transfers the given request and applies request options.
+     *
+     * The URI of the request is not modified and the request options are used
+     * as-is without merging in default options.
+     *
+     * @param array $options See \GuzzleHttp\RequestOptions.
+     */
+    private function transfer(RequestInterface $request, array $options): PromiseInterface
+    {
+        $request = $this->applyOptions($request, $options);
+        /** @var HandlerStack $handler */
+        $handler = $options['handler'];
+
+        try {
+            return P\Create::promiseFor($handler($request, $options));
+        } catch (\Exception $e) {
+            return P\Create::rejectionFor($e);
+        }
+    }
+
+    /**
+     * Applies the array of request options to a request.
+     */
+    private function applyOptions(RequestInterface $request, array &$options): RequestInterface
+    {
+        $modify = [
+            'set_headers' => [],
+        ];
+
+        if (isset($options['headers'])) {
+            if (array_keys($options['headers']) === range(0, count($options['headers']) - 1)) {
+                throw new InvalidArgumentException('The headers array must have header name as keys.');
+            }
+            $modify['set_headers'] = $options['headers'];
+            unset($options['headers']);
+        }
+
+        if (isset($options['form_params'])) {
+            if (isset($options['multipart'])) {
+                throw new InvalidArgumentException('You cannot use '
+                    . 'form_params and multipart at the same time. Use the '
+                    . 'form_params option if you want to send application/'
+                    . 'x-www-form-urlencoded requests, and the multipart '
+                    . 'option to send multipart/form-data requests.');
+            }
+            $options['body'] = \http_build_query($options['form_params'], '', '&');
+            unset($options['form_params']);
+            // Ensure that we don't have the header in different case and set the new value.
+            $options['_conditional'] = Psr7\Utils::caselessRemove(['Content-Type'], $options['_conditional']);
+            $options['_conditional']['Content-Type'] = 'application/x-www-form-urlencoded';
+        }
+
+        if (isset($options['multipart'])) {
+            $options['body'] = new Psr7\MultipartStream($options['multipart']);
+            unset($options['multipart']);
+        }
+
+        if (isset($options['json'])) {
+            $options['body'] = Utils::jsonEncode($options['json']);
+            unset($options['json']);
+            // Ensure that we don't have the header in different case and set the new value.
+            $options['_conditional'] = Psr7\Utils::caselessRemove(['Content-Type'], $options['_conditional']);
+            $options['_conditional']['Content-Type'] = 'application/json';
+        }
+
+        if (!empty($options['decode_content'])
+            && $options['decode_content'] !== true
+        ) {
+            // Ensure that we don't have the header in different case and set the new value.
+            $options['_conditional'] = Psr7\Utils::caselessRemove(['Accept-Encoding'], $options['_conditional']);
+            $modify['set_headers']['Accept-Encoding'] = $options['decode_content'];
+        }
+
+        if (isset($options['body'])) {
+            if (\is_array($options['body'])) {
+                throw $this->invalidBody();
+            }
+            $modify['body'] = Psr7\Utils::streamFor($options['body']);
+            unset($options['body']);
+        }
+
+        if (!empty($options['auth']) && \is_array($options['auth'])) {
+            $value = $options['auth'];
+            $type = isset($value[2]) ? \strtolower($value[2]) : 'basic';
+            switch ($type) {
+                case 'basic':
+                    // Ensure that we don't have the header in different case and set the new value.
+                    $modify['set_headers'] = Psr7\Utils::caselessRemove(['Authorization'], $modify['set_headers']);
+                    $modify['set_headers']['Authorization'] = 'Basic '
+                        . \base64_encode("$value[0]:$value[1]");
+                    break;
+                case 'digest':
+                    // @todo: Do not rely on curl
+                    $options['curl'][\CURLOPT_HTTPAUTH] = \CURLAUTH_DIGEST;
+                    $options['curl'][\CURLOPT_USERPWD] = "$value[0]:$value[1]";
+                    break;
+                case 'ntlm':
+                    $options['curl'][\CURLOPT_HTTPAUTH] = \CURLAUTH_NTLM;
+                    $options['curl'][\CURLOPT_USERPWD] = "$value[0]:$value[1]";
+                    break;
+            }
+        }
+
+        if (isset($options['query'])) {
+            $value = $options['query'];
+            if (\is_array($value)) {
+                $value = \http_build_query($value, '', '&', \PHP_QUERY_RFC3986);
+            }
+            if (!\is_string($value)) {
+                throw new InvalidArgumentException('query must be a string or array');
+            }
+            $modify['query'] = $value;
+            unset($options['query']);
+        }
+
+        // Ensure that sink is not an invalid value.
+        if (isset($options['sink'])) {
+            // TODO: Add more sink validation?
+            if (\is_bool($options['sink'])) {
+                throw new InvalidArgumentException('sink must not be a boolean');
+            }
+        }
+
+        $request = Psr7\Utils::modifyRequest($request, $modify);
+        if ($request->getBody() instanceof Psr7\MultipartStream) {
+            // Use a multipart/form-data POST if a Content-Type is not set.
+            // Ensure that we don't have the header in different case and set the new value.
+            $options['_conditional'] = Psr7\Utils::caselessRemove(['Content-Type'], $options['_conditional']);
+            $options['_conditional']['Content-Type'] = 'multipart/form-data; boundary='
+                . $request->getBody()->getBoundary();
+        }
+
+        // Merge in conditional headers if they are not present.
+        if (isset($options['_conditional'])) {
+            // Build up the changes so it's in a single clone of the message.
+            $modify = [];
+            foreach ($options['_conditional'] as $k => $v) {
+                if (!$request->hasHeader($k)) {
+                    $modify['set_headers'][$k] = $v;
+                }
+            }
+            $request = Psr7\Utils::modifyRequest($request, $modify);
+            // Don't pass this internal value along to middleware/handlers.
+            unset($options['_conditional']);
+        }
+
+        return $request;
+    }
+
+    /**
+     * Return an InvalidArgumentException with pre-set message.
+     */
+    private function invalidBody(): InvalidArgumentException
+    {
+        return new InvalidArgumentException('Passing in the "body" request '
+            . 'option as an array to send a request is not supported. '
+            . 'Please use the "form_params" request option to send a '
+            . 'application/x-www-form-urlencoded request, or the "multipart" '
+            . 'request option to send a multipart/form-data request.');
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/ClientInterface.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/ClientInterface.php
new file mode 100644
index 000000000..6aaee61af
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/ClientInterface.php
@@ -0,0 +1,84 @@
+<?php
+
+namespace GuzzleHttp;
+
+use GuzzleHttp\Exception\GuzzleException;
+use GuzzleHttp\Promise\PromiseInterface;
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\UriInterface;
+
+/**
+ * Client interface for sending HTTP requests.
+ */
+interface ClientInterface
+{
+    /**
+     * The Guzzle major version.
+     */
+    public const MAJOR_VERSION = 7;
+
+    /**
+     * Send an HTTP request.
+     *
+     * @param RequestInterface $request Request to send
+     * @param array            $options Request options to apply to the given
+     *                                  request and to the transfer.
+     *
+     * @throws GuzzleException
+     */
+    public function send(RequestInterface $request, array $options = []): ResponseInterface;
+
+    /**
+     * Asynchronously send an HTTP request.
+     *
+     * @param RequestInterface $request Request to send
+     * @param array            $options Request options to apply to the given
+     *                                  request and to the transfer.
+     */
+    public function sendAsync(RequestInterface $request, array $options = []): PromiseInterface;
+
+    /**
+     * Create and send an HTTP request.
+     *
+     * Use an absolute path to override the base path of the client, or a
+     * relative path to append to the base path of the client. The URL can
+     * contain the query string as well.
+     *
+     * @param string              $method  HTTP method.
+     * @param string|UriInterface $uri     URI object or string.
+     * @param array               $options Request options to apply.
+     *
+     * @throws GuzzleException
+     */
+    public function request(string $method, $uri, array $options = []): ResponseInterface;
+
+    /**
+     * Create and send an asynchronous HTTP request.
+     *
+     * Use an absolute path to override the base path of the client, or a
+     * relative path to append to the base path of the client. The URL can
+     * contain the query string as well. Use an array to provide a URL
+     * template and additional variables to use in the URL template expansion.
+     *
+     * @param string              $method  HTTP method
+     * @param string|UriInterface $uri     URI object or string.
+     * @param array               $options Request options to apply.
+     */
+    public function requestAsync(string $method, $uri, array $options = []): PromiseInterface;
+
+    /**
+     * Get a client configuration option.
+     *
+     * These options include default request options of the client, a "handler"
+     * (if utilized by the concrete client), and a "base_uri" if utilized by
+     * the concrete client.
+     *
+     * @param string|null $option The config option to retrieve.
+     *
+     * @return mixed
+     *
+     * @deprecated ClientInterface::getConfig will be removed in guzzlehttp/guzzle:8.0.
+     */
+    public function getConfig(?string $option = null);
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/ClientTrait.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/ClientTrait.php
new file mode 100644
index 000000000..c584c76cb
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/ClientTrait.php
@@ -0,0 +1,241 @@
+<?php
+
+namespace GuzzleHttp;
+
+use GuzzleHttp\Exception\GuzzleException;
+use GuzzleHttp\Promise\PromiseInterface;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\UriInterface;
+
+/**
+ * Client interface for sending HTTP requests.
+ */
+trait ClientTrait
+{
+    /**
+     * Create and send an HTTP request.
+     *
+     * Use an absolute path to override the base path of the client, or a
+     * relative path to append to the base path of the client. The URL can
+     * contain the query string as well.
+     *
+     * @param string              $method  HTTP method.
+     * @param string|UriInterface $uri     URI object or string.
+     * @param array               $options Request options to apply.
+     *
+     * @throws GuzzleException
+     */
+    abstract public function request(string $method, $uri, array $options = []): ResponseInterface;
+
+    /**
+     * Create and send an HTTP GET request.
+     *
+     * Use an absolute path to override the base path of the client, or a
+     * relative path to append to the base path of the client. The URL can
+     * contain the query string as well.
+     *
+     * @param string|UriInterface $uri     URI object or string.
+     * @param array               $options Request options to apply.
+     *
+     * @throws GuzzleException
+     */
+    public function get($uri, array $options = []): ResponseInterface
+    {
+        return $this->request('GET', $uri, $options);
+    }
+
+    /**
+     * Create and send an HTTP HEAD request.
+     *
+     * Use an absolute path to override the base path of the client, or a
+     * relative path to append to the base path of the client. The URL can
+     * contain the query string as well.
+     *
+     * @param string|UriInterface $uri     URI object or string.
+     * @param array               $options Request options to apply.
+     *
+     * @throws GuzzleException
+     */
+    public function head($uri, array $options = []): ResponseInterface
+    {
+        return $this->request('HEAD', $uri, $options);
+    }
+
+    /**
+     * Create and send an HTTP PUT request.
+     *
+     * Use an absolute path to override the base path of the client, or a
+     * relative path to append to the base path of the client. The URL can
+     * contain the query string as well.
+     *
+     * @param string|UriInterface $uri     URI object or string.
+     * @param array               $options Request options to apply.
+     *
+     * @throws GuzzleException
+     */
+    public function put($uri, array $options = []): ResponseInterface
+    {
+        return $this->request('PUT', $uri, $options);
+    }
+
+    /**
+     * Create and send an HTTP POST request.
+     *
+     * Use an absolute path to override the base path of the client, or a
+     * relative path to append to the base path of the client. The URL can
+     * contain the query string as well.
+     *
+     * @param string|UriInterface $uri     URI object or string.
+     * @param array               $options Request options to apply.
+     *
+     * @throws GuzzleException
+     */
+    public function post($uri, array $options = []): ResponseInterface
+    {
+        return $this->request('POST', $uri, $options);
+    }
+
+    /**
+     * Create and send an HTTP PATCH request.
+     *
+     * Use an absolute path to override the base path of the client, or a
+     * relative path to append to the base path of the client. The URL can
+     * contain the query string as well.
+     *
+     * @param string|UriInterface $uri     URI object or string.
+     * @param array               $options Request options to apply.
+     *
+     * @throws GuzzleException
+     */
+    public function patch($uri, array $options = []): ResponseInterface
+    {
+        return $this->request('PATCH', $uri, $options);
+    }
+
+    /**
+     * Create and send an HTTP DELETE request.
+     *
+     * Use an absolute path to override the base path of the client, or a
+     * relative path to append to the base path of the client. The URL can
+     * contain the query string as well.
+     *
+     * @param string|UriInterface $uri     URI object or string.
+     * @param array               $options Request options to apply.
+     *
+     * @throws GuzzleException
+     */
+    public function delete($uri, array $options = []): ResponseInterface
+    {
+        return $this->request('DELETE', $uri, $options);
+    }
+
+    /**
+     * Create and send an asynchronous HTTP request.
+     *
+     * Use an absolute path to override the base path of the client, or a
+     * relative path to append to the base path of the client. The URL can
+     * contain the query string as well. Use an array to provide a URL
+     * template and additional variables to use in the URL template expansion.
+     *
+     * @param string              $method  HTTP method
+     * @param string|UriInterface $uri     URI object or string.
+     * @param array               $options Request options to apply.
+     */
+    abstract public function requestAsync(string $method, $uri, array $options = []): PromiseInterface;
+
+    /**
+     * Create and send an asynchronous HTTP GET request.
+     *
+     * Use an absolute path to override the base path of the client, or a
+     * relative path to append to the base path of the client. The URL can
+     * contain the query string as well. Use an array to provide a URL
+     * template and additional variables to use in the URL template expansion.
+     *
+     * @param string|UriInterface $uri     URI object or string.
+     * @param array               $options Request options to apply.
+     */
+    public function getAsync($uri, array $options = []): PromiseInterface
+    {
+        return $this->requestAsync('GET', $uri, $options);
+    }
+
+    /**
+     * Create and send an asynchronous HTTP HEAD request.
+     *
+     * Use an absolute path to override the base path of the client, or a
+     * relative path to append to the base path of the client. The URL can
+     * contain the query string as well. Use an array to provide a URL
+     * template and additional variables to use in the URL template expansion.
+     *
+     * @param string|UriInterface $uri     URI object or string.
+     * @param array               $options Request options to apply.
+     */
+    public function headAsync($uri, array $options = []): PromiseInterface
+    {
+        return $this->requestAsync('HEAD', $uri, $options);
+    }
+
+    /**
+     * Create and send an asynchronous HTTP PUT request.
+     *
+     * Use an absolute path to override the base path of the client, or a
+     * relative path to append to the base path of the client. The URL can
+     * contain the query string as well. Use an array to provide a URL
+     * template and additional variables to use in the URL template expansion.
+     *
+     * @param string|UriInterface $uri     URI object or string.
+     * @param array               $options Request options to apply.
+     */
+    public function putAsync($uri, array $options = []): PromiseInterface
+    {
+        return $this->requestAsync('PUT', $uri, $options);
+    }
+
+    /**
+     * Create and send an asynchronous HTTP POST request.
+     *
+     * Use an absolute path to override the base path of the client, or a
+     * relative path to append to the base path of the client. The URL can
+     * contain the query string as well. Use an array to provide a URL
+     * template and additional variables to use in the URL template expansion.
+     *
+     * @param string|UriInterface $uri     URI object or string.
+     * @param array               $options Request options to apply.
+     */
+    public function postAsync($uri, array $options = []): PromiseInterface
+    {
+        return $this->requestAsync('POST', $uri, $options);
+    }
+
+    /**
+     * Create and send an asynchronous HTTP PATCH request.
+     *
+     * Use an absolute path to override the base path of the client, or a
+     * relative path to append to the base path of the client. The URL can
+     * contain the query string as well. Use an array to provide a URL
+     * template and additional variables to use in the URL template expansion.
+     *
+     * @param string|UriInterface $uri     URI object or string.
+     * @param array               $options Request options to apply.
+     */
+    public function patchAsync($uri, array $options = []): PromiseInterface
+    {
+        return $this->requestAsync('PATCH', $uri, $options);
+    }
+
+    /**
+     * Create and send an asynchronous HTTP DELETE request.
+     *
+     * Use an absolute path to override the base path of the client, or a
+     * relative path to append to the base path of the client. The URL can
+     * contain the query string as well. Use an array to provide a URL
+     * template and additional variables to use in the URL template expansion.
+     *
+     * @param string|UriInterface $uri     URI object or string.
+     * @param array               $options Request options to apply.
+     */
+    public function deleteAsync($uri, array $options = []): PromiseInterface
+    {
+        return $this->requestAsync('DELETE', $uri, $options);
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Cookie/CookieJar.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Cookie/CookieJar.php
new file mode 100644
index 000000000..9985a9814
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Cookie/CookieJar.php
@@ -0,0 +1,317 @@
+<?php
+
+namespace GuzzleHttp\Cookie;
+
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\ResponseInterface;
+
+/**
+ * Cookie jar that stores cookies as an array
+ */
+class CookieJar implements CookieJarInterface
+{
+    /**
+     * @var SetCookie[] Loaded cookie data
+     */
+    private $cookies = [];
+
+    /**
+     * @var bool
+     */
+    private $strictMode;
+
+    /**
+     * @param bool  $strictMode  Set to true to throw exceptions when invalid
+     *                           cookies are added to the cookie jar.
+     * @param array $cookieArray Array of SetCookie objects or a hash of
+     *                           arrays that can be used with the SetCookie
+     *                           constructor
+     */
+    public function __construct(bool $strictMode = false, array $cookieArray = [])
+    {
+        $this->strictMode = $strictMode;
+
+        foreach ($cookieArray as $cookie) {
+            if (!($cookie instanceof SetCookie)) {
+                $cookie = new SetCookie($cookie);
+            }
+            $this->setCookie($cookie);
+        }
+    }
+
+    /**
+     * Create a new Cookie jar from an associative array and domain.
+     *
+     * @param array  $cookies Cookies to create the jar from
+     * @param string $domain  Domain to set the cookies to
+     */
+    public static function fromArray(array $cookies, string $domain): self
+    {
+        $cookieJar = new self();
+        foreach ($cookies as $name => $value) {
+            $cookieJar->setCookie(new SetCookie([
+                'Domain'  => $domain,
+                'Name'    => $name,
+                'Value'   => $value,
+                'Discard' => true
+            ]));
+        }
+
+        return $cookieJar;
+    }
+
+    /**
+     * Evaluate if this cookie should be persisted to storage
+     * that survives between requests.
+     *
+     * @param SetCookie $cookie              Being evaluated.
+     * @param bool      $allowSessionCookies If we should persist session cookies
+     */
+    public static function shouldPersist(SetCookie $cookie, bool $allowSessionCookies = false): bool
+    {
+        if ($cookie->getExpires() || $allowSessionCookies) {
+            if (!$cookie->getDiscard()) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Finds and returns the cookie based on the name
+     *
+     * @param string $name cookie name to search for
+     *
+     * @return SetCookie|null cookie that was found or null if not found
+     */
+    public function getCookieByName(string $name): ?SetCookie
+    {
+        foreach ($this->cookies as $cookie) {
+            if ($cookie->getName() !== null && \strcasecmp($cookie->getName(), $name) === 0) {
+                return $cookie;
+            }
+        }
+
+        return null;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function toArray(): array
+    {
+        return \array_map(static function (SetCookie $cookie): array {
+            return $cookie->toArray();
+        }, $this->getIterator()->getArrayCopy());
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function clear(?string $domain = null, ?string $path = null, ?string $name = null): void
+    {
+        if (!$domain) {
+            $this->cookies = [];
+            return;
+        } elseif (!$path) {
+            $this->cookies = \array_filter(
+                $this->cookies,
+                static function (SetCookie $cookie) use ($domain): bool {
+                    return !$cookie->matchesDomain($domain);
+                }
+            );
+        } elseif (!$name) {
+            $this->cookies = \array_filter(
+                $this->cookies,
+                static function (SetCookie $cookie) use ($path, $domain): bool {
+                    return !($cookie->matchesPath($path) &&
+                        $cookie->matchesDomain($domain));
+                }
+            );
+        } else {
+            $this->cookies = \array_filter(
+                $this->cookies,
+                static function (SetCookie $cookie) use ($path, $domain, $name) {
+                    return !($cookie->getName() == $name &&
+                        $cookie->matchesPath($path) &&
+                        $cookie->matchesDomain($domain));
+                }
+            );
+        }
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function clearSessionCookies(): void
+    {
+        $this->cookies = \array_filter(
+            $this->cookies,
+            static function (SetCookie $cookie): bool {
+                return !$cookie->getDiscard() && $cookie->getExpires();
+            }
+        );
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function setCookie(SetCookie $cookie): bool
+    {
+        // If the name string is empty (but not 0), ignore the set-cookie
+        // string entirely.
+        $name = $cookie->getName();
+        if (!$name && $name !== '0') {
+            return false;
+        }
+
+        // Only allow cookies with set and valid domain, name, value
+        $result = $cookie->validate();
+        if ($result !== true) {
+            if ($this->strictMode) {
+                throw new \RuntimeException('Invalid cookie: ' . $result);
+            }
+            $this->removeCookieIfEmpty($cookie);
+            return false;
+        }
+
+        // Resolve conflicts with previously set cookies
+        foreach ($this->cookies as $i => $c) {
+            // Two cookies are identical, when their path, and domain are
+            // identical.
+            if ($c->getPath() != $cookie->getPath() ||
+                $c->getDomain() != $cookie->getDomain() ||
+                $c->getName() != $cookie->getName()
+            ) {
+                continue;
+            }
+
+            // The previously set cookie is a discard cookie and this one is
+            // not so allow the new cookie to be set
+            if (!$cookie->getDiscard() && $c->getDiscard()) {
+                unset($this->cookies[$i]);
+                continue;
+            }
+
+            // If the new cookie's expiration is further into the future, then
+            // replace the old cookie
+            if ($cookie->getExpires() > $c->getExpires()) {
+                unset($this->cookies[$i]);
+                continue;
+            }
+
+            // If the value has changed, we better change it
+            if ($cookie->getValue() !== $c->getValue()) {
+                unset($this->cookies[$i]);
+                continue;
+            }
+
+            // The cookie exists, so no need to continue
+            return false;
+        }
+
+        $this->cookies[] = $cookie;
+
+        return true;
+    }
+
+    public function count(): int
+    {
+        return \count($this->cookies);
+    }
+
+    /**
+     * @return \ArrayIterator<int, SetCookie>
+     */
+    public function getIterator(): \ArrayIterator
+    {
+        return new \ArrayIterator(\array_values($this->cookies));
+    }
+
+    public function extractCookies(RequestInterface $request, ResponseInterface $response): void
+    {
+        if ($cookieHeader = $response->getHeader('Set-Cookie')) {
+            foreach ($cookieHeader as $cookie) {
+                $sc = SetCookie::fromString($cookie);
+                if (!$sc->getDomain()) {
+                    $sc->setDomain($request->getUri()->getHost());
+                }
+                if (0 !== \strpos($sc->getPath(), '/')) {
+                    $sc->setPath($this->getCookiePathFromRequest($request));
+                }
+                if (!$sc->matchesDomain($request->getUri()->getHost())) {
+                    continue;
+                }
+                // Note: At this point `$sc->getDomain()` being a public suffix should
+                // be rejected, but we don't want to pull in the full PSL dependency.
+                $this->setCookie($sc);
+            }
+        }
+    }
+
+    /**
+     * Computes cookie path following RFC 6265 section 5.1.4
+     *
+     * @link https://tools.ietf.org/html/rfc6265#section-5.1.4
+     */
+    private function getCookiePathFromRequest(RequestInterface $request): string
+    {
+        $uriPath = $request->getUri()->getPath();
+        if ('' === $uriPath) {
+            return '/';
+        }
+        if (0 !== \strpos($uriPath, '/')) {
+            return '/';
+        }
+        if ('/' === $uriPath) {
+            return '/';
+        }
+        $lastSlashPos = \strrpos($uriPath, '/');
+        if (0 === $lastSlashPos || false === $lastSlashPos) {
+            return '/';
+        }
+
+        return \substr($uriPath, 0, $lastSlashPos);
+    }
+
+    public function withCookieHeader(RequestInterface $request): RequestInterface
+    {
+        $values = [];
+        $uri = $request->getUri();
+        $scheme = $uri->getScheme();
+        $host = $uri->getHost();
+        $path = $uri->getPath() ?: '/';
+
+        foreach ($this->cookies as $cookie) {
+            if ($cookie->matchesPath($path) &&
+                $cookie->matchesDomain($host) &&
+                !$cookie->isExpired() &&
+                (!$cookie->getSecure() || $scheme === 'https')
+            ) {
+                $values[] = $cookie->getName() . '='
+                    . $cookie->getValue();
+            }
+        }
+
+        return $values
+            ? $request->withHeader('Cookie', \implode('; ', $values))
+            : $request;
+    }
+
+    /**
+     * If a cookie already exists and the server asks to set it again with a
+     * null value, the cookie must be deleted.
+     */
+    private function removeCookieIfEmpty(SetCookie $cookie): void
+    {
+        $cookieValue = $cookie->getValue();
+        if ($cookieValue === null || $cookieValue === '') {
+            $this->clear(
+                $cookie->getDomain(),
+                $cookie->getPath(),
+                $cookie->getName()
+            );
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Cookie/CookieJarInterface.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Cookie/CookieJarInterface.php
new file mode 100644
index 000000000..7df374b5b
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Cookie/CookieJarInterface.php
@@ -0,0 +1,79 @@
+<?php
+
+namespace GuzzleHttp\Cookie;
+
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\ResponseInterface;
+
+/**
+ * Stores HTTP cookies.
+ *
+ * It extracts cookies from HTTP requests, and returns them in HTTP responses.
+ * CookieJarInterface instances automatically expire contained cookies when
+ * necessary. Subclasses are also responsible for storing and retrieving
+ * cookies from a file, database, etc.
+ *
+ * @link https://docs.python.org/2/library/cookielib.html Inspiration
+ * @extends \IteratorAggregate<SetCookie>
+ */
+interface CookieJarInterface extends \Countable, \IteratorAggregate
+{
+    /**
+     * Create a request with added cookie headers.
+     *
+     * If no matching cookies are found in the cookie jar, then no Cookie
+     * header is added to the request and the same request is returned.
+     *
+     * @param RequestInterface $request Request object to modify.
+     *
+     * @return RequestInterface returns the modified request.
+     */
+    public function withCookieHeader(RequestInterface $request): RequestInterface;
+
+    /**
+     * Extract cookies from an HTTP response and store them in the CookieJar.
+     *
+     * @param RequestInterface  $request  Request that was sent
+     * @param ResponseInterface $response Response that was received
+     */
+    public function extractCookies(RequestInterface $request, ResponseInterface $response): void;
+
+    /**
+     * Sets a cookie in the cookie jar.
+     *
+     * @param SetCookie $cookie Cookie to set.
+     *
+     * @return bool Returns true on success or false on failure
+     */
+    public function setCookie(SetCookie $cookie): bool;
+
+    /**
+     * Remove cookies currently held in the cookie jar.
+     *
+     * Invoking this method without arguments will empty the whole cookie jar.
+     * If given a $domain argument only cookies belonging to that domain will
+     * be removed. If given a $domain and $path argument, cookies belonging to
+     * the specified path within that domain are removed. If given all three
+     * arguments, then the cookie with the specified name, path and domain is
+     * removed.
+     *
+     * @param string|null $domain Clears cookies matching a domain
+     * @param string|null $path   Clears cookies matching a domain and path
+     * @param string|null $name   Clears cookies matching a domain, path, and name
+     */
+    public function clear(?string $domain = null, ?string $path = null, ?string $name = null): void;
+
+    /**
+     * Discard all sessions cookies.
+     *
+     * Removes cookies that don't have an expire field or a have a discard
+     * field set to true. To be called when the user agent shuts down according
+     * to RFC 2965.
+     */
+    public function clearSessionCookies(): void;
+
+    /**
+     * Converts the cookie jar to an array.
+     */
+    public function toArray(): array;
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Cookie/FileCookieJar.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Cookie/FileCookieJar.php
new file mode 100644
index 000000000..290236d54
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Cookie/FileCookieJar.php
@@ -0,0 +1,101 @@
+<?php
+
+namespace GuzzleHttp\Cookie;
+
+use GuzzleHttp\Utils;
+
+/**
+ * Persists non-session cookies using a JSON formatted file
+ */
+class FileCookieJar extends CookieJar
+{
+    /**
+     * @var string filename
+     */
+    private $filename;
+
+    /**
+     * @var bool Control whether to persist session cookies or not.
+     */
+    private $storeSessionCookies;
+
+    /**
+     * Create a new FileCookieJar object
+     *
+     * @param string $cookieFile          File to store the cookie data
+     * @param bool   $storeSessionCookies Set to true to store session cookies
+     *                                    in the cookie jar.
+     *
+     * @throws \RuntimeException if the file cannot be found or created
+     */
+    public function __construct(string $cookieFile, bool $storeSessionCookies = false)
+    {
+        parent::__construct();
+        $this->filename = $cookieFile;
+        $this->storeSessionCookies = $storeSessionCookies;
+
+        if (\file_exists($cookieFile)) {
+            $this->load($cookieFile);
+        }
+    }
+
+    /**
+     * Saves the file when shutting down
+     */
+    public function __destruct()
+    {
+        $this->save($this->filename);
+    }
+
+    /**
+     * Saves the cookies to a file.
+     *
+     * @param string $filename File to save
+     *
+     * @throws \RuntimeException if the file cannot be found or created
+     */
+    public function save(string $filename): void
+    {
+        $json = [];
+        /** @var SetCookie $cookie */
+        foreach ($this as $cookie) {
+            if (CookieJar::shouldPersist($cookie, $this->storeSessionCookies)) {
+                $json[] = $cookie->toArray();
+            }
+        }
+
+        $jsonStr = Utils::jsonEncode($json);
+        if (false === \file_put_contents($filename, $jsonStr, \LOCK_EX)) {
+            throw new \RuntimeException("Unable to save file {$filename}");
+        }
+    }
+
+    /**
+     * Load cookies from a JSON formatted file.
+     *
+     * Old cookies are kept unless overwritten by newly loaded ones.
+     *
+     * @param string $filename Cookie file to load.
+     *
+     * @throws \RuntimeException if the file cannot be loaded.
+     */
+    public function load(string $filename): void
+    {
+        $json = \file_get_contents($filename);
+        if (false === $json) {
+            throw new \RuntimeException("Unable to load file {$filename}");
+        }
+        if ($json === '') {
+            return;
+        }
+
+        $data = Utils::jsonDecode($json, true);
+        if (\is_array($data)) {
+            foreach ($data as $cookie) {
+                $this->setCookie(new SetCookie($cookie));
+            }
+        } elseif (\is_scalar($data) && !empty($data)) {
+            throw new \RuntimeException("Invalid cookie file: {$filename}");
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Cookie/SessionCookieJar.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Cookie/SessionCookieJar.php
new file mode 100644
index 000000000..5d51ca982
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Cookie/SessionCookieJar.php
@@ -0,0 +1,77 @@
+<?php
+
+namespace GuzzleHttp\Cookie;
+
+/**
+ * Persists cookies in the client session
+ */
+class SessionCookieJar extends CookieJar
+{
+    /**
+     * @var string session key
+     */
+    private $sessionKey;
+
+    /**
+     * @var bool Control whether to persist session cookies or not.
+     */
+    private $storeSessionCookies;
+
+    /**
+     * Create a new SessionCookieJar object
+     *
+     * @param string $sessionKey          Session key name to store the cookie
+     *                                    data in session
+     * @param bool   $storeSessionCookies Set to true to store session cookies
+     *                                    in the cookie jar.
+     */
+    public function __construct(string $sessionKey, bool $storeSessionCookies = false)
+    {
+        parent::__construct();
+        $this->sessionKey = $sessionKey;
+        $this->storeSessionCookies = $storeSessionCookies;
+        $this->load();
+    }
+
+    /**
+     * Saves cookies to session when shutting down
+     */
+    public function __destruct()
+    {
+        $this->save();
+    }
+
+    /**
+     * Save cookies to the client session
+     */
+    public function save(): void
+    {
+        $json = [];
+        /** @var SetCookie $cookie */
+        foreach ($this as $cookie) {
+            if (CookieJar::shouldPersist($cookie, $this->storeSessionCookies)) {
+                $json[] = $cookie->toArray();
+            }
+        }
+
+        $_SESSION[$this->sessionKey] = \json_encode($json);
+    }
+
+    /**
+     * Load the contents of the client session into the data array
+     */
+    protected function load(): void
+    {
+        if (!isset($_SESSION[$this->sessionKey])) {
+            return;
+        }
+        $data = \json_decode($_SESSION[$this->sessionKey], true);
+        if (\is_array($data)) {
+            foreach ($data as $cookie) {
+                $this->setCookie(new SetCookie($cookie));
+            }
+        } elseif (\strlen($data)) {
+            throw new \RuntimeException("Invalid cookie data");
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Cookie/SetCookie.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Cookie/SetCookie.php
new file mode 100644
index 000000000..a613c77bf
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Cookie/SetCookie.php
@@ -0,0 +1,446 @@
+<?php
+
+namespace GuzzleHttp\Cookie;
+
+/**
+ * Set-Cookie object
+ */
+class SetCookie
+{
+    /**
+     * @var array
+     */
+    private static $defaults = [
+        'Name'     => null,
+        'Value'    => null,
+        'Domain'   => null,
+        'Path'     => '/',
+        'Max-Age'  => null,
+        'Expires'  => null,
+        'Secure'   => false,
+        'Discard'  => false,
+        'HttpOnly' => false
+    ];
+
+    /**
+     * @var array Cookie data
+     */
+    private $data;
+
+    /**
+     * Create a new SetCookie object from a string.
+     *
+     * @param string $cookie Set-Cookie header string
+     */
+    public static function fromString(string $cookie): self
+    {
+        // Create the default return array
+        $data = self::$defaults;
+        // Explode the cookie string using a series of semicolons
+        $pieces = \array_filter(\array_map('trim', \explode(';', $cookie)));
+        // The name of the cookie (first kvp) must exist and include an equal sign.
+        if (!isset($pieces[0]) || \strpos($pieces[0], '=') === false) {
+            return new self($data);
+        }
+
+        // Add the cookie pieces into the parsed data array
+        foreach ($pieces as $part) {
+            $cookieParts = \explode('=', $part, 2);
+            $key = \trim($cookieParts[0]);
+            $value = isset($cookieParts[1])
+                ? \trim($cookieParts[1], " \n\r\t\0\x0B")
+                : true;
+
+            // Only check for non-cookies when cookies have been found
+            if (!isset($data['Name'])) {
+                $data['Name'] = $key;
+                $data['Value'] = $value;
+            } else {
+                foreach (\array_keys(self::$defaults) as $search) {
+                    if (!\strcasecmp($search, $key)) {
+                        $data[$search] = $value;
+                        continue 2;
+                    }
+                }
+                $data[$key] = $value;
+            }
+        }
+
+        return new self($data);
+    }
+
+    /**
+     * @param array $data Array of cookie data provided by a Cookie parser
+     */
+    public function __construct(array $data = [])
+    {
+        /** @var array|null $replaced will be null in case of replace error */
+        $replaced = \array_replace(self::$defaults, $data);
+        if ($replaced === null) {
+            throw new \InvalidArgumentException('Unable to replace the default values for the Cookie.');
+        }
+
+        $this->data = $replaced;
+        // Extract the Expires value and turn it into a UNIX timestamp if needed
+        if (!$this->getExpires() && $this->getMaxAge()) {
+            // Calculate the Expires date
+            $this->setExpires(\time() + $this->getMaxAge());
+        } elseif (null !== ($expires = $this->getExpires()) && !\is_numeric($expires)) {
+            $this->setExpires($expires);
+        }
+    }
+
+    public function __toString()
+    {
+        $str = $this->data['Name'] . '=' . ($this->data['Value'] ?? '') . '; ';
+        foreach ($this->data as $k => $v) {
+            if ($k !== 'Name' && $k !== 'Value' && $v !== null && $v !== false) {
+                if ($k === 'Expires') {
+                    $str .= 'Expires=' . \gmdate('D, d M Y H:i:s \G\M\T', $v) . '; ';
+                } else {
+                    $str .= ($v === true ? $k : "{$k}={$v}") . '; ';
+                }
+            }
+        }
+
+        return \rtrim($str, '; ');
+    }
+
+    public function toArray(): array
+    {
+        return $this->data;
+    }
+
+    /**
+     * Get the cookie name.
+     *
+     * @return string
+     */
+    public function getName()
+    {
+        return $this->data['Name'];
+    }
+
+    /**
+     * Set the cookie name.
+     *
+     * @param string $name Cookie name
+     */
+    public function setName($name): void
+    {
+        if (!is_string($name)) {
+            trigger_deprecation('guzzlehttp/guzzle', '7.4', 'Not passing a string to %s::%s() is deprecated and will cause an error in 8.0.', __CLASS__, __FUNCTION__);
+        }
+
+        $this->data['Name'] = (string) $name;
+    }
+
+    /**
+     * Get the cookie value.
+     *
+     * @return string|null
+     */
+    public function getValue()
+    {
+        return $this->data['Value'];
+    }
+
+    /**
+     * Set the cookie value.
+     *
+     * @param string $value Cookie value
+     */
+    public function setValue($value): void
+    {
+        if (!is_string($value)) {
+            trigger_deprecation('guzzlehttp/guzzle', '7.4', 'Not passing a string to %s::%s() is deprecated and will cause an error in 8.0.', __CLASS__, __FUNCTION__);
+        }
+
+        $this->data['Value'] = (string) $value;
+    }
+
+    /**
+     * Get the domain.
+     *
+     * @return string|null
+     */
+    public function getDomain()
+    {
+        return $this->data['Domain'];
+    }
+
+    /**
+     * Set the domain of the cookie.
+     *
+     * @param string|null $domain
+     */
+    public function setDomain($domain): void
+    {
+        if (!is_string($domain) && null !== $domain) {
+            trigger_deprecation('guzzlehttp/guzzle', '7.4', 'Not passing a string or null to %s::%s() is deprecated and will cause an error in 8.0.', __CLASS__, __FUNCTION__);
+        }
+
+        $this->data['Domain'] = null === $domain ? null : (string) $domain;
+    }
+
+    /**
+     * Get the path.
+     *
+     * @return string
+     */
+    public function getPath()
+    {
+        return $this->data['Path'];
+    }
+
+    /**
+     * Set the path of the cookie.
+     *
+     * @param string $path Path of the cookie
+     */
+    public function setPath($path): void
+    {
+        if (!is_string($path)) {
+            trigger_deprecation('guzzlehttp/guzzle', '7.4', 'Not passing a string to %s::%s() is deprecated and will cause an error in 8.0.', __CLASS__, __FUNCTION__);
+        }
+
+        $this->data['Path'] = (string) $path;
+    }
+
+    /**
+     * Maximum lifetime of the cookie in seconds.
+     *
+     * @return int|null
+     */
+    public function getMaxAge()
+    {
+        return null === $this->data['Max-Age'] ? null : (int) $this->data['Max-Age'];
+    }
+
+    /**
+     * Set the max-age of the cookie.
+     *
+     * @param int|null $maxAge Max age of the cookie in seconds
+     */
+    public function setMaxAge($maxAge): void
+    {
+        if (!is_int($maxAge) && null !== $maxAge) {
+            trigger_deprecation('guzzlehttp/guzzle', '7.4', 'Not passing an int or null to %s::%s() is deprecated and will cause an error in 8.0.', __CLASS__, __FUNCTION__);
+        }
+
+        $this->data['Max-Age'] = $maxAge === null ? null : (int) $maxAge;
+    }
+
+    /**
+     * The UNIX timestamp when the cookie Expires.
+     *
+     * @return string|int|null
+     */
+    public function getExpires()
+    {
+        return $this->data['Expires'];
+    }
+
+    /**
+     * Set the unix timestamp for which the cookie will expire.
+     *
+     * @param int|string|null $timestamp Unix timestamp or any English textual datetime description.
+     */
+    public function setExpires($timestamp): void
+    {
+        if (!is_int($timestamp) && !is_string($timestamp) && null !== $timestamp) {
+            trigger_deprecation('guzzlehttp/guzzle', '7.4', 'Not passing an int, string or null to %s::%s() is deprecated and will cause an error in 8.0.', __CLASS__, __FUNCTION__);
+        }
+
+        $this->data['Expires'] = null === $timestamp ? null : (\is_numeric($timestamp) ? (int) $timestamp : \strtotime((string) $timestamp));
+    }
+
+    /**
+     * Get whether or not this is a secure cookie.
+     *
+     * @return bool
+     */
+    public function getSecure()
+    {
+        return $this->data['Secure'];
+    }
+
+    /**
+     * Set whether or not the cookie is secure.
+     *
+     * @param bool $secure Set to true or false if secure
+     */
+    public function setSecure($secure): void
+    {
+        if (!is_bool($secure)) {
+            trigger_deprecation('guzzlehttp/guzzle', '7.4', 'Not passing a bool to %s::%s() is deprecated and will cause an error in 8.0.', __CLASS__, __FUNCTION__);
+        }
+
+        $this->data['Secure'] = (bool) $secure;
+    }
+
+    /**
+     * Get whether or not this is a session cookie.
+     *
+     * @return bool|null
+     */
+    public function getDiscard()
+    {
+        return $this->data['Discard'];
+    }
+
+    /**
+     * Set whether or not this is a session cookie.
+     *
+     * @param bool $discard Set to true or false if this is a session cookie
+     */
+    public function setDiscard($discard): void
+    {
+        if (!is_bool($discard)) {
+            trigger_deprecation('guzzlehttp/guzzle', '7.4', 'Not passing a bool to %s::%s() is deprecated and will cause an error in 8.0.', __CLASS__, __FUNCTION__);
+        }
+
+        $this->data['Discard'] = (bool) $discard;
+    }
+
+    /**
+     * Get whether or not this is an HTTP only cookie.
+     *
+     * @return bool
+     */
+    public function getHttpOnly()
+    {
+        return $this->data['HttpOnly'];
+    }
+
+    /**
+     * Set whether or not this is an HTTP only cookie.
+     *
+     * @param bool $httpOnly Set to true or false if this is HTTP only
+     */
+    public function setHttpOnly($httpOnly): void
+    {
+        if (!is_bool($httpOnly)) {
+            trigger_deprecation('guzzlehttp/guzzle', '7.4', 'Not passing a bool to %s::%s() is deprecated and will cause an error in 8.0.', __CLASS__, __FUNCTION__);
+        }
+
+        $this->data['HttpOnly'] = (bool) $httpOnly;
+    }
+
+    /**
+     * Check if the cookie matches a path value.
+     *
+     * A request-path path-matches a given cookie-path if at least one of
+     * the following conditions holds:
+     *
+     * - The cookie-path and the request-path are identical.
+     * - The cookie-path is a prefix of the request-path, and the last
+     *   character of the cookie-path is %x2F ("/").
+     * - The cookie-path is a prefix of the request-path, and the first
+     *   character of the request-path that is not included in the cookie-
+     *   path is a %x2F ("/") character.
+     *
+     * @param string $requestPath Path to check against
+     */
+    public function matchesPath(string $requestPath): bool
+    {
+        $cookiePath = $this->getPath();
+
+        // Match on exact matches or when path is the default empty "/"
+        if ($cookiePath === '/' || $cookiePath == $requestPath) {
+            return true;
+        }
+
+        // Ensure that the cookie-path is a prefix of the request path.
+        if (0 !== \strpos($requestPath, $cookiePath)) {
+            return false;
+        }
+
+        // Match if the last character of the cookie-path is "/"
+        if (\substr($cookiePath, -1, 1) === '/') {
+            return true;
+        }
+
+        // Match if the first character not included in cookie path is "/"
+        return \substr($requestPath, \strlen($cookiePath), 1) === '/';
+    }
+
+    /**
+     * Check if the cookie matches a domain value.
+     *
+     * @param string $domain Domain to check against
+     */
+    public function matchesDomain(string $domain): bool
+    {
+        $cookieDomain = $this->getDomain();
+        if (null === $cookieDomain) {
+            return true;
+        }
+
+        // Remove the leading '.' as per spec in RFC 6265.
+        // https://tools.ietf.org/html/rfc6265#section-5.2.3
+        $cookieDomain = \ltrim(\strtolower($cookieDomain), '.');
+
+        $domain = \strtolower($domain);
+
+        // Domain not set or exact match.
+        if ('' === $cookieDomain || $domain === $cookieDomain) {
+            return true;
+        }
+
+        // Matching the subdomain according to RFC 6265.
+        // https://tools.ietf.org/html/rfc6265#section-5.1.3
+        if (\filter_var($domain, \FILTER_VALIDATE_IP)) {
+            return false;
+        }
+
+        return (bool) \preg_match('/\.' . \preg_quote($cookieDomain, '/') . '$/', $domain);
+    }
+
+    /**
+     * Check if the cookie is expired.
+     */
+    public function isExpired(): bool
+    {
+        return $this->getExpires() !== null && \time() > $this->getExpires();
+    }
+
+    /**
+     * Check if the cookie is valid according to RFC 6265.
+     *
+     * @return bool|string Returns true if valid or an error message if invalid
+     */
+    public function validate()
+    {
+        $name = $this->getName();
+        if ($name === '') {
+            return 'The cookie name must not be empty';
+        }
+
+        // Check if any of the invalid characters are present in the cookie name
+        if (\preg_match(
+            '/[\x00-\x20\x22\x28-\x29\x2c\x2f\x3a-\x40\x5c\x7b\x7d\x7f]/',
+            $name
+        )) {
+            return 'Cookie name must not contain invalid characters: ASCII '
+                . 'Control characters (0-31;127), space, tab and the '
+                . 'following characters: ()<>@,;:\"/?={}';
+        }
+
+        // Value must not be null. 0 and empty string are valid. Empty strings
+        // are technically against RFC 6265, but known to happen in the wild.
+        $value = $this->getValue();
+        if ($value === null) {
+            return 'The cookie value must not be empty';
+        }
+
+        // Domains must not be empty, but can be 0. "0" is not a valid internet
+        // domain, but may be used as server name in a private network.
+        $domain = $this->getDomain();
+        if ($domain === null || $domain === '') {
+            return 'The cookie domain must not be empty';
+        }
+
+        return true;
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/BadResponseException.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/BadResponseException.php
new file mode 100644
index 000000000..a80956c9d
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/BadResponseException.php
@@ -0,0 +1,39 @@
+<?php
+
+namespace GuzzleHttp\Exception;
+
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\ResponseInterface;
+
+/**
+ * Exception when an HTTP error occurs (4xx or 5xx error)
+ */
+class BadResponseException extends RequestException
+{
+    public function __construct(
+        string $message,
+        RequestInterface $request,
+        ResponseInterface $response,
+        \Throwable $previous = null,
+        array $handlerContext = []
+    ) {
+        parent::__construct($message, $request, $response, $previous, $handlerContext);
+    }
+
+    /**
+     * Current exception and the ones that extend it will always have a response.
+     */
+    public function hasResponse(): bool
+    {
+        return true;
+    }
+
+    /**
+     * This function narrows the return type from the parent class and does not allow it to be nullable.
+     */
+    public function getResponse(): ResponseInterface
+    {
+        /** @var ResponseInterface */
+        return parent::getResponse();
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/ClientException.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/ClientException.php
new file mode 100644
index 000000000..12fa5e351
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/ClientException.php
@@ -0,0 +1,10 @@
+<?php
+
+namespace GuzzleHttp\Exception;
+
+/**
+ * Exception when a client error is encountered (4xx codes)
+ */
+class ClientException extends BadResponseException
+{
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/ConnectException.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/ConnectException.php
new file mode 100644
index 000000000..e1a31519c
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/ConnectException.php
@@ -0,0 +1,56 @@
+<?php
+
+namespace GuzzleHttp\Exception;
+
+use Psr\Http\Client\NetworkExceptionInterface;
+use Psr\Http\Message\RequestInterface;
+
+/**
+ * Exception thrown when a connection cannot be established.
+ *
+ * Note that no response is present for a ConnectException
+ */
+class ConnectException extends TransferException implements NetworkExceptionInterface
+{
+    /**
+     * @var RequestInterface
+     */
+    private $request;
+
+    /**
+     * @var array
+     */
+    private $handlerContext;
+
+    public function __construct(
+        string $message,
+        RequestInterface $request,
+        \Throwable $previous = null,
+        array $handlerContext = []
+    ) {
+        parent::__construct($message, 0, $previous);
+        $this->request = $request;
+        $this->handlerContext = $handlerContext;
+    }
+
+    /**
+     * Get the request that caused the exception
+     */
+    public function getRequest(): RequestInterface
+    {
+        return $this->request;
+    }
+
+    /**
+     * Get contextual information about the error from the underlying handler.
+     *
+     * The contents of this array will vary depending on which handler you are
+     * using. It may also be just an empty array. Relying on this data will
+     * couple you to a specific handler, but can give more debug information
+     * when needed.
+     */
+    public function getHandlerContext(): array
+    {
+        return $this->handlerContext;
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/GuzzleException.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/GuzzleException.php
new file mode 100644
index 000000000..fa3ed6998
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/GuzzleException.php
@@ -0,0 +1,9 @@
+<?php
+
+namespace GuzzleHttp\Exception;
+
+use Psr\Http\Client\ClientExceptionInterface;
+
+interface GuzzleException extends ClientExceptionInterface
+{
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/InvalidArgumentException.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/InvalidArgumentException.php
new file mode 100644
index 000000000..bfd20e232
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/InvalidArgumentException.php
@@ -0,0 +1,7 @@
+<?php
+
+namespace GuzzleHttp\Exception;
+
+final class InvalidArgumentException extends \InvalidArgumentException implements GuzzleException
+{
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php
new file mode 100644
index 000000000..c2d0a9ccc
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php
@@ -0,0 +1,166 @@
+<?php
+
+namespace GuzzleHttp\Exception;
+
+use GuzzleHttp\BodySummarizer;
+use GuzzleHttp\BodySummarizerInterface;
+use Psr\Http\Client\RequestExceptionInterface;
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\UriInterface;
+
+/**
+ * HTTP Request exception
+ */
+class RequestException extends TransferException implements RequestExceptionInterface
+{
+    /**
+     * @var RequestInterface
+     */
+    private $request;
+
+    /**
+     * @var ResponseInterface|null
+     */
+    private $response;
+
+    /**
+     * @var array
+     */
+    private $handlerContext;
+
+    public function __construct(
+        string $message,
+        RequestInterface $request,
+        ResponseInterface $response = null,
+        \Throwable $previous = null,
+        array $handlerContext = []
+    ) {
+        // Set the code of the exception if the response is set and not future.
+        $code = $response ? $response->getStatusCode() : 0;
+        parent::__construct($message, $code, $previous);
+        $this->request = $request;
+        $this->response = $response;
+        $this->handlerContext = $handlerContext;
+    }
+
+    /**
+     * Wrap non-RequestExceptions with a RequestException
+     */
+    public static function wrapException(RequestInterface $request, \Throwable $e): RequestException
+    {
+        return $e instanceof RequestException ? $e : new RequestException($e->getMessage(), $request, null, $e);
+    }
+
+    /**
+     * Factory method to create a new exception with a normalized error message
+     *
+     * @param RequestInterface             $request        Request sent
+     * @param ResponseInterface            $response       Response received
+     * @param \Throwable|null              $previous       Previous exception
+     * @param array                        $handlerContext Optional handler context
+     * @param BodySummarizerInterface|null $bodySummarizer Optional body summarizer
+     */
+    public static function create(
+        RequestInterface $request,
+        ResponseInterface $response = null,
+        \Throwable $previous = null,
+        array $handlerContext = [],
+        BodySummarizerInterface $bodySummarizer = null
+    ): self {
+        if (!$response) {
+            return new self(
+                'Error completing request',
+                $request,
+                null,
+                $previous,
+                $handlerContext
+            );
+        }
+
+        $level = (int) \floor($response->getStatusCode() / 100);
+        if ($level === 4) {
+            $label = 'Client error';
+            $className = ClientException::class;
+        } elseif ($level === 5) {
+            $label = 'Server error';
+            $className = ServerException::class;
+        } else {
+            $label = 'Unsuccessful request';
+            $className = __CLASS__;
+        }
+
+        $uri = $request->getUri();
+        $uri = static::obfuscateUri($uri);
+
+        // Client Error: `GET /` resulted in a `404 Not Found` response:
+        // <html> ... (truncated)
+        $message = \sprintf(
+            '%s: `%s %s` resulted in a `%s %s` response',
+            $label,
+            $request->getMethod(),
+            $uri->__toString(),
+            $response->getStatusCode(),
+            $response->getReasonPhrase()
+        );
+
+        $summary = ($bodySummarizer ?? new BodySummarizer())->summarize($response);
+
+        if ($summary !== null) {
+            $message .= ":\n{$summary}\n";
+        }
+
+        return new $className($message, $request, $response, $previous, $handlerContext);
+    }
+
+    /**
+     * Obfuscates URI if there is a username and a password present
+     */
+    private static function obfuscateUri(UriInterface $uri): UriInterface
+    {
+        $userInfo = $uri->getUserInfo();
+
+        if (false !== ($pos = \strpos($userInfo, ':'))) {
+            return $uri->withUserInfo(\substr($userInfo, 0, $pos), '***');
+        }
+
+        return $uri;
+    }
+
+    /**
+     * Get the request that caused the exception
+     */
+    public function getRequest(): RequestInterface
+    {
+        return $this->request;
+    }
+
+    /**
+     * Get the associated response
+     */
+    public function getResponse(): ?ResponseInterface
+    {
+        return $this->response;
+    }
+
+    /**
+     * Check if a response was received
+     */
+    public function hasResponse(): bool
+    {
+        return $this->response !== null;
+    }
+
+    /**
+     * Get contextual information about the error from the underlying handler.
+     *
+     * The contents of this array will vary depending on which handler you are
+     * using. It may also be just an empty array. Relying on this data will
+     * couple you to a specific handler, but can give more debug information
+     * when needed.
+     */
+    public function getHandlerContext(): array
+    {
+        return $this->handlerContext;
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/ServerException.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/ServerException.php
new file mode 100644
index 000000000..8055e067c
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/ServerException.php
@@ -0,0 +1,10 @@
+<?php
+
+namespace GuzzleHttp\Exception;
+
+/**
+ * Exception when a server error is encountered (5xx codes)
+ */
+class ServerException extends BadResponseException
+{
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/TooManyRedirectsException.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/TooManyRedirectsException.php
new file mode 100644
index 000000000..fad3a57cf
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/TooManyRedirectsException.php
@@ -0,0 +1,7 @@
+<?php
+
+namespace GuzzleHttp\Exception;
+
+class TooManyRedirectsException extends RequestException
+{
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/TransferException.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/TransferException.php
new file mode 100644
index 000000000..507633608
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Exception/TransferException.php
@@ -0,0 +1,7 @@
+<?php
+
+namespace GuzzleHttp\Exception;
+
+class TransferException extends \RuntimeException implements GuzzleException
+{
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php
new file mode 100644
index 000000000..0c45089f1
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php
@@ -0,0 +1,595 @@
+<?php
+
+namespace GuzzleHttp\Handler;
+
+use GuzzleHttp\Exception\ConnectException;
+use GuzzleHttp\Exception\RequestException;
+use GuzzleHttp\Promise as P;
+use GuzzleHttp\Promise\FulfilledPromise;
+use GuzzleHttp\Promise\PromiseInterface;
+use GuzzleHttp\Psr7\LazyOpenStream;
+use GuzzleHttp\TransferStats;
+use GuzzleHttp\Utils;
+use Psr\Http\Message\RequestInterface;
+
+/**
+ * Creates curl resources from a request
+ *
+ * @final
+ */
+class CurlFactory implements CurlFactoryInterface
+{
+    public const CURL_VERSION_STR = 'curl_version';
+
+    /**
+     * @deprecated
+     */
+    public const LOW_CURL_VERSION_NUMBER = '7.21.2';
+
+    /**
+     * @var resource[]|\CurlHandle[]
+     */
+    private $handles = [];
+
+    /**
+     * @var int Total number of idle handles to keep in cache
+     */
+    private $maxHandles;
+
+    /**
+     * @param int $maxHandles Maximum number of idle handles.
+     */
+    public function __construct(int $maxHandles)
+    {
+        $this->maxHandles = $maxHandles;
+    }
+
+    public function create(RequestInterface $request, array $options): EasyHandle
+    {
+        if (isset($options['curl']['body_as_string'])) {
+            $options['_body_as_string'] = $options['curl']['body_as_string'];
+            unset($options['curl']['body_as_string']);
+        }
+
+        $easy = new EasyHandle;
+        $easy->request = $request;
+        $easy->options = $options;
+        $conf = $this->getDefaultConf($easy);
+        $this->applyMethod($easy, $conf);
+        $this->applyHandlerOptions($easy, $conf);
+        $this->applyHeaders($easy, $conf);
+        unset($conf['_headers']);
+
+        // Add handler options from the request configuration options
+        if (isset($options['curl'])) {
+            $conf = \array_replace($conf, $options['curl']);
+        }
+
+        $conf[\CURLOPT_HEADERFUNCTION] = $this->createHeaderFn($easy);
+        $easy->handle = $this->handles ? \array_pop($this->handles) : \curl_init();
+        curl_setopt_array($easy->handle, $conf);
+
+        return $easy;
+    }
+
+    public function release(EasyHandle $easy): void
+    {
+        $resource = $easy->handle;
+        unset($easy->handle);
+
+        if (\count($this->handles) >= $this->maxHandles) {
+            \curl_close($resource);
+        } else {
+            // Remove all callback functions as they can hold onto references
+            // and are not cleaned up by curl_reset. Using curl_setopt_array
+            // does not work for some reason, so removing each one
+            // individually.
+            \curl_setopt($resource, \CURLOPT_HEADERFUNCTION, null);
+            \curl_setopt($resource, \CURLOPT_READFUNCTION, null);
+            \curl_setopt($resource, \CURLOPT_WRITEFUNCTION, null);
+            \curl_setopt($resource, \CURLOPT_PROGRESSFUNCTION, null);
+            \curl_reset($resource);
+            $this->handles[] = $resource;
+        }
+    }
+
+    /**
+     * Completes a cURL transaction, either returning a response promise or a
+     * rejected promise.
+     *
+     * @param callable(RequestInterface, array): PromiseInterface $handler
+     * @param CurlFactoryInterface                                $factory Dictates how the handle is released
+     */
+    public static function finish(callable $handler, EasyHandle $easy, CurlFactoryInterface $factory): PromiseInterface
+    {
+        if (isset($easy->options['on_stats'])) {
+            self::invokeStats($easy);
+        }
+
+        if (!$easy->response || $easy->errno) {
+            return self::finishError($handler, $easy, $factory);
+        }
+
+        // Return the response if it is present and there is no error.
+        $factory->release($easy);
+
+        // Rewind the body of the response if possible.
+        $body = $easy->response->getBody();
+        if ($body->isSeekable()) {
+            $body->rewind();
+        }
+
+        return new FulfilledPromise($easy->response);
+    }
+
+    private static function invokeStats(EasyHandle $easy): void
+    {
+        $curlStats = \curl_getinfo($easy->handle);
+        $curlStats['appconnect_time'] = \curl_getinfo($easy->handle, \CURLINFO_APPCONNECT_TIME);
+        $stats = new TransferStats(
+            $easy->request,
+            $easy->response,
+            $curlStats['total_time'],
+            $easy->errno,
+            $curlStats
+        );
+        ($easy->options['on_stats'])($stats);
+    }
+
+    /**
+     * @param callable(RequestInterface, array): PromiseInterface $handler
+     */
+    private static function finishError(callable $handler, EasyHandle $easy, CurlFactoryInterface $factory): PromiseInterface
+    {
+        // Get error information and release the handle to the factory.
+        $ctx = [
+            'errno' => $easy->errno,
+            'error' => \curl_error($easy->handle),
+            'appconnect_time' => \curl_getinfo($easy->handle, \CURLINFO_APPCONNECT_TIME),
+        ] + \curl_getinfo($easy->handle);
+        $ctx[self::CURL_VERSION_STR] = \curl_version()['version'];
+        $factory->release($easy);
+
+        // Retry when nothing is present or when curl failed to rewind.
+        if (empty($easy->options['_err_message']) && (!$easy->errno || $easy->errno == 65)) {
+            return self::retryFailedRewind($handler, $easy, $ctx);
+        }
+
+        return self::createRejection($easy, $ctx);
+    }
+
+    private static function createRejection(EasyHandle $easy, array $ctx): PromiseInterface
+    {
+        static $connectionErrors = [
+            \CURLE_OPERATION_TIMEOUTED  => true,
+            \CURLE_COULDNT_RESOLVE_HOST => true,
+            \CURLE_COULDNT_CONNECT      => true,
+            \CURLE_SSL_CONNECT_ERROR    => true,
+            \CURLE_GOT_NOTHING          => true,
+        ];
+
+        if ($easy->createResponseException) {
+            return P\Create::rejectionFor(
+                new RequestException(
+                    'An error was encountered while creating the response',
+                    $easy->request,
+                    $easy->response,
+                    $easy->createResponseException,
+                    $ctx
+                )
+            );
+        }
+
+        // If an exception was encountered during the onHeaders event, then
+        // return a rejected promise that wraps that exception.
+        if ($easy->onHeadersException) {
+            return P\Create::rejectionFor(
+                new RequestException(
+                    'An error was encountered during the on_headers event',
+                    $easy->request,
+                    $easy->response,
+                    $easy->onHeadersException,
+                    $ctx
+                )
+            );
+        }
+
+        $message = \sprintf(
+            'cURL error %s: %s (%s)',
+            $ctx['errno'],
+            $ctx['error'],
+            'see https://curl.haxx.se/libcurl/c/libcurl-errors.html'
+        );
+        $uriString = (string) $easy->request->getUri();
+        if ($uriString !== '' && false === \strpos($ctx['error'], $uriString)) {
+            $message .= \sprintf(' for %s', $uriString);
+        }
+
+        // Create a connection exception if it was a specific error code.
+        $error = isset($connectionErrors[$easy->errno])
+            ? new ConnectException($message, $easy->request, null, $ctx)
+            : new RequestException($message, $easy->request, $easy->response, null, $ctx);
+
+        return P\Create::rejectionFor($error);
+    }
+
+    /**
+     * @return array<int|string, mixed>
+     */
+    private function getDefaultConf(EasyHandle $easy): array
+    {
+        $conf = [
+            '_headers'              => $easy->request->getHeaders(),
+            \CURLOPT_CUSTOMREQUEST  => $easy->request->getMethod(),
+            \CURLOPT_URL            => (string) $easy->request->getUri()->withFragment(''),
+            \CURLOPT_RETURNTRANSFER => false,
+            \CURLOPT_HEADER         => false,
+            \CURLOPT_CONNECTTIMEOUT => 150,
+        ];
+
+        if (\defined('CURLOPT_PROTOCOLS')) {
+            $conf[\CURLOPT_PROTOCOLS] = \CURLPROTO_HTTP | \CURLPROTO_HTTPS;
+        }
+
+        $version = $easy->request->getProtocolVersion();
+        if ($version == 1.1) {
+            $conf[\CURLOPT_HTTP_VERSION] = \CURL_HTTP_VERSION_1_1;
+        } elseif ($version == 2.0) {
+            $conf[\CURLOPT_HTTP_VERSION] = \CURL_HTTP_VERSION_2_0;
+        } else {
+            $conf[\CURLOPT_HTTP_VERSION] = \CURL_HTTP_VERSION_1_0;
+        }
+
+        return $conf;
+    }
+
+    private function applyMethod(EasyHandle $easy, array &$conf): void
+    {
+        $body = $easy->request->getBody();
+        $size = $body->getSize();
+
+        if ($size === null || $size > 0) {
+            $this->applyBody($easy->request, $easy->options, $conf);
+            return;
+        }
+
+        $method = $easy->request->getMethod();
+        if ($method === 'PUT' || $method === 'POST') {
+            // See https://tools.ietf.org/html/rfc7230#section-3.3.2
+            if (!$easy->request->hasHeader('Content-Length')) {
+                $conf[\CURLOPT_HTTPHEADER][] = 'Content-Length: 0';
+            }
+        } elseif ($method === 'HEAD') {
+            $conf[\CURLOPT_NOBODY] = true;
+            unset(
+                $conf[\CURLOPT_WRITEFUNCTION],
+                $conf[\CURLOPT_READFUNCTION],
+                $conf[\CURLOPT_FILE],
+                $conf[\CURLOPT_INFILE]
+            );
+        }
+    }
+
+    private function applyBody(RequestInterface $request, array $options, array &$conf): void
+    {
+        $size = $request->hasHeader('Content-Length')
+            ? (int) $request->getHeaderLine('Content-Length')
+            : null;
+
+        // Send the body as a string if the size is less than 1MB OR if the
+        // [curl][body_as_string] request value is set.
+        if (($size !== null && $size < 1000000) || !empty($options['_body_as_string'])) {
+            $conf[\CURLOPT_POSTFIELDS] = (string) $request->getBody();
+            // Don't duplicate the Content-Length header
+            $this->removeHeader('Content-Length', $conf);
+            $this->removeHeader('Transfer-Encoding', $conf);
+        } else {
+            $conf[\CURLOPT_UPLOAD] = true;
+            if ($size !== null) {
+                $conf[\CURLOPT_INFILESIZE] = $size;
+                $this->removeHeader('Content-Length', $conf);
+            }
+            $body = $request->getBody();
+            if ($body->isSeekable()) {
+                $body->rewind();
+            }
+            $conf[\CURLOPT_READFUNCTION] = static function ($ch, $fd, $length) use ($body) {
+                return $body->read($length);
+            };
+        }
+
+        // If the Expect header is not present, prevent curl from adding it
+        if (!$request->hasHeader('Expect')) {
+            $conf[\CURLOPT_HTTPHEADER][] = 'Expect:';
+        }
+
+        // cURL sometimes adds a content-type by default. Prevent this.
+        if (!$request->hasHeader('Content-Type')) {
+            $conf[\CURLOPT_HTTPHEADER][] = 'Content-Type:';
+        }
+    }
+
+    private function applyHeaders(EasyHandle $easy, array &$conf): void
+    {
+        foreach ($conf['_headers'] as $name => $values) {
+            foreach ($values as $value) {
+                $value = (string) $value;
+                if ($value === '') {
+                    // cURL requires a special format for empty headers.
+                    // See https://github.com/guzzle/guzzle/issues/1882 for more details.
+                    $conf[\CURLOPT_HTTPHEADER][] = "$name;";
+                } else {
+                    $conf[\CURLOPT_HTTPHEADER][] = "$name: $value";
+                }
+            }
+        }
+
+        // Remove the Accept header if one was not set
+        if (!$easy->request->hasHeader('Accept')) {
+            $conf[\CURLOPT_HTTPHEADER][] = 'Accept:';
+        }
+    }
+
+    /**
+     * Remove a header from the options array.
+     *
+     * @param string $name    Case-insensitive header to remove
+     * @param array  $options Array of options to modify
+     */
+    private function removeHeader(string $name, array &$options): void
+    {
+        foreach (\array_keys($options['_headers']) as $key) {
+            if (!\strcasecmp($key, $name)) {
+                unset($options['_headers'][$key]);
+                return;
+            }
+        }
+    }
+
+    private function applyHandlerOptions(EasyHandle $easy, array &$conf): void
+    {
+        $options = $easy->options;
+        if (isset($options['verify'])) {
+            if ($options['verify'] === false) {
+                unset($conf[\CURLOPT_CAINFO]);
+                $conf[\CURLOPT_SSL_VERIFYHOST] = 0;
+                $conf[\CURLOPT_SSL_VERIFYPEER] = false;
+            } else {
+                $conf[\CURLOPT_SSL_VERIFYHOST] = 2;
+                $conf[\CURLOPT_SSL_VERIFYPEER] = true;
+                if (\is_string($options['verify'])) {
+                    // Throw an error if the file/folder/link path is not valid or doesn't exist.
+                    if (!\file_exists($options['verify'])) {
+                        throw new \InvalidArgumentException("SSL CA bundle not found: {$options['verify']}");
+                    }
+                    // If it's a directory or a link to a directory use CURLOPT_CAPATH.
+                    // If not, it's probably a file, or a link to a file, so use CURLOPT_CAINFO.
+                    if (
+                        \is_dir($options['verify']) ||
+                        (
+                            \is_link($options['verify']) === true &&
+                            ($verifyLink = \readlink($options['verify'])) !== false &&
+                            \is_dir($verifyLink)
+                        )
+                    ) {
+                        $conf[\CURLOPT_CAPATH] = $options['verify'];
+                    } else {
+                        $conf[\CURLOPT_CAINFO] = $options['verify'];
+                    }
+                }
+            }
+        }
+
+        if (!isset($options['curl'][\CURLOPT_ENCODING]) && !empty($options['decode_content'])) {
+            $accept = $easy->request->getHeaderLine('Accept-Encoding');
+            if ($accept) {
+                $conf[\CURLOPT_ENCODING] = $accept;
+            } else {
+                // The empty string enables all available decoders and implicitly
+                // sets a matching 'Accept-Encoding' header.
+                $conf[\CURLOPT_ENCODING] = '';
+                // But as the user did not specify any acceptable encodings we need
+                // to overwrite this implicit header with an empty one.
+                $conf[\CURLOPT_HTTPHEADER][] = 'Accept-Encoding:';
+            }
+        }
+
+        if (!isset($options['sink'])) {
+            // Use a default temp stream if no sink was set.
+            $options['sink'] = \GuzzleHttp\Psr7\Utils::tryFopen('php://temp', 'w+');
+        }
+        $sink = $options['sink'];
+        if (!\is_string($sink)) {
+            $sink = \GuzzleHttp\Psr7\Utils::streamFor($sink);
+        } elseif (!\is_dir(\dirname($sink))) {
+            // Ensure that the directory exists before failing in curl.
+            throw new \RuntimeException(\sprintf('Directory %s does not exist for sink value of %s', \dirname($sink), $sink));
+        } else {
+            $sink = new LazyOpenStream($sink, 'w+');
+        }
+        $easy->sink = $sink;
+        $conf[\CURLOPT_WRITEFUNCTION] = static function ($ch, $write) use ($sink): int {
+            return $sink->write($write);
+        };
+
+        $timeoutRequiresNoSignal = false;
+        if (isset($options['timeout'])) {
+            $timeoutRequiresNoSignal |= $options['timeout'] < 1;
+            $conf[\CURLOPT_TIMEOUT_MS] = $options['timeout'] * 1000;
+        }
+
+        // CURL default value is CURL_IPRESOLVE_WHATEVER
+        if (isset($options['force_ip_resolve'])) {
+            if ('v4' === $options['force_ip_resolve']) {
+                $conf[\CURLOPT_IPRESOLVE] = \CURL_IPRESOLVE_V4;
+            } elseif ('v6' === $options['force_ip_resolve']) {
+                $conf[\CURLOPT_IPRESOLVE] = \CURL_IPRESOLVE_V6;
+            }
+        }
+
+        if (isset($options['connect_timeout'])) {
+            $timeoutRequiresNoSignal |= $options['connect_timeout'] < 1;
+            $conf[\CURLOPT_CONNECTTIMEOUT_MS] = $options['connect_timeout'] * 1000;
+        }
+
+        if ($timeoutRequiresNoSignal && \strtoupper(\substr(\PHP_OS, 0, 3)) !== 'WIN') {
+            $conf[\CURLOPT_NOSIGNAL] = true;
+        }
+
+        if (isset($options['proxy'])) {
+            if (!\is_array($options['proxy'])) {
+                $conf[\CURLOPT_PROXY] = $options['proxy'];
+            } else {
+                $scheme = $easy->request->getUri()->getScheme();
+                if (isset($options['proxy'][$scheme])) {
+                    $host = $easy->request->getUri()->getHost();
+                    if (!isset($options['proxy']['no']) || !Utils::isHostInNoProxy($host, $options['proxy']['no'])) {
+                        $conf[\CURLOPT_PROXY] = $options['proxy'][$scheme];
+                    }
+                }
+            }
+        }
+
+        if (isset($options['cert'])) {
+            $cert = $options['cert'];
+            if (\is_array($cert)) {
+                $conf[\CURLOPT_SSLCERTPASSWD] = $cert[1];
+                $cert = $cert[0];
+            }
+            if (!\file_exists($cert)) {
+                throw new \InvalidArgumentException("SSL certificate not found: {$cert}");
+            }
+            # OpenSSL (versions 0.9.3 and later) also support "P12" for PKCS#12-encoded files.
+            # see https://curl.se/libcurl/c/CURLOPT_SSLCERTTYPE.html
+            $ext = pathinfo($cert, \PATHINFO_EXTENSION);
+            if (preg_match('#^(der|p12)$#i', $ext)) {
+                $conf[\CURLOPT_SSLCERTTYPE] = strtoupper($ext);
+            }
+            $conf[\CURLOPT_SSLCERT] = $cert;
+        }
+
+        if (isset($options['ssl_key'])) {
+            if (\is_array($options['ssl_key'])) {
+                if (\count($options['ssl_key']) === 2) {
+                    [$sslKey, $conf[\CURLOPT_SSLKEYPASSWD]] = $options['ssl_key'];
+                } else {
+                    [$sslKey] = $options['ssl_key'];
+                }
+            }
+
+            $sslKey = $sslKey ?? $options['ssl_key'];
+
+            if (!\file_exists($sslKey)) {
+                throw new \InvalidArgumentException("SSL private key not found: {$sslKey}");
+            }
+            $conf[\CURLOPT_SSLKEY] = $sslKey;
+        }
+
+        if (isset($options['progress'])) {
+            $progress = $options['progress'];
+            if (!\is_callable($progress)) {
+                throw new \InvalidArgumentException('progress client option must be callable');
+            }
+            $conf[\CURLOPT_NOPROGRESS] = false;
+            $conf[\CURLOPT_PROGRESSFUNCTION] = static function ($resource, int $downloadSize, int $downloaded, int $uploadSize, int $uploaded) use ($progress) {
+                $progress($downloadSize, $downloaded, $uploadSize, $uploaded);
+            };
+        }
+
+        if (!empty($options['debug'])) {
+            $conf[\CURLOPT_STDERR] = Utils::debugResource($options['debug']);
+            $conf[\CURLOPT_VERBOSE] = true;
+        }
+    }
+
+    /**
+     * This function ensures that a response was set on a transaction. If one
+     * was not set, then the request is retried if possible. This error
+     * typically means you are sending a payload, curl encountered a
+     * "Connection died, retrying a fresh connect" error, tried to rewind the
+     * stream, and then encountered a "necessary data rewind wasn't possible"
+     * error, causing the request to be sent through curl_multi_info_read()
+     * without an error status.
+     *
+     * @param callable(RequestInterface, array): PromiseInterface $handler
+     */
+    private static function retryFailedRewind(callable $handler, EasyHandle $easy, array $ctx): PromiseInterface
+    {
+        try {
+            // Only rewind if the body has been read from.
+            $body = $easy->request->getBody();
+            if ($body->tell() > 0) {
+                $body->rewind();
+            }
+        } catch (\RuntimeException $e) {
+            $ctx['error'] = 'The connection unexpectedly failed without '
+                . 'providing an error. The request would have been retried, '
+                . 'but attempting to rewind the request body failed. '
+                . 'Exception: ' . $e;
+            return self::createRejection($easy, $ctx);
+        }
+
+        // Retry no more than 3 times before giving up.
+        if (!isset($easy->options['_curl_retries'])) {
+            $easy->options['_curl_retries'] = 1;
+        } elseif ($easy->options['_curl_retries'] == 2) {
+            $ctx['error'] = 'The cURL request was retried 3 times '
+                . 'and did not succeed. The most likely reason for the failure '
+                . 'is that cURL was unable to rewind the body of the request '
+                . 'and subsequent retries resulted in the same error. Turn on '
+                . 'the debug option to see what went wrong. See '
+                . 'https://bugs.php.net/bug.php?id=47204 for more information.';
+            return self::createRejection($easy, $ctx);
+        } else {
+            $easy->options['_curl_retries']++;
+        }
+
+        return $handler($easy->request, $easy->options);
+    }
+
+    private function createHeaderFn(EasyHandle $easy): callable
+    {
+        if (isset($easy->options['on_headers'])) {
+            $onHeaders = $easy->options['on_headers'];
+
+            if (!\is_callable($onHeaders)) {
+                throw new \InvalidArgumentException('on_headers must be callable');
+            }
+        } else {
+            $onHeaders = null;
+        }
+
+        return static function ($ch, $h) use (
+            $onHeaders,
+            $easy,
+            &$startingResponse
+        ) {
+            $value = \trim($h);
+            if ($value === '') {
+                $startingResponse = true;
+                try {
+                    $easy->createResponse();
+                } catch (\Exception $e) {
+                    $easy->createResponseException = $e;
+                    return -1;
+                }
+                if ($onHeaders !== null) {
+                    try {
+                        $onHeaders($easy->response);
+                    } catch (\Exception $e) {
+                        // Associate the exception with the handle and trigger
+                        // a curl header write error by returning 0.
+                        $easy->onHeadersException = $e;
+                        return -1;
+                    }
+                }
+            } elseif ($startingResponse) {
+                $startingResponse = false;
+                $easy->headers = [$value];
+            } else {
+                $easy->headers[] = $value;
+            }
+            return \strlen($h);
+        };
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/CurlFactoryInterface.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/CurlFactoryInterface.php
new file mode 100644
index 000000000..fe57ed5d5
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/CurlFactoryInterface.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace GuzzleHttp\Handler;
+
+use Psr\Http\Message\RequestInterface;
+
+interface CurlFactoryInterface
+{
+    /**
+     * Creates a cURL handle resource.
+     *
+     * @param RequestInterface $request Request
+     * @param array            $options Transfer options
+     *
+     * @throws \RuntimeException when an option cannot be applied
+     */
+    public function create(RequestInterface $request, array $options): EasyHandle;
+
+    /**
+     * Release an easy handle, allowing it to be reused or closed.
+     *
+     * This function must call unset on the easy handle's "handle" property.
+     */
+    public function release(EasyHandle $easy): void;
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/CurlHandler.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/CurlHandler.php
new file mode 100644
index 000000000..9ad10a9b0
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/CurlHandler.php
@@ -0,0 +1,49 @@
+<?php
+
+namespace GuzzleHttp\Handler;
+
+use GuzzleHttp\Promise\PromiseInterface;
+use Psr\Http\Message\RequestInterface;
+
+/**
+ * HTTP handler that uses cURL easy handles as a transport layer.
+ *
+ * When using the CurlHandler, custom curl options can be specified as an
+ * associative array of curl option constants mapping to values in the
+ * **curl** key of the "client" key of the request.
+ *
+ * @final
+ */
+class CurlHandler
+{
+    /**
+     * @var CurlFactoryInterface
+     */
+    private $factory;
+
+    /**
+     * Accepts an associative array of options:
+     *
+     * - handle_factory: Optional curl factory used to create cURL handles.
+     *
+     * @param array{handle_factory?: ?CurlFactoryInterface} $options Array of options to use with the handler
+     */
+    public function __construct(array $options = [])
+    {
+        $this->factory = $options['handle_factory']
+            ?? new CurlFactory(3);
+    }
+
+    public function __invoke(RequestInterface $request, array $options): PromiseInterface
+    {
+        if (isset($options['delay'])) {
+            \usleep($options['delay'] * 1000);
+        }
+
+        $easy = $this->factory->create($request, $options);
+        \curl_exec($easy->handle);
+        $easy->errno = \curl_errno($easy->handle);
+
+        return CurlFactory::finish($this, $easy, $this->factory);
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/CurlMultiHandler.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/CurlMultiHandler.php
new file mode 100644
index 000000000..4356d0247
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/CurlMultiHandler.php
@@ -0,0 +1,262 @@
+<?php
+
+namespace GuzzleHttp\Handler;
+
+use GuzzleHttp\Promise as P;
+use GuzzleHttp\Promise\Promise;
+use GuzzleHttp\Promise\PromiseInterface;
+use GuzzleHttp\Utils;
+use Psr\Http\Message\RequestInterface;
+
+/**
+ * Returns an asynchronous response using curl_multi_* functions.
+ *
+ * When using the CurlMultiHandler, custom curl options can be specified as an
+ * associative array of curl option constants mapping to values in the
+ * **curl** key of the provided request options.
+ *
+ * @property resource|\CurlMultiHandle $_mh Internal use only. Lazy loaded multi-handle.
+ *
+ * @final
+ */
+#[\AllowDynamicProperties]
+class CurlMultiHandler
+{
+    /**
+     * @var CurlFactoryInterface
+     */
+    private $factory;
+
+    /**
+     * @var int
+     */
+    private $selectTimeout;
+
+    /**
+     * @var int Will be higher than 0 when `curl_multi_exec` is still running.
+     */
+    private $active = 0;
+
+    /**
+     * @var array Request entry handles, indexed by handle id in `addRequest`.
+     *
+     * @see CurlMultiHandler::addRequest
+     */
+    private $handles = [];
+
+    /**
+     * @var array<int, float> An array of delay times, indexed by handle id in `addRequest`.
+     *
+     * @see CurlMultiHandler::addRequest
+     */
+    private $delays = [];
+
+    /**
+     * @var array<mixed> An associative array of CURLMOPT_* options and corresponding values for curl_multi_setopt()
+     */
+    private $options = [];
+
+    /**
+     * This handler accepts the following options:
+     *
+     * - handle_factory: An optional factory  used to create curl handles
+     * - select_timeout: Optional timeout (in seconds) to block before timing
+     *   out while selecting curl handles. Defaults to 1 second.
+     * - options: An associative array of CURLMOPT_* options and
+     *   corresponding values for curl_multi_setopt()
+     */
+    public function __construct(array $options = [])
+    {
+        $this->factory = $options['handle_factory'] ?? new CurlFactory(50);
+
+        if (isset($options['select_timeout'])) {
+            $this->selectTimeout = $options['select_timeout'];
+        } elseif ($selectTimeout = Utils::getenv('GUZZLE_CURL_SELECT_TIMEOUT')) {
+            @trigger_error('Since guzzlehttp/guzzle 7.2.0: Using environment variable GUZZLE_CURL_SELECT_TIMEOUT is deprecated. Use option "select_timeout" instead.', \E_USER_DEPRECATED);
+            $this->selectTimeout = (int) $selectTimeout;
+        } else {
+            $this->selectTimeout = 1;
+        }
+
+        $this->options = $options['options'] ?? [];
+    }
+
+    /**
+     * @param string $name
+     *
+     * @return resource|\CurlMultiHandle
+     *
+     * @throws \BadMethodCallException when another field as `_mh` will be gotten
+     * @throws \RuntimeException       when curl can not initialize a multi handle
+     */
+    public function __get($name)
+    {
+        if ($name !== '_mh') {
+            throw new \BadMethodCallException("Can not get other property as '_mh'.");
+        }
+
+        $multiHandle = \curl_multi_init();
+
+        if (false === $multiHandle) {
+            throw new \RuntimeException('Can not initialize curl multi handle.');
+        }
+
+        $this->_mh = $multiHandle;
+
+        foreach ($this->options as $option => $value) {
+            // A warning is raised in case of a wrong option.
+            curl_multi_setopt($this->_mh, $option, $value);
+        }
+
+        return $this->_mh;
+    }
+
+    public function __destruct()
+    {
+        if (isset($this->_mh)) {
+            \curl_multi_close($this->_mh);
+            unset($this->_mh);
+        }
+    }
+
+    public function __invoke(RequestInterface $request, array $options): PromiseInterface
+    {
+        $easy = $this->factory->create($request, $options);
+        $id = (int) $easy->handle;
+
+        $promise = new Promise(
+            [$this, 'execute'],
+            function () use ($id) {
+                return $this->cancel($id);
+            }
+        );
+
+        $this->addRequest(['easy' => $easy, 'deferred' => $promise]);
+
+        return $promise;
+    }
+
+    /**
+     * Ticks the curl event loop.
+     */
+    public function tick(): void
+    {
+        // Add any delayed handles if needed.
+        if ($this->delays) {
+            $currentTime = Utils::currentTime();
+            foreach ($this->delays as $id => $delay) {
+                if ($currentTime >= $delay) {
+                    unset($this->delays[$id]);
+                    \curl_multi_add_handle(
+                        $this->_mh,
+                        $this->handles[$id]['easy']->handle
+                    );
+                }
+            }
+        }
+
+        // Step through the task queue which may add additional requests.
+        P\Utils::queue()->run();
+
+        if ($this->active && \curl_multi_select($this->_mh, $this->selectTimeout) === -1) {
+            // Perform a usleep if a select returns -1.
+            // See: https://bugs.php.net/bug.php?id=61141
+            \usleep(250);
+        }
+
+        while (\curl_multi_exec($this->_mh, $this->active) === \CURLM_CALL_MULTI_PERFORM);
+
+        $this->processMessages();
+    }
+
+    /**
+     * Runs until all outstanding connections have completed.
+     */
+    public function execute(): void
+    {
+        $queue = P\Utils::queue();
+
+        while ($this->handles || !$queue->isEmpty()) {
+            // If there are no transfers, then sleep for the next delay
+            if (!$this->active && $this->delays) {
+                \usleep($this->timeToNext());
+            }
+            $this->tick();
+        }
+    }
+
+    private function addRequest(array $entry): void
+    {
+        $easy = $entry['easy'];
+        $id = (int) $easy->handle;
+        $this->handles[$id] = $entry;
+        if (empty($easy->options['delay'])) {
+            \curl_multi_add_handle($this->_mh, $easy->handle);
+        } else {
+            $this->delays[$id] = Utils::currentTime() + ($easy->options['delay'] / 1000);
+        }
+    }
+
+    /**
+     * Cancels a handle from sending and removes references to it.
+     *
+     * @param int $id Handle ID to cancel and remove.
+     *
+     * @return bool True on success, false on failure.
+     */
+    private function cancel($id): bool
+    {
+        if (!is_int($id)) {
+            trigger_deprecation('guzzlehttp/guzzle', '7.4', 'Not passing an integer to %s::%s() is deprecated and will cause an error in 8.0.', __CLASS__, __FUNCTION__);
+        }
+
+        // Cannot cancel if it has been processed.
+        if (!isset($this->handles[$id])) {
+            return false;
+        }
+
+        $handle = $this->handles[$id]['easy']->handle;
+        unset($this->delays[$id], $this->handles[$id]);
+        \curl_multi_remove_handle($this->_mh, $handle);
+        \curl_close($handle);
+
+        return true;
+    }
+
+    private function processMessages(): void
+    {
+        while ($done = \curl_multi_info_read($this->_mh)) {
+            if ($done['msg'] !== \CURLMSG_DONE) {
+                // if it's not done, then it would be premature to remove the handle. ref https://github.com/guzzle/guzzle/pull/2892#issuecomment-945150216
+                continue;
+            }
+            $id = (int) $done['handle'];
+            \curl_multi_remove_handle($this->_mh, $done['handle']);
+
+            if (!isset($this->handles[$id])) {
+                // Probably was cancelled.
+                continue;
+            }
+
+            $entry = $this->handles[$id];
+            unset($this->handles[$id], $this->delays[$id]);
+            $entry['easy']->errno = $done['result'];
+            $entry['deferred']->resolve(
+                CurlFactory::finish($this, $entry['easy'], $this->factory)
+            );
+        }
+    }
+
+    private function timeToNext(): int
+    {
+        $currentTime = Utils::currentTime();
+        $nextTime = \PHP_INT_MAX;
+        foreach ($this->delays as $time) {
+            if ($time < $nextTime) {
+                $nextTime = $time;
+            }
+        }
+
+        return ((int) \max(0, $nextTime - $currentTime)) * 1000000;
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/EasyHandle.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/EasyHandle.php
new file mode 100644
index 000000000..224344d7c
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/EasyHandle.php
@@ -0,0 +1,112 @@
+<?php
+
+namespace GuzzleHttp\Handler;
+
+use GuzzleHttp\Psr7\Response;
+use GuzzleHttp\Utils;
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\StreamInterface;
+
+/**
+ * Represents a cURL easy handle and the data it populates.
+ *
+ * @internal
+ */
+final class EasyHandle
+{
+    /**
+     * @var resource|\CurlHandle cURL resource
+     */
+    public $handle;
+
+    /**
+     * @var StreamInterface Where data is being written
+     */
+    public $sink;
+
+    /**
+     * @var array Received HTTP headers so far
+     */
+    public $headers = [];
+
+    /**
+     * @var ResponseInterface|null Received response (if any)
+     */
+    public $response;
+
+    /**
+     * @var RequestInterface Request being sent
+     */
+    public $request;
+
+    /**
+     * @var array Request options
+     */
+    public $options = [];
+
+    /**
+     * @var int cURL error number (if any)
+     */
+    public $errno = 0;
+
+    /**
+     * @var \Throwable|null Exception during on_headers (if any)
+     */
+    public $onHeadersException;
+
+    /**
+     * @var \Exception|null Exception during createResponse (if any)
+     */
+    public $createResponseException;
+
+    /**
+     * Attach a response to the easy handle based on the received headers.
+     *
+     * @throws \RuntimeException if no headers have been received or the first
+     *                           header line is invalid.
+     */
+    public function createResponse(): void
+    {
+        [$ver, $status, $reason, $headers] = HeaderProcessor::parseHeaders($this->headers);
+
+        $normalizedKeys = Utils::normalizeHeaderKeys($headers);
+
+        if (!empty($this->options['decode_content']) && isset($normalizedKeys['content-encoding'])) {
+            $headers['x-encoded-content-encoding'] = $headers[$normalizedKeys['content-encoding']];
+            unset($headers[$normalizedKeys['content-encoding']]);
+            if (isset($normalizedKeys['content-length'])) {
+                $headers['x-encoded-content-length'] = $headers[$normalizedKeys['content-length']];
+
+                $bodyLength = (int) $this->sink->getSize();
+                if ($bodyLength) {
+                    $headers[$normalizedKeys['content-length']] = $bodyLength;
+                } else {
+                    unset($headers[$normalizedKeys['content-length']]);
+                }
+            }
+        }
+
+        // Attach a response to the easy handle with the parsed headers.
+        $this->response = new Response(
+            $status,
+            $headers,
+            $this->sink,
+            $ver,
+            $reason
+        );
+    }
+
+    /**
+     * @param string $name
+     *
+     * @return void
+     *
+     * @throws \BadMethodCallException
+     */
+    public function __get($name)
+    {
+        $msg = $name === 'handle' ? 'The EasyHandle has been released' : 'Invalid property: ' . $name;
+        throw new \BadMethodCallException($msg);
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/HeaderProcessor.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/HeaderProcessor.php
new file mode 100644
index 000000000..a0988845f
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/HeaderProcessor.php
@@ -0,0 +1,42 @@
+<?php
+
+namespace GuzzleHttp\Handler;
+
+use GuzzleHttp\Utils;
+
+/**
+ * @internal
+ */
+final class HeaderProcessor
+{
+    /**
+     * Returns the HTTP version, status code, reason phrase, and headers.
+     *
+     * @param string[] $headers
+     *
+     * @throws \RuntimeException
+     *
+     * @return array{0:string, 1:int, 2:?string, 3:array}
+     */
+    public static function parseHeaders(array $headers): array
+    {
+        if ($headers === []) {
+            throw new \RuntimeException('Expected a non-empty array of header data');
+        }
+
+        $parts = \explode(' ', \array_shift($headers), 3);
+        $version = \explode('/', $parts[0])[1] ?? null;
+
+        if ($version === null) {
+            throw new \RuntimeException('HTTP version missing from header data');
+        }
+
+        $status = $parts[1] ?? null;
+
+        if ($status === null) {
+            throw new \RuntimeException('HTTP status code missing from header data');
+        }
+
+        return [$version, (int) $status, $parts[2] ?? null, Utils::headersFromLines($headers)];
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/MockHandler.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/MockHandler.php
new file mode 100644
index 000000000..79664e279
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/MockHandler.php
@@ -0,0 +1,211 @@
+<?php
+
+namespace GuzzleHttp\Handler;
+
+use GuzzleHttp\Exception\RequestException;
+use GuzzleHttp\HandlerStack;
+use GuzzleHttp\Promise as P;
+use GuzzleHttp\Promise\PromiseInterface;
+use GuzzleHttp\TransferStats;
+use GuzzleHttp\Utils;
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\StreamInterface;
+
+/**
+ * Handler that returns responses or throw exceptions from a queue.
+ *
+ * @final
+ */
+class MockHandler implements \Countable
+{
+    /**
+     * @var array
+     */
+    private $queue = [];
+
+    /**
+     * @var RequestInterface|null
+     */
+    private $lastRequest;
+
+    /**
+     * @var array
+     */
+    private $lastOptions = [];
+
+    /**
+     * @var callable|null
+     */
+    private $onFulfilled;
+
+    /**
+     * @var callable|null
+     */
+    private $onRejected;
+
+    /**
+     * Creates a new MockHandler that uses the default handler stack list of
+     * middlewares.
+     *
+     * @param array|null    $queue       Array of responses, callables, or exceptions.
+     * @param callable|null $onFulfilled Callback to invoke when the return value is fulfilled.
+     * @param callable|null $onRejected  Callback to invoke when the return value is rejected.
+     */
+    public static function createWithMiddleware(array $queue = null, callable $onFulfilled = null, callable $onRejected = null): HandlerStack
+    {
+        return HandlerStack::create(new self($queue, $onFulfilled, $onRejected));
+    }
+
+    /**
+     * The passed in value must be an array of
+     * {@see \Psr\Http\Message\ResponseInterface} objects, Exceptions,
+     * callables, or Promises.
+     *
+     * @param array<int, mixed>|null $queue       The parameters to be passed to the append function, as an indexed array.
+     * @param callable|null          $onFulfilled Callback to invoke when the return value is fulfilled.
+     * @param callable|null          $onRejected  Callback to invoke when the return value is rejected.
+     */
+    public function __construct(array $queue = null, callable $onFulfilled = null, callable $onRejected = null)
+    {
+        $this->onFulfilled = $onFulfilled;
+        $this->onRejected = $onRejected;
+
+        if ($queue) {
+            // array_values included for BC
+            $this->append(...array_values($queue));
+        }
+    }
+
+    public function __invoke(RequestInterface $request, array $options): PromiseInterface
+    {
+        if (!$this->queue) {
+            throw new \OutOfBoundsException('Mock queue is empty');
+        }
+
+        if (isset($options['delay']) && \is_numeric($options['delay'])) {
+            \usleep((int) $options['delay'] * 1000);
+        }
+
+        $this->lastRequest = $request;
+        $this->lastOptions = $options;
+        $response = \array_shift($this->queue);
+
+        if (isset($options['on_headers'])) {
+            if (!\is_callable($options['on_headers'])) {
+                throw new \InvalidArgumentException('on_headers must be callable');
+            }
+            try {
+                $options['on_headers']($response);
+            } catch (\Exception $e) {
+                $msg = 'An error was encountered during the on_headers event';
+                $response = new RequestException($msg, $request, $response, $e);
+            }
+        }
+
+        if (\is_callable($response)) {
+            $response = $response($request, $options);
+        }
+
+        $response = $response instanceof \Throwable
+            ? P\Create::rejectionFor($response)
+            : P\Create::promiseFor($response);
+
+        return $response->then(
+            function (?ResponseInterface $value) use ($request, $options) {
+                $this->invokeStats($request, $options, $value);
+                if ($this->onFulfilled) {
+                    ($this->onFulfilled)($value);
+                }
+
+                if ($value !== null && isset($options['sink'])) {
+                    $contents = (string) $value->getBody();
+                    $sink = $options['sink'];
+
+                    if (\is_resource($sink)) {
+                        \fwrite($sink, $contents);
+                    } elseif (\is_string($sink)) {
+                        \file_put_contents($sink, $contents);
+                    } elseif ($sink instanceof StreamInterface) {
+                        $sink->write($contents);
+                    }
+                }
+
+                return $value;
+            },
+            function ($reason) use ($request, $options) {
+                $this->invokeStats($request, $options, null, $reason);
+                if ($this->onRejected) {
+                    ($this->onRejected)($reason);
+                }
+                return P\Create::rejectionFor($reason);
+            }
+        );
+    }
+
+    /**
+     * Adds one or more variadic requests, exceptions, callables, or promises
+     * to the queue.
+     *
+     * @param mixed ...$values
+     */
+    public function append(...$values): void
+    {
+        foreach ($values as $value) {
+            if ($value instanceof ResponseInterface
+                || $value instanceof \Throwable
+                || $value instanceof PromiseInterface
+                || \is_callable($value)
+            ) {
+                $this->queue[] = $value;
+            } else {
+                throw new \TypeError('Expected a Response, Promise, Throwable or callable. Found ' . Utils::describeType($value));
+            }
+        }
+    }
+
+    /**
+     * Get the last received request.
+     */
+    public function getLastRequest(): ?RequestInterface
+    {
+        return $this->lastRequest;
+    }
+
+    /**
+     * Get the last received request options.
+     */
+    public function getLastOptions(): array
+    {
+        return $this->lastOptions;
+    }
+
+    /**
+     * Returns the number of remaining items in the queue.
+     */
+    public function count(): int
+    {
+        return \count($this->queue);
+    }
+
+    public function reset(): void
+    {
+        $this->queue = [];
+    }
+
+    /**
+     * @param mixed $reason Promise or reason.
+     */
+    private function invokeStats(
+        RequestInterface $request,
+        array $options,
+        ResponseInterface $response = null,
+        $reason = null
+    ): void {
+        if (isset($options['on_stats'])) {
+            $transferTime = $options['transfer_time'] ?? 0;
+            $stats = new TransferStats($request, $response, $transferTime, $reason);
+            ($options['on_stats'])($stats);
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/Proxy.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/Proxy.php
new file mode 100644
index 000000000..f045b526c
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/Proxy.php
@@ -0,0 +1,51 @@
+<?php
+
+namespace GuzzleHttp\Handler;
+
+use GuzzleHttp\Promise\PromiseInterface;
+use GuzzleHttp\RequestOptions;
+use Psr\Http\Message\RequestInterface;
+
+/**
+ * Provides basic proxies for handlers.
+ *
+ * @final
+ */
+class Proxy
+{
+    /**
+     * Sends synchronous requests to a specific handler while sending all other
+     * requests to another handler.
+     *
+     * @param callable(\Psr\Http\Message\RequestInterface, array): \GuzzleHttp\Promise\PromiseInterface $default Handler used for normal responses
+     * @param callable(\Psr\Http\Message\RequestInterface, array): \GuzzleHttp\Promise\PromiseInterface $sync    Handler used for synchronous responses.
+     *
+     * @return callable(\Psr\Http\Message\RequestInterface, array): \GuzzleHttp\Promise\PromiseInterface Returns the composed handler.
+     */
+    public static function wrapSync(callable $default, callable $sync): callable
+    {
+        return static function (RequestInterface $request, array $options) use ($default, $sync): PromiseInterface {
+            return empty($options[RequestOptions::SYNCHRONOUS]) ? $default($request, $options) : $sync($request, $options);
+        };
+    }
+
+    /**
+     * Sends streaming requests to a streaming compatible handler while sending
+     * all other requests to a default handler.
+     *
+     * This, for example, could be useful for taking advantage of the
+     * performance benefits of curl while still supporting true streaming
+     * through the StreamHandler.
+     *
+     * @param callable(\Psr\Http\Message\RequestInterface, array): \GuzzleHttp\Promise\PromiseInterface $default   Handler used for non-streaming responses
+     * @param callable(\Psr\Http\Message\RequestInterface, array): \GuzzleHttp\Promise\PromiseInterface $streaming Handler used for streaming responses
+     *
+     * @return callable(\Psr\Http\Message\RequestInterface, array): \GuzzleHttp\Promise\PromiseInterface Returns the composed handler.
+     */
+    public static function wrapStreaming(callable $default, callable $streaming): callable
+    {
+        return static function (RequestInterface $request, array $options) use ($default, $streaming): PromiseInterface {
+            return empty($options['stream']) ? $default($request, $options) : $streaming($request, $options);
+        };
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/StreamHandler.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/StreamHandler.php
new file mode 100644
index 000000000..543f825a2
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Handler/StreamHandler.php
@@ -0,0 +1,593 @@
+<?php
+
+namespace GuzzleHttp\Handler;
+
+use GuzzleHttp\Exception\ConnectException;
+use GuzzleHttp\Exception\RequestException;
+use GuzzleHttp\Promise as P;
+use GuzzleHttp\Promise\FulfilledPromise;
+use GuzzleHttp\Promise\PromiseInterface;
+use GuzzleHttp\Psr7;
+use GuzzleHttp\TransferStats;
+use GuzzleHttp\Utils;
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\StreamInterface;
+use Psr\Http\Message\UriInterface;
+
+/**
+ * HTTP handler that uses PHP's HTTP stream wrapper.
+ *
+ * @final
+ */
+class StreamHandler
+{
+    /**
+     * @var array
+     */
+    private $lastHeaders = [];
+
+    /**
+     * Sends an HTTP request.
+     *
+     * @param RequestInterface $request Request to send.
+     * @param array            $options Request transfer options.
+     */
+    public function __invoke(RequestInterface $request, array $options): PromiseInterface
+    {
+        // Sleep if there is a delay specified.
+        if (isset($options['delay'])) {
+            \usleep($options['delay'] * 1000);
+        }
+
+        $startTime = isset($options['on_stats']) ? Utils::currentTime() : null;
+
+        try {
+            // Does not support the expect header.
+            $request = $request->withoutHeader('Expect');
+
+            // Append a content-length header if body size is zero to match
+            // cURL's behavior.
+            if (0 === $request->getBody()->getSize()) {
+                $request = $request->withHeader('Content-Length', '0');
+            }
+
+            return $this->createResponse(
+                $request,
+                $options,
+                $this->createStream($request, $options),
+                $startTime
+            );
+        } catch (\InvalidArgumentException $e) {
+            throw $e;
+        } catch (\Exception $e) {
+            // Determine if the error was a networking error.
+            $message = $e->getMessage();
+            // This list can probably get more comprehensive.
+            if (false !== \strpos($message, 'getaddrinfo') // DNS lookup failed
+                || false !== \strpos($message, 'Connection refused')
+                || false !== \strpos($message, "couldn't connect to host") // error on HHVM
+                || false !== \strpos($message, "connection attempt failed")
+            ) {
+                $e = new ConnectException($e->getMessage(), $request, $e);
+            } else {
+                $e = RequestException::wrapException($request, $e);
+            }
+            $this->invokeStats($options, $request, $startTime, null, $e);
+
+            return P\Create::rejectionFor($e);
+        }
+    }
+
+    private function invokeStats(
+        array $options,
+        RequestInterface $request,
+        ?float $startTime,
+        ResponseInterface $response = null,
+        \Throwable $error = null
+    ): void {
+        if (isset($options['on_stats'])) {
+            $stats = new TransferStats($request, $response, Utils::currentTime() - $startTime, $error, []);
+            ($options['on_stats'])($stats);
+        }
+    }
+
+    /**
+     * @param resource $stream
+     */
+    private function createResponse(RequestInterface $request, array $options, $stream, ?float $startTime): PromiseInterface
+    {
+        $hdrs = $this->lastHeaders;
+        $this->lastHeaders = [];
+
+        try {
+            [$ver, $status, $reason, $headers] = HeaderProcessor::parseHeaders($hdrs);
+        } catch (\Exception $e) {
+            return P\Create::rejectionFor(
+                new RequestException('An error was encountered while creating the response', $request, null, $e)
+            );
+        }
+
+        [$stream, $headers] = $this->checkDecode($options, $headers, $stream);
+        $stream = Psr7\Utils::streamFor($stream);
+        $sink = $stream;
+
+        if (\strcasecmp('HEAD', $request->getMethod())) {
+            $sink = $this->createSink($stream, $options);
+        }
+
+        try {
+            $response = new Psr7\Response($status, $headers, $sink, $ver, $reason);
+        } catch (\Exception $e) {
+            return P\Create::rejectionFor(
+                new RequestException('An error was encountered while creating the response', $request, null, $e)
+            );
+        }
+
+        if (isset($options['on_headers'])) {
+            try {
+                $options['on_headers']($response);
+            } catch (\Exception $e) {
+                return P\Create::rejectionFor(
+                    new RequestException('An error was encountered during the on_headers event', $request, $response, $e)
+                );
+            }
+        }
+
+        // Do not drain when the request is a HEAD request because they have
+        // no body.
+        if ($sink !== $stream) {
+            $this->drain($stream, $sink, $response->getHeaderLine('Content-Length'));
+        }
+
+        $this->invokeStats($options, $request, $startTime, $response, null);
+
+        return new FulfilledPromise($response);
+    }
+
+    private function createSink(StreamInterface $stream, array $options): StreamInterface
+    {
+        if (!empty($options['stream'])) {
+            return $stream;
+        }
+
+        $sink = $options['sink'] ?? Psr7\Utils::tryFopen('php://temp', 'r+');
+
+        return \is_string($sink) ? new Psr7\LazyOpenStream($sink, 'w+') : Psr7\Utils::streamFor($sink);
+    }
+
+    /**
+     * @param resource $stream
+     */
+    private function checkDecode(array $options, array $headers, $stream): array
+    {
+        // Automatically decode responses when instructed.
+        if (!empty($options['decode_content'])) {
+            $normalizedKeys = Utils::normalizeHeaderKeys($headers);
+            if (isset($normalizedKeys['content-encoding'])) {
+                $encoding = $headers[$normalizedKeys['content-encoding']];
+                if ($encoding[0] === 'gzip' || $encoding[0] === 'deflate') {
+                    $stream = new Psr7\InflateStream(Psr7\Utils::streamFor($stream));
+                    $headers['x-encoded-content-encoding'] = $headers[$normalizedKeys['content-encoding']];
+
+                    // Remove content-encoding header
+                    unset($headers[$normalizedKeys['content-encoding']]);
+
+                    // Fix content-length header
+                    if (isset($normalizedKeys['content-length'])) {
+                        $headers['x-encoded-content-length'] = $headers[$normalizedKeys['content-length']];
+                        $length = (int) $stream->getSize();
+                        if ($length === 0) {
+                            unset($headers[$normalizedKeys['content-length']]);
+                        } else {
+                            $headers[$normalizedKeys['content-length']] = [$length];
+                        }
+                    }
+                }
+            }
+        }
+
+        return [$stream, $headers];
+    }
+
+    /**
+     * Drains the source stream into the "sink" client option.
+     *
+     * @param string $contentLength Header specifying the amount of
+     *                              data to read.
+     *
+     * @throws \RuntimeException when the sink option is invalid.
+     */
+    private function drain(StreamInterface $source, StreamInterface $sink, string $contentLength): StreamInterface
+    {
+        // If a content-length header is provided, then stop reading once
+        // that number of bytes has been read. This can prevent infinitely
+        // reading from a stream when dealing with servers that do not honor
+        // Connection: Close headers.
+        Psr7\Utils::copyToStream(
+            $source,
+            $sink,
+            (\strlen($contentLength) > 0 && (int) $contentLength > 0) ? (int) $contentLength : -1
+        );
+
+        $sink->seek(0);
+        $source->close();
+
+        return $sink;
+    }
+
+    /**
+     * Create a resource and check to ensure it was created successfully
+     *
+     * @param callable $callback Callable that returns stream resource
+     *
+     * @return resource
+     *
+     * @throws \RuntimeException on error
+     */
+    private function createResource(callable $callback)
+    {
+        $errors = [];
+        \set_error_handler(static function ($_, $msg, $file, $line) use (&$errors): bool {
+            $errors[] = [
+                'message' => $msg,
+                'file'    => $file,
+                'line'    => $line
+            ];
+            return true;
+        });
+
+        try {
+            $resource = $callback();
+        } finally {
+            \restore_error_handler();
+        }
+
+        if (!$resource) {
+            $message = 'Error creating resource: ';
+            foreach ($errors as $err) {
+                foreach ($err as $key => $value) {
+                    $message .= "[$key] $value" . \PHP_EOL;
+                }
+            }
+            throw new \RuntimeException(\trim($message));
+        }
+
+        return $resource;
+    }
+
+    /**
+     * @return resource
+     */
+    private function createStream(RequestInterface $request, array $options)
+    {
+        static $methods;
+        if (!$methods) {
+            $methods = \array_flip(\get_class_methods(__CLASS__));
+        }
+
+        if (!\in_array($request->getUri()->getScheme(), ['http', 'https'])) {
+            throw new RequestException(\sprintf("The scheme '%s' is not supported.", $request->getUri()->getScheme()), $request);
+        }
+
+        // HTTP/1.1 streams using the PHP stream wrapper require a
+        // Connection: close header
+        if ($request->getProtocolVersion() == '1.1'
+            && !$request->hasHeader('Connection')
+        ) {
+            $request = $request->withHeader('Connection', 'close');
+        }
+
+        // Ensure SSL is verified by default
+        if (!isset($options['verify'])) {
+            $options['verify'] = true;
+        }
+
+        $params = [];
+        $context = $this->getDefaultContext($request);
+
+        if (isset($options['on_headers']) && !\is_callable($options['on_headers'])) {
+            throw new \InvalidArgumentException('on_headers must be callable');
+        }
+
+        if (!empty($options)) {
+            foreach ($options as $key => $value) {
+                $method = "add_{$key}";
+                if (isset($methods[$method])) {
+                    $this->{$method}($request, $context, $value, $params);
+                }
+            }
+        }
+
+        if (isset($options['stream_context'])) {
+            if (!\is_array($options['stream_context'])) {
+                throw new \InvalidArgumentException('stream_context must be an array');
+            }
+            $context = \array_replace_recursive($context, $options['stream_context']);
+        }
+
+        // Microsoft NTLM authentication only supported with curl handler
+        if (isset($options['auth'][2]) && 'ntlm' === $options['auth'][2]) {
+            throw new \InvalidArgumentException('Microsoft NTLM authentication only supported with curl handler');
+        }
+
+        $uri = $this->resolveHost($request, $options);
+
+        $contextResource = $this->createResource(
+            static function () use ($context, $params) {
+                return \stream_context_create($context, $params);
+            }
+        );
+
+        return $this->createResource(
+            function () use ($uri, &$http_response_header, $contextResource, $context, $options, $request) {
+                $resource = @\fopen((string) $uri, 'r', false, $contextResource);
+                $this->lastHeaders = $http_response_header ?? [];
+
+                if (false === $resource) {
+                    throw new ConnectException(sprintf('Connection refused for URI %s', $uri), $request, null, $context);
+                }
+
+                if (isset($options['read_timeout'])) {
+                    $readTimeout = $options['read_timeout'];
+                    $sec = (int) $readTimeout;
+                    $usec = ($readTimeout - $sec) * 100000;
+                    \stream_set_timeout($resource, $sec, $usec);
+                }
+
+                return $resource;
+            }
+        );
+    }
+
+    private function resolveHost(RequestInterface $request, array $options): UriInterface
+    {
+        $uri = $request->getUri();
+
+        if (isset($options['force_ip_resolve']) && !\filter_var($uri->getHost(), \FILTER_VALIDATE_IP)) {
+            if ('v4' === $options['force_ip_resolve']) {
+                $records = \dns_get_record($uri->getHost(), \DNS_A);
+                if (false === $records || !isset($records[0]['ip'])) {
+                    throw new ConnectException(\sprintf("Could not resolve IPv4 address for host '%s'", $uri->getHost()), $request);
+                }
+                return $uri->withHost($records[0]['ip']);
+            }
+            if ('v6' === $options['force_ip_resolve']) {
+                $records = \dns_get_record($uri->getHost(), \DNS_AAAA);
+                if (false === $records || !isset($records[0]['ipv6'])) {
+                    throw new ConnectException(\sprintf("Could not resolve IPv6 address for host '%s'", $uri->getHost()), $request);
+                }
+                return $uri->withHost('[' . $records[0]['ipv6'] . ']');
+            }
+        }
+
+        return $uri;
+    }
+
+    private function getDefaultContext(RequestInterface $request): array
+    {
+        $headers = '';
+        foreach ($request->getHeaders() as $name => $value) {
+            foreach ($value as $val) {
+                $headers .= "$name: $val\r\n";
+            }
+        }
+
+        $context = [
+            'http' => [
+                'method'           => $request->getMethod(),
+                'header'           => $headers,
+                'protocol_version' => $request->getProtocolVersion(),
+                'ignore_errors'    => true,
+                'follow_location'  => 0,
+            ],
+            'ssl' => [
+                'peer_name' => $request->getUri()->getHost(),
+            ],
+        ];
+
+        $body = (string) $request->getBody();
+
+        if (!empty($body)) {
+            $context['http']['content'] = $body;
+            // Prevent the HTTP handler from adding a Content-Type header.
+            if (!$request->hasHeader('Content-Type')) {
+                $context['http']['header'] .= "Content-Type:\r\n";
+            }
+        }
+
+        $context['http']['header'] = \rtrim($context['http']['header']);
+
+        return $context;
+    }
+
+    /**
+     * @param mixed $value as passed via Request transfer options.
+     */
+    private function add_proxy(RequestInterface $request, array &$options, $value, array &$params): void
+    {
+        $uri = null;
+
+        if (!\is_array($value)) {
+            $uri = $value;
+        } else {
+            $scheme = $request->getUri()->getScheme();
+            if (isset($value[$scheme])) {
+                if (!isset($value['no']) || !Utils::isHostInNoProxy($request->getUri()->getHost(), $value['no'])) {
+                    $uri = $value[$scheme];
+                }
+            }
+        }
+
+        if (!$uri) {
+            return;
+        }
+
+        $parsed = $this->parse_proxy($uri);
+        $options['http']['proxy'] = $parsed['proxy'];
+
+        if ($parsed['auth']) {
+            if (!isset($options['http']['header'])) {
+                $options['http']['header'] = [];
+            }
+            $options['http']['header'] .= "\r\nProxy-Authorization: {$parsed['auth']}";
+        }
+    }
+
+    /**
+     * Parses the given proxy URL to make it compatible with the format PHP's stream context expects.
+     */
+    private function parse_proxy(string $url): array
+    {
+        $parsed = \parse_url($url);
+
+        if ($parsed !== false && isset($parsed['scheme']) && $parsed['scheme'] === 'http') {
+            if (isset($parsed['host']) && isset($parsed['port'])) {
+                $auth = null;
+                if (isset($parsed['user']) && isset($parsed['pass'])) {
+                    $auth = \base64_encode("{$parsed['user']}:{$parsed['pass']}");
+                }
+
+                return [
+                    'proxy' => "tcp://{$parsed['host']}:{$parsed['port']}",
+                    'auth' => $auth ? "Basic {$auth}" : null,
+                ];
+            }
+        }
+
+        // Return proxy as-is.
+        return [
+            'proxy' => $url,
+            'auth' => null,
+        ];
+    }
+
+    /**
+     * @param mixed $value as passed via Request transfer options.
+     */
+    private function add_timeout(RequestInterface $request, array &$options, $value, array &$params): void
+    {
+        if ($value > 0) {
+            $options['http']['timeout'] = $value;
+        }
+    }
+
+    /**
+     * @param mixed $value as passed via Request transfer options.
+     */
+    private function add_verify(RequestInterface $request, array &$options, $value, array &$params): void
+    {
+        if ($value === false) {
+            $options['ssl']['verify_peer'] = false;
+            $options['ssl']['verify_peer_name'] = false;
+
+            return;
+        }
+
+        if (\is_string($value)) {
+            $options['ssl']['cafile'] = $value;
+            if (!\file_exists($value)) {
+                throw new \RuntimeException("SSL CA bundle not found: $value");
+            }
+        } elseif ($value !== true) {
+            throw new \InvalidArgumentException('Invalid verify request option');
+        }
+
+        $options['ssl']['verify_peer'] = true;
+        $options['ssl']['verify_peer_name'] = true;
+        $options['ssl']['allow_self_signed'] = false;
+    }
+
+    /**
+     * @param mixed $value as passed via Request transfer options.
+     */
+    private function add_cert(RequestInterface $request, array &$options, $value, array &$params): void
+    {
+        if (\is_array($value)) {
+            $options['ssl']['passphrase'] = $value[1];
+            $value = $value[0];
+        }
+
+        if (!\file_exists($value)) {
+            throw new \RuntimeException("SSL certificate not found: {$value}");
+        }
+
+        $options['ssl']['local_cert'] = $value;
+    }
+
+    /**
+     * @param mixed $value as passed via Request transfer options.
+     */
+    private function add_progress(RequestInterface $request, array &$options, $value, array &$params): void
+    {
+        self::addNotification(
+            $params,
+            static function ($code, $a, $b, $c, $transferred, $total) use ($value) {
+                if ($code == \STREAM_NOTIFY_PROGRESS) {
+                    // The upload progress cannot be determined. Use 0 for cURL compatibility:
+                    // https://curl.se/libcurl/c/CURLOPT_PROGRESSFUNCTION.html
+                    $value($total, $transferred, 0, 0);
+                }
+            }
+        );
+    }
+
+    /**
+     * @param mixed $value as passed via Request transfer options.
+     */
+    private function add_debug(RequestInterface $request, array &$options, $value, array &$params): void
+    {
+        if ($value === false) {
+            return;
+        }
+
+        static $map = [
+            \STREAM_NOTIFY_CONNECT       => 'CONNECT',
+            \STREAM_NOTIFY_AUTH_REQUIRED => 'AUTH_REQUIRED',
+            \STREAM_NOTIFY_AUTH_RESULT   => 'AUTH_RESULT',
+            \STREAM_NOTIFY_MIME_TYPE_IS  => 'MIME_TYPE_IS',
+            \STREAM_NOTIFY_FILE_SIZE_IS  => 'FILE_SIZE_IS',
+            \STREAM_NOTIFY_REDIRECTED    => 'REDIRECTED',
+            \STREAM_NOTIFY_PROGRESS      => 'PROGRESS',
+            \STREAM_NOTIFY_FAILURE       => 'FAILURE',
+            \STREAM_NOTIFY_COMPLETED     => 'COMPLETED',
+            \STREAM_NOTIFY_RESOLVE       => 'RESOLVE',
+        ];
+        static $args = ['severity', 'message', 'message_code', 'bytes_transferred', 'bytes_max'];
+
+        $value = Utils::debugResource($value);
+        $ident = $request->getMethod() . ' ' . $request->getUri()->withFragment('');
+        self::addNotification(
+            $params,
+            static function (int $code, ...$passed) use ($ident, $value, $map, $args): void {
+                \fprintf($value, '<%s> [%s] ', $ident, $map[$code]);
+                foreach (\array_filter($passed) as $i => $v) {
+                    \fwrite($value, $args[$i] . ': "' . $v . '" ');
+                }
+                \fwrite($value, "\n");
+            }
+        );
+    }
+
+    private static function addNotification(array &$params, callable $notify): void
+    {
+        // Wrap the existing function if needed.
+        if (!isset($params['notification'])) {
+            $params['notification'] = $notify;
+        } else {
+            $params['notification'] = self::callArray([
+                $params['notification'],
+                $notify
+            ]);
+        }
+    }
+
+    private static function callArray(array $functions): callable
+    {
+        return static function (...$args) use ($functions) {
+            foreach ($functions as $fn) {
+                $fn(...$args);
+            }
+        };
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/HandlerStack.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/HandlerStack.php
new file mode 100644
index 000000000..e0a1d1191
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/HandlerStack.php
@@ -0,0 +1,275 @@
+<?php
+
+namespace GuzzleHttp;
+
+use GuzzleHttp\Promise\PromiseInterface;
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\ResponseInterface;
+
+/**
+ * Creates a composed Guzzle handler function by stacking middlewares on top of
+ * an HTTP handler function.
+ *
+ * @final
+ */
+class HandlerStack
+{
+    /**
+     * @var (callable(RequestInterface, array): PromiseInterface)|null
+     */
+    private $handler;
+
+    /**
+     * @var array{(callable(callable(RequestInterface, array): PromiseInterface): callable), (string|null)}[]
+     */
+    private $stack = [];
+
+    /**
+     * @var (callable(RequestInterface, array): PromiseInterface)|null
+     */
+    private $cached;
+
+    /**
+     * Creates a default handler stack that can be used by clients.
+     *
+     * The returned handler will wrap the provided handler or use the most
+     * appropriate default handler for your system. The returned HandlerStack has
+     * support for cookies, redirects, HTTP error exceptions, and preparing a body
+     * before sending.
+     *
+     * The returned handler stack can be passed to a client in the "handler"
+     * option.
+     *
+     * @param (callable(RequestInterface, array): PromiseInterface)|null $handler HTTP handler function to use with the stack. If no
+     *                                                                            handler is provided, the best handler for your
+     *                                                                            system will be utilized.
+     */
+    public static function create(?callable $handler = null): self
+    {
+        $stack = new self($handler ?: Utils::chooseHandler());
+        $stack->push(Middleware::httpErrors(), 'http_errors');
+        $stack->push(Middleware::redirect(), 'allow_redirects');
+        $stack->push(Middleware::cookies(), 'cookies');
+        $stack->push(Middleware::prepareBody(), 'prepare_body');
+
+        return $stack;
+    }
+
+    /**
+     * @param (callable(RequestInterface, array): PromiseInterface)|null $handler Underlying HTTP handler.
+     */
+    public function __construct(callable $handler = null)
+    {
+        $this->handler = $handler;
+    }
+
+    /**
+     * Invokes the handler stack as a composed handler
+     *
+     * @return ResponseInterface|PromiseInterface
+     */
+    public function __invoke(RequestInterface $request, array $options)
+    {
+        $handler = $this->resolve();
+
+        return $handler($request, $options);
+    }
+
+    /**
+     * Dumps a string representation of the stack.
+     *
+     * @return string
+     */
+    public function __toString()
+    {
+        $depth = 0;
+        $stack = [];
+
+        if ($this->handler !== null) {
+            $stack[] = "0) Handler: " . $this->debugCallable($this->handler);
+        }
+
+        $result = '';
+        foreach (\array_reverse($this->stack) as $tuple) {
+            $depth++;
+            $str = "{$depth}) Name: '{$tuple[1]}', ";
+            $str .= "Function: " . $this->debugCallable($tuple[0]);
+            $result = "> {$str}\n{$result}";
+            $stack[] = $str;
+        }
+
+        foreach (\array_keys($stack) as $k) {
+            $result .= "< {$stack[$k]}\n";
+        }
+
+        return $result;
+    }
+
+    /**
+     * Set the HTTP handler that actually returns a promise.
+     *
+     * @param callable(RequestInterface, array): PromiseInterface $handler Accepts a request and array of options and
+     *                                                                     returns a Promise.
+     */
+    public function setHandler(callable $handler): void
+    {
+        $this->handler = $handler;
+        $this->cached = null;
+    }
+
+    /**
+     * Returns true if the builder has a handler.
+     */
+    public function hasHandler(): bool
+    {
+        return $this->handler !== null ;
+    }
+
+    /**
+     * Unshift a middleware to the bottom of the stack.
+     *
+     * @param callable(callable): callable $middleware Middleware function
+     * @param string                       $name       Name to register for this middleware.
+     */
+    public function unshift(callable $middleware, ?string $name = null): void
+    {
+        \array_unshift($this->stack, [$middleware, $name]);
+        $this->cached = null;
+    }
+
+    /**
+     * Push a middleware to the top of the stack.
+     *
+     * @param callable(callable): callable $middleware Middleware function
+     * @param string                       $name       Name to register for this middleware.
+     */
+    public function push(callable $middleware, string $name = ''): void
+    {
+        $this->stack[] = [$middleware, $name];
+        $this->cached = null;
+    }
+
+    /**
+     * Add a middleware before another middleware by name.
+     *
+     * @param string                       $findName   Middleware to find
+     * @param callable(callable): callable $middleware Middleware function
+     * @param string                       $withName   Name to register for this middleware.
+     */
+    public function before(string $findName, callable $middleware, string $withName = ''): void
+    {
+        $this->splice($findName, $withName, $middleware, true);
+    }
+
+    /**
+     * Add a middleware after another middleware by name.
+     *
+     * @param string                       $findName   Middleware to find
+     * @param callable(callable): callable $middleware Middleware function
+     * @param string                       $withName   Name to register for this middleware.
+     */
+    public function after(string $findName, callable $middleware, string $withName = ''): void
+    {
+        $this->splice($findName, $withName, $middleware, false);
+    }
+
+    /**
+     * Remove a middleware by instance or name from the stack.
+     *
+     * @param callable|string $remove Middleware to remove by instance or name.
+     */
+    public function remove($remove): void
+    {
+        if (!is_string($remove) && !is_callable($remove)) {
+            trigger_deprecation('guzzlehttp/guzzle', '7.4', 'Not passing a callable or string to %s::%s() is deprecated and will cause an error in 8.0.', __CLASS__, __FUNCTION__);
+        }
+
+        $this->cached = null;
+        $idx = \is_callable($remove) ? 0 : 1;
+        $this->stack = \array_values(\array_filter(
+            $this->stack,
+            static function ($tuple) use ($idx, $remove) {
+                return $tuple[$idx] !== $remove;
+            }
+        ));
+    }
+
+    /**
+     * Compose the middleware and handler into a single callable function.
+     *
+     * @return callable(RequestInterface, array): PromiseInterface
+     */
+    public function resolve(): callable
+    {
+        if ($this->cached === null) {
+            if (($prev = $this->handler) === null) {
+                throw new \LogicException('No handler has been specified');
+            }
+
+            foreach (\array_reverse($this->stack) as $fn) {
+                /** @var callable(RequestInterface, array): PromiseInterface $prev */
+                $prev = $fn[0]($prev);
+            }
+
+            $this->cached = $prev;
+        }
+
+        return $this->cached;
+    }
+
+    private function findByName(string $name): int
+    {
+        foreach ($this->stack as $k => $v) {
+            if ($v[1] === $name) {
+                return $k;
+            }
+        }
+
+        throw new \InvalidArgumentException("Middleware not found: $name");
+    }
+
+    /**
+     * Splices a function into the middleware list at a specific position.
+     */
+    private function splice(string $findName, string $withName, callable $middleware, bool $before): void
+    {
+        $this->cached = null;
+        $idx = $this->findByName($findName);
+        $tuple = [$middleware, $withName];
+
+        if ($before) {
+            if ($idx === 0) {
+                \array_unshift($this->stack, $tuple);
+            } else {
+                $replacement = [$tuple, $this->stack[$idx]];
+                \array_splice($this->stack, $idx, 1, $replacement);
+            }
+        } elseif ($idx === \count($this->stack) - 1) {
+            $this->stack[] = $tuple;
+        } else {
+            $replacement = [$this->stack[$idx], $tuple];
+            \array_splice($this->stack, $idx, 1, $replacement);
+        }
+    }
+
+    /**
+     * Provides a debug string for a given callable.
+     *
+     * @param callable|string $fn Function to write as a string.
+     */
+    private function debugCallable($fn): string
+    {
+        if (\is_string($fn)) {
+            return "callable({$fn})";
+        }
+
+        if (\is_array($fn)) {
+            return \is_string($fn[0])
+                ? "callable({$fn[0]}::{$fn[1]})"
+                : "callable(['" . \get_class($fn[0]) . "', '{$fn[1]}'])";
+        }
+
+        /** @var object $fn */
+        return 'callable(' . \spl_object_hash($fn) . ')';
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/MessageFormatter.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/MessageFormatter.php
new file mode 100644
index 000000000..da499547f
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/MessageFormatter.php
@@ -0,0 +1,198 @@
+<?php
+
+namespace GuzzleHttp;
+
+use Psr\Http\Message\MessageInterface;
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\ResponseInterface;
+
+/**
+ * Formats log messages using variable substitutions for requests, responses,
+ * and other transactional data.
+ *
+ * The following variable substitutions are supported:
+ *
+ * - {request}:        Full HTTP request message
+ * - {response}:       Full HTTP response message
+ * - {ts}:             ISO 8601 date in GMT
+ * - {date_iso_8601}   ISO 8601 date in GMT
+ * - {date_common_log} Apache common log date using the configured timezone.
+ * - {host}:           Host of the request
+ * - {method}:         Method of the request
+ * - {uri}:            URI of the request
+ * - {version}:        Protocol version
+ * - {target}:         Request target of the request (path + query + fragment)
+ * - {hostname}:       Hostname of the machine that sent the request
+ * - {code}:           Status code of the response (if available)
+ * - {phrase}:         Reason phrase of the response  (if available)
+ * - {error}:          Any error messages (if available)
+ * - {req_header_*}:   Replace `*` with the lowercased name of a request header to add to the message
+ * - {res_header_*}:   Replace `*` with the lowercased name of a response header to add to the message
+ * - {req_headers}:    Request headers
+ * - {res_headers}:    Response headers
+ * - {req_body}:       Request body
+ * - {res_body}:       Response body
+ *
+ * @final
+ */
+class MessageFormatter implements MessageFormatterInterface
+{
+    /**
+     * Apache Common Log Format.
+     *
+     * @link https://httpd.apache.org/docs/2.4/logs.html#common
+     *
+     * @var string
+     */
+    public const CLF = "{hostname} {req_header_User-Agent} - [{date_common_log}] \"{method} {target} HTTP/{version}\" {code} {res_header_Content-Length}";
+    public const DEBUG = ">>>>>>>>\n{request}\n<<<<<<<<\n{response}\n--------\n{error}";
+    public const SHORT = '[{ts}] "{method} {target} HTTP/{version}" {code}';
+
+    /**
+     * @var string Template used to format log messages
+     */
+    private $template;
+
+    /**
+     * @param string $template Log message template
+     */
+    public function __construct(?string $template = self::CLF)
+    {
+        $this->template = $template ?: self::CLF;
+    }
+
+    /**
+     * Returns a formatted message string.
+     *
+     * @param RequestInterface       $request  Request that was sent
+     * @param ResponseInterface|null $response Response that was received
+     * @param \Throwable|null        $error    Exception that was received
+     */
+    public function format(RequestInterface $request, ?ResponseInterface $response = null, ?\Throwable $error = null): string
+    {
+        $cache = [];
+
+        /** @var string */
+        return \preg_replace_callback(
+            '/{\s*([A-Za-z_\-\.0-9]+)\s*}/',
+            function (array $matches) use ($request, $response, $error, &$cache) {
+                if (isset($cache[$matches[1]])) {
+                    return $cache[$matches[1]];
+                }
+
+                $result = '';
+                switch ($matches[1]) {
+                    case 'request':
+                        $result = Psr7\Message::toString($request);
+                        break;
+                    case 'response':
+                        $result = $response ? Psr7\Message::toString($response) : '';
+                        break;
+                    case 'req_headers':
+                        $result = \trim($request->getMethod()
+                                . ' ' . $request->getRequestTarget())
+                            . ' HTTP/' . $request->getProtocolVersion() . "\r\n"
+                            . $this->headers($request);
+                        break;
+                    case 'res_headers':
+                        $result = $response ?
+                            \sprintf(
+                                'HTTP/%s %d %s',
+                                $response->getProtocolVersion(),
+                                $response->getStatusCode(),
+                                $response->getReasonPhrase()
+                            ) . "\r\n" . $this->headers($response)
+                            : 'NULL';
+                        break;
+                    case 'req_body':
+                        $result = $request->getBody()->__toString();
+                        break;
+                    case 'res_body':
+                        if (!$response instanceof ResponseInterface) {
+                            $result = 'NULL';
+                            break;
+                        }
+
+                        $body = $response->getBody();
+
+                        if (!$body->isSeekable()) {
+                            $result = 'RESPONSE_NOT_LOGGEABLE';
+                            break;
+                        }
+
+                        $result = $response->getBody()->__toString();
+                        break;
+                    case 'ts':
+                    case 'date_iso_8601':
+                        $result = \gmdate('c');
+                        break;
+                    case 'date_common_log':
+                        $result = \date('d/M/Y:H:i:s O');
+                        break;
+                    case 'method':
+                        $result = $request->getMethod();
+                        break;
+                    case 'version':
+                        $result = $request->getProtocolVersion();
+                        break;
+                    case 'uri':
+                    case 'url':
+                        $result = $request->getUri()->__toString();
+                        break;
+                    case 'target':
+                        $result = $request->getRequestTarget();
+                        break;
+                    case 'req_version':
+                        $result = $request->getProtocolVersion();
+                        break;
+                    case 'res_version':
+                        $result = $response
+                            ? $response->getProtocolVersion()
+                            : 'NULL';
+                        break;
+                    case 'host':
+                        $result = $request->getHeaderLine('Host');
+                        break;
+                    case 'hostname':
+                        $result = \gethostname();
+                        break;
+                    case 'code':
+                        $result = $response ? $response->getStatusCode() : 'NULL';
+                        break;
+                    case 'phrase':
+                        $result = $response ? $response->getReasonPhrase() : 'NULL';
+                        break;
+                    case 'error':
+                        $result = $error ? $error->getMessage() : 'NULL';
+                        break;
+                    default:
+                        // handle prefixed dynamic headers
+                        if (\strpos($matches[1], 'req_header_') === 0) {
+                            $result = $request->getHeaderLine(\substr($matches[1], 11));
+                        } elseif (\strpos($matches[1], 'res_header_') === 0) {
+                            $result = $response
+                                ? $response->getHeaderLine(\substr($matches[1], 11))
+                                : 'NULL';
+                        }
+                }
+
+                $cache[$matches[1]] = $result;
+                return $result;
+            },
+            $this->template
+        );
+    }
+
+    /**
+     * Get headers from message as string
+     */
+    private function headers(MessageInterface $message): string
+    {
+        $result = '';
+        foreach ($message->getHeaders() as $name => $values) {
+            $result .= $name . ': ' . \implode(', ', $values) . "\r\n";
+        }
+
+        return \trim($result);
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/MessageFormatterInterface.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/MessageFormatterInterface.php
new file mode 100644
index 000000000..a39ac248e
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/MessageFormatterInterface.php
@@ -0,0 +1,18 @@
+<?php
+
+namespace GuzzleHttp;
+
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\ResponseInterface;
+
+interface MessageFormatterInterface
+{
+    /**
+     * Returns a formatted message string.
+     *
+     * @param RequestInterface       $request  Request that was sent
+     * @param ResponseInterface|null $response Response that was received
+     * @param \Throwable|null        $error    Exception that was received
+     */
+    public function format(RequestInterface $request, ?ResponseInterface $response = null, ?\Throwable $error = null): string;
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Middleware.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Middleware.php
new file mode 100644
index 000000000..7035c77ff
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Middleware.php
@@ -0,0 +1,260 @@
+<?php
+
+namespace GuzzleHttp;
+
+use GuzzleHttp\Cookie\CookieJarInterface;
+use GuzzleHttp\Exception\RequestException;
+use GuzzleHttp\Promise as P;
+use GuzzleHttp\Promise\PromiseInterface;
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Log\LoggerInterface;
+
+/**
+ * Functions used to create and wrap handlers with handler middleware.
+ */
+final class Middleware
+{
+    /**
+     * Middleware that adds cookies to requests.
+     *
+     * The options array must be set to a CookieJarInterface in order to use
+     * cookies. This is typically handled for you by a client.
+     *
+     * @return callable Returns a function that accepts the next handler.
+     */
+    public static function cookies(): callable
+    {
+        return static function (callable $handler): callable {
+            return static function ($request, array $options) use ($handler) {
+                if (empty($options['cookies'])) {
+                    return $handler($request, $options);
+                } elseif (!($options['cookies'] instanceof CookieJarInterface)) {
+                    throw new \InvalidArgumentException('cookies must be an instance of GuzzleHttp\Cookie\CookieJarInterface');
+                }
+                $cookieJar = $options['cookies'];
+                $request = $cookieJar->withCookieHeader($request);
+                return $handler($request, $options)
+                    ->then(
+                        static function (ResponseInterface $response) use ($cookieJar, $request): ResponseInterface {
+                            $cookieJar->extractCookies($request, $response);
+                            return $response;
+                        }
+                    );
+            };
+        };
+    }
+
+    /**
+     * Middleware that throws exceptions for 4xx or 5xx responses when the
+     * "http_errors" request option is set to true.
+     *
+     * @param BodySummarizerInterface|null $bodySummarizer The body summarizer to use in exception messages.
+     *
+     * @return callable(callable): callable Returns a function that accepts the next handler.
+     */
+    public static function httpErrors(BodySummarizerInterface $bodySummarizer = null): callable
+    {
+        return static function (callable $handler) use ($bodySummarizer): callable {
+            return static function ($request, array $options) use ($handler, $bodySummarizer) {
+                if (empty($options['http_errors'])) {
+                    return $handler($request, $options);
+                }
+                return $handler($request, $options)->then(
+                    static function (ResponseInterface $response) use ($request, $bodySummarizer) {
+                        $code = $response->getStatusCode();
+                        if ($code < 400) {
+                            return $response;
+                        }
+                        throw RequestException::create($request, $response, null, [], $bodySummarizer);
+                    }
+                );
+            };
+        };
+    }
+
+    /**
+     * Middleware that pushes history data to an ArrayAccess container.
+     *
+     * @param array|\ArrayAccess<int, array> $container Container to hold the history (by reference).
+     *
+     * @return callable(callable): callable Returns a function that accepts the next handler.
+     *
+     * @throws \InvalidArgumentException if container is not an array or ArrayAccess.
+     */
+    public static function history(&$container): callable
+    {
+        if (!\is_array($container) && !$container instanceof \ArrayAccess) {
+            throw new \InvalidArgumentException('history container must be an array or object implementing ArrayAccess');
+        }
+
+        return static function (callable $handler) use (&$container): callable {
+            return static function (RequestInterface $request, array $options) use ($handler, &$container) {
+                return $handler($request, $options)->then(
+                    static function ($value) use ($request, &$container, $options) {
+                        $container[] = [
+                            'request'  => $request,
+                            'response' => $value,
+                            'error'    => null,
+                            'options'  => $options
+                        ];
+                        return $value;
+                    },
+                    static function ($reason) use ($request, &$container, $options) {
+                        $container[] = [
+                            'request'  => $request,
+                            'response' => null,
+                            'error'    => $reason,
+                            'options'  => $options
+                        ];
+                        return P\Create::rejectionFor($reason);
+                    }
+                );
+            };
+        };
+    }
+
+    /**
+     * Middleware that invokes a callback before and after sending a request.
+     *
+     * The provided listener cannot modify or alter the response. It simply
+     * "taps" into the chain to be notified before returning the promise. The
+     * before listener accepts a request and options array, and the after
+     * listener accepts a request, options array, and response promise.
+     *
+     * @param callable $before Function to invoke before forwarding the request.
+     * @param callable $after  Function invoked after forwarding.
+     *
+     * @return callable Returns a function that accepts the next handler.
+     */
+    public static function tap(callable $before = null, callable $after = null): callable
+    {
+        return static function (callable $handler) use ($before, $after): callable {
+            return static function (RequestInterface $request, array $options) use ($handler, $before, $after) {
+                if ($before) {
+                    $before($request, $options);
+                }
+                $response = $handler($request, $options);
+                if ($after) {
+                    $after($request, $options, $response);
+                }
+                return $response;
+            };
+        };
+    }
+
+    /**
+     * Middleware that handles request redirects.
+     *
+     * @return callable Returns a function that accepts the next handler.
+     */
+    public static function redirect(): callable
+    {
+        return static function (callable $handler): RedirectMiddleware {
+            return new RedirectMiddleware($handler);
+        };
+    }
+
+    /**
+     * Middleware that retries requests based on the boolean result of
+     * invoking the provided "decider" function.
+     *
+     * If no delay function is provided, a simple implementation of exponential
+     * backoff will be utilized.
+     *
+     * @param callable $decider Function that accepts the number of retries,
+     *                          a request, [response], and [exception] and
+     *                          returns true if the request is to be retried.
+     * @param callable $delay   Function that accepts the number of retries and
+     *                          returns the number of milliseconds to delay.
+     *
+     * @return callable Returns a function that accepts the next handler.
+     */
+    public static function retry(callable $decider, callable $delay = null): callable
+    {
+        return static function (callable $handler) use ($decider, $delay): RetryMiddleware {
+            return new RetryMiddleware($decider, $handler, $delay);
+        };
+    }
+
+    /**
+     * Middleware that logs requests, responses, and errors using a message
+     * formatter.
+     *
+     * @phpstan-param \Psr\Log\LogLevel::* $logLevel  Level at which to log requests.
+     *
+     * @param LoggerInterface                            $logger    Logs messages.
+     * @param MessageFormatterInterface|MessageFormatter $formatter Formatter used to create message strings.
+     * @param string                                     $logLevel  Level at which to log requests.
+     *
+     * @return callable Returns a function that accepts the next handler.
+     */
+    public static function log(LoggerInterface $logger, $formatter, string $logLevel = 'info'): callable
+    {
+        // To be compatible with Guzzle 7.1.x we need to allow users to pass a MessageFormatter
+        if (!$formatter instanceof MessageFormatter && !$formatter instanceof MessageFormatterInterface) {
+            throw new \LogicException(sprintf('Argument 2 to %s::log() must be of type %s', self::class, MessageFormatterInterface::class));
+        }
+
+        return static function (callable $handler) use ($logger, $formatter, $logLevel): callable {
+            return static function (RequestInterface $request, array $options = []) use ($handler, $logger, $formatter, $logLevel) {
+                return $handler($request, $options)->then(
+                    static function ($response) use ($logger, $request, $formatter, $logLevel): ResponseInterface {
+                        $message = $formatter->format($request, $response);
+                        $logger->log($logLevel, $message);
+                        return $response;
+                    },
+                    static function ($reason) use ($logger, $request, $formatter): PromiseInterface {
+                        $response = $reason instanceof RequestException ? $reason->getResponse() : null;
+                        $message = $formatter->format($request, $response, P\Create::exceptionFor($reason));
+                        $logger->error($message);
+                        return P\Create::rejectionFor($reason);
+                    }
+                );
+            };
+        };
+    }
+
+    /**
+     * This middleware adds a default content-type if possible, a default
+     * content-length or transfer-encoding header, and the expect header.
+     */
+    public static function prepareBody(): callable
+    {
+        return static function (callable $handler): PrepareBodyMiddleware {
+            return new PrepareBodyMiddleware($handler);
+        };
+    }
+
+    /**
+     * Middleware that applies a map function to the request before passing to
+     * the next handler.
+     *
+     * @param callable $fn Function that accepts a RequestInterface and returns
+     *                     a RequestInterface.
+     */
+    public static function mapRequest(callable $fn): callable
+    {
+        return static function (callable $handler) use ($fn): callable {
+            return static function (RequestInterface $request, array $options) use ($handler, $fn) {
+                return $handler($fn($request), $options);
+            };
+        };
+    }
+
+    /**
+     * Middleware that applies a map function to the resolved promise's
+     * response.
+     *
+     * @param callable $fn Function that accepts a ResponseInterface and
+     *                     returns a ResponseInterface.
+     */
+    public static function mapResponse(callable $fn): callable
+    {
+        return static function (callable $handler) use ($fn): callable {
+            return static function (RequestInterface $request, array $options) use ($handler, $fn) {
+                return $handler($request, $options)->then($fn);
+            };
+        };
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Pool.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Pool.php
new file mode 100644
index 000000000..6277c61fb
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Pool.php
@@ -0,0 +1,125 @@
+<?php
+
+namespace GuzzleHttp;
+
+use GuzzleHttp\Promise as P;
+use GuzzleHttp\Promise\EachPromise;
+use GuzzleHttp\Promise\PromiseInterface;
+use GuzzleHttp\Promise\PromisorInterface;
+use Psr\Http\Message\RequestInterface;
+
+/**
+ * Sends an iterator of requests concurrently using a capped pool size.
+ *
+ * The pool will read from an iterator until it is cancelled or until the
+ * iterator is consumed. When a request is yielded, the request is sent after
+ * applying the "request_options" request options (if provided in the ctor).
+ *
+ * When a function is yielded by the iterator, the function is provided the
+ * "request_options" array that should be merged on top of any existing
+ * options, and the function MUST then return a wait-able promise.
+ *
+ * @final
+ */
+class Pool implements PromisorInterface
+{
+    /**
+     * @var EachPromise
+     */
+    private $each;
+
+    /**
+     * @param ClientInterface $client   Client used to send the requests.
+     * @param array|\Iterator $requests Requests or functions that return
+     *                                  requests to send concurrently.
+     * @param array           $config   Associative array of options
+     *                                  - concurrency: (int) Maximum number of requests to send concurrently
+     *                                  - options: Array of request options to apply to each request.
+     *                                  - fulfilled: (callable) Function to invoke when a request completes.
+     *                                  - rejected: (callable) Function to invoke when a request is rejected.
+     */
+    public function __construct(ClientInterface $client, $requests, array $config = [])
+    {
+        if (!isset($config['concurrency'])) {
+            $config['concurrency'] = 25;
+        }
+
+        if (isset($config['options'])) {
+            $opts = $config['options'];
+            unset($config['options']);
+        } else {
+            $opts = [];
+        }
+
+        $iterable = P\Create::iterFor($requests);
+        $requests = static function () use ($iterable, $client, $opts) {
+            foreach ($iterable as $key => $rfn) {
+                if ($rfn instanceof RequestInterface) {
+                    yield $key => $client->sendAsync($rfn, $opts);
+                } elseif (\is_callable($rfn)) {
+                    yield $key => $rfn($opts);
+                } else {
+                    throw new \InvalidArgumentException('Each value yielded by the iterator must be a Psr7\Http\Message\RequestInterface or a callable that returns a promise that fulfills with a Psr7\Message\Http\ResponseInterface object.');
+                }
+            }
+        };
+
+        $this->each = new EachPromise($requests(), $config);
+    }
+
+    /**
+     * Get promise
+     */
+    public function promise(): PromiseInterface
+    {
+        return $this->each->promise();
+    }
+
+    /**
+     * Sends multiple requests concurrently and returns an array of responses
+     * and exceptions that uses the same ordering as the provided requests.
+     *
+     * IMPORTANT: This method keeps every request and response in memory, and
+     * as such, is NOT recommended when sending a large number or an
+     * indeterminate number of requests concurrently.
+     *
+     * @param ClientInterface $client   Client used to send the requests
+     * @param array|\Iterator $requests Requests to send concurrently.
+     * @param array           $options  Passes through the options available in
+     *                                  {@see \GuzzleHttp\Pool::__construct}
+     *
+     * @return array Returns an array containing the response or an exception
+     *               in the same order that the requests were sent.
+     *
+     * @throws \InvalidArgumentException if the event format is incorrect.
+     */
+    public static function batch(ClientInterface $client, $requests, array $options = []): array
+    {
+        $res = [];
+        self::cmpCallback($options, 'fulfilled', $res);
+        self::cmpCallback($options, 'rejected', $res);
+        $pool = new static($client, $requests, $options);
+        $pool->promise()->wait();
+        \ksort($res);
+
+        return $res;
+    }
+
+    /**
+     * Execute callback(s)
+     */
+    private static function cmpCallback(array &$options, string $name, array &$results): void
+    {
+        if (!isset($options[$name])) {
+            $options[$name] = static function ($v, $k) use (&$results) {
+                $results[$k] = $v;
+            };
+        } else {
+            $currentFn = $options[$name];
+            $options[$name] = static function ($v, $k) use (&$results, $currentFn) {
+                $currentFn($v, $k);
+                $results[$k] = $v;
+            };
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php
new file mode 100644
index 000000000..7ca628338
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php
@@ -0,0 +1,104 @@
+<?php
+
+namespace GuzzleHttp;
+
+use GuzzleHttp\Promise\PromiseInterface;
+use Psr\Http\Message\RequestInterface;
+
+/**
+ * Prepares requests that contain a body, adding the Content-Length,
+ * Content-Type, and Expect headers.
+ *
+ * @final
+ */
+class PrepareBodyMiddleware
+{
+    /**
+     * @var callable(RequestInterface, array): PromiseInterface
+     */
+    private $nextHandler;
+
+    /**
+     * @param callable(RequestInterface, array): PromiseInterface $nextHandler Next handler to invoke.
+     */
+    public function __construct(callable $nextHandler)
+    {
+        $this->nextHandler = $nextHandler;
+    }
+
+    public function __invoke(RequestInterface $request, array $options): PromiseInterface
+    {
+        $fn = $this->nextHandler;
+
+        // Don't do anything if the request has no body.
+        if ($request->getBody()->getSize() === 0) {
+            return $fn($request, $options);
+        }
+
+        $modify = [];
+
+        // Add a default content-type if possible.
+        if (!$request->hasHeader('Content-Type')) {
+            if ($uri = $request->getBody()->getMetadata('uri')) {
+                if (is_string($uri) && $type = Psr7\MimeType::fromFilename($uri)) {
+                    $modify['set_headers']['Content-Type'] = $type;
+                }
+            }
+        }
+
+        // Add a default content-length or transfer-encoding header.
+        if (!$request->hasHeader('Content-Length')
+            && !$request->hasHeader('Transfer-Encoding')
+        ) {
+            $size = $request->getBody()->getSize();
+            if ($size !== null) {
+                $modify['set_headers']['Content-Length'] = $size;
+            } else {
+                $modify['set_headers']['Transfer-Encoding'] = 'chunked';
+            }
+        }
+
+        // Add the expect header if needed.
+        $this->addExpectHeader($request, $options, $modify);
+
+        return $fn(Psr7\Utils::modifyRequest($request, $modify), $options);
+    }
+
+    /**
+     * Add expect header
+     */
+    private function addExpectHeader(RequestInterface $request, array $options, array &$modify): void
+    {
+        // Determine if the Expect header should be used
+        if ($request->hasHeader('Expect')) {
+            return;
+        }
+
+        $expect = $options['expect'] ?? null;
+
+        // Return if disabled or if you're not using HTTP/1.1 or HTTP/2.0
+        if ($expect === false || $request->getProtocolVersion() < 1.1) {
+            return;
+        }
+
+        // The expect header is unconditionally enabled
+        if ($expect === true) {
+            $modify['set_headers']['Expect'] = '100-Continue';
+            return;
+        }
+
+        // By default, send the expect header when the payload is > 1mb
+        if ($expect === null) {
+            $expect = 1048576;
+        }
+
+        // Always add if the body cannot be rewound, the size cannot be
+        // determined, or the size is greater than the cutoff threshold
+        $body = $request->getBody();
+        $size = $body->getSize();
+
+        if ($size === null || $size >= (int) $expect || !$body->isSeekable()) {
+            $modify['set_headers']['Expect'] = '100-Continue';
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/RedirectMiddleware.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/RedirectMiddleware.php
new file mode 100644
index 000000000..f67d448be
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/RedirectMiddleware.php
@@ -0,0 +1,228 @@
+<?php
+
+namespace GuzzleHttp;
+
+use GuzzleHttp\Exception\BadResponseException;
+use GuzzleHttp\Exception\TooManyRedirectsException;
+use GuzzleHttp\Promise\PromiseInterface;
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\UriInterface;
+
+/**
+ * Request redirect middleware.
+ *
+ * Apply this middleware like other middleware using
+ * {@see \GuzzleHttp\Middleware::redirect()}.
+ *
+ * @final
+ */
+class RedirectMiddleware
+{
+    public const HISTORY_HEADER = 'X-Guzzle-Redirect-History';
+
+    public const STATUS_HISTORY_HEADER = 'X-Guzzle-Redirect-Status-History';
+
+    /**
+     * @var array
+     */
+    public static $defaultSettings = [
+        'max'             => 5,
+        'protocols'       => ['http', 'https'],
+        'strict'          => false,
+        'referer'         => false,
+        'track_redirects' => false,
+    ];
+
+    /**
+     * @var callable(RequestInterface, array): PromiseInterface
+     */
+    private $nextHandler;
+
+    /**
+     * @param callable(RequestInterface, array): PromiseInterface $nextHandler Next handler to invoke.
+     */
+    public function __construct(callable $nextHandler)
+    {
+        $this->nextHandler = $nextHandler;
+    }
+
+    public function __invoke(RequestInterface $request, array $options): PromiseInterface
+    {
+        $fn = $this->nextHandler;
+
+        if (empty($options['allow_redirects'])) {
+            return $fn($request, $options);
+        }
+
+        if ($options['allow_redirects'] === true) {
+            $options['allow_redirects'] = self::$defaultSettings;
+        } elseif (!\is_array($options['allow_redirects'])) {
+            throw new \InvalidArgumentException('allow_redirects must be true, false, or array');
+        } else {
+            // Merge the default settings with the provided settings
+            $options['allow_redirects'] += self::$defaultSettings;
+        }
+
+        if (empty($options['allow_redirects']['max'])) {
+            return $fn($request, $options);
+        }
+
+        return $fn($request, $options)
+            ->then(function (ResponseInterface $response) use ($request, $options) {
+                return $this->checkRedirect($request, $options, $response);
+            });
+    }
+
+    /**
+     * @return ResponseInterface|PromiseInterface
+     */
+    public function checkRedirect(RequestInterface $request, array $options, ResponseInterface $response)
+    {
+        if (\strpos((string) $response->getStatusCode(), '3') !== 0
+            || !$response->hasHeader('Location')
+        ) {
+            return $response;
+        }
+
+        $this->guardMax($request, $response, $options);
+        $nextRequest = $this->modifyRequest($request, $options, $response);
+
+        // If authorization is handled by curl, unset it if URI is cross-origin.
+        if (Psr7\UriComparator::isCrossOrigin($request->getUri(), $nextRequest->getUri()) && defined('\CURLOPT_HTTPAUTH')) {
+            unset(
+                $options['curl'][\CURLOPT_HTTPAUTH],
+                $options['curl'][\CURLOPT_USERPWD]
+            );
+        }
+
+        if (isset($options['allow_redirects']['on_redirect'])) {
+            ($options['allow_redirects']['on_redirect'])(
+                $request,
+                $response,
+                $nextRequest->getUri()
+            );
+        }
+
+        $promise = $this($nextRequest, $options);
+
+        // Add headers to be able to track history of redirects.
+        if (!empty($options['allow_redirects']['track_redirects'])) {
+            return $this->withTracking(
+                $promise,
+                (string) $nextRequest->getUri(),
+                $response->getStatusCode()
+            );
+        }
+
+        return $promise;
+    }
+
+    /**
+     * Enable tracking on promise.
+     */
+    private function withTracking(PromiseInterface $promise, string $uri, int $statusCode): PromiseInterface
+    {
+        return $promise->then(
+            static function (ResponseInterface $response) use ($uri, $statusCode) {
+                // Note that we are pushing to the front of the list as this
+                // would be an earlier response than what is currently present
+                // in the history header.
+                $historyHeader = $response->getHeader(self::HISTORY_HEADER);
+                $statusHeader = $response->getHeader(self::STATUS_HISTORY_HEADER);
+                \array_unshift($historyHeader, $uri);
+                \array_unshift($statusHeader, (string) $statusCode);
+
+                return $response->withHeader(self::HISTORY_HEADER, $historyHeader)
+                                ->withHeader(self::STATUS_HISTORY_HEADER, $statusHeader);
+            }
+        );
+    }
+
+    /**
+     * Check for too many redirects.
+     *
+     * @throws TooManyRedirectsException Too many redirects.
+     */
+    private function guardMax(RequestInterface $request, ResponseInterface $response, array &$options): void
+    {
+        $current = $options['__redirect_count']
+            ?? 0;
+        $options['__redirect_count'] = $current + 1;
+        $max = $options['allow_redirects']['max'];
+
+        if ($options['__redirect_count'] > $max) {
+            throw new TooManyRedirectsException("Will not follow more than {$max} redirects", $request, $response);
+        }
+    }
+
+    public function modifyRequest(RequestInterface $request, array $options, ResponseInterface $response): RequestInterface
+    {
+        // Request modifications to apply.
+        $modify = [];
+        $protocols = $options['allow_redirects']['protocols'];
+
+        // Use a GET request if this is an entity enclosing request and we are
+        // not forcing RFC compliance, but rather emulating what all browsers
+        // would do.
+        $statusCode = $response->getStatusCode();
+        if ($statusCode == 303 ||
+            ($statusCode <= 302 && !$options['allow_redirects']['strict'])
+        ) {
+            $safeMethods = ['GET', 'HEAD', 'OPTIONS'];
+            $requestMethod = $request->getMethod();
+
+            $modify['method'] = in_array($requestMethod, $safeMethods) ? $requestMethod : 'GET';
+            $modify['body'] = '';
+        }
+
+        $uri = self::redirectUri($request, $response, $protocols);
+        if (isset($options['idn_conversion']) && ($options['idn_conversion'] !== false)) {
+            $idnOptions = ($options['idn_conversion'] === true) ? \IDNA_DEFAULT : $options['idn_conversion'];
+            $uri = Utils::idnUriConvert($uri, $idnOptions);
+        }
+
+        $modify['uri'] = $uri;
+        Psr7\Message::rewindBody($request);
+
+        // Add the Referer header if it is told to do so and only
+        // add the header if we are not redirecting from https to http.
+        if ($options['allow_redirects']['referer']
+            && $modify['uri']->getScheme() === $request->getUri()->getScheme()
+        ) {
+            $uri = $request->getUri()->withUserInfo('');
+            $modify['set_headers']['Referer'] = (string) $uri;
+        } else {
+            $modify['remove_headers'][] = 'Referer';
+        }
+
+        // Remove Authorization and Cookie headers if URI is cross-origin.
+        if (Psr7\UriComparator::isCrossOrigin($request->getUri(), $modify['uri'])) {
+            $modify['remove_headers'][] = 'Authorization';
+            $modify['remove_headers'][] = 'Cookie';
+        }
+
+        return Psr7\Utils::modifyRequest($request, $modify);
+    }
+
+    /**
+     * Set the appropriate URL on the request based on the location header.
+     */
+    private static function redirectUri(
+        RequestInterface $request,
+        ResponseInterface $response,
+        array $protocols
+    ): UriInterface {
+        $location = Psr7\UriResolver::resolve(
+            $request->getUri(),
+            new Psr7\Uri($response->getHeaderLine('Location'))
+        );
+
+        // Ensure that the redirect URI is allowed based on the protocols.
+        if (!\in_array($location->getScheme(), $protocols)) {
+            throw new BadResponseException(\sprintf('Redirect URI, %s, does not use one of the allowed redirect protocols: %s', $location, \implode(', ', $protocols)), $request, $response);
+        }
+
+        return $location;
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/RequestOptions.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/RequestOptions.php
new file mode 100644
index 000000000..20b31bc20
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/RequestOptions.php
@@ -0,0 +1,264 @@
+<?php
+
+namespace GuzzleHttp;
+
+/**
+ * This class contains a list of built-in Guzzle request options.
+ *
+ * More documentation for each option can be found at http://guzzlephp.org/.
+ *
+ * @link http://docs.guzzlephp.org/en/v6/request-options.html
+ */
+final class RequestOptions
+{
+    /**
+     * allow_redirects: (bool|array) Controls redirect behavior. Pass false
+     * to disable redirects, pass true to enable redirects, pass an
+     * associative to provide custom redirect settings. Defaults to "false".
+     * This option only works if your handler has the RedirectMiddleware. When
+     * passing an associative array, you can provide the following key value
+     * pairs:
+     *
+     * - max: (int, default=5) maximum number of allowed redirects.
+     * - strict: (bool, default=false) Set to true to use strict redirects
+     *   meaning redirect POST requests with POST requests vs. doing what most
+     *   browsers do which is redirect POST requests with GET requests
+     * - referer: (bool, default=false) Set to true to enable the Referer
+     *   header.
+     * - protocols: (array, default=['http', 'https']) Allowed redirect
+     *   protocols.
+     * - on_redirect: (callable) PHP callable that is invoked when a redirect
+     *   is encountered. The callable is invoked with the request, the redirect
+     *   response that was received, and the effective URI. Any return value
+     *   from the on_redirect function is ignored.
+     */
+    public const ALLOW_REDIRECTS = 'allow_redirects';
+
+    /**
+     * auth: (array) Pass an array of HTTP authentication parameters to use
+     * with the request. The array must contain the username in index [0],
+     * the password in index [1], and you can optionally provide a built-in
+     * authentication type in index [2]. Pass null to disable authentication
+     * for a request.
+     */
+    public const AUTH = 'auth';
+
+    /**
+     * body: (resource|string|null|int|float|StreamInterface|callable|\Iterator)
+     * Body to send in the request.
+     */
+    public const BODY = 'body';
+
+    /**
+     * cert: (string|array) Set to a string to specify the path to a file
+     * containing a PEM formatted SSL client side certificate. If a password
+     * is required, then set cert to an array containing the path to the PEM
+     * file in the first array element followed by the certificate password
+     * in the second array element.
+     */
+    public const CERT = 'cert';
+
+    /**
+     * cookies: (bool|GuzzleHttp\Cookie\CookieJarInterface, default=false)
+     * Specifies whether or not cookies are used in a request or what cookie
+     * jar to use or what cookies to send. This option only works if your
+     * handler has the `cookie` middleware. Valid values are `false` and
+     * an instance of {@see \GuzzleHttp\Cookie\CookieJarInterface}.
+     */
+    public const COOKIES = 'cookies';
+
+    /**
+     * connect_timeout: (float, default=0) Float describing the number of
+     * seconds to wait while trying to connect to a server. Use 0 to wait
+     * indefinitely (the default behavior).
+     */
+    public const CONNECT_TIMEOUT = 'connect_timeout';
+
+    /**
+     * debug: (bool|resource) Set to true or set to a PHP stream returned by
+     * fopen()  enable debug output with the HTTP handler used to send a
+     * request.
+     */
+    public const DEBUG = 'debug';
+
+    /**
+     * decode_content: (bool, default=true) Specify whether or not
+     * Content-Encoding responses (gzip, deflate, etc.) are automatically
+     * decoded.
+     */
+    public const DECODE_CONTENT = 'decode_content';
+
+    /**
+     * delay: (int) The amount of time to delay before sending in milliseconds.
+     */
+    public const DELAY = 'delay';
+
+    /**
+     * expect: (bool|integer) Controls the behavior of the
+     * "Expect: 100-Continue" header.
+     *
+     * Set to `true` to enable the "Expect: 100-Continue" header for all
+     * requests that sends a body. Set to `false` to disable the
+     * "Expect: 100-Continue" header for all requests. Set to a number so that
+     * the size of the payload must be greater than the number in order to send
+     * the Expect header. Setting to a number will send the Expect header for
+     * all requests in which the size of the payload cannot be determined or
+     * where the body is not rewindable.
+     *
+     * By default, Guzzle will add the "Expect: 100-Continue" header when the
+     * size of the body of a request is greater than 1 MB and a request is
+     * using HTTP/1.1.
+     */
+    public const EXPECT = 'expect';
+
+    /**
+     * form_params: (array) Associative array of form field names to values
+     * where each value is a string or array of strings. Sets the Content-Type
+     * header to application/x-www-form-urlencoded when no Content-Type header
+     * is already present.
+     */
+    public const FORM_PARAMS = 'form_params';
+
+    /**
+     * headers: (array) Associative array of HTTP headers. Each value MUST be
+     * a string or array of strings.
+     */
+    public const HEADERS = 'headers';
+
+    /**
+     * http_errors: (bool, default=true) Set to false to disable exceptions
+     * when a non- successful HTTP response is received. By default,
+     * exceptions will be thrown for 4xx and 5xx responses. This option only
+     * works if your handler has the `httpErrors` middleware.
+     */
+    public const HTTP_ERRORS = 'http_errors';
+
+    /**
+     * idn: (bool|int, default=true) A combination of IDNA_* constants for
+     * idn_to_ascii() PHP's function (see "options" parameter). Set to false to
+     * disable IDN support completely, or to true to use the default
+     * configuration (IDNA_DEFAULT constant).
+     */
+    public const IDN_CONVERSION = 'idn_conversion';
+
+    /**
+     * json: (mixed) Adds JSON data to a request. The provided value is JSON
+     * encoded and a Content-Type header of application/json will be added to
+     * the request if no Content-Type header is already present.
+     */
+    public const JSON = 'json';
+
+    /**
+     * multipart: (array) Array of associative arrays, each containing a
+     * required "name" key mapping to the form field, name, a required
+     * "contents" key mapping to a StreamInterface|resource|string, an
+     * optional "headers" associative array of custom headers, and an
+     * optional "filename" key mapping to a string to send as the filename in
+     * the part. If no "filename" key is present, then no "filename" attribute
+     * will be added to the part.
+     */
+    public const MULTIPART = 'multipart';
+
+    /**
+     * on_headers: (callable) A callable that is invoked when the HTTP headers
+     * of the response have been received but the body has not yet begun to
+     * download.
+     */
+    public const ON_HEADERS = 'on_headers';
+
+    /**
+     * on_stats: (callable) allows you to get access to transfer statistics of
+     * a request and access the lower level transfer details of the handler
+     * associated with your client. ``on_stats`` is a callable that is invoked
+     * when a handler has finished sending a request. The callback is invoked
+     * with transfer statistics about the request, the response received, or
+     * the error encountered. Included in the data is the total amount of time
+     * taken to send the request.
+     */
+    public const ON_STATS = 'on_stats';
+
+    /**
+     * progress: (callable) Defines a function to invoke when transfer
+     * progress is made. The function accepts the following positional
+     * arguments: the total number of bytes expected to be downloaded, the
+     * number of bytes downloaded so far, the number of bytes expected to be
+     * uploaded, the number of bytes uploaded so far.
+     */
+    public const PROGRESS = 'progress';
+
+    /**
+     * proxy: (string|array) Pass a string to specify an HTTP proxy, or an
+     * array to specify different proxies for different protocols (where the
+     * key is the protocol and the value is a proxy string).
+     */
+    public const PROXY = 'proxy';
+
+    /**
+     * query: (array|string) Associative array of query string values to add
+     * to the request. This option uses PHP's http_build_query() to create
+     * the string representation. Pass a string value if you need more
+     * control than what this method provides
+     */
+    public const QUERY = 'query';
+
+    /**
+     * sink: (resource|string|StreamInterface) Where the data of the
+     * response is written to. Defaults to a PHP temp stream. Providing a
+     * string will write data to a file by the given name.
+     */
+    public const SINK = 'sink';
+
+    /**
+     * synchronous: (bool) Set to true to inform HTTP handlers that you intend
+     * on waiting on the response. This can be useful for optimizations. Note
+     * that a promise is still returned if you are using one of the async
+     * client methods.
+     */
+    public const SYNCHRONOUS = 'synchronous';
+
+    /**
+     * ssl_key: (array|string) Specify the path to a file containing a private
+     * SSL key in PEM format. If a password is required, then set to an array
+     * containing the path to the SSL key in the first array element followed
+     * by the password required for the certificate in the second element.
+     */
+    public const SSL_KEY = 'ssl_key';
+
+    /**
+     * stream: Set to true to attempt to stream a response rather than
+     * download it all up-front.
+     */
+    public const STREAM = 'stream';
+
+    /**
+     * verify: (bool|string, default=true) Describes the SSL certificate
+     * verification behavior of a request. Set to true to enable SSL
+     * certificate verification using the system CA bundle when available
+     * (the default). Set to false to disable certificate verification (this
+     * is insecure!). Set to a string to provide the path to a CA bundle on
+     * disk to enable verification using a custom certificate.
+     */
+    public const VERIFY = 'verify';
+
+    /**
+     * timeout: (float, default=0) Float describing the timeout of the
+     * request in seconds. Use 0 to wait indefinitely (the default behavior).
+     */
+    public const TIMEOUT = 'timeout';
+
+    /**
+     * read_timeout: (float, default=default_socket_timeout ini setting) Float describing
+     * the body read timeout, for stream requests.
+     */
+    public const READ_TIMEOUT = 'read_timeout';
+
+    /**
+     * version: (float) Specifies the HTTP protocol version to attempt to use.
+     */
+    public const VERSION = 'version';
+
+    /**
+     * force_ip_resolve: (bool) Force client to use only ipv4 or ipv6 protocol
+     */
+    public const FORCE_IP_RESOLVE = 'force_ip_resolve';
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/RetryMiddleware.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/RetryMiddleware.php
new file mode 100644
index 000000000..0236a9d54
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/RetryMiddleware.php
@@ -0,0 +1,116 @@
+<?php
+
+namespace GuzzleHttp;
+
+use GuzzleHttp\Promise as P;
+use GuzzleHttp\Promise\PromiseInterface;
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\ResponseInterface;
+
+/**
+ * Middleware that retries requests based on the boolean result of
+ * invoking the provided "decider" function.
+ *
+ * @final
+ */
+class RetryMiddleware
+{
+    /**
+     * @var callable(RequestInterface, array): PromiseInterface
+     */
+    private $nextHandler;
+
+    /**
+     * @var callable
+     */
+    private $decider;
+
+    /**
+     * @var callable(int)
+     */
+    private $delay;
+
+    /**
+     * @param callable                                            $decider     Function that accepts the number of retries,
+     *                                                                         a request, [response], and [exception] and
+     *                                                                         returns true if the request is to be
+     *                                                                         retried.
+     * @param callable(RequestInterface, array): PromiseInterface $nextHandler Next handler to invoke.
+     * @param (callable(int): int)|null                           $delay       Function that accepts the number of retries
+     *                                                                         and returns the number of
+     *                                                                         milliseconds to delay.
+     */
+    public function __construct(callable $decider, callable $nextHandler, callable $delay = null)
+    {
+        $this->decider = $decider;
+        $this->nextHandler = $nextHandler;
+        $this->delay = $delay ?: __CLASS__ . '::exponentialDelay';
+    }
+
+    /**
+     * Default exponential backoff delay function.
+     *
+     * @return int milliseconds.
+     */
+    public static function exponentialDelay(int $retries): int
+    {
+        return (int) \pow(2, $retries - 1) * 1000;
+    }
+
+    public function __invoke(RequestInterface $request, array $options): PromiseInterface
+    {
+        if (!isset($options['retries'])) {
+            $options['retries'] = 0;
+        }
+
+        $fn = $this->nextHandler;
+        return $fn($request, $options)
+            ->then(
+                $this->onFulfilled($request, $options),
+                $this->onRejected($request, $options)
+            );
+    }
+
+    /**
+     * Execute fulfilled closure
+     */
+    private function onFulfilled(RequestInterface $request, array $options): callable
+    {
+        return function ($value) use ($request, $options) {
+            if (!($this->decider)(
+                $options['retries'],
+                $request,
+                $value,
+                null
+            )) {
+                return $value;
+            }
+            return $this->doRetry($request, $options, $value);
+        };
+    }
+
+    /**
+     * Execute rejected closure
+     */
+    private function onRejected(RequestInterface $req, array $options): callable
+    {
+        return function ($reason) use ($req, $options) {
+            if (!($this->decider)(
+                $options['retries'],
+                $req,
+                null,
+                $reason
+            )) {
+                return P\Create::rejectionFor($reason);
+            }
+            return $this->doRetry($req, $options);
+        };
+    }
+
+    private function doRetry(RequestInterface $request, array $options, ResponseInterface $response = null): PromiseInterface
+    {
+        $options['delay'] = ($this->delay)(++$options['retries'], $response, $request);
+
+        return $this($request, $options);
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/TransferStats.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/TransferStats.php
new file mode 100644
index 000000000..93fa334c8
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/TransferStats.php
@@ -0,0 +1,133 @@
+<?php
+
+namespace GuzzleHttp;
+
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\UriInterface;
+
+/**
+ * Represents data at the point after it was transferred either successfully
+ * or after a network error.
+ */
+final class TransferStats
+{
+    /**
+     * @var RequestInterface
+     */
+    private $request;
+
+    /**
+     * @var ResponseInterface|null
+     */
+    private $response;
+
+    /**
+     * @var float|null
+     */
+    private $transferTime;
+
+    /**
+     * @var array
+     */
+    private $handlerStats;
+
+    /**
+     * @var mixed|null
+     */
+    private $handlerErrorData;
+
+    /**
+     * @param RequestInterface       $request          Request that was sent.
+     * @param ResponseInterface|null $response         Response received (if any)
+     * @param float|null             $transferTime     Total handler transfer time.
+     * @param mixed                  $handlerErrorData Handler error data.
+     * @param array                  $handlerStats     Handler specific stats.
+     */
+    public function __construct(
+        RequestInterface $request,
+        ?ResponseInterface $response = null,
+        ?float $transferTime = null,
+        $handlerErrorData = null,
+        array $handlerStats = []
+    ) {
+        $this->request = $request;
+        $this->response = $response;
+        $this->transferTime = $transferTime;
+        $this->handlerErrorData = $handlerErrorData;
+        $this->handlerStats = $handlerStats;
+    }
+
+    public function getRequest(): RequestInterface
+    {
+        return $this->request;
+    }
+
+    /**
+     * Returns the response that was received (if any).
+     */
+    public function getResponse(): ?ResponseInterface
+    {
+        return $this->response;
+    }
+
+    /**
+     * Returns true if a response was received.
+     */
+    public function hasResponse(): bool
+    {
+        return $this->response !== null;
+    }
+
+    /**
+     * Gets handler specific error data.
+     *
+     * This might be an exception, a integer representing an error code, or
+     * anything else. Relying on this value assumes that you know what handler
+     * you are using.
+     *
+     * @return mixed
+     */
+    public function getHandlerErrorData()
+    {
+        return $this->handlerErrorData;
+    }
+
+    /**
+     * Get the effective URI the request was sent to.
+     */
+    public function getEffectiveUri(): UriInterface
+    {
+        return $this->request->getUri();
+    }
+
+    /**
+     * Get the estimated time the request was being transferred by the handler.
+     *
+     * @return float|null Time in seconds.
+     */
+    public function getTransferTime(): ?float
+    {
+        return $this->transferTime;
+    }
+
+    /**
+     * Gets an array of all of the handler specific transfer data.
+     */
+    public function getHandlerStats(): array
+    {
+        return $this->handlerStats;
+    }
+
+    /**
+     * Get a specific handler statistic from the handler by name.
+     *
+     * @param string $stat Handler specific transfer stat to retrieve.
+     *
+     * @return mixed|null
+     */
+    public function getHandlerStat(string $stat)
+    {
+        return $this->handlerStats[$stat] ?? null;
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Utils.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Utils.php
new file mode 100644
index 000000000..e355f3212
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/Utils.php
@@ -0,0 +1,385 @@
+<?php
+
+namespace GuzzleHttp;
+
+use GuzzleHttp\Exception\InvalidArgumentException;
+use GuzzleHttp\Handler\CurlHandler;
+use GuzzleHttp\Handler\CurlMultiHandler;
+use GuzzleHttp\Handler\Proxy;
+use GuzzleHttp\Handler\StreamHandler;
+use Psr\Http\Message\UriInterface;
+
+final class Utils
+{
+    /**
+     * Debug function used to describe the provided value type and class.
+     *
+     * @param mixed $input
+     *
+     * @return string Returns a string containing the type of the variable and
+     *                if a class is provided, the class name.
+     */
+    public static function describeType($input): string
+    {
+        switch (\gettype($input)) {
+            case 'object':
+                return 'object(' . \get_class($input) . ')';
+            case 'array':
+                return 'array(' . \count($input) . ')';
+            default:
+                \ob_start();
+                \var_dump($input);
+                // normalize float vs double
+                /** @var string $varDumpContent */
+                $varDumpContent = \ob_get_clean();
+
+                return \str_replace('double(', 'float(', \rtrim($varDumpContent));
+        }
+    }
+
+    /**
+     * Parses an array of header lines into an associative array of headers.
+     *
+     * @param iterable $lines Header lines array of strings in the following
+     *                        format: "Name: Value"
+     */
+    public static function headersFromLines(iterable $lines): array
+    {
+        $headers = [];
+
+        foreach ($lines as $line) {
+            $parts = \explode(':', $line, 2);
+            $headers[\trim($parts[0])][] = isset($parts[1]) ? \trim($parts[1]) : null;
+        }
+
+        return $headers;
+    }
+
+    /**
+     * Returns a debug stream based on the provided variable.
+     *
+     * @param mixed $value Optional value
+     *
+     * @return resource
+     */
+    public static function debugResource($value = null)
+    {
+        if (\is_resource($value)) {
+            return $value;
+        }
+        if (\defined('STDOUT')) {
+            return \STDOUT;
+        }
+
+        return \GuzzleHttp\Psr7\Utils::tryFopen('php://output', 'w');
+    }
+
+    /**
+     * Chooses and creates a default handler to use based on the environment.
+     *
+     * The returned handler is not wrapped by any default middlewares.
+     *
+     * @throws \RuntimeException if no viable Handler is available.
+     *
+     * @return callable(\Psr\Http\Message\RequestInterface, array): \GuzzleHttp\Promise\PromiseInterface Returns the best handler for the given system.
+     */
+    public static function chooseHandler(): callable
+    {
+        $handler = null;
+
+        if (\defined('CURLOPT_CUSTOMREQUEST')) {
+            if (\function_exists('curl_multi_exec') && \function_exists('curl_exec')) {
+                $handler = Proxy::wrapSync(new CurlMultiHandler(), new CurlHandler());
+            } elseif (\function_exists('curl_exec')) {
+                $handler = new CurlHandler();
+            } elseif (\function_exists('curl_multi_exec')) {
+                $handler = new CurlMultiHandler();
+            }
+        }
+
+        if (\ini_get('allow_url_fopen')) {
+            $handler = $handler
+                ? Proxy::wrapStreaming($handler, new StreamHandler())
+                : new StreamHandler();
+        } elseif (!$handler) {
+            throw new \RuntimeException('GuzzleHttp requires cURL, the allow_url_fopen ini setting, or a custom HTTP handler.');
+        }
+
+        return $handler;
+    }
+
+    /**
+     * Get the default User-Agent string to use with Guzzle.
+     */
+    public static function defaultUserAgent(): string
+    {
+        return sprintf('GuzzleHttp/%d', ClientInterface::MAJOR_VERSION);
+    }
+
+    /**
+     * Returns the default cacert bundle for the current system.
+     *
+     * First, the openssl.cafile and curl.cainfo php.ini settings are checked.
+     * If those settings are not configured, then the common locations for
+     * bundles found on Red Hat, CentOS, Fedora, Ubuntu, Debian, FreeBSD, OS X
+     * and Windows are checked. If any of these file locations are found on
+     * disk, they will be utilized.
+     *
+     * Note: the result of this function is cached for subsequent calls.
+     *
+     * @throws \RuntimeException if no bundle can be found.
+     *
+     * @deprecated Utils::defaultCaBundle will be removed in guzzlehttp/guzzle:8.0. This method is not needed in PHP 5.6+.
+     */
+    public static function defaultCaBundle(): string
+    {
+        static $cached = null;
+        static $cafiles = [
+            // Red Hat, CentOS, Fedora (provided by the ca-certificates package)
+            '/etc/pki/tls/certs/ca-bundle.crt',
+            // Ubuntu, Debian (provided by the ca-certificates package)
+            '/etc/ssl/certs/ca-certificates.crt',
+            // FreeBSD (provided by the ca_root_nss package)
+            '/usr/local/share/certs/ca-root-nss.crt',
+            // SLES 12 (provided by the ca-certificates package)
+            '/var/lib/ca-certificates/ca-bundle.pem',
+            // OS X provided by homebrew (using the default path)
+            '/usr/local/etc/openssl/cert.pem',
+            // Google app engine
+            '/etc/ca-certificates.crt',
+            // Windows?
+            'C:\\windows\\system32\\curl-ca-bundle.crt',
+            'C:\\windows\\curl-ca-bundle.crt',
+        ];
+
+        if ($cached) {
+            return $cached;
+        }
+
+        if ($ca = \ini_get('openssl.cafile')) {
+            return $cached = $ca;
+        }
+
+        if ($ca = \ini_get('curl.cainfo')) {
+            return $cached = $ca;
+        }
+
+        foreach ($cafiles as $filename) {
+            if (\file_exists($filename)) {
+                return $cached = $filename;
+            }
+        }
+
+        throw new \RuntimeException(
+            <<< EOT
+No system CA bundle could be found in any of the the common system locations.
+PHP versions earlier than 5.6 are not properly configured to use the system's
+CA bundle by default. In order to verify peer certificates, you will need to
+supply the path on disk to a certificate bundle to the 'verify' request
+option: http://docs.guzzlephp.org/en/latest/clients.html#verify. If you do not
+need a specific certificate bundle, then Mozilla provides a commonly used CA
+bundle which can be downloaded here (provided by the maintainer of cURL):
+https://curl.haxx.se/ca/cacert.pem. Once
+you have a CA bundle available on disk, you can set the 'openssl.cafile' PHP
+ini setting to point to the path to the file, allowing you to omit the 'verify'
+request option. See https://curl.haxx.se/docs/sslcerts.html for more
+information.
+EOT
+        );
+    }
+
+    /**
+     * Creates an associative array of lowercase header names to the actual
+     * header casing.
+     */
+    public static function normalizeHeaderKeys(array $headers): array
+    {
+        $result = [];
+        foreach (\array_keys($headers) as $key) {
+            $result[\strtolower($key)] = $key;
+        }
+
+        return $result;
+    }
+
+    /**
+     * Returns true if the provided host matches any of the no proxy areas.
+     *
+     * This method will strip a port from the host if it is present. Each pattern
+     * can be matched with an exact match (e.g., "foo.com" == "foo.com") or a
+     * partial match: (e.g., "foo.com" == "baz.foo.com" and ".foo.com" ==
+     * "baz.foo.com", but ".foo.com" != "foo.com").
+     *
+     * Areas are matched in the following cases:
+     * 1. "*" (without quotes) always matches any hosts.
+     * 2. An exact match.
+     * 3. The area starts with "." and the area is the last part of the host. e.g.
+     *    '.mit.edu' will match any host that ends with '.mit.edu'.
+     *
+     * @param string   $host         Host to check against the patterns.
+     * @param string[] $noProxyArray An array of host patterns.
+     *
+     * @throws InvalidArgumentException
+     */
+    public static function isHostInNoProxy(string $host, array $noProxyArray): bool
+    {
+        if (\strlen($host) === 0) {
+            throw new InvalidArgumentException('Empty host provided');
+        }
+
+        // Strip port if present.
+        [$host] = \explode(':', $host, 2);
+
+        foreach ($noProxyArray as $area) {
+            // Always match on wildcards.
+            if ($area === '*') {
+                return true;
+            }
+
+            if (empty($area)) {
+                // Don't match on empty values.
+                continue;
+            }
+
+            if ($area === $host) {
+                // Exact matches.
+                return true;
+            }
+            // Special match if the area when prefixed with ".". Remove any
+            // existing leading "." and add a new leading ".".
+            $area = '.' . \ltrim($area, '.');
+            if (\substr($host, -(\strlen($area))) === $area) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Wrapper for json_decode that throws when an error occurs.
+     *
+     * @param string $json    JSON data to parse
+     * @param bool   $assoc   When true, returned objects will be converted
+     *                        into associative arrays.
+     * @param int    $depth   User specified recursion depth.
+     * @param int    $options Bitmask of JSON decode options.
+     *
+     * @return object|array|string|int|float|bool|null
+     *
+     * @throws InvalidArgumentException if the JSON cannot be decoded.
+     *
+     * @link https://www.php.net/manual/en/function.json-decode.php
+     */
+    public static function jsonDecode(string $json, bool $assoc = false, int $depth = 512, int $options = 0)
+    {
+        $data = \json_decode($json, $assoc, $depth, $options);
+        if (\JSON_ERROR_NONE !== \json_last_error()) {
+            throw new InvalidArgumentException('json_decode error: ' . \json_last_error_msg());
+        }
+
+        return $data;
+    }
+
+    /**
+     * Wrapper for JSON encoding that throws when an error occurs.
+     *
+     * @param mixed $value   The value being encoded
+     * @param int   $options JSON encode option bitmask
+     * @param int   $depth   Set the maximum depth. Must be greater than zero.
+     *
+     * @throws InvalidArgumentException if the JSON cannot be encoded.
+     *
+     * @link https://www.php.net/manual/en/function.json-encode.php
+     */
+    public static function jsonEncode($value, int $options = 0, int $depth = 512): string
+    {
+        $json = \json_encode($value, $options, $depth);
+        if (\JSON_ERROR_NONE !== \json_last_error()) {
+            throw new InvalidArgumentException('json_encode error: ' . \json_last_error_msg());
+        }
+
+        /** @var string */
+        return $json;
+    }
+
+    /**
+     * Wrapper for the hrtime() or microtime() functions
+     * (depending on the PHP version, one of the two is used)
+     *
+     * @return float UNIX timestamp
+     *
+     * @internal
+     */
+    public static function currentTime(): float
+    {
+        return (float) \function_exists('hrtime') ? \hrtime(true) / 1e9 : \microtime(true);
+    }
+
+    /**
+     * @throws InvalidArgumentException
+     *
+     * @internal
+     */
+    public static function idnUriConvert(UriInterface $uri, int $options = 0): UriInterface
+    {
+        if ($uri->getHost()) {
+            $asciiHost = self::idnToAsci($uri->getHost(), $options, $info);
+            if ($asciiHost === false) {
+                $errorBitSet = $info['errors'] ?? 0;
+
+                $errorConstants = array_filter(array_keys(get_defined_constants()), static function (string $name): bool {
+                    return substr($name, 0, 11) === 'IDNA_ERROR_';
+                });
+
+                $errors = [];
+                foreach ($errorConstants as $errorConstant) {
+                    if ($errorBitSet & constant($errorConstant)) {
+                        $errors[] = $errorConstant;
+                    }
+                }
+
+                $errorMessage = 'IDN conversion failed';
+                if ($errors) {
+                    $errorMessage .= ' (errors: ' . implode(', ', $errors) . ')';
+                }
+
+                throw new InvalidArgumentException($errorMessage);
+            }
+            if ($uri->getHost() !== $asciiHost) {
+                // Replace URI only if the ASCII version is different
+                $uri = $uri->withHost($asciiHost);
+            }
+        }
+
+        return $uri;
+    }
+
+    /**
+     * @internal
+     */
+    public static function getenv(string $name): ?string
+    {
+        if (isset($_SERVER[$name])) {
+            return (string) $_SERVER[$name];
+        }
+
+        if (\PHP_SAPI === 'cli' && ($value = \getenv($name)) !== false && $value !== null) {
+            return (string) $value;
+        }
+
+        return null;
+    }
+
+    /**
+     * @return string|false
+     */
+    private static function idnToAsci(string $domain, int $options, ?array &$info = [])
+    {
+        if (\function_exists('idn_to_ascii') && \defined('INTL_IDNA_VARIANT_UTS46')) {
+            return \idn_to_ascii($domain, $options, \INTL_IDNA_VARIANT_UTS46, $info);
+        }
+
+        throw new \Error('ext-idn or symfony/polyfill-intl-idn not loaded or too old');
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/functions.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/functions.php
new file mode 100644
index 000000000..a70d2cbf3
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/functions.php
@@ -0,0 +1,167 @@
+<?php
+
+namespace GuzzleHttp;
+
+/**
+ * Debug function used to describe the provided value type and class.
+ *
+ * @param mixed $input Any type of variable to describe the type of. This
+ *                     parameter misses a typehint because of that.
+ *
+ * @return string Returns a string containing the type of the variable and
+ *                if a class is provided, the class name.
+ *
+ * @deprecated describe_type will be removed in guzzlehttp/guzzle:8.0. Use Utils::describeType instead.
+ */
+function describe_type($input): string
+{
+    return Utils::describeType($input);
+}
+
+/**
+ * Parses an array of header lines into an associative array of headers.
+ *
+ * @param iterable $lines Header lines array of strings in the following
+ *                        format: "Name: Value"
+ *
+ * @deprecated headers_from_lines will be removed in guzzlehttp/guzzle:8.0. Use Utils::headersFromLines instead.
+ */
+function headers_from_lines(iterable $lines): array
+{
+    return Utils::headersFromLines($lines);
+}
+
+/**
+ * Returns a debug stream based on the provided variable.
+ *
+ * @param mixed $value Optional value
+ *
+ * @return resource
+ *
+ * @deprecated debug_resource will be removed in guzzlehttp/guzzle:8.0. Use Utils::debugResource instead.
+ */
+function debug_resource($value = null)
+{
+    return Utils::debugResource($value);
+}
+
+/**
+ * Chooses and creates a default handler to use based on the environment.
+ *
+ * The returned handler is not wrapped by any default middlewares.
+ *
+ * @throws \RuntimeException if no viable Handler is available.
+ *
+ * @return callable(\Psr\Http\Message\RequestInterface, array): \GuzzleHttp\Promise\PromiseInterface Returns the best handler for the given system.
+ *
+ * @deprecated choose_handler will be removed in guzzlehttp/guzzle:8.0. Use Utils::chooseHandler instead.
+ */
+function choose_handler(): callable
+{
+    return Utils::chooseHandler();
+}
+
+/**
+ * Get the default User-Agent string to use with Guzzle.
+ *
+ * @deprecated default_user_agent will be removed in guzzlehttp/guzzle:8.0. Use Utils::defaultUserAgent instead.
+ */
+function default_user_agent(): string
+{
+    return Utils::defaultUserAgent();
+}
+
+/**
+ * Returns the default cacert bundle for the current system.
+ *
+ * First, the openssl.cafile and curl.cainfo php.ini settings are checked.
+ * If those settings are not configured, then the common locations for
+ * bundles found on Red Hat, CentOS, Fedora, Ubuntu, Debian, FreeBSD, OS X
+ * and Windows are checked. If any of these file locations are found on
+ * disk, they will be utilized.
+ *
+ * Note: the result of this function is cached for subsequent calls.
+ *
+ * @throws \RuntimeException if no bundle can be found.
+ *
+ * @deprecated default_ca_bundle will be removed in guzzlehttp/guzzle:8.0. This function is not needed in PHP 5.6+.
+ */
+function default_ca_bundle(): string
+{
+    return Utils::defaultCaBundle();
+}
+
+/**
+ * Creates an associative array of lowercase header names to the actual
+ * header casing.
+ *
+ * @deprecated normalize_header_keys will be removed in guzzlehttp/guzzle:8.0. Use Utils::normalizeHeaderKeys instead.
+ */
+function normalize_header_keys(array $headers): array
+{
+    return Utils::normalizeHeaderKeys($headers);
+}
+
+/**
+ * Returns true if the provided host matches any of the no proxy areas.
+ *
+ * This method will strip a port from the host if it is present. Each pattern
+ * can be matched with an exact match (e.g., "foo.com" == "foo.com") or a
+ * partial match: (e.g., "foo.com" == "baz.foo.com" and ".foo.com" ==
+ * "baz.foo.com", but ".foo.com" != "foo.com").
+ *
+ * Areas are matched in the following cases:
+ * 1. "*" (without quotes) always matches any hosts.
+ * 2. An exact match.
+ * 3. The area starts with "." and the area is the last part of the host. e.g.
+ *    '.mit.edu' will match any host that ends with '.mit.edu'.
+ *
+ * @param string   $host         Host to check against the patterns.
+ * @param string[] $noProxyArray An array of host patterns.
+ *
+ * @throws Exception\InvalidArgumentException
+ *
+ * @deprecated is_host_in_noproxy will be removed in guzzlehttp/guzzle:8.0. Use Utils::isHostInNoProxy instead.
+ */
+function is_host_in_noproxy(string $host, array $noProxyArray): bool
+{
+    return Utils::isHostInNoProxy($host, $noProxyArray);
+}
+
+/**
+ * Wrapper for json_decode that throws when an error occurs.
+ *
+ * @param string $json    JSON data to parse
+ * @param bool   $assoc   When true, returned objects will be converted
+ *                        into associative arrays.
+ * @param int    $depth   User specified recursion depth.
+ * @param int    $options Bitmask of JSON decode options.
+ *
+ * @return object|array|string|int|float|bool|null
+ *
+ * @throws Exception\InvalidArgumentException if the JSON cannot be decoded.
+ *
+ * @link https://www.php.net/manual/en/function.json-decode.php
+ * @deprecated json_decode will be removed in guzzlehttp/guzzle:8.0. Use Utils::jsonDecode instead.
+ */
+function json_decode(string $json, bool $assoc = false, int $depth = 512, int $options = 0)
+{
+    return Utils::jsonDecode($json, $assoc, $depth, $options);
+}
+
+/**
+ * Wrapper for JSON encoding that throws when an error occurs.
+ *
+ * @param mixed $value   The value being encoded
+ * @param int   $options JSON encode option bitmask
+ * @param int   $depth   Set the maximum depth. Must be greater than zero.
+ *
+ * @throws Exception\InvalidArgumentException if the JSON cannot be encoded.
+ *
+ * @link https://www.php.net/manual/en/function.json-encode.php
+ * @deprecated json_encode will be removed in guzzlehttp/guzzle:8.0. Use Utils::jsonEncode instead.
+ */
+function json_encode($value, int $options = 0, int $depth = 512): string
+{
+    return Utils::jsonEncode($value, $options, $depth);
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/functions_include.php b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/functions_include.php
new file mode 100644
index 000000000..6636a4224
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/guzzle/src/functions_include.php
@@ -0,0 +1,6 @@
+<?php
+
+// Don't redefine the functions if included multiple times.
+if (!\function_exists('GuzzleHttp\describe_type')) {
+    require __DIR__ . '/functions.php';
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/promises/CHANGELOG.md b/data/web/inc/lib/vendor/guzzlehttp/promises/CHANGELOG.md
new file mode 100644
index 000000000..253282eb1
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/promises/CHANGELOG.md
@@ -0,0 +1,110 @@
+# CHANGELOG
+
+## 1.5.2 - 2022-08-07
+
+### Changed
+
+- Officially support PHP 8.2
+
+## 1.5.1 - 2021-10-22
+
+### Fixed
+
+- Revert "Call handler when waiting on fulfilled/rejected Promise"
+- Fix pool memory leak when empty array of promises provided
+
+## 1.5.0 - 2021-10-07
+
+### Changed
+
+- Call handler when waiting on fulfilled/rejected Promise
+- Officially support PHP 8.1
+
+### Fixed
+
+- Fix manually settle promises generated with `Utils::task`
+
+## 1.4.1 - 2021-02-18
+
+### Fixed
+
+- Fixed `each_limit` skipping promises and failing
+
+## 1.4.0 - 2020-09-30
+
+### Added
+
+- Support for PHP 8
+- Optional `$recursive` flag to `all`
+- Replaced functions by static methods
+
+### Fixed
+
+- Fix empty `each` processing
+- Fix promise handling for Iterators of non-unique keys
+- Fixed `method_exists` crashes on PHP 8
+- Memory leak on exceptions
+
+
+## 1.3.1 - 2016-12-20
+
+### Fixed
+
+- `wait()` foreign promise compatibility
+
+
+## 1.3.0 - 2016-11-18
+
+### Added
+
+- Adds support for custom task queues.
+
+### Fixed
+
+- Fixed coroutine promise memory leak.
+
+
+## 1.2.0 - 2016-05-18
+
+### Changed
+
+- Update to now catch `\Throwable` on PHP 7+
+
+
+## 1.1.0 - 2016-03-07
+
+### Changed
+
+- Update EachPromise to prevent recurring on a iterator when advancing, as this
+  could trigger fatal generator errors.
+- Update Promise to allow recursive waiting without unwrapping exceptions.
+
+
+## 1.0.3 - 2015-10-15
+
+### Changed
+
+- Update EachPromise to immediately resolve when the underlying promise iterator
+  is empty. Previously, such a promise would throw an exception when its `wait`
+  function was called.
+
+
+## 1.0.2 - 2015-05-15
+
+### Changed
+
+- Conditionally require functions.php.
+
+
+## 1.0.1 - 2015-06-24
+
+### Changed
+
+- Updating EachPromise to call next on the underlying promise iterator as late
+  as possible to ensure that generators that generate new requests based on
+  callbacks are not iterated until after callbacks are invoked.
+
+
+## 1.0.0 - 2015-05-12
+
+- Initial release
diff --git a/data/web/inc/lib/vendor/guzzlehttp/promises/LICENSE b/data/web/inc/lib/vendor/guzzlehttp/promises/LICENSE
new file mode 100644
index 000000000..9f0f943be
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/promises/LICENSE
@@ -0,0 +1,24 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Michael Dowling <mtdowling@gmail.com>
+Copyright (c) 2015 Graham Campbell <hello@gjcampbell.co.uk>
+Copyright (c) 2017 Tobias Schultze <webmaster@tubo-world.de>
+Copyright (c) 2020 Tobias Nyholm <tobias.nyholm@gmail.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/data/web/inc/lib/vendor/guzzlehttp/promises/README.md b/data/web/inc/lib/vendor/guzzlehttp/promises/README.md
new file mode 100644
index 000000000..1ea667ab9
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/promises/README.md
@@ -0,0 +1,546 @@
+# Guzzle Promises
+
+[Promises/A+](https://promisesaplus.com/) implementation that handles promise
+chaining and resolution iteratively, allowing for "infinite" promise chaining
+while keeping the stack size constant. Read [this blog post](https://blog.domenic.me/youre-missing-the-point-of-promises/)
+for a general introduction to promises.
+
+- [Features](#features)
+- [Quick start](#quick-start)
+- [Synchronous wait](#synchronous-wait)
+- [Cancellation](#cancellation)
+- [API](#api)
+  - [Promise](#promise)
+  - [FulfilledPromise](#fulfilledpromise)
+  - [RejectedPromise](#rejectedpromise)
+- [Promise interop](#promise-interop)
+- [Implementation notes](#implementation-notes)
+
+
+## Features
+
+- [Promises/A+](https://promisesaplus.com/) implementation.
+- Promise resolution and chaining is handled iteratively, allowing for
+  "infinite" promise chaining.
+- Promises have a synchronous `wait` method.
+- Promises can be cancelled.
+- Works with any object that has a `then` function.
+- C# style async/await coroutine promises using
+  `GuzzleHttp\Promise\Coroutine::of()`.
+
+
+## Quick Start
+
+A *promise* represents the eventual result of an asynchronous operation. The
+primary way of interacting with a promise is through its `then` method, which
+registers callbacks to receive either a promise's eventual value or the reason
+why the promise cannot be fulfilled.
+
+### Callbacks
+
+Callbacks are registered with the `then` method by providing an optional 
+`$onFulfilled` followed by an optional `$onRejected` function.
+
+
+```php
+use GuzzleHttp\Promise\Promise;
+
+$promise = new Promise();
+$promise->then(
+    // $onFulfilled
+    function ($value) {
+        echo 'The promise was fulfilled.';
+    },
+    // $onRejected
+    function ($reason) {
+        echo 'The promise was rejected.';
+    }
+);
+```
+
+*Resolving* a promise means that you either fulfill a promise with a *value* or
+reject a promise with a *reason*. Resolving a promise triggers callbacks
+registered with the promise's `then` method. These callbacks are triggered
+only once and in the order in which they were added.
+
+### Resolving a Promise
+
+Promises are fulfilled using the `resolve($value)` method. Resolving a promise
+with any value other than a `GuzzleHttp\Promise\RejectedPromise` will trigger
+all of the onFulfilled callbacks (resolving a promise with a rejected promise
+will reject the promise and trigger the `$onRejected` callbacks).
+
+```php
+use GuzzleHttp\Promise\Promise;
+
+$promise = new Promise();
+$promise
+    ->then(function ($value) {
+        // Return a value and don't break the chain
+        return "Hello, " . $value;
+    })
+    // This then is executed after the first then and receives the value
+    // returned from the first then.
+    ->then(function ($value) {
+        echo $value;
+    });
+
+// Resolving the promise triggers the $onFulfilled callbacks and outputs
+// "Hello, reader."
+$promise->resolve('reader.');
+```
+
+### Promise Forwarding
+
+Promises can be chained one after the other. Each then in the chain is a new
+promise. The return value of a promise is what's forwarded to the next
+promise in the chain. Returning a promise in a `then` callback will cause the
+subsequent promises in the chain to only be fulfilled when the returned promise
+has been fulfilled. The next promise in the chain will be invoked with the
+resolved value of the promise.
+
+```php
+use GuzzleHttp\Promise\Promise;
+
+$promise = new Promise();
+$nextPromise = new Promise();
+
+$promise
+    ->then(function ($value) use ($nextPromise) {
+        echo $value;
+        return $nextPromise;
+    })
+    ->then(function ($value) {
+        echo $value;
+    });
+
+// Triggers the first callback and outputs "A"
+$promise->resolve('A');
+// Triggers the second callback and outputs "B"
+$nextPromise->resolve('B');
+```
+
+### Promise Rejection
+
+When a promise is rejected, the `$onRejected` callbacks are invoked with the
+rejection reason.
+
+```php
+use GuzzleHttp\Promise\Promise;
+
+$promise = new Promise();
+$promise->then(null, function ($reason) {
+    echo $reason;
+});
+
+$promise->reject('Error!');
+// Outputs "Error!"
+```
+
+### Rejection Forwarding
+
+If an exception is thrown in an `$onRejected` callback, subsequent
+`$onRejected` callbacks are invoked with the thrown exception as the reason.
+
+```php
+use GuzzleHttp\Promise\Promise;
+
+$promise = new Promise();
+$promise->then(null, function ($reason) {
+    throw new Exception($reason);
+})->then(null, function ($reason) {
+    assert($reason->getMessage() === 'Error!');
+});
+
+$promise->reject('Error!');
+```
+
+You can also forward a rejection down the promise chain by returning a
+`GuzzleHttp\Promise\RejectedPromise` in either an `$onFulfilled` or
+`$onRejected` callback.
+
+```php
+use GuzzleHttp\Promise\Promise;
+use GuzzleHttp\Promise\RejectedPromise;
+
+$promise = new Promise();
+$promise->then(null, function ($reason) {
+    return new RejectedPromise($reason);
+})->then(null, function ($reason) {
+    assert($reason === 'Error!');
+});
+
+$promise->reject('Error!');
+```
+
+If an exception is not thrown in a `$onRejected` callback and the callback
+does not return a rejected promise, downstream `$onFulfilled` callbacks are
+invoked using the value returned from the `$onRejected` callback.
+
+```php
+use GuzzleHttp\Promise\Promise;
+
+$promise = new Promise();
+$promise
+    ->then(null, function ($reason) {
+        return "It's ok";
+    })
+    ->then(function ($value) {
+        assert($value === "It's ok");
+    });
+
+$promise->reject('Error!');
+```
+
+
+## Synchronous Wait
+
+You can synchronously force promises to complete using a promise's `wait`
+method. When creating a promise, you can provide a wait function that is used
+to synchronously force a promise to complete. When a wait function is invoked
+it is expected to deliver a value to the promise or reject the promise. If the
+wait function does not deliver a value, then an exception is thrown. The wait
+function provided to a promise constructor is invoked when the `wait` function
+of the promise is called.
+
+```php
+$promise = new Promise(function () use (&$promise) {
+    $promise->resolve('foo');
+});
+
+// Calling wait will return the value of the promise.
+echo $promise->wait(); // outputs "foo"
+```
+
+If an exception is encountered while invoking the wait function of a promise,
+the promise is rejected with the exception and the exception is thrown.
+
+```php
+$promise = new Promise(function () use (&$promise) {
+    throw new Exception('foo');
+});
+
+$promise->wait(); // throws the exception.
+```
+
+Calling `wait` on a promise that has been fulfilled will not trigger the wait
+function. It will simply return the previously resolved value.
+
+```php
+$promise = new Promise(function () { die('this is not called!'); });
+$promise->resolve('foo');
+echo $promise->wait(); // outputs "foo"
+```
+
+Calling `wait` on a promise that has been rejected will throw an exception. If
+the rejection reason is an instance of `\Exception` the reason is thrown.
+Otherwise, a `GuzzleHttp\Promise\RejectionException` is thrown and the reason
+can be obtained by calling the `getReason` method of the exception.
+
+```php
+$promise = new Promise();
+$promise->reject('foo');
+$promise->wait();
+```
+
+> PHP Fatal error:  Uncaught exception 'GuzzleHttp\Promise\RejectionException' with message 'The promise was rejected with value: foo'
+
+### Unwrapping a Promise
+
+When synchronously waiting on a promise, you are joining the state of the
+promise into the current state of execution (i.e., return the value of the
+promise if it was fulfilled or throw an exception if it was rejected). This is
+called "unwrapping" the promise. Waiting on a promise will by default unwrap
+the promise state.
+
+You can force a promise to resolve and *not* unwrap the state of the promise
+by passing `false` to the first argument of the `wait` function:
+
+```php
+$promise = new Promise();
+$promise->reject('foo');
+// This will not throw an exception. It simply ensures the promise has
+// been resolved.
+$promise->wait(false);
+```
+
+When unwrapping a promise, the resolved value of the promise will be waited
+upon until the unwrapped value is not a promise. This means that if you resolve
+promise A with a promise B and unwrap promise A, the value returned by the
+wait function will be the value delivered to promise B.
+
+**Note**: when you do not unwrap the promise, no value is returned.
+
+
+## Cancellation
+
+You can cancel a promise that has not yet been fulfilled using the `cancel()`
+method of a promise. When creating a promise you can provide an optional
+cancel function that when invoked cancels the action of computing a resolution
+of the promise.
+
+
+## API
+
+### Promise
+
+When creating a promise object, you can provide an optional `$waitFn` and
+`$cancelFn`. `$waitFn` is a function that is invoked with no arguments and is
+expected to resolve the promise. `$cancelFn` is a function with no arguments
+that is expected to cancel the computation of a promise. It is invoked when the
+`cancel()` method of a promise is called.
+
+```php
+use GuzzleHttp\Promise\Promise;
+
+$promise = new Promise(
+    function () use (&$promise) {
+        $promise->resolve('waited');
+    },
+    function () {
+        // do something that will cancel the promise computation (e.g., close
+        // a socket, cancel a database query, etc...)
+    }
+);
+
+assert('waited' === $promise->wait());
+```
+
+A promise has the following methods:
+
+- `then(callable $onFulfilled, callable $onRejected) : PromiseInterface`
+  
+  Appends fulfillment and rejection handlers to the promise, and returns a new promise resolving to the return value of the called handler.
+
+- `otherwise(callable $onRejected) : PromiseInterface`
+  
+  Appends a rejection handler callback to the promise, and returns a new promise resolving to the return value of the callback if it is called, or to its original fulfillment value if the promise is instead fulfilled.
+
+- `wait($unwrap = true) : mixed`
+
+  Synchronously waits on the promise to complete.
+  
+  `$unwrap` controls whether or not the value of the promise is returned for a
+  fulfilled promise or if an exception is thrown if the promise is rejected.
+  This is set to `true` by default.
+
+- `cancel()`
+
+  Attempts to cancel the promise if possible. The promise being cancelled and
+  the parent most ancestor that has not yet been resolved will also be
+  cancelled. Any promises waiting on the cancelled promise to resolve will also
+  be cancelled.
+
+- `getState() : string`
+
+  Returns the state of the promise. One of `pending`, `fulfilled`, or
+  `rejected`.
+
+- `resolve($value)`
+
+  Fulfills the promise with the given `$value`.
+
+- `reject($reason)`
+
+  Rejects the promise with the given `$reason`.
+
+
+### FulfilledPromise
+
+A fulfilled promise can be created to represent a promise that has been
+fulfilled.
+
+```php
+use GuzzleHttp\Promise\FulfilledPromise;
+
+$promise = new FulfilledPromise('value');
+
+// Fulfilled callbacks are immediately invoked.
+$promise->then(function ($value) {
+    echo $value;
+});
+```
+
+
+### RejectedPromise
+
+A rejected promise can be created to represent a promise that has been
+rejected.
+
+```php
+use GuzzleHttp\Promise\RejectedPromise;
+
+$promise = new RejectedPromise('Error');
+
+// Rejected callbacks are immediately invoked.
+$promise->then(null, function ($reason) {
+    echo $reason;
+});
+```
+
+
+## Promise Interoperability
+
+This library works with foreign promises that have a `then` method. This means
+you can use Guzzle promises with [React promises](https://github.com/reactphp/promise)
+for example. When a foreign promise is returned inside of a then method
+callback, promise resolution will occur recursively.
+
+```php
+// Create a React promise
+$deferred = new React\Promise\Deferred();
+$reactPromise = $deferred->promise();
+
+// Create a Guzzle promise that is fulfilled with a React promise.
+$guzzlePromise = new GuzzleHttp\Promise\Promise();
+$guzzlePromise->then(function ($value) use ($reactPromise) {
+    // Do something something with the value...
+    // Return the React promise
+    return $reactPromise;
+});
+```
+
+Please note that wait and cancel chaining is no longer possible when forwarding
+a foreign promise. You will need to wrap a third-party promise with a Guzzle
+promise in order to utilize wait and cancel functions with foreign promises.
+
+
+### Event Loop Integration
+
+In order to keep the stack size constant, Guzzle promises are resolved
+asynchronously using a task queue. When waiting on promises synchronously, the
+task queue will be automatically run to ensure that the blocking promise and
+any forwarded promises are resolved. When using promises asynchronously in an
+event loop, you will need to run the task queue on each tick of the loop. If
+you do not run the task queue, then promises will not be resolved.
+
+You can run the task queue using the `run()` method of the global task queue
+instance.
+
+```php
+// Get the global task queue
+$queue = GuzzleHttp\Promise\Utils::queue();
+$queue->run();
+```
+
+For example, you could use Guzzle promises with React using a periodic timer:
+
+```php
+$loop = React\EventLoop\Factory::create();
+$loop->addPeriodicTimer(0, [$queue, 'run']);
+```
+
+*TODO*: Perhaps adding a `futureTick()` on each tick would be faster?
+
+
+## Implementation Notes
+
+### Promise Resolution and Chaining is Handled Iteratively
+
+By shuffling pending handlers from one owner to another, promises are
+resolved iteratively, allowing for "infinite" then chaining.
+
+```php
+<?php
+require 'vendor/autoload.php';
+
+use GuzzleHttp\Promise\Promise;
+
+$parent = new Promise();
+$p = $parent;
+
+for ($i = 0; $i < 1000; $i++) {
+    $p = $p->then(function ($v) {
+        // The stack size remains constant (a good thing)
+        echo xdebug_get_stack_depth() . ', ';
+        return $v + 1;
+    });
+}
+
+$parent->resolve(0);
+var_dump($p->wait()); // int(1000)
+
+```
+
+When a promise is fulfilled or rejected with a non-promise value, the promise
+then takes ownership of the handlers of each child promise and delivers values
+down the chain without using recursion.
+
+When a promise is resolved with another promise, the original promise transfers
+all of its pending handlers to the new promise. When the new promise is
+eventually resolved, all of the pending handlers are delivered the forwarded
+value.
+
+### A Promise is the Deferred
+
+Some promise libraries implement promises using a deferred object to represent
+a computation and a promise object to represent the delivery of the result of
+the computation. This is a nice separation of computation and delivery because
+consumers of the promise cannot modify the value that will be eventually
+delivered.
+
+One side effect of being able to implement promise resolution and chaining
+iteratively is that you need to be able for one promise to reach into the state
+of another promise to shuffle around ownership of handlers. In order to achieve
+this without making the handlers of a promise publicly mutable, a promise is
+also the deferred value, allowing promises of the same parent class to reach
+into and modify the private properties of promises of the same type. While this
+does allow consumers of the value to modify the resolution or rejection of the
+deferred, it is a small price to pay for keeping the stack size constant.
+
+```php
+$promise = new Promise();
+$promise->then(function ($value) { echo $value; });
+// The promise is the deferred value, so you can deliver a value to it.
+$promise->resolve('foo');
+// prints "foo"
+```
+
+
+## Upgrading from Function API
+
+A static API was first introduced in 1.4.0, in order to mitigate problems with
+functions conflicting between global and local copies of the package. The
+function API will be removed in 2.0.0. A migration table has been provided here
+for your convenience:
+
+| Original Function | Replacement Method |
+|----------------|----------------|
+| `queue` | `Utils::queue` |
+| `task` | `Utils::task` |
+| `promise_for` | `Create::promiseFor` |
+| `rejection_for` | `Create::rejectionFor` |
+| `exception_for` | `Create::exceptionFor` |
+| `iter_for` | `Create::iterFor` |
+| `inspect` | `Utils::inspect` |
+| `inspect_all` | `Utils::inspectAll` |
+| `unwrap` | `Utils::unwrap` |
+| `all` | `Utils::all` |
+| `some` | `Utils::some` |
+| `any` | `Utils::any` |
+| `settle` | `Utils::settle` |
+| `each` | `Each::of` |
+| `each_limit` | `Each::ofLimit` |
+| `each_limit_all` | `Each::ofLimitAll` |
+| `!is_fulfilled` | `Is::pending` |
+| `is_fulfilled` | `Is::fulfilled` |
+| `is_rejected` | `Is::rejected` |
+| `is_settled` | `Is::settled` |
+| `coroutine` | `Coroutine::of` |
+
+
+## Security
+
+If you discover a security vulnerability within this package, please send an email to security@tidelift.com. All security vulnerabilities will be promptly addressed. Please do not disclose security-related issues publicly until a fix has been announced. Please see [Security Policy](https://github.com/guzzle/promises/security/policy) for more information.
+
+
+## License
+
+Guzzle is made available under the MIT License (MIT). Please see [License File](LICENSE) for more information.
+
+
+## For Enterprise
+
+Available as part of the Tidelift Subscription
+
+The maintainers of Guzzle and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. [Learn more.](https://tidelift.com/subscription/pkg/packagist-guzzlehttp-promises?utm_source=packagist-guzzlehttp-promises&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
diff --git a/data/web/inc/lib/vendor/guzzlehttp/promises/composer.json b/data/web/inc/lib/vendor/guzzlehttp/promises/composer.json
new file mode 100644
index 000000000..c959fb32b
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/promises/composer.json
@@ -0,0 +1,58 @@
+{
+    "name": "guzzlehttp/promises",
+    "description": "Guzzle promises library",
+    "keywords": ["promise"],
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Graham Campbell",
+            "email": "hello@gjcampbell.co.uk",
+            "homepage": "https://github.com/GrahamCampbell"
+        },
+        {
+            "name": "Michael Dowling",
+            "email": "mtdowling@gmail.com",
+            "homepage": "https://github.com/mtdowling"
+        },
+        {
+            "name": "Tobias Nyholm",
+            "email": "tobias.nyholm@gmail.com",
+            "homepage": "https://github.com/Nyholm"
+        },
+        {
+            "name": "Tobias Schultze",
+            "email": "webmaster@tubo-world.de",
+            "homepage": "https://github.com/Tobion"
+        }
+    ],
+    "require": {
+        "php": ">=5.5"
+    },
+    "require-dev": {
+        "symfony/phpunit-bridge": "^4.4 || ^5.1"
+    },
+    "autoload": {
+        "psr-4": {
+            "GuzzleHttp\\Promise\\": "src/"
+        },
+        "files": ["src/functions_include.php"]
+    },
+    "autoload-dev": {
+        "psr-4": {
+            "GuzzleHttp\\Promise\\Tests\\": "tests/"
+        }
+    },
+    "scripts": {
+        "test": "vendor/bin/simple-phpunit",
+        "test-ci": "vendor/bin/simple-phpunit --coverage-text"
+    },
+    "extra": {
+        "branch-alias": {
+            "dev-master": "1.5-dev"
+        }
+    },
+    "config": {
+        "preferred-install": "dist",
+        "sort-packages": true
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/promises/src/AggregateException.php b/data/web/inc/lib/vendor/guzzlehttp/promises/src/AggregateException.php
new file mode 100644
index 000000000..d2b5712b9
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/promises/src/AggregateException.php
@@ -0,0 +1,17 @@
+<?php
+
+namespace GuzzleHttp\Promise;
+
+/**
+ * Exception thrown when too many errors occur in the some() or any() methods.
+ */
+class AggregateException extends RejectionException
+{
+    public function __construct($msg, array $reasons)
+    {
+        parent::__construct(
+            $reasons,
+            sprintf('%s; %d rejected promises', $msg, count($reasons))
+        );
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/promises/src/CancellationException.php b/data/web/inc/lib/vendor/guzzlehttp/promises/src/CancellationException.php
new file mode 100644
index 000000000..56a1ed65b
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/promises/src/CancellationException.php
@@ -0,0 +1,10 @@
+<?php
+
+namespace GuzzleHttp\Promise;
+
+/**
+ * Exception that is set as the reason for a promise that has been cancelled.
+ */
+class CancellationException extends RejectionException
+{
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/promises/src/Coroutine.php b/data/web/inc/lib/vendor/guzzlehttp/promises/src/Coroutine.php
new file mode 100644
index 000000000..670da4773
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/promises/src/Coroutine.php
@@ -0,0 +1,169 @@
+<?php
+
+namespace GuzzleHttp\Promise;
+
+use Exception;
+use Generator;
+use Throwable;
+
+/**
+ * Creates a promise that is resolved using a generator that yields values or
+ * promises (somewhat similar to C#'s async keyword).
+ *
+ * When called, the Coroutine::of method will start an instance of the generator
+ * and returns a promise that is fulfilled with its final yielded value.
+ *
+ * Control is returned back to the generator when the yielded promise settles.
+ * This can lead to less verbose code when doing lots of sequential async calls
+ * with minimal processing in between.
+ *
+ *     use GuzzleHttp\Promise;
+ *
+ *     function createPromise($value) {
+ *         return new Promise\FulfilledPromise($value);
+ *     }
+ *
+ *     $promise = Promise\Coroutine::of(function () {
+ *         $value = (yield createPromise('a'));
+ *         try {
+ *             $value = (yield createPromise($value . 'b'));
+ *         } catch (\Exception $e) {
+ *             // The promise was rejected.
+ *         }
+ *         yield $value . 'c';
+ *     });
+ *
+ *     // Outputs "abc"
+ *     $promise->then(function ($v) { echo $v; });
+ *
+ * @param callable $generatorFn Generator function to wrap into a promise.
+ *
+ * @return Promise
+ *
+ * @link https://github.com/petkaantonov/bluebird/blob/master/API.md#generators inspiration
+ */
+final class Coroutine implements PromiseInterface
+{
+    /**
+     * @var PromiseInterface|null
+     */
+    private $currentPromise;
+
+    /**
+     * @var Generator
+     */
+    private $generator;
+
+    /**
+     * @var Promise
+     */
+    private $result;
+
+    public function __construct(callable $generatorFn)
+    {
+        $this->generator = $generatorFn();
+        $this->result = new Promise(function () {
+            while (isset($this->currentPromise)) {
+                $this->currentPromise->wait();
+            }
+        });
+        try {
+            $this->nextCoroutine($this->generator->current());
+        } catch (\Exception $exception) {
+            $this->result->reject($exception);
+        } catch (Throwable $throwable) {
+            $this->result->reject($throwable);
+        }
+    }
+
+    /**
+     * Create a new coroutine.
+     *
+     * @return self
+     */
+    public static function of(callable $generatorFn)
+    {
+        return new self($generatorFn);
+    }
+
+    public function then(
+        callable $onFulfilled = null,
+        callable $onRejected = null
+    ) {
+        return $this->result->then($onFulfilled, $onRejected);
+    }
+
+    public function otherwise(callable $onRejected)
+    {
+        return $this->result->otherwise($onRejected);
+    }
+
+    public function wait($unwrap = true)
+    {
+        return $this->result->wait($unwrap);
+    }
+
+    public function getState()
+    {
+        return $this->result->getState();
+    }
+
+    public function resolve($value)
+    {
+        $this->result->resolve($value);
+    }
+
+    public function reject($reason)
+    {
+        $this->result->reject($reason);
+    }
+
+    public function cancel()
+    {
+        $this->currentPromise->cancel();
+        $this->result->cancel();
+    }
+
+    private function nextCoroutine($yielded)
+    {
+        $this->currentPromise = Create::promiseFor($yielded)
+            ->then([$this, '_handleSuccess'], [$this, '_handleFailure']);
+    }
+
+    /**
+     * @internal
+     */
+    public function _handleSuccess($value)
+    {
+        unset($this->currentPromise);
+        try {
+            $next = $this->generator->send($value);
+            if ($this->generator->valid()) {
+                $this->nextCoroutine($next);
+            } else {
+                $this->result->resolve($value);
+            }
+        } catch (Exception $exception) {
+            $this->result->reject($exception);
+        } catch (Throwable $throwable) {
+            $this->result->reject($throwable);
+        }
+    }
+
+    /**
+     * @internal
+     */
+    public function _handleFailure($reason)
+    {
+        unset($this->currentPromise);
+        try {
+            $nextYield = $this->generator->throw(Create::exceptionFor($reason));
+            // The throw was caught, so keep iterating on the coroutine
+            $this->nextCoroutine($nextYield);
+        } catch (Exception $exception) {
+            $this->result->reject($exception);
+        } catch (Throwable $throwable) {
+            $this->result->reject($throwable);
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/promises/src/Create.php b/data/web/inc/lib/vendor/guzzlehttp/promises/src/Create.php
new file mode 100644
index 000000000..8d038e9c1
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/promises/src/Create.php
@@ -0,0 +1,84 @@
+<?php
+
+namespace GuzzleHttp\Promise;
+
+final class Create
+{
+    /**
+     * Creates a promise for a value if the value is not a promise.
+     *
+     * @param mixed $value Promise or value.
+     *
+     * @return PromiseInterface
+     */
+    public static function promiseFor($value)
+    {
+        if ($value instanceof PromiseInterface) {
+            return $value;
+        }
+
+        // Return a Guzzle promise that shadows the given promise.
+        if (is_object($value) && method_exists($value, 'then')) {
+            $wfn = method_exists($value, 'wait') ? [$value, 'wait'] : null;
+            $cfn = method_exists($value, 'cancel') ? [$value, 'cancel'] : null;
+            $promise = new Promise($wfn, $cfn);
+            $value->then([$promise, 'resolve'], [$promise, 'reject']);
+            return $promise;
+        }
+
+        return new FulfilledPromise($value);
+    }
+
+    /**
+     * Creates a rejected promise for a reason if the reason is not a promise.
+     * If the provided reason is a promise, then it is returned as-is.
+     *
+     * @param mixed $reason Promise or reason.
+     *
+     * @return PromiseInterface
+     */
+    public static function rejectionFor($reason)
+    {
+        if ($reason instanceof PromiseInterface) {
+            return $reason;
+        }
+
+        return new RejectedPromise($reason);
+    }
+
+    /**
+     * Create an exception for a rejected promise value.
+     *
+     * @param mixed $reason
+     *
+     * @return \Exception|\Throwable
+     */
+    public static function exceptionFor($reason)
+    {
+        if ($reason instanceof \Exception || $reason instanceof \Throwable) {
+            return $reason;
+        }
+
+        return new RejectionException($reason);
+    }
+
+    /**
+     * Returns an iterator for the given value.
+     *
+     * @param mixed $value
+     *
+     * @return \Iterator
+     */
+    public static function iterFor($value)
+    {
+        if ($value instanceof \Iterator) {
+            return $value;
+        }
+
+        if (is_array($value)) {
+            return new \ArrayIterator($value);
+        }
+
+        return new \ArrayIterator([$value]);
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/promises/src/Each.php b/data/web/inc/lib/vendor/guzzlehttp/promises/src/Each.php
new file mode 100644
index 000000000..1dda35499
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/promises/src/Each.php
@@ -0,0 +1,90 @@
+<?php
+
+namespace GuzzleHttp\Promise;
+
+final class Each
+{
+    /**
+     * Given an iterator that yields promises or values, returns a promise that
+     * is fulfilled with a null value when the iterator has been consumed or
+     * the aggregate promise has been fulfilled or rejected.
+     *
+     * $onFulfilled is a function that accepts the fulfilled value, iterator
+     * index, and the aggregate promise. The callback can invoke any necessary
+     * side effects and choose to resolve or reject the aggregate if needed.
+     *
+     * $onRejected is a function that accepts the rejection reason, iterator
+     * index, and the aggregate promise. The callback can invoke any necessary
+     * side effects and choose to resolve or reject the aggregate if needed.
+     *
+     * @param mixed    $iterable    Iterator or array to iterate over.
+     * @param callable $onFulfilled
+     * @param callable $onRejected
+     *
+     * @return PromiseInterface
+     */
+    public static function of(
+        $iterable,
+        callable $onFulfilled = null,
+        callable $onRejected = null
+    ) {
+        return (new EachPromise($iterable, [
+            'fulfilled' => $onFulfilled,
+            'rejected'  => $onRejected
+        ]))->promise();
+    }
+
+    /**
+     * Like of, but only allows a certain number of outstanding promises at any
+     * given time.
+     *
+     * $concurrency may be an integer or a function that accepts the number of
+     * pending promises and returns a numeric concurrency limit value to allow
+     * for dynamic a concurrency size.
+     *
+     * @param mixed        $iterable
+     * @param int|callable $concurrency
+     * @param callable     $onFulfilled
+     * @param callable     $onRejected
+     *
+     * @return PromiseInterface
+     */
+    public static function ofLimit(
+        $iterable,
+        $concurrency,
+        callable $onFulfilled = null,
+        callable $onRejected = null
+    ) {
+        return (new EachPromise($iterable, [
+            'fulfilled'   => $onFulfilled,
+            'rejected'    => $onRejected,
+            'concurrency' => $concurrency
+        ]))->promise();
+    }
+
+    /**
+     * Like limit, but ensures that no promise in the given $iterable argument
+     * is rejected. If any promise is rejected, then the aggregate promise is
+     * rejected with the encountered rejection.
+     *
+     * @param mixed        $iterable
+     * @param int|callable $concurrency
+     * @param callable     $onFulfilled
+     *
+     * @return PromiseInterface
+     */
+    public static function ofLimitAll(
+        $iterable,
+        $concurrency,
+        callable $onFulfilled = null
+    ) {
+        return each_limit(
+            $iterable,
+            $concurrency,
+            $onFulfilled,
+            function ($reason, $idx, PromiseInterface $aggregate) {
+                $aggregate->reject($reason);
+            }
+        );
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/promises/src/EachPromise.php b/data/web/inc/lib/vendor/guzzlehttp/promises/src/EachPromise.php
new file mode 100644
index 000000000..280d79950
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/promises/src/EachPromise.php
@@ -0,0 +1,247 @@
+<?php
+
+namespace GuzzleHttp\Promise;
+
+/**
+ * Represents a promise that iterates over many promises and invokes
+ * side-effect functions in the process.
+ */
+class EachPromise implements PromisorInterface
+{
+    private $pending = [];
+
+    private $nextPendingIndex = 0;
+
+    /** @var \Iterator|null */
+    private $iterable;
+
+    /** @var callable|int|null */
+    private $concurrency;
+
+    /** @var callable|null */
+    private $onFulfilled;
+
+    /** @var callable|null */
+    private $onRejected;
+
+    /** @var Promise|null */
+    private $aggregate;
+
+    /** @var bool|null */
+    private $mutex;
+
+    /**
+     * Configuration hash can include the following key value pairs:
+     *
+     * - fulfilled: (callable) Invoked when a promise fulfills. The function
+     *   is invoked with three arguments: the fulfillment value, the index
+     *   position from the iterable list of the promise, and the aggregate
+     *   promise that manages all of the promises. The aggregate promise may
+     *   be resolved from within the callback to short-circuit the promise.
+     * - rejected: (callable) Invoked when a promise is rejected. The
+     *   function is invoked with three arguments: the rejection reason, the
+     *   index position from the iterable list of the promise, and the
+     *   aggregate promise that manages all of the promises. The aggregate
+     *   promise may be resolved from within the callback to short-circuit
+     *   the promise.
+     * - concurrency: (integer) Pass this configuration option to limit the
+     *   allowed number of outstanding concurrently executing promises,
+     *   creating a capped pool of promises. There is no limit by default.
+     *
+     * @param mixed $iterable Promises or values to iterate.
+     * @param array $config   Configuration options
+     */
+    public function __construct($iterable, array $config = [])
+    {
+        $this->iterable = Create::iterFor($iterable);
+
+        if (isset($config['concurrency'])) {
+            $this->concurrency = $config['concurrency'];
+        }
+
+        if (isset($config['fulfilled'])) {
+            $this->onFulfilled = $config['fulfilled'];
+        }
+
+        if (isset($config['rejected'])) {
+            $this->onRejected = $config['rejected'];
+        }
+    }
+
+    /** @psalm-suppress InvalidNullableReturnType */
+    public function promise()
+    {
+        if ($this->aggregate) {
+            return $this->aggregate;
+        }
+
+        try {
+            $this->createPromise();
+            /** @psalm-assert Promise $this->aggregate */
+            $this->iterable->rewind();
+            $this->refillPending();
+        } catch (\Throwable $e) {
+            $this->aggregate->reject($e);
+        } catch (\Exception $e) {
+            $this->aggregate->reject($e);
+        }
+
+        /**
+         * @psalm-suppress NullableReturnStatement
+         * @phpstan-ignore-next-line
+         */
+        return $this->aggregate;
+    }
+
+    private function createPromise()
+    {
+        $this->mutex = false;
+        $this->aggregate = new Promise(function () {
+            if ($this->checkIfFinished()) {
+                return;
+            }
+            reset($this->pending);
+            // Consume a potentially fluctuating list of promises while
+            // ensuring that indexes are maintained (precluding array_shift).
+            while ($promise = current($this->pending)) {
+                next($this->pending);
+                $promise->wait();
+                if (Is::settled($this->aggregate)) {
+                    return;
+                }
+            }
+        });
+
+        // Clear the references when the promise is resolved.
+        $clearFn = function () {
+            $this->iterable = $this->concurrency = $this->pending = null;
+            $this->onFulfilled = $this->onRejected = null;
+            $this->nextPendingIndex = 0;
+        };
+
+        $this->aggregate->then($clearFn, $clearFn);
+    }
+
+    private function refillPending()
+    {
+        if (!$this->concurrency) {
+            // Add all pending promises.
+            while ($this->addPending() && $this->advanceIterator());
+            return;
+        }
+
+        // Add only up to N pending promises.
+        $concurrency = is_callable($this->concurrency)
+            ? call_user_func($this->concurrency, count($this->pending))
+            : $this->concurrency;
+        $concurrency = max($concurrency - count($this->pending), 0);
+        // Concurrency may be set to 0 to disallow new promises.
+        if (!$concurrency) {
+            return;
+        }
+        // Add the first pending promise.
+        $this->addPending();
+        // Note this is special handling for concurrency=1 so that we do
+        // not advance the iterator after adding the first promise. This
+        // helps work around issues with generators that might not have the
+        // next value to yield until promise callbacks are called.
+        while (--$concurrency
+            && $this->advanceIterator()
+            && $this->addPending());
+    }
+
+    private function addPending()
+    {
+        if (!$this->iterable || !$this->iterable->valid()) {
+            return false;
+        }
+
+        $promise = Create::promiseFor($this->iterable->current());
+        $key = $this->iterable->key();
+
+        // Iterable keys may not be unique, so we use a counter to
+        // guarantee uniqueness
+        $idx = $this->nextPendingIndex++;
+
+        $this->pending[$idx] = $promise->then(
+            function ($value) use ($idx, $key) {
+                if ($this->onFulfilled) {
+                    call_user_func(
+                        $this->onFulfilled,
+                        $value,
+                        $key,
+                        $this->aggregate
+                    );
+                }
+                $this->step($idx);
+            },
+            function ($reason) use ($idx, $key) {
+                if ($this->onRejected) {
+                    call_user_func(
+                        $this->onRejected,
+                        $reason,
+                        $key,
+                        $this->aggregate
+                    );
+                }
+                $this->step($idx);
+            }
+        );
+
+        return true;
+    }
+
+    private function advanceIterator()
+    {
+        // Place a lock on the iterator so that we ensure to not recurse,
+        // preventing fatal generator errors.
+        if ($this->mutex) {
+            return false;
+        }
+
+        $this->mutex = true;
+
+        try {
+            $this->iterable->next();
+            $this->mutex = false;
+            return true;
+        } catch (\Throwable $e) {
+            $this->aggregate->reject($e);
+            $this->mutex = false;
+            return false;
+        } catch (\Exception $e) {
+            $this->aggregate->reject($e);
+            $this->mutex = false;
+            return false;
+        }
+    }
+
+    private function step($idx)
+    {
+        // If the promise was already resolved, then ignore this step.
+        if (Is::settled($this->aggregate)) {
+            return;
+        }
+
+        unset($this->pending[$idx]);
+
+        // Only refill pending promises if we are not locked, preventing the
+        // EachPromise to recursively invoke the provided iterator, which
+        // cause a fatal error: "Cannot resume an already running generator"
+        if ($this->advanceIterator() && !$this->checkIfFinished()) {
+            // Add more pending promises if possible.
+            $this->refillPending();
+        }
+    }
+
+    private function checkIfFinished()
+    {
+        if (!$this->pending && !$this->iterable->valid()) {
+            // Resolve the promise if there's nothing left to do.
+            $this->aggregate->resolve(null);
+            return true;
+        }
+
+        return false;
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/promises/src/FulfilledPromise.php b/data/web/inc/lib/vendor/guzzlehttp/promises/src/FulfilledPromise.php
new file mode 100644
index 000000000..98f72a62a
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/promises/src/FulfilledPromise.php
@@ -0,0 +1,84 @@
+<?php
+
+namespace GuzzleHttp\Promise;
+
+/**
+ * A promise that has been fulfilled.
+ *
+ * Thenning off of this promise will invoke the onFulfilled callback
+ * immediately and ignore other callbacks.
+ */
+class FulfilledPromise implements PromiseInterface
+{
+    private $value;
+
+    public function __construct($value)
+    {
+        if (is_object($value) && method_exists($value, 'then')) {
+            throw new \InvalidArgumentException(
+                'You cannot create a FulfilledPromise with a promise.'
+            );
+        }
+
+        $this->value = $value;
+    }
+
+    public function then(
+        callable $onFulfilled = null,
+        callable $onRejected = null
+    ) {
+        // Return itself if there is no onFulfilled function.
+        if (!$onFulfilled) {
+            return $this;
+        }
+
+        $queue = Utils::queue();
+        $p = new Promise([$queue, 'run']);
+        $value = $this->value;
+        $queue->add(static function () use ($p, $value, $onFulfilled) {
+            if (Is::pending($p)) {
+                try {
+                    $p->resolve($onFulfilled($value));
+                } catch (\Throwable $e) {
+                    $p->reject($e);
+                } catch (\Exception $e) {
+                    $p->reject($e);
+                }
+            }
+        });
+
+        return $p;
+    }
+
+    public function otherwise(callable $onRejected)
+    {
+        return $this->then(null, $onRejected);
+    }
+
+    public function wait($unwrap = true, $defaultDelivery = null)
+    {
+        return $unwrap ? $this->value : null;
+    }
+
+    public function getState()
+    {
+        return self::FULFILLED;
+    }
+
+    public function resolve($value)
+    {
+        if ($value !== $this->value) {
+            throw new \LogicException("Cannot resolve a fulfilled promise");
+        }
+    }
+
+    public function reject($reason)
+    {
+        throw new \LogicException("Cannot reject a fulfilled promise");
+    }
+
+    public function cancel()
+    {
+        // pass
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/promises/src/Is.php b/data/web/inc/lib/vendor/guzzlehttp/promises/src/Is.php
new file mode 100644
index 000000000..c3ed8d014
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/promises/src/Is.php
@@ -0,0 +1,46 @@
+<?php
+
+namespace GuzzleHttp\Promise;
+
+final class Is
+{
+    /**
+     * Returns true if a promise is pending.
+     *
+     * @return bool
+     */
+    public static function pending(PromiseInterface $promise)
+    {
+        return $promise->getState() === PromiseInterface::PENDING;
+    }
+
+    /**
+     * Returns true if a promise is fulfilled or rejected.
+     *
+     * @return bool
+     */
+    public static function settled(PromiseInterface $promise)
+    {
+        return $promise->getState() !== PromiseInterface::PENDING;
+    }
+
+    /**
+     * Returns true if a promise is fulfilled.
+     *
+     * @return bool
+     */
+    public static function fulfilled(PromiseInterface $promise)
+    {
+        return $promise->getState() === PromiseInterface::FULFILLED;
+    }
+
+    /**
+     * Returns true if a promise is rejected.
+     *
+     * @return bool
+     */
+    public static function rejected(PromiseInterface $promise)
+    {
+        return $promise->getState() === PromiseInterface::REJECTED;
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/promises/src/Promise.php b/data/web/inc/lib/vendor/guzzlehttp/promises/src/Promise.php
new file mode 100644
index 000000000..75939057b
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/promises/src/Promise.php
@@ -0,0 +1,278 @@
+<?php
+
+namespace GuzzleHttp\Promise;
+
+/**
+ * Promises/A+ implementation that avoids recursion when possible.
+ *
+ * @link https://promisesaplus.com/
+ */
+class Promise implements PromiseInterface
+{
+    private $state = self::PENDING;
+    private $result;
+    private $cancelFn;
+    private $waitFn;
+    private $waitList;
+    private $handlers = [];
+
+    /**
+     * @param callable $waitFn   Fn that when invoked resolves the promise.
+     * @param callable $cancelFn Fn that when invoked cancels the promise.
+     */
+    public function __construct(
+        callable $waitFn = null,
+        callable $cancelFn = null
+    ) {
+        $this->waitFn = $waitFn;
+        $this->cancelFn = $cancelFn;
+    }
+
+    public function then(
+        callable $onFulfilled = null,
+        callable $onRejected = null
+    ) {
+        if ($this->state === self::PENDING) {
+            $p = new Promise(null, [$this, 'cancel']);
+            $this->handlers[] = [$p, $onFulfilled, $onRejected];
+            $p->waitList = $this->waitList;
+            $p->waitList[] = $this;
+            return $p;
+        }
+
+        // Return a fulfilled promise and immediately invoke any callbacks.
+        if ($this->state === self::FULFILLED) {
+            $promise = Create::promiseFor($this->result);
+            return $onFulfilled ? $promise->then($onFulfilled) : $promise;
+        }
+
+        // It's either cancelled or rejected, so return a rejected promise
+        // and immediately invoke any callbacks.
+        $rejection = Create::rejectionFor($this->result);
+        return $onRejected ? $rejection->then(null, $onRejected) : $rejection;
+    }
+
+    public function otherwise(callable $onRejected)
+    {
+        return $this->then(null, $onRejected);
+    }
+
+    public function wait($unwrap = true)
+    {
+        $this->waitIfPending();
+
+        if ($this->result instanceof PromiseInterface) {
+            return $this->result->wait($unwrap);
+        }
+        if ($unwrap) {
+            if ($this->state === self::FULFILLED) {
+                return $this->result;
+            }
+            // It's rejected so "unwrap" and throw an exception.
+            throw Create::exceptionFor($this->result);
+        }
+    }
+
+    public function getState()
+    {
+        return $this->state;
+    }
+
+    public function cancel()
+    {
+        if ($this->state !== self::PENDING) {
+            return;
+        }
+
+        $this->waitFn = $this->waitList = null;
+
+        if ($this->cancelFn) {
+            $fn = $this->cancelFn;
+            $this->cancelFn = null;
+            try {
+                $fn();
+            } catch (\Throwable $e) {
+                $this->reject($e);
+            } catch (\Exception $e) {
+                $this->reject($e);
+            }
+        }
+
+        // Reject the promise only if it wasn't rejected in a then callback.
+        /** @psalm-suppress RedundantCondition */
+        if ($this->state === self::PENDING) {
+            $this->reject(new CancellationException('Promise has been cancelled'));
+        }
+    }
+
+    public function resolve($value)
+    {
+        $this->settle(self::FULFILLED, $value);
+    }
+
+    public function reject($reason)
+    {
+        $this->settle(self::REJECTED, $reason);
+    }
+
+    private function settle($state, $value)
+    {
+        if ($this->state !== self::PENDING) {
+            // Ignore calls with the same resolution.
+            if ($state === $this->state && $value === $this->result) {
+                return;
+            }
+            throw $this->state === $state
+                ? new \LogicException("The promise is already {$state}.")
+                : new \LogicException("Cannot change a {$this->state} promise to {$state}");
+        }
+
+        if ($value === $this) {
+            throw new \LogicException('Cannot fulfill or reject a promise with itself');
+        }
+
+        // Clear out the state of the promise but stash the handlers.
+        $this->state = $state;
+        $this->result = $value;
+        $handlers = $this->handlers;
+        $this->handlers = null;
+        $this->waitList = $this->waitFn = null;
+        $this->cancelFn = null;
+
+        if (!$handlers) {
+            return;
+        }
+
+        // If the value was not a settled promise or a thenable, then resolve
+        // it in the task queue using the correct ID.
+        if (!is_object($value) || !method_exists($value, 'then')) {
+            $id = $state === self::FULFILLED ? 1 : 2;
+            // It's a success, so resolve the handlers in the queue.
+            Utils::queue()->add(static function () use ($id, $value, $handlers) {
+                foreach ($handlers as $handler) {
+                    self::callHandler($id, $value, $handler);
+                }
+            });
+        } elseif ($value instanceof Promise && Is::pending($value)) {
+            // We can just merge our handlers onto the next promise.
+            $value->handlers = array_merge($value->handlers, $handlers);
+        } else {
+            // Resolve the handlers when the forwarded promise is resolved.
+            $value->then(
+                static function ($value) use ($handlers) {
+                    foreach ($handlers as $handler) {
+                        self::callHandler(1, $value, $handler);
+                    }
+                },
+                static function ($reason) use ($handlers) {
+                    foreach ($handlers as $handler) {
+                        self::callHandler(2, $reason, $handler);
+                    }
+                }
+            );
+        }
+    }
+
+    /**
+     * Call a stack of handlers using a specific callback index and value.
+     *
+     * @param int   $index   1 (resolve) or 2 (reject).
+     * @param mixed $value   Value to pass to the callback.
+     * @param array $handler Array of handler data (promise and callbacks).
+     */
+    private static function callHandler($index, $value, array $handler)
+    {
+        /** @var PromiseInterface $promise */
+        $promise = $handler[0];
+
+        // The promise may have been cancelled or resolved before placing
+        // this thunk in the queue.
+        if (Is::settled($promise)) {
+            return;
+        }
+
+        try {
+            if (isset($handler[$index])) {
+                /*
+                 * If $f throws an exception, then $handler will be in the exception
+                 * stack trace. Since $handler contains a reference to the callable
+                 * itself we get a circular reference. We clear the $handler
+                 * here to avoid that memory leak.
+                 */
+                $f = $handler[$index];
+                unset($handler);
+                $promise->resolve($f($value));
+            } elseif ($index === 1) {
+                // Forward resolution values as-is.
+                $promise->resolve($value);
+            } else {
+                // Forward rejections down the chain.
+                $promise->reject($value);
+            }
+        } catch (\Throwable $reason) {
+            $promise->reject($reason);
+        } catch (\Exception $reason) {
+            $promise->reject($reason);
+        }
+    }
+
+    private function waitIfPending()
+    {
+        if ($this->state !== self::PENDING) {
+            return;
+        } elseif ($this->waitFn) {
+            $this->invokeWaitFn();
+        } elseif ($this->waitList) {
+            $this->invokeWaitList();
+        } else {
+            // If there's no wait function, then reject the promise.
+            $this->reject('Cannot wait on a promise that has '
+                . 'no internal wait function. You must provide a wait '
+                . 'function when constructing the promise to be able to '
+                . 'wait on a promise.');
+        }
+
+        Utils::queue()->run();
+
+        /** @psalm-suppress RedundantCondition */
+        if ($this->state === self::PENDING) {
+            $this->reject('Invoking the wait callback did not resolve the promise');
+        }
+    }
+
+    private function invokeWaitFn()
+    {
+        try {
+            $wfn = $this->waitFn;
+            $this->waitFn = null;
+            $wfn(true);
+        } catch (\Exception $reason) {
+            if ($this->state === self::PENDING) {
+                // The promise has not been resolved yet, so reject the promise
+                // with the exception.
+                $this->reject($reason);
+            } else {
+                // The promise was already resolved, so there's a problem in
+                // the application.
+                throw $reason;
+            }
+        }
+    }
+
+    private function invokeWaitList()
+    {
+        $waitList = $this->waitList;
+        $this->waitList = null;
+
+        foreach ($waitList as $result) {
+            do {
+                $result->waitIfPending();
+                $result = $result->result;
+            } while ($result instanceof Promise);
+
+            if ($result instanceof PromiseInterface) {
+                $result->wait(false);
+            }
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/promises/src/PromiseInterface.php b/data/web/inc/lib/vendor/guzzlehttp/promises/src/PromiseInterface.php
new file mode 100644
index 000000000..e59833143
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/promises/src/PromiseInterface.php
@@ -0,0 +1,97 @@
+<?php
+
+namespace GuzzleHttp\Promise;
+
+/**
+ * A promise represents the eventual result of an asynchronous operation.
+ *
+ * The primary way of interacting with a promise is through its then method,
+ * which registers callbacks to receive either a promise’s eventual value or
+ * the reason why the promise cannot be fulfilled.
+ *
+ * @link https://promisesaplus.com/
+ */
+interface PromiseInterface
+{
+    const PENDING = 'pending';
+    const FULFILLED = 'fulfilled';
+    const REJECTED = 'rejected';
+
+    /**
+     * Appends fulfillment and rejection handlers to the promise, and returns
+     * a new promise resolving to the return value of the called handler.
+     *
+     * @param callable $onFulfilled Invoked when the promise fulfills.
+     * @param callable $onRejected  Invoked when the promise is rejected.
+     *
+     * @return PromiseInterface
+     */
+    public function then(
+        callable $onFulfilled = null,
+        callable $onRejected = null
+    );
+
+    /**
+     * Appends a rejection handler callback to the promise, and returns a new
+     * promise resolving to the return value of the callback if it is called,
+     * or to its original fulfillment value if the promise is instead
+     * fulfilled.
+     *
+     * @param callable $onRejected Invoked when the promise is rejected.
+     *
+     * @return PromiseInterface
+     */
+    public function otherwise(callable $onRejected);
+
+    /**
+     * Get the state of the promise ("pending", "rejected", or "fulfilled").
+     *
+     * The three states can be checked against the constants defined on
+     * PromiseInterface: PENDING, FULFILLED, and REJECTED.
+     *
+     * @return string
+     */
+    public function getState();
+
+    /**
+     * Resolve the promise with the given value.
+     *
+     * @param mixed $value
+     *
+     * @throws \RuntimeException if the promise is already resolved.
+     */
+    public function resolve($value);
+
+    /**
+     * Reject the promise with the given reason.
+     *
+     * @param mixed $reason
+     *
+     * @throws \RuntimeException if the promise is already resolved.
+     */
+    public function reject($reason);
+
+    /**
+     * Cancels the promise if possible.
+     *
+     * @link https://github.com/promises-aplus/cancellation-spec/issues/7
+     */
+    public function cancel();
+
+    /**
+     * Waits until the promise completes if possible.
+     *
+     * Pass $unwrap as true to unwrap the result of the promise, either
+     * returning the resolved value or throwing the rejected exception.
+     *
+     * If the promise cannot be waited on, then the promise will be rejected.
+     *
+     * @param bool $unwrap
+     *
+     * @return mixed
+     *
+     * @throws \LogicException if the promise has no wait function or if the
+     *                         promise does not settle after waiting.
+     */
+    public function wait($unwrap = true);
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/promises/src/PromisorInterface.php b/data/web/inc/lib/vendor/guzzlehttp/promises/src/PromisorInterface.php
new file mode 100644
index 000000000..2d2e3422b
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/promises/src/PromisorInterface.php
@@ -0,0 +1,16 @@
+<?php
+
+namespace GuzzleHttp\Promise;
+
+/**
+ * Interface used with classes that return a promise.
+ */
+interface PromisorInterface
+{
+    /**
+     * Returns a promise.
+     *
+     * @return PromiseInterface
+     */
+    public function promise();
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/promises/src/RejectedPromise.php b/data/web/inc/lib/vendor/guzzlehttp/promises/src/RejectedPromise.php
new file mode 100644
index 000000000..d2918468c
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/promises/src/RejectedPromise.php
@@ -0,0 +1,91 @@
+<?php
+
+namespace GuzzleHttp\Promise;
+
+/**
+ * A promise that has been rejected.
+ *
+ * Thenning off of this promise will invoke the onRejected callback
+ * immediately and ignore other callbacks.
+ */
+class RejectedPromise implements PromiseInterface
+{
+    private $reason;
+
+    public function __construct($reason)
+    {
+        if (is_object($reason) && method_exists($reason, 'then')) {
+            throw new \InvalidArgumentException(
+                'You cannot create a RejectedPromise with a promise.'
+            );
+        }
+
+        $this->reason = $reason;
+    }
+
+    public function then(
+        callable $onFulfilled = null,
+        callable $onRejected = null
+    ) {
+        // If there's no onRejected callback then just return self.
+        if (!$onRejected) {
+            return $this;
+        }
+
+        $queue = Utils::queue();
+        $reason = $this->reason;
+        $p = new Promise([$queue, 'run']);
+        $queue->add(static function () use ($p, $reason, $onRejected) {
+            if (Is::pending($p)) {
+                try {
+                    // Return a resolved promise if onRejected does not throw.
+                    $p->resolve($onRejected($reason));
+                } catch (\Throwable $e) {
+                    // onRejected threw, so return a rejected promise.
+                    $p->reject($e);
+                } catch (\Exception $e) {
+                    // onRejected threw, so return a rejected promise.
+                    $p->reject($e);
+                }
+            }
+        });
+
+        return $p;
+    }
+
+    public function otherwise(callable $onRejected)
+    {
+        return $this->then(null, $onRejected);
+    }
+
+    public function wait($unwrap = true, $defaultDelivery = null)
+    {
+        if ($unwrap) {
+            throw Create::exceptionFor($this->reason);
+        }
+
+        return null;
+    }
+
+    public function getState()
+    {
+        return self::REJECTED;
+    }
+
+    public function resolve($value)
+    {
+        throw new \LogicException("Cannot resolve a rejected promise");
+    }
+
+    public function reject($reason)
+    {
+        if ($reason !== $this->reason) {
+            throw new \LogicException("Cannot reject a rejected promise");
+        }
+    }
+
+    public function cancel()
+    {
+        // pass
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/promises/src/RejectionException.php b/data/web/inc/lib/vendor/guzzlehttp/promises/src/RejectionException.php
new file mode 100644
index 000000000..e2f137707
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/promises/src/RejectionException.php
@@ -0,0 +1,48 @@
+<?php
+
+namespace GuzzleHttp\Promise;
+
+/**
+ * A special exception that is thrown when waiting on a rejected promise.
+ *
+ * The reason value is available via the getReason() method.
+ */
+class RejectionException extends \RuntimeException
+{
+    /** @var mixed Rejection reason. */
+    private $reason;
+
+    /**
+     * @param mixed  $reason      Rejection reason.
+     * @param string $description Optional description
+     */
+    public function __construct($reason, $description = null)
+    {
+        $this->reason = $reason;
+
+        $message = 'The promise was rejected';
+
+        if ($description) {
+            $message .= ' with reason: ' . $description;
+        } elseif (is_string($reason)
+            || (is_object($reason) && method_exists($reason, '__toString'))
+        ) {
+            $message .= ' with reason: ' . $this->reason;
+        } elseif ($reason instanceof \JsonSerializable) {
+            $message .= ' with reason: '
+                . json_encode($this->reason, JSON_PRETTY_PRINT);
+        }
+
+        parent::__construct($message);
+    }
+
+    /**
+     * Returns the rejection reason.
+     *
+     * @return mixed
+     */
+    public function getReason()
+    {
+        return $this->reason;
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/promises/src/TaskQueue.php b/data/web/inc/lib/vendor/guzzlehttp/promises/src/TaskQueue.php
new file mode 100644
index 000000000..f0fba2c59
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/promises/src/TaskQueue.php
@@ -0,0 +1,67 @@
+<?php
+
+namespace GuzzleHttp\Promise;
+
+/**
+ * A task queue that executes tasks in a FIFO order.
+ *
+ * This task queue class is used to settle promises asynchronously and
+ * maintains a constant stack size. You can use the task queue asynchronously
+ * by calling the `run()` function of the global task queue in an event loop.
+ *
+ *     GuzzleHttp\Promise\Utils::queue()->run();
+ */
+class TaskQueue implements TaskQueueInterface
+{
+    private $enableShutdown = true;
+    private $queue = [];
+
+    public function __construct($withShutdown = true)
+    {
+        if ($withShutdown) {
+            register_shutdown_function(function () {
+                if ($this->enableShutdown) {
+                    // Only run the tasks if an E_ERROR didn't occur.
+                    $err = error_get_last();
+                    if (!$err || ($err['type'] ^ E_ERROR)) {
+                        $this->run();
+                    }
+                }
+            });
+        }
+    }
+
+    public function isEmpty()
+    {
+        return !$this->queue;
+    }
+
+    public function add(callable $task)
+    {
+        $this->queue[] = $task;
+    }
+
+    public function run()
+    {
+        while ($task = array_shift($this->queue)) {
+            /** @var callable $task */
+            $task();
+        }
+    }
+
+    /**
+     * The task queue will be run and exhausted by default when the process
+     * exits IFF the exit is not the result of a PHP E_ERROR error.
+     *
+     * You can disable running the automatic shutdown of the queue by calling
+     * this function. If you disable the task queue shutdown process, then you
+     * MUST either run the task queue (as a result of running your event loop
+     * or manually using the run() method) or wait on each outstanding promise.
+     *
+     * Note: This shutdown will occur before any destructors are triggered.
+     */
+    public function disableShutdown()
+    {
+        $this->enableShutdown = false;
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/promises/src/TaskQueueInterface.php b/data/web/inc/lib/vendor/guzzlehttp/promises/src/TaskQueueInterface.php
new file mode 100644
index 000000000..723d4d54e
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/promises/src/TaskQueueInterface.php
@@ -0,0 +1,24 @@
+<?php
+
+namespace GuzzleHttp\Promise;
+
+interface TaskQueueInterface
+{
+    /**
+     * Returns true if the queue is empty.
+     *
+     * @return bool
+     */
+    public function isEmpty();
+
+    /**
+     * Adds a task to the queue that will be executed the next time run is
+     * called.
+     */
+    public function add(callable $task);
+
+    /**
+     * Execute all of the pending task in the queue.
+     */
+    public function run();
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/promises/src/Utils.php b/data/web/inc/lib/vendor/guzzlehttp/promises/src/Utils.php
new file mode 100644
index 000000000..8647126d8
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/promises/src/Utils.php
@@ -0,0 +1,276 @@
+<?php
+
+namespace GuzzleHttp\Promise;
+
+final class Utils
+{
+    /**
+     * Get the global task queue used for promise resolution.
+     *
+     * This task queue MUST be run in an event loop in order for promises to be
+     * settled asynchronously. It will be automatically run when synchronously
+     * waiting on a promise.
+     *
+     * <code>
+     * while ($eventLoop->isRunning()) {
+     *     GuzzleHttp\Promise\Utils::queue()->run();
+     * }
+     * </code>
+     *
+     * @param TaskQueueInterface $assign Optionally specify a new queue instance.
+     *
+     * @return TaskQueueInterface
+     */
+    public static function queue(TaskQueueInterface $assign = null)
+    {
+        static $queue;
+
+        if ($assign) {
+            $queue = $assign;
+        } elseif (!$queue) {
+            $queue = new TaskQueue();
+        }
+
+        return $queue;
+    }
+
+    /**
+     * Adds a function to run in the task queue when it is next `run()` and
+     * returns a promise that is fulfilled or rejected with the result.
+     *
+     * @param callable $task Task function to run.
+     *
+     * @return PromiseInterface
+     */
+    public static function task(callable $task)
+    {
+        $queue = self::queue();
+        $promise = new Promise([$queue, 'run']);
+        $queue->add(function () use ($task, $promise) {
+            try {
+                if (Is::pending($promise)) {
+                    $promise->resolve($task());
+                }
+            } catch (\Throwable $e) {
+                $promise->reject($e);
+            } catch (\Exception $e) {
+                $promise->reject($e);
+            }
+        });
+
+        return $promise;
+    }
+
+    /**
+     * Synchronously waits on a promise to resolve and returns an inspection
+     * state array.
+     *
+     * Returns a state associative array containing a "state" key mapping to a
+     * valid promise state. If the state of the promise is "fulfilled", the
+     * array will contain a "value" key mapping to the fulfilled value of the
+     * promise. If the promise is rejected, the array will contain a "reason"
+     * key mapping to the rejection reason of the promise.
+     *
+     * @param PromiseInterface $promise Promise or value.
+     *
+     * @return array
+     */
+    public static function inspect(PromiseInterface $promise)
+    {
+        try {
+            return [
+                'state' => PromiseInterface::FULFILLED,
+                'value' => $promise->wait()
+            ];
+        } catch (RejectionException $e) {
+            return ['state' => PromiseInterface::REJECTED, 'reason' => $e->getReason()];
+        } catch (\Throwable $e) {
+            return ['state' => PromiseInterface::REJECTED, 'reason' => $e];
+        } catch (\Exception $e) {
+            return ['state' => PromiseInterface::REJECTED, 'reason' => $e];
+        }
+    }
+
+    /**
+     * Waits on all of the provided promises, but does not unwrap rejected
+     * promises as thrown exception.
+     *
+     * Returns an array of inspection state arrays.
+     *
+     * @see inspect for the inspection state array format.
+     *
+     * @param PromiseInterface[] $promises Traversable of promises to wait upon.
+     *
+     * @return array
+     */
+    public static function inspectAll($promises)
+    {
+        $results = [];
+        foreach ($promises as $key => $promise) {
+            $results[$key] = inspect($promise);
+        }
+
+        return $results;
+    }
+
+    /**
+     * Waits on all of the provided promises and returns the fulfilled values.
+     *
+     * Returns an array that contains the value of each promise (in the same
+     * order the promises were provided). An exception is thrown if any of the
+     * promises are rejected.
+     *
+     * @param iterable<PromiseInterface> $promises Iterable of PromiseInterface objects to wait on.
+     *
+     * @return array
+     *
+     * @throws \Exception on error
+     * @throws \Throwable on error in PHP >=7
+     */
+    public static function unwrap($promises)
+    {
+        $results = [];
+        foreach ($promises as $key => $promise) {
+            $results[$key] = $promise->wait();
+        }
+
+        return $results;
+    }
+
+    /**
+     * Given an array of promises, return a promise that is fulfilled when all
+     * the items in the array are fulfilled.
+     *
+     * The promise's fulfillment value is an array with fulfillment values at
+     * respective positions to the original array. If any promise in the array
+     * rejects, the returned promise is rejected with the rejection reason.
+     *
+     * @param mixed $promises  Promises or values.
+     * @param bool  $recursive If true, resolves new promises that might have been added to the stack during its own resolution.
+     *
+     * @return PromiseInterface
+     */
+    public static function all($promises, $recursive = false)
+    {
+        $results = [];
+        $promise = Each::of(
+            $promises,
+            function ($value, $idx) use (&$results) {
+                $results[$idx] = $value;
+            },
+            function ($reason, $idx, Promise $aggregate) {
+                $aggregate->reject($reason);
+            }
+        )->then(function () use (&$results) {
+            ksort($results);
+            return $results;
+        });
+
+        if (true === $recursive) {
+            $promise = $promise->then(function ($results) use ($recursive, &$promises) {
+                foreach ($promises as $promise) {
+                    if (Is::pending($promise)) {
+                        return self::all($promises, $recursive);
+                    }
+                }
+                return $results;
+            });
+        }
+
+        return $promise;
+    }
+
+    /**
+     * Initiate a competitive race between multiple promises or values (values
+     * will become immediately fulfilled promises).
+     *
+     * When count amount of promises have been fulfilled, the returned promise
+     * is fulfilled with an array that contains the fulfillment values of the
+     * winners in order of resolution.
+     *
+     * This promise is rejected with a {@see AggregateException} if the number
+     * of fulfilled promises is less than the desired $count.
+     *
+     * @param int   $count    Total number of promises.
+     * @param mixed $promises Promises or values.
+     *
+     * @return PromiseInterface
+     */
+    public static function some($count, $promises)
+    {
+        $results = [];
+        $rejections = [];
+
+        return Each::of(
+            $promises,
+            function ($value, $idx, PromiseInterface $p) use (&$results, $count) {
+                if (Is::settled($p)) {
+                    return;
+                }
+                $results[$idx] = $value;
+                if (count($results) >= $count) {
+                    $p->resolve(null);
+                }
+            },
+            function ($reason) use (&$rejections) {
+                $rejections[] = $reason;
+            }
+        )->then(
+            function () use (&$results, &$rejections, $count) {
+                if (count($results) !== $count) {
+                    throw new AggregateException(
+                        'Not enough promises to fulfill count',
+                        $rejections
+                    );
+                }
+                ksort($results);
+                return array_values($results);
+            }
+        );
+    }
+
+    /**
+     * Like some(), with 1 as count. However, if the promise fulfills, the
+     * fulfillment value is not an array of 1 but the value directly.
+     *
+     * @param mixed $promises Promises or values.
+     *
+     * @return PromiseInterface
+     */
+    public static function any($promises)
+    {
+        return self::some(1, $promises)->then(function ($values) {
+            return $values[0];
+        });
+    }
+
+    /**
+     * Returns a promise that is fulfilled when all of the provided promises have
+     * been fulfilled or rejected.
+     *
+     * The returned promise is fulfilled with an array of inspection state arrays.
+     *
+     * @see inspect for the inspection state array format.
+     *
+     * @param mixed $promises Promises or values.
+     *
+     * @return PromiseInterface
+     */
+    public static function settle($promises)
+    {
+        $results = [];
+
+        return Each::of(
+            $promises,
+            function ($value, $idx) use (&$results) {
+                $results[$idx] = ['state' => PromiseInterface::FULFILLED, 'value' => $value];
+            },
+            function ($reason, $idx) use (&$results) {
+                $results[$idx] = ['state' => PromiseInterface::REJECTED, 'reason' => $reason];
+            }
+        )->then(function () use (&$results) {
+            ksort($results);
+            return $results;
+        });
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/promises/src/functions.php b/data/web/inc/lib/vendor/guzzlehttp/promises/src/functions.php
new file mode 100644
index 000000000..c03d39d02
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/promises/src/functions.php
@@ -0,0 +1,363 @@
+<?php
+
+namespace GuzzleHttp\Promise;
+
+/**
+ * Get the global task queue used for promise resolution.
+ *
+ * This task queue MUST be run in an event loop in order for promises to be
+ * settled asynchronously. It will be automatically run when synchronously
+ * waiting on a promise.
+ *
+ * <code>
+ * while ($eventLoop->isRunning()) {
+ *     GuzzleHttp\Promise\queue()->run();
+ * }
+ * </code>
+ *
+ * @param TaskQueueInterface $assign Optionally specify a new queue instance.
+ *
+ * @return TaskQueueInterface
+ *
+ * @deprecated queue will be removed in guzzlehttp/promises:2.0. Use Utils::queue instead.
+ */
+function queue(TaskQueueInterface $assign = null)
+{
+    return Utils::queue($assign);
+}
+
+/**
+ * Adds a function to run in the task queue when it is next `run()` and returns
+ * a promise that is fulfilled or rejected with the result.
+ *
+ * @param callable $task Task function to run.
+ *
+ * @return PromiseInterface
+ *
+ * @deprecated task will be removed in guzzlehttp/promises:2.0. Use Utils::task instead.
+ */
+function task(callable $task)
+{
+    return Utils::task($task);
+}
+
+/**
+ * Creates a promise for a value if the value is not a promise.
+ *
+ * @param mixed $value Promise or value.
+ *
+ * @return PromiseInterface
+ *
+ * @deprecated promise_for will be removed in guzzlehttp/promises:2.0. Use Create::promiseFor instead.
+ */
+function promise_for($value)
+{
+    return Create::promiseFor($value);
+}
+
+/**
+ * Creates a rejected promise for a reason if the reason is not a promise. If
+ * the provided reason is a promise, then it is returned as-is.
+ *
+ * @param mixed $reason Promise or reason.
+ *
+ * @return PromiseInterface
+ *
+ * @deprecated rejection_for will be removed in guzzlehttp/promises:2.0. Use Create::rejectionFor instead.
+ */
+function rejection_for($reason)
+{
+    return Create::rejectionFor($reason);
+}
+
+/**
+ * Create an exception for a rejected promise value.
+ *
+ * @param mixed $reason
+ *
+ * @return \Exception|\Throwable
+ *
+ * @deprecated exception_for will be removed in guzzlehttp/promises:2.0. Use Create::exceptionFor instead.
+ */
+function exception_for($reason)
+{
+    return Create::exceptionFor($reason);
+}
+
+/**
+ * Returns an iterator for the given value.
+ *
+ * @param mixed $value
+ *
+ * @return \Iterator
+ *
+ * @deprecated iter_for will be removed in guzzlehttp/promises:2.0. Use Create::iterFor instead.
+ */
+function iter_for($value)
+{
+    return Create::iterFor($value);
+}
+
+/**
+ * Synchronously waits on a promise to resolve and returns an inspection state
+ * array.
+ *
+ * Returns a state associative array containing a "state" key mapping to a
+ * valid promise state. If the state of the promise is "fulfilled", the array
+ * will contain a "value" key mapping to the fulfilled value of the promise. If
+ * the promise is rejected, the array will contain a "reason" key mapping to
+ * the rejection reason of the promise.
+ *
+ * @param PromiseInterface $promise Promise or value.
+ *
+ * @return array
+ *
+ * @deprecated inspect will be removed in guzzlehttp/promises:2.0. Use Utils::inspect instead.
+ */
+function inspect(PromiseInterface $promise)
+{
+    return Utils::inspect($promise);
+}
+
+/**
+ * Waits on all of the provided promises, but does not unwrap rejected promises
+ * as thrown exception.
+ *
+ * Returns an array of inspection state arrays.
+ *
+ * @see inspect for the inspection state array format.
+ *
+ * @param PromiseInterface[] $promises Traversable of promises to wait upon.
+ *
+ * @return array
+ *
+ * @deprecated inspect will be removed in guzzlehttp/promises:2.0. Use Utils::inspectAll instead.
+ */
+function inspect_all($promises)
+{
+    return Utils::inspectAll($promises);
+}
+
+/**
+ * Waits on all of the provided promises and returns the fulfilled values.
+ *
+ * Returns an array that contains the value of each promise (in the same order
+ * the promises were provided). An exception is thrown if any of the promises
+ * are rejected.
+ *
+ * @param iterable<PromiseInterface> $promises Iterable of PromiseInterface objects to wait on.
+ *
+ * @return array
+ *
+ * @throws \Exception on error
+ * @throws \Throwable on error in PHP >=7
+ *
+ * @deprecated unwrap will be removed in guzzlehttp/promises:2.0. Use Utils::unwrap instead.
+ */
+function unwrap($promises)
+{
+    return Utils::unwrap($promises);
+}
+
+/**
+ * Given an array of promises, return a promise that is fulfilled when all the
+ * items in the array are fulfilled.
+ *
+ * The promise's fulfillment value is an array with fulfillment values at
+ * respective positions to the original array. If any promise in the array
+ * rejects, the returned promise is rejected with the rejection reason.
+ *
+ * @param mixed $promises  Promises or values.
+ * @param bool  $recursive If true, resolves new promises that might have been added to the stack during its own resolution.
+ *
+ * @return PromiseInterface
+ *
+ * @deprecated all will be removed in guzzlehttp/promises:2.0. Use Utils::all instead.
+ */
+function all($promises, $recursive = false)
+{
+    return Utils::all($promises, $recursive);
+}
+
+/**
+ * Initiate a competitive race between multiple promises or values (values will
+ * become immediately fulfilled promises).
+ *
+ * When count amount of promises have been fulfilled, the returned promise is
+ * fulfilled with an array that contains the fulfillment values of the winners
+ * in order of resolution.
+ *
+ * This promise is rejected with a {@see AggregateException} if the number of
+ * fulfilled promises is less than the desired $count.
+ *
+ * @param int   $count    Total number of promises.
+ * @param mixed $promises Promises or values.
+ *
+ * @return PromiseInterface
+ *
+ * @deprecated some will be removed in guzzlehttp/promises:2.0. Use Utils::some instead.
+ */
+function some($count, $promises)
+{
+    return Utils::some($count, $promises);
+}
+
+/**
+ * Like some(), with 1 as count. However, if the promise fulfills, the
+ * fulfillment value is not an array of 1 but the value directly.
+ *
+ * @param mixed $promises Promises or values.
+ *
+ * @return PromiseInterface
+ *
+ * @deprecated any will be removed in guzzlehttp/promises:2.0. Use Utils::any instead.
+ */
+function any($promises)
+{
+    return Utils::any($promises);
+}
+
+/**
+ * Returns a promise that is fulfilled when all of the provided promises have
+ * been fulfilled or rejected.
+ *
+ * The returned promise is fulfilled with an array of inspection state arrays.
+ *
+ * @see inspect for the inspection state array format.
+ *
+ * @param mixed $promises Promises or values.
+ *
+ * @return PromiseInterface
+ *
+ * @deprecated settle will be removed in guzzlehttp/promises:2.0. Use Utils::settle instead.
+ */
+function settle($promises)
+{
+    return Utils::settle($promises);
+}
+
+/**
+ * Given an iterator that yields promises or values, returns a promise that is
+ * fulfilled with a null value when the iterator has been consumed or the
+ * aggregate promise has been fulfilled or rejected.
+ *
+ * $onFulfilled is a function that accepts the fulfilled value, iterator index,
+ * and the aggregate promise. The callback can invoke any necessary side
+ * effects and choose to resolve or reject the aggregate if needed.
+ *
+ * $onRejected is a function that accepts the rejection reason, iterator index,
+ * and the aggregate promise. The callback can invoke any necessary side
+ * effects and choose to resolve or reject the aggregate if needed.
+ *
+ * @param mixed    $iterable    Iterator or array to iterate over.
+ * @param callable $onFulfilled
+ * @param callable $onRejected
+ *
+ * @return PromiseInterface
+ *
+ * @deprecated each will be removed in guzzlehttp/promises:2.0. Use Each::of instead.
+ */
+function each(
+    $iterable,
+    callable $onFulfilled = null,
+    callable $onRejected = null
+) {
+    return Each::of($iterable, $onFulfilled, $onRejected);
+}
+
+/**
+ * Like each, but only allows a certain number of outstanding promises at any
+ * given time.
+ *
+ * $concurrency may be an integer or a function that accepts the number of
+ * pending promises and returns a numeric concurrency limit value to allow for
+ * dynamic a concurrency size.
+ *
+ * @param mixed        $iterable
+ * @param int|callable $concurrency
+ * @param callable     $onFulfilled
+ * @param callable     $onRejected
+ *
+ * @return PromiseInterface
+ *
+ * @deprecated each_limit will be removed in guzzlehttp/promises:2.0. Use Each::ofLimit instead.
+ */
+function each_limit(
+    $iterable,
+    $concurrency,
+    callable $onFulfilled = null,
+    callable $onRejected = null
+) {
+    return Each::ofLimit($iterable, $concurrency, $onFulfilled, $onRejected);
+}
+
+/**
+ * Like each_limit, but ensures that no promise in the given $iterable argument
+ * is rejected. If any promise is rejected, then the aggregate promise is
+ * rejected with the encountered rejection.
+ *
+ * @param mixed        $iterable
+ * @param int|callable $concurrency
+ * @param callable     $onFulfilled
+ *
+ * @return PromiseInterface
+ *
+ * @deprecated each_limit_all will be removed in guzzlehttp/promises:2.0. Use Each::ofLimitAll instead.
+ */
+function each_limit_all(
+    $iterable,
+    $concurrency,
+    callable $onFulfilled = null
+) {
+    return Each::ofLimitAll($iterable, $concurrency, $onFulfilled);
+}
+
+/**
+ * Returns true if a promise is fulfilled.
+ *
+ * @return bool
+ *
+ * @deprecated is_fulfilled will be removed in guzzlehttp/promises:2.0. Use Is::fulfilled instead.
+ */
+function is_fulfilled(PromiseInterface $promise)
+{
+    return Is::fulfilled($promise);
+}
+
+/**
+ * Returns true if a promise is rejected.
+ *
+ * @return bool
+ *
+ * @deprecated is_rejected will be removed in guzzlehttp/promises:2.0. Use Is::rejected instead.
+ */
+function is_rejected(PromiseInterface $promise)
+{
+    return Is::rejected($promise);
+}
+
+/**
+ * Returns true if a promise is fulfilled or rejected.
+ *
+ * @return bool
+ *
+ * @deprecated is_settled will be removed in guzzlehttp/promises:2.0. Use Is::settled instead.
+ */
+function is_settled(PromiseInterface $promise)
+{
+    return Is::settled($promise);
+}
+
+/**
+ * Create a new coroutine.
+ *
+ * @see Coroutine
+ *
+ * @return PromiseInterface
+ *
+ * @deprecated coroutine will be removed in guzzlehttp/promises:2.0. Use Coroutine::of instead.
+ */
+function coroutine(callable $generatorFn)
+{
+    return Coroutine::of($generatorFn);
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/promises/src/functions_include.php b/data/web/inc/lib/vendor/guzzlehttp/promises/src/functions_include.php
new file mode 100644
index 000000000..34cd1710a
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/promises/src/functions_include.php
@@ -0,0 +1,6 @@
+<?php
+
+// Don't redefine the functions if included multiple times.
+if (!function_exists('GuzzleHttp\Promise\promise_for')) {
+    require __DIR__ . '/functions.php';
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/CHANGELOG.md b/data/web/inc/lib/vendor/guzzlehttp/psr7/CHANGELOG.md
new file mode 100644
index 000000000..0eabd3048
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/CHANGELOG.md
@@ -0,0 +1,402 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## Unreleased
+
+## 2.4.4 - 2023-03-09
+
+### Changed
+
+- Removed the need for `AllowDynamicProperties` in `LazyOpenStream`
+
+## 2.4.3 - 2022-10-26
+
+### Changed
+
+- Replaced `sha1(uniqid())` by `bin2hex(random_bytes(20))`
+
+## 2.4.2 - 2022-10-25
+
+### Fixed
+
+- Fixed erroneous behaviour when combining host and relative path
+
+## 2.4.1 - 2022-08-28
+
+### Fixed
+
+- Rewind body before reading in `Message::bodySummary`
+
+## 2.4.0 - 2022-06-20
+
+### Added
+
+- Added provisional PHP 8.2 support
+- Added `UriComparator::isCrossOrigin` method
+
+## 2.3.0 - 2022-06-09
+
+### Fixed
+
+- Added `Header::splitList` method
+- Added `Utils::tryGetContents` method
+- Improved `Stream::getContents` method
+- Updated mimetype mappings
+
+## 2.2.2 - 2022-06-08
+
+### Fixed
+
+- Fix `Message::parseRequestUri` for numeric headers
+- Re-wrap exceptions thrown in `fread` into runtime exceptions
+- Throw an exception when multipart options is misformatted
+
+## 2.2.1 - 2022-03-20
+
+### Fixed
+
+- Correct header value validation
+
+## 2.2.0 - 2022-03-20
+
+### Added
+
+- A more compressive list of mime types
+- Add JsonSerializable to Uri
+- Missing return types
+
+### Fixed
+
+- Bug MultipartStream no `uri` metadata
+- Bug MultipartStream with filename for `data://` streams
+- Fixed new line handling in MultipartStream
+- Reduced RAM usage when copying streams
+- Updated parsing in `Header::normalize()`
+
+## 2.1.1 - 2022-03-20
+
+### Fixed
+
+- Validate header values properly
+
+## 2.1.0 - 2021-10-06
+
+### Changed
+
+- Attempting to create a `Uri` object from a malformed URI will no longer throw a generic
+  `InvalidArgumentException`, but rather a `MalformedUriException`, which inherits from the former
+  for backwards compatibility. Callers relying on the exception being thrown to detect invalid
+  URIs should catch the new exception.
+
+### Fixed
+
+- Return `null` in caching stream size if remote size is `null`
+
+## 2.0.0 - 2021-06-30
+
+Identical to the RC release.
+
+## 2.0.0@RC-1 - 2021-04-29
+
+### Fixed
+
+- Handle possibly unset `url` in `stream_get_meta_data`
+
+## 2.0.0@beta-1 - 2021-03-21
+
+### Added
+
+- PSR-17 factories
+- Made classes final
+- PHP7 type hints
+
+### Changed
+
+- When building a query string, booleans are represented as 1 and 0.
+
+### Removed
+
+- PHP < 7.2 support
+- All functions in the `GuzzleHttp\Psr7` namespace
+
+## 1.8.1 - 2021-03-21
+
+### Fixed
+
+- Issue parsing IPv6 URLs
+- Issue modifying ServerRequest lost all its attributes
+
+## 1.8.0 - 2021-03-21
+
+### Added
+
+- Locale independent URL parsing
+- Most classes got a `@final` annotation to prepare for 2.0
+
+### Fixed
+
+- Issue when creating stream from `php://input` and curl-ext is not installed
+- Broken `Utils::tryFopen()` on PHP 8
+
+## 1.7.0 - 2020-09-30
+
+### Added
+
+- Replaced functions by static methods
+
+### Fixed
+
+- Converting a non-seekable stream to a string
+- Handle multiple Set-Cookie correctly
+- Ignore array keys in header values when merging
+- Allow multibyte characters to be parsed in `Message:bodySummary()`
+
+### Changed
+
+- Restored partial HHVM 3 support
+
+
+## [1.6.1] - 2019-07-02
+
+### Fixed
+
+- Accept null and bool header values again
+
+
+## [1.6.0] - 2019-06-30
+
+### Added
+
+- Allowed version `^3.0` of `ralouphie/getallheaders` dependency (#244)
+- Added MIME type for WEBP image format (#246)
+- Added more validation of values according to PSR-7 and RFC standards, e.g. status code range (#250, #272)
+
+### Changed
+
+- Tests don't pass with HHVM 4.0, so HHVM support got dropped. Other libraries like composer have done the same. (#262)
+- Accept port number 0 to be valid (#270)
+
+### Fixed
+
+- Fixed subsequent reads from `php://input` in ServerRequest (#247)
+- Fixed readable/writable detection for certain stream modes (#248)
+- Fixed encoding of special characters in the `userInfo` component of an URI (#253)
+
+
+## [1.5.2] - 2018-12-04
+
+### Fixed
+
+- Check body size when getting the message summary
+
+
+## [1.5.1] - 2018-12-04
+
+### Fixed
+
+- Get the summary of a body only if it is readable
+
+
+## [1.5.0] - 2018-12-03
+
+### Added
+
+- Response first-line to response string exception (fixes #145)
+- A test for #129 behavior
+- `get_message_body_summary` function in order to get the message summary
+- `3gp` and `mkv` mime types
+
+### Changed
+
+- Clarify exception message when stream is detached
+
+### Deprecated
+
+- Deprecated parsing folded header lines as per RFC 7230
+
+### Fixed
+
+- Fix `AppendStream::detach` to not close streams
+- `InflateStream` preserves `isSeekable` attribute of the underlying stream
+- `ServerRequest::getUriFromGlobals` to support URLs in query parameters
+
+
+Several other fixes and improvements.
+
+
+## [1.4.2] - 2017-03-20
+
+### Fixed
+
+- Reverted BC break to `Uri::resolve` and `Uri::removeDotSegments` by removing
+  calls to `trigger_error` when deprecated methods are invoked.
+
+
+## [1.4.1] - 2017-02-27
+
+### Added
+
+- Rriggering of silenced deprecation warnings.
+
+### Fixed
+
+- Reverted BC break by reintroducing behavior to automagically fix a URI with a
+  relative path and an authority by adding a leading slash to the path. It's only
+  deprecated now.
+
+
+## [1.4.0] - 2017-02-21
+
+### Added
+
+- Added common URI utility methods based on RFC 3986 (see documentation in the readme):
+  - `Uri::isDefaultPort`
+  - `Uri::isAbsolute`
+  - `Uri::isNetworkPathReference`
+  - `Uri::isAbsolutePathReference`
+  - `Uri::isRelativePathReference`
+  - `Uri::isSameDocumentReference`
+  - `Uri::composeComponents`
+  - `UriNormalizer::normalize`
+  - `UriNormalizer::isEquivalent`
+  - `UriResolver::relativize`
+
+### Changed
+
+- Ensure `ServerRequest::getUriFromGlobals` returns a URI in absolute form.
+- Allow `parse_response` to parse a response without delimiting space and reason.
+- Ensure each URI modification results in a valid URI according to PSR-7 discussions.
+  Invalid modifications will throw an exception instead of returning a wrong URI or
+  doing some magic.
+  - `(new Uri)->withPath('foo')->withHost('example.com')` will throw an exception
+    because the path of a URI with an authority must start with a slash "/" or be empty
+  - `(new Uri())->withScheme('http')` will return `'http://localhost'`
+
+### Deprecated
+
+- `Uri::resolve` in favor of `UriResolver::resolve`
+- `Uri::removeDotSegments` in favor of `UriResolver::removeDotSegments`
+
+### Fixed
+
+- `Stream::read` when length parameter <= 0.
+- `copy_to_stream` reads bytes in chunks instead of `maxLen` into memory.
+- `ServerRequest::getUriFromGlobals` when `Host` header contains port.
+- Compatibility of URIs with `file` scheme and empty host.
+
+
+## [1.3.1] - 2016-06-25
+
+### Fixed
+
+- `Uri::__toString` for network path references, e.g. `//example.org`.
+- Missing lowercase normalization for host.
+- Handling of URI components in case they are `'0'` in a lot of places,
+  e.g. as a user info password.
+- `Uri::withAddedHeader` to correctly merge headers with different case.
+- Trimming of header values in `Uri::withAddedHeader`. Header values may
+  be surrounded by whitespace which should be ignored according to RFC 7230
+  Section 3.2.4. This does not apply to header names.
+- `Uri::withAddedHeader` with an array of header values.
+- `Uri::resolve` when base path has no slash and handling of fragment.
+- Handling of encoding in `Uri::with(out)QueryValue` so one can pass the
+  key/value both in encoded as well as decoded form to those methods. This is
+  consistent with withPath, withQuery etc.
+- `ServerRequest::withoutAttribute` when attribute value is null.
+
+
+## [1.3.0] - 2016-04-13
+
+### Added
+
+- Remaining interfaces needed for full PSR7 compatibility
+  (ServerRequestInterface, UploadedFileInterface, etc.).
+- Support for stream_for from scalars.
+
+### Changed
+
+- Can now extend Uri.
+
+### Fixed
+- A bug in validating request methods by making it more permissive.
+
+
+## [1.2.3] - 2016-02-18
+
+### Fixed
+
+- Support in `GuzzleHttp\Psr7\CachingStream` for seeking forward on remote
+  streams, which can sometimes return fewer bytes than requested with `fread`.
+- Handling of gzipped responses with FNAME headers.
+
+
+## [1.2.2] - 2016-01-22
+
+### Added
+
+- Support for URIs without any authority.
+- Support for HTTP 451 'Unavailable For Legal Reasons.'
+- Support for using '0' as a filename.
+- Support for including non-standard ports in Host headers.
+
+
+## [1.2.1] - 2015-11-02
+
+### Changes
+
+- Now supporting negative offsets when seeking to SEEK_END.
+
+
+## [1.2.0] - 2015-08-15
+
+### Changed
+
+- Body as `"0"` is now properly added to a response.
+- Now allowing forward seeking in CachingStream.
+- Now properly parsing HTTP requests that contain proxy targets in
+  `parse_request`.
+- functions.php is now conditionally required.
+- user-info is no longer dropped when resolving URIs.
+
+
+## [1.1.0] - 2015-06-24
+
+### Changed
+
+- URIs can now be relative.
+- `multipart/form-data` headers are now overridden case-insensitively.
+- URI paths no longer encode the following characters because they are allowed
+  in URIs: "(", ")", "*", "!", "'"
+- A port is no longer added to a URI when the scheme is missing and no port is
+  present.
+
+
+## 1.0.0 - 2015-05-19
+
+Initial release.
+
+Currently unsupported:
+
+- `Psr\Http\Message\ServerRequestInterface`
+- `Psr\Http\Message\UploadedFileInterface`
+
+
+
+[1.6.0]: https://github.com/guzzle/psr7/compare/1.5.2...1.6.0
+[1.5.2]: https://github.com/guzzle/psr7/compare/1.5.1...1.5.2
+[1.5.1]: https://github.com/guzzle/psr7/compare/1.5.0...1.5.1
+[1.5.0]: https://github.com/guzzle/psr7/compare/1.4.2...1.5.0
+[1.4.2]: https://github.com/guzzle/psr7/compare/1.4.1...1.4.2
+[1.4.1]: https://github.com/guzzle/psr7/compare/1.4.0...1.4.1
+[1.4.0]: https://github.com/guzzle/psr7/compare/1.3.1...1.4.0
+[1.3.1]: https://github.com/guzzle/psr7/compare/1.3.0...1.3.1
+[1.3.0]: https://github.com/guzzle/psr7/compare/1.2.3...1.3.0
+[1.2.3]: https://github.com/guzzle/psr7/compare/1.2.2...1.2.3
+[1.2.2]: https://github.com/guzzle/psr7/compare/1.2.1...1.2.2
+[1.2.1]: https://github.com/guzzle/psr7/compare/1.2.0...1.2.1
+[1.2.0]: https://github.com/guzzle/psr7/compare/1.1.0...1.2.0
+[1.1.0]: https://github.com/guzzle/psr7/compare/1.0.0...1.1.0
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/LICENSE b/data/web/inc/lib/vendor/guzzlehttp/psr7/LICENSE
new file mode 100644
index 000000000..51c7ec81c
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/LICENSE
@@ -0,0 +1,26 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Michael Dowling <mtdowling@gmail.com>
+Copyright (c) 2015 Márk Sági-Kazár <mark.sagikazar@gmail.com>
+Copyright (c) 2015 Graham Campbell <hello@gjcampbell.co.uk>
+Copyright (c) 2016 Tobias Schultze <webmaster@tubo-world.de>
+Copyright (c) 2016 George Mponos <gmponos@gmail.com>
+Copyright (c) 2018 Tobias Nyholm <tobias.nyholm@gmail.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/README.md b/data/web/inc/lib/vendor/guzzlehttp/psr7/README.md
new file mode 100644
index 000000000..9566a7d47
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/README.md
@@ -0,0 +1,880 @@
+# PSR-7 Message Implementation
+
+This repository contains a full [PSR-7](https://www.php-fig.org/psr/psr-7/)
+message implementation, several stream decorators, and some helpful
+functionality like query string parsing.
+
+![CI](https://github.com/guzzle/psr7/workflows/CI/badge.svg)
+![Static analysis](https://github.com/guzzle/psr7/workflows/Static%20analysis/badge.svg)
+
+
+# Installation
+
+```shell
+composer require guzzlehttp/psr7
+```
+
+# Stream implementation
+
+This package comes with a number of stream implementations and stream
+decorators.
+
+
+## AppendStream
+
+`GuzzleHttp\Psr7\AppendStream`
+
+Reads from multiple streams, one after the other.
+
+```php
+use GuzzleHttp\Psr7;
+
+$a = Psr7\Utils::streamFor('abc, ');
+$b = Psr7\Utils::streamFor('123.');
+$composed = new Psr7\AppendStream([$a, $b]);
+
+$composed->addStream(Psr7\Utils::streamFor(' Above all listen to me'));
+
+echo $composed; // abc, 123. Above all listen to me.
+```
+
+
+## BufferStream
+
+`GuzzleHttp\Psr7\BufferStream`
+
+Provides a buffer stream that can be written to fill a buffer, and read
+from to remove bytes from the buffer.
+
+This stream returns a "hwm" metadata value that tells upstream consumers
+what the configured high water mark of the stream is, or the maximum
+preferred size of the buffer.
+
+```php
+use GuzzleHttp\Psr7;
+
+// When more than 1024 bytes are in the buffer, it will begin returning
+// false to writes. This is an indication that writers should slow down.
+$buffer = new Psr7\BufferStream(1024);
+```
+
+
+## CachingStream
+
+The CachingStream is used to allow seeking over previously read bytes on
+non-seekable streams. This can be useful when transferring a non-seekable
+entity body fails due to needing to rewind the stream (for example, resulting
+from a redirect). Data that is read from the remote stream will be buffered in
+a PHP temp stream so that previously read bytes are cached first in memory,
+then on disk.
+
+```php
+use GuzzleHttp\Psr7;
+
+$original = Psr7\Utils::streamFor(fopen('http://www.google.com', 'r'));
+$stream = new Psr7\CachingStream($original);
+
+$stream->read(1024);
+echo $stream->tell();
+// 1024
+
+$stream->seek(0);
+echo $stream->tell();
+// 0
+```
+
+
+## DroppingStream
+
+`GuzzleHttp\Psr7\DroppingStream`
+
+Stream decorator that begins dropping data once the size of the underlying
+stream becomes too full.
+
+```php
+use GuzzleHttp\Psr7;
+
+// Create an empty stream
+$stream = Psr7\Utils::streamFor();
+
+// Start dropping data when the stream has more than 10 bytes
+$dropping = new Psr7\DroppingStream($stream, 10);
+
+$dropping->write('01234567890123456789');
+echo $stream; // 0123456789
+```
+
+
+## FnStream
+
+`GuzzleHttp\Psr7\FnStream`
+
+Compose stream implementations based on a hash of functions.
+
+Allows for easy testing and extension of a provided stream without needing
+to create a concrete class for a simple extension point.
+
+```php
+
+use GuzzleHttp\Psr7;
+
+$stream = Psr7\Utils::streamFor('hi');
+$fnStream = Psr7\FnStream::decorate($stream, [
+    'rewind' => function () use ($stream) {
+        echo 'About to rewind - ';
+        $stream->rewind();
+        echo 'rewound!';
+    }
+]);
+
+$fnStream->rewind();
+// Outputs: About to rewind - rewound!
+```
+
+
+## InflateStream
+
+`GuzzleHttp\Psr7\InflateStream`
+
+Uses PHP's zlib.inflate filter to inflate zlib (HTTP deflate, RFC1950) or gzipped (RFC1952) content.
+
+This stream decorator converts the provided stream to a PHP stream resource,
+then appends the zlib.inflate filter. The stream is then converted back
+to a Guzzle stream resource to be used as a Guzzle stream.
+
+
+## LazyOpenStream
+
+`GuzzleHttp\Psr7\LazyOpenStream`
+
+Lazily reads or writes to a file that is opened only after an IO operation
+take place on the stream.
+
+```php
+use GuzzleHttp\Psr7;
+
+$stream = new Psr7\LazyOpenStream('/path/to/file', 'r');
+// The file has not yet been opened...
+
+echo $stream->read(10);
+// The file is opened and read from only when needed.
+```
+
+
+## LimitStream
+
+`GuzzleHttp\Psr7\LimitStream`
+
+LimitStream can be used to read a subset or slice of an existing stream object.
+This can be useful for breaking a large file into smaller pieces to be sent in
+chunks (e.g. Amazon S3's multipart upload API).
+
+```php
+use GuzzleHttp\Psr7;
+
+$original = Psr7\Utils::streamFor(fopen('/tmp/test.txt', 'r+'));
+echo $original->getSize();
+// >>> 1048576
+
+// Limit the size of the body to 1024 bytes and start reading from byte 2048
+$stream = new Psr7\LimitStream($original, 1024, 2048);
+echo $stream->getSize();
+// >>> 1024
+echo $stream->tell();
+// >>> 0
+```
+
+
+## MultipartStream
+
+`GuzzleHttp\Psr7\MultipartStream`
+
+Stream that when read returns bytes for a streaming multipart or
+multipart/form-data stream.
+
+
+## NoSeekStream
+
+`GuzzleHttp\Psr7\NoSeekStream`
+
+NoSeekStream wraps a stream and does not allow seeking.
+
+```php
+use GuzzleHttp\Psr7;
+
+$original = Psr7\Utils::streamFor('foo');
+$noSeek = new Psr7\NoSeekStream($original);
+
+echo $noSeek->read(3);
+// foo
+var_export($noSeek->isSeekable());
+// false
+$noSeek->seek(0);
+var_export($noSeek->read(3));
+// NULL
+```
+
+
+## PumpStream
+
+`GuzzleHttp\Psr7\PumpStream`
+
+Provides a read only stream that pumps data from a PHP callable.
+
+When invoking the provided callable, the PumpStream will pass the amount of
+data requested to read to the callable. The callable can choose to ignore
+this value and return fewer or more bytes than requested. Any extra data
+returned by the provided callable is buffered internally until drained using
+the read() function of the PumpStream. The provided callable MUST return
+false when there is no more data to read.
+
+
+## Implementing stream decorators
+
+Creating a stream decorator is very easy thanks to the
+`GuzzleHttp\Psr7\StreamDecoratorTrait`. This trait provides methods that
+implement `Psr\Http\Message\StreamInterface` by proxying to an underlying
+stream. Just `use` the `StreamDecoratorTrait` and implement your custom
+methods.
+
+For example, let's say we wanted to call a specific function each time the last
+byte is read from a stream. This could be implemented by overriding the
+`read()` method.
+
+```php
+use Psr\Http\Message\StreamInterface;
+use GuzzleHttp\Psr7\StreamDecoratorTrait;
+
+class EofCallbackStream implements StreamInterface
+{
+    use StreamDecoratorTrait;
+
+    private $callback;
+
+    private $stream;
+
+    public function __construct(StreamInterface $stream, callable $cb)
+    {
+        $this->stream = $stream;
+        $this->callback = $cb;
+    }
+
+    public function read($length)
+    {
+        $result = $this->stream->read($length);
+
+        // Invoke the callback when EOF is hit.
+        if ($this->eof()) {
+            call_user_func($this->callback);
+        }
+
+        return $result;
+    }
+}
+```
+
+This decorator could be added to any existing stream and used like so:
+
+```php
+use GuzzleHttp\Psr7;
+
+$original = Psr7\Utils::streamFor('foo');
+
+$eofStream = new EofCallbackStream($original, function () {
+    echo 'EOF!';
+});
+
+$eofStream->read(2);
+$eofStream->read(1);
+// echoes "EOF!"
+$eofStream->seek(0);
+$eofStream->read(3);
+// echoes "EOF!"
+```
+
+
+## PHP StreamWrapper
+
+You can use the `GuzzleHttp\Psr7\StreamWrapper` class if you need to use a
+PSR-7 stream as a PHP stream resource.
+
+Use the `GuzzleHttp\Psr7\StreamWrapper::getResource()` method to create a PHP
+stream from a PSR-7 stream.
+
+```php
+use GuzzleHttp\Psr7\StreamWrapper;
+
+$stream = GuzzleHttp\Psr7\Utils::streamFor('hello!');
+$resource = StreamWrapper::getResource($stream);
+echo fread($resource, 6); // outputs hello!
+```
+
+
+# Static API
+
+There are various static methods available under the `GuzzleHttp\Psr7` namespace.
+
+
+## `GuzzleHttp\Psr7\Message::toString`
+
+`public static function toString(MessageInterface $message): string`
+
+Returns the string representation of an HTTP message.
+
+```php
+$request = new GuzzleHttp\Psr7\Request('GET', 'http://example.com');
+echo GuzzleHttp\Psr7\Message::toString($request);
+```
+
+
+## `GuzzleHttp\Psr7\Message::bodySummary`
+
+`public static function bodySummary(MessageInterface $message, int $truncateAt = 120): string|null`
+
+Get a short summary of the message body.
+
+Will return `null` if the response is not printable.
+
+
+## `GuzzleHttp\Psr7\Message::rewindBody`
+
+`public static function rewindBody(MessageInterface $message): void`
+
+Attempts to rewind a message body and throws an exception on failure.
+
+The body of the message will only be rewound if a call to `tell()`
+returns a value other than `0`.
+
+
+## `GuzzleHttp\Psr7\Message::parseMessage`
+
+`public static function parseMessage(string $message): array`
+
+Parses an HTTP message into an associative array.
+
+The array contains the "start-line" key containing the start line of
+the message, "headers" key containing an associative array of header
+array values, and a "body" key containing the body of the message.
+
+
+## `GuzzleHttp\Psr7\Message::parseRequestUri`
+
+`public static function parseRequestUri(string $path, array $headers): string`
+
+Constructs a URI for an HTTP request message.
+
+
+## `GuzzleHttp\Psr7\Message::parseRequest`
+
+`public static function parseRequest(string $message): Request`
+
+Parses a request message string into a request object.
+
+
+## `GuzzleHttp\Psr7\Message::parseResponse`
+
+`public static function parseResponse(string $message): Response`
+
+Parses a response message string into a response object.
+
+
+## `GuzzleHttp\Psr7\Header::parse`
+
+`public static function parse(string|array $header): array`
+
+Parse an array of header values containing ";" separated data into an
+array of associative arrays representing the header key value pair data
+of the header. When a parameter does not contain a value, but just
+contains a key, this function will inject a key with a '' string value.
+
+
+## `GuzzleHttp\Psr7\Header::splitList`
+
+`public static function splitList(string|string[] $header): string[]`
+
+Splits a HTTP header defined to contain a comma-separated list into
+each individual value:
+
+```
+$knownEtags = Header::splitList($request->getHeader('if-none-match'));
+```
+
+Example headers include `accept`, `cache-control` and `if-none-match`.
+
+
+## `GuzzleHttp\Psr7\Header::normalize` (deprecated)
+
+`public static function normalize(string|array $header): array`
+
+`Header::normalize()` is deprecated in favor of [`Header::splitList()`](README.md#guzzlehttppsr7headersplitlist)
+which performs the same operation with a cleaned up API and improved
+documentation.
+
+Converts an array of header values that may contain comma separated
+headers into an array of headers with no comma separated values.
+
+
+## `GuzzleHttp\Psr7\Query::parse`
+
+`public static function parse(string $str, int|bool $urlEncoding = true): array`
+
+Parse a query string into an associative array.
+
+If multiple values are found for the same key, the value of that key
+value pair will become an array. This function does not parse nested
+PHP style arrays into an associative array (e.g., `foo[a]=1&foo[b]=2`
+will be parsed into `['foo[a]' => '1', 'foo[b]' => '2'])`.
+
+
+## `GuzzleHttp\Psr7\Query::build`
+
+`public static function build(array $params, int|false $encoding = PHP_QUERY_RFC3986): string`
+
+Build a query string from an array of key value pairs.
+
+This function can use the return value of `parse()` to build a query
+string. This function does not modify the provided keys when an array is
+encountered (like `http_build_query()` would).
+
+
+## `GuzzleHttp\Psr7\Utils::caselessRemove`
+
+`public static function caselessRemove(iterable<string> $keys, $keys, array $data): array`
+
+Remove the items given by the keys, case insensitively from the data.
+
+
+## `GuzzleHttp\Psr7\Utils::copyToStream`
+
+`public static function copyToStream(StreamInterface $source, StreamInterface $dest, int $maxLen = -1): void`
+
+Copy the contents of a stream into another stream until the given number
+of bytes have been read.
+
+
+## `GuzzleHttp\Psr7\Utils::copyToString`
+
+`public static function copyToString(StreamInterface $stream, int $maxLen = -1): string`
+
+Copy the contents of a stream into a string until the given number of
+bytes have been read.
+
+
+## `GuzzleHttp\Psr7\Utils::hash`
+
+`public static function hash(StreamInterface $stream, string $algo, bool $rawOutput = false): string`
+
+Calculate a hash of a stream.
+
+This method reads the entire stream to calculate a rolling hash, based on
+PHP's `hash_init` functions.
+
+
+## `GuzzleHttp\Psr7\Utils::modifyRequest`
+
+`public static function modifyRequest(RequestInterface $request, array $changes): RequestInterface`
+
+Clone and modify a request with the given changes.
+
+This method is useful for reducing the number of clones needed to mutate
+a message.
+
+- method: (string) Changes the HTTP method.
+- set_headers: (array) Sets the given headers.
+- remove_headers: (array) Remove the given headers.
+- body: (mixed) Sets the given body.
+- uri: (UriInterface) Set the URI.
+- query: (string) Set the query string value of the URI.
+- version: (string) Set the protocol version.
+
+
+## `GuzzleHttp\Psr7\Utils::readLine`
+
+`public static function readLine(StreamInterface $stream, int $maxLength = null): string`
+
+Read a line from the stream up to the maximum allowed buffer length.
+
+
+## `GuzzleHttp\Psr7\Utils::streamFor`
+
+`public static function streamFor(resource|string|null|int|float|bool|StreamInterface|callable|\Iterator $resource = '', array $options = []): StreamInterface`
+
+Create a new stream based on the input type.
+
+Options is an associative array that can contain the following keys:
+
+- metadata: Array of custom metadata.
+- size: Size of the stream.
+
+This method accepts the following `$resource` types:
+
+- `Psr\Http\Message\StreamInterface`: Returns the value as-is.
+- `string`: Creates a stream object that uses the given string as the contents.
+- `resource`: Creates a stream object that wraps the given PHP stream resource.
+- `Iterator`: If the provided value implements `Iterator`, then a read-only
+  stream object will be created that wraps the given iterable. Each time the
+  stream is read from, data from the iterator will fill a buffer and will be
+  continuously called until the buffer is equal to the requested read size.
+  Subsequent read calls will first read from the buffer and then call `next`
+  on the underlying iterator until it is exhausted.
+- `object` with `__toString()`: If the object has the `__toString()` method,
+  the object will be cast to a string and then a stream will be returned that
+  uses the string value.
+- `NULL`: When `null` is passed, an empty stream object is returned.
+- `callable` When a callable is passed, a read-only stream object will be
+  created that invokes the given callable. The callable is invoked with the
+  number of suggested bytes to read. The callable can return any number of
+  bytes, but MUST return `false` when there is no more data to return. The
+  stream object that wraps the callable will invoke the callable until the
+  number of requested bytes are available. Any additional bytes will be
+  buffered and used in subsequent reads.
+
+```php
+$stream = GuzzleHttp\Psr7\Utils::streamFor('foo');
+$stream = GuzzleHttp\Psr7\Utils::streamFor(fopen('/path/to/file', 'r'));
+
+$generator = function ($bytes) {
+    for ($i = 0; $i < $bytes; $i++) {
+        yield ' ';
+    }
+}
+
+$stream = GuzzleHttp\Psr7\Utils::streamFor($generator(100));
+```
+
+
+## `GuzzleHttp\Psr7\Utils::tryFopen`
+
+`public static function tryFopen(string $filename, string $mode): resource`
+
+Safely opens a PHP stream resource using a filename.
+
+When fopen fails, PHP normally raises a warning. This function adds an
+error handler that checks for errors and throws an exception instead.
+
+
+## `GuzzleHttp\Psr7\Utils::tryGetContents`
+
+`public static function tryGetContents(resource $stream): string`
+
+Safely gets the contents of a given stream.
+
+When stream_get_contents fails, PHP normally raises a warning. This
+function adds an error handler that checks for errors and throws an
+exception instead.
+
+
+## `GuzzleHttp\Psr7\Utils::uriFor`
+
+`public static function uriFor(string|UriInterface $uri): UriInterface`
+
+Returns a UriInterface for the given value.
+
+This function accepts a string or UriInterface and returns a
+UriInterface for the given value. If the value is already a
+UriInterface, it is returned as-is.
+
+
+## `GuzzleHttp\Psr7\MimeType::fromFilename`
+
+`public static function fromFilename(string $filename): string|null`
+
+Determines the mimetype of a file by looking at its extension.
+
+
+## `GuzzleHttp\Psr7\MimeType::fromExtension`
+
+`public static function fromExtension(string $extension): string|null`
+
+Maps a file extensions to a mimetype.
+
+
+## Upgrading from Function API
+
+The static API was first introduced in 1.7.0, in order to mitigate problems with functions conflicting between global and local copies of the package. The function API was removed in 2.0.0. A migration table has been provided here for your convenience:
+
+| Original Function | Replacement Method |
+|----------------|----------------|
+| `str` | `Message::toString` |
+| `uri_for` | `Utils::uriFor` |
+| `stream_for` | `Utils::streamFor` |
+| `parse_header` | `Header::parse` |
+| `normalize_header` | `Header::normalize` |
+| `modify_request` | `Utils::modifyRequest` |
+| `rewind_body` | `Message::rewindBody` |
+| `try_fopen` | `Utils::tryFopen` |
+| `copy_to_string` | `Utils::copyToString` |
+| `copy_to_stream` | `Utils::copyToStream` |
+| `hash` | `Utils::hash` |
+| `readline` | `Utils::readLine` |
+| `parse_request` | `Message::parseRequest` |
+| `parse_response` | `Message::parseResponse` |
+| `parse_query` | `Query::parse` |
+| `build_query` | `Query::build` |
+| `mimetype_from_filename` | `MimeType::fromFilename` |
+| `mimetype_from_extension` | `MimeType::fromExtension` |
+| `_parse_message` | `Message::parseMessage` |
+| `_parse_request_uri` | `Message::parseRequestUri` |
+| `get_message_body_summary` | `Message::bodySummary` |
+| `_caseless_remove` | `Utils::caselessRemove` |
+
+
+# Additional URI Methods
+
+Aside from the standard `Psr\Http\Message\UriInterface` implementation in form of the `GuzzleHttp\Psr7\Uri` class,
+this library also provides additional functionality when working with URIs as static methods.
+
+## URI Types
+
+An instance of `Psr\Http\Message\UriInterface` can either be an absolute URI or a relative reference.
+An absolute URI has a scheme. A relative reference is used to express a URI relative to another URI,
+the base URI. Relative references can be divided into several forms according to
+[RFC 3986 Section 4.2](https://tools.ietf.org/html/rfc3986#section-4.2):
+
+- network-path references, e.g. `//example.com/path`
+- absolute-path references, e.g. `/path`
+- relative-path references, e.g. `subpath`
+
+The following methods can be used to identify the type of the URI.
+
+### `GuzzleHttp\Psr7\Uri::isAbsolute`
+
+`public static function isAbsolute(UriInterface $uri): bool`
+
+Whether the URI is absolute, i.e. it has a scheme.
+
+### `GuzzleHttp\Psr7\Uri::isNetworkPathReference`
+
+`public static function isNetworkPathReference(UriInterface $uri): bool`
+
+Whether the URI is a network-path reference. A relative reference that begins with two slash characters is
+termed an network-path reference.
+
+### `GuzzleHttp\Psr7\Uri::isAbsolutePathReference`
+
+`public static function isAbsolutePathReference(UriInterface $uri): bool`
+
+Whether the URI is a absolute-path reference. A relative reference that begins with a single slash character is
+termed an absolute-path reference.
+
+### `GuzzleHttp\Psr7\Uri::isRelativePathReference`
+
+`public static function isRelativePathReference(UriInterface $uri): bool`
+
+Whether the URI is a relative-path reference. A relative reference that does not begin with a slash character is
+termed a relative-path reference.
+
+### `GuzzleHttp\Psr7\Uri::isSameDocumentReference`
+
+`public static function isSameDocumentReference(UriInterface $uri, UriInterface $base = null): bool`
+
+Whether the URI is a same-document reference. A same-document reference refers to a URI that is, aside from its
+fragment component, identical to the base URI. When no base URI is given, only an empty URI reference
+(apart from its fragment) is considered a same-document reference.
+
+## URI Components
+
+Additional methods to work with URI components.
+
+### `GuzzleHttp\Psr7\Uri::isDefaultPort`
+
+`public static function isDefaultPort(UriInterface $uri): bool`
+
+Whether the URI has the default port of the current scheme. `Psr\Http\Message\UriInterface::getPort` may return null
+or the standard port. This method can be used independently of the implementation.
+
+### `GuzzleHttp\Psr7\Uri::composeComponents`
+
+`public static function composeComponents($scheme, $authority, $path, $query, $fragment): string`
+
+Composes a URI reference string from its various components according to
+[RFC 3986 Section 5.3](https://tools.ietf.org/html/rfc3986#section-5.3). Usually this method does not need to be called
+manually but instead is used indirectly via `Psr\Http\Message\UriInterface::__toString`.
+
+### `GuzzleHttp\Psr7\Uri::fromParts`
+
+`public static function fromParts(array $parts): UriInterface`
+
+Creates a URI from a hash of [`parse_url`](https://www.php.net/manual/en/function.parse-url.php) components.
+
+
+### `GuzzleHttp\Psr7\Uri::withQueryValue`
+
+`public static function withQueryValue(UriInterface $uri, $key, $value): UriInterface`
+
+Creates a new URI with a specific query string value. Any existing query string values that exactly match the
+provided key are removed and replaced with the given key value pair. A value of null will set the query string
+key without a value, e.g. "key" instead of "key=value".
+
+### `GuzzleHttp\Psr7\Uri::withQueryValues`
+
+`public static function withQueryValues(UriInterface $uri, array $keyValueArray): UriInterface`
+
+Creates a new URI with multiple query string values. It has the same behavior as `withQueryValue()` but for an
+associative array of key => value.
+
+### `GuzzleHttp\Psr7\Uri::withoutQueryValue`
+
+`public static function withoutQueryValue(UriInterface $uri, $key): UriInterface`
+
+Creates a new URI with a specific query string value removed. Any existing query string values that exactly match the
+provided key are removed.
+
+## Cross-Origin Detection
+
+`GuzzleHttp\Psr7\UriComparator` provides methods to determine if a modified URL should be considered cross-origin.
+
+### `GuzzleHttp\Psr7\UriComparator::isCrossOrigin`
+
+`public static function isCrossOrigin(UriInterface $original, UriInterface $modified): bool`
+
+Determines if a modified URL should be considered cross-origin with respect to an original URL.
+
+## Reference Resolution
+
+`GuzzleHttp\Psr7\UriResolver` provides methods to resolve a URI reference in the context of a base URI according
+to [RFC 3986 Section 5](https://tools.ietf.org/html/rfc3986#section-5). This is for example also what web browsers
+do when resolving a link in a website based on the current request URI.
+
+### `GuzzleHttp\Psr7\UriResolver::resolve`
+
+`public static function resolve(UriInterface $base, UriInterface $rel): UriInterface`
+
+Converts the relative URI into a new URI that is resolved against the base URI.
+
+### `GuzzleHttp\Psr7\UriResolver::removeDotSegments`
+
+`public static function removeDotSegments(string $path): string`
+
+Removes dot segments from a path and returns the new path according to
+[RFC 3986 Section 5.2.4](https://tools.ietf.org/html/rfc3986#section-5.2.4).
+
+### `GuzzleHttp\Psr7\UriResolver::relativize`
+
+`public static function relativize(UriInterface $base, UriInterface $target): UriInterface`
+
+Returns the target URI as a relative reference from the base URI. This method is the counterpart to resolve():
+
+```php
+(string) $target === (string) UriResolver::resolve($base, UriResolver::relativize($base, $target))
+```
+
+One use-case is to use the current request URI as base URI and then generate relative links in your documents
+to reduce the document size or offer self-contained downloadable document archives.
+
+```php
+$base = new Uri('http://example.com/a/b/');
+echo UriResolver::relativize($base, new Uri('http://example.com/a/b/c'));  // prints 'c'.
+echo UriResolver::relativize($base, new Uri('http://example.com/a/x/y'));  // prints '../x/y'.
+echo UriResolver::relativize($base, new Uri('http://example.com/a/b/?q')); // prints '?q'.
+echo UriResolver::relativize($base, new Uri('http://example.org/a/b/'));   // prints '//example.org/a/b/'.
+```
+
+## Normalization and Comparison
+
+`GuzzleHttp\Psr7\UriNormalizer` provides methods to normalize and compare URIs according to
+[RFC 3986 Section 6](https://tools.ietf.org/html/rfc3986#section-6).
+
+### `GuzzleHttp\Psr7\UriNormalizer::normalize`
+
+`public static function normalize(UriInterface $uri, $flags = self::PRESERVING_NORMALIZATIONS): UriInterface`
+
+Returns a normalized URI. The scheme and host component are already normalized to lowercase per PSR-7 UriInterface.
+This methods adds additional normalizations that can be configured with the `$flags` parameter which is a bitmask
+of normalizations to apply. The following normalizations are available:
+
+- `UriNormalizer::PRESERVING_NORMALIZATIONS`
+
+    Default normalizations which only include the ones that preserve semantics.
+
+- `UriNormalizer::CAPITALIZE_PERCENT_ENCODING`
+
+    All letters within a percent-encoding triplet (e.g., "%3A") are case-insensitive, and should be capitalized.
+
+    Example: `http://example.org/a%c2%b1b` → `http://example.org/a%C2%B1b`
+
+- `UriNormalizer::DECODE_UNRESERVED_CHARACTERS`
+
+    Decodes percent-encoded octets of unreserved characters. For consistency, percent-encoded octets in the ranges of
+    ALPHA (%41–%5A and %61–%7A), DIGIT (%30–%39), hyphen (%2D), period (%2E), underscore (%5F), or tilde (%7E) should
+    not be created by URI producers and, when found in a URI, should be decoded to their corresponding unreserved
+    characters by URI normalizers.
+
+    Example: `http://example.org/%7Eusern%61me/` → `http://example.org/~username/`
+
+- `UriNormalizer::CONVERT_EMPTY_PATH`
+
+    Converts the empty path to "/" for http and https URIs.
+
+    Example: `http://example.org` → `http://example.org/`
+
+- `UriNormalizer::REMOVE_DEFAULT_HOST`
+
+    Removes the default host of the given URI scheme from the URI. Only the "file" scheme defines the default host
+    "localhost". All of `file:/myfile`, `file:///myfile`, and `file://localhost/myfile` are equivalent according to
+    RFC 3986.
+
+    Example: `file://localhost/myfile` → `file:///myfile`
+
+- `UriNormalizer::REMOVE_DEFAULT_PORT`
+
+    Removes the default port of the given URI scheme from the URI.
+
+    Example: `http://example.org:80/` → `http://example.org/`
+
+- `UriNormalizer::REMOVE_DOT_SEGMENTS`
+
+    Removes unnecessary dot-segments. Dot-segments in relative-path references are not removed as it would
+    change the semantics of the URI reference.
+
+    Example: `http://example.org/../a/b/../c/./d.html` → `http://example.org/a/c/d.html`
+
+- `UriNormalizer::REMOVE_DUPLICATE_SLASHES`
+
+    Paths which include two or more adjacent slashes are converted to one. Webservers usually ignore duplicate slashes
+    and treat those URIs equivalent. But in theory those URIs do not need to be equivalent. So this normalization
+    may change the semantics. Encoded slashes (%2F) are not removed.
+
+    Example: `http://example.org//foo///bar.html` → `http://example.org/foo/bar.html`
+
+- `UriNormalizer::SORT_QUERY_PARAMETERS`
+
+    Sort query parameters with their values in alphabetical order. However, the order of parameters in a URI may be
+    significant (this is not defined by the standard). So this normalization is not safe and may change the semantics
+    of the URI.
+
+    Example: `?lang=en&article=fred` → `?article=fred&lang=en`
+
+### `GuzzleHttp\Psr7\UriNormalizer::isEquivalent`
+
+`public static function isEquivalent(UriInterface $uri1, UriInterface $uri2, $normalizations = self::PRESERVING_NORMALIZATIONS): bool`
+
+Whether two URIs can be considered equivalent. Both URIs are normalized automatically before comparison with the given
+`$normalizations` bitmask. The method also accepts relative URI references and returns true when they are equivalent.
+This of course assumes they will be resolved against the same base URI. If this is not the case, determination of
+equivalence or difference of relative references does not mean anything.
+
+
+## Version Guidance
+
+| Version | Status         | PHP Version      |
+|---------|----------------|------------------|
+| 1.x     | Security fixes | >=5.4,<8.1       |
+| 2.x     | Latest         | ^7.2.5 \|\| ^8.0 |
+
+
+## Security
+
+If you discover a security vulnerability within this package, please send an email to security@tidelift.com. All security vulnerabilities will be promptly addressed. Please do not disclose security-related issues publicly until a fix has been announced. Please see [Security Policy](https://github.com/guzzle/psr7/security/policy) for more information.
+
+
+## License
+
+Guzzle is made available under the MIT License (MIT). Please see [License File](LICENSE) for more information.
+
+
+## For Enterprise
+
+Available as part of the Tidelift Subscription
+
+The maintainers of Guzzle and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. [Learn more.](https://tidelift.com/subscription/pkg/packagist-guzzlehttp-psr7?utm_source=packagist-guzzlehttp-psr7&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/composer.json b/data/web/inc/lib/vendor/guzzlehttp/psr7/composer.json
new file mode 100644
index 000000000..cd91040cf
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/composer.json
@@ -0,0 +1,96 @@
+{
+    "name": "guzzlehttp/psr7",
+    "description": "PSR-7 message implementation that also provides common utility methods",
+    "keywords": [
+        "request",
+        "response",
+        "message",
+        "stream",
+        "http",
+        "uri",
+        "url",
+        "psr-7"
+    ],
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Graham Campbell",
+            "email": "hello@gjcampbell.co.uk",
+            "homepage": "https://github.com/GrahamCampbell"
+        },
+        {
+            "name": "Michael Dowling",
+            "email": "mtdowling@gmail.com",
+            "homepage": "https://github.com/mtdowling"
+        },
+        {
+            "name": "George Mponos",
+            "email": "gmponos@gmail.com",
+            "homepage": "https://github.com/gmponos"
+        },
+        {
+            "name": "Tobias Nyholm",
+            "email": "tobias.nyholm@gmail.com",
+            "homepage": "https://github.com/Nyholm"
+        },
+        {
+            "name": "Márk Sági-Kazár",
+            "email": "mark.sagikazar@gmail.com",
+            "homepage": "https://github.com/sagikazarmark"
+        },
+        {
+            "name": "Tobias Schultze",
+            "email": "webmaster@tubo-world.de",
+            "homepage": "https://github.com/Tobion"
+        },
+        {
+            "name": "Márk Sági-Kazár",
+            "email": "mark.sagikazar@gmail.com",
+            "homepage": "https://sagikazarmark.hu"
+        }
+    ],
+    "require": {
+        "php": "^7.2.5 || ^8.0",
+        "psr/http-factory": "^1.0",
+        "psr/http-message": "^1.0",
+        "ralouphie/getallheaders": "^3.0"
+    },
+    "provide": {
+        "psr/http-factory-implementation": "1.0",
+        "psr/http-message-implementation": "1.0"
+    },
+    "require-dev": {
+        "bamarni/composer-bin-plugin": "^1.8.1",
+        "http-interop/http-factory-tests": "^0.9",
+        "phpunit/phpunit": "^8.5.29 || ^9.5.23"
+    },
+    "suggest": {
+        "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
+    },
+    "autoload": {
+        "psr-4": {
+            "GuzzleHttp\\Psr7\\": "src/"
+        }
+    },
+    "autoload-dev": {
+        "psr-4": {
+            "GuzzleHttp\\Tests\\Psr7\\": "tests/"
+        }
+    },
+    "extra": {
+        "bamarni-bin": {
+            "bin-links": true,
+            "forward-command": false
+        },
+        "branch-alias": {
+            "dev-master": "2.4-dev"
+        }
+    },
+    "config": {
+        "allow-plugins": {
+            "bamarni/composer-bin-plugin": true
+        },
+        "preferred-install": "dist",
+        "sort-packages": true
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/AppendStream.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/AppendStream.php
new file mode 100644
index 000000000..cbcfaee65
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/AppendStream.php
@@ -0,0 +1,248 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\StreamInterface;
+
+/**
+ * Reads from multiple streams, one after the other.
+ *
+ * This is a read-only stream decorator.
+ */
+final class AppendStream implements StreamInterface
+{
+    /** @var StreamInterface[] Streams being decorated */
+    private $streams = [];
+
+    /** @var bool */
+    private $seekable = true;
+
+    /** @var int */
+    private $current = 0;
+
+    /** @var int */
+    private $pos = 0;
+
+    /**
+     * @param StreamInterface[] $streams Streams to decorate. Each stream must
+     *                                   be readable.
+     */
+    public function __construct(array $streams = [])
+    {
+        foreach ($streams as $stream) {
+            $this->addStream($stream);
+        }
+    }
+
+    public function __toString(): string
+    {
+        try {
+            $this->rewind();
+            return $this->getContents();
+        } catch (\Throwable $e) {
+            if (\PHP_VERSION_ID >= 70400) {
+                throw $e;
+            }
+            trigger_error(sprintf('%s::__toString exception: %s', self::class, (string) $e), E_USER_ERROR);
+            return '';
+        }
+    }
+
+    /**
+     * Add a stream to the AppendStream
+     *
+     * @param StreamInterface $stream Stream to append. Must be readable.
+     *
+     * @throws \InvalidArgumentException if the stream is not readable
+     */
+    public function addStream(StreamInterface $stream): void
+    {
+        if (!$stream->isReadable()) {
+            throw new \InvalidArgumentException('Each stream must be readable');
+        }
+
+        // The stream is only seekable if all streams are seekable
+        if (!$stream->isSeekable()) {
+            $this->seekable = false;
+        }
+
+        $this->streams[] = $stream;
+    }
+
+    public function getContents(): string
+    {
+        return Utils::copyToString($this);
+    }
+
+    /**
+     * Closes each attached stream.
+     */
+    public function close(): void
+    {
+        $this->pos = $this->current = 0;
+        $this->seekable = true;
+
+        foreach ($this->streams as $stream) {
+            $stream->close();
+        }
+
+        $this->streams = [];
+    }
+
+    /**
+     * Detaches each attached stream.
+     *
+     * Returns null as it's not clear which underlying stream resource to return.
+     */
+    public function detach()
+    {
+        $this->pos = $this->current = 0;
+        $this->seekable = true;
+
+        foreach ($this->streams as $stream) {
+            $stream->detach();
+        }
+
+        $this->streams = [];
+
+        return null;
+    }
+
+    public function tell(): int
+    {
+        return $this->pos;
+    }
+
+    /**
+     * Tries to calculate the size by adding the size of each stream.
+     *
+     * If any of the streams do not return a valid number, then the size of the
+     * append stream cannot be determined and null is returned.
+     */
+    public function getSize(): ?int
+    {
+        $size = 0;
+
+        foreach ($this->streams as $stream) {
+            $s = $stream->getSize();
+            if ($s === null) {
+                return null;
+            }
+            $size += $s;
+        }
+
+        return $size;
+    }
+
+    public function eof(): bool
+    {
+        return !$this->streams ||
+            ($this->current >= count($this->streams) - 1 &&
+             $this->streams[$this->current]->eof());
+    }
+
+    public function rewind(): void
+    {
+        $this->seek(0);
+    }
+
+    /**
+     * Attempts to seek to the given position. Only supports SEEK_SET.
+     */
+    public function seek($offset, $whence = SEEK_SET): void
+    {
+        if (!$this->seekable) {
+            throw new \RuntimeException('This AppendStream is not seekable');
+        } elseif ($whence !== SEEK_SET) {
+            throw new \RuntimeException('The AppendStream can only seek with SEEK_SET');
+        }
+
+        $this->pos = $this->current = 0;
+
+        // Rewind each stream
+        foreach ($this->streams as $i => $stream) {
+            try {
+                $stream->rewind();
+            } catch (\Exception $e) {
+                throw new \RuntimeException('Unable to seek stream '
+                    . $i . ' of the AppendStream', 0, $e);
+            }
+        }
+
+        // Seek to the actual position by reading from each stream
+        while ($this->pos < $offset && !$this->eof()) {
+            $result = $this->read(min(8096, $offset - $this->pos));
+            if ($result === '') {
+                break;
+            }
+        }
+    }
+
+    /**
+     * Reads from all of the appended streams until the length is met or EOF.
+     */
+    public function read($length): string
+    {
+        $buffer = '';
+        $total = count($this->streams) - 1;
+        $remaining = $length;
+        $progressToNext = false;
+
+        while ($remaining > 0) {
+            // Progress to the next stream if needed.
+            if ($progressToNext || $this->streams[$this->current]->eof()) {
+                $progressToNext = false;
+                if ($this->current === $total) {
+                    break;
+                }
+                $this->current++;
+            }
+
+            $result = $this->streams[$this->current]->read($remaining);
+
+            if ($result === '') {
+                $progressToNext = true;
+                continue;
+            }
+
+            $buffer .= $result;
+            $remaining = $length - strlen($buffer);
+        }
+
+        $this->pos += strlen($buffer);
+
+        return $buffer;
+    }
+
+    public function isReadable(): bool
+    {
+        return true;
+    }
+
+    public function isWritable(): bool
+    {
+        return false;
+    }
+
+    public function isSeekable(): bool
+    {
+        return $this->seekable;
+    }
+
+    public function write($string): int
+    {
+        throw new \RuntimeException('Cannot write to an AppendStream');
+    }
+
+    /**
+     * {@inheritdoc}
+     *
+     * @return mixed
+     */
+    public function getMetadata($key = null)
+    {
+        return $key ? null : [];
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/BufferStream.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/BufferStream.php
new file mode 100644
index 000000000..21be8c0a9
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/BufferStream.php
@@ -0,0 +1,149 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\StreamInterface;
+
+/**
+ * Provides a buffer stream that can be written to to fill a buffer, and read
+ * from to remove bytes from the buffer.
+ *
+ * This stream returns a "hwm" metadata value that tells upstream consumers
+ * what the configured high water mark of the stream is, or the maximum
+ * preferred size of the buffer.
+ */
+final class BufferStream implements StreamInterface
+{
+    /** @var int */
+    private $hwm;
+
+    /** @var string */
+    private $buffer = '';
+
+    /**
+     * @param int $hwm High water mark, representing the preferred maximum
+     *                 buffer size. If the size of the buffer exceeds the high
+     *                 water mark, then calls to write will continue to succeed
+     *                 but will return 0 to inform writers to slow down
+     *                 until the buffer has been drained by reading from it.
+     */
+    public function __construct(int $hwm = 16384)
+    {
+        $this->hwm = $hwm;
+    }
+
+    public function __toString(): string
+    {
+        return $this->getContents();
+    }
+
+    public function getContents(): string
+    {
+        $buffer = $this->buffer;
+        $this->buffer = '';
+
+        return $buffer;
+    }
+
+    public function close(): void
+    {
+        $this->buffer = '';
+    }
+
+    public function detach()
+    {
+        $this->close();
+
+        return null;
+    }
+
+    public function getSize(): ?int
+    {
+        return strlen($this->buffer);
+    }
+
+    public function isReadable(): bool
+    {
+        return true;
+    }
+
+    public function isWritable(): bool
+    {
+        return true;
+    }
+
+    public function isSeekable(): bool
+    {
+        return false;
+    }
+
+    public function rewind(): void
+    {
+        $this->seek(0);
+    }
+
+    public function seek($offset, $whence = SEEK_SET): void
+    {
+        throw new \RuntimeException('Cannot seek a BufferStream');
+    }
+
+    public function eof(): bool
+    {
+        return strlen($this->buffer) === 0;
+    }
+
+    public function tell(): int
+    {
+        throw new \RuntimeException('Cannot determine the position of a BufferStream');
+    }
+
+    /**
+     * Reads data from the buffer.
+     */
+    public function read($length): string
+    {
+        $currentLength = strlen($this->buffer);
+
+        if ($length >= $currentLength) {
+            // No need to slice the buffer because we don't have enough data.
+            $result = $this->buffer;
+            $this->buffer = '';
+        } else {
+            // Slice up the result to provide a subset of the buffer.
+            $result = substr($this->buffer, 0, $length);
+            $this->buffer = substr($this->buffer, $length);
+        }
+
+        return $result;
+    }
+
+    /**
+     * Writes data to the buffer.
+     */
+    public function write($string): int
+    {
+        $this->buffer .= $string;
+
+        if (strlen($this->buffer) >= $this->hwm) {
+            return 0;
+        }
+
+        return strlen($string);
+    }
+
+    /**
+     * {@inheritdoc}
+     *
+     * @return mixed
+     */
+    public function getMetadata($key = null)
+    {
+        if ($key === 'hwm') {
+            return $this->hwm;
+        }
+
+        return $key ? null : [];
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/CachingStream.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/CachingStream.php
new file mode 100644
index 000000000..f34722cff
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/CachingStream.php
@@ -0,0 +1,153 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\StreamInterface;
+
+/**
+ * Stream decorator that can cache previously read bytes from a sequentially
+ * read stream.
+ */
+final class CachingStream implements StreamInterface
+{
+    use StreamDecoratorTrait;
+
+    /** @var StreamInterface Stream being wrapped */
+    private $remoteStream;
+
+    /** @var int Number of bytes to skip reading due to a write on the buffer */
+    private $skipReadBytes = 0;
+
+    /**
+     * @var StreamInterface
+     */
+    private $stream;
+
+    /**
+     * We will treat the buffer object as the body of the stream
+     *
+     * @param StreamInterface $stream Stream to cache. The cursor is assumed to be at the beginning of the stream.
+     * @param StreamInterface $target Optionally specify where data is cached
+     */
+    public function __construct(
+        StreamInterface $stream,
+        StreamInterface $target = null
+    ) {
+        $this->remoteStream = $stream;
+        $this->stream = $target ?: new Stream(Utils::tryFopen('php://temp', 'r+'));
+    }
+
+    public function getSize(): ?int
+    {
+        $remoteSize = $this->remoteStream->getSize();
+
+        if (null === $remoteSize) {
+            return null;
+        }
+
+        return max($this->stream->getSize(), $remoteSize);
+    }
+
+    public function rewind(): void
+    {
+        $this->seek(0);
+    }
+
+    public function seek($offset, $whence = SEEK_SET): void
+    {
+        if ($whence === SEEK_SET) {
+            $byte = $offset;
+        } elseif ($whence === SEEK_CUR) {
+            $byte = $offset + $this->tell();
+        } elseif ($whence === SEEK_END) {
+            $size = $this->remoteStream->getSize();
+            if ($size === null) {
+                $size = $this->cacheEntireStream();
+            }
+            $byte = $size + $offset;
+        } else {
+            throw new \InvalidArgumentException('Invalid whence');
+        }
+
+        $diff = $byte - $this->stream->getSize();
+
+        if ($diff > 0) {
+            // Read the remoteStream until we have read in at least the amount
+            // of bytes requested, or we reach the end of the file.
+            while ($diff > 0 && !$this->remoteStream->eof()) {
+                $this->read($diff);
+                $diff = $byte - $this->stream->getSize();
+            }
+        } else {
+            // We can just do a normal seek since we've already seen this byte.
+            $this->stream->seek($byte);
+        }
+    }
+
+    public function read($length): string
+    {
+        // Perform a regular read on any previously read data from the buffer
+        $data = $this->stream->read($length);
+        $remaining = $length - strlen($data);
+
+        // More data was requested so read from the remote stream
+        if ($remaining) {
+            // If data was written to the buffer in a position that would have
+            // been filled from the remote stream, then we must skip bytes on
+            // the remote stream to emulate overwriting bytes from that
+            // position. This mimics the behavior of other PHP stream wrappers.
+            $remoteData = $this->remoteStream->read(
+                $remaining + $this->skipReadBytes
+            );
+
+            if ($this->skipReadBytes) {
+                $len = strlen($remoteData);
+                $remoteData = substr($remoteData, $this->skipReadBytes);
+                $this->skipReadBytes = max(0, $this->skipReadBytes - $len);
+            }
+
+            $data .= $remoteData;
+            $this->stream->write($remoteData);
+        }
+
+        return $data;
+    }
+
+    public function write($string): int
+    {
+        // When appending to the end of the currently read stream, you'll want
+        // to skip bytes from being read from the remote stream to emulate
+        // other stream wrappers. Basically replacing bytes of data of a fixed
+        // length.
+        $overflow = (strlen($string) + $this->tell()) - $this->remoteStream->tell();
+        if ($overflow > 0) {
+            $this->skipReadBytes += $overflow;
+        }
+
+        return $this->stream->write($string);
+    }
+
+    public function eof(): bool
+    {
+        return $this->stream->eof() && $this->remoteStream->eof();
+    }
+
+    /**
+     * Close both the remote stream and buffer stream
+     */
+    public function close(): void
+    {
+        $this->remoteStream->close();
+        $this->stream->close();
+    }
+
+    private function cacheEntireStream(): int
+    {
+        $target = new FnStream(['write' => 'strlen']);
+        Utils::copyToStream($this, $target);
+
+        return $this->tell();
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/DroppingStream.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/DroppingStream.php
new file mode 100644
index 000000000..6e3d209d0
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/DroppingStream.php
@@ -0,0 +1,49 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\StreamInterface;
+
+/**
+ * Stream decorator that begins dropping data once the size of the underlying
+ * stream becomes too full.
+ */
+final class DroppingStream implements StreamInterface
+{
+    use StreamDecoratorTrait;
+
+    /** @var int */
+    private $maxLength;
+
+    /** @var StreamInterface */
+    private $stream;
+
+    /**
+     * @param StreamInterface $stream    Underlying stream to decorate.
+     * @param int             $maxLength Maximum size before dropping data.
+     */
+    public function __construct(StreamInterface $stream, int $maxLength)
+    {
+        $this->stream = $stream;
+        $this->maxLength = $maxLength;
+    }
+
+    public function write($string): int
+    {
+        $diff = $this->maxLength - $this->stream->getSize();
+
+        // Begin returning 0 when the underlying stream is too large.
+        if ($diff <= 0) {
+            return 0;
+        }
+
+        // Write the stream or a subset of the stream if needed.
+        if (strlen($string) < $diff) {
+            return $this->stream->write($string);
+        }
+
+        return $this->stream->write(substr($string, 0, $diff));
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Exception/MalformedUriException.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Exception/MalformedUriException.php
new file mode 100644
index 000000000..3a084779a
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Exception/MalformedUriException.php
@@ -0,0 +1,14 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7\Exception;
+
+use InvalidArgumentException;
+
+/**
+ * Exception thrown if a URI cannot be parsed because it's malformed.
+ */
+class MalformedUriException extends InvalidArgumentException
+{
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/FnStream.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/FnStream.php
new file mode 100644
index 000000000..3a1a9512e
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/FnStream.php
@@ -0,0 +1,180 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\StreamInterface;
+
+/**
+ * Compose stream implementations based on a hash of functions.
+ *
+ * Allows for easy testing and extension of a provided stream without needing
+ * to create a concrete class for a simple extension point.
+ */
+#[\AllowDynamicProperties]
+final class FnStream implements StreamInterface
+{
+    private const SLOTS = [
+        '__toString', 'close', 'detach', 'rewind',
+        'getSize', 'tell', 'eof', 'isSeekable', 'seek', 'isWritable', 'write',
+        'isReadable', 'read', 'getContents', 'getMetadata'
+    ];
+
+    /** @var array<string, callable> */
+    private $methods;
+
+    /**
+     * @param array<string, callable> $methods Hash of method name to a callable.
+     */
+    public function __construct(array $methods)
+    {
+        $this->methods = $methods;
+
+        // Create the functions on the class
+        foreach ($methods as $name => $fn) {
+            $this->{'_fn_' . $name} = $fn;
+        }
+    }
+
+    /**
+     * Lazily determine which methods are not implemented.
+     *
+     * @throws \BadMethodCallException
+     */
+    public function __get(string $name): void
+    {
+        throw new \BadMethodCallException(str_replace('_fn_', '', $name)
+            . '() is not implemented in the FnStream');
+    }
+
+    /**
+     * The close method is called on the underlying stream only if possible.
+     */
+    public function __destruct()
+    {
+        if (isset($this->_fn_close)) {
+            call_user_func($this->_fn_close);
+        }
+    }
+
+    /**
+     * An unserialize would allow the __destruct to run when the unserialized value goes out of scope.
+     *
+     * @throws \LogicException
+     */
+    public function __wakeup(): void
+    {
+        throw new \LogicException('FnStream should never be unserialized');
+    }
+
+    /**
+     * Adds custom functionality to an underlying stream by intercepting
+     * specific method calls.
+     *
+     * @param StreamInterface         $stream  Stream to decorate
+     * @param array<string, callable> $methods Hash of method name to a closure
+     *
+     * @return FnStream
+     */
+    public static function decorate(StreamInterface $stream, array $methods)
+    {
+        // If any of the required methods were not provided, then simply
+        // proxy to the decorated stream.
+        foreach (array_diff(self::SLOTS, array_keys($methods)) as $diff) {
+            /** @var callable $callable */
+            $callable = [$stream, $diff];
+            $methods[$diff] = $callable;
+        }
+
+        return new self($methods);
+    }
+
+    public function __toString(): string
+    {
+        try {
+            return call_user_func($this->_fn___toString);
+        } catch (\Throwable $e) {
+            if (\PHP_VERSION_ID >= 70400) {
+                throw $e;
+            }
+            trigger_error(sprintf('%s::__toString exception: %s', self::class, (string) $e), E_USER_ERROR);
+            return '';
+        }
+    }
+
+    public function close(): void
+    {
+        call_user_func($this->_fn_close);
+    }
+
+    public function detach()
+    {
+        return call_user_func($this->_fn_detach);
+    }
+
+    public function getSize(): ?int
+    {
+        return call_user_func($this->_fn_getSize);
+    }
+
+    public function tell(): int
+    {
+        return call_user_func($this->_fn_tell);
+    }
+
+    public function eof(): bool
+    {
+        return call_user_func($this->_fn_eof);
+    }
+
+    public function isSeekable(): bool
+    {
+        return call_user_func($this->_fn_isSeekable);
+    }
+
+    public function rewind(): void
+    {
+        call_user_func($this->_fn_rewind);
+    }
+
+    public function seek($offset, $whence = SEEK_SET): void
+    {
+        call_user_func($this->_fn_seek, $offset, $whence);
+    }
+
+    public function isWritable(): bool
+    {
+        return call_user_func($this->_fn_isWritable);
+    }
+
+    public function write($string): int
+    {
+        return call_user_func($this->_fn_write, $string);
+    }
+
+    public function isReadable(): bool
+    {
+        return call_user_func($this->_fn_isReadable);
+    }
+
+    public function read($length): string
+    {
+        return call_user_func($this->_fn_read, $length);
+    }
+
+    public function getContents(): string
+    {
+        return call_user_func($this->_fn_getContents);
+    }
+
+    /**
+     * {@inheritdoc}
+     *
+     * @return mixed
+     */
+    public function getMetadata($key = null)
+    {
+        return call_user_func($this->_fn_getMetadata, $key);
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Header.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Header.php
new file mode 100644
index 000000000..4d7005b22
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Header.php
@@ -0,0 +1,134 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+final class Header
+{
+    /**
+     * Parse an array of header values containing ";" separated data into an
+     * array of associative arrays representing the header key value pair data
+     * of the header. When a parameter does not contain a value, but just
+     * contains a key, this function will inject a key with a '' string value.
+     *
+     * @param string|array $header Header to parse into components.
+     */
+    public static function parse($header): array
+    {
+        static $trimmed = "\"'  \n\t\r";
+        $params = $matches = [];
+
+        foreach ((array) $header as $value) {
+            foreach (self::splitList($value) as $val) {
+                $part = [];
+                foreach (preg_split('/;(?=([^"]*"[^"]*")*[^"]*$)/', $val) as $kvp) {
+                    if (preg_match_all('/<[^>]+>|[^=]+/', $kvp, $matches)) {
+                        $m = $matches[0];
+                        if (isset($m[1])) {
+                            $part[trim($m[0], $trimmed)] = trim($m[1], $trimmed);
+                        } else {
+                            $part[] = trim($m[0], $trimmed);
+                        }
+                    }
+                }
+                if ($part) {
+                    $params[] = $part;
+                }
+            }
+        }
+
+        return $params;
+    }
+
+    /**
+     * Converts an array of header values that may contain comma separated
+     * headers into an array of headers with no comma separated values.
+     *
+     * @param string|array $header Header to normalize.
+     *
+     * @deprecated Use self::splitList() instead.
+     */
+    public static function normalize($header): array
+    {
+        $result = [];
+        foreach ((array) $header as $value) {
+            foreach (self::splitList($value) as $parsed) {
+                $result[] = $parsed;
+            }
+        }
+
+        return $result;
+    }
+
+    /**
+     * Splits a HTTP header defined to contain a comma-separated list into
+     * each individual value. Empty values will be removed.
+     *
+     * Example headers include 'accept', 'cache-control' and 'if-none-match'.
+     *
+     * This method must not be used to parse headers that are not defined as
+     * a list, such as 'user-agent' or 'set-cookie'.
+     *
+     * @param string|string[] $values Header value as returned by MessageInterface::getHeader()
+     *
+     * @return string[]
+     */
+    public static function splitList($values): array
+    {
+        if (!\is_array($values)) {
+            $values = [$values];
+        }
+
+        $result = [];
+        foreach ($values as $value) {
+            if (!\is_string($value)) {
+                throw new \TypeError('$header must either be a string or an array containing strings.');
+            }
+
+            $v = '';
+            $isQuoted = false;
+            $isEscaped = false;
+            for ($i = 0, $max = \strlen($value); $i < $max; $i++) {
+                if ($isEscaped) {
+                    $v .= $value[$i];
+                    $isEscaped = false;
+
+                    continue;
+                }
+
+                if (!$isQuoted && $value[$i] === ',') {
+                    $v = \trim($v);
+                    if ($v !== '') {
+                        $result[] = $v;
+                    }
+
+                    $v = '';
+                    continue;
+                }
+
+                if ($isQuoted && $value[$i] === '\\') {
+                    $isEscaped = true;
+                    $v .= $value[$i];
+
+                    continue;
+                }
+                if ($value[$i] === '"') {
+                    $isQuoted = !$isQuoted;
+                    $v .= $value[$i];
+
+                    continue;
+                }
+
+                $v .= $value[$i];
+            }
+
+            $v = \trim($v);
+            if ($v !== '') {
+                $result[] = $v;
+            }
+        }
+
+        return $result;
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/HttpFactory.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/HttpFactory.php
new file mode 100644
index 000000000..30be222fc
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/HttpFactory.php
@@ -0,0 +1,100 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\RequestFactoryInterface;
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\ResponseFactoryInterface;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestFactoryInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Message\StreamFactoryInterface;
+use Psr\Http\Message\StreamInterface;
+use Psr\Http\Message\UploadedFileFactoryInterface;
+use Psr\Http\Message\UploadedFileInterface;
+use Psr\Http\Message\UriFactoryInterface;
+use Psr\Http\Message\UriInterface;
+
+/**
+ * Implements all of the PSR-17 interfaces.
+ *
+ * Note: in consuming code it is recommended to require the implemented interfaces
+ * and inject the instance of this class multiple times.
+ */
+final class HttpFactory implements
+    RequestFactoryInterface,
+    ResponseFactoryInterface,
+    ServerRequestFactoryInterface,
+    StreamFactoryInterface,
+    UploadedFileFactoryInterface,
+    UriFactoryInterface
+{
+    public function createUploadedFile(
+        StreamInterface $stream,
+        int $size = null,
+        int $error = \UPLOAD_ERR_OK,
+        string $clientFilename = null,
+        string $clientMediaType = null
+    ): UploadedFileInterface {
+        if ($size === null) {
+            $size = $stream->getSize();
+        }
+
+        return new UploadedFile($stream, $size, $error, $clientFilename, $clientMediaType);
+    }
+
+    public function createStream(string $content = ''): StreamInterface
+    {
+        return Utils::streamFor($content);
+    }
+
+    public function createStreamFromFile(string $file, string $mode = 'r'): StreamInterface
+    {
+        try {
+            $resource = Utils::tryFopen($file, $mode);
+        } catch (\RuntimeException $e) {
+            if ('' === $mode || false === \in_array($mode[0], ['r', 'w', 'a', 'x', 'c'], true)) {
+                throw new \InvalidArgumentException(sprintf('Invalid file opening mode "%s"', $mode), 0, $e);
+            }
+
+            throw $e;
+        }
+
+        return Utils::streamFor($resource);
+    }
+
+    public function createStreamFromResource($resource): StreamInterface
+    {
+        return Utils::streamFor($resource);
+    }
+
+    public function createServerRequest(string $method, $uri, array $serverParams = []): ServerRequestInterface
+    {
+        if (empty($method)) {
+            if (!empty($serverParams['REQUEST_METHOD'])) {
+                $method = $serverParams['REQUEST_METHOD'];
+            } else {
+                throw new \InvalidArgumentException('Cannot determine HTTP method');
+            }
+        }
+
+        return new ServerRequest($method, $uri, [], null, '1.1', $serverParams);
+    }
+
+    public function createResponse(int $code = 200, string $reasonPhrase = ''): ResponseInterface
+    {
+        return new Response($code, [], null, '1.1', $reasonPhrase);
+    }
+
+    public function createRequest(string $method, $uri): RequestInterface
+    {
+        return new Request($method, $uri);
+    }
+
+    public function createUri(string $uri = ''): UriInterface
+    {
+        return new Uri($uri);
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/InflateStream.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/InflateStream.php
new file mode 100644
index 000000000..8e00f1c32
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/InflateStream.php
@@ -0,0 +1,37 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\StreamInterface;
+
+/**
+ * Uses PHP's zlib.inflate filter to inflate zlib (HTTP deflate, RFC1950) or gzipped (RFC1952) content.
+ *
+ * This stream decorator converts the provided stream to a PHP stream resource,
+ * then appends the zlib.inflate filter. The stream is then converted back
+ * to a Guzzle stream resource to be used as a Guzzle stream.
+ *
+ * @link http://tools.ietf.org/html/rfc1950
+ * @link http://tools.ietf.org/html/rfc1952
+ * @link http://php.net/manual/en/filters.compression.php
+ */
+final class InflateStream implements StreamInterface
+{
+    use StreamDecoratorTrait;
+
+    /** @var StreamInterface */
+    private $stream;
+
+    public function __construct(StreamInterface $stream)
+    {
+        $resource = StreamWrapper::getResource($stream);
+        // Specify window=15+32, so zlib will use header detection to both gzip (with header) and zlib data
+        // See http://www.zlib.net/manual.html#Advanced definition of inflateInit2
+        // "Add 32 to windowBits to enable zlib and gzip decoding with automatic header detection"
+        // Default window size is 15.
+        stream_filter_append($resource, 'zlib.inflate', STREAM_FILTER_READ, ['window' => 15 + 32]);
+        $this->stream = $stream->isSeekable() ? new Stream($resource) : new NoSeekStream(new Stream($resource));
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/LazyOpenStream.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/LazyOpenStream.php
new file mode 100644
index 000000000..f6c84904e
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/LazyOpenStream.php
@@ -0,0 +1,49 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\StreamInterface;
+
+/**
+ * Lazily reads or writes to a file that is opened only after an IO operation
+ * take place on the stream.
+ */
+final class LazyOpenStream implements StreamInterface
+{
+    use StreamDecoratorTrait;
+
+    /** @var string */
+    private $filename;
+
+    /** @var string */
+    private $mode;
+
+    /**
+     * @var StreamInterface
+     */
+    private $stream;
+
+    /**
+     * @param string $filename File to lazily open
+     * @param string $mode     fopen mode to use when opening the stream
+     */
+    public function __construct(string $filename, string $mode)
+    {
+        $this->filename = $filename;
+        $this->mode = $mode;
+
+        // unsetting the property forces the first access to go through
+        // __get().
+        unset($this->stream);
+    }
+
+    /**
+     * Creates the underlying stream lazily when required.
+     */
+    protected function createStream(): StreamInterface
+    {
+        return Utils::streamFor(Utils::tryFopen($this->filename, $this->mode));
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/LimitStream.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/LimitStream.php
new file mode 100644
index 000000000..fb2232557
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/LimitStream.php
@@ -0,0 +1,157 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\StreamInterface;
+
+/**
+ * Decorator used to return only a subset of a stream.
+ */
+final class LimitStream implements StreamInterface
+{
+    use StreamDecoratorTrait;
+
+    /** @var int Offset to start reading from */
+    private $offset;
+
+    /** @var int Limit the number of bytes that can be read */
+    private $limit;
+
+    /** @var StreamInterface */
+    private $stream;
+
+    /**
+     * @param StreamInterface $stream Stream to wrap
+     * @param int             $limit  Total number of bytes to allow to be read
+     *                                from the stream. Pass -1 for no limit.
+     * @param int             $offset Position to seek to before reading (only
+     *                                works on seekable streams).
+     */
+    public function __construct(
+        StreamInterface $stream,
+        int $limit = -1,
+        int $offset = 0
+    ) {
+        $this->stream = $stream;
+        $this->setLimit($limit);
+        $this->setOffset($offset);
+    }
+
+    public function eof(): bool
+    {
+        // Always return true if the underlying stream is EOF
+        if ($this->stream->eof()) {
+            return true;
+        }
+
+        // No limit and the underlying stream is not at EOF
+        if ($this->limit === -1) {
+            return false;
+        }
+
+        return $this->stream->tell() >= $this->offset + $this->limit;
+    }
+
+    /**
+     * Returns the size of the limited subset of data
+     */
+    public function getSize(): ?int
+    {
+        if (null === ($length = $this->stream->getSize())) {
+            return null;
+        } elseif ($this->limit === -1) {
+            return $length - $this->offset;
+        } else {
+            return min($this->limit, $length - $this->offset);
+        }
+    }
+
+    /**
+     * Allow for a bounded seek on the read limited stream
+     */
+    public function seek($offset, $whence = SEEK_SET): void
+    {
+        if ($whence !== SEEK_SET || $offset < 0) {
+            throw new \RuntimeException(sprintf(
+                'Cannot seek to offset %s with whence %s',
+                $offset,
+                $whence
+            ));
+        }
+
+        $offset += $this->offset;
+
+        if ($this->limit !== -1) {
+            if ($offset > $this->offset + $this->limit) {
+                $offset = $this->offset + $this->limit;
+            }
+        }
+
+        $this->stream->seek($offset);
+    }
+
+    /**
+     * Give a relative tell()
+     */
+    public function tell(): int
+    {
+        return $this->stream->tell() - $this->offset;
+    }
+
+    /**
+     * Set the offset to start limiting from
+     *
+     * @param int $offset Offset to seek to and begin byte limiting from
+     *
+     * @throws \RuntimeException if the stream cannot be seeked.
+     */
+    public function setOffset(int $offset): void
+    {
+        $current = $this->stream->tell();
+
+        if ($current !== $offset) {
+            // If the stream cannot seek to the offset position, then read to it
+            if ($this->stream->isSeekable()) {
+                $this->stream->seek($offset);
+            } elseif ($current > $offset) {
+                throw new \RuntimeException("Could not seek to stream offset $offset");
+            } else {
+                $this->stream->read($offset - $current);
+            }
+        }
+
+        $this->offset = $offset;
+    }
+
+    /**
+     * Set the limit of bytes that the decorator allows to be read from the
+     * stream.
+     *
+     * @param int $limit Number of bytes to allow to be read from the stream.
+     *                   Use -1 for no limit.
+     */
+    public function setLimit(int $limit): void
+    {
+        $this->limit = $limit;
+    }
+
+    public function read($length): string
+    {
+        if ($this->limit === -1) {
+            return $this->stream->read($length);
+        }
+
+        // Check if the current position is less than the total allowed
+        // bytes + original offset
+        $remaining = ($this->offset + $this->limit) - $this->stream->tell();
+        if ($remaining > 0) {
+            // Only return the amount of requested data, ensuring that the byte
+            // limit is not exceeded
+            return $this->stream->read(min($remaining, $length));
+        }
+
+        return '';
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Message.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Message.php
new file mode 100644
index 000000000..61c1a5dcc
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Message.php
@@ -0,0 +1,246 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\MessageInterface;
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\ResponseInterface;
+
+final class Message
+{
+    /**
+     * Returns the string representation of an HTTP message.
+     *
+     * @param MessageInterface $message Message to convert to a string.
+     */
+    public static function toString(MessageInterface $message): string
+    {
+        if ($message instanceof RequestInterface) {
+            $msg = trim($message->getMethod() . ' '
+                    . $message->getRequestTarget())
+                . ' HTTP/' . $message->getProtocolVersion();
+            if (!$message->hasHeader('host')) {
+                $msg .= "\r\nHost: " . $message->getUri()->getHost();
+            }
+        } elseif ($message instanceof ResponseInterface) {
+            $msg = 'HTTP/' . $message->getProtocolVersion() . ' '
+                . $message->getStatusCode() . ' '
+                . $message->getReasonPhrase();
+        } else {
+            throw new \InvalidArgumentException('Unknown message type');
+        }
+
+        foreach ($message->getHeaders() as $name => $values) {
+            if (strtolower($name) === 'set-cookie') {
+                foreach ($values as $value) {
+                    $msg .= "\r\n{$name}: " . $value;
+                }
+            } else {
+                $msg .= "\r\n{$name}: " . implode(', ', $values);
+            }
+        }
+
+        return "{$msg}\r\n\r\n" . $message->getBody();
+    }
+
+    /**
+     * Get a short summary of the message body.
+     *
+     * Will return `null` if the response is not printable.
+     *
+     * @param MessageInterface $message    The message to get the body summary
+     * @param int              $truncateAt The maximum allowed size of the summary
+     */
+    public static function bodySummary(MessageInterface $message, int $truncateAt = 120): ?string
+    {
+        $body = $message->getBody();
+
+        if (!$body->isSeekable() || !$body->isReadable()) {
+            return null;
+        }
+
+        $size = $body->getSize();
+
+        if ($size === 0) {
+            return null;
+        }
+
+        $body->rewind();
+        $summary = $body->read($truncateAt);
+        $body->rewind();
+
+        if ($size > $truncateAt) {
+            $summary .= ' (truncated...)';
+        }
+
+        // Matches any printable character, including unicode characters:
+        // letters, marks, numbers, punctuation, spacing, and separators.
+        if (preg_match('/[^\pL\pM\pN\pP\pS\pZ\n\r\t]/u', $summary)) {
+            return null;
+        }
+
+        return $summary;
+    }
+
+    /**
+     * Attempts to rewind a message body and throws an exception on failure.
+     *
+     * The body of the message will only be rewound if a call to `tell()`
+     * returns a value other than `0`.
+     *
+     * @param MessageInterface $message Message to rewind
+     *
+     * @throws \RuntimeException
+     */
+    public static function rewindBody(MessageInterface $message): void
+    {
+        $body = $message->getBody();
+
+        if ($body->tell()) {
+            $body->rewind();
+        }
+    }
+
+    /**
+     * Parses an HTTP message into an associative array.
+     *
+     * The array contains the "start-line" key containing the start line of
+     * the message, "headers" key containing an associative array of header
+     * array values, and a "body" key containing the body of the message.
+     *
+     * @param string $message HTTP request or response to parse.
+     */
+    public static function parseMessage(string $message): array
+    {
+        if (!$message) {
+            throw new \InvalidArgumentException('Invalid message');
+        }
+
+        $message = ltrim($message, "\r\n");
+
+        $messageParts = preg_split("/\r?\n\r?\n/", $message, 2);
+
+        if ($messageParts === false || count($messageParts) !== 2) {
+            throw new \InvalidArgumentException('Invalid message: Missing header delimiter');
+        }
+
+        [$rawHeaders, $body] = $messageParts;
+        $rawHeaders .= "\r\n"; // Put back the delimiter we split previously
+        $headerParts = preg_split("/\r?\n/", $rawHeaders, 2);
+
+        if ($headerParts === false || count($headerParts) !== 2) {
+            throw new \InvalidArgumentException('Invalid message: Missing status line');
+        }
+
+        [$startLine, $rawHeaders] = $headerParts;
+
+        if (preg_match("/(?:^HTTP\/|^[A-Z]+ \S+ HTTP\/)(\d+(?:\.\d+)?)/i", $startLine, $matches) && $matches[1] === '1.0') {
+            // Header folding is deprecated for HTTP/1.1, but allowed in HTTP/1.0
+            $rawHeaders = preg_replace(Rfc7230::HEADER_FOLD_REGEX, ' ', $rawHeaders);
+        }
+
+        /** @var array[] $headerLines */
+        $count = preg_match_all(Rfc7230::HEADER_REGEX, $rawHeaders, $headerLines, PREG_SET_ORDER);
+
+        // If these aren't the same, then one line didn't match and there's an invalid header.
+        if ($count !== substr_count($rawHeaders, "\n")) {
+            // Folding is deprecated, see https://tools.ietf.org/html/rfc7230#section-3.2.4
+            if (preg_match(Rfc7230::HEADER_FOLD_REGEX, $rawHeaders)) {
+                throw new \InvalidArgumentException('Invalid header syntax: Obsolete line folding');
+            }
+
+            throw new \InvalidArgumentException('Invalid header syntax');
+        }
+
+        $headers = [];
+
+        foreach ($headerLines as $headerLine) {
+            $headers[$headerLine[1]][] = $headerLine[2];
+        }
+
+        return [
+            'start-line' => $startLine,
+            'headers' => $headers,
+            'body' => $body,
+        ];
+    }
+
+    /**
+     * Constructs a URI for an HTTP request message.
+     *
+     * @param string $path    Path from the start-line
+     * @param array  $headers Array of headers (each value an array).
+     */
+    public static function parseRequestUri(string $path, array $headers): string
+    {
+        $hostKey = array_filter(array_keys($headers), function ($k) {
+            // Numeric array keys are converted to int by PHP.
+            $k = (string) $k;
+
+            return strtolower($k) === 'host';
+        });
+
+        // If no host is found, then a full URI cannot be constructed.
+        if (!$hostKey) {
+            return $path;
+        }
+
+        $host = $headers[reset($hostKey)][0];
+        $scheme = substr($host, -4) === ':443' ? 'https' : 'http';
+
+        return $scheme . '://' . $host . '/' . ltrim($path, '/');
+    }
+
+    /**
+     * Parses a request message string into a request object.
+     *
+     * @param string $message Request message string.
+     */
+    public static function parseRequest(string $message): RequestInterface
+    {
+        $data = self::parseMessage($message);
+        $matches = [];
+        if (!preg_match('/^[\S]+\s+([a-zA-Z]+:\/\/|\/).*/', $data['start-line'], $matches)) {
+            throw new \InvalidArgumentException('Invalid request string');
+        }
+        $parts = explode(' ', $data['start-line'], 3);
+        $version = isset($parts[2]) ? explode('/', $parts[2])[1] : '1.1';
+
+        $request = new Request(
+            $parts[0],
+            $matches[1] === '/' ? self::parseRequestUri($parts[1], $data['headers']) : $parts[1],
+            $data['headers'],
+            $data['body'],
+            $version
+        );
+
+        return $matches[1] === '/' ? $request : $request->withRequestTarget($parts[1]);
+    }
+
+    /**
+     * Parses a response message string into a response object.
+     *
+     * @param string $message Response message string.
+     */
+    public static function parseResponse(string $message): ResponseInterface
+    {
+        $data = self::parseMessage($message);
+        // According to https://tools.ietf.org/html/rfc7230#section-3.1.2 the space
+        // between status-code and reason-phrase is required. But browsers accept
+        // responses without space and reason as well.
+        if (!preg_match('/^HTTP\/.* [0-9]{3}( .*|$)/', $data['start-line'])) {
+            throw new \InvalidArgumentException('Invalid response string: ' . $data['start-line']);
+        }
+        $parts = explode(' ', $data['start-line'], 3);
+
+        return new Response(
+            (int) $parts[1],
+            $data['headers'],
+            $data['body'],
+            explode('/', $parts[0])[1],
+            $parts[2] ?? null
+        );
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/MessageTrait.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/MessageTrait.php
new file mode 100644
index 000000000..d2dc28b60
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/MessageTrait.php
@@ -0,0 +1,264 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\MessageInterface;
+use Psr\Http\Message\StreamInterface;
+
+/**
+ * Trait implementing functionality common to requests and responses.
+ */
+trait MessageTrait
+{
+    /** @var array<string, string[]> Map of all registered headers, as original name => array of values */
+    private $headers = [];
+
+    /** @var array<string, string> Map of lowercase header name => original name at registration */
+    private $headerNames  = [];
+
+    /** @var string */
+    private $protocol = '1.1';
+
+    /** @var StreamInterface|null */
+    private $stream;
+
+    public function getProtocolVersion(): string
+    {
+        return $this->protocol;
+    }
+
+    public function withProtocolVersion($version): MessageInterface
+    {
+        if ($this->protocol === $version) {
+            return $this;
+        }
+
+        $new = clone $this;
+        $new->protocol = $version;
+        return $new;
+    }
+
+    public function getHeaders(): array
+    {
+        return $this->headers;
+    }
+
+    public function hasHeader($header): bool
+    {
+        return isset($this->headerNames[strtolower($header)]);
+    }
+
+    public function getHeader($header): array
+    {
+        $header = strtolower($header);
+
+        if (!isset($this->headerNames[$header])) {
+            return [];
+        }
+
+        $header = $this->headerNames[$header];
+
+        return $this->headers[$header];
+    }
+
+    public function getHeaderLine($header): string
+    {
+        return implode(', ', $this->getHeader($header));
+    }
+
+    public function withHeader($header, $value): MessageInterface
+    {
+        $this->assertHeader($header);
+        $value = $this->normalizeHeaderValue($value);
+        $normalized = strtolower($header);
+
+        $new = clone $this;
+        if (isset($new->headerNames[$normalized])) {
+            unset($new->headers[$new->headerNames[$normalized]]);
+        }
+        $new->headerNames[$normalized] = $header;
+        $new->headers[$header] = $value;
+
+        return $new;
+    }
+
+    public function withAddedHeader($header, $value): MessageInterface
+    {
+        $this->assertHeader($header);
+        $value = $this->normalizeHeaderValue($value);
+        $normalized = strtolower($header);
+
+        $new = clone $this;
+        if (isset($new->headerNames[$normalized])) {
+            $header = $this->headerNames[$normalized];
+            $new->headers[$header] = array_merge($this->headers[$header], $value);
+        } else {
+            $new->headerNames[$normalized] = $header;
+            $new->headers[$header] = $value;
+        }
+
+        return $new;
+    }
+
+    public function withoutHeader($header): MessageInterface
+    {
+        $normalized = strtolower($header);
+
+        if (!isset($this->headerNames[$normalized])) {
+            return $this;
+        }
+
+        $header = $this->headerNames[$normalized];
+
+        $new = clone $this;
+        unset($new->headers[$header], $new->headerNames[$normalized]);
+
+        return $new;
+    }
+
+    public function getBody(): StreamInterface
+    {
+        if (!$this->stream) {
+            $this->stream = Utils::streamFor('');
+        }
+
+        return $this->stream;
+    }
+
+    public function withBody(StreamInterface $body): MessageInterface
+    {
+        if ($body === $this->stream) {
+            return $this;
+        }
+
+        $new = clone $this;
+        $new->stream = $body;
+        return $new;
+    }
+
+    /**
+     * @param array<string|int, string|string[]> $headers
+     */
+    private function setHeaders(array $headers): void
+    {
+        $this->headerNames = $this->headers = [];
+        foreach ($headers as $header => $value) {
+            // Numeric array keys are converted to int by PHP.
+            $header = (string) $header;
+
+            $this->assertHeader($header);
+            $value = $this->normalizeHeaderValue($value);
+            $normalized = strtolower($header);
+            if (isset($this->headerNames[$normalized])) {
+                $header = $this->headerNames[$normalized];
+                $this->headers[$header] = array_merge($this->headers[$header], $value);
+            } else {
+                $this->headerNames[$normalized] = $header;
+                $this->headers[$header] = $value;
+            }
+        }
+    }
+
+    /**
+     * @param mixed $value
+     *
+     * @return string[]
+     */
+    private function normalizeHeaderValue($value): array
+    {
+        if (!is_array($value)) {
+            return $this->trimAndValidateHeaderValues([$value]);
+        }
+
+        if (count($value) === 0) {
+            throw new \InvalidArgumentException('Header value can not be an empty array.');
+        }
+
+        return $this->trimAndValidateHeaderValues($value);
+    }
+
+    /**
+     * Trims whitespace from the header values.
+     *
+     * Spaces and tabs ought to be excluded by parsers when extracting the field value from a header field.
+     *
+     * header-field = field-name ":" OWS field-value OWS
+     * OWS          = *( SP / HTAB )
+     *
+     * @param mixed[] $values Header values
+     *
+     * @return string[] Trimmed header values
+     *
+     * @see https://tools.ietf.org/html/rfc7230#section-3.2.4
+     */
+    private function trimAndValidateHeaderValues(array $values): array
+    {
+        return array_map(function ($value) {
+            if (!is_scalar($value) && null !== $value) {
+                throw new \InvalidArgumentException(sprintf(
+                    'Header value must be scalar or null but %s provided.',
+                    is_object($value) ? get_class($value) : gettype($value)
+                ));
+            }
+
+            $trimmed = trim((string) $value, " \t");
+            $this->assertValue($trimmed);
+
+            return $trimmed;
+        }, array_values($values));
+    }
+
+    /**
+     * @see https://tools.ietf.org/html/rfc7230#section-3.2
+     *
+     * @param mixed $header
+     */
+    private function assertHeader($header): void
+    {
+        if (!is_string($header)) {
+            throw new \InvalidArgumentException(sprintf(
+                'Header name must be a string but %s provided.',
+                is_object($header) ? get_class($header) : gettype($header)
+            ));
+        }
+
+        if (! preg_match('/^[a-zA-Z0-9\'`#$%&*+.^_|~!-]+$/', $header)) {
+            throw new \InvalidArgumentException(
+                sprintf(
+                    '"%s" is not valid header name',
+                    $header
+                )
+            );
+        }
+    }
+
+    /**
+     * @see https://tools.ietf.org/html/rfc7230#section-3.2
+     *
+     * field-value    = *( field-content / obs-fold )
+     * field-content  = field-vchar [ 1*( SP / HTAB ) field-vchar ]
+     * field-vchar    = VCHAR / obs-text
+     * VCHAR          = %x21-7E
+     * obs-text       = %x80-FF
+     * obs-fold       = CRLF 1*( SP / HTAB )
+     */
+    private function assertValue(string $value): void
+    {
+        // The regular expression intentionally does not support the obs-fold production, because as
+        // per RFC 7230#3.2.4:
+        //
+        // A sender MUST NOT generate a message that includes
+        // line folding (i.e., that has any field-value that contains a match to
+        // the obs-fold rule) unless the message is intended for packaging
+        // within the message/http media type.
+        //
+        // Clients must not send a request with line folding and a server sending folded headers is
+        // likely very rare. Line folding is a fairly obscure feature of HTTP/1.1 and thus not accepting
+        // folding is not likely to break any legitimate use case.
+        if (! preg_match('/^[\x20\x09\x21-\x7E\x80-\xFF]*$/', $value)) {
+            throw new \InvalidArgumentException(sprintf('"%s" is not valid header value', $value));
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/MimeType.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/MimeType.php
new file mode 100644
index 000000000..0debbd18c
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/MimeType.php
@@ -0,0 +1,1237 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+final class MimeType
+{
+    private const MIME_TYPES = [
+        '1km' => 'application/vnd.1000minds.decision-model+xml',
+        '3dml' => 'text/vnd.in3d.3dml',
+        '3ds' => 'image/x-3ds',
+        '3g2' => 'video/3gpp2',
+        '3gp' => 'video/3gp',
+        '3gpp' => 'video/3gpp',
+        '3mf' => 'model/3mf',
+        '7z' => 'application/x-7z-compressed',
+        '7zip' => 'application/x-7z-compressed',
+        '123' => 'application/vnd.lotus-1-2-3',
+        'aab' => 'application/x-authorware-bin',
+        'aac' => 'audio/x-acc',
+        'aam' => 'application/x-authorware-map',
+        'aas' => 'application/x-authorware-seg',
+        'abw' => 'application/x-abiword',
+        'ac' => 'application/vnd.nokia.n-gage.ac+xml',
+        'ac3' => 'audio/ac3',
+        'acc' => 'application/vnd.americandynamics.acc',
+        'ace' => 'application/x-ace-compressed',
+        'acu' => 'application/vnd.acucobol',
+        'acutc' => 'application/vnd.acucorp',
+        'adp' => 'audio/adpcm',
+        'aep' => 'application/vnd.audiograph',
+        'afm' => 'application/x-font-type1',
+        'afp' => 'application/vnd.ibm.modcap',
+        'age' => 'application/vnd.age',
+        'ahead' => 'application/vnd.ahead.space',
+        'ai' => 'application/pdf',
+        'aif' => 'audio/x-aiff',
+        'aifc' => 'audio/x-aiff',
+        'aiff' => 'audio/x-aiff',
+        'air' => 'application/vnd.adobe.air-application-installer-package+zip',
+        'ait' => 'application/vnd.dvb.ait',
+        'ami' => 'application/vnd.amiga.ami',
+        'amr' => 'audio/amr',
+        'apk' => 'application/vnd.android.package-archive',
+        'apng' => 'image/apng',
+        'appcache' => 'text/cache-manifest',
+        'application' => 'application/x-ms-application',
+        'apr' => 'application/vnd.lotus-approach',
+        'arc' => 'application/x-freearc',
+        'arj' => 'application/x-arj',
+        'asc' => 'application/pgp-signature',
+        'asf' => 'video/x-ms-asf',
+        'asm' => 'text/x-asm',
+        'aso' => 'application/vnd.accpac.simply.aso',
+        'asx' => 'video/x-ms-asf',
+        'atc' => 'application/vnd.acucorp',
+        'atom' => 'application/atom+xml',
+        'atomcat' => 'application/atomcat+xml',
+        'atomdeleted' => 'application/atomdeleted+xml',
+        'atomsvc' => 'application/atomsvc+xml',
+        'atx' => 'application/vnd.antix.game-component',
+        'au' => 'audio/x-au',
+        'avci' => 'image/avci',
+        'avcs' => 'image/avcs',
+        'avi' => 'video/x-msvideo',
+        'avif' => 'image/avif',
+        'aw' => 'application/applixware',
+        'azf' => 'application/vnd.airzip.filesecure.azf',
+        'azs' => 'application/vnd.airzip.filesecure.azs',
+        'azv' => 'image/vnd.airzip.accelerator.azv',
+        'azw' => 'application/vnd.amazon.ebook',
+        'b16' => 'image/vnd.pco.b16',
+        'bat' => 'application/x-msdownload',
+        'bcpio' => 'application/x-bcpio',
+        'bdf' => 'application/x-font-bdf',
+        'bdm' => 'application/vnd.syncml.dm+wbxml',
+        'bdoc' => 'application/x-bdoc',
+        'bed' => 'application/vnd.realvnc.bed',
+        'bh2' => 'application/vnd.fujitsu.oasysprs',
+        'bin' => 'application/octet-stream',
+        'blb' => 'application/x-blorb',
+        'blorb' => 'application/x-blorb',
+        'bmi' => 'application/vnd.bmi',
+        'bmml' => 'application/vnd.balsamiq.bmml+xml',
+        'bmp' => 'image/bmp',
+        'book' => 'application/vnd.framemaker',
+        'box' => 'application/vnd.previewsystems.box',
+        'boz' => 'application/x-bzip2',
+        'bpk' => 'application/octet-stream',
+        'bpmn' => 'application/octet-stream',
+        'bsp' => 'model/vnd.valve.source.compiled-map',
+        'btif' => 'image/prs.btif',
+        'buffer' => 'application/octet-stream',
+        'bz' => 'application/x-bzip',
+        'bz2' => 'application/x-bzip2',
+        'c' => 'text/x-c',
+        'c4d' => 'application/vnd.clonk.c4group',
+        'c4f' => 'application/vnd.clonk.c4group',
+        'c4g' => 'application/vnd.clonk.c4group',
+        'c4p' => 'application/vnd.clonk.c4group',
+        'c4u' => 'application/vnd.clonk.c4group',
+        'c11amc' => 'application/vnd.cluetrust.cartomobile-config',
+        'c11amz' => 'application/vnd.cluetrust.cartomobile-config-pkg',
+        'cab' => 'application/vnd.ms-cab-compressed',
+        'caf' => 'audio/x-caf',
+        'cap' => 'application/vnd.tcpdump.pcap',
+        'car' => 'application/vnd.curl.car',
+        'cat' => 'application/vnd.ms-pki.seccat',
+        'cb7' => 'application/x-cbr',
+        'cba' => 'application/x-cbr',
+        'cbr' => 'application/x-cbr',
+        'cbt' => 'application/x-cbr',
+        'cbz' => 'application/x-cbr',
+        'cc' => 'text/x-c',
+        'cco' => 'application/x-cocoa',
+        'cct' => 'application/x-director',
+        'ccxml' => 'application/ccxml+xml',
+        'cdbcmsg' => 'application/vnd.contact.cmsg',
+        'cdf' => 'application/x-netcdf',
+        'cdfx' => 'application/cdfx+xml',
+        'cdkey' => 'application/vnd.mediastation.cdkey',
+        'cdmia' => 'application/cdmi-capability',
+        'cdmic' => 'application/cdmi-container',
+        'cdmid' => 'application/cdmi-domain',
+        'cdmio' => 'application/cdmi-object',
+        'cdmiq' => 'application/cdmi-queue',
+        'cdr' => 'application/cdr',
+        'cdx' => 'chemical/x-cdx',
+        'cdxml' => 'application/vnd.chemdraw+xml',
+        'cdy' => 'application/vnd.cinderella',
+        'cer' => 'application/pkix-cert',
+        'cfs' => 'application/x-cfs-compressed',
+        'cgm' => 'image/cgm',
+        'chat' => 'application/x-chat',
+        'chm' => 'application/vnd.ms-htmlhelp',
+        'chrt' => 'application/vnd.kde.kchart',
+        'cif' => 'chemical/x-cif',
+        'cii' => 'application/vnd.anser-web-certificate-issue-initiation',
+        'cil' => 'application/vnd.ms-artgalry',
+        'cjs' => 'application/node',
+        'cla' => 'application/vnd.claymore',
+        'class' => 'application/octet-stream',
+        'clkk' => 'application/vnd.crick.clicker.keyboard',
+        'clkp' => 'application/vnd.crick.clicker.palette',
+        'clkt' => 'application/vnd.crick.clicker.template',
+        'clkw' => 'application/vnd.crick.clicker.wordbank',
+        'clkx' => 'application/vnd.crick.clicker',
+        'clp' => 'application/x-msclip',
+        'cmc' => 'application/vnd.cosmocaller',
+        'cmdf' => 'chemical/x-cmdf',
+        'cml' => 'chemical/x-cml',
+        'cmp' => 'application/vnd.yellowriver-custom-menu',
+        'cmx' => 'image/x-cmx',
+        'cod' => 'application/vnd.rim.cod',
+        'coffee' => 'text/coffeescript',
+        'com' => 'application/x-msdownload',
+        'conf' => 'text/plain',
+        'cpio' => 'application/x-cpio',
+        'cpl' => 'application/cpl+xml',
+        'cpp' => 'text/x-c',
+        'cpt' => 'application/mac-compactpro',
+        'crd' => 'application/x-mscardfile',
+        'crl' => 'application/pkix-crl',
+        'crt' => 'application/x-x509-ca-cert',
+        'crx' => 'application/x-chrome-extension',
+        'cryptonote' => 'application/vnd.rig.cryptonote',
+        'csh' => 'application/x-csh',
+        'csl' => 'application/vnd.citationstyles.style+xml',
+        'csml' => 'chemical/x-csml',
+        'csp' => 'application/vnd.commonspace',
+        'csr' => 'application/octet-stream',
+        'css' => 'text/css',
+        'cst' => 'application/x-director',
+        'csv' => 'text/csv',
+        'cu' => 'application/cu-seeme',
+        'curl' => 'text/vnd.curl',
+        'cww' => 'application/prs.cww',
+        'cxt' => 'application/x-director',
+        'cxx' => 'text/x-c',
+        'dae' => 'model/vnd.collada+xml',
+        'daf' => 'application/vnd.mobius.daf',
+        'dart' => 'application/vnd.dart',
+        'dataless' => 'application/vnd.fdsn.seed',
+        'davmount' => 'application/davmount+xml',
+        'dbf' => 'application/vnd.dbf',
+        'dbk' => 'application/docbook+xml',
+        'dcr' => 'application/x-director',
+        'dcurl' => 'text/vnd.curl.dcurl',
+        'dd2' => 'application/vnd.oma.dd2+xml',
+        'ddd' => 'application/vnd.fujixerox.ddd',
+        'ddf' => 'application/vnd.syncml.dmddf+xml',
+        'dds' => 'image/vnd.ms-dds',
+        'deb' => 'application/x-debian-package',
+        'def' => 'text/plain',
+        'deploy' => 'application/octet-stream',
+        'der' => 'application/x-x509-ca-cert',
+        'dfac' => 'application/vnd.dreamfactory',
+        'dgc' => 'application/x-dgc-compressed',
+        'dic' => 'text/x-c',
+        'dir' => 'application/x-director',
+        'dis' => 'application/vnd.mobius.dis',
+        'disposition-notification' => 'message/disposition-notification',
+        'dist' => 'application/octet-stream',
+        'distz' => 'application/octet-stream',
+        'djv' => 'image/vnd.djvu',
+        'djvu' => 'image/vnd.djvu',
+        'dll' => 'application/octet-stream',
+        'dmg' => 'application/x-apple-diskimage',
+        'dmn' => 'application/octet-stream',
+        'dmp' => 'application/vnd.tcpdump.pcap',
+        'dms' => 'application/octet-stream',
+        'dna' => 'application/vnd.dna',
+        'doc' => 'application/msword',
+        'docm' => 'application/vnd.ms-word.template.macroEnabled.12',
+        'docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+        'dot' => 'application/msword',
+        'dotm' => 'application/vnd.ms-word.template.macroEnabled.12',
+        'dotx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.template',
+        'dp' => 'application/vnd.osgi.dp',
+        'dpg' => 'application/vnd.dpgraph',
+        'dra' => 'audio/vnd.dra',
+        'drle' => 'image/dicom-rle',
+        'dsc' => 'text/prs.lines.tag',
+        'dssc' => 'application/dssc+der',
+        'dtb' => 'application/x-dtbook+xml',
+        'dtd' => 'application/xml-dtd',
+        'dts' => 'audio/vnd.dts',
+        'dtshd' => 'audio/vnd.dts.hd',
+        'dump' => 'application/octet-stream',
+        'dvb' => 'video/vnd.dvb.file',
+        'dvi' => 'application/x-dvi',
+        'dwd' => 'application/atsc-dwd+xml',
+        'dwf' => 'model/vnd.dwf',
+        'dwg' => 'image/vnd.dwg',
+        'dxf' => 'image/vnd.dxf',
+        'dxp' => 'application/vnd.spotfire.dxp',
+        'dxr' => 'application/x-director',
+        'ear' => 'application/java-archive',
+        'ecelp4800' => 'audio/vnd.nuera.ecelp4800',
+        'ecelp7470' => 'audio/vnd.nuera.ecelp7470',
+        'ecelp9600' => 'audio/vnd.nuera.ecelp9600',
+        'ecma' => 'application/ecmascript',
+        'edm' => 'application/vnd.novadigm.edm',
+        'edx' => 'application/vnd.novadigm.edx',
+        'efif' => 'application/vnd.picsel',
+        'ei6' => 'application/vnd.pg.osasli',
+        'elc' => 'application/octet-stream',
+        'emf' => 'image/emf',
+        'eml' => 'message/rfc822',
+        'emma' => 'application/emma+xml',
+        'emotionml' => 'application/emotionml+xml',
+        'emz' => 'application/x-msmetafile',
+        'eol' => 'audio/vnd.digital-winds',
+        'eot' => 'application/vnd.ms-fontobject',
+        'eps' => 'application/postscript',
+        'epub' => 'application/epub+zip',
+        'es' => 'application/ecmascript',
+        'es3' => 'application/vnd.eszigno3+xml',
+        'esa' => 'application/vnd.osgi.subsystem',
+        'esf' => 'application/vnd.epson.esf',
+        'et3' => 'application/vnd.eszigno3+xml',
+        'etx' => 'text/x-setext',
+        'eva' => 'application/x-eva',
+        'evy' => 'application/x-envoy',
+        'exe' => 'application/octet-stream',
+        'exi' => 'application/exi',
+        'exp' => 'application/express',
+        'exr' => 'image/aces',
+        'ext' => 'application/vnd.novadigm.ext',
+        'ez' => 'application/andrew-inset',
+        'ez2' => 'application/vnd.ezpix-album',
+        'ez3' => 'application/vnd.ezpix-package',
+        'f' => 'text/x-fortran',
+        'f4v' => 'video/mp4',
+        'f77' => 'text/x-fortran',
+        'f90' => 'text/x-fortran',
+        'fbs' => 'image/vnd.fastbidsheet',
+        'fcdt' => 'application/vnd.adobe.formscentral.fcdt',
+        'fcs' => 'application/vnd.isac.fcs',
+        'fdf' => 'application/vnd.fdf',
+        'fdt' => 'application/fdt+xml',
+        'fe_launch' => 'application/vnd.denovo.fcselayout-link',
+        'fg5' => 'application/vnd.fujitsu.oasysgp',
+        'fgd' => 'application/x-director',
+        'fh' => 'image/x-freehand',
+        'fh4' => 'image/x-freehand',
+        'fh5' => 'image/x-freehand',
+        'fh7' => 'image/x-freehand',
+        'fhc' => 'image/x-freehand',
+        'fig' => 'application/x-xfig',
+        'fits' => 'image/fits',
+        'flac' => 'audio/x-flac',
+        'fli' => 'video/x-fli',
+        'flo' => 'application/vnd.micrografx.flo',
+        'flv' => 'video/x-flv',
+        'flw' => 'application/vnd.kde.kivio',
+        'flx' => 'text/vnd.fmi.flexstor',
+        'fly' => 'text/vnd.fly',
+        'fm' => 'application/vnd.framemaker',
+        'fnc' => 'application/vnd.frogans.fnc',
+        'fo' => 'application/vnd.software602.filler.form+xml',
+        'for' => 'text/x-fortran',
+        'fpx' => 'image/vnd.fpx',
+        'frame' => 'application/vnd.framemaker',
+        'fsc' => 'application/vnd.fsc.weblaunch',
+        'fst' => 'image/vnd.fst',
+        'ftc' => 'application/vnd.fluxtime.clip',
+        'fti' => 'application/vnd.anser-web-funds-transfer-initiation',
+        'fvt' => 'video/vnd.fvt',
+        'fxp' => 'application/vnd.adobe.fxp',
+        'fxpl' => 'application/vnd.adobe.fxp',
+        'fzs' => 'application/vnd.fuzzysheet',
+        'g2w' => 'application/vnd.geoplan',
+        'g3' => 'image/g3fax',
+        'g3w' => 'application/vnd.geospace',
+        'gac' => 'application/vnd.groove-account',
+        'gam' => 'application/x-tads',
+        'gbr' => 'application/rpki-ghostbusters',
+        'gca' => 'application/x-gca-compressed',
+        'gdl' => 'model/vnd.gdl',
+        'gdoc' => 'application/vnd.google-apps.document',
+        'ged' => 'text/vnd.familysearch.gedcom',
+        'geo' => 'application/vnd.dynageo',
+        'geojson' => 'application/geo+json',
+        'gex' => 'application/vnd.geometry-explorer',
+        'ggb' => 'application/vnd.geogebra.file',
+        'ggt' => 'application/vnd.geogebra.tool',
+        'ghf' => 'application/vnd.groove-help',
+        'gif' => 'image/gif',
+        'gim' => 'application/vnd.groove-identity-message',
+        'glb' => 'model/gltf-binary',
+        'gltf' => 'model/gltf+json',
+        'gml' => 'application/gml+xml',
+        'gmx' => 'application/vnd.gmx',
+        'gnumeric' => 'application/x-gnumeric',
+        'gpg' => 'application/gpg-keys',
+        'gph' => 'application/vnd.flographit',
+        'gpx' => 'application/gpx+xml',
+        'gqf' => 'application/vnd.grafeq',
+        'gqs' => 'application/vnd.grafeq',
+        'gram' => 'application/srgs',
+        'gramps' => 'application/x-gramps-xml',
+        'gre' => 'application/vnd.geometry-explorer',
+        'grv' => 'application/vnd.groove-injector',
+        'grxml' => 'application/srgs+xml',
+        'gsf' => 'application/x-font-ghostscript',
+        'gsheet' => 'application/vnd.google-apps.spreadsheet',
+        'gslides' => 'application/vnd.google-apps.presentation',
+        'gtar' => 'application/x-gtar',
+        'gtm' => 'application/vnd.groove-tool-message',
+        'gtw' => 'model/vnd.gtw',
+        'gv' => 'text/vnd.graphviz',
+        'gxf' => 'application/gxf',
+        'gxt' => 'application/vnd.geonext',
+        'gz' => 'application/gzip',
+        'gzip' => 'application/gzip',
+        'h' => 'text/x-c',
+        'h261' => 'video/h261',
+        'h263' => 'video/h263',
+        'h264' => 'video/h264',
+        'hal' => 'application/vnd.hal+xml',
+        'hbci' => 'application/vnd.hbci',
+        'hbs' => 'text/x-handlebars-template',
+        'hdd' => 'application/x-virtualbox-hdd',
+        'hdf' => 'application/x-hdf',
+        'heic' => 'image/heic',
+        'heics' => 'image/heic-sequence',
+        'heif' => 'image/heif',
+        'heifs' => 'image/heif-sequence',
+        'hej2' => 'image/hej2k',
+        'held' => 'application/atsc-held+xml',
+        'hh' => 'text/x-c',
+        'hjson' => 'application/hjson',
+        'hlp' => 'application/winhlp',
+        'hpgl' => 'application/vnd.hp-hpgl',
+        'hpid' => 'application/vnd.hp-hpid',
+        'hps' => 'application/vnd.hp-hps',
+        'hqx' => 'application/mac-binhex40',
+        'hsj2' => 'image/hsj2',
+        'htc' => 'text/x-component',
+        'htke' => 'application/vnd.kenameaapp',
+        'htm' => 'text/html',
+        'html' => 'text/html',
+        'hvd' => 'application/vnd.yamaha.hv-dic',
+        'hvp' => 'application/vnd.yamaha.hv-voice',
+        'hvs' => 'application/vnd.yamaha.hv-script',
+        'i2g' => 'application/vnd.intergeo',
+        'icc' => 'application/vnd.iccprofile',
+        'ice' => 'x-conference/x-cooltalk',
+        'icm' => 'application/vnd.iccprofile',
+        'ico' => 'image/x-icon',
+        'ics' => 'text/calendar',
+        'ief' => 'image/ief',
+        'ifb' => 'text/calendar',
+        'ifm' => 'application/vnd.shana.informed.formdata',
+        'iges' => 'model/iges',
+        'igl' => 'application/vnd.igloader',
+        'igm' => 'application/vnd.insors.igm',
+        'igs' => 'model/iges',
+        'igx' => 'application/vnd.micrografx.igx',
+        'iif' => 'application/vnd.shana.informed.interchange',
+        'img' => 'application/octet-stream',
+        'imp' => 'application/vnd.accpac.simply.imp',
+        'ims' => 'application/vnd.ms-ims',
+        'in' => 'text/plain',
+        'ini' => 'text/plain',
+        'ink' => 'application/inkml+xml',
+        'inkml' => 'application/inkml+xml',
+        'install' => 'application/x-install-instructions',
+        'iota' => 'application/vnd.astraea-software.iota',
+        'ipfix' => 'application/ipfix',
+        'ipk' => 'application/vnd.shana.informed.package',
+        'irm' => 'application/vnd.ibm.rights-management',
+        'irp' => 'application/vnd.irepository.package+xml',
+        'iso' => 'application/x-iso9660-image',
+        'itp' => 'application/vnd.shana.informed.formtemplate',
+        'its' => 'application/its+xml',
+        'ivp' => 'application/vnd.immervision-ivp',
+        'ivu' => 'application/vnd.immervision-ivu',
+        'jad' => 'text/vnd.sun.j2me.app-descriptor',
+        'jade' => 'text/jade',
+        'jam' => 'application/vnd.jam',
+        'jar' => 'application/java-archive',
+        'jardiff' => 'application/x-java-archive-diff',
+        'java' => 'text/x-java-source',
+        'jhc' => 'image/jphc',
+        'jisp' => 'application/vnd.jisp',
+        'jls' => 'image/jls',
+        'jlt' => 'application/vnd.hp-jlyt',
+        'jng' => 'image/x-jng',
+        'jnlp' => 'application/x-java-jnlp-file',
+        'joda' => 'application/vnd.joost.joda-archive',
+        'jp2' => 'image/jp2',
+        'jpe' => 'image/jpeg',
+        'jpeg' => 'image/jpeg',
+        'jpf' => 'image/jpx',
+        'jpg' => 'image/jpeg',
+        'jpg2' => 'image/jp2',
+        'jpgm' => 'video/jpm',
+        'jpgv' => 'video/jpeg',
+        'jph' => 'image/jph',
+        'jpm' => 'video/jpm',
+        'jpx' => 'image/jpx',
+        'js' => 'application/javascript',
+        'json' => 'application/json',
+        'json5' => 'application/json5',
+        'jsonld' => 'application/ld+json',
+        'jsonml' => 'application/jsonml+json',
+        'jsx' => 'text/jsx',
+        'jxr' => 'image/jxr',
+        'jxra' => 'image/jxra',
+        'jxrs' => 'image/jxrs',
+        'jxs' => 'image/jxs',
+        'jxsc' => 'image/jxsc',
+        'jxsi' => 'image/jxsi',
+        'jxss' => 'image/jxss',
+        'kar' => 'audio/midi',
+        'karbon' => 'application/vnd.kde.karbon',
+        'kdb' => 'application/octet-stream',
+        'kdbx' => 'application/x-keepass2',
+        'key' => 'application/x-iwork-keynote-sffkey',
+        'kfo' => 'application/vnd.kde.kformula',
+        'kia' => 'application/vnd.kidspiration',
+        'kml' => 'application/vnd.google-earth.kml+xml',
+        'kmz' => 'application/vnd.google-earth.kmz',
+        'kne' => 'application/vnd.kinar',
+        'knp' => 'application/vnd.kinar',
+        'kon' => 'application/vnd.kde.kontour',
+        'kpr' => 'application/vnd.kde.kpresenter',
+        'kpt' => 'application/vnd.kde.kpresenter',
+        'kpxx' => 'application/vnd.ds-keypoint',
+        'ksp' => 'application/vnd.kde.kspread',
+        'ktr' => 'application/vnd.kahootz',
+        'ktx' => 'image/ktx',
+        'ktx2' => 'image/ktx2',
+        'ktz' => 'application/vnd.kahootz',
+        'kwd' => 'application/vnd.kde.kword',
+        'kwt' => 'application/vnd.kde.kword',
+        'lasxml' => 'application/vnd.las.las+xml',
+        'latex' => 'application/x-latex',
+        'lbd' => 'application/vnd.llamagraphics.life-balance.desktop',
+        'lbe' => 'application/vnd.llamagraphics.life-balance.exchange+xml',
+        'les' => 'application/vnd.hhe.lesson-player',
+        'less' => 'text/less',
+        'lgr' => 'application/lgr+xml',
+        'lha' => 'application/octet-stream',
+        'link66' => 'application/vnd.route66.link66+xml',
+        'list' => 'text/plain',
+        'list3820' => 'application/vnd.ibm.modcap',
+        'listafp' => 'application/vnd.ibm.modcap',
+        'litcoffee' => 'text/coffeescript',
+        'lnk' => 'application/x-ms-shortcut',
+        'log' => 'text/plain',
+        'lostxml' => 'application/lost+xml',
+        'lrf' => 'application/octet-stream',
+        'lrm' => 'application/vnd.ms-lrm',
+        'ltf' => 'application/vnd.frogans.ltf',
+        'lua' => 'text/x-lua',
+        'luac' => 'application/x-lua-bytecode',
+        'lvp' => 'audio/vnd.lucent.voice',
+        'lwp' => 'application/vnd.lotus-wordpro',
+        'lzh' => 'application/octet-stream',
+        'm1v' => 'video/mpeg',
+        'm2a' => 'audio/mpeg',
+        'm2v' => 'video/mpeg',
+        'm3a' => 'audio/mpeg',
+        'm3u' => 'text/plain',
+        'm3u8' => 'application/vnd.apple.mpegurl',
+        'm4a' => 'audio/x-m4a',
+        'm4p' => 'application/mp4',
+        'm4s' => 'video/iso.segment',
+        'm4u' => 'application/vnd.mpegurl',
+        'm4v' => 'video/x-m4v',
+        'm13' => 'application/x-msmediaview',
+        'm14' => 'application/x-msmediaview',
+        'm21' => 'application/mp21',
+        'ma' => 'application/mathematica',
+        'mads' => 'application/mads+xml',
+        'maei' => 'application/mmt-aei+xml',
+        'mag' => 'application/vnd.ecowin.chart',
+        'maker' => 'application/vnd.framemaker',
+        'man' => 'text/troff',
+        'manifest' => 'text/cache-manifest',
+        'map' => 'application/json',
+        'mar' => 'application/octet-stream',
+        'markdown' => 'text/markdown',
+        'mathml' => 'application/mathml+xml',
+        'mb' => 'application/mathematica',
+        'mbk' => 'application/vnd.mobius.mbk',
+        'mbox' => 'application/mbox',
+        'mc1' => 'application/vnd.medcalcdata',
+        'mcd' => 'application/vnd.mcd',
+        'mcurl' => 'text/vnd.curl.mcurl',
+        'md' => 'text/markdown',
+        'mdb' => 'application/x-msaccess',
+        'mdi' => 'image/vnd.ms-modi',
+        'mdx' => 'text/mdx',
+        'me' => 'text/troff',
+        'mesh' => 'model/mesh',
+        'meta4' => 'application/metalink4+xml',
+        'metalink' => 'application/metalink+xml',
+        'mets' => 'application/mets+xml',
+        'mfm' => 'application/vnd.mfmp',
+        'mft' => 'application/rpki-manifest',
+        'mgp' => 'application/vnd.osgeo.mapguide.package',
+        'mgz' => 'application/vnd.proteus.magazine',
+        'mid' => 'audio/midi',
+        'midi' => 'audio/midi',
+        'mie' => 'application/x-mie',
+        'mif' => 'application/vnd.mif',
+        'mime' => 'message/rfc822',
+        'mj2' => 'video/mj2',
+        'mjp2' => 'video/mj2',
+        'mjs' => 'application/javascript',
+        'mk3d' => 'video/x-matroska',
+        'mka' => 'audio/x-matroska',
+        'mkd' => 'text/x-markdown',
+        'mks' => 'video/x-matroska',
+        'mkv' => 'video/x-matroska',
+        'mlp' => 'application/vnd.dolby.mlp',
+        'mmd' => 'application/vnd.chipnuts.karaoke-mmd',
+        'mmf' => 'application/vnd.smaf',
+        'mml' => 'text/mathml',
+        'mmr' => 'image/vnd.fujixerox.edmics-mmr',
+        'mng' => 'video/x-mng',
+        'mny' => 'application/x-msmoney',
+        'mobi' => 'application/x-mobipocket-ebook',
+        'mods' => 'application/mods+xml',
+        'mov' => 'video/quicktime',
+        'movie' => 'video/x-sgi-movie',
+        'mp2' => 'audio/mpeg',
+        'mp2a' => 'audio/mpeg',
+        'mp3' => 'audio/mpeg',
+        'mp4' => 'video/mp4',
+        'mp4a' => 'audio/mp4',
+        'mp4s' => 'application/mp4',
+        'mp4v' => 'video/mp4',
+        'mp21' => 'application/mp21',
+        'mpc' => 'application/vnd.mophun.certificate',
+        'mpd' => 'application/dash+xml',
+        'mpe' => 'video/mpeg',
+        'mpeg' => 'video/mpeg',
+        'mpf' => 'application/media-policy-dataset+xml',
+        'mpg' => 'video/mpeg',
+        'mpg4' => 'video/mp4',
+        'mpga' => 'audio/mpeg',
+        'mpkg' => 'application/vnd.apple.installer+xml',
+        'mpm' => 'application/vnd.blueice.multipass',
+        'mpn' => 'application/vnd.mophun.application',
+        'mpp' => 'application/vnd.ms-project',
+        'mpt' => 'application/vnd.ms-project',
+        'mpy' => 'application/vnd.ibm.minipay',
+        'mqy' => 'application/vnd.mobius.mqy',
+        'mrc' => 'application/marc',
+        'mrcx' => 'application/marcxml+xml',
+        'ms' => 'text/troff',
+        'mscml' => 'application/mediaservercontrol+xml',
+        'mseed' => 'application/vnd.fdsn.mseed',
+        'mseq' => 'application/vnd.mseq',
+        'msf' => 'application/vnd.epson.msf',
+        'msg' => 'application/vnd.ms-outlook',
+        'msh' => 'model/mesh',
+        'msi' => 'application/x-msdownload',
+        'msl' => 'application/vnd.mobius.msl',
+        'msm' => 'application/octet-stream',
+        'msp' => 'application/octet-stream',
+        'msty' => 'application/vnd.muvee.style',
+        'mtl' => 'model/mtl',
+        'mts' => 'model/vnd.mts',
+        'mus' => 'application/vnd.musician',
+        'musd' => 'application/mmt-usd+xml',
+        'musicxml' => 'application/vnd.recordare.musicxml+xml',
+        'mvb' => 'application/x-msmediaview',
+        'mvt' => 'application/vnd.mapbox-vector-tile',
+        'mwf' => 'application/vnd.mfer',
+        'mxf' => 'application/mxf',
+        'mxl' => 'application/vnd.recordare.musicxml',
+        'mxmf' => 'audio/mobile-xmf',
+        'mxml' => 'application/xv+xml',
+        'mxs' => 'application/vnd.triscape.mxs',
+        'mxu' => 'video/vnd.mpegurl',
+        'n-gage' => 'application/vnd.nokia.n-gage.symbian.install',
+        'n3' => 'text/n3',
+        'nb' => 'application/mathematica',
+        'nbp' => 'application/vnd.wolfram.player',
+        'nc' => 'application/x-netcdf',
+        'ncx' => 'application/x-dtbncx+xml',
+        'nfo' => 'text/x-nfo',
+        'ngdat' => 'application/vnd.nokia.n-gage.data',
+        'nitf' => 'application/vnd.nitf',
+        'nlu' => 'application/vnd.neurolanguage.nlu',
+        'nml' => 'application/vnd.enliven',
+        'nnd' => 'application/vnd.noblenet-directory',
+        'nns' => 'application/vnd.noblenet-sealer',
+        'nnw' => 'application/vnd.noblenet-web',
+        'npx' => 'image/vnd.net-fpx',
+        'nq' => 'application/n-quads',
+        'nsc' => 'application/x-conference',
+        'nsf' => 'application/vnd.lotus-notes',
+        'nt' => 'application/n-triples',
+        'ntf' => 'application/vnd.nitf',
+        'numbers' => 'application/x-iwork-numbers-sffnumbers',
+        'nzb' => 'application/x-nzb',
+        'oa2' => 'application/vnd.fujitsu.oasys2',
+        'oa3' => 'application/vnd.fujitsu.oasys3',
+        'oas' => 'application/vnd.fujitsu.oasys',
+        'obd' => 'application/x-msbinder',
+        'obgx' => 'application/vnd.openblox.game+xml',
+        'obj' => 'model/obj',
+        'oda' => 'application/oda',
+        'odb' => 'application/vnd.oasis.opendocument.database',
+        'odc' => 'application/vnd.oasis.opendocument.chart',
+        'odf' => 'application/vnd.oasis.opendocument.formula',
+        'odft' => 'application/vnd.oasis.opendocument.formula-template',
+        'odg' => 'application/vnd.oasis.opendocument.graphics',
+        'odi' => 'application/vnd.oasis.opendocument.image',
+        'odm' => 'application/vnd.oasis.opendocument.text-master',
+        'odp' => 'application/vnd.oasis.opendocument.presentation',
+        'ods' => 'application/vnd.oasis.opendocument.spreadsheet',
+        'odt' => 'application/vnd.oasis.opendocument.text',
+        'oga' => 'audio/ogg',
+        'ogex' => 'model/vnd.opengex',
+        'ogg' => 'audio/ogg',
+        'ogv' => 'video/ogg',
+        'ogx' => 'application/ogg',
+        'omdoc' => 'application/omdoc+xml',
+        'onepkg' => 'application/onenote',
+        'onetmp' => 'application/onenote',
+        'onetoc' => 'application/onenote',
+        'onetoc2' => 'application/onenote',
+        'opf' => 'application/oebps-package+xml',
+        'opml' => 'text/x-opml',
+        'oprc' => 'application/vnd.palm',
+        'opus' => 'audio/ogg',
+        'org' => 'text/x-org',
+        'osf' => 'application/vnd.yamaha.openscoreformat',
+        'osfpvg' => 'application/vnd.yamaha.openscoreformat.osfpvg+xml',
+        'osm' => 'application/vnd.openstreetmap.data+xml',
+        'otc' => 'application/vnd.oasis.opendocument.chart-template',
+        'otf' => 'font/otf',
+        'otg' => 'application/vnd.oasis.opendocument.graphics-template',
+        'oth' => 'application/vnd.oasis.opendocument.text-web',
+        'oti' => 'application/vnd.oasis.opendocument.image-template',
+        'otp' => 'application/vnd.oasis.opendocument.presentation-template',
+        'ots' => 'application/vnd.oasis.opendocument.spreadsheet-template',
+        'ott' => 'application/vnd.oasis.opendocument.text-template',
+        'ova' => 'application/x-virtualbox-ova',
+        'ovf' => 'application/x-virtualbox-ovf',
+        'owl' => 'application/rdf+xml',
+        'oxps' => 'application/oxps',
+        'oxt' => 'application/vnd.openofficeorg.extension',
+        'p' => 'text/x-pascal',
+        'p7a' => 'application/x-pkcs7-signature',
+        'p7b' => 'application/x-pkcs7-certificates',
+        'p7c' => 'application/pkcs7-mime',
+        'p7m' => 'application/pkcs7-mime',
+        'p7r' => 'application/x-pkcs7-certreqresp',
+        'p7s' => 'application/pkcs7-signature',
+        'p8' => 'application/pkcs8',
+        'p10' => 'application/x-pkcs10',
+        'p12' => 'application/x-pkcs12',
+        'pac' => 'application/x-ns-proxy-autoconfig',
+        'pages' => 'application/x-iwork-pages-sffpages',
+        'pas' => 'text/x-pascal',
+        'paw' => 'application/vnd.pawaafile',
+        'pbd' => 'application/vnd.powerbuilder6',
+        'pbm' => 'image/x-portable-bitmap',
+        'pcap' => 'application/vnd.tcpdump.pcap',
+        'pcf' => 'application/x-font-pcf',
+        'pcl' => 'application/vnd.hp-pcl',
+        'pclxl' => 'application/vnd.hp-pclxl',
+        'pct' => 'image/x-pict',
+        'pcurl' => 'application/vnd.curl.pcurl',
+        'pcx' => 'image/x-pcx',
+        'pdb' => 'application/x-pilot',
+        'pde' => 'text/x-processing',
+        'pdf' => 'application/pdf',
+        'pem' => 'application/x-x509-user-cert',
+        'pfa' => 'application/x-font-type1',
+        'pfb' => 'application/x-font-type1',
+        'pfm' => 'application/x-font-type1',
+        'pfr' => 'application/font-tdpfr',
+        'pfx' => 'application/x-pkcs12',
+        'pgm' => 'image/x-portable-graymap',
+        'pgn' => 'application/x-chess-pgn',
+        'pgp' => 'application/pgp',
+        'phar' => 'application/octet-stream',
+        'php' => 'application/x-httpd-php',
+        'php3' => 'application/x-httpd-php',
+        'php4' => 'application/x-httpd-php',
+        'phps' => 'application/x-httpd-php-source',
+        'phtml' => 'application/x-httpd-php',
+        'pic' => 'image/x-pict',
+        'pkg' => 'application/octet-stream',
+        'pki' => 'application/pkixcmp',
+        'pkipath' => 'application/pkix-pkipath',
+        'pkpass' => 'application/vnd.apple.pkpass',
+        'pl' => 'application/x-perl',
+        'plb' => 'application/vnd.3gpp.pic-bw-large',
+        'plc' => 'application/vnd.mobius.plc',
+        'plf' => 'application/vnd.pocketlearn',
+        'pls' => 'application/pls+xml',
+        'pm' => 'application/x-perl',
+        'pml' => 'application/vnd.ctc-posml',
+        'png' => 'image/png',
+        'pnm' => 'image/x-portable-anymap',
+        'portpkg' => 'application/vnd.macports.portpkg',
+        'pot' => 'application/vnd.ms-powerpoint',
+        'potm' => 'application/vnd.ms-powerpoint.presentation.macroEnabled.12',
+        'potx' => 'application/vnd.openxmlformats-officedocument.presentationml.template',
+        'ppa' => 'application/vnd.ms-powerpoint',
+        'ppam' => 'application/vnd.ms-powerpoint.addin.macroEnabled.12',
+        'ppd' => 'application/vnd.cups-ppd',
+        'ppm' => 'image/x-portable-pixmap',
+        'pps' => 'application/vnd.ms-powerpoint',
+        'ppsm' => 'application/vnd.ms-powerpoint.slideshow.macroEnabled.12',
+        'ppsx' => 'application/vnd.openxmlformats-officedocument.presentationml.slideshow',
+        'ppt' => 'application/powerpoint',
+        'pptm' => 'application/vnd.ms-powerpoint.presentation.macroEnabled.12',
+        'pptx' => 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
+        'pqa' => 'application/vnd.palm',
+        'prc' => 'model/prc',
+        'pre' => 'application/vnd.lotus-freelance',
+        'prf' => 'application/pics-rules',
+        'provx' => 'application/provenance+xml',
+        'ps' => 'application/postscript',
+        'psb' => 'application/vnd.3gpp.pic-bw-small',
+        'psd' => 'application/x-photoshop',
+        'psf' => 'application/x-font-linux-psf',
+        'pskcxml' => 'application/pskc+xml',
+        'pti' => 'image/prs.pti',
+        'ptid' => 'application/vnd.pvi.ptid1',
+        'pub' => 'application/x-mspublisher',
+        'pvb' => 'application/vnd.3gpp.pic-bw-var',
+        'pwn' => 'application/vnd.3m.post-it-notes',
+        'pya' => 'audio/vnd.ms-playready.media.pya',
+        'pyv' => 'video/vnd.ms-playready.media.pyv',
+        'qam' => 'application/vnd.epson.quickanime',
+        'qbo' => 'application/vnd.intu.qbo',
+        'qfx' => 'application/vnd.intu.qfx',
+        'qps' => 'application/vnd.publishare-delta-tree',
+        'qt' => 'video/quicktime',
+        'qwd' => 'application/vnd.quark.quarkxpress',
+        'qwt' => 'application/vnd.quark.quarkxpress',
+        'qxb' => 'application/vnd.quark.quarkxpress',
+        'qxd' => 'application/vnd.quark.quarkxpress',
+        'qxl' => 'application/vnd.quark.quarkxpress',
+        'qxt' => 'application/vnd.quark.quarkxpress',
+        'ra' => 'audio/x-realaudio',
+        'ram' => 'audio/x-pn-realaudio',
+        'raml' => 'application/raml+yaml',
+        'rapd' => 'application/route-apd+xml',
+        'rar' => 'application/x-rar',
+        'ras' => 'image/x-cmu-raster',
+        'rcprofile' => 'application/vnd.ipunplugged.rcprofile',
+        'rdf' => 'application/rdf+xml',
+        'rdz' => 'application/vnd.data-vision.rdz',
+        'relo' => 'application/p2p-overlay+xml',
+        'rep' => 'application/vnd.businessobjects',
+        'res' => 'application/x-dtbresource+xml',
+        'rgb' => 'image/x-rgb',
+        'rif' => 'application/reginfo+xml',
+        'rip' => 'audio/vnd.rip',
+        'ris' => 'application/x-research-info-systems',
+        'rl' => 'application/resource-lists+xml',
+        'rlc' => 'image/vnd.fujixerox.edmics-rlc',
+        'rld' => 'application/resource-lists-diff+xml',
+        'rm' => 'audio/x-pn-realaudio',
+        'rmi' => 'audio/midi',
+        'rmp' => 'audio/x-pn-realaudio-plugin',
+        'rms' => 'application/vnd.jcp.javame.midlet-rms',
+        'rmvb' => 'application/vnd.rn-realmedia-vbr',
+        'rnc' => 'application/relax-ng-compact-syntax',
+        'rng' => 'application/xml',
+        'roa' => 'application/rpki-roa',
+        'roff' => 'text/troff',
+        'rp9' => 'application/vnd.cloanto.rp9',
+        'rpm' => 'audio/x-pn-realaudio-plugin',
+        'rpss' => 'application/vnd.nokia.radio-presets',
+        'rpst' => 'application/vnd.nokia.radio-preset',
+        'rq' => 'application/sparql-query',
+        'rs' => 'application/rls-services+xml',
+        'rsa' => 'application/x-pkcs7',
+        'rsat' => 'application/atsc-rsat+xml',
+        'rsd' => 'application/rsd+xml',
+        'rsheet' => 'application/urc-ressheet+xml',
+        'rss' => 'application/rss+xml',
+        'rtf' => 'text/rtf',
+        'rtx' => 'text/richtext',
+        'run' => 'application/x-makeself',
+        'rusd' => 'application/route-usd+xml',
+        'rv' => 'video/vnd.rn-realvideo',
+        's' => 'text/x-asm',
+        's3m' => 'audio/s3m',
+        'saf' => 'application/vnd.yamaha.smaf-audio',
+        'sass' => 'text/x-sass',
+        'sbml' => 'application/sbml+xml',
+        'sc' => 'application/vnd.ibm.secure-container',
+        'scd' => 'application/x-msschedule',
+        'scm' => 'application/vnd.lotus-screencam',
+        'scq' => 'application/scvp-cv-request',
+        'scs' => 'application/scvp-cv-response',
+        'scss' => 'text/x-scss',
+        'scurl' => 'text/vnd.curl.scurl',
+        'sda' => 'application/vnd.stardivision.draw',
+        'sdc' => 'application/vnd.stardivision.calc',
+        'sdd' => 'application/vnd.stardivision.impress',
+        'sdkd' => 'application/vnd.solent.sdkm+xml',
+        'sdkm' => 'application/vnd.solent.sdkm+xml',
+        'sdp' => 'application/sdp',
+        'sdw' => 'application/vnd.stardivision.writer',
+        'sea' => 'application/octet-stream',
+        'see' => 'application/vnd.seemail',
+        'seed' => 'application/vnd.fdsn.seed',
+        'sema' => 'application/vnd.sema',
+        'semd' => 'application/vnd.semd',
+        'semf' => 'application/vnd.semf',
+        'senmlx' => 'application/senml+xml',
+        'sensmlx' => 'application/sensml+xml',
+        'ser' => 'application/java-serialized-object',
+        'setpay' => 'application/set-payment-initiation',
+        'setreg' => 'application/set-registration-initiation',
+        'sfd-hdstx' => 'application/vnd.hydrostatix.sof-data',
+        'sfs' => 'application/vnd.spotfire.sfs',
+        'sfv' => 'text/x-sfv',
+        'sgi' => 'image/sgi',
+        'sgl' => 'application/vnd.stardivision.writer-global',
+        'sgm' => 'text/sgml',
+        'sgml' => 'text/sgml',
+        'sh' => 'application/x-sh',
+        'shar' => 'application/x-shar',
+        'shex' => 'text/shex',
+        'shf' => 'application/shf+xml',
+        'shtml' => 'text/html',
+        'sid' => 'image/x-mrsid-image',
+        'sieve' => 'application/sieve',
+        'sig' => 'application/pgp-signature',
+        'sil' => 'audio/silk',
+        'silo' => 'model/mesh',
+        'sis' => 'application/vnd.symbian.install',
+        'sisx' => 'application/vnd.symbian.install',
+        'sit' => 'application/x-stuffit',
+        'sitx' => 'application/x-stuffitx',
+        'siv' => 'application/sieve',
+        'skd' => 'application/vnd.koan',
+        'skm' => 'application/vnd.koan',
+        'skp' => 'application/vnd.koan',
+        'skt' => 'application/vnd.koan',
+        'sldm' => 'application/vnd.ms-powerpoint.slide.macroenabled.12',
+        'sldx' => 'application/vnd.openxmlformats-officedocument.presentationml.slide',
+        'slim' => 'text/slim',
+        'slm' => 'text/slim',
+        'sls' => 'application/route-s-tsid+xml',
+        'slt' => 'application/vnd.epson.salt',
+        'sm' => 'application/vnd.stepmania.stepchart',
+        'smf' => 'application/vnd.stardivision.math',
+        'smi' => 'application/smil',
+        'smil' => 'application/smil',
+        'smv' => 'video/x-smv',
+        'smzip' => 'application/vnd.stepmania.package',
+        'snd' => 'audio/basic',
+        'snf' => 'application/x-font-snf',
+        'so' => 'application/octet-stream',
+        'spc' => 'application/x-pkcs7-certificates',
+        'spdx' => 'text/spdx',
+        'spf' => 'application/vnd.yamaha.smaf-phrase',
+        'spl' => 'application/x-futuresplash',
+        'spot' => 'text/vnd.in3d.spot',
+        'spp' => 'application/scvp-vp-response',
+        'spq' => 'application/scvp-vp-request',
+        'spx' => 'audio/ogg',
+        'sql' => 'application/x-sql',
+        'src' => 'application/x-wais-source',
+        'srt' => 'application/x-subrip',
+        'sru' => 'application/sru+xml',
+        'srx' => 'application/sparql-results+xml',
+        'ssdl' => 'application/ssdl+xml',
+        'sse' => 'application/vnd.kodak-descriptor',
+        'ssf' => 'application/vnd.epson.ssf',
+        'ssml' => 'application/ssml+xml',
+        'sst' => 'application/octet-stream',
+        'st' => 'application/vnd.sailingtracker.track',
+        'stc' => 'application/vnd.sun.xml.calc.template',
+        'std' => 'application/vnd.sun.xml.draw.template',
+        'stf' => 'application/vnd.wt.stf',
+        'sti' => 'application/vnd.sun.xml.impress.template',
+        'stk' => 'application/hyperstudio',
+        'stl' => 'model/stl',
+        'stpx' => 'model/step+xml',
+        'stpxz' => 'model/step-xml+zip',
+        'stpz' => 'model/step+zip',
+        'str' => 'application/vnd.pg.format',
+        'stw' => 'application/vnd.sun.xml.writer.template',
+        'styl' => 'text/stylus',
+        'stylus' => 'text/stylus',
+        'sub' => 'text/vnd.dvb.subtitle',
+        'sus' => 'application/vnd.sus-calendar',
+        'susp' => 'application/vnd.sus-calendar',
+        'sv4cpio' => 'application/x-sv4cpio',
+        'sv4crc' => 'application/x-sv4crc',
+        'svc' => 'application/vnd.dvb.service',
+        'svd' => 'application/vnd.svd',
+        'svg' => 'image/svg+xml',
+        'svgz' => 'image/svg+xml',
+        'swa' => 'application/x-director',
+        'swf' => 'application/x-shockwave-flash',
+        'swi' => 'application/vnd.aristanetworks.swi',
+        'swidtag' => 'application/swid+xml',
+        'sxc' => 'application/vnd.sun.xml.calc',
+        'sxd' => 'application/vnd.sun.xml.draw',
+        'sxg' => 'application/vnd.sun.xml.writer.global',
+        'sxi' => 'application/vnd.sun.xml.impress',
+        'sxm' => 'application/vnd.sun.xml.math',
+        'sxw' => 'application/vnd.sun.xml.writer',
+        't' => 'text/troff',
+        't3' => 'application/x-t3vm-image',
+        't38' => 'image/t38',
+        'taglet' => 'application/vnd.mynfc',
+        'tao' => 'application/vnd.tao.intent-module-archive',
+        'tap' => 'image/vnd.tencent.tap',
+        'tar' => 'application/x-tar',
+        'tcap' => 'application/vnd.3gpp2.tcap',
+        'tcl' => 'application/x-tcl',
+        'td' => 'application/urc-targetdesc+xml',
+        'teacher' => 'application/vnd.smart.teacher',
+        'tei' => 'application/tei+xml',
+        'teicorpus' => 'application/tei+xml',
+        'tex' => 'application/x-tex',
+        'texi' => 'application/x-texinfo',
+        'texinfo' => 'application/x-texinfo',
+        'text' => 'text/plain',
+        'tfi' => 'application/thraud+xml',
+        'tfm' => 'application/x-tex-tfm',
+        'tfx' => 'image/tiff-fx',
+        'tga' => 'image/x-tga',
+        'tgz' => 'application/x-tar',
+        'thmx' => 'application/vnd.ms-officetheme',
+        'tif' => 'image/tiff',
+        'tiff' => 'image/tiff',
+        'tk' => 'application/x-tcl',
+        'tmo' => 'application/vnd.tmobile-livetv',
+        'toml' => 'application/toml',
+        'torrent' => 'application/x-bittorrent',
+        'tpl' => 'application/vnd.groove-tool-template',
+        'tpt' => 'application/vnd.trid.tpt',
+        'tr' => 'text/troff',
+        'tra' => 'application/vnd.trueapp',
+        'trig' => 'application/trig',
+        'trm' => 'application/x-msterminal',
+        'ts' => 'video/mp2t',
+        'tsd' => 'application/timestamped-data',
+        'tsv' => 'text/tab-separated-values',
+        'ttc' => 'font/collection',
+        'ttf' => 'font/ttf',
+        'ttl' => 'text/turtle',
+        'ttml' => 'application/ttml+xml',
+        'twd' => 'application/vnd.simtech-mindmapper',
+        'twds' => 'application/vnd.simtech-mindmapper',
+        'txd' => 'application/vnd.genomatix.tuxedo',
+        'txf' => 'application/vnd.mobius.txf',
+        'txt' => 'text/plain',
+        'u3d' => 'model/u3d',
+        'u8dsn' => 'message/global-delivery-status',
+        'u8hdr' => 'message/global-headers',
+        'u8mdn' => 'message/global-disposition-notification',
+        'u8msg' => 'message/global',
+        'u32' => 'application/x-authorware-bin',
+        'ubj' => 'application/ubjson',
+        'udeb' => 'application/x-debian-package',
+        'ufd' => 'application/vnd.ufdl',
+        'ufdl' => 'application/vnd.ufdl',
+        'ulx' => 'application/x-glulx',
+        'umj' => 'application/vnd.umajin',
+        'unityweb' => 'application/vnd.unity',
+        'uoml' => 'application/vnd.uoml+xml',
+        'uri' => 'text/uri-list',
+        'uris' => 'text/uri-list',
+        'urls' => 'text/uri-list',
+        'usdz' => 'model/vnd.usdz+zip',
+        'ustar' => 'application/x-ustar',
+        'utz' => 'application/vnd.uiq.theme',
+        'uu' => 'text/x-uuencode',
+        'uva' => 'audio/vnd.dece.audio',
+        'uvd' => 'application/vnd.dece.data',
+        'uvf' => 'application/vnd.dece.data',
+        'uvg' => 'image/vnd.dece.graphic',
+        'uvh' => 'video/vnd.dece.hd',
+        'uvi' => 'image/vnd.dece.graphic',
+        'uvm' => 'video/vnd.dece.mobile',
+        'uvp' => 'video/vnd.dece.pd',
+        'uvs' => 'video/vnd.dece.sd',
+        'uvt' => 'application/vnd.dece.ttml+xml',
+        'uvu' => 'video/vnd.uvvu.mp4',
+        'uvv' => 'video/vnd.dece.video',
+        'uvva' => 'audio/vnd.dece.audio',
+        'uvvd' => 'application/vnd.dece.data',
+        'uvvf' => 'application/vnd.dece.data',
+        'uvvg' => 'image/vnd.dece.graphic',
+        'uvvh' => 'video/vnd.dece.hd',
+        'uvvi' => 'image/vnd.dece.graphic',
+        'uvvm' => 'video/vnd.dece.mobile',
+        'uvvp' => 'video/vnd.dece.pd',
+        'uvvs' => 'video/vnd.dece.sd',
+        'uvvt' => 'application/vnd.dece.ttml+xml',
+        'uvvu' => 'video/vnd.uvvu.mp4',
+        'uvvv' => 'video/vnd.dece.video',
+        'uvvx' => 'application/vnd.dece.unspecified',
+        'uvvz' => 'application/vnd.dece.zip',
+        'uvx' => 'application/vnd.dece.unspecified',
+        'uvz' => 'application/vnd.dece.zip',
+        'vbox' => 'application/x-virtualbox-vbox',
+        'vbox-extpack' => 'application/x-virtualbox-vbox-extpack',
+        'vcard' => 'text/vcard',
+        'vcd' => 'application/x-cdlink',
+        'vcf' => 'text/x-vcard',
+        'vcg' => 'application/vnd.groove-vcard',
+        'vcs' => 'text/x-vcalendar',
+        'vcx' => 'application/vnd.vcx',
+        'vdi' => 'application/x-virtualbox-vdi',
+        'vds' => 'model/vnd.sap.vds',
+        'vhd' => 'application/x-virtualbox-vhd',
+        'vis' => 'application/vnd.visionary',
+        'viv' => 'video/vnd.vivo',
+        'vlc' => 'application/videolan',
+        'vmdk' => 'application/x-virtualbox-vmdk',
+        'vob' => 'video/x-ms-vob',
+        'vor' => 'application/vnd.stardivision.writer',
+        'vox' => 'application/x-authorware-bin',
+        'vrml' => 'model/vrml',
+        'vsd' => 'application/vnd.visio',
+        'vsf' => 'application/vnd.vsf',
+        'vss' => 'application/vnd.visio',
+        'vst' => 'application/vnd.visio',
+        'vsw' => 'application/vnd.visio',
+        'vtf' => 'image/vnd.valve.source.texture',
+        'vtt' => 'text/vtt',
+        'vtu' => 'model/vnd.vtu',
+        'vxml' => 'application/voicexml+xml',
+        'w3d' => 'application/x-director',
+        'wad' => 'application/x-doom',
+        'wadl' => 'application/vnd.sun.wadl+xml',
+        'war' => 'application/java-archive',
+        'wasm' => 'application/wasm',
+        'wav' => 'audio/x-wav',
+        'wax' => 'audio/x-ms-wax',
+        'wbmp' => 'image/vnd.wap.wbmp',
+        'wbs' => 'application/vnd.criticaltools.wbs+xml',
+        'wbxml' => 'application/wbxml',
+        'wcm' => 'application/vnd.ms-works',
+        'wdb' => 'application/vnd.ms-works',
+        'wdp' => 'image/vnd.ms-photo',
+        'weba' => 'audio/webm',
+        'webapp' => 'application/x-web-app-manifest+json',
+        'webm' => 'video/webm',
+        'webmanifest' => 'application/manifest+json',
+        'webp' => 'image/webp',
+        'wg' => 'application/vnd.pmi.widget',
+        'wgt' => 'application/widget',
+        'wif' => 'application/watcherinfo+xml',
+        'wks' => 'application/vnd.ms-works',
+        'wm' => 'video/x-ms-wm',
+        'wma' => 'audio/x-ms-wma',
+        'wmd' => 'application/x-ms-wmd',
+        'wmf' => 'image/wmf',
+        'wml' => 'text/vnd.wap.wml',
+        'wmlc' => 'application/wmlc',
+        'wmls' => 'text/vnd.wap.wmlscript',
+        'wmlsc' => 'application/vnd.wap.wmlscriptc',
+        'wmv' => 'video/x-ms-wmv',
+        'wmx' => 'video/x-ms-wmx',
+        'wmz' => 'application/x-msmetafile',
+        'woff' => 'font/woff',
+        'woff2' => 'font/woff2',
+        'word' => 'application/msword',
+        'wpd' => 'application/vnd.wordperfect',
+        'wpl' => 'application/vnd.ms-wpl',
+        'wps' => 'application/vnd.ms-works',
+        'wqd' => 'application/vnd.wqd',
+        'wri' => 'application/x-mswrite',
+        'wrl' => 'model/vrml',
+        'wsc' => 'message/vnd.wfa.wsc',
+        'wsdl' => 'application/wsdl+xml',
+        'wspolicy' => 'application/wspolicy+xml',
+        'wtb' => 'application/vnd.webturbo',
+        'wvx' => 'video/x-ms-wvx',
+        'x3d' => 'model/x3d+xml',
+        'x3db' => 'model/x3d+fastinfoset',
+        'x3dbz' => 'model/x3d+binary',
+        'x3dv' => 'model/x3d-vrml',
+        'x3dvz' => 'model/x3d+vrml',
+        'x3dz' => 'model/x3d+xml',
+        'x32' => 'application/x-authorware-bin',
+        'x_b' => 'model/vnd.parasolid.transmit.binary',
+        'x_t' => 'model/vnd.parasolid.transmit.text',
+        'xaml' => 'application/xaml+xml',
+        'xap' => 'application/x-silverlight-app',
+        'xar' => 'application/vnd.xara',
+        'xav' => 'application/xcap-att+xml',
+        'xbap' => 'application/x-ms-xbap',
+        'xbd' => 'application/vnd.fujixerox.docuworks.binder',
+        'xbm' => 'image/x-xbitmap',
+        'xca' => 'application/xcap-caps+xml',
+        'xcs' => 'application/calendar+xml',
+        'xdf' => 'application/xcap-diff+xml',
+        'xdm' => 'application/vnd.syncml.dm+xml',
+        'xdp' => 'application/vnd.adobe.xdp+xml',
+        'xdssc' => 'application/dssc+xml',
+        'xdw' => 'application/vnd.fujixerox.docuworks',
+        'xel' => 'application/xcap-el+xml',
+        'xenc' => 'application/xenc+xml',
+        'xer' => 'application/patch-ops-error+xml',
+        'xfdf' => 'application/vnd.adobe.xfdf',
+        'xfdl' => 'application/vnd.xfdl',
+        'xht' => 'application/xhtml+xml',
+        'xhtml' => 'application/xhtml+xml',
+        'xhvml' => 'application/xv+xml',
+        'xif' => 'image/vnd.xiff',
+        'xl' => 'application/excel',
+        'xla' => 'application/vnd.ms-excel',
+        'xlam' => 'application/vnd.ms-excel.addin.macroEnabled.12',
+        'xlc' => 'application/vnd.ms-excel',
+        'xlf' => 'application/xliff+xml',
+        'xlm' => 'application/vnd.ms-excel',
+        'xls' => 'application/vnd.ms-excel',
+        'xlsb' => 'application/vnd.ms-excel.sheet.binary.macroEnabled.12',
+        'xlsm' => 'application/vnd.ms-excel.sheet.macroEnabled.12',
+        'xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+        'xlt' => 'application/vnd.ms-excel',
+        'xltm' => 'application/vnd.ms-excel.template.macroEnabled.12',
+        'xltx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.template',
+        'xlw' => 'application/vnd.ms-excel',
+        'xm' => 'audio/xm',
+        'xml' => 'application/xml',
+        'xns' => 'application/xcap-ns+xml',
+        'xo' => 'application/vnd.olpc-sugar',
+        'xop' => 'application/xop+xml',
+        'xpi' => 'application/x-xpinstall',
+        'xpl' => 'application/xproc+xml',
+        'xpm' => 'image/x-xpixmap',
+        'xpr' => 'application/vnd.is-xpr',
+        'xps' => 'application/vnd.ms-xpsdocument',
+        'xpw' => 'application/vnd.intercon.formnet',
+        'xpx' => 'application/vnd.intercon.formnet',
+        'xsd' => 'application/xml',
+        'xsl' => 'application/xml',
+        'xslt' => 'application/xslt+xml',
+        'xsm' => 'application/vnd.syncml+xml',
+        'xspf' => 'application/xspf+xml',
+        'xul' => 'application/vnd.mozilla.xul+xml',
+        'xvm' => 'application/xv+xml',
+        'xvml' => 'application/xv+xml',
+        'xwd' => 'image/x-xwindowdump',
+        'xyz' => 'chemical/x-xyz',
+        'xz' => 'application/x-xz',
+        'yaml' => 'text/yaml',
+        'yang' => 'application/yang',
+        'yin' => 'application/yin+xml',
+        'yml' => 'text/yaml',
+        'ymp' => 'text/x-suse-ymp',
+        'z' => 'application/x-compress',
+        'z1' => 'application/x-zmachine',
+        'z2' => 'application/x-zmachine',
+        'z3' => 'application/x-zmachine',
+        'z4' => 'application/x-zmachine',
+        'z5' => 'application/x-zmachine',
+        'z6' => 'application/x-zmachine',
+        'z7' => 'application/x-zmachine',
+        'z8' => 'application/x-zmachine',
+        'zaz' => 'application/vnd.zzazz.deck+xml',
+        'zip' => 'application/zip',
+        'zir' => 'application/vnd.zul',
+        'zirz' => 'application/vnd.zul',
+        'zmm' => 'application/vnd.handheld-entertainment+xml',
+        'zsh' => 'text/x-scriptzsh',
+    ];
+
+    /**
+     * Determines the mimetype of a file by looking at its extension.
+     *
+     * @link https://raw.githubusercontent.com/jshttp/mime-db/master/db.json
+     */
+    public static function fromFilename(string $filename): ?string
+    {
+        return self::fromExtension(pathinfo($filename, PATHINFO_EXTENSION));
+    }
+
+    /**
+     * Maps a file extensions to a mimetype.
+     *
+     * @link https://raw.githubusercontent.com/jshttp/mime-db/master/db.json
+     */
+    public static function fromExtension(string $extension): ?string
+    {
+        return self::MIME_TYPES[strtolower($extension)] ?? null;
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/MultipartStream.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/MultipartStream.php
new file mode 100644
index 000000000..3e12b74d1
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/MultipartStream.php
@@ -0,0 +1,159 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\StreamInterface;
+
+/**
+ * Stream that when read returns bytes for a streaming multipart or
+ * multipart/form-data stream.
+ */
+final class MultipartStream implements StreamInterface
+{
+    use StreamDecoratorTrait;
+
+    /** @var string */
+    private $boundary;
+
+    /** @var StreamInterface */
+    private $stream;
+
+    /**
+     * @param array  $elements Array of associative arrays, each containing a
+     *                         required "name" key mapping to the form field,
+     *                         name, a required "contents" key mapping to a
+     *                         StreamInterface/resource/string, an optional
+     *                         "headers" associative array of custom headers,
+     *                         and an optional "filename" key mapping to a
+     *                         string to send as the filename in the part.
+     * @param string $boundary You can optionally provide a specific boundary
+     *
+     * @throws \InvalidArgumentException
+     */
+    public function __construct(array $elements = [], string $boundary = null)
+    {
+        $this->boundary = $boundary ?: bin2hex(random_bytes(20));
+        $this->stream = $this->createStream($elements);
+    }
+
+    public function getBoundary(): string
+    {
+        return $this->boundary;
+    }
+
+    public function isWritable(): bool
+    {
+        return false;
+    }
+
+    /**
+     * Get the headers needed before transferring the content of a POST file
+     *
+     * @param array<string, string> $headers
+     */
+    private function getHeaders(array $headers): string
+    {
+        $str = '';
+        foreach ($headers as $key => $value) {
+            $str .= "{$key}: {$value}\r\n";
+        }
+
+        return "--{$this->boundary}\r\n" . trim($str) . "\r\n\r\n";
+    }
+
+    /**
+     * Create the aggregate stream that will be used to upload the POST data
+     */
+    protected function createStream(array $elements = []): StreamInterface
+    {
+        $stream = new AppendStream();
+
+        foreach ($elements as $element) {
+            if (!is_array($element)) {
+                throw new \UnexpectedValueException("An array is expected");
+            }
+            $this->addElement($stream, $element);
+        }
+
+        // Add the trailing boundary with CRLF
+        $stream->addStream(Utils::streamFor("--{$this->boundary}--\r\n"));
+
+        return $stream;
+    }
+
+    private function addElement(AppendStream $stream, array $element): void
+    {
+        foreach (['contents', 'name'] as $key) {
+            if (!array_key_exists($key, $element)) {
+                throw new \InvalidArgumentException("A '{$key}' key is required");
+            }
+        }
+
+        $element['contents'] = Utils::streamFor($element['contents']);
+
+        if (empty($element['filename'])) {
+            $uri = $element['contents']->getMetadata('uri');
+            if ($uri && \is_string($uri) && \substr($uri, 0, 6) !== 'php://' && \substr($uri, 0, 7) !== 'data://') {
+                $element['filename'] = $uri;
+            }
+        }
+
+        [$body, $headers] = $this->createElement(
+            $element['name'],
+            $element['contents'],
+            $element['filename'] ?? null,
+            $element['headers'] ?? []
+        );
+
+        $stream->addStream(Utils::streamFor($this->getHeaders($headers)));
+        $stream->addStream($body);
+        $stream->addStream(Utils::streamFor("\r\n"));
+    }
+
+    private function createElement(string $name, StreamInterface $stream, ?string $filename, array $headers): array
+    {
+        // Set a default content-disposition header if one was no provided
+        $disposition = $this->getHeader($headers, 'content-disposition');
+        if (!$disposition) {
+            $headers['Content-Disposition'] = ($filename === '0' || $filename)
+                ? sprintf(
+                    'form-data; name="%s"; filename="%s"',
+                    $name,
+                    basename($filename)
+                )
+                : "form-data; name=\"{$name}\"";
+        }
+
+        // Set a default content-length header if one was no provided
+        $length = $this->getHeader($headers, 'content-length');
+        if (!$length) {
+            if ($length = $stream->getSize()) {
+                $headers['Content-Length'] = (string) $length;
+            }
+        }
+
+        // Set a default Content-Type if one was not supplied
+        $type = $this->getHeader($headers, 'content-type');
+        if (!$type && ($filename === '0' || $filename)) {
+            if ($type = MimeType::fromFilename($filename)) {
+                $headers['Content-Type'] = $type;
+            }
+        }
+
+        return [$stream, $headers];
+    }
+
+    private function getHeader(array $headers, string $key)
+    {
+        $lowercaseHeader = strtolower($key);
+        foreach ($headers as $k => $v) {
+            if (strtolower($k) === $lowercaseHeader) {
+                return $v;
+            }
+        }
+
+        return null;
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/NoSeekStream.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/NoSeekStream.php
new file mode 100644
index 000000000..161a224f0
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/NoSeekStream.php
@@ -0,0 +1,28 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\StreamInterface;
+
+/**
+ * Stream decorator that prevents a stream from being seeked.
+ */
+final class NoSeekStream implements StreamInterface
+{
+    use StreamDecoratorTrait;
+
+    /** @var StreamInterface */
+    private $stream;
+
+    public function seek($offset, $whence = SEEK_SET): void
+    {
+        throw new \RuntimeException('Cannot seek a NoSeekStream');
+    }
+
+    public function isSeekable(): bool
+    {
+        return false;
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/PumpStream.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/PumpStream.php
new file mode 100644
index 000000000..e90389c3b
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/PumpStream.php
@@ -0,0 +1,179 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\StreamInterface;
+
+/**
+ * Provides a read only stream that pumps data from a PHP callable.
+ *
+ * When invoking the provided callable, the PumpStream will pass the amount of
+ * data requested to read to the callable. The callable can choose to ignore
+ * this value and return fewer or more bytes than requested. Any extra data
+ * returned by the provided callable is buffered internally until drained using
+ * the read() function of the PumpStream. The provided callable MUST return
+ * false when there is no more data to read.
+ */
+final class PumpStream implements StreamInterface
+{
+    /** @var callable|null */
+    private $source;
+
+    /** @var int|null */
+    private $size;
+
+    /** @var int */
+    private $tellPos = 0;
+
+    /** @var array */
+    private $metadata;
+
+    /** @var BufferStream */
+    private $buffer;
+
+    /**
+     * @param callable(int): (string|null|false)  $source  Source of the stream data. The callable MAY
+     *                                                     accept an integer argument used to control the
+     *                                                     amount of data to return. The callable MUST
+     *                                                     return a string when called, or false|null on error
+     *                                                     or EOF.
+     * @param array{size?: int, metadata?: array} $options Stream options:
+     *                                                     - metadata: Hash of metadata to use with stream.
+     *                                                     - size: Size of the stream, if known.
+     */
+    public function __construct(callable $source, array $options = [])
+    {
+        $this->source = $source;
+        $this->size = $options['size'] ?? null;
+        $this->metadata = $options['metadata'] ?? [];
+        $this->buffer = new BufferStream();
+    }
+
+    public function __toString(): string
+    {
+        try {
+            return Utils::copyToString($this);
+        } catch (\Throwable $e) {
+            if (\PHP_VERSION_ID >= 70400) {
+                throw $e;
+            }
+            trigger_error(sprintf('%s::__toString exception: %s', self::class, (string) $e), E_USER_ERROR);
+            return '';
+        }
+    }
+
+    public function close(): void
+    {
+        $this->detach();
+    }
+
+    public function detach()
+    {
+        $this->tellPos = 0;
+        $this->source = null;
+
+        return null;
+    }
+
+    public function getSize(): ?int
+    {
+        return $this->size;
+    }
+
+    public function tell(): int
+    {
+        return $this->tellPos;
+    }
+
+    public function eof(): bool
+    {
+        return $this->source === null;
+    }
+
+    public function isSeekable(): bool
+    {
+        return false;
+    }
+
+    public function rewind(): void
+    {
+        $this->seek(0);
+    }
+
+    public function seek($offset, $whence = SEEK_SET): void
+    {
+        throw new \RuntimeException('Cannot seek a PumpStream');
+    }
+
+    public function isWritable(): bool
+    {
+        return false;
+    }
+
+    public function write($string): int
+    {
+        throw new \RuntimeException('Cannot write to a PumpStream');
+    }
+
+    public function isReadable(): bool
+    {
+        return true;
+    }
+
+    public function read($length): string
+    {
+        $data = $this->buffer->read($length);
+        $readLen = strlen($data);
+        $this->tellPos += $readLen;
+        $remaining = $length - $readLen;
+
+        if ($remaining) {
+            $this->pump($remaining);
+            $data .= $this->buffer->read($remaining);
+            $this->tellPos += strlen($data) - $readLen;
+        }
+
+        return $data;
+    }
+
+    public function getContents(): string
+    {
+        $result = '';
+        while (!$this->eof()) {
+            $result .= $this->read(1000000);
+        }
+
+        return $result;
+    }
+
+    /**
+     * {@inheritdoc}
+     *
+     * @return mixed
+     */
+    public function getMetadata($key = null)
+    {
+        if (!$key) {
+            return $this->metadata;
+        }
+
+        return $this->metadata[$key] ?? null;
+    }
+
+    private function pump(int $length): void
+    {
+        if ($this->source) {
+            do {
+                $data = call_user_func($this->source, $length);
+                if ($data === false || $data === null) {
+                    $this->source = null;
+                    return;
+                }
+                $this->buffer->write($data);
+                $length -= strlen($data);
+            } while ($length > 0);
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Query.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Query.php
new file mode 100644
index 000000000..2faab3a88
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Query.php
@@ -0,0 +1,113 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+final class Query
+{
+    /**
+     * Parse a query string into an associative array.
+     *
+     * If multiple values are found for the same key, the value of that key
+     * value pair will become an array. This function does not parse nested
+     * PHP style arrays into an associative array (e.g., `foo[a]=1&foo[b]=2`
+     * will be parsed into `['foo[a]' => '1', 'foo[b]' => '2'])`.
+     *
+     * @param string   $str         Query string to parse
+     * @param int|bool $urlEncoding How the query string is encoded
+     */
+    public static function parse(string $str, $urlEncoding = true): array
+    {
+        $result = [];
+
+        if ($str === '') {
+            return $result;
+        }
+
+        if ($urlEncoding === true) {
+            $decoder = function ($value) {
+                return rawurldecode(str_replace('+', ' ', (string) $value));
+            };
+        } elseif ($urlEncoding === PHP_QUERY_RFC3986) {
+            $decoder = 'rawurldecode';
+        } elseif ($urlEncoding === PHP_QUERY_RFC1738) {
+            $decoder = 'urldecode';
+        } else {
+            $decoder = function ($str) {
+                return $str;
+            };
+        }
+
+        foreach (explode('&', $str) as $kvp) {
+            $parts = explode('=', $kvp, 2);
+            $key = $decoder($parts[0]);
+            $value = isset($parts[1]) ? $decoder($parts[1]) : null;
+            if (!array_key_exists($key, $result)) {
+                $result[$key] = $value;
+            } else {
+                if (!is_array($result[$key])) {
+                    $result[$key] = [$result[$key]];
+                }
+                $result[$key][] = $value;
+            }
+        }
+
+        return $result;
+    }
+
+    /**
+     * Build a query string from an array of key value pairs.
+     *
+     * This function can use the return value of `parse()` to build a query
+     * string. This function does not modify the provided keys when an array is
+     * encountered (like `http_build_query()` would).
+     *
+     * @param array     $params   Query string parameters.
+     * @param int|false $encoding Set to false to not encode, PHP_QUERY_RFC3986
+     *                            to encode using RFC3986, or PHP_QUERY_RFC1738
+     *                            to encode using RFC1738.
+     */
+    public static function build(array $params, $encoding = PHP_QUERY_RFC3986): string
+    {
+        if (!$params) {
+            return '';
+        }
+
+        if ($encoding === false) {
+            $encoder = function (string $str): string {
+                return $str;
+            };
+        } elseif ($encoding === PHP_QUERY_RFC3986) {
+            $encoder = 'rawurlencode';
+        } elseif ($encoding === PHP_QUERY_RFC1738) {
+            $encoder = 'urlencode';
+        } else {
+            throw new \InvalidArgumentException('Invalid type');
+        }
+
+        $qs = '';
+        foreach ($params as $k => $v) {
+            $k = $encoder((string) $k);
+            if (!is_array($v)) {
+                $qs .= $k;
+                $v = is_bool($v) ? (int) $v : $v;
+                if ($v !== null) {
+                    $qs .= '=' . $encoder((string) $v);
+                }
+                $qs .= '&';
+            } else {
+                foreach ($v as $vv) {
+                    $qs .= $k;
+                    $vv = is_bool($vv) ? (int) $vv : $vv;
+                    if ($vv !== null) {
+                        $qs .= '=' . $encoder((string) $vv);
+                    }
+                    $qs .= '&';
+                }
+            }
+        }
+
+        return $qs ? (string) substr($qs, 0, -1) : '';
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Request.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Request.php
new file mode 100644
index 000000000..b17af66a2
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Request.php
@@ -0,0 +1,157 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use InvalidArgumentException;
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\StreamInterface;
+use Psr\Http\Message\UriInterface;
+
+/**
+ * PSR-7 request implementation.
+ */
+class Request implements RequestInterface
+{
+    use MessageTrait;
+
+    /** @var string */
+    private $method;
+
+    /** @var string|null */
+    private $requestTarget;
+
+    /** @var UriInterface */
+    private $uri;
+
+    /**
+     * @param string                               $method  HTTP method
+     * @param string|UriInterface                  $uri     URI
+     * @param array<string, string|string[]>       $headers Request headers
+     * @param string|resource|StreamInterface|null $body    Request body
+     * @param string                               $version Protocol version
+     */
+    public function __construct(
+        string $method,
+        $uri,
+        array $headers = [],
+        $body = null,
+        string $version = '1.1'
+    ) {
+        $this->assertMethod($method);
+        if (!($uri instanceof UriInterface)) {
+            $uri = new Uri($uri);
+        }
+
+        $this->method = strtoupper($method);
+        $this->uri = $uri;
+        $this->setHeaders($headers);
+        $this->protocol = $version;
+
+        if (!isset($this->headerNames['host'])) {
+            $this->updateHostFromUri();
+        }
+
+        if ($body !== '' && $body !== null) {
+            $this->stream = Utils::streamFor($body);
+        }
+    }
+
+    public function getRequestTarget(): string
+    {
+        if ($this->requestTarget !== null) {
+            return $this->requestTarget;
+        }
+
+        $target = $this->uri->getPath();
+        if ($target === '') {
+            $target = '/';
+        }
+        if ($this->uri->getQuery() != '') {
+            $target .= '?' . $this->uri->getQuery();
+        }
+
+        return $target;
+    }
+
+    public function withRequestTarget($requestTarget): RequestInterface
+    {
+        if (preg_match('#\s#', $requestTarget)) {
+            throw new InvalidArgumentException(
+                'Invalid request target provided; cannot contain whitespace'
+            );
+        }
+
+        $new = clone $this;
+        $new->requestTarget = $requestTarget;
+        return $new;
+    }
+
+    public function getMethod(): string
+    {
+        return $this->method;
+    }
+
+    public function withMethod($method): RequestInterface
+    {
+        $this->assertMethod($method);
+        $new = clone $this;
+        $new->method = strtoupper($method);
+        return $new;
+    }
+
+    public function getUri(): UriInterface
+    {
+        return $this->uri;
+    }
+
+    public function withUri(UriInterface $uri, $preserveHost = false): RequestInterface
+    {
+        if ($uri === $this->uri) {
+            return $this;
+        }
+
+        $new = clone $this;
+        $new->uri = $uri;
+
+        if (!$preserveHost || !isset($this->headerNames['host'])) {
+            $new->updateHostFromUri();
+        }
+
+        return $new;
+    }
+
+    private function updateHostFromUri(): void
+    {
+        $host = $this->uri->getHost();
+
+        if ($host == '') {
+            return;
+        }
+
+        if (($port = $this->uri->getPort()) !== null) {
+            $host .= ':' . $port;
+        }
+
+        if (isset($this->headerNames['host'])) {
+            $header = $this->headerNames['host'];
+        } else {
+            $header = 'Host';
+            $this->headerNames['host'] = 'Host';
+        }
+        // Ensure Host is the first header.
+        // See: http://tools.ietf.org/html/rfc7230#section-5.4
+        $this->headers = [$header => [$host]] + $this->headers;
+    }
+
+    /**
+     * @param mixed $method
+     */
+    private function assertMethod($method): void
+    {
+        if (!is_string($method) || $method === '') {
+            throw new InvalidArgumentException('Method must be a non-empty string.');
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Response.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Response.php
new file mode 100644
index 000000000..4c6ee6f03
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Response.php
@@ -0,0 +1,160 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\StreamInterface;
+
+/**
+ * PSR-7 response implementation.
+ */
+class Response implements ResponseInterface
+{
+    use MessageTrait;
+
+    /** Map of standard HTTP status code/reason phrases */
+    private const PHRASES = [
+        100 => 'Continue',
+        101 => 'Switching Protocols',
+        102 => 'Processing',
+        200 => 'OK',
+        201 => 'Created',
+        202 => 'Accepted',
+        203 => 'Non-Authoritative Information',
+        204 => 'No Content',
+        205 => 'Reset Content',
+        206 => 'Partial Content',
+        207 => 'Multi-status',
+        208 => 'Already Reported',
+        300 => 'Multiple Choices',
+        301 => 'Moved Permanently',
+        302 => 'Found',
+        303 => 'See Other',
+        304 => 'Not Modified',
+        305 => 'Use Proxy',
+        306 => 'Switch Proxy',
+        307 => 'Temporary Redirect',
+        308 => 'Permanent Redirect',
+        400 => 'Bad Request',
+        401 => 'Unauthorized',
+        402 => 'Payment Required',
+        403 => 'Forbidden',
+        404 => 'Not Found',
+        405 => 'Method Not Allowed',
+        406 => 'Not Acceptable',
+        407 => 'Proxy Authentication Required',
+        408 => 'Request Time-out',
+        409 => 'Conflict',
+        410 => 'Gone',
+        411 => 'Length Required',
+        412 => 'Precondition Failed',
+        413 => 'Request Entity Too Large',
+        414 => 'Request-URI Too Large',
+        415 => 'Unsupported Media Type',
+        416 => 'Requested range not satisfiable',
+        417 => 'Expectation Failed',
+        418 => 'I\'m a teapot',
+        422 => 'Unprocessable Entity',
+        423 => 'Locked',
+        424 => 'Failed Dependency',
+        425 => 'Unordered Collection',
+        426 => 'Upgrade Required',
+        428 => 'Precondition Required',
+        429 => 'Too Many Requests',
+        431 => 'Request Header Fields Too Large',
+        451 => 'Unavailable For Legal Reasons',
+        500 => 'Internal Server Error',
+        501 => 'Not Implemented',
+        502 => 'Bad Gateway',
+        503 => 'Service Unavailable',
+        504 => 'Gateway Time-out',
+        505 => 'HTTP Version not supported',
+        506 => 'Variant Also Negotiates',
+        507 => 'Insufficient Storage',
+        508 => 'Loop Detected',
+        510 => 'Not Extended',
+        511 => 'Network Authentication Required',
+    ];
+
+    /** @var string */
+    private $reasonPhrase;
+
+    /** @var int */
+    private $statusCode;
+
+    /**
+     * @param int                                  $status  Status code
+     * @param array<string, string|string[]>       $headers Response headers
+     * @param string|resource|StreamInterface|null $body    Response body
+     * @param string                               $version Protocol version
+     * @param string|null                          $reason  Reason phrase (when empty a default will be used based on the status code)
+     */
+    public function __construct(
+        int $status = 200,
+        array $headers = [],
+        $body = null,
+        string $version = '1.1',
+        string $reason = null
+    ) {
+        $this->assertStatusCodeRange($status);
+
+        $this->statusCode = $status;
+
+        if ($body !== '' && $body !== null) {
+            $this->stream = Utils::streamFor($body);
+        }
+
+        $this->setHeaders($headers);
+        if ($reason == '' && isset(self::PHRASES[$this->statusCode])) {
+            $this->reasonPhrase = self::PHRASES[$this->statusCode];
+        } else {
+            $this->reasonPhrase = (string) $reason;
+        }
+
+        $this->protocol = $version;
+    }
+
+    public function getStatusCode(): int
+    {
+        return $this->statusCode;
+    }
+
+    public function getReasonPhrase(): string
+    {
+        return $this->reasonPhrase;
+    }
+
+    public function withStatus($code, $reasonPhrase = ''): ResponseInterface
+    {
+        $this->assertStatusCodeIsInteger($code);
+        $code = (int) $code;
+        $this->assertStatusCodeRange($code);
+
+        $new = clone $this;
+        $new->statusCode = $code;
+        if ($reasonPhrase == '' && isset(self::PHRASES[$new->statusCode])) {
+            $reasonPhrase = self::PHRASES[$new->statusCode];
+        }
+        $new->reasonPhrase = (string) $reasonPhrase;
+        return $new;
+    }
+
+    /**
+     * @param mixed $statusCode
+     */
+    private function assertStatusCodeIsInteger($statusCode): void
+    {
+        if (filter_var($statusCode, FILTER_VALIDATE_INT) === false) {
+            throw new \InvalidArgumentException('Status code must be an integer value.');
+        }
+    }
+
+    private function assertStatusCodeRange(int $statusCode): void
+    {
+        if ($statusCode < 100 || $statusCode >= 600) {
+            throw new \InvalidArgumentException('Status code must be an integer value between 1xx and 5xx.');
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Rfc7230.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Rfc7230.php
new file mode 100644
index 000000000..30224018d
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Rfc7230.php
@@ -0,0 +1,23 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+/**
+ * @internal
+ */
+final class Rfc7230
+{
+    /**
+     * Header related regular expressions (based on amphp/http package)
+     *
+     * Note: header delimiter (\r\n) is modified to \r?\n to accept line feed only delimiters for BC reasons.
+     *
+     * @link    https://github.com/amphp/http/blob/v1.0.1/src/Rfc7230.php#L12-L15
+     *
+     * @license https://github.com/amphp/http/blob/v1.0.1/LICENSE
+     */
+    public const HEADER_REGEX = "(^([^()<>@,;:\\\"/[\]?={}\x01-\x20\x7F]++):[ \t]*+((?:[ \t]*+[\x21-\x7E\x80-\xFF]++)*+)[ \t]*+\r?\n)m";
+    public const HEADER_FOLD_REGEX = "(\r?\n[ \t]++)";
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/ServerRequest.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/ServerRequest.php
new file mode 100644
index 000000000..43cbb502e
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/ServerRequest.php
@@ -0,0 +1,344 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use InvalidArgumentException;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Message\StreamInterface;
+use Psr\Http\Message\UploadedFileInterface;
+use Psr\Http\Message\UriInterface;
+
+/**
+ * Server-side HTTP request
+ *
+ * Extends the Request definition to add methods for accessing incoming data,
+ * specifically server parameters, cookies, matched path parameters, query
+ * string arguments, body parameters, and upload file information.
+ *
+ * "Attributes" are discovered via decomposing the request (and usually
+ * specifically the URI path), and typically will be injected by the application.
+ *
+ * Requests are considered immutable; all methods that might change state are
+ * implemented such that they retain the internal state of the current
+ * message and return a new instance that contains the changed state.
+ */
+class ServerRequest extends Request implements ServerRequestInterface
+{
+    /**
+     * @var array
+     */
+    private $attributes = [];
+
+    /**
+     * @var array
+     */
+    private $cookieParams = [];
+
+    /**
+     * @var array|object|null
+     */
+    private $parsedBody;
+
+    /**
+     * @var array
+     */
+    private $queryParams = [];
+
+    /**
+     * @var array
+     */
+    private $serverParams;
+
+    /**
+     * @var array
+     */
+    private $uploadedFiles = [];
+
+    /**
+     * @param string                               $method       HTTP method
+     * @param string|UriInterface                  $uri          URI
+     * @param array<string, string|string[]>       $headers      Request headers
+     * @param string|resource|StreamInterface|null $body         Request body
+     * @param string                               $version      Protocol version
+     * @param array                                $serverParams Typically the $_SERVER superglobal
+     */
+    public function __construct(
+        string $method,
+        $uri,
+        array $headers = [],
+        $body = null,
+        string $version = '1.1',
+        array $serverParams = []
+    ) {
+        $this->serverParams = $serverParams;
+
+        parent::__construct($method, $uri, $headers, $body, $version);
+    }
+
+    /**
+     * Return an UploadedFile instance array.
+     *
+     * @param array $files An array which respect $_FILES structure
+     *
+     * @throws InvalidArgumentException for unrecognized values
+     */
+    public static function normalizeFiles(array $files): array
+    {
+        $normalized = [];
+
+        foreach ($files as $key => $value) {
+            if ($value instanceof UploadedFileInterface) {
+                $normalized[$key] = $value;
+            } elseif (is_array($value) && isset($value['tmp_name'])) {
+                $normalized[$key] = self::createUploadedFileFromSpec($value);
+            } elseif (is_array($value)) {
+                $normalized[$key] = self::normalizeFiles($value);
+                continue;
+            } else {
+                throw new InvalidArgumentException('Invalid value in files specification');
+            }
+        }
+
+        return $normalized;
+    }
+
+    /**
+     * Create and return an UploadedFile instance from a $_FILES specification.
+     *
+     * If the specification represents an array of values, this method will
+     * delegate to normalizeNestedFileSpec() and return that return value.
+     *
+     * @param array $value $_FILES struct
+     *
+     * @return UploadedFileInterface|UploadedFileInterface[]
+     */
+    private static function createUploadedFileFromSpec(array $value)
+    {
+        if (is_array($value['tmp_name'])) {
+            return self::normalizeNestedFileSpec($value);
+        }
+
+        return new UploadedFile(
+            $value['tmp_name'],
+            (int) $value['size'],
+            (int) $value['error'],
+            $value['name'],
+            $value['type']
+        );
+    }
+
+    /**
+     * Normalize an array of file specifications.
+     *
+     * Loops through all nested files and returns a normalized array of
+     * UploadedFileInterface instances.
+     *
+     * @return UploadedFileInterface[]
+     */
+    private static function normalizeNestedFileSpec(array $files = []): array
+    {
+        $normalizedFiles = [];
+
+        foreach (array_keys($files['tmp_name']) as $key) {
+            $spec = [
+                'tmp_name' => $files['tmp_name'][$key],
+                'size'     => $files['size'][$key],
+                'error'    => $files['error'][$key],
+                'name'     => $files['name'][$key],
+                'type'     => $files['type'][$key],
+            ];
+            $normalizedFiles[$key] = self::createUploadedFileFromSpec($spec);
+        }
+
+        return $normalizedFiles;
+    }
+
+    /**
+     * Return a ServerRequest populated with superglobals:
+     * $_GET
+     * $_POST
+     * $_COOKIE
+     * $_FILES
+     * $_SERVER
+     */
+    public static function fromGlobals(): ServerRequestInterface
+    {
+        $method = $_SERVER['REQUEST_METHOD'] ?? 'GET';
+        $headers = getallheaders();
+        $uri = self::getUriFromGlobals();
+        $body = new CachingStream(new LazyOpenStream('php://input', 'r+'));
+        $protocol = isset($_SERVER['SERVER_PROTOCOL']) ? str_replace('HTTP/', '', $_SERVER['SERVER_PROTOCOL']) : '1.1';
+
+        $serverRequest = new ServerRequest($method, $uri, $headers, $body, $protocol, $_SERVER);
+
+        return $serverRequest
+            ->withCookieParams($_COOKIE)
+            ->withQueryParams($_GET)
+            ->withParsedBody($_POST)
+            ->withUploadedFiles(self::normalizeFiles($_FILES));
+    }
+
+    private static function extractHostAndPortFromAuthority(string $authority): array
+    {
+        $uri = 'http://' . $authority;
+        $parts = parse_url($uri);
+        if (false === $parts) {
+            return [null, null];
+        }
+
+        $host = $parts['host'] ?? null;
+        $port = $parts['port'] ?? null;
+
+        return [$host, $port];
+    }
+
+    /**
+     * Get a Uri populated with values from $_SERVER.
+     */
+    public static function getUriFromGlobals(): UriInterface
+    {
+        $uri = new Uri('');
+
+        $uri = $uri->withScheme(!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' ? 'https' : 'http');
+
+        $hasPort = false;
+        if (isset($_SERVER['HTTP_HOST'])) {
+            [$host, $port] = self::extractHostAndPortFromAuthority($_SERVER['HTTP_HOST']);
+            if ($host !== null) {
+                $uri = $uri->withHost($host);
+            }
+
+            if ($port !== null) {
+                $hasPort = true;
+                $uri = $uri->withPort($port);
+            }
+        } elseif (isset($_SERVER['SERVER_NAME'])) {
+            $uri = $uri->withHost($_SERVER['SERVER_NAME']);
+        } elseif (isset($_SERVER['SERVER_ADDR'])) {
+            $uri = $uri->withHost($_SERVER['SERVER_ADDR']);
+        }
+
+        if (!$hasPort && isset($_SERVER['SERVER_PORT'])) {
+            $uri = $uri->withPort($_SERVER['SERVER_PORT']);
+        }
+
+        $hasQuery = false;
+        if (isset($_SERVER['REQUEST_URI'])) {
+            $requestUriParts = explode('?', $_SERVER['REQUEST_URI'], 2);
+            $uri = $uri->withPath($requestUriParts[0]);
+            if (isset($requestUriParts[1])) {
+                $hasQuery = true;
+                $uri = $uri->withQuery($requestUriParts[1]);
+            }
+        }
+
+        if (!$hasQuery && isset($_SERVER['QUERY_STRING'])) {
+            $uri = $uri->withQuery($_SERVER['QUERY_STRING']);
+        }
+
+        return $uri;
+    }
+
+    public function getServerParams(): array
+    {
+        return $this->serverParams;
+    }
+
+    public function getUploadedFiles(): array
+    {
+        return $this->uploadedFiles;
+    }
+
+    public function withUploadedFiles(array $uploadedFiles): ServerRequestInterface
+    {
+        $new = clone $this;
+        $new->uploadedFiles = $uploadedFiles;
+
+        return $new;
+    }
+
+    public function getCookieParams(): array
+    {
+        return $this->cookieParams;
+    }
+
+    public function withCookieParams(array $cookies): ServerRequestInterface
+    {
+        $new = clone $this;
+        $new->cookieParams = $cookies;
+
+        return $new;
+    }
+
+    public function getQueryParams(): array
+    {
+        return $this->queryParams;
+    }
+
+    public function withQueryParams(array $query): ServerRequestInterface
+    {
+        $new = clone $this;
+        $new->queryParams = $query;
+
+        return $new;
+    }
+
+    /**
+     * {@inheritdoc}
+     *
+     * @return array|object|null
+     */
+    public function getParsedBody()
+    {
+        return $this->parsedBody;
+    }
+
+    public function withParsedBody($data): ServerRequestInterface
+    {
+        $new = clone $this;
+        $new->parsedBody = $data;
+
+        return $new;
+    }
+
+    public function getAttributes(): array
+    {
+        return $this->attributes;
+    }
+
+    /**
+     * {@inheritdoc}
+     *
+     * @return mixed
+     */
+    public function getAttribute($attribute, $default = null)
+    {
+        if (false === array_key_exists($attribute, $this->attributes)) {
+            return $default;
+        }
+
+        return $this->attributes[$attribute];
+    }
+
+    public function withAttribute($attribute, $value): ServerRequestInterface
+    {
+        $new = clone $this;
+        $new->attributes[$attribute] = $value;
+
+        return $new;
+    }
+
+    public function withoutAttribute($attribute): ServerRequestInterface
+    {
+        if (false === array_key_exists($attribute, $this->attributes)) {
+            return $this;
+        }
+
+        $new = clone $this;
+        unset($new->attributes[$attribute]);
+
+        return $new;
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Stream.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Stream.php
new file mode 100644
index 000000000..ecd31861e
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Stream.php
@@ -0,0 +1,282 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\StreamInterface;
+
+/**
+ * PHP stream implementation.
+ */
+class Stream implements StreamInterface
+{
+    /**
+     * @see http://php.net/manual/function.fopen.php
+     * @see http://php.net/manual/en/function.gzopen.php
+     */
+    private const READABLE_MODES = '/r|a\+|ab\+|w\+|wb\+|x\+|xb\+|c\+|cb\+/';
+    private const WRITABLE_MODES = '/a|w|r\+|rb\+|rw|x|c/';
+
+    /** @var resource */
+    private $stream;
+    /** @var int|null */
+    private $size;
+    /** @var bool */
+    private $seekable;
+    /** @var bool */
+    private $readable;
+    /** @var bool */
+    private $writable;
+    /** @var string|null */
+    private $uri;
+    /** @var mixed[] */
+    private $customMetadata;
+
+    /**
+     * This constructor accepts an associative array of options.
+     *
+     * - size: (int) If a read stream would otherwise have an indeterminate
+     *   size, but the size is known due to foreknowledge, then you can
+     *   provide that size, in bytes.
+     * - metadata: (array) Any additional metadata to return when the metadata
+     *   of the stream is accessed.
+     *
+     * @param resource                            $stream  Stream resource to wrap.
+     * @param array{size?: int, metadata?: array} $options Associative array of options.
+     *
+     * @throws \InvalidArgumentException if the stream is not a stream resource
+     */
+    public function __construct($stream, array $options = [])
+    {
+        if (!is_resource($stream)) {
+            throw new \InvalidArgumentException('Stream must be a resource');
+        }
+
+        if (isset($options['size'])) {
+            $this->size = $options['size'];
+        }
+
+        $this->customMetadata = $options['metadata'] ?? [];
+        $this->stream = $stream;
+        $meta = stream_get_meta_data($this->stream);
+        $this->seekable = $meta['seekable'];
+        $this->readable = (bool)preg_match(self::READABLE_MODES, $meta['mode']);
+        $this->writable = (bool)preg_match(self::WRITABLE_MODES, $meta['mode']);
+        $this->uri = $this->getMetadata('uri');
+    }
+
+    /**
+     * Closes the stream when the destructed
+     */
+    public function __destruct()
+    {
+        $this->close();
+    }
+
+    public function __toString(): string
+    {
+        try {
+            if ($this->isSeekable()) {
+                $this->seek(0);
+            }
+            return $this->getContents();
+        } catch (\Throwable $e) {
+            if (\PHP_VERSION_ID >= 70400) {
+                throw $e;
+            }
+            trigger_error(sprintf('%s::__toString exception: %s', self::class, (string) $e), E_USER_ERROR);
+            return '';
+        }
+    }
+
+    public function getContents(): string
+    {
+        if (!isset($this->stream)) {
+            throw new \RuntimeException('Stream is detached');
+        }
+
+        if (!$this->readable) {
+            throw new \RuntimeException('Cannot read from non-readable stream');
+        }
+
+        return Utils::tryGetContents($this->stream);
+    }
+
+    public function close(): void
+    {
+        if (isset($this->stream)) {
+            if (is_resource($this->stream)) {
+                fclose($this->stream);
+            }
+            $this->detach();
+        }
+    }
+
+    public function detach()
+    {
+        if (!isset($this->stream)) {
+            return null;
+        }
+
+        $result = $this->stream;
+        unset($this->stream);
+        $this->size = $this->uri = null;
+        $this->readable = $this->writable = $this->seekable = false;
+
+        return $result;
+    }
+
+    public function getSize(): ?int
+    {
+        if ($this->size !== null) {
+            return $this->size;
+        }
+
+        if (!isset($this->stream)) {
+            return null;
+        }
+
+        // Clear the stat cache if the stream has a URI
+        if ($this->uri) {
+            clearstatcache(true, $this->uri);
+        }
+
+        $stats = fstat($this->stream);
+        if (is_array($stats) && isset($stats['size'])) {
+            $this->size = $stats['size'];
+            return $this->size;
+        }
+
+        return null;
+    }
+
+    public function isReadable(): bool
+    {
+        return $this->readable;
+    }
+
+    public function isWritable(): bool
+    {
+        return $this->writable;
+    }
+
+    public function isSeekable(): bool
+    {
+        return $this->seekable;
+    }
+
+    public function eof(): bool
+    {
+        if (!isset($this->stream)) {
+            throw new \RuntimeException('Stream is detached');
+        }
+
+        return feof($this->stream);
+    }
+
+    public function tell(): int
+    {
+        if (!isset($this->stream)) {
+            throw new \RuntimeException('Stream is detached');
+        }
+
+        $result = ftell($this->stream);
+
+        if ($result === false) {
+            throw new \RuntimeException('Unable to determine stream position');
+        }
+
+        return $result;
+    }
+
+    public function rewind(): void
+    {
+        $this->seek(0);
+    }
+
+    public function seek($offset, $whence = SEEK_SET): void
+    {
+        $whence = (int) $whence;
+
+        if (!isset($this->stream)) {
+            throw new \RuntimeException('Stream is detached');
+        }
+        if (!$this->seekable) {
+            throw new \RuntimeException('Stream is not seekable');
+        }
+        if (fseek($this->stream, $offset, $whence) === -1) {
+            throw new \RuntimeException('Unable to seek to stream position '
+                . $offset . ' with whence ' . var_export($whence, true));
+        }
+    }
+
+    public function read($length): string
+    {
+        if (!isset($this->stream)) {
+            throw new \RuntimeException('Stream is detached');
+        }
+        if (!$this->readable) {
+            throw new \RuntimeException('Cannot read from non-readable stream');
+        }
+        if ($length < 0) {
+            throw new \RuntimeException('Length parameter cannot be negative');
+        }
+
+        if (0 === $length) {
+            return '';
+        }
+
+        try {
+            $string = fread($this->stream, $length);
+        } catch (\Exception $e) {
+            throw new \RuntimeException('Unable to read from stream', 0, $e);
+        }
+
+        if (false === $string) {
+            throw new \RuntimeException('Unable to read from stream');
+        }
+
+        return $string;
+    }
+
+    public function write($string): int
+    {
+        if (!isset($this->stream)) {
+            throw new \RuntimeException('Stream is detached');
+        }
+        if (!$this->writable) {
+            throw new \RuntimeException('Cannot write to a non-writable stream');
+        }
+
+        // We can't know the size after writing anything
+        $this->size = null;
+        $result = fwrite($this->stream, $string);
+
+        if ($result === false) {
+            throw new \RuntimeException('Unable to write to stream');
+        }
+
+        return $result;
+    }
+
+    /**
+     * {@inheritdoc}
+     *
+     * @return mixed
+     */
+    public function getMetadata($key = null)
+    {
+        if (!isset($this->stream)) {
+            return $key ? null : [];
+        } elseif (!$key) {
+            return $this->customMetadata + stream_get_meta_data($this->stream);
+        } elseif (isset($this->customMetadata[$key])) {
+            return $this->customMetadata[$key];
+        }
+
+        $meta = stream_get_meta_data($this->stream);
+
+        return $meta[$key] ?? null;
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/StreamDecoratorTrait.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/StreamDecoratorTrait.php
new file mode 100644
index 000000000..56d4104d4
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/StreamDecoratorTrait.php
@@ -0,0 +1,155 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\StreamInterface;
+
+/**
+ * Stream decorator trait
+ *
+ * @property StreamInterface $stream
+ */
+trait StreamDecoratorTrait
+{
+    /**
+     * @param StreamInterface $stream Stream to decorate
+     */
+    public function __construct(StreamInterface $stream)
+    {
+        $this->stream = $stream;
+    }
+
+    /**
+     * Magic method used to create a new stream if streams are not added in
+     * the constructor of a decorator (e.g., LazyOpenStream).
+     *
+     * @return StreamInterface
+     */
+    public function __get(string $name)
+    {
+        if ($name === 'stream') {
+            $this->stream = $this->createStream();
+            return $this->stream;
+        }
+
+        throw new \UnexpectedValueException("$name not found on class");
+    }
+
+    public function __toString(): string
+    {
+        try {
+            if ($this->isSeekable()) {
+                $this->seek(0);
+            }
+            return $this->getContents();
+        } catch (\Throwable $e) {
+            if (\PHP_VERSION_ID >= 70400) {
+                throw $e;
+            }
+            trigger_error(sprintf('%s::__toString exception: %s', self::class, (string) $e), E_USER_ERROR);
+            return '';
+        }
+    }
+
+    public function getContents(): string
+    {
+        return Utils::copyToString($this);
+    }
+
+    /**
+     * Allow decorators to implement custom methods
+     *
+     * @return mixed
+     */
+    public function __call(string $method, array $args)
+    {
+        /** @var callable $callable */
+        $callable = [$this->stream, $method];
+        $result = call_user_func_array($callable, $args);
+
+        // Always return the wrapped object if the result is a return $this
+        return $result === $this->stream ? $this : $result;
+    }
+
+    public function close(): void
+    {
+        $this->stream->close();
+    }
+
+    /**
+     * {@inheritdoc}
+     *
+     * @return mixed
+     */
+    public function getMetadata($key = null)
+    {
+        return $this->stream->getMetadata($key);
+    }
+
+    public function detach()
+    {
+        return $this->stream->detach();
+    }
+
+    public function getSize(): ?int
+    {
+        return $this->stream->getSize();
+    }
+
+    public function eof(): bool
+    {
+        return $this->stream->eof();
+    }
+
+    public function tell(): int
+    {
+        return $this->stream->tell();
+    }
+
+    public function isReadable(): bool
+    {
+        return $this->stream->isReadable();
+    }
+
+    public function isWritable(): bool
+    {
+        return $this->stream->isWritable();
+    }
+
+    public function isSeekable(): bool
+    {
+        return $this->stream->isSeekable();
+    }
+
+    public function rewind(): void
+    {
+        $this->seek(0);
+    }
+
+    public function seek($offset, $whence = SEEK_SET): void
+    {
+        $this->stream->seek($offset, $whence);
+    }
+
+    public function read($length): string
+    {
+        return $this->stream->read($length);
+    }
+
+    public function write($string): int
+    {
+        return $this->stream->write($string);
+    }
+
+    /**
+     * Implement in subclasses to dynamically create streams when requested.
+     *
+     * @throws \BadMethodCallException
+     */
+    protected function createStream(): StreamInterface
+    {
+        throw new \BadMethodCallException('Not implemented');
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/StreamWrapper.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/StreamWrapper.php
new file mode 100644
index 000000000..2a9346403
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/StreamWrapper.php
@@ -0,0 +1,175 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\StreamInterface;
+
+/**
+ * Converts Guzzle streams into PHP stream resources.
+ *
+ * @see https://www.php.net/streamwrapper
+ */
+final class StreamWrapper
+{
+    /** @var resource */
+    public $context;
+
+    /** @var StreamInterface */
+    private $stream;
+
+    /** @var string r, r+, or w */
+    private $mode;
+
+    /**
+     * Returns a resource representing the stream.
+     *
+     * @param StreamInterface $stream The stream to get a resource for
+     *
+     * @return resource
+     *
+     * @throws \InvalidArgumentException if stream is not readable or writable
+     */
+    public static function getResource(StreamInterface $stream)
+    {
+        self::register();
+
+        if ($stream->isReadable()) {
+            $mode = $stream->isWritable() ? 'r+' : 'r';
+        } elseif ($stream->isWritable()) {
+            $mode = 'w';
+        } else {
+            throw new \InvalidArgumentException('The stream must be readable, '
+                . 'writable, or both.');
+        }
+
+        return fopen('guzzle://stream', $mode, false, self::createStreamContext($stream));
+    }
+
+    /**
+     * Creates a stream context that can be used to open a stream as a php stream resource.
+     *
+     * @return resource
+     */
+    public static function createStreamContext(StreamInterface $stream)
+    {
+        return stream_context_create([
+            'guzzle' => ['stream' => $stream]
+        ]);
+    }
+
+    /**
+     * Registers the stream wrapper if needed
+     */
+    public static function register(): void
+    {
+        if (!in_array('guzzle', stream_get_wrappers())) {
+            stream_wrapper_register('guzzle', __CLASS__);
+        }
+    }
+
+    public function stream_open(string $path, string $mode, int $options, string &$opened_path = null): bool
+    {
+        $options = stream_context_get_options($this->context);
+
+        if (!isset($options['guzzle']['stream'])) {
+            return false;
+        }
+
+        $this->mode = $mode;
+        $this->stream = $options['guzzle']['stream'];
+
+        return true;
+    }
+
+    public function stream_read(int $count): string
+    {
+        return $this->stream->read($count);
+    }
+
+    public function stream_write(string $data): int
+    {
+        return $this->stream->write($data);
+    }
+
+    public function stream_tell(): int
+    {
+        return $this->stream->tell();
+    }
+
+    public function stream_eof(): bool
+    {
+        return $this->stream->eof();
+    }
+
+    public function stream_seek(int $offset, int $whence): bool
+    {
+        $this->stream->seek($offset, $whence);
+
+        return true;
+    }
+
+    /**
+     * @return resource|false
+     */
+    public function stream_cast(int $cast_as)
+    {
+        $stream = clone($this->stream);
+        $resource = $stream->detach();
+
+        return $resource ?? false;
+    }
+
+    /**
+     * @return array<int|string, int>
+     */
+    public function stream_stat(): array
+    {
+        static $modeMap = [
+            'r'  => 33060,
+            'rb' => 33060,
+            'r+' => 33206,
+            'w'  => 33188,
+            'wb' => 33188
+        ];
+
+        return [
+            'dev'     => 0,
+            'ino'     => 0,
+            'mode'    => $modeMap[$this->mode],
+            'nlink'   => 0,
+            'uid'     => 0,
+            'gid'     => 0,
+            'rdev'    => 0,
+            'size'    => $this->stream->getSize() ?: 0,
+            'atime'   => 0,
+            'mtime'   => 0,
+            'ctime'   => 0,
+            'blksize' => 0,
+            'blocks'  => 0
+        ];
+    }
+
+    /**
+     * @return array<int|string, int>
+     */
+    public function url_stat(string $path, int $flags): array
+    {
+        return [
+            'dev'     => 0,
+            'ino'     => 0,
+            'mode'    => 0,
+            'nlink'   => 0,
+            'uid'     => 0,
+            'gid'     => 0,
+            'rdev'    => 0,
+            'size'    => 0,
+            'atime'   => 0,
+            'mtime'   => 0,
+            'ctime'   => 0,
+            'blksize' => 0,
+            'blocks'  => 0
+        ];
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/UploadedFile.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/UploadedFile.php
new file mode 100644
index 000000000..b1521bcf8
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/UploadedFile.php
@@ -0,0 +1,211 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use InvalidArgumentException;
+use Psr\Http\Message\StreamInterface;
+use Psr\Http\Message\UploadedFileInterface;
+use RuntimeException;
+
+class UploadedFile implements UploadedFileInterface
+{
+    private const ERRORS = [
+        UPLOAD_ERR_OK,
+        UPLOAD_ERR_INI_SIZE,
+        UPLOAD_ERR_FORM_SIZE,
+        UPLOAD_ERR_PARTIAL,
+        UPLOAD_ERR_NO_FILE,
+        UPLOAD_ERR_NO_TMP_DIR,
+        UPLOAD_ERR_CANT_WRITE,
+        UPLOAD_ERR_EXTENSION,
+    ];
+
+    /**
+     * @var string|null
+     */
+    private $clientFilename;
+
+    /**
+     * @var string|null
+     */
+    private $clientMediaType;
+
+    /**
+     * @var int
+     */
+    private $error;
+
+    /**
+     * @var string|null
+     */
+    private $file;
+
+    /**
+     * @var bool
+     */
+    private $moved = false;
+
+    /**
+     * @var int|null
+     */
+    private $size;
+
+    /**
+     * @var StreamInterface|null
+     */
+    private $stream;
+
+    /**
+     * @param StreamInterface|string|resource $streamOrFile
+     */
+    public function __construct(
+        $streamOrFile,
+        ?int $size,
+        int $errorStatus,
+        string $clientFilename = null,
+        string $clientMediaType = null
+    ) {
+        $this->setError($errorStatus);
+        $this->size = $size;
+        $this->clientFilename = $clientFilename;
+        $this->clientMediaType = $clientMediaType;
+
+        if ($this->isOk()) {
+            $this->setStreamOrFile($streamOrFile);
+        }
+    }
+
+    /**
+     * Depending on the value set file or stream variable
+     *
+     * @param StreamInterface|string|resource $streamOrFile
+     *
+     * @throws InvalidArgumentException
+     */
+    private function setStreamOrFile($streamOrFile): void
+    {
+        if (is_string($streamOrFile)) {
+            $this->file = $streamOrFile;
+        } elseif (is_resource($streamOrFile)) {
+            $this->stream = new Stream($streamOrFile);
+        } elseif ($streamOrFile instanceof StreamInterface) {
+            $this->stream = $streamOrFile;
+        } else {
+            throw new InvalidArgumentException(
+                'Invalid stream or file provided for UploadedFile'
+            );
+        }
+    }
+
+    /**
+     * @throws InvalidArgumentException
+     */
+    private function setError(int $error): void
+    {
+        if (false === in_array($error, UploadedFile::ERRORS, true)) {
+            throw new InvalidArgumentException(
+                'Invalid error status for UploadedFile'
+            );
+        }
+
+        $this->error = $error;
+    }
+
+    private function isStringNotEmpty($param): bool
+    {
+        return is_string($param) && false === empty($param);
+    }
+
+    /**
+     * Return true if there is no upload error
+     */
+    private function isOk(): bool
+    {
+        return $this->error === UPLOAD_ERR_OK;
+    }
+
+    public function isMoved(): bool
+    {
+        return $this->moved;
+    }
+
+    /**
+     * @throws RuntimeException if is moved or not ok
+     */
+    private function validateActive(): void
+    {
+        if (false === $this->isOk()) {
+            throw new RuntimeException('Cannot retrieve stream due to upload error');
+        }
+
+        if ($this->isMoved()) {
+            throw new RuntimeException('Cannot retrieve stream after it has already been moved');
+        }
+    }
+
+    public function getStream(): StreamInterface
+    {
+        $this->validateActive();
+
+        if ($this->stream instanceof StreamInterface) {
+            return $this->stream;
+        }
+
+        /** @var string $file */
+        $file = $this->file;
+
+        return new LazyOpenStream($file, 'r+');
+    }
+
+    public function moveTo($targetPath): void
+    {
+        $this->validateActive();
+
+        if (false === $this->isStringNotEmpty($targetPath)) {
+            throw new InvalidArgumentException(
+                'Invalid path provided for move operation; must be a non-empty string'
+            );
+        }
+
+        if ($this->file) {
+            $this->moved = PHP_SAPI === 'cli'
+                ? rename($this->file, $targetPath)
+                : move_uploaded_file($this->file, $targetPath);
+        } else {
+            Utils::copyToStream(
+                $this->getStream(),
+                new LazyOpenStream($targetPath, 'w')
+            );
+
+            $this->moved = true;
+        }
+
+        if (false === $this->moved) {
+            throw new RuntimeException(
+                sprintf('Uploaded file could not be moved to %s', $targetPath)
+            );
+        }
+    }
+
+    public function getSize(): ?int
+    {
+        return $this->size;
+    }
+
+    public function getError(): int
+    {
+        return $this->error;
+    }
+
+    public function getClientFilename(): ?string
+    {
+        return $this->clientFilename;
+    }
+
+    public function getClientMediaType(): ?string
+    {
+        return $this->clientMediaType;
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Uri.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Uri.php
new file mode 100644
index 000000000..09e878d3d
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Uri.php
@@ -0,0 +1,740 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use GuzzleHttp\Psr7\Exception\MalformedUriException;
+use Psr\Http\Message\UriInterface;
+
+/**
+ * PSR-7 URI implementation.
+ *
+ * @author Michael Dowling
+ * @author Tobias Schultze
+ * @author Matthew Weier O'Phinney
+ */
+class Uri implements UriInterface, \JsonSerializable
+{
+    /**
+     * Absolute http and https URIs require a host per RFC 7230 Section 2.7
+     * but in generic URIs the host can be empty. So for http(s) URIs
+     * we apply this default host when no host is given yet to form a
+     * valid URI.
+     */
+    private const HTTP_DEFAULT_HOST = 'localhost';
+
+    private const DEFAULT_PORTS = [
+        'http'  => 80,
+        'https' => 443,
+        'ftp' => 21,
+        'gopher' => 70,
+        'nntp' => 119,
+        'news' => 119,
+        'telnet' => 23,
+        'tn3270' => 23,
+        'imap' => 143,
+        'pop' => 110,
+        'ldap' => 389,
+    ];
+
+    /**
+     * Unreserved characters for use in a regex.
+     *
+     * @link https://tools.ietf.org/html/rfc3986#section-2.3
+     */
+    private const CHAR_UNRESERVED = 'a-zA-Z0-9_\-\.~';
+
+    /**
+     * Sub-delims for use in a regex.
+     *
+     * @link https://tools.ietf.org/html/rfc3986#section-2.2
+     */
+    private const CHAR_SUB_DELIMS = '!\$&\'\(\)\*\+,;=';
+    private const QUERY_SEPARATORS_REPLACEMENT = ['=' => '%3D', '&' => '%26'];
+
+    /** @var string Uri scheme. */
+    private $scheme = '';
+
+    /** @var string Uri user info. */
+    private $userInfo = '';
+
+    /** @var string Uri host. */
+    private $host = '';
+
+    /** @var int|null Uri port. */
+    private $port;
+
+    /** @var string Uri path. */
+    private $path = '';
+
+    /** @var string Uri query string. */
+    private $query = '';
+
+    /** @var string Uri fragment. */
+    private $fragment = '';
+
+    /** @var string|null String representation */
+    private $composedComponents;
+
+    public function __construct(string $uri = '')
+    {
+        if ($uri !== '') {
+            $parts = self::parse($uri);
+            if ($parts === false) {
+                throw new MalformedUriException("Unable to parse URI: $uri");
+            }
+            $this->applyParts($parts);
+        }
+    }
+    /**
+     * UTF-8 aware \parse_url() replacement.
+     *
+     * The internal function produces broken output for non ASCII domain names
+     * (IDN) when used with locales other than "C".
+     *
+     * On the other hand, cURL understands IDN correctly only when UTF-8 locale
+     * is configured ("C.UTF-8", "en_US.UTF-8", etc.).
+     *
+     * @see https://bugs.php.net/bug.php?id=52923
+     * @see https://www.php.net/manual/en/function.parse-url.php#114817
+     * @see https://curl.haxx.se/libcurl/c/CURLOPT_URL.html#ENCODING
+     *
+     * @return array|false
+     */
+    private static function parse(string $url)
+    {
+        // If IPv6
+        $prefix = '';
+        if (preg_match('%^(.*://\[[0-9:a-f]+\])(.*?)$%', $url, $matches)) {
+            /** @var array{0:string, 1:string, 2:string} $matches */
+            $prefix = $matches[1];
+            $url = $matches[2];
+        }
+
+        /** @var string */
+        $encodedUrl = preg_replace_callback(
+            '%[^:/@?&=#]+%usD',
+            static function ($matches) {
+                return urlencode($matches[0]);
+            },
+            $url
+        );
+
+        $result = parse_url($prefix . $encodedUrl);
+
+        if ($result === false) {
+            return false;
+        }
+
+        return array_map('urldecode', $result);
+    }
+
+    public function __toString(): string
+    {
+        if ($this->composedComponents === null) {
+            $this->composedComponents = self::composeComponents(
+                $this->scheme,
+                $this->getAuthority(),
+                $this->path,
+                $this->query,
+                $this->fragment
+            );
+        }
+
+        return $this->composedComponents;
+    }
+
+    /**
+     * Composes a URI reference string from its various components.
+     *
+     * Usually this method does not need to be called manually but instead is used indirectly via
+     * `Psr\Http\Message\UriInterface::__toString`.
+     *
+     * PSR-7 UriInterface treats an empty component the same as a missing component as
+     * getQuery(), getFragment() etc. always return a string. This explains the slight
+     * difference to RFC 3986 Section 5.3.
+     *
+     * Another adjustment is that the authority separator is added even when the authority is missing/empty
+     * for the "file" scheme. This is because PHP stream functions like `file_get_contents` only work with
+     * `file:///myfile` but not with `file:/myfile` although they are equivalent according to RFC 3986. But
+     * `file:///` is the more common syntax for the file scheme anyway (Chrome for example redirects to
+     * that format).
+     *
+     * @link https://tools.ietf.org/html/rfc3986#section-5.3
+     */
+    public static function composeComponents(?string $scheme, ?string $authority, string $path, ?string $query, ?string $fragment): string
+    {
+        $uri = '';
+
+        // weak type checks to also accept null until we can add scalar type hints
+        if ($scheme != '') {
+            $uri .= $scheme . ':';
+        }
+
+        if ($authority != '' || $scheme === 'file') {
+            $uri .= '//' . $authority;
+        }
+
+        if ($authority != '' && $path != '' && $path[0] != '/') {
+            $path = '/' . $path;
+        }
+
+        $uri .= $path;
+
+        if ($query != '') {
+            $uri .= '?' . $query;
+        }
+
+        if ($fragment != '') {
+            $uri .= '#' . $fragment;
+        }
+
+        return $uri;
+    }
+
+    /**
+     * Whether the URI has the default port of the current scheme.
+     *
+     * `Psr\Http\Message\UriInterface::getPort` may return null or the standard port. This method can be used
+     * independently of the implementation.
+     */
+    public static function isDefaultPort(UriInterface $uri): bool
+    {
+        return $uri->getPort() === null
+            || (isset(self::DEFAULT_PORTS[$uri->getScheme()]) && $uri->getPort() === self::DEFAULT_PORTS[$uri->getScheme()]);
+    }
+
+    /**
+     * Whether the URI is absolute, i.e. it has a scheme.
+     *
+     * An instance of UriInterface can either be an absolute URI or a relative reference. This method returns true
+     * if it is the former. An absolute URI has a scheme. A relative reference is used to express a URI relative
+     * to another URI, the base URI. Relative references can be divided into several forms:
+     * - network-path references, e.g. '//example.com/path'
+     * - absolute-path references, e.g. '/path'
+     * - relative-path references, e.g. 'subpath'
+     *
+     * @see Uri::isNetworkPathReference
+     * @see Uri::isAbsolutePathReference
+     * @see Uri::isRelativePathReference
+     * @link https://tools.ietf.org/html/rfc3986#section-4
+     */
+    public static function isAbsolute(UriInterface $uri): bool
+    {
+        return $uri->getScheme() !== '';
+    }
+
+    /**
+     * Whether the URI is a network-path reference.
+     *
+     * A relative reference that begins with two slash characters is termed an network-path reference.
+     *
+     * @link https://tools.ietf.org/html/rfc3986#section-4.2
+     */
+    public static function isNetworkPathReference(UriInterface $uri): bool
+    {
+        return $uri->getScheme() === '' && $uri->getAuthority() !== '';
+    }
+
+    /**
+     * Whether the URI is a absolute-path reference.
+     *
+     * A relative reference that begins with a single slash character is termed an absolute-path reference.
+     *
+     * @link https://tools.ietf.org/html/rfc3986#section-4.2
+     */
+    public static function isAbsolutePathReference(UriInterface $uri): bool
+    {
+        return $uri->getScheme() === ''
+            && $uri->getAuthority() === ''
+            && isset($uri->getPath()[0])
+            && $uri->getPath()[0] === '/';
+    }
+
+    /**
+     * Whether the URI is a relative-path reference.
+     *
+     * A relative reference that does not begin with a slash character is termed a relative-path reference.
+     *
+     * @link https://tools.ietf.org/html/rfc3986#section-4.2
+     */
+    public static function isRelativePathReference(UriInterface $uri): bool
+    {
+        return $uri->getScheme() === ''
+            && $uri->getAuthority() === ''
+            && (!isset($uri->getPath()[0]) || $uri->getPath()[0] !== '/');
+    }
+
+    /**
+     * Whether the URI is a same-document reference.
+     *
+     * A same-document reference refers to a URI that is, aside from its fragment
+     * component, identical to the base URI. When no base URI is given, only an empty
+     * URI reference (apart from its fragment) is considered a same-document reference.
+     *
+     * @param UriInterface      $uri  The URI to check
+     * @param UriInterface|null $base An optional base URI to compare against
+     *
+     * @link https://tools.ietf.org/html/rfc3986#section-4.4
+     */
+    public static function isSameDocumentReference(UriInterface $uri, UriInterface $base = null): bool
+    {
+        if ($base !== null) {
+            $uri = UriResolver::resolve($base, $uri);
+
+            return ($uri->getScheme() === $base->getScheme())
+                && ($uri->getAuthority() === $base->getAuthority())
+                && ($uri->getPath() === $base->getPath())
+                && ($uri->getQuery() === $base->getQuery());
+        }
+
+        return $uri->getScheme() === '' && $uri->getAuthority() === '' && $uri->getPath() === '' && $uri->getQuery() === '';
+    }
+
+    /**
+     * Creates a new URI with a specific query string value removed.
+     *
+     * Any existing query string values that exactly match the provided key are
+     * removed.
+     *
+     * @param UriInterface $uri URI to use as a base.
+     * @param string       $key Query string key to remove.
+     */
+    public static function withoutQueryValue(UriInterface $uri, string $key): UriInterface
+    {
+        $result = self::getFilteredQueryString($uri, [$key]);
+
+        return $uri->withQuery(implode('&', $result));
+    }
+
+    /**
+     * Creates a new URI with a specific query string value.
+     *
+     * Any existing query string values that exactly match the provided key are
+     * removed and replaced with the given key value pair.
+     *
+     * A value of null will set the query string key without a value, e.g. "key"
+     * instead of "key=value".
+     *
+     * @param UriInterface $uri   URI to use as a base.
+     * @param string       $key   Key to set.
+     * @param string|null  $value Value to set
+     */
+    public static function withQueryValue(UriInterface $uri, string $key, ?string $value): UriInterface
+    {
+        $result = self::getFilteredQueryString($uri, [$key]);
+
+        $result[] = self::generateQueryString($key, $value);
+
+        return $uri->withQuery(implode('&', $result));
+    }
+
+    /**
+     * Creates a new URI with multiple specific query string values.
+     *
+     * It has the same behavior as withQueryValue() but for an associative array of key => value.
+     *
+     * @param UriInterface               $uri           URI to use as a base.
+     * @param array<string, string|null> $keyValueArray Associative array of key and values
+     */
+    public static function withQueryValues(UriInterface $uri, array $keyValueArray): UriInterface
+    {
+        $result = self::getFilteredQueryString($uri, array_keys($keyValueArray));
+
+        foreach ($keyValueArray as $key => $value) {
+            $result[] = self::generateQueryString((string) $key, $value !== null ? (string) $value : null);
+        }
+
+        return $uri->withQuery(implode('&', $result));
+    }
+
+    /**
+     * Creates a URI from a hash of `parse_url` components.
+     *
+     * @link http://php.net/manual/en/function.parse-url.php
+     *
+     * @throws MalformedUriException If the components do not form a valid URI.
+     */
+    public static function fromParts(array $parts): UriInterface
+    {
+        $uri = new self();
+        $uri->applyParts($parts);
+        $uri->validateState();
+
+        return $uri;
+    }
+
+    public function getScheme(): string
+    {
+        return $this->scheme;
+    }
+
+    public function getAuthority(): string
+    {
+        $authority = $this->host;
+        if ($this->userInfo !== '') {
+            $authority = $this->userInfo . '@' . $authority;
+        }
+
+        if ($this->port !== null) {
+            $authority .= ':' . $this->port;
+        }
+
+        return $authority;
+    }
+
+    public function getUserInfo(): string
+    {
+        return $this->userInfo;
+    }
+
+    public function getHost(): string
+    {
+        return $this->host;
+    }
+
+    public function getPort(): ?int
+    {
+        return $this->port;
+    }
+
+    public function getPath(): string
+    {
+        return $this->path;
+    }
+
+    public function getQuery(): string
+    {
+        return $this->query;
+    }
+
+    public function getFragment(): string
+    {
+        return $this->fragment;
+    }
+
+    public function withScheme($scheme): UriInterface
+    {
+        $scheme = $this->filterScheme($scheme);
+
+        if ($this->scheme === $scheme) {
+            return $this;
+        }
+
+        $new = clone $this;
+        $new->scheme = $scheme;
+        $new->composedComponents = null;
+        $new->removeDefaultPort();
+        $new->validateState();
+
+        return $new;
+    }
+
+    public function withUserInfo($user, $password = null): UriInterface
+    {
+        $info = $this->filterUserInfoComponent($user);
+        if ($password !== null) {
+            $info .= ':' . $this->filterUserInfoComponent($password);
+        }
+
+        if ($this->userInfo === $info) {
+            return $this;
+        }
+
+        $new = clone $this;
+        $new->userInfo = $info;
+        $new->composedComponents = null;
+        $new->validateState();
+
+        return $new;
+    }
+
+    public function withHost($host): UriInterface
+    {
+        $host = $this->filterHost($host);
+
+        if ($this->host === $host) {
+            return $this;
+        }
+
+        $new = clone $this;
+        $new->host = $host;
+        $new->composedComponents = null;
+        $new->validateState();
+
+        return $new;
+    }
+
+    public function withPort($port): UriInterface
+    {
+        $port = $this->filterPort($port);
+
+        if ($this->port === $port) {
+            return $this;
+        }
+
+        $new = clone $this;
+        $new->port = $port;
+        $new->composedComponents = null;
+        $new->removeDefaultPort();
+        $new->validateState();
+
+        return $new;
+    }
+
+    public function withPath($path): UriInterface
+    {
+        $path = $this->filterPath($path);
+
+        if ($this->path === $path) {
+            return $this;
+        }
+
+        $new = clone $this;
+        $new->path = $path;
+        $new->composedComponents = null;
+        $new->validateState();
+
+        return $new;
+    }
+
+    public function withQuery($query): UriInterface
+    {
+        $query = $this->filterQueryAndFragment($query);
+
+        if ($this->query === $query) {
+            return $this;
+        }
+
+        $new = clone $this;
+        $new->query = $query;
+        $new->composedComponents = null;
+
+        return $new;
+    }
+
+    public function withFragment($fragment): UriInterface
+    {
+        $fragment = $this->filterQueryAndFragment($fragment);
+
+        if ($this->fragment === $fragment) {
+            return $this;
+        }
+
+        $new = clone $this;
+        $new->fragment = $fragment;
+        $new->composedComponents = null;
+
+        return $new;
+    }
+
+    public function jsonSerialize(): string
+    {
+        return $this->__toString();
+    }
+
+    /**
+     * Apply parse_url parts to a URI.
+     *
+     * @param array $parts Array of parse_url parts to apply.
+     */
+    private function applyParts(array $parts): void
+    {
+        $this->scheme = isset($parts['scheme'])
+            ? $this->filterScheme($parts['scheme'])
+            : '';
+        $this->userInfo = isset($parts['user'])
+            ? $this->filterUserInfoComponent($parts['user'])
+            : '';
+        $this->host = isset($parts['host'])
+            ? $this->filterHost($parts['host'])
+            : '';
+        $this->port = isset($parts['port'])
+            ? $this->filterPort($parts['port'])
+            : null;
+        $this->path = isset($parts['path'])
+            ? $this->filterPath($parts['path'])
+            : '';
+        $this->query = isset($parts['query'])
+            ? $this->filterQueryAndFragment($parts['query'])
+            : '';
+        $this->fragment = isset($parts['fragment'])
+            ? $this->filterQueryAndFragment($parts['fragment'])
+            : '';
+        if (isset($parts['pass'])) {
+            $this->userInfo .= ':' . $this->filterUserInfoComponent($parts['pass']);
+        }
+
+        $this->removeDefaultPort();
+    }
+
+    /**
+     * @param mixed $scheme
+     *
+     * @throws \InvalidArgumentException If the scheme is invalid.
+     */
+    private function filterScheme($scheme): string
+    {
+        if (!is_string($scheme)) {
+            throw new \InvalidArgumentException('Scheme must be a string');
+        }
+
+        return \strtr($scheme, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz');
+    }
+
+    /**
+     * @param mixed $component
+     *
+     * @throws \InvalidArgumentException If the user info is invalid.
+     */
+    private function filterUserInfoComponent($component): string
+    {
+        if (!is_string($component)) {
+            throw new \InvalidArgumentException('User info must be a string');
+        }
+
+        return preg_replace_callback(
+            '/(?:[^%' . self::CHAR_UNRESERVED . self::CHAR_SUB_DELIMS . ']+|%(?![A-Fa-f0-9]{2}))/',
+            [$this, 'rawurlencodeMatchZero'],
+            $component
+        );
+    }
+
+    /**
+     * @param mixed $host
+     *
+     * @throws \InvalidArgumentException If the host is invalid.
+     */
+    private function filterHost($host): string
+    {
+        if (!is_string($host)) {
+            throw new \InvalidArgumentException('Host must be a string');
+        }
+
+        return \strtr($host, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz');
+    }
+
+    /**
+     * @param mixed $port
+     *
+     * @throws \InvalidArgumentException If the port is invalid.
+     */
+    private function filterPort($port): ?int
+    {
+        if ($port === null) {
+            return null;
+        }
+
+        $port = (int) $port;
+        if (0 > $port || 0xffff < $port) {
+            throw new \InvalidArgumentException(
+                sprintf('Invalid port: %d. Must be between 0 and 65535', $port)
+            );
+        }
+
+        return $port;
+    }
+
+    /**
+     * @param string[] $keys
+     *
+     * @return string[]
+     */
+    private static function getFilteredQueryString(UriInterface $uri, array $keys): array
+    {
+        $current = $uri->getQuery();
+
+        if ($current === '') {
+            return [];
+        }
+
+        $decodedKeys = array_map('rawurldecode', $keys);
+
+        return array_filter(explode('&', $current), function ($part) use ($decodedKeys) {
+            return !in_array(rawurldecode(explode('=', $part)[0]), $decodedKeys, true);
+        });
+    }
+
+    private static function generateQueryString(string $key, ?string $value): string
+    {
+        // Query string separators ("=", "&") within the key or value need to be encoded
+        // (while preventing double-encoding) before setting the query string. All other
+        // chars that need percent-encoding will be encoded by withQuery().
+        $queryString = strtr($key, self::QUERY_SEPARATORS_REPLACEMENT);
+
+        if ($value !== null) {
+            $queryString .= '=' . strtr($value, self::QUERY_SEPARATORS_REPLACEMENT);
+        }
+
+        return $queryString;
+    }
+
+    private function removeDefaultPort(): void
+    {
+        if ($this->port !== null && self::isDefaultPort($this)) {
+            $this->port = null;
+        }
+    }
+
+    /**
+     * Filters the path of a URI
+     *
+     * @param mixed $path
+     *
+     * @throws \InvalidArgumentException If the path is invalid.
+     */
+    private function filterPath($path): string
+    {
+        if (!is_string($path)) {
+            throw new \InvalidArgumentException('Path must be a string');
+        }
+
+        return preg_replace_callback(
+            '/(?:[^' . self::CHAR_UNRESERVED . self::CHAR_SUB_DELIMS . '%:@\/]++|%(?![A-Fa-f0-9]{2}))/',
+            [$this, 'rawurlencodeMatchZero'],
+            $path
+        );
+    }
+
+    /**
+     * Filters the query string or fragment of a URI.
+     *
+     * @param mixed $str
+     *
+     * @throws \InvalidArgumentException If the query or fragment is invalid.
+     */
+    private function filterQueryAndFragment($str): string
+    {
+        if (!is_string($str)) {
+            throw new \InvalidArgumentException('Query and fragment must be a string');
+        }
+
+        return preg_replace_callback(
+            '/(?:[^' . self::CHAR_UNRESERVED . self::CHAR_SUB_DELIMS . '%:@\/\?]++|%(?![A-Fa-f0-9]{2}))/',
+            [$this, 'rawurlencodeMatchZero'],
+            $str
+        );
+    }
+
+    private function rawurlencodeMatchZero(array $match): string
+    {
+        return rawurlencode($match[0]);
+    }
+
+    private function validateState(): void
+    {
+        if ($this->host === '' && ($this->scheme === 'http' || $this->scheme === 'https')) {
+            $this->host = self::HTTP_DEFAULT_HOST;
+        }
+
+        if ($this->getAuthority() === '') {
+            if (0 === strpos($this->path, '//')) {
+                throw new MalformedUriException('The path of a URI without an authority must not start with two slashes "//"');
+            }
+            if ($this->scheme === '' && false !== strpos(explode('/', $this->path, 2)[0], ':')) {
+                throw new MalformedUriException('A relative URI must not have a path beginning with a segment containing a colon');
+            }
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/UriComparator.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/UriComparator.php
new file mode 100644
index 000000000..70c582aa0
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/UriComparator.php
@@ -0,0 +1,52 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\UriInterface;
+
+/**
+ * Provides methods to determine if a modified URL should be considered cross-origin.
+ *
+ * @author Graham Campbell
+ */
+final class UriComparator
+{
+    /**
+     * Determines if a modified URL should be considered cross-origin with
+     * respect to an original URL.
+     */
+    public static function isCrossOrigin(UriInterface $original, UriInterface $modified): bool
+    {
+        if (\strcasecmp($original->getHost(), $modified->getHost()) !== 0) {
+            return true;
+        }
+
+        if ($original->getScheme() !== $modified->getScheme()) {
+            return true;
+        }
+
+        if (self::computePort($original) !== self::computePort($modified)) {
+            return true;
+        }
+
+        return false;
+    }
+
+    private static function computePort(UriInterface $uri): int
+    {
+        $port = $uri->getPort();
+
+        if (null !== $port) {
+            return $port;
+        }
+
+        return 'https' === $uri->getScheme() ? 443 : 80;
+    }
+
+    private function __construct()
+    {
+        // cannot be instantiated
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/UriNormalizer.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/UriNormalizer.php
new file mode 100644
index 000000000..e12971edd
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/UriNormalizer.php
@@ -0,0 +1,220 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\UriInterface;
+
+/**
+ * Provides methods to normalize and compare URIs.
+ *
+ * @author Tobias Schultze
+ *
+ * @link https://tools.ietf.org/html/rfc3986#section-6
+ */
+final class UriNormalizer
+{
+    /**
+     * Default normalizations which only include the ones that preserve semantics.
+     */
+    public const PRESERVING_NORMALIZATIONS =
+        self::CAPITALIZE_PERCENT_ENCODING |
+        self::DECODE_UNRESERVED_CHARACTERS |
+        self::CONVERT_EMPTY_PATH |
+        self::REMOVE_DEFAULT_HOST |
+        self::REMOVE_DEFAULT_PORT |
+        self::REMOVE_DOT_SEGMENTS;
+
+    /**
+     * All letters within a percent-encoding triplet (e.g., "%3A") are case-insensitive, and should be capitalized.
+     *
+     * Example: http://example.org/a%c2%b1b → http://example.org/a%C2%B1b
+     */
+    public const CAPITALIZE_PERCENT_ENCODING = 1;
+
+    /**
+     * Decodes percent-encoded octets of unreserved characters.
+     *
+     * For consistency, percent-encoded octets in the ranges of ALPHA (%41–%5A and %61–%7A), DIGIT (%30–%39),
+     * hyphen (%2D), period (%2E), underscore (%5F), or tilde (%7E) should not be created by URI producers and,
+     * when found in a URI, should be decoded to their corresponding unreserved characters by URI normalizers.
+     *
+     * Example: http://example.org/%7Eusern%61me/ → http://example.org/~username/
+     */
+    public const DECODE_UNRESERVED_CHARACTERS = 2;
+
+    /**
+     * Converts the empty path to "/" for http and https URIs.
+     *
+     * Example: http://example.org → http://example.org/
+     */
+    public const CONVERT_EMPTY_PATH = 4;
+
+    /**
+     * Removes the default host of the given URI scheme from the URI.
+     *
+     * Only the "file" scheme defines the default host "localhost".
+     * All of `file:/myfile`, `file:///myfile`, and `file://localhost/myfile`
+     * are equivalent according to RFC 3986. The first format is not accepted
+     * by PHPs stream functions and thus already normalized implicitly to the
+     * second format in the Uri class. See `GuzzleHttp\Psr7\Uri::composeComponents`.
+     *
+     * Example: file://localhost/myfile → file:///myfile
+     */
+    public const REMOVE_DEFAULT_HOST = 8;
+
+    /**
+     * Removes the default port of the given URI scheme from the URI.
+     *
+     * Example: http://example.org:80/ → http://example.org/
+     */
+    public const REMOVE_DEFAULT_PORT = 16;
+
+    /**
+     * Removes unnecessary dot-segments.
+     *
+     * Dot-segments in relative-path references are not removed as it would
+     * change the semantics of the URI reference.
+     *
+     * Example: http://example.org/../a/b/../c/./d.html → http://example.org/a/c/d.html
+     */
+    public const REMOVE_DOT_SEGMENTS = 32;
+
+    /**
+     * Paths which include two or more adjacent slashes are converted to one.
+     *
+     * Webservers usually ignore duplicate slashes and treat those URIs equivalent.
+     * But in theory those URIs do not need to be equivalent. So this normalization
+     * may change the semantics. Encoded slashes (%2F) are not removed.
+     *
+     * Example: http://example.org//foo///bar.html → http://example.org/foo/bar.html
+     */
+    public const REMOVE_DUPLICATE_SLASHES = 64;
+
+    /**
+     * Sort query parameters with their values in alphabetical order.
+     *
+     * However, the order of parameters in a URI may be significant (this is not defined by the standard).
+     * So this normalization is not safe and may change the semantics of the URI.
+     *
+     * Example: ?lang=en&article=fred → ?article=fred&lang=en
+     *
+     * Note: The sorting is neither locale nor Unicode aware (the URI query does not get decoded at all) as the
+     * purpose is to be able to compare URIs in a reproducible way, not to have the params sorted perfectly.
+     */
+    public const SORT_QUERY_PARAMETERS = 128;
+
+    /**
+     * Returns a normalized URI.
+     *
+     * The scheme and host component are already normalized to lowercase per PSR-7 UriInterface.
+     * This methods adds additional normalizations that can be configured with the $flags parameter.
+     *
+     * PSR-7 UriInterface cannot distinguish between an empty component and a missing component as
+     * getQuery(), getFragment() etc. always return a string. This means the URIs "/?#" and "/" are
+     * treated equivalent which is not necessarily true according to RFC 3986. But that difference
+     * is highly uncommon in reality. So this potential normalization is implied in PSR-7 as well.
+     *
+     * @param UriInterface $uri   The URI to normalize
+     * @param int          $flags A bitmask of normalizations to apply, see constants
+     *
+     * @link https://tools.ietf.org/html/rfc3986#section-6.2
+     */
+    public static function normalize(UriInterface $uri, int $flags = self::PRESERVING_NORMALIZATIONS): UriInterface
+    {
+        if ($flags & self::CAPITALIZE_PERCENT_ENCODING) {
+            $uri = self::capitalizePercentEncoding($uri);
+        }
+
+        if ($flags & self::DECODE_UNRESERVED_CHARACTERS) {
+            $uri = self::decodeUnreservedCharacters($uri);
+        }
+
+        if ($flags & self::CONVERT_EMPTY_PATH && $uri->getPath() === '' &&
+            ($uri->getScheme() === 'http' || $uri->getScheme() === 'https')
+        ) {
+            $uri = $uri->withPath('/');
+        }
+
+        if ($flags & self::REMOVE_DEFAULT_HOST && $uri->getScheme() === 'file' && $uri->getHost() === 'localhost') {
+            $uri = $uri->withHost('');
+        }
+
+        if ($flags & self::REMOVE_DEFAULT_PORT && $uri->getPort() !== null && Uri::isDefaultPort($uri)) {
+            $uri = $uri->withPort(null);
+        }
+
+        if ($flags & self::REMOVE_DOT_SEGMENTS && !Uri::isRelativePathReference($uri)) {
+            $uri = $uri->withPath(UriResolver::removeDotSegments($uri->getPath()));
+        }
+
+        if ($flags & self::REMOVE_DUPLICATE_SLASHES) {
+            $uri = $uri->withPath(preg_replace('#//++#', '/', $uri->getPath()));
+        }
+
+        if ($flags & self::SORT_QUERY_PARAMETERS && $uri->getQuery() !== '') {
+            $queryKeyValues = explode('&', $uri->getQuery());
+            sort($queryKeyValues);
+            $uri = $uri->withQuery(implode('&', $queryKeyValues));
+        }
+
+        return $uri;
+    }
+
+    /**
+     * Whether two URIs can be considered equivalent.
+     *
+     * Both URIs are normalized automatically before comparison with the given $normalizations bitmask. The method also
+     * accepts relative URI references and returns true when they are equivalent. This of course assumes they will be
+     * resolved against the same base URI. If this is not the case, determination of equivalence or difference of
+     * relative references does not mean anything.
+     *
+     * @param UriInterface $uri1           An URI to compare
+     * @param UriInterface $uri2           An URI to compare
+     * @param int          $normalizations A bitmask of normalizations to apply, see constants
+     *
+     * @link https://tools.ietf.org/html/rfc3986#section-6.1
+     */
+    public static function isEquivalent(UriInterface $uri1, UriInterface $uri2, int $normalizations = self::PRESERVING_NORMALIZATIONS): bool
+    {
+        return (string) self::normalize($uri1, $normalizations) === (string) self::normalize($uri2, $normalizations);
+    }
+
+    private static function capitalizePercentEncoding(UriInterface $uri): UriInterface
+    {
+        $regex = '/(?:%[A-Fa-f0-9]{2})++/';
+
+        $callback = function (array $match) {
+            return strtoupper($match[0]);
+        };
+
+        return
+            $uri->withPath(
+                preg_replace_callback($regex, $callback, $uri->getPath())
+            )->withQuery(
+                preg_replace_callback($regex, $callback, $uri->getQuery())
+            );
+    }
+
+    private static function decodeUnreservedCharacters(UriInterface $uri): UriInterface
+    {
+        $regex = '/%(?:2D|2E|5F|7E|3[0-9]|[46][1-9A-F]|[57][0-9A])/i';
+
+        $callback = function (array $match) {
+            return rawurldecode($match[0]);
+        };
+
+        return
+            $uri->withPath(
+                preg_replace_callback($regex, $callback, $uri->getPath())
+            )->withQuery(
+                preg_replace_callback($regex, $callback, $uri->getQuery())
+            );
+    }
+
+    private function __construct()
+    {
+        // cannot be instantiated
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/UriResolver.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/UriResolver.php
new file mode 100644
index 000000000..426e5c9ad
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/UriResolver.php
@@ -0,0 +1,211 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\UriInterface;
+
+/**
+ * Resolves a URI reference in the context of a base URI and the opposite way.
+ *
+ * @author Tobias Schultze
+ *
+ * @link https://tools.ietf.org/html/rfc3986#section-5
+ */
+final class UriResolver
+{
+    /**
+     * Removes dot segments from a path and returns the new path.
+     *
+     * @link http://tools.ietf.org/html/rfc3986#section-5.2.4
+     */
+    public static function removeDotSegments(string $path): string
+    {
+        if ($path === '' || $path === '/') {
+            return $path;
+        }
+
+        $results = [];
+        $segments = explode('/', $path);
+        foreach ($segments as $segment) {
+            if ($segment === '..') {
+                array_pop($results);
+            } elseif ($segment !== '.') {
+                $results[] = $segment;
+            }
+        }
+
+        $newPath = implode('/', $results);
+
+        if ($path[0] === '/' && (!isset($newPath[0]) || $newPath[0] !== '/')) {
+            // Re-add the leading slash if necessary for cases like "/.."
+            $newPath = '/' . $newPath;
+        } elseif ($newPath !== '' && ($segment === '.' || $segment === '..')) {
+            // Add the trailing slash if necessary
+            // If newPath is not empty, then $segment must be set and is the last segment from the foreach
+            $newPath .= '/';
+        }
+
+        return $newPath;
+    }
+
+    /**
+     * Converts the relative URI into a new URI that is resolved against the base URI.
+     *
+     * @link http://tools.ietf.org/html/rfc3986#section-5.2
+     */
+    public static function resolve(UriInterface $base, UriInterface $rel): UriInterface
+    {
+        if ((string) $rel === '') {
+            // we can simply return the same base URI instance for this same-document reference
+            return $base;
+        }
+
+        if ($rel->getScheme() != '') {
+            return $rel->withPath(self::removeDotSegments($rel->getPath()));
+        }
+
+        if ($rel->getAuthority() != '') {
+            $targetAuthority = $rel->getAuthority();
+            $targetPath = self::removeDotSegments($rel->getPath());
+            $targetQuery = $rel->getQuery();
+        } else {
+            $targetAuthority = $base->getAuthority();
+            if ($rel->getPath() === '') {
+                $targetPath = $base->getPath();
+                $targetQuery = $rel->getQuery() != '' ? $rel->getQuery() : $base->getQuery();
+            } else {
+                if ($rel->getPath()[0] === '/') {
+                    $targetPath = $rel->getPath();
+                } else {
+                    if ($targetAuthority != '' && $base->getPath() === '') {
+                        $targetPath = '/' . $rel->getPath();
+                    } else {
+                        $lastSlashPos = strrpos($base->getPath(), '/');
+                        if ($lastSlashPos === false) {
+                            $targetPath = $rel->getPath();
+                        } else {
+                            $targetPath = substr($base->getPath(), 0, $lastSlashPos + 1) . $rel->getPath();
+                        }
+                    }
+                }
+                $targetPath = self::removeDotSegments($targetPath);
+                $targetQuery = $rel->getQuery();
+            }
+        }
+
+        return new Uri(Uri::composeComponents(
+            $base->getScheme(),
+            $targetAuthority,
+            $targetPath,
+            $targetQuery,
+            $rel->getFragment()
+        ));
+    }
+
+    /**
+     * Returns the target URI as a relative reference from the base URI.
+     *
+     * This method is the counterpart to resolve():
+     *
+     *    (string) $target === (string) UriResolver::resolve($base, UriResolver::relativize($base, $target))
+     *
+     * One use-case is to use the current request URI as base URI and then generate relative links in your documents
+     * to reduce the document size or offer self-contained downloadable document archives.
+     *
+     *    $base = new Uri('http://example.com/a/b/');
+     *    echo UriResolver::relativize($base, new Uri('http://example.com/a/b/c'));  // prints 'c'.
+     *    echo UriResolver::relativize($base, new Uri('http://example.com/a/x/y'));  // prints '../x/y'.
+     *    echo UriResolver::relativize($base, new Uri('http://example.com/a/b/?q')); // prints '?q'.
+     *    echo UriResolver::relativize($base, new Uri('http://example.org/a/b/'));   // prints '//example.org/a/b/'.
+     *
+     * This method also accepts a target that is already relative and will try to relativize it further. Only a
+     * relative-path reference will be returned as-is.
+     *
+     *    echo UriResolver::relativize($base, new Uri('/a/b/c'));  // prints 'c' as well
+     */
+    public static function relativize(UriInterface $base, UriInterface $target): UriInterface
+    {
+        if ($target->getScheme() !== '' &&
+            ($base->getScheme() !== $target->getScheme() || $target->getAuthority() === '' && $base->getAuthority() !== '')
+        ) {
+            return $target;
+        }
+
+        if (Uri::isRelativePathReference($target)) {
+            // As the target is already highly relative we return it as-is. It would be possible to resolve
+            // the target with `$target = self::resolve($base, $target);` and then try make it more relative
+            // by removing a duplicate query. But let's not do that automatically.
+            return $target;
+        }
+
+        if ($target->getAuthority() !== '' && $base->getAuthority() !== $target->getAuthority()) {
+            return $target->withScheme('');
+        }
+
+        // We must remove the path before removing the authority because if the path starts with two slashes, the URI
+        // would turn invalid. And we also cannot set a relative path before removing the authority, as that is also
+        // invalid.
+        $emptyPathUri = $target->withScheme('')->withPath('')->withUserInfo('')->withPort(null)->withHost('');
+
+        if ($base->getPath() !== $target->getPath()) {
+            return $emptyPathUri->withPath(self::getRelativePath($base, $target));
+        }
+
+        if ($base->getQuery() === $target->getQuery()) {
+            // Only the target fragment is left. And it must be returned even if base and target fragment are the same.
+            return $emptyPathUri->withQuery('');
+        }
+
+        // If the base URI has a query but the target has none, we cannot return an empty path reference as it would
+        // inherit the base query component when resolving.
+        if ($target->getQuery() === '') {
+            $segments = explode('/', $target->getPath());
+            /** @var string $lastSegment */
+            $lastSegment = end($segments);
+
+            return $emptyPathUri->withPath($lastSegment === '' ? './' : $lastSegment);
+        }
+
+        return $emptyPathUri;
+    }
+
+    private static function getRelativePath(UriInterface $base, UriInterface $target): string
+    {
+        $sourceSegments = explode('/', $base->getPath());
+        $targetSegments = explode('/', $target->getPath());
+        array_pop($sourceSegments);
+        $targetLastSegment = array_pop($targetSegments);
+        foreach ($sourceSegments as $i => $segment) {
+            if (isset($targetSegments[$i]) && $segment === $targetSegments[$i]) {
+                unset($sourceSegments[$i], $targetSegments[$i]);
+            } else {
+                break;
+            }
+        }
+        $targetSegments[] = $targetLastSegment;
+        $relativePath = str_repeat('../', count($sourceSegments)) . implode('/', $targetSegments);
+
+        // A reference to am empty last segment or an empty first sub-segment must be prefixed with "./".
+        // This also applies to a segment with a colon character (e.g., "file:colon") that cannot be used
+        // as the first segment of a relative-path reference, as it would be mistaken for a scheme name.
+        if ('' === $relativePath || false !== strpos(explode('/', $relativePath, 2)[0], ':')) {
+            $relativePath = "./$relativePath";
+        } elseif ('/' === $relativePath[0]) {
+            if ($base->getAuthority() != '' && $base->getPath() === '') {
+                // In this case an extra slash is added by resolve() automatically. So we must not add one here.
+                $relativePath = ".$relativePath";
+            } else {
+                $relativePath = "./$relativePath";
+            }
+        }
+
+        return $relativePath;
+    }
+
+    private function __construct()
+    {
+        // cannot be instantiated
+    }
+}
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Utils.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Utils.php
new file mode 100644
index 000000000..3a4cf3946
--- /dev/null
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Utils.php
@@ -0,0 +1,459 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Message\StreamInterface;
+use Psr\Http\Message\UriInterface;
+
+final class Utils
+{
+    /**
+     * Remove the items given by the keys, case insensitively from the data.
+     *
+     * @param string[] $keys
+     */
+    public static function caselessRemove(array $keys, array $data): array
+    {
+        $result = [];
+
+        foreach ($keys as &$key) {
+            $key = strtolower($key);
+        }
+
+        foreach ($data as $k => $v) {
+            if (!is_string($k) || !in_array(strtolower($k), $keys)) {
+                $result[$k] = $v;
+            }
+        }
+
+        return $result;
+    }
+
+    /**
+     * Copy the contents of a stream into another stream until the given number
+     * of bytes have been read.
+     *
+     * @param StreamInterface $source Stream to read from
+     * @param StreamInterface $dest   Stream to write to
+     * @param int             $maxLen Maximum number of bytes to read. Pass -1
+     *                                to read the entire stream.
+     *
+     * @throws \RuntimeException on error.
+     */
+    public static function copyToStream(StreamInterface $source, StreamInterface $dest, int $maxLen = -1): void
+    {
+        $bufferSize = 8192;
+
+        if ($maxLen === -1) {
+            while (!$source->eof()) {
+                if (!$dest->write($source->read($bufferSize))) {
+                    break;
+                }
+            }
+        } else {
+            $remaining = $maxLen;
+            while ($remaining > 0 && !$source->eof()) {
+                $buf = $source->read(min($bufferSize, $remaining));
+                $len = strlen($buf);
+                if (!$len) {
+                    break;
+                }
+                $remaining -= $len;
+                $dest->write($buf);
+            }
+        }
+    }
+
+    /**
+     * Copy the contents of a stream into a string until the given number of
+     * bytes have been read.
+     *
+     * @param StreamInterface $stream Stream to read
+     * @param int             $maxLen Maximum number of bytes to read. Pass -1
+     *                                to read the entire stream.
+     *
+     * @throws \RuntimeException on error.
+     */
+    public static function copyToString(StreamInterface $stream, int $maxLen = -1): string
+    {
+        $buffer = '';
+
+        if ($maxLen === -1) {
+            while (!$stream->eof()) {
+                $buf = $stream->read(1048576);
+                if ($buf === '') {
+                    break;
+                }
+                $buffer .= $buf;
+            }
+            return $buffer;
+        }
+
+        $len = 0;
+        while (!$stream->eof() && $len < $maxLen) {
+            $buf = $stream->read($maxLen - $len);
+            if ($buf === '') {
+                break;
+            }
+            $buffer .= $buf;
+            $len = strlen($buffer);
+        }
+
+        return $buffer;
+    }
+
+    /**
+     * Calculate a hash of a stream.
+     *
+     * This method reads the entire stream to calculate a rolling hash, based
+     * on PHP's `hash_init` functions.
+     *
+     * @param StreamInterface $stream    Stream to calculate the hash for
+     * @param string          $algo      Hash algorithm (e.g. md5, crc32, etc)
+     * @param bool            $rawOutput Whether or not to use raw output
+     *
+     * @throws \RuntimeException on error.
+     */
+    public static function hash(StreamInterface $stream, string $algo, bool $rawOutput = false): string
+    {
+        $pos = $stream->tell();
+
+        if ($pos > 0) {
+            $stream->rewind();
+        }
+
+        $ctx = hash_init($algo);
+        while (!$stream->eof()) {
+            hash_update($ctx, $stream->read(1048576));
+        }
+
+        $out = hash_final($ctx, $rawOutput);
+        $stream->seek($pos);
+
+        return $out;
+    }
+
+    /**
+     * Clone and modify a request with the given changes.
+     *
+     * This method is useful for reducing the number of clones needed to mutate
+     * a message.
+     *
+     * The changes can be one of:
+     * - method: (string) Changes the HTTP method.
+     * - set_headers: (array) Sets the given headers.
+     * - remove_headers: (array) Remove the given headers.
+     * - body: (mixed) Sets the given body.
+     * - uri: (UriInterface) Set the URI.
+     * - query: (string) Set the query string value of the URI.
+     * - version: (string) Set the protocol version.
+     *
+     * @param RequestInterface $request Request to clone and modify.
+     * @param array            $changes Changes to apply.
+     */
+    public static function modifyRequest(RequestInterface $request, array $changes): RequestInterface
+    {
+        if (!$changes) {
+            return $request;
+        }
+
+        $headers = $request->getHeaders();
+
+        if (!isset($changes['uri'])) {
+            $uri = $request->getUri();
+        } else {
+            // Remove the host header if one is on the URI
+            if ($host = $changes['uri']->getHost()) {
+                $changes['set_headers']['Host'] = $host;
+
+                if ($port = $changes['uri']->getPort()) {
+                    $standardPorts = ['http' => 80, 'https' => 443];
+                    $scheme = $changes['uri']->getScheme();
+                    if (isset($standardPorts[$scheme]) && $port != $standardPorts[$scheme]) {
+                        $changes['set_headers']['Host'] .= ':' . $port;
+                    }
+                }
+            }
+            $uri = $changes['uri'];
+        }
+
+        if (!empty($changes['remove_headers'])) {
+            $headers = self::caselessRemove($changes['remove_headers'], $headers);
+        }
+
+        if (!empty($changes['set_headers'])) {
+            $headers = self::caselessRemove(array_keys($changes['set_headers']), $headers);
+            $headers = $changes['set_headers'] + $headers;
+        }
+
+        if (isset($changes['query'])) {
+            $uri = $uri->withQuery($changes['query']);
+        }
+
+        if ($request instanceof ServerRequestInterface) {
+            $new = (new ServerRequest(
+                $changes['method'] ?? $request->getMethod(),
+                $uri,
+                $headers,
+                $changes['body'] ?? $request->getBody(),
+                $changes['version'] ?? $request->getProtocolVersion(),
+                $request->getServerParams()
+            ))
+            ->withParsedBody($request->getParsedBody())
+            ->withQueryParams($request->getQueryParams())
+            ->withCookieParams($request->getCookieParams())
+            ->withUploadedFiles($request->getUploadedFiles());
+
+            foreach ($request->getAttributes() as $key => $value) {
+                $new = $new->withAttribute($key, $value);
+            }
+
+            return $new;
+        }
+
+        return new Request(
+            $changes['method'] ?? $request->getMethod(),
+            $uri,
+            $headers,
+            $changes['body'] ?? $request->getBody(),
+            $changes['version'] ?? $request->getProtocolVersion()
+        );
+    }
+
+    /**
+     * Read a line from the stream up to the maximum allowed buffer length.
+     *
+     * @param StreamInterface $stream    Stream to read from
+     * @param int|null        $maxLength Maximum buffer length
+     */
+    public static function readLine(StreamInterface $stream, ?int $maxLength = null): string
+    {
+        $buffer = '';
+        $size = 0;
+
+        while (!$stream->eof()) {
+            if ('' === ($byte = $stream->read(1))) {
+                return $buffer;
+            }
+            $buffer .= $byte;
+            // Break when a new line is found or the max length - 1 is reached
+            if ($byte === "\n" || ++$size === $maxLength - 1) {
+                break;
+            }
+        }
+
+        return $buffer;
+    }
+
+    /**
+     * Create a new stream based on the input type.
+     *
+     * Options is an associative array that can contain the following keys:
+     * - metadata: Array of custom metadata.
+     * - size: Size of the stream.
+     *
+     * This method accepts the following `$resource` types:
+     * - `Psr\Http\Message\StreamInterface`: Returns the value as-is.
+     * - `string`: Creates a stream object that uses the given string as the contents.
+     * - `resource`: Creates a stream object that wraps the given PHP stream resource.
+     * - `Iterator`: If the provided value implements `Iterator`, then a read-only
+     *   stream object will be created that wraps the given iterable. Each time the
+     *   stream is read from, data from the iterator will fill a buffer and will be
+     *   continuously called until the buffer is equal to the requested read size.
+     *   Subsequent read calls will first read from the buffer and then call `next`
+     *   on the underlying iterator until it is exhausted.
+     * - `object` with `__toString()`: If the object has the `__toString()` method,
+     *   the object will be cast to a string and then a stream will be returned that
+     *   uses the string value.
+     * - `NULL`: When `null` is passed, an empty stream object is returned.
+     * - `callable` When a callable is passed, a read-only stream object will be
+     *   created that invokes the given callable. The callable is invoked with the
+     *   number of suggested bytes to read. The callable can return any number of
+     *   bytes, but MUST return `false` when there is no more data to return. The
+     *   stream object that wraps the callable will invoke the callable until the
+     *   number of requested bytes are available. Any additional bytes will be
+     *   buffered and used in subsequent reads.
+     *
+     * @param resource|string|int|float|bool|StreamInterface|callable|\Iterator|null $resource Entity body data
+     * @param array{size?: int, metadata?: array}                                    $options  Additional options
+     *
+     * @throws \InvalidArgumentException if the $resource arg is not valid.
+     */
+    public static function streamFor($resource = '', array $options = []): StreamInterface
+    {
+        if (is_scalar($resource)) {
+            $stream = self::tryFopen('php://temp', 'r+');
+            if ($resource !== '') {
+                fwrite($stream, (string) $resource);
+                fseek($stream, 0);
+            }
+            return new Stream($stream, $options);
+        }
+
+        switch (gettype($resource)) {
+            case 'resource':
+                /*
+                 * The 'php://input' is a special stream with quirks and inconsistencies.
+                 * We avoid using that stream by reading it into php://temp
+                 */
+
+                /** @var resource $resource */
+                if ((\stream_get_meta_data($resource)['uri'] ?? '') === 'php://input') {
+                    $stream = self::tryFopen('php://temp', 'w+');
+                    stream_copy_to_stream($resource, $stream);
+                    fseek($stream, 0);
+                    $resource = $stream;
+                }
+                return new Stream($resource, $options);
+            case 'object':
+                /** @var object $resource */
+                if ($resource instanceof StreamInterface) {
+                    return $resource;
+                } elseif ($resource instanceof \Iterator) {
+                    return new PumpStream(function () use ($resource) {
+                        if (!$resource->valid()) {
+                            return false;
+                        }
+                        $result = $resource->current();
+                        $resource->next();
+                        return $result;
+                    }, $options);
+                } elseif (method_exists($resource, '__toString')) {
+                    return self::streamFor((string) $resource, $options);
+                }
+                break;
+            case 'NULL':
+                return new Stream(self::tryFopen('php://temp', 'r+'), $options);
+        }
+
+        if (is_callable($resource)) {
+            return new PumpStream($resource, $options);
+        }
+
+        throw new \InvalidArgumentException('Invalid resource type: ' . gettype($resource));
+    }
+
+    /**
+     * Safely opens a PHP stream resource using a filename.
+     *
+     * When fopen fails, PHP normally raises a warning. This function adds an
+     * error handler that checks for errors and throws an exception instead.
+     *
+     * @param string $filename File to open
+     * @param string $mode     Mode used to open the file
+     *
+     * @return resource
+     *
+     * @throws \RuntimeException if the file cannot be opened
+     */
+    public static function tryFopen(string $filename, string $mode)
+    {
+        $ex = null;
+        set_error_handler(static function (int $errno, string $errstr) use ($filename, $mode, &$ex): bool {
+            $ex = new \RuntimeException(sprintf(
+                'Unable to open "%s" using mode "%s": %s',
+                $filename,
+                $mode,
+                $errstr
+            ));
+
+            return true;
+        });
+
+        try {
+            /** @var resource $handle */
+            $handle = fopen($filename, $mode);
+        } catch (\Throwable $e) {
+            $ex = new \RuntimeException(sprintf(
+                'Unable to open "%s" using mode "%s": %s',
+                $filename,
+                $mode,
+                $e->getMessage()
+            ), 0, $e);
+        }
+
+        restore_error_handler();
+
+        if ($ex) {
+            /** @var $ex \RuntimeException */
+            throw $ex;
+        }
+
+        return $handle;
+    }
+
+    /**
+     * Safely gets the contents of a given stream.
+     *
+     * When stream_get_contents fails, PHP normally raises a warning. This
+     * function adds an error handler that checks for errors and throws an
+     * exception instead.
+     *
+     * @param resource $stream
+     *
+     * @throws \RuntimeException if the stream cannot be read
+     */
+    public static function tryGetContents($stream): string
+    {
+        $ex = null;
+        set_error_handler(static function (int $errno, string $errstr) use (&$ex): bool {
+            $ex = new \RuntimeException(sprintf(
+                'Unable to read stream contents: %s',
+                $errstr
+            ));
+
+            return true;
+        });
+
+        try {
+            /** @var string|false $contents */
+            $contents = stream_get_contents($stream);
+
+            if ($contents === false) {
+                $ex = new \RuntimeException('Unable to read stream contents');
+            }
+        } catch (\Throwable $e) {
+            $ex = new \RuntimeException(sprintf(
+                'Unable to read stream contents: %s',
+                $e->getMessage()
+            ), 0, $e);
+        }
+
+        restore_error_handler();
+
+        if ($ex) {
+            /** @var $ex \RuntimeException */
+            throw $ex;
+        }
+
+        return $contents;
+    }
+
+    /**
+     * Returns a UriInterface for the given value.
+     *
+     * This function accepts a string or UriInterface and returns a
+     * UriInterface for the given value. If the value is already a
+     * UriInterface, it is returned as-is.
+     *
+     * @param string|UriInterface $uri
+     *
+     * @throws \InvalidArgumentException
+     */
+    public static function uriFor($uri): UriInterface
+    {
+        if ($uri instanceof UriInterface) {
+            return $uri;
+        }
+
+        if (is_string($uri)) {
+            return new Uri($uri);
+        }
+
+        throw new \InvalidArgumentException('URI must be a string or UriInterface');
+    }
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/LICENSE b/data/web/inc/lib/vendor/league/oauth2-client/LICENSE
new file mode 100644
index 000000000..7dfa39b7c
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2013-2020 Alex Bilbie <hello@alexbilbie.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/README.md b/data/web/inc/lib/vendor/league/oauth2-client/README.md
new file mode 100644
index 000000000..f35d53e8a
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/README.md
@@ -0,0 +1,58 @@
+# OAuth 2.0 Client
+
+This package provides a base for integrating with [OAuth 2.0](http://oauth.net/2/) service providers.
+
+[![Gitter Chat](https://img.shields.io/badge/gitter-join_chat-brightgreen.svg?style=flat-square)](https://gitter.im/thephpleague/oauth2-client)
+[![Source Code](https://img.shields.io/badge/source-thephpleague/oauth2--client-blue.svg?style=flat-square)](https://github.com/thephpleague/oauth2-client)
+[![Latest Version](https://img.shields.io/github/release/thephpleague/oauth2-client.svg?style=flat-square)](https://github.com/thephpleague/oauth2-client/releases)
+[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](https://github.com/thephpleague/oauth2-client/blob/master/LICENSE)
+[![Build Status](https://img.shields.io/github/workflow/status/thephpleague/oauth2-client/CI?label=CI&logo=github&style=flat-square)](https://github.com/thephpleague/oauth2-client/actions?query=workflow%3ACI)
+[![Codecov Code Coverage](https://img.shields.io/codecov/c/gh/thephpleague/oauth2-client?label=codecov&logo=codecov&style=flat-square)](https://codecov.io/gh/thephpleague/oauth2-client)
+[![Total Downloads](https://img.shields.io/packagist/dt/league/oauth2-client.svg?style=flat-square)](https://packagist.org/packages/league/oauth2-client)
+
+---
+
+The OAuth 2.0 login flow, seen commonly around the web in the form of "Connect with Facebook/Google/etc." buttons, is a common integration added to web applications, but it can be tricky and tedious to do right. To help, we've created the `league/oauth2-client` package, which provides a base for integrating with various OAuth 2.0 providers, without overburdening your application with the concerns of [RFC 6749](http://tools.ietf.org/html/rfc6749).
+
+This OAuth 2.0 client library will work with any OAuth 2.0 provider that conforms to the OAuth 2.0 Authorization Framework. Out-of-the-box, we provide a `GenericProvider` class to connect to any service provider that uses [Bearer tokens](http://tools.ietf.org/html/rfc6750). See our [basic usage guide](https://oauth2-client.thephpleague.com/usage/) for examples using `GenericProvider`.
+
+Many service providers provide additional functionality above and beyond the OAuth 2.0 specification. For this reason, you may extend and wrap this library to support additional behavior. There are already many [official](https://oauth2-client.thephpleague.com/providers/league/) and [third-party](https://oauth2-client.thephpleague.com/providers/thirdparty/) provider clients available (e.g., Facebook, GitHub, Google, Instagram, LinkedIn, etc.). If your provider isn't in the list, feel free to add it.
+
+This package is compliant with [PSR-1][], [PSR-2][], [PSR-4][], and [PSR-7][]. If you notice compliance oversights, please send a patch via pull request. If you're interested in contributing to this library, please take a look at our [contributing guidelines](https://github.com/thephpleague/oauth2-client/blob/master/CONTRIBUTING.md).
+
+## Requirements
+
+We support the following versions of PHP:
+
+* PHP 8.1
+* PHP 8.0
+* PHP 7.4
+* PHP 7.3
+* PHP 7.2
+* PHP 7.1
+* PHP 7.0
+* PHP 5.6
+
+## Provider Clients
+
+We provide a list of [official PHP League provider clients](https://oauth2-client.thephpleague.com/providers/league/), as well as [third-party provider clients](https://oauth2-client.thephpleague.com/providers/thirdparty/).
+
+To build your own provider client, please refer to "[Implementing a Provider Client](https://oauth2-client.thephpleague.com/providers/implementing/)."
+
+## Usage
+
+For usage and code examples, check out our [basic usage guide](https://oauth2-client.thephpleague.com/usage/).
+
+## Contributing
+
+Please see [our contributing guidelines](https://github.com/thephpleague/oauth2-client/blob/master/CONTRIBUTING.md) for details.
+
+## License
+
+The MIT License (MIT). Please see [LICENSE](https://github.com/thephpleague/oauth2-client/blob/master/LICENSE) for more information.
+
+
+[PSR-1]: https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-1-basic-coding-standard.md
+[PSR-2]: https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md
+[PSR-4]: https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-4-autoloader.md
+[PSR-7]: https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-7-http-message.md
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/composer.json b/data/web/inc/lib/vendor/league/oauth2-client/composer.json
new file mode 100644
index 000000000..59201f48f
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/composer.json
@@ -0,0 +1,58 @@
+{
+    "name": "league/oauth2-client",
+    "description": "OAuth 2.0 Client Library",
+    "license": "MIT",
+    "config": {
+        "sort-packages": true
+    },
+    "require": {
+        "php": "^5.6 || ^7.0 || ^8.0",
+        "guzzlehttp/guzzle": "^6.0 || ^7.0",
+        "paragonie/random_compat": "^1 || ^2 || ^9.99"
+    },
+    "require-dev": {
+        "mockery/mockery": "^1.3.5",
+        "php-parallel-lint/php-parallel-lint": "^1.3.1",
+        "phpunit/phpunit": "^5.7 || ^6.0 || ^9.5",
+        "squizlabs/php_codesniffer": "^2.3 || ^3.0"
+    },
+    "keywords": [
+        "oauth",
+        "oauth2",
+        "authorization",
+        "authentication",
+        "idp",
+        "identity",
+        "sso",
+        "single sign on"
+    ],
+    "authors": [
+        {
+            "name": "Alex Bilbie",
+            "email": "hello@alexbilbie.com",
+            "homepage": "http://www.alexbilbie.com",
+            "role": "Developer"
+        },
+        {
+            "name": "Woody Gilk",
+            "homepage": "https://github.com/shadowhand",
+            "role": "Contributor"
+        }
+
+    ],
+    "autoload": {
+        "psr-4": {
+            "League\\OAuth2\\Client\\": "src/"
+        }
+    },
+    "autoload-dev": {
+        "psr-4": {
+            "League\\OAuth2\\Client\\Test\\": "test/src/"
+        }
+    },
+    "extra": {
+        "branch-alias": {
+            "dev-2.x": "2.0.x-dev"
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Grant/AbstractGrant.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Grant/AbstractGrant.php
new file mode 100644
index 000000000..2c0244ba3
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Grant/AbstractGrant.php
@@ -0,0 +1,80 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\Grant;
+
+use League\OAuth2\Client\Tool\RequiredParameterTrait;
+
+/**
+ * Represents a type of authorization grant.
+ *
+ * An authorization grant is a credential representing the resource
+ * owner's authorization (to access its protected resources) used by the
+ * client to obtain an access token.  OAuth 2.0 defines four
+ * grant types -- authorization code, implicit, resource owner password
+ * credentials, and client credentials -- as well as an extensibility
+ * mechanism for defining additional types.
+ *
+ * @link http://tools.ietf.org/html/rfc6749#section-1.3 Authorization Grant (RFC 6749, §1.3)
+ */
+abstract class AbstractGrant
+{
+    use RequiredParameterTrait;
+
+    /**
+     * Returns the name of this grant, eg. 'grant_name', which is used as the
+     * grant type when encoding URL query parameters.
+     *
+     * @return string
+     */
+    abstract protected function getName();
+
+    /**
+     * Returns a list of all required request parameters.
+     *
+     * @return array
+     */
+    abstract protected function getRequiredRequestParameters();
+
+    /**
+     * Returns this grant's name as its string representation. This allows for
+     * string interpolation when building URL query parameters.
+     *
+     * @return string
+     */
+    public function __toString()
+    {
+        return $this->getName();
+    }
+
+    /**
+     * Prepares an access token request's parameters by checking that all
+     * required parameters are set, then merging with any given defaults.
+     *
+     * @param  array $defaults
+     * @param  array $options
+     * @return array
+     */
+    public function prepareRequestParameters(array $defaults, array $options)
+    {
+        $defaults['grant_type'] = $this->getName();
+
+        $required = $this->getRequiredRequestParameters();
+        $provided = array_merge($defaults, $options);
+
+        $this->checkRequiredParameters($required, $provided);
+
+        return $provided;
+    }
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Grant/AuthorizationCode.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Grant/AuthorizationCode.php
new file mode 100644
index 000000000..c49460c02
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Grant/AuthorizationCode.php
@@ -0,0 +1,41 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\Grant;
+
+/**
+ * Represents an authorization code grant.
+ *
+ * @link http://tools.ietf.org/html/rfc6749#section-1.3.1 Authorization Code (RFC 6749, §1.3.1)
+ */
+class AuthorizationCode extends AbstractGrant
+{
+    /**
+     * @inheritdoc
+     */
+    protected function getName()
+    {
+        return 'authorization_code';
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected function getRequiredRequestParameters()
+    {
+        return [
+            'code',
+        ];
+    }
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Grant/ClientCredentials.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Grant/ClientCredentials.php
new file mode 100644
index 000000000..dc78c4fda
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Grant/ClientCredentials.php
@@ -0,0 +1,39 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\Grant;
+
+/**
+ * Represents a client credentials grant.
+ *
+ * @link http://tools.ietf.org/html/rfc6749#section-1.3.4 Client Credentials (RFC 6749, §1.3.4)
+ */
+class ClientCredentials extends AbstractGrant
+{
+    /**
+     * @inheritdoc
+     */
+    protected function getName()
+    {
+        return 'client_credentials';
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected function getRequiredRequestParameters()
+    {
+        return [];
+    }
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Grant/Exception/InvalidGrantException.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Grant/Exception/InvalidGrantException.php
new file mode 100644
index 000000000..c3c4e677b
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Grant/Exception/InvalidGrantException.php
@@ -0,0 +1,26 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\Grant\Exception;
+
+use InvalidArgumentException;
+
+/**
+ * Exception thrown if the grant does not extend from AbstractGrant.
+ *
+ * @see League\OAuth2\Client\Grant\AbstractGrant
+ */
+class InvalidGrantException extends InvalidArgumentException
+{
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Grant/GrantFactory.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Grant/GrantFactory.php
new file mode 100644
index 000000000..71990e83d
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Grant/GrantFactory.php
@@ -0,0 +1,104 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\Grant;
+
+use League\OAuth2\Client\Grant\Exception\InvalidGrantException;
+
+/**
+ * Represents a factory used when retrieving an authorization grant type.
+ */
+class GrantFactory
+{
+    /**
+     * @var array
+     */
+    protected $registry = [];
+
+    /**
+     * Defines a grant singleton in the registry.
+     *
+     * @param  string $name
+     * @param  AbstractGrant $grant
+     * @return self
+     */
+    public function setGrant($name, AbstractGrant $grant)
+    {
+        $this->registry[$name] = $grant;
+
+        return $this;
+    }
+
+    /**
+     * Returns a grant singleton by name.
+     *
+     * If the grant has not be registered, a default grant will be loaded.
+     *
+     * @param  string $name
+     * @return AbstractGrant
+     */
+    public function getGrant($name)
+    {
+        if (empty($this->registry[$name])) {
+            $this->registerDefaultGrant($name);
+        }
+
+        return $this->registry[$name];
+    }
+
+    /**
+     * Registers a default grant singleton by name.
+     *
+     * @param  string $name
+     * @return self
+     */
+    protected function registerDefaultGrant($name)
+    {
+        // PascalCase the grant. E.g: 'authorization_code' becomes 'AuthorizationCode'
+        $class = str_replace(' ', '', ucwords(str_replace(['-', '_'], ' ', $name)));
+        $class = 'League\\OAuth2\\Client\\Grant\\' . $class;
+
+        $this->checkGrant($class);
+
+        return $this->setGrant($name, new $class);
+    }
+
+    /**
+     * Determines if a variable is a valid grant.
+     *
+     * @param  mixed $class
+     * @return boolean
+     */
+    public function isGrant($class)
+    {
+        return is_subclass_of($class, AbstractGrant::class);
+    }
+
+    /**
+     * Checks if a variable is a valid grant.
+     *
+     * @throws InvalidGrantException
+     * @param  mixed $class
+     * @return void
+     */
+    public function checkGrant($class)
+    {
+        if (!$this->isGrant($class)) {
+            throw new InvalidGrantException(sprintf(
+                'Grant "%s" must extend AbstractGrant',
+                is_object($class) ? get_class($class) : $class
+            ));
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Grant/Password.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Grant/Password.php
new file mode 100644
index 000000000..6543b2ebd
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Grant/Password.php
@@ -0,0 +1,42 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\Grant;
+
+/**
+ * Represents a resource owner password credentials grant.
+ *
+ * @link http://tools.ietf.org/html/rfc6749#section-1.3.3 Resource Owner Password Credentials (RFC 6749, §1.3.3)
+ */
+class Password extends AbstractGrant
+{
+    /**
+     * @inheritdoc
+     */
+    protected function getName()
+    {
+        return 'password';
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected function getRequiredRequestParameters()
+    {
+        return [
+            'username',
+            'password',
+        ];
+    }
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Grant/RefreshToken.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Grant/RefreshToken.php
new file mode 100644
index 000000000..819218230
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Grant/RefreshToken.php
@@ -0,0 +1,41 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\Grant;
+
+/**
+ * Represents a refresh token grant.
+ *
+ * @link http://tools.ietf.org/html/rfc6749#section-6 Refreshing an Access Token (RFC 6749, §6)
+ */
+class RefreshToken extends AbstractGrant
+{
+    /**
+     * @inheritdoc
+     */
+    protected function getName()
+    {
+        return 'refresh_token';
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected function getRequiredRequestParameters()
+    {
+        return [
+            'refresh_token',
+        ];
+    }
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/OptionProvider/HttpBasicAuthOptionProvider.php b/data/web/inc/lib/vendor/league/oauth2-client/src/OptionProvider/HttpBasicAuthOptionProvider.php
new file mode 100644
index 000000000..3da406568
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/OptionProvider/HttpBasicAuthOptionProvider.php
@@ -0,0 +1,42 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\OptionProvider;
+
+use InvalidArgumentException;
+
+/**
+ * Add http basic auth into access token request options
+ * @link https://tools.ietf.org/html/rfc6749#section-2.3.1
+ */
+class HttpBasicAuthOptionProvider extends PostAuthOptionProvider
+{
+    /**
+     * @inheritdoc
+     */
+    public function getAccessTokenOptions($method, array $params)
+    {
+        if (empty($params['client_id']) || empty($params['client_secret'])) {
+            throw new InvalidArgumentException('clientId and clientSecret are required for http basic auth');
+        }
+
+        $encodedCredentials = base64_encode(sprintf('%s:%s', $params['client_id'], $params['client_secret']));
+        unset($params['client_id'], $params['client_secret']);
+
+        $options = parent::getAccessTokenOptions($method, $params);
+        $options['headers']['Authorization'] = 'Basic ' . $encodedCredentials;
+
+        return $options;
+    }
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/OptionProvider/OptionProviderInterface.php b/data/web/inc/lib/vendor/league/oauth2-client/src/OptionProvider/OptionProviderInterface.php
new file mode 100644
index 000000000..1126d25aa
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/OptionProvider/OptionProviderInterface.php
@@ -0,0 +1,30 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\OptionProvider;
+
+/**
+ * Interface for access token options provider
+ */
+interface OptionProviderInterface
+{
+    /**
+     * Builds request options used for requesting an access token.
+     *
+     * @param string $method
+     * @param  array $params
+     * @return array
+     */
+    public function getAccessTokenOptions($method, array $params);
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/OptionProvider/PostAuthOptionProvider.php b/data/web/inc/lib/vendor/league/oauth2-client/src/OptionProvider/PostAuthOptionProvider.php
new file mode 100644
index 000000000..12d920ecf
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/OptionProvider/PostAuthOptionProvider.php
@@ -0,0 +1,51 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\OptionProvider;
+
+use League\OAuth2\Client\Provider\AbstractProvider;
+use League\OAuth2\Client\Tool\QueryBuilderTrait;
+
+/**
+ * Provide options for access token
+ */
+class PostAuthOptionProvider implements OptionProviderInterface
+{
+    use QueryBuilderTrait;
+
+    /**
+     * @inheritdoc
+     */
+    public function getAccessTokenOptions($method, array $params)
+    {
+        $options = ['headers' => ['content-type' => 'application/x-www-form-urlencoded']];
+
+        if ($method === AbstractProvider::METHOD_POST) {
+            $options['body'] = $this->getAccessTokenBody($params);
+        }
+
+        return $options;
+    }
+
+    /**
+     * Returns the request body for requesting an access token.
+     *
+     * @param  array $params
+     * @return string
+     */
+    protected function getAccessTokenBody(array $params)
+    {
+        return $this->buildQueryString($params);
+    }
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/AbstractProvider.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/AbstractProvider.php
new file mode 100644
index 000000000..d1679998c
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/AbstractProvider.php
@@ -0,0 +1,843 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\Provider;
+
+use GuzzleHttp\Client as HttpClient;
+use GuzzleHttp\ClientInterface as HttpClientInterface;
+use GuzzleHttp\Exception\BadResponseException;
+use League\OAuth2\Client\Grant\AbstractGrant;
+use League\OAuth2\Client\Grant\GrantFactory;
+use League\OAuth2\Client\OptionProvider\OptionProviderInterface;
+use League\OAuth2\Client\OptionProvider\PostAuthOptionProvider;
+use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
+use League\OAuth2\Client\Token\AccessToken;
+use League\OAuth2\Client\Token\AccessTokenInterface;
+use League\OAuth2\Client\Tool\ArrayAccessorTrait;
+use League\OAuth2\Client\Tool\GuardedPropertyTrait;
+use League\OAuth2\Client\Tool\QueryBuilderTrait;
+use League\OAuth2\Client\Tool\RequestFactory;
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\ResponseInterface;
+use UnexpectedValueException;
+
+/**
+ * Represents a service provider (authorization server).
+ *
+ * @link http://tools.ietf.org/html/rfc6749#section-1.1 Roles (RFC 6749, §1.1)
+ */
+abstract class AbstractProvider
+{
+    use ArrayAccessorTrait;
+    use GuardedPropertyTrait;
+    use QueryBuilderTrait;
+
+    /**
+     * @var string Key used in a token response to identify the resource owner.
+     */
+    const ACCESS_TOKEN_RESOURCE_OWNER_ID = null;
+
+    /**
+     * @var string HTTP method used to fetch access tokens.
+     */
+    const METHOD_GET = 'GET';
+
+    /**
+     * @var string HTTP method used to fetch access tokens.
+     */
+    const METHOD_POST = 'POST';
+
+    /**
+     * @var string
+     */
+    protected $clientId;
+
+    /**
+     * @var string
+     */
+    protected $clientSecret;
+
+    /**
+     * @var string
+     */
+    protected $redirectUri;
+
+    /**
+     * @var string
+     */
+    protected $state;
+
+    /**
+     * @var GrantFactory
+     */
+    protected $grantFactory;
+
+    /**
+     * @var RequestFactory
+     */
+    protected $requestFactory;
+
+    /**
+     * @var HttpClientInterface
+     */
+    protected $httpClient;
+
+    /**
+     * @var OptionProviderInterface
+     */
+    protected $optionProvider;
+
+    /**
+     * Constructs an OAuth 2.0 service provider.
+     *
+     * @param array $options An array of options to set on this provider.
+     *     Options include `clientId`, `clientSecret`, `redirectUri`, and `state`.
+     *     Individual providers may introduce more options, as needed.
+     * @param array $collaborators An array of collaborators that may be used to
+     *     override this provider's default behavior. Collaborators include
+     *     `grantFactory`, `requestFactory`, and `httpClient`.
+     *     Individual providers may introduce more collaborators, as needed.
+     */
+    public function __construct(array $options = [], array $collaborators = [])
+    {
+        // We'll let the GuardedPropertyTrait handle mass assignment of incoming
+        // options, skipping any blacklisted properties defined in the provider
+        $this->fillProperties($options);
+
+        if (empty($collaborators['grantFactory'])) {
+            $collaborators['grantFactory'] = new GrantFactory();
+        }
+        $this->setGrantFactory($collaborators['grantFactory']);
+
+        if (empty($collaborators['requestFactory'])) {
+            $collaborators['requestFactory'] = new RequestFactory();
+        }
+        $this->setRequestFactory($collaborators['requestFactory']);
+
+        if (empty($collaborators['httpClient'])) {
+            $client_options = $this->getAllowedClientOptions($options);
+
+            $collaborators['httpClient'] = new HttpClient(
+                array_intersect_key($options, array_flip($client_options))
+            );
+        }
+        $this->setHttpClient($collaborators['httpClient']);
+
+        if (empty($collaborators['optionProvider'])) {
+            $collaborators['optionProvider'] = new PostAuthOptionProvider();
+        }
+        $this->setOptionProvider($collaborators['optionProvider']);
+    }
+
+    /**
+     * Returns the list of options that can be passed to the HttpClient
+     *
+     * @param array $options An array of options to set on this provider.
+     *     Options include `clientId`, `clientSecret`, `redirectUri`, and `state`.
+     *     Individual providers may introduce more options, as needed.
+     * @return array The options to pass to the HttpClient constructor
+     */
+    protected function getAllowedClientOptions(array $options)
+    {
+        $client_options = ['timeout', 'proxy'];
+
+        // Only allow turning off ssl verification if it's for a proxy
+        if (!empty($options['proxy'])) {
+            $client_options[] = 'verify';
+        }
+
+        return $client_options;
+    }
+
+    /**
+     * Sets the grant factory instance.
+     *
+     * @param  GrantFactory $factory
+     * @return self
+     */
+    public function setGrantFactory(GrantFactory $factory)
+    {
+        $this->grantFactory = $factory;
+
+        return $this;
+    }
+
+    /**
+     * Returns the current grant factory instance.
+     *
+     * @return GrantFactory
+     */
+    public function getGrantFactory()
+    {
+        return $this->grantFactory;
+    }
+
+    /**
+     * Sets the request factory instance.
+     *
+     * @param  RequestFactory $factory
+     * @return self
+     */
+    public function setRequestFactory(RequestFactory $factory)
+    {
+        $this->requestFactory = $factory;
+
+        return $this;
+    }
+
+    /**
+     * Returns the request factory instance.
+     *
+     * @return RequestFactory
+     */
+    public function getRequestFactory()
+    {
+        return $this->requestFactory;
+    }
+
+    /**
+     * Sets the HTTP client instance.
+     *
+     * @param  HttpClientInterface $client
+     * @return self
+     */
+    public function setHttpClient(HttpClientInterface $client)
+    {
+        $this->httpClient = $client;
+
+        return $this;
+    }
+
+    /**
+     * Returns the HTTP client instance.
+     *
+     * @return HttpClientInterface
+     */
+    public function getHttpClient()
+    {
+        return $this->httpClient;
+    }
+
+    /**
+     * Sets the option provider instance.
+     *
+     * @param  OptionProviderInterface $provider
+     * @return self
+     */
+    public function setOptionProvider(OptionProviderInterface $provider)
+    {
+        $this->optionProvider = $provider;
+
+        return $this;
+    }
+
+    /**
+     * Returns the option provider instance.
+     *
+     * @return OptionProviderInterface
+     */
+    public function getOptionProvider()
+    {
+        return $this->optionProvider;
+    }
+
+    /**
+     * Returns the current value of the state parameter.
+     *
+     * This can be accessed by the redirect handler during authorization.
+     *
+     * @return string
+     */
+    public function getState()
+    {
+        return $this->state;
+    }
+
+    /**
+     * Returns the base URL for authorizing a client.
+     *
+     * Eg. https://oauth.service.com/authorize
+     *
+     * @return string
+     */
+    abstract public function getBaseAuthorizationUrl();
+
+    /**
+     * Returns the base URL for requesting an access token.
+     *
+     * Eg. https://oauth.service.com/token
+     *
+     * @param array $params
+     * @return string
+     */
+    abstract public function getBaseAccessTokenUrl(array $params);
+
+    /**
+     * Returns the URL for requesting the resource owner's details.
+     *
+     * @param AccessToken $token
+     * @return string
+     */
+    abstract public function getResourceOwnerDetailsUrl(AccessToken $token);
+
+    /**
+     * Returns a new random string to use as the state parameter in an
+     * authorization flow.
+     *
+     * @param  int $length Length of the random string to be generated.
+     * @return string
+     */
+    protected function getRandomState($length = 32)
+    {
+        // Converting bytes to hex will always double length. Hence, we can reduce
+        // the amount of bytes by half to produce the correct length.
+        return bin2hex(random_bytes($length / 2));
+    }
+
+    /**
+     * Returns the default scopes used by this provider.
+     *
+     * This should only be the scopes that are required to request the details
+     * of the resource owner, rather than all the available scopes.
+     *
+     * @return array
+     */
+    abstract protected function getDefaultScopes();
+
+    /**
+     * Returns the string that should be used to separate scopes when building
+     * the URL for requesting an access token.
+     *
+     * @return string Scope separator, defaults to ','
+     */
+    protected function getScopeSeparator()
+    {
+        return ',';
+    }
+
+    /**
+     * Returns authorization parameters based on provided options.
+     *
+     * @param  array $options
+     * @return array Authorization parameters
+     */
+    protected function getAuthorizationParameters(array $options)
+    {
+        if (empty($options['state'])) {
+            $options['state'] = $this->getRandomState();
+        }
+
+        if (empty($options['scope'])) {
+            $options['scope'] = $this->getDefaultScopes();
+        }
+
+        $options += [
+            'response_type'   => 'code',
+            'approval_prompt' => 'auto'
+        ];
+
+        if (is_array($options['scope'])) {
+            $separator = $this->getScopeSeparator();
+            $options['scope'] = implode($separator, $options['scope']);
+        }
+
+        // Store the state as it may need to be accessed later on.
+        $this->state = $options['state'];
+
+        // Business code layer might set a different redirect_uri parameter
+        // depending on the context, leave it as-is
+        if (!isset($options['redirect_uri'])) {
+            $options['redirect_uri'] = $this->redirectUri;
+        }
+
+        $options['client_id'] = $this->clientId;
+
+        return $options;
+    }
+
+    /**
+     * Builds the authorization URL's query string.
+     *
+     * @param  array $params Query parameters
+     * @return string Query string
+     */
+    protected function getAuthorizationQuery(array $params)
+    {
+        return $this->buildQueryString($params);
+    }
+
+    /**
+     * Builds the authorization URL.
+     *
+     * @param  array $options
+     * @return string Authorization URL
+     */
+    public function getAuthorizationUrl(array $options = [])
+    {
+        $base   = $this->getBaseAuthorizationUrl();
+        $params = $this->getAuthorizationParameters($options);
+        $query  = $this->getAuthorizationQuery($params);
+
+        return $this->appendQuery($base, $query);
+    }
+
+    /**
+     * Redirects the client for authorization.
+     *
+     * @param  array $options
+     * @param  callable|null $redirectHandler
+     * @return mixed
+     */
+    public function authorize(
+        array $options = [],
+        callable $redirectHandler = null
+    ) {
+        $url = $this->getAuthorizationUrl($options);
+        if ($redirectHandler) {
+            return $redirectHandler($url, $this);
+        }
+
+        // @codeCoverageIgnoreStart
+        header('Location: ' . $url);
+        exit;
+        // @codeCoverageIgnoreEnd
+    }
+
+    /**
+     * Appends a query string to a URL.
+     *
+     * @param  string $url The URL to append the query to
+     * @param  string $query The HTTP query string
+     * @return string The resulting URL
+     */
+    protected function appendQuery($url, $query)
+    {
+        $query = trim($query, '?&');
+
+        if ($query) {
+            $glue = strstr($url, '?') === false ? '?' : '&';
+            return $url . $glue . $query;
+        }
+
+        return $url;
+    }
+
+    /**
+     * Returns the method to use when requesting an access token.
+     *
+     * @return string HTTP method
+     */
+    protected function getAccessTokenMethod()
+    {
+        return self::METHOD_POST;
+    }
+
+    /**
+     * Returns the key used in the access token response to identify the resource owner.
+     *
+     * @return string|null Resource owner identifier key
+     */
+    protected function getAccessTokenResourceOwnerId()
+    {
+        return static::ACCESS_TOKEN_RESOURCE_OWNER_ID;
+    }
+
+    /**
+     * Builds the access token URL's query string.
+     *
+     * @param  array $params Query parameters
+     * @return string Query string
+     */
+    protected function getAccessTokenQuery(array $params)
+    {
+        return $this->buildQueryString($params);
+    }
+
+    /**
+     * Checks that a provided grant is valid, or attempts to produce one if the
+     * provided grant is a string.
+     *
+     * @param  AbstractGrant|string $grant
+     * @return AbstractGrant
+     */
+    protected function verifyGrant($grant)
+    {
+        if (is_string($grant)) {
+            return $this->grantFactory->getGrant($grant);
+        }
+
+        $this->grantFactory->checkGrant($grant);
+        return $grant;
+    }
+
+    /**
+     * Returns the full URL to use when requesting an access token.
+     *
+     * @param array $params Query parameters
+     * @return string
+     */
+    protected function getAccessTokenUrl(array $params)
+    {
+        $url = $this->getBaseAccessTokenUrl($params);
+
+        if ($this->getAccessTokenMethod() === self::METHOD_GET) {
+            $query = $this->getAccessTokenQuery($params);
+            return $this->appendQuery($url, $query);
+        }
+
+        return $url;
+    }
+
+    /**
+     * Returns a prepared request for requesting an access token.
+     *
+     * @param array $params Query string parameters
+     * @return RequestInterface
+     */
+    protected function getAccessTokenRequest(array $params)
+    {
+        $method  = $this->getAccessTokenMethod();
+        $url     = $this->getAccessTokenUrl($params);
+        $options = $this->optionProvider->getAccessTokenOptions($this->getAccessTokenMethod(), $params);
+
+        return $this->getRequest($method, $url, $options);
+    }
+
+    /**
+     * Requests an access token using a specified grant and option set.
+     *
+     * @param  mixed $grant
+     * @param  array $options
+     * @throws IdentityProviderException
+     * @return AccessTokenInterface
+     */
+    public function getAccessToken($grant, array $options = [])
+    {
+        $grant = $this->verifyGrant($grant);
+
+        $params = [
+            'client_id'     => $this->clientId,
+            'client_secret' => $this->clientSecret,
+            'redirect_uri'  => $this->redirectUri,
+        ];
+
+        $params   = $grant->prepareRequestParameters($params, $options);
+        $request  = $this->getAccessTokenRequest($params);
+        $response = $this->getParsedResponse($request);
+        if (false === is_array($response)) {
+            throw new UnexpectedValueException(
+                'Invalid response received from Authorization Server. Expected JSON.'
+            );
+        }
+        $prepared = $this->prepareAccessTokenResponse($response);
+        $token    = $this->createAccessToken($prepared, $grant);
+
+        return $token;
+    }
+
+    /**
+     * Returns a PSR-7 request instance that is not authenticated.
+     *
+     * @param  string $method
+     * @param  string $url
+     * @param  array $options
+     * @return RequestInterface
+     */
+    public function getRequest($method, $url, array $options = [])
+    {
+        return $this->createRequest($method, $url, null, $options);
+    }
+
+    /**
+     * Returns an authenticated PSR-7 request instance.
+     *
+     * @param  string $method
+     * @param  string $url
+     * @param  AccessTokenInterface|string $token
+     * @param  array $options Any of "headers", "body", and "protocolVersion".
+     * @return RequestInterface
+     */
+    public function getAuthenticatedRequest($method, $url, $token, array $options = [])
+    {
+        return $this->createRequest($method, $url, $token, $options);
+    }
+
+    /**
+     * Creates a PSR-7 request instance.
+     *
+     * @param  string $method
+     * @param  string $url
+     * @param  AccessTokenInterface|string|null $token
+     * @param  array $options
+     * @return RequestInterface
+     */
+    protected function createRequest($method, $url, $token, array $options)
+    {
+        $defaults = [
+            'headers' => $this->getHeaders($token),
+        ];
+
+        $options = array_merge_recursive($defaults, $options);
+        $factory = $this->getRequestFactory();
+
+        return $factory->getRequestWithOptions($method, $url, $options);
+    }
+
+    /**
+     * Sends a request instance and returns a response instance.
+     *
+     * WARNING: This method does not attempt to catch exceptions caused by HTTP
+     * errors! It is recommended to wrap this method in a try/catch block.
+     *
+     * @param  RequestInterface $request
+     * @return ResponseInterface
+     */
+    public function getResponse(RequestInterface $request)
+    {
+        return $this->getHttpClient()->send($request);
+    }
+
+    /**
+     * Sends a request and returns the parsed response.
+     *
+     * @param  RequestInterface $request
+     * @throws IdentityProviderException
+     * @return mixed
+     */
+    public function getParsedResponse(RequestInterface $request)
+    {
+        try {
+            $response = $this->getResponse($request);
+        } catch (BadResponseException $e) {
+            $response = $e->getResponse();
+        }
+
+        $parsed = $this->parseResponse($response);
+
+        $this->checkResponse($response, $parsed);
+
+        return $parsed;
+    }
+
+    /**
+     * Attempts to parse a JSON response.
+     *
+     * @param  string $content JSON content from response body
+     * @return array Parsed JSON data
+     * @throws UnexpectedValueException if the content could not be parsed
+     */
+    protected function parseJson($content)
+    {
+        $content = json_decode($content, true);
+
+        if (json_last_error() !== JSON_ERROR_NONE) {
+            throw new UnexpectedValueException(sprintf(
+                "Failed to parse JSON response: %s",
+                json_last_error_msg()
+            ));
+        }
+
+        return $content;
+    }
+
+    /**
+     * Returns the content type header of a response.
+     *
+     * @param  ResponseInterface $response
+     * @return string Semi-colon separated join of content-type headers.
+     */
+    protected function getContentType(ResponseInterface $response)
+    {
+        return join(';', (array) $response->getHeader('content-type'));
+    }
+
+    /**
+     * Parses the response according to its content-type header.
+     *
+     * @throws UnexpectedValueException
+     * @param  ResponseInterface $response
+     * @return array
+     */
+    protected function parseResponse(ResponseInterface $response)
+    {
+        $content = (string) $response->getBody();
+        $type = $this->getContentType($response);
+
+        if (strpos($type, 'urlencoded') !== false) {
+            parse_str($content, $parsed);
+            return $parsed;
+        }
+
+        // Attempt to parse the string as JSON regardless of content type,
+        // since some providers use non-standard content types. Only throw an
+        // exception if the JSON could not be parsed when it was expected to.
+        try {
+            return $this->parseJson($content);
+        } catch (UnexpectedValueException $e) {
+            if (strpos($type, 'json') !== false) {
+                throw $e;
+            }
+
+            if ($response->getStatusCode() == 500) {
+                throw new UnexpectedValueException(
+                    'An OAuth server error was encountered that did not contain a JSON body',
+                    0,
+                    $e
+                );
+            }
+
+            return $content;
+        }
+    }
+
+    /**
+     * Checks a provider response for errors.
+     *
+     * @throws IdentityProviderException
+     * @param  ResponseInterface $response
+     * @param  array|string $data Parsed response data
+     * @return void
+     */
+    abstract protected function checkResponse(ResponseInterface $response, $data);
+
+    /**
+     * Prepares an parsed access token response for a grant.
+     *
+     * Custom mapping of expiration, etc should be done here. Always call the
+     * parent method when overloading this method.
+     *
+     * @param  mixed $result
+     * @return array
+     */
+    protected function prepareAccessTokenResponse(array $result)
+    {
+        if ($this->getAccessTokenResourceOwnerId() !== null) {
+            $result['resource_owner_id'] = $this->getValueByKey(
+                $result,
+                $this->getAccessTokenResourceOwnerId()
+            );
+        }
+        return $result;
+    }
+
+    /**
+     * Creates an access token from a response.
+     *
+     * The grant that was used to fetch the response can be used to provide
+     * additional context.
+     *
+     * @param  array $response
+     * @param  AbstractGrant $grant
+     * @return AccessTokenInterface
+     */
+    protected function createAccessToken(array $response, AbstractGrant $grant)
+    {
+        return new AccessToken($response);
+    }
+
+    /**
+     * Generates a resource owner object from a successful resource owner
+     * details request.
+     *
+     * @param  array $response
+     * @param  AccessToken $token
+     * @return ResourceOwnerInterface
+     */
+    abstract protected function createResourceOwner(array $response, AccessToken $token);
+
+    /**
+     * Requests and returns the resource owner of given access token.
+     *
+     * @param  AccessToken $token
+     * @return ResourceOwnerInterface
+     */
+    public function getResourceOwner(AccessToken $token)
+    {
+        $response = $this->fetchResourceOwnerDetails($token);
+
+        return $this->createResourceOwner($response, $token);
+    }
+
+    /**
+     * Requests resource owner details.
+     *
+     * @param  AccessToken $token
+     * @return mixed
+     */
+    protected function fetchResourceOwnerDetails(AccessToken $token)
+    {
+        $url = $this->getResourceOwnerDetailsUrl($token);
+
+        $request = $this->getAuthenticatedRequest(self::METHOD_GET, $url, $token);
+
+        $response = $this->getParsedResponse($request);
+
+        if (false === is_array($response)) {
+            throw new UnexpectedValueException(
+                'Invalid response received from Authorization Server. Expected JSON.'
+            );
+        }
+
+        return $response;
+    }
+
+    /**
+     * Returns the default headers used by this provider.
+     *
+     * Typically this is used to set 'Accept' or 'Content-Type' headers.
+     *
+     * @return array
+     */
+    protected function getDefaultHeaders()
+    {
+        return [];
+    }
+
+    /**
+     * Returns the authorization headers used by this provider.
+     *
+     * Typically this is "Bearer" or "MAC". For more information see:
+     * http://tools.ietf.org/html/rfc6749#section-7.1
+     *
+     * No default is provided, providers must overload this method to activate
+     * authorization headers.
+     *
+     * @param  mixed|null $token Either a string or an access token instance
+     * @return array
+     */
+    protected function getAuthorizationHeaders($token = null)
+    {
+        return [];
+    }
+
+    /**
+     * Returns all headers used by this provider for a request.
+     *
+     * The request will be authenticated if an access token is provided.
+     *
+     * @param  mixed|null $token object or string
+     * @return array
+     */
+    public function getHeaders($token = null)
+    {
+        if ($token) {
+            return array_merge(
+                $this->getDefaultHeaders(),
+                $this->getAuthorizationHeaders($token)
+            );
+        }
+
+        return $this->getDefaultHeaders();
+    }
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/Exception/IdentityProviderException.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/Exception/IdentityProviderException.php
new file mode 100644
index 000000000..52b7e0353
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/Exception/IdentityProviderException.php
@@ -0,0 +1,48 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\Provider\Exception;
+
+/**
+ * Exception thrown if the provider response contains errors.
+ */
+class IdentityProviderException extends \Exception
+{
+    /**
+     * @var mixed
+     */
+    protected $response;
+
+    /**
+     * @param string $message
+     * @param int $code
+     * @param array|string $response The response body
+     */
+    public function __construct($message, $code, $response)
+    {
+        $this->response = $response;
+
+        parent::__construct($message, $code);
+    }
+
+    /**
+     * Returns the exception's response body.
+     *
+     * @return array|string
+     */
+    public function getResponseBody()
+    {
+        return $this->response;
+    }
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/GenericProvider.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/GenericProvider.php
new file mode 100644
index 000000000..74393ffda
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/GenericProvider.php
@@ -0,0 +1,233 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\Provider;
+
+use InvalidArgumentException;
+use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
+use League\OAuth2\Client\Token\AccessToken;
+use League\OAuth2\Client\Tool\BearerAuthorizationTrait;
+use Psr\Http\Message\ResponseInterface;
+
+/**
+ * Represents a generic service provider that may be used to interact with any
+ * OAuth 2.0 service provider, using Bearer token authentication.
+ */
+class GenericProvider extends AbstractProvider
+{
+    use BearerAuthorizationTrait;
+
+    /**
+     * @var string
+     */
+    private $urlAuthorize;
+
+    /**
+     * @var string
+     */
+    private $urlAccessToken;
+
+    /**
+     * @var string
+     */
+    private $urlResourceOwnerDetails;
+
+    /**
+     * @var string
+     */
+    private $accessTokenMethod;
+
+    /**
+     * @var string
+     */
+    private $accessTokenResourceOwnerId;
+
+    /**
+     * @var array|null
+     */
+    private $scopes = null;
+
+    /**
+     * @var string
+     */
+    private $scopeSeparator;
+
+    /**
+     * @var string
+     */
+    private $responseError = 'error';
+
+    /**
+     * @var string
+     */
+    private $responseCode;
+
+    /**
+     * @var string
+     */
+    private $responseResourceOwnerId = 'id';
+
+    /**
+     * @param array $options
+     * @param array $collaborators
+     */
+    public function __construct(array $options = [], array $collaborators = [])
+    {
+        $this->assertRequiredOptions($options);
+
+        $possible   = $this->getConfigurableOptions();
+        $configured = array_intersect_key($options, array_flip($possible));
+
+        foreach ($configured as $key => $value) {
+            $this->$key = $value;
+        }
+
+        // Remove all options that are only used locally
+        $options = array_diff_key($options, $configured);
+
+        parent::__construct($options, $collaborators);
+    }
+
+    /**
+     * Returns all options that can be configured.
+     *
+     * @return array
+     */
+    protected function getConfigurableOptions()
+    {
+        return array_merge($this->getRequiredOptions(), [
+            'accessTokenMethod',
+            'accessTokenResourceOwnerId',
+            'scopeSeparator',
+            'responseError',
+            'responseCode',
+            'responseResourceOwnerId',
+            'scopes',
+        ]);
+    }
+
+    /**
+     * Returns all options that are required.
+     *
+     * @return array
+     */
+    protected function getRequiredOptions()
+    {
+        return [
+            'urlAuthorize',
+            'urlAccessToken',
+            'urlResourceOwnerDetails',
+        ];
+    }
+
+    /**
+     * Verifies that all required options have been passed.
+     *
+     * @param  array $options
+     * @return void
+     * @throws InvalidArgumentException
+     */
+    private function assertRequiredOptions(array $options)
+    {
+        $missing = array_diff_key(array_flip($this->getRequiredOptions()), $options);
+
+        if (!empty($missing)) {
+            throw new InvalidArgumentException(
+                'Required options not defined: ' . implode(', ', array_keys($missing))
+            );
+        }
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getBaseAuthorizationUrl()
+    {
+        return $this->urlAuthorize;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getBaseAccessTokenUrl(array $params)
+    {
+        return $this->urlAccessToken;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getResourceOwnerDetailsUrl(AccessToken $token)
+    {
+        return $this->urlResourceOwnerDetails;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getDefaultScopes()
+    {
+        return $this->scopes;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected function getAccessTokenMethod()
+    {
+        return $this->accessTokenMethod ?: parent::getAccessTokenMethod();
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected function getAccessTokenResourceOwnerId()
+    {
+        return $this->accessTokenResourceOwnerId ?: parent::getAccessTokenResourceOwnerId();
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected function getScopeSeparator()
+    {
+        return $this->scopeSeparator ?: parent::getScopeSeparator();
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected function checkResponse(ResponseInterface $response, $data)
+    {
+        if (!empty($data[$this->responseError])) {
+            $error = $data[$this->responseError];
+            if (!is_string($error)) {
+                $error = var_export($error, true);
+            }
+            $code  = $this->responseCode && !empty($data[$this->responseCode])? $data[$this->responseCode] : 0;
+            if (!is_int($code)) {
+                $code = intval($code);
+            }
+            throw new IdentityProviderException($error, $code, $data);
+        }
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected function createResourceOwner(array $response, AccessToken $token)
+    {
+        return new GenericResourceOwner($response, $this->responseResourceOwnerId);
+    }
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/GenericResourceOwner.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/GenericResourceOwner.php
new file mode 100644
index 000000000..f87661485
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/GenericResourceOwner.php
@@ -0,0 +1,61 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\Provider;
+
+/**
+ * Represents a generic resource owner for use with the GenericProvider.
+ */
+class GenericResourceOwner implements ResourceOwnerInterface
+{
+    /**
+     * @var array
+     */
+    protected $response;
+
+    /**
+     * @var string
+     */
+    protected $resourceOwnerId;
+
+    /**
+     * @param array $response
+     * @param string $resourceOwnerId
+     */
+    public function __construct(array $response, $resourceOwnerId)
+    {
+        $this->response = $response;
+        $this->resourceOwnerId = $resourceOwnerId;
+    }
+
+    /**
+     * Returns the identifier of the authorized resource owner.
+     *
+     * @return mixed
+     */
+    public function getId()
+    {
+        return $this->response[$this->resourceOwnerId];
+    }
+
+    /**
+     * Returns the raw resource owner response.
+     *
+     * @return array
+     */
+    public function toArray()
+    {
+        return $this->response;
+    }
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/ResourceOwnerInterface.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/ResourceOwnerInterface.php
new file mode 100644
index 000000000..828442425
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/ResourceOwnerInterface.php
@@ -0,0 +1,36 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\Provider;
+
+/**
+ * Classes implementing `ResourceOwnerInterface` may be used to represent
+ * the resource owner authenticated with a service provider.
+ */
+interface ResourceOwnerInterface
+{
+    /**
+     * Returns the identifier of the authorized resource owner.
+     *
+     * @return mixed
+     */
+    public function getId();
+
+    /**
+     * Return all of the owner details available as an array.
+     *
+     * @return array
+     */
+    public function toArray();
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Token/AccessToken.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Token/AccessToken.php
new file mode 100644
index 000000000..81533c307
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Token/AccessToken.php
@@ -0,0 +1,243 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\Token;
+
+use InvalidArgumentException;
+use RuntimeException;
+
+/**
+ * Represents an access token.
+ *
+ * @link http://tools.ietf.org/html/rfc6749#section-1.4 Access Token (RFC 6749, §1.4)
+ */
+class AccessToken implements AccessTokenInterface, ResourceOwnerAccessTokenInterface
+{
+    /**
+     * @var string
+     */
+    protected $accessToken;
+
+    /**
+     * @var int
+     */
+    protected $expires;
+
+    /**
+     * @var string
+     */
+    protected $refreshToken;
+
+    /**
+     * @var string
+     */
+    protected $resourceOwnerId;
+
+    /**
+     * @var array
+     */
+    protected $values = [];
+
+    /**
+     * @var int
+     */
+    private static $timeNow;
+
+    /**
+     * Set the time now. This should only be used for testing purposes.
+     *
+     * @param int $timeNow the time in seconds since epoch
+     * @return void
+     */
+    public static function setTimeNow($timeNow)
+    {
+        self::$timeNow = $timeNow;
+    }
+
+    /**
+     * Reset the time now if it was set for test purposes.
+     *
+     * @return void
+     */
+    public static function resetTimeNow()
+    {
+        self::$timeNow = null;
+    }
+
+    /**
+     * @return int
+     */
+    public function getTimeNow()
+    {
+        return self::$timeNow ? self::$timeNow : time();
+    }
+
+    /**
+     * Constructs an access token.
+     *
+     * @param array $options An array of options returned by the service provider
+     *     in the access token request. The `access_token` option is required.
+     * @throws InvalidArgumentException if `access_token` is not provided in `$options`.
+     */
+    public function __construct(array $options = [])
+    {
+        if (empty($options['access_token'])) {
+            throw new InvalidArgumentException('Required option not passed: "access_token"');
+        }
+
+        $this->accessToken = $options['access_token'];
+
+        if (!empty($options['resource_owner_id'])) {
+            $this->resourceOwnerId = $options['resource_owner_id'];
+        }
+
+        if (!empty($options['refresh_token'])) {
+            $this->refreshToken = $options['refresh_token'];
+        }
+
+        // We need to know when the token expires. Show preference to
+        // 'expires_in' since it is defined in RFC6749 Section 5.1.
+        // Defer to 'expires' if it is provided instead.
+        if (isset($options['expires_in'])) {
+            if (!is_numeric($options['expires_in'])) {
+                throw new \InvalidArgumentException('expires_in value must be an integer');
+            }
+
+            $this->expires = $options['expires_in'] != 0 ? $this->getTimeNow() + $options['expires_in'] : 0;
+        } elseif (!empty($options['expires'])) {
+            // Some providers supply the seconds until expiration rather than
+            // the exact timestamp. Take a best guess at which we received.
+            $expires = $options['expires'];
+
+            if (!$this->isExpirationTimestamp($expires)) {
+                $expires += $this->getTimeNow();
+            }
+
+            $this->expires = $expires;
+        }
+
+        // Capture any additional values that might exist in the token but are
+        // not part of the standard response. Vendors will sometimes pass
+        // additional user data this way.
+        $this->values = array_diff_key($options, array_flip([
+            'access_token',
+            'resource_owner_id',
+            'refresh_token',
+            'expires_in',
+            'expires',
+        ]));
+    }
+
+    /**
+     * Check if a value is an expiration timestamp or second value.
+     *
+     * @param integer $value
+     * @return bool
+     */
+    protected function isExpirationTimestamp($value)
+    {
+        // If the given value is larger than the original OAuth 2 draft date,
+        // assume that it is meant to be a (possible expired) timestamp.
+        $oauth2InceptionDate = 1349067600; // 2012-10-01
+        return ($value > $oauth2InceptionDate);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getToken()
+    {
+        return $this->accessToken;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getRefreshToken()
+    {
+        return $this->refreshToken;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getExpires()
+    {
+        return $this->expires;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getResourceOwnerId()
+    {
+        return $this->resourceOwnerId;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function hasExpired()
+    {
+        $expires = $this->getExpires();
+
+        if (empty($expires)) {
+            throw new RuntimeException('"expires" is not set on the token');
+        }
+
+        return $expires < time();
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getValues()
+    {
+        return $this->values;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function __toString()
+    {
+        return (string) $this->getToken();
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function jsonSerialize()
+    {
+        $parameters = $this->values;
+
+        if ($this->accessToken) {
+            $parameters['access_token'] = $this->accessToken;
+        }
+
+        if ($this->refreshToken) {
+            $parameters['refresh_token'] = $this->refreshToken;
+        }
+
+        if ($this->expires) {
+            $parameters['expires'] = $this->expires;
+        }
+
+        if ($this->resourceOwnerId) {
+            $parameters['resource_owner_id'] = $this->resourceOwnerId;
+        }
+
+        return $parameters;
+    }
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Token/AccessTokenInterface.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Token/AccessTokenInterface.php
new file mode 100644
index 000000000..5fd219ffc
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Token/AccessTokenInterface.php
@@ -0,0 +1,74 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\Token;
+
+use JsonSerializable;
+use ReturnTypeWillChange;
+use RuntimeException;
+
+interface AccessTokenInterface extends JsonSerializable
+{
+    /**
+     * Returns the access token string of this instance.
+     *
+     * @return string
+     */
+    public function getToken();
+
+    /**
+     * Returns the refresh token, if defined.
+     *
+     * @return string|null
+     */
+    public function getRefreshToken();
+
+    /**
+     * Returns the expiration timestamp in seconds, if defined.
+     *
+     * @return integer|null
+     */
+    public function getExpires();
+
+    /**
+     * Checks if this token has expired.
+     *
+     * @return boolean true if the token has expired, false otherwise.
+     * @throws RuntimeException if 'expires' is not set on the token.
+     */
+    public function hasExpired();
+
+    /**
+     * Returns additional vendor values stored in the token.
+     *
+     * @return array
+     */
+    public function getValues();
+
+    /**
+     * Returns a string representation of the access token
+     *
+     * @return string
+     */
+    public function __toString();
+
+    /**
+     * Returns an array of parameters to serialize when this is serialized with
+     * json_encode().
+     *
+     * @return array
+     */
+    #[ReturnTypeWillChange]
+    public function jsonSerialize();
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Token/ResourceOwnerAccessTokenInterface.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Token/ResourceOwnerAccessTokenInterface.php
new file mode 100644
index 000000000..51e4ce413
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Token/ResourceOwnerAccessTokenInterface.php
@@ -0,0 +1,25 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\Token;
+
+interface ResourceOwnerAccessTokenInterface extends AccessTokenInterface
+{
+    /**
+     * Returns the resource owner identifier, if defined.
+     *
+     * @return string|null
+     */
+    public function getResourceOwnerId();
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/ArrayAccessorTrait.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/ArrayAccessorTrait.php
new file mode 100644
index 000000000..a18198cf3
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/ArrayAccessorTrait.php
@@ -0,0 +1,52 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\Tool;
+
+/**
+ * Provides generic array navigation tools.
+ */
+trait ArrayAccessorTrait
+{
+    /**
+     * Returns a value by key using dot notation.
+     *
+     * @param  array      $data
+     * @param  string     $key
+     * @param  mixed|null $default
+     * @return mixed
+     */
+    private function getValueByKey(array $data, $key, $default = null)
+    {
+        if (!is_string($key) || empty($key) || !count($data)) {
+            return $default;
+        }
+
+        if (strpos($key, '.') !== false) {
+            $keys = explode('.', $key);
+
+            foreach ($keys as $innerKey) {
+                if (!is_array($data) || !array_key_exists($innerKey, $data)) {
+                    return $default;
+                }
+
+                $data = $data[$innerKey];
+            }
+
+            return $data;
+        }
+
+        return array_key_exists($key, $data) ? $data[$key] : $default;
+    }
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/BearerAuthorizationTrait.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/BearerAuthorizationTrait.php
new file mode 100644
index 000000000..081c7c861
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/BearerAuthorizationTrait.php
@@ -0,0 +1,36 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\Tool;
+
+use League\OAuth2\Client\Token\AccessTokenInterface;
+
+/**
+ * Enables `Bearer` header authorization for providers.
+ *
+ * @link http://tools.ietf.org/html/rfc6750 Bearer Token Usage (RFC 6750)
+ */
+trait BearerAuthorizationTrait
+{
+    /**
+     * Returns authorization headers for the 'bearer' grant.
+     *
+     * @param  AccessTokenInterface|string|null $token Either a string or an access token instance
+     * @return array
+     */
+    protected function getAuthorizationHeaders($token = null)
+    {
+        return ['Authorization' => 'Bearer ' . $token];
+    }
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/GuardedPropertyTrait.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/GuardedPropertyTrait.php
new file mode 100644
index 000000000..02c9ba5fb
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/GuardedPropertyTrait.php
@@ -0,0 +1,70 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\Tool;
+
+/**
+ * Provides support for blacklisting explicit properties from the
+ * mass assignment behavior.
+ */
+trait GuardedPropertyTrait
+{
+    /**
+     * The properties that aren't mass assignable.
+     *
+     * @var array
+     */
+    protected $guarded = [];
+
+    /**
+     * Attempts to mass assign the given options to explicitly defined properties,
+     * skipping over any properties that are defined in the guarded array.
+     *
+     * @param array $options
+     * @return mixed
+     */
+    protected function fillProperties(array $options = [])
+    {
+        if (isset($options['guarded'])) {
+            unset($options['guarded']);
+        }
+
+        foreach ($options as $option => $value) {
+            if (property_exists($this, $option) && !$this->isGuarded($option)) {
+                $this->{$option} = $value;
+            }
+        }
+    }
+
+    /**
+     * Returns current guarded properties.
+     *
+     * @return array
+     */
+    public function getGuarded()
+    {
+        return $this->guarded;
+    }
+
+    /**
+     * Determines if the given property is guarded.
+     *
+     * @param  string  $property
+     * @return bool
+     */
+    public function isGuarded($property)
+    {
+        return in_array($property, $this->getGuarded());
+    }
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/MacAuthorizationTrait.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/MacAuthorizationTrait.php
new file mode 100644
index 000000000..f8dcd77c5
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/MacAuthorizationTrait.php
@@ -0,0 +1,83 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\Tool;
+
+use League\OAuth2\Client\Token\AccessToken;
+use League\OAuth2\Client\Token\AccessTokenInterface;
+
+/**
+ * Enables `MAC` header authorization for providers.
+ *
+ * @link http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-05 Message Authentication Code (MAC) Tokens
+ */
+trait MacAuthorizationTrait
+{
+    /**
+     * Returns the id of this token for MAC generation.
+     *
+     * @param  AccessToken $token
+     * @return string
+     */
+    abstract protected function getTokenId(AccessToken $token);
+
+    /**
+     * Returns the MAC signature for the current request.
+     *
+     * @param  string $id
+     * @param  integer $ts
+     * @param  string $nonce
+     * @return string
+     */
+    abstract protected function getMacSignature($id, $ts, $nonce);
+
+    /**
+     * Returns a new random string to use as the state parameter in an
+     * authorization flow.
+     *
+     * @param  int $length Length of the random string to be generated.
+     * @return string
+     */
+    abstract protected function getRandomState($length = 32);
+
+    /**
+     * Returns the authorization headers for the 'mac' grant.
+     *
+     * @param  AccessTokenInterface|string|null $token Either a string or an access token instance
+     * @return array
+     * @codeCoverageIgnore
+     *
+     * @todo This is currently untested and provided only as an example. If you
+     * complete the implementation, please create a pull request for
+     * https://github.com/thephpleague/oauth2-client
+     */
+    protected function getAuthorizationHeaders($token = null)
+    {
+        if ($token === null) {
+            return [];
+        }
+
+        $ts    = time();
+        $id    = $this->getTokenId($token);
+        $nonce = $this->getRandomState(16);
+        $mac   = $this->getMacSignature($id, $ts, $nonce);
+
+        $parts = [];
+        foreach (compact('id', 'ts', 'nonce', 'mac') as $key => $value) {
+            $parts[] = sprintf('%s="%s"', $key, $value);
+        }
+
+        return ['Authorization' => 'MAC ' . implode(', ', $parts)];
+    }
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/ProviderRedirectTrait.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/ProviderRedirectTrait.php
new file mode 100644
index 000000000..f81b511f9
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/ProviderRedirectTrait.php
@@ -0,0 +1,122 @@
+<?php
+
+namespace League\OAuth2\Client\Tool;
+
+use GuzzleHttp\Exception\BadResponseException;
+use GuzzleHttp\Psr7\Uri;
+use InvalidArgumentException;
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\ResponseInterface;
+
+trait ProviderRedirectTrait
+{
+    /**
+     * Maximum number of times to follow provider initiated redirects
+     *
+     * @var integer
+     */
+    protected $redirectLimit = 2;
+
+    /**
+     * Retrieves a response for a given request and retrieves subsequent
+     * responses, with authorization headers, if a redirect is detected.
+     *
+     * @param  RequestInterface $request
+     * @return ResponseInterface
+     * @throws BadResponseException
+     */
+    protected function followRequestRedirects(RequestInterface $request)
+    {
+        $response = null;
+        $attempts = 0;
+
+        while ($attempts < $this->redirectLimit) {
+            $attempts++;
+            $response = $this->getHttpClient()->send($request, [
+                'allow_redirects' => false
+            ]);
+
+            if ($this->isRedirect($response)) {
+                $redirectUrl = new Uri($response->getHeader('Location')[0]);
+                $request = $request->withUri($redirectUrl);
+            } else {
+                break;
+            }
+        }
+
+        return $response;
+    }
+
+    /**
+     * Returns the HTTP client instance.
+     *
+     * @return GuzzleHttp\ClientInterface
+     */
+    abstract public function getHttpClient();
+
+    /**
+     * Retrieves current redirect limit.
+     *
+     * @return integer
+     */
+    public function getRedirectLimit()
+    {
+        return $this->redirectLimit;
+    }
+
+    /**
+     * Determines if a given response is a redirect.
+     *
+     * @param  ResponseInterface  $response
+     *
+     * @return boolean
+     */
+    protected function isRedirect(ResponseInterface $response)
+    {
+        $statusCode = $response->getStatusCode();
+
+        return $statusCode > 300 && $statusCode < 400 && $response->hasHeader('Location');
+    }
+
+    /**
+     * Sends a request instance and returns a response instance.
+     *
+     * WARNING: This method does not attempt to catch exceptions caused by HTTP
+     * errors! It is recommended to wrap this method in a try/catch block.
+     *
+     * @param  RequestInterface $request
+     * @return ResponseInterface
+     */
+    public function getResponse(RequestInterface $request)
+    {
+        try {
+            $response = $this->followRequestRedirects($request);
+        } catch (BadResponseException $e) {
+            $response = $e->getResponse();
+        }
+
+        return $response;
+    }
+
+    /**
+     * Updates the redirect limit.
+     *
+     * @param integer $limit
+     * @return League\OAuth2\Client\Provider\AbstractProvider
+     * @throws InvalidArgumentException
+     */
+    public function setRedirectLimit($limit)
+    {
+        if (!is_int($limit)) {
+            throw new InvalidArgumentException('redirectLimit must be an integer.');
+        }
+
+        if ($limit < 1) {
+            throw new InvalidArgumentException('redirectLimit must be greater than or equal to one.');
+        }
+
+        $this->redirectLimit = $limit;
+
+        return $this;
+    }
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/QueryBuilderTrait.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/QueryBuilderTrait.php
new file mode 100644
index 000000000..bdda3e79e
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/QueryBuilderTrait.php
@@ -0,0 +1,33 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\Tool;
+
+/**
+ * Provides a standard way to generate query strings.
+ */
+trait QueryBuilderTrait
+{
+    /**
+     * Build a query string from an array.
+     *
+     * @param array $params
+     *
+     * @return string
+     */
+    protected function buildQueryString(array $params)
+    {
+        return http_build_query($params, '', '&', \PHP_QUERY_RFC3986);
+    }
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/RequestFactory.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/RequestFactory.php
new file mode 100644
index 000000000..1af434297
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/RequestFactory.php
@@ -0,0 +1,87 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\Tool;
+
+use GuzzleHttp\Psr7\Request;
+
+/**
+ * Used to produce PSR-7 Request instances.
+ *
+ * @link https://github.com/guzzle/guzzle/pull/1101
+ */
+class RequestFactory
+{
+    /**
+     * Creates a PSR-7 Request instance.
+     *
+     * @param  null|string $method HTTP method for the request.
+     * @param  null|string $uri URI for the request.
+     * @param  array $headers Headers for the message.
+     * @param  string|resource|StreamInterface $body Message body.
+     * @param  string $version HTTP protocol version.
+     *
+     * @return Request
+     */
+    public function getRequest(
+        $method,
+        $uri,
+        array $headers = [],
+        $body = null,
+        $version = '1.1'
+    ) {
+        return new Request($method, $uri, $headers, $body, $version);
+    }
+
+    /**
+     * Parses simplified options.
+     *
+     * @param array $options Simplified options.
+     *
+     * @return array Extended options for use with getRequest.
+     */
+    protected function parseOptions(array $options)
+    {
+        // Should match default values for getRequest
+        $defaults = [
+            'headers' => [],
+            'body'    => null,
+            'version' => '1.1',
+        ];
+
+        return array_merge($defaults, $options);
+    }
+
+    /**
+     * Creates a request using a simplified array of options.
+     *
+     * @param  null|string $method
+     * @param  null|string $uri
+     * @param  array $options
+     *
+     * @return Request
+     */
+    public function getRequestWithOptions($method, $uri, array $options = [])
+    {
+        $options = $this->parseOptions($options);
+
+        return $this->getRequest(
+            $method,
+            $uri,
+            $options['headers'],
+            $options['body'],
+            $options['version']
+        );
+    }
+}
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/RequiredParameterTrait.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/RequiredParameterTrait.php
new file mode 100644
index 000000000..47da97717
--- /dev/null
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Tool/RequiredParameterTrait.php
@@ -0,0 +1,56 @@
+<?php
+/**
+ * This file is part of the league/oauth2-client library
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
+ * @license http://opensource.org/licenses/MIT MIT
+ * @link http://thephpleague.com/oauth2-client/ Documentation
+ * @link https://packagist.org/packages/league/oauth2-client Packagist
+ * @link https://github.com/thephpleague/oauth2-client GitHub
+ */
+
+namespace League\OAuth2\Client\Tool;
+
+use BadMethodCallException;
+
+/**
+ * Provides functionality to check for required parameters.
+ */
+trait RequiredParameterTrait
+{
+    /**
+     * Checks for a required parameter in a hash.
+     *
+     * @throws BadMethodCallException
+     * @param  string $name
+     * @param  array  $params
+     * @return void
+     */
+    private function checkRequiredParameter($name, array $params)
+    {
+        if (!isset($params[$name])) {
+            throw new BadMethodCallException(sprintf(
+                'Required parameter not passed: "%s"',
+                $name
+            ));
+        }
+    }
+
+    /**
+     * Checks for multiple required parameters in a hash.
+     *
+     * @throws InvalidArgumentException
+     * @param  array $names
+     * @param  array $params
+     * @return void
+     */
+    private function checkRequiredParameters(array $names, array $params)
+    {
+        foreach ($names as $name) {
+            $this->checkRequiredParameter($name, $params);
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/LICENSE b/data/web/inc/lib/vendor/paragonie/random_compat/LICENSE
new file mode 100644
index 000000000..45c7017df
--- /dev/null
+++ b/data/web/inc/lib/vendor/paragonie/random_compat/LICENSE
@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Paragon Initiative Enterprises
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/build-phar.sh b/data/web/inc/lib/vendor/paragonie/random_compat/build-phar.sh
new file mode 100755
index 000000000..b4a5ba31c
--- /dev/null
+++ b/data/web/inc/lib/vendor/paragonie/random_compat/build-phar.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+basedir=$( dirname $( readlink -f ${BASH_SOURCE[0]} ) )
+
+php -dphar.readonly=0 "$basedir/other/build_phar.php" $*
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/composer.json b/data/web/inc/lib/vendor/paragonie/random_compat/composer.json
new file mode 100644
index 000000000..f2b9c4e51
--- /dev/null
+++ b/data/web/inc/lib/vendor/paragonie/random_compat/composer.json
@@ -0,0 +1,34 @@
+{
+  "name":         "paragonie/random_compat",
+  "description":  "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
+  "keywords": [
+    "csprng",
+    "random",
+    "polyfill",
+    "pseudorandom"
+  ],
+  "license":      "MIT",
+  "type":         "library",
+  "authors": [
+    {
+      "name":     "Paragon Initiative Enterprises",
+      "email":    "security@paragonie.com",
+      "homepage": "https://paragonie.com"
+    }
+  ],
+  "support": {
+    "issues":     "https://github.com/paragonie/random_compat/issues",
+    "email":      "info@paragonie.com",
+    "source":     "https://github.com/paragonie/random_compat"
+  },
+  "require": {
+    "php": ">= 7"
+  },
+  "require-dev": {
+    "vimeo/psalm": "^1",
+    "phpunit/phpunit": "4.*|5.*"
+  },
+  "suggest": {
+    "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
+  }
+}
diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey b/data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey
new file mode 100644
index 000000000..eb50ebfcd
--- /dev/null
+++ b/data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey
@@ -0,0 +1,5 @@
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEEd+wCqJDrx5B4OldM0dQE0ZMX+lx1ZWm
+pui0SUqD4G29L3NGsz9UhJ/0HjBdbnkhIK5xviT0X5vtjacF6ajgcCArbTB+ds+p
++h7Q084NuSuIpNb6YPfoUFgC/CL9kAoc
+-----END PUBLIC KEY-----
diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey.asc b/data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey.asc
new file mode 100644
index 000000000..6a1d7f300
--- /dev/null
+++ b/data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.22 (MingW32)
+
+iQEcBAABAgAGBQJWtW1hAAoJEGuXocKCZATaJf0H+wbZGgskK1dcRTsuVJl9IWip
+QwGw/qIKI280SD6/ckoUMxKDCJiFuPR14zmqnS36k7N5UNPnpdTJTS8T11jttSpg
+1LCmgpbEIpgaTah+cELDqFCav99fS+bEiAL5lWDAHBTE/XPjGVCqeehyPYref4IW
+NDBIEsvnHPHPLsn6X5jq4+Yj5oUixgxaMPiR+bcO4Sh+RzOVB6i2D0upWfRXBFXA
+NNnsg9/zjvoC7ZW73y9uSH+dPJTt/Vgfeiv52/v41XliyzbUyLalf02GNPY+9goV
+JHG1ulEEBJOCiUD9cE1PUIJwHA/HqyhHIvV350YoEFiHl8iSwm7SiZu5kPjaq74=
+=B6+8
+-----END PGP SIGNATURE-----
diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/lib/random.php b/data/web/inc/lib/vendor/paragonie/random_compat/lib/random.php
new file mode 100644
index 000000000..c7731a56f
--- /dev/null
+++ b/data/web/inc/lib/vendor/paragonie/random_compat/lib/random.php
@@ -0,0 +1,32 @@
+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * @version 2.99.99
+ * @released 2018-06-06
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+// NOP
diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/other/build_phar.php b/data/web/inc/lib/vendor/paragonie/random_compat/other/build_phar.php
new file mode 100644
index 000000000..70ef4b2ed
--- /dev/null
+++ b/data/web/inc/lib/vendor/paragonie/random_compat/other/build_phar.php
@@ -0,0 +1,57 @@
+<?php
+$dist = dirname(__DIR__).'/dist';
+if (!is_dir($dist)) {
+    mkdir($dist, 0755);
+}
+if (file_exists($dist.'/random_compat.phar')) {
+    unlink($dist.'/random_compat.phar');
+}
+$phar = new Phar(
+    $dist.'/random_compat.phar',
+    FilesystemIterator::CURRENT_AS_FILEINFO | \FilesystemIterator::KEY_AS_FILENAME,
+    'random_compat.phar'
+);
+rename(
+    dirname(__DIR__).'/lib/random.php', 
+    dirname(__DIR__).'/lib/index.php'
+);
+$phar->buildFromDirectory(dirname(__DIR__).'/lib');
+rename(
+    dirname(__DIR__).'/lib/index.php', 
+    dirname(__DIR__).'/lib/random.php'
+);
+
+/**
+ * If we pass an (optional) path to a private key as a second argument, we will
+ * sign the Phar with OpenSSL.
+ * 
+ * If you leave this out, it will produce an unsigned .phar!
+ */
+if ($argc > 1) {
+    if (!@is_readable($argv[1])) {
+        echo 'Could not read the private key file:', $argv[1], "\n";
+        exit(255);
+    }
+    $pkeyFile = file_get_contents($argv[1]);
+    
+    $private = openssl_get_privatekey($pkeyFile);
+    if ($private !== false) {
+        $pkey = '';
+        openssl_pkey_export($private, $pkey);
+        $phar->setSignatureAlgorithm(Phar::OPENSSL, $pkey);
+        
+        /**
+         * Save the corresponding public key to the file
+         */
+        if (!@is_readable($dist.'/random_compat.phar.pubkey')) {
+            $details = openssl_pkey_get_details($private);
+            file_put_contents(
+                $dist.'/random_compat.phar.pubkey',
+                $details['key']
+            );
+        }
+    } else {
+        echo 'An error occurred reading the private key from OpenSSL.', "\n";
+        exit(255);
+    }
+}
diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/psalm-autoload.php b/data/web/inc/lib/vendor/paragonie/random_compat/psalm-autoload.php
new file mode 100644
index 000000000..d71d1b818
--- /dev/null
+++ b/data/web/inc/lib/vendor/paragonie/random_compat/psalm-autoload.php
@@ -0,0 +1,9 @@
+<?php
+
+require_once 'lib/byte_safe_strings.php';
+require_once 'lib/cast_to_int.php';
+require_once 'lib/error_polyfill.php';
+require_once 'other/ide_stubs/libsodium.php';
+require_once 'lib/random.php';
+
+$int = random_int(0, 65536);
diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/psalm.xml b/data/web/inc/lib/vendor/paragonie/random_compat/psalm.xml
new file mode 100644
index 000000000..596d99dd6
--- /dev/null
+++ b/data/web/inc/lib/vendor/paragonie/random_compat/psalm.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0"?>
+<psalm
+    autoloader="psalm-autoload.php"
+    stopOnFirstError="false"
+    useDocblockTypes="true"
+>
+    <projectFiles>
+        <directory name="lib" />
+    </projectFiles>
+    <issueHandlers>
+        <RedundantConditionGivenDocblockType errorLevel="info" />
+        <UnresolvableInclude errorLevel="info" />
+        <DuplicateClass errorLevel="info" />
+        <InvalidOperand errorLevel="info" />
+        <UndefinedConstant errorLevel="info" />
+        <MissingReturnType errorLevel="info" />
+        <InvalidReturnType errorLevel="info" />
+    </issueHandlers>
+</psalm>
diff --git a/data/web/inc/lib/vendor/psr/http-client/CHANGELOG.md b/data/web/inc/lib/vendor/psr/http-client/CHANGELOG.md
new file mode 100644
index 000000000..e2dc25f51
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-client/CHANGELOG.md
@@ -0,0 +1,23 @@
+# Changelog
+
+All notable changes to this project will be documented in this file, in reverse chronological order by release.
+
+## 1.0.1
+
+Allow installation with PHP 8. No code changes.
+
+## 1.0.0
+
+First stable release. No changes since 0.3.0.
+
+## 0.3.0
+
+Added Interface suffix on exceptions
+ 
+## 0.2.0 
+
+All exceptions are in `Psr\Http\Client` namespace
+
+## 0.1.0
+
+First release
diff --git a/data/web/inc/lib/vendor/psr/http-client/LICENSE b/data/web/inc/lib/vendor/psr/http-client/LICENSE
new file mode 100644
index 000000000..cd5e0020a
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-client/LICENSE
@@ -0,0 +1,19 @@
+Copyright (c) 2017 PHP Framework Interoperability Group
+
+Permission is hereby granted, free of charge, to any person obtaining a copy 
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights 
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 
+copies of the Software, and to permit persons to whom the Software is 
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in 
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/data/web/inc/lib/vendor/psr/http-client/README.md b/data/web/inc/lib/vendor/psr/http-client/README.md
new file mode 100644
index 000000000..6876b8403
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-client/README.md
@@ -0,0 +1,12 @@
+HTTP Client
+===========
+
+This repository holds all the common code related to [PSR-18 (HTTP Client)][psr-url].
+
+Note that this is not a HTTP Client implementation of its own. It is merely abstractions that describe the components of a HTTP Client.
+
+The installable [package][package-url] and [implementations][implementation-url] are listed on Packagist.
+
+[psr-url]: http://www.php-fig.org/psr/psr-18
+[package-url]: https://packagist.org/packages/psr/http-client
+[implementation-url]: https://packagist.org/providers/psr/http-client-implementation
diff --git a/data/web/inc/lib/vendor/psr/http-client/composer.json b/data/web/inc/lib/vendor/psr/http-client/composer.json
new file mode 100644
index 000000000..c195f8ff1
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-client/composer.json
@@ -0,0 +1,27 @@
+{
+    "name": "psr/http-client",
+    "description": "Common interface for HTTP clients",
+    "keywords": ["psr", "psr-18", "http", "http-client"],
+    "homepage": "https://github.com/php-fig/http-client",
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "PHP-FIG",
+            "homepage": "http://www.php-fig.org/"
+        }
+    ],
+    "require": {
+        "php": "^7.0 || ^8.0",
+        "psr/http-message": "^1.0"
+    },
+    "autoload": {
+        "psr-4": {
+            "Psr\\Http\\Client\\": "src/"
+        }
+    },
+    "extra": {
+        "branch-alias": {
+            "dev-master": "1.0.x-dev"
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/psr/http-client/src/ClientExceptionInterface.php b/data/web/inc/lib/vendor/psr/http-client/src/ClientExceptionInterface.php
new file mode 100644
index 000000000..aa0b9cf14
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-client/src/ClientExceptionInterface.php
@@ -0,0 +1,10 @@
+<?php
+
+namespace Psr\Http\Client;
+
+/**
+ * Every HTTP client related exception MUST implement this interface.
+ */
+interface ClientExceptionInterface extends \Throwable
+{
+}
diff --git a/data/web/inc/lib/vendor/psr/http-client/src/ClientInterface.php b/data/web/inc/lib/vendor/psr/http-client/src/ClientInterface.php
new file mode 100644
index 000000000..ad99fd4b7
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-client/src/ClientInterface.php
@@ -0,0 +1,20 @@
+<?php
+
+namespace Psr\Http\Client;
+
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\ResponseInterface;
+
+interface ClientInterface
+{
+    /**
+     * Sends a PSR-7 request and returns a PSR-7 response.
+     *
+     * @param RequestInterface $request
+     *
+     * @return ResponseInterface
+     *
+     * @throws \Psr\Http\Client\ClientExceptionInterface If an error happens while processing the request.
+     */
+    public function sendRequest(RequestInterface $request): ResponseInterface;
+}
diff --git a/data/web/inc/lib/vendor/psr/http-client/src/NetworkExceptionInterface.php b/data/web/inc/lib/vendor/psr/http-client/src/NetworkExceptionInterface.php
new file mode 100644
index 000000000..4a11627c7
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-client/src/NetworkExceptionInterface.php
@@ -0,0 +1,24 @@
+<?php
+
+namespace Psr\Http\Client;
+
+use Psr\Http\Message\RequestInterface;
+
+/**
+ * Thrown when the request cannot be completed because of network issues.
+ *
+ * There is no response object as this exception is thrown when no response has been received.
+ *
+ * Example: the target host name can not be resolved or the connection failed.
+ */
+interface NetworkExceptionInterface extends ClientExceptionInterface
+{
+    /**
+     * Returns the request.
+     *
+     * The request object MAY be a different object from the one passed to ClientInterface::sendRequest()
+     *
+     * @return RequestInterface
+     */
+    public function getRequest(): RequestInterface;
+}
diff --git a/data/web/inc/lib/vendor/psr/http-client/src/RequestExceptionInterface.php b/data/web/inc/lib/vendor/psr/http-client/src/RequestExceptionInterface.php
new file mode 100644
index 000000000..b17fc34fd
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-client/src/RequestExceptionInterface.php
@@ -0,0 +1,24 @@
+<?php
+
+namespace Psr\Http\Client;
+
+use Psr\Http\Message\RequestInterface;
+
+/**
+ * Exception for when a request failed.
+ *
+ * Examples:
+ *      - Request is invalid (e.g. method is missing)
+ *      - Runtime request errors (e.g. the body stream is not seekable)
+ */
+interface RequestExceptionInterface extends ClientExceptionInterface
+{
+    /**
+     * Returns the request.
+     *
+     * The request object MAY be a different object from the one passed to ClientInterface::sendRequest()
+     *
+     * @return RequestInterface
+     */
+    public function getRequest(): RequestInterface;
+}
diff --git a/data/web/inc/lib/vendor/psr/http-factory/.gitignore b/data/web/inc/lib/vendor/psr/http-factory/.gitignore
new file mode 100644
index 000000000..d8a7996ab
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-factory/.gitignore
@@ -0,0 +1,2 @@
+composer.lock
+vendor/
diff --git a/data/web/inc/lib/vendor/psr/http-factory/.pullapprove.yml b/data/web/inc/lib/vendor/psr/http-factory/.pullapprove.yml
new file mode 100644
index 000000000..8cf081942
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-factory/.pullapprove.yml
@@ -0,0 +1,7 @@
+extends: default
+reviewers:
+    -
+        name: contributors
+        required: 1
+        teams:
+            - http-factory-contributors
diff --git a/data/web/inc/lib/vendor/psr/http-factory/LICENSE b/data/web/inc/lib/vendor/psr/http-factory/LICENSE
new file mode 100644
index 000000000..3f1559b2a
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-factory/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 PHP-FIG
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/data/web/inc/lib/vendor/psr/http-factory/README.md b/data/web/inc/lib/vendor/psr/http-factory/README.md
new file mode 100644
index 000000000..41d362a62
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-factory/README.md
@@ -0,0 +1,10 @@
+HTTP Factories
+==============
+
+This repository holds all interfaces related to [PSR-17 (HTTP Message Factories)][psr-17]. 
+Please refer to the specification for a description.
+
+You can find implementations of the specification by looking for packages providing the 
+[psr/http-factory-implementation](https://packagist.org/providers/psr/http-factory-implementation) virtual package.
+
+[psr-17]: https://www.php-fig.org/psr/psr-17/
diff --git a/data/web/inc/lib/vendor/psr/http-factory/composer.json b/data/web/inc/lib/vendor/psr/http-factory/composer.json
new file mode 100644
index 000000000..af62b290f
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-factory/composer.json
@@ -0,0 +1,35 @@
+{
+    "name": "psr/http-factory",
+    "description": "Common interfaces for PSR-7 HTTP message factories",
+    "keywords": [
+        "psr",
+        "psr-7",
+        "psr-17",
+        "http",
+        "factory",
+        "message",
+        "request",
+        "response"
+    ],
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "PHP-FIG",
+            "homepage": "http://www.php-fig.org/"
+        }
+    ],
+    "require": {
+        "php": ">=7.0.0",
+        "psr/http-message": "^1.0"
+    },
+    "autoload": {
+        "psr-4": {
+            "Psr\\Http\\Message\\": "src/"
+        }
+    },
+    "extra": {
+        "branch-alias": {
+            "dev-master": "1.0.x-dev"
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/psr/http-factory/src/RequestFactoryInterface.php b/data/web/inc/lib/vendor/psr/http-factory/src/RequestFactoryInterface.php
new file mode 100644
index 000000000..cb39a08bf
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-factory/src/RequestFactoryInterface.php
@@ -0,0 +1,18 @@
+<?php
+
+namespace Psr\Http\Message;
+
+interface RequestFactoryInterface
+{
+    /**
+     * Create a new request.
+     *
+     * @param string $method The HTTP method associated with the request.
+     * @param UriInterface|string $uri The URI associated with the request. If
+     *     the value is a string, the factory MUST create a UriInterface
+     *     instance based on it.
+     *
+     * @return RequestInterface
+     */
+    public function createRequest(string $method, $uri): RequestInterface;
+}
diff --git a/data/web/inc/lib/vendor/psr/http-factory/src/ResponseFactoryInterface.php b/data/web/inc/lib/vendor/psr/http-factory/src/ResponseFactoryInterface.php
new file mode 100644
index 000000000..212562f00
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-factory/src/ResponseFactoryInterface.php
@@ -0,0 +1,18 @@
+<?php
+
+namespace Psr\Http\Message;
+
+interface ResponseFactoryInterface
+{
+    /**
+     * Create a new response.
+     *
+     * @param int $code HTTP status code; defaults to 200
+     * @param string $reasonPhrase Reason phrase to associate with status code
+     *     in generated response; if none is provided implementations MAY use
+     *     the defaults as suggested in the HTTP specification.
+     *
+     * @return ResponseInterface
+     */
+    public function createResponse(int $code = 200, string $reasonPhrase = ''): ResponseInterface;
+}
diff --git a/data/web/inc/lib/vendor/psr/http-factory/src/ServerRequestFactoryInterface.php b/data/web/inc/lib/vendor/psr/http-factory/src/ServerRequestFactoryInterface.php
new file mode 100644
index 000000000..9fe031a8f
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-factory/src/ServerRequestFactoryInterface.php
@@ -0,0 +1,24 @@
+<?php
+
+namespace Psr\Http\Message;
+
+interface ServerRequestFactoryInterface
+{
+    /**
+     * Create a new server request.
+     *
+     * Note that server-params are taken precisely as given - no parsing/processing
+     * of the given values is performed, and, in particular, no attempt is made to
+     * determine the HTTP method or URI, which must be provided explicitly.
+     *
+     * @param string $method The HTTP method associated with the request.
+     * @param UriInterface|string $uri The URI associated with the request. If
+     *     the value is a string, the factory MUST create a UriInterface
+     *     instance based on it.
+     * @param array $serverParams Array of SAPI parameters with which to seed
+     *     the generated request instance.
+     *
+     * @return ServerRequestInterface
+     */
+    public function createServerRequest(string $method, $uri, array $serverParams = []): ServerRequestInterface;
+}
diff --git a/data/web/inc/lib/vendor/psr/http-factory/src/StreamFactoryInterface.php b/data/web/inc/lib/vendor/psr/http-factory/src/StreamFactoryInterface.php
new file mode 100644
index 000000000..90e3240c4
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-factory/src/StreamFactoryInterface.php
@@ -0,0 +1,45 @@
+<?php
+
+namespace Psr\Http\Message;
+
+interface StreamFactoryInterface
+{
+    /**
+     * Create a new stream from a string.
+     *
+     * The stream SHOULD be created with a temporary resource.
+     *
+     * @param string $content String content with which to populate the stream.
+     *
+     * @return StreamInterface
+     */
+    public function createStream(string $content = ''): StreamInterface;
+
+    /**
+     * Create a stream from an existing file.
+     *
+     * The file MUST be opened using the given mode, which may be any mode
+     * supported by the `fopen` function.
+     *
+     * The `$filename` MAY be any string supported by `fopen()`.
+     *
+     * @param string $filename Filename or stream URI to use as basis of stream.
+     * @param string $mode Mode with which to open the underlying filename/stream.
+     *
+     * @return StreamInterface
+     * @throws \RuntimeException If the file cannot be opened.
+     * @throws \InvalidArgumentException If the mode is invalid.
+     */
+    public function createStreamFromFile(string $filename, string $mode = 'r'): StreamInterface;
+
+    /**
+     * Create a new stream from an existing resource.
+     *
+     * The stream MUST be readable and may be writable.
+     *
+     * @param resource $resource PHP resource to use as basis of stream.
+     *
+     * @return StreamInterface
+     */
+    public function createStreamFromResource($resource): StreamInterface;
+}
diff --git a/data/web/inc/lib/vendor/psr/http-factory/src/UploadedFileFactoryInterface.php b/data/web/inc/lib/vendor/psr/http-factory/src/UploadedFileFactoryInterface.php
new file mode 100644
index 000000000..7db4e30af
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-factory/src/UploadedFileFactoryInterface.php
@@ -0,0 +1,34 @@
+<?php
+
+namespace Psr\Http\Message;
+
+interface UploadedFileFactoryInterface
+{
+    /**
+     * Create a new uploaded file.
+     *
+     * If a size is not provided it will be determined by checking the size of
+     * the file.
+     *
+     * @see http://php.net/manual/features.file-upload.post-method.php
+     * @see http://php.net/manual/features.file-upload.errors.php
+     *
+     * @param StreamInterface $stream Underlying stream representing the
+     *     uploaded file content.
+     * @param int $size in bytes
+     * @param int $error PHP file upload error
+     * @param string $clientFilename Filename as provided by the client, if any.
+     * @param string $clientMediaType Media type as provided by the client, if any.
+     *
+     * @return UploadedFileInterface
+     *
+     * @throws \InvalidArgumentException If the file resource is not readable.
+     */
+    public function createUploadedFile(
+        StreamInterface $stream,
+        int $size = null,
+        int $error = \UPLOAD_ERR_OK,
+        string $clientFilename = null,
+        string $clientMediaType = null
+    ): UploadedFileInterface;
+}
diff --git a/data/web/inc/lib/vendor/psr/http-factory/src/UriFactoryInterface.php b/data/web/inc/lib/vendor/psr/http-factory/src/UriFactoryInterface.php
new file mode 100644
index 000000000..06df0b46a
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-factory/src/UriFactoryInterface.php
@@ -0,0 +1,17 @@
+<?php
+
+namespace Psr\Http\Message;
+
+interface UriFactoryInterface
+{
+    /**
+     * Create a new URI.
+     *
+     * @param string $uri
+     *
+     * @return UriInterface
+     *
+     * @throws \InvalidArgumentException If the given URI cannot be parsed.
+     */
+    public function createUri(string $uri = ''): UriInterface;
+}
diff --git a/data/web/inc/lib/vendor/psr/http-message/CHANGELOG.md b/data/web/inc/lib/vendor/psr/http-message/CHANGELOG.md
new file mode 100644
index 000000000..74b1ef923
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-message/CHANGELOG.md
@@ -0,0 +1,36 @@
+# Changelog
+
+All notable changes to this project will be documented in this file, in reverse chronological order by release.
+
+## 1.0.1 - 2016-08-06
+
+### Added
+
+- Nothing.
+
+### Deprecated
+
+- Nothing.
+
+### Removed
+
+- Nothing.
+
+### Fixed
+
+- Updated all `@return self` annotation references in interfaces to use
+  `@return static`, which more closelly follows the semantics of the
+  specification.
+- Updated the `MessageInterface::getHeaders()` return annotation to use the
+  value `string[][]`, indicating the format is a nested array of strings.
+- Updated the `@link` annotation for `RequestInterface::withRequestTarget()`
+  to point to the correct section of RFC 7230.
+- Updated the `ServerRequestInterface::withUploadedFiles()` parameter annotation
+  to add the parameter name (`$uploadedFiles`).
+- Updated a `@throws` annotation for the `UploadedFileInterface::moveTo()`
+  method to correctly reference the method parameter (it was referencing an
+  incorrect parameter name previously).
+
+## 1.0.0 - 2016-05-18
+
+Initial stable release; reflects accepted PSR-7 specification.
diff --git a/data/web/inc/lib/vendor/psr/http-message/LICENSE b/data/web/inc/lib/vendor/psr/http-message/LICENSE
new file mode 100644
index 000000000..c2d8e452d
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-message/LICENSE
@@ -0,0 +1,19 @@
+Copyright (c) 2014 PHP Framework Interoperability Group
+
+Permission is hereby granted, free of charge, to any person obtaining a copy 
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights 
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 
+copies of the Software, and to permit persons to whom the Software is 
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in 
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/data/web/inc/lib/vendor/psr/http-message/README.md b/data/web/inc/lib/vendor/psr/http-message/README.md
new file mode 100644
index 000000000..28185338f
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-message/README.md
@@ -0,0 +1,13 @@
+PSR Http Message
+================
+
+This repository holds all interfaces/classes/traits related to
+[PSR-7](http://www.php-fig.org/psr/psr-7/).
+
+Note that this is not a HTTP message implementation of its own. It is merely an
+interface that describes a HTTP message. See the specification for more details.
+
+Usage
+-----
+
+We'll certainly need some stuff in here.
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/psr/http-message/composer.json b/data/web/inc/lib/vendor/psr/http-message/composer.json
new file mode 100644
index 000000000..b0d2937a0
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-message/composer.json
@@ -0,0 +1,26 @@
+{
+    "name": "psr/http-message",
+    "description": "Common interface for HTTP messages",
+    "keywords": ["psr", "psr-7", "http", "http-message", "request", "response"],
+    "homepage": "https://github.com/php-fig/http-message",
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "PHP-FIG",
+            "homepage": "http://www.php-fig.org/"
+        }
+    ],
+    "require": {
+        "php": ">=5.3.0"
+    },
+    "autoload": {
+        "psr-4": {
+            "Psr\\Http\\Message\\": "src/"
+        }
+    },
+    "extra": {
+        "branch-alias": {
+            "dev-master": "1.0.x-dev"
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/psr/http-message/src/MessageInterface.php b/data/web/inc/lib/vendor/psr/http-message/src/MessageInterface.php
new file mode 100644
index 000000000..dd46e5ec8
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-message/src/MessageInterface.php
@@ -0,0 +1,187 @@
+<?php
+
+namespace Psr\Http\Message;
+
+/**
+ * HTTP messages consist of requests from a client to a server and responses
+ * from a server to a client. This interface defines the methods common to
+ * each.
+ *
+ * Messages are considered immutable; all methods that might change state MUST
+ * be implemented such that they retain the internal state of the current
+ * message and return an instance that contains the changed state.
+ *
+ * @link http://www.ietf.org/rfc/rfc7230.txt
+ * @link http://www.ietf.org/rfc/rfc7231.txt
+ */
+interface MessageInterface
+{
+    /**
+     * Retrieves the HTTP protocol version as a string.
+     *
+     * The string MUST contain only the HTTP version number (e.g., "1.1", "1.0").
+     *
+     * @return string HTTP protocol version.
+     */
+    public function getProtocolVersion();
+
+    /**
+     * Return an instance with the specified HTTP protocol version.
+     *
+     * The version string MUST contain only the HTTP version number (e.g.,
+     * "1.1", "1.0").
+     *
+     * This method MUST be implemented in such a way as to retain the
+     * immutability of the message, and MUST return an instance that has the
+     * new protocol version.
+     *
+     * @param string $version HTTP protocol version
+     * @return static
+     */
+    public function withProtocolVersion($version);
+
+    /**
+     * Retrieves all message header values.
+     *
+     * The keys represent the header name as it will be sent over the wire, and
+     * each value is an array of strings associated with the header.
+     *
+     *     // Represent the headers as a string
+     *     foreach ($message->getHeaders() as $name => $values) {
+     *         echo $name . ": " . implode(", ", $values);
+     *     }
+     *
+     *     // Emit headers iteratively:
+     *     foreach ($message->getHeaders() as $name => $values) {
+     *         foreach ($values as $value) {
+     *             header(sprintf('%s: %s', $name, $value), false);
+     *         }
+     *     }
+     *
+     * While header names are not case-sensitive, getHeaders() will preserve the
+     * exact case in which headers were originally specified.
+     *
+     * @return string[][] Returns an associative array of the message's headers. Each
+     *     key MUST be a header name, and each value MUST be an array of strings
+     *     for that header.
+     */
+    public function getHeaders();
+
+    /**
+     * Checks if a header exists by the given case-insensitive name.
+     *
+     * @param string $name Case-insensitive header field name.
+     * @return bool Returns true if any header names match the given header
+     *     name using a case-insensitive string comparison. Returns false if
+     *     no matching header name is found in the message.
+     */
+    public function hasHeader($name);
+
+    /**
+     * Retrieves a message header value by the given case-insensitive name.
+     *
+     * This method returns an array of all the header values of the given
+     * case-insensitive header name.
+     *
+     * If the header does not appear in the message, this method MUST return an
+     * empty array.
+     *
+     * @param string $name Case-insensitive header field name.
+     * @return string[] An array of string values as provided for the given
+     *    header. If the header does not appear in the message, this method MUST
+     *    return an empty array.
+     */
+    public function getHeader($name);
+
+    /**
+     * Retrieves a comma-separated string of the values for a single header.
+     *
+     * This method returns all of the header values of the given
+     * case-insensitive header name as a string concatenated together using
+     * a comma.
+     *
+     * NOTE: Not all header values may be appropriately represented using
+     * comma concatenation. For such headers, use getHeader() instead
+     * and supply your own delimiter when concatenating.
+     *
+     * If the header does not appear in the message, this method MUST return
+     * an empty string.
+     *
+     * @param string $name Case-insensitive header field name.
+     * @return string A string of values as provided for the given header
+     *    concatenated together using a comma. If the header does not appear in
+     *    the message, this method MUST return an empty string.
+     */
+    public function getHeaderLine($name);
+
+    /**
+     * Return an instance with the provided value replacing the specified header.
+     *
+     * While header names are case-insensitive, the casing of the header will
+     * be preserved by this function, and returned from getHeaders().
+     *
+     * This method MUST be implemented in such a way as to retain the
+     * immutability of the message, and MUST return an instance that has the
+     * new and/or updated header and value.
+     *
+     * @param string $name Case-insensitive header field name.
+     * @param string|string[] $value Header value(s).
+     * @return static
+     * @throws \InvalidArgumentException for invalid header names or values.
+     */
+    public function withHeader($name, $value);
+
+    /**
+     * Return an instance with the specified header appended with the given value.
+     *
+     * Existing values for the specified header will be maintained. The new
+     * value(s) will be appended to the existing list. If the header did not
+     * exist previously, it will be added.
+     *
+     * This method MUST be implemented in such a way as to retain the
+     * immutability of the message, and MUST return an instance that has the
+     * new header and/or value.
+     *
+     * @param string $name Case-insensitive header field name to add.
+     * @param string|string[] $value Header value(s).
+     * @return static
+     * @throws \InvalidArgumentException for invalid header names or values.
+     */
+    public function withAddedHeader($name, $value);
+
+    /**
+     * Return an instance without the specified header.
+     *
+     * Header resolution MUST be done without case-sensitivity.
+     *
+     * This method MUST be implemented in such a way as to retain the
+     * immutability of the message, and MUST return an instance that removes
+     * the named header.
+     *
+     * @param string $name Case-insensitive header field name to remove.
+     * @return static
+     */
+    public function withoutHeader($name);
+
+    /**
+     * Gets the body of the message.
+     *
+     * @return StreamInterface Returns the body as a stream.
+     */
+    public function getBody();
+
+    /**
+     * Return an instance with the specified message body.
+     *
+     * The body MUST be a StreamInterface object.
+     *
+     * This method MUST be implemented in such a way as to retain the
+     * immutability of the message, and MUST return a new instance that has the
+     * new body stream.
+     *
+     * @param StreamInterface $body Body.
+     * @return static
+     * @throws \InvalidArgumentException When the body is not valid.
+     */
+    public function withBody(StreamInterface $body);
+}
diff --git a/data/web/inc/lib/vendor/psr/http-message/src/RequestInterface.php b/data/web/inc/lib/vendor/psr/http-message/src/RequestInterface.php
new file mode 100644
index 000000000..a96d4fd63
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-message/src/RequestInterface.php
@@ -0,0 +1,129 @@
+<?php
+
+namespace Psr\Http\Message;
+
+/**
+ * Representation of an outgoing, client-side request.
+ *
+ * Per the HTTP specification, this interface includes properties for
+ * each of the following:
+ *
+ * - Protocol version
+ * - HTTP method
+ * - URI
+ * - Headers
+ * - Message body
+ *
+ * During construction, implementations MUST attempt to set the Host header from
+ * a provided URI if no Host header is provided.
+ *
+ * Requests are considered immutable; all methods that might change state MUST
+ * be implemented such that they retain the internal state of the current
+ * message and return an instance that contains the changed state.
+ */
+interface RequestInterface extends MessageInterface
+{
+    /**
+     * Retrieves the message's request target.
+     *
+     * Retrieves the message's request-target either as it will appear (for
+     * clients), as it appeared at request (for servers), or as it was
+     * specified for the instance (see withRequestTarget()).
+     *
+     * In most cases, this will be the origin-form of the composed URI,
+     * unless a value was provided to the concrete implementation (see
+     * withRequestTarget() below).
+     *
+     * If no URI is available, and no request-target has been specifically
+     * provided, this method MUST return the string "/".
+     *
+     * @return string
+     */
+    public function getRequestTarget();
+
+    /**
+     * Return an instance with the specific request-target.
+     *
+     * If the request needs a non-origin-form request-target — e.g., for
+     * specifying an absolute-form, authority-form, or asterisk-form —
+     * this method may be used to create an instance with the specified
+     * request-target, verbatim.
+     *
+     * This method MUST be implemented in such a way as to retain the
+     * immutability of the message, and MUST return an instance that has the
+     * changed request target.
+     *
+     * @link http://tools.ietf.org/html/rfc7230#section-5.3 (for the various
+     *     request-target forms allowed in request messages)
+     * @param mixed $requestTarget
+     * @return static
+     */
+    public function withRequestTarget($requestTarget);
+
+    /**
+     * Retrieves the HTTP method of the request.
+     *
+     * @return string Returns the request method.
+     */
+    public function getMethod();
+
+    /**
+     * Return an instance with the provided HTTP method.
+     *
+     * While HTTP method names are typically all uppercase characters, HTTP
+     * method names are case-sensitive and thus implementations SHOULD NOT
+     * modify the given string.
+     *
+     * This method MUST be implemented in such a way as to retain the
+     * immutability of the message, and MUST return an instance that has the
+     * changed request method.
+     *
+     * @param string $method Case-sensitive method.
+     * @return static
+     * @throws \InvalidArgumentException for invalid HTTP methods.
+     */
+    public function withMethod($method);
+
+    /**
+     * Retrieves the URI instance.
+     *
+     * This method MUST return a UriInterface instance.
+     *
+     * @link http://tools.ietf.org/html/rfc3986#section-4.3
+     * @return UriInterface Returns a UriInterface instance
+     *     representing the URI of the request.
+     */
+    public function getUri();
+
+    /**
+     * Returns an instance with the provided URI.
+     *
+     * This method MUST update the Host header of the returned request by
+     * default if the URI contains a host component. If the URI does not
+     * contain a host component, any pre-existing Host header MUST be carried
+     * over to the returned request.
+     *
+     * You can opt-in to preserving the original state of the Host header by
+     * setting `$preserveHost` to `true`. When `$preserveHost` is set to
+     * `true`, this method interacts with the Host header in the following ways:
+     *
+     * - If the Host header is missing or empty, and the new URI contains
+     *   a host component, this method MUST update the Host header in the returned
+     *   request.
+     * - If the Host header is missing or empty, and the new URI does not contain a
+     *   host component, this method MUST NOT update the Host header in the returned
+     *   request.
+     * - If a Host header is present and non-empty, this method MUST NOT update
+     *   the Host header in the returned request.
+     *
+     * This method MUST be implemented in such a way as to retain the
+     * immutability of the message, and MUST return an instance that has the
+     * new UriInterface instance.
+     *
+     * @link http://tools.ietf.org/html/rfc3986#section-4.3
+     * @param UriInterface $uri New request URI to use.
+     * @param bool $preserveHost Preserve the original state of the Host header.
+     * @return static
+     */
+    public function withUri(UriInterface $uri, $preserveHost = false);
+}
diff --git a/data/web/inc/lib/vendor/psr/http-message/src/ResponseInterface.php b/data/web/inc/lib/vendor/psr/http-message/src/ResponseInterface.php
new file mode 100644
index 000000000..c306514e6
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-message/src/ResponseInterface.php
@@ -0,0 +1,68 @@
+<?php
+
+namespace Psr\Http\Message;
+
+/**
+ * Representation of an outgoing, server-side response.
+ *
+ * Per the HTTP specification, this interface includes properties for
+ * each of the following:
+ *
+ * - Protocol version
+ * - Status code and reason phrase
+ * - Headers
+ * - Message body
+ *
+ * Responses are considered immutable; all methods that might change state MUST
+ * be implemented such that they retain the internal state of the current
+ * message and return an instance that contains the changed state.
+ */
+interface ResponseInterface extends MessageInterface
+{
+    /**
+     * Gets the response status code.
+     *
+     * The status code is a 3-digit integer result code of the server's attempt
+     * to understand and satisfy the request.
+     *
+     * @return int Status code.
+     */
+    public function getStatusCode();
+
+    /**
+     * Return an instance with the specified status code and, optionally, reason phrase.
+     *
+     * If no reason phrase is specified, implementations MAY choose to default
+     * to the RFC 7231 or IANA recommended reason phrase for the response's
+     * status code.
+     *
+     * This method MUST be implemented in such a way as to retain the
+     * immutability of the message, and MUST return an instance that has the
+     * updated status and reason phrase.
+     *
+     * @link http://tools.ietf.org/html/rfc7231#section-6
+     * @link http://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml
+     * @param int $code The 3-digit integer result code to set.
+     * @param string $reasonPhrase The reason phrase to use with the
+     *     provided status code; if none is provided, implementations MAY
+     *     use the defaults as suggested in the HTTP specification.
+     * @return static
+     * @throws \InvalidArgumentException For invalid status code arguments.
+     */
+    public function withStatus($code, $reasonPhrase = '');
+
+    /**
+     * Gets the response reason phrase associated with the status code.
+     *
+     * Because a reason phrase is not a required element in a response
+     * status line, the reason phrase value MAY be null. Implementations MAY
+     * choose to return the default RFC 7231 recommended reason phrase (or those
+     * listed in the IANA HTTP Status Code Registry) for the response's
+     * status code.
+     *
+     * @link http://tools.ietf.org/html/rfc7231#section-6
+     * @link http://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml
+     * @return string Reason phrase; must return an empty string if none present.
+     */
+    public function getReasonPhrase();
+}
diff --git a/data/web/inc/lib/vendor/psr/http-message/src/ServerRequestInterface.php b/data/web/inc/lib/vendor/psr/http-message/src/ServerRequestInterface.php
new file mode 100644
index 000000000..02512340a
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-message/src/ServerRequestInterface.php
@@ -0,0 +1,261 @@
+<?php
+
+namespace Psr\Http\Message;
+
+/**
+ * Representation of an incoming, server-side HTTP request.
+ *
+ * Per the HTTP specification, this interface includes properties for
+ * each of the following:
+ *
+ * - Protocol version
+ * - HTTP method
+ * - URI
+ * - Headers
+ * - Message body
+ *
+ * Additionally, it encapsulates all data as it has arrived to the
+ * application from the CGI and/or PHP environment, including:
+ *
+ * - The values represented in $_SERVER.
+ * - Any cookies provided (generally via $_COOKIE)
+ * - Query string arguments (generally via $_GET, or as parsed via parse_str())
+ * - Upload files, if any (as represented by $_FILES)
+ * - Deserialized body parameters (generally from $_POST)
+ *
+ * $_SERVER values MUST be treated as immutable, as they represent application
+ * state at the time of request; as such, no methods are provided to allow
+ * modification of those values. The other values provide such methods, as they
+ * can be restored from $_SERVER or the request body, and may need treatment
+ * during the application (e.g., body parameters may be deserialized based on
+ * content type).
+ *
+ * Additionally, this interface recognizes the utility of introspecting a
+ * request to derive and match additional parameters (e.g., via URI path
+ * matching, decrypting cookie values, deserializing non-form-encoded body
+ * content, matching authorization headers to users, etc). These parameters
+ * are stored in an "attributes" property.
+ *
+ * Requests are considered immutable; all methods that might change state MUST
+ * be implemented such that they retain the internal state of the current
+ * message and return an instance that contains the changed state.
+ */
+interface ServerRequestInterface extends RequestInterface
+{
+    /**
+     * Retrieve server parameters.
+     *
+     * Retrieves data related to the incoming request environment,
+     * typically derived from PHP's $_SERVER superglobal. The data IS NOT
+     * REQUIRED to originate from $_SERVER.
+     *
+     * @return array
+     */
+    public function getServerParams();
+
+    /**
+     * Retrieve cookies.
+     *
+     * Retrieves cookies sent by the client to the server.
+     *
+     * The data MUST be compatible with the structure of the $_COOKIE
+     * superglobal.
+     *
+     * @return array
+     */
+    public function getCookieParams();
+
+    /**
+     * Return an instance with the specified cookies.
+     *
+     * The data IS NOT REQUIRED to come from the $_COOKIE superglobal, but MUST
+     * be compatible with the structure of $_COOKIE. Typically, this data will
+     * be injected at instantiation.
+     *
+     * This method MUST NOT update the related Cookie header of the request
+     * instance, nor related values in the server params.
+     *
+     * This method MUST be implemented in such a way as to retain the
+     * immutability of the message, and MUST return an instance that has the
+     * updated cookie values.
+     *
+     * @param array $cookies Array of key/value pairs representing cookies.
+     * @return static
+     */
+    public function withCookieParams(array $cookies);
+
+    /**
+     * Retrieve query string arguments.
+     *
+     * Retrieves the deserialized query string arguments, if any.
+     *
+     * Note: the query params might not be in sync with the URI or server
+     * params. If you need to ensure you are only getting the original
+     * values, you may need to parse the query string from `getUri()->getQuery()`
+     * or from the `QUERY_STRING` server param.
+     *
+     * @return array
+     */
+    public function getQueryParams();
+
+    /**
+     * Return an instance with the specified query string arguments.
+     *
+     * These values SHOULD remain immutable over the course of the incoming
+     * request. They MAY be injected during instantiation, such as from PHP's
+     * $_GET superglobal, or MAY be derived from some other value such as the
+     * URI. In cases where the arguments are parsed from the URI, the data
+     * MUST be compatible with what PHP's parse_str() would return for
+     * purposes of how duplicate query parameters are handled, and how nested
+     * sets are handled.
+     *
+     * Setting query string arguments MUST NOT change the URI stored by the
+     * request, nor the values in the server params.
+     *
+     * This method MUST be implemented in such a way as to retain the
+     * immutability of the message, and MUST return an instance that has the
+     * updated query string arguments.
+     *
+     * @param array $query Array of query string arguments, typically from
+     *     $_GET.
+     * @return static
+     */
+    public function withQueryParams(array $query);
+
+    /**
+     * Retrieve normalized file upload data.
+     *
+     * This method returns upload metadata in a normalized tree, with each leaf
+     * an instance of Psr\Http\Message\UploadedFileInterface.
+     *
+     * These values MAY be prepared from $_FILES or the message body during
+     * instantiation, or MAY be injected via withUploadedFiles().
+     *
+     * @return array An array tree of UploadedFileInterface instances; an empty
+     *     array MUST be returned if no data is present.
+     */
+    public function getUploadedFiles();
+
+    /**
+     * Create a new instance with the specified uploaded files.
+     *
+     * This method MUST be implemented in such a way as to retain the
+     * immutability of the message, and MUST return an instance that has the
+     * updated body parameters.
+     *
+     * @param array $uploadedFiles An array tree of UploadedFileInterface instances.
+     * @return static
+     * @throws \InvalidArgumentException if an invalid structure is provided.
+     */
+    public function withUploadedFiles(array $uploadedFiles);
+
+    /**
+     * Retrieve any parameters provided in the request body.
+     *
+     * If the request Content-Type is either application/x-www-form-urlencoded
+     * or multipart/form-data, and the request method is POST, this method MUST
+     * return the contents of $_POST.
+     *
+     * Otherwise, this method may return any results of deserializing
+     * the request body content; as parsing returns structured content, the
+     * potential types MUST be arrays or objects only. A null value indicates
+     * the absence of body content.
+     *
+     * @return null|array|object The deserialized body parameters, if any.
+     *     These will typically be an array or object.
+     */
+    public function getParsedBody();
+
+    /**
+     * Return an instance with the specified body parameters.
+     *
+     * These MAY be injected during instantiation.
+     *
+     * If the request Content-Type is either application/x-www-form-urlencoded
+     * or multipart/form-data, and the request method is POST, use this method
+     * ONLY to inject the contents of $_POST.
+     *
+     * The data IS NOT REQUIRED to come from $_POST, but MUST be the results of
+     * deserializing the request body content. Deserialization/parsing returns
+     * structured data, and, as such, this method ONLY accepts arrays or objects,
+     * or a null value if nothing was available to parse.
+     *
+     * As an example, if content negotiation determines that the request data
+     * is a JSON payload, this method could be used to create a request
+     * instance with the deserialized parameters.
+     *
+     * This method MUST be implemented in such a way as to retain the
+     * immutability of the message, and MUST return an instance that has the
+     * updated body parameters.
+     *
+     * @param null|array|object $data The deserialized body data. This will
+     *     typically be in an array or object.
+     * @return static
+     * @throws \InvalidArgumentException if an unsupported argument type is
+     *     provided.
+     */
+    public function withParsedBody($data);
+
+    /**
+     * Retrieve attributes derived from the request.
+     *
+     * The request "attributes" may be used to allow injection of any
+     * parameters derived from the request: e.g., the results of path
+     * match operations; the results of decrypting cookies; the results of
+     * deserializing non-form-encoded message bodies; etc. Attributes
+     * will be application and request specific, and CAN be mutable.
+     *
+     * @return array Attributes derived from the request.
+     */
+    public function getAttributes();
+
+    /**
+     * Retrieve a single derived request attribute.
+     *
+     * Retrieves a single derived request attribute as described in
+     * getAttributes(). If the attribute has not been previously set, returns
+     * the default value as provided.
+     *
+     * This method obviates the need for a hasAttribute() method, as it allows
+     * specifying a default value to return if the attribute is not found.
+     *
+     * @see getAttributes()
+     * @param string $name The attribute name.
+     * @param mixed $default Default value to return if the attribute does not exist.
+     * @return mixed
+     */
+    public function getAttribute($name, $default = null);
+
+    /**
+     * Return an instance with the specified derived request attribute.
+     *
+     * This method allows setting a single derived request attribute as
+     * described in getAttributes().
+     *
+     * This method MUST be implemented in such a way as to retain the
+     * immutability of the message, and MUST return an instance that has the
+     * updated attribute.
+     *
+     * @see getAttributes()
+     * @param string $name The attribute name.
+     * @param mixed $value The value of the attribute.
+     * @return static
+     */
+    public function withAttribute($name, $value);
+
+    /**
+     * Return an instance that removes the specified derived request attribute.
+     *
+     * This method allows removing a single derived request attribute as
+     * described in getAttributes().
+     *
+     * This method MUST be implemented in such a way as to retain the
+     * immutability of the message, and MUST return an instance that removes
+     * the attribute.
+     *
+     * @see getAttributes()
+     * @param string $name The attribute name.
+     * @return static
+     */
+    public function withoutAttribute($name);
+}
diff --git a/data/web/inc/lib/vendor/psr/http-message/src/StreamInterface.php b/data/web/inc/lib/vendor/psr/http-message/src/StreamInterface.php
new file mode 100644
index 000000000..f68f39126
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-message/src/StreamInterface.php
@@ -0,0 +1,158 @@
+<?php
+
+namespace Psr\Http\Message;
+
+/**
+ * Describes a data stream.
+ *
+ * Typically, an instance will wrap a PHP stream; this interface provides
+ * a wrapper around the most common operations, including serialization of
+ * the entire stream to a string.
+ */
+interface StreamInterface
+{
+    /**
+     * Reads all data from the stream into a string, from the beginning to end.
+     *
+     * This method MUST attempt to seek to the beginning of the stream before
+     * reading data and read the stream until the end is reached.
+     *
+     * Warning: This could attempt to load a large amount of data into memory.
+     *
+     * This method MUST NOT raise an exception in order to conform with PHP's
+     * string casting operations.
+     *
+     * @see http://php.net/manual/en/language.oop5.magic.php#object.tostring
+     * @return string
+     */
+    public function __toString();
+
+    /**
+     * Closes the stream and any underlying resources.
+     *
+     * @return void
+     */
+    public function close();
+
+    /**
+     * Separates any underlying resources from the stream.
+     *
+     * After the stream has been detached, the stream is in an unusable state.
+     *
+     * @return resource|null Underlying PHP stream, if any
+     */
+    public function detach();
+
+    /**
+     * Get the size of the stream if known.
+     *
+     * @return int|null Returns the size in bytes if known, or null if unknown.
+     */
+    public function getSize();
+
+    /**
+     * Returns the current position of the file read/write pointer
+     *
+     * @return int Position of the file pointer
+     * @throws \RuntimeException on error.
+     */
+    public function tell();
+
+    /**
+     * Returns true if the stream is at the end of the stream.
+     *
+     * @return bool
+     */
+    public function eof();
+
+    /**
+     * Returns whether or not the stream is seekable.
+     *
+     * @return bool
+     */
+    public function isSeekable();
+
+    /**
+     * Seek to a position in the stream.
+     *
+     * @link http://www.php.net/manual/en/function.fseek.php
+     * @param int $offset Stream offset
+     * @param int $whence Specifies how the cursor position will be calculated
+     *     based on the seek offset. Valid values are identical to the built-in
+     *     PHP $whence values for `fseek()`.  SEEK_SET: Set position equal to
+     *     offset bytes SEEK_CUR: Set position to current location plus offset
+     *     SEEK_END: Set position to end-of-stream plus offset.
+     * @throws \RuntimeException on failure.
+     */
+    public function seek($offset, $whence = SEEK_SET);
+
+    /**
+     * Seek to the beginning of the stream.
+     *
+     * If the stream is not seekable, this method will raise an exception;
+     * otherwise, it will perform a seek(0).
+     *
+     * @see seek()
+     * @link http://www.php.net/manual/en/function.fseek.php
+     * @throws \RuntimeException on failure.
+     */
+    public function rewind();
+
+    /**
+     * Returns whether or not the stream is writable.
+     *
+     * @return bool
+     */
+    public function isWritable();
+
+    /**
+     * Write data to the stream.
+     *
+     * @param string $string The string that is to be written.
+     * @return int Returns the number of bytes written to the stream.
+     * @throws \RuntimeException on failure.
+     */
+    public function write($string);
+
+    /**
+     * Returns whether or not the stream is readable.
+     *
+     * @return bool
+     */
+    public function isReadable();
+
+    /**
+     * Read data from the stream.
+     *
+     * @param int $length Read up to $length bytes from the object and return
+     *     them. Fewer than $length bytes may be returned if underlying stream
+     *     call returns fewer bytes.
+     * @return string Returns the data read from the stream, or an empty string
+     *     if no bytes are available.
+     * @throws \RuntimeException if an error occurs.
+     */
+    public function read($length);
+
+    /**
+     * Returns the remaining contents in a string
+     *
+     * @return string
+     * @throws \RuntimeException if unable to read or an error occurs while
+     *     reading.
+     */
+    public function getContents();
+
+    /**
+     * Get stream metadata as an associative array or retrieve a specific key.
+     *
+     * The keys returned are identical to the keys returned from PHP's
+     * stream_get_meta_data() function.
+     *
+     * @link http://php.net/manual/en/function.stream-get-meta-data.php
+     * @param string $key Specific metadata to retrieve.
+     * @return array|mixed|null Returns an associative array if no key is
+     *     provided. Returns a specific key value if a key is provided and the
+     *     value is found, or null if the key is not found.
+     */
+    public function getMetadata($key = null);
+}
diff --git a/data/web/inc/lib/vendor/psr/http-message/src/UploadedFileInterface.php b/data/web/inc/lib/vendor/psr/http-message/src/UploadedFileInterface.php
new file mode 100644
index 000000000..f8a6901e0
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-message/src/UploadedFileInterface.php
@@ -0,0 +1,123 @@
+<?php
+
+namespace Psr\Http\Message;
+
+/**
+ * Value object representing a file uploaded through an HTTP request.
+ *
+ * Instances of this interface are considered immutable; all methods that
+ * might change state MUST be implemented such that they retain the internal
+ * state of the current instance and return an instance that contains the
+ * changed state.
+ */
+interface UploadedFileInterface
+{
+    /**
+     * Retrieve a stream representing the uploaded file.
+     *
+     * This method MUST return a StreamInterface instance, representing the
+     * uploaded file. The purpose of this method is to allow utilizing native PHP
+     * stream functionality to manipulate the file upload, such as
+     * stream_copy_to_stream() (though the result will need to be decorated in a
+     * native PHP stream wrapper to work with such functions).
+     *
+     * If the moveTo() method has been called previously, this method MUST raise
+     * an exception.
+     *
+     * @return StreamInterface Stream representation of the uploaded file.
+     * @throws \RuntimeException in cases when no stream is available or can be
+     *     created.
+     */
+    public function getStream();
+
+    /**
+     * Move the uploaded file to a new location.
+     *
+     * Use this method as an alternative to move_uploaded_file(). This method is
+     * guaranteed to work in both SAPI and non-SAPI environments.
+     * Implementations must determine which environment they are in, and use the
+     * appropriate method (move_uploaded_file(), rename(), or a stream
+     * operation) to perform the operation.
+     *
+     * $targetPath may be an absolute path, or a relative path. If it is a
+     * relative path, resolution should be the same as used by PHP's rename()
+     * function.
+     *
+     * The original file or stream MUST be removed on completion.
+     *
+     * If this method is called more than once, any subsequent calls MUST raise
+     * an exception.
+     *
+     * When used in an SAPI environment where $_FILES is populated, when writing
+     * files via moveTo(), is_uploaded_file() and move_uploaded_file() SHOULD be
+     * used to ensure permissions and upload status are verified correctly.
+     *
+     * If you wish to move to a stream, use getStream(), as SAPI operations
+     * cannot guarantee writing to stream destinations.
+     *
+     * @see http://php.net/is_uploaded_file
+     * @see http://php.net/move_uploaded_file
+     * @param string $targetPath Path to which to move the uploaded file.
+     * @throws \InvalidArgumentException if the $targetPath specified is invalid.
+     * @throws \RuntimeException on any error during the move operation, or on
+     *     the second or subsequent call to the method.
+     */
+    public function moveTo($targetPath);
+    
+    /**
+     * Retrieve the file size.
+     *
+     * Implementations SHOULD return the value stored in the "size" key of
+     * the file in the $_FILES array if available, as PHP calculates this based
+     * on the actual size transmitted.
+     *
+     * @return int|null The file size in bytes or null if unknown.
+     */
+    public function getSize();
+    
+    /**
+     * Retrieve the error associated with the uploaded file.
+     *
+     * The return value MUST be one of PHP's UPLOAD_ERR_XXX constants.
+     *
+     * If the file was uploaded successfully, this method MUST return
+     * UPLOAD_ERR_OK.
+     *
+     * Implementations SHOULD return the value stored in the "error" key of
+     * the file in the $_FILES array.
+     *
+     * @see http://php.net/manual/en/features.file-upload.errors.php
+     * @return int One of PHP's UPLOAD_ERR_XXX constants.
+     */
+    public function getError();
+    
+    /**
+     * Retrieve the filename sent by the client.
+     *
+     * Do not trust the value returned by this method. A client could send
+     * a malicious filename with the intention to corrupt or hack your
+     * application.
+     *
+     * Implementations SHOULD return the value stored in the "name" key of
+     * the file in the $_FILES array.
+     *
+     * @return string|null The filename sent by the client or null if none
+     *     was provided.
+     */
+    public function getClientFilename();
+    
+    /**
+     * Retrieve the media type sent by the client.
+     *
+     * Do not trust the value returned by this method. A client could send
+     * a malicious media type with the intention to corrupt or hack your
+     * application.
+     *
+     * Implementations SHOULD return the value stored in the "type" key of
+     * the file in the $_FILES array.
+     *
+     * @return string|null The media type sent by the client or null if none
+     *     was provided.
+     */
+    public function getClientMediaType();
+}
diff --git a/data/web/inc/lib/vendor/psr/http-message/src/UriInterface.php b/data/web/inc/lib/vendor/psr/http-message/src/UriInterface.php
new file mode 100644
index 000000000..9d7ab9eae
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/http-message/src/UriInterface.php
@@ -0,0 +1,323 @@
+<?php
+namespace Psr\Http\Message;
+
+/**
+ * Value object representing a URI.
+ *
+ * This interface is meant to represent URIs according to RFC 3986 and to
+ * provide methods for most common operations. Additional functionality for
+ * working with URIs can be provided on top of the interface or externally.
+ * Its primary use is for HTTP requests, but may also be used in other
+ * contexts.
+ *
+ * Instances of this interface are considered immutable; all methods that
+ * might change state MUST be implemented such that they retain the internal
+ * state of the current instance and return an instance that contains the
+ * changed state.
+ *
+ * Typically the Host header will be also be present in the request message.
+ * For server-side requests, the scheme will typically be discoverable in the
+ * server parameters.
+ *
+ * @link http://tools.ietf.org/html/rfc3986 (the URI specification)
+ */
+interface UriInterface
+{
+    /**
+     * Retrieve the scheme component of the URI.
+     *
+     * If no scheme is present, this method MUST return an empty string.
+     *
+     * The value returned MUST be normalized to lowercase, per RFC 3986
+     * Section 3.1.
+     *
+     * The trailing ":" character is not part of the scheme and MUST NOT be
+     * added.
+     *
+     * @see https://tools.ietf.org/html/rfc3986#section-3.1
+     * @return string The URI scheme.
+     */
+    public function getScheme();
+
+    /**
+     * Retrieve the authority component of the URI.
+     *
+     * If no authority information is present, this method MUST return an empty
+     * string.
+     *
+     * The authority syntax of the URI is:
+     *
+     * <pre>
+     * [user-info@]host[:port]
+     * </pre>
+     *
+     * If the port component is not set or is the standard port for the current
+     * scheme, it SHOULD NOT be included.
+     *
+     * @see https://tools.ietf.org/html/rfc3986#section-3.2
+     * @return string The URI authority, in "[user-info@]host[:port]" format.
+     */
+    public function getAuthority();
+
+    /**
+     * Retrieve the user information component of the URI.
+     *
+     * If no user information is present, this method MUST return an empty
+     * string.
+     *
+     * If a user is present in the URI, this will return that value;
+     * additionally, if the password is also present, it will be appended to the
+     * user value, with a colon (":") separating the values.
+     *
+     * The trailing "@" character is not part of the user information and MUST
+     * NOT be added.
+     *
+     * @return string The URI user information, in "username[:password]" format.
+     */
+    public function getUserInfo();
+
+    /**
+     * Retrieve the host component of the URI.
+     *
+     * If no host is present, this method MUST return an empty string.
+     *
+     * The value returned MUST be normalized to lowercase, per RFC 3986
+     * Section 3.2.2.
+     *
+     * @see http://tools.ietf.org/html/rfc3986#section-3.2.2
+     * @return string The URI host.
+     */
+    public function getHost();
+
+    /**
+     * Retrieve the port component of the URI.
+     *
+     * If a port is present, and it is non-standard for the current scheme,
+     * this method MUST return it as an integer. If the port is the standard port
+     * used with the current scheme, this method SHOULD return null.
+     *
+     * If no port is present, and no scheme is present, this method MUST return
+     * a null value.
+     *
+     * If no port is present, but a scheme is present, this method MAY return
+     * the standard port for that scheme, but SHOULD return null.
+     *
+     * @return null|int The URI port.
+     */
+    public function getPort();
+
+    /**
+     * Retrieve the path component of the URI.
+     *
+     * The path can either be empty or absolute (starting with a slash) or
+     * rootless (not starting with a slash). Implementations MUST support all
+     * three syntaxes.
+     *
+     * Normally, the empty path "" and absolute path "/" are considered equal as
+     * defined in RFC 7230 Section 2.7.3. But this method MUST NOT automatically
+     * do this normalization because in contexts with a trimmed base path, e.g.
+     * the front controller, this difference becomes significant. It's the task
+     * of the user to handle both "" and "/".
+     *
+     * The value returned MUST be percent-encoded, but MUST NOT double-encode
+     * any characters. To determine what characters to encode, please refer to
+     * RFC 3986, Sections 2 and 3.3.
+     *
+     * As an example, if the value should include a slash ("/") not intended as
+     * delimiter between path segments, that value MUST be passed in encoded
+     * form (e.g., "%2F") to the instance.
+     *
+     * @see https://tools.ietf.org/html/rfc3986#section-2
+     * @see https://tools.ietf.org/html/rfc3986#section-3.3
+     * @return string The URI path.
+     */
+    public function getPath();
+
+    /**
+     * Retrieve the query string of the URI.
+     *
+     * If no query string is present, this method MUST return an empty string.
+     *
+     * The leading "?" character is not part of the query and MUST NOT be
+     * added.
+     *
+     * The value returned MUST be percent-encoded, but MUST NOT double-encode
+     * any characters. To determine what characters to encode, please refer to
+     * RFC 3986, Sections 2 and 3.4.
+     *
+     * As an example, if a value in a key/value pair of the query string should
+     * include an ampersand ("&") not intended as a delimiter between values,
+     * that value MUST be passed in encoded form (e.g., "%26") to the instance.
+     *
+     * @see https://tools.ietf.org/html/rfc3986#section-2
+     * @see https://tools.ietf.org/html/rfc3986#section-3.4
+     * @return string The URI query string.
+     */
+    public function getQuery();
+
+    /**
+     * Retrieve the fragment component of the URI.
+     *
+     * If no fragment is present, this method MUST return an empty string.
+     *
+     * The leading "#" character is not part of the fragment and MUST NOT be
+     * added.
+     *
+     * The value returned MUST be percent-encoded, but MUST NOT double-encode
+     * any characters. To determine what characters to encode, please refer to
+     * RFC 3986, Sections 2 and 3.5.
+     *
+     * @see https://tools.ietf.org/html/rfc3986#section-2
+     * @see https://tools.ietf.org/html/rfc3986#section-3.5
+     * @return string The URI fragment.
+     */
+    public function getFragment();
+
+    /**
+     * Return an instance with the specified scheme.
+     *
+     * This method MUST retain the state of the current instance, and return
+     * an instance that contains the specified scheme.
+     *
+     * Implementations MUST support the schemes "http" and "https" case
+     * insensitively, and MAY accommodate other schemes if required.
+     *
+     * An empty scheme is equivalent to removing the scheme.
+     *
+     * @param string $scheme The scheme to use with the new instance.
+     * @return static A new instance with the specified scheme.
+     * @throws \InvalidArgumentException for invalid or unsupported schemes.
+     */
+    public function withScheme($scheme);
+
+    /**
+     * Return an instance with the specified user information.
+     *
+     * This method MUST retain the state of the current instance, and return
+     * an instance that contains the specified user information.
+     *
+     * Password is optional, but the user information MUST include the
+     * user; an empty string for the user is equivalent to removing user
+     * information.
+     *
+     * @param string $user The user name to use for authority.
+     * @param null|string $password The password associated with $user.
+     * @return static A new instance with the specified user information.
+     */
+    public function withUserInfo($user, $password = null);
+
+    /**
+     * Return an instance with the specified host.
+     *
+     * This method MUST retain the state of the current instance, and return
+     * an instance that contains the specified host.
+     *
+     * An empty host value is equivalent to removing the host.
+     *
+     * @param string $host The hostname to use with the new instance.
+     * @return static A new instance with the specified host.
+     * @throws \InvalidArgumentException for invalid hostnames.
+     */
+    public function withHost($host);
+
+    /**
+     * Return an instance with the specified port.
+     *
+     * This method MUST retain the state of the current instance, and return
+     * an instance that contains the specified port.
+     *
+     * Implementations MUST raise an exception for ports outside the
+     * established TCP and UDP port ranges.
+     *
+     * A null value provided for the port is equivalent to removing the port
+     * information.
+     *
+     * @param null|int $port The port to use with the new instance; a null value
+     *     removes the port information.
+     * @return static A new instance with the specified port.
+     * @throws \InvalidArgumentException for invalid ports.
+     */
+    public function withPort($port);
+
+    /**
+     * Return an instance with the specified path.
+     *
+     * This method MUST retain the state of the current instance, and return
+     * an instance that contains the specified path.
+     *
+     * The path can either be empty or absolute (starting with a slash) or
+     * rootless (not starting with a slash). Implementations MUST support all
+     * three syntaxes.
+     *
+     * If the path is intended to be domain-relative rather than path relative then
+     * it must begin with a slash ("/"). Paths not starting with a slash ("/")
+     * are assumed to be relative to some base path known to the application or
+     * consumer.
+     *
+     * Users can provide both encoded and decoded path characters.
+     * Implementations ensure the correct encoding as outlined in getPath().
+     *
+     * @param string $path The path to use with the new instance.
+     * @return static A new instance with the specified path.
+     * @throws \InvalidArgumentException for invalid paths.
+     */
+    public function withPath($path);
+
+    /**
+     * Return an instance with the specified query string.
+     *
+     * This method MUST retain the state of the current instance, and return
+     * an instance that contains the specified query string.
+     *
+     * Users can provide both encoded and decoded query characters.
+     * Implementations ensure the correct encoding as outlined in getQuery().
+     *
+     * An empty query string value is equivalent to removing the query string.
+     *
+     * @param string $query The query string to use with the new instance.
+     * @return static A new instance with the specified query string.
+     * @throws \InvalidArgumentException for invalid query strings.
+     */
+    public function withQuery($query);
+
+    /**
+     * Return an instance with the specified URI fragment.
+     *
+     * This method MUST retain the state of the current instance, and return
+     * an instance that contains the specified URI fragment.
+     *
+     * Users can provide both encoded and decoded fragment characters.
+     * Implementations ensure the correct encoding as outlined in getFragment().
+     *
+     * An empty fragment value is equivalent to removing the fragment.
+     *
+     * @param string $fragment The fragment to use with the new instance.
+     * @return static A new instance with the specified fragment.
+     */
+    public function withFragment($fragment);
+
+    /**
+     * Return the string representation as a URI reference.
+     *
+     * Depending on which components of the URI are present, the resulting
+     * string is either a full URI or relative reference according to RFC 3986,
+     * Section 4.1. The method concatenates the various components of the URI,
+     * using the appropriate delimiters:
+     *
+     * - If a scheme is present, it MUST be suffixed by ":".
+     * - If an authority is present, it MUST be prefixed by "//".
+     * - The path can be concatenated without delimiters. But there are two
+     *   cases where the path has to be adjusted to make the URI reference
+     *   valid as PHP does not allow to throw an exception in __toString():
+     *     - If the path is rootless and an authority is present, the path MUST
+     *       be prefixed by "/".
+     *     - If the path is starting with more than one "/" and no authority is
+     *       present, the starting slashes MUST be reduced to one.
+     * - If a query is present, it MUST be prefixed by "?".
+     * - If a fragment is present, it MUST be prefixed by "#".
+     *
+     * @see http://tools.ietf.org/html/rfc3986#section-4.1
+     * @return string
+     */
+    public function __toString();
+}
diff --git a/data/web/inc/lib/vendor/ralouphie/getallheaders/LICENSE b/data/web/inc/lib/vendor/ralouphie/getallheaders/LICENSE
new file mode 100644
index 000000000..be5540c2a
--- /dev/null
+++ b/data/web/inc/lib/vendor/ralouphie/getallheaders/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Ralph Khattar
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/data/web/inc/lib/vendor/ralouphie/getallheaders/README.md b/data/web/inc/lib/vendor/ralouphie/getallheaders/README.md
new file mode 100644
index 000000000..9430d76bb
--- /dev/null
+++ b/data/web/inc/lib/vendor/ralouphie/getallheaders/README.md
@@ -0,0 +1,27 @@
+getallheaders
+=============
+
+PHP `getallheaders()` polyfill. Compatible with PHP >= 5.3.
+
+[![Build Status](https://travis-ci.org/ralouphie/getallheaders.svg?branch=master)](https://travis-ci.org/ralouphie/getallheaders)
+[![Coverage Status](https://coveralls.io/repos/ralouphie/getallheaders/badge.png?branch=master)](https://coveralls.io/r/ralouphie/getallheaders?branch=master)
+[![Latest Stable Version](https://poser.pugx.org/ralouphie/getallheaders/v/stable.png)](https://packagist.org/packages/ralouphie/getallheaders)
+[![Latest Unstable Version](https://poser.pugx.org/ralouphie/getallheaders/v/unstable.png)](https://packagist.org/packages/ralouphie/getallheaders)
+[![License](https://poser.pugx.org/ralouphie/getallheaders/license.png)](https://packagist.org/packages/ralouphie/getallheaders)
+
+
+This is a simple polyfill for [`getallheaders()`](http://www.php.net/manual/en/function.getallheaders.php).
+
+## Install
+
+For PHP version **`>= 5.6`**:
+
+```
+composer require ralouphie/getallheaders
+```
+
+For PHP version **`< 5.6`**:
+
+```
+composer require ralouphie/getallheaders "^2"
+```
diff --git a/data/web/inc/lib/vendor/ralouphie/getallheaders/composer.json b/data/web/inc/lib/vendor/ralouphie/getallheaders/composer.json
new file mode 100644
index 000000000..de8ce62e4
--- /dev/null
+++ b/data/web/inc/lib/vendor/ralouphie/getallheaders/composer.json
@@ -0,0 +1,26 @@
+{
+	"name": "ralouphie/getallheaders",
+	"description": "A polyfill for getallheaders.",
+	"license": "MIT",
+	"authors": [
+		{
+			"name": "Ralph Khattar",
+			"email": "ralph.khattar@gmail.com"
+		}
+	],
+	"require": {
+		"php": ">=5.6"
+	},
+	"require-dev": {
+		"phpunit/phpunit": "^5 || ^6.5",
+		"php-coveralls/php-coveralls": "^2.1"
+	},
+	"autoload": {
+		"files": ["src/getallheaders.php"]
+	},
+	"autoload-dev": {
+		"psr-4": {
+			"getallheaders\\Tests\\": "tests/"
+		}
+	}
+}
diff --git a/data/web/inc/lib/vendor/ralouphie/getallheaders/src/getallheaders.php b/data/web/inc/lib/vendor/ralouphie/getallheaders/src/getallheaders.php
new file mode 100644
index 000000000..c7285a5ba
--- /dev/null
+++ b/data/web/inc/lib/vendor/ralouphie/getallheaders/src/getallheaders.php
@@ -0,0 +1,46 @@
+<?php
+
+if (!function_exists('getallheaders')) {
+
+    /**
+     * Get all HTTP header key/values as an associative array for the current request.
+     *
+     * @return string[string] The HTTP header key/value pairs.
+     */
+    function getallheaders()
+    {
+        $headers = array();
+
+        $copy_server = array(
+            'CONTENT_TYPE'   => 'Content-Type',
+            'CONTENT_LENGTH' => 'Content-Length',
+            'CONTENT_MD5'    => 'Content-Md5',
+        );
+
+        foreach ($_SERVER as $key => $value) {
+            if (substr($key, 0, 5) === 'HTTP_') {
+                $key = substr($key, 5);
+                if (!isset($copy_server[$key]) || !isset($_SERVER[$key])) {
+                    $key = str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', $key))));
+                    $headers[$key] = $value;
+                }
+            } elseif (isset($copy_server[$key])) {
+                $headers[$copy_server[$key]] = $value;
+            }
+        }
+
+        if (!isset($headers['Authorization'])) {
+            if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
+                $headers['Authorization'] = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
+            } elseif (isset($_SERVER['PHP_AUTH_USER'])) {
+                $basic_pass = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : '';
+                $headers['Authorization'] = 'Basic ' . base64_encode($_SERVER['PHP_AUTH_USER'] . ':' . $basic_pass);
+            } elseif (isset($_SERVER['PHP_AUTH_DIGEST'])) {
+                $headers['Authorization'] = $_SERVER['PHP_AUTH_DIGEST'];
+            }
+        }
+
+        return $headers;
+    }
+
+}
diff --git a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/.gitignore b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/.gitignore
new file mode 100644
index 000000000..e8c7cb69e
--- /dev/null
+++ b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/.gitignore
@@ -0,0 +1,4 @@
+/build
+/vendor
+composer.phar
+composer.lock
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/.scrutinizer.yml b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/.scrutinizer.yml
new file mode 100644
index 000000000..1f831e850
--- /dev/null
+++ b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/.scrutinizer.yml
@@ -0,0 +1,35 @@
+filter:
+    excluded_paths: [test/*]
+checks:
+    php:
+        code_rating: true
+        remove_extra_empty_lines: true
+        remove_php_closing_tag: true
+        remove_trailing_whitespace: true
+        fix_use_statements:
+            remove_unused: true
+            preserve_multiple: false
+            preserve_blanklines: true
+            order_alphabetically: true
+        fix_php_opening_tag: true
+        fix_linefeed: true
+        fix_line_ending: true
+        fix_identation_4spaces: true
+        fix_doc_comments: true
+tools:
+    external_code_coverage:
+        timeout: 600
+        runs: 2
+    php_analyzer: true
+    php_code_coverage: false
+    php_code_sniffer:
+        config:
+            standard: PSR2
+        filter:
+            paths: ['src']
+    php_loc:
+        enabled: true
+        excluded_dirs: [examples, vendor, test]
+    php_cpd:
+        enabled: true
+        excluded_dirs: [examples, vendor, test]
diff --git a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/.travis.yml b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/.travis.yml
new file mode 100644
index 000000000..87831a56c
--- /dev/null
+++ b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/.travis.yml
@@ -0,0 +1,26 @@
+language: php
+
+sudo: false
+
+php:
+  - 5.6
+  - 7.0
+  - 7.1
+
+matrix:
+  include:
+    - php: 5.6
+      env: 'COMPOSER_FLAGS="--prefer-stable --prefer-lowest"'
+
+before_script:
+  - travis_retry composer self-update
+  - travis_retry composer install --no-interaction --prefer-source --dev
+  - travis_retry phpenv rehash
+
+script:
+  - ./vendor/bin/phpcs --standard=psr2 src/
+  - ./vendor/bin/phpunit --coverage-text --coverage-clover=coverage.clover
+
+after_script:
+  - wget https://scrutinizer-ci.com/ocular.phar
+  - php ocular.phar code-coverage:upload --format=php-clover coverage.clover
diff --git a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/CHANGELOG.md b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/CHANGELOG.md
new file mode 100644
index 000000000..e1990de3b
--- /dev/null
+++ b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/CHANGELOG.md
@@ -0,0 +1,74 @@
+# Changelog
+All Notable changes to `oauth2-keycloak` will be documented in this file
+
+## 2.1.0 - 2018-03-12
+
+### Added
+- Introduce `getLogoutUrl` method on provider to build and return and authorized logout url - thanks @FlxPeters
+
+### Deprecated
+- Nothing
+
+### Fixed
+- Nothing
+
+### Removed
+- Nothing
+
+### Security
+- Nothing
+
+## 2.0.0 - 2017-01-25
+
+### Added
+- PHP 7.1 Support
+
+### Deprecated
+- Nothing
+
+### Fixed
+- Nothing
+
+### Removed
+- PHP 5.5 Support
+
+### Security
+- Nothing
+
+## 1.0.0 - 2017-01-25
+
+Bump for base package parity
+
+## 0.2.0 - 2016-12-07
+
+### Added
+- JSON Web Token decryption support
+
+### Deprecated
+- Nothing
+
+### Fixed
+- Nothing
+
+### Removed
+- Nothing
+
+### Security
+- Nothing
+
+## 0.1.0 - 2015-08-31
+
+### Added
+- Initial release!
+
+### Deprecated
+- Nothing
+
+### Fixed
+- Nothing
+
+### Removed
+- Nothing
+
+### Security
+- Nothing
diff --git a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/CONTRIBUTING.md b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/CONTRIBUTING.md
new file mode 100644
index 000000000..e1e078197
--- /dev/null
+++ b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/CONTRIBUTING.md
@@ -0,0 +1,42 @@
+# Contributing
+
+Contributions are **welcome** and will be fully **credited**.
+
+We accept contributions via Pull Requests on [Github](https://github.com/stevenmaguire/oauth2-keycloak).
+
+
+## Pull Requests
+
+- **[PSR-2 Coding Standard](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md)** - The easiest way to apply the conventions is to install [PHP Code Sniffer](http://pear.php.net/package/PHP_CodeSniffer).
+
+- **Add tests!** - Your patch won't be accepted if it doesn't have tests.
+
+- **Document any change in behaviour** - Make sure the README and any other relevant documentation are kept up-to-date.
+
+- **Consider our release cycle** - We try to follow SemVer. Randomly breaking public APIs is not an option.
+
+- **Create topic branches** - Don't ask us to pull from your master branch.
+
+- **One pull request per feature** - If you want to do more than one thing, send multiple pull requests.
+
+- **Send coherent history** - Make sure each individual commit in your pull request is meaningful. If you had to make multiple intermediate commits while developing, please squash them before submitting.
+
+- **Ensure tests pass!** - Please run the tests (see below) before submitting your pull request, and make sure they pass. We won't accept a patch until all tests pass.
+
+- **Ensure no coding standards violations** - Please run PHP Code Sniffer using the PSR-2 standard (see below) before submitting your pull request. A violation will cause the build to fail, so please make sure there are no violations. We can't accept a patch if the build fails.
+
+
+## Running Tests
+
+``` bash
+$ ./vendor/bin/phpunit
+```
+
+
+## Running PHP Code Sniffer
+
+``` bash
+$ ./vendor/bin/phpcs src --standard=psr2 -sp
+```
+
+**Happy coding**!
diff --git a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/LICENSE b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/LICENSE
new file mode 100644
index 000000000..51455e2dd
--- /dev/null
+++ b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Steven Maguire
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/README.md b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/README.md
new file mode 100644
index 000000000..e050a6d0a
--- /dev/null
+++ b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/README.md
@@ -0,0 +1,175 @@
+# Keycloak Provider for OAuth 2.0 Client
+[![Latest Version](https://img.shields.io/github/release/stevenmaguire/oauth2-keycloak.svg?style=flat-square)](https://github.com/stevenmaguire/oauth2-keycloak/releases)
+[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE.md)
+[![Build Status](https://img.shields.io/travis/stevenmaguire/oauth2-keycloak/master.svg?style=flat-square)](https://travis-ci.org/stevenmaguire/oauth2-keycloak)
+[![Coverage Status](https://img.shields.io/scrutinizer/coverage/g/stevenmaguire/oauth2-keycloak.svg?style=flat-square)](https://scrutinizer-ci.com/g/stevenmaguire/oauth2-keycloak/code-structure)
+[![Quality Score](https://img.shields.io/scrutinizer/g/stevenmaguire/oauth2-keycloak.svg?style=flat-square)](https://scrutinizer-ci.com/g/stevenmaguire/oauth2-keycloak)
+[![Total Downloads](https://img.shields.io/packagist/dt/stevenmaguire/oauth2-keycloak.svg?style=flat-square)](https://packagist.org/packages/stevenmaguire/oauth2-keycloak)
+
+This package provides Keycloak OAuth 2.0 support for the PHP League's [OAuth 2.0 Client](https://github.com/thephpleague/oauth2-client).
+
+## Installation
+
+To install, use composer:
+
+```
+composer require stevenmaguire/oauth2-keycloak
+```
+
+## Usage
+
+Usage is the same as The League's OAuth client, using `\Stevenmaguire\OAuth2\Client\Provider\Keycloak` as the provider.
+
+Use `authServerUrl` to specify the Keycloak server URL. You can lookup the correct value from the Keycloak client installer JSON under `auth-server-url`, eg. `http://localhost:8080/auth`.
+
+Use `realm` to specify the Keycloak realm name. You can lookup the correct value from the Keycloak client installer JSON under `resource`, eg. `master`.
+
+### Authorization Code Flow
+
+```php
+$provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
+    'authServerUrl'         => '{keycloak-server-url}',
+    'realm'                 => '{keycloak-realm}',
+    'clientId'              => '{keycloak-client-id}',
+    'clientSecret'          => '{keycloak-client-secret}',
+    'redirectUri'           => 'https://example.com/callback-url',
+    'encryptionAlgorithm'   => 'RS256',                             // optional
+    'encryptionKeyPath'     => '../key.pem'                         // optional
+    'encryptionKey'         => 'contents_of_key_or_certificate'     // optional
+]);
+
+if (!isset($_GET['code'])) {
+
+    // If we don't have an authorization code then get one
+    $authUrl = $provider->getAuthorizationUrl();
+    $_SESSION['oauth2state'] = $provider->getState();
+    header('Location: '.$authUrl);
+    exit;
+
+// Check given state against previously stored one to mitigate CSRF attack
+} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
+
+    unset($_SESSION['oauth2state']);
+    exit('Invalid state, make sure HTTP sessions are enabled.');
+
+} else {
+
+    // Try to get an access token (using the authorization coe grant)
+    try {
+        $token = $provider->getAccessToken('authorization_code', [
+            'code' => $_GET['code']
+        ]);
+    } catch (Exception $e) {
+        exit('Failed to get access token: '.$e->getMessage());
+    }
+
+    // Optional: Now you have a token you can look up a users profile data
+    try {
+
+        // We got an access token, let's now get the user's details
+        $user = $provider->getResourceOwner($token);
+
+        // Use these details to create a new profile
+        printf('Hello %s!', $user->getName());
+
+    } catch (Exception $e) {
+        exit('Failed to get resource owner: '.$e->getMessage());
+    }
+
+    // Use this to interact with an API on the users behalf
+    echo $token->getToken();
+}
+```
+
+### Refreshing a Token
+
+```php
+$provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
+    'authServerUrl'     => '{keycloak-server-url}',
+    'realm'             => '{keycloak-realm}',
+    'clientId'          => '{keycloak-client-id}',
+    'clientSecret'      => '{keycloak-client-secret}',
+    'redirectUri'       => 'https://example.com/callback-url',
+]);
+
+$token = $provider->getAccessToken('refresh_token', ['refresh_token' => $token->getRefreshToken()]);
+```
+
+### Handling encryption
+
+If you've configured your Keycloak instance to use encryption, there are some advanced options available to you.
+
+#### Configure the provider to use the same encryption algorithm
+
+```php
+$provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
+    // ...
+    'encryptionAlgorithm'   => 'RS256',
+]);
+```
+
+or
+
+```php
+$provider->setEncryptionAlgorithm('RS256');
+```
+
+#### Configure the provider to use the expected decryption public key or certificate
+
+##### By key value
+
+```php
+$key = "-----BEGIN PUBLIC KEY-----\n....\n-----END PUBLIC KEY-----";
+// or
+// $key = "-----BEGIN CERTIFICATE-----\n....\n-----END CERTIFICATE-----";
+
+$provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
+    // ...
+    'encryptionKey'   => $key,
+]);
+```
+
+or
+
+```php
+$provider->setEncryptionKey($key);
+```
+
+##### By key path
+
+```php
+$keyPath = '../key.pem';
+
+$provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
+    // ...
+    'encryptionKeyPath'   => $keyPath,
+]);
+```
+
+or
+
+```php
+$provider->setEncryptionKeyPath($keyPath);
+```
+
+## Testing
+
+``` bash
+$ ./vendor/bin/phpunit
+```
+
+## Contributing
+
+Please see [CONTRIBUTING](https://github.com/stevenmaguire/oauth2-keycloak/blob/master/CONTRIBUTING.md) for details.
+
+
+## Credits
+
+- [Steven Maguire](https://github.com/stevenmaguire)
+- [Martin Stefan](https://github.com/mstefan21)
+- [All Contributors](https://github.com/stevenmaguire/oauth2-keycloak/contributors)
+
+
+## License
+
+The MIT License (MIT). Please see [License File](https://github.com/stevenmaguire/oauth2-keycloak/blob/master/LICENSE) for more information.
diff --git a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/composer.json b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/composer.json
new file mode 100644
index 000000000..958f8c3af
--- /dev/null
+++ b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/composer.json
@@ -0,0 +1,44 @@
+{
+    "name": "stevenmaguire/oauth2-keycloak",
+    "description": "Keycloak OAuth 2.0 Client Provider for The PHP League OAuth2-Client",
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Steven Maguire",
+            "email": "stevenmaguire@gmail.com",
+            "homepage": "https://github.com/stevenmaguire"
+        }
+    ],
+    "keywords": [
+        "oauth",
+        "oauth2",
+        "client",
+        "authorization",
+        "authorisation",
+        "keycloak"
+    ],
+    "require": {
+        "league/oauth2-client": "^2.0",
+        "firebase/php-jwt": "~4.0|~5.0"
+    },
+    "require-dev": {
+        "phpunit/phpunit": "~4.0",
+        "mockery/mockery": "~0.9",
+        "squizlabs/php_codesniffer": "~2.0"
+    },
+    "autoload": {
+        "psr-4": {
+            "Stevenmaguire\\OAuth2\\Client\\": "src/"
+        }
+    },
+    "autoload-dev": {
+        "psr-4": {
+            "Stevenmaguire\\OAuth2\\Client\\Test\\": "test/src/"
+        }
+    },
+    "extra": {
+        "branch-alias": {
+            "dev-master": "1.0.x-dev"
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/examples/index.php b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/examples/index.php
new file mode 100644
index 000000000..398333f15
--- /dev/null
+++ b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/examples/index.php
@@ -0,0 +1,53 @@
+<?php
+
+require 'vendor/autoload.php';
+
+session_start();
+
+$provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
+    'authServerUrl'             => '',
+    'realm'                     => '',
+    'clientId'                  => '',
+    'clientSecret'              => '',
+    'redirectUri'               => '',
+    'encryptionAlgorithm'       => null,
+    'encryptionKey'             => null,
+    'encryptionKeyPath'         => null
+]);
+
+if (!isset($_GET['code'])) {
+    // If we don't have an authorization code then get one
+    $authUrl = $provider->getAuthorizationUrl();
+    $_SESSION['oauth2state'] = $provider->getState();
+    header('Location: '.$authUrl);
+    exit;
+
+// Check given state against previously stored one to mitigate CSRF attack
+} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
+    unset($_SESSION['oauth2state']);
+    exit('Invalid state, make sure HTTP sessions are enabled.');
+} else {
+    // Try to get an access token (using the authorization coe grant)
+    try {
+        $token = $provider->getAccessToken('authorization_code', [
+            'code' => $_GET['code']
+        ]);
+    } catch (Exception $e) {
+        exit('Failed to get access token: '.$e->getMessage());
+    }
+
+    // Optional: Now you have a token you can look up a users profile data
+    try {
+
+        // We got an access token, let's now get the user's details
+        $user = $provider->getResourceOwner($token);
+        // Use these details to create a new profile
+        printf('Hello %s!\n<br>', $user->getName());
+
+    } catch (Exception $e) {
+        exit('Failed to get resource owner: '.$e->getMessage());
+    }
+
+    // Use this to interact with an API on the users behalf
+    echo $token->getToken();
+}
diff --git a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/phpunit.xml.dist b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/phpunit.xml.dist
new file mode 100644
index 000000000..04d164dc2
--- /dev/null
+++ b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/phpunit.xml.dist
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit backupGlobals="false"
+         backupStaticAttributes="false"
+         bootstrap="vendor/autoload.php"
+         colors="true"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true"
+         processIsolation="false"
+         stopOnFailure="false"
+         syntaxCheck="false"
+>
+    <logging>
+        <log type="coverage-html"
+                target="./build/coverage/html"
+                charset="UTF-8"
+                highlight="false"
+                lowUpperBound="35"
+                highLowerBound="70"/>
+          <log type="coverage-clover"
+                target="./build/coverage/log/coverage.xml"/>
+    </logging>
+    <testsuites>
+        <testsuite name="Package Test Suite">
+            <directory suffix=".php">./test/</directory>
+        </testsuite>
+    </testsuites>
+    <filter>
+        <whitelist>
+            <directory suffix=".php">./</directory>
+            <exclude>
+                <directory suffix=".php">./examples</directory>
+                <directory suffix=".php">./vendor</directory>
+                <directory suffix=".php">./test</directory>
+            </exclude>
+        </whitelist>
+    </filter>
+</phpunit>
diff --git a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/src/Provider/Exception/EncryptionConfigurationException.php b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/src/Provider/Exception/EncryptionConfigurationException.php
new file mode 100644
index 000000000..546d2de83
--- /dev/null
+++ b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/src/Provider/Exception/EncryptionConfigurationException.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace Stevenmaguire\OAuth2\Client\Provider\Exception;
+
+use Exception;
+
+class EncryptionConfigurationException extends Exception
+{
+    /**
+     * Returns properly formatted exception when response decryption fails.
+     *
+     * @return \Stevenmaguire\OAuth2\Client\Provider\Exception\EncryptionConfigurationException
+     */
+    public static function undeterminedEncryption()
+    {
+        return new static(
+            'The given response may be encrypted and sufficient '.
+            'encryption configuration has not been provided.',
+            400
+        );
+    }
+}
diff --git a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/src/Provider/Keycloak.php b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/src/Provider/Keycloak.php
new file mode 100644
index 000000000..bc41a7138
--- /dev/null
+++ b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/src/Provider/Keycloak.php
@@ -0,0 +1,387 @@
+<?php
+
+namespace Stevenmaguire\OAuth2\Client\Provider;
+
+use Exception;
+use Firebase\JWT\JWT;
+use League\OAuth2\Client\Provider\AbstractProvider;
+use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
+use League\OAuth2\Client\Token\AccessToken;
+use League\OAuth2\Client\Tool\BearerAuthorizationTrait;
+use Psr\Http\Message\ResponseInterface;
+use Stevenmaguire\OAuth2\Client\Provider\Exception\EncryptionConfigurationException;
+use UnexpectedValueException;
+
+class Keycloak extends AbstractProvider
+{
+    use BearerAuthorizationTrait;
+
+    /**
+     * Keycloak URL, eg. http://localhost:8080/auth.
+     *
+     * @var string
+     */
+    public $authServerUrl = null;
+
+    /**
+     * Realm name, eg. demo.
+     *
+     * @var string
+     */
+    public $realm = null;
+
+    /**
+     * Encryption algorithm.
+     *
+     * You must specify supported algorithms for your application. See
+     * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40
+     * for a list of spec-compliant algorithms.
+     *
+     * @var string
+     */
+    public $encryptionAlgorithm = null;
+
+    /**
+     * Encryption key.
+     *
+     * @var string
+     */
+    public $encryptionKey = null;
+
+    /**
+      * Keycloak version.
+      *
+      * @var string
+      */
+    public $version = null;
+
+    /**
+     * Constructs an OAuth 2.0 service provider.
+     *
+     * @param array $options An array of options to set on this provider.
+     *     Options include `clientId`, `clientSecret`, `redirectUri`, and `state`.
+     *     Individual providers may introduce more options, as needed.
+     * @param array $collaborators An array of collaborators that may be used to
+     *     override this provider's default behavior. Collaborators include
+     *     `grantFactory`, `requestFactory`, `httpClient`, and `randomFactory`.
+     *     Individual providers may introduce more collaborators, as needed.
+     */
+    public function __construct(array $options = [], array $collaborators = [])
+    {
+        if (isset($options['encryptionKeyPath'])) {
+            $this->setEncryptionKeyPath($options['encryptionKeyPath']);
+            unset($options['encryptionKeyPath']);
+        }
+
+        if (isset($options['version'])) {
+            $this->setVersion($options['version']);
+        }
+
+        parent::__construct($options, $collaborators);
+    }
+
+    /**
+     * Attempts to decrypt the given response.
+     *
+     * @param  string|array|null $response
+     *
+     * @return string|array|null
+     */
+    public function decryptResponse($response)
+    {
+        if (!is_string($response)) {
+            return $response;
+        }
+
+        if ($this->usesEncryption()) {
+            return json_decode(
+                json_encode(
+                    JWT::decode(
+                        $response,
+                        $this->encryptionKey,
+                        array($this->encryptionAlgorithm)
+                    )
+                ),
+                true
+            );
+        }
+
+        throw EncryptionConfigurationException::undeterminedEncryption();
+    }
+
+    /**
+     * Get authorization url to begin OAuth flow
+     *
+     * @return string
+     */
+    public function getBaseAuthorizationUrl()
+    {
+        return $this->getBaseUrlWithRealm().'/protocol/openid-connect/auth';
+    }
+
+    /**
+     * Get access token url to retrieve token
+     *
+     * @param  array $params
+     *
+     * @return string
+     */
+    public function getBaseAccessTokenUrl(array $params)
+    {
+        return $this->getBaseUrlWithRealm().'/protocol/openid-connect/token';
+    }
+
+    /**
+     * Get provider url to fetch user details
+     *
+     * @param  AccessToken $token
+     *
+     * @return string
+     */
+    public function getResourceOwnerDetailsUrl(AccessToken $token)
+    {
+        return $this->getBaseUrlWithRealm().'/protocol/openid-connect/userinfo';
+    }
+
+    /**
+     * Builds the logout URL.
+     *
+     * @param array $options
+     * @return string Authorization URL
+     */
+    public function getLogoutUrl(array $options = [])
+    {
+        $base = $this->getBaseLogoutUrl();
+        $params = $this->getAuthorizationParameters($options);
+
+        // Starting with keycloak 18.0.0, the parameter redirect_uri is no longer supported on logout.
+        // As of this version the parameter is called post_logout_redirect_uri. In addition to this
+        // a parameter id_token_hint has to be provided.
+        if ($this->validateGteVersion('18.0.0')) {
+            if (isset($options['access_token']) === true) {
+                $accessToken = $options['access_token'];
+
+                $params['id_token_hint'] = $accessToken->getValues()['id_token'];
+                $params['post_logout_redirect_uri'] = $params['redirect_uri'];
+            }
+
+            unset($params['redirect_uri']);
+        }
+
+        $query = $this->getAuthorizationQuery($params);
+        return $this->appendQuery($base, $query);
+    }
+
+    /**
+     * Get logout url to logout of session token
+     *
+     * @return string
+     */
+    private function getBaseLogoutUrl()
+    {
+        return $this->getBaseUrlWithRealm() . '/protocol/openid-connect/logout';
+    }
+
+    /**
+     * Creates base url from provider configuration.
+     *
+     * @return string
+     */
+    protected function getBaseUrlWithRealm()
+    {
+        return $this->authServerUrl.'/realms/'.$this->realm;
+    }
+
+    /**
+     * Get the default scopes used by this provider.
+     *
+     * This should not be a complete list of all scopes, but the minimum
+     * required for the provider user interface!
+     *
+     * @return string[]
+     */
+    protected function getDefaultScopes()
+    {
+        $scopes = [
+            'profile',
+            'email'
+        ];
+        if ($this->validateGteVersion('20.0.0')) {
+            $scopes[] = 'openid';
+        }
+        return $scopes;
+    }
+
+    /**
+     * Returns the string that should be used to separate scopes when building
+     * the URL for requesting an access token.
+     *
+     * @return string Scope separator, defaults to ','
+     */
+    protected function getScopeSeparator()
+    {
+        return ' ';
+    }
+
+
+    /**
+     * Check a provider response for errors.
+     *
+     * @throws IdentityProviderException
+     * @param  ResponseInterface $response
+     * @param  string $data Parsed response data
+     * @return void
+     */
+    protected function checkResponse(ResponseInterface $response, $data)
+    {
+        if (!empty($data['error'])) {
+            $error = $data['error'];
+            if (isset($data['error_description'])) {
+                $error.=': '.$data['error_description'];
+            }
+            throw new IdentityProviderException($error, 0, $data);
+        }
+    }
+
+    /**
+     * Generate a user object from a successful user details request.
+     *
+     * @param array $response
+     * @param AccessToken $token
+     * @return KeycloakResourceOwner
+     */
+    protected function createResourceOwner(array $response, AccessToken $token)
+    {
+        return new KeycloakResourceOwner($response);
+    }
+
+    /**
+     * Requests and returns the resource owner of given access token.
+     *
+     * @param  AccessToken $token
+     * @return KeycloakResourceOwner
+     * @throws EncryptionConfigurationException
+     */
+    public function getResourceOwner(AccessToken $token)
+    {
+        $response = $this->fetchResourceOwnerDetails($token);
+
+        // We are always getting an array. We have to check if it is
+        // the array we created
+        if (array_key_exists('jwt', $response)) {
+            $response = $response['jwt'];
+        }
+
+        $response = $this->decryptResponse($response);
+
+        return $this->createResourceOwner($response, $token);
+    }
+
+    /**
+     * Updates expected encryption algorithm of Keycloak instance.
+     *
+     * @param string  $encryptionAlgorithm
+     *
+     * @return Keycloak
+     */
+    public function setEncryptionAlgorithm($encryptionAlgorithm)
+    {
+        $this->encryptionAlgorithm = $encryptionAlgorithm;
+
+        return $this;
+    }
+
+    /**
+     * Updates expected encryption key of Keycloak instance.
+     *
+     * @param string  $encryptionKey
+     *
+     * @return Keycloak
+     */
+    public function setEncryptionKey($encryptionKey)
+    {
+        $this->encryptionKey = $encryptionKey;
+
+        return $this;
+    }
+
+    /**
+     * Updates expected encryption key of Keycloak instance to content of given
+     * file path.
+     *
+     * @param string  $encryptionKeyPath
+     *
+     * @return Keycloak
+     */
+    public function setEncryptionKeyPath($encryptionKeyPath)
+    {
+        try {
+            $this->encryptionKey = file_get_contents($encryptionKeyPath);
+        } catch (Exception $e) {
+            // Not sure how to handle this yet.
+        }
+
+        return $this;
+    }
+
+     /**
+      * Updates the keycloak version.
+      *
+      * @param string  $version
+      *
+      * @return Keycloak
+      */
+    public function setVersion($version)
+    {
+        $this->version = $version;
+
+        return $this;
+    }
+
+    /**
+     * Checks if provider is configured to use encryption.
+     *
+     * @return bool
+     */
+    public function usesEncryption()
+    {
+        return (bool) $this->encryptionAlgorithm && $this->encryptionKey;
+    }
+
+    /**
+     * Parses the response according to its content-type header.
+     *
+     * @throws UnexpectedValueException
+     * @param  ResponseInterface $response
+     * @return array
+     */
+    protected function parseResponse(ResponseInterface $response)
+    {
+        // We have a problem with keycloak when the userinfo responses
+        // with a jwt token
+        // Because it just return a jwt as string with the header
+        // application/jwt
+        // This can't be parsed to a array
+        // Dont know why this function only allow an array as return value...
+        $content = (string) $response->getBody();
+        $type = $this->getContentType($response);
+
+        if (strpos($type, 'jwt') !== false) {
+            // Here we make the temporary array
+            return ['jwt' => $content];
+        }
+
+        return parent::parseResponse($response);
+    }
+
+    /**
+     * Validate if version is greater or equal
+     *
+     * @param string $version
+     * @return bool
+     */
+    private function validateGteVersion($version)
+    {
+        return (isset($this->version) && version_compare($this->version, $version, '>='));
+    }
+}
diff --git a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/src/Provider/KeycloakResourceOwner.php b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/src/Provider/KeycloakResourceOwner.php
new file mode 100644
index 000000000..7587af783
--- /dev/null
+++ b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/src/Provider/KeycloakResourceOwner.php
@@ -0,0 +1,65 @@
+<?php
+
+namespace Stevenmaguire\OAuth2\Client\Provider;
+
+use League\OAuth2\Client\Provider\ResourceOwnerInterface;
+
+class KeycloakResourceOwner implements ResourceOwnerInterface
+{
+    /**
+     * Raw response
+     *
+     * @var array
+     */
+    protected $response;
+
+    /**
+     * Creates new resource owner.
+     *
+     * @param array  $response
+     */
+    public function __construct(array $response = array())
+    {
+        $this->response = $response;
+    }
+
+    /**
+     * Get resource owner id
+     *
+     * @return string|null
+     */
+    public function getId()
+    {
+        return \array_key_exists('sub', $this->response) ? $this->response['sub'] : null;
+    }
+
+    /**
+     * Get resource owner email
+     *
+     * @return string|null
+     */
+    public function getEmail()
+    {
+        return \array_key_exists('email', $this->response) ? $this->response['email'] : null;
+    }
+
+    /**
+     * Get resource owner name
+     *
+     * @return string|null
+     */
+    public function getName()
+    {
+        return \array_key_exists('name', $this->response) ? $this->response['name'] : null;
+    }
+
+    /**
+     * Return all of the owner details available as an array.
+     *
+     * @return array
+     */
+    public function toArray()
+    {
+        return $this->response;
+    }
+}
diff --git a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/test/src/Provider/KeycloakTest.php b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/test/src/Provider/KeycloakTest.php
new file mode 100644
index 000000000..01f6b62dd
--- /dev/null
+++ b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/test/src/Provider/KeycloakTest.php
@@ -0,0 +1,306 @@
+<?php
+
+namespace
+{
+    $mockFileGetContents = null;
+}
+
+namespace Stevenmaguire\OAuth2\Client\Provider
+{
+    function file_get_contents()
+    {
+        global $mockFileGetContents;
+        if (isset($mockFileGetContents) && ! is_null($mockFileGetContents)) {
+            if (is_a($mockFileGetContents, 'Exception')) {
+                throw $mockFileGetContents;
+            }
+            return $mockFileGetContents;
+        } else {
+            return call_user_func_array('\file_get_contents', func_get_args());
+        }
+    }
+}
+
+namespace Stevenmaguire\OAuth2\Client\Test\Provider
+{
+    use League\OAuth2\Client\Tool\QueryBuilderTrait;
+    use Mockery as m;
+
+    class KeycloakTest extends \PHPUnit_Framework_TestCase
+    {
+        use QueryBuilderTrait;
+
+        protected $provider;
+
+        protected function setUp()
+        {
+            $this->provider = new \Stevenmaguire\OAuth2\Client\Provider\Keycloak([
+                'authServerUrl' => 'http://mock.url/auth',
+                'realm' => 'mock_realm',
+                'clientId' => 'mock_client_id',
+                'clientSecret' => 'mock_secret',
+                'redirectUri' => 'none',
+            ]);
+        }
+
+        public function tearDown()
+        {
+            m::close();
+            parent::tearDown();
+        }
+
+        public function testAuthorizationUrl()
+        {
+            $url = $this->provider->getAuthorizationUrl();
+            $uri = parse_url($url);
+            parse_str($uri['query'], $query);
+
+            $this->assertArrayHasKey('client_id', $query);
+            $this->assertArrayHasKey('redirect_uri', $query);
+            $this->assertArrayHasKey('state', $query);
+            $this->assertArrayHasKey('scope', $query);
+            $this->assertArrayHasKey('response_type', $query);
+            $this->assertArrayHasKey('approval_prompt', $query);
+            $this->assertNotNull($this->provider->getState());
+        }
+
+        public function testEncryptionAlgorithm()
+        {
+            $algorithm = uniqid();
+            $provider = new \Stevenmaguire\OAuth2\Client\Provider\Keycloak([
+                'encryptionAlgorithm' => $algorithm,
+            ]);
+
+            $this->assertEquals($algorithm, $provider->encryptionAlgorithm);
+
+            $algorithm = uniqid();
+            $provider->setEncryptionAlgorithm($algorithm);
+
+            $this->assertEquals($algorithm, $provider->encryptionAlgorithm);
+        }
+
+        public function testEncryptionKey()
+        {
+            $key = uniqid();
+            $provider = new \Stevenmaguire\OAuth2\Client\Provider\Keycloak([
+                'encryptionKey' => $key,
+            ]);
+
+            $this->assertEquals($key, $provider->encryptionKey);
+
+            $key = uniqid();
+            $provider->setEncryptionKey($key);
+
+            $this->assertEquals($key, $provider->encryptionKey);
+        }
+
+        public function testEncryptionKeyPath()
+        {
+            global $mockFileGetContents;
+            $path = uniqid();
+            $key = uniqid();
+            $mockFileGetContents = $key;
+
+            $provider = new \Stevenmaguire\OAuth2\Client\Provider\Keycloak([
+                'encryptionKeyPath' => $path,
+            ]);
+
+            $this->assertEquals($key, $provider->encryptionKey);
+
+            $path = uniqid();
+            $key = uniqid();
+            $mockFileGetContents = $key;
+
+            $provider->setEncryptionKeyPath($path);
+
+            $this->assertEquals($key, $provider->encryptionKey);
+        }
+
+        public function testEncryptionKeyPathFails()
+        {
+            global $mockFileGetContents;
+            $path = uniqid();
+            $key = uniqid();
+            $mockFileGetContents = new \Exception();
+
+            $provider = new \Stevenmaguire\OAuth2\Client\Provider\Keycloak([
+                'encryptionKeyPath' => $path,
+            ]);
+
+            $provider->setEncryptionKeyPath($path);
+        }
+
+        public function testScopes()
+        {
+            $scopeSeparator = ' ';
+            $options = ['scope' => [uniqid(), uniqid()]];
+            $query = ['scope' => implode($scopeSeparator, $options['scope'])];
+            $url = $this->provider->getAuthorizationUrl($options);
+            $encodedScope = $this->buildQueryString($query);
+            $this->assertContains($encodedScope, $url);
+        }
+
+        public function testGetAuthorizationUrl()
+        {
+            $url = $this->provider->getAuthorizationUrl();
+            $uri = parse_url($url);
+
+            $this->assertEquals('/auth/realms/mock_realm/protocol/openid-connect/auth', $uri['path']);
+        }
+
+        public function testGetLogoutUrl()
+        {
+            $url = $this->provider->getLogoutUrl();
+            $uri = parse_url($url);
+
+            $this->assertEquals('/auth/realms/mock_realm/protocol/openid-connect/logout', $uri['path']);
+        }
+
+        public function testGetBaseAccessTokenUrl()
+        {
+            $params = [];
+
+            $url = $this->provider->getBaseAccessTokenUrl($params);
+            $uri = parse_url($url);
+
+            $this->assertEquals('/auth/realms/mock_realm/protocol/openid-connect/token', $uri['path']);
+        }
+
+        public function testGetAccessToken()
+        {
+            $response = m::mock('Psr\Http\Message\ResponseInterface');
+            $response->shouldReceive('getBody')->andReturn('{"access_token":"mock_access_token", "scope":"email", "token_type":"bearer"}');
+            $response->shouldReceive('getHeader')->andReturn(['content-type' => 'json']);
+
+            $client = m::mock('GuzzleHttp\ClientInterface');
+            $client->shouldReceive('send')->times(1)->andReturn($response);
+            $this->provider->setHttpClient($client);
+
+            $token = $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']);
+
+            $this->assertEquals('mock_access_token', $token->getToken());
+            $this->assertNull($token->getExpires());
+            $this->assertNull($token->getRefreshToken());
+            $this->assertNull($token->getResourceOwnerId());
+        }
+
+        public function testUserData()
+        {
+            $userId = rand(1000,9999);
+            $name = uniqid();
+            $nickname = uniqid();
+            $email = uniqid();
+
+            $postResponse = m::mock('Psr\Http\Message\ResponseInterface');
+            $postResponse->shouldReceive('getBody')->andReturn('access_token=mock_access_token&expires=3600&refresh_token=mock_refresh_token&otherKey={1234}');
+            $postResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'application/x-www-form-urlencoded']);
+
+            $userResponse = m::mock('Psr\Http\Message\ResponseInterface');
+            $userResponse->shouldReceive('getBody')->andReturn('{"sub": '.$userId.', "name": "'.$name.'", "email": "'.$email.'"}');
+            $userResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'json']);
+
+            $client = m::mock('GuzzleHttp\ClientInterface');
+            $client->shouldReceive('send')
+                ->times(2)
+                ->andReturn($postResponse, $userResponse);
+            $this->provider->setHttpClient($client);
+
+            $token = $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']);
+            $user = $this->provider->getResourceOwner($token);
+
+            $this->assertEquals($userId, $user->getId());
+            $this->assertEquals($userId, $user->toArray()['sub']);
+            $this->assertEquals($name, $user->getName());
+            $this->assertEquals($name, $user->toArray()['name']);
+            $this->assertEquals($email, $user->getEmail());
+            $this->assertEquals($email, $user->toArray()['email']);
+        }
+
+        public function testUserDataWithEncryption()
+        {
+            $userId = rand(1000,9999);
+            $name = uniqid();
+            $nickname = uniqid();
+            $email = uniqid();
+            $jwt = uniqid();
+            $algorithm = uniqid();
+            $key = uniqid();
+
+            $postResponse = m::mock('Psr\Http\Message\ResponseInterface');
+            $postResponse->shouldReceive('getBody')->andReturn('access_token=mock_access_token&expires=3600&refresh_token=mock_refresh_token&otherKey={1234}');
+            $postResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'application/x-www-form-urlencoded']);
+            $postResponse->shouldReceive('getStatusCode')->andReturn(200);
+
+            $userResponse = m::mock('Psr\Http\Message\ResponseInterface');
+            $userResponse->shouldReceive('getBody')->andReturn($jwt);
+            $userResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'application/jwt']);
+            $userResponse->shouldReceive('getStatusCode')->andReturn(200);
+
+            $decoder = \Mockery::mock('overload:Firebase\JWT\JWT');
+            $decoder->shouldReceive('decode')->with($jwt, $key, [$algorithm])->andReturn([
+                'sub' => $userId,
+                'email' => $email,
+                'name' => $name,
+            ]);
+
+            $client = m::mock('GuzzleHttp\ClientInterface');
+            $client->shouldReceive('send')
+                ->times(2)
+                ->andReturn($postResponse, $userResponse);
+            $this->provider->setHttpClient($client);
+
+            $token = $this->provider->setEncryptionAlgorithm($algorithm)
+                ->setEncryptionKey($key)
+                ->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']);
+            $user = $this->provider->getResourceOwner($token);
+
+            $this->assertEquals($userId, $user->getId());
+            $this->assertEquals($userId, $user->toArray()['sub']);
+            $this->assertEquals($name, $user->getName());
+            $this->assertEquals($name, $user->toArray()['name']);
+            $this->assertEquals($email, $user->getEmail());
+            $this->assertEquals($email, $user->toArray()['email']);
+        }
+
+        /**
+         * @expectedException Stevenmaguire\OAuth2\Client\Provider\Exception\EncryptionConfigurationException
+         */
+        public function testUserDataFailsWhenEncryptionEncounteredAndNotConfigured()
+        {
+            $postResponse = m::mock('Psr\Http\Message\ResponseInterface');
+            $postResponse->shouldReceive('getBody')->andReturn('access_token=mock_access_token&expires=3600&refresh_token=mock_refresh_token&otherKey={1234}');
+            $postResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'application/x-www-form-urlencoded']);
+            $postResponse->shouldReceive('getStatusCode')->andReturn(200);
+
+            $userResponse = m::mock('Psr\Http\Message\ResponseInterface');
+            $userResponse->shouldReceive('getBody')->andReturn(uniqid());
+            $userResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'application/jwt']);
+            $userResponse->shouldReceive('getStatusCode')->andReturn(200);
+
+            $client = m::mock('GuzzleHttp\ClientInterface');
+            $client->shouldReceive('send')
+                ->times(2)
+                ->andReturn($postResponse, $userResponse);
+            $this->provider->setHttpClient($client);
+
+            $token = $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']);
+            $user = $this->provider->getResourceOwner($token);
+        }
+
+        /**
+         * @expectedException League\OAuth2\Client\Provider\Exception\IdentityProviderException
+         */
+        public function testErrorResponse()
+        {
+            $response = m::mock('Psr\Http\Message\ResponseInterface');
+            $response->shouldReceive('getBody')->andReturn('{"error": "invalid_grant", "error_description": "Code not found"}');
+            $response->shouldReceive('getHeader')->andReturn(['content-type' => 'json']);
+
+            $client = m::mock('GuzzleHttp\ClientInterface');
+            $client->shouldReceive('send')->times(1)->andReturn($response);
+            $this->provider->setHttpClient($client);
+
+            $token = $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']);
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/symfony/deprecation-contracts/CHANGELOG.md b/data/web/inc/lib/vendor/symfony/deprecation-contracts/CHANGELOG.md
new file mode 100644
index 000000000..7932e2613
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/deprecation-contracts/CHANGELOG.md
@@ -0,0 +1,5 @@
+CHANGELOG
+=========
+
+The changelog is maintained for all Symfony contracts at the following URL:
+https://github.com/symfony/contracts/blob/main/CHANGELOG.md
diff --git a/data/web/inc/lib/vendor/symfony/deprecation-contracts/LICENSE b/data/web/inc/lib/vendor/symfony/deprecation-contracts/LICENSE
new file mode 100644
index 000000000..0ed3a2465
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/deprecation-contracts/LICENSE
@@ -0,0 +1,19 @@
+Copyright (c) 2020-present Fabien Potencier
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is furnished
+to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/data/web/inc/lib/vendor/symfony/deprecation-contracts/README.md b/data/web/inc/lib/vendor/symfony/deprecation-contracts/README.md
new file mode 100644
index 000000000..9814864c0
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/deprecation-contracts/README.md
@@ -0,0 +1,26 @@
+Symfony Deprecation Contracts
+=============================
+
+A generic function and convention to trigger deprecation notices.
+
+This package provides a single global function named `trigger_deprecation()` that triggers silenced deprecation notices.
+
+By using a custom PHP error handler such as the one provided by the Symfony ErrorHandler component,
+the triggered deprecations can be caught and logged for later discovery, both on dev and prod environments.
+
+The function requires at least 3 arguments:
+ - the name of the Composer package that is triggering the deprecation
+ - the version of the package that introduced the deprecation
+ - the message of the deprecation
+ - more arguments can be provided: they will be inserted in the message using `printf()` formatting
+
+Example:
+```php
+trigger_deprecation('symfony/blockchain', '8.9', 'Using "%s" is deprecated, use "%s" instead.', 'bitcoin', 'fabcoin');
+```
+
+This will generate the following message:
+`Since symfony/blockchain 8.9: Using "bitcoin" is deprecated, use "fabcoin" instead.`
+
+While not recommended, the deprecation notices can be completely ignored by declaring an empty
+`function trigger_deprecation() {}` in your application.
diff --git a/data/web/inc/lib/vendor/symfony/deprecation-contracts/composer.json b/data/web/inc/lib/vendor/symfony/deprecation-contracts/composer.json
new file mode 100644
index 000000000..774200fdc
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/deprecation-contracts/composer.json
@@ -0,0 +1,35 @@
+{
+    "name": "symfony/deprecation-contracts",
+    "type": "library",
+    "description": "A generic function and convention to trigger deprecation notices",
+    "homepage": "https://symfony.com",
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Nicolas Grekas",
+            "email": "p@tchwork.com"
+        },
+        {
+            "name": "Symfony Community",
+            "homepage": "https://symfony.com/contributors"
+        }
+    ],
+    "require": {
+        "php": ">=8.1"
+    },
+    "autoload": {
+        "files": [
+            "function.php"
+        ]
+    },
+    "minimum-stability": "dev",
+    "extra": {
+        "branch-alias": {
+            "dev-main": "3.3-dev"
+        },
+        "thanks": {
+            "name": "symfony/contracts",
+            "url": "https://github.com/symfony/contracts"
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/symfony/deprecation-contracts/function.php b/data/web/inc/lib/vendor/symfony/deprecation-contracts/function.php
new file mode 100644
index 000000000..2d56512ba
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/deprecation-contracts/function.php
@@ -0,0 +1,27 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+if (!function_exists('trigger_deprecation')) {
+    /**
+     * Triggers a silenced deprecation notice.
+     *
+     * @param string $package The name of the Composer package that is triggering the deprecation
+     * @param string $version The version of the package that introduced the deprecation
+     * @param string $message The message of the deprecation
+     * @param mixed  ...$args Values to insert in the message using printf() formatting
+     *
+     * @author Nicolas Grekas <p@tchwork.com>
+     */
+    function trigger_deprecation(string $package, string $version, string $message, mixed ...$args): void
+    {
+        @trigger_error(($package || $version ? "Since $package $version: " : '').($args ? vsprintf($message, $args) : $message), \E_USER_DEPRECATED);
+    }
+}

From 67c9c5b8ed3280a45df996e89c4b1bd7b0150003 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 13 Mar 2023 09:04:05 +0100
Subject: [PATCH 044/755] [Web] remove u2f lib from prerequisites

---
 data/web/inc/prerequisites.inc.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php
index eac35be77..d0ed31091 100644
--- a/data/web/inc/prerequisites.inc.php
+++ b/data/web/inc/prerequisites.inc.php
@@ -46,9 +46,7 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/lib/CSSminifierExtended.php';
 
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/lib/array_merge_real.php';
 
-// U2F API + T/HOTP API
-// u2f - deprecated, should be removed
-$u2f = new u2flib_server\U2F('https://' . $_SERVER['HTTP_HOST']);
+// T/HOTP API
 $qrprovider = new RobThree\Auth\Providers\Qr\QRServerProvider();
 $tfa = new RobThree\Auth\TwoFactorAuth($OTP_LABEL, 6, 30, 'sha1', $qrprovider);
 

From 6e9980bf0f8b16420cc884e12889b074c7b8bc79 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 14 Mar 2023 14:10:46 +0100
Subject: [PATCH 045/755] [Web] add manage identity provider

---
 data/web/admin.php                            |   3 +
 data/web/inc/footer.inc.php                   |   2 +
 data/web/inc/functions.inc.php                | 109 +++++++++++++-----
 data/web/inc/init_db.inc.php                  |   2 +-
 data/web/js/build/013-mailcow.js              |  11 ++
 data/web/js/site/admin.js                     |  34 ++++++
 data/web/js/site/mailbox.js                   |  40 ++++++-
 data/web/json_api.php                         |  13 +++
 data/web/lang/lang.en-gb.json                 |  16 +++
 data/web/templates/admin.twig                 |   4 +-
 .../admin/tab-config-identity-provider.twig   |  95 +++++++++++++++
 .../admin/tab-config-identity-providers.twig  |  58 ----------
 data/web/templates/base.twig                  |   2 +
 .../web/templates/edit/mailbox-templates.twig |   9 ++
 data/web/templates/edit/mailbox.twig          |   4 +-
 data/web/templates/index.twig                 |  19 ++-
 data/web/templates/modals/mailbox.twig        |  61 ++++++----
 17 files changed, 364 insertions(+), 118 deletions(-)
 create mode 100644 data/web/templates/admin/tab-config-identity-provider.twig
 delete mode 100644 data/web/templates/admin/tab-config-identity-providers.twig

diff --git a/data/web/admin.php b/data/web/admin.php
index 278ab61b8..1ffb76fb4 100644
--- a/data/web/admin.php
+++ b/data/web/admin.php
@@ -88,6 +88,8 @@ $cors_settings['allowed_methods'] = explode(", ", $cors_settings['allowed_method
 $f2b_data = fail2ban('get');
 // identity provider
 $identity_provider_settings = identity_provider('get');
+// mbox templates
+$mbox_templates = mailbox('get', 'mailbox_templates');
 
 $template = 'admin.twig';
 $template_data = [
@@ -120,6 +122,7 @@ $template_data = [
   'cors_settings' => $cors_settings,
   'is_https' => isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on',
   'identity_provider_settings' => $identity_provider_settings,
+  'mbox_templates' => $mbox_templates,
   'lang_admin' => json_encode($lang['admin']),
   'lang_datatables' => json_encode($lang['datatables'])
 ];
diff --git a/data/web/inc/footer.inc.php b/data/web/inc/footer.inc.php
index 61d81dffa..8c50c9c15 100644
--- a/data/web/inc/footer.inc.php
+++ b/data/web/inc/footer.inc.php
@@ -65,6 +65,8 @@ $globalVariables = [
   'lang_acl' => json_encode($lang['acl']),
   'lang_tfa' => json_encode($lang['tfa']),
   'lang_fido2' => json_encode($lang['fido2']),
+  'lang_success' => json_encode($lang['success']),
+  'lang_danger' => json_encode($lang['danger']),
   'docker_timeout' => $DOCKER_TIMEOUT,
   'session_lifetime' => (int)$SESSION_LIFETIME,
   'csrf_token' => $_SESSION['CSRF']['TOKEN'],
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 793e3e6b1..0a1edcff3 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2071,7 +2071,6 @@ function identity_provider($_action, $_data = null) {
 function identity_provider($_action, $_data = null, $hide_secret = false) {
   global $pdo;
 
-
   switch ($_action) {
     case 'get':
       $settings = array();
@@ -2079,12 +2078,19 @@ function identity_provider($_action, $_data = null, $hide_secret = false) {
       $stmt->execute();
       $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
       foreach($rows as $row){
-        $settings[$row["key"]] = $row["value"];
+        if ($row["key"] == 'roles'){
+          $settings['roles'] = json_decode($row["value"]);
+        } else if ($row["key"] == 'templates'){
+          $settings['templates'] = json_decode($row["value"]);
+        } else {
+          $settings[$row["key"]] = $row["value"];
+        }
       }
       if ($hide_secret){
-        $settings['client_secret'] = '***********************';
+        $settings['client_secret'] = '';
       }
       return $settings;
+    break;
     case 'edit':
       if ($_SESSION['mailcow_cc_role'] != "admin") {
         $_SESSION['return'][] = array(
@@ -2094,36 +2100,24 @@ function identity_provider($_action, $_data = null, $hide_secret = false) {
         );
         return false;
       }
-
+      $data_log = $_data;
+      $data_log['client_secret'] = '*';
+      $stmt = $pdo->prepare("INSERT INTO identity_provider (`key`, `value`) VALUES (:key, :value) ON DUPLICATE KEY UPDATE `value` = VALUES(`value`);");
+      
+      // add connection settings      
       $required_settings = array('server_url', 'authsource', 'realm', 'client_id', 'client_secret', 'redirect_url', 'version');
       foreach($required_settings as $setting){
         if (!$_data[$setting]){
+          $_SESSION['return'][] =  array(
+            'type' => 'danger',
+            'log' => array(__FUNCTION__, $_action, $data_log),
+            'msg' => 'required_data_missing'
+          );
           return false;
         }
       }
-      try {
-        $_SESSION['return'][] =  array(
-          'type' => 'success',
-          'log' => array(__FUNCTION__, $_action, $_data),
-          'msg' => '2'
-        );
-        $stmt = $pdo->prepare("INSERT INTO identity_provider (`key`, `value`) VALUES (:key, :value) ON DUPLICATE KEY UPDATE `value` = VALUES(`value`);");
-        $_SESSION['return'][] =  array(
-          'type' => 'success',
-          'log' => array(__FUNCTION__, $_action, $_data),
-          'msg' => '3'
-        );
-      } catch (Exception $e){
-        $_SESSION['return'][] =  array(
-          'type' => 'success',
-          'log' => array(__FUNCTION__, $_action, $_data, $e->getMessage()),
-          'msg' => 'post'
-        );
-        return;
-      }
-
       foreach($_data as $key => $value){
-        if (!in_array($key, $required_settings)){
+        if (!in_array($key, $required_settings) || $key == 'roles' || $key == 'templates'){
           continue;
         }
 
@@ -2131,8 +2125,71 @@ function identity_provider($_action, $_data = null, $hide_secret = false) {
         $stmt->bindParam(':value', $value);
         $stmt->execute();
       }
+
+      // add role mappings
+      if ($_data['roles'] && $_data['templates']){
+        if (!is_array($_data['roles'])){
+          $_data['roles'] = array($_data['roles']);
+        }
+        if (!is_array($_data['templates'])){
+          $_data['templates'] = array($_data['templates']);
+        }
+        $roles = array();
+        $templates = array();
+        foreach($_data['roles'] as $role){
+          if ($role){
+            array_push($roles, $role);
+          }
+        }
+        foreach($_data['templates'] as $template){
+          if ($template){
+            array_push($templates, $template);
+          }
+        }
+        if (count($roles) == count($templates)){
+          $roles = json_encode($roles);
+          $templates = json_encode($templates);
+
+          $stmt = $pdo->prepare("INSERT INTO identity_provider (`key`, `value`) VALUES ('roles', :value) ON DUPLICATE KEY UPDATE `value` = VALUES(`value`);");
+          $stmt->bindParam(':value', $roles);
+          $stmt->execute();
+          $stmt = $pdo->prepare("INSERT INTO identity_provider (`key`, `value`) VALUES ('templates', :value) ON DUPLICATE KEY UPDATE `value` = VALUES(`value`);");
+          $stmt->bindParam(':value', $templates);
+          $stmt->execute();
+        }
+      }
+
+      $_SESSION['return'][] =  array(
+        'type' => 'success',
+        'log' => array(__FUNCTION__, $_action, $data_log),
+        'msg' => array('object_modified', '')
+      );
       return true;
     break;
+    case 'test':  
+      $identity_provider_settings = identity_provider('get');
+      $url = "{$identity_provider_settings['server_url']}/realms/{$identity_provider_settings['realm']}/protocol/openid-connect/token";
+      $req = http_build_query(array(
+        'grant_type'    => 'password',
+        'client_id'     => $identity_provider_settings['client_id'],
+        'client_secret' => $identity_provider_settings['client_secret'],
+        'username'      => "test",
+        'password'      => "test",
+      ));
+      $curl = curl_init();
+      curl_setopt($curl, CURLOPT_URL, $url);
+      curl_setopt($curl, CURLOPT_POST, 1);
+      curl_setopt($curl, CURLOPT_POSTFIELDS, $req);
+      curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
+      curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
+      $res = json_decode(curl_exec($curl), true);
+      curl_close ($curl);
+
+      if ($res["error"] && $res["error"] === 'invalid_grant'){
+        return true;
+      }
+      return false;
+    break;
   }
 }
 
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 5cfb1cd62..3de3dec9b 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -571,7 +571,7 @@ function init_db_schema() {
       "identity_provider" => array(
         "cols" => array(
           "key" => "VARCHAR(255) NOT NULL",
-          "value" => "VARCHAR(255) NOT NULL",
+          "value" => "TEXT NOT NULL",
           "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
           "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP"
         ),
diff --git a/data/web/js/build/013-mailcow.js b/data/web/js/build/013-mailcow.js
index f3ecbb904..f09098310 100644
--- a/data/web/js/build/013-mailcow.js
+++ b/data/web/js/build/013-mailcow.js
@@ -352,6 +352,17 @@ $(document).ready(function() {
       localStorage.setItem('theme', 'dark');
     }
   }
+
+  // Reveal Password Input
+  $(".reveal-password-input").on('click', '.toggle-password', function() {
+    $(this).parent().find('.toggle-password').children().toggleClass("bi-eye bi-eye-slash");
+    var input = $(this).parent().find('.password-field')
+    if (input.attr("type") === "password") {
+      input.attr("type", "text");
+    } else {
+      input.attr("type", "password");
+    }
+  });
 });
 
 
diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index dd6dcce4b..708cb0be0 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -749,4 +749,38 @@ jQuery(function($){
   $('#add_f2b_regex_row').click(function() {
     add_table_row($('#f2b_regex_table'), "f2b_regex");
   });
+  // IAM test connection
+  $('#iam_test_connection').click(async function(e){
+    e.preventDefault();
+    var res = await fetch("/api/v1/get/status/identity-provider", { method:'GET', cache:'no-cache' });
+    res = await res.json();
+    console.log(res);
+    if (res.type === 'success'){
+      return mailcow_alert_box(lang_success.iam_test_connection, 'success');
+    }
+    return mailcow_alert_box(lang_danger.iam_test_connection, 'danger');
+  });
+  $('#iam_rolemap_add').click(async function(e){
+    e.preventDefault();
+
+    var parent = $(this).parent().parent();
+    $(parent).children().last().clone().appendTo(parent);
+    var newChild = $(parent).children().last();
+    $(newChild).find('input').val('');
+    $(newChild).find('.dropdown-toggle').remove();
+    $(newChild).find('.dropdown-menu').remove();
+    $(newChild).find('.bs-title-option').remove();
+    $(newChild).find('select').selectpicker('destroy');
+    $(newChild).find('select').selectpicker();
+
+    $('.iam_rolemap_del').off('click');
+    $('.iam_rolemap_del').click(async function(e){
+      e.preventDefault();
+      $(this).parent().remove();
+    });
+  });
+  $('.iam_rolemap_del').click(async function(e){
+    e.preventDefault();
+    $(this).parent().remove();
+  });
 });
diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index cc316b713..6fbcc3e3f 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -162,6 +162,17 @@ $(document).ready(function() {
       }
     });
   });
+  // @selecting identity provider mbox_add_modal
+  $('#mbox_add_iam').on('change', function(){
+    // toggle password fields
+    if (this.value === 'mailcow'){
+      $('#mbox_add_pwds').removeClass('d-none');
+      $('#mbox_add_pwds').find('.form-control').prop('required', true);
+    } else {
+      $('#mbox_add_pwds').addClass('d-none');
+      $('#mbox_add_pwds').find('.form-control').prop('required', false);
+    }
+  });
   // Sieve data modal
   $('#sieveDataModal').on('show.bs.modal', function(e) {
     var sieveScript = $(e.relatedTarget).data('sieve-script');
@@ -269,6 +280,15 @@ $(document).ready(function() {
   }
   function setMailboxTemplateData(template){
     $("#addInputQuota").val(template.quota / 1048576);
+    $('#mbox_add_iam').selectpicker('val', template.authsource);
+    // toggle password fields
+    if (template.authsource === 'mailcow'){
+      $('#mbox_add_pwds').removeClass('d-none');
+      $('#mbox_add_pwds').find('.form-control').prop('required', true);
+    } else {
+      $('#mbox_add_pwds').addClass('d-none');
+      $('#mbox_add_pwds').find('.form-control').prop('required', false);
+    }
 
     if (template.quarantine_notification === "never"){
       $('#quarantine_notification_never').prop('checked', true);
@@ -1035,7 +1055,16 @@ jQuery(function($){
           title: lang.domain,
           data: 'domain',
           defaultContent: '',
-          className: 'none'
+          className: 'none',
+        },
+        {
+          title: lang.iam,
+          data: 'authsource',
+          defaultContent: '',
+          className: 'none',
+          render: function (data, type) {
+            return '<span class="badge bg-primary">' + data + '<i class="ms-2 bi bi-person-circle"></i></i></span>';
+          }
         },
         {
           title: lang.tls_enforce_in,
@@ -1263,6 +1292,15 @@ jQuery(function($){
           data: 'attributes.quota',
           defaultContent: '',
         },
+        {
+          title: lang.iam,
+          data: 'attributes.authsource',
+          defaultContent: '',
+          render: function (data, type) {
+            data = data ? '<span class="badge bg-primary">' + data + '<i class="ms-2 bi bi-person-circle"></i></i></span>' : '<i class="bi bi-x-lg"></i>';
+            return data;
+          }
+        },
         {
           title: lang.tls_enforce_in,
           data: 'attributes.tls_enforce_in',
diff --git a/data/web/json_api.php b/data/web/json_api.php
index 769775cee..52ca8b715 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -1702,6 +1702,19 @@ if (isset($_GET['query'])) {
                     'version' => $GLOBALS['MAILCOW_GIT_VERSION']
                   ));
                 break;
+                case "identity-provider":
+                  if (identity_provider('test')){
+                    echo json_encode(array(
+                      'type' => 'success',
+                      'msg' => 'connection successfull'
+                    ));
+                  } else {
+                    echo json_encode(array(
+                      'type' => 'error',
+                      'msg' => 'connection failed'
+                    ));
+                  }
+                break;
               }
             }
           break;
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 851b98aa1..436a9b370 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -211,6 +211,17 @@
         "help_text": "Override help text below login mask (HTML allowed)",
         "host": "Host",
         "html": "HTML",
+        "iam": "Identity Provider",
+        "iam_client_id": "Client Id",
+        "iam_client_secret": "Client Secret",
+        "iam_description": "Here, you can configure the integration with an external Keycloak service. The Keycloak user's mailboxes will be automatically created upon their first login, provided that a role mapping has been set.",
+        "iam_realm": "Realm",
+        "iam_redirect_url": "Redirect Url",
+        "iam_rolemapping": "Role Mapping",
+        "iam_server_url": "Server Url",
+        "iam_sso": "SSO",
+        "iam_test_connection": "Test Connection",
+        "iam_version": "Version",
         "import": "Import",
         "import_private_key": "Import private key",
         "in_use_by": "In use by",
@@ -395,6 +406,8 @@
         "goto_empty": "An alias address must contain at least one valid goto address",
         "goto_invalid": "Goto address %s is invalid",
         "ham_learn_error": "Ham learn error: %s",
+        "iam_invalid_sso": "SSO login failed",
+        "iam_test_connection": "Connection failed",
         "imagick_exception": "Error: Imagick exception while reading image",
         "img_dimensions_exceeded": "Image exceeds the maximum image size",
         "img_invalid": "Cannot validate image file",
@@ -449,6 +462,7 @@
         "redis_error": "Redis error: %s",
         "relayhost_invalid": "Map entry %s is invalid",
         "release_send_failed": "Message could not be released: %s",
+        "required_data_missing": "Required data is missing",
         "reset_f2b_regex": "Regex filter could not be reset in time, please try again or wait a few more seconds and reload the website.",
         "resource_invalid": "Resource name %s is invalid",
         "rl_timeframe": "Rate limit time frame is incorrect",
@@ -825,6 +839,7 @@
         "goto_ham": "Learn as <b>ham</b>",
         "goto_spam": "Learn as <b>spam</b>",
         "hourly": "Hourly",
+        "iam": "Identity Provider",
         "in_use": "In use (%)",
         "inactive": "Inactive",
         "insert_preset": "Insert example preset \"%s\"",
@@ -1060,6 +1075,7 @@
         "forwarding_host_removed": "Forwarding host %s has been removed",
         "global_filter_written": "Filter was successfully written to file",
         "hash_deleted": "Hash deleted",
+        "iam_test_connection": "Connection successfull",
         "ip_check_opt_in_modified": "IP check was saved successfully",
         "item_deleted": "Item %s successfully deleted",
         "item_released": "Item %s released",
diff --git a/data/web/templates/admin.twig b/data/web/templates/admin.twig
index 53fdeadc1..792c0bca0 100644
--- a/data/web/templates/admin.twig
+++ b/data/web/templates/admin.twig
@@ -7,7 +7,7 @@
       <a class="nav-link dropdown-toggle active" data-bs-toggle="dropdown" href="#" role="button" aria-expanded="false">{{ lang.admin.access }}</a>
       <ul class="dropdown-menu">
         <li><button class="dropdown-item active" data-bs-target="#tab-config-admins" aria-selected="false" aria-controls="tab-config-admins" role="tab" data-bs-toggle="tab">{{ lang.admin.admins }}</button></li>
-        <li><button class="dropdown-item" data-bs-target="#tab-config-identity-providers" aria-selected="false" aria-controls="tab-config-identity-providers" role="tab" data-bs-toggle="tab">Identity Providers</button></li>
+        <li><button class="dropdown-item" data-bs-target="#tab-config-identity-provider" aria-selected="false" aria-controls="tab-config-identity-provider" role="tab" data-bs-toggle="tab">Identity Provider</button></li>
         <!-- <li><button class="dropdown-item" data-bs-target="#tab-config-ldap-admins" aria-controls="tab-config-ldap-admins" role="tab" data-bs-toggle="tab">{{ lang.admin.admins_ldap }}</button></li> -->
         <li><button class="dropdown-item" data-bs-target="#tab-config-oauth2" aria-selected="false" aria-controls="tab-config-oauth2" role="tab" data-bs-toggle="tab">{{ lang.admin.oauth2_apps }}</button></li>
         <li><button class="dropdown-item" data-bs-target="#tab-config-rspamd" aria-selected="false" aria-controls="tab-config-rspamd" role="tab" data-bs-toggle="tab">Rspamd UI</button></li>
@@ -41,7 +41,7 @@
     <div class="col-md-12">
       <div class="tab-content" style="padding-top:20px">
         {% include 'admin/tab-config-admins.twig' %}
-        {% include 'admin/tab-config-identity-providers.twig' %}
+        {% include 'admin/tab-config-identity-provider.twig' %}
         {# {% include 'admin/tab-ldap.twig' %} #}
         {% include 'admin/tab-config-oauth2.twig' %}
         {% include 'admin/tab-config-rspamd.twig' %}
diff --git a/data/web/templates/admin/tab-config-identity-provider.twig b/data/web/templates/admin/tab-config-identity-provider.twig
new file mode 100644
index 000000000..600b336a3
--- /dev/null
+++ b/data/web/templates/admin/tab-config-identity-provider.twig
@@ -0,0 +1,95 @@
+<div role="tabpanel" class="tab-pane fade" id="tab-config-identity-provider" role="tabpanel" aria-labelledby="tab-config-identity-provider">
+  <div class="card mb-4">
+    <div class="card-header d-flex fs-5">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-identity-provider" data-bs-toggle="collapse" aria-controls="collapse-tab-config-identity-provider">
+        {{ lang.admin.iam }}
+      </button>
+      <span class="d-none d-md-block">{{ lang.admin.iam }}</span>
+    </div>
+    <div id="collapse-tab-config-identity-provider" class="card-body collapse" data-bs-parent="#admin-content">
+      <p class="offset-sm-3 mb-4">{{ lang.admin.iam_description }}</p>
+      <form class="form-horizontal" autocapitalize="none" data-id="iam_sso" autocorrect="off" role="form" method="post">
+        <input type="hidden" name="authsource" value="keycloak">
+        <div class="row mb-2">
+          <label class="control-label col-sm-3 text-sm-end" for="iam_url">{{ lang.admin.iam_server_url }}:</label>
+          <div class="col-sm-4">
+            <input type="text" class="form-control" id="iam_server_url" name="server_url" value="{{ identity_provider_settings.server_url }}" required>
+          </div>
+        </div>
+        <div class="row mb-2">
+          <label class="control-label col-sm-3 text-sm-end" for="iam_realm">{{ lang.admin.iam_realm }}:</label>
+          <div class="col-sm-4">
+            <input type="text" class="form-control" id="iam_realm" name="realm" value="{{ identity_provider_settings.realm }}" required>
+          </div>
+        </div>
+        <div class="row mb-2">
+          <label class="control-label col-sm-3 text-sm-end" for="iam_client_id">{{ lang.admin.iam_client_id }}:</label>
+          <div class="col-sm-4">
+            <input type="text" class="form-control" id="iam_client_id" name="client_id" value="{{ identity_provider_settings.client_id }}" required>
+          </div>
+        </div>
+        <div class="row mb-2">
+          <label class="control-label col-sm-3 text-sm-end" for="iam_client_secret">{{ lang.admin.iam_client_secret }}:</label>
+          <div class="col-sm-4">
+            <div class="reveal-password-input input-group">
+              <input type="password" class="password-field form-control" id="iam_client_secret" name="client_secret" value="{{ identity_provider_settings.client_secret }}" required>
+              <button class="toggle-password btn btn-secondary" type="button"><i class="bi bi-eye"></i></button>
+            </div>
+          </div>
+        </div>
+        <div class="row mb-2">
+          <label class="control-label col-sm-3 text-sm-end" for="iam_redirect_url">{{ lang.admin.iam_redirect_url }}:</label>
+          <div class="col-sm-4">
+            <input type="text" class="form-control" id="iam_redirect_url" name="redirect_url" value="{{ identity_provider_settings.redirect_url }}" required>
+          </div>
+        </div>
+        <div class="row mb-4">
+          <label class="control-label col-sm-3 text-sm-end" for="iam_version">{{ lang.admin.iam_version }}:</label>
+          <div class="col-sm-4">
+            <input type="text" class="form-control" id="iam_version" name="version" value="{{ identity_provider_settings.version }}" required>
+          </div>
+        </div>
+        <div class="row mb-2">
+          <label class="control-label col-sm-3 text-sm-end" for="iam_version">{{ lang.admin.iam_rolemapping }}:</label>
+          <div class="col-4 d-flex mb-2">
+            <span class="w-100 me-2">Role</span>
+            <span class="w-100 ms-2">Template</span>
+            <button id="iam_rolemap_add" class="btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-plus-lg"></i></button>
+          </div>
+          {% for key, role in identity_provider_settings.roles %}
+          <div class="offset-sm-3 col-4 d-flex mb-2">
+            <input type="text" class="form-control me-2" name="roles" value="{{ identity_provider_settings.roles[key] }}">
+            <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}">
+            {% for mbox_template in mbox_templates %}
+              <option{% if mbox_template.template == identity_provider_settings.templates[key] %} selected{% endif %}>
+                {{ mbox_template.template }}
+              </option>
+            {% endfor %}
+            </select>
+            <button class="iam_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-x-lg"></i></button>
+          </div>
+          {% endfor %}
+          <div class="offset-sm-3 col-4 d-flex mb-2">
+            <input type="text" class="form-control me-2" name="roles" value="">
+            <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}">
+            {% for mbox_template in mbox_templates %}
+              <option>
+                {{ mbox_template.template }}
+              </option>
+            {% endfor %}
+            </select>
+            <button class="iam_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-x-lg"></i></button>
+          </div>
+        </div>
+        <div class="row mt-4 mb-2">
+          <div class="offset-sm-3 col-sm-9">
+            <div class="btn-group">   
+              <button id="iam_test_connection" class="btn btn-sm d-block d-sm-inline btn-secondary"><i class="bi bi-play"></i> {{ lang.admin.iam_test_connection }}</button>
+              <button class="btn btn-sm d-block d-sm-inline btn-success" data-item="iam_sso" data-action="edit_selected" data-id="iam_sso" data-api-url='edit/identity_provider' data-api-attr='{}' href="#"><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
+            </div>
+          </div>
+        </div>
+      </form>
+    </div>
+  </div>
+</div>
diff --git a/data/web/templates/admin/tab-config-identity-providers.twig b/data/web/templates/admin/tab-config-identity-providers.twig
deleted file mode 100644
index c81978db9..000000000
--- a/data/web/templates/admin/tab-config-identity-providers.twig
+++ /dev/null
@@ -1,58 +0,0 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-config-identity-providers" role="tabpanel" aria-labelledby="tab-config-identity-providers">
-  <div class="card mb-4">
-    <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-identity-providers" data-bs-toggle="collapse" aria-controls="collapse-tab-config-identity-providers">
-        {{ lang.admin.oauth2_apps }}
-      </button>
-      <span class="d-none d-md-block">{{ lang.admin.oauth2_apps }}</span>
-    </div>
-    <div id="collapse-tab-config-identity-providers" class="card-body collapse" data-bs-parent="#admin-content">
-      <form class="form-horizontal" autocapitalize="none" data-id="keycloak_sso" autocorrect="off" role="form" method="post">
-        <input type="hidden" name="authsource" value="keycloak">
-        <div class="row mb-2">
-          <label class="control-label col-sm-3 text-sm-end" for="keycloak_url">Server URL:</label>
-          <div class="col-sm-4">
-            <input type="text" class="form-control" id="keycloak_url" name="server_url" value="{{ identity_provider_settings.server_url }}" required>
-          </div>
-        </div>
-        <div class="row mb-2">
-          <label class="control-label col-sm-3 text-sm-end" for="keycloak_realm">Realm:</label>
-          <div class="col-sm-4">
-            <input type="text" class="form-control" id="keycloak_realm" name="realm" value="{{ identity_provider_settings.realm }}" required>
-          </div>
-        </div>
-        <div class="row mb-2">
-          <label class="control-label col-sm-3 text-sm-end" for="keycloak_client_id">Client Id:</label>
-          <div class="col-sm-4">
-            <input type="text" class="form-control" id="keycloak_client_id" name="client_id" value="{{ identity_provider_settings.client_id }}" required>
-          </div>
-        </div>
-        <div class="row mb-2">
-          <label class="control-label col-sm-3 text-sm-end" for="keycloak_client_secret">Client Secret:</label>
-          <div class="col-sm-4">
-            <input type="text" class="form-control" id="keycloak_client_secret" name="client_secret" value="{{ identity_provider_settings.client_secret }}" required>
-          </div>
-        </div>
-        <div class="row mb-2">
-          <label class="control-label col-sm-3 text-sm-end" for="keycloak_redirect_url">Redirect Url:</label>
-          <div class="col-sm-4">
-            <input type="text" class="form-control" id="keycloak_redirect_url" name="redirect_url" value="{{ identity_provider_settings.redirect_url }}" required>
-          </div>
-        </div>
-        <div class="row mb-2">
-          <label class="control-label col-sm-3 text-sm-end" for="keycloak_version">Keycloak Version:</label>
-          <div class="col-sm-4">
-            <input type="text" class="form-control" id="keycloak_version" name="version" value="{{ identity_provider_settings.version }}" required>
-          </div>
-        </div>
-        <div class="row mt-4 mb-2">
-          <div class="offset-sm-3 col-sm-9">
-            <div class="btn-group">
-              <button class="btn btn-sm d-block d-sm-inline btn-success" data-item="keycloak_sso" data-action="edit_selected" data-id="keycloak_sso" data-api-url='edit/identity_provider' data-api-attr='{}' href="#"><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
-            </div>
-          </div>
-        </div>
-      </form>
-    </div>
-  </div>
-</div>
diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig
index 1c027138c..29b3cc23a 100644
--- a/data/web/templates/base.twig
+++ b/data/web/templates/base.twig
@@ -153,6 +153,8 @@
   var lang_acl = {{ lang_acl|raw }};
   var lang_tfa = {{ lang_tfa|raw }};
   var lang_fido2 = {{ lang_fido2|raw }};
+  var lang_success = {{ lang_success|raw }};
+  var lang_danger = {{ lang_danger|raw }};
   var docker_timeout = {{ docker_timeout|raw }} * 1000;
   var mailcow_cc_role = '{{ mailcow_cc_role }}';
   var last_login = '{{ last_login }}';
diff --git a/data/web/templates/edit/mailbox-templates.twig b/data/web/templates/edit/mailbox-templates.twig
index f606bd452..c83a15dd7 100644
--- a/data/web/templates/edit/mailbox-templates.twig
+++ b/data/web/templates/edit/mailbox-templates.twig
@@ -19,6 +19,15 @@
         </div>
       </div>
     </div>
+    <div class="row mb-2">
+      <label class="control-label col-sm-2" for="authsource">{{ lang.admin.iam }}</label>
+      <div class="col-sm-10">
+        <select class="full-width-select" data-live-search="true" id="mbox_template_iam" name="authsource" required>
+          <option {% if template.attributes.authsource == 'mailcow' %}selected{% endif %}>mailcow</option>
+          <option {% if template.attributes.authsource == 'keycloak' %}selected{% endif %}>keycloak</option>
+        </select>
+      </div>
+    </div>
     <div class="row mb-2">
       <label class="control-label col-sm-2">{{ lang.add.tags }}</label>
       <div class="col-sm-10">
diff --git a/data/web/templates/edit/mailbox.twig b/data/web/templates/edit/mailbox.twig
index 52b4096cc..d2275cdd2 100644
--- a/data/web/templates/edit/mailbox.twig
+++ b/data/web/templates/edit/mailbox.twig
@@ -26,9 +26,9 @@
                   <input type="hidden" value="0" name="sogo_access">
                   <input type="hidden" value="0" name="protocol_access">      
                   <div class="row mb-2">
-                    <label class="control-label col-sm-2">{{ lang.edit.full_name }}</label>
+                    <label class="control-label col-sm-2">{{ lang.admin.iam }}</label>
                     <div class="col-sm-10">
-                      <span>{{ result.authsource }}</span>
+                      <h4><span class="badge bg-primary">{{ result.authsource }}<i class="ms-2 bi bi-person-circle"></i></i></span></h4>
                     </div>
                   </div>
                   <div class="row mb-2">
diff --git a/data/web/templates/index.twig b/data/web/templates/index.twig
index 420bd5318..35e53b828 100644
--- a/data/web/templates/index.twig
+++ b/data/web/templates/index.twig
@@ -26,6 +26,13 @@
         <div class="my-4 alert alert-info ">{{ lang.login.mobileconfig_info }}</div>
         {% endif %}
         <form method="post" autofill="off">
+          {% if invalid_keycloak_sso %}
+          <div class="d-flex mt-3 w-100">
+            <div class="alert alert-danger w-100" role="alert">
+              {{ lang.danger.iam_invalid_sso}}
+            </div>
+          </div>
+          {% endif %}
           <div class="d-flex mt-3">
             <label class="visually-hidden" for="login_user">{{ lang.login.username }}</label>
             <div class="input-group">
@@ -40,10 +47,16 @@
               <input name="pass_user" type="password" id="pass_user" class="form-control" placeholder="{{ lang.login.password }}" required="" autocomplete="current-password">
             </div>
           </div>
-          <div class="d-flex justify-content-between mt-4" style="position: relative">
-            <div class="d-grid gap-2 d-sm-block">
+          <div class="d-flex mt-4" style="position: relative">
+            <div class="btn-group">
               <button type="submit" class="btn btn-xs-lg btn-success" value="Login">{{ lang.login.login }}</button>
-              <button type="button" class="btn btn-xs-lg btn-success" id="fido2-login"><i class="bi bi-shield-fill-check"></i> {{ lang.login.fido2_webauthn }}</button>
+              <button type="button" class="btn btn-xs-lg btn-success dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false"></button>
+              <ul class="dropdown-menu">
+                <li><a class="dropdown-item" href="#" id="fido2-login"><i class="bi bi-shield-fill-check"></i> {{ lang.login.fido2_webauthn }}</a></li>
+                {% if has_keycloak_sso %}
+                <li><a class="dropdown-item" href="/?keycloak_sso=1"><i class="bi bi-cloud-arrow-up-fill"></i> {{ lang.admin.iam_sso }}</a></li>
+                {% endif %}
+              </ul>
             </div>
             {% if not oauth2_request %}
             <div class="d-grid d-sm-block">
diff --git a/data/web/templates/modals/mailbox.twig b/data/web/templates/modals/mailbox.twig
index 5d6ea535b..e0b4f02b6 100644
--- a/data/web/templates/modals/mailbox.twig
+++ b/data/web/templates/modals/mailbox.twig
@@ -12,6 +12,12 @@
           <input type="hidden" value="0" name="sogo_access">
           <input type="hidden" value="0" name="protocol_access">
 
+          <div class="row mb-2">
+            <label class="control-label col-sm-2 text-sm-end text-sm-end" for="name">{{ lang.add.full_name }}</label>
+            <div class="col-sm-10">
+              <input type="text" class="form-control" name="name">
+            </div>
+          </div>
           <div class="row mb-2">
             <label class="control-label col-sm-2 text-sm-end text-sm-end" for="local_part">{{ lang.add.mailbox_username }}</label>
             <div class="col-sm-10">
@@ -28,38 +34,34 @@
               </select>
             </div>
           </div>
-          <div class="row mb-2">
-            <label class="control-label col-sm-2 text-sm-end text-sm-end" for="authsource">{{ lang.add.domain }}</label>
+          <div class="row mb-4">
+            <label class="control-label col-sm-2 text-sm-end text-sm-end" for="description">{{ lang.mailbox.template }}</label>
             <div class="col-sm-10">
-              <select class="full-width-select" data-live-search="true" id="addAuthsource" name="authsource" required>
+              <select data-live-search="true" id="mailbox_templates" class="form-control" title="{{ lang.mailbox.template }}">
+              </select>
+            </div>
+          </div>
+          <div class="row mb-2">
+            <label class="control-label col-sm-2 text-sm-end text-sm-end" for="authsource">{{ lang.admin.iam }}</label>
+            <div class="col-sm-10">
+              <select class="full-width-select" data-live-search="true" id="mbox_add_iam" name="authsource" required>
                 <option selected>mailcow</option>
                 <option>keycloak</option>
               </select>
             </div>
           </div>
-          <div class="row mb-4">
-            <label class="control-label col-sm-2 text-sm-end text-sm-end" for="name">{{ lang.add.full_name }}</label>
-            <div class="col-sm-10">
-              <input type="text" class="form-control" name="name">
+          <div id="mbox_add_pwds">
+            <div class="row mb-2">
+              <label class="control-label col-sm-2 text-sm-end text-sm-end" for="password">{{ lang.add.password }} (<a href="#" class="generate_password">{{ lang.add.generate }}</a>)</label>
+              <div class="col-sm-10">
+                <input type="password" data-pwgen-field="true" data-hibp="true" class="form-control" name="password" placeholder="" autocomplete="new-password" required>
+              </div>
             </div>
-          </div>
-          <div class="row mb-2">
-            <label class="control-label col-sm-2 text-sm-end text-sm-end" for="password">{{ lang.add.password }} (<a href="#" class="generate_password">{{ lang.add.generate }}</a>)</label>
-            <div class="col-sm-10">
-              <input type="password" data-pwgen-field="true" data-hibp="true" class="form-control" name="password" placeholder="" autocomplete="new-password" required>
-            </div>
-          </div>
-          <div class="row mb-4">
-            <label class="control-label col-sm-2 text-sm-end text-sm-end" for="password2">{{ lang.add.password_repeat }}</label>
-            <div class="col-sm-10">
-              <input type="password" data-pwgen-field="true" class="form-control" name="password2" placeholder="" autocomplete="new-password" required>
-            </div>
-          </div>
-          <div class="row mb-2">
-            <label class="control-label col-sm-2 text-sm-end text-sm-end" for="description">{{ lang.mailbox.template }}</label>
-            <div class="col-sm-10">
-              <select data-live-search="true" id="mailbox_templates" class="form-control" title="{{ lang.mailbox.template }}">
-              </select>
+            <div class="row mb-4">
+              <label class="control-label col-sm-2 text-sm-end text-sm-end" for="password2">{{ lang.add.password_repeat }}</label>
+              <div class="col-sm-10">
+                <input type="password" data-pwgen-field="true" class="form-control" name="password2" placeholder="" autocomplete="new-password" required>
+              </div>
             </div>
           </div>
           <div class="row mb-2">
@@ -234,6 +236,15 @@
               </div>
             </div>
           </div>
+          <div class="row mb-2">
+            <label class="control-label col-sm-2 text-sm-end text-sm-end" for="authsource">{{ lang.admin.iam }}</label>
+            <div class="col-sm-10">
+              <select class="full-width-select" data-live-search="true" id="mbox_template_iam" name="authsource">
+                <option selected>mailcow</option>
+                <option>keycloak</option>
+              </select>
+            </div>
+          </div>
           <div class="row mb-2">
             <label class="control-label col-sm-2 text-sm-end text-sm-end">{{ lang.add.tags }}</label>
             <div class="col-sm-10">

From eba1d469c88914ea6d7b223fe12bbddb847581c6 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 14 Mar 2023 14:30:32 +0100
Subject: [PATCH 046/755] [Web] keycloak auth functions

---
 data/web/inc/functions.auth.inc.php    | 291 ++++++++++++++++++++++++-
 data/web/inc/functions.mailbox.inc.php |   8 +-
 data/web/inc/triggers.inc.php          |  32 +++
 data/web/index.php                     |   2 +
 4 files changed, 326 insertions(+), 7 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 3f4f2f3b7..6a8a1dda7 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -1,4 +1,14 @@
 <?php
+function unset_auth_session(){
+  unset($_SESSION['keycloak_token']);
+  unset($_SESSION['keycloak_refresh_token']);
+  unset($_SESSION['mailcow_cc_username']);
+  unset($_SESSION['mailcow_cc_role']);
+  unset($_SESSION['oauth2state']);
+  unset($_SESSION['pending_mailcow_cc_username']);
+  unset($_SESSION['pending_mailcow_cc_role']);
+  unset($_SESSION['pending_tfa_methods']);
+}
 function check_login($user, $pass, $app_passwd_data = false) {
   global $pdo;
   global $redis;
@@ -40,7 +50,13 @@ function check_login($user, $pass, $app_passwd_data = false) {
         AND `username` = :user");
   $stmt->execute(array(':user' => $user));
   $row = $stmt->fetch(PDO::FETCH_ASSOC);
-  if ($row['authsource'] == 'keycloak'){
+  if (!$row){
+    // mbox does not exist, call keycloak login and create mbox if possible
+    $result = keycloak_mbox_login($user, $pass, $is_dovecot, true);
+    if ($result){
+      return $result;
+    }
+  } else if ($row['authsource'] == 'keycloak'){
     $result = keycloak_mbox_login($user, $pass, $is_dovecot);
     if ($result){
       return $result;
@@ -123,13 +139,13 @@ function mailcow_mbox_login($user, $pass, $app_passwd_data = false, $is_internal
     // fetch password data
     $stmt = $pdo->prepare($app_passwd_query);
     $stmt->execute(array(':user' => $user));
-    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+    $rows = array_merge($rows, $stmt->fetchAll(PDO::FETCH_ASSOC));
   }
 
   foreach ($rows as $row) { 
     // verify password
     if (verify_hash($row['password'], $pass) !== false) {
-      if (!$is_app_passwd){ 
+      if (!array_key_exists("app_passwd_id", $row)){ 
         // password is not a app password
         // check for tfa authenticators
         $authenticators = get_tfa($user);
@@ -152,12 +168,14 @@ function mailcow_mbox_login($user, $pass, $app_passwd_data = false, $is_internal
             // Reactivate TFA if it was set to "deactivate TFA for next login"
             $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
             $stmt->execute(array(':user' => $user));
+            if (!$is_internal){
               // skip log
               $_SESSION['return'][] =  array(
                 'type' => 'success',
                 'log' => array(__FUNCTION__, $user, '*'),
                 'msg' => array('logged_in_as', $user)
               );
+            }
           }
           return "user";
         }
@@ -183,6 +201,52 @@ function mailcow_mbox_login($user, $pass, $app_passwd_data = false, $is_internal
     }
   }
 
+  foreach ($rows as $row) { 
+    // verify password
+    if (verify_hash($row['password'], $pass) !== false) {
+      if (!array_key_exists("app_passwd_id", $row)){ 
+        // password is not a app password
+        // check for tfa authenticators
+        $authenticators = get_tfa($user);
+        if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 &&
+            $app_passwd_data['eas'] !== true && $app_passwd_data['dav'] !== true) {
+          // authenticators found, init TFA flow
+          $_SESSION['pending_mailcow_cc_username'] = $user;
+          $_SESSION['pending_mailcow_cc_role'] = "user";
+          $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
+          unset($_SESSION['ldelay']);
+          $_SESSION['return'][] =  array(
+            'type' => 'success',
+            'log' => array(__FUNCTION__, $user, '*'),
+            'msg' => array('logged_in_as', $user)
+          );
+          return "pending";
+        } else if (!isset($authenticators['additional']) || !is_array($authenticators['additional']) || count($authenticators['additional']) == 0) {
+          // no authenticators found, login successfull
+          // Reactivate TFA if it was set to "deactivate TFA for next login"
+          $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
+          $stmt->execute(array(':user' => $user));
+
+          unset($_SESSION['ldelay']);
+          return "user";
+        }
+      } elseif ($app_passwd_data['eas'] === true || $app_passwd_data['dav'] === true) {
+        // password is a app password
+        $service = ($app_passwd_data['eas'] === true) ? 'EAS' : 'DAV';
+        $stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES (:service, :app_id, :username, :remote_addr)");
+        $stmt->execute(array(
+          ':service' => $service,
+          ':app_id' => $row['app_passwd_id'],
+          ':username' => $user,
+          ':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'])
+        ));
+
+        unset($_SESSION['ldelay']);
+        return "user";
+      }
+    }
+  }
+
   return false;
 }
 function mailcow_domainadmin_login($user, $pass){
@@ -273,6 +337,223 @@ function mailcow_admin_login($user, $pass){
   return false;
 }
 
-function keycloak_mbox_login($user, $pass, $is_internal = false){
-  return false;
+function keycloak_mbox_login($user, $pass, $is_internal = false, $create = false){
+  global $pdo;
+
+  $identity_provider_settings = identity_provider('get');
+  $url = "{$identity_provider_settings['server_url']}/realms/{$identity_provider_settings['realm']}/protocol/openid-connect/token";
+  $req = http_build_query(array(
+    'grant_type'    => 'password',
+    'client_id'     => $identity_provider_settings['client_id'],
+    'client_secret' => $identity_provider_settings['client_secret'],
+    'username'      => $user,
+    'password'      => $pass,
+  ));
+  $curl = curl_init();
+  curl_setopt($curl, CURLOPT_URL, $url);
+  curl_setopt($curl, CURLOPT_POST, 1);
+  curl_setopt($curl, CURLOPT_POSTFIELDS, $req);
+  curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
+  curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
+  $res = json_decode(curl_exec($curl), true);
+  $code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
+  curl_close ($curl);
+
+  if ($code == 200) {
+    // decode jwt
+    $user_data = json_decode(base64_decode(str_replace('_', '/', str_replace('-','+',explode('.', $res['access_token'])[1]))), true);
+    if ($user != $user_data['email']){
+      // check if $user is email address, only accept email address as username
+      return false;
+    }
+    if ($create && !empty($identity_provider_settings['roles'])){
+      // try to create mbox on successfull login
+      $user_roles = $user_data['realm_access']['roles'];
+      $mbox_template = null;
+      // check if matching rolemapping exist
+      foreach ($user_roles as $index => $role){
+        if (in_array($role, $identity_provider_settings['roles'])) {
+          $mbox_template = $identity_provider_settings['templates'][$index];
+          break;
+        }
+      }
+      if ($mbox_template){
+        $stmt = $pdo->prepare("SELECT * FROM `templates` 
+        WHERE `template` = :template AND type = 'mailbox'");
+        $stmt->execute(array(
+          ":template" => $mbox_template
+        ));
+        $mbox_template_data = $stmt->fetch(PDO::FETCH_ASSOC);
+
+        if (!empty($mbox_template_data)){
+          $mbox_template_data = json_decode($mbox_template_data["attributes"], true);
+          $mbox_template_data['domain'] = explode('@', $user)[1];
+          $mbox_template_data['local_part'] = explode('@', $user)[0];
+          $mbox_template_data['authsource'] = 'keycloak';
+          $_SESSION['iam_create_login'] = true;
+          $create_res = mailbox('add', 'mailbox', $mbox_template_data);
+          $_SESSION['iam_create_login'] = false;
+          if (!$create_res){
+            return false;
+          }
+        }
+      }
+    }
+
+    $_SESSION['return'][] =  array(
+      'type' => 'success',
+      'log' => array(__FUNCTION__, $user, '*'),
+      'msg' => array('logged_in_as', $user)
+    );
+    return 'user';
+  } else {
+    return false;
+  }
+}
+function keycloak_verify_token(){
+  global $keycloak_provider;
+  global $pdo;
+
+  try {
+    $token = $keycloak_provider->getAccessToken('authorization_code', ['code' => $_GET['code']]);
+  } catch (Exception $e) {
+    $_SESSION['return'][] =  array(
+      'type' => 'danger',
+      'log' => array(__FUNCTION__),
+      'msg' => array('login_failed', $e->getMessage())
+    );
+    die($e->getMessage() . " - " . $_GET['code'] . " - " . $_SESSION['oauth2state']);
+    return false;
+  }
+  
+  $login = false;
+  $_SESSION['keycloak_token'] = $token->getToken();
+  $_SESSION['keycloak_refresh_token'] = $token->getRefreshToken();
+  // decode jwt data
+  $info = json_decode(base64_decode(str_replace('_', '/', str_replace('-','+',explode('.', $token->getToken())[1]))), true);
+  if (in_array("mailbox", $info['realm_access']['roles']) && $info['email']){
+    // token valid, get mailbox
+    $stmt = $pdo->prepare("SELECT * FROM `mailbox`
+      INNER JOIN domain on mailbox.domain = domain.domain
+      WHERE `kind` NOT REGEXP 'location|thing|group'
+        AND `mailbox`.`active`='1'
+        AND `domain`.`active`='1'
+        AND `username` = :user
+        AND `authsource`='keycloak'");
+    $stmt->execute(array(':user' => $info['email']));
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);
+
+    if ($row){
+      $_SESSION['mailcow_cc_username'] = $info['email'];
+      $_SESSION['mailcow_cc_role'] = "user";
+      $login = true;
+    } else {
+      $identity_provider_settings = identity_provider('get');
+      if (!empty($identity_provider_settings['roles'])){
+        // try to create mbox on successfull login
+        $user_roles = $info['realm_access']['roles'];
+        $mbox_template = null;
+        // check if matching rolemapping exist
+        foreach ($user_roles as $index => $role){
+          if (in_array($role, $identity_provider_settings['roles'])) {
+            $mbox_template = $identity_provider_settings['templates'][$index];
+            break;
+          }
+        }
+        if ($mbox_template){
+          $stmt = $pdo->prepare("SELECT * FROM `templates` 
+          WHERE `template` = :template AND type = 'mailbox'");
+          $stmt->execute(array(
+            ":template" => $mbox_template
+          ));
+          $mbox_template_data = $stmt->fetch(PDO::FETCH_ASSOC);
+
+          if (!empty($mbox_template_data)){
+            $mbox_template_data = json_decode($mbox_template_data["attributes"], true);
+            $mbox_template_data['domain'] = explode('@', $info['email'])[1];
+            $mbox_template_data['local_part'] = explode('@', $info['email'])[0];
+            $mbox_template_data['authsource'] = 'keycloak';
+            $_SESSION['iam_create_login'] = true;
+            $create_res = mailbox('add', 'mailbox', $mbox_template_data);
+            $_SESSION['iam_create_login'] = false;
+            if ($create_res){
+              $_SESSION['mailcow_cc_username'] = $info['email'];
+              $_SESSION['mailcow_cc_role'] = "user";
+              $login = true;
+            }
+          }
+        }
+      }
+    }
+  } 
+
+  if ($login){
+    $_SESSION['return'][] =  array(
+      'type' => 'success',
+      'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
+      'msg' => array('logged_in_as', $_SESSION['mailcow_cc_username'])
+    );
+  } else {
+    unset_auth_session();  
+    $_SESSION['return'][] =  array(
+      'type' => 'danger',
+      'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
+      'msg' => 'login_failed'
+    );
+  }
+  return $login;
+}
+function keycloak_refresh(){
+  global $keycloak_provider;
+
+  try {
+    $token = $keycloak_provider->getAccessToken('refresh_token', ['refresh_token' => $_SESSION['keycloak_refresh_token']]);
+  } catch (Exception $e) {
+    $_SESSION['return'][] =  array(
+      'type' => 'danger',
+      'log' => array(__FUNCTION__),
+      'msg' => array('login_failed', $e->getMessage())
+    );
+    return false;
+  }
+
+
+  $refresh = false;
+  $_SESSION['keycloak_token'] = $token->getToken();
+  $_SESSION['keycloak_refresh_token'] = $token->getRefreshToken();
+  // decode jwt data
+  $info = json_decode(base64_decode(str_replace('_', '/', str_replace('-','+',explode('.', $_SESSION['keycloak_token'])[1]))), true);
+  if (in_array("mailbox",  $info['realm_access']['roles']) && $info['email']){
+    $_SESSION['mailcow_cc_username'] = $info['email'];
+
+    $_SESSION['mailcow_cc_role'] = "user";
+    $refresh = true;
+  } 
+
+  if (!$refresh){
+    unset_auth_session();  
+    $_SESSION['return'][] =  array(
+      'type' => 'danger',
+      'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
+      'msg' => 'refresh_login_failed'
+    );
+  }
+
+  return $refresh;
+}
+function keycloak_get_redirect(){
+  global $keycloak_provider;
+
+  $authUrl = $keycloak_provider->getAuthorizationUrl();
+  $_SESSION['oauth2state'] = $keycloak_provider->getState();
+
+  return $authUrl;
+}
+function keycloak_get_logout(){
+  global $keycloak_provider;
+
+  $logoutUrl = $keycloak_provider->getLogoutUrl();
+  $logoutUrl = $logoutUrl . "&post_logout_redirect_uri=https://" . $_SERVER['SERVER_NAME'];
+
+  return $logoutUrl;
 }
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index a38094022..c93cbfac0 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1044,7 +1044,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             $password2 = '';
             $password_hashed = '';
           }
-          if ((!isset($_SESSION['acl']['unlimited_quota']) || $_SESSION['acl']['unlimited_quota'] != "1") && $quota_m === 0) {
+          if (!$_SESSION['iam_create_login'] && ((!isset($_SESSION['acl']['unlimited_quota']) || $_SESSION['acl']['unlimited_quota'] != "1") && $quota_m === 0)) {
             $_SESSION['return'][] = array(
               'type' => 'danger',
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -1098,7 +1098,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             );
             return false;
           }
-          if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+          if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain) && !$_SESSION['iam_create_login']) {
             $_SESSION['return'][] = array(
               'type' => 'danger',
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -1547,7 +1547,9 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
 
           // check attributes
+          $authsources = array('mailcow', 'keycloak');
           $attr = array();
+          $attr["authsource"]                  = (isset($_data['authsource']) && in_array($_data['authsource'], $authsources)) ? $_data['authsource'] : 'mailcow';
           $attr["quota"]                       = isset($_data['quota']) ? intval($_data['quota']) * 1048576 : 0;
           $attr['tags']                        = (isset($_data['tags'])) ? $_data['tags'] : array();
           $attr["quarantine_notification"]     = (!empty($_data['quarantine_notification'])) ? $_data['quarantine_notification'] : strval($MAILBOX_DEFAULT_ATTRIBUTES['quarantine_notification']);
@@ -3235,7 +3237,9 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               $_data["template"]                   = (isset($_data["template"])) ? $_data["template"] : $is_now["template"]; 
             }   
             // check attributes
+            $authsources = array('mailcow', 'keycloak');
             $attr = array();
+            $attr["authsource"]                  = (isset($_data['authsource']) && in_array($_data['authsource'], $authsources)) ? $_data['authsource'] : $is_now['authsource'];
             $attr["quota"]                       = isset($_data['quota']) ? intval($_data['quota']) * 1048576 : 0;
             $attr['tags']                        = (isset($_data['tags'])) ? $_data['tags'] : $is_now['tags'];
             $attr["quarantine_notification"]     = (!empty($_data['quarantine_notification'])) ? $_data['quarantine_notification'] : $is_now['quarantine_notification'];
diff --git a/data/web/inc/triggers.inc.php b/data/web/inc/triggers.inc.php
index 6922429b8..50722a797 100644
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -1,4 +1,36 @@
 <?php
+// handle keycloak authentication
+if ($keycloak_provider){
+  if (isset($_GET['keycloak_sso'])){
+    // redirect to keycloak for sso
+    $redirect_uri = keycloak_get_redirect();
+    header('Location: ' . $redirect_uri);
+    die();
+  }
+  if ($_SESSION['keycloak_token'] && $_SESSION['keycloak_refresh_token']) {
+    // Session found, try to refresh
+    $isRefreshed = keycloak_refresh();
+
+    if (!$isRefreshed){
+      // Session could not be refreshed, clear and redirect to keycloak
+      unset_auth_session();
+      $redirect_uri = keycloak_get_redirect();
+      header('Location: ' . $redirect_uri);
+      die();
+    }
+  } elseif ($_GET['code'] && $_GET['state'] === $_SESSION['oauth2state']) {
+    // Check given state against previously stored one to mitigate CSRF attack
+    // Recieved access token in $_GET['code']
+    // extract info and verify user
+    $isValid = keycloak_verify_token();
+
+    if (!$isValid){
+      // Token could not be verified, redirect to keycloak
+      $_SESSION['invalid_keycloak_sso'] = true;
+    }
+  }
+}
+
 // SSO Domain Admin
 if (!empty($_GET['sso_token'])) {
   $username = domain_admin_sso('check', $_GET['sso_token']);
diff --git a/data/web/index.php b/data/web/index.php
index 05b3a7f47..05c50b01f 100644
--- a/data/web/index.php
+++ b/data/web/index.php
@@ -29,6 +29,8 @@ $template_data = [
   'oauth2_request' => @$_SESSION['oauth2_request'],
   'is_mobileconfig' => str_contains($_SESSION['index_query_string'], 'mobileconfig'),
   'login_delay' => @$_SESSION['ldelay'],
+  'has_keycloak_sso' => ($keycloak_provider) ? true : false,
+  'invalid_keycloak_sso' => $_SESSION['invalid_keycloak_sso']
 ];
 
 $js_minifier->add('/web/js/site/index.js');

From 13f88826165b8cf2c4e82e4596078039b5ccfa6a Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 14 Mar 2023 14:38:28 +0100
Subject: [PATCH 047/755] [Web] fix app_pass ignore_access

---
 data/web/inc/functions.auth.inc.php | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 6a8a1dda7..6a0cafa8b 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -133,7 +133,7 @@ function mailcow_mbox_login($user, $pass, $app_passwd_data = false, $is_internal
         AND `app_passwd`.`mailbox` = :user";
     // check if app password has protocol access
     // skip if $app_passwd_data['ignore_hasaccess'] is true and the call is not external
-    if (!$app_passwd_data['ignore_hasaccess'] || !$is_internal){
+    if (!$is_internal || ($is_internal && !$app_passwd_data['ignore_hasaccess'])){
       $app_passwd_query = $app_passwd_query . " AND `app_passwd`.`" . $is_app_passwd . "_access` = '1'";
     }
     // fetch password data
@@ -168,14 +168,11 @@ function mailcow_mbox_login($user, $pass, $app_passwd_data = false, $is_internal
             // Reactivate TFA if it was set to "deactivate TFA for next login"
             $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
             $stmt->execute(array(':user' => $user));
-            if (!$is_internal){
-              // skip log
-              $_SESSION['return'][] =  array(
-                'type' => 'success',
-                'log' => array(__FUNCTION__, $user, '*'),
-                'msg' => array('logged_in_as', $user)
-              );
-            }
+            $_SESSION['return'][] =  array(
+              'type' => 'success',
+              'log' => array(__FUNCTION__, $user, '*'),
+              'msg' => array('logged_in_as', $user)
+            );
           }
           return "user";
         }

From 204063819ccc4e04b6ab03018e194d1429d67da8 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 14 Mar 2023 18:30:18 +0100
Subject: [PATCH 048/755] [Web] fix broken sogo-sso

---
 data/web/inc/functions.mailbox.inc.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index c93cbfac0..f549785e7 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1327,7 +1327,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
             'msg' => array('mailbox_added', htmlspecialchars($username))
           );
-          return true;
         break;
         case 'resource':
           $domain             = idn_to_ascii(strtolower(trim($_data['domain'])), 0, INTL_IDNA_VARIANT_UTS46);
@@ -5568,4 +5567,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
   if ($_action != 'get' && in_array($_type, array('domain', 'alias', 'alias_domain', 'resource')) && getenv('SKIP_SOGO') != "y") {
     update_sogo_static_view();
   }
+  
+  return true;
 }

From f251c9826e72f32564cc2bfbc1c57fd1d63f05cd Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 14 Mar 2023 18:41:05 +0100
Subject: [PATCH 049/755] [Web] create ratelimit acl on iam mbox creation

---
 data/web/inc/functions.ratelimit.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/functions.ratelimit.inc.php b/data/web/inc/functions.ratelimit.inc.php
index f9e7a71a6..f311533fa 100644
--- a/data/web/inc/functions.ratelimit.inc.php
+++ b/data/web/inc/functions.ratelimit.inc.php
@@ -92,7 +92,7 @@ function ratelimit($_action, $_scope, $_data = null) {
               );
               continue;
             }
-            if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)
+            if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object) && !$_SESSION['iam_create_login']
               || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin')) {
               $_SESSION['return'][] = array(
                 'type' => 'danger',

From 1aeb36d40e2ed921bc0caaf33fd2c679b674363c Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 14 Mar 2023 18:49:57 +0100
Subject: [PATCH 050/755] [Web] create ratelimit acl on iam mbox creation 2

---
 data/web/inc/functions.ratelimit.inc.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/data/web/inc/functions.ratelimit.inc.php b/data/web/inc/functions.ratelimit.inc.php
index f311533fa..93840b5eb 100644
--- a/data/web/inc/functions.ratelimit.inc.php
+++ b/data/web/inc/functions.ratelimit.inc.php
@@ -4,7 +4,7 @@ function ratelimit($_action, $_scope, $_data = null) {
   $_data_log = $_data;
   switch ($_action) {
     case 'edit':
-      if (!isset($_SESSION['acl']['ratelimit']) || $_SESSION['acl']['ratelimit'] != "1" ) {
+      if ((!isset($_SESSION['acl']['ratelimit']) || $_SESSION['acl']['ratelimit'] != "1") && !$_SESSION['iam_create_login']) {
         $_SESSION['return'][] = array(
           'type' => 'danger',
           'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -92,8 +92,8 @@ function ratelimit($_action, $_scope, $_data = null) {
               );
               continue;
             }
-            if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object) && !$_SESSION['iam_create_login']
-              || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin')) {
+            if ((!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)
+              || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin')) && !$_SESSION['iam_create_login']) {
               $_SESSION['return'][] = array(
                 'type' => 'danger',
                 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

From 1c73a16ca085132e3b73a62222883c36d018d502 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 15 Mar 2023 16:19:30 +0100
Subject: [PATCH 051/755] new dovecout lua auth - use https

---
 data/Dockerfiles/dovecot/Dockerfile           | 1 +
 data/Dockerfiles/dovecot/docker-entrypoint.sh | 8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index a35589689..a9d4739cf 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -34,6 +34,7 @@ RUN addgroup -g 5000 vmail \
   icu-data-full \
   mariadb-connector-c \
   gcompat \
+  lua-sec \
   mariadb-client \
   perl \
   perl-ntlm \
diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index f146a8a01..be9dd4d44 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -136,8 +136,8 @@ function auth_password_verify(request, password)
 
   json = require "json"
   ltn12 = require "ltn12"
-  http = require "socket.http"
-  http.TIMEOUT = 5
+  https = require "ssl.https"
+  https.TIMEOUT = 5
   mysql = require "luasql.mysql"
   env  = mysql.mysql()
   con = env:connect("__DBNAME__","__DBUSER__","__DBPASS__","localhost")
@@ -150,7 +150,7 @@ function auth_password_verify(request, password)
   local res = {} 
   
   -- check against mailbox passwds
-  local b, c = http.request {
+  local b, c = https.request {
     method = "POST",
     url = "https://nginx/api/v1/process/login",
     source = ltn12.source.string(req_json),
@@ -181,7 +181,7 @@ function auth_password_verify(request, password)
       req.protocol.ignore_hasaccess = true
     end
 
-    local b, c = http.request {
+    local b, c = https.request {
       method = "POST",
       url = "https://nginx/api/v1/process/login",
       source = ltn12.source.string(req_json),

From b7a18255fe77a911bbdd929628c547357180df01 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 17 Mar 2023 13:14:36 +0100
Subject: [PATCH 052/755] [Web] rename role mapping to attribute mapping

---
 data/web/inc/functions.inc.php                | 30 +++++++++----------
 data/web/lang/lang.en-gb.json                 |  4 +--
 .../admin/tab-config-identity-provider.twig   | 10 +++----
 3 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 0a1edcff3..f64f150ad 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2078,8 +2078,8 @@ function identity_provider($_action, $_data = null, $hide_secret = false) {
       $stmt->execute();
       $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
       foreach($rows as $row){
-        if ($row["key"] == 'roles'){
-          $settings['roles'] = json_decode($row["value"]);
+        if ($row["key"] == 'mappers'){
+          $settings['mappers'] = json_decode($row["value"]);
         } else if ($row["key"] == 'templates'){
           $settings['templates'] = json_decode($row["value"]);
         } else {
@@ -2117,7 +2117,7 @@ function identity_provider($_action, $_data = null, $hide_secret = false) {
         }
       }
       foreach($_data as $key => $value){
-        if (!in_array($key, $required_settings) || $key == 'roles' || $key == 'templates'){
+        if (!in_array($key, $required_settings) || $key == 'mappers' || $key == 'templates'){
           continue;
         }
 
@@ -2126,19 +2126,19 @@ function identity_provider($_action, $_data = null, $hide_secret = false) {
         $stmt->execute();
       }
 
-      // add role mappings
-      if ($_data['roles'] && $_data['templates']){
-        if (!is_array($_data['roles'])){
-          $_data['roles'] = array($_data['roles']);
+      // add mappers
+      if ($_data['mappers'] && $_data['templates']){
+        if (!is_array($_data['mappers'])){
+          $_data['mappers'] = array($_data['mappers']);
         }
         if (!is_array($_data['templates'])){
           $_data['templates'] = array($_data['templates']);
         }
-        $roles = array();
+        $mappers = array();
         $templates = array();
-        foreach($_data['roles'] as $role){
-          if ($role){
-            array_push($roles, $role);
+        foreach($_data['mappers'] as $mapper){
+          if ($mapper){
+            array_push($mappers, $mapper);
           }
         }
         foreach($_data['templates'] as $template){
@@ -2146,12 +2146,12 @@ function identity_provider($_action, $_data = null, $hide_secret = false) {
             array_push($templates, $template);
           }
         }
-        if (count($roles) == count($templates)){
-          $roles = json_encode($roles);
+        if (count($mappers) == count($templates)){
+          $mappers = json_encode($mappers);
           $templates = json_encode($templates);
 
-          $stmt = $pdo->prepare("INSERT INTO identity_provider (`key`, `value`) VALUES ('roles', :value) ON DUPLICATE KEY UPDATE `value` = VALUES(`value`);");
-          $stmt->bindParam(':value', $roles);
+          $stmt = $pdo->prepare("INSERT INTO identity_provider (`key`, `value`) VALUES ('mappers', :value) ON DUPLICATE KEY UPDATE `value` = VALUES(`value`);");
+          $stmt->bindParam(':value', $mappers);
           $stmt->execute();
           $stmt = $pdo->prepare("INSERT INTO identity_provider (`key`, `value`) VALUES ('templates', :value) ON DUPLICATE KEY UPDATE `value` = VALUES(`value`);");
           $stmt->bindParam(':value', $templates);
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 436a9b370..ebebd3dc8 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -214,10 +214,10 @@
         "iam": "Identity Provider",
         "iam_client_id": "Client Id",
         "iam_client_secret": "Client Secret",
-        "iam_description": "Here, you can configure the integration with an external Keycloak service. The Keycloak user's mailboxes will be automatically created upon their first login, provided that a role mapping has been set.",
+        "iam_description": "Here, you can configure the integration with an external Keycloak service. The Keycloak user's mailboxes will be automatically created upon their first login, provided that a attribute mapping has been set.",
         "iam_realm": "Realm",
         "iam_redirect_url": "Redirect Url",
-        "iam_rolemapping": "Role Mapping",
+        "iam_mapping": "Attribute Mapping",
         "iam_server_url": "Server Url",
         "iam_sso": "SSO",
         "iam_test_connection": "Test Connection",
diff --git a/data/web/templates/admin/tab-config-identity-provider.twig b/data/web/templates/admin/tab-config-identity-provider.twig
index 600b336a3..fd7a8dc81 100644
--- a/data/web/templates/admin/tab-config-identity-provider.twig
+++ b/data/web/templates/admin/tab-config-identity-provider.twig
@@ -50,15 +50,15 @@
           </div>
         </div>
         <div class="row mb-2">
-          <label class="control-label col-sm-3 text-sm-end" for="iam_version">{{ lang.admin.iam_rolemapping }}:</label>
+          <label class="control-label col-sm-3 text-sm-end" for="iam_version">{{ lang.admin.iam_mapping }}:</label>
           <div class="col-4 d-flex mb-2">
-            <span class="w-100 me-2">Role</span>
+            <span class="w-100 me-2">Attribute</span>
             <span class="w-100 ms-2">Template</span>
             <button id="iam_rolemap_add" class="btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-plus-lg"></i></button>
           </div>
-          {% for key, role in identity_provider_settings.roles %}
+          {% for key, role in identity_provider_settings.mappers %}
           <div class="offset-sm-3 col-4 d-flex mb-2">
-            <input type="text" class="form-control me-2" name="roles" value="{{ identity_provider_settings.roles[key] }}">
+            <input type="text" class="form-control me-2" name="mappers" value="{{ identity_provider_settings.mappers[key] }}">
             <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}">
             {% for mbox_template in mbox_templates %}
               <option{% if mbox_template.template == identity_provider_settings.templates[key] %} selected{% endif %}>
@@ -70,7 +70,7 @@
           </div>
           {% endfor %}
           <div class="offset-sm-3 col-4 d-flex mb-2">
-            <input type="text" class="form-control me-2" name="roles" value="">
+            <input type="text" class="form-control me-2" name="mappers" value="">
             <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}">
             {% for mbox_template in mbox_templates %}
               <option>

From d4ae61646020eb23b5a7fdcca6e5ca80d21a6bf8 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 17 Mar 2023 13:15:31 +0100
Subject: [PATCH 053/755] replace ropc flow with keycloak rest api flow

---
 data/Dockerfiles/dovecot/docker-entrypoint.sh |  13 +-
 data/web/inc/functions.auth.inc.php           | 465 +++++++++++-------
 2 files changed, 296 insertions(+), 182 deletions(-)

diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index be9dd4d44..a7936bf2d 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -172,14 +172,13 @@ function auth_password_verify(request, password)
   -- check against app passwds for imap and smtp
   -- app passwords are only available for imap, smtp, sieve and pop3 when using sasl
   if request.service == "smtp" or request.service == "imap" or request.service == "sieve" or request.service == "pop3" then
+    skip_sasl_log = true
     req.protocol = {}
-    req.protocol[request.service] = true
-    req_json = json.encode(req)
-
-    req.protocol.ignore_hasaccess = false
-    if tostring(req.real_rip) == "__IPV4_SOGO__" then
-      req.protocol.ignore_hasaccess = true
+    if tostring(req.real_rip) != "__IPV4_SOGO__" then
+      skip_sasl_log = false
+      req.protocol[request.service] = true
     end
+    req_json = json.encode(req)
 
     local b, c = https.request {
       method = "POST",
@@ -193,7 +192,7 @@ function auth_password_verify(request, password)
     }
     local api_response = json.decode(table.concat(res))
     if api_response.role == 'user' then
-      if req.protocol.ignore_hasaccess == false then
+      if skip_sasl_log == true then
         con:execute(string.format([[REPLACE INTO sasl_log (service, app_password, username, real_rip)
           VALUES ("%s", %d, "%s", "%s")]], con:escape(req.service), row.id, con:escape(req.user), con:escape(req.real_rip)))
       end
diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 6a0cafa8b..c125b5d68 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -37,7 +37,7 @@ function check_login($user, $pass, $app_passwd_data = false) {
   // Validate mailbox user
   // skip log & ldelay if requests comes from dovecot
   $is_dovecot = false;
-  $request_ip =  ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR']);
+  $request_ip =  $_SERVER['REMOTE_ADDR'];
   if ($request_ip == getenv('IPV4_NETWORK').'.250'){
     $is_dovecot = true;
   }
@@ -52,16 +52,32 @@ function check_login($user, $pass, $app_passwd_data = false) {
   $row = $stmt->fetch(PDO::FETCH_ASSOC);
   if (!$row){
     // mbox does not exist, call keycloak login and create mbox if possible
-    $result = keycloak_mbox_login($user, $pass, $is_dovecot, true);
+    $result = keycloak_mbox_login_rest($user, $pass, $is_dovecot, true);
     if ($result){
       return $result;
     }
   } else if ($row['authsource'] == 'keycloak'){
-    $result = keycloak_mbox_login($user, $pass, $is_dovecot);
+    if ($app_passwd_data){
+      // first check if password is app_password
+      $result = mailcow_mbox_apppass_login($user, $pass, $app_passwd_data, $is_dovecot);
+      if ($result){
+        return $result;
+      }
+    }
+
+    $result = keycloak_mbox_login_rest($user, $pass, $is_dovecot);
     if ($result){
       return $result;
     }
   } else {
+    if ($app_passwd_data){
+      // first check if password is app_password
+      $result = mailcow_mbox_apppass_login($user, $pass, $app_passwd_data, $is_dovecot);
+      if ($result){
+        return $result;
+      }
+    }
+
     $result = mailcow_mbox_login($user, $pass, $app_passwd_data, $is_dovecot);
     if ($result){
       return $result;
@@ -106,42 +122,6 @@ function mailcow_mbox_login($user, $pass, $app_passwd_data = false, $is_internal
   $stmt->execute(array(':user' => $user));
   $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
 
-  // check if password is app password
-  $is_app_passwd = false;
-  if ($app_passwd_data['eas']){
-    $is_app_passwd = 'eas';
-  } else if ($app_passwd_data['dav']){
-    $is_app_passwd = 'dav';
-  } else if ($app_passwd_data['smtp']){
-    $is_app_passwd = 'smtp';
-  } else if ($app_passwd_data['imap']){
-    $is_app_passwd = 'imap';
-  } else if ($app_passwd_data['sieve']){
-    $is_app_passwd = 'sieve';
-  } else if ($app_passwd_data['pop3']){
-    $is_app_passwd = 'pop3';
-  }
-  if ($is_app_passwd){
-    // fetch app password data
-    $app_passwd_query = "SELECT `app_passwd`.`password` as `password`, `app_passwd`.`id` as `app_passwd_id` FROM `app_passwd`
-      INNER JOIN `mailbox` ON `mailbox`.`username` = `app_passwd`.`mailbox`
-      INNER JOIN `domain` ON `mailbox`.`domain` = `domain`.`domain`
-      WHERE `mailbox`.`kind` NOT REGEXP 'location|thing|group'
-        AND `mailbox`.`active` = '1'
-        AND `domain`.`active` = '1'
-        AND `app_passwd`.`active` = '1'
-        AND `app_passwd`.`mailbox` = :user";
-    // check if app password has protocol access
-    // skip if $app_passwd_data['ignore_hasaccess'] is true and the call is not external
-    if (!$is_internal || ($is_internal && !$app_passwd_data['ignore_hasaccess'])){
-      $app_passwd_query = $app_passwd_query . " AND `app_passwd`.`" . $is_app_passwd . "_access` = '1'";
-    }
-    // fetch password data
-    $stmt = $pdo->prepare($app_passwd_query);
-    $stmt->execute(array(':user' => $user));
-    $rows = array_merge($rows, $stmt->fetchAll(PDO::FETCH_ASSOC));
-  }
-
   foreach ($rows as $row) { 
     // verify password
     if (verify_hash($row['password'], $pass) !== false) {
@@ -176,70 +156,6 @@ function mailcow_mbox_login($user, $pass, $app_passwd_data = false, $is_internal
           }
           return "user";
         }
-      } elseif ($is_app_passwd) {
-        // password is a app password
-        if ($is_internal){
-          // skip log
-          return "user";
-        }
-
-        $service = strtoupper($is_app_passwd);
-        $stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES (:service, :app_id, :username, :remote_addr)");
-        $stmt->execute(array(
-          ':service' => $service,
-          ':app_id' => $row['app_passwd_id'],
-          ':username' => $user,
-          ':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'])
-        ));
-
-        unset($_SESSION['ldelay']);
-        return "user";
-      }
-    }
-  }
-
-  foreach ($rows as $row) { 
-    // verify password
-    if (verify_hash($row['password'], $pass) !== false) {
-      if (!array_key_exists("app_passwd_id", $row)){ 
-        // password is not a app password
-        // check for tfa authenticators
-        $authenticators = get_tfa($user);
-        if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 &&
-            $app_passwd_data['eas'] !== true && $app_passwd_data['dav'] !== true) {
-          // authenticators found, init TFA flow
-          $_SESSION['pending_mailcow_cc_username'] = $user;
-          $_SESSION['pending_mailcow_cc_role'] = "user";
-          $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
-          unset($_SESSION['ldelay']);
-          $_SESSION['return'][] =  array(
-            'type' => 'success',
-            'log' => array(__FUNCTION__, $user, '*'),
-            'msg' => array('logged_in_as', $user)
-          );
-          return "pending";
-        } else if (!isset($authenticators['additional']) || !is_array($authenticators['additional']) || count($authenticators['additional']) == 0) {
-          // no authenticators found, login successfull
-          // Reactivate TFA if it was set to "deactivate TFA for next login"
-          $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
-          $stmt->execute(array(':user' => $user));
-
-          unset($_SESSION['ldelay']);
-          return "user";
-        }
-      } elseif ($app_passwd_data['eas'] === true || $app_passwd_data['dav'] === true) {
-        // password is a app password
-        $service = ($app_passwd_data['eas'] === true) ? 'EAS' : 'DAV';
-        $stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES (:service, :app_id, :username, :remote_addr)");
-        $stmt->execute(array(
-          ':service' => $service,
-          ':app_id' => $row['app_passwd_id'],
-          ':username' => $user,
-          ':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'])
-        ));
-
-        unset($_SESSION['ldelay']);
-        return "user";
       }
     }
   }
@@ -333,8 +249,76 @@ function mailcow_admin_login($user, $pass){
 
   return false;
 }
+function mailcow_mbox_apppass_login($user, $pass, $app_passwd_data, $is_internal = false){
+  global $pdo;
 
-function keycloak_mbox_login($user, $pass, $is_internal = false, $create = false){
+  $protocol = false;
+  if ($app_passwd_data['eas']){
+    $protocol = 'eas';
+  } else if ($app_passwd_data['dav']){
+    $protocol = 'dav';
+  } else if ($app_passwd_data['smtp']){
+    $protocol = 'smtp';
+  } else if ($app_passwd_data['imap']){
+    $protocol = 'imap';
+  } else if ($app_passwd_data['sieve']){
+    $protocol = 'sieve';
+  } else if ($app_passwd_data['pop3']){
+    $protocol = 'pop3';
+  }
+
+  // fetch app password data
+  $stmt = $pdo->prepare("SELECT `app_passwd`.`password` as `password`, `app_passwd`.`id` as `app_passwd_id` FROM `app_passwd`
+    INNER JOIN `mailbox` ON `mailbox`.`username` = `app_passwd`.`mailbox`
+    INNER JOIN `domain` ON `mailbox`.`domain` = `domain`.`domain`
+    WHERE `mailbox`.`kind` NOT REGEXP 'location|thing|group'
+      AND `mailbox`.`active` = '1'
+      AND `domain`.`active` = '1'
+      AND `app_passwd`.`active` = '1'
+      AND `app_passwd`.`mailbox` = :user
+      :has_access_query"
+  );    
+  // check if app password has protocol access
+  // skip if protocol is false and the call is not external
+  $has_access_query = '';
+  if (!$is_internal || ($is_internal && !empty($protocol))){
+    $has_access_query = " AND `app_passwd`.`" . $protocol . "_access` = '1'";
+  }
+  // fetch password data
+  $stmt->execute(array(
+    ':user' => $user,
+    ':has_access_query' => $has_access_query
+  ));
+  $rows = array_merge($rows, $stmt->fetchAll(PDO::FETCH_ASSOC));
+  
+  foreach ($rows as $row) { 
+    // verify password
+    if (verify_hash($row['password'], $pass) !== false) {
+      if ($is_internal){
+        // skip sasl_log, dovecot does the job
+        return "user";
+      }
+
+      $service = strtoupper($is_app_passwd);
+      $stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES (:service, :app_id, :username, :remote_addr)");
+      $stmt->execute(array(
+        ':service' => $service,
+        ':app_id' => $row['app_passwd_id'],
+        ':username' => $user,
+        ':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'])
+      ));
+
+      unset($_SESSION['ldelay']);
+      return "user";
+    }
+  }
+
+  return false;
+}
+
+// ROPC Flow (deprecated oAuth2.1)
+// uses direct user credentials for UI, IMAP and SMTP Auth
+function keycloak_mbox_login_ropc($user, $pass, $is_internal = false, $create = false){
   global $pdo;
 
   $identity_provider_settings = identity_provider('get');
@@ -363,7 +347,7 @@ function keycloak_mbox_login($user, $pass, $is_internal = false, $create = false
       // check if $user is email address, only accept email address as username
       return false;
     }
-    if ($create && !empty($identity_provider_settings['roles'])){
+    if ($create && !empty($identity_provider_settings['mappers'])){
       // try to create mbox on successfull login
       $user_roles = $user_data['realm_access']['roles'];
       $mbox_template = null;
@@ -407,6 +391,117 @@ function keycloak_mbox_login($user, $pass, $is_internal = false, $create = false
     return false;
   }
 }
+// Keycloak REST Api Flow - auth user by mailcow_password attribute
+// This password will be used for direct UI, IMAP and SMTP Auth
+// To use direct user credentials, only Authorization Code Flow is valid
+function keycloak_mbox_login_rest($user, $pass, $is_internal = false, $create = false){
+  global $pdo;
+
+  $identity_provider_settings = identity_provider('get');
+
+  // get access_token for service account of mailcow client
+  $url = "{$identity_provider_settings['server_url']}/realms/{$identity_provider_settings['realm']}/protocol/openid-connect/token";
+  $req = http_build_query(array(
+    'grant_type'    => 'client_credentials',
+    'client_id'     => $identity_provider_settings['client_id'],
+    'client_secret' => $identity_provider_settings['client_secret']
+  ));
+  $curl = curl_init();
+  curl_setopt($curl, CURLOPT_URL, $url);
+  curl_setopt($curl, CURLOPT_POST, 1);
+  curl_setopt($curl, CURLOPT_POSTFIELDS, $req);
+  curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
+  curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
+  $mcclient_res = json_decode(curl_exec($curl), true);
+  $code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
+  curl_close ($curl);
+  if ($code != 200) {
+    return false;
+  }
+
+  // get the mailcow_password attribute from keycloak user
+  $url = "{$identity_provider_settings['server_url']}/admin/realms/{$identity_provider_settings['realm']}/users";
+  $queryParams = array('email' => $user, 'exact' => true);
+  $queryString = http_build_query($queryParams);
+  $curl = curl_init();
+  curl_setopt($curl, CURLOPT_URL, $url . '?' . $queryString);
+  curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
+  curl_setopt($curl, CURLOPT_HTTPHEADER, array(
+      'Authorization: Bearer ' . $mcclient_res['access_token'],
+      'Content-Type: application/json'
+  ));
+  $user_res = json_decode(curl_exec($curl), true)[0];
+  $code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
+  curl_close($curl);
+  if ($code != 200) {
+    return false;
+  }
+
+  
+
+  // validate mailcow_password
+  $mailcow_password = $user_res['attributes']['mailcow_password'][0];
+  if (!verify_hash($mailcow_password, $pass)) {
+    return false;
+  }
+
+  // get mapped template, if not set return false
+  // also return false if no mappers were defined
+  $user_template = $user_data['attributes']['mailcow_template'][0];
+  if ($create && (empty($identity_provider_settings['mappers']) || $user_template)){
+    return false;
+  } else if (!$create) {
+    // login success - dont create mailbox
+    $_SESSION['return'][] =  array(
+      'type' => 'success',
+      'log' => array(__FUNCTION__, $user, '*'),
+      'msg' => array('logged_in_as', $user)
+    );
+    return 'user';
+  }
+
+  // try to create mbox on successfull login
+  $mbox_template = null;
+  // check if matching rolemapping exist
+  foreach ($identity_provider_settings['mappers'] as $index => $mapper){
+    if (in_array($mapper, $identity_provider_settings['mappers'])) {
+      $mbox_template = $identity_provider_settings['templates'][$index];
+      break;
+    }
+  }
+  if (!$mbox_template){
+    // no matching template found
+    return false;
+  }
+  $stmt = $pdo->prepare("SELECT * FROM `templates` 
+  WHERE `template` = :template AND type = 'mailbox'");
+  $stmt->execute(array(
+    ":template" => $mbox_template
+  ));
+  $mbox_template_data = $stmt->fetch(PDO::FETCH_ASSOC);
+  if (empty($mbox_template_data)){
+    return false;
+  }
+
+  $mbox_template_data = json_decode($mbox_template_data["attributes"], true);
+  $mbox_template_data['domain'] = explode('@', $user)[1];
+  $mbox_template_data['local_part'] = explode('@', $user)[0];
+  $mbox_template_data['authsource'] = 'keycloak';
+  $_SESSION['iam_create_login'] = true;
+  $create_res = mailbox('add', 'mailbox', $mbox_template_data);
+  $_SESSION['iam_create_login'] = false;
+  if (!$create_res){
+    return false;
+  }
+
+  $_SESSION['return'][] =  array(
+    'type' => 'success',
+    'log' => array(__FUNCTION__, $user, '*'),
+    'msg' => array('logged_in_as', $user)
+  );
+  return 'user';
+}
+// Authorization Code Flow
 function keycloak_verify_token(){
   global $keycloak_provider;
   global $pdo;
@@ -419,86 +514,113 @@ function keycloak_verify_token(){
       'log' => array(__FUNCTION__),
       'msg' => array('login_failed', $e->getMessage())
     );
-    die($e->getMessage() . " - " . $_GET['code'] . " - " . $_SESSION['oauth2state']);
     return false;
   }
   
-  $login = false;
   $_SESSION['keycloak_token'] = $token->getToken();
   $_SESSION['keycloak_refresh_token'] = $token->getRefreshToken();
   // decode jwt data
   $info = json_decode(base64_decode(str_replace('_', '/', str_replace('-','+',explode('.', $token->getToken())[1]))), true);
-  if (in_array("mailbox", $info['realm_access']['roles']) && $info['email']){
-    // token valid, get mailbox
-    $stmt = $pdo->prepare("SELECT * FROM `mailbox`
-      INNER JOIN domain on mailbox.domain = domain.domain
-      WHERE `kind` NOT REGEXP 'location|thing|group'
-        AND `mailbox`.`active`='1'
-        AND `domain`.`active`='1'
-        AND `username` = :user
-        AND `authsource`='keycloak'");
-    $stmt->execute(array(':user' => $info['email']));
-    $row = $stmt->fetch(PDO::FETCH_ASSOC);
+  // check if email address is given
+  if (!$info['email']){
+    return false;
+  }
 
-    if ($row){
-      $_SESSION['mailcow_cc_username'] = $info['email'];
-      $_SESSION['mailcow_cc_role'] = "user";
-      $login = true;
-    } else {
-      $identity_provider_settings = identity_provider('get');
-      if (!empty($identity_provider_settings['roles'])){
-        // try to create mbox on successfull login
-        $user_roles = $info['realm_access']['roles'];
-        $mbox_template = null;
-        // check if matching rolemapping exist
-        foreach ($user_roles as $index => $role){
-          if (in_array($role, $identity_provider_settings['roles'])) {
-            $mbox_template = $identity_provider_settings['templates'][$index];
-            break;
-          }
-        }
-        if ($mbox_template){
-          $stmt = $pdo->prepare("SELECT * FROM `templates` 
-          WHERE `template` = :template AND type = 'mailbox'");
-          $stmt->execute(array(
-            ":template" => $mbox_template
-          ));
-          $mbox_template_data = $stmt->fetch(PDO::FETCH_ASSOC);
 
-          if (!empty($mbox_template_data)){
-            $mbox_template_data = json_decode($mbox_template_data["attributes"], true);
-            $mbox_template_data['domain'] = explode('@', $info['email'])[1];
-            $mbox_template_data['local_part'] = explode('@', $info['email'])[0];
-            $mbox_template_data['authsource'] = 'keycloak';
-            $_SESSION['iam_create_login'] = true;
-            $create_res = mailbox('add', 'mailbox', $mbox_template_data);
-            $_SESSION['iam_create_login'] = false;
-            if ($create_res){
-              $_SESSION['mailcow_cc_username'] = $info['email'];
-              $_SESSION['mailcow_cc_role'] = "user";
-              $login = true;
-            }
-          }
-        }
-      }
-    }
-  } 
-
-  if ($login){
+  // token valid, get mailbox
+  $stmt = $pdo->prepare("SELECT * FROM `mailbox`
+    INNER JOIN domain on mailbox.domain = domain.domain
+    WHERE `kind` NOT REGEXP 'location|thing|group'
+      AND `mailbox`.`active`='1'
+      AND `domain`.`active`='1'
+      AND `username` = :user
+      AND `authsource`='keycloak'");
+  $stmt->execute(array(':user' => $info['email']));
+  $row = $stmt->fetch(PDO::FETCH_ASSOC);
+  if ($row){
+    // success
+    $_SESSION['mailcow_cc_username'] = $info['email'];
+    $_SESSION['mailcow_cc_role'] = "user";
     $_SESSION['return'][] =  array(
       'type' => 'success',
       'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
       'msg' => array('logged_in_as', $_SESSION['mailcow_cc_username'])
     );
-  } else {
+    return true;
+  }
+  // get mapped template, if not set return false
+  // also return false if no mappers were defined
+  $identity_provider_settings = identity_provider('get');
+  $user_template = $info['mailcow_template'];
+  if (empty($identity_provider_settings['mappers']) || empty($user_template)){
     unset_auth_session();  
     $_SESSION['return'][] =  array(
       'type' => 'danger',
       'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
       'msg' => 'login_failed'
     );
+    return false;
   }
-  return $login;
+  $mbox_template = null;
+  // check if matching rolemapping exist
+  foreach ($identity_provider_settings['mappers'] as $index => $mapper){
+    if ($user_template == $mapper) {
+      $mbox_template = $identity_provider_settings['templates'][$index];
+      break;
+    }
+  }
+  if (!$mbox_template){
+    // no matching template found
+    unset_auth_session();  
+    $_SESSION['return'][] =  array(
+      'type' => 'danger',
+      'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
+      'msg' => 'login_failed'
+    );
+    return false;
+  }
+  $stmt = $pdo->prepare("SELECT * FROM `templates` 
+  WHERE `template` = :template AND type = 'mailbox'");
+  $stmt->execute(array(
+    ":template" => $mbox_template
+  ));
+  $mbox_template_data = $stmt->fetch(PDO::FETCH_ASSOC);
+  if (empty($mbox_template_data)){
+    unset_auth_session();  
+    $_SESSION['return'][] =  array(
+      'type' => 'danger',
+      'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
+      'msg' => 'login_failed'
+    );
+    return false;
+  }
+
+  // create mailbox
+  $mbox_template_data = json_decode($mbox_template_data["attributes"], true);
+  $mbox_template_data['domain'] = explode('@', $info['email'])[1];
+  $mbox_template_data['local_part'] = explode('@', $info['email'])[0];
+  $mbox_template_data['authsource'] = 'keycloak';
+  $_SESSION['iam_create_login'] = true;
+  $create_res = mailbox('add', 'mailbox', $mbox_template_data);
+  $_SESSION['iam_create_login'] = false;
+  if (!$create_res){
+    unset_auth_session();  
+    $_SESSION['return'][] =  array(
+      'type' => 'danger',
+      'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
+      'msg' => 'login_failed'
+    );
+    return false;
+  }
+
+  $_SESSION['mailcow_cc_username'] = $info['email'];
+  $_SESSION['mailcow_cc_role'] = "user";
+  $_SESSION['return'][] =  array(
+    'type' => 'success',
+    'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
+    'msg' => array('logged_in_as', $_SESSION['mailcow_cc_username'])
+  );
+  return true;
 }
 function keycloak_refresh(){
   global $keycloak_provider;
@@ -514,20 +636,11 @@ function keycloak_refresh(){
     return false;
   }
 
-
-  $refresh = false;
   $_SESSION['keycloak_token'] = $token->getToken();
   $_SESSION['keycloak_refresh_token'] = $token->getRefreshToken();
   // decode jwt data
   $info = json_decode(base64_decode(str_replace('_', '/', str_replace('-','+',explode('.', $_SESSION['keycloak_token'])[1]))), true);
-  if (in_array("mailbox",  $info['realm_access']['roles']) && $info['email']){
-    $_SESSION['mailcow_cc_username'] = $info['email'];
-
-    $_SESSION['mailcow_cc_role'] = "user";
-    $refresh = true;
-  } 
-
-  if (!$refresh){
+  if (!$info['email']){
     unset_auth_session();  
     $_SESSION['return'][] =  array(
       'type' => 'danger',
@@ -536,7 +649,9 @@ function keycloak_refresh(){
     );
   }
 
-  return $refresh;
+  $_SESSION['mailcow_cc_username'] = $info['email'];
+  $_SESSION['mailcow_cc_role'] = "user";
+  return true;
 }
 function keycloak_get_redirect(){
   global $keycloak_provider;

From 61ab17d8a182b42b28427465efb2247815400162 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 31 Mar 2023 10:08:00 +0200
Subject: [PATCH 054/755] [Web] fix iam attribute mapping ui

---
 .../templates/admin/tab-config-identity-provider.twig  | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/data/web/templates/admin/tab-config-identity-provider.twig b/data/web/templates/admin/tab-config-identity-provider.twig
index fd7a8dc81..02d5ca14c 100644
--- a/data/web/templates/admin/tab-config-identity-provider.twig
+++ b/data/web/templates/admin/tab-config-identity-provider.twig
@@ -58,8 +58,8 @@
           </div>
           {% for key, role in identity_provider_settings.mappers %}
           <div class="offset-sm-3 col-4 d-flex mb-2">
-            <input type="text" class="form-control me-2" name="mappers" value="{{ identity_provider_settings.mappers[key] }}">
-            <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}">
+            <input type="text" class="form-control me-2" name="mappers" value="{{ identity_provider_settings.mappers[key] }}" required>
+            <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
             {% for mbox_template in mbox_templates %}
               <option{% if mbox_template.template == identity_provider_settings.templates[key] %} selected{% endif %}>
                 {{ mbox_template.template }}
@@ -69,9 +69,10 @@
             <button class="iam_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-x-lg"></i></button>
           </div>
           {% endfor %}
+          {% if not identity_provider_settings.mappers %}
           <div class="offset-sm-3 col-4 d-flex mb-2">
-            <input type="text" class="form-control me-2" name="mappers" value="">
-            <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}">
+            <input type="text" class="form-control me-2" name="mappers" value="" required>
+            <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
             {% for mbox_template in mbox_templates %}
               <option>
                 {{ mbox_template.template }}
@@ -80,6 +81,7 @@
             </select>
             <button class="iam_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-x-lg"></i></button>
           </div>
+          {% endif %}
         </div>
         <div class="row mt-4 mb-2">
           <div class="offset-sm-3 col-sm-9">

From 3c62a7fd9f67592371f2334e04cf7dbcfa328073 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 31 Mar 2023 14:55:05 +0200
Subject: [PATCH 055/755] [Web] IAM - add delete option & fix test connection

---
 data/web/inc/functions.inc.php | 48 +++++++++++++++++++++++++---------
 data/web/js/site/admin.js      | 12 +++++++--
 data/web/json_api.php          | 20 +++++---------
 3 files changed, 52 insertions(+), 28 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index f64f150ad..1e4cc8c1d 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2166,15 +2166,21 @@ function identity_provider($_action, $_data = null, $hide_secret = false) {
       );
       return true;
     break;
-    case 'test':  
-      $identity_provider_settings = identity_provider('get');
-      $url = "{$identity_provider_settings['server_url']}/realms/{$identity_provider_settings['realm']}/protocol/openid-connect/token";
+    case 'test':
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+
+      $url = "{$_data['server_url']}/realms/{$_data['realm']}/protocol/openid-connect/token";
       $req = http_build_query(array(
-        'grant_type'    => 'password',
-        'client_id'     => $identity_provider_settings['client_id'],
-        'client_secret' => $identity_provider_settings['client_secret'],
-        'username'      => "test",
-        'password'      => "test",
+        'grant_type'    => 'client_credentials',
+        'client_id'     => $_data['client_id'],
+        'client_secret' => $_data['client_secret']
       ));
       $curl = curl_init();
       curl_setopt($curl, CURLOPT_URL, $url);
@@ -2182,13 +2188,29 @@ function identity_provider($_action, $_data = null, $hide_secret = false) {
       curl_setopt($curl, CURLOPT_POSTFIELDS, $req);
       curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
       curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
-      $res = json_decode(curl_exec($curl), true);
+      $res = curl_exec($curl);
+      $code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
       curl_close ($curl);
-
-      if ($res["error"] && $res["error"] === 'invalid_grant'){
-        return true;
+      
+      if ($code != 200) {
+        return false;
       }
-      return false;
+      return true;
+    break;
+    case "delete":
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+      
+      $stmt = $pdo->prepare("DELETE FROM identity_provider;");
+      $stmt->execute();
+
+      return true;
     break;
   }
 }
diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index 708cb0be0..885e5ea52 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -752,14 +752,22 @@ jQuery(function($){
   // IAM test connection
   $('#iam_test_connection').click(async function(e){
     e.preventDefault();
-    var res = await fetch("/api/v1/get/status/identity-provider", { method:'GET', cache:'no-cache' });
+    var data = { attr: $('form[data-id="iam_sso"]').serializeObject() };
+    var res = await fetch("/api/v1/edit/identity-provider-test", { 
+      headers: {
+        "Content-Type": "application/json",
+      },
+      method:'POST', 
+      cache:'no-cache', 
+      body: JSON.stringify(data) 
+    });
     res = await res.json();
-    console.log(res);
     if (res.type === 'success'){
       return mailcow_alert_box(lang_success.iam_test_connection, 'success');
     }
     return mailcow_alert_box(lang_danger.iam_test_connection, 'danger');
   });
+
   $('#iam_rolemap_add').click(async function(e){
     e.preventDefault();
 
diff --git a/data/web/json_api.php b/data/web/json_api.php
index 52ca8b715..9564af888 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -1702,19 +1702,6 @@ if (isset($_GET['query'])) {
                     'version' => $GLOBALS['MAILCOW_GIT_VERSION']
                   ));
                 break;
-                case "identity-provider":
-                  if (identity_provider('test')){
-                    echo json_encode(array(
-                      'type' => 'success',
-                      'msg' => 'connection successfull'
-                    ));
-                  } else {
-                    echo json_encode(array(
-                      'type' => 'error',
-                      'msg' => 'connection failed'
-                    ));
-                  }
-                break;
               }
             }
           break;
@@ -1879,6 +1866,9 @@ if (isset($_GET['query'])) {
         case "rlhash":
           echo ratelimit('delete', null, implode($items));
         break;
+        case "identity-provider":
+          process_delete_return(identity_provider('delete'));
+        break;
         // return no route found if no case is matched
         default:
           http_response_code(404);
@@ -2098,8 +2088,12 @@ if (isset($_GET['query'])) {
         case "cors":
           process_edit_return(cors('edit', $attr));
         case "identity_provider":
+        case "identity-provider":
           process_edit_return(identity_provider('edit', $attr));
         break;
+        case "identity-provider-test":
+          process_edit_return(identity_provider('test', $attr));
+        break;
         // return no route found if no case is matched
         default:
           http_response_code(404);

From c6a56e0748c52f6cad2cc6ec45ab5f30bcf01c52 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 31 Mar 2023 14:56:31 +0200
Subject: [PATCH 056/755] [Web] add IAM delete button & fix add mbox modal

---
 data/web/js/site/mailbox.js                                | 2 +-
 data/web/templates/admin/tab-config-identity-provider.twig | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index 6fbcc3e3f..e562ab8cf 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -282,7 +282,7 @@ $(document).ready(function() {
     $("#addInputQuota").val(template.quota / 1048576);
     $('#mbox_add_iam').selectpicker('val', template.authsource);
     // toggle password fields
-    if (template.authsource === 'mailcow'){
+    if (!template.authsource || template.authsource === 'mailcow'){
       $('#mbox_add_pwds').removeClass('d-none');
       $('#mbox_add_pwds').find('.form-control').prop('required', true);
     } else {
diff --git a/data/web/templates/admin/tab-config-identity-provider.twig b/data/web/templates/admin/tab-config-identity-provider.twig
index 02d5ca14c..13bbc7553 100644
--- a/data/web/templates/admin/tab-config-identity-provider.twig
+++ b/data/web/templates/admin/tab-config-identity-provider.twig
@@ -87,8 +87,9 @@
           <div class="offset-sm-3 col-sm-9">
             <div class="btn-group">   
               <button id="iam_test_connection" class="btn btn-sm d-block d-sm-inline btn-secondary"><i class="bi bi-play"></i> {{ lang.admin.iam_test_connection }}</button>
-              <button class="btn btn-sm d-block d-sm-inline btn-success" data-item="iam_sso" data-action="edit_selected" data-id="iam_sso" data-api-url='edit/identity_provider' data-api-attr='{}' href="#"><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
+              <button class="btn btn-sm d-block d-sm-inline btn-success" data-item="iam_sso" data-action="edit_selected" data-id="iam_sso" data-api-url='edit/identity-provider' data-api-attr='{}'><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
             </div>
+            <button class="btn btn-sm d-block d-sm-inline btn-danger ms-2" data-item="identity-provider" data-action="delete_selected" data-id="iam_sso" data-api-url='delete/identity-provider'><i class="bi bi-trash"></i> {{ lang.mailbox.remove }}</button>
           </div>
         </div>
       </form>

From 5bbb12b53e0fcf4d50369d332c6e85d8e0164bc3 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 4 Apr 2023 10:47:29 +0200
Subject: [PATCH 057/755] [Dovecot] fix wrong lua syntax

---
 data/Dockerfiles/dovecot/docker-entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index a7936bf2d..9755398e7 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -174,7 +174,7 @@ function auth_password_verify(request, password)
   if request.service == "smtp" or request.service == "imap" or request.service == "sieve" or request.service == "pop3" then
     skip_sasl_log = true
     req.protocol = {}
-    if tostring(req.real_rip) != "__IPV4_SOGO__" then
+    if tostring(req.real_rip) ~= "__IPV4_SOGO__" then
       skip_sasl_log = false
       req.protocol[request.service] = true
     end

From f0689e08d96f29c6e2161b1677c398187330c3b1 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 12 Apr 2023 11:21:29 +0200
Subject: [PATCH 058/755] [Web] iam - add switch for direct login flow

---
 data/web/inc/functions.auth.inc.php           | 95 ++++++++++---------
 data/web/inc/functions.inc.php                |  4 +-
 data/web/js/site/mailbox.js                   |  1 -
 data/web/lang/lang.en-gb.json                 |  6 ++
 .../admin/tab-config-identity-provider.twig   | 25 ++++-
 5 files changed, 83 insertions(+), 48 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index c125b5d68..83c9ba8b1 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -52,7 +52,12 @@ function check_login($user, $pass, $app_passwd_data = false) {
   $row = $stmt->fetch(PDO::FETCH_ASSOC);
   if (!$row){
     // mbox does not exist, call keycloak login and create mbox if possible
-    $result = keycloak_mbox_login_rest($user, $pass, $is_dovecot, true);
+    $identity_provider_settings = identity_provider('get');
+    if ($identity_provider_settings['login_flow'] == 'ropc'){
+      $result = keycloak_mbox_login_ropc($user, $pass, $identity_provider_settings, $is_dovecot, true);
+    } else {
+      $result = keycloak_mbox_login_rest($user, $pass, $identity_provider_settings, $is_dovecot, true);
+    }
     if ($result){
       return $result;
     }
@@ -65,7 +70,12 @@ function check_login($user, $pass, $app_passwd_data = false) {
       }
     }
 
-    $result = keycloak_mbox_login_rest($user, $pass, $is_dovecot);
+    $identity_provider_settings = identity_provider('get');
+    if ($identity_provider_settings['login_flow'] == 'ropc'){
+      $result = keycloak_mbox_login_ropc($user, $pass, $identity_provider_settings, $is_dovecot);
+    } else {
+      $result = keycloak_mbox_login_rest($user, $pass, $identity_provider_settings, $is_dovecot);
+    }
     if ($result){
       return $result;
     }
@@ -318,15 +328,14 @@ function mailcow_mbox_apppass_login($user, $pass, $app_passwd_data, $is_internal
 
 // ROPC Flow (deprecated oAuth2.1)
 // uses direct user credentials for UI, IMAP and SMTP Auth
-function keycloak_mbox_login_ropc($user, $pass, $is_internal = false, $create = false){
+function keycloak_mbox_login_ropc($user, $pass, $iam_settings, $is_internal = false, $create = false){
   global $pdo;
 
-  $identity_provider_settings = identity_provider('get');
-  $url = "{$identity_provider_settings['server_url']}/realms/{$identity_provider_settings['realm']}/protocol/openid-connect/token";
+  $url = "{$iam_settings['server_url']}/realms/{$iam_settings['realm']}/protocol/openid-connect/token";
   $req = http_build_query(array(
     'grant_type'    => 'password',
-    'client_id'     => $identity_provider_settings['client_id'],
-    'client_secret' => $identity_provider_settings['client_secret'],
+    'client_id'     => $iam_settings['client_id'],
+    'client_secret' => $iam_settings['client_secret'],
     'username'      => $user,
     'password'      => $pass,
   ));
@@ -347,36 +356,38 @@ function keycloak_mbox_login_ropc($user, $pass, $is_internal = false, $create =
       // check if $user is email address, only accept email address as username
       return false;
     }
-    if ($create && !empty($identity_provider_settings['mappers'])){
+    if ($create && !empty($iam_settings['mappers'])){
       // try to create mbox on successfull login
-      $user_roles = $user_data['realm_access']['roles'];
       $mbox_template = null;
-      // check if matching rolemapping exist
-      foreach ($user_roles as $index => $role){
-        if (in_array($role, $identity_provider_settings['roles'])) {
-          $mbox_template = $identity_provider_settings['templates'][$index];
+      // check if matching attribute mapping exists
+      foreach ($iam_settings['mappers'] as $index => $mapper){
+        if (in_array($mapper, $iam_settings['mappers'])) {
+          $mbox_template = $iam_settings['templates'][$index];
           break;
         }
       }
-      if ($mbox_template){
-        $stmt = $pdo->prepare("SELECT * FROM `templates` 
-        WHERE `template` = :template AND type = 'mailbox'");
-        $stmt->execute(array(
-          ":template" => $mbox_template
-        ));
-        $mbox_template_data = $stmt->fetch(PDO::FETCH_ASSOC);
+      if (!$mbox_template){
+        // no matching template found
+        return false;
+      }
+      
+      $stmt = $pdo->prepare("SELECT * FROM `templates` 
+      WHERE `template` = :template AND type = 'mailbox'");
+      $stmt->execute(array(
+        ":template" => $mbox_template
+      ));
+      $mbox_template_data = $stmt->fetch(PDO::FETCH_ASSOC);
 
-        if (!empty($mbox_template_data)){
-          $mbox_template_data = json_decode($mbox_template_data["attributes"], true);
-          $mbox_template_data['domain'] = explode('@', $user)[1];
-          $mbox_template_data['local_part'] = explode('@', $user)[0];
-          $mbox_template_data['authsource'] = 'keycloak';
-          $_SESSION['iam_create_login'] = true;
-          $create_res = mailbox('add', 'mailbox', $mbox_template_data);
-          $_SESSION['iam_create_login'] = false;
-          if (!$create_res){
-            return false;
-          }
+      if (!empty($mbox_template_data)){
+        $mbox_template_data = json_decode($mbox_template_data["attributes"], true);
+        $mbox_template_data['domain'] = explode('@', $user)[1];
+        $mbox_template_data['local_part'] = explode('@', $user)[0];
+        $mbox_template_data['authsource'] = 'keycloak';
+        $_SESSION['iam_create_login'] = true;
+        $create_res = mailbox('add', 'mailbox', $mbox_template_data);
+        $_SESSION['iam_create_login'] = false;
+        if (!$create_res){
+          return false;
         }
       }
     }
@@ -394,17 +405,15 @@ function keycloak_mbox_login_ropc($user, $pass, $is_internal = false, $create =
 // Keycloak REST Api Flow - auth user by mailcow_password attribute
 // This password will be used for direct UI, IMAP and SMTP Auth
 // To use direct user credentials, only Authorization Code Flow is valid
-function keycloak_mbox_login_rest($user, $pass, $is_internal = false, $create = false){
+function keycloak_mbox_login_rest($user, $pass, $iam_settings, $is_internal = false, $create = false){
   global $pdo;
 
-  $identity_provider_settings = identity_provider('get');
-
   // get access_token for service account of mailcow client
-  $url = "{$identity_provider_settings['server_url']}/realms/{$identity_provider_settings['realm']}/protocol/openid-connect/token";
+  $url = "{$iam_settings['server_url']}/realms/{$iam_settings['realm']}/protocol/openid-connect/token";
   $req = http_build_query(array(
     'grant_type'    => 'client_credentials',
-    'client_id'     => $identity_provider_settings['client_id'],
-    'client_secret' => $identity_provider_settings['client_secret']
+    'client_id'     => $iam_settings['client_id'],
+    'client_secret' => $iam_settings['client_secret']
   ));
   $curl = curl_init();
   curl_setopt($curl, CURLOPT_URL, $url);
@@ -420,7 +429,7 @@ function keycloak_mbox_login_rest($user, $pass, $is_internal = false, $create =
   }
 
   // get the mailcow_password attribute from keycloak user
-  $url = "{$identity_provider_settings['server_url']}/admin/realms/{$identity_provider_settings['realm']}/users";
+  $url = "{$iam_settings['server_url']}/admin/realms/{$iam_settings['realm']}/users";
   $queryParams = array('email' => $user, 'exact' => true);
   $queryString = http_build_query($queryParams);
   $curl = curl_init();
@@ -448,7 +457,7 @@ function keycloak_mbox_login_rest($user, $pass, $is_internal = false, $create =
   // get mapped template, if not set return false
   // also return false if no mappers were defined
   $user_template = $user_data['attributes']['mailcow_template'][0];
-  if ($create && (empty($identity_provider_settings['mappers']) || $user_template)){
+  if ($create && (empty($iam_settings['mappers']) || $user_template)){
     return false;
   } else if (!$create) {
     // login success - dont create mailbox
@@ -462,10 +471,10 @@ function keycloak_mbox_login_rest($user, $pass, $is_internal = false, $create =
 
   // try to create mbox on successfull login
   $mbox_template = null;
-  // check if matching rolemapping exist
-  foreach ($identity_provider_settings['mappers'] as $index => $mapper){
-    if (in_array($mapper, $identity_provider_settings['mappers'])) {
-      $mbox_template = $identity_provider_settings['templates'][$index];
+  // check if matching attribute mapping exists
+  foreach ($iam_settings['mappers'] as $index => $mapper){
+    if (in_array($mapper, $iam_settings['mappers'])) {
+      $mbox_template = $iam_settings['templates'][$index];
       break;
     }
   }
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 1e4cc8c1d..9ee4d0d09 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2104,8 +2104,10 @@ function identity_provider($_action, $_data = null, $hide_secret = false) {
       $data_log['client_secret'] = '*';
       $stmt = $pdo->prepare("INSERT INTO identity_provider (`key`, `value`) VALUES (:key, :value) ON DUPLICATE KEY UPDATE `value` = VALUES(`value`);");
       
+      $_data['login_flow'] = (isset($_data['login_flow']) && $_data['login_flow'] == 'ropc') ? 'ropc' : 'rest';
+
       // add connection settings      
-      $required_settings = array('server_url', 'authsource', 'realm', 'client_id', 'client_secret', 'redirect_url', 'version');
+      $required_settings = array('server_url', 'authsource', 'realm', 'client_id', 'client_secret', 'redirect_url', 'version', 'login_flow');
       foreach($required_settings as $setting){
         if (!$_data[$setting]){
           $_SESSION['return'][] =  array(
diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index e562ab8cf..06c1444d3 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -407,7 +407,6 @@ $(document).ready(function() {
       $('#rl_frame').selectpicker('val', template.rl_frame);
     }
 
-    console.log(template.active)
     if (template.active){
       $('#mbox_active').selectpicker('val', template.active.toString());
     } else {
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index ebebd3dc8..9825ab9d2 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -212,11 +212,17 @@
         "host": "Host",
         "html": "HTML",
         "iam": "Identity Provider",
+        "iam_auth_flow": "Authentication Flow",
+        "iam_auth_flow_info": "In addition to the Authorization Code Flow (Standard Flow in Keycloak), which is used for Single-Sign On login, mailcow also supports Authentication Flows with direct Credentials",
+        "iam_auth_flow_rest_info": "1. Mailpassword Flow (Default)<br>The Mailpassword Flow attempts to validate the user's credentials by using the Keycloak Admin REST API. mailcow retrieves the hashed password from the <code>mailcow_password</code> attribute, which is mapped in Keycloak. If this attribute is not found, the user needs to log in to the mailcow UI via Single-Sign On and create an App Password to use a mail client.<br>To enable this flow, the mailcow client in Keycloak must have <code>Service accounts roles</code> checked under <code>Authentication Flow</code>.",
+        "iam_auth_flow_ropc_info": "2. Resource Owner Password Flow<br>We do not recommend using this flow, as it is probably deprecated in the new OAuth 2.1 protocol. The Resource Owner Password Flow allows direct validation of the user's credentials. Therefore, the user has to trust mailcow to handle their external credentials securely. No Mailpassword or App Password is required to use a mail client.<br>To enable this flow, the mailcow client in Keycloak must have <code>Direct access grants</code> checked under <code>Authentication Flow</code>.",
         "iam_client_id": "Client Id",
         "iam_client_secret": "Client Secret",
         "iam_description": "Here, you can configure the integration with an external Keycloak service. The Keycloak user's mailboxes will be automatically created upon their first login, provided that a attribute mapping has been set.",
         "iam_realm": "Realm",
         "iam_redirect_url": "Redirect Url",
+        "iam_ropc_flow": "Resource Owner Password Flow",
+        "iam_rest_flow": "Mailpassword Flow",
         "iam_mapping": "Attribute Mapping",
         "iam_server_url": "Server Url",
         "iam_sso": "SSO",
diff --git a/data/web/templates/admin/tab-config-identity-provider.twig b/data/web/templates/admin/tab-config-identity-provider.twig
index 13bbc7553..1eb9aef39 100644
--- a/data/web/templates/admin/tab-config-identity-provider.twig
+++ b/data/web/templates/admin/tab-config-identity-provider.twig
@@ -49,7 +49,7 @@
             <input type="text" class="form-control" id="iam_version" name="version" value="{{ identity_provider_settings.version }}" required>
           </div>
         </div>
-        <div class="row mb-2">
+        <div class="row mb-4">
           <label class="control-label col-sm-3 text-sm-end" for="iam_version">{{ lang.admin.iam_mapping }}:</label>
           <div class="col-4 d-flex mb-2">
             <span class="w-100 me-2">Attribute</span>
@@ -83,13 +83,32 @@
           </div>
           {% endif %}
         </div>
+        <div class="row mb-2">
+          <label class="control-label col-sm-3 text-sm-end">{{ lang.admin.iam_auth_flow }}</label>
+          <div class="col-sm-9">
+            <div class="btn-group">
+              <input type="radio" class="btn-check" name="login_flow" id="iam_login_flow_rest" autocomplete="off" value="rest" {% if  identity_provider_settings.login_flow != 'ropc' %}checked{% endif %}>
+              <label class="btn btn-sm btn-xs-quart d-block d-sm-inline btn-secondary" for="iam_login_flow_rest">{{ lang.admin.iam_rest_flow }}</label>
+
+              <input type="radio" class="btn-check" name="login_flow" id="iam_login_flow_ropc" autocomplete="off" value="ropc" {% if  identity_provider_settings.login_flow == 'ropc' %}checked{% endif %}>
+              <label class="btn btn-sm btn-xs-quart d-block d-sm-inline btn-secondary" for="iam_login_flow_ropc">{{ lang.admin.iam_ropc_flow }}</label>
+            </div>
+            <p class="text-muted">
+              <small>
+                {{ lang.admin.iam_auth_flow_info|raw }}<br>
+                {{ lang.admin.iam_auth_flow_rest_info|raw }}<br>
+                {{ lang.admin.iam_auth_flow_ropc_info|raw }}
+              </small>
+            </p>
+          </div>
+        </div>
         <div class="row mt-4 mb-2">
-          <div class="offset-sm-3 col-sm-9">
+          <div class="offset-sm-3 col-sm-9 d-flex">
             <div class="btn-group">   
               <button id="iam_test_connection" class="btn btn-sm d-block d-sm-inline btn-secondary"><i class="bi bi-play"></i> {{ lang.admin.iam_test_connection }}</button>
               <button class="btn btn-sm d-block d-sm-inline btn-success" data-item="iam_sso" data-action="edit_selected" data-id="iam_sso" data-api-url='edit/identity-provider' data-api-attr='{}'><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
             </div>
-            <button class="btn btn-sm d-block d-sm-inline btn-danger ms-2" data-item="identity-provider" data-action="delete_selected" data-id="iam_sso" data-api-url='delete/identity-provider'><i class="bi bi-trash"></i> {{ lang.mailbox.remove }}</button>
+            <button class="btn btn-sm d-block d-sm-inline btn-danger ms-auto" data-item="identity-provider" data-action="delete_selected" data-id="iam_sso" data-api-url='delete/identity-provider'><i class="bi bi-trash"></i> {{ lang.mailbox.remove }}</button>
           </div>
         </div>
       </form>

From dca5f1baab2ed5a0d5e8309df6b2909a15ed70a4 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 12 Apr 2023 15:32:22 +0200
Subject: [PATCH 059/755] [Web] move /process/login to internal endpoint

---
 .gitignore                                    |  1 +
 data/Dockerfiles/dovecot/docker-entrypoint.sh | 10 ++--
 data/conf/dovecot/auth/mailcowauth.php        | 54 +++++++++++++++++++
 data/conf/nginx/mailcow_auth.conf             | 23 ++++++++
 data/web/inc/functions.auth.inc.php           | 27 ++++------
 data/web/inc/functions.inc.php                | 19 +++++++
 data/web/inc/prerequisites.inc.php            | 17 +-----
 data/web/json_api.php                         | 20 -------
 docker-compose.yml                            |  8 +++
 generate_config.sh                            |  2 +-
 10 files changed, 123 insertions(+), 58 deletions(-)
 create mode 100644 data/conf/dovecot/auth/mailcowauth.php
 create mode 100644 data/conf/nginx/mailcow_auth.conf

diff --git a/.gitignore b/.gitignore
index e25639a70..e1e8e8882 100644
--- a/.gitignore
+++ b/.gitignore
@@ -69,3 +69,4 @@ rebuild-images.sh
 refresh_images.sh
 update_diffs/
 create_cold_standby.sh
+!data/conf/nginx/mailcow_auth.conf
diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index 9755398e7..ca06108dc 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -152,13 +152,14 @@ function auth_password_verify(request, password)
   -- check against mailbox passwds
   local b, c = https.request {
     method = "POST",
-    url = "https://nginx/api/v1/process/login",
+    url = "https://nginx:9082",
     source = ltn12.source.string(req_json),
     headers = {
       ["content-type"] = "application/json",
       ["content-length"] = tostring(#req_json)
     },
-    sink = ltn12.sink.table(res)
+    sink = ltn12.sink.table(res),
+    insecure = true
   }
   local api_response = json.decode(table.concat(res))
   if api_response.role == 'user' then
@@ -182,13 +183,14 @@ function auth_password_verify(request, password)
 
     local b, c = https.request {
       method = "POST",
-      url = "https://nginx/api/v1/process/login",
+      url = "https://nginx:9082",
       source = ltn12.source.string(req_json),
       headers = {
         ["content-type"] = "application/json",
         ["content-length"] = tostring(#req_json)
       },
-      sink = ltn12.sink.table(res)
+      sink = ltn12.sink.table(res),
+      insecure = true
     }
     local api_response = json.decode(table.concat(res))
     if api_response.role == 'user' then
diff --git a/data/conf/dovecot/auth/mailcowauth.php b/data/conf/dovecot/auth/mailcowauth.php
new file mode 100644
index 000000000..57dffdb57
--- /dev/null
+++ b/data/conf/dovecot/auth/mailcowauth.php
@@ -0,0 +1,54 @@
+<?php
+header('Content-Type: application/json');
+
+$post = trim(file_get_contents('php://input'));
+if ($post) {
+  $post = json_decode($post, true);
+}
+
+$return = array("success" => false, "role" => false);
+if(!isset($post['username']) || !isset($post['password'])){
+  echo json_encode($return); 
+  exit();
+}
+
+require_once('../../../web/inc/vars.inc.php');
+if (file_exists('../../../web/inc/vars.local.inc.php')) {
+  include_once('../../../web/inc/vars.local.inc.php');
+}
+require_once '../../../web/inc/lib/vendor/autoload.php';
+
+// Do not show errors, we log to using error_log
+ini_set('error_reporting', 0);
+// Init database
+//$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
+$dsn = $database_type . ":unix_socket=" . $database_sock . ";dbname=" . $database_name;
+$opt = [
+    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
+    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+    PDO::ATTR_EMULATE_PREPARES   => false,
+];
+try {
+  $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
+}
+catch (PDOException $e) {
+  error_log("MAILCOWAUTH: " . $e . PHP_EOL);
+  http_response_code(501);
+  exit;
+}
+
+// Load core functions first
+require_once 'functions.inc.php';
+require_once 'functions.auth.inc.php';
+require_once 'sessions.inc.php';
+
+// Init Keycloak Provider
+$iam_provider = identity_provider('init');
+
+$result = check_login($post['username'], $post['password'], $post['protocol'], true);
+if ($result) {
+  $return = array("success" => true, "role" => $result);
+}
+
+echo json_encode($return); 
+exit();
diff --git a/data/conf/nginx/mailcow_auth.conf b/data/conf/nginx/mailcow_auth.conf
new file mode 100644
index 000000000..3e4a8c736
--- /dev/null
+++ b/data/conf/nginx/mailcow_auth.conf
@@ -0,0 +1,23 @@
+server {
+  listen 9082 ssl http2;
+
+  ssl_certificate /etc/ssl/mail/cert.pem;
+  ssl_certificate_key /etc/ssl/mail/key.pem;
+
+  index mailcowauth.php;
+  server_name _;
+  error_log  /var/log/nginx/error.log;
+  access_log /var/log/nginx/access.log;
+  root /mailcowauth;
+  client_max_body_size 10M;
+
+  location ~ \.php$ {
+    client_max_body_size 10M;
+    try_files $uri =404;
+    fastcgi_split_path_info ^(.+\.php)(/.+)$;
+    fastcgi_pass phpfpm:9001;
+    include fastcgi_params;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    fastcgi_param PATH_INFO $fastcgi_path_info;
+  }
+}
diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 83c9ba8b1..d68a7b6e5 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -9,7 +9,7 @@ function unset_auth_session(){
   unset($_SESSION['pending_mailcow_cc_role']);
   unset($_SESSION['pending_tfa_methods']);
 }
-function check_login($user, $pass, $app_passwd_data = false) {
+function check_login($user, $pass, $app_passwd_data = false, $is_internal = false) {
   global $pdo;
   global $redis;
 
@@ -35,12 +35,6 @@ function check_login($user, $pass, $app_passwd_data = false) {
   }
 
   // Validate mailbox user
-  // skip log & ldelay if requests comes from dovecot
-  $is_dovecot = false;
-  $request_ip =  $_SERVER['REMOTE_ADDR'];
-  if ($request_ip == getenv('IPV4_NETWORK').'.250'){
-    $is_dovecot = true;
-  }
   // check authsource
   $stmt = $pdo->prepare("SELECT authsource FROM `mailbox`
       INNER JOIN domain on mailbox.domain = domain.domain
@@ -54,9 +48,9 @@ function check_login($user, $pass, $app_passwd_data = false) {
     // mbox does not exist, call keycloak login and create mbox if possible
     $identity_provider_settings = identity_provider('get');
     if ($identity_provider_settings['login_flow'] == 'ropc'){
-      $result = keycloak_mbox_login_ropc($user, $pass, $identity_provider_settings, $is_dovecot, true);
+      $result = keycloak_mbox_login_ropc($user, $pass, $identity_provider_settings, $is_internal, true);
     } else {
-      $result = keycloak_mbox_login_rest($user, $pass, $identity_provider_settings, $is_dovecot, true);
+      $result = keycloak_mbox_login_rest($user, $pass, $identity_provider_settings, $is_internal, true);
     }
     if ($result){
       return $result;
@@ -64,7 +58,7 @@ function check_login($user, $pass, $app_passwd_data = false) {
   } else if ($row['authsource'] == 'keycloak'){
     if ($app_passwd_data){
       // first check if password is app_password
-      $result = mailcow_mbox_apppass_login($user, $pass, $app_passwd_data, $is_dovecot);
+      $result = mailcow_mbox_apppass_login($user, $pass, $app_passwd_data, $is_internal);
       if ($result){
         return $result;
       }
@@ -72,9 +66,9 @@ function check_login($user, $pass, $app_passwd_data = false) {
 
     $identity_provider_settings = identity_provider('get');
     if ($identity_provider_settings['login_flow'] == 'ropc'){
-      $result = keycloak_mbox_login_ropc($user, $pass, $identity_provider_settings, $is_dovecot);
+      $result = keycloak_mbox_login_ropc($user, $pass, $identity_provider_settings, $is_internal);
     } else {
-      $result = keycloak_mbox_login_rest($user, $pass, $identity_provider_settings, $is_dovecot);
+      $result = keycloak_mbox_login_rest($user, $pass, $identity_provider_settings, $is_internal);
     }
     if ($result){
       return $result;
@@ -82,21 +76,20 @@ function check_login($user, $pass, $app_passwd_data = false) {
   } else {
     if ($app_passwd_data){
       // first check if password is app_password
-      $result = mailcow_mbox_apppass_login($user, $pass, $app_passwd_data, $is_dovecot);
+      $result = mailcow_mbox_apppass_login($user, $pass, $app_passwd_data, $is_internal);
       if ($result){
         return $result;
       }
     }
 
-    $result = mailcow_mbox_login($user, $pass, $app_passwd_data, $is_dovecot);
+    $result = mailcow_mbox_login($user, $pass, $app_passwd_data, $is_internal);
     if ($result){
       return $result;
     }
   }
 
-  // skip log and only return false
-  // netfilter uses dovecot error log for banning
-  if ($is_dovecot){
+  // skip log and only return false if it's an internal request
+  if ($is_internal){
     return false;
   }
   if (!isset($_SESSION['ldelay'])) {
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 9ee4d0d09..b88133e50 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2214,6 +2214,25 @@ function identity_provider($_action, $_data = null, $hide_secret = false) {
 
       return true;
     break;
+    case "init":
+      $identity_provider_settings = identity_provider('get');
+      $provider = null;
+      if ($identity_provider_settings['server_url'] && $identity_provider_settings['realm'] && $identity_provider_settings['client_id'] &&
+          $identity_provider_settings['client_secret'] && $identity_provider_settings['redirect_url'] && $identity_provider_settings['version']){
+        $provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
+          'authServerUrl'         => $identity_provider_settings['server_url'],
+          'realm'                 => $identity_provider_settings['realm'],
+          'clientId'              => $identity_provider_settings['client_id'],
+          'clientSecret'          => $identity_provider_settings['client_secret'],
+          'redirectUri'           => $identity_provider_settings['redirect_url'],
+          'version'               => $identity_provider_settings['version'],                            
+          // 'encryptionAlgorithm'   => 'RS256',                             // optional
+          // 'encryptionKeyPath'     => '../key.pem'                         // optional
+          // 'encryptionKey'         => 'contents_of_key_or_certificate'     // optional
+        ]);
+      }
+      return $provider;
+    break;
   }
 }
 
diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php
index d0ed31091..90cff4b22 100644
--- a/data/web/inc/prerequisites.inc.php
+++ b/data/web/inc/prerequisites.inc.php
@@ -179,22 +179,7 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.auth.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/sessions.inc.php';
 
 // Init Keycloak Provider
-$identity_provider_settings = identity_provider('get');
-$keycloak_provider = null;
-if ($identity_provider_settings['server_url'] && $identity_provider_settings['realm'] && $identity_provider_settings['client_id'] &&
-    $identity_provider_settings['client_secret'] && $identity_provider_settings['redirect_url'] && $identity_provider_settings['version']){
-  $keycloak_provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
-    'authServerUrl'         => $identity_provider_settings['server_url'],
-    'realm'                 => $identity_provider_settings['realm'],
-    'clientId'              => $identity_provider_settings['client_id'],
-    'clientSecret'          => $identity_provider_settings['client_secret'],
-    'redirectUri'           => $identity_provider_settings['redirect_url'],
-    'version'               => $identity_provider_settings['version'],                            
-    // 'encryptionAlgorithm'   => 'RS256',                             // optional
-    // 'encryptionKeyPath'     => '../key.pem'                         // optional
-    // 'encryptionKey'         => 'contents_of_key_or_certificate'     // optional
-  ]);
-}
+$keycloak_provider = identity_provider('init');
 
 // IMAP lib
 // use Ddeboer\Imap\Server;
diff --git a/data/web/json_api.php b/data/web/json_api.php
index 9564af888..69b236d7a 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -401,26 +401,6 @@ if (isset($_GET['query'])) {
           );
           echo json_encode($return);
         break;
-        case "login":
-          header('Content-Type: application/json');
-          $post = trim(file_get_contents('php://input'));
-          if ($post) {
-            $post = json_decode($post, true);
-          }
-
-          $return = array("success" => false, "role" => false);
-          if(!isset($post['username']) || !isset($post['password'])){
-            echo json_encode($return); 
-            return;
-          }
-          $result = check_login($post['username'], $post['password'], $post['protocol']);
-          if ($result) {
-            $return = array("success" => true, "role" => $result);
-          }
-
-          echo json_encode($return); 
-          return;
-        break;
       }
     break;
     case "get":
diff --git a/docker-compose.yml b/docker-compose.yml
index df545c15e..fffa193c8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -120,6 +120,10 @@ services:
         - ./data/web:/web:z
         - ./data/conf/rspamd/dynmaps:/dynmaps:ro,z
         - ./data/conf/rspamd/custom/:/rspamd_custom_maps:z
+        - ./data/conf/dovecot/auth/mailcowauth.php:/mailcowauth/mailcowauth.php:z
+        - ./data/web/inc/functions.inc.php:/mailcowauth/functions.inc.php:z
+        - ./data/web/inc/functions.auth.inc.php:/mailcowauth/functions.auth.inc.php:z
+        - ./data/web/inc/sessions.inc.php:/mailcowauth/sessions.inc.php:z
         - rspamd-vol-1:/var/lib/rspamd
         - mysql-socket-vol-1:/var/run/mysqld/
         - ./data/conf/sogo/:/etc/sogo/:z
@@ -389,6 +393,10 @@ services:
         - ./data/assets/ssl/:/etc/ssl/mail/:ro,z
         - ./data/conf/nginx/:/etc/nginx/conf.d/:z
         - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
+        - ./data/conf/dovecot/auth/mailcowauth.php:/mailcowauth/mailcowauth.php:z
+        - ./data/web/inc/functions.inc.php:/mailcowauth/functions.inc.php:z
+        - ./data/web/inc/functions.auth.inc.php:/mailcowauth/functions.auth.inc.php:z
+        - ./data/web/inc/sessions.inc.php:/mailcowauth/sessions.inc.php:z
         - sogo-web-vol-1:/usr/lib/GNUstep/SOGo/
       ports:
         - "${HTTPS_BIND:-}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
diff --git a/generate_config.sh b/generate_config.sh
index 05d9ee2f1..6fdc25537 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -258,7 +258,7 @@ DBROOT=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
 # Might be important: This will also change the binding within the container.
 # If you use a proxy within Docker, point it to the ports you set below.
 # Do _not_ use IP:PORT in HTTP(S)_BIND or HTTP(S)_PORT
-# IMPORTANT: Do not use port 8081, 9081 or 65510!
+# IMPORTANT: Do not use port 8081, 9081, 9082 or 65510!
 # Example: HTTP_BIND=1.2.3.4
 # For IPv4 leave it as it is: HTTP_BIND= & HTTPS_PORT=
 # For IPv6 see https://docs.mailcow.email/post_installation/firststeps-ip_bindings/

From e202d00bebb6937cf2aca726cba79534b5bf0a53 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 16 May 2023 09:56:23 +0200
Subject: [PATCH 060/755] [Dovecot] group auth files

---
 data/Dockerfiles/dovecot/docker-entrypoint.sh | 24 +++++++++----------
 data/conf/dovecot/auth/mailcowauth.php        |  2 +-
 data/conf/dovecot/dovecot.conf                |  4 ++--
 3 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index ca06108dc..a2a4554bc 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -28,7 +28,7 @@ ${REDIS_CMDLINE} SET DOVECOT_REPL_HEALTH 1 > /dev/null
 
 # Create missing directories
 [[ ! -d /etc/dovecot/sql/ ]] && mkdir -p /etc/dovecot/sql/
-[[ ! -d /etc/dovecot/lua/ ]] && mkdir -p /etc/dovecot/lua/
+[[ ! -d /etc/dovecot/auth/ ]] && mkdir -p /etc/dovecot/auth/
 [[ ! -d /var/vmail/_garbage ]] && mkdir -p /var/vmail/_garbage
 [[ ! -d /var/vmail/sieve ]] && mkdir -p /var/vmail/sieve
 [[ ! -d /etc/sogo ]] && mkdir -p /etc/sogo
@@ -128,7 +128,7 @@ user_query = SELECT CONCAT(JSON_UNQUOTE(JSON_VALUE(attributes, '$.mailbox_format
 iterate_query = SELECT username FROM mailbox WHERE active = '1' OR active = '2';
 EOF
 
-cat <<EOF > /etc/dovecot/lua/passwd-verify.lua
+cat <<EOF > /etc/dovecot/auth/passwd-verify.lua
 function auth_password_verify(request, password)
   if request.domain == nil then
     return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "No such user"
@@ -173,10 +173,10 @@ function auth_password_verify(request, password)
   -- check against app passwds for imap and smtp
   -- app passwords are only available for imap, smtp, sieve and pop3 when using sasl
   if request.service == "smtp" or request.service == "imap" or request.service == "sieve" or request.service == "pop3" then
-    skip_sasl_log = true
+    skip_sasl_log = false
     req.protocol = {}
     if tostring(req.real_rip) ~= "__IPV4_SOGO__" then
-      skip_sasl_log = false
+      skip_sasl_log = true
       req.protocol[request.service] = true
     end
     req_json = json.encode(req)
@@ -194,7 +194,7 @@ function auth_password_verify(request, password)
     }
     local api_response = json.decode(table.concat(res))
     if api_response.role == 'user' then
-      if skip_sasl_log == true then
+      if skip_sasl_log == false then
         con:execute(string.format([[REPLACE INTO sasl_log (service, app_password, username, real_rip)
           VALUES ("%s", %d, "%s", "%s")]], con:escape(req.service), row.id, con:escape(req.user), con:escape(req.real_rip)))
       end
@@ -213,10 +213,10 @@ end
 EOF
 
 # Replace patterns in app-passdb.lua
-sed -i "s/__DBUSER__/${DBUSER}/g" /etc/dovecot/lua/passwd-verify.lua
-sed -i "s/__DBPASS__/${DBPASS}/g" /etc/dovecot/lua/passwd-verify.lua
-sed -i "s/__DBNAME__/${DBNAME}/g" /etc/dovecot/lua/passwd-verify.lua
-sed -i "s/__IPV4_SOGO__/${IPV4_NETWORK}.248/g" /etc/dovecot/lua/passwd-verify.lua
+sed -i "s/__DBUSER__/${DBUSER}/g" /etc/dovecot/auth/passwd-verify.lua
+sed -i "s/__DBPASS__/${DBPASS}/g" /etc/dovecot/auth/passwd-verify.lua
+sed -i "s/__DBNAME__/${DBNAME}/g" /etc/dovecot/auth/passwd-verify.lua
+sed -i "s/__IPV4_SOGO__/${IPV4_NETWORK}.248/g" /etc/dovecot/auth/passwd-verify.lua
 
 
 # Migrate old sieve_after file
@@ -342,8 +342,8 @@ done
 
 # Fix permissions
 chown root:root /etc/dovecot/sql/*.conf
-chown root:dovecot /etc/dovecot/sql/dovecot-dict-sql-sieve* /etc/dovecot/sql/dovecot-dict-sql-quota* /etc/dovecot/lua/passwd-verify.lua
-chmod 640 /etc/dovecot/sql/*.conf /etc/dovecot/lua/passwd-verify.lua
+chown root:dovecot /etc/dovecot/sql/dovecot-dict-sql-sieve* /etc/dovecot/sql/dovecot-dict-sql-quota* /etc/dovecot/auth/passwd-verify.lua
+chmod 640 /etc/dovecot/sql/*.conf /etc/dovecot/auth/passwd-verify.lua
 chown -R vmail:vmail /var/vmail/sieve
 chown -R vmail:vmail /var/volatile
 chown -R vmail:vmail /var/vmail_index
@@ -412,7 +412,7 @@ done
 
 # For some strange, unknown and stupid reason, Dovecot may run into a race condition, when this file is not touched before it is read by dovecot/auth
 # May be related to something inside Docker, I seriously don't know
-touch /etc/dovecot/lua/passwd-verify.lua
+touch /etc/dovecot/auth/passwd-verify.lua
 
 if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
   cp /etc/syslog-ng/syslog-ng-redis_slave.conf /etc/syslog-ng/syslog-ng.conf
diff --git a/data/conf/dovecot/auth/mailcowauth.php b/data/conf/dovecot/auth/mailcowauth.php
index 57dffdb57..fa505d709 100644
--- a/data/conf/dovecot/auth/mailcowauth.php
+++ b/data/conf/dovecot/auth/mailcowauth.php
@@ -42,7 +42,7 @@ require_once 'functions.inc.php';
 require_once 'functions.auth.inc.php';
 require_once 'sessions.inc.php';
 
-// Init Keycloak Provider
+// Init provider
 $iam_provider = identity_provider('init');
 
 $result = check_login($post['username'], $post['password'], $post['protocol'], true);
diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf
index 729686fb1..f2c917eff 100644
--- a/data/conf/dovecot/dovecot.conf
+++ b/data/conf/dovecot/dovecot.conf
@@ -52,7 +52,7 @@ mail_shared_explicit_inbox = yes
 mail_prefetch_count = 30
 passdb {
   driver = lua
-  args = file=/etc/dovecot/lua/passwd-verify.lua blocking=yes
+  args = file=/etc/dovecot/auth/passwd-verify.lua blocking=yes
   result_success = return-ok
   result_failure = continue
   result_internalfail = continue
@@ -68,7 +68,7 @@ passdb {
 # a return of the following passdb is mandatory
 passdb {
   driver = lua
-  args = file=/etc/dovecot/lua/passwd-verify.lua blocking=yes
+  args = file=/etc/dovecot/auth/passwd-verify.lua blocking=yes
 }
 # Set doveadm_password=your-secret-password in data/conf/dovecot/extra.conf (create if missing)
 service doveadm {

From 593e581cf3775e4add21ffa8b126ffa5f55e33af Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 16 May 2023 10:40:52 +0200
Subject: [PATCH 061/755] [Web] move iam sso functions

---
 data/web/inc/functions.auth.inc.php | 178 -----------------------
 data/web/inc/functions.inc.php      | 209 ++++++++++++++++++++++++++++
 data/web/inc/prerequisites.inc.php  |   4 +-
 data/web/inc/triggers.inc.php       |  27 ++--
 4 files changed, 222 insertions(+), 196 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index d68a7b6e5..fbb79ed8a 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -1,14 +1,4 @@
 <?php
-function unset_auth_session(){
-  unset($_SESSION['keycloak_token']);
-  unset($_SESSION['keycloak_refresh_token']);
-  unset($_SESSION['mailcow_cc_username']);
-  unset($_SESSION['mailcow_cc_role']);
-  unset($_SESSION['oauth2state']);
-  unset($_SESSION['pending_mailcow_cc_username']);
-  unset($_SESSION['pending_mailcow_cc_role']);
-  unset($_SESSION['pending_tfa_methods']);
-}
 function check_login($user, $pass, $app_passwd_data = false, $is_internal = false) {
   global $pdo;
   global $redis;
@@ -503,171 +493,3 @@ function keycloak_mbox_login_rest($user, $pass, $iam_settings, $is_internal = fa
   );
   return 'user';
 }
-// Authorization Code Flow
-function keycloak_verify_token(){
-  global $keycloak_provider;
-  global $pdo;
-
-  try {
-    $token = $keycloak_provider->getAccessToken('authorization_code', ['code' => $_GET['code']]);
-  } catch (Exception $e) {
-    $_SESSION['return'][] =  array(
-      'type' => 'danger',
-      'log' => array(__FUNCTION__),
-      'msg' => array('login_failed', $e->getMessage())
-    );
-    return false;
-  }
-  
-  $_SESSION['keycloak_token'] = $token->getToken();
-  $_SESSION['keycloak_refresh_token'] = $token->getRefreshToken();
-  // decode jwt data
-  $info = json_decode(base64_decode(str_replace('_', '/', str_replace('-','+',explode('.', $token->getToken())[1]))), true);
-  // check if email address is given
-  if (!$info['email']){
-    return false;
-  }
-
-
-  // token valid, get mailbox
-  $stmt = $pdo->prepare("SELECT * FROM `mailbox`
-    INNER JOIN domain on mailbox.domain = domain.domain
-    WHERE `kind` NOT REGEXP 'location|thing|group'
-      AND `mailbox`.`active`='1'
-      AND `domain`.`active`='1'
-      AND `username` = :user
-      AND `authsource`='keycloak'");
-  $stmt->execute(array(':user' => $info['email']));
-  $row = $stmt->fetch(PDO::FETCH_ASSOC);
-  if ($row){
-    // success
-    $_SESSION['mailcow_cc_username'] = $info['email'];
-    $_SESSION['mailcow_cc_role'] = "user";
-    $_SESSION['return'][] =  array(
-      'type' => 'success',
-      'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
-      'msg' => array('logged_in_as', $_SESSION['mailcow_cc_username'])
-    );
-    return true;
-  }
-  // get mapped template, if not set return false
-  // also return false if no mappers were defined
-  $identity_provider_settings = identity_provider('get');
-  $user_template = $info['mailcow_template'];
-  if (empty($identity_provider_settings['mappers']) || empty($user_template)){
-    unset_auth_session();  
-    $_SESSION['return'][] =  array(
-      'type' => 'danger',
-      'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
-      'msg' => 'login_failed'
-    );
-    return false;
-  }
-  $mbox_template = null;
-  // check if matching rolemapping exist
-  foreach ($identity_provider_settings['mappers'] as $index => $mapper){
-    if ($user_template == $mapper) {
-      $mbox_template = $identity_provider_settings['templates'][$index];
-      break;
-    }
-  }
-  if (!$mbox_template){
-    // no matching template found
-    unset_auth_session();  
-    $_SESSION['return'][] =  array(
-      'type' => 'danger',
-      'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
-      'msg' => 'login_failed'
-    );
-    return false;
-  }
-  $stmt = $pdo->prepare("SELECT * FROM `templates` 
-  WHERE `template` = :template AND type = 'mailbox'");
-  $stmt->execute(array(
-    ":template" => $mbox_template
-  ));
-  $mbox_template_data = $stmt->fetch(PDO::FETCH_ASSOC);
-  if (empty($mbox_template_data)){
-    unset_auth_session();  
-    $_SESSION['return'][] =  array(
-      'type' => 'danger',
-      'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
-      'msg' => 'login_failed'
-    );
-    return false;
-  }
-
-  // create mailbox
-  $mbox_template_data = json_decode($mbox_template_data["attributes"], true);
-  $mbox_template_data['domain'] = explode('@', $info['email'])[1];
-  $mbox_template_data['local_part'] = explode('@', $info['email'])[0];
-  $mbox_template_data['authsource'] = 'keycloak';
-  $_SESSION['iam_create_login'] = true;
-  $create_res = mailbox('add', 'mailbox', $mbox_template_data);
-  $_SESSION['iam_create_login'] = false;
-  if (!$create_res){
-    unset_auth_session();  
-    $_SESSION['return'][] =  array(
-      'type' => 'danger',
-      'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
-      'msg' => 'login_failed'
-    );
-    return false;
-  }
-
-  $_SESSION['mailcow_cc_username'] = $info['email'];
-  $_SESSION['mailcow_cc_role'] = "user";
-  $_SESSION['return'][] =  array(
-    'type' => 'success',
-    'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
-    'msg' => array('logged_in_as', $_SESSION['mailcow_cc_username'])
-  );
-  return true;
-}
-function keycloak_refresh(){
-  global $keycloak_provider;
-
-  try {
-    $token = $keycloak_provider->getAccessToken('refresh_token', ['refresh_token' => $_SESSION['keycloak_refresh_token']]);
-  } catch (Exception $e) {
-    $_SESSION['return'][] =  array(
-      'type' => 'danger',
-      'log' => array(__FUNCTION__),
-      'msg' => array('login_failed', $e->getMessage())
-    );
-    return false;
-  }
-
-  $_SESSION['keycloak_token'] = $token->getToken();
-  $_SESSION['keycloak_refresh_token'] = $token->getRefreshToken();
-  // decode jwt data
-  $info = json_decode(base64_decode(str_replace('_', '/', str_replace('-','+',explode('.', $_SESSION['keycloak_token'])[1]))), true);
-  if (!$info['email']){
-    unset_auth_session();  
-    $_SESSION['return'][] =  array(
-      'type' => 'danger',
-      'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
-      'msg' => 'refresh_login_failed'
-    );
-  }
-
-  $_SESSION['mailcow_cc_username'] = $info['email'];
-  $_SESSION['mailcow_cc_role'] = "user";
-  return true;
-}
-function keycloak_get_redirect(){
-  global $keycloak_provider;
-
-  $authUrl = $keycloak_provider->getAuthorizationUrl();
-  $_SESSION['oauth2state'] = $keycloak_provider->getState();
-
-  return $authUrl;
-}
-function keycloak_get_logout(){
-  global $keycloak_provider;
-
-  $logoutUrl = $keycloak_provider->getLogoutUrl();
-  $logoutUrl = $logoutUrl . "&post_logout_redirect_uri=https://" . $_SERVER['SERVER_NAME'];
-
-  return $logoutUrl;
-}
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index b88133e50..61d21ae30 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2233,8 +2233,217 @@ function identity_provider($_action, $_data = null, $hide_secret = false) {
       }
       return $provider;
     break;
+    case "verify-sso":
+      $provider = $_data['iam_provider'];
+    
+      try {
+        $token = $provider->getAccessToken('authorization_code', ['code' => $_GET['code']]);
+      } catch (Exception $e) {
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__),
+          'msg' => array('login_failed', $e->getMessage())
+        );
+        return false;
+      }
+      try {
+        $_SESSION['iam_token'] = $token->getToken();
+        $_SESSION['iam_refresh_token'] = $token->getRefreshToken();
+        $info = $provider->getResourceOwner($token)->toArray();
+      } catch (Throwable $e) {
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__),
+          'msg' => array('login_failed', $e->getMessage())
+        );
+        return false;
+      }
+      
+      // check if email address is given
+      if (empty($info['email'])) return false;
+    
+      // token valid, get mailbox
+      $stmt = $pdo->prepare("SELECT * FROM `mailbox`
+        INNER JOIN domain on mailbox.domain = domain.domain
+        WHERE `kind` NOT REGEXP 'location|thing|group'
+          AND `mailbox`.`active`='1'
+          AND `domain`.`active`='1'
+          AND `username` = :user
+          AND `authsource`='keycloak' OR `authsource`='generic-oidc'");
+      $stmt->execute(array(':user' => $info['email']));
+      $row = $stmt->fetch(PDO::FETCH_ASSOC);
+      if ($row){
+        // success
+        $_SESSION['mailcow_cc_username'] = $info['email'];
+        $_SESSION['mailcow_cc_role'] = "user";
+        $_SESSION['return'][] =  array(
+          'type' => 'success',
+          'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
+          'msg' => array('logged_in_as', $_SESSION['mailcow_cc_username'])
+        );
+        return true;
+      }
+    
+      // get mapped template, if not set return false
+      // also return false if no mappers were defined
+      $provider = identity_provider('get');
+      $user_template = $info['mailcow_template'];
+      if (empty($provider['mappers']) || empty($user_template)){
+        clear_session();  
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
+          'msg' => 'login_failed'
+        );
+        return false;
+      }
+    
+      // check if matching attribute exist
+      if (array_search($user_template, $provider['mappers']) === false) {
+        clear_session();  
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
+          'msg' => 'login_failed'
+        );
+        return false;
+      }
+    
+      // create mailbox
+      $create_res = mailbox('add', 'mailbox_from_template', array(
+        'domain' => explode('@', $info['email'])[1],
+        'local_part' => explode('@', $info['email'])[0],
+        'authsource' => identity_provider('get')['authsource'],
+        'template' => $user_template
+      ));
+      if (!$create_res){
+        clear_session();  
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
+          'msg' => 'login_failed'
+        );
+        return false;
+      }
+    
+      $_SESSION['mailcow_cc_username'] = $info['email'];
+      $_SESSION['mailcow_cc_role'] = "user";
+      $_SESSION['return'][] =  array(
+        'type' => 'success',
+        'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
+        'msg' => array('logged_in_as', $_SESSION['mailcow_cc_username'])
+      );
+      return true;
+    break;
+    case "refresh-token":
+      $provider = $_data['iam_provider'];
+
+      try {
+        $token = $provider->getAccessToken('refresh_token', ['refresh_token' => $_SESSION['iam_refresh_token']]);
+      } catch (Exception $e) {
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__),
+          'msg' => array('login_failed', $e->getMessage())
+        );
+        return false;
+      }
+      try {
+        $_SESSION['iam_token'] = $token->getToken();
+        $_SESSION['iam_refresh_token'] = $token->getRefreshToken();
+        $info = $provider->getResourceOwner($token)->toArray();
+      } catch (Throwable $e) {
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__),
+          'msg' => array('login_failed', $e->getMessage())
+        );
+        return false;
+      }
+
+      if (empty($info['email'])){
+        clear_session();  
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
+          'msg' => 'refresh_login_failed'
+        );
+        return false;
+      }
+    
+      $_SESSION['mailcow_cc_username'] = $info['email'];
+      $_SESSION['mailcow_cc_role'] = "user";
+      return true;
+    break;
+    case "get-redirect":
+      $provider = $_data['iam_provider'];
+      $authUrl = $provider->getAuthorizationUrl();
+      $_SESSION['oauth2state'] = $provider->getState();
+      return $authUrl;
+    break;
+    case "get-keycloak-admin-token":
+      // get access_token for service account of mailcow client
+      $iam_settings = identity_provider('get');
+      if ($iam_settings['authsource'] !== 'keycloak') return false;
+      if (isset($iam_settings['access_token'])) {
+        // check if access_token is valid
+        $url = "{$iam_settings['server_url']}/realms/{$iam_settings['realm']}/protocol/openid-connect/token/introspect";
+        $req = http_build_query(array(
+          'token'    => $iam_settings['access_token'],
+          'client_id'     => $iam_settings['client_id'],
+          'client_secret' => $iam_settings['client_secret']
+        ));
+        $curl = curl_init();
+        curl_setopt($curl, CURLOPT_URL, $url);
+        curl_setopt($curl, CURLOPT_POST, 1);
+        curl_setopt($curl, CURLOPT_POSTFIELDS, $req);
+        curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
+        curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
+        curl_setopt($curl, CURLOPT_TIMEOUT, 5);
+        $res = json_decode(curl_exec($curl), true);
+        $code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
+        curl_close ($curl);
+        if ($code == 200 && $res['active'] == true) {
+          // token is valid
+          return $iam_settings['access_token'];
+        }
+      }
+
+      $url = "{$iam_settings['server_url']}/realms/{$iam_settings['realm']}/protocol/openid-connect/token";
+      $req = http_build_query(array(
+        'grant_type'    => 'client_credentials',
+        'client_id'     => $iam_settings['client_id'],
+        'client_secret' => $iam_settings['client_secret']
+      ));
+      $curl = curl_init();
+      curl_setopt($curl, CURLOPT_URL, $url);
+      curl_setopt($curl, CURLOPT_POST, 1);
+      curl_setopt($curl, CURLOPT_POSTFIELDS, $req);
+      curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
+      curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
+      curl_setopt($curl, CURLOPT_TIMEOUT, 5);
+      $res = json_decode(curl_exec($curl), true);
+      $code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
+      curl_close ($curl);
+      if ($code != 200) {
+        return false;
+      }
+      
+      $stmt = $pdo->prepare("INSERT INTO identity_provider (`key`, `value`) VALUES (:key, :value) ON DUPLICATE KEY UPDATE `value` = VALUES(`value`);");
+      $stmt->execute(array(
+        ':key' => 'access_token',
+        ':value' => $res['access_token']
+      ));
+      return $res['access_token'];
+    break;
   }
 }
+function clear_session(){
+  session_regenerate_id(true);
+  session_unset();
+  session_destroy();
+  session_write_close();
+}
 
 function get_logs($application, $lines = false) {
   if ($lines === false) {
diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php
index 90cff4b22..fb30956f4 100644
--- a/data/web/inc/prerequisites.inc.php
+++ b/data/web/inc/prerequisites.inc.php
@@ -178,8 +178,8 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.auth.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/sessions.inc.php';
 
-// Init Keycloak Provider
-$keycloak_provider = identity_provider('init');
+// Init Identity Provider
+$iam_provider = identity_provider('init');
 
 // IMAP lib
 // use Ddeboer\Imap\Server;
diff --git a/data/web/inc/triggers.inc.php b/data/web/inc/triggers.inc.php
index 50722a797..c8333f979 100644
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -1,20 +1,20 @@
 <?php
-// handle keycloak authentication
-if ($keycloak_provider){
-  if (isset($_GET['keycloak_sso'])){
-    // redirect to keycloak for sso
-    $redirect_uri = keycloak_get_redirect();
+// handle iam authentication
+if ($iam_provider){
+  if (isset($_GET['iam_sso'])){
+    // redirect for sso
+    $redirect_uri = identity_provider('get-redirect', array('iam_provider' => $iam_provider));
     header('Location: ' . $redirect_uri);
     die();
   }
-  if ($_SESSION['keycloak_token'] && $_SESSION['keycloak_refresh_token']) {
+  if ($_SESSION['iam_token'] && $_SESSION['iam_refresh_token']) {
     // Session found, try to refresh
-    $isRefreshed = keycloak_refresh();
+    $isRefreshed = identity_provider('refresh-token', array('iam_provider' => $iam_provider));
 
     if (!$isRefreshed){
-      // Session could not be refreshed, clear and redirect to keycloak
-      unset_auth_session();
-      $redirect_uri = keycloak_get_redirect();
+      // Session could not be refreshed, clear and redirect to provider
+      clear_session();
+      $redirect_uri = identity_provider('get-redirect', array('iam_provider' => $iam_provider));
       header('Location: ' . $redirect_uri);
       die();
     }
@@ -22,12 +22,7 @@ if ($keycloak_provider){
     // Check given state against previously stored one to mitigate CSRF attack
     // Recieved access token in $_GET['code']
     // extract info and verify user
-    $isValid = keycloak_verify_token();
-
-    if (!$isValid){
-      // Token could not be verified, redirect to keycloak
-      $_SESSION['invalid_keycloak_sso'] = true;
-    }
+    identity_provider('verify-sso', array('iam_provider' => $iam_provider));
   }
 }
 

From 1ab1505c8883c052b2766ea2e4e7e8a4a3b81c4e Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 16 May 2023 10:44:14 +0200
Subject: [PATCH 062/755] [Web] remove sso login alertbox

---
 data/web/index.php            |  3 +--
 data/web/templates/index.twig | 11 ++---------
 2 files changed, 3 insertions(+), 11 deletions(-)

diff --git a/data/web/index.php b/data/web/index.php
index 05c50b01f..c44696b6d 100644
--- a/data/web/index.php
+++ b/data/web/index.php
@@ -29,8 +29,7 @@ $template_data = [
   'oauth2_request' => @$_SESSION['oauth2_request'],
   'is_mobileconfig' => str_contains($_SESSION['index_query_string'], 'mobileconfig'),
   'login_delay' => @$_SESSION['ldelay'],
-  'has_keycloak_sso' => ($keycloak_provider) ? true : false,
-  'invalid_keycloak_sso' => $_SESSION['invalid_keycloak_sso']
+  'has_iam_sso' => ($iam_provider) ? true : false
 ];
 
 $js_minifier->add('/web/js/site/index.js');
diff --git a/data/web/templates/index.twig b/data/web/templates/index.twig
index 35e53b828..98847d53e 100644
--- a/data/web/templates/index.twig
+++ b/data/web/templates/index.twig
@@ -26,13 +26,6 @@
         <div class="my-4 alert alert-info ">{{ lang.login.mobileconfig_info }}</div>
         {% endif %}
         <form method="post" autofill="off">
-          {% if invalid_keycloak_sso %}
-          <div class="d-flex mt-3 w-100">
-            <div class="alert alert-danger w-100" role="alert">
-              {{ lang.danger.iam_invalid_sso}}
-            </div>
-          </div>
-          {% endif %}
           <div class="d-flex mt-3">
             <label class="visually-hidden" for="login_user">{{ lang.login.username }}</label>
             <div class="input-group">
@@ -53,8 +46,8 @@
               <button type="button" class="btn btn-xs-lg btn-success dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false"></button>
               <ul class="dropdown-menu">
                 <li><a class="dropdown-item" href="#" id="fido2-login"><i class="bi bi-shield-fill-check"></i> {{ lang.login.fido2_webauthn }}</a></li>
-                {% if has_keycloak_sso %}
-                <li><a class="dropdown-item" href="/?keycloak_sso=1"><i class="bi bi-cloud-arrow-up-fill"></i> {{ lang.admin.iam_sso }}</a></li>
+                {% if has_iam_sso %}
+                <li><a class="dropdown-item" href="/?iam_sso=1"><i class="bi bi-cloud-arrow-up-fill"></i> {{ lang.admin.iam_sso }}</a></li>
                 {% endif %}
               </ul>
             </div>

From 3b6a1d50bd463b3db54403a9a3264bbcbd1af1e4 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 16 May 2023 10:58:45 +0200
Subject: [PATCH 063/755] [Web] add generic-oidc provider

---
 data/web/inc/functions.inc.php                | 141 ++++----
 data/web/inc/init_db.inc.php                  |   2 +-
 .../admin/tab-config-identity-provider.twig   | 300 ++++++++++++------
 3 files changed, 297 insertions(+), 146 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 61d21ae30..ef6fbec6f 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2069,8 +2069,13 @@ function uuid4() {
 }
 function identity_provider($_action, $_data = null) {
 function identity_provider($_action, $_data = null, $hide_secret = false) {
+function identity_provider($_action, $_data = null, $_extra = null) {
   global $pdo;
 
+  $data_log = $_data;
+  if (isset($data_log['client_secret'])) $data_log['client_secret'] = '*';
+  if (isset($data_log['access_token'])) $data_log['access_token'] = '*';
+
   switch ($_action) {
     case 'get':
       $settings = array();
@@ -2078,16 +2083,15 @@ function identity_provider($_action, $_data = null, $hide_secret = false) {
       $stmt->execute();
       $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
       foreach($rows as $row){
-        if ($row["key"] == 'mappers'){
-          $settings['mappers'] = json_decode($row["value"]);
-        } else if ($row["key"] == 'templates'){
-          $settings['templates'] = json_decode($row["value"]);
+        if ($row["key"] == 'mappers' || $row["key"] == 'templates'){
+          $settings[$row["key"]] = json_decode($row["value"]);
         } else {
           $settings[$row["key"]] = $row["value"];
         }
       }
-      if ($hide_secret){
+      if ($_extra['hide_sensitive']){
         $settings['client_secret'] = '';
+        $settings['access_token'] = '';
       }
       return $settings;
     break;
@@ -2100,54 +2104,60 @@ function identity_provider($_action, $_data = null, $hide_secret = false) {
         );
         return false;
       }
-      $data_log = $_data;
-      $data_log['client_secret'] = '*';
-      $stmt = $pdo->prepare("INSERT INTO identity_provider (`key`, `value`) VALUES (:key, :value) ON DUPLICATE KEY UPDATE `value` = VALUES(`value`);");
-      
-      $_data['login_flow'] = (isset($_data['login_flow']) && $_data['login_flow'] == 'ropc') ? 'ropc' : 'rest';
+      if (!isset($_data['authsource'])){
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $data_log),
+          'msg' => array('required_data_missing', $setting)
+        );
+        return false;
+      }
+      $_data['authsource'] = strtolower($_data['authsource']);
+      if ($_data['authsource'] != "keycloak" && $_data['authsource'] != "generic-oidc"){
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $data_log),
+          'msg' => array('invalid_authsource', $setting)
+        );
+        return false;
+      }
 
-      // add connection settings      
-      $required_settings = array('server_url', 'authsource', 'realm', 'client_id', 'client_secret', 'redirect_url', 'version', 'login_flow');
+      if ($_data['authsource'] == "keycloak") {
+        $_data['mailpassword_flow'] = isset($_data['mailpassword_flow']) ? intval($_data['mailpassword_flow']) : 0;
+        $_data['periodic_sync'] = isset($_data['periodic_sync']) ? intval($_data['periodic_sync']) : 0;
+        $_data['import_users'] = isset($_data['import_users']) ? intval($_data['import_users']) : 0;
+        $required_settings = array('authsource', 'server_url', 'realm', 'client_id', 'client_secret', 'redirect_url', 'version', 'mailpassword_flow', 'periodic_sync', 'import_users');
+      } else if ($_data['authsource'] == "generic-oidc") {
+        $required_settings = array('authsource', 'authorize_url', 'token_url', 'client_id', 'client_secret', 'redirect_url', 'userinfo_url');
+      }
+      
+      $pdo->beginTransaction();
+      $stmt = $pdo->prepare("INSERT INTO identity_provider (`key`, `value`) VALUES (:key, :value) ON DUPLICATE KEY UPDATE `value` = VALUES(`value`);");
+      // add connection settings
       foreach($required_settings as $setting){
-        if (!$_data[$setting]){
+        if (!isset($_data[$setting])){
           $_SESSION['return'][] =  array(
             'type' => 'danger',
             'log' => array(__FUNCTION__, $_action, $data_log),
-            'msg' => 'required_data_missing'
+            'msg' => array('required_data_missing', $setting)
           );
+          $pdo->rollback();
           return false;
         }
-      }
-      foreach($_data as $key => $value){
-        if (!in_array($key, $required_settings) || $key == 'mappers' || $key == 'templates'){
-          continue;
-        }
 
-        $stmt->bindParam(':key', $key);
-        $stmt->bindParam(':value', $value);
+        $stmt->bindParam(':key', $setting);
+        $stmt->bindParam(':value', $_data[$setting]);
         $stmt->execute();
       }
+      $pdo->commit();
 
       // add mappers
       if ($_data['mappers'] && $_data['templates']){
-        if (!is_array($_data['mappers'])){
-          $_data['mappers'] = array($_data['mappers']);
-        }
-        if (!is_array($_data['templates'])){
-          $_data['templates'] = array($_data['templates']);
-        }
-        $mappers = array();
-        $templates = array();
-        foreach($_data['mappers'] as $mapper){
-          if ($mapper){
-            array_push($mappers, $mapper);
-          }
-        }
-        foreach($_data['templates'] as $template){
-          if ($template){
-            array_push($templates, $template);
-          }
-        }
+        $_data['mappers'] = (!is_array($_data['mappers'])) ? array($_data['mappers']) : $_data['mappers'];
+        $_data['templates'] = (!is_array($_data['templates'])) ? array($_data['templates']) : $_data['templates'];
+
+        $mappers = array_filter($_data['mappers']);
+        $templates = array_filter($_data['templates']);
         if (count($mappers) == count($templates)){
           $mappers = json_encode($mappers);
           $templates = json_encode($templates);
@@ -2161,6 +2171,9 @@ function identity_provider($_action, $_data = null, $hide_secret = false) {
         }
       }
 
+      // delete old access_token
+      $stmt = $pdo->query("INSERT INTO identity_provider (`key`, `value`) VALUES ('access_token', '') ON DUPLICATE KEY UPDATE `value` = VALUES(`value`);");
+
       $_SESSION['return'][] =  array(
         'type' => 'success',
         'log' => array(__FUNCTION__, $_action, $data_log),
@@ -2178,7 +2191,11 @@ function identity_provider($_action, $_data = null, $hide_secret = false) {
         return false;
       }
 
-      $url = "{$_data['server_url']}/realms/{$_data['realm']}/protocol/openid-connect/token";
+      if ($_data['authsource'] == 'keycloak') {
+        $url = "{$_data['server_url']}/realms/{$_data['realm']}/protocol/openid-connect/token";
+      } else {
+        $url = $_data['token_url'];
+      }
       $req = http_build_query(array(
         'grant_type'    => 'client_credentials',
         'client_id'     => $_data['client_id'],
@@ -2215,21 +2232,37 @@ function identity_provider($_action, $_data = null, $hide_secret = false) {
       return true;
     break;
     case "init":
-      $identity_provider_settings = identity_provider('get');
+      $iam_settings = identity_provider('get');
       $provider = null;
-      if ($identity_provider_settings['server_url'] && $identity_provider_settings['realm'] && $identity_provider_settings['client_id'] &&
-          $identity_provider_settings['client_secret'] && $identity_provider_settings['redirect_url'] && $identity_provider_settings['version']){
-        $provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
-          'authServerUrl'         => $identity_provider_settings['server_url'],
-          'realm'                 => $identity_provider_settings['realm'],
-          'clientId'              => $identity_provider_settings['client_id'],
-          'clientSecret'          => $identity_provider_settings['client_secret'],
-          'redirectUri'           => $identity_provider_settings['redirect_url'],
-          'version'               => $identity_provider_settings['version'],                            
-          // 'encryptionAlgorithm'   => 'RS256',                             // optional
-          // 'encryptionKeyPath'     => '../key.pem'                         // optional
-          // 'encryptionKey'         => 'contents_of_key_or_certificate'     // optional
-        ]);
+      if ($iam_settings['authsource'] == 'keycloak'){
+        if ($iam_settings['server_url'] && $iam_settings['realm'] && $iam_settings['client_id'] &&
+            $iam_settings['client_secret'] && $iam_settings['redirect_url'] && $iam_settings['version']){
+          $provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
+            'authServerUrl'         => $iam_settings['server_url'],
+            'realm'                 => $iam_settings['realm'],
+            'clientId'              => $iam_settings['client_id'],
+            'clientSecret'          => $iam_settings['client_secret'],
+            'redirectUri'           => $iam_settings['redirect_url'],
+            'version'               => $iam_settings['version'],                            
+            // 'encryptionAlgorithm'   => 'RS256',                             // optional
+            // 'encryptionKeyPath'     => '../key.pem'                         // optional
+            // 'encryptionKey'         => 'contents_of_key_or_certificate'     // optional
+          ]);
+        }
+      }
+      else if ($iam_settings['authsource'] == 'generic-oidc'){
+        if ($iam_settings['client_id'] && $iam_settings['client_secret'] && $iam_settings['redirect_url'] &&
+            $iam_settings['authorize_url'] && $iam_settings['token_url'] && $iam_settings['userinfo_url']){
+          $provider = new \League\OAuth2\Client\Provider\GenericProvider([
+            'clientId'                => $iam_settings['client_id'],
+            'clientSecret'            => $iam_settings['client_secret'],
+            'redirectUri'             => $iam_settings['redirect_url'],
+            'urlAuthorize'            => $iam_settings['authorize_url'],
+            'urlAccessToken'          => $iam_settings['token_url'],
+            'urlResourceOwnerDetails' => $iam_settings['userinfo_url'],
+            'scopes'                  => 'openid profile email'
+          ]);
+        }
       }
       return $provider;
     break;
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 3de3dec9b..7447b5f4b 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -362,7 +362,7 @@ function init_db_schema() {
           "custom_attributes" => "JSON NOT NULL DEFAULT ('{}')",
           "kind" => "VARCHAR(100) NOT NULL DEFAULT ''",
           "multiple_bookings" => "INT NOT NULL DEFAULT -1",
-          "authsource" => "ENUM('mailcow', 'keycloak') DEFAULT 'mailcow'",
+          "authsource" => "ENUM('mailcow', 'keycloak', 'generic-oidc') DEFAULT 'mailcow'",
           "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
           "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
           "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
diff --git a/data/web/templates/admin/tab-config-identity-provider.twig b/data/web/templates/admin/tab-config-identity-provider.twig
index 1eb9aef39..1a42d0088 100644
--- a/data/web/templates/admin/tab-config-identity-provider.twig
+++ b/data/web/templates/admin/tab-config-identity-provider.twig
@@ -8,110 +8,228 @@
     </div>
     <div id="collapse-tab-config-identity-provider" class="card-body collapse" data-bs-parent="#admin-content">
       <p class="offset-sm-3 mb-4">{{ lang.admin.iam_description }}</p>
-      <form class="form-horizontal" autocapitalize="none" data-id="iam_sso" autocorrect="off" role="form" method="post">
-        <input type="hidden" name="authsource" value="keycloak">
-        <div class="row mb-2">
-          <label class="control-label col-sm-3 text-sm-end" for="iam_url">{{ lang.admin.iam_server_url }}:</label>
-          <div class="col-sm-4">
-            <input type="text" class="form-control" id="iam_server_url" name="server_url" value="{{ identity_provider_settings.server_url }}" required>
-          </div>
+      <div class="row mb-4">
+        <label class="control-label col-sm-3 text-sm-end" for="iam_realm">{{ lang.admin.iam }}:</label>
+        <div class="col-sm-4">
+          <select
+            data-style="btn btn-secondary"
+            data-id="iam_provider"
+            title="{{ lang.admin.iam_provider }}"
+            name="iam_provider" id="iam_provider" class="full-width-select form-control" required>
+              <option value="keycloak" {% if not iam_settings.authsource or iam_settings.authsource == 'keycloak' %}selected{% endif %}>Keycloak</option>
+              <option value="generic-oidc" {% if iam_settings.authsource == 'generic-oidc' %}selected{% endif %}>Generic-OIDC</option>
+          </select>
         </div>
-        <div class="row mb-2">
-          <label class="control-label col-sm-3 text-sm-end" for="iam_realm">{{ lang.admin.iam_realm }}:</label>
-          <div class="col-sm-4">
-            <input type="text" class="form-control" id="iam_realm" name="realm" value="{{ identity_provider_settings.realm }}" required>
-          </div>
-        </div>
-        <div class="row mb-2">
-          <label class="control-label col-sm-3 text-sm-end" for="iam_client_id">{{ lang.admin.iam_client_id }}:</label>
-          <div class="col-sm-4">
-            <input type="text" class="form-control" id="iam_client_id" name="client_id" value="{{ identity_provider_settings.client_id }}" required>
-          </div>
-        </div>
-        <div class="row mb-2">
-          <label class="control-label col-sm-3 text-sm-end" for="iam_client_secret">{{ lang.admin.iam_client_secret }}:</label>
-          <div class="col-sm-4">
-            <div class="reveal-password-input input-group">
-              <input type="password" class="password-field form-control" id="iam_client_secret" name="client_secret" value="{{ identity_provider_settings.client_secret }}" required>
-              <button class="toggle-password btn btn-secondary" type="button"><i class="bi bi-eye"></i></button>
+      </div>
+      <div id="keycloak_settings" class="{% if iam_settings.authsource and iam_settings.authsource != 'keycloak' %}d-none{% endif %}">
+        <form class="form-horizontal" autocapitalize="none" data-id="iam_keycloak" autocorrect="off" role="form" method="post">
+          <input type="hidden" name="authsource" value="keycloak">
+          <div class="row mb-2">
+            <label class="control-label col-sm-3 text-sm-end" for="iam_keycloak_url">{{ lang.admin.iam_server_url }}:</label>
+            <div class="col-sm-4">
+              <input type="text" class="form-control" id="iam_keycloak_url" name="server_url" value="{{ iam_settings.server_url }}" required>
             </div>
           </div>
-        </div>
-        <div class="row mb-2">
-          <label class="control-label col-sm-3 text-sm-end" for="iam_redirect_url">{{ lang.admin.iam_redirect_url }}:</label>
-          <div class="col-sm-4">
-            <input type="text" class="form-control" id="iam_redirect_url" name="redirect_url" value="{{ identity_provider_settings.redirect_url }}" required>
+          <div class="row mb-2">
+            <label class="control-label col-sm-3 text-sm-end" for="iam_keycloak_realm">{{ lang.admin.iam_realm }}:</label>
+            <div class="col-sm-4">
+              <input type="text" class="form-control" id="iam_keycloak_realm" name="realm" value="{{ iam_settings.realm }}" required>
+            </div>
           </div>
-        </div>
-        <div class="row mb-4">
-          <label class="control-label col-sm-3 text-sm-end" for="iam_version">{{ lang.admin.iam_version }}:</label>
-          <div class="col-sm-4">
-            <input type="text" class="form-control" id="iam_version" name="version" value="{{ identity_provider_settings.version }}" required>
+          <div class="row mb-2">
+            <label class="control-label col-sm-3 text-sm-end" for="iam_keycloak_clientid">{{ lang.admin.iam_client_id }}:</label>
+            <div class="col-sm-4">
+              <input type="text" class="form-control" id="iam_keycloak_clientid" name="client_id" value="{{ iam_settings.client_id }}" required>
+            </div>
           </div>
-        </div>
-        <div class="row mb-4">
-          <label class="control-label col-sm-3 text-sm-end" for="iam_version">{{ lang.admin.iam_mapping }}:</label>
-          <div class="col-4 d-flex mb-2">
-            <span class="w-100 me-2">Attribute</span>
-            <span class="w-100 ms-2">Template</span>
-            <button id="iam_rolemap_add" class="btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-plus-lg"></i></button>
+          <div class="row mb-2">
+            <label class="control-label col-sm-3 text-sm-end" for="iam_keycloak_clientsecret">{{ lang.admin.iam_client_secret }}:</label>
+            <div class="col-sm-4">
+              <div class="reveal-password-input input-group">
+                <input type="password" class="password-field form-control" id="iam_keycloak_clientsecret" name="client_secret" value="{{ iam_settings.client_secret }}" required>
+                <button class="toggle-password btn btn-secondary" type="button"><i class="bi bi-eye"></i></button>
+              </div>
+            </div>
           </div>
-          {% for key, role in identity_provider_settings.mappers %}
-          <div class="offset-sm-3 col-4 d-flex mb-2">
-            <input type="text" class="form-control me-2" name="mappers" value="{{ identity_provider_settings.mappers[key] }}" required>
-            <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
-            {% for mbox_template in mbox_templates %}
-              <option{% if mbox_template.template == identity_provider_settings.templates[key] %} selected{% endif %}>
-                {{ mbox_template.template }}
-              </option>
+          <div class="row mb-2">
+            <label class="control-label col-sm-3 text-sm-end" for="iam_keycloak_redirecturl">{{ lang.admin.iam_redirect_url }}:</label>
+            <div class="col-sm-4">
+              <input type="text" class="form-control" id="iam_keycloak_redirecturl" name="redirect_url" value="{{ iam_settings.redirect_url }}" required>
+            </div>
+          </div>
+          <div class="row mb-4">
+            <label class="control-label col-sm-3 text-sm-end" for="iam_keycloak_version">{{ lang.admin.iam_version }}:</label>
+            <div class="col-sm-4">
+              <input type="text" class="form-control" id="iam_keycloak_version" name="version" value="{{ iam_settings.version }}" required>
+            </div>
+          </div>
+          <div class="row mb-4">
+            <label class="control-label col-sm-3 text-sm-end">{{ lang.admin.iam_mapping }}:</label>
+            <div class="col-4 d-flex mb-2">
+              <span class="w-100 me-2">Attribute</span>
+              <span class="w-100 ms-2">Template</span>
+              <button class="btn btn-sm d-block d-sm-inline btn-secondary ms-2 iam_rolemap_add"><i class="bi bi-plus-lg"></i></button>
+            </div>
+            {% for key, role in iam_settings.mappers %}
+            <div class="offset-sm-3 col-4 d-flex mb-2">
+              <input type="text" class="form-control me-2" name="mappers" value="{{ iam_settings.mappers[key] }}" required>
+              <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
+              {% for mbox_template in mbox_templates %}
+                <option{% if mbox_template.template == iam_settings.templates[key] %} selected{% endif %}>
+                  {{ mbox_template.template }}
+                </option>
+              {% endfor %}
+              </select>
+              <button class="iam_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-x-lg"></i></button>
+            </div>
             {% endfor %}
-            </select>
-            <button class="iam_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-x-lg"></i></button>
+            {% if not iam_settings.mappers %}
+            <div class="offset-sm-3 col-4 d-flex mb-2">
+              <input type="text" class="form-control me-2" name="mappers" value="" required>
+              <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
+              {% for mbox_template in mbox_templates %}
+                <option>
+                  {{ mbox_template.template }}
+                </option>
+              {% endfor %}
+              </select>
+              <button class="iam_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-x-lg"></i></button>
+            </div>
+            {% endif %}
           </div>
-          {% endfor %}
-          {% if not identity_provider_settings.mappers %}
-          <div class="offset-sm-3 col-4 d-flex mb-2">
-            <input type="text" class="form-control me-2" name="mappers" value="" required>
-            <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
-            {% for mbox_template in mbox_templates %}
-              <option>
-                {{ mbox_template.template }}
-              </option>
+          <div class="row mb-2 mt-4">
+            <label class="control-label col-sm-3 text-sm-end"></label>
+            <div class="col-sm-9">
+              <span>{{ lang.admin.iam_extra_permission|raw }}</span>
+            </div>
+          </div>
+          <div class="row mb-2">
+            <label class="control-label col-sm-3 text-sm-end">{{ lang.admin.iam_rest_flow }}</label>
+            <div class="col-sm-9">
+              <div class="form-check form-switch">
+                <input class="form-check-input" type="checkbox" role="switch" name="mailpassword_flow" value="1" {% if iam_settings.mailpassword_flow == 1 %}checked{% endif %}>
+              </div>
+              <p class="text-muted">
+                <small>
+                  {{ lang.admin.iam_auth_flow_info|raw }}
+                </small>
+              </p>
+            </div>
+          </div>
+          <div class="row mb-2">
+            <label class="control-label col-sm-3 text-sm-end">Periodic Full Sync</label>
+            <div class="col-sm-9">
+              <div class="form-check form-switch">
+                <input class="form-check-input" type="checkbox" role="switch" name="periodic_sync"  value="1" {% if iam_settings.periodic_sync == 1 %}checked{% endif %}>
+              </div>
+            </div>
+          </div>
+          <div class="row mb-2">
+            <label class="control-label col-sm-3 text-sm-end">Import Users</label>
+            <div class="col-sm-9">
+              <div class="form-check form-switch">
+                <input class="form-check-input" type="checkbox" role="switch" name="import_users"  value="1" {% if iam_settings.import_users == 1 %}checked{% endif %}>
+              </div>
+            </div>
+          </div>
+          <div class="row mt-4 mb-2">
+            <div class="offset-sm-3 col-sm-9 d-flex">
+              <div class="btn-group">   
+                <button class="btn btn-sm d-block d-sm-inline btn-secondary iam_test_connection iam_test_connection" data-id="iam_keycloak"><i class="bi bi-play"></i> {{ lang.admin.iam_test_connection }}</button>
+                <button class="btn btn-sm d-block d-sm-inline btn-success" data-item="identity-provider" data-action="edit_selected" data-id="iam_keycloak" data-api-url='edit/identity-provider' data-api-attr='{}'><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
+              </div>
+              <button class="btn btn-sm d-block d-sm-inline btn-danger ms-auto" data-item="identity-provider" data-action="delete_selected" data-id="iam_keycloak" data-api-url='delete/identity-provider'><i class="bi bi-trash"></i> {{ lang.mailbox.remove }}</button>
+            </div>
+          </div>
+        </form>
+      </div>
+      <div id="generic_oidc_settings" class="{% if not iam_settings.authsource or iam_settings.authsource != 'generic-oidc' %}d-none{% endif %}">
+        <form class="form-horizontal" autocapitalize="none" data-id="iam_generic" autocorrect="off" role="form" method="post">
+          <input type="hidden" name="authsource" value="generic-oidc">
+          <div class="row mb-2">
+            <label class="control-label col-sm-3 text-sm-end" for="iam_authorize_url">{{ lang.admin.iam_authorize_url }}:</label>
+            <div class="col-sm-4">
+              <input type="text" class="form-control" id="iam_authorize_url" name="authorize_url" value="{{ iam_settings.authorize_url }}" required>
+            </div>
+          </div>
+          <div class="row mb-2">
+            <label class="control-label col-sm-3 text-sm-end" for="iam_token_url">{{ lang.admin.iam_token_url }}:</label>
+            <div class="col-sm-4">
+              <input type="text" class="form-control" id="iam_token_url" name="token_url" value="{{ iam_settings.token_url }}" required>
+            </div>
+          </div>
+          <div class="row mb-2">
+            <label class="control-label col-sm-3 text-sm-end" for="iam_userinfo_url">{{ lang.admin.iam_userinfo_url }}:</label>
+            <div class="col-sm-4">
+              <input type="text" class="form-control" id="iam_userinfo_url" name="userinfo_url" value="{{ iam_settings.userinfo_url }}" required>
+            </div>
+          </div>
+          <div class="row mb-2">
+            <label class="control-label col-sm-3 text-sm-end" for="iam_client_id">{{ lang.admin.iam_client_id }}:</label>
+            <div class="col-sm-4">
+              <input type="text" class="form-control" id="iam_client_id" name="client_id" value="{{ iam_settings.client_id }}" required>
+            </div>
+          </div>
+          <div class="row mb-2">
+            <label class="control-label col-sm-3 text-sm-end" for="iam_client_secret">{{ lang.admin.iam_client_secret }}:</label>
+            <div class="col-sm-4">
+              <div class="reveal-password-input input-group">
+                <input type="password" class="password-field form-control" id="iam_client_secret" name="client_secret" value="{{ iam_settings.client_secret }}" required>
+                <button class="toggle-password btn btn-secondary" type="button"><i class="bi bi-eye"></i></button>
+              </div>
+            </div>
+          </div>
+          <div class="row mb-4">
+            <label class="control-label col-sm-3 text-sm-end" for="iam_redirect_url">{{ lang.admin.iam_redirect_url }}:</label>
+            <div class="col-sm-4">
+              <input type="text" class="form-control" id="iam_redirect_url" name="redirect_url" value="{{ iam_settings.redirect_url }}" required>
+            </div>
+          </div>
+          <div class="row mb-4">
+            <label class="control-label col-sm-3 text-sm-end">{{ lang.admin.iam_mapping }}:</label>
+            <div class="col-4 d-flex mb-2">
+              <span class="w-100 me-2">Attribute</span>
+              <span class="w-100 ms-2">Template</span>
+              <button class="btn btn-sm d-block d-sm-inline btn-secondary ms-2 iam_rolemap_add"><i class="bi bi-plus-lg"></i></button>
+            </div>
+            {% for key, role in iam_settings.mappers %}
+            <div class="offset-sm-3 col-4 d-flex mb-2">
+              <input type="text" class="form-control me-2" name="mappers" value="{{ iam_settings.mappers[key] }}" required>
+              <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
+              {% for mbox_template in mbox_templates %}
+                <option{% if mbox_template.template == iam_settings.templates[key] %} selected{% endif %}>
+                  {{ mbox_template.template }}
+                </option>
+              {% endfor %}
+              </select>
+              <button class="iam_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-x-lg"></i></button>
+            </div>
             {% endfor %}
-            </select>
-            <button class="iam_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-x-lg"></i></button>
-          </div>
-          {% endif %}
-        </div>
-        <div class="row mb-2">
-          <label class="control-label col-sm-3 text-sm-end">{{ lang.admin.iam_auth_flow }}</label>
-          <div class="col-sm-9">
-            <div class="btn-group">
-              <input type="radio" class="btn-check" name="login_flow" id="iam_login_flow_rest" autocomplete="off" value="rest" {% if  identity_provider_settings.login_flow != 'ropc' %}checked{% endif %}>
-              <label class="btn btn-sm btn-xs-quart d-block d-sm-inline btn-secondary" for="iam_login_flow_rest">{{ lang.admin.iam_rest_flow }}</label>
-
-              <input type="radio" class="btn-check" name="login_flow" id="iam_login_flow_ropc" autocomplete="off" value="ropc" {% if  identity_provider_settings.login_flow == 'ropc' %}checked{% endif %}>
-              <label class="btn btn-sm btn-xs-quart d-block d-sm-inline btn-secondary" for="iam_login_flow_ropc">{{ lang.admin.iam_ropc_flow }}</label>
+            {% if not iam_settings.mappers %}
+            <div class="offset-sm-3 col-4 d-flex mb-2">
+              <input type="text" class="form-control me-2" name="mappers" value="" required>
+              <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
+              {% for mbox_template in mbox_templates %}
+                <option>
+                  {{ mbox_template.template }}
+                </option>
+              {% endfor %}
+              </select>
+              <button class="iam_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-x-lg"></i></button>
             </div>
-            <p class="text-muted">
-              <small>
-                {{ lang.admin.iam_auth_flow_info|raw }}<br>
-                {{ lang.admin.iam_auth_flow_rest_info|raw }}<br>
-                {{ lang.admin.iam_auth_flow_ropc_info|raw }}
-              </small>
-            </p>
+            {% endif %}
           </div>
-        </div>
-        <div class="row mt-4 mb-2">
-          <div class="offset-sm-3 col-sm-9 d-flex">
-            <div class="btn-group">   
-              <button id="iam_test_connection" class="btn btn-sm d-block d-sm-inline btn-secondary"><i class="bi bi-play"></i> {{ lang.admin.iam_test_connection }}</button>
-              <button class="btn btn-sm d-block d-sm-inline btn-success" data-item="iam_sso" data-action="edit_selected" data-id="iam_sso" data-api-url='edit/identity-provider' data-api-attr='{}'><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
+          <div class="row mt-4 mb-2">
+            <div class="offset-sm-3 col-sm-9 d-flex">
+              <div class="btn-group">   
+                <button class="btn btn-sm d-block d-sm-inline btn-secondary iam_test_connection" data-id="iam_generic"><i class="bi bi-play"></i> {{ lang.admin.iam_test_connection }}</button>
+                <button class="btn btn-sm d-block d-sm-inline btn-success" data-item="identity-provider" data-action="edit_selected" data-id="iam_generic" data-api-url='edit/identity-provider' data-api-attr='{}'><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
+              </div>
+              <button class="btn btn-sm d-block d-sm-inline btn-danger ms-auto" data-item="identity-provider" data-action="delete_selected" data-id="iam_generic" data-api-url='delete/identity-provider'><i class="bi bi-trash"></i> {{ lang.mailbox.remove }}</button>
             </div>
-            <button class="btn btn-sm d-block d-sm-inline btn-danger ms-auto" data-item="identity-provider" data-action="delete_selected" data-id="iam_sso" data-api-url='delete/identity-provider'><i class="bi bi-trash"></i> {{ lang.mailbox.remove }}</button>
           </div>
-        </div>
-      </form>
+        </form>
+      </div>
     </div>
   </div>
 </div>

From 90476ae057f9ec3b6aa8807d8514767ad8428790 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 16 May 2023 11:03:43 +0200
Subject: [PATCH 064/755] [Web] rename var for
 tab-config-identity-provider.twig

---
 data/web/admin.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/admin.php b/data/web/admin.php
index 1ffb76fb4..8d5e00abc 100644
--- a/data/web/admin.php
+++ b/data/web/admin.php
@@ -87,7 +87,7 @@ $cors_settings['allowed_methods'] = explode(", ", $cors_settings['allowed_method
 
 $f2b_data = fail2ban('get');
 // identity provider
-$identity_provider_settings = identity_provider('get');
+$iam_settings = identity_provider('get');
 // mbox templates
 $mbox_templates = mailbox('get', 'mailbox_templates');
 
@@ -121,7 +121,7 @@ $template_data = [
   'show_rspamd_global_filters' => @$_SESSION['show_rspamd_global_filters'],
   'cors_settings' => $cors_settings,
   'is_https' => isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on',
-  'identity_provider_settings' => $identity_provider_settings,
+  'iam_settings' => $iam_settings,
   'mbox_templates' => $mbox_templates,
   'lang_admin' => json_encode($lang['admin']),
   'lang_datatables' => json_encode($lang['datatables'])

From 0c1e2ed6f2302b9ecc68aa74063a6609fba6698f Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 16 May 2023 11:10:41 +0200
Subject: [PATCH 065/755] [Web] revert configurable authsource

---
 data/web/inc/functions.mailbox.inc.php        |  6 +---
 data/web/js/site/mailbox.js                   | 29 -----------------
 .../web/templates/edit/mailbox-templates.twig |  9 ------
 data/web/templates/modals/mailbox.twig        | 31 +++++--------------
 4 files changed, 8 insertions(+), 67 deletions(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index f549785e7..b9a98043b 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1019,7 +1019,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             );
             return false;
           }
-          if (in_array($_data['authsource'], array('mailcow', 'keycloak'))){
+          if (in_array($_data['authsource'], array('mailcow', 'keycloak', 'generic-oidc'))){
             $authsource = $_data['authsource'];
           }
           if (empty($name)) {
@@ -1546,9 +1546,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
 
           // check attributes
-          $authsources = array('mailcow', 'keycloak');
           $attr = array();
-          $attr["authsource"]                  = (isset($_data['authsource']) && in_array($_data['authsource'], $authsources)) ? $_data['authsource'] : 'mailcow';
           $attr["quota"]                       = isset($_data['quota']) ? intval($_data['quota']) * 1048576 : 0;
           $attr['tags']                        = (isset($_data['tags'])) ? $_data['tags'] : array();
           $attr["quarantine_notification"]     = (!empty($_data['quarantine_notification'])) ? $_data['quarantine_notification'] : strval($MAILBOX_DEFAULT_ATTRIBUTES['quarantine_notification']);
@@ -3236,9 +3234,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               $_data["template"]                   = (isset($_data["template"])) ? $_data["template"] : $is_now["template"]; 
             }   
             // check attributes
-            $authsources = array('mailcow', 'keycloak');
             $attr = array();
-            $attr["authsource"]                  = (isset($_data['authsource']) && in_array($_data['authsource'], $authsources)) ? $_data['authsource'] : $is_now['authsource'];
             $attr["quota"]                       = isset($_data['quota']) ? intval($_data['quota']) * 1048576 : 0;
             $attr['tags']                        = (isset($_data['tags'])) ? $_data['tags'] : $is_now['tags'];
             $attr["quarantine_notification"]     = (!empty($_data['quarantine_notification'])) ? $_data['quarantine_notification'] : $is_now['quarantine_notification'];
diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index 06c1444d3..1dc6b4f5b 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -162,17 +162,6 @@ $(document).ready(function() {
       }
     });
   });
-  // @selecting identity provider mbox_add_modal
-  $('#mbox_add_iam').on('change', function(){
-    // toggle password fields
-    if (this.value === 'mailcow'){
-      $('#mbox_add_pwds').removeClass('d-none');
-      $('#mbox_add_pwds').find('.form-control').prop('required', true);
-    } else {
-      $('#mbox_add_pwds').addClass('d-none');
-      $('#mbox_add_pwds').find('.form-control').prop('required', false);
-    }
-  });
   // Sieve data modal
   $('#sieveDataModal').on('show.bs.modal', function(e) {
     var sieveScript = $(e.relatedTarget).data('sieve-script');
@@ -280,15 +269,6 @@ $(document).ready(function() {
   }
   function setMailboxTemplateData(template){
     $("#addInputQuota").val(template.quota / 1048576);
-    $('#mbox_add_iam').selectpicker('val', template.authsource);
-    // toggle password fields
-    if (!template.authsource || template.authsource === 'mailcow'){
-      $('#mbox_add_pwds').removeClass('d-none');
-      $('#mbox_add_pwds').find('.form-control').prop('required', true);
-    } else {
-      $('#mbox_add_pwds').addClass('d-none');
-      $('#mbox_add_pwds').find('.form-control').prop('required', false);
-    }
 
     if (template.quarantine_notification === "never"){
       $('#quarantine_notification_never').prop('checked', true);
@@ -1291,15 +1271,6 @@ jQuery(function($){
           data: 'attributes.quota',
           defaultContent: '',
         },
-        {
-          title: lang.iam,
-          data: 'attributes.authsource',
-          defaultContent: '',
-          render: function (data, type) {
-            data = data ? '<span class="badge bg-primary">' + data + '<i class="ms-2 bi bi-person-circle"></i></i></span>' : '<i class="bi bi-x-lg"></i>';
-            return data;
-          }
-        },
         {
           title: lang.tls_enforce_in,
           data: 'attributes.tls_enforce_in',
diff --git a/data/web/templates/edit/mailbox-templates.twig b/data/web/templates/edit/mailbox-templates.twig
index c83a15dd7..f606bd452 100644
--- a/data/web/templates/edit/mailbox-templates.twig
+++ b/data/web/templates/edit/mailbox-templates.twig
@@ -19,15 +19,6 @@
         </div>
       </div>
     </div>
-    <div class="row mb-2">
-      <label class="control-label col-sm-2" for="authsource">{{ lang.admin.iam }}</label>
-      <div class="col-sm-10">
-        <select class="full-width-select" data-live-search="true" id="mbox_template_iam" name="authsource" required>
-          <option {% if template.attributes.authsource == 'mailcow' %}selected{% endif %}>mailcow</option>
-          <option {% if template.attributes.authsource == 'keycloak' %}selected{% endif %}>keycloak</option>
-        </select>
-      </div>
-    </div>
     <div class="row mb-2">
       <label class="control-label col-sm-2">{{ lang.add.tags }}</label>
       <div class="col-sm-10">
diff --git a/data/web/templates/modals/mailbox.twig b/data/web/templates/modals/mailbox.twig
index e0b4f02b6..27f709526 100644
--- a/data/web/templates/modals/mailbox.twig
+++ b/data/web/templates/modals/mailbox.twig
@@ -11,19 +11,20 @@
           <input type="hidden" value="0" name="force_pw_update">
           <input type="hidden" value="0" name="sogo_access">
           <input type="hidden" value="0" name="protocol_access">
+          <input type="hidden" value="mailcow" name="authsource">
 
-          <div class="row mb-2">
-            <label class="control-label col-sm-2 text-sm-end text-sm-end" for="name">{{ lang.add.full_name }}</label>
-            <div class="col-sm-10">
-              <input type="text" class="form-control" name="name">
-            </div>
-          </div>
           <div class="row mb-2">
             <label class="control-label col-sm-2 text-sm-end text-sm-end" for="local_part">{{ lang.add.mailbox_username }}</label>
             <div class="col-sm-10">
               <input type="text" pattern="[A-Za-z0-9\.!#$%&'*+/=?^_`{|}~-]+" autocorrect="off" autocapitalize="none" class="form-control" name="local_part" required>
             </div>
           </div>
+          <div class="row mb-2">
+            <label class="control-label col-sm-2 text-sm-end text-sm-end" for="name">{{ lang.add.full_name }}</label>
+            <div class="col-sm-10">
+              <input type="text" class="form-control" name="name">
+            </div>
+          </div>
           <div class="row mb-2">
             <label class="control-label col-sm-2 text-sm-end text-sm-end" for="domain">{{ lang.add.domain }}</label>
             <div class="col-sm-10">
@@ -41,15 +42,6 @@
               </select>
             </div>
           </div>
-          <div class="row mb-2">
-            <label class="control-label col-sm-2 text-sm-end text-sm-end" for="authsource">{{ lang.admin.iam }}</label>
-            <div class="col-sm-10">
-              <select class="full-width-select" data-live-search="true" id="mbox_add_iam" name="authsource" required>
-                <option selected>mailcow</option>
-                <option>keycloak</option>
-              </select>
-            </div>
-          </div>
           <div id="mbox_add_pwds">
             <div class="row mb-2">
               <label class="control-label col-sm-2 text-sm-end text-sm-end" for="password">{{ lang.add.password }} (<a href="#" class="generate_password">{{ lang.add.generate }}</a>)</label>
@@ -236,15 +228,6 @@
               </div>
             </div>
           </div>
-          <div class="row mb-2">
-            <label class="control-label col-sm-2 text-sm-end text-sm-end" for="authsource">{{ lang.admin.iam }}</label>
-            <div class="col-sm-10">
-              <select class="full-width-select" data-live-search="true" id="mbox_template_iam" name="authsource">
-                <option selected>mailcow</option>
-                <option>keycloak</option>
-              </select>
-            </div>
-          </div>
           <div class="row mb-2">
             <label class="control-label col-sm-2 text-sm-end text-sm-end">{{ lang.add.tags }}</label>
             <div class="col-sm-10">

From c8fec24da30162c1fe56bcab4042402f05f2be03 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 16 May 2023 11:16:56 +0200
Subject: [PATCH 066/755] [Web] add "edit mailbox_from_template" function

---
 data/web/inc/functions.mailbox.inc.php | 60 ++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index b9a98043b..afa952e68 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -3196,6 +3196,66 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           }
           return true;
         break;
+        case 'mailbox_from_template':
+          $stmt = $pdo->prepare("SELECT * FROM `templates` 
+          WHERE `template` = :template AND type = 'mailbox'");
+          $stmt->execute(array(
+            ":template" => $_data['template']
+          ));
+          $mbox_template_data = $stmt->fetch(PDO::FETCH_ASSOC);
+          if (empty($mbox_template_data)){
+            $_SESSION['return'][] =  array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+              'msg' => 'template_missing'
+            );
+            return false;
+          }
+
+          $mbox_template_data = json_decode($mbox_template_data["attributes"], true);  
+          $quarantine_attributes = array('username' => $_data['username']);
+          $tls_attributes = array('username' => $_data['username']);
+          $ratelimit_attributes = array('object' => $_data['username']);
+          $acl_attributes = array('username' => $_data['username'], 'user_acl' => array());
+          $mailbox_attributes = array('username' => $_data['username']);
+          foreach ($mbox_template_data as $key => $value){
+            switch (true) {
+              case (strpos($key, 'quarantine_') === 0):
+                $quarantine_attributes[$key] = $value;
+              break;
+              case (strpos($key, 'tls_') === 0):
+                if ($value == null)
+                  $value = 0;
+                $tls_attributes[$key] = $value;
+              break;
+              case (strpos($key, 'rl_') === 0):
+                $ratelimit_attributes[$key] = $value;
+              break;
+              case (strpos($key, 'acl_') === 0 && $value != 0):
+                array_push($acl_attributes['user_acl'], str_replace('acl_' , '', $key));
+              break;
+              default:
+                $mailbox_attributes[$key] = $value;
+              break;
+            }
+          }
+        
+          $mailbox_attributes['quota'] = intval($mailbox_attributes['quota'] / 1048576);
+          $result = mailbox('edit', 'mailbox', $mailbox_attributes);
+          if ($result === false) return $result;
+          $result = mailbox('edit', 'tls_policy', $tls_attributes);
+          if ($result === false) return $result;
+          $result = mailbox('edit', 'quarantine_notification', $quarantine_attributes);
+          if ($result === false) return $result;
+          $result = mailbox('edit', 'quarantine_category', $quarantine_attributes);
+          if ($result === false) return $result;
+          $result = ratelimit('edit', 'mailbox', $ratelimit_attributes);
+          if ($result === false) return $result;
+          $result = acl('edit', 'user', $acl_attributes);
+          if ($result === false) return $result;
+
+          return true;
+        break;
         case 'mailbox_templates':
           if ($_SESSION['mailcow_cc_role'] != "admin") {
             $_SESSION['return'][] = array(

From 28679eb916e143c1ebf855e76f33d1812fe7ee2f Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 16 May 2023 11:19:49 +0200
Subject: [PATCH 067/755] [Web] add generic-oidc provider

---
 data/web/js/site/admin.js | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index 885e5ea52..b2f8ae1a5 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -750,9 +750,9 @@ jQuery(function($){
     add_table_row($('#f2b_regex_table'), "f2b_regex");
   });
   // IAM test connection
-  $('#iam_test_connection').click(async function(e){
+  $('.iam_test_connection').click(async function(e){
     e.preventDefault();
-    var data = { attr: $('form[data-id="iam_sso"]').serializeObject() };
+    var data = { attr: $('form[data-id="' + $(this).data('id') + '"]').serializeObject() };
     var res = await fetch("/api/v1/edit/identity-provider-test", { 
       headers: {
         "Content-Type": "application/json",
@@ -768,7 +768,7 @@ jQuery(function($){
     return mailcow_alert_box(lang_danger.iam_test_connection, 'danger');
   });
 
-  $('#iam_rolemap_add').click(async function(e){
+  $('.iam_rolemap_add').click(async function(e){
     e.preventDefault();
 
     var parent = $(this).parent().parent();
@@ -791,4 +791,15 @@ jQuery(function($){
     e.preventDefault();
     $(this).parent().remove();
   });
+  // selecting identity provider
+  $('#iam_provider').on('change', function(){
+    // toggle password fields
+    if (this.value === 'keycloak'){
+      $('#keycloak_settings').removeClass('d-none');
+      $('#generic_oidc_settings').addClass('d-none');
+    } else if (this.value === 'generic-oidc') {
+      $('#keycloak_settings').addClass('d-none');
+      $('#generic_oidc_settings').removeClass('d-none');
+    }
+  });
 });

From e784c98a5a88cfcaf13e45071cc6038b3dee59fa Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 16 May 2023 12:32:51 +0200
Subject: [PATCH 068/755] [Web] add "add mailbox_from_template" function

---
 data/web/inc/functions.mailbox.inc.php   | 42 ++++++++++++++++++++++--
 data/web/inc/functions.ratelimit.inc.php |  6 ++--
 2 files changed, 42 insertions(+), 6 deletions(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index afa952e68..7ba0a2f49 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1044,7 +1044,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             $password2 = '';
             $password_hashed = '';
           }
-          if (!$_SESSION['iam_create_login'] && ((!isset($_SESSION['acl']['unlimited_quota']) || $_SESSION['acl']['unlimited_quota'] != "1") && $quota_m === 0)) {
+          if (!$_extra['iam_create_login'] && ((!isset($_SESSION['acl']['unlimited_quota']) || $_SESSION['acl']['unlimited_quota'] != "1") && $quota_m === 0)) {
             $_SESSION['return'][] = array(
               'type' => 'danger',
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -1098,7 +1098,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             );
             return false;
           }
-          if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain) && !$_SESSION['iam_create_login']) {
+          if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain) && !$_extra['iam_create_login']) {
             $_SESSION['return'][] = array(
               'type' => 'danger',
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -1318,7 +1318,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               'object' => $username,
               'rl_frame' => $_data['rl_frame'],
               'rl_value' => $_data['rl_value']
-            ));
+            ), $_extra);
           }
 
           update_sogo_static_view($username);
@@ -1328,6 +1328,42 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             'msg' => array('mailbox_added', htmlspecialchars($username))
           );
         break;
+        case 'mailbox_from_template':
+          $stmt = $pdo->prepare("SELECT * FROM `templates` 
+          WHERE `template` = :template AND type = 'mailbox'");
+          $stmt->execute(array(
+            ":template" => $_data['template']
+          ));
+          $mbox_template_data = $stmt->fetch(PDO::FETCH_ASSOC);
+          if (empty($mbox_template_data)){
+            $_SESSION['return'][] =  array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+              'msg' => 'template_missing'
+            );
+            return false;
+          }  
+          
+          $mbox_template_data = json_decode($mbox_template_data["attributes"], true);  
+          $mbox_template_data['domain'] = $_data['domain'];
+          $mbox_template_data['local_part'] = $_data['local_part'];
+          $mbox_template_data['authsource'] = $_data['authsource'];
+          $mbox_template_data['quota'] = intval($mbox_template_data['quota'] / 1048576);
+        
+          $mailbox_attributes = array('acl' => array());
+          foreach ($mbox_template_data as $key => $value){
+            switch (true) {
+              case (strpos($key, 'acl_') === 0 && $value != 0):
+                array_push($mailbox_attributes['acl'], str_replace('acl_' , '', $key));
+              break;
+              default:
+                $mailbox_attributes[$key] = $value;
+              break;
+            }
+          }
+        
+          return mailbox('add', 'mailbox', $mailbox_attributes, array('iam_create_login' => true));
+        break;
         case 'resource':
           $domain             = idn_to_ascii(strtolower(trim($_data['domain'])), 0, INTL_IDNA_VARIANT_UTS46);
           $description        = $_data['description'];
diff --git a/data/web/inc/functions.ratelimit.inc.php b/data/web/inc/functions.ratelimit.inc.php
index 93840b5eb..bc05cd362 100644
--- a/data/web/inc/functions.ratelimit.inc.php
+++ b/data/web/inc/functions.ratelimit.inc.php
@@ -1,10 +1,10 @@
 <?php
-function ratelimit($_action, $_scope, $_data = null) {
+function ratelimit($_action, $_scope, $_data = null, $_extra = null) {
   global $redis;
   $_data_log = $_data;
   switch ($_action) {
     case 'edit':
-      if ((!isset($_SESSION['acl']['ratelimit']) || $_SESSION['acl']['ratelimit'] != "1") && !$_SESSION['iam_create_login']) {
+      if ((!isset($_SESSION['acl']['ratelimit']) || $_SESSION['acl']['ratelimit'] != "1") && !$_extra['iam_create_login']) {
         $_SESSION['return'][] = array(
           'type' => 'danger',
           'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -93,7 +93,7 @@ function ratelimit($_action, $_scope, $_data = null) {
               continue;
             }
             if ((!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)
-              || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin')) && !$_SESSION['iam_create_login']) {
+                || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin')) && !$_extra['iam_create_login']) {
               $_SESSION['return'][] = array(
                 'type' => 'danger',
                 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

From ad19ff5429a44c7162d8b5d14c4624e0d75373bd Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 16 May 2023 12:37:01 +0200
Subject: [PATCH 069/755] [Web] remove ropc flow

---
 data/web/inc/functions.auth.inc.php | 79 +----------------------------
 1 file changed, 1 insertion(+), 78 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index fbb79ed8a..303bcbe0b 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -270,7 +270,7 @@ function mailcow_mbox_apppass_login($user, $pass, $app_passwd_data, $is_internal
       AND `app_passwd`.`active` = '1'
       AND `app_passwd`.`mailbox` = :user
       :has_access_query"
-  );    
+  );
   // check if app password has protocol access
   // skip if protocol is false and the call is not external
   $has_access_query = '';
@@ -308,83 +308,6 @@ function mailcow_mbox_apppass_login($user, $pass, $app_passwd_data, $is_internal
 
   return false;
 }
-
-// ROPC Flow (deprecated oAuth2.1)
-// uses direct user credentials for UI, IMAP and SMTP Auth
-function keycloak_mbox_login_ropc($user, $pass, $iam_settings, $is_internal = false, $create = false){
-  global $pdo;
-
-  $url = "{$iam_settings['server_url']}/realms/{$iam_settings['realm']}/protocol/openid-connect/token";
-  $req = http_build_query(array(
-    'grant_type'    => 'password',
-    'client_id'     => $iam_settings['client_id'],
-    'client_secret' => $iam_settings['client_secret'],
-    'username'      => $user,
-    'password'      => $pass,
-  ));
-  $curl = curl_init();
-  curl_setopt($curl, CURLOPT_URL, $url);
-  curl_setopt($curl, CURLOPT_POST, 1);
-  curl_setopt($curl, CURLOPT_POSTFIELDS, $req);
-  curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
-  curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
-  $res = json_decode(curl_exec($curl), true);
-  $code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
-  curl_close ($curl);
-
-  if ($code == 200) {
-    // decode jwt
-    $user_data = json_decode(base64_decode(str_replace('_', '/', str_replace('-','+',explode('.', $res['access_token'])[1]))), true);
-    if ($user != $user_data['email']){
-      // check if $user is email address, only accept email address as username
-      return false;
-    }
-    if ($create && !empty($iam_settings['mappers'])){
-      // try to create mbox on successfull login
-      $mbox_template = null;
-      // check if matching attribute mapping exists
-      foreach ($iam_settings['mappers'] as $index => $mapper){
-        if (in_array($mapper, $iam_settings['mappers'])) {
-          $mbox_template = $iam_settings['templates'][$index];
-          break;
-        }
-      }
-      if (!$mbox_template){
-        // no matching template found
-        return false;
-      }
-      
-      $stmt = $pdo->prepare("SELECT * FROM `templates` 
-      WHERE `template` = :template AND type = 'mailbox'");
-      $stmt->execute(array(
-        ":template" => $mbox_template
-      ));
-      $mbox_template_data = $stmt->fetch(PDO::FETCH_ASSOC);
-
-      if (!empty($mbox_template_data)){
-        $mbox_template_data = json_decode($mbox_template_data["attributes"], true);
-        $mbox_template_data['domain'] = explode('@', $user)[1];
-        $mbox_template_data['local_part'] = explode('@', $user)[0];
-        $mbox_template_data['authsource'] = 'keycloak';
-        $_SESSION['iam_create_login'] = true;
-        $create_res = mailbox('add', 'mailbox', $mbox_template_data);
-        $_SESSION['iam_create_login'] = false;
-        if (!$create_res){
-          return false;
-        }
-      }
-    }
-
-    $_SESSION['return'][] =  array(
-      'type' => 'success',
-      'log' => array(__FUNCTION__, $user, '*'),
-      'msg' => array('logged_in_as', $user)
-    );
-    return 'user';
-  } else {
-    return false;
-  }
-}
 // Keycloak REST Api Flow - auth user by mailcow_password attribute
 // This password will be used for direct UI, IMAP and SMTP Auth
 // To use direct user credentials, only Authorization Code Flow is valid

From cc7516685f4dfddabf39c7c96c5c72ed1a7558d0 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 16 May 2023 12:47:47 +0200
Subject: [PATCH 070/755] [Web] functions.auth.inc.php corrections

---
 data/web/inc/functions.auth.inc.php | 273 ++++++++++++----------------
 1 file changed, 113 insertions(+), 160 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 303bcbe0b..cd46b45b1 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -14,74 +14,51 @@ function check_login($user, $pass, $app_passwd_data = false, $is_internal = fals
 
   // Validate admin
   $result = mailcow_admin_login($user, $pass);
-  if ($result){
-    return $result;
-  }
+  if ($result !== false) return $result;
 
   // Validate domain admin
   $result = mailcow_domainadmin_login($user, $pass);
-  if ($result){
-    return $result;
-  }
+  if ($result !== false) return $result;
 
   // Validate mailbox user
   // check authsource
-  $stmt = $pdo->prepare("SELECT authsource FROM `mailbox`
+  $stmt = $pdo->prepare("SELECT authsource, mailbox.active AS mailbox_active, domain.active AS domain_active FROM `mailbox`
       INNER JOIN domain on mailbox.domain = domain.domain
       WHERE `kind` NOT REGEXP 'location|thing|group'
-        AND `mailbox`.`active`='1'
-        AND `domain`.`active`='1'
         AND `username` = :user");
   $stmt->execute(array(':user' => $user));
   $row = $stmt->fetch(PDO::FETCH_ASSOC);
-  if (!$row){
-    // mbox does not exist, call keycloak login and create mbox if possible
-    $identity_provider_settings = identity_provider('get');
-    if ($identity_provider_settings['login_flow'] == 'ropc'){
-      $result = keycloak_mbox_login_ropc($user, $pass, $identity_provider_settings, $is_internal, true);
-    } else {
-      $result = keycloak_mbox_login_rest($user, $pass, $identity_provider_settings, $is_internal, true);
+  if (!$row && $row['domain_active'] == 1){
+    // mbox does not exist, call keycloak login and create mbox if possible via rest flow
+    $iam_settings = identity_provider('get');
+    if ($iam_settings['authsource'] == 'keycloak' && intval($iam_settings['mailboxpassword_flow']) == 1){
+      $result = keycloak_mbox_login_rest($user, $pass, $iam_settings, $is_internal, true);
+      if ($result !== false) return $result;
     }
-    if ($result){
-      return $result;
-    }
-  } else if ($row['authsource'] == 'keycloak'){
-    if ($app_passwd_data){
+  } else if ($row && $row['mailbox_active'] == 1 && $row['domain_active'] == 1) {
+    // mbox does exist and is active
+    if (isset($app_passwd_data)){
       // first check if password is app_password
       $result = mailcow_mbox_apppass_login($user, $pass, $app_passwd_data, $is_internal);
-      if ($result){
-        return $result;
-      }
+      if ($result !== false) return $result;
     }
 
-    $identity_provider_settings = identity_provider('get');
-    if ($identity_provider_settings['login_flow'] == 'ropc'){
-      $result = keycloak_mbox_login_ropc($user, $pass, $identity_provider_settings, $is_internal);
-    } else {
-      $result = keycloak_mbox_login_rest($user, $pass, $identity_provider_settings, $is_internal);
-    }
-    if ($result){
-      return $result;
-    }
-  } else {
-    if ($app_passwd_data){
-      // first check if password is app_password
-      $result = mailcow_mbox_apppass_login($user, $pass, $app_passwd_data, $is_internal);
-      if ($result){
-        return $result;
+    if ($row['authsource'] == 'mailcow') {
+      // mbox authsource is mailcow
+      $result = mailcow_mbox_login($user, $pass, $app_passwd_data, $is_internal);
+      if ($result !== false) return $result;
+    } else if ($row['authsource'] == 'keycloak'){
+      // mbox authsource is keycloak, try using via rest flow
+      $iam_settings = identity_provider('get');
+      if (intval($iam_settings['mailboxpassword_flow']) == 1){
+        $result = keycloak_mbox_login_rest($user, $pass, $iam_settings, $is_internal);
+        if ($result !== false) return $result;
       }
     }
-
-    $result = mailcow_mbox_login($user, $pass, $app_passwd_data, $is_internal);
-    if ($result){
-      return $result;
-    }
   }
 
   // skip log and only return false if it's an internal request
-  if ($is_internal){
-    return false;
-  }
+  if ($is_internal == true) return false;
   if (!isset($_SESSION['ldelay'])) {
     $_SESSION['ldelay'] = "0";
     $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
@@ -102,53 +79,44 @@ function check_login($user, $pass, $app_passwd_data = false, $is_internal = fals
   return false;
 }
 
-function mailcow_mbox_login($user, $pass, $app_passwd_data = false, $is_internal = false){
+function mailcow_admin_login($user, $pass){
   global $pdo;
 
-  $stmt = $pdo->prepare("SELECT * FROM `mailbox`
-      INNER JOIN domain on mailbox.domain = domain.domain
-      WHERE `kind` NOT REGEXP 'location|thing|group'
-        AND `mailbox`.`active`='1'
-        AND `domain`.`active`='1'
-        AND (`mailbox`.`authsource`='mailcow' OR `mailbox`.`authsource` IS NULL)
-        AND `username` = :user");
+  $user = strtolower(trim($user));
+  $stmt = $pdo->prepare("SELECT `password` FROM `admin`
+      WHERE `superadmin` = '1'
+      AND `active` = '1'
+      AND `username` = :user");
   $stmt->execute(array(':user' => $user));
   $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-
-  foreach ($rows as $row) { 
+  foreach ($rows as $row) {
     // verify password
-    if (verify_hash($row['password'], $pass) !== false) {
-      if (!array_key_exists("app_passwd_id", $row)){ 
-        // password is not a app password
-        // check for tfa authenticators
-        $authenticators = get_tfa($user);
-        if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$is_internal) {
-          // authenticators found, init TFA flow
-          $_SESSION['pending_mailcow_cc_username'] = $user;
-          $_SESSION['pending_mailcow_cc_role'] = "user";
-          $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
-          unset($_SESSION['ldelay']);
-          $_SESSION['return'][] =  array(
-            'type' => 'success',
-            'log' => array(__FUNCTION__, $user, '*'),
-            'msg' => array('logged_in_as', $user)
-          );
-          return "pending";
-        } else if (!isset($authenticators['additional']) || !is_array($authenticators['additional']) || count($authenticators['additional']) == 0) {
-          // no authenticators found, login successfull
-          if (!$is_internal){
-            unset($_SESSION['ldelay']);
-            // Reactivate TFA if it was set to "deactivate TFA for next login"
-            $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
-            $stmt->execute(array(':user' => $user));
-            $_SESSION['return'][] =  array(
-              'type' => 'success',
-              'log' => array(__FUNCTION__, $user, '*'),
-              'msg' => array('logged_in_as', $user)
-            );
-          }
-          return "user";
-        }
+    if (verify_hash($row['password'], $pass)) {
+      // check for tfa authenticators
+      $authenticators = get_tfa($user);
+      if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) {
+        // active tfa authenticators found, set pending user login
+        $_SESSION['pending_mailcow_cc_username'] = $user;
+        $_SESSION['pending_mailcow_cc_role'] = "admin";
+        $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
+        unset($_SESSION['ldelay']);
+        $_SESSION['return'][] =  array(
+          'type' => 'info',
+          'log' => array(__FUNCTION__, $user, '*'),
+          'msg' => 'awaiting_tfa_confirmation'
+        );
+        return "pending";
+      } else {
+        unset($_SESSION['ldelay']);
+        // Reactivate TFA if it was set to "deactivate TFA for next login"
+        $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
+        $stmt->execute(array(':user' => $user));
+        $_SESSION['return'][] =  array(
+          'type' => 'success',
+          'log' => array(__FUNCTION__, $user, '*'),
+          'msg' => array('logged_in_as', $user)
+        );
+        return "admin";
       }
     }
   }
@@ -198,44 +166,53 @@ function mailcow_domainadmin_login($user, $pass){
 
   return false;
 }
-function mailcow_admin_login($user, $pass){
+function mailcow_mbox_login($user, $pass, $app_passwd_data = false, $is_internal = false){
   global $pdo;
 
-  $user = strtolower(trim($user));
-  $stmt = $pdo->prepare("SELECT `password` FROM `admin`
-      WHERE `superadmin` = '1'
-      AND `active` = '1'
-      AND `username` = :user");
+  $stmt = $pdo->prepare("SELECT * FROM `mailbox`
+      INNER JOIN domain on mailbox.domain = domain.domain
+      WHERE `kind` NOT REGEXP 'location|thing|group'
+        AND `mailbox`.`active`='1'
+        AND `domain`.`active`='1'
+        AND (`mailbox`.`authsource`='mailcow' OR `mailbox`.`authsource` IS NULL)
+        AND `username` = :user");
   $stmt->execute(array(':user' => $user));
   $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-  foreach ($rows as $row) {
+
+  foreach ($rows as $row) { 
     // verify password
-    if (verify_hash($row['password'], $pass)) {
-      // check for tfa authenticators
-      $authenticators = get_tfa($user);
-      if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) {
-        // active tfa authenticators found, set pending user login
-        $_SESSION['pending_mailcow_cc_username'] = $user;
-        $_SESSION['pending_mailcow_cc_role'] = "admin";
-        $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
-        unset($_SESSION['ldelay']);
-        $_SESSION['return'][] =  array(
-          'type' => 'info',
-          'log' => array(__FUNCTION__, $user, '*'),
-          'msg' => 'awaiting_tfa_confirmation'
-        );
-        return "pending";
-      } else {
-        unset($_SESSION['ldelay']);
-        // Reactivate TFA if it was set to "deactivate TFA for next login"
-        $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
-        $stmt->execute(array(':user' => $user));
-        $_SESSION['return'][] =  array(
-          'type' => 'success',
-          'log' => array(__FUNCTION__, $user, '*'),
-          'msg' => array('logged_in_as', $user)
-        );
-        return "admin";
+    if (verify_hash($row['password'], $pass) !== false) {
+      if (!array_key_exists("app_passwd_id", $row)){ 
+        // password is not a app password
+        // check for tfa authenticators
+        $authenticators = get_tfa($user);
+        if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$is_internal) {
+          // authenticators found, init TFA flow
+          $_SESSION['pending_mailcow_cc_username'] = $user;
+          $_SESSION['pending_mailcow_cc_role'] = "user";
+          $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
+          unset($_SESSION['ldelay']);
+          $_SESSION['return'][] =  array(
+            'type' => 'success',
+            'log' => array(__FUNCTION__, $user, '*'),
+            'msg' => array('logged_in_as', $user)
+          );
+          return "pending";
+        } else if (!isset($authenticators['additional']) || !is_array($authenticators['additional']) || count($authenticators['additional']) == 0) {
+          // no authenticators found, login successfull
+          if (!$is_internal){
+            unset($_SESSION['ldelay']);
+            // Reactivate TFA if it was set to "deactivate TFA for next login"
+            $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
+            $stmt->execute(array(':user' => $user));
+            $_SESSION['return'][] =  array(
+              'type' => 'success',
+              'log' => array(__FUNCTION__, $user, '*'),
+              'msg' => array('logged_in_as', $user)
+            );
+          }
+          return "user";
+        }
       }
     }
   }
@@ -315,24 +292,7 @@ function keycloak_mbox_login_rest($user, $pass, $iam_settings, $is_internal = fa
   global $pdo;
 
   // get access_token for service account of mailcow client
-  $url = "{$iam_settings['server_url']}/realms/{$iam_settings['realm']}/protocol/openid-connect/token";
-  $req = http_build_query(array(
-    'grant_type'    => 'client_credentials',
-    'client_id'     => $iam_settings['client_id'],
-    'client_secret' => $iam_settings['client_secret']
-  ));
-  $curl = curl_init();
-  curl_setopt($curl, CURLOPT_URL, $url);
-  curl_setopt($curl, CURLOPT_POST, 1);
-  curl_setopt($curl, CURLOPT_POSTFIELDS, $req);
-  curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
-  curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
-  $mcclient_res = json_decode(curl_exec($curl), true);
-  $code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
-  curl_close ($curl);
-  if ($code != 200) {
-    return false;
-  }
+  $admin_token = identity_provider("get-keycloak-admin-token");
 
   // get the mailcow_password attribute from keycloak user
   $url = "{$iam_settings['server_url']}/admin/realms/{$iam_settings['realm']}/users";
@@ -342,7 +302,7 @@ function keycloak_mbox_login_rest($user, $pass, $iam_settings, $is_internal = fa
   curl_setopt($curl, CURLOPT_URL, $url . '?' . $queryString);
   curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
   curl_setopt($curl, CURLOPT_HTTPHEADER, array(
-      'Authorization: Bearer ' . $mcclient_res['access_token'],
+      'Authorization: Bearer ' . $admin_token,
       'Content-Type: application/json'
   ));
   $user_res = json_decode(curl_exec($curl), true)[0];
@@ -352,8 +312,6 @@ function keycloak_mbox_login_rest($user, $pass, $iam_settings, $is_internal = fa
     return false;
   }
 
-  
-
   // validate mailcow_password
   $mailcow_password = $user_res['attributes']['mailcow_password'][0];
   if (!verify_hash($mailcow_password, $pass)) {
@@ -388,24 +346,19 @@ function keycloak_mbox_login_rest($user, $pass, $iam_settings, $is_internal = fa
     // no matching template found
     return false;
   }
-  $stmt = $pdo->prepare("SELECT * FROM `templates` 
-  WHERE `template` = :template AND type = 'mailbox'");
-  $stmt->execute(array(
-    ":template" => $mbox_template
-  ));
-  $mbox_template_data = $stmt->fetch(PDO::FETCH_ASSOC);
-  if (empty($mbox_template_data)){
-    return false;
-  }
 
-  $mbox_template_data = json_decode($mbox_template_data["attributes"], true);
-  $mbox_template_data['domain'] = explode('@', $user)[1];
-  $mbox_template_data['local_part'] = explode('@', $user)[0];
-  $mbox_template_data['authsource'] = 'keycloak';
-  $_SESSION['iam_create_login'] = true;
-  $create_res = mailbox('add', 'mailbox', $mbox_template_data);
-  $_SESSION['iam_create_login'] = false;
-  if (!$create_res){
+  // create mailbox
+  $create_res = mailbox('add', 'mailbox_from_template', array(
+    'domain' => explode('@', $user)[1],
+    'local_part' => explode('@', $user)[0],
+    'authsource' => 'keycloak',
+    'template' => $mbox_template
+  ));
+  if (!$create_res) return false;
+
+  // check if created mailbox from template is even active
+  // maybe dont even create it if active != 1
+  if ($mailbox_attributes['active'] != 1){
     return false;
   }
 

From b251c58b23e134082ae877a40b39d6adec5ad65a Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 16 May 2023 12:48:30 +0200
Subject: [PATCH 071/755] update gitignore

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index e1e8e8882..22ea38bd0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,6 +17,7 @@ data/conf/dovecot/mail_replica.conf
 data/conf/dovecot/global_sieve_*
 data/conf/dovecot/last_login
 data/conf/dovecot/lua
+data/conf/dovecot/auth/passwd-verify.lua
 data/conf/dovecot/mail_plugins*
 data/conf/dovecot/shared_namespace.conf
 data/conf/dovecot/sni.conf

From a805d3b2e3123b9e7adba5dfae405cadc4011431 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 16 May 2023 13:21:17 +0200
Subject: [PATCH 072/755] [Web] add league/oauth2-client

---
 data/web/inc/lib/composer.json                |   3 +-
 data/web/inc/lib/composer.lock                |  14 +--
 .../inc/lib/vendor/composer/autoload_psr4.php |   2 +-
 .../lib/vendor/composer/autoload_static.php   |   4 +-
 .../inc/lib/vendor/composer/installed.json    |  14 +--
 .../web/inc/lib/vendor/composer/installed.php |  10 +-
 .../lib/vendor/league/oauth2-client/README.md |   2 +-
 .../src/Provider/AbstractProvider.php         | 106 +++++++++++++++++-
 .../Exception/IdentityProviderException.php   |   4 +-
 .../src/Provider/GenericProvider.php          |  14 +++
 10 files changed, 143 insertions(+), 30 deletions(-)

diff --git a/data/web/inc/lib/composer.json b/data/web/inc/lib/composer.json
index cc1fc7dd4..c2fef5fb1 100644
--- a/data/web/inc/lib/composer.json
+++ b/data/web/inc/lib/composer.json
@@ -10,6 +10,7 @@
         "mustangostang/spyc": "^0.6.3",
         "directorytree/ldaprecord": "^2.4",
         "twig/twig": "^3.0",
-        "stevenmaguire/oauth2-keycloak": "^3.2"
+        "stevenmaguire/oauth2-keycloak": "^3.2",
+        "league/oauth2-client": "^2.7"
     }
 }
diff --git a/data/web/inc/lib/composer.lock b/data/web/inc/lib/composer.lock
index c03fe1c29..349056afc 100644
--- a/data/web/inc/lib/composer.lock
+++ b/data/web/inc/lib/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "65fe6638523a3a93c55e67a061725223",
+    "content-hash": "ee35a2bf8c80a87b6825c3e86635f709",
     "packages": [
         {
             "name": "bshaffer/oauth2-server-php",
@@ -654,16 +654,16 @@
         },
         {
             "name": "league/oauth2-client",
-            "version": "2.6.1",
+            "version": "2.7.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/thephpleague/oauth2-client.git",
-                "reference": "2334c249907190c132364f5dae0287ab8666aa19"
+                "reference": "160d6274b03562ebeb55ed18399281d8118b76c8"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/thephpleague/oauth2-client/zipball/2334c249907190c132364f5dae0287ab8666aa19",
-                "reference": "2334c249907190c132364f5dae0287ab8666aa19",
+                "url": "https://api.github.com/repos/thephpleague/oauth2-client/zipball/160d6274b03562ebeb55ed18399281d8118b76c8",
+                "reference": "160d6274b03562ebeb55ed18399281d8118b76c8",
                 "shasum": ""
             },
             "require": {
@@ -718,9 +718,9 @@
             ],
             "support": {
                 "issues": "https://github.com/thephpleague/oauth2-client/issues",
-                "source": "https://github.com/thephpleague/oauth2-client/tree/2.6.1"
+                "source": "https://github.com/thephpleague/oauth2-client/tree/2.7.0"
             },
-            "time": "2021-12-22T16:42:49+00:00"
+            "time": "2023-04-16T18:19:15+00:00"
         },
         {
             "name": "matthiasmullie/minify",
diff --git a/data/web/inc/lib/vendor/composer/autoload_psr4.php b/data/web/inc/lib/vendor/composer/autoload_psr4.php
index 6112acbac..8e959eac3 100644
--- a/data/web/inc/lib/vendor/composer/autoload_psr4.php
+++ b/data/web/inc/lib/vendor/composer/autoload_psr4.php
@@ -18,7 +18,7 @@ return array(
     'RobThree\\Auth\\' => array($vendorDir . '/robthree/twofactorauth/lib'),
     'Psr\\SimpleCache\\' => array($vendorDir . '/psr/simple-cache/src'),
     'Psr\\Log\\' => array($vendorDir . '/psr/log/src'),
-    'Psr\\Http\\Message\\' => array($vendorDir . '/psr/http-message/src', $vendorDir . '/psr/http-factory/src'),
+    'Psr\\Http\\Message\\' => array($vendorDir . '/psr/http-factory/src', $vendorDir . '/psr/http-message/src'),
     'Psr\\Http\\Client\\' => array($vendorDir . '/psr/http-client/src'),
     'Psr\\Container\\' => array($vendorDir . '/psr/container/src'),
     'PhpMimeMailParser\\' => array($vendorDir . '/php-mime-mail-parser/php-mime-mail-parser/src'),
diff --git a/data/web/inc/lib/vendor/composer/autoload_static.php b/data/web/inc/lib/vendor/composer/autoload_static.php
index 440edffbc..27a95eda8 100644
--- a/data/web/inc/lib/vendor/composer/autoload_static.php
+++ b/data/web/inc/lib/vendor/composer/autoload_static.php
@@ -140,8 +140,8 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
         ),
         'Psr\\Http\\Message\\' => 
         array (
-            0 => __DIR__ . '/..' . '/psr/http-message/src',
-            1 => __DIR__ . '/..' . '/psr/http-factory/src',
+            0 => __DIR__ . '/..' . '/psr/http-factory/src',
+            1 => __DIR__ . '/..' . '/psr/http-message/src',
         ),
         'Psr\\Http\\Client\\' => 
         array (
diff --git a/data/web/inc/lib/vendor/composer/installed.json b/data/web/inc/lib/vendor/composer/installed.json
index cec6e781d..ef7cac481 100644
--- a/data/web/inc/lib/vendor/composer/installed.json
+++ b/data/web/inc/lib/vendor/composer/installed.json
@@ -668,17 +668,17 @@
         },
         {
             "name": "league/oauth2-client",
-            "version": "2.6.1",
-            "version_normalized": "2.6.1.0",
+            "version": "2.7.0",
+            "version_normalized": "2.7.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/thephpleague/oauth2-client.git",
-                "reference": "2334c249907190c132364f5dae0287ab8666aa19"
+                "reference": "160d6274b03562ebeb55ed18399281d8118b76c8"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/thephpleague/oauth2-client/zipball/2334c249907190c132364f5dae0287ab8666aa19",
-                "reference": "2334c249907190c132364f5dae0287ab8666aa19",
+                "url": "https://api.github.com/repos/thephpleague/oauth2-client/zipball/160d6274b03562ebeb55ed18399281d8118b76c8",
+                "reference": "160d6274b03562ebeb55ed18399281d8118b76c8",
                 "shasum": ""
             },
             "require": {
@@ -692,7 +692,7 @@
                 "phpunit/phpunit": "^5.7 || ^6.0 || ^9.5",
                 "squizlabs/php_codesniffer": "^2.3 || ^3.0"
             },
-            "time": "2021-12-22T16:42:49+00:00",
+            "time": "2023-04-16T18:19:15+00:00",
             "type": "library",
             "extra": {
                 "branch-alias": {
@@ -735,7 +735,7 @@
             ],
             "support": {
                 "issues": "https://github.com/thephpleague/oauth2-client/issues",
-                "source": "https://github.com/thephpleague/oauth2-client/tree/2.6.1"
+                "source": "https://github.com/thephpleague/oauth2-client/tree/2.7.0"
             },
             "install-path": "../league/oauth2-client"
         },
diff --git a/data/web/inc/lib/vendor/composer/installed.php b/data/web/inc/lib/vendor/composer/installed.php
index 07db23e07..a9737b061 100644
--- a/data/web/inc/lib/vendor/composer/installed.php
+++ b/data/web/inc/lib/vendor/composer/installed.php
@@ -3,7 +3,7 @@
         'name' => '__root__',
         'pretty_version' => 'dev-master',
         'version' => 'dev-master',
-        'reference' => 'ea394d702dd7fe05f9b28c818fd912c5a60e71f4',
+        'reference' => '07edec4ea50b8eedae10c28eba0b4b2774df537e',
         'type' => 'library',
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
@@ -13,7 +13,7 @@
         '__root__' => array(
             'pretty_version' => 'dev-master',
             'version' => 'dev-master',
-            'reference' => 'ea394d702dd7fe05f9b28c818fd912c5a60e71f4',
+            'reference' => '07edec4ea50b8eedae10c28eba0b4b2774df537e',
             'type' => 'library',
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),
@@ -98,9 +98,9 @@
             'dev_requirement' => false,
         ),
         'league/oauth2-client' => array(
-            'pretty_version' => '2.6.1',
-            'version' => '2.6.1.0',
-            'reference' => '2334c249907190c132364f5dae0287ab8666aa19',
+            'pretty_version' => '2.7.0',
+            'version' => '2.7.0.0',
+            'reference' => '160d6274b03562ebeb55ed18399281d8118b76c8',
             'type' => 'library',
             'install_path' => __DIR__ . '/../league/oauth2-client',
             'aliases' => array(),
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/README.md b/data/web/inc/lib/vendor/league/oauth2-client/README.md
index f35d53e8a..cbb449d48 100644
--- a/data/web/inc/lib/vendor/league/oauth2-client/README.md
+++ b/data/web/inc/lib/vendor/league/oauth2-client/README.md
@@ -6,7 +6,7 @@ This package provides a base for integrating with [OAuth 2.0](http://oauth.net/2
 [![Source Code](https://img.shields.io/badge/source-thephpleague/oauth2--client-blue.svg?style=flat-square)](https://github.com/thephpleague/oauth2-client)
 [![Latest Version](https://img.shields.io/github/release/thephpleague/oauth2-client.svg?style=flat-square)](https://github.com/thephpleague/oauth2-client/releases)
 [![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](https://github.com/thephpleague/oauth2-client/blob/master/LICENSE)
-[![Build Status](https://img.shields.io/github/workflow/status/thephpleague/oauth2-client/CI?label=CI&logo=github&style=flat-square)](https://github.com/thephpleague/oauth2-client/actions?query=workflow%3ACI)
+[![Build Status](https://img.shields.io/github/actions/workflow/status/thephpleague/oauth2-client/continuous-integration.yml?label=CI&logo=github&style=flat-square)](https://github.com/thephpleague/oauth2-client/actions?query=workflow%3ACI)
 [![Codecov Code Coverage](https://img.shields.io/codecov/c/gh/thephpleague/oauth2-client?label=codecov&logo=codecov&style=flat-square)](https://codecov.io/gh/thephpleague/oauth2-client)
 [![Total Downloads](https://img.shields.io/packagist/dt/league/oauth2-client.svg?style=flat-square)](https://packagist.org/packages/league/oauth2-client)
 
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/AbstractProvider.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/AbstractProvider.php
index d1679998c..293a54d6e 100644
--- a/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/AbstractProvider.php
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/AbstractProvider.php
@@ -17,6 +17,7 @@ namespace League\OAuth2\Client\Provider;
 use GuzzleHttp\Client as HttpClient;
 use GuzzleHttp\ClientInterface as HttpClientInterface;
 use GuzzleHttp\Exception\BadResponseException;
+use InvalidArgumentException;
 use League\OAuth2\Client\Grant\AbstractGrant;
 use League\OAuth2\Client\Grant\GrantFactory;
 use League\OAuth2\Client\OptionProvider\OptionProviderInterface;
@@ -44,7 +45,7 @@ abstract class AbstractProvider
     use QueryBuilderTrait;
 
     /**
-     * @var string Key used in a token response to identify the resource owner.
+     * @var string|null Key used in a token response to identify the resource owner.
      */
     const ACCESS_TOKEN_RESOURCE_OWNER_ID = null;
 
@@ -58,6 +59,19 @@ abstract class AbstractProvider
      */
     const METHOD_POST = 'POST';
 
+    /**
+     * @var string PKCE method used to fetch authorization token.
+     * The PKCE code challenge will be hashed with sha256 (recommended).
+     */
+    const PKCE_METHOD_S256 = 'S256';
+
+    /**
+     * @var string PKCE method used to fetch authorization token.
+     * The PKCE code challenge will be sent as plain text, this is NOT recommended.
+     * Only use `plain` if no other option is possible.
+     */
+    const PKCE_METHOD_PLAIN = 'plain';
+
     /**
      * @var string
      */
@@ -78,6 +92,11 @@ abstract class AbstractProvider
      */
     protected $state;
 
+    /**
+     * @var string|null
+     */
+    protected $pkceCode = null;
+
     /**
      * @var GrantFactory
      */
@@ -264,6 +283,32 @@ abstract class AbstractProvider
         return $this->state;
     }
 
+    /**
+     * Set the value of the pkceCode parameter.
+     *
+     * When using PKCE this should be set before requesting an access token.
+     *
+     * @param string $pkceCode
+     * @return self
+     */
+    public function setPkceCode($pkceCode)
+    {
+        $this->pkceCode = $pkceCode;
+        return $this;
+    }
+
+    /**
+     * Returns the current value of the pkceCode parameter.
+     *
+     * This can be accessed by the redirect handler during authorization.
+     *
+     * @return string|null
+     */
+    public function getPkceCode()
+    {
+        return $this->pkceCode;
+    }
+
     /**
      * Returns the base URL for authorizing a client.
      *
@@ -305,6 +350,27 @@ abstract class AbstractProvider
         return bin2hex(random_bytes($length / 2));
     }
 
+    /**
+     * Returns a new random string to use as PKCE code_verifier and
+     * hashed as code_challenge parameters in an authorization flow.
+     * Must be between 43 and 128 characters long.
+     *
+     * @param  int $length Length of the random string to be generated.
+     * @return string
+     */
+    protected function getRandomPkceCode($length = 64)
+    {
+        return substr(
+            strtr(
+                base64_encode(random_bytes($length)),
+                '+/',
+                '-_'
+            ),
+            0,
+            $length
+        );
+    }
+
     /**
      * Returns the default scopes used by this provider.
      *
@@ -326,6 +392,14 @@ abstract class AbstractProvider
         return ',';
     }
 
+    /**
+     * @return string|null
+     */
+    protected function getPkceMethod()
+    {
+        return null;
+    }
+
     /**
      * Returns authorization parameters based on provided options.
      *
@@ -355,6 +429,26 @@ abstract class AbstractProvider
         // Store the state as it may need to be accessed later on.
         $this->state = $options['state'];
 
+        $pkceMethod = $this->getPkceMethod();
+        if (!empty($pkceMethod)) {
+            $this->pkceCode = $this->getRandomPkceCode();
+            if ($pkceMethod === static::PKCE_METHOD_S256) {
+                $options['code_challenge'] = trim(
+                    strtr(
+                        base64_encode(hash('sha256', $this->pkceCode, true)),
+                        '+/',
+                        '-_'
+                    ),
+                    '='
+                );
+            } elseif ($pkceMethod === static::PKCE_METHOD_PLAIN) {
+                $options['code_challenge'] = $this->pkceCode;
+            } else {
+                throw new InvalidArgumentException('Unknown PKCE method "' . $pkceMethod . '".');
+            }
+            $options['code_challenge_method'] = $pkceMethod;
+        }
+
         // Business code layer might set a different redirect_uri parameter
         // depending on the context, leave it as-is
         if (!isset($options['redirect_uri'])) {
@@ -517,8 +611,8 @@ abstract class AbstractProvider
     /**
      * Requests an access token using a specified grant and option set.
      *
-     * @param  mixed $grant
-     * @param  array $options
+     * @param  mixed                $grant
+     * @param  array<string, mixed> $options
      * @throws IdentityProviderException
      * @return AccessTokenInterface
      */
@@ -532,6 +626,10 @@ abstract class AbstractProvider
             'redirect_uri'  => $this->redirectUri,
         ];
 
+        if (!empty($this->pkceCode)) {
+            $params['code_verifier'] = $this->pkceCode;
+        }
+
         $params   = $grant->prepareRequestParameters($params, $options);
         $request  = $this->getAccessTokenRequest($params);
         $response = $this->getParsedResponse($request);
@@ -564,7 +662,7 @@ abstract class AbstractProvider
      *
      * @param  string $method
      * @param  string $url
-     * @param  AccessTokenInterface|string $token
+     * @param  AccessTokenInterface|string|null $token
      * @param  array $options Any of "headers", "body", and "protocolVersion".
      * @return RequestInterface
      */
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/Exception/IdentityProviderException.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/Exception/IdentityProviderException.php
index 52b7e0353..55cb438fb 100644
--- a/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/Exception/IdentityProviderException.php
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/Exception/IdentityProviderException.php
@@ -27,7 +27,7 @@ class IdentityProviderException extends \Exception
     /**
      * @param string $message
      * @param int $code
-     * @param array|string $response The response body
+     * @param mixed $response The response body
      */
     public function __construct($message, $code, $response)
     {
@@ -39,7 +39,7 @@ class IdentityProviderException extends \Exception
     /**
      * Returns the exception's response body.
      *
-     * @return array|string
+     * @return mixed
      */
     public function getResponseBody()
     {
diff --git a/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/GenericProvider.php b/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/GenericProvider.php
index 74393ffda..0fc95f250 100644
--- a/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/GenericProvider.php
+++ b/data/web/inc/lib/vendor/league/oauth2-client/src/Provider/GenericProvider.php
@@ -78,6 +78,11 @@ class GenericProvider extends AbstractProvider
      */
     private $responseResourceOwnerId = 'id';
 
+    /**
+     * @var string|null
+     */
+    private $pkceMethod = null;
+
     /**
      * @param array $options
      * @param array $collaborators
@@ -114,6 +119,7 @@ class GenericProvider extends AbstractProvider
             'responseCode',
             'responseResourceOwnerId',
             'scopes',
+            'pkceMethod',
         ]);
     }
 
@@ -205,6 +211,14 @@ class GenericProvider extends AbstractProvider
         return $this->scopeSeparator ?: parent::getScopeSeparator();
     }
 
+    /**
+     * @inheritdoc
+     */
+    protected function getPkceMethod()
+    {
+        return $this->pkceMethod ?: parent::getPkceMethod();
+    }
+
     /**
      * @inheritdoc
      */

From cee771a3fb0ab6f2c188b9d9a6ff51bfa65da328 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 16 May 2023 13:31:40 +0200
Subject: [PATCH 073/755] [Web] update stevenmaguire/oauth2-keycloak and
 firebase/php-jwt

---
 data/web/inc/lib/composer.json                |   2 +-
 data/web/inc/lib/composer.lock                |  47 ++-
 .../inc/lib/vendor/composer/installed.json    |  49 ++-
 .../web/inc/lib/vendor/composer/installed.php |  16 +-
 .../lib/vendor/firebase/php-jwt/CHANGELOG.md  | 117 ++++++
 .../inc/lib/vendor/firebase/php-jwt/README.md | 330 ++++++++++-----
 .../lib/vendor/firebase/php-jwt/composer.json |  12 +-
 .../firebase/php-jwt/src/CachedKeySet.php     | 258 ++++++++++++
 .../lib/vendor/firebase/php-jwt/src/JWK.php   | 201 +++++++--
 .../lib/vendor/firebase/php-jwt/src/JWT.php   | 389 ++++++++++--------
 .../lib/vendor/firebase/php-jwt/src/Key.php   |  35 +-
 .../stevenmaguire/oauth2-keycloak/.travis.yml |   9 +-
 .../stevenmaguire/oauth2-keycloak/README.md   |   1 +
 .../oauth2-keycloak/composer.json             |  17 +-
 .../oauth2-keycloak/phpunit.xml.dist          |  45 +-
 .../test/src/Provider/KeycloakTest.php        | 124 ++++--
 16 files changed, 1203 insertions(+), 449 deletions(-)
 create mode 100644 data/web/inc/lib/vendor/firebase/php-jwt/CHANGELOG.md
 create mode 100644 data/web/inc/lib/vendor/firebase/php-jwt/src/CachedKeySet.php

diff --git a/data/web/inc/lib/composer.json b/data/web/inc/lib/composer.json
index c2fef5fb1..a803291f8 100644
--- a/data/web/inc/lib/composer.json
+++ b/data/web/inc/lib/composer.json
@@ -10,7 +10,7 @@
         "mustangostang/spyc": "^0.6.3",
         "directorytree/ldaprecord": "^2.4",
         "twig/twig": "^3.0",
-        "stevenmaguire/oauth2-keycloak": "^3.2",
+        "stevenmaguire/oauth2-keycloak": "^4.0",
         "league/oauth2-client": "^2.7"
     }
 }
diff --git a/data/web/inc/lib/composer.lock b/data/web/inc/lib/composer.lock
index 349056afc..0d55230c4 100644
--- a/data/web/inc/lib/composer.lock
+++ b/data/web/inc/lib/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "ee35a2bf8c80a87b6825c3e86635f709",
+    "content-hash": "8f5a147cdb147b935a158b86f47a4747",
     "packages": [
         {
             "name": "bshaffer/oauth2-server-php",
@@ -218,25 +218,31 @@
         },
         {
             "name": "firebase/php-jwt",
-            "version": "v5.5.1",
+            "version": "v6.5.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/firebase/php-jwt.git",
-                "reference": "83b609028194aa042ea33b5af2d41a7427de80e6"
+                "reference": "e94e7353302b0c11ec3cfff7180cd0b1743975d2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/firebase/php-jwt/zipball/83b609028194aa042ea33b5af2d41a7427de80e6",
-                "reference": "83b609028194aa042ea33b5af2d41a7427de80e6",
+                "url": "https://api.github.com/repos/firebase/php-jwt/zipball/e94e7353302b0c11ec3cfff7180cd0b1743975d2",
+                "reference": "e94e7353302b0c11ec3cfff7180cd0b1743975d2",
                 "shasum": ""
             },
             "require": {
-                "php": ">=5.3.0"
+                "php": "^7.4||^8.0"
             },
             "require-dev": {
-                "phpunit/phpunit": ">=4.8 <=9"
+                "guzzlehttp/guzzle": "^6.5||^7.4",
+                "phpspec/prophecy-phpunit": "^2.0",
+                "phpunit/phpunit": "^9.5",
+                "psr/cache": "^1.0||^2.0",
+                "psr/http-client": "^1.0",
+                "psr/http-factory": "^1.0"
             },
             "suggest": {
+                "ext-sodium": "Support EdDSA (Ed25519) signatures",
                 "paragonie/sodium_compat": "Support EdDSA (Ed25519) signatures when libsodium is not present"
             },
             "type": "library",
@@ -269,9 +275,9 @@
             ],
             "support": {
                 "issues": "https://github.com/firebase/php-jwt/issues",
-                "source": "https://github.com/firebase/php-jwt/tree/v5.5.1"
+                "source": "https://github.com/firebase/php-jwt/tree/v6.5.0"
             },
-            "time": "2021-11-08T20:18:51+00:00"
+            "time": "2023-05-12T15:47:07+00:00"
         },
         {
             "name": "guzzlehttp/guzzle",
@@ -1703,26 +1709,27 @@
         },
         {
             "name": "stevenmaguire/oauth2-keycloak",
-            "version": "3.2.0",
+            "version": "4.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/stevenmaguire/oauth2-keycloak.git",
-                "reference": "34e4824f5fa26aa8e90f1258859c75570c12d27a"
+                "reference": "05ead6bb6bcd2b6f96dfae87c769dcd3e5f6129d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/stevenmaguire/oauth2-keycloak/zipball/34e4824f5fa26aa8e90f1258859c75570c12d27a",
-                "reference": "34e4824f5fa26aa8e90f1258859c75570c12d27a",
+                "url": "https://api.github.com/repos/stevenmaguire/oauth2-keycloak/zipball/05ead6bb6bcd2b6f96dfae87c769dcd3e5f6129d",
+                "reference": "05ead6bb6bcd2b6f96dfae87c769dcd3e5f6129d",
                 "shasum": ""
             },
             "require": {
-                "firebase/php-jwt": "~4.0|~5.0",
-                "league/oauth2-client": "^2.0"
+                "firebase/php-jwt": "^4.0 || ^5.0 || ^6.0",
+                "league/oauth2-client": "^2.0",
+                "php": "~7.2 || ~8.0"
             },
             "require-dev": {
-                "mockery/mockery": "~0.9",
-                "phpunit/phpunit": "~4.0",
-                "squizlabs/php_codesniffer": "~2.0"
+                "mockery/mockery": "~1.5.0",
+                "phpunit/phpunit": "~9.6.4",
+                "squizlabs/php_codesniffer": "~3.7.0"
             },
             "type": "library",
             "extra": {
@@ -1757,9 +1764,9 @@
             ],
             "support": {
                 "issues": "https://github.com/stevenmaguire/oauth2-keycloak/issues",
-                "source": "https://github.com/stevenmaguire/oauth2-keycloak/tree/3.2.0"
+                "source": "https://github.com/stevenmaguire/oauth2-keycloak/tree/4.0.0"
             },
-            "time": "2022-12-16T12:46:38+00:00"
+            "time": "2023-03-14T09:43:47+00:00"
         },
         {
             "name": "symfony/deprecation-contracts",
diff --git a/data/web/inc/lib/vendor/composer/installed.json b/data/web/inc/lib/vendor/composer/installed.json
index ef7cac481..0b7725517 100644
--- a/data/web/inc/lib/vendor/composer/installed.json
+++ b/data/web/inc/lib/vendor/composer/installed.json
@@ -217,29 +217,35 @@
         },
         {
             "name": "firebase/php-jwt",
-            "version": "v5.5.1",
-            "version_normalized": "5.5.1.0",
+            "version": "v6.5.0",
+            "version_normalized": "6.5.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/firebase/php-jwt.git",
-                "reference": "83b609028194aa042ea33b5af2d41a7427de80e6"
+                "reference": "e94e7353302b0c11ec3cfff7180cd0b1743975d2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/firebase/php-jwt/zipball/83b609028194aa042ea33b5af2d41a7427de80e6",
-                "reference": "83b609028194aa042ea33b5af2d41a7427de80e6",
+                "url": "https://api.github.com/repos/firebase/php-jwt/zipball/e94e7353302b0c11ec3cfff7180cd0b1743975d2",
+                "reference": "e94e7353302b0c11ec3cfff7180cd0b1743975d2",
                 "shasum": ""
             },
             "require": {
-                "php": ">=5.3.0"
+                "php": "^7.4||^8.0"
             },
             "require-dev": {
-                "phpunit/phpunit": ">=4.8 <=9"
+                "guzzlehttp/guzzle": "^6.5||^7.4",
+                "phpspec/prophecy-phpunit": "^2.0",
+                "phpunit/phpunit": "^9.5",
+                "psr/cache": "^1.0||^2.0",
+                "psr/http-client": "^1.0",
+                "psr/http-factory": "^1.0"
             },
             "suggest": {
+                "ext-sodium": "Support EdDSA (Ed25519) signatures",
                 "paragonie/sodium_compat": "Support EdDSA (Ed25519) signatures when libsodium is not present"
             },
-            "time": "2021-11-08T20:18:51+00:00",
+            "time": "2023-05-12T15:47:07+00:00",
             "type": "library",
             "installation-source": "dist",
             "autoload": {
@@ -271,7 +277,7 @@
             ],
             "support": {
                 "issues": "https://github.com/firebase/php-jwt/issues",
-                "source": "https://github.com/firebase/php-jwt/tree/v5.5.1"
+                "source": "https://github.com/firebase/php-jwt/tree/v6.5.0"
             },
             "install-path": "../firebase/php-jwt"
         },
@@ -1759,29 +1765,30 @@
         },
         {
             "name": "stevenmaguire/oauth2-keycloak",
-            "version": "3.2.0",
-            "version_normalized": "3.2.0.0",
+            "version": "4.0.0",
+            "version_normalized": "4.0.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/stevenmaguire/oauth2-keycloak.git",
-                "reference": "34e4824f5fa26aa8e90f1258859c75570c12d27a"
+                "reference": "05ead6bb6bcd2b6f96dfae87c769dcd3e5f6129d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/stevenmaguire/oauth2-keycloak/zipball/34e4824f5fa26aa8e90f1258859c75570c12d27a",
-                "reference": "34e4824f5fa26aa8e90f1258859c75570c12d27a",
+                "url": "https://api.github.com/repos/stevenmaguire/oauth2-keycloak/zipball/05ead6bb6bcd2b6f96dfae87c769dcd3e5f6129d",
+                "reference": "05ead6bb6bcd2b6f96dfae87c769dcd3e5f6129d",
                 "shasum": ""
             },
             "require": {
-                "firebase/php-jwt": "~4.0|~5.0",
-                "league/oauth2-client": "^2.0"
+                "firebase/php-jwt": "^4.0 || ^5.0 || ^6.0",
+                "league/oauth2-client": "^2.0",
+                "php": "~7.2 || ~8.0"
             },
             "require-dev": {
-                "mockery/mockery": "~0.9",
-                "phpunit/phpunit": "~4.0",
-                "squizlabs/php_codesniffer": "~2.0"
+                "mockery/mockery": "~1.5.0",
+                "phpunit/phpunit": "~9.6.4",
+                "squizlabs/php_codesniffer": "~3.7.0"
             },
-            "time": "2022-12-16T12:46:38+00:00",
+            "time": "2023-03-14T09:43:47+00:00",
             "type": "library",
             "extra": {
                 "branch-alias": {
@@ -1816,7 +1823,7 @@
             ],
             "support": {
                 "issues": "https://github.com/stevenmaguire/oauth2-keycloak/issues",
-                "source": "https://github.com/stevenmaguire/oauth2-keycloak/tree/3.2.0"
+                "source": "https://github.com/stevenmaguire/oauth2-keycloak/tree/4.0.0"
             },
             "install-path": "../stevenmaguire/oauth2-keycloak"
         },
diff --git a/data/web/inc/lib/vendor/composer/installed.php b/data/web/inc/lib/vendor/composer/installed.php
index a9737b061..d7cc77743 100644
--- a/data/web/inc/lib/vendor/composer/installed.php
+++ b/data/web/inc/lib/vendor/composer/installed.php
@@ -3,7 +3,7 @@
         'name' => '__root__',
         'pretty_version' => 'dev-master',
         'version' => 'dev-master',
-        'reference' => '07edec4ea50b8eedae10c28eba0b4b2774df537e',
+        'reference' => '34e7b3f613661fe2b3c3eb1d316a63dfe111022e',
         'type' => 'library',
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
@@ -13,7 +13,7 @@
         '__root__' => array(
             'pretty_version' => 'dev-master',
             'version' => 'dev-master',
-            'reference' => '07edec4ea50b8eedae10c28eba0b4b2774df537e',
+            'reference' => '34e7b3f613661fe2b3c3eb1d316a63dfe111022e',
             'type' => 'library',
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),
@@ -53,9 +53,9 @@
             ),
         ),
         'firebase/php-jwt' => array(
-            'pretty_version' => 'v5.5.1',
-            'version' => '5.5.1.0',
-            'reference' => '83b609028194aa042ea33b5af2d41a7427de80e6',
+            'pretty_version' => 'v6.5.0',
+            'version' => '6.5.0.0',
+            'reference' => 'e94e7353302b0c11ec3cfff7180cd0b1743975d2',
             'type' => 'library',
             'install_path' => __DIR__ . '/../firebase/php-jwt',
             'aliases' => array(),
@@ -275,9 +275,9 @@
             'dev_requirement' => false,
         ),
         'stevenmaguire/oauth2-keycloak' => array(
-            'pretty_version' => '3.2.0',
-            'version' => '3.2.0.0',
-            'reference' => '34e4824f5fa26aa8e90f1258859c75570c12d27a',
+            'pretty_version' => '4.0.0',
+            'version' => '4.0.0.0',
+            'reference' => '05ead6bb6bcd2b6f96dfae87c769dcd3e5f6129d',
             'type' => 'library',
             'install_path' => __DIR__ . '/../stevenmaguire/oauth2-keycloak',
             'aliases' => array(),
diff --git a/data/web/inc/lib/vendor/firebase/php-jwt/CHANGELOG.md b/data/web/inc/lib/vendor/firebase/php-jwt/CHANGELOG.md
new file mode 100644
index 000000000..35e97fe86
--- /dev/null
+++ b/data/web/inc/lib/vendor/firebase/php-jwt/CHANGELOG.md
@@ -0,0 +1,117 @@
+# Changelog
+
+## [6.5.0](https://github.com/firebase/php-jwt/compare/v6.4.0...v6.5.0) (2023-05-12)
+
+
+### Bug Fixes
+
+* allow KID of '0' ([#505](https://github.com/firebase/php-jwt/issues/505)) ([9dc46a9](https://github.com/firebase/php-jwt/commit/9dc46a9c3e5801294249cfd2554c5363c9f9326a))
+
+
+### Miscellaneous Chores
+
+* drop support for PHP 7.3 ([#495](https://github.com/firebase/php-jwt/issues/495))
+
+## [6.4.0](https://github.com/firebase/php-jwt/compare/v6.3.2...v6.4.0) (2023-02-08)
+
+
+### Features
+
+* add support for W3C ES256K ([#462](https://github.com/firebase/php-jwt/issues/462)) ([213924f](https://github.com/firebase/php-jwt/commit/213924f51936291fbbca99158b11bd4ae56c2c95))
+* improve caching by only decoding jwks when necessary ([#486](https://github.com/firebase/php-jwt/issues/486)) ([78d3ed1](https://github.com/firebase/php-jwt/commit/78d3ed1073553f7d0bbffa6c2010009a0d483d5c))
+
+## [6.3.2](https://github.com/firebase/php-jwt/compare/v6.3.1...v6.3.2) (2022-11-01)
+
+
+### Bug Fixes
+
+* check kid before using as array index ([bad1b04](https://github.com/firebase/php-jwt/commit/bad1b040d0c736bbf86814c6b5ae614f517cf7bd))
+
+## [6.3.1](https://github.com/firebase/php-jwt/compare/v6.3.0...v6.3.1) (2022-11-01)
+
+
+### Bug Fixes
+
+* casing of GET for PSR compat ([#451](https://github.com/firebase/php-jwt/issues/451)) ([60b52b7](https://github.com/firebase/php-jwt/commit/60b52b71978790eafcf3b95cfbd83db0439e8d22))
+* string interpolation format for php 8.2 ([#446](https://github.com/firebase/php-jwt/issues/446)) ([2e07d8a](https://github.com/firebase/php-jwt/commit/2e07d8a1524d12b69b110ad649f17461d068b8f2))
+
+## 6.3.0 / 2022-07-15
+
+ - Added ES256 support to JWK parsing ([#399](https://github.com/firebase/php-jwt/pull/399))
+ - Fixed potential caching error in `CachedKeySet` by caching jwks as strings ([#435](https://github.com/firebase/php-jwt/pull/435))
+
+## 6.2.0 / 2022-05-14
+
+ - Added `CachedKeySet` ([#397](https://github.com/firebase/php-jwt/pull/397))
+ - Added `$defaultAlg` parameter to `JWT::parseKey` and `JWT::parseKeySet` ([#426](https://github.com/firebase/php-jwt/pull/426)).
+
+## 6.1.0 / 2022-03-23
+
+ - Drop support for PHP 5.3, 5.4, 5.5, 5.6, and 7.0
+ - Add parameter typing and return types where possible
+
+## 6.0.0 / 2022-01-24
+
+ - **Backwards-Compatibility Breaking Changes**: See the [Release Notes](https://github.com/firebase/php-jwt/releases/tag/v6.0.0) for more information.
+ - New Key object to prevent key/algorithm type confusion (#365)
+ - Add JWK support (#273)
+ - Add ES256 support (#256)
+ - Add ES384 support (#324)
+ - Add Ed25519 support (#343)
+
+## 5.0.0 / 2017-06-26
+- Support RS384 and RS512.
+  See [#117](https://github.com/firebase/php-jwt/pull/117). Thanks [@joostfaassen](https://github.com/joostfaassen)!
+- Add an example for RS256 openssl.
+  See [#125](https://github.com/firebase/php-jwt/pull/125). Thanks [@akeeman](https://github.com/akeeman)!
+- Detect invalid Base64 encoding in signature.
+  See [#162](https://github.com/firebase/php-jwt/pull/162). Thanks [@psignoret](https://github.com/psignoret)!
+- Update `JWT::verify` to handle OpenSSL errors.
+  See [#159](https://github.com/firebase/php-jwt/pull/159). Thanks [@bshaffer](https://github.com/bshaffer)!
+- Add `array` type hinting to `decode` method
+  See [#101](https://github.com/firebase/php-jwt/pull/101). Thanks [@hywak](https://github.com/hywak)!
+- Add all JSON error types.
+  See [#110](https://github.com/firebase/php-jwt/pull/110). Thanks [@gbalduzzi](https://github.com/gbalduzzi)!
+- Bugfix 'kid' not in given key list.
+  See [#129](https://github.com/firebase/php-jwt/pull/129). Thanks [@stampycode](https://github.com/stampycode)!
+- Miscellaneous cleanup, documentation and test fixes.
+  See [#107](https://github.com/firebase/php-jwt/pull/107), [#115](https://github.com/firebase/php-jwt/pull/115),
+  [#160](https://github.com/firebase/php-jwt/pull/160), [#161](https://github.com/firebase/php-jwt/pull/161), and
+  [#165](https://github.com/firebase/php-jwt/pull/165). Thanks [@akeeman](https://github.com/akeeman),
+  [@chinedufn](https://github.com/chinedufn), and [@bshaffer](https://github.com/bshaffer)!
+
+## 4.0.0 / 2016-07-17
+- Add support for late static binding. See [#88](https://github.com/firebase/php-jwt/pull/88) for details. Thanks to [@chappy84](https://github.com/chappy84)!
+- Use static `$timestamp` instead of `time()` to improve unit testing. See [#93](https://github.com/firebase/php-jwt/pull/93) for details. Thanks to [@josephmcdermott](https://github.com/josephmcdermott)!
+- Fixes to exceptions classes. See [#81](https://github.com/firebase/php-jwt/pull/81) for details. Thanks to [@Maks3w](https://github.com/Maks3w)!
+- Fixes to PHPDoc. See [#76](https://github.com/firebase/php-jwt/pull/76) for details. Thanks to [@akeeman](https://github.com/akeeman)!
+
+## 3.0.0 / 2015-07-22
+- Minimum PHP version updated from `5.2.0` to `5.3.0`.
+- Add `\Firebase\JWT` namespace. See
+[#59](https://github.com/firebase/php-jwt/pull/59) for details. Thanks to
+[@Dashron](https://github.com/Dashron)!
+- Require a non-empty key to decode and verify a JWT. See
+[#60](https://github.com/firebase/php-jwt/pull/60) for details. Thanks to
+[@sjones608](https://github.com/sjones608)!
+- Cleaner documentation blocks in the code. See
+[#62](https://github.com/firebase/php-jwt/pull/62) for details. Thanks to
+[@johanderuijter](https://github.com/johanderuijter)!
+
+## 2.2.0 / 2015-06-22
+- Add support for adding custom, optional JWT headers to `JWT::encode()`. See
+[#53](https://github.com/firebase/php-jwt/pull/53/files) for details. Thanks to
+[@mcocaro](https://github.com/mcocaro)!
+
+## 2.1.0 / 2015-05-20
+- Add support for adding a leeway to `JWT:decode()` that accounts for clock skew
+between signing and verifying entities. Thanks to [@lcabral](https://github.com/lcabral)!
+- Add support for passing an object implementing the `ArrayAccess` interface for
+`$keys` argument in `JWT::decode()`. Thanks to [@aztech-dev](https://github.com/aztech-dev)!
+
+## 2.0.0 / 2015-04-01
+- **Note**: It is strongly recommended that you update to > v2.0.0 to address
+  known security vulnerabilities in prior versions when both symmetric and
+  asymmetric keys are used together.
+- Update signature for `JWT::decode(...)` to require an array of supported
+  algorithms to use when verifying token signatures.
diff --git a/data/web/inc/lib/vendor/firebase/php-jwt/README.md b/data/web/inc/lib/vendor/firebase/php-jwt/README.md
index 1d392cd12..f03826673 100644
--- a/data/web/inc/lib/vendor/firebase/php-jwt/README.md
+++ b/data/web/inc/lib/vendor/firebase/php-jwt/README.md
@@ -1,4 +1,4 @@
-[![Build Status](https://travis-ci.org/firebase/php-jwt.png?branch=master)](https://travis-ci.org/firebase/php-jwt)
+![Build Status](https://github.com/firebase/php-jwt/actions/workflows/tests.yml/badge.svg)
 [![Latest Stable Version](https://poser.pugx.org/firebase/php-jwt/v/stable)](https://packagist.org/packages/firebase/php-jwt)
 [![Total Downloads](https://poser.pugx.org/firebase/php-jwt/downloads)](https://packagist.org/packages/firebase/php-jwt)
 [![License](https://poser.pugx.org/firebase/php-jwt/license)](https://packagist.org/packages/firebase/php-jwt)
@@ -29,13 +29,13 @@ Example
 use Firebase\JWT\JWT;
 use Firebase\JWT\Key;
 
-$key = "example_key";
-$payload = array(
-    "iss" => "http://example.org",
-    "aud" => "http://example.com",
-    "iat" => 1356999524,
-    "nbf" => 1357000000
-);
+$key = 'example_key';
+$payload = [
+    'iss' => 'http://example.org',
+    'aud' => 'http://example.com',
+    'iat' => 1356999524,
+    'nbf' => 1357000000
+];
 
 /**
  * IMPORTANT:
@@ -65,6 +65,40 @@ $decoded_array = (array) $decoded;
 JWT::$leeway = 60; // $leeway in seconds
 $decoded = JWT::decode($jwt, new Key($key, 'HS256'));
 ```
+Example encode/decode headers
+-------
+Decoding the JWT headers without verifying the JWT first is NOT recommended, and is not supported by
+this library. This is because without verifying the JWT, the header values could have been tampered with.
+Any value pulled from an unverified header should be treated as if it could be any string sent in from an
+attacker.  If this is something you still want to do in your application for whatever reason, it's possible to 
+decode the header values manually simply by calling `json_decode` and `base64_decode` on the JWT 
+header part:
+```php
+use Firebase\JWT\JWT;
+
+$key = 'example_key';
+$payload = [
+    'iss' => 'http://example.org',
+    'aud' => 'http://example.com',
+    'iat' => 1356999524,
+    'nbf' => 1357000000
+];
+
+$headers = [
+    'x-forwarded-for' => 'www.google.com'
+];
+
+// Encode headers in the JWT string
+$jwt = JWT::encode($payload, $key, 'HS256', null, $headers);
+
+// Decode headers from the JWT string WITHOUT validation
+// **IMPORTANT**: This operation is vulnerable to attacks, as the JWT has not yet been verified.
+// These headers could be any value sent by an attacker.
+list($headersB64, $payloadB64, $sig) = explode('.', $jwt);
+$decoded = json_decode(base64_decode($headersB64), true);
+
+print_r($decoded);
+```
 Example with RS256 (openssl)
 ----------------------------
 ```php
@@ -73,37 +107,52 @@ use Firebase\JWT\Key;
 
 $privateKey = <<<EOD
 -----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC8kGa1pSjbSYZVebtTRBLxBz5H4i2p/llLCrEeQhta5kaQu/Rn
-vuER4W8oDH3+3iuIYW4VQAzyqFpwuzjkDI+17t5t0tyazyZ8JXw+KgXTxldMPEL9
-5+qVhgXvwtihXC1c5oGbRlEDvDF6Sa53rcFVsYJ4ehde/zUxo6UvS7UrBQIDAQAB
-AoGAb/MXV46XxCFRxNuB8LyAtmLDgi/xRnTAlMHjSACddwkyKem8//8eZtw9fzxz
-bWZ/1/doQOuHBGYZU8aDzzj59FZ78dyzNFoF91hbvZKkg+6wGyd/LrGVEB+Xre0J
-Nil0GReM2AHDNZUYRv+HYJPIOrB0CRczLQsgFJ8K6aAD6F0CQQDzbpjYdx10qgK1
-cP59UHiHjPZYC0loEsk7s+hUmT3QHerAQJMZWC11Qrn2N+ybwwNblDKv+s5qgMQ5
-5tNoQ9IfAkEAxkyffU6ythpg/H0Ixe1I2rd0GbF05biIzO/i77Det3n4YsJVlDck
-ZkcvY3SK2iRIL4c9yY6hlIhs+K9wXTtGWwJBAO9Dskl48mO7woPR9uD22jDpNSwe
-k90OMepTjzSvlhjbfuPN1IdhqvSJTDychRwn1kIJ7LQZgQ8fVz9OCFZ/6qMCQGOb
-qaGwHmUK6xzpUbbacnYrIM6nLSkXgOAwv7XXCojvY614ILTK3iXiLBOxPu5Eu13k
-eUz9sHyD6vkgZzjtxXECQAkp4Xerf5TGfQXGXhxIX52yH+N2LtujCdkQZjXAsGdm
-B2zNzvrlgRmgBrklMTrMYgm1NPcW+bRLGcwgW2PTvNM=
+MIIEowIBAAKCAQEAuzWHNM5f+amCjQztc5QTfJfzCC5J4nuW+L/aOxZ4f8J3Frew
+M2c/dufrnmedsApb0By7WhaHlcqCh/ScAPyJhzkPYLae7bTVro3hok0zDITR8F6S
+JGL42JAEUk+ILkPI+DONM0+3vzk6Kvfe548tu4czCuqU8BGVOlnp6IqBHhAswNMM
+78pos/2z0CjPM4tbeXqSTTbNkXRboxjU29vSopcT51koWOgiTf3C7nJUoMWZHZI5
+HqnIhPAG9yv8HAgNk6CMk2CadVHDo4IxjxTzTTqo1SCSH2pooJl9O8at6kkRYsrZ
+WwsKlOFE2LUce7ObnXsYihStBUDoeBQlGG/BwQIDAQABAoIBAFtGaOqNKGwggn9k
+6yzr6GhZ6Wt2rh1Xpq8XUz514UBhPxD7dFRLpbzCrLVpzY80LbmVGJ9+1pJozyWc
+VKeCeUdNwbqkr240Oe7GTFmGjDoxU+5/HX/SJYPpC8JZ9oqgEA87iz+WQX9hVoP2
+oF6EB4ckDvXmk8FMwVZW2l2/kd5mrEVbDaXKxhvUDf52iVD+sGIlTif7mBgR99/b
+c3qiCnxCMmfYUnT2eh7Vv2LhCR/G9S6C3R4lA71rEyiU3KgsGfg0d82/XWXbegJW
+h3QbWNtQLxTuIvLq5aAryV3PfaHlPgdgK0ft6ocU2de2FagFka3nfVEyC7IUsNTK
+bq6nhAECgYEA7d/0DPOIaItl/8BWKyCuAHMss47j0wlGbBSHdJIiS55akMvnAG0M
+39y22Qqfzh1at9kBFeYeFIIU82ZLF3xOcE3z6pJZ4Dyvx4BYdXH77odo9uVK9s1l
+3T3BlMcqd1hvZLMS7dviyH79jZo4CXSHiKzc7pQ2YfK5eKxKqONeXuECgYEAyXlG
+vonaus/YTb1IBei9HwaccnQ/1HRn6MvfDjb7JJDIBhNClGPt6xRlzBbSZ73c2QEC
+6Fu9h36K/HZ2qcLd2bXiNyhIV7b6tVKk+0Psoj0dL9EbhsD1OsmE1nTPyAc9XZbb
+OPYxy+dpBCUA8/1U9+uiFoCa7mIbWcSQ+39gHuECgYAz82pQfct30aH4JiBrkNqP
+nJfRq05UY70uk5k1u0ikLTRoVS/hJu/d4E1Kv4hBMqYCavFSwAwnvHUo51lVCr/y
+xQOVYlsgnwBg2MX4+GjmIkqpSVCC8D7j/73MaWb746OIYZervQ8dbKahi2HbpsiG
+8AHcVSA/agxZr38qvWV54QKBgCD5TlDE8x18AuTGQ9FjxAAd7uD0kbXNz2vUYg9L
+hFL5tyL3aAAtUrUUw4xhd9IuysRhW/53dU+FsG2dXdJu6CxHjlyEpUJl2iZu/j15
+YnMzGWHIEX8+eWRDsw/+Ujtko/B7TinGcWPz3cYl4EAOiCeDUyXnqnO1btCEUU44
+DJ1BAoGBAJuPD27ErTSVtId90+M4zFPNibFP50KprVdc8CR37BE7r8vuGgNYXmnI
+RLnGP9p3pVgFCktORuYS2J/6t84I3+A17nEoB4xvhTLeAinAW/uTQOUmNicOP4Ek
+2MsLL2kHgL8bLTmvXV4FX+PXphrDKg1XxzOYn0otuoqdAQrkK4og
 -----END RSA PRIVATE KEY-----
 EOD;
 
 $publicKey = <<<EOD
 -----BEGIN PUBLIC KEY-----
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8kGa1pSjbSYZVebtTRBLxBz5H
-4i2p/llLCrEeQhta5kaQu/RnvuER4W8oDH3+3iuIYW4VQAzyqFpwuzjkDI+17t5t
-0tyazyZ8JXw+KgXTxldMPEL95+qVhgXvwtihXC1c5oGbRlEDvDF6Sa53rcFVsYJ4
-ehde/zUxo6UvS7UrBQIDAQAB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzWHNM5f+amCjQztc5QT
+fJfzCC5J4nuW+L/aOxZ4f8J3FrewM2c/dufrnmedsApb0By7WhaHlcqCh/ScAPyJ
+hzkPYLae7bTVro3hok0zDITR8F6SJGL42JAEUk+ILkPI+DONM0+3vzk6Kvfe548t
+u4czCuqU8BGVOlnp6IqBHhAswNMM78pos/2z0CjPM4tbeXqSTTbNkXRboxjU29vS
+opcT51koWOgiTf3C7nJUoMWZHZI5HqnIhPAG9yv8HAgNk6CMk2CadVHDo4IxjxTz
+TTqo1SCSH2pooJl9O8at6kkRYsrZWwsKlOFE2LUce7ObnXsYihStBUDoeBQlGG/B
+wQIDAQAB
 -----END PUBLIC KEY-----
 EOD;
 
-$payload = array(
-    "iss" => "example.org",
-    "aud" => "example.com",
-    "iat" => 1356999524,
-    "nbf" => 1357000000
-);
+$payload = [
+    'iss' => 'example.org',
+    'aud' => 'example.com',
+    'iat' => 1356999524,
+    'nbf' => 1357000000
+];
 
 $jwt = JWT::encode($payload, $privateKey, 'RS256');
 echo "Encode:\n" . print_r($jwt, true) . "\n";
@@ -139,12 +188,12 @@ $privateKey = openssl_pkey_get_private(
     $passphrase
 );
 
-$payload = array(
-    "iss" => "example.org",
-    "aud" => "example.com",
-    "iat" => 1356999524,
-    "nbf" => 1357000000
-);
+$payload = [
+    'iss' => 'example.org',
+    'aud' => 'example.com',
+    'iat' => 1356999524,
+    'nbf' => 1357000000
+];
 
 $jwt = JWT::encode($payload, $privateKey, 'RS256');
 echo "Encode:\n" . print_r($jwt, true) . "\n";
@@ -173,12 +222,12 @@ $privateKey = base64_encode(sodium_crypto_sign_secretkey($keyPair));
 
 $publicKey = base64_encode(sodium_crypto_sign_publickey($keyPair));
 
-$payload = array(
-    "iss" => "example.org",
-    "aud" => "example.com",
-    "iat" => 1356999524,
-    "nbf" => 1357000000
-);
+$payload = [
+    'iss' => 'example.org',
+    'aud' => 'example.com',
+    'iat' => 1356999524,
+    'nbf' => 1357000000
+];
 
 $jwt = JWT::encode($payload, $privateKey, 'EdDSA');
 echo "Encode:\n" . print_r($jwt, true) . "\n";
@@ -187,6 +236,44 @@ $decoded = JWT::decode($jwt, new Key($publicKey, 'EdDSA'));
 echo "Decode:\n" . print_r((array) $decoded, true) . "\n";
 ````
 
+Example with multiple keys
+--------------------------
+```php
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+
+// Example RSA keys from previous example
+// $privateKey1 = '...';
+// $publicKey1 = '...';
+
+// Example EdDSA keys from previous example
+// $privateKey2 = '...';
+// $publicKey2 = '...';
+
+$payload = [
+    'iss' => 'example.org',
+    'aud' => 'example.com',
+    'iat' => 1356999524,
+    'nbf' => 1357000000
+];
+
+$jwt1 = JWT::encode($payload, $privateKey1, 'RS256', 'kid1');
+$jwt2 = JWT::encode($payload, $privateKey2, 'EdDSA', 'kid2');
+echo "Encode 1:\n" . print_r($jwt1, true) . "\n";
+echo "Encode 2:\n" . print_r($jwt2, true) . "\n";
+
+$keys = [
+    'kid1' => new Key($publicKey1, 'RS256'),
+    'kid2' => new Key($publicKey2, 'EdDSA'),
+];
+
+$decoded1 = JWT::decode($jwt1, $keys);
+$decoded2 = JWT::decode($jwt2, $keys);
+
+echo "Decode 1:\n" . print_r((array) $decoded1, true) . "\n";
+echo "Decode 2:\n" . print_r((array) $decoded2, true) . "\n";
+```
+
 Using JWKs
 ----------
 
@@ -198,72 +285,115 @@ use Firebase\JWT\JWT;
 // this endpoint: https://www.gstatic.com/iap/verify/public_key-jwk
 $jwks = ['keys' => []];
 
-// JWK::parseKeySet($jwks) returns an associative array of **kid** to private
-// key. Pass this as the second parameter to JWT::decode.
-// NOTE: The deprecated $supportedAlgorithm must be supplied when parsing from JWK.
-JWT::decode($payload, JWK::parseKeySet($jwks), $supportedAlgorithm);
+// JWK::parseKeySet($jwks) returns an associative array of **kid** to Firebase\JWT\Key
+// objects. Pass this as the second parameter to JWT::decode.
+JWT::decode($payload, JWK::parseKeySet($jwks));
 ```
 
-Changelog
----------
+Using Cached Key Sets
+---------------------
 
-#### 5.0.0 / 2017-06-26
-- Support RS384 and RS512.
-  See [#117](https://github.com/firebase/php-jwt/pull/117). Thanks [@joostfaassen](https://github.com/joostfaassen)!
-- Add an example for RS256 openssl.
-  See [#125](https://github.com/firebase/php-jwt/pull/125). Thanks [@akeeman](https://github.com/akeeman)!
-- Detect invalid Base64 encoding in signature.
-  See [#162](https://github.com/firebase/php-jwt/pull/162). Thanks [@psignoret](https://github.com/psignoret)!
-- Update `JWT::verify` to handle OpenSSL errors.
-  See [#159](https://github.com/firebase/php-jwt/pull/159). Thanks [@bshaffer](https://github.com/bshaffer)!
-- Add `array` type hinting to `decode` method
-  See [#101](https://github.com/firebase/php-jwt/pull/101). Thanks [@hywak](https://github.com/hywak)!
-- Add all JSON error types.
-  See [#110](https://github.com/firebase/php-jwt/pull/110). Thanks [@gbalduzzi](https://github.com/gbalduzzi)!
-- Bugfix 'kid' not in given key list.
-  See [#129](https://github.com/firebase/php-jwt/pull/129). Thanks [@stampycode](https://github.com/stampycode)!
-- Miscellaneous cleanup, documentation and test fixes.
-  See [#107](https://github.com/firebase/php-jwt/pull/107), [#115](https://github.com/firebase/php-jwt/pull/115),
-  [#160](https://github.com/firebase/php-jwt/pull/160), [#161](https://github.com/firebase/php-jwt/pull/161), and
-  [#165](https://github.com/firebase/php-jwt/pull/165). Thanks [@akeeman](https://github.com/akeeman),
-  [@chinedufn](https://github.com/chinedufn), and [@bshaffer](https://github.com/bshaffer)!
+The `CachedKeySet` class can be used to fetch and cache JWKS (JSON Web Key Sets) from a public URI.
+This has the following advantages:
 
-#### 4.0.0 / 2016-07-17
-- Add support for late static binding. See [#88](https://github.com/firebase/php-jwt/pull/88) for details. Thanks to [@chappy84](https://github.com/chappy84)!
-- Use static `$timestamp` instead of `time()` to improve unit testing. See [#93](https://github.com/firebase/php-jwt/pull/93) for details. Thanks to [@josephmcdermott](https://github.com/josephmcdermott)!
-- Fixes to exceptions classes. See [#81](https://github.com/firebase/php-jwt/pull/81) for details. Thanks to [@Maks3w](https://github.com/Maks3w)!
-- Fixes to PHPDoc. See [#76](https://github.com/firebase/php-jwt/pull/76) for details. Thanks to [@akeeman](https://github.com/akeeman)!
+1. The results are cached for performance.
+2. If an unrecognized key is requested, the cache is refreshed, to accomodate for key rotation.
+3. If rate limiting is enabled, the JWKS URI will not make more than 10 requests a second.
 
-#### 3.0.0 / 2015-07-22
-- Minimum PHP version updated from `5.2.0` to `5.3.0`.
-- Add `\Firebase\JWT` namespace. See
-[#59](https://github.com/firebase/php-jwt/pull/59) for details. Thanks to
-[@Dashron](https://github.com/Dashron)!
-- Require a non-empty key to decode and verify a JWT. See
-[#60](https://github.com/firebase/php-jwt/pull/60) for details. Thanks to
-[@sjones608](https://github.com/sjones608)!
-- Cleaner documentation blocks in the code. See
-[#62](https://github.com/firebase/php-jwt/pull/62) for details. Thanks to
-[@johanderuijter](https://github.com/johanderuijter)!
+```php
+use Firebase\JWT\CachedKeySet;
+use Firebase\JWT\JWT;
 
-#### 2.2.0 / 2015-06-22
-- Add support for adding custom, optional JWT headers to `JWT::encode()`. See
-[#53](https://github.com/firebase/php-jwt/pull/53/files) for details. Thanks to
-[@mcocaro](https://github.com/mcocaro)!
+// The URI for the JWKS you wish to cache the results from
+$jwksUri = 'https://www.gstatic.com/iap/verify/public_key-jwk';
 
-#### 2.1.0 / 2015-05-20
-- Add support for adding a leeway to `JWT:decode()` that accounts for clock skew
-between signing and verifying entities. Thanks to [@lcabral](https://github.com/lcabral)!
-- Add support for passing an object implementing the `ArrayAccess` interface for
-`$keys` argument in `JWT::decode()`. Thanks to [@aztech-dev](https://github.com/aztech-dev)!
+// Create an HTTP client (can be any PSR-7 compatible HTTP client)
+$httpClient = new GuzzleHttp\Client();
 
-#### 2.0.0 / 2015-04-01
-- **Note**: It is strongly recommended that you update to > v2.0.0 to address
-  known security vulnerabilities in prior versions when both symmetric and
-  asymmetric keys are used together.
-- Update signature for `JWT::decode(...)` to require an array of supported
-  algorithms to use when verifying token signatures.
+// Create an HTTP request factory (can be any PSR-17 compatible HTTP request factory)
+$httpFactory = new GuzzleHttp\Psr\HttpFactory();
 
+// Create a cache item pool (can be any PSR-6 compatible cache item pool)
+$cacheItemPool = Phpfastcache\CacheManager::getInstance('files');
+
+$keySet = new CachedKeySet(
+    $jwksUri,
+    $httpClient,
+    $httpFactory,
+    $cacheItemPool,
+    null, // $expiresAfter int seconds to set the JWKS to expire
+    true  // $rateLimit    true to enable rate limit of 10 RPS on lookup of invalid keys
+);
+
+$jwt = 'eyJhbGci...'; // Some JWT signed by a key from the $jwkUri above
+$decoded = JWT::decode($jwt, $keySet);
+```
+
+Miscellaneous
+-------------
+
+#### Exception Handling
+
+When a call to `JWT::decode` is invalid, it will throw one of the following exceptions:
+
+```php
+use Firebase\JWT\JWT;
+use Firebase\JWT\SignatureInvalidException;
+use Firebase\JWT\BeforeValidException;
+use Firebase\JWT\ExpiredException;
+use DomainException;
+use InvalidArgumentException;
+use UnexpectedValueException;
+
+try {
+    $decoded = JWT::decode($payload, $keys);
+} catch (InvalidArgumentException $e) {
+    // provided key/key-array is empty or malformed.
+} catch (DomainException $e) {
+    // provided algorithm is unsupported OR
+    // provided key is invalid OR
+    // unknown error thrown in openSSL or libsodium OR
+    // libsodium is required but not available.
+} catch (SignatureInvalidException $e) {
+    // provided JWT signature verification failed.
+} catch (BeforeValidException $e) {
+    // provided JWT is trying to be used before "nbf" claim OR
+    // provided JWT is trying to be used before "iat" claim.
+} catch (ExpiredException $e) {
+    // provided JWT is trying to be used after "exp" claim.
+} catch (UnexpectedValueException $e) {
+    // provided JWT is malformed OR
+    // provided JWT is missing an algorithm / using an unsupported algorithm OR
+    // provided JWT algorithm does not match provided key OR
+    // provided key ID in key/key-array is empty or invalid.
+}
+```
+
+All exceptions in the `Firebase\JWT` namespace extend `UnexpectedValueException`, and can be simplified
+like this:
+
+```php
+try {
+    $decoded = JWT::decode($payload, $keys);
+} catch (LogicException $e) {
+    // errors having to do with environmental setup or malformed JWT Keys
+} catch (UnexpectedValueException $e) {
+    // errors having to do with JWT signature and claims
+}
+```
+
+#### Casting to array
+
+The return value of `JWT::decode` is the generic PHP object `stdClass`. If you'd like to handle with arrays
+instead, you can do the following:
+
+```php
+// return type is stdClass
+$decoded = JWT::decode($payload, $keys);
+
+// cast to array
+$decoded = json_decode(json_encode($decoded), true);
+```
 
 Tests
 -----
diff --git a/data/web/inc/lib/vendor/firebase/php-jwt/composer.json b/data/web/inc/lib/vendor/firebase/php-jwt/composer.json
index 6146e2dcc..e23dfe378 100644
--- a/data/web/inc/lib/vendor/firebase/php-jwt/composer.json
+++ b/data/web/inc/lib/vendor/firebase/php-jwt/composer.json
@@ -20,10 +20,11 @@
     ],
     "license": "BSD-3-Clause",
     "require": {
-        "php": ">=5.3.0"
+        "php": "^7.4||^8.0"
     },
     "suggest": {
-        "paragonie/sodium_compat": "Support EdDSA (Ed25519) signatures when libsodium is not present"
+        "paragonie/sodium_compat": "Support EdDSA (Ed25519) signatures when libsodium is not present",
+        "ext-sodium": "Support EdDSA (Ed25519) signatures"
     },
     "autoload": {
         "psr-4": {
@@ -31,6 +32,11 @@
         }
     },
     "require-dev": {
-        "phpunit/phpunit": ">=4.8 <=9"
+        "guzzlehttp/guzzle": "^6.5||^7.4",
+        "phpspec/prophecy-phpunit": "^2.0",
+        "phpunit/phpunit": "^9.5",
+        "psr/cache": "^1.0||^2.0",
+        "psr/http-client": "^1.0",
+        "psr/http-factory": "^1.0"
     }
 }
diff --git a/data/web/inc/lib/vendor/firebase/php-jwt/src/CachedKeySet.php b/data/web/inc/lib/vendor/firebase/php-jwt/src/CachedKeySet.php
new file mode 100644
index 000000000..baf801f13
--- /dev/null
+++ b/data/web/inc/lib/vendor/firebase/php-jwt/src/CachedKeySet.php
@@ -0,0 +1,258 @@
+<?php
+
+namespace Firebase\JWT;
+
+use ArrayAccess;
+use InvalidArgumentException;
+use LogicException;
+use OutOfBoundsException;
+use Psr\Cache\CacheItemInterface;
+use Psr\Cache\CacheItemPoolInterface;
+use Psr\Http\Client\ClientInterface;
+use Psr\Http\Message\RequestFactoryInterface;
+use RuntimeException;
+use UnexpectedValueException;
+
+/**
+ * @implements ArrayAccess<string, Key>
+ */
+class CachedKeySet implements ArrayAccess
+{
+    /**
+     * @var string
+     */
+    private $jwksUri;
+    /**
+     * @var ClientInterface
+     */
+    private $httpClient;
+    /**
+     * @var RequestFactoryInterface
+     */
+    private $httpFactory;
+    /**
+     * @var CacheItemPoolInterface
+     */
+    private $cache;
+    /**
+     * @var ?int
+     */
+    private $expiresAfter;
+    /**
+     * @var ?CacheItemInterface
+     */
+    private $cacheItem;
+    /**
+     * @var array<string, array<mixed>>
+     */
+    private $keySet;
+    /**
+     * @var string
+     */
+    private $cacheKey;
+    /**
+     * @var string
+     */
+    private $cacheKeyPrefix = 'jwks';
+    /**
+     * @var int
+     */
+    private $maxKeyLength = 64;
+    /**
+     * @var bool
+     */
+    private $rateLimit;
+    /**
+     * @var string
+     */
+    private $rateLimitCacheKey;
+    /**
+     * @var int
+     */
+    private $maxCallsPerMinute = 10;
+    /**
+     * @var string|null
+     */
+    private $defaultAlg;
+
+    public function __construct(
+        string $jwksUri,
+        ClientInterface $httpClient,
+        RequestFactoryInterface $httpFactory,
+        CacheItemPoolInterface $cache,
+        int $expiresAfter = null,
+        bool $rateLimit = false,
+        string $defaultAlg = null
+    ) {
+        $this->jwksUri = $jwksUri;
+        $this->httpClient = $httpClient;
+        $this->httpFactory = $httpFactory;
+        $this->cache = $cache;
+        $this->expiresAfter = $expiresAfter;
+        $this->rateLimit = $rateLimit;
+        $this->defaultAlg = $defaultAlg;
+        $this->setCacheKeys();
+    }
+
+    /**
+     * @param string $keyId
+     * @return Key
+     */
+    public function offsetGet($keyId): Key
+    {
+        if (!$this->keyIdExists($keyId)) {
+            throw new OutOfBoundsException('Key ID not found');
+        }
+        return JWK::parseKey($this->keySet[$keyId], $this->defaultAlg);
+    }
+
+    /**
+     * @param string $keyId
+     * @return bool
+     */
+    public function offsetExists($keyId): bool
+    {
+        return $this->keyIdExists($keyId);
+    }
+
+    /**
+     * @param string $offset
+     * @param Key $value
+     */
+    public function offsetSet($offset, $value): void
+    {
+        throw new LogicException('Method not implemented');
+    }
+
+    /**
+     * @param string $offset
+     */
+    public function offsetUnset($offset): void
+    {
+        throw new LogicException('Method not implemented');
+    }
+
+    /**
+     * @return array<mixed>
+     */
+    private function formatJwksForCache(string $jwks): array
+    {
+        $jwks = json_decode($jwks, true);
+
+        if (!isset($jwks['keys'])) {
+            throw new UnexpectedValueException('"keys" member must exist in the JWK Set');
+        }
+
+        if (empty($jwks['keys'])) {
+            throw new InvalidArgumentException('JWK Set did not contain any keys');
+        }
+
+        $keys = [];
+        foreach ($jwks['keys'] as $k => $v) {
+            $kid = isset($v['kid']) ? $v['kid'] : $k;
+            $keys[(string) $kid] = $v;
+        }
+
+        return $keys;
+    }
+
+    private function keyIdExists(string $keyId): bool
+    {
+        if (null === $this->keySet) {
+            $item = $this->getCacheItem();
+            // Try to load keys from cache
+            if ($item->isHit()) {
+                // item found! retrieve it
+                $this->keySet = $item->get();
+                // If the cached item is a string, the JWKS response was cached (previous behavior).
+                // Parse this into expected format array<kid, jwk> instead.
+                if (\is_string($this->keySet)) {
+                    $this->keySet = $this->formatJwksForCache($this->keySet);
+                }
+            }
+        }
+
+        if (!isset($this->keySet[$keyId])) {
+            if ($this->rateLimitExceeded()) {
+                return false;
+            }
+            $request = $this->httpFactory->createRequest('GET', $this->jwksUri);
+            $jwksResponse = $this->httpClient->sendRequest($request);
+            $this->keySet = $this->formatJwksForCache((string) $jwksResponse->getBody());
+
+            if (!isset($this->keySet[$keyId])) {
+                return false;
+            }
+
+            $item = $this->getCacheItem();
+            $item->set($this->keySet);
+            if ($this->expiresAfter) {
+                $item->expiresAfter($this->expiresAfter);
+            }
+            $this->cache->save($item);
+        }
+
+        return true;
+    }
+
+    private function rateLimitExceeded(): bool
+    {
+        if (!$this->rateLimit) {
+            return false;
+        }
+
+        $cacheItem = $this->cache->getItem($this->rateLimitCacheKey);
+        if (!$cacheItem->isHit()) {
+            $cacheItem->expiresAfter(1); // # of calls are cached each minute
+        }
+
+        $callsPerMinute = (int) $cacheItem->get();
+        if (++$callsPerMinute > $this->maxCallsPerMinute) {
+            return true;
+        }
+        $cacheItem->set($callsPerMinute);
+        $this->cache->save($cacheItem);
+        return false;
+    }
+
+    private function getCacheItem(): CacheItemInterface
+    {
+        if (\is_null($this->cacheItem)) {
+            $this->cacheItem = $this->cache->getItem($this->cacheKey);
+        }
+
+        return $this->cacheItem;
+    }
+
+    private function setCacheKeys(): void
+    {
+        if (empty($this->jwksUri)) {
+            throw new RuntimeException('JWKS URI is empty');
+        }
+
+        // ensure we do not have illegal characters
+        $key = preg_replace('|[^a-zA-Z0-9_\.!]|', '', $this->jwksUri);
+
+        // add prefix
+        $key = $this->cacheKeyPrefix . $key;
+
+        // Hash keys if they exceed $maxKeyLength of 64
+        if (\strlen($key) > $this->maxKeyLength) {
+            $key = substr(hash('sha256', $key), 0, $this->maxKeyLength);
+        }
+
+        $this->cacheKey = $key;
+
+        if ($this->rateLimit) {
+            // add prefix
+            $rateLimitKey = $this->cacheKeyPrefix . 'ratelimit' . $key;
+
+            // Hash keys if they exceed $maxKeyLength of 64
+            if (\strlen($rateLimitKey) > $this->maxKeyLength) {
+                $rateLimitKey = substr(hash('sha256', $rateLimitKey), 0, $this->maxKeyLength);
+            }
+
+            $this->rateLimitCacheKey = $rateLimitKey;
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/firebase/php-jwt/src/JWK.php b/data/web/inc/lib/vendor/firebase/php-jwt/src/JWK.php
index 981a9ba7f..c7eff8ae4 100644
--- a/data/web/inc/lib/vendor/firebase/php-jwt/src/JWK.php
+++ b/data/web/inc/lib/vendor/firebase/php-jwt/src/JWK.php
@@ -20,12 +20,25 @@ use UnexpectedValueException;
  */
 class JWK
 {
+    private const OID = '1.2.840.10045.2.1';
+    private const ASN1_OBJECT_IDENTIFIER = 0x06;
+    private const ASN1_SEQUENCE = 0x10; // also defined in JWT
+    private const ASN1_BIT_STRING = 0x03;
+    private const EC_CURVES = [
+        'P-256' => '1.2.840.10045.3.1.7', // Len: 64
+        'secp256k1' => '1.3.132.0.10', // Len: 64
+        // 'P-384' => '1.3.132.0.34', // Len: 96 (not yet supported)
+        // 'P-521' => '1.3.132.0.35', // Len: 132 (not supported)
+    ];
+
     /**
      * Parse a set of JWK keys
      *
-     * @param array $jwks The JSON Web Key Set as an associative array
+     * @param array<mixed> $jwks The JSON Web Key Set as an associative array
+     * @param string       $defaultAlg The algorithm for the Key object if "alg" is not set in the
+     *                                 JSON Web Key Set
      *
-     * @return array An associative array that represents the set of keys
+     * @return array<string, Key> An associative array of key IDs (kid) to Key objects
      *
      * @throws InvalidArgumentException     Provided JWK Set is empty
      * @throws UnexpectedValueException     Provided JWK Set was invalid
@@ -33,21 +46,22 @@ class JWK
      *
      * @uses parseKey
      */
-    public static function parseKeySet(array $jwks)
+    public static function parseKeySet(array $jwks, string $defaultAlg = null): array
     {
-        $keys = array();
+        $keys = [];
 
         if (!isset($jwks['keys'])) {
             throw new UnexpectedValueException('"keys" member must exist in the JWK Set');
         }
+
         if (empty($jwks['keys'])) {
             throw new InvalidArgumentException('JWK Set did not contain any keys');
         }
 
         foreach ($jwks['keys'] as $k => $v) {
             $kid = isset($v['kid']) ? $v['kid'] : $k;
-            if ($key = self::parseKey($v)) {
-                $keys[$kid] = $key;
+            if ($key = self::parseKey($v, $defaultAlg)) {
+                $keys[(string) $kid] = $key;
             }
         }
 
@@ -61,9 +75,11 @@ class JWK
     /**
      * Parse a JWK key
      *
-     * @param array $jwk An individual JWK
+     * @param array<mixed> $jwk An individual JWK
+     * @param string       $defaultAlg The algorithm for the Key object if "alg" is not set in the
+     *                                 JSON Web Key Set
      *
-     * @return resource|array An associative array that represents the key
+     * @return Key The key object for the JWK
      *
      * @throws InvalidArgumentException     Provided JWK is empty
      * @throws UnexpectedValueException     Provided JWK was invalid
@@ -71,15 +87,27 @@ class JWK
      *
      * @uses createPemFromModulusAndExponent
      */
-    public static function parseKey(array $jwk)
+    public static function parseKey(array $jwk, string $defaultAlg = null): ?Key
     {
         if (empty($jwk)) {
             throw new InvalidArgumentException('JWK must not be empty');
         }
+
         if (!isset($jwk['kty'])) {
             throw new UnexpectedValueException('JWK must contain a "kty" parameter');
         }
 
+        if (!isset($jwk['alg'])) {
+            if (\is_null($defaultAlg)) {
+                // The "alg" parameter is optional in a KTY, but an algorithm is required
+                // for parsing in this library. Use the $defaultAlg parameter when parsing the
+                // key set in order to prevent this error.
+                // @see https://datatracker.ietf.org/doc/html/rfc7517#section-4.4
+                throw new UnexpectedValueException('JWK must contain an "alg" parameter');
+            }
+            $jwk['alg'] = $defaultAlg;
+        }
+
         switch ($jwk['kty']) {
             case 'RSA':
                 if (!empty($jwk['d'])) {
@@ -96,11 +124,72 @@ class JWK
                         'OpenSSL error: ' . \openssl_error_string()
                     );
                 }
-                return $publicKey;
+                return new Key($publicKey, $jwk['alg']);
+            case 'EC':
+                if (isset($jwk['d'])) {
+                    // The key is actually a private key
+                    throw new UnexpectedValueException('Key data must be for a public key');
+                }
+
+                if (empty($jwk['crv'])) {
+                    throw new UnexpectedValueException('crv not set');
+                }
+
+                if (!isset(self::EC_CURVES[$jwk['crv']])) {
+                    throw new DomainException('Unrecognised or unsupported EC curve');
+                }
+
+                if (empty($jwk['x']) || empty($jwk['y'])) {
+                    throw new UnexpectedValueException('x and y not set');
+                }
+
+                $publicKey = self::createPemFromCrvAndXYCoordinates($jwk['crv'], $jwk['x'], $jwk['y']);
+                return new Key($publicKey, $jwk['alg']);
             default:
                 // Currently only RSA is supported
                 break;
         }
+
+        return null;
+    }
+
+    /**
+     * Converts the EC JWK values to pem format.
+     *
+     * @param   string  $crv The EC curve (only P-256 is supported)
+     * @param   string  $x   The EC x-coordinate
+     * @param   string  $y   The EC y-coordinate
+     *
+     * @return  string
+     */
+    private static function createPemFromCrvAndXYCoordinates(string $crv, string $x, string $y): string
+    {
+        $pem =
+            self::encodeDER(
+                self::ASN1_SEQUENCE,
+                self::encodeDER(
+                    self::ASN1_SEQUENCE,
+                    self::encodeDER(
+                        self::ASN1_OBJECT_IDENTIFIER,
+                        self::encodeOID(self::OID)
+                    )
+                    . self::encodeDER(
+                        self::ASN1_OBJECT_IDENTIFIER,
+                        self::encodeOID(self::EC_CURVES[$crv])
+                    )
+                ) .
+                self::encodeDER(
+                    self::ASN1_BIT_STRING,
+                    \chr(0x00) . \chr(0x04)
+                    . JWT::urlsafeB64Decode($x)
+                    . JWT::urlsafeB64Decode($y)
+                )
+            );
+
+        return sprintf(
+            "-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-----\n",
+            wordwrap(base64_encode($pem), 64, "\n", true)
+        );
     }
 
     /**
@@ -113,22 +202,22 @@ class JWK
      *
      * @uses encodeLength
      */
-    private static function createPemFromModulusAndExponent($n, $e)
-    {
-        $modulus = JWT::urlsafeB64Decode($n);
-        $publicExponent = JWT::urlsafeB64Decode($e);
+    private static function createPemFromModulusAndExponent(
+        string $n,
+        string $e
+    ): string {
+        $mod = JWT::urlsafeB64Decode($n);
+        $exp = JWT::urlsafeB64Decode($e);
 
-        $components = array(
-            'modulus' => \pack('Ca*a*', 2, self::encodeLength(\strlen($modulus)), $modulus),
-            'publicExponent' => \pack('Ca*a*', 2, self::encodeLength(\strlen($publicExponent)), $publicExponent)
-        );
+        $modulus = \pack('Ca*a*', 2, self::encodeLength(\strlen($mod)), $mod);
+        $publicExponent = \pack('Ca*a*', 2, self::encodeLength(\strlen($exp)), $exp);
 
         $rsaPublicKey = \pack(
             'Ca*a*a*',
             48,
-            self::encodeLength(\strlen($components['modulus']) + \strlen($components['publicExponent'])),
-            $components['modulus'],
-            $components['publicExponent']
+            self::encodeLength(\strlen($modulus) + \strlen($publicExponent)),
+            $modulus,
+            $publicExponent
         );
 
         // sequence(oid(1.2.840.113549.1.1.1), null)) = rsaEncryption.
@@ -143,11 +232,9 @@ class JWK
             $rsaOID . $rsaPublicKey
         );
 
-        $rsaPublicKey = "-----BEGIN PUBLIC KEY-----\r\n" .
+        return "-----BEGIN PUBLIC KEY-----\r\n" .
             \chunk_split(\base64_encode($rsaPublicKey), 64) .
             '-----END PUBLIC KEY-----';
-
-        return $rsaPublicKey;
     }
 
     /**
@@ -159,7 +246,7 @@ class JWK
      * @param int $length
      * @return string
      */
-    private static function encodeLength($length)
+    private static function encodeLength(int $length): string
     {
         if ($length <= 0x7F) {
             return \chr($length);
@@ -169,4 +256,68 @@ class JWK
 
         return \pack('Ca*', 0x80 | \strlen($temp), $temp);
     }
+
+    /**
+     * Encodes a value into a DER object.
+     * Also defined in Firebase\JWT\JWT
+     *
+     * @param   int     $type DER tag
+     * @param   string  $value the value to encode
+     * @return  string  the encoded object
+     */
+    private static function encodeDER(int $type, string $value): string
+    {
+        $tag_header = 0;
+        if ($type === self::ASN1_SEQUENCE) {
+            $tag_header |= 0x20;
+        }
+
+        // Type
+        $der = \chr($tag_header | $type);
+
+        // Length
+        $der .= \chr(\strlen($value));
+
+        return $der . $value;
+    }
+
+    /**
+     * Encodes a string into a DER-encoded OID.
+     *
+     * @param   string $oid the OID string
+     * @return  string the binary DER-encoded OID
+     */
+    private static function encodeOID(string $oid): string
+    {
+        $octets = explode('.', $oid);
+
+        // Get the first octet
+        $first = (int) array_shift($octets);
+        $second = (int) array_shift($octets);
+        $oid = \chr($first * 40 + $second);
+
+        // Iterate over subsequent octets
+        foreach ($octets as $octet) {
+            if ($octet == 0) {
+                $oid .= \chr(0x00);
+                continue;
+            }
+            $bin = '';
+
+            while ($octet) {
+                $bin .= \chr(0x80 | ($octet & 0x7f));
+                $octet >>= 7;
+            }
+            $bin[0] = $bin[0] & \chr(0x7f);
+
+            // Convert to big endian if necessary
+            if (pack('V', 65534) == pack('L', 65534)) {
+                $oid .= strrev($bin);
+            } else {
+                $oid .= $bin;
+            }
+        }
+
+        return $oid;
+    }
 }
diff --git a/data/web/inc/lib/vendor/firebase/php-jwt/src/JWT.php b/data/web/inc/lib/vendor/firebase/php-jwt/src/JWT.php
index ec1641bc4..c83ff0990 100644
--- a/data/web/inc/lib/vendor/firebase/php-jwt/src/JWT.php
+++ b/data/web/inc/lib/vendor/firebase/php-jwt/src/JWT.php
@@ -3,12 +3,14 @@
 namespace Firebase\JWT;
 
 use ArrayAccess;
+use DateTime;
 use DomainException;
 use Exception;
 use InvalidArgumentException;
 use OpenSSLAsymmetricKey;
+use OpenSSLCertificate;
+use stdClass;
 use UnexpectedValueException;
-use DateTime;
 
 /**
  * JSON Web Token implementation, based on this spec:
@@ -25,52 +27,62 @@ use DateTime;
  */
 class JWT
 {
-    const ASN1_INTEGER = 0x02;
-    const ASN1_SEQUENCE = 0x10;
-    const ASN1_BIT_STRING = 0x03;
+    private const ASN1_INTEGER = 0x02;
+    private const ASN1_SEQUENCE = 0x10;
+    private const ASN1_BIT_STRING = 0x03;
 
     /**
      * When checking nbf, iat or expiration times,
      * we want to provide some extra leeway time to
      * account for clock skew.
+     *
+     * @var int
      */
     public static $leeway = 0;
 
     /**
      * Allow the current timestamp to be specified.
      * Useful for fixing a value within unit testing.
-     *
      * Will default to PHP time() value if null.
+     *
+     * @var ?int
      */
     public static $timestamp = null;
 
-    public static $supported_algs = array(
-        'ES384' => array('openssl', 'SHA384'),
-        'ES256' => array('openssl', 'SHA256'),
-        'HS256' => array('hash_hmac', 'SHA256'),
-        'HS384' => array('hash_hmac', 'SHA384'),
-        'HS512' => array('hash_hmac', 'SHA512'),
-        'RS256' => array('openssl', 'SHA256'),
-        'RS384' => array('openssl', 'SHA384'),
-        'RS512' => array('openssl', 'SHA512'),
-        'EdDSA' => array('sodium_crypto', 'EdDSA'),
-    );
+    /**
+     * @var array<string, string[]>
+     */
+    public static $supported_algs = [
+        'ES384' => ['openssl', 'SHA384'],
+        'ES256' => ['openssl', 'SHA256'],
+        'ES256K' => ['openssl', 'SHA256'],
+        'HS256' => ['hash_hmac', 'SHA256'],
+        'HS384' => ['hash_hmac', 'SHA384'],
+        'HS512' => ['hash_hmac', 'SHA512'],
+        'RS256' => ['openssl', 'SHA256'],
+        'RS384' => ['openssl', 'SHA384'],
+        'RS512' => ['openssl', 'SHA512'],
+        'EdDSA' => ['sodium_crypto', 'EdDSA'],
+    ];
 
     /**
      * Decodes a JWT string into a PHP object.
      *
-     * @param string                    $jwt            The JWT
-     * @param Key|array<Key>|mixed      $keyOrKeyArray  The Key or array of Key objects.
-     *                                                  If the algorithm used is asymmetric, this is the public key
-     *                                                  Each Key object contains an algorithm and matching key.
-     *                                                  Supported algorithms are 'ES384','ES256', 'HS256', 'HS384',
-     *                                                  'HS512', 'RS256', 'RS384', and 'RS512'
-     * @param array                     $allowed_algs   [DEPRECATED] List of supported verification algorithms. Only
-     *                                                  should be used for backwards  compatibility.
+     * @param string                 $jwt            The JWT
+     * @param Key|ArrayAccess<string,Key>|array<string,Key> $keyOrKeyArray  The Key or associative array of key IDs
+     *                                                                      (kid) to Key objects.
+     *                                                                      If the algorithm used is asymmetric, this is
+     *                                                                      the public key.
+     *                                                                      Each Key object contains an algorithm and
+     *                                                                      matching key.
+     *                                                                      Supported algorithms are 'ES384','ES256',
+     *                                                                      'HS256', 'HS384', 'HS512', 'RS256', 'RS384'
+     *                                                                      and 'RS512'.
      *
-     * @return object The JWT's payload as a PHP object
+     * @return stdClass The JWT's payload as a PHP object
      *
-     * @throws InvalidArgumentException     Provided JWT was empty
+     * @throws InvalidArgumentException     Provided key/key-array was empty or malformed
+     * @throws DomainException              Provided JWT is malformed
      * @throws UnexpectedValueException     Provided JWT was invalid
      * @throws SignatureInvalidException    Provided JWT was invalid because the signature verification failed
      * @throws BeforeValidException         Provided JWT is trying to be used before it's eligible as defined by 'nbf'
@@ -80,27 +92,37 @@ class JWT
      * @uses jsonDecode
      * @uses urlsafeB64Decode
      */
-    public static function decode($jwt, $keyOrKeyArray, array $allowed_algs = array())
-    {
+    public static function decode(
+        string $jwt,
+        $keyOrKeyArray
+    ): stdClass {
+        // Validate JWT
         $timestamp = \is_null(static::$timestamp) ? \time() : static::$timestamp;
 
         if (empty($keyOrKeyArray)) {
             throw new InvalidArgumentException('Key may not be empty');
         }
         $tks = \explode('.', $jwt);
-        if (\count($tks) != 3) {
+        if (\count($tks) !== 3) {
             throw new UnexpectedValueException('Wrong number of segments');
         }
         list($headb64, $bodyb64, $cryptob64) = $tks;
-        if (null === ($header = static::jsonDecode(static::urlsafeB64Decode($headb64)))) {
+        $headerRaw = static::urlsafeB64Decode($headb64);
+        if (null === ($header = static::jsonDecode($headerRaw))) {
             throw new UnexpectedValueException('Invalid header encoding');
         }
-        if (null === $payload = static::jsonDecode(static::urlsafeB64Decode($bodyb64))) {
+        $payloadRaw = static::urlsafeB64Decode($bodyb64);
+        if (null === ($payload = static::jsonDecode($payloadRaw))) {
             throw new UnexpectedValueException('Invalid claims encoding');
         }
-        if (false === ($sig = static::urlsafeB64Decode($cryptob64))) {
-            throw new UnexpectedValueException('Invalid signature encoding');
+        if (\is_array($payload)) {
+            // prevent PHP Fatal Error in edge-cases when payload is empty array
+            $payload = (object) $payload;
         }
+        if (!$payload instanceof stdClass) {
+            throw new UnexpectedValueException('Payload must be a JSON object');
+        }
+        $sig = static::urlsafeB64Decode($cryptob64);
         if (empty($header->alg)) {
             throw new UnexpectedValueException('Empty algorithm');
         }
@@ -108,31 +130,18 @@ class JWT
             throw new UnexpectedValueException('Algorithm not supported');
         }
 
-        list($keyMaterial, $algorithm) = self::getKeyMaterialAndAlgorithm(
-            $keyOrKeyArray,
-            empty($header->kid) ? null : $header->kid
-        );
+        $key = self::getKey($keyOrKeyArray, property_exists($header, 'kid') ? $header->kid : null);
 
-        if (empty($algorithm)) {
-            // Use deprecated "allowed_algs" to determine if the algorithm is supported.
-            // This opens up the possibility of an attack in some implementations.
-            // @see https://github.com/firebase/php-jwt/issues/351
-            if (!\in_array($header->alg, $allowed_algs)) {
-                throw new UnexpectedValueException('Algorithm not allowed');
-            }
-        } else {
-            // Check the algorithm
-            if (!self::constantTimeEquals($algorithm, $header->alg)) {
-                // See issue #351
-                throw new UnexpectedValueException('Incorrect key for this algorithm');
-            }
+        // Check the algorithm
+        if (!self::constantTimeEquals($key->getAlgorithm(), $header->alg)) {
+            // See issue #351
+            throw new UnexpectedValueException('Incorrect key for this algorithm');
         }
-        if ($header->alg === 'ES256' || $header->alg === 'ES384') {
-            // OpenSSL expects an ASN.1 DER sequence for ES256/ES384 signatures
+        if (\in_array($header->alg, ['ES256', 'ES256K', 'ES384'], true)) {
+            // OpenSSL expects an ASN.1 DER sequence for ES256/ES256K/ES384 signatures
             $sig = self::signatureToDER($sig);
         }
-
-        if (!static::verify("$headb64.$bodyb64", $sig, $keyMaterial, $header->alg)) {
+        if (!self::verify("{$headb64}.{$bodyb64}", $sig, $key->getKeyMaterial(), $header->alg)) {
             throw new SignatureInvalidException('Signature verification failed');
         }
 
@@ -162,34 +171,37 @@ class JWT
     }
 
     /**
-     * Converts and signs a PHP object or array into a JWT string.
+     * Converts and signs a PHP array into a JWT string.
      *
-     * @param object|array      $payload    PHP object or array
-     * @param string|resource   $key        The secret key.
-     *                                      If the algorithm used is asymmetric, this is the private key
-     * @param string            $alg        The signing algorithm.
-     *                                      Supported algorithms are 'ES384','ES256', 'HS256', 'HS384',
-     *                                      'HS512', 'RS256', 'RS384', and 'RS512'
-     * @param mixed             $keyId
-     * @param array             $head       An array with header elements to attach
+     * @param array<mixed>          $payload PHP array
+     * @param string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate $key The secret key.
+     * @param string                $alg     Supported algorithms are 'ES384','ES256', 'ES256K', 'HS256',
+     *                                       'HS384', 'HS512', 'RS256', 'RS384', and 'RS512'
+     * @param string                $keyId
+     * @param array<string, string> $head    An array with header elements to attach
      *
      * @return string A signed JWT
      *
      * @uses jsonEncode
      * @uses urlsafeB64Encode
      */
-    public static function encode($payload, $key, $alg = 'HS256', $keyId = null, $head = null)
-    {
-        $header = array('typ' => 'JWT', 'alg' => $alg);
+    public static function encode(
+        array $payload,
+        $key,
+        string $alg,
+        string $keyId = null,
+        array $head = null
+    ): string {
+        $header = ['typ' => 'JWT', 'alg' => $alg];
         if ($keyId !== null) {
             $header['kid'] = $keyId;
         }
         if (isset($head) && \is_array($head)) {
             $header = \array_merge($head, $header);
         }
-        $segments = array();
-        $segments[] = static::urlsafeB64Encode(static::jsonEncode($header));
-        $segments[] = static::urlsafeB64Encode(static::jsonEncode($payload));
+        $segments = [];
+        $segments[] = static::urlsafeB64Encode((string) static::jsonEncode($header));
+        $segments[] = static::urlsafeB64Encode((string) static::jsonEncode($payload));
         $signing_input = \implode('.', $segments);
 
         $signature = static::sign($signing_input, $key, $alg);
@@ -201,67 +213,84 @@ class JWT
     /**
      * Sign a string with a given key and algorithm.
      *
-     * @param string            $msg    The message to sign
-     * @param string|resource   $key    The secret key
-     * @param string            $alg    The signing algorithm.
-     *                                  Supported algorithms are 'ES384','ES256', 'HS256', 'HS384',
-     *                                  'HS512', 'RS256', 'RS384', and 'RS512'
+     * @param string $msg  The message to sign
+     * @param string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate  $key  The secret key.
+     * @param string $alg  Supported algorithms are 'ES384','ES256', 'ES256K', 'HS256',
+     *                    'HS384', 'HS512', 'RS256', 'RS384', and 'RS512'
      *
      * @return string An encrypted message
      *
      * @throws DomainException Unsupported algorithm or bad key was specified
      */
-    public static function sign($msg, $key, $alg = 'HS256')
-    {
+    public static function sign(
+        string $msg,
+        $key,
+        string $alg
+    ): string {
         if (empty(static::$supported_algs[$alg])) {
             throw new DomainException('Algorithm not supported');
         }
         list($function, $algorithm) = static::$supported_algs[$alg];
         switch ($function) {
             case 'hash_hmac':
+                if (!\is_string($key)) {
+                    throw new InvalidArgumentException('key must be a string when using hmac');
+                }
                 return \hash_hmac($algorithm, $msg, $key, true);
             case 'openssl':
                 $signature = '';
-                $success = \openssl_sign($msg, $signature, $key, $algorithm);
+                $success = \openssl_sign($msg, $signature, $key, $algorithm); // @phpstan-ignore-line
                 if (!$success) {
-                    throw new DomainException("OpenSSL unable to sign data");
+                    throw new DomainException('OpenSSL unable to sign data');
                 }
-                if ($alg === 'ES256') {
+                if ($alg === 'ES256' || $alg === 'ES256K') {
                     $signature = self::signatureFromDER($signature, 256);
                 } elseif ($alg === 'ES384') {
                     $signature = self::signatureFromDER($signature, 384);
                 }
                 return $signature;
             case 'sodium_crypto':
-                if (!function_exists('sodium_crypto_sign_detached')) {
+                if (!\function_exists('sodium_crypto_sign_detached')) {
                     throw new DomainException('libsodium is not available');
                 }
+                if (!\is_string($key)) {
+                    throw new InvalidArgumentException('key must be a string when using EdDSA');
+                }
                 try {
                     // The last non-empty line is used as the key.
                     $lines = array_filter(explode("\n", $key));
-                    $key = base64_decode(end($lines));
+                    $key = base64_decode((string) end($lines));
+                    if (\strlen($key) === 0) {
+                        throw new DomainException('Key cannot be empty string');
+                    }
                     return sodium_crypto_sign_detached($msg, $key);
                 } catch (Exception $e) {
                     throw new DomainException($e->getMessage(), 0, $e);
                 }
         }
+
+        throw new DomainException('Algorithm not supported');
     }
 
     /**
      * Verify a signature with the message, key and method. Not all methods
      * are symmetric, so we must have a separate verify and sign method.
      *
-     * @param string            $msg        The original message (header and body)
-     * @param string            $signature  The original signature
-     * @param string|resource   $key        For HS*, a string key works. for RS*, must be a resource of an openssl public key
-     * @param string            $alg        The algorithm
+     * @param string $msg         The original message (header and body)
+     * @param string $signature   The original signature
+     * @param string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate  $keyMaterial For HS*, a string key works. for RS*, must be an instance of OpenSSLAsymmetricKey
+     * @param string $alg         The algorithm
      *
      * @return bool
      *
      * @throws DomainException Invalid Algorithm, bad key, or OpenSSL failure
      */
-    private static function verify($msg, $signature, $key, $alg)
-    {
+    private static function verify(
+        string $msg,
+        string $signature,
+        $keyMaterial,
+        string $alg
+    ): bool {
         if (empty(static::$supported_algs[$alg])) {
             throw new DomainException('Algorithm not supported');
         }
@@ -269,10 +298,11 @@ class JWT
         list($function, $algorithm) = static::$supported_algs[$alg];
         switch ($function) {
             case 'openssl':
-                $success = \openssl_verify($msg, $signature, $key, $algorithm);
+                $success = \openssl_verify($msg, $signature, $keyMaterial, $algorithm); // @phpstan-ignore-line
                 if ($success === 1) {
                     return true;
-                } elseif ($success === 0) {
+                }
+                if ($success === 0) {
                     return false;
                 }
                 // returns 1 on success, 0 on failure, -1 on error.
@@ -280,21 +310,33 @@ class JWT
                     'OpenSSL error: ' . \openssl_error_string()
                 );
             case 'sodium_crypto':
-              if (!function_exists('sodium_crypto_sign_verify_detached')) {
-                  throw new DomainException('libsodium is not available');
-              }
-              try {
-                  // The last non-empty line is used as the key.
-                  $lines = array_filter(explode("\n", $key));
-                  $key = base64_decode(end($lines));
-                  return sodium_crypto_sign_verify_detached($signature, $msg, $key);
-              } catch (Exception $e) {
-                  throw new DomainException($e->getMessage(), 0, $e);
-              }
+                if (!\function_exists('sodium_crypto_sign_verify_detached')) {
+                    throw new DomainException('libsodium is not available');
+                }
+                if (!\is_string($keyMaterial)) {
+                    throw new InvalidArgumentException('key must be a string when using EdDSA');
+                }
+                try {
+                    // The last non-empty line is used as the key.
+                    $lines = array_filter(explode("\n", $keyMaterial));
+                    $key = base64_decode((string) end($lines));
+                    if (\strlen($key) === 0) {
+                        throw new DomainException('Key cannot be empty string');
+                    }
+                    if (\strlen($signature) === 0) {
+                        throw new DomainException('Signature cannot be empty string');
+                    }
+                    return sodium_crypto_sign_verify_detached($signature, $msg, $key);
+                } catch (Exception $e) {
+                    throw new DomainException($e->getMessage(), 0, $e);
+                }
             case 'hash_hmac':
             default:
-                $hash = \hash_hmac($algorithm, $msg, $key, true);
-                return self::constantTimeEquals($signature, $hash);
+                if (!\is_string($keyMaterial)) {
+                    throw new InvalidArgumentException('key must be a string when using hmac');
+                }
+                $hash = \hash_hmac($algorithm, $msg, $keyMaterial, true);
+                return self::constantTimeEquals($hash, $signature);
         }
     }
 
@@ -303,30 +345,16 @@ class JWT
      *
      * @param string $input JSON string
      *
-     * @return object Object representation of JSON string
+     * @return mixed The decoded JSON string
      *
      * @throws DomainException Provided string was invalid JSON
      */
-    public static function jsonDecode($input)
+    public static function jsonDecode(string $input)
     {
-        if (\version_compare(PHP_VERSION, '5.4.0', '>=') && !(\defined('JSON_C_VERSION') && PHP_INT_SIZE > 4)) {
-            /** In PHP >=5.4.0, json_decode() accepts an options parameter, that allows you
-             * to specify that large ints (like Steam Transaction IDs) should be treated as
-             * strings, rather than the PHP default behaviour of converting them to floats.
-             */
-            $obj = \json_decode($input, false, 512, JSON_BIGINT_AS_STRING);
-        } else {
-            /** Not all servers will support that, however, so for older versions we must
-             * manually detect large ints in the JSON string and quote them (thus converting
-             *them to strings) before decoding, hence the preg_replace() call.
-             */
-            $max_int_length = \strlen((string) PHP_INT_MAX) - 1;
-            $json_without_bigints = \preg_replace('/:\s*(-?\d{'.$max_int_length.',})/', ': "$1"', $input);
-            $obj = \json_decode($json_without_bigints);
-        }
+        $obj = \json_decode($input, false, 512, JSON_BIGINT_AS_STRING);
 
         if ($errno = \json_last_error()) {
-            static::handleJsonError($errno);
+            self::handleJsonError($errno);
         } elseif ($obj === null && $input !== 'null') {
             throw new DomainException('Null result with non-null input');
         }
@@ -334,22 +362,30 @@ class JWT
     }
 
     /**
-     * Encode a PHP object into a JSON string.
+     * Encode a PHP array into a JSON string.
      *
-     * @param object|array $input A PHP object or array
+     * @param array<mixed> $input A PHP array
      *
-     * @return string JSON representation of the PHP object or array
+     * @return string JSON representation of the PHP array
      *
      * @throws DomainException Provided object could not be encoded to valid JSON
      */
-    public static function jsonEncode($input)
+    public static function jsonEncode(array $input): string
     {
-        $json = \json_encode($input);
+        if (PHP_VERSION_ID >= 50400) {
+            $json = \json_encode($input, \JSON_UNESCAPED_SLASHES);
+        } else {
+            // PHP 5.3 only
+            $json = \json_encode($input);
+        }
         if ($errno = \json_last_error()) {
-            static::handleJsonError($errno);
-        } elseif ($json === 'null' && $input !== null) {
+            self::handleJsonError($errno);
+        } elseif ($json === 'null') {
             throw new DomainException('Null result with non-null input');
         }
+        if ($json === false) {
+            throw new DomainException('Provided object could not be encoded to valid JSON');
+        }
         return $json;
     }
 
@@ -359,8 +395,10 @@ class JWT
      * @param string $input A Base64 encoded string
      *
      * @return string A decoded string
+     *
+     * @throws InvalidArgumentException invalid base64 characters
      */
-    public static function urlsafeB64Decode($input)
+    public static function urlsafeB64Decode(string $input): string
     {
         $remainder = \strlen($input) % 4;
         if ($remainder) {
@@ -377,7 +415,7 @@ class JWT
      *
      * @return string The base64 encode of what you passed in
      */
-    public static function urlsafeB64Encode($input)
+    public static function urlsafeB64Encode(string $input): string
     {
         return \str_replace('=', '', \strtr(\base64_encode($input), '+/', '-_'));
     }
@@ -386,67 +424,54 @@ class JWT
     /**
      * Determine if an algorithm has been provided for each Key
      *
-     * @param Key|array<Key>|mixed $keyOrKeyArray
-     * @param string|null $kid
+     * @param Key|ArrayAccess<string,Key>|array<string,Key> $keyOrKeyArray
+     * @param string|null            $kid
      *
      * @throws UnexpectedValueException
      *
-     * @return array containing the keyMaterial and algorithm
+     * @return Key
      */
-    private static function getKeyMaterialAndAlgorithm($keyOrKeyArray, $kid = null)
-    {
-        if (
-            is_string($keyOrKeyArray)
-            || is_resource($keyOrKeyArray)
-            || $keyOrKeyArray instanceof OpenSSLAsymmetricKey
-        ) {
-            return array($keyOrKeyArray, null);
-        }
-
+    private static function getKey(
+        $keyOrKeyArray,
+        ?string $kid
+    ): Key {
         if ($keyOrKeyArray instanceof Key) {
-            return array($keyOrKeyArray->getKeyMaterial(), $keyOrKeyArray->getAlgorithm());
+            return $keyOrKeyArray;
         }
 
-        if (is_array($keyOrKeyArray) || $keyOrKeyArray instanceof ArrayAccess) {
-            if (!isset($kid)) {
-                throw new UnexpectedValueException('"kid" empty, unable to lookup correct key');
-            }
-            if (!isset($keyOrKeyArray[$kid])) {
-                throw new UnexpectedValueException('"kid" invalid, unable to lookup correct key');
-            }
-
-            $key = $keyOrKeyArray[$kid];
-
-            if ($key instanceof Key) {
-                return array($key->getKeyMaterial(), $key->getAlgorithm());
-            }
-
-            return array($key, null);
+        if (empty($kid) && $kid !== '0') {
+            throw new UnexpectedValueException('"kid" empty, unable to lookup correct key');
         }
 
-        throw new UnexpectedValueException(
-            '$keyOrKeyArray must be a string|resource key, an array of string|resource keys, '
-            . 'an instance of Firebase\JWT\Key key or an array of Firebase\JWT\Key keys'
-        );
+        if ($keyOrKeyArray instanceof CachedKeySet) {
+            // Skip "isset" check, as this will automatically refresh if not set
+            return $keyOrKeyArray[$kid];
+        }
+
+        if (!isset($keyOrKeyArray[$kid])) {
+            throw new UnexpectedValueException('"kid" invalid, unable to lookup correct key');
+        }
+
+        return $keyOrKeyArray[$kid];
     }
 
     /**
-     * @param string $left
-     * @param string $right
+     * @param string $left  The string of known length to compare against
+     * @param string $right The user-supplied string
      * @return bool
      */
-    public static function constantTimeEquals($left, $right)
+    public static function constantTimeEquals(string $left, string $right): bool
     {
         if (\function_exists('hash_equals')) {
             return \hash_equals($left, $right);
         }
-        $len = \min(static::safeStrlen($left), static::safeStrlen($right));
+        $len = \min(self::safeStrlen($left), self::safeStrlen($right));
 
         $status = 0;
         for ($i = 0; $i < $len; $i++) {
             $status |= (\ord($left[$i]) ^ \ord($right[$i]));
         }
-        $status |= (static::safeStrlen($left) ^ static::safeStrlen($right));
+        $status |= (self::safeStrlen($left) ^ self::safeStrlen($right));
 
         return ($status === 0);
     }
@@ -456,17 +481,19 @@ class JWT
      *
      * @param int $errno An error number from json_last_error()
      *
+     * @throws DomainException
+     *
      * @return void
      */
-    private static function handleJsonError($errno)
+    private static function handleJsonError(int $errno): void
     {
-        $messages = array(
+        $messages = [
             JSON_ERROR_DEPTH => 'Maximum stack depth exceeded',
             JSON_ERROR_STATE_MISMATCH => 'Invalid or malformed JSON',
             JSON_ERROR_CTRL_CHAR => 'Unexpected control character found',
             JSON_ERROR_SYNTAX => 'Syntax error, malformed JSON',
             JSON_ERROR_UTF8 => 'Malformed UTF-8 characters' //PHP >= 5.3.3
-        );
+        ];
         throw new DomainException(
             isset($messages[$errno])
             ? $messages[$errno]
@@ -481,7 +508,7 @@ class JWT
      *
      * @return int
      */
-    private static function safeStrlen($str)
+    private static function safeStrlen(string $str): int
     {
         if (\function_exists('mb_strlen')) {
             return \mb_strlen($str, '8bit');
@@ -495,10 +522,11 @@ class JWT
      * @param   string $sig The ECDSA signature to convert
      * @return  string The encoded DER object
      */
-    private static function signatureToDER($sig)
+    private static function signatureToDER(string $sig): string
     {
         // Separate the signature into r-value and s-value
-        list($r, $s) = \str_split($sig, (int) (\strlen($sig) / 2));
+        $length = max(1, (int) (\strlen($sig) / 2));
+        list($r, $s) = \str_split($sig, $length);
 
         // Trim leading zeros
         $r = \ltrim($r, "\x00");
@@ -525,9 +553,10 @@ class JWT
      *
      * @param   int     $type DER tag
      * @param   string  $value the value to encode
+     *
      * @return  string  the encoded object
      */
-    private static function encodeDER($type, $value)
+    private static function encodeDER(int $type, string $value): string
     {
         $tag_header = 0;
         if ($type === self::ASN1_SEQUENCE) {
@@ -548,9 +577,10 @@ class JWT
      *
      * @param   string  $der binary signature in DER format
      * @param   int     $keySize the number of bits in the key
+     *
      * @return  string  the signature
      */
-    private static function signatureFromDER($der, $keySize)
+    private static function signatureFromDER(string $der, int $keySize): string
     {
         // OpenSSL returns the ECDSA signatures as a binary ASN.1 DER SEQUENCE
         list($offset, $_) = self::readDER($der);
@@ -575,9 +605,10 @@ class JWT
      * @param string $der the binary data in DER format
      * @param int $offset the offset of the data stream containing the object
      * to decode
-     * @return array [$offset, $data] the new offset and the decoded object
+     *
+     * @return array{int, string|null} the new offset and the decoded object
      */
-    private static function readDER($der, $offset = 0)
+    private static function readDER(string $der, int $offset = 0): array
     {
         $pos = $offset;
         $size = \strlen($der);
@@ -595,7 +626,7 @@ class JWT
         }
 
         // Value
-        if ($type == self::ASN1_BIT_STRING) {
+        if ($type === self::ASN1_BIT_STRING) {
             $pos++; // Skip the first contents octet (padding indicator)
             $data = \substr($der, $pos, $len - 1);
             $pos += $len - 1;
@@ -606,6 +637,6 @@ class JWT
             $data = null;
         }
 
-        return array($pos, $data);
+        return [$pos, $data];
     }
 }
diff --git a/data/web/inc/lib/vendor/firebase/php-jwt/src/Key.php b/data/web/inc/lib/vendor/firebase/php-jwt/src/Key.php
index f1ede6f27..00cf7f2ed 100644
--- a/data/web/inc/lib/vendor/firebase/php-jwt/src/Key.php
+++ b/data/web/inc/lib/vendor/firebase/php-jwt/src/Key.php
@@ -4,37 +4,42 @@ namespace Firebase\JWT;
 
 use InvalidArgumentException;
 use OpenSSLAsymmetricKey;
+use OpenSSLCertificate;
+use TypeError;
 
 class Key
 {
-    /** @var string $algorithm */
+    /** @var string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate */
+    private $keyMaterial;
+    /** @var string */
     private $algorithm;
 
-    /** @var string|resource|OpenSSLAsymmetricKey $keyMaterial */
-    private $keyMaterial;
-
     /**
-     * @param string|resource|OpenSSLAsymmetricKey $keyMaterial
+     * @param string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate $keyMaterial
      * @param string $algorithm
      */
-    public function __construct($keyMaterial, $algorithm)
-    {
+    public function __construct(
+        $keyMaterial,
+        string $algorithm
+    ) {
         if (
-            !is_string($keyMaterial)
-            && !is_resource($keyMaterial)
+            !\is_string($keyMaterial)
             && !$keyMaterial instanceof OpenSSLAsymmetricKey
+            && !$keyMaterial instanceof OpenSSLCertificate
+            && !\is_resource($keyMaterial)
         ) {
-            throw new InvalidArgumentException('Type error: $keyMaterial must be a string, resource, or OpenSSLAsymmetricKey');
+            throw new TypeError('Key material must be a string, resource, or OpenSSLAsymmetricKey');
         }
 
         if (empty($keyMaterial)) {
-            throw new InvalidArgumentException('Type error: $keyMaterial must not be empty');
+            throw new InvalidArgumentException('Key material must not be empty');
         }
 
-        if (!is_string($algorithm)|| empty($keyMaterial)) {
-            throw new InvalidArgumentException('Type error: $algorithm must be a string');
+        if (empty($algorithm)) {
+            throw new InvalidArgumentException('Algorithm must not be empty');
         }
 
+        // TODO: Remove in PHP 8.0 in favor of class constructor property promotion
         $this->keyMaterial = $keyMaterial;
         $this->algorithm = $algorithm;
     }
@@ -44,13 +49,13 @@ class Key
      *
      * @return string
      */
-    public function getAlgorithm()
+    public function getAlgorithm(): string
     {
         return $this->algorithm;
     }
 
     /**
-     * @return string|resource|OpenSSLAsymmetricKey
+     * @return string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate
      */
     public function getKeyMaterial()
     {
diff --git a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/.travis.yml b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/.travis.yml
index 87831a56c..c5f3825a3 100644
--- a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/.travis.yml
+++ b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/.travis.yml
@@ -3,9 +3,12 @@ language: php
 sudo: false
 
 php:
-  - 5.6
-  - 7.0
-  - 7.1
+  - 7.2
+  - 7.3
+  - 7.4
+  - 8.0
+  - 8.1
+  - 8.2
 
 matrix:
   include:
diff --git a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/README.md b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/README.md
index e050a6d0a..d0b1acaf3 100644
--- a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/README.md
+++ b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/README.md
@@ -36,6 +36,7 @@ $provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
     'encryptionAlgorithm'   => 'RS256',                             // optional
     'encryptionKeyPath'     => '../key.pem'                         // optional
     'encryptionKey'         => 'contents_of_key_or_certificate'     // optional
+    'version'               => '20.0.1',                            // optional
 ]);
 
 if (!isset($_GET['code'])) {
diff --git a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/composer.json b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/composer.json
index 958f8c3af..b6a54477e 100644
--- a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/composer.json
+++ b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/composer.json
@@ -18,13 +18,14 @@
         "keycloak"
     ],
     "require": {
+        "php": "~7.2 || ~8.0",
         "league/oauth2-client": "^2.0",
-        "firebase/php-jwt": "~4.0|~5.0"
+        "firebase/php-jwt": "^4.0 || ^5.0 || ^6.0"
     },
     "require-dev": {
-        "phpunit/phpunit": "~4.0",
-        "mockery/mockery": "~0.9",
-        "squizlabs/php_codesniffer": "~2.0"
+        "phpunit/phpunit": "~9.6.4",
+        "mockery/mockery": "~1.5.0",
+        "squizlabs/php_codesniffer": "~3.7.0"
     },
     "autoload": {
         "psr-4": {
@@ -40,5 +41,11 @@
         "branch-alias": {
             "dev-master": "1.0.x-dev"
         }
+    },
+    "scripts": {
+        "test": [
+            "@putenv XDEBUG_MODE=coverage",
+            "phpunit --colors=always"
+        ]
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/phpunit.xml.dist b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/phpunit.xml.dist
index 04d164dc2..b915f933b 100644
--- a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/phpunit.xml.dist
+++ b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/phpunit.xml.dist
@@ -1,38 +1,33 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <phpunit backupGlobals="false"
-         backupStaticAttributes="false"
          bootstrap="vendor/autoload.php"
          colors="true"
-         convertErrorsToExceptions="true"
-         convertNoticesToExceptions="true"
-         convertWarningsToExceptions="true"
          processIsolation="false"
          stopOnFailure="false"
-         syntaxCheck="false"
+         failOnRisky="true"
+         failOnWarning="true"
 >
-    <logging>
-        <log type="coverage-html"
-                target="./build/coverage/html"
-                charset="UTF-8"
-                highlight="false"
-                lowUpperBound="35"
-                highLowerBound="70"/>
-          <log type="coverage-clover"
-                target="./build/coverage/log/coverage.xml"/>
-    </logging>
+    <coverage includeUncoveredFiles="true"
+              pathCoverage="false"
+              ignoreDeprecatedCodeUnits="true"
+              disableCodeCoverageIgnore="true">
+        <include>
+            <directory suffix=".php">src</directory>
+        </include>
+        <exclude>
+            <directory suffix=".php">vendor</directory>
+            <file>src/autoload.php</file>
+        </exclude>
+        <report>
+            <html outputDirectory="./build/coverage/html"
+                  lowUpperBound="35"
+                  highLowerBound="70"/>
+            <clover outputFile="./build/coverage/log/coverage.xml"/>
+        </report>
+    </coverage>
     <testsuites>
         <testsuite name="Package Test Suite">
             <directory suffix=".php">./test/</directory>
         </testsuite>
     </testsuites>
-    <filter>
-        <whitelist>
-            <directory suffix=".php">./</directory>
-            <exclude>
-                <directory suffix=".php">./examples</directory>
-                <directory suffix=".php">./vendor</directory>
-                <directory suffix=".php">./test</directory>
-            </exclude>
-        </whitelist>
-    </filter>
 </phpunit>
diff --git a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/test/src/Provider/KeycloakTest.php b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/test/src/Provider/KeycloakTest.php
index 01f6b62dd..a5c1da14f 100644
--- a/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/test/src/Provider/KeycloakTest.php
+++ b/data/web/inc/lib/vendor/stevenmaguire/oauth2-keycloak/test/src/Provider/KeycloakTest.php
@@ -23,18 +23,22 @@ namespace Stevenmaguire\OAuth2\Client\Provider
 
 namespace Stevenmaguire\OAuth2\Client\Test\Provider
 {
+    use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
     use League\OAuth2\Client\Tool\QueryBuilderTrait;
     use Mockery as m;
+    use PHPUnit\Framework\TestCase;
+    use Stevenmaguire\OAuth2\Client\Provider\Exception\EncryptionConfigurationException;
+    use Stevenmaguire\OAuth2\Client\Provider\Keycloak;
 
-    class KeycloakTest extends \PHPUnit_Framework_TestCase
+    class KeycloakTest extends TestCase
     {
         use QueryBuilderTrait;
 
         protected $provider;
 
-        protected function setUp()
+        protected function setUp(): void
         {
-            $this->provider = new \Stevenmaguire\OAuth2\Client\Provider\Keycloak([
+            $this->provider = new Keycloak([
                 'authServerUrl' => 'http://mock.url/auth',
                 'realm' => 'mock_realm',
                 'clientId' => 'mock_client_id',
@@ -43,7 +47,7 @@ namespace Stevenmaguire\OAuth2\Client\Test\Provider
             ]);
         }
 
-        public function tearDown()
+        public function tearDown(): void
         {
             m::close();
             parent::tearDown();
@@ -67,7 +71,7 @@ namespace Stevenmaguire\OAuth2\Client\Test\Provider
         public function testEncryptionAlgorithm()
         {
             $algorithm = uniqid();
-            $provider = new \Stevenmaguire\OAuth2\Client\Provider\Keycloak([
+            $provider = new Keycloak([
                 'encryptionAlgorithm' => $algorithm,
             ]);
 
@@ -82,7 +86,7 @@ namespace Stevenmaguire\OAuth2\Client\Test\Provider
         public function testEncryptionKey()
         {
             $key = uniqid();
-            $provider = new \Stevenmaguire\OAuth2\Client\Provider\Keycloak([
+            $provider = new Keycloak([
                 'encryptionKey' => $key,
             ]);
 
@@ -101,7 +105,7 @@ namespace Stevenmaguire\OAuth2\Client\Test\Provider
             $key = uniqid();
             $mockFileGetContents = $key;
 
-            $provider = new \Stevenmaguire\OAuth2\Client\Provider\Keycloak([
+            $provider = new Keycloak([
                 'encryptionKeyPath' => $path,
             ]);
 
@@ -118,12 +122,14 @@ namespace Stevenmaguire\OAuth2\Client\Test\Provider
 
         public function testEncryptionKeyPathFails()
         {
+            $this->markTestIncomplete('Need to assess the test to see what is required to be checked.');
+
             global $mockFileGetContents;
             $path = uniqid();
             $key = uniqid();
             $mockFileGetContents = new \Exception();
 
-            $provider = new \Stevenmaguire\OAuth2\Client\Provider\Keycloak([
+            $provider = new Keycloak([
                 'encryptionKeyPath' => $path,
             ]);
 
@@ -137,7 +143,7 @@ namespace Stevenmaguire\OAuth2\Client\Test\Provider
             $query = ['scope' => implode($scopeSeparator, $options['scope'])];
             $url = $this->provider->getAuthorizationUrl($options);
             $encodedScope = $this->buildQueryString($query);
-            $this->assertContains($encodedScope, $url);
+            $this->assertStringContainsString($encodedScope, $url);
         }
 
         public function testGetAuthorizationUrl()
@@ -169,11 +175,15 @@ namespace Stevenmaguire\OAuth2\Client\Test\Provider
         public function testGetAccessToken()
         {
             $response = m::mock('Psr\Http\Message\ResponseInterface');
-            $response->shouldReceive('getBody')->andReturn('{"access_token":"mock_access_token", "scope":"email", "token_type":"bearer"}');
-            $response->shouldReceive('getHeader')->andReturn(['content-type' => 'json']);
+            $response->shouldReceive('getBody')
+                ->andReturn('{"access_token":"mock_access_token", "scope":"email", "token_type":"bearer"}');
+            $response->shouldReceive('getHeader')
+                ->andReturn(['content-type' => 'json']);
 
             $client = m::mock('GuzzleHttp\ClientInterface');
-            $client->shouldReceive('send')->times(1)->andReturn($response);
+            $client->shouldReceive('send')
+                ->times(1)
+                ->andReturn($response);
             $this->provider->setHttpClient($client);
 
             $token = $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']);
@@ -186,18 +196,24 @@ namespace Stevenmaguire\OAuth2\Client\Test\Provider
 
         public function testUserData()
         {
-            $userId = rand(1000,9999);
+            $userId = rand(1000, 9999);
             $name = uniqid();
             $nickname = uniqid();
             $email = uniqid();
 
             $postResponse = m::mock('Psr\Http\Message\ResponseInterface');
-            $postResponse->shouldReceive('getBody')->andReturn('access_token=mock_access_token&expires=3600&refresh_token=mock_refresh_token&otherKey={1234}');
-            $postResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'application/x-www-form-urlencoded']);
+            $postResponse->shouldReceive('getBody')
+                ->andReturn(
+                    'access_token=mock_access_token&expires=3600&refresh_token=mock_refresh_token&otherKey={1234}'
+                );
+            $postResponse->shouldReceive('getHeader')
+                ->andReturn(['content-type' => 'application/x-www-form-urlencoded']);
 
             $userResponse = m::mock('Psr\Http\Message\ResponseInterface');
-            $userResponse->shouldReceive('getBody')->andReturn('{"sub": '.$userId.', "name": "'.$name.'", "email": "'.$email.'"}');
-            $userResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'json']);
+            $userResponse->shouldReceive('getBody')
+                ->andReturn('{"sub": '.$userId.', "name": "'.$name.'", "email": "'.$email.'"}');
+            $userResponse->shouldReceive('getHeader')
+                ->andReturn(['content-type' => 'json']);
 
             $client = m::mock('GuzzleHttp\ClientInterface');
             $client->shouldReceive('send')
@@ -218,7 +234,7 @@ namespace Stevenmaguire\OAuth2\Client\Test\Provider
 
         public function testUserDataWithEncryption()
         {
-            $userId = rand(1000,9999);
+            $userId = rand(1000, 9999);
             $name = uniqid();
             $nickname = uniqid();
             $email = uniqid();
@@ -227,21 +243,31 @@ namespace Stevenmaguire\OAuth2\Client\Test\Provider
             $key = uniqid();
 
             $postResponse = m::mock('Psr\Http\Message\ResponseInterface');
-            $postResponse->shouldReceive('getBody')->andReturn('access_token=mock_access_token&expires=3600&refresh_token=mock_refresh_token&otherKey={1234}');
-            $postResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'application/x-www-form-urlencoded']);
-            $postResponse->shouldReceive('getStatusCode')->andReturn(200);
+            $postResponse->shouldReceive('getBody')
+                ->andReturn(
+                    'access_token=mock_access_token&expires=3600&refresh_token=mock_refresh_token&otherKey={1234}'
+                );
+            $postResponse->shouldReceive('getHeader')
+                ->andReturn(['content-type' => 'application/x-www-form-urlencoded']);
+            $postResponse->shouldReceive('getStatusCode')
+                ->andReturn(200);
 
             $userResponse = m::mock('Psr\Http\Message\ResponseInterface');
-            $userResponse->shouldReceive('getBody')->andReturn($jwt);
-            $userResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'application/jwt']);
-            $userResponse->shouldReceive('getStatusCode')->andReturn(200);
+            $userResponse->shouldReceive('getBody')
+                ->andReturn($jwt);
+            $userResponse->shouldReceive('getHeader')
+                ->andReturn(['content-type' => 'application/jwt']);
+            $userResponse->shouldReceive('getStatusCode')
+                ->andReturn(200);
 
             $decoder = \Mockery::mock('overload:Firebase\JWT\JWT');
-            $decoder->shouldReceive('decode')->with($jwt, $key, [$algorithm])->andReturn([
-                'sub' => $userId,
-                'email' => $email,
-                'name' => $name,
-            ]);
+            $decoder->shouldReceive('decode')
+                ->with($jwt, $key, [$algorithm])
+                ->andReturn([
+                    'sub' => $userId,
+                    'email' => $email,
+                    'name' => $name,
+                ]);
 
             $client = m::mock('GuzzleHttp\ClientInterface');
             $client->shouldReceive('send')
@@ -262,20 +288,27 @@ namespace Stevenmaguire\OAuth2\Client\Test\Provider
             $this->assertEquals($email, $user->toArray()['email']);
         }
 
-        /**
-         * @expectedException Stevenmaguire\OAuth2\Client\Provider\Exception\EncryptionConfigurationException
-         */
         public function testUserDataFailsWhenEncryptionEncounteredAndNotConfigured()
         {
+            $this->expectException(EncryptionConfigurationException::class);
+
             $postResponse = m::mock('Psr\Http\Message\ResponseInterface');
-            $postResponse->shouldReceive('getBody')->andReturn('access_token=mock_access_token&expires=3600&refresh_token=mock_refresh_token&otherKey={1234}');
-            $postResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'application/x-www-form-urlencoded']);
-            $postResponse->shouldReceive('getStatusCode')->andReturn(200);
+            $postResponse->shouldReceive('getBody')
+                ->andReturn(
+                    'access_token=mock_access_token&expires=3600&refresh_token=mock_refresh_token&otherKey={1234}'
+                );
+            $postResponse->shouldReceive('getHeader')
+                ->andReturn(['content-type' => 'application/x-www-form-urlencoded']);
+            $postResponse->shouldReceive('getStatusCode')
+                ->andReturn(200);
 
             $userResponse = m::mock('Psr\Http\Message\ResponseInterface');
-            $userResponse->shouldReceive('getBody')->andReturn(uniqid());
-            $userResponse->shouldReceive('getHeader')->andReturn(['content-type' => 'application/jwt']);
-            $userResponse->shouldReceive('getStatusCode')->andReturn(200);
+            $userResponse->shouldReceive('getBody')
+                ->andReturn(uniqid());
+            $userResponse->shouldReceive('getHeader')
+                ->andReturn(['content-type' => 'application/jwt']);
+            $userResponse->shouldReceive('getStatusCode')
+                ->andReturn(200);
 
             $client = m::mock('GuzzleHttp\ClientInterface');
             $client->shouldReceive('send')
@@ -287,17 +320,20 @@ namespace Stevenmaguire\OAuth2\Client\Test\Provider
             $user = $this->provider->getResourceOwner($token);
         }
 
-        /**
-         * @expectedException League\OAuth2\Client\Provider\Exception\IdentityProviderException
-         */
         public function testErrorResponse()
         {
+            $this->expectException(IdentityProviderException::class);
+
             $response = m::mock('Psr\Http\Message\ResponseInterface');
-            $response->shouldReceive('getBody')->andReturn('{"error": "invalid_grant", "error_description": "Code not found"}');
-            $response->shouldReceive('getHeader')->andReturn(['content-type' => 'json']);
+            $response->shouldReceive('getBody')
+                ->andReturn('{"error": "invalid_grant", "error_description": "Code not found"}');
+            $response->shouldReceive('getHeader')
+                ->andReturn(['content-type' => 'json']);
 
             $client = m::mock('GuzzleHttp\ClientInterface');
-            $client->shouldReceive('send')->times(1)->andReturn($response);
+            $client->shouldReceive('send')
+                ->times(1)
+                ->andReturn($response);
             $this->provider->setHttpClient($client);
 
             $token = $this->provider->getAccessToken('authorization_code', ['code' => 'mock_authorization_code']);

From 95a15d18a73cf516b89e9acfa199826043751fc0 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 16 May 2023 13:37:27 +0200
Subject: [PATCH 074/755] [Web] update guzzlehttp/psr7

---
 data/web/inc/lib/composer.lock                  | 15 ++++++---------
 data/web/inc/lib/vendor/composer/installed.json | 17 +++++++----------
 data/web/inc/lib/vendor/composer/installed.php  | 10 +++++-----
 .../inc/lib/vendor/guzzlehttp/psr7/CHANGELOG.md |  8 ++++++++
 .../lib/vendor/guzzlehttp/psr7/composer.json    |  3 ---
 .../lib/vendor/guzzlehttp/psr7/src/Message.php  |  2 +-
 .../vendor/guzzlehttp/psr7/src/MessageTrait.php | 13 ++++++-------
 .../guzzlehttp/psr7/src/ServerRequest.php       |  8 ++++----
 8 files changed, 37 insertions(+), 39 deletions(-)

diff --git a/data/web/inc/lib/composer.lock b/data/web/inc/lib/composer.lock
index 0d55230c4..516e9fec3 100644
--- a/data/web/inc/lib/composer.lock
+++ b/data/web/inc/lib/composer.lock
@@ -493,16 +493,16 @@
         },
         {
             "name": "guzzlehttp/psr7",
-            "version": "2.4.4",
+            "version": "2.4.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/psr7.git",
-                "reference": "3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf"
+                "reference": "0454e12ef0cd597ccd2adb036f7bda4e7fface66"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf",
-                "reference": "3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/0454e12ef0cd597ccd2adb036f7bda4e7fface66",
+                "reference": "0454e12ef0cd597ccd2adb036f7bda4e7fface66",
                 "shasum": ""
             },
             "require": {
@@ -528,9 +528,6 @@
                 "bamarni-bin": {
                     "bin-links": true,
                     "forward-command": false
-                },
-                "branch-alias": {
-                    "dev-master": "2.4-dev"
                 }
             },
             "autoload": {
@@ -592,7 +589,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.4.4"
+                "source": "https://github.com/guzzle/psr7/tree/2.4.5"
             },
             "funding": [
                 {
@@ -608,7 +605,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-03-09T13:19:02+00:00"
+            "time": "2023-04-17T16:00:45+00:00"
         },
         {
             "name": "illuminate/contracts",
diff --git a/data/web/inc/lib/vendor/composer/installed.json b/data/web/inc/lib/vendor/composer/installed.json
index 0b7725517..c5f82771a 100644
--- a/data/web/inc/lib/vendor/composer/installed.json
+++ b/data/web/inc/lib/vendor/composer/installed.json
@@ -501,17 +501,17 @@
         },
         {
             "name": "guzzlehttp/psr7",
-            "version": "2.4.4",
-            "version_normalized": "2.4.4.0",
+            "version": "2.4.5",
+            "version_normalized": "2.4.5.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/psr7.git",
-                "reference": "3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf"
+                "reference": "0454e12ef0cd597ccd2adb036f7bda4e7fface66"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf",
-                "reference": "3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/0454e12ef0cd597ccd2adb036f7bda4e7fface66",
+                "reference": "0454e12ef0cd597ccd2adb036f7bda4e7fface66",
                 "shasum": ""
             },
             "require": {
@@ -532,15 +532,12 @@
             "suggest": {
                 "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
             },
-            "time": "2023-03-09T13:19:02+00:00",
+            "time": "2023-04-17T16:00:45+00:00",
             "type": "library",
             "extra": {
                 "bamarni-bin": {
                     "bin-links": true,
                     "forward-command": false
-                },
-                "branch-alias": {
-                    "dev-master": "2.4-dev"
                 }
             },
             "installation-source": "dist",
@@ -603,7 +600,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.4.4"
+                "source": "https://github.com/guzzle/psr7/tree/2.4.5"
             },
             "funding": [
                 {
diff --git a/data/web/inc/lib/vendor/composer/installed.php b/data/web/inc/lib/vendor/composer/installed.php
index d7cc77743..0616e9a82 100644
--- a/data/web/inc/lib/vendor/composer/installed.php
+++ b/data/web/inc/lib/vendor/composer/installed.php
@@ -3,7 +3,7 @@
         'name' => '__root__',
         'pretty_version' => 'dev-master',
         'version' => 'dev-master',
-        'reference' => '34e7b3f613661fe2b3c3eb1d316a63dfe111022e',
+        'reference' => '96390c2e12fd8d886495fde5514ad431e4e66069',
         'type' => 'library',
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
@@ -13,7 +13,7 @@
         '__root__' => array(
             'pretty_version' => 'dev-master',
             'version' => 'dev-master',
-            'reference' => '34e7b3f613661fe2b3c3eb1d316a63dfe111022e',
+            'reference' => '96390c2e12fd8d886495fde5514ad431e4e66069',
             'type' => 'library',
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),
@@ -80,9 +80,9 @@
             'dev_requirement' => false,
         ),
         'guzzlehttp/psr7' => array(
-            'pretty_version' => '2.4.4',
-            'version' => '2.4.4.0',
-            'reference' => '3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf',
+            'pretty_version' => '2.4.5',
+            'version' => '2.4.5.0',
+            'reference' => '0454e12ef0cd597ccd2adb036f7bda4e7fface66',
             'type' => 'library',
             'install_path' => __DIR__ . '/../guzzlehttp/psr7',
             'aliases' => array(),
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/CHANGELOG.md b/data/web/inc/lib/vendor/guzzlehttp/psr7/CHANGELOG.md
index 0eabd3048..49e0c12a4 100644
--- a/data/web/inc/lib/vendor/guzzlehttp/psr7/CHANGELOG.md
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/CHANGELOG.md
@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Unreleased
 
+## 2.4.5 - 2023-04-17
+
+### Fixed
+
+- Prevent possible warnings on unset variables in `ServerRequest::normalizeNestedFileSpec`
+- Fixed `Message::bodySummary` when `preg_match` fails
+- Fixed header validation issue
+
 ## 2.4.4 - 2023-03-09
 
 ### Changed
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/composer.json b/data/web/inc/lib/vendor/guzzlehttp/psr7/composer.json
index cd91040cf..c0e7236c3 100644
--- a/data/web/inc/lib/vendor/guzzlehttp/psr7/composer.json
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/composer.json
@@ -81,9 +81,6 @@
         "bamarni-bin": {
             "bin-links": true,
             "forward-command": false
-        },
-        "branch-alias": {
-            "dev-master": "2.4-dev"
         }
     },
     "config": {
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Message.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Message.php
index 61c1a5dcc..c1e15f826 100644
--- a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Message.php
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/Message.php
@@ -77,7 +77,7 @@ final class Message
 
         // Matches any printable character, including unicode characters:
         // letters, marks, numbers, punctuation, spacing, and separators.
-        if (preg_match('/[^\pL\pM\pN\pP\pS\pZ\n\r\t]/u', $summary)) {
+        if (preg_match('/[^\pL\pM\pN\pP\pS\pZ\n\r\t]/u', $summary) !== 0) {
             return null;
         }
 
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/MessageTrait.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/MessageTrait.php
index d2dc28b60..464bdfaa4 100644
--- a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/MessageTrait.php
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/MessageTrait.php
@@ -224,12 +224,9 @@ trait MessageTrait
             ));
         }
 
-        if (! preg_match('/^[a-zA-Z0-9\'`#$%&*+.^_|~!-]+$/', $header)) {
+        if (! preg_match('/^[a-zA-Z0-9\'`#$%&*+.^_|~!-]+$/D', $header)) {
             throw new \InvalidArgumentException(
-                sprintf(
-                    '"%s" is not valid header name',
-                    $header
-                )
+                sprintf('"%s" is not valid header name.', $header)
             );
         }
     }
@@ -257,8 +254,10 @@ trait MessageTrait
         // Clients must not send a request with line folding and a server sending folded headers is
         // likely very rare. Line folding is a fairly obscure feature of HTTP/1.1 and thus not accepting
         // folding is not likely to break any legitimate use case.
-        if (! preg_match('/^[\x20\x09\x21-\x7E\x80-\xFF]*$/', $value)) {
-            throw new \InvalidArgumentException(sprintf('"%s" is not valid header value', $value));
+        if (! preg_match('/^[\x20\x09\x21-\x7E\x80-\xFF]*$/D', $value)) {
+            throw new \InvalidArgumentException(
+                sprintf('"%s" is not valid header value.', $value)
+            );
         }
     }
 }
diff --git a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/ServerRequest.php b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/ServerRequest.php
index 43cbb502e..b2aa382da 100644
--- a/data/web/inc/lib/vendor/guzzlehttp/psr7/src/ServerRequest.php
+++ b/data/web/inc/lib/vendor/guzzlehttp/psr7/src/ServerRequest.php
@@ -144,10 +144,10 @@ class ServerRequest extends Request implements ServerRequestInterface
         foreach (array_keys($files['tmp_name']) as $key) {
             $spec = [
                 'tmp_name' => $files['tmp_name'][$key],
-                'size'     => $files['size'][$key],
-                'error'    => $files['error'][$key],
-                'name'     => $files['name'][$key],
-                'type'     => $files['type'][$key],
+                'size'     => $files['size'][$key] ?? null,
+                'error'    => $files['error'][$key] ?? null,
+                'name'     => $files['name'][$key] ?? null,
+                'type'     => $files['type'][$key] ?? null,
             ];
             $normalizedFiles[$key] = self::createUploadedFileFromSpec($spec);
         }

From 7cf6a9d808ef82ed6e3e8226ee2cb48144c7f4c7 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 16 May 2023 13:41:16 +0200
Subject: [PATCH 075/755] [Web] update lang.en-gb.json

---
 data/web/lang/lang.en-gb.json | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 9825ab9d2..748d9bf7d 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -212,21 +212,22 @@
         "host": "Host",
         "html": "HTML",
         "iam": "Identity Provider",
+        "iam_authorize_url": "Authorization endpoint",
         "iam_auth_flow": "Authentication Flow",
-        "iam_auth_flow_info": "In addition to the Authorization Code Flow (Standard Flow in Keycloak), which is used for Single-Sign On login, mailcow also supports Authentication Flows with direct Credentials",
-        "iam_auth_flow_rest_info": "1. Mailpassword Flow (Default)<br>The Mailpassword Flow attempts to validate the user's credentials by using the Keycloak Admin REST API. mailcow retrieves the hashed password from the <code>mailcow_password</code> attribute, which is mapped in Keycloak. If this attribute is not found, the user needs to log in to the mailcow UI via Single-Sign On and create an App Password to use a mail client.<br>To enable this flow, the mailcow client in Keycloak must have <code>Service accounts roles</code> checked under <code>Authentication Flow</code>.",
-        "iam_auth_flow_ropc_info": "2. Resource Owner Password Flow<br>We do not recommend using this flow, as it is probably deprecated in the new OAuth 2.1 protocol. The Resource Owner Password Flow allows direct validation of the user's credentials. Therefore, the user has to trust mailcow to handle their external credentials securely. No Mailpassword or App Password is required to use a mail client.<br>To enable this flow, the mailcow client in Keycloak must have <code>Direct access grants</code> checked under <code>Authentication Flow</code>.",
-        "iam_client_id": "Client Id",
+        "iam_auth_flow_info": "In addition to the Authorization Code Flow (Standard Flow in Keycloak), which is used for Single-Sign On login, mailcow also supports Authentication Flow with direct Credentials. The Mailpassword Flow attempts to validate the user's credentials by using the Keycloak Admin REST API. mailcow retrieves the hashed password from the <code>mailcow_password</code> attribute, which is mapped in Keycloak.",
+        "iam_client_id": "Client ID",
         "iam_client_secret": "Client Secret",
         "iam_description": "Here, you can configure the integration with an external Keycloak service. The Keycloak user's mailboxes will be automatically created upon their first login, provided that a attribute mapping has been set.",
+        "iam_extra_permission": "For the following settings to work, the mailcow client in Keycloak needs a <code>Service account</code> and the permission to <code>view-users</code>.",
+        "iam_mapping": "Attribute Mapping",
         "iam_realm": "Realm",
         "iam_redirect_url": "Redirect Url",
-        "iam_ropc_flow": "Resource Owner Password Flow",
         "iam_rest_flow": "Mailpassword Flow",
-        "iam_mapping": "Attribute Mapping",
         "iam_server_url": "Server Url",
         "iam_sso": "SSO",
         "iam_test_connection": "Test Connection",
+        "iam_token_url": "Token endpoint",
+        "iam_userinfo_url": "User info endpoint",
         "iam_version": "Version",
         "import": "Import",
         "import_private_key": "Import private key",
@@ -412,7 +413,6 @@
         "goto_empty": "An alias address must contain at least one valid goto address",
         "goto_invalid": "Goto address %s is invalid",
         "ham_learn_error": "Ham learn error: %s",
-        "iam_invalid_sso": "SSO login failed",
         "iam_test_connection": "Connection failed",
         "imagick_exception": "Error: Imagick exception while reading image",
         "img_dimensions_exceeded": "Image exceeds the maximum image size",
@@ -468,7 +468,7 @@
         "redis_error": "Redis error: %s",
         "relayhost_invalid": "Map entry %s is invalid",
         "release_send_failed": "Message could not be released: %s",
-        "required_data_missing": "Required data is missing",
+        "required_data_missing": "Required data %s is missing",
         "reset_f2b_regex": "Regex filter could not be reset in time, please try again or wait a few more seconds and reload the website.",
         "resource_invalid": "Resource name %s is invalid",
         "rl_timeframe": "Rate limit time frame is incorrect",

From 4dc3222f03e8bf366dcc730c34b9db4cf1ab2cef Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 16 May 2023 14:50:36 +0200
Subject: [PATCH 076/755] [Web] fix bug on mailbox login

---
 data/web/inc/functions.auth.inc.php    | 18 ++++--------------
 data/web/inc/functions.inc.php         | 11 ++++++-----
 data/web/inc/functions.mailbox.inc.php |  2 +-
 3 files changed, 11 insertions(+), 20 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index cd46b45b1..88bdaf77c 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -333,26 +333,16 @@ function keycloak_mbox_login_rest($user, $pass, $iam_settings, $is_internal = fa
     return 'user';
   }
 
-  // try to create mbox on successfull login
-  $mbox_template = null;
-  // check if matching attribute mapping exists
-  foreach ($iam_settings['mappers'] as $index => $mapper){
-    if (in_array($mapper, $iam_settings['mappers'])) {
-      $mbox_template = $iam_settings['templates'][$index];
-      break;
-    }
-  }
-  if (!$mbox_template){
-    // no matching template found
-    return false;
-  }
+  // check if matching attribute exist
+  $mapper_key = array_search($user_template, $iam_settings['mappers']);
+  if ($mapper_key === false) return false;
 
   // create mailbox
   $create_res = mailbox('add', 'mailbox_from_template', array(
     'domain' => explode('@', $user)[1],
     'local_part' => explode('@', $user)[0],
     'authsource' => 'keycloak',
-    'template' => $mbox_template
+    'template' => $iam_settings['mappers'][$mapper_key]
   ));
   if (!$create_res) return false;
 
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index ef6fbec6f..98991628d 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2316,7 +2316,7 @@ function identity_provider($_action, $_data = null, $_extra = null) {
         );
         return true;
       }
-    
+
       // get mapped template, if not set return false
       // also return false if no mappers were defined
       $provider = identity_provider('get');
@@ -2330,9 +2330,10 @@ function identity_provider($_action, $_data = null, $_extra = null) {
         );
         return false;
       }
-    
+
       // check if matching attribute exist
-      if (array_search($user_template, $provider['mappers']) === false) {
+      $mapper_key = array_search($user_template, $provider['mappers']);
+      if ($mapper_key === false) {
         clear_session();  
         $_SESSION['return'][] =  array(
           'type' => 'danger',
@@ -2341,13 +2342,13 @@ function identity_provider($_action, $_data = null, $_extra = null) {
         );
         return false;
       }
-    
+
       // create mailbox
       $create_res = mailbox('add', 'mailbox_from_template', array(
         'domain' => explode('@', $info['email'])[1],
         'local_part' => explode('@', $info['email'])[0],
         'authsource' => identity_provider('get')['authsource'],
-        'template' => $user_template
+        'template' => $provider['templates'][$mapper_key]
       ));
       if (!$create_res){
         clear_session();  
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 7ba0a2f49..7ff1044a4 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1361,7 +1361,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               break;
             }
           }
-        
+
           return mailbox('add', 'mailbox', $mailbox_attributes, array('iam_create_login' => true));
         break;
         case 'resource':

From 5545d8a56c87f4f3e8267d4a5954470466cdbecd Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 25 May 2023 10:06:55 +0200
Subject: [PATCH 077/755] [Web] hide auth settings for external users

---
 data/web/inc/functions.auth.inc.php        | 10 +++++-----
 data/web/inc/functions.inc.php             |  4 ++--
 data/web/inc/functions.mailbox.inc.php     |  2 +-
 data/web/templates/user/tab-user-auth.twig |  2 ++
 4 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 88bdaf77c..f7a2a3519 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -235,8 +235,11 @@ function mailcow_mbox_apppass_login($user, $pass, $app_passwd_data, $is_internal
     $protocol = 'sieve';
   } else if ($app_passwd_data['pop3']){
     $protocol = 'pop3';
+  } else if (!$is_internal) {
+    return false;
   }
 
+
   // fetch app password data
   $stmt = $pdo->prepare("SELECT `app_passwd`.`password` as `password`, `app_passwd`.`id` as `app_passwd_id` FROM `app_passwd`
     INNER JOIN `mailbox` ON `mailbox`.`username` = `app_passwd`.`mailbox`
@@ -249,11 +252,8 @@ function mailcow_mbox_apppass_login($user, $pass, $app_passwd_data, $is_internal
       :has_access_query"
   );
   // check if app password has protocol access
-  // skip if protocol is false and the call is not external
-  $has_access_query = '';
-  if (!$is_internal || ($is_internal && !empty($protocol))){
-    $has_access_query = " AND `app_passwd`.`" . $protocol . "_access` = '1'";
-  }
+  // skip if protocol is false and the call is internal
+  $has_access_query = ($is_internal && $protocol === false) ? "" : " AND `app_passwd`.`" . $protocol . "_access` = '1'";
   // fetch password data
   $stmt->execute(array(
     ':user' => $user,
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 98991628d..21e20f39a 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -896,7 +896,7 @@ function edit_user_account($_data) {
   }
   $stmt = $pdo->prepare("SELECT `password` FROM `mailbox`
       WHERE `kind` NOT REGEXP 'location|thing|group'
-        AND `username` = :user");
+        AND `username` = :user AND authsource = 'mailcow'");
   $stmt->execute(array(':user' => $username));
   $row = $stmt->fetch(PDO::FETCH_ASSOC);
   if (!verify_hash($row['password'], $password_old)) {
@@ -917,7 +917,7 @@ function edit_user_account($_data) {
     $stmt = $pdo->prepare("UPDATE `mailbox` SET `password` = :password_hashed,
       `attributes` = JSON_SET(`attributes`, '$.force_pw_update', '0'),
       `attributes` = JSON_SET(`attributes`, '$.passwd_update', NOW())
-        WHERE `username` = :username");
+        WHERE `username` = :username AND authsource = 'mailcow'");
     $stmt->execute(array(
       ':password_hashed' => $password_hashed,
       ':username' => $username
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 7ff1044a4..30d927398 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -3165,7 +3165,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               $stmt = $pdo->prepare("UPDATE `mailbox` SET
                   `password` = :password_hashed,
                   `attributes` = JSON_SET(`attributes`, '$.passwd_update', NOW())
-                    WHERE `username` = :username");
+                    WHERE `username` = :username AND authsource = 'mailcow'");
               $stmt->execute(array(
                 ':password_hashed' => $password_hashed,
                 ':username' => $username
diff --git a/data/web/templates/user/tab-user-auth.twig b/data/web/templates/user/tab-user-auth.twig
index c39f10086..f8429821e 100644
--- a/data/web/templates/user/tab-user-auth.twig
+++ b/data/web/templates/user/tab-user-auth.twig
@@ -97,6 +97,7 @@
           </div>
 
           {# TFA #}
+          {% if mailboxdata.authsource == "mailcow" %}
           <legend class="mt-4">{{ lang.user.authentication }}</legend>
           <hr>
           <div class="row">
@@ -170,6 +171,7 @@
             </div>
             <br>
           </div>
+          {% endif %}
         </div>
         <div class="ms-auto col-xl-3 col-lg-5 col-md-12 col-12 d-flex flex-column well flex-grow-1">
           <legend class="d-flex">

From e4284b8e19cdfba174ce7e3ce67b632ff2a4765a Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 25 May 2023 11:36:17 +0200
Subject: [PATCH 078/755] [Web] fix attribute mapping list

---
 data/web/js/site/admin.js                     |  8 +--
 .../admin/tab-config-identity-provider.twig   | 50 ++++++++++---------
 2 files changed, 31 insertions(+), 27 deletions(-)

diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index b2f8ae1a5..d2b206d22 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -771,7 +771,7 @@ jQuery(function($){
   $('.iam_rolemap_add').click(async function(e){
     e.preventDefault();
 
-    var parent = $(this).parent().parent();
+    var parent = $('#iam_mapping_list')
     $(parent).children().last().clone().appendTo(parent);
     var newChild = $(parent).children().last();
     $(newChild).find('input').val('');
@@ -784,12 +784,14 @@ jQuery(function($){
     $('.iam_rolemap_del').off('click');
     $('.iam_rolemap_del').click(async function(e){
       e.preventDefault();
-      $(this).parent().remove();
+      if ($(this).parent().parent().children().length > 1)
+        $(this).parent().remove();
     });
   });
   $('.iam_rolemap_del').click(async function(e){
     e.preventDefault();
-    $(this).parent().remove();
+    if ($(this).parent().parent().children().length > 1)
+      $(this).parent().remove();
   });
   // selecting identity provider
   $('#iam_provider').on('change', function(){
diff --git a/data/web/templates/admin/tab-config-identity-provider.twig b/data/web/templates/admin/tab-config-identity-provider.twig
index 1a42d0088..a2aff987c 100644
--- a/data/web/templates/admin/tab-config-identity-provider.twig
+++ b/data/web/templates/admin/tab-config-identity-provider.twig
@@ -70,32 +70,34 @@
               <span class="w-100 ms-2">Template</span>
               <button class="btn btn-sm d-block d-sm-inline btn-secondary ms-2 iam_rolemap_add"><i class="bi bi-plus-lg"></i></button>
             </div>
-            {% for key, role in iam_settings.mappers %}
-            <div class="offset-sm-3 col-4 d-flex mb-2">
-              <input type="text" class="form-control me-2" name="mappers" value="{{ iam_settings.mappers[key] }}" required>
-              <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
-              {% for mbox_template in mbox_templates %}
-                <option{% if mbox_template.template == iam_settings.templates[key] %} selected{% endif %}>
-                  {{ mbox_template.template }}
-                </option>
+            <div id="iam_mapping_list">
+              {% for key, role in iam_settings.mappers %}
+              <div class="offset-sm-3 col-4 d-flex mb-2">
+                <input type="text" class="form-control me-2" name="mappers" value="{{ iam_settings.mappers[key] }}" required>
+                <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
+                {% for mbox_template in mbox_templates %}
+                  <option{% if mbox_template.template == iam_settings.templates[key] %} selected{% endif %}>
+                    {{ mbox_template.template }}
+                  </option>
+                {% endfor %}
+                </select>
+                <button class="iam_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-x-lg"></i></button>
+              </div>
               {% endfor %}
-              </select>
-              <button class="iam_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-x-lg"></i></button>
+              {% if not iam_settings.mappers %}
+              <div class="offset-sm-3 col-4 d-flex mb-2">
+                <input type="text" class="form-control me-2" name="mappers" value="" required>
+                <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
+                {% for mbox_template in mbox_templates %}
+                  <option>
+                    {{ mbox_template.template }}
+                  </option>
+                {% endfor %}
+                </select>
+                <button class="iam_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-x-lg"></i></button>
+              </div>
+              {% endif %}
             </div>
-            {% endfor %}
-            {% if not iam_settings.mappers %}
-            <div class="offset-sm-3 col-4 d-flex mb-2">
-              <input type="text" class="form-control me-2" name="mappers" value="" required>
-              <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
-              {% for mbox_template in mbox_templates %}
-                <option>
-                  {{ mbox_template.template }}
-                </option>
-              {% endfor %}
-              </select>
-              <button class="iam_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-x-lg"></i></button>
-            </div>
-            {% endif %}
           </div>
           <div class="row mb-2 mt-4">
             <label class="control-label col-sm-3 text-sm-end"></label>

From 85368971fd23be5036f4f055eb5440a05ef61c97 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 25 May 2023 12:32:47 +0200
Subject: [PATCH 079/755] [Web] handle fatal errors on getAccessToken

---
 data/web/inc/functions.inc.php | 22 +++-------------------
 1 file changed, 3 insertions(+), 19 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 21e20f39a..4e353dd0b 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2144,6 +2144,9 @@ function identity_provider($_action, $_data = null, $_extra = null) {
           $pdo->rollback();
           return false;
         }
+        if ($setting == "server_url" || $setting == "authorize_url" || $setting == "token_url" || $setting == "userinfo_url") {
+          $_data[$setting] = rtrim($_data[$setting], '/');
+        }
 
         $stmt->bindParam(':key', $setting);
         $stmt->bindParam(':value', $_data[$setting]);
@@ -2271,15 +2274,6 @@ function identity_provider($_action, $_data = null, $_extra = null) {
     
       try {
         $token = $provider->getAccessToken('authorization_code', ['code' => $_GET['code']]);
-      } catch (Exception $e) {
-        $_SESSION['return'][] =  array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__),
-          'msg' => array('login_failed', $e->getMessage())
-        );
-        return false;
-      }
-      try {
         $_SESSION['iam_token'] = $token->getToken();
         $_SESSION['iam_refresh_token'] = $token->getRefreshToken();
         $info = $provider->getResourceOwner($token)->toArray();
@@ -2291,7 +2285,6 @@ function identity_provider($_action, $_data = null, $_extra = null) {
         );
         return false;
       }
-      
       // check if email address is given
       if (empty($info['email'])) return false;
     
@@ -2374,15 +2367,6 @@ function identity_provider($_action, $_data = null, $_extra = null) {
 
       try {
         $token = $provider->getAccessToken('refresh_token', ['refresh_token' => $_SESSION['iam_refresh_token']]);
-      } catch (Exception $e) {
-        $_SESSION['return'][] =  array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__),
-          'msg' => array('login_failed', $e->getMessage())
-        );
-        return false;
-      }
-      try {
         $_SESSION['iam_token'] = $token->getToken();
         $_SESSION['iam_refresh_token'] = $token->getRefreshToken();
         $info = $provider->getResourceOwner($token)->toArray();

From f8647bb15eecc44d1bbd15cd5ea26a41e87f6606 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 6 Jul 2023 15:49:06 +0200
Subject: [PATCH 080/755] [Web] add keycloak sync crontask

---
 data/conf/phpfpm/crons/keycloak-sync.php | 221 +++++++++++++++++++++++
 docker-compose.yml                       |   6 +
 2 files changed, 227 insertions(+)
 create mode 100644 data/conf/phpfpm/crons/keycloak-sync.php

diff --git a/data/conf/phpfpm/crons/keycloak-sync.php b/data/conf/phpfpm/crons/keycloak-sync.php
new file mode 100644
index 000000000..f401f0ae7
--- /dev/null
+++ b/data/conf/phpfpm/crons/keycloak-sync.php
@@ -0,0 +1,221 @@
+<?php
+
+require_once(__DIR__ . '/../web/inc/vars.inc.php');
+if (file_exists(__DIR__ . '/../web/inc/vars.local.inc.php')) {
+  include_once(__DIR__ . '/../web/inc/vars.local.inc.php');
+}
+require_once __DIR__ . '/../web/inc/lib/vendor/autoload.php';
+
+// Init database
+//$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
+$dsn = $database_type . ":unix_socket=" . $database_sock . ";dbname=" . $database_name;
+$opt = [
+    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
+    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+    PDO::ATTR_EMULATE_PREPARES   => false,
+];
+try {
+  $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
+}
+catch (PDOException $e) {
+  logMsg("danger", $e->getMessage());
+  session_destroy();
+  exit;
+}
+
+// Init Redis
+$redis = new Redis();
+try {
+  if (!empty(getenv('REDIS_SLAVEOF_IP'))) {
+    $redis->connect(getenv('REDIS_SLAVEOF_IP'), getenv('REDIS_SLAVEOF_PORT'));
+  }
+  else {
+    $redis->connect('redis-mailcow', 6379);
+  }
+}
+catch (Exception $e) {
+  echo "Exiting: " . $e->getMessage();
+  session_destroy();
+  exit;
+}
+
+function logMsg($priority, $message, $task = "Keycloak Sync") {
+  global $redis;
+
+  $finalMsg = array(
+    "time" => time(),
+    "priority" => $priority,
+    "task" => $task,
+    "message" => $message
+  );
+  $redis->lPush('CRON_LOG', json_encode($finalMsg));
+}
+
+// Load core functions first
+require_once __DIR__ . '/../web/inc/functions.inc.php';
+require_once __DIR__ . '/../web/inc/functions.auth.inc.php';
+require_once __DIR__ . '/../web/inc/sessions.inc.php';
+require_once __DIR__ . '/../web/inc/functions.mailbox.inc.php';
+require_once __DIR__ . '/../web/inc/functions.ratelimit.inc.php';
+require_once __DIR__ . '/../web/inc/functions.acl.inc.php';
+
+$_SESSION['mailcow_cc_username'] = "admin";
+$_SESSION['mailcow_cc_role'] = "admin";
+$_SESSION['acl']['tls_policy'] = "1";
+$_SESSION['acl']['quarantine_notification'] = "1";
+$_SESSION['acl']['quarantine_category'] = "1";
+$_SESSION['acl']['ratelimit'] = "1";
+$_SESSION['acl']['sogo_access'] = "1";
+$_SESSION['acl']['protocol_access'] = "1";
+$_SESSION['acl']['mailbox_relayhost'] = "1";
+
+// Init Keycloak Provider
+$iam_provider = identity_provider('init');
+$iam_settings = identity_provider('get');
+if (intval($iam_settings['periodic_sync']) != 1 && $iam_settings['import_users'] != 1) {
+  logMsg("warning", "IAM Sync is disabled");
+  session_destroy();
+  exit;
+}
+
+// Set pagination variables
+$start = 0;
+$max = 25;
+
+// lock sync if already running
+$lock_file = '/tmp/iam-sync.lock';
+if (file_exists($lock_file)) {
+  $lock_file_parts = explode("\n", file_get_contents($lock_file));
+  $pid = $lock_file_parts[0];
+  if (count($lock_file_parts) > 1){
+    $last_execution = $lock_file_parts[1];
+    $elapsed_time = (time() - $last_execution) / 60;
+    if ($elapsed_time < intval($iam_settings['sync_interval'])) {
+      logMsg("warning", "Sync Interval not ready (".number_format((float)$elapsed_time, 2, '.', '')."min / ".$iam_settings['sync_interval']."min)");
+      session_destroy();
+      exit;
+    }
+  }
+
+  if (posix_kill($pid, 0)) {
+    logMsg("warning", "Sync is already running");
+    session_destroy();
+    exit;
+  } else {
+    unlink($lock_file);
+  }
+}
+$lock_file_handle = fopen($lock_file, 'w');
+fwrite($lock_file_handle, getmypid());
+fclose($lock_file_handle);
+
+// Loop until all users have been retrieved
+while (true) {
+  // Get admin access token
+  $admin_token = identity_provider("get-keycloak-admin-token");
+  
+  // Make the API request to retrieve the users
+  $url = "{$iam_settings['server_url']}/admin/realms/{$iam_settings['realm']}/users?first=$start&max=$max";
+  $ch = curl_init();
+  curl_setopt($ch, CURLOPT_URL, $url);
+  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+  curl_setopt($ch, CURLOPT_HTTPHEADER, [
+    "Content-Type: application/json",
+    "Authorization: Bearer " . $admin_token
+  ]);
+  $response = curl_exec($ch);
+  $code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+  curl_close($ch);
+  
+  if ($code != 200){
+    logMsg("danger", "Recieved HTTP {$code}");
+    session_destroy();
+    exit;
+  }
+  try {
+    $response = json_decode($response, true);
+  } catch (Exception $e) {
+    logMsg("danger", $e->getMessage());
+    break;
+  }
+  if (!is_array($response)){
+    logMsg("danger", "Recieved malformed response from keycloak api");
+    break;
+  }
+  if (count($response) == 0) {
+    break;
+  }
+
+  // Process the batch of users
+  foreach ($response as $user) {
+    if (empty($user['email'])){
+      logMsg("warning", "No email address in keycloak found for user " . $user['name']);
+      continue;
+    }
+    if (!isset($user['attributes'])){
+      logMsg("warning", "No attributes in keycloak found for user " . $user['email']);
+      continue;
+    }
+    if (count($user['attributes']['mailcow_template']) == 0) {
+      logMsg("warning", "No mailcow_template in keycloak found for user " . $user['email']);
+      continue;
+    };
+    $mailcow_template = $user['attributes']['mailcow_template'];
+
+    // try get mailbox user
+    $stmt = $pdo->prepare("SELECT `mailbox`.* FROM `mailbox`
+    INNER JOIN domain on mailbox.domain = domain.domain
+    WHERE `kind` NOT REGEXP 'location|thing|group'
+      AND `domain`.`active`='1'
+      AND `username` = :user");
+    $stmt->execute(array(':user' => $user['email']));
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);
+
+    // check if matching attribute mapping exists
+    $mbox_template = null;
+    foreach ($iam_settings['mappers'] as $index => $mapper){
+      if (in_array($mapper, $user['attributes']['mailcow_template'])) {
+        $mbox_template = $mapper;
+        break;
+      }
+    }
+    if (!$mbox_template){
+      logMsg("warning", "No matching mapper found for mailbox_template");
+      continue;
+    }
+
+    if (!$row && intval($iam_settings['import_users']) == 1){
+      // mailbox user does not exist, create...
+      logMsg("info", "Creating user " . $user['email']);
+      mailbox('add', 'mailbox_from_template', array(
+        'domain' => explode('@', $user['email'])[1],
+        'local_part' => explode('@', $user['email'])[0],
+        'authsource' => 'keycloak',
+        'template' => $mbox_template
+      ));
+    } else if ($row) {
+      // mailbox user does exist, sync attribtues...
+      logMsg("info", "Syncing attributes for user " . $user['email']);
+      mailbox('edit', 'mailbox_from_template', array(
+        'username' => $user['email'],
+        'template' => $mbox_template
+      ));
+    } else {
+      // skip mailbox user
+      logMsg("info", "Skipping user " . $user['email']);
+    }
+
+    sleep(0.025);
+  }
+  
+  // Update the pagination variables for the next batch
+  $start += $max;
+  sleep(1);
+}
+
+logMsg("info", "DONE!");
+// add last execution time to lock file
+$lock_file_handle = fopen($lock_file, 'w');
+fwrite($lock_file_handle, getmypid() . "\n" . time());
+fclose($lock_file_handle);
+session_destroy();
diff --git a/docker-compose.yml b/docker-compose.yml
index fffa193c8..a330e1689 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -128,6 +128,7 @@ services:
         - mysql-socket-vol-1:/var/run/mysqld/
         - ./data/conf/sogo/:/etc/sogo/:z
         - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
+        - ./data/conf/phpfpm/crons:/crons:z
         - ./data/conf/phpfpm/sogo-sso/:/etc/sogo-sso/:z
         - ./data/conf/phpfpm/php-fpm.d/pools.conf:/usr/local/etc/php-fpm.d/z-pools.conf:Z
         - ./data/conf/phpfpm/php-conf.d/opcache-recommended.ini:/usr/local/etc/php/conf.d/opcache-recommended.ini:Z
@@ -173,6 +174,11 @@ services:
         - WEBAUTHN_ONLY_TRUSTED_VENDORS=${WEBAUTHN_ONLY_TRUSTED_VENDORS:-n}
         - CLUSTERMODE=${CLUSTERMODE:-}
       restart: always
+      labels:
+        ofelia.enabled: "true"
+        ofelia.job-exec.phpfpm_keycloak_sync.schedule: "@every 1m"
+        ofelia.job-exec.phpfpm_keycloak_sync.no-overlap: "true"
+        ofelia.job-exec.phpfpm_keycloak_sync.command: "/bin/bash -c \"php /crons/keycloak-sync.php || exit 0\""
       networks:
         mailcow-network:
           aliases:

From b176585a9c621f69f9244dc31f041456a7c07e05 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 6 Jul 2023 15:53:33 +0200
Subject: [PATCH 081/755] [Web] add crontasks logs

---
 data/web/inc/functions.inc.php | 14 ++++++++
 data/web/js/site/debug.js      | 61 ++++++++++++++++++++++++++++++++++
 data/web/json_api.php          | 11 ++++++
 data/web/templates/debug.twig  | 24 +++++++++++++
 4 files changed, 110 insertions(+)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 4e353dd0b..081f26e7d 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2537,6 +2537,20 @@ function get_logs($application, $lines = false) {
       return $data_array;
     }
   }
+  if ($application == "cron-mailcow") {
+    if (isset($from) && isset($to)) {
+      $data = $redis->lRange('CRON_LOG', $from - 1, $to - 1);
+    }
+    else {
+      $data = $redis->lRange('CRON_LOG', 0, $lines);
+    }
+    if ($data) {
+      foreach ($data as $json_line) {
+        $data_array[] = json_decode($json_line, true);
+      }
+      return $data_array;
+    }
+  }
   if ($application == "postfix-mailcow") {
     if (isset($from) && isset($to)) {
       $data = $redis->lRange('POSTFIX_MAILLOG', $from - 1, $to - 1);
diff --git a/data/web/js/site/debug.js b/data/web/js/site/debug.js
index 512d9551e..61e7d480a 100644
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@@ -814,6 +814,66 @@ jQuery(function($){
       hideTableExpandCollapseBtn('#tab-dovecot-logs', '#dovecot_log');
     });
   }
+  function draw_cron_logs() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#cron_log') ) {
+      $('#cron_log').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    var table = $('#cron_log').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: log_pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-cron-logs', '#cron_log');
+      },
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/cron",
+        dataSrc: function(data){
+          return process_table_data(data, 'general_syslog');
+        }
+      },
+      columns: [
+        {
+          title: lang.time,
+          data: 'time',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
+          }
+        },
+        {
+          title: lang.task,
+          data: 'task',
+          defaultContent: ''
+        },
+        {
+          title: lang.priority,
+          data: 'priority',
+          defaultContent: ''
+        },
+        {
+          title: lang.message,
+          data: 'message',
+          defaultContent: '',
+          className: 'dtr-col-md text-break'
+        }
+      ]
+    });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-cron-logs', '#cron_log');
+    });
+  }
   function rspamd_pie_graph() {
     $.ajax({
       url: '/api/v1/get/rspamd/actions',
@@ -1219,6 +1279,7 @@ jQuery(function($){
   onVisible("[id^=ui_logs]", () => draw_ui_logs());
   onVisible("[id^=sasl_logs]", () => draw_sasl_logs());
   onVisible("[id^=netfilter_log]", () => draw_netfilter_logs());
+  onVisible("[id^=cron_log]", () => draw_cron_logs());
   onVisible("[id^=rspamd_history]", () => draw_rspamd_history());
   onVisible("[id^=rspamd_donut]", () => rspamd_pie_graph());
 
diff --git a/data/web/json_api.php b/data/web/json_api.php
index 69b236d7a..ac8963e45 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -947,6 +947,17 @@ if (isset($_GET['query'])) {
                 }
                 echo (isset($logs) && !empty($logs)) ? json_encode($logs, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT) : '{}';
               break;
+              case "cron":
+                // 0 is first record, so empty is fine
+                if (isset($extra)) {
+                  $extra = preg_replace('/[^\d\-]/i', '', $extra);
+                  $logs = get_logs('cron-mailcow', $extra);
+                }
+                else {
+                  $logs = get_logs('cron-mailcow');
+                }
+                echo (isset($logs) && !empty($logs)) ? json_encode($logs, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT) : '{}';
+              break;
               case "postfix":
                 // 0 is first record, so empty is fine
                 if (isset($extra)) {
diff --git a/data/web/templates/debug.twig b/data/web/templates/debug.twig
index 867371177..c148856cb 100644
--- a/data/web/templates/debug.twig
+++ b/data/web/templates/debug.twig
@@ -16,6 +16,7 @@
       <li role="presentation"><button class="dropdown-item" data-bs-target="#tab-acme-logs" aria-selected="false" aria-controls="tab-acme-logs" role="tab" data-bs-toggle="tab">ACME</button></li>
       <li role="presentation"><button class="dropdown-item" data-bs-target="#tab-api-logs" aria-selected="false" aria-controls="tab-api-logs" role="tab" data-bs-toggle="tab">API</button></li>
       <li role="presentation"><button class="dropdown-item" data-bs-target="#tab-api-rl" aria-selected="false" aria-controls="tab-api-rl" role="tab" data-bs-toggle="tab">Ratelimits</button></li>
+      <li role="presentation"><button class="dropdown-item" data-bs-target="#tab-cron-logs" aria-selected="false" aria-controls="tab-api-rl" role="tab" data-bs-toggle="tab">Crontasks</button></li>
       <li role="presentation"><span class="dropdown-header fs-6">{{ lang.debug.external_logs }}</span></li>
       <li role="presentation"><button class="dropdown-item" data-bs-target="#tab-rspamd-history" aria-selected="false" aria-controls="tab-rspamd-history" role="tab" data-bs-toggle="tab">Rspamd</button></li>
       <li role="presentation"><span class="dropdown-header fs-6">{{ lang.debug.static_logs }}</span></li>
@@ -625,6 +626,29 @@
         </div>
       </div>
 
+      <div role="tabpanel" class="tab-pane" id="tab-cron-logs">
+        <div class="debug-log-info">{{ lang.debug.log_info|format(log_lines+1)|raw }}</div>
+        <div class="card">
+          <div class="card-header d-flex align-items-center fs-5">
+            <span class="mt-2 ms-2">Crontasks</span>
+            <div class="btn-group ms-auto">
+              <button class="btn btn-sm btn-secondary refresh_table" data-draw="draw_cron_logs" data-table="cron_log">{{ lang.admin.refresh }}</button>
+            </div>
+          </div>
+          <div class="card-body">
+            <a class="btn btn-sm btn-secondary dropdown-toggle mb-4" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.quick_actions }}</a>
+            <ul class="dropdown-menu">
+              <li><a class="dropdown-item add_log_lines" data-post-process="general_syslog" data-table="cron_log" data-log-url="cron" data-nrows="100" href="#">+ 100</a></li>
+              <li><a class="dropdown-item add_log_lines" data-post-process="general_syslog" data-table="cron_log" data-log-url="cron" data-nrows="1000" href="#">+ 1000</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="cron_log" data-table="cron_log" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="cron_log" data-table="cron_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
+            </ul>
+            <table id="cron_log" class="table table-striped dt-responsive w-100"></table>
+          </div>
+        </div>
+      </div>
+
     </div> <!-- /tab-content -->
   </div> <!-- /col-md-12 -->
 </div> <!-- /row -->

From a4cce147aa3fa9c5d8a28ab295a5869751b4e38e Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 6 Jul 2023 15:56:39 +0200
Subject: [PATCH 082/755] [Web] improve attribute sync performance & make
 authsource editable

---
 data/web/inc/functions.mailbox.inc.php | 65 ++++++++++++++++++--------
 data/web/templates/edit/mailbox.twig   |  8 +++-
 2 files changed, 52 insertions(+), 21 deletions(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 30d927398..d76b8fa50 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1073,6 +1073,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           $quarantine_notification = (isset($_data['quarantine_notification'])) ? strval($_data['quarantine_notification']) : strval($MAILBOX_DEFAULT_ATTRIBUTES['quarantine_notification']);
           $quarantine_category = (isset($_data['quarantine_category'])) ? strval($_data['quarantine_category']) : strval($MAILBOX_DEFAULT_ATTRIBUTES['quarantine_category']);
           $quota_b    = ($quota_m * 1048576);
+          $attribute_hash = (!empty($_data['attribute_hash'])) ? $_data['attribute_hash'] : '';
           $mailbox_attrs = json_encode(
             array(
               'force_pw_update' => strval($force_pw_update),
@@ -1087,7 +1088,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               'passwd_update' => time(),
               'mailbox_format' => strval($MAILBOX_DEFAULT_ATTRIBUTES['mailbox_format']),
               'quarantine_notification' => strval($quarantine_notification),
-              'quarantine_category' => strval($quarantine_category)
+              'quarantine_category' => strval($quarantine_category),
+              'attribute_hash' => $attribute_hash
             )
           );
           if (!is_valid_domain_name($domain)) {
@@ -1223,11 +1225,14 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               );
               break;
             }
-            $stmt = $pdo->prepare("INSERT INTO `tags_mailbox` (`username`, `tag_name`) VALUES (:username, :tag_name)");
-            $stmt->execute(array(
-              ':username' => $username,
-              ':tag_name' => $tag,
-            ));
+            try {
+              $stmt = $pdo->prepare("INSERT INTO `tags_mailbox` (`username`, `tag_name`) VALUES (:username, :tag_name)");
+              $stmt->execute(array(
+                ':username' => $username,
+                ':tag_name' => $tag,
+              ));
+            } catch (Exception $e) {
+            }
           }
           $stmt = $pdo->prepare("INSERT INTO `quota2` (`username`, `bytes`, `messages`)
             VALUES (:username, '0', '0') ON DUPLICATE KEY UPDATE `bytes` = '0', `messages` = '0';");
@@ -1344,10 +1349,12 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             return false;
           }  
           
+          $attribute_hash = sha1(json_encode($mbox_template_data["attributes"]));
           $mbox_template_data = json_decode($mbox_template_data["attributes"], true);  
           $mbox_template_data['domain'] = $_data['domain'];
           $mbox_template_data['local_part'] = $_data['local_part'];
           $mbox_template_data['authsource'] = $_data['authsource'];
+          $mbox_template_data['attribute_hash'] = $attribute_hash;
           $mbox_template_data['quota'] = intval($mbox_template_data['quota'] / 1048576);
         
           $mailbox_attributes = array('acl' => array());
@@ -2921,12 +2928,17 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               (int)$sieve_access = (isset($_data['sieve_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") ? intval($_data['sieve_access']) : intval($is_now['attributes']['sieve_access']);
               (int)$relayhost = (isset($_data['relayhost']) && isset($_SESSION['acl']['mailbox_relayhost']) && $_SESSION['acl']['mailbox_relayhost'] == "1") ? intval($_data['relayhost']) : intval($is_now['attributes']['relayhost']);
               (int)$quota_m = (isset_has_content($_data['quota'])) ? intval($_data['quota']) : ($is_now['quota'] / 1048576);
-              $name       = (!empty($_data['name'])) ? ltrim(rtrim($_data['name'], '>'), '<') : $is_now['name'];
-              $domain     = $is_now['domain'];
-              $quota_b    = $quota_m * 1048576;
-              $password   = (!empty($_data['password'])) ? $_data['password'] : null;
-              $password2  = (!empty($_data['password2'])) ? $_data['password2'] : null;
-              $tags       = (is_array($_data['tags']) ? $_data['tags'] : array());
+              $name           = (!empty($_data['name'])) ? ltrim(rtrim($_data['name'], '>'), '<') : $is_now['name'];
+              $domain         = $is_now['domain'];
+              $quota_b        = $quota_m * 1048576;
+              $password       = (!empty($_data['password'])) ? $_data['password'] : null;
+              $password2      = (!empty($_data['password2'])) ? $_data['password2'] : null;
+              $tags           = (is_array($_data['tags']) ? $_data['tags'] : array());
+              $attribute_hash = (!empty($_data['attribute_hash'])) ? $_data['attribute_hash'] : '';
+              $authsource     = $is_now['authsource'];
+              if (in_array($_data['authsource'], array('mailcow', 'keycloak', 'generic-oidc'))){
+                $authsource = $_data['authsource'];
+              }
             }
             else {
               $_SESSION['return'][] = array(
@@ -3183,18 +3195,21 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                 `active` = :active,
                 `name`= :name,
                 `quota` = :quota_b,
+                `authsource` = :authsource,
                 `attributes` = JSON_SET(`attributes`, '$.force_pw_update', :force_pw_update),
                 `attributes` = JSON_SET(`attributes`, '$.sogo_access', :sogo_access),
                 `attributes` = JSON_SET(`attributes`, '$.imap_access', :imap_access),
                 `attributes` = JSON_SET(`attributes`, '$.sieve_access', :sieve_access),
                 `attributes` = JSON_SET(`attributes`, '$.pop3_access', :pop3_access),
                 `attributes` = JSON_SET(`attributes`, '$.relayhost', :relayhost),
-                `attributes` = JSON_SET(`attributes`, '$.smtp_access', :smtp_access)
+                `attributes` = JSON_SET(`attributes`, '$.smtp_access', :smtp_access),
+                `attributes` = JSON_SET(`attributes`, '$.attribute_hash', :attribute_hash)
                   WHERE `username` = :username");
             $stmt->execute(array(
               ':active' => $active,
               ':name' => $name,
               ':quota_b' => $quota_b,
+              ':attribute_hash' => $attribute_hash,
               ':force_pw_update' => $force_pw_update,
               ':sogo_access' => $sogo_access,
               ':imap_access' => $imap_access,
@@ -3202,7 +3217,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               ':sieve_access' => $sieve_access,
               ':smtp_access' => $smtp_access,
               ':relayhost' => $relayhost,
-              ':username' => $username
+              ':username' => $username,
+              ':authsource' => $authsource
             ));
             // save tags
             foreach($tags as $index => $tag){
@@ -3215,11 +3231,14 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                 );
                 break;
               }
-              $stmt = $pdo->prepare("INSERT INTO `tags_mailbox` (`username`, `tag_name`) VALUES (:username, :tag_name)");
-              $stmt->execute(array(
-                ':username' => $username,
-                ':tag_name' => $tag,
-              ));
+              try {
+                $stmt = $pdo->prepare("INSERT INTO `tags_mailbox` (`username`, `tag_name`) VALUES (:username, :tag_name)");
+                $stmt->execute(array(
+                  ':username' => $username,
+                  ':tag_name' => $tag,
+                ));
+              } catch (Exception $e) {
+              }
             }
             
             $_SESSION['return'][] = array(
@@ -3248,7 +3267,13 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             return false;
           }
 
-          $mbox_template_data = json_decode($mbox_template_data["attributes"], true);  
+          $attribute_hash = sha1(json_encode($mbox_template_data["attributes"]));
+          $is_now = mailbox('get', 'mailbox_details', $_data['username']);
+          if ($is_now['attributes']['attribute_hash'] == $attribute_hash)
+            return true;
+
+          $mbox_template_data = json_decode($mbox_template_data["attributes"], true);
+          $mbox_template_data['attribute_hash'] = $attribute_hash;
           $quarantine_attributes = array('username' => $_data['username']);
           $tls_attributes = array('username' => $_data['username']);
           $ratelimit_attributes = array('object' => $_data['username']);
diff --git a/data/web/templates/edit/mailbox.twig b/data/web/templates/edit/mailbox.twig
index d2275cdd2..c31e0f440 100644
--- a/data/web/templates/edit/mailbox.twig
+++ b/data/web/templates/edit/mailbox.twig
@@ -28,7 +28,13 @@
                   <div class="row mb-2">
                     <label class="control-label col-sm-2">{{ lang.admin.iam }}</label>
                     <div class="col-sm-10">
-                      <h4><span class="badge bg-primary">{{ result.authsource }}<i class="ms-2 bi bi-person-circle"></i></i></span></h4>
+                      <select
+                        data-style="btn btn-secondary"
+                        name="authsource" class="full-width-select form-control" required>
+                          <option value="mailcow" {% if result.authsource == "mailcow" %}selected{% endif %}>mailcow</option>
+                          <option value="keycloak" {% if result.authsource == "keycloak" %}selected{% endif %}>Keycloak</option>
+                          <option value="generic-oidc" {% if result.authsource == "generic-oidc" %}selected{% endif %}>Generic-OIDC</option>
+                      </select>
                     </div>
                   </div>
                   <div class="row mb-2">

From 37254738e207ec2ef5f2921081b6ced19703432a Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 6 Jul 2023 15:59:16 +0200
Subject: [PATCH 083/755] [Web] improve identity-provider template

---
 data/web/inc/functions.inc.php                |   2 +-
 data/web/js/site/admin.js                     |  43 ++-
 .../admin/tab-config-identity-provider.twig   | 246 +++++++++++-------
 3 files changed, 182 insertions(+), 109 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 081f26e7d..d93dc0aa3 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2126,7 +2126,7 @@ function identity_provider($_action, $_data = null, $_extra = null) {
         $_data['mailpassword_flow'] = isset($_data['mailpassword_flow']) ? intval($_data['mailpassword_flow']) : 0;
         $_data['periodic_sync'] = isset($_data['periodic_sync']) ? intval($_data['periodic_sync']) : 0;
         $_data['import_users'] = isset($_data['import_users']) ? intval($_data['import_users']) : 0;
-        $required_settings = array('authsource', 'server_url', 'realm', 'client_id', 'client_secret', 'redirect_url', 'version', 'mailpassword_flow', 'periodic_sync', 'import_users');
+        $required_settings = array('authsource', 'server_url', 'realm', 'client_id', 'client_secret', 'redirect_url', 'version', 'mailpassword_flow', 'periodic_sync', 'import_users', 'sync_interval');
       } else if ($_data['authsource'] == "generic-oidc") {
         $required_settings = array('authsource', 'authorize_url', 'token_url', 'client_id', 'client_secret', 'redirect_url', 'userinfo_url');
       }
diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index d2b206d22..3397a1a59 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -768,10 +768,10 @@ jQuery(function($){
     return mailcow_alert_box(lang_danger.iam_test_connection, 'danger');
   });
 
-  $('.iam_rolemap_add').click(async function(e){
+  $('.iam_rolemap_add_keycloak').click(async function(e){
     e.preventDefault();
 
-    var parent = $('#iam_mapping_list')
+    var parent = $('#iam_keycloak_mapping_list')
     $(parent).children().last().clone().appendTo(parent);
     var newChild = $(parent).children().last();
     $(newChild).find('input').val('');
@@ -781,17 +781,42 @@ jQuery(function($){
     $(newChild).find('select').selectpicker('destroy');
     $(newChild).find('select').selectpicker();
 
-    $('.iam_rolemap_del').off('click');
-    $('.iam_rolemap_del').click(async function(e){
+    $('.iam_keycloak_rolemap_del').off('click');
+    $('.iam_keycloak_rolemap_del').click(async function(e){
       e.preventDefault();
-      if ($(this).parent().parent().children().length > 1)
-        $(this).parent().remove();
+      if ($(this).parent().parent().parent().parent().children().length > 1)
+        $(this).parent().parent().parent().remove();
     });
   });
-  $('.iam_rolemap_del').click(async function(e){
+  $('.iam_rolemap_add_generic').click(async function(e){
     e.preventDefault();
-    if ($(this).parent().parent().children().length > 1)
-      $(this).parent().remove();
+
+    var parent = $('#iam_generic_mapping_list')
+    $(parent).children().last().clone().appendTo(parent);
+    var newChild = $(parent).children().last();
+    $(newChild).find('input').val('');
+    $(newChild).find('.dropdown-toggle').remove();
+    $(newChild).find('.dropdown-menu').remove();
+    $(newChild).find('.bs-title-option').remove();
+    $(newChild).find('select').selectpicker('destroy');
+    $(newChild).find('select').selectpicker();
+
+    $('.iam_generic_rolemap_del').off('click');
+    $('.iam_generic_rolemap_del').click(async function(e){
+      e.preventDefault();
+      if ($(this).parent().parent().parent().parent().children().length > 1)
+        $(this).parent().parent().parent().remove();
+    });
+  });
+  $('.iam_keycloak_rolemap_del').click(async function(e){
+    e.preventDefault();
+    if ($(this).parent().parent().parent().parent().children().length > 1)
+      $(this).parent().parent().parent().remove();
+  });
+  $('.iam_generic_rolemap_del').click(async function(e){
+    e.preventDefault();
+    if ($(this).parent().parent().parent().parent().children().length > 1)
+      $(this).parent().parent().parent().remove();
   });
   // selecting identity provider
   $('#iam_provider').on('change', function(){
diff --git a/data/web/templates/admin/tab-config-identity-provider.twig b/data/web/templates/admin/tab-config-identity-provider.twig
index a2aff987c..e7ba01b86 100644
--- a/data/web/templates/admin/tab-config-identity-provider.twig
+++ b/data/web/templates/admin/tab-config-identity-provider.twig
@@ -7,10 +7,10 @@
       <span class="d-none d-md-block">{{ lang.admin.iam }}</span>
     </div>
     <div id="collapse-tab-config-identity-provider" class="card-body collapse" data-bs-parent="#admin-content">
-      <p class="offset-sm-3 mb-4">{{ lang.admin.iam_description }}</p>
+      <p class="offset-sm-3 mb-4">{{ lang.admin.iam_description|raw }}</p>
       <div class="row mb-4">
-        <label class="control-label col-sm-3 text-sm-end" for="iam_realm">{{ lang.admin.iam }}:</label>
-        <div class="col-sm-4">
+        <label class="control-label col-md-3 text-sm-end" for="iam_realm">{{ lang.admin.iam }}:</label>
+        <div class="col-12 col-md-9 col-lg-4">
           <select
             data-style="btn btn-secondary"
             data-id="iam_provider"
@@ -25,26 +25,26 @@
         <form class="form-horizontal" autocapitalize="none" data-id="iam_keycloak" autocorrect="off" role="form" method="post">
           <input type="hidden" name="authsource" value="keycloak">
           <div class="row mb-2">
-            <label class="control-label col-sm-3 text-sm-end" for="iam_keycloak_url">{{ lang.admin.iam_server_url }}:</label>
-            <div class="col-sm-4">
+            <label class="control-label col-md-3 text-sm-end" for="iam_keycloak_url">{{ lang.admin.iam_server_url }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" id="iam_keycloak_url" name="server_url" value="{{ iam_settings.server_url }}" required>
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-sm-3 text-sm-end" for="iam_keycloak_realm">{{ lang.admin.iam_realm }}:</label>
-            <div class="col-sm-4">
+            <label class="control-label col-md-3 text-sm-end" for="iam_keycloak_realm">{{ lang.admin.iam_realm }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" id="iam_keycloak_realm" name="realm" value="{{ iam_settings.realm }}" required>
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-sm-3 text-sm-end" for="iam_keycloak_clientid">{{ lang.admin.iam_client_id }}:</label>
-            <div class="col-sm-4">
+            <label class="control-label col-md-3 text-sm-end" for="iam_keycloak_clientid">{{ lang.admin.iam_client_id }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" id="iam_keycloak_clientid" name="client_id" value="{{ iam_settings.client_id }}" required>
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-sm-3 text-sm-end" for="iam_keycloak_clientsecret">{{ lang.admin.iam_client_secret }}:</label>
-            <div class="col-sm-4">
+            <label class="control-label col-md-3 text-sm-end" for="iam_keycloak_clientsecret">{{ lang.admin.iam_client_secret }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
               <div class="reveal-password-input input-group">
                 <input type="password" class="password-field form-control" id="iam_keycloak_clientsecret" name="client_secret" value="{{ iam_settings.client_secret }}" required>
                 <button class="toggle-password btn btn-secondary" type="button"><i class="bi bi-eye"></i></button>
@@ -52,62 +52,82 @@
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-sm-3 text-sm-end" for="iam_keycloak_redirecturl">{{ lang.admin.iam_redirect_url }}:</label>
-            <div class="col-sm-4">
+            <label class="control-label col-md-3 text-sm-end" for="iam_keycloak_redirecturl">{{ lang.admin.iam_redirect_url }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" id="iam_keycloak_redirecturl" name="redirect_url" value="{{ iam_settings.redirect_url }}" required>
             </div>
           </div>
           <div class="row mb-4">
-            <label class="control-label col-sm-3 text-sm-end" for="iam_keycloak_version">{{ lang.admin.iam_version }}:</label>
+            <label class="control-label col-md-3 text-sm-end" for="iam_keycloak_version">{{ lang.admin.iam_version }}:</label>
             <div class="col-sm-4">
               <input type="text" class="form-control" id="iam_keycloak_version" name="version" value="{{ iam_settings.version }}" required>
             </div>
           </div>
-          <div class="row mb-4">
-            <label class="control-label col-sm-3 text-sm-end">{{ lang.admin.iam_mapping }}:</label>
-            <div class="col-4 d-flex mb-2">
-              <span class="w-100 me-2">Attribute</span>
-              <span class="w-100 ms-2">Template</span>
-              <button class="btn btn-sm d-block d-sm-inline btn-secondary ms-2 iam_rolemap_add"><i class="bi bi-plus-lg"></i></button>
-            </div>
-            <div id="iam_mapping_list">
-              {% for key, role in iam_settings.mappers %}
-              <div class="offset-sm-3 col-4 d-flex mb-2">
-                <input type="text" class="form-control me-2" name="mappers" value="{{ iam_settings.mappers[key] }}" required>
-                <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
-                {% for mbox_template in mbox_templates %}
-                  <option{% if mbox_template.template == iam_settings.templates[key] %} selected{% endif %}>
-                    {{ mbox_template.template }}
-                  </option>
-                {% endfor %}
-                </select>
-                <button class="iam_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-x-lg"></i></button>
+          <div class="row mb-2">
+            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_mapping }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
+              <div class="row px-2 align-items-center">
+                <span class="col-5 p-0 pe-2">Attribute</span>
+                <span class="col-5 p-0 pe-2">{{ lang.mailbox.template }}</span>
+                <div class="col-2 p-0 d-flex">
+                  <button class="btn btn-sm d-block d-sm-inline btn-secondary ms-auto iam_rolemap_add_keycloak"><i class="bi bi-plus-lg"></i></button>
+                </div>
               </div>
-              {% endfor %}
-              {% if not iam_settings.mappers %}
-              <div class="offset-sm-3 col-4 d-flex mb-2">
-                <input type="text" class="form-control me-2" name="mappers" value="" required>
-                <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
-                {% for mbox_template in mbox_templates %}
-                  <option>
-                    {{ mbox_template.template }}
-                  </option>
-                {% endfor %}
-                </select>
-                <button class="iam_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-x-lg"></i></button>
-              </div>
-              {% endif %}
             </div>
           </div>
+          <div class="row mb-2" id="iam_keycloak_mapping_list">
+            {% for key, role in iam_settings.mappers %}
+            <div class="offset-md-3 col-12 col-md-9 col-lg-4 mb-2">
+              <div class="row px-2">
+                <div class="col-5 p-0 pe-2">
+                  <input type="text" class="form-control me-2" name="mappers" value="{{ iam_settings.mappers[key] }}" required>
+                </div>
+                <div class="col-5 p-0 pe-2">
+                  <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
+                  {% for mbox_template in mbox_templates %}
+                    <option{% if mbox_template.template == iam_settings.templates[key] %} selected{% endif %}>
+                      {{ mbox_template.template }}
+                    </option>
+                  {% endfor %}
+                  </select>
+                </div>
+                <div class="col-2 p-0 d-flex">
+                  <button class="iam_keycloak_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-auto"><i class="bi bi-x-lg"></i></button>
+                </div>
+              </div>
+            </div>
+            {% endfor %}
+            {% if not iam_settings.mappers %}
+            <div class="offset-md-3 col-12 col-md-9 col-lg-4 d-flex mb-2">
+              <div class="row px-2">
+                <div class="col-5 p-0 pe-2">
+                  <input type="text" class="form-control me-2" name="mappers" value="" required>
+                </div>
+                <div class="col-5 p-0 pe-2">
+                  <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
+                  {% for mbox_template in mbox_templates %}
+                    <option>
+                      {{ mbox_template.template }}
+                    </option>
+                  {% endfor %}
+                  </select>
+                </div>
+                <div class="col-2 p-0 d-flex">
+                  <button class="iam_keycloak_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-x-lg"></i></button>
+                </div>
+              </div>
+            </div>
+            {% endif %}
+          </div>
           <div class="row mb-2 mt-4">
-            <label class="control-label col-sm-3 text-sm-end"></label>
-            <div class="col-sm-9">
+            <label class="control-label col-md-3 text-sm-end"></label>
+            <div class="col-12 col-md-9">
               <span>{{ lang.admin.iam_extra_permission|raw }}</span>
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-sm-3 text-sm-end">{{ lang.admin.iam_rest_flow }}</label>
-            <div class="col-sm-9">
+            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_rest_flow }}</label>
+            <div class="col-12 col-md-9">
               <div class="form-check form-switch">
                 <input class="form-check-input" type="checkbox" role="switch" name="mailpassword_flow" value="1" {% if iam_settings.mailpassword_flow == 1 %}checked{% endif %}>
               </div>
@@ -119,28 +139,34 @@
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-sm-3 text-sm-end">Periodic Full Sync</label>
-            <div class="col-sm-9">
+            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_periodic_full_sync }}</label>
+            <div class="col-12 col-md-9">
               <div class="form-check form-switch">
                 <input class="form-check-input" type="checkbox" role="switch" name="periodic_sync"  value="1" {% if iam_settings.periodic_sync == 1 %}checked{% endif %}>
               </div>
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-sm-3 text-sm-end">Import Users</label>
-            <div class="col-sm-9">
+            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_import_users }}</label>
+            <div class="col-12 col-md-9">
               <div class="form-check form-switch">
                 <input class="form-check-input" type="checkbox" role="switch" name="import_users"  value="1" {% if iam_settings.import_users == 1 %}checked{% endif %}>
               </div>
             </div>
           </div>
+          <div class="row mb-2">
+            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_sync_interval }}</label>
+            <div class="col-12 col-md-9 col-lg-4">
+              <input class="form-control" type="number" name="sync_interval" style="width: 80px;"  {% if iam_settings.sync_interval %}value="{{ iam_settings.sync_interval }}"{% else %}value="15"{% endif %}>
+            </div>
+          </div>
           <div class="row mt-4 mb-2">
-            <div class="offset-sm-3 col-sm-9 d-flex">
-              <div class="btn-group">   
+            <div class="offset-md-3 col-12 col-md-9 d-flex flex-wrap">
+              <div class="btn-group mb-2">   
                 <button class="btn btn-sm d-block d-sm-inline btn-secondary iam_test_connection iam_test_connection" data-id="iam_keycloak"><i class="bi bi-play"></i> {{ lang.admin.iam_test_connection }}</button>
                 <button class="btn btn-sm d-block d-sm-inline btn-success" data-item="identity-provider" data-action="edit_selected" data-id="iam_keycloak" data-api-url='edit/identity-provider' data-api-attr='{}'><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
               </div>
-              <button class="btn btn-sm d-block d-sm-inline btn-danger ms-auto" data-item="identity-provider" data-action="delete_selected" data-id="iam_keycloak" data-api-url='delete/identity-provider'><i class="bi bi-trash"></i> {{ lang.mailbox.remove }}</button>
+              <button class="btn btn-sm d-block d-sm-inline btn-danger ms-auto mb-2" data-item="identity-provider" data-action="delete_selected" data-id="iam_keycloak" data-api-url='delete/identity-provider'><i class="bi bi-trash"></i> {{ lang.mailbox.remove }}</button>
             </div>
           </div>
         </form>
@@ -149,32 +175,32 @@
         <form class="form-horizontal" autocapitalize="none" data-id="iam_generic" autocorrect="off" role="form" method="post">
           <input type="hidden" name="authsource" value="generic-oidc">
           <div class="row mb-2">
-            <label class="control-label col-sm-3 text-sm-end" for="iam_authorize_url">{{ lang.admin.iam_authorize_url }}:</label>
-            <div class="col-sm-4">
+            <label class="control-label col-md-3 text-sm-end" for="iam_authorize_url">{{ lang.admin.iam_authorize_url }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" id="iam_authorize_url" name="authorize_url" value="{{ iam_settings.authorize_url }}" required>
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-sm-3 text-sm-end" for="iam_token_url">{{ lang.admin.iam_token_url }}:</label>
-            <div class="col-sm-4">
+            <label class="control-label col-md-3 text-sm-end" for="iam_token_url">{{ lang.admin.iam_token_url }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" id="iam_token_url" name="token_url" value="{{ iam_settings.token_url }}" required>
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-sm-3 text-sm-end" for="iam_userinfo_url">{{ lang.admin.iam_userinfo_url }}:</label>
-            <div class="col-sm-4">
+            <label class="control-label col-md-3 text-sm-end" for="iam_userinfo_url">{{ lang.admin.iam_userinfo_url }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" id="iam_userinfo_url" name="userinfo_url" value="{{ iam_settings.userinfo_url }}" required>
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-sm-3 text-sm-end" for="iam_client_id">{{ lang.admin.iam_client_id }}:</label>
-            <div class="col-sm-4">
+            <label class="control-label col-md-3 text-sm-end" for="iam_client_id">{{ lang.admin.iam_client_id }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" id="iam_client_id" name="client_id" value="{{ iam_settings.client_id }}" required>
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-sm-3 text-sm-end" for="iam_client_secret">{{ lang.admin.iam_client_secret }}:</label>
-            <div class="col-sm-4">
+            <label class="control-label col-md-3 text-sm-end" for="iam_client_secret">{{ lang.admin.iam_client_secret }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
               <div class="reveal-password-input input-group">
                 <input type="password" class="password-field form-control" id="iam_client_secret" name="client_secret" value="{{ iam_settings.client_secret }}" required>
                 <button class="toggle-password btn btn-secondary" type="button"><i class="bi bi-eye"></i></button>
@@ -182,52 +208,74 @@
             </div>
           </div>
           <div class="row mb-4">
-            <label class="control-label col-sm-3 text-sm-end" for="iam_redirect_url">{{ lang.admin.iam_redirect_url }}:</label>
-            <div class="col-sm-4">
+            <label class="control-label col-md-3 text-sm-end" for="iam_redirect_url">{{ lang.admin.iam_redirect_url }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" id="iam_redirect_url" name="redirect_url" value="{{ iam_settings.redirect_url }}" required>
             </div>
           </div>
-          <div class="row mb-4">
-            <label class="control-label col-sm-3 text-sm-end">{{ lang.admin.iam_mapping }}:</label>
-            <div class="col-4 d-flex mb-2">
-              <span class="w-100 me-2">Attribute</span>
-              <span class="w-100 ms-2">Template</span>
-              <button class="btn btn-sm d-block d-sm-inline btn-secondary ms-2 iam_rolemap_add"><i class="bi bi-plus-lg"></i></button>
+          <div class="row mb-2">
+            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_mapping }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
+              <div class="row px-2 align-items-center">
+                <span class="col-5 p-0 pe-2">Attribute</span>
+                <span class="col-5 p-0 pe-2">Template</span>
+                <div class="col-2 p-0 d-flex">
+                  <button class="btn btn-sm d-block d-sm-inline btn-secondary ms-auto iam_rolemap_add_generic"><i class="bi bi-plus-lg"></i></button>
+                </div>
+              </div>
             </div>
+          </div>
+          <div class="row mb-2" id="iam_generic_mapping_list">
             {% for key, role in iam_settings.mappers %}
-            <div class="offset-sm-3 col-4 d-flex mb-2">
-              <input type="text" class="form-control me-2" name="mappers" value="{{ iam_settings.mappers[key] }}" required>
-              <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
-              {% for mbox_template in mbox_templates %}
-                <option{% if mbox_template.template == iam_settings.templates[key] %} selected{% endif %}>
-                  {{ mbox_template.template }}
-                </option>
-              {% endfor %}
-              </select>
-              <button class="iam_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-x-lg"></i></button>
+            <div class="offset-md-3 col-12 col-md-9 col-lg-4 mb-2">
+              <div class="row px-2">
+                <div class="col-5 p-0 pe-2">
+                  <input type="text" class="form-control me-2" name="mappers" value="{{ iam_settings.mappers[key] }}" required>
+                </div>
+                <div class="col-5 p-0 pe-2">
+                  <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
+                  {% for mbox_template in mbox_templates %}
+                    <option{% if mbox_template.template == iam_settings.templates[key] %} selected{% endif %}>
+                      {{ mbox_template.template }}
+                    </option>
+                  {% endfor %}
+                  </select>
+                </div>
+                <div class="col-2 p-0 d-flex">
+                  <button class="iam_generic_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-auto"><i class="bi bi-x-lg"></i></button>
+                </div>
+              </div>
             </div>
             {% endfor %}
             {% if not iam_settings.mappers %}
-            <div class="offset-sm-3 col-4 d-flex mb-2">
-              <input type="text" class="form-control me-2" name="mappers" value="" required>
-              <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
-              {% for mbox_template in mbox_templates %}
-                <option>
-                  {{ mbox_template.template }}
-                </option>
-              {% endfor %}
-              </select>
-              <button class="iam_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-x-lg"></i></button>
+            <div class="offset-md-3 col-12 col-md-9 col-lg-4 d-flex mb-2">
+              <div class="row px-2">
+                <div class="col-5 p-0 pe-2">
+                  <input type="text" class="form-control me-2" name="mappers" value="" required>
+                </div>
+                <div class="col-5 p-0 pe-2">
+                  <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
+                  {% for mbox_template in mbox_templates %}
+                    <option>
+                      {{ mbox_template.template }}
+                    </option>
+                  {% endfor %}
+                  </select>
+                </div>
+                <div class="col-2 p-0 d-flex">
+                  <button class="iam_generic_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-x-lg"></i></button>
+                </div>
+              </div>
             </div>
             {% endif %}
           </div>
           <div class="row mt-4 mb-2">
-            <div class="offset-sm-3 col-sm-9 d-flex">
-              <div class="btn-group">   
+            <div class="offset-md-3 col-12 col-md-9 d-flex flex-wrap">
+              <div class="btn-group mb-2">   
                 <button class="btn btn-sm d-block d-sm-inline btn-secondary iam_test_connection" data-id="iam_generic"><i class="bi bi-play"></i> {{ lang.admin.iam_test_connection }}</button>
                 <button class="btn btn-sm d-block d-sm-inline btn-success" data-item="identity-provider" data-action="edit_selected" data-id="iam_generic" data-api-url='edit/identity-provider' data-api-attr='{}'><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
               </div>
-              <button class="btn btn-sm d-block d-sm-inline btn-danger ms-auto" data-item="identity-provider" data-action="delete_selected" data-id="iam_generic" data-api-url='delete/identity-provider'><i class="bi bi-trash"></i> {{ lang.mailbox.remove }}</button>
+              <button class="btn btn-sm d-block d-sm-inline btn-danger ms-auto mb-2" data-item="identity-provider" data-action="delete_selected" data-id="iam_generic" data-api-url='delete/identity-provider'><i class="bi bi-trash"></i> {{ lang.mailbox.remove }}</button>
             </div>
           </div>
         </form>

From 3179c0e712258b8a9e2149b78aa9a31d5d35ca1a Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 6 Jul 2023 16:00:26 +0200
Subject: [PATCH 084/755] [Dovecot] mailcowauth minor fixes

---
 data/conf/dovecot/auth/mailcowauth.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/data/conf/dovecot/auth/mailcowauth.php b/data/conf/dovecot/auth/mailcowauth.php
index fa505d709..0adb5d45a 100644
--- a/data/conf/dovecot/auth/mailcowauth.php
+++ b/data/conf/dovecot/auth/mailcowauth.php
@@ -18,7 +18,6 @@ if (file_exists('../../../web/inc/vars.local.inc.php')) {
 }
 require_once '../../../web/inc/lib/vendor/autoload.php';
 
-// Do not show errors, we log to using error_log
 ini_set('error_reporting', 0);
 // Init database
 //$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
@@ -32,8 +31,8 @@ try {
   $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
 }
 catch (PDOException $e) {
-  error_log("MAILCOWAUTH: " . $e . PHP_EOL);
-  http_response_code(501);
+  $return = array("success" => false, "role" => '');
+  echo json_encode($return); 
   exit;
 }
 
@@ -48,7 +47,9 @@ $iam_provider = identity_provider('init');
 $result = check_login($post['username'], $post['password'], $post['protocol'], true);
 if ($result) {
   $return = array("success" => true, "role" => $result);
+} else {
+  $return = array("success" => false, "role" => '');
 }
 
 echo json_encode($return); 
-exit();
+exit;

From 8ce4600562c2571168cfb6a43977affbdba780c6 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 6 Jul 2023 16:00:51 +0200
Subject: [PATCH 085/755] [Web] update lang files

---
 data/web/lang/lang.de-de.json | 1 +
 data/web/lang/lang.en-gb.json | 6 +++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 3813871ce..fd3442132 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -317,6 +317,7 @@
         "subject": "Betreff",
         "success": "Erfolg",
         "sys_mails": "System-E-Mails",
+        "task": "Aufgabe",
         "text": "Text",
         "time": "Zeit",
         "title": "Title",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 748d9bf7d..391ad58b5 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -217,14 +217,17 @@
         "iam_auth_flow_info": "In addition to the Authorization Code Flow (Standard Flow in Keycloak), which is used for Single-Sign On login, mailcow also supports Authentication Flow with direct Credentials. The Mailpassword Flow attempts to validate the user's credentials by using the Keycloak Admin REST API. mailcow retrieves the hashed password from the <code>mailcow_password</code> attribute, which is mapped in Keycloak.",
         "iam_client_id": "Client ID",
         "iam_client_secret": "Client Secret",
-        "iam_description": "Here, you can configure the integration with an external Keycloak service. The Keycloak user's mailboxes will be automatically created upon their first login, provided that a attribute mapping has been set.",
+        "iam_description": "Configure an external OIDC Provider for Authentication<br>User's mailboxes will be automatically created upon their first login, provided that an attribute mapping has been set.",
         "iam_extra_permission": "For the following settings to work, the mailcow client in Keycloak needs a <code>Service account</code> and the permission to <code>view-users</code>.",
+        "iam_import_users": "Import Users",
         "iam_mapping": "Attribute Mapping",
+        "iam_periodic_full_sync": "Periodic Full Sync",
         "iam_realm": "Realm",
         "iam_redirect_url": "Redirect Url",
         "iam_rest_flow": "Mailpassword Flow",
         "iam_server_url": "Server Url",
         "iam_sso": "SSO",
+        "iam_sync_interval": "Sync / Import interval (min)",
         "iam_test_connection": "Test Connection",
         "iam_token_url": "Token endpoint",
         "iam_userinfo_url": "User info endpoint",
@@ -344,6 +347,7 @@
         "subject": "Subject",
         "success": "Success",
         "sys_mails": "System mails",
+        "task": "Task",
         "text": "Text",
         "time": "Time",
         "title": "Title",

From 6df663825aaecdb05b2dcda3d27882f1397eee85 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 7 Jul 2023 08:52:54 +0200
Subject: [PATCH 086/755] [Web] add curl timeouts to oidc requests

---
 data/web/inc/functions.auth.inc.php |  7 +++++++
 data/web/inc/functions.inc.php      | 16 ++++++++++++----
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index f7a2a3519..db0da00d0 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -299,6 +299,7 @@ function keycloak_mbox_login_rest($user, $pass, $iam_settings, $is_internal = fa
   $queryParams = array('email' => $user, 'exact' => true);
   $queryString = http_build_query($queryParams);
   $curl = curl_init();
+  curl_setopt($curl, CURLOPT_TIMEOUT, 7);
   curl_setopt($curl, CURLOPT_URL, $url . '?' . $queryString);
   curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
   curl_setopt($curl, CURLOPT_HTTPHEADER, array(
@@ -311,6 +312,12 @@ function keycloak_mbox_login_rest($user, $pass, $iam_settings, $is_internal = fa
   if ($code != 200) {
     return false;
   }
+  if (!isset($user_res['attributes']['mailcow_password']) || !is_array($user_res['attributes']['mailcow_password'])){
+    return false;
+  }
+  if (empty($user_res['attributes']['mailcow_password'][0])){
+    return false;
+  }
 
   // validate mailcow_password
   $mailcow_password = $user_res['attributes']['mailcow_password'][0];
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index d93dc0aa3..a7063fa2c 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2123,12 +2123,17 @@ function identity_provider($_action, $_data = null, $_extra = null) {
       }
 
       if ($_data['authsource'] == "keycloak") {
+        $_data['server_url']        = (!empty($_data['server_url'])) ? rtrim($_data['server_url'], '/') : null;
         $_data['mailpassword_flow'] = isset($_data['mailpassword_flow']) ? intval($_data['mailpassword_flow']) : 0;
-        $_data['periodic_sync'] = isset($_data['periodic_sync']) ? intval($_data['periodic_sync']) : 0;
-        $_data['import_users'] = isset($_data['import_users']) ? intval($_data['import_users']) : 0;
-        $required_settings = array('authsource', 'server_url', 'realm', 'client_id', 'client_secret', 'redirect_url', 'version', 'mailpassword_flow', 'periodic_sync', 'import_users', 'sync_interval');
+        $_data['periodic_sync']     = isset($_data['periodic_sync']) ? intval($_data['periodic_sync']) : 0;
+        $_data['import_users']      = isset($_data['import_users']) ? intval($_data['import_users']) : 0;
+        $_data['sync_interval']     = isset($_data['sync_interval']) ? intval($_data['sync_interval']) : 15;
+        $required_settings          = array('authsource', 'server_url', 'realm', 'client_id', 'client_secret', 'redirect_url', 'version', 'mailpassword_flow', 'periodic_sync', 'import_users', 'sync_interval');
       } else if ($_data['authsource'] == "generic-oidc") {
-        $required_settings = array('authsource', 'authorize_url', 'token_url', 'client_id', 'client_secret', 'redirect_url', 'userinfo_url');
+        $_data['authorize_url']     = (!empty($_data['authorize_url'])) ? rtrim($_data['authorize_url'], '/') : null;
+        $_data['token_url']         = (!empty($_data['token_url'])) ? rtrim($_data['token_url'], '/') : null;
+        $_data['userinfo_url']      = (!empty($_data['userinfo_url'])) ? rtrim($_data['userinfo_url'], '/') : null;
+        $required_settings          = array('authsource', 'authorize_url', 'token_url', 'client_id', 'client_secret', 'redirect_url', 'userinfo_url');
       }
       
       $pdo->beginTransaction();
@@ -2206,6 +2211,7 @@ function identity_provider($_action, $_data = null, $_extra = null) {
       ));
       $curl = curl_init();
       curl_setopt($curl, CURLOPT_URL, $url);
+      curl_setopt($curl, CURLOPT_TIMEOUT, 7);
       curl_setopt($curl, CURLOPT_POST, 1);
       curl_setopt($curl, CURLOPT_POSTFIELDS, $req);
       curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
@@ -2413,6 +2419,7 @@ function identity_provider($_action, $_data = null, $_extra = null) {
         ));
         $curl = curl_init();
         curl_setopt($curl, CURLOPT_URL, $url);
+        curl_setopt($curl, CURLOPT_TIMEOUT, 7);
         curl_setopt($curl, CURLOPT_POST, 1);
         curl_setopt($curl, CURLOPT_POSTFIELDS, $req);
         curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
@@ -2435,6 +2442,7 @@ function identity_provider($_action, $_data = null, $_extra = null) {
       ));
       $curl = curl_init();
       curl_setopt($curl, CURLOPT_URL, $url);
+      curl_setopt($curl, CURLOPT_TIMEOUT, 7);
       curl_setopt($curl, CURLOPT_POST, 1);
       curl_setopt($curl, CURLOPT_POSTFIELDS, $req);
       curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));

From 21fa3c845889b82fa7807f8b6a9b8ef1ee6e0584 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 7 Jul 2023 09:30:32 +0200
Subject: [PATCH 087/755] [Web] remove unnecessary if block

---
 data/web/inc/functions.auth.inc.php | 45 ++++++++++++++---------------
 1 file changed, 21 insertions(+), 24 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index db0da00d0..1df5f690a 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -182,37 +182,34 @@ function mailcow_mbox_login($user, $pass, $app_passwd_data = false, $is_internal
   foreach ($rows as $row) { 
     // verify password
     if (verify_hash($row['password'], $pass) !== false) {
-      if (!array_key_exists("app_passwd_id", $row)){ 
-        // password is not a app password
-        // check for tfa authenticators
-        $authenticators = get_tfa($user);
-        if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$is_internal) {
-          // authenticators found, init TFA flow
-          $_SESSION['pending_mailcow_cc_username'] = $user;
-          $_SESSION['pending_mailcow_cc_role'] = "user";
-          $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
+      // check for tfa authenticators
+      $authenticators = get_tfa($user);
+      if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$is_internal) {
+        // authenticators found, init TFA flow
+        $_SESSION['pending_mailcow_cc_username'] = $user;
+        $_SESSION['pending_mailcow_cc_role'] = "user";
+        $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
+        unset($_SESSION['ldelay']);
+        $_SESSION['return'][] =  array(
+          'type' => 'success',
+          'log' => array(__FUNCTION__, $user, '*'),
+          'msg' => array('logged_in_as', $user)
+        );
+        return "pending";
+      } else if (!isset($authenticators['additional']) || !is_array($authenticators['additional']) || count($authenticators['additional']) == 0) {
+        // no authenticators found, login successfull
+        if (!$is_internal){
           unset($_SESSION['ldelay']);
+          // Reactivate TFA if it was set to "deactivate TFA for next login"
+          $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
+          $stmt->execute(array(':user' => $user));
           $_SESSION['return'][] =  array(
             'type' => 'success',
             'log' => array(__FUNCTION__, $user, '*'),
             'msg' => array('logged_in_as', $user)
           );
-          return "pending";
-        } else if (!isset($authenticators['additional']) || !is_array($authenticators['additional']) || count($authenticators['additional']) == 0) {
-          // no authenticators found, login successfull
-          if (!$is_internal){
-            unset($_SESSION['ldelay']);
-            // Reactivate TFA if it was set to "deactivate TFA for next login"
-            $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
-            $stmt->execute(array(':user' => $user));
-            $_SESSION['return'][] =  array(
-              'type' => 'success',
-              'log' => array(__FUNCTION__, $user, '*'),
-              'msg' => array('logged_in_as', $user)
-            );
-          }
-          return "user";
         }
+        return "user";
       }
     }
   }

From 6d3a32c1d9486e5a40994e03a5c6bfa3ab81655b Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 7 Jul 2023 09:46:04 +0200
Subject: [PATCH 088/755] [Web] trim CRON_LOG

---
 data/Dockerfiles/dovecot/trim_logs.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/Dockerfiles/dovecot/trim_logs.sh b/data/Dockerfiles/dovecot/trim_logs.sh
index 9b0824e1c..6b14c0c76 100755
--- a/data/Dockerfiles/dovecot/trim_logs.sh
+++ b/data/Dockerfiles/dovecot/trim_logs.sh
@@ -23,3 +23,4 @@ catch_non_zero "${REDIS_CMDLINE} LTRIM AUTODISCOVER_LOG 0 ${LOG_LINES}"
 catch_non_zero "${REDIS_CMDLINE} LTRIM API_LOG 0 ${LOG_LINES}"
 catch_non_zero "${REDIS_CMDLINE} LTRIM RL_LOG 0 ${LOG_LINES}"
 catch_non_zero "${REDIS_CMDLINE} LTRIM WATCHDOG_LOG 0 ${LOG_LINES}"
+catch_non_zero "${REDIS_CMDLINE} LTRIM CRON_LOG 0 ${LOG_LINES}"

From 43600cd127708319e0e79f9e503358d55bacfd25 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 28 Jul 2023 15:35:09 +0200
Subject: [PATCH 089/755] [Web] fix identity-provider settings layout

---
 .../web/templates/admin/tab-config-identity-provider.twig | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/data/web/templates/admin/tab-config-identity-provider.twig b/data/web/templates/admin/tab-config-identity-provider.twig
index e7ba01b86..c3d9181e0 100644
--- a/data/web/templates/admin/tab-config-identity-provider.twig
+++ b/data/web/templates/admin/tab-config-identity-provider.twig
@@ -98,7 +98,7 @@
             </div>
             {% endfor %}
             {% if not iam_settings.mappers %}
-            <div class="offset-md-3 col-12 col-md-9 col-lg-4 d-flex mb-2">
+            <div class="offset-md-3 col-12 col-md-9 col-lg-4 mb-2">
               <div class="row px-2">
                 <div class="col-5 p-0 pe-2">
                   <input type="text" class="form-control me-2" name="mappers" value="" required>
@@ -113,7 +113,7 @@
                   </select>
                 </div>
                 <div class="col-2 p-0 d-flex">
-                  <button class="iam_keycloak_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-x-lg"></i></button>
+                  <button class="iam_keycloak_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-auto"><i class="bi bi-x-lg"></i></button>
                 </div>
               </div>
             </div>
@@ -248,7 +248,7 @@
             </div>
             {% endfor %}
             {% if not iam_settings.mappers %}
-            <div class="offset-md-3 col-12 col-md-9 col-lg-4 d-flex mb-2">
+            <div class="offset-md-3 col-12 col-md-9 col-lg-4 mb-2">
               <div class="row px-2">
                 <div class="col-5 p-0 pe-2">
                   <input type="text" class="form-control me-2" name="mappers" value="" required>
@@ -263,7 +263,7 @@
                   </select>
                 </div>
                 <div class="col-2 p-0 d-flex">
-                  <button class="iam_generic_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-2"><i class="bi bi-x-lg"></i></button>
+                  <button class="iam_generic_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-auto"><i class="bi bi-x-lg"></i></button>
                 </div>
               </div>
             </div>

From 17b6ac331305e9f4a9b81c144969263c15f6a47d Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 28 Jul 2023 15:36:48 +0200
Subject: [PATCH 090/755] [Web] allow mailbox authsource to be switchable

---
 data/web/edit.php                    | 4 +++-
 data/web/templates/edit/mailbox.twig | 4 ++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/data/web/edit.php b/data/web/edit.php
index 83ae1467e..f13bc28d2 100644
--- a/data/web/edit.php
+++ b/data/web/edit.php
@@ -118,6 +118,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
         $quarantine_category = mailbox('get', 'quarantine_category', $mailbox);
         $get_tls_policy = mailbox('get', 'tls_policy', $mailbox);
         $rlyhosts = relayhost('get');
+        $iam_settings = identity_provider('get');
         $template = 'edit/mailbox.twig';
         $template_data = [
           'acl' => $_SESSION['acl'],
@@ -130,7 +131,8 @@ if (isset($_SESSION['mailcow_cc_role'])) {
           'rlyhosts' => $rlyhosts,
           'sender_acl_handles' => mailbox('get', 'sender_acl_handles', $mailbox),
           'user_acls' => acl('get', 'user', $mailbox),
-          'mailbox_details' => $result
+          'mailbox_details' => $result,
+          'iam_settings' => $iam_settings,
         ];
       }
     }
diff --git a/data/web/templates/edit/mailbox.twig b/data/web/templates/edit/mailbox.twig
index c31e0f440..b3ac8223b 100644
--- a/data/web/templates/edit/mailbox.twig
+++ b/data/web/templates/edit/mailbox.twig
@@ -32,8 +32,12 @@
                         data-style="btn btn-secondary"
                         name="authsource" class="full-width-select form-control" required>
                           <option value="mailcow" {% if result.authsource == "mailcow" %}selected{% endif %}>mailcow</option>
+                          {% if iam_settings.authsource == 'keycloak' %}
                           <option value="keycloak" {% if result.authsource == "keycloak" %}selected{% endif %}>Keycloak</option>
+                          {% endif %}
+                          {% if iam_settings.authsource == 'generic-oidc' %}
                           <option value="generic-oidc" {% if result.authsource == "generic-oidc" %}selected{% endif %}>Generic-OIDC</option>
+                          {% endif %}
                       </select>
                     </div>
                   </div>

From 7b4715947889b051fba6464e8c5470fbc04122ab Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Sun, 30 Jul 2023 10:07:56 +0200
Subject: [PATCH 091/755] rework auth - move dovecot sasl log to php

---
 data/Dockerfiles/dovecot/docker-entrypoint.sh |  57 +--
 data/conf/dovecot/auth/mailcowauth.php        |  39 +-
 data/web/inc/functions.auth.inc.php           | 363 ++++++++++--------
 3 files changed, 236 insertions(+), 223 deletions(-)

diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index a2a4554bc..673452267 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -138,18 +138,17 @@ function auth_password_verify(request, password)
   ltn12 = require "ltn12"
   https = require "ssl.https"
   https.TIMEOUT = 5
-  mysql = require "luasql.mysql"
-  env  = mysql.mysql()
-  con = env:connect("__DBNAME__","__DBUSER__","__DBPASS__","localhost")
 
   local req = {
     username = request.user,
-    password = password
+    password = password,
+    real_rip = request.real_rip,
+    protocol = {}
   }
+  req.protocol[request.service] = true
   local req_json = json.encode(req)
   local res = {} 
   
-  -- check against mailbox passwds
   local b, c = https.request {
     method = "POST",
     url = "https://nginx:9082",
@@ -162,48 +161,10 @@ function auth_password_verify(request, password)
     insecure = true
   }
   local api_response = json.decode(table.concat(res))
-  if api_response.role == 'user' then
-    con:execute(string.format([[REPLACE INTO sasl_log (service, app_password, username, real_rip)
-      VALUES ("%s", 0, "%s", "%s")]], con:escape(request.service), con:escape(request.user), con:escape(request.real_rip)))
-    con:close()
-    return dovecot.auth.PASSDB_RESULT_OK, "password=" .. password
-  end
-
-  
-  -- check against app passwds for imap and smtp
-  -- app passwords are only available for imap, smtp, sieve and pop3 when using sasl
-  if request.service == "smtp" or request.service == "imap" or request.service == "sieve" or request.service == "pop3" then
-    skip_sasl_log = false
-    req.protocol = {}
-    if tostring(req.real_rip) ~= "__IPV4_SOGO__" then
-      skip_sasl_log = true
-      req.protocol[request.service] = true
-    end
-    req_json = json.encode(req)
-
-    local b, c = https.request {
-      method = "POST",
-      url = "https://nginx:9082",
-      source = ltn12.source.string(req_json),
-      headers = {
-        ["content-type"] = "application/json",
-        ["content-length"] = tostring(#req_json)
-      },
-      sink = ltn12.sink.table(res),
-      insecure = true
-    }
-    local api_response = json.decode(table.concat(res))
-    if api_response.role == 'user' then
-      if skip_sasl_log == false then
-        con:execute(string.format([[REPLACE INTO sasl_log (service, app_password, username, real_rip)
-          VALUES ("%s", %d, "%s", "%s")]], con:escape(req.service), row.id, con:escape(req.user), con:escape(req.real_rip)))
-      end
-      con:close()
-      return dovecot.auth.PASSDB_RESULT_OK, "password=" .. password
-    end
+  if api_response.success == true then
+    return dovecot.auth.PASSDB_RESULT_OK, ""
   end
   
-  con:close()
   return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, "Failed to authenticate"
 end
 
@@ -212,12 +173,6 @@ function auth_passdb_lookup(req)
 end
 EOF
 
-# Replace patterns in app-passdb.lua
-sed -i "s/__DBUSER__/${DBUSER}/g" /etc/dovecot/auth/passwd-verify.lua
-sed -i "s/__DBPASS__/${DBPASS}/g" /etc/dovecot/auth/passwd-verify.lua
-sed -i "s/__DBNAME__/${DBNAME}/g" /etc/dovecot/auth/passwd-verify.lua
-sed -i "s/__IPV4_SOGO__/${IPV4_NETWORK}.248/g" /etc/dovecot/auth/passwd-verify.lua
-
 
 # Migrate old sieve_after file
 [[ -f /etc/dovecot/sieve_after ]] && mv /etc/dovecot/sieve_after /etc/dovecot/global_sieve_after
diff --git a/data/conf/dovecot/auth/mailcowauth.php b/data/conf/dovecot/auth/mailcowauth.php
index 0adb5d45a..e38abd82b 100644
--- a/data/conf/dovecot/auth/mailcowauth.php
+++ b/data/conf/dovecot/auth/mailcowauth.php
@@ -1,4 +1,5 @@
 <?php
+ini_set('error_reporting', 0);
 header('Content-Type: application/json');
 
 $post = trim(file_get_contents('php://input'));
@@ -6,8 +7,11 @@ if ($post) {
   $post = json_decode($post, true);
 }
 
-$return = array("success" => false, "role" => false);
-if(!isset($post['username']) || !isset($post['password'])){
+
+$return = array("success" => false);
+if(!isset($post['username']) || !isset($post['password']) || !isset($post['real_rip'])){
+  error_log("MAILCOWAUTH: Bad Request");
+  http_response_code(400); // Bad Request
   echo json_encode($return); 
   exit();
 }
@@ -18,9 +22,7 @@ if (file_exists('../../../web/inc/vars.local.inc.php')) {
 }
 require_once '../../../web/inc/lib/vendor/autoload.php';
 
-ini_set('error_reporting', 0);
 // Init database
-//$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
 $dsn = $database_type . ":unix_socket=" . $database_sock . ";dbname=" . $database_name;
 $opt = [
     PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
@@ -31,7 +33,8 @@ try {
   $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
 }
 catch (PDOException $e) {
-  $return = array("success" => false, "role" => '');
+  error_log("MAILCOWAUTH: " . $e . PHP_EOL);
+  http_response_code(500); // Internal Server Error
   echo json_encode($return); 
   exit;
 }
@@ -44,12 +47,28 @@ require_once 'sessions.inc.php';
 // Init provider
 $iam_provider = identity_provider('init');
 
-$result = check_login($post['username'], $post['password'], $post['protocol'], true);
-if ($result) {
-  $return = array("success" => true, "role" => $result);
-} else {
-  $return = array("success" => false, "role" => '');
+
+$protocol = $post['protocol'];
+if ($post['real_rip'] == getenv('IPV4_NETWORK') . '.248') {
+  $protocol = null;
+}
+$result = user_login($post['username'], $post['password'], $protocol, array('is_internal' => true));
+if ($result === false){
+  $result = apppass_login($post['username'], $post['password'], $protocol, array(
+    'is_internal' => true,
+    'remote_addr' => $post['real_rip']
+  ));
 }
 
+if ($result) {
+  http_response_code(200); // OK
+  $return['success'] = true;
+} else {
+  error_log("MAILCOWAUTH: Login failed for user " . $post['username']);
+  http_response_code(401); // Unauthorized
+}
+
+
 echo json_encode($return); 
+session_destroy();
 exit;
diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 1df5f690a..6cc0166f1 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -1,64 +1,29 @@
 <?php
-function check_login($user, $pass, $app_passwd_data = false, $is_internal = false) {
+function check_login($user, $pass, $app_passwd_data = false, $extra = null) {
   global $pdo;
   global $redis;
+  
+  $is_internal = $extra['is_internal'];
 
-  if (!filter_var($user, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) {
-    $_SESSION['return'][] =  array(
-      'type' => 'danger',
-      'log' => array(__FUNCTION__, $user, '*'),
-      'msg' => 'malformed_username'
-    );
-    return false;
-  }
-
-  // Validate admin
-  $result = mailcow_admin_login($user, $pass);
+  // Try validate admin
+  $result = admin_login($user, $pass);
   if ($result !== false) return $result;
 
-  // Validate domain admin
-  $result = mailcow_domainadmin_login($user, $pass);
+  // Try validate domain admin
+  $result = domainadmin_login($user, $pass);
   if ($result !== false) return $result;
 
-  // Validate mailbox user
-  // check authsource
-  $stmt = $pdo->prepare("SELECT authsource, mailbox.active AS mailbox_active, domain.active AS domain_active FROM `mailbox`
-      INNER JOIN domain on mailbox.domain = domain.domain
-      WHERE `kind` NOT REGEXP 'location|thing|group'
-        AND `username` = :user");
-  $stmt->execute(array(':user' => $user));
-  $row = $stmt->fetch(PDO::FETCH_ASSOC);
-  if (!$row && $row['domain_active'] == 1){
-    // mbox does not exist, call keycloak login and create mbox if possible via rest flow
-    $iam_settings = identity_provider('get');
-    if ($iam_settings['authsource'] == 'keycloak' && intval($iam_settings['mailboxpassword_flow']) == 1){
-      $result = keycloak_mbox_login_rest($user, $pass, $iam_settings, $is_internal, true);
-      if ($result !== false) return $result;
-    }
-  } else if ($row && $row['mailbox_active'] == 1 && $row['domain_active'] == 1) {
-    // mbox does exist and is active
-    if (isset($app_passwd_data)){
-      // first check if password is app_password
-      $result = mailcow_mbox_apppass_login($user, $pass, $app_passwd_data, $is_internal);
-      if ($result !== false) return $result;
-    }
+  // Try validate user
+  $result = user_login($user, $pass);
+  if ($result !== false) return $result;
 
-    if ($row['authsource'] == 'mailcow') {
-      // mbox authsource is mailcow
-      $result = mailcow_mbox_login($user, $pass, $app_passwd_data, $is_internal);
-      if ($result !== false) return $result;
-    } else if ($row['authsource'] == 'keycloak'){
-      // mbox authsource is keycloak, try using via rest flow
-      $iam_settings = identity_provider('get');
-      if (intval($iam_settings['mailboxpassword_flow']) == 1){
-        $result = keycloak_mbox_login_rest($user, $pass, $iam_settings, $is_internal);
-        if ($result !== false) return $result;
-      }
-    }
-  }
+  // Try validate app password
+  $result = apppass_login($user, $pass, $app_passwd_data);
+  if ($result !== false) return $result;
 
   // skip log and only return false if it's an internal request
   if ($is_internal == true) return false;
+
   if (!isset($_SESSION['ldelay'])) {
     $_SESSION['ldelay'] = "0";
     $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
@@ -79,77 +44,175 @@ function check_login($user, $pass, $app_passwd_data = false, $is_internal = fals
   return false;
 }
 
-function mailcow_admin_login($user, $pass){
+function admin_login($user, $pass){
   global $pdo;
 
+  if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) {
+    $_SESSION['return'][] =  array(
+      'type' => 'danger',
+      'log' => array(__FUNCTION__, $user, '*'),
+      'msg' => 'malformed_username'
+    );
+    return false;
+  }
+
   $user = strtolower(trim($user));
   $stmt = $pdo->prepare("SELECT `password` FROM `admin`
       WHERE `superadmin` = '1'
       AND `active` = '1'
       AND `username` = :user");
   $stmt->execute(array(':user' => $user));
-  $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-  foreach ($rows as $row) {
-    // verify password
-    if (verify_hash($row['password'], $pass)) {
-      // check for tfa authenticators
-      $authenticators = get_tfa($user);
-      if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) {
-        // active tfa authenticators found, set pending user login
-        $_SESSION['pending_mailcow_cc_username'] = $user;
-        $_SESSION['pending_mailcow_cc_role'] = "admin";
-        $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
-        unset($_SESSION['ldelay']);
-        $_SESSION['return'][] =  array(
-          'type' => 'info',
-          'log' => array(__FUNCTION__, $user, '*'),
-          'msg' => 'awaiting_tfa_confirmation'
-        );
-        return "pending";
-      } else {
-        unset($_SESSION['ldelay']);
-        // Reactivate TFA if it was set to "deactivate TFA for next login"
-        $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
-        $stmt->execute(array(':user' => $user));
-        $_SESSION['return'][] =  array(
-          'type' => 'success',
-          'log' => array(__FUNCTION__, $user, '*'),
-          'msg' => array('logged_in_as', $user)
-        );
-        return "admin";
-      }
+  $row = $stmt->fetch(PDO::FETCH_ASSOC);
+
+  // verify password
+  if (verify_hash($row['password'], $pass)) {
+    // check for tfa authenticators
+    $authenticators = get_tfa($user);
+    if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) {
+      // active tfa authenticators found, set pending user login
+      $_SESSION['pending_mailcow_cc_username'] = $user;
+      $_SESSION['pending_mailcow_cc_role'] = "admin";
+      $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
+      unset($_SESSION['ldelay']);
+      $_SESSION['return'][] =  array(
+        'type' => 'info',
+        'log' => array(__FUNCTION__, $user, '*'),
+        'msg' => 'awaiting_tfa_confirmation'
+      );
+      return "pending";
+    } else {
+      unset($_SESSION['ldelay']);
+      // Reactivate TFA if it was set to "deactivate TFA for next login"
+      $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
+      $stmt->execute(array(':user' => $user));
+      $_SESSION['return'][] =  array(
+        'type' => 'success',
+        'log' => array(__FUNCTION__, $user, '*'),
+        'msg' => array('logged_in_as', $user)
+      );
+      return "admin";
     }
   }
 
   return false;
 }
-function mailcow_domainadmin_login($user, $pass){
+function domainadmin_login($user, $pass){
   global $pdo;
 
+  if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) {
+    $_SESSION['return'][] =  array(
+      'type' => 'danger',
+      'log' => array(__FUNCTION__, $user, '*'),
+      'msg' => 'malformed_username'
+    );
+    return false;
+  }
+
   $stmt = $pdo->prepare("SELECT `password` FROM `admin`
       WHERE `superadmin` = '0'
       AND `active`='1'
       AND `username` = :user");
   $stmt->execute(array(':user' => $user));
-  $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-  foreach ($rows as $row) {
-    // verify password
-    if (verify_hash($row['password'], $pass) !== false) {
-      // check for tfa authenticators
-      $authenticators = get_tfa($user);
-      if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) {
-        $_SESSION['pending_mailcow_cc_username'] = $user;
-        $_SESSION['pending_mailcow_cc_role'] = "domainadmin";
-        $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
-        unset($_SESSION['ldelay']);
-        $_SESSION['return'][] =  array(
-          'type' => 'info',
-          'log' => array(__FUNCTION__, $user, '*'),
-          'msg' => 'awaiting_tfa_confirmation'
-        );
-        return "pending";
-      }
-      else {
+  $row = $stmt->fetch(PDO::FETCH_ASSOC);
+
+  // verify password
+  if (verify_hash($row['password'], $pass) !== false) {
+    // check for tfa authenticators
+    $authenticators = get_tfa($user);
+    if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) {
+      $_SESSION['pending_mailcow_cc_username'] = $user;
+      $_SESSION['pending_mailcow_cc_role'] = "domainadmin";
+      $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
+      unset($_SESSION['ldelay']);
+      $_SESSION['return'][] =  array(
+        'type' => 'info',
+        'log' => array(__FUNCTION__, $user, '*'),
+        'msg' => 'awaiting_tfa_confirmation'
+      );
+      return "pending";
+    }
+    else {
+      unset($_SESSION['ldelay']);
+      // Reactivate TFA if it was set to "deactivate TFA for next login"
+      $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
+      $stmt->execute(array(':user' => $user));
+      $_SESSION['return'][] =  array(
+        'type' => 'success',
+        'log' => array(__FUNCTION__, $user, '*'),
+        'msg' => array('logged_in_as', $user)
+      );
+      return "domainadmin";
+    }
+  }
+
+  return false;
+}
+function user_login($user, $pass, $extra = null){
+  global $pdo;
+
+  $is_internal = $extra['is_internal'];
+
+  if (!filter_var($user, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) {
+    if (!$is_internal){
+      $_SESSION['return'][] =  array(
+        'type' => 'danger',
+        'log' => array(__FUNCTION__, $user, '*'),
+        'msg' => 'malformed_username'
+      );
+    }
+    return false;
+  }
+
+  $stmt = $pdo->prepare("SELECT * FROM `mailbox`
+      INNER JOIN domain on mailbox.domain = domain.domain
+      WHERE `kind` NOT REGEXP 'location|thing|group'
+        AND `domain`.`active`='1'
+        AND `username` = :user");
+  $stmt->execute(array(':user' => $user));
+  $row = $stmt->fetch(PDO::FETCH_ASSOC);
+
+  // user does not exist, try call keycloak login and create user if possible via rest flow
+  if (!$row){
+    $iam_settings = identity_provider('get');
+    if ($iam_settings['authsource'] == 'keycloak' && intval($iam_settings['mailboxpassword_flow']) == 1){
+      $result = keycloak_mbox_login_rest($user, $pass, $iam_settings, array('is_internal' => $is_internal, 'create' => true));
+      if ($result !== false) return $result;
+    }
+  } 
+  if ($row['active'] != 1) {
+    return false;
+  }
+
+  if ($row['authsource'] == 'keycloak'){
+    // user authsource is keycloak, try using via rest flow
+    $iam_settings = identity_provider('get');
+    if (intval($iam_settings['mailboxpassword_flow']) == 1){
+      $result = keycloak_mbox_login_rest($user, $pass, $iam_settings, array('is_internal' => $is_internal));
+      return $result;
+    } else {
+      return false;
+    }
+  }
+ 
+  // verify password
+  if (verify_hash($row['password'], $pass) !== false) {
+    // check for tfa authenticators
+    $authenticators = get_tfa($user);
+    if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$is_internal) {
+      // authenticators found, init TFA flow
+      $_SESSION['pending_mailcow_cc_username'] = $user;
+      $_SESSION['pending_mailcow_cc_role'] = "user";
+      $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
+      unset($_SESSION['ldelay']);
+      $_SESSION['return'][] =  array(
+        'type' => 'success',
+        'log' => array(__FUNCTION__, $user, '*'),
+        'msg' => array('logged_in_as', $user)
+      );
+      return "pending";
+    } else if (!isset($authenticators['additional']) || !is_array($authenticators['additional']) || count($authenticators['additional']) == 0) {
+      // no authenticators found, login successfull
+      if (!$is_internal){
         unset($_SESSION['ldelay']);
         // Reactivate TFA if it was set to "deactivate TFA for next login"
         $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
@@ -159,66 +222,29 @@ function mailcow_domainadmin_login($user, $pass){
           'log' => array(__FUNCTION__, $user, '*'),
           'msg' => array('logged_in_as', $user)
         );
-        return "domainadmin";
       }
+      return "user";
     }
   }
 
   return false;
 }
-function mailcow_mbox_login($user, $pass, $app_passwd_data = false, $is_internal = false){
+function apppass_login($user, $pass, $app_passwd_data, $extra = null){
   global $pdo;
 
-  $stmt = $pdo->prepare("SELECT * FROM `mailbox`
-      INNER JOIN domain on mailbox.domain = domain.domain
-      WHERE `kind` NOT REGEXP 'location|thing|group'
-        AND `mailbox`.`active`='1'
-        AND `domain`.`active`='1'
-        AND (`mailbox`.`authsource`='mailcow' OR `mailbox`.`authsource` IS NULL)
-        AND `username` = :user");
-  $stmt->execute(array(':user' => $user));
-  $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+  $is_internal = $extra['is_internal'];
 
-  foreach ($rows as $row) { 
-    // verify password
-    if (verify_hash($row['password'], $pass) !== false) {
-      // check for tfa authenticators
-      $authenticators = get_tfa($user);
-      if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$is_internal) {
-        // authenticators found, init TFA flow
-        $_SESSION['pending_mailcow_cc_username'] = $user;
-        $_SESSION['pending_mailcow_cc_role'] = "user";
-        $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
-        unset($_SESSION['ldelay']);
-        $_SESSION['return'][] =  array(
-          'type' => 'success',
-          'log' => array(__FUNCTION__, $user, '*'),
-          'msg' => array('logged_in_as', $user)
-        );
-        return "pending";
-      } else if (!isset($authenticators['additional']) || !is_array($authenticators['additional']) || count($authenticators['additional']) == 0) {
-        // no authenticators found, login successfull
-        if (!$is_internal){
-          unset($_SESSION['ldelay']);
-          // Reactivate TFA if it was set to "deactivate TFA for next login"
-          $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
-          $stmt->execute(array(':user' => $user));
-          $_SESSION['return'][] =  array(
-            'type' => 'success',
-            'log' => array(__FUNCTION__, $user, '*'),
-            'msg' => array('logged_in_as', $user)
-          );
-        }
-        return "user";
-      }
+  if (!filter_var($user, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) {
+    if (!$is_internal){
+      $_SESSION['return'][] =  array(
+        'type' => 'danger',
+        'log' => array(__FUNCTION__, $user, '*'),
+        'msg' => 'malformed_username'
+      );
     }
+    return false;
   }
 
-  return false;
-}
-function mailcow_mbox_apppass_login($user, $pass, $app_passwd_data, $is_internal = false){
-  global $pdo;
-
   $protocol = false;
   if ($app_passwd_data['eas']){
     $protocol = 'eas';
@@ -236,34 +262,33 @@ function mailcow_mbox_apppass_login($user, $pass, $app_passwd_data, $is_internal
     return false;
   }
 
-
   // fetch app password data
-  $stmt = $pdo->prepare("SELECT `app_passwd`.`password` as `password`, `app_passwd`.`id` as `app_passwd_id` FROM `app_passwd`
+  $stmt = $pdo->prepare("SELECT `app_passwd`.*, `app_passwd`.`password` as `password`, `app_passwd`.`id` as `app_passwd_id` FROM `app_passwd`
     INNER JOIN `mailbox` ON `mailbox`.`username` = `app_passwd`.`mailbox`
     INNER JOIN `domain` ON `mailbox`.`domain` = `domain`.`domain`
     WHERE `mailbox`.`kind` NOT REGEXP 'location|thing|group'
       AND `mailbox`.`active` = '1'
       AND `domain`.`active` = '1'
       AND `app_passwd`.`active` = '1'
-      AND `app_passwd`.`mailbox` = :user
-      :has_access_query"
+      AND `app_passwd`.`mailbox` = :user"
   );
-  // check if app password has protocol access
-  // skip if protocol is false and the call is internal
-  $has_access_query = ($is_internal && $protocol === false) ? "" : " AND `app_passwd`.`" . $protocol . "_access` = '1'";
   // fetch password data
   $stmt->execute(array(
     ':user' => $user,
-    ':has_access_query' => $has_access_query
   ));
-  $rows = array_merge($rows, $stmt->fetchAll(PDO::FETCH_ASSOC));
+  $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
   
-  foreach ($rows as $row) { 
+  foreach ($rows as $row) {
+    if ($protocol && $row[$protocol . '_access'] != '1'){
+      continue;
+    }
+
     // verify password
     if (verify_hash($row['password'], $pass) !== false) {
       if ($is_internal){
-        // skip sasl_log, dovecot does the job
-        return "user";
+        $remote_addr = $extra['remote_addr'];
+      } else {
+        $remote_addr = ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR']);
       }
 
       $service = strtoupper($is_app_passwd);
@@ -272,7 +297,7 @@ function mailcow_mbox_apppass_login($user, $pass, $app_passwd_data, $is_internal
         ':service' => $service,
         ':app_id' => $row['app_passwd_id'],
         ':username' => $user,
-        ':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'])
+        ':remote_addr' => $remote_addr
       ));
 
       unset($_SESSION['ldelay']);
@@ -285,9 +310,23 @@ function mailcow_mbox_apppass_login($user, $pass, $app_passwd_data, $is_internal
 // Keycloak REST Api Flow - auth user by mailcow_password attribute
 // This password will be used for direct UI, IMAP and SMTP Auth
 // To use direct user credentials, only Authorization Code Flow is valid
-function keycloak_mbox_login_rest($user, $pass, $iam_settings, $is_internal = false, $create = false){
+function keycloak_mbox_login_rest($user, $pass, $iam_settings, $extra = null){
   global $pdo;
 
+  $is_internal = $extra['is_internal'];
+  $create = $extra['create'];
+  
+  if (!filter_var($user, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) {
+    if (!$is_internal){
+      $_SESSION['return'][] =  array(
+        'type' => 'danger',
+        'log' => array(__FUNCTION__, $user, '*'),
+        'msg' => 'malformed_username'
+      );
+    }
+    return false;
+  }
+
   // get access_token for service account of mailcow client
   $admin_token = identity_provider("get-keycloak-admin-token");
 

From 04e2494af8abb732f2b6808a266fa0d775542977 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Sun, 30 Jul 2023 11:24:07 +0200
Subject: [PATCH 092/755] deny changes on identity provider if it's in use

---
 data/web/inc/functions.inc.php | 36 ++++++++++++++++++++++++++++++++--
 data/web/lang/lang.en-gb.json  |  1 +
 2 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index a7063fa2c..782a12733 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2122,6 +2122,21 @@ function identity_provider($_action, $_data = null, $_extra = null) {
         return false;
       }
 
+      $stmt = $pdo->prepare("SELECT * FROM `mailbox`
+          WHERE `authsource` != 'mailcow'
+          AND `authsource` IS NOT NULL
+          AND `authsource` != :authsource");  
+      $stmt->execute(array(':authsource' => $_data['authsource']));
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      if ($rows) {
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $data_log),
+          'msg' => array('authsource_in_use', $setting)
+        );
+        return false;
+      }
+
       if ($_data['authsource'] == "keycloak") {
         $_data['server_url']        = (!empty($_data['server_url'])) ? rtrim($_data['server_url'], '/') : null;
         $_data['mailpassword_flow'] = isset($_data['mailpassword_flow']) ? intval($_data['mailpassword_flow']) : 0;
@@ -2235,9 +2250,26 @@ function identity_provider($_action, $_data = null, $_extra = null) {
         return false;
       }
       
-      $stmt = $pdo->prepare("DELETE FROM identity_provider;");
-      $stmt->execute();
+      $stmt = $pdo->query("SELECT * FROM `mailbox`
+          WHERE `authsource` != 'mailcow'
+          AND `authsource` IS NOT NULL");
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      if ($rows) {
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $data_log),
+          'msg' => array('authsource_in_use', $setting)
+        );
+        return false;
+      }
 
+      $stmt = $pdo->query("DELETE FROM identity_provider;");
+
+      $_SESSION['return'][] =  array(
+        'type' => 'success',
+        'log' => array(__FUNCTION__, $_action, $data_log),
+        'msg' => array('item_deleted', '')
+      );
       return true;
     break;
     case "init":
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 391ad58b5..a6f32105a 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -387,6 +387,7 @@
         "aliases_in_use": "Max. aliases must be greater or equal to %d",
         "app_name_empty": "App name cannot be empty",
         "app_passwd_id_invalid": "App password ID %s invalid",
+        "authsource_in_use": "The identity provider cannot be changed or deleted as it is currently in use by one or more users.",
         "bcc_empty": "BCC destination cannot be empty",
         "bcc_exists": "A BCC map %s exists for type %s",
         "bcc_must_be_email": "BCC destination %s is not a valid email address",

From 3d486678ae275895fe8242af7cca3ef4fb2f0839 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 7 Aug 2023 09:18:36 +0200
Subject: [PATCH 093/755] [Web] remove keycloak sync disabled warning

---
 data/conf/phpfpm/crons/keycloak-sync.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/data/conf/phpfpm/crons/keycloak-sync.php b/data/conf/phpfpm/crons/keycloak-sync.php
index f401f0ae7..baeec21d5 100644
--- a/data/conf/phpfpm/crons/keycloak-sync.php
+++ b/data/conf/phpfpm/crons/keycloak-sync.php
@@ -73,7 +73,6 @@ $_SESSION['acl']['mailbox_relayhost'] = "1";
 $iam_provider = identity_provider('init');
 $iam_settings = identity_provider('get');
 if (intval($iam_settings['periodic_sync']) != 1 && $iam_settings['import_users'] != 1) {
-  logMsg("warning", "IAM Sync is disabled");
   session_destroy();
   exit;
 }
@@ -91,7 +90,7 @@ if (file_exists($lock_file)) {
     $last_execution = $lock_file_parts[1];
     $elapsed_time = (time() - $last_execution) / 60;
     if ($elapsed_time < intval($iam_settings['sync_interval'])) {
-      logMsg("warning", "Sync Interval not ready (".number_format((float)$elapsed_time, 2, '.', '')."min / ".$iam_settings['sync_interval']."min)");
+      logMsg("warning", "Sync not ready (".number_format((float)$elapsed_time, 2, '.', '')."min / ".$iam_settings['sync_interval']."min)");
       session_destroy();
       exit;
     }

From 9beb47c0676962440d94b2bedac6a6f5bc8c5f8e Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 7 Aug 2023 09:20:06 +0200
Subject: [PATCH 094/755] [Web] fix malformed_username check

---
 data/web/inc/functions.auth.inc.php | 30 ++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 6cc0166f1..8c35c1184 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -47,12 +47,14 @@ function check_login($user, $pass, $app_passwd_data = false, $extra = null) {
 function admin_login($user, $pass){
   global $pdo;
 
-  if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) {
-    $_SESSION['return'][] =  array(
-      'type' => 'danger',
-      'log' => array(__FUNCTION__, $user, '*'),
-      'msg' => 'malformed_username'
-    );
+  if (!filter_var($user, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) {
+    if (!$is_internal){
+      $_SESSION['return'][] =  array(
+        'type' => 'danger',
+        'log' => array(__FUNCTION__, $user, '*'),
+        'msg' => 'malformed_username'
+      );
+    }
     return false;
   }
 
@@ -99,12 +101,14 @@ function admin_login($user, $pass){
 function domainadmin_login($user, $pass){
   global $pdo;
 
-  if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) {
-    $_SESSION['return'][] =  array(
-      'type' => 'danger',
-      'log' => array(__FUNCTION__, $user, '*'),
-      'msg' => 'malformed_username'
-    );
+  if (!filter_var($user, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) {
+    if (!$is_internal){
+      $_SESSION['return'][] =  array(
+        'type' => 'danger',
+        'log' => array(__FUNCTION__, $user, '*'),
+        'msg' => 'malformed_username'
+      );
+    }
     return false;
   }
 
@@ -315,7 +319,7 @@ function keycloak_mbox_login_rest($user, $pass, $iam_settings, $extra = null){
 
   $is_internal = $extra['is_internal'];
   $create = $extra['create'];
-  
+
   if (!filter_var($user, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) {
     if (!$is_internal){
       $_SESSION['return'][] =  array(

From 185c36cdfe466a0dfcbfb633846d3548952bf24d Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 7 Aug 2023 09:24:07 +0200
Subject: [PATCH 095/755] [Web] catch update_sogo exceptions

---
 data/web/inc/functions.mailbox.inc.php | 46 ++++++++++++++++++++++----
 1 file changed, 39 insertions(+), 7 deletions(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index d76b8fa50..457b53d60 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1325,8 +1325,16 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               'rl_value' => $_data['rl_value']
             ), $_extra);
           }
-
-          update_sogo_static_view($username);
+       
+          try {
+            update_sogo_static_view($username);
+          }catch (PDOException $e) {
+            $_SESSION['return'][] = array(
+              'type' => 'success',
+              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+              'msg' => $e->getMessage()
+            );
+          }
           $_SESSION['return'][] = array(
             'type' => 'success',
             'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -3247,7 +3255,15 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               'msg' => array('mailbox_modified', $username)
             );
 
-            update_sogo_static_view($username);
+            try {
+              update_sogo_static_view($username);
+            }catch (PDOException $e) {
+              $_SESSION['return'][] = array(
+                'type' => 'success',
+                'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+                'msg' => $e->getMessage()
+              );
+            }
           }
           return true;
         break;
@@ -5467,8 +5483,16 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               );
               continue;
             }
-            
-            update_sogo_static_view($username);
+                 
+            try {
+              update_sogo_static_view($username);
+            }catch (PDOException $e) {
+              $_SESSION['return'][] = array(
+                'type' => 'success',
+                'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+                'msg' => $e->getMessage()
+              );
+            }
             $_SESSION['return'][] = array(
               'type' => 'success',
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -5681,8 +5705,16 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
       }
     break;
   }
-  if ($_action != 'get' && in_array($_type, array('domain', 'alias', 'alias_domain', 'resource')) && getenv('SKIP_SOGO') != "y") {
-    update_sogo_static_view();
+  if ($_action != 'get' && in_array($_type, array('domain', 'alias', 'alias_domain', 'resource')) && getenv('SKIP_SOGO') != "y") {            
+    try {
+      update_sogo_static_view();
+    }catch (PDOException $e) {
+      $_SESSION['return'][] = array(
+        'type' => 'success',
+        'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+        'msg' => $e->getMessage()
+      );
+    }
   }
   
   return true;

From a53ef2ed7a536fbfe3e910912e496f793c37749e Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 7 Aug 2023 09:26:15 +0200
Subject: [PATCH 096/755] [SOGo] remove sogo_view and triggers

---
 data/Dockerfiles/sogo/bootstrap-sogo.sh | 104 ------------------------
 data/web/inc/init_db.inc.php            |   8 +-
 2 files changed, 5 insertions(+), 107 deletions(-)

diff --git a/data/Dockerfiles/sogo/bootstrap-sogo.sh b/data/Dockerfiles/sogo/bootstrap-sogo.sh
index aa15525c9..3eb591186 100755
--- a/data/Dockerfiles/sogo/bootstrap-sogo.sh
+++ b/data/Dockerfiles/sogo/bootstrap-sogo.sh
@@ -24,110 +24,6 @@ while [[ "${DBV_NOW}" != "${DBV_NEW}" ]]; do
 done
 echo "DB schema is ${DBV_NOW}"
 
-# Recreate view
-if [[ "${MASTER}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-  echo "We are master, preparing sogo_view..."
-  mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP VIEW IF EXISTS sogo_view"
-  while [[ ${VIEW_OK} != 'OK' ]]; do
-    mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
-CREATE VIEW sogo_view (c_uid, domain, c_name, c_password, c_cn, mail, aliases, ad_aliases, ext_acl, kind, multiple_bookings) AS 
-SELECT
-   mailbox.username,
-   mailbox.domain,
-   mailbox.username,
-   IF(JSON_UNQUOTE(JSON_VALUE(attributes, '$.force_pw_update')) = '0', IF(JSON_UNQUOTE(JSON_VALUE(attributes, '$.sogo_access')) = 1, password, '{SSHA256}A123A123A321A321A321B321B321B123B123B321B432F123E321123123321321'), '{SSHA256}A123A123A321A321A321B321B321B123B123B321B432F123E321123123321321'),
-   mailbox.name,
-   mailbox.username,
-   IFNULL(GROUP_CONCAT(ga.aliases ORDER BY ga.aliases SEPARATOR ' '), ''),
-   IFNULL(gda.ad_alias, ''),
-   IFNULL(external_acl.send_as_acl, ''),
-   mailbox.kind,
-   mailbox.multiple_bookings
-FROM
-   mailbox
-   LEFT OUTER JOIN
-      grouped_mail_aliases ga
-      ON ga.username REGEXP CONCAT('(^|,)', mailbox.username, '($|,)')
-   LEFT OUTER JOIN
-      grouped_domain_alias_address gda
-      ON gda.username = mailbox.username
-   LEFT OUTER JOIN
-      grouped_sender_acl_external external_acl
-      ON external_acl.username = mailbox.username
-WHERE
-   mailbox.active = '1'
-GROUP BY
-   mailbox.username;
-EOF
-    if [[ ! -z $(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "SELECT 'OK' FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = 'sogo_view'") ]]; then
-      VIEW_OK=OK
-    else
-      echo "Will retry to setup SOGo view in 3s..."
-      sleep 3
-    fi
-  done
-else
-  while [[ ${VIEW_OK} != 'OK' ]]; do
-    if [[ ! -z $(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "SELECT 'OK' FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = 'sogo_view'") ]]; then
-      VIEW_OK=OK
-    else
-      echo "Waiting for SOGo view to be created by master..."
-      sleep 3
-    fi
-  done
-fi
-
-# Wait for static view table if missing after update and update content
-if [[ "${MASTER}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-  echo "We are master, preparing _sogo_static_view..."
-  while [[ ${STATIC_VIEW_OK} != 'OK' ]]; do
-    if [[ ! -z $(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "SELECT 'OK' FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '_sogo_static_view'") ]]; then
-      STATIC_VIEW_OK=OK
-      echo "Updating _sogo_static_view content..."
-      # If changed, also update init_db.inc.php
-      mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "REPLACE INTO _sogo_static_view (c_uid, domain, c_name, c_password, c_cn, mail, aliases, ad_aliases, ext_acl, kind, multiple_bookings) SELECT c_uid, domain, c_name, c_password, c_cn, mail, aliases, ad_aliases, ext_acl, kind, multiple_bookings from sogo_view;"
-      mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "DELETE FROM _sogo_static_view WHERE c_uid NOT IN (SELECT username FROM mailbox WHERE active = '1')"
-    else
-      echo "Waiting for database initialization..."
-      sleep 3
-    fi
-  done
-else
-  while [[ ${STATIC_VIEW_OK} != 'OK' ]]; do
-    if [[ ! -z $(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "SELECT 'OK' FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '_sogo_static_view'") ]]; then
-      STATIC_VIEW_OK=OK
-    else
-      echo "Waiting for database initialization by master..."
-      sleep 3
-    fi
-  done
-fi
-
-
-# Recreate password update trigger
-if [[ "${MASTER}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-  echo "We are master, preparing update trigger..."
-  mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP TRIGGER IF EXISTS sogo_update_password"
-  while [[ ${TRIGGER_OK} != 'OK' ]]; do
-  mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
-DELIMITER -
-CREATE TRIGGER sogo_update_password AFTER UPDATE ON _sogo_static_view
-FOR EACH ROW
-BEGIN
-UPDATE mailbox SET password = NEW.c_password WHERE NEW.c_uid = username;
-END;
--
-DELIMITER ;
-EOF
-    if [[ ! -z $(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "SELECT 'OK' FROM INFORMATION_SCHEMA.TRIGGERS WHERE TRIGGER_NAME = 'sogo_update_password'") ]]; then
-      TRIGGER_OK=OK
-    else
-      echo "Will retry to setup SOGo password update trigger in 3s"
-      sleep 3
-    fi
-  done
-fi
-
 # cat /dev/urandom seems to hang here occasionally and is not recommended anyway, better use openssl
 RAND_PASS=$(openssl rand -base64 16 | tr -dc _A-Z-a-z-0-9)
 
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 7447b5f4b..4f73911a6 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -1443,6 +1443,9 @@ function init_db_schema() {
       )); 
     } 
 
+    // remove old sogo views and triggers
+    $pdo->query("DROP TRIGGER IF EXISTS sogo_update_password");
+
     if (php_sapi_name() == "cli") {
       echo "DB initialization completed" . PHP_EOL;
     } else {
@@ -1467,6 +1470,7 @@ function init_db_schema() {
 }
 if (php_sapi_name() == "cli") {
   include '/web/inc/vars.inc.php';
+  include '/web/inc/functions.inc.php';
   include '/web/inc/functions.docker.inc.php';
   // $now = new DateTime();
   // $mins = $now->getOffset() / 60;
@@ -1488,9 +1492,7 @@ if (php_sapi_name() == "cli") {
   if (intval($res['OK_C']) === 2) {
     // Be more precise when replacing into _sogo_static_view, col orders may change
     try {
-      $stmt = $pdo->query("REPLACE INTO _sogo_static_view (`c_uid`, `domain`, `c_name`, `c_password`, `c_cn`, `mail`, `aliases`, `ad_aliases`, `ext_acl`, `kind`, `multiple_bookings`)
-        SELECT `c_uid`, `domain`, `c_name`, `c_password`, `c_cn`, `mail`, `aliases`, `ad_aliases`, `ext_acl`, `kind`, `multiple_bookings` from sogo_view");
-      $stmt = $pdo->query("DELETE FROM _sogo_static_view WHERE `c_uid` NOT IN (SELECT `username` FROM `mailbox` WHERE `active` = '1');");
+      update_sogo_static_view();
       echo "Fixed _sogo_static_view" . PHP_EOL;
     }
     catch ( Exception $e ) {

From ccc17e4a201ba35311ceef1be37e7a06c49c0896 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 7 Aug 2023 09:27:32 +0200
Subject: [PATCH 097/755] [SOGo] deny direct login on external users

---
 data/web/inc/functions.inc.php | 68 ++++++++++++++++++++++------------
 1 file changed, 44 insertions(+), 24 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 782a12733..0b55e75e1 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -840,35 +840,54 @@ function update_sogo_static_view($mailbox = null) {
     }
   }
 
-  $query = "REPLACE INTO _sogo_static_view (`c_uid`, `domain`, `c_name`, `c_password`, `c_cn`, `mail`, `aliases`, `ad_aliases`, `ext_acl`, `kind`, `multiple_bookings`)
-            SELECT
-              mailbox.username,
-              mailbox.domain,
-              mailbox.username,
-              IF(JSON_UNQUOTE(JSON_VALUE(attributes, '$.force_pw_update')) = '0',
-                 IF(JSON_UNQUOTE(JSON_VALUE(attributes, '$.sogo_access')) = 1, password, '{SSHA256}A123A123A321A321A321B321B321B123B123B321B432F123E321123123321321'),
-                 '{SSHA256}A123A123A321A321A321B321B321B123B123B321B432F123E321123123321321'),
-              mailbox.name,
-              mailbox.username,
-              IFNULL(GROUP_CONCAT(ga.aliases ORDER BY ga.aliases SEPARATOR ' '), ''),
-              IFNULL(gda.ad_alias, ''),
-              IFNULL(external_acl.send_as_acl, ''),
-              mailbox.kind,
-              mailbox.multiple_bookings
-            FROM
-              mailbox
-              LEFT OUTER JOIN grouped_mail_aliases ga ON ga.username REGEXP CONCAT('(^|,)', mailbox.username, '($|,)')
-              LEFT OUTER JOIN grouped_domain_alias_address gda ON gda.username = mailbox.username
-              LEFT OUTER JOIN grouped_sender_acl_external external_acl ON external_acl.username = mailbox.username
-            WHERE
-              mailbox.active = '1'";
+  $subquery = "GROUP BY mailbox.username";
+  if ($mailbox_exists) {
+    $subquery = "AND mailbox.username = :mailbox";
+  }
+  $query = "INSERT INTO _sogo_static_view (`c_uid`, `domain`, `c_name`, `c_password`, `c_cn`, `mail`, `aliases`, `ad_aliases`, `ext_acl`, `kind`, `multiple_bookings`)
+      SELECT
+        mailbox.username,
+        mailbox.domain,
+        mailbox.username,
+        CASE 
+          WHEN mailbox.authsource IS NOT NULL AND mailbox.authsource <> 'mailcow' THEN '{SSHA256}A123A123A321A321A321B321B321B123B123B321B432F123E321123123321321'
+          ELSE 
+            IF(JSON_UNQUOTE(JSON_VALUE(attributes, '$.force_pw_update')) = '0',
+              IF(JSON_UNQUOTE(JSON_VALUE(attributes, '$.sogo_access')) = 1, password, '{SSHA256}A123A123A321A321A321B321B321B123B123B321B432F123E321123123321321'),
+              '{SSHA256}A123A123A321A321A321B321B321B123B123B321B432F123E321123123321321')
+        END AS c_password,
+        mailbox.name,
+        mailbox.username,
+        IFNULL(GROUP_CONCAT(ga.aliases ORDER BY ga.aliases SEPARATOR ' '), ''),
+        IFNULL(gda.ad_alias, ''),
+        IFNULL(external_acl.send_as_acl, ''),
+        mailbox.kind,
+        mailbox.multiple_bookings
+      FROM
+        mailbox
+        LEFT OUTER JOIN grouped_mail_aliases ga ON ga.username REGEXP CONCAT('(^|,)', mailbox.username, '($|,)')
+        LEFT OUTER JOIN grouped_domain_alias_address gda ON gda.username = mailbox.username
+        LEFT OUTER JOIN grouped_sender_acl_external external_acl ON external_acl.username = mailbox.username
+      WHERE
+        mailbox.active = '1'
+        $subquery
+      ON DUPLICATE KEY UPDATE
+        `domain` = VALUES(`domain`),
+        `c_name` = VALUES(`c_name`),
+        `c_password` = VALUES(`c_password`),
+        `c_cn` = VALUES(`c_cn`),
+        `mail` = VALUES(`mail`),
+        `aliases` = VALUES(`aliases`),
+        `ad_aliases` = VALUES(`ad_aliases`),
+        `ext_acl` = VALUES(`ext_acl`),
+        `kind` = VALUES(`kind`),
+        `multiple_bookings` = VALUES(`multiple_bookings`)";
+
   
   if ($mailbox_exists) {
-    $query .= " AND mailbox.username = :mailbox";
     $stmt = $pdo->prepare($query);
     $stmt->execute(array(':mailbox' => $mailbox));
   } else {
-    $query .= " GROUP BY mailbox.username";
     $stmt = $pdo->query($query);
   }
   
@@ -2143,6 +2162,7 @@ function identity_provider($_action, $_data = null, $_extra = null) {
         $_data['periodic_sync']     = isset($_data['periodic_sync']) ? intval($_data['periodic_sync']) : 0;
         $_data['import_users']      = isset($_data['import_users']) ? intval($_data['import_users']) : 0;
         $_data['sync_interval']     = isset($_data['sync_interval']) ? intval($_data['sync_interval']) : 15;
+        $_data['sync_interval']     = $_data['sync_interval'] < 1 ? 1 : $_data['sync_interval'];
         $required_settings          = array('authsource', 'server_url', 'realm', 'client_id', 'client_secret', 'redirect_url', 'version', 'mailpassword_flow', 'periodic_sync', 'import_users', 'sync_interval');
       } else if ($_data['authsource'] == "generic-oidc") {
         $_data['authorize_url']     = (!empty($_data['authorize_url'])) ? rtrim($_data['authorize_url'], '/') : null;

From e64293c82f45b250580ed69d3451756ed47662aa Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 7 Aug 2023 09:28:26 +0200
Subject: [PATCH 098/755] [Web] minor fixes

---
 data/web/lang/lang.en-gb.json                              | 2 +-
 data/web/templates/admin/tab-config-identity-provider.twig | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index a6f32105a..d77de7373 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -1086,7 +1086,7 @@
         "forwarding_host_removed": "Forwarding host %s has been removed",
         "global_filter_written": "Filter was successfully written to file",
         "hash_deleted": "Hash deleted",
-        "iam_test_connection": "Connection successfull",
+        "iam_test_connection": "Connection successful",
         "ip_check_opt_in_modified": "IP check was saved successfully",
         "item_deleted": "Item %s successfully deleted",
         "item_released": "Item %s released",
diff --git a/data/web/templates/admin/tab-config-identity-provider.twig b/data/web/templates/admin/tab-config-identity-provider.twig
index c3d9181e0..88ccc95ee 100644
--- a/data/web/templates/admin/tab-config-identity-provider.twig
+++ b/data/web/templates/admin/tab-config-identity-provider.twig
@@ -157,7 +157,7 @@
           <div class="row mb-2">
             <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_sync_interval }}</label>
             <div class="col-12 col-md-9 col-lg-4">
-              <input class="form-control" type="number" name="sync_interval" style="width: 80px;"  {% if iam_settings.sync_interval %}value="{{ iam_settings.sync_interval }}"{% else %}value="15"{% endif %}>
+              <input class="form-control" type="number" min="1" name="sync_interval" style="width: 80px;"  {% if iam_settings.sync_interval %}value="{{ iam_settings.sync_interval }}"{% else %}value="15"{% endif %}>
             </div>
           </div>
           <div class="row mt-4 mb-2">

From ddaeebc822b4a5cc07a84df9e1432bc96bf42d0c Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Fri, 4 Aug 2023 08:56:59 +0200
Subject: [PATCH 099/755] [Rspamd] Update to 3.6 (Ratelimit fix)

---
 data/Dockerfiles/rspamd/Dockerfile | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/data/Dockerfiles/rspamd/Dockerfile b/data/Dockerfiles/rspamd/Dockerfile
index 2511a6f2f..06a988449 100644
--- a/data/Dockerfiles/rspamd/Dockerfile
+++ b/data/Dockerfiles/rspamd/Dockerfile
@@ -1,17 +1,17 @@
-FROM debian:bullseye-slim
-LABEL maintainer "The Infrastructure Company GmbH GmbH <info@servercow.de>"
+FROM debian:bookworm-slim
+LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG CODENAME=bullseye
+ARG CODENAME=bookworm
 ENV LC_ALL C
 
-RUN apt-get update && apt-get install -y \
+RUN apt-get update && apt-get install -y --no-install-recommends \
   tzdata \
   ca-certificates \
   gnupg2 \
   apt-transport-https \
   dnsutils \
-  netcat \
+  netcat-traditional \
   && apt-key adv --fetch-keys https://rspamd.com/apt-stable/gpg.key \
   && echo "deb https://rspamd.com/apt-stable/ $CODENAME main" > /etc/apt/sources.list.d/rspamd.list \
   && apt-get update \

From c15ab10b1bb0b0edde1a2b5ce421879553f7e85e Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Wed, 26 Apr 2023 08:37:20 +0000
Subject: [PATCH 100/755] Updated Clamd Building to be x86 and ARM Compatible

---
 data/Dockerfiles/clamd/Dockerfile | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/data/Dockerfiles/clamd/Dockerfile b/data/Dockerfiles/clamd/Dockerfile
index 8e107516b..3aebff433 100644
--- a/data/Dockerfiles/clamd/Dockerfile
+++ b/data/Dockerfiles/clamd/Dockerfile
@@ -10,9 +10,7 @@ RUN apk upgrade --no-cache \
   bash \
   tini
 
-# init
-COPY clamd.sh /clamd.sh
-RUN chmod +x /sbin/tini
+COPY clamd.sh ./
 
 # healthcheck
 COPY healthcheck.sh /healthcheck.sh

From 2bd46ae0fdcee5458fd9fd0c1490a94ddfe0f54d Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Sun, 30 Apr 2023 17:28:50 +0000
Subject: [PATCH 101/755] Changed Maintainer to tinc within Dockerfiles

---
 data/Dockerfiles/sogo/Dockerfile.custom | 118 ++++++++++++++++++++++++
 1 file changed, 118 insertions(+)
 create mode 100644 data/Dockerfiles/sogo/Dockerfile.custom

diff --git a/data/Dockerfiles/sogo/Dockerfile.custom b/data/Dockerfiles/sogo/Dockerfile.custom
new file mode 100644
index 000000000..a0dffbae1
--- /dev/null
+++ b/data/Dockerfiles/sogo/Dockerfile.custom
@@ -0,0 +1,118 @@
+FROM debian:bullseye-slim AS build
+LABEL maintainer "The Infrastructure Company <info@servercow.de>"
+
+ARG DEBIAN_FRONTEND=noninteractive
+ARG SOGO_VERSION=5.8.2
+
+RUN apt update && apt install -y --no-install-recommends \
+libgnustep-base-dev \
+cmake \
+pkg-config \
+make \
+gobjc \
+libz-dev \
+libexpat1-dev \
+zlib1g-dev \
+libpq-dev \
+libcurl4-openssl-dev \
+libsodium-dev \
+libxml2-dev \
+libssl-dev \
+libldap2-dev \
+libzip-dev \
+default-libmysqlclient-dev \
+mariadb-client \
+libmemcached-dev \
+libytnef0 \
+libytnef0-dev \
+libwbxml2-0 \
+libwbxml2-dev \
+curl \
+pkg-config \
+wget \
+git
+
+RUN mkdir /tmp/libwbxml && git clone https://github.com/libwbxml/libwbxml.git /tmp/libwbxml/ \
+&& cd /tmp/libwbxml/ \
+&& cmake . -B/tmp/build/libwbxml -DCMAKE_INSTALL_PREFIX=$prefix \ 
+&& cd /tmp/build/libwbxml \
+&& make \
+&& make install \
+&& ln -s /include/libwbxml-1.0 /usr/include/libwbxml-1.0
+
+RUN cd /tmp && mkdir sope && wget https://packages.sogo.nu/sources/SOPE-${SOGO_VERSION}.tar.gz -O - | tar -xz -C /tmp/sope --strip-components=1 && cd /tmp/sope \
+&& ./configure --with-gnustep --enable-debug --disable-strip \
+&& make \
+&& make install
+
+RUN cd /tmp && mkdir sogo && wget https://packages.sogo.nu/sources/SOGo-${SOGO_VERSION}.tar.gz -O - | tar -xz -C /tmp/sogo --strip-components=1 && cd /tmp/sogo \
+&& ./configure --enable-debug --disable-strip \
+&& make \
+&& make install
+
+RUN cd /tmp/sogo/ActiveSync \
+&& make VERBOSE=1 \
+&& make install
+
+FROM debian:bullseye-slim
+ARG GOSU_VERSION=1.16
+ENV LC_ALL C
+LABEL maintainer "The Infrastructure Company <info@servercow.de>"
+
+RUN apt update && apt install -y --no-install-recommends \
+    apt-transport-https \
+    ca-certificates \
+    gettext \
+    gnupg \
+    mariadb-client \
+    rsync \
+    supervisor \
+    syslog-ng \
+    syslog-ng-core \
+    syslog-ng-mod-redis \
+    dirmngr \
+    netcat \
+    psmisc \
+    wget \
+    patch \
+    && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
+    && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
+    && chmod +x /usr/local/bin/gosu \
+    && gosu nobody true \
+    && mkdir /usr/share/doc/sogo \
+    && touch /usr/share/doc/sogo/empty.sh \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY --from=build /usr/local/sbin /usr/local/sbin
+COPY --from=build /usr/local/lib /usr/local/lib
+COPY --from=build /usr/lib /usr/lib
+COPY --from=build /lib/aarch64-linux-gnu /lib/aarch64-linux-gnu
+COPY ./bootstrap-sogo.sh /bootstrap-sogo.sh
+COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
+COPY syslog-ng-redis_slave.conf /etc/syslog-ng/syslog-ng-redis_slave.conf
+COPY supervisord.conf /etc/supervisor/supervisord.conf
+COPY acl.diff /acl.diff
+COPY stop-supervisor.sh /usr/local/sbin/stop-supervisor.sh
+COPY docker-entrypoint.sh /
+
+RUN chmod +x /bootstrap-sogo.sh \
+  /usr/local/sbin/stop-supervisor.sh
+
+RUN echo "/usr/local/lib/sogo" > /etc/ld.so.conf.d/sogo.conf \
+&& ldconfig
+
+RUN groupadd --system sogo && useradd --system --gid sogo sogo \
+   && echo "create directories and enforce permissions" \
+   && install -o sogo -g sogo -m 755 -d /var/run/sogo  \
+   && install -o sogo -g sogo -m 750 -d /var/spool/sogo  \
+   && install -o sogo -g sogo -m 750 -d /var/log/sogo
+
+RUN rm -rf /usr/lib/GNUstep/SOGo
+RUN mkdir -p /usr/lib/GNUstep && ln -s /usr/local/lib/GNUstep/SOGo /usr/lib/GNUstep/SOGo
+RUN ln -s /usr/local/sbin/sogo-tool /usr/sbin/sogo-tool
+RUN ln -s /usr/local/sbin/sogo-ealarms-notify /usr/sbin/sogo-ealarms-notify
+RUN ln -s /usr/local/sbin/sogo-slapd-sockd /usr/sbin/sogo-slapd-sockd 
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
+
+CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
\ No newline at end of file

From 6da41b10278fb83a4297239ad6bf5658f006c67e Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Sun, 30 Apr 2023 17:30:25 +0000
Subject: [PATCH 102/755] Removed Test self compiled SOGo Dockerfile

---
 data/Dockerfiles/sogo/Dockerfile.custom | 118 ------------------------
 1 file changed, 118 deletions(-)
 delete mode 100644 data/Dockerfiles/sogo/Dockerfile.custom

diff --git a/data/Dockerfiles/sogo/Dockerfile.custom b/data/Dockerfiles/sogo/Dockerfile.custom
deleted file mode 100644
index a0dffbae1..000000000
--- a/data/Dockerfiles/sogo/Dockerfile.custom
+++ /dev/null
@@ -1,118 +0,0 @@
-FROM debian:bullseye-slim AS build
-LABEL maintainer "The Infrastructure Company <info@servercow.de>"
-
-ARG DEBIAN_FRONTEND=noninteractive
-ARG SOGO_VERSION=5.8.2
-
-RUN apt update && apt install -y --no-install-recommends \
-libgnustep-base-dev \
-cmake \
-pkg-config \
-make \
-gobjc \
-libz-dev \
-libexpat1-dev \
-zlib1g-dev \
-libpq-dev \
-libcurl4-openssl-dev \
-libsodium-dev \
-libxml2-dev \
-libssl-dev \
-libldap2-dev \
-libzip-dev \
-default-libmysqlclient-dev \
-mariadb-client \
-libmemcached-dev \
-libytnef0 \
-libytnef0-dev \
-libwbxml2-0 \
-libwbxml2-dev \
-curl \
-pkg-config \
-wget \
-git
-
-RUN mkdir /tmp/libwbxml && git clone https://github.com/libwbxml/libwbxml.git /tmp/libwbxml/ \
-&& cd /tmp/libwbxml/ \
-&& cmake . -B/tmp/build/libwbxml -DCMAKE_INSTALL_PREFIX=$prefix \ 
-&& cd /tmp/build/libwbxml \
-&& make \
-&& make install \
-&& ln -s /include/libwbxml-1.0 /usr/include/libwbxml-1.0
-
-RUN cd /tmp && mkdir sope && wget https://packages.sogo.nu/sources/SOPE-${SOGO_VERSION}.tar.gz -O - | tar -xz -C /tmp/sope --strip-components=1 && cd /tmp/sope \
-&& ./configure --with-gnustep --enable-debug --disable-strip \
-&& make \
-&& make install
-
-RUN cd /tmp && mkdir sogo && wget https://packages.sogo.nu/sources/SOGo-${SOGO_VERSION}.tar.gz -O - | tar -xz -C /tmp/sogo --strip-components=1 && cd /tmp/sogo \
-&& ./configure --enable-debug --disable-strip \
-&& make \
-&& make install
-
-RUN cd /tmp/sogo/ActiveSync \
-&& make VERBOSE=1 \
-&& make install
-
-FROM debian:bullseye-slim
-ARG GOSU_VERSION=1.16
-ENV LC_ALL C
-LABEL maintainer "The Infrastructure Company <info@servercow.de>"
-
-RUN apt update && apt install -y --no-install-recommends \
-    apt-transport-https \
-    ca-certificates \
-    gettext \
-    gnupg \
-    mariadb-client \
-    rsync \
-    supervisor \
-    syslog-ng \
-    syslog-ng-core \
-    syslog-ng-mod-redis \
-    dirmngr \
-    netcat \
-    psmisc \
-    wget \
-    patch \
-    && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
-    && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
-    && chmod +x /usr/local/bin/gosu \
-    && gosu nobody true \
-    && mkdir /usr/share/doc/sogo \
-    && touch /usr/share/doc/sogo/empty.sh \
-    && rm -rf /var/lib/apt/lists/*
-
-COPY --from=build /usr/local/sbin /usr/local/sbin
-COPY --from=build /usr/local/lib /usr/local/lib
-COPY --from=build /usr/lib /usr/lib
-COPY --from=build /lib/aarch64-linux-gnu /lib/aarch64-linux-gnu
-COPY ./bootstrap-sogo.sh /bootstrap-sogo.sh
-COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
-COPY syslog-ng-redis_slave.conf /etc/syslog-ng/syslog-ng-redis_slave.conf
-COPY supervisord.conf /etc/supervisor/supervisord.conf
-COPY acl.diff /acl.diff
-COPY stop-supervisor.sh /usr/local/sbin/stop-supervisor.sh
-COPY docker-entrypoint.sh /
-
-RUN chmod +x /bootstrap-sogo.sh \
-  /usr/local/sbin/stop-supervisor.sh
-
-RUN echo "/usr/local/lib/sogo" > /etc/ld.so.conf.d/sogo.conf \
-&& ldconfig
-
-RUN groupadd --system sogo && useradd --system --gid sogo sogo \
-   && echo "create directories and enforce permissions" \
-   && install -o sogo -g sogo -m 755 -d /var/run/sogo  \
-   && install -o sogo -g sogo -m 750 -d /var/spool/sogo  \
-   && install -o sogo -g sogo -m 750 -d /var/log/sogo
-
-RUN rm -rf /usr/lib/GNUstep/SOGo
-RUN mkdir -p /usr/lib/GNUstep && ln -s /usr/local/lib/GNUstep/SOGo /usr/lib/GNUstep/SOGo
-RUN ln -s /usr/local/sbin/sogo-tool /usr/sbin/sogo-tool
-RUN ln -s /usr/local/sbin/sogo-ealarms-notify /usr/sbin/sogo-ealarms-notify
-RUN ln -s /usr/local/sbin/sogo-slapd-sockd /usr/sbin/sogo-slapd-sockd 
-
-ENTRYPOINT ["/docker-entrypoint.sh"]
-
-CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
\ No newline at end of file

From 737c0502accf67c9bcce66d47af64c8986858ed1 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Tue, 2 May 2023 14:37:35 +0000
Subject: [PATCH 103/755] Rebased Dovecot on Alpine 3.17 instead Bullseye
 (ARM64 Support)

---
 data/Dockerfiles/dovecot/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index a9d4739cf..45f03fefa 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -133,4 +133,4 @@ COPY quota_notify.py /usr/local/bin/quota_notify.py
 COPY repl_health.sh /usr/local/bin/repl_health.sh
 
 ENTRYPOINT ["/docker-entrypoint.sh"]
-CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
+CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
\ No newline at end of file

From 60f9412bb8cc45e1b8effa6ea58ac740017b13d4 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Tue, 2 May 2023 15:29:21 +0000
Subject: [PATCH 104/755] Switched to Alpine Edge (for IMAPSYNC Deps)

---
 data/Dockerfiles/dovecot/Dockerfile | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index 45f03fefa..8b315b45a 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -33,10 +33,13 @@ RUN addgroup -g 5000 vmail \
   lua5.3-sql-mysql \
   icu-data-full \
   mariadb-connector-c \
-  gcompat \
   lua-sec \
+  mariadb-dev \
+  glib-dev \
+  gcompat \
   mariadb-client \
   perl \
+  perl-dev \
   perl-ntlm \
   perl-cgi \
   perl-crypt-openssl-rsa \

From 38db7226a8991576d8fd11009fcd5ec24d9b44ee Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Wed, 3 May 2023 08:37:00 +0000
Subject: [PATCH 105/755] Optimized CLAMAV Builds to match exact version
 instead of Repo

---
 data/Dockerfiles/clamd/Dockerfile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/data/Dockerfiles/clamd/Dockerfile b/data/Dockerfiles/clamd/Dockerfile
index 3aebff433..8e107516b 100644
--- a/data/Dockerfiles/clamd/Dockerfile
+++ b/data/Dockerfiles/clamd/Dockerfile
@@ -10,7 +10,9 @@ RUN apk upgrade --no-cache \
   bash \
   tini
 
-COPY clamd.sh ./
+# init
+COPY clamd.sh /clamd.sh
+RUN chmod +x /sbin/tini
 
 # healthcheck
 COPY healthcheck.sh /healthcheck.sh

From 7ec7bd21cbfecf814a98608ffd14590fab6fd2e9 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Wed, 3 May 2023 09:36:43 +0000
Subject: [PATCH 106/755] Changed Dovecot Base to Bullseye again (Self compile)

---
 data/Dockerfiles/dovecot/Dockerfile | 34 ++++++++++++++++-------------
 data/conf/dovecot/dovecot.conf      |  4 ++--
 2 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index 8b315b45a..dd13fae7c 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -3,9 +3,10 @@ LABEL maintainer "The Infrastructure Company GmbH GmbH <info@servercow.de>"
 
 # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced extractVersion=^(?<version>.*)$
 ARG GOSU_VERSION=1.16
+ARG DOVECOT_VERSION=2.3.20
+ARG PIGEONHOLE_VERSION=0.5.20
+ENV LC_ALL C
 
-ENV LANG C.UTF-8
-ENV LC_ALL C.UTF-8
 
 # Add groups and users before installing Dovecot to not break compatibility
 RUN addgroup -g 5000 vmail \
@@ -98,19 +99,22 @@ RUN addgroup -g 5000 vmail \
   supervisor \
   tzdata \
   wget \
-  dovecot \
-  dovecot-dev \
-  dovecot-lmtpd \
-  dovecot-lua \
-  dovecot-ldap \
-  dovecot-mysql \
-  dovecot-sql \
-  dovecot-submissiond \
-  dovecot-pigeonhole-plugin \
-  dovecot-pop3d \
-  dovecot-fts-solr \
-  && arch=$(arch | sed s/aarch64/arm64/ | sed s/x86_64/amd64/) \
-  && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$arch" \
+  git \
+  bison \
+  flex \
+  build-essential \
+  autoconf \
+  automake \
+  libtool \
+  make \
+  default-libmysqlclient-dev \
+  libicu-dev \
+  zlib1g-dev \
+  pkg-config \
+  libsqlite3-dev \
+  liblua5.3-dev \
+  && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
+  && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
   && chmod +x /usr/local/bin/gosu \
   && gosu nobody true
 
diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf
index f2c917eff..9284d2cf8 100644
--- a/data/conf/dovecot/dovecot.conf
+++ b/data/conf/dovecot/dovecot.conf
@@ -241,8 +241,8 @@ plugin {
   mail_crypt_global_public_key = </mail_crypt/ecpubkey.pem
   mail_crypt_save_version = 2
 
-  # Enable compression while saving, lz4 Dovecot v2.2.11+
-  zlib_save = lz4
+  # Enable compression while saving, zstd Dovecot v2.3.17+
+  zlib_save = zstd
 
   mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
   mail_log_fields = uid box msgid size

From 466e36ecbbd8965fb83379a5c8858b32cdc18b0a Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Wed, 3 May 2023 09:55:55 +0000
Subject: [PATCH 107/755] Optimized Build Process for Dovecot

---
 data/Dockerfiles/dovecot/Dockerfile | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index dd13fae7c..0af13e69f 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -112,11 +112,7 @@ RUN addgroup -g 5000 vmail \
   zlib1g-dev \
   pkg-config \
   libsqlite3-dev \
-  liblua5.3-dev \
-  && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
-  && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
-  && chmod +x /usr/local/bin/gosu \
-  && gosu nobody true
+  liblua5.3-dev
 
 # RUN cpan LockFile::Simple
 

From 92d2cca7c33032a51b258c9909419115f4199877 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Fri, 5 May 2023 10:05:40 +0000
Subject: [PATCH 108/755] Added missing Labels to Dockerfiles

---
 data/Dockerfiles/solr/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/Dockerfiles/solr/Dockerfile b/data/Dockerfiles/solr/Dockerfile
index 429133519..ecbd6a37a 100644
--- a/data/Dockerfiles/solr/Dockerfile
+++ b/data/Dockerfiles/solr/Dockerfile
@@ -1,4 +1,5 @@
 FROM solr:7.7-slim
+LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 USER root
 

From 4b18a99e556e5037b06e953ee535213a55255bdb Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Fri, 12 May 2023 08:30:55 +0000
Subject: [PATCH 109/755] Small fixes for CLAMD Health Check

---
 data/Dockerfiles/clamd/Dockerfile    | 1 +
 data/Dockerfiles/clamd/clamdcheck.sh | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/data/Dockerfiles/clamd/Dockerfile b/data/Dockerfiles/clamd/Dockerfile
index 8e107516b..7ff58ed80 100644
--- a/data/Dockerfiles/clamd/Dockerfile
+++ b/data/Dockerfiles/clamd/Dockerfile
@@ -12,6 +12,7 @@ RUN apk upgrade --no-cache \
 
 # init
 COPY clamd.sh /clamd.sh
+COPY clamdcheck.sh /usr/local/bin/
 RUN chmod +x /sbin/tini
 
 # healthcheck
diff --git a/data/Dockerfiles/clamd/clamdcheck.sh b/data/Dockerfiles/clamd/clamdcheck.sh
index 7884d48a9..e7e53a65f 100644
--- a/data/Dockerfiles/clamd/clamdcheck.sh
+++ b/data/Dockerfiles/clamd/clamdcheck.sh
@@ -11,4 +11,4 @@ if [ "${CLAMAV_NO_CLAMD:-}" != "false" ]; then
 	echo "Clamd is up"
 fi
 
-exit 0
\ No newline at end of file
+exit 0

From 89c50642138a9514fd3a188cd1be434f29298e0e Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Thu, 3 Aug 2023 09:29:23 +0000
Subject: [PATCH 110/755] Rebased Dovecot on Alpine + fixed logging

---
 data/Dockerfiles/dovecot/Dockerfile | 31 +++++++++++++++--------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index 0af13e69f..a3bdc8472 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -99,22 +99,23 @@ RUN addgroup -g 5000 vmail \
   supervisor \
   tzdata \
   wget \
-  git \
-  bison \
-  flex \
-  build-essential \
-  autoconf \
-  automake \
-  libtool \
-  make \
-  default-libmysqlclient-dev \
-  libicu-dev \
-  zlib1g-dev \
-  pkg-config \
-  libsqlite3-dev \
-  liblua5.3-dev
+  dovecot \
+  dovecot-dev \
+  dovecot-lmtpd \
+  dovecot-lua \
+  dovecot-ldap \
+  dovecot-mysql \
+  dovecot-sql \
+  dovecot-submissiond \
+  dovecot-pigeonhole-plugin \
+  dovecot-pop3d \
+  dovecot-fts-solr \
+  && arch=$(arch | sed s/aarch64/arm64/ | sed s/x86_64/amd64/) \
+  && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$arch" \
+  && chmod +x /usr/local/bin/gosu \
+  && gosu nobody true
 
-# RUN cpan LockFile::Simple
+#RUN cpan LockFile::Simple
 
 COPY trim_logs.sh /usr/local/bin/trim_logs.sh
 COPY clean_q_aged.sh /usr/local/bin/clean_q_aged.sh

From 81024b8c126949afc62ea0515928bab683243149 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Fri, 4 Aug 2023 09:28:07 +0000
Subject: [PATCH 111/755] Clamd using Alpine Packages instead self compile

---
 data/Dockerfiles/clamd/Dockerfile | 1 -
 1 file changed, 1 deletion(-)

diff --git a/data/Dockerfiles/clamd/Dockerfile b/data/Dockerfiles/clamd/Dockerfile
index 7ff58ed80..8e107516b 100644
--- a/data/Dockerfiles/clamd/Dockerfile
+++ b/data/Dockerfiles/clamd/Dockerfile
@@ -12,7 +12,6 @@ RUN apk upgrade --no-cache \
 
 # init
 COPY clamd.sh /clamd.sh
-COPY clamdcheck.sh /usr/local/bin/
 RUN chmod +x /sbin/tini
 
 # healthcheck

From 788f03e99337a7cc60474ba1d2ecdac0be552589 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 8 Aug 2023 10:13:14 +0200
Subject: [PATCH 112/755] [Dovecot] remove passwd-verify.lua generation

---
 .gitignore                                    |  1 -
 data/Dockerfiles/dovecot/docker-entrypoint.sh | 46 -------------------
 data/conf/dovecot/auth/passwd-verify.lua      | 42 +++++++++++++++++
 3 files changed, 42 insertions(+), 47 deletions(-)
 create mode 100644 data/conf/dovecot/auth/passwd-verify.lua

diff --git a/.gitignore b/.gitignore
index 22ea38bd0..e1e8e8882 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,7 +17,6 @@ data/conf/dovecot/mail_replica.conf
 data/conf/dovecot/global_sieve_*
 data/conf/dovecot/last_login
 data/conf/dovecot/lua
-data/conf/dovecot/auth/passwd-verify.lua
 data/conf/dovecot/mail_plugins*
 data/conf/dovecot/shared_namespace.conf
 data/conf/dovecot/sni.conf
diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index 673452267..fef099cc6 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -128,52 +128,6 @@ user_query = SELECT CONCAT(JSON_UNQUOTE(JSON_VALUE(attributes, '$.mailbox_format
 iterate_query = SELECT username FROM mailbox WHERE active = '1' OR active = '2';
 EOF
 
-cat <<EOF > /etc/dovecot/auth/passwd-verify.lua
-function auth_password_verify(request, password)
-  if request.domain == nil then
-    return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "No such user"
-  end
-
-  json = require "json"
-  ltn12 = require "ltn12"
-  https = require "ssl.https"
-  https.TIMEOUT = 5
-
-  local req = {
-    username = request.user,
-    password = password,
-    real_rip = request.real_rip,
-    protocol = {}
-  }
-  req.protocol[request.service] = true
-  local req_json = json.encode(req)
-  local res = {} 
-  
-  local b, c = https.request {
-    method = "POST",
-    url = "https://nginx:9082",
-    source = ltn12.source.string(req_json),
-    headers = {
-      ["content-type"] = "application/json",
-      ["content-length"] = tostring(#req_json)
-    },
-    sink = ltn12.sink.table(res),
-    insecure = true
-  }
-  local api_response = json.decode(table.concat(res))
-  if api_response.success == true then
-    return dovecot.auth.PASSDB_RESULT_OK, ""
-  end
-  
-  return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, "Failed to authenticate"
-end
-
-function auth_passdb_lookup(req)
-   return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, ""
-end
-EOF
-
-
 # Migrate old sieve_after file
 [[ -f /etc/dovecot/sieve_after ]] && mv /etc/dovecot/sieve_after /etc/dovecot/global_sieve_after
 # Create global sieve scripts
diff --git a/data/conf/dovecot/auth/passwd-verify.lua b/data/conf/dovecot/auth/passwd-verify.lua
new file mode 100644
index 000000000..cb2e928d0
--- /dev/null
+++ b/data/conf/dovecot/auth/passwd-verify.lua
@@ -0,0 +1,42 @@
+function auth_password_verify(request, password)
+  if request.domain == nil then
+    return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "No such user"
+  end
+
+  json = require "cjson"
+  ltn12 = require "ltn12"
+  https = require "ssl.https"
+  https.TIMEOUT = 5
+
+  local req = {
+    username = request.user,
+    password = password,
+    real_rip = request.real_rip,
+    protocol = {}
+  }
+  req.protocol[request.service] = true
+  local req_json = json.encode(req)
+  local res = {} 
+  
+  local b, c = https.request {
+    method = "POST",
+    url = "https://nginx:9082",
+    source = ltn12.source.string(req_json),
+    headers = {
+      ["content-type"] = "application/json",
+      ["content-length"] = tostring(#req_json)
+    },
+    sink = ltn12.sink.table(res),
+    insecure = true
+  }
+  local api_response = json.decode(table.concat(res))
+  if api_response.success == true then
+    return dovecot.auth.PASSDB_RESULT_OK, ""
+  end
+  
+  return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, "Failed to authenticate"
+end
+
+function auth_passdb_lookup(req)
+   return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, ""
+end

From 2d51881ae38b3675b9bc4305f66e2dcb1c58c2b4 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 8 Aug 2023 10:49:12 +0200
Subject: [PATCH 113/755] [Web] fix user protocol badges

---
 data/web/templates/user/tab-user-auth.twig | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/data/web/templates/user/tab-user-auth.twig b/data/web/templates/user/tab-user-auth.twig
index f8429821e..f4d364d7b 100644
--- a/data/web/templates/user/tab-user-auth.twig
+++ b/data/web/templates/user/tab-user-auth.twig
@@ -47,11 +47,11 @@
             <div class="col-12 col-md-9 d-flex">
               <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill m-2 ms-0" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.user.direct_protocol_access|raw }}"></i>
               <div class="d-flex flex-wrap">
-              {% if mailboxdata.attributes.imap_access == 1 %}<div class="badge fs-6 bg-success m-2">IMAP <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger">IMAP <i class="bi bi-x-lg"></i></div>{% endif %}
-              {% if mailboxdata.attributes.smtp_access == 1 %}<div class="badge fs-6 bg-success m-2">SMTP <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger">SMTP <i class="bi bi-x-lg"></i></div>{% endif %}
-              {% if mailboxdata.attributes.sieve_access == 1 %}<div class="badge fs-6 bg-success m-2">Sieve <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger">Sieve <i class="bi bi-x-lg"></i></div>{% endif %}
-              {% if mailboxdata.attributes.pop3_access == 1 %}<div class="badge fs-6 bg-success m-2">POP3 <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger">POP3 <i class="bi bi-x-lg"></i></div>{% endif %}
-              {% if not skip_sogo %}{% if mailboxdata.attributes.sogo_access == 1 %}<div class="badge fs-6 bg-success m-2">SOGo <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger">SOGo <i class="bi bi-x-lg"></i></div>{% endif %}{% endif %}       
+              {% if mailboxdata.attributes.imap_access == 1 %}<div class="badge fs-6 bg-success m-2">IMAP <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger m-2">IMAP <i class="bi bi-x-lg"></i></div>{% endif %}
+              {% if mailboxdata.attributes.smtp_access == 1 %}<div class="badge fs-6 bg-success m-2">SMTP <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger m-2">SMTP <i class="bi bi-x-lg"></i></div>{% endif %}
+              {% if mailboxdata.attributes.sieve_access == 1 %}<div class="badge fs-6 bg-success m-2">Sieve <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger m-2">Sieve <i class="bi bi-x-lg"></i></div>{% endif %}
+              {% if mailboxdata.attributes.pop3_access == 1 %}<div class="badge fs-6 bg-success m-2">POP3 <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger m-2">POP3 <i class="bi bi-x-lg"></i></div>{% endif %}
+              {% if not skip_sogo %}{% if mailboxdata.attributes.sogo_access == 1 %}<div class="badge fs-6 bg-success m-2">SOGo <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger m-2">SOGo <i class="bi bi-x-lg"></i></div>{% endif %}{% endif %}       
               </div>
             </div>
           </div>

From 981307a1c68616df0bf06b50a75be57c7aea00a3 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 8 Aug 2023 10:51:09 +0200
Subject: [PATCH 114/755] [Web] add missing break

---
 data/web/json_api.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/data/web/json_api.php b/data/web/json_api.php
index ac8963e45..07820d75d 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -2085,6 +2085,9 @@ if (isset($_GET['query'])) {
         case "identity-provider-test":
           process_edit_return(identity_provider('test', $attr));
         break;
+        case "cors":
+          process_edit_return(cors('edit', $attr));
+        break;
         // return no route found if no case is matched
         default:
           http_response_code(404);

From 597d98e1d775687bdb74269e6a75a1c7aed8ba54 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 12 Sep 2023 10:07:46 +0200
Subject: [PATCH 115/755] Fixes #5408

---
 data/conf/phpfpm/crons/keycloak-sync.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/data/conf/phpfpm/crons/keycloak-sync.php b/data/conf/phpfpm/crons/keycloak-sync.php
index baeec21d5..da26ca5be 100644
--- a/data/conf/phpfpm/crons/keycloak-sync.php
+++ b/data/conf/phpfpm/crons/keycloak-sync.php
@@ -155,10 +155,12 @@ while (true) {
       logMsg("warning", "No attributes in keycloak found for user " . $user['email']);
       continue;
     }
-    if (count($user['attributes']['mailcow_template']) == 0) {
+    if (!isset($user['attributes']['mailcow_template']) || 
+        !is_array($user['attributes']['mailcow_template']) || 
+        count($user['attributes']['mailcow_template']) == 0) {
       logMsg("warning", "No mailcow_template in keycloak found for user " . $user['email']);
       continue;
-    };
+    }
     $mailcow_template = $user['attributes']['mailcow_template'];
 
     // try get mailbox user

From 389eb99c10b37a730716fa0e60cdfaa27c7588b3 Mon Sep 17 00:00:00 2001
From: Mirko Ceroni <mirkoceroni@mirkoceroni.it>
Date: Fri, 1 Sep 2023 20:06:03 +0200
Subject: [PATCH 116/755] Update sogo-auth.php

initialize db before validating credentials
---
 data/web/sogo-auth.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/web/sogo-auth.php b/data/web/sogo-auth.php
index af6f851ba..d15527101 100644
--- a/data/web/sogo-auth.php
+++ b/data/web/sogo-auth.php
@@ -11,6 +11,7 @@ $session_var_pass = 'sogo-sso-pass';
 // validate credentials for basic auth requests
 if (isset($_SERVER['PHP_AUTH_USER'])) {
   // load prerequisites only when required
+  require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
   require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.inc.php';
   require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.auth.inc.php';
   $username = $_SERVER['PHP_AUTH_USER'];

From 73a044ec1432dafc223fbc0417830a6ae26cef5a Mon Sep 17 00:00:00 2001
From: Mirko Ceroni <mirkoceroni@mirkoceroni.it>
Date: Tue, 5 Sep 2023 20:50:14 +0200
Subject: [PATCH 117/755] Update sogo-auth.php

---
 data/web/sogo-auth.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/data/web/sogo-auth.php b/data/web/sogo-auth.php
index d15527101..c34a60def 100644
--- a/data/web/sogo-auth.php
+++ b/data/web/sogo-auth.php
@@ -12,8 +12,6 @@ $session_var_pass = 'sogo-sso-pass';
 if (isset($_SERVER['PHP_AUTH_USER'])) {
   // load prerequisites only when required
   require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
-  require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.inc.php';
-  require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.auth.inc.php';
   $username = $_SERVER['PHP_AUTH_USER'];
   $password = $_SERVER['PHP_AUTH_PW'];
   $is_eas = false;

From 3a4c0c84a3e79058750f0786f5fddc42a29e576b Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 26 Sep 2023 16:06:35 +0200
Subject: [PATCH 118/755] fix keycloak mailpassword flow

---
 data/conf/dovecot/auth/mailcowauth.php |  1 +
 data/web/inc/functions.auth.inc.php    | 13 ++++---------
 docker-compose.yml                     |  2 ++
 3 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/data/conf/dovecot/auth/mailcowauth.php b/data/conf/dovecot/auth/mailcowauth.php
index e38abd82b..d2da46598 100644
--- a/data/conf/dovecot/auth/mailcowauth.php
+++ b/data/conf/dovecot/auth/mailcowauth.php
@@ -43,6 +43,7 @@ catch (PDOException $e) {
 require_once 'functions.inc.php';
 require_once 'functions.auth.inc.php';
 require_once 'sessions.inc.php';
+require_once 'functions.mailbox.inc.php';
 
 // Init provider
 $iam_provider = identity_provider('init');
diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 8c35c1184..7183cc8c1 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -178,7 +178,7 @@ function user_login($user, $pass, $extra = null){
   // user does not exist, try call keycloak login and create user if possible via rest flow
   if (!$row){
     $iam_settings = identity_provider('get');
-    if ($iam_settings['authsource'] == 'keycloak' && intval($iam_settings['mailboxpassword_flow']) == 1){
+    if ($iam_settings['authsource'] == 'keycloak' && intval($iam_settings['mailpassword_flow']) == 1){
       $result = keycloak_mbox_login_rest($user, $pass, $iam_settings, array('is_internal' => $is_internal, 'create' => true));
       if ($result !== false) return $result;
     }
@@ -190,7 +190,7 @@ function user_login($user, $pass, $extra = null){
   if ($row['authsource'] == 'keycloak'){
     // user authsource is keycloak, try using via rest flow
     $iam_settings = identity_provider('get');
-    if (intval($iam_settings['mailboxpassword_flow']) == 1){
+    if (intval($iam_settings['mailpassword_flow']) == 1){
       $result = keycloak_mbox_login_rest($user, $pass, $iam_settings, array('is_internal' => $is_internal));
       return $result;
     } else {
@@ -367,8 +367,8 @@ function keycloak_mbox_login_rest($user, $pass, $iam_settings, $extra = null){
 
   // get mapped template, if not set return false
   // also return false if no mappers were defined
-  $user_template = $user_data['attributes']['mailcow_template'][0];
-  if ($create && (empty($iam_settings['mappers']) || $user_template)){
+  $user_template = $user_res['attributes']['mailcow_template'][0];
+  if ($create && (empty($iam_settings['mappers']) || !$user_template)){
     return false;
   } else if (!$create) {
     // login success - dont create mailbox
@@ -393,11 +393,6 @@ function keycloak_mbox_login_rest($user, $pass, $iam_settings, $extra = null){
   ));
   if (!$create_res) return false;
 
-  // check if created mailbox from template is even active
-  // maybe dont even create it if active != 1
-  if ($mailbox_attributes['active'] != 1){
-    return false;
-  }
 
   $_SESSION['return'][] =  array(
     'type' => 'success',
diff --git a/docker-compose.yml b/docker-compose.yml
index a330e1689..fa915bafa 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -124,6 +124,8 @@ services:
         - ./data/web/inc/functions.inc.php:/mailcowauth/functions.inc.php:z
         - ./data/web/inc/functions.auth.inc.php:/mailcowauth/functions.auth.inc.php:z
         - ./data/web/inc/sessions.inc.php:/mailcowauth/sessions.inc.php:z
+        - ./data/web/inc/functions.mailbox.inc.php:/mailcowauth/functions.mailbox.inc.php:z
+        - ./data/web/inc/functions.ratelimit.inc.php:/mailcowauth/functions.ratelimit.inc.php:z
         - rspamd-vol-1:/var/lib/rspamd
         - mysql-socket-vol-1:/var/run/mysqld/
         - ./data/conf/sogo/:/etc/sogo/:z

From b3a94e79e334107c7535285cbb1400fdefaeb00e Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Wed, 11 Oct 2023 14:48:40 +0200
Subject: [PATCH 119/755] Use dedicated nightly images on nightly branch +
 updates of images itself

---
 docker-compose.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index fa915bafa..572d203b0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -569,7 +569,7 @@ services:
     
     ##### Will be removed soon #####
     solr-mailcow:
-      image: mailcow/solr:1.8.2
+      image: mailcow/solr:nightly-20231011
       restart: always
       depends_on:
         - netfilter-mailcow
@@ -588,7 +588,7 @@ services:
     ################################
 
     olefy-mailcow:
-      image: mailcow/olefy:1.12
+      image: mailcow/olefy:nightly-20231011
       restart: always
       environment:
         - TZ=${TZ}

From 27ef04baa09cc928b7e6a6e0d84ca4f239cde9e0 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Mon, 16 Oct 2023 10:15:15 +0200
Subject: [PATCH 120/755] Update Dovecot to reuse lz4 compression

---
 data/conf/dovecot/dovecot.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf
index 9284d2cf8..c61d9a1b6 100644
--- a/data/conf/dovecot/dovecot.conf
+++ b/data/conf/dovecot/dovecot.conf
@@ -241,8 +241,8 @@ plugin {
   mail_crypt_global_public_key = </mail_crypt/ecpubkey.pem
   mail_crypt_save_version = 2
 
-  # Enable compression while saving, zstd Dovecot v2.3.17+
-  zlib_save = zstd
+  # Enable compression while saving, lz4 Dovecot v2.3.17+
+  zlib_save = lz4
 
   mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
   mail_log_fields = uid box msgid size

From ba32f1131e35ed27b3a609ae579c0fe5dc1d7ca8 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 20 Oct 2023 09:07:04 +0200
Subject: [PATCH 121/755] [Web] dont rtrim generic-oidc urls

---
 data/web/inc/functions.inc.php | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 0b55e75e1..efa34ef2e 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2165,9 +2165,9 @@ function identity_provider($_action, $_data = null, $_extra = null) {
         $_data['sync_interval']     = $_data['sync_interval'] < 1 ? 1 : $_data['sync_interval'];
         $required_settings          = array('authsource', 'server_url', 'realm', 'client_id', 'client_secret', 'redirect_url', 'version', 'mailpassword_flow', 'periodic_sync', 'import_users', 'sync_interval');
       } else if ($_data['authsource'] == "generic-oidc") {
-        $_data['authorize_url']     = (!empty($_data['authorize_url'])) ? rtrim($_data['authorize_url'], '/') : null;
-        $_data['token_url']         = (!empty($_data['token_url'])) ? rtrim($_data['token_url'], '/') : null;
-        $_data['userinfo_url']      = (!empty($_data['userinfo_url'])) ? rtrim($_data['userinfo_url'], '/') : null;
+        $_data['authorize_url']     = (!empty($_data['authorize_url'])) ? $_data['authorize_url'] : null;
+        $_data['token_url']         = (!empty($_data['token_url'])) ? $_data['token_url'] : null;
+        $_data['userinfo_url']      = (!empty($_data['userinfo_url'])) ? $_data['userinfo_url'] : null;
         $required_settings          = array('authsource', 'authorize_url', 'token_url', 'client_id', 'client_secret', 'redirect_url', 'userinfo_url');
       }
       
@@ -2184,9 +2184,6 @@ function identity_provider($_action, $_data = null, $_extra = null) {
           $pdo->rollback();
           return false;
         }
-        if ($setting == "server_url" || $setting == "authorize_url" || $setting == "token_url" || $setting == "userinfo_url") {
-          $_data[$setting] = rtrim($_data[$setting], '/');
-        }
 
         $stmt->bindParam(':key', $setting);
         $stmt->bindParam(':value', $_data[$setting]);

From eb9e3b8391a5d8f24e92ba9b5d00b1093e162747 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 20 Oct 2023 12:30:50 +0200
Subject: [PATCH 122/755] [Web] add configurable client scopes for generic-oidc

---
 data/web/inc/functions.inc.php                           | 9 +++++++--
 data/web/lang/lang.en-gb.json                            | 1 +
 .../templates/admin/tab-config-identity-provider.twig    | 8 +++++++-
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index efa34ef2e..221ef5c71 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2108,6 +2108,10 @@ function identity_provider($_action, $_data = null, $_extra = null) {
           $settings[$row["key"]] = $row["value"];
         }
       }
+      // return default client_scopes for generic-oidc if none is set
+      if ($settings["authsource"] == "generic-oidc" && empty($settings["client_scopes"])){
+        $settings["client_scopes"] = "openid profile email";
+      }
       if ($_extra['hide_sensitive']){
         $settings['client_secret'] = '';
         $settings['access_token'] = '';
@@ -2168,7 +2172,8 @@ function identity_provider($_action, $_data = null, $_extra = null) {
         $_data['authorize_url']     = (!empty($_data['authorize_url'])) ? $_data['authorize_url'] : null;
         $_data['token_url']         = (!empty($_data['token_url'])) ? $_data['token_url'] : null;
         $_data['userinfo_url']      = (!empty($_data['userinfo_url'])) ? $_data['userinfo_url'] : null;
-        $required_settings          = array('authsource', 'authorize_url', 'token_url', 'client_id', 'client_secret', 'redirect_url', 'userinfo_url');
+        $_data['client_scopes']     = (!empty($_data['client_scopes'])) ? $_data['client_scopes'] : "openid profile email";
+        $required_settings          = array('authsource', 'authorize_url', 'token_url', 'client_id', 'client_secret', 'redirect_url', 'userinfo_url', 'client_scopes');
       }
       
       $pdo->beginTransaction();
@@ -2318,7 +2323,7 @@ function identity_provider($_action, $_data = null, $_extra = null) {
             'urlAuthorize'            => $iam_settings['authorize_url'],
             'urlAccessToken'          => $iam_settings['token_url'],
             'urlResourceOwnerDetails' => $iam_settings['userinfo_url'],
-            'scopes'                  => 'openid profile email'
+            'scopes'                  => $iam_settings['client_scopes']
           ]);
         }
       }
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index d77de7373..869e69d16 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -217,6 +217,7 @@
         "iam_auth_flow_info": "In addition to the Authorization Code Flow (Standard Flow in Keycloak), which is used for Single-Sign On login, mailcow also supports Authentication Flow with direct Credentials. The Mailpassword Flow attempts to validate the user's credentials by using the Keycloak Admin REST API. mailcow retrieves the hashed password from the <code>mailcow_password</code> attribute, which is mapped in Keycloak.",
         "iam_client_id": "Client ID",
         "iam_client_secret": "Client Secret",
+        "iam_client_scopes": "Client Scopes",
         "iam_description": "Configure an external OIDC Provider for Authentication<br>User's mailboxes will be automatically created upon their first login, provided that an attribute mapping has been set.",
         "iam_extra_permission": "For the following settings to work, the mailcow client in Keycloak needs a <code>Service account</code> and the permission to <code>view-users</code>.",
         "iam_import_users": "Import Users",
diff --git a/data/web/templates/admin/tab-config-identity-provider.twig b/data/web/templates/admin/tab-config-identity-provider.twig
index 88ccc95ee..32c20feab 100644
--- a/data/web/templates/admin/tab-config-identity-provider.twig
+++ b/data/web/templates/admin/tab-config-identity-provider.twig
@@ -207,12 +207,18 @@
               </div>
             </div>
           </div>
-          <div class="row mb-4">
+          <div class="row mb-2">
             <label class="control-label col-md-3 text-sm-end" for="iam_redirect_url">{{ lang.admin.iam_redirect_url }}:</label>
             <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" id="iam_redirect_url" name="redirect_url" value="{{ iam_settings.redirect_url }}" required>
             </div>
           </div>
+          <div class="row mb-4">
+            <label class="control-label col-md-3 text-sm-end" for="iam_client_scopes">{{ lang.admin.iam_client_scopes }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
+              <input type="text" placeholder="openid profile email" class="form-control" id="iam_client_scopes" name="client_scopes" value="{{ iam_settings.client_scopes }}">
+            </div>
+          </div>
           <div class="row mb-2">
             <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_mapping }}:</label>
             <div class="col-12 col-md-9 col-lg-4">

From db47696ba7eaa4a1236f52d6e557d94aa505bde4 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@tinc.gmbh>
Date: Tue, 24 Oct 2023 11:43:19 +0200
Subject: [PATCH 123/755] Updated Dovecot Image to use OpenSSL 3.0 fix

---
 data/dmarcparser.conf | 36 ++++++++++++++++++++++++++
 test.conf             |  3 +++
 test.sh               | 59 +++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 98 insertions(+)
 create mode 100644 data/dmarcparser.conf
 create mode 100644 test.conf
 create mode 100644 test.sh

diff --git a/data/dmarcparser.conf b/data/dmarcparser.conf
new file mode 100644
index 000000000..2bf611d6a
--- /dev/null
+++ b/data/dmarcparser.conf
@@ -0,0 +1,36 @@
+server {
+  ssl_certificate /etc/ssl/mail/cert.pem;
+  ssl_certificate_key /etc/ssl/mail/key.pem;
+  ssl_protocols TLSv1.2 TLSv1.3;
+  ssl_prefer_server_ciphers on;
+  ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
+  ssl_ecdh_curve X25519:X448:secp384r1:secp256k1;
+  ssl_session_cache shared:SSL:50m;
+  ssl_session_timeout 1d;
+  ssl_session_tickets off;
+  index index.php index.html;
+  client_max_body_size 0;
+  root /web;
+  include /etc/nginx/conf.d/listen_plain.active;
+  include /etc/nginx/conf.d/listen_ssl.active;
+  server_name dmarcparse.derlinkman.de;
+  server_tokens off;
+
+  location ^~ /.well-known/acme-challenge/ {
+    allow all;
+    default_type "text/plain";
+  }
+
+  if ($scheme = http) {
+    return 301 https://$host$request_uri;
+  }
+
+  location / {
+    proxy_pass http://dmarcparser:8080/;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    client_max_body_size 0;
+  }
+}
\ No newline at end of file
diff --git a/test.conf b/test.conf
new file mode 100644
index 000000000..4cad7795b
--- /dev/null
+++ b/test.conf
@@ -0,0 +1,3 @@
+# Solr heap size in MB, there is no recommendation, please see Solr docs.
+# Solr is a prone to run OOM and should be monitored. Unmonitored Solr setups are not recommended.
+# Solr will refuse to start with total system memory below or equal to 2 GB.
\ No newline at end of file
diff --git a/test.sh b/test.sh
new file mode 100644
index 000000000..1e38b3907
--- /dev/null
+++ b/test.sh
@@ -0,0 +1,59 @@
+#!/bin/bash
+source mailcow.conf
+SOLR_OPTIONS=(
+  "SOLR_HEAP"
+  "SOLR_PORT"
+  "SKIP_SOLR"
+  )
+remove_solr_config_options() {
+  sed -i --follow-symlinks '$a\' mailcow.conf
+  for option in "${SOLR_OPTIONS[@]}"; do
+  if [[ $option == "SOLR_HEAP" ]]; then
+    if grep -q "${option}" mailcow.conf; then
+      echo "Replacing SOLR_HEAP with \"${option}\" in mailcow.conf"
+      sed -i '/# Solr heap size in MB\b/c\# Dovecot Indexing (FTS) Process heap size in MB, there is no recommendation, please see Dovecot docs.' mailcow.conf
+      sed -i '/# Solr is a prone to run\b/c\# Flatcurve is replacing solr as FTS Indexer completely. It is supposed to be much more efficient in CPU and RAM consumption.'  mailcow.conf
+      sed -i 's/SOLR_HEAP/FTS_HEAP/g' mailcow.conf
+    fi
+  fi
+  if [[ $option == "SKIP_SOLR" ]]; then
+    if grep -q "${option}" mailcow.conf; then
+      echo "Replacing $option in mailcow.conf with SKIP_FLATCURVE"
+      sed -i '/\bSkip Solr on low-memory\b/c\# Skip Flatcurve (FTS) on low-memory systems or if you simply want to disable it.' mailcow.conf
+      sed -i '/\bSolr is disabled by default\b/d' mailcow.conf
+      sed -i '/\bDisable Solr or\b/d' mailcow.conf
+      sed -i 's/SKIP_SOLR/SKIP_FLATCURVE/g' mailcow.conf
+    fi
+  fi
+  if [[ $option == "SOLR_PORT" ]]; then
+    if grep -q "${option}" mailcow.conf; then
+      echo "Removing ${option} in mailcow.conf"
+      sed -i '/\bSOLR_PORT\b/d' mailcow.conf
+    fi
+  fi
+  done
+
+  solr_volume=$(docker volume ls -qf name=^${COMPOSE_PROJECT_NAME}_solr-vol-1)
+  if [[ -n $solr_volume ]]; then
+    echo -e "\e[34mSolr has been replaced within mailcow since 2024-XX.\e[0m"
+    sleep 1
+    echo -e "\e[34mTherefore the volume $solr_volume is unused.\e[0m"
+    sleep 1
+    read -r -p "Would you like to remove the $solr_volume? " response
+    if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+      echo -e "\e[33mRemoving $solr_volume...\e[0m"
+      docker volume rm $solr_volume
+      if [[ $? != 0 ]]; then
+        echo -e "\e[31mCould not remove the volume... Please remove it manually!\e[0m"
+      else
+        echo -e "\e[32mSucessfully removed $solr_volume!\e[0m"
+      fi
+    else
+      echo "Ok! Not removing $solr_volume then."
+      echo "Once you decided on removing the volume simply run docker volume rm $solr_volume to remove it manually."
+      echo "This can be done anytime. mailcow does not use this volume anymore."
+    fi
+  fi  
+}
+
+remove_solr_config_options
\ No newline at end of file

From 9039ab4e12b134f99b331b30f06850286e16d5f7 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 26 Oct 2023 12:46:53 +0200
Subject: [PATCH 124/755] [Web] add missing file to autodiscover.php

---
 data/web/autodiscover.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/web/autodiscover.php b/data/web/autodiscover.php
index 992524b35..cff10b4c6 100644
--- a/data/web/autodiscover.php
+++ b/data/web/autodiscover.php
@@ -1,6 +1,7 @@
 <?php
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/vars.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.auth.inc.php';
 $default_autodiscover_config = $autodiscover_config;
 if(file_exists('inc/vars.local.inc.php')) {
   include_once 'inc/vars.local.inc.php';

From 2f1e1438e9a2f266e1ddbe9e85c6fef4d3afc016 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 30 Oct 2023 10:04:43 +0100
Subject: [PATCH 125/755] [Web] add log messages to verify-sso function

---
 data/web/inc/functions.inc.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 221ef5c71..0b69a4a69 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2378,8 +2378,8 @@ function identity_provider($_action, $_data = null, $_extra = null) {
         clear_session();  
         $_SESSION['return'][] =  array(
           'type' => 'danger',
-          'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
-          'msg' => 'login_failed'
+          'log' => array(__FUNCTION__, $info['email']),
+          'msg' => array('login_failed', 'empty attribute mapping or missing template attribute')
         );
         return false;
       }
@@ -2390,8 +2390,8 @@ function identity_provider($_action, $_data = null, $_extra = null) {
         clear_session();  
         $_SESSION['return'][] =  array(
           'type' => 'danger',
-          'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
-          'msg' => 'login_failed'
+          'log' => array(__FUNCTION__, $info['email']),
+          'msg' => array('login_failed', 'specified template not found')
         );
         return false;
       }
@@ -2407,8 +2407,8 @@ function identity_provider($_action, $_data = null, $_extra = null) {
         clear_session();  
         $_SESSION['return'][] =  array(
           'type' => 'danger',
-          'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
-          'msg' => 'login_failed'
+          'log' => array(__FUNCTION__, $info['email']),
+          'msg' => array('login_failed', 'mailbox creation failed')
         );
         return false;
       }

From 1cda16523dac97e5dfc51f2a02f1a17f58ea1844 Mon Sep 17 00:00:00 2001
From: Geert Hauwaerts <geert@hauwaerts.be>
Date: Thu, 2 Nov 2023 17:42:08 +0200
Subject: [PATCH 126/755] Fixed SQL query for retrieving SSO users.

---
 data/web/inc/functions.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 0b69a4a69..36b1213bc 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2355,7 +2355,7 @@ function identity_provider($_action, $_data = null, $_extra = null) {
           AND `mailbox`.`active`='1'
           AND `domain`.`active`='1'
           AND `username` = :user
-          AND `authsource`='keycloak' OR `authsource`='generic-oidc'");
+          AND (`authsource`='keycloak' OR `authsource`='generic-oidc')");
       $stmt->execute(array(':user' => $info['email']));
       $row = $stmt->fetch(PDO::FETCH_ASSOC);
       if ($row){

From 216398355be8c137cc894e48d0f9bfdb00beab7d Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 5 Feb 2024 15:22:02 +0100
Subject: [PATCH 127/755] fix functions.inc.php, update sogo and dovecot
 nightly image

---
 data/web/inc/functions.inc.php | 2 --
 docker-compose.yml             | 4 ++--
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 36b1213bc..215a95fdd 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2086,8 +2086,6 @@ function uuid4() {
 
   return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4));
 }
-function identity_provider($_action, $_data = null) {
-function identity_provider($_action, $_data = null, $hide_secret = false) {
 function identity_provider($_action, $_data = null, $_extra = null) {
   global $pdo;
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 572d203b0..d7cf072d0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -187,7 +187,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.122.1
+      image: mailcow/sogo:nightly-20240205
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}
@@ -234,7 +234,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:1.28.2
+      image: mailcow/dovecot:nightly-20240205
       depends_on:
         - mysql-mailcow
         - netfilter-mailcow

From 058b79ed5c7029bb0927f3265bd467f0dfbf4a45 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Mon, 5 Feb 2024 15:57:44 +0100
Subject: [PATCH 128/755] dovecot: corrected dockerfile inside nightly

---
 data/Dockerfiles/dovecot/Dockerfile | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index a3bdc8472..20831fab2 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -3,8 +3,6 @@ LABEL maintainer "The Infrastructure Company GmbH GmbH <info@servercow.de>"
 
 # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced extractVersion=^(?<version>.*)$
 ARG GOSU_VERSION=1.16
-ARG DOVECOT_VERSION=2.3.20
-ARG PIGEONHOLE_VERSION=0.5.20
 ENV LC_ALL C
 
 
@@ -27,7 +25,6 @@ RUN addgroup -g 5000 vmail \
   curl \
   jq \
   lua \
-  lua-json \
   lua-cjson \
   lua-socket \
   lua-sql-mysql \

From 9a4b79a6296452a8cf2c9365b4a245bc4ecef5d5 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 5 Feb 2024 17:11:36 +0100
Subject: [PATCH 129/755] [Web] fix idp mailbox login

---
 data/web/inc/functions.mailbox.inc.php | 6 +++---
 data/web/templates/index.twig          | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 457b53d60..46658274e 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1027,10 +1027,10 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           }
           $template_attr = null;
           if ($_data['template']){
-            $template_attr = mailbox('get', 'mailbox_templates', $_data['template'])['attributes'];
+            $template_attr = mailbox('get', 'mailbox_templates', $_data['template'], $_extra)['attributes'];
           }
           if (empty($template_attr)) {
-            $template_attr = mailbox('get', 'mailbox_templates')[0]['attributes'];
+            $template_attr = mailbox('get', 'mailbox_templates', null, $_extra)[0]['attributes'];
           }
           $MAILBOX_DEFAULT_ATTRIBUTES = array_merge($MAILBOX_DEFAULT_ATTRIBUTES, $template_attr);
 
@@ -4711,7 +4711,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           return $mailboxdata;
         break;
         case 'mailbox_templates':
-          if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {
+          if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin" && !$_extra['iam_create_login']) {
             return false;
           }
           $_data = (isset($_data)) ? intval($_data) : null;
diff --git a/data/web/templates/index.twig b/data/web/templates/index.twig
index 98847d53e..3c752b132 100644
--- a/data/web/templates/index.twig
+++ b/data/web/templates/index.twig
@@ -40,7 +40,7 @@
               <input name="pass_user" type="password" id="pass_user" class="form-control" placeholder="{{ lang.login.password }}" required="" autocomplete="current-password">
             </div>
           </div>
-          <div class="d-flex mt-4" style="position: relative">
+          <div class="d-flex justify-content-between mt-4" style="position: relative">
             <div class="btn-group">
               <button type="submit" class="btn btn-xs-lg btn-success" value="Login">{{ lang.login.login }}</button>
               <button type="button" class="btn btn-xs-lg btn-success dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false"></button>

From 448f85abe81aa4b63c0143ad352acbf843f78b8f Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Wed, 7 Feb 2024 15:28:42 +0100
Subject: [PATCH 130/755] Remove unused files

---
 data/dmarcparser.conf | 36 --------------------------
 test.conf             |  3 ---
 test.sh               | 59 -------------------------------------------
 3 files changed, 98 deletions(-)
 delete mode 100644 data/dmarcparser.conf
 delete mode 100644 test.conf
 delete mode 100644 test.sh

diff --git a/data/dmarcparser.conf b/data/dmarcparser.conf
deleted file mode 100644
index 2bf611d6a..000000000
--- a/data/dmarcparser.conf
+++ /dev/null
@@ -1,36 +0,0 @@
-server {
-  ssl_certificate /etc/ssl/mail/cert.pem;
-  ssl_certificate_key /etc/ssl/mail/key.pem;
-  ssl_protocols TLSv1.2 TLSv1.3;
-  ssl_prefer_server_ciphers on;
-  ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
-  ssl_ecdh_curve X25519:X448:secp384r1:secp256k1;
-  ssl_session_cache shared:SSL:50m;
-  ssl_session_timeout 1d;
-  ssl_session_tickets off;
-  index index.php index.html;
-  client_max_body_size 0;
-  root /web;
-  include /etc/nginx/conf.d/listen_plain.active;
-  include /etc/nginx/conf.d/listen_ssl.active;
-  server_name dmarcparse.derlinkman.de;
-  server_tokens off;
-
-  location ^~ /.well-known/acme-challenge/ {
-    allow all;
-    default_type "text/plain";
-  }
-
-  if ($scheme = http) {
-    return 301 https://$host$request_uri;
-  }
-
-  location / {
-    proxy_pass http://dmarcparser:8080/;
-    proxy_set_header Host $http_host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto $scheme;
-    client_max_body_size 0;
-  }
-}
\ No newline at end of file
diff --git a/test.conf b/test.conf
deleted file mode 100644
index 4cad7795b..000000000
--- a/test.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-# Solr heap size in MB, there is no recommendation, please see Solr docs.
-# Solr is a prone to run OOM and should be monitored. Unmonitored Solr setups are not recommended.
-# Solr will refuse to start with total system memory below or equal to 2 GB.
\ No newline at end of file
diff --git a/test.sh b/test.sh
deleted file mode 100644
index 1e38b3907..000000000
--- a/test.sh
+++ /dev/null
@@ -1,59 +0,0 @@
-#!/bin/bash
-source mailcow.conf
-SOLR_OPTIONS=(
-  "SOLR_HEAP"
-  "SOLR_PORT"
-  "SKIP_SOLR"
-  )
-remove_solr_config_options() {
-  sed -i --follow-symlinks '$a\' mailcow.conf
-  for option in "${SOLR_OPTIONS[@]}"; do
-  if [[ $option == "SOLR_HEAP" ]]; then
-    if grep -q "${option}" mailcow.conf; then
-      echo "Replacing SOLR_HEAP with \"${option}\" in mailcow.conf"
-      sed -i '/# Solr heap size in MB\b/c\# Dovecot Indexing (FTS) Process heap size in MB, there is no recommendation, please see Dovecot docs.' mailcow.conf
-      sed -i '/# Solr is a prone to run\b/c\# Flatcurve is replacing solr as FTS Indexer completely. It is supposed to be much more efficient in CPU and RAM consumption.'  mailcow.conf
-      sed -i 's/SOLR_HEAP/FTS_HEAP/g' mailcow.conf
-    fi
-  fi
-  if [[ $option == "SKIP_SOLR" ]]; then
-    if grep -q "${option}" mailcow.conf; then
-      echo "Replacing $option in mailcow.conf with SKIP_FLATCURVE"
-      sed -i '/\bSkip Solr on low-memory\b/c\# Skip Flatcurve (FTS) on low-memory systems or if you simply want to disable it.' mailcow.conf
-      sed -i '/\bSolr is disabled by default\b/d' mailcow.conf
-      sed -i '/\bDisable Solr or\b/d' mailcow.conf
-      sed -i 's/SKIP_SOLR/SKIP_FLATCURVE/g' mailcow.conf
-    fi
-  fi
-  if [[ $option == "SOLR_PORT" ]]; then
-    if grep -q "${option}" mailcow.conf; then
-      echo "Removing ${option} in mailcow.conf"
-      sed -i '/\bSOLR_PORT\b/d' mailcow.conf
-    fi
-  fi
-  done
-
-  solr_volume=$(docker volume ls -qf name=^${COMPOSE_PROJECT_NAME}_solr-vol-1)
-  if [[ -n $solr_volume ]]; then
-    echo -e "\e[34mSolr has been replaced within mailcow since 2024-XX.\e[0m"
-    sleep 1
-    echo -e "\e[34mTherefore the volume $solr_volume is unused.\e[0m"
-    sleep 1
-    read -r -p "Would you like to remove the $solr_volume? " response
-    if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-      echo -e "\e[33mRemoving $solr_volume...\e[0m"
-      docker volume rm $solr_volume
-      if [[ $? != 0 ]]; then
-        echo -e "\e[31mCould not remove the volume... Please remove it manually!\e[0m"
-      else
-        echo -e "\e[32mSucessfully removed $solr_volume!\e[0m"
-      fi
-    else
-      echo "Ok! Not removing $solr_volume then."
-      echo "Once you decided on removing the volume simply run docker volume rm $solr_volume to remove it manually."
-      echo "This can be done anytime. mailcow does not use this volume anymore."
-    fi
-  fi  
-}
-
-remove_solr_config_options
\ No newline at end of file

From 40146839efb3754b2db4045f0111178ffd1883c5 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Thu, 8 Feb 2024 09:47:41 +0100
Subject: [PATCH 131/755] docker-compose: bumped versions

---
 docker-compose.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index d7cf072d0..a62ea1212 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -187,7 +187,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:nightly-20240205
+      image: mailcow/sogo:nightly-20240208
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}
@@ -234,7 +234,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:nightly-20240205
+      image: mailcow/dovecot:nightly-20240208
       depends_on:
         - mysql-mailcow
         - netfilter-mailcow

From e184713c67ad0a75d5164237ecd0c97e8a0552aa Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Thu, 8 Feb 2024 13:06:02 +0100
Subject: [PATCH 132/755] added action for support label in issues

---
 .../workflows/check_if_support_labeled.yml    | 37 +++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 .github/workflows/check_if_support_labeled.yml

diff --git a/.github/workflows/check_if_support_labeled.yml b/.github/workflows/check_if_support_labeled.yml
new file mode 100644
index 000000000..87d93ecb6
--- /dev/null
+++ b/.github/workflows/check_if_support_labeled.yml
@@ -0,0 +1,37 @@
+name: Check if labeled support, if so send message and close issue
+on:
+  issues:
+    types:
+      - labeled
+jobs:
+  add-comment:
+    if: github.event.label.name == 'support'
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+    steps:
+      - name: Add comment
+        run: gh issue comment "$NUMBER" --body "$BODY"
+        env:
+          GH_TOKEN: ${{ secrets.SUPPORTISSUES_ACTION_PAT }}
+          GH_REPO: ${{ github.repository }}
+          NUMBER: ${{ github.event.issue.number }}
+          BODY: |
+              **THIS IS A AUTOMATED MESSAGE!**
+
+              It seems your issue is not a bug.
+              Therefore we highly advise you to get support!
+              
+              You can get support either by:
+              - ordering a paid [support contract at Servercow](https://www.servercow.de/mailcow?lang=en#support/) (Directly from the developers) or
+              - using the [community forum](https://community.mailcow.email) (**Based on volunteers! NO guaranteed answer**) or
+              - using the [Telegram support channel](https://t.me/mailcow) (**Based on volunteers! NO guaranteed answer**)
+
+              This issue will be closed. If you think your reported issue is not a support case feel free to comment above and if so the issue will reopened.
+
+      - name: Close issue
+        env:
+          GH_TOKEN: ${{ secrets.SUPPORTISSUES_ACTION_PAT }}
+          GH_REPO: ${{ github.repository }}
+          NUMBER: ${{ github.event.issue.number }}
+        run: gh issue close "$NUMBER" -r "not planned"
\ No newline at end of file

From 63426c3cd023922a6e3c5f3aa40c4cc95f1d9fe1 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 8 Feb 2024 15:55:26 +0100
Subject: [PATCH 133/755] unbound: remove netcat check & package

---
 data/Dockerfiles/unbound/Dockerfile     |  3 +--
 data/Dockerfiles/unbound/healthcheck.sh | 27 -------------------------
 2 files changed, 1 insertion(+), 29 deletions(-)

diff --git a/data/Dockerfiles/unbound/Dockerfile b/data/Dockerfiles/unbound/Dockerfile
index f6d072cc6..3090895ba 100644
--- a/data/Dockerfiles/unbound/Dockerfile
+++ b/data/Dockerfiles/unbound/Dockerfile
@@ -5,7 +5,6 @@ LABEL maintainer "The Infrastructure Company GmbH GmbH <info@servercow.de>"
 RUN apk add --update --no-cache \
 	curl \
 	bind-tools \
-	netcat-openbsd \
 	unbound \
 	bash \
 	openssl \
@@ -20,7 +19,7 @@ EXPOSE 53/udp 53/tcp
 
 COPY docker-entrypoint.sh /docker-entrypoint.sh
 
-# healthcheck (dig, ping, nc)
+# healthcheck (dig, ping)
 COPY healthcheck.sh /healthcheck.sh
 RUN chmod +x /healthcheck.sh
 HEALTHCHECK --interval=30s --timeout=30s CMD [ "/healthcheck.sh" ]
diff --git a/data/Dockerfiles/unbound/healthcheck.sh b/data/Dockerfiles/unbound/healthcheck.sh
index a96eaab41..8da79bd77 100644
--- a/data/Dockerfiles/unbound/healthcheck.sh
+++ b/data/Dockerfiles/unbound/healthcheck.sh
@@ -50,27 +50,6 @@ function check_dns() {
     
 }
 
-# Simple Netcat Check to connect to common webports
-function check_netcat() {
-    declare -a domains=("mailcow.email" "github.com" "hub.docker.com")
-    declare -a ports=("80" "443")
-
-    for domain in "${domains[@]}" ; do
-        for port in "${ports[@]}" ; do
-            nc -z -w 2 $domain $port
-            if [ $? -ne 0 ]; then
-                log_to_file "Healthcheck: Could not reach $domain on Port $port... Gave up!"
-                log_to_file "Please check your internet connection or firewall rules to fix this error."
-                return 1
-            fi
-        done
-    done
-
-    log_to_file "Healthcheck: Netcat Checks WORKING properly!"
-    return 0
-
-}
-
 if [[ ${SKIP_UNBOUND_HEALTHCHECK} == "y" ]]; then
     log_to_file "Healthcheck: ALL CHECKS WERE SKIPPED! Unbound is healthy!"
     exit 0
@@ -89,11 +68,5 @@ if [ $? -ne 0 ]; then
     exit 1
 fi
 
-check_netcat
-
-if [ $? -ne 0 ]; then
-    exit 1
-fi
-
 log_to_file "Healthcheck: ALL CHECKS WERE SUCCESSFUL! Unbound is healthy!"
 exit 0
\ No newline at end of file

From 1787c53d98ad2251bf2a945ac81358a61ee36664 Mon Sep 17 00:00:00 2001
From: Habetdin <15926758+Habetdin@users.noreply.github.com>
Date: Tue, 30 Jan 2024 14:09:37 +0300
Subject: [PATCH 134/755] [Netfilter] respect ban time limits

---
 data/Dockerfiles/netfilter/main.py | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/data/Dockerfiles/netfilter/main.py b/data/Dockerfiles/netfilter/main.py
index 62e0dda75..c3ca379ca 100644
--- a/data/Dockerfiles/netfilter/main.py
+++ b/data/Dockerfiles/netfilter/main.py
@@ -114,8 +114,6 @@ def ban(address):
   global lock
 
   refreshF2boptions()
-  BAN_TIME = int(f2boptions['ban_time'])
-  BAN_TIME_INCREMENT = bool(f2boptions['ban_time_increment'])
   MAX_ATTEMPTS = int(f2boptions['max_attempts'])
   RETRY_WINDOW = int(f2boptions['retry_window'])
   NETBAN_IPV4 = '/' + str(f2boptions['netban_ipv4'])
@@ -150,7 +148,7 @@ def ban(address):
 
   if bans[net]['attempts'] >= MAX_ATTEMPTS:
     cur_time = int(round(time.time()))
-    NET_BAN_TIME = BAN_TIME if not BAN_TIME_INCREMENT else BAN_TIME * 2 ** bans[net]['ban_counter']
+    NET_BAN_TIME = calcNetBanTime(bans[net]['ban_counter'])
     logger.logCrit('Banning %s for %d minutes' % (net, NET_BAN_TIME / 60 ))
     if type(ip) is ipaddress.IPv4Address and int(f2boptions['manage_external']) != 1:
       with lock:
@@ -277,12 +275,11 @@ def snat6(snat_target):
       tables.snat6(snat_target, os.getenv('IPV6_NETWORK', 'fd4d:6169:6c63:6f77::/64'))
 
 def autopurge():
+  global f2boptions
+
   while not quit_now:
     time.sleep(10)
     refreshF2boptions()
-    BAN_TIME = int(f2boptions['ban_time'])
-    MAX_BAN_TIME = int(f2boptions['max_ban_time'])
-    BAN_TIME_INCREMENT = bool(f2boptions['ban_time_increment'])
     MAX_ATTEMPTS = int(f2boptions['max_attempts'])
     QUEUE_UNBAN = r.hgetall('F2B_QUEUE_UNBAN')
     if QUEUE_UNBAN:
@@ -290,9 +287,9 @@ def autopurge():
         unban(str(net))
     for net in bans.copy():
       if bans[net]['attempts'] >= MAX_ATTEMPTS:
-        NET_BAN_TIME = BAN_TIME if not BAN_TIME_INCREMENT else BAN_TIME * 2 ** bans[net]['ban_counter']
+        NET_BAN_TIME = calcNetBanTime(bans[net]['ban_counter'])
         TIME_SINCE_LAST_ATTEMPT = time.time() - bans[net]['last_attempt']
-        if TIME_SINCE_LAST_ATTEMPT > NET_BAN_TIME or TIME_SINCE_LAST_ATTEMPT > MAX_BAN_TIME:
+        if TIME_SINCE_LAST_ATTEMPT > NET_BAN_TIME:
           unban(net)
 
 def mailcowChainOrder():
@@ -306,6 +303,16 @@ def mailcowChainOrder():
       if quit_now: return
       quit_now, exit_code = tables.checkIPv6ChainOrder()
 
+def calcNetBanTime(ban_counter):
+  global f2boptions
+
+  BAN_TIME = int(f2boptions['ban_time'])
+  MAX_BAN_TIME = int(f2boptions['max_ban_time'])
+  BAN_TIME_INCREMENT = bool(f2boptions['ban_time_increment'])
+  NET_BAN_TIME = BAN_TIME if not BAN_TIME_INCREMENT else BAN_TIME * 2 ** ban_counter
+  NET_BAN_TIME = max([BAN_TIME, min([NET_BAN_TIME, MAX_BAN_TIME])])
+  return NET_BAN_TIME
+
 def isIpNetwork(address):
   try:
     ipaddress.ip_network(address, False)

From 3cb9c2ece548c8cb8ce7f41a503ec32ea9c46bfc Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Fri, 9 Feb 2024 08:05:19 +0100
Subject: [PATCH 135/755] ui: fix wrong docs links

ui: fixed broken Links to docs
---
 data/web/lang/lang.cs-cz.json | 2 +-
 data/web/lang/lang.da-dk.json | 2 +-
 data/web/lang/lang.de-de.json | 2 +-
 data/web/lang/lang.en-gb.json | 2 +-
 data/web/lang/lang.fr-fr.json | 2 +-
 data/web/lang/lang.it-it.json | 2 +-
 data/web/lang/lang.nl-nl.json | 2 +-
 data/web/lang/lang.pt-br.json | 2 +-
 data/web/lang/lang.ro-ro.json | 2 +-
 data/web/lang/lang.ru-ru.json | 2 +-
 data/web/lang/lang.si-si.json | 2 +-
 data/web/lang/lang.sk-sk.json | 2 +-
 data/web/lang/lang.sv-se.json | 2 +-
 data/web/lang/lang.uk-ua.json | 2 +-
 data/web/lang/lang.zh-cn.json | 2 +-
 data/web/lang/lang.zh-tw.json | 2 +-
 16 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/data/web/lang/lang.cs-cz.json b/data/web/lang/lang.cs-cz.json
index 2d0b1014e..593f1cdcf 100644
--- a/data/web/lang/lang.cs-cz.json
+++ b/data/web/lang/lang.cs-cz.json
@@ -547,7 +547,7 @@
         "dns_records": "DNS záznamy",
         "dns_records_24hours": "Upozornění: Změnám v systému DNS může trvat až 24 hodin, než se zde správně zobrazí jejich aktuální stav. Můžete zde snadno zjistit, jak nastavit DNS záznamy a zda jsou všechny záznamy správně uloženy.",
         "dns_records_data": "Správný záznam",
-        "dns_records_docs": "Přečtěte si prosím <a target=\"_blank\" href=\"https://docs.mailcow.email/prerequisite/prerequisite-dns/\">dokumentaci</a>.",
+        "dns_records_docs": "Přečtěte si prosím <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">dokumentaci</a>.",
         "dns_records_name": "Název",
         "dns_records_status": "Současný stav",
         "dns_records_type": "Typ",
diff --git a/data/web/lang/lang.da-dk.json b/data/web/lang/lang.da-dk.json
index 33629bbeb..95db916ef 100644
--- a/data/web/lang/lang.da-dk.json
+++ b/data/web/lang/lang.da-dk.json
@@ -459,7 +459,7 @@
         "cname_from_a": "Værdi afledt af A / AAAA-post. Dette understøttes, så længe posten peger på den korrekte ressource.",
         "dns_records": "DNS-poster",
         "dns_records_24hours": "Bemærk, at ændringer, der foretages i DNS, kan tage op til 24 timer for at få deres aktuelle status korrekt reflekteret på denne side. Det er beregnet som en måde for dig let at se, hvordan du konfigurerer dine DNS-poster og kontrollere, om alle dine poster er korrekt gemt i DNS.",
-        "dns_records_docs": "Se også <a target=\"_blank\" href=\"https://docs.mailcow.email/prerequisite/prerequisite-dns/\">dokumentationen</a>.",
+        "dns_records_docs": "Se også <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">dokumentationen</a>.",
         "dns_records_data": "Korrekte data",
         "dns_records_name": "Navn",
         "dns_records_status": "Nuværende tilstand",
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index ddadfac63..73d02bdd0 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -556,7 +556,7 @@
         "dns_records": "DNS-Einträge",
         "dns_records_24hours": "Bitte beachten Sie, dass es bis zu 24 Stunden dauern kann, bis Änderungen an Ihren DNS-Einträgen als aktueller Status auf dieser Seite dargestellt werden. Diese Seite ist nur als Hilfsmittel gedacht, um die korrekten Werte für DNS-Einträge anzuzeigen und zu überprüfen, ob die Daten im DNS hinterlegt sind.",
         "dns_records_data": "Korrekte Daten",
-        "dns_records_docs": "Die <a target=\"_blank\" href=\"https://docs.mailcow.email/prerequisite/prerequisite-dns/\">Online-Dokumentation</a> enthält weitere Informationen zur DNS-Konfiguration.",
+        "dns_records_docs": "Die <a target=\"_blank\" href=\"https://docs.mailcow.email/de/getstarted/prerequisite-dns\">Online-Dokumentation</a> enthält weitere Informationen zur DNS-Konfiguration.",
         "dns_records_name": "Name",
         "dns_records_status": "Aktueller Status",
         "dns_records_type": "Typ",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index ec97d0aef..e413664f5 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -556,7 +556,7 @@
         "dns_records": "DNS Records",
         "dns_records_24hours": "Please note that changes made to DNS may take up to 24 hours to correctly have their current state reflected on this page. It is intended as a way for you to easily see how to configure your DNS records and to check whether all your records are correctly stored in DNS.",
         "dns_records_data": "Correct Data",
-        "dns_records_docs": "Please also consult <a target=\"_blank\" href=\"https://docs.mailcow.email/prerequisite/prerequisite-dns/\">the documentation</a>.",
+        "dns_records_docs": "Please also consult <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">the documentation</a>.",
         "dns_records_name": "Name",
         "dns_records_status": "Current State",
         "dns_records_type": "Type",
diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index 96e1aef7d..4b5ab2e50 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -483,7 +483,7 @@
         "cname_from_a": "Valeur dérivée de l’enregistrement A/AAAA. Ceci est supporté tant que l’enregistrement indique la bonne ressource.",
         "dns_records": "Enregistrements DNS",
         "dns_records_24hours": "Veuillez noter que les modifications apportées au DNS peuvent prendre jusqu’à 24 heures pour que leurs états actuels soient correctement reflétés sur cette page. Il est conçu comme un moyen pour vous de voir facilement comment configurer vos enregistrements DNS et de vérifier si tous vos enregistrements sont correctement stockés dans les DNS.",
-        "dns_records_docs": "Veuillez également consulter <a target=\"_blank\" href=\"https://docs.mailcow.email/prerequisite/prerequisite-dns/\">la documentation</a>.",
+        "dns_records_docs": "Veuillez également consulter <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">la documentation</a>.",
         "dns_records_data": "Données correcte",
         "dns_records_name": "Nom",
         "dns_records_status": "Etat courant",
diff --git a/data/web/lang/lang.it-it.json b/data/web/lang/lang.it-it.json
index 6783dfed8..158f79864 100644
--- a/data/web/lang/lang.it-it.json
+++ b/data/web/lang/lang.it-it.json
@@ -506,7 +506,7 @@
         "dns_records": "Record DNS",
         "dns_records_24hours": "Tieni presente che le modifiche apportate ai record DNS potrebbero richiedere fino a 24 ore per poter essere visualizzate correttamente in questa pagina. Tutto ciò è da intendersi come un modo per voi di vedere come configurare i record DNS e per controllare se tutti i record DNS sono stati inseriti correttamente.",
         "dns_records_data": "Dati corretti",
-        "dns_records_docs": "Si prega di consultare anche <a target=\"_blank\" href=\"https://docs.mailcow.email/prerequisite/prerequisite-dns/\">la documentazione</a>.",
+        "dns_records_docs": "Si prega di consultare anche <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">la documentazione</a>.",
         "dns_records_name": "Nome",
         "dns_records_status": "Stato attuale",
         "dns_records_type": "Tipo",
diff --git a/data/web/lang/lang.nl-nl.json b/data/web/lang/lang.nl-nl.json
index efffa1d7e..46325effc 100644
--- a/data/web/lang/lang.nl-nl.json
+++ b/data/web/lang/lang.nl-nl.json
@@ -510,7 +510,7 @@
         "cname_from_a": "Waarde afgeleid van een A- of AAAA-vermelding.",
         "dns_records": "DNS-configuratie",
         "dns_records_24hours": "Houd er rekening mee dat wijzigingen aan DNS tot wel 24 uur in beslag kunnen nemen voordat ze op deze pagina worden weergegeven. Deze informatie is bedoeld om gemakkelijk te bekijken of de DNS-configuratie aan de eisen voldoet.",
-        "dns_records_docs": "Raadpleeg ook <a target=\"_blank\" href=\"https://docs.mailcow.email/prerequisite/prerequisite-dns/\">de documentatie</a>.",
+        "dns_records_docs": "Raadpleeg ook <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">de documentatie</a>.",
         "dns_records_data": "Correcte gegevens",
         "dns_records_name": "Naam",
         "dns_records_status": "Huidige staat",
diff --git a/data/web/lang/lang.pt-br.json b/data/web/lang/lang.pt-br.json
index 9acaf87c7..fbc79bde8 100644
--- a/data/web/lang/lang.pt-br.json
+++ b/data/web/lang/lang.pt-br.json
@@ -554,7 +554,7 @@
         "dns_records": "Registros DNS",
         "dns_records_24hours": "Observe que as alterações feitas no DNS podem levar até 24 horas para que seu estado atual seja refletido corretamente nesta página. O objetivo é uma forma de você ver facilmente como configurar seus registros DNS e verificar se todos os seus registros estão armazenados corretamente no DNS.",
         "dns_records_data": "Dados corretos",
-        "dns_records_docs": "Consulte também <a target=\"_blank\" href=\"https://docs.mailcow.email/prerequisite/prerequisite-dns/\">a documentação</a>.",
+        "dns_records_docs": "Consulte também <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">a documentação</a>.",
         "dns_records_name": "Nome",
         "dns_records_status": "Estado atual",
         "dns_records_type": "Tipo",
diff --git a/data/web/lang/lang.ro-ro.json b/data/web/lang/lang.ro-ro.json
index 5c7b29b0e..90c96c218 100644
--- a/data/web/lang/lang.ro-ro.json
+++ b/data/web/lang/lang.ro-ro.json
@@ -504,7 +504,7 @@
         "cname_from_a": "Valoare derivată din înregistrarea A/AAAA. Acest lucru este acceptat atâta timp cât înregistrarea indică resursele corecte.",
         "dns_records": "Înregistrări DNS",
         "dns_records_24hours": "Rețineți că modificările aduse DNS-ului pot dura până la 24 de ore pentru a reflecta corect starea lor curentă pe această pagină. Acest mecanism este conceput ca o modalitate să vezi ușor cum să îți configurezi înregistrările DNS și să verifici dacă toate înregistrările sunt stocate corect în DNS.",
-        "dns_records_docs": "Vă rugăm să consultați și <a target=\"_blank\" href=\"https://docs.mailcow.email/prerequisite/prerequisite-dns/\">documentația</a>.",
+        "dns_records_docs": "Vă rugăm să consultați și <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">documentația</a>.",
         "dns_records_data": "Date corecte",
         "dns_records_name": "Nume",
         "dns_records_status": "Stare curentă",
diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index 2a959ab3c..993f7865b 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -504,7 +504,7 @@
         "dns_records": "Записи DNS",
         "dns_records_24hours": "Обратите внимание, что для внесения изменений в DNS может потребоваться до 24 часов, чтобы правильно отобразить их текущее состояние на этой странице. Эта страница предназначен для того, чтобы вы могли легко увидеть, как настроить записи DNS и проверить, все ли записи правильно занесены в DNS.",
         "dns_records_data": "Значение",
-        "dns_records_docs": "Пожалуйста, ознакомьтесь с <a target=\"_blank\" href=\"https://docs.mailcow.email/prerequisite/prerequisite-dns/\">документацией</a>.",
+        "dns_records_docs": "Пожалуйста, ознакомьтесь с <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">документацией</a>.",
         "dns_records_name": "Название",
         "dns_records_status": "Статус",
         "dns_records_type": "Тип",
diff --git a/data/web/lang/lang.si-si.json b/data/web/lang/lang.si-si.json
index cf1cf799c..3a424631d 100644
--- a/data/web/lang/lang.si-si.json
+++ b/data/web/lang/lang.si-si.json
@@ -543,7 +543,7 @@
         "dns_records": "DNS zapisi",
         "dns_records_24hours": "Prosim upoštevajte, da lahko traja do 24 ur da se spremembe v DNS pravilno prikažejo na tej strani. Namen je da lahko enostavno vidite, kako konfigurirati svoje DNS zapise in preverite ali so vaši zapisi pravilno shranjeni v DNS.",
         "dns_records_data": "Pravilni podatki",
-        "dns_records_docs": "Prosim preverite tudi <a target=\"_blank\" href=\"https://docs.mailcow.email/prerequisite/prerequisite-dns/\">dokumentacijo</a>.",
+        "dns_records_docs": "Prosim preverite tudi <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">dokumentacijo</a>.",
         "dns_records_name": "Ime",
         "dns_records_status": "Trenutno stanje",
         "dns_records_type": "Vrsta",
diff --git a/data/web/lang/lang.sk-sk.json b/data/web/lang/lang.sk-sk.json
index d656a2cd1..466afdb85 100644
--- a/data/web/lang/lang.sk-sk.json
+++ b/data/web/lang/lang.sk-sk.json
@@ -523,7 +523,7 @@
         "dns_records": "DNS záznamy",
         "dns_records_24hours": "Berte prosím do úvahy, že zmeny v DNS môžu trvať až 24 hodín, aby sa zmeny prejavili na tejto stránke. Pre jednoduchosť DNS konfigurácie môžete použiť údaje uvedené nižšie, prípadne skontrolovať tak správnosť záznamov v DNS.",
         "dns_records_data": "Správne dáta",
-        "dns_records_docs": "Pozrite si prosím <a target=\"_blank\" href=\"https://docs.mailcow.email/prerequisite/prerequisite-dns/\">dokumentáciu</a>.",
+        "dns_records_docs": "Pozrite si prosím <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">dokumentáciu</a>.",
         "dns_records_name": "Meno",
         "dns_records_status": "Súčasný stav",
         "dns_records_type": "Typ",
diff --git a/data/web/lang/lang.sv-se.json b/data/web/lang/lang.sv-se.json
index ba97e705d..a98708192 100644
--- a/data/web/lang/lang.sv-se.json
+++ b/data/web/lang/lang.sv-se.json
@@ -473,7 +473,7 @@
         "cname_from_a": "Värde härstammar från A/AAAA-uppslaget. Detta stöds så länge som uppslaget pekar mot rätt resurs.",
         "dns_records": "DNS-uppslag",
         "dns_records_24hours": "Observera att ändringar gjorda i DNS kan ta upp till 24 timmar innan det visas korrekt på denna sida. Syftet med sidan är att enkelt se hur DNS-uppslagen är konfigurerade. Det är lätt att kontrollera att DNS-uppslagen är korrekt uppsatta.",
-        "dns_records_docs": "Se även <a target=\"_blank\" href=\"https://docs.mailcow.email/prerequisite/prerequisite-dns/\">dokumentationen</a>.",
+        "dns_records_docs": "Se även <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">dokumentationen</a>.",
         "dns_records_data": "Korrektdata",
         "dns_records_name": "Namn",
         "dns_records_status": "Nuvarande status",
diff --git a/data/web/lang/lang.uk-ua.json b/data/web/lang/lang.uk-ua.json
index e778f1569..201a60b41 100644
--- a/data/web/lang/lang.uk-ua.json
+++ b/data/web/lang/lang.uk-ua.json
@@ -525,7 +525,7 @@
         "cname_from_a": "Значення, отримане із запису A/AAAA. Це підтримується, поки запис вказує на правильний ресурс.",
         "dns_records": "Записи DNS",
         "dns_records_data": "Значення",
-        "dns_records_docs": "Також перегляньте <a target=\"_blank\" href=\"https://docs.mailcow.email/prerequisite/prerequisite-dns/\">документацію</a>.",
+        "dns_records_docs": "Також перегляньте <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">документацію</a>.",
         "dns_records_name": "Назва",
         "dns_records_status": "Статус",
         "optional": "Цей запис необов'язковий.",
diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index b1aacf5c8..cca5ecc58 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -494,7 +494,7 @@
         "dns_records": "DNS 记录",
         "dns_records_24hours": "请注意 DNS 记录的更改可能需要24小时才可以使此页面的当前状态显示正确。此页面为你提供了一个可以便捷查询如何配置 DNS 记录以及检查你的 DNS 记录是否正确的方式。",
         "dns_records_data": "正确数据",
-        "dns_records_docs": "请同时也参考这个<a target=\"_blank\" href=\"https://docs.mailcow.email/prerequisite/prerequisite-dns/\">文档</a>.",
+        "dns_records_docs": "请同时也参考这个<a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">文档</a>.",
         "dns_records_name": "名称",
         "dns_records_status": "当前状态",
         "dns_records_type": "类型",
diff --git a/data/web/lang/lang.zh-tw.json b/data/web/lang/lang.zh-tw.json
index 4d84b2116..332eabb68 100644
--- a/data/web/lang/lang.zh-tw.json
+++ b/data/web/lang/lang.zh-tw.json
@@ -526,7 +526,7 @@
         "dns_records": "DNS 紀錄",
         "dns_records_24hours": "請注意 DNS 紀錄的更改可能需要 24 小時才能正確顯示於此頁面。此頁面的目的是為了讓你可以輕鬆的了解如何設定 DNS 紀錄並檢查 DNS 是否設定正確。",
         "dns_records_data": "正確值",
-        "dns_records_docs": "請同時另外查看 <a target=\"_blank\" href=\"https://docs.mailcow.email/prerequisite/prerequisite-dns/\">文件</a>.",
+        "dns_records_docs": "請同時另外查看 <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">文件</a>.",
         "dns_records_name": "名稱",
         "dns_records_status": "目前狀態",
         "dns_records_type": "類型",

From 4f475348249936b959324eedf7c10f02fced4f2d Mon Sep 17 00:00:00 2001
From: q16marvin <mor.pheus@arcor.de>
Date: Fri, 9 Feb 2024 11:23:09 +0100
Subject: [PATCH 136/755] Update mailbox.js

---
 data/web/js/site/mailbox.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index cc316b713..4fa1980af 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -887,7 +887,7 @@ jQuery(function($){
             item.quota.value = humanFileSize(item.quota_used) + "/" + item.quota.value;
 
             item.max_quota_for_mbox = humanFileSize(item.max_quota_for_mbox);
-            item.last_mail_login = item.last_imap_login + '/' + item.last_pop3_login + '/' + item.last_smtp_login;
+            item.last_mail_login = item.last_imap_login + '/' + item.last_pop3_login + '/' + item.last_smtp_login + '/' + item.last_sso_login;
             /*
             if (!item.rl) {
               item.rl = '∞';
@@ -1008,7 +1008,8 @@ jQuery(function($){
             res = data.split("/");
             return '<div class="badge bg-info mb-2">IMAP @ ' + unix_time_format(Number(res[0])) + '</div><br>' +
               '<div class="badge bg-info mb-2">POP3 @ ' + unix_time_format(Number(res[1])) + '</div><br>' +
-              '<div class="badge bg-info">SMTP @ ' + unix_time_format(Number(res[2])) + '</div>';
+              '<div class="badge bg-info">SMTP @ ' + unix_time_format(Number(res[2])) + '</div><br>' +
+              '<div class="badge bg-info">SSO @ ' + unix_time_format(Number(res[3])) + '</div>';
           }
         },
         {

From 19deda31bc92b56241286bac4ad1711d7b1eb520 Mon Sep 17 00:00:00 2001
From: q16marvin <mor.pheus@arcor.de>
Date: Fri, 9 Feb 2024 11:23:47 +0100
Subject: [PATCH 137/755] Update functions.mailbox.inc.php

---
 data/web/inc/functions.mailbox.inc.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 0f48efbd5..5588c1aee 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -4501,6 +4501,9 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             }
             else if ($SaslLogs['service'] == 'pop3') {
               $last_pop3_login = strtotime($SaslLogs['datetime']);
+            }
+			else if ($SaslLogs['service'] == 'SSO') {
+              $last_sso_login = strtotime($SaslLogs['datetime']);
             }
           }
           if (!isset($last_imap_login) || $GLOBALS['SHOW_LAST_LOGIN'] === false) {
@@ -4511,10 +4514,14 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           }
           if (!isset($last_pop3_login) || $GLOBALS['SHOW_LAST_LOGIN'] === false) {
             $last_pop3_login = 0;
+          }
+		  if (!isset($last_sso_login) || $GLOBALS['SHOW_LAST_LOGIN'] === false) {
+            $last_sso_login = 0;
           }
           $mailboxdata['last_imap_login'] = $last_imap_login;
           $mailboxdata['last_smtp_login'] = $last_smtp_login;
           $mailboxdata['last_pop3_login'] = $last_pop3_login;
+          $mailboxdata['last_sso_login'] = $last_sso_login;
 
           if (!isset($_extra) || $_extra != 'reduced') {
             $rl = ratelimit('get', 'mailbox', $_data);

From 86ba019ca09b7e09c59ec8a1e4f562493947510a Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 9 Feb 2024 14:59:14 +0100
Subject: [PATCH 138/755] [Rspamd] apply domain wide footer to alias domains

---
 data/conf/rspamd/dynmaps/footer.php    | 25 +++++++++-
 data/web/edit.php                      |  3 +-
 data/web/inc/functions.mailbox.inc.php | 65 ++++++++++++++++++--------
 data/web/inc/init_db.inc.php           |  3 +-
 data/web/lang/lang.de-de.json          |  2 +-
 data/web/lang/lang.en-gb.json          |  2 +-
 data/web/lang/lang.pt-br.json          |  4 +-
 data/web/lang/lang.ru-ru.json          |  2 +-
 data/web/lang/lang.uk-ua.json          |  4 +-
 data/web/lang/lang.zh-tw.json          |  2 +-
 data/web/templates/edit/domain.twig    |  9 +++-
 11 files changed, 87 insertions(+), 34 deletions(-)

diff --git a/data/conf/rspamd/dynmaps/footer.php b/data/conf/rspamd/dynmaps/footer.php
index 36b307c1b..545c45ec1 100644
--- a/data/conf/rspamd/dynmaps/footer.php
+++ b/data/conf/rspamd/dynmaps/footer.php
@@ -56,21 +56,42 @@ $empty_footer = json_encode(array(
 error_log("FOOTER: checking for domain " . $domain . ", user " . $username . " and address " . $from . PHP_EOL);
 
 try {
-  $stmt = $pdo->prepare("SELECT `plain`, `html`, `mbox_exclude`, `skip_replies` FROM `domain_wide_footer` 
+  // try get $target_domain if $domain is an alias_domain
+  $stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain` 
+    WHERE `alias_domain` = :alias_domain");
+  $stmt->execute(array(
+    ':alias_domain' => $domain
+  ));
+  $alias_domain = $stmt->fetch(PDO::FETCH_ASSOC);
+  if (!$alias_domain) {
+    $target_domain = $domain;
+  } else {
+    $target_domain = $alias_domain['target_domain'];
+  }
+
+  // get footer associated with the domain
+  $stmt = $pdo->prepare("SELECT `plain`, `html`, `mbox_exclude`, `alias_domain_exclude`, `skip_replies` FROM `domain_wide_footer` 
     WHERE `domain` = :domain");
   $stmt->execute(array(
-    ':domain' => $domain
+    ':domain' => $target_domain
   ));
   $footer = $stmt->fetch(PDO::FETCH_ASSOC);
+
+  // check if the sender is excluded
   if (in_array($from, json_decode($footer['mbox_exclude']))){
     $footer = false;
   }
+  if (in_array($domain, json_decode($footer['alias_domain_exclude']))){
+    $footer = false;
+  }
   if (empty($footer)){
     echo $empty_footer;
     exit;
   }
   error_log("FOOTER: " . json_encode($footer) . PHP_EOL);
 
+  // footer will be applied
+  // get custom mailbox attributes to insert into the footer
   $stmt = $pdo->prepare("SELECT `custom_attributes` FROM `mailbox` WHERE `username` = :username");
   $stmt->execute(array(
     ':username' => $username
diff --git a/data/web/edit.php b/data/web/edit.php
index 83ae1467e..4c5cd89e9 100644
--- a/data/web/edit.php
+++ b/data/web/edit.php
@@ -59,7 +59,8 @@ if (isset($_SESSION['mailcow_cc_role'])) {
             'domain_details' => $result,
             'domain_footer' => $domain_footer,
             'mailboxes' => mailbox('get', 'mailboxes', $_GET["domain"]),
-            'aliases' => mailbox('get', 'aliases', $_GET["domain"], 'address')
+            'aliases' => mailbox('get', 'aliases', $_GET["domain"], 'address'),
+            'alias_domains' => mailbox('get', 'alias_domains', $_GET["domain"])
           ];
       }
     }
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 0f48efbd5..ea242cf8f 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -3438,30 +3438,54 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           $footers['plain'] = isset($_data['plain']) ? $_data['plain'] : '';
           $footers['skip_replies'] = isset($_data['skip_replies']) ? (int)$_data['skip_replies'] : 0;
           $footers['mbox_exclude'] = array();
-          if (isset($_data["mbox_exclude"])){
-            if (!is_array($_data["mbox_exclude"])) {
-              $_data["mbox_exclude"] = array($_data["mbox_exclude"]);
+          $footers['alias_domain_exclude'] = array();
+          if (isset($_data["exclude"])){
+            if (!is_array($_data["exclude"])) {
+              $_data["exclude"] = array($_data["exclude"]);
             }
-            foreach ($_data["mbox_exclude"] as $mailbox) {
-              if (!filter_var($mailbox, FILTER_VALIDATE_EMAIL)) {
+            foreach ($_data["exclude"] as $exclude) {
+              if (filter_var($exclude, FILTER_VALIDATE_EMAIL)) {
+                $stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE `address` = :address
+                  UNION
+                  SELECT `username` FROM `mailbox` WHERE `username` = :username");
+                $stmt->execute(array(
+                  ':address' => $exclude,
+                  ':username' => $exclude,
+                ));
+                $row = $stmt->fetch(PDO::FETCH_ASSOC);
+                if(!$row){
+                  $_SESSION['return'][] = array(
+                    'type' => 'danger',
+                    'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+                    'msg' => array('username_invalid', $exclude)
+                  );
+                  continue;
+                }
+                array_push($footers['mbox_exclude'], $exclude);
+              }
+              elseif (is_valid_domain_name($exclude)) {
+                $stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain` WHERE `alias_domain` = :alias_domain");
+                $stmt->execute(array(
+                  ':alias_domain' => $exclude,
+                ));
+                $row = $stmt->fetch(PDO::FETCH_ASSOC);
+                if(!$row){
+                  $_SESSION['return'][] = array(
+                    'type' => 'danger',
+                    'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+                    'msg' => array('username_invalid', $exclude)
+                  );
+                  continue;
+                }
+                array_push($footers['alias_domain_exclude'], $exclude);
+              }
+              else {
                 $_SESSION['return'][] = array(
                   'type' => 'danger',
                   'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-                  'msg' => array('username_invalid', $mailbox)
+                  'msg' => array('username_invalid', $exclude)
                 );
-                continue;
               }
-              $is_now = mailbox('get', 'mailbox_details', $mailbox);            
-              if(empty($is_now)){
-                $_SESSION['return'][] = array(
-                  'type' => 'danger',
-                  'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-                  'msg' => array('username_invalid', $mailbox)
-                );
-                continue;
-              }
-              
-              array_push($footers['mbox_exclude'], $mailbox);
             }
           }
           foreach ($domains as $domain) {
@@ -3486,12 +3510,13 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             try {
               $stmt = $pdo->prepare("DELETE FROM `domain_wide_footer` WHERE `domain`= :domain");
               $stmt->execute(array(':domain' => $domain));
-              $stmt = $pdo->prepare("INSERT INTO `domain_wide_footer` (`domain`, `html`, `plain`, `mbox_exclude`, `skip_replies`) VALUES (:domain, :html, :plain, :mbox_exclude, :skip_replies)");
+              $stmt = $pdo->prepare("INSERT INTO `domain_wide_footer` (`domain`, `html`, `plain`, `mbox_exclude`, `alias_domain_exclude`, `skip_replies`) VALUES (:domain, :html, :plain, :mbox_exclude, :alias_domain_exclude, :skip_replies)");
               $stmt->execute(array(
                 ':domain' => $domain,
                 ':html' => $footers['html'],
                 ':plain' => $footers['plain'],
                 ':mbox_exclude' => json_encode($footers['mbox_exclude']),
+                ':alias_domain_exclude' => json_encode($footers['alias_domain_exclude']),
                 ':skip_replies' => $footers['skip_replies'],
               ));
             }
@@ -4648,7 +4673,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           }
 
           try {
-            $stmt = $pdo->prepare("SELECT `html`, `plain`, `mbox_exclude`, `skip_replies` FROM `domain_wide_footer`
+            $stmt = $pdo->prepare("SELECT `html`, `plain`, `mbox_exclude`, `alias_domain_exclude`, `skip_replies` FROM `domain_wide_footer`
               WHERE `domain` = :domain");
             $stmt->execute(array(
               ':domain' => $domain
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 6fec0c2f8..445af8a9a 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "08012024_1442";
+    $db_version = "09022024_1433";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -273,6 +273,7 @@ function init_db_schema() {
           "html" => "LONGTEXT",
           "plain" => "LONGTEXT",
           "mbox_exclude" => "JSON NOT NULL DEFAULT ('[]')",
+          "alias_domain_exclude" => "JSON NOT NULL DEFAULT ('[]')",
           "skip_replies" => "TINYINT(1) NOT NULL DEFAULT '0'"
         ),
         "keys" => array(
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 73d02bdd0..2298e1cbd 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -613,6 +613,7 @@
         "extended_sender_acl_info": "Der DKIM-Domainkey der externen Absenderdomain sollte in diesen Server importiert werden, falls vorhanden.<br>\r\n  Wird SPF verwendet, muss diesem Server der Versand gestattet werden.<br>\r\n  Wird eine Domain oder Alias-Domain zu diesem Server hinzugefügt, die sich mit der externen Absenderadresse überschneidet, wird der externe Absender hier entfernt.<br>\r\n  Ein Eintrag @domain.tld erlaubt den Versand als *@domain.tld",
         "force_pw_update": "Erzwinge Passwortänderung bei nächstem Login",
         "force_pw_update_info": "Dem Benutzer wird lediglich der Zugang zur %s ermöglicht, App Passwörter funktionieren weiterhin.",
+        "footer_exclude": "von Fußzeile ausschließen",
         "full_name": "Voller Name",
         "gal": "Globales Adressbuch",
         "gal_info": "Das globale Adressbuch enthält alle Objekte einer Domain und kann durch keinen Benutzer geändert werden. Die Verfügbarkeitsinformation in SOGo ist nur bei eingeschaltetem globalen Adressbuch ersichtlich <b>Zum Anwenden einer Änderung muss SOGo neugestartet werden.</b>",
@@ -631,7 +632,6 @@
         "max_quota": "Max. Größe per Mailbox (MiB)",
         "maxage": "Maximales Alter in Tagen einer Nachricht, die kopiert werden soll<br><small>(0 = alle Nachrichten kopieren)</small>",
         "maxbytespersecond": "Max. Übertragungsrate in Bytes/s (0 für unlimitiert)",
-        "mbox_exclude": "Mailboxen ausschließen",
         "mbox_rl_info": "Dieses Limit wird auf den SASL Loginnamen angewendet und betrifft daher alle Absenderadressen, die der eingeloggte Benutzer verwendet. Bei Mailbox Ratelimit überwiegt ein Domain-weites Ratelimit.",
         "mins_interval": "Intervall (min)",
         "multiple_bookings": "Mehrfaches Buchen",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index e413664f5..964caade6 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -613,6 +613,7 @@
         "extended_sender_acl_info": "A DKIM domain key should be imported, if available.<br>\r\n  Remember to add this server to the corresponding SPF TXT record.<br>\r\n  Whenever a domain or alias domain is added to this server, that overlaps with an external address, the external address is removed.<br>\r\n  Use @domain.tld to allow to send as *@domain.tld.",
         "force_pw_update": "Force password update at next login",
         "force_pw_update_info": "This user will only be able to login to %s. App passwords remain useable.",
+        "footer_exclude": "Exclude from footer",
         "full_name": "Full name",
         "gal": "Global Address List",
         "gal_info": "The GAL contains all objects of a domain and cannot be edited by any user. Free/busy information in SOGo is missing, if disabled! <b>Restart SOGo to apply changes.</b>",
@@ -631,7 +632,6 @@
         "max_quota": "Max. quota per mailbox (MiB)",
         "maxage": "Maximum age of messages in days that will be polled from remote<br><small>(0 = ignore age)</small>",
         "maxbytespersecond": "Max. bytes per second <br><small>(0 = unlimited)</small>",
-        "mbox_exclude": "Exclude mailboxes",
         "mbox_rl_info": "This rate limit is applied on the SASL login name, it matches any \"from\" address used by the logged-in user. A mailbox rate limit overrides a domain-wide rate limit.",
         "mins_interval": "Interval (min)",
         "multiple_bookings": "Multiple bookings",
diff --git a/data/web/lang/lang.pt-br.json b/data/web/lang/lang.pt-br.json
index fbc79bde8..5636f5cd0 100644
--- a/data/web/lang/lang.pt-br.json
+++ b/data/web/lang/lang.pt-br.json
@@ -609,6 +609,7 @@
         "extended_sender_acl_info": "Uma chave de domínio DKIM deve ser importada, se disponível. <br>\r\n Lembre-se de adicionar esse servidor ao registro TXT SPF correspondente. <br>\r\n Sempre que um domínio ou domínio de alias é adicionado a esse servidor, que se sobrepõe a um endereço externo, o endereço externo é removido. <br>\r\n Use @domain .tld para permitir o envio como * @domain .tld.",
         "force_pw_update": "Forçar a atualização da senha no próximo login",
         "force_pw_update_info": "Esse usuário só poderá fazer login em %s. As senhas do aplicativo permanecem utilizáveis.",
+        "footer_exclude": "Excluir do rodapé",
         "full_name": "Nome completo",
         "gal": "Lista de endereços global",
         "gal_info": "A GAL contém todos os objetos de um domínio e não pode ser editada por nenhum usuário. Faltam informações de disponibilidade no SoGo, se desativadas! <b>Reinicie o SoGo para aplicar as alterações.</b>",
@@ -687,8 +688,7 @@
         "unchanged_if_empty": "Se inalterado, deixe em branco",
         "username": "Nome de usuário",
         "validate_save": "Valide e salve",
-        "custom_attributes": "Atributos personalizados",
-        "mbox_exclude": "Excluir mailboxes"
+        "custom_attributes": "Atributos personalizados"
     },
     "fido2": {
         "confirm": "Confirme",
diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index 993f7865b..5891b6abe 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -546,6 +546,7 @@
         "extended_sender_acl_info": "Для внешних доменов должен быть импортирован или сгенерирован доменный ключ DKIM с соответствующей записью TXT в домене, если внешний домен использует DMARC.<br>\r\n  Не забудьте добавить этот сервер к соответствующей записи SPF TXT внешнего домена.<br>\r\n  Добавление домена из списка внешних адресов в mailcow автоматически удалит соответствующие записи из внешних адресов пользователей.<br>\r\n  Чтобы разрешить пользователю отправку от имени *@domain.tld, укажите @domain.tld.",
         "force_pw_update": "Требовать смены пароля при следующем входе в систему",
         "force_pw_update_info": "Пользователь должен будет войти в %s и сменить свой пароль. mailcow OAuth2, SOGo, EAS, IMAP/POP3 и SMTP будут не доступны до смены пароля.",
+        "footer_exclude": "Исключить из нижнего колонтитула",
         "full_name": "Полное имя",
         "gal": "GAL - Глобальная адресная книга",
         "gal_info": "GAL содержит все объекты домена и не подлежит редактированию. Информация о занятости в SOGo будет отсутствовать для домена, если данная функция будет отключена! <b>Требуется перезапустить SOGo, чтобы применить изменения.</b>",
@@ -635,7 +636,6 @@
         "domain_footer": "Нижний колонтитул домена",
         "domain_footer_html": "HTML нижний колонтитул",
         "domain_footer_plain": "ПРОСТОЙ нижний колонтитул",
-        "mbox_exclude": "Исключить почтовые ящики",
         "custom_attributes": "Пользовательские атрибуты"
     },
     "fido2": {
diff --git a/data/web/lang/lang.uk-ua.json b/data/web/lang/lang.uk-ua.json
index 201a60b41..731224642 100644
--- a/data/web/lang/lang.uk-ua.json
+++ b/data/web/lang/lang.uk-ua.json
@@ -561,6 +561,7 @@
         "extended_sender_acl": "Зовнішні адреси пошти",
         "force_pw_update": "Вимагати зміну пароля при наступному вході до системи",
         "force_pw_update_info": "Цей користувач зможе увійти лише в %s. Паролі додатків залишаються придатними для використання.",
+        "footer_exclude": "Виключити з нижнього колонтитула",
         "full_name": "Повне ім'я",
         "gal": "GAL - Глобальна адресна книга",
         "generate": "згенерувати",
@@ -659,8 +660,7 @@
         },
         "domain_footer_html": "Нижній колонтитул HTML",
         "domain_footer_plain": "ЗВИЧАЙНИЙ нижній колонтитул",
-        "custom_attributes": "Користувацькі атрибути",
-        "mbox_exclude": "Виключити поштові скриньки"
+        "custom_attributes": "Користувацькі атрибути"
     },
     "fido2": {
         "confirm": "Підтвердити",
diff --git a/data/web/lang/lang.zh-tw.json b/data/web/lang/lang.zh-tw.json
index 332eabb68..af2fb557e 100644
--- a/data/web/lang/lang.zh-tw.json
+++ b/data/web/lang/lang.zh-tw.json
@@ -569,6 +569,7 @@
         "extended_sender_acl_info": "如果可以的話，請匯入 DKIM 域名金鑰。<br>\r\n別忘記將此伺服器新增到相應的 SPF TXT 中。<br>\r\n當域名或域名別名被新增時，若其與此外部寄件人地址交疊，則外部寄件人地址會被移除。<br>\r\n填入 @domain.tld 以允許作為 *@domain.tld 發送郵件。",
         "force_pw_update": "在下一次登入時強制要求更新密碼",
         "force_pw_update_info": "此使用者只能登入至 %s。應用程式密碼仍可正常使用",
+        "footer_exclude": "从页脚排除",
         "full_name": "全名",
         "gal": "全域聯絡人清單",
         "gal_info": "<b>全域聯絡人清單</b>包含了域名下的所有物件，且使用者不可編輯。如果關閉，使用者的 空閒/繁忙 訊息將不能在 SOGo 中顯示。<b>重新啟動 SOGo 以應用更改。</b>",
@@ -648,7 +649,6 @@
         "validate_save": "驗證並儲存",
         "domain_footer_info": "網域範圍的頁尾將會新增至與該網域內的位址關聯的所有外發電子郵件。 <br> 以下變數可用於頁尾：",
         "custom_attributes": "自訂屬性",
-        "mbox_exclude": "排除信箱",
         "pushover_sound": "聲音"
     },
     "fido2": {
diff --git a/data/web/templates/edit/domain.twig b/data/web/templates/edit/domain.twig
index 8a700d06a..08d031c3c 100644
--- a/data/web/templates/edit/domain.twig
+++ b/data/web/templates/edit/domain.twig
@@ -289,9 +289,9 @@
 {{ lang.edit.domain_footer_info_vars.custom }}</pre>
                     <form class="form-horizontal mt-4" data-id="domain_footer">
                       <div class="row mb-4">
-                        <label class="control-label col-sm-2" for="mbox_exclude">{{ lang.edit.mbox_exclude }}</label>
+                        <label class="control-label col-sm-2" for="exclude">{{ lang.edit.footer_exclude }}</label>
                         <div class="col-sm-10">
-                          <select data-live-search="true" data-width="100%" style="width:100%" id="editMboxExclude" name="mbox_exclude" size="10" multiple>
+                          <select data-live-search="true" data-width="100%" style="width:100%" id="editFooterExclude" name="exclude" size="10" multiple>
                             {% for mailbox in mailboxes %}
                               <option value="{{ mailbox }}" {% if mailbox in domain_footer.mbox_exclude %}selected{% endif %}>
                                 {{ mailbox }}
@@ -302,6 +302,11 @@
                                 {{ alias }}
                               </option>
                             {% endfor %}
+                            {% for alias_domain in alias_domains %}
+                              <option data-subtext="Alias-Domain" value="{{ alias_domain }}" {% if alias_domain in domain_footer.alias_domain_exclude %}selected{% endif %}>
+                                {{ alias_domain }}
+                              </option>
+                            {% endfor %}
                           </select>
                         </div>
                       </div>

From a0e55cb9b17933f355bbaf773295a2592c950211 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 9 Feb 2024 15:08:21 +0100
Subject: [PATCH 139/755] [Web] fix blank /debug page with invalid timezone

---
 data/web/debug.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/data/web/debug.php b/data/web/debug.php
index 52052f682..9c338009c 100644
--- a/data/web/debug.php
+++ b/data/web/debug.php
@@ -39,9 +39,13 @@ foreach ($containers as $container => $container_info) {
       $StartedAt['month'],
       $StartedAt['day'],
       $StartedAt['year']));
-    $user_tz = new DateTimeZone(getenv('TZ'));
-    $date->setTimezone($user_tz);
-    $started = $date->format('r');
+    try {
+      $user_tz = new DateTimeZone(getenv('TZ'));
+      $date->setTimezone($user_tz);
+      $started = $date->format('r');
+    } catch(Exception $e) {
+      $started = '?';
+    }
   }
   else {
     $started = '?';

From 288dbfa37c59666e548915e66cd0cd3902f08eed Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 9 Feb 2024 15:13:45 +0100
Subject: [PATCH 140/755] [Web] display human readable domainnames instead of
 punycode

---
 data/web/inc/functions.mailbox.inc.php |  1 +
 data/web/js/site/mailbox.js            | 12 ++++++++----
 data/web/templates/edit/domain.twig    |  9 +++++++++
 3 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 0f48efbd5..cf2e567e5 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -4316,6 +4316,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           $domaindata['mboxes_in_domain'] = $MailboxDataDomain['count'];
           $domaindata['mboxes_left'] = $row['mailboxes']  - $MailboxDataDomain['count'];
           $domaindata['domain_name'] = $row['domain'];
+          $domaindata['domain_h_name'] = idn_to_utf8($row['domain']);
           $domaindata['description'] = $row['description'];
           $domaindata['max_num_aliases_for_domain'] = $row['aliases'];
           $domaindata['max_num_mboxes_for_domain'] = $row['mailboxes'];
diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index cc316b713..e2016e3ed 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -451,6 +451,10 @@ jQuery(function($){
         dataSrc: function(json){
           $.each(json.data, function(i, item) {
             item.domain_name = escapeHtml(item.domain_name);
+            item.domain_h_name = escapeHtml(item.domain_h_name);
+            if (item.domain_name != item.domain_h_name){
+              item.domain_h_name = item.domain_h_name + '<small class="d-block">' + item.domain_name + '</small>';
+            }
 
             item.aliases = item.aliases_in_domain + " / " + item.max_num_aliases_for_domain;
             item.mailboxes = item.mboxes_in_domain + " / " + item.max_num_mboxes_for_domain;
@@ -489,11 +493,11 @@ jQuery(function($){
 
             if (item.backupmx == 1) {
               if (item.relay_unknown_only == 1) {
-                item.domain_name = '<div class="badge fs-6 bg-info">Relay Non-Local</div> ' + item.domain_name;
+                item.domain_h_name = '<div class="badge fs-7 bg-info">Relay Non-Local</div> ' + item.domain_h_name;
               } else if (item.relay_all_recipients == 1) {
-                item.domain_name = '<div class="badge fs-6 bg-info">Relay All</div> ' + item.domain_name;
+                item.domain_h_name = '<div class="badge fs-7 bg-info">Relay All</div> ' + item.domain_h_name;
               } else {
-                item.domain_name = '<div class="badge fs-6 bg-info">Relay</div> ' + item.domain_name;
+                item.domain_h_name = '<div class="badge fs-7 bg-info">Relay</div> ' + item.domain_h_name;
               }
             }
           });
@@ -521,7 +525,7 @@ jQuery(function($){
         },
         {
           title: lang.domain,
-          data: 'domain_name',
+          data: 'domain_h_name',
           responsivePriority: 3,
           defaultContent: ''
         },
diff --git a/data/web/templates/edit/domain.twig b/data/web/templates/edit/domain.twig
index 8a700d06a..8d5c79046 100644
--- a/data/web/templates/edit/domain.twig
+++ b/data/web/templates/edit/domain.twig
@@ -26,6 +26,15 @@
                   <input type="hidden" value="0" name="gal">
                   <input type="hidden" value="0" name="relay_all_recipients">
                   <input type="hidden" value="0" name="relay_unknown_only">
+                  <div class="row mb-4">
+                    <label class="control-label col-sm-2" for="domain">{{ lang.mailbox.domain }}</label>
+                    <div class="col-sm-10">
+                      <span class="d-block"><strong>{{ result.domain_h_name }}</strong></span>
+                      {% if result.domain_h_name != result.domain_name %}
+                      <small>{{ result.domain_name }}</small>
+                      {% endif %}
+                    </div>
+                  </div>
                   <div class="row mb-2" data-acl="{{ acl.domain_desc }}">
                     <label class="control-label col-sm-2" for="description">{{ lang.edit.description }}</label>
                     <div class="col-sm-10">

From dac1bd88dc2842317fefb22b0efb0c8a1eb92bf4 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 9 Feb 2024 15:17:02 +0100
Subject: [PATCH 141/755] [Web] fix setting unchecked checkboxes

---
 data/web/templates/modals/mailbox.twig | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/data/web/templates/modals/mailbox.twig b/data/web/templates/modals/mailbox.twig
index 22807c8d3..6316d9fb0 100644
--- a/data/web/templates/modals/mailbox.twig
+++ b/data/web/templates/modals/mailbox.twig
@@ -381,6 +381,12 @@
       </div>
       <div class="modal-body">
         <form class="form-horizontal" data-cached-form="true" data-id="add_domain" role="form">
+          <input type="hidden" value="0" name="gal">
+          <input type="hidden" value="0" name="active">
+          <input type="hidden" value="0" name="backupmx">
+          <input type="hidden" value="0" name="relay_all_recipients">
+          <input type="hidden" value="0" name="relay_unknown_only">
+
           <div class="row mb-2">
             <label class="control-label col-sm-2 text-sm-end text-sm-end" for="domain">{{ lang.add.domain }}</label>
             <div class="col-sm-10">

From d65a0bba4412296b44747fc568339749c8074716 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 13 Feb 2024 09:16:38 +0100
Subject: [PATCH 142/755] [ClamAV] Update to 1.2.2

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index df545c15e..bd06e265b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -62,7 +62,7 @@ services:
             - redis
 
     clamd-mailcow:
-      image: mailcow/clamd:1.64
+      image: mailcow/clamd:1.65
       restart: always
       depends_on:
         unbound-mailcow:

From 3b83949ba3196c039a713b70d8ffcd8fd8b3e86e Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 14 Feb 2024 13:58:07 +0100
Subject: [PATCH 143/755] [Netfilter] Update to 1.58

---
 data/Dockerfiles/netfilter/modules/Logger.py   | 7 +++++--
 data/Dockerfiles/netfilter/modules/NFTables.py | 2 ++
 docker-compose.yml                             | 2 +-
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/data/Dockerfiles/netfilter/modules/Logger.py b/data/Dockerfiles/netfilter/modules/Logger.py
index 25562965f..0ba2f42ad 100644
--- a/data/Dockerfiles/netfilter/modules/Logger.py
+++ b/data/Dockerfiles/netfilter/modules/Logger.py
@@ -13,9 +13,12 @@ class Logger:
     tolog['time'] = int(round(time.time()))
     tolog['priority'] = priority
     tolog['message'] = message
-    if self.r is not None:
-      self.r.lpush('NETFILTER_LOG', json.dumps(tolog, ensure_ascii=False))
     print(message)
+    if self.r is not None:
+      try:
+        self.r.lpush('NETFILTER_LOG', json.dumps(tolog, ensure_ascii=False))
+      except Exception as ex:
+        print('Failed logging to redis: %s'  % (ex))
 
   def logWarn(self, message):
     self.log('warn', message)
diff --git a/data/Dockerfiles/netfilter/modules/NFTables.py b/data/Dockerfiles/netfilter/modules/NFTables.py
index 4cb0110ae..7740fa59f 100644
--- a/data/Dockerfiles/netfilter/modules/NFTables.py
+++ b/data/Dockerfiles/netfilter/modules/NFTables.py
@@ -452,6 +452,8 @@ class NFTables:
           continue
 
         rule = _object["rule"]["expr"][0]["match"]
+        if not "payload" in rule["left"]:
+          continue
         left_opt = rule["left"]["payload"]
         if not left_opt["protocol"] == _family:
           continue
diff --git a/docker-compose.yml b/docker-compose.yml
index bd06e265b..ea56b4291 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -441,7 +441,7 @@ services:
             - acme
 
     netfilter-mailcow:
-      image: mailcow/netfilter:1.57
+      image: mailcow/netfilter:1.58
       stop_grace_period: 30s
       restart: always
       privileged: true

From 7dae4a976de16db37568ae87ae61070d6fca63ed Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Wed, 14 Feb 2024 20:09:10 +0100
Subject: [PATCH 144/755] Translations update from Weblate (#5732)

* ui: fix wrong docs links

* ui: fixed broken Links to docs

* [Web] Updated lang.nb-no.json

[Web] Updated lang.nb-no.json

[Web] Updated lang.nb-no.json

[Web] Added lang.nb-no.json

Co-authored-by: Christer Solstrand Johannessen <csjoh@users.noreply.translate.mailcow.email>
Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.fr-fr.json

[Web] Updated lang.fr-fr.json

Co-authored-by: Alix ANNERAUD <alix.anneraud@outlook.fr>
Co-authored-by: William Blondel <contact@williamblondel.fr>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.it-it.json

Co-authored-by: Michele Caputo <michele@caputoweb.xyz>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.zh-tw.json

Co-authored-by: BallBill <BallBill@users.noreply.translate.mailcow.email>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.pt-br.json

[Web] Updated lang.pt-br.json

[Web] Updated lang.pt-br.json

[Web] Updated lang.pt-br.json

Co-authored-by: Abner Santana <abnerss@outlook.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* Add Norwegian in vars.inc.php

---------

Co-authored-by: DerLinkman <niklas.meyer@servercow.de>
Co-authored-by: Christer Solstrand Johannessen <csjoh@users.noreply.translate.mailcow.email>
Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: Alix ANNERAUD <alix.anneraud@outlook.fr>
Co-authored-by: William Blondel <contact@williamblondel.fr>
Co-authored-by: Michele Caputo <michele@caputoweb.xyz>
Co-authored-by: BallBill <BallBill@users.noreply.translate.mailcow.email>
Co-authored-by: Abner Santana <abnerss@outlook.com>
---
 data/web/inc/vars.inc.php     |   1 +
 data/web/lang/lang.fr-fr.json |  18 ++-
 data/web/lang/lang.it-it.json |  25 ++--
 data/web/lang/lang.nb-no.json | 208 ++++++++++++++++++++++++++++++++++
 data/web/lang/lang.pt-br.json |  83 +++++++-------
 data/web/lang/lang.zh-tw.json |  25 ++--
 6 files changed, 300 insertions(+), 60 deletions(-)
 create mode 100644 data/web/lang/lang.nb-no.json

diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php
index afc801e44..8cfafa2bb 100644
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@@ -95,6 +95,7 @@ $AVAILABLE_LANGUAGES = array(
   'it-it' => 'Italiano (Italian)',
   'ko-kr' => '한국어 (Korean)',
   'lv-lv' => 'latviešu (Latvian)',
+  'nb-no' => 'Norsk (Norwegian)',
   'nl-nl' => 'Nederlands (Dutch)',
   'pl-pl' => 'Język Polski (Polish)',
   'pt-br' => 'Português brasileiro (Brazilian Portuguese)',
diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index 4b5ab2e50..374da543d 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -107,7 +107,8 @@
         "validation_success": "Validation réussie",
         "bcc_dest_format": "La destination Cci doit être une seule adresse e-mail valide.<br>Si vous avez besoin d'envoyer une copie à plusieurs adresses, créez un alias et utilisez-le ici.",
         "tags": "Etiquettes",
-        "app_passwd_protocols": "Protocoles autorisés pour le mot de passe de l'application"
+        "app_passwd_protocols": "Protocoles autorisés pour le mot de passe de l'application",
+        "dry": "Simuler la synchronisation"
     },
     "admin": {
         "access": "Accès",
@@ -209,7 +210,7 @@
         "link": "Lien",
         "loading": "Veuillez patienter…",
         "logo_info": "Votre image sera redimensionnée à une hauteur de 40 pixels pour la barre de navigation du haut et à un maximum de 250 pixels en largeur pour la page d'accueil. Un graphique extensible est fortement recommandé.",
-        "lookup_mx": "Faire correspondre la destination à MX (.outlook.com pour acheminer tous les messages ciblés vers un MX * .outlook.com sur ce tronçon)",
+        "lookup_mx": "Faire correspondre la destination à MX (<code>.*\\.google\\.com</code> pour acheminer tous les messages ciblés vers un MX se terminant par google.com sur ce tronçon)",
         "main_name": "\"mailcow UI\" nom",
         "merged_vars_hint": "Les lignes grisées ont été importées depuis <code>vars.(local.)inc.php</code> et ne peuvent pas être modifiées.",
         "message": "Message",
@@ -330,7 +331,14 @@
         "logo_normal_label": "Normal",
         "logo_dark_label": "Inversé pour le mode sombre",
         "allowed_methods": "Access-Control-Allow-Methods",
-        "allowed_origins": "Access-Control-Allow-Origin"
+        "allowed_origins": "Access-Control-Allow-Origin",
+        "copy_to_clipboard": "Texte copié dans le presse-papier !",
+        "password_policy_special_chars": "Doit contenir des caractères spéciaux",
+        "rsettings_preset_4": "Désactiver Rspamd pour un domaine",
+        "oauth2_apps": "Applications OAuth2",
+        "password_length": "Longueur des mots de passe",
+        "password_policy_chars": "Doit contenir au moins une lettre",
+        "password_policy_length": "La longueur minimale du mot de passe est de %d"
     },
     "danger": {
         "access_denied": "Accès refusé ou données de formulaire non valides",
@@ -454,7 +462,9 @@
         "demo_mode_enabled": "Le mode de démonstration est activé",
         "template_exists": "La template %s existe déja",
         "template_id_invalid": "Le numéro de template %s est invalide",
-        "template_name_invalid": "Le nom de la template est invalide"
+        "template_name_invalid": "Le nom de la template est invalide",
+        "img_dimensions_exceeded": "L'image dépasse les dimensions maximales",
+        "img_size_exceeded": "L'image dépasse la taille maximale de fichier"
     },
     "debug": {
         "chart_this_server": "Graphique (ce serveur)",
diff --git a/data/web/lang/lang.it-it.json b/data/web/lang/lang.it-it.json
index 158f79864..bbfddfe8a 100644
--- a/data/web/lang/lang.it-it.json
+++ b/data/web/lang/lang.it-it.json
@@ -107,7 +107,8 @@
         "validation_success": "Convalidato con successo",
         "bcc_dest_format": "Il destinatario in copia nascosta deve essere un singolo indirizzo email.<br>Se si vuole spedire una copia del messaggio a più destinatari, bisogna creare un alias ed utilizzarlo per questa opzione.",
         "app_passwd_protocols": "Protocolli consentiti per la password dell'app",
-        "tags": "Tag"
+        "tags": "Tag",
+        "dry": "Simula sincronizzazione"
     },
     "admin": {
         "access": "Accedi",
@@ -339,7 +340,8 @@
         "oauth2_add_client": "Aggiungere il client OAuth2",
         "rsettings_preset_4": "Disattivare Rspamd per un dominio",
         "options": "Opzioni",
-        "cors_settings": "Impostazioni CORS"
+        "cors_settings": "Impostazioni CORS",
+        "copy_to_clipboard": "Testo copiato negli appunti!"
     },
     "danger": {
         "access_denied": "Accesso negato o form di login non corretto",
@@ -462,7 +464,9 @@
         "demo_mode_enabled": "La modalità demo è abilitata",
         "template_name_invalid": "Nome template non valido",
         "template_exists": "Il template %s esiste già",
-        "template_id_invalid": "Il template con ID %s non è valido"
+        "template_id_invalid": "Il template con ID %s non è valido",
+        "img_dimensions_exceeded": "L'immagine supera la dimensione massima consentita",
+        "img_size_exceeded": "L'immagine supera la dimensione massima del file"
     },
     "debug": {
         "chart_this_server": "Grafico (questo server)",
@@ -626,7 +630,10 @@
         "acl": "ACL (autorizzazione)",
         "app_passwd_protocols": "Protocolli consentiti per la password dell'app",
         "last_modified": "Ultima modifica",
-        "pushover_sound": "Suono"
+        "pushover_sound": "Suono",
+        "custom_attributes": "Attributi personalizzati",
+        "domain_footer_skip_replies": "Ignora il piè di pagina nelle e-mail di risposta",
+        "mbox_exclude": "Escludi caselle di posta"
     },
     "fido2": {
         "confirm": "Conferma",
@@ -1021,7 +1028,8 @@
         "domain_add_dkim_available": "Esisteva già una chiave DKIM",
         "template_added": "Aggiunto template %s",
         "template_modified": "Le modifiche al template %s sono state salvate",
-        "template_removed": "Il template con ID %s è stato cancellato"
+        "template_removed": "Il template con ID %s è stato cancellato",
+        "f2b_banlist_refreshed": "L'ID della lista blocchi è stato aggiornato con successo."
     },
     "tfa": {
         "api_register": "%s usa le API Yubico Cloud. Richiedi una chiave API <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">qui</a>",
@@ -1048,7 +1056,8 @@
         "yubi_otp": "Autenticazione Yubico OTP",
         "tfa_token_invalid": "Token TFA non valido",
         "u2f_deprecated": "Sembra che la tua chiave sia stata registrata utilizzando il metodo U2F deprecato. Disattiveremo Two-Factor-Authenticaiton per te e cancelleremo la tua chiave.",
-        "u2f_deprecated_important": "Registra la tua chiave nel pannello di amministrazione con il nuovo metodo WebAuthn."
+        "u2f_deprecated_important": "Registra la tua chiave nel pannello di amministrazione con il nuovo metodo WebAuthn.",
+        "authenticators": "Autenticatori"
     },
     "user": {
         "action": "Azione",
@@ -1210,7 +1219,9 @@
         "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Nome utente o password errati",
         "with_app_password": "con password dell'app",
         "direct_protocol_access": "Questo utente della mailbox ha <b>accesso diretto ed esterno</b> ai seguenti protocolli e applicazioni. Questa impostazione è controllata dal tuo amministratore. Le password delle applicazioni possono essere create per garantire l'accesso ai singoli protocolli e applicazioni.<br>Il pulsante \"Accedi alla webmail\" fornisce un singolo accesso a SOGo ed è sempre disponibile.",
-        "pushover_sound": "Suono"
+        "pushover_sound": "Suono",
+        "attribute": "Attributo",
+        "value": "Valore"
     },
     "warning": {
         "cannot_delete_self": "Cannot delete logged in user",
diff --git a/data/web/lang/lang.nb-no.json b/data/web/lang/lang.nb-no.json
new file mode 100644
index 000000000..8e0946206
--- /dev/null
+++ b/data/web/lang/lang.nb-no.json
@@ -0,0 +1,208 @@
+{
+    "admin": {
+        "api_read_only": "Kun lesetilgang",
+        "advanced_settings": "Avanserte innstillinger",
+        "admin_details": "Endre administratordetaljer",
+        "add_row": "Legg til rad",
+        "active_rspamd_settings_map": "Aktivt innstillingskart",
+        "admins": "Administratorer",
+        "api_info": "APIet er under utvikling. Dokumentasjonen finnes på <a href=\"/api\">/api</a>",
+        "admin_domains": "Domenetilordninger",
+        "add": "Legg til",
+        "active": "Aktiv",
+        "add_transport": "Legg til transport",
+        "api_key": "API-nøkkel",
+        "add_admin": "Legg til administrator",
+        "admin": "Administrator",
+        "allowed_methods": "Tilgangskontroll-Tillatte-Metoder",
+        "add_transports_hint": "Vær oppmerksom på at eventuelle autentiseringsdata vil bli lagret i klartekst.",
+        "add_relayhost": "Legg til sender-avhengig transport",
+        "additional_rows": " ekstra rader ble lagt til",
+        "admins_ldap": "LDAP-administratorer",
+        "action": "Handling",
+        "add_settings_rule": "Legg til innstillingsregel",
+        "allowed_origins": "Tilgangskontroll-Tillat-Opphav",
+        "api_allow_from": "Tillat API-tilgang fra disse IP/CIDR-nettverkene",
+        "activate_send": "Aktivér sendeknapp",
+        "access": "Tilgang",
+        "add_domain_admin": "Legg til domeneadministrator",
+        "add_forwarding_host": "Legg til videresendingsvert",
+        "activate_api": "Aktivér API",
+        "add_relayhost_hint": "Vennligst vær oppmerksom på at autentiseringsdata, om noe, vil bli lagret i klartekst.",
+        "app_links": "App-lenker",
+        "app_name": "App-navn",
+        "apps_name": "\"mailcow Apps\"-navn",
+        "arrival_time": "Ankomsttid (servertid)",
+        "authed_user": "Autorisert bruker",
+        "ays": "Er du sikker på at du vil fortsette?",
+        "change_logo": "Endre logo",
+        "logo_normal_label": "Normal",
+        "logo_dark_label": "Omvendt for mørk modus",
+        "configuration": "Konfigurasjon",
+        "convert_html_to_text": "Konvertér HTML til ren tekst",
+        "copy_to_clipboard": "Tekst kopiert til utklippstavle!",
+        "cors_settings": "CORS-innstillinger",
+        "credentials_transport_warning": "<b>Advarsel</b>:  Å legge til en ny transport-mapping vil oppdatere innloggingsinformasjon for alle oppføringer med en tilsvarende \"next hop\"-kolonne.",
+        "customer_id": "Kunde-ID",
+        "customize": "Tilpass",
+        "destination": "Mål",
+        "dkim_add_key": "Legg til ARC/DKIM-nøkkel",
+        "dkim_domains_selector": "Velger",
+        "dkim_domains_wo_keys": "Velg domener med manglende nøkler",
+        "dkim_from": "Fra",
+        "dkim_key_length": "DKIM-nøkkellengde (bits)",
+        "dkim_key_missing": "Nøkkel mangler",
+        "dkim_key_unused": "Nøkkel ikke i bruk",
+        "dkim_key_valid": "Nøkkel gyldig",
+        "dkim_keys": "ARC/DKIM-nøkler",
+        "dkim_overwrite_key": "Overskriv eksisterende DKIM-nøkkel",
+        "dkim_private_key": "Privat nøkkel",
+        "dkim_to": "Til",
+        "domain_admins": "Domeneadministratorer",
+        "domain_s": "Domene/r",
+        "duplicate": "Duplikat",
+        "duplicate_dkim": "Duplisert DKIM-oppføring",
+        "edit": "Rediger",
+        "empty": "Ingen resultater",
+        "excludes": "Ekspluderer disse mottakerne",
+        "f2b_ban_time": "Utestengingstid (sek)",
+        "f2b_blacklist": "Svartelistede nettverk/verter",
+        "f2b_filter": "Regex-filtre",
+        "f2b_manage_external": "Betjene Fail2Ban eksternt",
+        "f2b_manage_external_info": "Fail2Ban vil fortsette å vedlikeholde utestengingslisten, men den vil ikke aktivt legge til regler for å blokkere trafikk. Bruk den genererte blokkeringslisten under for å blokkere trafikk eksternt.",
+        "f2b_max_attempts": "Maks antall forsøk",
+        "f2b_max_ban_time": "Maks utestengingstid (sek)",
+        "f2b_netban_ipv4": "IPv4-subnetstørrelse å aktivere blokkering for (8-32)",
+        "f2b_netban_ipv6": "IPv6-subnetstørrelse å aktivere blokkering for (8-128)",
+        "f2b_parameters": "Fail2Ban-parametre",
+        "f2b_retry_window": "Tidsrom (sek) for maks antall forsøk",
+        "f2b_whitelist": "Hvitelistede nettverk/verter",
+        "filter_table": "Filtreringstabell",
+        "forwarding_hosts": "Videresendingsverter",
+        "api_skip_ip_check": "Hopp over IP-sjekk for API",
+        "ban_list_info": "Se liste over utestengte IPer under: <b>nettverk (gjenværende utestengingstid) - [handlinger]</b>.<br />IPer i kø for å bli tillatt igjen vil bli fjernet fra den aktive utestengingslisten i løpet av noen sekunder.<br />Røde etiketter indikerer aktive permanente utestenginger via svartelisting.",
+        "dkim_from_title": "Kildedomene å kopiere data fra",
+        "domain": "Domene",
+        "f2b_ban_time_increment": "Utestengingstid økes for hver ny utestenging",
+        "api_read_write": "Lese- og skrivetilgang",
+        "f2b_list_info": "En svartelistet vert eller nettverk vil alltid ha større vekt enn en hvitelistet oppføring.<b>Oppdateringer av listen tar noen sekunder før de vises.</b>",
+        "f2b_regex_info": "Logger tatt i betraktning: SOGo, Postfix, Dovecot, PHP-FHM.",
+        "dkim_to_title": "Måldomene/r - vil bli overskrevet",
+        "domain_admin": "Domeneadministrator",
+        "r_active": "Aktive begrensninger",
+        "queue_unban": "fjern blokkering",
+        "r_inactive": "Inaktive begrensninger",
+        "r_info": "Grå/deaktivere elementer i listen over aktive restriksjoner er ikke kjente som gyldige restriksjoner i mailcow og kan ikke flyttes. Ukjente begrensninger vil bli aktivert i den rekkefølgen de opptrer uansett.<br>Du kan legge til nye elementer i <code>inc/vars.local.inc.php</code> for å kunne slå dem av og på."
+    },
+    "acl": {
+        "ratelimit": "Nivågrense",
+        "sogo_profile_reset": "Nullstill SOGo-profil",
+        "smtp_ip_access": "Endre tillatte verter for SMTP",
+        "tls_policy": "TLS-policy",
+        "spam_alias": "Midlertidige alias",
+        "spam_policy": "Svarteliste/Hvitliste",
+        "unlimited_quota": "Ubegrenset kvote for postkasser",
+        "sogo_access": "Tillat administrasjon av SOGo-tilgang",
+        "syncjobs": "Synkroniser jobber",
+        "spam_score": "Spam-resultat",
+        "recipient_maps": "Mottakerkart",
+        "alias_domains": "Legg til alias-domene",
+        "app_passwds": "Behandle app-passord",
+        "bcc_maps": "BCC-mappinger",
+        "delimiter_action": "Skilletegn-handling",
+        "domain_relayhost": "Endre videresendingsvert for et domene",
+        "eas_reset": "Nullstill EAS-enheter",
+        "filters": "Filtre",
+        "login_as": "Logg inn som postkassebruker",
+        "mailbox_relayhost": "Endre videresendingsvert for en postkasse",
+        "prohibited": "Forbudt av ACL",
+        "protocol_access": "Endre protokolltilgang",
+        "pushover": "Pushover",
+        "quarantine": "Karantenehandlinger",
+        "quarantine_attachments": "Sett vedlegg i karantene",
+        "quarantine_category": "Endre varslingskategori for karantene",
+        "quarantine_notification": "Endre karantenevarslinger",
+        "domain_desc": "Endre domenebeskrivelse",
+        "extend_sender_acl": "Tillat utvidelse av sender-ACL fra eksterne adresser"
+    },
+    "add": {
+        "app_passwd_protocols": "Tillatte protokoller for app-passord",
+        "hostname": "Vert",
+        "goto_ham": "Lær som <span class=\"text-success\"><b>ham</b></span>",
+        "custom_params": "Tilpassede parametre",
+        "target_address": "Gå-til-adresse",
+        "delete2": "Slett meldinger på måldestinasjonen som ikke finnes på kilden",
+        "syncjob": "Legg til synkroniseringsjobb",
+        "domain": "Domene",
+        "timeout1": "Tidsavbrudd for tilkobling til ekstern vert",
+        "goto_null": "Slett epost uten varsling",
+        "custom_params_hint": "Riktig: --param=xy, feil: --param xy",
+        "multiple_bookings": "Flere reservasjoner",
+        "alias_domain": "Aliasdomene",
+        "exclude": "Ekskludér objekter (regex)",
+        "validate": "Validér",
+        "dry": "Simulér synkronisering",
+        "relay_all_info": "↪ Hvis du velger å <b>ikke</b> videresende for alle mottakere, så må du legge til en (\"blind\") postkasse for hver eneste mottaker som det skal videresendes for.",
+        "description": "Beskrivelse",
+        "destination": "Måldestinasjon",
+        "alias_domain_info": "<small>Kun gyldige domenenavn (kommaseparerte).</small>",
+        "mailbox_username": "Brukernavn (venstre del av en epostadresse)",
+        "username": "Brukernavn",
+        "mins_interval": "Sjekkintervall (minutter)",
+        "disable_login": "Ikke tillat innlogging (innkommende epost blir fremdeles mottatt)",
+        "delete2duplicates": "Slett duplikater på måldestinasjonen",
+        "post_domain_add": "SOGo-kontaineren, \"sogo-mailcow\", må startes på nytt etter at man har lagt til et nytt domene!<br><br>I tillegg må domenets DNS-oppsett ses gjennom. Når DNS-oppsettet er godkjent, start \"acme-mailcow\" på nytt for å automatisk opprette sertifikater for det nye domenet (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;).<br>Dette steget er valgfritt og vil bli forsøkt utført hver 24. time.",
+        "select": "Vennligst velg...",
+        "full_name": "Fullt navn",
+        "alias_address": "Aliasadresse/r",
+        "activate_filter_warn": "Alle andre filtre vil deaktiveres når aktive er valgt.",
+        "quota_mb": "Kvote (MiB)",
+        "gal_info": "Den globale adresselisten inneholder alle objekter i et domene og kan ikke redigeres av noen bruker. Ledig/opptatt-informasjon i SOGo vil mangle, hvis deaktivert! <b>Start SOGo på nytt for å aktivere endringene.</b>",
+        "alias_address_info": "<small>Komplett/e epostadresse/r eller @example.com, for å fange opp alle meldinger til et domene (kommaseparert).<b>Kun mailcow-domener</b>.</small>",
+        "bcc_dest_format": "BCC-mål må være én enkelt og gyldig epostadresse.<br>Hvis du trenger å sende en kopi til flere adresser, opprett et alias og bruk det her.",
+        "add": "Legg til",
+        "add_domain_only": "Legg til kun domene",
+        "kind": "Type",
+        "relay_domain": "Vidersend for dette domenet",
+        "add_domain_restart": "Legg til domene og start SOGo på nytt",
+        "enc_method": "Krypteringsmetode",
+        "app_name": "App-navn",
+        "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Info</div> Du kan definere transport-kart for en egendefinert destinasjon for dette domenet. Hvis denne ikke er satt, vil det bli foretatt et MX-oppslag.",
+        "max_aliases": "Maks. antall mulige alias",
+        "comment_info": "En privat kommentar er ikke synlig for brukeren, mens en offentlig kommentar vises som et verktøytips når man holder muspekeren over i en brukers oversikt.",
+        "inactive": "Inaktiv",
+        "domain_quota_m": "Total domenekvote (MiB)",
+        "password": "Passord",
+        "delete1": "Slett fra kilde når fullført",
+        "tags": "Emneknagger",
+        "port": "Port",
+        "backup_mx_options": "Alternativer for videresending",
+        "gal": "Global Adresseliste",
+        "private_comment": "Privat kommentar",
+        "goto_spam": "Lær som <span class=\"text-danger\"><b>spam</b></span>",
+        "target_domain": "Måldomene",
+        "public_comment": "Offentlig kommentar",
+        "timeout2": "Tidsavbrudd for tilkobling til lokal vert",
+        "mailbox_quota_def": "Standard kvote for postkasser",
+        "skipcrossduplicates": "Hopp over duplikatmeldinger på tvers av mapper (førstemann til mølla)",
+        "sieve_desc": "Kort beskrivelse",
+        "mailbox_quota_m": "Maks. kvote pr. postkasse (MiB)",
+        "automap": "Forsøk automatisk mappe-tilordning (\"Sendte elementer\", \"Sendt\" => \"Sendt\" etc.)",
+        "validation_success": "Validering fullført",
+        "relay_all": "Videresend for alle mottakere",
+        "subscribeall": "Abonnér på alle mapper",
+        "domain_matches_hostname": "Domene %s er det samme som vertsnavn",
+        "generate": "opprett",
+        "app_password": "Legg til app-passord",
+        "max_mailboxes": "Maks. antall mulige postkasser",
+        "syncjob_hint": "Vær oppmerksom på at passord må lagres i klartekst!",
+        "relayhost_wrapped_tls_info": "Vennligst <b>ikke</b> bruk TLS-aktiverte porter (stort sett bare brukt på port 465).<br>\nBruk en annen ikke-TLS-aktivert port og send STARTTLS. En TLS-policy for å tvinge TLS kan opprettes i \"TLS-policy-mappinger\".",
+        "relay_unknown_only": "Videresend kun for ikke-eksisterende postkasser. Eksisterende postkasser vil bli levert lokalt.",
+        "sieve_type": "Filtertype",
+        "password_repeat": "Passordbekreftelse (gjenta)",
+        "nexthop": "Neste hopp",
+        "select_domain": "Vennligst velg et domene først",
+        "active": "Aktiv",
+        "target_address_info": "<small>Komplett/e epostadresse/r (kommaseparert).</small>"
+    }
+}
diff --git a/data/web/lang/lang.pt-br.json b/data/web/lang/lang.pt-br.json
index 5636f5cd0..0c099b696 100644
--- a/data/web/lang/lang.pt-br.json
+++ b/data/web/lang/lang.pt-br.json
@@ -1,6 +1,6 @@
 {
     "acl": {
-        "alias_domains": "Adicionar domínios alternativos",
+        "alias_domains": "Adicionar domínios alias",
         "app_passwds": "Gerenciar senhas de aplicativos",
         "bcc_maps": "Mapas BCC",
         "delimiter_action": "Ação delimitadora",
@@ -28,7 +28,7 @@
         "spam_score": "Pontuação de spam",
         "syncjobs": "Trabalhos de sincronização",
         "tls_policy": "Política de TLS",
-        "unlimited_quota": "Cota ilimitada para mailbox"
+        "unlimited_quota": "Cota ilimitada para mailboxes"
     },
     "add": {
         "activate_filter_warn": "Todos os outros filtros serão desativados quando a opção ativa estiver marcada.",
@@ -480,7 +480,9 @@
         "username_invalid": "O nome de usuário %s não pode ser usado",
         "validity_missing": "Por favor, atribua um período de validade",
         "value_missing": "Forneça todos os valores",
-        "yotp_verification_failed": "Falha na verificação do Yubico OTP: %s"
+        "yotp_verification_failed": "Falha na verificação do Yubico OTP: %s",
+        "img_dimensions_exceeded": "A imagem excede o tamanho máximo",
+        "img_size_exceeded": "A imagem excede o tamanho máximo"
     },
     "datatables": {
         "collapse_all": "Recolher tudo",
@@ -625,10 +627,10 @@
         "mailbox_relayhost_info": "Aplicado somente à caixa de correio e aos aliases diretos, substitui um host de retransmissão de domínio.",
         "max_aliases": "Máximo de aliases",
         "max_mailboxes": "Número máximo de mailboxes possíveis",
-        "max_quota": "Cota máxima por caixa de correio (MiB)",
+        "max_quota": "Cota máxima por mailbox (MiB)",
         "maxage": "Duração máxima das mensagens em dias que serão pesquisadas remotamente <br><small>(0 = ignorar a idade</small>)",
         "maxbytespersecond": "Máximo de bytes por segundo <br><small>(0 = ilimitado</small>)",
-        "mbox_rl_info": "Esse limite de taxa é aplicado ao nome de login do SASL e corresponde a qualquer endereço “de” usado pelo usuário conectado. Um limite de taxa de caixa de correio substitui um limite de taxa em todo o domínio.",
+        "mbox_rl_info": "Esse limite de taxa é aplicado ao nome de login do SASL e corresponde a qualquer endereço “de” usado pelo usuário conectado. Um limite de taxa de mailbox substitui um limite de taxa em todo o domínio.",
         "mins_interval": "Intervalo (min)",
         "multiple_bookings": "Várias reservas",
         "none_inherit": "Nenhum/Herdar",
@@ -655,7 +657,7 @@
         "ratelimit": "Limite de taxa",
         "redirect_uri": "URL de redirecionamento/retorno de chamada",
         "relay_all": "Retransmita todos os destinatários",
-        "relay_all_info": "↪ Se você optar por <b>não</b> retransmitir todos os destinatários, precisará adicionar uma caixa de correio (“cega”) para cada destinatário que deve ser retransmitido.",
+        "relay_all_info": "↪ Se você optar por <b>não</b> retransmitir todos os destinatários, precisará adicionar uma mailbox (“cega”) para cada destinatário que deve ser retransmitido.",
         "relay_domain": "Retransmitir este domínio",
         "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Informações</div> Você pode definir mapas de transporte para um destino personalizado para esse domínio. Se não for definido, uma pesquisa MX será feita.",
         "relay_unknown_only": "Retransmita somente mailboxes não existentes. As caixas de mailboxes serão entregues localmente.",
@@ -666,14 +668,14 @@
         "scope": "Escopo",
         "sender_acl": "Permitir enviar como",
         "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">A verificação do remetente está desativada</span>",
-        "sender_acl_info": "Se o usuário A da caixa de correio tiver permissão para enviar como usuário B da caixa de correio, o endereço do remetente não será exibido automaticamente como campo “de” selecionável no SoGo. <br>\r\n O usuário B da caixa de correio precisa criar uma delegação no SoGo para permitir que o usuário A da caixa de correio selecione seu endereço como remetente. Para delegar uma caixa de correio no SoGo, use o menu (três pontos) à direita do nome da sua caixa de correio no canto superior esquerdo enquanto estiver na visualização de e-mail. Esse comportamento não se aplica a endereços de alias.",
+        "sender_acl_info": "Se o usuário A da mailbox tiver permissão para enviar como usuário B da mailbox, o endereço do remetente não será exibido automaticamente como campo “de” selecionável no SoGo. <br>\n O usuário B da mailbox precisa criar uma delegação no SoGo para permitir que o usuário A da mailbox selecione seu endereço como remetente. Para delegar uma mailbox no SoGo, use o menu (três pontos) à direita do nome da sua caixa de correio no canto superior esquerdo enquanto estiver na visualização de e-mail. Esse comportamento não se aplica a endereços de alias.",
         "sieve_desc": "Breve descrição",
         "sieve_type": "Tipo de filtro",
         "skipcrossduplicates": "Ignore mensagens duplicadas entre pastas (primeiro a chegar, primeiro a ser servido)",
         "sogo_access": "Conceder acesso de login direto ao SoGo",
         "sogo_access_info": "O login único de dentro da interface do usuário de e-mail continua funcionando. Essa configuração não afeta o acesso a todos os outros serviços nem exclui ou altera o perfil SoGo existente de um usuário.",
         "sogo_visible": "O alias é visível no SoGo",
-        "sogo_visible_info": "Essa opção afeta somente objetos, que podem ser exibidos no SoGo (endereços de alias compartilhados ou não compartilhados apontando para pelo menos uma caixa de correio local). Se estiver oculto, um alias não aparecerá como remetente selecionável no SoGo.",
+        "sogo_visible_info": "Essa opção afeta somente objetos, que podem ser exibidos no SoGo (endereços de alias compartilhados ou não compartilhados apontando para pelo menos uma mailbox local). Se estiver oculto, um alias não aparecerá como remetente selecionável no SoGo.",
         "spam_alias": "Crie ou altere endereços de alias com limite de tempo",
         "spam_filter": "Filtro de spam",
         "spam_policy": "Adicionar ou remover itens da lista branca/negra",
@@ -688,7 +690,9 @@
         "unchanged_if_empty": "Se inalterado, deixe em branco",
         "username": "Nome de usuário",
         "validate_save": "Valide e salve",
-        "custom_attributes": "Atributos personalizados"
+        "custom_attributes": "Atributos personalizados",
+        "mbox_exclude": "Excluir mailboxes",
+        "domain_footer_skip_replies": "Ignore o rodapé nos e-mails de resposta"
     },
     "fido2": {
         "confirm": "Confirme",
@@ -724,7 +728,7 @@
         "administration": "Configuração e detalhes",
         "apps": "Aplicativos",
         "debug": "Informações",
-        "email": "Correio eletrônico",
+        "email": "E-mail",
         "mailcow_system": "Sistema",
         "mailcow_config": "Configuração",
         "quarantine": "Quarentena",
@@ -741,7 +745,7 @@
         "delayed": "O login foi atrasado em %s segundos.",
         "fido2_webauthn": "Login do FIDO2/WebAuthn",
         "login": "Login",
-        "mobileconfig_info": "Faça login como usuário da caixa de correio para baixar o perfil de conexão Apple solicitado.",
+        "mobileconfig_info": "Faça login como usuário da mailbox para baixar o perfil de conexão Apple solicitado.",
         "other_logins": "Login com chave",
         "password": "Senha",
         "username": "Nome de usuário"
@@ -758,16 +762,16 @@
         "add_domain_alias": "Adicionar alias de domínio",
         "add_domain_record_first": "Por favor, adicione um domínio primeiro",
         "add_filter": "Adicionar filtro",
-        "add_mailbox": "Adicionar caixa de correio",
+        "add_mailbox": "Adicionar mailbox",
         "add_recipient_map_entry": "Adicionar mapa do destinatário",
         "add_resource": "Adicionar recurso",
         "add_template": "Adicionar modelo",
         "add_tls_policy_map": "Adicionar mapa de política TLS",
         "address_rewriting": "Reescrita de endereço",
-        "alias": "Pseudônimo",
-        "alias_domain_alias_hint": "Os aliases <b>não</b> são aplicados automaticamente aos aliases de domínio. Um endereço de alias <code>my-alias @domain</code> <b>não</b> cobre o endereço <code>my-alias @alias -domain (onde “alias-domain” é um domínio</code> de alias imaginário para “domain”). <br>Use um filtro de peneira para redirecionar e-mails para uma caixa de correio externa (consulte a guia “Filtros” ou use SoGo -> Forwarder). Use “Expandir alias em domínios de alias” para adicionar automaticamente os aliases ausentes.",
+        "alias": "Alias",
+        "alias_domain_alias_hint": "Os aliases <b>não</b> são aplicados automaticamente aos aliases de domínio. Um endereço de alias <code>my-alias@domain</code> <b>não</b> cobre o endereço <code>my-alias@alias -domain</code> (onde “alias-domain” é um domínio de alias imaginário para “domain”). <br>Use um filtro para redirecionar e-mails para uma mailbox externa (consulte a guia “Filtros” ou use SoGo -> Forwarder). Use “Expandir alias em domínios de alias” para adicionar automaticamente os aliases ausentes.",
         "alias_domain_backupmx": "Domínio de alias inativo para domínio de retransmissão",
-        "aliases": "Pseudônimos",
+        "aliases": "Aliases",
         "all_domains": "Todos os domínios",
         "allow_from_smtp": "<b>Permita que esses IPs usem apenas SMTP</b>",
         "allow_from_smtp_info": "Deixe em branco para permitir todos os remetentes. Endereços e <br>redes IPv4/IPv6.",
@@ -829,16 +833,16 @@
         "last_pw_change": "Última alteração de senha",
         "last_run": "Última corrida",
         "last_run_reset": "Programe a seguir",
-        "mailbox": "Caixa de correio",
+        "mailbox": "Mailbox",
         "mailbox_defaults": "Configurações padrão",
         "mailbox_defaults_info": "Defina as configurações padrão para novas mailboxes.",
-        "mailbox_defquota": "Tamanho padrão da caixa de correio",
-        "mailbox_templates": "Modelos de caixa de correio",
-        "mailbox_quota": "Tamanho máximo de uma caixa de correio",
-        "mailboxes": "mailboxes",
+        "mailbox_defquota": "Tamanho padrão da mailbox",
+        "mailbox_templates": "Modelos de mailbox",
+        "mailbox_quota": "Tamanho máximo de uma mailbox",
+        "mailboxes": "Mailboxes",
         "max_aliases": "Máximo de aliases",
         "max_mailboxes": "Número máximo de mailboxes possíveis",
-        "max_quota": "Cota máxima por caixa de correio",
+        "max_quota": "Cota máxima por mailbox",
         "mins_interval": "Intervalo (min)",
         "msg_num": "Mensagem #",
         "multiple_bookings": "Várias reservas",
@@ -895,7 +899,7 @@
         "syncjob_EXIT_CONNECTION_FAILURE": "Problema de conexão",
         "syncjob_EXIT_TLS_FAILURE": "Problema com conexão criptografada",
         "syncjob_EXIT_AUTHENTICATION_FAILURE": "Problema de autenticação",
-        "syncjob_EXIT_OVERQUOTA": "A caixa de correio de destino está acima da cota",
+        "syncjob_EXIT_OVERQUOTA": "A mailbox de destino está acima da cota",
         "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Não é possível se conectar ao servidor remoto",
         "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Nome de usuário ou senha incorretos",
         "table_size": "Tamanho da mesa",
@@ -922,7 +926,7 @@
         "yes": "✓"
     },
     "oauth2": {
-        "access_denied": "Faça login como proprietário da caixa de correio para conceder acesso via OAuth2.",
+        "access_denied": "Faça login como proprietário da mailbox para conceder acesso via OAuth2.",
         "authorize_app": "Autorizar aplicativo",
         "deny": "Negar",
         "permit": "Autorizar aplicativo",
@@ -938,7 +942,7 @@
         "confirm_delete": "Confirme a exclusão desse elemento.",
         "danger": "Perigo",
         "deliver_inbox": "Entregar na caixa de entrada",
-        "disabled_by_config": "A configuração atual do sistema desativa a funcionalidade de quarentena. Defina “retenções por caixa de correio” e um “tamanho máximo” para os elementos de quarentena.",
+        "disabled_by_config": "A configuração atual do sistema desativa a funcionalidade de quarentena. Defina “retenções por mailbox” e um “tamanho máximo” para os elementos de quarentena.",
         "download_eml": "Baixar (.eml)",
         "empty": "Sem resultados",
         "high_danger": "Alto",
@@ -951,7 +955,7 @@
         "notified": "Notificado",
         "qhandler_success": "Solicitação enviada com sucesso para o sistema. Agora você pode fechar a janela.",
         "qid": "Respand AID",
-        "qinfo": "O sistema de quarentena salvará as mensagens rejeitadas no banco de dados (o remetente <em>não</em> terá a impressão de uma mensagem entregue), bem como as mensagens, que são entregues como cópia na pasta Lixo eletrônico de uma caixa de correio.\r\n <br>“Aprenda como spam e exclua” aprenderá uma mensagem como spam por meio do teorema bayesiano e também calculará hashes difusos para negar mensagens semelhantes no futuro.\r\n <br>Esteja ciente de que aprender várias mensagens pode ser demorado, dependendo do seu sistema. <br>Os elementos da lista negra são excluídos da quarentena.",
+        "qinfo": "O sistema de quarentena salvará as mensagens rejeitadas no banco de dados (o remetente <em>não</em> terá a impressão de uma mensagem entregue), bem como as mensagens, que são entregues como cópia na pasta Lixo eletrônico de uma mailbox.\n <br>“Aprenda como spam e exclua” aprenderá uma mensagem como spam por meio do Teorema de Bayes e também calculará hashes difusos para negar mensagens semelhantes no futuro.\n <br>Esteja ciente de que aprender várias mensagens pode ser demorado, dependendo do seu sistema. <br>Os elementos da lista negra são excluídos da quarentena.",
         "qitem": "Item de quarentena",
         "quarantine": "Quarentena",
         "quick_actions": "Ações",
@@ -1010,7 +1014,7 @@
         "help": "Mostrar/ocultar painel de ajuda",
         "imap_smtp_server_auth_info": "Use seu endereço de e-mail completo e o mecanismo de autenticação PLAIN. <br>\r\nSeus dados de login serão criptografados pela criptografia obrigatória do lado do servidor.",
         "mailcow_apps_detail": "Use um aplicativo mailcow para acessar seus e-mails, calendário, contatos e muito mais.",
-        "mailcow_panel_detail": "<b>Os administradores de domínio</b> criam, modificam ou excluem mailboxes e aliases, alteram domínios e leem mais informações sobre seus domínios atribuídos. <br>\n<b>Os usuários de caixas de correio</b> podem criar aliases com limite de tempo (aliases de spam), alterar suas configurações de senha e filtro de spam."
+        "mailcow_panel_detail": "<b>Os administradores de domínio</b> criam, modificam ou excluem mailboxes e aliases, alteram domínios e leem mais informações sobre seus domínios atribuídos. <br>\n<b>Os usuários de mailbox </b> podem criar aliases com limite de tempo (aliases de spam), alterar suas configurações de senha e filtro de spam."
     },
     "success": {
         "acl_saved": "ACL para o objeto %s salvo",
@@ -1062,9 +1066,9 @@
         "learned_ham": "Identificação %s como ham aprendida com sucesso",
         "license_modified": "As alterações na licença foram salvas",
         "logged_in_as": "Conectado como %s",
-        "mailbox_added": "A caixa de correio %s foi adicionada",
-        "mailbox_modified": "As alterações na caixa de correio %s foram salvas",
-        "mailbox_removed": "A caixa de correio %s foi removida",
+        "mailbox_added": "A mailbox %s foi adicionada",
+        "mailbox_modified": "As alterações na mailbox %s foram salvas",
+        "mailbox_removed": "A mailbox %s foi removida",
         "nginx_reloaded": "O Nginx foi recarregado",
         "object_modified": "As alterações no objeto %s foram salvas",
         "password_policy_saved": "A política de senha foi salva com sucesso",
@@ -1077,7 +1081,7 @@
         "relayhost_removed": "A entrada de mapa %s foi removida",
         "reset_main_logo": "Redefinir para o logotipo padrão",
         "resource_added": "O recurso %s foi adicionado",
-        "resource_modified": "As alterações na caixa de correio %s foram salvas",
+        "resource_modified": "As alterações na mailbox %s foram salvas",
         "resource_removed": "O recurso %s foi removido",
         "rl_saved": "Limite de taxa para o objeto %s salvo",
         "rspamd_ui_pw_set": "Senha do Rspamd UI definida com sucesso",
@@ -1123,14 +1127,15 @@
         "webauthn": "Autenticação WebAuthn",
         "waiting_usb_auth": "<i>Aguardando o dispositivo USB...</i> <br><br>Toque no botão no seu dispositivo USB agora.",
         "waiting_usb_register": "<i>Aguardando o dispositivo USB...</i> <br><br>Digite sua senha acima e confirme seu registro tocando no botão no seu dispositivo USB.",
-        "yubi_otp": "Autenticação Yubico OTP"
+        "yubi_otp": "Autenticação Yubico OTP",
+        "authenticators": "Autenticadores"
     },
     "user": {
         "action": "Ação",
         "active": "Ativo",
         "active_sieve": "Filtro ativo",
         "advanced_settings": "Configurações avançadas",
-        "alias": "Pseudônimo",
+        "alias": "Alias",
         "alias_create_random": "Gere um alias aleatório",
         "alias_extend_all": "Estenda os aliases em 1 hora",
         "alias_full_date": "D.M.Y., H: S T",
@@ -1147,7 +1152,7 @@
         "apple_connection_profile": "Perfil de conexão da Apple",
         "apple_connection_profile_complete": "Esse perfil de conexão inclui parâmetros IMAP e SMTP, bem como caminhos CalDAV (calendários) e CardDAV (contatos) para um dispositivo Apple.",
         "apple_connection_profile_mailonly": "Esse perfil de conexão inclui parâmetros de configuração IMAP e SMTP para um dispositivo Apple.",
-        "apple_connection_profile_with_app_password": "Uma nova senha de aplicativo é gerada e adicionada ao perfil para que nenhuma senha precise ser inserida ao configurar seu dispositivo. Não compartilhe o arquivo, pois ele concede acesso total à sua caixa de correio.",
+        "apple_connection_profile_with_app_password": "Uma nova senha de aplicativo é gerada e adicionada ao perfil para que nenhuma senha precise ser inserida ao configurar seu dispositivo. Não compartilhe o arquivo, pois ele concede acesso total à sua mailbox.",
         "change_password": "Alterar senha",
         "change_password_hint_app_passwords": "Sua conta tem %d senhas de aplicativos que não serão alteradas. Para gerenciá-las, acesse a guia Senhas do aplicativo.",
         "clear_recent_successful_connections": "Conexões bem-sucedidas e claras",
@@ -1160,7 +1165,7 @@
         "delete_ays": "Confirme o processo de exclusão.",
         "direct_aliases": "Endereços de alias diretos",
         "direct_aliases_desc": "Os endereços de alias diretos são afetados pelo filtro de spam e pelas configurações da política TLS.",
-        "direct_protocol_access": "Esse usuário da caixa de correio tem <b>acesso externo direto</b> aos seguintes protocolos e aplicativos. Essa configuração é controlada pelo administrador. As senhas de aplicativos podem ser criadas para conceder acesso a protocolos e aplicativos individuais. <br>O botão “Login no webmail” fornece login único no SoGo e está sempre disponível.",
+        "direct_protocol_access": "Esse usuário da mailbox tem <b>acesso externo direto</b> aos seguintes protocolos e aplicativos. Essa configuração é controlada pelo administrador. As senhas de aplicativos podem ser criadas para conceder acesso a protocolos e aplicativos individuais. <br>O botão “Login no webmail” fornece login único no SoGo e está sempre disponível.",
         "eas_reset": "Redefinir o cache do dispositivo ActiveSync",
         "eas_reset_help": "Em muitos casos, uma redefinição do cache do dispositivo ajudará a recuperar um perfil quebrado do ActiveSync. <br><b>Atenção:</b> Todos os elementos serão baixados novamente!",
         "eas_reset_now": "Reinicie agora",
@@ -1187,7 +1192,7 @@
         "last_ui_login": "Último login na interface do usuário",
         "loading": "Carregando...",
         "login_history": "Histórico de login",
-        "mailbox": "Caixa de correio",
+        "mailbox": "Mailbox",
         "mailbox_details": "Detalhes",
         "mailbox_general": "Geral",
         "mailbox_settings": "Configurações",
@@ -1239,7 +1244,7 @@
         "spamfilter": "Filtro de spam",
         "spamfilter_behavior": "Avaliação",
         "spamfilter_bl": "Lista negra",
-        "spamfilter_bl_desc": "Endereços de e-mail na lista negra para <b>sempre</b> serem classificados como spam e rejeitados. E-mails rejeitados <b>não</b> serão copiados para a quarentena. Podem ser usados curingas. Um filtro só é aplicado a aliases diretos (aliases com uma única caixa de correio de destino), excluindo aliases abrangentes e a própria caixa de correio.",
+        "spamfilter_bl_desc": "Endereços de e-mail na lista negra para <b>sempre</b> serem classificados como spam e rejeitados. E-mails rejeitados <b>não</b> serão copiados para a quarentena. Podem ser usados curingas. Um filtro só é aplicado a aliases diretos (aliases com uma única caixa de correio de destino), excluindo aliases abrangentes e a própria mailbox.",
         "spamfilter_default_score": "Valores padrão",
         "spamfilter_green": "Verde: esta mensagem não é spam",
         "spamfilter_hint": "O primeiro valor descreve a “pontuação baixa de spam”, o segundo representa a “alta pontuação de spam”.",
@@ -1251,7 +1256,7 @@
         "spamfilter_table_remove": "remover",
         "spamfilter_table_rule": "Regra",
         "spamfilter_wl": "Lista branca",
-        "spamfilter_wl_desc": "Os endereços de e-mail incluídos na lista branca são programados para <b>nunca</b> serem classificados como spam. Podem ser usados curingas. Um filtro só é aplicado a aliases diretos (aliases com uma única caixa de correio de destino), excluindo aliases abrangentes e a própria caixa de correio.",
+        "spamfilter_wl_desc": "Os endereços de e-mail incluídos na lista branca são programados para <b>nunca</b> serem classificados como spam. Podem ser usados curingas. Um filtro só é aplicado a aliases diretos (aliases com uma única mailbox de destino), excluindo aliases abrangentes e a própria mailbox.",
         "spamfilter_yellow": "Amarelo: esta mensagem pode ser spam, será marcada como spam e movida para sua pasta de lixo eletrônico",
         "status": "Status",
         "sync_jobs": "Trabalhos de sincronização",
@@ -1261,7 +1266,7 @@
         "syncjob_EXIT_CONNECTION_FAILURE": "Problema de conexão",
         "syncjob_EXIT_TLS_FAILURE": "Problema com conexão criptografada",
         "syncjob_EXIT_AUTHENTICATION_FAILURE": "Problema de autenticação",
-        "syncjob_EXIT_OVERQUOTA": "A caixa de correio de destino está acima da cota",
+        "syncjob_EXIT_OVERQUOTA": "A mailbox de destino está acima da cota",
         "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Não é possível se conectar ao servidor remoto",
         "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Nome de usuário ou senha incorretos",
         "tag_handling": "Definir o tratamento para e-mails marcados",
@@ -1275,7 +1280,7 @@
         "tls_enforce_in": "Imponha a entrada de TLS",
         "tls_enforce_out": "Imponha a saída TLS",
         "tls_policy": "Política de criptografia",
-        "tls_policy_warning": "<strong>Aviso:</strong> Se você decidir impor a transferência de e-mail criptografada, poderá perder e-mails. <br>As mensagens que não satisfizerem a política serão devolvidas com uma falha grave pelo sistema de correio. <br>Essa opção se aplica ao seu endereço de e-mail principal (nome de login), a todos os endereços derivados de domínios de alias, bem como aos endereços de alias <b>com apenas essa única caixa de correio</b> como destino.",
+        "tls_policy_warning": "<strong>Aviso:</strong> Se você decidir impor a transferência de e-mail criptografada, poderá perder e-mails. <br>As mensagens que não satisfizerem a política serão devolvidas com uma falha grave pelo sistema de correio. <br>Essa opção se aplica ao seu endereço de e-mail principal (nome de login), a todos os endereços derivados de domínios de alias, bem como aos endereços de alias <b>com apenas essa única mailbox </b> como destino.",
         "user_settings": "Configurações do usuário",
         "username": "Nome de usuário",
         "verify": "Verificar",
diff --git a/data/web/lang/lang.zh-tw.json b/data/web/lang/lang.zh-tw.json
index af2fb557e..c3c2cf714 100644
--- a/data/web/lang/lang.zh-tw.json
+++ b/data/web/lang/lang.zh-tw.json
@@ -88,7 +88,7 @@
         "relay_all": "中繼所有收件人",
         "relay_all_info": "↪ 如果選擇<b>不</b>中繼所有收件人，你會需要幫每個應該中繼的收件人新增一個 (\"盲\") 信箱。",
         "relay_domain": "中繼此域名",
-        "relay_transport_info": "<div class=\"label label-info\">資訊</div> 你可以為此域名定義傳輸規則以自訂目的地，如果留空則會遵照 MX 紀錄。",
+        "relay_transport_info": "<div class=\"badge fs-6 bg-info\">資訊</div> 你可以為此域名定義傳輸規則以自訂目的地，如果留空則會遵照 MX 紀錄。",
         "relay_unknown_only": "只為不存在的信箱地址中繼。已存在的信箱地址則在本區域遞送。",
         "relayhost_wrapped_tls_info": "請 <b>不要</b> 使用\"已包裝 TLS\"的通訊埠 (大多為通訊埠 465).<br>\r\n使用其他\"未包裝\"的通訊埠發起 STARTTLS. 你可以在\"TLS 規則表\"中新增強制使用 TLS 的規則。",
         "select": "請選擇...",
@@ -519,7 +519,8 @@
         "show_ip": "顯示公網IP",
         "update_available": "有可用更新",
         "no_update_available": "系統已經是最新版本",
-        "update_failed": "無法檢查更新"
+        "update_failed": "無法檢查更新",
+        "wip": "工作正在進行中"
     },
     "diagnostics": {
         "cname_from_a": "由 A/AAAA 紀錄獲取。只要紀錄指向正確的資源，此功能就會持續運作。",
@@ -616,7 +617,7 @@
         "relay_all": "中繼所有收件人",
         "relay_all_info": "↪ 如果選擇<b>不</b>中繼所有收件人，你會需要幫每個應該中繼的收件人新增一個 (\"盲\") 信箱。",
         "relay_domain": "中繼這個域名",
-        "relay_transport_info": "<div class=\"label label-info\">資訊</div> 你可以為此域名定義傳輸規則以自訂目的地，如果留空則會遵照 MX 紀錄。",
+        "relay_transport_info": "<div class=\"badge fs-6 bg-info\">資訊</div> 你可以為此域名定義傳輸規則以自訂目的地，如果留空則會遵照 MX 紀錄。",
         "relay_unknown_only": "只為不存在的信箱地址中繼。已存在的信箱地址則在本區域遞送。",
         "relayhost": "中繼傳輸",
         "remove": "移除",
@@ -624,7 +625,7 @@
         "save": "儲存更改",
         "scope": "範圍",
         "sender_acl": "允許發送為",
-        "sender_acl_disabled": "<span class=\"label label-danger\">寄件人檢查已關閉</span>",
+        "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">寄件人檢查已關閉</span>",
         "sender_acl_info": "如果信箱使用者 A 被允許以信箱使用者 B 發送郵件，該寄件人地址不會出現在 SOGo 中\"發送自\"的下拉選項中。<br>\r\n信箱使用者 B 需要新增授權以允許信箱使用者 A 選擇 B 的地址作為寄件人；授權方法為，在 SOGo 中點擊右上方信箱名稱左邊的選項按鈕(三個點)並授權。此行為不會套用於信箱別名。",
         "sieve_desc": "簡短描述",
         "sieve_type": "過濾器類型",
@@ -684,7 +685,7 @@
     "header": {
         "administration": "設定和管理",
         "apps": "應用程式",
-        "debug": "系統訊息",
+        "debug": "系統資訊",
         "quarantine": "隔離",
         "restart_netfilter": "重新啟動 netfilter",
         "restart_sogo": "重新啟動 SOGo",
@@ -829,7 +830,7 @@
         "sender": "寄件人",
         "set_postfilter": "標記為 postfilter",
         "set_prefilter": "標記為 prefilter",
-        "sieve_info": "你可以為每個使用者儲存多個過濾器，但只能同時啟用一個 prefilter 和一個 postfilter。<br>\r\n過濾器將按清單中的順序依次執行，下一個腳本不會因為上一個腳本失敗或\"keep;\"而停止。更改全域 sieve 腳本會重新啟動 Dovecot。<br><br>全域 sieve prefilter → Prefilter → 使用者腳本 → Postfilter → 全域 sieve postfilter",
+        "sieve_info": "你可以為每個使用者儲存多個過濾器，但只能同時啟用一個 prefilter 和一個 postfilter。<br>\n過濾器將按清單中的順序依次執行，下一個腳本不會因為上一個腳本失敗或保留而停止。更改全域 sieve 腳本會重新啟動 Dovecot。<br><br>全域 sieve prefilter &#8226; Prefilter &#8226; 使用者腳本 &#8226; Postfilter &#8226; 全域 sieve postfilter",
         "sieve_preset_1": "丟棄含有潛在危險檔案格式的信件",
         "sieve_preset_2": "永遠標記來自指定寄件人的郵件為已讀",
         "sieve_preset_3": "無聲刪除，並停止運行後續的 sieve 腳本",
@@ -837,7 +838,7 @@
         "sieve_preset_5": "自動回覆 (休假)",
         "sieve_preset_6": "拒絕郵件並回應",
         "sieve_preset_7": "重新導向並保留/刪除",
-        "sieve_preset_8": "刪除寄件人發送給包含自己別名地址的郵件",
+        "sieve_preset_8": "重新導向來自特定寄件者的電子郵件，標記為已讀取並分類到子資料夾中",
         "sieve_preset_header": "請看下方的範例預設。 查看 <a href=\"https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)\" target=\"_blank\">Wikipedia</a> 以瞭解更多細節。",
         "sogo_visible": "別名會顯示於 SOGo",
         "sogo_visible_n": "在 SOGo 中隱藏別名",
@@ -1171,7 +1172,7 @@
         "running": "運行中",
         "save": "儲存變更",
         "save_changes": "儲存變更",
-        "sender_acl_disabled": "<span class=\"label label-danger\">寄件人檢查已關閉</span>",
+        "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">寄件人檢查已關閉</span>",
         "shared_aliases": "共享別名地址",
         "shared_aliases_desc": "共用別名不會受使用者的個別設定如垃圾過濾器和加密規則等影響。共享別名地址的垃圾信件過濾只能由管理員透過域名級別規則修改。",
         "show_sieve_filters": "顯示使用者啟用的 sieve 過濾器",
@@ -1231,7 +1232,8 @@
         "year": "年",
         "years": "年",
         "attribute": "屬性",
-        "pushover_sound": "聲音"
+        "pushover_sound": "聲音",
+        "value": "數值"
     },
     "warning": {
         "cannot_delete_self": "不能刪除已登入的使用者",
@@ -1282,6 +1284,9 @@
         "ays": "請確認您要刪除目前隊列中的所有項目。",
         "deliver_mail": "遞送",
         "queue_manager": "隊列管理器",
-        "unhold_mail_legend": "釋放選定的郵件以供投遞。 （需事先持有）"
+        "unhold_mail_legend": "釋放選定的郵件以供投遞。 （需事先持有）",
+        "hold_mail_legend": "保存選定的郵件。（防止進一步的交付嘗試）",
+        "hold_mail": "保留",
+        "unhold_mail": "取消保留"
     }
 }

From 8ed6217d1cabebfe46975b65797185a3e794bd8a Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Wed, 14 Feb 2024 20:11:51 +0100
Subject: [PATCH 145/755] Translations update from Weblate (#5740)

* [Web] Language file updated by 'Cleanup translation files' addon

[Web] Updated lang.it-it.json

ui: fixed broken Links to docs

ui: fix wrong docs links

Co-authored-by: DerLinkman <niklas.meyer@servercow.de>
Co-authored-by: Michele Caputo <michele@caputoweb.xyz>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

---------

Co-authored-by: DerLinkman <niklas.meyer@servercow.de>
Co-authored-by: Michele Caputo <michele@caputoweb.xyz>
---
 data/web/lang/lang.it-it.json | 3 +--
 data/web/lang/lang.pt-br.json | 1 -
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/data/web/lang/lang.it-it.json b/data/web/lang/lang.it-it.json
index bbfddfe8a..f65278402 100644
--- a/data/web/lang/lang.it-it.json
+++ b/data/web/lang/lang.it-it.json
@@ -632,8 +632,7 @@
         "last_modified": "Ultima modifica",
         "pushover_sound": "Suono",
         "custom_attributes": "Attributi personalizzati",
-        "domain_footer_skip_replies": "Ignora il piè di pagina nelle e-mail di risposta",
-        "mbox_exclude": "Escludi caselle di posta"
+        "domain_footer_skip_replies": "Ignora il piè di pagina nelle e-mail di risposta"
     },
     "fido2": {
         "confirm": "Conferma",
diff --git a/data/web/lang/lang.pt-br.json b/data/web/lang/lang.pt-br.json
index 0c099b696..5854cc1f2 100644
--- a/data/web/lang/lang.pt-br.json
+++ b/data/web/lang/lang.pt-br.json
@@ -691,7 +691,6 @@
         "username": "Nome de usuário",
         "validate_save": "Valide e salve",
         "custom_attributes": "Atributos personalizados",
-        "mbox_exclude": "Excluir mailboxes",
         "domain_footer_skip_replies": "Ignore o rodapé nos e-mails de resposta"
     },
     "fido2": {

From 6a807b7799303afd880db8e7efc3e97c96a222b4 Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Thu, 15 Feb 2024 17:43:01 +0100
Subject: [PATCH 146/755] Remove one GmbH

---
 data/Dockerfiles/acme/Dockerfile      | 2 +-
 data/Dockerfiles/clamd/Dockerfile     | 2 +-
 data/Dockerfiles/dockerapi/Dockerfile | 2 +-
 data/Dockerfiles/dovecot/Dockerfile   | 2 +-
 data/Dockerfiles/postfix/Dockerfile   | 2 +-
 data/Dockerfiles/rspamd/Dockerfile    | 2 +-
 data/Dockerfiles/sogo/Dockerfile      | 2 +-
 data/Dockerfiles/unbound/Dockerfile   | 2 +-
 8 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/data/Dockerfiles/acme/Dockerfile b/data/Dockerfiles/acme/Dockerfile
index 254b5b331..39ac4c268 100644
--- a/data/Dockerfiles/acme/Dockerfile
+++ b/data/Dockerfiles/acme/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:3.18
 
-LABEL maintainer "The Infrastructure Company GmbH GmbH <info@servercow.de>"
+LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG PIP_BREAK_SYSTEM_PACKAGES=1
 RUN apk upgrade --no-cache \
diff --git a/data/Dockerfiles/clamd/Dockerfile b/data/Dockerfiles/clamd/Dockerfile
index 8e107516b..cdeedfddb 100644
--- a/data/Dockerfiles/clamd/Dockerfile
+++ b/data/Dockerfiles/clamd/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:3.19
 
-LABEL maintainer "The Infrastructure Company GmbH GmbH <info@servercow.de>"
+LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 RUN apk upgrade --no-cache \
   && apk add --update --no-cache \
diff --git a/data/Dockerfiles/dockerapi/Dockerfile b/data/Dockerfiles/dockerapi/Dockerfile
index 3dd1d232e..d11f5dda6 100644
--- a/data/Dockerfiles/dockerapi/Dockerfile
+++ b/data/Dockerfiles/dockerapi/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:3.19
 
-LABEL maintainer "The Infrastructure Company GmbH GmbH <info@servercow.de>"
+LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG PIP_BREAK_SYSTEM_PACKAGES=1
 WORKDIR /app
diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index 9433dd2ea..586d8a737 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -1,5 +1,5 @@
 FROM alpine:3.19
-LABEL maintainer "The Infrastructure Company GmbH GmbH <info@servercow.de>"
+LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced extractVersion=^(?<version>.*)$
 ARG GOSU_VERSION=1.16
diff --git a/data/Dockerfiles/postfix/Dockerfile b/data/Dockerfiles/postfix/Dockerfile
index 236062d78..bda6e07f2 100644
--- a/data/Dockerfiles/postfix/Dockerfile
+++ b/data/Dockerfiles/postfix/Dockerfile
@@ -1,5 +1,5 @@
 FROM debian:bullseye-slim
-LABEL maintainer "The Infrastructure Company GmbH GmbH <info@servercow.de>"
+LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
 ENV LC_ALL C
diff --git a/data/Dockerfiles/rspamd/Dockerfile b/data/Dockerfiles/rspamd/Dockerfile
index 2511a6f2f..b664691b7 100644
--- a/data/Dockerfiles/rspamd/Dockerfile
+++ b/data/Dockerfiles/rspamd/Dockerfile
@@ -1,5 +1,5 @@
 FROM debian:bullseye-slim
-LABEL maintainer "The Infrastructure Company GmbH GmbH <info@servercow.de>"
+LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
 ARG CODENAME=bullseye
diff --git a/data/Dockerfiles/sogo/Dockerfile b/data/Dockerfiles/sogo/Dockerfile
index 59fc66804..760c95014 100644
--- a/data/Dockerfiles/sogo/Dockerfile
+++ b/data/Dockerfiles/sogo/Dockerfile
@@ -1,5 +1,5 @@
 FROM debian:bullseye-slim
-LABEL maintainer "The Infrastructure Company GmbH GmbH <info@servercow.de>"
+LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
 ARG DEBIAN_VERSION=bullseye
diff --git a/data/Dockerfiles/unbound/Dockerfile b/data/Dockerfiles/unbound/Dockerfile
index 3090895ba..e7204481f 100644
--- a/data/Dockerfiles/unbound/Dockerfile
+++ b/data/Dockerfiles/unbound/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:3.18
 
-LABEL maintainer "The Infrastructure Company GmbH GmbH <info@servercow.de>"
+LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 RUN apk add --update --no-cache \
 	curl \

From 6f4720e1eab7b577787ee36c71393943eef9a8f2 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sat, 17 Feb 2024 11:42:30 +0100
Subject: [PATCH 147/755] chore(deps): update
 thollander/actions-comment-pull-request action to v2.5.0 (#5747)

---
 .github/workflows/check_prs_if_on_staging.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/check_prs_if_on_staging.yml b/.github/workflows/check_prs_if_on_staging.yml
index 060481d6a..3e779a448 100644
--- a/.github/workflows/check_prs_if_on_staging.yml
+++ b/.github/workflows/check_prs_if_on_staging.yml
@@ -10,7 +10,7 @@ jobs:
     if: github.event.pull_request.base.ref != 'staging' #check if the target branch is not staging
     steps:
       - name: Send message
-        uses: thollander/actions-comment-pull-request@v2.4.3
+        uses: thollander/actions-comment-pull-request@v2.5.0
         with:
           GITHUB_TOKEN: ${{ secrets.CHECKIFPRISSTAGING_ACTION_PAT }}
           message: |

From 02a55ce9db2e15e444cbc53413d5dc99da8a68ab Mon Sep 17 00:00:00 2001
From: "Hailer, Christian" <christian.hailer@interhyp.de>
Date: Mon, 19 Feb 2024 09:26:29 +0100
Subject: [PATCH 148/755] Fix unbound healthcheck.sh to log all messages to
 logfile

---
 data/Dockerfiles/unbound/healthcheck.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/data/Dockerfiles/unbound/healthcheck.sh b/data/Dockerfiles/unbound/healthcheck.sh
index 8da79bd77..3da98e245 100644
--- a/data/Dockerfiles/unbound/healthcheck.sh
+++ b/data/Dockerfiles/unbound/healthcheck.sh
@@ -5,9 +5,13 @@ if [[ "${SKIP_UNBOUND_HEALTHCHECK}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
     SKIP_UNBOUND_HEALTHCHECK=y
 fi
 
+# Reset logfile
+echo "$(date +"%Y-%m-%d %H:%M:%S"): Starting health check - logs can be found in /var/log/healthcheck.log"
+echo "$(date +"%Y-%m-%d %H:%M:%S"): Starting health check" > /var/log/healthcheck.log
+
 # Declare log function for logfile inside container
 function log_to_file() {
-    echo "$(date +"%Y-%m-%d %H:%M:%S"): $1" > /var/log/healthcheck.log
+    echo "$(date +"%Y-%m-%d %H:%M:%S"): $1" >> /var/log/healthcheck.log
 }
 
 # General Ping function to check general pingability

From 98cdb95bc018b41cbebc8765ee10a1c5577a1110 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 19 Feb 2024 11:20:19 +0100
Subject: [PATCH 149/755] [Rspamd] milter update Content-Type and
 Content-Transfer-Encoding header after need_rewrite_ct

---
 data/conf/rspamd/lua/rspamd.local.lua | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/data/conf/rspamd/lua/rspamd.local.lua b/data/conf/rspamd/lua/rspamd.local.lua
index 45506f3b5..5f23ef6b8 100644
--- a/data/conf/rspamd/lua/rspamd.local.lua
+++ b/data/conf/rspamd/lua/rspamd.local.lua
@@ -621,10 +621,24 @@ rspamd_config:register_symbol({
                   local nct = string.format('%s: %s/%s; charset=utf-8',
                       'Content-Type', rewrite.new_ct.type, rewrite.new_ct.subtype)
                   out[#out + 1] = nct
+                  -- update Content-Type header
+                  task:set_milter_reply({
+                    remove_headers = {['Content-Type'] = 0},
+                  })
+                  task:set_milter_reply({
+                    add_headers = {['Content-Type'] = string.format('%s/%s; charset=utf-8', rewrite.new_ct.type, rewrite.new_ct.subtype)}
+                  })
                   return
                 elseif name:lower() == 'content-transfer-encoding' then
                   out[#out + 1] = string.format('%s: %s',
                       'Content-Transfer-Encoding', 'quoted-printable')
+                  -- update Content-Transfer-Encoding header
+                  task:set_milter_reply({
+                    remove_headers = {['Content-Transfer-Encoding'] = 0},
+                  })
+                  task:set_milter_reply({
+                    add_headers = {['Content-Transfer-Encoding'] = 'quoted-printable'}
+                  })
                   seen_cte = true
                   return
                 end

From d479d18507325c5cd236a429116ae4a56cb3cfb0 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 20 Feb 2024 10:30:11 +0100
Subject: [PATCH 150/755] [Web] update directorytree/ldaprecord

---
 data/web/inc/lib/composer.json                |    2 +-
 data/web/inc/lib/composer.lock                |  340 ++--
 data/web/inc/lib/vendor/autoload.php          |   17 +-
 data/web/inc/lib/vendor/bin/carbon            |   46 +-
 data/web/inc/lib/vendor/bin/var-dump-server   |   46 +-
 .../carbonphp/carbon-doctrine-types/LICENSE   |   21 +
 .../carbonphp/carbon-doctrine-types/README.md |   14 +
 .../carbon-doctrine-types/composer.json       |   36 +
 .../Carbon/Doctrine/CarbonDoctrineType.php    |   16 +
 .../Carbon/Doctrine/CarbonImmutableType.php   |    9 +
 .../src/Carbon/Doctrine/CarbonType.php        |    9 +
 .../Carbon/Doctrine/CarbonTypeConverter.php   |   92 +-
 .../Doctrine/DateTimeDefaultPrecision.php     |    9 +-
 .../Carbon/Doctrine/DateTimeImmutableType.php |   16 +-
 .../src/Carbon/Doctrine/DateTimeType.php      |   24 +
 .../inc/lib/vendor/composer/ClassLoader.php   |  137 +-
 .../lib/vendor/composer/InstalledVersions.php |   17 +-
 .../lib/vendor/composer/autoload_classmap.php |    1 +
 .../lib/vendor/composer/autoload_files.php    |    4 +-
 .../inc/lib/vendor/composer/autoload_psr4.php |    2 +
 .../inc/lib/vendor/composer/autoload_real.php |   27 +-
 .../lib/vendor/composer/autoload_static.php   |   15 +-
 .../inc/lib/vendor/composer/installed.json    |  364 +++--
 .../web/inc/lib/vendor/composer/installed.php |   88 +-
 .../.github/ISSUE_TEMPLATE/bug_report.md      |    5 +-
 .../ISSUE_TEMPLATE/support---help-request.md  |    5 +-
 .../workflows/run-integration-tests.yml       |   62 +
 .../.github/workflows/run-tests.yml           |   47 +-
 .../directorytree/ldaprecord/.styleci.yml     |    7 -
 .../directorytree/ldaprecord/composer.json    |    7 +-
 .../ldaprecord/docker-compose.yml             |   35 +
 .../directorytree/ldaprecord/phpunit.xml      |    7 +-
 .../vendor/directorytree/ldaprecord/psalm.xml |   15 -
 .../vendor/directorytree/ldaprecord/readme.md |    4 +-
 .../ldaprecord/src/Auth/Events/Event.php      |    6 +-
 .../ldaprecord/src/Auth/Guard.php             |   43 +-
 .../src/Configuration/DomainConfiguration.php |   22 +-
 .../Configuration/Validators/Validator.php    |    4 +-
 .../ldaprecord/src/Connection.php             |   79 +-
 .../ldaprecord/src/ConnectionManager.php      |   28 +-
 .../ldaprecord/src/Container.php              |   13 +-
 .../ldaprecord/src/DetailedError.php          |    6 +-
 .../ldaprecord/src/DetectsErrors.php          |   19 +-
 .../ldaprecord/src/EscapesValues.php          |    7 +-
 .../ldaprecord/src/Events/ConnectionEvent.php |    2 +-
 .../ldaprecord/src/Events/Dispatcher.php      |   45 +-
 .../src/Events/DispatcherInterface.php        |   33 +-
 .../ldaprecord/src/Events/Logger.php          |   17 +-
 .../ldaprecord/src/Events/NullDispatcher.php  |   35 +-
 .../ldaprecord/src/HandlesConnection.php      |   19 +-
 .../directorytree/ldaprecord/src/Ldap.php     |   33 +-
 .../ldaprecord/src/LdapInterface.php          |  202 ++-
 .../ldaprecord/src/LdapRecordException.php    |    8 +-
 .../Concerns/HasPrimaryGroup.php              |    7 +-
 .../src/Models/ActiveDirectory/Entry.php      |  102 +-
 .../Relations/HasOnePrimaryGroup.php          |    6 +-
 .../Scopes/HasServerRoleAttribute.php         |    5 +-
 .../Scopes/InConfigurationContext.php         |    8 +-
 .../Scopes/RejectComputerObjectClass.php      |    5 +-
 .../src/Models/ActiveDirectory/User.php       |   44 +-
 .../src/Models/Attributes/AccountControl.php  |   67 +-
 .../Models/Attributes/DistinguishedName.php   |   52 +-
 .../Attributes/DistinguishedNameBuilder.php   |   46 +-
 .../src/Models/Attributes/EscapedValue.php    |    9 +-
 .../ldaprecord/src/Models/Attributes/Guid.php |   15 +-
 .../src/Models/Attributes/MbString.php        |   12 +-
 .../src/Models/Attributes/Password.php        |  106 +-
 .../ldaprecord/src/Models/Attributes/Sid.php  |    8 +-
 .../src/Models/Attributes/TSProperty.php      |   56 +-
 .../src/Models/Attributes/TSPropertyArray.php |   38 +-
 .../src/Models/Attributes/Timestamp.php       |   59 +-
 .../src/Models/BatchModification.php          |   32 +-
 .../ldaprecord/src/Models/Collection.php      |   37 +-
 .../src/Models/Concerns/CanAuthenticate.php   |    6 +-
 .../src/Models/Concerns/HasAttributes.php     |  276 ++--
 .../src/Models/Concerns/HasEvents.php         |   44 +-
 .../src/Models/Concerns/HasGlobalScopes.php   |   12 +-
 .../src/Models/Concerns/HasPassword.php       |   27 +-
 .../src/Models/Concerns/HasRelationships.php  |   45 +-
 .../src/Models/Concerns/HasScopes.php         |    1 +
 .../src/Models/Concerns/HidesAttributes.php   |   20 +-
 .../SerializesAndRestoresPropertyValues.php   |   47 +
 .../Models/Concerns/SerializesProperties.php  |  143 ++
 .../src/Models/DetectsResetIntegers.php       |    3 +-
 .../src/Models/DirectoryServer/Entry.php      |    3 +-
 .../ldaprecord/src/Models/Events/Event.php    |    2 +-
 .../ldaprecord/src/Models/Events/Renaming.php |    6 +-
 .../ldaprecord/src/Models/FreeIPA/Entry.php   |    3 +-
 .../FreeIPA/Scopes/AddEntryUuidToSelects.php  |    5 +-
 .../ldaprecord/src/Models/Model.php           |  405 ++---
 .../src/Models/ModelDoesNotExistException.php |    6 +-
 .../ldaprecord/src/Models/OpenLDAP/Entry.php  |    3 +-
 .../ldaprecord/src/Models/OpenLDAP/Group.php  |   12 +
 .../OpenLDAP/Scopes/AddEntryUuidToSelects.php |    5 +-
 .../ldaprecord/src/Models/OpenLDAP/User.php   |    2 +-
 .../src/Models/Relations/HasMany.php          |  144 +-
 .../src/Models/Relations/HasOne.php           |    3 +-
 .../src/Models/Relations/OneToMany.php        |   33 +-
 .../src/Models/Relations/Relation.php         |  157 +-
 .../ldaprecord/src/Models/Scope.php           |    5 +-
 .../src/Models/Types/ActiveDirectory.php      |   11 +-
 .../src/Models/Types/DirectoryServer.php      |    8 +
 .../ldaprecord/src/Query/ArrayCacheStore.php  |    6 +-
 .../ldaprecord/src/Query/Builder.php          |  540 ++++---
 .../ldaprecord/src/Query/Cache.php            |   22 +-
 .../src/Query/Events/QueryExecuted.php        |    4 +-
 .../src/Query/Filter/ConditionNode.php        |  100 ++
 .../ldaprecord/src/Query/Filter/GroupNode.php |   54 +
 .../ldaprecord/src/Query/Filter/Node.php      |   30 +
 .../ldaprecord/src/Query/Filter/Parser.php    |  162 ++
 .../src/Query/Filter/ParserException.php      |    9 +
 .../ldaprecord/src/Query/Grammar.php          |  129 +-
 .../src/Query/InteractsWithTime.php           |    9 +-
 .../Query/Model/ActiveDirectoryBuilder.php    |   70 +-
 .../ldaprecord/src/Query/Model/Builder.php    |   70 +-
 .../src/Query/ObjectNotFoundException.php     |   10 +-
 .../Query/Pagination/AbstractPaginator.php    |   16 +-
 .../src/Query/Pagination/LazyPaginator.php    |    3 +-
 .../ldaprecord/src/Query/Slice.php            |  283 ++++
 .../ldaprecord/src/Support/Arr.php            |   34 +-
 .../ldaprecord/src/Support/Helpers.php        |    8 +-
 .../ldaprecord/src/Support/Str.php            |  129 ++
 .../ldaprecord/src/Testing/ConnectionFake.php |    8 +-
 .../ldaprecord/src/Testing/DirectoryFake.php  |    6 +-
 .../src/Testing/LdapExpectation.php           |   39 +-
 .../ldaprecord/src/Testing/LdapFake.php       |   54 +-
 .../ldaprecord/src/Utilities.php              |   37 +-
 .../illuminate/contracts/Auth/Access/Gate.php |    8 +-
 .../contracts/Broadcasting/ShouldBeUnique.php |    8 +
 .../illuminate/contracts/Cache/Repository.php |   28 +-
 .../contracts/Console/Isolatable.php          |    8 +
 .../Console/PromptsForMissingInput.php        |    8 +
 .../contracts/Container/Container.php         |    9 +
 .../Container/ContextualBindingBuilder.php    |    2 +-
 .../contracts/Cookie/QueueingFactory.php      |    2 +-
 .../contracts/Database/Eloquent/Castable.php  |    3 +-
 .../Database/Eloquent/CastsAttributes.php     |   18 +-
 .../Eloquent/CastsInboundAttributes.php       |    4 +-
 .../Eloquent/SerializesCastableAttributes.php |    4 +-
 .../contracts/Database/ModelIdentifier.php    |   20 +
 .../Database/Query/ConditionExpression.php    |    7 +
 .../contracts/Database/Query/Expression.php   |   16 +
 .../contracts/Events/Dispatcher.php           |    2 +-
 .../Events/ShouldDispatchAfterCommit.php      |    8 +
 .../Events/ShouldHandleEventsAfterCommit.php  |    8 +
 .../contracts/Filesystem/Filesystem.php       |    2 +-
 .../contracts/Foundation/Application.php      |   25 +-
 .../illuminate/contracts/Mail/Attachable.php  |   13 +
 .../illuminate/contracts/Mail/Mailable.php    |    2 +-
 .../illuminate/contracts/Mail/Mailer.php      |    4 +-
 .../contracts/Pagination/CursorPaginator.php  |    7 +
 .../contracts/Pagination/Paginator.php        |    8 +-
 .../contracts/Process/InvokedProcess.php      |   64 +
 .../contracts/Process/ProcessResult.php       |   65 +
 .../illuminate/contracts/Queue/Monitor.php    |    2 +-
 .../Queue/ShouldQueueAfterCommit.php          |    8 +
 .../contracts/Routing/ResponseFactory.php     |    6 +-
 .../Middleware/AuthenticatesSessions.php      |    8 +
 .../contracts/Support/MessageBag.php          |    8 +
 .../contracts/Translation/Translator.php      |    2 +-
 .../contracts/Validation/DataAwareRule.php    |    2 +-
 .../contracts/Validation/Factory.php          |    4 +-
 .../contracts/Validation/ImplicitRule.php     |    3 +
 .../contracts/Validation/InvokableRule.php    |   21 +
 .../illuminate/contracts/Validation/Rule.php  |    3 +
 .../contracts/Validation/ValidationRule.php   |   18 +
 .../Validation/ValidatorAwareRule.php         |    4 +-
 .../View/ViewCompilationException.php         |   10 +
 .../vendor/illuminate/contracts/composer.json |    4 +-
 .../vendor/nesbot/carbon/.phpstorm.meta.php   |   10 +
 .../lib/vendor/nesbot/carbon/composer.json    |   96 +-
 .../MessageFormatterMapperStrongType.php      |   28 +
 .../MessageFormatterMapperWeakType.php        |   36 +
 .../Carbon/PHPStan/AbstractMacroBuiltin.php   |   36 +
 .../Carbon/PHPStan/AbstractMacroStatic.php    |   45 +
 .../lazy/Carbon/PHPStan/MacroStrongType.php   |    6 +-
 .../lazy/Carbon/PHPStan/MacroWeakType.php     |    6 +-
 .../inc/lib/vendor/nesbot/carbon/readme.md    |   51 +-
 .../inc/lib/vendor/nesbot/carbon/sponsors.php |  129 ++
 .../carbon/src/Carbon/AbstractTranslator.php  |   27 +-
 .../nesbot/carbon/src/Carbon/Carbon.php       |  934 +++++------
 .../carbon/src/Carbon/CarbonImmutable.php     |  958 ++++++------
 .../carbon/src/Carbon/CarbonInterface.php     |  113 +-
 .../carbon/src/Carbon/CarbonInterval.php      |  445 +++++-
 .../nesbot/carbon/src/Carbon/CarbonPeriod.php |  540 ++++---
 .../src/Carbon/CarbonPeriodImmutable.php      |   40 +
 .../carbon/src/Carbon/CarbonTimeZone.php      |   42 +-
 .../Carbon/Doctrine/CarbonDoctrineType.php    |   23 -
 .../Carbon/Doctrine/CarbonImmutableType.php   |   37 -
 .../carbon/src/Carbon/Doctrine/CarbonType.php |   37 -
 .../src/Carbon/Doctrine/DateTimeType.php      |   16 -
 .../Exceptions/BadComparisonUnitException.php |   25 +-
 .../BadFluentConstructorException.php         |   25 +-
 .../Exceptions/BadFluentSetterException.php   |   29 +-
 .../Exceptions/BadMethodCallException.php     |    1 +
 .../Exceptions/EndLessPeriodException.php     |   19 +
 .../src/Carbon/Exceptions/Exception.php       |    1 +
 .../Carbon/Exceptions/ImmutableException.php  |   24 +-
 .../Exceptions/InvalidArgumentException.php   |    1 +
 .../Exceptions/InvalidCastException.php       |   13 +-
 .../Exceptions/InvalidDateException.php       |    6 +-
 .../Exceptions/InvalidFormatException.php     |   13 +-
 .../Exceptions/InvalidIntervalException.php   |   13 +-
 .../Exceptions/InvalidPeriodDateException.php |   13 +-
 .../InvalidPeriodParameterException.php       |   13 +-
 .../Exceptions/InvalidTimeZoneException.php   |   13 +-
 .../Exceptions/InvalidTypeException.php       |   13 +-
 .../Exceptions/NotACarbonClassException.php   |   31 +-
 .../Carbon/Exceptions/NotAPeriodException.php |   13 +-
 .../Exceptions/NotLocaleAwareException.php    |    6 +-
 .../Carbon/Exceptions/OutOfRangeException.php |    6 +-
 .../Carbon/Exceptions/ParseErrorException.php |   61 +-
 .../Carbon/Exceptions/RuntimeException.php    |    1 +
 .../src/Carbon/Exceptions/UnitException.php   |   13 +-
 .../Exceptions/UnitNotConfiguredException.php |   25 +-
 .../Exceptions/UnknownGetterException.php     |   29 +-
 .../Exceptions/UnknownMethodException.php     |   25 +-
 .../Exceptions/UnknownSetterException.php     |   29 +-
 .../Exceptions/UnknownUnitException.php       |   25 +-
 .../Exceptions/UnreachableException.php       |   13 +-
 .../nesbot/carbon/src/Carbon/Factory.php      |    8 +-
 .../carbon/src/Carbon/FactoryImmutable.php    |   28 +-
 .../nesbot/carbon/src/Carbon/Lang/ar_AE.php   |    2 +
 .../nesbot/carbon/src/Carbon/Lang/ar_BH.php   |    2 +
 .../nesbot/carbon/src/Carbon/Lang/ar_EG.php   |    2 +
 .../nesbot/carbon/src/Carbon/Lang/ar_IQ.php   |    2 +
 .../nesbot/carbon/src/Carbon/Lang/ar_JO.php   |    2 +
 .../nesbot/carbon/src/Carbon/Lang/ar_KW.php   |    2 +
 .../nesbot/carbon/src/Carbon/Lang/ar_LB.php   |    2 +
 .../nesbot/carbon/src/Carbon/Lang/ar_OM.php   |    2 +
 .../nesbot/carbon/src/Carbon/Lang/ar_PS.php   |    5 +
 .../nesbot/carbon/src/Carbon/Lang/ar_QA.php   |    2 +
 .../nesbot/carbon/src/Carbon/Lang/ar_SA.php   |    2 +
 .../nesbot/carbon/src/Carbon/Lang/ar_SD.php   |    2 +
 .../nesbot/carbon/src/Carbon/Lang/ar_SY.php   |    2 +
 .../nesbot/carbon/src/Carbon/Lang/ar_YE.php   |    2 +
 .../nesbot/carbon/src/Carbon/Lang/be.php      |    7 +-
 .../carbon/src/Carbon/Lang/ca_ES_Valencia.php |   10 +
 .../nesbot/carbon/src/Carbon/Lang/ckb.php     |   89 ++
 .../nesbot/carbon/src/Carbon/Lang/cs.php      |    3 +-
 .../nesbot/carbon/src/Carbon/Lang/cy.php      |    2 +-
 .../nesbot/carbon/src/Carbon/Lang/da.php      |    7 +-
 .../nesbot/carbon/src/Carbon/Lang/de.php      |    9 +
 .../nesbot/carbon/src/Carbon/Lang/en.php      |    2 +-
 .../nesbot/carbon/src/Carbon/Lang/en_CH.php   |    8 +
 .../nesbot/carbon/src/Carbon/Lang/es.php      |   10 +
 .../nesbot/carbon/src/Carbon/Lang/fi.php      |    2 +
 .../nesbot/carbon/src/Carbon/Lang/fr.php      |   11 +-
 .../nesbot/carbon/src/Carbon/Lang/hu.php      |    2 +-
 .../nesbot/carbon/src/Carbon/Lang/it.php      |   11 +-
 .../nesbot/carbon/src/Carbon/Lang/ku.php      |   42 +-
 .../nesbot/carbon/src/Carbon/Lang/lv.php      |    3 +-
 .../nesbot/carbon/src/Carbon/Lang/mn.php      |   62 +-
 .../nesbot/carbon/src/Carbon/Lang/ms.php      |    2 +-
 .../nesbot/carbon/src/Carbon/Lang/oc.php      |    2 +-
 .../nesbot/carbon/src/Carbon/Lang/pl.php      |    2 +-
 .../nesbot/carbon/src/Carbon/Lang/pt.php      |    9 +
 .../nesbot/carbon/src/Carbon/Lang/sh.php      |    2 +-
 .../nesbot/carbon/src/Carbon/Lang/sk.php      |  112 +-
 .../nesbot/carbon/src/Carbon/Lang/sl.php      |    6 +-
 .../nesbot/carbon/src/Carbon/Lang/sr_Cyrl.php |   22 +-
 .../carbon/src/Carbon/Lang/sr_Cyrl_BA.php     |   10 +
 .../carbon/src/Carbon/Lang/sr_Cyrl_ME.php     |   31 +-
 .../carbon/src/Carbon/Lang/sr_Cyrl_XK.php     |   10 +
 .../carbon/src/Carbon/Lang/sr_Latn_BA.php     |   10 +
 .../carbon/src/Carbon/Lang/sr_Latn_ME.php     |   10 +
 .../carbon/src/Carbon/Lang/sr_Latn_XK.php     |   10 +
 .../nesbot/carbon/src/Carbon/Lang/ss.php      |    2 +-
 .../nesbot/carbon/src/Carbon/Lang/sv.php      |    2 +-
 .../nesbot/carbon/src/Carbon/Lang/uk.php      |    3 +-
 .../src/Carbon/Laravel/ServiceProvider.php    |   52 +-
 .../MessageFormatterMapper.php                |   44 +
 .../src/Carbon/PHPStan/AbstractMacro.php      |  104 +-
 .../carbon/src/Carbon/PHPStan/Macro.php       |    7 +
 .../src/Carbon/PHPStan/MacroExtension.php     |   18 +-
 .../src/Carbon/PHPStan/MacroScanner.php       |   40 +-
 .../carbon/src/Carbon/Traits/Comparison.php   |   97 +-
 .../carbon/src/Carbon/Traits/Converter.php    |   64 +-
 .../carbon/src/Carbon/Traits/Creator.php      |   80 +-
 .../nesbot/carbon/src/Carbon/Traits/Date.php  |   93 +-
 .../carbon/src/Carbon/Traits/Difference.php   |   39 +-
 .../src/Carbon/Traits/IntervalRounding.php    |    2 +-
 .../carbon/src/Carbon/Traits/Localization.php |   38 +-
 .../src/Carbon/Traits/MagicParameter.php      |   33 +
 .../nesbot/carbon/src/Carbon/Traits/Mixin.php |   67 +-
 .../carbon/src/Carbon/Traits/Modifiers.php    |    6 +-
 .../carbon/src/Carbon/Traits/Options.php      |    8 +-
 .../carbon/src/Carbon/Traits/Rounding.php     |   31 +-
 .../src/Carbon/Traits/Serialization.php       |  100 +-
 .../nesbot/carbon/src/Carbon/Traits/Test.php  |   32 +-
 .../carbon/src/Carbon/Traits/Timestamp.php    |    6 +-
 .../src/Carbon/Traits/ToStringFormat.php      |   56 +
 .../nesbot/carbon/src/Carbon/Traits/Units.php |   36 +-
 .../carbon/src/Carbon/TranslatorImmutable.php |    2 +-
 .../web/inc/lib/vendor/psr/clock/CHANGELOG.md |   11 +
 data/web/inc/lib/vendor/psr/clock/LICENSE     |   19 +
 data/web/inc/lib/vendor/psr/clock/README.md   |   61 +
 .../inc/lib/vendor/psr/clock/composer.json    |   21 +
 .../vendor/psr/clock/src/ClockInterface.php   |   13 +
 .../deprecation-contracts/composer.json       |    2 +-
 .../vendor/symfony/polyfill-mbstring/LICENSE  |    2 +-
 .../symfony/polyfill-mbstring/Mbstring.php    |  148 +-
 .../symfony/polyfill-mbstring/README.md       |    2 +-
 .../Resources/unidata/caseFolding.php         |  119 ++
 .../symfony/polyfill-mbstring/bootstrap.php   |    4 +
 .../symfony/polyfill-mbstring/bootstrap80.php |    4 +
 .../symfony/polyfill-mbstring/composer.json   |    3 -
 .../lib/vendor/symfony/polyfill-php80/LICENSE |    2 +-
 .../vendor/symfony/polyfill-php80/Php80.php   |   12 +-
 .../symfony/polyfill-php80/PhpToken.php       |  103 ++
 .../vendor/symfony/polyfill-php80/README.md   |    7 +-
 .../Resources/stubs/Attribute.php             |    9 +
 .../Resources/stubs/PhpToken.php              |   16 +
 .../Resources/stubs/Stringable.php            |    9 +
 .../Resources/stubs/UnhandledMatchError.php   |    9 +
 .../Resources/stubs/ValueError.php            |    9 +
 .../symfony/polyfill-php80/composer.json      |    3 -
 .../symfony/translation-contracts/.gitignore  |    3 -
 .../symfony/translation-contracts/LICENSE     |    2 +-
 .../LocaleAwareInterface.php                  |    2 +
 .../symfony/translation-contracts/README.md   |    2 +-
 .../Test/TranslatorTest.php                   |   31 +-
 .../translation-contracts/TranslatorTrait.php |  211 ++-
 .../translation-contracts/composer.json       |   12 +-
 .../vendor/symfony/translation/CHANGELOG.md   |   29 +
 .../Catalogue/AbstractOperation.php           |   38 +-
 .../translation/Catalogue/MergeOperation.php  |   14 +-
 .../translation/Catalogue/TargetOperation.php |   14 +-
 .../CatalogueMetadataAwareInterface.php       |   48 +
 .../Command/TranslationPullCommand.php        |   27 +-
 .../Command/TranslationPushCommand.php        |   21 +-
 .../translation/Command/XliffLintCommand.php  |   71 +-
 .../TranslationDataCollector.php              |   30 +-
 .../translation/DataCollectorTranslator.php   |   37 +-
 .../DataCollectorTranslatorPass.php           |   36 +
 .../LoggingTranslatorPass.php                 |   59 +
 .../TranslationDumperPass.php                 |    3 +
 .../TranslationExtractorPass.php              |    3 +
 .../DependencyInjection/TranslatorPass.php    |   20 +
 .../TranslatorPathsPass.php                   |   34 +-
 .../translation/Dumper/CsvFileDumper.php      |    8 +-
 .../translation/Dumper/DumperInterface.php    |    2 +
 .../symfony/translation/Dumper/FileDumper.php |    4 +-
 .../translation/Dumper/IcuResFileDumper.php   |   15 +-
 .../translation/Dumper/IniFileDumper.php      |    6 -
 .../translation/Dumper/JsonFileDumper.php     |    6 -
 .../translation/Dumper/MoFileDumper.php       |   10 +-
 .../translation/Dumper/PhpFileDumper.php      |    6 -
 .../translation/Dumper/PoFileDumper.php       |    8 +-
 .../translation/Dumper/QtFileDumper.php       |    6 -
 .../translation/Dumper/XliffFileDumper.php    |   38 +-
 .../translation/Dumper/YamlFileDumper.php     |    6 -
 .../Exception/IncompleteDsnException.php      |    2 +-
 .../MissingRequiredOptionException.php        |    2 +-
 .../Exception/ProviderException.php           |    4 +-
 .../Exception/UnsupportedSchemeException.php  |    8 +-
 .../translation/Extractor/ChainExtractor.php  |    6 +-
 .../Extractor/ExtractorInterface.php          |    4 +
 .../translation/Extractor/PhpAstExtractor.php |   85 +
 .../translation/Extractor/PhpExtractor.php    |   19 +-
 .../Extractor/PhpStringTokenParser.php        |    7 +-
 .../Extractor/Visitor/AbstractVisitor.php     |  135 ++
 .../Extractor/Visitor/ConstraintVisitor.php   |  112 ++
 .../Extractor/Visitor/TransMethodVisitor.php  |   65 +
 .../Visitor/TranslatableMessageVisitor.php    |   65 +
 .../translation/Formatter/IntlFormatter.php   |    9 +-
 .../Formatter/MessageFormatter.php            |   18 +-
 .../lib/vendor/symfony/translation/LICENSE    |    2 +-
 .../translation/Loader/ArrayLoader.php        |    9 +-
 .../translation/Loader/CsvFileLoader.php      |    7 +-
 .../symfony/translation/Loader/FileLoader.php |    7 +-
 .../translation/Loader/IcuDatFileLoader.php   |    5 +-
 .../translation/Loader/IcuResFileLoader.php   |    9 +-
 .../translation/Loader/IniFileLoader.php      |    3 -
 .../translation/Loader/JsonFileLoader.php     |   25 +-
 .../translation/Loader/MoFileLoader.php       |    2 -
 .../translation/Loader/PhpFileLoader.php      |   11 +-
 .../translation/Loader/PoFileLoader.php       |   14 +-
 .../translation/Loader/QtFileLoader.php       |    4 -
 .../translation/Loader/XliffFileLoader.php    |   23 +-
 .../translation/Loader/YamlFileLoader.php     |    7 +-
 .../symfony/translation/LocaleSwitcher.php    |   78 +
 .../symfony/translation/LoggingTranslator.php |   30 +-
 .../symfony/translation/MessageCatalogue.php  |  126 +-
 .../translation/MessageCatalogueInterface.php |   16 +-
 .../translation/MetadataAwareInterface.php    |    6 +-
 .../Provider/AbstractProviderFactory.php      |   12 +-
 .../symfony/translation/Provider/Dsn.php      |   34 +-
 .../Provider/FilteringProvider.php            |    5 +-
 .../Provider/ProviderInterface.php            |    4 +-
 .../TranslationProviderCollection.php         |    2 +-
 .../PseudoLocalizationTranslator.php          |   11 +-
 .../lib/vendor/symfony/translation/README.md  |   12 +-
 .../translation/Reader/TranslationReader.php  |    4 +-
 .../Reader/TranslationReaderInterface.php     |    2 +
 .../Resources/bin/translation-status.php      |   18 +-
 .../translation/Resources/data/parents.json   |    4 +
 .../translation/Resources/functions.php       |    2 +-
 ...ct.xsd => xliff-core-1.2-transitional.xsd} |   84 +-
 .../Test/ProviderFactoryTestCase.php          |   32 +-
 .../translation/Test/ProviderTestCase.php     |   24 +-
 .../translation/TranslatableMessage.php       |    8 +-
 .../vendor/symfony/translation/Translator.php |   63 +-
 .../symfony/translation/TranslatorBag.php     |   15 +-
 .../translation/TranslatorBagInterface.php    |    2 +-
 .../translation/Util/ArrayConverter.php       |   51 +-
 .../symfony/translation/Util/XliffUtils.php   |    2 +-
 .../translation/Writer/TranslationWriter.php  |    4 +
 .../Writer/TranslationWriterInterface.php     |    2 +
 .../vendor/symfony/translation/composer.json  |   32 +-
 .../vendor/symfony/var-dumper/CHANGELOG.md    |   19 +
 .../symfony/var-dumper/Caster/AmqpCaster.php  |   15 +
 .../symfony/var-dumper/Caster/ArgsStub.php    |    4 +-
 .../symfony/var-dumper/Caster/Caster.php      |   50 +-
 .../symfony/var-dumper/Caster/ClassStub.php   |   13 +-
 .../symfony/var-dumper/Caster/ConstStub.php   |    2 +-
 .../symfony/var-dumper/Caster/CutStub.php     |    2 +-
 .../symfony/var-dumper/Caster/DOMCaster.php   |   82 +-
 .../symfony/var-dumper/Caster/DateCaster.php  |   24 +-
 .../var-dumper/Caster/DoctrineCaster.php      |    9 +
 .../symfony/var-dumper/Caster/DsPairStub.php  |    2 +-
 .../var-dumper/Caster/ExceptionCaster.php     |   47 +-
 .../symfony/var-dumper/Caster/FFICaster.php   |  161 ++
 .../symfony/var-dumper/Caster/FiberCaster.php |    3 +
 .../symfony/var-dumper/Caster/IntlCaster.php  |   17 +-
 .../symfony/var-dumper/Caster/LinkStub.php    |    9 +-
 .../var-dumper/Caster/MemcachedCaster.php     |    9 +-
 .../symfony/var-dumper/Caster/PdoCaster.php   |    8 +-
 .../symfony/var-dumper/Caster/PgSqlCaster.php |    9 +
 .../var-dumper/Caster/ProxyManagerCaster.php  |    3 +
 .../var-dumper/Caster/RdKafkaCaster.php       |   40 +-
 .../symfony/var-dumper/Caster/RedisCaster.php |   32 +-
 .../var-dumper/Caster/ReflectionCaster.php    |   61 +-
 .../var-dumper/Caster/ResourceCaster.php      |   28 +-
 .../symfony/var-dumper/Caster/ScalarStub.php  |   27 +
 .../symfony/var-dumper/Caster/SplCaster.php   |   62 +-
 .../symfony/var-dumper/Caster/StubCaster.php  |   23 +
 .../var-dumper/Caster/SymfonyCaster.php       |   50 +-
 .../symfony/var-dumper/Caster/TraceStub.php   |    2 +-
 .../var-dumper/Caster/UninitializedStub.php   |   25 +
 .../var-dumper/Caster/XmlReaderCaster.php     |    7 +-
 .../var-dumper/Caster/XmlResourceCaster.php   |    3 +
 .../var-dumper/Cloner/AbstractCloner.php      |   27 +-
 .../vendor/symfony/var-dumper/Cloner/Data.php |   34 +-
 .../var-dumper/Cloner/DumperInterface.php     |    8 +
 .../vendor/symfony/var-dumper/Cloner/Stub.php |    1 +
 .../symfony/var-dumper/Cloner/VarCloner.php   |   49 +-
 .../Command/Descriptor/CliDescriptor.php      |    2 +-
 .../Command/Descriptor/HtmlDescriptor.php     |    2 +-
 .../var-dumper/Command/ServerDumpCommand.php  |    4 +-
 .../var-dumper/Dumper/AbstractDumper.php      |   24 +-
 .../symfony/var-dumper/Dumper/CliDumper.php   |  102 +-
 .../RequestContextProvider.php                |    4 +-
 .../ContextProvider/SourceContextProvider.php |    9 +-
 .../Dumper/ContextualizedDumper.php           |   11 +-
 .../var-dumper/Dumper/DataDumperInterface.php |    3 +
 .../symfony/var-dumper/Dumper/HtmlDumper.php  |   96 +-
 .../var-dumper/Dumper/ServerDumper.php        |   12 +-
 .../Exception/ThrowingCasterException.php     |    2 +-
 .../inc/lib/vendor/symfony/var-dumper/LICENSE |    2 +-
 .../var-dumper/Resources/bin/var-dump-server  |    4 +
 .../var-dumper/Resources/functions/dump.php   |   40 +-
 .../symfony/var-dumper/Server/Connection.php  |   14 +-
 .../symfony/var-dumper/Server/DumpServer.php  |   16 +-
 .../var-dumper/Test/VarDumperTestTrait.php    |    4 +-
 .../vendor/symfony/var-dumper/VarDumper.php   |   33 +-
 .../vendor/symfony/var-dumper/composer.json   |   17 +-
 .../collect/.github/workflows/run-tests.yml   |    4 +-
 .../vendor/tightenco/collect/composer.json    |    3 +-
 .../vendor/tightenco/collect/framework-.zip   |    0
 .../Conditionable/HigherOrderWhenProxy.php    |  109 ++
 .../Collect/Contracts/Support/Arrayable.php   |    6 +-
 .../collect/src/Collect/Support/Arr.php       |  133 +-
 .../src/Collect/Support/Collection.php        |  427 ++---
 .../src/Collect/Support/Enumerable.php        |  524 +++++--
 .../Collect/Support/HigherOrderWhenProxy.php  |   63 -
 .../src/Collect/Support/LazyCollection.php    |  373 +++--
 .../collect/src/Collect/Support/Str.php       | 1367 +++++++++++++++++
 .../Collect/Support/Traits/Conditionable.php  |   73 +
 .../Support/Traits/EnumeratesValues.php       |  428 +++---
 .../collect/src/Collect/Support/alias.php     |    1 -
 481 files changed, 13919 insertions(+), 6171 deletions(-)
 create mode 100644 data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/LICENSE
 create mode 100644 data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/README.md
 create mode 100644 data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/composer.json
 create mode 100644 data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/CarbonDoctrineType.php
 create mode 100644 data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/CarbonImmutableType.php
 create mode 100644 data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/CarbonType.php
 rename data/web/inc/lib/vendor/{nesbot/carbon => carbonphp/carbon-doctrine-types}/src/Carbon/Doctrine/CarbonTypeConverter.php (59%)
 rename data/web/inc/lib/vendor/{nesbot/carbon => carbonphp/carbon-doctrine-types}/src/Carbon/Doctrine/DateTimeDefaultPrecision.php (70%)
 rename data/web/inc/lib/vendor/{nesbot/carbon => carbonphp/carbon-doctrine-types}/src/Carbon/Doctrine/DateTimeImmutableType.php (58%)
 create mode 100644 data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/DateTimeType.php
 create mode 100644 data/web/inc/lib/vendor/directorytree/ldaprecord/.github/workflows/run-integration-tests.yml
 create mode 100644 data/web/inc/lib/vendor/directorytree/ldaprecord/docker-compose.yml
 delete mode 100644 data/web/inc/lib/vendor/directorytree/ldaprecord/psalm.xml
 create mode 100644 data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/SerializesAndRestoresPropertyValues.php
 create mode 100644 data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/SerializesProperties.php
 create mode 100644 data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Types/DirectoryServer.php
 create mode 100644 data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Filter/ConditionNode.php
 create mode 100644 data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Filter/GroupNode.php
 create mode 100644 data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Filter/Node.php
 create mode 100644 data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Filter/Parser.php
 create mode 100644 data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Filter/ParserException.php
 create mode 100644 data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Slice.php
 create mode 100644 data/web/inc/lib/vendor/directorytree/ldaprecord/src/Support/Str.php
 create mode 100644 data/web/inc/lib/vendor/illuminate/contracts/Broadcasting/ShouldBeUnique.php
 create mode 100644 data/web/inc/lib/vendor/illuminate/contracts/Console/Isolatable.php
 create mode 100644 data/web/inc/lib/vendor/illuminate/contracts/Console/PromptsForMissingInput.php
 create mode 100644 data/web/inc/lib/vendor/illuminate/contracts/Database/Query/ConditionExpression.php
 create mode 100644 data/web/inc/lib/vendor/illuminate/contracts/Database/Query/Expression.php
 create mode 100644 data/web/inc/lib/vendor/illuminate/contracts/Events/ShouldDispatchAfterCommit.php
 create mode 100644 data/web/inc/lib/vendor/illuminate/contracts/Events/ShouldHandleEventsAfterCommit.php
 create mode 100644 data/web/inc/lib/vendor/illuminate/contracts/Mail/Attachable.php
 create mode 100644 data/web/inc/lib/vendor/illuminate/contracts/Process/InvokedProcess.php
 create mode 100644 data/web/inc/lib/vendor/illuminate/contracts/Process/ProcessResult.php
 create mode 100644 data/web/inc/lib/vendor/illuminate/contracts/Queue/ShouldQueueAfterCommit.php
 create mode 100644 data/web/inc/lib/vendor/illuminate/contracts/Session/Middleware/AuthenticatesSessions.php
 create mode 100644 data/web/inc/lib/vendor/illuminate/contracts/Validation/InvokableRule.php
 create mode 100644 data/web/inc/lib/vendor/illuminate/contracts/Validation/ValidationRule.php
 create mode 100644 data/web/inc/lib/vendor/illuminate/contracts/View/ViewCompilationException.php
 create mode 100644 data/web/inc/lib/vendor/nesbot/carbon/.phpstorm.meta.php
 create mode 100644 data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/MessageFormatter/MessageFormatterMapperStrongType.php
 create mode 100644 data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/MessageFormatter/MessageFormatterMapperWeakType.php
 create mode 100644 data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/PHPStan/AbstractMacroBuiltin.php
 create mode 100644 data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/PHPStan/AbstractMacroStatic.php
 create mode 100644 data/web/inc/lib/vendor/nesbot/carbon/sponsors.php
 create mode 100644 data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonPeriodImmutable.php
 delete mode 100644 data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/CarbonDoctrineType.php
 delete mode 100644 data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/CarbonImmutableType.php
 delete mode 100644 data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/CarbonType.php
 delete mode 100644 data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/DateTimeType.php
 create mode 100644 data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/EndLessPeriodException.php
 create mode 100644 data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ckb.php
 create mode 100644 data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/MessageFormatter/MessageFormatterMapper.php
 create mode 100644 data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/MagicParameter.php
 create mode 100644 data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/ToStringFormat.php
 create mode 100644 data/web/inc/lib/vendor/psr/clock/CHANGELOG.md
 create mode 100644 data/web/inc/lib/vendor/psr/clock/LICENSE
 create mode 100644 data/web/inc/lib/vendor/psr/clock/README.md
 create mode 100644 data/web/inc/lib/vendor/psr/clock/composer.json
 create mode 100644 data/web/inc/lib/vendor/psr/clock/src/ClockInterface.php
 create mode 100644 data/web/inc/lib/vendor/symfony/polyfill-mbstring/Resources/unidata/caseFolding.php
 create mode 100644 data/web/inc/lib/vendor/symfony/polyfill-php80/PhpToken.php
 create mode 100644 data/web/inc/lib/vendor/symfony/polyfill-php80/Resources/stubs/PhpToken.php
 delete mode 100644 data/web/inc/lib/vendor/symfony/translation-contracts/.gitignore
 create mode 100644 data/web/inc/lib/vendor/symfony/translation/CatalogueMetadataAwareInterface.php
 create mode 100644 data/web/inc/lib/vendor/symfony/translation/DependencyInjection/DataCollectorTranslatorPass.php
 create mode 100644 data/web/inc/lib/vendor/symfony/translation/DependencyInjection/LoggingTranslatorPass.php
 create mode 100644 data/web/inc/lib/vendor/symfony/translation/Extractor/PhpAstExtractor.php
 create mode 100644 data/web/inc/lib/vendor/symfony/translation/Extractor/Visitor/AbstractVisitor.php
 create mode 100644 data/web/inc/lib/vendor/symfony/translation/Extractor/Visitor/ConstraintVisitor.php
 create mode 100644 data/web/inc/lib/vendor/symfony/translation/Extractor/Visitor/TransMethodVisitor.php
 create mode 100644 data/web/inc/lib/vendor/symfony/translation/Extractor/Visitor/TranslatableMessageVisitor.php
 create mode 100644 data/web/inc/lib/vendor/symfony/translation/LocaleSwitcher.php
 rename data/web/inc/lib/vendor/symfony/translation/Resources/schemas/{xliff-core-1.2-strict.xsd => xliff-core-1.2-transitional.xsd} (96%)
 create mode 100644 data/web/inc/lib/vendor/symfony/var-dumper/Caster/FFICaster.php
 create mode 100644 data/web/inc/lib/vendor/symfony/var-dumper/Caster/ScalarStub.php
 create mode 100644 data/web/inc/lib/vendor/symfony/var-dumper/Caster/UninitializedStub.php
 create mode 100644 data/web/inc/lib/vendor/tightenco/collect/framework-.zip
 create mode 100644 data/web/inc/lib/vendor/tightenco/collect/src/Collect/Conditionable/HigherOrderWhenProxy.php
 delete mode 100644 data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/HigherOrderWhenProxy.php
 create mode 100644 data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Str.php
 create mode 100644 data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Traits/Conditionable.php

diff --git a/data/web/inc/lib/composer.json b/data/web/inc/lib/composer.json
index a803291f8..91a50bcbf 100644
--- a/data/web/inc/lib/composer.json
+++ b/data/web/inc/lib/composer.json
@@ -8,7 +8,7 @@
         "matthiasmullie/minify": "^1.3",
         "bshaffer/oauth2-server-php": "^1.11",
         "mustangostang/spyc": "^0.6.3",
-        "directorytree/ldaprecord": "^2.4",
+        "directorytree/ldaprecord": "^3.3",
         "twig/twig": "^3.0",
         "stevenmaguire/oauth2-keycloak": "^4.0",
         "league/oauth2-client": "^2.7"
diff --git a/data/web/inc/lib/composer.lock b/data/web/inc/lib/composer.lock
index 516e9fec3..f0659ee80 100644
--- a/data/web/inc/lib/composer.lock
+++ b/data/web/inc/lib/composer.lock
@@ -68,6 +68,75 @@
             },
             "time": "2018-12-04T00:29:32+00:00"
         },
+        {
+            "name": "carbonphp/carbon-doctrine-types",
+            "version": "3.2.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/CarbonPHP/carbon-doctrine-types.git",
+                "reference": "18ba5ddfec8976260ead6e866180bd5d2f71aa1d"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/CarbonPHP/carbon-doctrine-types/zipball/18ba5ddfec8976260ead6e866180bd5d2f71aa1d",
+                "reference": "18ba5ddfec8976260ead6e866180bd5d2f71aa1d",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^8.1"
+            },
+            "conflict": {
+                "doctrine/dbal": "<4.0.0 || >=5.0.0"
+            },
+            "require-dev": {
+                "doctrine/dbal": "^4.0.0",
+                "nesbot/carbon": "^2.71.0 || ^3.0.0",
+                "phpunit/phpunit": "^10.3"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Carbon\\Doctrine\\": "src/Carbon/Doctrine/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "KyleKatarn",
+                    "email": "kylekatarnls@gmail.com"
+                }
+            ],
+            "description": "Types to use Carbon in Doctrine",
+            "keywords": [
+                "carbon",
+                "date",
+                "datetime",
+                "doctrine",
+                "time"
+            ],
+            "support": {
+                "issues": "https://github.com/CarbonPHP/carbon-doctrine-types/issues",
+                "source": "https://github.com/CarbonPHP/carbon-doctrine-types/tree/3.2.0"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/kylekatarnls",
+                    "type": "github"
+                },
+                {
+                    "url": "https://opencollective.com/Carbon",
+                    "type": "open_collective"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/nesbot/carbon",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2024-02-09T16:56:22+00:00"
+        },
         {
             "name": "ddeboer/imap",
             "version": "1.13.1",
@@ -145,27 +214,28 @@
         },
         {
             "name": "directorytree/ldaprecord",
-            "version": "v2.10.1",
+            "version": "v2.20.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/DirectoryTree/LdapRecord.git",
-                "reference": "bf512d9af7a7b0e2ed7a666ab29cefdd027bee88"
+                "reference": "5bd0a5a9d257cf1049ae83055dbba4c3479ddf16"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/DirectoryTree/LdapRecord/zipball/bf512d9af7a7b0e2ed7a666ab29cefdd027bee88",
-                "reference": "bf512d9af7a7b0e2ed7a666ab29cefdd027bee88",
+                "url": "https://api.github.com/repos/DirectoryTree/LdapRecord/zipball/5bd0a5a9d257cf1049ae83055dbba4c3479ddf16",
+                "reference": "5bd0a5a9d257cf1049ae83055dbba4c3479ddf16",
                 "shasum": ""
             },
             "require": {
                 "ext-json": "*",
                 "ext-ldap": "*",
-                "illuminate/contracts": "^5.0|^6.0|^7.0|^8.0|^9.0",
+                "illuminate/contracts": "^5.0|^6.0|^7.0|^8.0|^9.0|^10.0",
                 "nesbot/carbon": "^1.0|^2.0",
                 "php": ">=7.3",
-                "psr/log": "*",
+                "psr/log": "^1.0|^2.0|^3.0",
                 "psr/simple-cache": "^1.0|^2.0",
-                "tightenco/collect": "^5.6|^6.0|^7.0|^8.0"
+                "symfony/polyfill-php80": "^1.25",
+                "tightenco/collect": "^5.6|^6.0|^7.0|^8.0|^9.0"
             },
             "require-dev": {
                 "mockery/mockery": "^1.0",
@@ -214,7 +284,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2022-02-25T16:00:51+00:00"
+            "time": "2023-10-11T16:34:34+00:00"
         },
         {
             "name": "firebase/php-jwt",
@@ -609,27 +679,27 @@
         },
         {
             "name": "illuminate/contracts",
-            "version": "v9.3.0",
+            "version": "v10.44.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/illuminate/contracts.git",
-                "reference": "bf4b3c254c49d28157645d01e4883b5951b1e1d0"
+                "reference": "8d7152c4a1f5d9cf7da3e8b71f23e4556f6138ac"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/illuminate/contracts/zipball/bf4b3c254c49d28157645d01e4883b5951b1e1d0",
-                "reference": "bf4b3c254c49d28157645d01e4883b5951b1e1d0",
+                "url": "https://api.github.com/repos/illuminate/contracts/zipball/8d7152c4a1f5d9cf7da3e8b71f23e4556f6138ac",
+                "reference": "8d7152c4a1f5d9cf7da3e8b71f23e4556f6138ac",
                 "shasum": ""
             },
             "require": {
-                "php": "^8.0.2",
+                "php": "^8.1",
                 "psr/container": "^1.1.1|^2.0.1",
                 "psr/simple-cache": "^1.0|^2.0|^3.0"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "9.x-dev"
+                    "dev-master": "10.x-dev"
                 }
             },
             "autoload": {
@@ -653,7 +723,7 @@
                 "issues": "https://github.com/laravel/framework/issues",
                 "source": "https://github.com/laravel/framework"
             },
-            "time": "2022-02-22T14:45:39+00:00"
+            "time": "2024-01-15T18:52:32+00:00"
         },
         {
             "name": "league/oauth2-client",
@@ -908,34 +978,41 @@
         },
         {
             "name": "nesbot/carbon",
-            "version": "2.57.0",
+            "version": "2.72.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/briannesbitt/Carbon.git",
-                "reference": "4a54375c21eea4811dbd1149fe6b246517554e78"
+                "reference": "0c6fd108360c562f6e4fd1dedb8233b423e91c83"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/briannesbitt/Carbon/zipball/4a54375c21eea4811dbd1149fe6b246517554e78",
-                "reference": "4a54375c21eea4811dbd1149fe6b246517554e78",
+                "url": "https://api.github.com/repos/briannesbitt/Carbon/zipball/0c6fd108360c562f6e4fd1dedb8233b423e91c83",
+                "reference": "0c6fd108360c562f6e4fd1dedb8233b423e91c83",
                 "shasum": ""
             },
             "require": {
+                "carbonphp/carbon-doctrine-types": "*",
                 "ext-json": "*",
                 "php": "^7.1.8 || ^8.0",
+                "psr/clock": "^1.0",
                 "symfony/polyfill-mbstring": "^1.0",
                 "symfony/polyfill-php80": "^1.16",
                 "symfony/translation": "^3.4 || ^4.0 || ^5.0 || ^6.0"
             },
+            "provide": {
+                "psr/clock-implementation": "1.0"
+            },
             "require-dev": {
-                "doctrine/dbal": "^2.0 || ^3.0",
-                "doctrine/orm": "^2.7",
+                "doctrine/dbal": "^2.0 || ^3.1.4 || ^4.0",
+                "doctrine/orm": "^2.7 || ^3.0",
                 "friendsofphp/php-cs-fixer": "^3.0",
                 "kylekatarnls/multi-tester": "^2.0",
+                "ondrejmirtes/better-reflection": "*",
                 "phpmd/phpmd": "^2.9",
                 "phpstan/extension-installer": "^1.0",
-                "phpstan/phpstan": "^0.12.54 || ^1.0",
-                "phpunit/phpunit": "^7.5.20 || ^8.5.14",
+                "phpstan/phpstan": "^0.12.99 || ^1.7.14",
+                "phpunit/php-file-iterator": "^2.0.5 || ^3.0.6",
+                "phpunit/phpunit": "^7.5.20 || ^8.5.26 || ^9.5.20",
                 "squizlabs/php_codesniffer": "^3.4"
             },
             "bin": [
@@ -992,15 +1069,19 @@
             },
             "funding": [
                 {
-                    "url": "https://opencollective.com/Carbon",
-                    "type": "open_collective"
+                    "url": "https://github.com/sponsors/kylekatarnls",
+                    "type": "github"
                 },
                 {
-                    "url": "https://tidelift.com/funding/github/packagist/nesbot/carbon",
+                    "url": "https://opencollective.com/Carbon#sponsor",
+                    "type": "opencollective"
+                },
+                {
+                    "url": "https://tidelift.com/subscription/pkg/packagist-nesbot-carbon?utm_source=packagist-nesbot-carbon&utm_medium=referral&utm_campaign=readme",
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-02-13T18:13:33+00:00"
+            "time": "2024-01-25T10:35:09+00:00"
         },
         {
             "name": "paragonie/random_compat",
@@ -1221,6 +1302,54 @@
             ],
             "time": "2022-02-28T15:31:21+00:00"
         },
+        {
+            "name": "psr/clock",
+            "version": "1.0.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/php-fig/clock.git",
+                "reference": "e41a24703d4560fd0acb709162f73b8adfc3aa0d"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/php-fig/clock/zipball/e41a24703d4560fd0acb709162f73b8adfc3aa0d",
+                "reference": "e41a24703d4560fd0acb709162f73b8adfc3aa0d",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.0 || ^8.0"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Psr\\Clock\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "PHP-FIG",
+                    "homepage": "https://www.php-fig.org/"
+                }
+            ],
+            "description": "Common interface for reading the clock.",
+            "homepage": "https://github.com/php-fig/clock",
+            "keywords": [
+                "clock",
+                "now",
+                "psr",
+                "psr-20",
+                "time"
+            ],
+            "support": {
+                "issues": "https://github.com/php-fig/clock/issues",
+                "source": "https://github.com/php-fig/clock/tree/1.0.0"
+            },
+            "time": "2022-11-25T14:36:26+00:00"
+        },
         {
             "name": "psr/container",
             "version": "2.0.2",
@@ -1767,16 +1896,16 @@
         },
         {
             "name": "symfony/deprecation-contracts",
-            "version": "v3.2.1",
+            "version": "v3.4.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/deprecation-contracts.git",
-                "reference": "e2d1534420bd723d0ef5aec58a22c5fe60ce6f5e"
+                "reference": "7c3aff79d10325257a001fcf92d991f24fc967cf"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/e2d1534420bd723d0ef5aec58a22c5fe60ce6f5e",
-                "reference": "e2d1534420bd723d0ef5aec58a22c5fe60ce6f5e",
+                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/7c3aff79d10325257a001fcf92d991f24fc967cf",
+                "reference": "7c3aff79d10325257a001fcf92d991f24fc967cf",
                 "shasum": ""
             },
             "require": {
@@ -1785,7 +1914,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "3.3-dev"
+                    "dev-main": "3.4-dev"
                 },
                 "thanks": {
                     "name": "symfony/contracts",
@@ -1814,7 +1943,7 @@
             "description": "A generic function and convention to trigger deprecation notices",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.2.1"
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.4.0"
             },
             "funding": [
                 {
@@ -1830,7 +1959,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-03-01T10:25:55+00:00"
+            "time": "2023-05-23T14:45:45+00:00"
         },
         {
             "name": "symfony/polyfill-ctype",
@@ -1916,16 +2045,16 @@
         },
         {
             "name": "symfony/polyfill-mbstring",
-            "version": "v1.24.0",
+            "version": "v1.29.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "0abb51d2f102e00a4eefcf46ba7fec406d245825"
+                "reference": "9773676c8a1bb1f8d4340a62efe641cf76eda7ec"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/0abb51d2f102e00a4eefcf46ba7fec406d245825",
-                "reference": "0abb51d2f102e00a4eefcf46ba7fec406d245825",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/9773676c8a1bb1f8d4340a62efe641cf76eda7ec",
+                "reference": "9773676c8a1bb1f8d4340a62efe641cf76eda7ec",
                 "shasum": ""
             },
             "require": {
@@ -1939,9 +2068,6 @@
             },
             "type": "library",
             "extra": {
-                "branch-alias": {
-                    "dev-main": "1.23-dev"
-                },
                 "thanks": {
                     "name": "symfony/polyfill",
                     "url": "https://github.com/symfony/polyfill"
@@ -1979,7 +2105,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.24.0"
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.29.0"
             },
             "funding": [
                 {
@@ -1995,20 +2121,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2021-11-30T18:21:41+00:00"
+            "time": "2024-01-29T20:11:03+00:00"
         },
         {
             "name": "symfony/polyfill-php80",
-            "version": "v1.24.0",
+            "version": "v1.29.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php80.git",
-                "reference": "57b712b08eddb97c762a8caa32c84e037892d2e9"
+                "reference": "87b68208d5c1188808dd7839ee1e6c8ec3b02f1b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/57b712b08eddb97c762a8caa32c84e037892d2e9",
-                "reference": "57b712b08eddb97c762a8caa32c84e037892d2e9",
+                "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/87b68208d5c1188808dd7839ee1e6c8ec3b02f1b",
+                "reference": "87b68208d5c1188808dd7839ee1e6c8ec3b02f1b",
                 "shasum": ""
             },
             "require": {
@@ -2016,9 +2142,6 @@
             },
             "type": "library",
             "extra": {
-                "branch-alias": {
-                    "dev-main": "1.23-dev"
-                },
                 "thanks": {
                     "name": "symfony/polyfill",
                     "url": "https://github.com/symfony/polyfill"
@@ -2062,7 +2185,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-php80/tree/v1.24.0"
+                "source": "https://github.com/symfony/polyfill-php80/tree/v1.29.0"
             },
             "funding": [
                 {
@@ -2078,32 +2201,35 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2021-09-13T13:58:33+00:00"
+            "time": "2024-01-29T20:11:03+00:00"
         },
         {
             "name": "symfony/translation",
-            "version": "v6.0.5",
+            "version": "v6.4.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/translation.git",
-                "reference": "e69501c71107cc3146b32aaa45f4edd0c3427875"
+                "reference": "637c51191b6b184184bbf98937702bcf554f7d04"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/translation/zipball/e69501c71107cc3146b32aaa45f4edd0c3427875",
-                "reference": "e69501c71107cc3146b32aaa45f4edd0c3427875",
+                "url": "https://api.github.com/repos/symfony/translation/zipball/637c51191b6b184184bbf98937702bcf554f7d04",
+                "reference": "637c51191b6b184184bbf98937702bcf554f7d04",
                 "shasum": ""
             },
             "require": {
-                "php": ">=8.0.2",
+                "php": ">=8.1",
+                "symfony/deprecation-contracts": "^2.5|^3",
                 "symfony/polyfill-mbstring": "~1.0",
-                "symfony/translation-contracts": "^2.3|^3.0"
+                "symfony/translation-contracts": "^2.5|^3.0"
             },
             "conflict": {
                 "symfony/config": "<5.4",
                 "symfony/console": "<5.4",
                 "symfony/dependency-injection": "<5.4",
+                "symfony/http-client-contracts": "<2.5",
                 "symfony/http-kernel": "<5.4",
+                "symfony/service-contracts": "<2.5",
                 "symfony/twig-bundle": "<5.4",
                 "symfony/yaml": "<5.4"
             },
@@ -2111,22 +2237,19 @@
                 "symfony/translation-implementation": "2.3|3.0"
             },
             "require-dev": {
+                "nikic/php-parser": "^4.18|^5.0",
                 "psr/log": "^1|^2|^3",
-                "symfony/config": "^5.4|^6.0",
-                "symfony/console": "^5.4|^6.0",
-                "symfony/dependency-injection": "^5.4|^6.0",
-                "symfony/finder": "^5.4|^6.0",
-                "symfony/http-client-contracts": "^1.1|^2.0|^3.0",
-                "symfony/http-kernel": "^5.4|^6.0",
-                "symfony/intl": "^5.4|^6.0",
+                "symfony/config": "^5.4|^6.0|^7.0",
+                "symfony/console": "^5.4|^6.0|^7.0",
+                "symfony/dependency-injection": "^5.4|^6.0|^7.0",
+                "symfony/finder": "^5.4|^6.0|^7.0",
+                "symfony/http-client-contracts": "^2.5|^3.0",
+                "symfony/http-kernel": "^5.4|^6.0|^7.0",
+                "symfony/intl": "^5.4|^6.0|^7.0",
                 "symfony/polyfill-intl-icu": "^1.21",
-                "symfony/service-contracts": "^1.1.2|^2|^3",
-                "symfony/yaml": "^5.4|^6.0"
-            },
-            "suggest": {
-                "psr/log-implementation": "To use logging capability in translator",
-                "symfony/config": "",
-                "symfony/yaml": ""
+                "symfony/routing": "^5.4|^6.0|^7.0",
+                "symfony/service-contracts": "^2.5|^3",
+                "symfony/yaml": "^5.4|^6.0|^7.0"
             },
             "type": "library",
             "autoload": {
@@ -2157,7 +2280,7 @@
             "description": "Provides tools to internationalize your application",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/translation/tree/v6.0.5"
+                "source": "https://github.com/symfony/translation/tree/v6.4.3"
             },
             "funding": [
                 {
@@ -2173,32 +2296,29 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-02-09T15:52:48+00:00"
+            "time": "2024-01-29T13:11:52+00:00"
         },
         {
             "name": "symfony/translation-contracts",
-            "version": "v3.0.0",
+            "version": "v3.4.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/translation-contracts.git",
-                "reference": "1b6ea5a7442af5a12dba3dbd6d71034b5b234e77"
+                "reference": "06450585bf65e978026bda220cdebca3f867fde7"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/translation-contracts/zipball/1b6ea5a7442af5a12dba3dbd6d71034b5b234e77",
-                "reference": "1b6ea5a7442af5a12dba3dbd6d71034b5b234e77",
+                "url": "https://api.github.com/repos/symfony/translation-contracts/zipball/06450585bf65e978026bda220cdebca3f867fde7",
+                "reference": "06450585bf65e978026bda220cdebca3f867fde7",
                 "shasum": ""
             },
             "require": {
-                "php": ">=8.0.2"
-            },
-            "suggest": {
-                "symfony/translation-implementation": ""
+                "php": ">=8.1"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "3.0-dev"
+                    "dev-main": "3.4-dev"
                 },
                 "thanks": {
                     "name": "symfony/contracts",
@@ -2208,7 +2328,10 @@
             "autoload": {
                 "psr-4": {
                     "Symfony\\Contracts\\Translation\\": ""
-                }
+                },
+                "exclude-from-classmap": [
+                    "/Test/"
+                ]
             },
             "notification-url": "https://packagist.org/downloads/",
             "license": [
@@ -2235,7 +2358,7 @@
                 "standards"
             ],
             "support": {
-                "source": "https://github.com/symfony/translation-contracts/tree/v3.0.0"
+                "source": "https://github.com/symfony/translation-contracts/tree/v3.4.1"
             },
             "funding": [
                 {
@@ -2251,42 +2374,39 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2021-09-07T12:43:40+00:00"
+            "time": "2023-12-26T14:02:43+00:00"
         },
         {
             "name": "symfony/var-dumper",
-            "version": "v6.0.5",
+            "version": "v6.4.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/var-dumper.git",
-                "reference": "60d6a756d5f485df5e6e40b337334848f79f61ce"
+                "reference": "0435a08f69125535336177c29d56af3abc1f69da"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/var-dumper/zipball/60d6a756d5f485df5e6e40b337334848f79f61ce",
-                "reference": "60d6a756d5f485df5e6e40b337334848f79f61ce",
+                "url": "https://api.github.com/repos/symfony/var-dumper/zipball/0435a08f69125535336177c29d56af3abc1f69da",
+                "reference": "0435a08f69125535336177c29d56af3abc1f69da",
                 "shasum": ""
             },
             "require": {
-                "php": ">=8.0.2",
+                "php": ">=8.1",
+                "symfony/deprecation-contracts": "^2.5|^3",
                 "symfony/polyfill-mbstring": "~1.0"
             },
             "conflict": {
-                "phpunit/phpunit": "<5.4.3",
                 "symfony/console": "<5.4"
             },
             "require-dev": {
                 "ext-iconv": "*",
-                "symfony/console": "^5.4|^6.0",
-                "symfony/process": "^5.4|^6.0",
-                "symfony/uid": "^5.4|^6.0",
+                "symfony/console": "^5.4|^6.0|^7.0",
+                "symfony/error-handler": "^6.3|^7.0",
+                "symfony/http-kernel": "^5.4|^6.0|^7.0",
+                "symfony/process": "^5.4|^6.0|^7.0",
+                "symfony/uid": "^5.4|^6.0|^7.0",
                 "twig/twig": "^2.13|^3.0.4"
             },
-            "suggest": {
-                "ext-iconv": "To convert non-UTF-8 strings to UTF-8 (or symfony/polyfill-iconv in case ext-iconv cannot be used).",
-                "ext-intl": "To show region name in time zone dump",
-                "symfony/console": "To use the ServerDumpCommand and/or the bin/var-dump-server script"
-            },
             "bin": [
                 "Resources/bin/var-dump-server"
             ],
@@ -2323,7 +2443,7 @@
                 "dump"
             ],
             "support": {
-                "source": "https://github.com/symfony/var-dumper/tree/v6.0.5"
+                "source": "https://github.com/symfony/var-dumper/tree/v6.4.3"
             },
             "funding": [
                 {
@@ -2339,24 +2459,24 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-02-21T17:15:17+00:00"
+            "time": "2024-01-23T14:53:30+00:00"
         },
         {
             "name": "tightenco/collect",
-            "version": "v8.83.2",
+            "version": "v9.52.7",
             "source": {
                 "type": "git",
                 "url": "https://github.com/tighten/collect.git",
-                "reference": "d9c66d586ec2d216d8a31283d73f8df1400cc722"
+                "reference": "b15143cd11fe01a700fcc449df61adc64452fa6d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/tighten/collect/zipball/d9c66d586ec2d216d8a31283d73f8df1400cc722",
-                "reference": "d9c66d586ec2d216d8a31283d73f8df1400cc722",
+                "url": "https://api.github.com/repos/tighten/collect/zipball/b15143cd11fe01a700fcc449df61adc64452fa6d",
+                "reference": "b15143cd11fe01a700fcc449df61adc64452fa6d",
                 "shasum": ""
             },
             "require": {
-                "php": "^7.3|^8.0",
+                "php": "^8.0",
                 "symfony/var-dumper": "^3.4 || ^4.0 || ^5.0 || ^6.0"
             },
             "require-dev": {
@@ -2391,9 +2511,9 @@
             ],
             "support": {
                 "issues": "https://github.com/tighten/collect/issues",
-                "source": "https://github.com/tighten/collect/tree/v8.83.2"
+                "source": "https://github.com/tighten/collect/tree/v9.52.7"
             },
-            "time": "2022-02-16T16:15:54+00:00"
+            "time": "2023-04-14T21:51:36+00:00"
         },
         {
             "name": "twig/twig",
@@ -2480,5 +2600,5 @@
     "prefer-lowest": false,
     "platform": [],
     "platform-dev": [],
-    "plugin-api-version": "2.3.0"
+    "plugin-api-version": "2.6.0"
 }
diff --git a/data/web/inc/lib/vendor/autoload.php b/data/web/inc/lib/vendor/autoload.php
index c21364e81..a0fb8f4ac 100644
--- a/data/web/inc/lib/vendor/autoload.php
+++ b/data/web/inc/lib/vendor/autoload.php
@@ -3,8 +3,21 @@
 // autoload.php @generated by Composer
 
 if (PHP_VERSION_ID < 50600) {
-    echo 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL;
-    exit(1);
+    if (!headers_sent()) {
+        header('HTTP/1.1 500 Internal Server Error');
+    }
+    $err = 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL;
+    if (!ini_get('display_errors')) {
+        if (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') {
+            fwrite(STDERR, $err);
+        } elseif (!headers_sent()) {
+            echo $err;
+        }
+    }
+    trigger_error(
+        $err,
+        E_USER_ERROR
+    );
 }
 
 require_once __DIR__ . '/composer/autoload_real.php';
diff --git a/data/web/inc/lib/vendor/bin/carbon b/data/web/inc/lib/vendor/bin/carbon
index 7b63379a0..86fbfdfd8 100755
--- a/data/web/inc/lib/vendor/bin/carbon
+++ b/data/web/inc/lib/vendor/bin/carbon
@@ -12,6 +12,7 @@
 
 namespace Composer;
 
+$GLOBALS['_composer_bin_dir'] = __DIR__;
 $GLOBALS['_composer_autoload_path'] = __DIR__ . '/..'.'/autoload.php';
 
 if (PHP_VERSION_ID < 80000) {
@@ -23,18 +24,17 @@ if (PHP_VERSION_ID < 80000) {
         {
             private $handle;
             private $position;
+            private $realpath;
 
             public function stream_open($path, $mode, $options, &$opened_path)
             {
-                // get rid of composer-bin-proxy:// prefix for __FILE__ & __DIR__ resolution
-                $opened_path = substr($path, 21);
-                $opened_path = realpath($opened_path) ?: $opened_path;
-                $this->handle = fopen($opened_path, $mode);
+                // get rid of phpvfscomposer:// prefix for __FILE__ & __DIR__ resolution
+                $opened_path = substr($path, 17);
+                $this->realpath = realpath($opened_path) ?: $opened_path;
+                $opened_path = $this->realpath;
+                $this->handle = fopen($this->realpath, $mode);
                 $this->position = 0;
 
-                // remove all traces of this stream wrapper once it has been used
-                stream_wrapper_unregister('composer-bin-proxy');
-
                 return (bool) $this->handle;
             }
 
@@ -66,6 +66,16 @@ if (PHP_VERSION_ID < 80000) {
                 return $operation ? flock($this->handle, $operation) : true;
             }
 
+            public function stream_seek($offset, $whence)
+            {
+                if (0 === fseek($this->handle, $offset, $whence)) {
+                    $this->position = ftell($this->handle);
+                    return true;
+                }
+
+                return false;
+            }
+
             public function stream_tell()
             {
                 return $this->position;
@@ -78,20 +88,32 @@ if (PHP_VERSION_ID < 80000) {
 
             public function stream_stat()
             {
-                return fstat($this->handle);
+                return array();
             }
 
             public function stream_set_option($option, $arg1, $arg2)
             {
                 return true;
             }
+
+            public function url_stat($path, $flags)
+            {
+                $path = substr($path, 17);
+                if (file_exists($path)) {
+                    return stat($path);
+                }
+
+                return false;
+            }
         }
     }
 
-    if (function_exists('stream_wrapper_register') && stream_wrapper_register('composer-bin-proxy', 'Composer\BinProxyWrapper')) {
-        include("composer-bin-proxy://" . __DIR__ . '/..'.'/nesbot/carbon/bin/carbon');
-        exit(0);
+    if (
+        (function_exists('stream_get_wrappers') && in_array('phpvfscomposer', stream_get_wrappers(), true))
+        || (function_exists('stream_wrapper_register') && stream_wrapper_register('phpvfscomposer', 'Composer\BinProxyWrapper'))
+    ) {
+        return include("phpvfscomposer://" . __DIR__ . '/..'.'/nesbot/carbon/bin/carbon');
     }
 }
 
-include __DIR__ . '/..'.'/nesbot/carbon/bin/carbon';
+return include __DIR__ . '/..'.'/nesbot/carbon/bin/carbon';
diff --git a/data/web/inc/lib/vendor/bin/var-dump-server b/data/web/inc/lib/vendor/bin/var-dump-server
index 1eafd5d9b..18db1c1eb 100755
--- a/data/web/inc/lib/vendor/bin/var-dump-server
+++ b/data/web/inc/lib/vendor/bin/var-dump-server
@@ -12,6 +12,7 @@
 
 namespace Composer;
 
+$GLOBALS['_composer_bin_dir'] = __DIR__;
 $GLOBALS['_composer_autoload_path'] = __DIR__ . '/..'.'/autoload.php';
 
 if (PHP_VERSION_ID < 80000) {
@@ -23,18 +24,17 @@ if (PHP_VERSION_ID < 80000) {
         {
             private $handle;
             private $position;
+            private $realpath;
 
             public function stream_open($path, $mode, $options, &$opened_path)
             {
-                // get rid of composer-bin-proxy:// prefix for __FILE__ & __DIR__ resolution
-                $opened_path = substr($path, 21);
-                $opened_path = realpath($opened_path) ?: $opened_path;
-                $this->handle = fopen($opened_path, $mode);
+                // get rid of phpvfscomposer:// prefix for __FILE__ & __DIR__ resolution
+                $opened_path = substr($path, 17);
+                $this->realpath = realpath($opened_path) ?: $opened_path;
+                $opened_path = $this->realpath;
+                $this->handle = fopen($this->realpath, $mode);
                 $this->position = 0;
 
-                // remove all traces of this stream wrapper once it has been used
-                stream_wrapper_unregister('composer-bin-proxy');
-
                 return (bool) $this->handle;
             }
 
@@ -66,6 +66,16 @@ if (PHP_VERSION_ID < 80000) {
                 return $operation ? flock($this->handle, $operation) : true;
             }
 
+            public function stream_seek($offset, $whence)
+            {
+                if (0 === fseek($this->handle, $offset, $whence)) {
+                    $this->position = ftell($this->handle);
+                    return true;
+                }
+
+                return false;
+            }
+
             public function stream_tell()
             {
                 return $this->position;
@@ -78,20 +88,32 @@ if (PHP_VERSION_ID < 80000) {
 
             public function stream_stat()
             {
-                return fstat($this->handle);
+                return array();
             }
 
             public function stream_set_option($option, $arg1, $arg2)
             {
                 return true;
             }
+
+            public function url_stat($path, $flags)
+            {
+                $path = substr($path, 17);
+                if (file_exists($path)) {
+                    return stat($path);
+                }
+
+                return false;
+            }
         }
     }
 
-    if (function_exists('stream_wrapper_register') && stream_wrapper_register('composer-bin-proxy', 'Composer\BinProxyWrapper')) {
-        include("composer-bin-proxy://" . __DIR__ . '/..'.'/symfony/var-dumper/Resources/bin/var-dump-server');
-        exit(0);
+    if (
+        (function_exists('stream_get_wrappers') && in_array('phpvfscomposer', stream_get_wrappers(), true))
+        || (function_exists('stream_wrapper_register') && stream_wrapper_register('phpvfscomposer', 'Composer\BinProxyWrapper'))
+    ) {
+        return include("phpvfscomposer://" . __DIR__ . '/..'.'/symfony/var-dumper/Resources/bin/var-dump-server');
     }
 }
 
-include __DIR__ . '/..'.'/symfony/var-dumper/Resources/bin/var-dump-server';
+return include __DIR__ . '/..'.'/symfony/var-dumper/Resources/bin/var-dump-server';
diff --git a/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/LICENSE b/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/LICENSE
new file mode 100644
index 000000000..2ee1671db
--- /dev/null
+++ b/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Carbon
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/README.md b/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/README.md
new file mode 100644
index 000000000..5a18121b6
--- /dev/null
+++ b/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/README.md
@@ -0,0 +1,14 @@
+# carbonphp/carbon-doctrine-types
+
+Types to use Carbon in Doctrine
+
+## Documentation
+
+[Check how to use in the official Carbon documentation](https://carbon.nesbot.com/symfony/)
+
+This package is an externalization of [src/Carbon/Doctrine](https://github.com/briannesbitt/Carbon/tree/2.71.0/src/Carbon/Doctrine)
+from `nestbot/carbon` package.
+
+Externalization allows to better deal with different versions of dbal. With
+version 4.0 of dbal, it no longer sustainable to be compatible with all version
+using a single code.
diff --git a/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/composer.json b/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/composer.json
new file mode 100644
index 000000000..abf45c5fb
--- /dev/null
+++ b/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/composer.json
@@ -0,0 +1,36 @@
+{
+    "name": "carbonphp/carbon-doctrine-types",
+    "description": "Types to use Carbon in Doctrine",
+    "type": "library",
+    "keywords": [
+        "date",
+        "time",
+        "DateTime",
+        "Carbon",
+        "Doctrine"
+    ],
+    "require": {
+        "php": "^8.1"
+    },
+    "require-dev": {
+        "doctrine/dbal": "^4.0.0",
+        "nesbot/carbon": "^2.71.0 || ^3.0.0",
+        "phpunit/phpunit": "^10.3"
+    },
+    "conflict": {
+        "doctrine/dbal": "<4.0.0 || >=5.0.0"
+    },
+    "license": "MIT",
+    "autoload": {
+        "psr-4": {
+            "Carbon\\Doctrine\\": "src/Carbon/Doctrine/"
+        }
+    },
+    "authors": [
+        {
+            "name": "KyleKatarn",
+            "email": "kylekatarnls@gmail.com"
+        }
+    ],
+    "minimum-stability": "dev"
+}
diff --git a/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/CarbonDoctrineType.php b/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/CarbonDoctrineType.php
new file mode 100644
index 000000000..a63a9b8d2
--- /dev/null
+++ b/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/CarbonDoctrineType.php
@@ -0,0 +1,16 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Carbon\Doctrine;
+
+use Doctrine\DBAL\Platforms\AbstractPlatform;
+
+interface CarbonDoctrineType
+{
+    public function getSQLDeclaration(array $fieldDeclaration, AbstractPlatform $platform);
+
+    public function convertToPHPValue(mixed $value, AbstractPlatform $platform);
+
+    public function convertToDatabaseValue($value, AbstractPlatform $platform);
+}
diff --git a/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/CarbonImmutableType.php b/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/CarbonImmutableType.php
new file mode 100644
index 000000000..8fc6bef33
--- /dev/null
+++ b/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/CarbonImmutableType.php
@@ -0,0 +1,9 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Carbon\Doctrine;
+
+class CarbonImmutableType extends DateTimeImmutableType implements CarbonDoctrineType
+{
+}
diff --git a/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/CarbonType.php b/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/CarbonType.php
new file mode 100644
index 000000000..206b0e373
--- /dev/null
+++ b/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/CarbonType.php
@@ -0,0 +1,9 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Carbon\Doctrine;
+
+class CarbonType extends DateTimeType implements CarbonDoctrineType
+{
+}
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/CarbonTypeConverter.php b/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/CarbonTypeConverter.php
similarity index 59%
rename from data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/CarbonTypeConverter.php
rename to data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/CarbonTypeConverter.php
index ecfe17e79..a81331177 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/CarbonTypeConverter.php
+++ b/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/CarbonTypeConverter.php
@@ -1,13 +1,6 @@
 <?php
 
-/**
- * This file is part of the Carbon package.
- *
- * (c) Brian Nesbitt <brian@nesbot.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
+declare(strict_types=1);
 
 namespace Carbon\Doctrine;
 
@@ -15,7 +8,12 @@ use Carbon\Carbon;
 use Carbon\CarbonInterface;
 use DateTimeInterface;
 use Doctrine\DBAL\Platforms\AbstractPlatform;
-use Doctrine\DBAL\Types\ConversionException;
+use Doctrine\DBAL\Platforms\DB2Platform;
+use Doctrine\DBAL\Platforms\OraclePlatform;
+use Doctrine\DBAL\Platforms\SQLitePlatform;
+use Doctrine\DBAL\Platforms\SQLServerPlatform;
+use Doctrine\DBAL\Types\Exception\InvalidType;
+use Doctrine\DBAL\Types\Exception\ValueNotConvertible;
 use Exception;
 
 /**
@@ -23,6 +21,14 @@ use Exception;
  */
 trait CarbonTypeConverter
 {
+    /**
+     * This property differentiates types installed by carbonphp/carbon-doctrine-types
+     * from the ones embedded previously in nesbot/carbon source directly.
+     *
+     * @readonly
+     */
+    public bool $external = true;
+
     /**
      * @return class-string<T>
      */
@@ -31,20 +37,12 @@ trait CarbonTypeConverter
         return Carbon::class;
     }
 
-    /**
-     * @return string
-     */
-    public function getSQLDeclaration(array $fieldDeclaration, AbstractPlatform $platform)
+    public function getSQLDeclaration(array $fieldDeclaration, AbstractPlatform $platform): string
     {
-        $precision = $fieldDeclaration['precision'] ?: 10;
-
-        if ($fieldDeclaration['secondPrecision'] ?? false) {
-            $precision = 0;
-        }
-
-        if ($precision === 10) {
-            $precision = DateTimeDefaultPrecision::get();
-        }
+        $precision = min(
+            $fieldDeclaration['precision'] ?? DateTimeDefaultPrecision::get(),
+            $this->getMaximumPrecision($platform),
+        );
 
         $type = parent::getSQLDeclaration($fieldDeclaration, $platform);
 
@@ -63,10 +61,25 @@ trait CarbonTypeConverter
 
     /**
      * @SuppressWarnings(PHPMD.UnusedFormalParameter)
-     *
-     * @return T|null
      */
-    public function convertToPHPValue($value, AbstractPlatform $platform)
+    public function convertToDatabaseValue($value, AbstractPlatform $platform): ?string
+    {
+        if ($value === null) {
+            return $value;
+        }
+
+        if ($value instanceof DateTimeInterface) {
+            return $value->format('Y-m-d H:i:s.u');
+        }
+
+        throw InvalidType::new(
+            $value,
+            static::class,
+            ['null', 'DateTime', 'Carbon']
+        );
+    }
+
+    private function doConvertToPHPValue(mixed $value)
     {
         $class = $this->getCarbonClassName();
 
@@ -88,9 +101,9 @@ trait CarbonTypeConverter
         }
 
         if (!$date) {
-            throw ConversionException::conversionFailedFormat(
+            throw ValueNotConvertible::new(
                 $value,
-                $this->getName(),
+                static::class,
                 'Y-m-d H:i:s.u or any format supported by '.$class.'::parse()',
                 $error
             );
@@ -99,25 +112,20 @@ trait CarbonTypeConverter
         return $date;
     }
 
-    /**
-     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
-     *
-     * @return string|null
-     */
-    public function convertToDatabaseValue($value, AbstractPlatform $platform)
+    private function getMaximumPrecision(AbstractPlatform $platform): int
     {
-        if ($value === null) {
-            return $value;
+        if ($platform instanceof DB2Platform) {
+            return 12;
         }
 
-        if ($value instanceof DateTimeInterface) {
-            return $value->format('Y-m-d H:i:s.u');
+        if ($platform instanceof OraclePlatform) {
+            return 9;
         }
 
-        throw ConversionException::conversionFailedInvalidType(
-            $value,
-            $this->getName(),
-            ['null', 'DateTime', 'Carbon']
-        );
+        if ($platform instanceof SQLServerPlatform || $platform instanceof SQLitePlatform) {
+            return 3;
+        }
+
+        return 6;
     }
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/DateTimeDefaultPrecision.php b/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/DateTimeDefaultPrecision.php
similarity index 70%
rename from data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/DateTimeDefaultPrecision.php
rename to data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/DateTimeDefaultPrecision.php
index 642fd4135..cd9896f9c 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/DateTimeDefaultPrecision.php
+++ b/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/DateTimeDefaultPrecision.php
@@ -1,13 +1,6 @@
 <?php
 
-/**
- * This file is part of the Carbon package.
- *
- * (c) Brian Nesbitt <brian@nesbot.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
+declare(strict_types=1);
 
 namespace Carbon\Doctrine;
 
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/DateTimeImmutableType.php b/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/DateTimeImmutableType.php
similarity index 58%
rename from data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/DateTimeImmutableType.php
rename to data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/DateTimeImmutableType.php
index 499271031..fd6467e3d 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/DateTimeImmutableType.php
+++ b/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/DateTimeImmutableType.php
@@ -1,12 +1,12 @@
 <?php
 
-/**
- * Thanks to https://github.com/flaushi for his suggestion:
- * https://github.com/doctrine/dbal/issues/2873#issuecomment-534956358
- */
+declare(strict_types=1);
+
 namespace Carbon\Doctrine;
 
 use Carbon\CarbonImmutable;
+use DateTimeImmutable;
+use Doctrine\DBAL\Platforms\AbstractPlatform;
 use Doctrine\DBAL\Types\VarDateTimeImmutableType;
 
 class DateTimeImmutableType extends VarDateTimeImmutableType implements CarbonDoctrineType
@@ -14,6 +14,14 @@ class DateTimeImmutableType extends VarDateTimeImmutableType implements CarbonDo
     /** @use CarbonTypeConverter<CarbonImmutable> */
     use CarbonTypeConverter;
 
+    /**
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     */
+    public function convertToPHPValue(mixed $value, AbstractPlatform $platform): ?CarbonImmutable
+    {
+        return $this->doConvertToPHPValue($value);
+    }
+
     /**
      * @return class-string<CarbonImmutable>
      */
diff --git a/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/DateTimeType.php b/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/DateTimeType.php
new file mode 100644
index 000000000..89e4b7903
--- /dev/null
+++ b/data/web/inc/lib/vendor/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine/DateTimeType.php
@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Carbon\Doctrine;
+
+use Carbon\Carbon;
+use DateTime;
+use Doctrine\DBAL\Platforms\AbstractPlatform;
+use Doctrine\DBAL\Types\VarDateTimeType;
+
+class DateTimeType extends VarDateTimeType implements CarbonDoctrineType
+{
+    /** @use CarbonTypeConverter<Carbon> */
+    use CarbonTypeConverter;
+
+    /**
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     */
+    public function convertToPHPValue(mixed $value, AbstractPlatform $platform): ?Carbon
+    {
+        return $this->doConvertToPHPValue($value);
+    }
+}
diff --git a/data/web/inc/lib/vendor/composer/ClassLoader.php b/data/web/inc/lib/vendor/composer/ClassLoader.php
index afef3fa2a..7824d8f7e 100644
--- a/data/web/inc/lib/vendor/composer/ClassLoader.php
+++ b/data/web/inc/lib/vendor/composer/ClassLoader.php
@@ -42,35 +42,37 @@ namespace Composer\Autoload;
  */
 class ClassLoader
 {
-    /** @var ?string */
+    /** @var \Closure(string):void */
+    private static $includeFile;
+
+    /** @var string|null */
     private $vendorDir;
 
     // PSR-4
     /**
-     * @var array[]
-     * @psalm-var array<string, array<string, int>>
+     * @var array<string, array<string, int>>
      */
     private $prefixLengthsPsr4 = array();
     /**
-     * @var array[]
-     * @psalm-var array<string, array<int, string>>
+     * @var array<string, list<string>>
      */
     private $prefixDirsPsr4 = array();
     /**
-     * @var array[]
-     * @psalm-var array<string, string>
+     * @var list<string>
      */
     private $fallbackDirsPsr4 = array();
 
     // PSR-0
     /**
-     * @var array[]
-     * @psalm-var array<string, array<string, string[]>>
+     * List of PSR-0 prefixes
+     *
+     * Structured as array('F (first letter)' => array('Foo\Bar (full prefix)' => array('path', 'path2')))
+     *
+     * @var array<string, array<string, list<string>>>
      */
     private $prefixesPsr0 = array();
     /**
-     * @var array[]
-     * @psalm-var array<string, string>
+     * @var list<string>
      */
     private $fallbackDirsPsr0 = array();
 
@@ -78,8 +80,7 @@ class ClassLoader
     private $useIncludePath = false;
 
     /**
-     * @var string[]
-     * @psalm-var array<string, string>
+     * @var array<string, string>
      */
     private $classMap = array();
 
@@ -87,29 +88,29 @@ class ClassLoader
     private $classMapAuthoritative = false;
 
     /**
-     * @var bool[]
-     * @psalm-var array<string, bool>
+     * @var array<string, bool>
      */
     private $missingClasses = array();
 
-    /** @var ?string */
+    /** @var string|null */
     private $apcuPrefix;
 
     /**
-     * @var self[]
+     * @var array<string, self>
      */
     private static $registeredLoaders = array();
 
     /**
-     * @param ?string $vendorDir
+     * @param string|null $vendorDir
      */
     public function __construct($vendorDir = null)
     {
         $this->vendorDir = $vendorDir;
+        self::initializeIncludeClosure();
     }
 
     /**
-     * @return string[]
+     * @return array<string, list<string>>
      */
     public function getPrefixes()
     {
@@ -121,8 +122,7 @@ class ClassLoader
     }
 
     /**
-     * @return array[]
-     * @psalm-return array<string, array<int, string>>
+     * @return array<string, list<string>>
      */
     public function getPrefixesPsr4()
     {
@@ -130,8 +130,7 @@ class ClassLoader
     }
 
     /**
-     * @return array[]
-     * @psalm-return array<string, string>
+     * @return list<string>
      */
     public function getFallbackDirs()
     {
@@ -139,8 +138,7 @@ class ClassLoader
     }
 
     /**
-     * @return array[]
-     * @psalm-return array<string, string>
+     * @return list<string>
      */
     public function getFallbackDirsPsr4()
     {
@@ -148,8 +146,7 @@ class ClassLoader
     }
 
     /**
-     * @return string[] Array of classname => path
-     * @psalm-return array<string, string>
+     * @return array<string, string> Array of classname => path
      */
     public function getClassMap()
     {
@@ -157,8 +154,7 @@ class ClassLoader
     }
 
     /**
-     * @param string[] $classMap Class to filename map
-     * @psalm-param array<string, string> $classMap
+     * @param array<string, string> $classMap Class to filename map
      *
      * @return void
      */
@@ -175,24 +171,25 @@ class ClassLoader
      * Registers a set of PSR-0 directories for a given prefix, either
      * appending or prepending to the ones previously set for this prefix.
      *
-     * @param string          $prefix  The prefix
-     * @param string[]|string $paths   The PSR-0 root directories
-     * @param bool            $prepend Whether to prepend the directories
+     * @param string              $prefix  The prefix
+     * @param list<string>|string $paths   The PSR-0 root directories
+     * @param bool                $prepend Whether to prepend the directories
      *
      * @return void
      */
     public function add($prefix, $paths, $prepend = false)
     {
+        $paths = (array) $paths;
         if (!$prefix) {
             if ($prepend) {
                 $this->fallbackDirsPsr0 = array_merge(
-                    (array) $paths,
+                    $paths,
                     $this->fallbackDirsPsr0
                 );
             } else {
                 $this->fallbackDirsPsr0 = array_merge(
                     $this->fallbackDirsPsr0,
-                    (array) $paths
+                    $paths
                 );
             }
 
@@ -201,19 +198,19 @@ class ClassLoader
 
         $first = $prefix[0];
         if (!isset($this->prefixesPsr0[$first][$prefix])) {
-            $this->prefixesPsr0[$first][$prefix] = (array) $paths;
+            $this->prefixesPsr0[$first][$prefix] = $paths;
 
             return;
         }
         if ($prepend) {
             $this->prefixesPsr0[$first][$prefix] = array_merge(
-                (array) $paths,
+                $paths,
                 $this->prefixesPsr0[$first][$prefix]
             );
         } else {
             $this->prefixesPsr0[$first][$prefix] = array_merge(
                 $this->prefixesPsr0[$first][$prefix],
-                (array) $paths
+                $paths
             );
         }
     }
@@ -222,9 +219,9 @@ class ClassLoader
      * Registers a set of PSR-4 directories for a given namespace, either
      * appending or prepending to the ones previously set for this namespace.
      *
-     * @param string          $prefix  The prefix/namespace, with trailing '\\'
-     * @param string[]|string $paths   The PSR-4 base directories
-     * @param bool            $prepend Whether to prepend the directories
+     * @param string              $prefix  The prefix/namespace, with trailing '\\'
+     * @param list<string>|string $paths   The PSR-4 base directories
+     * @param bool                $prepend Whether to prepend the directories
      *
      * @throws \InvalidArgumentException
      *
@@ -232,17 +229,18 @@ class ClassLoader
      */
     public function addPsr4($prefix, $paths, $prepend = false)
     {
+        $paths = (array) $paths;
         if (!$prefix) {
             // Register directories for the root namespace.
             if ($prepend) {
                 $this->fallbackDirsPsr4 = array_merge(
-                    (array) $paths,
+                    $paths,
                     $this->fallbackDirsPsr4
                 );
             } else {
                 $this->fallbackDirsPsr4 = array_merge(
                     $this->fallbackDirsPsr4,
-                    (array) $paths
+                    $paths
                 );
             }
         } elseif (!isset($this->prefixDirsPsr4[$prefix])) {
@@ -252,18 +250,18 @@ class ClassLoader
                 throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator.");
             }
             $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length;
-            $this->prefixDirsPsr4[$prefix] = (array) $paths;
+            $this->prefixDirsPsr4[$prefix] = $paths;
         } elseif ($prepend) {
             // Prepend directories for an already registered namespace.
             $this->prefixDirsPsr4[$prefix] = array_merge(
-                (array) $paths,
+                $paths,
                 $this->prefixDirsPsr4[$prefix]
             );
         } else {
             // Append directories for an already registered namespace.
             $this->prefixDirsPsr4[$prefix] = array_merge(
                 $this->prefixDirsPsr4[$prefix],
-                (array) $paths
+                $paths
             );
         }
     }
@@ -272,8 +270,8 @@ class ClassLoader
      * Registers a set of PSR-0 directories for a given prefix,
      * replacing any others previously set for this prefix.
      *
-     * @param string          $prefix The prefix
-     * @param string[]|string $paths  The PSR-0 base directories
+     * @param string              $prefix The prefix
+     * @param list<string>|string $paths  The PSR-0 base directories
      *
      * @return void
      */
@@ -290,8 +288,8 @@ class ClassLoader
      * Registers a set of PSR-4 directories for a given namespace,
      * replacing any others previously set for this namespace.
      *
-     * @param string          $prefix The prefix/namespace, with trailing '\\'
-     * @param string[]|string $paths  The PSR-4 base directories
+     * @param string              $prefix The prefix/namespace, with trailing '\\'
+     * @param list<string>|string $paths  The PSR-4 base directories
      *
      * @throws \InvalidArgumentException
      *
@@ -425,7 +423,8 @@ class ClassLoader
     public function loadClass($class)
     {
         if ($file = $this->findFile($class)) {
-            includeFile($file);
+            $includeFile = self::$includeFile;
+            $includeFile($file);
 
             return true;
         }
@@ -476,9 +475,9 @@ class ClassLoader
     }
 
     /**
-     * Returns the currently registered loaders indexed by their corresponding vendor directories.
+     * Returns the currently registered loaders keyed by their corresponding vendor directories.
      *
-     * @return self[]
+     * @return array<string, self>
      */
     public static function getRegisteredLoaders()
     {
@@ -555,18 +554,26 @@ class ClassLoader
 
         return false;
     }
-}
 
-/**
- * Scope isolated include.
- *
- * Prevents access to $this/self from included files.
- *
- * @param  string $file
- * @return void
- * @private
- */
-function includeFile($file)
-{
-    include $file;
+    /**
+     * @return void
+     */
+    private static function initializeIncludeClosure()
+    {
+        if (self::$includeFile !== null) {
+            return;
+        }
+
+        /**
+         * Scope isolated include.
+         *
+         * Prevents access to $this/self from included files.
+         *
+         * @param  string $file
+         * @return void
+         */
+        self::$includeFile = \Closure::bind(static function($file) {
+            include $file;
+        }, null, null);
+    }
 }
diff --git a/data/web/inc/lib/vendor/composer/InstalledVersions.php b/data/web/inc/lib/vendor/composer/InstalledVersions.php
index c6b54af7b..51e734a77 100644
--- a/data/web/inc/lib/vendor/composer/InstalledVersions.php
+++ b/data/web/inc/lib/vendor/composer/InstalledVersions.php
@@ -98,7 +98,7 @@ class InstalledVersions
     {
         foreach (self::getInstalled() as $installed) {
             if (isset($installed['versions'][$packageName])) {
-                return $includeDevRequirements || empty($installed['versions'][$packageName]['dev_requirement']);
+                return $includeDevRequirements || !isset($installed['versions'][$packageName]['dev_requirement']) || $installed['versions'][$packageName]['dev_requirement'] === false;
             }
         }
 
@@ -119,7 +119,7 @@ class InstalledVersions
      */
     public static function satisfies(VersionParser $parser, $packageName, $constraint)
     {
-        $constraint = $parser->parseConstraints($constraint);
+        $constraint = $parser->parseConstraints((string) $constraint);
         $provided = $parser->parseConstraints(self::getVersionRanges($packageName));
 
         return $provided->matches($constraint);
@@ -328,7 +328,9 @@ class InstalledVersions
                 if (isset(self::$installedByVendor[$vendorDir])) {
                     $installed[] = self::$installedByVendor[$vendorDir];
                 } elseif (is_file($vendorDir.'/composer/installed.php')) {
-                    $installed[] = self::$installedByVendor[$vendorDir] = require $vendorDir.'/composer/installed.php';
+                    /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */
+                    $required = require $vendorDir.'/composer/installed.php';
+                    $installed[] = self::$installedByVendor[$vendorDir] = $required;
                     if (null === self::$installed && strtr($vendorDir.'/composer', '\\', '/') === strtr(__DIR__, '\\', '/')) {
                         self::$installed = $installed[count($installed) - 1];
                     }
@@ -340,12 +342,17 @@ class InstalledVersions
             // only require the installed.php file if this file is loaded from its dumped location,
             // and not from its source location in the composer/composer package, see https://github.com/composer/composer/issues/9937
             if (substr(__DIR__, -8, 1) !== 'C') {
-                self::$installed = require __DIR__ . '/installed.php';
+                /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */
+                $required = require __DIR__ . '/installed.php';
+                self::$installed = $required;
             } else {
                 self::$installed = array();
             }
         }
-        $installed[] = self::$installed;
+
+        if (self::$installed !== array()) {
+            $installed[] = self::$installed;
+        }
 
         return $installed;
     }
diff --git a/data/web/inc/lib/vendor/composer/autoload_classmap.php b/data/web/inc/lib/vendor/composer/autoload_classmap.php
index a986241bd..5490b88d8 100644
--- a/data/web/inc/lib/vendor/composer/autoload_classmap.php
+++ b/data/web/inc/lib/vendor/composer/autoload_classmap.php
@@ -8,6 +8,7 @@ $baseDir = dirname($vendorDir);
 return array(
     'Attribute' => $vendorDir . '/symfony/polyfill-php80/Resources/stubs/Attribute.php',
     'Composer\\InstalledVersions' => $vendorDir . '/composer/InstalledVersions.php',
+    'PhpToken' => $vendorDir . '/symfony/polyfill-php80/Resources/stubs/PhpToken.php',
     'Stringable' => $vendorDir . '/symfony/polyfill-php80/Resources/stubs/Stringable.php',
     'UnhandledMatchError' => $vendorDir . '/symfony/polyfill-php80/Resources/stubs/UnhandledMatchError.php',
     'ValueError' => $vendorDir . '/symfony/polyfill-php80/Resources/stubs/ValueError.php',
diff --git a/data/web/inc/lib/vendor/composer/autoload_files.php b/data/web/inc/lib/vendor/composer/autoload_files.php
index 2730ec34b..bac0d960a 100644
--- a/data/web/inc/lib/vendor/composer/autoload_files.php
+++ b/data/web/inc/lib/vendor/composer/autoload_files.php
@@ -6,12 +6,12 @@ $vendorDir = dirname(__DIR__);
 $baseDir = dirname($vendorDir);
 
 return array(
+    '6e3fae29631ef280660b3cdad06f25a8' => $vendorDir . '/symfony/deprecation-contracts/function.php',
     '0e6d7bf4a5811bfa5cf40c5ccd6fae6a' => $vendorDir . '/symfony/polyfill-mbstring/bootstrap.php',
     '7b11c4dc42b3b3023073cb14e519683c' => $vendorDir . '/ralouphie/getallheaders/src/getallheaders.php',
     'c964ee0ededf28c96ebd9db5099ef910' => $vendorDir . '/guzzlehttp/promises/src/functions_include.php',
-    '6e3fae29631ef280660b3cdad06f25a8' => $vendorDir . '/symfony/deprecation-contracts/function.php',
-    '37a3dc5111fe8f707ab4c132ef1dbc62' => $vendorDir . '/guzzlehttp/guzzle/src/functions_include.php',
     'a4a119a56e50fbb293281d9a48007e0e' => $vendorDir . '/symfony/polyfill-php80/bootstrap.php',
+    '37a3dc5111fe8f707ab4c132ef1dbc62' => $vendorDir . '/guzzlehttp/guzzle/src/functions_include.php',
     'a1105708a18b76903365ca1c4aa61b02' => $vendorDir . '/symfony/translation/Resources/functions.php',
     '667aeda72477189d0494fecd327c3641' => $vendorDir . '/symfony/var-dumper/Resources/functions/dump.php',
     '320cde22f66dd4f5d3fd621d3e88b98f' => $vendorDir . '/symfony/polyfill-ctype/bootstrap.php',
diff --git a/data/web/inc/lib/vendor/composer/autoload_psr4.php b/data/web/inc/lib/vendor/composer/autoload_psr4.php
index 8e959eac3..9b7aef887 100644
--- a/data/web/inc/lib/vendor/composer/autoload_psr4.php
+++ b/data/web/inc/lib/vendor/composer/autoload_psr4.php
@@ -21,6 +21,7 @@ return array(
     'Psr\\Http\\Message\\' => array($vendorDir . '/psr/http-factory/src', $vendorDir . '/psr/http-message/src'),
     'Psr\\Http\\Client\\' => array($vendorDir . '/psr/http-client/src'),
     'Psr\\Container\\' => array($vendorDir . '/psr/container/src'),
+    'Psr\\Clock\\' => array($vendorDir . '/psr/clock/src'),
     'PhpMimeMailParser\\' => array($vendorDir . '/php-mime-mail-parser/php-mime-mail-parser/src'),
     'PHPMailer\\PHPMailer\\' => array($vendorDir . '/phpmailer/phpmailer/src'),
     'MatthiasMullie\\PathConverter\\' => array($vendorDir . '/matthiasmullie/path-converter/src'),
@@ -34,5 +35,6 @@ return array(
     'GuzzleHttp\\' => array($vendorDir . '/guzzlehttp/guzzle/src'),
     'Firebase\\JWT\\' => array($vendorDir . '/firebase/php-jwt/src'),
     'Ddeboer\\Imap\\' => array($vendorDir . '/ddeboer/imap/src'),
+    'Carbon\\Doctrine\\' => array($vendorDir . '/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine'),
     'Carbon\\' => array($vendorDir . '/nesbot/carbon/src/Carbon'),
 );
diff --git a/data/web/inc/lib/vendor/composer/autoload_real.php b/data/web/inc/lib/vendor/composer/autoload_real.php
index 6891b0c9e..5e2082534 100644
--- a/data/web/inc/lib/vendor/composer/autoload_real.php
+++ b/data/web/inc/lib/vendor/composer/autoload_real.php
@@ -33,25 +33,18 @@ class ComposerAutoloaderInit873464e4bd965a3168f133248b1b218b
 
         $loader->register(true);
 
-        $includeFiles = \Composer\Autoload\ComposerStaticInit873464e4bd965a3168f133248b1b218b::$files;
-        foreach ($includeFiles as $fileIdentifier => $file) {
-            composerRequire873464e4bd965a3168f133248b1b218b($fileIdentifier, $file);
+        $filesToLoad = \Composer\Autoload\ComposerStaticInit873464e4bd965a3168f133248b1b218b::$files;
+        $requireFile = \Closure::bind(static function ($fileIdentifier, $file) {
+            if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {
+                $GLOBALS['__composer_autoload_files'][$fileIdentifier] = true;
+
+                require $file;
+            }
+        }, null, null);
+        foreach ($filesToLoad as $fileIdentifier => $file) {
+            $requireFile($fileIdentifier, $file);
         }
 
         return $loader;
     }
 }
-
-/**
- * @param string $fileIdentifier
- * @param string $file
- * @return void
- */
-function composerRequire873464e4bd965a3168f133248b1b218b($fileIdentifier, $file)
-{
-    if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {
-        $GLOBALS['__composer_autoload_files'][$fileIdentifier] = true;
-
-        require $file;
-    }
-}
diff --git a/data/web/inc/lib/vendor/composer/autoload_static.php b/data/web/inc/lib/vendor/composer/autoload_static.php
index 27a95eda8..7564e9725 100644
--- a/data/web/inc/lib/vendor/composer/autoload_static.php
+++ b/data/web/inc/lib/vendor/composer/autoload_static.php
@@ -7,12 +7,12 @@ namespace Composer\Autoload;
 class ComposerStaticInit873464e4bd965a3168f133248b1b218b
 {
     public static $files = array (
+        '6e3fae29631ef280660b3cdad06f25a8' => __DIR__ . '/..' . '/symfony/deprecation-contracts/function.php',
         '0e6d7bf4a5811bfa5cf40c5ccd6fae6a' => __DIR__ . '/..' . '/symfony/polyfill-mbstring/bootstrap.php',
         '7b11c4dc42b3b3023073cb14e519683c' => __DIR__ . '/..' . '/ralouphie/getallheaders/src/getallheaders.php',
         'c964ee0ededf28c96ebd9db5099ef910' => __DIR__ . '/..' . '/guzzlehttp/promises/src/functions_include.php',
-        '6e3fae29631ef280660b3cdad06f25a8' => __DIR__ . '/..' . '/symfony/deprecation-contracts/function.php',
-        '37a3dc5111fe8f707ab4c132ef1dbc62' => __DIR__ . '/..' . '/guzzlehttp/guzzle/src/functions_include.php',
         'a4a119a56e50fbb293281d9a48007e0e' => __DIR__ . '/..' . '/symfony/polyfill-php80/bootstrap.php',
+        '37a3dc5111fe8f707ab4c132ef1dbc62' => __DIR__ . '/..' . '/guzzlehttp/guzzle/src/functions_include.php',
         'a1105708a18b76903365ca1c4aa61b02' => __DIR__ . '/..' . '/symfony/translation/Resources/functions.php',
         '667aeda72477189d0494fecd327c3641' => __DIR__ . '/..' . '/symfony/var-dumper/Resources/functions/dump.php',
         '320cde22f66dd4f5d3fd621d3e88b98f' => __DIR__ . '/..' . '/symfony/polyfill-ctype/bootstrap.php',
@@ -48,6 +48,7 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
             'Psr\\Http\\Message\\' => 17,
             'Psr\\Http\\Client\\' => 16,
             'Psr\\Container\\' => 14,
+            'Psr\\Clock\\' => 10,
             'PhpMimeMailParser\\' => 18,
             'PHPMailer\\PHPMailer\\' => 20,
         ),
@@ -85,6 +86,7 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
         ),
         'C' => 
         array (
+            'Carbon\\Doctrine\\' => 16,
             'Carbon\\' => 7,
         ),
     );
@@ -151,6 +153,10 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
         array (
             0 => __DIR__ . '/..' . '/psr/container/src',
         ),
+        'Psr\\Clock\\' => 
+        array (
+            0 => __DIR__ . '/..' . '/psr/clock/src',
+        ),
         'PhpMimeMailParser\\' => 
         array (
             0 => __DIR__ . '/..' . '/php-mime-mail-parser/php-mime-mail-parser/src',
@@ -203,6 +209,10 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
         array (
             0 => __DIR__ . '/..' . '/ddeboer/imap/src',
         ),
+        'Carbon\\Doctrine\\' => 
+        array (
+            0 => __DIR__ . '/..' . '/carbonphp/carbon-doctrine-types/src/Carbon/Doctrine',
+        ),
         'Carbon\\' => 
         array (
             0 => __DIR__ . '/..' . '/nesbot/carbon/src/Carbon',
@@ -222,6 +232,7 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
     public static $classMap = array (
         'Attribute' => __DIR__ . '/..' . '/symfony/polyfill-php80/Resources/stubs/Attribute.php',
         'Composer\\InstalledVersions' => __DIR__ . '/..' . '/composer/InstalledVersions.php',
+        'PhpToken' => __DIR__ . '/..' . '/symfony/polyfill-php80/Resources/stubs/PhpToken.php',
         'Stringable' => __DIR__ . '/..' . '/symfony/polyfill-php80/Resources/stubs/Stringable.php',
         'UnhandledMatchError' => __DIR__ . '/..' . '/symfony/polyfill-php80/Resources/stubs/UnhandledMatchError.php',
         'ValueError' => __DIR__ . '/..' . '/symfony/polyfill-php80/Resources/stubs/ValueError.php',
diff --git a/data/web/inc/lib/vendor/composer/installed.json b/data/web/inc/lib/vendor/composer/installed.json
index c5f82771a..a9a3966f5 100644
--- a/data/web/inc/lib/vendor/composer/installed.json
+++ b/data/web/inc/lib/vendor/composer/installed.json
@@ -61,6 +61,78 @@
             ],
             "install-path": "../bshaffer/oauth2-server-php"
         },
+        {
+            "name": "carbonphp/carbon-doctrine-types",
+            "version": "3.2.0",
+            "version_normalized": "3.2.0.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/CarbonPHP/carbon-doctrine-types.git",
+                "reference": "18ba5ddfec8976260ead6e866180bd5d2f71aa1d"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/CarbonPHP/carbon-doctrine-types/zipball/18ba5ddfec8976260ead6e866180bd5d2f71aa1d",
+                "reference": "18ba5ddfec8976260ead6e866180bd5d2f71aa1d",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^8.1"
+            },
+            "conflict": {
+                "doctrine/dbal": "<4.0.0 || >=5.0.0"
+            },
+            "require-dev": {
+                "doctrine/dbal": "^4.0.0",
+                "nesbot/carbon": "^2.71.0 || ^3.0.0",
+                "phpunit/phpunit": "^10.3"
+            },
+            "time": "2024-02-09T16:56:22+00:00",
+            "type": "library",
+            "installation-source": "dist",
+            "autoload": {
+                "psr-4": {
+                    "Carbon\\Doctrine\\": "src/Carbon/Doctrine/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "KyleKatarn",
+                    "email": "kylekatarnls@gmail.com"
+                }
+            ],
+            "description": "Types to use Carbon in Doctrine",
+            "keywords": [
+                "carbon",
+                "date",
+                "datetime",
+                "doctrine",
+                "time"
+            ],
+            "support": {
+                "issues": "https://github.com/CarbonPHP/carbon-doctrine-types/issues",
+                "source": "https://github.com/CarbonPHP/carbon-doctrine-types/tree/3.2.0"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/kylekatarnls",
+                    "type": "github"
+                },
+                {
+                    "url": "https://opencollective.com/Carbon",
+                    "type": "open_collective"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/nesbot/carbon",
+                    "type": "tidelift"
+                }
+            ],
+            "install-path": "../carbonphp/carbon-doctrine-types"
+        },
         {
             "name": "ddeboer/imap",
             "version": "1.13.1",
@@ -141,35 +213,36 @@
         },
         {
             "name": "directorytree/ldaprecord",
-            "version": "v2.10.1",
-            "version_normalized": "2.10.1.0",
+            "version": "v2.20.5",
+            "version_normalized": "2.20.5.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/DirectoryTree/LdapRecord.git",
-                "reference": "bf512d9af7a7b0e2ed7a666ab29cefdd027bee88"
+                "reference": "5bd0a5a9d257cf1049ae83055dbba4c3479ddf16"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/DirectoryTree/LdapRecord/zipball/bf512d9af7a7b0e2ed7a666ab29cefdd027bee88",
-                "reference": "bf512d9af7a7b0e2ed7a666ab29cefdd027bee88",
+                "url": "https://api.github.com/repos/DirectoryTree/LdapRecord/zipball/5bd0a5a9d257cf1049ae83055dbba4c3479ddf16",
+                "reference": "5bd0a5a9d257cf1049ae83055dbba4c3479ddf16",
                 "shasum": ""
             },
             "require": {
                 "ext-json": "*",
                 "ext-ldap": "*",
-                "illuminate/contracts": "^5.0|^6.0|^7.0|^8.0|^9.0",
+                "illuminate/contracts": "^5.0|^6.0|^7.0|^8.0|^9.0|^10.0",
                 "nesbot/carbon": "^1.0|^2.0",
                 "php": ">=7.3",
-                "psr/log": "*",
+                "psr/log": "^1.0|^2.0|^3.0",
                 "psr/simple-cache": "^1.0|^2.0",
-                "tightenco/collect": "^5.6|^6.0|^7.0|^8.0"
+                "symfony/polyfill-php80": "^1.25",
+                "tightenco/collect": "^5.6|^6.0|^7.0|^8.0|^9.0"
             },
             "require-dev": {
                 "mockery/mockery": "^1.0",
                 "phpunit/phpunit": "^9.0",
                 "spatie/ray": "^1.24"
             },
-            "time": "2022-02-25T16:00:51+00:00",
+            "time": "2023-10-11T16:34:34+00:00",
             "type": "library",
             "installation-source": "dist",
             "autoload": {
@@ -620,29 +693,29 @@
         },
         {
             "name": "illuminate/contracts",
-            "version": "v9.3.0",
-            "version_normalized": "9.3.0.0",
+            "version": "v10.44.0",
+            "version_normalized": "10.44.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/illuminate/contracts.git",
-                "reference": "bf4b3c254c49d28157645d01e4883b5951b1e1d0"
+                "reference": "8d7152c4a1f5d9cf7da3e8b71f23e4556f6138ac"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/illuminate/contracts/zipball/bf4b3c254c49d28157645d01e4883b5951b1e1d0",
-                "reference": "bf4b3c254c49d28157645d01e4883b5951b1e1d0",
+                "url": "https://api.github.com/repos/illuminate/contracts/zipball/8d7152c4a1f5d9cf7da3e8b71f23e4556f6138ac",
+                "reference": "8d7152c4a1f5d9cf7da3e8b71f23e4556f6138ac",
                 "shasum": ""
             },
             "require": {
-                "php": "^8.0.2",
+                "php": "^8.1",
                 "psr/container": "^1.1.1|^2.0.1",
                 "psr/simple-cache": "^1.0|^2.0|^3.0"
             },
-            "time": "2022-02-22T14:45:39+00:00",
+            "time": "2024-01-15T18:52:32+00:00",
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "9.x-dev"
+                    "dev-master": "10.x-dev"
                 }
             },
             "installation-source": "dist",
@@ -930,38 +1003,45 @@
         },
         {
             "name": "nesbot/carbon",
-            "version": "2.57.0",
-            "version_normalized": "2.57.0.0",
+            "version": "2.72.3",
+            "version_normalized": "2.72.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/briannesbitt/Carbon.git",
-                "reference": "4a54375c21eea4811dbd1149fe6b246517554e78"
+                "reference": "0c6fd108360c562f6e4fd1dedb8233b423e91c83"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/briannesbitt/Carbon/zipball/4a54375c21eea4811dbd1149fe6b246517554e78",
-                "reference": "4a54375c21eea4811dbd1149fe6b246517554e78",
+                "url": "https://api.github.com/repos/briannesbitt/Carbon/zipball/0c6fd108360c562f6e4fd1dedb8233b423e91c83",
+                "reference": "0c6fd108360c562f6e4fd1dedb8233b423e91c83",
                 "shasum": ""
             },
             "require": {
+                "carbonphp/carbon-doctrine-types": "*",
                 "ext-json": "*",
                 "php": "^7.1.8 || ^8.0",
+                "psr/clock": "^1.0",
                 "symfony/polyfill-mbstring": "^1.0",
                 "symfony/polyfill-php80": "^1.16",
                 "symfony/translation": "^3.4 || ^4.0 || ^5.0 || ^6.0"
             },
+            "provide": {
+                "psr/clock-implementation": "1.0"
+            },
             "require-dev": {
-                "doctrine/dbal": "^2.0 || ^3.0",
-                "doctrine/orm": "^2.7",
+                "doctrine/dbal": "^2.0 || ^3.1.4 || ^4.0",
+                "doctrine/orm": "^2.7 || ^3.0",
                 "friendsofphp/php-cs-fixer": "^3.0",
                 "kylekatarnls/multi-tester": "^2.0",
+                "ondrejmirtes/better-reflection": "*",
                 "phpmd/phpmd": "^2.9",
                 "phpstan/extension-installer": "^1.0",
-                "phpstan/phpstan": "^0.12.54 || ^1.0",
-                "phpunit/phpunit": "^7.5.20 || ^8.5.14",
+                "phpstan/phpstan": "^0.12.99 || ^1.7.14",
+                "phpunit/php-file-iterator": "^2.0.5 || ^3.0.6",
+                "phpunit/phpunit": "^7.5.20 || ^8.5.26 || ^9.5.20",
                 "squizlabs/php_codesniffer": "^3.4"
             },
-            "time": "2022-02-13T18:13:33+00:00",
+            "time": "2024-01-25T10:35:09+00:00",
             "bin": [
                 "bin/carbon"
             ],
@@ -1017,11 +1097,15 @@
             },
             "funding": [
                 {
-                    "url": "https://opencollective.com/Carbon",
-                    "type": "open_collective"
+                    "url": "https://github.com/sponsors/kylekatarnls",
+                    "type": "github"
                 },
                 {
-                    "url": "https://tidelift.com/funding/github/packagist/nesbot/carbon",
+                    "url": "https://opencollective.com/Carbon#sponsor",
+                    "type": "opencollective"
+                },
+                {
+                    "url": "https://tidelift.com/subscription/pkg/packagist-nesbot-carbon?utm_source=packagist-nesbot-carbon&utm_medium=referral&utm_campaign=readme",
                     "type": "tidelift"
                 }
             ],
@@ -1255,6 +1339,57 @@
             ],
             "install-path": "../phpmailer/phpmailer"
         },
+        {
+            "name": "psr/clock",
+            "version": "1.0.0",
+            "version_normalized": "1.0.0.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/php-fig/clock.git",
+                "reference": "e41a24703d4560fd0acb709162f73b8adfc3aa0d"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/php-fig/clock/zipball/e41a24703d4560fd0acb709162f73b8adfc3aa0d",
+                "reference": "e41a24703d4560fd0acb709162f73b8adfc3aa0d",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.0 || ^8.0"
+            },
+            "time": "2022-11-25T14:36:26+00:00",
+            "type": "library",
+            "installation-source": "dist",
+            "autoload": {
+                "psr-4": {
+                    "Psr\\Clock\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "PHP-FIG",
+                    "homepage": "https://www.php-fig.org/"
+                }
+            ],
+            "description": "Common interface for reading the clock.",
+            "homepage": "https://github.com/php-fig/clock",
+            "keywords": [
+                "clock",
+                "now",
+                "psr",
+                "psr-20",
+                "time"
+            ],
+            "support": {
+                "issues": "https://github.com/php-fig/clock/issues",
+                "source": "https://github.com/php-fig/clock/tree/1.0.0"
+            },
+            "install-path": "../psr/clock"
+        },
         {
             "name": "psr/container",
             "version": "2.0.2",
@@ -1826,27 +1961,27 @@
         },
         {
             "name": "symfony/deprecation-contracts",
-            "version": "v3.2.1",
-            "version_normalized": "3.2.1.0",
+            "version": "v3.4.0",
+            "version_normalized": "3.4.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/deprecation-contracts.git",
-                "reference": "e2d1534420bd723d0ef5aec58a22c5fe60ce6f5e"
+                "reference": "7c3aff79d10325257a001fcf92d991f24fc967cf"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/e2d1534420bd723d0ef5aec58a22c5fe60ce6f5e",
-                "reference": "e2d1534420bd723d0ef5aec58a22c5fe60ce6f5e",
+                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/7c3aff79d10325257a001fcf92d991f24fc967cf",
+                "reference": "7c3aff79d10325257a001fcf92d991f24fc967cf",
                 "shasum": ""
             },
             "require": {
                 "php": ">=8.1"
             },
-            "time": "2023-03-01T10:25:55+00:00",
+            "time": "2023-05-23T14:45:45+00:00",
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "3.3-dev"
+                    "dev-main": "3.4-dev"
                 },
                 "thanks": {
                     "name": "symfony/contracts",
@@ -1876,7 +2011,7 @@
             "description": "A generic function and convention to trigger deprecation notices",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.2.1"
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.4.0"
             },
             "funding": [
                 {
@@ -1981,17 +2116,17 @@
         },
         {
             "name": "symfony/polyfill-mbstring",
-            "version": "v1.24.0",
-            "version_normalized": "1.24.0.0",
+            "version": "v1.29.0",
+            "version_normalized": "1.29.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "0abb51d2f102e00a4eefcf46ba7fec406d245825"
+                "reference": "9773676c8a1bb1f8d4340a62efe641cf76eda7ec"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/0abb51d2f102e00a4eefcf46ba7fec406d245825",
-                "reference": "0abb51d2f102e00a4eefcf46ba7fec406d245825",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/9773676c8a1bb1f8d4340a62efe641cf76eda7ec",
+                "reference": "9773676c8a1bb1f8d4340a62efe641cf76eda7ec",
                 "shasum": ""
             },
             "require": {
@@ -2003,12 +2138,9 @@
             "suggest": {
                 "ext-mbstring": "For best performance"
             },
-            "time": "2021-11-30T18:21:41+00:00",
+            "time": "2024-01-29T20:11:03+00:00",
             "type": "library",
             "extra": {
-                "branch-alias": {
-                    "dev-main": "1.23-dev"
-                },
                 "thanks": {
                     "name": "symfony/polyfill",
                     "url": "https://github.com/symfony/polyfill"
@@ -2047,7 +2179,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.24.0"
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.29.0"
             },
             "funding": [
                 {
@@ -2067,28 +2199,25 @@
         },
         {
             "name": "symfony/polyfill-php80",
-            "version": "v1.24.0",
-            "version_normalized": "1.24.0.0",
+            "version": "v1.29.0",
+            "version_normalized": "1.29.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php80.git",
-                "reference": "57b712b08eddb97c762a8caa32c84e037892d2e9"
+                "reference": "87b68208d5c1188808dd7839ee1e6c8ec3b02f1b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/57b712b08eddb97c762a8caa32c84e037892d2e9",
-                "reference": "57b712b08eddb97c762a8caa32c84e037892d2e9",
+                "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/87b68208d5c1188808dd7839ee1e6c8ec3b02f1b",
+                "reference": "87b68208d5c1188808dd7839ee1e6c8ec3b02f1b",
                 "shasum": ""
             },
             "require": {
                 "php": ">=7.1"
             },
-            "time": "2021-09-13T13:58:33+00:00",
+            "time": "2024-01-29T20:11:03+00:00",
             "type": "library",
             "extra": {
-                "branch-alias": {
-                    "dev-main": "1.23-dev"
-                },
                 "thanks": {
                     "name": "symfony/polyfill",
                     "url": "https://github.com/symfony/polyfill"
@@ -2133,7 +2262,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-php80/tree/v1.24.0"
+                "source": "https://github.com/symfony/polyfill-php80/tree/v1.29.0"
             },
             "funding": [
                 {
@@ -2153,29 +2282,32 @@
         },
         {
             "name": "symfony/translation",
-            "version": "v6.0.5",
-            "version_normalized": "6.0.5.0",
+            "version": "v6.4.3",
+            "version_normalized": "6.4.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/translation.git",
-                "reference": "e69501c71107cc3146b32aaa45f4edd0c3427875"
+                "reference": "637c51191b6b184184bbf98937702bcf554f7d04"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/translation/zipball/e69501c71107cc3146b32aaa45f4edd0c3427875",
-                "reference": "e69501c71107cc3146b32aaa45f4edd0c3427875",
+                "url": "https://api.github.com/repos/symfony/translation/zipball/637c51191b6b184184bbf98937702bcf554f7d04",
+                "reference": "637c51191b6b184184bbf98937702bcf554f7d04",
                 "shasum": ""
             },
             "require": {
-                "php": ">=8.0.2",
+                "php": ">=8.1",
+                "symfony/deprecation-contracts": "^2.5|^3",
                 "symfony/polyfill-mbstring": "~1.0",
-                "symfony/translation-contracts": "^2.3|^3.0"
+                "symfony/translation-contracts": "^2.5|^3.0"
             },
             "conflict": {
                 "symfony/config": "<5.4",
                 "symfony/console": "<5.4",
                 "symfony/dependency-injection": "<5.4",
+                "symfony/http-client-contracts": "<2.5",
                 "symfony/http-kernel": "<5.4",
+                "symfony/service-contracts": "<2.5",
                 "symfony/twig-bundle": "<5.4",
                 "symfony/yaml": "<5.4"
             },
@@ -2183,24 +2315,21 @@
                 "symfony/translation-implementation": "2.3|3.0"
             },
             "require-dev": {
+                "nikic/php-parser": "^4.18|^5.0",
                 "psr/log": "^1|^2|^3",
-                "symfony/config": "^5.4|^6.0",
-                "symfony/console": "^5.4|^6.0",
-                "symfony/dependency-injection": "^5.4|^6.0",
-                "symfony/finder": "^5.4|^6.0",
-                "symfony/http-client-contracts": "^1.1|^2.0|^3.0",
-                "symfony/http-kernel": "^5.4|^6.0",
-                "symfony/intl": "^5.4|^6.0",
+                "symfony/config": "^5.4|^6.0|^7.0",
+                "symfony/console": "^5.4|^6.0|^7.0",
+                "symfony/dependency-injection": "^5.4|^6.0|^7.0",
+                "symfony/finder": "^5.4|^6.0|^7.0",
+                "symfony/http-client-contracts": "^2.5|^3.0",
+                "symfony/http-kernel": "^5.4|^6.0|^7.0",
+                "symfony/intl": "^5.4|^6.0|^7.0",
                 "symfony/polyfill-intl-icu": "^1.21",
-                "symfony/service-contracts": "^1.1.2|^2|^3",
-                "symfony/yaml": "^5.4|^6.0"
+                "symfony/routing": "^5.4|^6.0|^7.0",
+                "symfony/service-contracts": "^2.5|^3",
+                "symfony/yaml": "^5.4|^6.0|^7.0"
             },
-            "suggest": {
-                "psr/log-implementation": "To use logging capability in translator",
-                "symfony/config": "",
-                "symfony/yaml": ""
-            },
-            "time": "2022-02-09T15:52:48+00:00",
+            "time": "2024-01-29T13:11:52+00:00",
             "type": "library",
             "installation-source": "dist",
             "autoload": {
@@ -2231,7 +2360,7 @@
             "description": "Provides tools to internationalize your application",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/translation/tree/v6.0.5"
+                "source": "https://github.com/symfony/translation/tree/v6.4.3"
             },
             "funding": [
                 {
@@ -2251,30 +2380,27 @@
         },
         {
             "name": "symfony/translation-contracts",
-            "version": "v3.0.0",
-            "version_normalized": "3.0.0.0",
+            "version": "v3.4.1",
+            "version_normalized": "3.4.1.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/translation-contracts.git",
-                "reference": "1b6ea5a7442af5a12dba3dbd6d71034b5b234e77"
+                "reference": "06450585bf65e978026bda220cdebca3f867fde7"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/translation-contracts/zipball/1b6ea5a7442af5a12dba3dbd6d71034b5b234e77",
-                "reference": "1b6ea5a7442af5a12dba3dbd6d71034b5b234e77",
+                "url": "https://api.github.com/repos/symfony/translation-contracts/zipball/06450585bf65e978026bda220cdebca3f867fde7",
+                "reference": "06450585bf65e978026bda220cdebca3f867fde7",
                 "shasum": ""
             },
             "require": {
-                "php": ">=8.0.2"
+                "php": ">=8.1"
             },
-            "suggest": {
-                "symfony/translation-implementation": ""
-            },
-            "time": "2021-09-07T12:43:40+00:00",
+            "time": "2023-12-26T14:02:43+00:00",
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "3.0-dev"
+                    "dev-main": "3.4-dev"
                 },
                 "thanks": {
                     "name": "symfony/contracts",
@@ -2285,7 +2411,10 @@
             "autoload": {
                 "psr-4": {
                     "Symfony\\Contracts\\Translation\\": ""
-                }
+                },
+                "exclude-from-classmap": [
+                    "/Test/"
+                ]
             },
             "notification-url": "https://packagist.org/downloads/",
             "license": [
@@ -2312,7 +2441,7 @@
                 "standards"
             ],
             "support": {
-                "source": "https://github.com/symfony/translation-contracts/tree/v3.0.0"
+                "source": "https://github.com/symfony/translation-contracts/tree/v3.4.1"
             },
             "funding": [
                 {
@@ -2332,40 +2461,37 @@
         },
         {
             "name": "symfony/var-dumper",
-            "version": "v6.0.5",
-            "version_normalized": "6.0.5.0",
+            "version": "v6.4.3",
+            "version_normalized": "6.4.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/var-dumper.git",
-                "reference": "60d6a756d5f485df5e6e40b337334848f79f61ce"
+                "reference": "0435a08f69125535336177c29d56af3abc1f69da"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/var-dumper/zipball/60d6a756d5f485df5e6e40b337334848f79f61ce",
-                "reference": "60d6a756d5f485df5e6e40b337334848f79f61ce",
+                "url": "https://api.github.com/repos/symfony/var-dumper/zipball/0435a08f69125535336177c29d56af3abc1f69da",
+                "reference": "0435a08f69125535336177c29d56af3abc1f69da",
                 "shasum": ""
             },
             "require": {
-                "php": ">=8.0.2",
+                "php": ">=8.1",
+                "symfony/deprecation-contracts": "^2.5|^3",
                 "symfony/polyfill-mbstring": "~1.0"
             },
             "conflict": {
-                "phpunit/phpunit": "<5.4.3",
                 "symfony/console": "<5.4"
             },
             "require-dev": {
                 "ext-iconv": "*",
-                "symfony/console": "^5.4|^6.0",
-                "symfony/process": "^5.4|^6.0",
-                "symfony/uid": "^5.4|^6.0",
+                "symfony/console": "^5.4|^6.0|^7.0",
+                "symfony/error-handler": "^6.3|^7.0",
+                "symfony/http-kernel": "^5.4|^6.0|^7.0",
+                "symfony/process": "^5.4|^6.0|^7.0",
+                "symfony/uid": "^5.4|^6.0|^7.0",
                 "twig/twig": "^2.13|^3.0.4"
             },
-            "suggest": {
-                "ext-iconv": "To convert non-UTF-8 strings to UTF-8 (or symfony/polyfill-iconv in case ext-iconv cannot be used).",
-                "ext-intl": "To show region name in time zone dump",
-                "symfony/console": "To use the ServerDumpCommand and/or the bin/var-dump-server script"
-            },
-            "time": "2022-02-21T17:15:17+00:00",
+            "time": "2024-01-23T14:53:30+00:00",
             "bin": [
                 "Resources/bin/var-dump-server"
             ],
@@ -2403,7 +2529,7 @@
                 "dump"
             ],
             "support": {
-                "source": "https://github.com/symfony/var-dumper/tree/v6.0.5"
+                "source": "https://github.com/symfony/var-dumper/tree/v6.4.3"
             },
             "funding": [
                 {
@@ -2423,21 +2549,21 @@
         },
         {
             "name": "tightenco/collect",
-            "version": "v8.83.2",
-            "version_normalized": "8.83.2.0",
+            "version": "v9.52.7",
+            "version_normalized": "9.52.7.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/tighten/collect.git",
-                "reference": "d9c66d586ec2d216d8a31283d73f8df1400cc722"
+                "reference": "b15143cd11fe01a700fcc449df61adc64452fa6d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/tighten/collect/zipball/d9c66d586ec2d216d8a31283d73f8df1400cc722",
-                "reference": "d9c66d586ec2d216d8a31283d73f8df1400cc722",
+                "url": "https://api.github.com/repos/tighten/collect/zipball/b15143cd11fe01a700fcc449df61adc64452fa6d",
+                "reference": "b15143cd11fe01a700fcc449df61adc64452fa6d",
                 "shasum": ""
             },
             "require": {
-                "php": "^7.3|^8.0",
+                "php": "^8.0",
                 "symfony/var-dumper": "^3.4 || ^4.0 || ^5.0 || ^6.0"
             },
             "require-dev": {
@@ -2445,7 +2571,7 @@
                 "nesbot/carbon": "^2.23.0",
                 "phpunit/phpunit": "^8.3"
             },
-            "time": "2022-02-16T16:15:54+00:00",
+            "time": "2023-04-14T21:51:36+00:00",
             "type": "library",
             "installation-source": "dist",
             "autoload": {
@@ -2474,7 +2600,7 @@
             ],
             "support": {
                 "issues": "https://github.com/tighten/collect/issues",
-                "source": "https://github.com/tighten/collect/tree/v8.83.2"
+                "source": "https://github.com/tighten/collect/tree/v9.52.7"
             },
             "install-path": "../tightenco/collect"
         },
diff --git a/data/web/inc/lib/vendor/composer/installed.php b/data/web/inc/lib/vendor/composer/installed.php
index 0616e9a82..fed449fa2 100644
--- a/data/web/inc/lib/vendor/composer/installed.php
+++ b/data/web/inc/lib/vendor/composer/installed.php
@@ -3,7 +3,7 @@
         'name' => '__root__',
         'pretty_version' => 'dev-master',
         'version' => 'dev-master',
-        'reference' => '96390c2e12fd8d886495fde5514ad431e4e66069',
+        'reference' => '40146839efb3754b2db4045f0111178ffd1883c5',
         'type' => 'library',
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
@@ -13,7 +13,7 @@
         '__root__' => array(
             'pretty_version' => 'dev-master',
             'version' => 'dev-master',
-            'reference' => '96390c2e12fd8d886495fde5514ad431e4e66069',
+            'reference' => '40146839efb3754b2db4045f0111178ffd1883c5',
             'type' => 'library',
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),
@@ -28,6 +28,15 @@
             'aliases' => array(),
             'dev_requirement' => false,
         ),
+        'carbonphp/carbon-doctrine-types' => array(
+            'pretty_version' => '3.2.0',
+            'version' => '3.2.0.0',
+            'reference' => '18ba5ddfec8976260ead6e866180bd5d2f71aa1d',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../carbonphp/carbon-doctrine-types',
+            'aliases' => array(),
+            'dev_requirement' => false,
+        ),
         'ddeboer/imap' => array(
             'pretty_version' => '1.13.1',
             'version' => '1.13.1.0',
@@ -38,9 +47,9 @@
             'dev_requirement' => false,
         ),
         'directorytree/ldaprecord' => array(
-            'pretty_version' => 'v2.10.1',
-            'version' => '2.10.1.0',
-            'reference' => 'bf512d9af7a7b0e2ed7a666ab29cefdd027bee88',
+            'pretty_version' => 'v2.20.5',
+            'version' => '2.20.5.0',
+            'reference' => '5bd0a5a9d257cf1049ae83055dbba4c3479ddf16',
             'type' => 'library',
             'install_path' => __DIR__ . '/../directorytree/ldaprecord',
             'aliases' => array(),
@@ -89,9 +98,9 @@
             'dev_requirement' => false,
         ),
         'illuminate/contracts' => array(
-            'pretty_version' => 'v9.3.0',
-            'version' => '9.3.0.0',
-            'reference' => 'bf4b3c254c49d28157645d01e4883b5951b1e1d0',
+            'pretty_version' => 'v10.44.0',
+            'version' => '10.44.0.0',
+            'reference' => '8d7152c4a1f5d9cf7da3e8b71f23e4556f6138ac',
             'type' => 'library',
             'install_path' => __DIR__ . '/../illuminate/contracts',
             'aliases' => array(),
@@ -140,9 +149,9 @@
             'dev_requirement' => false,
         ),
         'nesbot/carbon' => array(
-            'pretty_version' => '2.57.0',
-            'version' => '2.57.0.0',
-            'reference' => '4a54375c21eea4811dbd1149fe6b246517554e78',
+            'pretty_version' => '2.72.3',
+            'version' => '2.72.3.0',
+            'reference' => '0c6fd108360c562f6e4fd1dedb8233b423e91c83',
             'type' => 'library',
             'install_path' => __DIR__ . '/../nesbot/carbon',
             'aliases' => array(),
@@ -175,6 +184,21 @@
             'aliases' => array(),
             'dev_requirement' => false,
         ),
+        'psr/clock' => array(
+            'pretty_version' => '1.0.0',
+            'version' => '1.0.0.0',
+            'reference' => 'e41a24703d4560fd0acb709162f73b8adfc3aa0d',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../psr/clock',
+            'aliases' => array(),
+            'dev_requirement' => false,
+        ),
+        'psr/clock-implementation' => array(
+            'dev_requirement' => false,
+            'provided' => array(
+                0 => '1.0',
+            ),
+        ),
         'psr/container' => array(
             'pretty_version' => '2.0.2',
             'version' => '2.0.2.0',
@@ -284,9 +308,9 @@
             'dev_requirement' => false,
         ),
         'symfony/deprecation-contracts' => array(
-            'pretty_version' => 'v3.2.1',
-            'version' => '3.2.1.0',
-            'reference' => 'e2d1534420bd723d0ef5aec58a22c5fe60ce6f5e',
+            'pretty_version' => 'v3.4.0',
+            'version' => '3.4.0.0',
+            'reference' => '7c3aff79d10325257a001fcf92d991f24fc967cf',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/deprecation-contracts',
             'aliases' => array(),
@@ -302,36 +326,36 @@
             'dev_requirement' => false,
         ),
         'symfony/polyfill-mbstring' => array(
-            'pretty_version' => 'v1.24.0',
-            'version' => '1.24.0.0',
-            'reference' => '0abb51d2f102e00a4eefcf46ba7fec406d245825',
+            'pretty_version' => 'v1.29.0',
+            'version' => '1.29.0.0',
+            'reference' => '9773676c8a1bb1f8d4340a62efe641cf76eda7ec',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/polyfill-mbstring',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'symfony/polyfill-php80' => array(
-            'pretty_version' => 'v1.24.0',
-            'version' => '1.24.0.0',
-            'reference' => '57b712b08eddb97c762a8caa32c84e037892d2e9',
+            'pretty_version' => 'v1.29.0',
+            'version' => '1.29.0.0',
+            'reference' => '87b68208d5c1188808dd7839ee1e6c8ec3b02f1b',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/polyfill-php80',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'symfony/translation' => array(
-            'pretty_version' => 'v6.0.5',
-            'version' => '6.0.5.0',
-            'reference' => 'e69501c71107cc3146b32aaa45f4edd0c3427875',
+            'pretty_version' => 'v6.4.3',
+            'version' => '6.4.3.0',
+            'reference' => '637c51191b6b184184bbf98937702bcf554f7d04',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/translation',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'symfony/translation-contracts' => array(
-            'pretty_version' => 'v3.0.0',
-            'version' => '3.0.0.0',
-            'reference' => '1b6ea5a7442af5a12dba3dbd6d71034b5b234e77',
+            'pretty_version' => 'v3.4.1',
+            'version' => '3.4.1.0',
+            'reference' => '06450585bf65e978026bda220cdebca3f867fde7',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/translation-contracts',
             'aliases' => array(),
@@ -344,18 +368,18 @@
             ),
         ),
         'symfony/var-dumper' => array(
-            'pretty_version' => 'v6.0.5',
-            'version' => '6.0.5.0',
-            'reference' => '60d6a756d5f485df5e6e40b337334848f79f61ce',
+            'pretty_version' => 'v6.4.3',
+            'version' => '6.4.3.0',
+            'reference' => '0435a08f69125535336177c29d56af3abc1f69da',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/var-dumper',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'tightenco/collect' => array(
-            'pretty_version' => 'v8.83.2',
-            'version' => '8.83.2.0',
-            'reference' => 'd9c66d586ec2d216d8a31283d73f8df1400cc722',
+            'pretty_version' => 'v9.52.7',
+            'version' => '9.52.7.0',
+            'reference' => 'b15143cd11fe01a700fcc449df61adc64452fa6d',
             'type' => 'library',
             'install_path' => __DIR__ . '/../tightenco/collect',
             'aliases' => array(),
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/.github/ISSUE_TEMPLATE/bug_report.md b/data/web/inc/lib/vendor/directorytree/ldaprecord/.github/ISSUE_TEMPLATE/bug_report.md
index a56a2afbc..4cbf18f9c 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/.github/ISSUE_TEMPLATE/bug_report.md
@@ -7,7 +7,10 @@ assignees: ''
 
 ---
 
-<!-- Please update the below information with your environment. -->
+<!--
+  Please update the below information with your environment.
+  Issues filed without the below information will be closed.
+-->
 **Environment:**
  - LDAP Server Type: [e.g. ActiveDirectory / OpenLDAP / FreeIPA]
  - PHP Version: [e.g. 7.3 / 7.4 / 8.0]
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/.github/ISSUE_TEMPLATE/support---help-request.md b/data/web/inc/lib/vendor/directorytree/ldaprecord/.github/ISSUE_TEMPLATE/support---help-request.md
index 230916cf1..731d5cea0 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/.github/ISSUE_TEMPLATE/support---help-request.md
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/.github/ISSUE_TEMPLATE/support---help-request.md
@@ -11,7 +11,10 @@ assignees: ''
 <!-- https://github.com/sponsors/stevebauman -->
 <!-- Thank you for your understanding. -->
 
-<!-- Please update the below information with your environment. -->
+<!--
+  Please update the below information with your environment.
+  Issues filed without the below information will be closed.
+-->
 **Environment:**
  - LDAP Server Type: [e.g. ActiveDirectory / OpenLDAP / FreeIPA]
  - PHP Version: [e.g. 7.3 / 7.4 / 8.0]
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/.github/workflows/run-integration-tests.yml b/data/web/inc/lib/vendor/directorytree/ldaprecord/.github/workflows/run-integration-tests.yml
new file mode 100644
index 000000000..6a6b2f9e5
--- /dev/null
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/.github/workflows/run-integration-tests.yml
@@ -0,0 +1,62 @@
+name: run-integration-tests
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+  run-tests:
+    runs-on: ${{ matrix.os }}
+
+    services:
+      ldap:
+        image: osixia/openldap:1.4.0
+        env:
+          LDAP_TLS_VERIFY_CLIENT: try
+          LDAP_OPENLDAP_UID: 1000
+          LDAP_OPENLDAP_GID: 1000
+          LDAP_ORGANISATION: Local
+          LDAP_DOMAIN: local.com
+          LDAP_ADMIN_PASSWORD: secret
+        ports:
+          - 389:389
+          - 636:636
+
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest]
+        php: [8.1, 8.0, 7.4]
+
+    name: ${{ matrix.os }} - P${{ matrix.php }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Cache dependencies
+        uses: actions/cache@v2
+        with:
+          path: ~/.composer/cache/files
+          key: dependencies-php-${{ matrix.php }}-composer-${{ hashFiles('composer.json') }}
+
+      - name: Set ldap.conf file permissions
+        run: sudo chown -R $USER:$USER /etc/ldap/ldap.conf
+
+      - name: Create ldap.conf file disabling TLS verification
+        run: sudo echo "TLS_REQCERT never" > "/etc/ldap/ldap.conf"
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+          extensions: ldap, json
+          coverage: none
+
+      - name: Install dependencies
+        run: composer update --prefer-dist --no-interaction
+
+      - name: Execute tests
+        run: vendor/bin/phpunit --testsuite Integration
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/.github/workflows/run-tests.yml b/data/web/inc/lib/vendor/directorytree/ldaprecord/.github/workflows/run-tests.yml
index 44825dc20..6aaa3fd4a 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/.github/workflows/run-tests.yml
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/.github/workflows/run-tests.yml
@@ -9,20 +9,20 @@ on:
 jobs:
   run-tests:
     runs-on: ${{ matrix.os }}
+    name: ${{ matrix.os }} - P${{ matrix.php }}
+
     strategy:
       fail-fast: false
       matrix:
         os: [ubuntu-latest, windows-latest]
         php: [8.1, 8.0, 7.4, 7.3]
 
-    name: ${{ matrix.os }} - P${{ matrix.php }}
-
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v2
 
       - name: Cache dependencies
-        uses: actions/cache@v3
+        uses: actions/cache@v2
         with:
           path: ~/.composer/cache/files
           key: dependencies-php-${{ matrix.php }}-composer-${{ hashFiles('composer.json') }}
@@ -38,41 +38,4 @@ jobs:
         run: composer update --prefer-dist --no-interaction
 
       - name: Execute tests
-        run: vendor/bin/phpunit
-
-  run-analysis:
-    runs-on: ${{ matrix.os }}
-    name: Static code analysis (PHP ${{ matrix.php }})
-
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu-latest]
-        php: [8.0]
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Cache dependencies
-        uses: actions/cache@v3
-        with:
-          path: ~/.composer/cache/files
-          key: dependencies-php-${{ matrix.php }}-composer-${{ hashFiles('composer.json') }}
-
-      - name: Setup PHP
-        uses: shivammathur/setup-php@v2
-        with:
-          php-version: ${{ matrix.php }}
-          extensions: ldap, json
-          coverage: none
-          tools: psalm
-
-      - name: Validate composer.json
-        run: composer validate
-
-      - name: Install dependencies
-        run: composer update --prefer-dist --no-interaction
-
-      - name: Run Psalm
-        run: psalm
+        run: vendor/bin/phpunit --testsuite Unit
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/.styleci.yml b/data/web/inc/lib/vendor/directorytree/ldaprecord/.styleci.yml
index 9f5e38cfa..0285f1790 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/.styleci.yml
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/.styleci.yml
@@ -1,8 +1 @@
 preset: laravel
-enabled:
-  - phpdoc_align
-  - phpdoc_separation
-  - unalign_double_arrow
-disabled:
-  - laravel_phpdoc_alignment
-  - laravel_phpdoc_separation
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/composer.json b/data/web/inc/lib/vendor/directorytree/ldaprecord/composer.json
index 35c605766..65d7dd8f6 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/composer.json
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/composer.json
@@ -32,11 +32,12 @@
         "php": ">=7.3",
         "ext-ldap": "*",
         "ext-json": "*",
-        "psr/log": "*",
+        "psr/log": "^1.0|^2.0|^3.0",
         "psr/simple-cache": "^1.0|^2.0",
         "nesbot/carbon": "^1.0|^2.0",
-        "tightenco/collect": "^5.6|^6.0|^7.0|^8.0",
-        "illuminate/contracts": "^5.0|^6.0|^7.0|^8.0|^9.0"
+        "tightenco/collect": "^5.6|^6.0|^7.0|^8.0|^9.0",
+        "illuminate/contracts": "^5.0|^6.0|^7.0|^8.0|^9.0|^10.0",
+        "symfony/polyfill-php80": "^1.25"
     },
     "require-dev": {
         "phpunit/phpunit": "^9.0",
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/docker-compose.yml b/data/web/inc/lib/vendor/directorytree/ldaprecord/docker-compose.yml
new file mode 100644
index 000000000..de96b1398
--- /dev/null
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/docker-compose.yml
@@ -0,0 +1,35 @@
+version: '3'
+
+services:
+    ldap:
+        image: osixia/openldap:1.4.0
+        container_name: ldap
+        restart: always
+        hostname: local.com
+        environment:
+            LDAP_TLS_VERIFY_CLIENT: try
+            LDAP_OPENLDAP_UID: 1000
+            LDAP_OPENLDAP_GID: 1000
+            LDAP_ORGANISATION: Local
+            LDAP_DOMAIN : local.com
+            LDAP_ADMIN_PASSWORD: secret
+        ports:
+            - "389:389"
+            - "636:636"
+        networks:
+            - local
+  
+    ldapadmin:
+        image: osixia/phpldapadmin:0.9.0
+        container_name: ldapadmin
+        environment:
+            PHPLDAPADMIN_LDAP_HOSTS: ldap
+        restart: always
+        ports:
+            - "6443:443"
+        networks:
+            - local
+
+networks:
+    local:
+        driver: bridge
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/phpunit.xml b/data/web/inc/lib/vendor/directorytree/ldaprecord/phpunit.xml
index d03fdc20e..aed09e4d6 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/phpunit.xml
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/phpunit.xml
@@ -10,8 +10,11 @@
          stopOnFailure="false"
         >
     <testsuites>
-        <testsuite name="LdapRecord Test Suite">
-            <directory suffix="Test.php">./tests/</directory>
+        <testsuite name="Unit">
+            <directory suffix="Test.php">./tests/Unit</directory>
+        </testsuite>
+        <testsuite name="Integration">
+            <directory suffix="Test.php">./tests/Integration</directory>
         </testsuite>
     </testsuites>
 </phpunit>
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/psalm.xml b/data/web/inc/lib/vendor/directorytree/ldaprecord/psalm.xml
deleted file mode 100644
index 7c0333df3..000000000
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/psalm.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<?xml version="1.0"?>
-<psalm
-    errorLevel="7"
-    resolveFromConfigFile="true"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns="https://getpsalm.org/schema/config"
-    xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
->
-    <projectFiles>
-        <directory name="src" />
-        <ignoreFiles>
-            <directory name="vendor" />
-        </ignoreFiles>
-    </projectFiles>
-</psalm>
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/readme.md b/data/web/inc/lib/vendor/directorytree/ldaprecord/readme.md
index 505d6992c..e00f8ef69 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/readme.md
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/readme.md
@@ -6,7 +6,7 @@
 
 <p align="center">
     <a href="https://github.com/DirectoryTree/LdapRecord/actions">
-        <img src="https://img.shields.io/github/workflow/status/directorytree/ldaprecord/run-tests.svg?style=flat-square">
+        <img src="https://img.shields.io/github/actions/workflow/status/directorytree/ldaprecord/run-tests.yml?branch=master&style=flat-square">
     </a>
     <a href="https://scrutinizer-ci.com/g/DirectoryTree/LdapRecord/?branch=master">
         <img src="https://img.shields.io/scrutinizer/g/DirectoryTree/LdapRecord/master.svg?style=flat-square"/>
@@ -45,7 +45,7 @@
 
 ⏲ **Up and Running Fast**
 
-Connect to your LDAP servers and start running queries at lightning speed.
+Connect to your LDAP servers and start running queries in a matter of minutes.
 
 💡 **Fluent Filter Builder**
 
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Auth/Events/Event.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Auth/Events/Event.php
index 83716b422..7c1bb3c87 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Auth/Events/Event.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Auth/Events/Event.php
@@ -30,9 +30,9 @@ abstract class Event
     /**
      * Constructor.
      *
-     * @param LdapInterface $connection
-     * @param string        $username
-     * @param string        $password
+     * @param  LdapInterface  $connection
+     * @param  string  $username
+     * @param  string  $password
      */
     public function __construct(LdapInterface $connection, $username, $password)
     {
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Auth/Guard.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Auth/Guard.php
index d41af1569..c00989ae6 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Auth/Guard.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Auth/Guard.php
@@ -38,8 +38,8 @@ class Guard
     /**
      * Constructor.
      *
-     * @param LdapInterface       $connection
-     * @param DomainConfiguration $configuration
+     * @param  LdapInterface  $connection
+     * @param  DomainConfiguration  $configuration
      */
     public function __construct(LdapInterface $connection, DomainConfiguration $configuration)
     {
@@ -50,10 +50,9 @@ class Guard
     /**
      * Attempt binding a user to the LDAP server.
      *
-     * @param string $username
-     * @param string $password
-     * @param bool   $stayBound
-     *
+     * @param  string  $username
+     * @param  string  $password
+     * @param  bool  $stayBound
      * @return bool
      *
      * @throws UsernameRequiredException
@@ -90,8 +89,8 @@ class Guard
     /**
      * Attempt binding a user to the LDAP server. Supports anonymous binding.
      *
-     * @param string|null $username
-     * @param string|null $password
+     * @param  string|null  $username
+     * @param  string|null  $password
      *
      * @throws BindException
      * @throws \LdapRecord\ConnectionException
@@ -148,8 +147,7 @@ class Guard
     /**
      * Set the event dispatcher instance.
      *
-     * @param DispatcherInterface $dispatcher
-     *
+     * @param  DispatcherInterface  $dispatcher
      * @return void
      */
     public function setDispatcher(DispatcherInterface $dispatcher)
@@ -160,9 +158,8 @@ class Guard
     /**
      * Fire the attempting event.
      *
-     * @param string $username
-     * @param string $password
-     *
+     * @param  string  $username
+     * @param  string  $password
      * @return void
      */
     protected function fireAttemptingEvent($username, $password)
@@ -175,9 +172,8 @@ class Guard
     /**
      * Fire the passed event.
      *
-     * @param string $username
-     * @param string $password
-     *
+     * @param  string  $username
+     * @param  string  $password
      * @return void
      */
     protected function firePassedEvent($username, $password)
@@ -190,9 +186,8 @@ class Guard
     /**
      * Fire the failed event.
      *
-     * @param string $username
-     * @param string $password
-     *
+     * @param  string  $username
+     * @param  string  $password
      * @return void
      */
     protected function fireFailedEvent($username, $password)
@@ -205,9 +200,8 @@ class Guard
     /**
      * Fire the binding event.
      *
-     * @param string $username
-     * @param string $password
-     *
+     * @param  string  $username
+     * @param  string  $password
      * @return void
      */
     protected function fireBindingEvent($username, $password)
@@ -220,9 +214,8 @@ class Guard
     /**
      * Fire the bound event.
      *
-     * @param string $username
-     * @param string $password
-     *
+     * @param  string  $username
+     * @param  string  $password
      * @return void
      */
     protected function fireBoundEvent($username, $password)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Configuration/DomainConfiguration.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Configuration/DomainConfiguration.php
index d1124bfc9..f71f63d87 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Configuration/DomainConfiguration.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Configuration/DomainConfiguration.php
@@ -58,7 +58,7 @@ class DomainConfiguration
     /**
      * Constructor.
      *
-     * @param array $options
+     * @param  array  $options
      *
      * @throws ConfigurationException When an option value given is an invalid type.
      */
@@ -74,9 +74,8 @@ class DomainConfiguration
     /**
      * Extend the configuration with a custom option, or override an existing.
      *
-     * @param string $option
-     * @param mixed  $default
-     *
+     * @param  string  $option
+     * @param  mixed  $default
      * @return void
      */
     public static function extend($option, $default = null)
@@ -107,8 +106,8 @@ class DomainConfiguration
     /**
      * Set a configuration option.
      *
-     * @param string $key
-     * @param mixed  $value
+     * @param  string  $key
+     * @param  mixed  $value
      *
      * @throws ConfigurationException When an option value given is an invalid type.
      */
@@ -122,8 +121,7 @@ class DomainConfiguration
     /**
      * Returns the value for the specified configuration options.
      *
-     * @param string $key
-     *
+     * @param  string  $key
      * @return mixed
      *
      * @throws ConfigurationException When the option specified does not exist.
@@ -140,8 +138,7 @@ class DomainConfiguration
     /**
      * Checks if a configuration option exists.
      *
-     * @param string $key
-     *
+     * @param  string  $key
      * @return bool
      */
     public function has($key)
@@ -152,9 +149,8 @@ class DomainConfiguration
     /**
      * Validate the configuration option.
      *
-     * @param string $key
-     * @param mixed  $value
-     *
+     * @param  string  $key
+     * @param  mixed  $value
      * @return bool
      *
      * @throws ConfigurationException When an option value given is an invalid type.
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Configuration/Validators/Validator.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Configuration/Validators/Validator.php
index de2f13f56..d107314d5 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Configuration/Validators/Validator.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Configuration/Validators/Validator.php
@@ -30,8 +30,8 @@ abstract class Validator
     /**
      * Constructor.
      *
-     * @param string $key
-     * @param mixed  $value
+     * @param  string  $key
+     * @param  mixed  $value
      */
     public function __construct($key, $value)
     {
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Connection.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Connection.php
index d429aa462..6e55cffc9 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Connection.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Connection.php
@@ -88,8 +88,8 @@ class Connection
     /**
      * Constructor.
      *
-     * @param array              $config
-     * @param LdapInterface|null $ldap
+     * @param  array|DomainConfiguration  $config
+     * @param  LdapInterface|null  $ldap
      */
     public function __construct($config = [], LdapInterface $ldap = null)
     {
@@ -109,15 +109,18 @@ class Connection
     /**
      * Set the connection configuration.
      *
-     * @param array $config
-     *
+     * @param  array|DomainConfiguration  $config
      * @return $this
      *
      * @throws Configuration\ConfigurationException
      */
     public function setConfiguration($config = [])
     {
-        $this->configuration = new DomainConfiguration($config);
+        if (! $config instanceof DomainConfiguration) {
+            $config = new DomainConfiguration($config);
+        }
+
+        $this->configuration = $config;
 
         $this->hosts = $this->configuration->get('hosts');
 
@@ -129,8 +132,7 @@ class Connection
     /**
      * Set the LDAP connection.
      *
-     * @param LdapInterface $ldap
-     *
+     * @param  LdapInterface  $ldap
      * @return $this
      */
     public function setLdapConnection(LdapInterface $ldap)
@@ -143,8 +145,7 @@ class Connection
     /**
      * Set the event dispatcher.
      *
-     * @param DispatcherInterface $dispatcher
-     *
+     * @param  DispatcherInterface  $dispatcher
      * @return $this
      */
     public function setDispatcher(DispatcherInterface $dispatcher)
@@ -192,8 +193,7 @@ class Connection
     /**
      * Set the cache store.
      *
-     * @param CacheInterface $store
-     *
+     * @param  CacheInterface  $store
      * @return $this
      */
     public function setCache(CacheInterface $store)
@@ -238,9 +238,8 @@ class Connection
      *
      * If no username or password is specified, then the configured credentials are used.
      *
-     * @param string|null $username
-     * @param string|null $password
-     *
+     * @param  string|null  $username
+     * @param  string|null  $password
      * @return Connection
      *
      * @throws Auth\BindException
@@ -298,6 +297,16 @@ class Connection
         $this->initialize();
     }
 
+    /**
+     * Clone the connection.
+     *
+     * @return static
+     */
+    public function replicate()
+    {
+        return new static($this->configuration, new $this->ldap);
+    }
+
     /**
      * Disconnect from the LDAP server.
      *
@@ -311,8 +320,7 @@ class Connection
     /**
      * Dispatch an event.
      *
-     * @param object $event
-     *
+     * @param  object  $event
      * @return void
      */
     public function dispatch($event)
@@ -335,8 +343,7 @@ class Connection
     /**
      * Perform the operation on the LDAP connection.
      *
-     * @param Closure $operation
-     *
+     * @param  Closure  $operation
      * @return mixed
      */
     public function run(Closure $operation)
@@ -359,11 +366,27 @@ class Connection
         }
     }
 
+    /**
+     * Perform the operation on an isolated LDAP connection.
+     *
+     * @param  Closure  $operation
+     * @return mixed
+     */
+    public function isolate(Closure $operation)
+    {
+        $connection = $this->replicate();
+
+        try {
+            return $operation($connection);
+        } finally {
+            $connection->disconnect();
+        }
+    }
+
     /**
      * Attempt to get an exception for the cause of failure.
      *
-     * @param LdapRecordException $e
-     *
+     * @param  LdapRecordException  $e
      * @return mixed
      */
     protected function getExceptionForCauseOfFailure(LdapRecordException $e)
@@ -383,8 +406,7 @@ class Connection
     /**
      * Run the operation callback on the current LDAP connection.
      *
-     * @param Closure $operation
-     *
+     * @param  Closure  $operation
      * @return mixed
      *
      * @throws LdapRecordException
@@ -439,9 +461,8 @@ class Connection
     /**
      * Attempt to retry an LDAP operation if due to a lost connection.
      *
-     * @param LdapRecordException $e
-     * @param Closure             $operation
-     *
+     * @param  LdapRecordException  $e
+     * @param  Closure  $operation
      * @return mixed
      *
      * @throws LdapRecordException
@@ -461,8 +482,7 @@ class Connection
     /**
      * Retry the operation on the current host.
      *
-     * @param Closure $operation
-     *
+     * @param  Closure  $operation
      * @return mixed
      *
      * @throws LdapRecordException
@@ -483,9 +503,8 @@ class Connection
     /**
      * Attempt the operation again on the next host.
      *
-     * @param LdapRecordException $e
-     * @param Closure             $operation
-     *
+     * @param  LdapRecordException  $e
+     * @param  Closure  $operation
      * @return mixed
      *
      * @throws LdapRecordException
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/ConnectionManager.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/ConnectionManager.php
index 01b072b4e..0597f1f68 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/ConnectionManager.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/ConnectionManager.php
@@ -81,9 +81,8 @@ class ConnectionManager
     /**
      * Forward missing method calls onto the instance.
      *
-     * @param string $method
-     * @param mixed  $args
-     *
+     * @param  string  $method
+     * @param  mixed  $args
      * @return mixed
      */
     public function __call($method, $args)
@@ -104,9 +103,8 @@ class ConnectionManager
     /**
      * Add a new connection.
      *
-     * @param Connection  $connection
-     * @param string|null $name
-     *
+     * @param  Connection  $connection
+     * @param  string|null  $name
      * @return $this
      */
     public function add(Connection $connection, $name = null)
@@ -123,8 +121,7 @@ class ConnectionManager
     /**
      * Remove a connection.
      *
-     * @param $name
-     *
+     * @param  $name
      * @return $this
      */
     public function remove($name)
@@ -147,8 +144,7 @@ class ConnectionManager
     /**
      * Get a connection by name or return the default.
      *
-     * @param string|null $name
-     *
+     * @param  string|null  $name
      * @return Connection
      *
      * @throws ContainerException If the given connection does not exist.
@@ -185,8 +181,7 @@ class ConnectionManager
     /**
      * Checks if the connection exists.
      *
-     * @param string $name
-     *
+     * @param  string  $name
      * @return bool
      */
     public function exists($name)
@@ -197,8 +192,7 @@ class ConnectionManager
     /**
      * Set the default connection name.
      *
-     * @param string $name
-     *
+     * @param  string  $name
      * @return $this
      */
     public function setDefault($name = null)
@@ -237,8 +231,7 @@ class ConnectionManager
     /**
      * Set the event logger to use.
      *
-     * @param LoggerInterface $logger
-     *
+     * @param  LoggerInterface  $logger
      * @return void
      */
     public function setLogger(LoggerInterface $logger)
@@ -299,8 +292,7 @@ class ConnectionManager
     /**
      * Set the event dispatcher.
      *
-     * @param DispatcherInterface $dispatcher
-     *
+     * @param  DispatcherInterface  $dispatcher
      * @return void
      */
     public function setDispatcher(DispatcherInterface $dispatcher)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Container.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Container.php
index f458951e7..0c125593d 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Container.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Container.php
@@ -48,9 +48,8 @@ class Container
     /**
      * Forward missing static calls onto the current instance.
      *
-     * @param string $method
-     * @param mixed  $args
-     *
+     * @param  string  $method
+     * @param  mixed  $args
      * @return mixed
      */
     public static function __callStatic($method, $args)
@@ -71,8 +70,7 @@ class Container
     /**
      * Set the container instance.
      *
-     * @param Container|null $container
-     *
+     * @param  Container|null  $container
      * @return Container|null
      */
     public static function setInstance(self $container = null)
@@ -103,9 +101,8 @@ class Container
     /**
      * Forward missing method calls onto the connection manager.
      *
-     * @param string $method
-     * @param mixed  $args
-     *
+     * @param  string  $method
+     * @param  mixed  $args
      * @return mixed
      */
     public function __call($method, $args)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/DetailedError.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/DetailedError.php
index d61159ed3..fff528c98 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/DetailedError.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/DetailedError.php
@@ -28,9 +28,9 @@ class DetailedError
     /**
      * Constructor.
      *
-     * @param int    $errorCode
-     * @param string $errorMessage
-     * @param string $diagnosticMessage
+     * @param  int  $errorCode
+     * @param  string  $errorMessage
+     * @param  string  $diagnosticMessage
      */
     public function __construct($errorCode, $errorMessage, $diagnosticMessage)
     {
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/DetectsErrors.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/DetectsErrors.php
index e8997a931..61fc4a02e 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/DetectsErrors.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/DetectsErrors.php
@@ -7,8 +7,7 @@ trait DetectsErrors
     /**
      * Determine if the error was caused by a lost connection.
      *
-     * @param string $error
-     *
+     * @param  string  $error
      * @return bool
      */
     protected function causedByLostConnection($error)
@@ -19,8 +18,7 @@ trait DetectsErrors
     /**
      * Determine if the error was caused by lack of pagination support.
      *
-     * @param string $error
-     *
+     * @param  string  $error
      * @return bool
      */
     protected function causedByPaginationSupport($error)
@@ -31,8 +29,7 @@ trait DetectsErrors
     /**
      * Determine if the error was caused by a size limit warning.
      *
-     * @param $error
-     *
+     * @param  $error
      * @return bool
      */
     protected function causedBySizeLimit($error)
@@ -43,8 +40,7 @@ trait DetectsErrors
     /**
      * Determine if the error was caused by a "No such object" warning.
      *
-     * @param string $error
-     *
+     * @param  string  $error
      * @return bool
      */
     protected function causedByNoSuchObject($error)
@@ -55,15 +51,14 @@ trait DetectsErrors
     /**
      * Determine if the error contains the any of the messages.
      *
-     * @param string       $error
-     * @param string|array $messages
-     *
+     * @param  string  $error
+     * @param  string|array  $messages
      * @return bool
      */
     protected function errorContainsMessage($error, $messages = [])
     {
         foreach ((array) $messages as $message) {
-            if (strpos($error, $message) !== false) {
+            if (str_contains((string) $error, $message)) {
                 return true;
             }
         }
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/EscapesValues.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/EscapesValues.php
index acfc020bf..ea53a2f93 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/EscapesValues.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/EscapesValues.php
@@ -9,10 +9,9 @@ trait EscapesValues
     /**
      * Prepare a value to be escaped.
      *
-     * @param string $value
-     * @param string $ignore
-     * @param int    $flags
-     *
+     * @param  string  $value
+     * @param  string  $ignore
+     * @param  int  $flags
      * @return EscapedValue
      */
     public function escape($value, $ignore = '', $flags = 0)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Events/ConnectionEvent.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Events/ConnectionEvent.php
index e9c2c352c..d2d77e2fc 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Events/ConnectionEvent.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Events/ConnectionEvent.php
@@ -16,7 +16,7 @@ abstract class ConnectionEvent
     /**
      * Constructor.
      *
-     * @param Connection $connection
+     * @param  Connection  $connection
      */
     public function __construct(Connection $connection)
     {
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Events/Dispatcher.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Events/Dispatcher.php
index a4ae3def0..4fedbc2ef 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Events/Dispatcher.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Events/Dispatcher.php
@@ -46,7 +46,7 @@ class Dispatcher implements DispatcherInterface
     public function listen($events, $listener)
     {
         foreach ((array) $events as $event) {
-            if (strpos($event, '*') !== false) {
+            if (str_contains((string) $event, '*')) {
                 $this->setupWildcardListen($event, $listener);
             } else {
                 $this->listeners[$event][] = $this->makeListener($listener);
@@ -57,9 +57,8 @@ class Dispatcher implements DispatcherInterface
     /**
      * Setup a wildcard listener callback.
      *
-     * @param string $event
-     * @param mixed  $listener
-     *
+     * @param  string  $event
+     * @param  mixed  $listener
      * @return void
      */
     protected function setupWildcardListen($event, $listener)
@@ -134,9 +133,8 @@ class Dispatcher implements DispatcherInterface
     /**
      * Parse the given event and payload and prepare them for dispatching.
      *
-     * @param mixed $event
-     * @param mixed $payload
-     *
+     * @param  mixed  $event
+     * @param  mixed  $payload
      * @return array
      */
     protected function parseEventAndPayload($event, $payload)
@@ -168,8 +166,7 @@ class Dispatcher implements DispatcherInterface
     /**
      * Get the wildcard listeners for the event.
      *
-     * @param string $eventName
-     *
+     * @param  string  $eventName
      * @return array
      */
     protected function getWildcardListeners($eventName)
@@ -190,9 +187,8 @@ class Dispatcher implements DispatcherInterface
      *
      * This function is a direct excerpt from Laravel's Str::is().
      *
-     * @param string $wildcard
-     * @param string $eventName
-     *
+     * @param  string  $wildcard
+     * @param  string  $eventName
      * @return bool
      */
     protected function wildcardContainsEvent($wildcard, $eventName)
@@ -229,9 +225,8 @@ class Dispatcher implements DispatcherInterface
     /**
      * Add the listeners for the event's interfaces to the given array.
      *
-     * @param string $eventName
-     * @param array  $listeners
-     *
+     * @param  string  $eventName
+     * @param  array  $listeners
      * @return array
      */
     protected function addInterfaceListeners($eventName, array $listeners = [])
@@ -250,9 +245,8 @@ class Dispatcher implements DispatcherInterface
     /**
      * Register an event listener with the dispatcher.
      *
-     * @param \Closure|string $listener
-     * @param bool            $wildcard
-     *
+     * @param  \Closure|string  $listener
+     * @param  bool  $wildcard
      * @return \Closure
      */
     public function makeListener($listener, $wildcard = false)
@@ -273,9 +267,8 @@ class Dispatcher implements DispatcherInterface
     /**
      * Create a class based listener.
      *
-     * @param string $listener
-     * @param bool   $wildcard
-     *
+     * @param  string  $listener
+     * @param  bool  $wildcard
      * @return \Closure
      */
     protected function createClassListener($listener, $wildcard = false)
@@ -295,8 +288,7 @@ class Dispatcher implements DispatcherInterface
     /**
      * Create the class based event callable.
      *
-     * @param string $listener
-     *
+     * @param  string  $listener
      * @return callable
      */
     protected function createClassCallable($listener)
@@ -309,13 +301,12 @@ class Dispatcher implements DispatcherInterface
     /**
      * Parse the class listener into class and method.
      *
-     * @param string $listener
-     *
+     * @param  string  $listener
      * @return array
      */
     protected function parseListenerCallback($listener)
     {
-        return strpos($listener, '@') !== false
+        return str_contains((string) $listener, '@')
             ? explode('@', $listener, 2)
             : [$listener, 'handle'];
     }
@@ -325,7 +316,7 @@ class Dispatcher implements DispatcherInterface
      */
     public function forget($event)
     {
-        if (strpos($event, '*') !== false) {
+        if (str_contains((string) $event, '*')) {
             unset($this->wildcards[$event]);
         } else {
             unset($this->listeners[$event]);
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Events/DispatcherInterface.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Events/DispatcherInterface.php
index 6b7cb10c6..590328f09 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Events/DispatcherInterface.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Events/DispatcherInterface.php
@@ -7,9 +7,8 @@ interface DispatcherInterface
     /**
      * Register an event listener with the dispatcher.
      *
-     * @param string|array $events
-     * @param mixed        $listener
-     *
+     * @param  string|array  $events
+     * @param  mixed  $listener
      * @return void
      */
     public function listen($events, $listener);
@@ -17,8 +16,7 @@ interface DispatcherInterface
     /**
      * Determine if a given event has listeners.
      *
-     * @param string $eventName
-     *
+     * @param  string  $eventName
      * @return bool
      */
     public function hasListeners($eventName);
@@ -26,9 +24,8 @@ interface DispatcherInterface
     /**
      * Fire an event until the first non-null response is returned.
      *
-     * @param string|object $event
-     * @param mixed         $payload
-     *
+     * @param  string|object  $event
+     * @param  mixed  $payload
      * @return array|null
      */
     public function until($event, $payload = []);
@@ -36,10 +33,9 @@ interface DispatcherInterface
     /**
      * Fire an event and call the listeners.
      *
-     * @param string|object $event
-     * @param mixed         $payload
-     * @param bool          $halt
-     *
+     * @param  string|object  $event
+     * @param  mixed  $payload
+     * @param  bool  $halt
      * @return mixed
      */
     public function fire($event, $payload = [], $halt = false);
@@ -47,10 +43,9 @@ interface DispatcherInterface
     /**
      * Fire an event and call the listeners.
      *
-     * @param string|object $event
-     * @param mixed         $payload
-     * @param bool          $halt
-     *
+     * @param  string|object  $event
+     * @param  mixed  $payload
+     * @param  bool  $halt
      * @return array|null
      */
     public function dispatch($event, $payload = [], $halt = false);
@@ -58,8 +53,7 @@ interface DispatcherInterface
     /**
      * Get all of the listeners for a given event name.
      *
-     * @param string $eventName
-     *
+     * @param  string  $eventName
      * @return array
      */
     public function getListeners($eventName);
@@ -67,8 +61,7 @@ interface DispatcherInterface
     /**
      * Remove a set of listeners from the dispatcher.
      *
-     * @param string $event
-     *
+     * @param  string  $event
      * @return void
      */
     public function forget($event);
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Events/Logger.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Events/Logger.php
index b2082e596..b8a849169 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Events/Logger.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Events/Logger.php
@@ -21,7 +21,7 @@ class Logger
     /**
      * Constructor.
      *
-     * @param LoggerInterface|null $logger
+     * @param  LoggerInterface|null  $logger
      */
     public function __construct(LoggerInterface $logger = null)
     {
@@ -31,8 +31,7 @@ class Logger
     /**
      * Logs the given event.
      *
-     * @param mixed $event
-     *
+     * @param  mixed  $event
      * @return void
      */
     public function log($event)
@@ -53,8 +52,7 @@ class Logger
     /**
      * Logs an authentication event.
      *
-     * @param AuthEvent $event
-     *
+     * @param  AuthEvent  $event
      * @return void
      */
     public function auth(AuthEvent $event)
@@ -81,8 +79,7 @@ class Logger
     /**
      * Logs a model event.
      *
-     * @param ModelEvent $event
-     *
+     * @param  ModelEvent  $event
      * @return void
      */
     public function model(ModelEvent $event)
@@ -106,8 +103,7 @@ class Logger
     /**
      * Logs a query event.
      *
-     * @param QueryEvent $event
-     *
+     * @param  QueryEvent  $event
      * @return void
      */
     public function query(QueryEvent $event)
@@ -133,8 +129,7 @@ class Logger
     /**
      * Returns the operational name of the given event.
      *
-     * @param mixed $event
-     *
+     * @param  mixed  $event
      * @return string
      */
     protected function getOperationName($event)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Events/NullDispatcher.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Events/NullDispatcher.php
index 73b1f5a8e..7683d1f80 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Events/NullDispatcher.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Events/NullDispatcher.php
@@ -14,7 +14,7 @@ class NullDispatcher implements DispatcherInterface
     /**
      * Constructor.
      *
-     * @param DispatcherInterface $dispatcher
+     * @param  DispatcherInterface  $dispatcher
      */
     public function __construct(DispatcherInterface $dispatcher)
     {
@@ -24,9 +24,8 @@ class NullDispatcher implements DispatcherInterface
     /**
      * Register an event listener with the dispatcher.
      *
-     * @param string|array $events
-     * @param mixed        $listener
-     *
+     * @param  string|array  $events
+     * @param  mixed  $listener
      * @return void
      */
     public function listen($events, $listener)
@@ -37,8 +36,7 @@ class NullDispatcher implements DispatcherInterface
     /**
      * Determine if a given event has listeners.
      *
-     * @param string $eventName
-     *
+     * @param  string  $eventName
      * @return bool
      */
     public function hasListeners($eventName)
@@ -49,9 +47,8 @@ class NullDispatcher implements DispatcherInterface
     /**
      * Fire an event until the first non-null response is returned.
      *
-     * @param string|object $event
-     * @param mixed         $payload
-     *
+     * @param  string|object  $event
+     * @param  mixed  $payload
      * @return null
      */
     public function until($event, $payload = [])
@@ -62,10 +59,9 @@ class NullDispatcher implements DispatcherInterface
     /**
      * Fire an event and call the listeners.
      *
-     * @param string|object $event
-     * @param mixed         $payload
-     * @param bool          $halt
-     *
+     * @param  string|object  $event
+     * @param  mixed  $payload
+     * @param  bool  $halt
      * @return null
      */
     public function fire($event, $payload = [], $halt = false)
@@ -76,10 +72,9 @@ class NullDispatcher implements DispatcherInterface
     /**
      * Fire an event and call the listeners.
      *
-     * @param string|object $event
-     * @param mixed         $payload
-     * @param bool          $halt
-     *
+     * @param  string|object  $event
+     * @param  mixed  $payload
+     * @param  bool  $halt
      * @return null
      */
     public function dispatch($event, $payload = [], $halt = false)
@@ -90,8 +85,7 @@ class NullDispatcher implements DispatcherInterface
     /**
      * Get all of the listeners for a given event name.
      *
-     * @param string $eventName
-     *
+     * @param  string  $eventName
      * @return array
      */
     public function getListeners($eventName)
@@ -102,8 +96,7 @@ class NullDispatcher implements DispatcherInterface
     /**
      * Remove a set of listeners from the dispatcher.
      *
-     * @param string $event
-     *
+     * @param  string  $event
      * @return void
      */
     public function forget($event)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/HandlesConnection.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/HandlesConnection.php
index 9af7ad751..4a2e27598 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/HandlesConnection.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/HandlesConnection.php
@@ -148,8 +148,7 @@ trait HandlesConnection
     /**
      * Convert warnings to exceptions for the given operation.
      *
-     * @param Closure $operation
-     *
+     * @param  Closure  $operation
      * @return mixed
      *
      * @throws LdapRecordException
@@ -190,8 +189,7 @@ trait HandlesConnection
     /**
      * Determine if the failed operation should be bypassed.
      *
-     * @param string $method
-     *
+     * @param  string  $method
      * @return bool
      */
     protected function shouldBypassFailure($method)
@@ -202,8 +200,7 @@ trait HandlesConnection
     /**
      * Determine if the error should be bypassed.
      *
-     * @param string $error
-     *
+     * @param  string  $error
      * @return bool
      */
     protected function shouldBypassError($error)
@@ -226,9 +223,8 @@ trait HandlesConnection
     /**
      * Generates an LDAP connection string for each host given.
      *
-     * @param string|array $hosts
-     * @param string       $port
-     *
+     * @param  string|array  $hosts
+     * @param  string  $port
      * @return string
      */
     protected function makeConnectionUris($hosts, $port)
@@ -249,9 +245,8 @@ trait HandlesConnection
     /**
      * Assemble the host URI strings.
      *
-     * @param array|string $hosts
-     * @param string       $port
-     *
+     * @param  array|string  $hosts
+     * @param  string  $port
      * @return array
      */
     protected function assembleHostUris($hosts, $port)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Ldap.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Ldap.php
index 0c3574f13..76c372040 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Ldap.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Ldap.php
@@ -4,7 +4,6 @@ namespace LdapRecord;
 
 use LDAP\Connection as RawLdapConnection;
 
-/** @psalm-suppress UndefinedClass */
 class Ldap implements LdapInterface
 {
     use HandlesConnection, DetectsErrors;
@@ -24,8 +23,7 @@ class Ldap implements LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-first-entry.php
      *
-     * @param resource $searchResults
-     *
+     * @param  resource  $searchResults
      * @return resource
      */
     public function getFirstEntry($searchResults)
@@ -40,8 +38,7 @@ class Ldap implements LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-next-entry.php
      *
-     * @param resource $entry
-     *
+     * @param  resource  $entry
      * @return resource
      */
     public function getNextEntry($entry)
@@ -56,8 +53,7 @@ class Ldap implements LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-get-attributes.php
      *
-     * @param resource $entry
-     *
+     * @param  resource  $entry
      * @return array|false
      */
     public function getAttributes($entry)
@@ -72,8 +68,7 @@ class Ldap implements LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-count-entries.php
      *
-     * @param resource $searchResults
-     *
+     * @param  resource  $searchResults
      * @return int
      */
     public function countEntries($searchResults)
@@ -88,10 +83,9 @@ class Ldap implements LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-compare.php
      *
-     * @param string $dn
-     * @param string $attribute
-     * @param string $value
-     *
+     * @param  string  $dn
+     * @param  string  $attribute
+     * @param  string  $value
      * @return mixed
      */
     public function compare($dn, $attribute, $value)
@@ -132,9 +126,8 @@ class Ldap implements LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-get-values-len.php
      *
-     * @param $entry
-     * @param $attribute
-     *
+     * @param  $entry
+     * @param  $attribute
      * @return array
      */
     public function getValuesLen($entry, $attribute)
@@ -167,8 +160,7 @@ class Ldap implements LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-set-rebind-proc.php
      *
-     * @param callable $callback
-     *
+     * @param  callable  $callback
      * @return bool
      */
     public function setRebindCallback(callable $callback)
@@ -304,7 +296,7 @@ class Ldap implements LdapInterface
     public function bind($username, $password)
     {
         return $this->bound = $this->executeFailableOperation(function () use ($username, $password) {
-            return ldap_bind($this->connection, $username, html_entity_decode($password));
+            return ldap_bind($this->connection, $username, $password ? html_entity_decode($password) : null);
         });
     }
 
@@ -462,8 +454,7 @@ class Ldap implements LdapInterface
     /**
      * Extract the diagnostic code from the message.
      *
-     * @param string $message
-     *
+     * @param  string  $message
      * @return string|bool
      */
     public function extractDiagnosticCode($message)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/LdapInterface.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/LdapInterface.php
index c74fe4e89..fcff57f48 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/LdapInterface.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/LdapInterface.php
@@ -9,28 +9,28 @@ interface LdapInterface
      *
      * @var string
      */
-    const PROTOCOL_SSL = 'ldaps://';
+    public const PROTOCOL_SSL = 'ldaps://';
 
     /**
      * The standard LDAP protocol string.
      *
      * @var string
      */
-    const PROTOCOL = 'ldap://';
+    public const PROTOCOL = 'ldap://';
 
     /**
      * The LDAP SSL port number.
      *
      * @var string
      */
-    const PORT_SSL = 636;
+    public const PORT_SSL = 636;
 
     /**
      * The standard LDAP port number.
      *
      * @var string
      */
-    const PORT = 389;
+    public const PORT = 389;
 
     /**
      * Various useful server control OID's.
@@ -38,37 +38,36 @@ interface LdapInterface
      * @see https://ldap.com/ldap-oid-reference-guide/
      * @see http://msdn.microsoft.com/en-us/library/cc223359.aspx
      */
-    const OID_SERVER_START_TLS = '1.3.6.1.4.1.1466.20037';
-    const OID_SERVER_PAGED_RESULTS = '1.2.840.113556.1.4.319';
-    const OID_SERVER_SHOW_DELETED = '1.2.840.113556.1.4.417';
-    const OID_SERVER_SORT = '1.2.840.113556.1.4.473';
-    const OID_SERVER_CROSSDOM_MOVE_TARGET = '1.2.840.113556.1.4.521';
-    const OID_SERVER_NOTIFICATION = '1.2.840.113556.1.4.528';
-    const OID_SERVER_EXTENDED_DN = '1.2.840.113556.1.4.529';
-    const OID_SERVER_LAZY_COMMIT = '1.2.840.113556.1.4.619';
-    const OID_SERVER_SD_FLAGS = '1.2.840.113556.1.4.801';
-    const OID_SERVER_TREE_DELETE = '1.2.840.113556.1.4.805';
-    const OID_SERVER_DIRSYNC = '1.2.840.113556.1.4.841';
-    const OID_SERVER_VERIFY_NAME = '1.2.840.113556.1.4.1338';
-    const OID_SERVER_DOMAIN_SCOPE = '1.2.840.113556.1.4.1339';
-    const OID_SERVER_SEARCH_OPTIONS = '1.2.840.113556.1.4.1340';
-    const OID_SERVER_PERMISSIVE_MODIFY = '1.2.840.113556.1.4.1413';
-    const OID_SERVER_ASQ = '1.2.840.113556.1.4.1504';
-    const OID_SERVER_FAST_BIND = '1.2.840.113556.1.4.1781';
-    const OID_SERVER_CONTROL_VLVREQUEST = '2.16.840.1.113730.3.4.9';
+    public const OID_SERVER_START_TLS = '1.3.6.1.4.1.1466.20037';
+    public const OID_SERVER_PAGED_RESULTS = '1.2.840.113556.1.4.319';
+    public const OID_SERVER_SHOW_DELETED = '1.2.840.113556.1.4.417';
+    public const OID_SERVER_SORT = '1.2.840.113556.1.4.473';
+    public const OID_SERVER_CROSSDOM_MOVE_TARGET = '1.2.840.113556.1.4.521';
+    public const OID_SERVER_NOTIFICATION = '1.2.840.113556.1.4.528';
+    public const OID_SERVER_EXTENDED_DN = '1.2.840.113556.1.4.529';
+    public const OID_SERVER_LAZY_COMMIT = '1.2.840.113556.1.4.619';
+    public const OID_SERVER_SD_FLAGS = '1.2.840.113556.1.4.801';
+    public const OID_SERVER_TREE_DELETE = '1.2.840.113556.1.4.805';
+    public const OID_SERVER_DIRSYNC = '1.2.840.113556.1.4.841';
+    public const OID_SERVER_VERIFY_NAME = '1.2.840.113556.1.4.1338';
+    public const OID_SERVER_DOMAIN_SCOPE = '1.2.840.113556.1.4.1339';
+    public const OID_SERVER_SEARCH_OPTIONS = '1.2.840.113556.1.4.1340';
+    public const OID_SERVER_PERMISSIVE_MODIFY = '1.2.840.113556.1.4.1413';
+    public const OID_SERVER_ASQ = '1.2.840.113556.1.4.1504';
+    public const OID_SERVER_FAST_BIND = '1.2.840.113556.1.4.1781';
+    public const OID_SERVER_CONTROL_VLVREQUEST = '2.16.840.1.113730.3.4.9';
 
     /**
      * Query OID's.
      *
      * @see https://ldapwiki.com/wiki/LDAP_MATCHING_RULE_IN_CHAIN
      */
-    const OID_MATCHING_RULE_IN_CHAIN = '1.2.840.113556.1.4.1941';
+    public const OID_MATCHING_RULE_IN_CHAIN = '1.2.840.113556.1.4.1941';
 
     /**
      * Set the current connection to use SSL.
      *
-     * @param bool $enabled
-     *
+     * @param  bool  $enabled
      * @return $this
      */
     public function ssl();
@@ -83,8 +82,7 @@ interface LdapInterface
     /**
      * Set the current connection to use TLS.
      *
-     * @param bool $enabled
-     *
+     * @param  bool  $enabled
      * @return $this
      */
     public function tls();
@@ -138,8 +136,7 @@ interface LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-get-entries.php
      *
-     * @param resource $searchResults
-     *
+     * @param  resource  $searchResults
      * @return array
      */
     public function getEntries($searchResults);
@@ -169,9 +166,8 @@ interface LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-set-option.php
      *
-     * @param int   $option
-     * @param mixed $value
-     *
+     * @param  int  $option
+     * @param  mixed  $value
      * @return bool
      */
     public function setOption($option, $value);
@@ -179,8 +175,7 @@ interface LdapInterface
     /**
      * Set options on the current connection.
      *
-     * @param array $options
-     *
+     * @param  array  $options
      * @return void
      */
     public function setOptions(array $options = []);
@@ -190,9 +185,8 @@ interface LdapInterface
      *
      * @see https://www.php.net/manual/en/function.ldap-get-option.php
      *
-     * @param int   $option
-     * @param mixed $value
-     *
+     * @param  int  $option
+     * @param  mixed  $value
      * @return mixed
      */
     public function getOption($option, &$value = null);
@@ -213,9 +207,8 @@ interface LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-start-tls.php
      *
-     * @param string|array $hosts
-     * @param int          $port
-     *
+     * @param  string|array  $hosts
+     * @param  int  $port
      * @return resource|false
      */
     public function connect($hosts = [], $port = 389);
@@ -236,15 +229,14 @@ interface LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-search.php
      *
-     * @param string $dn
-     * @param string $filter
-     * @param array  $fields
-     * @param bool   $onlyAttributes
-     * @param int    $size
-     * @param int    $time
-     * @param int    $deref
-     * @param array  $serverControls
-     *
+     * @param  string  $dn
+     * @param  string  $filter
+     * @param  array  $fields
+     * @param  bool  $onlyAttributes
+     * @param  int  $size
+     * @param  int  $time
+     * @param  int  $deref
+     * @param  array  $serverControls
      * @return resource
      */
     public function search($dn, $filter, array $fields, $onlyAttributes = false, $size = 0, $time = 0, $deref = LDAP_DEREF_NEVER, $serverControls = []);
@@ -254,15 +246,14 @@ interface LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-list.php
      *
-     * @param string $dn
-     * @param string $filter
-     * @param array  $fields
-     * @param bool   $onlyAttributes
-     * @param int    $size
-     * @param int    $time
-     * @param int    $deref
-     * @param array  $serverControls
-     *
+     * @param  string  $dn
+     * @param  string  $filter
+     * @param  array  $fields
+     * @param  bool  $onlyAttributes
+     * @param  int  $size
+     * @param  int  $time
+     * @param  int  $deref
+     * @param  array  $serverControls
      * @return resource
      */
     public function listing($dn, $filter, array $fields, $onlyAttributes = false, $size = 0, $time = 0, $deref = LDAP_DEREF_NEVER, $serverControls = []);
@@ -272,15 +263,14 @@ interface LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-read.php
      *
-     * @param string $dn
-     * @param string $filter
-     * @param array  $fields
-     * @param bool   $onlyAttributes
-     * @param int    $size
-     * @param int    $time
-     * @param int    $deref
-     * @param array  $serverControls
-     *
+     * @param  string  $dn
+     * @param  string  $filter
+     * @param  array  $fields
+     * @param  bool  $onlyAttributes
+     * @param  int  $size
+     * @param  int  $time
+     * @param  int  $deref
+     * @param  array  $serverControls
      * @return resource
      */
     public function read($dn, $filter, array $fields, $onlyAttributes = false, $size = 0, $time = 0, $deref = LDAP_DEREF_NEVER, $serverControls = []);
@@ -290,13 +280,12 @@ interface LdapInterface
      *
      * @see https://www.php.net/manual/en/function.ldap-parse-result.php
      *
-     * @param resource $result
-     * @param int      $errorCode
-     * @param ?string  $dn
-     * @param ?string  $errorMessage
-     * @param ?array   $referrals
-     * @param ?array   $serverControls
-     *
+     * @param  resource  $result
+     * @param  int  $errorCode
+     * @param  ?string  $dn
+     * @param  ?string  $errorMessage
+     * @param  ?array  $referrals
+     * @param  ?array  $serverControls
      * @return bool
      */
     public function parseResult($result, &$errorCode, &$dn, &$errorMessage, &$referrals, &$serverControls = []);
@@ -307,9 +296,8 @@ interface LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-bind.php
      *
-     * @param string $username
-     * @param string $password
-     *
+     * @param  string  $username
+     * @param  string  $password
      * @return bool
      *
      * @throws LdapRecordException
@@ -321,9 +309,8 @@ interface LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-add.php
      *
-     * @param string $dn
-     * @param array  $entry
-     *
+     * @param  string  $dn
+     * @param  array  $entry
      * @return bool
      *
      * @throws LdapRecordException
@@ -335,8 +322,7 @@ interface LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-delete.php
      *
-     * @param string $dn
-     *
+     * @param  string  $dn
      * @return bool
      *
      * @throws LdapRecordException
@@ -348,11 +334,10 @@ interface LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-rename.php
      *
-     * @param string $dn
-     * @param string $newRdn
-     * @param string $newParent
-     * @param bool   $deleteOldRdn
-     *
+     * @param  string  $dn
+     * @param  string  $newRdn
+     * @param  string  $newParent
+     * @param  bool  $deleteOldRdn
      * @return bool
      *
      * @throws LdapRecordException
@@ -364,9 +349,8 @@ interface LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-modify.php
      *
-     * @param string $dn
-     * @param array  $entry
-     *
+     * @param  string  $dn
+     * @param  array  $entry
      * @return bool
      *
      * @throws LdapRecordException
@@ -378,9 +362,8 @@ interface LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-modify-batch.php
      *
-     * @param string $dn
-     * @param array  $values
-     *
+     * @param  string  $dn
+     * @param  array  $values
      * @return bool
      *
      * @throws LdapRecordException
@@ -392,9 +375,8 @@ interface LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-mod-add.php
      *
-     * @param string $dn
-     * @param array  $entry
-     *
+     * @param  string  $dn
+     * @param  array  $entry
      * @return bool
      *
      * @throws LdapRecordException
@@ -406,9 +388,8 @@ interface LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-mod-replace.php
      *
-     * @param string $dn
-     * @param array  $entry
-     *
+     * @param  string  $dn
+     * @param  array  $entry
      * @return bool
      *
      * @throws LdapRecordException
@@ -420,9 +401,8 @@ interface LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-mod-del.php
      *
-     * @param string $dn
-     * @param array  $entry
-     *
+     * @param  string  $dn
+     * @param  array  $entry
      * @return bool
      *
      * @throws LdapRecordException
@@ -434,10 +414,9 @@ interface LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-control-paged-result.php
      *
-     * @param int    $pageSize
-     * @param bool   $isCritical
-     * @param string $cookie
-     *
+     * @param  int  $pageSize
+     * @param  bool  $isCritical
+     * @param  string  $cookie
      * @return bool
      */
     public function controlPagedResult($pageSize = 1000, $isCritical = false, $cookie = '');
@@ -447,9 +426,8 @@ interface LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-control-paged-result-response.php
      *
-     * @param resource $result
-     * @param string   $cookie
-     *
+     * @param  resource  $result
+     * @param  string  $cookie
      * @return bool
      */
     public function controlPagedResultResponse($result, &$cookie);
@@ -459,8 +437,7 @@ interface LdapInterface
      *
      * @see https://www.php.net/manual/en/function.ldap-free-result.php
      *
-     * @param resource $result
-     *
+     * @param  resource  $result
      * @return bool
      */
     public function freeResult($result);
@@ -479,8 +456,7 @@ interface LdapInterface
      *
      * @see http://php.net/manual/en/function.ldap-err2str.php
      *
-     * @param int $number
-     *
+     * @param  int  $number
      * @return string
      */
     public function err2Str($number);
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/LdapRecordException.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/LdapRecordException.php
index b2439bf83..0669b4c65 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/LdapRecordException.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/LdapRecordException.php
@@ -16,9 +16,8 @@ class LdapRecordException extends Exception
     /**
      * Create a new Bind Exception with a detailed connection error.
      *
-     * @param Exception          $e
-     * @param DetailedError|null $error
-     *
+     * @param  Exception  $e
+     * @param  DetailedError|null  $error
      * @return $this
      */
     public static function withDetailedError(Exception $e, DetailedError $error = null)
@@ -29,8 +28,7 @@ class LdapRecordException extends Exception
     /**
      * Set the detailed error.
      *
-     * @param DetailedError|null $error
-     *
+     * @param  DetailedError|null  $error
      * @return $this
      */
     public function setDetailedError(DetailedError $error = null)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Concerns/HasPrimaryGroup.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Concerns/HasPrimaryGroup.php
index 97fd3a1fb..b7138d30c 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Concerns/HasPrimaryGroup.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Concerns/HasPrimaryGroup.php
@@ -9,10 +9,9 @@ trait HasPrimaryGroup
     /**
      * Returns a new has one primary group relationship.
      *
-     * @param mixed  $related
-     * @param string $relationKey
-     * @param string $foreignKey
-     *
+     * @param  mixed  $related
+     * @param  string  $relationKey
+     * @param  string  $foreignKey
      * @return HasOnePrimaryGroup
      */
     public function hasOnePrimaryGroup($related, $relationKey, $foreignKey = 'primarygroupid')
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Entry.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Entry.php
index 652ad563f..e1a0233cc 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Entry.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Entry.php
@@ -9,6 +9,7 @@ use LdapRecord\Models\Entry as BaseEntry;
 use LdapRecord\Models\Events\Updated;
 use LdapRecord\Models\Types\ActiveDirectory;
 use LdapRecord\Query\Model\ActiveDirectoryBuilder;
+use LdapRecord\Support\Arr;
 
 /** @mixin ActiveDirectoryBuilder */
 class Entry extends BaseEntry implements ActiveDirectory
@@ -50,20 +51,46 @@ class Entry extends BaseEntry implements ActiveDirectory
     /**
      * @inheritdoc
      */
-    public function getConvertedSid()
+    public function getConvertedSid($sid = null)
     {
         try {
-            return (string) new Sid($this->getObjectSid());
+            return (string) $this->newObjectSid(
+                $sid ?? $this->getObjectSid()
+            );
         } catch (InvalidArgumentException $e) {
             return;
         }
     }
 
+    /**
+     * @inheritdoc
+     */
+    public function getBinarySid($sid = null)
+    {
+        try {
+            return $this->newObjectSid(
+                $sid ?? $this->getObjectSid()
+            )->getBinary();
+        } catch (InvalidArgumentException $e) {
+            return;
+        }
+    }
+
+    /**
+     * Make a new object Sid instance.
+     *
+     * @param  string  $value
+     * @return Sid
+     */
+    protected function newObjectSid($value)
+    {
+        return new Sid($value);
+    }
+
     /**
      * Create a new query builder.
      *
-     * @param Connection $connection
-     *
+     * @param  Connection  $connection
      * @return ActiveDirectoryBuilder
      */
     public function newQueryBuilder(Connection $connection)
@@ -84,8 +111,7 @@ class Entry extends BaseEntry implements ActiveDirectory
     /**
      * Restore a deleted object.
      *
-     * @param string|null $newParentDn
-     *
+     * @param  string|null  $newParentDn
      * @return bool
      *
      * @throws \LdapRecord\LdapRecordException
@@ -114,24 +140,6 @@ class Entry extends BaseEntry implements ActiveDirectory
         $this->save(['isDeleted' => null]);
     }
 
-    /**
-     * Get the RootDSE (AD schema) record from the directory.
-     *
-     * @param string|null $connection
-     *
-     * @return static
-     *
-     * @throws \LdapRecord\Models\ModelNotFoundException
-     */
-    public static function getRootDse($connection = null)
-    {
-        return static::on($connection ?? (new static())->getConnectionName())
-            ->in(null)
-            ->read()
-            ->whereHas('objectclass')
-            ->firstOrFail();
-    }
-
     /**
      * Get the objects restore location.
      *
@@ -143,22 +151,50 @@ class Entry extends BaseEntry implements ActiveDirectory
     }
 
     /**
-     * Converts attributes for JSON serialization.
-     *
-     * @param array $attributes
+     * Convert the attributes for JSON serialization.
      *
+     * @param  array  $attributes
      * @return array
      */
     protected function convertAttributesForJson(array $attributes = [])
     {
         $attributes = parent::convertAttributesForJson($attributes);
 
-        if ($this->hasAttribute($this->sidKey)) {
-            // If the model has a SID set, we need to convert it due to it being in
-            // binary. Otherwise we will receive a JSON serialization exception.
-            return array_replace($attributes, [
-                $this->sidKey => [$this->getConvertedSid()],
-            ]);
+        // If the model has a SID set, we need to convert it to its
+        // string format, due to it being in binary. Otherwise
+        // we will receive a JSON serialization exception.
+        if (isset($attributes[$this->sidKey])) {
+            $attributes[$this->sidKey] = [$this->getConvertedSid(
+                Arr::first($attributes[$this->sidKey])
+            )];
+        }
+
+        return $attributes;
+    }
+
+    /**
+     * Convert the attributes from JSON serialization.
+     *
+     * @param  array  $attributes
+     * @return array
+     */
+    protected function convertAttributesFromJson(array $attributes = [])
+    {
+        $attributes = parent::convertAttributesFromJson($attributes);
+
+        // Here we are converting the model's GUID and SID attributes
+        // back to their original values from serialization, so that
+        // their original value may be used and compared against.
+        if (isset($attributes[$this->guidKey])) {
+            $attributes[$this->guidKey] = [$this->getBinaryGuid(
+                Arr::first($attributes[$this->guidKey])
+            )];
+        }
+
+        if (isset($attributes[$this->sidKey])) {
+            $attributes[$this->sidKey] = [$this->getBinarySid(
+                Arr::first($attributes[$this->sidKey])
+            )];
         }
 
         return $attributes;
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Relations/HasOnePrimaryGroup.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Relations/HasOnePrimaryGroup.php
index 540ec7717..40350c97a 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Relations/HasOnePrimaryGroup.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Relations/HasOnePrimaryGroup.php
@@ -10,8 +10,7 @@ class HasOnePrimaryGroup extends HasOne
     /**
      * Get the foreign model by the given value.
      *
-     * @param string $value
-     *
+     * @param  string  $value
      * @return Model|null
      */
     protected function getForeignModelByValue($value)
@@ -26,8 +25,7 @@ class HasOnePrimaryGroup extends HasOne
      *
      * Retrieves the last RID from the models Object SID.
      *
-     * @param Model $model
-     *
+     * @param  Model  $model
      * @return string
      */
     protected function getForeignValueFromModel(Model $model)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Scopes/HasServerRoleAttribute.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Scopes/HasServerRoleAttribute.php
index cd08648da..76df79ca3 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Scopes/HasServerRoleAttribute.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Scopes/HasServerRoleAttribute.php
@@ -11,9 +11,8 @@ class HasServerRoleAttribute implements Scope
     /**
      * Includes condition of having a serverRole attribute.
      *
-     * @param Builder $query
-     * @param Model   $model
-     *
+     * @param  Builder  $query
+     * @param  Model  $model
      * @return void
      */
     public function apply(Builder $query, Model $model)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Scopes/InConfigurationContext.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Scopes/InConfigurationContext.php
index 9f2fbe4d7..dc8a4d21b 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Scopes/InConfigurationContext.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Scopes/InConfigurationContext.php
@@ -12,9 +12,8 @@ class InConfigurationContext implements Scope
     /**
      * Refines the base dn to be inside the configuration context.
      *
-     * @param Builder $query
-     * @param Model   $model
-     *
+     * @param  Builder  $query
+     * @param  Model  $model
      * @return void
      *
      * @throws \LdapRecord\Models\ModelNotFoundException
@@ -27,8 +26,7 @@ class InConfigurationContext implements Scope
     /**
      * Get the LDAP server configuration naming context distinguished name.
      *
-     * @param Model $model
-     *
+     * @param  Model  $model
      * @return mixed
      *
      * @throws \LdapRecord\Models\ModelNotFoundException
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Scopes/RejectComputerObjectClass.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Scopes/RejectComputerObjectClass.php
index a616db1c0..9d00cf8fa 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Scopes/RejectComputerObjectClass.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/Scopes/RejectComputerObjectClass.php
@@ -11,9 +11,8 @@ class RejectComputerObjectClass implements Scope
     /**
      * Prevent computer objects from being included in results.
      *
-     * @param Builder $query
-     * @param Model   $model
-     *
+     * @param  Builder  $query
+     * @param  Model  $model
      * @return void
      */
     public function apply(Builder $query, Model $model)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/User.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/User.php
index b735b03b2..c2ea0325d 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/User.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ActiveDirectory/User.php
@@ -6,6 +6,7 @@ use Carbon\Carbon;
 use Illuminate\Contracts\Auth\Authenticatable;
 use LdapRecord\Models\ActiveDirectory\Concerns\HasPrimaryGroup;
 use LdapRecord\Models\ActiveDirectory\Scopes\RejectComputerObjectClass;
+use LdapRecord\Models\Attributes\AccountControl;
 use LdapRecord\Models\Concerns\CanAuthenticate;
 use LdapRecord\Models\Concerns\HasPassword;
 use LdapRecord\Query\Model\Builder;
@@ -71,6 +72,38 @@ class User extends Entry implements Authenticatable
         static::addGlobalScope(new RejectComputerObjectClass());
     }
 
+    /**
+     * Determine if the user's account is enabled.
+     *
+     * @return bool
+     */
+    public function isEnabled()
+    {
+        return ! $this->isDisabled();
+    }
+
+    /**
+     * Determine if the user's account is disabled.
+     *
+     * @return bool
+     */
+    public function isDisabled()
+    {
+        return $this->accountControl()->has(AccountControl::ACCOUNTDISABLE);
+    }
+
+    /**
+     * Get the user's account control.
+     *
+     * @return AccountControl
+     */
+    public function accountControl()
+    {
+        return new AccountControl(
+            $this->getFirstAttribute('userAccountControl')
+        );
+    }
+
     /**
      * The groups relationship.
      *
@@ -110,8 +143,7 @@ class User extends Entry implements Authenticatable
     /**
      * Scopes the query to exchange mailbox users.
      *
-     * @param Builder $query
-     *
+     * @param  Builder  $query
      * @return Builder
      */
     public function scopeWhereHasMailbox(Builder $query)
@@ -122,8 +154,7 @@ class User extends Entry implements Authenticatable
     /**
      * Scopes the query to users having a lockout value set.
      *
-     * @param Builder $query
-     *
+     * @param  Builder  $query
      * @return Builder
      */
     public function scopeWhereHasLockout(Builder $query)
@@ -137,9 +168,8 @@ class User extends Entry implements Authenticatable
      * @see https://ldapwiki.com/wiki/Active%20Directory%20Account%20Lockout
      * @see https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/account-lockout-duration
      *
-     * @param string|int $localTimezone
-     * @param int|null   $durationInMinutes
-     *
+     * @param  string|int  $localTimezone
+     * @param  int|null  $durationInMinutes
      * @return bool
      */
     public function isLockedOut($localTimezone, $durationInMinutes = null)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/AccountControl.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/AccountControl.php
index 7e2414629..45fae214d 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/AccountControl.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/AccountControl.php
@@ -6,49 +6,49 @@ use ReflectionClass;
 
 class AccountControl
 {
-    const SCRIPT = 1;
+    public const SCRIPT = 1;
 
-    const ACCOUNTDISABLE = 2;
+    public const ACCOUNTDISABLE = 2;
 
-    const HOMEDIR_REQUIRED = 8;
+    public const HOMEDIR_REQUIRED = 8;
 
-    const LOCKOUT = 16;
+    public const LOCKOUT = 16;
 
-    const PASSWD_NOTREQD = 32;
+    public const PASSWD_NOTREQD = 32;
 
-    const PASSWD_CANT_CHANGE = 64;
+    public const PASSWD_CANT_CHANGE = 64;
 
-    const ENCRYPTED_TEXT_PWD_ALLOWED = 128;
+    public const ENCRYPTED_TEXT_PWD_ALLOWED = 128;
 
-    const TEMP_DUPLICATE_ACCOUNT = 256;
+    public const TEMP_DUPLICATE_ACCOUNT = 256;
 
-    const NORMAL_ACCOUNT = 512;
+    public const NORMAL_ACCOUNT = 512;
 
-    const INTERDOMAIN_TRUST_ACCOUNT = 2048;
+    public const INTERDOMAIN_TRUST_ACCOUNT = 2048;
 
-    const WORKSTATION_TRUST_ACCOUNT = 4096;
+    public const WORKSTATION_TRUST_ACCOUNT = 4096;
 
-    const SERVER_TRUST_ACCOUNT = 8192;
+    public const SERVER_TRUST_ACCOUNT = 8192;
 
-    const DONT_EXPIRE_PASSWORD = 65536;
+    public const DONT_EXPIRE_PASSWORD = 65536;
 
-    const MNS_LOGON_ACCOUNT = 131072;
+    public const MNS_LOGON_ACCOUNT = 131072;
 
-    const SMARTCARD_REQUIRED = 262144;
+    public const SMARTCARD_REQUIRED = 262144;
 
-    const TRUSTED_FOR_DELEGATION = 524288;
+    public const TRUSTED_FOR_DELEGATION = 524288;
 
-    const NOT_DELEGATED = 1048576;
+    public const NOT_DELEGATED = 1048576;
 
-    const USE_DES_KEY_ONLY = 2097152;
+    public const USE_DES_KEY_ONLY = 2097152;
 
-    const DONT_REQ_PREAUTH = 4194304;
+    public const DONT_REQ_PREAUTH = 4194304;
 
-    const PASSWORD_EXPIRED = 8388608;
+    public const PASSWORD_EXPIRED = 8388608;
 
-    const TRUSTED_TO_AUTH_FOR_DELEGATION = 16777216;
+    public const TRUSTED_TO_AUTH_FOR_DELEGATION = 16777216;
 
-    const PARTIAL_SECRETS_ACCOUNT = 67108864;
+    public const PARTIAL_SECRETS_ACCOUNT = 67108864;
 
     /**
      * The account control flag values.
@@ -60,7 +60,7 @@ class AccountControl
     /**
      * Constructor.
      *
-     * @param ?int $flag
+     * @param  ?int  $flag
      */
     public function __construct($flag = null)
     {
@@ -92,8 +92,7 @@ class AccountControl
     /**
      * Add the flag to the account control values.
      *
-     * @param int $flag
-     *
+     * @param  int  $flag
      * @return $this
      */
     public function add($flag)
@@ -108,8 +107,7 @@ class AccountControl
     /**
      * Remove the flag from the account control.
      *
-     * @param int $flag
-     *
+     * @param  int  $flag
      * @return $this
      */
     public function remove($flag)
@@ -122,8 +120,7 @@ class AccountControl
     /**
      * Extract and apply the flag.
      *
-     * @param int $flag
-     *
+     * @param  int  $flag
      * @return void
      */
     public function apply($flag)
@@ -134,8 +131,7 @@ class AccountControl
     /**
      * Determine if the account control contains the given UAC flag(s).
      *
-     * @param int $flag
-     *
+     * @param  int  $flag
      * @return bool
      */
     public function has($flag)
@@ -154,8 +150,7 @@ class AccountControl
     /**
      * Determine if the account control does not contain the given UAC flag(s).
      *
-     * @param int $flag
-     *
+     * @param  int  $flag
      * @return bool
      */
     public function doesntHave($flag)
@@ -441,8 +436,7 @@ class AccountControl
     /**
      * Set the account control values.
      *
-     * @param array<int, int> $flags
-     *
+     * @param  array<int, int>  $flags
      * @return void
      */
     public function setValues(array $flags)
@@ -483,8 +477,7 @@ class AccountControl
     /**
      * Extracts the given flag into an array of flags used.
      *
-     * @param int $flag
-     *
+     * @param  int  $flag
      * @return array
      */
     public function extractFlags($flag)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/DistinguishedName.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/DistinguishedName.php
index c6977a8e8..fc981299a 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/DistinguishedName.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/DistinguishedName.php
@@ -19,7 +19,7 @@ class DistinguishedName
     /**
      * Constructor.
      *
-     * @param string|null $value
+     * @param  string|null  $value
      */
     public function __construct($value = null)
     {
@@ -39,8 +39,7 @@ class DistinguishedName
     /**
      * Alias of the "build" method.
      *
-     * @param string|null $value
-     *
+     * @param  string|null  $value
      * @return DistinguishedNameBuilder
      */
     public static function of($value = null)
@@ -51,8 +50,7 @@ class DistinguishedName
     /**
      * Get a new DN builder object from the given DN.
      *
-     * @param string|null $value
-     *
+     * @param  string|null  $value
      * @return DistinguishedNameBuilder
      */
     public static function build($value = null)
@@ -63,8 +61,7 @@ class DistinguishedName
     /**
      * Make a new distinguished name instance.
      *
-     * @param string|null $value
-     *
+     * @param  string|null  $value
      * @return static
      */
     public static function make($value = null)
@@ -75,8 +72,7 @@ class DistinguishedName
     /**
      * Determine if the given value is a valid distinguished name.
      *
-     * @param string $value
-     *
+     * @param  string  $value
      * @return bool
      */
     public static function isValid($value)
@@ -87,8 +83,7 @@ class DistinguishedName
     /**
      * Explode a distinguished name into relative distinguished names.
      *
-     * @param string $dn
-     *
+     * @param  string  $dn
      * @return array
      */
     public static function explode($dn)
@@ -111,8 +106,7 @@ class DistinguishedName
     /**
      * Un-escapes a hexadecimal string into its original string representation.
      *
-     * @param string $value
-     *
+     * @param  string  $value
      * @return string
      */
     public static function unescape($value)
@@ -125,8 +119,7 @@ class DistinguishedName
     /**
      * Explode the RDN into an attribute and value.
      *
-     * @param string $rdn
-     *
+     * @param  string  $rdn
      * @return array
      */
     public static function explodeRdn($rdn)
@@ -137,8 +130,7 @@ class DistinguishedName
     /**
      * Implode the component attribute and value into an RDN.
      *
-     * @param string $rdn
-     *
+     * @param  string  $rdn
      * @return string
      */
     public static function makeRdn(array $component)
@@ -159,8 +151,7 @@ class DistinguishedName
     /**
      * Set the underlying value.
      *
-     * @param string|null $value
-     *
+     * @param  string|null  $value
      * @return $this
      */
     public function set($value)
@@ -337,8 +328,7 @@ class DistinguishedName
     /**
      * Determine if the current distinguished name is a parent of the given child.
      *
-     * @param DistinguishedName $child
-     *
+     * @param  DistinguishedName  $child
      * @return bool
      */
     public function isParentOf(self $child)
@@ -349,8 +339,7 @@ class DistinguishedName
     /**
      * Determine if the current distinguished name is a child of the given parent.
      *
-     * @param DistinguishedName $parent
-     *
+     * @param  DistinguishedName  $parent
      * @return bool
      */
     public function isChildOf(self $parent)
@@ -370,8 +359,7 @@ class DistinguishedName
     /**
      * Determine if the current distinguished name is an ancestor of the descendant.
      *
-     * @param DistinguishedName $descendant
-     *
+     * @param  DistinguishedName  $descendant
      * @return bool
      */
     public function isAncestorOf(self $descendant)
@@ -382,8 +370,7 @@ class DistinguishedName
     /**
      * Determine if the current distinguished name is a descendant of the ancestor.
      *
-     * @param DistinguishedName $ancestor
-     *
+     * @param  DistinguishedName  $ancestor
      * @return bool
      */
     public function isDescendantOf(self $ancestor)
@@ -407,9 +394,8 @@ class DistinguishedName
     /**
      * Compare whether the two distinguished name values are equal.
      *
-     * @param array $values
-     * @param array $other
-     *
+     * @param  array  $values
+     * @param  array  $other
      * @return bool
      */
     protected function compare(array $values, array $other)
@@ -420,8 +406,7 @@ class DistinguishedName
     /**
      * Recase the array values.
      *
-     * @param array $values
-     *
+     * @param  array  $values
      * @return array
      */
     protected function recase(array $values)
@@ -432,8 +417,7 @@ class DistinguishedName
     /**
      * Normalize the string value.
      *
-     * @param string $value
-     *
+     * @param  string  $value
      * @return string
      */
     protected function normalize($value)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/DistinguishedNameBuilder.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/DistinguishedNameBuilder.php
index 601902bf7..a0d84d828 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/DistinguishedNameBuilder.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/DistinguishedNameBuilder.php
@@ -26,7 +26,7 @@ class DistinguishedNameBuilder
     /**
      * Constructor.
      *
-     * @param string|null $value
+     * @param  string|null  $value
      */
     public function __construct($dn = null)
     {
@@ -38,9 +38,8 @@ class DistinguishedNameBuilder
     /**
      * Forward missing method calls onto the Distinguished Name object.
      *
-     * @param string $method
-     * @param array  $args
-     *
+     * @param  string  $method
+     * @param  array  $args
      * @return mixed
      */
     public function __call($method, $args)
@@ -61,9 +60,8 @@ class DistinguishedNameBuilder
     /**
      * Prepend an RDN onto the DN.
      *
-     * @param string|array $attribute
-     * @param string|null  $value
-     *
+     * @param  string|array  $attribute
+     * @param  string|null  $value
      * @return $this
      */
     public function prepend($attribute, $value = null)
@@ -79,9 +77,8 @@ class DistinguishedNameBuilder
     /**
      * Append an RDN onto the DN.
      *
-     * @param string|array $attribute
-     * @param string|null  $value
-     *
+     * @param  string|array  $attribute
+     * @param  string|null  $value
      * @return $this
      */
     public function append($attribute, $value = null)
@@ -97,9 +94,8 @@ class DistinguishedNameBuilder
     /**
      * Componentize the attribute and value.
      *
-     * @param string|array $attribute
-     * @param string|null  $value
-     *
+     * @param  string|array  $attribute
+     * @param  string|null  $value
      * @return array
      */
     protected function componentize($attribute, $value = null)
@@ -125,8 +121,7 @@ class DistinguishedNameBuilder
     /**
      * Make a componentized array by exploding the value if it's a string.
      *
-     * @param string $value
-     *
+     * @param  string  $value
      * @return array
      */
     protected function makeComponentizedArray($value)
@@ -137,9 +132,8 @@ class DistinguishedNameBuilder
     /**
      * Make an appendable component array from the attribute and value.
      *
-     * @param string|array $attribute
-     * @param string|null  $value
-     *
+     * @param  string|array  $attribute
+     * @param  string|null  $value
      * @return array
      */
     protected function makeAppendableComponent($attribute, $value = null)
@@ -150,9 +144,8 @@ class DistinguishedNameBuilder
     /**
      * Pop an RDN off of the end of the DN.
      *
-     * @param int   $amount
-     * @param array $removed
-     *
+     * @param  int  $amount
+     * @param  array  $removed
      * @return $this
      */
     public function pop($amount = 1, &$removed = [])
@@ -167,9 +160,8 @@ class DistinguishedNameBuilder
     /**
      * Shift an RDN off of the beginning of the DN.
      *
-     * @param int   $amount
-     * @param array $removed
-     *
+     * @param  int  $amount
+     * @param  array  $removed
      * @return $this
      */
     public function shift($amount = 1, &$removed = [])
@@ -196,8 +188,7 @@ class DistinguishedNameBuilder
     /**
      * Get the components of the DN.
      *
-     * @param null|string $type
-     *
+     * @param  null|string  $type
      * @return array
      */
     public function components($type = null)
@@ -210,8 +201,7 @@ class DistinguishedNameBuilder
     /**
      * Get the components of a particular type.
      *
-     * @param string $type
-     *
+     * @param  string  $type
      * @return array
      */
     protected function componentsOfType($type)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/EscapedValue.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/EscapedValue.php
index 2f6111297..3c9d4db0a 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/EscapedValue.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/EscapedValue.php
@@ -28,9 +28,9 @@ class EscapedValue
     /**
      * Constructor.
      *
-     * @param string $value
-     * @param string $ignore
-     * @param int    $flags
+     * @param  string  $value
+     * @param  string  $ignore
+     * @param  int  $flags
      */
     public function __construct($value, $ignore = '', $flags = 0)
     {
@@ -72,8 +72,7 @@ class EscapedValue
     /**
      * Set the characters to exclude from being escaped.
      *
-     * @param string $characters
-     *
+     * @param  string  $characters
      * @return $this
      */
     public function ignore($characters)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/Guid.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/Guid.php
index d139f5f86..e04b5cd3f 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/Guid.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/Guid.php
@@ -50,8 +50,7 @@ class Guid
     /**
      * Determines if the specified GUID is valid.
      *
-     * @param string $guid
-     *
+     * @param  string  $guid
      * @return bool
      */
     public static function isValid($guid)
@@ -62,7 +61,7 @@ class Guid
     /**
      * Constructor.
      *
-     * @param mixed $value
+     * @param  mixed  $value
      *
      * @throws InvalidArgumentException
      */
@@ -128,8 +127,7 @@ class Guid
     /**
      * Returns the string variant of a binary GUID.
      *
-     * @param string $binary
-     *
+     * @param  string  $binary
      * @return string|null
      */
     protected function binaryGuidToString($binary)
@@ -144,10 +142,9 @@ class Guid
      *
      * @see https://github.com/ldaptools/ldaptools
      *
-     * @param string $hex      The full hex string.
-     * @param array  $sections An array of start and length (unless octet is true, then length is always 2).
-     * @param bool   $octet    Whether this is for octet string form.
-     *
+     * @param  string  $hex  The full hex string.
+     * @param  array  $sections  An array of start and length (unless octet is true, then length is always 2).
+     * @param  bool  $octet  Whether this is for octet string form.
      * @return string The concatenated sections in upper-case.
      */
     protected function parseSection($hex, array $sections, $octet = false)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/MbString.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/MbString.php
index 672e60df1..72d4c6f48 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/MbString.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/MbString.php
@@ -7,8 +7,7 @@ class MbString
     /**
      * Get the integer value of a specific character.
      *
-     * @param $string
-     *
+     * @param  $string
      * @return int
      */
     public static function ord($string)
@@ -27,8 +26,7 @@ class MbString
     /**
      * Get the character for a specific integer value.
      *
-     * @param $int
-     *
+     * @param  $int
      * @return string
      */
     public static function chr($int)
@@ -43,8 +41,7 @@ class MbString
     /**
      * Split a string into its individual characters and return it as an array.
      *
-     * @param string $value
-     *
+     * @param  string  $value
      * @return string[]
      */
     public static function split($value)
@@ -55,8 +52,7 @@ class MbString
     /**
      * Detects if the given string is UTF 8.
      *
-     * @param $string
-     *
+     * @param  $string
      * @return string|false
      */
     public static function isUtf8($string)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/Password.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/Password.php
index 644f0a8d3..d7047a375 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/Password.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/Password.php
@@ -8,15 +8,14 @@ use ReflectionMethod;
 
 class Password
 {
-    const CRYPT_SALT_TYPE_MD5 = 1;
-    const CRYPT_SALT_TYPE_SHA256 = 5;
-    const CRYPT_SALT_TYPE_SHA512 = 6;
+    public const CRYPT_SALT_TYPE_MD5 = 1;
+    public const CRYPT_SALT_TYPE_SHA256 = 5;
+    public const CRYPT_SALT_TYPE_SHA512 = 6;
 
     /**
      * Make an encoded password for transmission over LDAP.
      *
-     * @param string $password
-     *
+     * @param  string  $password
      * @return string
      */
     public static function encode($password)
@@ -27,9 +26,8 @@ class Password
     /**
      * Make a salted md5 password.
      *
-     * @param string      $password
-     * @param null|string $salt
-     *
+     * @param  string  $password
+     * @param  null|string  $salt
      * @return string
      */
     public static function smd5($password, $salt = null)
@@ -40,9 +38,8 @@ class Password
     /**
      * Make a salted SHA password.
      *
-     * @param string      $password
-     * @param null|string $salt
-     *
+     * @param  string  $password
+     * @param  null|string  $salt
      * @return string
      */
     public static function ssha($password, $salt = null)
@@ -53,9 +50,8 @@ class Password
     /**
      * Make a salted SSHA256 password.
      *
-     * @param string      $password
-     * @param null|string $salt
-     *
+     * @param  string  $password
+     * @param  null|string  $salt
      * @return string
      */
     public static function ssha256($password, $salt = null)
@@ -66,9 +62,8 @@ class Password
     /**
      * Make a salted SSHA384 password.
      *
-     * @param string      $password
-     * @param null|string $salt
-     *
+     * @param  string  $password
+     * @param  null|string  $salt
      * @return string
      */
     public static function ssha384($password, $salt = null)
@@ -79,9 +74,8 @@ class Password
     /**
      * Make a salted SSHA512 password.
      *
-     * @param string      $password
-     * @param null|string $salt
-     *
+     * @param  string  $password
+     * @param  null|string  $salt
      * @return string
      */
     public static function ssha512($password, $salt = null)
@@ -92,8 +86,7 @@ class Password
     /**
      * Make a non-salted SHA password.
      *
-     * @param string $password
-     *
+     * @param  string  $password
      * @return string
      */
     public static function sha($password)
@@ -104,8 +97,7 @@ class Password
     /**
      * Make a non-salted SHA256 password.
      *
-     * @param string $password
-     *
+     * @param  string  $password
      * @return string
      */
     public static function sha256($password)
@@ -116,8 +108,7 @@ class Password
     /**
      * Make a non-salted SHA384 password.
      *
-     * @param string $password
-     *
+     * @param  string  $password
      * @return string
      */
     public static function sha384($password)
@@ -128,8 +119,7 @@ class Password
     /**
      * Make a non-salted SHA512 password.
      *
-     * @param string $password
-     *
+     * @param  string  $password
      * @return string
      */
     public static function sha512($password)
@@ -140,8 +130,7 @@ class Password
     /**
      * Make a non-salted md5 password.
      *
-     * @param string $password
-     *
+     * @param  string  $password
      * @return string
      */
     public static function md5($password)
@@ -149,12 +138,22 @@ class Password
         return '{MD5}'.static::makeHash($password, 'md5');
     }
 
+    /**
+     * Make a non-salted NThash password.
+     *
+     * @param  string  $password
+     * @return string
+     */
+    public static function nthash($password)
+    {
+        return '{NTHASH}'.strtoupper(hash('md4', iconv('UTF-8', 'UTF-16LE', $password)));
+    }
+
     /**
      * Crypt password with an MD5 salt.
      *
-     * @param string $password
-     * @param string $salt
-     *
+     * @param  string  $password
+     * @param  string  $salt
      * @return string
      */
     public static function md5Crypt($password, $salt = null)
@@ -165,9 +164,8 @@ class Password
     /**
      * Crypt password with a SHA256 salt.
      *
-     * @param string $password
-     * @param string $salt
-     *
+     * @param  string  $password
+     * @param  string  $salt
      * @return string
      */
     public static function sha256Crypt($password, $salt = null)
@@ -178,9 +176,8 @@ class Password
     /**
      * Crypt a password with a SHA512 salt.
      *
-     * @param string $password
-     * @param string $salt
-     *
+     * @param  string  $password
+     * @param  string  $salt
      * @return string
      */
     public static function sha512Crypt($password, $salt = null)
@@ -191,11 +188,10 @@ class Password
     /**
      * Make a new password hash.
      *
-     * @param string      $password The password to make a hash of.
-     * @param string      $method   The hash function to use.
-     * @param string|null $algo     The algorithm to use for hashing.
-     * @param string|null $salt     The salt to append onto the hash.
-     *
+     * @param  string  $password  The password to make a hash of.
+     * @param  string  $method  The hash function to use.
+     * @param  string|null  $algo  The algorithm to use for hashing.
+     * @param  string|null  $salt  The salt to append onto the hash.
      * @return string
      */
     protected static function makeHash($password, $method, $algo = null, $salt = null)
@@ -208,10 +204,9 @@ class Password
     /**
      * Make a hashed password.
      *
-     * @param string      $password
-     * @param int         $type
-     * @param null|string $salt
-     *
+     * @param  string  $password
+     * @param  int  $type
+     * @param  null|string  $salt
      * @return string
      */
     protected static function makeCrypt($password, $type, $salt = null)
@@ -222,8 +217,7 @@ class Password
     /**
      * Make a salt for the crypt() method using the given type.
      *
-     * @param int $type
-     *
+     * @param  int  $type
      * @return string
      */
     protected static function makeCryptSalt($type)
@@ -242,8 +236,7 @@ class Password
     /**
      * Determine the crypt prefix and length.
      *
-     * @param int $type
-     *
+     * @param  int  $type
      * @return array
      *
      * @throws InvalidArgumentException
@@ -265,8 +258,7 @@ class Password
     /**
      * Attempt to retrieve the hash method used for the password.
      *
-     * @param string $password
-     *
+     * @param  string  $password
      * @return string|void
      */
     public static function getHashMethod($password)
@@ -281,8 +273,7 @@ class Password
     /**
      * Attempt to retrieve the hash method and algorithm used for the password.
      *
-     * @param string $password
-     *
+     * @param  string  $password
      * @return array|void
      */
     public static function getHashMethodAndAlgo($password)
@@ -319,8 +310,7 @@ class Password
     /**
      * Determine if the hash method requires a salt to be given.
      *
-     * @param string $method
-     *
+     * @param  string  $method
      * @return bool
      *
      * @throws \ReflectionException
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/Sid.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/Sid.php
index 4ec46ea71..7760453ce 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/Sid.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/Sid.php
@@ -17,8 +17,7 @@ class Sid
     /**
      * Determines if the specified SID is valid.
      *
-     * @param string $sid
-     *
+     * @param  string  $sid
      * @return bool
      */
     public static function isValid($sid)
@@ -29,7 +28,7 @@ class Sid
     /**
      * Constructor.
      *
-     * @param mixed $value
+     * @param  mixed  $value
      *
      * @throws InvalidArgumentException
      */
@@ -90,8 +89,7 @@ class Sid
     /**
      * Returns the string variant of a binary SID.
      *
-     * @param string $binary
-     *
+     * @param  string  $binary
      * @return string|null
      */
     protected function binarySidToString($binary)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/TSProperty.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/TSProperty.php
index ad56aa130..499579f82 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/TSProperty.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/TSProperty.php
@@ -7,7 +7,7 @@ class TSProperty
     /**
      * Nibble control values. The first value for each is if the nibble is <= 9, otherwise the second value is used.
      */
-    const NIBBLE_CONTROL = [
+    public const NIBBLE_CONTROL = [
         'X' => ['001011', '011010'],
         'Y' => ['001110', '011010'],
     ];
@@ -15,12 +15,12 @@ class TSProperty
     /**
      * The nibble header.
      */
-    const NIBBLE_HEADER = '1110';
+    public const NIBBLE_HEADER = '1110';
 
     /**
      * Conversion factor needed for time values in the TSPropertyArray (stored in microseconds).
      */
-    const TIME_CONVERSION = 60 * 1000;
+    public const TIME_CONVERSION = 60 * 1000;
 
     /**
      * A simple map to help determine how the property needs to be decoded/encoded from/to its binary value.
@@ -85,7 +85,7 @@ class TSProperty
     /**
      * Pass binary TSProperty data to construct its object representation.
      *
-     * @param string|null $value
+     * @param  string|null  $value
      */
     public function __construct($value = null)
     {
@@ -97,8 +97,7 @@ class TSProperty
     /**
      * Set the name for the TSProperty.
      *
-     * @param string $name
-     *
+     * @param  string  $name
      * @return TSProperty
      */
     public function setName($name)
@@ -121,8 +120,7 @@ class TSProperty
     /**
      * Set the value for the TSProperty.
      *
-     * @param string|int $value
-     *
+     * @param  string|int  $value
      * @return TSProperty
      */
     public function setValue($value)
@@ -169,7 +167,7 @@ class TSProperty
     /**
      * Given a TSProperty blob, decode the name/value/type/etc.
      *
-     * @param string $tsProperty
+     * @param  string  $tsProperty
      */
     protected function decode($tsProperty)
     {
@@ -186,9 +184,8 @@ class TSProperty
     /**
      * Based on the property name/value in question, get its encoded form.
      *
-     * @param string     $propName
-     * @param string|int $propValue
-     *
+     * @param  string  $propName
+     * @param  string|int  $propValue
      * @return string
      */
     protected function getEncodedValueForProp($propName, $propValue)
@@ -210,9 +207,8 @@ class TSProperty
     /**
      * Based on the property name in question, get its actual value from the binary blob value.
      *
-     * @param string $propName
-     * @param string $propValue
-     *
+     * @param  string  $propName
+     * @param  string  $propValue
      * @return string|int
      */
     protected function getDecodedValueForProp($propName, $propValue)
@@ -238,9 +234,8 @@ class TSProperty
      * Decode the property by inspecting the nibbles of each blob, checking
      * the control, and adding up the results into a final value.
      *
-     * @param string $hex
-     * @param bool   $string Whether or not this is simple string data.
-     *
+     * @param  string  $hex
+     * @param  bool  $string  Whether or not this is simple string data.
      * @return string
      */
     protected function decodePropValue($hex, $string = false)
@@ -272,9 +267,8 @@ class TSProperty
     /**
      * Get the encoded property value as a binary blob.
      *
-     * @param string $value
-     * @param bool   $string
-     *
+     * @param  string  $value
+     * @param  bool  $string
      * @return string
      */
     protected function encodePropValue($value, $string = false)
@@ -314,9 +308,8 @@ class TSProperty
      * a workaround that turns a literal bit-string into a
      * packed byte-string with 8 bits per byte.
      *
-     * @param string $bits
-     * @param bool   $len
-     *
+     * @param  string  $bits
+     * @param  bool  $len
      * @return string
      */
     protected function packBitString($bits, $len)
@@ -337,9 +330,8 @@ class TSProperty
     /**
      * Based on the control, adjust the nibble accordingly.
      *
-     * @param string $nibble
-     * @param string $control
-     *
+     * @param  string  $nibble
+     * @param  string  $control
      * @return string
      */
     protected function nibbleControl($nibble, $control)
@@ -362,9 +354,8 @@ class TSProperty
      * the control for X or Y equals 011010. Additionally, if the dec value of the nibble is > 9, then the nibble value
      * must be subtracted by 9 before the final value is constructed.
      *
-     * @param string $nibbleType Either X or Y
-     * @param string $nibble
-     *
+     * @param  string  $nibbleType  Either X or Y
+     * @param  string  $nibble
      * @return string
      */
     protected function getNibbleWithControl($nibbleType, $nibble)
@@ -384,9 +375,8 @@ class TSProperty
     /**
      * Need to make sure hex values are always an even length, so pad as needed.
      *
-     * @param int $int
-     * @param int $padLength The hex string must be padded to this length (with zeros).
-     *
+     * @param  int  $int
+     * @param  int  $padLength  The hex string must be padded to this length (with zeros).
      * @return string
      */
     protected function dec2hex($int, $padLength = 2)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/TSPropertyArray.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/TSPropertyArray.php
index 18316888f..8320dd8ed 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/TSPropertyArray.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/TSPropertyArray.php
@@ -9,14 +9,14 @@ class TSPropertyArray
     /**
      * Represents that the TSPropertyArray data is valid.
      */
-    const VALID_SIGNATURE = 'P';
+    public const VALID_SIGNATURE = 'P';
 
     /**
      * The default values for the TSPropertyArray structure.
      *
      * @var array
      */
-    const DEFAULTS = [
+    public const DEFAULTS = [
         'CtxCfgPresent' => 2953518677,
         'CtxWFProfilePath' => '',
         'CtxWFProfilePathW' => '',
@@ -71,7 +71,7 @@ class TSPropertyArray
      *   - Pass the userParameters binary value. The object representation of that will be decoded and constructed.
      *   - Pass nothing and a default set of TSProperty key => value pairs will be used (See DEFAULTS constant).
      *
-     * @param mixed $tsPropertyArray
+     * @param  mixed  $tsPropertyArray
      */
     public function __construct($tsPropertyArray = null)
     {
@@ -93,8 +93,7 @@ class TSPropertyArray
     /**
      * Check if a specific TSProperty exists by its property name.
      *
-     * @param string $propName
-     *
+     * @param  string  $propName
      * @return bool
      */
     public function has($propName)
@@ -105,8 +104,7 @@ class TSPropertyArray
     /**
      * Get a TSProperty object by its property name (ie. CtxWFProfilePath).
      *
-     * @param string $propName
-     *
+     * @param  string  $propName
      * @return TSProperty
      */
     public function get($propName)
@@ -119,8 +117,7 @@ class TSPropertyArray
     /**
      * Add a TSProperty object. If it already exists, it will be overwritten.
      *
-     * @param TSProperty $tsProperty
-     *
+     * @param  TSProperty  $tsProperty
      * @return $this
      */
     public function add(TSProperty $tsProperty)
@@ -133,8 +130,7 @@ class TSPropertyArray
     /**
      * Remove a TSProperty by its property name (ie. CtxMinEncryptionLevel).
      *
-     * @param string $propName
-     *
+     * @param  string  $propName
      * @return $this
      */
     public function remove($propName)
@@ -151,9 +147,8 @@ class TSPropertyArray
     /**
      * Set the value for a specific TSProperty by its name.
      *
-     * @param string $propName
-     * @param mixed  $propValue
-     *
+     * @param  string  $propName
+     * @param  mixed  $propValue
      * @return $this
      */
     public function set($propName, $propValue)
@@ -214,7 +209,7 @@ class TSPropertyArray
     /**
      * Validates that the given property name exists.
      *
-     * @param string $propName
+     * @param  string  $propName
      */
     protected function validateProp($propName)
     {
@@ -224,8 +219,7 @@ class TSPropertyArray
     }
 
     /**
-     * @param string $propName
-     *
+     * @param  string  $propName
      * @return TSProperty
      */
     protected function getTsPropObj($propName)
@@ -236,8 +230,7 @@ class TSPropertyArray
     /**
      * Get an associative array with all of the userParameters property names and values.
      *
-     * @param string $userParameters
-     *
+     * @param  string  $userParameters
      * @return void
      */
     protected function decodeUserParameters($userParameters)
@@ -260,7 +253,7 @@ class TSPropertyArray
         // Reserved data length + (count and sig length == 4) + the added lengths of the TSPropertyArray
         // This saves anything after that variable TSPropertyArray data, so as to not squash anything stored there
         if (strlen($userParameters) > (96 + 4 + $length)) {
-            $this->postBinary = hex2bin(substr($userParameters, (96 + 4 + $length)));
+            $this->postBinary = hex2bin(substr($userParameters, 96 + 4 + $length));
         }
     }
 
@@ -270,9 +263,8 @@ class TSPropertyArray
      * individual TSProperty structures. Return the full length
      * of the TSPropertyArray data.
      *
-     * @param string $tsPropertyArray
-     * @param int    $tsPropCount
-     *
+     * @param  string  $tsPropertyArray
+     * @param  int  $tsPropCount
      * @return int The length of the data in the TSPropertyArray
      */
     protected function addTSPropData($tsPropertyArray, $tsPropCount)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/Timestamp.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/Timestamp.php
index e5d9dc341..0f07bc5a0 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/Timestamp.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Attributes/Timestamp.php
@@ -5,11 +5,14 @@ namespace LdapRecord\Models\Attributes;
 use Carbon\Carbon;
 use Carbon\CarbonInterface;
 use DateTime;
+use DateTimeZone;
 use LdapRecord\LdapRecordException;
 use LdapRecord\Utilities;
 
 class Timestamp
 {
+    public const WINDOWS_INT_MAX = 9223372036854775807;
+
     /**
      * The current timestamp type.
      *
@@ -31,7 +34,7 @@ class Timestamp
     /**
      * Constructor.
      *
-     * @param string $type
+     * @param  string  $type
      *
      * @throws LdapRecordException
      */
@@ -43,7 +46,7 @@ class Timestamp
     /**
      * Set the type of timestamp to convert from / to.
      *
-     * @param string $type
+     * @param  string  $type
      *
      * @throws LdapRecordException
      */
@@ -59,8 +62,7 @@ class Timestamp
     /**
      * Converts the value to an LDAP date string.
      *
-     * @param mixed $value
-     *
+     * @param  mixed  $value
      * @return float|string
      *
      * @throws LdapRecordException
@@ -107,21 +109,19 @@ class Timestamp
     /**
      * Determine if the value given is in Windows Integer (NTFS Filetime) format.
      *
-     * @param int|string $value
-     *
+     * @param  int|string  $value
      * @return bool
      */
     protected function valueIsWindowsIntegerType($value)
     {
-        return is_numeric($value) && strlen((string) $value) === 18;
+        return is_numeric($value) && in_array(strlen((string) $value), [18, 19]);
     }
 
     /**
      * Converts the LDAP timestamp value to a Carbon instance.
      *
-     * @param mixed $value
-     *
-     * @return Carbon|false
+     * @param  mixed  $value
+     * @return Carbon|int|false
      *
      * @throws LdapRecordException
      */
@@ -153,14 +153,13 @@ class Timestamp
     /**
      * Converts standard LDAP timestamps to a date time object.
      *
-     * @param string $value
-     *
+     * @param  string  $value
      * @return DateTime|false
      */
     protected function convertLdapTimeToDateTime($value)
     {
         return DateTime::createFromFormat(
-            strpos($value, 'Z') !== false ? 'YmdHis\Z' : 'YmdHisT',
+            str_contains((string) $value, 'Z') ? 'YmdHis\Z' : 'YmdHisT',
             $value
         );
     }
@@ -168,8 +167,7 @@ class Timestamp
     /**
      * Converts date objects to a standard LDAP timestamp.
      *
-     * @param DateTime $date
-     *
+     * @param  DateTime  $date
      * @return string
      */
     protected function convertDateTimeToLdapTime(DateTime $date)
@@ -182,23 +180,22 @@ class Timestamp
     /**
      * Converts standard windows timestamps to a date time object.
      *
-     * @param string $value
-     *
+     * @param  string  $value
      * @return DateTime|false
      */
     protected function convertWindowsTimeToDateTime($value)
     {
         return DateTime::createFromFormat(
-            strpos($value, '0Z') !== false ? 'YmdHis.0\Z' : 'YmdHis.0T',
-            $value
+            str_contains((string) $value, '0Z') ? 'YmdHis.0\Z' : 'YmdHis.0T',
+            $value,
+            new DateTimeZone('UTC')
         );
     }
 
     /**
      * Converts date objects to a windows timestamp.
      *
-     * @param DateTime $date
-     *
+     * @param  DateTime  $date
      * @return string
      */
     protected function convertDateTimeToWindows(DateTime $date)
@@ -211,20 +208,25 @@ class Timestamp
     /**
      * Converts standard windows integer dates to a date time object.
      *
-     * @param int $value
-     *
-     * @return DateTime|false
+     * @param  int  $value
+     * @return DateTime|int|false
      *
      * @throws \Exception
      */
     protected function convertWindowsIntegerTimeToDateTime($value)
     {
-        // ActiveDirectory dates that contain integers may return
-        // "0" when they are not set. We will validate that here.
-        if (! $value) {
+        if (is_null($value) || $value === '') {
             return false;
         }
 
+        if ($value == 0) {
+            return (int) $value;
+        }
+
+        if ($value == static::WINDOWS_INT_MAX) {
+            return (int) $value;
+        }
+
         return (new DateTime())->setTimestamp(
             Utilities::convertWindowsTimeToUnixTime($value)
         );
@@ -233,8 +235,7 @@ class Timestamp
     /**
      * Converts date objects to a windows integer timestamp.
      *
-     * @param DateTime $date
-     *
+     * @param  DateTime  $date
      * @return float
      */
     protected function convertDateTimeToWindowsInteger(DateTime $date)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/BatchModification.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/BatchModification.php
index 37f0e876b..954c58fcf 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/BatchModification.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/BatchModification.php
@@ -11,9 +11,9 @@ class BatchModification
     /**
      * The array keys to be used in batch modifications.
      */
-    const KEY_ATTRIB = 'attrib';
-    const KEY_MODTYPE = 'modtype';
-    const KEY_VALUES = 'values';
+    public const KEY_ATTRIB = 'attrib';
+    public const KEY_MODTYPE = 'modtype';
+    public const KEY_VALUES = 'values';
 
     /**
      * The attribute of the modification.
@@ -46,9 +46,9 @@ class BatchModification
     /**
      * Constructor.
      *
-     * @param string|null     $attribute
-     * @param string|int|null $type
-     * @param array           $values
+     * @param  string|null  $attribute
+     * @param  string|int|null  $type
+     * @param  array  $values
      */
     public function __construct($attribute = null, $type = null, array $values = [])
     {
@@ -60,8 +60,7 @@ class BatchModification
     /**
      * Set the original value of the attribute before modification.
      *
-     * @param array|string $original
-     *
+     * @param  array|string  $original
      * @return $this
      */
     public function setOriginal($original = [])
@@ -84,8 +83,7 @@ class BatchModification
     /**
      * Set the attribute of the modification.
      *
-     * @param string $attribute
-     *
+     * @param  string  $attribute
      * @return $this
      */
     public function setAttribute($attribute)
@@ -108,8 +106,7 @@ class BatchModification
     /**
      * Set the values of the modification.
      *
-     * @param array $values
-     *
+     * @param  array  $values
      * @return $this
      */
     public function setValues(array $values = [])
@@ -127,8 +124,7 @@ class BatchModification
     /**
      * Normalize all of the attribute values.
      *
-     * @param array|string $values
-     *
+     * @param  array|string  $values
      * @return array
      */
     protected function normalizeAttributeValues($values = [])
@@ -152,8 +148,7 @@ class BatchModification
     /**
      * Set the type of the modification.
      *
-     * @param int|null $type
-     *
+     * @param  int|null  $type
      * @return $this
      */
     public function setType($type = null)
@@ -207,7 +202,7 @@ class BatchModification
             case empty($this->original) && ! empty($this->values):
                 return $this->setType(LDAP_MODIFY_BATCH_ADD);
             default:
-               return $this->determineBatchTypeFromOriginal();
+                return $this->determineBatchTypeFromOriginal();
         }
     }
 
@@ -291,8 +286,7 @@ class BatchModification
     /**
      * Determines if the given modtype is valid.
      *
-     * @param int $type
-     *
+     * @param  int  $type
      * @return bool
      */
     protected function isValidType($type)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Collection.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Collection.php
index 850167b7e..11b4ca522 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Collection.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Collection.php
@@ -9,11 +9,22 @@ use LdapRecord\Support\Arr;
 
 class Collection extends QueryCollection
 {
+    /**
+     * Get a collection of the model's distinguished names.
+     *
+     * @return static
+     */
+    public function modelDns()
+    {
+        return $this->map(function (Model $model) {
+            return $model->getDn();
+        });
+    }
+
     /**
      * Determine if the collection contains all of the given models, or any models.
      *
-     * @param mixed $models
-     *
+     * @param  mixed  $models
      * @return bool
      */
     public function exists($models = null)
@@ -47,10 +58,9 @@ class Collection extends QueryCollection
     /**
      * Determine if any of the given models are contained in the collection.
      *
-     * @param mixed $key
-     * @param mixed $operator
-     * @param mixed $value
-     *
+     * @param  mixed  $key
+     * @param  mixed  $operator
+     * @param  mixed  $value
      * @return bool
      */
     public function contains($key, $operator = null, $value = null)
@@ -78,8 +88,7 @@ class Collection extends QueryCollection
     /**
      * Get the provided models as an array.
      *
-     * @param mixed $models
-     *
+     * @param  mixed  $models
      * @return array
      */
     protected function getArrayableModels($models = null)
@@ -92,17 +101,16 @@ class Collection extends QueryCollection
     /**
      * Compare the related model with the given.
      *
-     * @param Model|string $model
-     * @param Model        $related
-     *
+     * @param  Model|string  $model
+     * @param  Model  $related
      * @return bool
      */
     protected function compareModelWithRelated($model, $related)
     {
         if (is_string($model)) {
             return $this->isValidDn($model)
-                ? $related->getDn() == $model
-                : $related->getName() == $model;
+                ? strcasecmp($related->getDn(), $model) === 0
+                : strcasecmp($related->getName(), $model) === 0;
         }
 
         return $related->is($model);
@@ -111,8 +119,7 @@ class Collection extends QueryCollection
     /**
      * Determine if the given string is a valid distinguished name.
      *
-     * @param string $dn
-     *
+     * @param  string  $dn
      * @return bool
      */
     protected function isValidDn($dn)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/CanAuthenticate.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/CanAuthenticate.php
index 451738abe..6e8d4fb5d 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/CanAuthenticate.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/CanAuthenticate.php
@@ -2,6 +2,7 @@
 
 namespace LdapRecord\Models\Concerns;
 
+/** @mixin \LdapRecord\Models\Model */
 trait CanAuthenticate
 {
     /**
@@ -17,7 +18,7 @@ trait CanAuthenticate
     /**
      * Get the unique identifier for the user.
      *
-     * @return mixed
+     * @return string
      */
     public function getAuthIdentifier()
     {
@@ -47,8 +48,7 @@ trait CanAuthenticate
     /**
      * Set the token value for the "remember me" session.
      *
-     * @param string $value
-     *
+     * @param  string  $value
      * @return void
      */
     public function setRememberToken($value)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasAttributes.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasAttributes.php
index b5f333579..a3d9df7d9 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasAttributes.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasAttributes.php
@@ -74,6 +74,18 @@ trait HasAttributes
      */
     protected static $mutatorCache = [];
 
+    /**
+     * Convert the model's original attributes to an array.
+     *
+     * @return array
+     */
+    public function originalToArray()
+    {
+        return $this->encodeAttributes(
+            $this->convertAttributesForJson($this->original)
+        );
+    }
+
     /**
      * Convert the model's attributes to an array.
      *
@@ -111,11 +123,38 @@ trait HasAttributes
         return $this->encodeAttributes($attributes);
     }
 
+    /**
+     * Convert the model's serialized original attributes to their original form.
+     *
+     * @param  array  $attributes
+     * @return array
+     */
+    public function arrayToOriginal(array $attributes)
+    {
+        return $this->decodeAttributes(
+            $this->convertAttributesFromJson($attributes)
+        );
+    }
+
+    /**
+     * Convert the model's serialized attributes to their original form.
+     *
+     * @param  array  $attributes
+     * @return array
+     */
+    public function arrayToAttributes(array $attributes)
+    {
+        $attributes = $this->restoreDateAttributesFromArray($attributes);
+
+        return $this->decodeAttributes(
+            $this->convertAttributesFromJson($attributes)
+        );
+    }
+
     /**
      * Add the date attributes to the attributes array.
      *
-     * @param array $attributes
-     *
+     * @param  array  $attributes
      * @return array
      */
     protected function addDateAttributesToArray(array $attributes)
@@ -135,11 +174,31 @@ trait HasAttributes
         return $attributes;
     }
 
+    /**
+     * Restore the date attributes to their true value from serialized attributes.
+     *
+     * @param  array  $attributes
+     * @return array
+     */
+    protected function restoreDateAttributesFromArray(array $attributes)
+    {
+        foreach ($this->getDates() as $attribute => $type) {
+            if (! isset($attributes[$attribute])) {
+                continue;
+            }
+
+            $date = $this->fromDateTime($type, $attributes[$attribute]);
+
+            $attributes[$attribute] = Arr::wrap($date);
+        }
+
+        return $attributes;
+    }
+
     /**
      * Prepare a date for array / JSON serialization.
      *
-     * @param DateTimeInterface $date
-     *
+     * @param  DateTimeInterface  $date
      * @return string
      */
     protected function serializeDate(DateTimeInterface $date)
@@ -162,10 +221,24 @@ trait HasAttributes
     }
 
     /**
-     * Encode the given value for proper serialization.
+     * Recursively UTF-8 decode the given attributes.
      *
-     * @param string $value
+     * @param  array  $attributes
+     * @return array
+     */
+    public function decodeAttributes($attributes)
+    {
+        array_walk_recursive($attributes, function (&$value) {
+            $value = $this->decodeValue($value);
+        });
+
+        return $attributes;
+    }
+
+    /**
+     * Encode the value for serialization.
      *
+     * @param  string  $value
      * @return string
      */
     protected function encodeValue($value)
@@ -173,15 +246,33 @@ trait HasAttributes
         // If we are able to detect the encoding, we will
         // encode only the attributes that need to be,
         // so that we do not double encode values.
-        return MbString::isLoaded() && MbString::isUtf8($value) ? $value : utf8_encode($value);
+        if (MbString::isLoaded() && MbString::isUtf8($value)) {
+            return $value;
+        }
+
+        return utf8_encode($value);
+    }
+
+    /**
+     * Decode the value from serialization.
+     *
+     * @param  string  $value
+     * @return string
+     */
+    protected function decodeValue($value)
+    {
+        if (MbString::isLoaded() && MbString::isUtf8($value)) {
+            return mb_convert_encoding($value, 'UTF-8', 'ISO-8859-1');
+        }
+
+        return $value;
     }
 
     /**
      * Add the mutated attributes to the attributes array.
      *
-     * @param array $attributes
-     * @param array $mutatedAttributes
-     *
+     * @param  array  $attributes
+     * @param  array  $mutatedAttributes
      * @return array
      */
     protected function addMutatedAttributesToArray(array $attributes, array $mutatedAttributes)
@@ -221,8 +312,7 @@ trait HasAttributes
     /**
      * Fills the entry with the supplied attributes.
      *
-     * @param array $attributes
-     *
+     * @param  array  $attributes
      * @return $this
      */
     public function fill(array $attributes = [])
@@ -237,9 +327,8 @@ trait HasAttributes
     /**
      * Returns the models attribute by its key.
      *
-     * @param int|string $key
-     * @param mixed      $default
-     *
+     * @param  int|string  $key
+     * @param  mixed  $default
      * @return mixed
      */
     public function getAttribute($key, $default = null)
@@ -254,9 +343,8 @@ trait HasAttributes
     /**
      * Get an attributes value.
      *
-     * @param string $key
-     * @param mixed  $default
-     *
+     * @param  string  $key
+     * @param  mixed  $default
      * @return mixed
      */
     public function getAttributeValue($key, $default = null)
@@ -282,8 +370,7 @@ trait HasAttributes
     /**
      * Determine if the given attribute is a date.
      *
-     * @param string $key
-     *
+     * @param  string  $key
      * @return bool
      */
     public function isDateAttribute($key)
@@ -310,9 +397,8 @@ trait HasAttributes
     /**
      * Convert the given date value to an LDAP compatible value.
      *
-     * @param string $type
-     * @param mixed  $value
-     *
+     * @param  string  $type
+     * @param  mixed  $value
      * @return float|string
      *
      * @throws LdapRecordException
@@ -325,9 +411,8 @@ trait HasAttributes
     /**
      * Convert the given LDAP date value to a Carbon instance.
      *
-     * @param mixed  $value
-     * @param string $type
-     *
+     * @param  mixed  $value
+     * @param  string  $type
      * @return Carbon|false
      *
      * @throws LdapRecordException
@@ -340,9 +425,8 @@ trait HasAttributes
     /**
      * Determine whether an attribute should be cast to a native type.
      *
-     * @param string            $key
-     * @param array|string|null $types
-     *
+     * @param  string  $key
+     * @param  array|string|null  $types
      * @return bool
      */
     public function hasCast($key, $types = null)
@@ -367,8 +451,7 @@ trait HasAttributes
     /**
      * Determine whether a value is JSON castable for inbound manipulation.
      *
-     * @param string $key
-     *
+     * @param  string  $key
      * @return bool
      */
     protected function isJsonCastable($key)
@@ -379,8 +462,7 @@ trait HasAttributes
     /**
      * Get the type of cast for a model attribute.
      *
-     * @param string $key
-     *
+     * @param  string  $key
      * @return string
      */
     protected function getCastType($key)
@@ -399,8 +481,7 @@ trait HasAttributes
     /**
      * Determine if the cast is a decimal.
      *
-     * @param string $cast
-     *
+     * @param  string  $cast
      * @return bool
      */
     protected function isDecimalCast($cast)
@@ -411,8 +492,7 @@ trait HasAttributes
     /**
      * Determine if the cast is a datetime.
      *
-     * @param string $cast
-     *
+     * @param  string  $cast
      * @return bool
      */
     protected function isDateTimeCast($cast)
@@ -423,8 +503,7 @@ trait HasAttributes
     /**
      * Determine if the given attribute must be casted.
      *
-     * @param string $key
-     *
+     * @param  string  $key
      * @return bool
      */
     protected function isCastedAttribute($key)
@@ -435,9 +514,8 @@ trait HasAttributes
     /**
      * Cast an attribute to a native PHP type.
      *
-     * @param string     $key
-     * @param array|null $value
-     *
+     * @param  string  $key
+     * @param  array|null  $value
      * @return mixed
      */
     protected function castAttribute($key, $value)
@@ -490,9 +568,8 @@ trait HasAttributes
     /**
      * Cast the given attribute to JSON.
      *
-     * @param string $key
-     * @param mixed  $value
-     *
+     * @param  string  $key
+     * @param  mixed  $value
      * @return string
      */
     protected function castAttributeAsJson($key, $value)
@@ -522,8 +599,7 @@ trait HasAttributes
     /**
      * Encode the given value as JSON.
      *
-     * @param mixed $value
-     *
+     * @param  mixed  $value
      * @return string
      */
     protected function asJson($value)
@@ -534,9 +610,8 @@ trait HasAttributes
     /**
      * Decode the given JSON back into an array or object.
      *
-     * @param string $value
-     * @param bool   $asObject
-     *
+     * @param  string  $value
+     * @param  bool  $asObject
      * @return mixed
      */
     public function fromJson($value, $asObject = false)
@@ -547,8 +622,7 @@ trait HasAttributes
     /**
      * Decode the given float.
      *
-     * @param mixed $value
-     *
+     * @param  mixed  $value
      * @return mixed
      */
     public function fromFloat($value)
@@ -568,8 +642,7 @@ trait HasAttributes
     /**
      * Cast the value to a boolean.
      *
-     * @param mixed $value
-     *
+     * @param  mixed  $value
      * @return bool
      */
     protected function asBoolean($value)
@@ -582,9 +655,8 @@ trait HasAttributes
     /**
      * Cast a decimal value as a string.
      *
-     * @param float $value
-     * @param int   $decimals
-     *
+     * @param  float  $value
+     * @param  int  $decimals
      * @return string
      */
     protected function asDecimal($value, $decimals)
@@ -605,8 +677,7 @@ trait HasAttributes
     /**
      * Get an attribute array of all arrayable values.
      *
-     * @param array $values
-     *
+     * @param  array  $values
      * @return array
      */
     protected function getArrayableItems(array $values)
@@ -651,8 +722,7 @@ trait HasAttributes
     /**
      * Set the date format used by the model for serialization.
      *
-     * @param string $format
-     *
+     * @param  string  $format
      * @return $this
      */
     public function setDateFormat($format)
@@ -665,8 +735,7 @@ trait HasAttributes
     /**
      * Get an attribute from the $attributes array.
      *
-     * @param string $key
-     *
+     * @param  string  $key
      * @return mixed
      */
     protected function getAttributeFromArray($key)
@@ -687,9 +756,8 @@ trait HasAttributes
     /**
      * Returns the first attribute by the specified key.
      *
-     * @param string $key
-     * @param mixed  $default
-     *
+     * @param  string  $key
+     * @param  mixed  $default
      * @return mixed
      */
     public function getFirstAttribute($key, $default = null)
@@ -712,9 +780,8 @@ trait HasAttributes
     /**
      * Set an attribute value by the specified key.
      *
-     * @param string $key
-     * @param mixed  $value
-     *
+     * @param  string  $key
+     * @param  mixed  $value
      * @return $this
      */
     public function setAttribute($key, $value)
@@ -743,9 +810,8 @@ trait HasAttributes
     /**
      * Set an attribute on the model. No checking is done.
      *
-     * @param string $key
-     * @param mixed  $value
-     *
+     * @param  string  $key
+     * @param  mixed  $value
      * @return $this
      */
     public function setRawAttribute($key, $value)
@@ -760,9 +826,8 @@ trait HasAttributes
     /**
      * Set the models first attribute value.
      *
-     * @param string $key
-     * @param mixed  $value
-     *
+     * @param  string  $key
+     * @param  mixed  $value
      * @return $this
      */
     public function setFirstAttribute($key, $value)
@@ -773,9 +838,8 @@ trait HasAttributes
     /**
      * Add a unique value to the given attribute.
      *
-     * @param string $key
-     * @param mixed  $value
-     *
+     * @param  string  $key
+     * @param  mixed  $value
      * @return $this
      */
     public function addAttributeValue($key, $value)
@@ -791,8 +855,7 @@ trait HasAttributes
     /**
      * Determine if a get mutator exists for an attribute.
      *
-     * @param string $key
-     *
+     * @param  string  $key
      * @return bool
      */
     public function hasGetMutator($key)
@@ -803,8 +866,7 @@ trait HasAttributes
     /**
      * Determine if a set mutator exists for an attribute.
      *
-     * @param string $key
-     *
+     * @param  string  $key
      * @return bool
      */
     public function hasSetMutator($key)
@@ -815,9 +877,8 @@ trait HasAttributes
     /**
      * Set the value of an attribute using its mutator.
      *
-     * @param string $key
-     * @param mixed  $value
-     *
+     * @param  string  $key
+     * @param  mixed  $value
      * @return mixed
      */
     protected function setMutatedAttributeValue($key, $value)
@@ -828,9 +889,8 @@ trait HasAttributes
     /**
      * Get the value of an attribute using its mutator.
      *
-     * @param string $key
-     * @param mixed  $value
-     *
+     * @param  string  $key
+     * @param  mixed  $value
      * @return mixed
      */
     protected function getMutatedAttributeValue($key, $value)
@@ -843,8 +903,7 @@ trait HasAttributes
      *
      * Hyphenated attributes will use pascal cased methods.
      *
-     * @param string $key
-     *
+     * @param  string  $key
      * @return mixed
      */
     protected function getMutatorMethodName($key)
@@ -857,9 +916,8 @@ trait HasAttributes
     /**
      * Get the value of an attribute using its mutator for array conversion.
      *
-     * @param string $key
-     * @param mixed  $value
-     *
+     * @param  string  $key
+     * @param  mixed  $value
      * @return array
      */
     protected function mutateAttributeForArray($key, $value)
@@ -874,8 +932,7 @@ trait HasAttributes
      *
      * Used when constructing an existing LDAP record.
      *
-     * @param array $attributes
-     *
+     * @param  array  $attributes
      * @return $this
      */
     public function setRawAttributes(array $attributes = [])
@@ -915,9 +972,8 @@ trait HasAttributes
     /**
      * Filters the count key recursively from raw LDAP attributes.
      *
-     * @param array $attributes
-     * @param array $keys
-     *
+     * @param  array  $attributes
+     * @param  array  $keys
      * @return array
      */
     public function filterRawAttributes(array $attributes = [], array $keys = ['count', 'dn'])
@@ -938,8 +994,7 @@ trait HasAttributes
     /**
      * Determine if the model has the given attribute.
      *
-     * @param int|string $key
-     *
+     * @param  int|string  $key
      * @return bool
      */
     public function hasAttribute($key)
@@ -991,8 +1046,7 @@ trait HasAttributes
     /**
      * Determine if the given attribute is dirty.
      *
-     * @param string $key
-     *
+     * @param  string  $key
      * @return bool
      */
     public function isDirty($key)
@@ -1013,8 +1067,7 @@ trait HasAttributes
     /**
      * Set the accessors to append to model arrays.
      *
-     * @param array $appends
-     *
+     * @param  array  $appends
      * @return $this
      */
     public function setAppends(array $appends)
@@ -1027,8 +1080,7 @@ trait HasAttributes
     /**
      * Return whether the accessor attribute has been appended.
      *
-     * @param string $attribute
-     *
+     * @param  string  $attribute
      * @return bool
      */
     public function hasAppended($attribute)
@@ -1039,8 +1091,7 @@ trait HasAttributes
     /**
      * Returns a normalized attribute key.
      *
-     * @param string $key
-     *
+     * @param  string  $key
      * @return string
      */
     public function normalizeAttributeKey($key)
@@ -1056,8 +1107,7 @@ trait HasAttributes
     /**
      * Determine if the new and old values for a given key are equivalent.
      *
-     * @param string $key
-     *
+     * @param  string  $key
      * @return bool
      */
     protected function originalIsEquivalent($key)
@@ -1097,8 +1147,7 @@ trait HasAttributes
     /**
      * Extract and cache all the mutated attributes of a class.
      *
-     * @param string $class
-     *
+     * @param  string  $class
      * @return void
      */
     public static function cacheMutatedAttributes($class)
@@ -1113,8 +1162,7 @@ trait HasAttributes
     /**
      * Get all of the attribute mutator methods.
      *
-     * @param mixed $class
-     *
+     * @param  mixed  $class
      * @return array
      */
     protected static function getMutatorMethods($class)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasEvents.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasEvents.php
index 5adec96ea..d9a41b892 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasEvents.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasEvents.php
@@ -4,15 +4,17 @@ namespace LdapRecord\Models\Concerns;
 
 use Closure;
 use LdapRecord\Events\NullDispatcher;
+use LdapRecord\Models\Events;
 use LdapRecord\Models\Events\Event;
+use LdapRecord\Support\Arr;
 
+/** @mixin \LdapRecord\Models\Model */
 trait HasEvents
 {
     /**
      * Execute the callback without raising any events.
      *
-     * @param Closure $callback
-     *
+     * @param  Closure  $callback
      * @return mixed
      */
     protected static function withoutEvents(Closure $callback)
@@ -37,10 +39,37 @@ trait HasEvents
     }
 
     /**
-     * Fires the specified model event.
+     * Dispatch the given model events.
      *
-     * @param Event $event
+     * @param  string|array  $events
+     * @param  array  $args
+     * @return void
+     */
+    protected function dispatch($events, array $args = [])
+    {
+        foreach (Arr::wrap($events) as $name) {
+            $this->fireCustomModelEvent($name, $args);
+        }
+    }
+
+    /**
+     * Fire a custom model event.
      *
+     * @param  string  $name
+     * @param  array  $args
+     * @return mixed
+     */
+    protected function fireCustomModelEvent($name, array $args = [])
+    {
+        $event = implode('\\', [Events::class, ucfirst($name)]);
+
+        return $this->fireModelEvent(new $event($this, ...$args));
+    }
+
+    /**
+     * Fire a model event.
+     *
+     * @param  Event  $event
      * @return mixed
      */
     protected function fireModelEvent(Event $event)
@@ -49,11 +78,10 @@ trait HasEvents
     }
 
     /**
-     * Listens to a model event.
-     *
-     * @param string  $event
-     * @param Closure $listener
+     * Listen to a model event.
      *
+     * @param  string  $event
+     * @param  Closure  $listener
      * @return mixed
      */
     protected function listenForModelEvent($event, Closure $listener)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasGlobalScopes.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasGlobalScopes.php
index f7552c1b4..4d0f2968f 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasGlobalScopes.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasGlobalScopes.php
@@ -6,14 +6,14 @@ use Closure;
 use InvalidArgumentException;
 use LdapRecord\Models\Scope;
 
+/** @mixin \LdapRecord\Models\Model */
 trait HasGlobalScopes
 {
     /**
      * Register a new global scope on the model.
      *
-     * @param Scope|Closure|string $scope
-     * @param Closure|null         $implementation
-     *
+     * @param  Scope|Closure|string  $scope
+     * @param  Closure|null  $implementation
      * @return mixed
      *
      * @throws InvalidArgumentException
@@ -34,8 +34,7 @@ trait HasGlobalScopes
     /**
      * Determine if a model has a global scope.
      *
-     * @param Scope|string $scope
-     *
+     * @param  Scope|string  $scope
      * @return bool
      */
     public static function hasGlobalScope($scope)
@@ -46,8 +45,7 @@ trait HasGlobalScopes
     /**
      * Get a global scope registered with the model.
      *
-     * @param Scope|string $scope
-     *
+     * @param  Scope|string  $scope
      * @return Scope|Closure|null
      */
     public static function getGlobalScope($scope)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasPassword.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasPassword.php
index 1a938c144..194efa8cf 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasPassword.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasPassword.php
@@ -6,12 +6,13 @@ use LdapRecord\ConnectionException;
 use LdapRecord\LdapRecordException;
 use LdapRecord\Models\Attributes\Password;
 
+/** @mixin \LdapRecord\Models\Model */
 trait HasPassword
 {
     /**
      * Set the password on the user.
      *
-     * @param string|array $password
+     * @param  string|array  $password
      *
      * @throws ConnectionException
      */
@@ -48,7 +49,7 @@ trait HasPassword
     /**
      * Alias for setting the password on the user.
      *
-     * @param string|array $password
+     * @param  string|array  $password
      *
      * @throws ConnectionException
      */
@@ -106,10 +107,9 @@ trait HasPassword
     /**
      * Set the changed password.
      *
-     * @param string $oldPassword
-     * @param string $newPassword
-     * @param string $attribute
-     *
+     * @param  string  $oldPassword
+     * @param  string  $newPassword
+     * @param  string  $attribute
      * @return void
      */
     protected function setChangedPassword($oldPassword, $newPassword, $attribute)
@@ -136,9 +136,8 @@ trait HasPassword
     /**
      * Set the password on the model.
      *
-     * @param string $password
-     * @param string $attribute
-     *
+     * @param  string  $password
+     * @param  string  $attribute
      * @return void
      */
     protected function setPassword($password, $attribute)
@@ -155,10 +154,9 @@ trait HasPassword
     /**
      * Encode / hash the given password.
      *
-     * @param string $method
-     * @param string $password
-     * @param string $salt
-     *
+     * @param  string  $method
+     * @param  string  $password
+     * @param  string  $salt
      * @return string
      *
      * @throws LdapRecordException
@@ -203,8 +201,7 @@ trait HasPassword
     /**
      * Attempt to retrieve the password's salt.
      *
-     * @param string $method
-     *
+     * @param  string  $method
      * @return string|null
      */
     public function getPasswordSalt($method)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasRelationships.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasRelationships.php
index a8a5cacf2..87c0a7cc8 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasRelationships.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasRelationships.php
@@ -5,6 +5,7 @@ namespace LdapRecord\Models\Concerns;
 use LdapRecord\Models\Relations\HasMany;
 use LdapRecord\Models\Relations\HasManyIn;
 use LdapRecord\Models\Relations\HasOne;
+use LdapRecord\Models\Relations\Relation;
 use LdapRecord\Support\Arr;
 
 trait HasRelationships
@@ -12,10 +13,9 @@ trait HasRelationships
     /**
      * Returns a new has one relationship.
      *
-     * @param mixed  $related
-     * @param string $relationKey
-     * @param string $foreignKey
-     *
+     * @param  mixed  $related
+     * @param  string  $relationKey
+     * @param  string  $foreignKey
      * @return HasOne
      */
     public function hasOne($related, $relationKey, $foreignKey = 'dn')
@@ -26,10 +26,9 @@ trait HasRelationships
     /**
      * Returns a new has many relationship.
      *
-     * @param mixed  $related
-     * @param string $relationKey
-     * @param string $foreignKey
-     *
+     * @param  mixed  $related
+     * @param  string  $relationKey
+     * @param  string  $foreignKey
      * @return HasMany
      */
     public function hasMany($related, $relationKey, $foreignKey = 'dn')
@@ -40,10 +39,9 @@ trait HasRelationships
     /**
      * Returns a new has many in relationship.
      *
-     * @param mixed  $related
-     * @param string $relationKey
-     * @param string $foreignKey
-     *
+     * @param  mixed  $related
+     * @param  string  $relationKey
+     * @param  string  $foreignKey
      * @return HasManyIn
      */
     public function hasManyIn($related, $relationKey, $foreignKey = 'dn')
@@ -51,6 +49,29 @@ trait HasRelationships
         return new HasManyIn($this->newQuery(), $this, $related, $relationKey, $foreignKey, $this->guessRelationshipName());
     }
 
+    /**
+     * Get a relationship by its name.
+     *
+     * @param  string  $relationName
+     * @return Relation|null
+     */
+    public function getRelation($relationName)
+    {
+        if (! method_exists($this, $relationName)) {
+            return;
+        }
+
+        if (! $relation = $this->{$relationName}()) {
+            return;
+        }
+
+        if (! $relation instanceof Relation) {
+            return;
+        }
+
+        return $relation;
+    }
+
     /**
      * Get the relationships name.
      *
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasScopes.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasScopes.php
index 6c97cf925..cb227fecc 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasScopes.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HasScopes.php
@@ -2,6 +2,7 @@
 
 namespace LdapRecord\Models\Concerns;
 
+/** @mixin \LdapRecord\Models\Model */
 trait HasScopes
 {
     /**
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HidesAttributes.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HidesAttributes.php
index 9cc210057..ecd328dab 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HidesAttributes.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/HidesAttributes.php
@@ -6,6 +6,8 @@ namespace LdapRecord\Models\Concerns;
  * @author Taylor Otwell
  *
  * @see https://laravel.com
+ *
+ * @mixin \LdapRecord\Models\Model
  */
 trait HidesAttributes
 {
@@ -38,8 +40,7 @@ trait HidesAttributes
     /**
      * Set the hidden attributes for the model.
      *
-     * @param array $hidden
-     *
+     * @param  array  $hidden
      * @return $this
      */
     public function setHidden(array $hidden)
@@ -52,8 +53,7 @@ trait HidesAttributes
     /**
      * Add hidden attributes for the model.
      *
-     * @param array|string|null $attributes
-     *
+     * @param  array|string|null  $attributes
      * @return void
      */
     public function addHidden($attributes = null)
@@ -79,8 +79,7 @@ trait HidesAttributes
     /**
      * Set the visible attributes for the model.
      *
-     * @param array $visible
-     *
+     * @param  array  $visible
      * @return $this
      */
     public function setVisible(array $visible)
@@ -93,8 +92,7 @@ trait HidesAttributes
     /**
      * Add visible attributes for the model.
      *
-     * @param array|string|null $attributes
-     *
+     * @param  array|string|null  $attributes
      * @return void
      */
     public function addVisible($attributes = null)
@@ -108,8 +106,7 @@ trait HidesAttributes
     /**
      * Make the given, typically hidden, attributes visible.
      *
-     * @param array|string $attributes
-     *
+     * @param  array|string  $attributes
      * @return $this
      */
     public function makeVisible($attributes)
@@ -126,8 +123,7 @@ trait HidesAttributes
     /**
      * Make the given, typically visible, attributes hidden.
      *
-     * @param array|string $attributes
-     *
+     * @param  array|string  $attributes
      * @return $this
      */
     public function makeHidden($attributes)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/SerializesAndRestoresPropertyValues.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/SerializesAndRestoresPropertyValues.php
new file mode 100644
index 000000000..cf550c749
--- /dev/null
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/SerializesAndRestoresPropertyValues.php
@@ -0,0 +1,47 @@
+<?php
+
+namespace LdapRecord\Models\Concerns;
+
+/** @mixin HasAttributes */
+trait SerializesAndRestoresPropertyValues
+{
+    /**
+     * Get the property value prepared for serialization.
+     *
+     * @param  string  $property
+     * @param  mixed  $value
+     * @return mixed
+     */
+    protected function getSerializedPropertyValue($property, $value)
+    {
+        if ($property === 'original') {
+            return $this->originalToArray();
+        }
+
+        if ($property === 'attributes') {
+            return $this->attributesToArray();
+        }
+
+        return $value;
+    }
+
+    /**
+     * Get the unserialized property value after deserialization.
+     *
+     * @param  string  $property
+     * @param  mixed  $value
+     * @return mixed
+     */
+    protected function getUnserializedPropertyValue($property, $value)
+    {
+        if ($property === 'original') {
+            return $this->arrayToOriginal($value);
+        }
+
+        if ($property === 'attributes') {
+            return $this->arrayToAttributes($value);
+        }
+
+        return $value;
+    }
+}
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/SerializesProperties.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/SerializesProperties.php
new file mode 100644
index 000000000..91f4bcfe3
--- /dev/null
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Concerns/SerializesProperties.php
@@ -0,0 +1,143 @@
+<?php
+
+namespace LdapRecord\Models\Concerns;
+
+use ReflectionClass;
+use ReflectionProperty;
+
+trait SerializesProperties
+{
+    use SerializesAndRestoresPropertyValues;
+
+    /**
+     * Prepare the attributes for serialization.
+     *
+     * @return array
+     */
+    public function __sleep()
+    {
+        $properties = (new ReflectionClass($this))->getProperties();
+
+        foreach ($properties as $property) {
+            $property->setValue($this, $this->getSerializedPropertyValue(
+                $property->getName(),
+                $this->getPropertyValue($property)
+            ));
+        }
+
+        return array_values(array_filter(array_map(function ($p) {
+            return $p->isStatic() ? null : $p->getName();
+        }, $properties)));
+    }
+
+    /**
+     * Restore the attributes after serialization.
+     *
+     * @return void
+     */
+    public function __wakeup()
+    {
+        foreach ((new ReflectionClass($this))->getProperties() as $property) {
+            if ($property->isStatic()) {
+                continue;
+            }
+
+            $property->setValue($this, $this->getUnserializedPropertyValue(
+                $property->getName(),
+                $this->getPropertyValue($property)
+            ));
+        }
+    }
+
+    /**
+     * Prepare the model for serialization.
+     *
+     * @return array
+     */
+    public function __serialize()
+    {
+        $values = [];
+
+        $properties = (new ReflectionClass($this))->getProperties();
+
+        $class = get_class($this);
+
+        foreach ($properties as $property) {
+            if ($property->isStatic()) {
+                continue;
+            }
+
+            $property->setAccessible(true);
+
+            if (! $property->isInitialized($this)) {
+                continue;
+            }
+
+            $name = $property->getName();
+
+            if ($property->isPrivate()) {
+                $name = "\0{$class}\0{$name}";
+            } elseif ($property->isProtected()) {
+                $name = "\0*\0{$name}";
+            }
+
+            $values[$name] = $this->getSerializedPropertyValue(
+                $property->getName(),
+                $this->getPropertyValue($property)
+            );
+        }
+
+        return $values;
+    }
+
+    /**
+     * Restore the model after serialization.
+     *
+     * @param  array  $values
+     * @return void
+     */
+    public function __unserialize(array $values)
+    {
+        $properties = (new ReflectionClass($this))->getProperties();
+
+        $class = get_class($this);
+
+        foreach ($properties as $property) {
+            if ($property->isStatic()) {
+                continue;
+            }
+
+            $name = $property->getName();
+
+            if ($property->isPrivate()) {
+                $name = "\0{$class}\0{$name}";
+            } elseif ($property->isProtected()) {
+                $name = "\0*\0{$name}";
+            }
+
+            if (! array_key_exists($name, $values)) {
+                continue;
+            }
+
+            $property->setAccessible(true);
+
+            $property->setValue(
+                $this,
+                $this->getUnserializedPropertyValue($property->getName(), $values[$name])
+            );
+        }
+    }
+
+    /**
+     * Get the property value for the given property.
+     *
+     * @param  ReflectionProperty  $property
+     * @return mixed
+     */
+    protected function getPropertyValue(ReflectionProperty $property)
+    {
+        $property->setAccessible(true);
+
+        return $property->getValue($this);
+    }
+}
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/DetectsResetIntegers.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/DetectsResetIntegers.php
index 8712ef755..7b8d1830e 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/DetectsResetIntegers.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/DetectsResetIntegers.php
@@ -11,8 +11,7 @@ trait DetectsResetIntegers
      * LDAP attributes to instruct the server to reset the
      * value to an 'unset' or 'cleared' state.
      *
-     * @param mixed $value
-     *
+     * @param  mixed  $value
      * @return bool
      */
     protected function valueIsResetInteger($value)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/DirectoryServer/Entry.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/DirectoryServer/Entry.php
index 1bf832587..a67200e94 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/DirectoryServer/Entry.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/DirectoryServer/Entry.php
@@ -3,8 +3,9 @@
 namespace LdapRecord\Models\DirectoryServer;
 
 use LdapRecord\Models\Model;
+use LdapRecord\Models\Types\DirectoryServer;
 
-class Entry extends Model
+class Entry extends Model implements DirectoryServer
 {
     /**
      * The attribute key that contains the models object GUID.
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Events/Event.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Events/Event.php
index 20de0b7a6..8dbd1d29a 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Events/Event.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Events/Event.php
@@ -16,7 +16,7 @@ abstract class Event
     /**
      * Constructor.
      *
-     * @param Model $model
+     * @param  Model  $model
      */
     public function __construct(Model $model)
     {
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Events/Renaming.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Events/Renaming.php
index 83427ca1a..5e7be97d7 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Events/Renaming.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Events/Renaming.php
@@ -23,9 +23,9 @@ class Renaming extends Event
     /**
      * Constructor.
      *
-     * @param Model  $model
-     * @param string $rdn
-     * @param string $newParentDn
+     * @param  Model  $model
+     * @param  string  $rdn
+     * @param  string  $newParentDn
      */
     public function __construct(Model $model, $rdn, $newParentDn)
     {
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/FreeIPA/Entry.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/FreeIPA/Entry.php
index 7fdda9c86..be6322b15 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/FreeIPA/Entry.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/FreeIPA/Entry.php
@@ -44,8 +44,7 @@ class Entry extends BaseEntry implements FreeIPA
     /**
      * Create a new query builder.
      *
-     * @param Connection $connection
-     *
+     * @param  Connection  $connection
      * @return FreeIpaBuilder
      */
     public function newQueryBuilder(Connection $connection)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/FreeIPA/Scopes/AddEntryUuidToSelects.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/FreeIPA/Scopes/AddEntryUuidToSelects.php
index 039c05e4f..581b5beed 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/FreeIPA/Scopes/AddEntryUuidToSelects.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/FreeIPA/Scopes/AddEntryUuidToSelects.php
@@ -11,9 +11,8 @@ class AddEntryUuidToSelects implements Scope
     /**
      * Add the entry UUID to the selected attributes.
      *
-     * @param Builder $query
-     * @param Model   $model
-     *
+     * @param  Builder  $query
+     * @param  Model  $model
      * @return void
      */
     public function apply(Builder $query, Model $model)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Model.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Model.php
index 2e11696b4..932c1a3b1 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Model.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Model.php
@@ -11,8 +11,6 @@ use LdapRecord\Container;
 use LdapRecord\EscapesValues;
 use LdapRecord\Models\Attributes\DistinguishedName;
 use LdapRecord\Models\Attributes\Guid;
-use LdapRecord\Models\Events\Renamed;
-use LdapRecord\Models\Events\Renaming;
 use LdapRecord\Query\Model\Builder;
 use LdapRecord\Support\Arr;
 use UnexpectedValueException;
@@ -27,6 +25,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     use Concerns\HasGlobalScopes;
     use Concerns\HidesAttributes;
     use Concerns\HasRelationships;
+    use Concerns\SerializesProperties;
 
     /**
      * Indicates if the model exists in the directory.
@@ -115,7 +114,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Constructor.
      *
-     * @param array $attributes
+     * @param  array  $attributes
      */
     public function __construct(array $attributes = [])
     {
@@ -163,9 +162,8 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Handle dynamic method calls into the model.
      *
-     * @param string $method
-     * @param array  $parameters
-     *
+     * @param  string  $method
+     * @param  array  $parameters
      * @return mixed
      */
     public function __call($method, $parameters)
@@ -180,9 +178,8 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Handle dynamic static method calls into the method.
      *
-     * @param string $method
-     * @param array  $parameters
-     *
+     * @param  string  $method
+     * @param  array  $parameters
      * @return mixed
      */
     public static function __callStatic($method, $parameters)
@@ -203,8 +200,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Set the models distinguished name.
      *
-     * @param string $dn
-     *
+     * @param  string  $dn
      * @return $this
      */
     public function setDn($dn)
@@ -217,8 +213,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * A mutator for setting the models distinguished name.
      *
-     * @param string $dn
-     *
+     * @param  string  $dn
      * @return $this
      */
     public function setDnAttribute($dn)
@@ -229,8 +224,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * A mutator for setting the models distinguished name.
      *
-     * @param string $dn
-     *
+     * @param  string  $dn
      * @return $this
      */
     public function setDistinguishedNameAttribute($dn)
@@ -261,8 +255,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Set the connection associated with the model.
      *
-     * @param string $name
-     *
+     * @param  string  $name
      * @return $this
      */
     public function setConnection($name)
@@ -272,11 +265,21 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
         return $this;
     }
 
+    /**
+     * Make a new model instance.
+     *
+     * @param  array  $attributes
+     * @return static
+     */
+    public static function make($attributes = [])
+    {
+        return new static($attributes);
+    }
+
     /**
      * Begin querying the model on a given connection.
      *
-     * @param string|null $connection
-     *
+     * @param  string|null  $connection
      * @return Builder
      */
     public static function on($connection = null)
@@ -291,8 +294,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Get all the models from the directory.
      *
-     * @param array|mixed $attributes
-     *
+     * @param  array|mixed  $attributes
      * @return Collection|static[]
      */
     public static function all($attributes = ['*'])
@@ -301,15 +303,45 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     }
 
     /**
-     * Make a new model instance.
+     * Get the RootDSE (AD schema) record from the directory.
      *
-     * @param array $attributes
+     * @param  string|null  $connection
+     * @return Model
      *
-     * @return static
+     * @throws \LdapRecord\Models\ModelNotFoundException
      */
-    public static function make($attributes = [])
+    public static function getRootDse($connection = null)
     {
-        return new static($attributes);
+        $model = static::getRootDseModel();
+
+        return $model::on($connection ?? (new $model)->getConnectionName())
+            ->in(null)
+            ->read()
+            ->whereHas('objectclass')
+            ->firstOrFail();
+    }
+
+    /**
+     * Get the root DSE model.
+     *
+     * @return class-string<Model>
+     */
+    protected static function getRootDseModel()
+    {
+        $instance = (new static);
+
+        switch (true) {
+            case $instance instanceof Types\ActiveDirectory:
+                return ActiveDirectory\Entry::class;
+            case $instance instanceof Types\DirectoryServer:
+                return OpenLDAP\Entry::class;
+            case $instance instanceof Types\OpenLDAP:
+                return OpenLDAP\Entry::class;
+            case $instance instanceof Types\FreeIPA:
+                return FreeIPA\Entry::class;
+            default:
+                return Entry::class;
+        }
     }
 
     /**
@@ -349,8 +381,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Create a new query builder.
      *
-     * @param Connection $connection
-     *
+     * @param  Connection  $connection
      * @return Builder
      */
     public function newQueryBuilder(Connection $connection)
@@ -361,8 +392,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Create a new model instance.
      *
-     * @param array $attributes
-     *
+     * @param  array  $attributes
      * @return static
      */
     public function newInstance(array $attributes = [])
@@ -373,8 +403,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Resolve a connection instance.
      *
-     * @param string|null $connection
-     *
+     * @param  string|null  $connection
      * @return Connection
      */
     public static function resolveConnection($connection = null)
@@ -405,8 +434,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Set the connection container.
      *
-     * @param Container $container
-     *
+     * @param  Container  $container
      * @return void
      */
     public static function setConnectionContainer(Container $container)
@@ -427,8 +455,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Register the query scopes for this builder instance.
      *
-     * @param Builder $builder
-     *
+     * @param  Builder  $builder
      * @return Builder
      */
     public function registerModelScopes($builder)
@@ -443,8 +470,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Register the global model scopes.
      *
-     * @param Builder $builder
-     *
+     * @param  Builder  $builder
      * @return Builder
      */
     public function registerGlobalScopes($builder)
@@ -459,8 +485,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Apply the model object class scopes to the given builder instance.
      *
-     * @param Builder $query
-     *
+     * @param  Builder  $query
      * @return void
      */
     public function applyObjectClassScopes(Builder $query)
@@ -483,10 +508,9 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Returns a new batch modification.
      *
-     * @param string|null     $attribute
-     * @param string|int|null $type
-     * @param array           $values
-     *
+     * @param  string|null  $attribute
+     * @param  string|int|null  $type
+     * @param  array  $values
      * @return BatchModification
      */
     public function newBatchModification($attribute = null, $type = null, $values = [])
@@ -497,8 +521,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Returns a new collection with the specified items.
      *
-     * @param mixed $items
-     *
+     * @param  mixed  $items
      * @return Collection
      */
     public function newCollection($items = [])
@@ -509,9 +532,8 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Dynamically retrieve attributes on the object.
      *
-     * @param mixed $key
-     *
-     * @return bool
+     * @param  string  $key
+     * @return mixed
      */
     public function __get($key)
     {
@@ -521,9 +543,8 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Dynamically set attributes on the object.
      *
-     * @param mixed $key
-     * @param mixed $value
-     *
+     * @param  string  $key
+     * @param  mixed  $value
      * @return $this
      */
     public function __set($key, $value)
@@ -534,8 +555,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Determine if the given offset exists.
      *
-     * @param string $offset
-     *
+     * @param  string  $offset
      * @return bool
      */
     #[\ReturnTypeWillChange]
@@ -547,8 +567,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Get the value for a given offset.
      *
-     * @param string $offset
-     *
+     * @param  string  $offset
      * @return mixed
      */
     #[\ReturnTypeWillChange]
@@ -560,9 +579,8 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Set the value at the given offset.
      *
-     * @param string $offset
-     * @param mixed  $value
-     *
+     * @param  string  $offset
+     * @param  mixed  $value
      * @return void
      */
     #[\ReturnTypeWillChange]
@@ -574,8 +592,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Unset the value at the given offset.
      *
-     * @param string $offset
-     *
+     * @param  string  $offset
      * @return void
      */
     #[\ReturnTypeWillChange]
@@ -587,8 +604,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Determine if an attribute exists on the model.
      *
-     * @param string $key
-     *
+     * @param  string  $key
      * @return bool
      */
     public function __isset($key)
@@ -599,8 +615,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Unset an attribute on the model.
      *
-     * @param string $key
-     *
+     * @param  string  $key
      * @return void
      */
     public function __unset($key)
@@ -630,26 +645,36 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     }
 
     /**
-     * Converts extra attributes for JSON serialization.
-     *
-     * @param array $attributes
+     * Convert the attributes for JSON serialization.
      *
+     * @param  array  $attributes
      * @return array
      */
     protected function convertAttributesForJson(array $attributes = [])
     {
-        // If the model has a GUID set, we need to convert
-        // it due to it being in binary. Otherwise we'll
-        // receive a JSON serialization exception.
-        if ($this->hasAttribute($this->guidKey)) {
-            return array_replace($attributes, [
-                $this->guidKey => [$this->getConvertedGuid()],
-            ]);
+        // If the model has a GUID set, we need to convert it to its
+        // string format, due to it being in binary. Otherwise
+        // we will receive a JSON serialization exception.
+        if (isset($attributes[$this->guidKey])) {
+            $attributes[$this->guidKey] = [$this->getConvertedGuid(
+                Arr::first($attributes[$this->guidKey])
+            )];
         }
 
         return $attributes;
     }
 
+    /**
+     * Convert the attributes from JSON serialization.
+     *
+     * @param  array  $attributes
+     * @return array
+     */
+    protected function convertAttributesFromJson(array $attributes = [])
+    {
+        return $attributes;
+    }
+
     /**
      * Reload a fresh model instance from the directory.
      *
@@ -667,8 +692,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Determine if two models have the same distinguished name and belong to the same connection.
      *
-     * @param Model|null $model
-     *
+     * @param  Model|null  $model
      * @return bool
      */
     public function is($model)
@@ -681,8 +705,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Determine if two models are not the same.
      *
-     * @param Model|null $model
-     *
+     * @param  Model|null  $model
      * @return bool
      */
     public function isNot($model)
@@ -693,8 +716,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Hydrate a new collection of models from search results.
      *
-     * @param array $records
-     *
+     * @param  array  $records
      * @return Collection
      */
     public function hydrate($records)
@@ -709,8 +731,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Converts the current model into the given model.
      *
-     * @param Model $into
-     *
+     * @param  Model  $into
      * @return Model
      */
     public function convert(self $into)
@@ -760,8 +781,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Set the models batch modifications.
      *
-     * @param array $modifications
-     *
+     * @param  array  $modifications
      * @return $this
      */
     public function setModifications(array $modifications = [])
@@ -778,8 +798,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Adds a batch modification to the model.
      *
-     * @param array|BatchModification $mod
-     *
+     * @param  array|BatchModification  $mod
      * @return $this
      *
      * @throws InvalidArgumentException
@@ -824,8 +843,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Get the name of the model, or the given DN.
      *
-     * @param string|null $dn
-     *
+     * @param  string|null  $dn
      * @return string|null
      */
     public function getName($dn = null)
@@ -836,8 +854,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Get the head attribute of the model, or the given DN.
      *
-     * @param string|null $dn
-     *
+     * @param  string|null  $dn
      * @return string|null
      */
     public function getHead($dn = null)
@@ -849,7 +866,6 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
      * Get the RDN of the model, of the given DN.
      *
      * @param string|null
-     *
      * @return string|null
      */
     public function getRdn($dn = null)
@@ -861,7 +877,6 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
      * Get the parent distinguished name of the model, or the given DN.
      *
      * @param string|null
-     *
      * @return string|null
      */
     public function getParentDn($dn = null)
@@ -872,8 +887,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Create a new Distinguished Name object.
      *
-     * @param string|null $dn
-     *
+     * @param  string|null  $dn
      * @return DistinguishedName
      */
     public function newDn($dn = null)
@@ -910,28 +924,58 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
      */
     public function getObjectClasses()
     {
-        return $this->getAttribute('objectclass') ?: [];
+        return $this->getAttribute('objectclass', static::$objectClasses);
     }
 
     /**
      * Get the model's string GUID.
      *
+     * @param  string|null  $guid
      * @return string|null
      */
-    public function getConvertedGuid()
+    public function getConvertedGuid($guid = null)
     {
         try {
-            return (string) new Guid($this->getObjectGuid());
+            return (string) $this->newObjectGuid(
+                $guid ?? $this->getObjectGuid()
+            );
         } catch (InvalidArgumentException $e) {
             return;
         }
     }
 
+    /**
+     * Get the model's binary GUID.
+     *
+     * @param  string|null  $guid
+     * @return string|null
+     */
+    public function getBinaryGuid($guid = null)
+    {
+        try {
+            return $this->newObjectGuid(
+                $guid ?? $this->getObjectGuid()
+            )->getBinary();
+        } catch (InvalidArgumentException $e) {
+            return;
+        }
+    }
+
+    /**
+     * Make a new object Guid instance.
+     *
+     * @param  string  $value
+     * @return Guid
+     */
+    protected function newObjectGuid($value)
+    {
+        return new Guid($value);
+    }
+
     /**
      * Determine if the current model is a direct descendant of the given.
      *
-     * @param static|string $parent
-     *
+     * @param  static|string  $parent
      * @return bool
      */
     public function isChildOf($parent)
@@ -944,8 +988,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Determine if the current model is a direct ascendant of the given.
      *
-     * @param static|string $child
-     *
+     * @param  static|string  $child
      * @return bool
      */
     public function isParentOf($child)
@@ -958,8 +1001,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Determine if the current model is a descendant of the given.
      *
-     * @param static|string $model
-     *
+     * @param  static|string  $model
      * @return bool
      */
     public function isDescendantOf($model)
@@ -970,8 +1012,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Determine if the current model is a ancestor of the given.
      *
-     * @param static|string $model
-     *
+     * @param  static|string  $model
      * @return bool
      */
     public function isAncestorOf($model)
@@ -982,9 +1023,8 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Determines if the DN is inside of the parent DN.
      *
-     * @param static|string $dn
-     * @param static|string $parentDn
-     *
+     * @param  static|string  $dn
+     * @param  static|string  $parentDn
      * @return bool
      */
     protected function dnIsInside($dn, $parentDn)
@@ -997,8 +1037,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Set the base DN of where the model should be created in.
      *
-     * @param static|string $dn
-     *
+     * @param  static|string  $dn
      * @return $this
      */
     public function inside($dn)
@@ -1011,8 +1050,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Save the model to the directory without raising any events.
      *
-     * @param array $attributes
-     *
+     * @param  array  $attributes
      * @return void
      *
      * @throws \LdapRecord\LdapRecordException
@@ -1027,8 +1065,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Save the model to the directory.
      *
-     * @param array $attributes The attributes to update or create for the current entry.
-     *
+     * @param  array  $attributes  The attributes to update or create for the current entry.
      * @return void
      *
      * @throws \LdapRecord\LdapRecordException
@@ -1037,11 +1074,13 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     {
         $this->fill($attributes);
 
-        $this->fireModelEvent(new Events\Saving($this));
+        $this->dispatch('saving');
 
         $this->exists ? $this->performUpdate() : $this->performInsert();
 
-        $this->fireModelEvent(new Events\Saved($this));
+        $this->dispatch('saved');
+
+        $this->modifications = [];
 
         $this->in = null;
     }
@@ -1071,7 +1110,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
             $this->setDn($this->getCreatableDn());
         }
 
-        $this->fireModelEvent(new Events\Creating($this));
+        $this->dispatch('creating');
 
         // Here we perform the insert of new object in the directory,
         // but filter out any empty attributes before sending them
@@ -1079,7 +1118,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
         // attributes have been given empty or null values.
         $query->insert($this->getDn(), array_filter($this->getAttributes()));
 
-        $this->fireModelEvent(new Events\Created($this));
+        $this->dispatch('created');
 
         $this->syncOriginal();
 
@@ -1101,22 +1140,19 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
             return;
         }
 
-        $this->fireModelEvent(new Events\Updating($this));
+        $this->dispatch('updating');
 
         $this->newQuery()->update($this->dn, $modifications);
 
-        $this->fireModelEvent(new Events\Updated($this));
+        $this->dispatch('updated');
 
         $this->syncOriginal();
-
-        $this->modifications = [];
     }
 
     /**
      * Create the model in the directory.
      *
-     * @param array $attributes The attributes for the new entry.
-     *
+     * @param  array  $attributes  The attributes for the new entry.
      * @return Model
      *
      * @throws \LdapRecord\LdapRecordException
@@ -1133,9 +1169,8 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Create an attribute on the model.
      *
-     * @param string $attribute The attribute to create
-     * @param mixed  $value     The value of the new attribute
-     *
+     * @param  string  $attribute  The attribute to create
+     * @param  mixed  $value  The value of the new attribute
      * @return void
      *
      * @throws ModelDoesNotExistException
@@ -1143,18 +1178,21 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
      */
     public function createAttribute($attribute, $value)
     {
-        $this->requireExistence();
+        $this->assertExists();
+
+        $this->dispatch(['saving', 'updating']);
 
         $this->newQuery()->insertAttributes($this->dn, [$attribute => (array) $value]);
 
         $this->addAttributeValue($attribute, $value);
+
+        $this->dispatch(['updated', 'saved']);
     }
 
     /**
      * Update the model.
      *
-     * @param array $attributes The attributes to update for the current entry.
-     *
+     * @param  array  $attributes  The attributes to update for the current entry.
      * @return void
      *
      * @throws ModelDoesNotExistException
@@ -1162,7 +1200,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
      */
     public function update(array $attributes = [])
     {
-        $this->requireExistence();
+        $this->assertExists();
 
         $this->save($attributes);
     }
@@ -1170,9 +1208,8 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Update the model attribute with the specified value.
      *
-     * @param string $attribute The attribute to modify
-     * @param mixed  $value     The new value for the attribute
-     *
+     * @param  string  $attribute  The attribute to modify
+     * @param  mixed  $value  The new value for the attribute
      * @return void
      *
      * @throws ModelDoesNotExistException
@@ -1180,19 +1217,22 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
      */
     public function updateAttribute($attribute, $value)
     {
-        $this->requireExistence();
+        $this->assertExists();
+
+        $this->dispatch(['saving', 'updating']);
 
         $this->newQuery()->updateAttributes($this->dn, [$attribute => (array) $value]);
 
         $this->addAttributeValue($attribute, $value);
+
+        $this->dispatch(['updated', 'saved']);
     }
 
     /**
      * Destroy the models for the given distinguished names.
      *
-     * @param Collection|array|string $dns
-     * @param bool                    $recursive
-     *
+     * @param  Collection|array|string  $dns
+     * @param  bool  $recursive
      * @return int
      *
      * @throws \LdapRecord\LdapRecordException
@@ -1201,11 +1241,17 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     {
         $count = 0;
 
-        $dns = is_string($dns) ? (array) $dns : $dns;
-
         $instance = new static();
 
-        foreach ($dns as $dn) {
+        if ($dns instanceof Collection) {
+            $dns = $dns->modelDns()->toArray();
+        }
+
+        // Here we are iterating through each distinguished name and locating
+        // the associated model. While it's more resource intensive, we must
+        // do this in case of leaf nodes being given alongside any parent
+        // node, ensuring they can be deleted inside of the directory.
+        foreach ((array) $dns as $dn) {
             if (! $model = $instance->find($dn)) {
                 continue;
             }
@@ -1224,8 +1270,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
      * Throws a ModelNotFoundException if the current model does
      * not exist or does not contain a distinguished name.
      *
-     * @param bool $recursive Whether to recursively delete leaf nodes (models that are children).
-     *
+     * @param  bool  $recursive  Whether to recursively delete leaf nodes (models that are children).
      * @return void
      *
      * @throws ModelDoesNotExistException
@@ -1233,9 +1278,9 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
      */
     public function delete($recursive = false)
     {
-        $this->requireExistence();
+        $this->assertExists();
 
-        $this->fireModelEvent(new Events\Deleting($this));
+        $this->dispatch('deleting');
 
         if ($recursive) {
             $this->deleteLeafNodes();
@@ -1248,7 +1293,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
         // developers can hook in and run further operations.
         $this->exists = false;
 
-        $this->fireModelEvent(new Events\Deleted($this));
+        $this->dispatch('deleted');
     }
 
     /**
@@ -1263,15 +1308,15 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
         $this->newQueryWithoutScopes()
             ->in($this->dn)
             ->listing()
-            ->chunk(250, function ($models) {
-                $models->each->delete($recursive = true);
+            ->each(function (Model $model) {
+                $model->delete($recursive = true);
             });
     }
 
     /**
      * Delete an attribute on the model.
      *
-     * @param string|array $attributes The attribute(s) to delete
+     * @param  string|array  $attributes  The attribute(s) to delete
      *
      * Delete specific values in attributes:
      *
@@ -1280,7 +1325,6 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
      * Delete an entire attribute:
      *
      *     ["memberuid" => []]
-     *
      * @return void
      *
      * @throws ModelDoesNotExistException
@@ -1288,10 +1332,12 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
      */
     public function deleteAttribute($attributes)
     {
-        $this->requireExistence();
+        $this->assertExists();
 
         $attributes = $this->makeDeletableAttributes($attributes);
 
+        $this->dispatch(['saving', 'updating']);
+
         $this->newQuery()->deleteAttributes($this->dn, $attributes);
 
         foreach ($attributes as $attribute => $value) {
@@ -1311,14 +1357,15 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
             }
         }
 
+        $this->dispatch(['updated', 'saved']);
+
         $this->syncOriginal();
     }
 
     /**
      * Make a deletable attribute array.
      *
-     * @param string|array $attributes
-     *
+     * @param  string|array  $attributes
      * @return array
      */
     protected function makeDeletableAttributes($attributes)
@@ -1339,9 +1386,8 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
      *
      * For example: $user->move($ou);
      *
-     * @param static|string $newParentDn  The new parent of the current model.
-     * @param bool          $deleteOldRdn Whether to delete the old models relative distinguished name once renamed / moved.
-     *
+     * @param  static|string  $newParentDn  The new parent of the current model.
+     * @param  bool  $deleteOldRdn  Whether to delete the old models relative distinguished name once renamed / moved.
      * @return void
      *
      * @throws UnexpectedValueException
@@ -1350,7 +1396,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
      */
     public function move($newParentDn, $deleteOldRdn = true)
     {
-        $this->requireExistence();
+        $this->assertExists();
 
         if (! $rdn = $this->getRdn()) {
             throw new UnexpectedValueException('Current model does not contain an RDN to move.');
@@ -1362,10 +1408,9 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Rename the model to a new RDN and new parent.
      *
-     * @param string             $rdn          The models new relative distinguished name. Example: "cn=JohnDoe"
-     * @param static|string|null $newParentDn  The models new parent distinguished name (if moving). Leave this null if you are only renaming. Example: "ou=MovedUsers,dc=acme,dc=org"
-     * @param bool|true          $deleteOldRdn Whether to delete the old models relative distinguished name once renamed / moved.
-     *
+     * @param  string  $rdn  The models new relative distinguished name. Example: "cn=JohnDoe"
+     * @param  static|string|null  $newParentDn  The models new parent distinguished name (if moving). Leave this null if you are only renaming. Example: "ou=MovedUsers,dc=acme,dc=org"
+     * @param  bool|true  $deleteOldRdn  Whether to delete the old models relative distinguished name once renamed / moved.
      * @return void
      *
      * @throws ModelDoesNotExistException
@@ -1373,7 +1418,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
      */
     public function rename($rdn, $newParentDn = null, $deleteOldRdn = true)
     {
-        $this->requireExistence();
+        $this->assertExists();
 
         if ($newParentDn instanceof self) {
             $newParentDn = $newParentDn->getDn();
@@ -1400,7 +1445,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
             $rdn = $this->getUpdateableRdn($rdn);
         }
 
-        $this->fireModelEvent(new Renaming($this, $rdn, $newParentDn));
+        $this->dispatch('renaming', [$rdn, $newParentDn]);
 
         $this->newQuery()->rename($this->dn, $rdn, $newParentDn, $deleteOldRdn);
 
@@ -1420,7 +1465,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
             = $this->original[$modelNameAttribute]
             = [reset($map[$modelNameAttribute])];
 
-        $this->fireModelEvent(new Renamed($this));
+        $this->dispatch('renamed');
 
         $this->wasRecentlyRenamed = true;
     }
@@ -1428,8 +1473,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Get an updateable RDN for the model.
      *
-     * @param string $name
-     *
+     * @param  string  $name
      * @return string
      */
     public function getUpdateableRdn($name)
@@ -1440,9 +1484,8 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Get a distinguished name that is creatable for the model.
      *
-     * @param string|null $name
-     * @param string|null $attribute
-     *
+     * @param  string|null  $name
+     * @param  string|null  $attribute
      * @return string
      */
     public function getCreatableDn($name = null, $attribute = null)
@@ -1456,9 +1499,8 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Get a creatable (escaped) RDN for the model.
      *
-     * @param string|null $name
-     * @param string|null $attribute
-     *
+     * @param  string|null  $name
+     * @param  string|null  $attribute
      * @return string
      */
     public function getCreatableRdn($name = null, $attribute = null)
@@ -1485,8 +1527,7 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Determines if the given modification is valid.
      *
-     * @param mixed $mod
-     *
+     * @param  mixed  $mod
      * @return bool
      */
     protected function isValidModification($mod)
@@ -1528,11 +1569,25 @@ abstract class Model implements ArrayAccess, Arrayable, JsonSerializable
     /**
      * Throw an exception if the model does not exist.
      *
+     * @deprecated
+     *
      * @return void
      *
      * @throws ModelDoesNotExistException
      */
     protected function requireExistence()
+    {
+        return $this->assertExists();
+    }
+
+    /**
+     * Throw an exception if the model does not exist.
+     *
+     * @return void
+     *
+     * @throws ModelDoesNotExistException
+     */
+    protected function assertExists()
     {
         if (! $this->exists || is_null($this->dn)) {
             throw ModelDoesNotExistException::forModel($this);
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ModelDoesNotExistException.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ModelDoesNotExistException.php
index 2dd2ba9bd..508414911 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ModelDoesNotExistException.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/ModelDoesNotExistException.php
@@ -16,8 +16,7 @@ class ModelDoesNotExistException extends LdapRecordException
     /**
      * Create a new exception for the given model.
      *
-     * @param Model $model
-     *
+     * @param  Model  $model
      * @return ModelDoesNotExistException
      */
     public static function forModel(Model $model)
@@ -28,8 +27,7 @@ class ModelDoesNotExistException extends LdapRecordException
     /**
      * Set the model that does not exist.
      *
-     * @param Model $model
-     *
+     * @param  Model  $model
      * @return ModelDoesNotExistException
      */
     public function setModel(Model $model)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/OpenLDAP/Entry.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/OpenLDAP/Entry.php
index b7ad37a44..c11ca72d4 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/OpenLDAP/Entry.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/OpenLDAP/Entry.php
@@ -34,8 +34,7 @@ class Entry extends BaseEntry implements OpenLDAP
     /**
      * Create a new query builder.
      *
-     * @param Connection $connection
-     *
+     * @param  Connection  $connection
      * @return OpenLdapBuilder
      */
     public function newQueryBuilder(Connection $connection)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/OpenLDAP/Group.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/OpenLDAP/Group.php
index 2d8d94e39..a9a682a06 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/OpenLDAP/Group.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/OpenLDAP/Group.php
@@ -13,4 +13,16 @@ class Group extends Entry
         'top',
         'groupofuniquenames',
     ];
+
+    /**
+     * The members relationship.
+     *
+     * Retrieves members that are apart of the group.
+     *
+     * @return \LdapRecord\Models\Relations\HasMany
+     */
+    public function members()
+    {
+        return $this->hasMany([static::class, User::class], 'memberUid');
+    }
 }
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/OpenLDAP/Scopes/AddEntryUuidToSelects.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/OpenLDAP/Scopes/AddEntryUuidToSelects.php
index 54376c2ba..780a633f3 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/OpenLDAP/Scopes/AddEntryUuidToSelects.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/OpenLDAP/Scopes/AddEntryUuidToSelects.php
@@ -11,9 +11,8 @@ class AddEntryUuidToSelects implements Scope
     /**
      * Add the entry UUID to the selected attributes.
      *
-     * @param Builder $query
-     * @param Model   $model
-     *
+     * @param  Builder  $query
+     * @param  Model  $model
      * @return void
      */
     public function apply(Builder $query, Model $model)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/OpenLDAP/User.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/OpenLDAP/User.php
index b37f39056..c8626de6d 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/OpenLDAP/User.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/OpenLDAP/User.php
@@ -40,7 +40,7 @@ class User extends Entry implements Authenticatable
     /**
      * The groups relationship.
      *
-     * Retrieves groups that the user is apart of.
+     * Retrieve groups that the user is a part of.
      *
      * @return \LdapRecord\Models\Relations\HasMany
      */
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Relations/HasMany.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Relations/HasMany.php
index ae36720c2..583f81c30 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Relations/HasMany.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Relations/HasMany.php
@@ -5,9 +5,9 @@ namespace LdapRecord\Models\Relations;
 use Closure;
 use LdapRecord\DetectsErrors;
 use LdapRecord\LdapRecordException;
+use LdapRecord\Models\Collection;
 use LdapRecord\Models\Model;
 use LdapRecord\Models\ModelNotFoundException;
-use LdapRecord\Query\Collection;
 
 class HasMany extends OneToMany
 {
@@ -51,9 +51,8 @@ class HasMany extends OneToMany
     /**
      * Set the model and attribute to use for attaching / detaching.
      *
-     * @param Model  $using
-     * @param string $usingKey
-     *
+     * @param  Model  $using
+     * @param  string  $usingKey
      * @return $this
      */
     public function using(Model $using, $usingKey)
@@ -67,8 +66,7 @@ class HasMany extends OneToMany
     /**
      * Set the pagination page size of the relation query.
      *
-     * @param int $pageSize
-     *
+     * @param  int  $pageSize
      * @return $this
      */
     public function setPageSize($pageSize)
@@ -81,8 +79,7 @@ class HasMany extends OneToMany
     /**
      * Paginate the relation using the given page size.
      *
-     * @param int $pageSize
-     *
+     * @param  int  $pageSize
      * @return Collection
      */
     public function paginate($pageSize = 1000)
@@ -93,8 +90,7 @@ class HasMany extends OneToMany
     /**
      * Paginate the relation using the page size once.
      *
-     * @param int $pageSize
-     *
+     * @param  int  $pageSize
      * @return Collection
      */
     protected function paginateOnceUsing($pageSize)
@@ -108,18 +104,67 @@ class HasMany extends OneToMany
         return $result;
     }
 
+    /**
+     * Execute a callback over each result while chunking.
+     *
+     * @param  Closure  $callback
+     * @param  int  $pageSize
+     * @return bool
+     */
+    public function each(Closure $callback, $pageSize = 1000)
+    {
+        $this->chunk($pageSize, function ($results) use ($callback) {
+            foreach ($results as $key => $value) {
+                if ($callback($value, $key) === false) {
+                    return false;
+                }
+            }
+        });
+    }
+
     /**
      * Chunk the relation results using the given callback.
      *
-     * @param int     $pageSize
-     * @param Closure $callback
-     *
-     * @return void
+     * @param  int  $pageSize
+     * @param  Closure  $callback
+     * @param  array  $loaded
+     * @return bool
      */
     public function chunk($pageSize, Closure $callback)
     {
-        $this->getRelationQuery()->chunk($pageSize, function ($entries) use ($callback) {
-            $callback($this->transformResults($entries));
+        return $this->chunkRelation($pageSize, $callback);
+    }
+
+    /**
+     * Execute the callback over chunks of relation results.
+     *
+     * @param  int  $pageSize
+     * @param  Closure  $callback
+     * @param  array  $loaded
+     * @return bool
+     */
+    protected function chunkRelation($pageSize, Closure $callback, $loaded = [])
+    {
+        return $this->getRelationQuery()->chunk($pageSize, function (Collection $results) use ($pageSize, $callback, $loaded) {
+            $models = $this->transformResults($results)->when($this->recursive, function (Collection $models) use ($loaded) {
+                return $models->reject(function (Model $model) use ($loaded) {
+                    return in_array($model->getDn(), $loaded);
+                });
+            });
+
+            if ($callback($models) === false) {
+                return false;
+            }
+
+            $models->when($this->recursive, function (Collection $models) use ($pageSize, $callback, $loaded) {
+                $models->each(function (Model $model) use ($pageSize, $callback, $loaded) {
+                    if ($relation = $model->getRelation($this->relationName)) {
+                        $loaded[] = $model->getDn();
+
+                        return $relation->recursive()->chunkRelation($pageSize, $callback, $loaded);
+                    }
+                });
+            });
         });
     }
 
@@ -168,8 +213,7 @@ class HasMany extends OneToMany
     /**
      * Attach a model to the relation.
      *
-     * @param Model|string $model
-     *
+     * @param  Model|string  $model
      * @return Model|string|false
      */
     public function attach($model)
@@ -184,8 +228,7 @@ class HasMany extends OneToMany
     /**
      * Build the attach callback.
      *
-     * @param Model|string $model
-     *
+     * @param  Model|string  $model
      * @return \Closure
      */
     protected function buildAttachCallback($model)
@@ -208,8 +251,7 @@ class HasMany extends OneToMany
     /**
      * Attach a collection of models to the parent instance.
      *
-     * @param iterable $models
-     *
+     * @param  iterable  $models
      * @return iterable
      */
     public function attachMany($models)
@@ -224,8 +266,7 @@ class HasMany extends OneToMany
     /**
      * Detach the model from the relation.
      *
-     * @param Model|string $model
-     *
+     * @param  Model|string  $model
      * @return Model|string|false
      */
     public function detach($model)
@@ -237,11 +278,29 @@ class HasMany extends OneToMany
         );
     }
 
+    /**
+     * Detach the model or delete the parent if the relation is empty.
+     *
+     * @param  Model|string  $model
+     * @return void
+     */
+    public function detachOrDeleteParent($model)
+    {
+        $count = $this->onceWithoutMerging(function () {
+            return $this->count();
+        });
+
+        if ($count <= 1) {
+            return $this->getParent()->delete();
+        }
+
+        return $this->detach($model);
+    }
+
     /**
      * Build the detach callback.
      *
-     * @param Model|string $model
-     *
+     * @param  Model|string  $model
      * @return \Closure
      */
     protected function buildDetachCallback($model)
@@ -264,8 +323,7 @@ class HasMany extends OneToMany
     /**
      * Get the attachable foreign value from the model.
      *
-     * @param Model|string $model
-     *
+     * @param  Model|string  $model
      * @return string
      */
     protected function getAttachableForeignValue($model)
@@ -282,8 +340,7 @@ class HasMany extends OneToMany
     /**
      * Get the foreign model by the given value, or fail.
      *
-     * @param string $model
-     *
+     * @param  string  $model
      * @return Model
      *
      * @throws ModelNotFoundException
@@ -305,10 +362,9 @@ class HasMany extends OneToMany
      *
      * If a bypassable exception is encountered, the value will be returned.
      *
-     * @param callable     $operation
-     * @param string|array $bypass
-     * @param mixed        $value
-     *
+     * @param  callable  $operation
+     * @param  string|array  $bypass
+     * @param  mixed  $value
      * @return mixed
      *
      * @throws LdapRecordException
@@ -341,4 +397,24 @@ class HasMany extends OneToMany
             });
         });
     }
+
+    /**
+     * Detach all relation models or delete the model if its relation is empty.
+     *
+     * @return Collection
+     */
+    public function detachAllOrDelete()
+    {
+        return $this->onceWithoutMerging(function () {
+            return $this->get()->each(function (Model $model) {
+                $relation = $model->getRelation($this->relationName);
+
+                if ($relation && $relation->count() >= 1) {
+                    $model->delete();
+                } else {
+                    $this->detach($model);
+                }
+            });
+        });
+    }
 }
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Relations/HasOne.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Relations/HasOne.php
index 7bad4ab63..243cd2ed9 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Relations/HasOne.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Relations/HasOne.php
@@ -25,8 +25,7 @@ class HasOne extends Relation
     /**
      * Attach a model instance to the parent model.
      *
-     * @param Model|string $model
-     *
+     * @param  Model|string  $model
      * @return Model|string
      *
      * @throws \LdapRecord\LdapRecordException
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Relations/OneToMany.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Relations/OneToMany.php
index 6d14c8574..aa873b60b 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Relations/OneToMany.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Relations/OneToMany.php
@@ -32,12 +32,12 @@ abstract class OneToMany extends Relation
     /**
      * Constructor.
      *
-     * @param Builder $query
-     * @param Model   $parent
-     * @param string  $related
-     * @param string  $relationKey
-     * @param string  $foreignKey
-     * @param string  $relationName
+     * @param  Builder  $query
+     * @param  Model  $parent
+     * @param  string  $related
+     * @param  string  $relationKey
+     * @param  string  $foreignKey
+     * @param  string  $relationName
      */
     public function __construct(Builder $query, Model $parent, $related, $relationKey, $foreignKey, $relationName)
     {
@@ -49,8 +49,7 @@ abstract class OneToMany extends Relation
     /**
      * Set the relation to load with its parent.
      *
-     * @param Relation $relation
-     *
+     * @param  Relation  $relation
      * @return $this
      */
     public function with(Relation $relation)
@@ -63,8 +62,7 @@ abstract class OneToMany extends Relation
     /**
      * Whether to include recursive results.
      *
-     * @param bool $enable
-     *
+     * @param  bool  $enable
      * @return $this
      */
     public function recursive($enable = true)
@@ -100,8 +98,7 @@ abstract class OneToMany extends Relation
     /**
      * Execute the callback excluding the merged query result.
      *
-     * @param callable $callback
-     *
+     * @param  callable  $callback
      * @return mixed
      */
     protected function onceWithoutMerging($callback)
@@ -142,8 +139,7 @@ abstract class OneToMany extends Relation
     /**
      * Get the results for the models relation recursively.
      *
-     * @param string[] $loaded The distinguished names of models already loaded
-     *
+     * @param  string[]  $loaded  The distinguished names of models already loaded
      * @return Collection
      */
     protected function getRecursiveResults(array $loaded = [])
@@ -172,15 +168,14 @@ abstract class OneToMany extends Relation
     /**
      * Get the recursive relation results for given model.
      *
-     * @param Model $model
-     * @param array $loaded
-     *
+     * @param  Model  $model
+     * @param  array  $loaded
      * @return Collection
      */
     protected function getRecursiveRelationResults(Model $model, array $loaded)
     {
-        return method_exists($model, $this->relationName)
-            ? $model->{$this->relationName}()->getRecursiveResults($loaded)
+        return ($relation = $model->getRelation($this->relationName))
+            ? $relation->getRecursiveResults($loaded)
             : $model->newCollection();
     }
 }
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Relations/Relation.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Relations/Relation.php
index 1b108fd91..31b0969c9 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Relations/Relation.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Relations/Relation.php
@@ -2,6 +2,7 @@
 
 namespace LdapRecord\Models\Relations;
 
+use Closure;
 use LdapRecord\Models\Entry;
 use LdapRecord\Models\Model;
 use LdapRecord\Query\Collection;
@@ -9,7 +10,8 @@ use LdapRecord\Query\Model\Builder;
 
 /**
  * @method bool exists($models = null) Determine if the relation contains all of the given models, or any models
- * @method bool contains($models)      Determine if any of the given models are contained in the relation
+ * @method bool contains($models) Determine if any of the given models are contained in the relation
+ * @method bool count() Retrieve the "count" result of the query.
  */
 abstract class Relation
 {
@@ -28,7 +30,7 @@ abstract class Relation
     protected $parent;
 
     /**
-     * The related models.
+     * The related model class names.
      *
      * @var array
      */
@@ -55,14 +57,28 @@ abstract class Relation
      */
     protected $default = Entry::class;
 
+    /**
+     * The callback to use for resolving relation models.
+     *
+     * @var Closure
+     */
+    protected static $modelResolver;
+
+    /**
+     * The methods that should be passed along to a relation collection.
+     *
+     * @var string[]
+     */
+    protected $passthru = ['count', 'exists', 'contains'];
+
     /**
      * Constructor.
      *
-     * @param Builder $query
-     * @param Model   $parent
-     * @param mixed   $related
-     * @param string  $relationKey
-     * @param string  $foreignKey
+     * @param  Builder  $query
+     * @param  Model  $parent
+     * @param  string|array  $related
+     * @param  string  $relationKey
+     * @param  string  $foreignKey
      */
     public function __construct(Builder $query, Model $parent, $related, $relationKey, $foreignKey)
     {
@@ -72,20 +88,23 @@ abstract class Relation
         $this->relationKey = $relationKey;
         $this->foreignKey = $foreignKey;
 
+        static::$modelResolver = static::$modelResolver ?? function (array $modelObjectClasses, array $relationMap) {
+            return array_search($modelObjectClasses, $relationMap);
+        };
+
         $this->initRelation();
     }
 
     /**
      * Handle dynamic method calls to the relationship.
      *
-     * @param string $method
-     * @param array  $parameters
-     *
+     * @param  string  $method
+     * @param  array  $parameters
      * @return mixed
      */
     public function __call($method, $parameters)
     {
-        if (in_array($method, ['exists', 'contains'])) {
+        if (in_array($method, $this->passthru)) {
             return $this->get('objectclass')->$method(...$parameters);
         }
 
@@ -98,6 +117,45 @@ abstract class Relation
         return $result;
     }
 
+    /**
+     * Set the callback to use for resolving models from relation results.
+     *
+     * @param  Closure  $callback
+     * @return void
+     */
+    public static function resolveModelsUsing(Closure $callback)
+    {
+        static::$modelResolver = $callback;
+    }
+
+    /**
+     * Only return objects matching the related model's object classes.
+     *
+     * @return $this
+     */
+    public function onlyRelated()
+    {
+        $relations = [];
+
+        foreach ($this->related as $related) {
+            $relations[$related] = $related::$objectClasses;
+        }
+
+        $relations = array_filter($relations);
+
+        if (empty($relations)) {
+            return $this;
+        }
+
+        $this->query->andFilter(function (Builder $query) use ($relations) {
+            foreach ($relations as $relation => $objectClasses) {
+                $query->whereIn('objectclass', $objectClasses);
+            }
+        });
+
+        return $this;
+    }
+
     /**
      * Get the results of the relationship.
      *
@@ -108,8 +166,7 @@ abstract class Relation
     /**
      * Execute the relationship query.
      *
-     * @param array|string $columns
-     *
+     * @param  array|string  $columns
      * @return Collection
      */
     public function get($columns = ['*'])
@@ -122,8 +179,7 @@ abstract class Relation
      *
      * If the query columns are empty, the given columns are applied.
      *
-     * @param array $columns
-     *
+     * @param  array  $columns
      * @return Collection
      */
     protected function getResultsWithColumns($columns)
@@ -138,8 +194,7 @@ abstract class Relation
     /**
      * Get the first result of the relationship.
      *
-     * @param array|string $columns
-     *
+     * @param  array|string  $columns
      * @return Model|null
      */
     public function first($columns = ['*'])
@@ -162,6 +217,21 @@ abstract class Relation
         return $this;
     }
 
+    /**
+     * Set the underlying query for the relation.
+     *
+     * @param  Builder  $query
+     * @return $this
+     */
+    public function setQuery(Builder $query)
+    {
+        $this->query = $query;
+
+        $this->initRelation();
+
+        return $this;
+    }
+
     /**
      * Get the underlying query for the relation.
      *
@@ -239,8 +309,7 @@ abstract class Relation
     /**
      * Get the foreign model by the given value.
      *
-     * @param string $value
-     *
+     * @param  string  $value
      * @return Model|null
      */
     protected function getForeignModelByValue($value)
@@ -253,8 +322,7 @@ abstract class Relation
     /**
      * Returns the escaped foreign key value for use in an LDAP filter from the model.
      *
-     * @param Model $model
-     *
+     * @param  Model  $model
      * @return string
      */
     protected function getEscapedForeignValueFromModel(Model $model)
@@ -277,8 +345,7 @@ abstract class Relation
     /**
      * Get the foreign key value from the model.
      *
-     * @param Model $model
-     *
+     * @param  Model  $model
      * @return string
      */
     protected function getForeignValueFromModel(Model $model)
@@ -291,9 +358,8 @@ abstract class Relation
     /**
      * Get the first attribute value from the model.
      *
-     * @param Model  $model
-     * @param string $attribute
-     *
+     * @param  Model  $model
+     * @param  string  $attribute
      * @return string|null
      */
     protected function getFirstAttributeValue(Model $model, $attribute)
@@ -304,20 +370,21 @@ abstract class Relation
     /**
      * Transforms the results by converting the models into their related.
      *
-     * @param Collection $results
-     *
+     * @param  Collection  $results
      * @return Collection
      */
     protected function transformResults(Collection $results)
     {
-        $related = [];
+        $relationMap = [];
 
         foreach ($this->related as $relation) {
-            $related[$relation] = $relation::$objectClasses;
+            $relationMap[$relation] = $this->normalizeObjectClasses(
+                $relation::$objectClasses
+            );
         }
 
-        return $results->transform(function (Model $entry) use ($related) {
-            $model = $this->determineModelFromRelated($entry, $related);
+        return $results->transform(function (Model $entry) use ($relationMap) {
+            $model = $this->determineModelFromRelated($entry, $relationMap);
 
             return class_exists($model) ? $entry->convert(new $model()) : $entry;
         });
@@ -334,29 +401,33 @@ abstract class Relation
     }
 
     /**
-     * Determines the model from the given relations.
+     * Determines the model from the given relation map.
      *
-     * @param Model $model
-     * @param array $related
-     *
-     * @return string|bool
+     * @param  Model  $model
+     * @param  array  $relationMap
+     * @return class-string|bool
      */
-    protected function determineModelFromRelated(Model $model, array $related)
+    protected function determineModelFromRelated(Model $model, array $relationMap)
     {
         // We must normalize all the related models object class
         // names to the same case so we are able to properly
         // determine the owning model from search results.
-        return array_search(
-            $this->normalizeObjectClasses($model->getObjectClasses()),
-            array_map([$this, 'normalizeObjectClasses'], $related)
+        $modelObjectClasses = $this->normalizeObjectClasses(
+            $model->getObjectClasses()
+        );
+
+        return call_user_func(
+            static::$modelResolver,
+            $modelObjectClasses,
+            $relationMap,
+            $model,
         );
     }
 
     /**
      * Sort and normalize the object classes.
      *
-     * @param array $classes
-     *
+     * @param  array  $classes
      * @return array
      */
     protected function normalizeObjectClasses($classes)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Scope.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Scope.php
index 321cae357..f61cf686b 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Scope.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Scope.php
@@ -9,9 +9,8 @@ interface Scope
     /**
      * Apply the scope to the given query.
      *
-     * @param Builder $query
-     * @param Model   $model
-     *
+     * @param  Builder  $query
+     * @param  Model  $model
      * @return void
      */
     public function apply(Builder $query, Model $model);
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Types/ActiveDirectory.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Types/ActiveDirectory.php
index 61d21ef28..3edcf88c9 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Types/ActiveDirectory.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Types/ActiveDirectory.php
@@ -23,7 +23,16 @@ interface ActiveDirectory extends TypeInterface
     /**
      * Returns the model's SID.
      *
+     * @param  string|null  $sid
      * @return string|null
      */
-    public function getConvertedSid();
+    public function getConvertedSid($sid = null);
+
+    /**
+     * Returns the model's binary SID.
+     *
+     * @param  string|null  $sid
+     * @return string|null
+     */
+    public function getBinarySid($sid = null);
 }
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Types/DirectoryServer.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Types/DirectoryServer.php
new file mode 100644
index 000000000..f06216cd5
--- /dev/null
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Models/Types/DirectoryServer.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace LdapRecord\Models\Types;
+
+interface DirectoryServer extends TypeInterface
+{
+    //
+}
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/ArrayCacheStore.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/ArrayCacheStore.php
index d7480a7b5..2fb9c9a72 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/ArrayCacheStore.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/ArrayCacheStore.php
@@ -53,8 +53,7 @@ class ArrayCacheStore implements CacheInterface
     /**
      * Get the expiration time of the key.
      *
-     * @param int $seconds
-     *
+     * @param  int  $seconds
      * @return int
      */
     protected function calculateExpiration($seconds)
@@ -65,8 +64,7 @@ class ArrayCacheStore implements CacheInterface
     /**
      * Get the UNIX timestamp for the given number of seconds.
      *
-     * @param int $seconds
-     *
+     * @param  int  $seconds
      * @return int
      */
     protected function toTimestamp($seconds)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Builder.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Builder.php
index b9e31960e..c93c17809 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Builder.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Builder.php
@@ -20,7 +20,6 @@ use LdapRecord\Query\Pagination\Paginator;
 use LdapRecord\Support\Arr;
 use LdapRecord\Utilities;
 
-/** @psalm-suppress UndefinedClass */
 class Builder
 {
     use EscapesValues;
@@ -144,7 +143,7 @@ class Builder
     /**
      * Constructor.
      *
-     * @param Connection $connection
+     * @param  Connection  $connection
      */
     public function __construct(Connection $connection)
     {
@@ -155,8 +154,7 @@ class Builder
     /**
      * Set the current connection.
      *
-     * @param Connection $connection
-     *
+     * @param  Connection  $connection
      * @return $this
      */
     public function setConnection(Connection $connection)
@@ -169,8 +167,7 @@ class Builder
     /**
      * Set the current filter grammar.
      *
-     * @param Grammar $grammar
-     *
+     * @param  Grammar  $grammar
      * @return $this
      */
     public function setGrammar(Grammar $grammar)
@@ -183,8 +180,7 @@ class Builder
     /**
      * Set the cache to store query results.
      *
-     * @param Cache|null $cache
-     *
+     * @param  Cache|null  $cache
      * @return $this
      */
     public function setCache(Cache $cache = null)
@@ -197,8 +193,7 @@ class Builder
     /**
      * Returns a new Query Builder instance.
      *
-     * @param string $baseDn
-     *
+     * @param  string  $baseDn
      * @return $this
      */
     public function newInstance($baseDn = null)
@@ -213,8 +208,7 @@ class Builder
     /**
      * Returns a new nested Query Builder instance.
      *
-     * @param Closure|null $closure
-     *
+     * @param  Closure|null  $closure
      * @return $this
      */
     public function newNestedInstance(Closure $closure = null)
@@ -231,8 +225,7 @@ class Builder
     /**
      * Executes the LDAP query.
      *
-     * @param string|array $columns
-     *
+     * @param  string|array  $columns
      * @return Collection|array
      */
     public function get($columns = ['*'])
@@ -247,9 +240,8 @@ class Builder
      *
      * After running the callback, the columns are reset to the original value.
      *
-     * @param array   $columns
-     * @param Closure $callback
-     *
+     * @param  array  $columns
+     * @param  Closure  $callback
      * @return mixed
      */
     protected function onceWithColumns($columns, Closure $callback)
@@ -336,8 +328,7 @@ class Builder
     /**
      * Set the base distinguished name of the query.
      *
-     * @param Model|string $dn
-     *
+     * @param  Model|string  $dn
      * @return $this
      */
     public function setBaseDn($dn)
@@ -370,8 +361,7 @@ class Builder
     /**
      * Set the distinguished name for the query.
      *
-     * @param string|Model|null $dn
-     *
+     * @param  string|Model|null  $dn
      * @return $this
      */
     public function setDn($dn = null)
@@ -384,8 +374,7 @@ class Builder
     /**
      * Substitute the base DN string template for the current base.
      *
-     * @param Model|string $dn
-     *
+     * @param  Model|string  $dn
      * @return string
      */
     protected function substituteBaseInDn($dn)
@@ -400,8 +389,7 @@ class Builder
     /**
      * Alias for setting the distinguished name for the query.
      *
-     * @param string|Model|null $dn
-     *
+     * @param  string|Model|null  $dn
      * @return $this
      */
     public function in($dn = null)
@@ -412,8 +400,7 @@ class Builder
     /**
      * Set the size limit of the current query.
      *
-     * @param int $limit
-     *
+     * @param  int  $limit
      * @return $this
      */
     public function limit($limit = 0)
@@ -426,8 +413,7 @@ class Builder
     /**
      * Returns a new query for the given model.
      *
-     * @param Model $model
-     *
+     * @param  Model  $model
      * @return ModelBuilder
      */
     public function model(Model $model)
@@ -441,8 +427,7 @@ class Builder
     /**
      * Performs the specified query on the current LDAP connection.
      *
-     * @param string $query
-     *
+     * @param  string  $query
      * @return Collection|array
      */
     public function query($query)
@@ -466,9 +451,8 @@ class Builder
     /**
      * Paginates the current LDAP query.
      *
-     * @param int  $pageSize
-     * @param bool $isCritical
-     *
+     * @param  int  $pageSize
+     * @param  bool  $isCritical
      * @return Collection|array
      */
     public function paginate($pageSize = 1000, $isCritical = false)
@@ -496,10 +480,9 @@ class Builder
     /**
      * Runs the paginate operation with the given filter.
      *
-     * @param string $filter
-     * @param int    $perPage
-     * @param bool   $isCritical
-     *
+     * @param  string  $filter
+     * @param  int  $perPage
+     * @param  bool  $isCritical
      * @return array
      */
     protected function runPaginate($filter, $perPage, $isCritical)
@@ -512,46 +495,51 @@ class Builder
     /**
      * Execute a callback over each item while chunking.
      *
-     * @param Closure $callback
-     * @param int     $count
-     *
+     * @param  Closure  $callback
+     * @param  int  $pageSize
+     * @param  bool  $isCritical
+     * @param  bool  $isolate
      * @return bool
      */
-    public function each(Closure $callback, $count = 1000)
+    public function each(Closure $callback, $pageSize = 1000, $isCritical = false, $isolate = false)
     {
-        return $this->chunk($count, function ($results) use ($callback) {
+        return $this->chunk($pageSize, function ($results) use ($callback) {
             foreach ($results as $key => $value) {
                 if ($callback($value, $key) === false) {
                     return false;
                 }
             }
-        });
+        }, $isCritical, $isolate);
     }
 
     /**
      * Chunk the results of a paginated LDAP query.
      *
-     * @param int     $pageSize
-     * @param Closure $callback
-     * @param bool    $isCritical
-     *
+     * @param  int  $pageSize
+     * @param  Closure  $callback
+     * @param  bool  $isCritical
+     * @param  bool  $isolate
      * @return bool
      */
-    public function chunk($pageSize, Closure $callback, $isCritical = false)
+    public function chunk($pageSize, Closure $callback, $isCritical = false, $isolate = false)
     {
         $start = microtime(true);
 
-        $query = $this->getQuery();
+        $chunk = function (Builder $query) use ($pageSize, $callback, $isCritical) {
+            $page = 1;
 
-        $page = 1;
+            foreach ($query->runChunk($this->getQuery(), $pageSize, $isCritical) as $chunk) {
+                if ($callback($this->process($chunk), $page) === false) {
+                    return false;
+                }
 
-        foreach ($this->runChunk($query, $pageSize, $isCritical) as $chunk) {
-            if ($callback($this->process($chunk), $page) === false) {
-                return false;
+                $page++;
             }
+        };
 
-            $page++;
-        }
+        $isolate ? $this->connection->isolate(function (Connection $replicate) use ($chunk) {
+            $chunk($this->clone()->setConnection($replicate));
+        }) : $chunk($this);
 
         $this->logQuery($this, 'chunk', $this->getElapsedTime($start));
 
@@ -561,11 +549,10 @@ class Builder
     /**
      * Runs the chunk operation with the given filter.
      *
-     * @param string $filter
-     * @param int    $perPage
-     * @param bool   $isCritical
-     *
-     * @return array
+     * @param  string  $filter
+     * @param  int  $perPage
+     * @param  bool  $isCritical
+     * @return \Generator
      */
     protected function runChunk($filter, $perPage, $isCritical)
     {
@@ -574,11 +561,61 @@ class Builder
         });
     }
 
+    /**
+     * Create a slice of the LDAP query into a page.
+     *
+     * @param  int  $page
+     * @param  int  $perPage
+     * @param  string  $orderBy
+     * @param  string  $orderByDir
+     * @return Slice
+     */
+    public function slice($page = 1, $perPage = 100, $orderBy = 'cn', $orderByDir = 'asc')
+    {
+        $results = $this->forPage($page, $perPage, $orderBy, $orderByDir);
+
+        $total = $this->controlsResponse[LDAP_CONTROL_VLVRESPONSE]['value']['count'] ?? 0;
+
+        // Some LDAP servers seem to have an issue where the last result in a virtual
+        // list view will always be returned, regardless of the offset being larger
+        // than the result itself. In this case, we will manually return an empty
+        // response so that no objects are deceivingly included in the slice.
+        $objects = $page > max((int) ceil($total / $perPage), 1)
+            ? ($this instanceof ModelBuilder ? $this->model->newCollection() : [])
+            : $results;
+
+        return new Slice($objects, $total, $perPage, $page);
+    }
+
+    /**
+     * Get the results of a query for a given page.
+     *
+     * @param  int  $page
+     * @param  int  $perPage
+     * @param  string  $orderBy
+     * @param  string  $orderByDir
+     * @return Collection|array
+     */
+    public function forPage($page = 1, $perPage = 100, $orderBy = 'cn', $orderByDir = 'asc')
+    {
+        if (! $this->hasOrderBy()) {
+            $this->orderBy($orderBy, $orderByDir);
+        }
+
+        $this->addControl(LDAP_CONTROL_VLVREQUEST, true, [
+            'before' => 0,
+            'after' => $perPage - 1,
+            'offset' => ($page * $perPage) - $perPage + 1,
+            'count' => 0,
+        ]);
+
+        return $this->get();
+    }
+
     /**
      * Processes and converts the given LDAP results into models.
      *
-     * @param array $results
-     *
+     * @param  array  $results
      * @return array
      */
     protected function process(array $results)
@@ -595,8 +632,7 @@ class Builder
     /**
      * Flattens LDAP paged results into a single array.
      *
-     * @param array $pages
-     *
+     * @param  array  $pages
      * @return array
      */
     protected function flattenPages(array $pages)
@@ -615,9 +651,8 @@ class Builder
     /**
      * Get the cached response or execute and cache the callback value.
      *
-     * @param string  $query
-     * @param Closure $callback
-     *
+     * @param  string  $query
+     * @param  Closure  $callback
      * @return mixed
      */
     protected function getCachedResponse($query, Closure $callback)
@@ -638,8 +673,7 @@ class Builder
     /**
      * Runs the query operation with the given filter.
      *
-     * @param string $filter
-     *
+     * @param  string  $filter
      * @return resource
      */
     public function run($filter)
@@ -668,8 +702,7 @@ class Builder
     /**
      * Parses the given LDAP resource by retrieving its entries.
      *
-     * @param resource $resource
-     *
+     * @param  resource  $resource
      * @return array
      */
     public function parse($resource)
@@ -708,13 +741,14 @@ class Builder
     /**
      * Returns the cache key.
      *
-     * @param string $query
-     *
+     * @param  string  $query
      * @return string
      */
     protected function getCacheKey($query)
     {
-        $host = $this->connection->getLdapConnection()->getHost();
+        $host = $this->connection->run(function (LdapInterface $ldap) {
+            return $ldap->getHost();
+        });
 
         $key = $host
             .$this->type
@@ -730,8 +764,7 @@ class Builder
     /**
      * Returns the first entry in a search result.
      *
-     * @param array|string $columns
-     *
+     * @param  array|string  $columns
      * @return Model|null
      */
     public function first($columns = ['*'])
@@ -746,8 +779,7 @@ class Builder
      *
      * If no entry is found, an exception is thrown.
      *
-     * @param array|string $columns
-     *
+     * @param  array|string  $columns
      * @return Model|array
      *
      * @throws ObjectNotFoundException
@@ -764,8 +796,7 @@ class Builder
     /**
      * Return the first entry in a result, or execute the callback.
      *
-     * @param Closure $callback
-     *
+     * @param  Closure  $callback
      * @return Model|mixed
      */
     public function firstOr(Closure $callback)
@@ -776,8 +807,7 @@ class Builder
     /**
      * Execute the query and get the first result if it's the sole matching record.
      *
-     * @param array|string $columns
-     *
+     * @param  array|string  $columns
      * @return Model|array
      *
      * @throws ObjectsNotFoundException
@@ -821,8 +851,7 @@ class Builder
     /**
      * Execute the given callback if no rows exist for the current query.
      *
-     * @param Closure $callback
-     *
+     * @param  Closure  $callback
      * @return bool|mixed
      */
     public function existsOr(Closure $callback)
@@ -833,8 +862,8 @@ class Builder
     /**
      * Throws a not found exception.
      *
-     * @param string $query
-     * @param string $dn
+     * @param  string  $query
+     * @param  string  $dn
      *
      * @throws ObjectNotFoundException
      */
@@ -846,10 +875,9 @@ class Builder
     /**
      * Finds a record by the specified attribute and value.
      *
-     * @param string       $attribute
-     * @param string       $value
-     * @param array|string $columns
-     *
+     * @param  string  $attribute
+     * @param  string  $value
+     * @param  array|string  $columns
      * @return Model|static|null
      */
     public function findBy($attribute, $value, $columns = ['*'])
@@ -866,10 +894,9 @@ class Builder
      *
      * If no record is found an exception is thrown.
      *
-     * @param string       $attribute
-     * @param string       $value
-     * @param array|string $columns
-     *
+     * @param  string  $attribute
+     * @param  string  $value
+     * @param  array|string  $columns
      * @return Model
      *
      * @throws ObjectNotFoundException
@@ -882,9 +909,8 @@ class Builder
     /**
      * Find many records by distinguished name.
      *
-     * @param array $dns
-     * @param array $columns
-     *
+     * @param  string|array  $dns
+     * @param  array  $columns
      * @return array|Collection
      */
     public function findMany($dns, $columns = ['*'])
@@ -895,7 +921,7 @@ class Builder
 
         $objects = [];
 
-        foreach ($dns as $dn) {
+        foreach ((array) $dns as $dn) {
             if (! is_null($object = $this->find($dn, $columns))) {
                 $objects[] = $object;
             }
@@ -907,10 +933,9 @@ class Builder
     /**
      * Finds many records by the specified attribute.
      *
-     * @param string $attribute
-     * @param array  $values
-     * @param array  $columns
-     *
+     * @param  string  $attribute
+     * @param  array  $values
+     * @param  array  $columns
      * @return Collection
      */
     public function findManyBy($attribute, array $values = [], $columns = ['*'])
@@ -927,9 +952,8 @@ class Builder
     /**
      * Finds a record by its distinguished name.
      *
-     * @param string|array $dn
-     * @param array|string $columns
-     *
+     * @param  string|array  $dn
+     * @param  array|string  $columns
      * @return Model|static|array|Collection|null
      */
     public function find($dn, $columns = ['*'])
@@ -950,9 +974,8 @@ class Builder
      *
      * Fails upon no records returned.
      *
-     * @param string       $dn
-     * @param array|string $columns
-     *
+     * @param  string  $dn
+     * @param  array|string  $columns
      * @return Model|static
      *
      * @throws ObjectNotFoundException
@@ -968,8 +991,7 @@ class Builder
     /**
      * Adds the inserted fields to query on the current LDAP connection.
      *
-     * @param array|string $columns
-     *
+     * @param  array|string  $columns
      * @return $this
      */
     public function select($columns = ['*'])
@@ -986,8 +1008,7 @@ class Builder
     /**
      * Add a new select column to the query.
      *
-     * @param array|mixed $column
-     *
+     * @param  array|mixed  $column
      * @return $this
      */
     public function addSelect($column)
@@ -1002,9 +1023,8 @@ class Builder
     /**
      * Add an order by control to the query.
      *
-     * @param string $attribute
-     * @param string $direction
-     *
+     * @param  string  $attribute
+     * @param  string  $direction
      * @return $this
      */
     public function orderBy($attribute, $direction = 'asc')
@@ -1017,8 +1037,7 @@ class Builder
     /**
      * Add an order by descending control to the query.
      *
-     * @param string $attribute
-     *
+     * @param  string  $attribute
      * @return $this
      */
     public function orderByDesc($attribute)
@@ -1026,11 +1045,20 @@ class Builder
         return $this->orderBy($attribute, 'desc');
     }
 
+    /**
+     * Determine if the query has a sotr request control header.
+     *
+     * @return bool
+     */
+    public function hasOrderBy()
+    {
+        return $this->hasControl(LDAP_CONTROL_SORTREQUEST);
+    }
+
     /**
      * Adds a raw filter to the current query.
      *
-     * @param array|string $filters
-     *
+     * @param  array|string  $filters
      * @return $this
      */
     public function rawFilter($filters = [])
@@ -1047,8 +1075,7 @@ class Builder
     /**
      * Adds a nested 'and' filter to the current query.
      *
-     * @param Closure $closure
-     *
+     * @param  Closure  $closure
      * @return $this
      */
     public function andFilter(Closure $closure)
@@ -1063,8 +1090,7 @@ class Builder
     /**
      * Adds a nested 'or' filter to the current query.
      *
-     * @param Closure $closure
-     *
+     * @param  Closure  $closure
      * @return $this
      */
     public function orFilter(Closure $closure)
@@ -1079,8 +1105,7 @@ class Builder
     /**
      * Adds a nested 'not' filter to the current query.
      *
-     * @param Closure $closure
-     *
+     * @param  Closure  $closure
      * @return $this
      */
     public function notFilter(Closure $closure)
@@ -1095,12 +1120,11 @@ class Builder
     /**
      * Adds a where clause to the current query.
      *
-     * @param string|array $field
-     * @param string       $operator
-     * @param string       $value
-     * @param string       $boolean
-     * @param bool         $raw
-     *
+     * @param  string|array  $field
+     * @param  string  $operator
+     * @param  string  $value
+     * @param  string  $boolean
+     * @param  bool  $raw
      * @return $this
      *
      * @throws InvalidArgumentException
@@ -1138,10 +1162,9 @@ class Builder
     /**
      * Prepare the value for being queried.
      *
-     * @param string $field
-     * @param string $value
-     * @param bool   $raw
-     *
+     * @param  string  $field
+     * @param  string  $value
+     * @param  bool  $raw
      * @return string
      */
     protected function prepareWhereValue($field, $value, $raw = false)
@@ -1154,10 +1177,9 @@ class Builder
      *
      * Values given to this method are not escaped.
      *
-     * @param string|array $field
-     * @param string       $operator
-     * @param string       $value
-     *
+     * @param  string|array  $field
+     * @param  string  $operator
+     * @param  string  $value
      * @return $this
      */
     public function whereRaw($field, $operator = null, $value = null)
@@ -1168,9 +1190,8 @@ class Builder
     /**
      * Adds a 'where equals' clause to the current query.
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return $this
      */
     public function whereEquals($field, $value)
@@ -1181,9 +1202,8 @@ class Builder
     /**
      * Adds a 'where not equals' clause to the current query.
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return $this
      */
     public function whereNotEquals($field, $value)
@@ -1194,9 +1214,8 @@ class Builder
     /**
      * Adds a 'where approximately equals' clause to the current query.
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return $this
      */
     public function whereApproximatelyEquals($field, $value)
@@ -1207,8 +1226,7 @@ class Builder
     /**
      * Adds a 'where has' clause to the current query.
      *
-     * @param string $field
-     *
+     * @param  string  $field
      * @return $this
      */
     public function whereHas($field)
@@ -1219,8 +1237,7 @@ class Builder
     /**
      * Adds a 'where not has' clause to the current query.
      *
-     * @param string $field
-     *
+     * @param  string  $field
      * @return $this
      */
     public function whereNotHas($field)
@@ -1231,9 +1248,8 @@ class Builder
     /**
      * Adds a 'where contains' clause to the current query.
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return $this
      */
     public function whereContains($field, $value)
@@ -1244,9 +1260,8 @@ class Builder
     /**
      * Adds a 'where contains' clause to the current query.
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return $this
      */
     public function whereNotContains($field, $value)
@@ -1257,9 +1272,8 @@ class Builder
     /**
      * Query for entries that match any of the values provided for the given field.
      *
-     * @param string $field
-     * @param array  $values
-     *
+     * @param  string  $field
+     * @param  array  $values
      * @return $this
      */
     public function whereIn($field, array $values)
@@ -1274,9 +1288,8 @@ class Builder
     /**
      * Adds a 'between' clause to the current query.
      *
-     * @param string $field
-     * @param array  $values
-     *
+     * @param  string  $field
+     * @param  array  $values
      * @return $this
      */
     public function whereBetween($field, array $values)
@@ -1290,9 +1303,8 @@ class Builder
     /**
      * Adds a 'where starts with' clause to the current query.
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return $this
      */
     public function whereStartsWith($field, $value)
@@ -1303,9 +1315,8 @@ class Builder
     /**
      * Adds a 'where *not* starts with' clause to the current query.
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return $this
      */
     public function whereNotStartsWith($field, $value)
@@ -1316,9 +1327,8 @@ class Builder
     /**
      * Adds a 'where ends with' clause to the current query.
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return $this
      */
     public function whereEndsWith($field, $value)
@@ -1329,9 +1339,8 @@ class Builder
     /**
      * Adds a 'where *not* ends with' clause to the current query.
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return $this
      */
     public function whereNotEndsWith($field, $value)
@@ -1362,10 +1371,9 @@ class Builder
     /**
      * Add a server control to the query.
      *
-     * @param string $oid
-     * @param bool   $isCritical
-     * @param mixed  $value
-     *
+     * @param  string  $oid
+     * @param  bool  $isCritical
+     * @param  mixed  $value
      * @return $this
      */
     public function addControl($oid, $isCritical = false, $value = null)
@@ -1378,8 +1386,7 @@ class Builder
     /**
      * Determine if the server control exists on the query.
      *
-     * @param string $oid
-     *
+     * @param  string  $oid
      * @return bool
      */
     public function hasControl($oid)
@@ -1390,10 +1397,9 @@ class Builder
     /**
      * Adds an 'or where' clause to the current query.
      *
-     * @param array|string $field
-     * @param string|null  $operator
-     * @param string|null  $value
-     *
+     * @param  array|string  $field
+     * @param  string|null  $operator
+     * @param  string|null  $value
      * @return $this
      */
     public function orWhere($field, $operator = null, $value = null)
@@ -1406,10 +1412,9 @@ class Builder
      *
      * Values given to this method are not escaped.
      *
-     * @param string $field
-     * @param string $operator
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $operator
+     * @param  string  $value
      * @return $this
      */
     public function orWhereRaw($field, $operator = null, $value = null)
@@ -1420,8 +1425,7 @@ class Builder
     /**
      * Adds an 'or where has' clause to the current query.
      *
-     * @param string $field
-     *
+     * @param  string  $field
      * @return $this
      */
     public function orWhereHas($field)
@@ -1432,8 +1436,7 @@ class Builder
     /**
      * Adds a 'where not has' clause to the current query.
      *
-     * @param string $field
-     *
+     * @param  string  $field
      * @return $this
      */
     public function orWhereNotHas($field)
@@ -1444,9 +1447,8 @@ class Builder
     /**
      * Adds an 'or where equals' clause to the current query.
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return $this
      */
     public function orWhereEquals($field, $value)
@@ -1457,9 +1459,8 @@ class Builder
     /**
      * Adds an 'or where not equals' clause to the current query.
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return $this
      */
     public function orWhereNotEquals($field, $value)
@@ -1470,9 +1471,8 @@ class Builder
     /**
      * Adds a 'or where approximately equals' clause to the current query.
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return $this
      */
     public function orWhereApproximatelyEquals($field, $value)
@@ -1483,9 +1483,8 @@ class Builder
     /**
      * Adds an 'or where contains' clause to the current query.
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return $this
      */
     public function orWhereContains($field, $value)
@@ -1496,9 +1495,8 @@ class Builder
     /**
      * Adds an 'or where *not* contains' clause to the current query.
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return $this
      */
     public function orWhereNotContains($field, $value)
@@ -1509,9 +1507,8 @@ class Builder
     /**
      * Adds an 'or where starts with' clause to the current query.
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return $this
      */
     public function orWhereStartsWith($field, $value)
@@ -1522,9 +1519,8 @@ class Builder
     /**
      * Adds an 'or where *not* starts with' clause to the current query.
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return $this
      */
     public function orWhereNotStartsWith($field, $value)
@@ -1535,9 +1531,8 @@ class Builder
     /**
      * Adds an 'or where ends with' clause to the current query.
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return $this
      */
     public function orWhereEndsWith($field, $value)
@@ -1548,9 +1543,8 @@ class Builder
     /**
      * Adds an 'or where *not* ends with' clause to the current query.
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return $this
      */
     public function orWhereNotEndsWith($field, $value)
@@ -1561,9 +1555,8 @@ class Builder
     /**
      * Adds a filter binding onto the current query.
      *
-     * @param string $type     The type of filter to add.
-     * @param array  $bindings The bindings of the filter.
-     *
+     * @param  string  $type  The type of filter to add.
+     * @param  array  $bindings  The bindings of the filter.
      * @return $this
      *
      * @throws InvalidArgumentException
@@ -1591,8 +1584,7 @@ class Builder
     /**
      * Extract any missing required binding keys.
      *
-     * @param array $bindings
-     *
+     * @param  array  $bindings
      * @return array
      */
     protected function missingBindingKeys($bindings)
@@ -1704,8 +1696,7 @@ class Builder
     /**
      * Whether to mark the current query as nested.
      *
-     * @param bool $nested
-     *
+     * @param  bool  $nested
      * @return $this
      */
     public function nested($nested = true)
@@ -1720,9 +1711,8 @@ class Builder
      *
      * If flushing is enabled, the query cache will be flushed and then re-cached.
      *
-     * @param DateTimeInterface $until When to expire the query cache.
-     * @param bool              $flush Whether to force-flush the query cache.
-     *
+     * @param  DateTimeInterface  $until  When to expire the query cache.
+     * @param  bool  $flush  Whether to force-flush the query cache.
      * @return $this
      */
     public function cache(DateTimeInterface $until = null, $flush = false)
@@ -1757,9 +1747,8 @@ class Builder
     /**
      * Insert an entry into the directory.
      *
-     * @param string $dn
-     * @param array  $attributes
-     *
+     * @param  string  $dn
+     * @param  array  $attributes
      * @return bool
      *
      * @throws LdapRecordException
@@ -1784,9 +1773,8 @@ class Builder
     /**
      * Create attributes on the entry in the directory.
      *
-     * @param string $dn
-     * @param array  $attributes
-     *
+     * @param  string  $dn
+     * @param  array  $attributes
      * @return bool
      */
     public function insertAttributes($dn, array $attributes)
@@ -1799,9 +1787,8 @@ class Builder
     /**
      * Update the entry with the given modifications.
      *
-     * @param string $dn
-     * @param array  $modifications
-     *
+     * @param  string  $dn
+     * @param  array  $modifications
      * @return bool
      */
     public function update($dn, array $modifications)
@@ -1814,9 +1801,8 @@ class Builder
     /**
      * Update an entries attribute in the directory.
      *
-     * @param string $dn
-     * @param array  $attributes
-     *
+     * @param  string  $dn
+     * @param  array  $attributes
      * @return bool
      */
     public function updateAttributes($dn, array $attributes)
@@ -1829,8 +1815,7 @@ class Builder
     /**
      * Delete an entry from the directory.
      *
-     * @param string $dn
-     *
+     * @param  string  $dn
      * @return bool
      */
     public function delete($dn)
@@ -1843,9 +1828,8 @@ class Builder
     /**
      * Delete attributes on the entry in the directory.
      *
-     * @param string $dn
-     * @param array  $attributes
-     *
+     * @param  string  $dn
+     * @param  array  $attributes
      * @return bool
      */
     public function deleteAttributes($dn, array $attributes)
@@ -1858,11 +1842,10 @@ class Builder
     /**
      * Rename an entry in the directory.
      *
-     * @param string $dn
-     * @param string $rdn
-     * @param string $newParentDn
-     * @param bool   $deleteOldRdn
-     *
+     * @param  string  $dn
+     * @param  string  $rdn
+     * @param  string  $newParentDn
+     * @param  bool  $deleteOldRdn
      * @return bool
      */
     public function rename($dn, $rdn, $newParentDn, $deleteOldRdn = true)
@@ -1872,12 +1855,21 @@ class Builder
         });
     }
 
+    /**
+     * Clone the query.
+     *
+     * @return static
+     */
+    public function clone()
+    {
+        return clone $this;
+    }
+
     /**
      * Handle dynamic method calls on the query builder.
      *
-     * @param string $method
-     * @param array  $parameters
-     *
+     * @param  string  $method
+     * @param  array  $parameters
      * @return mixed
      *
      * @throws BadMethodCallException
@@ -1901,9 +1893,8 @@ class Builder
     /**
      * Handles dynamic "where" clauses to the query.
      *
-     * @param string $method
-     * @param array  $parameters
-     *
+     * @param  string  $method
+     * @param  array  $parameters
      * @return $this
      */
     public function dynamicWhere($method, $parameters)
@@ -1943,10 +1934,9 @@ class Builder
     /**
      * Adds an array of wheres to the current query.
      *
-     * @param array  $wheres
-     * @param string $boolean
-     * @param bool   $raw
-     *
+     * @param  array  $wheres
+     * @param  string  $boolean
+     * @param  bool  $raw
      * @return $this
      */
     protected function addArrayOfWheres($wheres, $boolean, $raw)
@@ -1975,11 +1965,10 @@ class Builder
     /**
      * Add a single dynamic where clause statement to the query.
      *
-     * @param string $segment
-     * @param string $connector
-     * @param array  $parameters
-     * @param int    $index
-     *
+     * @param  string  $segment
+     * @param  string  $connector
+     * @param  array  $parameters
+     * @param  int  $index
      * @return void
      */
     protected function addDynamic($segment, $connector, $parameters, $index)
@@ -1996,10 +1985,9 @@ class Builder
     /**
      * Logs the given executed query information by firing its query event.
      *
-     * @param Builder    $query
-     * @param string     $type
-     * @param null|float $time
-     *
+     * @param  Builder  $query
+     * @param  string  $type
+     * @param  null|float  $time
      * @return void
      */
     protected function logQuery($query, $type, $time = null)
@@ -2030,8 +2018,7 @@ class Builder
     /**
      * Fires the given query event.
      *
-     * @param QueryExecuted $event
-     *
+     * @param  QueryExecuted  $event
      * @return void
      */
     protected function fireQueryEvent(QueryExecuted $event)
@@ -2042,8 +2029,7 @@ class Builder
     /**
      * Get the elapsed time since a given starting point.
      *
-     * @param int $start
-     *
+     * @param  int  $start
      * @return float
      */
     protected function getElapsedTime($start)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Cache.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Cache.php
index dfbf8cd28..d6057bfb3 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Cache.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Cache.php
@@ -21,7 +21,7 @@ class Cache
     /**
      * Constructor.
      *
-     * @param CacheInterface $store
+     * @param  CacheInterface  $store
      */
     public function __construct(CacheInterface $store)
     {
@@ -31,8 +31,7 @@ class Cache
     /**
      * Get an item from the cache.
      *
-     * @param string $key
-     *
+     * @param  string  $key
      * @return mixed
      */
     public function get($key)
@@ -43,10 +42,9 @@ class Cache
     /**
      * Store an item in the cache.
      *
-     * @param string                                  $key
-     * @param mixed                                   $value
-     * @param DateTimeInterface|DateInterval|int|null $ttl
-     *
+     * @param  string  $key
+     * @param  mixed  $value
+     * @param  DateTimeInterface|DateInterval|int|null  $ttl
      * @return bool
      */
     public function put($key, $value, $ttl = null)
@@ -63,10 +61,9 @@ class Cache
     /**
      * Get an item from the cache, or execute the given Closure and store the result.
      *
-     * @param string                                  $key
-     * @param DateTimeInterface|DateInterval|int|null $ttl
-     * @param Closure                                 $callback
-     *
+     * @param  string  $key
+     * @param  DateTimeInterface|DateInterval|int|null  $ttl
+     * @param  Closure  $callback
      * @return mixed
      */
     public function remember($key, $ttl, Closure $callback)
@@ -85,8 +82,7 @@ class Cache
     /**
      * Delete an item from the cache.
      *
-     * @param string $key
-     *
+     * @param  string  $key
      * @return bool
      */
     public function delete($key)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Events/QueryExecuted.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Events/QueryExecuted.php
index 4f17ea2a4..8ed8f835d 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Events/QueryExecuted.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Events/QueryExecuted.php
@@ -23,8 +23,8 @@ class QueryExecuted
     /**
      * Constructor.
      *
-     * @param Builder    $query
-     * @param null|float $time
+     * @param  Builder  $query
+     * @param  null|float  $time
      */
     public function __construct(Builder $query, $time = null)
     {
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Filter/ConditionNode.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Filter/ConditionNode.php
new file mode 100644
index 000000000..6203360c5
--- /dev/null
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Filter/ConditionNode.php
@@ -0,0 +1,100 @@
+<?php
+
+namespace LdapRecord\Query\Filter;
+
+use LdapRecord\Support\Str;
+
+class ConditionNode extends Node
+{
+    /**
+     * The condition's attribute.
+     *
+     * @var string
+     */
+    protected $attribute;
+
+    /**
+     * The condition's operator.
+     *
+     * @var string
+     */
+    protected $operator;
+
+    /**
+     * The condition's value.
+     *
+     * @var string
+     */
+    protected $value;
+
+    /**
+     * The available condition operators.
+     *
+     * @var array
+     */
+    protected $operators = ['>=', '<=', '~=', '='];
+
+    /**
+     * Constructor.
+     *
+     * @param  string  $filter
+     */
+    public function __construct($filter)
+    {
+        $this->raw = $filter;
+
+        [$this->attribute, $this->value] = $this->extractComponents($filter);
+    }
+
+    /**
+     * Get the condition's attribute.
+     *
+     * @return string
+     */
+    public function getAttribute()
+    {
+        return $this->attribute;
+    }
+
+    /**
+     * Get the condition's operator.
+     *
+     * @return string
+     */
+    public function getOperator()
+    {
+        return $this->operator;
+    }
+
+    /**
+     * Get the condition's value.
+     *
+     * @return string
+     */
+    public function getValue()
+    {
+        return $this->value;
+    }
+
+    /**
+     * Extract the condition components from the filter.
+     *
+     * @param  string  $filter
+     * @return array
+     */
+    protected function extractComponents($filter)
+    {
+        $components = Str::whenContains(
+            $filter,
+            $this->operators,
+            function ($operator, $filter) {
+                return explode($this->operator = $operator, $filter, 2);
+            },
+            function ($filter) {
+                throw new ParserException("Invalid query condition. No operator found in [$filter]");
+            },
+        );
+
+        return $components;
+    }
+}
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Filter/GroupNode.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Filter/GroupNode.php
new file mode 100644
index 000000000..1a3596f3e
--- /dev/null
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Filter/GroupNode.php
@@ -0,0 +1,54 @@
+<?php
+
+namespace LdapRecord\Query\Filter;
+
+class GroupNode extends Node
+{
+    /**
+     * The group's operator.
+     *
+     * @var string
+     */
+    protected $operator;
+
+    /**
+     * The group's sub-nodes.
+     *
+     * @var Node[]
+     */
+    protected $nodes = [];
+
+    /**
+     * Constructor.
+     *
+     * @param  string  $filter
+     */
+    public function __construct($filter)
+    {
+        $this->raw = $filter;
+
+        $this->operator = substr($filter, 0, 1);
+
+        $this->nodes = Parser::parse($filter);
+    }
+
+    /**
+     * Get the group's operator.
+     *
+     * @return string
+     */
+    public function getOperator()
+    {
+        return $this->operator;
+    }
+
+    /**
+     * Get the group's sub-nodes.
+     *
+     * @return Node[]
+     */
+    public function getNodes()
+    {
+        return $this->nodes;
+    }
+}
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Filter/Node.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Filter/Node.php
new file mode 100644
index 000000000..faf88d41f
--- /dev/null
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Filter/Node.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace LdapRecord\Query\Filter;
+
+abstract class Node
+{
+    /**
+     * The raw value of the node.
+     *
+     * @var string
+     */
+    protected $raw;
+
+    /**
+     * Create a new filter node.
+     *
+     * @param  string  $filter
+     */
+    abstract public function __construct($filter);
+
+    /**
+     * Get the raw value of the node.
+     *
+     * @return string
+     */
+    public function getRaw()
+    {
+        return $this->raw;
+    }
+}
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Filter/Parser.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Filter/Parser.php
new file mode 100644
index 000000000..7717ac522
--- /dev/null
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Filter/Parser.php
@@ -0,0 +1,162 @@
+<?php
+
+namespace LdapRecord\Query\Filter;
+
+use LdapRecord\Support\Arr;
+use LdapRecord\Support\Str;
+
+class Parser
+{
+    /**
+     * Parse an LDAP filter into nodes.
+     *
+     * @param  string  $string
+     * @return (ConditionNode|GroupNode)[]
+     *
+     * @throws ParserException
+     */
+    public static function parse($string)
+    {
+        [$open, $close] = static::countParenthesis($string);
+
+        if ($open !== $close) {
+            $errors = [-1 => '"("', 1 => '")"'];
+
+            throw new ParserException(
+                sprintf('Unclosed filter group. Missing %s parenthesis', $errors[$open <=> $close])
+            );
+        }
+
+        return static::buildNodes(
+            array_map('trim', static::match($string))
+        );
+    }
+
+    /**
+     * Perform a match for all filters in the string.
+     *
+     * @param  string  $string
+     * @return array
+     */
+    protected static function match($string)
+    {
+        preg_match_all("/\((((?>[^()]+)|(?R))*)\)/", trim($string), $matches);
+
+        return $matches[1] ?? [];
+    }
+
+    /**
+     * Assemble the parsed nodes into a single filter.
+     *
+     * @param  Node|Node[]  $nodes
+     * @return string
+     */
+    public static function assemble($nodes = [])
+    {
+        return array_reduce(Arr::wrap($nodes), function ($carry, Node $node) {
+            return $carry .= static::compileNode($node);
+        });
+    }
+
+    /**
+     * Assemble the node into its string based format.
+     *
+     * @param  GroupNode|ConditionNode  $node
+     * @return string
+     */
+    protected static function compileNode(Node $node)
+    {
+        switch (true) {
+            case $node instanceof GroupNode:
+                return static::wrap($node->getOperator().static::assemble($node->getNodes()));
+            case $node instanceof ConditionNode:
+                return static::wrap($node->getAttribute().$node->getOperator().$node->getValue());
+            default:
+                return $node->getRaw();
+        }
+    }
+
+    /**
+     * Build an array of nodes from the given filters.
+     *
+     * @param  string[]  $filters
+     * @return (ConditionNode|GroupNode)[]
+     *
+     * @throws ParserException
+     */
+    protected static function buildNodes(array $filters = [])
+    {
+        return array_map(function ($filter) {
+            if (static::isWrapped($filter)) {
+                $filter = static::unwrap($filter);
+            }
+
+            if (static::isGroup($filter) && ! Str::endsWith($filter, ')')) {
+                throw new ParserException(sprintf('Unclosed filter group [%s]', Str::afterLast($filter, ')')));
+            }
+
+            return static::isGroup($filter)
+                ? new GroupNode($filter)
+                : new ConditionNode($filter);
+        }, $filters);
+    }
+
+    /**
+     * Count the open and close parenthesis of the sting.
+     *
+     * @param  string  $string
+     * @return array
+     */
+    protected static function countParenthesis($string)
+    {
+        return [Str::substrCount($string, '('), Str::substrCount($string, ')')];
+    }
+
+    /**
+     * Wrap the value in parentheses.
+     *
+     * @param  string  $value
+     * @return string
+     */
+    protected static function wrap($value)
+    {
+        return "($value)";
+    }
+
+    /**
+     * Recursively unwrwap the value from its parentheses.
+     *
+     * @param  string  $value
+     * @return string
+     */
+    protected static function unwrap($value)
+    {
+        $nodes = static::parse($value);
+
+        $unwrapped = Arr::first($nodes);
+
+        return $unwrapped instanceof Node ? $unwrapped->getRaw() : $value;
+    }
+
+    /**
+     * Determine if the filter is wrapped.
+     *
+     * @param  string  $filter
+     * @return bool
+     */
+    protected static function isWrapped($filter)
+    {
+        return Str::startsWith($filter, '(') && Str::endsWith($filter, ')');
+    }
+
+    /**
+     * Determine if the filter is a group.
+     *
+     * @param  string  $filter
+     * @return bool
+     */
+    protected static function isGroup($filter)
+    {
+        return Str::startsWith($filter, ['&', '|', '!']);
+    }
+}
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Filter/ParserException.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Filter/ParserException.php
new file mode 100644
index 000000000..68a4ca171
--- /dev/null
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Filter/ParserException.php
@@ -0,0 +1,9 @@
+<?php
+
+namespace LdapRecord\Query\Filter;
+
+use LdapRecord\LdapRecordException;
+
+class ParserException extends LdapRecordException
+{
+}
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Grammar.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Grammar.php
index 35a6c4844..84c4b8d0c 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Grammar.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Grammar.php
@@ -50,10 +50,9 @@ class Grammar
      *
      * Produces: (query)
      *
-     * @param string $query
-     * @param string $prefix
-     * @param string $suffix
-     *
+     * @param  string  $query
+     * @param  string  $prefix
+     * @param  string  $suffix
      * @return string
      */
     public function wrap($query, $prefix = '(', $suffix = ')')
@@ -64,8 +63,7 @@ class Grammar
     /**
      * Compiles the Builder instance into an LDAP query string.
      *
-     * @param Builder $query
-     *
+     * @param  Builder  $query
      * @return string
      */
     public function compile(Builder $query)
@@ -91,8 +89,7 @@ class Grammar
     /**
      * Determine if the query must be wrapped in an encapsulating statement.
      *
-     * @param Builder $query
-     *
+     * @param  Builder  $query
      * @return bool
      */
     protected function queryMustBeWrapped(Builder $query)
@@ -103,8 +100,7 @@ class Grammar
     /**
      * Assembles all of the "raw" filters on the query.
      *
-     * @param Builder $builder
-     *
+     * @param  Builder  $builder
      * @return string
      */
     protected function compileRaws(Builder $builder)
@@ -115,9 +111,8 @@ class Grammar
     /**
      * Assembles all where clauses in the current wheres property.
      *
-     * @param Builder $builder
-     * @param string  $type
-     *
+     * @param  Builder  $builder
+     * @param  string  $type
      * @return string
      */
     protected function compileWheres(Builder $builder, $type = 'and')
@@ -134,8 +129,7 @@ class Grammar
     /**
      * Assembles all or where clauses in the current orWheres property.
      *
-     * @param Builder $query
-     *
+     * @param  Builder  $query
      * @return string
      */
     protected function compileOrWheres(Builder $query)
@@ -161,8 +155,7 @@ class Grammar
     /**
      * Determine if the query can be wrapped in a single or statement.
      *
-     * @param Builder $query
-     *
+     * @param  Builder  $query
      * @return bool
      */
     protected function queryCanBeWrappedInSingleOrStatement(Builder $query)
@@ -175,8 +168,7 @@ class Grammar
     /**
      * Concatenates filters into a single string.
      *
-     * @param array $bindings
-     *
+     * @param  array  $bindings
      * @return string
      */
     public function concatenate(array $bindings = [])
@@ -190,8 +182,7 @@ class Grammar
     /**
      * Determine if the binding value is not empty.
      *
-     * @param string $value
-     *
+     * @param  string  $value
      * @return bool
      */
     protected function bindingValueIsNotEmpty($value)
@@ -202,8 +193,7 @@ class Grammar
     /**
      * Determine if the query is using multiple filters.
      *
-     * @param Builder $query
-     *
+     * @param  Builder  $query
      * @return bool
      */
     protected function hasMultipleFilters(Builder $query)
@@ -214,11 +204,10 @@ class Grammar
     /**
      * Determine if the query contains the given filter statement type.
      *
-     * @param Builder      $query
-     * @param string|array $type
-     * @param string       $operator
-     * @param int          $count
-     *
+     * @param  Builder  $query
+     * @param  string|array  $type
+     * @param  string  $operator
+     * @param  int  $count
      * @return bool
      */
     protected function has(Builder $query, $type, $operator = '>=', $count = 1)
@@ -250,9 +239,8 @@ class Grammar
      *
      * Produces: (field=value)
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return string
      */
     public function compileEquals($field, $value)
@@ -265,9 +253,8 @@ class Grammar
      *
      * Produces: (!(field=value))
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return string
      */
     public function compileDoesNotEqual($field, $value)
@@ -282,9 +269,8 @@ class Grammar
      *
      * Produces: (!(field=value))
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return string
      */
     public function compileDoesNotEqualAlias($field, $value)
@@ -297,9 +283,8 @@ class Grammar
      *
      * Produces: (field>=value)
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return string
      */
     public function compileGreaterThanOrEquals($field, $value)
@@ -312,9 +297,8 @@ class Grammar
      *
      * Produces: (field<=value)
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return string
      */
     public function compileLessThanOrEquals($field, $value)
@@ -327,9 +311,8 @@ class Grammar
      *
      * Produces: (field~=value)
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return string
      */
     public function compileApproximatelyEquals($field, $value)
@@ -342,9 +325,8 @@ class Grammar
      *
      * Produces: (field=value*)
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return string
      */
     public function compileStartsWith($field, $value)
@@ -357,9 +339,8 @@ class Grammar
      *
      * Produces: (!(field=*value))
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return string
      */
     public function compileNotStartsWith($field, $value)
@@ -374,9 +355,8 @@ class Grammar
      *
      * Produces: (field=*value)
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return string
      */
     public function compileEndsWith($field, $value)
@@ -389,9 +369,8 @@ class Grammar
      *
      * Produces: (!(field=value*))
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return string
      */
     public function compileNotEndsWith($field, $value)
@@ -404,9 +383,8 @@ class Grammar
      *
      * Produces: (field=*value*)
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return string
      */
     public function compileContains($field, $value)
@@ -419,9 +397,8 @@ class Grammar
      *
      * Produces: (!(field=*value*))
      *
-     * @param string $field
-     * @param string $value
-     *
+     * @param  string  $field
+     * @param  string  $value
      * @return string
      */
     public function compileNotContains($field, $value)
@@ -436,8 +413,7 @@ class Grammar
      *
      * Produces: (field=*)
      *
-     * @param string $field
-     *
+     * @param  string  $field
      * @return string
      */
     public function compileHas($field)
@@ -450,8 +426,7 @@ class Grammar
      *
      * Produces: (!(field=*))
      *
-     * @param string $field
-     *
+     * @param  string  $field
      * @return string
      */
     public function compileNotHas($field)
@@ -466,8 +441,7 @@ class Grammar
      *
      * Produces: (&query)
      *
-     * @param string $query
-     *
+     * @param  string  $query
      * @return string
      */
     public function compileAnd($query)
@@ -480,8 +454,7 @@ class Grammar
      *
      * Produces: (|query)
      *
-     * @param string $query
-     *
+     * @param  string  $query
      * @return string
      */
     public function compileOr($query)
@@ -492,8 +465,7 @@ class Grammar
     /**
      * Wraps the inserted query inside an NOT operator.
      *
-     * @param string $query
-     *
+     * @param  string  $query
      * @return string
      */
     public function compileNot($query)
@@ -504,8 +476,7 @@ class Grammar
     /**
      * Assembles a single where query.
      *
-     * @param array $where
-     *
+     * @param  array  $where
      * @return string
      *
      * @throws UnexpectedValueException
@@ -520,8 +491,7 @@ class Grammar
     /**
      * Make the compile method name for the operator.
      *
-     * @param string $operator
-     *
+     * @param  string  $operator
      * @return string
      *
      * @throws UnexpectedValueException
@@ -538,8 +508,7 @@ class Grammar
     /**
      * Determine if the operator exists.
      *
-     * @param string $operator
-     *
+     * @param  string  $operator
      * @return bool
      */
     protected function operatorExists($operator)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/InteractsWithTime.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/InteractsWithTime.php
index 1562ec0a4..e8024c033 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/InteractsWithTime.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/InteractsWithTime.php
@@ -16,8 +16,7 @@ trait InteractsWithTime
     /**
      * Get the number of seconds until the given DateTime.
      *
-     * @param DateTimeInterface|DateInterval|int $delay
-     *
+     * @param  DateTimeInterface|DateInterval|int  $delay
      * @return int
      */
     protected function secondsUntil($delay)
@@ -32,8 +31,7 @@ trait InteractsWithTime
     /**
      * Get the "available at" UNIX timestamp.
      *
-     * @param DateTimeInterface|DateInterval|int $delay
-     *
+     * @param  DateTimeInterface|DateInterval|int  $delay
      * @return int
      */
     protected function availableAt($delay = 0)
@@ -48,8 +46,7 @@ trait InteractsWithTime
     /**
      * If the given value is an interval, convert it to a DateTime instance.
      *
-     * @param DateTimeInterface|DateInterval|int $delay
-     *
+     * @param  DateTimeInterface|DateInterval|int  $delay
      * @return DateTimeInterface|int
      */
     protected function parseDateInterval($delay)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Model/ActiveDirectoryBuilder.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Model/ActiveDirectoryBuilder.php
index c3911d80e..3b0e96f79 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Model/ActiveDirectoryBuilder.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Model/ActiveDirectoryBuilder.php
@@ -12,9 +12,8 @@ class ActiveDirectoryBuilder extends Builder
     /**
      * Finds a record by its Object SID.
      *
-     * @param string       $sid
-     * @param array|string $columns
-     *
+     * @param  string  $sid
+     * @param  array|string  $columns
      * @return \LdapRecord\Models\ActiveDirectory\Entry|static|null
      */
     public function findBySid($sid, $columns = [])
@@ -31,9 +30,8 @@ class ActiveDirectoryBuilder extends Builder
      *
      * Fails upon no records returned.
      *
-     * @param string       $sid
-     * @param array|string $columns
-     *
+     * @param  string  $sid
+     * @param  array|string  $columns
      * @return \LdapRecord\Models\ActiveDirectory\Entry|static
      *
      * @throws ModelNotFoundException
@@ -70,9 +68,8 @@ class ActiveDirectoryBuilder extends Builder
     /**
      * Adds a 'where member' filter to the current query.
      *
-     * @param string $dn
-     * @param bool   $nested
-     *
+     * @param  string  $dn
+     * @param  bool  $nested
      * @return $this
      */
     public function whereMember($dn, $nested = false)
@@ -85,9 +82,8 @@ class ActiveDirectoryBuilder extends Builder
     /**
      * Adds an 'or where member' filter to the current query.
      *
-     * @param string $dn
-     * @param bool   $nested
-     *
+     * @param  string  $dn
+     * @param  bool  $nested
      * @return $this
      */
     public function orWhereMember($dn, $nested = false)
@@ -100,9 +96,8 @@ class ActiveDirectoryBuilder extends Builder
     /**
      * Adds a 'where member of' filter to the current query.
      *
-     * @param string $dn
-     * @param bool   $nested
-     *
+     * @param  string  $dn
+     * @param  bool  $nested
      * @return $this
      */
     public function whereMemberOf($dn, $nested = false)
@@ -115,9 +110,8 @@ class ActiveDirectoryBuilder extends Builder
     /**
      * Adds a 'where not member of' filter to the current query.
      *
-     * @param string $dn
-     * @param bool   $nested
-     *
+     * @param  string  $dn
+     * @param  bool  $nested
      * @return $this
      */
     public function whereNotMemberof($dn, $nested = false)
@@ -130,9 +124,8 @@ class ActiveDirectoryBuilder extends Builder
     /**
      * Adds an 'or where member of' filter to the current query.
      *
-     * @param string $dn
-     * @param bool   $nested
-     *
+     * @param  string  $dn
+     * @param  bool  $nested
      * @return $this
      */
     public function orWhereMemberOf($dn, $nested = false)
@@ -145,9 +138,8 @@ class ActiveDirectoryBuilder extends Builder
     /**
      * Adds a 'or where not member of' filter to the current query.
      *
-     * @param string $dn
-     * @param bool   $nested
-     *
+     * @param  string  $dn
+     * @param  bool  $nested
      * @return $this
      */
     public function orWhereNotMemberof($dn, $nested = false)
@@ -160,9 +152,8 @@ class ActiveDirectoryBuilder extends Builder
     /**
      * Adds a 'where manager' filter to the current query.
      *
-     * @param string $dn
-     * @param bool   $nested
-     *
+     * @param  string  $dn
+     * @param  bool  $nested
      * @return $this
      */
     public function whereManager($dn, $nested = false)
@@ -175,9 +166,8 @@ class ActiveDirectoryBuilder extends Builder
     /**
      * Adds a 'where not manager' filter to the current query.
      *
-     * @param string $dn
-     * @param bool   $nested
-     *
+     * @param  string  $dn
+     * @param  bool  $nested
      * @return $this
      */
     public function whereNotManager($dn, $nested = false)
@@ -190,9 +180,8 @@ class ActiveDirectoryBuilder extends Builder
     /**
      * Adds an 'or where manager' filter to the current query.
      *
-     * @param string $dn
-     * @param bool   $nested
-     *
+     * @param  string  $dn
+     * @param  bool  $nested
      * @return $this
      */
     public function orWhereManager($dn, $nested = false)
@@ -205,9 +194,8 @@ class ActiveDirectoryBuilder extends Builder
     /**
      * Adds an 'or where not manager' filter to the current query.
      *
-     * @param string $dn
-     * @param bool   $nested
-     *
+     * @param  string  $dn
+     * @param  bool  $nested
      * @return $this
      */
     public function orWhereNotManager($dn, $nested = false)
@@ -220,10 +208,9 @@ class ActiveDirectoryBuilder extends Builder
     /**
      * Execute the callback with a nested match attribute.
      *
-     * @param Closure $callback
-     * @param string  $attribute
-     * @param bool    $nested
-     *
+     * @param  Closure  $callback
+     * @param  string  $attribute
+     * @param  bool  $nested
      * @return $this
      */
     protected function nestedMatchQuery(Closure $callback, $attribute, $nested = false)
@@ -236,8 +223,7 @@ class ActiveDirectoryBuilder extends Builder
     /**
      * Make a "nested match" filter attribute for querying descendants.
      *
-     * @param string $attribute
-     *
+     * @param  string  $attribute
      * @return string
      */
     protected function makeNestedMatchAttribute($attribute)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Model/Builder.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Model/Builder.php
index 234dd0ad7..a6886ea96 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Model/Builder.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Model/Builder.php
@@ -44,9 +44,8 @@ class Builder extends BaseBuilder
     /**
      * Dynamically handle calls into the query instance.
      *
-     * @param string $method
-     * @param array  $parameters
-     *
+     * @param  string  $method
+     * @param  array  $parameters
      * @return mixed
      */
     public function __call($method, $parameters)
@@ -61,9 +60,8 @@ class Builder extends BaseBuilder
     /**
      * Apply the given scope on the current builder instance.
      *
-     * @param callable $scope
-     * @param array    $parameters
-     *
+     * @param  callable  $scope
+     * @param  array  $parameters
      * @return mixed
      */
     protected function callScope(callable $scope, $parameters = [])
@@ -91,8 +89,7 @@ class Builder extends BaseBuilder
     /**
      * Set the model instance for the model being queried.
      *
-     * @param Model $model
-     *
+     * @param  Model  $model
      * @return $this
      */
     public function setModel(Model $model)
@@ -115,8 +112,7 @@ class Builder extends BaseBuilder
     /**
      * Get a new model query builder instance.
      *
-     * @param string|null $baseDn
-     *
+     * @param  string|null  $baseDn
      * @return static
      */
     public function newInstance($baseDn = null)
@@ -127,9 +123,8 @@ class Builder extends BaseBuilder
     /**
      * Finds a model by its distinguished name.
      *
-     * @param array|string          $dn
-     * @param array|string|string[] $columns
-     *
+     * @param  array|string  $dn
+     * @param  array|string|string[]  $columns
      * @return Model|\LdapRecord\Query\Collection|static|null
      */
     public function find($dn, $columns = ['*'])
@@ -142,9 +137,8 @@ class Builder extends BaseBuilder
     /**
      * Finds a record using ambiguous name resolution.
      *
-     * @param string|array $value
-     * @param array|string $columns
-     *
+     * @param  string|array  $value
+     * @param  array|string  $columns
      * @return Model|\LdapRecord\Query\Collection|static|null
      */
     public function findByAnr($value, $columns = ['*'])
@@ -178,9 +172,8 @@ class Builder extends BaseBuilder
      *
      * If a record is not found, an exception is thrown.
      *
-     * @param string       $value
-     * @param array|string $columns
-     *
+     * @param  string  $value
+     * @param  array|string  $columns
      * @return Model
      *
      * @throws ModelNotFoundException
@@ -197,8 +190,8 @@ class Builder extends BaseBuilder
     /**
      * Throws a not found exception.
      *
-     * @param string $query
-     * @param string $dn
+     * @param  string  $query
+     * @param  string  $dn
      *
      * @throws ModelNotFoundException
      */
@@ -210,9 +203,8 @@ class Builder extends BaseBuilder
     /**
      * Finds multiple records using ambiguous name resolution.
      *
-     * @param array $values
-     * @param array $columns
-     *
+     * @param  array  $values
+     * @param  array  $columns
      * @return \LdapRecord\Query\Collection
      */
     public function findManyByAnr(array $values = [], $columns = ['*'])
@@ -233,8 +225,7 @@ class Builder extends BaseBuilder
     /**
      * Creates an ANR equivalent query for LDAP distributions that do not support ANR.
      *
-     * @param string $value
-     *
+     * @param  string  $value
      * @return $this
      */
     protected function prepareAnrEquivalentQuery($value)
@@ -249,9 +240,8 @@ class Builder extends BaseBuilder
     /**
      * Finds a record by its string GUID.
      *
-     * @param string       $guid
-     * @param array|string $columns
-     *
+     * @param  string  $guid
+     * @param  array|string  $columns
      * @return Model|static|null
      */
     public function findByGuid($guid, $columns = ['*'])
@@ -268,9 +258,8 @@ class Builder extends BaseBuilder
      *
      * Fails upon no records returned.
      *
-     * @param string       $guid
-     * @param array|string $columns
-     *
+     * @param  string  $guid
+     * @param  array|string  $columns
      * @return Model|static
      *
      * @throws ModelNotFoundException
@@ -299,8 +288,7 @@ class Builder extends BaseBuilder
     /**
      * Apply the query scopes and execute the callback.
      *
-     * @param Closure $callback
-     *
+     * @param  Closure  $callback
      * @return mixed
      */
     protected function afterScopes(Closure $callback)
@@ -339,9 +327,8 @@ class Builder extends BaseBuilder
     /**
      * Register a new global scope.
      *
-     * @param string         $identifier
-     * @param Scope|\Closure $scope
-     *
+     * @param  string  $identifier
+     * @param  Scope|\Closure  $scope
      * @return $this
      */
     public function withGlobalScope($identifier, $scope)
@@ -354,8 +341,7 @@ class Builder extends BaseBuilder
     /**
      * Remove a registered global scope.
      *
-     * @param Scope|string $scope
-     *
+     * @param  Scope|string  $scope
      * @return $this
      */
     public function withoutGlobalScope($scope)
@@ -374,8 +360,7 @@ class Builder extends BaseBuilder
     /**
      * Remove all or passed registered global scopes.
      *
-     * @param array|null $scopes
-     *
+     * @param  array|null  $scopes
      * @return $this
      */
     public function withoutGlobalScopes(array $scopes = null)
@@ -414,8 +399,7 @@ class Builder extends BaseBuilder
     /**
      * Processes and converts the given LDAP results into models.
      *
-     * @param array $results
-     *
+     * @param  array  $results
      * @return \LdapRecord\Query\Collection
      */
     protected function process(array $results)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/ObjectNotFoundException.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/ObjectNotFoundException.php
index c22563cfa..99c2e85e3 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/ObjectNotFoundException.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/ObjectNotFoundException.php
@@ -23,9 +23,8 @@ class ObjectNotFoundException extends LdapRecordException
     /**
      * Create a new exception for the executed filter.
      *
-     * @param string  $query
-     * @param ?string $baseDn
-     *
+     * @param  string  $query
+     * @param  ?string  $baseDn
      * @return static
      */
     public static function forQuery($query, $baseDn = null)
@@ -36,9 +35,8 @@ class ObjectNotFoundException extends LdapRecordException
     /**
      * Set the query that was used.
      *
-     * @param string      $query
-     * @param string|null $baseDn
-     *
+     * @param  string  $query
+     * @param  string|null  $baseDn
      * @return $this
      */
     public function setQuery($query, $baseDn = null)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Pagination/AbstractPaginator.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Pagination/AbstractPaginator.php
index e2b048242..11e2dc547 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Pagination/AbstractPaginator.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Pagination/AbstractPaginator.php
@@ -38,7 +38,7 @@ abstract class AbstractPaginator
     /**
      * Constructor.
      *
-     * @param Builder $query
+     * @param  Builder  $query
      */
     public function __construct(Builder $query, $filter, $perPage, $isCritical)
     {
@@ -51,8 +51,7 @@ abstract class AbstractPaginator
     /**
      * Execute the pagination request.
      *
-     * @param LdapInterface $ldap
-     *
+     * @param  LdapInterface  $ldap
      * @return array
      */
     public function execute(LdapInterface $ldap)
@@ -107,8 +106,7 @@ abstract class AbstractPaginator
     /**
      * Apply the server controls.
      *
-     * @param LdapInterface $ldap
-     *
+     * @param  LdapInterface  $ldap
      * @return void
      */
     abstract protected function applyServerControls(LdapInterface $ldap);
@@ -116,8 +114,7 @@ abstract class AbstractPaginator
     /**
      * Reset the server controls.
      *
-     * @param LdapInterface $ldap
-     *
+     * @param  LdapInterface  $ldap
      * @return void
      */
     abstract protected function resetServerControls(LdapInterface $ldap);
@@ -125,9 +122,8 @@ abstract class AbstractPaginator
     /**
      * Update the server controls.
      *
-     * @param LdapInterface $ldap
-     * @param resource      $resource
-     *
+     * @param  LdapInterface  $ldap
+     * @param  resource  $resource
      * @return void
      */
     abstract protected function updateServerControls(LdapInterface $ldap, $resource);
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Pagination/LazyPaginator.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Pagination/LazyPaginator.php
index b9df77e4e..8b12d526c 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Pagination/LazyPaginator.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Pagination/LazyPaginator.php
@@ -9,8 +9,7 @@ class LazyPaginator extends Paginator
     /**
      * Execute the pagination request.
      *
-     * @param LdapInterface $ldap
-     *
+     * @param  LdapInterface  $ldap
      * @return \Generator
      */
     public function execute(LdapInterface $ldap)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Slice.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Slice.php
new file mode 100644
index 000000000..12faa5bd1
--- /dev/null
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Query/Slice.php
@@ -0,0 +1,283 @@
+<?php
+
+namespace LdapRecord\Query;
+
+use ArrayAccess;
+use ArrayIterator;
+use IteratorAggregate;
+use JsonSerializable;
+
+class Slice implements ArrayAccess, IteratorAggregate, JsonSerializable
+{
+    /**
+     * All of the items being paginated.
+     *
+     * @var \LdapRecord\Query\Collection|array
+     */
+    protected $items;
+
+    /**
+     * The number of items to be shown per page.
+     *
+     * @var int
+     */
+    protected $perPage;
+
+    /**
+     * The total number of items before slicing.
+     *
+     * @var int
+     */
+    protected $total;
+
+    /**
+     * The last available page.
+     *
+     * @var int
+     */
+    protected $lastPage;
+
+    /**
+     * The current page being "viewed".
+     *
+     * @var int
+     */
+    protected $currentPage;
+
+    /**
+     * Constructor.
+     *
+     * @param  \LdapRecord\Query\Collection|array  $items
+     * @param  int  $total
+     * @param  int  $perPage
+     * @param  int|null  $currentPage
+     */
+    public function __construct($items, $total, $perPage, $currentPage = null)
+    {
+        $this->items = $items;
+        $this->total = $total;
+        $this->perPage = $perPage;
+        $this->lastPage = max((int) ceil($total / $perPage), 1);
+        $this->currentPage = $currentPage ?? 1;
+    }
+
+    /**
+     * Get the slice of items being paginated.
+     *
+     * @return \LdapRecord\Query\Collection|array
+     */
+    public function items()
+    {
+        return $this->items;
+    }
+
+    /**
+     * Get the total number of items being paginated.
+     *
+     * @return int
+     */
+    public function total()
+    {
+        return $this->total;
+    }
+
+    /**
+     * Get the number of items shown per page.
+     *
+     * @return int
+     */
+    public function perPage()
+    {
+        return $this->perPage;
+    }
+
+    /**
+     * Determine if there are more items in the data source.
+     *
+     * @return bool
+     */
+    public function hasMorePages()
+    {
+        return $this->currentPage() < $this->lastPage();
+    }
+
+    /**
+     * Determine if there are enough items to split into multiple pages.
+     *
+     * @return bool
+     */
+    public function hasPages()
+    {
+        return $this->currentPage() != 1 || $this->hasMorePages();
+    }
+
+    /**
+     * Determine if the paginator is on the first page.
+     *
+     * @return bool
+     */
+    public function onFirstPage()
+    {
+        return $this->currentPage() <= 1;
+    }
+
+    /**
+     * Determine if the paginator is on the last page.
+     *
+     * @return bool
+     */
+    public function onLastPage()
+    {
+        return ! $this->hasMorePages();
+    }
+
+    /**
+     * Get the current page.
+     *
+     * @return int
+     */
+    public function currentPage()
+    {
+        return $this->currentPage;
+    }
+
+    /**
+     * Get the last page.
+     *
+     * @return int
+     */
+    public function lastPage()
+    {
+        return $this->lastPage;
+    }
+
+    /**
+     * Get an iterator for the items.
+     *
+     * @return \ArrayIterator
+     */
+    #[\ReturnTypeWillChange]
+    public function getIterator()
+    {
+        return new ArrayIterator($this->items);
+    }
+
+    /**
+     * Determine if the list of items is empty.
+     *
+     * @return bool
+     */
+    public function isEmpty()
+    {
+        return empty($this->items);
+    }
+
+    /**
+     * Determine if the list of items is not empty.
+     *
+     * @return bool
+     */
+    public function isNotEmpty()
+    {
+        return ! $this->isEmpty();
+    }
+
+    /**
+     * Get the number of items for the current page.
+     *
+     * @return int
+     */
+    #[\ReturnTypeWillChange]
+    public function count()
+    {
+        return count($this->items);
+    }
+
+    /**
+     * Determine if the given item exists.
+     *
+     * @param  mixed  $key
+     * @return bool
+     */
+    #[\ReturnTypeWillChange]
+    public function offsetExists($key)
+    {
+        return array_key_exists($key, $this->items);
+    }
+
+    /**
+     * Get the item at the given offset.
+     *
+     * @param  mixed  $key
+     * @return mixed
+     */
+    #[\ReturnTypeWillChange]
+    public function offsetGet($key)
+    {
+        return $this->items[$key] ?? null;
+    }
+
+    /**
+     * Set the item at the given offset.
+     *
+     * @param  mixed  $key
+     * @param  mixed  $value
+     * @return void
+     */
+    #[\ReturnTypeWillChange]
+    public function offsetSet($key, $value)
+    {
+        $this->items[$key] = $value;
+    }
+
+    /**
+     * Unset the item at the given key.
+     *
+     * @param  mixed  $key
+     * @return void
+     */
+    #[\ReturnTypeWillChange]
+    public function offsetUnset($key)
+    {
+        unset($this->items[$key]);
+    }
+
+    /**
+     * Convert the object into something JSON serializable.
+     *
+     * @return array
+     */
+    #[\ReturnTypeWillChange]
+    public function jsonSerialize()
+    {
+        return $this->toArray();
+    }
+
+    /**
+     * Get the arrayable items.
+     *
+     * @return array
+     */
+    public function getArrayableItems()
+    {
+        return $this->items instanceof Collection
+            ? $this->items->all()
+            : $this->items;
+    }
+
+    /**
+     * Get the instance as an array.
+     *
+     * @return array
+     */
+    public function toArray()
+    {
+        return [
+            'current_page' => $this->currentPage(),
+            'data' => $this->getArrayableItems(),
+            'last_page' => $this->lastPage(),
+            'per_page' => $this->perPage(),
+            'total' => $this->total(),
+        ];
+    }
+}
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Support/Arr.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Support/Arr.php
index 8fa87a2b3..7475859ae 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Support/Arr.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Support/Arr.php
@@ -9,8 +9,7 @@ class Arr
     /**
      * Determine whether the given value is array accessible.
      *
-     * @param mixed $value
-     *
+     * @param  mixed  $value
      * @return bool
      */
     public static function accessible($value)
@@ -21,9 +20,8 @@ class Arr
     /**
      * Determine if the given key exists in the provided array.
      *
-     * @param \ArrayAccess|array $array
-     * @param string|int         $key
-     *
+     * @param  \ArrayAccess|array  $array
+     * @param  string|int  $key
      * @return bool
      */
     public static function exists($array, $key)
@@ -38,8 +36,7 @@ class Arr
     /**
      * If the given value is not an array and not null, wrap it in one.
      *
-     * @param mixed $value
-     *
+     * @param  mixed  $value
      * @return array
      */
     public static function wrap($value)
@@ -54,10 +51,9 @@ class Arr
     /**
      * Return the first element in an array passing a given truth test.
      *
-     * @param iterable      $array
-     * @param callable|null $callback
-     * @param mixed         $default
-     *
+     * @param  iterable  $array
+     * @param  callable|null  $callback
+     * @param  mixed  $default
      * @return mixed
      */
     public static function first($array, callable $callback = null, $default = null)
@@ -84,10 +80,9 @@ class Arr
     /**
      * Return the last element in an array passing a given truth test.
      *
-     * @param array         $array
-     * @param callable|null $callback
-     * @param mixed         $default
-     *
+     * @param  array  $array
+     * @param  callable|null  $callback
+     * @param  mixed  $default
      * @return mixed
      */
     public static function last($array, callable $callback = null, $default = null)
@@ -102,10 +97,9 @@ class Arr
     /**
      * Get an item from an array using "dot" notation.
      *
-     * @param ArrayAccess|array $array
-     * @param string|int|null   $key
-     * @param mixed             $default
-     *
+     * @param  ArrayAccess|array  $array
+     * @param  string|int|null  $key
+     * @param  mixed  $default
      * @return mixed
      */
     public static function get($array, $key, $default = null)
@@ -122,7 +116,7 @@ class Arr
             return $array[$key];
         }
 
-        if (strpos($key, '.') === false) {
+        if (str_contains($key, '.')) {
             return $array[$key] ?? Helpers::value($default);
         }
 
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Support/Helpers.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Support/Helpers.php
index a55d1d22a..ab217d6ff 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Support/Helpers.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Support/Helpers.php
@@ -9,12 +9,12 @@ class Helpers
     /**
      * Return the default value of the given value.
      *
-     * @param mixed $value
-     *
+     * @param  mixed  $value
+     * @param  mixed  $args
      * @return mixed
      */
-    public static function value($value)
+    public static function value($value, ...$args)
     {
-        return $value instanceof Closure ? $value() : $value;
+        return $value instanceof Closure ? $value(...$args) : $value;
     }
 }
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Support/Str.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Support/Str.php
new file mode 100644
index 000000000..820834e21
--- /dev/null
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Support/Str.php
@@ -0,0 +1,129 @@
+<?php
+
+namespace LdapRecord\Support;
+
+class Str
+{
+    /**
+     * Return the remainder of a string after the last occurrence of a given value.
+     *
+     * @param  string  $subject
+     * @param  string  $search
+     * @return string
+     */
+    public static function afterLast($subject, $search)
+    {
+        if ($search === '') {
+            return $subject;
+        }
+
+        $position = strrpos($subject, (string) $search);
+
+        if ($position === false) {
+            return $subject;
+        }
+
+        return substr($subject, $position + strlen($search));
+    }
+
+    /**
+     * Determine if a given string starts with a given substring.
+     *
+     * @param  string  $haystack
+     * @param  string|string[]  $needles
+     * @return bool
+     */
+    public static function startsWith($haystack, $needles)
+    {
+        foreach ((array) $needles as $needle) {
+            if ((string) $needle !== '' && str_starts_with($haystack, $needle)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Determine if a given string ends with a given substring.
+     *
+     * @param  string  $haystack
+     * @param  string|string[]  $needles
+     * @return bool
+     */
+    public static function endsWith($haystack, $needles)
+    {
+        foreach ((array) $needles as $needle) {
+            if (
+                $needle !== '' && $needle !== null
+                && str_ends_with($haystack, $needle)
+            ) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Execute a callback when a needle is found in the haystack.
+     *
+     * @param  string  $haystack
+     * @param  string|string[]  $needles
+     * @param  \Closure|mixed  $callback
+     * @param  \Closure|mixed  $default
+     * @return mixed
+     */
+    public static function whenContains($haystack, $needles, $callback, $default = null)
+    {
+        foreach ((array) $needles as $needle) {
+            if (static::contains($haystack, $needle)) {
+                return Helpers::value($callback, $needle, $haystack);
+            }
+        }
+
+        return Helpers::value($default, $haystack);
+    }
+
+    /**
+     * Determine if a given string contains a given substring.
+     *
+     * @param  string  $haystack
+     * @param  string|string[]  $needles
+     * @param  bool  $ignoreCase
+     * @return bool
+     */
+    public static function contains($haystack, $needles, $ignoreCase = false)
+    {
+        if ($ignoreCase) {
+            $haystack = mb_strtolower($haystack);
+            $needles = array_map('mb_strtolower', (array) $needles);
+        }
+
+        foreach ((array) $needles as $needle) {
+            if ($needle !== '' && str_contains((string) $haystack, $needle)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Returns the number of substring occurrences.
+     *
+     * @param  string  $haystack
+     * @param  string  $needle
+     * @param  int  $offset
+     * @param  int|null  $length
+     * @return int
+     */
+    public static function substrCount($haystack, $needle, $offset = 0, $length = null)
+    {
+        if (! is_null($length)) {
+            return substr_count($haystack, $needle, $offset, $length);
+        } else {
+            return substr_count($haystack, $needle, $offset);
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Testing/ConnectionFake.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Testing/ConnectionFake.php
index 0aa12a1e3..09530f5c7 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Testing/ConnectionFake.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Testing/ConnectionFake.php
@@ -25,9 +25,8 @@ class ConnectionFake extends Connection
     /**
      * Make a new fake LDAP connection instance.
      *
-     * @param array  $config
-     * @param string $ldap
-     *
+     * @param  array  $config
+     * @param  string  $ldap
      * @return static
      */
     public static function make(array $config = [], $ldap = LdapFake::class)
@@ -42,8 +41,7 @@ class ConnectionFake extends Connection
     /**
      * Set the user to authenticate as.
      *
-     * @param Model|string $user
-     *
+     * @param  Model|string  $user
      * @return $this
      */
     public function actingAs($user)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Testing/DirectoryFake.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Testing/DirectoryFake.php
index 9d50dcdfa..72be02af3 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Testing/DirectoryFake.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Testing/DirectoryFake.php
@@ -9,8 +9,7 @@ class DirectoryFake
     /**
      * Setup the fake connection.
      *
-     * @param string|null $name
-     *
+     * @param  string|null  $name
      * @return ConnectionFake
      *
      * @throws \LdapRecord\ContainerException
@@ -42,8 +41,7 @@ class DirectoryFake
     /**
      * Make a connection fake.
      *
-     * @param array $config
-     *
+     * @param  array  $config
      * @return ConnectionFake
      */
     public static function makeConnectionFake(array $config = [])
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Testing/LdapExpectation.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Testing/LdapExpectation.php
index 90a5fa2ed..693459149 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Testing/LdapExpectation.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Testing/LdapExpectation.php
@@ -2,7 +2,9 @@
 
 namespace LdapRecord\Testing;
 
+use Closure;
 use LdapRecord\LdapRecordException;
+use PHPUnit\Framework\Constraint\Callback;
 use PHPUnit\Framework\Constraint\Constraint;
 use PHPUnit\Framework\Constraint\IsEqual;
 use UnexpectedValueException;
@@ -82,7 +84,7 @@ class LdapExpectation
     /**
      * Constructor.
      *
-     * @param string $method
+     * @param  string  $method
      */
     public function __construct($method)
     {
@@ -92,21 +94,22 @@ class LdapExpectation
     /**
      * Set the arguments that the operation should receive.
      *
-     * @param mixed $args
-     *
+     * @param  mixed  $args
      * @return $this
      */
     public function with($args)
     {
-        $args = is_array($args) ? $args : func_get_args();
-
-        foreach ($args as $key => $arg) {
-            if (! $arg instanceof Constraint) {
-                $args[$key] = new IsEqual($arg);
+        $this->args = array_map(function ($arg) {
+            if ($arg instanceof Closure) {
+                return new Callback($arg);
             }
-        }
 
-        $this->args = $args;
+            if (! $arg instanceof Constraint) {
+                return new IsEqual($arg);
+            }
+
+            return $arg;
+        }, is_array($args) ? $args : func_get_args());
 
         return $this;
     }
@@ -114,8 +117,7 @@ class LdapExpectation
     /**
      * Set the expected value to return.
      *
-     * @param mixed $value
-     *
+     * @param  mixed  $value
      * @return $this
      */
     public function andReturn($value)
@@ -128,10 +130,9 @@ class LdapExpectation
     /**
      * The error message to return from the expectation.
      *
-     * @param int    $code
-     * @param string $error
-     * @param string $diagnosticMessage
-     *
+     * @param  int  $code
+     * @param  string  $error
+     * @param  string  $diagnosticMessage
      * @return $this
      */
     public function andReturnError($code = 1, $error = '', $diagnosticMessage = '')
@@ -148,8 +149,7 @@ class LdapExpectation
     /**
      * Set the expected exception to throw.
      *
-     * @param string|\Exception|LdapRecordException $exception
-     *
+     * @param  string|\Exception|LdapRecordException  $exception
      * @return $this
      */
     public function andThrow($exception)
@@ -186,8 +186,7 @@ class LdapExpectation
     /**
      * Set the expectation to be called the given number of times.
      *
-     * @param int $count
-     *
+     * @param  int  $count
      * @return $this
      */
     public function times($count = 1)
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Testing/LdapFake.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Testing/LdapFake.php
index 00470e14a..5a0003549 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Testing/LdapFake.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Testing/LdapFake.php
@@ -47,8 +47,7 @@ class LdapFake implements LdapInterface
     /**
      * Create a new expected operation.
      *
-     * @param string $method
-     *
+     * @param  string  $method
      * @return LdapExpectation
      */
     public static function operation($method)
@@ -59,8 +58,7 @@ class LdapFake implements LdapInterface
     /**
      * Set the user that will pass binding.
      *
-     * @param string $dn
-     *
+     * @param  string  $dn
      * @return $this
      */
     public function shouldAuthenticateWith($dn)
@@ -73,8 +71,7 @@ class LdapFake implements LdapInterface
     /**
      * Add an LDAP method expectation.
      *
-     * @param LdapExpectation|array $expectations
-     *
+     * @param  LdapExpectation|array  $expectations
      * @return $this
      */
     public function expect($expectations = [])
@@ -105,8 +102,7 @@ class LdapFake implements LdapInterface
     /**
      * Determine if the method has any expectations.
      *
-     * @param string $method
-     *
+     * @param  string  $method
      * @return bool
      */
     public function hasExpectations($method)
@@ -117,8 +113,7 @@ class LdapFake implements LdapInterface
     /**
      * Get expectations by method.
      *
-     * @param string $method
-     *
+     * @param  string  $method
      * @return LdapExpectation[]|mixed
      */
     public function getExpectations($method)
@@ -129,9 +124,8 @@ class LdapFake implements LdapInterface
     /**
      * Remove an expectation by method and key.
      *
-     * @param string $method
-     * @param int    $key
-     *
+     * @param  string  $method
+     * @param  int  $key
      * @return void
      */
     public function removeExpectation($method, $key)
@@ -142,8 +136,7 @@ class LdapFake implements LdapInterface
     /**
      * Set the error number of a failed bind attempt.
      *
-     * @param int $number
-     *
+     * @param  int  $number
      * @return $this
      */
     public function shouldReturnErrorNumber($number = 1)
@@ -156,8 +149,7 @@ class LdapFake implements LdapInterface
     /**
      * Set the last error of a failed bind attempt.
      *
-     * @param string $message
-     *
+     * @param  string  $message
      * @return $this
      */
     public function shouldReturnError($message = '')
@@ -170,8 +162,7 @@ class LdapFake implements LdapInterface
     /**
      * Set the diagnostic message of a failed bind attempt.
      *
-     * @param string $message
-     *
+     * @param  string  $message
      * @return $this
      */
     public function shouldReturnDiagnosticMessage($message = '')
@@ -261,6 +252,16 @@ class LdapFake implements LdapInterface
             : $this->bound;
     }
 
+    /**
+     * @inheritdoc
+     */
+    public function getHost()
+    {
+        return $this->hasExpectations('getHost')
+            ? $this->resolveExpectation('getHost')
+            : $this->host;
+    }
+
     /**
      * @inheritdoc
      */
@@ -454,9 +455,8 @@ class LdapFake implements LdapInterface
     /**
      * Resolve the methods expectations.
      *
-     * @param string $method
-     * @param array  $args
-     *
+     * @param  string  $method
+     * @param  array  $args
      * @return mixed
      *
      * @throws Exception
@@ -489,8 +489,7 @@ class LdapFake implements LdapInterface
     /**
      * Apply the expectation error to the fake.
      *
-     * @param LdapExpectation $expectation
-     *
+     * @param  LdapExpectation  $expectation
      * @return void
      */
     protected function applyExpectationError(LdapExpectation $expectation)
@@ -503,10 +502,9 @@ class LdapFake implements LdapInterface
     /**
      * Assert that the expected arguments match the operations arguments.
      *
-     * @param string       $method
-     * @param Constraint[] $expectedArgs
-     * @param array        $methodArgs
-     *
+     * @param  string  $method
+     * @param  Constraint[]  $expectedArgs
+     * @param  array  $methodArgs
      * @return void
      */
     protected function assertMethodArgumentsMatch($method, array $expectedArgs = [], array $methodArgs = [])
diff --git a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Utilities.php b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Utilities.php
index 01d55c797..c4f5190d8 100644
--- a/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Utilities.php
+++ b/data/web/inc/lib/vendor/directorytree/ldaprecord/src/Utilities.php
@@ -10,14 +10,13 @@ class Utilities
      * This will also decode hex characters into their true
      * UTF-8 representation embedded inside the DN as well.
      *
-     * @param string $dn
-     * @param bool   $removeAttributePrefixes
-     *
+     * @param  string  $dn
+     * @param  bool  $removeAttributePrefixes
      * @return array|false
      */
     public static function explodeDn($dn, $removeAttributePrefixes = true)
     {
-        $dn = ldap_explode_dn($dn, ($removeAttributePrefixes ? 1 : 0));
+        $dn = ldap_explode_dn($dn, $removeAttributePrefixes ? 1 : 0);
 
         if (! is_array($dn)) {
             return false;
@@ -39,8 +38,7 @@ class Utilities
     /**
      * Un-escapes a hexadecimal string into its original string representation.
      *
-     * @param string $value
-     *
+     * @param  string  $value
      * @return string
      */
     public static function unescape($value)
@@ -58,8 +56,7 @@ class Utilities
      * @see https://github.com/ChadSikorra
      * @see https://stackoverflow.com/questions/39533560/php-ldap-get-user-sid
      *
-     * @param string $value The Binary SID
-     *
+     * @param  string  $value  The Binary SID
      * @return string|null
      */
     public static function binarySidToString($value)
@@ -106,8 +103,7 @@ class Utilities
     /**
      * Convert a binary GUID to a string GUID.
      *
-     * @param string $binGuid
-     *
+     * @param  string  $binGuid
      * @return string|null
      */
     public static function binaryGuidToString($binGuid)
@@ -130,8 +126,7 @@ class Utilities
     /**
      * Converts a string GUID to it's hex variant.
      *
-     * @param string $string
-     *
+     * @param  string  $string
      * @return string
      */
     public static function stringGuidToHex($string)
@@ -149,21 +144,19 @@ class Utilities
      * Round a Windows timestamp down to seconds and remove
      * the seconds between 1601-01-01 and 1970-01-01.
      *
-     * @param float $windowsTime
-     *
-     * @return float
+     * @param  int  $windowsTime
+     * @return int
      */
     public static function convertWindowsTimeToUnixTime($windowsTime)
     {
-        return round($windowsTime / 10000000) - 11644473600;
+        return (int) (round($windowsTime / 10000000) - 11644473600);
     }
 
     /**
      * Convert a Unix timestamp to Windows timestamp.
      *
-     * @param float $unixTime
-     *
-     * @return float
+     * @param  int  $unixTime
+     * @return int
      */
     public static function convertUnixTimeToWindowsTime($unixTime)
     {
@@ -173,8 +166,7 @@ class Utilities
     /**
      * Validates that the inserted string is an object SID.
      *
-     * @param string $sid
-     *
+     * @param  string  $sid
      * @return bool
      */
     public static function isValidSid($sid)
@@ -185,8 +177,7 @@ class Utilities
     /**
      * Validates that the inserted string is an object GUID.
      *
-     * @param string $guid
-     *
+     * @param  string  $guid
      * @return bool
      */
     public static function isValidGuid($guid)
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Auth/Access/Gate.php b/data/web/inc/lib/vendor/illuminate/contracts/Auth/Access/Gate.php
index b88ab1796..eb605d827 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Auth/Access/Gate.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Auth/Access/Gate.php
@@ -57,18 +57,18 @@ interface Gate
     public function after(callable $callback);
 
     /**
-     * Determine if the given ability should be granted for the current user.
+     * Determine if all of the given abilities should be granted for the current user.
      *
-     * @param  string  $ability
+     * @param  iterable|string  $ability
      * @param  array|mixed  $arguments
      * @return bool
      */
     public function allows($ability, $arguments = []);
 
     /**
-     * Determine if the given ability should be denied for the current user.
+     * Determine if any of the given abilities should be denied for the current user.
      *
-     * @param  string  $ability
+     * @param  iterable|string  $ability
      * @param  array|mixed  $arguments
      * @return bool
      */
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Broadcasting/ShouldBeUnique.php b/data/web/inc/lib/vendor/illuminate/contracts/Broadcasting/ShouldBeUnique.php
new file mode 100644
index 000000000..c72b7a800
--- /dev/null
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Broadcasting/ShouldBeUnique.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace Illuminate\Contracts\Broadcasting;
+
+interface ShouldBeUnique
+{
+    //
+}
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Cache/Repository.php b/data/web/inc/lib/vendor/illuminate/contracts/Cache/Repository.php
index 5b78af57e..4bc4638e4 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Cache/Repository.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Cache/Repository.php
@@ -10,9 +10,11 @@ interface Repository extends CacheInterface
     /**
      * Retrieve an item from the cache and delete it.
      *
-     * @param  string  $key
-     * @param  mixed  $default
-     * @return mixed
+     * @template TCacheValue
+     *
+     * @param  array|string  $key
+     * @param  TCacheValue|(\Closure(): TCacheValue)  $default
+     * @return (TCacheValue is null ? mixed : TCacheValue)
      */
     public function pull($key, $default = null);
 
@@ -66,28 +68,34 @@ interface Repository extends CacheInterface
     /**
      * Get an item from the cache, or execute the given Closure and store the result.
      *
+     * @template TCacheValue
+     *
      * @param  string  $key
-     * @param  \DateTimeInterface|\DateInterval|int|null  $ttl
-     * @param  \Closure  $callback
-     * @return mixed
+     * @param  \DateTimeInterface|\DateInterval|\Closure|int|null  $ttl
+     * @param  \Closure(): TCacheValue  $callback
+     * @return TCacheValue
      */
     public function remember($key, $ttl, Closure $callback);
 
     /**
      * Get an item from the cache, or execute the given Closure and store the result forever.
      *
+     * @template TCacheValue
+     *
      * @param  string  $key
-     * @param  \Closure  $callback
-     * @return mixed
+     * @param  \Closure(): TCacheValue  $callback
+     * @return TCacheValue
      */
     public function sear($key, Closure $callback);
 
     /**
      * Get an item from the cache, or execute the given Closure and store the result forever.
      *
+     * @template TCacheValue
+     *
      * @param  string  $key
-     * @param  \Closure  $callback
-     * @return mixed
+     * @param  \Closure(): TCacheValue  $callback
+     * @return TCacheValue
      */
     public function rememberForever($key, Closure $callback);
 
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Console/Isolatable.php b/data/web/inc/lib/vendor/illuminate/contracts/Console/Isolatable.php
new file mode 100644
index 000000000..d652be3b8
--- /dev/null
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Console/Isolatable.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace Illuminate\Contracts\Console;
+
+interface Isolatable
+{
+    //
+}
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Console/PromptsForMissingInput.php b/data/web/inc/lib/vendor/illuminate/contracts/Console/PromptsForMissingInput.php
new file mode 100644
index 000000000..ccac1edac
--- /dev/null
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Console/PromptsForMissingInput.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace Illuminate\Contracts\Console;
+
+interface PromptsForMissingInput
+{
+    //
+}
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Container/Container.php b/data/web/inc/lib/vendor/illuminate/contracts/Container/Container.php
index 7d7f2c96a..1472a2e5f 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Container/Container.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Container/Container.php
@@ -53,6 +53,15 @@ interface Container extends ContainerInterface
      */
     public function bind($abstract, $concrete = null, $shared = false);
 
+    /**
+     * Bind a callback to resolve with Container::call.
+     *
+     * @param  array|string  $method
+     * @param  \Closure  $callback
+     * @return void
+     */
+    public function bindMethod($method, $callback);
+
     /**
      * Register a binding if it hasn't already been registered.
      *
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Container/ContextualBindingBuilder.php b/data/web/inc/lib/vendor/illuminate/contracts/Container/ContextualBindingBuilder.php
index 1fc7fc159..1d84ef8c7 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Container/ContextualBindingBuilder.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Container/ContextualBindingBuilder.php
@@ -32,7 +32,7 @@ interface ContextualBindingBuilder
      * Specify the configuration item to bind as a primitive.
      *
      * @param  string  $key
-     * @param  ?string  $default
+     * @param  mixed  $default
      * @return void
      */
     public function giveConfig($key, $default = null);
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Cookie/QueueingFactory.php b/data/web/inc/lib/vendor/illuminate/contracts/Cookie/QueueingFactory.php
index d6c74b8f9..2d5f51acd 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Cookie/QueueingFactory.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Cookie/QueueingFactory.php
@@ -7,7 +7,7 @@ interface QueueingFactory extends Factory
     /**
      * Queue a cookie to send with the next response.
      *
-     * @param  array  $parameters
+     * @param  mixed  ...$parameters
      * @return void
      */
     public function queue(...$parameters);
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Database/Eloquent/Castable.php b/data/web/inc/lib/vendor/illuminate/contracts/Database/Eloquent/Castable.php
index 911b1cf86..776d4fc3c 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Database/Eloquent/Castable.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Database/Eloquent/Castable.php
@@ -8,8 +8,7 @@ interface Castable
      * Get the name of the caster class to use when casting from / to this cast target.
      *
      * @param  array  $arguments
-     * @return string
-     * @return string|\Illuminate\Contracts\Database\Eloquent\CastsAttributes|\Illuminate\Contracts\Database\Eloquent\CastsInboundAttributes
+     * @return class-string<CastsAttributes|CastsInboundAttributes>|CastsAttributes|CastsInboundAttributes
      */
     public static function castUsing(array $arguments);
 }
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Database/Eloquent/CastsAttributes.php b/data/web/inc/lib/vendor/illuminate/contracts/Database/Eloquent/CastsAttributes.php
index 808d005f5..89cec66a7 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Database/Eloquent/CastsAttributes.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Database/Eloquent/CastsAttributes.php
@@ -2,6 +2,12 @@
 
 namespace Illuminate\Contracts\Database\Eloquent;
 
+use Illuminate\Database\Eloquent\Model;
+
+/**
+ * @template TGet
+ * @template TSet
+ */
 interface CastsAttributes
 {
     /**
@@ -10,19 +16,19 @@ interface CastsAttributes
      * @param  \Illuminate\Database\Eloquent\Model  $model
      * @param  string  $key
      * @param  mixed  $value
-     * @param  array  $attributes
-     * @return mixed
+     * @param  array<string, mixed>  $attributes
+     * @return TGet|null
      */
-    public function get($model, string $key, $value, array $attributes);
+    public function get(Model $model, string $key, mixed $value, array $attributes);
 
     /**
      * Transform the attribute to its underlying model values.
      *
      * @param  \Illuminate\Database\Eloquent\Model  $model
      * @param  string  $key
-     * @param  mixed  $value
-     * @param  array  $attributes
+     * @param  TSet|null  $value
+     * @param  array<string, mixed>  $attributes
      * @return mixed
      */
-    public function set($model, string $key, $value, array $attributes);
+    public function set(Model $model, string $key, mixed $value, array $attributes);
 }
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Database/Eloquent/CastsInboundAttributes.php b/data/web/inc/lib/vendor/illuminate/contracts/Database/Eloquent/CastsInboundAttributes.php
index 4c7801b58..6a3e2ef18 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Database/Eloquent/CastsInboundAttributes.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Database/Eloquent/CastsInboundAttributes.php
@@ -2,6 +2,8 @@
 
 namespace Illuminate\Contracts\Database\Eloquent;
 
+use Illuminate\Database\Eloquent\Model;
+
 interface CastsInboundAttributes
 {
     /**
@@ -13,5 +15,5 @@ interface CastsInboundAttributes
      * @param  array  $attributes
      * @return mixed
      */
-    public function set($model, string $key, $value, array $attributes);
+    public function set(Model $model, string $key, mixed $value, array $attributes);
 }
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Database/Eloquent/SerializesCastableAttributes.php b/data/web/inc/lib/vendor/illuminate/contracts/Database/Eloquent/SerializesCastableAttributes.php
index a89f91010..a2ecf16f5 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Database/Eloquent/SerializesCastableAttributes.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Database/Eloquent/SerializesCastableAttributes.php
@@ -2,6 +2,8 @@
 
 namespace Illuminate\Contracts\Database\Eloquent;
 
+use Illuminate\Database\Eloquent\Model;
+
 interface SerializesCastableAttributes
 {
     /**
@@ -13,5 +15,5 @@ interface SerializesCastableAttributes
      * @param  array  $attributes
      * @return mixed
      */
-    public function serialize($model, string $key, $value, array $attributes);
+    public function serialize(Model $model, string $key, mixed $value, array $attributes);
 }
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Database/ModelIdentifier.php b/data/web/inc/lib/vendor/illuminate/contracts/Database/ModelIdentifier.php
index 9893d280e..aacd18c07 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Database/ModelIdentifier.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Database/ModelIdentifier.php
@@ -34,6 +34,13 @@ class ModelIdentifier
      */
     public $connection;
 
+    /**
+     * The class name of the model collection.
+     *
+     * @var string|null
+     */
+    public $collectionClass;
+
     /**
      * Create a new model identifier.
      *
@@ -50,4 +57,17 @@ class ModelIdentifier
         $this->relations = $relations;
         $this->connection = $connection;
     }
+
+    /**
+     * Specify the collection class that should be used when serializing / restoring collections.
+     *
+     * @param  string|null  $collectionClass
+     * @return $this
+     */
+    public function useCollectionClass(?string $collectionClass)
+    {
+        $this->collectionClass = $collectionClass;
+
+        return $this;
+    }
 }
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Database/Query/ConditionExpression.php b/data/web/inc/lib/vendor/illuminate/contracts/Database/Query/ConditionExpression.php
new file mode 100644
index 000000000..b2e97a6e8
--- /dev/null
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Database/Query/ConditionExpression.php
@@ -0,0 +1,7 @@
+<?php
+
+namespace Illuminate\Contracts\Database\Query;
+
+interface ConditionExpression extends Expression
+{
+}
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Database/Query/Expression.php b/data/web/inc/lib/vendor/illuminate/contracts/Database/Query/Expression.php
new file mode 100644
index 000000000..9e08682fe
--- /dev/null
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Database/Query/Expression.php
@@ -0,0 +1,16 @@
+<?php
+
+namespace Illuminate\Contracts\Database\Query;
+
+use Illuminate\Database\Grammar;
+
+interface Expression
+{
+    /**
+     * Get the value of the expression.
+     *
+     * @param  \Illuminate\Database\Grammar  $grammar
+     * @return string|int|float
+     */
+    public function getValue(Grammar $grammar);
+}
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Events/Dispatcher.php b/data/web/inc/lib/vendor/illuminate/contracts/Events/Dispatcher.php
index 638610698..7f4096af0 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Events/Dispatcher.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Events/Dispatcher.php
@@ -34,7 +34,7 @@ interface Dispatcher
      *
      * @param  string|object  $event
      * @param  mixed  $payload
-     * @return array|null
+     * @return mixed
      */
     public function until($event, $payload = []);
 
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Events/ShouldDispatchAfterCommit.php b/data/web/inc/lib/vendor/illuminate/contracts/Events/ShouldDispatchAfterCommit.php
new file mode 100644
index 000000000..8f1fbdd4d
--- /dev/null
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Events/ShouldDispatchAfterCommit.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace Illuminate\Contracts\Events;
+
+interface ShouldDispatchAfterCommit
+{
+    //
+}
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Events/ShouldHandleEventsAfterCommit.php b/data/web/inc/lib/vendor/illuminate/contracts/Events/ShouldHandleEventsAfterCommit.php
new file mode 100644
index 000000000..8c7051037
--- /dev/null
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Events/ShouldHandleEventsAfterCommit.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace Illuminate\Contracts\Events;
+
+interface ShouldHandleEventsAfterCommit
+{
+    //
+}
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Filesystem/Filesystem.php b/data/web/inc/lib/vendor/illuminate/contracts/Filesystem/Filesystem.php
index 6d2fd5787..e92d7efc9 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Filesystem/Filesystem.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Filesystem/Filesystem.php
@@ -46,7 +46,7 @@ interface Filesystem
      * Write the contents of a file.
      *
      * @param  string  $path
-     * @param  string|resource  $contents
+     * @param  \Psr\Http\Message\StreamInterface|\Illuminate\Http\File|\Illuminate\Http\UploadedFile|string|resource  $contents
      * @param  mixed  $options
      * @return bool
      */
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Foundation/Application.php b/data/web/inc/lib/vendor/illuminate/contracts/Foundation/Application.php
index b46c6de4d..f768eb963 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Foundation/Application.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Foundation/Application.php
@@ -45,6 +45,22 @@ interface Application extends Container
      */
     public function databasePath($path = '');
 
+    /**
+     * Get the path to the language files.
+     *
+     * @param  string  $path
+     * @return string
+     */
+    public function langPath($path = '');
+
+    /**
+     * Get the path to the public directory.
+     *
+     * @param  string  $path
+     * @return string
+     */
+    public function publicPath($path = '');
+
     /**
      * Get the path to the resources directory.
      *
@@ -64,7 +80,7 @@ interface Application extends Container
     /**
      * Get or check the current application environment.
      *
-     * @param  string|array  $environments
+     * @param  string|array  ...$environments
      * @return string|bool
      */
     public function environment(...$environments);
@@ -83,6 +99,13 @@ interface Application extends Container
      */
     public function runningUnitTests();
 
+    /**
+     * Determine if the application is running with debug mode enabled.
+     *
+     * @return bool
+     */
+    public function hasDebugModeEnabled();
+
     /**
      * Get an instance of the maintenance mode manager implementation.
      *
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Mail/Attachable.php b/data/web/inc/lib/vendor/illuminate/contracts/Mail/Attachable.php
new file mode 100644
index 000000000..6804ec3d4
--- /dev/null
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Mail/Attachable.php
@@ -0,0 +1,13 @@
+<?php
+
+namespace Illuminate\Contracts\Mail;
+
+interface Attachable
+{
+    /**
+     * Get an attachment instance for this entity.
+     *
+     * @return \Illuminate\Mail\Attachment
+     */
+    public function toMailAttachment();
+}
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Mail/Mailable.php b/data/web/inc/lib/vendor/illuminate/contracts/Mail/Mailable.php
index c5df7e852..b7fdd42ef 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Mail/Mailable.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Mail/Mailable.php
@@ -10,7 +10,7 @@ interface Mailable
      * Send the message using the given mailer.
      *
      * @param  \Illuminate\Contracts\Mail\Factory|\Illuminate\Contracts\Mail\Mailer  $mailer
-     * @return void
+     * @return \Illuminate\Mail\SentMessage|null
      */
     public function send($mailer);
 
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Mail/Mailer.php b/data/web/inc/lib/vendor/illuminate/contracts/Mail/Mailer.php
index 38f9e3b56..4d97f3ea5 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Mail/Mailer.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Mail/Mailer.php
@@ -25,7 +25,7 @@ interface Mailer
      *
      * @param  string  $text
      * @param  mixed  $callback
-     * @return void
+     * @return \Illuminate\Mail\SentMessage|null
      */
     public function raw($text, $callback);
 
@@ -35,7 +35,7 @@ interface Mailer
      * @param  \Illuminate\Contracts\Mail\Mailable|string|array  $view
      * @param  array  $data
      * @param  \Closure|string|null  $callback
-     * @return void
+     * @return \Illuminate\Mail\SentMessage|null
      */
     public function send($view, array $data = [], $callback = null);
 }
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Pagination/CursorPaginator.php b/data/web/inc/lib/vendor/illuminate/contracts/Pagination/CursorPaginator.php
index 2d62d3a51..c6b96fbe4 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Pagination/CursorPaginator.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Pagination/CursorPaginator.php
@@ -29,6 +29,13 @@ interface CursorPaginator
      */
     public function fragment($fragment = null);
 
+    /**
+     * Add all current query string values to the paginator.
+     *
+     * @return $this
+     */
+    public function withQueryString();
+
     /**
      * Get the URL for the previous page, or null.
      *
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Pagination/Paginator.php b/data/web/inc/lib/vendor/illuminate/contracts/Pagination/Paginator.php
index 49bafaa77..04201cef4 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Pagination/Paginator.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Pagination/Paginator.php
@@ -15,7 +15,7 @@ interface Paginator
     /**
      * Add a set of query string values to the paginator.
      *
-     * @param  array|string  $key
+     * @param  array|string|null  $key
      * @param  string|null  $value
      * @return $this
      */
@@ -25,7 +25,7 @@ interface Paginator
      * Get / set the URL fragment to be appended to URLs.
      *
      * @param  string|null  $fragment
-     * @return $this|string
+     * @return $this|string|null
      */
     public function fragment($fragment = null);
 
@@ -53,14 +53,14 @@ interface Paginator
     /**
      * Get the "index" of the first item being paginated.
      *
-     * @return int
+     * @return int|null
      */
     public function firstItem();
 
     /**
      * Get the "index" of the last item being paginated.
      *
-     * @return int
+     * @return int|null
      */
     public function lastItem();
 
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Process/InvokedProcess.php b/data/web/inc/lib/vendor/illuminate/contracts/Process/InvokedProcess.php
new file mode 100644
index 000000000..d272d3772
--- /dev/null
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Process/InvokedProcess.php
@@ -0,0 +1,64 @@
+<?php
+
+namespace Illuminate\Contracts\Process;
+
+interface InvokedProcess
+{
+    /**
+     * Get the process ID if the process is still running.
+     *
+     * @return int|null
+     */
+    public function id();
+
+    /**
+     * Send a signal to the process.
+     *
+     * @param  int  $signal
+     * @return $this
+     */
+    public function signal(int $signal);
+
+    /**
+     * Determine if the process is still running.
+     *
+     * @return bool
+     */
+    public function running();
+
+    /**
+     * Get the standard output for the process.
+     *
+     * @return string
+     */
+    public function output();
+
+    /**
+     * Get the error output for the process.
+     *
+     * @return string
+     */
+    public function errorOutput();
+
+    /**
+     * Get the latest standard output for the process.
+     *
+     * @return string
+     */
+    public function latestOutput();
+
+    /**
+     * Get the latest error output for the process.
+     *
+     * @return string
+     */
+    public function latestErrorOutput();
+
+    /**
+     * Wait for the process to finish.
+     *
+     * @param  callable|null  $output
+     * @return \Illuminate\Console\Process\ProcessResult
+     */
+    public function wait(callable $output = null);
+}
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Process/ProcessResult.php b/data/web/inc/lib/vendor/illuminate/contracts/Process/ProcessResult.php
new file mode 100644
index 000000000..702701ea1
--- /dev/null
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Process/ProcessResult.php
@@ -0,0 +1,65 @@
+<?php
+
+namespace Illuminate\Contracts\Process;
+
+interface ProcessResult
+{
+    /**
+     * Get the original command executed by the process.
+     *
+     * @return string
+     */
+    public function command();
+
+    /**
+     * Determine if the process was successful.
+     *
+     * @return bool
+     */
+    public function successful();
+
+    /**
+     * Determine if the process failed.
+     *
+     * @return bool
+     */
+    public function failed();
+
+    /**
+     * Get the exit code of the process.
+     *
+     * @return int|null
+     */
+    public function exitCode();
+
+    /**
+     * Get the standard output of the process.
+     *
+     * @return string
+     */
+    public function output();
+
+    /**
+     * Get the error output of the process.
+     *
+     * @return string
+     */
+    public function errorOutput();
+
+    /**
+     * Throw an exception if the process failed.
+     *
+     * @param  callable|null  $callback
+     * @return $this
+     */
+    public function throw(callable $callback = null);
+
+    /**
+     * Throw an exception if the process failed and the given condition is true.
+     *
+     * @param  bool  $condition
+     * @param  callable|null  $callback
+     * @return $this
+     */
+    public function throwIf(bool $condition, callable $callback = null);
+}
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Queue/Monitor.php b/data/web/inc/lib/vendor/illuminate/contracts/Queue/Monitor.php
index 7da62d3ad..87677f0e7 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Queue/Monitor.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Queue/Monitor.php
@@ -13,7 +13,7 @@ interface Monitor
     public function looping($callback);
 
     /**
-     * Register a callback to be executed when a job fails after the maximum amount of retries.
+     * Register a callback to be executed when a job fails after the maximum number of retries.
      *
      * @param  mixed  $callback
      * @return void
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Queue/ShouldQueueAfterCommit.php b/data/web/inc/lib/vendor/illuminate/contracts/Queue/ShouldQueueAfterCommit.php
new file mode 100644
index 000000000..8545ad30d
--- /dev/null
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Queue/ShouldQueueAfterCommit.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace Illuminate\Contracts\Queue;
+
+interface ShouldQueueAfterCommit extends ShouldQueue
+{
+    //
+}
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Routing/ResponseFactory.php b/data/web/inc/lib/vendor/illuminate/contracts/Routing/ResponseFactory.php
index 86c16cab8..0aa51d551 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Routing/ResponseFactory.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Routing/ResponseFactory.php
@@ -60,7 +60,7 @@ interface ResponseFactory
     /**
      * Create a new streamed response instance.
      *
-     * @param  \Closure  $callback
+     * @param  callable  $callback
      * @param  int  $status
      * @param  array  $headers
      * @return \Symfony\Component\HttpFoundation\StreamedResponse
@@ -70,7 +70,7 @@ interface ResponseFactory
     /**
      * Create a new streamed response instance as a file download.
      *
-     * @param  \Closure  $callback
+     * @param  callable  $callback
      * @param  string|null  $name
      * @param  array  $headers
      * @param  string|null  $disposition
@@ -123,7 +123,7 @@ interface ResponseFactory
     /**
      * Create a new redirect response to a controller action.
      *
-     * @param  string  $action
+     * @param  array|string  $action
      * @param  mixed  $parameters
      * @param  int  $status
      * @param  array  $headers
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Session/Middleware/AuthenticatesSessions.php b/data/web/inc/lib/vendor/illuminate/contracts/Session/Middleware/AuthenticatesSessions.php
new file mode 100644
index 000000000..113f42007
--- /dev/null
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Session/Middleware/AuthenticatesSessions.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace Illuminate\Contracts\Session\Middleware;
+
+interface AuthenticatesSessions
+{
+    //
+}
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Support/MessageBag.php b/data/web/inc/lib/vendor/illuminate/contracts/Support/MessageBag.php
index 7f708aca5..14855d06e 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Support/MessageBag.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Support/MessageBag.php
@@ -64,6 +64,14 @@ interface MessageBag extends Arrayable, Countable
      */
     public function all($format = null);
 
+    /**
+     * Remove a message from the bag.
+     *
+     * @param  string  $key
+     * @return $this
+     */
+    public function forget($key);
+
     /**
      * Get the raw messages in the container.
      *
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Translation/Translator.php b/data/web/inc/lib/vendor/illuminate/contracts/Translation/Translator.php
index 6eae4915d..ded1a8b86 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Translation/Translator.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Translation/Translator.php
@@ -18,7 +18,7 @@ interface Translator
      * Get a translation according to an integer value.
      *
      * @param  string  $key
-     * @param  \Countable|int|array  $number
+     * @param  \Countable|int|float|array  $number
      * @param  array  $replace
      * @param  string|null  $locale
      * @return string
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Validation/DataAwareRule.php b/data/web/inc/lib/vendor/illuminate/contracts/Validation/DataAwareRule.php
index 7ec7ab5a9..739626c2e 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Validation/DataAwareRule.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Validation/DataAwareRule.php
@@ -10,5 +10,5 @@ interface DataAwareRule
      * @param  array  $data
      * @return $this
      */
-    public function setData($data);
+    public function setData(array $data);
 }
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Validation/Factory.php b/data/web/inc/lib/vendor/illuminate/contracts/Validation/Factory.php
index 104675a4d..70687e87f 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Validation/Factory.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Validation/Factory.php
@@ -10,10 +10,10 @@ interface Factory
      * @param  array  $data
      * @param  array  $rules
      * @param  array  $messages
-     * @param  array  $customAttributes
+     * @param  array  $attributes
      * @return \Illuminate\Contracts\Validation\Validator
      */
-    public function make(array $data, array $rules, array $messages = [], array $customAttributes = []);
+    public function make(array $data, array $rules, array $messages = [], array $attributes = []);
 
     /**
      * Register a custom validator extension.
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Validation/ImplicitRule.php b/data/web/inc/lib/vendor/illuminate/contracts/Validation/ImplicitRule.php
index bbc64f44e..ac5df83f9 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Validation/ImplicitRule.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Validation/ImplicitRule.php
@@ -2,6 +2,9 @@
 
 namespace Illuminate\Contracts\Validation;
 
+/**
+ * @deprecated see ValidationRule
+ */
 interface ImplicitRule extends Rule
 {
     //
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Validation/InvokableRule.php b/data/web/inc/lib/vendor/illuminate/contracts/Validation/InvokableRule.php
new file mode 100644
index 000000000..c7ac9c248
--- /dev/null
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Validation/InvokableRule.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace Illuminate\Contracts\Validation;
+
+use Closure;
+
+/**
+ * @deprecated see ValidationRule
+ */
+interface InvokableRule
+{
+    /**
+     * Run the validation rule.
+     *
+     * @param  string  $attribute
+     * @param  mixed  $value
+     * @param  \Closure(string): \Illuminate\Translation\PotentiallyTranslatedString  $fail
+     * @return void
+     */
+    public function __invoke(string $attribute, mixed $value, Closure $fail);
+}
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Validation/Rule.php b/data/web/inc/lib/vendor/illuminate/contracts/Validation/Rule.php
index cc03777af..102cc5342 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Validation/Rule.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Validation/Rule.php
@@ -2,6 +2,9 @@
 
 namespace Illuminate\Contracts\Validation;
 
+/**
+ * @deprecated see ValidationRule
+ */
 interface Rule
 {
     /**
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Validation/ValidationRule.php b/data/web/inc/lib/vendor/illuminate/contracts/Validation/ValidationRule.php
new file mode 100644
index 000000000..1c95b975c
--- /dev/null
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Validation/ValidationRule.php
@@ -0,0 +1,18 @@
+<?php
+
+namespace Illuminate\Contracts\Validation;
+
+use Closure;
+
+interface ValidationRule
+{
+    /**
+     * Run the validation rule.
+     *
+     * @param  string  $attribute
+     * @param  mixed  $value
+     * @param  \Closure(string): \Illuminate\Translation\PotentiallyTranslatedString  $fail
+     * @return void
+     */
+    public function validate(string $attribute, mixed $value, Closure $fail): void;
+}
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/Validation/ValidatorAwareRule.php b/data/web/inc/lib/vendor/illuminate/contracts/Validation/ValidatorAwareRule.php
index 053f4fa8b..0baf2742b 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/Validation/ValidatorAwareRule.php
+++ b/data/web/inc/lib/vendor/illuminate/contracts/Validation/ValidatorAwareRule.php
@@ -2,6 +2,8 @@
 
 namespace Illuminate\Contracts\Validation;
 
+use Illuminate\Validation\Validator;
+
 interface ValidatorAwareRule
 {
     /**
@@ -10,5 +12,5 @@ interface ValidatorAwareRule
      * @param  \Illuminate\Validation\Validator  $validator
      * @return $this
      */
-    public function setValidator($validator);
+    public function setValidator(Validator $validator);
 }
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/View/ViewCompilationException.php b/data/web/inc/lib/vendor/illuminate/contracts/View/ViewCompilationException.php
new file mode 100644
index 000000000..5c57619ef
--- /dev/null
+++ b/data/web/inc/lib/vendor/illuminate/contracts/View/ViewCompilationException.php
@@ -0,0 +1,10 @@
+<?php
+
+namespace Illuminate\Contracts\View;
+
+use Exception;
+
+class ViewCompilationException extends Exception
+{
+    //
+}
diff --git a/data/web/inc/lib/vendor/illuminate/contracts/composer.json b/data/web/inc/lib/vendor/illuminate/contracts/composer.json
index 9296ba9e5..acae4bef8 100644
--- a/data/web/inc/lib/vendor/illuminate/contracts/composer.json
+++ b/data/web/inc/lib/vendor/illuminate/contracts/composer.json
@@ -14,7 +14,7 @@
         }
     ],
     "require": {
-        "php": "^8.0.2",
+        "php": "^8.1",
         "psr/container": "^1.1.1|^2.0.1",
         "psr/simple-cache": "^1.0|^2.0|^3.0"
     },
@@ -25,7 +25,7 @@
     },
     "extra": {
         "branch-alias": {
-            "dev-master": "9.x-dev"
+            "dev-master": "10.x-dev"
         }
     },
     "config": {
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/.phpstorm.meta.php b/data/web/inc/lib/vendor/nesbot/carbon/.phpstorm.meta.php
new file mode 100644
index 000000000..bd7c7e0e7
--- /dev/null
+++ b/data/web/inc/lib/vendor/nesbot/carbon/.phpstorm.meta.php
@@ -0,0 +1,10 @@
+<?php
+namespace PHPSTORM_META {
+    registerArgumentsSet("date_units", "millenania", "millennium", "century", "centuries", "decade", "decades", "year", "years", "y", "yr", "yrs", "quarter", "quarters", "month", "months", "mo", "mos", "week", "weeks", "w", "day", "days", "d", "hour", "hours", "h", "minute", "minutes", "m", "second", "seconds", "s", "millisecond", "milliseconds", "milli", "ms", "microsecond", "microseconds", "micro", "µs");
+    expectedArguments(\Carbon\Traits\Units::add(), 0, argumentsSet("date_units"));
+    expectedArguments(\Carbon\Traits\Units::add(), 1, argumentsSet("date_units"));
+    expectedArguments(\Carbon\CarbonInterface::add(), 0, argumentsSet("date_units"));
+    expectedArguments(\Carbon\CarbonInterface::add(), 1, argumentsSet("date_units"));
+
+    expectedArguments(\Carbon\CarbonInterface::getTimeFormatByPrecision(), 0, "minute", "second", "m", "millisecond", "µ", "microsecond", "minutes", "seconds", "ms", "milliseconds", "µs", "microseconds");
+}
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/composer.json b/data/web/inc/lib/vendor/nesbot/carbon/composer.json
index 84ec1361c..48366b5dd 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/composer.json
+++ b/data/web/inc/lib/vendor/nesbot/carbon/composer.json
@@ -1,14 +1,13 @@
 {
     "name": "nesbot/carbon",
-    "type": "library",
     "description": "An API extension for DateTime that supports 281 different languages.",
+    "license": "MIT",
+    "type": "library",
     "keywords": [
         "date",
         "time",
         "DateTime"
     ],
-    "homepage": "https://carbon.nesbot.com",
-    "license": "MIT",
     "authors": [
         {
             "name": "Brian Nesbitt",
@@ -20,31 +19,77 @@
             "homepage": "https://github.com/kylekatarnls"
         }
     ],
+    "homepage": "https://carbon.nesbot.com",
+    "support": {
+        "issues": "https://github.com/briannesbitt/Carbon/issues",
+        "source": "https://github.com/briannesbitt/Carbon",
+        "docs": "https://carbon.nesbot.com/docs"
+    },
+    "funding": [
+        {
+            "url": "https://github.com/sponsors/kylekatarnls",
+            "type": "github"
+        },
+        {
+            "url": "https://tidelift.com/subscription/pkg/packagist-nesbot-carbon?utm_source=packagist-nesbot-carbon&utm_medium=referral&utm_campaign=readme",
+            "type": "tidelift"
+        },
+        {
+            "url": "https://opencollective.com/Carbon#sponsor",
+            "type": "opencollective"
+        }
+    ],
     "require": {
         "php": "^7.1.8 || ^8.0",
         "ext-json": "*",
+        "carbonphp/carbon-doctrine-types": "*",
+        "psr/clock": "^1.0",
         "symfony/polyfill-mbstring": "^1.0",
         "symfony/polyfill-php80": "^1.16",
         "symfony/translation": "^3.4 || ^4.0 || ^5.0 || ^6.0"
     },
     "require-dev": {
-        "doctrine/dbal": "^2.0 || ^3.0",
-        "doctrine/orm": "^2.7",
+        "doctrine/dbal": "^2.0 || ^3.1.4 || ^4.0",
+        "doctrine/orm": "^2.7 || ^3.0",
         "friendsofphp/php-cs-fixer": "^3.0",
         "kylekatarnls/multi-tester": "^2.0",
+        "ondrejmirtes/better-reflection": "*",
         "phpmd/phpmd": "^2.9",
         "phpstan/extension-installer": "^1.0",
-        "phpstan/phpstan": "^0.12.54 || ^1.0",
-        "phpunit/phpunit": "^7.5.20 || ^8.5.14",
+        "phpstan/phpstan": "^0.12.99 || ^1.7.14",
+        "phpunit/php-file-iterator": "^2.0.5 || ^3.0.6",
+        "phpunit/phpunit": "^7.5.20 || ^8.5.26 || ^9.5.20",
         "squizlabs/php_codesniffer": "^3.4"
     },
-    "config": {
-        "process-timeout": 0,
-        "sort-packages": true,
-        "allow-plugins": {
-            "phpstan/extension-installer": true
+    "provide": {
+        "psr/clock-implementation": "1.0"
+    },
+    "minimum-stability": "dev",
+    "prefer-stable": true,
+    "autoload": {
+        "psr-4": {
+            "Carbon\\": "src/Carbon/"
         }
     },
+    "autoload-dev": {
+        "psr-4": {
+            "Tests\\": "tests/"
+        },
+        "files": [
+            "tests/Laravel/ServiceProvider.php"
+        ]
+    },
+    "bin": [
+        "bin/carbon"
+    ],
+    "config": {
+        "allow-plugins": {
+            "phpstan/extension-installer": true,
+            "composer/package-versions-deprecated": true
+        },
+        "process-timeout": 0,
+        "sort-packages": true
+    },
     "extra": {
         "branch-alias": {
             "dev-3.x": "3.x-dev",
@@ -61,28 +106,11 @@
             ]
         }
     },
-    "autoload": {
-        "psr-4": {
-            "Carbon\\": "src/Carbon/"
-        }
-    },
-    "autoload-dev": {
-        "psr-4": {
-            "Tests\\": "tests/"
-        },
-        "files": [
-            "tests/Laravel/ServiceProvider.php"
-        ]
-    },
-    "minimum-stability": "dev",
-    "prefer-stable": true,
-    "bin": [
-        "bin/carbon"
-    ],
     "scripts": {
         "phpcs": "php-cs-fixer fix -v --diff --dry-run",
         "phpdoc": "php phpdoc.php",
         "phpmd": "phpmd src text /phpmd.xml",
+        "phpmd-test": "phpmd tests text /tests/phpmd-test.xml",
         "phpstan": "phpstan analyse --configuration phpstan.neon",
         "phpunit": "phpunit --verbose",
         "style-check": [
@@ -93,11 +121,7 @@
         "test": [
             "@phpunit",
             "@style-check"
-        ]
-    },
-    "support": {
-        "issues": "https://github.com/briannesbitt/Carbon/issues",
-        "source": "https://github.com/briannesbitt/Carbon",
-        "docs": "https://carbon.nesbot.com/docs"
+        ],
+        "sponsors": "php sponsors.php"
     }
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/MessageFormatter/MessageFormatterMapperStrongType.php b/data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/MessageFormatter/MessageFormatterMapperStrongType.php
new file mode 100644
index 000000000..c2f4bf013
--- /dev/null
+++ b/data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/MessageFormatter/MessageFormatterMapperStrongType.php
@@ -0,0 +1,28 @@
+<?php
+
+/**
+ * This file is part of the Carbon package.
+ *
+ * (c) Brian Nesbitt <brian@nesbot.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Carbon\MessageFormatter;
+
+use Symfony\Component\Translation\Formatter\MessageFormatterInterface;
+
+if (!class_exists(LazyMessageFormatter::class, false)) {
+    abstract class LazyMessageFormatter implements MessageFormatterInterface
+    {
+        public function format(string $message, string $locale, array $parameters = []): string
+        {
+            return $this->formatter->format(
+                $message,
+                $this->transformLocale($locale),
+                $parameters
+            );
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/MessageFormatter/MessageFormatterMapperWeakType.php b/data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/MessageFormatter/MessageFormatterMapperWeakType.php
new file mode 100644
index 000000000..cbd890d5b
--- /dev/null
+++ b/data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/MessageFormatter/MessageFormatterMapperWeakType.php
@@ -0,0 +1,36 @@
+<?php
+
+/**
+ * This file is part of the Carbon package.
+ *
+ * (c) Brian Nesbitt <brian@nesbot.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Carbon\MessageFormatter;
+
+use Symfony\Component\Translation\Formatter\ChoiceMessageFormatterInterface;
+use Symfony\Component\Translation\Formatter\MessageFormatterInterface;
+
+if (!class_exists(LazyMessageFormatter::class, false)) {
+    abstract class LazyMessageFormatter implements MessageFormatterInterface, ChoiceMessageFormatterInterface
+    {
+        abstract protected function transformLocale(?string $locale): ?string;
+
+        public function format($message, $locale, array $parameters = [])
+        {
+            return $this->formatter->format(
+                $message,
+                $this->transformLocale($locale),
+                $parameters
+            );
+        }
+
+        public function choiceFormat($message, $number, $locale, array $parameters = [])
+        {
+            return $this->formatter->choiceFormat($message, $number, $locale, $parameters);
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/PHPStan/AbstractMacroBuiltin.php b/data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/PHPStan/AbstractMacroBuiltin.php
new file mode 100644
index 000000000..ba7cf6320
--- /dev/null
+++ b/data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/PHPStan/AbstractMacroBuiltin.php
@@ -0,0 +1,36 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * This file is part of the Carbon package.
+ *
+ * (c) Brian Nesbitt <brian@nesbot.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Carbon\PHPStan;
+
+use PHPStan\BetterReflection\Reflection;
+use ReflectionMethod;
+
+if (!class_exists(AbstractReflectionMacro::class, false)) {
+    abstract class AbstractReflectionMacro extends AbstractMacro
+    {
+        /**
+         * {@inheritdoc}
+         */
+        public function getReflection(): ?ReflectionMethod
+        {
+            if ($this->reflectionFunction instanceof Reflection\ReflectionMethod) {
+                return new Reflection\Adapter\ReflectionMethod($this->reflectionFunction);
+            }
+
+            return $this->reflectionFunction instanceof ReflectionMethod
+                ? $this->reflectionFunction
+                : null;
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/PHPStan/AbstractMacroStatic.php b/data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/PHPStan/AbstractMacroStatic.php
new file mode 100644
index 000000000..bd4c8e804
--- /dev/null
+++ b/data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/PHPStan/AbstractMacroStatic.php
@@ -0,0 +1,45 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * This file is part of the Carbon package.
+ *
+ * (c) Brian Nesbitt <brian@nesbot.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Carbon\PHPStan;
+
+use PHPStan\BetterReflection\Reflection;
+use ReflectionMethod;
+
+if (!class_exists(AbstractReflectionMacro::class, false)) {
+    abstract class AbstractReflectionMacro extends AbstractMacro
+    {
+        /**
+         * {@inheritdoc}
+         */
+        public function getReflection(): ?Reflection\Adapter\ReflectionMethod
+        {
+            if ($this->reflectionFunction instanceof Reflection\Adapter\ReflectionMethod) {
+                return $this->reflectionFunction;
+            }
+
+            if ($this->reflectionFunction instanceof Reflection\ReflectionMethod) {
+                return new Reflection\Adapter\ReflectionMethod($this->reflectionFunction);
+            }
+
+            return $this->reflectionFunction instanceof ReflectionMethod
+                ? new Reflection\Adapter\ReflectionMethod(
+                    Reflection\ReflectionMethod::createFromName(
+                        $this->reflectionFunction->getDeclaringClass()->getName(),
+                        $this->reflectionFunction->getName()
+                    )
+                )
+                : null;
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/PHPStan/MacroStrongType.php b/data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/PHPStan/MacroStrongType.php
index eacd9c1ea..f615b3a64 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/PHPStan/MacroStrongType.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/PHPStan/MacroStrongType.php
@@ -14,14 +14,16 @@ declare(strict_types=1);
 namespace Carbon\PHPStan;
 
 if (!class_exists(LazyMacro::class, false)) {
-    abstract class LazyMacro extends AbstractMacro
+    abstract class LazyMacro extends AbstractReflectionMacro
     {
         /**
          * {@inheritdoc}
          */
         public function getFileName(): ?string
         {
-            return $this->reflectionFunction->getFileName();
+            $file = $this->reflectionFunction->getFileName();
+
+            return (($file ? realpath($file) : null) ?: $file) ?: null;
         }
 
         /**
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/PHPStan/MacroWeakType.php b/data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/PHPStan/MacroWeakType.php
index 3e9fcf4f7..bf64c1dd9 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/PHPStan/MacroWeakType.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/lazy/Carbon/PHPStan/MacroWeakType.php
@@ -14,7 +14,7 @@ declare(strict_types=1);
 namespace Carbon\PHPStan;
 
 if (!class_exists(LazyMacro::class, false)) {
-    abstract class LazyMacro extends AbstractMacro
+    abstract class LazyMacro extends AbstractReflectionMacro
     {
         /**
          * {@inheritdoc}
@@ -23,7 +23,9 @@ if (!class_exists(LazyMacro::class, false)) {
          */
         public function getFileName()
         {
-            return $this->reflectionFunction->getFileName();
+            $file = $this->reflectionFunction->getFileName();
+
+            return (($file ? realpath($file) : null) ?: $file) ?: null;
         }
 
         /**
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/readme.md b/data/web/inc/lib/vendor/nesbot/carbon/readme.md
index 5d827219e..3f4117706 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/readme.md
+++ b/data/web/inc/lib/vendor/nesbot/carbon/readme.md
@@ -2,7 +2,7 @@
 
 [![Latest Stable Version](https://img.shields.io/packagist/v/nesbot/carbon.svg?style=flat-square)](https://packagist.org/packages/nesbot/carbon)
 [![Total Downloads](https://img.shields.io/packagist/dt/nesbot/carbon.svg?style=flat-square)](https://packagist.org/packages/nesbot/carbon)
-[![GitHub Actions](https://img.shields.io/endpoint.svg?url=https%3A%2F%2Factions-badge.atrox.dev%2Fbriannesbitt%2FCarbon%2Fbadge&style=flat-square&label=Build&logo=none)](https://actions-badge.atrox.dev/briannesbitt/Carbon/goto)
+[![GitHub Actions](https://img.shields.io/endpoint.svg?url=https%3A%2F%2Factions-badge.atrox.dev%2Fbriannesbitt%2FCarbon%2Fbadge&style=flat-square&label=Build&logo=none)](https://github.com/briannesbitt/Carbon/actions)
 [![codecov.io](https://img.shields.io/codecov/c/github/briannesbitt/Carbon.svg?style=flat-square)](https://codecov.io/github/briannesbitt/Carbon?branch=master)
 [![Tidelift](https://tidelift.com/badges/github/briannesbitt/Carbon)](https://tidelift.com/subscription/pkg/packagist-nesbot-carbon?utm_source=packagist-nesbot-carbon&utm_medium=referral&utm_campaign=readme)
 
@@ -119,21 +119,52 @@ This project exists thanks to all the people who contribute.
 
 Support this project by becoming a sponsor. Your logo will show up here with a link to your website.
 
-<a href="https://tidelift.com/subscription/pkg/packagist-nesbot-carbon?utm_source=packagist-nesbot-carbon&utm_medium=referral&utm_campaign=readme" target="_blank"><img src="https://carbon.nesbot.com/tidelift-brand.png" width="256" height="64"></a>
-<a href="https://onlinecasinohex.ca/?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img src="https://images.opencollective.com/hexcasinoca/2da3af2/logo/256.png" width="85" height="64"></a>
-<a href="https://opencollective.com/Carbon/sponsor/0/website" target="_blank"><img src="https://opencollective.com/Carbon/sponsor/0/avatar.svg"></a>
-<a href="https://opencollective.com/Carbon/sponsor/1/website" target="_blank"><img src="https://opencollective.com/Carbon/sponsor/1/avatar.svg"></a>
-<a href="https://opencollective.com/Carbon/sponsor/2/website" target="_blank"><img src="https://opencollective.com/Carbon/sponsor/2/avatar.svg"></a>
-<a href="https://opencollective.com/Carbon/sponsor/3/website" target="_blank"><img src="https://opencollective.com/Carbon/sponsor/3/avatar.svg"></a>
-<a href="https://opencollective.com/Carbon/sponsor/4/website" target="_blank"><img src="https://opencollective.com/Carbon/sponsor/4/avatar.svg"></a>
+<a href="https://tidelift.com/subscription/pkg/packagist-nesbot-carbon?utm_source=packagist-nesbot-carbon&utm_medium=referral&utm_campaign=readme" target="_blank"><img src="https://carbon.nesbot.com/tidelift-brand.png" width="256" height="64"></a><!-- <open-collective-sponsors> -->
+<a title="Онлайн казино 777 Україна" href="https://777.ua/?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="Онлайн казино" src="https://opencollective-production.s3.us-west-1.amazonaws.com/account-avatar/7e572d50-1ce8-4d69-ae12-86cc80371373/ok-ua-777.png" width="64" height="64"></a>
+<a title="#1 Guide To Online Gambling In Canada" href="https://casinohex.org/canada/?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="CasinoHex Canada" src="https://opencollective-production.s3.us-west-1.amazonaws.com/79fdbcc0-a997-11eb-abbc-25e48b63c6dc.jpg" width="85" height="64"></a>
+<a title="Znajdź najlepsze zakłady bukmacherskie w Polsce w 2023 roku. Probukmacher.pl to Twoje kompendium wiedzy na temat bukmacherów!" href="https://www.probukmacher.pl?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="Probukmacher" src="https://opencollective-production.s3.us-west-1.amazonaws.com/account-avatar/caf50271-4560-4ffe-a434-ea15239168db/Screenshot_1.png" width="89" height="64"></a>
+<a title="Gives a fun for our users" href="https://slotoking.ua/games/?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="Игровые автоматы" src="https://opencollective-production.s3.us-west-1.amazonaws.com/account-avatar/94601d07-3205-4c60-9c2d-9b8194dbefb7/skg-blue.png" width="64" height="64"></a>
+<a title="Casino-portugal.pt" href="https://casino-portugal.pt/?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="Casino-portugal.pt" src="https://logo.clearbit.com/casino-portugal.pt" width="64" height="64"></a>
+<a title="Slots City® ➢ Лучшее лицензионно казино онлайн и оффлайн на гривны в Украине. 【 Более1500 игровых автоматов и слотов】✅ Официально и Безопасно" href="https://slotscity.ua/?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="Slots City" src="https://opencollective-production.s3.us-west-1.amazonaws.com/d7e298c0-7abe-11ed-8553-230872f5e54d.png" width="90" height="64"></a>
+<a title="inkedin" href="https://inkedin.com?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="inkedin" src="https://logo.clearbit.com/inkedin.com" width="64" height="64"></a>
+<a title="Актуальний та повносправний рейтинг онлайн казино України, ґрунтований на відгуках реальних гравців." href="https://uk.onlinecasino.in.ua/?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="Онлайн казино України" src="https://opencollective-production.s3.us-west-1.amazonaws.com/c0b4b090-eef8-11ec-9cb7-0527a205b226.png" width="64" height="64"></a>
+<a title="OnlineCasinosSpelen" href="https://onlinecasinosspelen.com?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="OnlineCasinosSpelen" src="https://logo.clearbit.com/onlinecasinosspelen.com" width="64" height="64"></a>
+<a title="Best non Gamstop sites in the UK" href="https://nongamstopcasinos.net/gb/?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="Best non Gamstop sites in the UK" src="https://opencollective-production.s3.us-west-1.amazonaws.com/account-avatar/34e340b8-e1de-4932-8a76-1b3ce2ec7ee8/logo_white%20bg%20(8).png" width="64" height="64"></a>
+<a title="Real Money Pokies" href="https://www.nzfirst.org.nz/real-money-pokies/?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="Real Money Pokies" src="https://opencollective-production.s3.us-west-1.amazonaws.com/account-avatar/30d38232-a9d6-4e95-a48c-641fdc4d96fd/NZ_logo%20(6)%20(1)%20(1).jpg" width="64" height="64"></a>
+<a title="Non GamStop Bookies UK" href="https://nongamstopbookies.com/uk/?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="Non GamStop Bookies UK" src="https://opencollective-production.s3.us-west-1.amazonaws.com/account-avatar/43c5561c-8907-4ef7-a4ee-c6da054788b8/logo-site%20(3).jpg" width="64" height="64"></a>
+<a title="Актуальний топ-рейтинг українських онлайн казино на гривні! Щоденне оновлення топу та унікальна система ранжування, основана на відгуках гравців!" href="https://onlinecasino.in.ua/?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="Онлайн Казино Украины" src="https://opencollective-production.s3.us-west-1.amazonaws.com/8fdd8aa0-e273-11ec-a95e-d38fd331cabf.png" width="64" height="64"></a>
+<a title="Twitter Video Downloader HD Tool allows you to store tweets on your device (mobile or PC) for free." href="https://ssstwitter.online/?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="SSSTwitter" src="https://opencollective-production.s3.us-west-1.amazonaws.com/account-avatar/ba0d1daf-a894-4d98-95f7-a44d321364b3/Screenshot%202024-01-16%20at%2011.43.22.png" width="76" height="64"></a>
+<a title="Entertainment" href="https://www.nongamstopbets.com/casinos-not-on-gamstop/?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="Non-GamStop Bets UK" src="https://logo.clearbit.com/nongamstopbets.com" width="64" height="64"></a>
+<a title="Chudovo - international software development company with representative offices in Kyiv, Cologne, New York, Tallinn and London. It has been working on the market since 2006. Company has domain expertise in video security, logistics, medicine, finance and" href="https://chudovo.com/?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="Chudovo" src="https://opencollective-production.s3.us-west-1.amazonaws.com/326c19a0-2e87-11eb-a13a-c99a2a201d11.png" width="84" height="42"></a>
+<a title="Entertainment" href="https://casinogap.org/uk/?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="UK Casino Gap" src="https://opencollective-production.s3.us-west-1.amazonaws.com/account-avatar/143f9301-beec-4118-89d5-9a07a01345f3/casinogap-uk.png" width="42" height="42"></a>
+<a title="NZ Gaming Portal" href="https://casinodeps.co.nz?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="NZ Casino Deps" src="https://logo.clearbit.com/casinodeps.co.nz" width="42" height="42"></a>
+<a title="NonStop Sites" href="https://uk.nonstopcasino.org/non-gamstop-casinos/?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="NonStopCasino.org" src="https://opencollective-production.s3.us-west-1.amazonaws.com/account-avatar/fd7ad905-8752-468f-ad20-582a24cca9d9/non-stop-casino.png" width="42" height="42"></a>
+<a title="Siti Non AAMS" href="https://www.outlookindia.com/outlook-spotlight/migliori-siti-non-aams-siti-scommesse-senza-licenza-sicuri-news-294715?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="Migliori Siti Non AAMS" src="https://opencollective-production.s3.us-west-1.amazonaws.com/account-avatar/392810da-6cb6-4938-a3cb-38bd0e1eb7de/migliori-siti-non-aams.png" width="42" height="42"></a>
+<a title="List of trusted non GamStop casino reviews" href="https://nongamstopcasinos.org?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="UK NonGamStopCasinos" src="https://opencollective-production.s3.us-west-1.amazonaws.com/account-avatar/cbda0ee1-26ea-4252-9580-f1f9b317b1f7/nongamstopcasinos-uk.png" width="42" height="42"></a>
+<a title="Online TikTok Video Download Tool" href="https://snaptik.pro?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="SnapTik" src="https://opencollective-production.s3.us-west-1.amazonaws.com/account-avatar/546bcd53-6615-457d-ab21-1db1c52b3af5/logo.jpg" width="42" height="42"></a>
+<a title="IG Downloader is an Instagram Downloader service that offers a variety of tools to download Instagram content for free. Listed below are all the tools" href="https://indownloader.app/?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="IG Downloader" src="https://logo.clearbit.com/indownloader.app" width="42" height="42"></a>
+<a title="Proxidize is a mobile proxy creation and management platform that provides all needed components from hardware to cloud software and SIM cards." href="https://proxidize.com/?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="Proxidize" src="https://logo.clearbit.com/proxidize.com" width="42" height="42"></a>
+<a title="Blastup offers Instagram growth services like buying likes, views, and followers, emphasizing real user engagement and instant delivery." href="https://blastup.com/buy-instagram-likes?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="Blastup" src="https://opencollective-production.s3.us-west-1.amazonaws.com/account-avatar/955a0beb-9fe8-4753-ad92-fae8ef5382fc/favicon--dark.jpg" width="42" height="42"></a>
+<a title="A self-hosted web radio management suite, including turnkey installer tools and an easy-to-use web app to manage your stations." href="https://azuracast.com?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="AzuraCast" src="https://opencollective-production.s3.us-west-1.amazonaws.com/3c12ea10-cdfb-11eb-9cf4-3760b386b76d.png" width="42" height="42"></a>
+<a title="Triplebyte is the first software engineering job platform that is on the developer&#039;s side. Take our coding quiz!" href="https://triplebyte.com/os/opencollective?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="Triplebyte" src="https://opencollective-production.s3.us-west-1.amazonaws.com/43e4f9d0-30cd-11ea-9c6b-e1142996e8b2.png" width="42" height="42"></a>
+<a title="Connect your Collective to GitHub Sponsors: https://docs.opencollective.com/help/collectives/github-sponsors" href="https://github.com/sponsors/?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="GitHub Sponsors" src="https://opencollective-production.s3.us-west-1.amazonaws.com/87b1d240-f617-11ea-9960-fd7e8ab20fe4.png" width="48" height="42"></a>
+<a title="Salesforce" href="https://engineering.salesforce.com?utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon" target="_blank"><img alt="Salesforce" src="https://opencollective-production.s3.us-west-1.amazonaws.com/24d34880-df8d-11e9-949c-6bc2037b6bd5.png" width="42" height="42"></a>
+<!-- </open-collective-sponsors> -->
 
-[[Become a sponsor](https://opencollective.com/Carbon#sponsor)]
+[[Become a sponsor via OpenCollective](https://opencollective.com/Carbon#sponsor)]
+
+<a href="https://github.com/johnrsimeone" target="_blank"><img src="https://avatars.githubusercontent.com/u/22871068?s=70&v=4" width="64" height="64"></a>
+<a href="https://github.com/taylorotwell" target="_blank"><img src="https://avatars.githubusercontent.com/u/463230?s=128&v=4" width="64" height="64"></a>
+<a href="https://github.com/getsentry" target="_blank"><img src="https://avatars.githubusercontent.com/u/1396951?s=128&v=4" width="64" height="64"></a>
+<a href="https://github.com/codecov" target="_blank"><img src="https://avatars.githubusercontent.com/u/8226205?s=128&v=4" width="64" height="64"></a>
+
+[[Become a sponsor via GitHub](https://github.com/sponsors/kylekatarnls)]
 
 ### Backers
 
 Thank you to all our backers! 🙏
 
-<a href="https://opencollective.com/Carbon#backers" target="_blank"><img src="https://opencollective.com/Carbon/backers.svg?width=890"></a>
+<a href="https://opencollective.com/Carbon#backers" target="_blank"><img src="https://opencollective.com/Carbon/backers.svg?width=890&version=2023-06-08-07-12"></a>
 
 [[Become a backer](https://opencollective.com/Carbon#backer)]
 
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/sponsors.php b/data/web/inc/lib/vendor/nesbot/carbon/sponsors.php
new file mode 100644
index 000000000..67b217161
--- /dev/null
+++ b/data/web/inc/lib/vendor/nesbot/carbon/sponsors.php
@@ -0,0 +1,129 @@
+<?php
+
+/**
+ * This file is part of the Carbon package.
+ *
+ * (c) Brian Nesbitt <brian@nesbot.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+use Carbon\CarbonImmutable;
+
+require_once __DIR__.'/vendor/autoload.php';
+
+function getMaxHistoryMonthsByAmount($amount): int
+{
+    if ($amount >= 50) {
+        return 6;
+    }
+
+    if ($amount >= 20) {
+        return 4;
+    }
+
+    return 2;
+}
+
+function getHtmlAttribute($rawValue): string
+{
+    return str_replace(
+        ['​', "\r"],
+        '',
+        trim(htmlspecialchars((string) $rawValue), "  \n\r\t\v\0"),
+    );
+}
+
+function getOpenCollectiveSponsors(): string
+{
+    $customSponsorImages = [
+        // For consistency and equity among sponsors, as of now, we kindly ask our sponsors
+        // to provide an image having a width/height ratio between 1/1 and 2/1.
+        // By default, we'll show the member picture from OpenCollective, and will resize it if bigger
+        // int(OpenCollective.MemberId) => ImageURL
+    ];
+
+    $members = json_decode(file_get_contents('https://opencollective.com/carbon/members/all.json'), true);
+
+    $list = array_filter($members, static function ($member): bool {
+        return ($member['lastTransactionAmount'] > 3 || $member['isActive']) &&
+            $member['role'] === 'BACKER' &&
+            $member['type'] !== 'USER' &&
+            (
+                $member['totalAmountDonated'] > 100 ||
+                $member['lastTransactionAt'] > CarbonImmutable::now()
+                    ->subMonthsNoOverflow(getMaxHistoryMonthsByAmount($member['lastTransactionAmount']))
+                    ->format('Y-m-d h:i') ||
+                $member['isActive'] && $member['lastTransactionAmount'] >= 30
+            );
+    });
+
+    $list = array_map(static function (array $member): array {
+        $createdAt = CarbonImmutable::parse($member['createdAt']);
+        $lastTransactionAt = CarbonImmutable::parse($member['lastTransactionAt']);
+
+        if ($createdAt->format('d H:i:s.u') > $lastTransactionAt->format('d H:i:s.u')) {
+            $createdAt = $createdAt
+                ->setDay($lastTransactionAt->day)
+                ->modify($lastTransactionAt->format('H:i:s.u'));
+        }
+
+        $monthlyContribution = (float) ($member['totalAmountDonated'] / ceil($createdAt->floatDiffInMonths()));
+
+        if (
+            $lastTransactionAt->isAfter('last month') &&
+            $member['lastTransactionAmount'] > $monthlyContribution
+        ) {
+            $monthlyContribution = (float) $member['lastTransactionAmount'];
+        }
+
+        $yearlyContribution = (float) ($member['totalAmountDonated'] / max(1, $createdAt->floatDiffInYears()));
+        $status = null;
+
+        if ($monthlyContribution > 29) {
+            $status = 'sponsor';
+        } elseif ($monthlyContribution > 4.5 || $yearlyContribution > 29) {
+            $status = 'backer';
+        } elseif ($member['totalAmountDonated'] > 0) {
+            $status = 'helper';
+        }
+
+        return array_merge($member, [
+            'star' => ($monthlyContribution > 98 || $yearlyContribution > 500),
+            'status' => $status,
+            'monthlyContribution' => $monthlyContribution,
+            'yearlyContribution' => $yearlyContribution,
+        ]);
+    }, $list);
+
+    usort($list, static function (array $a, array $b): int {
+        return ($b['monthlyContribution'] <=> $a['monthlyContribution'])
+            ?: ($b['totalAmountDonated'] <=> $a['totalAmountDonated']);
+    });
+
+    return implode('', array_map(static function (array $member) use ($customSponsorImages): string {
+        $href = htmlspecialchars($member['website'] ?? $member['profile']);
+        $src = $customSponsorImages[$member['MemberId'] ?? ''] ?? $member['image'] ?? (strtr($member['profile'], ['https://opencollective.com/' => 'https://images.opencollective.com/']).'/avatar/256.png');
+        [$x, $y] = @getimagesize($src) ?: [0, 0];
+        $validImage = ($x && $y);
+        $src = $validImage ? htmlspecialchars($src) : 'https://opencollective.com/static/images/default-guest-logo.svg';
+        $height = $member['status'] === 'sponsor' ? 64 : 42;
+        $width = min($height * 2, $validImage ? round($x * $height / $y) : $height);
+        $href .= (strpos($href, '?') === false ? '?' : '&amp;').'utm_source=opencollective&amp;utm_medium=github&amp;utm_campaign=Carbon';
+        $title = getHtmlAttribute(($member['description'] ?? null) ?: $member['name']);
+        $alt = getHtmlAttribute($member['name']);
+
+        return "\n".'<a title="'.$title.'" href="'.$href.'" target="_blank">'.
+            '<img alt="'.$alt.'" src="'.$src.'" width="'.$width.'" height="'.$height.'">'.
+            '</a>';
+    }, $list))."\n";
+}
+
+file_put_contents('readme.md', preg_replace_callback(
+    '/(<!-- <open-collective-sponsors> -->)[\s\S]+(<!-- <\/open-collective-sponsors> -->)/',
+    static function (array $match): string {
+        return $match[1].getOpenCollectiveSponsors().$match[2];
+    },
+    file_get_contents('readme.md')
+));
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/AbstractTranslator.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/AbstractTranslator.php
index 48441e7c2..8b8fe089e 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/AbstractTranslator.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/AbstractTranslator.php
@@ -11,6 +11,7 @@
 
 namespace Carbon;
 
+use Carbon\MessageFormatter\MessageFormatterMapper;
 use Closure;
 use ReflectionException;
 use ReflectionFunction;
@@ -51,7 +52,7 @@ abstract class AbstractTranslator extends Translation\Translator
     /**
      * List of locales aliases.
      *
-     * @var string[]
+     * @var array<string, string>
      */
     protected $aliases = [
         'me' => 'sr_Latn_ME',
@@ -83,7 +84,7 @@ abstract class AbstractTranslator extends Translation\Translator
         $this->initializing = true;
         $this->directories = [__DIR__.'/Lang'];
         $this->addLoader('array', new ArrayLoader());
-        parent::__construct($locale, $formatter, $cacheDir, $debug);
+        parent::__construct($locale, new MessageFormatterMapper($formatter), $cacheDir, $debug);
         $this->initializing = false;
     }
 
@@ -220,8 +221,8 @@ abstract class AbstractTranslator extends Translation\Translator
 
         $catalogue = $this->getCatalogue($locale);
         $format = $this instanceof TranslatorStrongTypeInterface
-            ? $this->getFromCatalogue($catalogue, (string) $id, $domain) // @codeCoverageIgnore
-            : $this->getCatalogue($locale)->get((string) $id, $domain);
+            ? $this->getFromCatalogue($catalogue, (string) $id, $domain)
+            : $this->getCatalogue($locale)->get((string) $id, $domain); // @codeCoverageIgnore
 
         if ($format instanceof Closure) {
             // @codeCoverageIgnoreStart
@@ -250,11 +251,7 @@ abstract class AbstractTranslator extends Translation\Translator
      */
     protected function loadMessagesFromFile($locale)
     {
-        if (isset($this->messages[$locale])) {
-            return true;
-        }
-
-        return $this->resetMessages($locale);
+        return isset($this->messages[$locale]) || $this->resetMessages($locale);
     }
 
     /**
@@ -311,7 +308,7 @@ abstract class AbstractTranslator extends Translation\Translator
      */
     public function setLocale($locale)
     {
-        $locale = preg_replace_callback('/[-_]([a-z]{2,}|[0-9]{2,})/', function ($matches) {
+        $locale = preg_replace_callback('/[-_]([a-z]{2,}|\d{2,})/', function ($matches) {
             // _2-letters or YUE is a region, _3+-letters is a variant
             $upper = strtoupper($matches[1]);
 
@@ -359,13 +356,13 @@ abstract class AbstractTranslator extends Translation\Translator
             parent::setLocale($macroLocale);
         }
 
-        if ($this->loadMessagesFromFile($locale) || $this->initializing) {
-            parent::setLocale($locale);
-
-            return true;
+        if (!$this->loadMessagesFromFile($locale) && !$this->initializing) {
+            return false;
         }
 
-        return false;
+        parent::setLocale($locale);
+
+        return true;
     }
 
     /**
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Carbon.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Carbon.php
index e327590e2..e32569ae3 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Carbon.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Carbon.php
@@ -33,477 +33,477 @@ use DateTimeZone;
  * @property      int                 $second
  * @property      int                 $micro
  * @property      int                 $microsecond
- * @property      int|float|string    $timestamp                                                                           seconds since the Unix Epoch
- * @property      string              $englishDayOfWeek                                                                    the day of week in English
- * @property      string              $shortEnglishDayOfWeek                                                               the abbreviated day of week in English
- * @property      string              $englishMonth                                                                        the month in English
- * @property      string              $shortEnglishMonth                                                                   the abbreviated month in English
+ * @property      int|float|string    $timestamp                                                                                      seconds since the Unix Epoch
+ * @property      string              $englishDayOfWeek                                                                               the day of week in English
+ * @property      string              $shortEnglishDayOfWeek                                                                          the abbreviated day of week in English
+ * @property      string              $englishMonth                                                                                   the month in English
+ * @property      string              $shortEnglishMonth                                                                              the abbreviated month in English
  * @property      int                 $milliseconds
  * @property      int                 $millisecond
  * @property      int                 $milli
- * @property      int                 $week                                                                                1 through 53
- * @property      int                 $isoWeek                                                                             1 through 53
- * @property      int                 $weekYear                                                                            year according to week format
- * @property      int                 $isoWeekYear                                                                         year according to ISO week format
- * @property      int                 $dayOfYear                                                                           1 through 366
- * @property      int                 $age                                                                                 does a diffInYears() with default parameters
- * @property      int                 $offset                                                                              the timezone offset in seconds from UTC
- * @property      int                 $offsetMinutes                                                                       the timezone offset in minutes from UTC
- * @property      int                 $offsetHours                                                                         the timezone offset in hours from UTC
- * @property      CarbonTimeZone      $timezone                                                                            the current timezone
- * @property      CarbonTimeZone      $tz                                                                                  alias of $timezone
- * @property-read int                 $dayOfWeek                                                                           0 (for Sunday) through 6 (for Saturday)
- * @property-read int                 $dayOfWeekIso                                                                        1 (for Monday) through 7 (for Sunday)
- * @property-read int                 $weekOfYear                                                                          ISO-8601 week number of year, weeks starting on Monday
- * @property-read int                 $daysInMonth                                                                         number of days in the given month
- * @property-read string              $latinMeridiem                                                                       "am"/"pm" (Ante meridiem or Post meridiem latin lowercase mark)
- * @property-read string              $latinUpperMeridiem                                                                  "AM"/"PM" (Ante meridiem or Post meridiem latin uppercase mark)
- * @property-read string              $timezoneAbbreviatedName                                                             the current timezone abbreviated name
- * @property-read string              $tzAbbrName                                                                          alias of $timezoneAbbreviatedName
- * @property-read string              $dayName                                                                             long name of weekday translated according to Carbon locale, in english if no translation available for current language
- * @property-read string              $shortDayName                                                                        short name of weekday translated according to Carbon locale, in english if no translation available for current language
- * @property-read string              $minDayName                                                                          very short name of weekday translated according to Carbon locale, in english if no translation available for current language
- * @property-read string              $monthName                                                                           long name of month translated according to Carbon locale, in english if no translation available for current language
- * @property-read string              $shortMonthName                                                                      short name of month translated according to Carbon locale, in english if no translation available for current language
- * @property-read string              $meridiem                                                                            lowercase meridiem mark translated according to Carbon locale, in latin if no translation available for current language
- * @property-read string              $upperMeridiem                                                                       uppercase meridiem mark translated according to Carbon locale, in latin if no translation available for current language
- * @property-read int                 $noZeroHour                                                                          current hour from 1 to 24
- * @property-read int                 $weeksInYear                                                                         51 through 53
- * @property-read int                 $isoWeeksInYear                                                                      51 through 53
- * @property-read int                 $weekOfMonth                                                                         1 through 5
- * @property-read int                 $weekNumberInMonth                                                                   1 through 5
- * @property-read int                 $firstWeekDay                                                                        0 through 6
- * @property-read int                 $lastWeekDay                                                                         0 through 6
- * @property-read int                 $daysInYear                                                                          365 or 366
- * @property-read int                 $quarter                                                                             the quarter of this instance, 1 - 4
- * @property-read int                 $decade                                                                              the decade of this instance
- * @property-read int                 $century                                                                             the century of this instance
- * @property-read int                 $millennium                                                                          the millennium of this instance
- * @property-read bool                $dst                                                                                 daylight savings time indicator, true if DST, false otherwise
- * @property-read bool                $local                                                                               checks if the timezone is local, true if local, false otherwise
- * @property-read bool                $utc                                                                                 checks if the timezone is UTC, true if UTC, false otherwise
- * @property-read string              $timezoneName                                                                        the current timezone name
- * @property-read string              $tzName                                                                              alias of $timezoneName
- * @property-read string              $locale                                                                              locale of the current instance
+ * @property      int                 $week                                                                                           1 through 53
+ * @property      int                 $isoWeek                                                                                        1 through 53
+ * @property      int                 $weekYear                                                                                       year according to week format
+ * @property      int                 $isoWeekYear                                                                                    year according to ISO week format
+ * @property      int                 $dayOfYear                                                                                      1 through 366
+ * @property      int                 $age                                                                                            does a diffInYears() with default parameters
+ * @property      int                 $offset                                                                                         the timezone offset in seconds from UTC
+ * @property      int                 $offsetMinutes                                                                                  the timezone offset in minutes from UTC
+ * @property      int                 $offsetHours                                                                                    the timezone offset in hours from UTC
+ * @property      CarbonTimeZone      $timezone                                                                                       the current timezone
+ * @property      CarbonTimeZone      $tz                                                                                             alias of $timezone
+ * @property-read int                 $dayOfWeek                                                                                      0 (for Sunday) through 6 (for Saturday)
+ * @property-read int                 $dayOfWeekIso                                                                                   1 (for Monday) through 7 (for Sunday)
+ * @property-read int                 $weekOfYear                                                                                     ISO-8601 week number of year, weeks starting on Monday
+ * @property-read int                 $daysInMonth                                                                                    number of days in the given month
+ * @property-read string              $latinMeridiem                                                                                  "am"/"pm" (Ante meridiem or Post meridiem latin lowercase mark)
+ * @property-read string              $latinUpperMeridiem                                                                             "AM"/"PM" (Ante meridiem or Post meridiem latin uppercase mark)
+ * @property-read string              $timezoneAbbreviatedName                                                                        the current timezone abbreviated name
+ * @property-read string              $tzAbbrName                                                                                     alias of $timezoneAbbreviatedName
+ * @property-read string              $dayName                                                                                        long name of weekday translated according to Carbon locale, in english if no translation available for current language
+ * @property-read string              $shortDayName                                                                                   short name of weekday translated according to Carbon locale, in english if no translation available for current language
+ * @property-read string              $minDayName                                                                                     very short name of weekday translated according to Carbon locale, in english if no translation available for current language
+ * @property-read string              $monthName                                                                                      long name of month translated according to Carbon locale, in english if no translation available for current language
+ * @property-read string              $shortMonthName                                                                                 short name of month translated according to Carbon locale, in english if no translation available for current language
+ * @property-read string              $meridiem                                                                                       lowercase meridiem mark translated according to Carbon locale, in latin if no translation available for current language
+ * @property-read string              $upperMeridiem                                                                                  uppercase meridiem mark translated according to Carbon locale, in latin if no translation available for current language
+ * @property-read int                 $noZeroHour                                                                                     current hour from 1 to 24
+ * @property-read int                 $weeksInYear                                                                                    51 through 53
+ * @property-read int                 $isoWeeksInYear                                                                                 51 through 53
+ * @property-read int                 $weekOfMonth                                                                                    1 through 5
+ * @property-read int                 $weekNumberInMonth                                                                              1 through 5
+ * @property-read int                 $firstWeekDay                                                                                   0 through 6
+ * @property-read int                 $lastWeekDay                                                                                    0 through 6
+ * @property-read int                 $daysInYear                                                                                     365 or 366
+ * @property-read int                 $quarter                                                                                        the quarter of this instance, 1 - 4
+ * @property-read int                 $decade                                                                                         the decade of this instance
+ * @property-read int                 $century                                                                                        the century of this instance
+ * @property-read int                 $millennium                                                                                     the millennium of this instance
+ * @property-read bool                $dst                                                                                            daylight savings time indicator, true if DST, false otherwise
+ * @property-read bool                $local                                                                                          checks if the timezone is local, true if local, false otherwise
+ * @property-read bool                $utc                                                                                            checks if the timezone is UTC, true if UTC, false otherwise
+ * @property-read string              $timezoneName                                                                                   the current timezone name
+ * @property-read string              $tzName                                                                                         alias of $timezoneName
+ * @property-read string              $locale                                                                                         locale of the current instance
  *
- * @method        bool                isUtc()                                                                              Check if the current instance has UTC timezone. (Both isUtc and isUTC cases are valid.)
- * @method        bool                isLocal()                                                                            Check if the current instance has non-UTC timezone.
- * @method        bool                isValid()                                                                            Check if the current instance is a valid date.
- * @method        bool                isDST()                                                                              Check if the current instance is in a daylight saving time.
- * @method        bool                isSunday()                                                                           Checks if the instance day is sunday.
- * @method        bool                isMonday()                                                                           Checks if the instance day is monday.
- * @method        bool                isTuesday()                                                                          Checks if the instance day is tuesday.
- * @method        bool                isWednesday()                                                                        Checks if the instance day is wednesday.
- * @method        bool                isThursday()                                                                         Checks if the instance day is thursday.
- * @method        bool                isFriday()                                                                           Checks if the instance day is friday.
- * @method        bool                isSaturday()                                                                         Checks if the instance day is saturday.
- * @method        bool                isSameYear(Carbon|DateTimeInterface|string|null $date = null)                        Checks if the given date is in the same year as the instance. If null passed, compare to now (with the same timezone).
- * @method        bool                isCurrentYear()                                                                      Checks if the instance is in the same year as the current moment.
- * @method        bool                isNextYear()                                                                         Checks if the instance is in the same year as the current moment next year.
- * @method        bool                isLastYear()                                                                         Checks if the instance is in the same year as the current moment last year.
- * @method        bool                isSameWeek(Carbon|DateTimeInterface|string|null $date = null)                        Checks if the given date is in the same week as the instance. If null passed, compare to now (with the same timezone).
- * @method        bool                isCurrentWeek()                                                                      Checks if the instance is in the same week as the current moment.
- * @method        bool                isNextWeek()                                                                         Checks if the instance is in the same week as the current moment next week.
- * @method        bool                isLastWeek()                                                                         Checks if the instance is in the same week as the current moment last week.
- * @method        bool                isSameDay(Carbon|DateTimeInterface|string|null $date = null)                         Checks if the given date is in the same day as the instance. If null passed, compare to now (with the same timezone).
- * @method        bool                isCurrentDay()                                                                       Checks if the instance is in the same day as the current moment.
- * @method        bool                isNextDay()                                                                          Checks if the instance is in the same day as the current moment next day.
- * @method        bool                isLastDay()                                                                          Checks if the instance is in the same day as the current moment last day.
- * @method        bool                isSameHour(Carbon|DateTimeInterface|string|null $date = null)                        Checks if the given date is in the same hour as the instance. If null passed, compare to now (with the same timezone).
- * @method        bool                isCurrentHour()                                                                      Checks if the instance is in the same hour as the current moment.
- * @method        bool                isNextHour()                                                                         Checks if the instance is in the same hour as the current moment next hour.
- * @method        bool                isLastHour()                                                                         Checks if the instance is in the same hour as the current moment last hour.
- * @method        bool                isSameMinute(Carbon|DateTimeInterface|string|null $date = null)                      Checks if the given date is in the same minute as the instance. If null passed, compare to now (with the same timezone).
- * @method        bool                isCurrentMinute()                                                                    Checks if the instance is in the same minute as the current moment.
- * @method        bool                isNextMinute()                                                                       Checks if the instance is in the same minute as the current moment next minute.
- * @method        bool                isLastMinute()                                                                       Checks if the instance is in the same minute as the current moment last minute.
- * @method        bool                isSameSecond(Carbon|DateTimeInterface|string|null $date = null)                      Checks if the given date is in the same second as the instance. If null passed, compare to now (with the same timezone).
- * @method        bool                isCurrentSecond()                                                                    Checks if the instance is in the same second as the current moment.
- * @method        bool                isNextSecond()                                                                       Checks if the instance is in the same second as the current moment next second.
- * @method        bool                isLastSecond()                                                                       Checks if the instance is in the same second as the current moment last second.
- * @method        bool                isSameMicro(Carbon|DateTimeInterface|string|null $date = null)                       Checks if the given date is in the same microsecond as the instance. If null passed, compare to now (with the same timezone).
- * @method        bool                isCurrentMicro()                                                                     Checks if the instance is in the same microsecond as the current moment.
- * @method        bool                isNextMicro()                                                                        Checks if the instance is in the same microsecond as the current moment next microsecond.
- * @method        bool                isLastMicro()                                                                        Checks if the instance is in the same microsecond as the current moment last microsecond.
- * @method        bool                isSameMicrosecond(Carbon|DateTimeInterface|string|null $date = null)                 Checks if the given date is in the same microsecond as the instance. If null passed, compare to now (with the same timezone).
- * @method        bool                isCurrentMicrosecond()                                                               Checks if the instance is in the same microsecond as the current moment.
- * @method        bool                isNextMicrosecond()                                                                  Checks if the instance is in the same microsecond as the current moment next microsecond.
- * @method        bool                isLastMicrosecond()                                                                  Checks if the instance is in the same microsecond as the current moment last microsecond.
- * @method        bool                isCurrentMonth()                                                                     Checks if the instance is in the same month as the current moment.
- * @method        bool                isNextMonth()                                                                        Checks if the instance is in the same month as the current moment next month.
- * @method        bool                isLastMonth()                                                                        Checks if the instance is in the same month as the current moment last month.
- * @method        bool                isCurrentQuarter()                                                                   Checks if the instance is in the same quarter as the current moment.
- * @method        bool                isNextQuarter()                                                                      Checks if the instance is in the same quarter as the current moment next quarter.
- * @method        bool                isLastQuarter()                                                                      Checks if the instance is in the same quarter as the current moment last quarter.
- * @method        bool                isSameDecade(Carbon|DateTimeInterface|string|null $date = null)                      Checks if the given date is in the same decade as the instance. If null passed, compare to now (with the same timezone).
- * @method        bool                isCurrentDecade()                                                                    Checks if the instance is in the same decade as the current moment.
- * @method        bool                isNextDecade()                                                                       Checks if the instance is in the same decade as the current moment next decade.
- * @method        bool                isLastDecade()                                                                       Checks if the instance is in the same decade as the current moment last decade.
- * @method        bool                isSameCentury(Carbon|DateTimeInterface|string|null $date = null)                     Checks if the given date is in the same century as the instance. If null passed, compare to now (with the same timezone).
- * @method        bool                isCurrentCentury()                                                                   Checks if the instance is in the same century as the current moment.
- * @method        bool                isNextCentury()                                                                      Checks if the instance is in the same century as the current moment next century.
- * @method        bool                isLastCentury()                                                                      Checks if the instance is in the same century as the current moment last century.
- * @method        bool                isSameMillennium(Carbon|DateTimeInterface|string|null $date = null)                  Checks if the given date is in the same millennium as the instance. If null passed, compare to now (with the same timezone).
- * @method        bool                isCurrentMillennium()                                                                Checks if the instance is in the same millennium as the current moment.
- * @method        bool                isNextMillennium()                                                                   Checks if the instance is in the same millennium as the current moment next millennium.
- * @method        bool                isLastMillennium()                                                                   Checks if the instance is in the same millennium as the current moment last millennium.
- * @method        $this               years(int $value)                                                                    Set current instance year to the given value.
- * @method        $this               year(int $value)                                                                     Set current instance year to the given value.
- * @method        $this               setYears(int $value)                                                                 Set current instance year to the given value.
- * @method        $this               setYear(int $value)                                                                  Set current instance year to the given value.
- * @method        $this               months(int $value)                                                                   Set current instance month to the given value.
- * @method        $this               month(int $value)                                                                    Set current instance month to the given value.
- * @method        $this               setMonths(int $value)                                                                Set current instance month to the given value.
- * @method        $this               setMonth(int $value)                                                                 Set current instance month to the given value.
- * @method        $this               days(int $value)                                                                     Set current instance day to the given value.
- * @method        $this               day(int $value)                                                                      Set current instance day to the given value.
- * @method        $this               setDays(int $value)                                                                  Set current instance day to the given value.
- * @method        $this               setDay(int $value)                                                                   Set current instance day to the given value.
- * @method        $this               hours(int $value)                                                                    Set current instance hour to the given value.
- * @method        $this               hour(int $value)                                                                     Set current instance hour to the given value.
- * @method        $this               setHours(int $value)                                                                 Set current instance hour to the given value.
- * @method        $this               setHour(int $value)                                                                  Set current instance hour to the given value.
- * @method        $this               minutes(int $value)                                                                  Set current instance minute to the given value.
- * @method        $this               minute(int $value)                                                                   Set current instance minute to the given value.
- * @method        $this               setMinutes(int $value)                                                               Set current instance minute to the given value.
- * @method        $this               setMinute(int $value)                                                                Set current instance minute to the given value.
- * @method        $this               seconds(int $value)                                                                  Set current instance second to the given value.
- * @method        $this               second(int $value)                                                                   Set current instance second to the given value.
- * @method        $this               setSeconds(int $value)                                                               Set current instance second to the given value.
- * @method        $this               setSecond(int $value)                                                                Set current instance second to the given value.
- * @method        $this               millis(int $value)                                                                   Set current instance millisecond to the given value.
- * @method        $this               milli(int $value)                                                                    Set current instance millisecond to the given value.
- * @method        $this               setMillis(int $value)                                                                Set current instance millisecond to the given value.
- * @method        $this               setMilli(int $value)                                                                 Set current instance millisecond to the given value.
- * @method        $this               milliseconds(int $value)                                                             Set current instance millisecond to the given value.
- * @method        $this               millisecond(int $value)                                                              Set current instance millisecond to the given value.
- * @method        $this               setMilliseconds(int $value)                                                          Set current instance millisecond to the given value.
- * @method        $this               setMillisecond(int $value)                                                           Set current instance millisecond to the given value.
- * @method        $this               micros(int $value)                                                                   Set current instance microsecond to the given value.
- * @method        $this               micro(int $value)                                                                    Set current instance microsecond to the given value.
- * @method        $this               setMicros(int $value)                                                                Set current instance microsecond to the given value.
- * @method        $this               setMicro(int $value)                                                                 Set current instance microsecond to the given value.
- * @method        $this               microseconds(int $value)                                                             Set current instance microsecond to the given value.
- * @method        $this               microsecond(int $value)                                                              Set current instance microsecond to the given value.
- * @method        $this               setMicroseconds(int $value)                                                          Set current instance microsecond to the given value.
- * @method        $this               setMicrosecond(int $value)                                                           Set current instance microsecond to the given value.
- * @method        $this               addYears(int $value = 1)                                                             Add years (the $value count passed in) to the instance (using date interval).
- * @method        $this               addYear()                                                                            Add one year to the instance (using date interval).
- * @method        $this               subYears(int $value = 1)                                                             Sub years (the $value count passed in) to the instance (using date interval).
- * @method        $this               subYear()                                                                            Sub one year to the instance (using date interval).
- * @method        $this               addYearsWithOverflow(int $value = 1)                                                 Add years (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               addYearWithOverflow()                                                                Add one year to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               subYearsWithOverflow(int $value = 1)                                                 Sub years (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               subYearWithOverflow()                                                                Sub one year to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               addYearsWithoutOverflow(int $value = 1)                                              Add years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addYearWithoutOverflow()                                                             Add one year to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subYearsWithoutOverflow(int $value = 1)                                              Sub years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subYearWithoutOverflow()                                                             Sub one year to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addYearsWithNoOverflow(int $value = 1)                                               Add years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addYearWithNoOverflow()                                                              Add one year to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subYearsWithNoOverflow(int $value = 1)                                               Sub years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subYearWithNoOverflow()                                                              Sub one year to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addYearsNoOverflow(int $value = 1)                                                   Add years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addYearNoOverflow()                                                                  Add one year to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subYearsNoOverflow(int $value = 1)                                                   Sub years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subYearNoOverflow()                                                                  Sub one year to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addMonths(int $value = 1)                                                            Add months (the $value count passed in) to the instance (using date interval).
- * @method        $this               addMonth()                                                                           Add one month to the instance (using date interval).
- * @method        $this               subMonths(int $value = 1)                                                            Sub months (the $value count passed in) to the instance (using date interval).
- * @method        $this               subMonth()                                                                           Sub one month to the instance (using date interval).
- * @method        $this               addMonthsWithOverflow(int $value = 1)                                                Add months (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               addMonthWithOverflow()                                                               Add one month to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               subMonthsWithOverflow(int $value = 1)                                                Sub months (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               subMonthWithOverflow()                                                               Sub one month to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               addMonthsWithoutOverflow(int $value = 1)                                             Add months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addMonthWithoutOverflow()                                                            Add one month to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subMonthsWithoutOverflow(int $value = 1)                                             Sub months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subMonthWithoutOverflow()                                                            Sub one month to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addMonthsWithNoOverflow(int $value = 1)                                              Add months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addMonthWithNoOverflow()                                                             Add one month to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subMonthsWithNoOverflow(int $value = 1)                                              Sub months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subMonthWithNoOverflow()                                                             Sub one month to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addMonthsNoOverflow(int $value = 1)                                                  Add months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addMonthNoOverflow()                                                                 Add one month to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subMonthsNoOverflow(int $value = 1)                                                  Sub months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subMonthNoOverflow()                                                                 Sub one month to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addDays(int $value = 1)                                                              Add days (the $value count passed in) to the instance (using date interval).
- * @method        $this               addDay()                                                                             Add one day to the instance (using date interval).
- * @method        $this               subDays(int $value = 1)                                                              Sub days (the $value count passed in) to the instance (using date interval).
- * @method        $this               subDay()                                                                             Sub one day to the instance (using date interval).
- * @method        $this               addHours(int $value = 1)                                                             Add hours (the $value count passed in) to the instance (using date interval).
- * @method        $this               addHour()                                                                            Add one hour to the instance (using date interval).
- * @method        $this               subHours(int $value = 1)                                                             Sub hours (the $value count passed in) to the instance (using date interval).
- * @method        $this               subHour()                                                                            Sub one hour to the instance (using date interval).
- * @method        $this               addMinutes(int $value = 1)                                                           Add minutes (the $value count passed in) to the instance (using date interval).
- * @method        $this               addMinute()                                                                          Add one minute to the instance (using date interval).
- * @method        $this               subMinutes(int $value = 1)                                                           Sub minutes (the $value count passed in) to the instance (using date interval).
- * @method        $this               subMinute()                                                                          Sub one minute to the instance (using date interval).
- * @method        $this               addSeconds(int $value = 1)                                                           Add seconds (the $value count passed in) to the instance (using date interval).
- * @method        $this               addSecond()                                                                          Add one second to the instance (using date interval).
- * @method        $this               subSeconds(int $value = 1)                                                           Sub seconds (the $value count passed in) to the instance (using date interval).
- * @method        $this               subSecond()                                                                          Sub one second to the instance (using date interval).
- * @method        $this               addMillis(int $value = 1)                                                            Add milliseconds (the $value count passed in) to the instance (using date interval).
- * @method        $this               addMilli()                                                                           Add one millisecond to the instance (using date interval).
- * @method        $this               subMillis(int $value = 1)                                                            Sub milliseconds (the $value count passed in) to the instance (using date interval).
- * @method        $this               subMilli()                                                                           Sub one millisecond to the instance (using date interval).
- * @method        $this               addMilliseconds(int $value = 1)                                                      Add milliseconds (the $value count passed in) to the instance (using date interval).
- * @method        $this               addMillisecond()                                                                     Add one millisecond to the instance (using date interval).
- * @method        $this               subMilliseconds(int $value = 1)                                                      Sub milliseconds (the $value count passed in) to the instance (using date interval).
- * @method        $this               subMillisecond()                                                                     Sub one millisecond to the instance (using date interval).
- * @method        $this               addMicros(int $value = 1)                                                            Add microseconds (the $value count passed in) to the instance (using date interval).
- * @method        $this               addMicro()                                                                           Add one microsecond to the instance (using date interval).
- * @method        $this               subMicros(int $value = 1)                                                            Sub microseconds (the $value count passed in) to the instance (using date interval).
- * @method        $this               subMicro()                                                                           Sub one microsecond to the instance (using date interval).
- * @method        $this               addMicroseconds(int $value = 1)                                                      Add microseconds (the $value count passed in) to the instance (using date interval).
- * @method        $this               addMicrosecond()                                                                     Add one microsecond to the instance (using date interval).
- * @method        $this               subMicroseconds(int $value = 1)                                                      Sub microseconds (the $value count passed in) to the instance (using date interval).
- * @method        $this               subMicrosecond()                                                                     Sub one microsecond to the instance (using date interval).
- * @method        $this               addMillennia(int $value = 1)                                                         Add millennia (the $value count passed in) to the instance (using date interval).
- * @method        $this               addMillennium()                                                                      Add one millennium to the instance (using date interval).
- * @method        $this               subMillennia(int $value = 1)                                                         Sub millennia (the $value count passed in) to the instance (using date interval).
- * @method        $this               subMillennium()                                                                      Sub one millennium to the instance (using date interval).
- * @method        $this               addMillenniaWithOverflow(int $value = 1)                                             Add millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               addMillenniumWithOverflow()                                                          Add one millennium to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               subMillenniaWithOverflow(int $value = 1)                                             Sub millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               subMillenniumWithOverflow()                                                          Sub one millennium to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               addMillenniaWithoutOverflow(int $value = 1)                                          Add millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addMillenniumWithoutOverflow()                                                       Add one millennium to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subMillenniaWithoutOverflow(int $value = 1)                                          Sub millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subMillenniumWithoutOverflow()                                                       Sub one millennium to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addMillenniaWithNoOverflow(int $value = 1)                                           Add millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addMillenniumWithNoOverflow()                                                        Add one millennium to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subMillenniaWithNoOverflow(int $value = 1)                                           Sub millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subMillenniumWithNoOverflow()                                                        Sub one millennium to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addMillenniaNoOverflow(int $value = 1)                                               Add millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addMillenniumNoOverflow()                                                            Add one millennium to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subMillenniaNoOverflow(int $value = 1)                                               Sub millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subMillenniumNoOverflow()                                                            Sub one millennium to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addCenturies(int $value = 1)                                                         Add centuries (the $value count passed in) to the instance (using date interval).
- * @method        $this               addCentury()                                                                         Add one century to the instance (using date interval).
- * @method        $this               subCenturies(int $value = 1)                                                         Sub centuries (the $value count passed in) to the instance (using date interval).
- * @method        $this               subCentury()                                                                         Sub one century to the instance (using date interval).
- * @method        $this               addCenturiesWithOverflow(int $value = 1)                                             Add centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               addCenturyWithOverflow()                                                             Add one century to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               subCenturiesWithOverflow(int $value = 1)                                             Sub centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               subCenturyWithOverflow()                                                             Sub one century to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               addCenturiesWithoutOverflow(int $value = 1)                                          Add centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addCenturyWithoutOverflow()                                                          Add one century to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subCenturiesWithoutOverflow(int $value = 1)                                          Sub centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subCenturyWithoutOverflow()                                                          Sub one century to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addCenturiesWithNoOverflow(int $value = 1)                                           Add centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addCenturyWithNoOverflow()                                                           Add one century to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subCenturiesWithNoOverflow(int $value = 1)                                           Sub centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subCenturyWithNoOverflow()                                                           Sub one century to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addCenturiesNoOverflow(int $value = 1)                                               Add centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addCenturyNoOverflow()                                                               Add one century to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subCenturiesNoOverflow(int $value = 1)                                               Sub centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subCenturyNoOverflow()                                                               Sub one century to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addDecades(int $value = 1)                                                           Add decades (the $value count passed in) to the instance (using date interval).
- * @method        $this               addDecade()                                                                          Add one decade to the instance (using date interval).
- * @method        $this               subDecades(int $value = 1)                                                           Sub decades (the $value count passed in) to the instance (using date interval).
- * @method        $this               subDecade()                                                                          Sub one decade to the instance (using date interval).
- * @method        $this               addDecadesWithOverflow(int $value = 1)                                               Add decades (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               addDecadeWithOverflow()                                                              Add one decade to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               subDecadesWithOverflow(int $value = 1)                                               Sub decades (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               subDecadeWithOverflow()                                                              Sub one decade to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               addDecadesWithoutOverflow(int $value = 1)                                            Add decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addDecadeWithoutOverflow()                                                           Add one decade to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subDecadesWithoutOverflow(int $value = 1)                                            Sub decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subDecadeWithoutOverflow()                                                           Sub one decade to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addDecadesWithNoOverflow(int $value = 1)                                             Add decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addDecadeWithNoOverflow()                                                            Add one decade to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subDecadesWithNoOverflow(int $value = 1)                                             Sub decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subDecadeWithNoOverflow()                                                            Sub one decade to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addDecadesNoOverflow(int $value = 1)                                                 Add decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addDecadeNoOverflow()                                                                Add one decade to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subDecadesNoOverflow(int $value = 1)                                                 Sub decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subDecadeNoOverflow()                                                                Sub one decade to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addQuarters(int $value = 1)                                                          Add quarters (the $value count passed in) to the instance (using date interval).
- * @method        $this               addQuarter()                                                                         Add one quarter to the instance (using date interval).
- * @method        $this               subQuarters(int $value = 1)                                                          Sub quarters (the $value count passed in) to the instance (using date interval).
- * @method        $this               subQuarter()                                                                         Sub one quarter to the instance (using date interval).
- * @method        $this               addQuartersWithOverflow(int $value = 1)                                              Add quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               addQuarterWithOverflow()                                                             Add one quarter to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               subQuartersWithOverflow(int $value = 1)                                              Sub quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               subQuarterWithOverflow()                                                             Sub one quarter to the instance (using date interval) with overflow explicitly allowed.
- * @method        $this               addQuartersWithoutOverflow(int $value = 1)                                           Add quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addQuarterWithoutOverflow()                                                          Add one quarter to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subQuartersWithoutOverflow(int $value = 1)                                           Sub quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subQuarterWithoutOverflow()                                                          Sub one quarter to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addQuartersWithNoOverflow(int $value = 1)                                            Add quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addQuarterWithNoOverflow()                                                           Add one quarter to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subQuartersWithNoOverflow(int $value = 1)                                            Sub quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subQuarterWithNoOverflow()                                                           Sub one quarter to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addQuartersNoOverflow(int $value = 1)                                                Add quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addQuarterNoOverflow()                                                               Add one quarter to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subQuartersNoOverflow(int $value = 1)                                                Sub quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               subQuarterNoOverflow()                                                               Sub one quarter to the instance (using date interval) with overflow explicitly forbidden.
- * @method        $this               addWeeks(int $value = 1)                                                             Add weeks (the $value count passed in) to the instance (using date interval).
- * @method        $this               addWeek()                                                                            Add one week to the instance (using date interval).
- * @method        $this               subWeeks(int $value = 1)                                                             Sub weeks (the $value count passed in) to the instance (using date interval).
- * @method        $this               subWeek()                                                                            Sub one week to the instance (using date interval).
- * @method        $this               addWeekdays(int $value = 1)                                                          Add weekdays (the $value count passed in) to the instance (using date interval).
- * @method        $this               addWeekday()                                                                         Add one weekday to the instance (using date interval).
- * @method        $this               subWeekdays(int $value = 1)                                                          Sub weekdays (the $value count passed in) to the instance (using date interval).
- * @method        $this               subWeekday()                                                                         Sub one weekday to the instance (using date interval).
- * @method        $this               addRealMicros(int $value = 1)                                                        Add microseconds (the $value count passed in) to the instance (using timestamp).
- * @method        $this               addRealMicro()                                                                       Add one microsecond to the instance (using timestamp).
- * @method        $this               subRealMicros(int $value = 1)                                                        Sub microseconds (the $value count passed in) to the instance (using timestamp).
- * @method        $this               subRealMicro()                                                                       Sub one microsecond to the instance (using timestamp).
- * @method        CarbonPeriod        microsUntil($endDate = null, int $factor = 1)                                        Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each microsecond or every X microseconds if a factor is given.
- * @method        $this               addRealMicroseconds(int $value = 1)                                                  Add microseconds (the $value count passed in) to the instance (using timestamp).
- * @method        $this               addRealMicrosecond()                                                                 Add one microsecond to the instance (using timestamp).
- * @method        $this               subRealMicroseconds(int $value = 1)                                                  Sub microseconds (the $value count passed in) to the instance (using timestamp).
- * @method        $this               subRealMicrosecond()                                                                 Sub one microsecond to the instance (using timestamp).
- * @method        CarbonPeriod        microsecondsUntil($endDate = null, int $factor = 1)                                  Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each microsecond or every X microseconds if a factor is given.
- * @method        $this               addRealMillis(int $value = 1)                                                        Add milliseconds (the $value count passed in) to the instance (using timestamp).
- * @method        $this               addRealMilli()                                                                       Add one millisecond to the instance (using timestamp).
- * @method        $this               subRealMillis(int $value = 1)                                                        Sub milliseconds (the $value count passed in) to the instance (using timestamp).
- * @method        $this               subRealMilli()                                                                       Sub one millisecond to the instance (using timestamp).
- * @method        CarbonPeriod        millisUntil($endDate = null, int $factor = 1)                                        Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each millisecond or every X milliseconds if a factor is given.
- * @method        $this               addRealMilliseconds(int $value = 1)                                                  Add milliseconds (the $value count passed in) to the instance (using timestamp).
- * @method        $this               addRealMillisecond()                                                                 Add one millisecond to the instance (using timestamp).
- * @method        $this               subRealMilliseconds(int $value = 1)                                                  Sub milliseconds (the $value count passed in) to the instance (using timestamp).
- * @method        $this               subRealMillisecond()                                                                 Sub one millisecond to the instance (using timestamp).
- * @method        CarbonPeriod        millisecondsUntil($endDate = null, int $factor = 1)                                  Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each millisecond or every X milliseconds if a factor is given.
- * @method        $this               addRealSeconds(int $value = 1)                                                       Add seconds (the $value count passed in) to the instance (using timestamp).
- * @method        $this               addRealSecond()                                                                      Add one second to the instance (using timestamp).
- * @method        $this               subRealSeconds(int $value = 1)                                                       Sub seconds (the $value count passed in) to the instance (using timestamp).
- * @method        $this               subRealSecond()                                                                      Sub one second to the instance (using timestamp).
- * @method        CarbonPeriod        secondsUntil($endDate = null, int $factor = 1)                                       Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each second or every X seconds if a factor is given.
- * @method        $this               addRealMinutes(int $value = 1)                                                       Add minutes (the $value count passed in) to the instance (using timestamp).
- * @method        $this               addRealMinute()                                                                      Add one minute to the instance (using timestamp).
- * @method        $this               subRealMinutes(int $value = 1)                                                       Sub minutes (the $value count passed in) to the instance (using timestamp).
- * @method        $this               subRealMinute()                                                                      Sub one minute to the instance (using timestamp).
- * @method        CarbonPeriod        minutesUntil($endDate = null, int $factor = 1)                                       Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each minute or every X minutes if a factor is given.
- * @method        $this               addRealHours(int $value = 1)                                                         Add hours (the $value count passed in) to the instance (using timestamp).
- * @method        $this               addRealHour()                                                                        Add one hour to the instance (using timestamp).
- * @method        $this               subRealHours(int $value = 1)                                                         Sub hours (the $value count passed in) to the instance (using timestamp).
- * @method        $this               subRealHour()                                                                        Sub one hour to the instance (using timestamp).
- * @method        CarbonPeriod        hoursUntil($endDate = null, int $factor = 1)                                         Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each hour or every X hours if a factor is given.
- * @method        $this               addRealDays(int $value = 1)                                                          Add days (the $value count passed in) to the instance (using timestamp).
- * @method        $this               addRealDay()                                                                         Add one day to the instance (using timestamp).
- * @method        $this               subRealDays(int $value = 1)                                                          Sub days (the $value count passed in) to the instance (using timestamp).
- * @method        $this               subRealDay()                                                                         Sub one day to the instance (using timestamp).
- * @method        CarbonPeriod        daysUntil($endDate = null, int $factor = 1)                                          Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each day or every X days if a factor is given.
- * @method        $this               addRealWeeks(int $value = 1)                                                         Add weeks (the $value count passed in) to the instance (using timestamp).
- * @method        $this               addRealWeek()                                                                        Add one week to the instance (using timestamp).
- * @method        $this               subRealWeeks(int $value = 1)                                                         Sub weeks (the $value count passed in) to the instance (using timestamp).
- * @method        $this               subRealWeek()                                                                        Sub one week to the instance (using timestamp).
- * @method        CarbonPeriod        weeksUntil($endDate = null, int $factor = 1)                                         Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each week or every X weeks if a factor is given.
- * @method        $this               addRealMonths(int $value = 1)                                                        Add months (the $value count passed in) to the instance (using timestamp).
- * @method        $this               addRealMonth()                                                                       Add one month to the instance (using timestamp).
- * @method        $this               subRealMonths(int $value = 1)                                                        Sub months (the $value count passed in) to the instance (using timestamp).
- * @method        $this               subRealMonth()                                                                       Sub one month to the instance (using timestamp).
- * @method        CarbonPeriod        monthsUntil($endDate = null, int $factor = 1)                                        Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each month or every X months if a factor is given.
- * @method        $this               addRealQuarters(int $value = 1)                                                      Add quarters (the $value count passed in) to the instance (using timestamp).
- * @method        $this               addRealQuarter()                                                                     Add one quarter to the instance (using timestamp).
- * @method        $this               subRealQuarters(int $value = 1)                                                      Sub quarters (the $value count passed in) to the instance (using timestamp).
- * @method        $this               subRealQuarter()                                                                     Sub one quarter to the instance (using timestamp).
- * @method        CarbonPeriod        quartersUntil($endDate = null, int $factor = 1)                                      Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each quarter or every X quarters if a factor is given.
- * @method        $this               addRealYears(int $value = 1)                                                         Add years (the $value count passed in) to the instance (using timestamp).
- * @method        $this               addRealYear()                                                                        Add one year to the instance (using timestamp).
- * @method        $this               subRealYears(int $value = 1)                                                         Sub years (the $value count passed in) to the instance (using timestamp).
- * @method        $this               subRealYear()                                                                        Sub one year to the instance (using timestamp).
- * @method        CarbonPeriod        yearsUntil($endDate = null, int $factor = 1)                                         Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each year or every X years if a factor is given.
- * @method        $this               addRealDecades(int $value = 1)                                                       Add decades (the $value count passed in) to the instance (using timestamp).
- * @method        $this               addRealDecade()                                                                      Add one decade to the instance (using timestamp).
- * @method        $this               subRealDecades(int $value = 1)                                                       Sub decades (the $value count passed in) to the instance (using timestamp).
- * @method        $this               subRealDecade()                                                                      Sub one decade to the instance (using timestamp).
- * @method        CarbonPeriod        decadesUntil($endDate = null, int $factor = 1)                                       Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each decade or every X decades if a factor is given.
- * @method        $this               addRealCenturies(int $value = 1)                                                     Add centuries (the $value count passed in) to the instance (using timestamp).
- * @method        $this               addRealCentury()                                                                     Add one century to the instance (using timestamp).
- * @method        $this               subRealCenturies(int $value = 1)                                                     Sub centuries (the $value count passed in) to the instance (using timestamp).
- * @method        $this               subRealCentury()                                                                     Sub one century to the instance (using timestamp).
- * @method        CarbonPeriod        centuriesUntil($endDate = null, int $factor = 1)                                     Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each century or every X centuries if a factor is given.
- * @method        $this               addRealMillennia(int $value = 1)                                                     Add millennia (the $value count passed in) to the instance (using timestamp).
- * @method        $this               addRealMillennium()                                                                  Add one millennium to the instance (using timestamp).
- * @method        $this               subRealMillennia(int $value = 1)                                                     Sub millennia (the $value count passed in) to the instance (using timestamp).
- * @method        $this               subRealMillennium()                                                                  Sub one millennium to the instance (using timestamp).
- * @method        CarbonPeriod        millenniaUntil($endDate = null, int $factor = 1)                                     Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each millennium or every X millennia if a factor is given.
- * @method        $this               roundYear(float $precision = 1, string $function = "round")                          Round the current instance year with given precision using the given function.
- * @method        $this               roundYears(float $precision = 1, string $function = "round")                         Round the current instance year with given precision using the given function.
- * @method        $this               floorYear(float $precision = 1)                                                      Truncate the current instance year with given precision.
- * @method        $this               floorYears(float $precision = 1)                                                     Truncate the current instance year with given precision.
- * @method        $this               ceilYear(float $precision = 1)                                                       Ceil the current instance year with given precision.
- * @method        $this               ceilYears(float $precision = 1)                                                      Ceil the current instance year with given precision.
- * @method        $this               roundMonth(float $precision = 1, string $function = "round")                         Round the current instance month with given precision using the given function.
- * @method        $this               roundMonths(float $precision = 1, string $function = "round")                        Round the current instance month with given precision using the given function.
- * @method        $this               floorMonth(float $precision = 1)                                                     Truncate the current instance month with given precision.
- * @method        $this               floorMonths(float $precision = 1)                                                    Truncate the current instance month with given precision.
- * @method        $this               ceilMonth(float $precision = 1)                                                      Ceil the current instance month with given precision.
- * @method        $this               ceilMonths(float $precision = 1)                                                     Ceil the current instance month with given precision.
- * @method        $this               roundDay(float $precision = 1, string $function = "round")                           Round the current instance day with given precision using the given function.
- * @method        $this               roundDays(float $precision = 1, string $function = "round")                          Round the current instance day with given precision using the given function.
- * @method        $this               floorDay(float $precision = 1)                                                       Truncate the current instance day with given precision.
- * @method        $this               floorDays(float $precision = 1)                                                      Truncate the current instance day with given precision.
- * @method        $this               ceilDay(float $precision = 1)                                                        Ceil the current instance day with given precision.
- * @method        $this               ceilDays(float $precision = 1)                                                       Ceil the current instance day with given precision.
- * @method        $this               roundHour(float $precision = 1, string $function = "round")                          Round the current instance hour with given precision using the given function.
- * @method        $this               roundHours(float $precision = 1, string $function = "round")                         Round the current instance hour with given precision using the given function.
- * @method        $this               floorHour(float $precision = 1)                                                      Truncate the current instance hour with given precision.
- * @method        $this               floorHours(float $precision = 1)                                                     Truncate the current instance hour with given precision.
- * @method        $this               ceilHour(float $precision = 1)                                                       Ceil the current instance hour with given precision.
- * @method        $this               ceilHours(float $precision = 1)                                                      Ceil the current instance hour with given precision.
- * @method        $this               roundMinute(float $precision = 1, string $function = "round")                        Round the current instance minute with given precision using the given function.
- * @method        $this               roundMinutes(float $precision = 1, string $function = "round")                       Round the current instance minute with given precision using the given function.
- * @method        $this               floorMinute(float $precision = 1)                                                    Truncate the current instance minute with given precision.
- * @method        $this               floorMinutes(float $precision = 1)                                                   Truncate the current instance minute with given precision.
- * @method        $this               ceilMinute(float $precision = 1)                                                     Ceil the current instance minute with given precision.
- * @method        $this               ceilMinutes(float $precision = 1)                                                    Ceil the current instance minute with given precision.
- * @method        $this               roundSecond(float $precision = 1, string $function = "round")                        Round the current instance second with given precision using the given function.
- * @method        $this               roundSeconds(float $precision = 1, string $function = "round")                       Round the current instance second with given precision using the given function.
- * @method        $this               floorSecond(float $precision = 1)                                                    Truncate the current instance second with given precision.
- * @method        $this               floorSeconds(float $precision = 1)                                                   Truncate the current instance second with given precision.
- * @method        $this               ceilSecond(float $precision = 1)                                                     Ceil the current instance second with given precision.
- * @method        $this               ceilSeconds(float $precision = 1)                                                    Ceil the current instance second with given precision.
- * @method        $this               roundMillennium(float $precision = 1, string $function = "round")                    Round the current instance millennium with given precision using the given function.
- * @method        $this               roundMillennia(float $precision = 1, string $function = "round")                     Round the current instance millennium with given precision using the given function.
- * @method        $this               floorMillennium(float $precision = 1)                                                Truncate the current instance millennium with given precision.
- * @method        $this               floorMillennia(float $precision = 1)                                                 Truncate the current instance millennium with given precision.
- * @method        $this               ceilMillennium(float $precision = 1)                                                 Ceil the current instance millennium with given precision.
- * @method        $this               ceilMillennia(float $precision = 1)                                                  Ceil the current instance millennium with given precision.
- * @method        $this               roundCentury(float $precision = 1, string $function = "round")                       Round the current instance century with given precision using the given function.
- * @method        $this               roundCenturies(float $precision = 1, string $function = "round")                     Round the current instance century with given precision using the given function.
- * @method        $this               floorCentury(float $precision = 1)                                                   Truncate the current instance century with given precision.
- * @method        $this               floorCenturies(float $precision = 1)                                                 Truncate the current instance century with given precision.
- * @method        $this               ceilCentury(float $precision = 1)                                                    Ceil the current instance century with given precision.
- * @method        $this               ceilCenturies(float $precision = 1)                                                  Ceil the current instance century with given precision.
- * @method        $this               roundDecade(float $precision = 1, string $function = "round")                        Round the current instance decade with given precision using the given function.
- * @method        $this               roundDecades(float $precision = 1, string $function = "round")                       Round the current instance decade with given precision using the given function.
- * @method        $this               floorDecade(float $precision = 1)                                                    Truncate the current instance decade with given precision.
- * @method        $this               floorDecades(float $precision = 1)                                                   Truncate the current instance decade with given precision.
- * @method        $this               ceilDecade(float $precision = 1)                                                     Ceil the current instance decade with given precision.
- * @method        $this               ceilDecades(float $precision = 1)                                                    Ceil the current instance decade with given precision.
- * @method        $this               roundQuarter(float $precision = 1, string $function = "round")                       Round the current instance quarter with given precision using the given function.
- * @method        $this               roundQuarters(float $precision = 1, string $function = "round")                      Round the current instance quarter with given precision using the given function.
- * @method        $this               floorQuarter(float $precision = 1)                                                   Truncate the current instance quarter with given precision.
- * @method        $this               floorQuarters(float $precision = 1)                                                  Truncate the current instance quarter with given precision.
- * @method        $this               ceilQuarter(float $precision = 1)                                                    Ceil the current instance quarter with given precision.
- * @method        $this               ceilQuarters(float $precision = 1)                                                   Ceil the current instance quarter with given precision.
- * @method        $this               roundMillisecond(float $precision = 1, string $function = "round")                   Round the current instance millisecond with given precision using the given function.
- * @method        $this               roundMilliseconds(float $precision = 1, string $function = "round")                  Round the current instance millisecond with given precision using the given function.
- * @method        $this               floorMillisecond(float $precision = 1)                                               Truncate the current instance millisecond with given precision.
- * @method        $this               floorMilliseconds(float $precision = 1)                                              Truncate the current instance millisecond with given precision.
- * @method        $this               ceilMillisecond(float $precision = 1)                                                Ceil the current instance millisecond with given precision.
- * @method        $this               ceilMilliseconds(float $precision = 1)                                               Ceil the current instance millisecond with given precision.
- * @method        $this               roundMicrosecond(float $precision = 1, string $function = "round")                   Round the current instance microsecond with given precision using the given function.
- * @method        $this               roundMicroseconds(float $precision = 1, string $function = "round")                  Round the current instance microsecond with given precision using the given function.
- * @method        $this               floorMicrosecond(float $precision = 1)                                               Truncate the current instance microsecond with given precision.
- * @method        $this               floorMicroseconds(float $precision = 1)                                              Truncate the current instance microsecond with given precision.
- * @method        $this               ceilMicrosecond(float $precision = 1)                                                Ceil the current instance microsecond with given precision.
- * @method        $this               ceilMicroseconds(float $precision = 1)                                               Ceil the current instance microsecond with given precision.
- * @method        string              shortAbsoluteDiffForHumans(DateTimeInterface $other = null, int $parts = 1)          Get the difference (short format, 'Absolute' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
- * @method        string              longAbsoluteDiffForHumans(DateTimeInterface $other = null, int $parts = 1)           Get the difference (long format, 'Absolute' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
- * @method        string              shortRelativeDiffForHumans(DateTimeInterface $other = null, int $parts = 1)          Get the difference (short format, 'Relative' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
- * @method        string              longRelativeDiffForHumans(DateTimeInterface $other = null, int $parts = 1)           Get the difference (long format, 'Relative' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
- * @method        string              shortRelativeToNowDiffForHumans(DateTimeInterface $other = null, int $parts = 1)     Get the difference (short format, 'RelativeToNow' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
- * @method        string              longRelativeToNowDiffForHumans(DateTimeInterface $other = null, int $parts = 1)      Get the difference (long format, 'RelativeToNow' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
- * @method        string              shortRelativeToOtherDiffForHumans(DateTimeInterface $other = null, int $parts = 1)   Get the difference (short format, 'RelativeToOther' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
- * @method        string              longRelativeToOtherDiffForHumans(DateTimeInterface $other = null, int $parts = 1)    Get the difference (long format, 'RelativeToOther' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
- * @method        static Carbon|false createFromFormat(string $format, string $time, string|DateTimeZone $timezone = null) Parse a string into a new Carbon object according to the specified format.
- * @method        static Carbon       __set_state(array $array)                                                            https://php.net/manual/en/datetime.set-state.php
+ * @method        bool                isUtc()                                                                                         Check if the current instance has UTC timezone. (Both isUtc and isUTC cases are valid.)
+ * @method        bool                isLocal()                                                                                       Check if the current instance has non-UTC timezone.
+ * @method        bool                isValid()                                                                                       Check if the current instance is a valid date.
+ * @method        bool                isDST()                                                                                         Check if the current instance is in a daylight saving time.
+ * @method        bool                isSunday()                                                                                      Checks if the instance day is sunday.
+ * @method        bool                isMonday()                                                                                      Checks if the instance day is monday.
+ * @method        bool                isTuesday()                                                                                     Checks if the instance day is tuesday.
+ * @method        bool                isWednesday()                                                                                   Checks if the instance day is wednesday.
+ * @method        bool                isThursday()                                                                                    Checks if the instance day is thursday.
+ * @method        bool                isFriday()                                                                                      Checks if the instance day is friday.
+ * @method        bool                isSaturday()                                                                                    Checks if the instance day is saturday.
+ * @method        bool                isSameYear(Carbon|DateTimeInterface|string|null $date = null)                                   Checks if the given date is in the same year as the instance. If null passed, compare to now (with the same timezone).
+ * @method        bool                isCurrentYear()                                                                                 Checks if the instance is in the same year as the current moment.
+ * @method        bool                isNextYear()                                                                                    Checks if the instance is in the same year as the current moment next year.
+ * @method        bool                isLastYear()                                                                                    Checks if the instance is in the same year as the current moment last year.
+ * @method        bool                isSameWeek(Carbon|DateTimeInterface|string|null $date = null)                                   Checks if the given date is in the same week as the instance. If null passed, compare to now (with the same timezone).
+ * @method        bool                isCurrentWeek()                                                                                 Checks if the instance is in the same week as the current moment.
+ * @method        bool                isNextWeek()                                                                                    Checks if the instance is in the same week as the current moment next week.
+ * @method        bool                isLastWeek()                                                                                    Checks if the instance is in the same week as the current moment last week.
+ * @method        bool                isSameDay(Carbon|DateTimeInterface|string|null $date = null)                                    Checks if the given date is in the same day as the instance. If null passed, compare to now (with the same timezone).
+ * @method        bool                isCurrentDay()                                                                                  Checks if the instance is in the same day as the current moment.
+ * @method        bool                isNextDay()                                                                                     Checks if the instance is in the same day as the current moment next day.
+ * @method        bool                isLastDay()                                                                                     Checks if the instance is in the same day as the current moment last day.
+ * @method        bool                isSameHour(Carbon|DateTimeInterface|string|null $date = null)                                   Checks if the given date is in the same hour as the instance. If null passed, compare to now (with the same timezone).
+ * @method        bool                isCurrentHour()                                                                                 Checks if the instance is in the same hour as the current moment.
+ * @method        bool                isNextHour()                                                                                    Checks if the instance is in the same hour as the current moment next hour.
+ * @method        bool                isLastHour()                                                                                    Checks if the instance is in the same hour as the current moment last hour.
+ * @method        bool                isSameMinute(Carbon|DateTimeInterface|string|null $date = null)                                 Checks if the given date is in the same minute as the instance. If null passed, compare to now (with the same timezone).
+ * @method        bool                isCurrentMinute()                                                                               Checks if the instance is in the same minute as the current moment.
+ * @method        bool                isNextMinute()                                                                                  Checks if the instance is in the same minute as the current moment next minute.
+ * @method        bool                isLastMinute()                                                                                  Checks if the instance is in the same minute as the current moment last minute.
+ * @method        bool                isSameSecond(Carbon|DateTimeInterface|string|null $date = null)                                 Checks if the given date is in the same second as the instance. If null passed, compare to now (with the same timezone).
+ * @method        bool                isCurrentSecond()                                                                               Checks if the instance is in the same second as the current moment.
+ * @method        bool                isNextSecond()                                                                                  Checks if the instance is in the same second as the current moment next second.
+ * @method        bool                isLastSecond()                                                                                  Checks if the instance is in the same second as the current moment last second.
+ * @method        bool                isSameMicro(Carbon|DateTimeInterface|string|null $date = null)                                  Checks if the given date is in the same microsecond as the instance. If null passed, compare to now (with the same timezone).
+ * @method        bool                isCurrentMicro()                                                                                Checks if the instance is in the same microsecond as the current moment.
+ * @method        bool                isNextMicro()                                                                                   Checks if the instance is in the same microsecond as the current moment next microsecond.
+ * @method        bool                isLastMicro()                                                                                   Checks if the instance is in the same microsecond as the current moment last microsecond.
+ * @method        bool                isSameMicrosecond(Carbon|DateTimeInterface|string|null $date = null)                            Checks if the given date is in the same microsecond as the instance. If null passed, compare to now (with the same timezone).
+ * @method        bool                isCurrentMicrosecond()                                                                          Checks if the instance is in the same microsecond as the current moment.
+ * @method        bool                isNextMicrosecond()                                                                             Checks if the instance is in the same microsecond as the current moment next microsecond.
+ * @method        bool                isLastMicrosecond()                                                                             Checks if the instance is in the same microsecond as the current moment last microsecond.
+ * @method        bool                isCurrentMonth()                                                                                Checks if the instance is in the same month as the current moment.
+ * @method        bool                isNextMonth()                                                                                   Checks if the instance is in the same month as the current moment next month.
+ * @method        bool                isLastMonth()                                                                                   Checks if the instance is in the same month as the current moment last month.
+ * @method        bool                isCurrentQuarter()                                                                              Checks if the instance is in the same quarter as the current moment.
+ * @method        bool                isNextQuarter()                                                                                 Checks if the instance is in the same quarter as the current moment next quarter.
+ * @method        bool                isLastQuarter()                                                                                 Checks if the instance is in the same quarter as the current moment last quarter.
+ * @method        bool                isSameDecade(Carbon|DateTimeInterface|string|null $date = null)                                 Checks if the given date is in the same decade as the instance. If null passed, compare to now (with the same timezone).
+ * @method        bool                isCurrentDecade()                                                                               Checks if the instance is in the same decade as the current moment.
+ * @method        bool                isNextDecade()                                                                                  Checks if the instance is in the same decade as the current moment next decade.
+ * @method        bool                isLastDecade()                                                                                  Checks if the instance is in the same decade as the current moment last decade.
+ * @method        bool                isSameCentury(Carbon|DateTimeInterface|string|null $date = null)                                Checks if the given date is in the same century as the instance. If null passed, compare to now (with the same timezone).
+ * @method        bool                isCurrentCentury()                                                                              Checks if the instance is in the same century as the current moment.
+ * @method        bool                isNextCentury()                                                                                 Checks if the instance is in the same century as the current moment next century.
+ * @method        bool                isLastCentury()                                                                                 Checks if the instance is in the same century as the current moment last century.
+ * @method        bool                isSameMillennium(Carbon|DateTimeInterface|string|null $date = null)                             Checks if the given date is in the same millennium as the instance. If null passed, compare to now (with the same timezone).
+ * @method        bool                isCurrentMillennium()                                                                           Checks if the instance is in the same millennium as the current moment.
+ * @method        bool                isNextMillennium()                                                                              Checks if the instance is in the same millennium as the current moment next millennium.
+ * @method        bool                isLastMillennium()                                                                              Checks if the instance is in the same millennium as the current moment last millennium.
+ * @method        $this               years(int $value)                                                                               Set current instance year to the given value.
+ * @method        $this               year(int $value)                                                                                Set current instance year to the given value.
+ * @method        $this               setYears(int $value)                                                                            Set current instance year to the given value.
+ * @method        $this               setYear(int $value)                                                                             Set current instance year to the given value.
+ * @method        $this               months(int $value)                                                                              Set current instance month to the given value.
+ * @method        $this               month(int $value)                                                                               Set current instance month to the given value.
+ * @method        $this               setMonths(int $value)                                                                           Set current instance month to the given value.
+ * @method        $this               setMonth(int $value)                                                                            Set current instance month to the given value.
+ * @method        $this               days(int $value)                                                                                Set current instance day to the given value.
+ * @method        $this               day(int $value)                                                                                 Set current instance day to the given value.
+ * @method        $this               setDays(int $value)                                                                             Set current instance day to the given value.
+ * @method        $this               setDay(int $value)                                                                              Set current instance day to the given value.
+ * @method        $this               hours(int $value)                                                                               Set current instance hour to the given value.
+ * @method        $this               hour(int $value)                                                                                Set current instance hour to the given value.
+ * @method        $this               setHours(int $value)                                                                            Set current instance hour to the given value.
+ * @method        $this               setHour(int $value)                                                                             Set current instance hour to the given value.
+ * @method        $this               minutes(int $value)                                                                             Set current instance minute to the given value.
+ * @method        $this               minute(int $value)                                                                              Set current instance minute to the given value.
+ * @method        $this               setMinutes(int $value)                                                                          Set current instance minute to the given value.
+ * @method        $this               setMinute(int $value)                                                                           Set current instance minute to the given value.
+ * @method        $this               seconds(int $value)                                                                             Set current instance second to the given value.
+ * @method        $this               second(int $value)                                                                              Set current instance second to the given value.
+ * @method        $this               setSeconds(int $value)                                                                          Set current instance second to the given value.
+ * @method        $this               setSecond(int $value)                                                                           Set current instance second to the given value.
+ * @method        $this               millis(int $value)                                                                              Set current instance millisecond to the given value.
+ * @method        $this               milli(int $value)                                                                               Set current instance millisecond to the given value.
+ * @method        $this               setMillis(int $value)                                                                           Set current instance millisecond to the given value.
+ * @method        $this               setMilli(int $value)                                                                            Set current instance millisecond to the given value.
+ * @method        $this               milliseconds(int $value)                                                                        Set current instance millisecond to the given value.
+ * @method        $this               millisecond(int $value)                                                                         Set current instance millisecond to the given value.
+ * @method        $this               setMilliseconds(int $value)                                                                     Set current instance millisecond to the given value.
+ * @method        $this               setMillisecond(int $value)                                                                      Set current instance millisecond to the given value.
+ * @method        $this               micros(int $value)                                                                              Set current instance microsecond to the given value.
+ * @method        $this               micro(int $value)                                                                               Set current instance microsecond to the given value.
+ * @method        $this               setMicros(int $value)                                                                           Set current instance microsecond to the given value.
+ * @method        $this               setMicro(int $value)                                                                            Set current instance microsecond to the given value.
+ * @method        $this               microseconds(int $value)                                                                        Set current instance microsecond to the given value.
+ * @method        $this               microsecond(int $value)                                                                         Set current instance microsecond to the given value.
+ * @method        $this               setMicroseconds(int $value)                                                                     Set current instance microsecond to the given value.
+ * @method        $this               setMicrosecond(int $value)                                                                      Set current instance microsecond to the given value.
+ * @method        $this               addYears(int $value = 1)                                                                        Add years (the $value count passed in) to the instance (using date interval).
+ * @method        $this               addYear()                                                                                       Add one year to the instance (using date interval).
+ * @method        $this               subYears(int $value = 1)                                                                        Sub years (the $value count passed in) to the instance (using date interval).
+ * @method        $this               subYear()                                                                                       Sub one year to the instance (using date interval).
+ * @method        $this               addYearsWithOverflow(int $value = 1)                                                            Add years (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               addYearWithOverflow()                                                                           Add one year to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               subYearsWithOverflow(int $value = 1)                                                            Sub years (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               subYearWithOverflow()                                                                           Sub one year to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               addYearsWithoutOverflow(int $value = 1)                                                         Add years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addYearWithoutOverflow()                                                                        Add one year to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subYearsWithoutOverflow(int $value = 1)                                                         Sub years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subYearWithoutOverflow()                                                                        Sub one year to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addYearsWithNoOverflow(int $value = 1)                                                          Add years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addYearWithNoOverflow()                                                                         Add one year to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subYearsWithNoOverflow(int $value = 1)                                                          Sub years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subYearWithNoOverflow()                                                                         Sub one year to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addYearsNoOverflow(int $value = 1)                                                              Add years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addYearNoOverflow()                                                                             Add one year to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subYearsNoOverflow(int $value = 1)                                                              Sub years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subYearNoOverflow()                                                                             Sub one year to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addMonths(int $value = 1)                                                                       Add months (the $value count passed in) to the instance (using date interval).
+ * @method        $this               addMonth()                                                                                      Add one month to the instance (using date interval).
+ * @method        $this               subMonths(int $value = 1)                                                                       Sub months (the $value count passed in) to the instance (using date interval).
+ * @method        $this               subMonth()                                                                                      Sub one month to the instance (using date interval).
+ * @method        $this               addMonthsWithOverflow(int $value = 1)                                                           Add months (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               addMonthWithOverflow()                                                                          Add one month to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               subMonthsWithOverflow(int $value = 1)                                                           Sub months (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               subMonthWithOverflow()                                                                          Sub one month to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               addMonthsWithoutOverflow(int $value = 1)                                                        Add months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addMonthWithoutOverflow()                                                                       Add one month to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subMonthsWithoutOverflow(int $value = 1)                                                        Sub months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subMonthWithoutOverflow()                                                                       Sub one month to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addMonthsWithNoOverflow(int $value = 1)                                                         Add months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addMonthWithNoOverflow()                                                                        Add one month to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subMonthsWithNoOverflow(int $value = 1)                                                         Sub months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subMonthWithNoOverflow()                                                                        Sub one month to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addMonthsNoOverflow(int $value = 1)                                                             Add months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addMonthNoOverflow()                                                                            Add one month to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subMonthsNoOverflow(int $value = 1)                                                             Sub months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subMonthNoOverflow()                                                                            Sub one month to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addDays(int $value = 1)                                                                         Add days (the $value count passed in) to the instance (using date interval).
+ * @method        $this               addDay()                                                                                        Add one day to the instance (using date interval).
+ * @method        $this               subDays(int $value = 1)                                                                         Sub days (the $value count passed in) to the instance (using date interval).
+ * @method        $this               subDay()                                                                                        Sub one day to the instance (using date interval).
+ * @method        $this               addHours(int $value = 1)                                                                        Add hours (the $value count passed in) to the instance (using date interval).
+ * @method        $this               addHour()                                                                                       Add one hour to the instance (using date interval).
+ * @method        $this               subHours(int $value = 1)                                                                        Sub hours (the $value count passed in) to the instance (using date interval).
+ * @method        $this               subHour()                                                                                       Sub one hour to the instance (using date interval).
+ * @method        $this               addMinutes(int $value = 1)                                                                      Add minutes (the $value count passed in) to the instance (using date interval).
+ * @method        $this               addMinute()                                                                                     Add one minute to the instance (using date interval).
+ * @method        $this               subMinutes(int $value = 1)                                                                      Sub minutes (the $value count passed in) to the instance (using date interval).
+ * @method        $this               subMinute()                                                                                     Sub one minute to the instance (using date interval).
+ * @method        $this               addSeconds(int $value = 1)                                                                      Add seconds (the $value count passed in) to the instance (using date interval).
+ * @method        $this               addSecond()                                                                                     Add one second to the instance (using date interval).
+ * @method        $this               subSeconds(int $value = 1)                                                                      Sub seconds (the $value count passed in) to the instance (using date interval).
+ * @method        $this               subSecond()                                                                                     Sub one second to the instance (using date interval).
+ * @method        $this               addMillis(int $value = 1)                                                                       Add milliseconds (the $value count passed in) to the instance (using date interval).
+ * @method        $this               addMilli()                                                                                      Add one millisecond to the instance (using date interval).
+ * @method        $this               subMillis(int $value = 1)                                                                       Sub milliseconds (the $value count passed in) to the instance (using date interval).
+ * @method        $this               subMilli()                                                                                      Sub one millisecond to the instance (using date interval).
+ * @method        $this               addMilliseconds(int $value = 1)                                                                 Add milliseconds (the $value count passed in) to the instance (using date interval).
+ * @method        $this               addMillisecond()                                                                                Add one millisecond to the instance (using date interval).
+ * @method        $this               subMilliseconds(int $value = 1)                                                                 Sub milliseconds (the $value count passed in) to the instance (using date interval).
+ * @method        $this               subMillisecond()                                                                                Sub one millisecond to the instance (using date interval).
+ * @method        $this               addMicros(int $value = 1)                                                                       Add microseconds (the $value count passed in) to the instance (using date interval).
+ * @method        $this               addMicro()                                                                                      Add one microsecond to the instance (using date interval).
+ * @method        $this               subMicros(int $value = 1)                                                                       Sub microseconds (the $value count passed in) to the instance (using date interval).
+ * @method        $this               subMicro()                                                                                      Sub one microsecond to the instance (using date interval).
+ * @method        $this               addMicroseconds(int $value = 1)                                                                 Add microseconds (the $value count passed in) to the instance (using date interval).
+ * @method        $this               addMicrosecond()                                                                                Add one microsecond to the instance (using date interval).
+ * @method        $this               subMicroseconds(int $value = 1)                                                                 Sub microseconds (the $value count passed in) to the instance (using date interval).
+ * @method        $this               subMicrosecond()                                                                                Sub one microsecond to the instance (using date interval).
+ * @method        $this               addMillennia(int $value = 1)                                                                    Add millennia (the $value count passed in) to the instance (using date interval).
+ * @method        $this               addMillennium()                                                                                 Add one millennium to the instance (using date interval).
+ * @method        $this               subMillennia(int $value = 1)                                                                    Sub millennia (the $value count passed in) to the instance (using date interval).
+ * @method        $this               subMillennium()                                                                                 Sub one millennium to the instance (using date interval).
+ * @method        $this               addMillenniaWithOverflow(int $value = 1)                                                        Add millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               addMillenniumWithOverflow()                                                                     Add one millennium to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               subMillenniaWithOverflow(int $value = 1)                                                        Sub millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               subMillenniumWithOverflow()                                                                     Sub one millennium to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               addMillenniaWithoutOverflow(int $value = 1)                                                     Add millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addMillenniumWithoutOverflow()                                                                  Add one millennium to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subMillenniaWithoutOverflow(int $value = 1)                                                     Sub millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subMillenniumWithoutOverflow()                                                                  Sub one millennium to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addMillenniaWithNoOverflow(int $value = 1)                                                      Add millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addMillenniumWithNoOverflow()                                                                   Add one millennium to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subMillenniaWithNoOverflow(int $value = 1)                                                      Sub millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subMillenniumWithNoOverflow()                                                                   Sub one millennium to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addMillenniaNoOverflow(int $value = 1)                                                          Add millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addMillenniumNoOverflow()                                                                       Add one millennium to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subMillenniaNoOverflow(int $value = 1)                                                          Sub millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subMillenniumNoOverflow()                                                                       Sub one millennium to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addCenturies(int $value = 1)                                                                    Add centuries (the $value count passed in) to the instance (using date interval).
+ * @method        $this               addCentury()                                                                                    Add one century to the instance (using date interval).
+ * @method        $this               subCenturies(int $value = 1)                                                                    Sub centuries (the $value count passed in) to the instance (using date interval).
+ * @method        $this               subCentury()                                                                                    Sub one century to the instance (using date interval).
+ * @method        $this               addCenturiesWithOverflow(int $value = 1)                                                        Add centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               addCenturyWithOverflow()                                                                        Add one century to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               subCenturiesWithOverflow(int $value = 1)                                                        Sub centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               subCenturyWithOverflow()                                                                        Sub one century to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               addCenturiesWithoutOverflow(int $value = 1)                                                     Add centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addCenturyWithoutOverflow()                                                                     Add one century to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subCenturiesWithoutOverflow(int $value = 1)                                                     Sub centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subCenturyWithoutOverflow()                                                                     Sub one century to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addCenturiesWithNoOverflow(int $value = 1)                                                      Add centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addCenturyWithNoOverflow()                                                                      Add one century to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subCenturiesWithNoOverflow(int $value = 1)                                                      Sub centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subCenturyWithNoOverflow()                                                                      Sub one century to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addCenturiesNoOverflow(int $value = 1)                                                          Add centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addCenturyNoOverflow()                                                                          Add one century to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subCenturiesNoOverflow(int $value = 1)                                                          Sub centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subCenturyNoOverflow()                                                                          Sub one century to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addDecades(int $value = 1)                                                                      Add decades (the $value count passed in) to the instance (using date interval).
+ * @method        $this               addDecade()                                                                                     Add one decade to the instance (using date interval).
+ * @method        $this               subDecades(int $value = 1)                                                                      Sub decades (the $value count passed in) to the instance (using date interval).
+ * @method        $this               subDecade()                                                                                     Sub one decade to the instance (using date interval).
+ * @method        $this               addDecadesWithOverflow(int $value = 1)                                                          Add decades (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               addDecadeWithOverflow()                                                                         Add one decade to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               subDecadesWithOverflow(int $value = 1)                                                          Sub decades (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               subDecadeWithOverflow()                                                                         Sub one decade to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               addDecadesWithoutOverflow(int $value = 1)                                                       Add decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addDecadeWithoutOverflow()                                                                      Add one decade to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subDecadesWithoutOverflow(int $value = 1)                                                       Sub decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subDecadeWithoutOverflow()                                                                      Sub one decade to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addDecadesWithNoOverflow(int $value = 1)                                                        Add decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addDecadeWithNoOverflow()                                                                       Add one decade to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subDecadesWithNoOverflow(int $value = 1)                                                        Sub decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subDecadeWithNoOverflow()                                                                       Sub one decade to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addDecadesNoOverflow(int $value = 1)                                                            Add decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addDecadeNoOverflow()                                                                           Add one decade to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subDecadesNoOverflow(int $value = 1)                                                            Sub decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subDecadeNoOverflow()                                                                           Sub one decade to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addQuarters(int $value = 1)                                                                     Add quarters (the $value count passed in) to the instance (using date interval).
+ * @method        $this               addQuarter()                                                                                    Add one quarter to the instance (using date interval).
+ * @method        $this               subQuarters(int $value = 1)                                                                     Sub quarters (the $value count passed in) to the instance (using date interval).
+ * @method        $this               subQuarter()                                                                                    Sub one quarter to the instance (using date interval).
+ * @method        $this               addQuartersWithOverflow(int $value = 1)                                                         Add quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               addQuarterWithOverflow()                                                                        Add one quarter to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               subQuartersWithOverflow(int $value = 1)                                                         Sub quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               subQuarterWithOverflow()                                                                        Sub one quarter to the instance (using date interval) with overflow explicitly allowed.
+ * @method        $this               addQuartersWithoutOverflow(int $value = 1)                                                      Add quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addQuarterWithoutOverflow()                                                                     Add one quarter to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subQuartersWithoutOverflow(int $value = 1)                                                      Sub quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subQuarterWithoutOverflow()                                                                     Sub one quarter to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addQuartersWithNoOverflow(int $value = 1)                                                       Add quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addQuarterWithNoOverflow()                                                                      Add one quarter to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subQuartersWithNoOverflow(int $value = 1)                                                       Sub quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subQuarterWithNoOverflow()                                                                      Sub one quarter to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addQuartersNoOverflow(int $value = 1)                                                           Add quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addQuarterNoOverflow()                                                                          Add one quarter to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subQuartersNoOverflow(int $value = 1)                                                           Sub quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               subQuarterNoOverflow()                                                                          Sub one quarter to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        $this               addWeeks(int $value = 1)                                                                        Add weeks (the $value count passed in) to the instance (using date interval).
+ * @method        $this               addWeek()                                                                                       Add one week to the instance (using date interval).
+ * @method        $this               subWeeks(int $value = 1)                                                                        Sub weeks (the $value count passed in) to the instance (using date interval).
+ * @method        $this               subWeek()                                                                                       Sub one week to the instance (using date interval).
+ * @method        $this               addWeekdays(int $value = 1)                                                                     Add weekdays (the $value count passed in) to the instance (using date interval).
+ * @method        $this               addWeekday()                                                                                    Add one weekday to the instance (using date interval).
+ * @method        $this               subWeekdays(int $value = 1)                                                                     Sub weekdays (the $value count passed in) to the instance (using date interval).
+ * @method        $this               subWeekday()                                                                                    Sub one weekday to the instance (using date interval).
+ * @method        $this               addRealMicros(int $value = 1)                                                                   Add microseconds (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               addRealMicro()                                                                                  Add one microsecond to the instance (using timestamp).
+ * @method        $this               subRealMicros(int $value = 1)                                                                   Sub microseconds (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               subRealMicro()                                                                                  Sub one microsecond to the instance (using timestamp).
+ * @method        CarbonPeriod        microsUntil($endDate = null, int $factor = 1)                                                   Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each microsecond or every X microseconds if a factor is given.
+ * @method        $this               addRealMicroseconds(int $value = 1)                                                             Add microseconds (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               addRealMicrosecond()                                                                            Add one microsecond to the instance (using timestamp).
+ * @method        $this               subRealMicroseconds(int $value = 1)                                                             Sub microseconds (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               subRealMicrosecond()                                                                            Sub one microsecond to the instance (using timestamp).
+ * @method        CarbonPeriod        microsecondsUntil($endDate = null, int $factor = 1)                                             Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each microsecond or every X microseconds if a factor is given.
+ * @method        $this               addRealMillis(int $value = 1)                                                                   Add milliseconds (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               addRealMilli()                                                                                  Add one millisecond to the instance (using timestamp).
+ * @method        $this               subRealMillis(int $value = 1)                                                                   Sub milliseconds (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               subRealMilli()                                                                                  Sub one millisecond to the instance (using timestamp).
+ * @method        CarbonPeriod        millisUntil($endDate = null, int $factor = 1)                                                   Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each millisecond or every X milliseconds if a factor is given.
+ * @method        $this               addRealMilliseconds(int $value = 1)                                                             Add milliseconds (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               addRealMillisecond()                                                                            Add one millisecond to the instance (using timestamp).
+ * @method        $this               subRealMilliseconds(int $value = 1)                                                             Sub milliseconds (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               subRealMillisecond()                                                                            Sub one millisecond to the instance (using timestamp).
+ * @method        CarbonPeriod        millisecondsUntil($endDate = null, int $factor = 1)                                             Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each millisecond or every X milliseconds if a factor is given.
+ * @method        $this               addRealSeconds(int $value = 1)                                                                  Add seconds (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               addRealSecond()                                                                                 Add one second to the instance (using timestamp).
+ * @method        $this               subRealSeconds(int $value = 1)                                                                  Sub seconds (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               subRealSecond()                                                                                 Sub one second to the instance (using timestamp).
+ * @method        CarbonPeriod        secondsUntil($endDate = null, int $factor = 1)                                                  Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each second or every X seconds if a factor is given.
+ * @method        $this               addRealMinutes(int $value = 1)                                                                  Add minutes (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               addRealMinute()                                                                                 Add one minute to the instance (using timestamp).
+ * @method        $this               subRealMinutes(int $value = 1)                                                                  Sub minutes (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               subRealMinute()                                                                                 Sub one minute to the instance (using timestamp).
+ * @method        CarbonPeriod        minutesUntil($endDate = null, int $factor = 1)                                                  Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each minute or every X minutes if a factor is given.
+ * @method        $this               addRealHours(int $value = 1)                                                                    Add hours (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               addRealHour()                                                                                   Add one hour to the instance (using timestamp).
+ * @method        $this               subRealHours(int $value = 1)                                                                    Sub hours (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               subRealHour()                                                                                   Sub one hour to the instance (using timestamp).
+ * @method        CarbonPeriod        hoursUntil($endDate = null, int $factor = 1)                                                    Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each hour or every X hours if a factor is given.
+ * @method        $this               addRealDays(int $value = 1)                                                                     Add days (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               addRealDay()                                                                                    Add one day to the instance (using timestamp).
+ * @method        $this               subRealDays(int $value = 1)                                                                     Sub days (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               subRealDay()                                                                                    Sub one day to the instance (using timestamp).
+ * @method        CarbonPeriod        daysUntil($endDate = null, int $factor = 1)                                                     Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each day or every X days if a factor is given.
+ * @method        $this               addRealWeeks(int $value = 1)                                                                    Add weeks (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               addRealWeek()                                                                                   Add one week to the instance (using timestamp).
+ * @method        $this               subRealWeeks(int $value = 1)                                                                    Sub weeks (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               subRealWeek()                                                                                   Sub one week to the instance (using timestamp).
+ * @method        CarbonPeriod        weeksUntil($endDate = null, int $factor = 1)                                                    Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each week or every X weeks if a factor is given.
+ * @method        $this               addRealMonths(int $value = 1)                                                                   Add months (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               addRealMonth()                                                                                  Add one month to the instance (using timestamp).
+ * @method        $this               subRealMonths(int $value = 1)                                                                   Sub months (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               subRealMonth()                                                                                  Sub one month to the instance (using timestamp).
+ * @method        CarbonPeriod        monthsUntil($endDate = null, int $factor = 1)                                                   Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each month or every X months if a factor is given.
+ * @method        $this               addRealQuarters(int $value = 1)                                                                 Add quarters (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               addRealQuarter()                                                                                Add one quarter to the instance (using timestamp).
+ * @method        $this               subRealQuarters(int $value = 1)                                                                 Sub quarters (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               subRealQuarter()                                                                                Sub one quarter to the instance (using timestamp).
+ * @method        CarbonPeriod        quartersUntil($endDate = null, int $factor = 1)                                                 Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each quarter or every X quarters if a factor is given.
+ * @method        $this               addRealYears(int $value = 1)                                                                    Add years (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               addRealYear()                                                                                   Add one year to the instance (using timestamp).
+ * @method        $this               subRealYears(int $value = 1)                                                                    Sub years (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               subRealYear()                                                                                   Sub one year to the instance (using timestamp).
+ * @method        CarbonPeriod        yearsUntil($endDate = null, int $factor = 1)                                                    Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each year or every X years if a factor is given.
+ * @method        $this               addRealDecades(int $value = 1)                                                                  Add decades (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               addRealDecade()                                                                                 Add one decade to the instance (using timestamp).
+ * @method        $this               subRealDecades(int $value = 1)                                                                  Sub decades (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               subRealDecade()                                                                                 Sub one decade to the instance (using timestamp).
+ * @method        CarbonPeriod        decadesUntil($endDate = null, int $factor = 1)                                                  Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each decade or every X decades if a factor is given.
+ * @method        $this               addRealCenturies(int $value = 1)                                                                Add centuries (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               addRealCentury()                                                                                Add one century to the instance (using timestamp).
+ * @method        $this               subRealCenturies(int $value = 1)                                                                Sub centuries (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               subRealCentury()                                                                                Sub one century to the instance (using timestamp).
+ * @method        CarbonPeriod        centuriesUntil($endDate = null, int $factor = 1)                                                Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each century or every X centuries if a factor is given.
+ * @method        $this               addRealMillennia(int $value = 1)                                                                Add millennia (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               addRealMillennium()                                                                             Add one millennium to the instance (using timestamp).
+ * @method        $this               subRealMillennia(int $value = 1)                                                                Sub millennia (the $value count passed in) to the instance (using timestamp).
+ * @method        $this               subRealMillennium()                                                                             Sub one millennium to the instance (using timestamp).
+ * @method        CarbonPeriod        millenniaUntil($endDate = null, int $factor = 1)                                                Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each millennium or every X millennia if a factor is given.
+ * @method        $this               roundYear(float $precision = 1, string $function = "round")                                     Round the current instance year with given precision using the given function.
+ * @method        $this               roundYears(float $precision = 1, string $function = "round")                                    Round the current instance year with given precision using the given function.
+ * @method        $this               floorYear(float $precision = 1)                                                                 Truncate the current instance year with given precision.
+ * @method        $this               floorYears(float $precision = 1)                                                                Truncate the current instance year with given precision.
+ * @method        $this               ceilYear(float $precision = 1)                                                                  Ceil the current instance year with given precision.
+ * @method        $this               ceilYears(float $precision = 1)                                                                 Ceil the current instance year with given precision.
+ * @method        $this               roundMonth(float $precision = 1, string $function = "round")                                    Round the current instance month with given precision using the given function.
+ * @method        $this               roundMonths(float $precision = 1, string $function = "round")                                   Round the current instance month with given precision using the given function.
+ * @method        $this               floorMonth(float $precision = 1)                                                                Truncate the current instance month with given precision.
+ * @method        $this               floorMonths(float $precision = 1)                                                               Truncate the current instance month with given precision.
+ * @method        $this               ceilMonth(float $precision = 1)                                                                 Ceil the current instance month with given precision.
+ * @method        $this               ceilMonths(float $precision = 1)                                                                Ceil the current instance month with given precision.
+ * @method        $this               roundDay(float $precision = 1, string $function = "round")                                      Round the current instance day with given precision using the given function.
+ * @method        $this               roundDays(float $precision = 1, string $function = "round")                                     Round the current instance day with given precision using the given function.
+ * @method        $this               floorDay(float $precision = 1)                                                                  Truncate the current instance day with given precision.
+ * @method        $this               floorDays(float $precision = 1)                                                                 Truncate the current instance day with given precision.
+ * @method        $this               ceilDay(float $precision = 1)                                                                   Ceil the current instance day with given precision.
+ * @method        $this               ceilDays(float $precision = 1)                                                                  Ceil the current instance day with given precision.
+ * @method        $this               roundHour(float $precision = 1, string $function = "round")                                     Round the current instance hour with given precision using the given function.
+ * @method        $this               roundHours(float $precision = 1, string $function = "round")                                    Round the current instance hour with given precision using the given function.
+ * @method        $this               floorHour(float $precision = 1)                                                                 Truncate the current instance hour with given precision.
+ * @method        $this               floorHours(float $precision = 1)                                                                Truncate the current instance hour with given precision.
+ * @method        $this               ceilHour(float $precision = 1)                                                                  Ceil the current instance hour with given precision.
+ * @method        $this               ceilHours(float $precision = 1)                                                                 Ceil the current instance hour with given precision.
+ * @method        $this               roundMinute(float $precision = 1, string $function = "round")                                   Round the current instance minute with given precision using the given function.
+ * @method        $this               roundMinutes(float $precision = 1, string $function = "round")                                  Round the current instance minute with given precision using the given function.
+ * @method        $this               floorMinute(float $precision = 1)                                                               Truncate the current instance minute with given precision.
+ * @method        $this               floorMinutes(float $precision = 1)                                                              Truncate the current instance minute with given precision.
+ * @method        $this               ceilMinute(float $precision = 1)                                                                Ceil the current instance minute with given precision.
+ * @method        $this               ceilMinutes(float $precision = 1)                                                               Ceil the current instance minute with given precision.
+ * @method        $this               roundSecond(float $precision = 1, string $function = "round")                                   Round the current instance second with given precision using the given function.
+ * @method        $this               roundSeconds(float $precision = 1, string $function = "round")                                  Round the current instance second with given precision using the given function.
+ * @method        $this               floorSecond(float $precision = 1)                                                               Truncate the current instance second with given precision.
+ * @method        $this               floorSeconds(float $precision = 1)                                                              Truncate the current instance second with given precision.
+ * @method        $this               ceilSecond(float $precision = 1)                                                                Ceil the current instance second with given precision.
+ * @method        $this               ceilSeconds(float $precision = 1)                                                               Ceil the current instance second with given precision.
+ * @method        $this               roundMillennium(float $precision = 1, string $function = "round")                               Round the current instance millennium with given precision using the given function.
+ * @method        $this               roundMillennia(float $precision = 1, string $function = "round")                                Round the current instance millennium with given precision using the given function.
+ * @method        $this               floorMillennium(float $precision = 1)                                                           Truncate the current instance millennium with given precision.
+ * @method        $this               floorMillennia(float $precision = 1)                                                            Truncate the current instance millennium with given precision.
+ * @method        $this               ceilMillennium(float $precision = 1)                                                            Ceil the current instance millennium with given precision.
+ * @method        $this               ceilMillennia(float $precision = 1)                                                             Ceil the current instance millennium with given precision.
+ * @method        $this               roundCentury(float $precision = 1, string $function = "round")                                  Round the current instance century with given precision using the given function.
+ * @method        $this               roundCenturies(float $precision = 1, string $function = "round")                                Round the current instance century with given precision using the given function.
+ * @method        $this               floorCentury(float $precision = 1)                                                              Truncate the current instance century with given precision.
+ * @method        $this               floorCenturies(float $precision = 1)                                                            Truncate the current instance century with given precision.
+ * @method        $this               ceilCentury(float $precision = 1)                                                               Ceil the current instance century with given precision.
+ * @method        $this               ceilCenturies(float $precision = 1)                                                             Ceil the current instance century with given precision.
+ * @method        $this               roundDecade(float $precision = 1, string $function = "round")                                   Round the current instance decade with given precision using the given function.
+ * @method        $this               roundDecades(float $precision = 1, string $function = "round")                                  Round the current instance decade with given precision using the given function.
+ * @method        $this               floorDecade(float $precision = 1)                                                               Truncate the current instance decade with given precision.
+ * @method        $this               floorDecades(float $precision = 1)                                                              Truncate the current instance decade with given precision.
+ * @method        $this               ceilDecade(float $precision = 1)                                                                Ceil the current instance decade with given precision.
+ * @method        $this               ceilDecades(float $precision = 1)                                                               Ceil the current instance decade with given precision.
+ * @method        $this               roundQuarter(float $precision = 1, string $function = "round")                                  Round the current instance quarter with given precision using the given function.
+ * @method        $this               roundQuarters(float $precision = 1, string $function = "round")                                 Round the current instance quarter with given precision using the given function.
+ * @method        $this               floorQuarter(float $precision = 1)                                                              Truncate the current instance quarter with given precision.
+ * @method        $this               floorQuarters(float $precision = 1)                                                             Truncate the current instance quarter with given precision.
+ * @method        $this               ceilQuarter(float $precision = 1)                                                               Ceil the current instance quarter with given precision.
+ * @method        $this               ceilQuarters(float $precision = 1)                                                              Ceil the current instance quarter with given precision.
+ * @method        $this               roundMillisecond(float $precision = 1, string $function = "round")                              Round the current instance millisecond with given precision using the given function.
+ * @method        $this               roundMilliseconds(float $precision = 1, string $function = "round")                             Round the current instance millisecond with given precision using the given function.
+ * @method        $this               floorMillisecond(float $precision = 1)                                                          Truncate the current instance millisecond with given precision.
+ * @method        $this               floorMilliseconds(float $precision = 1)                                                         Truncate the current instance millisecond with given precision.
+ * @method        $this               ceilMillisecond(float $precision = 1)                                                           Ceil the current instance millisecond with given precision.
+ * @method        $this               ceilMilliseconds(float $precision = 1)                                                          Ceil the current instance millisecond with given precision.
+ * @method        $this               roundMicrosecond(float $precision = 1, string $function = "round")                              Round the current instance microsecond with given precision using the given function.
+ * @method        $this               roundMicroseconds(float $precision = 1, string $function = "round")                             Round the current instance microsecond with given precision using the given function.
+ * @method        $this               floorMicrosecond(float $precision = 1)                                                          Truncate the current instance microsecond with given precision.
+ * @method        $this               floorMicroseconds(float $precision = 1)                                                         Truncate the current instance microsecond with given precision.
+ * @method        $this               ceilMicrosecond(float $precision = 1)                                                           Ceil the current instance microsecond with given precision.
+ * @method        $this               ceilMicroseconds(float $precision = 1)                                                          Ceil the current instance microsecond with given precision.
+ * @method        string              shortAbsoluteDiffForHumans(DateTimeInterface $other = null, int $parts = 1)                     Get the difference (short format, 'Absolute' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
+ * @method        string              longAbsoluteDiffForHumans(DateTimeInterface $other = null, int $parts = 1)                      Get the difference (long format, 'Absolute' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
+ * @method        string              shortRelativeDiffForHumans(DateTimeInterface $other = null, int $parts = 1)                     Get the difference (short format, 'Relative' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
+ * @method        string              longRelativeDiffForHumans(DateTimeInterface $other = null, int $parts = 1)                      Get the difference (long format, 'Relative' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
+ * @method        string              shortRelativeToNowDiffForHumans(DateTimeInterface $other = null, int $parts = 1)                Get the difference (short format, 'RelativeToNow' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
+ * @method        string              longRelativeToNowDiffForHumans(DateTimeInterface $other = null, int $parts = 1)                 Get the difference (long format, 'RelativeToNow' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
+ * @method        string              shortRelativeToOtherDiffForHumans(DateTimeInterface $other = null, int $parts = 1)              Get the difference (short format, 'RelativeToOther' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
+ * @method        string              longRelativeToOtherDiffForHumans(DateTimeInterface $other = null, int $parts = 1)               Get the difference (long format, 'RelativeToOther' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
+ * @method        static static|false createFromFormat(string $format, string $time, DateTimeZone|string|false|null $timezone = null) Parse a string into a new Carbon object according to the specified format.
+ * @method        static static       __set_state(array $array)                                                                       https://php.net/manual/en/datetime.set-state.php
  *
  * </autodoc>
  */
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonImmutable.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonImmutable.php
index 6d1194ee7..4c9c1cfef 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonImmutable.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonImmutable.php
@@ -24,486 +24,486 @@ use DateTimeZone;
  *
  * <autodoc generated by `composer phpdoc`>
  *
- * @property      int                          $year
- * @property      int                          $yearIso
- * @property      int                          $month
- * @property      int                          $day
- * @property      int                          $hour
- * @property      int                          $minute
- * @property      int                          $second
- * @property      int                          $micro
- * @property      int                          $microsecond
- * @property      int|float|string             $timestamp                                                                           seconds since the Unix Epoch
- * @property      string                       $englishDayOfWeek                                                                    the day of week in English
- * @property      string                       $shortEnglishDayOfWeek                                                               the abbreviated day of week in English
- * @property      string                       $englishMonth                                                                        the month in English
- * @property      string                       $shortEnglishMonth                                                                   the abbreviated month in English
- * @property      int                          $milliseconds
- * @property      int                          $millisecond
- * @property      int                          $milli
- * @property      int                          $week                                                                                1 through 53
- * @property      int                          $isoWeek                                                                             1 through 53
- * @property      int                          $weekYear                                                                            year according to week format
- * @property      int                          $isoWeekYear                                                                         year according to ISO week format
- * @property      int                          $dayOfYear                                                                           1 through 366
- * @property      int                          $age                                                                                 does a diffInYears() with default parameters
- * @property      int                          $offset                                                                              the timezone offset in seconds from UTC
- * @property      int                          $offsetMinutes                                                                       the timezone offset in minutes from UTC
- * @property      int                          $offsetHours                                                                         the timezone offset in hours from UTC
- * @property      CarbonTimeZone               $timezone                                                                            the current timezone
- * @property      CarbonTimeZone               $tz                                                                                  alias of $timezone
- * @property-read int                          $dayOfWeek                                                                           0 (for Sunday) through 6 (for Saturday)
- * @property-read int                          $dayOfWeekIso                                                                        1 (for Monday) through 7 (for Sunday)
- * @property-read int                          $weekOfYear                                                                          ISO-8601 week number of year, weeks starting on Monday
- * @property-read int                          $daysInMonth                                                                         number of days in the given month
- * @property-read string                       $latinMeridiem                                                                       "am"/"pm" (Ante meridiem or Post meridiem latin lowercase mark)
- * @property-read string                       $latinUpperMeridiem                                                                  "AM"/"PM" (Ante meridiem or Post meridiem latin uppercase mark)
- * @property-read string                       $timezoneAbbreviatedName                                                             the current timezone abbreviated name
- * @property-read string                       $tzAbbrName                                                                          alias of $timezoneAbbreviatedName
- * @property-read string                       $dayName                                                                             long name of weekday translated according to Carbon locale, in english if no translation available for current language
- * @property-read string                       $shortDayName                                                                        short name of weekday translated according to Carbon locale, in english if no translation available for current language
- * @property-read string                       $minDayName                                                                          very short name of weekday translated according to Carbon locale, in english if no translation available for current language
- * @property-read string                       $monthName                                                                           long name of month translated according to Carbon locale, in english if no translation available for current language
- * @property-read string                       $shortMonthName                                                                      short name of month translated according to Carbon locale, in english if no translation available for current language
- * @property-read string                       $meridiem                                                                            lowercase meridiem mark translated according to Carbon locale, in latin if no translation available for current language
- * @property-read string                       $upperMeridiem                                                                       uppercase meridiem mark translated according to Carbon locale, in latin if no translation available for current language
- * @property-read int                          $noZeroHour                                                                          current hour from 1 to 24
- * @property-read int                          $weeksInYear                                                                         51 through 53
- * @property-read int                          $isoWeeksInYear                                                                      51 through 53
- * @property-read int                          $weekOfMonth                                                                         1 through 5
- * @property-read int                          $weekNumberInMonth                                                                   1 through 5
- * @property-read int                          $firstWeekDay                                                                        0 through 6
- * @property-read int                          $lastWeekDay                                                                         0 through 6
- * @property-read int                          $daysInYear                                                                          365 or 366
- * @property-read int                          $quarter                                                                             the quarter of this instance, 1 - 4
- * @property-read int                          $decade                                                                              the decade of this instance
- * @property-read int                          $century                                                                             the century of this instance
- * @property-read int                          $millennium                                                                          the millennium of this instance
- * @property-read bool                         $dst                                                                                 daylight savings time indicator, true if DST, false otherwise
- * @property-read bool                         $local                                                                               checks if the timezone is local, true if local, false otherwise
- * @property-read bool                         $utc                                                                                 checks if the timezone is UTC, true if UTC, false otherwise
- * @property-read string                       $timezoneName                                                                        the current timezone name
- * @property-read string                       $tzName                                                                              alias of $timezoneName
- * @property-read string                       $locale                                                                              locale of the current instance
+ * @property      int                 $year
+ * @property      int                 $yearIso
+ * @property      int                 $month
+ * @property      int                 $day
+ * @property      int                 $hour
+ * @property      int                 $minute
+ * @property      int                 $second
+ * @property      int                 $micro
+ * @property      int                 $microsecond
+ * @property      int|float|string    $timestamp                                                                                      seconds since the Unix Epoch
+ * @property      string              $englishDayOfWeek                                                                               the day of week in English
+ * @property      string              $shortEnglishDayOfWeek                                                                          the abbreviated day of week in English
+ * @property      string              $englishMonth                                                                                   the month in English
+ * @property      string              $shortEnglishMonth                                                                              the abbreviated month in English
+ * @property      int                 $milliseconds
+ * @property      int                 $millisecond
+ * @property      int                 $milli
+ * @property      int                 $week                                                                                           1 through 53
+ * @property      int                 $isoWeek                                                                                        1 through 53
+ * @property      int                 $weekYear                                                                                       year according to week format
+ * @property      int                 $isoWeekYear                                                                                    year according to ISO week format
+ * @property      int                 $dayOfYear                                                                                      1 through 366
+ * @property      int                 $age                                                                                            does a diffInYears() with default parameters
+ * @property      int                 $offset                                                                                         the timezone offset in seconds from UTC
+ * @property      int                 $offsetMinutes                                                                                  the timezone offset in minutes from UTC
+ * @property      int                 $offsetHours                                                                                    the timezone offset in hours from UTC
+ * @property      CarbonTimeZone      $timezone                                                                                       the current timezone
+ * @property      CarbonTimeZone      $tz                                                                                             alias of $timezone
+ * @property-read int                 $dayOfWeek                                                                                      0 (for Sunday) through 6 (for Saturday)
+ * @property-read int                 $dayOfWeekIso                                                                                   1 (for Monday) through 7 (for Sunday)
+ * @property-read int                 $weekOfYear                                                                                     ISO-8601 week number of year, weeks starting on Monday
+ * @property-read int                 $daysInMonth                                                                                    number of days in the given month
+ * @property-read string              $latinMeridiem                                                                                  "am"/"pm" (Ante meridiem or Post meridiem latin lowercase mark)
+ * @property-read string              $latinUpperMeridiem                                                                             "AM"/"PM" (Ante meridiem or Post meridiem latin uppercase mark)
+ * @property-read string              $timezoneAbbreviatedName                                                                        the current timezone abbreviated name
+ * @property-read string              $tzAbbrName                                                                                     alias of $timezoneAbbreviatedName
+ * @property-read string              $dayName                                                                                        long name of weekday translated according to Carbon locale, in english if no translation available for current language
+ * @property-read string              $shortDayName                                                                                   short name of weekday translated according to Carbon locale, in english if no translation available for current language
+ * @property-read string              $minDayName                                                                                     very short name of weekday translated according to Carbon locale, in english if no translation available for current language
+ * @property-read string              $monthName                                                                                      long name of month translated according to Carbon locale, in english if no translation available for current language
+ * @property-read string              $shortMonthName                                                                                 short name of month translated according to Carbon locale, in english if no translation available for current language
+ * @property-read string              $meridiem                                                                                       lowercase meridiem mark translated according to Carbon locale, in latin if no translation available for current language
+ * @property-read string              $upperMeridiem                                                                                  uppercase meridiem mark translated according to Carbon locale, in latin if no translation available for current language
+ * @property-read int                 $noZeroHour                                                                                     current hour from 1 to 24
+ * @property-read int                 $weeksInYear                                                                                    51 through 53
+ * @property-read int                 $isoWeeksInYear                                                                                 51 through 53
+ * @property-read int                 $weekOfMonth                                                                                    1 through 5
+ * @property-read int                 $weekNumberInMonth                                                                              1 through 5
+ * @property-read int                 $firstWeekDay                                                                                   0 through 6
+ * @property-read int                 $lastWeekDay                                                                                    0 through 6
+ * @property-read int                 $daysInYear                                                                                     365 or 366
+ * @property-read int                 $quarter                                                                                        the quarter of this instance, 1 - 4
+ * @property-read int                 $decade                                                                                         the decade of this instance
+ * @property-read int                 $century                                                                                        the century of this instance
+ * @property-read int                 $millennium                                                                                     the millennium of this instance
+ * @property-read bool                $dst                                                                                            daylight savings time indicator, true if DST, false otherwise
+ * @property-read bool                $local                                                                                          checks if the timezone is local, true if local, false otherwise
+ * @property-read bool                $utc                                                                                            checks if the timezone is UTC, true if UTC, false otherwise
+ * @property-read string              $timezoneName                                                                                   the current timezone name
+ * @property-read string              $tzName                                                                                         alias of $timezoneName
+ * @property-read string              $locale                                                                                         locale of the current instance
  *
- * @method        bool                         isUtc()                                                                              Check if the current instance has UTC timezone. (Both isUtc and isUTC cases are valid.)
- * @method        bool                         isLocal()                                                                            Check if the current instance has non-UTC timezone.
- * @method        bool                         isValid()                                                                            Check if the current instance is a valid date.
- * @method        bool                         isDST()                                                                              Check if the current instance is in a daylight saving time.
- * @method        bool                         isSunday()                                                                           Checks if the instance day is sunday.
- * @method        bool                         isMonday()                                                                           Checks if the instance day is monday.
- * @method        bool                         isTuesday()                                                                          Checks if the instance day is tuesday.
- * @method        bool                         isWednesday()                                                                        Checks if the instance day is wednesday.
- * @method        bool                         isThursday()                                                                         Checks if the instance day is thursday.
- * @method        bool                         isFriday()                                                                           Checks if the instance day is friday.
- * @method        bool                         isSaturday()                                                                         Checks if the instance day is saturday.
- * @method        bool                         isSameYear(Carbon|DateTimeInterface|string|null $date = null)                        Checks if the given date is in the same year as the instance. If null passed, compare to now (with the same timezone).
- * @method        bool                         isCurrentYear()                                                                      Checks if the instance is in the same year as the current moment.
- * @method        bool                         isNextYear()                                                                         Checks if the instance is in the same year as the current moment next year.
- * @method        bool                         isLastYear()                                                                         Checks if the instance is in the same year as the current moment last year.
- * @method        bool                         isSameWeek(Carbon|DateTimeInterface|string|null $date = null)                        Checks if the given date is in the same week as the instance. If null passed, compare to now (with the same timezone).
- * @method        bool                         isCurrentWeek()                                                                      Checks if the instance is in the same week as the current moment.
- * @method        bool                         isNextWeek()                                                                         Checks if the instance is in the same week as the current moment next week.
- * @method        bool                         isLastWeek()                                                                         Checks if the instance is in the same week as the current moment last week.
- * @method        bool                         isSameDay(Carbon|DateTimeInterface|string|null $date = null)                         Checks if the given date is in the same day as the instance. If null passed, compare to now (with the same timezone).
- * @method        bool                         isCurrentDay()                                                                       Checks if the instance is in the same day as the current moment.
- * @method        bool                         isNextDay()                                                                          Checks if the instance is in the same day as the current moment next day.
- * @method        bool                         isLastDay()                                                                          Checks if the instance is in the same day as the current moment last day.
- * @method        bool                         isSameHour(Carbon|DateTimeInterface|string|null $date = null)                        Checks if the given date is in the same hour as the instance. If null passed, compare to now (with the same timezone).
- * @method        bool                         isCurrentHour()                                                                      Checks if the instance is in the same hour as the current moment.
- * @method        bool                         isNextHour()                                                                         Checks if the instance is in the same hour as the current moment next hour.
- * @method        bool                         isLastHour()                                                                         Checks if the instance is in the same hour as the current moment last hour.
- * @method        bool                         isSameMinute(Carbon|DateTimeInterface|string|null $date = null)                      Checks if the given date is in the same minute as the instance. If null passed, compare to now (with the same timezone).
- * @method        bool                         isCurrentMinute()                                                                    Checks if the instance is in the same minute as the current moment.
- * @method        bool                         isNextMinute()                                                                       Checks if the instance is in the same minute as the current moment next minute.
- * @method        bool                         isLastMinute()                                                                       Checks if the instance is in the same minute as the current moment last minute.
- * @method        bool                         isSameSecond(Carbon|DateTimeInterface|string|null $date = null)                      Checks if the given date is in the same second as the instance. If null passed, compare to now (with the same timezone).
- * @method        bool                         isCurrentSecond()                                                                    Checks if the instance is in the same second as the current moment.
- * @method        bool                         isNextSecond()                                                                       Checks if the instance is in the same second as the current moment next second.
- * @method        bool                         isLastSecond()                                                                       Checks if the instance is in the same second as the current moment last second.
- * @method        bool                         isSameMicro(Carbon|DateTimeInterface|string|null $date = null)                       Checks if the given date is in the same microsecond as the instance. If null passed, compare to now (with the same timezone).
- * @method        bool                         isCurrentMicro()                                                                     Checks if the instance is in the same microsecond as the current moment.
- * @method        bool                         isNextMicro()                                                                        Checks if the instance is in the same microsecond as the current moment next microsecond.
- * @method        bool                         isLastMicro()                                                                        Checks if the instance is in the same microsecond as the current moment last microsecond.
- * @method        bool                         isSameMicrosecond(Carbon|DateTimeInterface|string|null $date = null)                 Checks if the given date is in the same microsecond as the instance. If null passed, compare to now (with the same timezone).
- * @method        bool                         isCurrentMicrosecond()                                                               Checks if the instance is in the same microsecond as the current moment.
- * @method        bool                         isNextMicrosecond()                                                                  Checks if the instance is in the same microsecond as the current moment next microsecond.
- * @method        bool                         isLastMicrosecond()                                                                  Checks if the instance is in the same microsecond as the current moment last microsecond.
- * @method        bool                         isCurrentMonth()                                                                     Checks if the instance is in the same month as the current moment.
- * @method        bool                         isNextMonth()                                                                        Checks if the instance is in the same month as the current moment next month.
- * @method        bool                         isLastMonth()                                                                        Checks if the instance is in the same month as the current moment last month.
- * @method        bool                         isCurrentQuarter()                                                                   Checks if the instance is in the same quarter as the current moment.
- * @method        bool                         isNextQuarter()                                                                      Checks if the instance is in the same quarter as the current moment next quarter.
- * @method        bool                         isLastQuarter()                                                                      Checks if the instance is in the same quarter as the current moment last quarter.
- * @method        bool                         isSameDecade(Carbon|DateTimeInterface|string|null $date = null)                      Checks if the given date is in the same decade as the instance. If null passed, compare to now (with the same timezone).
- * @method        bool                         isCurrentDecade()                                                                    Checks if the instance is in the same decade as the current moment.
- * @method        bool                         isNextDecade()                                                                       Checks if the instance is in the same decade as the current moment next decade.
- * @method        bool                         isLastDecade()                                                                       Checks if the instance is in the same decade as the current moment last decade.
- * @method        bool                         isSameCentury(Carbon|DateTimeInterface|string|null $date = null)                     Checks if the given date is in the same century as the instance. If null passed, compare to now (with the same timezone).
- * @method        bool                         isCurrentCentury()                                                                   Checks if the instance is in the same century as the current moment.
- * @method        bool                         isNextCentury()                                                                      Checks if the instance is in the same century as the current moment next century.
- * @method        bool                         isLastCentury()                                                                      Checks if the instance is in the same century as the current moment last century.
- * @method        bool                         isSameMillennium(Carbon|DateTimeInterface|string|null $date = null)                  Checks if the given date is in the same millennium as the instance. If null passed, compare to now (with the same timezone).
- * @method        bool                         isCurrentMillennium()                                                                Checks if the instance is in the same millennium as the current moment.
- * @method        bool                         isNextMillennium()                                                                   Checks if the instance is in the same millennium as the current moment next millennium.
- * @method        bool                         isLastMillennium()                                                                   Checks if the instance is in the same millennium as the current moment last millennium.
- * @method        CarbonImmutable              years(int $value)                                                                    Set current instance year to the given value.
- * @method        CarbonImmutable              year(int $value)                                                                     Set current instance year to the given value.
- * @method        CarbonImmutable              setYears(int $value)                                                                 Set current instance year to the given value.
- * @method        CarbonImmutable              setYear(int $value)                                                                  Set current instance year to the given value.
- * @method        CarbonImmutable              months(int $value)                                                                   Set current instance month to the given value.
- * @method        CarbonImmutable              month(int $value)                                                                    Set current instance month to the given value.
- * @method        CarbonImmutable              setMonths(int $value)                                                                Set current instance month to the given value.
- * @method        CarbonImmutable              setMonth(int $value)                                                                 Set current instance month to the given value.
- * @method        CarbonImmutable              days(int $value)                                                                     Set current instance day to the given value.
- * @method        CarbonImmutable              day(int $value)                                                                      Set current instance day to the given value.
- * @method        CarbonImmutable              setDays(int $value)                                                                  Set current instance day to the given value.
- * @method        CarbonImmutable              setDay(int $value)                                                                   Set current instance day to the given value.
- * @method        CarbonImmutable              hours(int $value)                                                                    Set current instance hour to the given value.
- * @method        CarbonImmutable              hour(int $value)                                                                     Set current instance hour to the given value.
- * @method        CarbonImmutable              setHours(int $value)                                                                 Set current instance hour to the given value.
- * @method        CarbonImmutable              setHour(int $value)                                                                  Set current instance hour to the given value.
- * @method        CarbonImmutable              minutes(int $value)                                                                  Set current instance minute to the given value.
- * @method        CarbonImmutable              minute(int $value)                                                                   Set current instance minute to the given value.
- * @method        CarbonImmutable              setMinutes(int $value)                                                               Set current instance minute to the given value.
- * @method        CarbonImmutable              setMinute(int $value)                                                                Set current instance minute to the given value.
- * @method        CarbonImmutable              seconds(int $value)                                                                  Set current instance second to the given value.
- * @method        CarbonImmutable              second(int $value)                                                                   Set current instance second to the given value.
- * @method        CarbonImmutable              setSeconds(int $value)                                                               Set current instance second to the given value.
- * @method        CarbonImmutable              setSecond(int $value)                                                                Set current instance second to the given value.
- * @method        CarbonImmutable              millis(int $value)                                                                   Set current instance millisecond to the given value.
- * @method        CarbonImmutable              milli(int $value)                                                                    Set current instance millisecond to the given value.
- * @method        CarbonImmutable              setMillis(int $value)                                                                Set current instance millisecond to the given value.
- * @method        CarbonImmutable              setMilli(int $value)                                                                 Set current instance millisecond to the given value.
- * @method        CarbonImmutable              milliseconds(int $value)                                                             Set current instance millisecond to the given value.
- * @method        CarbonImmutable              millisecond(int $value)                                                              Set current instance millisecond to the given value.
- * @method        CarbonImmutable              setMilliseconds(int $value)                                                          Set current instance millisecond to the given value.
- * @method        CarbonImmutable              setMillisecond(int $value)                                                           Set current instance millisecond to the given value.
- * @method        CarbonImmutable              micros(int $value)                                                                   Set current instance microsecond to the given value.
- * @method        CarbonImmutable              micro(int $value)                                                                    Set current instance microsecond to the given value.
- * @method        CarbonImmutable              setMicros(int $value)                                                                Set current instance microsecond to the given value.
- * @method        CarbonImmutable              setMicro(int $value)                                                                 Set current instance microsecond to the given value.
- * @method        CarbonImmutable              microseconds(int $value)                                                             Set current instance microsecond to the given value.
- * @method        CarbonImmutable              microsecond(int $value)                                                              Set current instance microsecond to the given value.
- * @method        CarbonImmutable              setMicroseconds(int $value)                                                          Set current instance microsecond to the given value.
- * @method        CarbonImmutable              setMicrosecond(int $value)                                                           Set current instance microsecond to the given value.
- * @method        CarbonImmutable              addYears(int $value = 1)                                                             Add years (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              addYear()                                                                            Add one year to the instance (using date interval).
- * @method        CarbonImmutable              subYears(int $value = 1)                                                             Sub years (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              subYear()                                                                            Sub one year to the instance (using date interval).
- * @method        CarbonImmutable              addYearsWithOverflow(int $value = 1)                                                 Add years (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              addYearWithOverflow()                                                                Add one year to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              subYearsWithOverflow(int $value = 1)                                                 Sub years (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              subYearWithOverflow()                                                                Sub one year to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              addYearsWithoutOverflow(int $value = 1)                                              Add years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addYearWithoutOverflow()                                                             Add one year to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subYearsWithoutOverflow(int $value = 1)                                              Sub years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subYearWithoutOverflow()                                                             Sub one year to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addYearsWithNoOverflow(int $value = 1)                                               Add years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addYearWithNoOverflow()                                                              Add one year to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subYearsWithNoOverflow(int $value = 1)                                               Sub years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subYearWithNoOverflow()                                                              Sub one year to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addYearsNoOverflow(int $value = 1)                                                   Add years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addYearNoOverflow()                                                                  Add one year to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subYearsNoOverflow(int $value = 1)                                                   Sub years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subYearNoOverflow()                                                                  Sub one year to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addMonths(int $value = 1)                                                            Add months (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              addMonth()                                                                           Add one month to the instance (using date interval).
- * @method        CarbonImmutable              subMonths(int $value = 1)                                                            Sub months (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              subMonth()                                                                           Sub one month to the instance (using date interval).
- * @method        CarbonImmutable              addMonthsWithOverflow(int $value = 1)                                                Add months (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              addMonthWithOverflow()                                                               Add one month to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              subMonthsWithOverflow(int $value = 1)                                                Sub months (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              subMonthWithOverflow()                                                               Sub one month to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              addMonthsWithoutOverflow(int $value = 1)                                             Add months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addMonthWithoutOverflow()                                                            Add one month to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subMonthsWithoutOverflow(int $value = 1)                                             Sub months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subMonthWithoutOverflow()                                                            Sub one month to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addMonthsWithNoOverflow(int $value = 1)                                              Add months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addMonthWithNoOverflow()                                                             Add one month to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subMonthsWithNoOverflow(int $value = 1)                                              Sub months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subMonthWithNoOverflow()                                                             Sub one month to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addMonthsNoOverflow(int $value = 1)                                                  Add months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addMonthNoOverflow()                                                                 Add one month to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subMonthsNoOverflow(int $value = 1)                                                  Sub months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subMonthNoOverflow()                                                                 Sub one month to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addDays(int $value = 1)                                                              Add days (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              addDay()                                                                             Add one day to the instance (using date interval).
- * @method        CarbonImmutable              subDays(int $value = 1)                                                              Sub days (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              subDay()                                                                             Sub one day to the instance (using date interval).
- * @method        CarbonImmutable              addHours(int $value = 1)                                                             Add hours (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              addHour()                                                                            Add one hour to the instance (using date interval).
- * @method        CarbonImmutable              subHours(int $value = 1)                                                             Sub hours (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              subHour()                                                                            Sub one hour to the instance (using date interval).
- * @method        CarbonImmutable              addMinutes(int $value = 1)                                                           Add minutes (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              addMinute()                                                                          Add one minute to the instance (using date interval).
- * @method        CarbonImmutable              subMinutes(int $value = 1)                                                           Sub minutes (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              subMinute()                                                                          Sub one minute to the instance (using date interval).
- * @method        CarbonImmutable              addSeconds(int $value = 1)                                                           Add seconds (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              addSecond()                                                                          Add one second to the instance (using date interval).
- * @method        CarbonImmutable              subSeconds(int $value = 1)                                                           Sub seconds (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              subSecond()                                                                          Sub one second to the instance (using date interval).
- * @method        CarbonImmutable              addMillis(int $value = 1)                                                            Add milliseconds (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              addMilli()                                                                           Add one millisecond to the instance (using date interval).
- * @method        CarbonImmutable              subMillis(int $value = 1)                                                            Sub milliseconds (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              subMilli()                                                                           Sub one millisecond to the instance (using date interval).
- * @method        CarbonImmutable              addMilliseconds(int $value = 1)                                                      Add milliseconds (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              addMillisecond()                                                                     Add one millisecond to the instance (using date interval).
- * @method        CarbonImmutable              subMilliseconds(int $value = 1)                                                      Sub milliseconds (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              subMillisecond()                                                                     Sub one millisecond to the instance (using date interval).
- * @method        CarbonImmutable              addMicros(int $value = 1)                                                            Add microseconds (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              addMicro()                                                                           Add one microsecond to the instance (using date interval).
- * @method        CarbonImmutable              subMicros(int $value = 1)                                                            Sub microseconds (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              subMicro()                                                                           Sub one microsecond to the instance (using date interval).
- * @method        CarbonImmutable              addMicroseconds(int $value = 1)                                                      Add microseconds (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              addMicrosecond()                                                                     Add one microsecond to the instance (using date interval).
- * @method        CarbonImmutable              subMicroseconds(int $value = 1)                                                      Sub microseconds (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              subMicrosecond()                                                                     Sub one microsecond to the instance (using date interval).
- * @method        CarbonImmutable              addMillennia(int $value = 1)                                                         Add millennia (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              addMillennium()                                                                      Add one millennium to the instance (using date interval).
- * @method        CarbonImmutable              subMillennia(int $value = 1)                                                         Sub millennia (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              subMillennium()                                                                      Sub one millennium to the instance (using date interval).
- * @method        CarbonImmutable              addMillenniaWithOverflow(int $value = 1)                                             Add millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              addMillenniumWithOverflow()                                                          Add one millennium to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              subMillenniaWithOverflow(int $value = 1)                                             Sub millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              subMillenniumWithOverflow()                                                          Sub one millennium to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              addMillenniaWithoutOverflow(int $value = 1)                                          Add millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addMillenniumWithoutOverflow()                                                       Add one millennium to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subMillenniaWithoutOverflow(int $value = 1)                                          Sub millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subMillenniumWithoutOverflow()                                                       Sub one millennium to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addMillenniaWithNoOverflow(int $value = 1)                                           Add millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addMillenniumWithNoOverflow()                                                        Add one millennium to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subMillenniaWithNoOverflow(int $value = 1)                                           Sub millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subMillenniumWithNoOverflow()                                                        Sub one millennium to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addMillenniaNoOverflow(int $value = 1)                                               Add millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addMillenniumNoOverflow()                                                            Add one millennium to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subMillenniaNoOverflow(int $value = 1)                                               Sub millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subMillenniumNoOverflow()                                                            Sub one millennium to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addCenturies(int $value = 1)                                                         Add centuries (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              addCentury()                                                                         Add one century to the instance (using date interval).
- * @method        CarbonImmutable              subCenturies(int $value = 1)                                                         Sub centuries (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              subCentury()                                                                         Sub one century to the instance (using date interval).
- * @method        CarbonImmutable              addCenturiesWithOverflow(int $value = 1)                                             Add centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              addCenturyWithOverflow()                                                             Add one century to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              subCenturiesWithOverflow(int $value = 1)                                             Sub centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              subCenturyWithOverflow()                                                             Sub one century to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              addCenturiesWithoutOverflow(int $value = 1)                                          Add centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addCenturyWithoutOverflow()                                                          Add one century to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subCenturiesWithoutOverflow(int $value = 1)                                          Sub centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subCenturyWithoutOverflow()                                                          Sub one century to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addCenturiesWithNoOverflow(int $value = 1)                                           Add centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addCenturyWithNoOverflow()                                                           Add one century to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subCenturiesWithNoOverflow(int $value = 1)                                           Sub centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subCenturyWithNoOverflow()                                                           Sub one century to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addCenturiesNoOverflow(int $value = 1)                                               Add centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addCenturyNoOverflow()                                                               Add one century to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subCenturiesNoOverflow(int $value = 1)                                               Sub centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subCenturyNoOverflow()                                                               Sub one century to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addDecades(int $value = 1)                                                           Add decades (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              addDecade()                                                                          Add one decade to the instance (using date interval).
- * @method        CarbonImmutable              subDecades(int $value = 1)                                                           Sub decades (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              subDecade()                                                                          Sub one decade to the instance (using date interval).
- * @method        CarbonImmutable              addDecadesWithOverflow(int $value = 1)                                               Add decades (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              addDecadeWithOverflow()                                                              Add one decade to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              subDecadesWithOverflow(int $value = 1)                                               Sub decades (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              subDecadeWithOverflow()                                                              Sub one decade to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              addDecadesWithoutOverflow(int $value = 1)                                            Add decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addDecadeWithoutOverflow()                                                           Add one decade to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subDecadesWithoutOverflow(int $value = 1)                                            Sub decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subDecadeWithoutOverflow()                                                           Sub one decade to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addDecadesWithNoOverflow(int $value = 1)                                             Add decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addDecadeWithNoOverflow()                                                            Add one decade to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subDecadesWithNoOverflow(int $value = 1)                                             Sub decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subDecadeWithNoOverflow()                                                            Sub one decade to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addDecadesNoOverflow(int $value = 1)                                                 Add decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addDecadeNoOverflow()                                                                Add one decade to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subDecadesNoOverflow(int $value = 1)                                                 Sub decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subDecadeNoOverflow()                                                                Sub one decade to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addQuarters(int $value = 1)                                                          Add quarters (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              addQuarter()                                                                         Add one quarter to the instance (using date interval).
- * @method        CarbonImmutable              subQuarters(int $value = 1)                                                          Sub quarters (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              subQuarter()                                                                         Sub one quarter to the instance (using date interval).
- * @method        CarbonImmutable              addQuartersWithOverflow(int $value = 1)                                              Add quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              addQuarterWithOverflow()                                                             Add one quarter to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              subQuartersWithOverflow(int $value = 1)                                              Sub quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              subQuarterWithOverflow()                                                             Sub one quarter to the instance (using date interval) with overflow explicitly allowed.
- * @method        CarbonImmutable              addQuartersWithoutOverflow(int $value = 1)                                           Add quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addQuarterWithoutOverflow()                                                          Add one quarter to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subQuartersWithoutOverflow(int $value = 1)                                           Sub quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subQuarterWithoutOverflow()                                                          Sub one quarter to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addQuartersWithNoOverflow(int $value = 1)                                            Add quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addQuarterWithNoOverflow()                                                           Add one quarter to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subQuartersWithNoOverflow(int $value = 1)                                            Sub quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subQuarterWithNoOverflow()                                                           Sub one quarter to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addQuartersNoOverflow(int $value = 1)                                                Add quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addQuarterNoOverflow()                                                               Add one quarter to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subQuartersNoOverflow(int $value = 1)                                                Sub quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              subQuarterNoOverflow()                                                               Sub one quarter to the instance (using date interval) with overflow explicitly forbidden.
- * @method        CarbonImmutable              addWeeks(int $value = 1)                                                             Add weeks (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              addWeek()                                                                            Add one week to the instance (using date interval).
- * @method        CarbonImmutable              subWeeks(int $value = 1)                                                             Sub weeks (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              subWeek()                                                                            Sub one week to the instance (using date interval).
- * @method        CarbonImmutable              addWeekdays(int $value = 1)                                                          Add weekdays (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              addWeekday()                                                                         Add one weekday to the instance (using date interval).
- * @method        CarbonImmutable              subWeekdays(int $value = 1)                                                          Sub weekdays (the $value count passed in) to the instance (using date interval).
- * @method        CarbonImmutable              subWeekday()                                                                         Sub one weekday to the instance (using date interval).
- * @method        CarbonImmutable              addRealMicros(int $value = 1)                                                        Add microseconds (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              addRealMicro()                                                                       Add one microsecond to the instance (using timestamp).
- * @method        CarbonImmutable              subRealMicros(int $value = 1)                                                        Sub microseconds (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              subRealMicro()                                                                       Sub one microsecond to the instance (using timestamp).
- * @method        CarbonPeriod                 microsUntil($endDate = null, int $factor = 1)                                        Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each microsecond or every X microseconds if a factor is given.
- * @method        CarbonImmutable              addRealMicroseconds(int $value = 1)                                                  Add microseconds (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              addRealMicrosecond()                                                                 Add one microsecond to the instance (using timestamp).
- * @method        CarbonImmutable              subRealMicroseconds(int $value = 1)                                                  Sub microseconds (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              subRealMicrosecond()                                                                 Sub one microsecond to the instance (using timestamp).
- * @method        CarbonPeriod                 microsecondsUntil($endDate = null, int $factor = 1)                                  Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each microsecond or every X microseconds if a factor is given.
- * @method        CarbonImmutable              addRealMillis(int $value = 1)                                                        Add milliseconds (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              addRealMilli()                                                                       Add one millisecond to the instance (using timestamp).
- * @method        CarbonImmutable              subRealMillis(int $value = 1)                                                        Sub milliseconds (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              subRealMilli()                                                                       Sub one millisecond to the instance (using timestamp).
- * @method        CarbonPeriod                 millisUntil($endDate = null, int $factor = 1)                                        Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each millisecond or every X milliseconds if a factor is given.
- * @method        CarbonImmutable              addRealMilliseconds(int $value = 1)                                                  Add milliseconds (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              addRealMillisecond()                                                                 Add one millisecond to the instance (using timestamp).
- * @method        CarbonImmutable              subRealMilliseconds(int $value = 1)                                                  Sub milliseconds (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              subRealMillisecond()                                                                 Sub one millisecond to the instance (using timestamp).
- * @method        CarbonPeriod                 millisecondsUntil($endDate = null, int $factor = 1)                                  Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each millisecond or every X milliseconds if a factor is given.
- * @method        CarbonImmutable              addRealSeconds(int $value = 1)                                                       Add seconds (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              addRealSecond()                                                                      Add one second to the instance (using timestamp).
- * @method        CarbonImmutable              subRealSeconds(int $value = 1)                                                       Sub seconds (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              subRealSecond()                                                                      Sub one second to the instance (using timestamp).
- * @method        CarbonPeriod                 secondsUntil($endDate = null, int $factor = 1)                                       Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each second or every X seconds if a factor is given.
- * @method        CarbonImmutable              addRealMinutes(int $value = 1)                                                       Add minutes (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              addRealMinute()                                                                      Add one minute to the instance (using timestamp).
- * @method        CarbonImmutable              subRealMinutes(int $value = 1)                                                       Sub minutes (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              subRealMinute()                                                                      Sub one minute to the instance (using timestamp).
- * @method        CarbonPeriod                 minutesUntil($endDate = null, int $factor = 1)                                       Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each minute or every X minutes if a factor is given.
- * @method        CarbonImmutable              addRealHours(int $value = 1)                                                         Add hours (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              addRealHour()                                                                        Add one hour to the instance (using timestamp).
- * @method        CarbonImmutable              subRealHours(int $value = 1)                                                         Sub hours (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              subRealHour()                                                                        Sub one hour to the instance (using timestamp).
- * @method        CarbonPeriod                 hoursUntil($endDate = null, int $factor = 1)                                         Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each hour or every X hours if a factor is given.
- * @method        CarbonImmutable              addRealDays(int $value = 1)                                                          Add days (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              addRealDay()                                                                         Add one day to the instance (using timestamp).
- * @method        CarbonImmutable              subRealDays(int $value = 1)                                                          Sub days (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              subRealDay()                                                                         Sub one day to the instance (using timestamp).
- * @method        CarbonPeriod                 daysUntil($endDate = null, int $factor = 1)                                          Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each day or every X days if a factor is given.
- * @method        CarbonImmutable              addRealWeeks(int $value = 1)                                                         Add weeks (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              addRealWeek()                                                                        Add one week to the instance (using timestamp).
- * @method        CarbonImmutable              subRealWeeks(int $value = 1)                                                         Sub weeks (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              subRealWeek()                                                                        Sub one week to the instance (using timestamp).
- * @method        CarbonPeriod                 weeksUntil($endDate = null, int $factor = 1)                                         Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each week or every X weeks if a factor is given.
- * @method        CarbonImmutable              addRealMonths(int $value = 1)                                                        Add months (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              addRealMonth()                                                                       Add one month to the instance (using timestamp).
- * @method        CarbonImmutable              subRealMonths(int $value = 1)                                                        Sub months (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              subRealMonth()                                                                       Sub one month to the instance (using timestamp).
- * @method        CarbonPeriod                 monthsUntil($endDate = null, int $factor = 1)                                        Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each month or every X months if a factor is given.
- * @method        CarbonImmutable              addRealQuarters(int $value = 1)                                                      Add quarters (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              addRealQuarter()                                                                     Add one quarter to the instance (using timestamp).
- * @method        CarbonImmutable              subRealQuarters(int $value = 1)                                                      Sub quarters (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              subRealQuarter()                                                                     Sub one quarter to the instance (using timestamp).
- * @method        CarbonPeriod                 quartersUntil($endDate = null, int $factor = 1)                                      Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each quarter or every X quarters if a factor is given.
- * @method        CarbonImmutable              addRealYears(int $value = 1)                                                         Add years (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              addRealYear()                                                                        Add one year to the instance (using timestamp).
- * @method        CarbonImmutable              subRealYears(int $value = 1)                                                         Sub years (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              subRealYear()                                                                        Sub one year to the instance (using timestamp).
- * @method        CarbonPeriod                 yearsUntil($endDate = null, int $factor = 1)                                         Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each year or every X years if a factor is given.
- * @method        CarbonImmutable              addRealDecades(int $value = 1)                                                       Add decades (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              addRealDecade()                                                                      Add one decade to the instance (using timestamp).
- * @method        CarbonImmutable              subRealDecades(int $value = 1)                                                       Sub decades (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              subRealDecade()                                                                      Sub one decade to the instance (using timestamp).
- * @method        CarbonPeriod                 decadesUntil($endDate = null, int $factor = 1)                                       Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each decade or every X decades if a factor is given.
- * @method        CarbonImmutable              addRealCenturies(int $value = 1)                                                     Add centuries (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              addRealCentury()                                                                     Add one century to the instance (using timestamp).
- * @method        CarbonImmutable              subRealCenturies(int $value = 1)                                                     Sub centuries (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              subRealCentury()                                                                     Sub one century to the instance (using timestamp).
- * @method        CarbonPeriod                 centuriesUntil($endDate = null, int $factor = 1)                                     Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each century or every X centuries if a factor is given.
- * @method        CarbonImmutable              addRealMillennia(int $value = 1)                                                     Add millennia (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              addRealMillennium()                                                                  Add one millennium to the instance (using timestamp).
- * @method        CarbonImmutable              subRealMillennia(int $value = 1)                                                     Sub millennia (the $value count passed in) to the instance (using timestamp).
- * @method        CarbonImmutable              subRealMillennium()                                                                  Sub one millennium to the instance (using timestamp).
- * @method        CarbonPeriod                 millenniaUntil($endDate = null, int $factor = 1)                                     Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each millennium or every X millennia if a factor is given.
- * @method        CarbonImmutable              roundYear(float $precision = 1, string $function = "round")                          Round the current instance year with given precision using the given function.
- * @method        CarbonImmutable              roundYears(float $precision = 1, string $function = "round")                         Round the current instance year with given precision using the given function.
- * @method        CarbonImmutable              floorYear(float $precision = 1)                                                      Truncate the current instance year with given precision.
- * @method        CarbonImmutable              floorYears(float $precision = 1)                                                     Truncate the current instance year with given precision.
- * @method        CarbonImmutable              ceilYear(float $precision = 1)                                                       Ceil the current instance year with given precision.
- * @method        CarbonImmutable              ceilYears(float $precision = 1)                                                      Ceil the current instance year with given precision.
- * @method        CarbonImmutable              roundMonth(float $precision = 1, string $function = "round")                         Round the current instance month with given precision using the given function.
- * @method        CarbonImmutable              roundMonths(float $precision = 1, string $function = "round")                        Round the current instance month with given precision using the given function.
- * @method        CarbonImmutable              floorMonth(float $precision = 1)                                                     Truncate the current instance month with given precision.
- * @method        CarbonImmutable              floorMonths(float $precision = 1)                                                    Truncate the current instance month with given precision.
- * @method        CarbonImmutable              ceilMonth(float $precision = 1)                                                      Ceil the current instance month with given precision.
- * @method        CarbonImmutable              ceilMonths(float $precision = 1)                                                     Ceil the current instance month with given precision.
- * @method        CarbonImmutable              roundDay(float $precision = 1, string $function = "round")                           Round the current instance day with given precision using the given function.
- * @method        CarbonImmutable              roundDays(float $precision = 1, string $function = "round")                          Round the current instance day with given precision using the given function.
- * @method        CarbonImmutable              floorDay(float $precision = 1)                                                       Truncate the current instance day with given precision.
- * @method        CarbonImmutable              floorDays(float $precision = 1)                                                      Truncate the current instance day with given precision.
- * @method        CarbonImmutable              ceilDay(float $precision = 1)                                                        Ceil the current instance day with given precision.
- * @method        CarbonImmutable              ceilDays(float $precision = 1)                                                       Ceil the current instance day with given precision.
- * @method        CarbonImmutable              roundHour(float $precision = 1, string $function = "round")                          Round the current instance hour with given precision using the given function.
- * @method        CarbonImmutable              roundHours(float $precision = 1, string $function = "round")                         Round the current instance hour with given precision using the given function.
- * @method        CarbonImmutable              floorHour(float $precision = 1)                                                      Truncate the current instance hour with given precision.
- * @method        CarbonImmutable              floorHours(float $precision = 1)                                                     Truncate the current instance hour with given precision.
- * @method        CarbonImmutable              ceilHour(float $precision = 1)                                                       Ceil the current instance hour with given precision.
- * @method        CarbonImmutable              ceilHours(float $precision = 1)                                                      Ceil the current instance hour with given precision.
- * @method        CarbonImmutable              roundMinute(float $precision = 1, string $function = "round")                        Round the current instance minute with given precision using the given function.
- * @method        CarbonImmutable              roundMinutes(float $precision = 1, string $function = "round")                       Round the current instance minute with given precision using the given function.
- * @method        CarbonImmutable              floorMinute(float $precision = 1)                                                    Truncate the current instance minute with given precision.
- * @method        CarbonImmutable              floorMinutes(float $precision = 1)                                                   Truncate the current instance minute with given precision.
- * @method        CarbonImmutable              ceilMinute(float $precision = 1)                                                     Ceil the current instance minute with given precision.
- * @method        CarbonImmutable              ceilMinutes(float $precision = 1)                                                    Ceil the current instance minute with given precision.
- * @method        CarbonImmutable              roundSecond(float $precision = 1, string $function = "round")                        Round the current instance second with given precision using the given function.
- * @method        CarbonImmutable              roundSeconds(float $precision = 1, string $function = "round")                       Round the current instance second with given precision using the given function.
- * @method        CarbonImmutable              floorSecond(float $precision = 1)                                                    Truncate the current instance second with given precision.
- * @method        CarbonImmutable              floorSeconds(float $precision = 1)                                                   Truncate the current instance second with given precision.
- * @method        CarbonImmutable              ceilSecond(float $precision = 1)                                                     Ceil the current instance second with given precision.
- * @method        CarbonImmutable              ceilSeconds(float $precision = 1)                                                    Ceil the current instance second with given precision.
- * @method        CarbonImmutable              roundMillennium(float $precision = 1, string $function = "round")                    Round the current instance millennium with given precision using the given function.
- * @method        CarbonImmutable              roundMillennia(float $precision = 1, string $function = "round")                     Round the current instance millennium with given precision using the given function.
- * @method        CarbonImmutable              floorMillennium(float $precision = 1)                                                Truncate the current instance millennium with given precision.
- * @method        CarbonImmutable              floorMillennia(float $precision = 1)                                                 Truncate the current instance millennium with given precision.
- * @method        CarbonImmutable              ceilMillennium(float $precision = 1)                                                 Ceil the current instance millennium with given precision.
- * @method        CarbonImmutable              ceilMillennia(float $precision = 1)                                                  Ceil the current instance millennium with given precision.
- * @method        CarbonImmutable              roundCentury(float $precision = 1, string $function = "round")                       Round the current instance century with given precision using the given function.
- * @method        CarbonImmutable              roundCenturies(float $precision = 1, string $function = "round")                     Round the current instance century with given precision using the given function.
- * @method        CarbonImmutable              floorCentury(float $precision = 1)                                                   Truncate the current instance century with given precision.
- * @method        CarbonImmutable              floorCenturies(float $precision = 1)                                                 Truncate the current instance century with given precision.
- * @method        CarbonImmutable              ceilCentury(float $precision = 1)                                                    Ceil the current instance century with given precision.
- * @method        CarbonImmutable              ceilCenturies(float $precision = 1)                                                  Ceil the current instance century with given precision.
- * @method        CarbonImmutable              roundDecade(float $precision = 1, string $function = "round")                        Round the current instance decade with given precision using the given function.
- * @method        CarbonImmutable              roundDecades(float $precision = 1, string $function = "round")                       Round the current instance decade with given precision using the given function.
- * @method        CarbonImmutable              floorDecade(float $precision = 1)                                                    Truncate the current instance decade with given precision.
- * @method        CarbonImmutable              floorDecades(float $precision = 1)                                                   Truncate the current instance decade with given precision.
- * @method        CarbonImmutable              ceilDecade(float $precision = 1)                                                     Ceil the current instance decade with given precision.
- * @method        CarbonImmutable              ceilDecades(float $precision = 1)                                                    Ceil the current instance decade with given precision.
- * @method        CarbonImmutable              roundQuarter(float $precision = 1, string $function = "round")                       Round the current instance quarter with given precision using the given function.
- * @method        CarbonImmutable              roundQuarters(float $precision = 1, string $function = "round")                      Round the current instance quarter with given precision using the given function.
- * @method        CarbonImmutable              floorQuarter(float $precision = 1)                                                   Truncate the current instance quarter with given precision.
- * @method        CarbonImmutable              floorQuarters(float $precision = 1)                                                  Truncate the current instance quarter with given precision.
- * @method        CarbonImmutable              ceilQuarter(float $precision = 1)                                                    Ceil the current instance quarter with given precision.
- * @method        CarbonImmutable              ceilQuarters(float $precision = 1)                                                   Ceil the current instance quarter with given precision.
- * @method        CarbonImmutable              roundMillisecond(float $precision = 1, string $function = "round")                   Round the current instance millisecond with given precision using the given function.
- * @method        CarbonImmutable              roundMilliseconds(float $precision = 1, string $function = "round")                  Round the current instance millisecond with given precision using the given function.
- * @method        CarbonImmutable              floorMillisecond(float $precision = 1)                                               Truncate the current instance millisecond with given precision.
- * @method        CarbonImmutable              floorMilliseconds(float $precision = 1)                                              Truncate the current instance millisecond with given precision.
- * @method        CarbonImmutable              ceilMillisecond(float $precision = 1)                                                Ceil the current instance millisecond with given precision.
- * @method        CarbonImmutable              ceilMilliseconds(float $precision = 1)                                               Ceil the current instance millisecond with given precision.
- * @method        CarbonImmutable              roundMicrosecond(float $precision = 1, string $function = "round")                   Round the current instance microsecond with given precision using the given function.
- * @method        CarbonImmutable              roundMicroseconds(float $precision = 1, string $function = "round")                  Round the current instance microsecond with given precision using the given function.
- * @method        CarbonImmutable              floorMicrosecond(float $precision = 1)                                               Truncate the current instance microsecond with given precision.
- * @method        CarbonImmutable              floorMicroseconds(float $precision = 1)                                              Truncate the current instance microsecond with given precision.
- * @method        CarbonImmutable              ceilMicrosecond(float $precision = 1)                                                Ceil the current instance microsecond with given precision.
- * @method        CarbonImmutable              ceilMicroseconds(float $precision = 1)                                               Ceil the current instance microsecond with given precision.
- * @method        string                       shortAbsoluteDiffForHumans(DateTimeInterface $other = null, int $parts = 1)          Get the difference (short format, 'Absolute' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
- * @method        string                       longAbsoluteDiffForHumans(DateTimeInterface $other = null, int $parts = 1)           Get the difference (long format, 'Absolute' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
- * @method        string                       shortRelativeDiffForHumans(DateTimeInterface $other = null, int $parts = 1)          Get the difference (short format, 'Relative' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
- * @method        string                       longRelativeDiffForHumans(DateTimeInterface $other = null, int $parts = 1)           Get the difference (long format, 'Relative' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
- * @method        string                       shortRelativeToNowDiffForHumans(DateTimeInterface $other = null, int $parts = 1)     Get the difference (short format, 'RelativeToNow' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
- * @method        string                       longRelativeToNowDiffForHumans(DateTimeInterface $other = null, int $parts = 1)      Get the difference (long format, 'RelativeToNow' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
- * @method        string                       shortRelativeToOtherDiffForHumans(DateTimeInterface $other = null, int $parts = 1)   Get the difference (short format, 'RelativeToOther' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
- * @method        string                       longRelativeToOtherDiffForHumans(DateTimeInterface $other = null, int $parts = 1)    Get the difference (long format, 'RelativeToOther' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
- * @method        static CarbonImmutable|false createFromFormat(string $format, string $time, string|DateTimeZone $timezone = null) Parse a string into a new CarbonImmutable object according to the specified format.
- * @method        static CarbonImmutable       __set_state(array $array)                                                            https://php.net/manual/en/datetime.set-state.php
+ * @method        bool                isUtc()                                                                                         Check if the current instance has UTC timezone. (Both isUtc and isUTC cases are valid.)
+ * @method        bool                isLocal()                                                                                       Check if the current instance has non-UTC timezone.
+ * @method        bool                isValid()                                                                                       Check if the current instance is a valid date.
+ * @method        bool                isDST()                                                                                         Check if the current instance is in a daylight saving time.
+ * @method        bool                isSunday()                                                                                      Checks if the instance day is sunday.
+ * @method        bool                isMonday()                                                                                      Checks if the instance day is monday.
+ * @method        bool                isTuesday()                                                                                     Checks if the instance day is tuesday.
+ * @method        bool                isWednesday()                                                                                   Checks if the instance day is wednesday.
+ * @method        bool                isThursday()                                                                                    Checks if the instance day is thursday.
+ * @method        bool                isFriday()                                                                                      Checks if the instance day is friday.
+ * @method        bool                isSaturday()                                                                                    Checks if the instance day is saturday.
+ * @method        bool                isSameYear(Carbon|DateTimeInterface|string|null $date = null)                                   Checks if the given date is in the same year as the instance. If null passed, compare to now (with the same timezone).
+ * @method        bool                isCurrentYear()                                                                                 Checks if the instance is in the same year as the current moment.
+ * @method        bool                isNextYear()                                                                                    Checks if the instance is in the same year as the current moment next year.
+ * @method        bool                isLastYear()                                                                                    Checks if the instance is in the same year as the current moment last year.
+ * @method        bool                isSameWeek(Carbon|DateTimeInterface|string|null $date = null)                                   Checks if the given date is in the same week as the instance. If null passed, compare to now (with the same timezone).
+ * @method        bool                isCurrentWeek()                                                                                 Checks if the instance is in the same week as the current moment.
+ * @method        bool                isNextWeek()                                                                                    Checks if the instance is in the same week as the current moment next week.
+ * @method        bool                isLastWeek()                                                                                    Checks if the instance is in the same week as the current moment last week.
+ * @method        bool                isSameDay(Carbon|DateTimeInterface|string|null $date = null)                                    Checks if the given date is in the same day as the instance. If null passed, compare to now (with the same timezone).
+ * @method        bool                isCurrentDay()                                                                                  Checks if the instance is in the same day as the current moment.
+ * @method        bool                isNextDay()                                                                                     Checks if the instance is in the same day as the current moment next day.
+ * @method        bool                isLastDay()                                                                                     Checks if the instance is in the same day as the current moment last day.
+ * @method        bool                isSameHour(Carbon|DateTimeInterface|string|null $date = null)                                   Checks if the given date is in the same hour as the instance. If null passed, compare to now (with the same timezone).
+ * @method        bool                isCurrentHour()                                                                                 Checks if the instance is in the same hour as the current moment.
+ * @method        bool                isNextHour()                                                                                    Checks if the instance is in the same hour as the current moment next hour.
+ * @method        bool                isLastHour()                                                                                    Checks if the instance is in the same hour as the current moment last hour.
+ * @method        bool                isSameMinute(Carbon|DateTimeInterface|string|null $date = null)                                 Checks if the given date is in the same minute as the instance. If null passed, compare to now (with the same timezone).
+ * @method        bool                isCurrentMinute()                                                                               Checks if the instance is in the same minute as the current moment.
+ * @method        bool                isNextMinute()                                                                                  Checks if the instance is in the same minute as the current moment next minute.
+ * @method        bool                isLastMinute()                                                                                  Checks if the instance is in the same minute as the current moment last minute.
+ * @method        bool                isSameSecond(Carbon|DateTimeInterface|string|null $date = null)                                 Checks if the given date is in the same second as the instance. If null passed, compare to now (with the same timezone).
+ * @method        bool                isCurrentSecond()                                                                               Checks if the instance is in the same second as the current moment.
+ * @method        bool                isNextSecond()                                                                                  Checks if the instance is in the same second as the current moment next second.
+ * @method        bool                isLastSecond()                                                                                  Checks if the instance is in the same second as the current moment last second.
+ * @method        bool                isSameMicro(Carbon|DateTimeInterface|string|null $date = null)                                  Checks if the given date is in the same microsecond as the instance. If null passed, compare to now (with the same timezone).
+ * @method        bool                isCurrentMicro()                                                                                Checks if the instance is in the same microsecond as the current moment.
+ * @method        bool                isNextMicro()                                                                                   Checks if the instance is in the same microsecond as the current moment next microsecond.
+ * @method        bool                isLastMicro()                                                                                   Checks if the instance is in the same microsecond as the current moment last microsecond.
+ * @method        bool                isSameMicrosecond(Carbon|DateTimeInterface|string|null $date = null)                            Checks if the given date is in the same microsecond as the instance. If null passed, compare to now (with the same timezone).
+ * @method        bool                isCurrentMicrosecond()                                                                          Checks if the instance is in the same microsecond as the current moment.
+ * @method        bool                isNextMicrosecond()                                                                             Checks if the instance is in the same microsecond as the current moment next microsecond.
+ * @method        bool                isLastMicrosecond()                                                                             Checks if the instance is in the same microsecond as the current moment last microsecond.
+ * @method        bool                isCurrentMonth()                                                                                Checks if the instance is in the same month as the current moment.
+ * @method        bool                isNextMonth()                                                                                   Checks if the instance is in the same month as the current moment next month.
+ * @method        bool                isLastMonth()                                                                                   Checks if the instance is in the same month as the current moment last month.
+ * @method        bool                isCurrentQuarter()                                                                              Checks if the instance is in the same quarter as the current moment.
+ * @method        bool                isNextQuarter()                                                                                 Checks if the instance is in the same quarter as the current moment next quarter.
+ * @method        bool                isLastQuarter()                                                                                 Checks if the instance is in the same quarter as the current moment last quarter.
+ * @method        bool                isSameDecade(Carbon|DateTimeInterface|string|null $date = null)                                 Checks if the given date is in the same decade as the instance. If null passed, compare to now (with the same timezone).
+ * @method        bool                isCurrentDecade()                                                                               Checks if the instance is in the same decade as the current moment.
+ * @method        bool                isNextDecade()                                                                                  Checks if the instance is in the same decade as the current moment next decade.
+ * @method        bool                isLastDecade()                                                                                  Checks if the instance is in the same decade as the current moment last decade.
+ * @method        bool                isSameCentury(Carbon|DateTimeInterface|string|null $date = null)                                Checks if the given date is in the same century as the instance. If null passed, compare to now (with the same timezone).
+ * @method        bool                isCurrentCentury()                                                                              Checks if the instance is in the same century as the current moment.
+ * @method        bool                isNextCentury()                                                                                 Checks if the instance is in the same century as the current moment next century.
+ * @method        bool                isLastCentury()                                                                                 Checks if the instance is in the same century as the current moment last century.
+ * @method        bool                isSameMillennium(Carbon|DateTimeInterface|string|null $date = null)                             Checks if the given date is in the same millennium as the instance. If null passed, compare to now (with the same timezone).
+ * @method        bool                isCurrentMillennium()                                                                           Checks if the instance is in the same millennium as the current moment.
+ * @method        bool                isNextMillennium()                                                                              Checks if the instance is in the same millennium as the current moment next millennium.
+ * @method        bool                isLastMillennium()                                                                              Checks if the instance is in the same millennium as the current moment last millennium.
+ * @method        CarbonImmutable     years(int $value)                                                                               Set current instance year to the given value.
+ * @method        CarbonImmutable     year(int $value)                                                                                Set current instance year to the given value.
+ * @method        CarbonImmutable     setYears(int $value)                                                                            Set current instance year to the given value.
+ * @method        CarbonImmutable     setYear(int $value)                                                                             Set current instance year to the given value.
+ * @method        CarbonImmutable     months(int $value)                                                                              Set current instance month to the given value.
+ * @method        CarbonImmutable     month(int $value)                                                                               Set current instance month to the given value.
+ * @method        CarbonImmutable     setMonths(int $value)                                                                           Set current instance month to the given value.
+ * @method        CarbonImmutable     setMonth(int $value)                                                                            Set current instance month to the given value.
+ * @method        CarbonImmutable     days(int $value)                                                                                Set current instance day to the given value.
+ * @method        CarbonImmutable     day(int $value)                                                                                 Set current instance day to the given value.
+ * @method        CarbonImmutable     setDays(int $value)                                                                             Set current instance day to the given value.
+ * @method        CarbonImmutable     setDay(int $value)                                                                              Set current instance day to the given value.
+ * @method        CarbonImmutable     hours(int $value)                                                                               Set current instance hour to the given value.
+ * @method        CarbonImmutable     hour(int $value)                                                                                Set current instance hour to the given value.
+ * @method        CarbonImmutable     setHours(int $value)                                                                            Set current instance hour to the given value.
+ * @method        CarbonImmutable     setHour(int $value)                                                                             Set current instance hour to the given value.
+ * @method        CarbonImmutable     minutes(int $value)                                                                             Set current instance minute to the given value.
+ * @method        CarbonImmutable     minute(int $value)                                                                              Set current instance minute to the given value.
+ * @method        CarbonImmutable     setMinutes(int $value)                                                                          Set current instance minute to the given value.
+ * @method        CarbonImmutable     setMinute(int $value)                                                                           Set current instance minute to the given value.
+ * @method        CarbonImmutable     seconds(int $value)                                                                             Set current instance second to the given value.
+ * @method        CarbonImmutable     second(int $value)                                                                              Set current instance second to the given value.
+ * @method        CarbonImmutable     setSeconds(int $value)                                                                          Set current instance second to the given value.
+ * @method        CarbonImmutable     setSecond(int $value)                                                                           Set current instance second to the given value.
+ * @method        CarbonImmutable     millis(int $value)                                                                              Set current instance millisecond to the given value.
+ * @method        CarbonImmutable     milli(int $value)                                                                               Set current instance millisecond to the given value.
+ * @method        CarbonImmutable     setMillis(int $value)                                                                           Set current instance millisecond to the given value.
+ * @method        CarbonImmutable     setMilli(int $value)                                                                            Set current instance millisecond to the given value.
+ * @method        CarbonImmutable     milliseconds(int $value)                                                                        Set current instance millisecond to the given value.
+ * @method        CarbonImmutable     millisecond(int $value)                                                                         Set current instance millisecond to the given value.
+ * @method        CarbonImmutable     setMilliseconds(int $value)                                                                     Set current instance millisecond to the given value.
+ * @method        CarbonImmutable     setMillisecond(int $value)                                                                      Set current instance millisecond to the given value.
+ * @method        CarbonImmutable     micros(int $value)                                                                              Set current instance microsecond to the given value.
+ * @method        CarbonImmutable     micro(int $value)                                                                               Set current instance microsecond to the given value.
+ * @method        CarbonImmutable     setMicros(int $value)                                                                           Set current instance microsecond to the given value.
+ * @method        CarbonImmutable     setMicro(int $value)                                                                            Set current instance microsecond to the given value.
+ * @method        CarbonImmutable     microseconds(int $value)                                                                        Set current instance microsecond to the given value.
+ * @method        CarbonImmutable     microsecond(int $value)                                                                         Set current instance microsecond to the given value.
+ * @method        CarbonImmutable     setMicroseconds(int $value)                                                                     Set current instance microsecond to the given value.
+ * @method        CarbonImmutable     setMicrosecond(int $value)                                                                      Set current instance microsecond to the given value.
+ * @method        CarbonImmutable     addYears(int $value = 1)                                                                        Add years (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     addYear()                                                                                       Add one year to the instance (using date interval).
+ * @method        CarbonImmutable     subYears(int $value = 1)                                                                        Sub years (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     subYear()                                                                                       Sub one year to the instance (using date interval).
+ * @method        CarbonImmutable     addYearsWithOverflow(int $value = 1)                                                            Add years (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     addYearWithOverflow()                                                                           Add one year to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     subYearsWithOverflow(int $value = 1)                                                            Sub years (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     subYearWithOverflow()                                                                           Sub one year to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     addYearsWithoutOverflow(int $value = 1)                                                         Add years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addYearWithoutOverflow()                                                                        Add one year to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subYearsWithoutOverflow(int $value = 1)                                                         Sub years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subYearWithoutOverflow()                                                                        Sub one year to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addYearsWithNoOverflow(int $value = 1)                                                          Add years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addYearWithNoOverflow()                                                                         Add one year to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subYearsWithNoOverflow(int $value = 1)                                                          Sub years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subYearWithNoOverflow()                                                                         Sub one year to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addYearsNoOverflow(int $value = 1)                                                              Add years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addYearNoOverflow()                                                                             Add one year to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subYearsNoOverflow(int $value = 1)                                                              Sub years (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subYearNoOverflow()                                                                             Sub one year to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addMonths(int $value = 1)                                                                       Add months (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     addMonth()                                                                                      Add one month to the instance (using date interval).
+ * @method        CarbonImmutable     subMonths(int $value = 1)                                                                       Sub months (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     subMonth()                                                                                      Sub one month to the instance (using date interval).
+ * @method        CarbonImmutable     addMonthsWithOverflow(int $value = 1)                                                           Add months (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     addMonthWithOverflow()                                                                          Add one month to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     subMonthsWithOverflow(int $value = 1)                                                           Sub months (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     subMonthWithOverflow()                                                                          Sub one month to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     addMonthsWithoutOverflow(int $value = 1)                                                        Add months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addMonthWithoutOverflow()                                                                       Add one month to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subMonthsWithoutOverflow(int $value = 1)                                                        Sub months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subMonthWithoutOverflow()                                                                       Sub one month to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addMonthsWithNoOverflow(int $value = 1)                                                         Add months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addMonthWithNoOverflow()                                                                        Add one month to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subMonthsWithNoOverflow(int $value = 1)                                                         Sub months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subMonthWithNoOverflow()                                                                        Sub one month to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addMonthsNoOverflow(int $value = 1)                                                             Add months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addMonthNoOverflow()                                                                            Add one month to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subMonthsNoOverflow(int $value = 1)                                                             Sub months (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subMonthNoOverflow()                                                                            Sub one month to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addDays(int $value = 1)                                                                         Add days (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     addDay()                                                                                        Add one day to the instance (using date interval).
+ * @method        CarbonImmutable     subDays(int $value = 1)                                                                         Sub days (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     subDay()                                                                                        Sub one day to the instance (using date interval).
+ * @method        CarbonImmutable     addHours(int $value = 1)                                                                        Add hours (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     addHour()                                                                                       Add one hour to the instance (using date interval).
+ * @method        CarbonImmutable     subHours(int $value = 1)                                                                        Sub hours (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     subHour()                                                                                       Sub one hour to the instance (using date interval).
+ * @method        CarbonImmutable     addMinutes(int $value = 1)                                                                      Add minutes (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     addMinute()                                                                                     Add one minute to the instance (using date interval).
+ * @method        CarbonImmutable     subMinutes(int $value = 1)                                                                      Sub minutes (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     subMinute()                                                                                     Sub one minute to the instance (using date interval).
+ * @method        CarbonImmutable     addSeconds(int $value = 1)                                                                      Add seconds (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     addSecond()                                                                                     Add one second to the instance (using date interval).
+ * @method        CarbonImmutable     subSeconds(int $value = 1)                                                                      Sub seconds (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     subSecond()                                                                                     Sub one second to the instance (using date interval).
+ * @method        CarbonImmutable     addMillis(int $value = 1)                                                                       Add milliseconds (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     addMilli()                                                                                      Add one millisecond to the instance (using date interval).
+ * @method        CarbonImmutable     subMillis(int $value = 1)                                                                       Sub milliseconds (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     subMilli()                                                                                      Sub one millisecond to the instance (using date interval).
+ * @method        CarbonImmutable     addMilliseconds(int $value = 1)                                                                 Add milliseconds (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     addMillisecond()                                                                                Add one millisecond to the instance (using date interval).
+ * @method        CarbonImmutable     subMilliseconds(int $value = 1)                                                                 Sub milliseconds (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     subMillisecond()                                                                                Sub one millisecond to the instance (using date interval).
+ * @method        CarbonImmutable     addMicros(int $value = 1)                                                                       Add microseconds (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     addMicro()                                                                                      Add one microsecond to the instance (using date interval).
+ * @method        CarbonImmutable     subMicros(int $value = 1)                                                                       Sub microseconds (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     subMicro()                                                                                      Sub one microsecond to the instance (using date interval).
+ * @method        CarbonImmutable     addMicroseconds(int $value = 1)                                                                 Add microseconds (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     addMicrosecond()                                                                                Add one microsecond to the instance (using date interval).
+ * @method        CarbonImmutable     subMicroseconds(int $value = 1)                                                                 Sub microseconds (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     subMicrosecond()                                                                                Sub one microsecond to the instance (using date interval).
+ * @method        CarbonImmutable     addMillennia(int $value = 1)                                                                    Add millennia (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     addMillennium()                                                                                 Add one millennium to the instance (using date interval).
+ * @method        CarbonImmutable     subMillennia(int $value = 1)                                                                    Sub millennia (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     subMillennium()                                                                                 Sub one millennium to the instance (using date interval).
+ * @method        CarbonImmutable     addMillenniaWithOverflow(int $value = 1)                                                        Add millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     addMillenniumWithOverflow()                                                                     Add one millennium to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     subMillenniaWithOverflow(int $value = 1)                                                        Sub millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     subMillenniumWithOverflow()                                                                     Sub one millennium to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     addMillenniaWithoutOverflow(int $value = 1)                                                     Add millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addMillenniumWithoutOverflow()                                                                  Add one millennium to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subMillenniaWithoutOverflow(int $value = 1)                                                     Sub millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subMillenniumWithoutOverflow()                                                                  Sub one millennium to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addMillenniaWithNoOverflow(int $value = 1)                                                      Add millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addMillenniumWithNoOverflow()                                                                   Add one millennium to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subMillenniaWithNoOverflow(int $value = 1)                                                      Sub millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subMillenniumWithNoOverflow()                                                                   Sub one millennium to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addMillenniaNoOverflow(int $value = 1)                                                          Add millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addMillenniumNoOverflow()                                                                       Add one millennium to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subMillenniaNoOverflow(int $value = 1)                                                          Sub millennia (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subMillenniumNoOverflow()                                                                       Sub one millennium to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addCenturies(int $value = 1)                                                                    Add centuries (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     addCentury()                                                                                    Add one century to the instance (using date interval).
+ * @method        CarbonImmutable     subCenturies(int $value = 1)                                                                    Sub centuries (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     subCentury()                                                                                    Sub one century to the instance (using date interval).
+ * @method        CarbonImmutable     addCenturiesWithOverflow(int $value = 1)                                                        Add centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     addCenturyWithOverflow()                                                                        Add one century to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     subCenturiesWithOverflow(int $value = 1)                                                        Sub centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     subCenturyWithOverflow()                                                                        Sub one century to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     addCenturiesWithoutOverflow(int $value = 1)                                                     Add centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addCenturyWithoutOverflow()                                                                     Add one century to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subCenturiesWithoutOverflow(int $value = 1)                                                     Sub centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subCenturyWithoutOverflow()                                                                     Sub one century to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addCenturiesWithNoOverflow(int $value = 1)                                                      Add centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addCenturyWithNoOverflow()                                                                      Add one century to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subCenturiesWithNoOverflow(int $value = 1)                                                      Sub centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subCenturyWithNoOverflow()                                                                      Sub one century to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addCenturiesNoOverflow(int $value = 1)                                                          Add centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addCenturyNoOverflow()                                                                          Add one century to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subCenturiesNoOverflow(int $value = 1)                                                          Sub centuries (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subCenturyNoOverflow()                                                                          Sub one century to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addDecades(int $value = 1)                                                                      Add decades (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     addDecade()                                                                                     Add one decade to the instance (using date interval).
+ * @method        CarbonImmutable     subDecades(int $value = 1)                                                                      Sub decades (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     subDecade()                                                                                     Sub one decade to the instance (using date interval).
+ * @method        CarbonImmutable     addDecadesWithOverflow(int $value = 1)                                                          Add decades (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     addDecadeWithOverflow()                                                                         Add one decade to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     subDecadesWithOverflow(int $value = 1)                                                          Sub decades (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     subDecadeWithOverflow()                                                                         Sub one decade to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     addDecadesWithoutOverflow(int $value = 1)                                                       Add decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addDecadeWithoutOverflow()                                                                      Add one decade to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subDecadesWithoutOverflow(int $value = 1)                                                       Sub decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subDecadeWithoutOverflow()                                                                      Sub one decade to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addDecadesWithNoOverflow(int $value = 1)                                                        Add decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addDecadeWithNoOverflow()                                                                       Add one decade to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subDecadesWithNoOverflow(int $value = 1)                                                        Sub decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subDecadeWithNoOverflow()                                                                       Sub one decade to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addDecadesNoOverflow(int $value = 1)                                                            Add decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addDecadeNoOverflow()                                                                           Add one decade to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subDecadesNoOverflow(int $value = 1)                                                            Sub decades (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subDecadeNoOverflow()                                                                           Sub one decade to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addQuarters(int $value = 1)                                                                     Add quarters (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     addQuarter()                                                                                    Add one quarter to the instance (using date interval).
+ * @method        CarbonImmutable     subQuarters(int $value = 1)                                                                     Sub quarters (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     subQuarter()                                                                                    Sub one quarter to the instance (using date interval).
+ * @method        CarbonImmutable     addQuartersWithOverflow(int $value = 1)                                                         Add quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     addQuarterWithOverflow()                                                                        Add one quarter to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     subQuartersWithOverflow(int $value = 1)                                                         Sub quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     subQuarterWithOverflow()                                                                        Sub one quarter to the instance (using date interval) with overflow explicitly allowed.
+ * @method        CarbonImmutable     addQuartersWithoutOverflow(int $value = 1)                                                      Add quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addQuarterWithoutOverflow()                                                                     Add one quarter to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subQuartersWithoutOverflow(int $value = 1)                                                      Sub quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subQuarterWithoutOverflow()                                                                     Sub one quarter to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addQuartersWithNoOverflow(int $value = 1)                                                       Add quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addQuarterWithNoOverflow()                                                                      Add one quarter to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subQuartersWithNoOverflow(int $value = 1)                                                       Sub quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subQuarterWithNoOverflow()                                                                      Sub one quarter to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addQuartersNoOverflow(int $value = 1)                                                           Add quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addQuarterNoOverflow()                                                                          Add one quarter to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subQuartersNoOverflow(int $value = 1)                                                           Sub quarters (the $value count passed in) to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     subQuarterNoOverflow()                                                                          Sub one quarter to the instance (using date interval) with overflow explicitly forbidden.
+ * @method        CarbonImmutable     addWeeks(int $value = 1)                                                                        Add weeks (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     addWeek()                                                                                       Add one week to the instance (using date interval).
+ * @method        CarbonImmutable     subWeeks(int $value = 1)                                                                        Sub weeks (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     subWeek()                                                                                       Sub one week to the instance (using date interval).
+ * @method        CarbonImmutable     addWeekdays(int $value = 1)                                                                     Add weekdays (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     addWeekday()                                                                                    Add one weekday to the instance (using date interval).
+ * @method        CarbonImmutable     subWeekdays(int $value = 1)                                                                     Sub weekdays (the $value count passed in) to the instance (using date interval).
+ * @method        CarbonImmutable     subWeekday()                                                                                    Sub one weekday to the instance (using date interval).
+ * @method        CarbonImmutable     addRealMicros(int $value = 1)                                                                   Add microseconds (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     addRealMicro()                                                                                  Add one microsecond to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealMicros(int $value = 1)                                                                   Sub microseconds (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealMicro()                                                                                  Sub one microsecond to the instance (using timestamp).
+ * @method        CarbonPeriod        microsUntil($endDate = null, int $factor = 1)                                                   Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each microsecond or every X microseconds if a factor is given.
+ * @method        CarbonImmutable     addRealMicroseconds(int $value = 1)                                                             Add microseconds (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     addRealMicrosecond()                                                                            Add one microsecond to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealMicroseconds(int $value = 1)                                                             Sub microseconds (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealMicrosecond()                                                                            Sub one microsecond to the instance (using timestamp).
+ * @method        CarbonPeriod        microsecondsUntil($endDate = null, int $factor = 1)                                             Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each microsecond or every X microseconds if a factor is given.
+ * @method        CarbonImmutable     addRealMillis(int $value = 1)                                                                   Add milliseconds (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     addRealMilli()                                                                                  Add one millisecond to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealMillis(int $value = 1)                                                                   Sub milliseconds (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealMilli()                                                                                  Sub one millisecond to the instance (using timestamp).
+ * @method        CarbonPeriod        millisUntil($endDate = null, int $factor = 1)                                                   Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each millisecond or every X milliseconds if a factor is given.
+ * @method        CarbonImmutable     addRealMilliseconds(int $value = 1)                                                             Add milliseconds (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     addRealMillisecond()                                                                            Add one millisecond to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealMilliseconds(int $value = 1)                                                             Sub milliseconds (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealMillisecond()                                                                            Sub one millisecond to the instance (using timestamp).
+ * @method        CarbonPeriod        millisecondsUntil($endDate = null, int $factor = 1)                                             Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each millisecond or every X milliseconds if a factor is given.
+ * @method        CarbonImmutable     addRealSeconds(int $value = 1)                                                                  Add seconds (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     addRealSecond()                                                                                 Add one second to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealSeconds(int $value = 1)                                                                  Sub seconds (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealSecond()                                                                                 Sub one second to the instance (using timestamp).
+ * @method        CarbonPeriod        secondsUntil($endDate = null, int $factor = 1)                                                  Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each second or every X seconds if a factor is given.
+ * @method        CarbonImmutable     addRealMinutes(int $value = 1)                                                                  Add minutes (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     addRealMinute()                                                                                 Add one minute to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealMinutes(int $value = 1)                                                                  Sub minutes (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealMinute()                                                                                 Sub one minute to the instance (using timestamp).
+ * @method        CarbonPeriod        minutesUntil($endDate = null, int $factor = 1)                                                  Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each minute or every X minutes if a factor is given.
+ * @method        CarbonImmutable     addRealHours(int $value = 1)                                                                    Add hours (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     addRealHour()                                                                                   Add one hour to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealHours(int $value = 1)                                                                    Sub hours (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealHour()                                                                                   Sub one hour to the instance (using timestamp).
+ * @method        CarbonPeriod        hoursUntil($endDate = null, int $factor = 1)                                                    Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each hour or every X hours if a factor is given.
+ * @method        CarbonImmutable     addRealDays(int $value = 1)                                                                     Add days (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     addRealDay()                                                                                    Add one day to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealDays(int $value = 1)                                                                     Sub days (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealDay()                                                                                    Sub one day to the instance (using timestamp).
+ * @method        CarbonPeriod        daysUntil($endDate = null, int $factor = 1)                                                     Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each day or every X days if a factor is given.
+ * @method        CarbonImmutable     addRealWeeks(int $value = 1)                                                                    Add weeks (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     addRealWeek()                                                                                   Add one week to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealWeeks(int $value = 1)                                                                    Sub weeks (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealWeek()                                                                                   Sub one week to the instance (using timestamp).
+ * @method        CarbonPeriod        weeksUntil($endDate = null, int $factor = 1)                                                    Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each week or every X weeks if a factor is given.
+ * @method        CarbonImmutable     addRealMonths(int $value = 1)                                                                   Add months (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     addRealMonth()                                                                                  Add one month to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealMonths(int $value = 1)                                                                   Sub months (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealMonth()                                                                                  Sub one month to the instance (using timestamp).
+ * @method        CarbonPeriod        monthsUntil($endDate = null, int $factor = 1)                                                   Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each month or every X months if a factor is given.
+ * @method        CarbonImmutable     addRealQuarters(int $value = 1)                                                                 Add quarters (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     addRealQuarter()                                                                                Add one quarter to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealQuarters(int $value = 1)                                                                 Sub quarters (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealQuarter()                                                                                Sub one quarter to the instance (using timestamp).
+ * @method        CarbonPeriod        quartersUntil($endDate = null, int $factor = 1)                                                 Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each quarter or every X quarters if a factor is given.
+ * @method        CarbonImmutable     addRealYears(int $value = 1)                                                                    Add years (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     addRealYear()                                                                                   Add one year to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealYears(int $value = 1)                                                                    Sub years (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealYear()                                                                                   Sub one year to the instance (using timestamp).
+ * @method        CarbonPeriod        yearsUntil($endDate = null, int $factor = 1)                                                    Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each year or every X years if a factor is given.
+ * @method        CarbonImmutable     addRealDecades(int $value = 1)                                                                  Add decades (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     addRealDecade()                                                                                 Add one decade to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealDecades(int $value = 1)                                                                  Sub decades (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealDecade()                                                                                 Sub one decade to the instance (using timestamp).
+ * @method        CarbonPeriod        decadesUntil($endDate = null, int $factor = 1)                                                  Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each decade or every X decades if a factor is given.
+ * @method        CarbonImmutable     addRealCenturies(int $value = 1)                                                                Add centuries (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     addRealCentury()                                                                                Add one century to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealCenturies(int $value = 1)                                                                Sub centuries (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealCentury()                                                                                Sub one century to the instance (using timestamp).
+ * @method        CarbonPeriod        centuriesUntil($endDate = null, int $factor = 1)                                                Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each century or every X centuries if a factor is given.
+ * @method        CarbonImmutable     addRealMillennia(int $value = 1)                                                                Add millennia (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     addRealMillennium()                                                                             Add one millennium to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealMillennia(int $value = 1)                                                                Sub millennia (the $value count passed in) to the instance (using timestamp).
+ * @method        CarbonImmutable     subRealMillennium()                                                                             Sub one millennium to the instance (using timestamp).
+ * @method        CarbonPeriod        millenniaUntil($endDate = null, int $factor = 1)                                                Return an iterable period from current date to given end (string, DateTime or Carbon instance) for each millennium or every X millennia if a factor is given.
+ * @method        CarbonImmutable     roundYear(float $precision = 1, string $function = "round")                                     Round the current instance year with given precision using the given function.
+ * @method        CarbonImmutable     roundYears(float $precision = 1, string $function = "round")                                    Round the current instance year with given precision using the given function.
+ * @method        CarbonImmutable     floorYear(float $precision = 1)                                                                 Truncate the current instance year with given precision.
+ * @method        CarbonImmutable     floorYears(float $precision = 1)                                                                Truncate the current instance year with given precision.
+ * @method        CarbonImmutable     ceilYear(float $precision = 1)                                                                  Ceil the current instance year with given precision.
+ * @method        CarbonImmutable     ceilYears(float $precision = 1)                                                                 Ceil the current instance year with given precision.
+ * @method        CarbonImmutable     roundMonth(float $precision = 1, string $function = "round")                                    Round the current instance month with given precision using the given function.
+ * @method        CarbonImmutable     roundMonths(float $precision = 1, string $function = "round")                                   Round the current instance month with given precision using the given function.
+ * @method        CarbonImmutable     floorMonth(float $precision = 1)                                                                Truncate the current instance month with given precision.
+ * @method        CarbonImmutable     floorMonths(float $precision = 1)                                                               Truncate the current instance month with given precision.
+ * @method        CarbonImmutable     ceilMonth(float $precision = 1)                                                                 Ceil the current instance month with given precision.
+ * @method        CarbonImmutable     ceilMonths(float $precision = 1)                                                                Ceil the current instance month with given precision.
+ * @method        CarbonImmutable     roundDay(float $precision = 1, string $function = "round")                                      Round the current instance day with given precision using the given function.
+ * @method        CarbonImmutable     roundDays(float $precision = 1, string $function = "round")                                     Round the current instance day with given precision using the given function.
+ * @method        CarbonImmutable     floorDay(float $precision = 1)                                                                  Truncate the current instance day with given precision.
+ * @method        CarbonImmutable     floorDays(float $precision = 1)                                                                 Truncate the current instance day with given precision.
+ * @method        CarbonImmutable     ceilDay(float $precision = 1)                                                                   Ceil the current instance day with given precision.
+ * @method        CarbonImmutable     ceilDays(float $precision = 1)                                                                  Ceil the current instance day with given precision.
+ * @method        CarbonImmutable     roundHour(float $precision = 1, string $function = "round")                                     Round the current instance hour with given precision using the given function.
+ * @method        CarbonImmutable     roundHours(float $precision = 1, string $function = "round")                                    Round the current instance hour with given precision using the given function.
+ * @method        CarbonImmutable     floorHour(float $precision = 1)                                                                 Truncate the current instance hour with given precision.
+ * @method        CarbonImmutable     floorHours(float $precision = 1)                                                                Truncate the current instance hour with given precision.
+ * @method        CarbonImmutable     ceilHour(float $precision = 1)                                                                  Ceil the current instance hour with given precision.
+ * @method        CarbonImmutable     ceilHours(float $precision = 1)                                                                 Ceil the current instance hour with given precision.
+ * @method        CarbonImmutable     roundMinute(float $precision = 1, string $function = "round")                                   Round the current instance minute with given precision using the given function.
+ * @method        CarbonImmutable     roundMinutes(float $precision = 1, string $function = "round")                                  Round the current instance minute with given precision using the given function.
+ * @method        CarbonImmutable     floorMinute(float $precision = 1)                                                               Truncate the current instance minute with given precision.
+ * @method        CarbonImmutable     floorMinutes(float $precision = 1)                                                              Truncate the current instance minute with given precision.
+ * @method        CarbonImmutable     ceilMinute(float $precision = 1)                                                                Ceil the current instance minute with given precision.
+ * @method        CarbonImmutable     ceilMinutes(float $precision = 1)                                                               Ceil the current instance minute with given precision.
+ * @method        CarbonImmutable     roundSecond(float $precision = 1, string $function = "round")                                   Round the current instance second with given precision using the given function.
+ * @method        CarbonImmutable     roundSeconds(float $precision = 1, string $function = "round")                                  Round the current instance second with given precision using the given function.
+ * @method        CarbonImmutable     floorSecond(float $precision = 1)                                                               Truncate the current instance second with given precision.
+ * @method        CarbonImmutable     floorSeconds(float $precision = 1)                                                              Truncate the current instance second with given precision.
+ * @method        CarbonImmutable     ceilSecond(float $precision = 1)                                                                Ceil the current instance second with given precision.
+ * @method        CarbonImmutable     ceilSeconds(float $precision = 1)                                                               Ceil the current instance second with given precision.
+ * @method        CarbonImmutable     roundMillennium(float $precision = 1, string $function = "round")                               Round the current instance millennium with given precision using the given function.
+ * @method        CarbonImmutable     roundMillennia(float $precision = 1, string $function = "round")                                Round the current instance millennium with given precision using the given function.
+ * @method        CarbonImmutable     floorMillennium(float $precision = 1)                                                           Truncate the current instance millennium with given precision.
+ * @method        CarbonImmutable     floorMillennia(float $precision = 1)                                                            Truncate the current instance millennium with given precision.
+ * @method        CarbonImmutable     ceilMillennium(float $precision = 1)                                                            Ceil the current instance millennium with given precision.
+ * @method        CarbonImmutable     ceilMillennia(float $precision = 1)                                                             Ceil the current instance millennium with given precision.
+ * @method        CarbonImmutable     roundCentury(float $precision = 1, string $function = "round")                                  Round the current instance century with given precision using the given function.
+ * @method        CarbonImmutable     roundCenturies(float $precision = 1, string $function = "round")                                Round the current instance century with given precision using the given function.
+ * @method        CarbonImmutable     floorCentury(float $precision = 1)                                                              Truncate the current instance century with given precision.
+ * @method        CarbonImmutable     floorCenturies(float $precision = 1)                                                            Truncate the current instance century with given precision.
+ * @method        CarbonImmutable     ceilCentury(float $precision = 1)                                                               Ceil the current instance century with given precision.
+ * @method        CarbonImmutable     ceilCenturies(float $precision = 1)                                                             Ceil the current instance century with given precision.
+ * @method        CarbonImmutable     roundDecade(float $precision = 1, string $function = "round")                                   Round the current instance decade with given precision using the given function.
+ * @method        CarbonImmutable     roundDecades(float $precision = 1, string $function = "round")                                  Round the current instance decade with given precision using the given function.
+ * @method        CarbonImmutable     floorDecade(float $precision = 1)                                                               Truncate the current instance decade with given precision.
+ * @method        CarbonImmutable     floorDecades(float $precision = 1)                                                              Truncate the current instance decade with given precision.
+ * @method        CarbonImmutable     ceilDecade(float $precision = 1)                                                                Ceil the current instance decade with given precision.
+ * @method        CarbonImmutable     ceilDecades(float $precision = 1)                                                               Ceil the current instance decade with given precision.
+ * @method        CarbonImmutable     roundQuarter(float $precision = 1, string $function = "round")                                  Round the current instance quarter with given precision using the given function.
+ * @method        CarbonImmutable     roundQuarters(float $precision = 1, string $function = "round")                                 Round the current instance quarter with given precision using the given function.
+ * @method        CarbonImmutable     floorQuarter(float $precision = 1)                                                              Truncate the current instance quarter with given precision.
+ * @method        CarbonImmutable     floorQuarters(float $precision = 1)                                                             Truncate the current instance quarter with given precision.
+ * @method        CarbonImmutable     ceilQuarter(float $precision = 1)                                                               Ceil the current instance quarter with given precision.
+ * @method        CarbonImmutable     ceilQuarters(float $precision = 1)                                                              Ceil the current instance quarter with given precision.
+ * @method        CarbonImmutable     roundMillisecond(float $precision = 1, string $function = "round")                              Round the current instance millisecond with given precision using the given function.
+ * @method        CarbonImmutable     roundMilliseconds(float $precision = 1, string $function = "round")                             Round the current instance millisecond with given precision using the given function.
+ * @method        CarbonImmutable     floorMillisecond(float $precision = 1)                                                          Truncate the current instance millisecond with given precision.
+ * @method        CarbonImmutable     floorMilliseconds(float $precision = 1)                                                         Truncate the current instance millisecond with given precision.
+ * @method        CarbonImmutable     ceilMillisecond(float $precision = 1)                                                           Ceil the current instance millisecond with given precision.
+ * @method        CarbonImmutable     ceilMilliseconds(float $precision = 1)                                                          Ceil the current instance millisecond with given precision.
+ * @method        CarbonImmutable     roundMicrosecond(float $precision = 1, string $function = "round")                              Round the current instance microsecond with given precision using the given function.
+ * @method        CarbonImmutable     roundMicroseconds(float $precision = 1, string $function = "round")                             Round the current instance microsecond with given precision using the given function.
+ * @method        CarbonImmutable     floorMicrosecond(float $precision = 1)                                                          Truncate the current instance microsecond with given precision.
+ * @method        CarbonImmutable     floorMicroseconds(float $precision = 1)                                                         Truncate the current instance microsecond with given precision.
+ * @method        CarbonImmutable     ceilMicrosecond(float $precision = 1)                                                           Ceil the current instance microsecond with given precision.
+ * @method        CarbonImmutable     ceilMicroseconds(float $precision = 1)                                                          Ceil the current instance microsecond with given precision.
+ * @method        string              shortAbsoluteDiffForHumans(DateTimeInterface $other = null, int $parts = 1)                     Get the difference (short format, 'Absolute' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
+ * @method        string              longAbsoluteDiffForHumans(DateTimeInterface $other = null, int $parts = 1)                      Get the difference (long format, 'Absolute' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
+ * @method        string              shortRelativeDiffForHumans(DateTimeInterface $other = null, int $parts = 1)                     Get the difference (short format, 'Relative' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
+ * @method        string              longRelativeDiffForHumans(DateTimeInterface $other = null, int $parts = 1)                      Get the difference (long format, 'Relative' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
+ * @method        string              shortRelativeToNowDiffForHumans(DateTimeInterface $other = null, int $parts = 1)                Get the difference (short format, 'RelativeToNow' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
+ * @method        string              longRelativeToNowDiffForHumans(DateTimeInterface $other = null, int $parts = 1)                 Get the difference (long format, 'RelativeToNow' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
+ * @method        string              shortRelativeToOtherDiffForHumans(DateTimeInterface $other = null, int $parts = 1)              Get the difference (short format, 'RelativeToOther' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
+ * @method        string              longRelativeToOtherDiffForHumans(DateTimeInterface $other = null, int $parts = 1)               Get the difference (long format, 'RelativeToOther' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
+ * @method        static static|false createFromFormat(string $format, string $time, DateTimeZone|string|false|null $timezone = null) Parse a string into a new CarbonImmutable object according to the specified format.
+ * @method        static static       __set_state(array $array)                                                                       https://php.net/manual/en/datetime.set-state.php
  *
  * </autodoc>
  */
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonInterface.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonInterface.php
index 15e2061c7..b90e29817 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonInterface.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonInterface.php
@@ -586,6 +586,7 @@ interface CarbonInterface extends DateTimeInterface, JsonSerializable
     public const YEARS_PER_DECADE = 10;
     public const MONTHS_PER_YEAR = 12;
     public const MONTHS_PER_QUARTER = 3;
+    public const QUARTERS_PER_YEAR = 4;
     public const WEEKS_PER_YEAR = 52;
     public const WEEKS_PER_MONTH = 4;
     public const DAYS_PER_YEAR = 365;
@@ -726,6 +727,8 @@ interface CarbonInterface extends DateTimeInterface, JsonSerializable
     /**
      * Returns the list of properties to dump on serialize() called on.
      *
+     * Only used by PHP < 7.4.
+     *
      * @return array
      */
     public function __sleep();
@@ -735,7 +738,7 @@ interface CarbonInterface extends DateTimeInterface, JsonSerializable
      *
      * @example
      * ```
-     * echo Carbon::now(); // Carbon instances can be casted to string
+     * echo Carbon::now(); // Carbon instances can be cast to string
      * ```
      *
      * @return string
@@ -987,7 +990,7 @@ interface CarbonInterface extends DateTimeInterface, JsonSerializable
      *
      * @param string $modifier
      *
-     * @return static
+     * @return static|false
      */
     public function change($modifier);
 
@@ -1038,13 +1041,13 @@ interface CarbonInterface extends DateTimeInterface, JsonSerializable
      * If $hour is not null then the default values for $minute and $second
      * will be 0.
      *
-     * @param int|null                 $year
-     * @param int|null                 $month
-     * @param int|null                 $day
-     * @param int|null                 $hour
-     * @param int|null                 $minute
-     * @param int|null                 $second
-     * @param DateTimeZone|string|null $tz
+     * @param DateTimeInterface|int|null $year
+     * @param int|null                   $month
+     * @param int|null                   $day
+     * @param int|null                   $hour
+     * @param int|null                   $minute
+     * @param int|null                   $second
+     * @param DateTimeZone|string|null   $tz
      *
      * @throws InvalidFormatException
      *
@@ -1276,7 +1279,7 @@ interface CarbonInterface extends DateTimeInterface, JsonSerializable
      *
      * @return CarbonInterval
      */
-    public function diffAsCarbonInterval($date = null, $absolute = true);
+    public function diffAsCarbonInterval($date = null, $absolute = true, array $skip = []);
 
     /**
      * Get the difference by the given interval using a filter closure.
@@ -2116,6 +2119,18 @@ interface CarbonInterface extends DateTimeInterface, JsonSerializable
      */
     public static function getDays();
 
+    /**
+     * Return the number of days since the start of the week (using the current locale or the first parameter
+     * if explicitly given).
+     *
+     * @param int|null $weekStartsAt optional start allow you to specify the day of week to use to start the week,
+     *                               if not provided, start of week is inferred from the locale
+     *                               (Sunday for en_US, Monday for de_DE, etc.)
+     *
+     * @return int
+     */
+    public function getDaysFromStartOfWeek(?int $weekStartsAt = null): int;
+
     /**
      * Get the fallback locale.
      *
@@ -2738,12 +2753,35 @@ interface CarbonInterface extends DateTimeInterface, JsonSerializable
     public function isLeapYear();
 
     /**
-     * Determines if the instance is a long year
+     * Determines if the instance is a long year (using ISO 8601 year).
      *
      * @example
      * ```
-     * Carbon::parse('2015-01-01')->isLongYear(); // true
-     * Carbon::parse('2016-01-01')->isLongYear(); // false
+     * Carbon::parse('2015-01-01')->isLongIsoYear(); // true
+     * Carbon::parse('2016-01-01')->isLongIsoYear(); // true
+     * Carbon::parse('2016-01-03')->isLongIsoYear(); // false
+     * Carbon::parse('2019-12-29')->isLongIsoYear(); // false
+     * Carbon::parse('2019-12-30')->isLongIsoYear(); // true
+     * ```
+     *
+     * @see https://en.wikipedia.org/wiki/ISO_8601#Week_dates
+     *
+     * @return bool
+     */
+    public function isLongIsoYear();
+
+    /**
+     * Determines if the instance is a long year (using calendar year).
+     *
+     * ⚠️ This method completely ignores month and day to use the numeric year number,
+     * it's not correct if the exact date matters. For instance as `2019-12-30` is already
+     * in the first week of the 2020 year, if you want to know from this date if ISO week
+     * year 2020 is a long year, use `isLongIsoYear` instead.
+     *
+     * @example
+     * ```
+     * Carbon::create(2015)->isLongYear(); // true
+     * Carbon::create(2016)->isLongYear(); // false
      * ```
      *
      * @see https://en.wikipedia.org/wiki/ISO_8601#Week_dates
@@ -3382,7 +3420,7 @@ interface CarbonInterface extends DateTimeInterface, JsonSerializable
      *
      * @param string|int|null $modifier
      *
-     * @return static
+     * @return static|false
      */
     public function next($modifier = null);
 
@@ -3528,7 +3566,7 @@ interface CarbonInterface extends DateTimeInterface, JsonSerializable
      *
      * @param string|int|null $modifier
      *
-     * @return static
+     * @return static|false
      */
     public function previous($modifier = null);
 
@@ -3773,6 +3811,19 @@ interface CarbonInterface extends DateTimeInterface, JsonSerializable
      */
     public function setDateTimeFrom($date = null);
 
+    /**
+     * Set the day (keeping the current time) to the start of the week + the number of days passed as the first
+     * parameter. First day of week is driven by the locale unless explicitly set with the second parameter.
+     *
+     * @param int      $numberOfDays number of days to add after the start of the current week
+     * @param int|null $weekStartsAt optional start allow you to specify the day of week to use to start the week,
+     *                               if not provided, start of week is inferred from the locale
+     *                               (Sunday for en_US, Monday for de_DE, etc.)
+     *
+     * @return static
+     */
+    public function setDaysFromStartOfWeek(int $numberOfDays, ?int $weekStartsAt = null);
+
     /**
      * Set the fallback locale.
      *
@@ -3860,7 +3911,7 @@ interface CarbonInterface extends DateTimeInterface, JsonSerializable
      *
      * /!\ Use this method for unit tests only.
      *
-     * @param Closure|static|string|false|null $testNow real or mock Carbon instance
+     * @param DateTimeInterface|Closure|static|string|false|null $testNow real or mock Carbon instance
      */
     public static function setTestNow($testNow = null);
 
@@ -3881,7 +3932,7 @@ interface CarbonInterface extends DateTimeInterface, JsonSerializable
      *
      * /!\ Use this method for unit tests only.
      *
-     * @param Closure|static|string|false|null $testNow real or mock Carbon instance
+     * @param DateTimeInterface|Closure|static|string|false|null $testNow real or mock Carbon instance
      */
     public static function setTestNowAndTimezone($testNow = null, $tz = null);
 
@@ -3942,11 +3993,11 @@ interface CarbonInterface extends DateTimeInterface, JsonSerializable
 
     /**
      * @deprecated To avoid conflict between different third-party libraries, static setters should not be used.
-     *             You should rather let Carbon object being casted to string with DEFAULT_TO_STRING_FORMAT, and
-     *             use other method or custom format passed to format() method if you need to dump an other string
+     *             You should rather let Carbon object being cast to string with DEFAULT_TO_STRING_FORMAT, and
+     *             use other method or custom format passed to format() method if you need to dump another string
      *             format.
      *
-     * Set the default format used when type juggling a Carbon instance to a string
+     * Set the default format used when type juggling a Carbon instance to a string.
      *
      * @param string|Closure|null $format
      *
@@ -4537,6 +4588,18 @@ interface CarbonInterface extends DateTimeInterface, JsonSerializable
      */
     public function toFormattedDateString();
 
+    /**
+     * Format the instance with the day, and a readable date
+     *
+     * @example
+     * ```
+     * echo Carbon::now()->toFormattedDayDateString();
+     * ```
+     *
+     * @return string
+     */
+    public function toFormattedDayDateString(): string;
+
     /**
      * Return the ISO-8601 string (ex: 1977-04-22T06:00:00Z, if $keepOffset truthy, offset will be kept:
      * 1977-04-22T01:00:00-05:00).
@@ -5057,12 +5120,14 @@ interface CarbonInterface extends DateTimeInterface, JsonSerializable
      *
      * /!\ Use this method for unit tests only.
      *
-     * @param Closure|static|string|false|null $testNow  real or mock Carbon instance
-     * @param Closure|null                     $callback
+     * @template T
      *
-     * @return mixed
+     * @param DateTimeInterface|Closure|static|string|false|null $testNow  real or mock Carbon instance
+     * @param Closure(): T                                       $callback
+     *
+     * @return T
      */
-    public static function withTestNow($testNow = null, $callback = null);
+    public static function withTestNow($testNow, $callback);
 
     /**
      * Create a Carbon instance for yesterday.
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonInterval.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonInterval.php
index d465beac7..8437c545e 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonInterval.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonInterval.php
@@ -15,6 +15,7 @@ use Carbon\Exceptions\BadFluentConstructorException;
 use Carbon\Exceptions\BadFluentSetterException;
 use Carbon\Exceptions\InvalidCastException;
 use Carbon\Exceptions\InvalidIntervalException;
+use Carbon\Exceptions\OutOfRangeException;
 use Carbon\Exceptions\ParseErrorException;
 use Carbon\Exceptions\UnitNotConfiguredException;
 use Carbon\Exceptions\UnknownGetterException;
@@ -22,15 +23,20 @@ use Carbon\Exceptions\UnknownSetterException;
 use Carbon\Exceptions\UnknownUnitException;
 use Carbon\Traits\IntervalRounding;
 use Carbon\Traits\IntervalStep;
+use Carbon\Traits\MagicParameter;
 use Carbon\Traits\Mixin;
 use Carbon\Traits\Options;
+use Carbon\Traits\ToStringFormat;
 use Closure;
 use DateInterval;
+use DateMalformedIntervalStringException;
 use DateTimeInterface;
 use DateTimeZone;
 use Exception;
+use InvalidArgumentException;
 use ReflectionException;
 use ReturnTypeWillChange;
+use RuntimeException;
 use Throwable;
 
 /**
@@ -46,7 +52,7 @@ use Throwable;
  * @property int $minutes Total minutes of the current interval.
  * @property int $seconds Total seconds of the current interval.
  * @property int $microseconds Total microseconds of the current interval.
- * @property int $milliseconds Total microseconds of the current interval.
+ * @property int $milliseconds Total milliseconds of the current interval.
  * @property int $microExcludeMilli Remaining microseconds without the milliseconds.
  * @property int $dayzExcludeWeeks Total days remaining in the final week of the current instance (days % 7).
  * @property int $daysExcludeWeeks alias of dayzExcludeWeeks
@@ -184,10 +190,12 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
 {
     use IntervalRounding;
     use IntervalStep;
+    use MagicParameter;
     use Mixin {
         Mixin::mixin as baseMixin;
     }
     use Options;
+    use ToStringFormat;
 
     /**
      * Interval spec period designators
@@ -241,6 +249,11 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
      */
     private static $flipCascadeFactors;
 
+    /**
+     * @var bool
+     */
+    private static $floatSettersEnabled = false;
+
     /**
      * The registered macros.
      *
@@ -294,7 +307,12 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
      */
     public static function getCascadeFactors()
     {
-        return static::$cascadeFactors ?: [
+        return static::$cascadeFactors ?: static::getDefaultCascadeFactors();
+    }
+
+    protected static function getDefaultCascadeFactors(): array
+    {
+        return [
             'milliseconds' => [Carbon::MICROSECONDS_PER_MILLISECOND, 'microseconds'],
             'seconds' => [Carbon::MILLISECONDS_PER_SECOND, 'milliseconds'],
             'minutes' => [Carbon::SECONDS_PER_MINUTE, 'seconds'],
@@ -337,6 +355,19 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
         static::$cascadeFactors = $cascadeFactors;
     }
 
+    /**
+     * This option allow you to opt-in for the Carbon 3 behavior where float
+     * values will no longer be cast to integer (so truncated).
+     *
+     * ⚠️ This settings will be applied globally, which mean your whole application
+     * code including the third-party dependencies that also may use Carbon will
+     * adopt the new behavior.
+     */
+    public static function enableFloatSetters(bool $floatSettersEnabled = true): void
+    {
+        self::$floatSettersEnabled = $floatSettersEnabled;
+    }
+
     ///////////////////////////////////////////////////////////////////
     //////////////////////////// CONSTRUCTORS /////////////////////////
     ///////////////////////////////////////////////////////////////////
@@ -344,14 +375,14 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
     /**
      * Create a new CarbonInterval instance.
      *
-     * @param int|null $years
-     * @param int|null $months
-     * @param int|null $weeks
-     * @param int|null $days
-     * @param int|null $hours
-     * @param int|null $minutes
-     * @param int|null $seconds
-     * @param int|null $microseconds
+     * @param Closure|DateInterval|string|int|null $years
+     * @param int|float|null                       $months
+     * @param int|float|null                       $weeks
+     * @param int|float|null                       $days
+     * @param int|float|null                       $hours
+     * @param int|float|null                       $minutes
+     * @param int|float|null                       $seconds
+     * @param int|float|null                       $microseconds
      *
      * @throws Exception when the interval_spec (passed as $years) cannot be parsed as an interval.
      */
@@ -371,8 +402,9 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
         }
 
         $spec = $years;
+        $isStringSpec = (\is_string($spec) && !preg_match('/^[\d.]/', $spec));
 
-        if (!\is_string($spec) || (float) $years || preg_match('/^[0-9.]/', $years)) {
+        if (!$isStringSpec || (float) $years) {
             $spec = static::PERIOD_PREFIX;
 
             $spec .= $years > 0 ? $years.static::PERIOD_YEARS : '';
@@ -397,7 +429,74 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
             }
         }
 
-        parent::__construct($spec);
+        try {
+            parent::__construct($spec);
+        } catch (Throwable $exception) {
+            try {
+                parent::__construct('PT0S');
+
+                if ($isStringSpec) {
+                    if (!preg_match('/^P
+                        (?:(?<year>[+-]?\d*(?:\.\d+)?)Y)?
+                        (?:(?<month>[+-]?\d*(?:\.\d+)?)M)?
+                        (?:(?<week>[+-]?\d*(?:\.\d+)?)W)?
+                        (?:(?<day>[+-]?\d*(?:\.\d+)?)D)?
+                        (?:T
+                            (?:(?<hour>[+-]?\d*(?:\.\d+)?)H)?
+                            (?:(?<minute>[+-]?\d*(?:\.\d+)?)M)?
+                            (?:(?<second>[+-]?\d*(?:\.\d+)?)S)?
+                        )?
+                    $/x', $spec, $match)) {
+                        throw new InvalidArgumentException("Invalid duration: $spec");
+                    }
+
+                    $years = (float) ($match['year'] ?? 0);
+                    $this->assertSafeForInteger('year', $years);
+                    $months = (float) ($match['month'] ?? 0);
+                    $this->assertSafeForInteger('month', $months);
+                    $weeks = (float) ($match['week'] ?? 0);
+                    $this->assertSafeForInteger('week', $weeks);
+                    $days = (float) ($match['day'] ?? 0);
+                    $this->assertSafeForInteger('day', $days);
+                    $hours = (float) ($match['hour'] ?? 0);
+                    $this->assertSafeForInteger('hour', $hours);
+                    $minutes = (float) ($match['minute'] ?? 0);
+                    $this->assertSafeForInteger('minute', $minutes);
+                    $seconds = (float) ($match['second'] ?? 0);
+                    $this->assertSafeForInteger('second', $seconds);
+                }
+
+                $totalDays = (($weeks * static::getDaysPerWeek()) + $days);
+                $this->assertSafeForInteger('days total (including weeks)', $totalDays);
+
+                $this->y = (int) $years;
+                $this->m = (int) $months;
+                $this->d = (int) $totalDays;
+                $this->h = (int) $hours;
+                $this->i = (int) $minutes;
+                $this->s = (int) $seconds;
+
+                if (
+                    ((float) $this->y) !== $years ||
+                    ((float) $this->m) !== $months ||
+                    ((float) $this->d) !== $totalDays ||
+                    ((float) $this->h) !== $hours ||
+                    ((float) $this->i) !== $minutes ||
+                    ((float) $this->s) !== $seconds
+                ) {
+                    $this->add(static::fromString(
+                        ($years - $this->y).' years '.
+                        ($months - $this->m).' months '.
+                        ($totalDays - $this->d).' days '.
+                        ($hours - $this->h).' hours '.
+                        ($minutes - $this->i).' minutes '.
+                        ($seconds - $this->s).' seconds '
+                    ));
+                }
+            } catch (Throwable $secondException) {
+                throw $secondException instanceof OutOfRangeException ? $secondException : $exception;
+            }
+        }
 
         if ($microseconds !== null) {
             $this->f = $microseconds / Carbon::MICROSECONDS_PER_SECOND;
@@ -410,7 +509,7 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
      * @param string $source
      * @param string $target
      *
-     * @return int|null
+     * @return int|float|null
      */
     public static function getFactor($source, $target)
     {
@@ -438,7 +537,7 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
      * @param string $source
      * @param string $target
      *
-     * @return int|null
+     * @return int|float|null
      */
     public static function getFactorWithDefault($source, $target)
     {
@@ -465,7 +564,7 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
     /**
      * Returns current config for days per week.
      *
-     * @return int
+     * @return int|float
      */
     public static function getDaysPerWeek()
     {
@@ -475,7 +574,7 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
     /**
      * Returns current config for hours per day.
      *
-     * @return int
+     * @return int|float
      */
     public static function getHoursPerDay()
     {
@@ -485,7 +584,7 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
     /**
      * Returns current config for minutes per hour.
      *
-     * @return int
+     * @return int|float
      */
     public static function getMinutesPerHour()
     {
@@ -495,7 +594,7 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
     /**
      * Returns current config for seconds per minute.
      *
-     * @return int
+     * @return int|float
      */
     public static function getSecondsPerMinute()
     {
@@ -505,7 +604,7 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
     /**
      * Returns current config for microseconds per second.
      *
-     * @return int
+     * @return int|float
      */
     public static function getMillisecondsPerSecond()
     {
@@ -515,7 +614,7 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
     /**
      * Returns current config for microseconds per second.
      *
-     * @return int
+     * @return int|float
      */
     public static function getMicrosecondsPerMillisecond()
     {
@@ -673,6 +772,23 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
         }
     }
 
+    /**
+     * Evaluate the PHP generated by var_export() and recreate the exported CarbonInterval instance.
+     *
+     * @param array $dump data as exported by var_export()
+     *
+     * @return static
+     */
+    #[ReturnTypeWillChange]
+    public static function __set_state($dump)
+    {
+        /** @noinspection PhpVoidFunctionResultUsedInspection */
+        /** @var DateInterval $dateInterval */
+        $dateInterval = parent::__set_state($dump);
+
+        return static::instance($dateInterval);
+    }
+
     /**
      * Return the current context from inside a macro callee or a new one if static.
      *
@@ -767,6 +883,8 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
                 case 'year':
                 case 'years':
                 case 'y':
+                case 'yr':
+                case 'yrs':
                     $years += $intValue;
 
                     break;
@@ -780,6 +898,7 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
                 case 'month':
                 case 'months':
                 case 'mo':
+                case 'mos':
                     $months += $intValue;
 
                     break;
@@ -882,7 +1001,7 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
         return static::fromString(Carbon::translateTimeString($interval, $locale ?: static::getLocale(), 'en'));
     }
 
-    private static function castIntervalToClass(DateInterval $interval, string $className)
+    private static function castIntervalToClass(DateInterval $interval, string $className, array $skip = [])
     {
         $mainClass = DateInterval::class;
 
@@ -891,7 +1010,7 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
         }
 
         $microseconds = $interval->f;
-        $instance = new $className(static::getDateIntervalSpec($interval));
+        $instance = new $className(static::getDateIntervalSpec($interval, false, $skip));
 
         if ($microseconds) {
             $instance->f = $microseconds;
@@ -940,12 +1059,19 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
      * set the $days field.
      *
      * @param DateInterval $interval
+     * @param bool         $skipCopy set to true to return the passed object
+     *                               (without copying it) if it's already of the
+     *                               current class
      *
      * @return static
      */
-    public static function instance(DateInterval $interval)
+    public static function instance(DateInterval $interval, array $skip = [], bool $skipCopy = false)
     {
-        return self::castIntervalToClass($interval, static::class);
+        if ($skipCopy && $interval instanceof static) {
+            return $interval;
+        }
+
+        return self::castIntervalToClass($interval, static::class, $skip);
     }
 
     /**
@@ -956,17 +1082,20 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
      *
      * @param mixed|int|DateInterval|string|Closure|null $interval interval or number of the given $unit
      * @param string|null                                $unit     if specified, $interval must be an integer
+     * @param bool                                       $skipCopy set to true to return the passed object
+     *                                                             (without copying it) if it's already of the
+     *                                                             current class
      *
      * @return static|null
      */
-    public static function make($interval, $unit = null)
+    public static function make($interval, $unit = null, bool $skipCopy = false)
     {
         if ($unit) {
             $interval = "$interval ".Carbon::pluralUnit($unit);
         }
 
         if ($interval instanceof DateInterval) {
-            return static::instance($interval);
+            return static::instance($interval, [], $skipCopy);
         }
 
         if ($interval instanceof Closure) {
@@ -984,7 +1113,7 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
     {
         $interval = preg_replace('/\s+/', ' ', trim($interval));
 
-        if (preg_match('/^P[T0-9]/', $interval)) {
+        if (preg_match('/^P[T\d]/', $interval)) {
             return new static($interval);
         }
 
@@ -992,8 +1121,14 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
             return static::fromString($interval);
         }
 
-        /** @var static $interval */
-        $interval = static::createFromDateString($interval);
+        // @codeCoverageIgnoreStart
+        try {
+            /** @var static $interval */
+            $interval = static::createFromDateString($interval);
+        } catch (DateMalformedIntervalStringException $e) {
+            return null;
+        }
+        // @codeCoverageIgnoreEnd
 
         return !$interval || $interval->isEmpty() ? null : $interval;
     }
@@ -1081,11 +1216,11 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
                 return (int) round($this->f * Carbon::MICROSECONDS_PER_SECOND) % Carbon::MICROSECONDS_PER_MILLISECOND;
 
             case 'weeks':
-                return (int) ($this->d / static::getDaysPerWeek());
+                return (int) ($this->d / (int) static::getDaysPerWeek());
 
             case 'daysExcludeWeeks':
             case 'dayzExcludeWeeks':
-                return $this->d % static::getDaysPerWeek();
+                return $this->d % (int) static::getDaysPerWeek();
 
             case 'locale':
                 return $this->getTranslatorLocale();
@@ -1126,43 +1261,63 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
         foreach ($properties as $key => $value) {
             switch (Carbon::singularUnit(rtrim($key, 'z'))) {
                 case 'year':
+                    $this->checkIntegerValue($key, $value);
                     $this->y = $value;
+                    $this->handleDecimalPart('year', $value, $this->y);
 
                     break;
 
                 case 'month':
+                    $this->checkIntegerValue($key, $value);
                     $this->m = $value;
+                    $this->handleDecimalPart('month', $value, $this->m);
 
                     break;
 
                 case 'week':
-                    $this->d = $value * static::getDaysPerWeek();
+                    $this->checkIntegerValue($key, $value);
+                    $days = $value * (int) static::getDaysPerWeek();
+                    $this->assertSafeForInteger('days total (including weeks)', $days);
+                    $this->d = $days;
+                    $this->handleDecimalPart('day', $days, $this->d);
 
                     break;
 
                 case 'day':
+                    $this->checkIntegerValue($key, $value);
                     $this->d = $value;
+                    $this->handleDecimalPart('day', $value, $this->d);
 
                     break;
 
                 case 'daysexcludeweek':
                 case 'dayzexcludeweek':
-                    $this->d = $this->weeks * static::getDaysPerWeek() + $value;
+                    $this->checkIntegerValue($key, $value);
+                    $days = $this->weeks * (int) static::getDaysPerWeek() + $value;
+                    $this->assertSafeForInteger('days total (including weeks)', $days);
+                    $this->d = $days;
+                    $this->handleDecimalPart('day', $days, $this->d);
 
                     break;
 
                 case 'hour':
+                    $this->checkIntegerValue($key, $value);
                     $this->h = $value;
+                    $this->handleDecimalPart('hour', $value, $this->h);
 
                     break;
 
                 case 'minute':
+                    $this->checkIntegerValue($key, $value);
                     $this->i = $value;
+                    $this->handleDecimalPart('minute', $value, $this->i);
 
                     break;
 
                 case 'second':
+                    $this->checkIntegerValue($key, $value);
                     $this->s = $value;
+                    $this->handleDecimalPart('second', $value, $this->s);
 
                     break;
 
@@ -1355,11 +1510,15 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
         }
 
         if (preg_match('/^(?<method>add|sub)(?<unit>[A-Z].*)$/', $method, $match)) {
-            return $this->{$match['method']}($parameters[0], $match['unit']);
+            $value = $this->getMagicParameter($parameters, 0, Carbon::pluralUnit($match['unit']), 0);
+
+            return $this->{$match['method']}($value, $match['unit']);
         }
 
+        $value = $this->getMagicParameter($parameters, 0, Carbon::pluralUnit($method), 1);
+
         try {
-            $this->set($method, \count($parameters) === 0 ? 1 : $parameters[0]);
+            $this->set($method, $value);
         } catch (UnknownSetterException $exception) {
             if ($this->localStrictModeEnabled ?? Carbon::isStrictModeEnabled()) {
                 throw new BadFluentSetterException($method, 0, $exception);
@@ -1410,9 +1569,9 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
         $minimumUnit = 's';
         $skip = [];
         extract($this->getForHumansInitialVariables($syntax, $short));
-        $skip = array_filter((array) $skip, static function ($value) {
+        $skip = array_map('strtolower', array_filter((array) $skip, static function ($value) {
             return \is_string($value) && $value !== '';
-        });
+        }));
 
         if ($syntax === null) {
             $syntax = CarbonInterface::DIFF_ABSOLUTE;
@@ -1435,11 +1594,9 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
             ];
         }
 
-        if ($altNumbers) {
-            if ($altNumbers !== true) {
-                $language = new Language($this->locale);
-                $altNumbers = \in_array($language->getCode(), (array) $altNumbers);
-            }
+        if ($altNumbers && $altNumbers !== true) {
+            $language = new Language($this->locale);
+            $altNumbers = \in_array($language->getCode(), (array) $altNumbers, true);
         }
 
         if (\is_array($join)) {
@@ -1620,18 +1777,23 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
         $unit = $short ? 's' : 'second';
         $isFuture = $this->invert === 1;
         $transId = $relativeToNow ? ($isFuture ? 'from_now' : 'ago') : ($isFuture ? 'after' : 'before');
+        $declensionMode = null;
 
         /** @var \Symfony\Component\Translation\Translator $translator */
         $translator = $this->getLocalTranslator();
 
-        $handleDeclensions = function ($unit, $count) use ($interpolations, $transId, $translator, $altNumbers, $absolute) {
+        $handleDeclensions = function ($unit, $count, $index = 0, $parts = 1) use ($interpolations, $transId, $translator, $altNumbers, $absolute, &$declensionMode) {
             if (!$absolute) {
-                // Some languages have special pluralization for past and future tense.
-                $key = $unit.'_'.$transId;
-                $result = $this->translate($key, $interpolations, $count, $translator, $altNumbers);
+                $declensionMode = $declensionMode ?? $this->translate($transId.'_mode');
 
-                if ($result !== $key) {
-                    return $result;
+                if ($this->needsDeclension($declensionMode, $index, $parts)) {
+                    // Some languages have special pluralization for past and future tense.
+                    $key = $unit.'_'.$transId;
+                    $result = $this->translate($key, $interpolations, $count, $translator, $altNumbers);
+
+                    if ($result !== $key) {
+                        return $result;
+                    }
                 }
             }
 
@@ -1696,17 +1858,17 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
             }
         }
 
-        $transChoice = function ($short, $unitData) use ($absolute, $handleDeclensions, $translator, $aUnit, $altNumbers, $interpolations) {
+        $transChoice = function ($short, $unitData, $index, $parts) use ($absolute, $handleDeclensions, $translator, $aUnit, $altNumbers, $interpolations) {
             $count = $unitData['value'];
 
             if ($short) {
-                $result = $handleDeclensions($unitData['unitShort'], $count);
+                $result = $handleDeclensions($unitData['unitShort'], $count, $index, $parts);
 
                 if ($result !== null) {
                     return $result;
                 }
             } elseif ($aUnit) {
-                $result = $handleDeclensions('a_'.$unitData['unit'], $count);
+                $result = $handleDeclensions('a_'.$unitData['unit'], $count, $index, $parts);
 
                 if ($result !== null) {
                     return $result;
@@ -1714,7 +1876,7 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
             }
 
             if (!$absolute) {
-                return $handleDeclensions($unitData['unit'], $count);
+                return $handleDeclensions($unitData['unit'], $count, $index, $parts);
             }
 
             return $this->translate($unitData['unit'], $interpolations, $count, $translator, $altNumbers);
@@ -1726,7 +1888,7 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
             if ($diffIntervalData['value'] > 0) {
                 $unit = $short ? $diffIntervalData['unitShort'] : $diffIntervalData['unit'];
                 $count = $diffIntervalData['value'];
-                $interval[] = $transChoice($short, $diffIntervalData);
+                $interval[] = [$short, $diffIntervalData];
             } elseif ($options & CarbonInterface::SEQUENTIAL_PARTS_ONLY && \count($interval) > 0) {
                 break;
             }
@@ -1737,13 +1899,19 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
             }
 
             // break the loop after we have reached the minimum unit
-            if (\in_array($minimumUnit, [$diffIntervalData['unit'], $diffIntervalData['unitShort']])) {
+            if (\in_array($minimumUnit, [$diffIntervalData['unit'], $diffIntervalData['unitShort']], true)) {
                 $fallbackUnit = [$diffIntervalData['unit'], $diffIntervalData['unitShort']];
 
                 break;
             }
         }
 
+        $actualParts = \count($interval);
+
+        foreach ($interval as $index => &$item) {
+            $item = $transChoice($item[0], $item[1], $index, $actualParts);
+        }
+
         if (\count($interval) === 0) {
             if ($relativeToNow && $options & CarbonInterface::JUST_NOW) {
                 $key = 'diff_now';
@@ -1812,17 +1980,17 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
      */
     public function __toString()
     {
-        $format = $this->localToStringFormat;
+        $format = $this->localToStringFormat ?? static::$toStringFormat;
 
-        if ($format) {
-            if ($format instanceof Closure) {
-                return $format($this);
-            }
-
-            return $this->format($format);
+        if (!$format) {
+            return $this->forHumans();
         }
 
-        return $this->forHumans();
+        if ($format instanceof Closure) {
+            return $format($this);
+        }
+
+        return $this->format($format);
     }
 
     /**
@@ -1863,7 +2031,7 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
     /**
      * Invert the interval.
      *
-     * @param bool|int $inverted if a parameter is passed, the passed value casted as 1 or 0 is used
+     * @param bool|int $inverted if a parameter is passed, the passed value cast as 1 or 0 is used
      *                           as the new value of the ->invert property.
      *
      * @return $this
@@ -2141,7 +2309,7 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
      *
      * @return string
      */
-    public static function getDateIntervalSpec(DateInterval $interval)
+    public static function getDateIntervalSpec(DateInterval $interval, bool $microseconds = false, array $skip = [])
     {
         $date = array_filter([
             static::PERIOD_YEARS => abs($interval->y),
@@ -2149,10 +2317,25 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
             static::PERIOD_DAYS => abs($interval->d),
         ]);
 
+        if (
+            $interval->days >= CarbonInterface::DAYS_PER_WEEK * CarbonInterface::WEEKS_PER_MONTH &&
+            (!isset($date[static::PERIOD_YEARS]) || \count(array_intersect(['y', 'year', 'years'], $skip))) &&
+            (!isset($date[static::PERIOD_MONTHS]) || \count(array_intersect(['m', 'month', 'months'], $skip)))
+        ) {
+            $date = [
+                static::PERIOD_DAYS => abs($interval->days),
+            ];
+        }
+
+        $seconds = abs($interval->s);
+        if ($microseconds && $interval->f > 0) {
+            $seconds = sprintf('%d.%06d', $seconds, abs($interval->f) * 1000000);
+        }
+
         $time = array_filter([
             static::PERIOD_HOURS => abs($interval->h),
             static::PERIOD_MINUTES => abs($interval->i),
-            static::PERIOD_SECONDS => abs($interval->s),
+            static::PERIOD_SECONDS => $seconds,
         ]);
 
         $specString = static::PERIOD_PREFIX;
@@ -2176,9 +2359,9 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
      *
      * @return string
      */
-    public function spec()
+    public function spec(bool $microseconds = false)
     {
-        return static::getDateIntervalSpec($this);
+        return static::getDateIntervalSpec($this, $microseconds);
     }
 
     /**
@@ -2229,9 +2412,11 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
         $originalData = $this->toArray();
         $originalData['milliseconds'] = (int) ($originalData['microseconds'] / static::getMicrosecondsPerMillisecond());
         $originalData['microseconds'] = $originalData['microseconds'] % static::getMicrosecondsPerMillisecond();
-        $originalData['daysExcludeWeeks'] = $originalData['days'];
+        $originalData['weeks'] = (int) ($this->d / static::getDaysPerWeek());
+        $originalData['daysExcludeWeeks'] = fmod($this->d, static::getDaysPerWeek());
         unset($originalData['days']);
         $newData = $originalData;
+        $previous = [];
 
         foreach (self::getFlipCascadeFactors() as $source => [$target, $factor]) {
             foreach (['source', 'target'] as $key) {
@@ -2241,9 +2426,29 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
             }
 
             $value = $newData[$source];
-            $modulo = ($factor + ($value % $factor)) % $factor;
+            $modulo = fmod($factor + fmod($value, $factor), $factor);
             $newData[$source] = $modulo;
             $newData[$target] += ($value - $modulo) / $factor;
+
+            $decimalPart = fmod($newData[$source], 1);
+
+            if ($decimalPart !== 0.0) {
+                $unit = $source;
+
+                foreach ($previous as [$subUnit, $subFactor]) {
+                    $newData[$unit] -= $decimalPart;
+                    $newData[$subUnit] += $decimalPart * $subFactor;
+                    $decimalPart = fmod($newData[$subUnit], 1);
+
+                    if ($decimalPart === 0.0) {
+                        break;
+                    }
+
+                    $unit = $subUnit;
+                }
+            }
+
+            array_unshift($previous, [$source, $factor]);
         }
 
         $positive = null;
@@ -2324,13 +2529,13 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
         $cumulativeFactor = 0;
         $unitFound = false;
         $factors = self::getFlipCascadeFactors();
-        $daysPerWeek = static::getDaysPerWeek();
+        $daysPerWeek = (int) static::getDaysPerWeek();
 
         $values = [
             'years' => $this->years,
             'months' => $this->months,
             'weeks' => (int) ($this->d / $daysPerWeek),
-            'dayz' => $this->d % $daysPerWeek,
+            'dayz' => fmod($this->d, $daysPerWeek),
             'hours' => $this->hours,
             'minutes' => $this->minutes,
             'seconds' => $this->seconds,
@@ -2391,10 +2596,11 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
         }
 
         if ($unit === 'weeks') {
-            return $result / $daysPerWeek;
+            $result /= $daysPerWeek;
         }
 
-        return $result;
+        // Cast as int numbers with no decimal part
+        return fmod($result, 1) === 0.0 ? (int) $result : $result;
     }
 
     /**
@@ -2662,6 +2868,15 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
      */
     public function roundUnit($unit, $precision = 1, $function = 'round')
     {
+        if (static::getCascadeFactors() !== static::getDefaultCascadeFactors()) {
+            $value = $function($this->total($unit) / $precision) * $precision;
+            $inverted = $value < 0;
+
+            return $this->copyProperties(self::fromString(
+                number_format(abs($value), 12, '.', '').' '.$unit
+            )->invert($inverted)->cascade());
+        }
+
         $base = CarbonImmutable::parse('2000-01-01 00:00:00', 'UTC')
             ->roundUnit($unit, $precision, $function);
         $next = $base->add($this);
@@ -2752,4 +2967,88 @@ class CarbonInterval extends DateInterval implements CarbonConverterInterface
     {
         return $this->round($precision, 'ceil');
     }
+
+    private function needsDeclension(string $mode, int $index, int $parts): bool
+    {
+        switch ($mode) {
+            case 'last':
+                return $index === $parts - 1;
+            default:
+                return true;
+        }
+    }
+
+    private function checkIntegerValue(string $name, $value)
+    {
+        if (\is_int($value)) {
+            return;
+        }
+
+        $this->assertSafeForInteger($name, $value);
+
+        if (\is_float($value) && (((float) (int) $value) === $value)) {
+            return;
+        }
+
+        if (!self::$floatSettersEnabled) {
+            $type = \gettype($value);
+            @trigger_error(
+                "Since 2.70.0, it's deprecated to pass $type value for $name.\n".
+                "It's truncated when stored as an integer interval unit.\n".
+                "From 3.0.0, decimal part will no longer be truncated and will be cascaded to smaller units.\n".
+                "- To maintain the current behavior, use explicit cast: $name((int) \$value)\n".
+                "- To adopt the new behavior globally, call CarbonInterval::enableFloatSetters()\n",
+                \E_USER_DEPRECATED
+            );
+        }
+    }
+
+    /**
+     * Throw an exception if precision loss when storing the given value as an integer would be >= 1.0.
+     */
+    private function assertSafeForInteger(string $name, $value)
+    {
+        if ($value && !\is_int($value) && ($value >= 0x7fffffffffffffff || $value <= -0x7fffffffffffffff)) {
+            throw new OutOfRangeException($name, -0x7fffffffffffffff, 0x7fffffffffffffff, $value);
+        }
+    }
+
+    private function handleDecimalPart(string $unit, $value, $integerValue)
+    {
+        if (self::$floatSettersEnabled) {
+            $floatValue = (float) $value;
+            $base = (float) $integerValue;
+
+            if ($floatValue === $base) {
+                return;
+            }
+
+            $units = [
+                'y' => 'year',
+                'm' => 'month',
+                'd' => 'day',
+                'h' => 'hour',
+                'i' => 'minute',
+                's' => 'second',
+            ];
+            $upper = true;
+
+            foreach ($units as $property => $name) {
+                if ($name === $unit) {
+                    $upper = false;
+
+                    continue;
+                }
+
+                if (!$upper && $this->$property !== 0) {
+                    throw new RuntimeException(
+                        "You cannot set $unit to a float value as $name would be overridden, ".
+                        'set it first to 0 explicitly if you really want to erase its value'
+                    );
+                }
+            }
+
+            $this->add($unit, $floatValue - $base);
+        }
+    }
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonPeriod.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonPeriod.php
index 0e81e7573..d12a98697 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonPeriod.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonPeriod.php
@@ -11,6 +11,7 @@
 
 namespace Carbon;
 
+use Carbon\Exceptions\EndLessPeriodException;
 use Carbon\Exceptions\InvalidCastException;
 use Carbon\Exceptions\InvalidIntervalException;
 use Carbon\Exceptions\InvalidPeriodDateException;
@@ -23,11 +24,13 @@ use Carbon\Exceptions\UnreachableException;
 use Carbon\Traits\IntervalRounding;
 use Carbon\Traits\Mixin;
 use Carbon\Traits\Options;
+use Carbon\Traits\ToStringFormat;
 use Closure;
 use Countable;
 use DateInterval;
 use DatePeriod;
 use DateTime;
+use DateTimeImmutable;
 use DateTimeInterface;
 use DateTimeZone;
 use InvalidArgumentException;
@@ -48,43 +51,47 @@ use RuntimeException;
  * @property-read CarbonInterface $end Period end date.
  * @property-read CarbonInterval $interval Underlying date interval instance. Always present, one day by default.
  *
- * @method static CarbonPeriod start($date, $inclusive = null) Create instance specifying start date or modify the start date if called on an instance.
- * @method static CarbonPeriod since($date, $inclusive = null) Alias for start().
- * @method static CarbonPeriod sinceNow($inclusive = null) Create instance with start date set to now or set the start date to now if called on an instance.
- * @method static CarbonPeriod end($date = null, $inclusive = null) Create instance specifying end date or modify the end date if called on an instance.
- * @method static CarbonPeriod until($date = null, $inclusive = null) Alias for end().
- * @method static CarbonPeriod untilNow($inclusive = null) Create instance with end date set to now or set the end date to now if called on an instance.
- * @method static CarbonPeriod dates($start, $end = null) Create instance with start and end dates or modify the start and end dates if called on an instance.
- * @method static CarbonPeriod between($start, $end = null) Create instance with start and end dates or modify the start and end dates if called on an instance.
- * @method static CarbonPeriod recurrences($recurrences = null) Create instance with maximum number of recurrences or modify the number of recurrences if called on an instance.
- * @method static CarbonPeriod times($recurrences = null) Alias for recurrences().
- * @method static CarbonPeriod options($options = null) Create instance with options or modify the options if called on an instance.
- * @method static CarbonPeriod toggle($options, $state = null) Create instance with options toggled on or off, or toggle options if called on an instance.
- * @method static CarbonPeriod filter($callback, $name = null) Create instance with filter added to the stack or append a filter if called on an instance.
- * @method static CarbonPeriod push($callback, $name = null) Alias for filter().
- * @method static CarbonPeriod prepend($callback, $name = null) Create instance with filter prepended to the stack or prepend a filter if called on an instance.
- * @method static CarbonPeriod filters(array $filters = []) Create instance with filters stack or replace the whole filters stack if called on an instance.
- * @method static CarbonPeriod interval($interval) Create instance with given date interval or modify the interval if called on an instance.
- * @method static CarbonPeriod each($interval) Create instance with given date interval or modify the interval if called on an instance.
- * @method static CarbonPeriod every($interval) Create instance with given date interval or modify the interval if called on an instance.
- * @method static CarbonPeriod step($interval) Create instance with given date interval or modify the interval if called on an instance.
- * @method static CarbonPeriod stepBy($interval) Create instance with given date interval or modify the interval if called on an instance.
- * @method static CarbonPeriod invert() Create instance with inverted date interval or invert the interval if called on an instance.
- * @method static CarbonPeriod years($years = 1) Create instance specifying a number of years for date interval or replace the interval by the given a number of years if called on an instance.
- * @method static CarbonPeriod year($years = 1) Alias for years().
- * @method static CarbonPeriod months($months = 1) Create instance specifying a number of months for date interval or replace the interval by the given a number of months if called on an instance.
- * @method static CarbonPeriod month($months = 1) Alias for months().
- * @method static CarbonPeriod weeks($weeks = 1) Create instance specifying a number of weeks for date interval or replace the interval by the given a number of weeks if called on an instance.
- * @method static CarbonPeriod week($weeks = 1) Alias for weeks().
- * @method static CarbonPeriod days($days = 1) Create instance specifying a number of days for date interval or replace the interval by the given a number of days if called on an instance.
- * @method static CarbonPeriod dayz($days = 1) Alias for days().
- * @method static CarbonPeriod day($days = 1) Alias for days().
- * @method static CarbonPeriod hours($hours = 1) Create instance specifying a number of hours for date interval or replace the interval by the given a number of hours if called on an instance.
- * @method static CarbonPeriod hour($hours = 1) Alias for hours().
- * @method static CarbonPeriod minutes($minutes = 1) Create instance specifying a number of minutes for date interval or replace the interval by the given a number of minutes if called on an instance.
- * @method static CarbonPeriod minute($minutes = 1) Alias for minutes().
- * @method static CarbonPeriod seconds($seconds = 1) Create instance specifying a number of seconds for date interval or replace the interval by the given a number of seconds if called on an instance.
- * @method static CarbonPeriod second($seconds = 1) Alias for seconds().
+ * @method static static start($date, $inclusive = null) Create instance specifying start date or modify the start date if called on an instance.
+ * @method static static since($date, $inclusive = null) Alias for start().
+ * @method static static sinceNow($inclusive = null) Create instance with start date set to now or set the start date to now if called on an instance.
+ * @method static static end($date = null, $inclusive = null) Create instance specifying end date or modify the end date if called on an instance.
+ * @method static static until($date = null, $inclusive = null) Alias for end().
+ * @method static static untilNow($inclusive = null) Create instance with end date set to now or set the end date to now if called on an instance.
+ * @method static static dates($start, $end = null) Create instance with start and end dates or modify the start and end dates if called on an instance.
+ * @method static static between($start, $end = null) Create instance with start and end dates or modify the start and end dates if called on an instance.
+ * @method static static recurrences($recurrences = null) Create instance with maximum number of recurrences or modify the number of recurrences if called on an instance.
+ * @method static static times($recurrences = null) Alias for recurrences().
+ * @method static static options($options = null) Create instance with options or modify the options if called on an instance.
+ * @method static static toggle($options, $state = null) Create instance with options toggled on or off, or toggle options if called on an instance.
+ * @method static static filter($callback, $name = null) Create instance with filter added to the stack or append a filter if called on an instance.
+ * @method static static push($callback, $name = null) Alias for filter().
+ * @method static static prepend($callback, $name = null) Create instance with filter prepended to the stack or prepend a filter if called on an instance.
+ * @method static static filters(array $filters = []) Create instance with filters stack or replace the whole filters stack if called on an instance.
+ * @method static static interval($interval) Create instance with given date interval or modify the interval if called on an instance.
+ * @method static static each($interval) Create instance with given date interval or modify the interval if called on an instance.
+ * @method static static every($interval) Create instance with given date interval or modify the interval if called on an instance.
+ * @method static static step($interval) Create instance with given date interval or modify the interval if called on an instance.
+ * @method static static stepBy($interval) Create instance with given date interval or modify the interval if called on an instance.
+ * @method static static invert() Create instance with inverted date interval or invert the interval if called on an instance.
+ * @method static static years($years = 1) Create instance specifying a number of years for date interval or replace the interval by the given a number of years if called on an instance.
+ * @method static static year($years = 1) Alias for years().
+ * @method static static months($months = 1) Create instance specifying a number of months for date interval or replace the interval by the given a number of months if called on an instance.
+ * @method static static month($months = 1) Alias for months().
+ * @method static static weeks($weeks = 1) Create instance specifying a number of weeks for date interval or replace the interval by the given a number of weeks if called on an instance.
+ * @method static static week($weeks = 1) Alias for weeks().
+ * @method static static days($days = 1) Create instance specifying a number of days for date interval or replace the interval by the given a number of days if called on an instance.
+ * @method static static dayz($days = 1) Alias for days().
+ * @method static static day($days = 1) Alias for days().
+ * @method static static hours($hours = 1) Create instance specifying a number of hours for date interval or replace the interval by the given a number of hours if called on an instance.
+ * @method static static hour($hours = 1) Alias for hours().
+ * @method static static minutes($minutes = 1) Create instance specifying a number of minutes for date interval or replace the interval by the given a number of minutes if called on an instance.
+ * @method static static minute($minutes = 1) Alias for minutes().
+ * @method static static seconds($seconds = 1) Create instance specifying a number of seconds for date interval or replace the interval by the given a number of seconds if called on an instance.
+ * @method static static second($seconds = 1) Alias for seconds().
+ * @method static static milliseconds($milliseconds = 1) Create instance specifying a number of milliseconds for date interval or replace the interval by the given a number of milliseconds if called on an instance.
+ * @method static static millisecond($milliseconds = 1) Alias for milliseconds().
+ * @method static static microseconds($microseconds = 1) Create instance specifying a number of microseconds for date interval or replace the interval by the given a number of microseconds if called on an instance.
+ * @method static static microsecond($microseconds = 1) Alias for microseconds().
  * @method $this roundYear(float $precision = 1, string $function = "round") Round the current instance year with given precision using the given function.
  * @method $this roundYears(float $precision = 1, string $function = "round") Round the current instance year with given precision using the given function.
  * @method $this floorYear(float $precision = 1) Truncate the current instance year with given precision.
@@ -173,6 +180,7 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
         Mixin::mixin as baseMixin;
     }
     use Options;
+    use ToStringFormat;
 
     /**
      * Built-in filter for limit by recurrences.
@@ -230,6 +238,13 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      */
     public const END_MAX_ATTEMPTS = 10000;
 
+    /**
+     * Default date class of iteration items.
+     *
+     * @var string
+     */
+    protected const DEFAULT_DATE_CLASS = Carbon::class;
+
     /**
      * The registered macros.
      *
@@ -251,6 +266,13 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      */
     protected $dateInterval;
 
+    /**
+     * True once __construct is finished.
+     *
+     * @var bool
+     */
+    protected $constructed = false;
+
     /**
      * Whether current date interval was set by default.
      *
@@ -377,7 +399,7 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
             );
         }
 
-        $class = \get_called_class();
+        $class = static::class;
         $type = \gettype($period);
 
         throw new NotAPeriodException(
@@ -482,15 +504,16 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
         $interval = null;
         $start = null;
         $end = null;
+        $dateClass = static::DEFAULT_DATE_CLASS;
 
         foreach (explode('/', $iso) as $key => $part) {
-            if ($key === 0 && preg_match('/^R([0-9]*|INF)$/', $part, $match)) {
+            if ($key === 0 && preg_match('/^R(\d*|INF)$/', $part, $match)) {
                 $parsed = \strlen($match[1]) ? (($match[1] !== 'INF') ? (int) $match[1] : INF) : null;
             } elseif ($interval === null && $parsed = CarbonInterval::make($part)) {
                 $interval = $part;
-            } elseif ($start === null && $parsed = Carbon::make($part)) {
+            } elseif ($start === null && $parsed = $dateClass::make($part)) {
                 $start = $part;
-            } elseif ($end === null && $parsed = Carbon::make(static::addMissingParts($start ?? '', $part))) {
+            } elseif ($end === null && $parsed = $dateClass::make(static::addMissingParts($start ?? '', $part))) {
                 $end = $part;
             } else {
                 throw new InvalidPeriodParameterException("Invalid ISO 8601 specification: $iso.");
@@ -503,7 +526,7 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
     }
 
     /**
-     * Add missing parts of the target date from the soure date.
+     * Add missing parts of the target date from the source date.
      *
      * @param string $source
      * @param string $target
@@ -512,7 +535,7 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      */
     protected static function addMissingParts($source, $target)
     {
-        $pattern = '/'.preg_replace('/[0-9]+/', '[0-9]+', preg_quote($target, '/')).'$/';
+        $pattern = '/'.preg_replace('/\d+/', '[0-9]+', preg_quote($target, '/')).'$/';
 
         $result = preg_replace($pattern, $target, $source, 1, $count);
 
@@ -621,6 +644,10 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      */
     public function __construct(...$arguments)
     {
+        if (is_a($this->dateClass, DateTimeImmutable::class, true)) {
+            $this->options = static::IMMUTABLE;
+        }
+
         // Parse and assign arguments one by one. First argument may be an ISO 8601 spec,
         // which will be first parsed into parts and then processed the same way.
 
@@ -648,6 +675,8 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
             }
         }
 
+        $optionsSet = false;
+
         foreach ($arguments as $argument) {
             $parsedDate = null;
 
@@ -655,10 +684,10 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
                 $this->setTimezone($argument);
             } elseif ($this->dateInterval === null &&
                 (
-                    \is_string($argument) && preg_match(
-                        '/^(-?\d(\d(?![\/-])|[^\d\/-]([\/-])?)*|P[T0-9].*|(?:\h*\d+(?:\.\d+)?\h*[a-z]+)+)$/i',
+                    (\is_string($argument) && preg_match(
+                        '/^(-?\d(\d(?![\/-])|[^\d\/-]([\/-])?)*|P[T\d].*|(?:\h*\d+(?:\.\d+)?\h*[a-z]+)+)$/i',
                         $argument
-                    ) ||
+                    )) ||
                     $argument instanceof DateInterval ||
                     $argument instanceof Closure
                 ) &&
@@ -671,15 +700,17 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
                 $this->setEndDate($parsedDate);
             } elseif ($this->recurrences === null && $this->endDate === null && is_numeric($argument)) {
                 $this->setRecurrences($argument);
-            } elseif ($this->options === null && (\is_int($argument) || $argument === null)) {
-                $this->setOptions($argument);
+            } elseif (!$optionsSet && (\is_int($argument) || $argument === null)) {
+                $optionsSet = true;
+                $this->setOptions(((int) $this->options) | ((int) $argument));
             } else {
                 throw new InvalidPeriodParameterException('Invalid constructor parameters.');
             }
         }
 
         if ($this->startDate === null) {
-            $this->setStartDate(Carbon::now());
+            $dateClass = $this->dateClass;
+            $this->setStartDate($dateClass::now());
         }
 
         if ($this->dateInterval === null) {
@@ -691,6 +722,8 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
         if ($this->options === null) {
             $this->setOptions(0);
         }
+
+        $this->constructed = true;
     }
 
     /**
@@ -703,6 +736,17 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
         return clone $this;
     }
 
+    /**
+     * Prepare the instance to be set (self if mutable to be mutated,
+     * copy if immutable to generate a new instance).
+     *
+     * @return static
+     */
+    protected function copyIfImmutable()
+    {
+        return $this;
+    }
+
     /**
      * Get the getter for a property allowing both `DatePeriod` snakeCase and camelCase names.
      *
@@ -794,7 +838,7 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      *
      * @param string $dateClass
      *
-     * @return $this
+     * @return static
      */
     public function setDateClass(string $dateClass)
     {
@@ -802,15 +846,16 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
             throw new NotACarbonClassException($dateClass);
         }
 
-        $this->dateClass = $dateClass;
+        $self = $this->copyIfImmutable();
+        $self->dateClass = $dateClass;
 
         if (is_a($dateClass, Carbon::class, true)) {
-            $this->toggleOptions(static::IMMUTABLE, false);
+            $self->options = $self->options & ~static::IMMUTABLE;
         } elseif (is_a($dateClass, CarbonImmutable::class, true)) {
-            $this->toggleOptions(static::IMMUTABLE, true);
+            $self->options = $self->options | static::IMMUTABLE;
         }
 
-        return $this;
+        return $self;
     }
 
     /**
@@ -830,7 +875,7 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      *
      * @throws InvalidIntervalException
      *
-     * @return $this
+     * @return static
      */
     public function setDateInterval($interval)
     {
@@ -842,25 +887,24 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
             throw new InvalidIntervalException('Empty interval is not accepted.');
         }
 
-        $this->dateInterval = $interval;
+        $self = $this->copyIfImmutable();
+        $self->dateInterval = $interval;
 
-        $this->isDefaultInterval = false;
+        $self->isDefaultInterval = false;
 
-        $this->handleChangedParameters();
+        $self->handleChangedParameters();
 
-        return $this;
+        return $self;
     }
 
     /**
      * Invert the period date interval.
      *
-     * @return $this
+     * @return static
      */
     public function invertDateInterval()
     {
-        $interval = $this->dateInterval->invert();
-
-        return $this->setDateInterval($interval);
+        return $this->setDateInterval($this->dateInterval->invert());
     }
 
     /**
@@ -869,14 +913,11 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      * @param DateTime|DateTimeInterface|string      $start
      * @param DateTime|DateTimeInterface|string|null $end
      *
-     * @return $this
+     * @return static
      */
     public function setDates($start, $end)
     {
-        $this->setStartDate($start);
-        $this->setEndDate($end);
-
-        return $this;
+        return $this->setStartDate($start)->setEndDate($end);
     }
 
     /**
@@ -886,7 +927,7 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      *
      * @throws InvalidArgumentException
      *
-     * @return $this
+     * @return static
      */
     public function setOptions($options)
     {
@@ -894,11 +935,12 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
             throw new InvalidPeriodParameterException('Invalid options.');
         }
 
-        $this->options = $options ?: 0;
+        $self = $this->copyIfImmutable();
+        $self->options = $options ?: 0;
 
-        $this->handleChangedParameters();
+        $self->handleChangedParameters();
 
-        return $this;
+        return $self;
     }
 
     /**
@@ -919,7 +961,7 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      *
      * @throws \InvalidArgumentException
      *
-     * @return $this
+     * @return static
      */
     public function toggleOptions($options, $state = null)
     {
@@ -939,7 +981,7 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      *
      * @param bool $state
      *
-     * @return $this
+     * @return static
      */
     public function excludeStartDate($state = true)
     {
@@ -951,7 +993,7 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      *
      * @param bool $state
      *
-     * @return $this
+     * @return static
      */
     public function excludeEndDate($state = true)
     {
@@ -1095,17 +1137,18 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      * @param callable $callback
      * @param string   $name
      *
-     * @return $this
+     * @return static
      */
     public function addFilter($callback, $name = null)
     {
-        $tuple = $this->createFilterTuple(\func_get_args());
+        $self = $this->copyIfImmutable();
+        $tuple = $self->createFilterTuple(\func_get_args());
 
-        $this->filters[] = $tuple;
+        $self->filters[] = $tuple;
 
-        $this->handleChangedParameters();
+        $self->handleChangedParameters();
 
-        return $this;
+        return $self;
     }
 
     /**
@@ -1116,17 +1159,18 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      * @param callable $callback
      * @param string   $name
      *
-     * @return $this
+     * @return static
      */
     public function prependFilter($callback, $name = null)
     {
-        $tuple = $this->createFilterTuple(\func_get_args());
+        $self = $this->copyIfImmutable();
+        $tuple = $self->createFilterTuple(\func_get_args());
 
-        array_unshift($this->filters, $tuple);
+        array_unshift($self->filters, $tuple);
 
-        $this->handleChangedParameters();
+        $self->handleChangedParameters();
 
-        return $this;
+        return $self;
     }
 
     /**
@@ -1134,24 +1178,25 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      *
      * @param callable|string $filter
      *
-     * @return $this
+     * @return static
      */
     public function removeFilter($filter)
     {
+        $self = $this->copyIfImmutable();
         $key = \is_callable($filter) ? 0 : 1;
 
-        $this->filters = array_values(array_filter(
+        $self->filters = array_values(array_filter(
             $this->filters,
             function ($tuple) use ($key, $filter) {
                 return $tuple[$key] !== $filter;
             }
         ));
 
-        $this->updateInternalState();
+        $self->updateInternalState();
 
-        $this->handleChangedParameters();
+        $self->handleChangedParameters();
 
-        return $this;
+        return $self;
     }
 
     /**
@@ -1189,39 +1234,41 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      *
      * @param array $filters
      *
-     * @return $this
+     * @return static
      */
     public function setFilters(array $filters)
     {
-        $this->filters = $filters;
+        $self = $this->copyIfImmutable();
+        $self->filters = $filters;
 
-        $this->updateInternalState();
+        $self->updateInternalState();
 
-        $this->handleChangedParameters();
+        $self->handleChangedParameters();
 
-        return $this;
+        return $self;
     }
 
     /**
      * Reset filters stack.
      *
-     * @return $this
+     * @return static
      */
     public function resetFilters()
     {
-        $this->filters = [];
+        $self = $this->copyIfImmutable();
+        $self->filters = [];
 
-        if ($this->endDate !== null) {
-            $this->filters[] = [static::END_DATE_FILTER, null];
+        if ($self->endDate !== null) {
+            $self->filters[] = [static::END_DATE_FILTER, null];
         }
 
-        if ($this->recurrences !== null) {
-            $this->filters[] = [static::RECURRENCES_FILTER, null];
+        if ($self->recurrences !== null) {
+            $self->filters[] = [static::RECURRENCES_FILTER, null];
         }
 
-        $this->handleChangedParameters();
+        $self->handleChangedParameters();
 
-        return $this;
+        return $self;
     }
 
     /**
@@ -1231,11 +1278,11 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      *
      * @throws InvalidArgumentException
      *
-     * @return $this
+     * @return static
      */
     public function setRecurrences($recurrences)
     {
-        if (!is_numeric($recurrences) && $recurrences !== null || $recurrences < 0) {
+        if ((!is_numeric($recurrences) && $recurrences !== null) || $recurrences < 0) {
             throw new InvalidPeriodParameterException('Invalid number of recurrences.');
         }
 
@@ -1243,15 +1290,17 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
             return $this->removeFilter(static::RECURRENCES_FILTER);
         }
 
-        $this->recurrences = $recurrences === INF ? INF : (int) $recurrences;
+        /** @var self $self */
+        $self = $this->copyIfImmutable();
+        $self->recurrences = $recurrences === INF ? INF : (int) $recurrences;
 
-        if (!$this->hasFilter(static::RECURRENCES_FILTER)) {
-            return $this->addFilter(static::RECURRENCES_FILTER);
+        if (!$self->hasFilter(static::RECURRENCES_FILTER)) {
+            return $self->addFilter(static::RECURRENCES_FILTER);
         }
 
-        $this->handleChangedParameters();
+        $self->handleChangedParameters();
 
-        return $this;
+        return $self;
     }
 
     /**
@@ -1262,21 +1311,22 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      *
      * @throws InvalidPeriodDateException
      *
-     * @return $this
+     * @return static
      */
     public function setStartDate($date, $inclusive = null)
     {
-        if (!$date = ([$this->dateClass, 'make'])($date)) {
+        if (!$this->isInfiniteDate($date) && !($date = ([$this->dateClass, 'make'])($date))) {
             throw new InvalidPeriodDateException('Invalid start date.');
         }
 
-        $this->startDate = $date;
+        $self = $this->copyIfImmutable();
+        $self->startDate = $date;
 
         if ($inclusive !== null) {
-            $this->toggleOptions(static::EXCLUDE_START_DATE, !$inclusive);
+            $self = $self->toggleOptions(static::EXCLUDE_START_DATE, !$inclusive);
         }
 
-        return $this;
+        return $self;
     }
 
     /**
@@ -1287,11 +1337,11 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      *
      * @throws \InvalidArgumentException
      *
-     * @return $this
+     * @return static
      */
     public function setEndDate($date, $inclusive = null)
     {
-        if ($date !== null && !$date = ([$this->dateClass, 'make'])($date)) {
+        if ($date !== null && !$this->isInfiniteDate($date) && !$date = ([$this->dateClass, 'make'])($date)) {
             throw new InvalidPeriodDateException('Invalid end date.');
         }
 
@@ -1299,19 +1349,20 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
             return $this->removeFilter(static::END_DATE_FILTER);
         }
 
-        $this->endDate = $date;
+        $self = $this->copyIfImmutable();
+        $self->endDate = $date;
 
         if ($inclusive !== null) {
-            $this->toggleOptions(static::EXCLUDE_END_DATE, !$inclusive);
+            $self = $self->toggleOptions(static::EXCLUDE_END_DATE, !$inclusive);
         }
 
-        if (!$this->hasFilter(static::END_DATE_FILTER)) {
-            return $this->addFilter(static::END_DATE_FILTER);
+        if (!$self->hasFilter(static::END_DATE_FILTER)) {
+            return $self->addFilter(static::END_DATE_FILTER);
         }
 
-        $this->handleChangedParameters();
+        $self->handleChangedParameters();
 
-        return $this;
+        return $self;
     }
 
     /**
@@ -1457,13 +1508,21 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      */
     public function toString()
     {
+        $format = $this->localToStringFormat ?? static::$toStringFormat;
+
+        if ($format instanceof Closure) {
+            return $format($this);
+        }
+
         $translator = ([$this->dateClass, 'getTranslator'])();
 
         $parts = [];
 
-        $format = !$this->startDate->isStartOfDay() || $this->endDate && !$this->endDate->isStartOfDay()
-            ? 'Y-m-d H:i:s'
-            : 'Y-m-d';
+        $format = $format ?? (
+            !$this->startDate->isStartOfDay() || ($this->endDate && !$this->endDate->isStartOfDay())
+                ? 'Y-m-d H:i:s'
+                : 'Y-m-d'
+        );
 
         if ($this->recurrences !== null) {
             $parts[] = $this->translate('period_recurrences', [], $this->recurrences, $translator);
@@ -1506,9 +1565,9 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
         if (!method_exists($className, 'instance')) {
             if (is_a($className, DatePeriod::class, true)) {
                 return new $className(
-                    $this->getStartDate(),
+                    $this->rawDate($this->getStartDate()),
                     $this->getDateInterval(),
-                    $this->getEndDate() ? $this->getIncludedEndDate() : $this->getRecurrences(),
+                    $this->getEndDate() ? $this->rawDate($this->getIncludedEndDate()) : $this->getRecurrences(),
                     $this->isStartExcluded() ? DatePeriod::EXCLUDE_START_DATE : 0
                 );
             }
@@ -1534,6 +1593,39 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
         return $this->cast(DatePeriod::class);
     }
 
+    /**
+     * Return `true` if the period has no custom filter and is guaranteed to be endless.
+     *
+     * Note that we can't check if a period is endless as soon as it has custom filters
+     * because filters can emit `CarbonPeriod::END_ITERATION` to stop the iteration in
+     * a way we can't predict without actually iterating the period.
+     */
+    public function isUnfilteredAndEndLess(): bool
+    {
+        foreach ($this->filters as $filter) {
+            switch ($filter) {
+                case [static::RECURRENCES_FILTER, null]:
+                    if ($this->recurrences !== null && is_finite($this->recurrences)) {
+                        return false;
+                    }
+
+                    break;
+
+                case [static::END_DATE_FILTER, null]:
+                    if ($this->endDate !== null && !$this->endDate->isEndOfTime()) {
+                        return false;
+                    }
+
+                    break;
+
+                default:
+                    return false;
+            }
+        }
+
+        return true;
+    }
+
     /**
      * Convert the date period into an array without changing current iteration state.
      *
@@ -1541,6 +1633,10 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      */
     public function toArray()
     {
+        if ($this->isUnfilteredAndEndLess()) {
+            throw new EndLessPeriodException("Endless period can't be converted to array nor counted.");
+        }
+
         $state = [
             $this->key,
             $this->current ? $this->current->avoidMutation() : null,
@@ -1572,6 +1668,16 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      */
     public function first()
     {
+        if ($this->isUnfilteredAndEndLess()) {
+            foreach ($this as $date) {
+                $this->rewind();
+
+                return $date;
+            }
+
+            return null;
+        }
+
         return ($this->toArray() ?: [])[0] ?? null;
     }
 
@@ -1626,54 +1732,80 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
             return $roundedValue;
         }
 
-        $first = \count($parameters) >= 1 ? $parameters[0] : null;
-        $second = \count($parameters) >= 2 ? $parameters[1] : null;
-
         switch ($method) {
             case 'start':
             case 'since':
-                return $this->setStartDate($first, $second);
+                self::setDefaultParameters($parameters, [
+                    [0, 'date', null],
+                ]);
+
+                return $this->setStartDate(...$parameters);
 
             case 'sinceNow':
-                return $this->setStartDate(new Carbon(), $first);
+                return $this->setStartDate(new Carbon(), ...$parameters);
 
             case 'end':
             case 'until':
-                return $this->setEndDate($first, $second);
+                self::setDefaultParameters($parameters, [
+                    [0, 'date', null],
+                ]);
+
+                return $this->setEndDate(...$parameters);
 
             case 'untilNow':
-                return $this->setEndDate(new Carbon(), $first);
+                return $this->setEndDate(new Carbon(), ...$parameters);
 
             case 'dates':
             case 'between':
-                return $this->setDates($first, $second);
+                self::setDefaultParameters($parameters, [
+                    [0, 'start', null],
+                    [1, 'end', null],
+                ]);
+
+                return $this->setDates(...$parameters);
 
             case 'recurrences':
             case 'times':
-                return $this->setRecurrences($first);
+                self::setDefaultParameters($parameters, [
+                    [0, 'recurrences', null],
+                ]);
+
+                return $this->setRecurrences(...$parameters);
 
             case 'options':
-                return $this->setOptions($first);
+                self::setDefaultParameters($parameters, [
+                    [0, 'options', null],
+                ]);
+
+                return $this->setOptions(...$parameters);
 
             case 'toggle':
-                return $this->toggleOptions($first, $second);
+                self::setDefaultParameters($parameters, [
+                    [0, 'options', null],
+                ]);
+
+                return $this->toggleOptions(...$parameters);
 
             case 'filter':
             case 'push':
-                return $this->addFilter($first, $second);
+                return $this->addFilter(...$parameters);
 
             case 'prepend':
-                return $this->prependFilter($first, $second);
+                return $this->prependFilter(...$parameters);
 
             case 'filters':
-                return $this->setFilters($first ?: []);
+                self::setDefaultParameters($parameters, [
+                    [0, 'filters', []],
+                ]);
+
+                return $this->setFilters(...$parameters);
 
             case 'interval':
             case 'each':
             case 'every':
             case 'step':
             case 'stepBy':
-                return $this->setDateInterval($first);
+                return $this->setDateInterval(...$parameters);
 
             case 'invert':
                 return $this->invertDateInterval();
@@ -1693,15 +1825,19 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
             case 'minute':
             case 'seconds':
             case 'second':
+            case 'milliseconds':
+            case 'millisecond':
+            case 'microseconds':
+            case 'microsecond':
                 return $this->setDateInterval((
                     // Override default P1D when instantiating via fluent setters.
                     [$this->isDefaultInterval ? new CarbonInterval('PT0S') : $this->dateInterval, $method]
-                )(
-                    \count($parameters) === 0 ? 1 : $first
-                ));
+                )(...$parameters));
         }
 
-        if ($this->localStrictModeEnabled ?? Carbon::isStrictModeEnabled()) {
+        $dateClass = $this->dateClass;
+
+        if ($this->localStrictModeEnabled ?? $dateClass::isStrictModeEnabled()) {
             throw new UnknownMethodException($method);
         }
 
@@ -1717,18 +1853,19 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      */
     public function setTimezone($timezone)
     {
-        $this->tzName = $timezone;
-        $this->timezone = $timezone;
+        $self = $this->copyIfImmutable();
+        $self->tzName = $timezone;
+        $self->timezone = $timezone;
 
-        if ($this->startDate) {
-            $this->setStartDate($this->startDate->setTimezone($timezone));
+        if ($self->startDate) {
+            $self = $self->setStartDate($self->startDate->setTimezone($timezone));
         }
 
-        if ($this->endDate) {
-            $this->setEndDate($this->endDate->setTimezone($timezone));
+        if ($self->endDate) {
+            $self = $self->setEndDate($self->endDate->setTimezone($timezone));
         }
 
-        return $this;
+        return $self;
     }
 
     /**
@@ -1740,18 +1877,19 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      */
     public function shiftTimezone($timezone)
     {
-        $this->tzName = $timezone;
-        $this->timezone = $timezone;
+        $self = $this->copyIfImmutable();
+        $self->tzName = $timezone;
+        $self->timezone = $timezone;
 
-        if ($this->startDate) {
-            $this->setStartDate($this->startDate->shiftTimezone($timezone));
+        if ($self->startDate) {
+            $self = $self->setStartDate($self->startDate->shiftTimezone($timezone));
         }
 
-        if ($this->endDate) {
-            $this->setEndDate($this->endDate->shiftTimezone($timezone));
+        if ($self->endDate) {
+            $self = $self->setEndDate($self->endDate->shiftTimezone($timezone));
         }
 
-        return $this;
+        return $self;
     }
 
     /**
@@ -1896,7 +2034,7 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
 
     /**
      * Determines if the instance is equal to another.
-     * Warning: if options differ, instances wil never be equal.
+     * Warning: if options differ, instances will never be equal.
      *
      * @param mixed $period
      *
@@ -1911,7 +2049,7 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
 
     /**
      * Determines if the instance is equal to another.
-     * Warning: if options differ, instances wil never be equal.
+     * Warning: if options differ, instances will never be equal.
      *
      * @param mixed $period
      *
@@ -1934,7 +2072,7 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
 
     /**
      * Determines if the instance is not equal to another.
-     * Warning: if options differ, instances wil never be equal.
+     * Warning: if options differ, instances will never be equal.
      *
      * @param mixed $period
      *
@@ -1949,7 +2087,7 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
 
     /**
      * Determines if the instance is not equal to another.
-     * Warning: if options differ, instances wil never be equal.
+     * Warning: if options differ, instances will never be equal.
      *
      * @param mixed $period
      *
@@ -2130,19 +2268,18 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      * @param float|int|string|\DateInterval|null $precision
      * @param string                              $function
      *
-     * @return $this
+     * @return static
      */
     public function roundUnit($unit, $precision = 1, $function = 'round')
     {
-        $this->setStartDate($this->getStartDate()->roundUnit($unit, $precision, $function));
+        $self = $this->copyIfImmutable();
+        $self = $self->setStartDate($self->getStartDate()->roundUnit($unit, $precision, $function));
 
-        if ($this->endDate) {
-            $this->setEndDate($this->getEndDate()->roundUnit($unit, $precision, $function));
+        if ($self->endDate) {
+            $self = $self->setEndDate($self->getEndDate()->roundUnit($unit, $precision, $function));
         }
 
-        $this->setDateInterval($this->getDateInterval()->roundUnit($unit, $precision, $function));
-
-        return $this;
+        return $self->setDateInterval($self->getDateInterval()->roundUnit($unit, $precision, $function));
     }
 
     /**
@@ -2151,7 +2288,7 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      * @param string                              $unit
      * @param float|int|string|\DateInterval|null $precision
      *
-     * @return $this
+     * @return static
      */
     public function floorUnit($unit, $precision = 1)
     {
@@ -2164,7 +2301,7 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      * @param string                              $unit
      * @param float|int|string|\DateInterval|null $precision
      *
-     * @return $this
+     * @return static
      */
     public function ceilUnit($unit, $precision = 1)
     {
@@ -2177,7 +2314,7 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      * @param float|int|string|\DateInterval|null $precision
      * @param string                              $function
      *
-     * @return $this
+     * @return static
      */
     public function round($precision = null, $function = 'round')
     {
@@ -2192,7 +2329,7 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      *
      * @param float|int|string|\DateInterval|null $precision
      *
-     * @return $this
+     * @return static
      */
     public function floor($precision = null)
     {
@@ -2204,7 +2341,7 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
      *
      * @param float|int|string|\DateInterval|null $precision
      *
-     * @return $this
+     * @return static
      */
     public function ceil($precision = null)
     {
@@ -2393,9 +2530,9 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
     protected function handleChangedParameters()
     {
         if (($this->getOptions() & static::IMMUTABLE) && $this->dateClass === Carbon::class) {
-            $this->setDateClass(CarbonImmutable::class);
+            $this->dateClass = CarbonImmutable::class;
         } elseif (!($this->getOptions() & static::IMMUTABLE) && $this->dateClass === CarbonImmutable::class) {
-            $this->setDateClass(Carbon::class);
+            $this->dateClass = Carbon::class;
         }
 
         $this->validationResult = null;
@@ -2555,14 +2692,51 @@ class CarbonPeriod implements Iterator, Countable, JsonSerializable
         if (\is_string($value)) {
             $value = trim($value);
 
-            if (!preg_match('/^P[0-9T]/', $value) &&
-                !preg_match('/^R[0-9]/', $value) &&
-                preg_match('/[a-z0-9]/i', $value)
+            if (!preg_match('/^P[\dT]/', $value) &&
+                !preg_match('/^R\d/', $value) &&
+                preg_match('/[a-z\d]/i', $value)
             ) {
-                return Carbon::parse($value, $this->tzName);
+                $dateClass = $this->dateClass;
+
+                return $dateClass::parse($value, $this->tzName);
             }
         }
 
         return null;
     }
+
+    private function isInfiniteDate($date): bool
+    {
+        return $date instanceof CarbonInterface && ($date->isEndOfTime() || $date->isStartOfTime());
+    }
+
+    private function rawDate($date): ?DateTimeInterface
+    {
+        if ($date === false || $date === null) {
+            return null;
+        }
+
+        if ($date instanceof CarbonInterface) {
+            return $date->isMutable()
+                ? $date->toDateTime()
+                : $date->toDateTimeImmutable();
+        }
+
+        if (\in_array(\get_class($date), [DateTime::class, DateTimeImmutable::class], true)) {
+            return $date;
+        }
+
+        $class = $date instanceof DateTime ? DateTime::class : DateTimeImmutable::class;
+
+        return new $class($date->format('Y-m-d H:i:s.u'), $date->getTimezone());
+    }
+
+    private static function setDefaultParameters(array &$parameters, array $defaults): void
+    {
+        foreach ($defaults as [$index, $name, $value]) {
+            if (!\array_key_exists($index, $parameters) && !\array_key_exists($name, $parameters)) {
+                $parameters[$index] = $value;
+            }
+        }
+    }
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonPeriodImmutable.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonPeriodImmutable.php
new file mode 100644
index 000000000..f0d0ee281
--- /dev/null
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonPeriodImmutable.php
@@ -0,0 +1,40 @@
+<?php
+
+/**
+ * This file is part of the Carbon package.
+ *
+ * (c) Brian Nesbitt <brian@nesbot.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Carbon;
+
+class CarbonPeriodImmutable extends CarbonPeriod
+{
+    /**
+     * Default date class of iteration items.
+     *
+     * @var string
+     */
+    protected const DEFAULT_DATE_CLASS = CarbonImmutable::class;
+
+    /**
+     * Date class of iteration items.
+     *
+     * @var string
+     */
+    protected $dateClass = CarbonImmutable::class;
+
+    /**
+     * Prepare the instance to be set (self if mutable to be mutated,
+     * copy if immutable to generate a new instance).
+     *
+     * @return static
+     */
+    protected function copyIfImmutable()
+    {
+        return $this->constructed ? clone $this : $this;
+    }
+}
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonTimeZone.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonTimeZone.php
index b4d16ba97..c81899f1e 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonTimeZone.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/CarbonTimeZone.php
@@ -30,7 +30,7 @@ class CarbonTimeZone extends DateTimeZone
             throw new InvalidTimeZoneException('Absolute timezone offset cannot be greater than 100.');
         }
 
-        return ($timezone >= 0 ? '+' : '').$timezone.':00';
+        return ($timezone >= 0 ? '+' : '').ltrim($timezone, '+').':00';
     }
 
     protected static function getDateTimeZoneNameFromMixed($timezone)
@@ -101,15 +101,15 @@ class CarbonTimeZone extends DateTimeZone
             $tz = static::getDateTimeZoneFromName($object);
         }
 
-        if ($tz === false) {
-            if (Carbon::isStrictModeEnabled()) {
-                throw new InvalidTimeZoneException('Unknown or bad timezone ('.($objectDump ?: $object).')');
-            }
-
-            return false;
+        if ($tz !== false) {
+            return new static($tz->getName());
         }
 
-        return new static($tz->getName());
+        if (Carbon::isStrictModeEnabled()) {
+            throw new InvalidTimeZoneException('Unknown or bad timezone ('.($objectDump ?: $object).')');
+        }
+
+        return false;
     }
 
     /**
@@ -231,15 +231,15 @@ class CarbonTimeZone extends DateTimeZone
     {
         $tz = $this->toRegionName($date);
 
-        if ($tz === false) {
-            if (Carbon::isStrictModeEnabled()) {
-                throw new InvalidTimeZoneException('Unknown timezone for offset '.$this->getOffset($date ?: Carbon::now($this)).' seconds.');
-            }
-
-            return false;
+        if ($tz !== false) {
+            return new static($tz);
         }
 
-        return new static($tz);
+        if (Carbon::isStrictModeEnabled()) {
+            throw new InvalidTimeZoneException('Unknown timezone for offset '.$this->getOffset($date ?: Carbon::now($this)).' seconds.');
+        }
+
+        return false;
     }
 
     /**
@@ -252,6 +252,18 @@ class CarbonTimeZone extends DateTimeZone
         return $this->getName();
     }
 
+    /**
+     * Return the type number:
+     *
+     * Type 1; A UTC offset, such as -0300
+     * Type 2; A timezone abbreviation, such as GMT
+     * Type 3: A timezone identifier, such as Europe/London
+     */
+    public function getType(): int
+    {
+        return preg_match('/"timezone_type";i:(\d)/', serialize($this), $match) ? (int) $match[1] : 3;
+    }
+
     /**
      * Create a CarbonTimeZone from mixed input.
      *
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/CarbonDoctrineType.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/CarbonDoctrineType.php
deleted file mode 100644
index ccc457fcd..000000000
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/CarbonDoctrineType.php
+++ /dev/null
@@ -1,23 +0,0 @@
-<?php
-
-/**
- * This file is part of the Carbon package.
- *
- * (c) Brian Nesbitt <brian@nesbot.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Carbon\Doctrine;
-
-use Doctrine\DBAL\Platforms\AbstractPlatform;
-
-interface CarbonDoctrineType
-{
-    public function getSQLDeclaration(array $fieldDeclaration, AbstractPlatform $platform);
-
-    public function convertToPHPValue($value, AbstractPlatform $platform);
-
-    public function convertToDatabaseValue($value, AbstractPlatform $platform);
-}
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/CarbonImmutableType.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/CarbonImmutableType.php
deleted file mode 100644
index bf476a77e..000000000
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/CarbonImmutableType.php
+++ /dev/null
@@ -1,37 +0,0 @@
-<?php
-
-/**
- * This file is part of the Carbon package.
- *
- * (c) Brian Nesbitt <brian@nesbot.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Carbon\Doctrine;
-
-use Doctrine\DBAL\Platforms\AbstractPlatform;
-
-class CarbonImmutableType extends DateTimeImmutableType implements CarbonDoctrineType
-{
-    /**
-     * {@inheritdoc}
-     *
-     * @return string
-     */
-    public function getName()
-    {
-        return 'carbon_immutable';
-    }
-
-    /**
-     * {@inheritdoc}
-     *
-     * @return bool
-     */
-    public function requiresSQLCommentHint(AbstractPlatform $platform)
-    {
-        return true;
-    }
-}
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/CarbonType.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/CarbonType.php
deleted file mode 100644
index 9289d84d3..000000000
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/CarbonType.php
+++ /dev/null
@@ -1,37 +0,0 @@
-<?php
-
-/**
- * This file is part of the Carbon package.
- *
- * (c) Brian Nesbitt <brian@nesbot.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Carbon\Doctrine;
-
-use Doctrine\DBAL\Platforms\AbstractPlatform;
-
-class CarbonType extends DateTimeType implements CarbonDoctrineType
-{
-    /**
-     * {@inheritdoc}
-     *
-     * @return string
-     */
-    public function getName()
-    {
-        return 'carbon';
-    }
-
-    /**
-     * {@inheritdoc}
-     *
-     * @return bool
-     */
-    public function requiresSQLCommentHint(AbstractPlatform $platform)
-    {
-        return true;
-    }
-}
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/DateTimeType.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/DateTimeType.php
deleted file mode 100644
index 29b0bb955..000000000
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Doctrine/DateTimeType.php
+++ /dev/null
@@ -1,16 +0,0 @@
-<?php
-
-/**
- * Thanks to https://github.com/flaushi for his suggestion:
- * https://github.com/doctrine/dbal/issues/2873#issuecomment-534956358
- */
-namespace Carbon\Doctrine;
-
-use Carbon\Carbon;
-use Doctrine\DBAL\Types\VarDateTimeType;
-
-class DateTimeType extends VarDateTimeType implements CarbonDoctrineType
-{
-    /** @use CarbonTypeConverter<Carbon> */
-    use CarbonTypeConverter;
-}
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/BadComparisonUnitException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/BadComparisonUnitException.php
index b3a087190..3ca8837d1 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/BadComparisonUnitException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/BadComparisonUnitException.php
@@ -11,19 +11,38 @@
 
 namespace Carbon\Exceptions;
 
-use Exception;
+use Throwable;
 
 class BadComparisonUnitException extends UnitException
 {
+    /**
+     * The unit.
+     *
+     * @var string
+     */
+    protected $unit;
+
     /**
      * Constructor.
      *
      * @param string         $unit
      * @param int            $code
-     * @param Exception|null $previous
+     * @param Throwable|null $previous
      */
-    public function __construct($unit, $code = 0, Exception $previous = null)
+    public function __construct($unit, $code = 0, Throwable $previous = null)
     {
+        $this->unit = $unit;
+
         parent::__construct("Bad comparison unit: '$unit'", $code, $previous);
     }
+
+    /**
+     * Get the unit.
+     *
+     * @return string
+     */
+    public function getUnit(): string
+    {
+        return $this->unit;
+    }
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/BadFluentConstructorException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/BadFluentConstructorException.php
index d5cd5564c..2e222e54e 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/BadFluentConstructorException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/BadFluentConstructorException.php
@@ -12,19 +12,38 @@
 namespace Carbon\Exceptions;
 
 use BadMethodCallException as BaseBadMethodCallException;
-use Exception;
+use Throwable;
 
 class BadFluentConstructorException extends BaseBadMethodCallException implements BadMethodCallException
 {
+    /**
+     * The method.
+     *
+     * @var string
+     */
+    protected $method;
+
     /**
      * Constructor.
      *
      * @param string         $method
      * @param int            $code
-     * @param Exception|null $previous
+     * @param Throwable|null $previous
      */
-    public function __construct($method, $code = 0, Exception $previous = null)
+    public function __construct($method, $code = 0, Throwable $previous = null)
     {
+        $this->method = $method;
+
         parent::__construct(sprintf("Unknown fluent constructor '%s'.", $method), $code, $previous);
     }
+
+    /**
+     * Get the method.
+     *
+     * @return string
+     */
+    public function getMethod(): string
+    {
+        return $this->method;
+    }
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/BadFluentSetterException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/BadFluentSetterException.php
index 1d7ec542a..4ceaa2ef0 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/BadFluentSetterException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/BadFluentSetterException.php
@@ -12,19 +12,38 @@
 namespace Carbon\Exceptions;
 
 use BadMethodCallException as BaseBadMethodCallException;
-use Exception;
+use Throwable;
 
 class BadFluentSetterException extends BaseBadMethodCallException implements BadMethodCallException
 {
+    /**
+     * The setter.
+     *
+     * @var string
+     */
+    protected $setter;
+
     /**
      * Constructor.
      *
-     * @param string         $method
+     * @param string         $setter
      * @param int            $code
-     * @param Exception|null $previous
+     * @param Throwable|null $previous
      */
-    public function __construct($method, $code = 0, Exception $previous = null)
+    public function __construct($setter, $code = 0, Throwable $previous = null)
     {
-        parent::__construct(sprintf("Unknown fluent setter '%s'", $method), $code, $previous);
+        $this->setter = $setter;
+
+        parent::__construct(sprintf("Unknown fluent setter '%s'", $setter), $code, $previous);
+    }
+
+    /**
+     * Get the setter.
+     *
+     * @return string
+     */
+    public function getSetter(): string
+    {
+        return $this->setter;
     }
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/BadMethodCallException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/BadMethodCallException.php
index 73c2dd86f..108206d3e 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/BadMethodCallException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/BadMethodCallException.php
@@ -13,4 +13,5 @@ namespace Carbon\Exceptions;
 
 interface BadMethodCallException extends Exception
 {
+    //
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/EndLessPeriodException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/EndLessPeriodException.php
new file mode 100644
index 000000000..e10492693
--- /dev/null
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/EndLessPeriodException.php
@@ -0,0 +1,19 @@
+<?php
+
+/**
+ * This file is part of the Carbon package.
+ *
+ * (c) Brian Nesbitt <brian@nesbot.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Carbon\Exceptions;
+
+use RuntimeException as BaseRuntimeException;
+
+final class EndLessPeriodException extends BaseRuntimeException implements RuntimeException
+{
+    //
+}
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/Exception.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/Exception.php
index 3bbbd77d5..8ad747e75 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/Exception.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/Exception.php
@@ -13,4 +13,5 @@ namespace Carbon\Exceptions;
 
 interface Exception
 {
+    //
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/ImmutableException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/ImmutableException.php
index a48d4f936..db334c6c9 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/ImmutableException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/ImmutableException.php
@@ -11,20 +11,38 @@
 
 namespace Carbon\Exceptions;
 
-use Exception;
 use RuntimeException as BaseRuntimeException;
+use Throwable;
 
 class ImmutableException extends BaseRuntimeException implements RuntimeException
 {
+    /**
+     * The value.
+     *
+     * @var string
+     */
+    protected $value;
+
     /**
      * Constructor.
      *
      * @param string         $value    the immutable type/value
      * @param int            $code
-     * @param Exception|null $previous
+     * @param Throwable|null $previous
      */
-    public function __construct($value, $code = 0, Exception $previous = null)
+    public function __construct($value, $code = 0, Throwable $previous = null)
     {
+        $this->value = $value;
         parent::__construct("$value is immutable.", $code, $previous);
     }
+
+    /**
+     * Get the value.
+     *
+     * @return string
+     */
+    public function getValue(): string
+    {
+        return $this->value;
+    }
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidArgumentException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidArgumentException.php
index 9739f4d18..5b013cd50 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidArgumentException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidArgumentException.php
@@ -13,4 +13,5 @@ namespace Carbon\Exceptions;
 
 interface InvalidArgumentException extends Exception
 {
+    //
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidCastException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidCastException.php
index d2f370199..a421401f6 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidCastException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidCastException.php
@@ -11,20 +11,9 @@
 
 namespace Carbon\Exceptions;
 
-use Exception;
 use InvalidArgumentException as BaseInvalidArgumentException;
 
 class InvalidCastException extends BaseInvalidArgumentException implements InvalidArgumentException
 {
-    /**
-     * Constructor.
-     *
-     * @param string         $message
-     * @param int            $code
-     * @param Exception|null $previous
-     */
-    public function __construct($message, $code = 0, Exception $previous = null)
-    {
-        parent::__construct($message, $code, $previous);
-    }
+    //
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidDateException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidDateException.php
index 99bb91c05..c9ecb6b06 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidDateException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidDateException.php
@@ -11,8 +11,8 @@
 
 namespace Carbon\Exceptions;
 
-use Exception;
 use InvalidArgumentException as BaseInvalidArgumentException;
+use Throwable;
 
 class InvalidDateException extends BaseInvalidArgumentException implements InvalidArgumentException
 {
@@ -36,9 +36,9 @@ class InvalidDateException extends BaseInvalidArgumentException implements Inval
      * @param string         $field
      * @param mixed          $value
      * @param int            $code
-     * @param Exception|null $previous
+     * @param Throwable|null $previous
      */
-    public function __construct($field, $value, $code = 0, Exception $previous = null)
+    public function __construct($field, $value, $code = 0, Throwable $previous = null)
     {
         $this->field = $field;
         $this->value = $value;
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidFormatException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidFormatException.php
index 3341b49d0..92d55fe35 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidFormatException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidFormatException.php
@@ -11,20 +11,9 @@
 
 namespace Carbon\Exceptions;
 
-use Exception;
 use InvalidArgumentException as BaseInvalidArgumentException;
 
 class InvalidFormatException extends BaseInvalidArgumentException implements InvalidArgumentException
 {
-    /**
-     * Constructor.
-     *
-     * @param string         $message
-     * @param int            $code
-     * @param Exception|null $previous
-     */
-    public function __construct($message, $code = 0, Exception $previous = null)
-    {
-        parent::__construct($message, $code, $previous);
-    }
+    //
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidIntervalException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidIntervalException.php
index 5f9f142ee..69cf4128a 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidIntervalException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidIntervalException.php
@@ -11,20 +11,9 @@
 
 namespace Carbon\Exceptions;
 
-use Exception;
 use InvalidArgumentException as BaseInvalidArgumentException;
 
 class InvalidIntervalException extends BaseInvalidArgumentException implements InvalidArgumentException
 {
-    /**
-     * Constructor.
-     *
-     * @param string         $message
-     * @param int            $code
-     * @param Exception|null $previous
-     */
-    public function __construct($message, $code = 0, Exception $previous = null)
-    {
-        parent::__construct($message, $code, $previous);
-    }
+    //
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidPeriodDateException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidPeriodDateException.php
index a37e3f5ec..9bd84a96d 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidPeriodDateException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidPeriodDateException.php
@@ -11,20 +11,9 @@
 
 namespace Carbon\Exceptions;
 
-use Exception;
 use InvalidArgumentException as BaseInvalidArgumentException;
 
 class InvalidPeriodDateException extends BaseInvalidArgumentException implements InvalidArgumentException
 {
-    /**
-     * Constructor.
-     *
-     * @param string         $message
-     * @param int            $code
-     * @param Exception|null $previous
-     */
-    public function __construct($message, $code = 0, Exception $previous = null)
-    {
-        parent::__construct($message, $code, $previous);
-    }
+    //
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidPeriodParameterException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidPeriodParameterException.php
index ede47712b..cf2c90240 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidPeriodParameterException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidPeriodParameterException.php
@@ -11,20 +11,9 @@
 
 namespace Carbon\Exceptions;
 
-use Exception;
 use InvalidArgumentException as BaseInvalidArgumentException;
 
 class InvalidPeriodParameterException extends BaseInvalidArgumentException implements InvalidArgumentException
 {
-    /**
-     * Constructor.
-     *
-     * @param string         $message
-     * @param int            $code
-     * @param Exception|null $previous
-     */
-    public function __construct($message, $code = 0, Exception $previous = null)
-    {
-        parent::__construct($message, $code, $previous);
-    }
+    //
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidTimeZoneException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidTimeZoneException.php
index 892e16e81..f72595583 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidTimeZoneException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidTimeZoneException.php
@@ -11,20 +11,9 @@
 
 namespace Carbon\Exceptions;
 
-use Exception;
 use InvalidArgumentException as BaseInvalidArgumentException;
 
 class InvalidTimeZoneException extends BaseInvalidArgumentException implements InvalidArgumentException
 {
-    /**
-     * Constructor.
-     *
-     * @param string         $message
-     * @param int            $code
-     * @param Exception|null $previous
-     */
-    public function __construct($message, $code = 0, Exception $previous = null)
-    {
-        parent::__construct($message, $code, $previous);
-    }
+    //
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidTypeException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidTypeException.php
index 3fbe3fc47..2c8ec9ba0 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidTypeException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/InvalidTypeException.php
@@ -11,20 +11,9 @@
 
 namespace Carbon\Exceptions;
 
-use Exception;
 use InvalidArgumentException as BaseInvalidArgumentException;
 
 class InvalidTypeException extends BaseInvalidArgumentException implements InvalidArgumentException
 {
-    /**
-     * Constructor.
-     *
-     * @param string         $message
-     * @param int            $code
-     * @param Exception|null $previous
-     */
-    public function __construct($message, $code = 0, Exception $previous = null)
-    {
-        parent::__construct($message, $code, $previous);
-    }
+    //
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/NotACarbonClassException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/NotACarbonClassException.php
index 2b4c48e32..7a87632c4 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/NotACarbonClassException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/NotACarbonClassException.php
@@ -12,24 +12,39 @@
 namespace Carbon\Exceptions;
 
 use Carbon\CarbonInterface;
-use Exception;
 use InvalidArgumentException as BaseInvalidArgumentException;
+use Throwable;
 
 class NotACarbonClassException extends BaseInvalidArgumentException implements InvalidArgumentException
 {
+    /**
+     * The className.
+     *
+     * @var string
+     */
+    protected $className;
+
     /**
      * Constructor.
      *
      * @param string         $className
      * @param int            $code
-     * @param Exception|null $previous
+     * @param Throwable|null $previous
      */
-    public function __construct($className, $code = 0, Exception $previous = null)
+    public function __construct($className, $code = 0, Throwable $previous = null)
     {
-        parent::__construct(sprintf(
-            'Given class does not implement %s: %s',
-            CarbonInterface::class,
-            $className
-        ), $code, $previous);
+        $this->className = $className;
+
+        parent::__construct(sprintf('Given class does not implement %s: %s', CarbonInterface::class, $className), $code, $previous);
+    }
+
+    /**
+     * Get the className.
+     *
+     * @return string
+     */
+    public function getClassName(): string
+    {
+        return $this->className;
     }
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/NotAPeriodException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/NotAPeriodException.php
index 41bb62902..4edd7a484 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/NotAPeriodException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/NotAPeriodException.php
@@ -11,20 +11,9 @@
 
 namespace Carbon\Exceptions;
 
-use Exception;
 use InvalidArgumentException as BaseInvalidArgumentException;
 
 class NotAPeriodException extends BaseInvalidArgumentException implements InvalidArgumentException
 {
-    /**
-     * Constructor.
-     *
-     * @param string         $message
-     * @param int            $code
-     * @param Exception|null $previous
-     */
-    public function __construct($message, $code = 0, Exception $previous = null)
-    {
-        parent::__construct($message, $code, $previous);
-    }
+    //
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/NotLocaleAwareException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/NotLocaleAwareException.php
index adbc36cd5..f2c546843 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/NotLocaleAwareException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/NotLocaleAwareException.php
@@ -11,8 +11,8 @@
 
 namespace Carbon\Exceptions;
 
-use Exception;
 use InvalidArgumentException as BaseInvalidArgumentException;
+use Throwable;
 
 class NotLocaleAwareException extends BaseInvalidArgumentException implements InvalidArgumentException
 {
@@ -21,9 +21,9 @@ class NotLocaleAwareException extends BaseInvalidArgumentException implements In
      *
      * @param mixed          $object
      * @param int            $code
-     * @param Exception|null $previous
+     * @param Throwable|null $previous
      */
-    public function __construct($object, $code = 0, Exception $previous = null)
+    public function __construct($object, $code = 0, Throwable $previous = null)
     {
         $dump = \is_object($object) ? \get_class($object) : \gettype($object);
 
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/OutOfRangeException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/OutOfRangeException.php
index 54822d954..2c586d0b7 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/OutOfRangeException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/OutOfRangeException.php
@@ -11,8 +11,8 @@
 
 namespace Carbon\Exceptions;
 
-use Exception;
 use InvalidArgumentException as BaseInvalidArgumentException;
+use Throwable;
 
 // This will extends OutOfRangeException instead of InvalidArgumentException since 3.0.0
 // use OutOfRangeException as BaseOutOfRangeException;
@@ -55,9 +55,9 @@ class OutOfRangeException extends BaseInvalidArgumentException implements Invali
      * @param mixed          $max
      * @param mixed          $value
      * @param int            $code
-     * @param Exception|null $previous
+     * @param Throwable|null $previous
      */
-    public function __construct($unit, $min, $max, $value, $code = 0, Exception $previous = null)
+    public function __construct($unit, $min, $max, $value, $code = 0, Throwable $previous = null)
     {
         $this->unit = $unit;
         $this->min = $min;
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/ParseErrorException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/ParseErrorException.php
index 0314c5d88..5416fd149 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/ParseErrorException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/ParseErrorException.php
@@ -11,23 +11,78 @@
 
 namespace Carbon\Exceptions;
 
-use Exception;
 use InvalidArgumentException as BaseInvalidArgumentException;
+use Throwable;
 
 class ParseErrorException extends BaseInvalidArgumentException implements InvalidArgumentException
 {
+    /**
+     * The expected.
+     *
+     * @var string
+     */
+    protected $expected;
+
+    /**
+     * The actual.
+     *
+     * @var string
+     */
+    protected $actual;
+
+    /**
+     * The help message.
+     *
+     * @var string
+     */
+    protected $help;
+
     /**
      * Constructor.
      *
      * @param string         $expected
      * @param string         $actual
      * @param int            $code
-     * @param Exception|null $previous
+     * @param Throwable|null $previous
      */
-    public function __construct($expected, $actual, $help = '', $code = 0, Exception $previous = null)
+    public function __construct($expected, $actual, $help = '', $code = 0, Throwable $previous = null)
     {
+        $this->expected = $expected;
+        $this->actual = $actual;
+        $this->help = $help;
+
         $actual = $actual === '' ? 'data is missing' : "get '$actual'";
 
         parent::__construct(trim("Format expected $expected but $actual\n$help"), $code, $previous);
     }
+
+    /**
+     * Get the expected.
+     *
+     * @return string
+     */
+    public function getExpected(): string
+    {
+        return $this->expected;
+    }
+
+    /**
+     * Get the actual.
+     *
+     * @return string
+     */
+    public function getActual(): string
+    {
+        return $this->actual;
+    }
+
+    /**
+     * Get the help message.
+     *
+     * @return string
+     */
+    public function getHelp(): string
+    {
+        return $this->help;
+    }
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/RuntimeException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/RuntimeException.php
index 24bf5a68b..ad196f79d 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/RuntimeException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/RuntimeException.php
@@ -13,4 +13,5 @@ namespace Carbon\Exceptions;
 
 interface RuntimeException extends Exception
 {
+    //
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnitException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnitException.php
index 8bd8653e1..ee99953b4 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnitException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnitException.php
@@ -11,20 +11,9 @@
 
 namespace Carbon\Exceptions;
 
-use Exception;
 use InvalidArgumentException as BaseInvalidArgumentException;
 
 class UnitException extends BaseInvalidArgumentException implements InvalidArgumentException
 {
-    /**
-     * Constructor.
-     *
-     * @param string         $message
-     * @param int            $code
-     * @param Exception|null $previous
-     */
-    public function __construct($message, $code = 0, Exception $previous = null)
-    {
-        parent::__construct($message, $code, $previous);
-    }
+    //
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnitNotConfiguredException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnitNotConfiguredException.php
index 39ee12c5b..0e7230563 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnitNotConfiguredException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnitNotConfiguredException.php
@@ -11,19 +11,38 @@
 
 namespace Carbon\Exceptions;
 
-use Exception;
+use Throwable;
 
 class UnitNotConfiguredException extends UnitException
 {
+    /**
+     * The unit.
+     *
+     * @var string
+     */
+    protected $unit;
+
     /**
      * Constructor.
      *
      * @param string         $unit
      * @param int            $code
-     * @param Exception|null $previous
+     * @param Throwable|null $previous
      */
-    public function __construct($unit, $code = 0, Exception $previous = null)
+    public function __construct($unit, $code = 0, Throwable $previous = null)
     {
+        $this->unit = $unit;
+
         parent::__construct("Unit $unit have no configuration to get total from other units.", $code, $previous);
     }
+
+    /**
+     * Get the unit.
+     *
+     * @return string
+     */
+    public function getUnit(): string
+    {
+        return $this->unit;
+    }
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnknownGetterException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnknownGetterException.php
index 6c8c01b6c..5c504975a 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnknownGetterException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnknownGetterException.php
@@ -11,20 +11,39 @@
 
 namespace Carbon\Exceptions;
 
-use Exception;
 use InvalidArgumentException as BaseInvalidArgumentException;
+use Throwable;
 
 class UnknownGetterException extends BaseInvalidArgumentException implements InvalidArgumentException
 {
+    /**
+     * The getter.
+     *
+     * @var string
+     */
+    protected $getter;
+
     /**
      * Constructor.
      *
-     * @param string         $name     getter name
+     * @param string         $getter   getter name
      * @param int            $code
-     * @param Exception|null $previous
+     * @param Throwable|null $previous
      */
-    public function __construct($name, $code = 0, Exception $previous = null)
+    public function __construct($getter, $code = 0, Throwable $previous = null)
     {
-        parent::__construct("Unknown getter '$name'", $code, $previous);
+        $this->getter = $getter;
+
+        parent::__construct("Unknown getter '$getter'", $code, $previous);
+    }
+
+    /**
+     * Get the getter.
+     *
+     * @return string
+     */
+    public function getGetter(): string
+    {
+        return $this->getter;
     }
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnknownMethodException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnknownMethodException.php
index 901db986a..75273a706 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnknownMethodException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnknownMethodException.php
@@ -12,19 +12,38 @@
 namespace Carbon\Exceptions;
 
 use BadMethodCallException as BaseBadMethodCallException;
-use Exception;
+use Throwable;
 
 class UnknownMethodException extends BaseBadMethodCallException implements BadMethodCallException
 {
+    /**
+     * The method.
+     *
+     * @var string
+     */
+    protected $method;
+
     /**
      * Constructor.
      *
      * @param string         $method
      * @param int            $code
-     * @param Exception|null $previous
+     * @param Throwable|null $previous
      */
-    public function __construct($method, $code = 0, Exception $previous = null)
+    public function __construct($method, $code = 0, Throwable $previous = null)
     {
+        $this->method = $method;
+
         parent::__construct("Method $method does not exist.", $code, $previous);
     }
+
+    /**
+     * Get the method.
+     *
+     * @return string
+     */
+    public function getMethod(): string
+    {
+        return $this->method;
+    }
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnknownSetterException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnknownSetterException.php
index c9e9c9ff2..a795f5d72 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnknownSetterException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnknownSetterException.php
@@ -11,20 +11,39 @@
 
 namespace Carbon\Exceptions;
 
-use Exception;
 use InvalidArgumentException as BaseInvalidArgumentException;
+use Throwable;
 
 class UnknownSetterException extends BaseInvalidArgumentException implements BadMethodCallException
 {
+    /**
+     * The setter.
+     *
+     * @var string
+     */
+    protected $setter;
+
     /**
      * Constructor.
      *
-     * @param string         $name     setter name
+     * @param string         $setter   setter name
      * @param int            $code
-     * @param Exception|null $previous
+     * @param Throwable|null $previous
      */
-    public function __construct($name, $code = 0, Exception $previous = null)
+    public function __construct($setter, $code = 0, Throwable $previous = null)
     {
-        parent::__construct("Unknown setter '$name'", $code, $previous);
+        $this->setter = $setter;
+
+        parent::__construct("Unknown setter '$setter'", $code, $previous);
+    }
+
+    /**
+     * Get the setter.
+     *
+     * @return string
+     */
+    public function getSetter(): string
+    {
+        return $this->setter;
     }
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnknownUnitException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnknownUnitException.php
index d965c82ae..ecd7f7a59 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnknownUnitException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnknownUnitException.php
@@ -11,19 +11,38 @@
 
 namespace Carbon\Exceptions;
 
-use Exception;
+use Throwable;
 
 class UnknownUnitException extends UnitException
 {
+    /**
+     * The unit.
+     *
+     * @var string
+     */
+    protected $unit;
+
     /**
      * Constructor.
      *
      * @param string         $unit
      * @param int            $code
-     * @param Exception|null $previous
+     * @param Throwable|null $previous
      */
-    public function __construct($unit, $code = 0, Exception $previous = null)
+    public function __construct($unit, $code = 0, Throwable $previous = null)
     {
+        $this->unit = $unit;
+
         parent::__construct("Unknown unit '$unit'.", $code, $previous);
     }
+
+    /**
+     * Get the unit.
+     *
+     * @return string
+     */
+    public function getUnit(): string
+    {
+        return $this->unit;
+    }
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnreachableException.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnreachableException.php
index 6f8b39f5f..1654ab11b 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnreachableException.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Exceptions/UnreachableException.php
@@ -11,20 +11,9 @@
 
 namespace Carbon\Exceptions;
 
-use Exception;
 use RuntimeException as BaseRuntimeException;
 
 class UnreachableException extends BaseRuntimeException implements RuntimeException
 {
-    /**
-     * Constructor.
-     *
-     * @param string         $message
-     * @param int            $code
-     * @param Exception|null $previous
-     */
-    public function __construct($message, $code = 0, Exception $previous = null)
-    {
-        parent::__construct($message, $code, $previous);
-    }
+    //
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Factory.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Factory.php
index f8c72890c..d497535f7 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Factory.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Factory.php
@@ -177,10 +177,10 @@ use ReflectionMethod;
  *                                                                                                                                                                                         parameter of null.
  *                                                                                                                                                                                         /!\ Use this method for unit tests only.
  * @method void                                               setToStringFormat($format)                                                                                                   @deprecated To avoid conflict between different third-party libraries, static setters should not be used.
- *                                                                                                                                                                                                     You should rather let Carbon object being casted to string with DEFAULT_TO_STRING_FORMAT, and
- *                                                                                                                                                                                                     use other method or custom format passed to format() method if you need to dump an other string
+ *                                                                                                                                                                                                     You should rather let Carbon object being cast to string with DEFAULT_TO_STRING_FORMAT, and
+ *                                                                                                                                                                                                     use other method or custom format passed to format() method if you need to dump another string
  *                                                                                                                                                                                                     format.
- *                                                                                                                                                                                         Set the default format used when type juggling a Carbon instance to a string
+ *                                                                                                                                                                                         Set the default format used when type juggling a Carbon instance to a string.
  * @method void                                               setTranslator(TranslatorInterface $translator)                                                                               Set the default translator instance to use.
  * @method Carbon                                             setUtf8($utf8)                                                                                                               @deprecated To avoid conflict between different third-party libraries, static setters should not be used.
  *                                                                                                                                                                                                     You should rather use UTF-8 language packages on every machine.
@@ -231,7 +231,7 @@ use ReflectionMethod;
  *                                                                                                                                                                                                     You should rather use the ->settings() method.
  *                                                                                                                                                                                                     Or you can use method variants: addYearsWithOverflow/addYearsNoOverflow, same variants
  *                                                                                                                                                                                                     are available for quarters, years, decade, centuries, millennia (singular and plural forms).
- * @method mixed                                              withTestNow($testNow = null, $callback = null)                                                                               Temporarily sets a static date to be used within the callback.
+ * @method mixed                                              withTestNow($testNow, $callback)                                                                                             Temporarily sets a static date to be used within the callback.
  *                                                                                                                                                                                         Using setTestNow to set the date, executing the callback, then
  *                                                                                                                                                                                         clearing the test instance.
  *                                                                                                                                                                                         /!\ Use this method for unit tests only.
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/FactoryImmutable.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/FactoryImmutable.php
index 596ee8064..d88a1cf67 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/FactoryImmutable.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/FactoryImmutable.php
@@ -12,6 +12,9 @@
 namespace Carbon;
 
 use Closure;
+use DateTimeImmutable;
+use DateTimeZone;
+use Psr\Clock\ClockInterface;
 
 /**
  * A factory to generate CarbonImmutable instances with common settings.
@@ -111,7 +114,6 @@ use Closure;
  * @method CarbonImmutable                                    maxValue()                                                                                                                   Create a Carbon instance for the greatest supported date.
  * @method CarbonImmutable                                    minValue()                                                                                                                   Create a Carbon instance for the lowest supported date.
  * @method void                                               mixin($mixin)                                                                                                                Mix another object into the class.
- * @method CarbonImmutable                                    now($tz = null)                                                                                                              Get a Carbon instance for the current date and time.
  * @method CarbonImmutable                                    parse($time = null, $tz = null)                                                                                              Create a carbon instance from a string.
  *                                                                                                                                                                                         This is an alias for the constructor that allows better fluent syntax
  *                                                                                                                                                                                         as it allows you to do Carbon::parse('Monday next week')->fn() rather
@@ -175,10 +177,10 @@ use Closure;
  *                                                                                                                                                                                         parameter of null.
  *                                                                                                                                                                                         /!\ Use this method for unit tests only.
  * @method void                                               setToStringFormat($format)                                                                                                   @deprecated To avoid conflict between different third-party libraries, static setters should not be used.
- *                                                                                                                                                                                                     You should rather let Carbon object being casted to string with DEFAULT_TO_STRING_FORMAT, and
- *                                                                                                                                                                                                     use other method or custom format passed to format() method if you need to dump an other string
+ *                                                                                                                                                                                                     You should rather let Carbon object being cast to string with DEFAULT_TO_STRING_FORMAT, and
+ *                                                                                                                                                                                                     use other method or custom format passed to format() method if you need to dump another string
  *                                                                                                                                                                                                     format.
- *                                                                                                                                                                                         Set the default format used when type juggling a Carbon instance to a string
+ *                                                                                                                                                                                         Set the default format used when type juggling a Carbon instance to a string.
  * @method void                                               setTranslator(TranslatorInterface $translator)                                                                               Set the default translator instance to use.
  * @method CarbonImmutable                                    setUtf8($utf8)                                                                                                               @deprecated To avoid conflict between different third-party libraries, static setters should not be used.
  *                                                                                                                                                                                                     You should rather use UTF-8 language packages on every machine.
@@ -229,7 +231,7 @@ use Closure;
  *                                                                                                                                                                                                     You should rather use the ->settings() method.
  *                                                                                                                                                                                                     Or you can use method variants: addYearsWithOverflow/addYearsNoOverflow, same variants
  *                                                                                                                                                                                                     are available for quarters, years, decade, centuries, millennia (singular and plural forms).
- * @method mixed                                              withTestNow($testNow = null, $callback = null)                                                                               Temporarily sets a static date to be used within the callback.
+ * @method mixed                                              withTestNow($testNow, $callback)                                                                                             Temporarily sets a static date to be used within the callback.
  *                                                                                                                                                                                         Using setTestNow to set the date, executing the callback, then
  *                                                                                                                                                                                         clearing the test instance.
  *                                                                                                                                                                                         /!\ Use this method for unit tests only.
@@ -237,7 +239,21 @@ use Closure;
  *
  * </autodoc>
  */
-class FactoryImmutable extends Factory
+class FactoryImmutable extends Factory implements ClockInterface
 {
     protected $className = CarbonImmutable::class;
+
+    /**
+     * Get a Carbon instance for the current date and time.
+     *
+     * @param DateTimeZone|string|int|null $tz
+     *
+     * @return CarbonImmutable
+     */
+    public function now($tz = null): DateTimeImmutable
+    {
+        $className = $this->className;
+
+        return new $className(null, $tz);
+    }
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_AE.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_AE.php
index 75fe47f6d..35a22b1d2 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_AE.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_AE.php
@@ -12,6 +12,7 @@
 /*
  * Authors:
  * - IBM Globalization Center of Competency, Yamato Software Laboratory    bug-glibc-locales@gnu.org
+ * - Abdullah-Alhariri
  */
 return array_replace_recursive(require __DIR__.'/ar.php', [
     'formats' => [
@@ -24,4 +25,5 @@ return array_replace_recursive(require __DIR__.'/ar.php', [
     'weekdays_min' => ['ح', 'ن', 'ث', 'ر', 'خ', 'ج', 'س'],
     'first_day_of_week' => 6,
     'day_of_first_week_of_year' => 1,
+    'alt_numbers' => ['۰۰', '۰۱', '۰۲', '۰۳', '۰٤', '۰٥', '۰٦', '۰۷', '۰۸', '۰۹', '۱۰', '۱۱', '۱۲', '۱۳', '۱٤', '۱٥', '۱٦', '۱۷', '۱۸', '۱۹', '۲۰', '۲۱', '۲۲', '۲۳', '۲٤', '۲٥', '۲٦', '۲۷', '۲۸', '۲۹', '۳۰', '۳۱', '۳۲', '۳۳', '۳٤', '۳٥', '۳٦', '۳۷', '۳۸', '۳۹', '٤۰', '٤۱', '٤۲', '٤۳', '٤٤', '٤٥', '٤٦', '٤۷', '٤۸', '٤۹', '٥۰', '٥۱', '٥۲', '٥۳', '٥٤', '٥٥', '٥٦', '٥۷', '٥۸', '٥۹', '٦۰', '٦۱', '٦۲', '٦۳', '٦٤', '٦٥', '٦٦', '٦۷', '٦۸', '٦۹', '۷۰', '۷۱', '۷۲', '۷۳', '۷٤', '۷٥', '۷٦', '۷۷', '۷۸', '۷۹', '۸۰', '۸۱', '۸۲', '۸۳', '۸٤', '۸٥', '۸٦', '۸۷', '۸۸', '۸۹', '۹۰', '۹۱', '۹۲', '۹۳', '۹٤', '۹٥', '۹٦', '۹۷', '۹۸', '۹۹'],
 ]);
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_BH.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_BH.php
index 362009e29..35180965a 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_BH.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_BH.php
@@ -12,6 +12,7 @@
 /*
  * Authors:
  * - IBM Globalization Center of Competency, Yamato Software Laboratory    bug-glibc-locales@gnu.org
+ * - Abdullah-Alhariri
  */
 return array_replace_recursive(require __DIR__.'/ar.php', [
     'formats' => [
@@ -24,4 +25,5 @@ return array_replace_recursive(require __DIR__.'/ar.php', [
     'weekdays_min' => ['ح', 'ن', 'ث', 'ر', 'خ', 'ج', 'س'],
     'first_day_of_week' => 6,
     'day_of_first_week_of_year' => 1,
+    'alt_numbers' => ['۰۰', '۰۱', '۰۲', '۰۳', '۰٤', '۰٥', '۰٦', '۰۷', '۰۸', '۰۹', '۱۰', '۱۱', '۱۲', '۱۳', '۱٤', '۱٥', '۱٦', '۱۷', '۱۸', '۱۹', '۲۰', '۲۱', '۲۲', '۲۳', '۲٤', '۲٥', '۲٦', '۲۷', '۲۸', '۲۹', '۳۰', '۳۱', '۳۲', '۳۳', '۳٤', '۳٥', '۳٦', '۳۷', '۳۸', '۳۹', '٤۰', '٤۱', '٤۲', '٤۳', '٤٤', '٤٥', '٤٦', '٤۷', '٤۸', '٤۹', '٥۰', '٥۱', '٥۲', '٥۳', '٥٤', '٥٥', '٥٦', '٥۷', '٥۸', '٥۹', '٦۰', '٦۱', '٦۲', '٦۳', '٦٤', '٦٥', '٦٦', '٦۷', '٦۸', '٦۹', '۷۰', '۷۱', '۷۲', '۷۳', '۷٤', '۷٥', '۷٦', '۷۷', '۷۸', '۷۹', '۸۰', '۸۱', '۸۲', '۸۳', '۸٤', '۸٥', '۸٦', '۸۷', '۸۸', '۸۹', '۹۰', '۹۱', '۹۲', '۹۳', '۹٤', '۹٥', '۹٦', '۹۷', '۹۸', '۹۹'],
 ]);
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_EG.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_EG.php
index 362009e29..35180965a 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_EG.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_EG.php
@@ -12,6 +12,7 @@
 /*
  * Authors:
  * - IBM Globalization Center of Competency, Yamato Software Laboratory    bug-glibc-locales@gnu.org
+ * - Abdullah-Alhariri
  */
 return array_replace_recursive(require __DIR__.'/ar.php', [
     'formats' => [
@@ -24,4 +25,5 @@ return array_replace_recursive(require __DIR__.'/ar.php', [
     'weekdays_min' => ['ح', 'ن', 'ث', 'ر', 'خ', 'ج', 'س'],
     'first_day_of_week' => 6,
     'day_of_first_week_of_year' => 1,
+    'alt_numbers' => ['۰۰', '۰۱', '۰۲', '۰۳', '۰٤', '۰٥', '۰٦', '۰۷', '۰۸', '۰۹', '۱۰', '۱۱', '۱۲', '۱۳', '۱٤', '۱٥', '۱٦', '۱۷', '۱۸', '۱۹', '۲۰', '۲۱', '۲۲', '۲۳', '۲٤', '۲٥', '۲٦', '۲۷', '۲۸', '۲۹', '۳۰', '۳۱', '۳۲', '۳۳', '۳٤', '۳٥', '۳٦', '۳۷', '۳۸', '۳۹', '٤۰', '٤۱', '٤۲', '٤۳', '٤٤', '٤٥', '٤٦', '٤۷', '٤۸', '٤۹', '٥۰', '٥۱', '٥۲', '٥۳', '٥٤', '٥٥', '٥٦', '٥۷', '٥۸', '٥۹', '٦۰', '٦۱', '٦۲', '٦۳', '٦٤', '٦٥', '٦٦', '٦۷', '٦۸', '٦۹', '۷۰', '۷۱', '۷۲', '۷۳', '۷٤', '۷٥', '۷٦', '۷۷', '۷۸', '۷۹', '۸۰', '۸۱', '۸۲', '۸۳', '۸٤', '۸٥', '۸٦', '۸۷', '۸۸', '۸۹', '۹۰', '۹۱', '۹۲', '۹۳', '۹٤', '۹٥', '۹٦', '۹۷', '۹۸', '۹۹'],
 ]);
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_IQ.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_IQ.php
index 0ac09958e..2d4200845 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_IQ.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_IQ.php
@@ -12,6 +12,7 @@
 /*
  * Authors:
  * - IBM Globalization Center of Competency, Yamato Software Laboratory    bug-glibc-locales@gnu.org
+ * - Abdullah-Alhariri
  */
 return array_replace_recursive(require __DIR__.'/ar.php', [
     'formats' => [
@@ -24,4 +25,5 @@ return array_replace_recursive(require __DIR__.'/ar.php', [
     'weekdays_min' => ['ح', 'ن', 'ث', 'ر', 'خ', 'ج', 'س'],
     'first_day_of_week' => 6,
     'day_of_first_week_of_year' => 1,
+    'alt_numbers' => ['۰۰', '۰۱', '۰۲', '۰۳', '۰٤', '۰٥', '۰٦', '۰۷', '۰۸', '۰۹', '۱۰', '۱۱', '۱۲', '۱۳', '۱٤', '۱٥', '۱٦', '۱۷', '۱۸', '۱۹', '۲۰', '۲۱', '۲۲', '۲۳', '۲٤', '۲٥', '۲٦', '۲۷', '۲۸', '۲۹', '۳۰', '۳۱', '۳۲', '۳۳', '۳٤', '۳٥', '۳٦', '۳۷', '۳۸', '۳۹', '٤۰', '٤۱', '٤۲', '٤۳', '٤٤', '٤٥', '٤٦', '٤۷', '٤۸', '٤۹', '٥۰', '٥۱', '٥۲', '٥۳', '٥٤', '٥٥', '٥٦', '٥۷', '٥۸', '٥۹', '٦۰', '٦۱', '٦۲', '٦۳', '٦٤', '٦٥', '٦٦', '٦۷', '٦۸', '٦۹', '۷۰', '۷۱', '۷۲', '۷۳', '۷٤', '۷٥', '۷٦', '۷۷', '۷۸', '۷۹', '۸۰', '۸۱', '۸۲', '۸۳', '۸٤', '۸٥', '۸٦', '۸۷', '۸۸', '۸۹', '۹۰', '۹۱', '۹۲', '۹۳', '۹٤', '۹٥', '۹٦', '۹۷', '۹۸', '۹۹'],
 ]);
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_JO.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_JO.php
index 0ac09958e..2d4200845 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_JO.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_JO.php
@@ -12,6 +12,7 @@
 /*
  * Authors:
  * - IBM Globalization Center of Competency, Yamato Software Laboratory    bug-glibc-locales@gnu.org
+ * - Abdullah-Alhariri
  */
 return array_replace_recursive(require __DIR__.'/ar.php', [
     'formats' => [
@@ -24,4 +25,5 @@ return array_replace_recursive(require __DIR__.'/ar.php', [
     'weekdays_min' => ['ح', 'ن', 'ث', 'ر', 'خ', 'ج', 'س'],
     'first_day_of_week' => 6,
     'day_of_first_week_of_year' => 1,
+    'alt_numbers' => ['۰۰', '۰۱', '۰۲', '۰۳', '۰٤', '۰٥', '۰٦', '۰۷', '۰۸', '۰۹', '۱۰', '۱۱', '۱۲', '۱۳', '۱٤', '۱٥', '۱٦', '۱۷', '۱۸', '۱۹', '۲۰', '۲۱', '۲۲', '۲۳', '۲٤', '۲٥', '۲٦', '۲۷', '۲۸', '۲۹', '۳۰', '۳۱', '۳۲', '۳۳', '۳٤', '۳٥', '۳٦', '۳۷', '۳۸', '۳۹', '٤۰', '٤۱', '٤۲', '٤۳', '٤٤', '٤٥', '٤٦', '٤۷', '٤۸', '٤۹', '٥۰', '٥۱', '٥۲', '٥۳', '٥٤', '٥٥', '٥٦', '٥۷', '٥۸', '٥۹', '٦۰', '٦۱', '٦۲', '٦۳', '٦٤', '٦٥', '٦٦', '٦۷', '٦۸', '٦۹', '۷۰', '۷۱', '۷۲', '۷۳', '۷٤', '۷٥', '۷٦', '۷۷', '۷۸', '۷۹', '۸۰', '۸۱', '۸۲', '۸۳', '۸٤', '۸٥', '۸٦', '۸۷', '۸۸', '۸۹', '۹۰', '۹۱', '۹۲', '۹۳', '۹٤', '۹٥', '۹٦', '۹۷', '۹۸', '۹۹'],
 ]);
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_KW.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_KW.php
index e6f0531d4..b3fb1cfec 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_KW.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_KW.php
@@ -16,6 +16,7 @@
  * - JD Isaacks
  * - Atef Ben Ali (atefBB)
  * - Mohamed Sabil (mohamedsabil83)
+ * - Abdullah-Alhariri
  */
 $months = [
     'يناير',
@@ -90,4 +91,5 @@ return [
     ],
     'meridiem' => ['ص', 'م'],
     'weekend' => [5, 6],
+    'alt_numbers' => ['۰۰', '۰۱', '۰۲', '۰۳', '۰٤', '۰٥', '۰٦', '۰۷', '۰۸', '۰۹', '۱۰', '۱۱', '۱۲', '۱۳', '۱٤', '۱٥', '۱٦', '۱۷', '۱۸', '۱۹', '۲۰', '۲۱', '۲۲', '۲۳', '۲٤', '۲٥', '۲٦', '۲۷', '۲۸', '۲۹', '۳۰', '۳۱', '۳۲', '۳۳', '۳٤', '۳٥', '۳٦', '۳۷', '۳۸', '۳۹', '٤۰', '٤۱', '٤۲', '٤۳', '٤٤', '٤٥', '٤٦', '٤۷', '٤۸', '٤۹', '٥۰', '٥۱', '٥۲', '٥۳', '٥٤', '٥٥', '٥٦', '٥۷', '٥۸', '٥۹', '٦۰', '٦۱', '٦۲', '٦۳', '٦٤', '٦٥', '٦٦', '٦۷', '٦۸', '٦۹', '۷۰', '۷۱', '۷۲', '۷۳', '۷٤', '۷٥', '۷٦', '۷۷', '۷۸', '۷۹', '۸۰', '۸۱', '۸۲', '۸۳', '۸٤', '۸٥', '۸٦', '۸۷', '۸۸', '۸۹', '۹۰', '۹۱', '۹۲', '۹۳', '۹٤', '۹٥', '۹٦', '۹۷', '۹۸', '۹۹'],
 ];
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_LB.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_LB.php
index 55bb10c33..2792745c6 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_LB.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_LB.php
@@ -12,6 +12,7 @@
 /*
  * Authors:
  * - IBM Globalization Center of Competency, Yamato Software Laboratory    bug-glibc-locales@gnu.org
+ * - Abdullah-Alhariri
  */
 return array_replace_recursive(require __DIR__.'/ar.php', [
     'formats' => [
@@ -24,4 +25,5 @@ return array_replace_recursive(require __DIR__.'/ar.php', [
     'weekdays_min' => ['ح', 'ن', 'ث', 'ر', 'خ', 'ج', 'س'],
     'first_day_of_week' => 1,
     'day_of_first_week_of_year' => 1,
+    'alt_numbers' => ['۰۰', '۰۱', '۰۲', '۰۳', '۰٤', '۰٥', '۰٦', '۰۷', '۰۸', '۰۹', '۱۰', '۱۱', '۱۲', '۱۳', '۱٤', '۱٥', '۱٦', '۱۷', '۱۸', '۱۹', '۲۰', '۲۱', '۲۲', '۲۳', '۲٤', '۲٥', '۲٦', '۲۷', '۲۸', '۲۹', '۳۰', '۳۱', '۳۲', '۳۳', '۳٤', '۳٥', '۳٦', '۳۷', '۳۸', '۳۹', '٤۰', '٤۱', '٤۲', '٤۳', '٤٤', '٤٥', '٤٦', '٤۷', '٤۸', '٤۹', '٥۰', '٥۱', '٥۲', '٥۳', '٥٤', '٥٥', '٥٦', '٥۷', '٥۸', '٥۹', '٦۰', '٦۱', '٦۲', '٦۳', '٦٤', '٦٥', '٦٦', '٦۷', '٦۸', '٦۹', '۷۰', '۷۱', '۷۲', '۷۳', '۷٤', '۷٥', '۷٦', '۷۷', '۷۸', '۷۹', '۸۰', '۸۱', '۸۲', '۸۳', '۸٤', '۸٥', '۸٦', '۸۷', '۸۸', '۸۹', '۹۰', '۹۱', '۹۲', '۹۳', '۹٤', '۹٥', '۹٦', '۹۷', '۹۸', '۹۹'],
 ]);
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_OM.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_OM.php
index 362009e29..35180965a 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_OM.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_OM.php
@@ -12,6 +12,7 @@
 /*
  * Authors:
  * - IBM Globalization Center of Competency, Yamato Software Laboratory    bug-glibc-locales@gnu.org
+ * - Abdullah-Alhariri
  */
 return array_replace_recursive(require __DIR__.'/ar.php', [
     'formats' => [
@@ -24,4 +25,5 @@ return array_replace_recursive(require __DIR__.'/ar.php', [
     'weekdays_min' => ['ح', 'ن', 'ث', 'ر', 'خ', 'ج', 'س'],
     'first_day_of_week' => 6,
     'day_of_first_week_of_year' => 1,
+    'alt_numbers' => ['۰۰', '۰۱', '۰۲', '۰۳', '۰٤', '۰٥', '۰٦', '۰۷', '۰۸', '۰۹', '۱۰', '۱۱', '۱۲', '۱۳', '۱٤', '۱٥', '۱٦', '۱۷', '۱۸', '۱۹', '۲۰', '۲۱', '۲۲', '۲۳', '۲٤', '۲٥', '۲٦', '۲۷', '۲۸', '۲۹', '۳۰', '۳۱', '۳۲', '۳۳', '۳٤', '۳٥', '۳٦', '۳۷', '۳۸', '۳۹', '٤۰', '٤۱', '٤۲', '٤۳', '٤٤', '٤٥', '٤٦', '٤۷', '٤۸', '٤۹', '٥۰', '٥۱', '٥۲', '٥۳', '٥٤', '٥٥', '٥٦', '٥۷', '٥۸', '٥۹', '٦۰', '٦۱', '٦۲', '٦۳', '٦٤', '٦٥', '٦٦', '٦۷', '٦۸', '٦۹', '۷۰', '۷۱', '۷۲', '۷۳', '۷٤', '۷٥', '۷٦', '۷۷', '۷۸', '۷۹', '۸۰', '۸۱', '۸۲', '۸۳', '۸٤', '۸٥', '۸٦', '۸۷', '۸۸', '۸۹', '۹۰', '۹۱', '۹۲', '۹۳', '۹٤', '۹٥', '۹٦', '۹۷', '۹۸', '۹۹'],
 ]);
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_PS.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_PS.php
index e790b99e6..503c60d2e 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_PS.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_PS.php
@@ -9,5 +9,10 @@
  * file that was distributed with this source code.
  */
 
+/*
+ * Authors:
+ * - Abdullah-Alhariri
+ */
 return array_replace_recursive(require __DIR__.'/ar.php', [
+    'alt_numbers' => ['۰۰', '۰۱', '۰۲', '۰۳', '۰٤', '۰٥', '۰٦', '۰۷', '۰۸', '۰۹', '۱۰', '۱۱', '۱۲', '۱۳', '۱٤', '۱٥', '۱٦', '۱۷', '۱۸', '۱۹', '۲۰', '۲۱', '۲۲', '۲۳', '۲٤', '۲٥', '۲٦', '۲۷', '۲۸', '۲۹', '۳۰', '۳۱', '۳۲', '۳۳', '۳٤', '۳٥', '۳٦', '۳۷', '۳۸', '۳۹', '٤۰', '٤۱', '٤۲', '٤۳', '٤٤', '٤٥', '٤٦', '٤۷', '٤۸', '٤۹', '٥۰', '٥۱', '٥۲', '٥۳', '٥٤', '٥٥', '٥٦', '٥۷', '٥۸', '٥۹', '٦۰', '٦۱', '٦۲', '٦۳', '٦٤', '٦٥', '٦٦', '٦۷', '٦۸', '٦۹', '۷۰', '۷۱', '۷۲', '۷۳', '۷٤', '۷٥', '۷٦', '۷۷', '۷۸', '۷۹', '۸۰', '۸۱', '۸۲', '۸۳', '۸٤', '۸٥', '۸٦', '۸۷', '۸۸', '۸۹', '۹۰', '۹۱', '۹۲', '۹۳', '۹٤', '۹٥', '۹٦', '۹۷', '۹۸', '۹۹'],
 ]);
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_QA.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_QA.php
index 362009e29..35180965a 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_QA.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_QA.php
@@ -12,6 +12,7 @@
 /*
  * Authors:
  * - IBM Globalization Center of Competency, Yamato Software Laboratory    bug-glibc-locales@gnu.org
+ * - Abdullah-Alhariri
  */
 return array_replace_recursive(require __DIR__.'/ar.php', [
     'formats' => [
@@ -24,4 +25,5 @@ return array_replace_recursive(require __DIR__.'/ar.php', [
     'weekdays_min' => ['ح', 'ن', 'ث', 'ر', 'خ', 'ج', 'س'],
     'first_day_of_week' => 6,
     'day_of_first_week_of_year' => 1,
+    'alt_numbers' => ['۰۰', '۰۱', '۰۲', '۰۳', '۰٤', '۰٥', '۰٦', '۰۷', '۰۸', '۰۹', '۱۰', '۱۱', '۱۲', '۱۳', '۱٤', '۱٥', '۱٦', '۱۷', '۱۸', '۱۹', '۲۰', '۲۱', '۲۲', '۲۳', '۲٤', '۲٥', '۲٦', '۲۷', '۲۸', '۲۹', '۳۰', '۳۱', '۳۲', '۳۳', '۳٤', '۳٥', '۳٦', '۳۷', '۳۸', '۳۹', '٤۰', '٤۱', '٤۲', '٤۳', '٤٤', '٤٥', '٤٦', '٤۷', '٤۸', '٤۹', '٥۰', '٥۱', '٥۲', '٥۳', '٥٤', '٥٥', '٥٦', '٥۷', '٥۸', '٥۹', '٦۰', '٦۱', '٦۲', '٦۳', '٦٤', '٦٥', '٦٦', '٦۷', '٦۸', '٦۹', '۷۰', '۷۱', '۷۲', '۷۳', '۷٤', '۷٥', '۷٦', '۷۷', '۷۸', '۷۹', '۸۰', '۸۱', '۸۲', '۸۳', '۸٤', '۸٥', '۸٦', '۸۷', '۸۸', '۸۹', '۹۰', '۹۱', '۹۲', '۹۳', '۹٤', '۹٥', '۹٦', '۹۷', '۹۸', '۹۹'],
 ]);
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_SA.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_SA.php
index 10aaa2ede..550b0c73a 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_SA.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_SA.php
@@ -15,6 +15,7 @@
  * - JD Isaacks
  * - Atef Ben Ali (atefBB)
  * - Mohamed Sabil (mohamedsabil83)
+ * - Abdullah-Alhariri
  */
 $months = [
     'يناير',
@@ -89,4 +90,5 @@ return [
     ],
     'meridiem' => ['ص', 'م'],
     'weekend' => [5, 6],
+    'alt_numbers' => ['۰۰', '۰۱', '۰۲', '۰۳', '۰٤', '۰٥', '۰٦', '۰۷', '۰۸', '۰۹', '۱۰', '۱۱', '۱۲', '۱۳', '۱٤', '۱٥', '۱٦', '۱۷', '۱۸', '۱۹', '۲۰', '۲۱', '۲۲', '۲۳', '۲٤', '۲٥', '۲٦', '۲۷', '۲۸', '۲۹', '۳۰', '۳۱', '۳۲', '۳۳', '۳٤', '۳٥', '۳٦', '۳۷', '۳۸', '۳۹', '٤۰', '٤۱', '٤۲', '٤۳', '٤٤', '٤٥', '٤٦', '٤۷', '٤۸', '٤۹', '٥۰', '٥۱', '٥۲', '٥۳', '٥٤', '٥٥', '٥٦', '٥۷', '٥۸', '٥۹', '٦۰', '٦۱', '٦۲', '٦۳', '٦٤', '٦٥', '٦٦', '٦۷', '٦۸', '٦۹', '۷۰', '۷۱', '۷۲', '۷۳', '۷٤', '۷٥', '۷٦', '۷۷', '۷۸', '۷۹', '۸۰', '۸۱', '۸۲', '۸۳', '۸٤', '۸٥', '۸٦', '۸۷', '۸۸', '۸۹', '۹۰', '۹۱', '۹۲', '۹۳', '۹٤', '۹٥', '۹٦', '۹۷', '۹۸', '۹۹'],
 ];
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_SD.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_SD.php
index 362009e29..35180965a 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_SD.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_SD.php
@@ -12,6 +12,7 @@
 /*
  * Authors:
  * - IBM Globalization Center of Competency, Yamato Software Laboratory    bug-glibc-locales@gnu.org
+ * - Abdullah-Alhariri
  */
 return array_replace_recursive(require __DIR__.'/ar.php', [
     'formats' => [
@@ -24,4 +25,5 @@ return array_replace_recursive(require __DIR__.'/ar.php', [
     'weekdays_min' => ['ح', 'ن', 'ث', 'ر', 'خ', 'ج', 'س'],
     'first_day_of_week' => 6,
     'day_of_first_week_of_year' => 1,
+    'alt_numbers' => ['۰۰', '۰۱', '۰۲', '۰۳', '۰٤', '۰٥', '۰٦', '۰۷', '۰۸', '۰۹', '۱۰', '۱۱', '۱۲', '۱۳', '۱٤', '۱٥', '۱٦', '۱۷', '۱۸', '۱۹', '۲۰', '۲۱', '۲۲', '۲۳', '۲٤', '۲٥', '۲٦', '۲۷', '۲۸', '۲۹', '۳۰', '۳۱', '۳۲', '۳۳', '۳٤', '۳٥', '۳٦', '۳۷', '۳۸', '۳۹', '٤۰', '٤۱', '٤۲', '٤۳', '٤٤', '٤٥', '٤٦', '٤۷', '٤۸', '٤۹', '٥۰', '٥۱', '٥۲', '٥۳', '٥٤', '٥٥', '٥٦', '٥۷', '٥۸', '٥۹', '٦۰', '٦۱', '٦۲', '٦۳', '٦٤', '٦٥', '٦٦', '٦۷', '٦۸', '٦۹', '۷۰', '۷۱', '۷۲', '۷۳', '۷٤', '۷٥', '۷٦', '۷۷', '۷۸', '۷۹', '۸۰', '۸۱', '۸۲', '۸۳', '۸٤', '۸٥', '۸٦', '۸۷', '۸۸', '۸۹', '۹۰', '۹۱', '۹۲', '۹۳', '۹٤', '۹٥', '۹٦', '۹۷', '۹۸', '۹۹'],
 ]);
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_SY.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_SY.php
index 0ac09958e..2d4200845 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_SY.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_SY.php
@@ -12,6 +12,7 @@
 /*
  * Authors:
  * - IBM Globalization Center of Competency, Yamato Software Laboratory    bug-glibc-locales@gnu.org
+ * - Abdullah-Alhariri
  */
 return array_replace_recursive(require __DIR__.'/ar.php', [
     'formats' => [
@@ -24,4 +25,5 @@ return array_replace_recursive(require __DIR__.'/ar.php', [
     'weekdays_min' => ['ح', 'ن', 'ث', 'ر', 'خ', 'ج', 'س'],
     'first_day_of_week' => 6,
     'day_of_first_week_of_year' => 1,
+    'alt_numbers' => ['۰۰', '۰۱', '۰۲', '۰۳', '۰٤', '۰٥', '۰٦', '۰۷', '۰۸', '۰۹', '۱۰', '۱۱', '۱۲', '۱۳', '۱٤', '۱٥', '۱٦', '۱۷', '۱۸', '۱۹', '۲۰', '۲۱', '۲۲', '۲۳', '۲٤', '۲٥', '۲٦', '۲۷', '۲۸', '۲۹', '۳۰', '۳۱', '۳۲', '۳۳', '۳٤', '۳٥', '۳٦', '۳۷', '۳۸', '۳۹', '٤۰', '٤۱', '٤۲', '٤۳', '٤٤', '٤٥', '٤٦', '٤۷', '٤۸', '٤۹', '٥۰', '٥۱', '٥۲', '٥۳', '٥٤', '٥٥', '٥٦', '٥۷', '٥۸', '٥۹', '٦۰', '٦۱', '٦۲', '٦۳', '٦٤', '٦٥', '٦٦', '٦۷', '٦۸', '٦۹', '۷۰', '۷۱', '۷۲', '۷۳', '۷٤', '۷٥', '۷٦', '۷۷', '۷۸', '۷۹', '۸۰', '۸۱', '۸۲', '۸۳', '۸٤', '۸٥', '۸٦', '۸۷', '۸۸', '۸۹', '۹۰', '۹۱', '۹۲', '۹۳', '۹٤', '۹٥', '۹٦', '۹۷', '۹۸', '۹۹'],
 ]);
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_YE.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_YE.php
index 5dc29388e..169fe88a9 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_YE.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ar_YE.php
@@ -12,6 +12,7 @@
 /*
  * Authors:
  * - IBM Globalization Center of Competency, Yamato Software Laboratory    bug-glibc-locales@gnu.org
+ * - Abdullah-Alhariri
  */
 return array_replace_recursive(require __DIR__.'/ar.php', [
     'formats' => [
@@ -23,4 +24,5 @@ return array_replace_recursive(require __DIR__.'/ar.php', [
     'weekdays_short' => ['ح', 'ن', 'ث', 'ر', 'خ', 'ج', 'س'],
     'weekdays_min' => ['ح', 'ن', 'ث', 'ر', 'خ', 'ج', 'س'],
     'day_of_first_week_of_year' => 1,
+    'alt_numbers' => ['۰۰', '۰۱', '۰۲', '۰۳', '۰٤', '۰٥', '۰٦', '۰۷', '۰۸', '۰۹', '۱۰', '۱۱', '۱۲', '۱۳', '۱٤', '۱٥', '۱٦', '۱۷', '۱۸', '۱۹', '۲۰', '۲۱', '۲۲', '۲۳', '۲٤', '۲٥', '۲٦', '۲۷', '۲۸', '۲۹', '۳۰', '۳۱', '۳۲', '۳۳', '۳٤', '۳٥', '۳٦', '۳۷', '۳۸', '۳۹', '٤۰', '٤۱', '٤۲', '٤۳', '٤٤', '٤٥', '٤٦', '٤۷', '٤۸', '٤۹', '٥۰', '٥۱', '٥۲', '٥۳', '٥٤', '٥٥', '٥٦', '٥۷', '٥۸', '٥۹', '٦۰', '٦۱', '٦۲', '٦۳', '٦٤', '٦٥', '٦٦', '٦۷', '٦۸', '٦۹', '۷۰', '۷۱', '۷۲', '۷۳', '۷٤', '۷٥', '۷٦', '۷۷', '۷۸', '۷۹', '۸۰', '۸۱', '۸۲', '۸۳', '۸٤', '۸٥', '۸٦', '۸۷', '۸۸', '۸۹', '۹۰', '۹۱', '۹۲', '۹۳', '۹٤', '۹٥', '۹٦', '۹۷', '۹۸', '۹۹'],
 ]);
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/be.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/be.php
index 51b4d0cc1..ee736365a 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/be.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/be.php
@@ -9,13 +9,12 @@
  * file that was distributed with this source code.
  */
 
-// @codeCoverageIgnoreStart
-
 use Carbon\CarbonInterface;
 use Symfony\Component\Translation\PluralizationRules;
 
-if (class_exists('Symfony\\Component\\Translation\\PluralizationRules')) {
-    PluralizationRules::set(function ($number) {
+// @codeCoverageIgnoreStart
+if (class_exists(PluralizationRules::class)) {
+    PluralizationRules::set(static function ($number) {
         return (($number % 10 == 1) && ($number % 100 != 11)) ? 0 : ((($number % 10 >= 2) && ($number % 10 <= 4) && (($number % 100 < 10) || ($number % 100 >= 20))) ? 1 : 2);
     }, 'be');
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ca_ES_Valencia.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ca_ES_Valencia.php
index 861acd2a0..1c16421ad 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ca_ES_Valencia.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ca_ES_Valencia.php
@@ -9,5 +9,15 @@
  * file that was distributed with this source code.
  */
 
+use Symfony\Component\Translation\PluralizationRules;
+
+// @codeCoverageIgnoreStart
+if (class_exists(PluralizationRules::class)) {
+    PluralizationRules::set(static function ($number) {
+        return PluralizationRules::get($number, 'ca');
+    }, 'ca_ES_Valencia');
+}
+// @codeCoverageIgnoreEnd
+
 return array_replace_recursive(require __DIR__.'/ca.php', [
 ]);
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ckb.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ckb.php
new file mode 100644
index 000000000..acf4dc280
--- /dev/null
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ckb.php
@@ -0,0 +1,89 @@
+<?php
+
+/**
+ * This file is part of the Carbon package.
+ *
+ * (c) Brian Nesbitt <brian@nesbot.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+/*
+ * Authors:
+ * - Swara Mohammed
+ */
+$months = [
+    'ڕێبەندان',
+    'ڕەشەمە',
+    'نەورۆز',
+    'گوڵان',
+    'جۆزەردان',
+    'پوشپەڕ',
+    'گەلاوێژ',
+    'خەرمانان',
+    'ڕەزبەر',
+    'گەڵاڕێزان',
+    'سەرماوەرز',
+    'بەفرانبار',
+];
+
+return [
+    'year' => implode('|', ['{0}:count ساڵێک', '{1}ساڵێک', '{2}دوو ساڵ', ']2,11[:count ساڵ', ']10,Inf[:count ساڵ']),
+    'a_year' => implode('|', ['{0}:count ساڵێک', '{1}ساڵێک', '{2}دوو ساڵ', ']2,11[:count ساڵ', ']10,Inf[:count ساڵ']),
+    'month' => implode('|', ['{0}:count مانگێک', '{1}مانگێک', '{2}دوو مانگ', ']2,11[:count مانگ', ']10,Inf[:count مانگ']),
+    'a_month' => implode('|', ['{0}:count مانگێک', '{1}مانگێک', '{2}دوو مانگ', ']2,11[:count مانگ', ']10,Inf[:count مانگ']),
+    'week' => implode('|', ['{0}:count هەفتەیەک', '{1}هەفتەیەک', '{2}دوو هەفتە', ']2,11[:count هەفتە', ']10,Inf[:count هەفتە']),
+    'a_week' => implode('|', ['{0}:count هەفتەیەک', '{1}هەفتەیەک', '{2}دوو هەفتە', ']2,11[:count هەفتە', ']10,Inf[:count هەفتە']),
+    'day' => implode('|', ['{0}:count ڕۆژێک', '{1}ڕۆژێک', '{2}دوو ڕۆژ', ']2,11[:count ڕۆژ', ']10,Inf[:count ڕۆژ']),
+    'a_day' => implode('|', ['{0}:count ڕۆژێک', '{1}ڕۆژێک', '{2}دوو ڕۆژ', ']2,11[:count ڕۆژ', ']10,Inf[:count ڕۆژ']),
+    'hour' => implode('|', ['{0}:count کاتژمێرێک', '{1}کاتژمێرێک', '{2}دوو کاتژمێر', ']2,11[:count کاتژمێر', ']10,Inf[:count کاتژمێر']),
+    'a_hour' => implode('|', ['{0}:count کاتژمێرێک', '{1}کاتژمێرێک', '{2}دوو کاتژمێر', ']2,11[:count کاتژمێر', ']10,Inf[:count کاتژمێر']),
+    'minute' => implode('|', ['{0}:count خولەکێک', '{1}خولەکێک', '{2}دوو خولەک', ']2,11[:count خولەک', ']10,Inf[:count خولەک']),
+    'a_minute' => implode('|', ['{0}:count خولەکێک', '{1}خولەکێک', '{2}دوو خولەک', ']2,11[:count خولەک', ']10,Inf[:count خولەک']),
+    'second' => implode('|', ['{0}:count چرکەیەک', '{1}چرکەیەک', '{2}دوو چرکە', ']2,11[:count چرکە', ']10,Inf[:count چرکە']),
+    'a_second' => implode('|', ['{0}:count چرکەیەک', '{1}چرکەیەک', '{2}دوو چرکە', ']2,11[:count چرکە', ']10,Inf[:count چرکە']),
+    'ago' => 'پێش :time',
+    'from_now' => ':time لە ئێستاوە',
+    'after' => 'دوای :time',
+    'before' => 'پێش :time',
+    'diff_now' => 'ئێستا',
+    'diff_today' => 'ئەمڕۆ',
+    'diff_today_regexp' => 'ڕۆژ(?:\\s+لە)?(?:\\s+کاتژمێر)?',
+    'diff_yesterday' => 'دوێنێ',
+    'diff_yesterday_regexp' => 'دوێنێ(?:\\s+لە)?(?:\\s+کاتژمێر)?',
+    'diff_tomorrow' => 'سبەینێ',
+    'diff_tomorrow_regexp' => 'سبەینێ(?:\\s+لە)?(?:\\s+کاتژمێر)?',
+    'diff_before_yesterday' => 'پێش دوێنێ',
+    'diff_after_tomorrow' => 'دوای سبەینێ',
+    'period_recurrences' => implode('|', ['{0}جار', '{1}جار', '{2}:count دووجار', ']2,11[:count جار', ']10,Inf[:count جار']),
+    'period_interval' => 'هەموو :interval',
+    'period_start_date' => 'لە :date',
+    'period_end_date' => 'بۆ :date',
+    'months' => $months,
+    'months_short' => $months,
+    'weekdays' => ['یەکشەممە', 'دووشەممە', 'سێشەممە', 'چوارشەممە', 'پێنجشەممە', 'هەینی', 'شەممە'],
+    'weekdays_short' => ['یەکشەممە', 'دووشەممە', 'سێشەممە', 'چوارشەممە', 'پێنجشەممە', 'هەینی', 'شەممە'],
+    'weekdays_min' => ['یەکشەممە', 'دووشەممە', 'سێشەممە', 'چوارشەممە', 'پێنجشەممە', 'هەینی', 'شەممە'],
+    'list' => ['، ', ' و '],
+    'first_day_of_week' => 6,
+    'day_of_first_week_of_year' => 1,
+    'formats' => [
+        'LT' => 'HH:mm',
+        'LTS' => 'HH:mm:ss',
+        'L' => 'D/M/YYYY',
+        'LL' => 'D MMMM YYYY',
+        'LLL' => 'D MMMM YYYY HH:mm',
+        'LLLL' => 'dddd D MMMM YYYY HH:mm',
+    ],
+    'calendar' => [
+        'sameDay' => '[ئەمڕۆ لە کاتژمێر] LT',
+        'nextDay' => '[سبەینێ لە کاتژمێر] LT',
+        'nextWeek' => 'dddd [لە کاتژمێر] LT',
+        'lastDay' => '[دوێنێ لە کاتژمێر] LT',
+        'lastWeek' => 'dddd [لە کاتژمێر] LT',
+        'sameElse' => 'L',
+    ],
+    'meridiem' => ['پ.ن', 'د.ن'],
+    'weekend' => [5, 6],
+];
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/cs.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/cs.php
index 8cff9a019..c01e3ccc8 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/cs.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/cs.php
@@ -101,7 +101,8 @@ return [
     'after' => $za,
     'first_day_of_week' => 1,
     'day_of_first_week_of_year' => 4,
-    'months' => ['leden', 'únor', 'březen', 'duben', 'květen', 'červen', 'červenec', 'srpen', 'září', 'říjen', 'listopad', 'prosinec'],
+    'months' => ['ledna', 'února', 'března', 'dubna', 'května', 'června', 'července', 'srpna', 'září', 'října', 'listopadu', 'prosince'],
+    'months_standalone' => ['leden', 'únor', 'březen', 'duben', 'květen', 'červen', 'červenec', 'srpen', 'září', 'říjen', 'listopad', 'prosinec'],
     'months_short' => ['led', 'úno', 'bře', 'dub', 'kvě', 'čvn', 'čvc', 'srp', 'zář', 'říj', 'lis', 'pro'],
     'weekdays' => ['neděle', 'pondělí', 'úterý', 'středa', 'čtvrtek', 'pátek', 'sobota'],
     'weekdays_short' => ['ned', 'pon', 'úte', 'stř', 'čtv', 'pát', 'sob'],
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/cy.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/cy.php
index ab7c45a4f..119274f01 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/cy.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/cy.php
@@ -60,7 +60,7 @@ return [
     'ordinal' => function ($number) {
         return $number.(
             $number > 20
-                ? (\in_array($number, [40, 50, 60, 80, 100]) ? 'fed' : 'ain')
+                ? (\in_array((int) $number, [40, 50, 60, 80, 100], true) ? 'fed' : 'ain')
                 : ([
                     '', 'af', 'il', 'ydd', 'ydd', 'ed', 'ed', 'ed', 'fed', 'fed', 'fed', // 1af to 10fed
                     'eg', 'fed', 'eg', 'eg', 'fed', 'eg', 'eg', 'fed', 'eg', 'fed', // 11eg to 20fed
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/da.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/da.php
index 4e6640a67..322f91d5b 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/da.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/da.php
@@ -18,6 +18,7 @@
  * - Jens Herlevsen
  * - Ulrik McArdle (mcardle)
  * - Frederik Sauer (FrittenKeeZ)
+ * - Janus Bahs Jacquet (kokoshneta)
  */
 return [
     'year' => ':count år|:count år',
@@ -41,7 +42,7 @@ return [
     'second' => ':count sekund|:count sekunder',
     'a_second' => 'få sekunder|:count sekunder',
     's' => ':count s.',
-    'ago' => ':time siden',
+    'ago' => 'for :time siden',
     'from_now' => 'om :time',
     'after' => ':time efter',
     'before' => ':time før',
@@ -70,9 +71,9 @@ return [
     ],
     'ordinal' => ':number.',
     'months' => ['januar', 'februar', 'marts', 'april', 'maj', 'juni', 'juli', 'august', 'september', 'oktober', 'november', 'december'],
-    'months_short' => ['jan', 'feb', 'mar', 'apr', 'maj', 'jun', 'jul', 'aug', 'sep', 'okt', 'nov', 'dec'],
+    'months_short' => ['jan.', 'feb.', 'mar.', 'apr.', 'maj.', 'jun.', 'jul.', 'aug.', 'sep.', 'okt.', 'nov.', 'dec.'],
     'weekdays' => ['søndag', 'mandag', 'tirsdag', 'onsdag', 'torsdag', 'fredag', 'lørdag'],
-    'weekdays_short' => ['søn', 'man', 'tir', 'ons', 'tor', 'fre', 'lør'],
+    'weekdays_short' => ['søn.', 'man.', 'tir.', 'ons.', 'tor.', 'fre.', 'lør.'],
     'weekdays_min' => ['sø', 'ma', 'ti', 'on', 'to', 'fr', 'lø'],
     'first_day_of_week' => 1,
     'day_of_first_week_of_year' => 4,
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/de.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/de.php
index ff00c9745..3b70750e4 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/de.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/de.php
@@ -105,4 +105,13 @@ return [
     'first_day_of_week' => 1,
     'day_of_first_week_of_year' => 4,
     'list' => [', ', ' und '],
+    'ordinal_words' => [
+        'of' => 'im',
+        'first' => 'erster',
+        'second' => 'zweiter',
+        'third' => 'dritter',
+        'fourth' => 'vierten',
+        'fifth' => 'fünfter',
+        'last' => 'letzten',
+    ],
 ];
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/en.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/en.php
index a8633fef0..f81f617e3 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/en.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/en.php
@@ -72,7 +72,7 @@ return [
         $lastDigit = $number % 10;
 
         return $number.(
-            (~~($number % 100 / 10) === 1) ? 'th' : (
+            ((int) ($number % 100 / 10) === 1) ? 'th' : (
                 ($lastDigit === 1) ? 'st' : (
                     ($lastDigit === 2) ? 'nd' : (
                         ($lastDigit === 3) ? 'rd' : 'th'
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/en_CH.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/en_CH.php
index e2dd81db5..10d9cd8f1 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/en_CH.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/en_CH.php
@@ -11,4 +11,12 @@
 
 return array_replace_recursive(require __DIR__.'/en.php', [
     'first_day_of_week' => 1,
+    'formats' => [
+        'LT' => 'HH:mm',
+        'LTS' => 'HH:mm:ss',
+        'L' => 'DD.MM.YYYY',
+        'LL' => 'D MMMM YYYY',
+        'LLL' => 'D MMMM YYYY HH:mm',
+        'LLLL' => 'dddd D MMMM YYYY HH:mm',
+    ],
 ]);
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/es.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/es.php
index f77ec39c6..1c4fcfd0b 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/es.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/es.php
@@ -26,6 +26,7 @@
  * - quinterocesar
  * - Daniel Commesse Liévanos (danielcommesse)
  * - Pete Scopes (pdscopes)
+ * - gam04
  */
 
 use Carbon\CarbonInterface;
@@ -108,4 +109,13 @@ return [
     'day_of_first_week_of_year' => 4,
     'list' => [', ', ' y '],
     'meridiem' => ['a. m.', 'p. m.'],
+    'ordinal_words' => [
+        'of' => 'de',
+        'first' => 'primer',
+        'second' => 'segundo',
+        'third' => 'tercer',
+        'fourth' => 'cuarto',
+        'fifth' => 'quinto',
+        'last' => 'último',
+    ],
 ];
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/fi.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/fi.php
index 2003e1eab..edf2d6d35 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/fi.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/fi.php
@@ -74,8 +74,10 @@ return [
         'LTS' => 'HH.mm:ss',
         'L' => 'D.M.YYYY',
         'LL' => 'dddd D. MMMM[ta] YYYY',
+        'll' => 'ddd D. MMM YYYY',
         'LLL' => 'D.MM. HH.mm',
         'LLLL' => 'D. MMMM[ta] YYYY HH.mm',
+        'llll' => 'D. MMM YY HH.mm',
     ],
     'weekdays' => ['sunnuntai', 'maanantai', 'tiistai', 'keskiviikko', 'torstai', 'perjantai', 'lauantai'],
     'weekdays_short' => ['su', 'ma', 'ti', 'ke', 'to', 'pe', 'la'],
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/fr.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/fr.php
index 73fe5e41b..f4c7247b4 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/fr.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/fr.php
@@ -90,7 +90,7 @@ return [
     'weekdays_min' => ['di', 'lu', 'ma', 'me', 'je', 've', 'sa'],
     'ordinal' => function ($number, $period) {
         switch ($period) {
-            // In french, only the first has be ordinal, other number remains cardinal
+            // In French, only the first has to be ordinal, other number remains cardinal
             // @link https://fr.wikihow.com/%C3%A9crire-la-date-en-fran%C3%A7ais
             case 'D':
                 return $number.($number === 1 ? 'er' : '');
@@ -111,4 +111,13 @@ return [
     'first_day_of_week' => 1,
     'day_of_first_week_of_year' => 4,
     'list' => [', ', ' et '],
+    'ordinal_words' => [
+        'of' => 'de',
+        'first' => 'premier',
+        'second' => 'deuxième',
+        'third' => 'troisième',
+        'fourth' => 'quatrième',
+        'fifth' => 'cinquième',
+        'last' => 'dernier',
+    ],
 ];
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/hu.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/hu.php
index b2d2ac113..b7583eecd 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/hu.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/hu.php
@@ -82,7 +82,7 @@ return [
     'second_before' => ':count másodperccel',
     's_before' => ':count másodperccel',
     'months' => ['január', 'február', 'március', 'április', 'május', 'június', 'július', 'augusztus', 'szeptember', 'október', 'november', 'december'],
-    'months_short' => ['jan.', 'feb.', 'márc.', 'ápr.', 'máj.', 'jún.', 'júl.', 'aug.', 'szept.', 'okt.', 'nov.', 'dec.'],
+    'months_short' => ['jan.', 'febr.', 'márc.', 'ápr.', 'máj.', 'jún.', 'júl.', 'aug.', 'szept.', 'okt.', 'nov.', 'dec.'],
     'weekdays' => ['vasárnap', 'hétfő', 'kedd', 'szerda', 'csütörtök', 'péntek', 'szombat'],
     'weekdays_short' => ['vas', 'hét', 'kedd', 'sze', 'csüt', 'pén', 'szo'],
     'weekdays_min' => ['v', 'h', 'k', 'sze', 'cs', 'p', 'sz'],
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/it.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/it.php
index 605bcbb5a..49875d7ef 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/it.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/it.php
@@ -55,7 +55,7 @@ return [
     'µs' => ':countµs',
     'ago' => ':time fa',
     'from_now' => function ($time) {
-        return (preg_match('/^[0-9].+$/', $time) ? 'tra' : 'in')." $time";
+        return (preg_match('/^\d.+$/', $time) ? 'tra' : 'in')." $time";
     },
     'after' => ':time dopo',
     'before' => ':time prima',
@@ -103,4 +103,13 @@ return [
     'first_day_of_week' => 1,
     'day_of_first_week_of_year' => 4,
     'list' => [', ', ' e '],
+    'ordinal_words' => [
+        'of' => 'di',
+        'first' => 'primo',
+        'second' => 'secondo',
+        'third' => 'terzo',
+        'fourth' => 'quarto',
+        'fifth' => 'quinto',
+        'last' => 'ultimo',
+    ],
 ];
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ku.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ku.php
index b001e3015..189960c8a 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ku.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ku.php
@@ -11,31 +11,29 @@
 
 /*
  * Authors:
- * - Halwest Manguri
- * - Kardo Qadir
+ * - Unicode, Inc.
  */
-$months = ['کانونی دووەم', 'شوبات', 'ئازار', 'نیسان', 'ئایار', '‌حوزەیران', 'تەمموز', 'ئاب', 'ئەیلول', 'تشرینی یەکەم', 'تشرینی دووەم', 'کانونی یەکەم'];
-
-$weekdays = ['دوو شەممە', 'سێ شەممە', 'چوار شەممە', 'پێنج شەممە', 'هەینی', 'شەممە', 'یەک شەممە'];
 
 return [
-    'ago' => 'پێش :time',
-    'from_now' => ':time لە ئێستاوە',
-    'after' => 'دوای :time',
-    'before' => 'پێش :time',
-    'year' => '{0}ساڵ|{1}ساڵێک|{2}٢ ساڵ|[3,10]:count ساڵ|[11,Inf]:count ساڵ',
-    'month' => '{0}مانگ|{1}مانگێک|{2}٢ مانگ|[3,10]:count مانگ|[11,Inf]:count مانگ',
-    'week' => '{0}هەفتە|{1}هەفتەیەک|{2}٢ هەفتە|[3,10]:count هەفتە|[11,Inf]:count هەفتە',
-    'day' => '{0}ڕۆژ|{1}ڕۆژێک|{2}٢ ڕۆژ|[3,10]:count ڕۆژ|[11,Inf]:count ڕۆژ',
-    'hour' => '{0}کاتژمێر|{1}کاتژمێرێک|{2}٢ کاتژمێر|[3,10]:count کاتژمێر|[11,Inf]:count کاتژمێر',
-    'minute' => '{0}خولەک|{1}خولەکێک|{2}٢ خولەک|[3,10]:count خولەک|[11,Inf]:count خولەک',
-    'second' => '{0}چرکە|{1}چرکەیەک|{2}٢ چرکە|[3,10]:count چرکە|[11,Inf]:count چرکە',
-    'months' => $months,
-    'months_standalone' => $months,
-    'months_short' => $months,
-    'weekdays' => $weekdays,
-    'weekdays_short' => $weekdays,
-    'weekdays_min' => $weekdays,
+    'ago' => 'berî :time',
+    'from_now' => 'di :time de',
+    'after' => ':time piştî',
+    'before' => ':time berê',
+    'year' => ':count sal',
+    'year_ago' => ':count salê|:count salan',
+    'year_from_now' => 'salekê|:count salan',
+    'month' => ':count meh',
+    'week' => ':count hefte',
+    'day' => ':count roj',
+    'hour' => ':count saet',
+    'minute' => ':count deqîqe',
+    'second' => ':count saniye',
+    'months' => ['rêbendanê', 'reşemiyê', 'adarê', 'avrêlê', 'gulanê', 'pûşperê', 'tîrmehê', 'gelawêjê', 'rezberê', 'kewçêrê', 'sermawezê', 'berfanbarê'],
+    'months_standalone' => ['rêbendan', 'reşemî', 'adar', 'avrêl', 'gulan', 'pûşper', 'tîrmeh', 'gelawêj', 'rezber', 'kewçêr', 'sermawez', 'berfanbar'],
+    'months_short' => ['rêb', 'reş', 'ada', 'avr', 'gul', 'pûş', 'tîr', 'gel', 'rez', 'kew', 'ser', 'ber'],
+    'weekdays' => ['yekşem', 'duşem', 'sêşem', 'çarşem', 'pêncşem', 'în', 'şemî'],
+    'weekdays_short' => ['yş', 'dş', 'sş', 'çş', 'pş', 'în', 'ş'],
+    'weekdays_min' => ['Y', 'D', 'S', 'Ç', 'P', 'Î', 'Ş'],
     'list' => [', ', ' û '],
     'first_day_of_week' => 6,
     'day_of_first_week_of_year' => 1,
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/lv.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/lv.php
index 693eceb5a..d5cba7ca0 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/lv.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/lv.php
@@ -176,7 +176,8 @@ return [
     'weekdays' => $daysOfWeek,
     'weekdays_short' => ['Sv.', 'P.', 'O.', 'T.', 'C.', 'Pk.', 'S.'],
     'weekdays_min' => ['Sv.', 'P.', 'O.', 'T.', 'C.', 'Pk.', 'S.'],
-    'months' => ['janvārī', 'februārī', 'martā', 'aprīlī', 'maijā', 'jūnijā', 'jūlijā', 'augustā', 'septembrī', 'oktobrī', 'novembrī', 'decembrī'],
+    'months' => ['janvāris', 'februāris', 'marts', 'aprīlis', 'maijs', 'jūnijs', 'jūlijs', 'augusts', 'septembris', 'oktobris', 'novembris', 'decembris'],
+    'months_standalone' => ['janvārī', 'februārī', 'martā', 'aprīlī', 'maijā', 'jūnijā', 'jūlijā', 'augustā', 'septembrī', 'oktobrī', 'novembrī', 'decembrī'],
     'months_short' => ['janv.', 'febr.', 'martā', 'apr.', 'maijā', 'jūn.', 'jūl.', 'aug.', 'sept.', 'okt.', 'nov.', 'dec.'],
     'meridiem' => ['priekšpusdiena', 'pēcpusdiena'],
 ];
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/mn.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/mn.php
index 717d199bc..38c6434d3 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/mn.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/mn.php
@@ -26,6 +26,7 @@
  * - Nicolás Hock Isaza
  * - Ochirkhuyag
  * - Batmandakh
+ * - lucifer-crybaby
  */
 return [
     'year' => ':count жил',
@@ -43,38 +44,55 @@ return [
     'second' => ':count секунд',
     's' => ':countс',
 
-    'ago' => ':timeн өмнө',
-    'year_ago' => ':count жилий',
-    'month_ago' => ':count сары',
-    'day_ago' => ':count хоногий',
-    'hour_ago' => ':count цагий',
-    'minute_ago' => ':count минуты',
-    'second_ago' => ':count секунды',
+    'ago_mode' => 'last',
+    'ago' => ':time өмнө',
+    'year_ago' => ':count жилийн',
+    'y_ago' => ':count жилийн',
+    'month_ago' => ':count сарын',
+    'm_ago' => ':count сарын',
+    'day_ago' => ':count хоногийн',
+    'd_ago' => ':count хоногийн',
+    'week_ago' => ':count долоо хоногийн',
+    'w_ago' => ':count долоо хоногийн',
+    'hour_ago' => ':count цагийн',
+    'minute_ago' => ':count минутын',
+    'second_ago' => ':count секундын',
 
+    'from_now_mode' => 'last',
     'from_now' => 'одоогоос :time',
     'year_from_now' => ':count жилийн дараа',
+    'y_from_now' => ':count жилийн дараа',
     'month_from_now' => ':count сарын дараа',
+    'm_from_now' => ':count сарын дараа',
     'day_from_now' => ':count хоногийн дараа',
+    'd_from_now' => ':count хоногийн дараа',
     'hour_from_now' => ':count цагийн дараа',
     'minute_from_now' => ':count минутын дараа',
     'second_from_now' => ':count секундын дараа',
 
-    // Does it required to make translation for before, after as follows? hmm, I think we've made it with ago and from now keywords already. Anyway, I've included it just in case of undesired action...
-    'after' => ':timeн дараа',
-    'year_after' => ':count жилий',
-    'month_after' => ':count сары',
-    'day_after' => ':count хоногий',
-    'hour_after' => ':count цагий',
-    'minute_after' => ':count минуты',
-    'second_after' => ':count секунды',
+    'after_mode' => 'last',
+    'after' => ':time дараа',
+    'year_after' => ':count жилийн',
+    'y_after' => ':count жилийн',
+    'month_after' => ':count сарын',
+    'm_after' => ':count сарын',
+    'day_after' => ':count хоногийн',
+    'd_after' => ':count хоногийн',
+    'hour_after' => ':count цагийн',
+    'minute_after' => ':count минутын',
+    'second_after' => ':count секундын',
 
-    'before' => ':timeн өмнө',
-    'year_before' => ':count жилий',
-    'month_before' => ':count сары',
-    'day_before' => ':count хоногий',
-    'hour_before' => ':count цагий',
-    'minute_before' => ':count минуты',
-    'second_before' => ':count секунды',
+    'before_mode' => 'last',
+    'before' => ':time өмнө',
+    'year_before' => ':count жилийн',
+    'y_before' => ':count жилийн',
+    'month_before' => ':count сарын',
+    'm_before' => ':count сарын',
+    'day_before' => ':count хоногийн',
+    'd_before' => ':count хоногийн',
+    'hour_before' => ':count цагийн',
+    'minute_before' => ':count минутын',
+    'second_before' => ':count секундын',
 
     'list' => ', ',
     'diff_now' => 'одоо',
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ms.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ms.php
index 36934eeb1..c9e80854f 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ms.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ms.php
@@ -48,7 +48,7 @@ return [
     'ago' => ':time yang lepas',
     'from_now' => ':time dari sekarang',
     'after' => ':time kemudian',
-    'before' => ':time lepas',
+    'before' => ':time sebelum',
     'diff_now' => 'sekarang',
     'diff_today' => 'Hari',
     'diff_today_regexp' => 'Hari(?:\\s+ini)?(?:\\s+pukul)?',
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/oc.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/oc.php
index 89693e674..c9411d69d 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/oc.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/oc.php
@@ -17,7 +17,7 @@
 use Symfony\Component\Translation\PluralizationRules;
 
 if (class_exists('Symfony\\Component\\Translation\\PluralizationRules')) {
-    PluralizationRules::set(function ($number) {
+    PluralizationRules::set(static function ($number) {
         return $number == 1 ? 0 : 1;
     }, 'oc');
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/pl.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/pl.php
index f0196c0d6..b72053549 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/pl.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/pl.php
@@ -62,7 +62,7 @@ return [
     },
     'after' => ':time po',
     'before' => ':time przed',
-    'diff_now' => 'przed chwilą',
+    'diff_now' => 'teraz',
     'diff_today' => 'Dziś',
     'diff_today_regexp' => 'Dziś(?:\\s+o)?',
     'diff_yesterday' => 'wczoraj',
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/pt.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/pt.php
index 0af894994..bb6359b14 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/pt.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/pt.php
@@ -104,4 +104,13 @@ return [
     'first_day_of_week' => 1,
     'day_of_first_week_of_year' => 4,
     'list' => [', ', ' e '],
+    'ordinal_words' => [
+        'of' => 'de',
+        'first' => 'primeira',
+        'second' => 'segunda',
+        'third' => 'terceira',
+        'fourth' => 'quarta',
+        'fifth' => 'quinta',
+        'last' => 'última',
+    ],
 ];
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sh.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sh.php
index e4aa5a1c7..e03b50675 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sh.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sh.php
@@ -13,7 +13,7 @@
 use Symfony\Component\Translation\PluralizationRules;
 
 if (class_exists('Symfony\\Component\\Translation\\PluralizationRules')) {
-    PluralizationRules::set(function ($number) {
+    PluralizationRules::set(static function ($number) {
         return (($number % 10 == 1) && ($number % 100 != 11)) ? 0 : ((($number % 10 >= 2) && ($number % 10 <= 4) && (($number % 100 < 10) || ($number % 100 >= 20))) ? 1 : 2);
     }, 'sh');
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sk.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sk.php
index fd0f6b3e9..f9702e960 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sk.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sk.php
@@ -31,33 +31,89 @@
  * - jofi
  * - Jakub ADAMEC
  * - Marek Adamický
+ * - AlterwebStudio
  */
+
+use Carbon\CarbonInterface;
+
+$fromNow = function ($time) {
+    return 'o '.strtr($time, [
+            'hodina' => 'hodinu',
+            'minúta' => 'minútu',
+            'sekunda' => 'sekundu',
+        ]);
+};
+
+$ago = function ($time) {
+    $replacements = [
+        '/\bhodina\b/' => 'hodinou',
+        '/\bminúta\b/' => 'minútou',
+        '/\bsekunda\b/' => 'sekundou',
+        '/\bdeň\b/u' => 'dňom',
+        '/\btýždeň\b/u' => 'týždňom',
+        '/\bmesiac\b/' => 'mesiacom',
+        '/\brok\b/' => 'rokom',
+    ];
+
+    $replacementsPlural = [
+        '/\bhodiny\b/' => 'hodinami',
+        '/\bminúty\b/' => 'minútami',
+        '/\bsekundy\b/' => 'sekundami',
+        '/\bdni\b/' => 'dňami',
+        '/\btýždne\b/' => 'týždňami',
+        '/\bmesiace\b/' => 'mesiacmi',
+        '/\broky\b/' => 'rokmi',
+    ];
+
+    foreach ($replacements + $replacementsPlural as $pattern => $replacement) {
+        $time = preg_replace($pattern, $replacement, $time);
+    }
+
+    return "pred $time";
+};
+
 return [
-    'year' => 'rok|:count roky|:count rokov',
+    'year' => ':count rok|:count roky|:count rokov',
+    'a_year' => 'rok|:count roky|:count rokov',
     'y' => ':count r',
-    'month' => 'mesiac|:count mesiace|:count mesiacov',
+    'month' => ':count mesiac|:count mesiace|:count mesiacov',
+    'a_month' => 'mesiac|:count mesiace|:count mesiacov',
     'm' => ':count m',
-    'week' => 'týždeň|:count týždne|:count týždňov',
+    'week' => ':count týždeň|:count týždne|:count týždňov',
+    'a_week' => 'týždeň|:count týždne|:count týždňov',
     'w' => ':count t',
-    'day' => 'deň|:count dni|:count dní',
+    'day' => ':count deň|:count dni|:count dní',
+    'a_day' => 'deň|:count dni|:count dní',
     'd' => ':count d',
-    'hour' => 'hodinu|:count hodiny|:count hodín',
+    'hour' => ':count hodina|:count hodiny|:count hodín',
+    'a_hour' => 'hodina|:count hodiny|:count hodín',
     'h' => ':count h',
-    'minute' => 'minútu|:count minúty|:count minút',
+    'minute' => ':count minúta|:count minúty|:count minút',
+    'a_minute' => 'minúta|:count minúty|:count minút',
     'min' => ':count min',
-    'second' => 'sekundu|:count sekundy|:count sekúnd',
+    'second' => ':count sekunda|:count sekundy|:count sekúnd',
+    'a_second' => 'sekunda|:count sekundy|:count sekúnd',
     's' => ':count s',
-    'ago' => 'pred :time',
-    'from_now' => 'za :time',
-    'after' => 'o :time neskôr',
-    'before' => ':time predtým',
-    'year_ago' => 'rokom|:count rokmi|:count rokmi',
-    'month_ago' => 'mesiacom|:count mesiacmi|:count mesiacmi',
-    'week_ago' => 'týždňom|:count týždňami|:count týždňami',
-    'day_ago' => 'dňom|:count dňami|:count dňami',
-    'hour_ago' => 'hodinou|:count hodinami|:count hodinami',
-    'minute_ago' => 'minútou|:count minútami|:count minútami',
-    'second_ago' => 'sekundou|:count sekundami|:count sekundami',
+    'millisecond' => ':count milisekunda|:count milisekundy|:count milisekúnd',
+    'a_millisecond' => 'milisekunda|:count milisekundy|:count milisekúnd',
+    'ms' => ':count ms',
+    'microsecond' => ':count mikrosekunda|:count mikrosekundy|:count mikrosekúnd',
+    'a_microsecond' => 'mikrosekunda|:count mikrosekundy|:count mikrosekúnd',
+    'µs' => ':count µs',
+
+    'ago' => $ago,
+    'from_now' => $fromNow,
+    'before' => ':time pred',
+    'after' => ':time po',
+
+    'hour_after' => ':count hodinu|:count hodiny|:count hodín',
+    'minute_after' => ':count minútu|:count minúty|:count minút',
+    'second_after' => ':count sekundu|:count sekundy|:count sekúnd',
+
+    'hour_before' => ':count hodinu|:count hodiny|:count hodín',
+    'minute_before' => ':count minútu|:count minúty|:count minút',
+    'second_before' => ':count sekundu|:count sekundy|:count sekúnd',
+
     'first_day_of_week' => 1,
     'day_of_first_week_of_year' => 4,
     'list' => [', ', ' a '],
@@ -72,8 +128,26 @@ return [
         'LLL' => 'D. M. HH:mm',
         'LLLL' => 'dddd D. MMMM YYYY HH:mm',
     ],
+    'calendar' => [
+        'sameDay' => '[dnes o] LT',
+        'nextDay' => '[zajtra o] LT',
+        'lastDay' => '[včera o] LT',
+        'nextWeek' => 'dddd [o] LT',
+        'lastWeek' => static function (CarbonInterface $date) {
+            switch ($date->dayOfWeek) {
+                case 1:
+                case 2:
+                case 4:
+                case 5:
+                    return '[minulý] dddd [o] LT'; //pondelok/utorok/štvrtok/piatok
+                default:
+                    return '[minulá] dddd [o] LT';
+            }
+        },
+        'sameElse' => 'L',
+    ],
     'weekdays' => ['nedeľa', 'pondelok', 'utorok', 'streda', 'štvrtok', 'piatok', 'sobota'],
-    'weekdays_short' => ['ne', 'po', 'ut', 'st', 'št', 'pi', 'so'],
+    'weekdays_short' => ['ned', 'pon', 'uto', 'str', 'štv', 'pia', 'sob'],
     'weekdays_min' => ['ne', 'po', 'ut', 'st', 'št', 'pi', 'so'],
     'months' => ['január', 'február', 'marec', 'apríl', 'máj', 'jún', 'júl', 'august', 'september', 'október', 'november', 'december'],
     'months_short' => ['jan', 'feb', 'mar', 'apr', 'máj', 'jún', 'júl', 'aug', 'sep', 'okt', 'nov', 'dec'],
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sl.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sl.php
index 2e197212b..1f1d1b338 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sl.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sl.php
@@ -49,9 +49,9 @@ return [
     'a_second' => '{1}nekaj sekund|:count sekunda|:count sekundi|:count sekunde|:count sekund',
     's' => ':count s',
 
-    'year_ago' => ':count letom|:count leti|:count leti|:count leti',
-    'y_ago' => ':count letom|:count leti|:count leti|:count leti',
-    'month_ago' => ':count mesecem|:count meseci|:count meseci|:count meseci',
+    'year_ago' => ':count letom|:count letoma|:count leti|:count leti',
+    'y_ago' => ':count letom|:count letoma|:count leti|:count leti',
+    'month_ago' => ':count mesecem|:count mesecema|:count meseci|:count meseci',
     'week_ago' => ':count tednom|:count tednoma|:count tedni|:count tedni',
     'day_ago' => ':count dnem|:count dnevoma|:count dnevi|:count dnevi',
     'd_ago' => ':count dnem|:count dnevoma|:count dnevi|:count dnevi',
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Cyrl.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Cyrl.php
index c09df19cf..8becbc576 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Cyrl.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Cyrl.php
@@ -24,28 +24,28 @@
 use Carbon\CarbonInterface;
 
 return [
-    'year' => '{2,3,4,22,23,24,32,33,34,42,43,44,52,53,54}:count године|[0,Inf[:count година',
+    'year' => ':count година|:count године|:count година',
     'y' => ':count г.',
-    'month' => '{1}:count месец|{2,3,4}:count месеца|[0,Inf[:count месеци',
+    'month' => ':count месец|:count месеца|:count месеци',
     'm' => ':count м.',
-    'week' => '{1}:count недеља|{2,3,4}:count недеље|[0,Inf[:count недеља',
+    'week' => ':count недеља|:count недеље|:count недеља',
     'w' => ':count нед.',
-    'day' => '{1,21,31}:count дан|[0,Inf[:count дана',
+    'day' => ':count дан|:count дана|:count дана',
     'd' => ':count д.',
-    'hour' => '{1,21}:count сат|{2,3,4,22,23,24}:count сата|[0,Inf[:count сати',
+    'hour' => ':count сат|:count сата|:count сати',
     'h' => ':count ч.',
-    'minute' => '{1,21,31,41,51}:count минут|[0,Inf[:count минута',
+    'minute' => ':count минут|:count минута|:count минута',
     'min' => ':count мин.',
-    'second' => '{1,21,31,41,51}:count секунд|{2,3,4,22,23,24,32,33,34,42,43,44,52,53,54}:count секунде|[0,Inf[:count секунди',
+    'second' => ':count секунд|:count секунде|:count секунди',
     's' => ':count сек.',
     'ago' => 'пре :time',
     'from_now' => 'за :time',
     'after' => ':time након',
     'before' => ':time пре',
-    'year_from_now' => '{1,21,31,41,51}:count годину|{2,3,4,22,23,24,32,33,34,42,43,44,52,53,54}:count године|[0,Inf[:count година',
-    'year_ago' => '{1,21,31,41,51}:count годину|{2,3,4,22,23,24,32,33,34,42,43,44,52,53,54}:count године|[0,Inf[:count година',
-    'week_from_now' => '{1}:count недељу|{2,3,4}:count недеље|[0,Inf[:count недеља',
-    'week_ago' => '{1}:count недељу|{2,3,4}:count недеље|[0,Inf[:count недеља',
+    'year_from_now' => ':count годину|:count године|:count година',
+    'year_ago' => ':count годину|:count године|:count година',
+    'week_from_now' => ':count недељу|:count недеље|:count недеља',
+    'week_ago' => ':count недељу|:count недеље|:count недеља',
     'diff_now' => 'управо сада',
     'diff_today' => 'данас',
     'diff_today_regexp' => 'данас(?:\\s+у)?',
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Cyrl_BA.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Cyrl_BA.php
index 0fb63d769..4b29a45c7 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Cyrl_BA.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Cyrl_BA.php
@@ -9,6 +9,16 @@
  * file that was distributed with this source code.
  */
 
+use Symfony\Component\Translation\PluralizationRules;
+
+// @codeCoverageIgnoreStart
+if (class_exists(PluralizationRules::class)) {
+    PluralizationRules::set(static function ($number) {
+        return PluralizationRules::get($number, 'sr');
+    }, 'sr_Cyrl_BA');
+}
+// @codeCoverageIgnoreEnd
+
 return array_replace_recursive(require __DIR__.'/sr_Cyrl.php', [
     'formats' => [
         'LT' => 'HH:mm',
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Cyrl_ME.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Cyrl_ME.php
index d13229abc..28d22fd2c 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Cyrl_ME.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Cyrl_ME.php
@@ -16,32 +16,41 @@
  */
 
 use Carbon\CarbonInterface;
+use Symfony\Component\Translation\PluralizationRules;
+
+// @codeCoverageIgnoreStart
+if (class_exists(PluralizationRules::class)) {
+    PluralizationRules::set(static function ($number) {
+        return PluralizationRules::get($number, 'sr');
+    }, 'sr_Cyrl_ME');
+}
+// @codeCoverageIgnoreEnd
 
 return [
-    'year' => '{2,3,4,22,23,24,32,33,34,42,43,44,52,53,54}:count године|[0,Inf[:count година',
+    'year' => ':count година|:count године|:count година',
     'y' => ':count г.',
-    'month' => '{1}:count мјесец|{2,3,4}:count мјесеца|[0,Inf[:count мјесеци',
+    'month' => ':count мјесец|:count мјесеца|:count мјесеци',
     'm' => ':count мј.',
-    'week' => '{1}:count недјеља|{2,3,4}:count недјеље|[0,Inf[:count недјеља',
+    'week' => ':count недјеља|:count недјеље|:count недјеља',
     'w' => ':count нед.',
-    'day' => '{1,21,31}:count дан|[0,Inf[:count дана',
+    'day' => ':count дан|:count дана|:count дана',
     'd' => ':count д.',
-    'hour' => '{1,21}:count сат|{2,3,4,22,23,24}:count сата|[0,Inf[:count сати',
+    'hour' => ':count сат|:count сата|:count сати',
     'h' => ':count ч.',
-    'minute' => '{1,21,31,41,51}:count минут|[0,Inf[:count минута',
+    'minute' => ':count минут|:count минута|:count минута',
     'min' => ':count мин.',
-    'second' => '{1,21,31,41,51}:count секунд|{2,3,4,22,23,24,32,33,34,42,43,44,52,53,54}:count секунде|[0,Inf[:count секунди',
+    'second' => ':count секунд|:count секунде|:count секунди',
     's' => ':count сек.',
     'ago' => 'прије :time',
     'from_now' => 'за :time',
     'after' => ':time након',
     'before' => ':time прије',
 
-    'year_from_now' => '{1,21,31,41,51}:count годину|{2,3,4,22,23,24,32,33,34,42,43,44,52,53,54}:count године|[0,Inf[:count година',
-    'year_ago' => '{1,21,31,41,51}:count годину|{2,3,4,22,23,24,32,33,34,42,43,44,52,53,54}:count године|[0,Inf[:count година',
+    'year_from_now' => ':count годину|:count године|:count година',
+    'year_ago' => ':count годину|:count године|:count година',
 
-    'week_from_now' => '{1}:count недјељу|{2,3,4}:count недјеље|[0,Inf[:count недјеља',
-    'week_ago' => '{1}:count недјељу|{2,3,4}:count недјеље|[0,Inf[:count недјеља',
+    'week_from_now' => ':count недјељу|:count недјеље|:count недјеља',
+    'week_ago' => ':count недјељу|:count недјеље|:count недјеља',
 
     'diff_now' => 'управо сада',
     'diff_today' => 'данас',
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Cyrl_XK.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Cyrl_XK.php
index 492baf0cb..d6e29b86b 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Cyrl_XK.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Cyrl_XK.php
@@ -9,6 +9,16 @@
  * file that was distributed with this source code.
  */
 
+use Symfony\Component\Translation\PluralizationRules;
+
+// @codeCoverageIgnoreStart
+if (class_exists(PluralizationRules::class)) {
+    PluralizationRules::set(static function ($number) {
+        return PluralizationRules::get($number, 'sr');
+    }, 'sr_Cyrl_XK');
+}
+// @codeCoverageIgnoreEnd
+
 return array_replace_recursive(require __DIR__.'/sr_Cyrl_BA.php', [
     'weekdays' => ['недеља', 'понедељак', 'уторак', 'среда', 'четвртак', 'петак', 'субота'],
 ]);
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Latn_BA.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Latn_BA.php
index 897c674a5..95b2770db 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Latn_BA.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Latn_BA.php
@@ -9,6 +9,16 @@
  * file that was distributed with this source code.
  */
 
+use Symfony\Component\Translation\PluralizationRules;
+
+// @codeCoverageIgnoreStart
+if (class_exists(PluralizationRules::class)) {
+    PluralizationRules::set(static function ($number) {
+        return PluralizationRules::get($number, 'sr');
+    }, 'sr_Latn_BA');
+}
+// @codeCoverageIgnoreEnd
+
 return array_replace_recursive(require __DIR__.'/sr_Latn.php', [
     'formats' => [
         'LT' => 'HH:mm',
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Latn_ME.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Latn_ME.php
index e2133ef1a..5b8f2d062 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Latn_ME.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Latn_ME.php
@@ -16,6 +16,15 @@
  */
 
 use Carbon\CarbonInterface;
+use Symfony\Component\Translation\PluralizationRules;
+
+// @codeCoverageIgnoreStart
+if (class_exists(PluralizationRules::class)) {
+    PluralizationRules::set(static function ($number) {
+        return PluralizationRules::get($number, 'sr');
+    }, 'sr_Latn_ME');
+}
+// @codeCoverageIgnoreEnd
 
 return array_replace_recursive(require __DIR__.'/sr.php', [
     'month' => ':count mjesec|:count mjeseca|:count mjeseci',
@@ -27,6 +36,7 @@ return array_replace_recursive(require __DIR__.'/sr.php', [
     'before' => ':time prije',
     'week_from_now' => ':count nedjelju|:count nedjelje|:count nedjelja',
     'week_ago' => ':count nedjelju|:count nedjelje|:count nedjelja',
+    'second_ago' => ':count sekund|:count sekunde|:count sekundi',
     'diff_tomorrow' => 'sjutra',
     'calendar' => [
         'nextDay' => '[sjutra u] LT',
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Latn_XK.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Latn_XK.php
index d0b9d10bb..5278e2e5a 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Latn_XK.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sr_Latn_XK.php
@@ -9,6 +9,16 @@
  * file that was distributed with this source code.
  */
 
+use Symfony\Component\Translation\PluralizationRules;
+
+// @codeCoverageIgnoreStart
+if (class_exists(PluralizationRules::class)) {
+    PluralizationRules::set(static function ($number) {
+        return PluralizationRules::get($number, 'sr');
+    }, 'sr_Latn_XK');
+}
+// @codeCoverageIgnoreEnd
+
 return array_replace_recursive(require __DIR__.'/sr_Latn_BA.php', [
     'weekdays' => ['nedelja', 'ponedeljak', 'utorak', 'sreda', 'četvrtak', 'petak', 'subota'],
 ]);
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ss.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ss.php
index cd4b91901..1c52c9bf6 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ss.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/ss.php
@@ -50,7 +50,7 @@ return [
         $lastDigit = $number % 10;
 
         return $number.(
-            (~~($number % 100 / 10) === 1) ? 'e' : (
+            ((int) ($number % 100 / 10) === 1) ? 'e' : (
                 ($lastDigit === 1 || $lastDigit === 2) ? 'a' : 'e'
             )
         );
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sv.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sv.php
index ca33e1c45..1706c7191 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sv.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/sv.php
@@ -70,7 +70,7 @@ return [
         $lastDigit = $number % 10;
 
         return $number.(
-            (~~($number % 100 / 10) === 1) ? 'e' : (
+            ((int) ($number % 100 / 10) === 1) ? 'e' : (
                 ($lastDigit === 1 || $lastDigit === 2) ? 'a' : 'e'
             )
         );
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/uk.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/uk.php
index b267b0002..4217d16ed 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/uk.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Lang/uk.php
@@ -55,7 +55,7 @@ $processHoursFunction = function (CarbonInterface $date, string $format) {
  */
 return [
     'year' => ':count рік|:count роки|:count років',
-    'y' => ':countр',
+    'y' => ':countр|:countрр|:countрр',
     'a_year' => '{1}рік|:count рік|:count роки|:count років',
     'month' => ':count місяць|:count місяці|:count місяців',
     'm' => ':countм',
@@ -193,6 +193,7 @@ return [
             'genitive' => ['неділі', 'понеділка', 'вівторка', 'середи', 'четверга', 'п’ятниці', 'суботи'],
         ];
 
+        $format = $format ?? '';
         $nounCase = preg_match('/(\[(В|в|У|у)\])\s+dddd/u', $format)
             ? 'accusative'
             : (
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Laravel/ServiceProvider.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Laravel/ServiceProvider.php
index 8be0569e8..84e241e3e 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Laravel/ServiceProvider.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Laravel/ServiceProvider.php
@@ -24,6 +24,22 @@ use Throwable;
 
 class ServiceProvider extends \Illuminate\Support\ServiceProvider
 {
+    /** @var callable|null */
+    protected $appGetter = null;
+
+    /** @var callable|null */
+    protected $localeGetter = null;
+
+    public function setAppGetter(?callable $appGetter): void
+    {
+        $this->appGetter = $appGetter;
+    }
+
+    public function setLocaleGetter(?callable $localeGetter): void
+    {
+        $this->localeGetter = $localeGetter;
+    }
+
     public function boot()
     {
         $this->updateLocale();
@@ -44,8 +60,12 @@ class ServiceProvider extends \Illuminate\Support\ServiceProvider
 
     public function updateLocale()
     {
-        $app = $this->app && method_exists($this->app, 'getLocale') ? $this->app : app('translator');
-        $locale = $app->getLocale();
+        $locale = $this->getLocale();
+
+        if ($locale === null) {
+            return;
+        }
+
         Carbon::setLocale($locale);
         CarbonImmutable::setLocale($locale);
         CarbonPeriod::setLocale($locale);
@@ -70,6 +90,34 @@ class ServiceProvider extends \Illuminate\Support\ServiceProvider
         // Needed for Laravel < 5.3 compatibility
     }
 
+    protected function getLocale()
+    {
+        if ($this->localeGetter) {
+            return ($this->localeGetter)();
+        }
+
+        $app = $this->getApp();
+        $app = $app && method_exists($app, 'getLocale')
+            ? $app
+            : $this->getGlobalApp('translator');
+
+        return $app ? $app->getLocale() : null;
+    }
+
+    protected function getApp()
+    {
+        if ($this->appGetter) {
+            return ($this->appGetter)();
+        }
+
+        return $this->app ?? $this->getGlobalApp();
+    }
+
+    protected function getGlobalApp(...$args)
+    {
+        return \function_exists('app') ? \app(...$args) : null;
+    }
+
     protected function isEventDispatcher($instance)
     {
         return $instance instanceof EventDispatcher
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/MessageFormatter/MessageFormatterMapper.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/MessageFormatter/MessageFormatterMapper.php
new file mode 100644
index 000000000..c05480876
--- /dev/null
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/MessageFormatter/MessageFormatterMapper.php
@@ -0,0 +1,44 @@
+<?php
+
+/**
+ * This file is part of the Carbon package.
+ *
+ * (c) Brian Nesbitt <brian@nesbot.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Carbon\MessageFormatter;
+
+use ReflectionMethod;
+use Symfony\Component\Translation\Formatter\MessageFormatter;
+use Symfony\Component\Translation\Formatter\MessageFormatterInterface;
+
+// @codeCoverageIgnoreStart
+$transMethod = new ReflectionMethod(MessageFormatterInterface::class, 'format');
+
+require $transMethod->getParameters()[0]->hasType()
+    ? __DIR__.'/../../../lazy/Carbon/MessageFormatter/MessageFormatterMapperStrongType.php'
+    : __DIR__.'/../../../lazy/Carbon/MessageFormatter/MessageFormatterMapperWeakType.php';
+// @codeCoverageIgnoreEnd
+
+final class MessageFormatterMapper extends LazyMessageFormatter
+{
+    /**
+     * Wrapped formatter.
+     *
+     * @var MessageFormatterInterface
+     */
+    protected $formatter;
+
+    public function __construct(?MessageFormatterInterface $formatter = null)
+    {
+        $this->formatter = $formatter ?? new MessageFormatter();
+    }
+
+    protected function transformLocale(?string $locale): ?string
+    {
+        return $locale ? preg_replace('/[_@][A-Za-z][a-z]{2,}/', '', $locale) : $locale;
+    }
+}
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/PHPStan/AbstractMacro.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/PHPStan/AbstractMacro.php
index fc6fd2a79..fde67b36a 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/PHPStan/AbstractMacro.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/PHPStan/AbstractMacro.php
@@ -14,6 +14,12 @@ declare(strict_types=1);
 namespace Carbon\PHPStan;
 
 use Closure;
+use InvalidArgumentException;
+use PHPStan\BetterReflection\Reflection\Adapter\ReflectionParameter as AdapterReflectionParameter;
+use PHPStan\BetterReflection\Reflection\Adapter\ReflectionType as AdapterReflectionType;
+use PHPStan\BetterReflection\Reflection\ReflectionClass as BetterReflectionClass;
+use PHPStan\BetterReflection\Reflection\ReflectionFunction as BetterReflectionFunction;
+use PHPStan\BetterReflection\Reflection\ReflectionParameter as BetterReflectionParameter;
 use PHPStan\Reflection\Php\BuiltinMethodReflection;
 use PHPStan\TrinaryLogic;
 use ReflectionClass;
@@ -64,24 +70,34 @@ abstract class AbstractMacro implements BuiltinMethodReflection
     /**
      * Macro constructor.
      *
-     * @param string $className
-     * @phpstan-param class-string $className
-     *
-     * @param string   $methodName
-     * @param callable $macro
+     * @param class-string $className
+     * @param string       $methodName
+     * @param callable     $macro
      */
     public function __construct(string $className, string $methodName, $macro)
     {
         $this->className = $className;
         $this->methodName = $methodName;
-        $this->reflectionFunction = \is_array($macro)
+        $rawReflectionFunction = \is_array($macro)
             ? new ReflectionMethod($macro[0], $macro[1])
             : new ReflectionFunction($macro);
-        $this->parameters = $this->reflectionFunction->getParameters();
+        $this->reflectionFunction = self::hasModernParser()
+            ? $this->getReflectionFunction($macro)
+            : $rawReflectionFunction; // @codeCoverageIgnore
+        $this->parameters = array_map(
+            function ($parameter) {
+                if ($parameter instanceof BetterReflectionParameter) {
+                    return new AdapterReflectionParameter($parameter);
+                }
 
-        if ($this->reflectionFunction->isClosure()) {
+                return $parameter; // @codeCoverageIgnore
+            },
+            $this->reflectionFunction->getParameters()
+        );
+
+        if ($rawReflectionFunction->isClosure()) {
             try {
-                $closure = $this->reflectionFunction->getClosure();
+                $closure = $rawReflectionFunction->getClosure();
                 $boundClosure = Closure::bind($closure, new stdClass());
                 $this->static = (!$boundClosure || (new ReflectionFunction($boundClosure))->getClosureThis() === null);
             } catch (Throwable $e) {
@@ -90,6 +106,31 @@ abstract class AbstractMacro implements BuiltinMethodReflection
         }
     }
 
+    private function getReflectionFunction($spec)
+    {
+        if (\is_array($spec) && \count($spec) === 2 && \is_string($spec[1])) {
+            \assert($spec[1] !== '');
+
+            if (\is_object($spec[0])) {
+                return BetterReflectionClass::createFromInstance($spec[0])
+                    ->getMethod($spec[1]);
+            }
+
+            return BetterReflectionClass::createFromName($spec[0])
+                ->getMethod($spec[1]);
+        }
+
+        if (\is_string($spec)) {
+            return BetterReflectionFunction::createFromName($spec);
+        }
+
+        if ($spec instanceof Closure) {
+            return BetterReflectionFunction::createFromClosure($spec);
+        }
+
+        throw new InvalidArgumentException('Could not create reflection from the spec given'); // @codeCoverageIgnore
+    }
+
     /**
      * {@inheritdoc}
      */
@@ -175,7 +216,13 @@ abstract class AbstractMacro implements BuiltinMethodReflection
      */
     public function getReturnType(): ?ReflectionType
     {
-        return $this->reflectionFunction->getReturnType();
+        $type = $this->reflectionFunction->getReturnType();
+
+        if ($type instanceof ReflectionType) {
+            return $type; // @codeCoverageIgnore
+        }
+
+        return self::adaptType($type);
     }
 
     /**
@@ -205,18 +252,35 @@ abstract class AbstractMacro implements BuiltinMethodReflection
         return $this;
     }
 
-    /**
-     * {@inheritdoc}
-     */
-    public function getReflection(): ?ReflectionMethod
-    {
-        return $this->reflectionFunction instanceof ReflectionMethod
-            ? $this->reflectionFunction
-            : null;
-    }
-
     public function getTentativeReturnType(): ?ReflectionType
     {
         return null;
     }
+
+    public function returnsByReference(): TrinaryLogic
+    {
+        return TrinaryLogic::createNo();
+    }
+
+    private static function adaptType($type)
+    {
+        $method = method_exists(AdapterReflectionType::class, 'fromTypeOrNull')
+            ? 'fromTypeOrNull'
+            : 'fromReturnTypeOrNull'; // @codeCoverageIgnore
+
+        return AdapterReflectionType::$method($type);
+    }
+
+    private static function hasModernParser(): bool
+    {
+        static $modernParser = null;
+
+        if ($modernParser !== null) {
+            return $modernParser;
+        }
+
+        $modernParser = method_exists(AdapterReflectionType::class, 'fromTypeOrNull');
+
+        return $modernParser;
+    }
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/PHPStan/Macro.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/PHPStan/Macro.php
index 839258736..de3e51f6a 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/PHPStan/Macro.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/PHPStan/Macro.php
@@ -13,9 +13,16 @@ declare(strict_types=1);
 
 namespace Carbon\PHPStan;
 
+use PHPStan\BetterReflection\Reflection\Adapter;
 use PHPStan\Reflection\Php\BuiltinMethodReflection;
 use ReflectionMethod;
 
+$method = new ReflectionMethod(BuiltinMethodReflection::class, 'getReflection');
+
+require $method->hasReturnType() && $method->getReturnType()->getName() === Adapter\ReflectionMethod::class
+    ? __DIR__.'/../../../lazy/Carbon/PHPStan/AbstractMacroStatic.php'
+    : __DIR__.'/../../../lazy/Carbon/PHPStan/AbstractMacroBuiltin.php';
+
 $method = new ReflectionMethod(BuiltinMethodReflection::class, 'getFileName');
 
 require $method->hasReturnType()
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/PHPStan/MacroExtension.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/PHPStan/MacroExtension.php
index 8e2524c09..2cd6fce54 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/PHPStan/MacroExtension.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/PHPStan/MacroExtension.php
@@ -11,10 +11,12 @@
 
 namespace Carbon\PHPStan;
 
+use PHPStan\Reflection\Assertions;
 use PHPStan\Reflection\ClassReflection;
 use PHPStan\Reflection\MethodReflection;
 use PHPStan\Reflection\MethodsClassReflectionExtension;
 use PHPStan\Reflection\Php\PhpMethodReflectionFactory;
+use PHPStan\Reflection\ReflectionProvider;
 use PHPStan\Type\TypehintHelper;
 
 /**
@@ -38,10 +40,13 @@ final class MacroExtension implements MethodsClassReflectionExtension
      * Extension constructor.
      *
      * @param PhpMethodReflectionFactory $methodReflectionFactory
+     * @param ReflectionProvider         $reflectionProvider
      */
-    public function __construct(PhpMethodReflectionFactory $methodReflectionFactory)
-    {
-        $this->scanner = new MacroScanner();
+    public function __construct(
+        PhpMethodReflectionFactory $methodReflectionFactory,
+        ReflectionProvider $reflectionProvider
+    ) {
+        $this->scanner = new MacroScanner($reflectionProvider);
         $this->methodReflectionFactory = $methodReflectionFactory;
     }
 
@@ -59,6 +64,7 @@ final class MacroExtension implements MethodsClassReflectionExtension
     public function getMethod(ClassReflection $classReflection, string $methodName): MethodReflection
     {
         $builtinMacro = $this->scanner->getMethod($classReflection->getName(), $methodName);
+        $supportAssertions = class_exists(Assertions::class);
 
         return $this->methodReflectionFactory->create(
             $classReflection,
@@ -72,7 +78,11 @@ final class MacroExtension implements MethodsClassReflectionExtension
             $builtinMacro->isDeprecated()->yes(),
             $builtinMacro->isInternal(),
             $builtinMacro->isFinal(),
-            $builtinMacro->getDocComment()
+            $supportAssertions ? null : $builtinMacro->getDocComment(),
+            $supportAssertions ? Assertions::createEmpty() : null,
+            null,
+            $builtinMacro->getDocComment(),
+            []
         );
     }
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/PHPStan/MacroScanner.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/PHPStan/MacroScanner.php
index d169939d8..eb8957d4d 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/PHPStan/MacroScanner.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/PHPStan/MacroScanner.php
@@ -12,35 +12,55 @@
 namespace Carbon\PHPStan;
 
 use Carbon\CarbonInterface;
+use PHPStan\Reflection\ReflectionProvider;
 use ReflectionClass;
 use ReflectionException;
 
 final class MacroScanner
 {
+    /**
+     * @var \PHPStan\Reflection\ReflectionProvider
+     */
+    private $reflectionProvider;
+
+    /**
+     * MacroScanner constructor.
+     *
+     * @param \PHPStan\Reflection\ReflectionProvider $reflectionProvider
+     */
+    public function __construct(ReflectionProvider $reflectionProvider)
+    {
+        $this->reflectionProvider = $reflectionProvider;
+    }
+
     /**
      * Return true if the given pair class-method is a Carbon macro.
      *
-     * @param string $className
-     * @phpstan-param class-string $className
-     *
-     * @param string $methodName
+     * @param class-string $className
+     * @param string       $methodName
      *
      * @return bool
      */
     public function hasMethod(string $className, string $methodName): bool
     {
-        return is_a($className, CarbonInterface::class, true) &&
-            \is_callable([$className, 'hasMacro']) &&
+        $classReflection = $this->reflectionProvider->getClass($className);
+
+        if (
+            $classReflection->getName() !== CarbonInterface::class &&
+            !$classReflection->isSubclassOf(CarbonInterface::class)
+        ) {
+            return false;
+        }
+
+        return \is_callable([$className, 'hasMacro']) &&
             $className::hasMacro($methodName);
     }
 
     /**
      * Return the Macro for a given pair class-method.
      *
-     * @param string $className
-     * @phpstan-param class-string $className
-     *
-     * @param string $methodName
+     * @param class-string $className
+     * @param string       $methodName
      *
      * @throws ReflectionException
      *
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Comparison.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Comparison.php
index a23e6ed0c..f6261d882 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Comparison.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Comparison.php
@@ -75,6 +75,9 @@ trait Comparison
      */
     public function equalTo($date): bool
     {
+        $this->discourageNull($date);
+        $this->discourageBoolean($date);
+
         return $this == $this->resolveCarbon($date);
     }
 
@@ -155,6 +158,9 @@ trait Comparison
      */
     public function greaterThan($date): bool
     {
+        $this->discourageNull($date);
+        $this->discourageBoolean($date);
+
         return $this > $this->resolveCarbon($date);
     }
 
@@ -216,7 +222,10 @@ trait Comparison
      */
     public function greaterThanOrEqualTo($date): bool
     {
-        return $this >= $date;
+        $this->discourageNull($date);
+        $this->discourageBoolean($date);
+
+        return $this >= $this->resolveCarbon($date);
     }
 
     /**
@@ -256,6 +265,9 @@ trait Comparison
      */
     public function lessThan($date): bool
     {
+        $this->discourageNull($date);
+        $this->discourageBoolean($date);
+
         return $this < $this->resolveCarbon($date);
     }
 
@@ -317,7 +329,10 @@ trait Comparison
      */
     public function lessThanOrEqualTo($date): bool
     {
-        return $this <= $date;
+        $this->discourageNull($date);
+        $this->discourageBoolean($date);
+
+        return $this <= $this->resolveCarbon($date);
     }
 
     /**
@@ -351,10 +366,10 @@ trait Comparison
         }
 
         if ($equal) {
-            return $this->greaterThanOrEqualTo($date1) && $this->lessThanOrEqualTo($date2);
+            return $this >= $date1 && $this <= $date2;
         }
 
-        return $this->greaterThan($date1) && $this->lessThan($date2);
+        return $this > $date1 && $this < $date2;
     }
 
     /**
@@ -448,7 +463,7 @@ trait Comparison
      */
     public function isWeekend()
     {
-        return \in_array($this->dayOfWeek, static::$weekendDays);
+        return \in_array($this->dayOfWeek, static::$weekendDays, true);
     }
 
     /**
@@ -548,12 +563,17 @@ trait Comparison
     }
 
     /**
-     * Determines if the instance is a long year
+     * Determines if the instance is a long year (using calendar year).
+     *
+     * ⚠️ This method completely ignores month and day to use the numeric year number,
+     * it's not correct if the exact date matters. For instance as `2019-12-30` is already
+     * in the first week of the 2020 year, if you want to know from this date if ISO week
+     * year 2020 is a long year, use `isLongIsoYear` instead.
      *
      * @example
      * ```
-     * Carbon::parse('2015-01-01')->isLongYear(); // true
-     * Carbon::parse('2016-01-01')->isLongYear(); // false
+     * Carbon::create(2015)->isLongYear(); // true
+     * Carbon::create(2016)->isLongYear(); // false
      * ```
      *
      * @see https://en.wikipedia.org/wiki/ISO_8601#Week_dates
@@ -565,6 +585,27 @@ trait Comparison
         return static::create($this->year, 12, 28, 0, 0, 0, $this->tz)->weekOfYear === 53;
     }
 
+    /**
+     * Determines if the instance is a long year (using ISO 8601 year).
+     *
+     * @example
+     * ```
+     * Carbon::parse('2015-01-01')->isLongIsoYear(); // true
+     * Carbon::parse('2016-01-01')->isLongIsoYear(); // true
+     * Carbon::parse('2016-01-03')->isLongIsoYear(); // false
+     * Carbon::parse('2019-12-29')->isLongIsoYear(); // false
+     * Carbon::parse('2019-12-30')->isLongIsoYear(); // true
+     * ```
+     *
+     * @see https://en.wikipedia.org/wiki/ISO_8601#Week_dates
+     *
+     * @return bool
+     */
+    public function isLongIsoYear()
+    {
+        return static::create($this->isoWeekYear, 12, 28, 0, 0, 0, $this->tz)->weekOfYear === 53;
+    }
+
     /**
      * Compares the formatted values of the two dates.
      *
@@ -621,19 +662,19 @@ trait Comparison
             'microsecond' => 'Y-m-d H:i:s.u',
         ];
 
-        if (!isset($units[$unit])) {
-            if (isset($this->$unit)) {
-                return $this->resolveCarbon($date)->$unit === $this->$unit;
-            }
-
-            if ($this->localStrictModeEnabled ?? static::isStrictModeEnabled()) {
-                throw new BadComparisonUnitException($unit);
-            }
-
-            return false;
+        if (isset($units[$unit])) {
+            return $this->isSameAs($units[$unit], $date);
         }
 
-        return $this->isSameAs($units[$unit], $date);
+        if (isset($this->$unit)) {
+            return $this->resolveCarbon($date)->$unit === $this->$unit;
+        }
+
+        if ($this->localStrictModeEnabled ?? static::isStrictModeEnabled()) {
+            throw new BadComparisonUnitException($unit);
+        }
+
+        return false;
     }
 
     /**
@@ -981,12 +1022,12 @@ trait Comparison
             return $current->startOfMinute()->eq($other);
         }
 
-        if (preg_match('/\d(h|am|pm)$/', $tester)) {
+        if (preg_match('/\d(?:h|am|pm)$/', $tester)) {
             return $current->startOfHour()->eq($other);
         }
 
         if (preg_match(
-            '/^(january|february|march|april|may|june|july|august|september|october|november|december)\s+\d+$/i',
+            '/^(?:january|february|march|april|may|june|july|august|september|october|november|december)(?:\s+\d+)?$/i',
             $tester
         )) {
             return $current->startOfMonth()->eq($other->startOfMonth());
@@ -1067,4 +1108,18 @@ trait Comparison
     {
         return $this->endOfTime ?? false;
     }
+
+    private function discourageNull($value): void
+    {
+        if ($value === null) {
+            @trigger_error("Since 2.61.0, it's deprecated to compare a date to null, meaning of such comparison is ambiguous and will no longer be possible in 3.0.0, you should explicitly pass 'now' or make an other check to eliminate null values.", \E_USER_DEPRECATED);
+        }
+    }
+
+    private function discourageBoolean($value): void
+    {
+        if (\is_bool($value)) {
+            @trigger_error("Since 2.61.0, it's deprecated to compare a date to true or false, meaning of such comparison is ambiguous and will no longer be possible in 3.0.0, you should explicitly pass 'now' or make an other check to eliminate boolean values.", \E_USER_DEPRECATED);
+        }
+    }
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Converter.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Converter.php
index 8fe008a5c..fff8a600a 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Converter.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Converter.php
@@ -16,6 +16,7 @@ use Carbon\CarbonImmutable;
 use Carbon\CarbonInterface;
 use Carbon\CarbonInterval;
 use Carbon\CarbonPeriod;
+use Carbon\CarbonPeriodImmutable;
 use Carbon\Exceptions\UnitException;
 use Closure;
 use DateTime;
@@ -34,39 +35,7 @@ use ReturnTypeWillChange;
  */
 trait Converter
 {
-    /**
-     * Format to use for __toString method when type juggling occurs.
-     *
-     * @var string|Closure|null
-     */
-    protected static $toStringFormat;
-
-    /**
-     * Reset the format used to the default when type juggling a Carbon instance to a string
-     *
-     * @return void
-     */
-    public static function resetToStringFormat()
-    {
-        static::setToStringFormat(null);
-    }
-
-    /**
-     * @deprecated To avoid conflict between different third-party libraries, static setters should not be used.
-     *             You should rather let Carbon object being casted to string with DEFAULT_TO_STRING_FORMAT, and
-     *             use other method or custom format passed to format() method if you need to dump an other string
-     *             format.
-     *
-     * Set the default format used when type juggling a Carbon instance to a string
-     *
-     * @param string|Closure|null $format
-     *
-     * @return void
-     */
-    public static function setToStringFormat($format)
-    {
-        static::$toStringFormat = $format;
-    }
+    use ToStringFormat;
 
     /**
      * Returns the formatted date string on success or FALSE on failure.
@@ -110,7 +79,7 @@ trait Converter
      *
      * @example
      * ```
-     * echo Carbon::now(); // Carbon instances can be casted to string
+     * echo Carbon::now(); // Carbon instances can be cast to string
      * ```
      *
      * @return string
@@ -158,6 +127,21 @@ trait Converter
         return $this->rawFormat('M j, Y');
     }
 
+    /**
+     * Format the instance with the day, and a readable date
+     *
+     * @example
+     * ```
+     * echo Carbon::now()->toFormattedDayDateString();
+     * ```
+     *
+     * @return string
+     */
+    public function toFormattedDayDateString(): string
+    {
+        return $this->rawFormat('D, M j, Y');
+    }
+
     /**
      * Format the instance as time
      *
@@ -622,16 +606,18 @@ trait Converter
             $interval = CarbonInterval::make("$interval ".static::pluralUnit($unit));
         }
 
-        $period = (new CarbonPeriod())->setDateClass(static::class)->setStartDate($this);
+        $period = ($this->isMutable() ? new CarbonPeriod() : new CarbonPeriodImmutable())
+            ->setDateClass(static::class)
+            ->setStartDate($this);
 
         if ($interval) {
-            $period->setDateInterval($interval);
+            $period = $period->setDateInterval($interval);
         }
 
-        if (\is_int($end) || \is_string($end) && ctype_digit($end)) {
-            $period->setRecurrences($end);
+        if (\is_int($end) || (\is_string($end) && ctype_digit($end))) {
+            $period = $period->setRecurrences($end);
         } elseif ($end) {
-            $period->setEndDate($end);
+            $period = $period->setEndDate($end);
         }
 
         return $period;
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Creator.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Creator.php
index f2adee5fd..0d611ea22 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Creator.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Creator.php
@@ -19,6 +19,8 @@ use Carbon\Exceptions\InvalidFormatException;
 use Carbon\Exceptions\OutOfRangeException;
 use Carbon\Translator;
 use Closure;
+use DateMalformedStringException;
+use DateTimeImmutable;
 use DateTimeInterface;
 use DateTimeZone;
 use Exception;
@@ -79,8 +81,8 @@ trait Creator
 
         // Work-around for PHP bug https://bugs.php.net/bug.php?id=67127
         if (!str_contains((string) .1, '.')) {
-            $locale = setlocale(LC_NUMERIC, '0');
-            setlocale(LC_NUMERIC, 'C');
+            $locale = setlocale(LC_NUMERIC, '0'); // @codeCoverageIgnore
+            setlocale(LC_NUMERIC, 'C'); // @codeCoverageIgnore
         }
 
         try {
@@ -92,7 +94,7 @@ trait Creator
         $this->constructedObjectId = spl_object_hash($this);
 
         if (isset($locale)) {
-            setlocale(LC_NUMERIC, $locale);
+            setlocale(LC_NUMERIC, $locale); // @codeCoverageIgnore
         }
 
         self::setLastErrors(parent::getLastErrors());
@@ -112,7 +114,7 @@ trait Creator
             $safeTz = static::safeCreateDateTimeZone($tz);
 
             if ($safeTz) {
-                return $date->setTimezone($safeTz);
+                return ($date instanceof DateTimeImmutable ? $date : clone $date)->setTimezone($safeTz);
             }
 
             return $date;
@@ -148,7 +150,7 @@ trait Creator
 
         $instance = new static($date->format('Y-m-d H:i:s.u'), $date->getTimezone());
 
-        if ($date instanceof CarbonInterface || $date instanceof Options) {
+        if ($date instanceof CarbonInterface) {
             $settings = $date->getSettings();
 
             if (!$date->hasLocalTranslator()) {
@@ -184,7 +186,13 @@ trait Creator
         try {
             return new static($time, $tz);
         } catch (Exception $exception) {
-            $date = @static::now($tz)->change($time);
+            // @codeCoverageIgnoreStart
+            try {
+                $date = @static::now($tz)->change($time);
+            } catch (DateMalformedStringException $ignoredException) {
+                $date = null;
+            }
+            // @codeCoverageIgnoreEnd
 
             if (!$date) {
                 throw new InvalidFormatException("Could not parse '$time': ".$exception->getMessage(), 0, $exception);
@@ -354,13 +362,13 @@ trait Creator
      * If $hour is not null then the default values for $minute and $second
      * will be 0.
      *
-     * @param int|null                 $year
-     * @param int|null                 $month
-     * @param int|null                 $day
-     * @param int|null                 $hour
-     * @param int|null                 $minute
-     * @param int|null                 $second
-     * @param DateTimeZone|string|null $tz
+     * @param DateTimeInterface|int|null $year
+     * @param int|null                   $month
+     * @param int|null                   $day
+     * @param int|null                   $hour
+     * @param int|null                   $minute
+     * @param int|null                   $second
+     * @param DateTimeZone|string|null   $tz
      *
      * @throws InvalidFormatException
      *
@@ -368,7 +376,7 @@ trait Creator
      */
     public static function create($year = 0, $month = 1, $day = 1, $hour = 0, $minute = 0, $second = 0, $tz = null)
     {
-        if (\is_string($year) && !is_numeric($year) || $year instanceof DateTimeInterface) {
+        if ((\is_string($year) && !is_numeric($year)) || $year instanceof DateTimeInterface) {
             return static::parse($year, $tz ?: (\is_string($month) || $month instanceof DateTimeZone ? $month : null));
         }
 
@@ -634,6 +642,10 @@ trait Creator
             $time = preg_replace('/^(.*)(am|pm|AM|PM)(.*)$/U', '$1$3 $2', $time);
         }
 
+        if ($tz === false) {
+            $tz = null;
+        }
+
         // First attempt to create an instance, so that error messages are based on the unmodified format.
         $date = self::createFromFormatAndTimezone($format, $time, $tz);
         $lastErrors = parent::getLastErrors();
@@ -651,12 +663,14 @@ trait Creator
                 $tz = clone $mock->getTimezone();
             }
 
-            // Set microseconds to zero to match behavior of DateTime::createFromFormat()
-            // See https://bugs.php.net/bug.php?id=74332
-            $mock = $mock->copy()->microsecond(0);
+            $mock = $mock->copy();
 
             // Prepend mock datetime only if the format does not contain non escaped unix epoch reset flag.
             if (!preg_match("/{$nonEscaped}[!|]/", $format)) {
+                if (preg_match('/[HhGgisvuB]/', $format)) {
+                    $mock = $mock->setTime(0, 0);
+                }
+
                 $format = static::MOCK_DATETIME_FORMAT.' '.$format;
                 $time = ($mock instanceof self ? $mock->rawFormat(static::MOCK_DATETIME_FORMAT) : $mock->format(static::MOCK_DATETIME_FORMAT)).' '.$time;
             }
@@ -862,6 +876,19 @@ trait Creator
      */
     public static function createFromLocaleFormat($format, $locale, $time, $tz = null)
     {
+        $format = preg_replace_callback(
+            '/(?:\\\\[a-zA-Z]|[bfkqCEJKQRV]){2,}/',
+            static function (array $match) use ($locale): string {
+                $word = str_replace('\\', '', $match[0]);
+                $translatedWord = static::translateTimeString($word, $locale, 'en');
+
+                return $word === $translatedWord
+                    ? $match[0]
+                    : preg_replace('/[a-zA-Z]/', '\\\\$0', $translatedWord);
+            },
+            $format
+        );
+
         return static::rawCreateFromFormat($format, static::translateTimeString($time, $locale, 'en'), $tz);
     }
 
@@ -907,9 +934,9 @@ trait Creator
         if (\is_string($var)) {
             $var = trim($var);
 
-            if (!preg_match('/^P[0-9T]/', $var) &&
-                !preg_match('/^R[0-9]/', $var) &&
-                preg_match('/[a-z0-9]/i', $var)
+            if (!preg_match('/^P[\dT]/', $var) &&
+                !preg_match('/^R\d/', $var) &&
+                preg_match('/[a-z\d]/i', $var)
             ) {
                 $date = static::parse($var);
             }
@@ -921,13 +948,20 @@ trait Creator
     /**
      * Set last errors.
      *
-     * @param array $lastErrors
+     * @param array|bool $lastErrors
      *
      * @return void
      */
-    private static function setLastErrors(array $lastErrors)
+    private static function setLastErrors($lastErrors)
     {
-        static::$lastErrors = $lastErrors;
+        if (\is_array($lastErrors) || $lastErrors === false) {
+            static::$lastErrors = \is_array($lastErrors) ? $lastErrors : [
+                'warning_count' => 0,
+                'warnings' => [],
+                'error_count' => 0,
+                'errors' => [],
+            ];
+        }
     }
 
     /**
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Date.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Date.php
index 8c8af6fb0..8ae5c1781 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Date.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Date.php
@@ -532,6 +532,7 @@ trait Date
     use Creator;
     use Difference;
     use Macro;
+    use MagicParameter;
     use Modifiers;
     use Mutability;
     use ObjectInitialisation;
@@ -641,9 +642,11 @@ trait Date
     /**
      * List of minimum and maximums for each unit.
      *
+     * @param int $daysInMonth
+     *
      * @return array
      */
-    protected static function getRangesByUnit()
+    protected static function getRangesByUnit(int $daysInMonth = 31): array
     {
         return [
             // @call roundUnit
@@ -651,7 +654,7 @@ trait Date
             // @call roundUnit
             'month' => [1, static::MONTHS_PER_YEAR],
             // @call roundUnit
-            'day' => [1, 31],
+            'day' => [1, $daysInMonth],
             // @call roundUnit
             'hour' => [0, static::HOURS_PER_DAY - 1],
             // @call roundUnit
@@ -940,7 +943,7 @@ trait Date
             case $name === 'millisecond':
             // @property int
             case $name === 'milli':
-                return (int) floor($this->rawFormat('u') / 1000);
+                return (int) floor(((int) $this->rawFormat('u')) / 1000);
 
             // @property int 1 through 53
             case $name === 'week':
@@ -1250,7 +1253,7 @@ trait Date
     protected function getTranslatedFormByRegExp($baseKey, $keySuffix, $context, $subKey, $defaultValue)
     {
         $key = $baseKey.$keySuffix;
-        $standaloneKey = "${key}_standalone";
+        $standaloneKey = "{$key}_standalone";
         $baseTranslation = $this->getTranslationMessage($key);
 
         if ($baseTranslation instanceof Closure) {
@@ -1259,7 +1262,7 @@ trait Date
 
         if (
             $this->getTranslationMessage("$standaloneKey.$subKey") &&
-            (!$context || ($regExp = $this->getTranslationMessage("${baseKey}_regexp")) && !preg_match($regExp, $context))
+            (!$context || (($regExp = $this->getTranslationMessage("{$baseKey}_regexp")) && !preg_match($regExp, $context)))
         ) {
             $key = $standaloneKey;
         }
@@ -1354,9 +1357,14 @@ trait Date
      */
     public function weekday($value = null)
     {
-        $dayOfWeek = ($this->dayOfWeek + 7 - (int) ($this->getTranslationMessage('first_day_of_week') ?? 0)) % 7;
+        if ($value === null) {
+            return $this->dayOfWeek;
+        }
 
-        return $value === null ? $dayOfWeek : $this->addDays($value - $dayOfWeek);
+        $firstDay = (int) ($this->getTranslationMessage('first_day_of_week') ?? 0);
+        $dayOfWeek = ($this->dayOfWeek + 7 - $firstDay) % 7;
+
+        return $this->addDays((($value + 7 - $firstDay) % 7) - $dayOfWeek);
     }
 
     /**
@@ -1373,6 +1381,39 @@ trait Date
         return $value === null ? $dayOfWeekIso : $this->addDays($value - $dayOfWeekIso);
     }
 
+    /**
+     * Return the number of days since the start of the week (using the current locale or the first parameter
+     * if explicitly given).
+     *
+     * @param int|null $weekStartsAt optional start allow you to specify the day of week to use to start the week,
+     *                               if not provided, start of week is inferred from the locale
+     *                               (Sunday for en_US, Monday for de_DE, etc.)
+     *
+     * @return int
+     */
+    public function getDaysFromStartOfWeek(int $weekStartsAt = null): int
+    {
+        $firstDay = (int) ($weekStartsAt ?? $this->getTranslationMessage('first_day_of_week') ?? 0);
+
+        return ($this->dayOfWeek + 7 - $firstDay) % 7;
+    }
+
+    /**
+     * Set the day (keeping the current time) to the start of the week + the number of days passed as the first
+     * parameter. First day of week is driven by the locale unless explicitly set with the second parameter.
+     *
+     * @param int      $numberOfDays number of days to add after the start of the current week
+     * @param int|null $weekStartsAt optional start allow you to specify the day of week to use to start the week,
+     *                               if not provided, start of week is inferred from the locale
+     *                               (Sunday for en_US, Monday for de_DE, etc.)
+     *
+     * @return static
+     */
+    public function setDaysFromStartOfWeek(int $numberOfDays, int $weekStartsAt = null)
+    {
+        return $this->addDays($numberOfDays - $this->getDaysFromStartOfWeek($weekStartsAt));
+    }
+
     /**
      * Set any unit to a new value without overflowing current other unit given.
      *
@@ -1848,9 +1889,18 @@ trait Date
             $format = preg_replace('#(?<!%)((?:%%)*)%e#', '\1%#d', $format); // @codeCoverageIgnore
         }
 
-        $formatted = strftime($format, strtotime($this->toDateTimeString()));
+        $time = strtotime($this->toDateTimeString());
+        $formatted = ($this->localStrictModeEnabled ?? static::isStrictModeEnabled())
+            ? strftime($format, $time)
+            : @strftime($format, $time);
 
-        return static::$utf8 ? utf8_encode($formatted) : $formatted;
+        return static::$utf8
+            ? (
+                \function_exists('mb_convert_encoding')
+                ? mb_convert_encoding($formatted, 'UTF-8', mb_list_encodings())
+                : utf8_encode($formatted)
+            )
+            : $formatted;
     }
 
     /**
@@ -1869,6 +1919,10 @@ trait Date
             'LL' => $this->getTranslationMessage('formats.LL', $locale, 'MMMM D, YYYY'),
             'LLL' => $this->getTranslationMessage('formats.LLL', $locale, 'MMMM D, YYYY h:mm A'),
             'LLLL' => $this->getTranslationMessage('formats.LLLL', $locale, 'dddd, MMMM D, YYYY h:mm A'),
+            'l' => $this->getTranslationMessage('formats.l', $locale),
+            'll' => $this->getTranslationMessage('formats.ll', $locale),
+            'lll' => $this->getTranslationMessage('formats.lll', $locale),
+            'llll' => $this->getTranslationMessage('formats.llll', $locale),
         ];
     }
 
@@ -2152,7 +2206,7 @@ trait Date
 
             $input = mb_substr($format, $i);
 
-            if (preg_match('/^(LTS|LT|[Ll]{1,4})/', $input, $match)) {
+            if (preg_match('/^(LTS|LT|l{1,4}|L{1,4})/', $input, $match)) {
                 if ($formats === null) {
                     $formats = $this->getIsoFormats();
                 }
@@ -2256,6 +2310,7 @@ trait Date
                 'c' => true,
                 'r' => true,
                 'U' => true,
+                'T' => true,
             ];
         }
 
@@ -2359,7 +2414,7 @@ trait Date
         $symbol = $second < 0 ? '-' : '+';
         $minute = abs($second) / static::SECONDS_PER_MINUTE;
         $hour = str_pad((string) floor($minute / static::MINUTES_PER_HOUR), 2, '0', STR_PAD_LEFT);
-        $minute = str_pad((string) ($minute % static::MINUTES_PER_HOUR), 2, '0', STR_PAD_LEFT);
+        $minute = str_pad((string) (((int) $minute) % static::MINUTES_PER_HOUR), 2, '0', STR_PAD_LEFT);
 
         return "$symbol$hour$separator$minute";
     }
@@ -2479,7 +2534,7 @@ trait Date
             return 'millennia';
         }
 
-        return "${unit}s";
+        return "{$unit}s";
     }
 
     protected function executeCallable($macro, ...$parameters)
@@ -2566,7 +2621,7 @@ trait Date
         if (str_starts_with($unit, 'is')) {
             $word = substr($unit, 2);
 
-            if (\in_array($word, static::$days)) {
+            if (\in_array($word, static::$days, true)) {
                 return $this->isDayOfWeek($word);
             }
 
@@ -2594,7 +2649,7 @@ trait Date
             $unit = strtolower(substr($unit, 3));
         }
 
-        if (\in_array($unit, static::$units)) {
+        if (\in_array($unit, static::$units, true)) {
             return $this->setUnit($unit, ...$parameters);
         }
 
@@ -2604,7 +2659,7 @@ trait Date
             if (str_starts_with($unit, 'Real')) {
                 $unit = static::singularUnit(substr($unit, 4));
 
-                return $this->{"${action}RealUnit"}($unit, ...$parameters);
+                return $this->{"{$action}RealUnit"}($unit, ...$parameters);
             }
 
             if (preg_match('/^(Month|Quarter|Year|Decade|Century|Centurie|Millennium|Millennia)s?(No|With|Without|WithNo)Overflow$/', $unit, $match)) {
@@ -2616,7 +2671,7 @@ trait Date
         }
 
         if (static::isModifiableUnit($unit)) {
-            return $this->{"${action}Unit"}($unit, $parameters[0] ?? 1, $overflow);
+            return $this->{"{$action}Unit"}($unit, $this->getMagicParameter($parameters, 0, 'value', 1), $overflow);
         }
 
         $sixFirstLetters = substr($unit, 0, 6);
@@ -2655,7 +2710,11 @@ trait Date
             try {
                 $unit = static::singularUnit(substr($method, 0, -5));
 
-                return $this->range($parameters[0] ?? $this, $parameters[1] ?? 1, $unit);
+                return $this->range(
+                    $this->getMagicParameter($parameters, 0, 'endDate', $this),
+                    $this->getMagicParameter($parameters, 1, 'factor', 1),
+                    $unit
+                );
             } catch (InvalidArgumentException $exception) {
                 // Try macros
             }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Difference.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Difference.php
index cce1d2c3f..ab5b65d23 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Difference.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Difference.php
@@ -83,9 +83,9 @@ trait Difference
      *
      * @return CarbonInterval
      */
-    protected static function fixDiffInterval(DateInterval $diff, $absolute)
+    protected static function fixDiffInterval(DateInterval $diff, $absolute, array $skip = [])
     {
-        $diff = CarbonInterval::instance($diff);
+        $diff = CarbonInterval::instance($diff, $skip);
 
         // Work-around for https://bugs.php.net/bug.php?id=77145
         // @codeCoverageIgnoreStart
@@ -148,9 +148,9 @@ trait Difference
      *
      * @return CarbonInterval
      */
-    public function diffAsCarbonInterval($date = null, $absolute = true)
+    public function diffAsCarbonInterval($date = null, $absolute = true, array $skip = [])
     {
-        return static::fixDiffInterval($this->diff($this->resolveCarbon($date), $absolute), $absolute);
+        return static::fixDiffInterval($this->diff($this->resolveCarbon($date), $absolute), $absolute, $skip);
     }
 
     /**
@@ -189,9 +189,21 @@ trait Difference
      */
     public function diffInMonths($date = null, $absolute = true)
     {
-        $date = $this->resolveCarbon($date);
+        $date = $this->resolveCarbon($date)->avoidMutation()->tz($this->tz);
 
-        return $this->diffInYears($date, $absolute) * static::MONTHS_PER_YEAR + (int) $this->diff($date, $absolute)->format('%r%m');
+        [$yearStart, $monthStart, $dayStart] = explode('-', $this->format('Y-m-dHisu'));
+        [$yearEnd, $monthEnd, $dayEnd] = explode('-', $date->format('Y-m-dHisu'));
+
+        $diff = (((int) $yearEnd) - ((int) $yearStart)) * static::MONTHS_PER_YEAR +
+            ((int) $monthEnd) - ((int) $monthStart);
+
+        if ($diff > 0) {
+            $diff -= ($dayStart > $dayEnd ? 1 : 0);
+        } elseif ($diff < 0) {
+            $diff += ($dayStart < $dayEnd ? 1 : 0);
+        }
+
+        return $absolute ? abs($diff) : $diff;
     }
 
     /**
@@ -286,9 +298,9 @@ trait Difference
      */
     public function diffInWeekdays($date = null, $absolute = true)
     {
-        return $this->diffInDaysFiltered(function (CarbonInterface $date) {
+        return $this->diffInDaysFiltered(static function (CarbonInterface $date) {
             return $date->isWeekday();
-        }, $date, $absolute);
+        }, $this->resolveCarbon($date)->avoidMutation()->modify($this->format('H:i:s.u')), $absolute);
     }
 
     /**
@@ -301,9 +313,9 @@ trait Difference
      */
     public function diffInWeekendDays($date = null, $absolute = true)
     {
-        return $this->diffInDaysFiltered(function (CarbonInterface $date) {
+        return $this->diffInDaysFiltered(static function (CarbonInterface $date) {
             return $date->isWeekend();
-        }, $date, $absolute);
+        }, $this->resolveCarbon($date)->avoidMutation()->modify($this->format('H:i:s.u')), $absolute);
     }
 
     /**
@@ -472,7 +484,7 @@ trait Difference
      */
     public function floatDiffInSeconds($date = null, $absolute = true)
     {
-        return $this->diffInMicroseconds($date, $absolute) / static::MICROSECONDS_PER_SECOND;
+        return (float) ($this->diffInMicroseconds($date, $absolute) / static::MICROSECONDS_PER_SECOND);
     }
 
     /**
@@ -830,8 +842,9 @@ trait Difference
         $intSyntax = $intSyntax === static::DIFF_RELATIVE_AUTO && $other === null ? static::DIFF_RELATIVE_TO_NOW : $intSyntax;
 
         $parts = min(7, max(1, (int) $parts));
+        $skip = \is_array($syntax) ? ($syntax['skip'] ?? []) : [];
 
-        return $this->diffAsCarbonInterval($other, false)
+        return $this->diffAsCarbonInterval($other, false, (array) $skip)
             ->setLocalTranslator($this->getLocalTranslator())
             ->forHumans($syntax, (bool) $short, $parts, $options ?? $this->localHumanDiffOptions ?? static::getHumanDiffOptions());
     }
@@ -1161,7 +1174,7 @@ trait Difference
             version_compare(PHP_VERSION, '8.1.0-dev', '<') &&
             abs($interval->d - $daysDiff) === 1
         ) {
-            $daysDiff = abs($interval->d);
+            $daysDiff = abs($interval->d); // @codeCoverageIgnore
         }
 
         return $daysDiff * $sign;
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/IntervalRounding.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/IntervalRounding.php
index 4cd66b676..f069c280d 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/IntervalRounding.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/IntervalRounding.php
@@ -40,7 +40,7 @@ trait IntervalRounding
         $unit = 'second';
 
         if ($precision instanceof DateInterval) {
-            $precision = (string) CarbonInterval::instance($precision);
+            $precision = (string) CarbonInterval::instance($precision, [], true);
         }
 
         if (\is_string($precision) && preg_match('/^\s*(?<precision>\d+)?\s*(?<unit>\w+)(?<other>\W.*)?$/', $precision, $match)) {
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Localization.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Localization.php
index ddd2b4e98..46aff113e 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Localization.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Localization.php
@@ -23,12 +23,16 @@ use Symfony\Component\Translation\TranslatorInterface;
 use Symfony\Contracts\Translation\LocaleAwareInterface;
 use Symfony\Contracts\Translation\TranslatorInterface as ContractsTranslatorInterface;
 
-if (!interface_exists('Symfony\\Component\\Translation\\TranslatorInterface')) {
+// @codeCoverageIgnoreStart
+if (interface_exists('Symfony\\Contracts\\Translation\\TranslatorInterface') &&
+    !interface_exists('Symfony\\Component\\Translation\\TranslatorInterface')
+) {
     class_alias(
         'Symfony\\Contracts\\Translation\\TranslatorInterface',
         'Symfony\\Component\\Translation\\TranslatorInterface'
     );
 }
+// @codeCoverageIgnoreEnd
 
 /**
  * Trait Localization.
@@ -355,6 +359,13 @@ trait Localization
             $weekdays = $messages['weekdays'] ?? [];
             $meridiem = $messages['meridiem'] ?? ['AM', 'PM'];
 
+            if (isset($messages['ordinal_words'])) {
+                $timeString = self::replaceOrdinalWords(
+                    $timeString,
+                    $key === 'from' ? array_flip($messages['ordinal_words']) : $messages['ordinal_words']
+                );
+            }
+
             if ($key === 'from') {
                 foreach (['months', 'weekdays'] as $variable) {
                     $list = $messages[$variable.'_standalone'] ?? null;
@@ -454,7 +465,7 @@ trait Localization
                 }
             }
 
-            $this->setLocalTranslator($translator);
+            $this->localTranslator = $translator;
         }
 
         return $this;
@@ -555,17 +566,13 @@ trait Localization
     public static function localeHasShortUnits($locale)
     {
         return static::executeWithLocale($locale, function ($newLocale, TranslatorInterface $translator) {
-            return $newLocale &&
-                (
-                    ($y = static::translateWith($translator, 'y')) !== 'y' &&
-                    $y !== static::translateWith($translator, 'year')
-                ) || (
-                    ($y = static::translateWith($translator, 'd')) !== 'd' &&
+            return ($newLocale && (($y = static::translateWith($translator, 'y')) !== 'y' && $y !== static::translateWith($translator, 'year'))) || (
+                ($y = static::translateWith($translator, 'd')) !== 'd' &&
                     $y !== static::translateWith($translator, 'day')
-                ) || (
-                    ($y = static::translateWith($translator, 'h')) !== 'h' &&
+            ) || (
+                ($y = static::translateWith($translator, 'h')) !== 'h' &&
                     $y !== static::translateWith($translator, 'hour')
-                );
+            );
         });
     }
 
@@ -734,7 +741,7 @@ trait Localization
         }
 
         if ($translator && !($translator instanceof LocaleAwareInterface || method_exists($translator, 'getLocale'))) {
-            throw new NotLocaleAwareException($translator);
+            throw new NotLocaleAwareException($translator); // @codeCoverageIgnore
         }
 
         return $translator;
@@ -823,4 +830,11 @@ trait Localization
 
         return $list;
     }
+
+    private static function replaceOrdinalWords(string $timeString, array $ordinalWords): string
+    {
+        return preg_replace_callback('/(?<![a-z])[a-z]+(?![a-z])/i', function (array $match) use ($ordinalWords) {
+            return $ordinalWords[mb_strtolower($match[0])] ?? $match[0];
+        }, $timeString);
+    }
 }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/MagicParameter.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/MagicParameter.php
new file mode 100644
index 000000000..310a44d0c
--- /dev/null
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/MagicParameter.php
@@ -0,0 +1,33 @@
+<?php
+
+/**
+ * This file is part of the Carbon package.
+ *
+ * (c) Brian Nesbitt <brian@nesbot.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Carbon\Traits;
+
+/**
+ * Trait MagicParameter.
+ *
+ * Allows to retrieve parameter in magic calls by index or name.
+ */
+trait MagicParameter
+{
+    private function getMagicParameter(array $parameters, int $index, string $key, $default)
+    {
+        if (\array_key_exists($index, $parameters)) {
+            return $parameters[$index];
+        }
+
+        if (\array_key_exists($key, $parameters)) {
+            return $parameters[$key];
+        }
+
+        return $default;
+    }
+}
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Mixin.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Mixin.php
index 88b251df4..582245456 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Mixin.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Mixin.php
@@ -11,6 +11,9 @@
 
 namespace Carbon\Traits;
 
+use Carbon\CarbonInterface;
+use Carbon\CarbonInterval;
+use Carbon\CarbonPeriod;
 use Closure;
 use Generator;
 use ReflectionClass;
@@ -99,12 +102,13 @@ trait Mixin
     {
         $context = eval(self::getAnonymousClassCodeForTrait($trait));
         $className = \get_class($context);
+        $baseClass = static::class;
 
         foreach (self::getMixableMethods($context) as $name) {
             $closureBase = Closure::fromCallable([$context, $name]);
 
-            static::macro($name, function () use ($closureBase, $className) {
-                /** @phpstan-ignore-next-line */
+            static::macro($name, function (...$parameters) use ($closureBase, $className, $baseClass) {
+                $downContext = isset($this) ? ($this) : new $baseClass();
                 $context = isset($this) ? $this->cast($className) : new $className();
 
                 try {
@@ -117,7 +121,48 @@ trait Mixin
                 // in case of errors not converted into exceptions
                 $closure = $closure ?: $closureBase;
 
-                return $closure(...\func_get_args());
+                $result = $closure(...$parameters);
+
+                if (!($result instanceof $className)) {
+                    return $result;
+                }
+
+                if ($downContext instanceof CarbonInterface && $result instanceof CarbonInterface) {
+                    if ($context !== $result) {
+                        $downContext = $downContext->copy();
+                    }
+
+                    return $downContext
+                        ->setTimezone($result->getTimezone())
+                        ->modify($result->format('Y-m-d H:i:s.u'))
+                        ->settings($result->getSettings());
+                }
+
+                if ($downContext instanceof CarbonInterval && $result instanceof CarbonInterval) {
+                    if ($context !== $result) {
+                        $downContext = $downContext->copy();
+                    }
+
+                    $downContext->copyProperties($result);
+                    self::copyStep($downContext, $result);
+                    self::copyNegativeUnits($downContext, $result);
+
+                    return $downContext->settings($result->getSettings());
+                }
+
+                if ($downContext instanceof CarbonPeriod && $result instanceof CarbonPeriod) {
+                    if ($context !== $result) {
+                        $downContext = $downContext->copy();
+                    }
+
+                    return $downContext
+                        ->setDates($result->getStartDate(), $result->getEndDate())
+                        ->setRecurrences($result->getRecurrences())
+                        ->setOptions($result->getOptions())
+                        ->settings($result->getSettings());
+                }
+
+                return $result;
             });
         }
     }
@@ -151,22 +196,12 @@ trait Mixin
     protected static function bindMacroContext($context, callable $callable)
     {
         static::$macroContextStack[] = $context;
-        $exception = null;
-        $result = null;
 
         try {
-            $result = $callable();
-        } catch (Throwable $throwable) {
-            $exception = $throwable;
+            return $callable();
+        } finally {
+            array_pop(static::$macroContextStack);
         }
-
-        array_pop(static::$macroContextStack);
-
-        if ($exception) {
-            throw $exception;
-        }
-
-        return $result;
     }
 
     /**
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Modifiers.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Modifiers.php
index 164dbbd10..39343d8fa 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Modifiers.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Modifiers.php
@@ -75,7 +75,7 @@ trait Modifiers
      *
      * @param string|int|null $modifier
      *
-     * @return static
+     * @return static|false
      */
     public function next($modifier = null)
     {
@@ -157,7 +157,7 @@ trait Modifiers
      *
      * @param string|int|null $modifier
      *
-     * @return static
+     * @return static|false
      */
     public function previous($modifier = null)
     {
@@ -451,7 +451,7 @@ trait Modifiers
      *
      * @param string $modifier
      *
-     * @return static
+     * @return static|false
      */
     public function change($modifier)
     {
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Options.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Options.php
index 0ddee8dd6..48f973977 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Options.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Options.php
@@ -22,7 +22,7 @@ use Throwable;
  *
  * Depends on the following methods:
  *
- * @method \Carbon\Carbon|\Carbon\CarbonImmutable shiftTimezone($timezone) Set the timezone
+ * @method static shiftTimezone($timezone) Set the timezone
  */
 trait Options
 {
@@ -422,7 +422,7 @@ trait Options
         foreach ($map as $property => $key) {
             $value = $this->$property ?? null;
 
-            if ($value !== null) {
+            if ($value !== null && ($key !== 'locale' || $value !== 'en' || $this->localTranslator)) {
                 $settings[$key] = $value;
             }
         }
@@ -437,11 +437,11 @@ trait Options
      */
     public function __debugInfo()
     {
-        $infos = array_filter(get_object_vars($this), function ($var) {
+        $infos = array_filter(get_object_vars($this), static function ($var) {
             return $var;
         });
 
-        foreach (['dumpProperties', 'constructedObjectId'] as $property) {
+        foreach (['dumpProperties', 'constructedObjectId', 'constructed'] as $property) {
             if (isset($infos[$property])) {
                 unset($infos[$property]);
             }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Rounding.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Rounding.php
index 33062397f..85ff5a711 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Rounding.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Rounding.php
@@ -52,12 +52,11 @@ trait Rounding
             'millisecond' => [1000, 'microsecond'],
         ];
         $normalizedUnit = static::singularUnit($unit);
-        $ranges = array_merge(static::getRangesByUnit(), [
+        $ranges = array_merge(static::getRangesByUnit($this->daysInMonth), [
             // @call roundUnit
             'microsecond' => [0, 999999],
         ]);
         $factor = 1;
-        $initialMonth = $this->month;
 
         if ($normalizedUnit === 'week') {
             $normalizedUnit = 'day';
@@ -77,12 +76,15 @@ trait Rounding
         $found = false;
         $fraction = 0;
         $arguments = null;
+        $initialValue = null;
         $factor = $this->year < 0 ? -1 : 1;
         $changes = [];
+        $minimumInc = null;
 
         foreach ($ranges as $unit => [$minimum, $maximum]) {
             if ($normalizedUnit === $unit) {
                 $arguments = [$this->$unit, $minimum];
+                $initialValue = $this->$unit;
                 $fraction = $precision - floor($precision);
                 $found = true;
 
@@ -93,7 +95,23 @@ trait Rounding
                 $delta = $maximum + 1 - $minimum;
                 $factor /= $delta;
                 $fraction *= $delta;
-                $arguments[0] += $this->$unit * $factor;
+                $inc = ($this->$unit - $minimum) * $factor;
+
+                if ($inc !== 0.0) {
+                    $minimumInc = $minimumInc ?? ($arguments[0] / pow(2, 52));
+
+                    // If value is still the same when adding a non-zero increment/decrement,
+                    // it means precision got lost in the addition
+                    if (abs($inc) < $minimumInc) {
+                        $inc = $minimumInc * ($inc < 0 ? -1 : 1);
+                    }
+
+                    // If greater than $precision, assume precision loss caused an overflow
+                    if ($function !== 'floor' || abs($arguments[0] + $inc - $initialValue) >= $precision) {
+                        $arguments[0] += $inc;
+                    }
+                }
+
                 $changes[$unit] = round(
                     $minimum + ($fraction ? $fraction * $function(($this->$unit - $minimum) / $fraction) : 0)
                 );
@@ -111,16 +129,13 @@ trait Rounding
         $normalizedValue = floor($function(($value - $minimum) / $precision) * $precision + $minimum);
 
         /** @var CarbonInterface $result */
-        $result = $this->$normalizedUnit($normalizedValue);
+        $result = $this;
 
         foreach ($changes as $unit => $value) {
             $result = $result->$unit($value);
         }
 
-        return $normalizedUnit === 'month' && $precision <= 1 && abs($result->month - $initialMonth) === 2
-            // Re-run the change in case an overflow occurred
-            ? $result->$normalizedUnit($normalizedValue)
-            : $result;
+        return $result->$normalizedUnit($normalizedValue);
     }
 
     /**
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Serialization.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Serialization.php
index eebc69bd0..c1d5c5e13 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Serialization.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Serialization.php
@@ -120,6 +120,8 @@ trait Serialization
     /**
      * Returns the list of properties to dump on serialize() called on.
      *
+     * Only used by PHP < 7.4.
+     *
      * @return array
      */
     public function __sleep()
@@ -134,22 +136,70 @@ trait Serialization
         return $properties;
     }
 
+    /**
+     * Returns the values to dump on serialize() called on.
+     *
+     * Only used by PHP >= 7.4.
+     *
+     * @return array
+     */
+    public function __serialize(): array
+    {
+        // @codeCoverageIgnoreStart
+        if (isset($this->timezone_type, $this->timezone, $this->date)) {
+            return [
+                'date' => $this->date ?? null,
+                'timezone_type' => $this->timezone_type,
+                'timezone' => $this->timezone ?? null,
+            ];
+        }
+        // @codeCoverageIgnoreEnd
+
+        $timezone = $this->getTimezone();
+        $export = [
+            'date' => $this->format('Y-m-d H:i:s.u'),
+            'timezone_type' => $timezone->getType(),
+            'timezone' => $timezone->getName(),
+        ];
+
+        // @codeCoverageIgnoreStart
+        if (\extension_loaded('msgpack') && isset($this->constructedObjectId)) {
+            $export['dumpDateProperties'] = [
+                'date' => $this->format('Y-m-d H:i:s.u'),
+                'timezone' => serialize($this->timezone ?? null),
+            ];
+        }
+        // @codeCoverageIgnoreEnd
+
+        if ($this->localTranslator ?? null) {
+            $export['dumpLocale'] = $this->locale ?? null;
+        }
+
+        return $export;
+    }
+
     /**
      * Set locale if specified on unserialize() called.
      *
+     * Only used by PHP < 7.4.
+     *
      * @return void
      */
     #[ReturnTypeWillChange]
     public function __wakeup()
     {
-        if (get_parent_class() && method_exists(parent::class, '__wakeup')) {
+        if (parent::class && method_exists(parent::class, '__wakeup')) {
             // @codeCoverageIgnoreStart
             try {
                 parent::__wakeup();
             } catch (Throwable $exception) {
-                // FatalError occurs when calling msgpack_unpack() in PHP 7.4 or later.
-                ['date' => $date, 'timezone' => $timezone] = $this->dumpDateProperties;
-                parent::__construct($date, unserialize($timezone));
+                try {
+                    // FatalError occurs when calling msgpack_unpack() in PHP 7.4 or later.
+                    ['date' => $date, 'timezone' => $timezone] = $this->dumpDateProperties;
+                    parent::__construct($date, unserialize($timezone));
+                } catch (Throwable $ignoredException) {
+                    throw $exception;
+                }
             }
             // @codeCoverageIgnoreEnd
         }
@@ -164,6 +214,38 @@ trait Serialization
         $this->cleanupDumpProperties();
     }
 
+    /**
+     * Set locale if specified on unserialize() called.
+     *
+     * Only used by PHP >= 7.4.
+     *
+     * @return void
+     */
+    public function __unserialize(array $data): void
+    {
+        // @codeCoverageIgnoreStart
+        try {
+            $this->__construct($data['date'] ?? null, $data['timezone'] ?? null);
+        } catch (Throwable $exception) {
+            if (!isset($data['dumpDateProperties']['date'], $data['dumpDateProperties']['timezone'])) {
+                throw $exception;
+            }
+
+            try {
+                // FatalError occurs when calling msgpack_unpack() in PHP 7.4 or later.
+                ['date' => $date, 'timezone' => $timezone] = $data['dumpDateProperties'];
+                $this->__construct($date, unserialize($timezone));
+            } catch (Throwable $ignoredException) {
+                throw $exception;
+            }
+        }
+        // @codeCoverageIgnoreEnd
+
+        if (isset($data['dumpLocale'])) {
+            $this->locale($data['dumpLocale']);
+        }
+    }
+
     /**
      * Prepare the object for JSON serialization.
      *
@@ -207,11 +289,15 @@ trait Serialization
      */
     public function cleanupDumpProperties()
     {
-        foreach ($this->dumpProperties as $property) {
-            if (isset($this->$property)) {
-                unset($this->$property);
+        // @codeCoverageIgnoreStart
+        if (PHP_VERSION < 8.2) {
+            foreach ($this->dumpProperties as $property) {
+                if (isset($this->$property)) {
+                    unset($this->$property);
+                }
             }
         }
+        // @codeCoverageIgnoreEnd
 
         return $this;
     }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Test.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Test.php
index c86faa74c..f23c72e8f 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Test.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Test.php
@@ -28,7 +28,7 @@ trait Test
     /**
      * A test Carbon instance to be returned when now instances are created.
      *
-     * @var static
+     * @var Closure|static|null
      */
     protected static $testNow;
 
@@ -59,15 +59,13 @@ trait Test
      *
      * /!\ Use this method for unit tests only.
      *
-     * @param Closure|static|string|false|null $testNow real or mock Carbon instance
+     * @param DateTimeInterface|Closure|static|string|false|null $testNow real or mock Carbon instance
      */
     public static function setTestNow($testNow = null)
     {
-        if ($testNow === false) {
-            $testNow = null;
-        }
-
-        static::$testNow = \is_string($testNow) ? static::parse($testNow) : $testNow;
+        static::$testNow = $testNow instanceof self || $testNow instanceof Closure
+            ? $testNow
+            : static::make($testNow);
     }
 
     /**
@@ -87,7 +85,7 @@ trait Test
      *
      * /!\ Use this method for unit tests only.
      *
-     * @param Closure|static|string|false|null $testNow real or mock Carbon instance
+     * @param DateTimeInterface|Closure|static|string|false|null $testNow real or mock Carbon instance
      */
     public static function setTestNowAndTimezone($testNow = null, $tz = null)
     {
@@ -121,16 +119,22 @@ trait Test
      *
      * /!\ Use this method for unit tests only.
      *
-     * @param Closure|static|string|false|null $testNow  real or mock Carbon instance
-     * @param Closure|null                     $callback
+     * @template T
      *
-     * @return mixed
+     * @param DateTimeInterface|Closure|static|string|false|null $testNow  real or mock Carbon instance
+     * @param Closure(): T                                       $callback
+     *
+     * @return T
      */
-    public static function withTestNow($testNow = null, $callback = null)
+    public static function withTestNow($testNow, $callback)
     {
         static::setTestNow($testNow);
-        $result = $callback();
-        static::setTestNow();
+
+        try {
+            $result = $callback();
+        } finally {
+            static::setTestNow();
+        }
 
         return $result;
     }
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Timestamp.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Timestamp.php
index 2cb5c48d7..88a465c93 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Timestamp.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Timestamp.php
@@ -63,7 +63,7 @@ trait Timestamp
     public static function createFromTimestampMsUTC($timestamp)
     {
         [$milliseconds, $microseconds] = self::getIntegerAndDecimalParts($timestamp, 3);
-        $sign = $milliseconds < 0 || $milliseconds === 0.0 && $microseconds < 0 ? -1 : 1;
+        $sign = $milliseconds < 0 || ($milliseconds === 0.0 && $microseconds < 0) ? -1 : 1;
         $milliseconds = abs($milliseconds);
         $microseconds = $sign * abs($microseconds) + static::MICROSECONDS_PER_MILLISECOND * ($milliseconds % static::MILLISECONDS_PER_SECOND);
         $seconds = $sign * floor($milliseconds / static::MILLISECONDS_PER_SECOND);
@@ -125,7 +125,7 @@ trait Timestamp
      */
     public function getPreciseTimestamp($precision = 6)
     {
-        return round($this->rawFormat('Uu') / pow(10, 6 - $precision));
+        return round(((float) $this->rawFormat('Uu')) / pow(10, 6 - $precision));
     }
 
     /**
@@ -182,7 +182,7 @@ trait Timestamp
         $integer = 0;
         $decimal = 0;
 
-        foreach (preg_split('`[^0-9.]+`', $numbers) as $chunk) {
+        foreach (preg_split('`[^\d.]+`', $numbers) as $chunk) {
             [$integerPart, $decimalPart] = explode('.', "$chunk.");
 
             $integer += (int) $integerPart;
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/ToStringFormat.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/ToStringFormat.php
new file mode 100644
index 000000000..a81164f99
--- /dev/null
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/ToStringFormat.php
@@ -0,0 +1,56 @@
+<?php
+
+/**
+ * This file is part of the Carbon package.
+ *
+ * (c) Brian Nesbitt <brian@nesbot.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Carbon\Traits;
+
+use Closure;
+
+/**
+ * Trait ToStringFormat.
+ *
+ * Handle global format customization for string cast of the object.
+ */
+trait ToStringFormat
+{
+    /**
+     * Format to use for __toString method when type juggling occurs.
+     *
+     * @var string|Closure|null
+     */
+    protected static $toStringFormat;
+
+    /**
+     * Reset the format used to the default when type juggling a Carbon instance to a string
+     *
+     * @return void
+     */
+    public static function resetToStringFormat()
+    {
+        static::setToStringFormat(null);
+    }
+
+    /**
+     * @deprecated To avoid conflict between different third-party libraries, static setters should not be used.
+     *             You should rather let Carbon object being cast to string with DEFAULT_TO_STRING_FORMAT, and
+     *             use other method or custom format passed to format() method if you need to dump another string
+     *             format.
+     *
+     * Set the default format used when type juggling a Carbon instance to a string.
+     *
+     * @param string|Closure|null $format
+     *
+     * @return void
+     */
+    public static function setToStringFormat($format)
+    {
+        static::$toStringFormat = $format;
+    }
+}
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Units.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Units.php
index 2902a8b10..5be14ec7e 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Units.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/Traits/Units.php
@@ -17,6 +17,7 @@ use Carbon\CarbonInterval;
 use Carbon\Exceptions\UnitException;
 use Closure;
 use DateInterval;
+use DateMalformedStringException;
 use ReturnTypeWillChange;
 
 /**
@@ -60,8 +61,6 @@ trait Units
             case 'millisecond':
                 return $this->addRealUnit('microsecond', $value * static::MICROSECONDS_PER_MILLISECOND);
 
-                break;
-
             // @call addRealUnit
             case 'second':
                 break;
@@ -167,7 +166,7 @@ trait Units
             'weekday',
         ];
 
-        return \in_array($unit, $modifiableUnits) || \in_array($unit, static::$units);
+        return \in_array($unit, $modifiableUnits, true) || \in_array($unit, static::$units, true);
     }
 
     /**
@@ -199,7 +198,7 @@ trait Units
     public function add($unit, $value = 1, $overflow = null)
     {
         if (\is_string($unit) && \func_num_args() === 1) {
-            $unit = CarbonInterval::make($unit);
+            $unit = CarbonInterval::make($unit, [], true);
         }
 
         if ($unit instanceof CarbonConverterInterface) {
@@ -232,6 +231,8 @@ trait Units
      */
     public function addUnit($unit, $value = 1, $overflow = null)
     {
+        $originalArgs = \func_get_args();
+
         $date = $this;
 
         if (!is_numeric($value) || !(float) $value) {
@@ -264,7 +265,7 @@ trait Units
                     /** @var static $date */
                     $date = $date->addDays($sign);
 
-                    while (\in_array($date->dayOfWeek, $weekendDays)) {
+                    while (\in_array($date->dayOfWeek, $weekendDays, true)) {
                         $date = $date->addDays($sign);
                     }
                 }
@@ -274,14 +275,14 @@ trait Units
             }
 
             $timeString = $date->toTimeString();
-        } elseif ($canOverflow = \in_array($unit, [
+        } elseif ($canOverflow = (\in_array($unit, [
                 'month',
                 'year',
             ]) && ($overflow === false || (
                 $overflow === null &&
                 ($ucUnit = ucfirst($unit).'s') &&
                 !($this->{'local'.$ucUnit.'Overflow'} ?? static::{'shouldOverflow'.$ucUnit}())
-            ))) {
+            )))) {
             $day = $date->day;
         }
 
@@ -304,16 +305,21 @@ trait Units
             $unit = 'second';
             $value = $second;
         }
-        $date = $date->modify("$value $unit");
 
-        if (isset($timeString)) {
-            $date = $date->setTimeFromTimeString($timeString);
-        } elseif (isset($canOverflow, $day) && $canOverflow && $day !== $date->day) {
-            $date = $date->modify('last day of previous month');
+        try {
+            $date = $date->modify("$value $unit");
+
+            if (isset($timeString)) {
+                $date = $date->setTimeFromTimeString($timeString);
+            } elseif (isset($canOverflow, $day) && $canOverflow && $day !== $date->day) {
+                $date = $date->modify('last day of previous month');
+            }
+        } catch (DateMalformedStringException $ignoredException) { // @codeCoverageIgnore
+            $date = null; // @codeCoverageIgnore
         }
 
         if (!$date) {
-            throw new UnitException('Unable to add unit '.var_export(\func_get_args(), true));
+            throw new UnitException('Unable to add unit '.var_export($originalArgs, true));
         }
 
         return $date;
@@ -362,7 +368,7 @@ trait Units
     public function sub($unit, $value = 1, $overflow = null)
     {
         if (\is_string($unit) && \func_num_args() === 1) {
-            $unit = CarbonInterval::make($unit);
+            $unit = CarbonInterval::make($unit, [], true);
         }
 
         if ($unit instanceof CarbonConverterInterface) {
@@ -398,7 +404,7 @@ trait Units
     public function subtract($unit, $value = 1, $overflow = null)
     {
         if (\is_string($unit) && \func_num_args() === 1) {
-            $unit = CarbonInterval::make($unit);
+            $unit = CarbonInterval::make($unit, [], true);
         }
 
         return $this->sub($unit, $value, $overflow);
diff --git a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/TranslatorImmutable.php b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/TranslatorImmutable.php
index ad36c6704..ce6b2f90a 100644
--- a/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/TranslatorImmutable.php
+++ b/data/web/inc/lib/vendor/nesbot/carbon/src/Carbon/TranslatorImmutable.php
@@ -66,7 +66,7 @@ class TranslatorImmutable extends Translator
     /**
      * @codeCoverageIgnore
      */
-    public function setConfigCacheFactory(ConfigCacheFactoryInterface $configCacheFactory)
+    public function setConfigCacheFactory(ConfigCacheFactoryInterface $configCacheFactory): void
     {
         $this->disallowMutation(__METHOD__);
 
diff --git a/data/web/inc/lib/vendor/psr/clock/CHANGELOG.md b/data/web/inc/lib/vendor/psr/clock/CHANGELOG.md
new file mode 100644
index 000000000..3cd6b9b75
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/clock/CHANGELOG.md
@@ -0,0 +1,11 @@
+# Changelog
+
+All notable changes to this project will be documented in this file, in reverse chronological order by release.
+
+## 1.0.0
+
+First stable release after PSR-20 acceptance
+
+## 0.1.0
+
+First release
diff --git a/data/web/inc/lib/vendor/psr/clock/LICENSE b/data/web/inc/lib/vendor/psr/clock/LICENSE
new file mode 100644
index 000000000..be6834212
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/clock/LICENSE
@@ -0,0 +1,19 @@
+Copyright (c) 2017 PHP Framework Interoperability Group
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/data/web/inc/lib/vendor/psr/clock/README.md b/data/web/inc/lib/vendor/psr/clock/README.md
new file mode 100644
index 000000000..6ca877eeb
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/clock/README.md
@@ -0,0 +1,61 @@
+# PSR Clock
+
+This repository holds the interface for [PSR-20][psr-url].
+
+Note that this is not a clock of its own. It is merely an interface that
+describes a clock. See the specification for more details.
+
+## Installation
+
+```bash
+composer require psr/clock
+```
+
+## Usage
+
+If you need a clock, you can use the interface like this:
+
+```php
+<?php
+
+use Psr\Clock\ClockInterface;
+
+class Foo
+{
+    private ClockInterface $clock;
+
+    public function __construct(ClockInterface $clock)
+    {
+        $this->clock = $clock;
+    }
+
+    public function doSomething()
+    {
+        /** @var DateTimeImmutable $currentDateAndTime */
+        $currentDateAndTime = $this->clock->now();
+        // do something useful with that information
+    }
+}
+```
+
+You can then pick one of the [implementations][implementation-url] of the interface to get a clock.
+
+If you want to implement the interface, you can require this package and
+implement `Psr\Clock\ClockInterface` in your code. 
+
+Don't forget to add `psr/clock-implementation` to your `composer.json`s `provides`-section like this:
+
+```json
+{
+  "provides": {
+    "psr/clock-implementation": "1.0"
+  }
+}
+```
+
+And please read the [specification text][specification-url] for details on the interface.
+
+[psr-url]: https://www.php-fig.org/psr/psr-20
+[package-url]: https://packagist.org/packages/psr/clock
+[implementation-url]: https://packagist.org/providers/psr/clock-implementation
+[specification-url]: https://github.com/php-fig/fig-standards/blob/master/proposed/clock.md
diff --git a/data/web/inc/lib/vendor/psr/clock/composer.json b/data/web/inc/lib/vendor/psr/clock/composer.json
new file mode 100644
index 000000000..77992eda7
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/clock/composer.json
@@ -0,0 +1,21 @@
+{
+  "name": "psr/clock",
+  "description": "Common interface for reading the clock.",
+  "keywords": ["psr", "psr-20", "time", "clock", "now"],
+  "homepage": "https://github.com/php-fig/clock",
+  "license": "MIT",
+  "authors": [
+    {
+      "name": "PHP-FIG",
+      "homepage": "https://www.php-fig.org/"
+    }
+  ],
+  "require": {
+    "php": "^7.0 || ^8.0"
+  },
+  "autoload": {
+    "psr-4": {
+      "Psr\\Clock\\": "src/"
+    }
+  }
+}
diff --git a/data/web/inc/lib/vendor/psr/clock/src/ClockInterface.php b/data/web/inc/lib/vendor/psr/clock/src/ClockInterface.php
new file mode 100644
index 000000000..7b6d8d8aa
--- /dev/null
+++ b/data/web/inc/lib/vendor/psr/clock/src/ClockInterface.php
@@ -0,0 +1,13 @@
+<?php
+
+namespace Psr\Clock;
+
+use DateTimeImmutable;
+
+interface ClockInterface
+{
+    /**
+     * Returns the current time as a DateTimeImmutable Object
+     */
+    public function now(): DateTimeImmutable;
+}
diff --git a/data/web/inc/lib/vendor/symfony/deprecation-contracts/composer.json b/data/web/inc/lib/vendor/symfony/deprecation-contracts/composer.json
index 774200fdc..c6d02d874 100644
--- a/data/web/inc/lib/vendor/symfony/deprecation-contracts/composer.json
+++ b/data/web/inc/lib/vendor/symfony/deprecation-contracts/composer.json
@@ -25,7 +25,7 @@
     "minimum-stability": "dev",
     "extra": {
         "branch-alias": {
-            "dev-main": "3.3-dev"
+            "dev-main": "3.4-dev"
         },
         "thanks": {
             "name": "symfony/contracts",
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-mbstring/LICENSE b/data/web/inc/lib/vendor/symfony/polyfill-mbstring/LICENSE
index 4cd8bdd30..6e3afce69 100644
--- a/data/web/inc/lib/vendor/symfony/polyfill-mbstring/LICENSE
+++ b/data/web/inc/lib/vendor/symfony/polyfill-mbstring/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2015-2019 Fabien Potencier
+Copyright (c) 2015-present Fabien Potencier
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-mbstring/Mbstring.php b/data/web/inc/lib/vendor/symfony/polyfill-mbstring/Mbstring.php
index b65c54a6b..2e0b96940 100644
--- a/data/web/inc/lib/vendor/symfony/polyfill-mbstring/Mbstring.php
+++ b/data/web/inc/lib/vendor/symfony/polyfill-mbstring/Mbstring.php
@@ -69,7 +69,7 @@ final class Mbstring
 {
     public const MB_CASE_FOLD = \PHP_INT_MAX;
 
-    private const CASE_FOLD = [
+    private const SIMPLE_CASE_FOLD = [
         ['µ', 'ſ', "\xCD\x85", 'ς', "\xCF\x90", "\xCF\x91", "\xCF\x95", "\xCF\x96", "\xCF\xB0", "\xCF\xB1", "\xCF\xB5", "\xE1\xBA\x9B", "\xE1\xBE\xBE"],
         ['μ', 's', 'ι',        'σ', 'β',        'θ',        'φ',        'π',        'κ',        'ρ',        'ε',        "\xE1\xB9\xA1", 'ι'],
     ];
@@ -80,7 +80,7 @@ final class Mbstring
 
     public static function mb_convert_encoding($s, $toEncoding, $fromEncoding = null)
     {
-        if (\is_array($fromEncoding) || ($fromEncoding !== null && false !== strpos($fromEncoding, ','))) {
+        if (\is_array($fromEncoding) || (null !== $fromEncoding && false !== strpos($fromEncoding, ','))) {
             $fromEncoding = self::mb_detect_encoding($s, $fromEncoding);
         } else {
             $fromEncoding = self::getEncoding($fromEncoding);
@@ -102,7 +102,7 @@ final class Mbstring
                 $fromEncoding = 'Windows-1252';
             }
             if ('UTF-8' !== $fromEncoding) {
-                $s = \iconv($fromEncoding, 'UTF-8//IGNORE', $s);
+                $s = iconv($fromEncoding, 'UTF-8//IGNORE', $s);
             }
 
             return preg_replace_callback('/[\x80-\xFF]+/', [__CLASS__, 'html_encoding_callback'], $s);
@@ -113,7 +113,7 @@ final class Mbstring
             $fromEncoding = 'UTF-8';
         }
 
-        return \iconv($fromEncoding, $toEncoding.'//IGNORE', $s);
+        return iconv($fromEncoding, $toEncoding.'//IGNORE', $s);
     }
 
     public static function mb_convert_variables($toEncoding, $fromEncoding, &...$vars)
@@ -130,7 +130,7 @@ final class Mbstring
 
     public static function mb_decode_mimeheader($s)
     {
-        return \iconv_mime_decode($s, 2, self::$internalEncoding);
+        return iconv_mime_decode($s, 2, self::$internalEncoding);
     }
 
     public static function mb_encode_mimeheader($s, $charset = null, $transferEncoding = null, $linefeed = null, $indent = null)
@@ -140,7 +140,7 @@ final class Mbstring
 
     public static function mb_decode_numericentity($s, $convmap, $encoding = null)
     {
-        if (null !== $s && !is_scalar($s) && !(\is_object($s) && method_exists($s, '__toString'))) {
+        if (null !== $s && !\is_scalar($s) && !(\is_object($s) && method_exists($s, '__toString'))) {
             trigger_error('mb_decode_numericentity() expects parameter 1 to be string, '.\gettype($s).' given', \E_USER_WARNING);
 
             return null;
@@ -150,7 +150,7 @@ final class Mbstring
             return false;
         }
 
-        if (null !== $encoding && !is_scalar($encoding)) {
+        if (null !== $encoding && !\is_scalar($encoding)) {
             trigger_error('mb_decode_numericentity() expects parameter 3 to be string, '.\gettype($s).' given', \E_USER_WARNING);
 
             return '';  // Instead of null (cf. mb_encode_numericentity).
@@ -166,10 +166,10 @@ final class Mbstring
         if ('UTF-8' === $encoding) {
             $encoding = null;
             if (!preg_match('//u', $s)) {
-                $s = @\iconv('UTF-8', 'UTF-8//IGNORE', $s);
+                $s = @iconv('UTF-8', 'UTF-8//IGNORE', $s);
             }
         } else {
-            $s = \iconv($encoding, 'UTF-8//IGNORE', $s);
+            $s = iconv($encoding, 'UTF-8//IGNORE', $s);
         }
 
         $cnt = floor(\count($convmap) / 4) * 4;
@@ -195,12 +195,12 @@ final class Mbstring
             return $s;
         }
 
-        return \iconv('UTF-8', $encoding.'//IGNORE', $s);
+        return iconv('UTF-8', $encoding.'//IGNORE', $s);
     }
 
     public static function mb_encode_numericentity($s, $convmap, $encoding = null, $is_hex = false)
     {
-        if (null !== $s && !is_scalar($s) && !(\is_object($s) && method_exists($s, '__toString'))) {
+        if (null !== $s && !\is_scalar($s) && !(\is_object($s) && method_exists($s, '__toString'))) {
             trigger_error('mb_encode_numericentity() expects parameter 1 to be string, '.\gettype($s).' given', \E_USER_WARNING);
 
             return null;
@@ -210,13 +210,13 @@ final class Mbstring
             return false;
         }
 
-        if (null !== $encoding && !is_scalar($encoding)) {
+        if (null !== $encoding && !\is_scalar($encoding)) {
             trigger_error('mb_encode_numericentity() expects parameter 3 to be string, '.\gettype($s).' given', \E_USER_WARNING);
 
             return null;  // Instead of '' (cf. mb_decode_numericentity).
         }
 
-        if (null !== $is_hex && !is_scalar($is_hex)) {
+        if (null !== $is_hex && !\is_scalar($is_hex)) {
             trigger_error('mb_encode_numericentity() expects parameter 4 to be boolean, '.\gettype($s).' given', \E_USER_WARNING);
 
             return null;
@@ -232,10 +232,10 @@ final class Mbstring
         if ('UTF-8' === $encoding) {
             $encoding = null;
             if (!preg_match('//u', $s)) {
-                $s = @\iconv('UTF-8', 'UTF-8//IGNORE', $s);
+                $s = @iconv('UTF-8', 'UTF-8//IGNORE', $s);
             }
         } else {
-            $s = \iconv($encoding, 'UTF-8//IGNORE', $s);
+            $s = iconv($encoding, 'UTF-8//IGNORE', $s);
         }
 
         static $ulenMask = ["\xC0" => 2, "\xD0" => 2, "\xE0" => 3, "\xF0" => 4];
@@ -265,7 +265,7 @@ final class Mbstring
             return $result;
         }
 
-        return \iconv('UTF-8', $encoding.'//IGNORE', $result);
+        return iconv('UTF-8', $encoding.'//IGNORE', $result);
     }
 
     public static function mb_convert_case($s, $mode, $encoding = null)
@@ -280,10 +280,10 @@ final class Mbstring
         if ('UTF-8' === $encoding) {
             $encoding = null;
             if (!preg_match('//u', $s)) {
-                $s = @\iconv('UTF-8', 'UTF-8//IGNORE', $s);
+                $s = @iconv('UTF-8', 'UTF-8//IGNORE', $s);
             }
         } else {
-            $s = \iconv($encoding, 'UTF-8//IGNORE', $s);
+            $s = iconv($encoding, 'UTF-8//IGNORE', $s);
         }
 
         if (\MB_CASE_TITLE == $mode) {
@@ -301,7 +301,11 @@ final class Mbstring
                 $map = $upper;
             } else {
                 if (self::MB_CASE_FOLD === $mode) {
-                    $s = str_replace(self::CASE_FOLD[0], self::CASE_FOLD[1], $s);
+                    static $caseFolding = null;
+                    if (null === $caseFolding) {
+                        $caseFolding = self::getData('caseFolding');
+                    }
+                    $s = strtr($s, $caseFolding);
                 }
 
                 static $lower = null;
@@ -343,7 +347,7 @@ final class Mbstring
             return $s;
         }
 
-        return \iconv('UTF-8', $encoding.'//IGNORE', $s);
+        return iconv('UTF-8', $encoding.'//IGNORE', $s);
     }
 
     public static function mb_internal_encoding($encoding = null)
@@ -354,7 +358,7 @@ final class Mbstring
 
         $normalizedEncoding = self::getEncoding($encoding);
 
-        if ('UTF-8' === $normalizedEncoding || false !== @\iconv($normalizedEncoding, $normalizedEncoding, ' ')) {
+        if ('UTF-8' === $normalizedEncoding || false !== @iconv($normalizedEncoding, $normalizedEncoding, ' ')) {
             self::$internalEncoding = $normalizedEncoding;
 
             return true;
@@ -406,6 +410,12 @@ final class Mbstring
 
     public static function mb_check_encoding($var = null, $encoding = null)
     {
+        if (PHP_VERSION_ID < 70200 && \is_array($var)) {
+            trigger_error('mb_check_encoding() expects parameter 1 to be string, array given', \E_USER_WARNING);
+
+            return null;
+        }
+
         if (null === $encoding) {
             if (null === $var) {
                 return false;
@@ -413,7 +423,21 @@ final class Mbstring
             $encoding = self::$internalEncoding;
         }
 
-        return self::mb_detect_encoding($var, [$encoding]) || false !== @\iconv($encoding, $encoding, $var);
+        if (!\is_array($var)) {
+            return self::mb_detect_encoding($var, [$encoding]) || false !== @iconv($encoding, $encoding, $var);
+        }
+
+        foreach ($var as $key => $value) {
+            if (!self::mb_check_encoding($key, $encoding)) {
+                return false;
+            }
+            if (!self::mb_check_encoding($value, $encoding)) {
+                return false;
+            }
+        }
+
+        return true;
+
     }
 
     public static function mb_detect_encoding($str, $encodingList = null, $strict = false)
@@ -488,7 +512,7 @@ final class Mbstring
             return \strlen($s);
         }
 
-        return @\iconv_strlen($s, $encoding);
+        return @iconv_strlen($s, $encoding);
     }
 
     public static function mb_strpos($haystack, $needle, $offset = 0, $encoding = null)
@@ -509,7 +533,7 @@ final class Mbstring
             return 0;
         }
 
-        return \iconv_strpos($haystack, $needle, $offset, $encoding);
+        return iconv_strpos($haystack, $needle, $offset, $encoding);
     }
 
     public static function mb_strrpos($haystack, $needle, $offset = 0, $encoding = null)
@@ -533,7 +557,7 @@ final class Mbstring
         }
 
         $pos = '' !== $needle || 80000 > \PHP_VERSION_ID
-            ? \iconv_strrpos($haystack, $needle, $encoding)
+            ? iconv_strrpos($haystack, $needle, $encoding)
             : self::mb_strlen($haystack, $encoding);
 
         return false !== $pos ? $offset + $pos : false;
@@ -541,7 +565,7 @@ final class Mbstring
 
     public static function mb_str_split($string, $split_length = 1, $encoding = null)
     {
-        if (null !== $string && !is_scalar($string) && !(\is_object($string) && method_exists($string, '__toString'))) {
+        if (null !== $string && !\is_scalar($string) && !(\is_object($string) && method_exists($string, '__toString'))) {
             trigger_error('mb_str_split() expects parameter 1 to be string, '.\gettype($string).' given', \E_USER_WARNING);
 
             return null;
@@ -550,6 +574,7 @@ final class Mbstring
         if (1 > $split_length = (int) $split_length) {
             if (80000 > \PHP_VERSION_ID) {
                 trigger_error('The length of each segment must be greater than zero', \E_USER_WARNING);
+
                 return false;
             }
 
@@ -568,7 +593,7 @@ final class Mbstring
             }
             $rx .= '.{'.$split_length.'})/us';
 
-            return preg_split($rx, $string, null, \PREG_SPLIT_DELIM_CAPTURE | \PREG_SPLIT_NO_EMPTY);
+            return preg_split($rx, $string, -1, \PREG_SPLIT_DELIM_CAPTURE | \PREG_SPLIT_NO_EMPTY);
         }
 
         $result = [];
@@ -617,7 +642,7 @@ final class Mbstring
         }
 
         if ($start < 0) {
-            $start = \iconv_strlen($s, $encoding) + $start;
+            $start = iconv_strlen($s, $encoding) + $start;
             if ($start < 0) {
                 $start = 0;
             }
@@ -626,19 +651,21 @@ final class Mbstring
         if (null === $length) {
             $length = 2147483647;
         } elseif ($length < 0) {
-            $length = \iconv_strlen($s, $encoding) + $length - $start;
+            $length = iconv_strlen($s, $encoding) + $length - $start;
             if ($length < 0) {
                 return '';
             }
         }
 
-        return (string) \iconv_substr($s, $start, $length, $encoding);
+        return (string) iconv_substr($s, $start, $length, $encoding);
     }
 
     public static function mb_stripos($haystack, $needle, $offset = 0, $encoding = null)
     {
-        $haystack = self::mb_convert_case($haystack, self::MB_CASE_FOLD, $encoding);
-        $needle = self::mb_convert_case($needle, self::MB_CASE_FOLD, $encoding);
+        [$haystack, $needle] = str_replace(self::SIMPLE_CASE_FOLD[0], self::SIMPLE_CASE_FOLD[1], [
+            self::mb_convert_case($haystack, \MB_CASE_LOWER, $encoding),
+            self::mb_convert_case($needle, \MB_CASE_LOWER, $encoding),
+        ]);
 
         return self::mb_strpos($haystack, $needle, $offset, $encoding);
     }
@@ -657,7 +684,7 @@ final class Mbstring
             $pos = strrpos($haystack, $needle);
         } else {
             $needle = self::mb_substr($needle, 0, 1, $encoding);
-            $pos = \iconv_strrpos($haystack, $needle, $encoding);
+            $pos = iconv_strrpos($haystack, $needle, $encoding);
         }
 
         return self::getSubpart($pos, $part, $haystack, $encoding);
@@ -673,8 +700,11 @@ final class Mbstring
 
     public static function mb_strripos($haystack, $needle, $offset = 0, $encoding = null)
     {
-        $haystack = self::mb_convert_case($haystack, self::MB_CASE_FOLD, $encoding);
-        $needle = self::mb_convert_case($needle, self::MB_CASE_FOLD, $encoding);
+        $haystack = self::mb_convert_case($haystack, \MB_CASE_LOWER, $encoding);
+        $needle = self::mb_convert_case($needle, \MB_CASE_LOWER, $encoding);
+
+        $haystack = str_replace(self::SIMPLE_CASE_FOLD[0], self::SIMPLE_CASE_FOLD[1], $haystack);
+        $needle = str_replace(self::SIMPLE_CASE_FOLD[0], self::SIMPLE_CASE_FOLD[1], $needle);
 
         return self::mb_strrpos($haystack, $needle, $offset, $encoding);
     }
@@ -736,12 +766,12 @@ final class Mbstring
         $encoding = self::getEncoding($encoding);
 
         if ('UTF-8' !== $encoding) {
-            $s = \iconv($encoding, 'UTF-8//IGNORE', $s);
+            $s = iconv($encoding, 'UTF-8//IGNORE', $s);
         }
 
         $s = preg_replace('/[\x{1100}-\x{115F}\x{2329}\x{232A}\x{2E80}-\x{303E}\x{3040}-\x{A4CF}\x{AC00}-\x{D7A3}\x{F900}-\x{FAFF}\x{FE10}-\x{FE19}\x{FE30}-\x{FE6F}\x{FF00}-\x{FF60}\x{FFE0}-\x{FFE6}\x{20000}-\x{2FFFD}\x{30000}-\x{3FFFD}]/u', '', $s, -1, $wide);
 
-        return ($wide << 1) + \iconv_strlen($s, 'UTF-8');
+        return ($wide << 1) + iconv_strlen($s, 'UTF-8');
     }
 
     public static function mb_substr_count($haystack, $needle, $encoding = null)
@@ -797,6 +827,50 @@ final class Mbstring
         return $code;
     }
 
+    public static function mb_str_pad(string $string, int $length, string $pad_string = ' ', int $pad_type = \STR_PAD_RIGHT, string $encoding = null): string
+    {
+        if (!\in_array($pad_type, [\STR_PAD_RIGHT, \STR_PAD_LEFT, \STR_PAD_BOTH], true)) {
+            throw new \ValueError('mb_str_pad(): Argument #4 ($pad_type) must be STR_PAD_LEFT, STR_PAD_RIGHT, or STR_PAD_BOTH');
+        }
+
+        if (null === $encoding) {
+            $encoding = self::mb_internal_encoding();
+        }
+
+        try {
+            $validEncoding = @self::mb_check_encoding('', $encoding);
+        } catch (\ValueError $e) {
+            throw new \ValueError(sprintf('mb_str_pad(): Argument #5 ($encoding) must be a valid encoding, "%s" given', $encoding));
+        }
+
+        // BC for PHP 7.3 and lower
+        if (!$validEncoding) {
+            throw new \ValueError(sprintf('mb_str_pad(): Argument #5 ($encoding) must be a valid encoding, "%s" given', $encoding));
+        }
+
+        if (self::mb_strlen($pad_string, $encoding) <= 0) {
+            throw new \ValueError('mb_str_pad(): Argument #3 ($pad_string) must be a non-empty string');
+        }
+
+        $paddingRequired = $length - self::mb_strlen($string, $encoding);
+
+        if ($paddingRequired < 1) {
+            return $string;
+        }
+
+        switch ($pad_type) {
+            case \STR_PAD_LEFT:
+                return self::mb_substr(str_repeat($pad_string, $paddingRequired), 0, $paddingRequired, $encoding).$string;
+            case \STR_PAD_RIGHT:
+                return $string.self::mb_substr(str_repeat($pad_string, $paddingRequired), 0, $paddingRequired, $encoding);
+            default:
+                $leftPaddingLength = floor($paddingRequired / 2);
+                $rightPaddingLength = $paddingRequired - $leftPaddingLength;
+
+                return self::mb_substr(str_repeat($pad_string, $leftPaddingLength), 0, $leftPaddingLength, $encoding).$string.self::mb_substr(str_repeat($pad_string, $rightPaddingLength), 0, $rightPaddingLength, $encoding);
+        }
+    }
+
     private static function getSubpart($pos, $part, $haystack, $encoding)
     {
         if (false === $pos) {
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-mbstring/README.md b/data/web/inc/lib/vendor/symfony/polyfill-mbstring/README.md
index 4efb599d8..478b40da2 100644
--- a/data/web/inc/lib/vendor/symfony/polyfill-mbstring/README.md
+++ b/data/web/inc/lib/vendor/symfony/polyfill-mbstring/README.md
@@ -5,7 +5,7 @@ This component provides a partial, native PHP implementation for the
 [Mbstring](https://php.net/mbstring) extension.
 
 More information can be found in the
-[main Polyfill README](https://github.com/symfony/polyfill/blob/master/README.md).
+[main Polyfill README](https://github.com/symfony/polyfill/blob/main/README.md).
 
 License
 =======
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-mbstring/Resources/unidata/caseFolding.php b/data/web/inc/lib/vendor/symfony/polyfill-mbstring/Resources/unidata/caseFolding.php
new file mode 100644
index 000000000..512bba0bf
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/polyfill-mbstring/Resources/unidata/caseFolding.php
@@ -0,0 +1,119 @@
+<?php
+
+return [
+    'İ' => 'i̇',
+    'µ' => 'μ',
+    'ſ' => 's',
+    'ͅ' => 'ι',
+    'ς' => 'σ',
+    'ϐ' => 'β',
+    'ϑ' => 'θ',
+    'ϕ' => 'φ',
+    'ϖ' => 'π',
+    'ϰ' => 'κ',
+    'ϱ' => 'ρ',
+    'ϵ' => 'ε',
+    'ẛ' => 'ṡ',
+    'ι' => 'ι',
+    'ß' => 'ss',
+    'ʼn' => 'ʼn',
+    'ǰ' => 'ǰ',
+    'ΐ' => 'ΐ',
+    'ΰ' => 'ΰ',
+    'և' => 'եւ',
+    'ẖ' => 'ẖ',
+    'ẗ' => 'ẗ',
+    'ẘ' => 'ẘ',
+    'ẙ' => 'ẙ',
+    'ẚ' => 'aʾ',
+    'ẞ' => 'ss',
+    'ὐ' => 'ὐ',
+    'ὒ' => 'ὒ',
+    'ὔ' => 'ὔ',
+    'ὖ' => 'ὖ',
+    'ᾀ' => 'ἀι',
+    'ᾁ' => 'ἁι',
+    'ᾂ' => 'ἂι',
+    'ᾃ' => 'ἃι',
+    'ᾄ' => 'ἄι',
+    'ᾅ' => 'ἅι',
+    'ᾆ' => 'ἆι',
+    'ᾇ' => 'ἇι',
+    'ᾈ' => 'ἀι',
+    'ᾉ' => 'ἁι',
+    'ᾊ' => 'ἂι',
+    'ᾋ' => 'ἃι',
+    'ᾌ' => 'ἄι',
+    'ᾍ' => 'ἅι',
+    'ᾎ' => 'ἆι',
+    'ᾏ' => 'ἇι',
+    'ᾐ' => 'ἠι',
+    'ᾑ' => 'ἡι',
+    'ᾒ' => 'ἢι',
+    'ᾓ' => 'ἣι',
+    'ᾔ' => 'ἤι',
+    'ᾕ' => 'ἥι',
+    'ᾖ' => 'ἦι',
+    'ᾗ' => 'ἧι',
+    'ᾘ' => 'ἠι',
+    'ᾙ' => 'ἡι',
+    'ᾚ' => 'ἢι',
+    'ᾛ' => 'ἣι',
+    'ᾜ' => 'ἤι',
+    'ᾝ' => 'ἥι',
+    'ᾞ' => 'ἦι',
+    'ᾟ' => 'ἧι',
+    'ᾠ' => 'ὠι',
+    'ᾡ' => 'ὡι',
+    'ᾢ' => 'ὢι',
+    'ᾣ' => 'ὣι',
+    'ᾤ' => 'ὤι',
+    'ᾥ' => 'ὥι',
+    'ᾦ' => 'ὦι',
+    'ᾧ' => 'ὧι',
+    'ᾨ' => 'ὠι',
+    'ᾩ' => 'ὡι',
+    'ᾪ' => 'ὢι',
+    'ᾫ' => 'ὣι',
+    'ᾬ' => 'ὤι',
+    'ᾭ' => 'ὥι',
+    'ᾮ' => 'ὦι',
+    'ᾯ' => 'ὧι',
+    'ᾲ' => 'ὰι',
+    'ᾳ' => 'αι',
+    'ᾴ' => 'άι',
+    'ᾶ' => 'ᾶ',
+    'ᾷ' => 'ᾶι',
+    'ᾼ' => 'αι',
+    'ῂ' => 'ὴι',
+    'ῃ' => 'ηι',
+    'ῄ' => 'ήι',
+    'ῆ' => 'ῆ',
+    'ῇ' => 'ῆι',
+    'ῌ' => 'ηι',
+    'ῒ' => 'ῒ',
+    'ῖ' => 'ῖ',
+    'ῗ' => 'ῗ',
+    'ῢ' => 'ῢ',
+    'ῤ' => 'ῤ',
+    'ῦ' => 'ῦ',
+    'ῧ' => 'ῧ',
+    'ῲ' => 'ὼι',
+    'ῳ' => 'ωι',
+    'ῴ' => 'ώι',
+    'ῶ' => 'ῶ',
+    'ῷ' => 'ῶι',
+    'ῼ' => 'ωι',
+    'ff' => 'ff',
+    'fi' => 'fi',
+    'fl' => 'fl',
+    'ffi' => 'ffi',
+    'ffl' => 'ffl',
+    'ſt' => 'st',
+    'st' => 'st',
+    'ﬓ' => 'մն',
+    'ﬔ' => 'մե',
+    'ﬕ' => 'մի',
+    'ﬖ' => 'վն',
+    'ﬗ' => 'մխ',
+];
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-mbstring/bootstrap.php b/data/web/inc/lib/vendor/symfony/polyfill-mbstring/bootstrap.php
index 1fedd1f7c..ecf1a0352 100644
--- a/data/web/inc/lib/vendor/symfony/polyfill-mbstring/bootstrap.php
+++ b/data/web/inc/lib/vendor/symfony/polyfill-mbstring/bootstrap.php
@@ -132,6 +132,10 @@ if (!function_exists('mb_str_split')) {
     function mb_str_split($string, $length = 1, $encoding = null) { return p\Mbstring::mb_str_split($string, $length, $encoding); }
 }
 
+if (!function_exists('mb_str_pad')) {
+    function mb_str_pad(string $string, int $length, string $pad_string = ' ', int $pad_type = STR_PAD_RIGHT, ?string $encoding = null): string { return p\Mbstring::mb_str_pad($string, $length, $pad_string, $pad_type, $encoding); }
+}
+
 if (extension_loaded('mbstring')) {
     return;
 }
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-mbstring/bootstrap80.php b/data/web/inc/lib/vendor/symfony/polyfill-mbstring/bootstrap80.php
index 82f5ac4d0..2f9fb5b42 100644
--- a/data/web/inc/lib/vendor/symfony/polyfill-mbstring/bootstrap80.php
+++ b/data/web/inc/lib/vendor/symfony/polyfill-mbstring/bootstrap80.php
@@ -128,6 +128,10 @@ if (!function_exists('mb_str_split')) {
     function mb_str_split(?string $string, ?int $length = 1, ?string $encoding = null): array { return p\Mbstring::mb_str_split((string) $string, (int) $length, $encoding); }
 }
 
+if (!function_exists('mb_str_pad')) {
+    function mb_str_pad(string $string, int $length, string $pad_string = ' ', int $pad_type = STR_PAD_RIGHT, ?string $encoding = null): string { return p\Mbstring::mb_str_pad($string, $length, $pad_string, $pad_type, $encoding); }
+}
+
 if (extension_loaded('mbstring')) {
     return;
 }
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-mbstring/composer.json b/data/web/inc/lib/vendor/symfony/polyfill-mbstring/composer.json
index 1fa21ca16..bd99d4b9d 100644
--- a/data/web/inc/lib/vendor/symfony/polyfill-mbstring/composer.json
+++ b/data/web/inc/lib/vendor/symfony/polyfill-mbstring/composer.json
@@ -30,9 +30,6 @@
     },
     "minimum-stability": "dev",
     "extra": {
-        "branch-alias": {
-            "dev-main": "1.23-dev"
-        },
         "thanks": {
             "name": "symfony/polyfill",
             "url": "https://github.com/symfony/polyfill"
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-php80/LICENSE b/data/web/inc/lib/vendor/symfony/polyfill-php80/LICENSE
index 5593b1d84..0ed3a2465 100644
--- a/data/web/inc/lib/vendor/symfony/polyfill-php80/LICENSE
+++ b/data/web/inc/lib/vendor/symfony/polyfill-php80/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2020 Fabien Potencier
+Copyright (c) 2020-present Fabien Potencier
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-php80/Php80.php b/data/web/inc/lib/vendor/symfony/polyfill-php80/Php80.php
index 5fef51184..362dd1a95 100644
--- a/data/web/inc/lib/vendor/symfony/polyfill-php80/Php80.php
+++ b/data/web/inc/lib/vendor/symfony/polyfill-php80/Php80.php
@@ -100,6 +100,16 @@ final class Php80
 
     public static function str_ends_with(string $haystack, string $needle): bool
     {
-        return '' === $needle || ('' !== $haystack && 0 === substr_compare($haystack, $needle, -\strlen($needle)));
+        if ('' === $needle || $needle === $haystack) {
+            return true;
+        }
+
+        if ('' === $haystack) {
+            return false;
+        }
+
+        $needleLength = \strlen($needle);
+
+        return $needleLength <= \strlen($haystack) && 0 === substr_compare($haystack, $needle, -$needleLength);
     }
 }
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-php80/PhpToken.php b/data/web/inc/lib/vendor/symfony/polyfill-php80/PhpToken.php
new file mode 100644
index 000000000..fe6e69105
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/polyfill-php80/PhpToken.php
@@ -0,0 +1,103 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Polyfill\Php80;
+
+/**
+ * @author Fedonyuk Anton <info@ensostudio.ru>
+ *
+ * @internal
+ */
+class PhpToken implements \Stringable
+{
+    /**
+     * @var int
+     */
+    public $id;
+
+    /**
+     * @var string
+     */
+    public $text;
+
+    /**
+     * @var int
+     */
+    public $line;
+
+    /**
+     * @var int
+     */
+    public $pos;
+
+    public function __construct(int $id, string $text, int $line = -1, int $position = -1)
+    {
+        $this->id = $id;
+        $this->text = $text;
+        $this->line = $line;
+        $this->pos = $position;
+    }
+
+    public function getTokenName(): ?string
+    {
+        if ('UNKNOWN' === $name = token_name($this->id)) {
+            $name = \strlen($this->text) > 1 || \ord($this->text) < 32 ? null : $this->text;
+        }
+
+        return $name;
+    }
+
+    /**
+     * @param int|string|array $kind
+     */
+    public function is($kind): bool
+    {
+        foreach ((array) $kind as $value) {
+            if (\in_array($value, [$this->id, $this->text], true)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    public function isIgnorable(): bool
+    {
+        return \in_array($this->id, [\T_WHITESPACE, \T_COMMENT, \T_DOC_COMMENT, \T_OPEN_TAG], true);
+    }
+
+    public function __toString(): string
+    {
+        return (string) $this->text;
+    }
+
+    /**
+     * @return static[]
+     */
+    public static function tokenize(string $code, int $flags = 0): array
+    {
+        $line = 1;
+        $position = 0;
+        $tokens = token_get_all($code, $flags);
+        foreach ($tokens as $index => $token) {
+            if (\is_string($token)) {
+                $id = \ord($token);
+                $text = $token;
+            } else {
+                [$id, $text, $line] = $token;
+            }
+            $tokens[$index] = new static($id, $text, $line, $position);
+            $position += \strlen($text);
+        }
+
+        return $tokens;
+    }
+}
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-php80/README.md b/data/web/inc/lib/vendor/symfony/polyfill-php80/README.md
index 10b8ee49a..3816c559d 100644
--- a/data/web/inc/lib/vendor/symfony/polyfill-php80/README.md
+++ b/data/web/inc/lib/vendor/symfony/polyfill-php80/README.md
@@ -3,12 +3,13 @@ Symfony Polyfill / Php80
 
 This component provides features added to PHP 8.0 core:
 
-- `Stringable` interface
+- [`Stringable`](https://php.net/stringable) interface
 - [`fdiv`](https://php.net/fdiv)
-- `ValueError` class
-- `UnhandledMatchError` class
+- [`ValueError`](https://php.net/valueerror) class
+- [`UnhandledMatchError`](https://php.net/unhandledmatcherror) class
 - `FILTER_VALIDATE_BOOL` constant
 - [`get_debug_type`](https://php.net/get_debug_type)
+- [`PhpToken`](https://php.net/phptoken) class
 - [`preg_last_error_msg`](https://php.net/preg_last_error_msg)
 - [`str_contains`](https://php.net/str_contains)
 - [`str_starts_with`](https://php.net/str_starts_with)
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-php80/Resources/stubs/Attribute.php b/data/web/inc/lib/vendor/symfony/polyfill-php80/Resources/stubs/Attribute.php
index 7ea6d2772..2b955423f 100644
--- a/data/web/inc/lib/vendor/symfony/polyfill-php80/Resources/stubs/Attribute.php
+++ b/data/web/inc/lib/vendor/symfony/polyfill-php80/Resources/stubs/Attribute.php
@@ -1,5 +1,14 @@
 <?php
 
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
 #[Attribute(Attribute::TARGET_CLASS)]
 final class Attribute
 {
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-php80/Resources/stubs/PhpToken.php b/data/web/inc/lib/vendor/symfony/polyfill-php80/Resources/stubs/PhpToken.php
new file mode 100644
index 000000000..bd1212f6e
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/polyfill-php80/Resources/stubs/PhpToken.php
@@ -0,0 +1,16 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+if (\PHP_VERSION_ID < 80000 && extension_loaded('tokenizer')) {
+    class PhpToken extends Symfony\Polyfill\Php80\PhpToken
+    {
+    }
+}
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-php80/Resources/stubs/Stringable.php b/data/web/inc/lib/vendor/symfony/polyfill-php80/Resources/stubs/Stringable.php
index 77e037cb5..7c62d7508 100644
--- a/data/web/inc/lib/vendor/symfony/polyfill-php80/Resources/stubs/Stringable.php
+++ b/data/web/inc/lib/vendor/symfony/polyfill-php80/Resources/stubs/Stringable.php
@@ -1,5 +1,14 @@
 <?php
 
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
 if (\PHP_VERSION_ID < 80000) {
     interface Stringable
     {
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-php80/Resources/stubs/UnhandledMatchError.php b/data/web/inc/lib/vendor/symfony/polyfill-php80/Resources/stubs/UnhandledMatchError.php
index 37937cbfa..01c6c6c8a 100644
--- a/data/web/inc/lib/vendor/symfony/polyfill-php80/Resources/stubs/UnhandledMatchError.php
+++ b/data/web/inc/lib/vendor/symfony/polyfill-php80/Resources/stubs/UnhandledMatchError.php
@@ -1,5 +1,14 @@
 <?php
 
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
 if (\PHP_VERSION_ID < 80000) {
     class UnhandledMatchError extends Error
     {
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-php80/Resources/stubs/ValueError.php b/data/web/inc/lib/vendor/symfony/polyfill-php80/Resources/stubs/ValueError.php
index a3a9b88b0..783dbc28c 100644
--- a/data/web/inc/lib/vendor/symfony/polyfill-php80/Resources/stubs/ValueError.php
+++ b/data/web/inc/lib/vendor/symfony/polyfill-php80/Resources/stubs/ValueError.php
@@ -1,5 +1,14 @@
 <?php
 
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
 if (\PHP_VERSION_ID < 80000) {
     class ValueError extends Error
     {
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-php80/composer.json b/data/web/inc/lib/vendor/symfony/polyfill-php80/composer.json
index 5fe679db3..46ccde203 100644
--- a/data/web/inc/lib/vendor/symfony/polyfill-php80/composer.json
+++ b/data/web/inc/lib/vendor/symfony/polyfill-php80/composer.json
@@ -29,9 +29,6 @@
     },
     "minimum-stability": "dev",
     "extra": {
-        "branch-alias": {
-            "dev-main": "1.23-dev"
-        },
         "thanks": {
             "name": "symfony/polyfill",
             "url": "https://github.com/symfony/polyfill"
diff --git a/data/web/inc/lib/vendor/symfony/translation-contracts/.gitignore b/data/web/inc/lib/vendor/symfony/translation-contracts/.gitignore
deleted file mode 100644
index c49a5d8df..000000000
--- a/data/web/inc/lib/vendor/symfony/translation-contracts/.gitignore
+++ /dev/null
@@ -1,3 +0,0 @@
-vendor/
-composer.lock
-phpunit.xml
diff --git a/data/web/inc/lib/vendor/symfony/translation-contracts/LICENSE b/data/web/inc/lib/vendor/symfony/translation-contracts/LICENSE
index 235841453..7536caeae 100644
--- a/data/web/inc/lib/vendor/symfony/translation-contracts/LICENSE
+++ b/data/web/inc/lib/vendor/symfony/translation-contracts/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2018-2021 Fabien Potencier
+Copyright (c) 2018-present Fabien Potencier
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/data/web/inc/lib/vendor/symfony/translation-contracts/LocaleAwareInterface.php b/data/web/inc/lib/vendor/symfony/translation-contracts/LocaleAwareInterface.php
index 6923b977e..db40ba13e 100644
--- a/data/web/inc/lib/vendor/symfony/translation-contracts/LocaleAwareInterface.php
+++ b/data/web/inc/lib/vendor/symfony/translation-contracts/LocaleAwareInterface.php
@@ -16,6 +16,8 @@ interface LocaleAwareInterface
     /**
      * Sets the current locale.
      *
+     * @return void
+     *
      * @throws \InvalidArgumentException If the locale contains invalid characters
      */
     public function setLocale(string $locale);
diff --git a/data/web/inc/lib/vendor/symfony/translation-contracts/README.md b/data/web/inc/lib/vendor/symfony/translation-contracts/README.md
index 42e5c5175..b211d5849 100644
--- a/data/web/inc/lib/vendor/symfony/translation-contracts/README.md
+++ b/data/web/inc/lib/vendor/symfony/translation-contracts/README.md
@@ -3,7 +3,7 @@ Symfony Translation Contracts
 
 A set of abstractions extracted out of the Symfony components.
 
-Can be used to build on semantics that the Symfony components proved useful - and
+Can be used to build on semantics that the Symfony components proved useful and
 that already have battle tested implementations.
 
 See https://github.com/symfony/contracts/blob/main/README.md for more information.
diff --git a/data/web/inc/lib/vendor/symfony/translation-contracts/Test/TranslatorTest.php b/data/web/inc/lib/vendor/symfony/translation-contracts/Test/TranslatorTest.php
index c2c30a917..756228af5 100644
--- a/data/web/inc/lib/vendor/symfony/translation-contracts/Test/TranslatorTest.php
+++ b/data/web/inc/lib/vendor/symfony/translation-contracts/Test/TranslatorTest.php
@@ -30,7 +30,7 @@ use Symfony\Contracts\Translation\TranslatorTrait;
  */
 class TranslatorTest extends TestCase
 {
-    private $defaultLocale;
+    private string $defaultLocale;
 
     protected function setUp(): void
     {
@@ -114,7 +114,7 @@ class TranslatorTest extends TestCase
         $this->assertEquals('en', $translator->getLocale());
     }
 
-    public function getTransTests()
+    public static function getTransTests()
     {
         return [
             ['Symfony is great!', 'Symfony is great!', []],
@@ -122,7 +122,7 @@ class TranslatorTest extends TestCase
         ];
     }
 
-    public function getTransChoiceTests()
+    public static function getTransChoiceTests()
     {
         return [
             ['There are no apples', '{0} There are no apples|{1} There is one apple|]1,Inf] There are %count% apples', 0],
@@ -137,7 +137,7 @@ class TranslatorTest extends TestCase
     }
 
     /**
-     * @dataProvider getInternal
+     * @dataProvider getInterval
      */
     public function testInterval($expected, $number, $interval)
     {
@@ -146,7 +146,7 @@ class TranslatorTest extends TestCase
         $this->assertEquals($expected, $translator->trans($interval.' foo|[1,Inf[ bar', ['%count%' => $number]));
     }
 
-    public function getInternal()
+    public static function getInterval()
     {
         return [
             ['foo', 3, '{1,2, 3 ,4}'],
@@ -183,13 +183,14 @@ class TranslatorTest extends TestCase
      */
     public function testThrowExceptionIfMatchingMessageCannotBeFound($id, $number)
     {
-        $this->expectException(\InvalidArgumentException::class);
         $translator = $this->getTranslator();
 
+        $this->expectException(\InvalidArgumentException::class);
+
         $translator->trans($id, ['%count%' => $number]);
     }
 
-    public function getNonMatchingMessages()
+    public static function getNonMatchingMessages()
     {
         return [
             ['{0} There are no apples|{1} There is one apple', 2],
@@ -199,7 +200,7 @@ class TranslatorTest extends TestCase
         ];
     }
 
-    public function getChooseTests()
+    public static function getChooseTests()
     {
         return [
             ['There are no apples', '{0} There are no apples|{1} There is one apple|]1,Inf] There are %count% apples', 0],
@@ -255,13 +256,13 @@ class TranslatorTest extends TestCase
             new-line in it. Selector = 0.|{1}This is a text with a
             new-line in it. Selector = 1.|[1,Inf]This is a text with a
             new-line in it. Selector > 1.', 5],
-            // with double-quotes and id split accros lines
+            // with double-quotes and id split across lines
             ['This is a text with a
             new-line in it. Selector = 1.', '{0}This is a text with a
             new-line in it. Selector = 0.|{1}This is a text with a
             new-line in it. Selector = 1.|[1,Inf]This is a text with a
             new-line in it. Selector > 1.', 1],
-            // with single-quotes and id split accros lines
+            // with single-quotes and id split across lines
             ['This is a text with a
             new-line in it. Selector > 1.', '{0}This is a text with a
             new-line in it. Selector = 0.|{1}This is a text with a
@@ -269,9 +270,9 @@ class TranslatorTest extends TestCase
             new-line in it. Selector > 1.', 5],
             // with single-quotes and \n in text
             ['This is a text with a\nnew-line in it. Selector = 0.', '{0}This is a text with a\nnew-line in it. Selector = 0.|{1}This is a text with a\nnew-line in it. Selector = 1.|[1,Inf]This is a text with a\nnew-line in it. Selector > 1.', 0],
-            // with double-quotes and id split accros lines
+            // with double-quotes and id split across lines
             ["This is a text with a\nnew-line in it. Selector = 1.", "{0}This is a text with a\nnew-line in it. Selector = 0.|{1}This is a text with a\nnew-line in it. Selector = 1.|[1,Inf]This is a text with a\nnew-line in it. Selector > 1.", 1],
-            // esacape pipe
+            // escape pipe
             ['This is a text with | in it. Selector = 0.', '{0}This is a text with || in it. Selector = 0.|{1}This is a text with || in it. Selector = 1.', 0],
             // Empty plural set (2 plural forms) from a .PO file
             ['', '|', 1],
@@ -315,7 +316,7 @@ class TranslatorTest extends TestCase
      *
      * As it is impossible to have this ever complete we should try as hard as possible to have it almost complete.
      */
-    public function successLangcodes(): array
+    public static function successLangcodes(): array
     {
         return [
             ['1', ['ay', 'bo', 'cgg', 'dz', 'id', 'ja', 'jbo', 'ka', 'kk', 'km', 'ko', 'ky']],
@@ -334,7 +335,7 @@ class TranslatorTest extends TestCase
      *
      * @return array with nplural together with langcodes
      */
-    public function failingLangcodes(): array
+    public static function failingLangcodes(): array
     {
         return [
             ['1', ['fa']],
@@ -356,7 +357,7 @@ class TranslatorTest extends TestCase
         foreach ($matrix as $langCode => $data) {
             $indexes = array_flip($data);
             if ($expectSuccess) {
-                $this->assertEquals($nplural, \count($indexes), "Langcode '$langCode' has '$nplural' plural forms.");
+                $this->assertCount($nplural, $indexes, "Langcode '$langCode' has '$nplural' plural forms.");
             } else {
                 $this->assertNotEquals((int) $nplural, \count($indexes), "Langcode '$langCode' has '$nplural' plural forms.");
             }
diff --git a/data/web/inc/lib/vendor/symfony/translation-contracts/TranslatorTrait.php b/data/web/inc/lib/vendor/symfony/translation-contracts/TranslatorTrait.php
index 9c264bd29..e3b0adff0 100644
--- a/data/web/inc/lib/vendor/symfony/translation-contracts/TranslatorTrait.php
+++ b/data/web/inc/lib/vendor/symfony/translation-contracts/TranslatorTrait.php
@@ -23,24 +23,18 @@ trait TranslatorTrait
     private ?string $locale = null;
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function setLocale(string $locale)
     {
         $this->locale = $locale;
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function getLocale(): string
     {
         return $this->locale ?: (class_exists(\Locale::class) ? \Locale::getDefault() : 'en');
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function trans(?string $id, array $parameters = [], string $domain = null, string $locale = null): string
     {
         if (null === $id || '' === $id) {
@@ -140,121 +134,92 @@ EOF;
     {
         $number = abs($number);
 
-        switch ('pt_BR' !== $locale && 'en_US_POSIX' !== $locale && \strlen($locale) > 3 ? substr($locale, 0, strrpos($locale, '_')) : $locale) {
-            case 'af':
-            case 'bn':
-            case 'bg':
-            case 'ca':
-            case 'da':
-            case 'de':
-            case 'el':
-            case 'en':
-            case 'en_US_POSIX':
-            case 'eo':
-            case 'es':
-            case 'et':
-            case 'eu':
-            case 'fa':
-            case 'fi':
-            case 'fo':
-            case 'fur':
-            case 'fy':
-            case 'gl':
-            case 'gu':
-            case 'ha':
-            case 'he':
-            case 'hu':
-            case 'is':
-            case 'it':
-            case 'ku':
-            case 'lb':
-            case 'ml':
-            case 'mn':
-            case 'mr':
-            case 'nah':
-            case 'nb':
-            case 'ne':
-            case 'nl':
-            case 'nn':
-            case 'no':
-            case 'oc':
-            case 'om':
-            case 'or':
-            case 'pa':
-            case 'pap':
-            case 'ps':
-            case 'pt':
-            case 'so':
-            case 'sq':
-            case 'sv':
-            case 'sw':
-            case 'ta':
-            case 'te':
-            case 'tk':
-            case 'ur':
-            case 'zu':
-                return (1 == $number) ? 0 : 1;
-
-            case 'am':
-            case 'bh':
-            case 'fil':
-            case 'fr':
-            case 'gun':
-            case 'hi':
-            case 'hy':
-            case 'ln':
-            case 'mg':
-            case 'nso':
-            case 'pt_BR':
-            case 'ti':
-            case 'wa':
-                return ($number < 2) ? 0 : 1;
-
-            case 'be':
-            case 'bs':
-            case 'hr':
-            case 'ru':
-            case 'sh':
-            case 'sr':
-            case 'uk':
-                return ((1 == $number % 10) && (11 != $number % 100)) ? 0 : ((($number % 10 >= 2) && ($number % 10 <= 4) && (($number % 100 < 10) || ($number % 100 >= 20))) ? 1 : 2);
-
-            case 'cs':
-            case 'sk':
-                return (1 == $number) ? 0 : ((($number >= 2) && ($number <= 4)) ? 1 : 2);
-
-            case 'ga':
-                return (1 == $number) ? 0 : ((2 == $number) ? 1 : 2);
-
-            case 'lt':
-                return ((1 == $number % 10) && (11 != $number % 100)) ? 0 : ((($number % 10 >= 2) && (($number % 100 < 10) || ($number % 100 >= 20))) ? 1 : 2);
-
-            case 'sl':
-                return (1 == $number % 100) ? 0 : ((2 == $number % 100) ? 1 : (((3 == $number % 100) || (4 == $number % 100)) ? 2 : 3));
-
-            case 'mk':
-                return (1 == $number % 10) ? 0 : 1;
-
-            case 'mt':
-                return (1 == $number) ? 0 : (((0 == $number) || (($number % 100 > 1) && ($number % 100 < 11))) ? 1 : ((($number % 100 > 10) && ($number % 100 < 20)) ? 2 : 3));
-
-            case 'lv':
-                return (0 == $number) ? 0 : (((1 == $number % 10) && (11 != $number % 100)) ? 1 : 2);
-
-            case 'pl':
-                return (1 == $number) ? 0 : ((($number % 10 >= 2) && ($number % 10 <= 4) && (($number % 100 < 12) || ($number % 100 > 14))) ? 1 : 2);
-
-            case 'cy':
-                return (1 == $number) ? 0 : ((2 == $number) ? 1 : (((8 == $number) || (11 == $number)) ? 2 : 3));
-
-            case 'ro':
-                return (1 == $number) ? 0 : (((0 == $number) || (($number % 100 > 0) && ($number % 100 < 20))) ? 1 : 2);
-
-            case 'ar':
-                return (0 == $number) ? 0 : ((1 == $number) ? 1 : ((2 == $number) ? 2 : ((($number % 100 >= 3) && ($number % 100 <= 10)) ? 3 : ((($number % 100 >= 11) && ($number % 100 <= 99)) ? 4 : 5))));
-
-            default:
-                return 0;
-        }
+        return match ('pt_BR' !== $locale && 'en_US_POSIX' !== $locale && \strlen($locale) > 3 ? substr($locale, 0, strrpos($locale, '_')) : $locale) {
+            'af',
+            'bn',
+            'bg',
+            'ca',
+            'da',
+            'de',
+            'el',
+            'en',
+            'en_US_POSIX',
+            'eo',
+            'es',
+            'et',
+            'eu',
+            'fa',
+            'fi',
+            'fo',
+            'fur',
+            'fy',
+            'gl',
+            'gu',
+            'ha',
+            'he',
+            'hu',
+            'is',
+            'it',
+            'ku',
+            'lb',
+            'ml',
+            'mn',
+            'mr',
+            'nah',
+            'nb',
+            'ne',
+            'nl',
+            'nn',
+            'no',
+            'oc',
+            'om',
+            'or',
+            'pa',
+            'pap',
+            'ps',
+            'pt',
+            'so',
+            'sq',
+            'sv',
+            'sw',
+            'ta',
+            'te',
+            'tk',
+            'ur',
+            'zu' => (1 == $number) ? 0 : 1,
+            'am',
+            'bh',
+            'fil',
+            'fr',
+            'gun',
+            'hi',
+            'hy',
+            'ln',
+            'mg',
+            'nso',
+            'pt_BR',
+            'ti',
+            'wa' => ($number < 2) ? 0 : 1,
+            'be',
+            'bs',
+            'hr',
+            'ru',
+            'sh',
+            'sr',
+            'uk' => ((1 == $number % 10) && (11 != $number % 100)) ? 0 : ((($number % 10 >= 2) && ($number % 10 <= 4) && (($number % 100 < 10) || ($number % 100 >= 20))) ? 1 : 2),
+            'cs',
+            'sk' => (1 == $number) ? 0 : ((($number >= 2) && ($number <= 4)) ? 1 : 2),
+            'ga' => (1 == $number) ? 0 : ((2 == $number) ? 1 : 2),
+            'lt' => ((1 == $number % 10) && (11 != $number % 100)) ? 0 : ((($number % 10 >= 2) && (($number % 100 < 10) || ($number % 100 >= 20))) ? 1 : 2),
+            'sl' => (1 == $number % 100) ? 0 : ((2 == $number % 100) ? 1 : (((3 == $number % 100) || (4 == $number % 100)) ? 2 : 3)),
+            'mk' => (1 == $number % 10) ? 0 : 1,
+            'mt' => (1 == $number) ? 0 : (((0 == $number) || (($number % 100 > 1) && ($number % 100 < 11))) ? 1 : ((($number % 100 > 10) && ($number % 100 < 20)) ? 2 : 3)),
+            'lv' => (0 == $number) ? 0 : (((1 == $number % 10) && (11 != $number % 100)) ? 1 : 2),
+            'pl' => (1 == $number) ? 0 : ((($number % 10 >= 2) && ($number % 10 <= 4) && (($number % 100 < 12) || ($number % 100 > 14))) ? 1 : 2),
+            'cy' => (1 == $number) ? 0 : ((2 == $number) ? 1 : (((8 == $number) || (11 == $number)) ? 2 : 3)),
+            'ro' => (1 == $number) ? 0 : (((0 == $number) || (($number % 100 > 0) && ($number % 100 < 20))) ? 1 : 2),
+            'ar' => (0 == $number) ? 0 : ((1 == $number) ? 1 : ((2 == $number) ? 2 : ((($number % 100 >= 3) && ($number % 100 <= 10)) ? 3 : ((($number % 100 >= 11) && ($number % 100 <= 99)) ? 4 : 5)))),
+            default => 0,
+        };
     }
 }
diff --git a/data/web/inc/lib/vendor/symfony/translation-contracts/composer.json b/data/web/inc/lib/vendor/symfony/translation-contracts/composer.json
index 875242f6d..213b5cda8 100644
--- a/data/web/inc/lib/vendor/symfony/translation-contracts/composer.json
+++ b/data/web/inc/lib/vendor/symfony/translation-contracts/composer.json
@@ -16,18 +16,18 @@
         }
     ],
     "require": {
-        "php": ">=8.0.2"
-    },
-    "suggest": {
-        "symfony/translation-implementation": ""
+        "php": ">=8.1"
     },
     "autoload": {
-        "psr-4": { "Symfony\\Contracts\\Translation\\": "" }
+        "psr-4": { "Symfony\\Contracts\\Translation\\": "" },
+        "exclude-from-classmap": [
+            "/Test/"
+        ]
     },
     "minimum-stability": "dev",
     "extra": {
         "branch-alias": {
-            "dev-main": "3.0-dev"
+            "dev-main": "3.4-dev"
         },
         "thanks": {
             "name": "symfony/contracts",
diff --git a/data/web/inc/lib/vendor/symfony/translation/CHANGELOG.md b/data/web/inc/lib/vendor/symfony/translation/CHANGELOG.md
index 160b5e694..5f9098c07 100644
--- a/data/web/inc/lib/vendor/symfony/translation/CHANGELOG.md
+++ b/data/web/inc/lib/vendor/symfony/translation/CHANGELOG.md
@@ -1,6 +1,35 @@
 CHANGELOG
 =========
 
+6.4
+---
+
+ * Give current locale to `LocaleSwitcher::runWithLocale()`'s callback
+ * Add `--as-tree` option to `translation:pull` command to write YAML messages as a tree-like structure
+ * [BC BREAK] Add argument `$buildDir` to `DataCollectorTranslator::warmUp()`
+ * Add `DataCollectorTranslatorPass` and `LoggingTranslatorPass`  (moved from `FrameworkBundle`)
+ * Add `PhraseTranslationProvider`
+
+6.2.7
+-----
+
+ * [BC BREAK] The following data providers for `ProviderFactoryTestCase` are now static:
+   `supportsProvider()`, `createProvider()`, `unsupportedSchemeProvider()`and `incompleteDsnProvider()`
+ * [BC BREAK] `ProviderTestCase::toStringProvider()` is now static
+
+6.2
+---
+
+ * Deprecate `PhpStringTokenParser`
+ * Deprecate `PhpExtractor` in favor of `PhpAstExtractor`
+ * Add `PhpAstExtractor` (requires [nikic/php-parser](https://github.com/nikic/php-parser) to be installed)
+
+6.1
+---
+
+ * Parameters implementing `TranslatableInterface` are processed
+ * Add the file extension to the `XliffFileDumper` constructor
+
 5.4
 ---
 
diff --git a/data/web/inc/lib/vendor/symfony/translation/Catalogue/AbstractOperation.php b/data/web/inc/lib/vendor/symfony/translation/Catalogue/AbstractOperation.php
index 43a52fab2..7dff58ff4 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Catalogue/AbstractOperation.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Catalogue/AbstractOperation.php
@@ -34,11 +34,6 @@ abstract class AbstractOperation implements OperationInterface
     protected $target;
     protected $result;
 
-    /**
-     * @var array|null The domains affected by this operation
-     */
-    private $domains;
-
     /**
      * This array stores 'all', 'new' and 'obsolete' messages for all valid domains.
      *
@@ -62,6 +57,8 @@ abstract class AbstractOperation implements OperationInterface
      */
     protected $messages;
 
+    private array $domains;
+
     /**
      * @throws LogicException
      */
@@ -77,12 +74,9 @@ abstract class AbstractOperation implements OperationInterface
         $this->messages = [];
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function getDomains(): array
     {
-        if (null === $this->domains) {
+        if (!isset($this->domains)) {
             $domains = [];
             foreach ([$this->source, $this->target] as $catalogue) {
                 foreach ($catalogue->getDomains() as $domain) {
@@ -100,9 +94,6 @@ abstract class AbstractOperation implements OperationInterface
         return $this->domains;
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function getMessages(string $domain): array
     {
         if (!\in_array($domain, $this->getDomains())) {
@@ -116,9 +107,6 @@ abstract class AbstractOperation implements OperationInterface
         return $this->messages[$domain][self::ALL_BATCH];
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function getNewMessages(string $domain): array
     {
         if (!\in_array($domain, $this->getDomains())) {
@@ -132,9 +120,6 @@ abstract class AbstractOperation implements OperationInterface
         return $this->messages[$domain][self::NEW_BATCH];
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function getObsoleteMessages(string $domain): array
     {
         if (!\in_array($domain, $this->getDomains())) {
@@ -148,9 +133,6 @@ abstract class AbstractOperation implements OperationInterface
         return $this->messages[$domain][self::OBSOLETE_BATCH];
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function getResult(): MessageCatalogueInterface
     {
         foreach ($this->getDomains() as $domain) {
@@ -174,12 +156,12 @@ abstract class AbstractOperation implements OperationInterface
 
         foreach ($this->getDomains() as $domain) {
             $intlDomain = $domain.MessageCatalogueInterface::INTL_DOMAIN_SUFFIX;
-            switch ($batch) {
-                case self::OBSOLETE_BATCH: $messages = $this->getObsoleteMessages($domain); break;
-                case self::NEW_BATCH: $messages = $this->getNewMessages($domain); break;
-                case self::ALL_BATCH: $messages = $this->getMessages($domain); break;
-                default: throw new \InvalidArgumentException(sprintf('$batch argument must be one of ["%s", "%s", "%s"].', self::ALL_BATCH, self::NEW_BATCH, self::OBSOLETE_BATCH));
-            }
+            $messages = match ($batch) {
+                self::OBSOLETE_BATCH => $this->getObsoleteMessages($domain),
+                self::NEW_BATCH => $this->getNewMessages($domain),
+                self::ALL_BATCH => $this->getMessages($domain),
+                default => throw new \InvalidArgumentException(sprintf('$batch argument must be one of ["%s", "%s", "%s"].', self::ALL_BATCH, self::NEW_BATCH, self::OBSOLETE_BATCH)),
+            };
 
             if (!$messages || (!$this->source->all($intlDomain) && $this->source->all($domain))) {
                 continue;
@@ -198,6 +180,8 @@ abstract class AbstractOperation implements OperationInterface
      * stores the results.
      *
      * @param string $domain The domain which the operation will be performed for
+     *
+     * @return void
      */
     abstract protected function processDomain(string $domain);
 }
diff --git a/data/web/inc/lib/vendor/symfony/translation/Catalogue/MergeOperation.php b/data/web/inc/lib/vendor/symfony/translation/Catalogue/MergeOperation.php
index 87db2fb03..1b777a843 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Catalogue/MergeOperation.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Catalogue/MergeOperation.php
@@ -25,7 +25,7 @@ use Symfony\Component\Translation\MessageCatalogueInterface;
 class MergeOperation extends AbstractOperation
 {
     /**
-     * {@inheritdoc}
+     * @return void
      */
     protected function processDomain(string $domain)
     {
@@ -36,6 +36,18 @@ class MergeOperation extends AbstractOperation
         ];
         $intlDomain = $domain.MessageCatalogueInterface::INTL_DOMAIN_SUFFIX;
 
+        foreach ($this->target->getCatalogueMetadata('', $domain) ?? [] as $key => $value) {
+            if (null === $this->result->getCatalogueMetadata($key, $domain)) {
+                $this->result->setCatalogueMetadata($key, $value, $domain);
+            }
+        }
+
+        foreach ($this->target->getCatalogueMetadata('', $intlDomain) ?? [] as $key => $value) {
+            if (null === $this->result->getCatalogueMetadata($key, $intlDomain)) {
+                $this->result->setCatalogueMetadata($key, $value, $intlDomain);
+            }
+        }
+
         foreach ($this->source->all($domain) as $id => $message) {
             $this->messages[$domain]['all'][$id] = $message;
             $d = $this->source->defines($id, $intlDomain) ? $intlDomain : $domain;
diff --git a/data/web/inc/lib/vendor/symfony/translation/Catalogue/TargetOperation.php b/data/web/inc/lib/vendor/symfony/translation/Catalogue/TargetOperation.php
index 682b5752f..2c0ec722e 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Catalogue/TargetOperation.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Catalogue/TargetOperation.php
@@ -26,7 +26,7 @@ use Symfony\Component\Translation\MessageCatalogueInterface;
 class TargetOperation extends AbstractOperation
 {
     /**
-     * {@inheritdoc}
+     * @return void
      */
     protected function processDomain(string $domain)
     {
@@ -37,6 +37,18 @@ class TargetOperation extends AbstractOperation
         ];
         $intlDomain = $domain.MessageCatalogueInterface::INTL_DOMAIN_SUFFIX;
 
+        foreach ($this->target->getCatalogueMetadata('', $domain) ?? [] as $key => $value) {
+            if (null === $this->result->getCatalogueMetadata($key, $domain)) {
+                $this->result->setCatalogueMetadata($key, $value, $domain);
+            }
+        }
+
+        foreach ($this->target->getCatalogueMetadata('', $intlDomain) ?? [] as $key => $value) {
+            if (null === $this->result->getCatalogueMetadata($key, $intlDomain)) {
+                $this->result->setCatalogueMetadata($key, $value, $intlDomain);
+            }
+        }
+
         // For 'all' messages, the code can't be simplified as ``$this->messages[$domain]['all'] = $target->all($domain);``,
         // because doing so will drop messages like {x: x ∈ source ∧ x ∉ target.all ∧ x ∈ target.fallback}
         //
diff --git a/data/web/inc/lib/vendor/symfony/translation/CatalogueMetadataAwareInterface.php b/data/web/inc/lib/vendor/symfony/translation/CatalogueMetadataAwareInterface.php
new file mode 100644
index 000000000..c845959f1
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/translation/CatalogueMetadataAwareInterface.php
@@ -0,0 +1,48 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Translation;
+
+/**
+ * This interface is used to get, set, and delete metadata about the Catalogue.
+ *
+ * @author Hugo Alliaume <hugo@alliau.me>
+ */
+interface CatalogueMetadataAwareInterface
+{
+    /**
+     * Gets catalogue metadata for the given domain and key.
+     *
+     * Passing an empty domain will return an array with all catalogue metadata indexed by
+     * domain and then by key. Passing an empty key will return an array with all
+     * catalogue metadata for the given domain.
+     *
+     * @return mixed The value that was set or an array with the domains/keys or null
+     */
+    public function getCatalogueMetadata(string $key = '', string $domain = 'messages'): mixed;
+
+    /**
+     * Adds catalogue metadata to a message domain.
+     *
+     * @return void
+     */
+    public function setCatalogueMetadata(string $key, mixed $value, string $domain = 'messages');
+
+    /**
+     * Deletes catalogue metadata for the given key and domain.
+     *
+     * Passing an empty domain will delete all catalogue metadata. Passing an empty key will
+     * delete all metadata for the given domain.
+     *
+     * @return void
+     */
+    public function deleteCatalogueMetadata(string $key = '', string $domain = 'messages');
+}
diff --git a/data/web/inc/lib/vendor/symfony/translation/Command/TranslationPullCommand.php b/data/web/inc/lib/vendor/symfony/translation/Command/TranslationPullCommand.php
index 42513a8a8..5d9c092c3 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Command/TranslationPullCommand.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Command/TranslationPullCommand.php
@@ -34,9 +34,9 @@ final class TranslationPullCommand extends Command
 {
     use TranslationTrait;
 
-    private $providerCollection;
-    private $writer;
-    private $reader;
+    private TranslationProviderCollection $providerCollection;
+    private TranslationWriterInterface $writer;
+    private TranslationReaderInterface $reader;
     private string $defaultLocale;
     private array $transPaths;
     private array $enabledLocales;
@@ -64,9 +64,8 @@ final class TranslationPullCommand extends Command
         if ($input->mustSuggestOptionValuesFor('domains')) {
             $provider = $this->providerCollection->get($input->getArgument('provider'));
 
-            if ($provider && method_exists($provider, 'getDomains')) {
-                $domains = $provider->getDomains();
-                $suggestions->suggestValues($domains);
+            if (method_exists($provider, 'getDomains')) {
+                $suggestions->suggestValues($provider->getDomains());
             }
 
             return;
@@ -83,10 +82,7 @@ final class TranslationPullCommand extends Command
         }
     }
 
-    /**
-     * {@inheritdoc}
-     */
-    protected function configure()
+    protected function configure(): void
     {
         $keys = $this->providerCollection->keys();
         $defaultProvider = 1 === \count($keys) ? $keys[0] : null;
@@ -99,6 +95,7 @@ final class TranslationPullCommand extends Command
                 new InputOption('domains', null, InputOption::VALUE_OPTIONAL | InputOption::VALUE_IS_ARRAY, 'Specify the domains to pull.'),
                 new InputOption('locales', null, InputOption::VALUE_OPTIONAL | InputOption::VALUE_IS_ARRAY, 'Specify the locales to pull.'),
                 new InputOption('format', null, InputOption::VALUE_OPTIONAL, 'Override the default output format.', 'xlf12'),
+                new InputOption('as-tree', null, InputOption::VALUE_OPTIONAL, 'Write messages as a tree-like structure. Needs --format=yaml. The given value defines the level where to switch to inline YAML'),
             ])
             ->setHelp(<<<'EOF'
 The <info>%command.name%</> command pulls translations from the given provider. Only
@@ -120,9 +117,6 @@ EOF
         ;
     }
 
-    /**
-     * {@inheritdoc}
-     */
     protected function execute(InputInterface $input, OutputInterface $output): int
     {
         $io = new SymfonyStyle($input, $output);
@@ -133,6 +127,7 @@ EOF
         $locales = $input->getOption('locales') ?: $this->enabledLocales;
         $domains = $input->getOption('domains');
         $format = $input->getOption('format');
+        $asTree = (int) $input->getOption('as-tree');
         $xliffVersion = '1.2';
 
         if ($intlIcu && !$force) {
@@ -141,7 +136,7 @@ EOF
 
         switch ($format) {
             case 'xlf20': $xliffVersion = '2.0';
-            // no break
+                // no break
             case 'xlf12': $format = 'xlf';
         }
 
@@ -149,6 +144,8 @@ EOF
             'path' => end($this->transPaths),
             'xliff_version' => $xliffVersion,
             'default_locale' => $this->defaultLocale,
+            'as_tree' => (bool) $asTree,
+            'inline' => $asTree,
         ];
 
         if (!$domains) {
@@ -159,7 +156,7 @@ EOF
 
         if ($force) {
             foreach ($providerTranslations->getCatalogues() as $catalogue) {
-                $operation = new TargetOperation((new MessageCatalogue($catalogue->getLocale())), $catalogue);
+                $operation = new TargetOperation(new MessageCatalogue($catalogue->getLocale()), $catalogue);
                 if ($intlIcu) {
                     $operation->moveMessagesToIntlDomainsIfPossible();
                 }
diff --git a/data/web/inc/lib/vendor/symfony/translation/Command/TranslationPushCommand.php b/data/web/inc/lib/vendor/symfony/translation/Command/TranslationPushCommand.php
index dba21643d..1d04adbc9 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Command/TranslationPushCommand.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Command/TranslationPushCommand.php
@@ -21,6 +21,7 @@ use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Input\InputOption;
 use Symfony\Component\Console\Output\OutputInterface;
 use Symfony\Component\Console\Style\SymfonyStyle;
+use Symfony\Component\Translation\Provider\FilteringProvider;
 use Symfony\Component\Translation\Provider\TranslationProviderCollection;
 use Symfony\Component\Translation\Reader\TranslationReaderInterface;
 use Symfony\Component\Translation\TranslatorBag;
@@ -33,8 +34,8 @@ final class TranslationPushCommand extends Command
 {
     use TranslationTrait;
 
-    private $providers;
-    private $reader;
+    private TranslationProviderCollection $providers;
+    private TranslationReaderInterface $reader;
     private array $transPaths;
     private array $enabledLocales;
 
@@ -72,10 +73,7 @@ final class TranslationPushCommand extends Command
         }
     }
 
-    /**
-     * {@inheritdoc}
-     */
-    protected function configure()
+    protected function configure(): void
     {
         $keys = $this->providers->keys();
         $defaultProvider = 1 === \count($keys) ? $keys[0] : null;
@@ -112,15 +110,12 @@ EOF
         ;
     }
 
-    /**
-     * {@inheritdoc}
-     */
     protected function execute(InputInterface $input, OutputInterface $output): int
     {
         $provider = $this->providers->get($input->getArgument('provider'));
 
         if (!$this->enabledLocales) {
-            throw new InvalidArgumentException(sprintf('You must define "framework.translator.enabled_locales" or "framework.translator.providers.%s.locales" config key in order to work with translation providers.', parse_url($provider, \PHP_URL_SCHEME)));
+            throw new InvalidArgumentException(sprintf('You must define "framework.enabled_locales" or "framework.translator.providers.%s.locales" config key in order to work with translation providers.', parse_url($provider, \PHP_URL_SCHEME)));
         }
 
         $io = new SymfonyStyle($input, $output);
@@ -129,6 +124,12 @@ EOF
         $force = $input->getOption('force');
         $deleteMissing = $input->getOption('delete-missing');
 
+        if (!$domains && $provider instanceof FilteringProvider) {
+            $domains = $provider->getDomains();
+        }
+
+        // Reading local translations must be done after retrieving the domains from the provider
+        // in order to manage only translations from configured domains
         $localTranslations = $this->readLocalTranslations($locales, $domains, $this->transPaths);
 
         if (!$domains) {
diff --git a/data/web/inc/lib/vendor/symfony/translation/Command/XliffLintCommand.php b/data/web/inc/lib/vendor/symfony/translation/Command/XliffLintCommand.php
index f062fb79f..ba946389e 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Command/XliffLintCommand.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Command/XliffLintCommand.php
@@ -41,23 +41,23 @@ class XliffLintCommand extends Command
     private ?\Closure $isReadableProvider;
     private bool $requireStrictFileNames;
 
-    public function __construct(string $name = null, callable $directoryIteratorProvider = null, callable $isReadableProvider = null, bool $requireStrictFileNames = true)
+    public function __construct(?string $name = null, ?callable $directoryIteratorProvider = null, ?callable $isReadableProvider = null, bool $requireStrictFileNames = true)
     {
         parent::__construct($name);
 
-        $this->directoryIteratorProvider = null === $directoryIteratorProvider || $directoryIteratorProvider instanceof \Closure ? $directoryIteratorProvider : \Closure::fromCallable($directoryIteratorProvider);
-        $this->isReadableProvider = null === $isReadableProvider || $isReadableProvider instanceof \Closure ? $isReadableProvider : \Closure::fromCallable($isReadableProvider);
+        $this->directoryIteratorProvider = null === $directoryIteratorProvider ? null : $directoryIteratorProvider(...);
+        $this->isReadableProvider = null === $isReadableProvider ? null : $isReadableProvider(...);
         $this->requireStrictFileNames = $requireStrictFileNames;
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     protected function configure()
     {
         $this
             ->addArgument('filename', InputArgument::IS_ARRAY, 'A file, a directory or "-" for reading from STDIN')
-            ->addOption('format', null, InputOption::VALUE_REQUIRED, 'The output format')
+            ->addOption('format', null, InputOption::VALUE_REQUIRED, sprintf('The output format ("%s")', implode('", "', $this->getAvailableFormatOptions())))
             ->setHelp(<<<EOF
 The <info>%command.name%</info> command lints an XLIFF file and outputs to STDOUT
 the first encountered syntax error.
@@ -109,7 +109,7 @@ EOF
         return $this->display($io, $filesInfo);
     }
 
-    private function validate(string $content, string $file = null): array
+    private function validate(string $content, ?string $file = null): array
     {
         $errors = [];
 
@@ -154,21 +154,17 @@ EOF
         return ['file' => $file, 'valid' => 0 === \count($errors), 'messages' => $errors];
     }
 
-    private function display(SymfonyStyle $io, array $files)
+    private function display(SymfonyStyle $io, array $files): int
     {
-        switch ($this->format) {
-            case 'txt':
-                return $this->displayTxt($io, $files);
-            case 'json':
-                return $this->displayJson($io, $files);
-            case 'github':
-                return $this->displayTxt($io, $files, true);
-            default:
-                throw new InvalidArgumentException(sprintf('The format "%s" is not supported.', $this->format));
-        }
+        return match ($this->format) {
+            'txt' => $this->displayTxt($io, $files),
+            'json' => $this->displayJson($io, $files),
+            'github' => $this->displayTxt($io, $files, true),
+            default => throw new InvalidArgumentException(sprintf('Supported formats are "%s".', implode('", "', $this->getAvailableFormatOptions()))),
+        };
     }
 
-    private function displayTxt(SymfonyStyle $io, array $filesInfo, bool $errorAsGithubAnnotations = false)
+    private function displayTxt(SymfonyStyle $io, array $filesInfo, bool $errorAsGithubAnnotations = false): int
     {
         $countFiles = \count($filesInfo);
         $erroredFiles = 0;
@@ -184,9 +180,7 @@ EOF
                     // general document errors have a '-1' line number
                     $line = -1 === $error['line'] ? null : $error['line'];
 
-                    if ($githubReporter) {
-                        $githubReporter->error($error['message'], $info['file'], $line, null !== $line ? $error['column'] : null);
-                    }
+                    $githubReporter?->error($error['message'], $info['file'], $line, null !== $line ? $error['column'] : null);
 
                     return null === $line ? $error['message'] : sprintf('Line %d, Column %d: %s', $line, $error['column'], $error['message']);
                 }, $info['messages']));
@@ -202,7 +196,7 @@ EOF
         return min($erroredFiles, 1);
     }
 
-    private function displayJson(SymfonyStyle $io, array $filesInfo)
+    private function displayJson(SymfonyStyle $io, array $filesInfo): int
     {
         $errors = 0;
 
@@ -218,7 +212,10 @@ EOF
         return min($errors, 1);
     }
 
-    private function getFiles(string $fileOrDirectory)
+    /**
+     * @return iterable<\SplFileInfo>
+     */
+    private function getFiles(string $fileOrDirectory): iterable
     {
         if (is_file($fileOrDirectory)) {
             yield new \SplFileInfo($fileOrDirectory);
@@ -235,14 +232,15 @@ EOF
         }
     }
 
-    private function getDirectoryIterator(string $directory)
+    /**
+     * @return iterable<\SplFileInfo>
+     */
+    private function getDirectoryIterator(string $directory): iterable
     {
-        $default = function ($directory) {
-            return new \RecursiveIteratorIterator(
-                new \RecursiveDirectoryIterator($directory, \FilesystemIterator::SKIP_DOTS | \FilesystemIterator::FOLLOW_SYMLINKS),
-                \RecursiveIteratorIterator::LEAVES_ONLY
-            );
-        };
+        $default = fn ($directory) => new \RecursiveIteratorIterator(
+            new \RecursiveDirectoryIterator($directory, \FilesystemIterator::SKIP_DOTS | \FilesystemIterator::FOLLOW_SYMLINKS),
+            \RecursiveIteratorIterator::LEAVES_ONLY
+        );
 
         if (null !== $this->directoryIteratorProvider) {
             return ($this->directoryIteratorProvider)($directory, $default);
@@ -251,11 +249,9 @@ EOF
         return $default($directory);
     }
 
-    private function isReadable(string $fileOrDirectory)
+    private function isReadable(string $fileOrDirectory): bool
     {
-        $default = function ($fileOrDirectory) {
-            return is_readable($fileOrDirectory);
-        };
+        $default = fn ($fileOrDirectory) => is_readable($fileOrDirectory);
 
         if (null !== $this->isReadableProvider) {
             return ($this->isReadableProvider)($fileOrDirectory, $default);
@@ -278,7 +274,12 @@ EOF
     public function complete(CompletionInput $input, CompletionSuggestions $suggestions): void
     {
         if ($input->mustSuggestOptionValuesFor('format')) {
-            $suggestions->suggestValues(['txt', 'json', 'github']);
+            $suggestions->suggestValues($this->getAvailableFormatOptions());
         }
     }
+
+    private function getAvailableFormatOptions(): array
+    {
+        return ['txt', 'json', 'github'];
+    }
 }
diff --git a/data/web/inc/lib/vendor/symfony/translation/DataCollector/TranslationDataCollector.php b/data/web/inc/lib/vendor/symfony/translation/DataCollector/TranslationDataCollector.php
index 0f7901d52..d4f49cc66 100644
--- a/data/web/inc/lib/vendor/symfony/translation/DataCollector/TranslationDataCollector.php
+++ b/data/web/inc/lib/vendor/symfony/translation/DataCollector/TranslationDataCollector.php
@@ -25,17 +25,14 @@ use Symfony\Component\VarDumper\Cloner\Data;
  */
 class TranslationDataCollector extends DataCollector implements LateDataCollectorInterface
 {
-    private $translator;
+    private DataCollectorTranslator $translator;
 
     public function __construct(DataCollectorTranslator $translator)
     {
         $this->translator = $translator;
     }
 
-    /**
-     * {@inheritdoc}
-     */
-    public function lateCollect()
+    public function lateCollect(): void
     {
         $messages = $this->sanitizeCollectedMessages($this->translator->getCollectedMessages());
 
@@ -45,19 +42,13 @@ class TranslationDataCollector extends DataCollector implements LateDataCollecto
         $this->data = $this->cloneVar($this->data);
     }
 
-    /**
-     * {@inheritdoc}
-     */
-    public function collect(Request $request, Response $response, \Throwable $exception = null)
+    public function collect(Request $request, Response $response, ?\Throwable $exception = null): void
     {
         $this->data['locale'] = $this->translator->getLocale();
         $this->data['fallback_locales'] = $this->translator->getFallbackLocales();
     }
 
-    /**
-     * {@inheritdoc}
-     */
-    public function reset()
+    public function reset(): void
     {
         $this->data = [];
     }
@@ -82,7 +73,7 @@ class TranslationDataCollector extends DataCollector implements LateDataCollecto
         return $this->data[DataCollectorTranslator::MESSAGE_DEFINED] ?? 0;
     }
 
-    public function getLocale()
+    public function getLocale(): ?string
     {
         return !empty($this->data['locale']) ? $this->data['locale'] : null;
     }
@@ -90,20 +81,17 @@ class TranslationDataCollector extends DataCollector implements LateDataCollecto
     /**
      * @internal
      */
-    public function getFallbackLocales()
+    public function getFallbackLocales(): Data|array
     {
         return (isset($this->data['fallback_locales']) && \count($this->data['fallback_locales']) > 0) ? $this->data['fallback_locales'] : [];
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function getName(): string
     {
         return 'translation';
     }
 
-    private function sanitizeCollectedMessages(array $messages)
+    private function sanitizeCollectedMessages(array $messages): array
     {
         $result = [];
         foreach ($messages as $key => $message) {
@@ -128,7 +116,7 @@ class TranslationDataCollector extends DataCollector implements LateDataCollecto
         return $result;
     }
 
-    private function computeCount(array $messages)
+    private function computeCount(array $messages): array
     {
         $count = [
             DataCollectorTranslator::MESSAGE_DEFINED => 0,
@@ -143,7 +131,7 @@ class TranslationDataCollector extends DataCollector implements LateDataCollecto
         return $count;
     }
 
-    private function sanitizeString(string $string, int $length = 80)
+    private function sanitizeString(string $string, int $length = 80): string
     {
         $string = trim(preg_replace('/\s+/', ' ', $string));
 
diff --git a/data/web/inc/lib/vendor/symfony/translation/DataCollectorTranslator.php b/data/web/inc/lib/vendor/symfony/translation/DataCollectorTranslator.php
index 2a08b0960..a2832ee8e 100644
--- a/data/web/inc/lib/vendor/symfony/translation/DataCollectorTranslator.php
+++ b/data/web/inc/lib/vendor/symfony/translation/DataCollectorTranslator.php
@@ -25,7 +25,7 @@ class DataCollectorTranslator implements TranslatorInterface, TranslatorBagInter
     public const MESSAGE_MISSING = 1;
     public const MESSAGE_EQUALS_FALLBACK = 2;
 
-    private $translator;
+    private TranslatorInterface $translator;
     private array $messages = [];
 
     /**
@@ -40,10 +40,7 @@ class DataCollectorTranslator implements TranslatorInterface, TranslatorBagInter
         $this->translator = $translator;
     }
 
-    /**
-     * {@inheritdoc}
-     */
-    public function trans(?string $id, array $parameters = [], string $domain = null, string $locale = null): string
+    public function trans(?string $id, array $parameters = [], ?string $domain = null, ?string $locale = null): string
     {
         $trans = $this->translator->trans($id = (string) $id, $parameters, $domain, $locale);
         $this->collectMessage($locale, $domain, $id, $trans, $parameters);
@@ -52,46 +49,32 @@ class DataCollectorTranslator implements TranslatorInterface, TranslatorBagInter
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function setLocale(string $locale)
     {
         $this->translator->setLocale($locale);
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function getLocale(): string
     {
         return $this->translator->getLocale();
     }
 
-    /**
-     * {@inheritdoc}
-     */
-    public function getCatalogue(string $locale = null): MessageCatalogueInterface
+    public function getCatalogue(?string $locale = null): MessageCatalogueInterface
     {
         return $this->translator->getCatalogue($locale);
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function getCatalogues(): array
     {
         return $this->translator->getCatalogues();
     }
 
-    /**
-     * {@inheritdoc}
-     *
-     * @return string[]
-     */
-    public function warmUp(string $cacheDir): array
+    public function warmUp(string $cacheDir, ?string $buildDir = null): array
     {
         if ($this->translator instanceof WarmableInterface) {
-            return (array) $this->translator->warmUp($cacheDir);
+            return (array) $this->translator->warmUp($cacheDir, $buildDir);
         }
 
         return [];
@@ -110,7 +93,7 @@ class DataCollectorTranslator implements TranslatorInterface, TranslatorBagInter
     }
 
     /**
-     * Passes through all unknown calls onto the translator object.
+     * @return mixed
      */
     public function __call(string $method, array $args)
     {
@@ -122,11 +105,9 @@ class DataCollectorTranslator implements TranslatorInterface, TranslatorBagInter
         return $this->messages;
     }
 
-    private function collectMessage(?string $locale, ?string $domain, string $id, string $translation, ?array $parameters = [])
+    private function collectMessage(?string $locale, ?string $domain, string $id, string $translation, ?array $parameters = []): void
     {
-        if (null === $domain) {
-            $domain = 'messages';
-        }
+        $domain ??= 'messages';
 
         $catalogue = $this->translator->getCatalogue($locale);
         $locale = $catalogue->getLocale();
diff --git a/data/web/inc/lib/vendor/symfony/translation/DependencyInjection/DataCollectorTranslatorPass.php b/data/web/inc/lib/vendor/symfony/translation/DependencyInjection/DataCollectorTranslatorPass.php
new file mode 100644
index 000000000..cdf63be4b
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/translation/DependencyInjection/DataCollectorTranslatorPass.php
@@ -0,0 +1,36 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Translation\DependencyInjection;
+
+use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\Translation\TranslatorBagInterface;
+
+/**
+ * @author Christian Flothmann <christian.flothmann@sensiolabs.de>
+ */
+class DataCollectorTranslatorPass implements CompilerPassInterface
+{
+    public function process(ContainerBuilder $container): void
+    {
+        if (!$container->has('translator')) {
+            return;
+        }
+
+        $translatorClass = $container->getParameterBag()->resolveValue($container->findDefinition('translator')->getClass());
+
+        if (!is_subclass_of($translatorClass, TranslatorBagInterface::class)) {
+            $container->removeDefinition('translator.data_collector');
+            $container->removeDefinition('data_collector.translation');
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/symfony/translation/DependencyInjection/LoggingTranslatorPass.php b/data/web/inc/lib/vendor/symfony/translation/DependencyInjection/LoggingTranslatorPass.php
new file mode 100644
index 000000000..c21552f97
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/translation/DependencyInjection/LoggingTranslatorPass.php
@@ -0,0 +1,59 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Translation\DependencyInjection;
+
+use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\Exception\InvalidArgumentException;
+use Symfony\Component\Translation\TranslatorBagInterface;
+use Symfony\Contracts\Translation\TranslatorInterface;
+
+/**
+ * @author Abdellatif Ait boudad <a.aitboudad@gmail.com>
+ */
+class LoggingTranslatorPass implements CompilerPassInterface
+{
+    public function process(ContainerBuilder $container): void
+    {
+        if (!$container->hasAlias('logger') || !$container->hasAlias('translator')) {
+            return;
+        }
+
+        if (!$container->hasParameter('translator.logging') || !$container->getParameter('translator.logging')) {
+            return;
+        }
+
+        $translatorAlias = $container->getAlias('translator');
+        $definition = $container->getDefinition((string) $translatorAlias);
+        $class = $container->getParameterBag()->resolveValue($definition->getClass());
+
+        if (!$r = $container->getReflectionClass($class)) {
+            throw new InvalidArgumentException(sprintf('Class "%s" used for service "%s" cannot be found.', $class, $translatorAlias));
+        }
+
+        if (!$r->isSubclassOf(TranslatorInterface::class) || !$r->isSubclassOf(TranslatorBagInterface::class)) {
+            return;
+        }
+
+        $container->getDefinition('translator.logging')->setDecoratedService('translator');
+        $warmer = $container->getDefinition('translation.warmer');
+        $subscriberAttributes = $warmer->getTag('container.service_subscriber');
+        $warmer->clearTag('container.service_subscriber');
+
+        foreach ($subscriberAttributes as $k => $v) {
+            if ((!isset($v['id']) || 'translator' !== $v['id']) && (!isset($v['key']) || 'translator' !== $v['key'])) {
+                $warmer->addTag('container.service_subscriber', $v);
+            }
+        }
+        $warmer->addTag('container.service_subscriber', ['key' => 'translator', 'id' => 'translator.logging.inner']);
+    }
+}
diff --git a/data/web/inc/lib/vendor/symfony/translation/DependencyInjection/TranslationDumperPass.php b/data/web/inc/lib/vendor/symfony/translation/DependencyInjection/TranslationDumperPass.php
index 4020a0788..2ece6ac7b 100644
--- a/data/web/inc/lib/vendor/symfony/translation/DependencyInjection/TranslationDumperPass.php
+++ b/data/web/inc/lib/vendor/symfony/translation/DependencyInjection/TranslationDumperPass.php
@@ -20,6 +20,9 @@ use Symfony\Component\DependencyInjection\Reference;
  */
 class TranslationDumperPass implements CompilerPassInterface
 {
+    /**
+     * @return void
+     */
     public function process(ContainerBuilder $container)
     {
         if (!$container->hasDefinition('translation.writer')) {
diff --git a/data/web/inc/lib/vendor/symfony/translation/DependencyInjection/TranslationExtractorPass.php b/data/web/inc/lib/vendor/symfony/translation/DependencyInjection/TranslationExtractorPass.php
index ee7c47ae4..1baf9341e 100644
--- a/data/web/inc/lib/vendor/symfony/translation/DependencyInjection/TranslationExtractorPass.php
+++ b/data/web/inc/lib/vendor/symfony/translation/DependencyInjection/TranslationExtractorPass.php
@@ -21,6 +21,9 @@ use Symfony\Component\DependencyInjection\Reference;
  */
 class TranslationExtractorPass implements CompilerPassInterface
 {
+    /**
+     * @return void
+     */
     public function process(ContainerBuilder $container)
     {
         if (!$container->hasDefinition('translation.extractor')) {
diff --git a/data/web/inc/lib/vendor/symfony/translation/DependencyInjection/TranslatorPass.php b/data/web/inc/lib/vendor/symfony/translation/DependencyInjection/TranslatorPass.php
index be79cdaf0..dd6ea3c83 100644
--- a/data/web/inc/lib/vendor/symfony/translation/DependencyInjection/TranslatorPass.php
+++ b/data/web/inc/lib/vendor/symfony/translation/DependencyInjection/TranslatorPass.php
@@ -18,6 +18,9 @@ use Symfony\Component\DependencyInjection\Reference;
 
 class TranslatorPass implements CompilerPassInterface
 {
+    /**
+     * @return void
+     */
     public function process(ContainerBuilder $container)
     {
         if (!$container->hasDefinition('translator.default')) {
@@ -49,6 +52,23 @@ class TranslatorPass implements CompilerPassInterface
             ->replaceArgument(3, $loaders)
         ;
 
+        if ($container->hasDefinition('validator') && $container->hasDefinition('translation.extractor.visitor.constraint')) {
+            $constraintVisitorDefinition = $container->getDefinition('translation.extractor.visitor.constraint');
+            $constraintClassNames = [];
+
+            foreach ($container->getDefinitions() as $definition) {
+                if (!$definition->hasTag('validator.constraint_validator')) {
+                    continue;
+                }
+                // Resolve constraint validator FQCN even if defined as %foo.validator.class% parameter
+                $className = $container->getParameterBag()->resolveValue($definition->getClass());
+                // Extraction of the constraint class name from the Constraint Validator FQCN
+                $constraintClassNames[] = str_replace('Validator', '', substr(strrchr($className, '\\'), 1));
+            }
+
+            $constraintVisitorDefinition->setArgument(0, $constraintClassNames);
+        }
+
         if (!$container->hasParameter('twig.default_path')) {
             return;
         }
diff --git a/data/web/inc/lib/vendor/symfony/translation/DependencyInjection/TranslatorPathsPass.php b/data/web/inc/lib/vendor/symfony/translation/DependencyInjection/TranslatorPathsPass.php
index b85c06621..1756e3c8c 100644
--- a/data/web/inc/lib/vendor/symfony/translation/DependencyInjection/TranslatorPathsPass.php
+++ b/data/web/inc/lib/vendor/symfony/translation/DependencyInjection/TranslatorPathsPass.php
@@ -16,12 +16,15 @@ use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Definition;
 use Symfony\Component\DependencyInjection\Reference;
 use Symfony\Component\DependencyInjection\ServiceLocator;
+use Symfony\Component\HttpKernel\Controller\ArgumentResolver\TraceableValueResolver;
 
 /**
  * @author Yonel Ceruto <yonelceruto@gmail.com>
  */
 class TranslatorPathsPass extends AbstractRecursivePass
 {
+    protected bool $skipScalars = true;
+
     private int $level = 0;
 
     /**
@@ -39,6 +42,9 @@ class TranslatorPathsPass extends AbstractRecursivePass
      */
     private array $controllers = [];
 
+    /**
+     * @return void
+     */
     public function process(ContainerBuilder $container)
     {
         if (!$container->hasDefinition('translator')) {
@@ -120,28 +126,20 @@ class TranslatorPathsPass extends AbstractRecursivePass
 
     private function findControllerArguments(ContainerBuilder $container): array
     {
-        if ($container->hasDefinition('argument_resolver.service')) {
-            $argument = $container->getDefinition('argument_resolver.service')->getArgument(0);
-            if ($argument instanceof Reference) {
-                $argument = $container->getDefinition($argument);
-            }
+        if (!$container->has('argument_resolver.service')) {
+            return [];
+        }
+        $resolverDef = $container->findDefinition('argument_resolver.service');
 
-            return $argument->getArgument(0);
+        if (TraceableValueResolver::class === $resolverDef->getClass()) {
+            $resolverDef = $container->getDefinition($resolverDef->getArgument(0));
         }
 
-        if ($container->hasDefinition('debug.'.'argument_resolver.service')) {
-            $argument = $container->getDefinition('debug.'.'argument_resolver.service')->getArgument(0);
-            if ($argument instanceof Reference) {
-                $argument = $container->getDefinition($argument);
-            }
-            $argument = $argument->getArgument(0);
-            if ($argument instanceof Reference) {
-                $argument = $container->getDefinition($argument);
-            }
-
-            return $argument->getArgument(0);
+        $argument = $resolverDef->getArgument(0);
+        if ($argument instanceof Reference) {
+            $argument = $container->getDefinition($argument);
         }
 
-        return [];
+        return $argument->getArgument(0);
     }
 }
diff --git a/data/web/inc/lib/vendor/symfony/translation/Dumper/CsvFileDumper.php b/data/web/inc/lib/vendor/symfony/translation/Dumper/CsvFileDumper.php
index 0bd3f5e0f..8f5475259 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Dumper/CsvFileDumper.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Dumper/CsvFileDumper.php
@@ -23,9 +23,6 @@ class CsvFileDumper extends FileDumper
     private string $delimiter = ';';
     private string $enclosure = '"';
 
-    /**
-     * {@inheritdoc}
-     */
     public function formatCatalogue(MessageCatalogue $messages, string $domain, array $options = []): string
     {
         $handle = fopen('php://memory', 'r+');
@@ -43,6 +40,8 @@ class CsvFileDumper extends FileDumper
 
     /**
      * Sets the delimiter and escape character for CSV.
+     *
+     * @return void
      */
     public function setCsvControl(string $delimiter = ';', string $enclosure = '"')
     {
@@ -50,9 +49,6 @@ class CsvFileDumper extends FileDumper
         $this->enclosure = $enclosure;
     }
 
-    /**
-     * {@inheritdoc}
-     */
     protected function getExtension(): string
     {
         return 'csv';
diff --git a/data/web/inc/lib/vendor/symfony/translation/Dumper/DumperInterface.php b/data/web/inc/lib/vendor/symfony/translation/Dumper/DumperInterface.php
index 7cdaef515..6bf42931e 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Dumper/DumperInterface.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Dumper/DumperInterface.php
@@ -25,6 +25,8 @@ interface DumperInterface
      * Dumps the message catalogue.
      *
      * @param array $options Options that are used by the dumper
+     *
+     * @return void
      */
     public function dump(MessageCatalogue $messages, array $options = []);
 }
diff --git a/data/web/inc/lib/vendor/symfony/translation/Dumper/FileDumper.php b/data/web/inc/lib/vendor/symfony/translation/Dumper/FileDumper.php
index 6bad4ff32..e30d4770e 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Dumper/FileDumper.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Dumper/FileDumper.php
@@ -35,7 +35,7 @@ abstract class FileDumper implements DumperInterface
     /**
      * Sets the template for the relative paths to files.
      *
-     * @param string $relativePathTemplate A template for the relative paths to files
+     * @return void
      */
     public function setRelativePathTemplate(string $relativePathTemplate)
     {
@@ -43,7 +43,7 @@ abstract class FileDumper implements DumperInterface
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function dump(MessageCatalogue $messages, array $options = [])
     {
diff --git a/data/web/inc/lib/vendor/symfony/translation/Dumper/IcuResFileDumper.php b/data/web/inc/lib/vendor/symfony/translation/Dumper/IcuResFileDumper.php
index b62ea1536..72c1ec089 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Dumper/IcuResFileDumper.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Dumper/IcuResFileDumper.php
@@ -20,14 +20,8 @@ use Symfony\Component\Translation\MessageCatalogue;
  */
 class IcuResFileDumper extends FileDumper
 {
-    /**
-     * {@inheritdoc}
-     */
     protected $relativePathTemplate = '%domain%/%locale%.%extension%';
 
-    /**
-     * {@inheritdoc}
-     */
     public function formatCatalogue(MessageCatalogue $messages, string $domain, array $options = []): string
     {
         $data = $indexes = $resources = '';
@@ -47,7 +41,7 @@ class IcuResFileDumper extends FileDumper
             $data .= pack('V', \strlen($target))
                 .mb_convert_encoding($target."\0", 'UTF-16LE', 'UTF-8')
                 .$this->writePadding($data)
-                  ;
+            ;
         }
 
         $resOffset = $this->getPosition($data);
@@ -56,7 +50,7 @@ class IcuResFileDumper extends FileDumper
             .$indexes
             .$this->writePadding($data)
             .$resources
-              ;
+        ;
 
         $bundleTop = $this->getPosition($data);
 
@@ -89,14 +83,11 @@ class IcuResFileDumper extends FileDumper
         return $padding ? str_repeat("\xAA", 4 - $padding) : null;
     }
 
-    private function getPosition(string $data)
+    private function getPosition(string $data): float|int
     {
         return (\strlen($data) + 28) / 4;
     }
 
-    /**
-     * {@inheritdoc}
-     */
     protected function getExtension(): string
     {
         return 'res';
diff --git a/data/web/inc/lib/vendor/symfony/translation/Dumper/IniFileDumper.php b/data/web/inc/lib/vendor/symfony/translation/Dumper/IniFileDumper.php
index 75032be14..6cbdef606 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Dumper/IniFileDumper.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Dumper/IniFileDumper.php
@@ -20,9 +20,6 @@ use Symfony\Component\Translation\MessageCatalogue;
  */
 class IniFileDumper extends FileDumper
 {
-    /**
-     * {@inheritdoc}
-     */
     public function formatCatalogue(MessageCatalogue $messages, string $domain, array $options = []): string
     {
         $output = '';
@@ -35,9 +32,6 @@ class IniFileDumper extends FileDumper
         return $output;
     }
 
-    /**
-     * {@inheritdoc}
-     */
     protected function getExtension(): string
     {
         return 'ini';
diff --git a/data/web/inc/lib/vendor/symfony/translation/Dumper/JsonFileDumper.php b/data/web/inc/lib/vendor/symfony/translation/Dumper/JsonFileDumper.php
index 11027303a..e5035397f 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Dumper/JsonFileDumper.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Dumper/JsonFileDumper.php
@@ -20,9 +20,6 @@ use Symfony\Component\Translation\MessageCatalogue;
  */
 class JsonFileDumper extends FileDumper
 {
-    /**
-     * {@inheritdoc}
-     */
     public function formatCatalogue(MessageCatalogue $messages, string $domain, array $options = []): string
     {
         $flags = $options['json_encoding'] ?? \JSON_PRETTY_PRINT;
@@ -30,9 +27,6 @@ class JsonFileDumper extends FileDumper
         return json_encode($messages->all($domain), $flags);
     }
 
-    /**
-     * {@inheritdoc}
-     */
     protected function getExtension(): string
     {
         return 'json';
diff --git a/data/web/inc/lib/vendor/symfony/translation/Dumper/MoFileDumper.php b/data/web/inc/lib/vendor/symfony/translation/Dumper/MoFileDumper.php
index 08c8f8997..9ded5f4ef 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Dumper/MoFileDumper.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Dumper/MoFileDumper.php
@@ -21,9 +21,6 @@ use Symfony\Component\Translation\MessageCatalogue;
  */
 class MoFileDumper extends FileDumper
 {
-    /**
-     * {@inheritdoc}
-     */
     public function formatCatalogue(MessageCatalogue $messages, string $domain, array $options = []): string
     {
         $sources = $targets = $sourceOffsets = $targetOffsets = '';
@@ -57,19 +54,16 @@ class MoFileDumper extends FileDumper
                           .$this->writeLong($offset[2] + $sourcesStart + $sourcesSize);
         }
 
-        $output = implode('', array_map([$this, 'writeLong'], $header))
+        $output = implode('', array_map($this->writeLong(...), $header))
                .$sourceOffsets
                .$targetOffsets
                .$sources
                .$targets
-                ;
+        ;
 
         return $output;
     }
 
-    /**
-     * {@inheritdoc}
-     */
     protected function getExtension(): string
     {
         return 'mo';
diff --git a/data/web/inc/lib/vendor/symfony/translation/Dumper/PhpFileDumper.php b/data/web/inc/lib/vendor/symfony/translation/Dumper/PhpFileDumper.php
index 565d89375..51e90665d 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Dumper/PhpFileDumper.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Dumper/PhpFileDumper.php
@@ -20,17 +20,11 @@ use Symfony\Component\Translation\MessageCatalogue;
  */
 class PhpFileDumper extends FileDumper
 {
-    /**
-     * {@inheritdoc}
-     */
     public function formatCatalogue(MessageCatalogue $messages, string $domain, array $options = []): string
     {
         return "<?php\n\nreturn ".var_export($messages->all($domain), true).";\n";
     }
 
-    /**
-     * {@inheritdoc}
-     */
     protected function getExtension(): string
     {
         return 'php';
diff --git a/data/web/inc/lib/vendor/symfony/translation/Dumper/PoFileDumper.php b/data/web/inc/lib/vendor/symfony/translation/Dumper/PoFileDumper.php
index 313e50458..a2d0deb78 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Dumper/PoFileDumper.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Dumper/PoFileDumper.php
@@ -20,9 +20,6 @@ use Symfony\Component\Translation\MessageCatalogue;
  */
 class PoFileDumper extends FileDumper
 {
-    /**
-     * {@inheritdoc}
-     */
     public function formatCatalogue(MessageCatalogue $messages, string $domain, array $options = []): string
     {
         $output = 'msgid ""'."\n";
@@ -68,7 +65,7 @@ class PoFileDumper extends FileDumper
         return $output;
     }
 
-    private function getStandardRules(string $id)
+    private function getStandardRules(string $id): array
     {
         // Partly copied from TranslatorTrait::trans.
         $parts = [];
@@ -111,9 +108,6 @@ EOF;
         return $standardRules;
     }
 
-    /**
-     * {@inheritdoc}
-     */
     protected function getExtension(): string
     {
         return 'po';
diff --git a/data/web/inc/lib/vendor/symfony/translation/Dumper/QtFileDumper.php b/data/web/inc/lib/vendor/symfony/translation/Dumper/QtFileDumper.php
index 819409fc0..0373e9c10 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Dumper/QtFileDumper.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Dumper/QtFileDumper.php
@@ -20,9 +20,6 @@ use Symfony\Component\Translation\MessageCatalogue;
  */
 class QtFileDumper extends FileDumper
 {
-    /**
-     * {@inheritdoc}
-     */
     public function formatCatalogue(MessageCatalogue $messages, string $domain, array $options = []): string
     {
         $dom = new \DOMDocument('1.0', 'utf-8');
@@ -51,9 +48,6 @@ class QtFileDumper extends FileDumper
         return $dom->saveXML();
     }
 
-    /**
-     * {@inheritdoc}
-     */
     protected function getExtension(): string
     {
         return 'ts';
diff --git a/data/web/inc/lib/vendor/symfony/translation/Dumper/XliffFileDumper.php b/data/web/inc/lib/vendor/symfony/translation/Dumper/XliffFileDumper.php
index b8a109a41..d0f016b23 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Dumper/XliffFileDumper.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Dumper/XliffFileDumper.php
@@ -21,9 +21,11 @@ use Symfony\Component\Translation\MessageCatalogue;
  */
 class XliffFileDumper extends FileDumper
 {
-    /**
-     * {@inheritdoc}
-     */
+    public function __construct(
+        private string $extension = 'xlf',
+    ) {
+    }
+
     public function formatCatalogue(MessageCatalogue $messages, string $domain, array $options = []): string
     {
         $xliffVersion = '1.2';
@@ -47,15 +49,12 @@ class XliffFileDumper extends FileDumper
         throw new InvalidArgumentException(sprintf('No support implemented for dumping XLIFF version "%s".', $xliffVersion));
     }
 
-    /**
-     * {@inheritdoc}
-     */
     protected function getExtension(): string
     {
-        return 'xlf';
+        return $this->extension;
     }
 
-    private function dumpXliff1(string $defaultLocale, MessageCatalogue $messages, ?string $domain, array $options = [])
+    private function dumpXliff1(string $defaultLocale, MessageCatalogue $messages, ?string $domain, array $options = []): string
     {
         $toolInfo = ['tool-id' => 'symfony', 'tool-name' => 'Symfony'];
         if (\array_key_exists('tool_info', $options)) {
@@ -81,6 +80,15 @@ class XliffFileDumper extends FileDumper
             $xliffTool->setAttribute($id, $value);
         }
 
+        if ($catalogueMetadata = $messages->getCatalogueMetadata('', $domain) ?? []) {
+            $xliffPropGroup = $xliffHead->appendChild($dom->createElement('prop-group'));
+            foreach ($catalogueMetadata as $key => $value) {
+                $xliffProp = $xliffPropGroup->appendChild($dom->createElement('prop'));
+                $xliffProp->setAttribute('prop-type', $key);
+                $xliffProp->appendChild($dom->createTextNode($value));
+            }
+        }
+
         $xliffBody = $xliffFile->appendChild($dom->createElement('body'));
         foreach ($messages->all($domain) as $source => $target) {
             $translation = $dom->createElement('trans-unit');
@@ -129,7 +137,7 @@ class XliffFileDumper extends FileDumper
         return $dom->saveXML();
     }
 
-    private function dumpXliff2(string $defaultLocale, MessageCatalogue $messages, ?string $domain)
+    private function dumpXliff2(string $defaultLocale, MessageCatalogue $messages, ?string $domain): string
     {
         $dom = new \DOMDocument('1.0', 'utf-8');
         $dom->formatOutput = true;
@@ -147,6 +155,16 @@ class XliffFileDumper extends FileDumper
             $xliffFile->setAttribute('id', $domain.'.'.$messages->getLocale());
         }
 
+        if ($catalogueMetadata = $messages->getCatalogueMetadata('', $domain) ?? []) {
+            $xliff->setAttribute('xmlns:m', 'urn:oasis:names:tc:xliff:metadata:2.0');
+            $xliffMetadata = $xliffFile->appendChild($dom->createElement('m:metadata'));
+            foreach ($catalogueMetadata as $key => $value) {
+                $xliffMeta = $xliffMetadata->appendChild($dom->createElement('prop'));
+                $xliffMeta->setAttribute('type', $key);
+                $xliffMeta->appendChild($dom->createTextNode($value));
+            }
+        }
+
         foreach ($messages->all($domain) as $source => $target) {
             $translation = $dom->createElement('unit');
             $translation->setAttribute('id', strtr(substr(base64_encode(hash('sha256', $source, true)), 0, 7), '/+', '._'));
@@ -196,7 +214,7 @@ class XliffFileDumper extends FileDumper
         return $dom->saveXML();
     }
 
-    private function hasMetadataArrayInfo(string $key, array $metadata = null): bool
+    private function hasMetadataArrayInfo(string $key, ?array $metadata = null): bool
     {
         return is_iterable($metadata[$key] ?? null);
     }
diff --git a/data/web/inc/lib/vendor/symfony/translation/Dumper/YamlFileDumper.php b/data/web/inc/lib/vendor/symfony/translation/Dumper/YamlFileDumper.php
index d0cfbefaa..d2670331e 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Dumper/YamlFileDumper.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Dumper/YamlFileDumper.php
@@ -30,9 +30,6 @@ class YamlFileDumper extends FileDumper
         $this->extension = $extension;
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function formatCatalogue(MessageCatalogue $messages, string $domain, array $options = []): string
     {
         if (!class_exists(Yaml::class)) {
@@ -52,9 +49,6 @@ class YamlFileDumper extends FileDumper
         return Yaml::dump($data);
     }
 
-    /**
-     * {@inheritdoc}
-     */
     protected function getExtension(): string
     {
         return $this->extension;
diff --git a/data/web/inc/lib/vendor/symfony/translation/Exception/IncompleteDsnException.php b/data/web/inc/lib/vendor/symfony/translation/Exception/IncompleteDsnException.php
index cb0ce027e..b304bde01 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Exception/IncompleteDsnException.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Exception/IncompleteDsnException.php
@@ -13,7 +13,7 @@ namespace Symfony\Component\Translation\Exception;
 
 class IncompleteDsnException extends InvalidArgumentException
 {
-    public function __construct(string $message, string $dsn = null, \Throwable $previous = null)
+    public function __construct(string $message, ?string $dsn = null, ?\Throwable $previous = null)
     {
         if ($dsn) {
             $message = sprintf('Invalid "%s" provider DSN: ', $dsn).$message;
diff --git a/data/web/inc/lib/vendor/symfony/translation/Exception/MissingRequiredOptionException.php b/data/web/inc/lib/vendor/symfony/translation/Exception/MissingRequiredOptionException.php
index 2b5f80806..46152e254 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Exception/MissingRequiredOptionException.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Exception/MissingRequiredOptionException.php
@@ -16,7 +16,7 @@ namespace Symfony\Component\Translation\Exception;
  */
 class MissingRequiredOptionException extends IncompleteDsnException
 {
-    public function __construct(string $option, string $dsn = null, \Throwable $previous = null)
+    public function __construct(string $option, ?string $dsn = null, ?\Throwable $previous = null)
     {
         $message = sprintf('The option "%s" is required but missing.', $option);
 
diff --git a/data/web/inc/lib/vendor/symfony/translation/Exception/ProviderException.php b/data/web/inc/lib/vendor/symfony/translation/Exception/ProviderException.php
index 331ff7586..f2981f58b 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Exception/ProviderException.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Exception/ProviderException.php
@@ -18,10 +18,10 @@ use Symfony\Contracts\HttpClient\ResponseInterface;
  */
 class ProviderException extends RuntimeException implements ProviderExceptionInterface
 {
-    private $response;
+    private ResponseInterface $response;
     private string $debug;
 
-    public function __construct(string $message, ResponseInterface $response, int $code = 0, \Exception $previous = null)
+    public function __construct(string $message, ResponseInterface $response, int $code = 0, ?\Exception $previous = null)
     {
         $this->response = $response;
         $this->debug = $response->getInfo('debug') ?? '';
diff --git a/data/web/inc/lib/vendor/symfony/translation/Exception/UnsupportedSchemeException.php b/data/web/inc/lib/vendor/symfony/translation/Exception/UnsupportedSchemeException.php
index 7fbaa8f04..8d3295184 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Exception/UnsupportedSchemeException.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Exception/UnsupportedSchemeException.php
@@ -29,9 +29,13 @@ class UnsupportedSchemeException extends LogicException
             'class' => Bridge\Lokalise\LokaliseProviderFactory::class,
             'package' => 'symfony/lokalise-translation-provider',
         ],
+        'phrase' => [
+            'class' => Bridge\Phrase\PhraseProviderFactory::class,
+            'package' => 'symfony/phrase-translation-provider',
+        ],
     ];
 
-    public function __construct(Dsn $dsn, string $name = null, array $supported = [])
+    public function __construct(Dsn $dsn, ?string $name = null, array $supported = [])
     {
         $provider = $dsn->getScheme();
         if (false !== $pos = strpos($provider, '+')) {
@@ -39,7 +43,7 @@ class UnsupportedSchemeException extends LogicException
         }
         $package = self::SCHEME_TO_PACKAGE_MAP[$provider] ?? null;
         if ($package && !class_exists($package['class'])) {
-            parent::__construct(sprintf('Unable to synchronize translations via "%s" as the provider is not installed; try running "composer require %s".', $provider, $package['package']));
+            parent::__construct(sprintf('Unable to synchronize translations via "%s" as the provider is not installed. Try running "composer require %s".', $provider, $package['package']));
 
             return;
         }
diff --git a/data/web/inc/lib/vendor/symfony/translation/Extractor/ChainExtractor.php b/data/web/inc/lib/vendor/symfony/translation/Extractor/ChainExtractor.php
index e58e82f05..d36f7f385 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Extractor/ChainExtractor.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Extractor/ChainExtractor.php
@@ -29,6 +29,8 @@ class ChainExtractor implements ExtractorInterface
 
     /**
      * Adds a loader to the translation extractor.
+     *
+     * @return void
      */
     public function addExtractor(string $format, ExtractorInterface $extractor)
     {
@@ -36,7 +38,7 @@ class ChainExtractor implements ExtractorInterface
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function setPrefix(string $prefix)
     {
@@ -46,7 +48,7 @@ class ChainExtractor implements ExtractorInterface
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function extract(string|iterable $directory, MessageCatalogue $catalogue)
     {
diff --git a/data/web/inc/lib/vendor/symfony/translation/Extractor/ExtractorInterface.php b/data/web/inc/lib/vendor/symfony/translation/Extractor/ExtractorInterface.php
index b76a7f20b..642130af7 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Extractor/ExtractorInterface.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Extractor/ExtractorInterface.php
@@ -25,11 +25,15 @@ interface ExtractorInterface
      * Extracts translation messages from files, a file or a directory to the catalogue.
      *
      * @param string|iterable<string> $resource Files, a file or a directory
+     *
+     * @return void
      */
     public function extract(string|iterable $resource, MessageCatalogue $catalogue);
 
     /**
      * Sets the prefix that should be used for new found messages.
+     *
+     * @return void
      */
     public function setPrefix(string $prefix);
 }
diff --git a/data/web/inc/lib/vendor/symfony/translation/Extractor/PhpAstExtractor.php b/data/web/inc/lib/vendor/symfony/translation/Extractor/PhpAstExtractor.php
new file mode 100644
index 000000000..06fc77de3
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/translation/Extractor/PhpAstExtractor.php
@@ -0,0 +1,85 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Translation\Extractor;
+
+use PhpParser\NodeTraverser;
+use PhpParser\NodeVisitor;
+use PhpParser\Parser;
+use PhpParser\ParserFactory;
+use Symfony\Component\Finder\Finder;
+use Symfony\Component\Translation\Extractor\Visitor\AbstractVisitor;
+use Symfony\Component\Translation\MessageCatalogue;
+
+/**
+ * PhpAstExtractor extracts translation messages from a PHP AST.
+ *
+ * @author Mathieu Santostefano <msantostefano@protonmail.com>
+ */
+final class PhpAstExtractor extends AbstractFileExtractor implements ExtractorInterface
+{
+    private Parser $parser;
+
+    public function __construct(
+        /**
+         * @param iterable<AbstractVisitor&NodeVisitor> $visitors
+         */
+        private readonly iterable $visitors,
+        private string $prefix = '',
+    ) {
+        if (!class_exists(ParserFactory::class)) {
+            throw new \LogicException(sprintf('You cannot use "%s" as the "nikic/php-parser" package is not installed. Try running "composer require nikic/php-parser".', static::class));
+        }
+
+        $this->parser = (new ParserFactory())->createForHostVersion();
+    }
+
+    public function extract(iterable|string $resource, MessageCatalogue $catalogue): void
+    {
+        foreach ($this->extractFiles($resource) as $file) {
+            $traverser = new NodeTraverser();
+
+            // This is needed to resolve namespaces in class methods/constants.
+            $nameResolver = new NodeVisitor\NameResolver();
+            $traverser->addVisitor($nameResolver);
+
+            /** @var AbstractVisitor&NodeVisitor $visitor */
+            foreach ($this->visitors as $visitor) {
+                $visitor->initialize($catalogue, $file, $this->prefix);
+                $traverser->addVisitor($visitor);
+            }
+
+            $nodes = $this->parser->parse(file_get_contents($file));
+            $traverser->traverse($nodes);
+        }
+    }
+
+    public function setPrefix(string $prefix): void
+    {
+        $this->prefix = $prefix;
+    }
+
+    protected function canBeExtracted(string $file): bool
+    {
+        return 'php' === pathinfo($file, \PATHINFO_EXTENSION)
+            && $this->isFile($file)
+            && preg_match('/\bt\(|->trans\(|TranslatableMessage|Symfony\\\\Component\\\\Validator\\\\Constraints/i', file_get_contents($file));
+    }
+
+    protected function extractFromDirectory(array|string $resource): iterable|Finder
+    {
+        if (!class_exists(Finder::class)) {
+            throw new \LogicException(sprintf('You cannot use "%s" as the "symfony/finder" package is not installed. Try running "composer require symfony/finder".', static::class));
+        }
+
+        return (new Finder())->files()->name('*.php')->in($resource);
+    }
+}
diff --git a/data/web/inc/lib/vendor/symfony/translation/Extractor/PhpExtractor.php b/data/web/inc/lib/vendor/symfony/translation/Extractor/PhpExtractor.php
index 1b86cc591..7ff27f7c8 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Extractor/PhpExtractor.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Extractor/PhpExtractor.php
@@ -11,6 +11,8 @@
 
 namespace Symfony\Component\Translation\Extractor;
 
+trigger_deprecation('symfony/translation', '6.2', '"%s" is deprecated, use "%s" instead.', PhpExtractor::class, PhpAstExtractor::class);
+
 use Symfony\Component\Finder\Finder;
 use Symfony\Component\Translation\MessageCatalogue;
 
@@ -18,6 +20,8 @@ use Symfony\Component\Translation\MessageCatalogue;
  * PhpExtractor extracts translation messages from a PHP template.
  *
  * @author Michel Salib <michelsalib@hotmail.com>
+ *
+ * @deprecated since Symfony 6.2, use the PhpAstExtractor instead
  */
 class PhpExtractor extends AbstractFileExtractor implements ExtractorInterface
 {
@@ -129,7 +133,7 @@ class PhpExtractor extends AbstractFileExtractor implements ExtractorInterface
     ];
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function extract(string|iterable $resource, MessageCatalogue $catalog)
     {
@@ -142,7 +146,7 @@ class PhpExtractor extends AbstractFileExtractor implements ExtractorInterface
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function setPrefix(string $prefix)
     {
@@ -164,7 +168,7 @@ class PhpExtractor extends AbstractFileExtractor implements ExtractorInterface
     /**
      * Seeks to a non-whitespace token.
      */
-    private function seekToNextRelevantToken(\Iterator $tokenIterator)
+    private function seekToNextRelevantToken(\Iterator $tokenIterator): void
     {
         for (; $tokenIterator->valid(); $tokenIterator->next()) {
             $t = $tokenIterator->current();
@@ -174,7 +178,7 @@ class PhpExtractor extends AbstractFileExtractor implements ExtractorInterface
         }
     }
 
-    private function skipMethodArgument(\Iterator $tokenIterator)
+    private function skipMethodArgument(\Iterator $tokenIterator): void
     {
         $openBraces = 0;
 
@@ -199,7 +203,7 @@ class PhpExtractor extends AbstractFileExtractor implements ExtractorInterface
      * Extracts the message from the iterator while the tokens
      * match allowed message tokens.
      */
-    private function getValue(\Iterator $tokenIterator)
+    private function getValue(\Iterator $tokenIterator): string
     {
         $message = '';
         $docToken = '';
@@ -257,6 +261,8 @@ class PhpExtractor extends AbstractFileExtractor implements ExtractorInterface
 
     /**
      * Extracts trans message from PHP tokens.
+     *
+     * @return void
      */
     protected function parseTokens(array $tokens, MessageCatalogue $catalog, string $filename)
     {
@@ -314,9 +320,6 @@ class PhpExtractor extends AbstractFileExtractor implements ExtractorInterface
         return $this->isFile($file) && 'php' === pathinfo($file, \PATHINFO_EXTENSION);
     }
 
-    /**
-     * {@inheritdoc}
-     */
     protected function extractFromDirectory(string|array $directory): iterable
     {
         if (!class_exists(Finder::class)) {
diff --git a/data/web/inc/lib/vendor/symfony/translation/Extractor/PhpStringTokenParser.php b/data/web/inc/lib/vendor/symfony/translation/Extractor/PhpStringTokenParser.php
index 7fbd37c68..2dfc1e387 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Extractor/PhpStringTokenParser.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Extractor/PhpStringTokenParser.php
@@ -11,6 +11,8 @@
 
 namespace Symfony\Component\Translation\Extractor;
 
+trigger_deprecation('symfony/translation', '6.2', '"%s" is deprecated.', PhpStringTokenParser::class);
+
 /*
  * The following is derived from code at http://github.com/nikic/PHP-Parser
  *
@@ -47,6 +49,9 @@ namespace Symfony\Component\Translation\Extractor;
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+/**
+ * @deprecated since Symfony 6.2
+ */
 class PhpStringTokenParser
 {
     protected static $replacements = [
@@ -89,7 +94,7 @@ class PhpStringTokenParser
      * @param string      $str   String without quotes
      * @param string|null $quote Quote type
      */
-    public static function parseEscapeSequences(string $str, string $quote = null): string
+    public static function parseEscapeSequences(string $str, ?string $quote = null): string
     {
         if (null !== $quote) {
             $str = str_replace('\\'.$quote, $quote, $str);
diff --git a/data/web/inc/lib/vendor/symfony/translation/Extractor/Visitor/AbstractVisitor.php b/data/web/inc/lib/vendor/symfony/translation/Extractor/Visitor/AbstractVisitor.php
new file mode 100644
index 000000000..c33689616
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/translation/Extractor/Visitor/AbstractVisitor.php
@@ -0,0 +1,135 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Translation\Extractor\Visitor;
+
+use PhpParser\Node;
+use Symfony\Component\Translation\MessageCatalogue;
+
+/**
+ * @author Mathieu Santostefano <msantostefano@protonmail.com>
+ */
+abstract class AbstractVisitor
+{
+    private MessageCatalogue $catalogue;
+    private \SplFileInfo $file;
+    private string $messagePrefix;
+
+    public function initialize(MessageCatalogue $catalogue, \SplFileInfo $file, string $messagePrefix): void
+    {
+        $this->catalogue = $catalogue;
+        $this->file = $file;
+        $this->messagePrefix = $messagePrefix;
+    }
+
+    protected function addMessageToCatalogue(string $message, ?string $domain, int $line): void
+    {
+        $domain ??= 'messages';
+        $this->catalogue->set($message, $this->messagePrefix.$message, $domain);
+        $metadata = $this->catalogue->getMetadata($message, $domain) ?? [];
+        $normalizedFilename = preg_replace('{[\\\\/]+}', '/', $this->file);
+        $metadata['sources'][] = $normalizedFilename.':'.$line;
+        $this->catalogue->setMetadata($message, $metadata, $domain);
+    }
+
+    protected function getStringArguments(Node\Expr\CallLike|Node\Attribute|Node\Expr\New_ $node, int|string $index, bool $indexIsRegex = false): array
+    {
+        if (\is_string($index)) {
+            return $this->getStringNamedArguments($node, $index, $indexIsRegex);
+        }
+
+        $args = $node instanceof Node\Expr\CallLike ? $node->getRawArgs() : $node->args;
+
+        if (!($arg = $args[$index] ?? null) instanceof Node\Arg) {
+            return [];
+        }
+
+        return (array) $this->getStringValue($arg->value);
+    }
+
+    protected function hasNodeNamedArguments(Node\Expr\CallLike|Node\Attribute|Node\Expr\New_ $node): bool
+    {
+        $args = $node instanceof Node\Expr\CallLike ? $node->getRawArgs() : $node->args;
+
+        foreach ($args as $arg) {
+            if ($arg instanceof Node\Arg && null !== $arg->name) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    protected function nodeFirstNamedArgumentIndex(Node\Expr\CallLike|Node\Attribute|Node\Expr\New_ $node): int
+    {
+        $args = $node instanceof Node\Expr\CallLike ? $node->getRawArgs() : $node->args;
+
+        foreach ($args as $i => $arg) {
+            if ($arg instanceof Node\Arg && null !== $arg->name) {
+                return $i;
+            }
+        }
+
+        return \PHP_INT_MAX;
+    }
+
+    private function getStringNamedArguments(Node\Expr\CallLike|Node\Attribute $node, ?string $argumentName = null, bool $isArgumentNamePattern = false): array
+    {
+        $args = $node instanceof Node\Expr\CallLike ? $node->getArgs() : $node->args;
+        $argumentValues = [];
+
+        foreach ($args as $arg) {
+            if (!$isArgumentNamePattern && $arg->name?->toString() === $argumentName) {
+                $argumentValues[] = $this->getStringValue($arg->value);
+            } elseif ($isArgumentNamePattern && preg_match($argumentName, $arg->name?->toString() ?? '') > 0) {
+                $argumentValues[] = $this->getStringValue($arg->value);
+            }
+        }
+
+        return array_filter($argumentValues);
+    }
+
+    private function getStringValue(Node $node): ?string
+    {
+        if ($node instanceof Node\Scalar\String_) {
+            return $node->value;
+        }
+
+        if ($node instanceof Node\Expr\BinaryOp\Concat) {
+            if (null === $left = $this->getStringValue($node->left)) {
+                return null;
+            }
+
+            if (null === $right = $this->getStringValue($node->right)) {
+                return null;
+            }
+
+            return $left.$right;
+        }
+
+        if ($node instanceof Node\Expr\Assign && $node->expr instanceof Node\Scalar\String_) {
+            return $node->expr->value;
+        }
+
+        if ($node instanceof Node\Expr\ClassConstFetch) {
+            try {
+                $reflection = new \ReflectionClass($node->class->toString());
+                $constant = $reflection->getReflectionConstant($node->name->toString());
+                if (false !== $constant && \is_string($constant->getValue())) {
+                    return $constant->getValue();
+                }
+            } catch (\ReflectionException) {
+            }
+        }
+
+        return null;
+    }
+}
diff --git a/data/web/inc/lib/vendor/symfony/translation/Extractor/Visitor/ConstraintVisitor.php b/data/web/inc/lib/vendor/symfony/translation/Extractor/Visitor/ConstraintVisitor.php
new file mode 100644
index 000000000..00fb9eedc
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/translation/Extractor/Visitor/ConstraintVisitor.php
@@ -0,0 +1,112 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Translation\Extractor\Visitor;
+
+use PhpParser\Node;
+use PhpParser\NodeVisitor;
+
+/**
+ * @author Mathieu Santostefano <msantostefano@protonmail.com>
+ *
+ * Code mostly comes from https://github.com/php-translation/extractor/blob/master/src/Visitor/Php/Symfony/Constraint.php
+ */
+final class ConstraintVisitor extends AbstractVisitor implements NodeVisitor
+{
+    public function __construct(
+        private readonly array $constraintClassNames = []
+    ) {
+    }
+
+    public function beforeTraverse(array $nodes): ?Node
+    {
+        return null;
+    }
+
+    public function enterNode(Node $node): ?Node
+    {
+        return null;
+    }
+
+    public function leaveNode(Node $node): ?Node
+    {
+        if (!$node instanceof Node\Expr\New_ && !$node instanceof Node\Attribute) {
+            return null;
+        }
+
+        $className = $node instanceof Node\Attribute ? $node->name : $node->class;
+        if (!$className instanceof Node\Name) {
+            return null;
+        }
+
+        $parts = $className->getParts();
+        $isConstraintClass = false;
+
+        foreach ($parts as $part) {
+            if (\in_array($part, $this->constraintClassNames, true)) {
+                $isConstraintClass = true;
+
+                break;
+            }
+        }
+
+        if (!$isConstraintClass) {
+            return null;
+        }
+
+        $arg = $node->args[0] ?? null;
+        if (!$arg instanceof Node\Arg) {
+            return null;
+        }
+
+        if ($this->hasNodeNamedArguments($node)) {
+            $messages = $this->getStringArguments($node, '/message/i', true);
+        } else {
+            if (!$arg->value instanceof Node\Expr\Array_) {
+                // There is no way to guess which argument is a message to be translated.
+                return null;
+            }
+
+            $messages = [];
+            $options = $arg->value;
+
+            /** @var Node\Expr\ArrayItem $item */
+            foreach ($options->items as $item) {
+                if (!$item->key instanceof Node\Scalar\String_) {
+                    continue;
+                }
+
+                if (false === stripos($item->key->value ?? '', 'message')) {
+                    continue;
+                }
+
+                if (!$item->value instanceof Node\Scalar\String_) {
+                    continue;
+                }
+
+                $messages[] = $item->value->value;
+
+                break;
+            }
+        }
+
+        foreach ($messages as $message) {
+            $this->addMessageToCatalogue($message, 'validators', $node->getStartLine());
+        }
+
+        return null;
+    }
+
+    public function afterTraverse(array $nodes): ?Node
+    {
+        return null;
+    }
+}
diff --git a/data/web/inc/lib/vendor/symfony/translation/Extractor/Visitor/TransMethodVisitor.php b/data/web/inc/lib/vendor/symfony/translation/Extractor/Visitor/TransMethodVisitor.php
new file mode 100644
index 000000000..53a6981a2
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/translation/Extractor/Visitor/TransMethodVisitor.php
@@ -0,0 +1,65 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Translation\Extractor\Visitor;
+
+use PhpParser\Node;
+use PhpParser\NodeVisitor;
+
+/**
+ * @author Mathieu Santostefano <msantostefano@protonmail.com>
+ */
+final class TransMethodVisitor extends AbstractVisitor implements NodeVisitor
+{
+    public function beforeTraverse(array $nodes): ?Node
+    {
+        return null;
+    }
+
+    public function enterNode(Node $node): ?Node
+    {
+        return null;
+    }
+
+    public function leaveNode(Node $node): ?Node
+    {
+        if (!$node instanceof Node\Expr\MethodCall && !$node instanceof Node\Expr\FuncCall) {
+            return null;
+        }
+
+        if (!\is_string($node->name) && !$node->name instanceof Node\Identifier && !$node->name instanceof Node\Name) {
+            return null;
+        }
+
+        $name = (string) $node->name;
+
+        if ('trans' === $name || 't' === $name) {
+            $firstNamedArgumentIndex = $this->nodeFirstNamedArgumentIndex($node);
+
+            if (!$messages = $this->getStringArguments($node, 0 < $firstNamedArgumentIndex ? 0 : 'message')) {
+                return null;
+            }
+
+            $domain = $this->getStringArguments($node, 2 < $firstNamedArgumentIndex ? 2 : 'domain')[0] ?? null;
+
+            foreach ($messages as $message) {
+                $this->addMessageToCatalogue($message, $domain, $node->getStartLine());
+            }
+        }
+
+        return null;
+    }
+
+    public function afterTraverse(array $nodes): ?Node
+    {
+        return null;
+    }
+}
diff --git a/data/web/inc/lib/vendor/symfony/translation/Extractor/Visitor/TranslatableMessageVisitor.php b/data/web/inc/lib/vendor/symfony/translation/Extractor/Visitor/TranslatableMessageVisitor.php
new file mode 100644
index 000000000..6bd8bb022
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/translation/Extractor/Visitor/TranslatableMessageVisitor.php
@@ -0,0 +1,65 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Translation\Extractor\Visitor;
+
+use PhpParser\Node;
+use PhpParser\NodeVisitor;
+
+/**
+ * @author Mathieu Santostefano <msantostefano@protonmail.com>
+ */
+final class TranslatableMessageVisitor extends AbstractVisitor implements NodeVisitor
+{
+    public function beforeTraverse(array $nodes): ?Node
+    {
+        return null;
+    }
+
+    public function enterNode(Node $node): ?Node
+    {
+        return null;
+    }
+
+    public function leaveNode(Node $node): ?Node
+    {
+        if (!$node instanceof Node\Expr\New_) {
+            return null;
+        }
+
+        if (!($className = $node->class) instanceof Node\Name) {
+            return null;
+        }
+
+        if (!\in_array('TranslatableMessage', $className->getParts(), true)) {
+            return null;
+        }
+
+        $firstNamedArgumentIndex = $this->nodeFirstNamedArgumentIndex($node);
+
+        if (!$messages = $this->getStringArguments($node, 0 < $firstNamedArgumentIndex ? 0 : 'message')) {
+            return null;
+        }
+
+        $domain = $this->getStringArguments($node, 2 < $firstNamedArgumentIndex ? 2 : 'domain')[0] ?? null;
+
+        foreach ($messages as $message) {
+            $this->addMessageToCatalogue($message, $domain, $node->getStartLine());
+        }
+
+        return null;
+    }
+
+    public function afterTraverse(array $nodes): ?Node
+    {
+        return null;
+    }
+}
diff --git a/data/web/inc/lib/vendor/symfony/translation/Formatter/IntlFormatter.php b/data/web/inc/lib/vendor/symfony/translation/Formatter/IntlFormatter.php
index f7f1c36a2..e62de253f 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Formatter/IntlFormatter.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Formatter/IntlFormatter.php
@@ -20,12 +20,9 @@ use Symfony\Component\Translation\Exception\LogicException;
  */
 class IntlFormatter implements IntlFormatterInterface
 {
-    private $hasMessageFormatter;
-    private $cache = [];
+    private bool $hasMessageFormatter;
+    private array $cache = [];
 
-    /**
-     * {@inheritdoc}
-     */
     public function formatIntl(string $message, string $locale, array $parameters = []): string
     {
         // MessageFormatter constructor throws an exception if the message is empty
@@ -34,7 +31,7 @@ class IntlFormatter implements IntlFormatterInterface
         }
 
         if (!$formatter = $this->cache[$locale][$message] ?? null) {
-            if (!($this->hasMessageFormatter ?? $this->hasMessageFormatter = class_exists(\MessageFormatter::class))) {
+            if (!$this->hasMessageFormatter ??= class_exists(\MessageFormatter::class)) {
                 throw new LogicException('Cannot parse message translation: please install the "intl" PHP extension or the "symfony/polyfill-intl-messageformatter" package.');
             }
             try {
diff --git a/data/web/inc/lib/vendor/symfony/translation/Formatter/MessageFormatter.php b/data/web/inc/lib/vendor/symfony/translation/Formatter/MessageFormatter.php
index 68821b1d0..d5255bdcb 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Formatter/MessageFormatter.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Formatter/MessageFormatter.php
@@ -22,33 +22,23 @@ class_exists(IntlFormatter::class);
  */
 class MessageFormatter implements MessageFormatterInterface, IntlFormatterInterface
 {
-    private $translator;
-    private $intlFormatter;
+    private TranslatorInterface $translator;
+    private IntlFormatterInterface $intlFormatter;
 
     /**
      * @param TranslatorInterface|null $translator An identity translator to use as selector for pluralization
      */
-    public function __construct(TranslatorInterface $translator = null, IntlFormatterInterface $intlFormatter = null)
+    public function __construct(?TranslatorInterface $translator = null, ?IntlFormatterInterface $intlFormatter = null)
     {
         $this->translator = $translator ?? new IdentityTranslator();
         $this->intlFormatter = $intlFormatter ?? new IntlFormatter();
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function format(string $message, string $locale, array $parameters = []): string
     {
-        if ($this->translator instanceof TranslatorInterface) {
-            return $this->translator->trans($message, $parameters, null, $locale);
-        }
-
-        return strtr($message, $parameters);
+        return $this->translator->trans($message, $parameters, null, $locale);
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function formatIntl(string $message, string $locale, array $parameters = []): string
     {
         return $this->intlFormatter->formatIntl($message, $locale, $parameters);
diff --git a/data/web/inc/lib/vendor/symfony/translation/LICENSE b/data/web/inc/lib/vendor/symfony/translation/LICENSE
index 88bf75bb4..0138f8f07 100644
--- a/data/web/inc/lib/vendor/symfony/translation/LICENSE
+++ b/data/web/inc/lib/vendor/symfony/translation/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2004-2022 Fabien Potencier
+Copyright (c) 2004-present Fabien Potencier
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/data/web/inc/lib/vendor/symfony/translation/Loader/ArrayLoader.php b/data/web/inc/lib/vendor/symfony/translation/Loader/ArrayLoader.php
index 35de9ef54..e63a7d05b 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Loader/ArrayLoader.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Loader/ArrayLoader.php
@@ -20,9 +20,6 @@ use Symfony\Component\Translation\MessageCatalogue;
  */
 class ArrayLoader implements LoaderInterface
 {
-    /**
-     * {@inheritdoc}
-     */
     public function load(mixed $resource, string $locale, string $domain = 'messages'): MessageCatalogue
     {
         $resource = $this->flatten($resource);
@@ -46,9 +43,11 @@ class ArrayLoader implements LoaderInterface
         foreach ($messages as $key => $value) {
             if (\is_array($value)) {
                 foreach ($this->flatten($value) as $k => $v) {
-                    $result[$key.'.'.$k] = $v;
+                    if (null !== $v) {
+                        $result[$key.'.'.$k] = $v;
+                    }
                 }
-            } else {
+            } elseif (null !== $value) {
                 $result[$key] = $value;
             }
         }
diff --git a/data/web/inc/lib/vendor/symfony/translation/Loader/CsvFileLoader.php b/data/web/inc/lib/vendor/symfony/translation/Loader/CsvFileLoader.php
index 76b00b151..7f2f96be6 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Loader/CsvFileLoader.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Loader/CsvFileLoader.php
@@ -24,9 +24,6 @@ class CsvFileLoader extends FileLoader
     private string $enclosure = '"';
     private string $escape = '\\';
 
-    /**
-     * {@inheritdoc}
-     */
     protected function loadResource(string $resource): array
     {
         $messages = [];
@@ -45,7 +42,7 @@ class CsvFileLoader extends FileLoader
                 continue;
             }
 
-            if ('#' !== substr($data[0], 0, 1) && isset($data[1]) && 2 === \count($data)) {
+            if (!str_starts_with($data[0], '#') && isset($data[1]) && 2 === \count($data)) {
                 $messages[$data[0]] = $data[1];
             }
         }
@@ -55,6 +52,8 @@ class CsvFileLoader extends FileLoader
 
     /**
      * Sets the delimiter, enclosure, and escape character for CSV.
+     *
+     * @return void
      */
     public function setCsvControl(string $delimiter = ';', string $enclosure = '"', string $escape = '\\')
     {
diff --git a/data/web/inc/lib/vendor/symfony/translation/Loader/FileLoader.php b/data/web/inc/lib/vendor/symfony/translation/Loader/FileLoader.php
index e170d7617..877c3bbc7 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Loader/FileLoader.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Loader/FileLoader.php
@@ -21,9 +21,6 @@ use Symfony\Component\Translation\MessageCatalogue;
  */
 abstract class FileLoader extends ArrayLoader
 {
-    /**
-     * {@inheritdoc}
-     */
     public function load(mixed $resource, string $locale, string $domain = 'messages'): MessageCatalogue
     {
         if (!stream_is_local($resource)) {
@@ -37,9 +34,7 @@ abstract class FileLoader extends ArrayLoader
         $messages = $this->loadResource($resource);
 
         // empty resource
-        if (null === $messages) {
-            $messages = [];
-        }
+        $messages ??= [];
 
         // not an array
         if (!\is_array($messages)) {
diff --git a/data/web/inc/lib/vendor/symfony/translation/Loader/IcuDatFileLoader.php b/data/web/inc/lib/vendor/symfony/translation/Loader/IcuDatFileLoader.php
index c3ca5fd08..76e4e7f02 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Loader/IcuDatFileLoader.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Loader/IcuDatFileLoader.php
@@ -23,9 +23,6 @@ use Symfony\Component\Translation\MessageCatalogue;
  */
 class IcuDatFileLoader extends IcuResFileLoader
 {
-    /**
-     * {@inheritdoc}
-     */
     public function load(mixed $resource, string $locale, string $domain = 'messages'): MessageCatalogue
     {
         if (!stream_is_local($resource.'.dat')) {
@@ -38,7 +35,7 @@ class IcuDatFileLoader extends IcuResFileLoader
 
         try {
             $rb = new \ResourceBundle($locale, $resource);
-        } catch (\Exception $e) {
+        } catch (\Exception) {
             $rb = null;
         }
 
diff --git a/data/web/inc/lib/vendor/symfony/translation/Loader/IcuResFileLoader.php b/data/web/inc/lib/vendor/symfony/translation/Loader/IcuResFileLoader.php
index 54c48f813..949dd9792 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Loader/IcuResFileLoader.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Loader/IcuResFileLoader.php
@@ -23,9 +23,6 @@ use Symfony\Component\Translation\MessageCatalogue;
  */
 class IcuResFileLoader implements LoaderInterface
 {
-    /**
-     * {@inheritdoc}
-     */
     public function load(mixed $resource, string $locale, string $domain = 'messages'): MessageCatalogue
     {
         if (!stream_is_local($resource)) {
@@ -38,7 +35,7 @@ class IcuResFileLoader implements LoaderInterface
 
         try {
             $rb = new \ResourceBundle($locale, $resource);
-        } catch (\Exception $e) {
+        } catch (\Exception) {
             $rb = null;
         }
 
@@ -71,9 +68,9 @@ class IcuResFileLoader implements LoaderInterface
      *
      * @param \ResourceBundle $rb       The ResourceBundle that will be flattened
      * @param array           $messages Used internally for recursive calls
-     * @param string          $path     Current path being parsed, used internally for recursive calls
+     * @param string|null     $path     Current path being parsed, used internally for recursive calls
      */
-    protected function flatten(\ResourceBundle $rb, array &$messages = [], string $path = null): array
+    protected function flatten(\ResourceBundle $rb, array &$messages = [], ?string $path = null): array
     {
         foreach ($rb as $key => $value) {
             $nodePath = $path ? $path.'.'.$key : $key;
diff --git a/data/web/inc/lib/vendor/symfony/translation/Loader/IniFileLoader.php b/data/web/inc/lib/vendor/symfony/translation/Loader/IniFileLoader.php
index 04e294d11..3126896c8 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Loader/IniFileLoader.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Loader/IniFileLoader.php
@@ -18,9 +18,6 @@ namespace Symfony\Component\Translation\Loader;
  */
 class IniFileLoader extends FileLoader
 {
-    /**
-     * {@inheritdoc}
-     */
     protected function loadResource(string $resource): array
     {
         return parse_ini_file($resource, true);
diff --git a/data/web/inc/lib/vendor/symfony/translation/Loader/JsonFileLoader.php b/data/web/inc/lib/vendor/symfony/translation/Loader/JsonFileLoader.php
index 67a8d58ed..385553ef6 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Loader/JsonFileLoader.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Loader/JsonFileLoader.php
@@ -20,9 +20,6 @@ use Symfony\Component\Translation\Exception\InvalidResourceException;
  */
 class JsonFileLoader extends FileLoader
 {
-    /**
-     * {@inheritdoc}
-     */
     protected function loadResource(string $resource): array
     {
         $messages = [];
@@ -42,19 +39,13 @@ class JsonFileLoader extends FileLoader
      */
     private function getJSONErrorMessage(int $errorCode): string
     {
-        switch ($errorCode) {
-            case \JSON_ERROR_DEPTH:
-                return 'Maximum stack depth exceeded';
-            case \JSON_ERROR_STATE_MISMATCH:
-                return 'Underflow or the modes mismatch';
-            case \JSON_ERROR_CTRL_CHAR:
-                return 'Unexpected control character found';
-            case \JSON_ERROR_SYNTAX:
-                return 'Syntax error, malformed JSON';
-            case \JSON_ERROR_UTF8:
-                return 'Malformed UTF-8 characters, possibly incorrectly encoded';
-            default:
-                return 'Unknown error';
-        }
+        return match ($errorCode) {
+            \JSON_ERROR_DEPTH => 'Maximum stack depth exceeded',
+            \JSON_ERROR_STATE_MISMATCH => 'Underflow or the modes mismatch',
+            \JSON_ERROR_CTRL_CHAR => 'Unexpected control character found',
+            \JSON_ERROR_SYNTAX => 'Syntax error, malformed JSON',
+            \JSON_ERROR_UTF8 => 'Malformed UTF-8 characters, possibly incorrectly encoded',
+            default => 'Unknown error',
+        };
     }
 }
diff --git a/data/web/inc/lib/vendor/symfony/translation/Loader/MoFileLoader.php b/data/web/inc/lib/vendor/symfony/translation/Loader/MoFileLoader.php
index b0c891387..8427c393e 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Loader/MoFileLoader.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Loader/MoFileLoader.php
@@ -38,8 +38,6 @@ class MoFileLoader extends FileLoader
     /**
      * Parses machine object (MO) format, independent of the machine's endian it
      * was created on. Both 32bit and 64bit systems are supported.
-     *
-     * {@inheritdoc}
      */
     protected function loadResource(string $resource): array
     {
diff --git a/data/web/inc/lib/vendor/symfony/translation/Loader/PhpFileLoader.php b/data/web/inc/lib/vendor/symfony/translation/Loader/PhpFileLoader.php
index 6bc2a05f1..541b6c832 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Loader/PhpFileLoader.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Loader/PhpFileLoader.php
@@ -20,12 +20,9 @@ class PhpFileLoader extends FileLoader
 {
     private static ?array $cache = [];
 
-    /**
-     * {@inheritdoc}
-     */
     protected function loadResource(string $resource): array
     {
-        if ([] === self::$cache && \function_exists('opcache_invalidate') && filter_var(ini_get('opcache.enable'), \FILTER_VALIDATE_BOOLEAN) && (!\in_array(\PHP_SAPI, ['cli', 'phpdbg'], true) || filter_var(ini_get('opcache.enable_cli'), \FILTER_VALIDATE_BOOLEAN))) {
+        if ([] === self::$cache && \function_exists('opcache_invalidate') && filter_var(\ini_get('opcache.enable'), \FILTER_VALIDATE_BOOL) && (!\in_array(\PHP_SAPI, ['cli', 'phpdbg', 'embed'], true) || filter_var(\ini_get('opcache.enable_cli'), \FILTER_VALIDATE_BOOL))) {
             self::$cache = null;
         }
 
@@ -33,10 +30,6 @@ class PhpFileLoader extends FileLoader
             return require $resource;
         }
 
-        if (isset(self::$cache[$resource])) {
-            return self::$cache[$resource];
-        }
-
-        return self::$cache[$resource] = require $resource;
+        return self::$cache[$resource] ??= require $resource;
     }
 }
diff --git a/data/web/inc/lib/vendor/symfony/translation/Loader/PoFileLoader.php b/data/web/inc/lib/vendor/symfony/translation/Loader/PoFileLoader.php
index 6df161487..620d97339 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Loader/PoFileLoader.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Loader/PoFileLoader.php
@@ -57,8 +57,6 @@ class PoFileLoader extends FileLoader
      * - Message IDs are allowed to have other encodings as just US-ASCII.
      *
      * Items with an empty id are ignored.
-     *
-     * {@inheritdoc}
      */
     protected function loadResource(string $resource): array
     {
@@ -83,15 +81,15 @@ class PoFileLoader extends FileLoader
                 }
                 $item = $defaults;
                 $flags = [];
-            } elseif ('#,' === substr($line, 0, 2)) {
+            } elseif (str_starts_with($line, '#,')) {
                 $flags = array_map('trim', explode(',', substr($line, 2)));
-            } elseif ('msgid "' === substr($line, 0, 7)) {
+            } elseif (str_starts_with($line, 'msgid "')) {
                 // We start a new msg so save previous
                 // TODO: this fails when comments or contexts are added
                 $this->addMessage($messages, $item);
                 $item = $defaults;
                 $item['ids']['singular'] = substr($line, 7, -1);
-            } elseif ('msgstr "' === substr($line, 0, 8)) {
+            } elseif (str_starts_with($line, 'msgstr "')) {
                 $item['translated'] = substr($line, 8, -1);
             } elseif ('"' === $line[0]) {
                 $continues = isset($item['translated']) ? 'translated' : 'ids';
@@ -102,9 +100,9 @@ class PoFileLoader extends FileLoader
                 } else {
                     $item[$continues] .= substr($line, 1, -1);
                 }
-            } elseif ('msgid_plural "' === substr($line, 0, 14)) {
+            } elseif (str_starts_with($line, 'msgid_plural "')) {
                 $item['ids']['plural'] = substr($line, 14, -1);
-            } elseif ('msgstr[' === substr($line, 0, 7)) {
+            } elseif (str_starts_with($line, 'msgstr[')) {
                 $size = strpos($line, ']');
                 $item['translated'][(int) substr($line, 7, 1)] = substr($line, $size + 3, -1);
             }
@@ -124,7 +122,7 @@ class PoFileLoader extends FileLoader
      * A .po file could contain by error missing plural indexes. We need to
      * fix these before saving them.
      */
-    private function addMessage(array &$messages, array $item)
+    private function addMessage(array &$messages, array $item): void
     {
         if (!empty($item['ids']['singular'])) {
             $id = stripcslashes($item['ids']['singular']);
diff --git a/data/web/inc/lib/vendor/symfony/translation/Loader/QtFileLoader.php b/data/web/inc/lib/vendor/symfony/translation/Loader/QtFileLoader.php
index 6d5582d66..235f85ee9 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Loader/QtFileLoader.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Loader/QtFileLoader.php
@@ -25,9 +25,6 @@ use Symfony\Component\Translation\MessageCatalogue;
  */
 class QtFileLoader implements LoaderInterface
 {
-    /**
-     * {@inheritdoc}
-     */
     public function load(mixed $resource, string $locale, string $domain = 'messages'): MessageCatalogue
     {
         if (!class_exists(XmlUtils::class)) {
@@ -67,7 +64,6 @@ class QtFileLoader implements LoaderInterface
                         $domain
                     );
                 }
-                $translation = $translation->nextSibling;
             }
 
             if (class_exists(FileResource::class)) {
diff --git a/data/web/inc/lib/vendor/symfony/translation/Loader/XliffFileLoader.php b/data/web/inc/lib/vendor/symfony/translation/Loader/XliffFileLoader.php
index 670e19979..31b3251ba 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Loader/XliffFileLoader.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Loader/XliffFileLoader.php
@@ -28,9 +28,6 @@ use Symfony\Component\Translation\Util\XliffUtils;
  */
 class XliffFileLoader implements LoaderInterface
 {
-    /**
-     * {@inheritdoc}
-     */
     public function load(mixed $resource, string $locale, string $domain = 'messages'): MessageCatalogue
     {
         if (!class_exists(XmlUtils::class)) {
@@ -75,7 +72,7 @@ class XliffFileLoader implements LoaderInterface
         return $catalogue;
     }
 
-    private function extract(\DOMDocument $dom, MessageCatalogue $catalogue, string $domain)
+    private function extract(\DOMDocument $dom, MessageCatalogue $catalogue, string $domain): void
     {
         $xliffVersion = XliffUtils::getVersionNumber($dom);
 
@@ -91,7 +88,7 @@ class XliffFileLoader implements LoaderInterface
     /**
      * Extract messages and metadata from DOMDocument into a MessageCatalogue.
      */
-    private function extractXliff1(\DOMDocument $dom, MessageCatalogue $catalogue, string $domain)
+    private function extractXliff1(\DOMDocument $dom, MessageCatalogue $catalogue, string $domain): void
     {
         $xml = simplexml_import_dom($dom);
         $encoding = $dom->encoding ? strtoupper($dom->encoding) : null;
@@ -104,6 +101,10 @@ class XliffFileLoader implements LoaderInterface
 
             $file->registerXPathNamespace('xliff', $namespace);
 
+            foreach ($file->xpath('.//xliff:prop') as $prop) {
+                $catalogue->setCatalogueMetadata($prop->attributes()['prop-type'], (string) $prop, $domain);
+            }
+
             foreach ($file->xpath('.//xliff:trans-unit') as $translation) {
                 $attributes = $translation->attributes();
 
@@ -111,6 +112,10 @@ class XliffFileLoader implements LoaderInterface
                     continue;
                 }
 
+                if (isset($translation->target) && 'needs-translation' === (string) $translation->target->attributes()['state']) {
+                    continue;
+                }
+
                 $source = isset($attributes['resname']) && $attributes['resname'] ? $attributes['resname'] : $translation->source;
                 // If the xlf file has another encoding specified, try to convert it because
                 // simple_xml will always return utf-8 encoded values
@@ -144,7 +149,7 @@ class XliffFileLoader implements LoaderInterface
         }
     }
 
-    private function extractXliff2(\DOMDocument $dom, MessageCatalogue $catalogue, string $domain)
+    private function extractXliff2(\DOMDocument $dom, MessageCatalogue $catalogue, string $domain): void
     {
         $xml = simplexml_import_dom($dom);
         $encoding = $dom->encoding ? strtoupper($dom->encoding) : null;
@@ -190,7 +195,7 @@ class XliffFileLoader implements LoaderInterface
     /**
      * Convert a UTF8 string to the specified encoding.
      */
-    private function utf8ToCharset(string $content, string $encoding = null): string
+    private function utf8ToCharset(string $content, ?string $encoding = null): string
     {
         if ('UTF-8' !== $encoding && !empty($encoding)) {
             return mb_convert_encoding($content, $encoding, 'UTF-8');
@@ -199,7 +204,7 @@ class XliffFileLoader implements LoaderInterface
         return $content;
     }
 
-    private function parseNotesMetadata(\SimpleXMLElement $noteElement = null, string $encoding = null): array
+    private function parseNotesMetadata(?\SimpleXMLElement $noteElement = null, ?string $encoding = null): array
     {
         $notes = [];
 
@@ -227,6 +232,6 @@ class XliffFileLoader implements LoaderInterface
 
     private function isXmlString(string $resource): bool
     {
-        return 0 === strpos($resource, '<?xml');
+        return str_starts_with($resource, '<?xml');
     }
 }
diff --git a/data/web/inc/lib/vendor/symfony/translation/Loader/YamlFileLoader.php b/data/web/inc/lib/vendor/symfony/translation/Loader/YamlFileLoader.php
index 5eccf99de..48e735d16 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Loader/YamlFileLoader.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Loader/YamlFileLoader.php
@@ -24,14 +24,11 @@ use Symfony\Component\Yaml\Yaml;
  */
 class YamlFileLoader extends FileLoader
 {
-    private $yamlParser;
+    private YamlParser $yamlParser;
 
-    /**
-     * {@inheritdoc}
-     */
     protected function loadResource(string $resource): array
     {
-        if (null === $this->yamlParser) {
+        if (!isset($this->yamlParser)) {
             if (!class_exists(\Symfony\Component\Yaml\Parser::class)) {
                 throw new LogicException('Loading translations from the YAML format requires the Symfony Yaml component.');
             }
diff --git a/data/web/inc/lib/vendor/symfony/translation/LocaleSwitcher.php b/data/web/inc/lib/vendor/symfony/translation/LocaleSwitcher.php
new file mode 100644
index 000000000..c07809c58
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/translation/LocaleSwitcher.php
@@ -0,0 +1,78 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Translation;
+
+use Symfony\Component\Routing\RequestContext;
+use Symfony\Contracts\Translation\LocaleAwareInterface;
+
+/**
+ * @author Kevin Bond <kevinbond@gmail.com>
+ */
+class LocaleSwitcher implements LocaleAwareInterface
+{
+    private string $defaultLocale;
+
+    /**
+     * @param LocaleAwareInterface[] $localeAwareServices
+     */
+    public function __construct(
+        private string $locale,
+        private iterable $localeAwareServices,
+        private ?RequestContext $requestContext = null,
+    ) {
+        $this->defaultLocale = $locale;
+    }
+
+    public function setLocale(string $locale): void
+    {
+        if (class_exists(\Locale::class)) {
+            \Locale::setDefault($locale);
+        }
+        $this->locale = $locale;
+        $this->requestContext?->setParameter('_locale', $locale);
+
+        foreach ($this->localeAwareServices as $service) {
+            $service->setLocale($locale);
+        }
+    }
+
+    public function getLocale(): string
+    {
+        return $this->locale;
+    }
+
+    /**
+     * Switch to a new locale, execute a callback, then switch back to the original.
+     *
+     * @template T
+     *
+     * @param callable(string $locale):T $callback
+     *
+     * @return T
+     */
+    public function runWithLocale(string $locale, callable $callback): mixed
+    {
+        $original = $this->getLocale();
+        $this->setLocale($locale);
+
+        try {
+            return $callback($locale);
+        } finally {
+            $this->setLocale($original);
+        }
+    }
+
+    public function reset(): void
+    {
+        $this->setLocale($this->defaultLocale);
+    }
+}
diff --git a/data/web/inc/lib/vendor/symfony/translation/LoggingTranslator.php b/data/web/inc/lib/vendor/symfony/translation/LoggingTranslator.php
index 8c8441cdf..4a560bd6a 100644
--- a/data/web/inc/lib/vendor/symfony/translation/LoggingTranslator.php
+++ b/data/web/inc/lib/vendor/symfony/translation/LoggingTranslator.php
@@ -21,8 +21,8 @@ use Symfony\Contracts\Translation\TranslatorInterface;
  */
 class LoggingTranslator implements TranslatorInterface, TranslatorBagInterface, LocaleAwareInterface
 {
-    private $translator;
-    private $logger;
+    private TranslatorInterface $translator;
+    private LoggerInterface $logger;
 
     /**
      * @param TranslatorInterface&TranslatorBagInterface&LocaleAwareInterface $translator The translator must implement TranslatorBagInterface
@@ -37,10 +37,7 @@ class LoggingTranslator implements TranslatorInterface, TranslatorBagInterface,
         $this->logger = $logger;
     }
 
-    /**
-     * {@inheritdoc}
-     */
-    public function trans(?string $id, array $parameters = [], string $domain = null, string $locale = null): string
+    public function trans(?string $id, array $parameters = [], ?string $domain = null, ?string $locale = null): string
     {
         $trans = $this->translator->trans($id = (string) $id, $parameters, $domain, $locale);
         $this->log($id, $domain, $locale);
@@ -49,7 +46,7 @@ class LoggingTranslator implements TranslatorInterface, TranslatorBagInterface,
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function setLocale(string $locale)
     {
@@ -62,25 +59,16 @@ class LoggingTranslator implements TranslatorInterface, TranslatorBagInterface,
         $this->logger->debug(sprintf('The locale of the translator has changed from "%s" to "%s".', $prev, $locale));
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function getLocale(): string
     {
         return $this->translator->getLocale();
     }
 
-    /**
-     * {@inheritdoc}
-     */
-    public function getCatalogue(string $locale = null): MessageCatalogueInterface
+    public function getCatalogue(?string $locale = null): MessageCatalogueInterface
     {
         return $this->translator->getCatalogue($locale);
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function getCatalogues(): array
     {
         return $this->translator->getCatalogues();
@@ -99,7 +87,7 @@ class LoggingTranslator implements TranslatorInterface, TranslatorBagInterface,
     }
 
     /**
-     * Passes through all unknown calls onto the translator object.
+     * @return mixed
      */
     public function __call(string $method, array $args)
     {
@@ -109,11 +97,9 @@ class LoggingTranslator implements TranslatorInterface, TranslatorBagInterface,
     /**
      * Logs for missing translations.
      */
-    private function log(string $id, ?string $domain, ?string $locale)
+    private function log(string $id, ?string $domain, ?string $locale): void
     {
-        if (null === $domain) {
-            $domain = 'messages';
-        }
+        $domain ??= 'messages';
 
         $catalogue = $this->translator->getCatalogue($locale);
         if ($catalogue->defines($id, $domain)) {
diff --git a/data/web/inc/lib/vendor/symfony/translation/MessageCatalogue.php b/data/web/inc/lib/vendor/symfony/translation/MessageCatalogue.php
index 7aa27efda..d56f04393 100644
--- a/data/web/inc/lib/vendor/symfony/translation/MessageCatalogue.php
+++ b/data/web/inc/lib/vendor/symfony/translation/MessageCatalogue.php
@@ -17,13 +17,14 @@ use Symfony\Component\Translation\Exception\LogicException;
 /**
  * @author Fabien Potencier <fabien@symfony.com>
  */
-class MessageCatalogue implements MessageCatalogueInterface, MetadataAwareInterface
+class MessageCatalogue implements MessageCatalogueInterface, MetadataAwareInterface, CatalogueMetadataAwareInterface
 {
     private array $messages = [];
     private array $metadata = [];
+    private array $catalogueMetadata = [];
     private array $resources = [];
     private string $locale;
-    private $fallbackCatalogue = null;
+    private ?MessageCatalogueInterface $fallbackCatalogue = null;
     private ?self $parent = null;
 
     /**
@@ -35,17 +36,11 @@ class MessageCatalogue implements MessageCatalogueInterface, MetadataAwareInterf
         $this->messages = $messages;
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function getLocale(): string
     {
         return $this->locale;
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function getDomains(): array
     {
         $domains = [];
@@ -60,10 +55,7 @@ class MessageCatalogue implements MessageCatalogueInterface, MetadataAwareInterf
         return array_values($domains);
     }
 
-    /**
-     * {@inheritdoc}
-     */
-    public function all(string $domain = null): array
+    public function all(?string $domain = null): array
     {
         if (null !== $domain) {
             // skip messages merge if intl-icu requested explicitly
@@ -89,16 +81,13 @@ class MessageCatalogue implements MessageCatalogueInterface, MetadataAwareInterf
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function set(string $id, string $translation, string $domain = 'messages')
     {
         $this->add([$id => $translation], $domain);
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function has(string $id, string $domain = 'messages'): bool
     {
         if (isset($this->messages[$domain][$id]) || isset($this->messages[$domain.self::INTL_DOMAIN_SUFFIX][$id])) {
@@ -112,17 +101,11 @@ class MessageCatalogue implements MessageCatalogueInterface, MetadataAwareInterf
         return false;
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function defines(string $id, string $domain = 'messages'): bool
     {
         return isset($this->messages[$domain][$id]) || isset($this->messages[$domain.self::INTL_DOMAIN_SUFFIX][$id]);
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function get(string $id, string $domain = 'messages'): string
     {
         if (isset($this->messages[$domain.self::INTL_DOMAIN_SUFFIX][$id])) {
@@ -141,7 +124,7 @@ class MessageCatalogue implements MessageCatalogueInterface, MetadataAwareInterf
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function replace(array $messages, string $domain = 'messages')
     {
@@ -151,28 +134,23 @@ class MessageCatalogue implements MessageCatalogueInterface, MetadataAwareInterf
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function add(array $messages, string $domain = 'messages')
     {
-        if (!isset($this->messages[$domain])) {
-            $this->messages[$domain] = [];
-        }
-        $intlDomain = $domain;
-        if (!str_ends_with($domain, self::INTL_DOMAIN_SUFFIX)) {
-            $intlDomain .= self::INTL_DOMAIN_SUFFIX;
-        }
+        $altDomain = str_ends_with($domain, self::INTL_DOMAIN_SUFFIX) ? substr($domain, 0, -\strlen(self::INTL_DOMAIN_SUFFIX)) : $domain.self::INTL_DOMAIN_SUFFIX;
         foreach ($messages as $id => $message) {
-            if (isset($this->messages[$intlDomain]) && \array_key_exists($id, $this->messages[$intlDomain])) {
-                $this->messages[$intlDomain][$id] = $message;
-            } else {
-                $this->messages[$domain][$id] = $message;
-            }
+            unset($this->messages[$altDomain][$id]);
+            $this->messages[$domain][$id] = $message;
+        }
+
+        if ([] === ($this->messages[$altDomain] ?? null)) {
+            unset($this->messages[$altDomain]);
         }
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function addCatalogue(MessageCatalogueInterface $catalogue)
     {
@@ -196,10 +174,15 @@ class MessageCatalogue implements MessageCatalogueInterface, MetadataAwareInterf
             $metadata = $catalogue->getMetadata('', '');
             $this->addMetadata($metadata);
         }
+
+        if ($catalogue instanceof CatalogueMetadataAwareInterface) {
+            $catalogueMetadata = $catalogue->getCatalogueMetadata('', '');
+            $this->addCatalogueMetadata($catalogueMetadata);
+        }
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function addFallbackCatalogue(MessageCatalogueInterface $catalogue)
     {
@@ -230,33 +213,24 @@ class MessageCatalogue implements MessageCatalogueInterface, MetadataAwareInterf
         }
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function getFallbackCatalogue(): ?MessageCatalogueInterface
     {
         return $this->fallbackCatalogue;
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function getResources(): array
     {
         return array_values($this->resources);
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function addResource(ResourceInterface $resource)
     {
         $this->resources[$resource->__toString()] = $resource;
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function getMetadata(string $key = '', string $domain = 'messages'): mixed
     {
         if ('' == $domain) {
@@ -277,7 +251,7 @@ class MessageCatalogue implements MessageCatalogueInterface, MetadataAwareInterf
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function setMetadata(string $key, mixed $value, string $domain = 'messages')
     {
@@ -285,7 +259,7 @@ class MessageCatalogue implements MessageCatalogueInterface, MetadataAwareInterf
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function deleteMetadata(string $key = '', string $domain = 'messages')
     {
@@ -298,12 +272,53 @@ class MessageCatalogue implements MessageCatalogueInterface, MetadataAwareInterf
         }
     }
 
+    public function getCatalogueMetadata(string $key = '', string $domain = 'messages'): mixed
+    {
+        if (!$domain) {
+            return $this->catalogueMetadata;
+        }
+
+        if (isset($this->catalogueMetadata[$domain])) {
+            if (!$key) {
+                return $this->catalogueMetadata[$domain];
+            }
+
+            if (isset($this->catalogueMetadata[$domain][$key])) {
+                return $this->catalogueMetadata[$domain][$key];
+            }
+        }
+
+        return null;
+    }
+
+    /**
+     * @return void
+     */
+    public function setCatalogueMetadata(string $key, mixed $value, string $domain = 'messages')
+    {
+        $this->catalogueMetadata[$domain][$key] = $value;
+    }
+
+    /**
+     * @return void
+     */
+    public function deleteCatalogueMetadata(string $key = '', string $domain = 'messages')
+    {
+        if (!$domain) {
+            $this->catalogueMetadata = [];
+        } elseif (!$key) {
+            unset($this->catalogueMetadata[$domain]);
+        } else {
+            unset($this->catalogueMetadata[$domain][$key]);
+        }
+    }
+
     /**
      * Adds current values with the new values.
      *
      * @param array $values Values to add
      */
-    private function addMetadata(array $values)
+    private function addMetadata(array $values): void
     {
         foreach ($values as $domain => $keys) {
             foreach ($keys as $key => $value) {
@@ -311,4 +326,13 @@ class MessageCatalogue implements MessageCatalogueInterface, MetadataAwareInterf
             }
         }
     }
+
+    private function addCatalogueMetadata(array $values): void
+    {
+        foreach ($values as $domain => $keys) {
+            foreach ($keys as $key => $value) {
+                $this->setCatalogueMetadata($key, $value, $domain);
+            }
+        }
+    }
 }
diff --git a/data/web/inc/lib/vendor/symfony/translation/MessageCatalogueInterface.php b/data/web/inc/lib/vendor/symfony/translation/MessageCatalogueInterface.php
index 75e3a2fa7..fd0d26d7e 100644
--- a/data/web/inc/lib/vendor/symfony/translation/MessageCatalogueInterface.php
+++ b/data/web/inc/lib/vendor/symfony/translation/MessageCatalogueInterface.php
@@ -36,10 +36,8 @@ interface MessageCatalogueInterface
      * Gets the messages within a given domain.
      *
      * If $domain is null, it returns all messages.
-     *
-     * @param string $domain The domain name
      */
-    public function all(string $domain = null): array;
+    public function all(?string $domain = null): array;
 
     /**
      * Sets a message translation.
@@ -47,6 +45,8 @@ interface MessageCatalogueInterface
      * @param string $id          The message id
      * @param string $translation The messages translation
      * @param string $domain      The domain name
+     *
+     * @return void
      */
     public function set(string $id, string $translation, string $domain = 'messages');
 
@@ -79,6 +79,8 @@ interface MessageCatalogueInterface
      *
      * @param array  $messages An array of translations
      * @param string $domain   The domain name
+     *
+     * @return void
      */
     public function replace(array $messages, string $domain = 'messages');
 
@@ -87,6 +89,8 @@ interface MessageCatalogueInterface
      *
      * @param array  $messages An array of translations
      * @param string $domain   The domain name
+     *
+     * @return void
      */
     public function add(array $messages, string $domain = 'messages');
 
@@ -94,6 +98,8 @@ interface MessageCatalogueInterface
      * Merges translations from the given Catalogue into the current one.
      *
      * The two catalogues must have the same locale.
+     *
+     * @return void
      */
     public function addCatalogue(self $catalogue);
 
@@ -102,6 +108,8 @@ interface MessageCatalogueInterface
      * only when the translation does not exist.
      *
      * This is used to provide default translations when they do not exist for the current locale.
+     *
+     * @return void
      */
     public function addFallbackCatalogue(self $catalogue);
 
@@ -119,6 +127,8 @@ interface MessageCatalogueInterface
 
     /**
      * Adds a resource for this collection.
+     *
+     * @return void
      */
     public function addResource(ResourceInterface $resource);
 }
diff --git a/data/web/inc/lib/vendor/symfony/translation/MetadataAwareInterface.php b/data/web/inc/lib/vendor/symfony/translation/MetadataAwareInterface.php
index 2eaaceb36..39e5326c3 100644
--- a/data/web/inc/lib/vendor/symfony/translation/MetadataAwareInterface.php
+++ b/data/web/inc/lib/vendor/symfony/translation/MetadataAwareInterface.php
@@ -12,7 +12,7 @@
 namespace Symfony\Component\Translation;
 
 /**
- * MetadataAwareInterface.
+ * This interface is used to get, set, and delete metadata about the translation messages.
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
@@ -31,6 +31,8 @@ interface MetadataAwareInterface
 
     /**
      * Adds metadata to a message domain.
+     *
+     * @return void
      */
     public function setMetadata(string $key, mixed $value, string $domain = 'messages');
 
@@ -39,6 +41,8 @@ interface MetadataAwareInterface
      *
      * Passing an empty domain will delete all metadata. Passing an empty key will
      * delete all metadata for the given domain.
+     *
+     * @return void
      */
     public function deleteMetadata(string $key = '', string $domain = 'messages');
 }
diff --git a/data/web/inc/lib/vendor/symfony/translation/Provider/AbstractProviderFactory.php b/data/web/inc/lib/vendor/symfony/translation/Provider/AbstractProviderFactory.php
index 17442fde8..f0c11d85d 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Provider/AbstractProviderFactory.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Provider/AbstractProviderFactory.php
@@ -27,19 +27,11 @@ abstract class AbstractProviderFactory implements ProviderFactoryInterface
 
     protected function getUser(Dsn $dsn): string
     {
-        if (null === $user = $dsn->getUser()) {
-            throw new IncompleteDsnException('User is not set.', $dsn->getOriginalDsn());
-        }
-
-        return $user;
+        return $dsn->getUser() ?? throw new IncompleteDsnException('User is not set.', $dsn->getScheme().'://'.$dsn->getHost());
     }
 
     protected function getPassword(Dsn $dsn): string
     {
-        if (null === $password = $dsn->getPassword()) {
-            throw new IncompleteDsnException('Password is not set.', $dsn->getOriginalDsn());
-        }
-
-        return $password;
+        return $dsn->getPassword() ?? throw new IncompleteDsnException('Password is not set.', $dsn->getOriginalDsn());
     }
 }
diff --git a/data/web/inc/lib/vendor/symfony/translation/Provider/Dsn.php b/data/web/inc/lib/vendor/symfony/translation/Provider/Dsn.php
index 0f74d17fb..1d90e27f9 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Provider/Dsn.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Provider/Dsn.php
@@ -29,29 +29,29 @@ final class Dsn
     private array $options = [];
     private string $originalDsn;
 
-    public function __construct(string $dsn)
+    public function __construct(#[\SensitiveParameter] string $dsn)
     {
         $this->originalDsn = $dsn;
 
-        if (false === $parsedDsn = parse_url($dsn)) {
-            throw new InvalidArgumentException(sprintf('The "%s" translation provider DSN is invalid.', $dsn));
+        if (false === $params = parse_url($dsn)) {
+            throw new InvalidArgumentException('The translation provider DSN is invalid.');
         }
 
-        if (!isset($parsedDsn['scheme'])) {
-            throw new InvalidArgumentException(sprintf('The "%s" translation provider DSN must contain a scheme.', $dsn));
+        if (!isset($params['scheme'])) {
+            throw new InvalidArgumentException('The translation provider DSN must contain a scheme.');
         }
-        $this->scheme = $parsedDsn['scheme'];
+        $this->scheme = $params['scheme'];
 
-        if (!isset($parsedDsn['host'])) {
-            throw new InvalidArgumentException(sprintf('The "%s" translation provider DSN must contain a host (use "default" by default).', $dsn));
+        if (!isset($params['host'])) {
+            throw new InvalidArgumentException('The translation provider DSN must contain a host (use "default" by default).');
         }
-        $this->host = $parsedDsn['host'];
+        $this->host = $params['host'];
 
-        $this->user = '' !== ($parsedDsn['user'] ?? '') ? urldecode($parsedDsn['user']) : null;
-        $this->password = '' !== ($parsedDsn['pass'] ?? '') ? urldecode($parsedDsn['pass']) : null;
-        $this->port = $parsedDsn['port'] ?? null;
-        $this->path = $parsedDsn['path'] ?? null;
-        parse_str($parsedDsn['query'] ?? '', $this->options);
+        $this->user = '' !== ($params['user'] ?? '') ? rawurldecode($params['user']) : null;
+        $this->password = '' !== ($params['pass'] ?? '') ? rawurldecode($params['pass']) : null;
+        $this->port = $params['port'] ?? null;
+        $this->path = $params['path'] ?? null;
+        parse_str($params['query'] ?? '', $this->options);
     }
 
     public function getScheme(): string
@@ -74,17 +74,17 @@ final class Dsn
         return $this->password;
     }
 
-    public function getPort(int $default = null): ?int
+    public function getPort(?int $default = null): ?int
     {
         return $this->port ?? $default;
     }
 
-    public function getOption(string $key, mixed $default = null)
+    public function getOption(string $key, mixed $default = null): mixed
     {
         return $this->options[$key] ?? $default;
     }
 
-    public function getRequiredOption(string $key)
+    public function getRequiredOption(string $key): mixed
     {
         if (!\array_key_exists($key, $this->options) || '' === trim($this->options[$key])) {
             throw new MissingRequiredOptionException($key);
diff --git a/data/web/inc/lib/vendor/symfony/translation/Provider/FilteringProvider.php b/data/web/inc/lib/vendor/symfony/translation/Provider/FilteringProvider.php
index a43fedc71..d4465b9fd 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Provider/FilteringProvider.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Provider/FilteringProvider.php
@@ -21,7 +21,7 @@ use Symfony\Component\Translation\TranslatorBagInterface;
  */
 class FilteringProvider implements ProviderInterface
 {
-    private $provider;
+    private ProviderInterface $provider;
     private array $locales;
     private array $domains;
 
@@ -37,9 +37,6 @@ class FilteringProvider implements ProviderInterface
         return (string) $this->provider;
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function write(TranslatorBagInterface $translatorBag): void
     {
         $this->provider->write($translatorBag);
diff --git a/data/web/inc/lib/vendor/symfony/translation/Provider/ProviderInterface.php b/data/web/inc/lib/vendor/symfony/translation/Provider/ProviderInterface.php
index a32193f29..0e47083b6 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Provider/ProviderInterface.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Provider/ProviderInterface.php
@@ -14,10 +14,8 @@ namespace Symfony\Component\Translation\Provider;
 use Symfony\Component\Translation\TranslatorBag;
 use Symfony\Component\Translation\TranslatorBagInterface;
 
-interface ProviderInterface
+interface ProviderInterface extends \Stringable
 {
-    public function __toString(): string;
-
     /**
      * Translations available in the TranslatorBag only must be created.
      * Translations available in both the TranslatorBag and on the provider
diff --git a/data/web/inc/lib/vendor/symfony/translation/Provider/TranslationProviderCollection.php b/data/web/inc/lib/vendor/symfony/translation/Provider/TranslationProviderCollection.php
index 61ac641cd..b917415ba 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Provider/TranslationProviderCollection.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Provider/TranslationProviderCollection.php
@@ -21,7 +21,7 @@ final class TranslationProviderCollection
     /**
      * @var array<string, ProviderInterface>
      */
-    private $providers;
+    private array $providers;
 
     /**
      * @param array<string, ProviderInterface> $providers
diff --git a/data/web/inc/lib/vendor/symfony/translation/PseudoLocalizationTranslator.php b/data/web/inc/lib/vendor/symfony/translation/PseudoLocalizationTranslator.php
index 1d10e0ccb..f26909f5e 100644
--- a/data/web/inc/lib/vendor/symfony/translation/PseudoLocalizationTranslator.php
+++ b/data/web/inc/lib/vendor/symfony/translation/PseudoLocalizationTranslator.php
@@ -20,7 +20,7 @@ final class PseudoLocalizationTranslator implements TranslatorInterface
 {
     private const EXPANSION_CHARACTER = '~';
 
-    private $translator;
+    private TranslatorInterface $translator;
     private bool $accents;
     private float $expansionFactor;
     private bool $brackets;
@@ -83,10 +83,7 @@ final class PseudoLocalizationTranslator implements TranslatorInterface
         $this->localizableHTMLAttributes = $options['localizable_html_attributes'] ?? [];
     }
 
-    /**
-     * {@inheritdoc}
-     */
-    public function trans(string $id, array $parameters = [], string $domain = null, string $locale = null): string
+    public function trans(string $id, array $parameters = [], ?string $domain = null, ?string $locale = null): string
     {
         $trans = '';
         $visibleText = '';
@@ -123,7 +120,7 @@ final class PseudoLocalizationTranslator implements TranslatorInterface
             return [[true, true, $originalTrans]];
         }
 
-        $html = mb_convert_encoding($originalTrans, 'HTML-ENTITIES', mb_detect_encoding($originalTrans, null, true) ?: 'UTF-8');
+        $html = mb_encode_numericentity($originalTrans, [0x80, 0x10FFFF, 0, 0x1FFFFF], mb_detect_encoding($originalTrans, null, true) ?: 'UTF-8');
 
         $useInternalErrors = libxml_use_internal_errors(true);
 
@@ -283,7 +280,7 @@ final class PseudoLocalizationTranslator implements TranslatorInterface
         }
 
         $visibleLength = $this->strlen($visibleText);
-        $missingLength = (int) (ceil($visibleLength * $this->expansionFactor)) - $visibleLength;
+        $missingLength = (int) ceil($visibleLength * $this->expansionFactor) - $visibleLength;
         if ($this->brackets) {
             $missingLength -= 2;
         }
diff --git a/data/web/inc/lib/vendor/symfony/translation/README.md b/data/web/inc/lib/vendor/symfony/translation/README.md
index adda9a5b2..32e4017b7 100644
--- a/data/web/inc/lib/vendor/symfony/translation/README.md
+++ b/data/web/inc/lib/vendor/symfony/translation/README.md
@@ -26,12 +26,7 @@ echo $translator->trans('Hello World!'); // outputs « Bonjour ! »
 Sponsor
 -------
 
-The Translation component for Symfony 5.4/6.0 is [backed][1] by:
-
- * [Crowdin][2], a cloud-based localization management software helping teams to go global and stay agile.
- * [Lokalise][3], a continuous localization and translation management platform that integrates into your development workflow so you can ship localized products, faster.
-
-Help Symfony by [sponsoring][4] its development!
+Help Symfony by [sponsoring][1] its development!
 
 Resources
 ---------
@@ -42,7 +37,4 @@ Resources
    [send Pull Requests](https://github.com/symfony/symfony/pulls)
    in the [main Symfony repository](https://github.com/symfony/symfony)
 
-[1]: https://symfony.com/backers
-[2]: https://crowdin.com
-[3]: https://lokalise.com
-[4]: https://symfony.com/sponsor
+[1]: https://symfony.com/sponsor
diff --git a/data/web/inc/lib/vendor/symfony/translation/Reader/TranslationReader.php b/data/web/inc/lib/vendor/symfony/translation/Reader/TranslationReader.php
index bbc687e13..01408d4dc 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Reader/TranslationReader.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Reader/TranslationReader.php
@@ -33,6 +33,8 @@ class TranslationReader implements TranslationReaderInterface
      * Adds a loader to the translation extractor.
      *
      * @param string $format The format of the loader
+     *
+     * @return void
      */
     public function addLoader(string $format, LoaderInterface $loader)
     {
@@ -40,7 +42,7 @@ class TranslationReader implements TranslationReaderInterface
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function read(string $directory, MessageCatalogue $catalogue)
     {
diff --git a/data/web/inc/lib/vendor/symfony/translation/Reader/TranslationReaderInterface.php b/data/web/inc/lib/vendor/symfony/translation/Reader/TranslationReaderInterface.php
index bc37204f9..ea74dc23f 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Reader/TranslationReaderInterface.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Reader/TranslationReaderInterface.php
@@ -22,6 +22,8 @@ interface TranslationReaderInterface
 {
     /**
      * Reads translation messages from a directory to the catalogue.
+     *
+     * @return void
      */
     public function read(string $directory, MessageCatalogue $catalogue);
 }
diff --git a/data/web/inc/lib/vendor/symfony/translation/Resources/bin/translation-status.php b/data/web/inc/lib/vendor/symfony/translation/Resources/bin/translation-status.php
index a76916427..8064190d8 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Resources/bin/translation-status.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Resources/bin/translation-status.php
@@ -9,6 +9,10 @@
  * file that was distributed with this source code.
  */
 
+if ('cli' !== \PHP_SAPI) {
+    throw new Exception('This script must be run from the command line.');
+}
+
 $usageInstructions = <<<END
 
   Usage instructions
@@ -83,19 +87,15 @@ foreach ($config['original_files'] as $originalFilePath) {
     $translationFilePaths = findTranslationFiles($originalFilePath, $config['locale_to_analyze']);
     $translationStatus = calculateTranslationStatus($originalFilePath, $translationFilePaths);
 
-    $totalMissingTranslations += array_sum(array_map(function ($translation) {
-        return count($translation['missingKeys']);
-    }, array_values($translationStatus)));
-    $totalTranslationMismatches += array_sum(array_map(function ($translation) {
-        return count($translation['mismatches']);
-    }, array_values($translationStatus)));
+    $totalMissingTranslations += array_sum(array_map(fn ($translation) => count($translation['missingKeys']), array_values($translationStatus)));
+    $totalTranslationMismatches += array_sum(array_map(fn ($translation) => count($translation['mismatches']), array_values($translationStatus)));
 
     printTranslationStatus($originalFilePath, $translationStatus, $config['verbose_output'], $config['include_completed_languages']);
 }
 
 exit($totalTranslationMismatches > 0 ? 1 : 0);
 
-function findTranslationFiles($originalFilePath, $localeToAnalyze)
+function findTranslationFiles($originalFilePath, $localeToAnalyze): array
 {
     $translations = [];
 
@@ -118,7 +118,7 @@ function findTranslationFiles($originalFilePath, $localeToAnalyze)
     return $translations;
 }
 
-function calculateTranslationStatus($originalFilePath, $translationFilePaths)
+function calculateTranslationStatus($originalFilePath, $translationFilePaths): array
 {
     $translationStatus = [];
     $allTranslationKeys = extractTranslationKeys($originalFilePath);
@@ -159,7 +159,7 @@ function extractLocaleFromFilePath($filePath)
     return $parts[count($parts) - 2];
 }
 
-function extractTranslationKeys($filePath)
+function extractTranslationKeys($filePath): array
 {
     $translationKeys = [];
     $contents = new \SimpleXMLElement(file_get_contents($filePath));
diff --git a/data/web/inc/lib/vendor/symfony/translation/Resources/data/parents.json b/data/web/inc/lib/vendor/symfony/translation/Resources/data/parents.json
index 288f16300..24d4d119e 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Resources/data/parents.json
+++ b/data/web/inc/lib/vendor/symfony/translation/Resources/data/parents.json
@@ -35,6 +35,7 @@
     "en_GM": "en_001",
     "en_GY": "en_001",
     "en_HK": "en_001",
+    "en_ID": "en_001",
     "en_IE": "en_001",
     "en_IL": "en_001",
     "en_IM": "en_001",
@@ -54,6 +55,7 @@
     "en_MS": "en_001",
     "en_MT": "en_001",
     "en_MU": "en_001",
+    "en_MV": "en_001",
     "en_MW": "en_001",
     "en_MY": "en_001",
     "en_NA": "en_001",
@@ -116,6 +118,8 @@
     "es_UY": "es_419",
     "es_VE": "es_419",
     "ff_Adlm": "root",
+    "hi_Latn": "en_IN",
+    "ks_Deva": "root",
     "nb": "no",
     "nn": "no",
     "pa_Arab": "root",
diff --git a/data/web/inc/lib/vendor/symfony/translation/Resources/functions.php b/data/web/inc/lib/vendor/symfony/translation/Resources/functions.php
index 901d2f87e..0d2a037a2 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Resources/functions.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Resources/functions.php
@@ -15,7 +15,7 @@ if (!\function_exists(t::class)) {
     /**
      * @author Nate Wiebe <nate@northern.co>
      */
-    function t(string $message, array $parameters = [], string $domain = null): TranslatableMessage
+    function t(string $message, array $parameters = [], ?string $domain = null): TranslatableMessage
     {
         return new TranslatableMessage($message, $parameters, $domain);
     }
diff --git a/data/web/inc/lib/vendor/symfony/translation/Resources/schemas/xliff-core-1.2-strict.xsd b/data/web/inc/lib/vendor/symfony/translation/Resources/schemas/xliff-core-1.2-transitional.xsd
similarity index 96%
rename from data/web/inc/lib/vendor/symfony/translation/Resources/schemas/xliff-core-1.2-strict.xsd
rename to data/web/inc/lib/vendor/symfony/translation/Resources/schemas/xliff-core-1.2-transitional.xsd
index dface628c..1f38de72f 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Resources/schemas/xliff-core-1.2-strict.xsd
+++ b/data/web/inc/lib/vendor/symfony/translation/Resources/schemas/xliff-core-1.2-transitional.xsd
@@ -1,5 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
-
 <!--
 
 May-19-2004:
@@ -1646,20 +1645,21 @@ Jan-10-2006
   </xsd:group>
   <xsd:attributeGroup name="AttrGroup_TextContent">
     <xsd:attribute name="id" type="xsd:string" use="required"/>
+    <xsd:attribute name="ts" type="xsd:string" use="optional"/>
     <xsd:attribute name="xid" type="xsd:string" use="optional"/>
     <xsd:attribute name="equiv-text" type="xsd:string" use="optional"/>
-    <xsd:anyAttribute namespace="##other" processContents="strict"/>
+    <xsd:anyAttribute namespace="##any" processContents="skip"/>
   </xsd:attributeGroup>
   <!-- XLIFF Structure -->
   <xsd:element name="xliff">
     <xsd:complexType>
       <xsd:sequence maxOccurs="unbounded">
-        <xsd:any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="strict"/>
+        <xsd:any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="skip"/>
         <xsd:element ref="xlf:file"/>
       </xsd:sequence>
       <xsd:attribute name="version" type="xlf:AttrType_Version" use="required"/>
       <xsd:attribute ref="xml:lang" use="optional"/>
-      <xsd:anyAttribute namespace="##other" processContents="strict"/>
+      <xsd:anyAttribute namespace="##any" processContents="skip"/>
     </xsd:complexType>
   </xsd:element>
   <xsd:element name="file">
@@ -1672,14 +1672,16 @@ Jan-10-2006
       <xsd:attribute name="source-language" type="xsd:language" use="required"/>
       <xsd:attribute name="datatype" type="xlf:AttrType_datatype" use="required"/>
       <xsd:attribute name="tool-id" type="xsd:string" use="optional"/>
+      <xsd:attribute default="manual" name="tool" type="xsd:string" use="optional"/>
       <xsd:attribute name="date" type="xsd:dateTime" use="optional"/>
       <xsd:attribute ref="xml:space" use="optional"/>
+      <xsd:attribute name="ts" type="xsd:string" use="optional"/>
       <xsd:attribute name="category" type="xsd:string" use="optional"/>
       <xsd:attribute name="target-language" type="xsd:language" use="optional"/>
       <xsd:attribute name="product-name" type="xsd:string" use="optional"/>
       <xsd:attribute name="product-version" type="xsd:string" use="optional"/>
       <xsd:attribute name="build-num" type="xsd:string" use="optional"/>
-      <xsd:anyAttribute namespace="##other" processContents="strict"/>
+      <xsd:anyAttribute namespace="##any" processContents="skip"/>
     </xsd:complexType>
     <xsd:unique name="U_group_id">
       <xsd:selector xpath=".//xlf:group"/>
@@ -1739,10 +1741,11 @@ Jan-10-2006
           <xsd:element name="glossary" type="xlf:ElemType_ExternalReference"/>
           <xsd:element name="reference" type="xlf:ElemType_ExternalReference"/>
           <xsd:element ref="xlf:count-group"/>
+          <xsd:element ref="xlf:prop-group"/>
           <xsd:element ref="xlf:note"/>
           <xsd:element ref="xlf:tool"/>
         </xsd:choice>
-        <xsd:any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="strict"/>
+        <xsd:any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="skip"/>
       </xsd:sequence>
     </xsd:complexType>
   </xsd:element>
@@ -1791,6 +1794,7 @@ Jan-10-2006
       <xsd:attribute name="process-name" type="xsd:string" use="required"/>
       <xsd:attribute name="company-name" type="xsd:string" use="optional"/>
       <xsd:attribute name="tool-id" type="xsd:string" use="optional"/>
+      <xsd:attribute name="tool" type="xsd:string" use="optional"/>
       <xsd:attribute name="date" type="xsd:dateTime" use="optional"/>
       <xsd:attribute name="job-id" type="xsd:string" use="optional"/>
       <xsd:attribute name="contact-name" type="xsd:string" use="optional"/>
@@ -1838,16 +1842,34 @@ Jan-10-2006
       </xsd:simpleContent>
     </xsd:complexType>
   </xsd:element>
+  <xsd:element name="prop-group">
+    <xsd:complexType>
+      <xsd:sequence maxOccurs="unbounded">
+        <xsd:element ref="xlf:prop"/>
+      </xsd:sequence>
+      <xsd:attribute name="name" type="xsd:string" use="optional"/>
+    </xsd:complexType>
+  </xsd:element>
+  <xsd:element name="prop">
+    <xsd:complexType>
+      <xsd:simpleContent>
+        <xsd:extension base="xsd:string">
+          <xsd:attribute name="prop-type" type="xsd:string" use="required"/>
+          <xsd:attribute ref="xml:lang" use="optional"/>
+        </xsd:extension>
+      </xsd:simpleContent>
+    </xsd:complexType>
+  </xsd:element>
   <xsd:element name="tool">
     <xsd:complexType mixed="true">
       <xsd:sequence>
-        <xsd:any namespace="##any" processContents="strict" minOccurs="0" maxOccurs="unbounded"/>
+        <xsd:any namespace="##any" processContents="skip" minOccurs="0" maxOccurs="unbounded"/>
       </xsd:sequence>
       <xsd:attribute name="tool-id" type="xsd:string" use="required"/>
       <xsd:attribute name="tool-name" type="xsd:string" use="required"/>
       <xsd:attribute name="tool-version" type="xsd:string" use="optional"/>
       <xsd:attribute name="tool-company" type="xsd:string" use="optional"/>
-      <xsd:anyAttribute namespace="##other" processContents="strict"/>
+      <xsd:anyAttribute namespace="##any" processContents="skip"/>
     </xsd:complexType>
   </xsd:element>
   <xsd:element name="body">
@@ -1865,8 +1887,9 @@ Jan-10-2006
         <xsd:sequence>
           <xsd:element maxOccurs="unbounded" minOccurs="0" ref="xlf:context-group"/>
           <xsd:element maxOccurs="unbounded" minOccurs="0" ref="xlf:count-group"/>
+          <xsd:element maxOccurs="unbounded" minOccurs="0" ref="xlf:prop-group"/>
           <xsd:element maxOccurs="unbounded" minOccurs="0" ref="xlf:note"/>
-          <xsd:any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="strict"/>
+          <xsd:any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="skip"/>
         </xsd:sequence>
         <xsd:choice maxOccurs="unbounded">
           <xsd:element maxOccurs="unbounded" minOccurs="0" ref="xlf:group"/>
@@ -1877,6 +1900,7 @@ Jan-10-2006
       <xsd:attribute name="id" type="xsd:string" use="optional"/>
       <xsd:attribute name="datatype" type="xlf:AttrType_datatype" use="optional"/>
       <xsd:attribute default="default" ref="xml:space" use="optional"/>
+      <xsd:attribute name="ts" type="xsd:string" use="optional"/>
       <xsd:attribute name="restype" type="xlf:AttrType_restype" use="optional"/>
       <xsd:attribute name="resname" type="xsd:string" use="optional"/>
       <xsd:attribute name="extradata" type="xsd:string" use="optional"/>
@@ -1901,7 +1925,7 @@ Jan-10-2006
       <xsd:attribute name="minbytes" type="xsd:NMTOKEN" use="optional"/>
       <xsd:attribute name="charclass" type="xsd:string" use="optional"/>
       <xsd:attribute default="no" name="merged-trans" type="xlf:AttrType_YesNo" use="optional"/>
-      <xsd:anyAttribute namespace="##other" processContents="strict"/>
+      <xsd:anyAttribute namespace="##any" processContents="skip"/>
     </xsd:complexType>
   </xsd:element>
   <xsd:element name="trans-unit">
@@ -1913,10 +1937,11 @@ Jan-10-2006
         <xsd:choice maxOccurs="unbounded" minOccurs="0">
           <xsd:element ref="xlf:context-group"/>
           <xsd:element ref="xlf:count-group"/>
+          <xsd:element ref="xlf:prop-group"/>
           <xsd:element ref="xlf:note"/>
           <xsd:element ref="xlf:alt-trans"/>
         </xsd:choice>
-        <xsd:any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="strict"/>
+        <xsd:any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="skip"/>
       </xsd:sequence>
       <xsd:attribute name="id" type="xsd:string" use="required"/>
       <xsd:attribute name="approved" type="xlf:AttrType_YesNo" use="optional"/>
@@ -1924,6 +1949,7 @@ Jan-10-2006
       <xsd:attribute default="yes" name="reformat" type="xlf:AttrType_reformat" use="optional"/>
       <xsd:attribute default="default" ref="xml:space" use="optional"/>
       <xsd:attribute name="datatype" type="xlf:AttrType_datatype" use="optional"/>
+      <xsd:attribute name="ts" type="xsd:string" use="optional"/>
       <xsd:attribute name="phase-name" type="xsd:string" use="optional"/>
       <xsd:attribute name="restype" type="xlf:AttrType_restype" use="optional"/>
       <xsd:attribute name="resname" type="xsd:string" use="optional"/>
@@ -1947,7 +1973,7 @@ Jan-10-2006
       <xsd:attribute name="minbytes" type="xsd:NMTOKEN" use="optional"/>
       <xsd:attribute name="charclass" type="xsd:string" use="optional"/>
       <xsd:attribute default="yes" name="merged-trans" type="xlf:AttrType_YesNo" use="optional"/>
-      <xsd:anyAttribute namespace="##other" processContents="strict"/>
+      <xsd:anyAttribute namespace="##any" processContents="skip"/>
     </xsd:complexType>
     <xsd:unique name="U_tu_segsrc_mid">
       <xsd:selector xpath="./xlf:seg-source/xlf:mrk"/>
@@ -1962,7 +1988,8 @@ Jan-10-2006
     <xsd:complexType mixed="true">
       <xsd:group maxOccurs="unbounded" minOccurs="0" ref="xlf:ElemGroup_TextContent"/>
       <xsd:attribute ref="xml:lang" use="optional"/>
-      <xsd:anyAttribute namespace="##other" processContents="strict"/>
+      <xsd:attribute name="ts" type="xsd:string" use="optional"/>
+      <xsd:anyAttribute namespace="##any" processContents="skip"/>
     </xsd:complexType>
     <xsd:unique name="U_source_bpt_rid">
       <xsd:selector xpath=".//xlf:bpt"/>
@@ -1985,7 +2012,8 @@ Jan-10-2006
     <xsd:complexType mixed="true">
       <xsd:group maxOccurs="unbounded" minOccurs="0" ref="xlf:ElemGroup_TextContent"/>
       <xsd:attribute ref="xml:lang" use="optional"/>
-      <xsd:anyAttribute namespace="##other" processContents="strict"/>
+      <xsd:attribute name="ts" type="xsd:string" use="optional"/>
+      <xsd:anyAttribute namespace="##any" processContents="skip"/>
     </xsd:complexType>
     <xsd:unique name="U_segsrc_bpt_rid">
       <xsd:selector xpath=".//xlf:bpt"/>
@@ -2011,6 +2039,8 @@ Jan-10-2006
       <xsd:attribute name="state-qualifier" type="xlf:AttrType_state-qualifier" use="optional"/>
       <xsd:attribute name="phase-name" type="xsd:NMTOKEN" use="optional"/>
       <xsd:attribute ref="xml:lang" use="optional"/>
+      <xsd:attribute name="ts" type="xsd:string" use="optional"/>
+      <xsd:attribute name="restype" type="xlf:AttrType_restype" use="optional"/>
       <xsd:attribute name="resname" type="xsd:string" use="optional"/>
       <xsd:attribute name="coord" type="xlf:AttrType_Coordinates" use="optional"/>
       <xsd:attribute name="font" type="xsd:string" use="optional"/>
@@ -2018,7 +2048,7 @@ Jan-10-2006
       <xsd:attribute name="style" type="xsd:NMTOKEN" use="optional"/>
       <xsd:attribute name="exstyle" type="xsd:NMTOKEN" use="optional"/>
       <xsd:attribute default="yes" name="equiv-trans" type="xlf:AttrType_YesNo" use="optional"/>
-      <xsd:anyAttribute namespace="##other" processContents="strict"/>
+      <xsd:anyAttribute namespace="##any" processContents="skip"/>
     </xsd:complexType>
     <xsd:unique name="U_target_bpt_rid">
       <xsd:selector xpath=".//xlf:bpt"/>
@@ -2042,18 +2072,21 @@ Jan-10-2006
       <xsd:sequence>
         <xsd:element minOccurs="0" ref="xlf:source"/>
         <xsd:element minOccurs="0" ref="xlf:seg-source"/>
-        <xsd:element maxOccurs="1" ref="xlf:target"/>
+        <xsd:element maxOccurs="unbounded" ref="xlf:target"/>
         <xsd:element maxOccurs="unbounded" minOccurs="0" ref="xlf:context-group"/>
+        <xsd:element maxOccurs="unbounded" minOccurs="0" ref="xlf:prop-group"/>
         <xsd:element maxOccurs="unbounded" minOccurs="0" ref="xlf:note"/>
-        <xsd:any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="strict"/>
+        <xsd:any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="skip"/>
       </xsd:sequence>
       <xsd:attribute name="match-quality" type="xsd:string" use="optional"/>
       <xsd:attribute name="tool-id" type="xsd:string" use="optional"/>
+      <xsd:attribute name="tool" type="xsd:string" use="optional"/>
       <xsd:attribute name="crc" type="xsd:NMTOKEN" use="optional"/>
       <xsd:attribute ref="xml:lang" use="optional"/>
       <xsd:attribute name="origin" type="xsd:string" use="optional"/>
       <xsd:attribute name="datatype" type="xlf:AttrType_datatype" use="optional"/>
       <xsd:attribute default="default" ref="xml:space" use="optional"/>
+      <xsd:attribute name="ts" type="xsd:string" use="optional"/>
       <xsd:attribute name="restype" type="xlf:AttrType_restype" use="optional"/>
       <xsd:attribute name="resname" type="xsd:string" use="optional"/>
       <xsd:attribute name="extradata" type="xsd:string" use="optional"/>
@@ -2070,7 +2103,7 @@ Jan-10-2006
       <xsd:attribute name="exstyle" type="xsd:NMTOKEN" use="optional"/>
       <xsd:attribute name="phase-name" type="xsd:NMTOKEN" use="optional"/>
       <xsd:attribute default="proposal" name="alttranstype" type="xlf:AttrType_alttranstype" use="optional"/>
-      <xsd:anyAttribute namespace="##other" processContents="strict"/>
+      <xsd:anyAttribute namespace="##any" processContents="skip"/>
     </xsd:complexType>
     <xsd:unique name="U_at_segsrc_mid">
       <xsd:selector xpath="./xlf:seg-source/xlf:mrk"/>
@@ -2089,20 +2122,22 @@ Jan-10-2006
         <xsd:choice maxOccurs="unbounded" minOccurs="0">
           <xsd:element ref="xlf:context-group"/>
           <xsd:element ref="xlf:count-group"/>
+          <xsd:element ref="xlf:prop-group"/>
           <xsd:element ref="xlf:note"/>
           <xsd:element ref="xlf:trans-unit"/>
         </xsd:choice>
-        <xsd:any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="strict"/>
+        <xsd:any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="skip"/>
       </xsd:sequence>
       <xsd:attribute name="id" type="xsd:string" use="required"/>
       <xsd:attribute name="mime-type" type="xlf:mime-typeValueList" use="required"/>
       <xsd:attribute name="approved" type="xlf:AttrType_YesNo" use="optional"/>
       <xsd:attribute default="yes" name="translate" type="xlf:AttrType_YesNo" use="optional"/>
       <xsd:attribute default="yes" name="reformat" type="xlf:AttrType_reformat" use="optional"/>
+      <xsd:attribute name="ts" type="xsd:string" use="optional"/>
       <xsd:attribute name="restype" type="xlf:AttrType_restype" use="optional"/>
       <xsd:attribute name="resname" type="xsd:string" use="optional"/>
       <xsd:attribute name="phase-name" type="xsd:string" use="optional"/>
-      <xsd:anyAttribute namespace="##other" processContents="strict"/>
+      <xsd:anyAttribute namespace="##any" processContents="skip"/>
     </xsd:complexType>
   </xsd:element>
   <xsd:element name="bin-source">
@@ -2111,7 +2146,8 @@ Jan-10-2006
         <xsd:element ref="xlf:internal-file"/>
         <xsd:element ref="xlf:external-file"/>
       </xsd:choice>
-      <xsd:anyAttribute namespace="##other" processContents="strict"/>
+      <xsd:attribute name="ts" type="xsd:string" use="optional"/>
+      <xsd:anyAttribute namespace="##any" processContents="skip"/>
     </xsd:complexType>
   </xsd:element>
   <xsd:element name="bin-target">
@@ -2121,12 +2157,13 @@ Jan-10-2006
         <xsd:element ref="xlf:external-file"/>
       </xsd:choice>
       <xsd:attribute name="mime-type" type="xlf:mime-typeValueList" use="optional"/>
+      <xsd:attribute name="ts" type="xsd:string" use="optional"/>
       <xsd:attribute name="state" type="xlf:AttrType_state" use="optional"/>
       <xsd:attribute name="state-qualifier" type="xlf:AttrType_state-qualifier" use="optional"/>
       <xsd:attribute name="phase-name" type="xsd:NMTOKEN" use="optional"/>
       <xsd:attribute name="restype" type="xlf:AttrType_restype" use="optional"/>
       <xsd:attribute name="resname" type="xsd:string" use="optional"/>
-      <xsd:anyAttribute namespace="##other" processContents="strict"/>
+      <xsd:anyAttribute namespace="##any" processContents="skip"/>
     </xsd:complexType>
   </xsd:element>
   <!-- Element for inline codes -->
@@ -2217,7 +2254,8 @@ Jan-10-2006
       <xsd:attribute name="mtype" type="xlf:AttrType_mtype" use="required"/>
       <xsd:attribute name="mid" type="xsd:NMTOKEN" use="optional"/>
       <xsd:attribute name="comment" type="xsd:string" use="optional"/>
-      <xsd:anyAttribute namespace="##other" processContents="strict"/>
+      <xsd:attribute name="ts" type="xsd:string" use="optional"/>
+      <xsd:anyAttribute namespace="##any" processContents="skip"/>
     </xsd:complexType>
   </xsd:element>
 </xsd:schema>
diff --git a/data/web/inc/lib/vendor/symfony/translation/Test/ProviderFactoryTestCase.php b/data/web/inc/lib/vendor/symfony/translation/Test/ProviderFactoryTestCase.php
index d6510e0dd..95ffcb1e5 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Test/ProviderFactoryTestCase.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Test/ProviderFactoryTestCase.php
@@ -11,6 +11,7 @@
 
 namespace Symfony\Component\Translation\Test;
 
+use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 use Psr\Log\LoggerInterface;
 use Symfony\Component\HttpClient\MockHttpClient;
@@ -20,39 +21,39 @@ use Symfony\Component\Translation\Exception\UnsupportedSchemeException;
 use Symfony\Component\Translation\Loader\LoaderInterface;
 use Symfony\Component\Translation\Provider\Dsn;
 use Symfony\Component\Translation\Provider\ProviderFactoryInterface;
+use Symfony\Component\Translation\TranslatorBagInterface;
 use Symfony\Contracts\HttpClient\HttpClientInterface;
 
 /**
  * A test case to ease testing a translation provider factory.
  *
  * @author Mathieu Santostefano <msantostefano@protonmail.com>
- *
- * @internal
  */
 abstract class ProviderFactoryTestCase extends TestCase
 {
-    protected $client;
-    protected $logger;
+    protected HttpClientInterface $client;
+    protected LoggerInterface|MockObject $logger;
     protected string $defaultLocale;
-    protected $loader;
-    protected $xliffFileDumper;
+    protected LoaderInterface|MockObject $loader;
+    protected XliffFileDumper|MockObject $xliffFileDumper;
+    protected TranslatorBagInterface|MockObject $translatorBag;
 
     abstract public function createFactory(): ProviderFactoryInterface;
 
     /**
      * @return iterable<array{0: bool, 1: string}>
      */
-    abstract public function supportsProvider(): iterable;
+    abstract public static function supportsProvider(): iterable;
 
     /**
-     * @return iterable<array{0: string, 1: string, 2: TransportInterface}>
+     * @return iterable<array{0: string, 1: string}>
      */
-    abstract public function createProvider(): iterable;
+    abstract public static function createProvider(): iterable;
 
     /**
      * @return iterable<array{0: string, 1: string|null}>
      */
-    public function unsupportedSchemeProvider(): iterable
+    public static function unsupportedSchemeProvider(): iterable
     {
         return [];
     }
@@ -60,7 +61,7 @@ abstract class ProviderFactoryTestCase extends TestCase
     /**
      * @return iterable<array{0: string, 1: string|null}>
      */
-    public function incompleteDsnProvider(): iterable
+    public static function incompleteDsnProvider(): iterable
     {
         return [];
     }
@@ -89,7 +90,7 @@ abstract class ProviderFactoryTestCase extends TestCase
     /**
      * @dataProvider unsupportedSchemeProvider
      */
-    public function testUnsupportedSchemeException(string $dsn, string $message = null)
+    public function testUnsupportedSchemeException(string $dsn, ?string $message = null)
     {
         $factory = $this->createFactory();
 
@@ -106,7 +107,7 @@ abstract class ProviderFactoryTestCase extends TestCase
     /**
      * @dataProvider incompleteDsnProvider
      */
-    public function testIncompleteDsnException(string $dsn, string $message = null)
+    public function testIncompleteDsnException(string $dsn, ?string $message = null)
     {
         $factory = $this->createFactory();
 
@@ -144,4 +145,9 @@ abstract class ProviderFactoryTestCase extends TestCase
     {
         return $this->xliffFileDumper ??= $this->createMock(XliffFileDumper::class);
     }
+
+    protected function getTranslatorBag(): TranslatorBagInterface
+    {
+        return $this->translatorBag ??= $this->createMock(TranslatorBagInterface::class);
+    }
 }
diff --git a/data/web/inc/lib/vendor/symfony/translation/Test/ProviderTestCase.php b/data/web/inc/lib/vendor/symfony/translation/Test/ProviderTestCase.php
index 5ae26829b..a8fa0b8bb 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Test/ProviderTestCase.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Test/ProviderTestCase.php
@@ -11,35 +11,36 @@
 
 namespace Symfony\Component\Translation\Test;
 
+use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 use Psr\Log\LoggerInterface;
 use Symfony\Component\HttpClient\MockHttpClient;
 use Symfony\Component\Translation\Dumper\XliffFileDumper;
 use Symfony\Component\Translation\Loader\LoaderInterface;
 use Symfony\Component\Translation\Provider\ProviderInterface;
+use Symfony\Component\Translation\TranslatorBagInterface;
 use Symfony\Contracts\HttpClient\HttpClientInterface;
 
 /**
  * A test case to ease testing a translation provider.
  *
  * @author Mathieu Santostefano <msantostefano@protonmail.com>
- *
- * @internal
  */
 abstract class ProviderTestCase extends TestCase
 {
-    protected $client;
-    protected $logger;
+    protected HttpClientInterface $client;
+    protected LoggerInterface|MockObject $logger;
     protected string $defaultLocale;
-    protected $loader;
-    protected $xliffFileDumper;
+    protected LoaderInterface|MockObject $loader;
+    protected XliffFileDumper|MockObject $xliffFileDumper;
+    protected TranslatorBagInterface|MockObject $translatorBag;
 
-    abstract public function createProvider(HttpClientInterface $client, LoaderInterface $loader, LoggerInterface $logger, string $defaultLocale, string $endpoint): ProviderInterface;
+    abstract public static function createProvider(HttpClientInterface $client, LoaderInterface $loader, LoggerInterface $logger, string $defaultLocale, string $endpoint): ProviderInterface;
 
     /**
-     * @return iterable<array{0: string, 1: ProviderInterface}>
+     * @return iterable<array{0: ProviderInterface, 1: string}>
      */
-    abstract public function toStringProvider(): iterable;
+    abstract public static function toStringProvider(): iterable;
 
     /**
      * @dataProvider toStringProvider
@@ -73,4 +74,9 @@ abstract class ProviderTestCase extends TestCase
     {
         return $this->xliffFileDumper ??= $this->createMock(XliffFileDumper::class);
     }
+
+    protected function getTranslatorBag(): TranslatorBagInterface
+    {
+        return $this->translatorBag ??= $this->createMock(TranslatorBagInterface::class);
+    }
 }
diff --git a/data/web/inc/lib/vendor/symfony/translation/TranslatableMessage.php b/data/web/inc/lib/vendor/symfony/translation/TranslatableMessage.php
index b1a3b6b13..c591e68c2 100644
--- a/data/web/inc/lib/vendor/symfony/translation/TranslatableMessage.php
+++ b/data/web/inc/lib/vendor/symfony/translation/TranslatableMessage.php
@@ -23,7 +23,7 @@ class TranslatableMessage implements TranslatableInterface
     private array $parameters;
     private ?string $domain;
 
-    public function __construct(string $message, array $parameters = [], string $domain = null)
+    public function __construct(string $message, array $parameters = [], ?string $domain = null)
     {
         $this->message = $message;
         $this->parameters = $parameters;
@@ -50,12 +50,10 @@ class TranslatableMessage implements TranslatableInterface
         return $this->domain;
     }
 
-    public function trans(TranslatorInterface $translator, string $locale = null): string
+    public function trans(TranslatorInterface $translator, ?string $locale = null): string
     {
         return $translator->trans($this->getMessage(), array_map(
-            static function ($parameter) use ($translator, $locale) {
-                return $parameter instanceof TranslatableInterface ? $parameter->trans($translator, $locale) : $parameter;
-            },
+            static fn ($parameter) => $parameter instanceof TranslatableInterface ? $parameter->trans($translator, $locale) : $parameter,
             $this->getParameters()
         ), $this->getDomain(), $locale);
     }
diff --git a/data/web/inc/lib/vendor/symfony/translation/Translator.php b/data/web/inc/lib/vendor/symfony/translation/Translator.php
index 05e84d0cc..1973d079f 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Translator.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Translator.php
@@ -22,6 +22,7 @@ use Symfony\Component\Translation\Formatter\MessageFormatter;
 use Symfony\Component\Translation\Formatter\MessageFormatterInterface;
 use Symfony\Component\Translation\Loader\LoaderInterface;
 use Symfony\Contracts\Translation\LocaleAwareInterface;
+use Symfony\Contracts\Translation\TranslatableInterface;
 use Symfony\Contracts\Translation\TranslatorInterface;
 
 // Help opcache.preload discover always-needed symbols
@@ -51,7 +52,7 @@ class Translator implements TranslatorInterface, TranslatorBagInterface, LocaleA
 
     private array $resources = [];
 
-    private $formatter;
+    private MessageFormatterInterface $formatter;
 
     private ?string $cacheDir;
 
@@ -59,7 +60,7 @@ class Translator implements TranslatorInterface, TranslatorBagInterface, LocaleA
 
     private array $cacheVary;
 
-    private $configCacheFactory;
+    private ?ConfigCacheFactoryInterface $configCacheFactory;
 
     private array $parentLocales;
 
@@ -68,21 +69,20 @@ class Translator implements TranslatorInterface, TranslatorBagInterface, LocaleA
     /**
      * @throws InvalidArgumentException If a locale contains invalid characters
      */
-    public function __construct(string $locale, MessageFormatterInterface $formatter = null, string $cacheDir = null, bool $debug = false, array $cacheVary = [])
+    public function __construct(string $locale, ?MessageFormatterInterface $formatter = null, ?string $cacheDir = null, bool $debug = false, array $cacheVary = [])
     {
         $this->setLocale($locale);
 
-        if (null === $formatter) {
-            $formatter = new MessageFormatter();
-        }
-
-        $this->formatter = $formatter;
+        $this->formatter = $formatter ??= new MessageFormatter();
         $this->cacheDir = $cacheDir;
         $this->debug = $debug;
         $this->cacheVary = $cacheVary;
         $this->hasIntlFormatter = $formatter instanceof IntlFormatterInterface;
     }
 
+    /**
+     * @return void
+     */
     public function setConfigCacheFactory(ConfigCacheFactoryInterface $configCacheFactory)
     {
         $this->configCacheFactory = $configCacheFactory;
@@ -92,6 +92,8 @@ class Translator implements TranslatorInterface, TranslatorBagInterface, LocaleA
      * Adds a Loader.
      *
      * @param string $format The name of the loader (@see addResource())
+     *
+     * @return void
      */
     public function addLoader(string $format, LoaderInterface $loader)
     {
@@ -104,13 +106,13 @@ class Translator implements TranslatorInterface, TranslatorBagInterface, LocaleA
      * @param string $format   The name of the loader (@see addLoader())
      * @param mixed  $resource The resource name
      *
+     * @return void
+     *
      * @throws InvalidArgumentException If the locale contains invalid characters
      */
-    public function addResource(string $format, mixed $resource, string $locale, string $domain = null)
+    public function addResource(string $format, mixed $resource, string $locale, ?string $domain = null)
     {
-        if (null === $domain) {
-            $domain = 'messages';
-        }
+        $domain ??= 'messages';
 
         $this->assertValidLocale($locale);
         $locale ?: $locale = class_exists(\Locale::class) ? \Locale::getDefault() : 'en';
@@ -125,7 +127,7 @@ class Translator implements TranslatorInterface, TranslatorBagInterface, LocaleA
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function setLocale(string $locale)
     {
@@ -133,9 +135,6 @@ class Translator implements TranslatorInterface, TranslatorBagInterface, LocaleA
         $this->locale = $locale;
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function getLocale(): string
     {
         return $this->locale ?: (class_exists(\Locale::class) ? \Locale::getDefault() : 'en');
@@ -146,6 +145,8 @@ class Translator implements TranslatorInterface, TranslatorBagInterface, LocaleA
      *
      * @param string[] $locales
      *
+     * @return void
+     *
      * @throws InvalidArgumentException If a locale contains invalid characters
      */
     public function setFallbackLocales(array $locales)
@@ -170,18 +171,13 @@ class Translator implements TranslatorInterface, TranslatorBagInterface, LocaleA
         return $this->fallbackLocales;
     }
 
-    /**
-     * {@inheritdoc}
-     */
-    public function trans(?string $id, array $parameters = [], string $domain = null, string $locale = null): string
+    public function trans(?string $id, array $parameters = [], ?string $domain = null, ?string $locale = null): string
     {
         if (null === $id || '' === $id) {
             return '';
         }
 
-        if (null === $domain) {
-            $domain = 'messages';
-        }
+        $domain ??= 'messages';
 
         $catalogue = $this->getCatalogue($locale);
         $locale = $catalogue->getLocale();
@@ -194,6 +190,8 @@ class Translator implements TranslatorInterface, TranslatorBagInterface, LocaleA
             }
         }
 
+        $parameters = array_map(fn ($parameter) => $parameter instanceof TranslatableInterface ? $parameter->trans($this, $locale) : $parameter, $parameters);
+
         $len = \strlen(MessageCatalogue::INTL_DOMAIN_SUFFIX);
         if ($this->hasIntlFormatter
             && ($catalogue->defines($id, $domain.MessageCatalogue::INTL_DOMAIN_SUFFIX)
@@ -205,10 +203,7 @@ class Translator implements TranslatorInterface, TranslatorBagInterface, LocaleA
         return $this->formatter->format($catalogue->get($id, $domain), $locale, $parameters);
     }
 
-    /**
-     * {@inheritdoc}
-     */
-    public function getCatalogue(string $locale = null): MessageCatalogueInterface
+    public function getCatalogue(?string $locale = null): MessageCatalogueInterface
     {
         if (!$locale) {
             $locale = $this->getLocale();
@@ -223,9 +218,6 @@ class Translator implements TranslatorInterface, TranslatorBagInterface, LocaleA
         return $this->catalogues[$locale];
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function getCatalogues(): array
     {
         return array_values($this->catalogues);
@@ -241,6 +233,9 @@ class Translator implements TranslatorInterface, TranslatorBagInterface, LocaleA
         return $this->loaders;
     }
 
+    /**
+     * @return void
+     */
     protected function loadCatalogue(string $locale)
     {
         if (null === $this->cacheDir) {
@@ -250,6 +245,9 @@ class Translator implements TranslatorInterface, TranslatorBagInterface, LocaleA
         }
     }
 
+    /**
+     * @return void
+     */
     protected function initializeCatalogue(string $locale)
     {
         $this->assertValidLocale($locale);
@@ -386,6 +384,9 @@ EOF
         }
     }
 
+    /**
+     * @return array
+     */
     protected function computeFallbackLocales(string $locale)
     {
         $this->parentLocales ??= json_decode(file_get_contents(__DIR__.'/Resources/data/parents.json'), true);
@@ -430,6 +431,8 @@ EOF
     /**
      * Asserts that the locale is valid, throws an Exception if not.
      *
+     * @return void
+     *
      * @throws InvalidArgumentException If the locale contains invalid characters
      */
     protected function assertValidLocale(string $locale)
diff --git a/data/web/inc/lib/vendor/symfony/translation/TranslatorBag.php b/data/web/inc/lib/vendor/symfony/translation/TranslatorBag.php
index ffd109f17..3b47aecee 100644
--- a/data/web/inc/lib/vendor/symfony/translation/TranslatorBag.php
+++ b/data/web/inc/lib/vendor/symfony/translation/TranslatorBag.php
@@ -35,10 +35,7 @@ final class TranslatorBag implements TranslatorBagInterface
         }
     }
 
-    /**
-     * {@inheritdoc}
-     */
-    public function getCatalogue(string $locale = null): MessageCatalogueInterface
+    public function getCatalogue(?string $locale = null): MessageCatalogueInterface
     {
         if (null === $locale || !isset($this->catalogues[$locale])) {
             $this->catalogues[$locale] = new MessageCatalogue($locale);
@@ -47,9 +44,6 @@ final class TranslatorBag implements TranslatorBagInterface
         return $this->catalogues[$locale];
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function getCatalogues(): array
     {
         return array_values($this->catalogues);
@@ -70,7 +64,7 @@ final class TranslatorBag implements TranslatorBagInterface
             $operation->moveMessagesToIntlDomainsIfPossible(AbstractOperation::NEW_BATCH);
             $newCatalogue = new MessageCatalogue($locale);
 
-            foreach ($operation->getDomains() as $domain) {
+            foreach ($catalogue->getDomains() as $domain) {
                 $newCatalogue->add($operation->getNewMessages($domain), $domain);
             }
 
@@ -94,7 +88,10 @@ final class TranslatorBag implements TranslatorBagInterface
             $obsoleteCatalogue = new MessageCatalogue($locale);
 
             foreach ($operation->getDomains() as $domain) {
-                $obsoleteCatalogue->add($operation->getObsoleteMessages($domain), $domain);
+                $obsoleteCatalogue->add(
+                    array_diff($operation->getMessages($domain), $operation->getNewMessages($domain)),
+                    $domain
+                );
             }
 
             $diff->addCatalogue($obsoleteCatalogue);
diff --git a/data/web/inc/lib/vendor/symfony/translation/TranslatorBagInterface.php b/data/web/inc/lib/vendor/symfony/translation/TranslatorBagInterface.php
index a787acf12..365d1f13b 100644
--- a/data/web/inc/lib/vendor/symfony/translation/TranslatorBagInterface.php
+++ b/data/web/inc/lib/vendor/symfony/translation/TranslatorBagInterface.php
@@ -25,7 +25,7 @@ interface TranslatorBagInterface
      *
      * @throws InvalidArgumentException If the locale contains invalid characters
      */
-    public function getCatalogue(string $locale = null): MessageCatalogueInterface;
+    public function getCatalogue(?string $locale = null): MessageCatalogueInterface;
 
     /**
      * Returns all catalogues of the instance.
diff --git a/data/web/inc/lib/vendor/symfony/translation/Util/ArrayConverter.php b/data/web/inc/lib/vendor/symfony/translation/Util/ArrayConverter.php
index 60b8be6e0..64e15b485 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Util/ArrayConverter.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Util/ArrayConverter.php
@@ -36,7 +36,7 @@ class ArrayConverter
         $tree = [];
 
         foreach ($messages as $id => $value) {
-            $referenceToElement = &self::getElementByPath($tree, explode('.', $id));
+            $referenceToElement = &self::getElementByPath($tree, self::getKeyParts($id));
 
             $referenceToElement = $value;
 
@@ -46,7 +46,7 @@ class ArrayConverter
         return $tree;
     }
 
-    private static function &getElementByPath(array &$tree, array $parts)
+    private static function &getElementByPath(array &$tree, array $parts): mixed
     {
         $elem = &$tree;
         $parentOfElem = null;
@@ -63,6 +63,7 @@ class ArrayConverter
                 $elem = &$elem[implode('.', \array_slice($parts, $i))];
                 break;
             }
+
             $parentOfElem = &$elem;
             $elem = &$elem[$part];
         }
@@ -82,7 +83,7 @@ class ArrayConverter
         return $elem;
     }
 
-    private static function cancelExpand(array &$tree, string $prefix, array $node)
+    private static function cancelExpand(array &$tree, string $prefix, array $node): void
     {
         $prefix .= '.';
 
@@ -94,4 +95,48 @@ class ArrayConverter
             }
         }
     }
+
+    /**
+     * @return string[]
+     */
+    private static function getKeyParts(string $key): array
+    {
+        $parts = explode('.', $key);
+        $partsCount = \count($parts);
+
+        $result = [];
+        $buffer = '';
+
+        foreach ($parts as $index => $part) {
+            if (0 === $index && '' === $part) {
+                $buffer = '.';
+
+                continue;
+            }
+
+            if ($index === $partsCount - 1 && '' === $part) {
+                $buffer .= '.';
+                $result[] = $buffer;
+
+                continue;
+            }
+
+            if (isset($parts[$index + 1]) && '' === $parts[$index + 1]) {
+                $buffer .= $part;
+
+                continue;
+            }
+
+            if ($buffer) {
+                $result[] = $buffer.$part;
+                $buffer = '';
+
+                continue;
+            }
+
+            $result[] = $part;
+        }
+
+        return $result;
+    }
 }
diff --git a/data/web/inc/lib/vendor/symfony/translation/Util/XliffUtils.php b/data/web/inc/lib/vendor/symfony/translation/Util/XliffUtils.php
index 85ecc8504..335c34beb 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Util/XliffUtils.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Util/XliffUtils.php
@@ -129,7 +129,7 @@ class XliffUtils
     private static function getSchema(string $xliffVersion): string
     {
         if ('1.2' === $xliffVersion) {
-            $schemaSource = file_get_contents(__DIR__.'/../Resources/schemas/xliff-core-1.2-strict.xsd');
+            $schemaSource = file_get_contents(__DIR__.'/../Resources/schemas/xliff-core-1.2-transitional.xsd');
             $xmlUri = 'http://www.w3.org/2001/xml.xsd';
         } elseif ('2.0' === $xliffVersion) {
             $schemaSource = file_get_contents(__DIR__.'/../Resources/schemas/xliff-core-2.0.xsd');
diff --git a/data/web/inc/lib/vendor/symfony/translation/Writer/TranslationWriter.php b/data/web/inc/lib/vendor/symfony/translation/Writer/TranslationWriter.php
index 5dd3a5c40..61e03cb0e 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Writer/TranslationWriter.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Writer/TranslationWriter.php
@@ -30,6 +30,8 @@ class TranslationWriter implements TranslationWriterInterface
 
     /**
      * Adds a dumper to the writer.
+     *
+     * @return void
      */
     public function addDumper(string $format, DumperInterface $dumper)
     {
@@ -50,6 +52,8 @@ class TranslationWriter implements TranslationWriterInterface
      * @param string $format  The format to use to dump the messages
      * @param array  $options Options that are passed to the dumper
      *
+     * @return void
+     *
      * @throws InvalidArgumentException
      */
     public function write(MessageCatalogue $catalogue, string $format, array $options = [])
diff --git a/data/web/inc/lib/vendor/symfony/translation/Writer/TranslationWriterInterface.php b/data/web/inc/lib/vendor/symfony/translation/Writer/TranslationWriterInterface.php
index 43213097e..5ebb9794a 100644
--- a/data/web/inc/lib/vendor/symfony/translation/Writer/TranslationWriterInterface.php
+++ b/data/web/inc/lib/vendor/symfony/translation/Writer/TranslationWriterInterface.php
@@ -27,6 +27,8 @@ interface TranslationWriterInterface
      * @param string $format  The format to use to dump the messages
      * @param array  $options Options that are passed to the dumper
      *
+     * @return void
+     *
      * @throws InvalidArgumentException
      */
     public function write(MessageCatalogue $catalogue, string $format, array $options = []);
diff --git a/data/web/inc/lib/vendor/symfony/translation/composer.json b/data/web/inc/lib/vendor/symfony/translation/composer.json
index abe8b972c..af6f7a3df 100644
--- a/data/web/inc/lib/vendor/symfony/translation/composer.json
+++ b/data/web/inc/lib/vendor/symfony/translation/composer.json
@@ -16,27 +16,32 @@
         }
     ],
     "require": {
-        "php": ">=8.0.2",
+        "php": ">=8.1",
+        "symfony/deprecation-contracts": "^2.5|^3",
         "symfony/polyfill-mbstring": "~1.0",
-        "symfony/translation-contracts": "^2.3|^3.0"
+        "symfony/translation-contracts": "^2.5|^3.0"
     },
     "require-dev": {
-        "symfony/config": "^5.4|^6.0",
-        "symfony/console": "^5.4|^6.0",
-        "symfony/dependency-injection": "^5.4|^6.0",
-        "symfony/http-client-contracts": "^1.1|^2.0|^3.0",
-        "symfony/http-kernel": "^5.4|^6.0",
-        "symfony/intl": "^5.4|^6.0",
+        "nikic/php-parser": "^4.18|^5.0",
+        "symfony/config": "^5.4|^6.0|^7.0",
+        "symfony/console": "^5.4|^6.0|^7.0",
+        "symfony/dependency-injection": "^5.4|^6.0|^7.0",
+        "symfony/http-client-contracts": "^2.5|^3.0",
+        "symfony/http-kernel": "^5.4|^6.0|^7.0",
+        "symfony/intl": "^5.4|^6.0|^7.0",
         "symfony/polyfill-intl-icu": "^1.21",
-        "symfony/service-contracts": "^1.1.2|^2|^3",
-        "symfony/yaml": "^5.4|^6.0",
-        "symfony/finder": "^5.4|^6.0",
+        "symfony/routing": "^5.4|^6.0|^7.0",
+        "symfony/service-contracts": "^2.5|^3",
+        "symfony/yaml": "^5.4|^6.0|^7.0",
+        "symfony/finder": "^5.4|^6.0|^7.0",
         "psr/log": "^1|^2|^3"
     },
     "conflict": {
         "symfony/config": "<5.4",
         "symfony/dependency-injection": "<5.4",
+        "symfony/http-client-contracts": "<2.5",
         "symfony/http-kernel": "<5.4",
+        "symfony/service-contracts": "<2.5",
         "symfony/twig-bundle": "<5.4",
         "symfony/yaml": "<5.4",
         "symfony/console": "<5.4"
@@ -44,11 +49,6 @@
     "provide": {
         "symfony/translation-implementation": "2.3|3.0"
     },
-    "suggest": {
-        "symfony/config": "",
-        "symfony/yaml": "",
-        "psr/log-implementation": "To use logging capability in translator"
-    },
     "autoload": {
         "files": [ "Resources/functions.php" ],
         "psr-4": { "Symfony\\Component\\Translation\\": "" },
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/CHANGELOG.md b/data/web/inc/lib/vendor/symfony/var-dumper/CHANGELOG.md
index f58ed3170..7481cff1a 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/CHANGELOG.md
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/CHANGELOG.md
@@ -1,6 +1,25 @@
 CHANGELOG
 =========
 
+6.4
+---
+
+ * Dump uninitialized properties
+
+6.3
+---
+
+ * Add caster for `WeakMap`
+ * Add support of named arguments to `dd()` and `dump()` to display the argument name
+ * Add support for `Relay\Relay`
+ * Add display of invisible characters
+
+6.2
+---
+
+ * Add support for `FFI\CData` and `FFI\CType`
+ * Deprecate calling `VarDumper::setHandler()` without arguments
+
 5.4
 ---
 
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/AmqpCaster.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/AmqpCaster.php
index dc3b62198..22026f46a 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/AmqpCaster.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/AmqpCaster.php
@@ -46,6 +46,9 @@ class AmqpCaster
         \AMQP_EX_TYPE_HEADERS => 'AMQP_EX_TYPE_HEADERS',
     ];
 
+    /**
+     * @return array
+     */
     public static function castConnection(\AMQPConnection $c, array $a, Stub $stub, bool $isNested)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -79,6 +82,9 @@ class AmqpCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castChannel(\AMQPChannel $c, array $a, Stub $stub, bool $isNested)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -102,6 +108,9 @@ class AmqpCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castQueue(\AMQPQueue $c, array $a, Stub $stub, bool $isNested)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -125,6 +134,9 @@ class AmqpCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castExchange(\AMQPExchange $c, array $a, Stub $stub, bool $isNested)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -153,6 +165,9 @@ class AmqpCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castEnvelope(\AMQPEnvelope $c, array $a, Stub $stub, bool $isNested, int $filter = 0)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ArgsStub.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ArgsStub.php
index a89a71b1f..9dc24c1b1 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ArgsStub.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ArgsStub.php
@@ -28,7 +28,7 @@ class ArgsStub extends EnumStub
 
         $values = [];
         foreach ($args as $k => $v) {
-            $values[$k] = !is_scalar($v) && !$v instanceof Stub ? new CutStub($v) : $v;
+            $values[$k] = !\is_scalar($v) && !$v instanceof Stub ? new CutStub($v) : $v;
         }
         if (null === $params) {
             parent::__construct($values, false);
@@ -57,7 +57,7 @@ class ArgsStub extends EnumStub
 
         try {
             $r = null !== $class ? new \ReflectionMethod($class, $function) : new \ReflectionFunction($function);
-        } catch (\ReflectionException $e) {
+        } catch (\ReflectionException) {
             return [null, null];
         }
 
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/Caster.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/Caster.php
index 53f4461d0..d9577e7ae 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/Caster.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/Caster.php
@@ -32,22 +32,27 @@ class Caster
     public const EXCLUDE_EMPTY = 128;
     public const EXCLUDE_NOT_IMPORTANT = 256;
     public const EXCLUDE_STRICT = 512;
+    public const EXCLUDE_UNINITIALIZED = 1024;
 
     public const PREFIX_VIRTUAL = "\0~\0";
     public const PREFIX_DYNAMIC = "\0+\0";
     public const PREFIX_PROTECTED = "\0*\0";
+    // usage: sprintf(Caster::PATTERN_PRIVATE, $class, $property)
+    public const PATTERN_PRIVATE = "\0%s\0%s";
+
+    private static array $classProperties = [];
 
     /**
      * Casts objects to arrays and adds the dynamic property prefix.
      *
      * @param bool $hasDebugInfo Whether the __debugInfo method exists on $obj or not
      */
-    public static function castObject(object $obj, string $class, bool $hasDebugInfo = false, string $debugClass = null): array
+    public static function castObject(object $obj, string $class, bool $hasDebugInfo = false, ?string $debugClass = null): array
     {
         if ($hasDebugInfo) {
             try {
                 $debugInfo = $obj->__debugInfo();
-            } catch (\Exception $e) {
+            } catch (\Throwable) {
                 // ignore failing __debugInfo()
                 $hasDebugInfo = false;
             }
@@ -59,20 +64,17 @@ class Caster
             return $a;
         }
 
+        $classProperties = self::$classProperties[$class] ??= self::getClassProperties(new \ReflectionClass($class));
+        $a = array_replace($classProperties, $a);
+
         if ($a) {
-            static $publicProperties = [];
-            $debugClass = $debugClass ?? get_debug_type($obj);
+            $debugClass ??= get_debug_type($obj);
 
             $i = 0;
             $prefixedKeys = [];
             foreach ($a as $k => $v) {
                 if ("\0" !== ($k[0] ?? '')) {
-                    if (!isset($publicProperties[$class])) {
-                        foreach ((new \ReflectionClass($class))->getProperties(\ReflectionProperty::IS_PUBLIC) as $prop) {
-                            $publicProperties[$class][$prop->name] = true;
-                        }
-                    }
-                    if (!isset($publicProperties[$class][$k])) {
+                    if (!isset($classProperties[$k])) {
                         $prefixedKeys[$i] = self::PREFIX_DYNAMIC.$k;
                     }
                 } elseif ($debugClass !== $class && 1 === strpos($k, $class)) {
@@ -115,7 +117,7 @@ class Caster
      * @param array    $a                The array containing the properties to filter
      * @param int      $filter           A bit field of Caster::EXCLUDE_* constants specifying which properties to filter out
      * @param string[] $listedProperties List of properties to exclude when Caster::EXCLUDE_VERBOSE is set, and to preserve when Caster::EXCLUDE_NOT_IMPORTANT is set
-     * @param int      &$count           Set to the number of removed properties
+     * @param int|null &$count           Set to the number of removed properties
      */
     public static function filter(array $a, int $filter, array $listedProperties = [], ?int &$count = 0): array
     {
@@ -129,6 +131,8 @@ class Caster
                 $type |= self::EXCLUDE_EMPTY & $filter;
             } elseif (false === $v || '' === $v || '0' === $v || 0 === $v || 0.0 === $v || [] === $v) {
                 $type |= self::EXCLUDE_EMPTY & $filter;
+            } elseif ($v instanceof UninitializedStub) {
+                $type |= self::EXCLUDE_UNINITIALIZED & $filter;
             }
             if ((self::EXCLUDE_NOT_IMPORTANT & $filter) && !\in_array($k, $listedProperties, true)) {
                 $type |= self::EXCLUDE_NOT_IMPORTANT;
@@ -167,4 +171,28 @@ class Caster
 
         return $a;
     }
+
+    private static function getClassProperties(\ReflectionClass $class): array
+    {
+        $classProperties = [];
+        $className = $class->name;
+
+        if ($parent = $class->getParentClass()) {
+            $classProperties += self::$classProperties[$parent->name] ??= self::getClassProperties($parent);
+        }
+
+        foreach ($class->getProperties() as $p) {
+            if ($p->isStatic()) {
+                continue;
+            }
+
+            $classProperties[match (true) {
+                $p->isPublic() => $p->name,
+                $p->isProtected() => self::PREFIX_PROTECTED.$p->name,
+                default => "\0".$className."\0".$p->name,
+            }] = new UninitializedStub($p);
+        }
+
+        return $classProperties;
+    }
 }
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ClassStub.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ClassStub.php
index 1ac6d0ac3..914728663 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ClassStub.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ClassStub.php
@@ -24,7 +24,7 @@ class ClassStub extends ConstStub
      * @param string   $identifier A PHP identifier, e.g. a class, method, interface, etc. name
      * @param callable $callable   The callable targeted by the identifier when it is ambiguous or not a real PHP identifier
      */
-    public function __construct(string $identifier, callable|array|string $callable = null)
+    public function __construct(string $identifier, callable|array|string|null $callable = null)
     {
         $this->value = $identifier;
 
@@ -50,15 +50,13 @@ class ClassStub extends ConstStub
             if (\is_array($r)) {
                 try {
                     $r = new \ReflectionMethod($r[0], $r[1]);
-                } catch (\ReflectionException $e) {
+                } catch (\ReflectionException) {
                     $r = new \ReflectionClass($r[0]);
                 }
             }
 
             if (str_contains($identifier, "@anonymous\0")) {
-                $this->value = $identifier = preg_replace_callback('/[a-zA-Z_\x7f-\xff][\\\\a-zA-Z0-9_\x7f-\xff]*+@anonymous\x00.*?\.php(?:0x?|:[0-9]++\$)[0-9a-fA-F]++/', function ($m) {
-                    return class_exists($m[0], false) ? (get_parent_class($m[0]) ?: key(class_implements($m[0])) ?: 'class').'@anonymous' : $m[0];
-                }, $identifier);
+                $this->value = $identifier = preg_replace_callback('/[a-zA-Z_\x7f-\xff][\\\\a-zA-Z0-9_\x7f-\xff]*+@anonymous\x00.*?\.php(?:0x?|:[0-9]++\$)[0-9a-fA-F]++/', fn ($m) => class_exists($m[0], false) ? (get_parent_class($m[0]) ?: key(class_implements($m[0])) ?: 'class').'@anonymous' : $m[0], $identifier);
             }
 
             if (null !== $callable && $r instanceof \ReflectionFunctionAbstract) {
@@ -71,7 +69,7 @@ class ClassStub extends ConstStub
                     $this->value .= $s;
                 }
             }
-        } catch (\ReflectionException $e) {
+        } catch (\ReflectionException) {
             return;
         } finally {
             if (0 < $i = strrpos($this->value, '\\')) {
@@ -87,6 +85,9 @@ class ClassStub extends ConstStub
         }
     }
 
+    /**
+     * @return mixed
+     */
     public static function wrapCallable(mixed $callable)
     {
         if (\is_object($callable) || !\is_callable($callable)) {
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ConstStub.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ConstStub.php
index d7d1812bd..587c6c398 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ConstStub.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ConstStub.php
@@ -20,7 +20,7 @@ use Symfony\Component\VarDumper\Cloner\Stub;
  */
 class ConstStub extends Stub
 {
-    public function __construct(string $name, string|int|float $value = null)
+    public function __construct(string $name, string|int|float|null $value = null)
     {
         $this->class = $name;
         $this->value = 1 < \func_num_args() ? $value : $name;
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/CutStub.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/CutStub.php
index b5a96a02c..772399ef6 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/CutStub.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/CutStub.php
@@ -27,7 +27,7 @@ class CutStub extends Stub
         switch (\gettype($value)) {
             case 'object':
                 $this->type = self::TYPE_OBJECT;
-                $this->class = \get_class($value);
+                $this->class = $value::class;
 
                 if ($value instanceof \Closure) {
                     ReflectionCaster::castClosure($value, [], $this, true, Caster::EXCLUDE_VERBOSE);
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/DOMCaster.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/DOMCaster.php
index 4dd16e0ee..d2d3fc129 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/DOMCaster.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/DOMCaster.php
@@ -63,6 +63,9 @@ class DOMCaster
         \XML_NAMESPACE_DECL_NODE => 'XML_NAMESPACE_DECL_NODE',
     ];
 
+    /**
+     * @return array
+     */
     public static function castException(\DOMException $e, array $a, Stub $stub, bool $isNested)
     {
         $k = Caster::PREFIX_PROTECTED.'code';
@@ -73,6 +76,9 @@ class DOMCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castLength($dom, array $a, Stub $stub, bool $isNested)
     {
         $a += [
@@ -82,6 +88,9 @@ class DOMCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castImplementation(\DOMImplementation $dom, array $a, Stub $stub, bool $isNested)
     {
         $a += [
@@ -92,6 +101,9 @@ class DOMCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castNode(\DOMNode $dom, array $a, Stub $stub, bool $isNested)
     {
         $a += [
@@ -116,6 +128,9 @@ class DOMCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castNameSpaceNode(\DOMNameSpaceNode $dom, array $a, Stub $stub, bool $isNested)
     {
         $a += [
@@ -132,6 +147,9 @@ class DOMCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castDocument(\DOMDocument $dom, array $a, Stub $stub, bool $isNested, int $filter = 0)
     {
         $a += [
@@ -166,6 +184,9 @@ class DOMCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castCharacterData(\DOMCharacterData $dom, array $a, Stub $stub, bool $isNested)
     {
         $a += [
@@ -176,6 +197,9 @@ class DOMCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castAttr(\DOMAttr $dom, array $a, Stub $stub, bool $isNested)
     {
         $a += [
@@ -189,6 +213,9 @@ class DOMCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castElement(\DOMElement $dom, array $a, Stub $stub, bool $isNested)
     {
         $a += [
@@ -199,6 +226,9 @@ class DOMCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castText(\DOMText $dom, array $a, Stub $stub, bool $isNested)
     {
         $a += [
@@ -208,43 +238,9 @@ class DOMCaster
         return $a;
     }
 
-    public static function castTypeinfo(\DOMTypeinfo $dom, array $a, Stub $stub, bool $isNested)
-    {
-        $a += [
-            'typeName' => $dom->typeName,
-            'typeNamespace' => $dom->typeNamespace,
-        ];
-
-        return $a;
-    }
-
-    public static function castDomError(\DOMDomError $dom, array $a, Stub $stub, bool $isNested)
-    {
-        $a += [
-            'severity' => $dom->severity,
-            'message' => $dom->message,
-            'type' => $dom->type,
-            'relatedException' => $dom->relatedException,
-            'related_data' => $dom->related_data,
-            'location' => $dom->location,
-        ];
-
-        return $a;
-    }
-
-    public static function castLocator(\DOMLocator $dom, array $a, Stub $stub, bool $isNested)
-    {
-        $a += [
-            'lineNumber' => $dom->lineNumber,
-            'columnNumber' => $dom->columnNumber,
-            'offset' => $dom->offset,
-            'relatedNode' => $dom->relatedNode,
-            'uri' => $dom->uri ? new LinkStub($dom->uri, $dom->lineNumber) : $dom->uri,
-        ];
-
-        return $a;
-    }
-
+    /**
+     * @return array
+     */
     public static function castDocumentType(\DOMDocumentType $dom, array $a, Stub $stub, bool $isNested)
     {
         $a += [
@@ -259,6 +255,9 @@ class DOMCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castNotation(\DOMNotation $dom, array $a, Stub $stub, bool $isNested)
     {
         $a += [
@@ -269,6 +268,9 @@ class DOMCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castEntity(\DOMEntity $dom, array $a, Stub $stub, bool $isNested)
     {
         $a += [
@@ -283,6 +285,9 @@ class DOMCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castProcessingInstruction(\DOMProcessingInstruction $dom, array $a, Stub $stub, bool $isNested)
     {
         $a += [
@@ -293,6 +298,9 @@ class DOMCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castXPath(\DOMXPath $dom, array $a, Stub $stub, bool $isNested)
     {
         $a += [
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/DateCaster.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/DateCaster.php
index 99f53849b..a0cbddb76 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/DateCaster.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/DateCaster.php
@@ -24,11 +24,14 @@ class DateCaster
 {
     private const PERIOD_LIMIT = 3;
 
+    /**
+     * @return array
+     */
     public static function castDateTime(\DateTimeInterface $d, array $a, Stub $stub, bool $isNested, int $filter)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
-        $location = $d->getTimezone()->getLocation();
-        $fromNow = (new \DateTime())->diff($d);
+        $location = $d->getTimezone() ? $d->getTimezone()->getLocation() : null;
+        $fromNow = (new \DateTimeImmutable())->diff($d);
 
         $title = $d->format('l, F j, Y')
             ."\n".self::formatInterval($fromNow).' from now'
@@ -47,6 +50,9 @@ class DateCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castInterval(\DateInterval $interval, array $a, Stub $stub, bool $isNested, int $filter)
     {
         $now = new \DateTimeImmutable('@0', new \DateTimeZone('UTC'));
@@ -76,10 +82,13 @@ class DateCaster
         return $i->format(rtrim($format));
     }
 
+    /**
+     * @return array
+     */
     public static function castTimeZone(\DateTimeZone $timeZone, array $a, Stub $stub, bool $isNested, int $filter)
     {
         $location = $timeZone->getLocation();
-        $formatted = (new \DateTime('now', $timeZone))->format($location ? 'e (P)' : 'P');
+        $formatted = (new \DateTimeImmutable('now', $timeZone))->format($location ? 'e (P)' : 'P');
         $title = $location && \extension_loaded('intl') ? \Locale::getDisplayRegion('-'.$location['country_code']) : '';
 
         $z = [Caster::PREFIX_VIRTUAL.'timezone' => new ConstStub($formatted, $title)];
@@ -87,6 +96,9 @@ class DateCaster
         return $filter & Caster::EXCLUDE_VERBOSE ? $z : $z + $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castPeriod(\DatePeriod $p, array $a, Stub $stub, bool $isNested, int $filter)
     {
         $dates = [];
@@ -103,11 +115,11 @@ class DateCaster
         }
 
         $period = sprintf(
-            'every %s, from %s (%s) %s',
+            'every %s, from %s%s %s',
             self::formatInterval($p->getDateInterval()),
+            $p->include_start_date ? '[' : ']',
             self::formatDateTime($p->getStartDate()),
-            $p->include_start_date ? 'included' : 'excluded',
-            ($end = $p->getEndDate()) ? 'to '.self::formatDateTime($end) : 'recurring '.$p->recurrences.' time/s'
+            ($end = $p->getEndDate()) ? 'to '.self::formatDateTime($end).(\PHP_VERSION_ID >= 80200 && $p->include_end_date ? ']' : '[') : 'recurring '.$p->recurrences.' time/s'
         );
 
         $p = [Caster::PREFIX_VIRTUAL.'period' => new ConstStub($period, implode("\n", $dates))];
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/DoctrineCaster.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/DoctrineCaster.php
index 129b2cb47..3120c3d91 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/DoctrineCaster.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/DoctrineCaster.php
@@ -25,6 +25,9 @@ use Symfony\Component\VarDumper\Cloner\Stub;
  */
 class DoctrineCaster
 {
+    /**
+     * @return array
+     */
     public static function castCommonProxy(CommonProxy $proxy, array $a, Stub $stub, bool $isNested)
     {
         foreach (['__cloner__', '__initializer__'] as $k) {
@@ -37,6 +40,9 @@ class DoctrineCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castOrmProxy(OrmProxy $proxy, array $a, Stub $stub, bool $isNested)
     {
         foreach (['_entityPersister', '_identifier'] as $k) {
@@ -49,6 +55,9 @@ class DoctrineCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castPersistentCollection(PersistentCollection $coll, array $a, Stub $stub, bool $isNested)
     {
         foreach (['snapshot', 'association', 'typeClass'] as $k) {
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/DsPairStub.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/DsPairStub.php
index 22112af9c..afa2727b1 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/DsPairStub.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/DsPairStub.php
@@ -18,7 +18,7 @@ use Symfony\Component\VarDumper\Cloner\Stub;
  */
 class DsPairStub extends Stub
 {
-    public function __construct(string|int $key, mixed $value)
+    public function __construct(mixed $key, mixed $value)
     {
         $this->value = [
             Caster::PREFIX_VIRTUAL.'key' => $key,
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ExceptionCaster.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ExceptionCaster.php
index 8e517e079..02efb1b02 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ExceptionCaster.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ExceptionCaster.php
@@ -11,6 +11,7 @@
 
 namespace Symfony\Component\VarDumper\Caster;
 
+use Symfony\Component\ErrorHandler\Exception\FlattenException;
 use Symfony\Component\ErrorHandler\Exception\SilencedErrorContext;
 use Symfony\Component\VarDumper\Cloner\Stub;
 use Symfony\Component\VarDumper\Exception\ThrowingCasterException;
@@ -46,16 +47,25 @@ class ExceptionCaster
 
     private static array $framesCache = [];
 
+    /**
+     * @return array
+     */
     public static function castError(\Error $e, array $a, Stub $stub, bool $isNested, int $filter = 0)
     {
         return self::filterExceptionArray($stub->class, $a, "\0Error\0", $filter);
     }
 
+    /**
+     * @return array
+     */
     public static function castException(\Exception $e, array $a, Stub $stub, bool $isNested, int $filter = 0)
     {
         return self::filterExceptionArray($stub->class, $a, "\0Exception\0", $filter);
     }
 
+    /**
+     * @return array
+     */
     public static function castErrorException(\ErrorException $e, array $a, Stub $stub, bool $isNested)
     {
         if (isset($a[$s = Caster::PREFIX_PROTECTED.'severity'], self::$errorTypes[$a[$s]])) {
@@ -65,6 +75,9 @@ class ExceptionCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castThrowingCasterException(ThrowingCasterException $e, array $a, Stub $stub, bool $isNested)
     {
         $trace = Caster::PREFIX_VIRTUAL.'trace';
@@ -83,6 +96,9 @@ class ExceptionCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castSilencedErrorContext(SilencedErrorContext $e, array $a, Stub $stub, bool $isNested)
     {
         $sPrefix = "\0".SilencedErrorContext::class."\0";
@@ -110,6 +126,9 @@ class ExceptionCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castTraceStub(TraceStub $trace, array $a, Stub $stub, bool $isNested)
     {
         if (!$isNested) {
@@ -184,6 +203,9 @@ class ExceptionCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castFrameStub(FrameStub $frame, array $a, Stub $stub, bool $isNested)
     {
         if (!$isNested) {
@@ -267,6 +289,19 @@ class ExceptionCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
+    public static function castFlattenException(FlattenException $e, array $a, Stub $stub, bool $isNested)
+    {
+        if ($isNested) {
+            $k = sprintf(Caster::PATTERN_PRIVATE, FlattenException::class, 'traceAsString');
+            $a[$k] = new CutStub($a[$k]);
+        }
+
+        return $a;
+    }
+
     private static function filterExceptionArray(string $xClass, array $a, string $xPrefix, int $filter): array
     {
         if (isset($a[$xPrefix.'trace'])) {
@@ -285,12 +320,10 @@ class ExceptionCaster
         if (empty($a[$xPrefix.'previous'])) {
             unset($a[$xPrefix.'previous']);
         }
-        unset($a[$xPrefix.'string'], $a[Caster::PREFIX_DYNAMIC.'xdebug_message'], $a[Caster::PREFIX_DYNAMIC.'__destructorException']);
+        unset($a[$xPrefix.'string'], $a[Caster::PREFIX_DYNAMIC.'xdebug_message']);
 
         if (isset($a[Caster::PREFIX_PROTECTED.'message']) && str_contains($a[Caster::PREFIX_PROTECTED.'message'], "@anonymous\0")) {
-            $a[Caster::PREFIX_PROTECTED.'message'] = preg_replace_callback('/[a-zA-Z_\x7f-\xff][\\\\a-zA-Z0-9_\x7f-\xff]*+@anonymous\x00.*?\.php(?:0x?|:[0-9]++\$)[0-9a-fA-F]++/', function ($m) {
-                return class_exists($m[0], false) ? (get_parent_class($m[0]) ?: key(class_implements($m[0])) ?: 'class').'@anonymous' : $m[0];
-            }, $a[Caster::PREFIX_PROTECTED.'message']);
+            $a[Caster::PREFIX_PROTECTED.'message'] = preg_replace_callback('/[a-zA-Z_\x7f-\xff][\\\\a-zA-Z0-9_\x7f-\xff]*+@anonymous\x00.*?\.php(?:0x?|:[0-9]++\$)[0-9a-fA-F]++/', fn ($m) => class_exists($m[0], false) ? (get_parent_class($m[0]) ?: key(class_implements($m[0])) ?: 'class').'@anonymous' : $m[0], $a[Caster::PREFIX_PROTECTED.'message']);
         }
 
         if (isset($a[Caster::PREFIX_PROTECTED.'file'], $a[Caster::PREFIX_PROTECTED.'line'])) {
@@ -337,7 +370,7 @@ class ExceptionCaster
                     $stub->attr['file'] = $f;
                     $stub->attr['line'] = $caller->getStartLine();
                 }
-            } catch (\ReflectionException $e) {
+            } catch (\ReflectionException) {
                 // ignore fake class/function
             }
 
@@ -352,9 +385,7 @@ class ExceptionCaster
             $pad = null;
             for ($i = $srcContext << 1; $i >= 0; --$i) {
                 if (isset($src[$i][$ltrim]) && "\r" !== ($c = $src[$i][$ltrim]) && "\n" !== $c) {
-                    if (null === $pad) {
-                        $pad = $c;
-                    }
+                    $pad ??= $c;
                     if ((' ' !== $c && "\t" !== $c) || $pad !== $c) {
                         break;
                     }
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/FFICaster.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/FFICaster.php
new file mode 100644
index 000000000..f1984eef3
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/FFICaster.php
@@ -0,0 +1,161 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\VarDumper\Caster;
+
+use FFI\CData;
+use FFI\CType;
+use Symfony\Component\VarDumper\Cloner\Stub;
+
+/**
+ * Casts FFI extension classes to array representation.
+ *
+ * @author Nesmeyanov Kirill <nesk@xakep.ru>
+ */
+final class FFICaster
+{
+    /**
+     * In case of "char*" contains a string, the length of which depends on
+     * some other parameter, then during the generation of the string it is
+     * possible to go beyond the allowable memory area.
+     *
+     * This restriction serves to ensure that processing does not take
+     * up the entire allowable PHP memory limit.
+     */
+    private const MAX_STRING_LENGTH = 255;
+
+    public static function castCTypeOrCData(CData|CType $data, array $args, Stub $stub): array
+    {
+        if ($data instanceof CType) {
+            $type = $data;
+            $data = null;
+        } else {
+            $type = \FFI::typeof($data);
+        }
+
+        $stub->class = sprintf('%s<%s> size %d align %d', ($data ?? $type)::class, $type->getName(), $type->getSize(), $type->getAlignment());
+
+        return match ($type->getKind()) {
+            CType::TYPE_FLOAT,
+            CType::TYPE_DOUBLE,
+            \defined('\FFI\CType::TYPE_LONGDOUBLE') ? CType::TYPE_LONGDOUBLE : -1,
+            CType::TYPE_UINT8,
+            CType::TYPE_SINT8,
+            CType::TYPE_UINT16,
+            CType::TYPE_SINT16,
+            CType::TYPE_UINT32,
+            CType::TYPE_SINT32,
+            CType::TYPE_UINT64,
+            CType::TYPE_SINT64,
+            CType::TYPE_BOOL,
+            CType::TYPE_CHAR,
+            CType::TYPE_ENUM => null !== $data ? [Caster::PREFIX_VIRTUAL.'cdata' => $data->cdata] : [],
+            CType::TYPE_POINTER => self::castFFIPointer($stub, $type, $data),
+            CType::TYPE_STRUCT => self::castFFIStructLike($type, $data),
+            CType::TYPE_FUNC => self::castFFIFunction($stub, $type),
+            default => $args,
+        };
+    }
+
+    private static function castFFIFunction(Stub $stub, CType $type): array
+    {
+        $arguments = [];
+
+        for ($i = 0, $count = $type->getFuncParameterCount(); $i < $count; ++$i) {
+            $param = $type->getFuncParameterType($i);
+
+            $arguments[] = $param->getName();
+        }
+
+        $abi = match ($type->getFuncABI()) {
+            CType::ABI_DEFAULT,
+            CType::ABI_CDECL => '[cdecl]',
+            CType::ABI_FASTCALL => '[fastcall]',
+            CType::ABI_THISCALL => '[thiscall]',
+            CType::ABI_STDCALL => '[stdcall]',
+            CType::ABI_PASCAL => '[pascal]',
+            CType::ABI_REGISTER => '[register]',
+            CType::ABI_MS => '[ms]',
+            CType::ABI_SYSV => '[sysv]',
+            CType::ABI_VECTORCALL => '[vectorcall]',
+            default => '[unknown abi]'
+        };
+
+        $returnType = $type->getFuncReturnType();
+
+        $stub->class = $abi.' callable('.implode(', ', $arguments).'): '
+            .$returnType->getName();
+
+        return [Caster::PREFIX_VIRTUAL.'returnType' => $returnType];
+    }
+
+    private static function castFFIPointer(Stub $stub, CType $type, ?CData $data = null): array
+    {
+        $ptr = $type->getPointerType();
+
+        if (null === $data) {
+            return [Caster::PREFIX_VIRTUAL.'0' => $ptr];
+        }
+
+        return match ($ptr->getKind()) {
+            CType::TYPE_CHAR => [Caster::PREFIX_VIRTUAL.'cdata' => self::castFFIStringValue($data)],
+            CType::TYPE_FUNC => self::castFFIFunction($stub, $ptr),
+            default => [Caster::PREFIX_VIRTUAL.'cdata' => $data[0]],
+        };
+    }
+
+    private static function castFFIStringValue(CData $data): string|CutStub
+    {
+        $result = [];
+
+        for ($i = 0; $i < self::MAX_STRING_LENGTH; ++$i) {
+            $result[$i] = $data[$i];
+
+            if ("\0" === $result[$i]) {
+                return implode('', $result);
+            }
+        }
+
+        $string = implode('', $result);
+        $stub = new CutStub($string);
+        $stub->cut = -1;
+        $stub->value = $string;
+
+        return $stub;
+    }
+
+    private static function castFFIStructLike(CType $type, ?CData $data = null): array
+    {
+        $isUnion = ($type->getAttributes() & CType::ATTR_UNION) === CType::ATTR_UNION;
+
+        $result = [];
+
+        foreach ($type->getStructFieldNames() as $name) {
+            $field = $type->getStructFieldType($name);
+
+            // Retrieving the value of a field from a union containing
+            // a pointer is not a safe operation, because may contain
+            // incorrect data.
+            $isUnsafe = $isUnion && CType::TYPE_POINTER === $field->getKind();
+
+            if ($isUnsafe) {
+                $result[Caster::PREFIX_VIRTUAL.$name.'?'] = $field;
+            } elseif (null === $data) {
+                $result[Caster::PREFIX_VIRTUAL.$name] = $field;
+            } else {
+                $fieldName = $data->{$name} instanceof CData ? '' : $field->getName().' ';
+                $result[Caster::PREFIX_VIRTUAL.$fieldName.$name] = $data->{$name};
+            }
+        }
+
+        return $result;
+    }
+}
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/FiberCaster.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/FiberCaster.php
index c74a9e59c..b797dbd63 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/FiberCaster.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/FiberCaster.php
@@ -20,6 +20,9 @@ use Symfony\Component\VarDumper\Cloner\Stub;
  */
 final class FiberCaster
 {
+    /**
+     * @return array
+     */
     public static function castFiber(\Fiber $fiber, array $a, Stub $stub, bool $isNested, int $filter = 0)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/IntlCaster.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/IntlCaster.php
index 23b9d5da3..a4590f4b5 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/IntlCaster.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/IntlCaster.php
@@ -21,6 +21,9 @@ use Symfony\Component\VarDumper\Cloner\Stub;
  */
 class IntlCaster
 {
+    /**
+     * @return array
+     */
     public static function castMessageFormatter(\MessageFormatter $c, array $a, Stub $stub, bool $isNested)
     {
         $a += [
@@ -31,6 +34,9 @@ class IntlCaster
         return self::castError($c, $a);
     }
 
+    /**
+     * @return array
+     */
     public static function castNumberFormatter(\NumberFormatter $c, array $a, Stub $stub, bool $isNested, int $filter = 0)
     {
         $a += [
@@ -102,12 +108,15 @@ class IntlCaster
                     'SIGNIFICANT_DIGIT_SYMBOL' => $c->getSymbol(\NumberFormatter::SIGNIFICANT_DIGIT_SYMBOL),
                     'MONETARY_GROUPING_SEPARATOR_SYMBOL' => $c->getSymbol(\NumberFormatter::MONETARY_GROUPING_SEPARATOR_SYMBOL),
                 ]
-             ),
+            ),
         ];
 
         return self::castError($c, $a);
     }
 
+    /**
+     * @return array
+     */
     public static function castIntlTimeZone(\IntlTimeZone $c, array $a, Stub $stub, bool $isNested)
     {
         $a += [
@@ -125,6 +134,9 @@ class IntlCaster
         return self::castError($c, $a);
     }
 
+    /**
+     * @return array
+     */
     public static function castIntlCalendar(\IntlCalendar $c, array $a, Stub $stub, bool $isNested, int $filter = 0)
     {
         $a += [
@@ -142,6 +154,9 @@ class IntlCaster
         return self::castError($c, $a);
     }
 
+    /**
+     * @return array
+     */
     public static function castIntlDateFormatter(\IntlDateFormatter $c, array $a, Stub $stub, bool $isNested, int $filter = 0)
     {
         $a += [
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/LinkStub.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/LinkStub.php
index 36e0d3cb9..4930436df 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/LinkStub.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/LinkStub.php
@@ -23,14 +23,11 @@ class LinkStub extends ConstStub
     private static array $vendorRoots;
     private static array $composerRoots = [];
 
-    public function __construct(string $label, int $line = 0, string $href = null)
+    public function __construct(string $label, int $line = 0, ?string $href = null)
     {
         $this->value = $label;
 
-        if (null === $href) {
-            $href = $label;
-        }
-        if (!\is_string($href)) {
+        if (!\is_string($href ??= $label)) {
             return;
         }
         if (str_starts_with($href, 'file://')) {
@@ -63,7 +60,7 @@ class LinkStub extends ConstStub
         }
     }
 
-    private function getComposerRoot(string $file, bool &$inVendor)
+    private function getComposerRoot(string $file, bool &$inVendor): string|false
     {
         if (!isset(self::$vendorRoots)) {
             self::$vendorRoots = [];
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/MemcachedCaster.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/MemcachedCaster.php
index d6baa2514..2f161e8cb 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/MemcachedCaster.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/MemcachedCaster.php
@@ -23,6 +23,9 @@ class MemcachedCaster
     private static array $optionConstants;
     private static array $defaultOptions;
 
+    /**
+     * @return array
+     */
     public static function castMemcached(\Memcached $c, array $a, Stub $stub, bool $isNested)
     {
         $a += [
@@ -37,8 +40,8 @@ class MemcachedCaster
 
     private static function getNonDefaultOptions(\Memcached $c): array
     {
-        self::$defaultOptions = self::$defaultOptions ?? self::discoverDefaultOptions();
-        self::$optionConstants = self::$optionConstants ?? self::getOptionConstants();
+        self::$defaultOptions ??= self::discoverDefaultOptions();
+        self::$optionConstants ??= self::getOptionConstants();
 
         $nonDefaultOptions = [];
         foreach (self::$optionConstants as $constantKey => $value) {
@@ -56,7 +59,7 @@ class MemcachedCaster
         $defaultMemcached->addServer('127.0.0.1', 11211);
 
         $defaultOptions = [];
-        self::$optionConstants = self::$optionConstants ?? self::getOptionConstants();
+        self::$optionConstants ??= self::getOptionConstants();
 
         foreach (self::$optionConstants as $constantKey => $value) {
             $defaultOptions[$constantKey] = $defaultMemcached->getOption($value);
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/PdoCaster.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/PdoCaster.php
index 140473b53..d68eae216 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/PdoCaster.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/PdoCaster.php
@@ -59,6 +59,9 @@ class PdoCaster
         ],
     ];
 
+    /**
+     * @return array
+     */
     public static function castPdo(\PDO $c, array $a, Stub $stub, bool $isNested)
     {
         $attr = [];
@@ -76,7 +79,7 @@ class PdoCaster
                 if ($v && isset($v[$attr[$k]])) {
                     $attr[$k] = new ConstStub($v[$attr[$k]], $attr[$k]);
                 }
-            } catch (\Exception $e) {
+            } catch (\Exception) {
             }
         }
         if (isset($attr[$k = 'STATEMENT_CLASS'][1])) {
@@ -108,6 +111,9 @@ class PdoCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castPdoStatement(\PDOStatement $c, array $a, Stub $stub, bool $isNested)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/PgSqlCaster.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/PgSqlCaster.php
index d8e5b5253..0d8b3d919 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/PgSqlCaster.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/PgSqlCaster.php
@@ -69,6 +69,9 @@ class PgSqlCaster
         'function' => \PGSQL_DIAG_SOURCE_FUNCTION,
     ];
 
+    /**
+     * @return array
+     */
     public static function castLargeObject($lo, array $a, Stub $stub, bool $isNested)
     {
         $a['seek position'] = pg_lo_tell($lo);
@@ -76,6 +79,9 @@ class PgSqlCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castLink($link, array $a, Stub $stub, bool $isNested)
     {
         $a['status'] = pg_connection_status($link);
@@ -108,6 +114,9 @@ class PgSqlCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castResult($result, array $a, Stub $stub, bool $isNested)
     {
         $a['num rows'] = pg_num_rows($result);
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ProxyManagerCaster.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ProxyManagerCaster.php
index e7120191f..eb6c88db6 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ProxyManagerCaster.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ProxyManagerCaster.php
@@ -21,6 +21,9 @@ use Symfony\Component\VarDumper\Cloner\Stub;
  */
 class ProxyManagerCaster
 {
+    /**
+     * @return array
+     */
     public static function castProxy(ProxyInterface $c, array $a, Stub $stub, bool $isNested)
     {
         if ($parent = get_parent_class($c)) {
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/RdKafkaCaster.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/RdKafkaCaster.php
index 805336395..fcaa1b768 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/RdKafkaCaster.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/RdKafkaCaster.php
@@ -31,13 +31,16 @@ use Symfony\Component\VarDumper\Cloner\Stub;
  */
 class RdKafkaCaster
 {
+    /**
+     * @return array
+     */
     public static function castKafkaConsumer(KafkaConsumer $c, array $a, Stub $stub, bool $isNested)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
 
         try {
             $assignment = $c->getAssignment();
-        } catch (RdKafkaException $e) {
+        } catch (RdKafkaException) {
             $assignment = [];
         }
 
@@ -51,6 +54,9 @@ class RdKafkaCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castTopic(Topic $c, array $a, Stub $stub, bool $isNested)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -62,6 +68,9 @@ class RdKafkaCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castTopicPartition(TopicPartition $c, array $a)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -75,6 +84,9 @@ class RdKafkaCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castMessage(Message $c, array $a, Stub $stub, bool $isNested)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -86,6 +98,9 @@ class RdKafkaCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castConf(Conf $c, array $a, Stub $stub, bool $isNested)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -97,6 +112,9 @@ class RdKafkaCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castTopicConf(TopicConf $c, array $a, Stub $stub, bool $isNested)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -108,6 +126,9 @@ class RdKafkaCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castRdKafka(\RdKafka $c, array $a, Stub $stub, bool $isNested)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -121,6 +142,9 @@ class RdKafkaCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castCollectionMetadata(CollectionMetadata $c, array $a, Stub $stub, bool $isNested)
     {
         $a += iterator_to_array($c);
@@ -128,6 +152,9 @@ class RdKafkaCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castTopicMetadata(TopicMetadata $c, array $a, Stub $stub, bool $isNested)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -140,6 +167,9 @@ class RdKafkaCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castPartitionMetadata(PartitionMetadata $c, array $a, Stub $stub, bool $isNested)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -153,6 +183,9 @@ class RdKafkaCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castBrokerMetadata(BrokerMetadata $c, array $a, Stub $stub, bool $isNested)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -166,13 +199,16 @@ class RdKafkaCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     private static function extractMetadata(KafkaConsumer|\RdKafka $c)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
 
         try {
             $m = $c->getMetadata(true, null, 500);
-        } catch (RdKafkaException $e) {
+        } catch (RdKafkaException) {
             return [];
         }
 
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/RedisCaster.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/RedisCaster.php
index eac25a12a..6ff046754 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/RedisCaster.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/RedisCaster.php
@@ -11,6 +11,7 @@
 
 namespace Symfony\Component\VarDumper\Caster;
 
+use Relay\Relay;
 use Symfony\Component\VarDumper\Cloner\Stub;
 
 /**
@@ -23,15 +24,15 @@ use Symfony\Component\VarDumper\Cloner\Stub;
 class RedisCaster
 {
     private const SERIALIZERS = [
-        \Redis::SERIALIZER_NONE => 'NONE',
-        \Redis::SERIALIZER_PHP => 'PHP',
+        0 => 'NONE', // Redis::SERIALIZER_NONE
+        1 => 'PHP', // Redis::SERIALIZER_PHP
         2 => 'IGBINARY', // Optional Redis::SERIALIZER_IGBINARY
     ];
 
     private const MODES = [
-        \Redis::ATOMIC => 'ATOMIC',
-        \Redis::MULTI => 'MULTI',
-        \Redis::PIPELINE => 'PIPELINE',
+        0 => 'ATOMIC', // Redis::ATOMIC
+        1 => 'MULTI', // Redis::MULTI
+        2 => 'PIPELINE', // Redis::PIPELINE
     ];
 
     private const COMPRESSION_MODES = [
@@ -46,7 +47,10 @@ class RedisCaster
         \RedisCluster::FAILOVER_DISTRIBUTE_SLAVES => 'DISTRIBUTE_SLAVES',
     ];
 
-    public static function castRedis(\Redis $c, array $a, Stub $stub, bool $isNested)
+    /**
+     * @return array
+     */
+    public static function castRedis(\Redis|Relay $c, array $a, Stub $stub, bool $isNested)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
 
@@ -72,6 +76,9 @@ class RedisCaster
         ];
     }
 
+    /**
+     * @return array
+     */
     public static function castRedisArray(\RedisArray $c, array $a, Stub $stub, bool $isNested)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -84,6 +91,9 @@ class RedisCaster
         ];
     }
 
+    /**
+     * @return array
+     */
     public static function castRedisCluster(\RedisCluster $c, array $a, Stub $stub, bool $isNested)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -102,9 +112,9 @@ class RedisCaster
         return $a;
     }
 
-    private static function getRedisOptions(\Redis|\RedisArray|\RedisCluster $redis, array $options = []): EnumStub
+    private static function getRedisOptions(\Redis|Relay|\RedisArray|\RedisCluster $redis, array $options = []): EnumStub
     {
-        $serializer = $redis->getOption(\Redis::OPT_SERIALIZER);
+        $serializer = $redis->getOption(\defined('Redis::OPT_SERIALIZER') ? \Redis::OPT_SERIALIZER : 1);
         if (\is_array($serializer)) {
             foreach ($serializer as &$v) {
                 if (isset(self::SERIALIZERS[$v])) {
@@ -136,11 +146,11 @@ class RedisCaster
         }
 
         $options += [
-            'TCP_KEEPALIVE' => \defined('Redis::OPT_TCP_KEEPALIVE') ? $redis->getOption(\Redis::OPT_TCP_KEEPALIVE) : 0,
-            'READ_TIMEOUT' => $redis->getOption(\Redis::OPT_READ_TIMEOUT),
+            'TCP_KEEPALIVE' => \defined('Redis::OPT_TCP_KEEPALIVE') ? $redis->getOption(\Redis::OPT_TCP_KEEPALIVE) : Relay::OPT_TCP_KEEPALIVE,
+            'READ_TIMEOUT' => $redis->getOption(\defined('Redis::OPT_READ_TIMEOUT') ? \Redis::OPT_READ_TIMEOUT : Relay::OPT_READ_TIMEOUT),
             'COMPRESSION' => $compression,
             'SERIALIZER' => $serializer,
-            'PREFIX' => $redis->getOption(\Redis::OPT_PREFIX),
+            'PREFIX' => $redis->getOption(\defined('Redis::OPT_PREFIX') ? \Redis::OPT_PREFIX : Relay::OPT_PREFIX),
             'SCAN' => $retry,
         ];
 
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ReflectionCaster.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ReflectionCaster.php
index 86d439f2b..4adb9bc9f 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ReflectionCaster.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ReflectionCaster.php
@@ -35,6 +35,9 @@ class ReflectionCaster
         'isVariadic' => 'isVariadic',
     ];
 
+    /**
+     * @return array
+     */
     public static function castClosure(\Closure $c, array $a, Stub $stub, bool $isNested, int $filter = 0)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -71,6 +74,9 @@ class ReflectionCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function unsetClosureFileInfo(\Closure $c, array $a)
     {
         unset($a[Caster::PREFIX_VIRTUAL.'file'], $a[Caster::PREFIX_VIRTUAL.'line']);
@@ -78,12 +84,12 @@ class ReflectionCaster
         return $a;
     }
 
-    public static function castGenerator(\Generator $c, array $a, Stub $stub, bool $isNested)
+    public static function castGenerator(\Generator $c, array $a, Stub $stub, bool $isNested): array
     {
         // Cannot create ReflectionGenerator based on a terminated Generator
         try {
             $reflectionGenerator = new \ReflectionGenerator($c);
-        } catch (\Exception $e) {
+        } catch (\Exception) {
             $a[Caster::PREFIX_VIRTUAL.'closed'] = true;
 
             return $a;
@@ -92,6 +98,9 @@ class ReflectionCaster
         return self::castReflectionGenerator($reflectionGenerator, $a, $stub, $isNested);
     }
 
+    /**
+     * @return array
+     */
     public static function castType(\ReflectionType $c, array $a, Stub $stub, bool $isNested)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -114,6 +123,9 @@ class ReflectionCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castAttribute(\ReflectionAttribute $c, array $a, Stub $stub, bool $isNested)
     {
         self::addMap($a, $c, [
@@ -124,6 +136,9 @@ class ReflectionCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castReflectionGenerator(\ReflectionGenerator $c, array $a, Stub $stub, bool $isNested)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -144,7 +159,7 @@ class ReflectionCaster
             array_unshift($trace, [
                 'function' => 'yield',
                 'file' => $function->getExecutingFile(),
-                'line' => $function->getExecutingLine() - (int) (\PHP_VERSION_ID < 80100),
+                'line' => $function->getExecutingLine(),
             ]);
             $trace[] = $frame;
             $a[$prefix.'trace'] = new TraceStub($trace, false, 0, -1, -1);
@@ -159,6 +174,9 @@ class ReflectionCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castClass(\ReflectionClass $c, array $a, Stub $stub, bool $isNested, int $filter = 0)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -190,6 +208,9 @@ class ReflectionCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castFunctionAbstract(\ReflectionFunctionAbstract $c, array $a, Stub $stub, bool $isNested, int $filter = 0)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -197,7 +218,7 @@ class ReflectionCaster
         self::addMap($a, $c, [
             'returnsReference' => 'returnsReference',
             'returnType' => 'getReturnType',
-            'class' => 'getClosureScopeClass',
+            'class' => \PHP_VERSION_ID >= 80111 ? 'getClosureCalledClass' : 'getClosureScopeClass',
             'this' => 'getClosureThis',
         ]);
 
@@ -248,6 +269,9 @@ class ReflectionCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castClassConstant(\ReflectionClassConstant $c, array $a, Stub $stub, bool $isNested)
     {
         $a[Caster::PREFIX_VIRTUAL.'modifiers'] = implode(' ', \Reflection::getModifierNames($c->getModifiers()));
@@ -258,6 +282,9 @@ class ReflectionCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castMethod(\ReflectionMethod $c, array $a, Stub $stub, bool $isNested)
     {
         $a[Caster::PREFIX_VIRTUAL.'modifiers'] = implode(' ', \Reflection::getModifierNames($c->getModifiers()));
@@ -265,6 +292,9 @@ class ReflectionCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castParameter(\ReflectionParameter $c, array $a, Stub $stub, bool $isNested)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -292,19 +322,22 @@ class ReflectionCaster
         if ($c->isOptional()) {
             try {
                 $a[$prefix.'default'] = $v = $c->getDefaultValue();
-                if ($c->isDefaultValueConstant()) {
+                if ($c->isDefaultValueConstant() && !\is_object($v)) {
                     $a[$prefix.'default'] = new ConstStub($c->getDefaultValueConstantName(), $v);
                 }
                 if (null === $v) {
                     unset($a[$prefix.'allowsNull']);
                 }
-            } catch (\ReflectionException $e) {
+            } catch (\ReflectionException) {
             }
         }
 
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castProperty(\ReflectionProperty $c, array $a, Stub $stub, bool $isNested)
     {
         $a[Caster::PREFIX_VIRTUAL.'modifiers'] = implode(' ', \Reflection::getModifierNames($c->getModifiers()));
@@ -315,6 +348,9 @@ class ReflectionCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castReference(\ReflectionReference $c, array $a, Stub $stub, bool $isNested)
     {
         $a[Caster::PREFIX_VIRTUAL.'id'] = $c->getId();
@@ -322,6 +358,9 @@ class ReflectionCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castExtension(\ReflectionExtension $c, array $a, Stub $stub, bool $isNested)
     {
         self::addMap($a, $c, [
@@ -338,6 +377,9 @@ class ReflectionCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castZendExtension(\ReflectionZendExtension $c, array $a, Stub $stub, bool $isNested)
     {
         self::addMap($a, $c, [
@@ -350,6 +392,9 @@ class ReflectionCaster
         return $a;
     }
 
+    /**
+     * @return string
+     */
     public static function getSignature(array $a)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -402,7 +447,7 @@ class ReflectionCaster
         return $signature;
     }
 
-    private static function addExtra(array &$a, \Reflector $c)
+    private static function addExtra(array &$a, \Reflector $c): void
     {
         $x = isset($a[Caster::PREFIX_VIRTUAL.'extra']) ? $a[Caster::PREFIX_VIRTUAL.'extra']->value : [];
 
@@ -418,7 +463,7 @@ class ReflectionCaster
         }
     }
 
-    private static function addMap(array &$a, object $c, array $map, string $prefix = Caster::PREFIX_VIRTUAL)
+    private static function addMap(array &$a, object $c, array $map, string $prefix = Caster::PREFIX_VIRTUAL): void
     {
         foreach ($map as $k => $m) {
             if ('isDisabled' === $k) {
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ResourceCaster.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ResourceCaster.php
index 4e597f86d..f3bbf3be4 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ResourceCaster.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ResourceCaster.php
@@ -27,6 +27,9 @@ class ResourceCaster
         return curl_getinfo($h);
     }
 
+    /**
+     * @return array
+     */
     public static function castDba($dba, array $a, Stub $stub, bool $isNested)
     {
         $list = dba_list();
@@ -35,12 +38,15 @@ class ResourceCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castProcess($process, array $a, Stub $stub, bool $isNested)
     {
         return proc_get_status($process);
     }
 
-    public static function castStream($stream, array $a, Stub $stub, bool $isNested)
+    public static function castStream($stream, array $a, Stub $stub, bool $isNested): array
     {
         $a = stream_get_meta_data($stream) + static::castStreamContext($stream, $a, $stub, $isNested);
         if ($a['uri'] ?? false) {
@@ -50,11 +56,17 @@ class ResourceCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castStreamContext($stream, array $a, Stub $stub, bool $isNested)
     {
         return @stream_context_get_params($stream) ?: $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castGd($gd, array $a, Stub $stub, bool $isNested)
     {
         $a['size'] = imagesx($gd).'x'.imagesy($gd);
@@ -63,15 +75,9 @@ class ResourceCaster
         return $a;
     }
 
-    public static function castMysqlLink($h, array $a, Stub $stub, bool $isNested)
-    {
-        $a['host'] = mysql_get_host_info($h);
-        $a['protocol'] = mysql_get_proto_info($h);
-        $a['server'] = mysql_get_server_info($h);
-
-        return $a;
-    }
-
+    /**
+     * @return array
+     */
     public static function castOpensslX509($h, array $a, Stub $stub, bool $isNested)
     {
         $stub->cut = -1;
@@ -86,7 +92,7 @@ class ResourceCaster
         $a += [
             'subject' => new EnumStub(array_intersect_key($info['subject'], ['organizationName' => true, 'commonName' => true])),
             'issuer' => new EnumStub(array_intersect_key($info['issuer'], ['organizationName' => true, 'commonName' => true])),
-            'expiry' => new ConstStub(date(\DateTime::ISO8601, $info['validTo_time_t']), $info['validTo_time_t']),
+            'expiry' => new ConstStub(date(\DateTimeInterface::ISO8601, $info['validTo_time_t']), $info['validTo_time_t']),
             'fingerprint' => new EnumStub([
                 'md5' => new ConstStub(wordwrap(strtoupper(openssl_x509_fingerprint($h, 'md5')), 2, ':', true)),
                 'sha1' => new ConstStub(wordwrap(strtoupper(openssl_x509_fingerprint($h, 'sha1')), 2, ':', true)),
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ScalarStub.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ScalarStub.php
new file mode 100644
index 000000000..3bb1935b8
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/ScalarStub.php
@@ -0,0 +1,27 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\VarDumper\Caster;
+
+use Symfony\Component\VarDumper\Cloner\Stub;
+
+/**
+ * Represents any arbitrary value.
+ *
+ * @author Alexandre Daubois <alex.daubois@gmail.com>
+ */
+class ScalarStub extends Stub
+{
+    public function __construct(mixed $value)
+    {
+        $this->value = $value;
+    }
+}
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/SplCaster.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/SplCaster.php
index a51cace1d..814d824d1 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/SplCaster.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/SplCaster.php
@@ -29,16 +29,25 @@ class SplCaster
         \SplFileObject::READ_CSV => 'READ_CSV',
     ];
 
+    /**
+     * @return array
+     */
     public static function castArrayObject(\ArrayObject $c, array $a, Stub $stub, bool $isNested)
     {
         return self::castSplArray($c, $a, $stub, $isNested);
     }
 
+    /**
+     * @return array
+     */
     public static function castArrayIterator(\ArrayIterator $c, array $a, Stub $stub, bool $isNested)
     {
         return self::castSplArray($c, $a, $stub, $isNested);
     }
 
+    /**
+     * @return array
+     */
     public static function castHeap(\Iterator $c, array $a, Stub $stub, bool $isNested)
     {
         $a += [
@@ -48,6 +57,9 @@ class SplCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castDoublyLinkedList(\SplDoublyLinkedList $c, array $a, Stub $stub, bool $isNested)
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -63,6 +75,9 @@ class SplCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castFileInfo(\SplFileInfo $c, array $a, Stub $stub, bool $isNested)
     {
         static $map = [
@@ -117,7 +132,7 @@ class SplCaster
         foreach ($map as $key => $accessor) {
             try {
                 $a[$prefix.$key] = $c->$accessor();
-            } catch (\Exception $e) {
+            } catch (\Exception) {
             }
         }
 
@@ -139,6 +154,9 @@ class SplCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castFileObject(\SplFileObject $c, array $a, Stub $stub, bool $isNested)
     {
         static $map = [
@@ -155,7 +173,7 @@ class SplCaster
         foreach ($map as $key => $accessor) {
             try {
                 $a[$prefix.$key] = $c->$accessor();
-            } catch (\Exception $e) {
+            } catch (\Exception) {
             }
         }
 
@@ -176,6 +194,9 @@ class SplCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castObjectStorage(\SplObjectStorage $c, array $a, Stub $stub, bool $isNested)
     {
         $storage = [];
@@ -184,10 +205,10 @@ class SplCaster
 
         $clone = clone $c;
         foreach ($clone as $obj) {
-            $storage[] = [
+            $storage[] = new EnumStub([
                 'object' => $obj,
                 'info' => $clone->getInfo(),
-             ];
+             ]);
         }
 
         $a += [
@@ -197,6 +218,9 @@ class SplCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castOuterIterator(\OuterIterator $c, array $a, Stub $stub, bool $isNested)
     {
         $a[Caster::PREFIX_VIRTUAL.'innerIterator'] = $c->getInnerIterator();
@@ -204,6 +228,9 @@ class SplCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castWeakReference(\WeakReference $c, array $a, Stub $stub, bool $isNested)
     {
         $a[Caster::PREFIX_VIRTUAL.'object'] = $c->get();
@@ -211,6 +238,27 @@ class SplCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
+    public static function castWeakMap(\WeakMap $c, array $a, Stub $stub, bool $isNested)
+    {
+        $map = [];
+
+        foreach (clone $c as $obj => $data) {
+            $map[] = new EnumStub([
+                'object' => $obj,
+                'data' => $data,
+             ]);
+        }
+
+        $a += [
+            Caster::PREFIX_VIRTUAL.'map' => $map,
+        ];
+
+        return $a;
+    }
+
     private static function castSplArray(\ArrayObject|\ArrayIterator $c, array $a, Stub $stub, bool $isNested): array
     {
         $prefix = Caster::PREFIX_VIRTUAL;
@@ -218,10 +266,14 @@ class SplCaster
 
         if (!($flags & \ArrayObject::STD_PROP_LIST)) {
             $c->setFlags(\ArrayObject::STD_PROP_LIST);
-            $a = Caster::castObject($c, \get_class($c), method_exists($c, '__debugInfo'), $stub->class);
+            $a = Caster::castObject($c, $c::class, method_exists($c, '__debugInfo'), $stub->class);
             $c->setFlags($flags);
         }
+
+        unset($a["\0ArrayObject\0storage"], $a["\0ArrayIterator\0storage"]);
+
         $a += [
+            $prefix.'storage' => $c->getArrayCopy(),
             $prefix.'flag::STD_PROP_LIST' => (bool) ($flags & \ArrayObject::STD_PROP_LIST),
             $prefix.'flag::ARRAY_AS_PROPS' => (bool) ($flags & \ArrayObject::ARRAY_AS_PROPS),
         ];
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/StubCaster.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/StubCaster.php
index 32ead7c27..4b93ff76f 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/StubCaster.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/StubCaster.php
@@ -22,6 +22,9 @@ use Symfony\Component\VarDumper\Cloner\Stub;
  */
 class StubCaster
 {
+    /**
+     * @return array
+     */
     public static function castStub(Stub $c, array $a, Stub $stub, bool $isNested)
     {
         if ($isNested) {
@@ -43,11 +46,17 @@ class StubCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castCutArray(CutArrayStub $c, array $a, Stub $stub, bool $isNested)
     {
         return $isNested ? $c->preservedSubset : $a;
     }
 
+    /**
+     * @return array
+     */
     public static function cutInternals($obj, array $a, Stub $stub, bool $isNested)
     {
         if ($isNested) {
@@ -59,6 +68,9 @@ class StubCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castEnum(EnumStub $c, array $a, Stub $stub, bool $isNested)
     {
         if ($isNested) {
@@ -81,4 +93,15 @@ class StubCaster
 
         return $a;
     }
+
+    /**
+     * @return array
+     */
+    public static function castScalar(ScalarStub $scalarStub, array $a, Stub $stub)
+    {
+        $stub->type = Stub::TYPE_SCALAR;
+        $stub->attr['value'] = $scalarStub->value;
+
+        return $a;
+    }
 }
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/SymfonyCaster.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/SymfonyCaster.php
index 08428b927..ebc00f90e 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/SymfonyCaster.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/SymfonyCaster.php
@@ -15,6 +15,7 @@ use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Uid\Ulid;
 use Symfony\Component\Uid\Uuid;
 use Symfony\Component\VarDumper\Cloner\Stub;
+use Symfony\Component\VarExporter\Internal\LazyObjectState;
 
 /**
  * @final
@@ -30,6 +31,9 @@ class SymfonyCaster
         'format' => 'getRequestFormat',
     ];
 
+    /**
+     * @return array
+     */
     public static function castRequest(Request $request, array $a, Stub $stub, bool $isNested)
     {
         $clone = null;
@@ -37,9 +41,7 @@ class SymfonyCaster
         foreach (self::REQUEST_GETTERS as $prop => $getter) {
             $key = Caster::PREFIX_PROTECTED.$prop;
             if (\array_key_exists($key, $a) && null === $a[$key]) {
-                if (null === $clone) {
-                    $clone = clone $request;
-                }
+                $clone ??= clone $request;
                 $a[Caster::PREFIX_VIRTUAL.$prop] = $clone->{$getter}();
             }
         }
@@ -47,9 +49,12 @@ class SymfonyCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castHttpClient($client, array $a, Stub $stub, bool $isNested)
     {
-        $multiKey = sprintf("\0%s\0multi", \get_class($client));
+        $multiKey = sprintf("\0%s\0multi", $client::class);
         if (isset($a[$multiKey])) {
             $a[$multiKey] = new CutStub($a[$multiKey]);
         }
@@ -57,6 +62,9 @@ class SymfonyCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castHttpClientResponse($response, array $a, Stub $stub, bool $isNested)
     {
         $stub->cut += \count($a);
@@ -69,6 +77,37 @@ class SymfonyCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
+    public static function castLazyObjectState($state, array $a, Stub $stub, bool $isNested)
+    {
+        if (!$isNested) {
+            return $a;
+        }
+
+        $stub->cut += \count($a) - 1;
+
+        $instance = $a['realInstance'] ?? null;
+
+        $a = ['status' => new ConstStub(match ($a['status']) {
+            LazyObjectState::STATUS_INITIALIZED_FULL => 'INITIALIZED_FULL',
+            LazyObjectState::STATUS_INITIALIZED_PARTIAL => 'INITIALIZED_PARTIAL',
+            LazyObjectState::STATUS_UNINITIALIZED_FULL => 'UNINITIALIZED_FULL',
+            LazyObjectState::STATUS_UNINITIALIZED_PARTIAL => 'UNINITIALIZED_PARTIAL',
+        }, $a['status'])];
+
+        if ($instance) {
+            $a['realInstance'] = $instance;
+            --$stub->cut;
+        }
+
+        return $a;
+    }
+
+    /**
+     * @return array
+     */
     public static function castUuid(Uuid $uuid, array $a, Stub $stub, bool $isNested)
     {
         $a[Caster::PREFIX_VIRTUAL.'toBase58'] = $uuid->toBase58();
@@ -82,6 +121,9 @@ class SymfonyCaster
         return $a;
     }
 
+    /**
+     * @return array
+     */
     public static function castUlid(Ulid $ulid, array $a, Stub $stub, bool $isNested)
     {
         $a[Caster::PREFIX_VIRTUAL.'toBase58'] = $ulid->toBase58();
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/TraceStub.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/TraceStub.php
index 5eea1c876..d215d8db0 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/TraceStub.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/TraceStub.php
@@ -25,7 +25,7 @@ class TraceStub extends Stub
     public $sliceLength;
     public $numberingOffset;
 
-    public function __construct(array $trace, bool $keepArgs = true, int $sliceOffset = 0, int $sliceLength = null, int $numberingOffset = 0)
+    public function __construct(array $trace, bool $keepArgs = true, int $sliceOffset = 0, ?int $sliceLength = null, int $numberingOffset = 0)
     {
         $this->value = $trace;
         $this->keepArgs = $keepArgs;
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/UninitializedStub.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/UninitializedStub.php
new file mode 100644
index 000000000..a9bdd9b81
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/UninitializedStub.php
@@ -0,0 +1,25 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\VarDumper\Caster;
+
+/**
+ * Represents an uninitialized property.
+ *
+ * @author Nicolas Grekas <p@tchwork.com>
+ */
+class UninitializedStub extends ConstStub
+{
+    public function __construct(\ReflectionProperty $property)
+    {
+        parent::__construct('?'.($property->hasType() ? ' '.$property->getType() : ''), 'Uninitialized property');
+    }
+}
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/XmlReaderCaster.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/XmlReaderCaster.php
index 721513c5d..1cfcf4dd8 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/XmlReaderCaster.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/XmlReaderCaster.php
@@ -1,4 +1,5 @@
 <?php
+
 /*
  * This file is part of the Symfony package.
  *
@@ -42,6 +43,9 @@ class XmlReaderCaster
         \XMLReader::XML_DECLARATION => 'XML_DECLARATION',
     ];
 
+    /**
+     * @return array
+     */
     public static function castXmlReader(\XMLReader $reader, array $a, Stub $stub, bool $isNested)
     {
         try {
@@ -51,7 +55,7 @@ class XmlReaderCaster
                 'VALIDATE' => @$reader->getParserProperty(\XMLReader::VALIDATE),
                 'SUBST_ENTITIES' => @$reader->getParserProperty(\XMLReader::SUBST_ENTITIES),
             ];
-        } catch (\Error $e) {
+        } catch (\Error) {
             $properties = [
                 'LOADDTD' => false,
                 'DEFAULTATTRS' => false,
@@ -81,6 +85,7 @@ class XmlReaderCaster
             $info[$props]->cut = $count;
         }
 
+        $a = Caster::filter($a, Caster::EXCLUDE_UNINITIALIZED, [], $count);
         $info = Caster::filter($info, Caster::EXCLUDE_EMPTY, [], $count);
         // +2 because hasValue and hasAttributes are always filtered
         $stub->cut += $count + 2;
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/XmlResourceCaster.php b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/XmlResourceCaster.php
index ba55fcedd..0cf42584a 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Caster/XmlResourceCaster.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Caster/XmlResourceCaster.php
@@ -47,6 +47,9 @@ class XmlResourceCaster
         \XML_ERROR_EXTERNAL_ENTITY_HANDLING => 'XML_ERROR_EXTERNAL_ENTITY_HANDLING',
     ];
 
+    /**
+     * @return array
+     */
     public static function castXml($h, array $a, Stub $stub, bool $isNested)
     {
         $a['current_byte_index'] = xml_get_current_byte_index($h);
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Cloner/AbstractCloner.php b/data/web/inc/lib/vendor/symfony/var-dumper/Cloner/AbstractCloner.php
index b835c0336..fc330bae2 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Cloner/AbstractCloner.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Cloner/AbstractCloner.php
@@ -28,6 +28,7 @@ abstract class AbstractCloner implements ClonerInterface
         'Symfony\Component\VarDumper\Caster\CutArrayStub' => ['Symfony\Component\VarDumper\Caster\StubCaster', 'castCutArray'],
         'Symfony\Component\VarDumper\Caster\ConstStub' => ['Symfony\Component\VarDumper\Caster\StubCaster', 'castStub'],
         'Symfony\Component\VarDumper\Caster\EnumStub' => ['Symfony\Component\VarDumper\Caster\StubCaster', 'castEnum'],
+        'Symfony\Component\VarDumper\Caster\ScalarStub' => ['Symfony\Component\VarDumper\Caster\StubCaster', 'castScalar'],
 
         'Fiber' => ['Symfony\Component\VarDumper\Caster\FiberCaster', 'castFiber'],
 
@@ -66,9 +67,6 @@ abstract class AbstractCloner implements ClonerInterface
         'DOMAttr' => ['Symfony\Component\VarDumper\Caster\DOMCaster', 'castAttr'],
         'DOMElement' => ['Symfony\Component\VarDumper\Caster\DOMCaster', 'castElement'],
         'DOMText' => ['Symfony\Component\VarDumper\Caster\DOMCaster', 'castText'],
-        'DOMTypeinfo' => ['Symfony\Component\VarDumper\Caster\DOMCaster', 'castTypeinfo'],
-        'DOMDomError' => ['Symfony\Component\VarDumper\Caster\DOMCaster', 'castDomError'],
-        'DOMLocator' => ['Symfony\Component\VarDumper\Caster\DOMCaster', 'castLocator'],
         'DOMDocumentType' => ['Symfony\Component\VarDumper\Caster\DOMCaster', 'castDocumentType'],
         'DOMNotation' => ['Symfony\Component\VarDumper\Caster\DOMCaster', 'castNotation'],
         'DOMEntity' => ['Symfony\Component\VarDumper\Caster\DOMCaster', 'castEntity'],
@@ -92,10 +90,12 @@ abstract class AbstractCloner implements ClonerInterface
         'Symfony\Component\HttpFoundation\Request' => ['Symfony\Component\VarDumper\Caster\SymfonyCaster', 'castRequest'],
         'Symfony\Component\Uid\Ulid' => ['Symfony\Component\VarDumper\Caster\SymfonyCaster', 'castUlid'],
         'Symfony\Component\Uid\Uuid' => ['Symfony\Component\VarDumper\Caster\SymfonyCaster', 'castUuid'],
+        'Symfony\Component\VarExporter\Internal\LazyObjectState' => ['Symfony\Component\VarDumper\Caster\SymfonyCaster', 'castLazyObjectState'],
         'Symfony\Component\VarDumper\Exception\ThrowingCasterException' => ['Symfony\Component\VarDumper\Caster\ExceptionCaster', 'castThrowingCasterException'],
         'Symfony\Component\VarDumper\Caster\TraceStub' => ['Symfony\Component\VarDumper\Caster\ExceptionCaster', 'castTraceStub'],
         'Symfony\Component\VarDumper\Caster\FrameStub' => ['Symfony\Component\VarDumper\Caster\ExceptionCaster', 'castFrameStub'],
         'Symfony\Component\VarDumper\Cloner\AbstractCloner' => ['Symfony\Component\VarDumper\Caster\StubCaster', 'cutInternals'],
+        'Symfony\Component\ErrorHandler\Exception\FlattenException' => ['Symfony\Component\VarDumper\Caster\ExceptionCaster', 'castFlattenException'],
         'Symfony\Component\ErrorHandler\Exception\SilencedErrorContext' => ['Symfony\Component\VarDumper\Caster\ExceptionCaster', 'castSilencedErrorContext'],
 
         'Imagine\Image\ImageInterface' => ['Symfony\Component\VarDumper\Caster\ImagineCaster', 'castImage'],
@@ -127,9 +127,11 @@ abstract class AbstractCloner implements ClonerInterface
         'SplObjectStorage' => ['Symfony\Component\VarDumper\Caster\SplCaster', 'castObjectStorage'],
         'SplPriorityQueue' => ['Symfony\Component\VarDumper\Caster\SplCaster', 'castHeap'],
         'OuterIterator' => ['Symfony\Component\VarDumper\Caster\SplCaster', 'castOuterIterator'],
+        'WeakMap' => ['Symfony\Component\VarDumper\Caster\SplCaster', 'castWeakMap'],
         'WeakReference' => ['Symfony\Component\VarDumper\Caster\SplCaster', 'castWeakReference'],
 
         'Redis' => ['Symfony\Component\VarDumper\Caster\RedisCaster', 'castRedis'],
+        'Relay\Relay' => ['Symfony\Component\VarDumper\Caster\RedisCaster', 'castRedis'],
         'RedisArray' => ['Symfony\Component\VarDumper\Caster\RedisCaster', 'castRedisArray'],
         'RedisCluster' => ['Symfony\Component\VarDumper\Caster\RedisCaster', 'castRedisCluster'],
 
@@ -163,7 +165,6 @@ abstract class AbstractCloner implements ClonerInterface
         'GdImage' => ['Symfony\Component\VarDumper\Caster\ResourceCaster', 'castGd'],
         ':gd' => ['Symfony\Component\VarDumper\Caster\ResourceCaster', 'castGd'],
 
-        ':mysql link' => ['Symfony\Component\VarDumper\Caster\ResourceCaster', 'castMysqlLink'],
         ':pgsql large object' => ['Symfony\Component\VarDumper\Caster\PgSqlCaster', 'castLargeObject'],
         ':pgsql link' => ['Symfony\Component\VarDumper\Caster\PgSqlCaster', 'castLink'],
         ':pgsql link persistent' => ['Symfony\Component\VarDumper\Caster\PgSqlCaster', 'castLink'],
@@ -191,6 +192,9 @@ abstract class AbstractCloner implements ClonerInterface
         'RdKafka\Topic' => ['Symfony\Component\VarDumper\Caster\RdKafkaCaster', 'castTopic'],
         'RdKafka\TopicPartition' => ['Symfony\Component\VarDumper\Caster\RdKafkaCaster', 'castTopicPartition'],
         'RdKafka\TopicConf' => ['Symfony\Component\VarDumper\Caster\RdKafkaCaster', 'castTopicConf'],
+
+        'FFI\CData' => ['Symfony\Component\VarDumper\Caster\FFICaster', 'castCTypeOrCData'],
+        'FFI\CType' => ['Symfony\Component\VarDumper\Caster\FFICaster', 'castCTypeOrCData'],
     ];
 
     protected $maxItems = 2500;
@@ -215,12 +219,9 @@ abstract class AbstractCloner implements ClonerInterface
      *
      * @see addCasters
      */
-    public function __construct(array $casters = null)
+    public function __construct(?array $casters = null)
     {
-        if (null === $casters) {
-            $casters = static::$defaultCasters;
-        }
-        $this->addCasters($casters);
+        $this->addCasters($casters ?? static::$defaultCasters);
     }
 
     /**
@@ -232,6 +233,8 @@ abstract class AbstractCloner implements ClonerInterface
      * see e.g. static::$defaultCasters.
      *
      * @param callable[] $casters A map of casters
+     *
+     * @return void
      */
     public function addCasters(array $casters)
     {
@@ -242,6 +245,8 @@ abstract class AbstractCloner implements ClonerInterface
 
     /**
      * Sets the maximum number of items to clone past the minimum depth in nested structures.
+     *
+     * @return void
      */
     public function setMaxItems(int $maxItems)
     {
@@ -250,6 +255,8 @@ abstract class AbstractCloner implements ClonerInterface
 
     /**
      * Sets the maximum cloned length for strings.
+     *
+     * @return void
      */
     public function setMaxString(int $maxString)
     {
@@ -259,6 +266,8 @@ abstract class AbstractCloner implements ClonerInterface
     /**
      * Sets the minimum tree depth where we are guaranteed to clone all the items.  After this
      * depth is reached, only setMaxItems items will be cloned.
+     *
+     * @return void
      */
     public function setMinDepth(int $minDepth)
     {
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Cloner/Data.php b/data/web/inc/lib/vendor/symfony/var-dumper/Cloner/Data.php
index 6ecb883e8..16f51b0c7 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Cloner/Data.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Cloner/Data.php
@@ -17,7 +17,7 @@ use Symfony\Component\VarDumper\Dumper\ContextProvider\SourceContextProvider;
 /**
  * @author Nicolas Grekas <p@tchwork.com>
  */
-class Data implements \ArrayAccess, \Countable, \IteratorAggregate
+class Data implements \ArrayAccess, \Countable, \IteratorAggregate, \Stringable
 {
     private array $data;
     private int $position = 0;
@@ -121,6 +121,9 @@ class Data implements \ArrayAccess, \Countable, \IteratorAggregate
         yield from $value;
     }
 
+    /**
+     * @return mixed
+     */
     public function __get(string $key)
     {
         if (null !== $data = $this->seek($key)) {
@@ -211,6 +214,11 @@ class Data implements \ArrayAccess, \Countable, \IteratorAggregate
         return $data;
     }
 
+    public function getContext(): array
+    {
+        return $this->context;
+    }
+
     /**
      * Seeks to a specific key in nested data structures.
      */
@@ -257,21 +265,21 @@ class Data implements \ArrayAccess, \Countable, \IteratorAggregate
 
     /**
      * Dumps data with a DumperInterface dumper.
+     *
+     * @return void
      */
     public function dump(DumperInterface $dumper)
     {
         $refs = [0];
         $cursor = new Cursor();
+        $cursor->hashType = -1;
+        $cursor->attr = $this->context[SourceContextProvider::class] ?? [];
+        $label = $this->context['label'] ?? '';
 
-        if ($cursor->attr = $this->context[SourceContextProvider::class] ?? []) {
-            $cursor->attr['if_links'] = true;
-            $cursor->hashType = -1;
-            $dumper->dumpScalar($cursor, 'default', '^');
-            $cursor->attr = ['if_links' => true];
-            $dumper->dumpScalar($cursor, 'default', ' ');
-            $cursor->hashType = 0;
+        if ($cursor->attr || '' !== $label) {
+            $dumper->dumpScalar($cursor, 'label', $label);
         }
-
+        $cursor->hashType = 0;
         $this->dumpItem($dumper, $cursor, $refs, $this->data[$this->position][$this->key]);
     }
 
@@ -280,7 +288,7 @@ class Data implements \ArrayAccess, \Countable, \IteratorAggregate
      *
      * @param mixed $item A Stub object or the original value being dumped
      */
-    private function dumpItem(DumperInterface $dumper, Cursor $cursor, array &$refs, mixed $item)
+    private function dumpItem(DumperInterface $dumper, Cursor $cursor, array &$refs, mixed $item): void
     {
         $cursor->refIndex = 0;
         $cursor->softRefTo = $cursor->softRefHandle = $cursor->softRefCount = 0;
@@ -362,6 +370,10 @@ class Data implements \ArrayAccess, \Countable, \IteratorAggregate
                     $dumper->leaveHash($cursor, $item->type, $item->class, $withChildren, $cut);
                     break;
 
+                case Stub::TYPE_SCALAR:
+                    $dumper->dumpScalar($cursor, 'default', $item->attr['value']);
+                    break;
+
                 default:
                     throw new \RuntimeException(sprintf('Unexpected Stub type: "%s".', $item->type));
             }
@@ -402,7 +414,7 @@ class Data implements \ArrayAccess, \Countable, \IteratorAggregate
         return $hashCut;
     }
 
-    private function getStub(mixed $item)
+    private function getStub(mixed $item): mixed
     {
         if (!$item || !\is_array($item)) {
             return $item;
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Cloner/DumperInterface.php b/data/web/inc/lib/vendor/symfony/var-dumper/Cloner/DumperInterface.php
index 61d02d240..4c5b315b6 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Cloner/DumperInterface.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Cloner/DumperInterface.php
@@ -20,6 +20,8 @@ interface DumperInterface
 {
     /**
      * Dumps a scalar value.
+     *
+     * @return void
      */
     public function dumpScalar(Cursor $cursor, string $type, string|int|float|bool|null $value);
 
@@ -29,6 +31,8 @@ interface DumperInterface
      * @param string $str The string being dumped
      * @param bool   $bin Whether $str is UTF-8 or binary encoded
      * @param int    $cut The number of characters $str has been cut by
+     *
+     * @return void
      */
     public function dumpString(Cursor $cursor, string $str, bool $bin, int $cut);
 
@@ -38,6 +42,8 @@ interface DumperInterface
      * @param int             $type     A Cursor::HASH_* const for the type of hash
      * @param string|int|null $class    The object class, resource type or array count
      * @param bool            $hasChild When the dump of the hash has child item
+     *
+     * @return void
      */
     public function enterHash(Cursor $cursor, int $type, string|int|null $class, bool $hasChild);
 
@@ -48,6 +54,8 @@ interface DumperInterface
      * @param string|int|null $class    The object class, resource type or array count
      * @param bool            $hasChild When the dump of the hash has child item
      * @param int             $cut      The number of items the hash has been cut by
+     *
+     * @return void
      */
     public function leaveHash(Cursor $cursor, int $type, string|int|null $class, bool $hasChild, int $cut);
 }
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Cloner/Stub.php b/data/web/inc/lib/vendor/symfony/var-dumper/Cloner/Stub.php
index 1c5b88712..0c2a4b9d0 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Cloner/Stub.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Cloner/Stub.php
@@ -23,6 +23,7 @@ class Stub
     public const TYPE_ARRAY = 3;
     public const TYPE_OBJECT = 4;
     public const TYPE_RESOURCE = 5;
+    public const TYPE_SCALAR = 6;
 
     public const STRING_BINARY = 1;
     public const STRING_UTF8 = 2;
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Cloner/VarCloner.php b/data/web/inc/lib/vendor/symfony/var-dumper/Cloner/VarCloner.php
index 9afcc348a..e168d0d3b 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Cloner/VarCloner.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Cloner/VarCloner.php
@@ -16,12 +16,8 @@ namespace Symfony\Component\VarDumper\Cloner;
  */
 class VarCloner extends AbstractCloner
 {
-    private static string $gid;
     private static array $arrayCache = [];
 
-    /**
-     * {@inheritdoc}
-     */
     protected function doClone(mixed $var): array
     {
         $len = 1;                       // Length of $queue
@@ -44,7 +40,6 @@ class VarCloner extends AbstractCloner
         $stub = null;                   // Stub capturing the main properties of an original item value
                                         // or null if the original value is used directly
 
-        $gid = self::$gid ??= md5(random_bytes(6)); // Unique string used to detect the special $GLOBALS variable
         $arrayStub = new Stub();
         $arrayStub->type = Stub::TYPE_ARRAY;
         $fromObjCast = false;
@@ -121,53 +116,15 @@ class VarCloner extends AbstractCloner
                         }
                         $stub = $arrayStub;
 
-                        if (\PHP_VERSION_ID >= 80100) {
-                            $stub->class = array_is_list($v) ? Stub::ARRAY_INDEXED : Stub::ARRAY_ASSOC;
-                            $a = $v;
-                            break;
-                        }
-
-                        $stub->class = Stub::ARRAY_INDEXED;
-
-                        $j = -1;
-                        foreach ($v as $gk => $gv) {
-                            if ($gk !== ++$j) {
-                                $stub->class = Stub::ARRAY_ASSOC;
-                                $a = $v;
-                                $a[$gid] = true;
-                                break;
-                            }
-                        }
-
-                        // Copies of $GLOBALS have very strange behavior,
-                        // let's detect them with some black magic
-                        if (isset($v[$gid])) {
-                            unset($v[$gid]);
-                            $a = [];
-                            foreach ($v as $gk => &$gv) {
-                                if ($v === $gv && !isset($hardRefs[\ReflectionReference::fromArrayElement($v, $gk)->getId()])) {
-                                    unset($v);
-                                    $v = new Stub();
-                                    $v->value = [$v->cut = \count($gv), Stub::TYPE_ARRAY => 0];
-                                    $v->handle = -1;
-                                    $gv = &$a[$gk];
-                                    $hardRefs[\ReflectionReference::fromArrayElement($a, $gk)->getId()] = &$gv;
-                                    $gv = $v;
-                                }
-
-                                $a[$gk] = &$gv;
-                            }
-                            unset($gv);
-                        } else {
-                            $a = $v;
-                        }
+                        $stub->class = array_is_list($v) ? Stub::ARRAY_INDEXED : Stub::ARRAY_ASSOC;
+                        $a = $v;
                         break;
 
                     case \is_object($v):
                         if (empty($objRefs[$h = spl_object_id($v)])) {
                             $stub = new Stub();
                             $stub->type = Stub::TYPE_OBJECT;
-                            $stub->class = \get_class($v);
+                            $stub->class = $v::class;
                             $stub->value = $v;
                             $stub->handle = $h;
                             $a = $this->castObject($stub, 0 < $i);
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Command/Descriptor/CliDescriptor.php b/data/web/inc/lib/vendor/symfony/var-dumper/Command/Descriptor/CliDescriptor.php
index e3d5f1d11..4450fe986 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Command/Descriptor/CliDescriptor.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Command/Descriptor/CliDescriptor.php
@@ -26,7 +26,7 @@ use Symfony\Component\VarDumper\Dumper\CliDumper;
  */
 class CliDescriptor implements DumpDescriptorInterface
 {
-    private $dumper;
+    private CliDumper $dumper;
     private mixed $lastIdentifier = null;
 
     public function __construct(CliDumper $dumper)
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Command/Descriptor/HtmlDescriptor.php b/data/web/inc/lib/vendor/symfony/var-dumper/Command/Descriptor/HtmlDescriptor.php
index 1c0d80a05..98f150a5e 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Command/Descriptor/HtmlDescriptor.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Command/Descriptor/HtmlDescriptor.php
@@ -24,7 +24,7 @@ use Symfony\Component\VarDumper\Dumper\HtmlDumper;
  */
 class HtmlDescriptor implements DumpDescriptorInterface
 {
-    private $dumper;
+    private HtmlDumper $dumper;
     private bool $initialized = false;
 
     public function __construct(HtmlDumper $dumper)
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Command/ServerDumpCommand.php b/data/web/inc/lib/vendor/symfony/var-dumper/Command/ServerDumpCommand.php
index 13dd475b5..b64a884b9 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Command/ServerDumpCommand.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Command/ServerDumpCommand.php
@@ -38,7 +38,7 @@ use Symfony\Component\VarDumper\Server\DumpServer;
 #[AsCommand(name: 'server:dump', description: 'Start a dump server that collects and displays dumps in a single place')]
 class ServerDumpCommand extends Command
 {
-    private $server;
+    private DumpServer $server;
 
     /** @var DumpDescriptorInterface[] */
     private array $descriptors;
@@ -54,7 +54,7 @@ class ServerDumpCommand extends Command
         parent::__construct();
     }
 
-    protected function configure()
+    protected function configure(): void
     {
         $this
             ->addOption('format', null, InputOption::VALUE_REQUIRED, sprintf('The output format (%s)', implode(', ', $this->getAvailableFormats())), 'cli')
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/AbstractDumper.php b/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/AbstractDumper.php
index 6ac380836..53165ba64 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/AbstractDumper.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/AbstractDumper.php
@@ -26,12 +26,15 @@ abstract class AbstractDumper implements DataDumperInterface, DumperInterface
     public const DUMP_COMMA_SEPARATOR = 4;
     public const DUMP_TRAILING_COMMA = 8;
 
+    /** @var callable|resource|string|null */
     public static $defaultOutput = 'php://output';
 
     protected $line = '';
+    /** @var callable|null */
     protected $lineDumper;
+    /** @var resource|null */
     protected $outputStream;
-    protected $decimalPoint; // This is locale dependent
+    protected $decimalPoint = '.';
     protected $indentPad = '  ';
     protected $flags;
 
@@ -42,12 +45,10 @@ abstract class AbstractDumper implements DataDumperInterface, DumperInterface
      * @param string|null                   $charset The default character encoding to use for non-UTF8 strings
      * @param int                           $flags   A bit field of static::DUMP_* constants to fine tune dumps representation
      */
-    public function __construct($output = null, string $charset = null, int $flags = 0)
+    public function __construct($output = null, ?string $charset = null, int $flags = 0)
     {
         $this->flags = $flags;
-        $this->setCharset($charset ?: ini_get('php.output_encoding') ?: ini_get('default_charset') ?: 'UTF-8');
-        $this->decimalPoint = localeconv();
-        $this->decimalPoint = $this->decimalPoint['decimal_point'];
+        $this->setCharset($charset ?: \ini_get('php.output_encoding') ?: \ini_get('default_charset') ?: 'UTF-8');
         $this->setOutput($output ?: static::$defaultOutput);
         if (!$output && \is_string(static::$defaultOutput)) {
             static::$defaultOutput = $this->outputStream;
@@ -57,9 +58,9 @@ abstract class AbstractDumper implements DataDumperInterface, DumperInterface
     /**
      * Sets the output destination of the dumps.
      *
-     * @param callable|resource|string $output A line dumper callable, an opened stream or an output path
+     * @param callable|resource|string|null $output A line dumper callable, an opened stream or an output path
      *
-     * @return callable|resource|string The previous output destination
+     * @return callable|resource|string|null The previous output destination
      */
     public function setOutput($output)
     {
@@ -73,7 +74,7 @@ abstract class AbstractDumper implements DataDumperInterface, DumperInterface
                 $output = fopen($output, 'w');
             }
             $this->outputStream = $output;
-            $this->lineDumper = [$this, 'echoLine'];
+            $this->lineDumper = $this->echoLine(...);
         }
 
         return $prev;
@@ -120,9 +121,6 @@ abstract class AbstractDumper implements DataDumperInterface, DumperInterface
      */
     public function dump(Data $data, $output = null): ?string
     {
-        $this->decimalPoint = localeconv();
-        $this->decimalPoint = $this->decimalPoint['decimal_point'];
-
         if ($locale = $this->flags & (self::DUMP_COMMA_SEPARATOR | self::DUMP_TRAILING_COMMA) ? setlocale(\LC_NUMERIC, 0) : null) {
             setlocale(\LC_NUMERIC, 'C');
         }
@@ -160,6 +158,8 @@ abstract class AbstractDumper implements DataDumperInterface, DumperInterface
      *
      * @param int $depth The recursive depth in the dumped structure for the line being dumped,
      *                   or -1 to signal the end-of-dump to the line dumper callable
+     *
+     * @return void
      */
     protected function dumpLine(int $depth)
     {
@@ -169,6 +169,8 @@ abstract class AbstractDumper implements DataDumperInterface, DumperInterface
 
     /**
      * Generic line dumper callback.
+     *
+     * @return void
      */
     protected function echoLine(string $line, int $depth, string $indentPad)
     {
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/CliDumper.php b/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/CliDumper.php
index f6e290ca4..af9637072 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/CliDumper.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/CliDumper.php
@@ -22,6 +22,7 @@ use Symfony\Component\VarDumper\Cloner\Stub;
 class CliDumper extends AbstractDumper
 {
     public static $defaultColors;
+    /** @var callable|resource|string|null */
     public static $defaultOutput = 'php://stdout';
 
     protected $colors;
@@ -51,6 +52,7 @@ class CliDumper extends AbstractDumper
         "\r" => '\r',
         "\033" => '\e',
     ];
+    protected static $unicodeCharsRx = "/[\u{00A0}\u{00AD}\u{034F}\u{061C}\u{115F}\u{1160}\u{17B4}\u{17B5}\u{180E}\u{2000}-\u{200F}\u{202F}\u{205F}\u{2060}-\u{2064}\u{206A}-\u{206F}\u{3000}\u{2800}\u{3164}\u{FEFF}\u{FFA0}\u{1D159}\u{1D173}-\u{1D17A}]/u";
 
     protected $collapseNextHash = false;
     protected $expandNextHash = false;
@@ -61,10 +63,7 @@ class CliDumper extends AbstractDumper
 
     private bool $handlesHrefGracefully;
 
-    /**
-     * {@inheritdoc}
-     */
-    public function __construct($output = null, string $charset = null, int $flags = 0)
+    public function __construct($output = null, ?string $charset = null, int $flags = 0)
     {
         parent::__construct($output, $charset, $flags);
 
@@ -83,11 +82,13 @@ class CliDumper extends AbstractDumper
             ]);
         }
 
-        $this->displayOptions['fileLinkFormat'] = ini_get('xdebug.file_link_format') ?: get_cfg_var('xdebug.file_link_format') ?: 'file://%f#L%l';
+        $this->displayOptions['fileLinkFormat'] = \ini_get('xdebug.file_link_format') ?: get_cfg_var('xdebug.file_link_format') ?: 'file://%f#L%l';
     }
 
     /**
      * Enables/disables colored output.
+     *
+     * @return void
      */
     public function setColors(bool $colors)
     {
@@ -96,6 +97,8 @@ class CliDumper extends AbstractDumper
 
     /**
      * Sets the maximum number of characters per line for dumped strings.
+     *
+     * @return void
      */
     public function setMaxStringWidth(int $maxStringWidth)
     {
@@ -106,6 +109,8 @@ class CliDumper extends AbstractDumper
      * Configures styles.
      *
      * @param array $styles A map of style names to style definitions
+     *
+     * @return void
      */
     public function setStyles(array $styles)
     {
@@ -116,6 +121,8 @@ class CliDumper extends AbstractDumper
      * Configures display options.
      *
      * @param array $displayOptions A map of display options to customize the behavior
+     *
+     * @return void
      */
     public function setDisplayOptions(array $displayOptions)
     {
@@ -123,11 +130,12 @@ class CliDumper extends AbstractDumper
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function dumpScalar(Cursor $cursor, string $type, string|int|float|bool|null $value)
     {
         $this->dumpKey($cursor);
+        $this->collapseNextHash = $this->expandNextHash = false;
 
         $style = 'const';
         $attr = $cursor->attr;
@@ -137,6 +145,11 @@ class CliDumper extends AbstractDumper
                 $style = 'default';
                 break;
 
+            case 'label':
+                $this->styles += ['label' => $this->styles['default']];
+                $style = 'label';
+                break;
+
             case 'integer':
                 $style = 'num';
 
@@ -153,17 +166,12 @@ class CliDumper extends AbstractDumper
                     $style = 'float';
                 }
 
-                switch (true) {
-                    case \INF === $value:  $value = 'INF'; break;
-                    case -\INF === $value: $value = '-INF'; break;
-                    case is_nan($value):  $value = 'NAN'; break;
-                    default:
-                        $value = (string) $value;
-                        if (!str_contains($value, $this->decimalPoint)) {
-                            $value .= $this->decimalPoint.'0';
-                        }
-                        break;
-                }
+                $value = match (true) {
+                    \INF === $value => 'INF',
+                    -\INF === $value => '-INF',
+                    is_nan($value) => 'NAN',
+                    default => !str_contains($value = (string) $value, $this->decimalPoint) ? $value .= $this->decimalPoint.'0' : $value,
+                };
                 break;
 
             case 'NULL':
@@ -186,11 +194,12 @@ class CliDumper extends AbstractDumper
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function dumpString(Cursor $cursor, string $str, bool $bin, int $cut)
     {
         $this->dumpKey($cursor);
+        $this->collapseNextHash = $this->expandNextHash = false;
         $attr = $cursor->attr;
 
         if ($bin) {
@@ -198,13 +207,16 @@ class CliDumper extends AbstractDumper
         }
         if ('' === $str) {
             $this->line .= '""';
+            if ($cut) {
+                $this->line .= '…'.$cut;
+            }
             $this->endValue($cursor);
         } else {
             $attr += [
                 'length' => 0 <= $cut ? mb_strlen($str, 'UTF-8') + $cut : 0,
                 'binary' => $bin,
             ];
-            $str = $bin && false !== strpos($str, "\0") ? [$str] : explode("\n", $str);
+            $str = $bin && str_contains($str, "\0") ? [$str] : explode("\n", $str);
             if (isset($str[1]) && !isset($str[2]) && !isset($str[1][0])) {
                 unset($str[1]);
                 $str[0] .= "\n";
@@ -274,15 +286,14 @@ class CliDumper extends AbstractDumper
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function enterHash(Cursor $cursor, int $type, string|int|null $class, bool $hasChild)
     {
-        if (null === $this->colors) {
-            $this->colors = $this->supportsColors();
-        }
+        $this->colors ??= $this->supportsColors();
 
         $this->dumpKey($cursor);
+        $this->expandNextHash = false;
         $attr = $cursor->attr;
 
         if ($this->collapseNextHash) {
@@ -315,7 +326,7 @@ class CliDumper extends AbstractDumper
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function leaveHash(Cursor $cursor, int $type, string|int|null $class, bool $hasChild, int $cut)
     {
@@ -332,6 +343,8 @@ class CliDumper extends AbstractDumper
      *
      * @param bool $hasChild When the dump of the hash has child item
      * @param int  $cut      The number of items the hash has been cut by
+     *
+     * @return void
      */
     protected function dumpEllipsis(Cursor $cursor, bool $hasChild, int $cut)
     {
@@ -348,6 +361,8 @@ class CliDumper extends AbstractDumper
 
     /**
      * Dumps a key in a hash structure.
+     *
+     * @return void
      */
     protected function dumpKey(Cursor $cursor)
     {
@@ -437,12 +452,11 @@ class CliDumper extends AbstractDumper
      */
     protected function style(string $style, string $value, array $attr = []): string
     {
-        if (null === $this->colors) {
-            $this->colors = $this->supportsColors();
-        }
+        $this->colors ??= $this->supportsColors();
 
         $this->handlesHrefGracefully ??= 'JetBrains-JediTerm' !== getenv('TERMINAL_EMULATOR')
-            && (!getenv('KONSOLE_VERSION') || (int) getenv('KONSOLE_VERSION') > 201100);
+            && (!getenv('KONSOLE_VERSION') || (int) getenv('KONSOLE_VERSION') > 201100)
+            && !isset($_SERVER['IDEA_INITIAL_DIRECTORY']);
 
         if (isset($attr['ellipsis'], $attr['ellipsis-type'])) {
             $prefix = substr($value, 0, -$attr['ellipsis']);
@@ -474,7 +488,15 @@ class CliDumper extends AbstractDumper
             return $s.$endCchr;
         }, $value, -1, $cchrCount);
 
-        if ($this->colors) {
+        if (!($attr['binary'] ?? false)) {
+            $value = preg_replace_callback(static::$unicodeCharsRx, function ($c) use (&$cchrCount, $startCchr, $endCchr) {
+                ++$cchrCount;
+
+                return $startCchr.'\u{'.strtoupper(dechex(mb_ord($c[0]))).'}'.$endCchr;
+            }, $value);
+        }
+
+        if ($this->colors && '' !== $value) {
             if ($cchrCount && "\033" === $value[0]) {
                 $value = substr($value, \strlen($startCchr));
             } else {
@@ -497,10 +519,15 @@ class CliDumper extends AbstractDumper
                 }
             }
             if (isset($attr['href'])) {
+                if ('label' === $style) {
+                    $value .= '^';
+                }
                 $value = "\033]8;;{$attr['href']}\033\\{$value}\033]8;;\033\\";
             }
-        } elseif ($attr['if_links'] ?? false) {
-            return '';
+        }
+
+        if ('label' === $style && '' !== $value) {
+            $value .= ' ';
         }
 
         return $value;
@@ -511,7 +538,7 @@ class CliDumper extends AbstractDumper
         if ($this->outputStream !== static::$defaultOutput) {
             return $this->hasColorSupport($this->outputStream);
         }
-        if (null !== static::$defaultColors) {
+        if (isset(static::$defaultColors)) {
             return static::$defaultColors;
         }
         if (isset($_SERVER['argv'][1])) {
@@ -546,16 +573,23 @@ class CliDumper extends AbstractDumper
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     protected function dumpLine(int $depth, bool $endOfValue = false)
     {
+        if (null === $this->colors) {
+            $this->colors = $this->supportsColors();
+        }
+
         if ($this->colors) {
             $this->line = sprintf("\033[%sm%s\033[m", $this->styles['default'], $this->line);
         }
         parent::dumpLine($depth);
     }
 
+    /**
+     * @return void
+     */
     protected function endValue(Cursor $cursor)
     {
         if (-1 === $cursor->hashType) {
@@ -632,7 +666,7 @@ class CliDumper extends AbstractDumper
         return $result;
     }
 
-    private function getSourceLink(string $file, int $line)
+    private function getSourceLink(string $file, int $line): string|false
     {
         if ($fmt = $this->displayOptions['fileLinkFormat']) {
             return \is_string($fmt) ? strtr($fmt, ['%f' => $file, '%l' => $line]) : ($fmt->format($file, $line) ?: 'file://'.$file.'#L'.$line);
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/ContextProvider/RequestContextProvider.php b/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/ContextProvider/RequestContextProvider.php
index 3684a4753..69dff067b 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/ContextProvider/RequestContextProvider.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/ContextProvider/RequestContextProvider.php
@@ -22,8 +22,8 @@ use Symfony\Component\VarDumper\Cloner\VarCloner;
  */
 final class RequestContextProvider implements ContextProviderInterface
 {
-    private $requestStack;
-    private $cloner;
+    private RequestStack $requestStack;
+    private VarCloner $cloner;
 
     public function __construct(RequestStack $requestStack)
     {
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/ContextProvider/SourceContextProvider.php b/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/ContextProvider/SourceContextProvider.php
index 8ef6e360e..cadddfac4 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/ContextProvider/SourceContextProvider.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/ContextProvider/SourceContextProvider.php
@@ -11,7 +11,8 @@
 
 namespace Symfony\Component\VarDumper\Dumper\ContextProvider;
 
-use Symfony\Component\HttpKernel\Debug\FileLinkFormatter;
+use Symfony\Component\ErrorHandler\ErrorRenderer\FileLinkFormatter;
+use Symfony\Component\HttpKernel\Debug\FileLinkFormatter as LegacyFileLinkFormatter;
 use Symfony\Component\VarDumper\Cloner\VarCloner;
 use Symfony\Component\VarDumper\Dumper\HtmlDumper;
 use Symfony\Component\VarDumper\VarDumper;
@@ -28,9 +29,9 @@ final class SourceContextProvider implements ContextProviderInterface
     private int $limit;
     private ?string $charset;
     private ?string $projectDir;
-    private $fileLinkFormatter;
+    private FileLinkFormatter|LegacyFileLinkFormatter|null $fileLinkFormatter;
 
-    public function __construct(string $charset = null, string $projectDir = null, FileLinkFormatter $fileLinkFormatter = null, int $limit = 9)
+    public function __construct(?string $charset = null, ?string $projectDir = null, FileLinkFormatter|LegacyFileLinkFormatter|null $fileLinkFormatter = null, int $limit = 9)
     {
         $this->charset = $charset;
         $this->projectDir = $projectDir;
@@ -44,7 +45,7 @@ final class SourceContextProvider implements ContextProviderInterface
 
         $file = $trace[1]['file'];
         $line = $trace[1]['line'];
-        $name = false;
+        $name = '-' === $file || 'Standard input code' === $file ? 'Standard input code' : false;
         $fileExcerpt = false;
 
         for ($i = 2; $i < $this->limit; ++$i) {
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/ContextualizedDumper.php b/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/ContextualizedDumper.php
index 18ab56ebd..84cfb4259 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/ContextualizedDumper.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/ContextualizedDumper.php
@@ -19,7 +19,7 @@ use Symfony\Component\VarDumper\Dumper\ContextProvider\ContextProviderInterface;
  */
 class ContextualizedDumper implements DataDumperInterface
 {
-    private $wrappedDumper;
+    private DataDumperInterface $wrappedDumper;
     private array $contextProviders;
 
     /**
@@ -31,13 +31,16 @@ class ContextualizedDumper implements DataDumperInterface
         $this->contextProviders = $contextProviders;
     }
 
+    /**
+     * @return string|null
+     */
     public function dump(Data $data)
     {
-        $context = [];
+        $context = $data->getContext();
         foreach ($this->contextProviders as $contextProvider) {
-            $context[\get_class($contextProvider)] = $contextProvider->getContext();
+            $context[$contextProvider::class] = $contextProvider->getContext();
         }
 
-        $this->wrappedDumper->dump($data->withContext($context));
+        return $this->wrappedDumper->dump($data->withContext($context));
     }
 }
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/DataDumperInterface.php b/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/DataDumperInterface.php
index b173bccf3..df05b6af5 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/DataDumperInterface.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/DataDumperInterface.php
@@ -20,5 +20,8 @@ use Symfony\Component\VarDumper\Cloner\Data;
  */
 interface DataDumperInterface
 {
+    /**
+     * @return string|null
+     */
     public function dump(Data $data);
 }
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/HtmlDumper.php b/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/HtmlDumper.php
index 40e97a534..ea09e6819 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/HtmlDumper.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/HtmlDumper.php
@@ -21,6 +21,7 @@ use Symfony\Component\VarDumper\Cloner\Data;
  */
 class HtmlDumper extends CliDumper
 {
+    /** @var callable|resource|string|null */
     public static $defaultOutput = 'php://output';
 
     protected static $themes = [
@@ -74,19 +75,16 @@ class HtmlDumper extends CliDumper
     ];
     private array $extraDisplayOptions = [];
 
-    /**
-     * {@inheritdoc}
-     */
-    public function __construct($output = null, string $charset = null, int $flags = 0)
+    public function __construct($output = null, ?string $charset = null, int $flags = 0)
     {
         AbstractDumper::__construct($output, $charset, $flags);
         $this->dumpId = 'sf-dump-'.mt_rand();
-        $this->displayOptions['fileLinkFormat'] = ini_get('xdebug.file_link_format') ?: get_cfg_var('xdebug.file_link_format');
+        $this->displayOptions['fileLinkFormat'] = \ini_get('xdebug.file_link_format') ?: get_cfg_var('xdebug.file_link_format');
         $this->styles = static::$themes['dark'] ?? self::$themes['dark'];
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function setStyles(array $styles)
     {
@@ -94,6 +92,9 @@ class HtmlDumper extends CliDumper
         $this->styles = $styles + $this->styles;
     }
 
+    /**
+     * @return void
+     */
     public function setTheme(string $themeName)
     {
         if (!isset(static::$themes[$themeName])) {
@@ -107,6 +108,8 @@ class HtmlDumper extends CliDumper
      * Configures display options.
      *
      * @param array $displayOptions A map of display options to customize the behavior
+     *
+     * @return void
      */
     public function setDisplayOptions(array $displayOptions)
     {
@@ -116,6 +119,8 @@ class HtmlDumper extends CliDumper
 
     /**
      * Sets an HTML header that will be dumped once in the output stream.
+     *
+     * @return void
      */
     public function setDumpHeader(?string $header)
     {
@@ -124,6 +129,8 @@ class HtmlDumper extends CliDumper
 
     /**
      * Sets an HTML prefix and suffix that will encapse every single dump.
+     *
+     * @return void
      */
     public function setDumpBoundaries(string $prefix, string $suffix)
     {
@@ -131,9 +138,6 @@ class HtmlDumper extends CliDumper
         $this->dumpSuffix = $suffix;
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public function dump(Data $data, $output = null, array $extraDisplayOptions = []): ?string
     {
         $this->extraDisplayOptions = $extraDisplayOptions;
@@ -145,6 +149,8 @@ class HtmlDumper extends CliDumper
 
     /**
      * Dumps the HTML header.
+     *
+     * @return string
      */
     protected function getDumpHeader()
     {
@@ -158,19 +164,15 @@ class HtmlDumper extends CliDumper
 <script>
 Sfdump = window.Sfdump || (function (doc) {
 
-var refStyle = doc.createElement('style'),
-    rxEsc = /([.*+?^${}()|\[\]\/\\])/g,
+doc.documentElement.classList.add('sf-js-enabled');
+
+var rxEsc = /([.*+?^${}()|\[\]\/\\])/g,
     idRx = /\bsf-dump-\d+-ref[012]\w+\b/,
     keyHint = 0 <= navigator.platform.toUpperCase().indexOf('MAC') ? 'Cmd' : 'Ctrl',
     addEventListener = function (e, n, cb) {
         e.addEventListener(n, cb, false);
     };
 
-refStyle.innerHTML = 'pre.sf-dump .sf-dump-compact, .sf-dump-str-collapse .sf-dump-str-collapse, .sf-dump-str-expand .sf-dump-str-expand { display: none; }';
-(doc.documentElement.firstElementChild || doc.documentElement.children[0]).appendChild(refStyle);
-refStyle = doc.createElement('style');
-(doc.documentElement.firstElementChild || doc.documentElement.children[0]).appendChild(refStyle);
-
 if (!doc.addEventListener) {
     addEventListener = function (element, eventName, callback) {
         element.attachEvent('on' + eventName, function (e) {
@@ -350,26 +352,16 @@ return function (root, x) {
     function xpathHasClass(className) {
         return "contains(concat(' ', normalize-space(@class), ' '), ' " + className +" ')";
     }
-    addEventListener(root, 'mouseover', function (e) {
-        if ('' != refStyle.innerHTML) {
-            refStyle.innerHTML = '';
-        }
-    });
     a('mouseover', function (a, e, c) {
         if (c) {
             e.target.style.cursor = "pointer";
-        } else if (a = idRx.exec(a.className)) {
-            try {
-                refStyle.innerHTML = 'pre.sf-dump .'+a[0]+'{background-color: #B729D9; color: #FFF !important; border-radius: 2px}';
-            } catch (e) {
-            }
         }
     });
     a('click', function (a, e, c) {
         if (/\bsf-dump-toggle\b/.test(a.className)) {
             e.preventDefault();
             if (!toggle(a, isCtrlKey(e))) {
-                var r = doc.getElementById(a.getAttribute('href').substr(1)),
+                var r = doc.getElementById(a.getAttribute('href').slice(1)),
                     s = r.previousSibling,
                     f = r.parentNode,
                     t = a.parentNode;
@@ -430,7 +422,8 @@ return function (root, x) {
                 x += elt.parentNode.getAttribute('data-depth')/1;
             }
         } else if (/\bsf-dump-ref\b/.test(elt.className) && (a = elt.getAttribute('href'))) {
-            a = a.substr(1);
+            a = a.slice(1);
+            elt.className += ' sf-dump-hover';
             elt.className += ' '+a;
 
             if (/[\[{]$/.test(elt.previousSibling.nodeValue)) {
@@ -647,6 +640,16 @@ return function (root, x) {
 
 })(document);
 </script><style>
+.sf-js-enabled pre.sf-dump .sf-dump-compact,
+.sf-js-enabled .sf-dump-str-collapse .sf-dump-str-collapse,
+.sf-js-enabled .sf-dump-str-expand .sf-dump-str-expand {
+    display: none;
+}
+.sf-dump-hover:hover {
+    background-color: #B729D9;
+    color: #FFF !important;
+    border-radius: 2px;
+}
 pre.sf-dump {
     display: block;
     white-space: pre;
@@ -661,7 +664,7 @@ pre.sf-dump:after {
    clear: both;
 }
 pre.sf-dump span {
-    display: inline;
+    display: inline-flex;
 }
 pre.sf-dump a {
     text-decoration: none;
@@ -783,7 +786,7 @@ EOHTML
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function dumpString(Cursor $cursor, string $str, bool $bin, int $cut)
     {
@@ -801,7 +804,7 @@ EOHTML
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function enterHash(Cursor $cursor, int $type, string|int|null $class, bool $hasChild)
     {
@@ -832,7 +835,7 @@ EOHTML
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     public function leaveHash(Cursor $cursor, int $type, string|int|null $class, bool $hasChild, int $cut)
     {
@@ -843,12 +846,9 @@ EOHTML
         parent::leaveHash($cursor, $type, $class, $hasChild, 0);
     }
 
-    /**
-     * {@inheritdoc}
-     */
     protected function style(string $style, string $value, array $attr = []): string
     {
-        if ('' === $value) {
+        if ('' === $value && ('label' !== $style || !isset($attr['file']) && !isset($attr['href']))) {
             return '';
         }
 
@@ -864,7 +864,7 @@ EOHTML
         }
 
         if ('const' === $style && isset($attr['value'])) {
-            $style .= sprintf(' title="%s"', esc(is_scalar($attr['value']) ? $attr['value'] : json_encode($attr['value'])));
+            $style .= sprintf(' title="%s"', esc(\is_scalar($attr['value']) ? $attr['value'] : json_encode($attr['value'])));
         } elseif ('public' === $style) {
             $style .= sprintf(' title="%s"', empty($attr['dynamic']) ? 'Public property' : 'Runtime added dynamic property');
         } elseif ('str' === $style && 1 < $attr['length']) {
@@ -883,7 +883,6 @@ EOHTML
         } elseif ('private' === $style) {
             $style .= sprintf(' title="Private property defined in class:&#10;`%s`"', esc($this->utf8Encode($attr['class'])));
         }
-        $map = static::$controlCharsMap;
 
         if (isset($attr['ellipsis'])) {
             $class = 'sf-dump-ellipsis';
@@ -902,6 +901,7 @@ EOHTML
             }
         }
 
+        $map = static::$controlCharsMap;
         $v = "<span class=sf-dump-{$style}>".preg_replace_callback(static::$controlCharsRx, function ($c) use ($map) {
             $s = $b = '<span class="sf-dump-default';
             $c = $c[$i = 0];
@@ -924,22 +924,34 @@ EOHTML
             return $s.'</span>';
         }, $v).'</span>';
 
+        if (!($attr['binary'] ?? false)) {
+            $v = preg_replace_callback(static::$unicodeCharsRx, function ($c) {
+                return '<span class=sf-dump-default>\u{'.strtoupper(dechex(mb_ord($c[0]))).'}</span>';
+            }, $v);
+        }
+
         if (isset($attr['file']) && $href = $this->getSourceLink($attr['file'], $attr['line'] ?? 0)) {
             $attr['href'] = $href;
         }
         if (isset($attr['href'])) {
+            if ('label' === $style) {
+                $v .= '^';
+            }
             $target = isset($attr['file']) ? '' : ' target="_blank"';
             $v = sprintf('<a href="%s"%s rel="noopener noreferrer">%s</a>', esc($this->utf8Encode($attr['href'])), $target, $v);
         }
         if (isset($attr['lang'])) {
             $v = sprintf('<code class="%s">%s</code>', esc($attr['lang']), $v);
         }
+        if ('label' === $style) {
+            $v .= ' ';
+        }
 
         return $v;
     }
 
     /**
-     * {@inheritdoc}
+     * @return void
      */
     protected function dumpLine(int $depth, bool $endOfValue = false)
     {
@@ -960,7 +972,7 @@ EOHTML
         }
         $this->lastDepth = $depth;
 
-        $this->line = mb_convert_encoding($this->line, 'HTML-ENTITIES', 'UTF-8');
+        $this->line = mb_encode_numericentity($this->line, [0x80, 0x10FFFF, 0, 0x1FFFFF], 'UTF-8');
 
         if (-1 === $depth) {
             AbstractDumper::dumpLine(0);
@@ -968,7 +980,7 @@ EOHTML
         AbstractDumper::dumpLine($depth);
     }
 
-    private function getSourceLink(string $file, int $line)
+    private function getSourceLink(string $file, int $line): string|false
     {
         $options = $this->extraDisplayOptions + $this->displayOptions;
 
@@ -980,7 +992,7 @@ EOHTML
     }
 }
 
-function esc(string $str)
+function esc(string $str): string
 {
     return htmlspecialchars($str, \ENT_QUOTES, 'UTF-8');
 }
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/ServerDumper.php b/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/ServerDumper.php
index 94795bf6d..60fdd7ac3 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/ServerDumper.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Dumper/ServerDumper.php
@@ -22,15 +22,15 @@ use Symfony\Component\VarDumper\Server\Connection;
  */
 class ServerDumper implements DataDumperInterface
 {
-    private $connection;
-    private $wrappedDumper;
+    private Connection $connection;
+    private ?DataDumperInterface $wrappedDumper;
 
     /**
      * @param string                     $host             The server host
      * @param DataDumperInterface|null   $wrappedDumper    A wrapped instance used whenever we failed contacting the server
      * @param ContextProviderInterface[] $contextProviders Context providers indexed by context name
      */
-    public function __construct(string $host, DataDumperInterface $wrappedDumper = null, array $contextProviders = [])
+    public function __construct(string $host, ?DataDumperInterface $wrappedDumper = null, array $contextProviders = [])
     {
         $this->connection = new Connection($host, $contextProviders);
         $this->wrappedDumper = $wrappedDumper;
@@ -42,12 +42,14 @@ class ServerDumper implements DataDumperInterface
     }
 
     /**
-     * {@inheritdoc}
+     * @return string|null
      */
     public function dump(Data $data)
     {
         if (!$this->connection->write($data) && $this->wrappedDumper) {
-            $this->wrappedDumper->dump($data);
+            return $this->wrappedDumper->dump($data);
         }
+
+        return null;
     }
 }
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Exception/ThrowingCasterException.php b/data/web/inc/lib/vendor/symfony/var-dumper/Exception/ThrowingCasterException.php
index 122f0d358..fd8eca9f1 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Exception/ThrowingCasterException.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Exception/ThrowingCasterException.php
@@ -21,6 +21,6 @@ class ThrowingCasterException extends \Exception
      */
     public function __construct(\Throwable $prev)
     {
-        parent::__construct('Unexpected '.\get_class($prev).' thrown from a caster: '.$prev->getMessage(), 0, $prev);
+        parent::__construct('Unexpected '.$prev::class.' thrown from a caster: '.$prev->getMessage(), 0, $prev);
     }
 }
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/LICENSE b/data/web/inc/lib/vendor/symfony/var-dumper/LICENSE
index a843ec124..29f72d5e9 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/LICENSE
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2014-2022 Fabien Potencier
+Copyright (c) 2014-present Fabien Potencier
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Resources/bin/var-dump-server b/data/web/inc/lib/vendor/symfony/var-dumper/Resources/bin/var-dump-server
index 98c813a06..f398fcef7 100755
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Resources/bin/var-dump-server
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Resources/bin/var-dump-server
@@ -10,6 +10,10 @@
  * file that was distributed with this source code.
  */
 
+if ('cli' !== PHP_SAPI) {
+    throw new Exception('This script must be run from the command line.');
+}
+
 /**
  * Starts a dump server to collect and output dumps on a single place with multiple formats support.
  *
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Resources/functions/dump.php b/data/web/inc/lib/vendor/symfony/var-dumper/Resources/functions/dump.php
index 6221a4d18..f2ff74c0c 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Resources/functions/dump.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Resources/functions/dump.php
@@ -9,40 +9,52 @@
  * file that was distributed with this source code.
  */
 
+use Symfony\Component\VarDumper\Caster\ScalarStub;
 use Symfony\Component\VarDumper\VarDumper;
 
 if (!function_exists('dump')) {
     /**
      * @author Nicolas Grekas <p@tchwork.com>
+     * @author Alexandre Daubois <alex.daubois@gmail.com>
      */
-    function dump(mixed $var, mixed ...$moreVars): mixed
+    function dump(mixed ...$vars): mixed
     {
-        VarDumper::dump($var);
+        if (!$vars) {
+            VarDumper::dump(new ScalarStub('🐛'));
 
-        foreach ($moreVars as $v) {
-            VarDumper::dump($v);
+            return null;
         }
 
-        if (1 < func_num_args()) {
-            return func_get_args();
+        if (array_key_exists(0, $vars) && 1 === count($vars)) {
+            VarDumper::dump($vars[0]);
+            $k = 0;
+        } else {
+            foreach ($vars as $k => $v) {
+                VarDumper::dump($v, is_int($k) ? 1 + $k : $k);
+            }
         }
 
-        return $var;
+        if (1 < count($vars)) {
+            return $vars;
+        }
+
+        return $vars[$k];
     }
 }
 
 if (!function_exists('dd')) {
-    /**
-     * @return never
-     */
-    function dd(...$vars): void
+    function dd(mixed ...$vars): never
     {
-        if (!in_array(\PHP_SAPI, ['cli', 'phpdbg'], true) && !headers_sent()) {
+        if (!\in_array(\PHP_SAPI, ['cli', 'phpdbg', 'embed'], true) && !headers_sent()) {
             header('HTTP/1.1 500 Internal Server Error');
         }
 
-        foreach ($vars as $v) {
-            VarDumper::dump($v);
+        if (array_key_exists(0, $vars) && 1 === count($vars)) {
+            VarDumper::dump($vars[0]);
+        } else {
+            foreach ($vars as $k => $v) {
+                VarDumper::dump($v, is_int($k) ? 1 + $k : $k);
+            }
         }
 
         exit(1);
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Server/Connection.php b/data/web/inc/lib/vendor/symfony/var-dumper/Server/Connection.php
index 97b5b94f3..4383278c9 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Server/Connection.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Server/Connection.php
@@ -62,7 +62,7 @@ class Connection
         $context = array_filter($context);
         $encodedPayload = base64_encode(serialize([$data, $context]))."\n";
 
-        set_error_handler([self::class, 'nullErrorHandler']);
+        set_error_handler(static fn () => null);
         try {
             if (-1 !== stream_socket_sendto($this->socket, $encodedPayload)) {
                 return true;
@@ -82,16 +82,14 @@ class Connection
         return false;
     }
 
-    private static function nullErrorHandler(int $t, string $m)
-    {
-        // no-op
-    }
-
+    /**
+     * @return resource|null
+     */
     private function createSocket()
     {
-        set_error_handler([self::class, 'nullErrorHandler']);
+        set_error_handler(static fn () => null);
         try {
-            return stream_socket_client($this->host, $errno, $errstr, 3, \STREAM_CLIENT_CONNECT | \STREAM_CLIENT_ASYNC_CONNECT);
+            return stream_socket_client($this->host, $errno, $errstr, 3) ?: null;
         } finally {
             restore_error_handler();
         }
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Server/DumpServer.php b/data/web/inc/lib/vendor/symfony/var-dumper/Server/DumpServer.php
index 6a43c1204..a9228a2ef 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Server/DumpServer.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Server/DumpServer.php
@@ -25,14 +25,14 @@ use Symfony\Component\VarDumper\Cloner\Stub;
 class DumpServer
 {
     private string $host;
-    private $logger;
+    private ?LoggerInterface $logger;
 
     /**
      * @var resource|null
      */
     private $socket;
 
-    public function __construct(string $host, LoggerInterface $logger = null)
+    public function __construct(string $host, ?LoggerInterface $logger = null)
     {
         if (!str_contains($host, '://')) {
             $host = 'tcp://'.$host;
@@ -56,25 +56,19 @@ class DumpServer
         }
 
         foreach ($this->getMessages() as $clientId => $message) {
-            if ($this->logger) {
-                $this->logger->info('Received a payload from client {clientId}', ['clientId' => $clientId]);
-            }
+            $this->logger?->info('Received a payload from client {clientId}', ['clientId' => $clientId]);
 
             $payload = @unserialize(base64_decode($message), ['allowed_classes' => [Data::class, Stub::class]]);
 
             // Impossible to decode the message, give up.
             if (false === $payload) {
-                if ($this->logger) {
-                    $this->logger->warning('Unable to decode a message from {clientId} client.', ['clientId' => $clientId]);
-                }
+                $this->logger?->warning('Unable to decode a message from {clientId} client.', ['clientId' => $clientId]);
 
                 continue;
             }
 
             if (!\is_array($payload) || \count($payload) < 2 || !$payload[0] instanceof Data || !\is_array($payload[1])) {
-                if ($this->logger) {
-                    $this->logger->warning('Invalid payload from {clientId} client. Expected an array of two elements (Data $data, array $context)', ['clientId' => $clientId]);
-                }
+                $this->logger?->warning('Invalid payload from {clientId} client. Expected an array of two elements (Data $data, array $context)', ['clientId' => $clientId]);
 
                 continue;
             }
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/Test/VarDumperTestTrait.php b/data/web/inc/lib/vendor/symfony/var-dumper/Test/VarDumperTestTrait.php
index a202185e5..4475efd12 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/Test/VarDumperTestTrait.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/Test/VarDumperTestTrait.php
@@ -27,7 +27,7 @@ trait VarDumperTestTrait
         'flags' => null,
     ];
 
-    protected function setUpVarDumper(array $casters, int $flags = null): void
+    protected function setUpVarDumper(array $casters, ?int $flags = null): void
     {
         $this->varDumperConfig['casters'] = $casters;
         $this->varDumperConfig['flags'] = $flags;
@@ -52,7 +52,7 @@ trait VarDumperTestTrait
         $this->assertStringMatchesFormat($this->prepareExpectation($expected, $filter), $this->getDump($data, null, $filter), $message);
     }
 
-    protected function getDump(mixed $data, string|int $key = null, int $filter = 0): ?string
+    protected function getDump(mixed $data, string|int|null $key = null, int $filter = 0): ?string
     {
         if (null === $flags = $this->varDumperConfig['flags']) {
             $flags = getenv('DUMP_LIGHT_ARRAY') ? CliDumper::DUMP_LIGHT_ARRAY : 0;
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/VarDumper.php b/data/web/inc/lib/vendor/symfony/var-dumper/VarDumper.php
index dfef9f410..e1400f150 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/VarDumper.php
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/VarDumper.php
@@ -11,9 +11,9 @@
 
 namespace Symfony\Component\VarDumper;
 
+use Symfony\Component\ErrorHandler\ErrorRenderer\FileLinkFormatter;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\RequestStack;
-use Symfony\Component\HttpKernel\Debug\FileLinkFormatter;
 use Symfony\Component\VarDumper\Caster\ReflectionCaster;
 use Symfony\Component\VarDumper\Cloner\VarCloner;
 use Symfony\Component\VarDumper\Dumper\CliDumper;
@@ -37,17 +37,26 @@ class VarDumper
      */
     private static $handler;
 
-    public static function dump(mixed $var)
+    /**
+     * @param string|null $label
+     *
+     * @return mixed
+     */
+    public static function dump(mixed $var/* , string $label = null */)
     {
+        $label = 2 <= \func_num_args() ? func_get_arg(1) : null;
         if (null === self::$handler) {
             self::register();
         }
 
-        return (self::$handler)($var);
+        return (self::$handler)($var, $label);
     }
 
-    public static function setHandler(callable $callable = null): ?callable
+    public static function setHandler(?callable $callable = null): ?callable
     {
+        if (1 > \func_num_args()) {
+            trigger_deprecation('symfony/var-dumper', '6.2', 'Calling "%s()" without any arguments is deprecated, pass null explicitly instead.', __METHOD__);
+        }
         $prevHandler = self::$handler;
 
         // Prevent replacing the handler with expected format as soon as the env var was set:
@@ -76,19 +85,25 @@ class VarDumper
             case 'server' === $format:
             case $format && 'tcp' === parse_url($format, \PHP_URL_SCHEME):
                 $host = 'server' === $format ? $_SERVER['VAR_DUMPER_SERVER'] ?? '127.0.0.1:9912' : $format;
-                $dumper = \in_array(\PHP_SAPI, ['cli', 'phpdbg'], true) ? new CliDumper() : new HtmlDumper();
+                $dumper = \in_array(\PHP_SAPI, ['cli', 'phpdbg', 'embed'], true) ? new CliDumper() : new HtmlDumper();
                 $dumper = new ServerDumper($host, $dumper, self::getDefaultContextProviders());
                 break;
             default:
-                $dumper = \in_array(\PHP_SAPI, ['cli', 'phpdbg'], true) ? new CliDumper() : new HtmlDumper();
+                $dumper = \in_array(\PHP_SAPI, ['cli', 'phpdbg', 'embed'], true) ? new CliDumper() : new HtmlDumper();
         }
 
         if (!$dumper instanceof ServerDumper) {
             $dumper = new ContextualizedDumper($dumper, [new SourceContextProvider()]);
         }
 
-        self::$handler = function ($var) use ($cloner, $dumper) {
-            $dumper->dump($cloner->cloneVar($var));
+        self::$handler = function ($var, ?string $label = null) use ($cloner, $dumper) {
+            $var = $cloner->cloneVar($var);
+
+            if (null !== $label) {
+                $var = $var->withContext(['label' => $label]);
+            }
+
+            $dumper->dump($var);
         };
     }
 
@@ -96,7 +111,7 @@ class VarDumper
     {
         $contextProviders = [];
 
-        if (!\in_array(\PHP_SAPI, ['cli', 'phpdbg'], true) && (class_exists(Request::class))) {
+        if (!\in_array(\PHP_SAPI, ['cli', 'phpdbg', 'embed'], true) && class_exists(Request::class)) {
             $requestStack = new RequestStack();
             $requestStack->push(Request::createFromGlobals());
             $contextProviders['request'] = new RequestContextProvider($requestStack);
diff --git a/data/web/inc/lib/vendor/symfony/var-dumper/composer.json b/data/web/inc/lib/vendor/symfony/var-dumper/composer.json
index db04f5884..e6166f86d 100644
--- a/data/web/inc/lib/vendor/symfony/var-dumper/composer.json
+++ b/data/web/inc/lib/vendor/symfony/var-dumper/composer.json
@@ -16,25 +16,22 @@
         }
     ],
     "require": {
-        "php": ">=8.0.2",
+        "php": ">=8.1",
+        "symfony/deprecation-contracts": "^2.5|^3",
         "symfony/polyfill-mbstring": "~1.0"
     },
     "require-dev": {
         "ext-iconv": "*",
-        "symfony/console": "^5.4|^6.0",
-        "symfony/process": "^5.4|^6.0",
-        "symfony/uid": "^5.4|^6.0",
+        "symfony/console": "^5.4|^6.0|^7.0",
+        "symfony/error-handler": "^6.3|^7.0",
+        "symfony/http-kernel": "^5.4|^6.0|^7.0",
+        "symfony/process": "^5.4|^6.0|^7.0",
+        "symfony/uid": "^5.4|^6.0|^7.0",
         "twig/twig": "^2.13|^3.0.4"
     },
     "conflict": {
-        "phpunit/phpunit": "<5.4.3",
         "symfony/console": "<5.4"
     },
-    "suggest": {
-        "ext-iconv": "To convert non-UTF-8 strings to UTF-8 (or symfony/polyfill-iconv in case ext-iconv cannot be used).",
-        "ext-intl": "To show region name in time zone dump",
-        "symfony/console": "To use the ServerDumpCommand and/or the bin/var-dump-server script"
-    },
     "autoload": {
         "files": [ "Resources/functions/dump.php" ],
         "psr-4": { "Symfony\\Component\\VarDumper\\": "" },
diff --git a/data/web/inc/lib/vendor/tightenco/collect/.github/workflows/run-tests.yml b/data/web/inc/lib/vendor/tightenco/collect/.github/workflows/run-tests.yml
index c9325213f..406c40049 100644
--- a/data/web/inc/lib/vendor/tightenco/collect/.github/workflows/run-tests.yml
+++ b/data/web/inc/lib/vendor/tightenco/collect/.github/workflows/run-tests.yml
@@ -10,7 +10,7 @@ jobs:
     strategy:
       matrix:
         os: [Ubuntu, macOS]
-        php: [7.3, 7.4, 8.0, 8.1]
+        php: [8.0, 8.1, 8.2]
 
         include:
           - os: Ubuntu
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v1
 
       - name: Setup PHP
         uses: shivammathur/setup-php@v2
diff --git a/data/web/inc/lib/vendor/tightenco/collect/composer.json b/data/web/inc/lib/vendor/tightenco/collect/composer.json
index 88ebb77ae..949635dcd 100644
--- a/data/web/inc/lib/vendor/tightenco/collect/composer.json
+++ b/data/web/inc/lib/vendor/tightenco/collect/composer.json
@@ -10,7 +10,7 @@
         }
     ],
     "require": {
-        "php": "^7.3|^8.0",
+        "php": "^8.0",
         "symfony/var-dumper": "^3.4 || ^4.0 || ^5.0 || ^6.0"
     },
     "require-dev": {
@@ -33,7 +33,6 @@
             "tests/files/Support/HtmlString.php",
             "tests/files/Support/HigherOrderTapProxy.php",
             "tests/files/Support/Str.php",
-            "tests/files/Support/Traits/Conditionable.php",
             "tests/files/Support/Stringable.php",
             "tests/files/Support/ItemNotFoundException.php",
             "tests/files/Support/MultipleItemsFoundException.php",
diff --git a/data/web/inc/lib/vendor/tightenco/collect/framework-.zip b/data/web/inc/lib/vendor/tightenco/collect/framework-.zip
new file mode 100644
index 000000000..e69de29bb
diff --git a/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Conditionable/HigherOrderWhenProxy.php b/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Conditionable/HigherOrderWhenProxy.php
new file mode 100644
index 000000000..eaf24812b
--- /dev/null
+++ b/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Conditionable/HigherOrderWhenProxy.php
@@ -0,0 +1,109 @@
+<?php
+
+namespace Tightenco\Collect\Conditionable;
+
+class HigherOrderWhenProxy
+{
+    /**
+     * The target being conditionally operated on.
+     *
+     * @var mixed
+     */
+    protected $target;
+
+    /**
+     * The condition for proxying.
+     *
+     * @var bool
+     */
+    protected $condition;
+
+    /**
+     * Indicates whether the proxy has a condition.
+     *
+     * @var bool
+     */
+    protected $hasCondition = false;
+
+    /**
+     * Determine whether the condition should be negated.
+     *
+     * @var bool
+     */
+    protected $negateConditionOnCapture;
+
+    /**
+     * Create a new proxy instance.
+     *
+     * @param  mixed  $target
+     * @return void
+     */
+    public function __construct($target)
+    {
+        $this->target = $target;
+    }
+
+    /**
+     * Set the condition on the proxy.
+     *
+     * @param  bool  $condition
+     * @return $this
+     */
+    public function condition($condition)
+    {
+        [$this->condition, $this->hasCondition] = [$condition, true];
+
+        return $this;
+    }
+
+    /**
+     * Indicate that the condition should be negated.
+     *
+     * @return $this
+     */
+    public function negateConditionOnCapture()
+    {
+        $this->negateConditionOnCapture = true;
+
+        return $this;
+    }
+
+    /**
+     * Proxy accessing an attribute onto the target.
+     *
+     * @param  string  $key
+     * @return mixed
+     */
+    public function __get($key)
+    {
+        if (! $this->hasCondition) {
+            $condition = $this->target->{$key};
+
+            return $this->condition($this->negateConditionOnCapture ? ! $condition : $condition);
+        }
+
+        return $this->condition
+            ? $this->target->{$key}
+            : $this->target;
+    }
+
+    /**
+     * Proxy a method call on the target.
+     *
+     * @param  string  $method
+     * @param  array  $parameters
+     * @return mixed
+     */
+    public function __call($method, $parameters)
+    {
+        if (! $this->hasCondition) {
+            $condition = $this->target->{$method}(...$parameters);
+
+            return $this->condition($this->negateConditionOnCapture ? ! $condition : $condition);
+        }
+
+        return $this->condition
+            ? $this->target->{$method}(...$parameters)
+            : $this->target;
+    }
+}
diff --git a/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Contracts/Support/Arrayable.php b/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Contracts/Support/Arrayable.php
index a20580400..190bb9bc3 100755
--- a/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Contracts/Support/Arrayable.php
+++ b/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Contracts/Support/Arrayable.php
@@ -2,12 +2,16 @@
 
 namespace Tightenco\Collect\Contracts\Support;
 
+/**
+ * @template TKey of array-key
+ * @template TValue
+ */
 interface Arrayable
 {
     /**
      * Get the instance as an array.
      *
-     * @return array
+     * @return array<TKey, TValue>
      */
     public function toArray();
 }
diff --git a/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Arr.php b/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Arr.php
index 57350cca5..f3a4b042e 100644
--- a/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Arr.php
+++ b/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Arr.php
@@ -2,6 +2,7 @@
 
 namespace Tightenco\Collect\Support;
 
+use ArgumentCountError;
 use ArrayAccess;
 use Tightenco\Collect\Support\Traits\Macroable;
 use InvalidArgumentException;
@@ -25,7 +26,7 @@ class Arr
      * Add an element to an array using "dot" notation if it doesn't exist.
      *
      * @param  array  $array
-     * @param  string  $key
+     * @param  string|int|float  $key
      * @param  mixed  $value
      * @return array
      */
@@ -142,7 +143,7 @@ class Arr
      * Get all of the given array except for a specified array of keys.
      *
      * @param  array  $array
-     * @param  array|string  $keys
+     * @param  array|string|int|float  $keys
      * @return array
      */
     public static function except($array, $keys)
@@ -169,6 +170,10 @@ class Arr
             return $array->offsetExists($key);
         }
 
+        if (is_float($key)) {
+            $key = (string) $key;
+        }
+
         return array_key_exists($key, $array);
     }
 
@@ -252,7 +257,7 @@ class Arr
      * Remove one or many array items from a given array using "dot" notation.
      *
      * @param  array  $array
-     * @param  array|string  $keys
+     * @param  array|string|int|float  $keys
      * @return void
      */
     public static function forget(&$array, $keys)
@@ -281,7 +286,7 @@ class Arr
             while (count($parts) > 1) {
                 $part = array_shift($parts);
 
-                if (isset($array[$part]) && is_array($array[$part])) {
+                if (isset($array[$part]) && static::accessible($array[$part])) {
                     $array = &$array[$part];
                 } else {
                     continue 2;
@@ -314,7 +319,7 @@ class Arr
             return $array[$key];
         }
 
-        if (strpos($key, '.') === false) {
+        if (! str_contains($key, '.')) {
             return $array[$key] ?? value($default);
         }
 
@@ -423,6 +428,59 @@ class Arr
         return ! self::isAssoc($array);
     }
 
+    /**
+     * Join all items using a string. The final items can use a separate glue string.
+     *
+     * @param  array  $array
+     * @param  string  $glue
+     * @param  string  $finalGlue
+     * @return string
+     */
+    public static function join($array, $glue, $finalGlue = '')
+    {
+        if ($finalGlue === '') {
+            return implode($glue, $array);
+        }
+
+        if (count($array) === 0) {
+            return '';
+        }
+
+        if (count($array) === 1) {
+            return end($array);
+        }
+
+        $finalItem = array_pop($array);
+
+        return implode($glue, $array).$finalGlue.$finalItem;
+    }
+
+    /**
+     * Key an associative array by a field or using a callback.
+     *
+     * @param  array  $array
+     * @param  callable|array|string  $keyBy
+     * @return array
+     */
+    public static function keyBy($array, $keyBy)
+    {
+        return Collection::make($array)->keyBy($keyBy)->all();
+    }
+
+    /**
+     * Prepend the key names of an associative array.
+     *
+     * @param  array  $array
+     * @param  string  $prependWith
+     * @return array
+     */
+    public static function prependKeysWith($array, $prependWith)
+    {
+        return Collection::make($array)->mapWithKeys(function ($item, $key) use ($prependWith) {
+            return [$prependWith.$key => $item];
+        })->all();
+    }
+
     /**
      * Get a subset of the items from the given array.
      *
@@ -487,6 +545,26 @@ class Arr
         return [$value, $key];
     }
 
+    /**
+     * Run a map over each of the items in the array.
+     *
+     * @param  array  $array
+     * @param  callable  $callback
+     * @return array
+     */
+    public static function map(array $array, callable $callback)
+    {
+        $keys = array_keys($array);
+
+        try {
+            $items = array_map($callback, $array, $keys);
+        } catch (ArgumentCountError) {
+            $items = array_map($callback, $array);
+        }
+
+        return array_combine($keys, $items);
+    }
+
     /**
      * Push an item onto the beginning of an array.
      *
@@ -510,7 +588,7 @@ class Arr
      * Get a value from the array, and remove it.
      *
      * @param  array  $array
-     * @param  string  $key
+     * @param  string|int  $key
      * @param  mixed  $default
      * @return mixed
      */
@@ -539,7 +617,7 @@ class Arr
      *
      * @param  array  $array
      * @param  int|null  $number
-     * @param  bool|false  $preserveKeys
+     * @param  bool  $preserveKeys
      * @return mixed
      *
      * @throws \InvalidArgumentException
@@ -587,7 +665,7 @@ class Arr
      * If no key is given to the method, the entire array will be replaced.
      *
      * @param  array  $array
-     * @param  string|null  $key
+     * @param  string|int|null  $key
      * @param  mixed  $value
      * @return array
      */
@@ -653,6 +731,18 @@ class Arr
         return Collection::make($array)->sortBy($callback)->all();
     }
 
+    /**
+     * Sort the array in descending order using the given callback or "dot" notation.
+     *
+     * @param  array  $array
+     * @param  callable|array|string|null  $callback
+     * @return array
+     */
+    public static function sortDesc($array, $callback = null)
+    {
+        return Collection::make($array)->sortByDesc($callback)->all();
+    }
+
     /**
      * Recursively sort an array by keys and values.
      *
@@ -705,6 +795,29 @@ class Arr
         return implode(' ', $classes);
     }
 
+    /**
+     * Conditionally compile styles from an array into a style list.
+     *
+     * @param  array  $array
+     * @return string
+     */
+    public static function toCssStyles($array)
+    {
+        $styleList = static::wrap($array);
+
+        $styles = [];
+
+        foreach ($styleList as $class => $constraint) {
+            if (is_numeric($class)) {
+                $styles[] = Str::finish($constraint, ';');
+            } elseif ($constraint) {
+                $styles[] = Str::finish($class, ';');
+            }
+        }
+
+        return implode(' ', $styles);
+    }
+
     /**
      * Filter the array using the given callback.
      *
@@ -725,9 +838,7 @@ class Arr
      */
     public static function whereNotNull($array)
     {
-        return static::where($array, function ($value) {
-            return ! is_null($value);
-        });
+        return static::where($array, fn ($value) => ! is_null($value));
     }
 
     /**
diff --git a/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Collection.php b/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Collection.php
index 577e35157..e705ee0d0 100644
--- a/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Collection.php
+++ b/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Collection.php
@@ -8,22 +8,33 @@ use Tightenco\Collect\Contracts\Support\CanBeEscapedWhenCastToString;
 use Tightenco\Collect\Support\Traits\EnumeratesValues;
 use Tightenco\Collect\Support\Traits\Macroable;
 use stdClass;
+use Traversable;
 
+/**
+ * @template TKey of array-key
+ * @template TValue
+ *
+ * @implements \ArrayAccess<TKey, TValue>
+ * @implements \Tightenco\Collect\Support\Enumerable<TKey, TValue>
+ */
 class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerable
 {
+    /**
+     * @use \Tightenco\Collect\Support\Traits\EnumeratesValues<TKey, TValue>
+     */
     use EnumeratesValues, Macroable;
 
     /**
      * The items contained in the collection.
      *
-     * @var array
+     * @var array<TKey, TValue>
      */
     protected $items = [];
 
     /**
      * Create a new collection.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>|null  $items
      * @return void
      */
     public function __construct($items = [])
@@ -36,7 +47,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
      *
      * @param  int  $from
      * @param  int  $to
-     * @return static
+     * @return static<int, int>
      */
     public static function range($from, $to)
     {
@@ -46,7 +57,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get all of the items in the collection.
      *
-     * @return array
+     * @return array<TKey, TValue>
      */
     public function all()
     {
@@ -56,7 +67,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get a lazy collection for the items in this collection.
      *
-     * @return \Tightenco\Collect\Support\LazyCollection
+     * @return \Tightenco\Collect\Support\LazyCollection<TKey, TValue>
      */
     public function lazy()
     {
@@ -66,18 +77,16 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get the average value of a given key.
      *
-     * @param  callable|string|null  $callback
-     * @return mixed
+     * @param  (callable(TValue): float|int)|string|null  $callback
+     * @return float|int|null
      */
     public function avg($callback = null)
     {
         $callback = $this->valueRetriever($callback);
 
-        $items = $this->map(function ($value) use ($callback) {
-            return $callback($value);
-        })->filter(function ($value) {
-            return ! is_null($value);
-        });
+        $items = $this
+            ->map(fn ($value) => $callback($value))
+            ->filter(fn ($value) => ! is_null($value));
 
         if ($count = $items->count()) {
             return $items->sum() / $count;
@@ -87,15 +96,14 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get the median of a given key.
      *
-     * @param  string|array|null  $key
-     * @return mixed
+     * @param  string|array<array-key, string>|null  $key
+     * @return float|int|null
      */
     public function median($key = null)
     {
         $values = (isset($key) ? $this->pluck($key) : $this)
-            ->filter(function ($item) {
-                return ! is_null($item);
-            })->sort()->values();
+            ->filter(fn ($item) => ! is_null($item))
+            ->sort()->values();
 
         $count = $values->count();
 
@@ -117,8 +125,8 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get the mode of a given key.
      *
-     * @param  string|array|null  $key
-     * @return array|null
+     * @param  string|array<array-key, string>|null  $key
+     * @return array<int, float|int>|null
      */
     public function mode($key = null)
     {
@@ -130,23 +138,20 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
 
         $counts = new static;
 
-        $collection->each(function ($value) use ($counts) {
-            $counts[$value] = isset($counts[$value]) ? $counts[$value] + 1 : 1;
-        });
+        $collection->each(fn ($value) => $counts[$value] = isset($counts[$value]) ? $counts[$value] + 1 : 1);
 
         $sorted = $counts->sort();
 
         $highestValue = $sorted->last();
 
-        return $sorted->filter(function ($value) use ($highestValue) {
-            return $value == $highestValue;
-        })->sort()->keys()->all();
+        return $sorted->filter(fn ($value) => $value == $highestValue)
+            ->sort()->keys()->all();
     }
 
     /**
      * Collapse the collection of items into a single array.
      *
-     * @return static
+     * @return static<int, mixed>
      */
     public function collapse()
     {
@@ -156,7 +161,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Determine if an item exists in the collection.
      *
-     * @param  mixed  $key
+     * @param  (callable(TValue, TKey): bool)|TValue|string  $key
      * @param  mixed  $operator
      * @param  mixed  $value
      * @return bool
@@ -176,6 +181,26 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
         return $this->contains($this->operatorForWhere(...func_get_args()));
     }
 
+    /**
+     * Determine if an item exists, using strict comparison.
+     *
+     * @param  (callable(TValue): bool)|TValue|array-key  $key
+     * @param  TValue|null  $value
+     * @return bool
+     */
+    public function containsStrict($key, $value = null)
+    {
+        if (func_num_args() === 2) {
+            return $this->contains(fn ($item) => data_get($item, $key) === $value);
+        }
+
+        if ($this->useAsCallable($key)) {
+            return ! is_null($this->first($key));
+        }
+
+        return in_array($key, $this->items, true);
+    }
+
     /**
      * Determine if an item is not contained in the collection.
      *
@@ -192,8 +217,11 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Cross join with the given lists, returning all possible permutations.
      *
-     * @param  mixed  ...$lists
-     * @return static
+     * @template TCrossJoinKey
+     * @template TCrossJoinValue
+     *
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TCrossJoinKey, TCrossJoinValue>|iterable<TCrossJoinKey, TCrossJoinValue>  ...$lists
+     * @return static<int, array<int, TValue|TCrossJoinValue>>
      */
     public function crossJoin(...$lists)
     {
@@ -205,7 +233,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get the items in the collection that are not present in the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<array-key, TValue>|iterable<array-key, TValue>  $items
      * @return static
      */
     public function diff($items)
@@ -216,8 +244,8 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get the items in the collection that are not present in the given items, using the callback.
      *
-     * @param  mixed  $items
-     * @param  callable  $callback
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<array-key, TValue>|iterable<array-key, TValue>  $items
+     * @param  callable(TValue, TValue): int  $callback
      * @return static
      */
     public function diffUsing($items, callable $callback)
@@ -228,7 +256,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get the items in the collection whose keys and values are not present in the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function diffAssoc($items)
@@ -239,8 +267,8 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get the items in the collection whose keys and values are not present in the given items, using the callback.
      *
-     * @param  mixed  $items
-     * @param  callable  $callback
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
+     * @param  callable(TKey, TKey): int  $callback
      * @return static
      */
     public function diffAssocUsing($items, callable $callback)
@@ -251,7 +279,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get the items in the collection whose keys are not present in the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function diffKeys($items)
@@ -262,8 +290,8 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get the items in the collection whose keys are not present in the given items, using the callback.
      *
-     * @param  mixed  $items
-     * @param  callable  $callback
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
+     * @param  callable(TKey, TKey): int  $callback
      * @return static
      */
     public function diffKeysUsing($items, callable $callback)
@@ -274,7 +302,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Retrieve duplicate items from the collection.
      *
-     * @param  callable|string|null  $callback
+     * @param  (callable(TValue): bool)|string|null  $callback
      * @param  bool  $strict
      * @return static
      */
@@ -302,7 +330,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Retrieve duplicate items from the collection using strict comparison.
      *
-     * @param  callable|string|null  $callback
+     * @param  (callable(TValue): bool)|string|null  $callback
      * @return static
      */
     public function duplicatesStrict($callback = null)
@@ -314,25 +342,21 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
      * Get the comparison function to detect duplicates.
      *
      * @param  bool  $strict
-     * @return \Closure
+     * @return callable(TValue, TValue): bool
      */
     protected function duplicateComparator($strict)
     {
         if ($strict) {
-            return function ($a, $b) {
-                return $a === $b;
-            };
+            return fn ($a, $b) => $a === $b;
         }
 
-        return function ($a, $b) {
-            return $a == $b;
-        };
+        return fn ($a, $b) => $a == $b;
     }
 
     /**
      * Get all items except for those with the specified keys.
      *
-     * @param  \Tightenco\Collect\Support\Collection|mixed  $keys
+     * @param  \Tightenco\Collect\Support\Enumerable<array-key, TKey>|array<array-key, TKey>  $keys
      * @return static
      */
     public function except($keys)
@@ -349,7 +373,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Run a filter over each of the items.
      *
-     * @param  callable|null  $callback
+     * @param (callable(TValue, TKey): bool)|null  $callback
      * @return static
      */
     public function filter(callable $callback = null)
@@ -364,9 +388,11 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get the first item from the collection passing the given truth test.
      *
-     * @param  callable|null  $callback
-     * @param  mixed  $default
-     * @return mixed
+     * @template TFirstDefault
+     *
+     * @param  (callable(TValue, TKey): bool)|null  $callback
+     * @param  TFirstDefault|(\Closure(): TFirstDefault)  $default
+     * @return TValue|TFirstDefault
      */
     public function first(callable $callback = null, $default = null)
     {
@@ -377,7 +403,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
      * Get a flattened array of the items in the collection.
      *
      * @param  int  $depth
-     * @return static
+     * @return static<int, mixed>
      */
     public function flatten($depth = INF)
     {
@@ -387,7 +413,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Flip the items in the collection.
      *
-     * @return static
+     * @return static<TValue, TKey>
      */
     public function flip()
     {
@@ -397,7 +423,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Remove an item from the collection by key.
      *
-     * @param  string|int|array  $keys
+     * @param  TKey|array<array-key, TKey>  $keys
      * @return $this
      */
     public function forget($keys)
@@ -412,9 +438,11 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get an item from the collection by key.
      *
-     * @param  mixed  $key
-     * @param  mixed  $default
-     * @return mixed
+     * @template TGetDefault
+     *
+     * @param  TKey  $key
+     * @param  TGetDefault|(\Closure(): TGetDefault)  $default
+     * @return TValue|TGetDefault
      */
     public function get($key, $default = null)
     {
@@ -446,9 +474,9 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Group an associative array by a field or using a callback.
      *
-     * @param  array|callable|string  $groupBy
+     * @param  (callable(TValue, TKey): array-key)|array|string  $groupBy
      * @param  bool  $preserveKeys
-     * @return static
+     * @return static<array-key, static<array-key, TValue>>
      */
     public function groupBy($groupBy, $preserveKeys = false)
     {
@@ -470,7 +498,11 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
             }
 
             foreach ($groupKeys as $groupKey) {
-                $groupKey = is_bool($groupKey) ? (int) $groupKey : $groupKey;
+                $groupKey = match (true) {
+                    is_bool($groupKey) => (int) $groupKey,
+                    $groupKey instanceof \Stringable => (string) $groupKey,
+                    default => $groupKey,
+                };
 
                 if (! array_key_exists($groupKey, $results)) {
                     $results[$groupKey] = new static;
@@ -492,8 +524,8 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Key an associative array by a field or using a callback.
      *
-     * @param  callable|string  $keyBy
-     * @return static
+     * @param  (callable(TValue, TKey): array-key)|array|string  $keyBy
+     * @return static<array-key, TValue>
      */
     public function keyBy($keyBy)
     {
@@ -517,7 +549,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Determine if an item exists in the collection by key.
      *
-     * @param  mixed  $key
+     * @param  TKey|array<array-key, TKey>  $key
      * @return bool
      */
     public function has($key)
@@ -559,12 +591,16 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Concatenate values of a given key as a string.
      *
-     * @param  string  $value
+     * @param  callable|string  $value
      * @param  string|null  $glue
      * @return string
      */
     public function implode($value, $glue = null)
     {
+        if ($this->useAsCallable($value)) {
+            return implode($glue ?? '', $this->map($value)->all());
+        }
+
         $first = $this->first();
 
         if (is_array($first) || (is_object($first) && ! $first instanceof \Illuminate\Support\Stringable)) {
@@ -577,7 +613,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Intersect the collection with the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function intersect($items)
@@ -585,10 +621,45 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
         return new static(array_intersect($this->items, $this->getArrayableItems($items)));
     }
 
+    /**
+     * Intersect the collection with the given items, using the callback.
+     *
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<array-key, TValue>|iterable<array-key, TValue>  $items
+     * @param  callable(TValue, TValue): int  $callback
+     * @return static
+     */
+    public function intersectUsing($items, callable $callback)
+    {
+        return new static(array_uintersect($this->items, $this->getArrayableItems($items), $callback));
+    }
+
+    /**
+     * Intersect the collection with the given items with additional index check.
+     *
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
+     * @return static
+     */
+    public function intersectAssoc($items)
+    {
+        return new static(array_intersect_assoc($this->items, $this->getArrayableItems($items)));
+    }
+
+    /**
+     * Intersect the collection with the given items with additional index check, using the callback.
+     *
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<array-key, TValue>|iterable<array-key, TValue>  $items
+     * @param  callable(TValue, TValue): int  $callback
+     * @return static
+     */
+    public function intersectAssocUsing($items, callable $callback)
+    {
+        return new static(array_intersect_uassoc($this->items, $this->getArrayableItems($items), $callback));
+    }
+
     /**
      * Intersect the collection with the given items by key.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function intersectByKeys($items)
@@ -651,7 +722,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get the keys of the collection items.
      *
-     * @return static
+     * @return static<int, TKey>
      */
     public function keys()
     {
@@ -661,9 +732,11 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get the last item from the collection.
      *
-     * @param  callable|null  $callback
-     * @param  mixed  $default
-     * @return mixed
+     * @template TLastDefault
+     *
+     * @param  (callable(TValue, TKey): bool)|null  $callback
+     * @param  TLastDefault|(\Closure(): TLastDefault)  $default
+     * @return TValue|TLastDefault
      */
     public function last(callable $callback = null, $default = null)
     {
@@ -673,9 +746,9 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get the values of a given key.
      *
-     * @param  string|array|int|null  $value
+     * @param  string|int|array<array-key, string>  $value
      * @param  string|null  $key
-     * @return static
+     * @return static<array-key, mixed>
      */
     public function pluck($value, $key = null)
     {
@@ -685,16 +758,14 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Run a map over each of the items.
      *
-     * @param  callable  $callback
-     * @return static
+     * @template TMapValue
+     *
+     * @param  callable(TValue, TKey): TMapValue  $callback
+     * @return static<TKey, TMapValue>
      */
     public function map(callable $callback)
     {
-        $keys = array_keys($this->items);
-
-        $items = array_map($callback, $this->items, $keys);
-
-        return new static(array_combine($keys, $items));
+        return new static(Arr::map($this->items, $callback));
     }
 
     /**
@@ -702,8 +773,11 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
      *
      * The callback should return an associative array with a single key/value pair.
      *
-     * @param  callable  $callback
-     * @return static
+     * @template TMapToDictionaryKey of array-key
+     * @template TMapToDictionaryValue
+     *
+     * @param  callable(TValue, TKey): array<TMapToDictionaryKey, TMapToDictionaryValue>  $callback
+     * @return static<TMapToDictionaryKey, array<int, TMapToDictionaryValue>>
      */
     public function mapToDictionary(callable $callback)
     {
@@ -731,8 +805,11 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
      *
      * The callback should return an associative array with a single key/value pair.
      *
-     * @param  callable  $callback
-     * @return static
+     * @template TMapWithKeysKey of array-key
+     * @template TMapWithKeysValue
+     *
+     * @param  callable(TValue, TKey): array<TMapWithKeysKey, TMapWithKeysValue>  $callback
+     * @return static<TMapWithKeysKey, TMapWithKeysValue>
      */
     public function mapWithKeys(callable $callback)
     {
@@ -752,7 +829,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Merge the collection with the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function merge($items)
@@ -763,8 +840,10 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Recursively merge the collection with the given items.
      *
-     * @param  mixed  $items
-     * @return static
+     * @template TMergeRecursiveValue
+     *
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TMergeRecursiveValue>|iterable<TKey, TMergeRecursiveValue>  $items
+     * @return static<TKey, TValue|TMergeRecursiveValue>
      */
     public function mergeRecursive($items)
     {
@@ -774,8 +853,10 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Create a collection by using this collection for keys and another for its values.
      *
-     * @param  mixed  $values
-     * @return static
+     * @template TCombineValue
+     *
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<array-key, TCombineValue>|iterable<array-key, TCombineValue>  $values
+     * @return static<TValue, TCombineValue>
      */
     public function combine($values)
     {
@@ -785,7 +866,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Union the collection with the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function union($items)
@@ -806,8 +887,8 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
 
         $position = 0;
 
-        foreach ($this->items as $item) {
-            if ($position % $step === $offset) {
+        foreach ($this->slice($offset)->items as $item) {
+            if ($position % $step === 0) {
                 $new[] = $item;
             }
 
@@ -820,7 +901,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get the items with the specified keys.
      *
-     * @param  mixed  $keys
+     * @param  \Tightenco\Collect\Support\Enumerable<array-key, TKey>|array<array-key, TKey>|string|null  $keys
      * @return static
      */
     public function only($keys)
@@ -842,7 +923,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
      * Get and remove the last N items from the collection.
      *
      * @param  int  $count
-     * @return mixed
+     * @return static<int, TValue>|TValue|null
      */
     public function pop($count = 1)
     {
@@ -868,8 +949,8 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Push an item onto the beginning of the collection.
      *
-     * @param  mixed  $value
-     * @param  mixed  $key
+     * @param  TValue  $value
+     * @param  TKey  $key
      * @return $this
      */
     public function prepend($value, $key = null)
@@ -882,7 +963,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Push one or more items onto the end of the collection.
      *
-     * @param  mixed  $values
+     * @param  TValue  ...$values
      * @return $this
      */
     public function push(...$values)
@@ -897,7 +978,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Push all of the given items onto the collection.
      *
-     * @param  iterable  $source
+     * @param  iterable<array-key, TValue>  $source
      * @return static
      */
     public function concat($source)
@@ -914,9 +995,11 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get and remove an item from the collection.
      *
-     * @param  mixed  $key
-     * @param  mixed  $default
-     * @return mixed
+     * @template TPullDefault
+     *
+     * @param  TKey  $key
+     * @param  TPullDefault|(\Closure(): TPullDefault)  $default
+     * @return TValue|TPullDefault
      */
     public function pull($key, $default = null)
     {
@@ -926,8 +1009,8 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Put an item in the collection by key.
      *
-     * @param  mixed  $key
-     * @param  mixed  $value
+     * @param  TKey  $key
+     * @param  TValue  $value
      * @return $this
      */
     public function put($key, $value)
@@ -940,8 +1023,8 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get one or a specified number of items randomly from the collection.
      *
-     * @param  int|null  $number
-     * @return static|mixed
+     * @param  (callable(self<TKey, TValue>): int)|int|null  $number
+     * @return static<int, TValue>|TValue
      *
      * @throws \InvalidArgumentException
      */
@@ -951,13 +1034,17 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
             return Arr::random($this->items);
         }
 
+        if (is_callable($number)) {
+            return new static(Arr::random($this->items, $number($this)));
+        }
+
         return new static(Arr::random($this->items, $number));
     }
 
     /**
      * Replace the collection items with the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function replace($items)
@@ -968,7 +1055,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Recursively replace the collection items with the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function replaceRecursive($items)
@@ -989,9 +1076,9 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Search the collection for a given value and return the corresponding key if successful.
      *
-     * @param  mixed  $value
+     * @param  TValue|(callable(TValue,TKey): bool)  $value
      * @param  bool  $strict
-     * @return mixed
+     * @return TKey|bool
      */
     public function search($value, $strict = false)
     {
@@ -1012,7 +1099,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
      * Get and remove the first N items from the collection.
      *
      * @param  int  $count
-     * @return mixed
+     * @return static<int, TValue>|TValue|null
      */
     public function shift($count = 1)
     {
@@ -1051,7 +1138,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
      *
      * @param  int  $size
      * @param  int  $step
-     * @return static
+     * @return static<int, static>
      */
     public function sliding($size = 2, $step = 1)
     {
@@ -1076,7 +1163,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Skip items in the collection until the given condition is met.
      *
-     * @param  mixed  $value
+     * @param  TValue|callable(TValue,TKey): bool  $value
      * @return static
      */
     public function skipUntil($value)
@@ -1087,7 +1174,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Skip items in the collection while the given condition is met.
      *
-     * @param  mixed  $value
+     * @param  TValue|callable(TValue,TKey): bool  $value
      * @return static
      */
     public function skipWhile($value)
@@ -1111,7 +1198,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
      * Split a collection into a certain number of groups.
      *
      * @param  int  $numberOfGroups
-     * @return static
+     * @return static<int, static>
      */
     public function split($numberOfGroups)
     {
@@ -1148,7 +1235,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
      * Split a collection into a certain number of groups, and fill the first groups completely.
      *
      * @param  int  $numberOfGroups
-     * @return static
+     * @return static<int, static>
      */
     public function splitIn($numberOfGroups)
     {
@@ -1158,10 +1245,10 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get the first item in the collection, but only if exactly one item exists. Otherwise, throw an exception.
      *
-     * @param  mixed  $key
+     * @param  (callable(TValue, TKey): bool)|string  $key
      * @param  mixed  $operator
      * @param  mixed  $value
-     * @return mixed
+     * @return TValue
      *
      * @throws \Tightenco\Collect\Support\ItemNotFoundException
      * @throws \Tightenco\Collect\Support\MultipleItemsFoundException
@@ -1172,14 +1259,16 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
             ? $this->operatorForWhere(...func_get_args())
             : $key;
 
-        $items = $this->when($filter)->filter($filter);
+        $items = $this->unless($filter == null)->filter($filter);
 
-        if ($items->isEmpty()) {
+        $count = $items->count();
+
+        if ($count === 0) {
             throw new ItemNotFoundException;
         }
 
-        if ($items->count() > 1) {
-            throw new MultipleItemsFoundException;
+        if ($count > 1) {
+            throw new MultipleItemsFoundException($count);
         }
 
         return $items->first();
@@ -1188,10 +1277,10 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get the first item in the collection but throw an exception if no matching items exist.
      *
-     * @param  mixed  $key
+     * @param  (callable(TValue, TKey): bool)|string  $key
      * @param  mixed  $operator
      * @param  mixed  $value
-     * @return mixed
+     * @return TValue
      *
      * @throws \Tightenco\Collect\Support\ItemNotFoundException
      */
@@ -1216,7 +1305,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
      * Chunk the collection into chunks of the given size.
      *
      * @param  int  $size
-     * @return static
+     * @return static<int, static>
      */
     public function chunk($size)
     {
@@ -1236,8 +1325,8 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Chunk the collection into chunks with a callback.
      *
-     * @param  callable  $callback
-     * @return static
+     * @param  callable(TValue, TKey, static<int, TValue>): bool  $callback
+     * @return static<int, static<int, TValue>>
      */
     public function chunkWhile(callable $callback)
     {
@@ -1249,7 +1338,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Sort through each item with a callback.
      *
-     * @param  callable|int|null  $callback
+     * @param  (callable(TValue, TValue): int)|null|int  $callback
      * @return static
      */
     public function sort($callback = null)
@@ -1281,7 +1370,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Sort the collection using the given callback.
      *
-     * @param  callable|array|string  $callback
+     * @param  array<array-key, (callable(TValue, TValue): mixed)|(callable(TValue, TKey): mixed)|string|array{string, string}>|(callable(TValue, TKey): mixed)|string  $callback
      * @param  int  $options
      * @param  bool  $descending
      * @return static
@@ -1319,14 +1408,14 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Sort the collection using multiple comparisons.
      *
-     * @param  array  $comparisons
+     * @param  array<array-key, (callable(TValue, TValue): mixed)|(callable(TValue, TKey): mixed)|string|array{string, string}>  $comparisons
      * @return static
      */
     protected function sortByMany(array $comparisons = [])
     {
         $items = $this->items;
 
-        usort($items, function ($a, $b) use ($comparisons) {
+        uasort($items, function ($a, $b) use ($comparisons) {
             foreach ($comparisons as $comparison) {
                 $comparison = Arr::wrap($comparison);
 
@@ -1335,8 +1424,6 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
                 $ascending = Arr::get($comparison, 1, true) === true ||
                              Arr::get($comparison, 1, true) === 'asc';
 
-                $result = 0;
-
                 if (! is_string($prop) && is_callable($prop)) {
                     $result = $prop($a, $b);
                 } else {
@@ -1363,7 +1450,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Sort the collection in descending order using the given callback.
      *
-     * @param  callable|string  $callback
+     * @param  array<array-key, (callable(TValue, TValue): mixed)|(callable(TValue, TKey): mixed)|string|array{string, string}>|(callable(TValue, TKey): mixed)|string  $callback
      * @param  int  $options
      * @return static
      */
@@ -1402,7 +1489,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Sort the collection keys using a callback.
      *
-     * @param  callable  $callback
+     * @param  callable(TKey, TKey): int  $callback
      * @return static
      */
     public function sortKeysUsing(callable $callback)
@@ -1419,7 +1506,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
      *
      * @param  int  $offset
      * @param  int|null  $length
-     * @param  mixed  $replacement
+     * @param  array<array-key, TValue>  $replacement
      * @return static
      */
     public function splice($offset, $length = null, $replacement = [])
@@ -1449,7 +1536,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Take items in the collection until the given condition is met.
      *
-     * @param  mixed  $value
+     * @param  TValue|callable(TValue,TKey): bool  $value
      * @return static
      */
     public function takeUntil($value)
@@ -1460,7 +1547,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Take items in the collection while the given condition is met.
      *
-     * @param  mixed  $value
+     * @param  TValue|callable(TValue,TKey): bool  $value
      * @return static
      */
     public function takeWhile($value)
@@ -1471,7 +1558,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Transform each item in the collection using a callback.
      *
-     * @param  callable  $callback
+     * @param  callable(TValue, TKey): TValue  $callback
      * @return $this
      */
     public function transform(callable $callback)
@@ -1494,7 +1581,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Return only unique items from the collection array.
      *
-     * @param  string|callable|null  $key
+     * @param  (callable(TValue, TKey): mixed)|string|null  $key
      * @param  bool  $strict
      * @return static
      */
@@ -1520,7 +1607,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Reset the keys on the underlying array.
      *
-     * @return static
+     * @return static<int, TValue>
      */
     public function values()
     {
@@ -1533,18 +1620,16 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
      * e.g. new Collection([1, 2, 3])->zip([4, 5, 6]);
      *      => [[1, 4], [2, 5], [3, 6]]
      *
-     * @param  mixed  ...$items
-     * @return static
+     * @template TZipValue
+     *
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<array-key, TZipValue>|iterable<array-key, TZipValue>  ...$items
+     * @return static<int, static<int, TValue|TZipValue>>
      */
     public function zip($items)
     {
-        $arrayableItems = array_map(function ($items) {
-            return $this->getArrayableItems($items);
-        }, func_get_args());
+        $arrayableItems = array_map(fn ($items) => $this->getArrayableItems($items), func_get_args());
 
-        $params = array_merge([function () {
-            return new static(func_get_args());
-        }, $this->items], $arrayableItems);
+        $params = array_merge([fn () => new static(func_get_args()), $this->items], $arrayableItems);
 
         return new static(array_map(...$params));
     }
@@ -1552,9 +1637,11 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Pad collection to the specified length with a value.
      *
+     * @template TPadValue
+     *
      * @param  int  $size
-     * @param  mixed  $value
-     * @return static
+     * @param  TPadValue  $value
+     * @return static<int, TValue|TPadValue>
      */
     public function pad($size, $value)
     {
@@ -1564,10 +1651,9 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get an iterator for the items.
      *
-     * @return \ArrayIterator
+     * @return \ArrayIterator<TKey, TValue>
      */
-    #[\ReturnTypeWillChange]
-    public function getIterator()
+    public function getIterator(): Traversable
     {
         return new ArrayIterator($this->items);
     }
@@ -1577,8 +1663,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
      *
      * @return int
      */
-    #[\ReturnTypeWillChange]
-    public function count()
+    public function count(): int
     {
         return count($this->items);
     }
@@ -1586,8 +1671,8 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Count the number of items in the collection by a field or using a callback.
      *
-     * @param  callable|string  $countBy
-     * @return static
+     * @param  (callable(TValue, TKey): array-key)|string|null  $countBy
+     * @return static<array-key, int>
      */
     public function countBy($countBy = null)
     {
@@ -1597,7 +1682,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Add an item to the collection.
      *
-     * @param  mixed  $item
+     * @param  TValue  $item
      * @return $this
      */
     public function add($item)
@@ -1610,7 +1695,7 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get a base Support collection instance from this collection.
      *
-     * @return \Tightenco\Collect\Support\Collection
+     * @return \Tightenco\Collect\Support\Collection<TKey, TValue>
      */
     public function toBase()
     {
@@ -1620,11 +1705,10 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Determine if an item exists at an offset.
      *
-     * @param  mixed  $key
+     * @param  TKey  $key
      * @return bool
      */
-    #[\ReturnTypeWillChange]
-    public function offsetExists($key)
+    public function offsetExists($key): bool
     {
         return isset($this->items[$key]);
     }
@@ -1632,11 +1716,10 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Get an item at a given offset.
      *
-     * @param  mixed  $key
-     * @return mixed
+     * @param  TKey  $key
+     * @return TValue
      */
-    #[\ReturnTypeWillChange]
-    public function offsetGet($key)
+    public function offsetGet($key): mixed
     {
         return $this->items[$key];
     }
@@ -1644,12 +1727,11 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Set the item at a given offset.
      *
-     * @param  mixed  $key
-     * @param  mixed  $value
+     * @param  TKey|null  $key
+     * @param  TValue  $value
      * @return void
      */
-    #[\ReturnTypeWillChange]
-    public function offsetSet($key, $value)
+    public function offsetSet($key, $value): void
     {
         if (is_null($key)) {
             $this->items[] = $value;
@@ -1661,11 +1743,10 @@ class Collection implements ArrayAccess, CanBeEscapedWhenCastToString, Enumerabl
     /**
      * Unset the item at a given offset.
      *
-     * @param  mixed  $key
+     * @param  TKey  $key
      * @return void
      */
-    #[\ReturnTypeWillChange]
-    public function offsetUnset($key)
+    public function offsetUnset($key): void
     {
         unset($this->items[$key]);
     }
diff --git a/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Enumerable.php b/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Enumerable.php
index 60af386cf..1f0db03ae 100644
--- a/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Enumerable.php
+++ b/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Enumerable.php
@@ -2,19 +2,31 @@
 
 namespace Tightenco\Collect\Support;
 
+use CachingIterator;
 use Countable;
 use Tightenco\Collect\Contracts\Support\Arrayable;
 use Tightenco\Collect\Contracts\Support\Jsonable;
 use IteratorAggregate;
 use JsonSerializable;
+use Traversable;
 
+/**
+ * @template TKey of array-key
+ * @template TValue
+ *
+ * @extends \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>
+ * @extends \IteratorAggregate<TKey, TValue>
+ */
 interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable, JsonSerializable
 {
     /**
      * Create a new collection instance if the value isn't one already.
      *
-     * @param  mixed  $items
-     * @return static
+     * @template TMakeKey of array-key
+     * @template TMakeValue
+     *
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TMakeKey, TMakeValue>|iterable<TMakeKey, TMakeValue>|null  $items
+     * @return static<TMakeKey, TMakeValue>
      */
     public static function make($items = []);
 
@@ -39,16 +51,21 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Wrap the given value in a collection if applicable.
      *
-     * @param  mixed  $value
-     * @return static
+     * @template TWrapValue
+     *
+     * @param  iterable<array-key, TWrapValue>|TWrapValue  $value
+     * @return static<array-key, TWrapValue>
      */
     public static function wrap($value);
 
     /**
      * Get the underlying items from the given collection if applicable.
      *
-     * @param  array|static  $value
-     * @return array
+     * @template TUnwrapKey of array-key
+     * @template TUnwrapValue
+     *
+     * @param  array<TUnwrapKey, TUnwrapValue>|static<TUnwrapKey, TUnwrapValue>  $value
+     * @return array<TUnwrapKey, TUnwrapValue>
      */
     public static function unwrap($value);
 
@@ -69,38 +86,38 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Alias for the "avg" method.
      *
-     * @param  callable|string|null  $callback
-     * @return mixed
+     * @param  (callable(TValue): float|int)|string|null  $callback
+     * @return float|int|null
      */
     public function average($callback = null);
 
     /**
      * Get the median of a given key.
      *
-     * @param  string|array|null  $key
-     * @return mixed
+     * @param  string|array<array-key, string>|null  $key
+     * @return float|int|null
      */
     public function median($key = null);
 
     /**
      * Get the mode of a given key.
      *
-     * @param  string|array|null  $key
-     * @return array|null
+     * @param  string|array<array-key, string>|null  $key
+     * @return array<int, float|int>|null
      */
     public function mode($key = null);
 
     /**
      * Collapse the items into a single enumerable.
      *
-     * @return static
+     * @return static<int, mixed>
      */
     public function collapse();
 
     /**
      * Alias for the "contains" method.
      *
-     * @param  mixed  $key
+     * @param  (callable(TValue, TKey): bool)|TValue|string  $key
      * @param  mixed  $operator
      * @param  mixed  $value
      * @return bool
@@ -110,8 +127,8 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Determine if an item exists, using strict comparison.
      *
-     * @param  mixed  $key
-     * @param  mixed  $value
+     * @param  (callable(TValue): bool)|TValue|array-key  $key
+     * @param  TValue|null  $value
      * @return bool
      */
     public function containsStrict($key, $value = null);
@@ -119,26 +136,39 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Get the average value of a given key.
      *
-     * @param  callable|string|null  $callback
-     * @return mixed
+     * @param  (callable(TValue): float|int)|string|null  $callback
+     * @return float|int|null
      */
     public function avg($callback = null);
 
     /**
      * Determine if an item exists in the enumerable.
      *
-     * @param  mixed  $key
+     * @param  (callable(TValue, TKey): bool)|TValue|string  $key
      * @param  mixed  $operator
      * @param  mixed  $value
      * @return bool
      */
     public function contains($key, $operator = null, $value = null);
 
+    /**
+     * Determine if an item is not contained in the collection.
+     *
+     * @param  mixed  $key
+     * @param  mixed  $operator
+     * @param  mixed  $value
+     * @return bool
+     */
+    public function doesntContain($key, $operator = null, $value = null);
+
     /**
      * Cross join with the given lists, returning all possible permutations.
      *
-     * @param  mixed  ...$lists
-     * @return static
+     * @template TCrossJoinKey
+     * @template TCrossJoinValue
+     *
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TCrossJoinKey, TCrossJoinValue>|iterable<TCrossJoinKey, TCrossJoinValue>  ...$lists
+     * @return static<int, array<int, TValue|TCrossJoinValue>>
      */
     public function crossJoin(...$lists);
 
@@ -146,7 +176,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
      * Dump the collection and end the script.
      *
      * @param  mixed  ...$args
-     * @return void
+     * @return never
      */
     public function dd(...$args);
 
@@ -160,7 +190,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Get the items that are not present in the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<array-key, TValue>|iterable<array-key, TValue>  $items
      * @return static
      */
     public function diff($items);
@@ -168,8 +198,8 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Get the items that are not present in the given items, using the callback.
      *
-     * @param  mixed  $items
-     * @param  callable  $callback
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<array-key, TValue>|iterable<array-key, TValue>  $items
+     * @param  callable(TValue, TValue): int  $callback
      * @return static
      */
     public function diffUsing($items, callable $callback);
@@ -177,7 +207,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Get the items whose keys and values are not present in the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function diffAssoc($items);
@@ -185,8 +215,8 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Get the items whose keys and values are not present in the given items, using the callback.
      *
-     * @param  mixed  $items
-     * @param  callable  $callback
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
+     * @param  callable(TKey, TKey): int  $callback
      * @return static
      */
     public function diffAssocUsing($items, callable $callback);
@@ -194,7 +224,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Get the items whose keys are not present in the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function diffKeys($items);
@@ -202,8 +232,8 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Get the items whose keys are not present in the given items, using the callback.
      *
-     * @param  mixed  $items
-     * @param  callable  $callback
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
+     * @param  callable(TKey, TKey): int  $callback
      * @return static
      */
     public function diffKeysUsing($items, callable $callback);
@@ -211,7 +241,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Retrieve duplicate items.
      *
-     * @param  callable|string|null  $callback
+     * @param  (callable(TValue): bool)|string|null  $callback
      * @param  bool  $strict
      * @return static
      */
@@ -220,7 +250,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Retrieve duplicate items using strict comparison.
      *
-     * @param  callable|string|null  $callback
+     * @param  (callable(TValue): bool)|string|null  $callback
      * @return static
      */
     public function duplicatesStrict($callback = null);
@@ -228,7 +258,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Execute a callback over each item.
      *
-     * @param  callable  $callback
+     * @param  callable(TValue, TKey): mixed  $callback
      * @return $this
      */
     public function each(callable $callback);
@@ -244,7 +274,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Determine if all items pass the given truth test.
      *
-     * @param  string|callable  $key
+     * @param  (callable(TValue, TKey): bool)|TValue|string  $key
      * @param  mixed  $operator
      * @param  mixed  $value
      * @return bool
@@ -254,7 +284,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Get all items except for those with the specified keys.
      *
-     * @param  mixed  $keys
+     * @param  \Tightenco\Collect\Support\Enumerable<array-key, TKey>|array<array-key, TKey>  $keys
      * @return static
      */
     public function except($keys);
@@ -262,64 +292,76 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Run a filter over each of the items.
      *
-     * @param  callable|null  $callback
+     * @param  (callable(TValue): bool)|null  $callback
      * @return static
      */
     public function filter(callable $callback = null);
 
     /**
-     * Apply the callback if the value is truthy.
+     * Apply the callback if the given "value" is (or resolves to) truthy.
+     *
+     * @template TWhenReturnType as null
      *
      * @param  bool  $value
-     * @param  callable  $callback
-     * @param  callable|null  $default
-     * @return static|mixed
+     * @param  (callable($this): TWhenReturnType)|null  $callback
+     * @param  (callable($this): TWhenReturnType)|null  $default
+     * @return $this|TWhenReturnType
      */
-    public function when($value, callable $callback, callable $default = null);
+    public function when($value, callable $callback = null, callable $default = null);
 
     /**
      * Apply the callback if the collection is empty.
      *
-     * @param  callable  $callback
-     * @param  callable|null  $default
-     * @return static|mixed
+     * @template TWhenEmptyReturnType
+     *
+     * @param  (callable($this): TWhenEmptyReturnType)  $callback
+     * @param  (callable($this): TWhenEmptyReturnType)|null  $default
+     * @return $this|TWhenEmptyReturnType
      */
     public function whenEmpty(callable $callback, callable $default = null);
 
     /**
      * Apply the callback if the collection is not empty.
      *
-     * @param  callable  $callback
-     * @param  callable|null  $default
-     * @return static|mixed
+     * @template TWhenNotEmptyReturnType
+     *
+     * @param  callable($this): TWhenNotEmptyReturnType  $callback
+     * @param  (callable($this): TWhenNotEmptyReturnType)|null  $default
+     * @return $this|TWhenNotEmptyReturnType
      */
     public function whenNotEmpty(callable $callback, callable $default = null);
 
     /**
-     * Apply the callback if the value is falsy.
+     * Apply the callback if the given "value" is (or resolves to) truthy.
+     *
+     * @template TUnlessReturnType
      *
      * @param  bool  $value
-     * @param  callable  $callback
-     * @param  callable|null  $default
-     * @return static|mixed
+     * @param  (callable($this): TUnlessReturnType)  $callback
+     * @param  (callable($this): TUnlessReturnType)|null  $default
+     * @return $this|TUnlessReturnType
      */
     public function unless($value, callable $callback, callable $default = null);
 
     /**
      * Apply the callback unless the collection is empty.
      *
-     * @param  callable  $callback
-     * @param  callable|null  $default
-     * @return static|mixed
+     * @template TUnlessEmptyReturnType
+     *
+     * @param  callable($this): TUnlessEmptyReturnType  $callback
+     * @param  (callable($this): TUnlessEmptyReturnType)|null  $default
+     * @return $this|TUnlessEmptyReturnType
      */
     public function unlessEmpty(callable $callback, callable $default = null);
 
     /**
      * Apply the callback unless the collection is not empty.
      *
-     * @param  callable  $callback
-     * @param  callable|null  $default
-     * @return static|mixed
+     * @template TUnlessNotEmptyReturnType
+     *
+     * @param  callable($this): TUnlessNotEmptyReturnType  $callback
+     * @param  (callable($this): TUnlessNotEmptyReturnType)|null  $default
+     * @return $this|TUnlessNotEmptyReturnType
      */
     public function unlessNotEmpty(callable $callback, callable $default = null);
 
@@ -362,7 +404,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
      * Filter items by the given key value pair.
      *
      * @param  string  $key
-     * @param  mixed  $values
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable|iterable  $values
      * @param  bool  $strict
      * @return static
      */
@@ -372,7 +414,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
      * Filter items by the given key value pair using strict comparison.
      *
      * @param  string  $key
-     * @param  mixed  $values
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable|iterable  $values
      * @return static
      */
     public function whereInStrict($key, $values);
@@ -381,7 +423,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
      * Filter items such that the value of the given key is between the given values.
      *
      * @param  string  $key
-     * @param  array  $values
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable|iterable  $values
      * @return static
      */
     public function whereBetween($key, $values);
@@ -390,7 +432,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
      * Filter items such that the value of the given key is not between the given values.
      *
      * @param  string  $key
-     * @param  array  $values
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable|iterable  $values
      * @return static
      */
     public function whereNotBetween($key, $values);
@@ -399,7 +441,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
      * Filter items by the given key value pair.
      *
      * @param  string  $key
-     * @param  mixed  $values
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable|iterable  $values
      * @param  bool  $strict
      * @return static
      */
@@ -409,7 +451,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
      * Filter items by the given key value pair using strict comparison.
      *
      * @param  string  $key
-     * @param  mixed  $values
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable|iterable  $values
      * @return static
      */
     public function whereNotInStrict($key, $values);
@@ -417,17 +459,21 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Filter the items, removing any items that don't match the given type(s).
      *
-     * @param  string|string[]  $type
-     * @return static
+     * @template TWhereInstanceOf
+     *
+     * @param  class-string<TWhereInstanceOf>|array<array-key, class-string<TWhereInstanceOf>>  $type
+     * @return static<TKey, TWhereInstanceOf>
      */
     public function whereInstanceOf($type);
 
     /**
      * Get the first item from the enumerable passing the given truth test.
      *
-     * @param  callable|null  $callback
-     * @param  mixed  $default
-     * @return mixed
+     * @template TFirstDefault
+     *
+     * @param  (callable(TValue,TKey): bool)|null  $callback
+     * @param  TFirstDefault|(\Closure(): TFirstDefault)  $default
+     * @return TValue|TFirstDefault
      */
     public function first(callable $callback = null, $default = null);
 
@@ -437,7 +483,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
      * @param  string  $key
      * @param  mixed  $operator
      * @param  mixed  $value
-     * @return mixed
+     * @return TValue|null
      */
     public function firstWhere($key, $operator = null, $value = null);
 
@@ -452,44 +498,54 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Flip the values with their keys.
      *
-     * @return static
+     * @return static<TValue, TKey>
      */
     public function flip();
 
     /**
      * Get an item from the collection by key.
      *
-     * @param  mixed  $key
-     * @param  mixed  $default
-     * @return mixed
+     * @template TGetDefault
+     *
+     * @param  TKey  $key
+     * @param  TGetDefault|(\Closure(): TGetDefault)  $default
+     * @return TValue|TGetDefault
      */
     public function get($key, $default = null);
 
     /**
      * Group an associative array by a field or using a callback.
      *
-     * @param  array|callable|string  $groupBy
+     * @param  (callable(TValue, TKey): array-key)|array|string  $groupBy
      * @param  bool  $preserveKeys
-     * @return static
+     * @return static<array-key, static<array-key, TValue>>
      */
     public function groupBy($groupBy, $preserveKeys = false);
 
     /**
      * Key an associative array by a field or using a callback.
      *
-     * @param  callable|string  $keyBy
-     * @return static
+     * @param  (callable(TValue, TKey): array-key)|array|string  $keyBy
+     * @return static<array-key, TValue>
      */
     public function keyBy($keyBy);
 
     /**
      * Determine if an item exists in the collection by key.
      *
-     * @param  mixed  $key
+     * @param  TKey|array<array-key, TKey>  $key
      * @return bool
      */
     public function has($key);
 
+    /**
+     * Determine if any of the keys exist in the collection.
+     *
+     * @param  mixed  $key
+     * @return bool
+     */
+    public function hasAny($key);
+
     /**
      * Concatenate values of a given key as a string.
      *
@@ -502,7 +558,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Intersect the collection with the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function intersect($items);
@@ -510,7 +566,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Intersect the collection with the given items by key.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function intersectByKeys($items);
@@ -529,6 +585,13 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
      */
     public function isNotEmpty();
 
+    /**
+     * Determine if the collection contains a single item.
+     *
+     * @return bool
+     */
+    public function containsOneItem();
+
     /**
      * Join all items from the collection using a string. The final items can use a separate glue string.
      *
@@ -541,24 +604,28 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Get the keys of the collection items.
      *
-     * @return static
+     * @return static<int, TKey>
      */
     public function keys();
 
     /**
      * Get the last item from the collection.
      *
-     * @param  callable|null  $callback
-     * @param  mixed  $default
-     * @return mixed
+     * @template TLastDefault
+     *
+     * @param  (callable(TValue, TKey): bool)|null  $callback
+     * @param  TLastDefault|(\Closure(): TLastDefault)  $default
+     * @return TValue|TLastDefault
      */
     public function last(callable $callback = null, $default = null);
 
     /**
      * Run a map over each of the items.
      *
-     * @param  callable  $callback
-     * @return static
+     * @template TMapValue
+     *
+     * @param  callable(TValue, TKey): TMapValue  $callback
+     * @return static<TKey, TMapValue>
      */
     public function map(callable $callback);
 
@@ -575,8 +642,11 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
      *
      * The callback should return an associative array with a single key/value pair.
      *
-     * @param  callable  $callback
-     * @return static
+     * @template TMapToDictionaryKey of array-key
+     * @template TMapToDictionaryValue
+     *
+     * @param  callable(TValue, TKey): array<TMapToDictionaryKey, TMapToDictionaryValue>  $callback
+     * @return static<TMapToDictionaryKey, array<int, TMapToDictionaryValue>>
      */
     public function mapToDictionary(callable $callback);
 
@@ -585,8 +655,11 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
      *
      * The callback should return an associative array with a single key/value pair.
      *
-     * @param  callable  $callback
-     * @return static
+     * @template TMapToGroupsKey of array-key
+     * @template TMapToGroupsValue
+     *
+     * @param  callable(TValue, TKey): array<TMapToGroupsKey, TMapToGroupsValue>  $callback
+     * @return static<TMapToGroupsKey, static<int, TMapToGroupsValue>>
      */
     public function mapToGroups(callable $callback);
 
@@ -595,31 +668,39 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
      *
      * The callback should return an associative array with a single key/value pair.
      *
-     * @param  callable  $callback
-     * @return static
+     * @template TMapWithKeysKey of array-key
+     * @template TMapWithKeysValue
+     *
+     * @param  callable(TValue, TKey): array<TMapWithKeysKey, TMapWithKeysValue>  $callback
+     * @return static<TMapWithKeysKey, TMapWithKeysValue>
      */
     public function mapWithKeys(callable $callback);
 
     /**
      * Map a collection and flatten the result by a single level.
      *
-     * @param  callable  $callback
-     * @return static
+     * @template TFlatMapKey of array-key
+     * @template TFlatMapValue
+     *
+     * @param  callable(TValue, TKey): (\Tightenco\Collect\Support\Collection<TFlatMapKey, TFlatMapValue>|array<TFlatMapKey, TFlatMapValue>)  $callback
+     * @return static<TFlatMapKey, TFlatMapValue>
      */
     public function flatMap(callable $callback);
 
     /**
      * Map the values into a new class.
      *
-     * @param  string  $class
-     * @return static
+     * @template TMapIntoValue
+     *
+     * @param  class-string<TMapIntoValue>  $class
+     * @return static<TKey, TMapIntoValue>
      */
     public function mapInto($class);
 
     /**
      * Merge the collection with the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function merge($items);
@@ -627,23 +708,27 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Recursively merge the collection with the given items.
      *
-     * @param  mixed  $items
-     * @return static
+     * @template TMergeRecursiveValue
+     *
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TMergeRecursiveValue>|iterable<TKey, TMergeRecursiveValue>  $items
+     * @return static<TKey, TValue|TMergeRecursiveValue>
      */
     public function mergeRecursive($items);
 
     /**
      * Create a collection by using this collection for keys and another for its values.
      *
-     * @param  mixed  $values
-     * @return static
+     * @template TCombineValue
+     *
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<array-key, TCombineValue>|iterable<array-key, TCombineValue>  $values
+     * @return static<TValue, TCombineValue>
      */
     public function combine($values);
 
     /**
      * Union the collection with the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function union($items);
@@ -651,7 +736,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Get the min value of a given key.
      *
-     * @param  callable|string|null  $callback
+     * @param  (callable(TValue):mixed)|string|null  $callback
      * @return mixed
      */
     public function min($callback = null);
@@ -659,7 +744,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Get the max value of a given key.
      *
-     * @param  callable|string|null  $callback
+     * @param  (callable(TValue):mixed)|string|null  $callback
      * @return mixed
      */
     public function max($callback = null);
@@ -676,7 +761,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Get the items with the specified keys.
      *
-     * @param  mixed  $keys
+     * @param  \Tightenco\Collect\Support\Enumerable<array-key, TKey>|array<array-key, TKey>|string  $keys
      * @return static
      */
     public function only($keys);
@@ -693,17 +778,17 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Partition the collection into two arrays using the given callback or key.
      *
-     * @param  callable|string  $key
+     * @param  (callable(TValue, TKey): bool)|TValue|string  $key
      * @param  mixed  $operator
      * @param  mixed  $value
-     * @return static
+     * @return static<int<0, 1>, static<TKey, TValue>>
      */
     public function partition($key, $operator = null, $value = null);
 
     /**
      * Push all of the given items onto the collection.
      *
-     * @param  iterable  $source
+     * @param  iterable<array-key, TValue>  $source
      * @return static
      */
     public function concat($source);
@@ -712,7 +797,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
      * Get one or a specified number of items randomly from the collection.
      *
      * @param  int|null  $number
-     * @return static|mixed
+     * @return static<int, TValue>|TValue
      *
      * @throws \InvalidArgumentException
      */
@@ -721,16 +806,30 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Reduce the collection to a single value.
      *
-     * @param  callable  $callback
-     * @param  mixed  $initial
-     * @return mixed
+     * @template TReduceInitial
+     * @template TReduceReturnType
+     *
+     * @param  callable(TReduceInitial|TReduceReturnType, TValue, TKey): TReduceReturnType  $callback
+     * @param  TReduceInitial  $initial
+     * @return TReduceReturnType
      */
     public function reduce(callable $callback, $initial = null);
 
+    /**
+     * Reduce the collection to multiple aggregate values.
+     *
+     * @param  callable  $callback
+     * @param  mixed  ...$initial
+     * @return array
+     *
+     * @throws \UnexpectedValueException
+     */
+    public function reduceSpread(callable $callback, ...$initial);
+
     /**
      * Replace the collection items with the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function replace($items);
@@ -738,7 +837,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Recursively replace the collection items with the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function replaceRecursive($items);
@@ -753,9 +852,9 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Search the collection for a given value and return the corresponding key if successful.
      *
-     * @param  mixed  $value
+     * @param  TValue|callable(TValue,TKey): bool  $value
      * @param  bool  $strict
-     * @return mixed
+     * @return TKey|bool
      */
     public function search($value, $strict = false);
 
@@ -767,6 +866,15 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
      */
     public function shuffle($seed = null);
 
+    /**
+     * Create chunks representing a "sliding window" view of the items in the collection.
+     *
+     * @param  int  $size
+     * @param  int  $step
+     * @return static<int, static>
+     */
+    public function sliding($size = 2, $step = 1);
+
     /**
      * Skip the first {$count} items.
      *
@@ -778,7 +886,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Skip items in the collection until the given condition is met.
      *
-     * @param  mixed  $value
+     * @param  TValue|callable(TValue,TKey): bool  $value
      * @return static
      */
     public function skipUntil($value);
@@ -786,7 +894,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Skip items in the collection while the given condition is met.
      *
-     * @param  mixed  $value
+     * @param  TValue|callable(TValue,TKey): bool  $value
      * @return static
      */
     public function skipWhile($value);
@@ -804,30 +912,63 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
      * Split a collection into a certain number of groups.
      *
      * @param  int  $numberOfGroups
-     * @return static
+     * @return static<int, static>
      */
     public function split($numberOfGroups);
 
+    /**
+     * Get the first item in the collection, but only if exactly one item exists. Otherwise, throw an exception.
+     *
+     * @param  (callable(TValue, TKey): bool)|string  $key
+     * @param  mixed  $operator
+     * @param  mixed  $value
+     * @return TValue
+     *
+     * @throws \Tightenco\Collect\Support\ItemNotFoundException
+     * @throws \Tightenco\Collect\Support\MultipleItemsFoundException
+     */
+    public function sole($key = null, $operator = null, $value = null);
+
+    /**
+     * Get the first item in the collection but throw an exception if no matching items exist.
+     *
+     * @param  (callable(TValue, TKey): bool)|string  $key
+     * @param  mixed  $operator
+     * @param  mixed  $value
+     * @return TValue
+     *
+     * @throws \Tightenco\Collect\Support\ItemNotFoundException
+     */
+    public function firstOrFail($key = null, $operator = null, $value = null);
+
     /**
      * Chunk the collection into chunks of the given size.
      *
      * @param  int  $size
-     * @return static
+     * @return static<int, static>
      */
     public function chunk($size);
 
     /**
      * Chunk the collection into chunks with a callback.
      *
-     * @param  callable  $callback
-     * @return static
+     * @param  callable(TValue, TKey, static<int, TValue>): bool  $callback
+     * @return static<int, static<int, TValue>>
      */
     public function chunkWhile(callable $callback);
 
+    /**
+     * Split a collection into a certain number of groups, and fill the first groups completely.
+     *
+     * @param  int  $numberOfGroups
+     * @return static<int, static>
+     */
+    public function splitIn($numberOfGroups);
+
     /**
      * Sort through each item with a callback.
      *
-     * @param  callable|null|int  $callback
+     * @param  (callable(TValue, TValue): int)|null|int  $callback
      * @return static
      */
     public function sort($callback = null);
@@ -843,7 +984,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Sort the collection using the given callback.
      *
-     * @param  callable|string  $callback
+     * @param  array<array-key, (callable(TValue, TValue): mixed)|(callable(TValue, TKey): mixed)|string|array{string, string}>|(callable(TValue, TKey): mixed)|string  $callback
      * @param  int  $options
      * @param  bool  $descending
      * @return static
@@ -853,7 +994,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Sort the collection in descending order using the given callback.
      *
-     * @param  callable|string  $callback
+     * @param  array<array-key, (callable(TValue, TValue): mixed)|(callable(TValue, TKey): mixed)|string|array{string, string}>|(callable(TValue, TKey): mixed)|string  $callback
      * @param  int  $options
      * @return static
      */
@@ -876,10 +1017,18 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
      */
     public function sortKeysDesc($options = SORT_REGULAR);
 
+    /**
+     * Sort the collection keys using a callback.
+     *
+     * @param  callable(TKey, TKey): int  $callback
+     * @return static
+     */
+    public function sortKeysUsing(callable $callback);
+
     /**
      * Get the sum of the given values.
      *
-     * @param  callable|string|null  $callback
+     * @param  (callable(TValue): mixed)|string|null  $callback
      * @return mixed
      */
     public function sum($callback = null);
@@ -895,7 +1044,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Take items in the collection until the given condition is met.
      *
-     * @param  mixed  $value
+     * @param  TValue|callable(TValue,TKey): bool  $value
      * @return static
      */
     public function takeUntil($value);
@@ -903,7 +1052,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Take items in the collection while the given condition is met.
      *
-     * @param  mixed  $value
+     * @param  TValue|callable(TValue,TKey): bool  $value
      * @return static
      */
     public function takeWhile($value);
@@ -911,7 +1060,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Pass the collection to the given callback and then return it.
      *
-     * @param  callable  $callback
+     * @param  callable(TValue): mixed  $callback
      * @return $this
      */
     public function tap(callable $callback);
@@ -919,32 +1068,57 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Pass the enumerable to the given callback and return the result.
      *
-     * @param  callable  $callback
-     * @return mixed
+     * @template TPipeReturnType
+     *
+     * @param  callable($this): TPipeReturnType  $callback
+     * @return TPipeReturnType
      */
     public function pipe(callable $callback);
 
+    /**
+     * Pass the collection into a new class.
+     *
+     * @param  class-string  $class
+     * @return mixed
+     */
+    public function pipeInto($class);
+
+    /**
+     * Pass the collection through a series of callable pipes and return the result.
+     *
+     * @param  array<callable>  $pipes
+     * @return mixed
+     */
+    public function pipeThrough($pipes);
+
     /**
      * Get the values of a given key.
      *
-     * @param  string|array  $value
+     * @param  string|array<array-key, string>  $value
      * @param  string|null  $key
-     * @return static
+     * @return static<int, mixed>
      */
     public function pluck($value, $key = null);
 
     /**
      * Create a collection of all elements that do not pass a given truth test.
      *
-     * @param  callable|mixed  $callback
+     * @param  (callable(TValue, TKey): bool)|bool|TValue  $callback
      * @return static
      */
     public function reject($callback = true);
 
+    /**
+     * Convert a flatten "dot" notation array into an expanded array.
+     *
+     * @return static
+     */
+    public function undot();
+
     /**
      * Return only unique items from the collection array.
      *
-     * @param  string|callable|null  $key
+     * @param  (callable(TValue, TKey): mixed)|string|null  $key
      * @param  bool  $strict
      * @return static
      */
@@ -953,7 +1127,7 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Return only unique items from the collection array using strict comparison.
      *
-     * @param  string|callable|null  $key
+     * @param  (callable(TValue, TKey): mixed)|string|null  $key
      * @return static
      */
     public function uniqueStrict($key = null);
@@ -961,26 +1135,42 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
     /**
      * Reset the keys on the underlying array.
      *
-     * @return static
+     * @return static<int, TValue>
      */
     public function values();
 
     /**
      * Pad collection to the specified length with a value.
      *
+     * @template TPadValue
+     *
      * @param  int  $size
-     * @param  mixed  $value
-     * @return static
+     * @param  TPadValue  $value
+     * @return static<int, TValue|TPadValue>
      */
     public function pad($size, $value);
 
     /**
-     * Count the number of items in the collection using a given truth test.
+     * Get the values iterator.
      *
-     * @param  callable|null  $callback
-     * @return static
+     * @return \Traversable<TKey, TValue>
      */
-    public function countBy($callback = null);
+    public function getIterator(): Traversable;
+
+    /**
+     * Count the number of items in the collection.
+     *
+     * @return int
+     */
+    public function count(): int;
+
+    /**
+     * Count the number of items in the collection by a field or using a callback.
+     *
+     * @param  (callable(TValue, TKey): array-key)|string|null  $countBy
+     * @return static<array-key, int>
+     */
+    public function countBy($countBy = null);
 
     /**
      * Zip the collection together with one or more arrays.
@@ -988,18 +1178,50 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
      * e.g. new Collection([1, 2, 3])->zip([4, 5, 6]);
      *      => [[1, 4], [2, 5], [3, 6]]
      *
-     * @param  mixed  ...$items
-     * @return static
+     * @template TZipValue
+     *
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<array-key, TZipValue>|iterable<array-key, TZipValue>  ...$items
+     * @return static<int, static<int, TValue|TZipValue>>
      */
     public function zip($items);
 
     /**
      * Collect the values into a collection.
      *
-     * @return \Tightenco\Collect\Support\Collection
+     * @return \Tightenco\Collect\Support\Collection<TKey, TValue>
      */
     public function collect();
 
+    /**
+     * Get the collection of items as a plain array.
+     *
+     * @return array<TKey, mixed>
+     */
+    public function toArray();
+
+    /**
+     * Convert the object into something JSON serializable.
+     *
+     * @return mixed
+     */
+    public function jsonSerialize(): mixed;
+
+    /**
+     * Get the collection of items as JSON.
+     *
+     * @param  int  $options
+     * @return string
+     */
+    public function toJson($options = 0);
+
+    /**
+     * Get a CachingIterator instance.
+     *
+     * @param  int  $flags
+     * @return \CachingIterator
+     */
+    public function getCachingIterator($flags = CachingIterator::CALL_TOSTRING);
+
     /**
      * Convert the collection to its string representation.
      *
@@ -1007,6 +1229,14 @@ interface Enumerable extends Arrayable, Countable, IteratorAggregate, Jsonable,
      */
     public function __toString();
 
+    /**
+     * Indicate that the model's string representation should be escaped when __toString is invoked.
+     *
+     * @param  bool  $escape
+     * @return $this
+     */
+    public function escapeWhenCastingToString($escape = true);
+
     /**
      * Add a method to the list of proxied methods.
      *
diff --git a/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/HigherOrderWhenProxy.php b/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/HigherOrderWhenProxy.php
deleted file mode 100644
index ea48c7c58..000000000
--- a/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/HigherOrderWhenProxy.php
+++ /dev/null
@@ -1,63 +0,0 @@
-<?php
-
-namespace Tightenco\Collect\Support;
-
-/**
- * @mixin \Tightenco\Collect\Support\Enumerable
- */
-class HigherOrderWhenProxy
-{
-    /**
-     * The collection being operated on.
-     *
-     * @var \Tightenco\Collect\Support\Enumerable
-     */
-    protected $collection;
-
-    /**
-     * The condition for proxying.
-     *
-     * @var bool
-     */
-    protected $condition;
-
-    /**
-     * Create a new proxy instance.
-     *
-     * @param  \Tightenco\Collect\Support\Enumerable  $collection
-     * @param  bool  $condition
-     * @return void
-     */
-    public function __construct(Enumerable $collection, $condition)
-    {
-        $this->condition = $condition;
-        $this->collection = $collection;
-    }
-
-    /**
-     * Proxy accessing an attribute onto the collection.
-     *
-     * @param  string  $key
-     * @return mixed
-     */
-    public function __get($key)
-    {
-        return $this->condition
-            ? $this->collection->{$key}
-            : $this->collection;
-    }
-
-    /**
-     * Proxy a method call onto the collection.
-     *
-     * @param  string  $method
-     * @param  array  $parameters
-     * @return mixed
-     */
-    public function __call($method, $parameters)
-    {
-        return $this->condition
-            ? $this->collection->{$method}(...$parameters)
-            : $this->collection;
-    }
-}
diff --git a/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/LazyCollection.php b/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/LazyCollection.php
index 464cee1b8..07327cb1c 100644
--- a/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/LazyCollection.php
+++ b/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/LazyCollection.php
@@ -5,27 +5,39 @@ namespace Tightenco\Collect\Support;
 use ArrayIterator;
 use Closure;
 use DateTimeInterface;
+use Generator;
 use Tightenco\Collect\Contracts\Support\CanBeEscapedWhenCastToString;
 use Tightenco\Collect\Support\Traits\EnumeratesValues;
 use Tightenco\Collect\Support\Traits\Macroable;
+use InvalidArgumentException;
 use IteratorAggregate;
 use stdClass;
+use Traversable;
 
+/**
+ * @template TKey of array-key
+ * @template TValue
+ *
+ * @implements \Tightenco\Collect\Support\Enumerable<TKey, TValue>
+ */
 class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
 {
+    /**
+     * @use \Tightenco\Collect\Support\Traits\EnumeratesValues<TKey, TValue>
+     */
     use EnumeratesValues, Macroable;
 
     /**
      * The source from which to generate items.
      *
-     * @var callable|static
+     * @var (Closure(): \Generator<TKey, TValue, mixed, void>)|static|array<TKey, TValue>
      */
     public $source;
 
     /**
      * Create a new lazy collection instance.
      *
-     * @param  mixed  $source
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>|(Closure(): \Generator<TKey, TValue, mixed, void>)|self<TKey, TValue>|array<TKey, TValue>|null  $source
      * @return void
      */
     public function __construct($source = null)
@@ -34,17 +46,35 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
             $this->source = $source;
         } elseif (is_null($source)) {
             $this->source = static::empty();
+        } elseif ($source instanceof Generator) {
+            throw new InvalidArgumentException(
+                'Generators should not be passed directly to LazyCollection. Instead, pass a generator function.'
+            );
         } else {
             $this->source = $this->getArrayableItems($source);
         }
     }
 
+    /**
+     * Create a new collection instance if the value isn't one already.
+     *
+     * @template TMakeKey of array-key
+     * @template TMakeValue
+     *
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TMakeKey, TMakeValue>|iterable<TMakeKey, TMakeValue>|(Closure(): \Generator<TMakeKey, TMakeValue, mixed, void>)|self<TMakeKey, TMakeValue>|array<TMakeKey, TMakeValue>|null  $items
+     * @return static<TMakeKey, TMakeValue>
+     */
+    public static function make($items = [])
+    {
+        return new static($items);
+    }
+
     /**
      * Create a collection with the given range.
      *
      * @param  int  $from
      * @param  int  $to
-     * @return static
+     * @return static<int, int>
      */
     public static function range($from, $to)
     {
@@ -64,7 +94,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Get all items in the enumerable.
      *
-     * @return array
+     * @return array<TKey, TValue>
      */
     public function all()
     {
@@ -126,8 +156,8 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Get the average value of a given key.
      *
-     * @param  callable|string|null  $callback
-     * @return mixed
+     * @param  (callable(TValue): float|int)|string|null  $callback
+     * @return float|int|null
      */
     public function avg($callback = null)
     {
@@ -137,8 +167,8 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Get the median of a given key.
      *
-     * @param  string|array|null  $key
-     * @return mixed
+     * @param  string|array<array-key, string>|null  $key
+     * @return float|int|null
      */
     public function median($key = null)
     {
@@ -148,8 +178,8 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Get the mode of a given key.
      *
-     * @param  string|array|null  $key
-     * @return array|null
+     * @param  string|array<string>|null  $key
+     * @return array<int, float|int>|null
      */
     public function mode($key = null)
     {
@@ -159,7 +189,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Collapse the collection of items into a single array.
      *
-     * @return static
+     * @return static<int, mixed>
      */
     public function collapse()
     {
@@ -177,7 +207,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Determine if an item exists in the enumerable.
      *
-     * @param  mixed  $key
+     * @param  (callable(TValue, TKey): bool)|TValue|string  $key
      * @param  mixed  $operator
      * @param  mixed  $value
      * @return bool
@@ -187,6 +217,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
         if (func_num_args() === 1 && $this->useAsCallable($key)) {
             $placeholder = new stdClass;
 
+            /** @var callable $key */
             return $this->first($key, $placeholder) !== $placeholder;
         }
 
@@ -205,6 +236,32 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
         return $this->contains($this->operatorForWhere(...func_get_args()));
     }
 
+    /**
+     * Determine if an item exists, using strict comparison.
+     *
+     * @param  (callable(TValue): bool)|TValue|array-key  $key
+     * @param  TValue|null  $value
+     * @return bool
+     */
+    public function containsStrict($key, $value = null)
+    {
+        if (func_num_args() === 2) {
+            return $this->contains(fn ($item) => data_get($item, $key) === $value);
+        }
+
+        if ($this->useAsCallable($key)) {
+            return ! is_null($this->first($key));
+        }
+
+        foreach ($this as $item) {
+            if ($item === $key) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
     /**
      * Determine if an item is not contained in the enumerable.
      *
@@ -221,8 +278,11 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Cross join the given iterables, returning all possible permutations.
      *
-     * @param  array  ...$arrays
-     * @return static
+     * @template TCrossJoinKey
+     * @template TCrossJoinValue
+     *
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TCrossJoinKey, TCrossJoinValue>|iterable<TCrossJoinKey, TCrossJoinValue>  ...$arrays
+     * @return static<int, array<int, TValue|TCrossJoinValue>>
      */
     public function crossJoin(...$arrays)
     {
@@ -232,8 +292,8 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Count the number of items in the collection by a field or using a callback.
      *
-     * @param  callable|string  $countBy
-     * @return static
+     * @param  (callable(TValue, TKey): array-key)|string|null  $countBy
+     * @return static<array-key, int>
      */
     public function countBy($countBy = null)
     {
@@ -261,7 +321,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Get the items that are not present in the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<array-key, TValue>|iterable<array-key, TValue>  $items
      * @return static
      */
     public function diff($items)
@@ -272,8 +332,8 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Get the items that are not present in the given items, using the callback.
      *
-     * @param  mixed  $items
-     * @param  callable  $callback
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<array-key, TValue>|iterable<array-key, TValue>  $items
+     * @param  callable(TValue, TValue): int  $callback
      * @return static
      */
     public function diffUsing($items, callable $callback)
@@ -284,7 +344,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Get the items whose keys and values are not present in the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function diffAssoc($items)
@@ -295,8 +355,8 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Get the items whose keys and values are not present in the given items, using the callback.
      *
-     * @param  mixed  $items
-     * @param  callable  $callback
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
+     * @param  callable(TKey, TKey): int  $callback
      * @return static
      */
     public function diffAssocUsing($items, callable $callback)
@@ -307,7 +367,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Get the items whose keys are not present in the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function diffKeys($items)
@@ -318,8 +378,8 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Get the items whose keys are not present in the given items, using the callback.
      *
-     * @param  mixed  $items
-     * @param  callable  $callback
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
+     * @param  callable(TKey, TKey): int  $callback
      * @return static
      */
     public function diffKeysUsing($items, callable $callback)
@@ -330,7 +390,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Retrieve duplicate items.
      *
-     * @param  callable|string|null  $callback
+     * @param  (callable(TValue): bool)|string|null  $callback
      * @param  bool  $strict
      * @return static
      */
@@ -342,7 +402,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Retrieve duplicate items using strict comparison.
      *
-     * @param  callable|string|null  $callback
+     * @param  (callable(TValue): bool)|string|null  $callback
      * @return static
      */
     public function duplicatesStrict($callback = null)
@@ -353,7 +413,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Get all items except for those with the specified keys.
      *
-     * @param  mixed  $keys
+     * @param  \Tightenco\Collect\Support\Enumerable<array-key, TKey>|array<array-key, TKey>  $keys
      * @return static
      */
     public function except($keys)
@@ -364,15 +424,13 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Run a filter over each of the items.
      *
-     * @param  callable|null  $callback
+     * @param  (callable(TValue, TKey): bool)|null  $callback
      * @return static
      */
     public function filter(callable $callback = null)
     {
         if (is_null($callback)) {
-            $callback = function ($value) {
-                return (bool) $value;
-            };
+            $callback = fn ($value) => (bool) $value;
         }
 
         return new static(function () use ($callback) {
@@ -387,9 +445,11 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Get the first item from the enumerable passing the given truth test.
      *
-     * @param  callable|null  $callback
-     * @param  mixed  $default
-     * @return mixed
+     * @template TFirstDefault
+     *
+     * @param  (callable(TValue): bool)|null  $callback
+     * @param  TFirstDefault|(\Closure(): TFirstDefault)  $default
+     * @return TValue|TFirstDefault
      */
     public function first(callable $callback = null, $default = null)
     {
@@ -416,7 +476,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
      * Get a flattened list of the items in the collection.
      *
      * @param  int  $depth
-     * @return static
+     * @return static<int, mixed>
      */
     public function flatten($depth = INF)
     {
@@ -438,7 +498,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Flip the items in the collection.
      *
-     * @return static
+     * @return static<TValue, TKey>
      */
     public function flip()
     {
@@ -452,9 +512,11 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Get an item by key.
      *
-     * @param  mixed  $key
-     * @param  mixed  $default
-     * @return mixed
+     * @template TGetDefault
+     *
+     * @param  TKey|null  $key
+     * @param  TGetDefault|(\Closure(): TGetDefault)  $default
+     * @return TValue|TGetDefault
      */
     public function get($key, $default = null)
     {
@@ -474,9 +536,9 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Group an associative array by a field or using a callback.
      *
-     * @param  array|callable|string  $groupBy
+     * @param  (callable(TValue, TKey): array-key)|array|string  $groupBy
      * @param  bool  $preserveKeys
-     * @return static
+     * @return static<array-key, static<array-key, TValue>>
      */
     public function groupBy($groupBy, $preserveKeys = false)
     {
@@ -486,8 +548,8 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Key an associative array by a field or using a callback.
      *
-     * @param  callable|string  $keyBy
-     * @return static
+     * @param  (callable(TValue, TKey): array-key)|array|string  $keyBy
+     * @return static<array-key, TValue>
      */
     public function keyBy($keyBy)
     {
@@ -548,7 +610,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Concatenate values of a given key as a string.
      *
-     * @param  string  $value
+     * @param  callable|string  $value
      * @param  string|null  $glue
      * @return string
      */
@@ -560,7 +622,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Intersect the collection with the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function intersect($items)
@@ -568,10 +630,45 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
         return $this->passthru('intersect', func_get_args());
     }
 
+    /**
+     * Intersect the collection with the given items, using the callback.
+     *
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<array-key, TValue>|iterable<array-key, TValue>  $items
+     * @param  callable(TValue, TValue): int  $callback
+     * @return static
+     */
+    public function intersectUsing()
+    {
+        return $this->passthru('intersectUsing', func_get_args());
+    }
+
+    /**
+     * Intersect the collection with the given items with additional index check.
+     *
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
+     * @return static
+     */
+    public function intersectAssoc($items)
+    {
+        return $this->passthru('intersectAssoc', func_get_args());
+    }
+
+    /**
+     * Intersect the collection with the given items with additional index check, using the callback.
+     *
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<array-key, TValue>|iterable<array-key, TValue>  $items
+     * @param  callable(TValue, TValue): int  $callback
+     * @return static
+     */
+    public function intersectAssocUsing($items, callable $callback)
+    {
+        return $this->passthru('intersectAssocUsing', func_get_args());
+    }
+
     /**
      * Intersect the collection with the given items by key.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function intersectByKeys($items)
@@ -614,7 +711,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Get the keys of the collection items.
      *
-     * @return static
+     * @return static<int, TKey>
      */
     public function keys()
     {
@@ -628,9 +725,11 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Get the last item from the collection.
      *
-     * @param  callable|null  $callback
-     * @param  mixed  $default
-     * @return mixed
+     * @template TLastDefault
+     *
+     * @param  (callable(TValue, TKey): bool)|null  $callback
+     * @param  TLastDefault|(\Closure(): TLastDefault)  $default
+     * @return TValue|TLastDefault
      */
     public function last(callable $callback = null, $default = null)
     {
@@ -648,9 +747,9 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Get the values of a given key.
      *
-     * @param  string|array  $value
+     * @param  string|array<array-key, string>  $value
      * @param  string|null  $key
-     * @return static
+     * @return static<int, mixed>
      */
     public function pluck($value, $key = null)
     {
@@ -678,8 +777,10 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Run a map over each of the items.
      *
-     * @param  callable  $callback
-     * @return static
+     * @template TMapValue
+     *
+     * @param  callable(TValue, TKey): TMapValue  $callback
+     * @return static<TKey, TMapValue>
      */
     public function map(callable $callback)
     {
@@ -695,8 +796,11 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
      *
      * The callback should return an associative array with a single key/value pair.
      *
-     * @param  callable  $callback
-     * @return static
+     * @template TMapToDictionaryKey of array-key
+     * @template TMapToDictionaryValue
+     *
+     * @param  callable(TValue, TKey): array<TMapToDictionaryKey, TMapToDictionaryValue>  $callback
+     * @return static<TMapToDictionaryKey, array<int, TMapToDictionaryValue>>
      */
     public function mapToDictionary(callable $callback)
     {
@@ -708,8 +812,11 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
      *
      * The callback should return an associative array with a single key/value pair.
      *
-     * @param  callable  $callback
-     * @return static
+     * @template TMapWithKeysKey of array-key
+     * @template TMapWithKeysValue
+     *
+     * @param  callable(TValue, TKey): array<TMapWithKeysKey, TMapWithKeysValue>  $callback
+     * @return static<TMapWithKeysKey, TMapWithKeysValue>
      */
     public function mapWithKeys(callable $callback)
     {
@@ -723,7 +830,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Merge the collection with the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function merge($items)
@@ -734,8 +841,10 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Recursively merge the collection with the given items.
      *
-     * @param  mixed  $items
-     * @return static
+     * @template TMergeRecursiveValue
+     *
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TMergeRecursiveValue>|iterable<TKey, TMergeRecursiveValue>  $items
+     * @return static<TKey, TValue|TMergeRecursiveValue>
      */
     public function mergeRecursive($items)
     {
@@ -745,8 +854,10 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Create a collection by using this collection for keys and another for its values.
      *
-     * @param  mixed  $values
-     * @return static
+     * @template TCombineValue
+     *
+     * @param  \IteratorAggregate<array-key, TCombineValue>|array<array-key, TCombineValue>|(callable(): \Generator<array-key, TCombineValue>)  $values
+     * @return static<TValue, TCombineValue>
      */
     public function combine($values)
     {
@@ -776,7 +887,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Union the collection with the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function union($items)
@@ -796,8 +907,8 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
         return new static(function () use ($step, $offset) {
             $position = 0;
 
-            foreach ($this as $item) {
-                if ($position % $step === $offset) {
+            foreach ($this->slice($offset) as $item) {
+                if ($position % $step === 0) {
                     yield $item;
                 }
 
@@ -809,7 +920,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Get the items with the specified keys.
      *
-     * @param  mixed  $keys
+     * @param  \Tightenco\Collect\Support\Enumerable<array-key, TKey>|array<array-key, TKey>|string  $keys
      * @return static
      */
     public function only($keys)
@@ -844,7 +955,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Push all of the given items onto the collection.
      *
-     * @param  iterable  $source
+     * @param  iterable<array-key, TValue>  $source
      * @return static
      */
     public function concat($source)
@@ -859,7 +970,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
      * Get one or a specified number of items randomly from the collection.
      *
      * @param  int|null  $number
-     * @return static|mixed
+     * @return static<int, TValue>|TValue
      *
      * @throws \InvalidArgumentException
      */
@@ -873,7 +984,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Replace the collection items with the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function replace($items)
@@ -900,7 +1011,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Recursively replace the collection items with the given items.
      *
-     * @param  mixed  $items
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TKey, TValue>|iterable<TKey, TValue>  $items
      * @return static
      */
     public function replaceRecursive($items)
@@ -921,12 +1032,13 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Search the collection for a given value and return the corresponding key if successful.
      *
-     * @param  mixed  $value
+     * @param  TValue|(callable(TValue,TKey): bool)  $value
      * @param  bool  $strict
-     * @return mixed
+     * @return TKey|bool
      */
     public function search($value, $strict = false)
     {
+        /** @var (callable(TValue,TKey): bool) $predicate */
         $predicate = $this->useAsCallable($value)
             ? $value
             : function ($item) use ($value, $strict) {
@@ -958,7 +1070,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
      *
      * @param  int  $size
      * @param  int  $step
-     * @return static
+     * @return static<int, static>
      */
     public function sliding($size = 2, $step = 1)
     {
@@ -971,7 +1083,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
                 $chunk[$iterator->key()] = $iterator->current();
 
                 if (count($chunk) == $size) {
-                    yield tap(new static($chunk), function () use (&$chunk, $step) {
+                    yield (new static($chunk))->tap(function () use (&$chunk, $step) {
                         $chunk = array_slice($chunk, $step, null, true);
                     });
 
@@ -1018,7 +1130,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Skip items in the collection until the given condition is met.
      *
-     * @param  mixed  $value
+     * @param  TValue|callable(TValue,TKey): bool  $value
      * @return static
      */
     public function skipUntil($value)
@@ -1031,7 +1143,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Skip items in the collection while the given condition is met.
      *
-     * @param  mixed  $value
+     * @param  TValue|callable(TValue,TKey): bool  $value
      * @return static
      */
     public function skipWhile($value)
@@ -1075,7 +1187,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
      * Split a collection into a certain number of groups.
      *
      * @param  int  $numberOfGroups
-     * @return static
+     * @return static<int, static>
      */
     public function split($numberOfGroups)
     {
@@ -1085,10 +1197,10 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Get the first item in the collection, but only if exactly one item exists. Otherwise, throw an exception.
      *
-     * @param  mixed  $key
+     * @param  (callable(TValue, TKey): bool)|string  $key
      * @param  mixed  $operator
      * @param  mixed  $value
-     * @return mixed
+     * @return TValue
      *
      * @throws \Tightenco\Collect\Support\ItemNotFoundException
      * @throws \Tightenco\Collect\Support\MultipleItemsFoundException
@@ -1100,7 +1212,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
             : $key;
 
         return $this
-            ->when($filter)
+            ->unless($filter == null)
             ->filter($filter)
             ->take(2)
             ->collect()
@@ -1110,10 +1222,10 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Get the first item in the collection but throw an exception if no matching items exist.
      *
-     * @param  mixed  $key
+     * @param  (callable(TValue, TKey): bool)|string  $key
      * @param  mixed  $operator
      * @param  mixed  $value
-     * @return mixed
+     * @return TValue
      *
      * @throws \Tightenco\Collect\Support\ItemNotFoundException
      */
@@ -1124,7 +1236,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
             : $key;
 
         return $this
-            ->when($filter)
+            ->unless($filter == null)
             ->filter($filter)
             ->take(1)
             ->collect()
@@ -1135,7 +1247,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
      * Chunk the collection into chunks of the given size.
      *
      * @param  int  $size
-     * @return static
+     * @return static<int, static>
      */
     public function chunk($size)
     {
@@ -1174,7 +1286,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
      * Split a collection into a certain number of groups, and fill the first groups completely.
      *
      * @param  int  $numberOfGroups
-     * @return static
+     * @return static<int, static>
      */
     public function splitIn($numberOfGroups)
     {
@@ -1184,8 +1296,8 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Chunk the collection into chunks with a callback.
      *
-     * @param  callable  $callback
-     * @return static
+     * @param  callable(TValue, TKey, Collection<TKey, TValue>): bool  $callback
+     * @return static<int, static<int, TValue>>
      */
     public function chunkWhile(callable $callback)
     {
@@ -1221,7 +1333,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Sort through each item with a callback.
      *
-     * @param  callable|null|int  $callback
+     * @param  (callable(TValue, TValue): int)|null|int  $callback
      * @return static
      */
     public function sort($callback = null)
@@ -1243,7 +1355,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Sort the collection using the given callback.
      *
-     * @param  callable|string  $callback
+     * @param  array<array-key, (callable(TValue, TValue): mixed)|(callable(TValue, TKey): mixed)|string|array{string, string}>|(callable(TValue, TKey): mixed)|string  $callback
      * @param  int  $options
      * @param  bool  $descending
      * @return static
@@ -1256,7 +1368,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Sort the collection in descending order using the given callback.
      *
-     * @param  callable|string  $callback
+     * @param  array<array-key, (callable(TValue, TValue): mixed)|(callable(TValue, TKey): mixed)|string|array{string, string}>|(callable(TValue, TKey): mixed)|string  $callback
      * @param  int  $options
      * @return static
      */
@@ -1291,7 +1403,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Sort the collection keys using a callback.
      *
-     * @param  callable  $callback
+     * @param  callable(TKey, TKey): int  $callback
      * @return static
      */
     public function sortKeysUsing(callable $callback)
@@ -1331,11 +1443,12 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Take items in the collection until the given condition is met.
      *
-     * @param  mixed  $value
+     * @param  TValue|callable(TValue,TKey): bool  $value
      * @return static
      */
     public function takeUntil($value)
     {
+        /** @var callable(TValue, TKey): bool $callback */
         $callback = $this->useAsCallable($value) ? $value : $this->equality($value);
 
         return new static(function () use ($callback) {
@@ -1359,30 +1472,39 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     {
         $timeout = $timeout->getTimestamp();
 
-        return $this->takeWhile(function () use ($timeout) {
-            return $this->now() < $timeout;
+        return new static(function () use ($timeout) {
+            if ($this->now() >= $timeout) {
+                return;
+            }
+
+            foreach ($this as $key => $value) {
+                yield $key => $value;
+
+                if ($this->now() >= $timeout) {
+                    break;
+                }
+            }
         });
     }
 
     /**
      * Take items in the collection while the given condition is met.
      *
-     * @param  mixed  $value
+     * @param  TValue|callable(TValue,TKey): bool  $value
      * @return static
      */
     public function takeWhile($value)
     {
+        /** @var callable(TValue, TKey): bool $callback */
         $callback = $this->useAsCallable($value) ? $value : $this->equality($value);
 
-        return $this->takeUntil(function ($item, $key) use ($callback) {
-            return ! $callback($item, $key);
-        });
+        return $this->takeUntil(fn ($item, $key) => ! $callback($item, $key));
     }
 
     /**
      * Pass each item in the collection to the given callback, lazily.
      *
-     * @param  callable  $callback
+     * @param  callable(TValue, TKey): mixed  $callback
      * @return static
      */
     public function tapEach(callable $callback)
@@ -1409,7 +1531,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Return only unique items from the collection array.
      *
-     * @param  string|callable|null  $key
+     * @param  (callable(TValue, TKey): mixed)|string|null  $key
      * @param  bool  $strict
      * @return static
      */
@@ -1433,7 +1555,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Reset the keys on the underlying array.
      *
-     * @return static
+     * @return static<int, TValue>
      */
     public function values()
     {
@@ -1450,8 +1572,10 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
      * e.g. new LazyCollection([1, 2, 3])->zip([4, 5, 6]);
      *      => [[1, 4], [2, 5], [3, 6]]
      *
-     * @param  mixed  ...$items
-     * @return static
+     * @template TZipValue
+     *
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<array-key, TZipValue>|iterable<array-key, TZipValue>  ...$items
+     * @return static<int, static<int, TValue|TZipValue>>
      */
     public function zip($items)
     {
@@ -1473,9 +1597,11 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Pad collection to the specified length with a value.
      *
+     * @template TPadValue
+     *
      * @param  int  $size
-     * @param  mixed  $value
-     * @return static
+     * @param  TPadValue  $value
+     * @return static<int, TValue|TPadValue>
      */
     public function pad($size, $value)
     {
@@ -1501,10 +1627,9 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Get the values iterator.
      *
-     * @return \Traversable
+     * @return \Traversable<TKey, TValue>
      */
-    #[\ReturnTypeWillChange]
-    public function getIterator()
+    public function getIterator(): Traversable
     {
         return $this->makeIterator($this->source);
     }
@@ -1514,8 +1639,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
      *
      * @return int
      */
-    #[\ReturnTypeWillChange]
-    public function count()
+    public function count(): int
     {
         if (is_array($this->source)) {
             return count($this->source);
@@ -1527,8 +1651,11 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
     /**
      * Make an iterator from the given source.
      *
-     * @param  mixed  $source
-     * @return \Traversable
+     * @template TIteratorKey of array-key
+     * @template TIteratorValue
+     *
+     * @param  \IteratorAggregate<TIteratorKey, TIteratorValue>|array<TIteratorKey, TIteratorValue>|(callable(): \Generator<TIteratorKey, TIteratorValue>)  $source
+     * @return \Traversable<TIteratorKey, TIteratorValue>
      */
     protected function makeIterator($source)
     {
@@ -1540,15 +1667,23 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
             return new ArrayIterator($source);
         }
 
-        return $source();
+        if (is_callable($source)) {
+            $maybeTraversable = $source();
+
+            return $maybeTraversable instanceof Traversable
+                ? $maybeTraversable
+                : new ArrayIterator(Arr::wrap($maybeTraversable));
+        }
+
+        return new ArrayIterator((array) $source);
     }
 
     /**
      * Explode the "value" and "key" arguments passed to "pluck".
      *
-     * @param  string|array  $value
-     * @param  string|array|null  $key
-     * @return array
+     * @param  string|string[]  $value
+     * @param  string|string[]|null  $key
+     * @return array{string[],string[]|null}
      */
     protected function explodePluckParameters($value, $key)
     {
@@ -1563,7 +1698,7 @@ class LazyCollection implements CanBeEscapedWhenCastToString, Enumerable
      * Pass this lazy collection through a method on the collection class.
      *
      * @param  string  $method
-     * @param  array  $params
+     * @param  array<mixed>  $params
      * @return static
      */
     protected function passthru($method, array $params)
diff --git a/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Str.php b/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Str.php
new file mode 100644
index 000000000..07e82545d
--- /dev/null
+++ b/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Str.php
@@ -0,0 +1,1367 @@
+<?php
+
+namespace Tightenco\Collect\Support;
+
+use Closure;
+use Tightenco\Collect\Support\Traits\Macroable;
+use JsonException;
+use League\CommonMark\Environment\Environment;
+use League\CommonMark\Extension\GithubFlavoredMarkdownExtension;
+use League\CommonMark\Extension\InlinesOnly\InlinesOnlyExtension;
+use League\CommonMark\GithubFlavoredMarkdownConverter;
+use League\CommonMark\MarkdownConverter;
+use Ramsey\Uuid\Codec\TimestampFirstCombCodec;
+use Ramsey\Uuid\Generator\CombGenerator;
+use Ramsey\Uuid\Uuid;
+use Ramsey\Uuid\UuidFactory;
+use Symfony\Component\Uid\Ulid;
+use Traversable;
+use voku\helper\ASCII;
+
+class Str
+{
+    use Macroable;
+
+    /**
+     * The cache of snake-cased words.
+     *
+     * @var array
+     */
+    protected static $snakeCache = [];
+
+    /**
+     * The cache of camel-cased words.
+     *
+     * @var array
+     */
+    protected static $camelCache = [];
+
+    /**
+     * The cache of studly-cased words.
+     *
+     * @var array
+     */
+    protected static $studlyCache = [];
+
+    /**
+     * The callback that should be used to generate UUIDs.
+     *
+     * @var callable|null
+     */
+    protected static $uuidFactory;
+
+    /**
+     * The callback that should be used to generate random strings.
+     *
+     * @var callable|null
+     */
+    protected static $randomStringFactory;
+
+    /**
+     * Get a new stringable object from the given string.
+     *
+     * @param  string  $string
+     * @return \Tightenco\Collect\Support\Stringable
+     */
+    public static function of($string)
+    {
+        return new Stringable($string);
+    }
+
+    /**
+     * Return the remainder of a string after the first occurrence of a given value.
+     *
+     * @param  string  $subject
+     * @param  string  $search
+     * @return string
+     */
+    public static function after($subject, $search)
+    {
+        return $search === '' ? $subject : array_reverse(explode($search, $subject, 2))[0];
+    }
+
+    /**
+     * Return the remainder of a string after the last occurrence of a given value.
+     *
+     * @param  string  $subject
+     * @param  string  $search
+     * @return string
+     */
+    public static function afterLast($subject, $search)
+    {
+        if ($search === '') {
+            return $subject;
+        }
+
+        $position = strrpos($subject, (string) $search);
+
+        if ($position === false) {
+            return $subject;
+        }
+
+        return substr($subject, $position + strlen($search));
+    }
+
+    /**
+     * Transliterate a UTF-8 value to ASCII.
+     *
+     * @param  string  $value
+     * @param  string  $language
+     * @return string
+     */
+    public static function ascii($value, $language = 'en')
+    {
+        return ASCII::to_ascii((string) $value, $language);
+    }
+
+    /**
+     * Transliterate a string to its closest ASCII representation.
+     *
+     * @param  string  $string
+     * @param  string|null  $unknown
+     * @param  bool|null  $strict
+     * @return string
+     */
+    public static function transliterate($string, $unknown = '?', $strict = false)
+    {
+        return ASCII::to_transliterate($string, $unknown, $strict);
+    }
+
+    /**
+     * Get the portion of a string before the first occurrence of a given value.
+     *
+     * @param  string  $subject
+     * @param  string  $search
+     * @return string
+     */
+    public static function before($subject, $search)
+    {
+        if ($search === '') {
+            return $subject;
+        }
+
+        $result = strstr($subject, (string) $search, true);
+
+        return $result === false ? $subject : $result;
+    }
+
+    /**
+     * Get the portion of a string before the last occurrence of a given value.
+     *
+     * @param  string  $subject
+     * @param  string  $search
+     * @return string
+     */
+    public static function beforeLast($subject, $search)
+    {
+        if ($search === '') {
+            return $subject;
+        }
+
+        $pos = mb_strrpos($subject, $search);
+
+        if ($pos === false) {
+            return $subject;
+        }
+
+        return static::substr($subject, 0, $pos);
+    }
+
+    /**
+     * Get the portion of a string between two given values.
+     *
+     * @param  string  $subject
+     * @param  string  $from
+     * @param  string  $to
+     * @return string
+     */
+    public static function between($subject, $from, $to)
+    {
+        if ($from === '' || $to === '') {
+            return $subject;
+        }
+
+        return static::beforeLast(static::after($subject, $from), $to);
+    }
+
+    /**
+     * Get the smallest possible portion of a string between two given values.
+     *
+     * @param  string  $subject
+     * @param  string  $from
+     * @param  string  $to
+     * @return string
+     */
+    public static function betweenFirst($subject, $from, $to)
+    {
+        if ($from === '' || $to === '') {
+            return $subject;
+        }
+
+        return static::before(static::after($subject, $from), $to);
+    }
+
+    /**
+     * Convert a value to camel case.
+     *
+     * @param  string  $value
+     * @return string
+     */
+    public static function camel($value)
+    {
+        if (isset(static::$camelCache[$value])) {
+            return static::$camelCache[$value];
+        }
+
+        return static::$camelCache[$value] = lcfirst(static::studly($value));
+    }
+
+    /**
+     * Determine if a given string contains a given substring.
+     *
+     * @param  string  $haystack
+     * @param  string|iterable<string>  $needles
+     * @param  bool  $ignoreCase
+     * @return bool
+     */
+    public static function contains($haystack, $needles, $ignoreCase = false)
+    {
+        if ($ignoreCase) {
+            $haystack = mb_strtolower($haystack);
+        }
+
+        if (! is_iterable($needles)) {
+            $needles = (array) $needles;
+        }
+
+        foreach ($needles as $needle) {
+            if ($ignoreCase) {
+                $needle = mb_strtolower($needle);
+            }
+
+            if ($needle !== '' && str_contains($haystack, $needle)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Determine if a given string contains all array values.
+     *
+     * @param  string  $haystack
+     * @param  iterable<string>  $needles
+     * @param  bool  $ignoreCase
+     * @return bool
+     */
+    public static function containsAll($haystack, $needles, $ignoreCase = false)
+    {
+        foreach ($needles as $needle) {
+            if (! static::contains($haystack, $needle, $ignoreCase)) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    /**
+     * Determine if a given string ends with a given substring.
+     *
+     * @param  string  $haystack
+     * @param  string|iterable<string>  $needles
+     * @return bool
+     */
+    public static function endsWith($haystack, $needles)
+    {
+        if (! is_iterable($needles)) {
+            $needles = (array) $needles;
+        }
+
+        foreach ($needles as $needle) {
+            if ((string) $needle !== '' && str_ends_with($haystack, $needle)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Extracts an excerpt from text that matches the first instance of a phrase.
+     *
+     * @param  string  $text
+     * @param  string  $phrase
+     * @param  array  $options
+     * @return string|null
+     */
+    public static function excerpt($text, $phrase = '', $options = [])
+    {
+        $radius = $options['radius'] ?? 100;
+        $omission = $options['omission'] ?? '...';
+
+        preg_match('/^(.*?)('.preg_quote((string) $phrase).')(.*)$/iu', (string) $text, $matches);
+
+        if (empty($matches)) {
+            return null;
+        }
+
+        $start = ltrim($matches[1]);
+
+        $start = str(mb_substr($start, max(mb_strlen($start, 'UTF-8') - $radius, 0), $radius, 'UTF-8'))->ltrim()->unless(
+            fn ($startWithRadius) => $startWithRadius->exactly($start),
+            fn ($startWithRadius) => $startWithRadius->prepend($omission),
+        );
+
+        $end = rtrim($matches[3]);
+
+        $end = str(mb_substr($end, 0, $radius, 'UTF-8'))->rtrim()->unless(
+            fn ($endWithRadius) => $endWithRadius->exactly($end),
+            fn ($endWithRadius) => $endWithRadius->append($omission),
+        );
+
+        return $start->append($matches[2], $end)->toString();
+    }
+
+    /**
+     * Cap a string with a single instance of a given value.
+     *
+     * @param  string  $value
+     * @param  string  $cap
+     * @return string
+     */
+    public static function finish($value, $cap)
+    {
+        $quoted = preg_quote($cap, '/');
+
+        return preg_replace('/(?:'.$quoted.')+$/u', '', $value).$cap;
+    }
+
+    /**
+     * Wrap the string with the given strings.
+     *
+     * @param  string  $value
+     * @param  string  $before
+     * @param  string|null  $after
+     * @return string
+     */
+    public static function wrap($value, $before, $after = null)
+    {
+        return $before.$value.($after ??= $before);
+    }
+
+    /**
+     * Determine if a given string matches a given pattern.
+     *
+     * @param  string|iterable<string>  $pattern
+     * @param  string  $value
+     * @return bool
+     */
+    public static function is($pattern, $value)
+    {
+        $value = (string) $value;
+
+        if (! is_iterable($pattern)) {
+            $pattern = [$pattern];
+        }
+
+        foreach ($pattern as $pattern) {
+            $pattern = (string) $pattern;
+
+            // If the given value is an exact match we can of course return true right
+            // from the beginning. Otherwise, we will translate asterisks and do an
+            // actual pattern match against the two strings to see if they match.
+            if ($pattern === $value) {
+                return true;
+            }
+
+            $pattern = preg_quote($pattern, '#');
+
+            // Asterisks are translated into zero-or-more regular expression wildcards
+            // to make it convenient to check if the strings starts with the given
+            // pattern such as "library/*", making any string check convenient.
+            $pattern = str_replace('\*', '.*', $pattern);
+
+            if (preg_match('#^'.$pattern.'\z#u', $value) === 1) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Determine if a given string is 7 bit ASCII.
+     *
+     * @param  string  $value
+     * @return bool
+     */
+    public static function isAscii($value)
+    {
+        return ASCII::is_ascii((string) $value);
+    }
+
+    /**
+     * Determine if a given string is valid JSON.
+     *
+     * @param  string  $value
+     * @return bool
+     */
+    public static function isJson($value)
+    {
+        if (! is_string($value)) {
+            return false;
+        }
+
+        try {
+            json_decode($value, true, 512, JSON_THROW_ON_ERROR);
+        } catch (JsonException) {
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Determine if a given string is a valid UUID.
+     *
+     * @param  string  $value
+     * @return bool
+     */
+    public static function isUuid($value)
+    {
+        if (! is_string($value)) {
+            return false;
+        }
+
+        return preg_match('/^[\da-f]{8}-[\da-f]{4}-[\da-f]{4}-[\da-f]{4}-[\da-f]{12}$/iD', $value) > 0;
+    }
+
+    /**
+     * Determine if a given string is a valid ULID.
+     *
+     * @param  string  $value
+     * @return bool
+     */
+    public static function isUlid($value)
+    {
+        if (! is_string($value)) {
+            return false;
+        }
+
+        return Ulid::isValid($value);
+    }
+
+    /**
+     * Convert a string to kebab case.
+     *
+     * @param  string  $value
+     * @return string
+     */
+    public static function kebab($value)
+    {
+        return static::snake($value, '-');
+    }
+
+    /**
+     * Return the length of the given string.
+     *
+     * @param  string  $value
+     * @param  string|null  $encoding
+     * @return int
+     */
+    public static function length($value, $encoding = null)
+    {
+        if ($encoding) {
+            return mb_strlen($value, $encoding);
+        }
+
+        return mb_strlen($value);
+    }
+
+    /**
+     * Limit the number of characters in a string.
+     *
+     * @param  string  $value
+     * @param  int  $limit
+     * @param  string  $end
+     * @return string
+     */
+    public static function limit($value, $limit = 100, $end = '...')
+    {
+        if (mb_strwidth($value, 'UTF-8') <= $limit) {
+            return $value;
+        }
+
+        return rtrim(mb_strimwidth($value, 0, $limit, '', 'UTF-8')).$end;
+    }
+
+    /**
+     * Convert the given string to lower-case.
+     *
+     * @param  string  $value
+     * @return string
+     */
+    public static function lower($value)
+    {
+        return mb_strtolower($value, 'UTF-8');
+    }
+
+    /**
+     * Limit the number of words in a string.
+     *
+     * @param  string  $value
+     * @param  int  $words
+     * @param  string  $end
+     * @return string
+     */
+    public static function words($value, $words = 100, $end = '...')
+    {
+        preg_match('/^\s*+(?:\S++\s*+){1,'.$words.'}/u', $value, $matches);
+
+        if (! isset($matches[0]) || static::length($value) === static::length($matches[0])) {
+            return $value;
+        }
+
+        return rtrim($matches[0]).$end;
+    }
+
+    /**
+     * Converts GitHub flavored Markdown into HTML.
+     *
+     * @param  string  $string
+     * @param  array  $options
+     * @return string
+     */
+    public static function markdown($string, array $options = [])
+    {
+        $converter = new GithubFlavoredMarkdownConverter($options);
+
+        return (string) $converter->convert($string);
+    }
+
+    /**
+     * Converts inline Markdown into HTML.
+     *
+     * @param  string  $string
+     * @param  array  $options
+     * @return string
+     */
+    public static function inlineMarkdown($string, array $options = [])
+    {
+        $environment = new Environment($options);
+
+        $environment->addExtension(new GithubFlavoredMarkdownExtension());
+        $environment->addExtension(new InlinesOnlyExtension());
+
+        $converter = new MarkdownConverter($environment);
+
+        return (string) $converter->convert($string);
+    }
+
+    /**
+     * Masks a portion of a string with a repeated character.
+     *
+     * @param  string  $string
+     * @param  string  $character
+     * @param  int  $index
+     * @param  int|null  $length
+     * @param  string  $encoding
+     * @return string
+     */
+    public static function mask($string, $character, $index, $length = null, $encoding = 'UTF-8')
+    {
+        if ($character === '') {
+            return $string;
+        }
+
+        $segment = mb_substr($string, $index, $length, $encoding);
+
+        if ($segment === '') {
+            return $string;
+        }
+
+        $strlen = mb_strlen($string, $encoding);
+        $startIndex = $index;
+
+        if ($index < 0) {
+            $startIndex = $index < -$strlen ? 0 : $strlen + $index;
+        }
+
+        $start = mb_substr($string, 0, $startIndex, $encoding);
+        $segmentLen = mb_strlen($segment, $encoding);
+        $end = mb_substr($string, $startIndex + $segmentLen);
+
+        return $start.str_repeat(mb_substr($character, 0, 1, $encoding), $segmentLen).$end;
+    }
+
+    /**
+     * Get the string matching the given pattern.
+     *
+     * @param  string  $pattern
+     * @param  string  $subject
+     * @return string
+     */
+    public static function match($pattern, $subject)
+    {
+        preg_match($pattern, $subject, $matches);
+
+        if (! $matches) {
+            return '';
+        }
+
+        return $matches[1] ?? $matches[0];
+    }
+
+    /**
+     * Get the string matching the given pattern.
+     *
+     * @param  string  $pattern
+     * @param  string  $subject
+     * @return \Tightenco\Collect\Support\Collection
+     */
+    public static function matchAll($pattern, $subject)
+    {
+        preg_match_all($pattern, $subject, $matches);
+
+        if (empty($matches[0])) {
+            return collect();
+        }
+
+        return collect($matches[1] ?? $matches[0]);
+    }
+
+    /**
+     * Pad both sides of a string with another.
+     *
+     * @param  string  $value
+     * @param  int  $length
+     * @param  string  $pad
+     * @return string
+     */
+    public static function padBoth($value, $length, $pad = ' ')
+    {
+        $short = max(0, $length - mb_strlen($value));
+        $shortLeft = floor($short / 2);
+        $shortRight = ceil($short / 2);
+
+        return mb_substr(str_repeat($pad, $shortLeft), 0, $shortLeft).
+               $value.
+               mb_substr(str_repeat($pad, $shortRight), 0, $shortRight);
+    }
+
+    /**
+     * Pad the left side of a string with another.
+     *
+     * @param  string  $value
+     * @param  int  $length
+     * @param  string  $pad
+     * @return string
+     */
+    public static function padLeft($value, $length, $pad = ' ')
+    {
+        $short = max(0, $length - mb_strlen($value));
+
+        return mb_substr(str_repeat($pad, $short), 0, $short).$value;
+    }
+
+    /**
+     * Pad the right side of a string with another.
+     *
+     * @param  string  $value
+     * @param  int  $length
+     * @param  string  $pad
+     * @return string
+     */
+    public static function padRight($value, $length, $pad = ' ')
+    {
+        $short = max(0, $length - mb_strlen($value));
+
+        return $value.mb_substr(str_repeat($pad, $short), 0, $short);
+    }
+
+    /**
+     * Parse a Class[@]method style callback into class and method.
+     *
+     * @param  string  $callback
+     * @param  string|null  $default
+     * @return array<int, string|null>
+     */
+    public static function parseCallback($callback, $default = null)
+    {
+        return static::contains($callback, '@') ? explode('@', $callback, 2) : [$callback, $default];
+    }
+
+    /**
+     * Get the plural form of an English word.
+     *
+     * @param  string  $value
+     * @param  int|array|\Countable  $count
+     * @return string
+     */
+    public static function plural($value, $count = 2)
+    {
+        return Pluralizer::plural($value, $count);
+    }
+
+    /**
+     * Pluralize the last word of an English, studly caps case string.
+     *
+     * @param  string  $value
+     * @param  int|array|\Countable  $count
+     * @return string
+     */
+    public static function pluralStudly($value, $count = 2)
+    {
+        $parts = preg_split('/(.)(?=[A-Z])/u', $value, -1, PREG_SPLIT_DELIM_CAPTURE);
+
+        $lastWord = array_pop($parts);
+
+        return implode('', $parts).self::plural($lastWord, $count);
+    }
+
+    /**
+     * Generate a more truly "random" alpha-numeric string.
+     *
+     * @param  int  $length
+     * @return string
+     */
+    public static function random($length = 16)
+    {
+        return (static::$randomStringFactory ?? function ($length) {
+            $string = '';
+
+            while (($len = strlen($string)) < $length) {
+                $size = $length - $len;
+
+                $bytesSize = (int) ceil($size / 3) * 3;
+
+                $bytes = random_bytes($bytesSize);
+
+                $string .= substr(str_replace(['/', '+', '='], '', base64_encode($bytes)), 0, $size);
+            }
+
+            return $string;
+        })($length);
+    }
+
+    /**
+     * Set the callable that will be used to generate random strings.
+     *
+     * @param  callable|null  $factory
+     * @return void
+     */
+    public static function createRandomStringsUsing(callable $factory = null)
+    {
+        static::$randomStringFactory = $factory;
+    }
+
+    /**
+     * Set the sequence that will be used to generate random strings.
+     *
+     * @param  array  $sequence
+     * @param  callable|null  $whenMissing
+     * @return void
+     */
+    public static function createRandomStringsUsingSequence(array $sequence, $whenMissing = null)
+    {
+        $next = 0;
+
+        $whenMissing ??= function ($length) use (&$next) {
+            $factoryCache = static::$randomStringFactory;
+
+            static::$randomStringFactory = null;
+
+            $randomString = static::random($length);
+
+            static::$randomStringFactory = $factoryCache;
+
+            $next++;
+
+            return $randomString;
+        };
+
+        static::createRandomStringsUsing(function ($length) use (&$next, $sequence, $whenMissing) {
+            if (array_key_exists($next, $sequence)) {
+                return $sequence[$next++];
+            }
+
+            return $whenMissing($length);
+        });
+    }
+
+    /**
+     * Indicate that random strings should be created normally and not using a custom factory.
+     *
+     * @return void
+     */
+    public static function createRandomStringsNormally()
+    {
+        static::$randomStringFactory = null;
+    }
+
+    /**
+     * Repeat the given string.
+     *
+     * @param  string  $string
+     * @param  int  $times
+     * @return string
+     */
+    public static function repeat(string $string, int $times)
+    {
+        return str_repeat($string, $times);
+    }
+
+    /**
+     * Replace a given value in the string sequentially with an array.
+     *
+     * @param  string  $search
+     * @param  iterable<string>  $replace
+     * @param  string  $subject
+     * @return string
+     */
+    public static function replaceArray($search, $replace, $subject)
+    {
+        if ($replace instanceof Traversable) {
+            $replace = collect($replace)->all();
+        }
+
+        $segments = explode($search, $subject);
+
+        $result = array_shift($segments);
+
+        foreach ($segments as $segment) {
+            $result .= (array_shift($replace) ?? $search).$segment;
+        }
+
+        return $result;
+    }
+
+    /**
+     * Replace the given value in the given string.
+     *
+     * @param  string|iterable<string>  $search
+     * @param  string|iterable<string>  $replace
+     * @param  string|iterable<string>  $subject
+     * @return string
+     */
+    public static function replace($search, $replace, $subject)
+    {
+        if ($search instanceof Traversable) {
+            $search = collect($search)->all();
+        }
+
+        if ($replace instanceof Traversable) {
+            $replace = collect($replace)->all();
+        }
+
+        if ($subject instanceof Traversable) {
+            $subject = collect($subject)->all();
+        }
+
+        return str_replace($search, $replace, $subject);
+    }
+
+    /**
+     * Replace the first occurrence of a given value in the string.
+     *
+     * @param  string  $search
+     * @param  string  $replace
+     * @param  string  $subject
+     * @return string
+     */
+    public static function replaceFirst($search, $replace, $subject)
+    {
+        $search = (string) $search;
+
+        if ($search === '') {
+            return $subject;
+        }
+
+        $position = strpos($subject, $search);
+
+        if ($position !== false) {
+            return substr_replace($subject, $replace, $position, strlen($search));
+        }
+
+        return $subject;
+    }
+
+    /**
+     * Replace the last occurrence of a given value in the string.
+     *
+     * @param  string  $search
+     * @param  string  $replace
+     * @param  string  $subject
+     * @return string
+     */
+    public static function replaceLast($search, $replace, $subject)
+    {
+        if ($search === '') {
+            return $subject;
+        }
+
+        $position = strrpos($subject, $search);
+
+        if ($position !== false) {
+            return substr_replace($subject, $replace, $position, strlen($search));
+        }
+
+        return $subject;
+    }
+
+    /**
+     * Remove any occurrence of the given string in the subject.
+     *
+     * @param  string|iterable<string>  $search
+     * @param  string  $subject
+     * @param  bool  $caseSensitive
+     * @return string
+     */
+    public static function remove($search, $subject, $caseSensitive = true)
+    {
+        if ($search instanceof Traversable) {
+            $search = collect($search)->all();
+        }
+
+        $subject = $caseSensitive
+                    ? str_replace($search, '', $subject)
+                    : str_ireplace($search, '', $subject);
+
+        return $subject;
+    }
+
+    /**
+     * Reverse the given string.
+     *
+     * @param  string  $value
+     * @return string
+     */
+    public static function reverse(string $value)
+    {
+        return implode(array_reverse(mb_str_split($value)));
+    }
+
+    /**
+     * Begin a string with a single instance of a given value.
+     *
+     * @param  string  $value
+     * @param  string  $prefix
+     * @return string
+     */
+    public static function start($value, $prefix)
+    {
+        $quoted = preg_quote($prefix, '/');
+
+        return $prefix.preg_replace('/^(?:'.$quoted.')+/u', '', $value);
+    }
+
+    /**
+     * Convert the given string to upper-case.
+     *
+     * @param  string  $value
+     * @return string
+     */
+    public static function upper($value)
+    {
+        return mb_strtoupper($value, 'UTF-8');
+    }
+
+    /**
+     * Convert the given string to title case.
+     *
+     * @param  string  $value
+     * @return string
+     */
+    public static function title($value)
+    {
+        return mb_convert_case($value, MB_CASE_TITLE, 'UTF-8');
+    }
+
+    /**
+     * Convert the given string to title case for each word.
+     *
+     * @param  string  $value
+     * @return string
+     */
+    public static function headline($value)
+    {
+        $parts = explode(' ', $value);
+
+        $parts = count($parts) > 1
+            ? array_map([static::class, 'title'], $parts)
+            : array_map([static::class, 'title'], static::ucsplit(implode('_', $parts)));
+
+        $collapsed = static::replace(['-', '_', ' '], '_', implode('_', $parts));
+
+        return implode(' ', array_filter(explode('_', $collapsed)));
+    }
+
+    /**
+     * Get the singular form of an English word.
+     *
+     * @param  string  $value
+     * @return string
+     */
+    public static function singular($value)
+    {
+        return Pluralizer::singular($value);
+    }
+
+    /**
+     * Generate a URL friendly "slug" from a given string.
+     *
+     * @param  string  $title
+     * @param  string  $separator
+     * @param  string|null  $language
+     * @param  array<string, string>  $dictionary
+     * @return string
+     */
+    public static function slug($title, $separator = '-', $language = 'en', $dictionary = ['@' => 'at'])
+    {
+        $title = $language ? static::ascii($title, $language) : $title;
+
+        // Convert all dashes/underscores into separator
+        $flip = $separator === '-' ? '_' : '-';
+
+        $title = preg_replace('!['.preg_quote($flip).']+!u', $separator, $title);
+
+        // Replace dictionary words
+        foreach ($dictionary as $key => $value) {
+            $dictionary[$key] = $separator.$value.$separator;
+        }
+
+        $title = str_replace(array_keys($dictionary), array_values($dictionary), $title);
+
+        // Remove all characters that are not the separator, letters, numbers, or whitespace
+        $title = preg_replace('![^'.preg_quote($separator).'\pL\pN\s]+!u', '', static::lower($title));
+
+        // Replace all separator characters and whitespace by a single separator
+        $title = preg_replace('!['.preg_quote($separator).'\s]+!u', $separator, $title);
+
+        return trim($title, $separator);
+    }
+
+    /**
+     * Convert a string to snake case.
+     *
+     * @param  string  $value
+     * @param  string  $delimiter
+     * @return string
+     */
+    public static function snake($value, $delimiter = '_')
+    {
+        $key = $value;
+
+        if (isset(static::$snakeCache[$key][$delimiter])) {
+            return static::$snakeCache[$key][$delimiter];
+        }
+
+        if (! ctype_lower($value)) {
+            $value = preg_replace('/\s+/u', '', ucwords($value));
+
+            $value = static::lower(preg_replace('/(.)(?=[A-Z])/u', '$1'.$delimiter, $value));
+        }
+
+        return static::$snakeCache[$key][$delimiter] = $value;
+    }
+
+    /**
+     * Remove all "extra" blank space from the given string.
+     *
+     * @param  string  $value
+     * @return string
+     */
+    public static function squish($value)
+    {
+        return preg_replace('~(\s|\x{3164})+~u', ' ', preg_replace('~^[\s\x{FEFF}]+|[\s\x{FEFF}]+$~u', '', $value));
+    }
+
+    /**
+     * Determine if a given string starts with a given substring.
+     *
+     * @param  string  $haystack
+     * @param  string|iterable<string>  $needles
+     * @return bool
+     */
+    public static function startsWith($haystack, $needles)
+    {
+        if (! is_iterable($needles)) {
+            $needles = [$needles];
+        }
+
+        foreach ($needles as $needle) {
+            if ((string) $needle !== '' && str_starts_with($haystack, $needle)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Convert a value to studly caps case.
+     *
+     * @param  string  $value
+     * @return string
+     */
+    public static function studly($value)
+    {
+        $key = $value;
+
+        if (isset(static::$studlyCache[$key])) {
+            return static::$studlyCache[$key];
+        }
+
+        $words = explode(' ', static::replace(['-', '_'], ' ', $value));
+
+        $studlyWords = array_map(fn ($word) => static::ucfirst($word), $words);
+
+        return static::$studlyCache[$key] = implode($studlyWords);
+    }
+
+    /**
+     * Returns the portion of the string specified by the start and length parameters.
+     *
+     * @param  string  $string
+     * @param  int  $start
+     * @param  int|null  $length
+     * @param  string  $encoding
+     * @return string
+     */
+    public static function substr($string, $start, $length = null, $encoding = 'UTF-8')
+    {
+        return mb_substr($string, $start, $length, $encoding);
+    }
+
+    /**
+     * Returns the number of substring occurrences.
+     *
+     * @param  string  $haystack
+     * @param  string  $needle
+     * @param  int  $offset
+     * @param  int|null  $length
+     * @return int
+     */
+    public static function substrCount($haystack, $needle, $offset = 0, $length = null)
+    {
+        if (! is_null($length)) {
+            return substr_count($haystack, $needle, $offset, $length);
+        }
+
+        return substr_count($haystack, $needle, $offset);
+    }
+
+    /**
+     * Replace text within a portion of a string.
+     *
+     * @param  string|string[]  $string
+     * @param  string|string[]  $replace
+     * @param  int|int[]  $offset
+     * @param  int|int[]|null  $length
+     * @return string|string[]
+     */
+    public static function substrReplace($string, $replace, $offset = 0, $length = null)
+    {
+        if ($length === null) {
+            $length = strlen($string);
+        }
+
+        return substr_replace($string, $replace, $offset, $length);
+    }
+
+    /**
+     * Swap multiple keywords in a string with other keywords.
+     *
+     * @param  array  $map
+     * @param  string  $subject
+     * @return string
+     */
+    public static function swap(array $map, $subject)
+    {
+        return strtr($subject, $map);
+    }
+
+    /**
+     * Make a string's first character lowercase.
+     *
+     * @param  string  $string
+     * @return string
+     */
+    public static function lcfirst($string)
+    {
+        return static::lower(static::substr($string, 0, 1)).static::substr($string, 1);
+    }
+
+    /**
+     * Make a string's first character uppercase.
+     *
+     * @param  string  $string
+     * @return string
+     */
+    public static function ucfirst($string)
+    {
+        return static::upper(static::substr($string, 0, 1)).static::substr($string, 1);
+    }
+
+    /**
+     * Split a string into pieces by uppercase characters.
+     *
+     * @param  string  $string
+     * @return string[]
+     */
+    public static function ucsplit($string)
+    {
+        return preg_split('/(?=\p{Lu})/u', $string, -1, PREG_SPLIT_NO_EMPTY);
+    }
+
+    /**
+     * Get the number of words a string contains.
+     *
+     * @param  string  $string
+     * @param  string|null  $characters
+     * @return int
+     */
+    public static function wordCount($string, $characters = null)
+    {
+        return str_word_count($string, 0, $characters);
+    }
+
+    /**
+     * Generate a UUID (version 4).
+     *
+     * @return \Ramsey\Uuid\UuidInterface
+     */
+    public static function uuid()
+    {
+        return static::$uuidFactory
+                    ? call_user_func(static::$uuidFactory)
+                    : Uuid::uuid4();
+    }
+
+    /**
+     * Generate a time-ordered UUID (version 4).
+     *
+     * @return \Ramsey\Uuid\UuidInterface
+     */
+    public static function orderedUuid()
+    {
+        if (static::$uuidFactory) {
+            return call_user_func(static::$uuidFactory);
+        }
+
+        $factory = new UuidFactory;
+
+        $factory->setRandomGenerator(new CombGenerator(
+            $factory->getRandomGenerator(),
+            $factory->getNumberConverter()
+        ));
+
+        $factory->setCodec(new TimestampFirstCombCodec(
+            $factory->getUuidBuilder()
+        ));
+
+        return $factory->uuid4();
+    }
+
+    /**
+     * Set the callable that will be used to generate UUIDs.
+     *
+     * @param  callable|null  $factory
+     * @return void
+     */
+    public static function createUuidsUsing(callable $factory = null)
+    {
+        static::$uuidFactory = $factory;
+    }
+
+    /**
+     * Set the sequence that will be used to generate UUIDs.
+     *
+     * @param  array  $sequence
+     * @param  callable|null  $whenMissing
+     * @return void
+     */
+    public static function createUuidsUsingSequence(array $sequence, $whenMissing = null)
+    {
+        $next = 0;
+
+        $whenMissing ??= function () use (&$next) {
+            $factoryCache = static::$uuidFactory;
+
+            static::$uuidFactory = null;
+
+            $uuid = static::uuid();
+
+            static::$uuidFactory = $factoryCache;
+
+            $next++;
+
+            return $uuid;
+        };
+
+        static::createUuidsUsing(function () use (&$next, $sequence, $whenMissing) {
+            if (array_key_exists($next, $sequence)) {
+                return $sequence[$next++];
+            }
+
+            return $whenMissing();
+        });
+    }
+
+    /**
+     * Always return the same UUID when generating new UUIDs.
+     *
+     * @param  \Closure|null  $callback
+     * @return \Ramsey\Uuid\UuidInterface
+     */
+    public static function freezeUuids(Closure $callback = null)
+    {
+        $uuid = Str::uuid();
+
+        Str::createUuidsUsing(fn () => $uuid);
+
+        if ($callback !== null) {
+            try {
+                $callback($uuid);
+            } finally {
+                Str::createUuidsNormally();
+            }
+        }
+
+        return $uuid;
+    }
+
+    /**
+     * Indicate that UUIDs should be created normally and not using a custom factory.
+     *
+     * @return void
+     */
+    public static function createUuidsNormally()
+    {
+        static::$uuidFactory = null;
+    }
+
+    /**
+     * Generate a ULID.
+     *
+     * @return \Symfony\Component\Uid\Ulid
+     */
+    public static function ulid()
+    {
+        return new Ulid();
+    }
+
+    /**
+     * Remove all strings from the casing caches.
+     *
+     * @return void
+     */
+    public static function flushCache()
+    {
+        static::$snakeCache = [];
+        static::$camelCache = [];
+        static::$studlyCache = [];
+    }
+}
diff --git a/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Traits/Conditionable.php b/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Traits/Conditionable.php
new file mode 100644
index 000000000..f52499233
--- /dev/null
+++ b/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Traits/Conditionable.php
@@ -0,0 +1,73 @@
+<?php
+
+namespace Tightenco\Collect\Support\Traits;
+
+use Closure;
+use Tightenco\Collect\Conditionable\HigherOrderWhenProxy;
+
+trait Conditionable
+{
+    /**
+     * Apply the callback if the given "value" is (or resolves to) truthy.
+     *
+     * @template TWhenParameter
+     * @template TWhenReturnType
+     *
+     * @param  (\Closure($this): TWhenParameter)|TWhenParameter|null  $value
+     * @param  (callable($this, TWhenParameter): TWhenReturnType)|null  $callback
+     * @param  (callable($this, TWhenParameter): TWhenReturnType)|null  $default
+     * @return $this|TWhenReturnType
+     */
+    public function when($value = null, callable $callback = null, callable $default = null)
+    {
+        $value = $value instanceof Closure ? $value($this) : $value;
+
+        if (func_num_args() === 0) {
+            return new HigherOrderWhenProxy($this);
+        }
+
+        if (func_num_args() === 1) {
+            return (new HigherOrderWhenProxy($this))->condition($value);
+        }
+
+        if ($value) {
+            return $callback($this, $value) ?? $this;
+        } elseif ($default) {
+            return $default($this, $value) ?? $this;
+        }
+
+        return $this;
+    }
+
+    /**
+     * Apply the callback if the given "value" is (or resolves to) falsy.
+     *
+     * @template TUnlessParameter
+     * @template TUnlessReturnType
+     *
+     * @param  (\Closure($this): TUnlessParameter)|TUnlessParameter|null  $value
+     * @param  (callable($this, TUnlessParameter): TUnlessReturnType)|null  $callback
+     * @param  (callable($this, TUnlessParameter): TUnlessReturnType)|null  $default
+     * @return $this|TUnlessReturnType
+     */
+    public function unless($value = null, callable $callback = null, callable $default = null)
+    {
+        $value = $value instanceof Closure ? $value($this) : $value;
+
+        if (func_num_args() === 0) {
+            return (new HigherOrderWhenProxy($this))->negateConditionOnCapture();
+        }
+
+        if (func_num_args() === 1) {
+            return (new HigherOrderWhenProxy($this))->condition(! $value);
+        }
+
+        if (! $value) {
+            return $callback($this, $value) ?? $this;
+        } elseif ($default) {
+            return $default($this, $value) ?? $this;
+        }
+
+        return $this;
+    }
+}
diff --git a/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Traits/EnumeratesValues.php b/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Traits/EnumeratesValues.php
index 2600a2238..25cde2216 100644
--- a/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Traits/EnumeratesValues.php
+++ b/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/Traits/EnumeratesValues.php
@@ -11,13 +11,16 @@ use Tightenco\Collect\Support\Arr;
 use Tightenco\Collect\Support\Collection;
 use Tightenco\Collect\Support\Enumerable;
 use Tightenco\Collect\Support\HigherOrderCollectionProxy;
-use Tightenco\Collect\Support\HigherOrderWhenProxy;
 use JsonSerializable;
 use Symfony\Component\VarDumper\VarDumper;
 use Traversable;
 use UnexpectedValueException;
+use UnitEnum;
 
 /**
+ * @template TKey of array-key
+ * @template TValue
+ *
  * @property-read HigherOrderCollectionProxy $average
  * @property-read HigherOrderCollectionProxy $avg
  * @property-read HigherOrderCollectionProxy $contains
@@ -34,19 +37,23 @@ use UnexpectedValueException;
  * @property-read HigherOrderCollectionProxy $min
  * @property-read HigherOrderCollectionProxy $partition
  * @property-read HigherOrderCollectionProxy $reject
+ * @property-read HigherOrderCollectionProxy $skipUntil
+ * @property-read HigherOrderCollectionProxy $skipWhile
  * @property-read HigherOrderCollectionProxy $some
  * @property-read HigherOrderCollectionProxy $sortBy
  * @property-read HigherOrderCollectionProxy $sortByDesc
- * @property-read HigherOrderCollectionProxy $skipUntil
- * @property-read HigherOrderCollectionProxy $skipWhile
  * @property-read HigherOrderCollectionProxy $sum
  * @property-read HigherOrderCollectionProxy $takeUntil
  * @property-read HigherOrderCollectionProxy $takeWhile
  * @property-read HigherOrderCollectionProxy $unique
+ * @property-read HigherOrderCollectionProxy $unless
  * @property-read HigherOrderCollectionProxy $until
+ * @property-read HigherOrderCollectionProxy $when
  */
 trait EnumeratesValues
 {
+    use Conditionable;
+
     /**
      * Indicates that the object's string representation should be escaped when __toString is invoked.
      *
@@ -57,7 +64,7 @@ trait EnumeratesValues
     /**
      * The methods that can be proxied.
      *
-     * @var string[]
+     * @var array<int, string>
      */
     protected static $proxies = [
         'average',
@@ -85,14 +92,19 @@ trait EnumeratesValues
         'takeUntil',
         'takeWhile',
         'unique',
+        'unless',
         'until',
+        'when',
     ];
 
     /**
      * Create a new collection instance if the value isn't one already.
      *
-     * @param  mixed  $items
-     * @return static
+     * @template TMakeKey of array-key
+     * @template TMakeValue
+     *
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable<TMakeKey, TMakeValue>|iterable<TMakeKey, TMakeValue>|null  $items
+     * @return static<TMakeKey, TMakeValue>
      */
     public static function make($items = [])
     {
@@ -102,8 +114,10 @@ trait EnumeratesValues
     /**
      * Wrap the given value in a collection if applicable.
      *
-     * @param  mixed  $value
-     * @return static
+     * @template TWrapValue
+     *
+     * @param  iterable<array-key, TWrapValue>|TWrapValue  $value
+     * @return static<array-key, TWrapValue>
      */
     public static function wrap($value)
     {
@@ -115,8 +129,11 @@ trait EnumeratesValues
     /**
      * Get the underlying items from the given collection if applicable.
      *
-     * @param  array|static  $value
-     * @return array
+     * @template TUnwrapKey of array-key
+     * @template TUnwrapValue
+     *
+     * @param  array<TUnwrapKey, TUnwrapValue>|static<TUnwrapKey, TUnwrapValue>  $value
+     * @return array<TUnwrapKey, TUnwrapValue>
      */
     public static function unwrap($value)
     {
@@ -136,9 +153,11 @@ trait EnumeratesValues
     /**
      * Create a new collection by invoking the callback a given amount of times.
      *
+     * @template TTimesValue
+     *
      * @param  int  $number
-     * @param  callable|null  $callback
-     * @return static
+     * @param  (callable(int): TTimesValue)|null  $callback
+     * @return static<int, TTimesValue>
      */
     public static function times($number, callable $callback = null)
     {
@@ -147,15 +166,15 @@ trait EnumeratesValues
         }
 
         return static::range(1, $number)
-            ->when($callback)
+            ->unless($callback == null)
             ->map($callback);
     }
 
     /**
      * Alias for the "avg" method.
      *
-     * @param  callable|string|null  $callback
-     * @return mixed
+     * @param  (callable(TValue): float|int)|string|null  $callback
+     * @return float|int|null
      */
     public function average($callback = null)
     {
@@ -165,7 +184,7 @@ trait EnumeratesValues
     /**
      * Alias for the "contains" method.
      *
-     * @param  mixed  $key
+     * @param  (callable(TValue, TKey): bool)|TValue|string  $key
      * @param  mixed  $operator
      * @param  mixed  $value
      * @return bool
@@ -175,39 +194,11 @@ trait EnumeratesValues
         return $this->contains(...func_get_args());
     }
 
-    /**
-     * Determine if an item exists, using strict comparison.
-     *
-     * @param  mixed  $key
-     * @param  mixed  $value
-     * @return bool
-     */
-    public function containsStrict($key, $value = null)
-    {
-        if (func_num_args() === 2) {
-            return $this->contains(function ($item) use ($key, $value) {
-                return data_get($item, $key) === $value;
-            });
-        }
-
-        if ($this->useAsCallable($key)) {
-            return ! is_null($this->first($key));
-        }
-
-        foreach ($this as $item) {
-            if ($item === $key) {
-                return true;
-            }
-        }
-
-        return false;
-    }
-
     /**
      * Dump the items and end the script.
      *
      * @param  mixed  ...$args
-     * @return void
+     * @return never
      */
     public function dd(...$args)
     {
@@ -235,7 +226,7 @@ trait EnumeratesValues
     /**
      * Execute a callback over each item.
      *
-     * @param  callable  $callback
+     * @param  callable(TValue, TKey): mixed  $callback
      * @return $this
      */
     public function each(callable $callback)
@@ -252,7 +243,7 @@ trait EnumeratesValues
     /**
      * Execute a callback over each nested chunk of items.
      *
-     * @param  callable  $callback
+     * @param  callable(...mixed): mixed  $callback
      * @return static
      */
     public function eachSpread(callable $callback)
@@ -267,7 +258,7 @@ trait EnumeratesValues
     /**
      * Determine if all items pass the given truth test.
      *
-     * @param  string|callable  $key
+     * @param  (callable(TValue, TKey): bool)|TValue|string  $key
      * @param  mixed  $operator
      * @param  mixed  $value
      * @return bool
@@ -292,16 +283,32 @@ trait EnumeratesValues
     /**
      * Get the first item by the given key value pair.
      *
-     * @param  string  $key
+     * @param  callable|string  $key
      * @param  mixed  $operator
      * @param  mixed  $value
-     * @return mixed
+     * @return TValue|null
      */
     public function firstWhere($key, $operator = null, $value = null)
     {
         return $this->first($this->operatorForWhere(...func_get_args()));
     }
 
+    /**
+     * Get a single key's value from the first matching item in the collection.
+     *
+     * @param  string  $key
+     * @param  mixed  $default
+     * @return mixed
+     */
+    public function value($key, $default = null)
+    {
+        if ($value = $this->firstWhere($key)) {
+            return data_get($value, $key, $default);
+        }
+
+        return value($default);
+    }
+
     /**
      * Determine if the collection is not empty.
      *
@@ -315,8 +322,10 @@ trait EnumeratesValues
     /**
      * Run a map over each nested chunk of items.
      *
-     * @param  callable  $callback
-     * @return static
+     * @template TMapSpreadValue
+     *
+     * @param  callable(mixed): TMapSpreadValue  $callback
+     * @return static<TKey, TMapSpreadValue>
      */
     public function mapSpread(callable $callback)
     {
@@ -332,8 +341,11 @@ trait EnumeratesValues
      *
      * The callback should return an associative array with a single key/value pair.
      *
-     * @param  callable  $callback
-     * @return static
+     * @template TMapToGroupsKey of array-key
+     * @template TMapToGroupsValue
+     *
+     * @param  callable(TValue, TKey): array<TMapToGroupsKey, TMapToGroupsValue>  $callback
+     * @return static<TMapToGroupsKey, static<int, TMapToGroupsValue>>
      */
     public function mapToGroups(callable $callback)
     {
@@ -345,8 +357,11 @@ trait EnumeratesValues
     /**
      * Map a collection and flatten the result by a single level.
      *
-     * @param  callable  $callback
-     * @return static
+     * @template TFlatMapKey of array-key
+     * @template TFlatMapValue
+     *
+     * @param  callable(TValue, TKey): (\Tightenco\Collect\Support\Collection<TFlatMapKey, TFlatMapValue>|array<TFlatMapKey, TFlatMapValue>)  $callback
+     * @return static<TFlatMapKey, TFlatMapValue>
      */
     public function flatMap(callable $callback)
     {
@@ -356,48 +371,42 @@ trait EnumeratesValues
     /**
      * Map the values into a new class.
      *
-     * @param  string  $class
-     * @return static
+     * @template TMapIntoValue
+     *
+     * @param  class-string<TMapIntoValue>  $class
+     * @return static<TKey, TMapIntoValue>
      */
     public function mapInto($class)
     {
-        return $this->map(function ($value, $key) use ($class) {
-            return new $class($value, $key);
-        });
+        return $this->map(fn ($value, $key) => new $class($value, $key));
     }
 
     /**
      * Get the min value of a given key.
      *
-     * @param  callable|string|null  $callback
+     * @param  (callable(TValue):mixed)|string|null  $callback
      * @return mixed
      */
     public function min($callback = null)
     {
         $callback = $this->valueRetriever($callback);
 
-        return $this->map(function ($value) use ($callback) {
-            return $callback($value);
-        })->filter(function ($value) {
-            return ! is_null($value);
-        })->reduce(function ($result, $value) {
-            return is_null($result) || $value < $result ? $value : $result;
-        });
+        return $this->map(fn ($value) => $callback($value))
+            ->filter(fn ($value) => ! is_null($value))
+            ->reduce(fn ($result, $value) => is_null($result) || $value < $result ? $value : $result);
     }
 
     /**
      * Get the max value of a given key.
      *
-     * @param  callable|string|null  $callback
+     * @param  (callable(TValue):mixed)|string|null  $callback
      * @return mixed
      */
     public function max($callback = null)
     {
         $callback = $this->valueRetriever($callback);
 
-        return $this->filter(function ($value) {
-            return ! is_null($value);
-        })->reduce(function ($result, $item) use ($callback) {
+        return $this->filter(fn ($value) => ! is_null($value))->reduce(function ($result, $item) use ($callback) {
             $value = $callback($item);
 
             return is_null($result) || $value > $result ? $value : $result;
@@ -421,10 +430,10 @@ trait EnumeratesValues
     /**
      * Partition the collection into two arrays using the given callback or key.
      *
-     * @param  callable|string  $key
-     * @param  mixed  $operator
-     * @param  mixed  $value
-     * @return static
+     * @param  (callable(TValue, TKey): bool)|TValue|string  $key
+     * @param  TValue|string|null  $operator
+     * @param  TValue|null  $value
+     * @return static<int<0, 1>, static<TKey, TValue>>
      */
     public function partition($key, $operator = null, $value = null)
     {
@@ -449,7 +458,7 @@ trait EnumeratesValues
     /**
      * Get the sum of the given values.
      *
-     * @param  callable|string|null  $callback
+     * @param  (callable(TValue): mixed)|string|null  $callback
      * @return mixed
      */
     public function sum($callback = null)
@@ -458,40 +467,17 @@ trait EnumeratesValues
             ? $this->identity()
             : $this->valueRetriever($callback);
 
-        return $this->reduce(function ($result, $item) use ($callback) {
-            return $result + $callback($item);
-        }, 0);
-    }
-
-    /**
-     * Apply the callback if the value is truthy.
-     *
-     * @param  bool|mixed  $value
-     * @param  callable|null  $callback
-     * @param  callable|null  $default
-     * @return static|mixed
-     */
-    public function when($value, callable $callback = null, callable $default = null)
-    {
-        if (! $callback) {
-            return new HigherOrderWhenProxy($this, $value);
-        }
-
-        if ($value) {
-            return $callback($this, $value);
-        } elseif ($default) {
-            return $default($this, $value);
-        }
-
-        return $this;
+        return $this->reduce(fn ($result, $item) => $result + $callback($item), 0);
     }
 
     /**
      * Apply the callback if the collection is empty.
      *
-     * @param  callable  $callback
-     * @param  callable|null  $default
-     * @return static|mixed
+     * @template TWhenEmptyReturnType
+     *
+     * @param  (callable($this): TWhenEmptyReturnType)  $callback
+     * @param  (callable($this): TWhenEmptyReturnType)|null  $default
+     * @return $this|TWhenEmptyReturnType
      */
     public function whenEmpty(callable $callback, callable $default = null)
     {
@@ -501,34 +487,25 @@ trait EnumeratesValues
     /**
      * Apply the callback if the collection is not empty.
      *
-     * @param  callable  $callback
-     * @param  callable|null  $default
-     * @return static|mixed
+     * @template TWhenNotEmptyReturnType
+     *
+     * @param  callable($this): TWhenNotEmptyReturnType  $callback
+     * @param  (callable($this): TWhenNotEmptyReturnType)|null  $default
+     * @return $this|TWhenNotEmptyReturnType
      */
     public function whenNotEmpty(callable $callback, callable $default = null)
     {
         return $this->when($this->isNotEmpty(), $callback, $default);
     }
 
-    /**
-     * Apply the callback if the value is falsy.
-     *
-     * @param  bool  $value
-     * @param  callable  $callback
-     * @param  callable|null  $default
-     * @return static|mixed
-     */
-    public function unless($value, callable $callback, callable $default = null)
-    {
-        return $this->when(! $value, $callback, $default);
-    }
-
     /**
      * Apply the callback unless the collection is empty.
      *
-     * @param  callable  $callback
-     * @param  callable|null  $default
-     * @return static|mixed
+     * @template TUnlessEmptyReturnType
+     *
+     * @param  callable($this): TUnlessEmptyReturnType  $callback
+     * @param  (callable($this): TUnlessEmptyReturnType)|null  $default
+     * @return $this|TUnlessEmptyReturnType
      */
     public function unlessEmpty(callable $callback, callable $default = null)
     {
@@ -538,9 +515,11 @@ trait EnumeratesValues
     /**
      * Apply the callback unless the collection is not empty.
      *
-     * @param  callable  $callback
-     * @param  callable|null  $default
-     * @return static|mixed
+     * @template TUnlessNotEmptyReturnType
+     *
+     * @param  callable($this): TUnlessNotEmptyReturnType  $callback
+     * @param  (callable($this): TUnlessNotEmptyReturnType)|null  $default
+     * @return $this|TUnlessNotEmptyReturnType
      */
     public function unlessNotEmpty(callable $callback, callable $default = null)
     {
@@ -550,7 +529,7 @@ trait EnumeratesValues
     /**
      * Filter items by the given key value pair.
      *
-     * @param  string  $key
+     * @param  callable|string  $key
      * @param  mixed  $operator
      * @param  mixed  $value
      * @return static
@@ -598,7 +577,7 @@ trait EnumeratesValues
      * Filter items by the given key value pair.
      *
      * @param  string  $key
-     * @param  mixed  $values
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable|iterable  $values
      * @param  bool  $strict
      * @return static
      */
@@ -606,16 +585,14 @@ trait EnumeratesValues
     {
         $values = $this->getArrayableItems($values);
 
-        return $this->filter(function ($item) use ($key, $values, $strict) {
-            return in_array(data_get($item, $key), $values, $strict);
-        });
+        return $this->filter(fn ($item) => in_array(data_get($item, $key), $values, $strict));
     }
 
     /**
      * Filter items by the given key value pair using strict comparison.
      *
      * @param  string  $key
-     * @param  mixed  $values
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable|iterable  $values
      * @return static
      */
     public function whereInStrict($key, $values)
@@ -627,7 +604,7 @@ trait EnumeratesValues
      * Filter items such that the value of the given key is between the given values.
      *
      * @param  string  $key
-     * @param  array  $values
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable|iterable  $values
      * @return static
      */
     public function whereBetween($key, $values)
@@ -639,21 +616,21 @@ trait EnumeratesValues
      * Filter items such that the value of the given key is not between the given values.
      *
      * @param  string  $key
-     * @param  array  $values
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable|iterable  $values
      * @return static
      */
     public function whereNotBetween($key, $values)
     {
-        return $this->filter(function ($item) use ($key, $values) {
-            return data_get($item, $key) < reset($values) || data_get($item, $key) > end($values);
-        });
+        return $this->filter(
+            fn ($item) => data_get($item, $key) < reset($values) || data_get($item, $key) > end($values)
+        );
     }
 
     /**
      * Filter items by the given key value pair.
      *
      * @param  string  $key
-     * @param  mixed  $values
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable|iterable  $values
      * @param  bool  $strict
      * @return static
      */
@@ -661,16 +638,14 @@ trait EnumeratesValues
     {
         $values = $this->getArrayableItems($values);
 
-        return $this->reject(function ($item) use ($key, $values, $strict) {
-            return in_array(data_get($item, $key), $values, $strict);
-        });
+        return $this->reject(fn ($item) => in_array(data_get($item, $key), $values, $strict));
     }
 
     /**
      * Filter items by the given key value pair using strict comparison.
      *
      * @param  string  $key
-     * @param  mixed  $values
+     * @param  \Tightenco\Collect\Contracts\Support\Arrayable|iterable  $values
      * @return static
      */
     public function whereNotInStrict($key, $values)
@@ -681,8 +656,10 @@ trait EnumeratesValues
     /**
      * Filter the items, removing any items that don't match the given type(s).
      *
-     * @param  string|string[]  $type
-     * @return static
+     * @template TWhereInstanceOf
+     *
+     * @param  class-string<TWhereInstanceOf>|array<array-key, class-string<TWhereInstanceOf>>  $type
+     * @return static<TKey, TWhereInstanceOf>
      */
     public function whereInstanceOf($type)
     {
@@ -704,8 +681,10 @@ trait EnumeratesValues
     /**
      * Pass the collection to the given callback and return the result.
      *
-     * @param  callable  $callback
-     * @return mixed
+     * @template TPipeReturnType
+     *
+     * @param  callable($this): TPipeReturnType  $callback
+     * @return TPipeReturnType
      */
     public function pipe(callable $callback)
     {
@@ -715,7 +694,7 @@ trait EnumeratesValues
     /**
      * Pass the collection into a new class.
      *
-     * @param  string  $class
+     * @param  class-string  $class
      * @return mixed
      */
     public function pipeInto($class)
@@ -726,38 +705,26 @@ trait EnumeratesValues
     /**
      * Pass the collection through a series of callable pipes and return the result.
      *
-     * @param  array<callable>  $pipes
+     * @param  array<callable>  $callbacks
      * @return mixed
      */
-    public function pipeThrough($pipes)
+    public function pipeThrough($callbacks)
     {
-        return static::make($pipes)->reduce(
-            function ($carry, $pipe) {
-                return $pipe($carry);
-            },
+        return Collection::make($callbacks)->reduce(
+            fn ($carry, $callback) => $callback($carry),
             $this,
         );
     }
 
-    /**
-     * Pass the collection to the given callback and then return it.
-     *
-     * @param  callable  $callback
-     * @return $this
-     */
-    public function tap(callable $callback)
-    {
-        $callback(clone $this);
-
-        return $this;
-    }
-
     /**
      * Reduce the collection to a single value.
      *
-     * @param  callable  $callback
-     * @param  mixed  $initial
-     * @return mixed
+     * @template TReduceInitial
+     * @template TReduceReturnType
+     *
+     * @param  callable(TReduceInitial|TReduceReturnType, TValue, TKey): TReduceReturnType  $callback
+     * @param  TReduceInitial  $initial
+     * @return TReduceReturnType
      */
     public function reduce(callable $callback, $initial = null)
     {
@@ -770,22 +737,6 @@ trait EnumeratesValues
         return $result;
     }
 
-    /**
-     * Reduce the collection to multiple aggregate values.
-     *
-     * @param  callable  $callback
-     * @param  mixed  ...$initial
-     * @return array
-     *
-     * @deprecated Use "reduceSpread" instead
-     *
-     * @throws \UnexpectedValueException
-     */
-    public function reduceMany(callable $callback, ...$initial)
-    {
-        return $this->reduceSpread($callback, ...$initial);
-    }
-
     /**
      * Reduce the collection to multiple aggregate values.
      *
@@ -804,7 +755,7 @@ trait EnumeratesValues
 
             if (! is_array($result)) {
                 throw new UnexpectedValueException(sprintf(
-                    "%s::reduceMany expects reducer to return an array, but got a '%s' instead.",
+                    "%s::reduceSpread expects reducer to return an array, but got a '%s' instead.",
                     class_basename(static::class), gettype($result)
                 ));
             }
@@ -813,22 +764,10 @@ trait EnumeratesValues
         return $result;
     }
 
-    /**
-     * Reduce an associative collection to a single value.
-     *
-     * @param  callable  $callback
-     * @param  mixed  $initial
-     * @return mixed
-     */
-    public function reduceWithKeys(callable $callback, $initial = null)
-    {
-        return $this->reduce($callback, $initial);
-    }
-
     /**
      * Create a collection of all elements that do not pass a given truth test.
      *
-     * @param  callable|mixed  $callback
+     * @param  (callable(TValue, TKey): bool)|bool|TValue  $callback
      * @return static
      */
     public function reject($callback = true)
@@ -842,10 +781,45 @@ trait EnumeratesValues
         });
     }
 
+    /**
+     * Pass the collection to the given callback and then return it.
+     *
+     * @param  callable($this): mixed  $callback
+     * @return $this
+     */
+    public function tap(callable $callback)
+    {
+        $callback($this);
+
+        return $this;
+    }
+
+    /**
+     * Return only unique items from the collection array.
+     *
+     * @param  (callable(TValue, TKey): mixed)|string|null  $key
+     * @param  bool  $strict
+     * @return static
+     */
+    public function unique($key = null, $strict = false)
+    {
+        $callback = $this->valueRetriever($key);
+
+        $exists = [];
+
+        return $this->reject(function ($item, $key) use ($callback, $strict, &$exists) {
+            if (in_array($id = $callback($item, $key), $exists, $strict)) {
+                return true;
+            }
+
+            $exists[] = $id;
+        });
+    }
+
     /**
      * Return only unique items from the collection array using strict comparison.
      *
-     * @param  string|callable|null  $key
+     * @param  (callable(TValue, TKey): mixed)|string|null  $key
      * @return static
      */
     public function uniqueStrict($key = null)
@@ -856,7 +830,7 @@ trait EnumeratesValues
     /**
      * Collect the values into a collection.
      *
-     * @return \Tightenco\Collect\Support\Collection
+     * @return \Tightenco\Collect\Support\Collection<TKey, TValue>
      */
     public function collect()
     {
@@ -866,22 +840,19 @@ trait EnumeratesValues
     /**
      * Get the collection of items as a plain array.
      *
-     * @return array
+     * @return array<TKey, mixed>
      */
     public function toArray()
     {
-        return $this->map(function ($value) {
-            return $value instanceof Arrayable ? $value->toArray() : $value;
-        })->all();
+        return $this->map(fn ($value) => $value instanceof Arrayable ? $value->toArray() : $value)->all();
     }
 
     /**
      * Convert the object into something JSON serializable.
      *
-     * @return array
+     * @return array<TKey, mixed>
      */
-    #[\ReturnTypeWillChange]
-    public function jsonSerialize()
+    public function jsonSerialize(): array
     {
         return array_map(function ($value) {
             if ($value instanceof JsonSerializable) {
@@ -975,7 +946,7 @@ trait EnumeratesValues
      * Results array of items from Collection or Arrayable.
      *
      * @param  mixed  $items
-     * @return array
+     * @return array<TKey, TValue>
      */
     protected function getArrayableItems($items)
     {
@@ -985,12 +956,14 @@ trait EnumeratesValues
             return $items->all();
         } elseif ($items instanceof Arrayable) {
             return $items->toArray();
+        } elseif ($items instanceof Traversable) {
+            return iterator_to_array($items);
         } elseif ($items instanceof Jsonable) {
             return json_decode($items->toJson(), true);
         } elseif ($items instanceof JsonSerializable) {
             return (array) $items->jsonSerialize();
-        } elseif ($items instanceof Traversable) {
-            return iterator_to_array($items);
+        } elseif ($items instanceof UnitEnum) {
+            return [$items];
         }
 
         return (array) $items;
@@ -999,13 +972,17 @@ trait EnumeratesValues
     /**
      * Get an operator checker callback.
      *
-     * @param  string  $key
+     * @param  callable|string  $key
      * @param  string|null  $operator
      * @param  mixed  $value
      * @return \Closure
      */
     protected function operatorForWhere($key, $operator = null, $value = null)
     {
+        if ($this->useAsCallable($key)) {
+            return $key;
+        }
+
         if (func_num_args() === 1) {
             $value = true;
 
@@ -1041,6 +1018,7 @@ trait EnumeratesValues
                 case '>=':  return $retrieved >= $value;
                 case '===': return $retrieved === $value;
                 case '!==': return $retrieved !== $value;
+                case '<=>': return $retrieved <=> $value;
             }
         };
     }
@@ -1068,22 +1046,18 @@ trait EnumeratesValues
             return $value;
         }
 
-        return function ($item) use ($value) {
-            return data_get($item, $value);
-        };
+        return fn ($item) => data_get($item, $value);
     }
 
     /**
      * Make a function to check an item's equality.
      *
      * @param  mixed  $value
-     * @return \Closure
+     * @return \Closure(mixed): bool
      */
     protected function equality($value)
     {
-        return function ($item) use ($value) {
-            return $item === $value;
-        };
+        return fn ($item) => $item === $value;
     }
 
     /**
@@ -1094,20 +1068,16 @@ trait EnumeratesValues
      */
     protected function negate(Closure $callback)
     {
-        return function (...$params) use ($callback) {
-            return ! $callback(...$params);
-        };
+        return fn (...$params) => ! $callback(...$params);
     }
 
     /**
      * Make a function that returns what's passed to it.
      *
-     * @return \Closure
+     * @return \Closure(TValue): TValue
      */
     protected function identity()
     {
-        return function ($value) {
-            return $value;
-        };
+        return fn ($value) => $value;
     }
 }
diff --git a/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/alias.php b/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/alias.php
index a9c04063f..d2184d201 100644
--- a/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/alias.php
+++ b/data/web/inc/lib/vendor/tightenco/collect/src/Collect/Support/alias.php
@@ -9,7 +9,6 @@ $aliases = [
     Tightenco\Collect\Support\Collection::class => Illuminate\Support\Collection::class,
     Tightenco\Collect\Support\Enumerable::class => Illuminate\Support\Enumerable::class,
     Tightenco\Collect\Support\HigherOrderCollectionProxy::class => Illuminate\Support\HigherOrderCollectionProxy::class,
-    Tightenco\Collect\Support\HigherOrderWhenProxy::class => Illuminate\Support\HigherOrderWhenProxy::class,
     Tightenco\Collect\Support\LazyCollection::class => Illuminate\Support\LazyCollection::class,
     Tightenco\Collect\Support\Traits\EnumeratesValues::class => Illuminate\Support\Traits\EnumeratesValues::class,
 ];

From a06c78362a29eba6c5ecf1e4a2a6a65362301e1f Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 20 Feb 2024 10:31:14 +0100
Subject: [PATCH 151/755] [Web] add ldap idp

---
 data/conf/phpfpm/crons/keycloak-sync.php      |  17 +-
 data/conf/phpfpm/crons/ldap-sync.php          | 176 ++++++++++++
 data/conf/sogo/custom-sogo.js                 |  47 ++++
 data/web/inc/functions.auth.inc.php           | 253 ++++++++++++-----
 data/web/inc/functions.inc.php                | 262 ++++++++++++------
 data/web/inc/functions.mailbox.inc.php        |   8 +-
 data/web/inc/init_db.inc.php                  |   2 +-
 data/web/inc/sessions.inc.php                 |   2 +
 data/web/inc/triggers.inc.php                 |  58 ++--
 data/web/inc/vars.inc.php                     |   6 +-
 data/web/index.php                            |  18 +-
 data/web/js/site/admin.js                     |  33 ++-
 data/web/lang/lang.cs-cz.json                 |   8 +-
 data/web/lang/lang.de-de.json                 |   8 +-
 data/web/lang/lang.en-gb.json                 |  17 +-
 data/web/lang/lang.it-it.json                 |   8 +-
 data/web/lang/lang.pt-br.json                 |   8 +-
 data/web/lang/lang.ro-ro.json                 |   8 +-
 data/web/lang/lang.ru-ru.json                 |   7 +-
 data/web/lang/lang.sk-sk.json                 |   8 +-
 data/web/lang/lang.uk-ua.json                 |   8 +-
 data/web/lang/lang.zh-cn.json                 |   8 +-
 data/web/lang/lang.zh-tw.json                 |   8 +-
 data/web/sogo-auth.php                        |   7 +
 .../admin/tab-config-identity-provider.twig   | 138 +++++++++
 data/web/templates/edit/mailbox.twig          |   5 +
 data/web/templates/user/tab-user-auth.twig    |  16 +-
 27 files changed, 907 insertions(+), 237 deletions(-)
 create mode 100644 data/conf/phpfpm/crons/ldap-sync.php

diff --git a/data/conf/phpfpm/crons/keycloak-sync.php b/data/conf/phpfpm/crons/keycloak-sync.php
index da26ca5be..0525f9572 100644
--- a/data/conf/phpfpm/crons/keycloak-sync.php
+++ b/data/conf/phpfpm/crons/keycloak-sync.php
@@ -18,7 +18,7 @@ try {
   $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
 }
 catch (PDOException $e) {
-  logMsg("danger", $e->getMessage());
+  logMsg("err", $e->getMessage());
   session_destroy();
   exit;
 }
@@ -68,11 +68,12 @@ $_SESSION['acl']['ratelimit'] = "1";
 $_SESSION['acl']['sogo_access'] = "1";
 $_SESSION['acl']['protocol_access'] = "1";
 $_SESSION['acl']['mailbox_relayhost'] = "1";
+$_SESSION['acl']['unlimited_quota'] = "1";
 
 // Init Keycloak Provider
 $iam_provider = identity_provider('init');
 $iam_settings = identity_provider('get');
-if (intval($iam_settings['periodic_sync']) != 1 && $iam_settings['import_users'] != 1) {
+if ($iam_settings['authsource'] != "keycloak" || (intval($iam_settings['periodic_sync']) != 1 && intval($iam_settings['import_users']) != 1)) {
   session_destroy();
   exit;
 }
@@ -127,18 +128,18 @@ while (true) {
   curl_close($ch);
   
   if ($code != 200){
-    logMsg("danger", "Recieved HTTP {$code}");
+    logMsg("err", "Recieved HTTP {$code}");
     session_destroy();
     exit;
   }
   try {
     $response = json_decode($response, true);
   } catch (Exception $e) {
-    logMsg("danger", $e->getMessage());
+    logMsg("err", $e->getMessage());
     break;
   }
   if (!is_array($response)){
-    logMsg("danger", "Recieved malformed response from keycloak api");
+    logMsg("err", "Recieved malformed response from keycloak api");
     break;
   }
   if (count($response) == 0) {
@@ -181,7 +182,7 @@ while (true) {
       }
     }
     if (!$mbox_template){
-      logMsg("warning", "No matching mapper found for mailbox_template");
+      logMsg("warning", "No matching attribute mapping found for user " . $user['email']);
       continue;
     }
 
@@ -191,14 +192,16 @@ while (true) {
       mailbox('add', 'mailbox_from_template', array(
         'domain' => explode('@', $user['email'])[1],
         'local_part' => explode('@', $user['email'])[0],
+        'name' => $user['firstName'] . " " . $user['lastName'],
         'authsource' => 'keycloak',
         'template' => $mbox_template
       ));
-    } else if ($row) {
+    } else if ($row && intval($iam_settings['periodic_sync']) == 1) {
       // mailbox user does exist, sync attribtues...
       logMsg("info", "Syncing attributes for user " . $user['email']);
       mailbox('edit', 'mailbox_from_template', array(
         'username' => $user['email'],
+        'name' => $user['firstName'] . " " . $user['lastName'],
         'template' => $mbox_template
       ));
     } else {
diff --git a/data/conf/phpfpm/crons/ldap-sync.php b/data/conf/phpfpm/crons/ldap-sync.php
new file mode 100644
index 000000000..5686bdacc
--- /dev/null
+++ b/data/conf/phpfpm/crons/ldap-sync.php
@@ -0,0 +1,176 @@
+<?php
+
+require_once(__DIR__ . '/../web/inc/vars.inc.php');
+if (file_exists(__DIR__ . '/../web/inc/vars.local.inc.php')) {
+  include_once(__DIR__ . '/../web/inc/vars.local.inc.php');
+}
+require_once __DIR__ . '/../web/inc/lib/vendor/autoload.php';
+
+// Init database
+//$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
+$dsn = $database_type . ":unix_socket=" . $database_sock . ";dbname=" . $database_name;
+$opt = [
+    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
+    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+    PDO::ATTR_EMULATE_PREPARES   => false,
+];
+try {
+  $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
+}
+catch (PDOException $e) {
+  logMsg("err", $e->getMessage());
+  session_destroy();
+  exit;
+}
+
+// Init Redis
+$redis = new Redis();
+try {
+  if (!empty(getenv('REDIS_SLAVEOF_IP'))) {
+    $redis->connect(getenv('REDIS_SLAVEOF_IP'), getenv('REDIS_SLAVEOF_PORT'));
+  }
+  else {
+    $redis->connect('redis-mailcow', 6379);
+  }
+}
+catch (Exception $e) {
+  echo "Exiting: " . $e->getMessage();
+  session_destroy();
+  exit;
+}
+
+function logMsg($priority, $message, $task = "LDAP Sync") {
+  global $redis;
+
+  $finalMsg = array(
+    "time" => time(),
+    "priority" => $priority,
+    "task" => $task,
+    "message" => $message
+  );
+  $redis->lPush('CRON_LOG', json_encode($finalMsg));
+}
+
+// Load core functions first
+require_once __DIR__ . '/../web/inc/functions.inc.php';
+require_once __DIR__ . '/../web/inc/functions.auth.inc.php';
+require_once __DIR__ . '/../web/inc/sessions.inc.php';
+require_once __DIR__ . '/../web/inc/functions.mailbox.inc.php';
+require_once __DIR__ . '/../web/inc/functions.ratelimit.inc.php';
+require_once __DIR__ . '/../web/inc/functions.acl.inc.php';
+
+$_SESSION['mailcow_cc_username'] = "admin";
+$_SESSION['mailcow_cc_role'] = "admin";
+$_SESSION['acl']['tls_policy'] = "1";
+$_SESSION['acl']['quarantine_notification'] = "1";
+$_SESSION['acl']['quarantine_category'] = "1";
+$_SESSION['acl']['ratelimit'] = "1";
+$_SESSION['acl']['sogo_access'] = "1";
+$_SESSION['acl']['protocol_access'] = "1";
+$_SESSION['acl']['mailbox_relayhost'] = "1";
+$_SESSION['acl']['unlimited_quota'] = "1";
+
+// Init Provider
+$iam_provider = identity_provider('init');
+$iam_settings = identity_provider('get');
+if ($iam_settings['authsource'] != "ldap" || (intval($iam_settings['periodic_sync']) != 1 && intval($iam_settings['import_users']) != 1)) {
+  session_destroy();
+  exit;
+}
+
+// Set pagination variables
+$start = 0;
+$max = 25;
+
+// lock sync if already running
+$lock_file = '/tmp/iam-sync.lock';
+if (file_exists($lock_file)) {
+  $lock_file_parts = explode("\n", file_get_contents($lock_file));
+  $pid = $lock_file_parts[0];
+  if (count($lock_file_parts) > 1){
+    $last_execution = $lock_file_parts[1];
+    $elapsed_time = (time() - $last_execution) / 60;
+    if ($elapsed_time < intval($iam_settings['sync_interval'])) {
+      logMsg("warning", "Sync not ready (".number_format((float)$elapsed_time, 2, '.', '')."min / ".$iam_settings['sync_interval']."min)");
+      session_destroy();
+      exit;
+    }
+  }
+
+  if (posix_kill($pid, 0)) {
+    logMsg("warning", "Sync is already running");
+    session_destroy();
+    exit;
+  } else {
+    unlink($lock_file);
+  }
+}
+$lock_file_handle = fopen($lock_file, 'w');
+fwrite($lock_file_handle, getmypid());
+fclose($lock_file_handle);
+
+// Get ldap users
+$response = $iam_provider->query()
+  ->where($iam_settings['username_field'], "*")
+  ->where($iam_settings['attribute_field'], "*")
+  ->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname'])
+  ->paginate($max);
+
+// Process the users
+foreach ($response as $user) {
+  $mailcow_template = $user[$iam_settings['attribute_field']][0];
+
+  // try get mailbox user
+  $stmt = $pdo->prepare("SELECT `mailbox`.* FROM `mailbox`
+  INNER JOIN domain on mailbox.domain = domain.domain
+  WHERE `kind` NOT REGEXP 'location|thing|group'
+    AND `domain`.`active`='1'
+    AND `username` = :user");
+  $stmt->execute(array(':user' => $user[$iam_settings['username_field']][0]));
+  $row = $stmt->fetch(PDO::FETCH_ASSOC);
+
+  // check if matching attribute mapping exists
+  $mbox_template = null;
+  foreach ($iam_settings['mappers'] as $index => $mapper){
+    if ($mapper ==  $mailcow_template) {
+      $mbox_template = $iam_settings['templates'][$index];
+      break;
+    }
+  }
+  if (!$mbox_template){
+    logMsg("warning", "No matching attribute mapping found for user " . $user[$iam_settings['username_field']][0]);
+    continue;
+  }
+
+  if (!$row && intval($iam_settings['import_users']) == 1){
+    // mailbox user does not exist, create...
+    logMsg("info", "Creating user " .  $user[$iam_settings['username_field']][0]);
+    mailbox('add', 'mailbox_from_template', array(
+      'domain' => explode('@',  $user[$iam_settings['username_field']][0])[1],
+      'local_part' => explode('@',  $user[$iam_settings['username_field']][0])[0],
+      'name' => $user['displayname'][0],
+      'authsource' => 'ldap',
+      'template' => $mbox_template
+    ));
+  } else if ($row && intval($iam_settings['periodic_sync']) == 1) {
+    // mailbox user does exist, sync attribtues...
+    logMsg("info", "Syncing attributes for user " . $user[$iam_settings['username_field']][0]);
+    mailbox('edit', 'mailbox_from_template', array(
+      'username' =>  $user[$iam_settings['username_field']][0],
+      'name' => $user['displayname'][0],
+      'template' => $mbox_template
+    ));
+  } else {
+    // skip mailbox user
+    logMsg("info", "Skipping user " .  $user[$iam_settings['username_field']][0]);
+  }
+
+  sleep(0.025);
+}
+
+logMsg("info", "DONE!");
+// add last execution time to lock file
+$lock_file_handle = fopen($lock_file, 'w');
+fwrite($lock_file_handle, getmypid() . "\n" . time());
+fclose($lock_file_handle);
+session_destroy();
diff --git a/data/conf/sogo/custom-sogo.js b/data/conf/sogo/custom-sogo.js
index 9ee6daba1..44afa2998 100644
--- a/data/conf/sogo/custom-sogo.js
+++ b/data/conf/sogo/custom-sogo.js
@@ -1,3 +1,49 @@
+// redirect to mailcow login form
+document.addEventListener('DOMContentLoaded', function () {
+    var loginForm = document.forms.namedItem("loginForm");
+    if (loginForm) {
+        window.location.href = '/';
+    }
+
+    angularReady = false;
+    // Wait for the Angular components to be initialized
+    function waitForAngularComponents(callback) {
+        const targetNode = document.body;
+
+        const observer = new MutationObserver(function(mutations) {
+            mutations.forEach(function(mutation) {
+            if (mutation.addedNodes.length > 0) {
+                const toolbarElement = document.body.querySelector('md-toolbar');
+                if (toolbarElement) {
+                observer.disconnect();
+                callback();
+                }
+            }
+            });
+        });
+
+        const config = { childList: true, subtree: true };
+        observer.observe(targetNode, config);
+    }
+
+    // Usage
+    waitForAngularComponents(function() {
+        if (!angularReady){
+            angularReady = true;
+
+            const toolbarElement = document.body.querySelector('.md-toolbar-tools.sg-toolbar-group-last.layout-align-end-center.layout-row');
+
+            var htmlCode = '<a class="md-icon-button md-button md-ink-ripple" aria-label="mailcow" href="/user" aria-hidden="false" tabindex="-1">' +
+                '<md-icon class="material-icons" role="img" aria-label="build">build</md-icon>' +
+                '</a><a class="md-icon-button md-button md-ink-ripple" aria-label="mailcow" href="#" onclick="logout.submit()" aria-hidden="false" tabindex="-1">' +
+                '<md-icon class="material-icons" role="img" aria-label="settings_power">settings_power</md-icon>' +
+                '</a><form action="/" method="post" id="logout"><input type="hidden" name="logout"></form>';
+
+            toolbarElement.insertAdjacentHTML('beforeend', htmlCode);
+        }
+    });
+});
+
 // Custom SOGo JS
 
 // Change the visible font-size in the editor, this does not change the font of a html message by default
@@ -5,3 +51,4 @@ CKEDITOR.addCss("body {font-size: 16px !important}");
 
 // Enable scayt by default
 //CKEDITOR.config.scayt_autoStartup = true;
+
diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 7183cc8c1..fe6af27cb 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -4,22 +4,31 @@ function check_login($user, $pass, $app_passwd_data = false, $extra = null) {
   global $redis;
   
   $is_internal = $extra['is_internal'];
+  $role = $extra['role'];
 
   // Try validate admin
-  $result = admin_login($user, $pass);
-  if ($result !== false) return $result;
+  if (!isset($role) || $role == "admin") {
+    $result = admin_login($user, $pass);
+    if ($result !== false) return $result;
+  }
 
   // Try validate domain admin
-  $result = domainadmin_login($user, $pass);
-  if ($result !== false) return $result;
+  if (!isset($role) || $role == "domain_admin") {
+    $result = domainadmin_login($user, $pass);
+    if ($result !== false) return $result;
+  }
 
   // Try validate user
-  $result = user_login($user, $pass);
-  if ($result !== false) return $result;
+  if (!isset($role) || $role == "user") {
+    $result = user_login($user, $pass);
+    if ($result !== false) return $result;
+  }
 
   // Try validate app password
-  $result = apppass_login($user, $pass, $app_passwd_data);
-  if ($result !== false) return $result;
+  if (!isset($role) || $role == "app") {
+    $result = apppass_login($user, $pass, $app_passwd_data);
+    if ($result !== false) return $result;
+  }
 
   // skip log and only return false if it's an internal request
   if ($is_internal == true) return false;
@@ -175,62 +184,136 @@ function user_login($user, $pass, $extra = null){
   $stmt->execute(array(':user' => $user));
   $row = $stmt->fetch(PDO::FETCH_ASSOC);
 
-  // user does not exist, try call keycloak login and create user if possible via rest flow
+  // user does not exist, try call idp login and create user if possible via rest flow
   if (!$row){
     $iam_settings = identity_provider('get');
     if ($iam_settings['authsource'] == 'keycloak' && intval($iam_settings['mailpassword_flow']) == 1){
       $result = keycloak_mbox_login_rest($user, $pass, $iam_settings, array('is_internal' => $is_internal, 'create' => true));
       if ($result !== false) return $result;
+    } else if ($iam_settings['authsource'] == 'ldap') {
+      $result = ldap_mbox_login($user, $pass, $iam_settings, array('is_internal' => $is_internal, 'create' => true));
+      if ($result !== false) return $result;
     }
   } 
   if ($row['active'] != 1) {
     return false;
   }
 
-  if ($row['authsource'] == 'keycloak'){
-    // user authsource is keycloak, try using via rest flow
-    $iam_settings = identity_provider('get');
-    if (intval($iam_settings['mailpassword_flow']) == 1){
-      $result = keycloak_mbox_login_rest($user, $pass, $iam_settings, array('is_internal' => $is_internal));
+  switch ($row['authsource']) {
+    case 'keycloak':
+      // user authsource is keycloak, try using via rest flow
+      $iam_settings = identity_provider('get');
+      if (intval($iam_settings['mailpassword_flow']) == 1){
+        $result = keycloak_mbox_login_rest($user, $pass, $iam_settings, array('is_internal' => $is_internal));
+        if ($result !== false) {
+          // check for tfa authenticators
+          $authenticators = get_tfa($user);
+          if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$is_internal) {
+            // authenticators found, init TFA flow
+            $_SESSION['pending_mailcow_cc_username'] = $user;
+            $_SESSION['pending_mailcow_cc_role'] = "user";
+            $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
+            unset($_SESSION['ldelay']);
+            $_SESSION['return'][] =  array(
+              'type' => 'success',
+              'log' => array(__FUNCTION__, $user, '*'),
+              'msg' => array('logged_in_as', $user)
+            );
+            return "pending";
+          } else if (!isset($authenticators['additional']) || !is_array($authenticators['additional']) || count($authenticators['additional']) == 0) {
+            // no authenticators found, login successfull
+            if (!$is_internal){
+              unset($_SESSION['ldelay']);
+              // Reactivate TFA if it was set to "deactivate TFA for next login"
+              $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
+              $stmt->execute(array(':user' => $user));
+              $_SESSION['return'][] =  array(
+                'type' => 'success',
+                'log' => array(__FUNCTION__, $user, '*'),
+                'msg' => array('logged_in_as', $user)
+              );
+            }
+            return "user";
+          }
+        }
+        return $result;
+      } else {
+        return false;
+      }
+    break;
+    case 'ldap':
+      // user authsource is ldap
+      $iam_settings = identity_provider('get');
+      $result = ldap_mbox_login($user, $pass, $iam_settings, array('is_internal' => $is_internal));
+      if ($result !== false) {
+        // check for tfa authenticators
+        $authenticators = get_tfa($user);
+        if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$is_internal) {
+          // authenticators found, init TFA flow
+          $_SESSION['pending_mailcow_cc_username'] = $user;
+          $_SESSION['pending_mailcow_cc_role'] = "user";
+          $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
+          unset($_SESSION['ldelay']);
+          $_SESSION['return'][] =  array(
+            'type' => 'success',
+            'log' => array(__FUNCTION__, $user, '*'),
+            'msg' => array('logged_in_as', $user)
+          );
+          return "pending";
+        } else if (!isset($authenticators['additional']) || !is_array($authenticators['additional']) || count($authenticators['additional']) == 0) {
+          // no authenticators found, login successfull
+          if (!$is_internal){
+            unset($_SESSION['ldelay']);
+            // Reactivate TFA if it was set to "deactivate TFA for next login"
+            $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
+            $stmt->execute(array(':user' => $user));
+            $_SESSION['return'][] =  array(
+              'type' => 'success',
+              'log' => array(__FUNCTION__, $user, '*'),
+              'msg' => array('logged_in_as', $user)
+            );
+          }
+          return "user";
+        }
+      }
       return $result;
-    } else {
-      return false;
-    }
+    break;
+    default:
+      // verify password
+      if (verify_hash($row['password'], $pass) !== false) {
+        // check for tfa authenticators
+        $authenticators = get_tfa($user);
+        if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$is_internal) {
+          // authenticators found, init TFA flow
+          $_SESSION['pending_mailcow_cc_username'] = $user;
+          $_SESSION['pending_mailcow_cc_role'] = "user";
+          $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
+          unset($_SESSION['ldelay']);
+          $_SESSION['return'][] =  array(
+            'type' => 'success',
+            'log' => array(__FUNCTION__, $user, '*'),
+            'msg' => array('logged_in_as', $user)
+          );
+          return "pending";
+        } else if (!isset($authenticators['additional']) || !is_array($authenticators['additional']) || count($authenticators['additional']) == 0) {
+          // no authenticators found, login successfull
+          if (!$is_internal){
+            unset($_SESSION['ldelay']);
+            // Reactivate TFA if it was set to "deactivate TFA for next login"
+            $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
+            $stmt->execute(array(':user' => $user));
+            $_SESSION['return'][] =  array(
+              'type' => 'success',
+              'log' => array(__FUNCTION__, $user, '*'),
+              'msg' => array('logged_in_as', $user)
+            );
+          }
+          return "user";
+        }
+      }
+    break;
   }
  
-  // verify password
-  if (verify_hash($row['password'], $pass) !== false) {
-    // check for tfa authenticators
-    $authenticators = get_tfa($user);
-    if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$is_internal) {
-      // authenticators found, init TFA flow
-      $_SESSION['pending_mailcow_cc_username'] = $user;
-      $_SESSION['pending_mailcow_cc_role'] = "user";
-      $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
-      unset($_SESSION['ldelay']);
-      $_SESSION['return'][] =  array(
-        'type' => 'success',
-        'log' => array(__FUNCTION__, $user, '*'),
-        'msg' => array('logged_in_as', $user)
-      );
-      return "pending";
-    } else if (!isset($authenticators['additional']) || !is_array($authenticators['additional']) || count($authenticators['additional']) == 0) {
-      // no authenticators found, login successfull
-      if (!$is_internal){
-        unset($_SESSION['ldelay']);
-        // Reactivate TFA if it was set to "deactivate TFA for next login"
-        $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
-        $stmt->execute(array(':user' => $user));
-        $_SESSION['return'][] =  array(
-          'type' => 'success',
-          'log' => array(__FUNCTION__, $user, '*'),
-          'msg' => array('logged_in_as', $user)
-        );
-      }
-      return "user";
-    }
-  }
-
   return false;
 }
 function apppass_login($user, $pass, $app_passwd_data, $extra = null){
@@ -372,11 +455,6 @@ function keycloak_mbox_login_rest($user, $pass, $iam_settings, $extra = null){
     return false;
   } else if (!$create) {
     // login success - dont create mailbox
-    $_SESSION['return'][] =  array(
-      'type' => 'success',
-      'log' => array(__FUNCTION__, $user, '*'),
-      'msg' => array('logged_in_as', $user)
-    );
     return 'user';
   }
 
@@ -388,16 +466,67 @@ function keycloak_mbox_login_rest($user, $pass, $iam_settings, $extra = null){
   $create_res = mailbox('add', 'mailbox_from_template', array(
     'domain' => explode('@', $user)[1],
     'local_part' => explode('@', $user)[0],
+    'name' => $user_res['firstName'] . " " . $user_res['lastName'],
     'authsource' => 'keycloak',
-    'template' => $iam_settings['mappers'][$mapper_key]
+    'template' => $iam_settings['templates'][$mapper_key]
+  ));
+  if (!$create_res) return false;
+
+  return 'user';
+}
+function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
+  global $pdo;
+  global $iam_provider;
+
+  $is_internal = $extra['is_internal'];
+  $create = $extra['create'];
+
+  if (!filter_var($user, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) {
+    if (!$is_internal){
+      $_SESSION['return'][] =  array(
+        'type' => 'danger',
+        'log' => array(__FUNCTION__, $user, '*'),
+        'msg' => 'malformed_username'
+      );
+    }
+    return false;
+  }
+
+  try {
+    $user_res = $iam_provider->query()
+      ->where($iam_settings['username_field'], '=', $user)
+      ->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname', 'distinguishedname'])
+      ->firstOrFail();
+  } catch (Exception $e) {
+    return false;
+  }
+  if (!$iam_provider->auth()->attempt($user_res['distinguishedname'][0], $pass)) {
+    return false;
+  }
+
+  // get mapped template, if not set return false
+  // also return false if no mappers were defined
+  $user_template = $user_res[$iam_settings['attribute_field']][0];
+  if ($create && (empty($iam_settings['mappers']) || !$user_template)){
+    return false;
+  } else if (!$create) {
+    // login success - dont create mailbox
+    return 'user';
+  }
+
+  // check if matching attribute exist
+  $mapper_key = array_search($user_template, $iam_settings['mappers']);
+  if ($mapper_key === false) return false;
+
+  // create mailbox
+  $create_res = mailbox('add', 'mailbox_from_template', array(
+    'domain' => explode('@', $user)[1],
+    'local_part' => explode('@', $user)[0],
+    'name' => $user_res['displayname'][0],
+    'authsource' => 'ldap',
+    'template' => $iam_settings['templates'][$mapper_key]
   ));
   if (!$create_res) return false;
 
-
-  $_SESSION['return'][] =  array(
-    'type' => 'success',
-    'log' => array(__FUNCTION__, $user, '*'),
-    'msg' => array('logged_in_as', $user)
-  );
   return 'user';
 }
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 215a95fdd..7e8389341 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -840,6 +840,11 @@ function update_sogo_static_view($mailbox = null) {
     }
   }
 
+  // generate random password for sogo to deny direct login
+  $random_password = base64_encode(openssl_random_pseudo_bytes(24));
+  $random_salt = base64_encode(openssl_random_pseudo_bytes(16));
+  $random_hash = '{SSHA256}' . base64_encode(hash('sha256', base64_decode($password) . $salt, true) . $salt);
+  
   $subquery = "GROUP BY mailbox.username";
   if ($mailbox_exists) {
     $subquery = "AND mailbox.username = :mailbox";
@@ -849,13 +854,7 @@ function update_sogo_static_view($mailbox = null) {
         mailbox.username,
         mailbox.domain,
         mailbox.username,
-        CASE 
-          WHEN mailbox.authsource IS NOT NULL AND mailbox.authsource <> 'mailcow' THEN '{SSHA256}A123A123A321A321A321B321B321B123B123B321B432F123E321123123321321'
-          ELSE 
-            IF(JSON_UNQUOTE(JSON_VALUE(attributes, '$.force_pw_update')) = '0',
-              IF(JSON_UNQUOTE(JSON_VALUE(attributes, '$.sogo_access')) = 1, password, '{SSHA256}A123A123A321A321A321B321B321B123B123B321B432F123E321123123321321'),
-              '{SSHA256}A123A123A321A321A321B321B321B123B123B321B432F123E321123123321321')
-        END AS c_password,
+        :random_hash,
         mailbox.name,
         mailbox.username,
         IFNULL(GROUP_CONCAT(ga.aliases ORDER BY ga.aliases SEPARATOR ' '), ''),
@@ -886,9 +885,15 @@ function update_sogo_static_view($mailbox = null) {
   
   if ($mailbox_exists) {
     $stmt = $pdo->prepare($query);
-    $stmt->execute(array(':mailbox' => $mailbox));
+    $stmt->execute(array(
+      ':random_hash' => $random_hash,
+      ':mailbox' => $mailbox
+    ));
   } else {
-    $stmt = $pdo->query($query);
+    $stmt = $pdo->prepare($query);
+    $stmt->execute(array(
+      ':random_hash' => $random_hash
+    ));
   }
   
   $stmt = $pdo->query("DELETE FROM _sogo_static_view WHERE `c_uid` NOT IN (SELECT `username` FROM `mailbox` WHERE `active` = '1');");
@@ -2129,12 +2134,18 @@ function identity_provider($_action, $_data = null, $_extra = null) {
         $_SESSION['return'][] =  array(
           'type' => 'danger',
           'log' => array(__FUNCTION__, $_action, $data_log),
-          'msg' => array('required_data_missing', $setting)
+          'msg' => array('required_data_missing', '')
         );
         return false;
       }
+
+      $available_authsources = array(
+        "keycloak",
+        "generic-oidc",
+        "ldap"
+      );
       $_data['authsource'] = strtolower($_data['authsource']);
-      if ($_data['authsource'] != "keycloak" && $_data['authsource'] != "generic-oidc"){
+      if (!in_array($_data['authsource'], $available_authsources)){
         $_SESSION['return'][] =  array(
           'type' => 'danger',
           'log' => array(__FUNCTION__, $_action, $data_log),
@@ -2158,20 +2169,32 @@ function identity_provider($_action, $_data = null, $_extra = null) {
         return false;
       }
 
-      if ($_data['authsource'] == "keycloak") {
-        $_data['server_url']        = (!empty($_data['server_url'])) ? rtrim($_data['server_url'], '/') : null;
-        $_data['mailpassword_flow'] = isset($_data['mailpassword_flow']) ? intval($_data['mailpassword_flow']) : 0;
-        $_data['periodic_sync']     = isset($_data['periodic_sync']) ? intval($_data['periodic_sync']) : 0;
-        $_data['import_users']      = isset($_data['import_users']) ? intval($_data['import_users']) : 0;
-        $_data['sync_interval']     = isset($_data['sync_interval']) ? intval($_data['sync_interval']) : 15;
-        $_data['sync_interval']     = $_data['sync_interval'] < 1 ? 1 : $_data['sync_interval'];
-        $required_settings          = array('authsource', 'server_url', 'realm', 'client_id', 'client_secret', 'redirect_url', 'version', 'mailpassword_flow', 'periodic_sync', 'import_users', 'sync_interval');
-      } else if ($_data['authsource'] == "generic-oidc") {
-        $_data['authorize_url']     = (!empty($_data['authorize_url'])) ? $_data['authorize_url'] : null;
-        $_data['token_url']         = (!empty($_data['token_url'])) ? $_data['token_url'] : null;
-        $_data['userinfo_url']      = (!empty($_data['userinfo_url'])) ? $_data['userinfo_url'] : null;
-        $_data['client_scopes']     = (!empty($_data['client_scopes'])) ? $_data['client_scopes'] : "openid profile email";
-        $required_settings          = array('authsource', 'authorize_url', 'token_url', 'client_id', 'client_secret', 'redirect_url', 'userinfo_url', 'client_scopes');
+      switch ($_data['authsource']) {
+        case "keycloak":
+          $_data['server_url']        = (!empty($_data['server_url'])) ? rtrim($_data['server_url'], '/') : null;
+          $_data['mailpassword_flow'] = isset($_data['mailpassword_flow']) ? intval($_data['mailpassword_flow']) : 0;
+          $_data['periodic_sync']     = isset($_data['periodic_sync']) ? intval($_data['periodic_sync']) : 0;
+          $_data['import_users']      = isset($_data['import_users']) ? intval($_data['import_users']) : 0;
+          $_data['sync_interval']     = (!empty($_data['sync_interval'])) ? intval($_data['sync_interval']) : 15;
+          $_data['sync_interval']     = $_data['sync_interval'] < 1 ? 1 : $_data['sync_interval'];
+          $required_settings          = array('authsource', 'server_url', 'realm', 'client_id', 'client_secret', 'redirect_url', 'version', 'mailpassword_flow', 'periodic_sync', 'import_users', 'sync_interval');
+        break;
+        case "generic-oidc":
+          $_data['authorize_url']     = (!empty($_data['authorize_url'])) ? $_data['authorize_url'] : null;
+          $_data['token_url']         = (!empty($_data['token_url'])) ? $_data['token_url'] : null;
+          $_data['userinfo_url']      = (!empty($_data['userinfo_url'])) ? $_data['userinfo_url'] : null;
+          $_data['client_scopes']     = (!empty($_data['client_scopes'])) ? $_data['client_scopes'] : "openid profile email";
+          $required_settings          = array('authsource', 'authorize_url', 'token_url', 'client_id', 'client_secret', 'redirect_url', 'userinfo_url', 'client_scopes');
+        break;
+        case "ldap":
+          $_data['port']              = (!empty($_data['port'])) ? intval($_data['port']) : 389;
+          $_data['username_field']    = (!empty($_data['username_field'])) ? $_data['username_field'] : "mail";
+          $_data['periodic_sync']     = isset($_data['periodic_sync']) ? intval($_data['periodic_sync']) : 0;
+          $_data['import_users']      = isset($_data['import_users']) ? intval($_data['import_users']) : 0;
+          $_data['sync_interval']     = (!empty($_data['sync_interval'])) ? intval($_data['sync_interval']) : 15;
+          $_data['sync_interval']     = $_data['sync_interval'] < 1 ? 1 : $_data['sync_interval'];
+          $required_settings          = array('authsource', 'host', 'port', 'basedn', 'username_field', 'attribute_field', 'binddn', 'bindpass', 'periodic_sync', 'import_users', 'sync_interval');
+        break;
       }
       
       $pdo->beginTransaction();
@@ -2234,30 +2257,56 @@ function identity_provider($_action, $_data = null, $_extra = null) {
         return false;
       }
 
-      if ($_data['authsource'] == 'keycloak') {
-        $url = "{$_data['server_url']}/realms/{$_data['realm']}/protocol/openid-connect/token";
-      } else {
-        $url = $_data['token_url'];
-      }
-      $req = http_build_query(array(
-        'grant_type'    => 'client_credentials',
-        'client_id'     => $_data['client_id'],
-        'client_secret' => $_data['client_secret']
-      ));
-      $curl = curl_init();
-      curl_setopt($curl, CURLOPT_URL, $url);
-      curl_setopt($curl, CURLOPT_TIMEOUT, 7);
-      curl_setopt($curl, CURLOPT_POST, 1);
-      curl_setopt($curl, CURLOPT_POSTFIELDS, $req);
-      curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
-      curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
-      $res = curl_exec($curl);
-      $code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
-      curl_close ($curl);
-      
-      if ($code != 200) {
-        return false;
+      switch ($_data['authsource']) {
+        case 'keycloak':
+        case 'generic-oidc':
+          if ($_data['authsource'] == 'keycloak') {
+            $url = "{$_data['server_url']}/realms/{$_data['realm']}/protocol/openid-connect/token";
+          } else {
+            $url = $_data['token_url'];
+          }
+          $req = http_build_query(array(
+            'grant_type'    => 'client_credentials',
+            'client_id'     => $_data['client_id'],
+            'client_secret' => $_data['client_secret']
+          ));
+          $curl = curl_init();
+          curl_setopt($curl, CURLOPT_URL, $url);
+          curl_setopt($curl, CURLOPT_TIMEOUT, 7);
+          curl_setopt($curl, CURLOPT_POST, 1);
+          curl_setopt($curl, CURLOPT_POSTFIELDS, $req);
+          curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
+          curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
+          $res = curl_exec($curl);
+          $code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
+          curl_close ($curl);
+          
+          if ($code != 200) {
+            return false;
+          }
+        break;
+        case 'ldap':
+          if (!$_data['host'] || !$_data['port'] || !$_data['basedn'] ||
+            !$_data['binddn'] || !$_data['bindpass']){
+              return false;
+          }
+          $provider = new \LdapRecord\Connection([
+            'hosts'                     => [$_data['host']],
+            'port'                      => $_data['port'],
+            'base_dn'                   => $_data['basedn'],
+            'username'                  => $_data['binddn'],
+            'password'                  => $_data['bindpass']
+          ]);
+          try {
+            $provider->connect();
+          } catch (TypeError $e) {
+            return false;
+          } catch (\LdapRecord\Auth\BindException $e) {
+            return false;
+          }
+        break;
       }
+
       return true;
     break;
     case "delete":
@@ -2295,40 +2344,70 @@ function identity_provider($_action, $_data = null, $_extra = null) {
     case "init":
       $iam_settings = identity_provider('get');
       $provider = null;
-      if ($iam_settings['authsource'] == 'keycloak'){
-        if ($iam_settings['server_url'] && $iam_settings['realm'] && $iam_settings['client_id'] &&
+
+      switch ($iam_settings['authsource']) {
+        case "keycloak":
+          if ($iam_settings['server_url'] && $iam_settings['realm'] && $iam_settings['client_id'] &&
             $iam_settings['client_secret'] && $iam_settings['redirect_url'] && $iam_settings['version']){
-          $provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
-            'authServerUrl'         => $iam_settings['server_url'],
-            'realm'                 => $iam_settings['realm'],
-            'clientId'              => $iam_settings['client_id'],
-            'clientSecret'          => $iam_settings['client_secret'],
-            'redirectUri'           => $iam_settings['redirect_url'],
-            'version'               => $iam_settings['version'],                            
-            // 'encryptionAlgorithm'   => 'RS256',                             // optional
-            // 'encryptionKeyPath'     => '../key.pem'                         // optional
-            // 'encryptionKey'         => 'contents_of_key_or_certificate'     // optional
-          ]);
-        }
-      }
-      else if ($iam_settings['authsource'] == 'generic-oidc'){
-        if ($iam_settings['client_id'] && $iam_settings['client_secret'] && $iam_settings['redirect_url'] &&
+            $provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
+              'authServerUrl'         => $iam_settings['server_url'],
+              'realm'                 => $iam_settings['realm'],
+              'clientId'              => $iam_settings['client_id'],
+              'clientSecret'          => $iam_settings['client_secret'],
+              'redirectUri'           => $iam_settings['redirect_url'],
+              'version'               => $iam_settings['version'],                            
+              // 'encryptionAlgorithm'   => 'RS256',                             // optional
+              // 'encryptionKeyPath'     => '../key.pem'                         // optional
+              // 'encryptionKey'         => 'contents_of_key_or_certificate'     // optional
+            ]);
+          }
+        break;
+        case "generic-oidc":
+          if ($iam_settings['client_id'] && $iam_settings['client_secret'] && $iam_settings['redirect_url'] &&
             $iam_settings['authorize_url'] && $iam_settings['token_url'] && $iam_settings['userinfo_url']){
-          $provider = new \League\OAuth2\Client\Provider\GenericProvider([
-            'clientId'                => $iam_settings['client_id'],
-            'clientSecret'            => $iam_settings['client_secret'],
-            'redirectUri'             => $iam_settings['redirect_url'],
-            'urlAuthorize'            => $iam_settings['authorize_url'],
-            'urlAccessToken'          => $iam_settings['token_url'],
-            'urlResourceOwnerDetails' => $iam_settings['userinfo_url'],
-            'scopes'                  => $iam_settings['client_scopes']
-          ]);
-        }
+            $provider = new \League\OAuth2\Client\Provider\GenericProvider([
+              'clientId'                => $iam_settings['client_id'],
+              'clientSecret'            => $iam_settings['client_secret'],
+              'redirectUri'             => $iam_settings['redirect_url'],
+              'urlAuthorize'            => $iam_settings['authorize_url'],
+              'urlAccessToken'          => $iam_settings['token_url'],
+              'urlResourceOwnerDetails' => $iam_settings['userinfo_url'],
+              'scopes'                  => $iam_settings['client_scopes']
+            ]);
+          }
+        break;
+        case "ldap":
+          if ($iam_settings['host'] && $iam_settings['port'] && $iam_settings['basedn'] &&
+            $iam_settings['binddn'] && $iam_settings['bindpass']){
+            $provider = new \LdapRecord\Connection([
+              'hosts'                     => [$iam_settings['host']],
+              'port'                      => $iam_settings['port'],
+              'base_dn'                   => $iam_settings['basedn'],
+              'username'                  => $iam_settings['binddn'],
+              'password'                  => $iam_settings['bindpass']
+            ]);
+            try {
+              $provider->connect();
+            } catch (TypeError $e) {
+              $provider = null;
+            }
+          }
+        break;
       }
+
       return $provider;
     break;
     case "verify-sso":
       $provider = $_data['iam_provider'];
+      $iam_settings = identity_provider('get');
+      if ($iam_settings['authsource'] != 'keycloak' && $iam_settings['authsource'] != 'generic-oidc'){
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__),
+          'msg' => array('login_failed', "no OIDC provider configured")
+        );
+        return false;
+      }
     
       try {
         $token = $provider->getAccessToken('authorization_code', ['code' => $_GET['code']]);
@@ -2358,8 +2437,7 @@ function identity_provider($_action, $_data = null, $_extra = null) {
       $row = $stmt->fetch(PDO::FETCH_ASSOC);
       if ($row){
         // success
-        $_SESSION['mailcow_cc_username'] = $info['email'];
-        $_SESSION['mailcow_cc_role'] = "user";
+        set_user_loggedin_session($info['email']);
         $_SESSION['return'][] =  array(
           'type' => 'success',
           'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
@@ -2370,9 +2448,8 @@ function identity_provider($_action, $_data = null, $_extra = null) {
 
       // get mapped template, if not set return false
       // also return false if no mappers were defined
-      $provider = identity_provider('get');
       $user_template = $info['mailcow_template'];
-      if (empty($provider['mappers']) || empty($user_template)){
+      if (empty($iam_settings['mappers']) || empty($user_template)){
         clear_session();  
         $_SESSION['return'][] =  array(
           'type' => 'danger',
@@ -2383,7 +2460,7 @@ function identity_provider($_action, $_data = null, $_extra = null) {
       }
 
       // check if matching attribute exist
-      $mapper_key = array_search($user_template, $provider['mappers']);
+      $mapper_key = array_search($user_template, $iam_settings['mappers']);
       if ($mapper_key === false) {
         clear_session();  
         $_SESSION['return'][] =  array(
@@ -2398,8 +2475,9 @@ function identity_provider($_action, $_data = null, $_extra = null) {
       $create_res = mailbox('add', 'mailbox_from_template', array(
         'domain' => explode('@', $info['email'])[1],
         'local_part' => explode('@', $info['email'])[0],
-        'authsource' => identity_provider('get')['authsource'],
-        'template' => $provider['templates'][$mapper_key]
+        'name' => $info['firstName'] . " " . $info['lastName'],
+        'authsource' => $iam_settings['authsource'],
+        'template' => $iam_settings['templates'][$mapper_key]
       ));
       if (!$create_res){
         clear_session();  
@@ -2411,8 +2489,7 @@ function identity_provider($_action, $_data = null, $_extra = null) {
         return false;
       }
     
-      $_SESSION['mailcow_cc_username'] = $info['email'];
-      $_SESSION['mailcow_cc_role'] = "user";
+      set_user_loggedin_session($info['email']);
       $_SESSION['return'][] =  array(
         'type' => 'success',
         'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
@@ -2429,10 +2506,11 @@ function identity_provider($_action, $_data = null, $_extra = null) {
         $_SESSION['iam_refresh_token'] = $token->getRefreshToken();
         $info = $provider->getResourceOwner($token)->toArray();
       } catch (Throwable $e) {
+        clear_session();  
         $_SESSION['return'][] =  array(
           'type' => 'danger',
           'log' => array(__FUNCTION__),
-          'msg' => array('login_failed', $e->getMessage())
+          'msg' => array('refresh_login_failed', $e->getMessage())
         );
         return false;
       }
@@ -2452,6 +2530,9 @@ function identity_provider($_action, $_data = null, $_extra = null) {
       return true;
     break;
     case "get-redirect":
+      $iam_settings = identity_provider('get');
+      if ($iam_settings['authsource'] != 'keycloak' && $iam_settings['authsource'] != 'generic-oidc') 
+        return false;
       $provider = $_data['iam_provider'];
       $authUrl = $provider->getAuthorizationUrl();
       $_SESSION['oauth2state'] = $provider->getState();
@@ -2522,7 +2603,16 @@ function clear_session(){
   session_destroy();
   session_write_close();
 }
-
+function set_user_loggedin_session($user) {
+  $_SESSION['mailcow_cc_username'] = $user;
+  $_SESSION['mailcow_cc_role'] = 'user';
+  $sogo_sso_pass = file_get_contents("/etc/sogo-sso/sogo-sso.pass");
+  $_SESSION['sogo-sso-user-allowed'][] = $user;
+  $_SESSION['sogo-sso-pass'] = $sogo_sso_pass;
+  unset($_SESSION['pending_mailcow_cc_username']);
+  unset($_SESSION['pending_mailcow_cc_role']);
+  unset($_SESSION['pending_tfa_methods']);
+}
 function get_logs($application, $lines = false) {
   if ($lines === false) {
     $lines = $GLOBALS['LOG_LINES'] - 1;
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 46658274e..939958d29 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1019,7 +1019,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             );
             return false;
           }
-          if (in_array($_data['authsource'], array('mailcow', 'keycloak', 'generic-oidc'))){
+          if (in_array($_data['authsource'], array('mailcow', 'keycloak', 'generic-oidc', 'ldap'))){
             $authsource = $_data['authsource'];
           }
           if (empty($name)) {
@@ -2944,7 +2944,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               $tags           = (is_array($_data['tags']) ? $_data['tags'] : array());
               $attribute_hash = (!empty($_data['attribute_hash'])) ? $_data['attribute_hash'] : '';
               $authsource     = $is_now['authsource'];
-              if (in_array($_data['authsource'], array('mailcow', 'keycloak', 'generic-oidc'))){
+              if (in_array($_data['authsource'], array('mailcow', 'keycloak', 'generic-oidc', 'ldap'))){
                 $authsource = $_data['authsource'];
               }
             }
@@ -3285,11 +3285,13 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
           $attribute_hash = sha1(json_encode($mbox_template_data["attributes"]));
           $is_now = mailbox('get', 'mailbox_details', $_data['username']);
-          if ($is_now['attributes']['attribute_hash'] == $attribute_hash)
+          $name = ltrim(rtrim($_data['name'], '>'), '<');
+          if ($is_now['attributes']['attribute_hash'] == $attribute_hash && $is_now['name'] == $name)
             return true;
 
           $mbox_template_data = json_decode($mbox_template_data["attributes"], true);
           $mbox_template_data['attribute_hash'] = $attribute_hash;
+          $mbox_template_data['name'] = $name;
           $quarantine_attributes = array('username' => $_data['username']);
           $tls_attributes = array('username' => $_data['username']);
           $ratelimit_attributes = array('object' => $_data['username']);
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 4f73911a6..afacbc724 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -362,7 +362,7 @@ function init_db_schema() {
           "custom_attributes" => "JSON NOT NULL DEFAULT ('{}')",
           "kind" => "VARCHAR(100) NOT NULL DEFAULT ''",
           "multiple_bookings" => "INT NOT NULL DEFAULT -1",
-          "authsource" => "ENUM('mailcow', 'keycloak', 'generic-oidc') DEFAULT 'mailcow'",
+          "authsource" => "ENUM('mailcow', 'keycloak', 'generic-oidc', 'ldap') DEFAULT 'mailcow'",
           "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
           "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
           "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
diff --git a/data/web/inc/sessions.inc.php b/data/web/inc/sessions.inc.php
index 1a33e7604..b73ad2816 100644
--- a/data/web/inc/sessions.inc.php
+++ b/data/web/inc/sessions.inc.php
@@ -94,6 +94,8 @@ if (isset($_POST["logout"])) {
   if (isset($_SESSION["dual-login"])) {
     $_SESSION["mailcow_cc_username"] = $_SESSION["dual-login"]["username"];
     $_SESSION["mailcow_cc_role"] = $_SESSION["dual-login"]["role"];
+    unset($_SESSION['sogo-sso-user-allowed']);
+    unset($_SESSION['sogo-sso-pass']);
     unset($_SESSION["dual-login"]);
     header("Location: /mailbox");
     exit();
diff --git a/data/web/inc/triggers.inc.php b/data/web/inc/triggers.inc.php
index c8333f979..cd81f4c21 100644
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -4,6 +4,7 @@ if ($iam_provider){
   if (isset($_GET['iam_sso'])){
     // redirect for sso
     $redirect_uri = identity_provider('get-redirect', array('iam_provider' => $iam_provider));
+    $redirect_uri = !empty($redirect_uri) ? $redirect_uri : '/';
     header('Location: ' . $redirect_uri);
     die();
   }
@@ -12,9 +13,9 @@ if ($iam_provider){
     $isRefreshed = identity_provider('refresh-token', array('iam_provider' => $iam_provider));
 
     if (!$isRefreshed){
-      // Session could not be refreshed, clear and redirect to provider
-      clear_session();
+      // Session could not be refreshed, redirect to provider
       $redirect_uri = identity_provider('get-redirect', array('iam_provider' => $iam_provider));
+      $redirect_uri = !empty($redirect_uri) ? $redirect_uri : '/';
       header('Location: ' . $redirect_uri);
       die();
     }
@@ -39,13 +40,16 @@ if (!empty($_GET['sso_token'])) {
 
 if (isset($_POST["verify_tfa_login"])) {
   if (verify_tfa_login($_SESSION['pending_mailcow_cc_username'], $_POST)) {
-    $_SESSION['mailcow_cc_username'] = $_SESSION['pending_mailcow_cc_username'];
-    $_SESSION['mailcow_cc_role'] = $_SESSION['pending_mailcow_cc_role'];
-    unset($_SESSION['pending_mailcow_cc_username']);
-    unset($_SESSION['pending_mailcow_cc_role']);
-    unset($_SESSION['pending_tfa_methods']);
-
-    header("Location: /user");
+    set_user_loggedin_session($_SESSION['pending_mailcow_cc_username']);
+    $user_details = mailbox("get", "mailbox_details", $_SESSION['mailcow_cc_username']);
+    $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
+    if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual) {
+      header("Location: /SOGo/so/{$_SESSION['mailcow_cc_username']}");
+      die();
+    } else {
+      header("Location: /user");
+      die();
+    }
   } else {
     unset($_SESSION['pending_mailcow_cc_username']);
     unset($_SESSION['pending_mailcow_cc_role']);
@@ -70,10 +74,10 @@ if (isset($_POST["quick_delete"])) {
 }
 
 if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
-	$login_user = strtolower(trim($_POST["login_user"]));
-	$as = check_login($login_user, $_POST["pass_user"]);
+  $login_user = strtolower(trim($_POST["login_user"]));
+  $as = check_login($login_user, $_POST["pass_user"]);
 
-	if ($as == "admin") {
+  if ($as == "admin") {
 		$_SESSION['mailcow_cc_username'] = $login_user;
 		$_SESSION['mailcow_cc_role'] = "admin";
 		header("Location: /admin");
@@ -84,19 +88,27 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
 		header("Location: /mailbox");
 	}
 	elseif ($as == "user") {
-		$_SESSION['mailcow_cc_username'] = $login_user;
-		$_SESSION['mailcow_cc_role'] = "user";
-        $http_parameters = explode('&', $_SESSION['index_query_string']);
-        unset($_SESSION['index_query_string']);
-        if (in_array('mobileconfig', $http_parameters)) {
-            if (in_array('only_email', $http_parameters)) {
-                header("Location: /mobileconfig.php?only_email");
-                die();
-            }
-            header("Location: /mobileconfig.php");
+    set_user_loggedin_session($login_user);
+    $http_parameters = explode('&', $_SESSION['index_query_string']);
+    unset($_SESSION['index_query_string']);
+    if (in_array('mobileconfig', $http_parameters)) {
+        if (in_array('only_email', $http_parameters)) {
+            header("Location: /mobileconfig.php?only_email");
             die();
         }
-		header("Location: /user");
+        header("Location: /mobileconfig.php");
+        die();
+    }
+
+    $user_details = mailbox("get", "mailbox_details", $login_user);
+    $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
+    if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual) {
+      header("Location: /SOGo/so/{$login_user}");
+      die();
+    } else {
+      header("Location: /user");
+      die();
+    }
 	}
 	elseif ($as != "pending") {
     unset($_SESSION['pending_mailcow_cc_username']);
diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php
index 18bc63285..726640772 100644
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@@ -122,8 +122,8 @@ $SHOW_DKIM_PRIV_KEYS = false;
 $MAILCOW_APPS = array(
   array(
     'name' => 'Webmail',
-    'link' => '/SOGo/so/',
-    'user_link' => '/sogo-auth.php?login=%u',
+    'link' => '/SOGo/so',
+    'user_link' => '/SOGo/so',
     'hide' => true
   )
 );
@@ -179,7 +179,7 @@ $MAILBOX_DEFAULT_ATTRIBUTES['tls_enforce_out'] = false;
 // Force password change on next login (only allows login to mailcow UI)
 $MAILBOX_DEFAULT_ATTRIBUTES['force_pw_update'] = false;
 
-// Enable SOGo access (set to false to disable access by default)
+// Enable SOGo access - Users will be redirected to SOGo after login (set to false to disable redirect by default)
 $MAILBOX_DEFAULT_ATTRIBUTES['sogo_access'] = true;
 
 // Send notification when quarantine is not empty (never, hourly, daily, weekly)
diff --git a/data/web/index.php b/data/web/index.php
index c44696b6d..08857006f 100644
--- a/data/web/index.php
+++ b/data/web/index.php
@@ -15,8 +15,14 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
   header('Location: /mailbox');
   exit();
 }
-elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
-  header('Location: /user');
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {    
+  $user_details = mailbox("get", "mailbox_details", $_SESSION['mailcow_cc_username']);
+  $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
+  if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual) {
+    header("Location: /SOGo/so/{$_SESSION['mailcow_cc_username']}");
+  } else {
+    header("Location: /user");
+  }
   exit();
 }
 
@@ -24,12 +30,18 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';
 $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
 $_SESSION['index_query_string'] = $_SERVER['QUERY_STRING'];
 
+$has_iam_sso = false;
+if ($iam_provider){
+  $has_iam_sso = identity_provider("get-redirect", array('iam_provider' => $iam_provider)) ? true : false; 
+}
+
+
 $template = 'index.twig';
 $template_data = [
   'oauth2_request' => @$_SESSION['oauth2_request'],
   'is_mobileconfig' => str_contains($_SESSION['index_query_string'], 'mobileconfig'),
   'login_delay' => @$_SESSION['ldelay'],
-  'has_iam_sso' => ($iam_provider) ? true : false
+  'has_iam_sso' => $has_iam_sso
 ];
 
 $js_minifier->add('/web/js/site/index.js');
diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index 3397a1a59..c6839fa47 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -808,6 +808,26 @@ jQuery(function($){
         $(this).parent().parent().parent().remove();
     });
   });
+  $('.iam_rolemap_add_ldap').click(async function(e){
+    e.preventDefault();
+
+    var parent = $('#iam_ldap_mapping_list')
+    $(parent).children().last().clone().appendTo(parent);
+    var newChild = $(parent).children().last();
+    $(newChild).find('input').val('');
+    $(newChild).find('.dropdown-toggle').remove();
+    $(newChild).find('.dropdown-menu').remove();
+    $(newChild).find('.bs-title-option').remove();
+    $(newChild).find('select').selectpicker('destroy');
+    $(newChild).find('select').selectpicker();
+
+    $('.iam_ldap_rolemap_del').off('click');
+    $('.iam_ldap_rolemap_del').click(async function(e){
+      e.preventDefault();
+      if ($(this).parent().parent().parent().parent().children().length > 1)
+        $(this).parent().parent().parent().remove();
+    });
+  });
   $('.iam_keycloak_rolemap_del').click(async function(e){
     e.preventDefault();
     if ($(this).parent().parent().parent().parent().children().length > 1)
@@ -818,15 +838,26 @@ jQuery(function($){
     if ($(this).parent().parent().parent().parent().children().length > 1)
       $(this).parent().parent().parent().remove();
   });
+  $('.iam_ldap_rolemap_del').click(async function(e){
+    e.preventDefault();
+    if ($(this).parent().parent().parent().parent().children().length > 1)
+      $(this).parent().parent().parent().remove();
+  });
   // selecting identity provider
   $('#iam_provider').on('change', function(){
     // toggle password fields
     if (this.value === 'keycloak'){
       $('#keycloak_settings').removeClass('d-none');
       $('#generic_oidc_settings').addClass('d-none');
+      $('#ldap_settings').addClass('d-none');
     } else if (this.value === 'generic-oidc') {
-      $('#keycloak_settings').addClass('d-none');
       $('#generic_oidc_settings').removeClass('d-none');
+      $('#keycloak_settings').addClass('d-none');
+      $('#ldap_settings').addClass('d-none');
+    } else if (this.value === 'ldap') {
+      $('#ldap_settings').removeClass('d-none');
+      $('#generic_oidc_settings').addClass('d-none');
+      $('#keycloak_settings').addClass('d-none');
     }
   });
 });
diff --git a/data/web/lang/lang.cs-cz.json b/data/web/lang/lang.cs-cz.json
index 2d0b1014e..8190315fa 100644
--- a/data/web/lang/lang.cs-cz.json
+++ b/data/web/lang/lang.cs-cz.json
@@ -648,8 +648,8 @@
         "sieve_desc": "Krátký popis",
         "sieve_type": "Typ filtru",
         "skipcrossduplicates": "Přeskočit duplicitní zprávy (\"první přijde, první mele\")",
-        "sogo_access": "Udělit přímý přihlašovací přístup do služby SOGo",
-        "sogo_access_info": "Jednotné přihlášení (SSO) z mail UI zůstává funkční. Toto nastavení neovlivňuje přístup ke všem ostatním službám ani neodstraňuje či nemění stávající profil uživatele SOGo.",
+        "sogo_access": "Přímé předání na SOGo",
+        "sogo_access_info": "Po přihlášení je uživatel automaticky přesměrován do služby SOGo.",
         "sogo_visible": "Alias dostupný v SOGo",
         "sogo_visible_info": "Tato volba určuje objekty, jež lze zobrazit v SOGo (sdílené nebo nesdílené aliasy, jež ukazuje alespoň na jednu schránku).",
         "spam_alias": "Vytvořit nebo změnit dočasné aliasy",
@@ -1143,7 +1143,7 @@
         "delete_ays": "Potvrďte odstranění.",
         "direct_aliases": "Přímé aliasy",
         "direct_aliases_desc": "Na přímé aliasy se uplatňuje filtr spamu a nastavení pravidel TLS",
-        "direct_protocol_access": "Tento uživatel mailové schránky má <b>přímý externí přístup</b> k následujícím protokolům a aplikacím. Toto nastavení je řízeno správcem. Pro udělení přístupu k jednotlivým protokolům a aplikacím lze vytvořit hesla aplikací.<br>Tlačítko \" Přihlaste se do webmailu\" zajišťuje jednotné přihlášení k SOGo a je vždy k dispozici.",
+        "direct_protocol_access": "Tento uživatel mailové schránky má <b>přímý externí přístup</b> k následujícím protokolům a aplikacím. Toto nastavení je řízeno správcem. Pro udělení přístupu k jednotlivým protokolům a aplikacím lze vytvořit hesla aplikací.<br>Tlačítko \"Webmailu\" zajišťuje jednotné přihlášení k SOGo a je vždy k dispozici.",
         "eas_reset": "Smazat mezipaměť zařízení ActiveSync",
         "eas_reset_help": "Obnovení mezipaměti zařízení pomůže zpravidla obnovit poškozený profil služby ActiveSync.<br><b>Upozornění:</b> Všechna data budou opětovně stažena!",
         "eas_reset_now": "Smazat",
@@ -1184,7 +1184,7 @@
         "no_last_login": "Žádný záznam o přihlášení",
         "no_record": "Žádný záznam",
         "open_logs": "Otevřít záznam",
-        "open_webmail_sso": "Přihlaste se do webmailu",
+        "open_webmail_sso": "Webmailu",
         "password": "Heslo",
         "password_now": "Současné heslo (pro potvrzení změny)",
         "password_repeat": "Heslo (znovu)",
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index fd3442132..0f758d0d2 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -675,8 +675,8 @@
         "sieve_desc": "Kurze Beschreibung",
         "sieve_type": "Filtertyp",
         "skipcrossduplicates": "Duplikate auch über Ordner hinweg überspringen (\"first come, first serve\")",
-        "sogo_access": "Direktes Einloggen an SOGo erlauben",
-        "sogo_access_info": "Single-Sign-On Zugriff über die UI wird hierdurch NICHT deaktiviert. Diese Einstellung hat weder Einfluss auf den Zugang sonstiger Dienste noch entfernt sie ein vorhandenes SOGo-Benutzerprofil.",
+        "sogo_access": "Direktes weiterleiten an SOGo",
+        "sogo_access_info": "Nach dem Einloggen wird der Benutzer automatisch an SOGo weitergeleitet.",
         "sogo_visible": "Alias in SOGo sichtbar",
         "sogo_visible_info": "Diese Option hat lediglich Einfluss auf Objekte, die in SOGo darstellbar sind (geteilte oder nicht-geteilte Alias-Adressen mit dem Ziel mindestens einer lokalen Mailbox).",
         "spam_alias": "Anpassen temporärer Alias-Adressen",
@@ -1161,7 +1161,7 @@
         "delete_ays": "Soll der Löschvorgang wirklich ausgeführt werden?",
         "direct_aliases": "Direkte Alias-Adressen",
         "direct_aliases_desc": "Nur direkte Alias-Adressen werden für benutzerdefinierte Einstellungen berücksichtigt.",
-        "direct_protocol_access": "Der Hauptbenutzer hat <b>direkten, externen Zugriff</b> auf folgende Protokolle und Anwendungen. Diese Einstellung wird vom Administrator gesteuert. App-Passwörter können verwendet werden, um individuelle Zugänge für Protokolle und Anwendungen zu erstellen.<br>Der Button \"In Webmail einloggen\" kann unabhängig der Einstellung immer verwendet werden.",
+        "direct_protocol_access": "Der Hauptbenutzer hat <b>direkten, externen Zugriff</b> auf folgende Protokolle und Anwendungen. Diese Einstellung wird vom Administrator gesteuert. App-Passwörter können verwendet werden, um individuelle Zugänge für Protokolle und Anwendungen zu erstellen.<br>Der Button \"Webmail\" kann unabhängig der Einstellung immer verwendet werden.",
         "eas_reset": "ActiveSync-Geräte-Cache zurücksetzen",
         "eas_reset_help": "In vielen Fällen kann ein ActiveSync-Profil durch das Zurücksetzen des Caches repariert werden.<br><b>Vorsicht:</b> Alle Elemente werden erneut heruntergeladen!",
         "eas_reset_now": "Jetzt zurücksetzen",
@@ -1201,7 +1201,7 @@
         "no_active_filter": "Kein aktiver Filter vorhanden",
         "no_last_login": "Keine letzte UI-Anmeldung gespeichert",
         "no_record": "Kein Eintrag",
-        "open_webmail_sso": "In Webmail einloggen",
+        "open_webmail_sso": "Webmail",
         "overview": "Übersicht",
         "password": "Passwort",
         "password_now": "Aktuelles Passwort (Änderungen bestätigen)",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 869e69d16..e41a5f51a 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -212,17 +212,22 @@
         "host": "Host",
         "html": "HTML",
         "iam": "Identity Provider",
+        "iam_attribute_field": "Attribute Field",
         "iam_authorize_url": "Authorization endpoint",
         "iam_auth_flow": "Authentication Flow",
         "iam_auth_flow_info": "In addition to the Authorization Code Flow (Standard Flow in Keycloak), which is used for Single-Sign On login, mailcow also supports Authentication Flow with direct Credentials. The Mailpassword Flow attempts to validate the user's credentials by using the Keycloak Admin REST API. mailcow retrieves the hashed password from the <code>mailcow_password</code> attribute, which is mapped in Keycloak.",
+        "iam_basedn": "Base DN",
         "iam_client_id": "Client ID",
         "iam_client_secret": "Client Secret",
         "iam_client_scopes": "Client Scopes",
-        "iam_description": "Configure an external OIDC Provider for Authentication<br>User's mailboxes will be automatically created upon their first login, provided that an attribute mapping has been set.",
+        "iam_description": "Configure an external Provider for Authentication<br>User's mailboxes will be automatically created upon their first login, provided that an attribute mapping has been set.",
         "iam_extra_permission": "For the following settings to work, the mailcow client in Keycloak needs a <code>Service account</code> and the permission to <code>view-users</code>.",
+        "iam_host": "Host",
         "iam_import_users": "Import Users",
         "iam_mapping": "Attribute Mapping",
+        "iam_bindpass": "Bind Password",
         "iam_periodic_full_sync": "Periodic Full Sync",
+        "iam_port": "Port",
         "iam_realm": "Realm",
         "iam_redirect_url": "Redirect Url",
         "iam_rest_flow": "Mailpassword Flow",
@@ -232,6 +237,8 @@
         "iam_test_connection": "Test Connection",
         "iam_token_url": "Token endpoint",
         "iam_userinfo_url": "User info endpoint",
+        "iam_username_field": "Username Field",
+        "iam_binddn": "Bind DN",
         "iam_version": "Version",
         "import": "Import",
         "import_private_key": "Import private key",
@@ -702,8 +709,8 @@
         "sieve_desc": "Short description",
         "sieve_type": "Filter type",
         "skipcrossduplicates": "Skip duplicate messages across folders (first come, first serve)",
-        "sogo_access": "Grant direct login access to SOGo",
-        "sogo_access_info": "Single-sign-on from within the mail UI remains working. This setting does neither affect access to all other services nor does it delete or change a user's existing SOGo profile.",
+        "sogo_access": "Direct forwarding to SOGo",
+        "sogo_access_info": "After logging in, the user is automatically redirected to SOGo.",
         "sogo_visible": "Alias is visible in SOGo",
         "sogo_visible_info": "This option only affects objects, that can be displayed in SOGo (shared or non-shared alias addresses pointing to at least one local mailbox). If hidden, an alias will not appear as selectable sender in SOGo.",
         "spam_alias": "Create or change time limited alias addresses",
@@ -1196,7 +1203,7 @@
         "delete_ays": "Please confirm the deletion process.",
         "direct_aliases": "Direct alias addresses",
         "direct_aliases_desc": "Direct alias addresses are affected by spam filter and TLS policy settings.",
-        "direct_protocol_access": "This mailbox user has <b>direct, external access</b> to the following protocols and applications. This setting is controlled by your administrator. App passwords can be created to grant access to individual protocols and applications.<br>The \"Login to webmail\" button provides single-sign-on to SOGo and is always available.",
+        "direct_protocol_access": "This mailbox user has <b>direct, external access</b> to the following protocols and applications. This setting is controlled by your administrator. App passwords can be created to grant access to individual protocols and applications.<br>The \"Webmail\" button provides single-sign-on to SOGo and is always available.",
         "eas_reset": "Reset ActiveSync device cache",
         "eas_reset_help": "In many cases a device cache reset will help to recover a broken ActiveSync profile.<br><b>Attention:</b> All elements will be redownloaded!",
         "eas_reset_now": "Reset now",
@@ -1237,7 +1244,7 @@
         "no_last_login": "No last UI login information",
         "no_record": "No record",
         "open_logs": "Open logs",
-        "open_webmail_sso": "Login to webmail",
+        "open_webmail_sso": "Webmail",
         "overview": "Overview",
         "password": "Password",
         "password_now": "Current password (confirm changes)",
diff --git a/data/web/lang/lang.it-it.json b/data/web/lang/lang.it-it.json
index 6783dfed8..65bb36942 100644
--- a/data/web/lang/lang.it-it.json
+++ b/data/web/lang/lang.it-it.json
@@ -620,9 +620,9 @@
         "username": "Nome utente",
         "validate_save": "Convalida e salva",
         "pushover": "Pushover",
-        "sogo_access_info": "Il single-sign-on dall'interno dell'interfaccia di posta rimane funzionante. Questa impostazione non influisce sull'accesso a tutti gli altri servizi né cancella o modifica il profilo SOGo esistente dell'utente.",
         "none_inherit": "Nessuno / Eredita",
-        "sogo_access": "Concedere l'accesso diretto a SOGo",
+        "sogo_access": "Inoltro diretto a SOGo",
+        "sogo_access_info": "Dopo aver effettuato il login, l'utente viene automaticamente reindirizzato a SOGo.",
         "acl": "ACL (autorizzazione)",
         "app_passwd_protocols": "Protocolli consentiti per la password dell'app",
         "last_modified": "Ultima modifica",
@@ -1121,7 +1121,7 @@
         "no_active_filter": "No active filter available",
         "no_last_login": "No last UI login information",
         "no_record": "Nessun elemento",
-        "open_webmail_sso": "Accedi alla webmail",
+        "open_webmail_sso": "Webmail",
         "password": "Password",
         "password_now": "Password attuale (conferma modifiche)",
         "password_repeat": "Conferma password (riscrivi)",
@@ -1209,7 +1209,7 @@
         "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Impossibile connettersi al server remoto",
         "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Nome utente o password errati",
         "with_app_password": "con password dell'app",
-        "direct_protocol_access": "Questo utente della mailbox ha <b>accesso diretto ed esterno</b> ai seguenti protocolli e applicazioni. Questa impostazione è controllata dal tuo amministratore. Le password delle applicazioni possono essere create per garantire l'accesso ai singoli protocolli e applicazioni.<br>Il pulsante \"Accedi alla webmail\" fornisce un singolo accesso a SOGo ed è sempre disponibile.",
+        "direct_protocol_access": "Questo utente della mailbox ha <b>accesso diretto ed esterno</b> ai seguenti protocolli e applicazioni. Questa impostazione è controllata dal tuo amministratore. Le password delle applicazioni possono essere create per garantire l'accesso ai singoli protocolli e applicazioni.<br>Il pulsante \"Webmail\" fornisce un singolo accesso a SOGo ed è sempre disponibile.",
         "pushover_sound": "Suono"
     },
     "warning": {
diff --git a/data/web/lang/lang.pt-br.json b/data/web/lang/lang.pt-br.json
index 9acaf87c7..e254a6e2d 100644
--- a/data/web/lang/lang.pt-br.json
+++ b/data/web/lang/lang.pt-br.json
@@ -669,8 +669,8 @@
         "sieve_desc": "Breve descrição",
         "sieve_type": "Tipo de filtro",
         "skipcrossduplicates": "Ignore mensagens duplicadas entre pastas (primeiro a chegar, primeiro a ser servido)",
-        "sogo_access": "Conceder acesso de login direto ao SoGo",
-        "sogo_access_info": "O login único de dentro da interface do usuário de e-mail continua funcionando. Essa configuração não afeta o acesso a todos os outros serviços nem exclui ou altera o perfil SoGo existente de um usuário.",
+        "sogo_access": "Encaminhamento direto para o SOGoo",
+        "sogo_access_info": "Depois de fazer login, o usuário é automaticamente redirecionado para o SOGo.",
         "sogo_visible": "O alias é visível no SoGo",
         "sogo_visible_info": "Essa opção afeta somente objetos, que podem ser exibidos no SoGo (endereços de alias compartilhados ou não compartilhados apontando para pelo menos uma caixa de correio local). Se estiver oculto, um alias não aparecerá como remetente selecionável no SoGo.",
         "spam_alias": "Crie ou altere endereços de alias com limite de tempo",
@@ -1160,7 +1160,7 @@
         "delete_ays": "Confirme o processo de exclusão.",
         "direct_aliases": "Endereços de alias diretos",
         "direct_aliases_desc": "Os endereços de alias diretos são afetados pelo filtro de spam e pelas configurações da política TLS.",
-        "direct_protocol_access": "Esse usuário da caixa de correio tem <b>acesso externo direto</b> aos seguintes protocolos e aplicativos. Essa configuração é controlada pelo administrador. As senhas de aplicativos podem ser criadas para conceder acesso a protocolos e aplicativos individuais. <br>O botão “Login no webmail” fornece login único no SoGo e está sempre disponível.",
+        "direct_protocol_access": "Esse usuário da caixa de correio tem <b>acesso externo direto</b> aos seguintes protocolos e aplicativos. Essa configuração é controlada pelo administrador. As senhas de aplicativos podem ser criadas para conceder acesso a protocolos e aplicativos individuais. <br>O botão “Webmail” fornece login único no SoGo e está sempre disponível.",
         "eas_reset": "Redefinir o cache do dispositivo ActiveSync",
         "eas_reset_help": "Em muitos casos, uma redefinição do cache do dispositivo ajudará a recuperar um perfil quebrado do ActiveSync. <br><b>Atenção:</b> Todos os elementos serão baixados novamente!",
         "eas_reset_now": "Reinicie agora",
@@ -1201,7 +1201,7 @@
         "no_last_login": "Nenhuma informação de login da última interface",
         "no_record": "Sem registro",
         "open_logs": "Registros abertos",
-        "open_webmail_sso": "Faça login no webmail",
+        "open_webmail_sso": "Webmail",
         "password": "Senha",
         "password_now": "Senha atual (confirme as alterações)",
         "password_repeat": "Senha (repetição)",
diff --git a/data/web/lang/lang.ro-ro.json b/data/web/lang/lang.ro-ro.json
index 5c7b29b0e..2191b479a 100644
--- a/data/web/lang/lang.ro-ro.json
+++ b/data/web/lang/lang.ro-ro.json
@@ -607,8 +607,8 @@
         "sieve_desc": "Descriere scurtă",
         "sieve_type": "Tip filtru",
         "skipcrossduplicates": "Sari peste mesajele duplicate din toate folderele (primul venit, primul servit)",
-        "sogo_access": "Acordați acces direct de conectare la SOGo",
-        "sogo_access_info": "Conectarea unică din interfața de administrare a e-mailului continuă să funcționeze. Această setare nu afectează accesul la toate celelalte servicii și nici nu șterge sau modifică profilul SOGo existent al unui utilizator.",
+        "sogo_access": "Redirecționare directă către SOGo",
+        "sogo_access_info": "După logare, utilizatorul este redirecționat automat către SOGo.",
         "sogo_visible": "Aliasul este vizibil în SOGo",
         "sogo_visible_info": "Această opțiune afectează doar obiecte, care pot fi afișate în SOGo (adrese alias partajate sau ne-partajate cu cel puțin o căsuță poștală locală). Dacă este ascuns, un alias nu va apărea ca expeditor selectabil în SOGo.",
         "spam_alias": "Crează sau modifică adrese alias limitate în funcție de timp",
@@ -1067,7 +1067,7 @@
         "delete_ays": "Vă rugăm să confirmați stergerea.",
         "direct_aliases": "Adrese alias directe",
         "direct_aliases_desc": "Adresele alias directe sunt afectate de setările filtrului de spam și ale politicii TLS.",
-        "direct_protocol_access": "Acest utilizator are <b>acces direct, extern</b> la următoarele protocoale și aplicații. Această setare este controlată de administratorul dvs. Parolele pentru aplicații pot fi create pentru a acorda acces la protocoale și aplicații individuale.<br>Butonul \"Conectați-vă la webmail\" oferă conectare unică la SOGo și este întotdeauna disponibil.",
+        "direct_protocol_access": "Acest utilizator are <b>acces direct, extern</b> la următoarele protocoale și aplicații. Această setare este controlată de administratorul dvs. Parolele pentru aplicații pot fi create pentru a acorda acces la protocoale și aplicații individuale.<br>Butonul \"Webmail\" oferă conectare unică la SOGo și este întotdeauna disponibil.",
         "eas_reset": "Resetează memoria cache a dispozitivului ActiveSync",
         "eas_reset_help": "În multe cazuri, resetarea cache-ului dispozitivului va ajuta la recuperarea unui profil ActiveSync defect.<br><b>Atenţie:</b> Toate elementele vor fi descărcate din nou!",
         "eas_reset_now": "Resetează acum",
@@ -1108,7 +1108,7 @@
         "no_last_login": "Nu există informații despre ultima autentificare în interfață",
         "no_record": "Nici o înregistrare",
         "open_logs": "Deschide jurnalele",
-        "open_webmail_sso": "Autentificare în webmail",
+        "open_webmail_sso": "Webmail",
         "password": "Parolă",
         "password_now": "Parola curentă (confirmă modificările)",
         "password_repeat": "Parolă (repetă)",
diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index 2a959ab3c..b40568053 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -621,7 +621,8 @@
         "unchanged_if_empty": "Если без изменений - оставьте пустым",
         "username": "Имя пользователя",
         "validate_save": "Подтвердить и сохранить",
-        "sogo_access_info": "Единый вход из интерфейса почты продолжает работать. Эта настройка не влияет на доступ ко всем другим службам, а также не удаляет или изменяет существующий профиль пользователя SOGo.",
+        "sogo_access": "Прямая переадресация в SOGo",
+        "sogo_access_info": "После входа в систему пользователь автоматически перенаправляется в SOGo.",
         "app_passwd_protocols": "Разрешенные протоколы для пароля приложения",
         "domain_footer_info": "Нижние колонтитулы на уровне домена добавляются ко всем исходящим электронным письмам, связанным с адресом в этом домене. <br> Для нижнего колонтитула можно использовать следующие переменные:",
         "domain_footer_info_vars": {
@@ -1119,7 +1120,7 @@
         "no_last_login": "Информация о последнем входе в пользовательский интерфейс отсутствует",
         "no_record": "Записи отсутствуют",
         "open_logs": "Показать журнал",
-        "open_webmail_sso": "Вход в веб-почту",
+        "open_webmail_sso": "веб-почту",
         "password": "Пароль",
         "password_now": "Текущий пароль (подтверждение изменения)",
         "password_repeat": "Подтверждение пароля (повтор)",
@@ -1204,7 +1205,7 @@
         "years": "лет",
         "allowed_protocols": "Разрешенные протоколы",
         "apple_connection_profile_with_app_password": "Новый пароль приложения генерируется и добавляется в профиль, поэтому при настройке устройства не требуется вводить пароль. Не предоставляйте доступ к файлу, поскольку он предоставляет полный доступ к вашему почтовому ящику.",
-        "direct_protocol_access": "Этот пользователь почтового ящика имеет <b>прямой, внешний доступ</b> к следующим протоколам и приложениям. Эта настройка контролируется вашим администратором. Для предоставления доступа к отдельным протоколам и приложениям могут быть созданы пароли приложений.<br> Кнопка \"Вход в веб-почту\" обеспечивает единый вход в SOGo и всегда доступна.",
+        "direct_protocol_access": "Этот пользователь почтового ящика имеет <b>прямой, внешний доступ</b> к следующим протоколам и приложениям. Эта настройка контролируется вашим администратором. Для предоставления доступа к отдельным протоколам и приложениям могут быть созданы пароли приложений.<br> Кнопка \"веб-почту\" обеспечивает единый вход в SOGo и всегда доступна.",
         "with_app_password": "с паролем приложения",
         "change_password_hint_app_passwords": "В вашей учетной записи есть {{number_of_app_passwords}} паролей приложений, которые не будут изменены. Чтобы управлять ими, перейдите на вкладку \"Пароли приложений\".",
         "attribute": "Атрибут",
diff --git a/data/web/lang/lang.sk-sk.json b/data/web/lang/lang.sk-sk.json
index d656a2cd1..465231860 100644
--- a/data/web/lang/lang.sk-sk.json
+++ b/data/web/lang/lang.sk-sk.json
@@ -625,8 +625,8 @@
         "sieve_desc": "Krátky popis",
         "sieve_type": "Typ filtru",
         "skipcrossduplicates": "Preskočiť duplikované správy naprieč priečinkami (akceptuje sa prvý nález)",
-        "sogo_access": "Prideliť priame prihlásenie do SOGo",
-        "sogo_access_info": "Jednotné prihlásenie z používateľského mail rozhrania zostáva funkčné. Toto nastavenie nemá vplyv na prístup k ostatným službám, ani neodstraňuje alebo nemení existujúci profil používateľa SOGo.",
+        "sogo_access": "Priame presmerovanie na SOGo",
+        "sogo_access_info": "Po prihlásení je používateľ automaticky presmerovaný na službu SOGo.",
         "sogo_visible": "Alias je viditeľný v SOGo",
         "sogo_visible_info": "Táto voľba ovplyvňuje len objekty, ktoré dokážu byť zobrazené v SOGo (zdieľané alebo nezdieľané alias adresy ukazujúc na minimálne jednu lokálnu mailovú schránku). Ak je skrytý, alias nebude prezentovaný ako voliteľný odosielateľ v SOGo.",
         "spam_alias": "Vytvoriť alebo zmeniť časovo limitované alias adresy",
@@ -1119,7 +1119,7 @@
         "delete_ays": "Potvrďte zmazanie.",
         "direct_aliases": "Priame alias adresy",
         "direct_aliases_desc": "Priame aliasy sú ovplyvnené spam filtrom a nastavením TLS pravidiel.",
-        "direct_protocol_access": "Tento používateľ mailovej schránky má <b>priamy, externý prístup</b> k nasledujúcim protokolom a aplikáciám. Toto nastavenie kontroluje administrátor. Na udelenie prístupu k jednotlivým protokolom a aplikáciám je možné vytvoriť heslá aplikácií.<br>Tlačidlo \"Prihlásenie do webmailu\" poskytuje jednotné prihlásenie do systému SOGo a je vždy k dispozícii.",
+        "direct_protocol_access": "Tento používateľ mailovej schránky má <b>priamy, externý prístup</b> k nasledujúcim protokolom a aplikáciám. Toto nastavenie kontroluje administrátor. Na udelenie prístupu k jednotlivým protokolom a aplikáciám je možné vytvoriť heslá aplikácií.<br>Tlačidlo \"Webmailu\" poskytuje jednotné prihlásenie do systému SOGo a je vždy k dispozícii.",
         "eas_reset": "Resetovať medzipamäť u ActiveSync zariadení",
         "eas_reset_help": "Vo väčšine prípadov, reset medzipamäte ActiveSync pomôže opravit nefunkčný profil.<br><b>Pozor:</b> Všetky potrebné dáta budú opäť stiahnuté!",
         "eas_reset_now": "Reset ActiveSync",
@@ -1160,7 +1160,7 @@
         "no_last_login": "Žiadny záznam o prihlásení cez web",
         "no_record": "Žiaden záznam",
         "open_logs": "Otvoriť záznam",
-        "open_webmail_sso": "Prihláste sa do webmailu",
+        "open_webmail_sso": "Webmailu",
         "password": "Heslo",
         "password_now": "Aktuálne heslo (potvrdiť zmeny)",
         "password_repeat": "Heslo (opakovať)",
diff --git a/data/web/lang/lang.uk-ua.json b/data/web/lang/lang.uk-ua.json
index e778f1569..316fcb23c 100644
--- a/data/web/lang/lang.uk-ua.json
+++ b/data/web/lang/lang.uk-ua.json
@@ -607,8 +607,8 @@
         "sieve_desc": "Короткий опис",
         "sieve_type": "Тип фільтра",
         "skipcrossduplicates": "Пропускати в папках повідомлення, що повторюються",
-        "sogo_access": "Надати прямий доступ до SOGo",
-        "sogo_access_info": "Єдиний вхід із інтерфейсу пошти продовжує працювати. Це налаштування не впливає на доступ до всіх інших служб, а також не видаляє чи змінює наявний профіль користувача SOGo.",
+        "sogo_access": "Пряме перенаправлення до SOGo",
+        "sogo_access_info": "Після входу користувач автоматично перенаправляється на SOGo.",
         "sogo_visible": "Відображати псевдонім у SOGo",
         "spam_alias": "Створити або змінити тимчасові (спам) псевдоніми",
         "spam_filter": "Спам фільтр",
@@ -1230,13 +1230,13 @@
         "client_configuration": "Показати посібники з налаштування поштових клієнтів та смартфонів",
         "direct_aliases": "Особисті псевдоніми",
         "direct_aliases_desc": "На особисті псевдоніми розповсюджуються фільтри небажаної пошти та параметри політики TLS.",
-        "direct_protocol_access": "Цей користувач поштової скриньки має <b>прямий, зовнішній доступ</b> до наведених нижче протоколів і програм. Цими параметрами керує ваш адміністратор. Паролі додатків можна створювати для надання доступу до окремих протоколів і програм.<br>Кнопка \"Увійти до веб-пошти\" забезпечує єдиний вхід в SOGo і завжди доступна.",
+        "direct_protocol_access": "Цей користувач поштової скриньки має <b>прямий, зовнішній доступ</b> до наведених нижче протоколів і програм. Цими параметрами керує ваш адміністратор. Паролі додатків можна створювати для надання доступу до окремих протоколів і програм.<br>Кнопка \"веб-пошти\" забезпечує єдиний вхід в SOGo і завжди доступна.",
         "force_pw_update": "Ви <b>повинні</b> встановити новий пароль для доступу до сервісів, що належать до цього облікового запису.",
         "is_catch_all": "Catch-all для домена/ів",
         "last_ui_login": "Останній вхід до особистого кабінету",
         "months": "місяців",
         "new_password_repeat": "Підтвердження пароля (повтор)",
-        "open_webmail_sso": "Вхід до веб-пошти",
+        "open_webmail_sso": "веб-пошти",
         "pushover_evaluate_x_prio": "Встановити високий пріоритет повідомлень для листів із високим пріоритетом [<code>X-Priority: 1</code>]",
         "pushover_info": "Налаштування Push-повідомлень будуть застосовуватися до всієї пошти <b>%s</b> (за винятком спаму), включаючи псевдоніми (особисті, загальні та теговані).",
         "pushover_title": "Заголовок сповіщення",
diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index b1aacf5c8..5ee376174 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -594,8 +594,8 @@
         "sieve_desc": "简短描述",
         "sieve_type": "过滤器类型",
         "skipcrossduplicates": "跳过其他文件夹中已存在的邮件(保留已经存在的邮件)",
-        "sogo_access": "允许直接登录 SOGo",
-        "sogo_access_info": "在邮箱的用户界面内的单点登录仍然有效。这一设置既不影响对所有其他服务的访问，也不删除或改变用户现有的 SOGo 的配置文件。",
+        "sogo_access": "直接转发给 SOGo",
+        "sogo_access_info": "登录后，用户会自动跳转到 SOGo。",
         "sogo_visible": "SOGo 显示的别名",
         "sogo_visible_info": "此设置只影响 SOGo 上可显示的对象 (指向本地邮箱的共享或非共享别名地址)。如果设置为隐藏，则别名地址不会作为可选发件人的下拉项显示。",
         "spam_alias": "添加或更改临时别名地址",
@@ -1053,7 +1053,7 @@
         "delete_ays": "请确认删除。",
         "direct_aliases": "直接别名",
         "direct_aliases_desc": "垃圾邮件过滤和 TLS 策略会作用于直接别名。",
-        "direct_protocol_access": "该邮箱用户可以<b>直接</b>从<b>外部</b>访问以下的协议和应用程序。该选项由你的管理员进行设置。并可以创建应用密码，以授予对个别协议和应用的访问权限。<br>\"登录到 Webmail\" 按钮提供到 SOGo 的单点登录方式，并且始终可用。",
+        "direct_protocol_access": "该邮箱用户可以<b>直接</b>从<b>外部</b>访问以下的协议和应用程序。该选项由你的管理员进行设置。并可以创建应用密码，以授予对个别协议和应用的访问权限。<br>\"Webmail\" 按钮提供到 SOGo 的单点登录方式，并且始终可用。",
         "eas_reset": "重置 ActiveSync 设备缓存",
         "eas_reset_help": "在许多情况下，重置设备缓存可以帮助恢复错误的 ActiveSync 资料。<br><b>注意:</b> 所有元素将会被重新下载！",
         "eas_reset_now": "立即重置",
@@ -1094,7 +1094,7 @@
         "no_last_login": "没有最后一次 UI 登录信息",
         "no_record": "没有记录",
         "open_logs": "打开日志",
-        "open_webmail_sso": "登录到 Webmail",
+        "open_webmail_sso": "Webmail",
         "password": "密码",
         "password_now": "当前密码 (确认更改)",
         "password_repeat": "确认密码 (重复)",
diff --git a/data/web/lang/lang.zh-tw.json b/data/web/lang/lang.zh-tw.json
index 4d84b2116..f3a2431a8 100644
--- a/data/web/lang/lang.zh-tw.json
+++ b/data/web/lang/lang.zh-tw.json
@@ -628,8 +628,8 @@
         "sieve_desc": "簡短描述",
         "sieve_type": "過濾器類型",
         "skipcrossduplicates": "跳過在其他資料夾中重複的郵件 (優先使用先找到的郵件)",
-        "sogo_access": "授權 SOGo 的直接存取權",
-        "sogo_access_info": "mail UI 內的 SSO 仍可以運作。此設定既不會影響到存取其他服務的權限，也不會刪除或更改使用者既有的個人檔案。",
+        "sogo_access": "直接轉寄至SOGo",
+        "sogo_access_info": "登入後，使用者會自動重新導向至SOGo。",
         "sogo_visible": "別名會在 SOGo 中顯示",
         "sogo_visible_info": "此選項只會影響可以顯示於 SOGo 上物件 (指向至少一個本地信箱的共享或非共享別名地址)。如果設為隱藏，別名地址將不會顯示於寄件人下拉選項中。",
         "spam_alias": "新增或更改臨時別名地址",
@@ -1105,7 +1105,7 @@
         "delete_ays": "請確認刪除。",
         "direct_aliases": "直接別名",
         "direct_aliases_desc": "直接別名會受到垃圾郵件過濾器和 TLS 規則限制。",
-        "direct_protocol_access": "此信箱使用者有 <b>直接、外部存取</b> 至下列協定及應用程式。此設定是由管理者設定。應用程式密碼則可以用於授權單獨的協定及應用程式存取權限。<br>\"登入至網頁信箱\" 使用 SSO (single-sign-on) 來登入至 SOGO 且不受前面的限制。",
+        "direct_protocol_access": "此信箱使用者有 <b>直接、外部存取</b> 至下列協定及應用程式。此設定是由管理者設定。應用程式密碼則可以用於授權單獨的協定及應用程式存取權限。<br>\"网络邮件\" 使用 SSO (single-sign-on) 來登入至 SOGO 且不受前面的限制。",
         "eas_reset": "重設 ActiveSync 裝置快取",
         "eas_reset_help": "在許多情況下，重設裝置快取可以幫助恢復錯誤的 ActiveSync 資料。<br><b>注意:</b> 所有元素都會被重新下載！",
         "eas_reset_now": "立即重設",
@@ -1146,7 +1146,7 @@
         "no_last_login": "沒有最後 UI 登入訊息",
         "no_record": "沒有紀錄",
         "open_logs": "開啟日誌",
-        "open_webmail_sso": "登入至網頁信箱",
+        "open_webmail_sso": "网络邮件",
         "password": "密碼",
         "password_now": "目前密碼 (確認更改)",
         "password_repeat": "密碼 (再次輸入)",
diff --git a/data/web/sogo-auth.php b/data/web/sogo-auth.php
index c34a60def..d93c12543 100644
--- a/data/web/sogo-auth.php
+++ b/data/web/sogo-auth.php
@@ -52,6 +52,13 @@ elseif (isset($_GET['login'])) {
         // register username and password in session
         $_SESSION[$session_var_user_allowed][] = $login;
         $_SESSION[$session_var_pass] = $sogo_sso_pass;
+        // set dual login
+        if ($_SESSION['acl']['login_as'] == "1" && $ALLOW_ADMIN_EMAIL_LOGIN !== 0 && $is_dual === false && $_SESSION['mailcow_cc_role'] != "user"){      
+          $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
+          $_SESSION["dual-login"]["role"]     = $_SESSION['mailcow_cc_role'];
+          $_SESSION['mailcow_cc_username']    = $login;
+          $_SESSION['mailcow_cc_role']        = "user";
+        }
         // update sasl logs
         $service = ($app_passwd_data['eas'] === true) ? 'EAS' : 'DAV';
         $stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES ('SSO', 0, :username, :remote_addr)");
diff --git a/data/web/templates/admin/tab-config-identity-provider.twig b/data/web/templates/admin/tab-config-identity-provider.twig
index 32c20feab..78e76cbc6 100644
--- a/data/web/templates/admin/tab-config-identity-provider.twig
+++ b/data/web/templates/admin/tab-config-identity-provider.twig
@@ -18,6 +18,7 @@
             name="iam_provider" id="iam_provider" class="full-width-select form-control" required>
               <option value="keycloak" {% if not iam_settings.authsource or iam_settings.authsource == 'keycloak' %}selected{% endif %}>Keycloak</option>
               <option value="generic-oidc" {% if iam_settings.authsource == 'generic-oidc' %}selected{% endif %}>Generic-OIDC</option>
+              <option value="ldap" {% if iam_settings.authsource == 'ldap' %}selected{% endif %}>LDAP</option>
           </select>
         </div>
       </div>
@@ -286,6 +287,143 @@
           </div>
         </form>
       </div>
+      <div id="ldap_settings" class="{% if not iam_settings.authsource or iam_settings.authsource != 'ldap' %}d-none{% endif %}">
+        <form class="form-horizontal" autocapitalize="none" data-id="iam_ldap" autocorrect="off" role="form" method="post">
+          <input type="hidden" name="authsource" value="ldap">
+          <div class="row mb-2">
+            <label class="control-label col-md-3 text-sm-end" for="iam_ldap_host">{{ lang.admin.iam_host }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
+              <input type="text" class="form-control" id="iam_ldap_host" name="host" value="{{ iam_settings.host }}" required>
+            </div>
+          </div>
+          <div class="row mb-2">
+            <label class="control-label col-md-3 text-sm-end" for="iam_ldap_port">{{ lang.admin.iam_port }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
+              <input type="number" class="form-control" id="iam_ldap_port" name="port" value="{{ iam_settings.port }}" required>
+            </div>
+          </div>
+          <div class="row mb-2">
+            <label class="control-label col-md-3 text-sm-end" for="iam_ldap_basedn">{{ lang.admin.iam_basedn }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
+              <input type="text" class="form-control" id="iam_ldap_basedn" name="basedn" value="{{ iam_settings.basedn }}" required>
+            </div>
+          </div>
+          <div class="row mb-2">
+            <label class="control-label col-md-3 text-sm-end" for="iam_ldap_username_field">{{ lang.admin.iam_username_field }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
+              <input type="text" class="form-control" placeholder="mail" id="iam_ldap_username_field" name="username_field" value="{{ iam_settings.username_field }}">
+            </div>
+          </div>
+          <div class="row mb-2">
+            <label class="control-label col-md-3 text-sm-end" for="iam_ldap_attribute_field">{{ lang.admin.iam_attribute_field }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
+              <input type="text" class="form-control" id="iam_ldap_attribute_field" name="attribute_field" value="{{ iam_settings.attribute_field }}" required>
+            </div>
+          </div>
+          <div class="row mb-2">
+            <label class="control-label col-md-3 text-sm-end" for="iam_ldap_binddn">{{ lang.admin.iam_binddn }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
+              <input type="text" class="form-control" id="iam_ldap_binddn" name="binddn" value="{{ iam_settings.binddn }}" required>
+            </div>
+          </div>
+          <div class="row mb-4">
+            <label class="control-label col-md-3 text-sm-end" for="iam_ldap_bindpass">{{ lang.admin.iam_bindpass }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
+              <div class="reveal-password-input input-group">
+                <input type="password" class="password-field form-control" id="iam_ldap_bindpass" name="bindpass" value="{{ iam_settings.bindpass }}" required>
+                <button class="toggle-password btn btn-secondary" type="button"><i class="bi bi-eye"></i></button>
+              </div>
+            </div>
+          </div>
+          <div class="row mb-2">
+            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_mapping }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
+              <div class="row px-2 align-items-center">
+                <span class="col-5 p-0 pe-2">Attribute</span>
+                <span class="col-5 p-0 pe-2">{{ lang.mailbox.template }}</span>
+                <div class="col-2 p-0 d-flex">
+                  <button class="btn btn-sm d-block d-sm-inline btn-secondary ms-auto iam_rolemap_add_ldap"><i class="bi bi-plus-lg"></i></button>
+                </div>
+              </div>
+            </div>
+          </div>
+          <div class="row mb-2" id="iam_ldap_mapping_list">
+            {% for key, role in iam_settings.mappers %}
+            <div class="offset-md-3 col-12 col-md-9 col-lg-4 mb-2">
+              <div class="row px-2">
+                <div class="col-5 p-0 pe-2">
+                  <input type="text" class="form-control me-2" name="mappers" value="{{ iam_settings.mappers[key] }}" required>
+                </div>
+                <div class="col-5 p-0 pe-2">
+                  <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
+                  {% for mbox_template in mbox_templates %}
+                    <option{% if mbox_template.template == iam_settings.templates[key] %} selected{% endif %}>
+                      {{ mbox_template.template }}
+                    </option>
+                  {% endfor %}
+                  </select>
+                </div>
+                <div class="col-2 p-0 d-flex">
+                  <button class="iam_ldap_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-auto"><i class="bi bi-x-lg"></i></button>
+                </div>
+              </div>
+            </div>
+            {% endfor %}
+            {% if not iam_settings.mappers %}
+            <div class="offset-md-3 col-12 col-md-9 col-lg-4 mb-2">
+              <div class="row px-2">
+                <div class="col-5 p-0 pe-2">
+                  <input type="text" class="form-control me-2" name="mappers" value="" required>
+                </div>
+                <div class="col-5 p-0 pe-2">
+                  <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
+                  {% for mbox_template in mbox_templates %}
+                    <option>
+                      {{ mbox_template.template }}
+                    </option>
+                  {% endfor %}
+                  </select>
+                </div>
+                <div class="col-2 p-0 d-flex">
+                  <button class="iam_ldap_rolemap_del btn btn-sm d-block d-sm-inline btn-secondary ms-auto"><i class="bi bi-x-lg"></i></button>
+                </div>
+              </div>
+            </div>
+            {% endif %}
+          </div>
+          <div class="row mb-2">
+            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_periodic_full_sync }}</label>
+            <div class="col-12 col-md-9">
+              <div class="form-check form-switch">
+                <input class="form-check-input" type="checkbox" role="switch" name="periodic_sync"  value="1" {% if iam_settings.periodic_sync == 1 %}checked{% endif %}>
+              </div>
+            </div>
+          </div>
+          <div class="row mb-2">
+            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_import_users }}</label>
+            <div class="col-12 col-md-9">
+              <div class="form-check form-switch">
+                <input class="form-check-input" type="checkbox" role="switch" name="import_users"  value="1" {% if iam_settings.import_users == 1 %}checked{% endif %}>
+              </div>
+            </div>
+          </div>
+          <div class="row mb-2">
+            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_sync_interval }}</label>
+            <div class="col-12 col-md-9 col-lg-4">
+              <input class="form-control" type="number" min="1" name="sync_interval" style="width: 80px;"  {% if iam_settings.sync_interval %}value="{{ iam_settings.sync_interval }}"{% else %}value="15"{% endif %}>
+            </div>
+          </div>
+          <div class="row mt-4 mb-2">
+            <div class="offset-md-3 col-12 col-md-9 d-flex flex-wrap">
+              <div class="btn-group mb-2">   
+                <button class="btn btn-sm d-block d-sm-inline btn-secondary iam_test_connection iam_test_connection" data-id="iam_ldap"><i class="bi bi-play"></i> {{ lang.admin.iam_test_connection }}</button>
+                <button class="btn btn-sm d-block d-sm-inline btn-success" data-item="identity-provider" data-action="edit_selected" data-id="iam_ldap" data-api-url='edit/identity-provider' data-api-attr='{}'><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
+              </div>
+              <button class="btn btn-sm d-block d-sm-inline btn-danger ms-auto mb-2" data-item="identity-provider" data-action="delete_selected" data-id="iam_ldap" data-api-url='delete/identity-provider'><i class="bi bi-trash"></i> {{ lang.mailbox.remove }}</button>
+            </div>
+          </div>
+        </form>
+      </div>
     </div>
   </div>
 </div>
diff --git a/data/web/templates/edit/mailbox.twig b/data/web/templates/edit/mailbox.twig
index b3ac8223b..fb52b278a 100644
--- a/data/web/templates/edit/mailbox.twig
+++ b/data/web/templates/edit/mailbox.twig
@@ -38,6 +38,9 @@
                           {% if iam_settings.authsource == 'generic-oidc' %}
                           <option value="generic-oidc" {% if result.authsource == "generic-oidc" %}selected{% endif %}>Generic-OIDC</option>
                           {% endif %}
+                          {% if iam_settings.authsource == 'ldap' %}
+                          <option value="ldap" {% if result.authsource == "ldap" %}selected{% endif %}>LDAP</option>
+                          {% endif %}
                       </select>
                     </div>
                   </div>
@@ -207,6 +210,7 @@
                       </div>
                     </div>
                   </div>
+                  {% if not result.authsource or result.authsource == 'mailcow' %}
                   <div class="row">
                     <label class="control-label col-sm-2" for="password">{{ lang.edit.password }} (<a href="#" class="generate_password">{{ lang.edit.generate }}</a>)</label>
                     <div class="col-sm-10">
@@ -231,6 +235,7 @@
                       {% endif %}
                     </div>
                   </div>
+                  {% endif %}
                   <div class="row">
                     <label class="control-label col-sm-2" for="protocol_access">{{ lang.edit.allowed_protocols }}</label>
                     <div class="col-sm-10">
diff --git a/data/web/templates/user/tab-user-auth.twig b/data/web/templates/user/tab-user-auth.twig
index f4d364d7b..424d5e94f 100644
--- a/data/web/templates/user/tab-user-auth.twig
+++ b/data/web/templates/user/tab-user-auth.twig
@@ -19,8 +19,12 @@
                 <button disabled class="btn btn-secondary btn-block btn-xs-lg w-100">
                   {{ lang.user.open_webmail_sso }} <i class="bi bi-arrow-right"></i>
                 </button>
+              {% elseif dual_login %}
+                <a target="_blank" href="/sogo-auth.php?login={{ mailcow_cc_username  }}" role="button" class="btn btn-primary btn-lg btn-block btn-xs-lg w-100">
+                  {{ lang.user.open_webmail_sso }} <i class="bi bi-arrow-right"></i>
+                </a>
               {% else %}
-                <a target="_blank" href="/sogo-auth.php?login={{ mailcow_cc_username }}" role="button" class="btn btn-primary btn-lg btn-block btn-xs-lg w-100">
+                <a target="_blank" href="/SOGo/so" role="button" class="btn btn-primary btn-lg btn-block btn-xs-lg w-100">
                   {{ lang.user.open_webmail_sso }} <i class="bi bi-arrow-right"></i>
                 </a>
               {% endif %}
@@ -51,7 +55,6 @@
               {% if mailboxdata.attributes.smtp_access == 1 %}<div class="badge fs-6 bg-success m-2">SMTP <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger m-2">SMTP <i class="bi bi-x-lg"></i></div>{% endif %}
               {% if mailboxdata.attributes.sieve_access == 1 %}<div class="badge fs-6 bg-success m-2">Sieve <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger m-2">Sieve <i class="bi bi-x-lg"></i></div>{% endif %}
               {% if mailboxdata.attributes.pop3_access == 1 %}<div class="badge fs-6 bg-success m-2">POP3 <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger m-2">POP3 <i class="bi bi-x-lg"></i></div>{% endif %}
-              {% if not skip_sogo %}{% if mailboxdata.attributes.sogo_access == 1 %}<div class="badge fs-6 bg-success m-2">SOGo <i class="bi bi-check-lg"></i></div>{% else %}<div class="badge fs-6 bg-danger m-2">SOGo <i class="bi bi-x-lg"></i></div>{% endif %}{% endif %}       
               </div>
             </div>
           </div>
@@ -96,16 +99,19 @@
             </div>
           </div>
 
-          {# TFA #}
-          {% if mailboxdata.authsource == "mailcow" %}
           <legend class="mt-4">{{ lang.user.authentication }}</legend>
           <hr>
+          {# Password Change #}
+          {% if mailboxdata.authsource == "mailcow" %}
           <div class="row">
             <div class="col-12 col-md-3 d-flex"></div>
             <div class="col-12 col-md-9 d-flex flex-wrap justify-content-center justify-content-sm-start">
               <a class="btn btn-secondary" href="#pwChangeModal" data-bs-toggle="modal"><i class="bi bi-pencil-fill"></i> {{ lang.user.change_password }}</a>
             </div>
           </div>
+          {% endif %}
+          {# TFA #}
+          {% if mailboxdata.authsource == "mailcow" or mailboxdata.authsource == "ldap" %}
           <div class="row mt-4">
             <div class="col-12 col-md-3 d-flex">
               <span class="mt-2 w-100 text-md-end">{{ lang.tfa.tfa }}:</span>
@@ -129,7 +135,9 @@
               </select>
             </div>
           </div>
+          {% endif %}
           {# FIDO2 #}
+          {% if mailboxdata.authsource == "mailcow" %}
           <div class="row mt-4">
             <div class="col-sm-3 col-12 text-sm-end text-start">
               <p><i class="bi bi-shield-fill-check"></i> {{ lang.fido2.fido2_auth }}</p>

From 78e726636844b9b63fca48f68aeeaeb1f16d0b02 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 20 Feb 2024 10:46:23 +0100
Subject: [PATCH 152/755] [Web] add LDAP query filter

---
 data/web/inc/functions.auth.inc.php                        | 1 +
 data/web/inc/functions.inc.php                             | 3 ++-
 data/web/lang/lang.en-gb.json                              | 1 +
 data/web/templates/admin/tab-config-identity-provider.twig | 6 ++++++
 4 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index fe6af27cb..d325c0723 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -495,6 +495,7 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
   try {
     $user_res = $iam_provider->query()
       ->where($iam_settings['username_field'], '=', $user)
+      ->whereRaw($iam_settings['filter'])
       ->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname', 'distinguishedname'])
       ->firstOrFail();
   } catch (Exception $e) {
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 7e8389341..f63d50463 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2189,11 +2189,12 @@ function identity_provider($_action, $_data = null, $_extra = null) {
         case "ldap":
           $_data['port']              = (!empty($_data['port'])) ? intval($_data['port']) : 389;
           $_data['username_field']    = (!empty($_data['username_field'])) ? $_data['username_field'] : "mail";
+          $_data['filter']            = (!empty($_data['filter'])) ? $_data['filter'] : "";
           $_data['periodic_sync']     = isset($_data['periodic_sync']) ? intval($_data['periodic_sync']) : 0;
           $_data['import_users']      = isset($_data['import_users']) ? intval($_data['import_users']) : 0;
           $_data['sync_interval']     = (!empty($_data['sync_interval'])) ? intval($_data['sync_interval']) : 15;
           $_data['sync_interval']     = $_data['sync_interval'] < 1 ? 1 : $_data['sync_interval'];
-          $required_settings          = array('authsource', 'host', 'port', 'basedn', 'username_field', 'attribute_field', 'binddn', 'bindpass', 'periodic_sync', 'import_users', 'sync_interval');
+          $required_settings          = array('authsource', 'host', 'port', 'basedn', 'username_field', 'filter', 'attribute_field', 'binddn', 'bindpass', 'periodic_sync', 'import_users', 'sync_interval');
         break;
       }
       
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index e41a5f51a..0a0622739 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -199,6 +199,7 @@
         "f2b_regex_info": "Logs taken into consideration: SOGo, Postfix, Dovecot, PHP-FPM.",
         "f2b_retry_window": "Retry window (s) for max. attempts",
         "f2b_whitelist": "Whitelisted networks/hosts",
+        "filter": "Filter",
         "filter_table": "Filter table",
         "forwarding_hosts": "Forwarding Hosts",
         "forwarding_hosts_add_hint": "You can either specify IPv4/IPv6 addresses, networks in CIDR notation, host names (which will be resolved to IP addresses), or domain names (which will be resolved to IP addresses by querying SPF records or, in their absence, MX records).",
diff --git a/data/web/templates/admin/tab-config-identity-provider.twig b/data/web/templates/admin/tab-config-identity-provider.twig
index 78e76cbc6..5f002c056 100644
--- a/data/web/templates/admin/tab-config-identity-provider.twig
+++ b/data/web/templates/admin/tab-config-identity-provider.twig
@@ -314,6 +314,12 @@
               <input type="text" class="form-control" placeholder="mail" id="iam_ldap_username_field" name="username_field" value="{{ iam_settings.username_field }}">
             </div>
           </div>
+          <div class="row mb-2">
+            <label class="control-label col-md-3 text-sm-end" for="iam_ldap_filter">{{ lang.admin.filter }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
+              <input type="text" class="form-control" placeholder="" id="iam_ldap_filter" name="filter" value="{{ iam_settings.filter }}">
+            </div>
+          </div>
           <div class="row mb-2">
             <label class="control-label col-md-3 text-sm-end" for="iam_ldap_attribute_field">{{ lang.admin.iam_attribute_field }}:</label>
             <div class="col-12 col-md-9 col-lg-4">

From d22cafacc86ab9ebe4a3e9f20924fc1a27c84332 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 20 Feb 2024 11:21:25 +0100
Subject: [PATCH 153/755] [Web] fix ldap filter if empty

---
 data/web/inc/functions.auth.inc.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index d325c0723..6075ab764 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -493,11 +493,14 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
   }
 
   try {
-    $user_res = $iam_provider->query()
+    $ldap_query = $iam_provider->query()
       ->where($iam_settings['username_field'], '=', $user)
-      ->whereRaw($iam_settings['filter'])
-      ->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname', 'distinguishedname'])
-      ->firstOrFail();
+      ->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname', 'distinguishedname']);
+    if (!empty($iam_settings['filter'])) {
+      $ldap_query = $ldap_query->whereRaw($iam_settings['filter']);
+    }
+
+    $user_res = $ldap_query->firstOrFail();
   } catch (Exception $e) {
     return false;
   }

From 3a1dcb3aaf238ba741f08d40047f60e776aa41f2 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 20 Feb 2024 11:34:01 +0100
Subject: [PATCH 154/755] [Web] fix set_tfa for ldap users

---
 data/web/inc/functions.inc.php | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index f63d50463..1e9f35072 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1065,13 +1065,19 @@ function set_tfa($_data) {
 
   // check mailbox confirm password
   if ($access_denied === null) {
-    $stmt = $pdo->prepare("SELECT `password` FROM `mailbox`
+    $stmt = $pdo->prepare("SELECT `password`, `authsource` FROM `mailbox`
         WHERE `username` = :username");
     $stmt->execute(array(':username' => $username));
     $row = $stmt->fetch(PDO::FETCH_ASSOC);
     if ($row) {
-      if (!verify_hash($row['password'], $_data["confirm_password"])) $access_denied = true;
-      else $access_denied = false;
+      if ($row['authsource'] == 'ldap'){
+        $iam_settings = identity_provider('get');
+        if (!ldap_mbox_login($username, $row['password'], $iam_settings)) $access_denied = true;
+        else $access_denied = false;
+      } else {
+        if (!verify_hash($row['password'], $_data["confirm_password"])) $access_denied = true;
+        else $access_denied = false;
+      }
     }
   }
 

From a3bb889def63294f8fd475ea9e4216186dc149f4 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 20 Feb 2024 11:41:02 +0100
Subject: [PATCH 155/755] [Web] fix set_tfa for ldap users

---
 data/web/inc/functions.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 1e9f35072..94d81e9ea 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1072,7 +1072,7 @@ function set_tfa($_data) {
     if ($row) {
       if ($row['authsource'] == 'ldap'){
         $iam_settings = identity_provider('get');
-        if (!ldap_mbox_login($username, $row['password'], $iam_settings)) $access_denied = true;
+        if (!ldap_mbox_login($username, $_data["confirm_password"], $iam_settings)) $access_denied = true;
         else $access_denied = false;
       } else {
         if (!verify_hash($row['password'], $_data["confirm_password"])) $access_denied = true;

From b3e26e14ef81e3e9a6589a4d1dde5d5cd1ddf3fa Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 20 Feb 2024 12:01:08 +0100
Subject: [PATCH 156/755] [Ofelia] add ldap sync cronjob

---
 docker-compose.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index a62ea1212..ee180bc61 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -181,6 +181,9 @@ services:
         ofelia.job-exec.phpfpm_keycloak_sync.schedule: "@every 1m"
         ofelia.job-exec.phpfpm_keycloak_sync.no-overlap: "true"
         ofelia.job-exec.phpfpm_keycloak_sync.command: "/bin/bash -c \"php /crons/keycloak-sync.php || exit 0\""
+        ofelia.job-exec.phpfpm_ldap_sync.schedule: "@every 1m"
+        ofelia.job-exec.phpfpm_ldap_sync.no-overlap: "true"
+        ofelia.job-exec.phpfpm_ldap_sync.command: "/bin/bash -c \"php /crons/ldap-sync.php || exit 0\""
       networks:
         mailcow-network:
           aliases:

From 132e37bfec5fa51765a01c02154f9940c213c938 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 20 Feb 2024 12:42:37 +0100
Subject: [PATCH 157/755] [SOGo] use bash script for ldap plist template

---
 .gitignore                                   |  1 +
 data/Dockerfiles/sogo/bootstrap-sogo.sh      |  2 +-
 data/conf/sogo/{plist_ldap => plist_ldap.sh} | 62 +++++++++++---------
 docker-compose.yml                           |  2 +-
 4 files changed, 37 insertions(+), 30 deletions(-)
 rename data/conf/sogo/{plist_ldap => plist_ldap.sh} (85%)
 mode change 100644 => 100755

diff --git a/.gitignore b/.gitignore
index e1e8e8882..43bc74e0e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -44,6 +44,7 @@ data/conf/rspamd/local.d/*
 data/conf/rspamd/override.d/*
 data/conf/sogo/custom-theme.js
 data/conf/sogo/plist_ldap
+data/conf/sogo/plist_ldap.sh
 data/conf/sogo/sieve.creds
 data/conf/sogo/sogo-full.svg
 data/gitea/
diff --git a/data/Dockerfiles/sogo/bootstrap-sogo.sh b/data/Dockerfiles/sogo/bootstrap-sogo.sh
index 3eb591186..8913fd2c8 100755
--- a/data/Dockerfiles/sogo/bootstrap-sogo.sh
+++ b/data/Dockerfiles/sogo/bootstrap-sogo.sh
@@ -107,7 +107,7 @@ while read -r line gal
                 </dict>" >> /var/lib/sogo/GNUstep/Defaults/sogod.plist
   # Generate alternative LDAP authentication dict, when SQL authentication fails
   # This will nevertheless read attributes from LDAP
-  line=${line} envsubst < /etc/sogo/plist_ldap >> /var/lib/sogo/GNUstep/Defaults/sogod.plist
+  /etc/sogo/plist_ldap.sh ${line} ${gal} >> /var/lib/sogo/GNUstep/Defaults/sogod.plist
   echo "            </array>
         </dict>" >> /var/lib/sogo/GNUstep/Defaults/sogod.plist
 done < <(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT domain, CASE gal WHEN '1' THEN 'YES' ELSE 'NO' END AS gal FROM domain;" -B -N)
diff --git a/data/conf/sogo/plist_ldap b/data/conf/sogo/plist_ldap.sh
old mode 100644
new mode 100755
similarity index 85%
rename from data/conf/sogo/plist_ldap
rename to data/conf/sogo/plist_ldap.sh
index d585a494f..c35949c65
--- a/data/conf/sogo/plist_ldap
+++ b/data/conf/sogo/plist_ldap.sh
@@ -1,28 +1,34 @@
-                <!--
-                <example>
-                    <key>canAuthenticate</key>
-                    <string>YES</string>
-                    <key>id</key>
-                    <string>${line}_ldap</string>
-                    <key>isAddressBook</key>
-                    <string>NO</string>
-                    <key>IDFieldName</key>
-                    <string>mail</string>
-                    <key>UIDFieldName</key>
-                    <string>uid</string>
-                    <key>bindFields</key>
-                    <array>
-                        <string>mail</string>
-                    </array>
-                    <key>type</key>
-                    <string>ldap</string>
-                    <key>bindDN</key>
-                    <string>cn=admin,dc=example,dc=local</string>
-                    <key>bindPassword</key>
-                    <string>password</string>
-                    <key>baseDN</key>
-                    <string>ou=People,dc=example,dc=local</string>
-                    <key>hostname</key>
-                    <string>ldap://1.2.3.4:389</string>
-                </example>
-                -->
+#!/bin/bash
+
+domain="$1"
+gal_status="$2"
+
+echo '
+                <!--
+                <example>
+                    <key>canAuthenticate</key>
+                    <string>YES</string>
+                    <key>id</key>
+                    <string>'"${domain}_ldap"'</string>
+                    <key>isAddressBook</key>
+                    <string>'"${gal_status}"'</string>
+                    <key>IDFieldName</key>
+                    <string>mail</string>
+                    <key>UIDFieldName</key>
+                    <string>uid</string>
+                    <key>bindFields</key>
+                    <array>
+                        <string>mail</string>
+                    </array>
+                    <key>type</key>
+                    <string>ldap</string>
+                    <key>bindDN</key>
+                    <string>cn=admin,dc=example,dc=local</string>
+                    <key>bindPassword</key>
+                    <string>password</string>
+                    <key>baseDN</key>
+                    <string>ou=People,dc=example,dc=local</string>
+                    <key>hostname</key>
+                    <string>ldap://1.2.3.4:389</string>
+                </example>
+                -->'
diff --git a/docker-compose.yml b/docker-compose.yml
index ee180bc61..ea8f7feb7 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -190,7 +190,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:nightly-20240208
+      image: mailcow/sogo:nightly-20240220
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}

From 45811bc2dc8300098ab3ee173fc92834333287eb Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 20 Feb 2024 15:00:06 +0100
Subject: [PATCH 158/755] [Web] fix mailbox datatable search

---
 data/web/json_api.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/json_api.php b/data/web/json_api.php
index 07820d75d..079e79ce8 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -1082,7 +1082,7 @@ if (isset($_GET['query'])) {
                   ['db' => 'last_mail_login', 'dt' => 4, 'dummy' => true, 'order_subquery' => "SELECT MAX(`datetime`) FROM `sasl_log` WHERE `service` != 'SSO' AND `username` = `m`.`username`"],
                   ['db' => 'last_pw_change', 'dt' => 5, 'dummy' => true, 'order_subquery' => "JSON_EXTRACT(attributes, '$.passwd_update')"],
                   ['db' => 'in_use', 'dt' => 6, 'dummy' => true, 'order_subquery' => "(SELECT SUM(bytes) FROM `quota2` WHERE `quota2`.`username` = `m`.`username`) / `m`.`quota`"],
-                  ['db' => 'messages', 'dt' => 17, 'dummy' => true, 'order_subquery' => "SELECT SUM(messages) FROM `quota2` WHERE `quota2`.`username` = `m`.`username`"],
+                  ['db' => 'messages', 'dt' => 18, 'dummy' => true, 'order_subquery' => "SELECT SUM(messages) FROM `quota2` WHERE `quota2`.`username` = `m`.`username`"],
                   ['db' => 'tags', 'dt' => 20, 'dummy' => true, 'search' => ['join' => 'LEFT JOIN `tags_mailbox` AS `tm` ON `tm`.`username` = `m`.`username`', 'where_column' => '`tm`.`tag_name`']],
                   ['db' => 'active', 'dt' => 21]
                 ];

From 916d0fd46aa47b3a72800bf040db5309a13ed87a Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 23 Feb 2024 08:12:06 +0100
Subject: [PATCH 159/755] [Web] catch all exceptions on ldap connect

---
 data/web/inc/functions.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 94d81e9ea..88aa811e6 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2395,7 +2395,7 @@ function identity_provider($_action, $_data = null, $_extra = null) {
             ]);
             try {
               $provider->connect();
-            } catch (TypeError $e) {
+            } catch (Throwable $e) {
               $provider = null;
             }
           }

From 766c270b1fa5a634c10391d23830191fa71a2967 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 23 Feb 2024 09:12:17 +0100
Subject: [PATCH 160/755] [SOGo] fix custom html elements and wrong redirection

---
 data/conf/sogo/custom-sogo.js | 60 +++++++++++++++++++----------------
 data/web/sogo-auth.php        |  2 +-
 2 files changed, 34 insertions(+), 28 deletions(-)

diff --git a/data/conf/sogo/custom-sogo.js b/data/conf/sogo/custom-sogo.js
index 44afa2998..0f1d5d342 100644
--- a/data/conf/sogo/custom-sogo.js
+++ b/data/conf/sogo/custom-sogo.js
@@ -6,42 +6,48 @@ document.addEventListener('DOMContentLoaded', function () {
     }
 
     angularReady = false;
-    // Wait for the Angular components to be initialized
-    function waitForAngularComponents(callback) {
-        const targetNode = document.body;
+    function observe() {
+        angularReady = toolbarExists();
+        if (angularReady && !mcElementsExists()) addMCElements();
 
         const observer = new MutationObserver(function(mutations) {
-            mutations.forEach(function(mutation) {
-            if (mutation.addedNodes.length > 0) {
-                const toolbarElement = document.body.querySelector('md-toolbar');
-                if (toolbarElement) {
-                observer.disconnect();
-                callback();
-                }
+            if (!angularReady) {
+                mutations.forEach(function(mutation) {
+                    if (mutation.addedNodes.length > 0) angularReady = toolbarExists();
+                });
+            } else if (angularReady && !mcElementsExists()) {
+                addMCElements();
             }
-            });
         });
 
+        const targetNode = document.body;
         const config = { childList: true, subtree: true };
         observer.observe(targetNode, config);
     }
+    function toolbarExists() {
+        const toolbarElement = document.body.querySelector('md-toolbar');
+        if (toolbarElement)
+            return true;
+        else
+            return false;
+    }
+    function mcElementsExists() {
+        if (document.getElementById("mc_logout"))
+            return true;
+        else 
+            return false;
+    }
+    function addMCElements() {
+        const toolbarElement = document.body.querySelector('.md-toolbar-tools.sg-toolbar-group-last.layout-align-end-center.layout-row');
+        var htmlCode = '<a class="md-icon-button md-button md-ink-ripple" aria-label="mailcow" href="/user" aria-hidden="false" tabindex="-1">' +
+            '<md-icon class="material-icons" role="img" aria-label="build">build</md-icon>' +
+            '</a><a class="md-icon-button md-button md-ink-ripple" aria-label="mailcow" href="#" onclick="mc_logout.submit()" aria-hidden="false" tabindex="-1">' +
+            '<md-icon class="material-icons" role="img" aria-label="settings_power">settings_power</md-icon>' +
+            '</a><form action="/" method="post" id="mc_logout"><input type="hidden" name="logout"></form>';
+        toolbarElement.insertAdjacentHTML('beforeend', htmlCode);
+    }
 
-    // Usage
-    waitForAngularComponents(function() {
-        if (!angularReady){
-            angularReady = true;
-
-            const toolbarElement = document.body.querySelector('.md-toolbar-tools.sg-toolbar-group-last.layout-align-end-center.layout-row');
-
-            var htmlCode = '<a class="md-icon-button md-button md-ink-ripple" aria-label="mailcow" href="/user" aria-hidden="false" tabindex="-1">' +
-                '<md-icon class="material-icons" role="img" aria-label="build">build</md-icon>' +
-                '</a><a class="md-icon-button md-button md-ink-ripple" aria-label="mailcow" href="#" onclick="logout.submit()" aria-hidden="false" tabindex="-1">' +
-                '<md-icon class="material-icons" role="img" aria-label="settings_power">settings_power</md-icon>' +
-                '</a><form action="/" method="post" id="logout"><input type="hidden" name="logout"></form>';
-
-            toolbarElement.insertAdjacentHTML('beforeend', htmlCode);
-        }
-    });
+    observe();
 });
 
 // Custom SOGo JS
diff --git a/data/web/sogo-auth.php b/data/web/sogo-auth.php
index d93c12543..640a8e00c 100644
--- a/data/web/sogo-auth.php
+++ b/data/web/sogo-auth.php
@@ -72,7 +72,7 @@ elseif (isset($_GET['login'])) {
       }
     }
   }
-  header("Location: /SOGo/");
+  header("Location: /");
   exit;
 }
 // only check for admin-login on sogo GUI requests

From 010d898786b78327240bb2f2608e973a65c5f859 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 23 Feb 2024 10:01:56 +0100
Subject: [PATCH 161/755] [Web] apply LDAP filter

---
 data/conf/phpfpm/crons/ldap-sync.php | 7 +++++--
 data/web/inc/functions.auth.inc.php  | 8 ++++----
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/data/conf/phpfpm/crons/ldap-sync.php b/data/conf/phpfpm/crons/ldap-sync.php
index 5686bdacc..20cf7f290 100644
--- a/data/conf/phpfpm/crons/ldap-sync.php
+++ b/data/conf/phpfpm/crons/ldap-sync.php
@@ -110,8 +110,11 @@ fwrite($lock_file_handle, getmypid());
 fclose($lock_file_handle);
 
 // Get ldap users
-$response = $iam_provider->query()
-  ->where($iam_settings['username_field'], "*")
+$ldap_query = $iam_provider->query();
+if (!empty($iam_settings['filter'])) {
+  $ldap_query = $ldap_query->rawFilter($iam_settings['filter']);
+}
+$response = $ldap_query->where($iam_settings['username_field'], "*")
   ->where($iam_settings['attribute_field'], "*")
   ->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname'])
   ->paginate($max);
diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 6075ab764..b7b8dbc6a 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -493,12 +493,12 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
   }
 
   try {
-    $ldap_query = $iam_provider->query()
-      ->where($iam_settings['username_field'], '=', $user)
-      ->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname', 'distinguishedname']);
+    $ldap_query = $iam_provider->query();
     if (!empty($iam_settings['filter'])) {
-      $ldap_query = $ldap_query->whereRaw($iam_settings['filter']);
+      $ldap_query = $ldap_query->rawFilter($iam_settings['filter']);
     }
+    $ldap_query = $ldap_query->where($iam_settings['username_field'], '=', $user)
+      ->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname', 'distinguishedname']);
 
     $user_res = $ldap_query->firstOrFail();
   } catch (Exception $e) {

From 79432a40d7febd42ba5fa170d3e6e3d8a22fbec6 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sun, 25 Feb 2024 19:51:57 +0100
Subject: [PATCH 162/755] Translations update from Weblate (#5762)

* [Web] Updated lang.es-es.json

Co-authored-by: Fernando Dilland <fernandodilland@gmail.com>

* [Web] Updated lang.nb-no.json

Co-authored-by: Christer Solstrand Johannessen <csjoh@users.noreply.translate.mailcow.email>

---------

Co-authored-by: Fernando Dilland <fernandodilland@gmail.com>
Co-authored-by: Christer Solstrand Johannessen <csjoh@users.noreply.translate.mailcow.email>
---
 data/web/lang/lang.es-es.json |   4 +-
 data/web/lang/lang.nb-no.json | 120 +++++++++++++++++++++++++++++++++-
 2 files changed, 122 insertions(+), 2 deletions(-)

diff --git a/data/web/lang/lang.es-es.json b/data/web/lang/lang.es-es.json
index 78580cccf..8a8c05274 100644
--- a/data/web/lang/lang.es-es.json
+++ b/data/web/lang/lang.es-es.json
@@ -22,7 +22,9 @@
         "app_passwds": "Gestionar las contraseñas de aplicaciones",
         "domain_desc": "Cambiar descripción del dominio",
         "protocol_access": "Cambiar protocolo de acceso",
-        "quarantine_category": "Cambiar categoría de las notificaciones de cuarentena"
+        "quarantine_category": "Cambiar categoría de las notificaciones de cuarentena",
+        "domain_relayhost": "Cambiar relayhost por un dominio",
+        "extend_sender_acl": "Permitir extender la ACL del remitente por direcciones externas"
     },
     "add": {
         "activate_filter_warn": "Todos los demás filtros se desactivarán cuando este filtro se active.",
diff --git a/data/web/lang/lang.nb-no.json b/data/web/lang/lang.nb-no.json
index 8e0946206..830d5b423 100644
--- a/data/web/lang/lang.nb-no.json
+++ b/data/web/lang/lang.nb-no.json
@@ -92,7 +92,73 @@
         "r_active": "Aktive begrensninger",
         "queue_unban": "fjern blokkering",
         "r_inactive": "Inaktive begrensninger",
-        "r_info": "Grå/deaktivere elementer i listen over aktive restriksjoner er ikke kjente som gyldige restriksjoner i mailcow og kan ikke flyttes. Ukjente begrensninger vil bli aktivert i den rekkefølgen de opptrer uansett.<br>Du kan legge til nye elementer i <code>inc/vars.local.inc.php</code> for å kunne slå dem av og på."
+        "r_info": "Grå/deaktivere elementer i listen over aktive restriksjoner er ikke kjente som gyldige restriksjoner i mailcow og kan ikke flyttes. Ukjente begrensninger vil bli aktivert i den rekkefølgen de opptrer uansett.<br>Du kan legge til nye elementer i <code>inc/vars.local.inc.php</code> for å kunne slå dem av og på.",
+        "relayhosts_hint": "Definer sender-avhengige transportmetoder for å kunne velge dem i domenekonfigurasjonsdialogen<br>\n  Transportmetoden er alltid \"smtp:\" og vil derfor forsøke TLS når tilbudt. Innpakket TLS (SMTPS) er ikke støttet. En brukers individuelle utgående TLS-policyinnstilling tas til etterretning.<br>\n  Gjelder for valgte domener inkludert alias-domener.",
+        "rspamd_global_filters_regex": "Navnene forklarer deres mening. Alt innhold må inneholde gyldige regulære utstrykk etter formatet \"/mønster/alternativer\" (f.eks. <code>/.+@domain\\.tld/i</code>).<br>\n  Selv om grove sjekkrutiner kjøres for hver linje regex, kan funksjonaliteten i Rspamd bli ødelagt dersom den ikke klarer å lese syntakset riktig.<br>\n  Rspamd vil forsøke å lese innholdet når det endres. Hvis du opplever problemer, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">start Rspamd på nytt</a> for å tvinge ny innlesing av mappingene.<br>Svartelistede elementer er ekskluderte fra karantene.",
+        "transport_test_rcpt_info": "&#8226; Bruk null@hosted.mailcow.de for å teste videresending til en ekstern destinasjon.",
+        "transports_hint": "&#8226; En transportmapping <b>overstyrer</b> en sender-avhengig transportmapping</b>.<br>\n&#8226; MX-baserte transportmappinger er foretrukket brukt.<br>\n&#8226; Utgående TLS-policyinnstillinger per-bruker blir ignorert og kan kun tvinges via TLS-policymappinger.<br>\n&#8226; Transporttjenesten for definerte transportmetoder er alltid \"smtp:\" og vil derfor forsøke TLS når tilbudt. Innpakket TLS (SMTPS) støttes ikke.<br>\n&#8226; Adresser som matcher \"/localhost$/\" vil alltid sendes via \"local:\", derfor vil en \"*\"-destinasjon ikke gjelde disse adressene.<br>\n&#8226; For å bestemme identifikasjon for et eksempelvis neste hopp \"[host]:25\", vil Postfix <b>alltid</b> sende en forespørsel for \"host\" før den søker etter \"[host]:25\". Denne oppførselen gjør det umulig å bruke både \"host\" og \"[host]:25\" samtidig.",
+        "regex_maps": "Regex-mappinger",
+        "relay_from": "\"Fra:\"-adresse",
+        "relay_rcpt": "\"Til:\"-adresse",
+        "relay_run": "Kjør test",
+        "relayhosts": "Sender-avhengige transportmetoder",
+        "remove": "Fjern",
+        "remove_row": "Fjern rad",
+        "reset_default": "Tilbakestill til standardinnstillinger",
+        "reset_limit": "Fjern hash",
+        "routing": "Ruting",
+        "rsetting_add_rule": "Legg til regel",
+        "rsetting_content": "Regelinnhold",
+        "rsetting_desc": "Kort beskrivelse",
+        "rsetting_no_selection": "Vennligst velg en regel",
+        "rsetting_none": "Ingen regler tilgjengelig",
+        "rsettings_insert_preset": "Legg inn eksempel-forvalg \"%s\"",
+        "rsettings_preset_1": "Deaktiver alt unntatt DKIM og mengdebegrensning for autentiserte brukere",
+        "rsettings_preset_2": "Postmastere vil ha spam",
+        "rsettings_preset_3": "Bare tillat spesifikke sendere for en postboks (f.eks. kun bruk som intern postboks)",
+        "rsettings_preset_4": "Deaktiver Rspamd for et domene",
+        "rspamd_com_settings": "Et navn for innstillingen vil bli autogenerert, vennligst se eksempelforvalgene under. For ytterligere detaljer se <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd-dokumentasjonen</a>",
+        "rspamd_global_filters": "Globale filtreringsmappinger",
+        "rspamd_global_filters_agree": "Jeg skal være forsiktig!",
+        "rspamd_global_filters_info": "Globale filtermappinger inneholder forskjellige typer globale svarte- og hvitelister.",
+        "rspamd_settings_map": "Rspamd innstillingsmapping",
+        "sal_level": "Moo-nivå",
+        "save": "Lagre endringer",
+        "search_domain_da": "Søk domener",
+        "send": "Send",
+        "sender": "Avsender",
+        "service": "Tjeneste",
+        "service_id": "TjenesteID",
+        "source": "Kilde",
+        "spamfilter": "Spamfilter",
+        "subject": "Emne",
+        "success": "Suksess",
+        "sys_mails": "Systemeposter",
+        "text": "Tekst",
+        "time": "Tid",
+        "title": "Tittel",
+        "title_name": "\"mailcow UI\" nettstedstittel",
+        "to_top": "Tilbake til toppen",
+        "transport_dest_format": "Regex eller syntaks: example.org, .example.org, *, box@example.org (flere verdier kan separeres via komma)",
+        "transport_maps": "Transportmappinger",
+        "ui_footer": "Bunntekst (HTML tillatt)",
+        "ui_header_announcement": "Annonseringer",
+        "ui_header_announcement_active": "Gjør annonsering aktiv",
+        "ui_header_announcement_content": "Tekst (HTML tillatt)",
+        "ui_header_announcement_help": "Annonseringen er synlig for alle innloggede brukere og på innloggingsskjermen for grensesnittet.",
+        "ui_header_announcement_select": "Velg annonseringstype",
+        "ui_header_announcement_type": "Type",
+        "ui_header_announcement_type_danger": "Veldig viktig",
+        "ui_header_announcement_type_info": "Info",
+        "ui_header_announcement_type_warning": "Viktig",
+        "ui_texts": "Grensesnittmerkelapper og tekster",
+        "unban_pending": "fjerning av utestenging avventes",
+        "unchanged_if_empty": "Hvis uendret, la være tomt",
+        "upload": "Last opp",
+        "username": "Brukernavn",
+        "validate_license_now": "Validér GUID mot lisenstjener",
+        "verify": "Validér",
+        "yes": "&#10003;"
     },
     "acl": {
         "ratelimit": "Nivågrense",
@@ -204,5 +270,57 @@
         "select_domain": "Vennligst velg et domene først",
         "active": "Aktiv",
         "target_address_info": "<small>Komplett/e epostadresse/r (kommaseparert).</small>"
+    },
+    "danger": {
+        "dkim_domain_or_sel_exists": "En DKIM-nøkkel for \"%s\" eksisterer og vil ikke bli overskrevet",
+        "from_invalid": "Avsender kan ikke være tom",
+        "bcc_must_be_email": "BCC-destinasjon %s er ikke en gyldig epostadresse",
+        "domain_quota_m_in_use": "Domenekvote må være større enn eller lik %s MiB",
+        "access_denied": "Tilgang nektet eller ugyldige skjemadata",
+        "alias_domain_invalid": "Aliasdomene %s er ugyldig",
+        "alias_empty": "Aliasadresse kan ikke være tom",
+        "alias_goto_identical": "Alias og gå-til-adresse kan ikke være identiske",
+        "alias_invalid": "Aliasadresse %s er ugyldig",
+        "aliasd_targetd_identical": "Aliasdomene kan ikke være likt som måldomene: %s",
+        "aliases_in_use": "Max. aliaser må være større enn eller det samme som %d",
+        "app_name_empty": "App-navn kan ikke være tomt",
+        "app_passwd_id_invalid": "App-passord ID %s ugyldig",
+        "bcc_empty": "BCC-destinasjon kan ikke være tom",
+        "bcc_exists": "En BCC-mapping %s eksisterer for type %s",
+        "comment_too_long": "Kommentar for lang, maks 160 tegn tillatt",
+        "cors_invalid_method": "Ugyldig Allow-Method spesifisert",
+        "cors_invalid_origin": "Ugyldig Allow-Origin angitt",
+        "defquota_empty": "Standardkvote pr. postboks kan ikke være 0.",
+        "demo_mode_enabled": "Demomodus er aktivert",
+        "description_invalid": "Ressursbeskrivelse for %s er ugyldig",
+        "dkim_domain_or_sel_invalid": "DKIM-domene eller selector ugyldig: %s",
+        "domain_cannot_match_hostname": "Domenet kan ikke være det samme som vertsnavnet",
+        "domain_exists": "Domenet %s eksisterer allerede",
+        "domain_invalid": "Domenenavn er tomt eller ugyldig",
+        "domain_not_empty": "Kan ikke fjerne ikke-tomt domene %s",
+        "domain_not_found": "Domene %s ikke funnet",
+        "extended_sender_acl_denied": "manglende ACL for å angi ekstern avsenderadresse",
+        "extra_acl_invalid": "Ekstern avsenderadresse \"%s\" er ugyldig",
+        "extra_acl_invalid_domain": "Ekstern avsenderadresse \"%s\" bruker et ugyldig domene",
+        "fido2_verification_failed": "FIDO2-verifisering feilet: %s",
+        "file_open_error": "Fil kan ikke åpnes for skriving",
+        "filter_type": "Feil filtertype",
+        "global_filter_write_error": "Kunne ikke skrive filterfil: %s",
+        "global_map_invalid": "Global mapping-ID %s ugyldig",
+        "global_map_write_error": "Kunne ikke skrive global mapping-ID %s: %s",
+        "goto_empty": "En aliasadresse må inneholde minst en gyldig gå-til-adresse",
+        "goto_invalid": "Gå-til-adresse %s er ugyldig",
+        "ham_learn_error": "Ham-læringsfeil: %s",
+        "imagick_exception": "Feil: Imagick-avvik under lesing av bilde",
+        "img_invalid": "Kan ikke validere bildefil",
+        "img_tmp_missing": "Kan ikke validere bildefil: Midlertidig fil ikke funnet",
+        "invalid_bcc_map_type": "Ugyldig BCC-mappingtype",
+        "invalid_destination": "Målformat \"%s\" er ugyldig",
+        "invalid_filter_type": "Ugyldig filtertype",
+        "invalid_host": "Ugyldig vert angitt: %s",
+        "invalid_mime_type": "Ugyldig mime-type",
+        "invalid_nexthop": "\"Next hop\"-format er ugyldig",
+        "img_dimensions_exceeded": "Bildet overskriver maksimal bildestørrelse",
+        "img_size_exceeded": "Bildet overskrider maksimal filstørrelse"
     }
 }

From 6928eb632efbb0862d890005f54e314f272f3c81 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 26 Feb 2024 13:10:08 +0100
Subject: [PATCH 163/755] [Dovecot] move sogo sso to mailcowauth.php

---
 data/Dockerfiles/dovecot/docker-entrypoint.sh |  7 -------
 data/conf/dovecot/auth/mailcowauth.php        | 20 ++++++++++++++-----
 data/conf/dovecot/dovecot.conf                |  1 -
 docker-compose.yml                            |  2 +-
 4 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index fef099cc6..1f6a7dc22 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -200,13 +200,6 @@ EOF
 # Create random master Password for SOGo SSO
 RAND_PASS=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 32 | head -n 1)
 echo -n ${RAND_PASS} > /etc/phpfpm/sogo-sso.pass
-cat <<EOF > /etc/dovecot/sogo-sso.conf
-# Autogenerated by mailcow
-passdb {
-  driver = static
-  args = allow_real_nets=${IPV4_NETWORK}.248/32 password={plain}${RAND_PASS}
-}
-EOF
 
 if [[ "${MASTER}" =~ ^([nN][oO]|[nN])+$ ]]; then
   # Toggling MASTER will result in a rebuild of containers, so the quota script will be recreated
diff --git a/data/conf/dovecot/auth/mailcowauth.php b/data/conf/dovecot/auth/mailcowauth.php
index d2da46598..2c3c01b30 100644
--- a/data/conf/dovecot/auth/mailcowauth.php
+++ b/data/conf/dovecot/auth/mailcowauth.php
@@ -45,20 +45,30 @@ require_once 'functions.auth.inc.php';
 require_once 'sessions.inc.php';
 require_once 'functions.mailbox.inc.php';
 
-// Init provider
-$iam_provider = identity_provider('init');
-
 
+$isSOGoRequest = $post['real_rip'] == getenv('IPV4_NETWORK') . '.248';
+$result = false;
 $protocol = $post['protocol'];
-if ($post['real_rip'] == getenv('IPV4_NETWORK') . '.248') {
+if ($isSOGoRequest) {
   $protocol = null;
+  // This is a SOGo Auth request. First check for SSO password.
+  $sogo_sso_pass = file_get_contents("/etc/sogo-sso/sogo-sso.pass");
+  if ($sogo_sso_pass === $post['password']){
+    error_log('MAILCOWAUTH: SOGo SSO auth for user ' . $post['username']);
+    $result = true;
+  }
+  
 }
-$result = user_login($post['username'], $post['password'], $protocol, array('is_internal' => true));
 if ($result === false){
   $result = apppass_login($post['username'], $post['password'], $protocol, array(
     'is_internal' => true,
     'remote_addr' => $post['real_rip']
   ));
+  if ($result) error_log('MAILCOWAUTH: App auth for user ' . $post['username']);
+}
+if ($result === false){
+  $result = user_login($post['username'], $post['password'], $protocol, array('is_internal' => true));
+  if ($result) error_log('MAILCOWAUTH: User auth for user ' . $post['username']);
 }
 
 if ($result) {
diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf
index c61d9a1b6..e14c445fd 100644
--- a/data/conf/dovecot/dovecot.conf
+++ b/data/conf/dovecot/dovecot.conf
@@ -303,7 +303,6 @@ replication_dsync_parameters = -d -l 30 -U -n INBOX
 !include_try /etc/dovecot/sni.conf
 !include_try /etc/dovecot/sogo_trusted_ip.conf
 !include_try /etc/dovecot/extra.conf
-!include_try /etc/dovecot/sogo-sso.conf
 !include_try /etc/dovecot/shared_namespace.conf
 # </Includes>
 default_client_limit = 10400
diff --git a/docker-compose.yml b/docker-compose.yml
index ea8f7feb7..f882d94a2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -237,7 +237,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:nightly-20240208
+      image: mailcow/dovecot:nightly-20240226
       depends_on:
         - mysql-mailcow
         - netfilter-mailcow

From d237157c0b743434ce213d895a130e02a0b06b3e Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 26 Feb 2024 13:12:44 +0100
Subject: [PATCH 164/755] init identity_provider only after all conditions are
 met

---
 data/conf/phpfpm/crons/keycloak-sync.php | 5 +++--
 data/conf/phpfpm/crons/ldap-sync.php     | 5 +++--
 data/web/inc/functions.auth.inc.php      | 4 ++--
 data/web/inc/functions.inc.php           | 8 ++++++++
 4 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/data/conf/phpfpm/crons/keycloak-sync.php b/data/conf/phpfpm/crons/keycloak-sync.php
index 0525f9572..3a7b1da7b 100644
--- a/data/conf/phpfpm/crons/keycloak-sync.php
+++ b/data/conf/phpfpm/crons/keycloak-sync.php
@@ -70,8 +70,6 @@ $_SESSION['acl']['protocol_access'] = "1";
 $_SESSION['acl']['mailbox_relayhost'] = "1";
 $_SESSION['acl']['unlimited_quota'] = "1";
 
-// Init Keycloak Provider
-$iam_provider = identity_provider('init');
 $iam_settings = identity_provider('get');
 if ($iam_settings['authsource'] != "keycloak" || (intval($iam_settings['periodic_sync']) != 1 && intval($iam_settings['import_users']) != 1)) {
   session_destroy();
@@ -109,6 +107,9 @@ $lock_file_handle = fopen($lock_file, 'w');
 fwrite($lock_file_handle, getmypid());
 fclose($lock_file_handle);
 
+// Init Keycloak Provider
+$iam_provider = identity_provider('init');
+
 // Loop until all users have been retrieved
 while (true) {
   // Get admin access token
diff --git a/data/conf/phpfpm/crons/ldap-sync.php b/data/conf/phpfpm/crons/ldap-sync.php
index 20cf7f290..1a53884c3 100644
--- a/data/conf/phpfpm/crons/ldap-sync.php
+++ b/data/conf/phpfpm/crons/ldap-sync.php
@@ -70,8 +70,6 @@ $_SESSION['acl']['protocol_access'] = "1";
 $_SESSION['acl']['mailbox_relayhost'] = "1";
 $_SESSION['acl']['unlimited_quota'] = "1";
 
-// Init Provider
-$iam_provider = identity_provider('init');
 $iam_settings = identity_provider('get');
 if ($iam_settings['authsource'] != "ldap" || (intval($iam_settings['periodic_sync']) != 1 && intval($iam_settings['import_users']) != 1)) {
   session_destroy();
@@ -109,6 +107,9 @@ $lock_file_handle = fopen($lock_file, 'w');
 fwrite($lock_file_handle, getmypid());
 fclose($lock_file_handle);
 
+// Init Provider
+$iam_provider = identity_provider('init');
+
 // Get ldap users
 $ldap_query = $iam_provider->query();
 if (!empty($iam_settings['filter'])) {
diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index b7b8dbc6a..78aca3c67 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -476,8 +476,8 @@ function keycloak_mbox_login_rest($user, $pass, $iam_settings, $extra = null){
 }
 function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
   global $pdo;
-  global $iam_provider;
-
+  
+  $iam_provider = identity_provider();
   $is_internal = $extra['is_internal'];
   $create = $extra['create'];
 
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 88aa811e6..bba46935b 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2099,12 +2099,20 @@ function uuid4() {
 }
 function identity_provider($_action, $_data = null, $_extra = null) {
   global $pdo;
+  global $iam_provider;
 
   $data_log = $_data;
   if (isset($data_log['client_secret'])) $data_log['client_secret'] = '*';
   if (isset($data_log['access_token'])) $data_log['access_token'] = '*';
 
   switch ($_action) {
+    case NULL:
+      if ($iam_provider) {
+        return $iam_provider;
+      } else {
+        $iam_provider = identity_provider("init");
+      }
+    break;
     case 'get':
       $settings = array();
       $stmt = $pdo->prepare("SELECT * FROM `identity_provider`;");

From 881c2d6e022a69f41fd6b773f24413f7fa5a181b Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 26 Feb 2024 13:13:50 +0100
Subject: [PATCH 165/755] [SOGo] remove custom logout from toolbar

---
 data/conf/sogo/custom-sogo.js | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/data/conf/sogo/custom-sogo.js b/data/conf/sogo/custom-sogo.js
index 0f1d5d342..e794372f0 100644
--- a/data/conf/sogo/custom-sogo.js
+++ b/data/conf/sogo/custom-sogo.js
@@ -32,18 +32,16 @@ document.addEventListener('DOMContentLoaded', function () {
             return false;
     }
     function mcElementsExists() {
-        if (document.getElementById("mc_logout"))
+        if (document.getElementById("mc_backlink"))
             return true;
         else 
             return false;
     }
     function addMCElements() {
         const toolbarElement = document.body.querySelector('.md-toolbar-tools.sg-toolbar-group-last.layout-align-end-center.layout-row');
-        var htmlCode = '<a class="md-icon-button md-button md-ink-ripple" aria-label="mailcow" href="/user" aria-hidden="false" tabindex="-1">' +
+        var htmlCode = '<a id="mc_backlink" class="md-icon-button md-button md-ink-ripple" aria-label="mailcow" href="/user" aria-hidden="false" tabindex="-1">' +
             '<md-icon class="material-icons" role="img" aria-label="build">build</md-icon>' +
-            '</a><a class="md-icon-button md-button md-ink-ripple" aria-label="mailcow" href="#" onclick="mc_logout.submit()" aria-hidden="false" tabindex="-1">' +
-            '<md-icon class="material-icons" role="img" aria-label="settings_power">settings_power</md-icon>' +
-            '</a><form action="/" method="post" id="mc_logout"><input type="hidden" name="logout"></form>';
+            '</a>';
         toolbarElement.insertAdjacentHTML('beforeend', htmlCode);
     }
 

From 39a4b115ed11028a96afc191a089993a77372d30 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 26 Feb 2024 13:14:08 +0100
Subject: [PATCH 166/755] [SOGo] fix plist_ldap.sh example

---
 data/conf/sogo/plist_ldap.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/data/conf/sogo/plist_ldap.sh b/data/conf/sogo/plist_ldap.sh
index c35949c65..1911cd18c 100755
--- a/data/conf/sogo/plist_ldap.sh
+++ b/data/conf/sogo/plist_ldap.sh
@@ -3,15 +3,15 @@
 domain="$1"
 gal_status="$2"
 
-echo '
+echo "
                 <!--
                 <example>
                     <key>canAuthenticate</key>
                     <string>YES</string>
                     <key>id</key>
-                    <string>'"${domain}_ldap"'</string>
+                    <string>"${domain}"_ldap</string>
                     <key>isAddressBook</key>
-                    <string>'"${gal_status}"'</string>
+                    <string>"${gal_status}"</string>
                     <key>IDFieldName</key>
                     <string>mail</string>
                     <key>UIDFieldName</key>
@@ -31,4 +31,4 @@ echo '
                     <key>hostname</key>
                     <string>ldap://1.2.3.4:389</string>
                 </example>
-                -->'
+                -->"

From ffbf1758e0a8e49d3b030b6edba67ac4d3eb8a61 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 26 Feb 2024 13:40:34 +0100
Subject: [PATCH 167/755] [Web] fix identity_provider ArgumentCountError

---
 data/web/inc/functions.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index bba46935b..19293d190 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2097,7 +2097,7 @@ function uuid4() {
 
   return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4));
 }
-function identity_provider($_action, $_data = null, $_extra = null) {
+function identity_provider($_action = null, $_data = null, $_extra = null) {
   global $pdo;
   global $iam_provider;
 

From 35f039a119bd0588ad025efec591f2d1a90551c7 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Mon, 26 Feb 2024 16:55:13 +0100
Subject: [PATCH 168/755] sogo: update to 5.10.0

---
 data/Dockerfiles/sogo/bootstrap-sogo.sh |  2 ++
 data/web/inc/init_db.inc.php            | 14 +++++++++++++-
 docker-compose.yml                      |  2 +-
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/sogo/bootstrap-sogo.sh b/data/Dockerfiles/sogo/bootstrap-sogo.sh
index aa15525c9..bae060542 100755
--- a/data/Dockerfiles/sogo/bootstrap-sogo.sh
+++ b/data/Dockerfiles/sogo/bootstrap-sogo.sh
@@ -150,6 +150,8 @@ cat <<EOF > /var/lib/sogo/GNUstep/Defaults/sogod.plist
     <string>YES</string>
     <key>SOGoEncryptionKey</key>
     <string>${RAND_PASS}</string>
+    <key>OCSAdminURL</key>
+    <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_admin</string>
     <key>OCSCacheFolderURL</key>
     <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_cache_folder</string>
     <key>OCSEMailAlarmsFolderURL</key>
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 445af8a9a..f62858b3f 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "09022024_1433";
+    $db_version = "26022024_1433";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -979,6 +979,18 @@ function init_db_schema() {
         ),
         "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
       ),
+      "sogo_admin" => array(
+        "cols" => array(
+          "c_key" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "c_content"  => "mediumtext NOT NULL",
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_key")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),      
       "pushover" => array(
         "cols" => array(
           "username" => "VARCHAR(255) NOT NULL",
diff --git a/docker-compose.yml b/docker-compose.yml
index ea56b4291..3efd6a42b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -175,7 +175,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.122.1
+      image: mailcow/sogo:1.123
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}

From d7430bf516ecd756a4384eca3d7a7a442b94aa93 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Mon, 26 Feb 2024 17:17:34 +0100
Subject: [PATCH 169/755] sogo: add new options to sogo.conf for update 5.10.0

---
 data/conf/sogo/sogo.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/data/conf/sogo/sogo.conf b/data/conf/sogo/sogo.conf
index 8d4dd93de..d398eb053 100644
--- a/data/conf/sogo/sogo.conf
+++ b/data/conf/sogo/sogo.conf
@@ -16,6 +16,9 @@
     SOGoFoldersSendEMailNotifications = YES;
     SOGoForwardEnabled = YES;
 
+    // Option to set Users as admin to globally manage calendar permissions etc. Disabled by default
+    // SOGoSuperUsernames = ("moo@example.com");
+
     SOGoUIAdditionalJSFiles = (
       js/theme.js,
       js/custom-sogo.js
@@ -38,6 +41,7 @@
 
     SOGoLanguage = English;
     SOGoMailAuxiliaryUserAccountsEnabled = YES;
+    // SOGoCreateIdentitiesDisabled = NO;
     SOGoMailCustomFromEnabled = YES;
     SOGoMailingMechanism = smtp;
     SOGoSMTPAuthenticationType = plain;

From e0eb3a4f137db2694196f744e15c4e80f4a36bee Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 1 Mar 2024 00:14:49 +0000
Subject: [PATCH 170/755] update postscreen_access.cidr

---
 data/conf/postfix/postscreen_access.cidr | 37 ++++++++----------------
 1 file changed, 12 insertions(+), 25 deletions(-)

diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr
index e8273ecc5..3d46030dd 100644
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@@ -1,6 +1,6 @@
-# Whitelist generated by Postwhite v3.4 on Thu Feb  1 00:13:50 UTC 2024
+# Whitelist generated by Postwhite v3.4 on Fri Mar  1 00:14:49 UTC 2024
 # https://github.com/stevejenkins/postwhite/
-# 2089 total rules
+# 2076 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
 2a01:111:f403:8000::/50	permit
@@ -46,7 +46,9 @@
 18.216.232.154	permit
 18.234.1.244	permit
 18.236.40.242	permit
+18.236.56.161	permit
 20.51.6.32/30	permit
+20.51.98.61	permit
 20.52.52.2	permit
 20.52.128.133	permit
 20.59.80.4/30	permit
@@ -101,13 +103,14 @@
 34.202.239.6	permit
 34.212.163.75	permit
 34.215.104.144	permit
+34.218.116.3	permit
 34.225.212.172	permit
-34.247.168.44	permit
 35.161.32.253	permit
 35.167.93.243	permit
 35.176.132.251	permit
 35.190.247.0/24	permit
 35.191.0.0/16	permit
+35.242.169.159	permit
 37.218.248.47	permit
 37.218.249.47	permit
 37.218.251.62	permit
@@ -123,6 +126,7 @@
 44.236.56.93	permit
 44.238.220.251	permit
 46.19.168.0/23	permit
+46.19.170.16	permit
 46.226.48.0/21	permit
 46.228.36.37	permit
 46.228.36.38/31	permit
@@ -188,6 +192,7 @@
 51.137.58.21	permit
 51.140.75.55	permit
 51.144.100.179	permit
+52.1.14.157	permit
 52.5.230.59	permit
 52.27.5.72	permit
 52.27.28.47	permit
@@ -242,11 +247,8 @@
 54.174.63.0/24	permit
 54.186.193.102	permit
 54.191.223.56	permit
-54.194.61.95	permit
-54.195.113.45	permit
 54.213.20.246	permit
 54.214.39.184	permit
-54.216.77.168	permit
 54.221.227.204	permit
 54.240.0.0/18	permit
 54.240.64.0/19	permit
@@ -254,7 +256,6 @@
 54.241.16.209	permit
 54.244.54.130	permit
 54.244.242.0/24	permit
-54.246.232.180	permit
 54.255.61.23	permit
 62.13.128.0/24	permit
 62.13.128.150	permit
@@ -270,7 +271,6 @@
 62.201.172.0/27	permit
 62.201.172.32/27	permit
 62.253.227.114	permit
-63.32.13.159	permit
 63.80.14.0/23	permit
 63.111.28.137	permit
 63.128.21.0/24	permit
@@ -285,10 +285,6 @@
 64.79.155.193	permit
 64.79.155.205	permit
 64.79.155.206	permit
-64.89.44.85	permit
-64.89.45.80	permit
-64.89.45.194	permit
-64.89.45.196	permit
 64.127.115.252	permit
 64.132.88.0/23	permit
 64.132.92.0/24	permit
@@ -560,10 +556,6 @@
 72.30.239.228/31	permit
 72.30.239.244/30	permit
 72.30.239.248/31	permit
-72.34.168.76	permit
-72.34.168.80	permit
-72.34.168.85	permit
-72.34.168.86	permit
 72.52.72.32/28	permit
 74.6.128.0/21	permit
 74.6.128.0/24	permit
@@ -642,8 +634,6 @@
 84.116.50.0/23	permit
 85.158.136.0/21	permit
 86.61.88.25	permit
-87.198.219.130	permit
-87.198.219.153	permit
 87.238.80.0/21	permit
 87.248.103.12	permit
 87.248.103.21	permit
@@ -1338,6 +1328,7 @@
 106.10.244.0/24	permit
 106.39.212.64/29	permit
 106.50.16.0/28	permit
+107.20.210.250	permit
 108.174.0.0/24	permit
 108.174.0.215	permit
 108.174.3.0/24	permit
@@ -1488,6 +1479,7 @@
 148.105.0.0/16	permit
 148.105.8.0/21	permit
 149.72.0.0/16	permit
+149.72.223.204	permit
 149.72.248.236	permit
 149.97.173.180	permit
 150.230.98.160	permit
@@ -1572,8 +1564,6 @@
 167.89.75.164	permit
 167.89.101.2	permit
 167.89.101.192/28	permit
-167.216.129.210	permit
-167.216.131.180	permit
 167.220.67.232/29	permit
 168.138.5.36	permit
 168.138.73.51	permit
@@ -1585,6 +1575,7 @@
 169.148.131.0/24	permit
 169.148.142.10	permit
 169.148.144.0/25	permit
+169.148.144.10	permit
 170.10.68.0/22	permit
 170.10.128.0/24	permit
 170.10.129.0/24	permit
@@ -1867,9 +1858,6 @@
 208.43.21.28/30	permit
 208.43.21.64/29	permit
 208.43.21.72/30	permit
-208.46.212.80	permit
-208.46.212.208/31	permit
-208.46.212.210	permit
 208.64.132.0/22	permit
 208.71.40.0/24	permit
 208.71.40.63	permit
@@ -1898,10 +1886,9 @@
 208.71.42.214	permit
 208.72.249.240/29	permit
 208.74.204.0/22	permit
+208.74.204.5	permit
 208.74.204.9	permit
 208.75.120.0/22	permit
-208.75.121.246	permit
-208.75.122.246	permit
 208.82.237.96/29	permit
 208.82.237.104/31	permit
 208.82.238.96/29	permit

From d92ffe8fc791abb613e5d1c56511411fed6d7c7e Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Fri, 1 Mar 2024 11:41:11 +0100
Subject: [PATCH 171/755] helper: remove old SOGo repo to not break builds on
 ARM64

---
 .../BUILD_FLAGS/docker-compose.override.yml                     | 2 --
 1 file changed, 2 deletions(-)

diff --git a/helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml b/helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml
index 99cd01489..8dde63b1b 100644
--- a/helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml
+++ b/helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml
@@ -16,8 +16,6 @@ services:
     build:
       context: ./data/Dockerfiles/sogo
       dockerfile: Dockerfile
-      args:
-        - SOGO_DEBIAN_REPOSITORY=http://packages.inverse.ca/SOGo/nightly/5/debian/
 
   dovecot-mailcow:
     build: ./data/Dockerfiles/dovecot

From 914a8204d44be05d552ea8a9ad80ed365a749648 Mon Sep 17 00:00:00 2001
From: Marcel Schuster <mrclschstr@users.noreply.github.com>
Date: Fri, 1 Mar 2024 23:07:05 +0100
Subject: [PATCH 172/755] Watchdog: escape subject and body for webhooks

---
 data/Dockerfiles/watchdog/watchdog.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/watchdog/watchdog.sh b/data/Dockerfiles/watchdog/watchdog.sh
index cb342c138..e0cb76a6b 100755
--- a/data/Dockerfiles/watchdog/watchdog.sh
+++ b/data/Dockerfiles/watchdog/watchdog.sh
@@ -169,9 +169,13 @@ function notify_error() {
       return 1
     fi
 
+    # Escape subject and body (https://stackoverflow.com/a/2705678)
+    ESCAPED_SUBJECT=$(echo ${SUBJECT} | sed -e 's/[\/&]/\\&/g')
+    ESCAPED_BODY=$(echo ${BODY} | sed -e 's/[\/&]/\\&/g')
+
     # Replace subject and body placeholders
-    WEBHOOK_BODY=$(echo ${WATCHDOG_NOTIFY_WEBHOOK_BODY} | sed "s/\$SUBJECT\|\${SUBJECT}/$SUBJECT/g" | sed "s/\$BODY\|\${BODY}/$BODY/g")
-    
+    WEBHOOK_BODY=$(echo ${WATCHDOG_NOTIFY_WEBHOOK_BODY} | sed -e "s/\$SUBJECT\|\${SUBJECT}/$ESCAPED_SUBJECT/g" -e "s/\$BODY\|\${BODY}/$ESCAPED_BODY/g")
+
     # POST to webhook
     curl -X POST -H "Content-Type: application/json" ${CURL_VERBOSE} -d "${WEBHOOK_BODY}" ${WATCHDOG_NOTIFY_WEBHOOK}
 

From 8c0637b5561e33bb07c09a9725f08fd0868d2eff Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Tue, 5 Mar 2024 17:57:55 +0100
Subject: [PATCH 173/755] [Web] Updated lang.lv-lv.json (#5777)

Co-authored-by: Edgars Andersons <Edgars+Mailcow+Weblate@gaitenis.id.lv>
---
 data/web/lang/lang.lv-lv.json | 63 +++++++++++++++++++++++++----------
 1 file changed, 45 insertions(+), 18 deletions(-)

diff --git a/data/web/lang/lang.lv-lv.json b/data/web/lang/lang.lv-lv.json
index 962b90005..f22545e17 100644
--- a/data/web/lang/lang.lv-lv.json
+++ b/data/web/lang/lang.lv-lv.json
@@ -4,7 +4,9 @@
         "filters": "Filtri",
         "recipient_maps": "Saņēmēja kartes",
         "syncjobs": "Sinhronizācijas uzdevumi",
-        "spam_score": "Mēstules novērtējums"
+        "spam_score": "Mēstules novērtējums",
+        "alias_domains": "Pievienot aizstājdomēnus",
+        "spam_alias": "Pagaidu aizstājvārdi"
     },
     "add": {
         "activate_filter_warn": "Visi pārējie filtri tiks deaktivizēti, kad aktīvs ir atzīmēts.",
@@ -12,9 +14,9 @@
         "add": "Pievienot",
         "add_domain_only": "Tikai pievienot domēnu",
         "add_domain_restart": "Pievienot domēnu un restartēt SOGo",
-        "alias_address": "Alias addrese/s",
+        "alias_address": "Aizstājvārdu addrese/s",
         "alias_address_info": "<small>Pilna epasta addrese/s vai @piemērs.com, lai notvertu visas domēna ziņas (komatu atdalītas). <b>tikai mailcow domēni</b>.</small>",
-        "alias_domain": "Alias domēni",
+        "alias_domain": "Aizstājdomēni",
         "alias_domain_info": "<small>Tikai derīgi domēna vārdi (komatu atdalīti).</small>",
         "automap": "Mēģiniet automatizēt mapes (\"Nosūtītie vienumi\", \"Nosūtītie\" => \"Nosūtītie\" etc.)",
         "backup_mx_options": "Dublējuma MX iespējas",
@@ -32,14 +34,14 @@
         "kind": "Veids",
         "mailbox_quota_m": "Maks. kvota pastkastei (MiB)",
         "mailbox_username": "Lietotājvārds (kriesā daļa no epasta adreses)",
-        "max_aliases": "Maks. iespejamās aliases",
+        "max_aliases": "Lielākais pieļaujamo aizstājvārdu skaits",
         "max_mailboxes": "Maks. iespējamās pastkastes",
         "mins_interval": "Aptauajs intervāls (minūtes)",
         "multiple_bookings": "Vairākas rezervācijas",
         "password": "Parole",
         "password_repeat": "Apstiprinājuma parole (atkārtot)",
         "port": "Ports",
-        "post_domain_add": "Jums būs nepieciešams atsāknēt SOGo servisa konteineru pēc jauna domēna pievienošanas!",
+        "post_domain_add": "SOGO konteineru \"sogo-mailcow\" ir nepieciešams pārsāknēt pēc jauna domēna pievienošanas.<br><br>Papildus vajadzētu pārskatīt domēnu DNS konfigurāciju. Tiklīdz DNS konfigurācija ir apstiprināta, jāpārsāknē \"acme-mailcow\", lai automātiski izveidotu sertifikātus jaunajam domēnam (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;).<br>Šis solis ir izvēles un tiks atkārtots ik pēc 24 stundām.",
         "quota_mb": "Kvota (MiB)",
         "relay_all": "Pārsūtīt visus saņēmējus",
         "relay_all_info": "<small>Ja izvēlies <b>nepārsūtīt</b> visus saņēmējus, tad Tev būs nepieciešams pievienot (\"tukšu\") pastkasti katram saņēmējam, kas būtu jāpārsūta.</small>",
@@ -56,7 +58,8 @@
         "target_domain": "Mērķa domēns",
         "username": "Lietotājvārds",
         "validate": "Apstiprināt",
-        "validation_success": "Apstiprināts veiksmīgi"
+        "validation_success": "Apstiprināts veiksmīgi",
+        "bcc_dest_format": "BCC galamērķim ir jābūt vienai derīgai e-pasta adresei.<br>Ja ir nepieciešams nosūtīt kopiju vairākām adresēm, jāizveido aizstājvārds un jāizmanto tas šeit."
     },
     "admin": {
         "access": "Pieeja",
@@ -118,7 +121,7 @@
         "password_repeat": "Apstiprināt paroli (atkārtot)",
         "private_key": "Privāta atslēga",
         "quarantine": "Karantīna",
-        "quarantine_exclude_domains": "Izslēgt domēnus un alias-domēnus:",
+        "quarantine_exclude_domains": "Neņemt vērā domēnus un aizstājdomēnus",
         "quarantine_max_size": "Maks. izmērs MiB (lielāki vienumi ir atbrīvoti):",
         "quarantine_retention_size": "Atlikumi pastkastēs:",
         "r_active": "Aktīvie ierobežojumi",
@@ -148,7 +151,10 @@
         "username": "Lietotājvārds",
         "generate": "izveidot",
         "message": "Ziņojums",
-        "last_applied": "Pēdējoreiz pielietots"
+        "last_applied": "Pēdējoreiz pielietots",
+        "f2b_regex_info": "Vērā ņemtie žurnāli: SOGO, Postfix, Dovecot, PHP-FPM",
+        "sys_mails": "Sistēmas pasts",
+        "ip_check_disabled": "IP pārbaude ir atspējota. To var iespējot<br><strong>Sistēma > Konfigurācija > iespējas > Pielāgot</strong>"
     },
     "danger": {
         "access_denied": "Piekļuve liegta, vai nepareizi dati",
@@ -267,7 +273,8 @@
         "unchanged_if_empty": "Ja neizmainīts atstājiet tukšu",
         "username": "Lietotājvārds",
         "validate_save": "Apstiprināt un saglabāt",
-        "last_modified": "Pēdējoreiz mainīts"
+        "last_modified": "Pēdējoreiz mainīts",
+        "domain_footer_skip_replies": "Neņemt vērā kājeni atbildes e-pastos"
     },
     "footer": {
         "cancel": "Atcelt",
@@ -282,11 +289,12 @@
     "header": {
         "administration": "Administrēšana",
         "debug": "Atkļūdošana",
-        "email": "E-Mail",
-        "mailcow_config": "Configurācija",
+        "email": "E-pasts",
+        "mailcow_config": "Konfigurācija",
         "quarantine": "Karantīna",
         "restart_sogo": "Restartēt SOGo",
-        "user_settings": "Lietotāja uzstādījumi"
+        "user_settings": "Lietotāja uzstādījumi",
+        "mailcow_system": "Sistēma"
     },
     "info": {
         "no_action": "No action applicable"
@@ -385,7 +393,10 @@
         "daily": "Ik dienu",
         "hourly": "Ik stundu",
         "last_mail_login": "Pēdējā pieteikšanās pastkastē",
-        "mailbox": "Pastkaste"
+        "mailbox": "Pastkaste",
+        "sieve_preset_2": "Vienmēr atzīmēt noteikta sūtītāja e-pastu kā izlasītu",
+        "open_logs": "Atvērt žurnālus",
+        "sieve_preset_8": "Pārvirzīt noteikta sūtītāja e-pastu, atzīmēt kā izlasītu un ievietot to apakšmapē"
     },
     "quarantine": {
         "action": "Darbības",
@@ -408,10 +419,14 @@
         "subj": "Priekšmets",
         "text_from_html_content": "Saturs (konvertēts html)",
         "text_plain_content": "Saturs (teksts/vienkāršs)",
-        "toggle_all": "Pārslēgt visu"
+        "toggle_all": "Pārslēgt visu",
+        "disabled_by_config": "Pašreizējā sistēmas konfigurācija atspējo karantīnu. Lūgums iestatīt \"saglabāšanu katrai pastkastītei\" un \"lielākais pieļaujamais lielums\" karantīnas vienumiem.",
+        "qhandler_success": "Pieprasījums veiksmīgi nosūtīts sistēmai. Tagad var aizvērt logu.",
+        "qinfo": "Karantīnas sistēma datubāzē saglabās noraidīto pastu (sūtītājam <em>netiks</em> radīts iespaids par piegādātu pastu), kā arī pastu, kas tiek piegādāts kā kopija pastkastes mēstuļu mapē.\n  <br>\"Apgūt kā surogātpastu un izdzēst\" apgūs ziņojumu kā surogātpastu ar Bajesa teorēmu un aprēķinās arī nestriktas jaucējvērtības, lai nākotnē noraidītu līdzīgus ziņojumus.\n  <br>Lūgums apzināties, ka vairāku ziņojumu apgūšana var būt laikietilpīga atkarībā no sistēmas.<br>Melnā saraksta vienumi karantīnā netiek iekļauti."
     },
     "queue": {
-        "queue_manager": "Queue Manager"
+        "queue_manager": "Queue Manager",
+        "info": "Pasta rinda satur visus e-pastus, kas gaida piegādi. Ja e-pasts ir iestrēdzis pasta rindā ilgu laiku, sistēma to automātiski izdzēš.<br>Attiecīgā pasta kļūdas ziņojums sniedz informāciju par to, kāpēc pastu neizdevās piegādāt."
     },
     "start": {
         "help": "Rādīt/Paslēp palīdzības paneli",
@@ -552,12 +567,13 @@
         "tls_enforce_in": "Piespiest TLS ienākošajiem",
         "tls_enforce_out": "Piespiest TLS izejošajiem",
         "tls_policy": "Šifrēšanas politika",
-        "tls_policy_warning": "<strong>Uzmanību:</strong> Ja jūs izlemjat aktivizēt e-pastu šifrēšanu, Jūs varat pazaudēt vēstules.<br>Vēstules kas neatbilst politikai atleks atpakaļ no sistēmas ar kļūdu.<br>Šī opcija attiecas uz Jūsu primāro e-pasta adresi, visām adresēm, kas atvasinātas no alias domēniem, kā arī aliasi <b>,kas saistīti tikai ar šo pastkasti</b> kā mērķis.",
+        "tls_policy_warning": "<strong>Brīdinājums:</strong> Ja tiek izlemts ieviest šifrēta pasta nosūtīšanu, var tikt pazaudēti e-pasti.<br>Ziņojumi, kas neatbilst nosacījumiem, pasta sistēma atmetīs ar kļūdu.<br>Šī iespēja attiecas uz galveno e-pasta adresi (pieteikšanās vārdu), visām adresēm, kas atvasinātas no aizsājdomēniem, kā arī aizstājadreses, <b>kas norāda tikai uz šo pastkasti</b>.",
         "user_settings": "Lietotāja iestatījumi",
         "username": "Lietotājvārds",
         "waiting": "Waiting",
         "week": "Nedēļa",
-        "weeks": "Nedēļas"
+        "weeks": "Nedēļas",
+        "open_logs": "Atvērt žurnālus"
     },
     "datatables": {
         "paginate": {
@@ -566,6 +582,17 @@
         }
     },
     "debug": {
-        "last_modified": "Pēdējoreiz mainīts"
+        "last_modified": "Pēdējoreiz mainīts",
+        "static_logs": "Nemainīgie žurnāli",
+        "no_update_available": "Sistēma izmanto jaunāko versiju",
+        "in_memory_logs": "Atmiņā esošie žurnāli",
+        "system_containers": "Sistēma un konteineri",
+        "current_time": "Sistēmas laiks",
+        "external_logs": "Ārējie žurnāli",
+        "logs": "Žurnāli"
+    },
+    "warning": {
+        "domain_added_sogo_failed": "Domēns pievienots, bet neizdevās pārsāknēt SOGO. Lūgums pārbaudīt servera žurnālus.",
+        "dovecot_restart_failed": "Dovecot neizdevās pārsāknēties. Lūgums pārbaudīt žurnālus."
     }
 }

From e1c3ad9fe8eaa6580ebc60b5217efee87a6e8b04 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 8 Mar 2024 13:15:35 +0100
Subject: [PATCH 174/755] [Web] return idp instance after init

---
 data/web/inc/functions.inc.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 19293d190..6571e0179 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2111,6 +2111,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
         return $iam_provider;
       } else {
         $iam_provider = identity_provider("init");
+        return $iam_provider;
       }
     break;
     case 'get':

From 2ba64e93f9f7a152cc32e3e9fb79eaee88bb8d9d Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 8 Mar 2024 13:50:20 +0100
Subject: [PATCH 175/755] [Web] allow SSL / TLS connections for LDAP

---
 data/web/inc/functions.inc.php                | 43 ++++++++++++++++---
 data/web/lang/lang.en-gb.json                 |  3 ++
 .../admin/tab-config-identity-provider.twig   | 24 +++++++++++
 3 files changed, 63 insertions(+), 7 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 6571e0179..274589972 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2120,10 +2120,19 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       $stmt->execute();
       $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
       foreach($rows as $row){
-        if ($row["key"] == 'mappers' || $row["key"] == 'templates'){
-          $settings[$row["key"]] = json_decode($row["value"]);
-        } else {
-          $settings[$row["key"]] = $row["value"];
+        switch ($row["key"]) {
+          case "mappers":
+          case "templates":
+            $settings[$row["key"]] = json_decode($row["value"]);
+          break;
+          case "use_ssl":
+          case "use_tls":
+          case "ignore_ssl_errors":
+            $settings[$row["key"]] = boolval($row["value"]);
+          break;
+          default:
+            $settings[$row["key"]] = $row["value"];
+          break;
         }
       }
       // return default client_scopes for generic-oidc if none is set
@@ -2207,9 +2216,12 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
           $_data['filter']            = (!empty($_data['filter'])) ? $_data['filter'] : "";
           $_data['periodic_sync']     = isset($_data['periodic_sync']) ? intval($_data['periodic_sync']) : 0;
           $_data['import_users']      = isset($_data['import_users']) ? intval($_data['import_users']) : 0;
+          $_data['use_ssl']           = isset($_data['use_ssl']) ? boolval($_data['use_ssl']) : false;
+          $_data['use_tls']           = isset($_data['use_tls']) && !$_data['use_ssl'] ? boolval($_data['use_tls']) : false;
+          $_data['ignore_ssl_error']  = isset($_data['ignore_ssl_error']) ? boolval($_data['ignore_ssl_error']) : false;
           $_data['sync_interval']     = (!empty($_data['sync_interval'])) ? intval($_data['sync_interval']) : 15;
           $_data['sync_interval']     = $_data['sync_interval'] < 1 ? 1 : $_data['sync_interval'];
-          $required_settings          = array('authsource', 'host', 'port', 'basedn', 'username_field', 'filter', 'attribute_field', 'binddn', 'bindpass', 'periodic_sync', 'import_users', 'sync_interval');
+          $required_settings          = array('authsource', 'host', 'port', 'basedn', 'username_field', 'filter', 'attribute_field', 'binddn', 'bindpass', 'periodic_sync', 'import_users', 'sync_interval', 'use_ssl', 'use_tls', 'ignore_ssl_error');
         break;
       }
       
@@ -2306,12 +2318,22 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
             !$_data['binddn'] || !$_data['bindpass']){
               return false;
           }
+          $_data['use_ssl'] = isset($_data['use_ssl']) ? boolval($_data['use_ssl']) : false;
+          $_data['use_tls'] = isset($_data['use_tls']) && !$_data['use_ssl'] ? boolval($_data['use_tls']) : false;
+          $_data['ignore_ssl_error'] = isset($_data['ignore_ssl_error']) ? boolval($_data['ignore_ssl_error']) : false;
+          $options = array();
+          if ($_data['ignore_ssl_error']) {
+            $options['LDAP_OPT_X_TLS_REQUIRE_CERT'] = "LDAP_OPT_X_TLS_NEVER";
+          }
           $provider = new \LdapRecord\Connection([
             'hosts'                     => [$_data['host']],
             'port'                      => $_data['port'],
             'base_dn'                   => $_data['basedn'],
             'username'                  => $_data['binddn'],
-            'password'                  => $_data['bindpass']
+            'password'                  => $_data['bindpass'],
+            'use_ssl'                   => $_data['use_ssl'],
+            'use_tls'                   => $_data['use_tls'],
+            'options'                   => $options
           ]);
           try {
             $provider->connect();
@@ -2395,12 +2417,19 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
         case "ldap":
           if ($iam_settings['host'] && $iam_settings['port'] && $iam_settings['basedn'] &&
             $iam_settings['binddn'] && $iam_settings['bindpass']){
+            $options = array();
+            if ($iam_settings['ignore_ssl_error']) {
+              $options['LDAP_OPT_X_TLS_REQUIRE_CERT'] = "LDAP_OPT_X_TLS_NEVER";
+            }
             $provider = new \LdapRecord\Connection([
               'hosts'                     => [$iam_settings['host']],
               'port'                      => $iam_settings['port'],
               'base_dn'                   => $iam_settings['basedn'],
               'username'                  => $iam_settings['binddn'],
-              'password'                  => $iam_settings['bindpass']
+              'password'                  => $iam_settings['bindpass'],
+              'use_ssl'                   => $iam_settings['use_ssl'],
+              'use_tls'                   => $iam_settings['use_tls'],
+              'options'                   => $options
             ]);
             try {
               $provider->connect();
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 0a0622739..705908028 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -240,7 +240,10 @@
         "iam_userinfo_url": "User info endpoint",
         "iam_username_field": "Username Field",
         "iam_binddn": "Bind DN",
+        "iam_use_ssl": "Use SSL",
+        "iam_use_tls": "Use TLS",
         "iam_version": "Version",
+        "ignore_ssl_error": "Ignore SSL Errors",
         "import": "Import",
         "import_private_key": "Import private key",
         "in_use_by": "In use by",
diff --git a/data/web/templates/admin/tab-config-identity-provider.twig b/data/web/templates/admin/tab-config-identity-provider.twig
index 5f002c056..e5103d970 100644
--- a/data/web/templates/admin/tab-config-identity-provider.twig
+++ b/data/web/templates/admin/tab-config-identity-provider.twig
@@ -302,6 +302,30 @@
               <input type="number" class="form-control" id="iam_ldap_port" name="port" value="{{ iam_settings.port }}" required>
             </div>
           </div>
+          <div class="row mb-2">
+            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_use_ssl }}</label>
+            <div class="col-12 col-md-9">
+              <div class="form-check form-switch">
+                <input class="form-check-input" type="checkbox" role="switch" name="use_ssl" value="1" {% if iam_settings.use_ssl == 1 %}checked{% endif %}>
+              </div>
+            </div>
+          </div>
+          <div class="row mb-2">
+            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_use_tls }}</label>
+            <div class="col-12 col-md-9">
+              <div class="form-check form-switch">
+                <input class="form-check-input" type="checkbox" role="switch" name="use_tls" value="1" {% if iam_settings.use_tls == 1 %}checked{% endif %}>
+              </div>
+            </div>
+          </div>
+          <div class="row mb-4">
+            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.ignore_ssl_error }}</label>
+            <div class="col-12 col-md-9">
+              <div class="form-check form-switch">
+                <input class="form-check-input" type="checkbox" role="switch" name="ignore_ssl_error" value="1" {% if iam_settings.ignore_ssl_error == 1 %}checked{% endif %}>
+              </div>
+            </div>
+          </div>
           <div class="row mb-2">
             <label class="control-label col-md-3 text-sm-end" for="iam_ldap_basedn">{{ lang.admin.iam_basedn }}:</label>
             <div class="col-12 col-md-9 col-lg-4">

From e0bda6ca6a2c78e94d01772a12f397628552b5e4 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 8 Mar 2024 14:05:37 +0100
Subject: [PATCH 176/755] [Web] prevent multiple dual-logins

---
 data/web/inc/triggers.inc.php | 35 +++++++++++++++++++----------------
 1 file changed, 19 insertions(+), 16 deletions(-)

diff --git a/data/web/inc/triggers.inc.php b/data/web/inc/triggers.inc.php
index cd81f4c21..0e29011de 100644
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -121,23 +121,26 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
 
 if (isset($_SESSION['mailcow_cc_role']) && (isset($_SESSION['acl']['login_as']) && $_SESSION['acl']['login_as'] == "1")) {
 	if (isset($_GET["duallogin"])) {
-    $duallogin = html_entity_decode(rawurldecode($_GET["duallogin"]));
-    if (filter_var($duallogin, FILTER_VALIDATE_EMAIL)) {
-      if (!empty(mailbox('get', 'mailbox_details', $duallogin))) {
-        $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
-        $_SESSION["dual-login"]["role"]     = $_SESSION['mailcow_cc_role'];
-        $_SESSION['mailcow_cc_username']    = $duallogin;
-        $_SESSION['mailcow_cc_role']        = "user";
-        header("Location: /user");
+    $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
+    if (!$is_dual) {
+      $duallogin = html_entity_decode(rawurldecode($_GET["duallogin"]));
+      if (filter_var($duallogin, FILTER_VALIDATE_EMAIL)) {
+        if (!empty(mailbox('get', 'mailbox_details', $duallogin))) {
+          $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
+          $_SESSION["dual-login"]["role"]     = $_SESSION['mailcow_cc_role'];
+          $_SESSION['mailcow_cc_username']    = $duallogin;
+          $_SESSION['mailcow_cc_role']        = "user";
+          header("Location: /user");
+        }
       }
-    }
-    else {
-      if (!empty(domain_admin('details', $duallogin))) {
-        $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
-        $_SESSION["dual-login"]["role"]     = $_SESSION['mailcow_cc_role'];
-        $_SESSION['mailcow_cc_username']    = $duallogin;
-        $_SESSION['mailcow_cc_role']        = "domainadmin";
-        header("Location: /user");
+      else {
+        if (!empty(domain_admin('details', $duallogin))) {
+          $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
+          $_SESSION["dual-login"]["role"]     = $_SESSION['mailcow_cc_role'];
+          $_SESSION['mailcow_cc_username']    = $duallogin;
+          $_SESSION['mailcow_cc_role']        = "domainadmin";
+          header("Location: /user");
+        }
       }
     }
   }

From 0807c122f659f074b8376313d9ab9c4bed6fba06 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 8 Mar 2024 15:11:49 +0100
Subject: [PATCH 177/755] [Web] set default LDAP options on get

---
 data/web/inc/functions.inc.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 274589972..864c07f4a 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2143,6 +2143,12 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
         $settings['client_secret'] = '';
         $settings['access_token'] = '';
       }
+      // return default ldap options
+      if ($settings["authsource"] == "ldap"){
+        $settings['use_ssl'] = !isset($settings['use_ssl']) ? false : $settings['use_ssl'];
+        $settings['use_tls'] = !isset($settings['use_tls']) ? false : $settings['use_tls'];
+        $settings['ignore_ssl_errors'] = !isset($settings['ignore_ssl_errors']) ? false : $settings['ignore_ssl_errors'];
+      }
       return $settings;
     break;
     case 'edit':

From fd73b3ad8847bad6b7b867836761349ad3bc1fa7 Mon Sep 17 00:00:00 2001
From: aaadddfgh <55911298+aaadddfgh@users.noreply.github.com>
Date: Wed, 13 Mar 2024 22:53:37 +0800
Subject: [PATCH 178/755] Update lang.zh-cn.json (#5789)

Change a better translation
---
 data/web/lang/lang.zh-cn.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index cca5ecc58..41f46d8df 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -356,7 +356,7 @@
         "description_invalid": "%s 的资源描述无效",
         "dkim_domain_or_sel_exists": "\"%s\"的 DKIM 密钥已存在，因此不会被覆盖",
         "dkim_domain_or_sel_invalid": "DKIM 域名或选择器无效: %s",
-        "domain_cannot_match_hostname": "域名与主机名称不匹配",
+        "domain_cannot_match_hostname": "域名不应与主机名相同",
         "domain_exists": "域名 %s 已存在",
         "domain_invalid": "域名地址为空或无效",
         "domain_not_empty": "不能删除非空域名 %s",

From 5c851f29358c634c27ec02e53364d9f7b62bb789 Mon Sep 17 00:00:00 2001
From: Ayowel <Ayowel@users.noreply.github.com>
Date: Tue, 26 Mar 2024 08:12:29 +0100
Subject: [PATCH 179/755] Allow prompt-less install on low-resource systems

---
 generate_config.sh | 64 ++++++++++++++++++++++++----------------------
 1 file changed, 34 insertions(+), 30 deletions(-)

diff --git a/generate_config.sh b/generate_config.sh
index 05d9ee2f1..3d30a6ad1 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -147,40 +147,44 @@ done
 
 MEM_TOTAL=$(awk '/MemTotal/ {print $2}' /proc/meminfo)
 
-if [ ${MEM_TOTAL} -le "2621440" ]; then
-  echo "Installed memory is <= 2.5 GiB. It is recommended to disable ClamAV to prevent out-of-memory situations."
-  echo "ClamAV can be re-enabled by setting SKIP_CLAMD=n in mailcow.conf."
-  read -r -p  "Do you want to disable ClamAV now? [Y/n] " response
-  case $response in
-    [nN][oO]|[nN])
-      SKIP_CLAMD=n
+if [ -z "${SKIP_CLAMD}" ]; then
+  if [ ${MEM_TOTAL} -le "2621440" ]; then
+    echo "Installed memory is <= 2.5 GiB. It is recommended to disable ClamAV to prevent out-of-memory situations."
+    echo "ClamAV can be re-enabled by setting SKIP_CLAMD=n in mailcow.conf."
+    read -r -p  "Do you want to disable ClamAV now? [Y/n] " response
+    case $response in
+      [nN][oO]|[nN])
+        SKIP_CLAMD=n
+        ;;
+      *)
+        SKIP_CLAMD=y
       ;;
-    *)
-      SKIP_CLAMD=y
-    ;;
-  esac
-else
-  SKIP_CLAMD=n
+    esac
+  else
+    SKIP_CLAMD=n
+  fi
 fi
 
-if [ ${MEM_TOTAL} -le "2097152" ]; then
-  echo "Disabling Solr on low-memory system."
-  SKIP_SOLR=y
-elif [ ${MEM_TOTAL} -le "3670016" ]; then
-  echo "Installed memory is <= 3.5 GiB. It is recommended to disable Solr to prevent out-of-memory situations."
-  echo "Solr is a prone to run OOM and should be monitored. The default Solr heap size is 1024 MiB and should be set in mailcow.conf according to your expected load."
-  echo "Solr can be re-enabled by setting SKIP_SOLR=n in mailcow.conf but will refuse to start with less than 2 GB total memory."
-  read -r -p  "Do you want to disable Solr now? [Y/n] " response
-  case $response in
-    [nN][oO]|[nN])
-      SKIP_SOLR=n
+if [ -z "${SKIP_SOLR}" ]; then
+  if [ ${MEM_TOTAL} -le "2097152" ]; then
+    echo "Disabling Solr on low-memory system."
+    SKIP_SOLR=y
+  elif [ ${MEM_TOTAL} -le "3670016" ]; then
+    echo "Installed memory is <= 3.5 GiB. It is recommended to disable Solr to prevent out-of-memory situations."
+    echo "Solr is a prone to run OOM and should be monitored. The default Solr heap size is 1024 MiB and should be set in mailcow.conf according to your expected load."
+    echo "Solr can be re-enabled by setting SKIP_SOLR=n in mailcow.conf but will refuse to start with less than 2 GB total memory."
+    read -r -p  "Do you want to disable Solr now? [Y/n] " response
+    case $response in
+      [nN][oO]|[nN])
+        SKIP_SOLR=n
+        ;;
+      *)
+        SKIP_SOLR=y
       ;;
-    *)
-      SKIP_SOLR=y
-    ;;
-  esac
-else
-  SKIP_SOLR=n
+    esac
+  else
+    SKIP_SOLR=n
+  fi
 fi
 
 if [[ ${SKIP_BRANCH} != y ]]; then

From 52455be8150a7488ae2cff674621ec5f5fc2613c Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sat, 30 Mar 2024 01:09:22 +0100
Subject: [PATCH 180/755] Translations update from Weblate (#5810)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Web] Updated lang.lt-lt.json

[Web] Updated lang.lt-lt.json

[Web] Updated lang.lt-lt.json

[Web] Updated lang.lt-lt.json

[Web] Updated lang.lt-lt.json

[Web] Updated lang.lt-lt.json

[Web] Added lang.lt-lt.json

Co-authored-by: Ari Archer <ari@ari.lt>
Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.lv-lv.json

[Web] Updated lang.lv-lv.json

[Web] Updated lang.lv-lv.json

[Web] Updated lang.lv-lv.json

Co-authored-by: Edgars Andersons <Edgars+Mailcow+Weblate@gaitenis.id.lv>
Co-authored-by: Edgars Počs <edgars.pocs@dna.lv>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.tr-tr.json

[Web] Updated lang.tr-tr.json

[Web] Updated lang.tr-tr.json

[Web] Updated lang.tr-tr.json

[Web] Updated lang.tr-tr.json

[Web] Updated lang.tr-tr.json

Co-authored-by: evrenkoksal <evrenkoksal@gmail.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* Add lt-lt in vars.inc.php

---------

Co-authored-by: Ari Archer <ari@ari.lt>
Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: Edgars Andersons <Edgars+Mailcow+Weblate@gaitenis.id.lv>
Co-authored-by: Edgars Počs <edgars.pocs@dna.lv>
Co-authored-by: evrenkoksal <evrenkoksal@gmail.com>
---
 data/web/inc/vars.inc.php     |   1 +
 data/web/lang/lang.lt-lt.json | 354 ++++++++++++++++++++++++++++++++++
 data/web/lang/lang.lv-lv.json |  53 +++--
 data/web/lang/lang.tr-tr.json | 165 +++++++++++++++-
 4 files changed, 550 insertions(+), 23 deletions(-)
 create mode 100644 data/web/lang/lang.lt-lt.json

diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php
index 8cfafa2bb..830b21805 100644
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@@ -95,6 +95,7 @@ $AVAILABLE_LANGUAGES = array(
   'it-it' => 'Italiano (Italian)',
   'ko-kr' => '한국어 (Korean)',
   'lv-lv' => 'latviešu (Latvian)',
+  'lt-lt' => 'Lietuvių (Lithuanian)',
   'nb-no' => 'Norsk (Norwegian)',
   'nl-nl' => 'Nederlands (Dutch)',
   'pl-pl' => 'Język Polski (Polish)',
diff --git a/data/web/lang/lang.lt-lt.json b/data/web/lang/lang.lt-lt.json
new file mode 100644
index 000000000..f5413b1a9
--- /dev/null
+++ b/data/web/lang/lang.lt-lt.json
@@ -0,0 +1,354 @@
+{
+    "acl": {
+        "app_passwds": "Tvarkyti programėlių slaptažodžius",
+        "bcc_maps": "BCC žemėlapiai",
+        "domain_desc": "Keisti domeno aprašymą",
+        "eas_reset": "Išvalyti EAS įrenginius",
+        "filters": "Filtrai",
+        "login_as": "Prisijungti kaip elektroninio pašto naudotojas",
+        "protocol_access": "Keisti protokolų prieigą",
+        "quarantine": "Karantino valdymas",
+        "quarantine_category": "Keisti karantino pranešimo katrgoriją",
+        "quarantine_notification": "Keisti karantino pranešimus",
+        "ratelimit": "Prieigos limitas",
+        "recipient_maps": "Gavėjų sąsajos",
+        "smtp_ip_access": "Pakeisti prieinamuosius SMTP serverius",
+        "sogo_access": "Leisti SOGo prieigos valdymą",
+        "spam_policy": "Juodasis/Baltasis sąrašas",
+        "spam_score": "Šlamsto balas",
+        "tls_policy": "TLS politika",
+        "unlimited_quota": "Neribota elektroninio pašto dėžudžių kvota",
+        "quarantine_attachments": "Karantino priedai",
+        "sogo_profile_reset": "Nustatyti SOGo profilį iš naujo",
+        "alias_domains": "Pridėti pakaitinius domenus",
+        "delimiter_action": "Delimitatoriaus veiksmas",
+        "domain_relayhost": "Pakeisti peradresavimo serverį domenui",
+        "extend_sender_acl": "Leisti išplėsti siuntėjo ACL išoriniais adresais",
+        "mailbox_relayhost": "Pakeisti siuntimo serverį pašto dėžutei",
+        "prohibited": "Draudžiama pagal ACL",
+        "spam_alias": "Laikini slapyvardžiai",
+        "syncjobs": "Sinchronizuoti darbus"
+    },
+    "add": {
+        "active": "Aktyvus",
+        "add": "Pridėti",
+        "add_domain_only": "Pridėti tik domeną",
+        "add_domain_restart": "Pridėti domeną ir paleisti SOGo iš naujo",
+        "alias_domain_info": "<small>Tik tinkami domenų vardai (išskirta kableliais).</small>",
+        "app_name": "Programėlės pavadinimas",
+        "app_password": "Pridėti programėlės slaptažodį",
+        "app_passwd_protocols": "Prieinamieji programėlės slaptažodžio protokolai",
+        "custom_params": "Pasirinktiniai parametrai",
+        "delete1": "Ištrinti iš šaltinio, kai baigta",
+        "activate_filter_warn": "Visi kiti filtrai bus deaktivuoti, kai „aktyvus“ yra pražymėtas.",
+        "custom_params_hint": "Teisingai: --param=xy, neteisingai: --param xy",
+        "description": "Aprašymas",
+        "destination": "Gavėjas",
+        "domain": "Domenas",
+        "domain_quota_m": "Viso domeno kvota (MiB)",
+        "dry": "Simuliuoti sinchronizaciją",
+        "enc_method": "Šifravimo metodas",
+        "full_name": "Prilnas vardas",
+        "generate": "generuoti",
+        "goto_null": "Tyliai atmesti žinutes",
+        "goto_spam": "Išmokti kaip <span class=\"text-danger\"><b>šlamštas</b></span>",
+        "password": "Slaptažodis",
+        "select": "Pasirinkite...",
+        "select_domain": "Prima, pasirinkite domeną",
+        "sieve_desc": "Trumpas aprašymas",
+        "sieve_type": "Filtro tipas",
+        "mailbox_quota_def": "Numatytoji elelktroninio pašto dėžutės kvota",
+        "password_repeat": "Slaptažodžio patvirtininas (pakartoti)",
+        "disable_login": "Uždrausti prisijungimą (ateinančios žinutės vistiek bus gaunamos)",
+        "inactive": "Neaktyvus",
+        "alias_address": "Pakaitiniai/is adresai/as",
+        "alias_address_info": "<small>Pilnas el. pašto adresas (-ai) arba @example.com, kad gautumėte visus pranešimus iš domeno (atskirtus kableliais). <b>Tik \"mailcow\" domenai</b>.</small>",
+        "alias_domain": "Pakaitinis domenas",
+        "automap": "Stenktis automatiškai susieti aplankus (\"Išsiųsti\", \"Išsiųsti\" => \"išsiųsti\" ir tt.)",
+        "backup_mx_options": "Perdavimo nustatymai",
+        "bcc_dest_format": "BCC gavimo adresas turi būti vienas galiojantis el. pašto adresas.<br>Jei turite siųsti kopiją į kelis adresus, sukurkite slapyvardį ir naudokite jį čia.",
+        "delete2": "Ištrinti žinutes gavimo vietoje, kurios nėra šaltinyje.",
+        "delete2duplicates": "Ištrinti dublikatus gavimo vietoje",
+        "domain_matches_hostname": "Domenas %s atitinka serverio vardą",
+        "exclude": "Išskirti objektus (regex)",
+        "gal": "Visuotinis adresų sąrašas",
+        "gal_info": "GAL (Global Address List) apima visus domeno objektus ir jų negali redaguoti joks vartotojas. SOGo trūksta laisvosios/užimtosios informacijos, jei tai išjungta! <b>Perkraukite SOGo, kad pritaikytumėte pakeitimus.</b>"
+    },
+    "admin": {
+        "access": "Prieiga",
+        "active": "Aktyvus",
+        "add": "Pridėti",
+        "add_admin": "Pridėti administratorių",
+        "add_domain_admin": "Pridėti domeno administratorių",
+        "add_settings_rule": "Pridėti nustatymų taisyklę",
+        "admin": "Administratorius",
+        "admins": "Administratoriai",
+        "admins_ldap": "LDAP administratoriai",
+        "api_key": "API prieigos raktas",
+        "copy_to_clipboard": "Tekstas nukopijuotas!",
+        "cors_settings": "CORS nustatymai",
+        "dkim_from": "Iš",
+        "dkim_key_length": "DKIM rakto ilgis (bitai)",
+        "dkim_key_valid": "Raktas tinkamas",
+        "dkim_keys": "ARC/DKIM raktai",
+        "dkim_private_key": "Slaptasis raktas",
+        "dkim_to": "Į",
+        "domain": "Domenas",
+        "domain_admin": "Domeno administratorius",
+        "domain_admins": "Doneno administratoriai",
+        "domain_s": "Domenas/ai",
+        "duplicate": "Dublikatas",
+        "duplicate_dkim": "Dublikuotas DKIM įrašas",
+        "edit": "Redaguoti",
+        "empty": "Jokių rezultatų",
+        "f2b_filter": "Regex filtrai",
+        "filter_table": "Filtrų lentelė",
+        "from": "Nuo",
+        "generate": "generuoti",
+        "html": "HTML",
+        "import": "Importuoti",
+        "inactive": "Neaktyvus",
+        "message": "Žinutė",
+        "message_size": "Žinutės dydis",
+        "nexthop": "Kitas šuolis",
+        "no": "&#10005;",
+        "no_record": "Nėra įrašo",
+        "oauth2_apps": "OAuth2 Programėlės",
+        "oauth2_add_client": "Pridėti OAuth2 klientą",
+        "oauth2_client_id": "Kliento ID",
+        "optional": "pasirinktinas",
+        "options": "Nustatymai",
+        "password": "Slaptažodis",
+        "password_length": "Slaptažodžio ilgis",
+        "password_policy_chars": "Privalo turėti bent vieną numerį ar skaičių",
+        "password_policy_length": "Mažiausias slaptažodžio ilgis - %d",
+        "password_policy_numbers": "Privalo turėti bent vieną skaičių",
+        "password_policy_special_chars": "Privalo turėti specialiųjų ženklų",
+        "password_repeat": "Slaptažodžio patvirtinimas (pakartoti)",
+        "quarantine": "Karantinas",
+        "quarantine_notification_sender": "Pranešimų e-pašto siuntėjas",
+        "quarantine_release_format_att": "Kaip priedą",
+        "quarantine_release_format_raw": "Nepakeitas originalas",
+        "quota_notifications": "Kvotos pranešimai",
+        "r_active": "Aktyvūs apribojimai",
+        "r_inactive": "Neaktyvus apribojimai",
+        "refresh": "Perkrauti",
+        "regen_api_key": "Regeneruoti API raktą",
+        "relay_rcpt": "„Kam:“ adresas",
+        "relay_run": "Paleisti testą",
+        "remove": "Ištrinti",
+        "rsetting_add_rule": "Pridėti taisyklę",
+        "rsetting_desc": "Trumpas aprašymas",
+        "rspamd_global_filters_agree": "Aš busiu atsargus/i!",
+        "save": "Išsaugoti pakeitimus",
+        "search_domain_da": "Ieškoti domenus",
+        "send": "Siųsti",
+        "sender": "Siuntėjas",
+        "source": "Šaltinis",
+        "spamfilter": "Šlamšto filtras",
+        "text": "Tekstas",
+        "time": "Laikas",
+        "to_top": "Atgal į viršų",
+        "ui_header_announcement_content": "Tekstas (HTML leistina)",
+        "ui_header_announcement_select": "Pasirinkite pranešimo tipą",
+        "ui_header_announcement_type": "Tipas",
+        "ui_header_announcement_type_danger": "Labai svarbus",
+        "ui_header_announcement_type_info": "Info",
+        "upload": "Įkelti",
+        "username": "Naudotojo vardas",
+        "verify": "Patikrinti",
+        "yes": "&#10003;",
+        "customer_id": "Kliento ID",
+        "f2b_parameters": "„Fail2Ban“ parametrai",
+        "import_private_key": "Importuoti slaptąjį raktą",
+        "action": "Veiksmas",
+        "convert_html_to_text": "Konvertuoti HTML į paprastą tekstą",
+        "oauth2_renew_secret": "Geberuoti naują kliento slapuką",
+        "private_key": "Slaptasis raktas",
+        "sal_level": "Moo lygis",
+        "ui_header_announcement_type_warning": "Svarbus",
+        "admin_details": "Redaguoti administratoriaus duomenis",
+        "login_time": "Prisijungino laikas",
+        "ui_header_announcement": "Pranešimai",
+        "dkim_overwrite_key": "Perrašyti egzistuojantį DKIK raktą",
+        "f2b_whitelist": "Tinklai baltajama sąraše",
+        "f2b_blacklist": "Tinklai juodajame saraše",
+        "loading": "Prašau palaukite...",
+        "password_policy_lowerupper": "Privalo turėti mažuosius ir didžiuosius ženklus/raides",
+        "relay_from": "„Nuo:“ adresas"
+    },
+    "danger": {
+        "demo_mode_enabled": "Demo Režimas įjungtas",
+        "description_invalid": "Resurso %s aprašymas yra netinkamas",
+        "domain_exists": "Domenas %s jau egzistuoja",
+        "domain_invalid": "Domeno vardas tuščias arba netinkamas",
+        "domain_not_found": "Domenas %s nerastas",
+        "domain_quota_m_in_use": "Domeno kvota turi būti daygiau arba lygiai %s MiB",
+        "file_open_error": "Failas negali būti atidarytas įrašymui",
+        "filter_type": "Netinkamas filtro tipas",
+        "invalid_mime_type": "Netinkamas MIME tipas",
+        "login_failed": "Prisijungimas nepavyko",
+        "mailbox_defquota_exceeds_mailbox_maxquota": "Numatytoji kvota didesnė nei maksimalus kvotos limitas",
+        "mysql_error": "MySQL problema: %s",
+        "img_invalid": "Negalimas nuotraukos patikrinimas",
+        "mailbox_quota_left_exceeded": "Per mažai vietos diske (liko %d MiB)",
+        "comment_too_long": "Komentaeas per ilgas, maksimalus leistinas simbolių skaičius yra 160",
+        "nginx_reload_failed": "Nginx perkrovimas nepavyko: %s",
+        "invalid_filter_type": "Netinkamas filtro tipas"
+    },
+    "edit": {
+        "validate_save": "Patikrinti ir išsaugoti",
+        "unchanged_if_empty": "Jei nepakeista, palikite tuščią",
+        "username": "Naudotojo vardas"
+    },
+    "fido2": {
+        "confirm": "Patvirtinti",
+        "fido2_success": "Įrenginys sėkmingai užregistruotas",
+        "fido2_validation_failed": "Patikrinimas nepavyko",
+        "fn": "Draugiškasis vardas",
+        "known_ids": "Žinomi ID",
+        "none": "Neįgalintas",
+        "register_status": "Registracijos statusas",
+        "rename": "Pervadyti",
+        "set_fido2_touchid": "Registruokite Touch ID su Apple M1",
+        "set_fn": "Nustatyti draugiškąjį vardą",
+        "start_fido2_validation": "Pradėti FIDO2 patikrinimą",
+        "fido2_auth": "Prisijungti su FIDO2",
+        "set_fido2": "Registruoti FIDO2 įrengenį"
+    },
+    "footer": {
+        "cancel": "Atšaukti",
+        "confirm_delete": "Patvirtinti trynimą",
+        "delete_now": "Ištrinti dabar",
+        "hibp_check": "Patikrinti naudodami haveibeenpwned.com",
+        "hibp_nok": "Atitikta! Tai yra galimai pavojingas slaptažodis!",
+        "hibp_ok": "Nerasta jokių atitikmenų.",
+        "loading": "Prašome palaukti...",
+        "nothing_selected": "Niekas nepasirinkta",
+        "restart_container": "Paleiskite konteinerį iš naujo",
+        "restart_now": "Perkrauti dabar",
+        "restarting_container": "Perkraunamas konteineris, tai gali užtrukti.",
+        "delete_these_items": "Prašome patvirtinti savo pakeitimus šiam objekto ID",
+        "restart_container_info": "<b>Svarbu:</b> Sklandus paleidimas iš naujo gali užtrukti, prašome palaukti, kol jis baigsis."
+    },
+    "header": {
+        "administration": "Konfigūracija ir detalės",
+        "apps": "Programėlės",
+        "debug": "Informacija",
+        "email": "El. paštas",
+        "mailcow_system": "Sistema",
+        "mailcow_config": "Konfiguracija",
+        "quarantine": "Karantinas",
+        "restart_netfilter": "Paleisti „netfilter“ iš naujo",
+        "restart_sogo": "Paleisti SOGo iš naujo",
+        "user_settings": "Naudotojo Nustatymai"
+    },
+    "info": {
+        "no_action": "Nėra taikomų veiksmų",
+        "session_expires": "Jūsų sesija pasibaigs už maždaug 15 sekundžių.",
+        "awaiting_tfa_confirmation": "Laukiama DFA patvirtinimo"
+    },
+    "login": {
+        "fido2_webauthn": "FIDO2/WebAuthn Prisijungimas",
+        "login": "Prisijungti",
+        "other_logins": "Prisijungimas raktu",
+        "password": "Slaptažodis",
+        "username": "Naudotojo vardas",
+        "mobileconfig_info": "Prašome prisijungti kaip pašto dėžutės vartotojui, kad galėtumėte atsisiųsti pageidaujamą „Apple“ ryšio profilį."
+    },
+    "mailbox": {
+        "action": "Veiksmas",
+        "activate": "Aktivuoti",
+        "active": "Aktyvus",
+        "add": "Pridėti",
+        "add_alias": "Pridėti pseudonimą",
+        "add_alias_expand": "Išplėsti pseudonimą per pseudonimų domenus",
+        "add_bcc_entry": "Pridėti BCC žemėlapį",
+        "add_domain": "Pridėti domeną",
+        "add_domain_alias": "Pridėti pakaitinį domeną",
+        "add_domain_record_first": "Prašome pridėti domeną pirmiausia",
+        "add_filter": "Pridėti filtrą",
+        "add_mailbox": "Pridėti pašto dėžutę",
+        "add_recipient_map_entry": "Pridėti gavėjų žemėlapį",
+        "add_resource": "Pridėti resursą",
+        "add_template": "Pridėti Šabloną",
+        "add_tls_policy_map": "Pridėti TLS politikos schemą",
+        "address_rewriting": "Adresų perrašymas",
+        "alias": "Slapyvardis",
+        "alias_domain_backupmx": "Pakaitinis domenas nėra aktyvuotas peradresavimo domenui",
+        "all_domains": "Visi Domenai",
+        "allow_from_smtp_info": "Palikite tuščią, norėdami leisti visiems siuntėjams.<br>IPv4/IPv6 adresai ir tinklai.",
+        "backup_mx": "Peradresavimo domenas",
+        "bcc": "BCC",
+        "bcc_destination": "BCC gavimo vieta",
+        "bcc_destinations": "BCC gavimo vieta",
+        "bcc_local_dest": "Vietinė gavimo vieta",
+        "bcc_map": "BCC žemėlapis",
+        "bcc_map_type": "BCC tipas",
+        "bcc_maps": "BCC žemėlapiai",
+        "bcc_type": "BCC tipas",
+        "booking_null": "Visada rodyti kaip laisvą",
+        "booking_0_short": "Visada laisvas",
+        "booking_custom": "Nekintamasis apribojimas pagal individualią užsakymų sumą",
+        "booking_custom_short": "Nekintamasis ribojimas",
+        "booking_ltnull": "Neribotas, bet rodyti kaip užimtas, kai užrezervuota",
+        "booking_lt0_short": "Kintamasis apribojimas",
+        "catch_all": "Viską sugriebiantis",
+        "daily": "Kasdien",
+        "description": "Aprašymas",
+        "disable_login": "Uždrausti prisijungimą (gaunami el. laiškai vis dar priimami)",
+        "disable_x": "Išjungti",
+        "dkim_key_length": "DKIM rakto ilgis (bitai)",
+        "domain": "Domenas",
+        "domain_aliases": "Pakaitomieji domenai",
+        "domain_templates": "Domenų Šablonai",
+        "domain_quota": "Kvota",
+        "domain_quota_total": "Bendroji domeno kvota",
+        "domains": "Domenai",
+        "edit": "Redaguoti",
+        "filters": "Filtrai",
+        "fname": "Pilnas vardas",
+        "gal": "Visuotinis adresų sąrašas",
+        "goto_spam": "Išmokti kaip <b>šlamštas</b>",
+        "hourly": "Kas valandą",
+        "in_use": "Naudojimas (%)",
+        "inactive": "Neaktyvus",
+        "allowed_protocols": "Leidžiami protokolai tiesioginiam vartotojo prieigai (neturi įtakos programėlių slaptažodžių protokolams)",
+        "goto_ham": "Išmokti kaip <b>ham</b>",
+        "aliases": "Pseudonimai",
+        "allow_from_smtp": "Leiskite tik šiems IP naudotis <b>SMTP</b>",
+        "alias_domain_alias_hint": "Pseudonimai <b>nėra</b> taikomi domeno pseudonimams automatiškai. Pseudonimo adresas <code>my-alias@domain</code> <b>neapima</b> adreso <code>my-alias@alias-domain</code> (kur \"alias-domain\" yra įsivaizduojamas \"domain\" pseudonimas).<br>Prašome naudoti sieve filtrą, kad nukreiptumėte laiškus į išorinę pašto dėžutę (žr. skirtuką \"Filtrai\" arba naudokite SOGo -> Peradresavimas). Naudokite \"Išplėsti pseudonimus per pseudonimų sritis\" kad automatiškai pridėti trūkstamus pseudonimus.",
+        "deactivate": "Deaktivuoti",
+        "domain_admins": "Domeno administratoriai",
+        "enable_x": "Įjungti",
+        "last_run_reset": "Suplanuoti kitą",
+        "mailbox": "Pašto dėžutė",
+        "mailbox_defaults": "Numatytieji nustatymai",
+        "mailbox_defaults_info": "Nustatyti numatytuosius nustatymus naujoms pašto dėžutėms.",
+        "mailbox_defquota": "Numatytasis pašto dėžutės dydis",
+        "mailbox_templates": "Pašto dėžučių šablonai",
+        "mailbox_quota": "Maks. pašto dėžutės dydis",
+        "mailboxes": "Pašto dėžutės",
+        "max_aliases": "Maks. slapyvardžiai",
+        "max_mailboxes": "Maks. galimų pašto dėžučių",
+        "max_quota": "Maks. kvota kiekvienai pašto dėžutei",
+        "mins_interval": "Intervalas (min)",
+        "msg_num": "Žinutė #"
+    },
+    "quarantine": {
+        "atts": "Priedaj",
+        "check_hash": "Ieškoti failo Hash'o @ VT",
+        "confirm": "Patvirtinti",
+        "confirm_delete": "Patvirtinti šio elemento trynimą",
+        "danger": "Pavojus"
+    },
+    "success": {
+        "domain_admin_added": "Pridėtas domeno administractorius %s",
+        "domain_admin_removed": "Domeno administratorius %s ištrintas",
+        "domain_modified": "Domeno %s pakitimai išsaugoti",
+        "domain_removed": "Domenas %s ištrintas",
+        "dovecot_restart_success": "„Doveccot“ perkrautas",
+        "domain_added": "Pridėtas domenas %s",
+        "domain_admin_modified": "Pakeitimai domeno adminustratoriui %s išsaugoti"
+    }
+}
diff --git a/data/web/lang/lang.lv-lv.json b/data/web/lang/lang.lv-lv.json
index f22545e17..6ee393c4a 100644
--- a/data/web/lang/lang.lv-lv.json
+++ b/data/web/lang/lang.lv-lv.json
@@ -6,7 +6,15 @@
         "syncjobs": "Sinhronizācijas uzdevumi",
         "spam_score": "Mēstules novērtējums",
         "alias_domains": "Pievienot aizstājdomēnus",
-        "spam_alias": "Pagaidu aizstājvārdi"
+        "spam_alias": "Pagaidu aizstājvārdi",
+        "app_passwds": "Lietotņu paroļu pārvaldība",
+        "delimiter_action": "Atdalītāja darbība",
+        "domain_desc": "Mainīt domēna aprakstu",
+        "domain_relayhost": "Mainīt domēna relayhost",
+        "eas_reset": "EAS ierīču atiestatīšana",
+        "extend_sender_acl": "Ļauj paplašināt sūtītāja ACL ar ārējām adresēm",
+        "login_as": "Pieteikšanās kā pastkastes lietotājam",
+        "mailbox_relayhost": "Pasta kastītes relayhost maiņa"
     },
     "add": {
         "activate_filter_warn": "Visi pārējie filtri tiks deaktivizēti, kad aktīvs ir atzīmēts.",
@@ -14,7 +22,7 @@
         "add": "Pievienot",
         "add_domain_only": "Tikai pievienot domēnu",
         "add_domain_restart": "Pievienot domēnu un restartēt SOGo",
-        "alias_address": "Aizstājvārdu addrese/s",
+        "alias_address": "Aizstājaddrese/s",
         "alias_address_info": "<small>Pilna epasta addrese/s vai @piemērs.com, lai notvertu visas domēna ziņas (komatu atdalītas). <b>tikai mailcow domēni</b>.</small>",
         "alias_domain": "Aizstājdomēni",
         "alias_domain_info": "<small>Tikai derīgi domēna vārdi (komatu atdalīti).</small>",
@@ -132,7 +140,7 @@
         "regen_api_key": "Reģenerēt API atslēgu",
         "relay_from": "\"No:\" addrese",
         "relay_run": "Palaist testu",
-        "relayhosts_hint": "Definējiet  relejhostus šeit, lai tos varētu izvēlēties domēna konfigurācijas logā.",
+        "relayhosts_hint": "Norādīt no sūtītāja atkarīgas piegādes, lai varētu tos atlasīt domēnu konfigurācijas uzvednē.<br>\n  Piegādes pakalpojums vienmēr ir \"smtp\", tādējādi tiks mēģināts TLS, kad piedāvāts. Iekļautais TLS (SMTPS) netiek atbalstīts. Tiek ņemts vērā lietotāja atsevišķais izejošā TLS nosacījuma iestatījums.<br>\n  Ietekmē atlasītos domēnus, tajā skaitā aizstājdomēnus.",
         "remove": "Noņemt",
         "remove_row": "Noņemt rindu",
         "reset_default": "Atiestatīt uz noklusējumu",
@@ -158,12 +166,12 @@
     },
     "danger": {
         "access_denied": "Piekļuve liegta, vai nepareizi dati",
-        "alias_domain_invalid": "Alias domēns ir nepareizs",
-        "alias_empty": "Alias adrese nevar būt tukša",
-        "alias_goto_identical": "Alias un domēnvārds nevar būt identisks",
-        "alias_invalid": "Alias adrese nepareiza",
-        "aliasd_targetd_identical": "Alias domēns nevar būt vienāds ar mērķa domēnu",
-        "aliases_in_use": "Maks. aliases jabūt lielākām vai vienādām ar %d",
+        "alias_domain_invalid": "Aizstājdomēns %s ir nederīgs",
+        "alias_empty": "Aizstājadrese nedrīkst būt tukša",
+        "alias_goto_identical": "Aizstājvārds un mērķa adrese nedrīkst būt vienādi",
+        "alias_invalid": "Aizstājadrese %s ir nederīga",
+        "aliasd_targetd_identical": "Aizstājdomēns nedrīkst būt vienāds ar mērķa domēnu: %s",
+        "aliases_in_use": "Pieļaujamajam aizstājvārdu skaitam jābūt lielākam vai vienādam ar %d",
         "description_invalid": "Resursa apraksts ir nederīgs",
         "dkim_domain_or_sel_invalid": "DKIM domēns vai selektors nepareizs",
         "domain_exists": "Domēns %s jau pastāv",
@@ -171,15 +179,15 @@
         "domain_not_empty": "Nevar noņemt neaizpildītu domēnu",
         "domain_not_found": "Domēns %s nav atrasts",
         "domain_quota_m_in_use": "Domēna kvotai jābūt lielākai vai vienādai ar %s MiB",
-        "goto_empty": "Goto adrese nevar būt tukša",
+        "goto_empty": "Aizstājādresei jāsatur vismaz viena derīga mērķa adrese",
         "goto_invalid": "Goto adrese nepareiza",
         "imagick_exception": "Kļūda: Imagick izņēmums, lasot attēlu",
         "img_invalid": "Nevar apstiprināt attēla failu",
         "img_tmp_missing": "Nevar apstiprināt attēla failu: pagaidu failu nav atrasts",
         "invalid_mime_type": "Nederīgs mime tips",
-        "is_alias": "%s jau ir zināms alias",
-        "is_alias_or_mailbox": "%s jau ir zināms alias, pastkastes vai alias addrese izvērsta no alias domēna.",
-        "is_spam_alias": "%s ir jau zināms spam alias",
+        "is_alias": "%s jau ir zināma kā aizstājadrese",
+        "is_alias_or_mailbox": "%s jau ir zināms kā aizstājvārds, pastkaste vai aizstājadrese, kas ir izvērsta no aizstājdomēna.",
+        "is_spam_alias": "%s jau ir zināma kā pagaidu aizstājadrese (aizstājadrese mēstulēm)",
         "last_key": "Pēdējo atslēgu nevar izdzēst, tā vietā jāatspējo divpakāpju pārbaude.",
         "login_failed": "Ielogošanās neveiksmīga",
         "mailbox_invalid": "Pastkastes vārds ir nederīgs",
@@ -187,7 +195,7 @@
         "mailbox_quota_exceeds_domain_quota": "Pastkastes izmērs pārsniedz maksimāli pieļaujamo",
         "mailbox_quota_left_exceeded": "Nav pietiekami daudz vietas (atlikusī vieta: %d MiB)",
         "mailboxes_in_use": "Maks. pastkastēm jābūt lielākām vai vienādām ar %d",
-        "max_alias_exceeded": "Visas aliases izmantotas",
+        "max_alias_exceeded": "Pārsniegts pieļaujamo aizstājvārdu skaits",
         "max_mailbox_exceeded": "Maksimālais pastkastšu skaits sasniegts (%d of %d)",
         "max_quota_in_use": "Pastkastes kvotai jābūt lielākai vai vienādai %d MiB",
         "maxquota_empty": "Maksimālais pieļaujamais izmērs nevar būt 0.",
@@ -219,7 +227,7 @@
     },
     "edit": {
         "active": "Aktīvs",
-        "alias": "Rediģēt alias",
+        "alias": "Labot aizstājvārdu",
         "automap": "Mēģiniet automatizēt mapes (\"Nosūtītie vienumi\", \"Nosūtītie\" => \"Nosūtītie\" utt.)",
         "backup_mx_options": "Dublēt MX iespējas",
         "delete1": "Dzēst no avota, kad pabeigts",
@@ -230,8 +238,8 @@
         "domain_admin": "Labot domēna administratoru",
         "domain_quota": "Domēna kvota",
         "domains": "Domēni",
-        "dont_check_sender_acl": "Atspējot domēna sūtītāju pārbaudi %s + alias domēni",
-        "edit_alias_domain": "Rediģēt alias domēnu",
+        "dont_check_sender_acl": "Atspējot sūtītāju pārbaudi domēnam %s (+ aizstājdomēni)",
+        "edit_alias_domain": "Labot aizstājdomēnu",
         "encryption": "Šifrēšana",
         "exclude": "Neiekļaut objektus (regex)",
         "force_pw_update": "Piespiedu paroles atjaunošana pie nākošās pieslēgšanās",
@@ -241,7 +249,7 @@
         "inactive": "Neaktīvs",
         "kind": "Veids",
         "mailbox": "Rediģēt pastkasti",
-        "max_aliases": "Maks. aliases",
+        "max_aliases": "Lielākais aizstājvārdu skaits",
         "max_mailboxes": "Maks. iespējamās pastkastes",
         "max_quota": "Maks. kvota uz pastkasti (MiB)",
         "maxage": "Maximum age of messages in days that will be polled from remote<br><small>(0 = ignore age)</small>",
@@ -274,7 +282,14 @@
         "username": "Lietotājvārds",
         "validate_save": "Apstiprināt un saglabāt",
         "last_modified": "Pēdējoreiz mainīts",
-        "domain_footer_skip_replies": "Neņemt vērā kājeni atbildes e-pastos"
+        "domain_footer_skip_replies": "Neņemt vērā kājeni atbildes e-pastos",
+        "bcc_dest_format": "BCC galamērķim jābūt vienai derīgai e-pasta adresei.<br>Ja ir nepieciešams nosūtīt kopiju uz vairākām adresēm, jāizveido aizstājvārds, un tas ir jāizmanto šeit.",
+        "extended_sender_acl_info": "Vajadzētu ievietot DKIM domēna atslēgu, ja tā ir pieejama.<br>\n  Jāatceras pievienot šo serveri attiecīgajam SPF TXT ierakstam.<br>\n  Kad vien šim serverim tiek pievienots domēns vai aizstājdomēns, kas pārklājas ar ārēju adresi, ārējā adrese tiek noņemta.<br>\n  Jāizmanto @domain.tld, lai ļautu nosūtīt kā *@domain.tld.",
+        "pushover_info": "Pašpiegādes paziņojumu iestatījumi tiks piemēroti visiem tīrajiem (ne surogātpasta) sūtījumiem, kas piegādāti <b>%s</b>, tostarp aizstājvārdiem (kopīgotiem, nekopīgotiem, ar birkām).",
+        "mailbox_relayhost_info": "Tiek piemērots tikai pastkastei un tiešajiem aizstājvārdiem, aizstāj domēna retranslācijas saimniekdatoru.",
+        "sender_acl_info": "Ja pastkastes lietotājam A ir ļauts sūtīt kā pastkastes lietotājam B, sūtītāja adrese SOGo netiek automātiski parādīta kā atlasāms lauks \"no\".<br>.\n  Pastkastes lietotājam B SOGo ir jāizveido pilnvarojums, lai pastkastes lietotājs A varētu izvēlēties tā adresi kā sūtītāja. Lai SOGo pilnvarotu pastkasti, pasta skatā jāizmanto izvēlne (trīs punkti) pa labi no pastkastes nosaukuma augšējā kreisajā pusē. Šī darbība neattiecas uz aizstājadresēm.",
+        "sogo_visible": "Aizstājvārds ir redzams SOGo",
+        "sogo_visible_info": "Šī iespēja ietekmē tikai tos objektus, kurus var parādīt SOGo (koplietojamās vai nekoplietojamās aizstājadreses, kas norāda uz vismaz vienu vietējo pastkasti). Ja paslēpts, netiks parādīts SOGo kā atlasāms sūtītājs."
     },
     "footer": {
         "cancel": "Atcelt",
diff --git a/data/web/lang/lang.tr-tr.json b/data/web/lang/lang.tr-tr.json
index 5219c41d2..b1aac5e7b 100644
--- a/data/web/lang/lang.tr-tr.json
+++ b/data/web/lang/lang.tr-tr.json
@@ -68,7 +68,7 @@
         "goto_null": "Postaları çöpe at",
         "goto_spam": "Spam olarak<span class=\"text-danger\"><b>işaretle</b></span>",
         "hostname": "Ana sunucu",
-        "inactive": "İnaktif",
+        "inactive": "Pasif",
         "kind": "Tür",
         "mailbox_quota_def": "Varsayılan e-posta kotası",
         "mailbox_quota_m": "E-posta başına maksimum kota (MiB)",
@@ -77,7 +77,7 @@
         "max_mailboxes": "Maksimum e-posta hesabı",
         "mins_interval": "Sorgulama döngüsü (dakika)",
         "multiple_bookings": "Birden fazla rezervasyon",
-        "nexthop": "Next hop",
+        "nexthop": "Sonraki atlama",
         "password": "Şifre",
         "password_repeat": "Şifre (tekrar)",
         "port": "Port",
@@ -107,7 +107,8 @@
         "timeout2": "Yerel ana bilgisayara bağlantı için zaman aşımı",
         "username": "Kullanıcı Adı",
         "validate": "Doğrula",
-        "validation_success": "Doğrulama başarılı"
+        "validation_success": "Doğrulama başarılı",
+        "dry": "Senkronizasyonu simüle et"
     },
     "admin": {
         "action": "İşlem",
@@ -133,7 +134,163 @@
         "duplicate_dkim": "Çift DKIM kayıtları",
         "f2b_ban_time": "Yasaklama süresi (saniye)",
         "f2b_max_attempts": "Maksimum giriş denemesi",
-        "f2b_retry_window": "Maksimum girişim için deneme pencere(leri)"
+        "f2b_retry_window": "Maksimum girişim için deneme pencere(leri)",
+        "ip_check_disabled": "IP kontrolü devre dışı. Bunu <br> <strong>Sistem > Yapılandırma > Seçenekler > Özelleştir</strong> altında etkinleştirebilirsiniz.",
+        "logo_info": "Resminiz, üst gezinme çubuğu için 40 piksel yüksekliğe ve maks. başlangıç sayfası için 250 piksel genişlik. Ölçeklenebilir bir grafik şiddetle tavsiye edilir.",
+        "forwarding_hosts_add_hint": "IPv4/IPv6 adreslerini, CIDR gösterimindeki ağları, ana bilgisayar adlarını (IP adreslerine çözümlenecek) veya alan adlarını (SPF kayıtlarını veya yokluğunda MX kayıtlarını sorgulayarak IP adreslerine çözümlenecek) belirtebilirsiniz.",
+        "include_exclude_info": "Varsayılan olarak - seçim yapılmadan - <b>tüm posta kutuları</b> adreslenir",
+        "credentials_transport_warning": "<b>Uyarı</b>: Yeni bir ulaşım haritası girişi eklemek, eşleşen bir sonraki atlama sütunuyla tüm girişlerin kimlik bilgilerini güncelleyecektir.",
+        "f2b_manage_external_info": "Fail2ban yasak listeyi koruyacak fakat trafiğe engel olacak kurallar koymayacak.Trafiği dışarıdan engellemek için aşağıda oluşturulan yasak listesini kullanın.",
+        "add_settings_rule": "Ayarlar kuralı ekle",
+        "add_transports_hint": "Lütfen, varsa, kimlik doğrulama verilerinin düz metin olarak saklanacağını unutmayın.",
+        "additional_rows": " ek satırlar eklendi",
+        "admin": "Yönetici",
+        "admins": "Yöneticiler",
+        "admins_ldap": "LDAP yöneticileri",
+        "advanced_settings": "Gelişmiş ayarlar",
+        "allowed_origins": "Access-Control-Allow-Origin",
+        "cors_settings": "CORS ayarları",
+        "last_applied": "Son uygulanan",
+        "logo_normal_label": "Normal",
+        "logo_dark_label": "Karanlık moda çevir",
+        "f2b_max_ban_time": "Max. yasaklanma süresi (s)",
+        "guid": "GUID - benzersiz örnek kimliği",
+        "guid_and_license": "GUID & Lisans",
+        "copy_to_clipboard": "Metni panoya kopyala",
+        "dkim_add_key": "ARC/DKIM key ekle",
+        "dkim_domains_selector": "Seçici",
+        "dkim_from": "Gönderen",
+        "dkim_key_length": "DKIM anahtar uzunluğu (bit)",
+        "dkim_key_missing": "Anahtar eksik",
+        "dkim_key_unused": "Anahtar kullanılamaz",
+        "dkim_key_valid": "Anahtar geçerli",
+        "dkim_keys": "ARC/DKIM anahtarları",
+        "dkim_overwrite_key": "Mevcut DKIM anahtarının üzerine yaz",
+        "dkim_private_key": "Özel anahtar",
+        "f2b_ban_time_increment": "Yasaklanma süresi her engellemede artar",
+        "f2b_manage_external": "Fail2Ban'ı dışarıdan yönetin",
+        "f2b_regex_info": "Dikkate alınan günlükler: SOGo, Postfix, Dovecot, PHP-FPM.",
+        "f2b_whitelist": "Beyaz listeye alınan ağlar/ana bilgisayarlar",
+        "filter_table": "Tabloyu filtrele",
+        "forwarding_hosts": "Yönlendirme Ana Bilgisayarları",
+        "forwarding_hosts_hint": "Gelen mesajlar burada listelenen tüm ana bilgisayarlardan koşulsuz olarak kabul edilir. Bu ana bilgisayarlar daha sonra DNSBL'lere karşı kontrol edilmez veya gri listeye tabi tutulmaz. Onlardan gelen istenmeyen e-postalar asla reddedilmez, ancak isteğe bağlı olarak Önemsiz klasörüne dosyalanabilir. Bunun en yaygın kullanımı, gelen e-postaları mailcow sunucunuza ileten bir kural kurduğunuz posta sunucularını belirtmektir.",
+        "from": "Kimden",
+        "generate": "oluştur",
+        "hash_remove_info": "Bir hız sınırı karmasını (hala mevcutsa) kaldırmak, sayacını tamamen sıfırlayacaktır.<br>\n  Her karma ayrı bir renkle belirtilir.",
+        "help_text": "Oturum açma maskesinin altındaki yardım metnini geçersiz kıl (HTML'ye izin verilir)",
+        "host": "Host",
+        "html": "HTML",
+        "import": "İçe aktar",
+        "import_private_key": "Özel anahtarı içe aktar",
+        "in_use_by": "tarafından kullanımda",
+        "inactive": "Pasif",
+        "include_exclude": "Dahil et, hariç tut",
+        "includes": "Bu alıcıları dahil et",
+        "ip_check_opt_in": "Harici IP adreslerini çözümlemek için <strong>ipv4.mailcow.email</strong> ve <strong>ipv6.mailcow.email</strong> üçüncü taraf hizmetini kullanmayı seçin.",
+        "is_mx_based": "MX tabanlı",
+        "link": "Link",
+        "loading": "Lütfen bekleyin…",
+        "login_time": "Giriş zamanı",
+        "lookup_mx": "Hedef, MX adıyla eşleşecek normal bir ifadedir (google.com ile biten bir MX'e hedeflenen tüm postaları bu atlama üzerinden yönlendirmek için <code>.*google\\\\.com</code>)",
+        "main_name": "“mailcow UI” adı",
+        "merged_vars_hint": "Grileştirilmiş satırlar <code>vars.(local.)inc.php</code> dosyasından birleştirildi ve değiştirilemez.",
+        "message": "Mesaj",
+        "message_size": "Mesaj boyutu",
+        "nexthop": "Sonraki atlama",
+        "no": "&#10005;",
+        "no_active_bans": "Aktif yasak yok",
+        "allowed_methods": "Access-Control-Allow-Methods",
+        "f2b_netban_ipv4": "Yasak uygulanacak IPv4 alt ağ boyutu (8-32)",
+        "f2b_netban_ipv6": "Yasak uygulanacak IPv6 alt ağ boyutu (8-32)",
+        "f2b_parameters": "Fail2ban parametreleri",
+        "empty": "Sonuç yok",
+        "excludes": "Bu alıcıları hariç tutar",
+        "f2b_blacklist": "Kara listeye alınan ağlar/ana bilgisayarlar",
+        "f2b_filter": "Regex filtreleri",
+        "f2b_list_info": "Kara listeye alınmış bir ana bilgisayar veya ağ, her zaman beyaz listedeki bir varlıktan daha ağır basacaktır. <b>Liste güncellemelerinin uygulanması birkaç saniye sürecektir.</b>",
+        "ip_check": "IP Kontrol",
+        "access": "Erişim",
+        "activate_api": "API etkinleştir",
+        "activate_send": "Gönder düğmesini etkinleştir",
+        "active": "Etkinleştir",
+        "active_rspamd_settings_map": "Aktif ayarlar haritası",
+        "add_admin": "Yönetici ekle",
+        "add_relayhost": "Gönderene bağlı aktarım ekle",
+        "add_relayhost_hint": "Lütfen, varsa, kimlik doğrulama verilerinin düz metin olarak saklanacağını unutmayın.",
+        "add_row": "Satır ekle",
+        "api_allow_from": "Bu IP'lerden/CIDR ağ gösterimlerinden API erişimine izin ver",
+        "api_key": "API anahtarı",
+        "api_read_only": "Sadece okuma",
+        "api_read_write": "Okuma yazma",
+        "api_skip_ip_check": "API için IP kontrolünü atla",
+        "app_links": "Uygulama linkleri",
+        "app_name": "Uygulama adı",
+        "arrival_time": "Varış zamanı (sunucu zamanı)",
+        "customer_id": "Müşteri Kimliği",
+        "customize": "Özelleştir",
+        "destination": "Hedef",
+        "ays": "Devam etmek istediğinizden emin misiniz?",
+        "change_logo": "Logoyu değiştir",
+        "convert_html_to_text": "HTML'yi düz metne dönüştürün",
+        "edit": "Düzenle",
+        "no_new_rows": "Başka satır yok",
+        "oauth2_client_secret": "Client anahtarı",
+        "quarantine_release_format": "Serbest bırakılan öğelerin biçimi",
+        "oauth2_info": "OAuth2 uygulaması,  \"Yetkilendirme Kodu\" verme türünü destekler ve yenileme belirteçleri yayınlar.<br>\nSunucu, bir yenileme belirteci kullanıldıktan sonra otomatik olarak yeni yenileme belirteçleri de verir.<br><br>\n&#8226; Varsayılan kapsam <i>profil</i>'dir. OAuth2'ye karşı yalnızca posta kutusu kullanıcılarının kimliği doğrulanabilir. Kapsam parametresi atlanırsa, <i>profile</i>'ye geri döner.<br>\n&#8226; <i>state</i> parametresinin, yetkilendirme isteğinin bir parçası olarak istemci tarafından gönderilmesi gerekir.<br><br>\nOAuth2 API'sine yapılan istekler için yollar: <br>\n< ul>\n<li>Yetkilendirme bitiş noktası: <code>/oauth/authorize</code></li>\n<li>Token bitiş noktası: <code>/oauth/token</code></ li>\n<li>Kaynak sayfası: <code>/oauth/profile</code></li>\n</ul>\nİstemci sırrının yeniden oluşturulması, mevcut yetkilendirme kodlarının süresinin dolmasına neden olmaz, ancak belirteçlerini yenileyemezler.<br><br>\nİstemci belirteçlerini iptal etmek, tüm etkin oturumların derhal sonlandırılmasına neden olur. Tüm istemcilerin yeniden kimlik doğrulaması yapması gerekir.",
+        "license_info": "Lisans gerekli değildir ancak daha fazla geliştirmeye yardımcı olur.<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"\">GUID'inizi buraya kaydedin.</a> or <a href=\"https://www.servercow.de/mailcow?lang=tr#destek\" target=\"_blank\" alt=\"\">Mailcow kurulumunuz için destek satın alın.</a>",
+        "no_record": "Kayıt yok",
+        "oauth2_apps": "OAuth2 Uygulamaları",
+        "oauth2_add_client": "OAuth2 client ekle",
+        "oauth2_client_id": "Client ID",
+        "optional": "isteğe bağlı",
+        "oauth2_redirect_uri": "URI Yönlendirmesi",
+        "oauth2_renew_secret": "Yeni client anahtarı oluştur",
+        "oauth2_revoke_tokens": "Tüm client tokenlarını iptal et",
+        "quarantine": "Karantina",
+        "options": "Seçenekler",
+        "password": "Şifre",
+        "password_length": "Parola uzunluğu",
+        "password_policy": "Şifre politikası",
+        "password_policy_chars": "En az bir alfabetik karakter içermelidir",
+        "password_policy_length": "Minimum parola uzunluğu %d'dir",
+        "password_policy_lowerupper": "Küçük ve büyük harf karakterleri içermelidir",
+        "password_policy_numbers": "En az bir sayı içermelidir",
+        "password_policy_special_chars": "Özel karakterler içermelidir",
+        "password_repeat": "Onay şifresi (tekrar)",
+        "priority": "Öncelik",
+        "private_key": "Özel anahtar",
+        "quarantine_bcc": "Tüm bildirimlerin bir kopyasını (BCC) bu alıcıya gönderin:<br><small>Devre dışı bırakmak için boş bırakın. <b>İmzasız, işaretlenmemiş posta. Yalnızca dahili olarak teslim edilmelidir.</b></small>",
+        "quarantine_exclude_domains": "Alan adlarını ve diğer alan adlarını hariç tut",
+        "quarantine_max_age": "Gün cinsinden maksimum yaş<br><small>Değer 1 güne eşit veya daha büyük olmalıdır.</small>",
+        "quarantine_max_score": "Bir epostanın spam puanı bu değerden yüksekse bildirim at:<br><small>Varsayılan değer 9999,0</small>",
+        "quota_notifications_vars": "{{percent}}, kullanıcının mevcut kotasına eşittir<br>{{username}} posta kutusu adıdır",
+        "quarantine_max_size": "MiB cinsinden maksimum boyut (daha büyük öğeler atılır):<br><small>0 sınırsız olduğunu <b>değil</b> göstermez.</small>",
+        "quarantine_notification_html": "Bildirim e-posta şablonu:<br><small>Varsayılan şablonu geri yüklemek için boş bırakın.</small>",
+        "quarantine_notification_sender": "Bildirim e-postası gönderen",
+        "quarantine_notification_subject": "Bildirim e-postası konusu",
+        "quarantine_redirect": "<b>Tüm bildirimleri bu alıcıya yönlendir</b>:<br><small>Devre dışı bırakmak için boş bırakın. <b>İmzasız, kontrol edilmemiş posta. Yalnızca dahili olarak teslim edilmelidir.</b></small>",
+        "quarantine_release_format_att": "Ek olarak",
+        "quarantine_release_format_raw": "Değiştirilmemiş orijinal",
+        "quarantine_retention_size": "Posta kutusu başına tutma sayısı:<br><small>0, <b>etkin değil</b> anlamına gelir.</small>",
+        "quota_notification_html": "Bildirim e-posta şablonu:<br><small>Varsayılan şablonu geri yüklemek için boş bırakın.</small>",
+        "quota_notification_sender": "Bildirim e-postası gönderen",
+        "quota_notification_subject": "Bildirim e-postası konusu",
+        "quota_notifications": "Kota bildirimleri",
+        "quota_notifications_info": "Kota bildirimleri, kullanıcılara %80'i geçtiğinde ve %95'i geçtiğinde bir kez gönderilir.",
+        "queue_unban": "Kuyruk yasağını kaldır",
+        "r_active": "Aktif kısıtlamalar",
+        "r_inactive": "Pasif kısıtlamalar",
+        "r_info": "Etkin kısıtlamalar listesindeki grileştirilmiş/devre dışı bırakılmış öğeler, posta kutusu için geçerli kısıtlamalar olarak bilinmez ve taşınamaz. Bilinmeyen kısıtlamalar yine de görünüm sırasına göre ayarlanacaktır. <br>Onları değiştirebilmek için <code>inc/vars.local.inc.php</code> içine yeni öğeler ekleyebilirsiniz.",
+        "rate_name": "Puan adı",
+        "recipients": "Alıcılar",
+        "refresh": "Yenile",
+        "regen_api_key": "API anahtarını yeniden oluştur",
+        "regex_maps": "Regex haritaları",
+        "relay_from": "\"Kimden:\" adresi",
+        "relay_rcpt": "\"Kime:\" adresi",
+        "relay_run": "Test çalıştır",
+        "relayhosts": "Gönderene bağlı aktarımlar",
+        "relayhosts_hint": "Etki alanı yapılandırma iletişim kutusunda seçebilmek için gönderene bağlı aktarımları tanımlayın.<br>\nAktarım hizmeti her zaman \"smtp:\" şeklindedir ve bu nedenle teklif edildiğinde TLS'yi deneyecektir. Sarılmış TLS (SMTPS) desteklenmez. Kullanıcıların bireysel giden TLS politikası ayarı dikkate alınır.\n<br> Takma ad alanları da dahil olmak üzere seçili alan adlarını etkiler."
     },
     "warning": {
         "cannot_delete_self": "Cannot delete logged in user",

From dc7a48cbf93215e0caf4a5abcc24ac4798999e6c Mon Sep 17 00:00:00 2001
From: yvan-algoo <138122659+yvan-algoo@users.noreply.github.com>
Date: Sat, 30 Mar 2024 01:10:12 +0100
Subject: [PATCH 181/755] Update French translation (#5805)

* Fix some typo in French translation

* Fix typo error introduced in last commit

* Fixed another typo introduced in my first commit
---
 data/web/lang/lang.fr-fr.json | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index 374da543d..dd048a3f5 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -52,7 +52,7 @@
         "delete2duplicates": "Supprimer les doubles à destination",
         "description": "Description",
         "destination": "Destination",
-        "disable_login": "Désactiver l'authentification (les mails entrants resteront acceptés)",
+        "disable_login": "Désactiver l'authentification (les e-mails entrants resteront acceptés)",
         "domain": "domaine",
         "domain_matches_hostname": "Le domaine %s correspond à la machine (hostname)",
         "domain_quota_m": "Quota total du domaine (Mo)",
@@ -170,7 +170,7 @@
         "domain_s": "Domaine(s)",
         "duplicate": "Dupliquer",
         "duplicate_dkim": "Dupliquer l'enregistrement DKIM",
-        "edit": "Editer",
+        "edit": "Éditer",
         "empty": "Aucun résultat",
         "excludes": "Exclure ces destinataires",
         "f2b_ban_time": "Durée du bannissement (s)",
@@ -352,7 +352,7 @@
         "app_passwd_id_invalid": "Le mot de passe ID %s de l'application est non valide",
         "bcc_empty": "La destination BCC destination ne peut pas être vide",
         "bcc_exists": "Une carte de transport BCC %s existe pour le type %s",
-        "bcc_must_be_email": "Le destination BCC %s n'est pas une adresse mail valide",
+        "bcc_must_be_email": "Le destination BCC %s n'est pas une adresse e-mail valide",
         "comment_too_long": "Le commentaire est trop long, 160 caractère max sont permis",
         "defquota_empty": "Le quota par défaut par boîte ne doit pas être 0.",
         "description_invalid": "La description des ressources pour %s est non valide",
@@ -503,7 +503,7 @@
     "edit": {
         "active": "Actif",
         "advanced_settings": "Réglages avancés",
-        "alias": "Editer les alias",
+        "alias": "Éditer les alias",
         "allow_from_smtp": "Restreindre l'utilisation de <b>SMTP</b> à ces adresses IP",
         "allow_from_smtp_info": "Laissez vide pour autoriser tous les expéditeurs.<br>Adresses IPv4/IPv6 et réseaux.",
         "allowed_protocols": "Protocoles autorisés",
@@ -521,12 +521,12 @@
         "delete_ays": "Veuillez confirmer le processus de suppression.",
         "description": "Description",
         "disable_login": "Refuser l’ouverture de session (le courrier entrant est toujours accepté)",
-        "domain": "Edition du domaine",
-        "domain_admin": "Edition de l'administrateur du domaine",
+        "domain": "Édition du domaine",
+        "domain_admin": "Édition de l'administrateur du domaine",
         "domain_quota": "Quota du domaine",
         "domains": "Domaines",
         "dont_check_sender_acl": "Désactiver la vérification de l’expéditeur pour le domaine %s (+ alias de domaines)",
-        "edit_alias_domain": "Edition des alias de domaine",
+        "edit_alias_domain": "Édition des alias de domaine",
         "encryption": "Cryptage",
         "exclude": "Exclure des objets (regex)",
         "extended_sender_acl": "Adresses de l’expéditeur externe",
@@ -542,7 +542,7 @@
         "inactive": "Inactif",
         "kind": "Type",
         "last_modified": "Dernière modification",
-        "mailbox": "Edition de la boîte mail",
+        "mailbox": "Édition de la boîte mail",
         "mailbox_quota_def": "Quota par défaut de la boîte",
         "max_aliases": "Nombre max. d'alias",
         "max_mailboxes": "Nombre max. de boîtes possibles",
@@ -598,7 +598,7 @@
         "target_domain": "Domaine cible",
         "timeout1": "Délai de connexion à l’hôte distant",
         "timeout2": "Délai de connexion à l’hôte local",
-        "title": "Editer l'objet",
+        "title": "Éditer l'objet",
         "unchanged_if_empty": "Si non modifié, laisser en blanc",
         "username": "Nom d'utilisateur",
         "validate_save": "Valider et sauver",
@@ -699,7 +699,7 @@
         "domain_quota": "Quota",
         "domain_quota_total": "Quota total du domaine",
         "domains": "Domaines",
-        "edit": "Editer",
+        "edit": "Éditer",
         "empty": "Pas de résulats",
         "enable_x": "Activer",
         "excludes": "Exclut",
@@ -1091,7 +1091,7 @@
         "sync_jobs": "Jobs de synchronisation",
         "tag_handling": "Régler la manipulation du courrier étiqueté",
         "tag_help_example": "Exemple pour une adresse e-mail étiquetée : me<b>+Facebook</b>@example.org",
-        "tag_help_explain": "Dans un sous-dossier : un nouveau sous-dossier nommé selon l'étiquette sera créé sous INBOX (\"INBOX/Facebook\").<br>\nDans le sujet : le nom des balises sera ajouté au début du sujet du mail, exemple : \"[Facebook] My News\".",
+        "tag_help_explain": "Dans un sous-dossier : un nouveau sous-dossier nommé selon l'étiquette sera créé sous INBOX (\"INBOX/Facebook\").<br>\nDans le sujet : le nom des balises sera ajouté au début du sujet de l'e-mail, exemple : \"[Facebook] My News\".",
         "tag_in_none": "Ne rien faire",
         "tag_in_subfolder": "Dans un sous dossier",
         "tag_in_subject": "Dans le sujet",

From 26be1cb6026c1425b8015460ae53e1b170e3bb05 Mon Sep 17 00:00:00 2001
From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com>
Date: Mon, 1 Apr 2024 11:28:06 +0300
Subject: [PATCH 182/755] Set local_addrs in Rspamd

---
 data/conf/rspamd/local.d/options.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/conf/rspamd/local.d/options.inc b/data/conf/rspamd/local.d/options.inc
index fcf499d7f..105bbdcd8 100644
--- a/data/conf/rspamd/local.d/options.inc
+++ b/data/conf/rspamd/local.d/options.inc
@@ -6,3 +6,4 @@ disable_monitoring = true;
 # In case a task times out (like DNS lookup), soft reject the message
 # instead of silently accepting the message without further processing.
 soft_reject_on_timeout = true;
+local_addrs = /etc/rspamd/custom/mailcow_networks.map;

From 5dc836671d6fbb302e164f3a6eab022f50f19adb Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Mon, 1 Apr 2024 21:57:15 +0200
Subject: [PATCH 183/755] [Web] Updated lang.tr-tr.json (#5813)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[Web] Updated lang.tr-tr.json

Co-authored-by: Uğurcan Albayrak <canalbayrakugur@gmail.com>
Co-authored-by: evrenkoksal <evrenkoksal@gmail.com>
---
 data/web/lang/lang.tr-tr.json | 837 +++++++++++++++++++++++++++++++++-
 1 file changed, 836 insertions(+), 1 deletion(-)

diff --git a/data/web/lang/lang.tr-tr.json b/data/web/lang/lang.tr-tr.json
index b1aac5e7b..8fff7bfac 100644
--- a/data/web/lang/lang.tr-tr.json
+++ b/data/web/lang/lang.tr-tr.json
@@ -290,7 +290,67 @@
         "relay_rcpt": "\"Kime:\" adresi",
         "relay_run": "Test çalıştır",
         "relayhosts": "Gönderene bağlı aktarımlar",
-        "relayhosts_hint": "Etki alanı yapılandırma iletişim kutusunda seçebilmek için gönderene bağlı aktarımları tanımlayın.<br>\nAktarım hizmeti her zaman \"smtp:\" şeklindedir ve bu nedenle teklif edildiğinde TLS'yi deneyecektir. Sarılmış TLS (SMTPS) desteklenmez. Kullanıcıların bireysel giden TLS politikası ayarı dikkate alınır.\n<br> Takma ad alanları da dahil olmak üzere seçili alan adlarını etkiler."
+        "relayhosts_hint": "Etki alanı yapılandırma iletişim kutusunda seçebilmek için gönderene bağlı aktarımları tanımlayın.<br>\nAktarım hizmeti her zaman \"smtp:\" şeklindedir ve bu nedenle teklif edildiğinde TLS'yi deneyecektir. Sarılmış TLS (SMTPS) desteklenmez. Kullanıcıların bireysel giden TLS politikası ayarı dikkate alınır.\n<br> Takma ad alanları da dahil olmak üzere seçili alan adlarını etkiler.",
+        "rspamd_global_filters_regex": "İsimleri amaçlarını açıklıyor. Tüm içerik, \"/pattern/options\" biçiminde geçerli normal ifade içermelidir (ör. <code>/.+@domain\\.tld/i</code>).<br>\n İlkel olmasına rağmen kontroller regex'in her satırında yürütülüyor, sözdizimini doğru okuyamazsa Rspamds işlevi bozulabilir.<br>\nRspamd değiştirildiğinde harita içeriğini okumaya çalışır. Sorun yaşarsanız, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">Rspamd'yi yeniden başlatın</a> bir haritanın yeniden yüklenmesini zorunlu kılmak için.<br>Kara listeye alınan öğeler karantinadan hariç tutulur.",
+        "transport_dest_format": "Regex veya sözdizimi: example.org, .example.org, *, box@example.org (birden çok değer virgülle ayrılabilir)",
+        "transports_hint": "&#8226; Bir aktarım haritası girişi, gönderene bağlı bir aktarım haritasını <b>geçersiz kılar</b>.<br>\n&#8226; Tercihen MX tabanlı aktarımlar kullanılır.<br>\n&#8226; Kullanıcı başına giden TLS ilke ayarları yoksayılır ve yalnızca TLS ilke eşleme girişleri tarafından zorunlu kılınabilir.<br>\n&#8226; Tanımlanmış taşımalar için taşıma hizmeti her zaman \"smtp:\" şeklindedir ve bu nedenle teklif edildiğinde TLS'yi deneyecektir. Sarılmış TLS (SMTPS) desteklenmez.<br>\n&#8226; \"/localhost$/\" ile eşleşen adresler her zaman \"local:\" yoluyla taşınır, bu nedenle bu adresler için bir \"*\" hedefi uygulanmaz.<br>\n&#8226; Örnek bir sonraki sıçrama \"[host]:25\" için kimlik bilgilerini belirlemek için, Postfix <b>her zaman</b> \"[host]:25\" için arama yapmadan önce \"host\" için sorgular. Bu davranış, aynı anda \"host\" ve \"[host]:25\" kullanımını imkansız hale getirir.",
+        "search_domain_da": "Alan adlarını ara",
+        "send": "Gönder",
+        "rspamd_com_settings": "Bir ayar adı otomatik olarak oluşturulacaktır, lütfen aşağıdaki örnek ön ayarlara bakın. Daha fazla ayrıntı için <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd belgelerine</a> bakın",
+        "rspamd_global_filters": "Küresel filtre haritaları",
+        "rspamd_global_filters_agree": "Dikkatli olacağım!",
+        "ui_header_announcement_type_warning": "Önemli",
+        "rsetting_desc": "Kısa tanım",
+        "rsetting_no_selection": "Lütfen bir kural seçin",
+        "rsetting_none": "Kullanılabilir kural yok",
+        "rsettings_insert_preset": "Örnek hazır ayar ekle \"%s\"",
+        "rsettings_preset_1": "Kimliği doğrulanmış kullanıcılar için DKIM ve hız sınırı hariç tümünü devre dışı bırakın",
+        "rsettings_preset_2": "Posta yöneticileri spam istiyor",
+        "rsettings_preset_3": "Bir posta kutusu için yalnızca belirli gönderenlere izin ver (yani yalnızca dahili posta kutusu olarak kullanım)",
+        "rsettings_preset_4": "Bir etki alanı için Rspamd'yi devre dışı bırakın",
+        "rspamd_global_filters_info": "Küresel filtre haritaları, farklı türde küresel kara ve beyaz listeler içerir.",
+        "rspamd_settings_map": "Rspamd ayarları haritası",
+        "sal_level": "Moo seviye",
+        "save": "Değişiklikleri kaydet",
+        "sender": "Gönderen",
+        "service": "Servis",
+        "service_id": "Servis ID",
+        "source": "Kaynak",
+        "spamfilter": "Spam filtresi",
+        "subject": "Konu",
+        "success": "Başarılı",
+        "sys_mails": "Sistem postaları",
+        "text": "Metin",
+        "time": "Zaman",
+        "title": "Başlık",
+        "title_name": "\"mailcow UI\" web sitesi başlığı",
+        "to_top": "Başa dön",
+        "transport_maps": "Ulaşım Haritaları",
+        "transport_test_rcpt_info": "&#8226; Yabancı bir hedefe geçişi test etmek için null@hosted.mailcow.de adresini kullanın.",
+        "ui_footer": "Altbilgi (HTML'ye izin verilir)",
+        "ui_header_announcement": "Duyurular",
+        "ui_header_announcement_active": "Duyuruyu etkin olarak ayarla",
+        "ui_header_announcement_content": "Metin (HTML'ye izin verilir)",
+        "ui_header_announcement_help": "Duyuru, oturum açmış tüm kullanıcılar tarafından ve kullanıcı arayüzünün oturum açma ekranında görülebilir.",
+        "ui_header_announcement_select": "Duyuru türünü seçin",
+        "ui_header_announcement_type_danger": "Çok önemli",
+        "ui_header_announcement_type_info": "Bilgi",
+        "ui_texts": "UI etiketleri ve metinleri",
+        "unban_pending": "Beklemede olan yasağı kaldır",
+        "unchanged_if_empty": "Değişmediyse boş bırakın",
+        "upload": "Yükle",
+        "username": "Kullanıcı adı",
+        "validate_license_now": "GUID'yi lisans sunucusuna göre doğrulayın",
+        "verify": "Doğrulayın",
+        "yes": "&#10003;",
+        "ui_header_announcement_type": "Türü",
+        "remove": "Kaldır",
+        "remove_row": "Satırı kaldır",
+        "reset_default": "Öntanımlı değerlere dön",
+        "reset_limit": "Hashi kaldır",
+        "routing": "Yönlendirme",
+        "rsetting_add_rule": "Kural ekle",
+        "rsetting_content": "Kural içeriği"
     },
     "warning": {
         "cannot_delete_self": "Cannot delete logged in user",
@@ -304,5 +364,780 @@
         "quota_exceeded_scope": "Domain kotası aşıldı: Bu domain kapsamında yalnızca sınırsız e-posta oluşturulabilir!",
         "session_token": "Form token geçersiz: Token uyuşmadı",
         "session_ua": "Form token geçersiz: User-Agent doğrulama hatası"
+    },
+    "datatables": {
+        "decimal": ".",
+        "info": "TOPLAM_ girişlerin _BAŞLANGIÇ_ ile _SON_ arası gösteriliyor",
+        "paginate": {
+            "first": "İlk",
+            "last": "Son",
+            "next": "Sonraki",
+            "previous": "Önceki"
+        },
+        "aria": {
+            "sortAscending": ": sütunu artan sıralama için etkinleştir",
+            "sortDescending": ": sütunu azalan şekilde sıralama için etkinleştirin"
+        },
+        "thousands": ",",
+        "collapse_all": "Tümünü Daralt",
+        "emptyTable": "Tabloda veri mevcut değil",
+        "expand_all": "Tümünü Genişlet",
+        "infoEmpty": "0 girişten 0 ila 0 arası gösteriliyor",
+        "infoFiltered": "(_MAX_ toplam girişlerden filtrelendi)",
+        "lengthMenu": "_MENU_ girişlerini göster",
+        "loadingRecords": "Yükleniyor...",
+        "processing": "Lütfen bekleyin...",
+        "search": "Ara:",
+        "zeroRecords": "Eşleşen kayıt bulunamadı"
+    },
+    "edit": {
+        "inactive": "Pasif",
+        "mailbox": "Posta kutusunu düzenle",
+        "mailbox_quota_def": "Varsayılan posta kutusu kotası",
+        "mailbox_relayhost_info": "Yalnızca posta kutusuna ve doğrudan takma adlara uygulanır, etki alanı geçiş ana bilgisayarını geçersiz kılar.",
+        "max_aliases": "Maks. takma adlar",
+        "max_mailboxes": "Maks. olası posta kutuları",
+        "max_quota": "Maks. posta kutusu başına kota (MiB)",
+        "extended_sender_acl_info": "Varsa, bir DKIM etki alanı anahtarı içe aktarılmalıdır.<br>\\r\\n Bu sunucuyu karşılık gelen SPF TXT kaydına eklemeyi unutmayın.<br>\\r\\n Bu sunucuya bir etki alanı veya takma ad etki alanı eklendiğinde, harici bir adresle çakışırsa, harici adres kaldırılır.<br>\\r\\n *@domain.tld olarak göndermeye izin vermek için @domain.tld kullanın.",
+        "footer_exclude": "Footerdan hariç tut",
+        "last_modified": "Son değişiklik",
+        "lookup_mx": "Hedef, MX adıyla eşleşecek normal bir ifadedir (google.com ile biten bir MX'e hedeflenen tüm postaları bu atlama üzerinden yönlendirmek için <code>.*google\\\\.com</code>)",
+        "sogo_access_info": "Posta kullanıcı arayüzünden tek oturum açma çalışmaya devam eder. Bu ayar, diğer tüm hizmetlere erişimi etkilemez veya bir kullanıcının mevcut SOGo profilini silmez veya değiştirmez.",
+        "comment_info": "Gizli bir yorum kullanıcı tarafından görülmezken, genel bir yorum, kullanıcının genel bakışında üzerine gelindiğinde araç ipucu olarak gösterilir.",
+        "sender_acl_info": "Posta kutusu A kullanıcısının posta kutusu kullanıcısı B olarak göndermesine izin veriliyorsa, gönderen adresi SOGo'da seçilebilir \\\"gönderen\\\" alanı olarak otomatik olarak görüntülenmez.<br>\\r\\n Posta kutusu B kullanıcısının izin vermesi için SOGo'da bir yetkilendirme oluşturması gerekir. posta kutusu kullanıcısı A, adresini gönderen olarak seçmek için. SOGo'da bir posta kutusuna yetki vermek için, posta görünümündeyken sol üstteki posta kutusu adınızın sağındaki menüyü (üç nokta) kullanın. Bu davranış, diğer ad adresleri için geçerli değildir.",
+        "sogo_visible_info": "Bu seçenek yalnızca SOGo'da görüntülenebilen nesneleri etkiler (en az bir yerel posta kutusuna işaret eden paylaşılan veya paylaşılmayan diğer ad adresleri). Gizliyse, bir takma ad SOGo'da seçilebilir gönderici olarak görünmez.",
+        "kind": "Nitelik",
+        "maxage": "Uzaktan sorgulanacak mesajların gün cinsinden maksimum ileti yaşı<br><small>(0 = yaşı yoksay)</small>",
+        "maxbytespersecond": "Maks. saniye başına bayt <br><small>(0 = sınırsız)</small>",
+        "redirect_uri": "Yönlendirme URI'i",
+        "relay_all": "Tüm alıcıları aktar",
+        "domain_footer_skip_replies": "Yanıt postasındaki altbilgiyi yoksay",
+        "exclude": "Nesneleri hariç tut (normal ifade)",
+        "extended_sender_acl": "Harici gönderen adresleri",
+        "force_pw_update": "Bir sonraki girişte şifre güncellemesini zorla",
+        "password": "Şifre",
+        "password_repeat": "Onay şifresi (tekrar)",
+        "private_comment": "Özel yorum",
+        "public_comment": "Genel yorum",
+        "pushover": "Pushover",
+        "pushover_evaluate_x_prio": "Yüksek öncelikli postayı iletin [<code>X-Priority: 1</code>]",
+        "pushover_info": "Anında iletme bildirimi ayarları, takma adlar (paylaşılan, paylaşılmayan, etiketli) dahil <b>%s</b> adresine teslim edilen tüm temiz (spam olmayan) postalara uygulanacaktır.",
+        "pushover_sender_array": "Yalnızca aşağıdaki gönderen e-posta adreslerini göz önünde bulundurun <small>(virgülle ayrılmış)</small>",
+        "scope": "Kapsam",
+        "skipcrossduplicates": "Klasörler arasında yinelenen mesajları atlayın (ilk gelen, ilk hizmet)",
+        "sogo_visible": "Takma ad SOGo'da görünür",
+        "relay_unknown_only": "Yalnızca var olmayan posta kutularını aktarın. Mevcut posta kutuları yerel olarak teslim edilecektir.",
+        "relayhost": "Göndericiye bağlı aktarımlar",
+        "remove": "Kaldır",
+        "resource": "Kaynak",
+        "save": "Değişiklikleri Kaydet",
+        "spam_policy": "Beyaz/kara listeye öğe ekleyin veya kaldırın",
+        "spam_score": "Özel bir spam puanı ayarlayın",
+        "subfolder2": "Hedefteki alt klasörle senkronize et<br><small>(boş = alt klasörü kullanmayın)</small>",
+        "syncjob": "Senkronizasyon işini düzenle",
+        "target_address": "Adrese git <small>(virgülle ayrılmış)</small>",
+        "target_domain": "Hedef alan",
+        "timeout1": "Uzak ana bilgisayara bağlantı için zaman aşımı",
+        "timeout2": "Yerel ana bilgisayara bağlantı için zaman aşımı",
+        "unchanged_if_empty": "Değişmediyse boş bırakın",
+        "username": "Kullanıcı adı",
+        "validate_save": "Doğrula ve kaydet",
+        "acl": "ACL (İzin)",
+        "active": "Aktif",
+        "admin": "Yöneticiyi düzenle",
+        "advanced_settings": "Gelişmiş ayarlar",
+        "alias": "Takma adı düzenle",
+        "generate": "oluştur",
+        "previous": "Önceki sayfa",
+        "domain_footer_info_vars": {
+            "from_addr": "Mail adresindeki adres kısmını verir",
+            "from_domain": "Mail adresindeki alan adını verir",
+            "custom": "Posta kutusu \\\"foo\\\" özelliğine ve \\\"bar\\\" değerine sahipse, \\\"bar\\\" döndürür\"",
+            "from_name": "Mail adresindeki gönderen alanını verir. Örn: Bilgi islem bilgiislem@canakkale.bel.tr nin Bilgi islem kısmını verir.",
+            "auth_user": "MTA tarafından belirtilen doğrulanmış kullanıcı adı",
+            "from_user": "Mail adresindeki kullanıcı adını alanını verir. Örn: bilgiislem@canakkale.bel.tr nin bilgiislem kısmını verir."
+        },
+        "custom_attributes": "Kullanıcı tanımlı özellikler",
+        "delete_ays": "Lütfen silme işlemini onaylayın.",
+        "description": "Açıklama",
+        "pushover_only_x_prio": "Yalnızca yüksek öncelikli postayı dikkate alın [<code>X-Priority: 1</code>]",
+        "delete2duplicates": "Hedefteki kopyaları sil",
+        "domain_footer": "Domain footer",
+        "domain_footer_html": "HTML footer",
+        "edit_alias_domain": "Takma ad alanını düzenle",
+        "encryption": "Şifreleme",
+        "domain_footer_info": "Bu alan adındaki bir adresle ilişkili tüm giden e-postalara domain-wide footer eklenir. Footer için aşağıdaki değişkenler kullanılabilir :",
+        "domains": "Alan adları",
+        "dont_check_sender_acl": "%s etki alanı için gönderen kontrolünü devre dışı bırakın (+ takma ad etki alanları)",
+        "sieve_desc": "Kısa tanım",
+        "sieve_type": "Filtre türü",
+        "sender_acl": "olarak göndermeye izin ver",
+        "sender_acl_disabled": "<span class=\\\"label label-danger\\\">Gönderen denetimi devre dışı</span>",
+        "allow_from_smtp": "Yalnızca bu IP'lerin <b>SMTP</b> kullanmasına izin verin",
+        "allow_from_smtp_info": "Tüm gönderenlere izin vermek için boş bırakın.<br>IPv4/IPv6 adresleri ve ağları.",
+        "allowed_protocols": "İzin verilen protokoller",
+        "app_name": "Uygulama adı",
+        "app_passwd": "Uygulama şifresi",
+        "app_passwd_protocols": "Uygulama şifresi için izin verilen protokoller",
+        "automap": "Klasörleri otomatik eşlemeyi deneyin (\\\"Gönderilmiş öğeler\\\", \\\"Gönderildi\\\" => \\\"Gönderildi\\\" vb.)",
+        "backup_mx_options": "Relay seçenekleri",
+        "bcc_dest_format": "BCC, tek bir geçerli e-posta adresi olmalıdır.<br>Bir kopyayı birden fazla adrese göndermeniz gerekiyorsa, bir takma ad oluşturun ve burada kullanın.",
+        "client_id": "Müşteri Kimliği",
+        "client_secret": "Müşteri sırrı",
+        "created_on": "Oluşturuldu",
+        "delete1": "Tamamlandığında kaynaktan silin",
+        "delete2": "Kaynakta olmayan hedefteki mesajları sil",
+        "domain_footer_plain": "PLAIN footer",
+        "multiple_bookings": "Çoklu rezervasyon",
+        "none_inherit": "Yok / Miras",
+        "nexthop": "Sonraki atlama",
+        "pushover_sender_regex": "Aşağıdaki gönderen regexini göz önünde bulundurun",
+        "pushover_text": "Bildirim metni",
+        "force_pw_update_info": "Bu kullanıcı yalnızca %s'de oturum açabilecek. Uygulama şifreleri kullanılabilir durumda kalır.",
+        "full_name": "Ad Soyad",
+        "gal": "Genel Adres Listesi",
+        "gal_info": "GAL, bir etki alanının tüm nesnelerini içerir ve herhangi bir kullanıcı tarafından düzenlenemez. Devre dışı bırakılmışsa, SOGo'da serbest/meşgul bilgisi eksik! <b>Değişiklikleri uygulamak için SOGo'yu yeniden başlatın.</b>",
+        "grant_types": "Yetki türleri",
+        "hostname": "Ana bilgisayar adı",
+        "mbox_rl_info": "Bu hız sınırı SASL oturum açma adına uygulanır, oturum açmış kullanıcı tarafından kullanılan herhangi bir \\\"gönderen\\\" adresiyle eşleşir. Posta kutusu hız sınırı, alan genelindeki hız sınırını geçersiz kılar.",
+        "mins_interval": "Aralık(dakika)",
+        "pushover_title": "Bildirim başlığı",
+        "pushover_sound": "Ses",
+        "pushover_vars": "Gönderici filtresi tanımlanmadığında, tüm postalar dikkate alınacaktır.<br>Regex filtreleri ve tam gönderen kontrolleri ayrı ayrı tanımlanabilir ve sıralı olarak değerlendirilecektir. Birbirlerine bağlı değildirler.<br>Metin ve başlık için kullanılabilir değişkenler (lütfen veri koruma politikalarını dikkate alın)",
+        "pushover_verify": "Kimlik bilgilerini doğrulayın",
+        "quota_warning_bcc": "Kota uyarısı BCC",
+        "quota_warning_bcc_info": "Uyarılar, aşağıdaki alıcılara ayrı kopyalar halinde gönderilecektir. Konunun sonuna parantez içinde karşılık gelen kullanıcı adı eklenecektir, örneğin: <code>Kota uyarısı (user@example.com)</code>.",
+        "ratelimit": "Hız sınırı",
+        "relay_all_info": "↪ Tüm alıcıları geçirmek için <b>değil</b> seçerseniz, aktarılması gereken her alıcı için bir (\\\"kör\\\") posta kutusu eklemeniz gerekir.",
+        "relay_domain": "Bu etki alanını aktar",
+        "relay_transport_info": "<div class=\\\"label label-info\\\">Bilgi</div> Bu etki alanı için özel bir hedef için taşıma haritaları tanımlayabilirsiniz. Ayarlanmazsa, bir MX araması yapılır.",
+        "sogo_access": "SOGo'ya doğrudan giriş erişimi verin",
+        "spam_alias": "Zaman sınırlı takma ad adresleri oluşturun veya değiştirin",
+        "spam_filter": "Spam filtresi",
+        "disable_login": "Oturum açmaya izin verme (gelen posta hala kabul edilir)",
+        "domain": "Etki alanını düzenle",
+        "domain_admin": "Etki alanı yöneticisini düzenle",
+        "domain_quota": "Etki alanı kotası",
+        "quota_mb": "Kota (MiB)",
+        "title": "Nesneyi düzenle"
+    },
+    "diagnostics": {
+        "dns_records_docs": "Lütfen ayrıca <a target=\\\"_blank\\\" href=\\\"https://mailcow.github.io/mailcow-dockerized-docs/precondition/precondition-dns/\\\">belgelere</a> bakın.",
+        "cname_from_a": "A/AAAA kaydından elde edilen değer. Bu, kayıt doğru kaynağa işaret ettiği sürece desteklenir.",
+        "dns_records_24hours": "DNS'de yapılan değişikliklerin mevcut durumlarının bu sayfaya doğru bir şekilde yansıtılmasının 24 saat kadar sürebileceğini lütfen unutmayın. DNS kayıtlarınızı nasıl yapılandıracağınızı kolayca görebilmeniz ve tüm kayıtlarınızın DNS'de doğru şekilde depolanıp depolanmadığını kontrol edebilmeniz için tasarlanmıştır.",
+        "optional": "Bu kayıt isteğe bağlıdır.",
+        "dns_records_data": "Doğru veri",
+        "dns_records_name": "İsim",
+        "dns_records_status": "Mevcut Durum",
+        "dns_records_type": "Tür",
+        "dns_records": "DNS Kayıtları"
+    },
+    "danger": {
+        "is_alias_or_mailbox": "%s zaten takma ad, posta kutusu veya takma ad etki alanından genişletilmiş bir takma ad adresi olarak biliniyor.",
+        "pushover_credentials_missing": "Pushover belirteci ve / veya anahtarı eksik",
+        "quota_not_0_not_numeric": "Kota sayısal ve >= 0 olmalıdır",
+        "extended_sender_acl_denied": "harici gönderen adreslerini ayarlamak için eksik ACL",
+        "invalid_destination": "Hedef biçimi \\\"%s\\\" geçersiz",
+        "mailbox_quota_left_exceeded": "Yeterli alan kalmadı (boş alan: %d MiB)",
+        "value_missing": "Lütfen tüm değerleri sağlayın",
+        "img_dimensions_exceeded": "Görüntü maksimum resim boyutunu aşıyor",
+        "max_quota_in_use": "Posta kutusu kotası %d MiB'den büyük veya buna eşit olmalıdır",
+        "object_exists": "%s nesnesi zaten var",
+        "webauthn_verification_failed": "WebAuthn doğrulaması başarısız oldu: %s",
+        "invalid_nexthop_authenticated": "Sonraki atlama, farklı kimlik bilgileriyle var, lütfen önce bu sonraki atlama için mevcut kimlik bilgilerini güncelleyin.",
+        "alias_domain_invalid": "%s takma ad alanı geçersiz",
+        "aliases_in_use": "Maks. takma adlar %d'den büyük veya eşit olmalıdır",
+        "app_name_empty": "Uygulama adı boş olamaz",
+        "app_passwd_id_invalid": "Uygulama şifresi kimliği %s geçersiz",
+        "bcc_empty": "BCC hedefi boş olamaz",
+        "alias_empty": "Takma ad adresi boş bırakılamaz",
+        "alias_goto_identical": "Takma ad ve varış adresi aynı olmamalıdır",
+        "alias_invalid": "%s takma ad adresi geçersiz",
+        "aliasd_targetd_identical": "Takma ad etki alanı, hedef etki alanına eşit olmamalıdır: %s",
+        "cors_invalid_method": "Geçersiz Allow-Method belirtildi",
+        "cors_invalid_origin": "Geçersiz Allow-Origin belirtildi",
+        "defquota_empty": "Posta kutusu başına varsayılan kota 0 olmamalıdır.",
+        "from_invalid": "Gönderen boş olmamalıdır",
+        "global_filter_write_error": "Filtre dosyası yazılamadı: %s",
+        "global_map_invalid": "Küresel harita kimliği %s geçersiz",
+        "maxquota_empty": "Maks. posta kutusu başına kota 0 olmamalıdır.",
+        "mysql_error": "MySQL hatası: %s",
+        "webauthn_authenticator_failed": "Seçilen kimlik doğrulayıcı bulunamadı.",
+        "webauthn_publickey_failed": "Seçilen kimlik doğrulayıcı için ortak anahtar saklanmadı",
+        "webauthn_username_failed": "Seçilen kimlik doğrulayıcı başka bir hesaba ait",
+        "global_map_write_error": "%s global harita kimliği yazılamadı: %s",
+        "access_denied": "Erişim reddedildi veya geçersiz form verisi",
+        "bcc_exists": "%s türü için %s BCC haritası var",
+        "bcc_must_be_email": "BCC %s geçerli bir e-posta adresi değil",
+        "comment_too_long": "Yorum çok uzun, maksimum 160 karaktere izin verilir",
+        "demo_mode_enabled": "Demo Mod açık",
+        "description_invalid": "%s için kaynak açıklaması geçersiz",
+        "dkim_domain_or_sel_exists": "\\\"%s\\\" için bir DKIM anahtarı var ve üzerine yazılmayacak",
+        "dkim_domain_or_sel_invalid": "DKIM etki alanı veya seçici geçersiz: %s",
+        "domain_cannot_match_hostname": "Alan, ana bilgisayar adıyla eşleşemez",
+        "domain_exists": "%s alanı zaten var",
+        "domain_invalid": "Alan adı boş veya geçersiz",
+        "domain_not_empty": "Boş olmayan alan adı %s kaldırılamıyor",
+        "domain_not_found": "%s alanı bulunamadı",
+        "domain_quota_m_in_use": "Etki alanı kotası %s MiB'den büyük veya buna eşit olmalıdır",
+        "extra_acl_invalid": "Harici gönderen adresi \\\"%s\\\" geçersiz",
+        "extra_acl_invalid_domain": "Harici gönderici \\\"%s\\\" geçersiz bir etki alanı kullanıyor",
+        "fido2_verification_failed": "FIDO2 doğrulaması başarısız oldu: %s",
+        "file_open_error": "Dosya yazmak için açılamıyor",
+        "filter_type": "Yanlış filtre türü",
+        "goto_empty": "Bir takma ad adresi, en az bir geçerli git adresi içermelidir",
+        "goto_invalid": "%s adresine git geçersiz",
+        "ham_learn_error": "Öğrenme hatası: %s",
+        "imagick_exception": "Hata: Görüntü okunurken Imagick istisnası",
+        "img_invalid": "Resim dosyası doğrulanamıyor",
+        "img_tmp_missing": "Resim dosyası doğrulanamıyor: Geçici dosya bulunamadı",
+        "password_complexity": "Şifre politikaya uygun değil",
+        "policy_list_from_exists": "Verilen ada sahip bir kayıt var",
+        "img_size_exceeded": "Görüntü maksimum dosya boyutunu aşıyor",
+        "invalid_bcc_map_type": "Geçersiz BCC harita türü",
+        "invalid_filter_type": "Geçersiz filtre türü",
+        "invalid_host": "Geçersiz ana bilgisayar belirtildi: %s",
+        "invalid_mime_type": "Geçersiz mime türü",
+        "invalid_nexthop": "Sonraki atlama biçimi geçersiz",
+        "invalid_recipient_map_new": "Geçersiz yeni alıcı belirtildi: %s",
+        "invalid_recipient_map_old": "Geçersiz orijinal alıcı belirtildi: %s",
+        "ip_list_empty": "İzin verilen IP'lerin listesi boş olamaz",
+        "is_alias": "%s zaten bir takma ad adresi olarak biliniyor",
+        "is_spam_alias": "%s zaten geçici bir takma ad adresi olarak biliniyor (spam takma ad adresi)",
+        "last_key": "Son anahtar silinemez, lütfen bunun yerine TFA'yı devre dışı bırakın.",
+        "login_failed": "Giriş başarısız",
+        "mailbox_defquota_exceeds_mailbox_maxquota": "Varsayılan kota, maksimum kota sınırını aşıyor",
+        "mailbox_invalid": "Posta kutusu adı geçersiz",
+        "mailbox_quota_exceeded": "Kota, alan sınırını aşıyor (maks. %d MiB)",
+        "mailbox_quota_exceeds_domain_quota": "Maks. kota, alan kota sınırını aşıyor",
+        "mailboxes_in_use": "Maks. posta kutuları %d'den büyük veya eşit olmalıdır",
+        "malformed_username": "Hatalı biçimlendirilmiş kullanıcı adı",
+        "map_content_empty": "Harita içeriği boş olamaz",
+        "max_alias_exceeded": "Maks. takma adlar aşıldı",
+        "max_mailbox_exceeded": "Maks. posta kutuları aşıldı (%d / %d)",
+        "network_host_invalid": "Geçersiz ağ veya ana bilgisayar: %s",
+        "next_hop_interferes": "%s, nexthop %s ile çakışıyor",
+        "next_hop_interferes_any": "Mevcut bir sonraki atlama %s ile çakışıyor",
+        "nginx_reload_failed": "Nginx yeniden yükleme başarısız oldu: %s",
+        "no_user_defined": "Kullanıcı tanımlı değil",
+        "object_is_not_numeric": "%s değeri sayısal değil",
+        "password_empty": "Şifre boş olmamalıdır",
+        "password_mismatch": "Onay şifresi eşleşmiyor",
+        "policy_list_from_invalid": "Kayıt geçersiz biçime sahip",
+        "private_key_error": "Özel anahtar hatası: %s",
+        "pushover_key": "Pushover anahtarı yanlış formatta",
+        "pushover_token": "Pushover token yanlış formatta",
+        "recipient_map_entry_exists": "Alıcı haritası girişi \\\"%s\\\" var",
+        "redis_error": "Redis hatası: %s",
+        "relayhost_invalid": "%s harita girişi geçersiz",
+        "template_exists": "%s isimli şablon zaten mevcut",
+        "template_id_invalid": "Şablon kimliği %s geçersiz",
+        "text_empty": "Metin boş olmamalıdır",
+        "unknown": "Bilinmeyen bir hata oluştu",
+        "unknown_tfa_method": "Bilinmeyen TFA yöntemi",
+        "unlimited_quota_acl": "ACL tarafından yasaklanan sınırsız kota",
+        "username_invalid": "Kullanıcı adı %s kullanılamaz",
+        "validity_missing": "Lütfen bir geçerlilik süresi atayın",
+        "yotp_verification_failed": "Yubico OTP doğrulaması başarısız oldu: %s",
+        "rspamd_ui_pw_length": "Rspamd UI şifresi en az 6 karakter uzunluğunda olmalıdır",
+        "tfa_token_invalid": "Hatalı TFA belirteci",
+        "release_send_failed": "Mesaj bırakılamadı: %s",
+        "reset_f2b_regex": "Regex filtresi zamanında sıfırlanamadı, lütfen tekrar deneyin veya birkaç saniye daha bekleyin ve web sitesini yeniden yükleyin.",
+        "resource_invalid": "%s kaynak adı geçersiz",
+        "rl_timeframe": "Hız sınırı zaman çerçevesi yanlış",
+        "script_empty": "Komut dosyası boş olamaz",
+        "sender_acl_invalid": "Gönderen ACL değeri %s geçersiz",
+        "set_acl_failed": "ACL ayarlanamadı",
+        "settings_map_invalid": "Ayarlar haritası kimliği %s geçersiz",
+        "sieve_error": "Elek ayrıştırıcı hatası: %s",
+        "spam_learn_error": "Spam öğrenme hatası: %s",
+        "subject_empty": "Konu boş olmamalıdır",
+        "target_domain_invalid": "Hedef alan %s geçersiz",
+        "targetd_not_found": "Hedef alan %s bulunamadı",
+        "targetd_relay_domain": "Hedef etki alanı %s bir geçiş etki alanıdır",
+        "template_name_invalid": "Şablon adı geçersiz",
+        "temp_error": "Geçici hata",
+        "tls_policy_map_dest_invalid": "Politika hedefi geçersiz",
+        "tls_policy_map_entry_exists": "Bir TLS ilke haritası girişi \\\"%s\\\" mevcut",
+        "tls_policy_map_parameter_invalid": "Politika parametresi geçersiz",
+        "totp_verification_failed": "TOTP doğrulaması başarısız oldu",
+        "transport_dest_exists": "\\\"%s\\\" aktarım hedefi mevcut"
+    },
+    "debug": {
+        "container_disabled": "Container durduruldu veya devre dışı bırakıldı",
+        "last_modified": "Son değişiklik",
+        "log_info": "<p>mailcow <b>bellek içi günlükler</b>, Redis listelerinde toplanır ve çekiçlemeyi azaltmak için her dakika LOG_LINES (%d) olacak şekilde kırpılır.\\r\\n <br>Bellek içi günlükler ısrarcı. Bellekte oturum açan tüm uygulamalar, ayrıca Docker arka plan programında ve dolayısıyla varsayılan günlük sürücüsünde oturum açar.\\r\\n <br>Bellek içi günlük türü, kapsayıcılarla ilgili küçük sorunları ayıklamak için kullanılmalıdır.</p>\\r\\n <p><b>Harici günlükler</b>, verilen uygulamanın API'si aracılığıyla toplanır.</p>\\r\\n <p><b>Statik günlükler</b> çoğunlukla etkinlik günlükleridir. Dockerd'da günlüğe kaydedilmez ancak yine de kalıcı olmaları gerekir (API günlükleri hariç).</p>",
+        "architecture": "Mimari",
+        "chart_this_server": "Grafik (bu sunucu)",
+        "containers_info": "Kapsayıcı bilgileri",
+        "container_running": "Çalıştırılıyor...",
+        "login_time": "Zaman",
+        "logs": "Loglar",
+        "static_logs": "Statik günlükler",
+        "success": "Başarılı",
+        "started_on": "Başladı",
+        "update_available": "Mevcut bir güncelleme var",
+        "container_stopped": "Durduruldu",
+        "cores": "Çekirdekler",
+        "current_time": "Sistem Zamanı",
+        "disk_usage": "Disk kullanımı",
+        "error_show_ip": "Genel IP adresleri çözümlenemedi.",
+        "external_logs": "Harici günlükler",
+        "history_all_servers": "Geçmiş (tüm sunucular)",
+        "in_memory_logs": "Bellek içi günlükler",
+        "jvm_memory_solr": "JVM bellek kullanımı",
+        "memory": "Hafıza",
+        "online_users": "Aktif kullanıcılar",
+        "restart_container": "Yeniden başlat",
+        "service": "Servis",
+        "show_ip": "Genel IP'yi göster",
+        "size": "Boyut",
+        "solr_dead": "Solr başlatılıyor, devre dışı bırakıldı veya öldü.",
+        "solr_status": "Solr durumu",
+        "started_at": "Başlangıç",
+        "system_containers": "Sistem ve Konteynerler",
+        "timezone": "Zaman Dilimi",
+        "uptime": "Çalışma Süresi",
+        "no_update_available": "Sistem en son sürümde",
+        "update_failed": "Güncelleme olup olmadığı kontrol edilemedi",
+        "username": "Kullanıcı Adı",
+        "wip": "Şu Anda Çalışma Devam Ediyor",
+        "docs": "Dokümanlar"
+    },
+    "mailbox": {
+        "domain_admins": "Etki alanı yöneticileri",
+        "insert_preset": "Örnek ön ayar \\\"%s\\\" ekle",
+        "mins_interval": "Aralık (dk)",
+        "bcc_info": "BCC haritaları, tüm mesajların kopyalarını başka bir adrese sessizce iletmek için kullanılır. Yerel hedef bir postanın alıcısı olarak hareket ettiğinde, bir alıcı eşleme türü girişi kullanılır. Gönderici haritaları aynı prensibe uygundur.<br/>\\r\\n Yerel hedef, başarısız bir teslimat hakkında bilgilendirilmez.",
+        "booking_custom": "Özel bir rezervasyon miktarıyla sabit sınırlama",
+        "force_pw_update": "Bir sonraki girişte parola güncellemesini zorunlu kıl",
+        "allow_from_smtp_info": "Tüm gönderenlere izin vermek için boş bırakın.<br>IPv4/IPv6 adresleri ve ağları.",
+        "tls_policy_maps_enforced_tls": "Bu ilkeler, giden TLS bağlantılarını zorlayan posta kutusu kullanıcılarının davranışını da geçersiz kılar. Aşağıda herhangi bir politika yoksa, bu kullanıcılar <code>smtp_tls_mandatory_protocols</code> ve <code>smtp_tls_mandatory_ciphers</code> olarak belirtilen varsayılan değerleri uygular.",
+        "tls_map_parameters_info": "Boş veya parametreler, örneğin: protokoller=!SSLv2 şifreleri=orta hariç tutma=3DES",
+        "recipient_map": "Alıcı haritası",
+        "sieve_info": "Kullanıcı başına birden fazla filtre saklayabilirsiniz, ancak aynı anda yalnızca bir ön filtre ve bir son filtre etkin olabilir.<br>\\r\\nHer filtre açıklanan sırayla işlenir. Ne başarısız bir komut dosyası ne de verilen bir \\\"keep;\\\", başka komut dosyalarının işlenmesini durdurmayacaktır. Global elek komut dosyalarında yapılan değişiklikler, Dovecot'un yeniden başlatılmasını tetikleyecektir.<br><br>Global elek ön filtresi &#8226; Ön filtre &#8226; Kullanıcı komut dosyaları &#8226; Son filtre &#8226; Küresel elek son filtresi",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Kimlik doğrulama sorunu",
+        "tls_enforce_in": "TLS gelenini uygula",
+        "tls_policy_maps_info": "Bu politika haritası, bir kullanıcının TLS politika ayarlarından bağımsız olarak giden TLS aktarım kurallarını geçersiz kılar.<br>\\r\\n Lütfen <a href=\\\"http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps\\\" adresini kontrol edin. daha fazla bilgi için target=\\\"_blank\\\">\\\"smtp_tls_policy_maps\\\" dokümanları</a>.",
+        "remove": "Kaldır",
+        "resources": "Kaynaklar",
+        "running": "Çalıştırılıyor...",
+        "sender": "Gönderen",
+        "set_postfilter": "Son filtre olarak işaretle",
+        "set_prefilter": "Ön filtre olarak işaretle",
+        "add_domain": "Alan adı ekle",
+        "action": "İşlem",
+        "activate": "Etkinleştir",
+        "active": "Aktif",
+        "add": "Ekle",
+        "add_alias": "Takma ad ekle",
+        "add_alias_expand": "Diğer adları diğer ad etki alanları üzerinde genişletin",
+        "add_tls_policy_map": "TLS politika haritası ekle",
+        "address_rewriting": "Adresi yeniden yaz",
+        "alias": "Takma ad",
+        "alias_domain_alias_hint": "Takma adlar, alan takma adlarına otomatik olarak <b>uygulanmaz</b>. Bir takma ad adresi <code>takma ad@etki alanım</code> <b>kapsamıyor</b> <code>takma ad@takma ad-domain</code> adresini (burada \\\"takma ad-domain\\\" \\\"domain\\\" için hayali bir takma addır.<br>Postaları harici bir posta kutusuna yönlendirmek için lütfen bir elek filtresi kullanın (\\\"Filtreler\\\" sekmesine bakın veya SOGo -> Yönlendiriciyi kullanın). Eksik takma adları otomatik olarak eklemek için \\\"Takma adı diğer ad alanları üzerinden genişlet\\\" seçeneğini kullanın.",
+        "booking_custom_short": "Kesin sınır",
+        "booking_ltnull": "Sınırsız, ancak rezervasyon yapıldığında meşgul olarak göster",
+        "catch_all": "Hepsini Yakala",
+        "created_on": "Oluşturuldu.",
+        "daily": "Günlük",
+        "deactivate": "Devre dışı bırak",
+        "mailbox": "Posta Kutusu",
+        "mailbox_defaults": "Varsayılan ayarlar",
+        "mailbox_defaults_info": "Yeni posta kutuları için varsayılan ayarları tanımlayın.",
+        "mailbox_defquota": "Varsayılan posta kutusu boyutu",
+        "mailbox_templates": "Mail Kutusu Şablonları",
+        "mailbox_quota": "Maks.  posta kutusu boyutu",
+        "mailboxes": "Posta kutuları",
+        "public_comment": "Genel yorum",
+        "q_add_header": "önemsiz klasörüne taşındığında",
+        "q_all": " önemsiz klasörüne taşındığında ve reddedildiğinde",
+        "q_reject": "Red aşamasında",
+        "quarantine_category": "Karantina bildirim kategorisi",
+        "quarantine_notification": "Karantina bildirimleri",
+        "quick_actions": "İşlemler",
+        "stats": "İstatistikler",
+        "status": "Durum",
+        "tls_policy_maps_long": "Giden TLS politika haritası geçersiz kılmaları",
+        "toggle_all": "Tümünü değiştir",
+        "booking_lt0_short": "Esnek sınır",
+        "msg_num": "Mesaj #",
+        "spam_aliases": "Geçici takma ad",
+        "sieve_preset_2": "Her zaman belirli bir gönderenin e-postasını görüldüğü gibi işaretleyin",
+        "add_bcc_entry": "BCC haritası ekle",
+        "add_domain_alias": "Alan adı ekle",
+        "add_domain_record_first": "Lütfen önce bir alan adı ekleyin",
+        "add_filter": "Filtre ekle",
+        "add_mailbox": "Posta kutusu ekle",
+        "add_recipient_map_entry": "Alıcı haritası ekle",
+        "add_resource": "Kaynak ekle",
+        "add_template": "Şablon Ekle",
+        "alias_domain_backupmx": "Takma alan adı geçiş alanı için etkin değil",
+        "aliases": "Takma Adlar",
+        "all_domains": "Tüm Alan Adları",
+        "allow_from_smtp": "Yalnızca bu IP'lerin <b>SMTP</b> kullanmasına izin verin",
+        "allowed_protocols": "Doğrudan kullanıcı erişimi için izin verilen protokoller (uygulama parola protokollerini etkilemez)",
+        "backup_mx": "Geçiş alanı",
+        "bcc": "BCC",
+        "bcc_destination": "Gizli hedef",
+        "bcc_destinations": "Gizli hedef",
+        "bcc_local_dest": "Yerel hedef",
+        "bcc_map": "BCC haritası",
+        "bcc_map_type": "BCC türü",
+        "bcc_maps": "BCC haritaları",
+        "bcc_rcpt_map": "Alıcı haritası",
+        "bcc_sender_map": "Gönderen haritası",
+        "bcc_to_rcpt": "Alıcı harita türüne geç",
+        "bcc_to_sender": "Gönderici harita türüne geç",
+        "bcc_type": "BCC türü",
+        "booking_null": "Her zaman ücretsiz olarak göster",
+        "booking_0_short": "Her zaman ücretsiz",
+        "description": "Açıklama",
+        "disable_login": "Oturum açmaya izin verme (gelen posta hala kabul edilir)",
+        "disable_x": "Devre dışı bırak",
+        "dkim_domains_selector": "Seçici",
+        "dkim_key_length": "DKIM anahtar uzunluğu (bit)",
+        "domain": "Etki Alanı",
+        "domain_aliases": "Alan adı takma adları",
+        "domain_templates": "Etki Alanı Şablonları",
+        "domain_quota": "Kota",
+        "domain_quota_total": "Toplam alan kotası",
+        "domains": "Etki Alanları",
+        "edit": "Düzenle",
+        "empty": "Sonuç yok",
+        "enable_x": "Etkinleştir",
+        "excludes": "Hariç tutulanlar",
+        "filter_table": "Tabloyu filtrele",
+        "filters": "Filtreler",
+        "fname": "Tam adı",
+        "gal": "Genel Adres Listesi",
+        "goto_ham": "<b>ham</b> olarak öğrenin",
+        "goto_spam": "<b>spam</b> olarak öğrenin",
+        "hourly": "Saatlik",
+        "in_use": "Kullanılan (%)",
+        "inactive": "Pasif",
+        "kind": "Nitelik",
+        "last_mail_login": "Son posta girişi",
+        "last_modified": "Son değişiklik",
+        "last_pw_change": "Son şifre değişikliği",
+        "last_run": "Son çalıştırma",
+        "last_run_reset": "Sonrakini planla",
+        "max_aliases": "Max. kısayollar",
+        "max_mailboxes": "Max. mail kutuları",
+        "max_quota": "Mail kutusu başına max. kota",
+        "multiple_bookings": "Çoklu rezervasyonlar",
+        "never": "Hiçbir zaman",
+        "no": "&#10005;",
+        "no_record": "%s nesnesi için kayıt yok",
+        "no_record_single": "Kayıt yok",
+        "open_logs": "Logları aç",
+        "owner": "Sahip",
+        "private_comment": "Özel yorum",
+        "recipient": "Alıcı",
+        "recipient_map_info": "Alıcı haritaları, teslim edilmeden önce bir mesajdaki hedef adresi değiştirmek için kullanılır.",
+        "recipient_map_new": "Yeni alıcı",
+        "recipient_map_old_info": "Bir alıcı eşleme orijinal hedefi, geçerli e-posta adresleri veya bir alan adı olmalıdır.",
+        "recipient_maps": "Alıcı haritaları",
+        "relay_all": "Tüm alıcıları ilet",
+        "relay_unknown": "Bilinmeyen posta kutularını aktar",
+        "sieve_preset_1": "Olası tehlikeli dosya türlerine sahip postaları atın",
+        "sieve_preset_3": "Sessizce atın, tüm diğer elek işlemlerini durdurun",
+        "sieve_preset_4": "INBOX'a dosyalayın, elek filtreleriyle daha fazla işlemi atlayın",
+        "sieve_preset_5": "Otomatik yanıtlayıcı (tatil)",
+        "sieve_preset_6": "Postayı reddedildi olarak yanıtla",
+        "sieve_preset_7": "Yönlendir ve sakla/bırak",
+        "sieve_preset_8": "Gönderenin parçası olduğu bir takma ad adresine gönderilen mesajı atın",
+        "sieve_preset_header": "Lütfen aşağıdaki örnek ön ayarlara bakın. Daha fazla ayrıntı için <a href=\\\"https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)\\\" target=\\\"_blank\\\">Wikipedia</a>'ya bakın.",
+        "sogo_visible": "Takma ad SOGo'da görünür",
+        "sogo_visible_n": "SOGo'da takma adı gizle",
+        "sogo_visible_y": "SOGo'da takma adı göster",
+        "sync_jobs": "İşleri senkronize et",
+        "syncjob_check_log": "Günlüğü kontrol et",
+        "syncjob_last_run_result": "Son çalıştırma sonucu",
+        "syncjob_EX_OK": "Başarılı",
+        "syncjob_EXIT_CONNECTION_FAILURE": "Bağlantı sorunu",
+        "syncjob_EXIT_TLS_FAILURE": "Şifreli bağlantıyla ilgili sorun",
+        "syncjob_EXIT_OVERQUOTA": "Hedef posta kutusu kotayı aştı",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Uzak sunucuya bağlanılamıyor",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Yanlış kullanıcı adı veya şifre",
+        "table_size": "Tablo boyutu",
+        "table_size_show_n": "%s öğeleri göster",
+        "target_address": "Adrese git",
+        "target_domain": "Hedef alan",
+        "templates": "Şablonlar",
+        "template": "Şablon",
+        "tls_enforce_out": "TLS gidenini uygula",
+        "tls_map_dest_info": "Örnekler: example.org, .example.org, [mail.example.org]:25",
+        "tls_map_policy": "Politika",
+        "tls_policy_maps": "TLS politika haritaları",
+        "username": "Kullanıcı Adı",
+        "waiting": "Bekliyor...",
+        "weekly": "Haftalık",
+        "yes": "OK",
+        "recipient_map_new_info": "Alıcı harita hedefi geçerli bir e-posta adresi olmalıdır.",
+        "recipient_map_old": "Orijinal alıcı",
+        "tls_map_dest": "Hedef",
+        "tls_map_parameters": "Parametreler"
+    },
+    "login": {
+        "mobileconfig_info": "İstenen Apple bağlantı profilini indirmek için lütfen posta kutusu kullanıcısı olarak oturum açın.",
+        "delayed": "Giriş %s saniye gecikti.",
+        "fido2_webauthn": "FIDO2/WebAuthn Giriş",
+        "login": "Giriş",
+        "password": "Şifre",
+        "username": "Kullanıcı Adı",
+        "other_logins": "Anahtar girişi"
+    },
+    "success": {
+        "bcc_saved": "BCC harita girişi kaydedildi",
+        "item_deleted": "Öğe %s başarıyla silindi",
+        "verified_webauthn_login": "Doğrulanmış WebAuthn girişi",
+        "f2b_modified": "Fail2ban parametrelerinde yapılan değişiklikler kaydedildi",
+        "rl_saved": "Kaydedilen %s nesnesi için hız sınırı",
+        "alias_added": "Takma ad adresi %s (%d) eklendi",
+        "aliasd_modified": "%s takma ad etki alanında yapılan değişiklikler kaydedildi",
+        "global_filter_written": "Filtre dosyaya başarıyla yazıldı",
+        "dkim_removed": "DKIM anahtarı %s kaldırıldı",
+        "pushover_settings_edited": "Pushover ayarları başarıyla ayarlandı, lütfen kimlik bilgilerini doğrulayın.",
+        "verified_yotp_login": "Doğrulanmış Yubico OTP girişi",
+        "deleted_syncjobs": "Silinen senkronizasyon işleri: %s",
+        "sogo_profile_reset": "%s kullanıcısı için SOGo profili sıfırlandı",
+        "domain_admin_removed": "Alan yöneticisi %s kaldırıldı",
+        "domain_admin_modified": "Alan yöneticisi %s'de yapılan değişiklikler kaydedildi",
+        "domain_footer_modified": "Domain footer değişiklikleri %s kaydedildi",
+        "domain_removed": "%s etki alanı kaldırıldı",
+        "dovecot_restart_success": "Dovecot başarıyla yeniden başlatıldı",
+        "hash_deleted": "Hash silindi",
+        "items_deleted": "Öğe %s başarıyla silindi",
+        "items_released": "Seçilen öğeler yayınlandı.",
+        "learned_ham": "Kimlik %s jambon olarak başarıyla öğrenildi",
+        "license_modified": "Lisansta yapılan değişiklikler kaydedildi",
+        "logged_in_as": "%s olarak oturum açıldı",
+        "mailbox_added": "Posta kutusu %s eklendi",
+        "mailbox_modified": "%s posta kutusunda yapılan değişiklikler kaydedildi",
+        "mailbox_removed": "Posta kutusu %s kaldırıldı",
+        "nginx_reloaded": "Nginx yeniden yüklendi",
+        "object_modified": "%s nesnesindeki değişiklikler kaydedildi",
+        "reset_main_logo": "Varsayılan logoya sıfırla",
+        "saved_settings": "Kaydedilen ayarlar",
+        "eas_reset": "%s kullanıcısı için ActiveSync cihazları sıfırlandı",
+        "domain_added": "%s etki alanı eklendi",
+        "template_modified": "%s şablonuna değişiklikler işlendi",
+        "ui_texts": "Kullanıcı arayüzü metinlerinde yapılan değişiklikler kaydedildi",
+        "template_added": "%s şablonu eklendi",
+        "acl_saved": "%s nesnesi için ACL kaydedildi",
+        "admin_added": "%s yöneticisi eklendi",
+        "admin_api_modified": "API'deki değişiklikler kaydedildi",
+        "admin_modified": "Yönetici değişiklikleri kaydedildi",
+        "admin_removed": "%s yöneticisi kaldırıldı",
+        "alias_domain_removed": "Takma ad alan adı %s kaldırıldı",
+        "alias_modified": "%s takma ad adresindeki değişiklikler kaydedildi",
+        "alias_removed": "%s takma adı kaldırıldı",
+        "aliasd_added": "%s takma ad alanı eklendi",
+        "app_links": "Uygulama bağlantılarında yapılan değişiklikler kaydedildi",
+        "app_passwd_added": "Yeni uygulama şifresi eklendi",
+        "app_passwd_removed": "Kaldırılan uygulama parolası kimliği %s",
+        "bcc_deleted": "BCC harita girişleri silindi: %s",
+        "bcc_edited": "BCC harita girişi %s düzenlendi",
+        "cors_headers_edited": "CORS ayarları kaydedildi",
+        "db_init_complete": "Veritabanı başlatma işlemi tamamlandı",
+        "delete_filter": "Silinen filtre kimliği %s",
+        "delete_filters": "Silinen filtreler: %s",
+        "deleted_syncjob": "Syncjob kimliği %s silindi.",
+        "dkim_added": "DKIM anahtarı %s kaydedildi",
+        "domain_add_dkim_available": "Bir DKIM anahtarı zaten mevcuttu",
+        "dkim_duplicated": "%s etki alanı için DKIM anahtarı %s'ye kopyalandı",
+        "domain_admin_added": "Alan yöneticisi %s eklendi",
+        "domain_modified": "%s etki alanında yapılan değişiklikler kaydedildi",
+        "f2b_banlist_refreshed": "Banlist ID başarıyla yenilendi.",
+        "forwarding_host_added": "Yönlendirme ana bilgisayarı %s eklendi",
+        "forwarding_host_removed": "Yönlendirme ana bilgisayarı %s kaldırıldı",
+        "ip_check_opt_in_modified": "IP kontrolü başarıyla kaydedildi",
+        "item_released": "Öğe %s yayınlandı",
+        "password_policy_saved": "Parola politikası başarıyla kaydedildi",
+        "qlearn_spam": "Mesaj kimliği %s spam olarak öğrenildi ve silindi",
+        "queue_command_success": "Kuyruk komutu başarıyla tamamlandı",
+        "recipient_map_entry_deleted": "Alıcı harita kimliği %s silindi",
+        "recipient_map_entry_saved": "Alıcı harita girişi \\\"%s\\\" kaydedildi",
+        "relayhost_added": "%s harita girişi eklendi",
+        "relayhost_removed": "%s harita girişi kaldırıldı",
+        "resource_added": "Kaynak %s eklendi",
+        "resource_modified": "%s posta kutusunda yapılan değişiklikler kaydedildi",
+        "resource_removed": "Kaynak %s kaldırıldı",
+        "rspamd_ui_pw_set": "Rspamd UI parolası başarıyla ayarlandı",
+        "settings_map_added": "Ayarlar haritası girişi eklendi",
+        "settings_map_removed": "Kaldırılan ayarlar haritası kimliği %s",
+        "template_removed": "%s şablonu silindi",
+        "tls_policy_map_entry_deleted": "TLS politika haritası kimliği %s silindi",
+        "tls_policy_map_entry_saved": "TLS ilke haritası girişi \\\"%s\\\" kaydedildi",
+        "upload_success": "Dosya başarıyla yüklendi",
+        "verified_fido2_login": "Doğrulanmış FIDO2 girişi",
+        "verified_totp_login": "Doğrulanmış TOTP girişi"
+    },
+    "quarantine": {
+        "remove": "Kaldır",
+        "disabled_by_config": "Geçerli sistem yapılandırması, karantina işlevini devre dışı bırakır. Lütfen karantina öğeleri için \\\"posta kutusu başına tutma\\\" ve \\\"maksimum boyut\\\" ayarlayın.",
+        "qinfo": "Karantina sistemi, reddedilen postaları veritabanına (gönderene teslim edilmiş bir posta izlenimi verilmeyecek</em>) ve bir posta kutusunun Önemsiz klasörüne kopya olarak teslim edilen postayı kaydeder.\\r\\n <br>\\\"Spam olarak öğren ve sil\\\", Bayes teoremi aracılığıyla bir mesajı spam olarak öğrenecek ve ayrıca gelecekte benzer mesajları reddetmek için bulanık karmaları hesaplayacaktır.\\r\\n <br>Lütfen birden fazla öğrenmenin olduğunu unutmayın. iletiler - sisteminize bağlı olarak - zaman alabilir.<br>Kara listeye alınan öğeler karantinadan hariç tutulur.",
+        "sender_header": "Gönderen (\"Kimden\" başlığı)",
+        "table_size": "Tablo boyutu",
+        "confirm_delete": "Bu öğenin silinmesini onaylayın.",
+        "danger": "Tehlike",
+        "deliver_inbox": "Gelen kutusuna teslim et",
+        "download_eml": "İndir (.eml)",
+        "show_item": "Öğeyi göster",
+        "spam": "Spam",
+        "spam_score": "Skor",
+        "subj": "Konu",
+        "table_size_show_n": "%s öğeleri göster",
+        "text_from_html_content": "İçerik (dönüştürülmüş html)",
+        "text_plain_content": "İçerik (metin/düz)",
+        "toggle_all": "Hepsini aç/kapat",
+        "type": "Tür",
+        "qhandler_success": "İstek sisteme başarıyla gönderildi. Artık pencereyi kapatabilirsiniz.",
+        "recipients": "Alıcılar",
+        "refresh": "Yenile",
+        "received": "Alındı.",
+        "action": "İşlem",
+        "atts": "Ekler",
+        "check_hash": "Dosya hash @ VT ara",
+        "confirm": "Onayla",
+        "empty": "Sonuç Yok",
+        "high_danger": "Yüksek",
+        "info": "Bilgi",
+        "junk_folder": "Gereksiz klasör",
+        "learn_spam_delete": "Spam olarak öğren ve sil",
+        "low_danger": "Düşük",
+        "medium_danger": "Orta",
+        "neutral_danger": "Nötr",
+        "notified": "Bildirildi.",
+        "qid": "Rspamd QID",
+        "qitem": "Karantina öğesi",
+        "quarantine": "Karantina",
+        "quick_actions": "İşlemler",
+        "quick_delete_link": "Hızlı silme bağlantısını aç",
+        "quick_info_link": "Bilgi bağlantısını aç",
+        "quick_release_link": "Hızlı yayın bağlantısını aç",
+        "rcpt": "Alıcı",
+        "rejected": "Reddedildi.",
+        "release": "Serbest Bırak",
+        "release_body": "Mesajınızı eml dosyası olarak bu mesaja ekledik.",
+        "release_subject": "Potansiyel olarak zarar veren karantina öğesi %s",
+        "rewrite_subject": "Konuyu yeniden yaz",
+        "rspamd_result": "Rspamd sonucu",
+        "sender": "Gönderen (SMTP)",
+        "settings_info": "Karantinaya alınacak maksimum öğe miktarı: %s<br>Maksimum e-posta boyutu: %s MiB"
+    },
+    "tfa": {
+        "waiting_usb_register": "<i>USB cihazı bekleniyor...</i><br><br>Lütfen şifrenizi yukarıya girin ve USB cihazınızdaki düğmeye dokunarak kaydınızı onaylayın.",
+        "scan_qr_code": "Lütfen aşağıdaki kodu kimlik doğrulama uygulamanızla tarayın veya kodu manuel olarak girin.",
+        "u2f_deprecated": "Anahtarınız, kullanımdan kaldırılmış U2F yöntemi kullanılarak kaydedilmiş gibi görünüyor. İki Faktörlü Kimlik Doğrulamayı sizin için devre dışı bırakacağız ve Anahtarınızı sileceğiz.",
+        "none": "Devre dışı bırak",
+        "authenticators": "Kimlik doğrulayıcılar",
+        "api_register": "%s, Yubico Bulut API'sini kullanır. Lütfen anahtarınız için <a href=\\\"https://upgrade.yubico.com/getapikey/\\\" target=\\\"_blank\\\">buradan bir API anahtarı edinin. </a>",
+        "confirm": "Onayla",
+        "confirm_totp_token": "Lütfen oluşturulan jetonu girerek değişikliklerinizi onaylayın",
+        "delete_tfa": "Çift faktörlü doğrulamayı kaldırın",
+        "disable_tfa": "Bir olayla başarılı girişe kadar çift geçişli çıkışı devre dışı bırak",
+        "enter_qr_code": "Cihazınız QR kodlarını tarayamıyorsa TOTP kodunuz",
+        "error_code": "Hata kodu",
+        "init_webauthn": "Başlatılıyor, lütfen bekleyin...",
+        "key_id": "Cihazınız için bir tanımlayıcı",
+        "key_id_totp": "Anahtarınız için bir tanımlayıcı",
+        "reload_retry": "- (hata devam ederse tarayıcıyı yeniden yükleyin)",
+        "select": "Lütfen seçiniz",
+        "set_tfa": "Çift faktörlü yöntem metodu",
+        "tfa_token_invalid": "Çift faktörlü doğrulama geçersiz",
+        "totp": "Zamana dayalı OTP (Google Authenticator, Authy, vb.)",
+        "u2f_deprecated_important": "Lütfen Anahtarınızı yeni WebAuthn yöntemiyle yönetici panelinde kaydedin.",
+        "webauthn": "WebAuthn kimlik doğrulaması",
+        "waiting_usb_auth": "<i>USB cihazı bekleniyor...</i><br><br>Lütfen şimdi USB cihazınızdaki düğmeye dokunun.",
+        "yubi_otp": "Yubico OTP kimlik doğrulaması",
+        "start_webauthn_validation": "Doğrulamayı başlat",
+        "tfa": "Çift faktörlü doğrulama"
+    },
+    "start": {
+        "mailcow_panel_detail": "<b>Etki alanı yöneticileri</b> posta kutuları ve takma adlar oluşturur, değiştirir veya siler, alan adlarını değiştirir ve atanan alan adları hakkında daha fazla bilgi okur.<br>\\r\\n<b>Posta kutusu kullanıcıları</b> zaman oluşturabilir -sınırlı takma adlar (spam takma adları), şifrelerini ve spam filtresi ayarlarını değiştirin.",
+        "imap_smtp_server_auth_info": "Lütfen tam e-posta adresinizi ve PLAIN kimlik doğrulama mekanizmasını kullanın.<br>\\r\\nGiriş verileriniz, sunucu tarafı zorunlu şifreleme ile şifrelenecektir.",
+        "mailcow_apps_detail": "Postalarınıza, takviminize, kişilerinize ve daha fazlasına erişmek için bir mailcow uygulaması kullanın.",
+        "help": "Yardım panelini göster/gizle"
+    },
+    "queue": {
+        "hold_mail_legend": "Seçilen postaları bekletir. (Daha fazla teslimat girişimini önler)",
+        "legend": "Posta kuyruğu eylemleri işlevleri:",
+        "ays": "Lütfen geçerli kuyruktaki tüm öğeleri silmek istediğinizi onaylayın.",
+        "deliver_mail": "Teslim Et",
+        "deliver_mail_legend": "Seçilen postaları yeniden teslim etme girişimleri.",
+        "delete": "Tümünü Sil",
+        "flush": "Kuyruğu Temizle",
+        "info": "Posta kuyruğu, teslim edilmeyi bekleyen tüm e-postaları içerir. Bir mail uzun süre mail kuyruğunda kalırsa sistem tarafından otomatik olarak silinir.<br>İlgili mailin hata mesajı mailin neden teslim edilemediği hakkında bilgi verir.",
+        "queue_manager": "Kuyruk Yöneticisi",
+        "show_message": "Mesajı göster",
+        "unban": "Yasağı Kaldır",
+        "unhold_mail": "Bırak",
+        "unhold_mail_legend": "Seçilen postaları teslimat için serbest bırakır. (önceden bekletme gerektirir)",
+        "hold_mail": "Tut"
+    },
+    "fido2": {
+        "confirm": "Onayla",
+        "fido2_auth": "FIDO2 ile giriş yap",
+        "fido2_success": "Cihaz başarıyla kaydedildi",
+        "set_fido2": "FIDO2 cihazını kaydedin",
+        "set_fn": "Kolay ad belirleyin",
+        "start_fido2_validation": "FIDO2 doğrulamasını başlat",
+        "fido2_validation_failed": "Doğrulama başarısız",
+        "fn": "Kolay ad",
+        "known_ids": "Bilinen Kimlikler",
+        "none": "Engellendi.",
+        "register_status": "Kayıt Durumu",
+        "rename": "Yeniden adlandır",
+        "set_fido2_touchid": "Apple M1'de Touch ID'yi kaydedin"
+    },
+    "footer": {
+        "confirm_delete": "Silmeyi Onayla",
+        "delete_now": "Şimdi sil",
+        "delete_these_items": "Lütfen aşağıdaki nesne kimliğindeki değişikliklerinizi onaylayın",
+        "restart_container_info": "<b>Önemli:</b> Düzgün bir yeniden başlatmanın tamamlanması biraz zaman alabilir, lütfen bitmesini bekleyin.",
+        "restart_now": "Şimdi yeniden başlat",
+        "restarting_container": "Konteyner yeniden başlatılıyor, bu işlem biraz zaman alabilir",
+        "hibp_check": "haveibeenpwned.com adresinden kontrol edin",
+        "cancel": "İptal",
+        "hibp_nok": "Eşleşti! Bu potansiyel olarak tehlikeli bir şifredir!",
+        "hibp_ok": "Eşleşme bulunamadı.",
+        "loading": "Lütfen bekleyin...",
+        "nothing_selected": "Seçim yapılmadı",
+        "restart_container": "Konteyneri yeniden başlat"
+    },
+    "header": {
+        "administration": "Yapılandırma ve Ayrıntılar",
+        "apps": "Uygulamalar",
+        "debug": "Bilgi",
+        "email": "E-Posta",
+        "mailcow_system": "Sistem",
+        "mailcow_config": "Yapılandırma",
+        "quarantine": "Karantina",
+        "restart_netfilter": "netfilter'ı yeniden başlat",
+        "restart_sogo": "SOGo'yu yeniden başlat",
+        "user_settings": "Kullanıcı Ayarları"
+    },
+    "info": {
+        "awaiting_tfa_confirmation": "TFA onayı bekleniyor",
+        "no_action": "Uygulanabilir bir işlem yok",
+        "session_expires": "Oturumunuz yaklaşık 15 saniye içinde sona erecek"
+    },
+    "oauth2": {
+        "access_denied": "OAuth2 aracılığıyla erişim izni vermek için lütfen posta kutusu sahibi olarak giriş yapın.",
+        "authorize_app": "Uygulamayı yetkilendir",
+        "deny": "Reddet",
+        "permit": "Uygulamayı yetkilendir",
+        "profile": "Profil",
+        "profile_desc": "Kişisel bilgileri görüntüleyin: kullanıcı adı, tam ad, oluşturuldu, değiştirildi, etkin",
+        "scope_ask_permission": "Bir uygulama aşağıdaki izinleri istedi"
+    },
+    "ratelimit": {
+        "disabled": "Engellendi",
+        "second": "mesaj / saniye",
+        "minute": "mesaj / dakika",
+        "hour": "mesaj / saat",
+        "day": "mesaj / gün"
     }
 }

From 237a25e6b0795299e13491bea8e70f8327cea550 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Tue, 2 Apr 2024 02:20:31 +0200
Subject: [PATCH 184/755] update postscreen_access.cidr (#5811)

---
 data/conf/postfix/postscreen_access.cidr | 79 ++----------------------
 1 file changed, 6 insertions(+), 73 deletions(-)

diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr
index 3d46030dd..34ff04ea5 100644
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@@ -1,6 +1,6 @@
-# Whitelist generated by Postwhite v3.4 on Fri Mar  1 00:14:49 UTC 2024
+# Whitelist generated by Postwhite v3.4 on Mon Apr  1 00:15:02 UTC 2024
 # https://github.com/stevejenkins/postwhite/
-# 2076 total rules
+# 2009 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
 2a01:111:f403:8000::/50	permit
@@ -44,7 +44,6 @@
 18.198.96.88	permit
 18.208.124.128/25	permit
 18.216.232.154	permit
-18.234.1.244	permit
 18.236.40.242	permit
 18.236.56.161	permit
 20.51.6.32/30	permit
@@ -93,14 +92,12 @@
 27.123.204.172	permit
 27.123.204.188/30	permit
 27.123.204.192	permit
-27.123.206.0/24	permit
 27.123.206.50/31	permit
 27.123.206.56/29	permit
 27.123.206.76/30	permit
 27.123.206.80/28	permit
 31.25.48.222	permit
 34.195.217.107	permit
-34.202.239.6	permit
 34.212.163.75	permit
 34.215.104.144	permit
 34.218.116.3	permit
@@ -122,7 +119,6 @@
 40.112.65.63	permit
 43.228.184.0/22	permit
 44.206.138.57	permit
-44.209.42.157	permit
 44.236.56.93	permit
 44.238.220.251	permit
 46.19.168.0/23	permit
@@ -166,7 +162,6 @@
 46.228.38.144/29	permit
 46.228.38.152/31	permit
 46.228.38.154	permit
-46.228.39.0/24	permit
 46.228.39.64/27	permit
 46.228.39.96/30	permit
 46.228.39.100/30	permit
@@ -249,7 +244,6 @@
 54.191.223.56	permit
 54.213.20.246	permit
 54.214.39.184	permit
-54.221.227.204	permit
 54.240.0.0/18	permit
 54.240.64.0/19	permit
 54.240.96.0/19	permit
@@ -258,7 +252,7 @@
 54.244.242.0/24	permit
 54.255.61.23	permit
 62.13.128.0/24	permit
-62.13.128.150	permit
+62.13.128.196	permit
 62.13.129.128/25	permit
 62.13.136.0/22	permit
 62.13.140.0/22	permit
@@ -266,6 +260,7 @@
 62.13.148.0/23	permit
 62.13.150.0/23	permit
 62.13.152.0/23	permit
+62.13.159.196	permit
 62.17.146.128/26	permit
 62.179.121.0/24	permit
 62.201.172.0/27	permit
@@ -372,7 +367,6 @@
 66.135.215.0/24	permit
 66.135.222.1	permit
 66.162.193.226/31	permit
-66.163.184.0/21	permit
 66.163.184.0/24	permit
 66.163.185.0/24	permit
 66.163.186.0/24	permit
@@ -385,7 +379,6 @@
 66.196.80.112/28	permit
 66.196.80.144/29	permit
 66.196.80.193	permit
-66.196.81.0/24	permit
 66.196.81.104/29	permit
 66.196.81.112/29	permit
 66.196.81.120	permit
@@ -428,12 +421,10 @@
 66.249.80.0/20	permit
 67.23.31.6	permit
 67.72.99.26	permit
-67.195.22.0/24	permit
 67.195.22.113	permit
 67.195.22.116/30	permit
 67.195.23.144/30	permit
 67.195.23.148	permit
-67.195.60.0/24	permit
 67.195.60.45	permit
 67.195.60.46/31	permit
 67.195.60.48/31	permit
@@ -441,7 +432,6 @@
 67.195.60.146	permit
 67.195.60.155	permit
 67.195.60.156	permit
-67.195.87.0/24	permit
 67.195.87.64	permit
 67.195.87.81	permit
 67.195.87.82/31	permit
@@ -466,7 +456,6 @@
 67.228.37.4/30	permit
 67.231.145.42	permit
 67.231.153.30	permit
-68.142.230.0/24	permit
 68.142.230.64/31	permit
 68.142.230.69	permit
 68.142.230.70/31	permit
@@ -482,10 +471,6 @@
 69.65.42.195	permit
 69.65.49.192/29	permit
 69.72.32.0/20	permit
-69.72.40.93	permit
-69.72.40.94/31	permit
-69.72.40.96/30	permit
-69.72.47.205	permit
 69.147.84.227	permit
 69.162.98.0/24	permit
 69.169.224.0/20	permit
@@ -525,7 +510,6 @@
 72.30.237.180/30	permit
 72.30.237.184/31	permit
 72.30.237.204/30	permit
-72.30.238.0/23	permit
 72.30.238.116/30	permit
 72.30.238.120/31	permit
 72.30.238.128	permit
@@ -557,7 +541,6 @@
 72.30.239.244/30	permit
 72.30.239.248/31	permit
 72.52.72.32/28	permit
-74.6.128.0/21	permit
 74.6.128.0/24	permit
 74.6.129.0/24	permit
 74.6.130.0/24	permit
@@ -592,7 +575,6 @@
 75.2.70.75	permit
 76.223.128.0/19	permit
 76.223.176.0/20	permit
-77.238.176.0/22	permit
 77.238.176.0/24	permit
 77.238.177.0/24	permit
 77.238.178.0/24	permit
@@ -673,6 +655,7 @@
 87.253.232.0/21	permit
 89.22.108.0/24	permit
 91.211.240.0/22	permit
+94.169.2.0/23	permit
 94.245.112.0/27	permit
 94.245.112.10/31	permit
 95.131.104.0/21	permit
@@ -686,7 +669,6 @@
 98.136.44.181	permit
 98.136.44.182/31	permit
 98.136.44.184	permit
-98.136.164.0/24	permit
 98.136.164.36/31	permit
 98.136.164.64/29	permit
 98.136.164.72/30	permit
@@ -694,7 +676,6 @@
 98.136.164.78	permit
 98.136.172.32/30	permit
 98.136.172.36/31	permit
-98.136.185.0/24	permit
 98.136.185.29	permit
 98.136.185.42/31	permit
 98.136.185.46	permit
@@ -729,7 +710,6 @@
 98.136.215.184	permit
 98.136.215.208/30	permit
 98.136.215.212/31	permit
-98.136.217.0/24	permit
 98.136.217.1	permit
 98.136.217.2	permit
 98.136.217.3	permit
@@ -739,14 +719,12 @@
 98.136.217.12/30	permit
 98.136.217.16/30	permit
 98.136.217.20/30	permit
-98.136.218.0/24	permit
 98.136.218.39	permit
 98.136.218.40/29	permit
 98.136.218.48/28	permit
 98.136.218.67	permit
 98.136.218.68/30	permit
 98.136.218.72/30	permit
-98.137.12.0/24	permit
 98.137.12.48/30	permit
 98.137.12.52/31	permit
 98.137.12.54	permit
@@ -784,7 +762,6 @@
 98.137.13.132	permit
 98.137.13.137	permit
 98.137.13.138	permit
-98.137.64.0/21	permit
 98.137.64.0/24	permit
 98.137.65.0/24	permit
 98.137.66.0/24	permit
@@ -808,7 +785,6 @@
 98.138.83.176/31	permit
 98.138.83.179	permit
 98.138.83.180/31	permit
-98.138.84.0/22	permit
 98.138.84.37	permit
 98.138.84.38/31	permit
 98.138.84.40/29	permit
@@ -849,7 +825,6 @@
 98.138.87.148/31	permit
 98.138.87.192/30	permit
 98.138.87.196/31	permit
-98.138.88.0/22	permit
 98.138.88.105	permit
 98.138.88.106	permit
 98.138.88.128/30	permit
@@ -889,7 +864,6 @@
 98.138.91.2/31	permit
 98.138.91.4/31	permit
 98.138.91.6	permit
-98.138.100.0/23	permit
 98.138.100.220/30	permit
 98.138.100.224/30	permit
 98.138.100.228/31	permit
@@ -899,7 +873,6 @@
 98.138.104.100	permit
 98.138.104.112/30	permit
 98.138.104.116	permit
-98.138.120.0/24	permit
 98.138.120.36/30	permit
 98.138.120.48/28	permit
 98.138.197.46/31	permit
@@ -992,12 +965,10 @@
 98.138.213.238/31	permit
 98.138.213.240/31	permit
 98.138.213.242	permit
-98.138.215.0/24	permit
 98.138.215.12/30	permit
 98.138.215.16/28	permit
 98.138.217.216/30	permit
 98.138.217.220/31	permit
-98.138.226.0/24	permit
 98.138.226.30/31	permit
 98.138.226.56/29	permit
 98.138.226.64/30	permit
@@ -1023,21 +994,18 @@
 98.138.227.108/31	permit
 98.138.227.128/30	permit
 98.138.227.132/31	permit
-98.138.229.0/24	permit
 98.138.229.24/29	permit
 98.138.229.32/31	permit
 98.138.229.122/31	permit
 98.138.229.138/31	permit
 98.138.229.154/31	permit
 98.138.229.170/31	permit
-98.139.164.0/24	permit
 98.139.164.96/30	permit
 98.139.164.100/30	permit
 98.139.164.104/29	permit
 98.139.164.112/30	permit
 98.139.172.112/30	permit
 98.139.172.116/31	permit
-98.139.175.0/24	permit
 98.139.175.65	permit
 98.139.175.66/31	permit
 98.139.175.68/30	permit
@@ -1062,10 +1030,8 @@
 98.139.210.196/31	permit
 98.139.210.202/31	permit
 98.139.210.204/30	permit
-98.139.211.0/24	permit
 98.139.211.160/30	permit
 98.139.211.192/28	permit
-98.139.212.0/23	permit
 98.139.212.160/28	permit
 98.139.212.176/29	permit
 98.139.212.184/30	permit
@@ -1080,7 +1046,6 @@
 98.139.214.155	permit
 98.139.214.156/30	permit
 98.139.214.221	permit
-98.139.215.0/24	permit
 98.139.215.228/31	permit
 98.139.215.230	permit
 98.139.215.248/30	permit
@@ -1139,14 +1104,12 @@
 98.139.220.243	permit
 98.139.220.245	permit
 98.139.220.253	permit
-98.139.221.0/24	permit
 98.139.221.43	permit
 98.139.221.60/30	permit
 98.139.221.156/30	permit
 98.139.221.232/30	permit
 98.139.221.236/31	permit
 98.139.221.250	permit
-98.139.244.0/24	permit
 98.139.244.47	permit
 98.139.244.49	permit
 98.139.244.50/31	permit
@@ -1227,7 +1190,6 @@
 106.10.146.52/31	permit
 106.10.146.224/30	permit
 106.10.146.228/31	permit
-106.10.148.0/24	permit
 106.10.148.48/30	permit
 106.10.148.52/31	permit
 106.10.148.68/30	permit
@@ -1240,7 +1202,6 @@
 106.10.149.30	permit
 106.10.149.160/30	permit
 106.10.149.164/31	permit
-106.10.150.0/23	permit
 106.10.150.23	permit
 106.10.150.24/30	permit
 106.10.150.28/31	permit
@@ -1279,7 +1240,6 @@
 106.10.151.250/31	permit
 106.10.151.252/31	permit
 106.10.151.254	permit
-106.10.167.0/24	permit
 106.10.167.72	permit
 106.10.167.128/27	permit
 106.10.167.160/28	permit
@@ -1301,7 +1261,6 @@
 106.10.174.120/30	permit
 106.10.174.154/31	permit
 106.10.174.156/30	permit
-106.10.176.0/24	permit
 106.10.176.32/29	permit
 106.10.176.48	permit
 106.10.176.112	permit
@@ -1320,7 +1279,6 @@
 106.10.196.43	permit
 106.10.196.44/30	permit
 106.10.196.48	permit
-106.10.240.0/22	permit
 106.10.240.0/24	permit
 106.10.241.0/24	permit
 106.10.242.0/24	permit
@@ -1347,7 +1305,6 @@
 111.221.112.0/21	permit
 112.19.199.64/29	permit
 112.19.242.64/29	permit
-116.214.12.0/24	permit
 116.214.12.47	permit
 116.214.12.48/31	permit
 116.214.12.56/31	permit
@@ -1366,7 +1323,6 @@
 121.244.91.48	permit
 122.15.156.182	permit
 123.126.78.64/29	permit
-124.108.96.0/24	permit
 124.108.96.24/31	permit
 124.108.96.28/31	permit
 124.108.96.70/31	permit
@@ -1537,7 +1493,6 @@
 161.71.64.0/20	permit
 162.247.216.0/22	permit
 163.47.180.0/22	permit
-163.47.180.0/23	permit
 163.114.130.16	permit
 163.114.132.120	permit
 164.177.132.168	permit
@@ -1613,8 +1568,7 @@
 182.50.76.0/22	permit
 182.50.78.64/28	permit
 183.240.219.64/29	permit
-185.4.120.0/23	permit
-185.4.122.0/24	permit
+185.4.120.0/22	permit
 185.12.80.0/22	permit
 185.58.84.93	permit
 185.80.93.204	permit
@@ -1624,9 +1578,6 @@
 185.189.236.0/22	permit
 185.211.120.0/22	permit
 185.250.236.0/22	permit
-185.250.239.148	permit
-185.250.239.168	permit
-185.250.239.190	permit
 188.125.68.132	permit
 188.125.68.152/31	permit
 188.125.68.156	permit
@@ -1637,7 +1588,6 @@
 188.125.68.184	permit
 188.125.68.186	permit
 188.125.68.192	permit
-188.125.69.0/24	permit
 188.125.69.105	permit
 188.125.69.110	permit
 188.125.69.112	permit
@@ -1680,9 +1630,6 @@
 192.0.64.0/18	permit
 192.18.139.154	permit
 192.30.252.0/22	permit
-192.64.236.0/24	permit
-192.64.237.0/24	permit
-192.64.238.0/24	permit
 192.161.144.0/20	permit
 192.162.87.0/24	permit
 192.237.158.0/23	permit
@@ -1720,7 +1667,6 @@
 198.37.144.0/20	permit
 198.37.152.186	permit
 198.61.254.0/23	permit
-198.61.254.21	permit
 198.61.254.231	permit
 198.178.234.57	permit
 198.244.48.0/20	permit
@@ -1763,7 +1709,6 @@
 203.188.194.251	permit
 203.188.195.240/30	permit
 203.188.195.244/31	permit
-203.188.197.0/24	permit
 203.188.197.193	permit
 203.188.197.194/31	permit
 203.188.197.196/30	permit
@@ -1773,7 +1718,6 @@
 203.188.197.216/29	permit
 203.188.197.232/29	permit
 203.188.197.240/29	permit
-203.188.200.0/24	permit
 203.188.200.56/31	permit
 203.188.200.58	permit
 203.188.200.60/30	permit
@@ -1793,7 +1737,6 @@
 204.14.232.0/21	permit
 204.14.232.64/28	permit
 204.14.234.64/28	permit
-204.29.186.0/23	permit
 204.75.142.0/24	permit
 204.79.197.212	permit
 204.92.114.187	permit
@@ -1859,7 +1802,6 @@
 208.43.21.64/29	permit
 208.43.21.72/30	permit
 208.64.132.0/22	permit
-208.71.40.0/24	permit
 208.71.40.63	permit
 208.71.40.64/31	permit
 208.71.40.174/31	permit
@@ -1878,7 +1820,6 @@
 208.71.41.172/31	permit
 208.71.41.188/30	permit
 208.71.41.192/31	permit
-208.71.42.0/24	permit
 208.71.42.190/31	permit
 208.71.42.192/28	permit
 208.71.42.208/30	permit
@@ -1901,16 +1842,11 @@
 209.46.117.168	permit
 209.46.117.179	permit
 209.61.151.0/24	permit
-209.61.151.236	permit
-209.61.151.249	permit
-209.61.151.251	permit
 209.67.98.46	permit
 209.67.98.59	permit
 209.85.128.0/17	permit
-212.82.96.0/24	permit
 212.82.96.32/27	permit
 212.82.96.64/29	permit
-212.82.98.0/24	permit
 212.82.98.32/29	permit
 212.82.98.64/27	permit
 212.82.98.96/30	permit
@@ -1992,7 +1928,6 @@
 216.17.150.251	permit
 216.22.15.224/27	permit
 216.24.224.0/20	permit
-216.39.60.0/23	permit
 216.39.60.154/31	permit
 216.39.60.156/30	permit
 216.39.60.160/30	permit
@@ -2010,7 +1945,6 @@
 216.39.61.170	permit
 216.39.61.175	permit
 216.39.61.238/31	permit
-216.39.62.0/24	permit
 216.39.62.32/28	permit
 216.39.62.48/29	permit
 216.39.62.56/30	permit
@@ -2030,7 +1964,6 @@
 216.98.158.0/24	permit
 216.99.5.67	permit
 216.99.5.68	permit
-216.109.114.0/24	permit
 216.109.114.32/27	permit
 216.109.114.64/29	permit
 216.113.160.0/24	permit

From 8a82bab1f3977ff51433e254cc7a28bf67dc97b7 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Tue, 2 Apr 2024 18:04:30 +0200
Subject: [PATCH 185/755] [Web] Updated lang.tr-tr.json (#5815)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Uğurcan Albayrak <canalbayrakugur@gmail.com>
---
 data/web/lang/lang.tr-tr.json | 166 +++++++++++++++++++++++++++++++++-
 1 file changed, 165 insertions(+), 1 deletion(-)

diff --git a/data/web/lang/lang.tr-tr.json b/data/web/lang/lang.tr-tr.json
index 8fff7bfac..e7fb623ce 100644
--- a/data/web/lang/lang.tr-tr.json
+++ b/data/web/lang/lang.tr-tr.json
@@ -1,6 +1,6 @@
 {
     "acl": {
-        "alias_domains": "Alias domain ekle",
+        "alias_domains": "Takma alan adı ekle",
         "app_passwds": "Uygulama şifrelerini yönet",
         "bcc_maps": "BCC haritası",
         "delimiter_action": "Sınırlandırma işlemi",
@@ -1139,5 +1139,169 @@
         "minute": "mesaj / dakika",
         "hour": "mesaj / saat",
         "day": "mesaj / gün"
+    },
+    "user": {
+        "advanced_settings": "Gelişmiş ayarlar",
+        "aliases_also_send_as": "Kullanıcı olarak göndermeye de izin verilir",
+        "direct_aliases_desc": "Doğrudan takma ad adresleri spam filtresi ve TLS ilke ayarlarından etkilenir.",
+        "direct_protocol_access": "Bu posta kutusu kullanıcısının aşağıdaki protokollere ve uygulamalara <b>doğrudan, harici erişimi</b> vardır. Bu ayar yöneticiniz tarafından kontrol edilir. Bireysel protokollere ve uygulamalara erişim vermek için uygulama şifreleri oluşturulabilir.< br>\\\"Web postasında oturum aç\\\" düğmesi, SOGo'da tek oturum açmayı sağlar ve her zaman kullanılabilir.",
+        "pushover_info": "Push bildirim ayarları, takma adlar (paylaşılan, paylaşılmayan, etiketli) dahil <b>%s</b> adresine teslim edilen tüm temiz (spam olmayan) postalar için geçerli olacaktır.",
+        "last_pw_change": "Son şifre değişikliği",
+        "mailbox_details": "Detaylar",
+        "quarantine_notification_info": "Bir bildirim gönderildiğinde, öğeler \\\"bildirildi\\\" olarak işaretlenecek ve bu belirli öğe için başka bildirim gönderilmeyecek.",
+        "alias_extend_all": "Takma adları 1 saat uzat",
+        "app_hint": "Uygulama parolaları, IMAP, SMTP, CalDAV, CardDAV ve EAS oturum açma bilgileriniz için alternatif parolalardır. Kullanıcı adı değişmeden kalır. SOGo web postası, uygulama parolalarıyla kullanılamaz.",
+        "apple_connection_profile_mailonly": "Bu bağlantı profili, bir Apple aygıtı için IMAP ve SMTP yapılandırma parametrelerini içerir.",
+        "no_last_login": "Son kullanıcı arayüzü oturum açma bilgisi yok",
+        "pushover_vars": "Gönderen filtresi tanımlanmadığında, tüm postalar dikkate alınacaktır.<br>Düzenli ifade filtreleri ve tam gönderen kontrolleri ayrı ayrı tanımlanabilir ve sıralı olarak değerlendirilecektir. Birbirlerine bağlı değildirler.<br> Metin ve başlık için kullanılabilir değişkenler (lütfen veri koruma politikalarını dikkate alın)",
+        "shared_aliases_desc": "Paylaşılan takma adlar, spam filtresi veya şifreleme politikası gibi kullanıcıya özel ayarlardan etkilenmez. Karşılık gelen spam filtreleri yalnızca bir yönetici tarafından etki alanı çapında bir politika olarak yapılabilir.",
+        "action": "Eylem",
+        "create_app_passwd": "Uygulama parolası oluştur",
+        "create_syncjob": "Yeni senkronizasyon işi oluştur",
+        "change_password": "Şifre değiştirme",
+        "clear_recent_successful_connections": "Görünen başarılı bağlantıları temizle",
+        "client_configuration": "E-posta istemcileri ve akıllı telefonlar için yapılandırma kılavuzlarını göster",
+        "messages": "mesajlar",
+        "spam_aliases": "Geçici e-posta takma adları",
+        "spam_score_reset": "Sunucu varsayılanına sıfırla",
+        "years": "Yıllar",
+        "change_password_hint_app_passwords": "Hesabınızda değiştirilmeyecek  uygulama şifresi var. Bunları yönetmek için Uygulama şifreleri sekmesine gidin.",
+        "pushover_evaluate_x_prio": "Yüksek öncelikli postayı ilet [<code>X-Priority: 1</code>]",
+        "spamfilter_table_add": "Öge Ekle",
+        "spamfilter_table_domain_policy": "n/a (alan politikası)",
+        "spamfilter_table_empty": "Görüntülenecek veri yok\"",
+        "spamfilter_table_remove": "Kaldır",
+        "tls_policy_warning": "<strong>Uyarı:</strong> Şifreli posta aktarımını zorunlu kılmaya karar verirseniz, e-postalarınızı kaybedebilirsiniz.<br>Politikayı karşılamayan iletiler, posta sistemi tarafından kesin bir başarısızlıkla geri döner.< br>Bu seçenek, birincil e-posta adresiniz (oturum açma adı), takma ad alanlarından türetilen tüm adresler ve ayrıca <b>hedef olarak yalnızca bu tek posta kutusuyla</b> takma ad adresleri için geçerlidir.",
+        "interval": "Aralık",
+        "username": "Kullanıcı adı",
+        "verify": "Doğrula",
+        "waiting": "Bekliyor",
+        "spamfilter_default_score": "Varsayılan değerler",
+        "status": "Durum",
+        "active": "Aktif",
+        "active_sieve": "Aktif filtre",
+        "alias": "Takma ad",
+        "alias_create_random": "Rastgele takma ad oluştur",
+        "alias_full_date": "d.m.Y, H:i:s T",
+        "alias_remove_all": "Tüm takma adları kaldır",
+        "alias_select_validity": "Geçerlilik süresi",
+        "alias_time_left": "Kalan süre",
+        "alias_valid_until": "Tarihe Kadar Geçerli",
+        "aliases_send_as_all": "Aşağıdaki alan(lar) ve takma ad alanları için gönderici erişimini kontrol etmeyin",
+        "allowed_protocols": "İzin verilen protokoller",
+        "app_name": "Uygulama adı",
+        "app_passwds": "Uygulama şifreleri",
+        "apple_connection_profile": "Apple bağlantı profili",
+        "apple_connection_profile_complete": "Bu bağlantı profili, bir Apple aygıtı için IMAP ve SMTP parametrelerinin yanı sıra CalDAV (takvimler) ve CardDAV (kişiler) yollarını içerir.",
+        "apple_connection_profile_with_app_password": "Yeni bir uygulama parolası oluşturulur ve profile eklenir, böylece cihazınızı kurarken parola girilmesi gerekmez. Posta kutunuza tam erişim sağladığı için lütfen dosyayı paylaşmayın.",
+        "attribute": "Özellik",
+        "created_on": "Oluşturulma tarihi",
+        "daily": "Günlük",
+        "day": "Gün",
+        "delete_ays": "Lütfen silme işlemini onaylayın.",
+        "direct_aliases": "Doğrudan takma ad adresleri",
+        "eas_reset_help": "Birçok durumda cihaz önbelleğini sıfırlama, bozuk bir ActiveSync profilini kurtarmaya yardımcı olur.<br><b>Dikkat:</b> Tüm öğeler yeniden indirilecek!",
+        "edit": "Düzenle",
+        "email": "e-posta",
+        "email_and_dav": "e-posta, takvimler ve kişiler",
+        "empty": "Sonuç yok",
+        "encryption": "Şifreleme",
+        "excludes": "Hariçtir",
+        "expire_in": "Son kullanma tarihi",
+        "fido2_webauthn": "FIDO2/WebAuthn",
+        "force_pw_update": "Grup yazılımıyla ilgili hizmetlere erişebilmek için yeni bir parola <b>gerekir</b> ayarlamalısınız.",
+        "from": "Kimden",
+        "generate": "Oluştur",
+        "hour": "Saat",
+        "hourly": "Saatlik",
+        "hours": "Saatler",
+        "in_use": "Kullanılmış",
+        "is_catch_all": "Alan/alanlar için tümünü yakala",
+        "last_mail_login": "Son posta girişi",
+        "last_run": "Son çalıştırma",
+        "last_ui_login": "Kullanıcının son  arayüzü girişi",
+        "loading": "Yükleniyor...",
+        "login_history": "Giriş geçmişi",
+        "mailbox": "Posta Kutusu",
+        "mailbox_general": "Genel",
+        "mailbox_settings": "Ayarlar",
+        "month": "Ay",
+        "months": "Aylar",
+        "never": "Asla",
+        "new_password": "Yeni şifre",
+        "new_password_repeat": "Onay şifresi (tekrar)",
+        "no_active_filter": "Aktif filtre mevcut değil",
+        "no_record": "Kayıt yok",
+        "open_logs": "Günlükleri açın",
+        "open_webmail_sso": "Web postasına giriş yapın",
+        "password": "Şifre",
+        "password_now": "Geçerli şifre (değişiklikleri onaylayın)",
+        "password_repeat": "Şifre (tekrar)",
+        "pushover_only_x_prio": "Yalnızca yüksek öncelikli postaları dikkate alın [<code>X-Priority: 1</code>]",
+        "pushover_sender_array": "Aşağıdaki gönderen e-posta adreslerini <small>(virgülle ayrılmış)</small> göz önünde bulundurun",
+        "pushover_sender_regex": "Gönderenleri aşağıdaki normal ifadeye göre eşleştir",
+        "pushover_text": "Bildirim metni",
+        "pushover_title": "Bildirim başlığı",
+        "pushover_sound": "Ses",
+        "pushover_verify": "Kimlik bilgilerini doğrula",
+        "q_add_header": "Önemsiz klasör",
+        "q_all": "Tüm  kategoriler",
+        "quarantine_category": "Karantina bildirim kategorisi",
+        "quarantine_category_info": "\\\"Reddedildi\\\" bildirim kategorisi reddedilen postaları içerirken, \\\"Önemsiz klasör\\\" bir kullanıcıyı önemsiz klasörüne konan postalar hakkında bilgilendirir.",
+        "quarantine_notification": "Karantina bildirimleri",
+        "recent_successful_connections": "Başarılı bağlantılar görüldü",
+        "remove": "Kaldır.",
+        "running": "Çalıştırılıyor...",
+        "save": "Değişiklikleri Kaydet",
+        "save_changes": "Değişiklikleri Kaydet",
+        "sender_acl_disabled": "<span class=\\\"label label-danger\\\">Gönderen denetimi devre dışı</span>",
+        "shared_aliases": "Paylaşılan takma ad adresleri",
+        "show_sieve_filters": "Etkin kullanıcı elek filtresini göster",
+        "sogo_profile_reset": "SOGo profilini sıfırla",
+        "sogo_profile_reset_help": "Bu, kullanıcının SOGo profilini yok edecek ve <b>geri alınamayan tüm kişi ve takvim verilerini siler</b>.",
+        "sogo_profile_reset_now": "Profili şimdi sıfırla",
+        "spamfilter": "Spam filtresi",
+        "spamfilter_behavior": "Derecelendirme",
+        "spamfilter_bl": "Kara liste",
+        "sync_jobs": "İşleri senkronize et",
+        "spamfilter_bl_desc": "Spam olarak sınıflandırılacak ve reddedilecek <b>her zaman</b> kara listeye alınan e-posta adresleri. Reddedilen postalar karantinaya <b>kopyalanmaz</b>. Joker karakterler kullanılabilir. Bir filtre yalnızca şunlara uygulanır tüm takma adları ve bir posta kutusunun kendisi hariç doğrudan takma adlar (tek bir hedef posta kutusuna sahip takma adlar).",
+        "spamfilter_green": "Yeşil: bu mesaj spam değil",
+        "spamfilter_hint": "İlk değer \\\"düşük spam puanını\\\" tanımlar, ikincisi \\\"yüksek spam puanını\\\" temsil eder.",
+        "spamfilter_red": "Kırmızı: Bu ileti istenmeyen postadır ve sunucu tarafından reddedilecektir",
+        "spamfilter_table_action": "Eylem",
+        "spamfilter_table_rule": "Kural",
+        "spamfilter_wl": "Beyaz liste",
+        "spamfilter_wl_desc": "Beyaz listeye alınan e-posta adresleri spam olarak <b>asla</b> sınıflandırılmayacak şekilde programlanmıştır. Joker karakterler kullanılabilir. Bir filtre yalnızca, tümünü yakalama takma adları ve bir posta kutusunun kendisi.",
+        "spamfilter_yellow": "Sarı: bu mesaj spam olabilir, spam olarak etiketlenecek ve gereksiz klasörünüze taşınacak",
+        "syncjob_check_log": "İşleri senkronize et",
+        "syncjob_last_run_result": "Son çalıştırma sonucu",
+        "syncjob_EX_OK": "Başarılı",
+        "syncjob_EXIT_CONNECTION_FAILURE": "Bağlantı sorunu",
+        "syncjob_EXIT_TLS_FAILURE": "Şifreli bağlantı ile ilgili sorun",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Kimlik doğrulama sorunu",
+        "syncjob_EXIT_OVERQUOTA": "Hedef posta kutusu kotayı aştı",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Uzak sunucuya bağlanılamıyor",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Yanlış kullanıcı adı veya şifre",
+        "tag_handling": "Etiketli postalar için işlemeyi ayarla",
+        "tag_help_example": "Etiketli bir e-posta adresi örneği: ben<b>+Facebook</b>@example.org",
+        "tag_help_explain": "Alt klasörde: INBOX (\\\"INBOX/Facebook\\\") altında etiketten sonra adlandırılan yeni bir alt klasör oluşturulacak.<br>\\r\\nKonuda: etiketlerin adı posta konusunun önüne eklenecek, örnek: \\\"[Facebook] Haberlerim\\\".",
+        "tag_in_none": "Hiçbir şey yapma",
+        "tag_in_subfolder": "Alt klasörde",
+        "tag_in_subject": "Konuda",
+        "text": "Metin",
+        "title": "Başlık",
+        "tls_enforce_in": "TLS gelenini zorunlu kıl",
+        "tls_enforce_out": "TLS gidenini zorunlu kıl",
+        "tls_policy": "Şifreleme politikası",
+        "user_settings": "Kullanıcı ayarları",
+        "value": "Değer",
+        "weekly": "Haftalık",
+        "weeks": "Haftalar",
+        "with_app_password": "Uygulama şifresi ile",
+        "year": "Yıl",
+        "eas_reset": "ActiveSync cihaz önbelleğini sıfırla",
+        "eas_reset_now": "Şimdi sıfırla",
+        "q_reject": "Reddedildi",
+        "week": "Hafta"
     }
 }

From 00d4b32a1b0b2b6072e7b62eb52408044a2438d7 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 3 Apr 2024 10:06:43 +0200
Subject: [PATCH 186/755] [Web] deny api calls from sogo

---
 data/web/json_api.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/data/web/json_api.php b/data/web/json_api.php
index 28f8cac56..0240626a0 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -47,6 +47,14 @@ function api_log($_data) {
   }
 }
 
+// deny requests from /SOGo locations
+if (isset($_SERVER['HTTP_REFERER'])) {
+  if (strpos(strtolower($_SERVER['HTTP_REFERER']), '/sogo') !== false) {
+    header('HTTP/1.1 403 Forbidden');
+    exit;
+  }
+}
+
 if (isset($_GET['query'])) {
 
   $query = explode('/', $_GET['query']);

From 2db8f482dbadcacf98bac77733daaf14c61b7e02 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 3 Apr 2024 10:07:36 +0200
Subject: [PATCH 187/755] [Web] escape html of alert messages

---
 data/web/inc/footer.inc.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/data/web/inc/footer.inc.php b/data/web/inc/footer.inc.php
index 61d81dffa..cd689cd14 100644
--- a/data/web/inc/footer.inc.php
+++ b/data/web/inc/footer.inc.php
@@ -12,7 +12,8 @@ $alertbox_log_parser = alertbox_log_parser($_SESSION);
 $alerts = [];
 if (is_array($alertbox_log_parser)) {
   foreach ($alertbox_log_parser as $log) {
-    $message = strtr($log['msg'], ["\n" => '', "\r" => '', "\t" => '<br>']);
+    $message = htmlspecialchars($log['msg'], ENT_QUOTES);
+    $message = strtr($message, ["\n" => '', "\r" => '', "\t" => '<br>']);
     $alerts[trim($log['type'], '"')][] = trim($message, '"');
   }
   $alert = array_filter(array_unique($alerts));

From 0d09c86c124e9a4f17f6813ce06cc4537ce81b46 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 3 Apr 2024 10:08:18 +0200
Subject: [PATCH 188/755] [Web] fix invalid rspamd map check

---
 data/web/inc/functions.rspamd.inc.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/data/web/inc/functions.rspamd.inc.php b/data/web/inc/functions.rspamd.inc.php
index fd1c5bd6c..ec86919c3 100644
--- a/data/web/inc/functions.rspamd.inc.php
+++ b/data/web/inc/functions.rspamd.inc.php
@@ -143,6 +143,7 @@ function rspamd_maps($_action, $_data = null) {
         return false;
       }
       $maps = (array)$_data['map'];
+      $valid_maps = array();
       foreach ($maps as $map) {
         foreach ($RSPAMD_MAPS as $rspamd_map_type) {
           if (!in_array($map, $rspamd_map_type)) {
@@ -151,9 +152,12 @@ function rspamd_maps($_action, $_data = null) {
               'log' => array(__FUNCTION__, $_action, '-'),
               'msg' => array('global_map_invalid', $map)
             );
-            continue;
+          } else {
+            array_push($valid_maps, $map);
           }
         }
+      }
+      foreach ($valid_maps as $map) {
         try {
           if (file_exists('/rspamd_custom_maps/' . $map)) {
             $map_content = trim($_data['rspamd_map_data']);

From 3aee2b6cf567222b6ea962f1a4d17160a283bb82 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 3 Apr 2024 11:43:48 +0200
Subject: [PATCH 189/755] [Web] use SEC_FETCH_DEST header instead of Referer to
 block api requests

---
 data/web/json_api.php | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/data/web/json_api.php b/data/web/json_api.php
index 0240626a0..9e165b68e 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -47,12 +47,10 @@ function api_log($_data) {
   }
 }
 
-// deny requests from /SOGo locations
-if (isset($_SERVER['HTTP_REFERER'])) {
-  if (strpos(strtolower($_SERVER['HTTP_REFERER']), '/sogo') !== false) {
-    header('HTTP/1.1 403 Forbidden');
-    exit;
-  }
+// Block requests not intended for direct API use by checking the 'Sec-Fetch-Dest' header.
+if (isset($_SERVER['HTTP_SEC_FETCH_DEST']) && $_SERVER['HTTP_SEC_FETCH_DEST'] !== 'empty') {
+  header('HTTP/1.1 403 Forbidden');
+  exit;
 }
 
 if (isset($_GET['query'])) {

From c68a436a222e10c9c9a21d58d13c9b48c03d8eb3 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 4 Apr 2024 09:30:30 +0200
Subject: [PATCH 190/755] [Web] fix invalid rspamd map check

---
 data/web/inc/functions.rspamd.inc.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/data/web/inc/functions.rspamd.inc.php b/data/web/inc/functions.rspamd.inc.php
index fd1c5bd6c..ec86919c3 100644
--- a/data/web/inc/functions.rspamd.inc.php
+++ b/data/web/inc/functions.rspamd.inc.php
@@ -143,6 +143,7 @@ function rspamd_maps($_action, $_data = null) {
         return false;
       }
       $maps = (array)$_data['map'];
+      $valid_maps = array();
       foreach ($maps as $map) {
         foreach ($RSPAMD_MAPS as $rspamd_map_type) {
           if (!in_array($map, $rspamd_map_type)) {
@@ -151,9 +152,12 @@ function rspamd_maps($_action, $_data = null) {
               'log' => array(__FUNCTION__, $_action, '-'),
               'msg' => array('global_map_invalid', $map)
             );
-            continue;
+          } else {
+            array_push($valid_maps, $map);
           }
         }
+      }
+      foreach ($valid_maps as $map) {
         try {
           if (file_exists('/rspamd_custom_maps/' . $map)) {
             $map_content = trim($_data['rspamd_map_data']);

From cd24057f1ad410c2f6117b481af137e8b27b25d3 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 4 Apr 2024 09:31:03 +0200
Subject: [PATCH 191/755] [Web] use SEC_FETCH_DEST header to block api requests

---
 data/web/json_api.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/data/web/json_api.php b/data/web/json_api.php
index 079e79ce8..2458e6624 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -47,6 +47,12 @@ function api_log($_data) {
   }
 }
 
+// Block requests not intended for direct API use by checking the 'Sec-Fetch-Dest' header.
+if (isset($_SERVER['HTTP_SEC_FETCH_DEST']) && $_SERVER['HTTP_SEC_FETCH_DEST'] !== 'empty') {
+  header('HTTP/1.1 403 Forbidden');
+  exit;
+}
+
 if (isset($_GET['query'])) {
 
   $query = explode('/', $_GET['query']);

From cf2fda66e2f359e50e2ac255f731509c35ff48fe Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 4 Apr 2024 09:31:20 +0200
Subject: [PATCH 192/755] [Web] escape html of alert messages

---
 data/web/inc/footer.inc.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/data/web/inc/footer.inc.php b/data/web/inc/footer.inc.php
index 8c50c9c15..ac1bff033 100644
--- a/data/web/inc/footer.inc.php
+++ b/data/web/inc/footer.inc.php
@@ -12,7 +12,8 @@ $alertbox_log_parser = alertbox_log_parser($_SESSION);
 $alerts = [];
 if (is_array($alertbox_log_parser)) {
   foreach ($alertbox_log_parser as $log) {
-    $message = strtr($log['msg'], ["\n" => '', "\r" => '', "\t" => '<br>']);
+    $message = htmlspecialchars($log['msg'], ENT_QUOTES);
+    $message = strtr($message, ["\n" => '', "\r" => '', "\t" => '<br>']);
     $alerts[trim($log['type'], '"')][] = trim($message, '"');
   }
   $alert = array_filter(array_unique($alerts));

From 7660ca89ae35f9900fef1858f53c292b22883faa Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 4 Apr 2024 16:29:58 +0200
Subject: [PATCH 193/755] [Web] break loop if rspamd_map is valid

---
 data/web/inc/functions.rspamd.inc.php | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/data/web/inc/functions.rspamd.inc.php b/data/web/inc/functions.rspamd.inc.php
index ec86919c3..c2444d99d 100644
--- a/data/web/inc/functions.rspamd.inc.php
+++ b/data/web/inc/functions.rspamd.inc.php
@@ -145,17 +145,22 @@ function rspamd_maps($_action, $_data = null) {
       $maps = (array)$_data['map'];
       $valid_maps = array();
       foreach ($maps as $map) {
+        $is_valid = false;
         foreach ($RSPAMD_MAPS as $rspamd_map_type) {
-          if (!in_array($map, $rspamd_map_type)) {
-            $_SESSION['return'][] = array(
-              'type' => 'danger',
-              'log' => array(__FUNCTION__, $_action, '-'),
-              'msg' => array('global_map_invalid', $map)
-            );
-          } else {
-            array_push($valid_maps, $map);
+          if (in_array($map, $rspamd_map_type)) {
+            $is_valid = true;
+            break;
           }
         }
+        if ($is_valid) {
+          array_push($valid_maps, $map);
+        } else {
+          $_SESSION['return'][] = array(
+            'type' => 'danger',
+            'log' => array(__FUNCTION__, $_action, '-'),
+            'msg' => array('global_map_invalid', $map)
+          );
+        }
       }
       foreach ($valid_maps as $map) {
         try {

From b37caaf9e51d23fce11981a63d7355ccb2665584 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 4 Apr 2024 16:30:35 +0200
Subject: [PATCH 194/755] [Web] secure container_ctrl.php

---
 data/web/inc/ajax/container_ctrl.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/data/web/inc/ajax/container_ctrl.php b/data/web/inc/ajax/container_ctrl.php
index f0e220f9c..48c21cb13 100644
--- a/data/web/inc/ajax/container_ctrl.php
+++ b/data/web/inc/ajax/container_ctrl.php
@@ -1,4 +1,11 @@
 <?php
+
+// Block requests by checking the 'Sec-Fetch-Dest' header.
+if (isset($_SERVER['HTTP_SEC_FETCH_DEST']) && $_SERVER['HTTP_SEC_FETCH_DEST'] !== 'empty') {
+  header('HTTP/1.1 403 Forbidden');
+  exit;
+}
+
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
 if (!isset($_SESSION['mailcow_cc_role']) || $_SESSION['mailcow_cc_role'] != 'admin') {
 	exit();

From 62e458f39b2600e1003a26cf86eb32f6a4b89328 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Thu, 4 Apr 2024 19:23:02 +0200
Subject: [PATCH 195/755] [Web] Updated lang.fr-fr.json (#5824)

Co-authored-by: Quiwy <github@quiwy.ninja>
---
 data/web/lang/lang.fr-fr.json | 324 +++++++++++++++++++++++-----------
 1 file changed, 218 insertions(+), 106 deletions(-)

diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index dd048a3f5..f6b767141 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -96,7 +96,7 @@
         "skipcrossduplicates": "Ignorer les messages en double dans les dossiers (premier arrivé, premier servi)",
         "subscribeall": "S'abonner à tous les dossiers",
         "syncjob": "Ajouter une tâche de synchronisation",
-        "syncjob_hint": "Sachez que les mots de passe seront sauvegardés en clair !",
+        "syncjob_hint": "Sachez que les mots de passe seront enregistrés en clair !",
         "target_address": "Aller à l'adresse",
         "target_address_info": "<small>Adresse(s) de courriel complète(s) (séparées par des virgules).</small>",
         "target_domain": "Domaine cible",
@@ -194,7 +194,7 @@
         "generate": "générer",
         "guid": "GUID - Identifiant de l'instance",
         "guid_and_license": "GUID & Licence",
-        "hash_remove_info": "La suppression d'un hachage ratelimit (s'il existe toujours) réinitialisera complètement son compteur.<br>\r\n  Chaque hachage est indiqué par une couleur individuelle.",
+        "hash_remove_info": "La suppression d'un hachage limite d'envoi (s'il existe toujours) réinitialisera complètement son compteur.<br>\n  Chaque hachage est indiqué par une couleur individuelle.",
         "help_text": "Remplacer le texte d'aide sous le masque de connexion (HTML autorisé)",
         "host": "Hôte",
         "html": "HTML",
@@ -237,7 +237,7 @@
         "quarantine_max_age": "Âge maximun en jour(s)<br><small>La valeur doit être égale ou supérieure à 1 jour.</small>",
         "quarantine_max_size": "Taille maximum en Mo (les éléments plus grands sont mis au rebut):<br><small>0 ne signifie <b>pas</b> illimité.</small>",
         "quarantine_max_score": "Ignorer la notification si le score de spam est au dessus de cette valeur :<br><small>Par défaut : 9999.0</small>",
-        "quarantine_notification_html": "Modèle de courriel de notification:<br><small>Laisser vide pour restaurer le modèle par défaut.</small>",
+        "quarantine_notification_html": "Modèle de courriel de notification :<br><small>Laisser vide pour restaurer le modèle par défaut.</small>",
         "quarantine_notification_sender": "Notification par e-mail de l’expéditeur",
         "quarantine_notification_subject": "Objet du courriel de notification",
         "quarantine_redirect": "<b>Rediriger toutes les notifications</b> vers ce destinataire:<br><small>Laisser vide pour désactiver. <b>Courrier non signé et non coché. Doit être livré en interne seulement.</b></small>",
@@ -245,7 +245,7 @@
         "quarantine_release_format_att": "En pièce jointe",
         "quarantine_release_format_raw": "Original non modifié",
         "quarantine_retention_size": "Rétentions par boîte:<br><small>0 indique <b>inactive</b>.</small>",
-        "quota_notification_html": "Modèle de courriel de notification:<br><small>Laisser vide pour restaurer le modèle par défaut.</small>",
+        "quota_notification_html": "Modèle de courriel de notification :<br><small>Laisser vide pour restaurer le modèle par défaut.</small>",
         "quota_notification_sender": "Notification par e-mail de l’expéditeur",
         "quota_notification_subject": "Objet du courriel de notification",
         "quota_notifications": "Notifications de quotas",
@@ -254,7 +254,7 @@
         "r_active": "Restrictions actives",
         "r_inactive": "Restrictions inactives",
         "r_info": "Les éléments grisés/désactivés sur la liste des restrictions actives ne sont pas considérés comme des restrictions valides pour Mailcow et ne peuvent pas être déplacés. Des restrictions inconnues seront établies par ordre d’apparition de toute façon. <br>Vous pouvez ajouter de nouveaux éléments dans le code <code>inc/vars.local.inc.php</code> pour pouvoir les basculer.",
-        "rate_name": "Nom du taux",
+        "rate_name": "Nom de la limite",
         "recipients": "Destinataires",
         "refresh": "Rafraîchir",
         "regen_api_key": "Regénérer la clé API",
@@ -274,7 +274,7 @@
         "rsetting_no_selection": "Veuillez sélectionner une règle",
         "rsetting_none": "Pas de règles disponibles",
         "rsettings_insert_preset": "Insérer un exemple de préréglage \"%s\"",
-        "rsettings_preset_1": "Désactiver tout sauf DKIM et la limite tarifaire pour les utilisateurs authentifiés",
+        "rsettings_preset_1": "Désactiver tout sauf DKIM et la limite d'envoi pour les utilisateurs authentifiés",
         "rsettings_preset_2": "Les postmasters veulent du spam",
         "rsettings_preset_3": "Autoriser uniquement des expéditeurs particuliers pour une boîte (c.-à-d. utilisation comme boîte interne seulement)",
         "rspamd_com_settings": "Un nom de paramètre sera généré automatiquement, voir l’exemple de préréglages ci-dessous. Pour plus de détails voir : <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Docs Rspamd</a>",
@@ -312,7 +312,7 @@
         "ui_header_announcement_type_warning": "Important",
         "ui_header_announcement_type_danger": "Très important",
         "ui_texts": "Textes et étiquettes de l'interface utilisateur",
-        "unban_pending": "unban en attente",
+        "unban_pending": "Débanissement en attente",
         "unchanged_if_empty": "Si non modifié, laisser en blanc",
         "upload": "Charger",
         "username": "Nom d'utilisateur",
@@ -338,7 +338,12 @@
         "oauth2_apps": "Applications OAuth2",
         "password_length": "Longueur des mots de passe",
         "password_policy_chars": "Doit contenir au moins une lettre",
-        "password_policy_length": "La longueur minimale du mot de passe est de %d"
+        "password_policy_length": "La longueur minimale du mot de passe est de %d",
+        "f2b_manage_external_info": "Fail2ban maintiendra la liste de bannissement, mais ne définira pas activement de règles pour bloquer le trafic. Utilisez la liste de bannissement générée ci-dessous pour bloquer le trafic de manière externe.",
+        "f2b_manage_external": "Gérer Fail2Ban en externe",
+        "transport_test_rcpt_info": "&#8226 ; Utilisez null@hosted.mailcow.de pour tester le relais vers une destination étrangère.",
+        "relay_rcpt": "Adresse \"À :\".",
+        "is_mx_based": "Basé sur MX"
     },
     "danger": {
         "access_denied": "Accès refusé ou données de formulaire non valides",
@@ -352,7 +357,7 @@
         "app_passwd_id_invalid": "Le mot de passe ID %s de l'application est non valide",
         "bcc_empty": "La destination BCC destination ne peut pas être vide",
         "bcc_exists": "Une carte de transport BCC %s existe pour le type %s",
-        "bcc_must_be_email": "Le destination BCC %s n'est pas une adresse e-mail valide",
+        "bcc_must_be_email": "La destination BCC %s n'est pas une adresse e-mail valide",
         "comment_too_long": "Le commentaire est trop long, 160 caractère max sont permis",
         "defquota_empty": "Le quota par défaut par boîte ne doit pas être 0.",
         "description_invalid": "La description des ressources pour %s est non valide",
@@ -396,7 +401,7 @@
         "mailbox_defquota_exceeds_mailbox_maxquota": "Le quota par défaut dépasse la limite maximale du quota",
         "mailbox_invalid": "Le nom de la boîte n'est pas valide",
         "mailbox_quota_exceeded": "Le quota dépasse la limite du domaine (max. %d Mo)",
-        "mailbox_quota_exceeds_domain_quota": "Le quota maximum dépasse la limite du quota de domaine",
+        "mailbox_quota_exceeds_domain_quota": "Le quota maximal dépasse la limite du quota de domaine",
         "mailbox_quota_left_exceeded": "Espace libre insuffisant (espace libre : %d Mio)",
         "mailboxes_in_use": "Le max. des boîtes doit être supérieur ou égal à %d",
         "malformed_username": "Nom d’utilisateur malformé",
@@ -429,15 +434,15 @@
         "release_send_failed": "Le message n’a pas pu être diffusé : %s",
         "reset_f2b_regex": "Le filtre regex n'a pas pu être réinitialisé à temps, veuillez réessayer ou attendre quelques secondes de plus et recharger le site web.",
         "resource_invalid": "Le nom de la resource %s n'est pas valide",
-        "rl_timeframe": "Le délai limite du taux est incorrect",
-        "rspamd_ui_pw_length": "Le mot de passe de l'interface Rspamd doit être de 6 caratères au minimum",
+        "rl_timeframe": "Le délai de la limite d'envoi est incorrect",
+        "rspamd_ui_pw_length": "Le mot de passe de l'interface Rspamd doit être de 6 caractères au minimum",
         "script_empty": "Le script ne peut pas être vide",
         "sender_acl_invalid": "La valeur ACL de l’expéditeur %s est invalide",
-        "set_acl_failed": "Impossible de définir ACL",
+        "set_acl_failed": "Impossible de définir l'ACL",
         "settings_map_invalid": "La carte des paramètres %s est invalide",
         "sieve_error": "Erreur d'analyse syntaxique Sieve : %s",
         "spam_learn_error": "Erreur d'apprentissage du spam : %s",
-        "subject_empty": "Le sujet ne peut^pas être vide",
+        "subject_empty": "Le sujet ne peut pas être vide",
         "target_domain_invalid": "Le domaine cible %s n'est pas valide",
         "targetd_not_found": "Le domaine cible %s est introuvable",
         "targetd_relay_domain": "Le domaine cible %s est un domaine de relais",
@@ -449,7 +454,7 @@
         "tls_policy_map_parameter_invalid": "Le paramètre Policy est invalide",
         "totp_verification_failed": "Echec de la vérification TOTP",
         "transport_dest_exists": "La destination de transport \"%s\" existe",
-        "webauthn_verification_failed": "Echec de la vérification WebAuthn : %s",
+        "webauthn_verification_failed": "Échec de la vérification WebAuthn : %s",
         "fido2_verification_failed": "La vérification FIDO2 a échoué : %s",
         "unknown": "Une erreur inconnue est survenue",
         "unknown_tfa_method": "Methode TFA inconnue",
@@ -458,13 +463,18 @@
         "validity_missing": "Veuillez attribuer une période de validité",
         "value_missing": "Veuillez fournir toutes les valeurs",
         "yotp_verification_failed": "La vérification Yubico OTP a échoué : %s",
-        "webauthn_authenticator_failed": "L'authentificateur selectionné est introuvable",
+        "webauthn_authenticator_failed": "L'authentificateur sélectionné est introuvable",
         "demo_mode_enabled": "Le mode de démonstration est activé",
-        "template_exists": "La template %s existe déja",
-        "template_id_invalid": "Le numéro de template %s est invalide",
-        "template_name_invalid": "Le nom de la template est invalide",
+        "template_exists": "Le modèle %s existe déjà",
+        "template_id_invalid": "Le numéro de modèle %s est invalide",
+        "template_name_invalid": "Le nom du modèle est invalide",
         "img_dimensions_exceeded": "L'image dépasse les dimensions maximales",
-        "img_size_exceeded": "L'image dépasse la taille maximale de fichier"
+        "img_size_exceeded": "L'image dépasse la taille maximale de fichier",
+        "webauthn_publickey_failed": "Aucune clé publique n'a été stockée pour l'authentificateur sélectionné.",
+        "cors_invalid_method": "Allow-Method specifiée invalide",
+        "cors_invalid_origin": "Allow-Origin spécifiée invalide",
+        "extended_sender_acl_denied": "ACL manquante pour définir les adresses des expéditeurs externes",
+        "webauthn_username_failed": "L'authentificateur sélectionné appartient à un autre compte"
     },
     "debug": {
         "chart_this_server": "Graphique (ce serveur)",
@@ -474,7 +484,7 @@
         "history_all_servers": "Historique (tous les serveurs)",
         "in_memory_logs": "Logs En-mémoire",
         "jvm_memory_solr": "Utilisation mémoire JVM",
-        "log_info": "<p>Les logs <b>En-mémoire</b> Mailcow sont collectés dans des listes Redis et découpées en LOG_LINES (%d) chaque minute pour réduire la charge.\r\n  <br>Les logs En-mémoire ne sont pas destinés à être persistants. Toutes les applications qui se connectent en mémoire, se connectent également au démon Docker et donc au pilote de journalisation par défaut.\r\n  <br>Le type de journal en mémoire doit être utilisé pour déboguer les problèmes mineurs avec les conteneurs.</p>\r\n  <p><b>Les logs externes</b> sont collectés via l'API de l'application concernée.</p>\r\n  <p>Les journaux <b>statiques</b> sont principalement des journaux d’activité, qui ne sont pas enregistrés dans Dockerd, mais qui doivent toujours être persistants (sauf pour les logs API).</p>",
+        "log_info": "<p>Les logs <b>En-mémoire</b> Mailcow sont collectés dans des listes Redis et découpées en LOG_LINES (%d) chaque minute pour réduire la charge.\n  <br>Les logs En-mémoire ne sont pas destinés à être persistants. Toutes les applications qui se connectent en mémoire, se connectent également au démon Docker, et donc au pilote de journalisation par défaut.\n  <br>Le type de journal en mémoire doit être utilisé pour déboguer les problèmes mineurs avec les conteneurs.</p>\n  <p><b>Les logs externes</b> sont collectés via l'API de l'application concernée.</p>\n  <p>Les journaux <b>statiques</b> sont principalement des journaux d’activité, qui ne sont pas enregistrés dans Dockerd, mais qui doivent toujours être persistants (sauf pour les logs API).</p>",
         "logs": "Logs",
         "restart_container": "Redémarrer",
         "solr_dead": "Solr est en cours de démarrage, désactivé ou mort.",
@@ -487,7 +497,13 @@
         "uptime": "Disponibilité",
         "started_on": "Démarré à",
         "static_logs": "Logs statiques",
-        "system_containers": "Système & Conteneurs"
+        "system_containers": "Système & Conteneurs",
+        "timezone": "Fuseau horaire",
+        "username": "Nom d'utilisateur",
+        "wip": "En cours de réalisation",
+        "architecture": "Architecture",
+        "cores": "Cœurs",
+        "current_time": "Heure du système"
     },
     "diagnostics": {
         "cname_from_a": "Valeur dérivée de l’enregistrement A/AAAA. Ceci est supporté tant que l’enregistrement indique la bonne ressource.",
@@ -496,7 +512,7 @@
         "dns_records_docs": "Veuillez également consulter <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">la documentation</a>.",
         "dns_records_data": "Données correcte",
         "dns_records_name": "Nom",
-        "dns_records_status": "Etat courant",
+        "dns_records_status": "État courant",
         "dns_records_type": "Type",
         "optional": "Cet enregistrement est optionel."
     },
@@ -527,7 +543,7 @@
         "domains": "Domaines",
         "dont_check_sender_acl": "Désactiver la vérification de l’expéditeur pour le domaine %s (+ alias de domaines)",
         "edit_alias_domain": "Édition des alias de domaine",
-        "encryption": "Cryptage",
+        "encryption": "Chiffrement",
         "exclude": "Exclure des objets (regex)",
         "extended_sender_acl": "Adresses de l’expéditeur externe",
         "extended_sender_acl_info": "Une clé de domaine DKIM doit être importée, si disponible.<br>\r\n  N’oubliez pas d’ajouter ce serveur à l’enregistrement TXT SPF correspondant.<br>\r\n  Chaque fois qu’un domaine ou un alias de domaine est ajouté à ce serveur, et qui chevauche une adresse externe, l’adresse externe est supprimée.<br>\r\n  Utiliser @domain.tld pour permettre l'envoi comme *@domain.tld.",
@@ -549,7 +565,7 @@
         "max_quota": "Quota max. par boîte mail (Mo)",
         "maxage": "Âge maximal en jours des messages qui seront consultés à distance<br><small>(0 = ignorer la durée)</small>",
         "maxbytespersecond": "Octets max. par seconde <br><small>(0 = pas de limite)</small>",
-        "mbox_rl_info": "Cette limite de taux est appliquée au nom de connexion SASL, elle correspond à toute adresse \"from\" utilisée par l’utilisateur connecté. Une limite tarifaire pour les boîtes remplace une limite tarifaire pour l’ensemble du domaine.",
+        "mbox_rl_info": "Cette limite d'envoi est appliquée au nom de connexion SASL, elle correspond à toute adresse \"from\" utilisée par l’utilisateur connecté. Une limite d'envoi pour les boîtes remplace une limite d'envoi pour l’ensemble du domaine.",
         "mins_interval": "Intervalle (min)",
         "multiple_bookings": "Réservations multiples",
         "nexthop": "Saut suivant",
@@ -559,22 +575,22 @@
         "private_comment": "Commentaire privé",
         "public_comment": "Commentaire public",
         "pushover_evaluate_x_prio": "Acheminement du courrier hautement prioritaire [<code>X-Priority: 1</code>]",
-        "pushover_info": "Les paramètres de notification push s’appliqueront à tout le courrier propre (non spam) livré à <b>%s</b> y compris les alias (partagés, non partagés, étiquetés).",
+        "pushover_info": "Les paramètres de notification push s’appliqueront à tout le courrier propre (non-spam) livré à <b>%s</b> y compris les alias (partagés, non partagés, étiquetés).",
         "pushover_only_x_prio": "Ne tenir compte que du courrier hautement prioritaire [<code>X-Priority: 1</code>]",
         "pushover_sender_array": "Ne tenir compte que des adresses électroniques suivantes de l’expéditeur : <small>(séparées par des virgules)</small>",
         "pushover_sender_regex": "Tenir compte de l’expéditeur regex suivant",
         "pushover_text": "Texte de la notification",
         "pushover_title": "Titre de la notification",
         "pushover_vars": "Lorsque aucun filtre d’expéditeur n’est défini, tous les messages seront considérés.<br>Les filtres Regex ainsi que les vérifications exactes de l’expéditeur peuvent être définis individuellement et seront considérés de façon séquentielle. Ils ne dépendent pas les uns des autres.<br>Variables utilisables pour le texte et le titre (veuillez prendre note des politiques de protection des données)",
-        "pushover_verify": "Vérifier les justificatifs",
+        "pushover_verify": "Vérifier les informations d'identification",
         "quota_mb": "Quota (Mo)",
-        "ratelimit": "Limite de taux",
-        "redirect_uri": "Redirection/rappel URL",
+        "ratelimit": "Limite d'envoi",
+        "redirect_uri": "URL de redirection/callback",
         "relay_all": "Relayer tous les destinataires",
-        "relay_all_info": "↪ Si vous <b>ne choissisez pas</b> de relayer tous les destinataires, vous devrez ajouter une boîte (\"aveugle\") pour chaque destinataire qui devrait être relayé.",
+        "relay_all_info": "↪ Si vous <b>ne choisissez pas</b> de relayer tous les destinataires, vous devrez ajouter une boîte (\"aveugle\") pour chaque destinataire qui devrait être relayé.",
         "relay_domain": "Relayer ce domaine",
         "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Info</div> Vous pouvez définir des cartes de transport vers une destination personnalisée pour ce domaine. Si elle n’est pas configurée, une recherche MX sera effectuée.",
-        "relay_unknown_only": "Relais des boîtes non existantes seulement. Les boîtes existantes seront livrées localement..",
+        "relay_unknown_only": "Relais des boîtes non existantes seulement. Les boîtes existantes seront livrées localement.",
         "relayhost": "Transports dépendant de l’expéditeur",
         "remove": "Enlever",
         "resource": "Ressource",
@@ -601,9 +617,32 @@
         "title": "Éditer l'objet",
         "unchanged_if_empty": "Si non modifié, laisser en blanc",
         "username": "Nom d'utilisateur",
-        "validate_save": "Valider et sauver",
+        "validate_save": "Valider et enregistrer",
         "lookup_mx": "La destination est une expression régulière qui doit correspondre avec le nom du MX (<code>.*\\.google\\.com</code> pour acheminer tout le courrier destiné à un MX se terminant par google.com via ce saut)",
-        "mailbox_relayhost_info": "S'applique uniquement à la boîte aux lettres et aux alias directs, remplace le relayhost du domaine."
+        "mailbox_relayhost_info": "S'applique uniquement à la boîte aux lettres et aux alias directs, remplace le relayhost du domaine.",
+        "acl": "ACL (Permission)",
+        "footer_exclude": "Exclure du pied de page",
+        "custom_attributes": "Attributs personnalisés",
+        "domain_footer_info_vars": {
+            "from_addr": "{= from_addr =} - Partie de l'enveloppe relative à l'adresse de provenance",
+            "from_domain": "{= from_domain =} - Partie de l'enveloppe provenant du domaine",
+            "custom": "{= foo =} - Si la boîte aux lettres possède l'attribut personnalisé \"foo\" avec la valeur \"bar\", elle renvoie \"bar\"",
+            "auth_user": "{= auth_user =}    - Nom d'utilisateur authentifié spécifié par un MTA",
+            "from_user": "{= from_user =}   -La partie utilisateur de l'enveloppe, par exemple, pour \"moo@mailcow.tld\", renvoie \"moo\".",
+            "from_name": "{= from_name =} - À partir du nom de l'enveloppe, par exemple, pour \"Mailcow &lt;moo@mailcow.tld&gt ;\" on obtient \"Mailcow\""
+        },
+        "domain_footer_skip_replies": "Ignorer le pied de page des e-mails de réponse",
+        "domain_footer": "Pied de page du domaine",
+        "domain_footer_html": "Pied de page HTML",
+        "domain_footer_info": "Les pieds de page du domaine sont ajoutés à tous les courriels sortants associés à une adresse au sein de ce domaine. <br> Les variables suivantes peuvent être utilisées pour le pied de page :",
+        "domain_footer_plain": "Pied de page",
+        "app_passwd_protocols": "Protocoles autorisés pour le mot de passe d'application",
+        "created_on": "Créé le",
+        "none_inherit": "Aucun / Héritage",
+        "quota_warning_bcc": "Avertissement sur les quotas BCC",
+        "quota_warning_bcc_info": "Les avertissements seront envoyés en copies séparées aux destinataires suivants. Le sujet sera précédé du nom d'utilisateur correspondant entre parenthèses, par exemple : <code>Avertissement sur les quotas (user@example.com)</code>.",
+        "sogo_access_info": "L'authentification unique à partir de l'interface de messagerie reste opérationnelle. Ce paramètre n'affecte pas l'accès à tous les autres services et ne supprime ni ne modifie le profil SOGo existant d'un utilisateur.",
+        "admin": "Modifier l'administrateur"
     },
     "footer": {
         "cancel": "Annuler",
@@ -614,15 +653,16 @@
         "hibp_ok": "Aucune correspondance trouvée.",
         "loading": "Veuillez patienter…",
         "restart_container": "Redémarrer le conteneur",
-        "restart_container_info": "<b>Important:</b> Un redémarrage en douceur peut prendre un certain temps, veuillez attendre qu’il soit terminé.",
+        "restart_container_info": "<b>Important :</b> Un redémarrage en douceur peut prendre un certain temps, veuillez attendre qu’il soit terminé.",
         "restart_now": "Redémarrer maintenant",
-        "restarting_container": "Redémarrage du conteneur, cela peut prendre un certain temps"
+        "restarting_container": "Redémarrage du conteneur, cela peut prendre un certain temps",
+        "nothing_selected": "Rien n'est sélectionné"
     },
     "header": {
         "administration": "Configuration & détails",
         "apps": "Applications",
         "debug": "Information Système",
-        "email": "E-Mail",
+        "email": "Couriel",
         "mailcow_config": "Configuration",
         "quarantine": "Quarantaine",
         "restart_netfilter": "Redémarrer Netfilter",
@@ -646,7 +686,7 @@
     "mailbox": {
         "action": "Action",
         "activate": "Activer",
-        "active": "Active",
+        "active": "Actif",
         "add": "Ajouter",
         "add_alias": "Ajouter un alias",
         "add_bcc_entry": "Ajouter une carte BCC",
@@ -660,13 +700,13 @@
         "add_tls_policy_map": "Ajouter la carte de la politique des TLS",
         "address_rewriting": "Réécriture de l’adresse",
         "alias": "Alias",
-        "alias_domain_alias_hint": "Les alias <b>ne sont pas</b> appliqués automatiquement sur les alias de domaine. Un alias d'adresse <code>my-alias@domain</code> <b>ne couvre pas</b> l'adresse <code>my-alias@alias-domain</code> (où \"alias-domain\" est un alias imaginaire pour \"domain\").<br>Veuillez utiliser un filtre à tamis pour rediriger le courrier vers une boîte externe (voir l'onglet \"Filtres\" ou utilisez SOGo -> Forwarder).",
+        "alias_domain_alias_hint": "Les alias <b>ne sont pas</b> appliqués automatiquement sur les alias de domaine. Un alias d'adresse <code>my-alias@domain</code> <b>ne couvre pas</b> l'adresse <code>my-alias@alias-domain</code> (où \"alias-domain\" est un alias imaginaire pour \"domain\").<br>Veuillez utiliser un filtre à tamis pour rediriger le courrier vers une boîte externe (voir l'onglet « Filtres » ou utilisez SOGo → Transférer).",
         "alias_domain_backupmx": "Alias de domaine inactif pour le domaine relais",
         "aliases": "Aliases",
         "allow_from_smtp": "Restreindre l'utilisation de <b>SMTP</b> à ces adresses IP",
         "allow_from_smtp_info": "Laissez vide pour autoriser tous les expéditeurs.<br>Adresses IPv4/IPv6 et réseaux.",
         "allowed_protocols": "Protocoles autorisés",
-        "backup_mx": "Sauvegarde MX",
+        "backup_mx": "Domaine de relais",
         "bcc": "BCC",
         "bcc_destination": "Destination BCC",
         "bcc_destinations": "Destinations BCC",
@@ -682,9 +722,9 @@
         "bcc_type": "Type de BCC",
         "booking_null": "Toujours montrer comme libre",
         "booking_0_short": "Toujours libre",
-        "booking_custom": "Limite rigide à un nombre de réservations personnalisé",
-        "booking_custom_short": "Limite rigide",
-        "booking_ltnull": "Illimité, mais afficher aussi occupé lorsque réservé",
+        "booking_custom": "Limitation stricte à un nombre personnalisé de réservations",
+        "booking_custom_short": "Limite stricte",
+        "booking_ltnull": "Illimité, mais indiqué comme occupé lors de la réservation",
         "booking_lt0_short": "Limite souple",
         "daily": "Quotidiennement",
         "deactivate": "Désactiver",
@@ -702,13 +742,13 @@
         "edit": "Éditer",
         "empty": "Pas de résulats",
         "enable_x": "Activer",
-        "excludes": "Exclut",
-        "filter_table": "Table de filtre",
+        "excludes": "Exclus",
+        "filter_table": "Table de filtrage",
         "filters": "Filtres",
         "fname": "Nom complet",
         "force_pw_update": "Forcer la mise à jour du mot de passe à la prochaine ouverture de session",
         "gal": "Carnet d'Adresses Global (GAL)",
-        "hourly": "Horaire",
+        "hourly": "Toutes les heures",
         "in_use": "Utilisé (%)",
         "inactive": "Inactif",
         "insert_preset": "Insérer un exemple de préréglage \"%s\"",
@@ -717,7 +757,7 @@
         "last_modified": "Dernière modification",
         "last_run": "Dernière éxécution",
         "last_run_reset": "Calendrier suivant",
-        "mailbox": "Mailbox",
+        "mailbox": "Boîte aux lettres",
         "mailbox_defquota": "Taille de boîte par défaut",
         "mailbox_quota": "Taille max. d’une boîte",
         "mailboxes": "Boîtes mail",
@@ -736,9 +776,9 @@
         "owner": "Propriétaire",
         "private_comment": "Commentaire privé",
         "public_comment": "Commentaire public",
-        "q_add_header": "Courriers indésirables",
-        "q_all": " quand déplacé dans le dossier spam ou rejeté",
-        "q_reject": "Rejecté",
+        "q_add_header": "lorsqu'il est déplacé dans le dossier Indésirables",
+        "q_all": " quand déplacé dans le dossier indésirables ou rejeté",
+        "q_reject": "en cas de refus",
         "quarantine_notification": "Avis de quarantaine",
         "quarantine_category": "Catégorie de la notification de quarantaine",
         "quick_actions": "Actions",
@@ -755,16 +795,16 @@
         "running": "En fonctionnement",
         "set_postfilter": "Marquer comme postfiltre",
         "set_prefilter": "Marquer comme préfiltre",
-        "sieve_info": "Vous pouvez stocker plusieurs filtres par utilisateur, mais un seul préfiltre et un seul postfiltre peuvent être actifs en même temps.<br>\r\nChaque filtre sera traité dans l’ordre décrit. Ni un script \"rejeter\" ni un \"garder\" n’arrêtera le traitement des autres scripts. Les modifications apportées aux scripts de tamis globaux déclencheront un redémarrage de Dovecot.<br><br>Préfiltre de tamis global → Préfiltre → Scripts utilisateur → Postfiltre → Postfiltre du tamis global",
+        "sieve_info": "Vous pouvez stocker plusieurs filtres par utilisateur, mais un seul préfiltre et un seul postfiltre peuvent être actifs simultanément.<br>\nChaque filtre sera traité dans l’ordre décrit. Ni un script « rejeter » ni un « garder » n’arrêtera le traitement des autres scripts. Les modifications apportées aux scripts de tamis globaux déclencheront un redémarrage de Dovecot.<br><br>Préfiltre de tamis global → Préfiltre → Scripts utilisateur → Postfiltre → Postfiltre du tamis global",
         "sieve_preset_1": "Jeter le courrier avec les types de fichiers dangereux probables",
         "sieve_preset_2": "Toujours marquer l’e-mail d’un expéditeur spécifique comme vu",
-        "sieve_preset_3": "Jeter en silence, arrêter tout traitement supplémentaire du tamis",
-        "sieve_preset_4": "Fichier dans INBOX, éviter le traitement ultérieur par filtres à tamis",
+        "sieve_preset_3": "Jeter en silence, arrêter tout traitement supplémentaire par filtre sieve",
+        "sieve_preset_4": "Fichier dans INBOX, éviter le traitement ultérieur par filtres sieve",
         "sieve_preset_5": "Répondeur auto (vacances)",
         "sieve_preset_6": "Rejeter le courrier avec réponse",
         "sieve_preset_7": "Rediriger et garder/déposer",
-        "sieve_preset_8": "Supprimer le message envoyé à une adresse alias dont fait partie l’expéditeur",
-        "sieve_preset_header": "Voir les exemples de préréglages ci-dessous. Pour plus de détails voir <a href=\"https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)\" target=\"_blank\">Wikipedia</a>.",
+        "sieve_preset_8": "Rediriger les e-mails d'un expéditeur spécifique, les marquer comme lus et les classer dans des sous-dossiers.",
+        "sieve_preset_header": "Voir les exemples de préréglages ci-dessous. Pour plus de détails, voir <a href=\"https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)\" target=\"_blank\">Wikipédia</a>.",
         "sogo_visible": "Alias visible dans SOGo",
         "sogo_visible_n": "Masquer alias dans SOGo",
         "sogo_visible_y": "Afficher alias dans SOGo",
@@ -791,13 +831,21 @@
         "username": "Nom d'utilisateur",
         "waiting": "En attente",
         "weekly": "Hebdomadaire",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "add_alias_expand": "Étendre l'alias aux alias de domaine",
+        "catch_all": "Catch-All",
+        "created_on": "Créé le",
+        "goto_ham": "Apprendre comme <b>ham</b>",
+        "goto_spam": "Apprendre comme <b>pourriel</b>",
+        "last_pw_change": "Dernier changement de mot de passe",
+        "mailbox_templates": "Modèle de boîte mail",
+        "relay_unknown": "Relayer les boîtes mail inconnues"
     },
     "oauth2": {
         "access_denied": "Veuillez vous connecter en tant que propriétaire de la boîte pour accorder l’accès via Oauth2.",
         "authorize_app": "Autoriser l'application",
         "deny": "Refuser",
-        "permit": "Autorise l'application",
+        "permit": "Autoriser l'application",
         "profile": "Profil",
         "profile_desc": "Afficher les informations personnelles : nom d’utilisateur, nom complet, créé, modifié, actif",
         "scope_ask_permission": "Une application demande les permissions suivantes"
@@ -810,7 +858,7 @@
         "confirm_delete": "Confirmer la suppression de cet élément.",
         "danger": "Danger",
         "deliver_inbox": "Envoyer dans la boîte de reception",
-        "disabled_by_config": "La configuration actuelle du système désactive la fonctionnalité de quarantaine. Veuillez définir \"retentions par boîte\" et une \"taille maximum\" pour les éléments en quarantaine.",
+        "disabled_by_config": "La configuration actuelle du système désactive la fonctionnalité de quarantaine. Veuillez définir « retentions par boîte » et une « taille maximale » pour les éléments en quarantaine.",
         "settings_info": "Quantité maximum d'éléments à mettre en quarantaine : %s<br>Taille maximale des e-mails : %s MiB",
         "download_eml": "Télécharger (.eml)",
         "empty": "Pas de résultat",
@@ -824,7 +872,7 @@
         "notified": "Notifié",
         "qhandler_success": "Demande envoyée avec succès au système. Vous pouvez maintenant fermer la fenêtre.",
         "qid": "Rspamd QID",
-        "qinfo": "Le système de quarantaine enregistrera le courrier rejeté dans la base de données (l'expéditeur n'aura <em> pas </em> l'impression d'un courrier remis) ainsi que le courrier, qui est remis sous forme de copie dans le dossier indésirable d'une boîte aux lettres.\r\n  <br>\"Apprendre comme spam et supprimer\" apprendra un message comme spam via le théorème Bayesianet calculera également des hachages flous pour refuser des messages similaires à l'avenir.\r\n  <br>Veuillez noter que l'apprentissage de plusieurs messages peut prendre du temps, selon votre système. <br> Les éléments figurant sur la liste noire sont exclus de la quarantaine.",
+        "qinfo": "Le système de quarantaine enregistrera le courrier rejeté dans la base de données (l'expéditeur n'aura <em> pas </em> l'impression d'un courrier remis) ainsi que le courrier, remis sous forme de copie dans le dossier indésirable d'une boîte aux lettres.\n  <br>« Apprendre comme spam et supprimer » apprendra un message comme spam via le théorème Bayésien calculera également des hachages flous pour refuser des messages similaires à l'avenir.\n  <br>Veuillez noter que l'apprentissage de plusieurs messages peut prendre du temps, selon votre système. <br> Les éléments figurant sur la liste noire sont exclus de la quarantaine.",
         "qitem": "Élément de quarantaine",
         "quarantine": "Quarantaine",
         "quick_actions": "Actions",
@@ -856,26 +904,34 @@
         "toggle_all": "Tout basculer"
     },
     "queue": {
-        "queue_manager": "Gestion de la file d'attente"
+        "queue_manager": "Gestion de la file d'attente",
+        "hold_mail": "Garder",
+        "legend": "Fonctions d'action de la file d'attente du courrier :",
+        "info": "La file d'attente contient tous les courriels en attente de livraison. Si un courriel reste longtemps dans la file d'attente, il est automatiquement supprimé par le système.<br>Le message d'erreur du courriel concerné indique pourquoi le courriel n'a pas pu être distribué.",
+        "deliver_mail_legend": "Tentatives de réexpédition des courriers sélectionnés.",
+        "hold_mail_legend": "Met en attente les courriers sélectionnés. (Empêche les tentatives de distribution ultérieures)",
+        "unban": "file d'attente d'unban",
+        "unhold_mail": "Libérer",
+        "unhold_mail_legend": "Libère les courriers sélectionnés pour la distribution. (Nécessite une mise en attente préalable)"
     },
     "start": {
         "help": "Afficher/masquer le panneau d’aide",
-        "imap_smtp_server_auth_info": "Veuillez utiliser votre adresse e-mail complète et le mécanisme d’authentification PLAIN.<br>\r\nVos données de connexion seront cryptées par le cryptage obligatoire côté serveur.",
-        "mailcow_apps_detail": "Utiliser une application mailcow pour accéder à vos messages, calendrier, contacts et plus.",
-        "mailcow_panel_detail": "<b>Les administrateurs de domaines</b> peuvent créer, modifier or supprimer des boîtes et alias, changer de domaines et lire de plus amples renseignements sur les domaines qui leurs sont attribués.<br>\r\n<b>Les utilisateurs de boîtes</b> sont en mesure de créer des alias limités dans le temps (alias spam), de modifier leurs mots de passe et les paramètres du filtre anti-spam."
+        "imap_smtp_server_auth_info": "Veuillez utiliser votre adresse courriel complète et le mécanisme d’authentification PLAIN.<br>\nVos données de connexion seront cryptées par le cryptage obligatoire côté serveur.",
+        "mailcow_apps_detail": "Utiliser une application mailcow pour accéder à vos messages, vos calendriers, vos contacts et plus.",
+        "mailcow_panel_detail": "<b>Les administrateurs de domaines</b> peuvent créer, modifier, ou supprimer des boîtes et alias, changer de domaines et lire de plus amples renseignements sur les domaines qui leur sont attribués.<br>\n<b>Les utilisateurs de boîtes</b> sont en mesure de créer des alias limités dans le temps (alias spam), de modifier leurs mots de passe et les paramètres du filtre anti-spam."
     },
     "success": {
-        "acl_saved": "ACL (Access Control List) pour l'objet %s sauvé",
-        "admin_added": "Administrateur %s a été ajoutées",
+        "acl_saved": "ACL (Access Control List) pour l'objet %s enregistré",
+        "admin_added": "Administrateur %s a été ajouté",
         "admin_api_modified": "Les modifications apportées à l’API ont été enregistrées",
         "admin_modified": "Les modifications apportées à l’administrateur ont été enregistrées",
         "admin_removed": "Administrateur %s a été effacé",
         "alias_added": "L'adresse alias %s (%d) a été ajoutée",
         "alias_domain_removed": "L'alias de domaine %s a été effacé",
-        "alias_modified": "Le changement de l'adresse alias %s a été sauvegardée",
+        "alias_modified": "Le changement de l'adresse alias %s a été enregistré",
         "alias_removed": "L'alias %s a été effacé",
         "aliasd_added": "Alias de domaine %s ajouté",
-        "aliasd_modified": "Les changements de l'alias de domaine %s ont été sauvegardés",
+        "aliasd_modified": "Les changements de l'alias de domaine %s ont été enregistrés",
         "app_links": "Modifications enregistrées dans les liens d’application",
         "app_passwd_added": "Ajout d’un nouveau mot de passe d’application",
         "app_passwd_removed": "Suppression de l’identifiant du mot de passe de l’application %s",
@@ -887,14 +943,14 @@
         "delete_filters": "Filtres supprimés : %s",
         "deleted_syncjob": "ID du travail de synchronisation supprimé : %s",
         "deleted_syncjobs": "Travail de synchronisation supprimé : %s",
-        "dkim_added": "La clé DKIM %s a été sauvegardée",
-        "dkim_duplicated": "La clé DKIM pour e domaine %s a été copiée vers %s",
+        "dkim_added": "La clé DKIM %s a été enregistrée",
+        "dkim_duplicated": "La clé DKIM pour le domaine %s a été copiée vers %s",
         "dkim_removed": "La clé DKIM %s a été supprimée",
         "domain_added": "Domaine ajouté %s",
         "domain_admin_added": "L'administrateur de domaine %s a été ajouté",
-        "domain_admin_modified": "Les modifications de l'administrateur de domaine %s ont été sauvées",
+        "domain_admin_modified": "Les modifications de l'administrateur de domaine %s ont été enregistrées",
         "domain_admin_removed": "L'administrateur de domaine %s a été supprimé",
-        "domain_modified": "Les modification du domaine %s ont été sauvées",
+        "domain_modified": "Les modifications du domaine %s ont été enregistrées",
         "domain_removed": "Le domaine %s a été supprimé",
         "dovecot_restart_success": "Dovecot a été relancé avec succès",
         "eas_reset": "Les périphériques Activesync pour l’utilisateur %s ont été réinitialisés",
@@ -911,39 +967,46 @@
         "license_modified": "Les modifications apportées à la licence ont été enregistrées",
         "logged_in_as": "Connecté en tant que %s",
         "mailbox_added": "La boîte mail %s a été ajoutée",
-        "mailbox_modified": "Les modifications de la boîte %s ont été sauvées",
+        "mailbox_modified": "Les modifications de la boîte %s ont été enregistrées",
         "mailbox_removed": "La boîte %s a été supprimée",
         "nginx_reloaded": "Nginx a été rechargé",
-        "object_modified": "Les changements de %s ont été sauvés",
+        "object_modified": "Les changements de %s ont été enregistrés",
         "pushover_settings_edited": "Paramètres Pushover réglés avec succès, veuillez vérifier les informations d’identification.",
         "qlearn_spam": "Le message ID %s a été appris comme spam et supprimé",
         "queue_command_success": "Queue de commande terminée avec succès",
         "recipient_map_entry_deleted": "La carte du destinataire ID %s a été effacée",
-        "recipient_map_entry_saved": "L'entrée de la carte du bénéficiaire \"%s\" a été sauvée",
+        "recipient_map_entry_saved": "L'entrée de la carte du bénéficiaire \"%s\" a été enregistrée",
         "relayhost_added": "L'entrée de la carte %s a été ajoutée",
         "relayhost_removed": "L'entrée de la carte %s a été supprimée",
         "reset_main_logo": "Réinitialisation du logo par défaut",
         "resource_added": "La ressource %s a été ajoutée",
         "resource_modified": "Les modifications apportées à la boîte %s ont été enregistrées",
         "resource_removed": "La ressource %s a été supprimée",
-        "rl_saved": "Limite de taux pour l’objet %s enregistrée",
+        "rl_saved": "Limite d'envoi pour l’objet %s enregistrée",
         "rspamd_ui_pw_set": "Mot de passe de l'interface Rspamd sauvegardé avec succès",
         "saved_settings": "Paramètres enregistrés",
         "settings_map_added": "Ajout de l’entrée de la carte des paramètres",
         "settings_map_removed": "Suppression de la carte des paramètres ID %s",
         "sogo_profile_reset": "Le profil SOGo profile pour l'utilisateur %s est remis à zéro",
-        "tls_policy_map_entry_deleted": "La carte de stratégie TLS ID %s a été supprimé",
-        "tls_policy_map_entry_saved": "La carte de stratégie TLS ID \"%s\" a été sauvée",
+        "tls_policy_map_entry_deleted": "La carte de stratégie TLS ID %s a été supprimée",
+        "tls_policy_map_entry_saved": "La carte de stratégie TLS ID \"%s\" a été enregistrée",
         "ui_texts": "Enregistrement des modifications apportées aux textes de l’interface utilisateur",
         "upload_success": "Fichier téléchargé avec succès",
         "verified_totp_login": "Authentification TOTP vérifiée",
         "verified_webauthn_login": "Authentification WebAuthn vérifiée",
         "verified_fido2_login": "Authentification FIDO2 vérifiée",
-        "verified_yotp_login": "Authentification Yubico OTP vérifiée"
+        "verified_yotp_login": "Authentification Yubico OTP vérifiée",
+        "cors_headers_edited": "Les paramètres CORS ont été enregistrés",
+        "domain_footer_modified": "Les modifications apportées au pied de page du domaine %s ont été enregistrées",
+        "f2b_banlist_refreshed": "L'ID de la liste de ban a été actualisé avec succès.",
+        "template_added": "Modèles ajoutés %s",
+        "template_removed": "Le modèle ayant l'ID %s a été supprimé",
+        "domain_add_dkim_available": "A DKIM key did already exist",
+        "ip_check_opt_in_modified": "Le contrôle de l'IP a été enregistré avec succès"
     },
     "tfa": {
-        "api_register": "%s utilise l'API Yubico Cloud. Veuillez obtenir une clé API pour votre clé <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">here</a>",
-        "confirm": "confirmer",
+        "api_register": "%s utilise l'API Yubico Cloud. Veuillez obtenir une clé API pour votre clé <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">ici</a>",
+        "confirm": "Confirmer",
         "confirm_totp_token": "Veuillez confirmer vos modifications en saisissant le jeton généré",
         "delete_tfa": "Désactiver TFA",
         "disable_tfa": "Désactiver TFA jusqu’à la prochaine ouverture de session réussie",
@@ -964,21 +1027,25 @@
         "webauthn": "Authentification WebAuthn",
         "waiting_usb_auth": "<i>En attente d’un périphérique USB…</i><br><br>S’il vous plaît appuyez maintenant sur le bouton de votre périphérique USB WebAuthn.",
         "waiting_usb_register": "<i>En attente d’un périphérique USB…</i><br><br>Veuillez entrer votre mot de passe ci-dessus et confirmer votre inscription WebAuthn en appuyant sur le bouton de votre périphérique USB WebAuthn.",
-        "yubi_otp": "Authentification OTP Yubico"
+        "yubi_otp": "Authentification OTP Yubico",
+        "authenticators": "Authentificateurs",
+        "u2f_deprecated_important": "Veuillez enregistrer votre clé dans le panneau d'administration avec la nouvelle méthode WebAuthn.",
+        "u2f_deprecated": "Il semble que votre clé ait été enregistrée à l'aide de la méthode U2F obsolète. Nous allons désactiver l'authentification à deux facteurs pour vous et supprimer votre clé."
     },
     "fido2": {
         "set_fn": "Définir un nom",
         "fn": "Nom",
-        "rename": "renommer",
+        "rename": "Renommer",
         "confirm": "Confirmer",
-        "register_status": "Etat de l'enregistrement",
+        "register_status": "État de l'enregistrement",
         "known_ids": "Identifiant(s) connu(s)",
         "none": "Désactivé",
         "set_fido2": "Enregistrer un nouvel appareil FIDO2",
         "start_fido2_validation": "Tester la validation FIDO2",
         "fido2_auth": "Se connecter avec FIDO2",
         "fido2_success": "L'appareil est enregistré avec succès",
-        "fido2_validation_failed": "La validation a échoué"
+        "fido2_validation_failed": "La validation a échoué",
+        "set_fido2_touchid": "Enregistrer Touch ID sur Apple M1"
     },
     "user": {
         "action": "Action",
@@ -995,9 +1062,9 @@
         "alias_valid_until": "Valide jusque",
         "aliases_also_send_as": "Aussi autorisé à envoyer en tant qu’utilisateur",
         "aliases_send_as_all": "Ne pas vérifier l’accès de l’expéditeur pour les domaines suivants et leurs alias",
-        "app_hint": "Les mots de passe d’application sont des mots de passe alternatifs pour votre connexion IMAP, SMTP, Caldav, Carddav et EAS. Le nom d’utilisateur reste inchangé.<br>SOGo n'est pas disponible au travers de mots de passe.",
+        "app_hint": "Les mots de passe d’application sont des mots de passe alternatifs pour votre connexion IMAP, SMTP, Caldav, Carddav et EAS. Le nom d’utilisateur reste inchangé.<br>SOGo n'est pas disponible au travers des mots de passe d'application.",
         "app_name": "Nom d'application",
-        "app_passwds": "Mots de passe de l'application",
+        "app_passwds": "Mots de passe d'applications",
         "apple_connection_profile": "Profil de connexion Apple",
         "apple_connection_profile_complete": "Ce profil de connexion inclut les paramètres IMAP et SMTP ainsi que les chemins Caldav (calendriers) et Carddav (contacts) pour un appareil Apple.",
         "apple_connection_profile_mailonly": "Ce profil de connexion inclut les paramètres de configuration IMAP et SMTP pour un périphérique Apple.",
@@ -1010,14 +1077,14 @@
         "delete_ays": "Veuillez confirmer le processus de suppression.",
         "direct_aliases": "Adresses alias directes",
         "direct_aliases_desc": "Les adresses d’alias directes sont affectées par le filtre anti-spam et les paramètres de politique TLS.",
-        "eas_reset": "Réinitialiser le cache de l’appareil Activesync",
-        "eas_reset_help": "Dans de nombreux cas, une réinitialisation du cache de l’appareil aidera à récupérer un profil Activesync cassé.<br><b>Attention :</b> Tous les éléments seront à nouveau téléchargés !",
+        "eas_reset": "Réinitialiser le cache de l’appareil ActiveSync",
+        "eas_reset_help": "Dans de nombreux cas, une réinitialisation du cache de l’appareil aidera à récupérer un profil ActiveSync cassé.<br><b>Attention :</b> Tous les éléments seront de nouveau téléchargés !",
         "eas_reset_now": "Réinitialiser maintenant",
         "edit": "Éditer",
         "email": "E-mail",
         "email_and_dav": "E-mail, calendriers et contacts",
-        "encryption": "Cryptage",
-        "excludes": "Exclut",
+        "encryption": "Chiffrement",
+        "excludes": "Exclus",
         "expire_in": "Expire dans",
         "force_pw_update": "Vous <b>devez</b> définir un nouveau mot de passe pour pouvoir accéder aux services liés aux logiciels de groupe.",
         "generate": "générer",
@@ -1030,7 +1097,7 @@
         "last_mail_login": "Dernière connexion mail",
         "last_run": "Dernière exécution",
         "loading": "Chargement…",
-        "mailbox_details": "Détails de la boîte",
+        "mailbox_details": "Détails",
         "messages": "messages",
         "never": "jamais",
         "new_password": "Nouveau mot de passe",
@@ -1044,27 +1111,27 @@
         "pushover_evaluate_x_prio": "Acheminement du courrier hautement prioritaire [<code>X-Priority: 1</code>]",
         "pushover_info": "Les paramètres de notification push s’appliqueront à tout le courrier propre (non spam) livré à <b>%s</b> y compris les alias (partagés, non partagés, étiquetés).",
         "pushover_only_x_prio": "Ne tenir compte que du courrier hautement prioritaire [<code>X-Priority: 1</code>]",
-        "pushover_sender_array": "Tenez compte des adresses courriel suivantes de l’expéditeur : <small>(comma-separated)</small>",
+        "pushover_sender_array": "Tenir compte des adresses courriel suivantes de l’expéditeur : <small>(comma-separated)</small>",
         "pushover_sender_regex": "Apparier les expéditeurs par le regex suivant",
         "pushover_text": "Texte de notification",
         "pushover_title": "Titre de la notification",
-        "pushover_vars": "Lorsqu’aucun filtre d’expéditeur n’est défini, tous les messages seront considérés.<br>Les filtres Regex ainsi que les vérifications exactes de l’expéditeur peuvent être définis individuellement et seront considérés de façon séquentielle. Ils ne dépendent pas les uns des autres.<br>Variables utilisables pour le texte et le titre (veuillez prendre note des politiques de protection des données)",
-        "pushover_verify": "Vérifier les justificatifs",
+        "pushover_vars": "Lorsque aucun filtre d’expéditeur n’est défini, tous les messages seront considérés.<br>Les filtres Regex ainsi que les vérifications exactes de l’expéditeur peuvent être définis individuellement et seront considérés de façon séquentielle. Ils ne dépendent pas les uns des autres.<br>Variables utilisables pour le texte et le titre (veuillez prendre note des politiques de protection des données)",
+        "pushover_verify": "Vérifier les identifiants",
         "q_add_header": "Courrier indésirable",
         "q_all": "Toutes les catégories",
         "q_reject": "Rejeté",
         "quarantine_notification": "Avis de quarantaine",
         "quarantine_category": "Catégorie de la notification de quarantaine",
-        "quarantine_notification_info": "Une fois qu’un avis a été envoyé, les articles seront marqués comme \"notified\" et aucune autre notification ne sera envoyée pour ce point particulier.",
-        "quarantine_category_info": "La catégorie de notification \"Rejeté\" inclut le courrier qui a été rejeté, tandis que \"Dossier indésirable\" informera un utilisateur des e-mails qui ont été placés dans le dossier indésirable.",
+        "quarantine_notification_info": "Une fois qu’un avis a été envoyé, les articles seront marqués comme « notifiés » et aucune autre notification ne sera envoyée pour ce point particulier.",
+        "quarantine_category_info": "La catégorie de notification « Rejeté » inclut le courrier rejeté, tandis que « Dossier indésirable » informera un utilisateur des courriels placés dans le dossier indésirable.",
         "remove": "Enlever",
-        "running": "En fonction",
-        "save": "Sauvegarder les changements",
-        "save_changes": "Sauvegarder les changements",
+        "running": "En fonctionnement",
+        "save": "Enregistrer les changements",
+        "save_changes": "Enregistrer les changements",
         "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">Le contrôle de l’expéditeur est désactivé</span>",
         "shared_aliases": "Adresses alias partagées",
         "shared_aliases_desc": "Les alias partagés ne sont pas affectés par les paramètres spécifiques à l’utilisateur tels que le filtre anti-spam ou la politique de chiffrement. Les filtres anti-spam correspondants ne peuvent être effectués que par un administrateur en tant que politique de domaine.",
-        "show_sieve_filters": "Afficher le filtre de tamis actif de l’utilisateur",
+        "show_sieve_filters": "Afficher le filtre sieve actif de l’utilisateur",
         "sogo_profile_reset": "Remise à zéro du profil SOGo",
         "sogo_profile_reset_help": "Ceci détruira un profil Sogo des utilisateurs et <b>supprimera toutes les données de contact et de calendrier irrécupérables</b>.",
         "sogo_profile_reset_now": "Remise à zéro du profil maintenant",
@@ -1073,10 +1140,10 @@
         "spamfilter": "Filtre de spam",
         "spamfilter_behavior": "Note",
         "spamfilter_bl": "Liste noire (BlackList)",
-        "spamfilter_bl_desc": "Les adresses de courriel sur la liste noire de <b>always (toujours)</b> peuvent être classées comme des pourriels et rejetées. Des caractères génériques peuvent être utilisés. Un filtre n’est appliqué qu’aux alias directs (alias avec une seule boîte cible), à l’exclusion des alias tous azimuts et d’une boîte elle-même.",
+        "spamfilter_bl_desc": "Les adresses de courriel sur la liste noire de <b>toujours</b> peuvent être classées comme des pourriels et rejetées. Des caractères génériques peuvent être utilisés. Un filtre n’est appliqué qu’aux alias directs (alias avec une seule boîte cible), à l’exclusion des alias tous azimuts et d’une boîte elle-même.",
         "spamfilter_default_score": "Valeurs par défaut",
         "spamfilter_green": "Vert : ce message n'est pas un spam",
-        "spamfilter_hint": "La première valeur indique un \"faible score de spam\", la seconde représente un \"haut score de spam\".",
+        "spamfilter_hint": "La première valeur indique un « faible score de spam », la seconde représente un « haut score de spam ».",
         "spamfilter_red": "Rouge : Ce message est un spam et sera rejeté par le serveur",
         "spamfilter_table_action": "Action",
         "spamfilter_table_add": "Ajouter un élément",
@@ -1085,7 +1152,7 @@
         "spamfilter_table_remove": "supprimer",
         "spamfilter_table_rule": "Règle",
         "spamfilter_wl": "Liste blanche (WhiteList)",
-        "spamfilter_wl_desc": "La liste blanche est programmé pour <b> ne jamais</b> classer comme spam les adresses e-mail qu'elle contient. Des caractères génériques peuvent être utilisés. Un filtre n’est appliqué qu’aux alias directs (alias avec une seule boîte cible), à l’exclusion des alias catch-all et d’une boîte mail.",
+        "spamfilter_wl_desc": "La liste blanche est programmée pour <b> ne jamais</b> classer comme spam les adresses e-mail qu'elle contient. Des caractères génériques peuvent être utilisés. Un filtre n’est appliqué qu’aux alias directs (alias avec une seule boîte cible), à l’exclusion des alias catch-all et d’une boîte mail.",
         "spamfilter_yellow": "Jaune : ce message est peut être un spam, il sera étiqueté comme spam et déplacé vers votre dossier Pourriel",
         "status": "Statut",
         "sync_jobs": "Jobs de synchronisation",
@@ -1100,7 +1167,7 @@
         "tls_enforce_in": "Appliquer le TLS entrant",
         "tls_enforce_out": "Appliquer le TLS sortant",
         "tls_policy": "Politique de chiffrement",
-        "tls_policy_warning": "<strong>Attention:</strong> Si vous décidez d’appliquer le transfert de courrier chiffré, vous risquez de perdre des courriels.<br>Les messages qui ne satisfont pas à la politique seront renvoyés avec une erreur grave par le système de messagerie.<br>Cette option s’applique à votre adresse courriel principale (login name), toutes les adresses dérivées de domaines alias ainsi que les adresses alias <b>avec cette seule boîte</b> comme cible.",
+        "tls_policy_warning": "<strong>Attention :</strong> Si vous décidez d’appliquer le transfert de courrier chiffré, vous risquez de perdre des courriels.<br>Les messages qui ne satisfont pas à la politique seront renvoyés avec une erreur grave par le système de messagerie.<br>Cette option s’applique à votre adresse courriel principale (login name), toutes les adresses dérivées de domaines alias ainsi que les adresses alias <b>avec cette seule boîte</b> comme cible.",
         "user_settings": "Paramètres utilisateur",
         "username": "Nom d'utilisateur",
         "verify": "Vérification",
@@ -1111,7 +1178,29 @@
         "months": "mois",
         "year": "année",
         "years": "années",
-        "with_app_password": "avec le mot de passe de l'application"
+        "with_app_password": "avec le mot de passe de l'application",
+        "apple_connection_profile_with_app_password": "Un nouveau mot de passe est généré et ajouté au profil, de sorte qu'aucun mot de passe ne doit être saisi lors de la configuration de votre appareil. Ne partagez pas le fichier car il vous donne un accès complet à votre boîte aux lettres.",
+        "attribute": "Attribut",
+        "direct_protocol_access": "Cet utilisateur de la boîte aux lettres dispose d'un <b>accès externe direct</b> aux protocoles et applications suivants. Votre administrateur contrôle ce paramètre. Il est possible de créer des mots de passe d'application pour accorder l'accès à des protocoles et des applications individuels.<br>Le bouton « Connexion au webmail » permet une connexion unique à SOGo et est toujours disponible.",
+        "open_webmail_sso": "Connexion au webmail",
+        "recent_successful_connections": "Voir les connexions réussies",
+        "syncjob_EXIT_TLS_FAILURE": "Problème de connexion chiffrée",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Problème d'authentification",
+        "syncjob_EXIT_OVERQUOTA": "La boîte aux lettres cible a dépassé le quota",
+        "login_history": "Historique des connexions",
+        "change_password_hint_app_passwords": "Votre compte a %d mots de passe d'application qui ne seront pas modifiés. Pour les gérer, allez dans l'onglet Mots de passe de l'application.",
+        "clear_recent_successful_connections": "Vider l'historique des connexions réussies",
+        "created_on": "Créé le",
+        "last_ui_login": "Dernière connexion sur l'interface",
+        "syncjob_check_log": "Vérifier le journal",
+        "syncjob_last_run_result": "Résultat du dernier lancement",
+        "syncjob_EX_OK": "Succès",
+        "syncjob_EXIT_CONNECTION_FAILURE": "Problème de connexion",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Impossible de se connecter au serveur distant",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Nom d'utilisateur ou mot de passe incorrect",
+        "value": "Valeur",
+        "allowed_protocols": "Protocoles autorisés",
+        "mailbox": "Boîte mail"
     },
     "warning": {
         "cannot_delete_self": "Impossible de supprimer l’utilisateur connecté",
@@ -1120,9 +1209,32 @@
         "fuzzy_learn_error": "Erreur d’apprentissage du hachage flou: %s",
         "hash_not_found": "Hachage non trouvé ou déjà supprimé",
         "ip_invalid": "IP non valide ignorée : %s",
-        "no_active_admin": "Impossible de désactiver le dernier administrateur active",
+        "no_active_admin": "Impossible de désactiver le dernier administrateur actif",
         "quota_exceeded_scope": "Dépassement du quota de domaine : Seules des boîtes illimitées peuvent être créées dans ce domaine.",
         "session_token": "Jeton de formulaire invalide : Jeton différent",
-        "session_ua": "Jeton de formulaire invalide : erreur de validation User-Agent"
+        "session_ua": "Jeton de formulaire invalide : erreur de validation User-Agent",
+        "is_not_primary_alias": "Alias non primaire ignoré %s"
+    },
+    "datatables": {
+        "decimal": ".",
+        "expand_all": "Tout déplier",
+        "thousands": ",",
+        "paginate": {
+            "first": "Premier",
+            "last": "Dernier"
+        },
+        "aria": {
+            "sortAscending": ": activer pour trier les colonnes en ordre croissant",
+            "sortDescending": ": activer pour trier les colonnes en ordre décroissant"
+        },
+        "infoEmpty": "Affichage de 0 à 0 de 0 entrées",
+        "infoFiltered": "(filtré à partir de _MAX_ entrées totales)",
+        "lengthMenu": "Afficher les entrées _MENU_",
+        "loadingRecords": "Chargement…",
+        "processing": "Veuillez patienter…",
+        "collapse_all": "Tout réduire"
+    },
+    "ratelimit": {
+        "disabled": "Désactivé"
     }
 }

From e449cac4649d919f8984a8c0e9905fcd459f351e Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Mon, 8 Apr 2024 17:47:43 +0200
Subject: [PATCH 196/755] Translations update from Weblate (#5835)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Web] Updated lang.fr-fr.json

Co-authored-by: Quiwy <github@quiwy.ninja>

* [Web] Updated lang.sv-se.json

Co-authored-by: André J <aj@nadox.se>

---------

Co-authored-by: Quiwy <github@quiwy.ninja>
Co-authored-by: André J <aj@nadox.se>
---
 data/web/lang/lang.fr-fr.json | 154 +++++++++++++++++-----------------
 data/web/lang/lang.sv-se.json |   2 +-
 2 files changed, 79 insertions(+), 77 deletions(-)

diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index f6b767141..fbefb2f78 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -25,7 +25,7 @@
         "spam_score": "Score SPAM",
         "syncjobs": "Tâches de synchronisation",
         "tls_policy": "Politique TLS",
-        "unlimited_quota": "Quota illimité pour les boites de courriel",
+        "unlimited_quota": "Quota illimité pour les boîtes de réception",
         "domain_desc": "Modifier la description du domaine",
         "domain_relayhost": "Changer le relais pour un domaine",
         "mailbox_relayhost": "Changer le relais d’une boîte de réception"
@@ -52,7 +52,7 @@
         "delete2duplicates": "Supprimer les doubles à destination",
         "description": "Description",
         "destination": "Destination",
-        "disable_login": "Désactiver l'authentification (les e-mails entrants resteront acceptés)",
+        "disable_login": "Désactiver l'authentification (les courriels entrants resteront acceptés)",
         "domain": "domaine",
         "domain_matches_hostname": "Le domaine %s correspond à la machine (hostname)",
         "domain_quota_m": "Quota total du domaine (Mo)",
@@ -68,11 +68,11 @@
         "hostname": "Nom d'hôte",
         "inactive": "Inactif",
         "kind": "Type",
-        "mailbox_quota_def": "Quota boîte mail par défaut",
-        "mailbox_quota_m": "Quota max par boîte (Mo)",
+        "mailbox_quota_def": "Quota boîte de réception par défaut",
+        "mailbox_quota_m": "Quota max par boîte de réception (Mo)",
         "mailbox_username": "Identifiant (partie gauche d'une adresse de courriel)",
         "max_aliases": "Nombre maximal d'alias",
-        "max_mailboxes": "Nombre maximal de boîtes",
+        "max_mailboxes": "Nombre maximal de boîtes de réception",
         "mins_interval": "Période de relève (minutes)",
         "multiple_bookings": "Inscriptions multiples",
         "nexthop": "Suivant",
@@ -84,10 +84,10 @@
         "public_comment": "Commentaire public",
         "quota_mb": "Quota (Mo)",
         "relay_all": "Relayer tous les destinataires",
-        "relay_all_info": "↪ Si vous choissisez <b>de ne pas</b> relayer tous les destinataires, vous devez ajouter une boîte (\"aveugle\") pour chaque destinataire simple qui doit être relayé.",
+        "relay_all_info": "↪ Si vous choissisez <b>de ne pas</b> relayer tous les destinataires, vous devez ajouter une boîte de réception (\"aveugle\") pour chaque destinataire simple qui doit être relayé.",
         "relay_domain": "Relayer ce domaine",
         "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Info</div> Vous pouvez définir des cartes de transport vers une destination personnalisée pour ce domaine. sinon, une recherche MX sera effectuée.",
-        "relay_unknown_only": "Relayer uniquement les boîtes inexistantes. Les boîtes existantes seront livrées localement.",
+        "relay_unknown_only": "Relayer uniquement les boîtes de réception inexistantes. Les boîtes de réception existantes seront livrées localement.",
         "relayhost_wrapped_tls_info": "Veuillez <b>ne pas</b> utiliser des ports TLS wrappés (généralement utilisés sur le port 465).<br>\r\nUtilisez n'importe quel port non encapsulé et lancez STARTTLS. Une politique TLS pour appliquer TLS peut être créée dans \"Cartes de politique TLS\".",
         "select": "Veuillez sélectionner…",
         "select_domain": "Sélectionner d'abord un domaine",
@@ -105,7 +105,7 @@
         "username": "Nom d'utilisateur",
         "validate": "Valider",
         "validation_success": "Validation réussie",
-        "bcc_dest_format": "La destination Cci doit être une seule adresse e-mail valide.<br>Si vous avez besoin d'envoyer une copie à plusieurs adresses, créez un alias et utilisez-le ici.",
+        "bcc_dest_format": "La destination Cci doit être une seule adresse de courriel valide.<br>Si vous avez besoin d'envoyer une copie à plusieurs adresses, créez un alias et utilisez-le ici.",
         "tags": "Etiquettes",
         "app_passwd_protocols": "Protocoles autorisés pour le mot de passe de l'application",
         "dry": "Simuler la synchronisation"
@@ -203,7 +203,7 @@
         "in_use_by": "Utilisé par",
         "inactive": "Inactif",
         "include_exclude": "Inclure/Exclure",
-        "include_exclude_info": "Par défaut - sans sélection - <b>toutes les boîtes</b> sont adressées",
+        "include_exclude_info": "Par défaut - sans sélection - <b>toutes les boîte de réception</b> sont adressées",
         "includes": "Inclure ces destinataires",
         "last_applied": "Dernière application",
         "license_info": "Une licence n’est pas requise, mais contribue au développement.<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL order\">Enregistrer votre GUID ici</a> or <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Support order\">acheter le support pour votre intallation Mailcow.</a>",
@@ -222,7 +222,7 @@
         "no_record": "Aucun enregistrement",
         "oauth2_client_id": "Client ID",
         "oauth2_client_secret": "Secret client",
-        "oauth2_info": "L'implémentation OAuth2 prend en charge le type d'autorisation \"Authorization Code\" et émet des jetons d'actualisation.<br>\nLe serveur émet également automatiquement de nouveaux jetons d'actualisation, après qu'un jeton d'actualisation a été utilisé.<br><br>\n→ La portée par défaut est <i>profile</i>. Seuls les utilisateurs d'une boîte peuvent être authentifiés par rapport à OAuth2. Si le paramètre scope est omis, il revient au <i>profile</i>.<br>\n→ Le paramètre <i>state</i> doit être envoyé par le client dans le cadre de la demande d'autorisation.<br><br>\nChemins d'accès aux requêtes vers l'API OAuth <br>\n<ul>\n  <li>Point de terminaison d'autorisation : <code>/oauth/authorize</code></li>\n  <li>Point de terminaison du jeton : <code>/oauth/token</code></li>\n  <li>Page de ressource : <code>/oauth/profile</code></li>\n</ul>\nLa régénération du secret client ne fera pas expirer les codes d'autorisation existants, mais ils ne pourront pas renouveler leur jeton.<br><br>\nLa révocation des jetons clients entraînera la fin immédiate de toutes les sessions actives. Tous les clients doivent se ré-authentifier.",
+        "oauth2_info": "L'implémentation OAuth2 prend en charge le type d'autorisation \"Authorization Code\" et émet des jetons d'actualisation.<br>\nLe serveur émet également automatiquement de nouveaux jetons d'actualisation, après qu'un jeton d'actualisation a été utilisé.<br><br>\n→ La portée par défaut est <i>profile</i>. Seuls les utilisateurs d'une boîte de réception peuvent être authentifiés par rapport à OAuth2. Si le paramètre scope est omis, il revient au <i>profile</i>.<br>\n→ Le paramètre <i>state</i> doit être envoyé par le client dans le cadre de la demande d'autorisation.<br><br>\nChemins d'accès aux requêtes vers l'API OAuth <br>\n<ul>\n  <li>Point de terminaison d'autorisation : <code>/oauth/authorize</code></li>\n  <li>Point de terminaison du jeton : <code>/oauth/token</code></li>\n  <li>Page de ressource : <code>/oauth/profile</code></li>\n</ul>\nLa régénération du secret client ne fera pas expirer les codes d'autorisation existants, mais ils ne pourront pas renouveler leur jeton.<br><br>\nLa révocation des jetons clients entraînera la fin immédiate de toutes les sessions actives. Tous les clients doivent se ré-authentifier.",
         "oauth2_redirect_uri": "URI de redirection",
         "oauth2_renew_secret": "Générer un nouveau secret client",
         "oauth2_revoke_tokens": "Révoquer tous les jetons",
@@ -238,19 +238,19 @@
         "quarantine_max_size": "Taille maximum en Mo (les éléments plus grands sont mis au rebut):<br><small>0 ne signifie <b>pas</b> illimité.</small>",
         "quarantine_max_score": "Ignorer la notification si le score de spam est au dessus de cette valeur :<br><small>Par défaut : 9999.0</small>",
         "quarantine_notification_html": "Modèle de courriel de notification :<br><small>Laisser vide pour restaurer le modèle par défaut.</small>",
-        "quarantine_notification_sender": "Notification par e-mail de l’expéditeur",
+        "quarantine_notification_sender": "Notification par courriel de l’expéditeur",
         "quarantine_notification_subject": "Objet du courriel de notification",
         "quarantine_redirect": "<b>Rediriger toutes les notifications</b> vers ce destinataire:<br><small>Laisser vide pour désactiver. <b>Courrier non signé et non coché. Doit être livré en interne seulement.</b></small>",
         "quarantine_release_format": "Format des éléments diffusés",
         "quarantine_release_format_att": "En pièce jointe",
         "quarantine_release_format_raw": "Original non modifié",
-        "quarantine_retention_size": "Rétentions par boîte:<br><small>0 indique <b>inactive</b>.</small>",
+        "quarantine_retention_size": "Rétentions par boîte de réception:<br><small>0 indique <b>inactive</b>.</small>",
         "quota_notification_html": "Modèle de courriel de notification :<br><small>Laisser vide pour restaurer le modèle par défaut.</small>",
-        "quota_notification_sender": "Notification par e-mail de l’expéditeur",
+        "quota_notification_sender": "Notification par courriel de l’expéditeur",
         "quota_notification_subject": "Objet du courriel de notification",
         "quota_notifications": "Notifications de quotas",
         "quota_notifications_info": "Les notications de quota sont envoyées aux utilisateurs une fois lors du passage à 80 % et une fois lors du passage à 95 % d’utilisation.",
-        "quota_notifications_vars": "{{percent}} égale le quota actuel de l’utilisateur<br>{{username}} est le nom de la boîte",
+        "quota_notifications_vars": "{{percent}} égale le quota actuel de l’utilisateur<br>{{username}} est le nom de la boîte de réception",
         "r_active": "Restrictions actives",
         "r_inactive": "Restrictions inactives",
         "r_info": "Les éléments grisés/désactivés sur la liste des restrictions actives ne sont pas considérés comme des restrictions valides pour Mailcow et ne peuvent pas être déplacés. Des restrictions inconnues seront établies par ordre d’apparition de toute façon. <br>Vous pouvez ajouter de nouveaux éléments dans le code <code>inc/vars.local.inc.php</code> pour pouvoir les basculer.",
@@ -276,7 +276,7 @@
         "rsettings_insert_preset": "Insérer un exemple de préréglage \"%s\"",
         "rsettings_preset_1": "Désactiver tout sauf DKIM et la limite d'envoi pour les utilisateurs authentifiés",
         "rsettings_preset_2": "Les postmasters veulent du spam",
-        "rsettings_preset_3": "Autoriser uniquement des expéditeurs particuliers pour une boîte (c.-à-d. utilisation comme boîte interne seulement)",
+        "rsettings_preset_3": "Autoriser uniquement des expéditeurs particuliers pour une boîte de réception (c.-à-d. utilisation comme boîte de réception interne seulement)",
         "rspamd_com_settings": "Un nom de paramètre sera généré automatiquement, voir l’exemple de préréglages ci-dessous. Pour plus de détails voir : <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Docs Rspamd</a>",
         "rspamd_global_filters": "Cartes des filtres globaux",
         "rspamd_global_filters_agree": "Je serai prudent !",
@@ -357,9 +357,9 @@
         "app_passwd_id_invalid": "Le mot de passe ID %s de l'application est non valide",
         "bcc_empty": "La destination BCC destination ne peut pas être vide",
         "bcc_exists": "Une carte de transport BCC %s existe pour le type %s",
-        "bcc_must_be_email": "La destination BCC %s n'est pas une adresse e-mail valide",
+        "bcc_must_be_email": "La destination BCC %s n'est pas une adresse de courriel valide",
         "comment_too_long": "Le commentaire est trop long, 160 caractère max sont permis",
-        "defquota_empty": "Le quota par défaut par boîte ne doit pas être 0.",
+        "defquota_empty": "Le quota par défaut par boîte de réception doit pas être 0.",
         "description_invalid": "La description des ressources pour %s est non valide",
         "dkim_domain_or_sel_exists": "Une clé DKIM pour \"%s\" existe et ne sera pas écrasée",
         "dkim_domain_or_sel_invalid": "Domaine ou sélection DKIM non valide : %s",
@@ -394,22 +394,22 @@
         "invalid_recipient_map_old": "Destinataire original spécifié non valide : %s",
         "ip_list_empty": "La liste des adresses IP autorisées ne peut pas être vide",
         "is_alias": "%s est déjà connu comme une adresse alias",
-        "is_alias_or_mailbox": "%s est déjà connu comme un alias, une boîte ou une adresse alias développée à partir d’un domaine alias.",
+        "is_alias_or_mailbox": "%s est déjà connu comme un alias, une boîte de réception ou une adresse alias développée à partir d’un domaine alias.",
         "is_spam_alias": "%s est déjà connu comme une adresse alias temporaire (alias d'adresse spam)",
         "last_key": "La dernière clé ne peut pas être supprimée, veuillez désactiver TFA à la place.",
         "login_failed": "La connexion a échoué",
         "mailbox_defquota_exceeds_mailbox_maxquota": "Le quota par défaut dépasse la limite maximale du quota",
-        "mailbox_invalid": "Le nom de la boîte n'est pas valide",
+        "mailbox_invalid": "Le nom de la boîte de réception n'est pas valide",
         "mailbox_quota_exceeded": "Le quota dépasse la limite du domaine (max. %d Mo)",
         "mailbox_quota_exceeds_domain_quota": "Le quota maximal dépasse la limite du quota de domaine",
         "mailbox_quota_left_exceeded": "Espace libre insuffisant (espace libre : %d Mio)",
-        "mailboxes_in_use": "Le max. des boîtes doit être supérieur ou égal à %d",
+        "mailboxes_in_use": "Le max. des boîtes de réception doit être supérieur ou égal à %d",
         "malformed_username": "Nom d’utilisateur malformé",
         "map_content_empty": "Le contenu de la carte ne peut pas être vide",
         "max_alias_exceeded": "Le nombre max. d'aliases est dépassé",
-        "max_mailbox_exceeded": "Le nombre max. de boîte est dépassé (%d of %d)",
-        "max_quota_in_use": "Le quota de la boîte doit être supérieur ou égal à %d Mo",
-        "maxquota_empty": "Le quota maximum par boîte ne doit pas être de 0.",
+        "max_mailbox_exceeded": "Le nombre max. de boîte de réception est dépassé (%d of %d)",
+        "max_quota_in_use": "Le quota de la boîte de réception doit être supérieur ou égal à %d Mo",
+        "maxquota_empty": "Le quota maximum par boîte de réception ne doit pas être de 0.",
         "mysql_error": "Erreur MySQL : %s",
         "nginx_reload_failed": "Le rechargement de Nginx a échoué : %s",
         "network_host_invalid": "Réseau ou hôte non valide : %s",
@@ -527,7 +527,7 @@
         "app_passwd": "Mot de passe de l'application",
         "automap": "Essayer d’automatiser les dossiers (\"Sent items\", \"Sent\" => \"Sent\" etc.)",
         "backup_mx_options": "Options Backup MX",
-        "bcc_dest_format": "La destination BCC doit être une seule adresse e-mail valide.",
+        "bcc_dest_format": "La destination BCC doit être une seule adresse de courriel valide.",
         "client_id": "ID client",
         "client_secret": "Secret client",
         "comment_info": "Un commentaire privé n’est pas visible pour l’utilisateur, tandis qu’un commentaire public est affiché comme infobulle lorsque vous le placez dans un aperçu des utilisateurs",
@@ -558,14 +558,14 @@
         "inactive": "Inactif",
         "kind": "Type",
         "last_modified": "Dernière modification",
-        "mailbox": "Édition de la boîte mail",
-        "mailbox_quota_def": "Quota par défaut de la boîte",
+        "mailbox": "Édition de la boîte de réception",
+        "mailbox_quota_def": "Quota par défaut de la boîte de réception",
         "max_aliases": "Nombre max. d'alias",
-        "max_mailboxes": "Nombre max. de boîtes possibles",
-        "max_quota": "Quota max. par boîte mail (Mo)",
+        "max_mailboxes": "Nombre max. de boîte de réception possibles",
+        "max_quota": "Quota max. par boîte de réception (Mo)",
         "maxage": "Âge maximal en jours des messages qui seront consultés à distance<br><small>(0 = ignorer la durée)</small>",
         "maxbytespersecond": "Octets max. par seconde <br><small>(0 = pas de limite)</small>",
-        "mbox_rl_info": "Cette limite d'envoi est appliquée au nom de connexion SASL, elle correspond à toute adresse \"from\" utilisée par l’utilisateur connecté. Une limite d'envoi pour les boîtes remplace une limite d'envoi pour l’ensemble du domaine.",
+        "mbox_rl_info": "Cette limite d'envoi est appliquée au nom de connexion SASL, elle correspond à toute adresse \"from\" utilisée par l’utilisateur connecté. Une limite d'envoi pour les boîtes de réception remplace une limite d'envoi pour l’ensemble du domaine.",
         "mins_interval": "Intervalle (min)",
         "multiple_bookings": "Réservations multiples",
         "nexthop": "Saut suivant",
@@ -577,7 +577,7 @@
         "pushover_evaluate_x_prio": "Acheminement du courrier hautement prioritaire [<code>X-Priority: 1</code>]",
         "pushover_info": "Les paramètres de notification push s’appliqueront à tout le courrier propre (non-spam) livré à <b>%s</b> y compris les alias (partagés, non partagés, étiquetés).",
         "pushover_only_x_prio": "Ne tenir compte que du courrier hautement prioritaire [<code>X-Priority: 1</code>]",
-        "pushover_sender_array": "Ne tenir compte que des adresses électroniques suivantes de l’expéditeur : <small>(séparées par des virgules)</small>",
+        "pushover_sender_array": "Ne tenir compte que des adresses de courriel suivantes de l’expéditeur : <small>(séparées par des virgules)</small>",
         "pushover_sender_regex": "Tenir compte de l’expéditeur regex suivant",
         "pushover_text": "Texte de la notification",
         "pushover_title": "Titre de la notification",
@@ -587,10 +587,10 @@
         "ratelimit": "Limite d'envoi",
         "redirect_uri": "URL de redirection/callback",
         "relay_all": "Relayer tous les destinataires",
-        "relay_all_info": "↪ Si vous <b>ne choisissez pas</b> de relayer tous les destinataires, vous devrez ajouter une boîte (\"aveugle\") pour chaque destinataire qui devrait être relayé.",
+        "relay_all_info": "↪ Si vous <b>ne choisissez pas</b> de relayer tous les destinataires, vous devrez ajouter une boîte de réception (\"aveugle\") pour chaque destinataire qui devrait être relayé.",
         "relay_domain": "Relayer ce domaine",
         "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Info</div> Vous pouvez définir des cartes de transport vers une destination personnalisée pour ce domaine. Si elle n’est pas configurée, une recherche MX sera effectuée.",
-        "relay_unknown_only": "Relais des boîtes non existantes seulement. Les boîtes existantes seront livrées localement.",
+        "relay_unknown_only": "Relais des boîtes de réception non existantes seulement. Les boîtes de réception existantes seront livrées localement.",
         "relayhost": "Transports dépendant de l’expéditeur",
         "remove": "Enlever",
         "resource": "Ressource",
@@ -598,12 +598,12 @@
         "scope": "Portée",
         "sender_acl": "Permettre d’envoyer comme",
         "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">Le contrôle de l’expéditeur est désactivé</span>",
-        "sender_acl_info": "Si l’utilisateur de la boîte A est autorisé à envoyer en tant qu’utilisateur de la boîte B, l’adresse de l’expéditeur n’est pas automatiquement affichée comme sélectionnable du champ \"from\" dans SOGo.<br>\r\n  L’utilisateur B de la boîte doit créer une délégation dans Sogo pour permettre à l’utilisateur A de la boîte de sélectionner son adresse comme expéditeur. Pour déléguer une boîte dans Sogo, utilisez le menu (trois points) à droite du nom de votre boîte dans le coin supérieur gauche dans la vue de courrier. Ce comportement ne s’applique pas aux adresses alias.",
+        "sender_acl_info": "Si l’utilisateur de la boîte de réception A est autorisé à envoyer en tant qu’utilisateur de la boîte de réception B, l’adresse de l’expéditeur n’est pas automatiquement affichée comme sélectionnable du champ \"de\" dans SOGo.<br>\n  L’utilisateur B de la boîte de réception doit créer une délégation dans Sogo pour permettre à l’utilisateur A de la boîte de réception de sélectionner son adresse comme expéditeur. Pour déléguer une boîte de réception dans Sogo, utilisez le menu (trois points) à droite du nom de votre boîte dans le coin supérieur gauche dans la vue de courrier. Ce comportement ne s’applique pas aux adresses alias.",
         "sieve_desc": "Description courte",
         "sieve_type": "Type de filtre",
         "skipcrossduplicates": "Ignorer les messages en double dans les dossiers (premier arrivé, premier servi)",
         "sogo_visible": "Alias visible dans SOGo",
-        "sogo_visible_info": "Cette option affecte uniquement les objets qui peuvent être affichés dans SOGo (adresses alias partagées ou non partagées pointant vers au moins une boîte mail locale). Si caché, un alias n’apparaîtra pas comme expéditeur sélectionnable dans SOGo.",
+        "sogo_visible_info": "Cette option affecte uniquement les objets qui peuvent être affichés dans SOGo (adresses alias partagées ou non partagées pointant vers au moins une boîte de réception locale). Si caché, un alias n’apparaîtra pas comme expéditeur sélectionnable dans SOGo.",
         "spam_alias": "Créer ou modifier des adresses alias limitées dans le temps",
         "spam_filter": "Filtre spam",
         "spam_policy": "Ajouter ou supprimer des éléments à la liste blanche/noire",
@@ -619,19 +619,19 @@
         "username": "Nom d'utilisateur",
         "validate_save": "Valider et enregistrer",
         "lookup_mx": "La destination est une expression régulière qui doit correspondre avec le nom du MX (<code>.*\\.google\\.com</code> pour acheminer tout le courrier destiné à un MX se terminant par google.com via ce saut)",
-        "mailbox_relayhost_info": "S'applique uniquement à la boîte aux lettres et aux alias directs, remplace le relayhost du domaine.",
+        "mailbox_relayhost_info": "S'applique uniquement à la boîte de réception et aux alias directs, remplace le relayhost du domaine.",
         "acl": "ACL (Permission)",
         "footer_exclude": "Exclure du pied de page",
         "custom_attributes": "Attributs personnalisés",
         "domain_footer_info_vars": {
             "from_addr": "{= from_addr =} - Partie de l'enveloppe relative à l'adresse de provenance",
             "from_domain": "{= from_domain =} - Partie de l'enveloppe provenant du domaine",
-            "custom": "{= foo =} - Si la boîte aux lettres possède l'attribut personnalisé \"foo\" avec la valeur \"bar\", elle renvoie \"bar\"",
+            "custom": "{= foo =} - Si la boîte de réception possède l'attribut personnalisé \"foo\" avec la valeur \"bar\", elle renvoie \"bar\"",
             "auth_user": "{= auth_user =}    - Nom d'utilisateur authentifié spécifié par un MTA",
             "from_user": "{= from_user =}   -La partie utilisateur de l'enveloppe, par exemple, pour \"moo@mailcow.tld\", renvoie \"moo\".",
             "from_name": "{= from_name =} - À partir du nom de l'enveloppe, par exemple, pour \"Mailcow &lt;moo@mailcow.tld&gt ;\" on obtient \"Mailcow\""
         },
-        "domain_footer_skip_replies": "Ignorer le pied de page des e-mails de réponse",
+        "domain_footer_skip_replies": "Ignorer le pied de page des courriels de réponse",
         "domain_footer": "Pied de page du domaine",
         "domain_footer_html": "Pied de page HTML",
         "domain_footer_info": "Les pieds de page du domaine sont ajoutés à tous les courriels sortants associés à une adresse au sein de ce domaine. <br> Les variables suivantes peuvent être utilisées pour le pied de page :",
@@ -662,7 +662,7 @@
         "administration": "Configuration & détails",
         "apps": "Applications",
         "debug": "Information Système",
-        "email": "Couriel",
+        "email": "Courriel",
         "mailcow_config": "Configuration",
         "quarantine": "Quarantaine",
         "restart_netfilter": "Redémarrer Netfilter",
@@ -678,7 +678,7 @@
         "delayed": "La connexion a été retardée de %s secondes.",
         "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Connexion",
-        "mobileconfig_info": "Veuillez vous connecter en tant qu’utilisateur de la boîte pour télécharger le profil de connexion Apple demandé.",
+        "mobileconfig_info": "Veuillez vous connecter en tant qu’utilisateur de la boîte de réception pour télécharger le profil de connexion Apple demandé.",
         "other_logins": "Clé d'authentification",
         "password": "Mot de passe",
         "username": "Nom d'utilisateur"
@@ -694,13 +694,13 @@
         "add_domain_alias": "Ajouter un alias de domaine",
         "add_domain_record_first": "Veuillez d’abord ajouter un domaine",
         "add_filter": "Ajouter un filtre",
-        "add_mailbox": "Ajouter une boîte",
+        "add_mailbox": "Ajouter une boîte de réception",
         "add_recipient_map_entry": "Ajouter la carte du destinataire",
         "add_resource": "Ajouter une ressource",
         "add_tls_policy_map": "Ajouter la carte de la politique des TLS",
         "address_rewriting": "Réécriture de l’adresse",
         "alias": "Alias",
-        "alias_domain_alias_hint": "Les alias <b>ne sont pas</b> appliqués automatiquement sur les alias de domaine. Un alias d'adresse <code>my-alias@domain</code> <b>ne couvre pas</b> l'adresse <code>my-alias@alias-domain</code> (où \"alias-domain\" est un alias imaginaire pour \"domain\").<br>Veuillez utiliser un filtre à tamis pour rediriger le courrier vers une boîte externe (voir l'onglet « Filtres » ou utilisez SOGo → Transférer).",
+        "alias_domain_alias_hint": "Les alias <b>ne sont pas</b> appliqués automatiquement sur les alias de domaine. Un alias d'adresse <code>my-alias@domain</code> <b>ne couvre pas</b> l'adresse <code>my-alias@alias-domain</code> (où \"alias-domain\" est un alias imaginaire pour \"domain\").<br>Veuillez utiliser un filtre à tamis pour rediriger le courrier vers une boîte de réception externe (voir l'onglet « Filtres » ou utilisez SOGo → Transférer).",
         "alias_domain_backupmx": "Alias de domaine inactif pour le domaine relais",
         "aliases": "Aliases",
         "allow_from_smtp": "Restreindre l'utilisation de <b>SMTP</b> à ces adresses IP",
@@ -740,7 +740,7 @@
         "domain_quota_total": "Quota total du domaine",
         "domains": "Domaines",
         "edit": "Éditer",
-        "empty": "Pas de résulats",
+        "empty": "Pas de résultats",
         "enable_x": "Activer",
         "excludes": "Exclus",
         "filter_table": "Table de filtrage",
@@ -755,17 +755,17 @@
         "kind": "Type",
         "last_mail_login": "Dernière connexion mail",
         "last_modified": "Dernière modification",
-        "last_run": "Dernière éxécution",
+        "last_run": "Dernière exécution",
         "last_run_reset": "Calendrier suivant",
-        "mailbox": "Boîte aux lettres",
-        "mailbox_defquota": "Taille de boîte par défaut",
-        "mailbox_quota": "Taille max. d’une boîte",
-        "mailboxes": "Boîtes mail",
+        "mailbox": "Boîte de réception",
+        "mailbox_defquota": "Taille de boîte de réception par défaut",
+        "mailbox_quota": "Taille max. d’une boîte de réception",
+        "mailboxes": "Boîtes de réception",
         "mailbox_defaults": "Paramètres par défaut",
-        "mailbox_defaults_info": "Définir les paramètres par défaut pour les nouvelles boîtes aux lettres.",
+        "mailbox_defaults_info": "Définir les paramètres par défaut pour les nouvelles boîtes de réception.",
         "max_aliases": "Nombre maximal d'alias",
-        "max_mailboxes": "Nombre maximal de boîtes",
-        "max_quota": "Quota max. par boîte mail",
+        "max_mailboxes": "Nombre maximal de boîte de réception",
+        "max_quota": "Quota max. par boîte de réception",
         "mins_interval": "Intervalle (min)",
         "msg_num": "Message #",
         "multiple_bookings": "Réservations multiples",
@@ -785,9 +785,9 @@
         "recipient_map": "Carte du destinataire",
         "recipient_map_info": "Les cartes des destinataires sont utilisées pour remplacer l’adresse de destination d’un message avant sa livraison.",
         "recipient_map_new": "Nouveau destinataire",
-        "recipient_map_new_info": "La destination de la carte du destinataire doit être une adresse électronique valide.",
+        "recipient_map_new_info": "La destination de la carte du destinataire doit être une adresse de courriel valide.",
         "recipient_map_old": "Destinataire original",
-        "recipient_map_old_info": "Une carte de destination originale doit être une adresse e-mail valide ou un nom de domaine.",
+        "recipient_map_old_info": "Une carte de destination originale doit être une adresse de courriel valide ou un nom de domaine.",
         "recipient_maps": "Cartes des bénéficiaires",
         "relay_all": "Relayer tous les destinataires",
         "remove": "Supprimer",
@@ -797,13 +797,13 @@
         "set_prefilter": "Marquer comme préfiltre",
         "sieve_info": "Vous pouvez stocker plusieurs filtres par utilisateur, mais un seul préfiltre et un seul postfiltre peuvent être actifs simultanément.<br>\nChaque filtre sera traité dans l’ordre décrit. Ni un script « rejeter » ni un « garder » n’arrêtera le traitement des autres scripts. Les modifications apportées aux scripts de tamis globaux déclencheront un redémarrage de Dovecot.<br><br>Préfiltre de tamis global → Préfiltre → Scripts utilisateur → Postfiltre → Postfiltre du tamis global",
         "sieve_preset_1": "Jeter le courrier avec les types de fichiers dangereux probables",
-        "sieve_preset_2": "Toujours marquer l’e-mail d’un expéditeur spécifique comme vu",
+        "sieve_preset_2": "Toujours marquer l'adresse de courriel d’un expéditeur spécifique comme vu",
         "sieve_preset_3": "Jeter en silence, arrêter tout traitement supplémentaire par filtre sieve",
         "sieve_preset_4": "Fichier dans INBOX, éviter le traitement ultérieur par filtres sieve",
         "sieve_preset_5": "Répondeur auto (vacances)",
         "sieve_preset_6": "Rejeter le courrier avec réponse",
         "sieve_preset_7": "Rediriger et garder/déposer",
-        "sieve_preset_8": "Rediriger les e-mails d'un expéditeur spécifique, les marquer comme lus et les classer dans des sous-dossiers.",
+        "sieve_preset_8": "Rediriger les courriels d'un expéditeur spécifique, les marquer comme lus et les classer dans des sous-dossiers.",
         "sieve_preset_header": "Voir les exemples de préréglages ci-dessous. Pour plus de détails, voir <a href=\"https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)\" target=\"_blank\">Wikipédia</a>.",
         "sogo_visible": "Alias visible dans SOGo",
         "sogo_visible_n": "Masquer alias dans SOGo",
@@ -825,7 +825,7 @@
         "tls_map_policy": "Politique",
         "tls_policy_maps": "Cartes des politiques des TLS",
         "tls_policy_maps_info": "Cette carte de politique remplace les règles de transport TLS sortantes indépendamment des paramètres de politique TLS des utilisateurs.<br>\r\n  Veuillez vérifier <a href=\"http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps\" target=\"_blank\">la doc \"smtp_tls_policy_maps\" </a> pour plus d'informations.",
-        "tls_policy_maps_enforced_tls": "Ces politiques remplaceront également le comportement des utilisateurs de boîtes qui appliquent les connexions TLS sortantes. Si aucune politique n’existe ci-dessous, ces utilisateurs appliqueront les valeurs par défaut spécifiées comme <code>smtp_tls_mandatory_protocols</code> et <code>smtp_tls_mandatory_ciphers</code>.",
+        "tls_policy_maps_enforced_tls": "Ces politiques remplaceront également le comportement des utilisateurs de boîtes de réception qui appliquent les connexions TLS sortantes. Si aucune politique n’existe ci-dessous, ces utilisateurs appliqueront les valeurs par défaut spécifiées comme <code>smtp_tls_mandatory_protocols</code> et <code>smtp_tls_mandatory_ciphers</code>.",
         "tls_policy_maps_long": "Contournement de la carte de politique TLS sortante",
         "toggle_all": "Tout basculer",
         "username": "Nom d'utilisateur",
@@ -838,11 +838,13 @@
         "goto_ham": "Apprendre comme <b>ham</b>",
         "goto_spam": "Apprendre comme <b>pourriel</b>",
         "last_pw_change": "Dernier changement de mot de passe",
-        "mailbox_templates": "Modèle de boîte mail",
-        "relay_unknown": "Relayer les boîtes mail inconnues"
+        "mailbox_templates": "Modèle de boîte de réception",
+        "relay_unknown": "Relayer les boîtes de réception inconnues",
+        "all_domains": "Tous les domaines",
+        "syncjob_EXIT_OVERQUOTA": "Quota dépassé de la boîte de réception cible"
     },
     "oauth2": {
-        "access_denied": "Veuillez vous connecter en tant que propriétaire de la boîte pour accorder l’accès via Oauth2.",
+        "access_denied": "Veuillez vous connecter en tant que propriétaire de la boîte de réception pour accorder l’accès via Oauth2.",
         "authorize_app": "Autoriser l'application",
         "deny": "Refuser",
         "permit": "Autoriser l'application",
@@ -859,7 +861,7 @@
         "danger": "Danger",
         "deliver_inbox": "Envoyer dans la boîte de reception",
         "disabled_by_config": "La configuration actuelle du système désactive la fonctionnalité de quarantaine. Veuillez définir « retentions par boîte » et une « taille maximale » pour les éléments en quarantaine.",
-        "settings_info": "Quantité maximum d'éléments à mettre en quarantaine : %s<br>Taille maximale des e-mails : %s MiB",
+        "settings_info": "Quantité maximale d'éléments à mettre en quarantaine : %s<br>Taille maximale des courriels : %s MiB",
         "download_eml": "Télécharger (.eml)",
         "empty": "Pas de résultat",
         "high_danger": "Haut",
@@ -872,7 +874,7 @@
         "notified": "Notifié",
         "qhandler_success": "Demande envoyée avec succès au système. Vous pouvez maintenant fermer la fenêtre.",
         "qid": "Rspamd QID",
-        "qinfo": "Le système de quarantaine enregistrera le courrier rejeté dans la base de données (l'expéditeur n'aura <em> pas </em> l'impression d'un courrier remis) ainsi que le courrier, remis sous forme de copie dans le dossier indésirable d'une boîte aux lettres.\n  <br>« Apprendre comme spam et supprimer » apprendra un message comme spam via le théorème Bayésien calculera également des hachages flous pour refuser des messages similaires à l'avenir.\n  <br>Veuillez noter que l'apprentissage de plusieurs messages peut prendre du temps, selon votre système. <br> Les éléments figurant sur la liste noire sont exclus de la quarantaine.",
+        "qinfo": "Le système de quarantaine enregistrera le courrier rejeté dans la base de données (l'expéditeur n'aura <em> pas </em> l'impression d'un courrier remis) ainsi que le courrier, remis sous forme de copie dans le dossier indésirable d'une boîte de réception.\n  <br>« Apprendre comme spam et supprimer » apprendra un message comme spam via le théorème Bayésien calculera également des hachages flous pour refuser des messages similaires à l'avenir.\n  <br>Veuillez noter que l'apprentissage de plusieurs messages peut prendre du temps, selon votre système. <br> Les éléments figurant sur la liste noire sont exclus de la quarantaine.",
         "qitem": "Élément de quarantaine",
         "quarantine": "Quarantaine",
         "quick_actions": "Actions",
@@ -918,7 +920,7 @@
         "help": "Afficher/masquer le panneau d’aide",
         "imap_smtp_server_auth_info": "Veuillez utiliser votre adresse courriel complète et le mécanisme d’authentification PLAIN.<br>\nVos données de connexion seront cryptées par le cryptage obligatoire côté serveur.",
         "mailcow_apps_detail": "Utiliser une application mailcow pour accéder à vos messages, vos calendriers, vos contacts et plus.",
-        "mailcow_panel_detail": "<b>Les administrateurs de domaines</b> peuvent créer, modifier, ou supprimer des boîtes et alias, changer de domaines et lire de plus amples renseignements sur les domaines qui leur sont attribués.<br>\n<b>Les utilisateurs de boîtes</b> sont en mesure de créer des alias limités dans le temps (alias spam), de modifier leurs mots de passe et les paramètres du filtre anti-spam."
+        "mailcow_panel_detail": "<b>Les administrateurs de domaines</b> peuvent créer, modifier, ou supprimer des boîtes de réception et alias, changer de domaines et lire de plus amples renseignements sur les domaines qui leur sont attribués.<br>\n<b>Les utilisateurs de boîtes de réception</b> sont en mesure de créer des alias limités dans le temps (alias spam), de modifier leurs mots de passe et les paramètres du filtre anti-spam."
     },
     "success": {
         "acl_saved": "ACL (Access Control List) pour l'objet %s enregistré",
@@ -966,9 +968,9 @@
         "learned_ham": "ID %s acquis avec succès comme ham",
         "license_modified": "Les modifications apportées à la licence ont été enregistrées",
         "logged_in_as": "Connecté en tant que %s",
-        "mailbox_added": "La boîte mail %s a été ajoutée",
-        "mailbox_modified": "Les modifications de la boîte %s ont été enregistrées",
-        "mailbox_removed": "La boîte %s a été supprimée",
+        "mailbox_added": "La boîte de réception %s a été ajoutée",
+        "mailbox_modified": "Les modifications de la boîte de réception %s ont été enregistrées",
+        "mailbox_removed": "La boîte de réception %s a été supprimée",
         "nginx_reloaded": "Nginx a été rechargé",
         "object_modified": "Les changements de %s ont été enregistrés",
         "pushover_settings_edited": "Paramètres Pushover réglés avec succès, veuillez vérifier les informations d’identification.",
@@ -980,7 +982,7 @@
         "relayhost_removed": "L'entrée de la carte %s a été supprimée",
         "reset_main_logo": "Réinitialisation du logo par défaut",
         "resource_added": "La ressource %s a été ajoutée",
-        "resource_modified": "Les modifications apportées à la boîte %s ont été enregistrées",
+        "resource_modified": "Les modifications apportées à la boîte de réception %s ont été enregistrées",
         "resource_removed": "La ressource %s a été supprimée",
         "rl_saved": "Limite d'envoi pour l’objet %s enregistrée",
         "rspamd_ui_pw_set": "Mot de passe de l'interface Rspamd sauvegardé avec succès",
@@ -1081,8 +1083,8 @@
         "eas_reset_help": "Dans de nombreux cas, une réinitialisation du cache de l’appareil aidera à récupérer un profil ActiveSync cassé.<br><b>Attention :</b> Tous les éléments seront de nouveau téléchargés !",
         "eas_reset_now": "Réinitialiser maintenant",
         "edit": "Éditer",
-        "email": "E-mail",
-        "email_and_dav": "E-mail, calendriers et contacts",
+        "email": "Courriel",
+        "email_and_dav": "Courriel, calendriers et contacts",
         "encryption": "Chiffrement",
         "excludes": "Exclus",
         "expire_in": "Expire dans",
@@ -1111,7 +1113,7 @@
         "pushover_evaluate_x_prio": "Acheminement du courrier hautement prioritaire [<code>X-Priority: 1</code>]",
         "pushover_info": "Les paramètres de notification push s’appliqueront à tout le courrier propre (non spam) livré à <b>%s</b> y compris les alias (partagés, non partagés, étiquetés).",
         "pushover_only_x_prio": "Ne tenir compte que du courrier hautement prioritaire [<code>X-Priority: 1</code>]",
-        "pushover_sender_array": "Tenir compte des adresses courriel suivantes de l’expéditeur : <small>(comma-separated)</small>",
+        "pushover_sender_array": "Tenir compte des adresses de courriel suivantes de l’expéditeur : <small>(comma-separated)</small>",
         "pushover_sender_regex": "Apparier les expéditeurs par le regex suivant",
         "pushover_text": "Texte de notification",
         "pushover_title": "Titre de la notification",
@@ -1140,7 +1142,7 @@
         "spamfilter": "Filtre de spam",
         "spamfilter_behavior": "Note",
         "spamfilter_bl": "Liste noire (BlackList)",
-        "spamfilter_bl_desc": "Les adresses de courriel sur la liste noire de <b>toujours</b> peuvent être classées comme des pourriels et rejetées. Des caractères génériques peuvent être utilisés. Un filtre n’est appliqué qu’aux alias directs (alias avec une seule boîte cible), à l’exclusion des alias tous azimuts et d’une boîte elle-même.",
+        "spamfilter_bl_desc": "Les adresses de courriel sur la liste noire de <b>toujours</b> peuvent être classées comme des pourriels et rejetées. Des caractères génériques peuvent être utilisés. Un filtre n’est appliqué qu’aux alias directs (alias avec une seule boîte de réception cible), à l’exclusion des alias tous azimuts et d’une boîte de réception elle-même.",
         "spamfilter_default_score": "Valeurs par défaut",
         "spamfilter_green": "Vert : ce message n'est pas un spam",
         "spamfilter_hint": "La première valeur indique un « faible score de spam », la seconde représente un « haut score de spam ».",
@@ -1152,12 +1154,12 @@
         "spamfilter_table_remove": "supprimer",
         "spamfilter_table_rule": "Règle",
         "spamfilter_wl": "Liste blanche (WhiteList)",
-        "spamfilter_wl_desc": "La liste blanche est programmée pour <b> ne jamais</b> classer comme spam les adresses e-mail qu'elle contient. Des caractères génériques peuvent être utilisés. Un filtre n’est appliqué qu’aux alias directs (alias avec une seule boîte cible), à l’exclusion des alias catch-all et d’une boîte mail.",
+        "spamfilter_wl_desc": "La liste blanche est programmée pour <b> ne jamais</b> classer comme spam les adresses de courriel qu'elle contient. Des caractères génériques peuvent être utilisés. Un filtre n’est appliqué qu’aux alias directs (alias avec une seule boîte de réception cible), à l’exclusion des alias catch-all et d’une boîte de réception.",
         "spamfilter_yellow": "Jaune : ce message est peut être un spam, il sera étiqueté comme spam et déplacé vers votre dossier Pourriel",
         "status": "Statut",
         "sync_jobs": "Jobs de synchronisation",
         "tag_handling": "Régler la manipulation du courrier étiqueté",
-        "tag_help_example": "Exemple pour une adresse e-mail étiquetée : me<b>+Facebook</b>@example.org",
+        "tag_help_example": "Exemple pour une adresse de courriel étiquetée : me<b>+Facebook</b>@example.org",
         "tag_help_explain": "Dans un sous-dossier : un nouveau sous-dossier nommé selon l'étiquette sera créé sous INBOX (\"INBOX/Facebook\").<br>\nDans le sujet : le nom des balises sera ajouté au début du sujet de l'e-mail, exemple : \"[Facebook] My News\".",
         "tag_in_none": "Ne rien faire",
         "tag_in_subfolder": "Dans un sous dossier",
@@ -1167,7 +1169,7 @@
         "tls_enforce_in": "Appliquer le TLS entrant",
         "tls_enforce_out": "Appliquer le TLS sortant",
         "tls_policy": "Politique de chiffrement",
-        "tls_policy_warning": "<strong>Attention :</strong> Si vous décidez d’appliquer le transfert de courrier chiffré, vous risquez de perdre des courriels.<br>Les messages qui ne satisfont pas à la politique seront renvoyés avec une erreur grave par le système de messagerie.<br>Cette option s’applique à votre adresse courriel principale (login name), toutes les adresses dérivées de domaines alias ainsi que les adresses alias <b>avec cette seule boîte</b> comme cible.",
+        "tls_policy_warning": "<strong>Attention :</strong> Si vous décidez d’appliquer le transfert de courrier chiffré, vous risquez de perdre des courriels.<br>Les messages qui ne satisfont pas à la politique seront renvoyés avec une erreur grave par le système de messagerie.<br>Cette option s’applique à votre adresse courriel principale (login name), toutes les adresses dérivées de domaines alias ainsi que les adresses alias <b>avec cette seule boîte de réception</b> comme cible.",
         "user_settings": "Paramètres utilisateur",
         "username": "Nom d'utilisateur",
         "verify": "Vérification",
@@ -1179,14 +1181,14 @@
         "year": "année",
         "years": "années",
         "with_app_password": "avec le mot de passe de l'application",
-        "apple_connection_profile_with_app_password": "Un nouveau mot de passe est généré et ajouté au profil, de sorte qu'aucun mot de passe ne doit être saisi lors de la configuration de votre appareil. Ne partagez pas le fichier car il vous donne un accès complet à votre boîte aux lettres.",
+        "apple_connection_profile_with_app_password": "Un nouveau mot de passe est généré et ajouté au profil, de sorte qu'aucun mot de passe ne doit être saisi lors de la configuration de votre appareil. Ne partagez pas le fichier car il vous donne un accès complet à votre boîte de réception.",
         "attribute": "Attribut",
         "direct_protocol_access": "Cet utilisateur de la boîte aux lettres dispose d'un <b>accès externe direct</b> aux protocoles et applications suivants. Votre administrateur contrôle ce paramètre. Il est possible de créer des mots de passe d'application pour accorder l'accès à des protocoles et des applications individuels.<br>Le bouton « Connexion au webmail » permet une connexion unique à SOGo et est toujours disponible.",
         "open_webmail_sso": "Connexion au webmail",
         "recent_successful_connections": "Voir les connexions réussies",
         "syncjob_EXIT_TLS_FAILURE": "Problème de connexion chiffrée",
         "syncjob_EXIT_AUTHENTICATION_FAILURE": "Problème d'authentification",
-        "syncjob_EXIT_OVERQUOTA": "La boîte aux lettres cible a dépassé le quota",
+        "syncjob_EXIT_OVERQUOTA": "La boîte de réception cible a dépassé le quota",
         "login_history": "Historique des connexions",
         "change_password_hint_app_passwords": "Votre compte a %d mots de passe d'application qui ne seront pas modifiés. Pour les gérer, allez dans l'onglet Mots de passe de l'application.",
         "clear_recent_successful_connections": "Vider l'historique des connexions réussies",
@@ -1200,7 +1202,7 @@
         "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Nom d'utilisateur ou mot de passe incorrect",
         "value": "Valeur",
         "allowed_protocols": "Protocoles autorisés",
-        "mailbox": "Boîte mail"
+        "mailbox": "Boîte de réception"
     },
     "warning": {
         "cannot_delete_self": "Impossible de supprimer l’utilisateur connecté",
@@ -1210,7 +1212,7 @@
         "hash_not_found": "Hachage non trouvé ou déjà supprimé",
         "ip_invalid": "IP non valide ignorée : %s",
         "no_active_admin": "Impossible de désactiver le dernier administrateur actif",
-        "quota_exceeded_scope": "Dépassement du quota de domaine : Seules des boîtes illimitées peuvent être créées dans ce domaine.",
+        "quota_exceeded_scope": "Dépassement du quota de domaine : Seules des boîtes de réception illimitées peuvent être créées dans ce domaine.",
         "session_token": "Jeton de formulaire invalide : Jeton différent",
         "session_ua": "Jeton de formulaire invalide : erreur de validation User-Agent",
         "is_not_primary_alias": "Alias non primaire ignoré %s"
diff --git a/data/web/lang/lang.sv-se.json b/data/web/lang/lang.sv-se.json
index a98708192..bbf0d9586 100644
--- a/data/web/lang/lang.sv-se.json
+++ b/data/web/lang/lang.sv-se.json
@@ -60,7 +60,7 @@
         "exclude": "Exkludera objekt (regex-filter)",
         "full_name": "Fullständiga namn",
         "gal": "Global adressbok",
-        "gal_info": "Den global adressboken innehåller alla objekt i en domän och kan inte redigeras av någon användare. Informationen om tillgänglighet i SOGo är endast synlig när den globala adressboken är påslagen.  <b>Starta om SOGo för att tillämpa ändringar.</b>",
+        "gal_info": "Den global adressboken innehåller alla objekt i en domän och kan inte redigeras av någon användare. Informationen om tillgänglighet i SOGo är endast synlig när den globala adressboken är påslagen. <b>Starta om SOGo för att tillämpa ändringar.</b>",
         "generate": "generera",
         "goto_ham": "Markera detta som en <span class=\"text-success\"><b>felaktig spam-registrering</b>, detta kommer förhindra liknande fel i framtiden</span>",
         "goto_null": "Kasta e-postmeddelanande omedelbart",

From 549539bec9884ee0250979c86703d6d911b4d70e Mon Sep 17 00:00:00 2001
From: polido <83615960+7zx@users.noreply.github.com>
Date: Mon, 8 Apr 2024 16:48:41 +0100
Subject: [PATCH 197/755] Update lang.pt-pt.json (#5832)

Co-authored-by: Patrick Schult <75116288+FreddleSpl0it@users.noreply.github.com>
---
 data/web/lang/lang.pt-pt.json | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/data/web/lang/lang.pt-pt.json b/data/web/lang/lang.pt-pt.json
index bfd640fdd..624acd6db 100644
--- a/data/web/lang/lang.pt-pt.json
+++ b/data/web/lang/lang.pt-pt.json
@@ -12,7 +12,7 @@
         "domain_quota_m": "Total de espaço por domínio (MiB):",
         "full_name": "Nome:",
         "mailbox_quota_m": "Máximo espaço por conta (MiB):",
-        "mailbox_username": "Usuário (primeira parte do endereço de email):",
+        "mailbox_username": "Utilizador (primeira parte do endereço de email):",
         "max_aliases": "Máximo de apelidos:",
         "max_mailboxes": "Máximo de contas:",
         "password": "Senha:",
@@ -96,7 +96,7 @@
         "sender_acl_invalid": "Campo Sender ACL é inválido",
         "target_domain_invalid": "O endereço de Domínio Destino é inválido",
         "targetd_not_found": "Domínio de Destino não encontrado",
-        "username_invalid": "Nome de usuário inválido",
+        "username_invalid": "Nome de utilizador inválido",
         "validity_missing": "Você deve definir um período de validade"
     },
     "edit": {
@@ -138,7 +138,7 @@
         "administration": "Administração",
         "email": "E-Mail",
         "mailcow_config": "Configuração",
-        "user_settings": "Configurações do usuário"
+        "user_settings": "Configurações do utilizador"
     },
     "info": {
         "no_action": "Nenhuma ação foi definida"
@@ -147,7 +147,7 @@
         "delayed": "Sua entrada será atrasada por %s segundos.",
         "login": "Entrar",
         "password": "Senha",
-        "username": "Usuário"
+        "username": "Utilizador"
     },
     "mailbox": {
         "action": "Ação",
@@ -186,7 +186,7 @@
         "target_domain": "Domínio Destino",
         "tls_enforce_in": "Forçar TLS na entrada",
         "tls_enforce_out": "Forçar TLS na saída",
-        "username": "Usuário"
+        "username": "Utilizador"
     },
     "quarantine": {
         "action": "Ação",
@@ -199,7 +199,7 @@
         "help": "Mostrar/Ocultar painel de ajuda",
         "imap_smtp_server_auth_info": "Utilize o endereço de email completo com o método de autentucação PLAIN.<br>\r\nOs dados de login serão encryptados pelo servidor.",
         "mailcow_apps_detail": "Use um mailcow app para acessar seus emails, calendário, contatos e outras informações.",
-        "mailcow_panel_detail": "<b>Administradores:</b> podem criar, alterar ou apagar contas e apelidos , alterar domínios e outras informações de seus domínios atribuídos.<br>\r\n\t<b>Usuários:</b> podem criar apelidos por tempo determinado , alterar senha e configuração do nível do filtro de spam."
+        "mailcow_panel_detail": "<b>Administradores:</b> podem criar, alterar ou apagar contas e apelidos , alterar domínios e outras informações de seus domínios atribuídos.<br>\r\n\t<b>utilizadors:</b> podem criar apelidos por tempo determinado , alterar senha e configuração do nível do filtro de spam."
     },
     "success": {
         "admin_modified": "Administrador alterado com sucesso",
@@ -267,7 +267,7 @@
         "tls_enforce_out": "Forçar TLS na saída",
         "tls_policy": "Regras de Encryptação",
         "tls_policy_warning": "<strong>Aviso:</strong> Se você selecionar para forçar o envio encryptado , alguns emails poderão ser rejeitados.<br>Mensages que não satisfizerem as politicas dos outros servidores serão rejeitadas definitivamente.",
-        "user_settings": "Configurações do usuário",
+        "user_settings": "Configurações do utilizador",
         "username": "Administrador",
         "week": "Semana",
         "weeks": "Semanas"

From 3dd4c45fab8816619c75671f3f97d8e09e15fd90 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Wed, 10 Apr 2024 21:55:31 +0200
Subject: [PATCH 198/755] Translations update from Weblate (#5839)

* [Web] Updated lang.hu-hu.json

Co-authored-by: David Csillag <csillag.david.istvan@gmail.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.lv-lv.json

Co-authored-by: Edgars Andersons <Edgars+Mailcow+Weblate@gaitenis.id.lv>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

---------

Co-authored-by: David Csillag <csillag.david.istvan@gmail.com>
Co-authored-by: Edgars Andersons <Edgars+Mailcow+Weblate@gaitenis.id.lv>
---
 data/web/lang/lang.hu-hu.json | 191 +++++++++++++++++++++++++++++++++-
 data/web/lang/lang.lv-lv.json |  34 +++---
 2 files changed, 208 insertions(+), 17 deletions(-)

diff --git a/data/web/lang/lang.hu-hu.json b/data/web/lang/lang.hu-hu.json
index 1c798bd90..e9762ff51 100644
--- a/data/web/lang/lang.hu-hu.json
+++ b/data/web/lang/lang.hu-hu.json
@@ -22,7 +22,114 @@
         "activate_api": "API aktiválása",
         "activate_send": "Küldés gomb aktiválása",
         "add": "Hozzáad",
-        "active": "Aktív"
+        "active": "Aktív",
+        "api_info": "Az API még fejlesztés alatt áll. A dokumentáció megtalálható a <a href=\"/api\">/api</a> alatt",
+        "allowed_methods": "Hozzáférés-Szabályozás-Engedélyezési-Módszerek",
+        "logo_normal_label": "Normál",
+        "logo_dark_label": "Sötét üzemmódhoz invertálva",
+        "f2b_regex_info": "Figyelembe vett naplók: SOGo, Postfix, Dovecot, PHP-FPM.",
+        "f2b_retry_window": "Újrapróbálkozási ablak (s) a maximális próbálkozásokhoz",
+        "f2b_whitelist": "Fehérlistás hálózatok/hostok",
+        "filter_table": "Szűrő táblázat",
+        "forwarding_hosts": "Továbbító hostok",
+        "forwarding_hosts_add_hint": "Megadhat IPv4/IPv6 címeket, hálózatokat CIDR jelölésben, állomásneveket (amelyek IP-címekre lesznek feloldva) vagy tartományneveket (amelyek IP-címekre lesznek feloldva az SPF rekordok vagy ezek hiányában az MX rekordok lekérdezésével).",
+        "from": "A címről",
+        "copy_to_clipboard": "Szöveg másolva a vágólapra!",
+        "f2b_manage_external": "A Fail2Ban külső kezelése",
+        "f2b_manage_external_info": "A Fail2ban továbbra is karbantartja a tiltólistát, de nem állít be aktívan szabályokat a forgalom blokkolására. Használja az alábbi generált tiltólistát a forgalom külső blokkolásához.",
+        "f2b_max_ban_time": "Maximális tiltási idő (s)",
+        "f2b_netban_ipv4": "IPv4 alhálózat mérete, amelyre tilalmat kell alkalmazni (8-32)",
+        "f2b_netban_ipv6": "IPv6 alhálózat mérete, amelyre tilalmat kell alkalmazni (8-128)",
+        "f2b_parameters": "Fail2ban paraméterek",
+        "forwarding_hosts_hint": "A bejövő üzeneteket feltétel nélkül elfogadják az itt felsorolt összes állomásról. Ezeket az állomáshelyeket nem ellenőrzik a DNSBL-ek alapján, és nem vetik alá a szürkelistázásnak. A tőlük érkező spameket a rendszer soha nem utasítja el, de opcionálisan a Junk mappába iktathatja őket. Leggyakrabban olyan levelezőszerverek megadására használjuk, amelyeken olyan szabályt állítottunk be, amely a bejövő e-maileket a mailcow-kiszolgálóra továbbítja.",
+        "guid_and_license": "GUID & Licenc",
+        "help_text": "Súgó szöveg felülírása a bejelentkezési maszk alatt (HTML engedélyezett)",
+        "html": "HTML",
+        "import": "Import",
+        "ip_check": "IP ellenőrzés",
+        "ip_check_disabled": "Az IP-ellenőrzés le van tiltva. Bekapcsolhatja a következő menüpont alatt<br> <strong>Rendszer > Beállítások > Opciók > Személyreszabás</strong>",
+        "is_mx_based": "MX alapú",
+        "last_applied": "Utoljára alkalmazott",
+        "link": "Link",
+        "loading": "Kérjük, várj...",
+        "login_time": "Bejelentkezési idő",
+        "f2b_list_info": "Egy feketelistán szereplő állomás vagy hálózat mindig nagyobb súlyú, mint egy fehérlistás entitás. <b>A lista frissítései néhány másodpercig tartanak.</b>",
+        "f2b_ban_time_increment": "A tiltási idő minden egyes tiltással növekszik",
+        "additional_rows": " - további sorokat adtak hozzá",
+        "admin": "Adminisztrátor",
+        "admin_details": "Rendszergazda adatok szerkesztése",
+        "admin_domains": "Domain hozzárendelések",
+        "f2b_max_attempts": "Max. próbálkozások",
+        "generate": "generálni",
+        "admins": "Adminisztrátorok",
+        "admins_ldap": "LDAP rendszergazdák",
+        "allowed_origins": "Hozzáférés-Szabályozás-Engedélyezési-Származás",
+        "api_allow_from": "API-hozzáférés engedélyezése ezekről az IP/CIDR hálózati jelölésekről",
+        "api_key": "API-kulcs",
+        "api_read_only": "Csak olvasható hozzáférés",
+        "api_read_write": "Olvasás-írás hozzáférés",
+        "api_skip_ip_check": "IP-ellenőrzés kihagyása az API esetében",
+        "cors_settings": "CORS beállítások",
+        "guid": "GUID - egyedi példányazonosító",
+        "dkim_to": "A címre",
+        "dkim_to_title": "Céltartomány(ok) - felülírásra kerül",
+        "domain": "Domain",
+        "domain_admin": "Domain adminisztrátor",
+        "domain_admins": "Domain adminisztrátorok",
+        "domain_s": "Domain(ek)",
+        "duplicate": "Duplikátum",
+        "duplicate_dkim": "Duplikált DKIM bejegyzés",
+        "edit": "Szerkesztés",
+        "empty": "Nincs eredmény",
+        "excludes": "Kizárja ezeket a kedvezményezetteket",
+        "f2b_ban_time": "Tilalmi idő (s)",
+        "f2b_blacklist": "Feketelistás hálózatok/hostok",
+        "f2b_filter": "Regex szűrők",
+        "logo_info": "A képed 40px magasságúra lesz méretezve a felső navigációs sávhoz és max. 250px szélességűre a kezdőlaphoz. A skálázható grafika használata erősen ajánlott.",
+        "dkim_add_key": "ARC/DKIM kulcs hozzáadása",
+        "dkim_domains_selector": "Válogató",
+        "dkim_domains_wo_keys": "A hiányzó kulcsokkal rendelkező tartományok kiválasztása",
+        "dkim_from": "A címről",
+        "dkim_from_title": "Forrás tartomány, ahonnan az adatokat másolni kell",
+        "dkim_key_length": "DKIM kulcs hossza (bit)",
+        "dkim_key_missing": "Kulcs hiányzik",
+        "import_private_key": "Privát kulcs importálása",
+        "in_use_by": "Használja a",
+        "inactive": "Inaktív",
+        "include_exclude": "Beleértve/Kivéve",
+        "include_exclude_info": "Alapértelmezés szerint - kiválasztás nélkül - <b>minden postafiók</b> címzésre kerül.",
+        "includes": "Vegye fel ezeket a címzetteket",
+        "add_row": "Sor hozzáadása",
+        "host": "Host",
+        "active_rspamd_settings_map": "Aktív beállítások térképe",
+        "add_admin": "Adminisztrátor hozzáadása",
+        "add_forwarding_host": "Továbbító állomás hozzáadása",
+        "add_relayhost": "Feladófüggő szállítás hozzáadása",
+        "add_relayhost_hint": "Felhívjuk figyelmed, hogy ha vannak hitelesítési adatok, azok egyszerű szövegként kerülnek tárolásra.",
+        "add_settings_rule": "Beállítási szabály hozzáadása",
+        "add_transport": "Szállítás hozzáadása",
+        "add_transports_hint": "Felhívjuk figyelmed, hogy ha vannak hitelesítési adatok, azok egyszerű szövegként kerülnek tárolásra.",
+        "advanced_settings": "Speciális beállítások",
+        "change_logo": "Logó módosítása",
+        "dkim_key_unused": "Nem használt kulcs",
+        "add_domain_admin": "Tartományi rendszergazda hozzáadása",
+        "dkim_key_valid": "Érvényes kulcs",
+        "dkim_keys": "ARC/DKIM kulcsok",
+        "dkim_overwrite_key": "A meglévő DKIM kulcs felülírása",
+        "dkim_private_key": "Privát kulcs",
+        "app_links": "App linkek",
+        "app_name": "Alkalmazás neve",
+        "arrival_time": "Érkezési idő (szerveridő)",
+        "authed_user": "Azonosított felhasználó",
+        "ays": "Biztos, hogy folytatni akarod?",
+        "ban_list_info": "A tiltott IP-címek listáját lásd alább: <b>hálózat (fennmaradó tiltási idő) - [akciók]</b>.<br />A tiltás feloldására várakozó IP-ket néhány másodpercen belül eltávolítjuk az aktív tiltási listáról.<br />A piros címkék a feketelistán szereplő aktív állandó tiltásokat jelzik.",
+        "configuration": "Konfiguráció",
+        "convert_html_to_text": "HTML átalakítása egyszerű szöveggé",
+        "credentials_transport_warning": "<b>Figyelmeztetés</b>: Egy új közlekedési térképbejegyzés hozzáadása frissíti a hitelesítő adatokat minden olyan bejegyzéshez, amelynek a következő ugrás oszlopa megegyezik.",
+        "customize": "Testreszabás",
+        "destination": "Célállomás",
+        "customer_id": "Ügyfél azonosító",
+        "apps_name": "\"mailcow Apps\" név"
     },
     "edit": {
         "active": "Aktív",
@@ -57,7 +164,7 @@
     "header": {
         "administration": "Beállítások és részletek",
         "apps": "Appok",
-        "debug": "Rendszer információ",
+        "debug": "Információ",
         "email": "E-Mail",
         "mailcow_config": "Beállítások",
         "quarantine": "Karantén",
@@ -399,13 +506,89 @@
         "protocol_access": "Protokoll-hozzáférés módosítása",
         "quarantine_attachments": "Karantén mellékletek",
         "quarantine_category": "Karantén értesítési kategória módosítása",
-        "quarantine_notification": "Karantén értesítések módosítása"
+        "quarantine_notification": "Karantén értesítések módosítása",
+        "eas_reset": "EAS-eszközök alaphelyzetbe állítása",
+        "extend_sender_acl": "Küldő ACL külső címekkel való bővítésének engedélyezése",
+        "mailbox_relayhost": "Relayhost módosítása egy postafiókhoz",
+        "prohibited": "ACL által tiltott",
+        "pushover": "Pushover",
+        "ratelimit": "Mérték határ",
+        "recipient_maps": "Címzett térképek",
+        "smtp_ip_access": "Az SMTP engedélyezett állomásainak módosítása",
+        "sogo_profile_reset": "SOGo profil visszaállítása",
+        "spam_alias": "Ideiglenes álnevek",
+        "spam_policy": "Fekete/Fehér lista",
+        "spam_score": "Spam pontszám",
+        "syncjobs": "Szinkronizálási feladatok",
+        "tls_policy": "TLS szabályzat",
+        "unlimited_quota": "Korlátlan kvóta a postafiókok számára",
+        "sogo_access": "A SOGo-hozzáférés kezelésének lehetővé tétele"
     },
     "diagnostics": {
         "dns_records": "DNS bejegyzések"
     },
     "add": {
         "username": "Felhasználónév",
-        "validation_success": "Sikeres ellenőrzés"
+        "validation_success": "Sikeres ellenőrzés",
+        "mailbox_quota_def": "Alapértelmezett postafiók kvóta",
+        "password_repeat": "Megerősítő jelszó (ismétlés)",
+        "post_domain_add": "A \"sogo-mailcow\" SOGo konténert újra kell indítani egy új tartomány hozzáadása után!<br><br>Kiegészítésképpen a tartományok DNS-konfigurációját is felül kell vizsgálni. A DNS-konfiguráció jóváhagyása után indítsa újra az \"acme-mailcow\"-t, hogy automatikusan generáljon tanúsítványokat az új tartományhoz (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;).<br>Ez a lépés opcionális, és 24 óránként megismétlődik.",
+        "dry": "Szinkronizálás szimulálása",
+        "inactive": "Inaktív",
+        "kind": "Kedves",
+        "mailbox_quota_m": "Maximális kvóta postafiókonként (MiB)",
+        "mailbox_username": "Felhasználónév (az e-mail cím bal oldali része)",
+        "max_aliases": "Max. lehetséges álnevek",
+        "max_mailboxes": "Max. lehetséges postafiókok",
+        "mins_interval": "A lekérdezési időköz (perc)",
+        "password": "Jelszó",
+        "port": "Port",
+        "public_comment": "Nyilvános megjegyzés",
+        "target_domain": "Céltartomány",
+        "timeout1": "Időtúllépés a távoli állomáshoz való csatlakozáskor",
+        "timeout2": "Időtúllépés a helyi állomáshoz való csatlakozáskor",
+        "validate": "Érvényesítsd",
+        "description": "Leírás",
+        "destination": "Célállomás",
+        "disable_login": "Bejelentkezés letiltása (a bejövő leveleket továbbra is elfogadja)",
+        "domain_matches_hostname": "Domain %s megegyezik a hostnévvel",
+        "domain_quota_m": "Teljes tartományi kvóta (MiB)",
+        "enc_method": "Titkosítási módszer",
+        "exclude": "Objektumok kizárása (regex)",
+        "full_name": "Teljes név",
+        "gal": "Globális címlista",
+        "goto_ham": "Tanulj <span class=\"text-success\"><b>sonkaként</b></span>",
+        "goto_null": "Leveleket csendben eldobni",
+        "goto_spam": "Tanuld <span class=\"text-danger\"><b>spamként</b></span>",
+        "syncjob_hint": "Ne feledje, hogy a jelszavakat egyszerű szöveges formában kell elmenteni!",
+        "target_address": "Továbbítási címek",
+        "target_address_info": "<small>Teljes e-mail cím(ek) (vesszővel elválasztva).</small>",
+        "bcc_dest_format": "A BCC-célpontnak egyetlen érvényes e-mail címnek kell lennie.<br>Ha több címre kell másolatot küldenie, hozzon létre egy aliast, és használja azt.",
+        "comment_info": "A privát megjegyzés nem látható a felhasználó számára, míg a nyilvános megjegyzés tooltip-ként jelenik meg, amikor a felhasználó áttekintésében a megjegyzésre mutat.",
+        "custom_params": "Egyéni paraméterek",
+        "gal_info": "A GAL tartalmazza a tartomány összes objektumát, és egyetlen felhasználó sem szerkesztheti. A SOGo-ban a Szabad/Elfoglalt információ hiányzik, ha ki van kapcsolva! <b>Indítsa újra a SOGo-t a változások alkalmazásához.</b>",
+        "hostname": "Házigazda",
+        "backup_mx_options": "Továbbítási opciók",
+        "custom_params_hint": "Megfelelő: --param=xy, Rossz: --param xy",
+        "delete1": "Törlés a forrásból, ha befejeződött",
+        "delete2": "A forráson kívüli üzenetek törlése a célállomáson",
+        "delete2duplicates": "Duplikáltak törlése a célállomáson",
+        "domain": "Domain",
+        "nexthop": "Következő hop",
+        "tags": "Címkék",
+        "app_password": "Alkalmazás jelszó hozzáadása",
+        "private_comment": "Privát megjegyzés",
+        "alias_address_info": "<small>Teljes e-mail cím(ek) vagy @example.com, egy domainhez tartozó összes üzenetet elfogásához (vesszővel elválasztva). <b>csak mailcow tartományok</b>.</small>",
+        "generate": "generál",
+        "activate_filter_warn": "Az összes többi szűrő deaktiválódik, ha az aktív opció be van jelölve.",
+        "active": "Aktív",
+        "add": "Hozzáad",
+        "add_domain_only": "Csak domain hozzáadása",
+        "add_domain_restart": "Domain hozzáadása és a SOGo újraindítása",
+        "alias_address": "Alias cím(ek)",
+        "alias_domain": "Alias domain",
+        "alias_domain_info": "<small>Csak érvényes tartománynevek (vesszővel elválasztva).</small>",
+        "app_name": "Alkalmazás neve",
+        "app_passwd_protocols": "Engedélyezett protokollok az alkalmazás jelszavához"
     }
 }
diff --git a/data/web/lang/lang.lv-lv.json b/data/web/lang/lang.lv-lv.json
index 6ee393c4a..8b0059c6c 100644
--- a/data/web/lang/lang.lv-lv.json
+++ b/data/web/lang/lang.lv-lv.json
@@ -162,7 +162,8 @@
         "last_applied": "Pēdējoreiz pielietots",
         "f2b_regex_info": "Vērā ņemtie žurnāli: SOGO, Postfix, Dovecot, PHP-FPM",
         "sys_mails": "Sistēmas pasts",
-        "ip_check_disabled": "IP pārbaude ir atspējota. To var iespējot<br><strong>Sistēma > Konfigurācija > iespējas > Pielāgot</strong>"
+        "ip_check_disabled": "IP pārbaude ir atspējota. To var iespējot<br><strong>Sistēma > Konfigurācija > iespējas > Pielāgot</strong>",
+        "rspamd_com_settings": "Iestatījuma nosaukums tiks izveidots automātiski. Lūgums zemāk skatīt priekšiestatījumu piemērus. Vairāk informācijas ir <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd dokumentācijā</a>"
     },
     "danger": {
         "access_denied": "Piekļuve liegta, vai nepareizi dati",
@@ -270,7 +271,7 @@
         "sieve_desc": "Īss apraksts",
         "sieve_type": "Filtra tips",
         "skipcrossduplicates": "Izlaist dublētus ziņojumus pa mapēm (pirmais nāk, pirmais kalpo)",
-        "spam_alias": "Izveidot vai mainīt laika ierobežotas alias adreses",
+        "spam_alias": "Izveidot vai mainīt laika ierobežotas aizstājadreses",
         "spam_policy": "Pievienot vai noņemt  vienības   baltajā-/melnajā sarakstā",
         "spam_score": "Iestatīt pielāgotu surogātpastu",
         "subfolder2": "Sinhronizēt galamērķa apakšmapē<br><small>(tukšs = neizmantot apakšmapi)</small>",
@@ -302,7 +303,7 @@
         "restart_now": "Restartēt "
     },
     "header": {
-        "administration": "Administrēšana",
+        "administration": "Konfigurācija un informācija",
         "debug": "Atkļūdošana",
         "email": "E-pasts",
         "mailcow_config": "Konfigurācija",
@@ -325,17 +326,17 @@
         "activate": "Activate",
         "active": "Aktīvs",
         "add": "Pievienot",
-        "add_alias": "Pievienot alias",
+        "add_alias": "Pievienot aizstājvārdu",
         "add_bcc_entry": "Pievienot BCC karti",
         "add_domain": "Pievienot domēnu",
-        "add_domain_alias": "Pievienot domēna alias",
+        "add_domain_alias": "Pievienot domēna aizstājvārdu",
         "add_filter": "Pievienot filtru",
         "add_mailbox": "Pievienot pastkasti",
         "add_recipient_map_entry": "Pievienot saņēmēja karti",
         "add_resource": "Pievienot resursu",
         "address_rewriting": "Adreses pārrakstīšana",
-        "alias": "Alias",
-        "aliases": "Aliases",
+        "alias": "Aizstājvārds",
+        "aliases": "Aizstājvārdi",
         "backup_mx": "Rezerves kopija MX",
         "bcc": "BCC",
         "bcc_destination": "BCC galamērķi/s",
@@ -354,7 +355,7 @@
         "dkim_key_length": "DKIM atslēgas garums (bits)",
         "domain": "Domēns",
         "domain_admins": "Domēna administratori",
-        "domain_aliases": "Domēna aliases",
+        "domain_aliases": "Domēna aizstājvārdi",
         "domain_quota": "Kvota",
         "domain_quota_total": "Kopējais domēna ierobežojums",
         "domains": "Domēns",
@@ -372,7 +373,7 @@
         "last_run_reset": "Ievietot sarakstā kā nākamo",
         "mailbox_quota": "Maks. pastkastes izmērs",
         "mailboxes": "Pastkaste",
-        "max_aliases": "Maks. iespejamās aliases",
+        "max_aliases": "Lielākais aizstājvārdu skaits",
         "max_mailboxes": "Maks. iespējamās pastkastes",
         "max_quota": "Maks. kvota uz pastkasti",
         "mins_interval": "Intervāls (min)",
@@ -393,7 +394,7 @@
         "set_postfilter": "Atzīmēt kā pēcfiltru",
         "set_prefilter": "Atzīmēt kā pimrsfiltru",
         "sieve_info": "Jūs varat saglabāt vairākus filtrus katram lietotājam, bet tikai viens pirmsfiltrs un viens pēcfiltrs var būt aktīvs vienlaicīgi.<br>\r\nKatrs filtrs tiks apstrādāts aprakstītajā kārtībā. Kļūdains vai izdots skripts \"Paturēt;\" pārtrauks turpmāko skriptu apstrādi.<br>\r\n<a href=\"https://github.com/mailcow/mailcow-dockerized/blob/master/data/conf/dovecot/global_sieve_before\" target=\"_blank\">Global sieve prefilter</a> → Pirmsfiltrs → Lietotāja skripts → Pēcfiltrs → <a href=\"https://github.com/mailcow/mailcow-dockerized/blob/master/data/conf/dovecot/global_sieve_after\" target=\"_blank\">Global sieve postfilter</a>",
-        "spam_aliases": "Temp. alias",
+        "spam_aliases": "Pagaidu aizstājvārds",
         "status": "Status",
         "sync_jobs": "Sinhronizācijas darbi",
         "target_address": "Doties uz  adresi",
@@ -411,7 +412,13 @@
         "mailbox": "Pastkaste",
         "sieve_preset_2": "Vienmēr atzīmēt noteikta sūtītāja e-pastu kā izlasītu",
         "open_logs": "Atvērt žurnālus",
-        "sieve_preset_8": "Pārvirzīt noteikta sūtītāja e-pastu, atzīmēt kā izlasītu un ievietot to apakšmapē"
+        "sieve_preset_8": "Pārvirzīt noteikta sūtītāja e-pastu, atzīmēt kā izlasītu un ievietot to apakšmapē",
+        "sogo_visible": "Aizstājvārds ir redzams SOGo",
+        "sogo_visible_n": "Paslēpt aizstājvārdu SOGo",
+        "sogo_visible_y": "Rādīt aizstājvārdu SOGo",
+        "add_alias_expand": "Izvērst aizstājvārdu pār aizstājdomēniem",
+        "alias_domain_alias_hint": "Aizstājvārdi <b>netiek</b> automātiski piemēroti domēnu aizstājvārdiem. Aizstājadrese <code>my-alias@domain</code> <b>nenosedz</b> adresi <code>my-alias@alias-domain</code> (kur \"alias-domain\" ir iedomāts \"domain\" aizstājdomēns).<br>Lūgums izmantot sieta atlasi, lai pārvirzītu pastu uz ārēju pastkasti (skatīt cilti \"Atlasīšana\" vai izmantot SOGo -> Pārsūtītājs). \"Izvērst aizstājvārdu pār aizstājdomēniem\" ir izmantojams, lai automātiski pievienotu trūkstošos aiztājvārdus.",
+        "alias_domain_backupmx": "Aizstājdomēns ir neaktīvs retranslācijas domēnam"
     },
     "quarantine": {
         "action": "Darbības",
@@ -521,7 +528,7 @@
         "aliases_also_send_as": "Atļauts arī sūtīt kā lietotājam",
         "aliases_send_as_all": "Nepārbaudīt sūtītāja peikļuvi domēnam/iem un alias domēniem",
         "change_password": "Nomainīt paroli",
-        "client_configuration": "Parādīt konfigurācijas piemērus dažādām iekārtām",
+        "client_configuration": "Parādīt konfigurācijas norādes e-pasta klientiem un tālruņiem",
         "create_syncjob": "Izveidot jaunu sinhronizācijas darbu",
         "day": "Dienas",
         "direct_aliases": "Tiešas alias adreses",
@@ -588,7 +595,8 @@
         "waiting": "Waiting",
         "week": "Nedēļa",
         "weeks": "Nedēļas",
-        "open_logs": "Atvērt žurnālus"
+        "open_logs": "Atvērt žurnālus",
+        "apple_connection_profile_mailonly": "Šis savienojuma profils iekļauj IMAP un SMTP konfigurācijas parametrus Apple ierīcei."
     },
     "datatables": {
         "paginate": {

From 7cb138d5156346d5878a89bf09a2ee2f0e4e6dd0 Mon Sep 17 00:00:00 2001
From: Mitchell van Bijleveld
 <106330077+mitchellvanbijleveld@users.noreply.github.com>
Date: Thu, 11 Apr 2024 21:36:45 +0200
Subject: [PATCH 199/755] Improve Dutch translation (#5840)

---
 data/web/lang/lang.nl-nl.json | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/data/web/lang/lang.nl-nl.json b/data/web/lang/lang.nl-nl.json
index 46325effc..fdfc91c70 100644
--- a/data/web/lang/lang.nl-nl.json
+++ b/data/web/lang/lang.nl-nl.json
@@ -185,7 +185,7 @@
         "filter_table": "Filtertabel",
         "forwarding_hosts": "Forwarding hosts",
         "forwarding_hosts_add_hint": "Het is mogelijk om IPv4- of IPv6-adressen, netwerken in CIDR-notatie, hostnames (worden omgezet naar IP-adressen) of domeinnamen (worden tevens omgezet naar IP-adressen of, bij gebrek daaraan, MX-records) op te geven.",
-        "forwarding_hosts_hint": "Inkomende berichten worden onvoorwaardelijk geaccepteerd vanaf iedere host hieronder vermeld. Deze hosts worden hierdoor niet gecontroleerd op DNSBLs, en zullen de greylisting omzeilen. Spam wordt daarentegen zoals gebruikelijk in de spamfolder geplaatst. Dit wordt vaak gebruikt om mailservers te specificeren die forwarden naar deze Mailcow-server.",
+        "forwarding_hosts_hint": "Inkomende berichten worden onvoorwaardelijk geaccepteerd vanaf iedere host hieronder vermeld. Deze hosts worden hierdoor niet gecontroleerd op DNSBLs, en zullen de greylisting omzeilen. Spam wordt daarentegen zoals gebruikelijk in de spamfolder geplaatst. Dit wordt vaak gebruikt om mailservers te specificeren die alles doorsturen naar deze Mailcow-server.",
         "from": "Afzender",
         "generate": "genereer",
         "guid": "Identificatienummer - GUID",
@@ -295,7 +295,7 @@
         "to_top": "Naar boven",
         "transport_dest_format": "Voorbeeld: example.org, .example.org, *, mailbox@example.org (meerdere waarden zijn kommagescheiden)",
         "transport_maps": "Transport-maps",
-        "transports_hint": "→ Een transport-map wordt boven een afzendergebonden transport-map verkozen.<br>→ Het uitgaande versleutelingsbeleid van individuele gebruikers wordt genegeerd en kan uitsluitend worden gehandhaafd doormiddel van globaal versleutelingsbeleid.<br>→ De transportservice is altijd \"smtp:\" en zal daarom met TLS proberen te verbinden. Wrapped TLS (SMTPS) wordt niet ondersteund.<br>→ Adressen overeenkomend met \"/localhost$/\" zullen altijd via \"local:\" getransporteerd worden, hierdoor zullen \"*\"-bestemmingen niet van toepassing zijn op deze adressen.<br>→ Om de aanmeldingsgegevens van een (voorbeeld) nexthop \"[host]:25\" te bepalen, zoekt Postfix <b>altijd</b> naar \"nexthop\" voodat er wordt gekeken naar \"[nexthop]:25\". Dit maakt het onmogelijk om \"nexthop\" en \"[nexthop]:25\" tegelijkertijd te gebruiken.",
+        "transports_hint": "→ Een transport-map wordt boven een afzendergebonden transport-map verkozen.<br>→ Het uitgaande versleutelingsbeleid van individuele gebruikers wordt genegeerd en kan uitsluitend worden gehandhaafd door middel van globaal versleutelingsbeleid.<br>→ De transportservice is altijd \"smtp:\" en zal daarom met TLS proberen te verbinden. Wrapped TLS (SMTPS) wordt niet ondersteund.<br>→ Adressen overeenkomend met \"/localhost$/\" zullen altijd via \"local:\" getransporteerd worden, hierdoor zullen \"*\"-bestemmingen niet van toepassing zijn op deze adressen.<br>→ Om de aanmeldingsgegevens van een (voorbeeld) nexthop \"[host]:25\" te bepalen, zoekt Postfix <b>altijd</b> naar \"nexthop\" voodat er wordt gekeken naar \"[nexthop]:25\". Dit maakt het onmogelijk om \"nexthop\" en \"[nexthop]:25\" tegelijkertijd te gebruiken.",
         "ui_footer": "Footer (HTML toegestaan)",
         "ui_header_announcement": "Aankondigingen",
         "ui_header_announcement_active": "Activeer aankondiging",
@@ -473,7 +473,7 @@
         "history_all_servers": "Geschiedenis (alle servers)",
         "in_memory_logs": "Geheugenlogs",
         "jvm_memory_solr": "JVM-geheugengebruik",
-        "log_info": "<p>Mailcows <b>geheugenlogs</b> worden elke minuut afgesneden naar maximaal %d regels (LOG_LINES) om de stabiliteit te garanderen.<br>Geheugenlogs zijn niet bedoeld om bewaard te blijven. Alle applicaties die geheugenlogs schrijven worden ook naar het Docker-proces gelogd.<br>De geheugenlogs kunnen gebruikt worden voor het oplossen van problemen met bepaalde containers.</p><p><b>Externe logs</b> worden verzameld doormiddel van de API van deze applicaties.</p><p><b>Statische logs</b> zijn activiteitenlogs die niet naar het Docker-proces worden gelogd, maar wel bewaard moeten blijven (uitgezonderd API-logs).</p>",
+        "log_info": "<p>Mailcows <b>geheugenlogs</b> worden elke minuut afgesneden naar maximaal %d regels (LOG_LINES) om de stabiliteit te garanderen.<br>Geheugenlogs zijn niet bedoeld om bewaard te blijven. Alle applicaties die geheugenlogs schrijven worden ook naar het Docker-proces gelogd.<br>De geheugenlogs kunnen gebruikt worden voor het oplossen van problemen met bepaalde containers.</p><p><b>Externe logs</b> worden verzameld door middel van de API van deze applicaties.</p><p><b>Statische logs</b> zijn activiteitenlogs die niet naar het Docker-proces worden gelogd, maar wel bewaard moeten blijven (uitgezonderd API-logs).</p>",
         "logs": "Logs",
         "restart_container": "Herstart",
         "solr_dead": "Solr is uitgeschakeld, uitgevallen of nog bezig met opstarten.",
@@ -684,7 +684,7 @@
         "add_tls_policy_map": "Voeg versleutelingsbeleid toe",
         "address_rewriting": "Adresomleidingen",
         "alias": "Alias",
-        "alias_domain_alias_hint": "Aliassen worden <b>niet</b> automatisch toegepast op domeinaliassen. Aliasadres <code>alias@domein</code> dekt het adres <code>alias@alias-domein</code> <b>niet</b> (waarbij \"alias-domein\" een aliasdomein is voor \"domein\").<br>Gebruik een filter om mail te forwarden naar een externe mailbox (zie het tabje \"Filters\" of gebruik SOGo -> Doorsturen).",
+        "alias_domain_alias_hint": "Aliassen worden <b>niet</b> automatisch toegepast op domeinaliassen. Aliasadres <code>alias@domein</code> dekt het adres <code>alias@alias-domein</code> <b>niet</b> (waarbij \"alias-domein\" een aliasdomein is voor \"domein\").<br>Gebruik een filter om mail door te sturen naar een externe mailbox (zie het tabje \"Filters\" of gebruik SOGo -> Doorsturen).",
         "alias_domain_backupmx": "Aliasdomein inactief voor geforward domein",
         "aliases": "Aliassen",
         "allow_from_smtp": "Sta enkel de volgende IP-adressen toe voor <b>SMTP</b>",
@@ -694,7 +694,7 @@
         "bcc": "BCC",
         "bcc_destination": "BCC-bestemming",
         "bcc_destinations": "BCC-bestemmingen",
-        "bcc_info": "BCC-maps worden gebruikt om kopieën van alle berichten naar een ander adres te forwarden.<br>Wees er van bewust dat er geen melding wordt gedaan van een mislukte aflevering.",
+        "bcc_info": "BCC-maps worden gebruikt om kopieën van alle berichten naar een ander adres door te sturen.<br>Wees er van bewust dat er geen melding wordt gedaan van een mislukte aflevering.",
         "bcc_local_dest": "Lokale bestemming",
         "bcc_map": "BCC-map",
         "bcc_map_type": "BCC-type",

From c8ff5387c024e8e5ed108e4985fc43d9821a9675 Mon Sep 17 00:00:00 2001
From: IamSpido <timo_hohmann@t-online.de>
Date: Tue, 16 Apr 2024 14:10:44 +0200
Subject: [PATCH 200/755] remove version from docker-compose.yml

With docker version 25.05 the version 2.1 in docker-compose.yml will be obsolete.
docker-compose.yml: `version` is obsolete
---
 docker-compose.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 3efd6a42b..f08dc87bd 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,4 +1,3 @@
-version: '2.1'
 services:
 
     unbound-mailcow:

From eadf70d809f87147faeece7c7a386f34fa049f23 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 18 Apr 2024 14:23:35 +0200
Subject: [PATCH 201/755] [Web] include prerequisites in autodiscover

---
 data/web/autodiscover.php | 22 +---------------------
 1 file changed, 1 insertion(+), 21 deletions(-)

diff --git a/data/web/autodiscover.php b/data/web/autodiscover.php
index cff10b4c6..28819f567 100644
--- a/data/web/autodiscover.php
+++ b/data/web/autodiscover.php
@@ -1,27 +1,7 @@
 <?php
-require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/vars.inc.php';
-require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.inc.php';
-require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.auth.inc.php';
-$default_autodiscover_config = $autodiscover_config;
-if(file_exists('inc/vars.local.inc.php')) {
-  include_once 'inc/vars.local.inc.php';
-}
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
 $autodiscover_config = array_merge($default_autodiscover_config, $autodiscover_config);
 
-// Redis
-$redis = new Redis();
-try {
-  if (!empty(getenv('REDIS_SLAVEOF_IP'))) {
-    $redis->connect(getenv('REDIS_SLAVEOF_IP'), getenv('REDIS_SLAVEOF_PORT'));
-  }
-  else {
-    $redis->connect('redis-mailcow', 6379);
-  }
-}
-catch (Exception $e) {
-  exit;
-}
-
 error_reporting(0);
 
 $data = trim(file_get_contents("php://input"));

From 95d6eeb37aaa02252d83da869b127a24575b850d Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 19 Apr 2024 20:32:44 +0200
Subject: [PATCH 202/755] [Web] revert include prerequisites in autodiscover -
 include autoload

---
 data/web/autodiscover.php | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/data/web/autodiscover.php b/data/web/autodiscover.php
index 28819f567..323f89e78 100644
--- a/data/web/autodiscover.php
+++ b/data/web/autodiscover.php
@@ -1,7 +1,29 @@
 <?php
-require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/lib/vendor/autoload.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/vars.inc.php';
+if(file_exists('inc/vars.local.inc.php')) {
+  include_once 'inc/vars.local.inc.php';
+}
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.auth.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/sessions.inc.php';
+$default_autodiscover_config = $autodiscover_config;
 $autodiscover_config = array_merge($default_autodiscover_config, $autodiscover_config);
 
+// Redis
+$redis = new Redis();
+try {
+  if (!empty(getenv('REDIS_SLAVEOF_IP'))) {
+    $redis->connect(getenv('REDIS_SLAVEOF_IP'), getenv('REDIS_SLAVEOF_PORT'));
+  }
+  else {
+    $redis->connect('redis-mailcow', 6379);
+  }
+}
+catch (Exception $e) {
+  exit;
+}
+
 error_reporting(0);
 
 $data = trim(file_get_contents("php://input"));
@@ -30,6 +52,10 @@ $opt = [
   PDO::ATTR_EMULATE_PREPARES   => false,
 ];
 $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
+
+// Init Identity Provider
+$iam_provider = identity_provider('init');
+
 $login_user = strtolower(trim($_SERVER['PHP_AUTH_USER']));
 $login_pass = trim(htmlspecialchars_decode($_SERVER['PHP_AUTH_PW']));
 

From 20582b635382ee3564a5845c8fe87c53dc9c155c Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Tue, 30 Apr 2024 18:28:09 +0200
Subject: [PATCH 203/755] [Web] Updated lang.lv-lv.json (#5862)

Co-authored-by: Edgars Andersons <Edgars+Mailcow+Weblate@gaitenis.id.lv>
---
 data/web/lang/lang.lv-lv.json | 46 ++++++++++++++++++-----------------
 1 file changed, 24 insertions(+), 22 deletions(-)

diff --git a/data/web/lang/lang.lv-lv.json b/data/web/lang/lang.lv-lv.json
index 8b0059c6c..a5a763893 100644
--- a/data/web/lang/lang.lv-lv.json
+++ b/data/web/lang/lang.lv-lv.json
@@ -273,7 +273,7 @@
         "skipcrossduplicates": "Izlaist dublētus ziņojumus pa mapēm (pirmais nāk, pirmais kalpo)",
         "spam_alias": "Izveidot vai mainīt laika ierobežotas aizstājadreses",
         "spam_policy": "Pievienot vai noņemt  vienības   baltajā-/melnajā sarakstā",
-        "spam_score": "Iestatīt pielāgotu surogātpastu",
+        "spam_score": "Iestatīt pielāgotu surogātpasta vērtējumu",
         "subfolder2": "Sinhronizēt galamērķa apakšmapē<br><small>(tukšs = neizmantot apakšmapi)</small>",
         "syncjob": "Rediģēt sinhronizācijas darbu",
         "target_address": "Iet uz adresi/ēm <small>(komatu atdalītas)</small>",
@@ -454,16 +454,16 @@
         "help": "Rādīt/Paslēp palīdzības paneli",
         "imap_smtp_server_auth_info": "Lūdzu, izmantojiet pilnu e-pasta adresi un PLAIN autentifikācijas mehānismu.<br>\r\nJūsu pieteikšanās dati tiks šifrēti, izmantojot servera puses obligātu šifrēšanu",
         "mailcow_apps_detail": "Izmantojiet lietotni mailcow, lai piekļūtu savam pastam, kalendāram, kontaktiem un citām lietām.",
-        "mailcow_panel_detail": "<b>Domēna administrators</b> izveidot, mainīt vai dzēst pastkastes un aliases, mainīt domēnus un lasīt papildu informāciju par saviem piešķirtajiem domēniem.<br>\r\n  <b>Pastkastes lietotāji</b> var izveidot ierobežotus laika ierobežojumus (surogātpasta aliases), mainīt paroli un surogātpasta filtru iestatījumus."
+        "mailcow_panel_detail": "<b>Domēna pārvaldītāji</b> izveido, maina vai izdzēš pastkastes un aizstājvārdus, maina domēnus un lasa papildu informāciju par piešķirtajiem domēniem.<br>\n<b>Pastkastes lietotāji</b> var izveidot laikā ierobežotus aizstājvārdus (surogātpasta aizstājvārdus), mainīt savu paroli un surogātpasta atlasīšanas iestatījumus."
     },
     "success": {
         "admin_modified": "Izmaiņas administrātoram ir saglabātas",
-        "alias_added": "Aliasi pievienoti",
-        "alias_domain_removed": "Alias domēns %s tika noņemts",
-        "alias_modified": "Izmaiņas aliasiem %s ir saglabātas",
-        "alias_removed": "Alias %s ir noņemts",
-        "aliasd_added": "Pievients alias domēnam %s",
-        "aliasd_modified": "Izmaiņas aloas domēnam %s ir saglabātas",
+        "alias_added": "Aizstājadrese %s (%d) tika pievienota",
+        "alias_domain_removed": "Aizstājdomēns %s tika noņemts",
+        "alias_modified": "Aizstājadreses izmaiņas %s tika saglabātas",
+        "alias_removed": "Aizstājvārds %s tika noņemts",
+        "aliasd_added": "Pievienots aizstājdomēns %s",
+        "aliasd_modified": "Aizstājdomēna %s izmaiņas tika saglabātas",
         "app_links": "Saglabāt izmaiņas lietotņu saitēm",
         "dkim_added": "DKIM atslēga saglabāta",
         "dkim_removed": "DKIM atslēga %s ir noņemta",
@@ -517,22 +517,22 @@
         "action": "Rīcība",
         "active": "Aktīvs",
         "active_sieve": "Aktīvais filtrs",
-        "alias": "Alias",
-        "alias_create_random": "Ģenerēt nejaušā nosaukuma alias",
-        "alias_extend_all": "Pagarināt alias par 1 stundu",
+        "alias": "Aizstājvārds",
+        "alias_create_random": "Izveidot nejaušu aizstājvārdu",
+        "alias_extend_all": "Pagarināt aizstājvārdus par 1 stundu",
         "alias_full_date": "d.m.Y, H:i:s T",
-        "alias_remove_all": "Noņemt visus alias",
+        "alias_remove_all": "Noņemt visus aizstājvārdus",
         "alias_select_validity": "Derīguma periods",
         "alias_time_left": "Laiks atlicis",
         "alias_valid_until": "Derīgs līdz",
         "aliases_also_send_as": "Atļauts arī sūtīt kā lietotājam",
-        "aliases_send_as_all": "Nepārbaudīt sūtītāja peikļuvi domēnam/iem un alias domēniem",
+        "aliases_send_as_all": "Nepārbaudīt sūtītāja piekļuvi šiem domēniem un to aizstājdomēniem",
         "change_password": "Nomainīt paroli",
         "client_configuration": "Parādīt konfigurācijas norādes e-pasta klientiem un tālruņiem",
         "create_syncjob": "Izveidot jaunu sinhronizācijas darbu",
         "day": "Dienas",
-        "direct_aliases": "Tiešas alias adreses",
-        "direct_aliases_desc": "Tiešie alias tiek ietekmēti no spam filtra un TLS politikas iestatījumiem affected by spam filter and TLS policy settings.",
+        "direct_aliases": "Tiešas aizstājadreses",
+        "direct_aliases_desc": "Tiešās aizstājadreses ir surogātpasta atlasīšanas un TLS nosacījumu iestatījumu ietekmētas.",
         "eas_reset": "Atiestatīt ActiveSync ierīces kešatmiņu",
         "eas_reset_help": "Daudzos gadījumos ierīces kešatmiņas atiestatīšana palīdz atjaunot bojāto ActiveSync profilu.<br><b>Uzmanību:</b> Visi elementi tiks  atkārtoti ielādēti!",
         "eas_reset_now": "Atiestatīt tagad",
@@ -557,14 +557,14 @@
         "remove": "Noņemt",
         "running": "Running",
         "save_changes": "Saglabāt izmaiņas",
-        "shared_aliases": "Koplietotās alias adreses",
-        "shared_aliases_desc": "Koplietotais alias netiek ietekmēts no lietotāju darbībām. Pielāgots spam filtra iestatījums var būt arhivēts no domēna ietvaros uzstādīta noteikuma no administrātora..",
+        "shared_aliases": "Kopīgotās aizstājadreses",
+        "shared_aliases_desc": "Tādi lietotāja iestatījumi kā surogātpasta atlasīšana vai šifrēšanas nosacījumi neietekmē kopīgotos aizstājvārdus. Atbilstošu surogātpasta atlasi var izveidot tikai pārvaldītājs kā domēnu aptverošu nosacījumu.",
         "show_sieve_filters": "Parādīt aktīvā lietotāja Sieve filtru",
-        "spam_aliases": "Pagaidu e-pasta alias",
+        "spam_aliases": "Pagaidu e-pasta aizstājvārdi",
         "spamfilter": "Mēstuļu filtrs",
         "spamfilter_behavior": "Reitings",
         "spamfilter_bl": "Melnais saraksts",
-        "spamfilter_bl_desc": "Melajā sarakstā iekļautās adreses vienmēr tiks uzskatītas par mēstulēm.",
+        "spamfilter_bl_desc": "No melnajā sarakstā iekļautajām e-pasta adresēm saņemtās vēstules <b>vienmēr</b> tiks atzīmētas kā mēstules un noraidītas. Noraidītais pasts <b>netiks</b> ievietots karantīnā. Var izmantot aizstājzīmes. Atlasīšana tiek pielietota tikai tiešiem aizstājvārdiem (aizstājvārdiem ar vienu mērķa pastkasti), izņemot visu tverošos aizstājvārdus un pašu pastkasti.",
         "spamfilter_default_score": "Noklusētās vērtības:",
         "spamfilter_green": "Zaļš: šī nav mēstule",
         "spamfilter_hint": "Pirmā vērtība norāda uz zemu \"Spam vērtējumu\" vērtējumu, otra vērtība par \"Augstu spam vērtējumu\".",
@@ -576,7 +576,7 @@
         "spamfilter_table_remove": "noņemt",
         "spamfilter_table_rule": "Noteikums",
         "spamfilter_wl": "Baltais saraksts",
-        "spamfilter_wl_desc": "Baltajā sarakstā iekļautās adreses nekad netiks klasificētas kā mēstules.",
+        "spamfilter_wl_desc": "No baltā saraksta e-pasta adresēm saņemtās vēstules <b>nekad</b> netiks atzīmētas kā mēstules. Var tikt izmantotas aizstājzīmes. Atlase tiek piemērota tikai tiešiem aizstājvārdiem (aizstājvārdiem ar vienu mērķa pastkasti), izņemot visu tverošos aizstājvārdus un pašu pastkasti.",
         "spamfilter_yellow": "Dzeltens: šī vēstule visticamāk ir spams un tiks pārvietota uz Junk mapi",
         "status": "Status",
         "sync_jobs": "Sinhronizācijas uzdevumi",
@@ -596,7 +596,8 @@
         "week": "Nedēļa",
         "weeks": "Nedēļas",
         "open_logs": "Atvērt žurnālus",
-        "apple_connection_profile_mailonly": "Šis savienojuma profils iekļauj IMAP un SMTP konfigurācijas parametrus Apple ierīcei."
+        "apple_connection_profile_mailonly": "Šis savienojuma profils iekļauj IMAP un SMTP konfigurācijas parametrus Apple ierīcei.",
+        "pushover_info": "Pašpiegādes paziņojumu iestatījumi attieksies uz visu tīro (ne surogātpasta) pastu, kas piegādāts uz <b>%s</b>, ieskaitot aizstājvārdus (kopīgotus, nekopīgotus, ar birkām)."
     },
     "datatables": {
         "paginate": {
@@ -616,6 +617,7 @@
     },
     "warning": {
         "domain_added_sogo_failed": "Domēns pievienots, bet neizdevās pārsāknēt SOGO. Lūgums pārbaudīt servera žurnālus.",
-        "dovecot_restart_failed": "Dovecot neizdevās pārsāknēties. Lūgums pārbaudīt žurnālus."
+        "dovecot_restart_failed": "Dovecot neizdevās pārsāknēties. Lūgums pārbaudīt žurnālus.",
+        "is_not_primary_alias": "Izlaists aizstājvārds %s, kas nav galvenais"
     }
 }

From 47fd1bb8944ff3aa008f55131678c77acd3daadb Mon Sep 17 00:00:00 2001
From: Ramis <83058680+RakhimovRamis@users.noreply.github.com>
Date: Fri, 3 May 2024 17:05:43 +0500
Subject: [PATCH 204/755] Update lang.ru-ru.json (#5865)

Update lang

Co-authored-by: Patrick Schult <75116288+FreddleSpl0it@users.noreply.github.com>
---
 data/web/lang/lang.ru-ru.json | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index 5891b6abe..db52dceda 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -1224,6 +1224,8 @@
         "session_ua": "Неверный токен формы: ошибка проверки User-Agent"
     },
     "datatables": {
+        "collapse_all": "Свернуть все",
+        "expand_all": "Развернуть все",
         "infoPostFix": ""
     }
 }

From e12981a8212a2cbd4ddb10635f66148e94fd3cce Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Tue, 7 May 2024 17:44:37 +0200
Subject: [PATCH 205/755] [Web] Updated lang.zh-cn.json (#5873)

Co-authored-by: Koala Ng <tonghoil@hotmail.com>
---
 data/web/lang/lang.zh-cn.json | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index 41f46d8df..38c51538d 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -336,7 +336,8 @@
         "validate_license_now": "通过证书服务器验证 GUID",
         "verify": "验证",
         "yes": "&#10003;",
-        "options": "选项"
+        "options": "选项",
+        "f2b_max_ban_time": "最长封禁时间（秒）"
     },
     "danger": {
         "access_denied": "访问被拒绝或者表单数据无效",
@@ -487,7 +488,11 @@
         "container_disabled": "容器已被停止或禁用",
         "container_running": "运行中",
         "cores": "核心数",
-        "memory": "内存"
+        "memory": "内存",
+        "error_show_ip": "无法解析公网IP地址",
+        "show_ip": "显示公网IP",
+        "update_available": "有可用更新",
+        "update_failed": "无法检查更新"
     },
     "diagnostics": {
         "cname_from_a": "来自 A/AAAA 记录的值。但只要记录指向正确的资源即可。",
@@ -903,7 +908,7 @@
         "disabled": "禁用",
         "second": "msgs / 秒",
         "minute": "msgs / 分钟",
-        "hour": "msgs / 小说",
+        "hour": "msgs / 小时",
         "day": "msgs / 天"
     },
     "start": {
@@ -1202,7 +1207,8 @@
         "paginate": {
             "first": "第一页",
             "last": "最后一页",
-            "previous": "上一页"
+            "previous": "上一页",
+            "next": "下一页"
         }
     }
 }

From cd83ffbaa219b634c4281401c4fa26b0d7ab7c82 Mon Sep 17 00:00:00 2001
From: Leon Schmidt <leon18058r@gmail.com>
Date: Fri, 10 May 2024 15:09:27 +0200
Subject: [PATCH 206/755] Update debug.twig to include a link to the git
 project URL for the mailcow version tag

---
 data/web/templates/debug.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/templates/debug.twig b/data/web/templates/debug.twig
index 867371177..ddb558d9c 100644
--- a/data/web/templates/debug.twig
+++ b/data/web/templates/debug.twig
@@ -77,7 +77,7 @@
                         <td>Version</td>
                         <td class="text-break">
                           <div class="fw-bolder">
-                            <p ><a href="#" id="mailcow_version">{{ mailcow_info.version_tag }}</a></p>
+                            <p ><a href="{{ mailcow_info.git_project_url }}/releases/tag/{{ mailcow_info.version_tag }}" id="mailcow_version">{{ mailcow_info.version_tag }}</a></p>
                             <p id="mailcow_update"></p>
                           </div>
                         </td>

From 47c08ab8d287816b551ce2a2296fb91c28a71e6f Mon Sep 17 00:00:00 2001
From: Leon Schmidt <leon18058r@gmail.com>
Date: Fri, 10 May 2024 15:17:49 +0200
Subject: [PATCH 207/755] Update debug.twig target="_blank" attribute for the
 mailcow version tag link

---
 data/web/templates/debug.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/templates/debug.twig b/data/web/templates/debug.twig
index ddb558d9c..30a513e9a 100644
--- a/data/web/templates/debug.twig
+++ b/data/web/templates/debug.twig
@@ -77,7 +77,7 @@
                         <td>Version</td>
                         <td class="text-break">
                           <div class="fw-bolder">
-                            <p ><a href="{{ mailcow_info.git_project_url }}/releases/tag/{{ mailcow_info.version_tag }}" id="mailcow_version">{{ mailcow_info.version_tag }}</a></p>
+                            <p ><a href="{{ mailcow_info.git_project_url }}/releases/tag/{{ mailcow_info.version_tag }}" id="mailcow_version" target="_blanked">{{ mailcow_info.version_tag }}</a></p>
                             <p id="mailcow_update"></p>
                           </div>
                         </td>

From c160e1f68ec11d9c5febc813a7e42be1c5937b23 Mon Sep 17 00:00:00 2001
From: Leon <115887796+CallMeLeon167@users.noreply.github.com>
Date: Fri, 10 May 2024 15:57:36 +0200
Subject: [PATCH 208/755] Update debug.twig

---
 data/web/templates/debug.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/templates/debug.twig b/data/web/templates/debug.twig
index 30a513e9a..ff37e6287 100644
--- a/data/web/templates/debug.twig
+++ b/data/web/templates/debug.twig
@@ -77,7 +77,7 @@
                         <td>Version</td>
                         <td class="text-break">
                           <div class="fw-bolder">
-                            <p ><a href="{{ mailcow_info.git_project_url }}/releases/tag/{{ mailcow_info.version_tag }}" id="mailcow_version" target="_blanked">{{ mailcow_info.version_tag }}</a></p>
+                            <p ><a href="{{ mailcow_info.git_project_url }}/releases/tag/{{ mailcow_info.version_tag }}" id="mailcow_version" target="_blank">{{ mailcow_info.version_tag }}</a></p>
                             <p id="mailcow_update"></p>
                           </div>
                         </td>

From f7f93c360df381582e02b36b921e3667379b5a6d Mon Sep 17 00:00:00 2001
From: Leon Schmidt <leon18058r@gmail.com>
Date: Fri, 10 May 2024 19:56:31 +0200
Subject: [PATCH 209/755] fix formatting of the mailcow version tag link

---
 data/web/templates/debug.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/templates/debug.twig b/data/web/templates/debug.twig
index ff37e6287..f63ef1f1f 100644
--- a/data/web/templates/debug.twig
+++ b/data/web/templates/debug.twig
@@ -77,7 +77,7 @@
                         <td>Version</td>
                         <td class="text-break">
                           <div class="fw-bolder">
-                            <p ><a href="{{ mailcow_info.git_project_url }}/releases/tag/{{ mailcow_info.version_tag }}" id="mailcow_version" target="_blank">{{ mailcow_info.version_tag }}</a></p>
+                            <p><a href="{{ mailcow_info.git_project_url }}/releases/tag/{{ mailcow_info.version_tag }}" id="mailcow_version" target="_blank">{{ mailcow_info.version_tag }}</a></p>
                             <p id="mailcow_update"></p>
                           </div>
                         </td>

From 8a8687a63cbf4e82dcdf0a7dd00f3060b7e0512c Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 10 May 2024 22:38:08 +0200
Subject: [PATCH 210/755] [Web] Updated lang.zh-cn.json (#5876)

Co-authored-by: Koala Ng <tonghoil@hotmail.com>
---
 data/web/lang/lang.zh-cn.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index 38c51538d..0d660c189 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -337,7 +337,8 @@
         "verify": "验证",
         "yes": "&#10003;",
         "options": "选项",
-        "f2b_max_ban_time": "最长封禁时间（秒）"
+        "f2b_max_ban_time": "最长封禁时间（秒）",
+        "copy_to_clipboard": "复制到粘贴板"
     },
     "danger": {
         "access_denied": "访问被拒绝或者表单数据无效",
@@ -457,7 +458,8 @@
         "validity_missing": "请设置有效期",
         "value_missing": "请填入所有值",
         "yotp_verification_failed": "Yubico OTP 认证失败: %s",
-        "template_exists": "模板 %s 已存在"
+        "template_exists": "模板 %s 已存在",
+        "template_name_invalid": "模板名称无效"
     },
     "debug": {
         "chart_this_server": "图表 (此服务器)",

From 58f63aad08761c5fab36d887d7db86a19362f9ab Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Mon, 13 May 2024 15:02:41 +0200
Subject: [PATCH 211/755] [UI] Corrected Sieve Preset 1 (Fixed Regex)

---
 data/web/inc/presets/sieve/sieve_1.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/presets/sieve/sieve_1.yml b/data/web/inc/presets/sieve/sieve_1.yml
index e7fa8c846..45e0eb46c 100644
--- a/data/web/inc/presets/sieve/sieve_1.yml
+++ b/data/web/inc/presets/sieve/sieve_1.yml
@@ -1,7 +1,7 @@
 headline: lang.sieve_preset_1
 content: |
   require ["reject","body","regex"];
-  if anyof (body :raw :regex ["filename=.*\.doc","filename=.*\.exe","filename=.*\.moo"]) {
+  if anyof (body :raw :regex ["filename=\".*\\.(doc|exe|moo)\""]) {
     reject text:
   doc, exe and moo are dangerous file extensions.
   Why would you do that? I am a sad cow.

From 6ba2459645567f027ee00b5d0109a61328ba9462 Mon Sep 17 00:00:00 2001
From: Pierre Pelletier <pierre@ppelletier.fr>
Date: Sat, 18 May 2024 11:38:41 +0000
Subject: [PATCH 212/755] Fixed blocking last connection fetching

---
 data/web/inc/header.inc.php                | 1 -
 data/web/js/site/user.js                   | 2 +-
 data/web/templates/base.twig               | 1 -
 data/web/templates/user/tab-user-auth.twig | 2 +-
 4 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/data/web/inc/header.inc.php b/data/web/inc/header.inc.php
index 9afc288dd..5fe25bef0 100644
--- a/data/web/inc/header.inc.php
+++ b/data/web/inc/header.inc.php
@@ -49,7 +49,6 @@ $globalVariables = [
   'app_links' => customize('get', 'app_links'),
   'is_root_uri' => (parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH) == '/'),
   'uri' => $_SERVER['REQUEST_URI'],
-  'last_login' => last_login('get', $_SESSION['mailcow_cc_username'], 7, 0)['ui']['time']
 ];
 
 foreach ($globalVariables as $globalVariableName => $globalVariableValue) {
diff --git a/data/web/js/site/user.js b/data/web/js/site/user.js
index 088321cd3..59d65d8ce 100644
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@@ -676,5 +676,5 @@ jQuery(function($){
   onVisible("[id^=wl_policy_mailbox_table]", () => draw_wl_policy_mailbox_table());
   onVisible("[id^=sync_job_table]", () => draw_sync_job_table());
   onVisible("[id^=app_passwd_table]", () => draw_app_passwd_table());
-  last_logins('get');
+  onVisible("[id^=recent-logins]", () => last_logins('get'));
 });
diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig
index ca744d2a3..bd1f5b413 100644
--- a/data/web/templates/base.twig
+++ b/data/web/templates/base.twig
@@ -146,7 +146,6 @@
   var lang_fido2 = {{ lang_fido2|raw }};
   var docker_timeout = {{ docker_timeout|raw }} * 1000;
   var mailcow_cc_role = '{{ mailcow_cc_role }}';
-  var last_login = '{{ last_login }}';
   var mailcow_info = {
     version_tag: '{{ mailcow_info.version_tag }}',
     last_version_tag: '{{ mailcow_info.last_version_tag }}',
diff --git a/data/web/templates/user/tab-user-auth.twig b/data/web/templates/user/tab-user-auth.twig
index 4d55b7090..bc15dfb05 100644
--- a/data/web/templates/user/tab-user-auth.twig
+++ b/data/web/templates/user/tab-user-auth.twig
@@ -155,7 +155,7 @@
               <li class="login-history" data-days="31"><a class="dropdown-item" href="#">1 {{ lang.user.month }}</a></li>
             </ul>
           </div>
-          <div class="last-login mt-4"></div>
+          <div class="last-login mt-4" id="recent-logins"></div>
           <span class="clear-last-logins mt-2">
             {{ lang.user.clear_recent_successful_connections }}
           </span>

From e5ada994befc9bf6fd34a4f3061a2c2674cabeb0 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 22 May 2024 18:17:51 +0000
Subject: [PATCH 213/755] Update alpine Docker tag to v3.20

Signed-off-by: milkmaker <milkmaker@mailcow.de>
---
 .../EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml b/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml
index 53d9193bb..7ec97f16f 100644
--- a/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml
+++ b/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml
@@ -26,6 +26,6 @@ services:
         - /var/run/mysqld/mysqld.sock:/var/run/mysqld/mysqld.sock
 
     mysql-mailcow:
-      image: alpine:3.19
+      image: alpine:3.20
       command: /bin/true
       restart: "no"

From cac65d081eeb08668c65750b105061a4c42f93ec Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 28 May 2024 12:54:13 +0000
Subject: [PATCH 214/755] chore(deps): update dependency nextcloud/server to
 v28.0.6

Signed-off-by: milkmaker <milkmaker@mailcow.de>
---
 helper-scripts/nextcloud.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helper-scripts/nextcloud.sh b/helper-scripts/nextcloud.sh
index 60d6ed78e..d35493ae9 100755
--- a/helper-scripts/nextcloud.sh
+++ b/helper-scripts/nextcloud.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # renovate: datasource=github-releases depName=nextcloud/server versioning=semver extractVersion=^v(?<version>.*)$
-NEXTCLOUD_VERSION=28.0.1
+NEXTCLOUD_VERSION=28.0.6
 
 echo -ne "Checking prerequisites..."
 sleep 1

From 64cd7e74c576bb91a23462c1da42f1c4879fe445 Mon Sep 17 00:00:00 2001
From: Thomas Bella <thomas@bella.network>
Date: Tue, 28 May 2024 20:29:05 +0200
Subject: [PATCH 215/755] Switch IP2Country lookup backend to shortened version

Improves performance of #5880
---
 data/web/inc/functions.inc.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 3cff09b95..8e0ac580b 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -284,17 +284,17 @@ function last_login($action, $username, $sasl_limit_days = 7, $ui_offset = 1) {
             }
             if (!$sasl[$k]['location']) {
               $curl = curl_init();
-              curl_setopt($curl, CURLOPT_URL,"https://dfdata.bella.network/lookup/" . $sasl[$k]['real_rip']);
+              curl_setopt($curl, CURLOPT_URL,"https://dfdata.bella.network/country/" . $sasl[$k]['real_rip']);
               curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
               curl_setopt($curl, CURLOPT_USERAGENT, 'Moocow');
               curl_setopt($curl, CURLOPT_TIMEOUT, 5);
               $ip_data = curl_exec($curl);
               if (!curl_errno($curl)) {
                 $ip_data_array = json_decode($ip_data, true);
-                if ($ip_data_array !== false and !empty($ip_data_array['location']['shortcountry'])) {
-                  $sasl[$k]['location'] = $ip_data_array['location']['shortcountry'];
+                if ($ip_data_array !== false and !empty($ip_data_array['shortcountry'])) {
+                  $sasl[$k]['location'] = $ip_data_array['shortcountry'];
                     try {
-                      $redis->hSet('IP_SHORTCOUNTRY', $sasl[$k]['real_rip'], $ip_data_array['location']['shortcountry']);
+                      $redis->hSet('IP_SHORTCOUNTRY', $sasl[$k]['real_rip'], $ip_data_array['shortcountry']);
                     }
                     catch (RedisException $e) {
                       $_SESSION['return'][] = array(

From 11e9a77840b0fc2d50e04494b837de2fe487ab45 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sat, 1 Jun 2024 00:15:03 +0000
Subject: [PATCH 216/755] update postscreen_access.cidr

---
 data/conf/postfix/postscreen_access.cidr | 103 +++++++++++------------
 1 file changed, 47 insertions(+), 56 deletions(-)

diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr
index 34ff04ea5..d8c9c893b 100644
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@@ -1,6 +1,6 @@
-# Whitelist generated by Postwhite v3.4 on Mon Apr  1 00:15:02 UTC 2024
+# Whitelist generated by Postwhite v3.4 on Sat Jun  1 00:15:02 UTC 2024
 # https://github.com/stevejenkins/postwhite/
-# 2009 total rules
+# 2000 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
 2a01:111:f403:8000::/50	permit
@@ -13,14 +13,15 @@
 2.207.151.53	permit
 3.70.123.177	permit
 3.93.157.0/24	permit
+3.94.40.108	permit
 3.129.120.190	permit
-3.137.16.58	permit
 3.210.190.0/24	permit
 8.20.114.31	permit
 8.25.194.0/23	permit
 8.25.196.0/23	permit
 8.39.54.0/23	permit
 8.40.222.0/23	permit
+10.162.0.0/16	permit
 12.130.86.238	permit
 13.70.32.43	permit
 13.72.50.45	permit
@@ -32,12 +33,15 @@
 13.110.216.0/22	permit
 13.110.224.0/20	permit
 13.111.0.0/16	permit
+13.111.191.0/24	permit
 15.200.21.50	permit
 15.200.44.248	permit
 15.200.201.185	permit
+17.41.0.0/16	permit
 17.57.155.0/24	permit
 17.57.156.0/24	permit
 17.58.0.0/16	permit
+17.142.0.0/15	permit
 18.156.89.250	permit
 18.157.243.190	permit
 18.194.95.56	permit
@@ -65,10 +69,9 @@
 20.107.239.64/30	permit
 20.112.250.133	permit
 20.118.139.208/30	permit
-20.185.213.160/27	permit
-20.185.213.224/27	permit
+20.141.10.196	permit
+20.185.213.0/24	permit
 20.185.214.0/27	permit
-20.185.214.2	permit
 20.185.214.32/27	permit
 20.185.214.64/27	permit
 20.231.239.246	permit
@@ -121,7 +124,6 @@
 44.206.138.57	permit
 44.236.56.93	permit
 44.238.220.251	permit
-46.19.168.0/23	permit
 46.19.170.16	permit
 46.226.48.0/21	permit
 46.228.36.37	permit
@@ -182,11 +184,9 @@
 50.18.125.237	permit
 50.18.126.162	permit
 50.31.32.0/19	permit
-50.56.130.220	permit
-50.56.130.221	permit
+50.56.130.220/30	permit
 51.137.58.21	permit
 51.140.75.55	permit
-51.144.100.179	permit
 52.1.14.157	permit
 52.5.230.59	permit
 52.27.5.72	permit
@@ -194,18 +194,19 @@
 52.28.63.81	permit
 52.36.138.31	permit
 52.37.142.146	permit
+52.50.24.208	permit
 52.58.216.183	permit
 52.59.143.3	permit
 52.60.41.5	permit
 52.60.115.116	permit
 52.61.91.9	permit
 52.71.0.205	permit
-52.82.172.0/22	permit
 52.94.124.0/28	permit
 52.95.48.152/29	permit
 52.95.49.88/29	permit
 52.96.91.34	permit
 52.96.111.82	permit
+52.96.172.98	permit
 52.96.214.50	permit
 52.96.222.194	permit
 52.96.222.226	permit
@@ -215,7 +216,6 @@
 52.100.0.0/14	permit
 52.103.0.0/17	permit
 52.119.213.144/28	permit
-52.160.39.140	permit
 52.165.175.144	permit
 52.185.106.240/28	permit
 52.200.59.0/24	permit
@@ -227,15 +227,16 @@
 52.222.75.85	permit
 52.222.89.228	permit
 52.234.172.96/28	permit
+52.235.253.128	permit
 52.236.28.240/28	permit
 52.244.206.214	permit
 52.247.53.144	permit
 52.250.107.196	permit
 52.250.126.174	permit
 54.90.148.255	permit
+54.165.19.38	permit
 54.172.97.247	permit
 54.174.52.0/24	permit
-54.174.53.128/30	permit
 54.174.57.0/24	permit
 54.174.59.0/24	permit
 54.174.60.0/23	permit
@@ -267,7 +268,6 @@
 62.201.172.32/27	permit
 62.253.227.114	permit
 63.80.14.0/23	permit
-63.111.28.137	permit
 63.128.21.0/24	permit
 63.143.57.128/25	permit
 63.143.59.128/25	permit
@@ -283,17 +283,6 @@
 64.127.115.252	permit
 64.132.88.0/23	permit
 64.132.92.0/24	permit
-64.147.123.17	permit
-64.147.123.18	permit
-64.147.123.19	permit
-64.147.123.20	permit
-64.147.123.21	permit
-64.147.123.24	permit
-64.147.123.25	permit
-64.147.123.26	permit
-64.147.123.27	permit
-64.147.123.28	permit
-64.147.123.29	permit
 64.147.123.128/27	permit
 64.207.219.7	permit
 64.207.219.8	permit
@@ -351,21 +340,7 @@
 65.154.166.0/24	permit
 65.212.180.36	permit
 66.102.0.0/20	permit
-66.111.4.25	permit
-66.111.4.26	permit
-66.111.4.27	permit
-66.111.4.28	permit
-66.111.4.29	permit
-66.111.4.221	permit
-66.111.4.222	permit
-66.111.4.224	permit
-66.111.4.225	permit
-66.111.4.229	permit
-66.111.4.230	permit
 66.119.150.192/26	permit
-66.135.202.0/27	permit
-66.135.215.0/24	permit
-66.135.222.1	permit
 66.162.193.226/31	permit
 66.163.184.0/24	permit
 66.163.185.0/24	permit
@@ -471,6 +446,10 @@
 69.65.42.195	permit
 69.65.49.192/29	permit
 69.72.32.0/20	permit
+69.72.40.93	permit
+69.72.40.94/31	permit
+69.72.40.96/30	permit
+69.72.47.205	permit
 69.147.84.227	permit
 69.162.98.0/24	permit
 69.169.224.0/20	permit
@@ -479,7 +458,6 @@
 70.37.151.128/25	permit
 70.42.149.0/24	permit
 70.42.149.35	permit
-72.3.237.64/28	permit
 72.14.192.0/18	permit
 72.21.192.0/19	permit
 72.21.217.142	permit
@@ -1297,6 +1275,7 @@
 108.175.30.45	permit
 108.177.8.0/21	permit
 108.177.96.0/19	permit
+108.179.144.0/20	permit
 109.237.142.0/24	permit
 111.221.23.128/25	permit
 111.221.26.0/27	permit
@@ -1406,6 +1385,12 @@
 139.180.17.0/24	permit
 141.148.159.229	permit
 141.193.32.0/23	permit
+141.193.184.32/27	permit
+141.193.184.64/26	permit
+141.193.184.128/25	permit
+141.193.185.32/27	permit
+141.193.185.64/26	permit
+141.193.185.128/25	permit
 143.55.224.0/21	permit
 143.55.232.0/22	permit
 143.55.236.0/22	permit
@@ -1419,8 +1404,7 @@
 144.178.38.0/24	permit
 145.253.228.160/29	permit
 145.253.239.128/29	permit
-146.20.14.105	permit
-146.20.14.107	permit
+146.20.14.104/30	permit
 146.20.112.0/26	permit
 146.20.113.0/24	permit
 146.20.191.0/24	permit
@@ -1495,10 +1479,9 @@
 163.47.180.0/22	permit
 163.114.130.16	permit
 163.114.132.120	permit
-164.177.132.168	permit
-164.177.132.169	permit
-164.177.132.170	permit
-164.177.132.171	permit
+163.114.134.16	permit
+163.114.135.16	permit
+164.177.132.168/30	permit
 165.173.128.0/24	permit
 166.78.68.0/22	permit
 166.78.68.221	permit
@@ -1575,9 +1558,13 @@
 185.80.93.227	permit
 185.80.95.31	permit
 185.90.20.0/22	permit
+185.138.56.128/25	permit
 185.189.236.0/22	permit
 185.211.120.0/22	permit
 185.250.236.0/22	permit
+185.250.239.148	permit
+185.250.239.168	permit
+185.250.239.190	permit
 188.125.68.132	permit
 188.125.68.152/31	permit
 188.125.68.156	permit
@@ -1645,7 +1632,6 @@
 193.122.128.100	permit
 193.123.56.63	permit
 194.19.134.0/25	permit
-194.64.234.128/27	permit
 194.64.234.129	permit
 194.106.220.0/23	permit
 194.113.24.0/22	permit
@@ -1667,9 +1653,13 @@
 198.37.144.0/20	permit
 198.37.152.186	permit
 198.61.254.0/23	permit
+198.61.254.21	permit
 198.61.254.231	permit
 198.178.234.57	permit
 198.244.48.0/20	permit
+198.244.59.30	permit
+198.244.59.33	permit
+198.244.59.35	permit
 198.244.60.0/22	permit
 198.245.80.0/20	permit
 198.245.81.0/24	permit
@@ -1681,7 +1671,9 @@
 199.34.22.36	permit
 199.59.148.0/22	permit
 199.67.80.2	permit
+199.67.80.20	permit
 199.67.82.2	permit
+199.67.82.20	permit
 199.67.84.0/24	permit
 199.67.86.0/24	permit
 199.67.88.0/24	permit
@@ -1733,7 +1725,6 @@
 203.209.230.76/31	permit
 204.11.168.0/21	permit
 204.13.11.48/29	permit
-204.13.11.48/30	permit
 204.14.232.0/21	permit
 204.14.232.64/28	permit
 204.14.234.64/28	permit
@@ -1742,7 +1733,6 @@
 204.92.114.187	permit
 204.92.114.203	permit
 204.92.114.204/31	permit
-204.132.224.66	permit
 204.141.32.0/23	permit
 204.141.42.0/23	permit
 204.220.160.0/20	permit
@@ -1786,8 +1776,7 @@
 207.67.98.192/27	permit
 207.68.176.0/26	permit
 207.68.176.96/27	permit
-207.97.204.96	permit
-207.97.204.97	permit
+207.97.204.96/29	permit
 207.126.144.0/20	permit
 207.171.160.0/19	permit
 207.211.30.64/26	permit
@@ -1826,7 +1815,6 @@
 208.71.42.212/31	permit
 208.71.42.214	permit
 208.72.249.240/29	permit
-208.74.204.0/22	permit
 208.74.204.5	permit
 208.74.204.9	permit
 208.75.120.0/22	permit
@@ -1842,6 +1830,9 @@
 209.46.117.168	permit
 209.46.117.179	permit
 209.61.151.0/24	permit
+209.61.151.236	permit
+209.61.151.249	permit
+209.61.151.251	permit
 209.67.98.46	permit
 209.67.98.59	permit
 209.85.128.0/17	permit
@@ -1951,7 +1942,6 @@
 216.39.62.60/31	permit
 216.39.62.136/29	permit
 216.39.62.144/31	permit
-216.46.168.0/24	permit
 216.58.192.0/19	permit
 216.66.217.240/29	permit
 216.71.138.33	permit
@@ -1966,9 +1956,6 @@
 216.99.5.68	permit
 216.109.114.32/27	permit
 216.109.114.64/29	permit
-216.113.160.0/24	permit
-216.113.172.0/25	permit
-216.113.175.0/24	permit
 216.128.126.97	permit
 216.136.162.65	permit
 216.136.162.120/29	permit
@@ -1999,6 +1986,8 @@
 2603:1030:20e:3::23c	permit
 2603:1030:b:3::152	permit
 2603:1030:c02:8::14	permit
+2607:13c0:0001:0000:0000:0000:0000:7000/116	permit
+2607:13c0:0002:0000:0000:0000:0000:1000/116	permit
 2607:f8b0:4000::/36	permit
 2620:109:c003:104::/64	permit
 2620:109:c003:104::215	permit
@@ -2007,6 +1996,8 @@
 2620:109:c00d:104::/64	permit
 2620:10d:c090:400::8:1	permit
 2620:10d:c091:400::8:1	permit
+2620:10d:c09b:400::8:1	permit
+2620:10d:c09c:400::8:1	permit
 2620:119:50c0:207::/64	permit
 2620:119:50c0:207::215	permit
 2800:3f0:4000::/36	permit

From 3080a702874f70f79061cd42f2cc6537fbec1a87 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 3 Jun 2024 09:20:54 +0200
Subject: [PATCH 217/755] [Nightly][SOGo] Update to 5.10.0

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index f882d94a2..2fc444b5b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -190,7 +190,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:nightly-20240220
+      image: mailcow/sogo:nightly-20240603
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}

From ba8902f0b18ccf58d30081aa9cf80eb8574dd0f9 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 5 Jun 2024 11:52:48 +0200
Subject: [PATCH 218/755] os: updated all Alpine containers to 3.20

---
 data/Dockerfiles/acme/Dockerfile              |  8 +++-----
 data/Dockerfiles/backup/Dockerfile            |  2 +-
 data/Dockerfiles/clamd/Dockerfile             |  2 +-
 data/Dockerfiles/dockerapi/Dockerfile         |  2 +-
 .../dockerapi/modules/DockerApi.py            |  4 ++--
 data/Dockerfiles/dovecot/Dockerfile           |  6 ++----
 data/Dockerfiles/netfilter/Dockerfile         |  2 +-
 data/Dockerfiles/netfilter/main.py            | 20 +++++++++----------
 data/Dockerfiles/olefy/Dockerfile             |  2 +-
 data/Dockerfiles/phpfpm/Dockerfile            |  2 +-
 data/Dockerfiles/unbound/Dockerfile           |  2 +-
 data/Dockerfiles/watchdog/Dockerfile          |  2 +-
 docker-compose.yml                            | 18 ++++++++---------
 13 files changed, 34 insertions(+), 38 deletions(-)

diff --git a/data/Dockerfiles/acme/Dockerfile b/data/Dockerfiles/acme/Dockerfile
index 39ac4c268..f22c71628 100644
--- a/data/Dockerfiles/acme/Dockerfile
+++ b/data/Dockerfiles/acme/Dockerfile
@@ -1,8 +1,8 @@
-FROM alpine:3.18
+FROM alpine:3.20
 
 LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
-ARG PIP_BREAK_SYSTEM_PACKAGES=1
+
 RUN apk upgrade --no-cache \
   && apk add --update --no-cache \
   bash \
@@ -15,9 +15,7 @@ RUN apk upgrade --no-cache \
   tini \
   tzdata \
   python3 \
-  py3-pip \
-  && pip3 install --upgrade pip \
-  && pip3 install acme-tiny
+  acme-tiny --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing/
 
 COPY acme.sh /srv/acme.sh
 COPY functions.sh /srv/functions.sh
diff --git a/data/Dockerfiles/backup/Dockerfile b/data/Dockerfiles/backup/Dockerfile
index f9d849b1a..61c8bbe58 100644
--- a/data/Dockerfiles/backup/Dockerfile
+++ b/data/Dockerfiles/backup/Dockerfile
@@ -1,3 +1,3 @@
-FROM debian:bullseye-slim
+FROM debian:bookworm-slim
 
 RUN apt update && apt install pigz
\ No newline at end of file
diff --git a/data/Dockerfiles/clamd/Dockerfile b/data/Dockerfiles/clamd/Dockerfile
index cdeedfddb..ab1e2550f 100644
--- a/data/Dockerfiles/clamd/Dockerfile
+++ b/data/Dockerfiles/clamd/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 
 LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
diff --git a/data/Dockerfiles/dockerapi/Dockerfile b/data/Dockerfiles/dockerapi/Dockerfile
index d11f5dda6..511c46234 100644
--- a/data/Dockerfiles/dockerapi/Dockerfile
+++ b/data/Dockerfiles/dockerapi/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 
 LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
diff --git a/data/Dockerfiles/dockerapi/modules/DockerApi.py b/data/Dockerfiles/dockerapi/modules/DockerApi.py
index ea1c104e8..560199091 100644
--- a/data/Dockerfiles/dockerapi/modules/DockerApi.py
+++ b/data/Dockerfiles/dockerapi/modules/DockerApi.py
@@ -358,8 +358,8 @@ class DockerApi:
         for line in cmd_response.split("\n"):
           if '$2$' in line:
             hash = line.strip()
-            hash_out = re.search('\$2\$.+$', hash).group(0)
-            rspamd_passphrase_hash = re.sub('[^0-9a-zA-Z\$]+', '', hash_out.rstrip())
+            hash_out = re.search(r'\$2\$.+$', hash).group(0)
+            rspamd_passphrase_hash = re.sub(r'[^0-9a-zA-Z\$]+', '', hash_out.rstrip())
             rspamd_password_filename = "/etc/rspamd/override.d/worker-controller-password.inc"
             cmd = '''/bin/echo 'enable_password = "%s";' > %s && cat %s''' % (rspamd_passphrase_hash, rspamd_password_filename, rspamd_password_filename)
             cmd_response = self.exec_cmd_container(container, cmd, user="_rspamd")
diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index 586d8a737..c33772db4 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced extractVersion=^(?<version>.*)$
@@ -62,7 +62,7 @@ RUN addgroup -g 5000 vmail \
   perl-package-stash-xs \
   perl-par-packer \
   perl-parse-recdescent \
-  perl-lockfile-simple --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community/ \
+  perl-lockfile-simple \
   libproc \
   perl-readonly \
   perl-regexp-common \
@@ -109,8 +109,6 @@ RUN addgroup -g 5000 vmail \
   && chmod +x /usr/local/bin/gosu \
   && gosu nobody true
 
-# RUN cpan LockFile::Simple
-
 COPY trim_logs.sh /usr/local/bin/trim_logs.sh
 COPY clean_q_aged.sh /usr/local/bin/clean_q_aged.sh
 COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
diff --git a/data/Dockerfiles/netfilter/Dockerfile b/data/Dockerfiles/netfilter/Dockerfile
index 8a561f060..4f65f8e08 100644
--- a/data/Dockerfiles/netfilter/Dockerfile
+++ b/data/Dockerfiles/netfilter/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 WORKDIR /app
diff --git a/data/Dockerfiles/netfilter/main.py b/data/Dockerfiles/netfilter/main.py
index c3ca379ca..c5667dc5f 100644
--- a/data/Dockerfiles/netfilter/main.py
+++ b/data/Dockerfiles/netfilter/main.py
@@ -80,16 +80,16 @@ def refreshF2bregex():
   global exit_code
   if not r.get('F2B_REGEX'):
     f2bregex = {}
-    f2bregex[1] = 'mailcow UI: Invalid password for .+ by ([0-9a-f\.:]+)'
-    f2bregex[2] = 'Rspamd UI: Invalid password by ([0-9a-f\.:]+)'
-    f2bregex[3] = 'warning: .*\[([0-9a-f\.:]+)\]: SASL .+ authentication failed: (?!.*Connection lost to authentication server).+'
-    f2bregex[4] = 'warning: non-SMTP command from .*\[([0-9a-f\.:]+)]:.+'
-    f2bregex[5] = 'NOQUEUE: reject: RCPT from \[([0-9a-f\.:]+)].+Protocol error.+'
-    f2bregex[6] = '-login: Disconnected.+ \(auth failed, .+\): user=.*, method=.+, rip=([0-9a-f\.:]+),'
-    f2bregex[7] = '-login: Aborted login.+ \(auth failed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
-    f2bregex[8] = '-login: Aborted login.+ \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
-    f2bregex[9] = 'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked'
-    f2bregex[10] = '([0-9a-f\.:]+) \"GET \/SOGo\/.* HTTP.+\" 403 .+'
+    f2bregex[1] = r'mailcow UI: Invalid password for .+ by ([0-9a-f\.:]+)'
+    f2bregex[2] = r'Rspamd UI: Invalid password by ([0-9a-f\.:]+)'
+    f2bregex[3] = r'warning: .*\[([0-9a-f\.:]+)\]: SASL .+ authentication failed: (?!.*Connection lost to authentication server).+'
+    f2bregex[4] = r'warning: non-SMTP command from .*\[([0-9a-f\.:]+)]:.+'
+    f2bregex[5] = r'NOQUEUE: reject: RCPT from \[([0-9a-f\.:]+)].+Protocol error.+'
+    f2bregex[6] = r'-login: Disconnected.+ \(auth failed, .+\): user=.*, method=.+, rip=([0-9a-f\.:]+),'
+    f2bregex[7] = r'-login: Aborted login.+ \(auth failed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
+    f2bregex[8] = r'-login: Aborted login.+ \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
+    f2bregex[9] = r'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked'
+    f2bregex[10] = r'([0-9a-f\.:]+) \"GET \/SOGo\/.* HTTP.+\" 403 .+'
     r.set('F2B_REGEX', json.dumps(f2bregex, ensure_ascii=False))
   else:
     try:
diff --git a/data/Dockerfiles/olefy/Dockerfile b/data/Dockerfiles/olefy/Dockerfile
index bd6e0af35..e71ea9ff2 100644
--- a/data/Dockerfiles/olefy/Dockerfile
+++ b/data/Dockerfiles/olefy/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG PIP_BREAK_SYSTEM_PACKAGES=1
diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index 22036b9b3..ef600fef6 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:8.2-fpm-alpine3.18
+FROM php:8.2-fpm-alpine3.20
 LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 # renovate: datasource=github-tags depName=krakjoe/apcu versioning=semver-coerced extractVersion=^v(?<version>.*)$
diff --git a/data/Dockerfiles/unbound/Dockerfile b/data/Dockerfiles/unbound/Dockerfile
index e7204481f..0ad5a05f0 100644
--- a/data/Dockerfiles/unbound/Dockerfile
+++ b/data/Dockerfiles/unbound/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.18
+FROM alpine:3.20
 
 LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
diff --git a/data/Dockerfiles/watchdog/Dockerfile b/data/Dockerfiles/watchdog/Dockerfile
index 73acde68f..a844d73bc 100644
--- a/data/Dockerfiles/watchdog/Dockerfile
+++ b/data/Dockerfiles/watchdog/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.18
+FROM alpine:3.20
 LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 # Installation
diff --git a/docker-compose.yml b/docker-compose.yml
index 3efd6a42b..8b6a676b1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,7 +2,7 @@ version: '2.1'
 services:
 
     unbound-mailcow:
-      image: mailcow/unbound:1.21
+      image: mailcow/unbound:1.22
       environment:
         - TZ=${TZ}
         - SKIP_UNBOUND_HEALTHCHECK=${SKIP_UNBOUND_HEALTHCHECK:-n}
@@ -62,7 +62,7 @@ services:
             - redis
 
     clamd-mailcow:
-      image: mailcow/clamd:1.65
+      image: mailcow/clamd:1.66
       restart: always
       depends_on:
         unbound-mailcow:
@@ -111,7 +111,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.87
+      image: mailcow/phpfpm:1.88
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow
@@ -222,7 +222,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:1.28.2
+      image: mailcow/dovecot:1.29
       depends_on:
         - mysql-mailcow
         - netfilter-mailcow
@@ -405,7 +405,7 @@ services:
           condition: service_started
         unbound-mailcow:
           condition: service_healthy
-      image: mailcow/acme:1.87
+      image: mailcow/acme:1.88
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:
@@ -441,7 +441,7 @@ services:
             - acme
 
     netfilter-mailcow:
-      image: mailcow/netfilter:1.58
+      image: mailcow/netfilter:1.59
       stop_grace_period: 30s
       restart: always
       privileged: true
@@ -460,7 +460,7 @@ services:
         - /lib/modules:/lib/modules:ro
 
     watchdog-mailcow:
-      image: mailcow/watchdog:2.02
+      image: mailcow/watchdog:2.03
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       tmpfs:
@@ -532,7 +532,7 @@ services:
             - watchdog
 
     dockerapi-mailcow:
-      image: mailcow/dockerapi:2.07
+      image: mailcow/dockerapi:2.08
       security_opt:
         - label=disable
       restart: always
@@ -572,7 +572,7 @@ services:
     ################################
 
     olefy-mailcow:
-      image: mailcow/olefy:1.12
+      image: mailcow/olefy:1.13
       restart: always
       environment:
         - TZ=${TZ}

From af626d98d31637b17ed11a4f96aecaa3e3c67082 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 5 Jun 2024 13:07:12 +0200
Subject: [PATCH 219/755] dovecot: fixed sa-rules download

---
 data/Dockerfiles/dovecot/sa-rules.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/dovecot/sa-rules.sh b/data/Dockerfiles/dovecot/sa-rules.sh
index 89911c19a..cbfeb5af2 100755
--- a/data/Dockerfiles/dovecot/sa-rules.sh
+++ b/data/Dockerfiles/dovecot/sa-rules.sh
@@ -11,7 +11,7 @@ else
 fi
 
 # Deploy
-curl --connect-timeout 15 --retry 10 --max-time 30 http://www.spamassassin.heinlein-support.de/$(dig txt 1.4.3.spamassassin.heinlein-support.de +short | tr -d '"' | tr -dc '0-9').tar.gz --output /tmp/sa-rules-heinlein.tar.gz
+curl --connect-timeout 15 --retry 10 --max-time 30 https://www.spamassassin.heinlein-support.de/$(dig txt 1.4.3.spamassassin.heinlein-support.de +short | tr -d '"' | tr -dc '0-9').tar.gz --output /tmp/sa-rules-heinlein.tar.gz
 if gzip -t /tmp/sa-rules-heinlein.tar.gz; then
   tar xfvz /tmp/sa-rules-heinlein.tar.gz -C /tmp/sa-rules-heinlein
   cat /tmp/sa-rules-heinlein/*cf > /etc/rspamd/custom/sa-rules

From f7ae2a6162958907bbfdd2df5237f343564080c8 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 6 Jun 2024 12:12:30 +0200
Subject: [PATCH 220/755] [Nightly][SOGo] Update 5.10.0

---
 data/Dockerfiles/sogo/bootstrap-sogo.sh |  2 ++
 data/web/inc/init_db.inc.php            | 14 +++++++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/data/Dockerfiles/sogo/bootstrap-sogo.sh b/data/Dockerfiles/sogo/bootstrap-sogo.sh
index 8913fd2c8..134d3853f 100755
--- a/data/Dockerfiles/sogo/bootstrap-sogo.sh
+++ b/data/Dockerfiles/sogo/bootstrap-sogo.sh
@@ -46,6 +46,8 @@ cat <<EOF > /var/lib/sogo/GNUstep/Defaults/sogod.plist
     <string>YES</string>
     <key>SOGoEncryptionKey</key>
     <string>${RAND_PASS}</string>
+    <key>OCSAdminURL</key>
+    <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_admin</string>
     <key>OCSCacheFolderURL</key>
     <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_cache_folder</string>
     <key>OCSEMailAlarmsFolderURL</key>
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index afacbc724..b4ca9c9df 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "08012024_1442";
+    $db_version = "06062024_1210";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -993,6 +993,18 @@ function init_db_schema() {
         ),
         "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
       ),
+      "sogo_admin" => array(
+        "cols" => array(
+          "c_key" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "c_content"  => "mediumtext NOT NULL",
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_key")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
       "pushover" => array(
         "cols" => array(
           "username" => "VARCHAR(255) NOT NULL",

From e0bde1c459bb4b5b8b21a67e0d98ac46b705f1bd Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 6 Jun 2024 15:29:34 +0200
Subject: [PATCH 221/755] compose: removed all versions declarations
 (DEPRECATED)

---
 .../BUILD_FLAGS/docker-compose.override.yml                      | 1 -
 .../EXTERNAL_DNS/docker-compose.override.yml                     | 1 -
 .../EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml            | 1 -
 .../HAPROXY/docker-compose.override.yml                          | 1 -
 4 files changed, 4 deletions(-)

diff --git a/helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml b/helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml
index 8dde63b1b..d2dd0f606 100644
--- a/helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml
+++ b/helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml
@@ -1,4 +1,3 @@
-version: '2.1'
 services:
   unbound-mailcow:
     build: ./data/Dockerfiles/unbound
diff --git a/helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml b/helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml
index 74763bf23..a3566540b 100644
--- a/helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml
+++ b/helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml
@@ -1,4 +1,3 @@
-version: '2.1'
 services:
 
     clamd-mailcow:
diff --git a/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml b/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml
index 53d9193bb..3a42c1c38 100644
--- a/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml
+++ b/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml
@@ -1,4 +1,3 @@
-version: '2.1'
 services:
 
     php-fpm-mailcow:
diff --git a/helper-scripts/docker-compose.override.yml.d/HAPROXY/docker-compose.override.yml b/helper-scripts/docker-compose.override.yml.d/HAPROXY/docker-compose.override.yml
index 5009f4c94..4e1166a46 100644
--- a/helper-scripts/docker-compose.override.yml.d/HAPROXY/docker-compose.override.yml
+++ b/helper-scripts/docker-compose.override.yml.d/HAPROXY/docker-compose.override.yml
@@ -2,7 +2,6 @@
 ## Set haproxy_trusted_networks in Dovecots extra.conf!
 ##
 
-version: '2.1'
 services:
 
     dovecot-mailcow:

From 9ca2fb7ccff5da7eedde3ac61e423f991fd27f45 Mon Sep 17 00:00:00 2001
From: Michael Kuron <m.kuron@gmx.de>
Date: Sat, 8 Jun 2024 12:29:08 +0200
Subject: [PATCH 222/755] Remove discontinued SORBS DNSBL

---
 data/Dockerfiles/postfix/postfix.sh     |  6 ----
 data/conf/rspamd/local.d/rbl.conf       | 16 ----------
 data/conf/rspamd/local.d/rbl_group.conf | 40 -------------------------
 3 files changed, 62 deletions(-)

diff --git a/data/Dockerfiles/postfix/postfix.sh b/data/Dockerfiles/postfix/postfix.sh
index b3098d3af..a173e9a77 100755
--- a/data/Dockerfiles/postfix/postfix.sh
+++ b/data/Dockerfiles/postfix/postfix.sh
@@ -415,12 +415,6 @@ postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
   b.barracudacentral.org=127.0.0.2*7
   bl.mailspike.net=127.0.0.2*5
   bl.mailspike.net=127.0.0.[10;11;12]*4
-  dnsbl.sorbs.net=127.0.0.10*8
-  dnsbl.sorbs.net=127.0.0.5*6
-  dnsbl.sorbs.net=127.0.0.7*3
-  dnsbl.sorbs.net=127.0.0.8*2
-  dnsbl.sorbs.net=127.0.0.6*2
-  dnsbl.sorbs.net=127.0.0.9*2
 EOF
 fi
 DNSBL_CONFIG=$(grep -v '^#' /opt/postfix/conf/dns_blocklists.cf | grep '\S')
diff --git a/data/conf/rspamd/local.d/rbl.conf b/data/conf/rspamd/local.d/rbl.conf
index f132b4d6a..d49dae034 100644
--- a/data/conf/rspamd/local.d/rbl.conf
+++ b/data/conf/rspamd/local.d/rbl.conf
@@ -1,20 +1,4 @@
 rbls {
-  sorbs { 
-    symbol = "RBL_SORBS"; 
-    rbl = "dnsbl.sorbs.net";  
-    returncodes { 
-      # http:// www.sorbs.net/general/using.shtml 
-      RBL_SORBS_HTTP = "127.0.0.2"; 
-      RBL_SORBS_SOCKS = "127.0.0.3";  
-      RBL_SORBS_MISC = "127.0.0.4"; 
-      RBL_SORBS_SMTP = "127.0.0.5"; 
-      RBL_SORBS_RECENT = "127.0.0.6"; 
-      RBL_SORBS_WEB = "127.0.0.7";  
-      RBL_SORBS_DUL = "127.0.0.10"; 
-      RBL_SORBS_BLOCK = "127.0.0.8";  
-      RBL_SORBS_ZOMBIE = "127.0.0.9"; 
-    } 
-  }
   interserver_ip {
     symbol = "RBL_INTERSERVER_IP";
     rbl = "rbl.interserver.net";
diff --git a/data/conf/rspamd/local.d/rbl_group.conf b/data/conf/rspamd/local.d/rbl_group.conf
index 4e3dce71f..4d346f158 100644
--- a/data/conf/rspamd/local.d/rbl_group.conf
+++ b/data/conf/rspamd/local.d/rbl_group.conf
@@ -5,46 +5,6 @@ symbols = {
   "RBL_UCEPROTECT_LEVEL2" {
     score = 1.5;
   }
-  "RBL_SORBS" { 
-    score = 0.0;  
-    description = "Unrecognised result from SORBS RBL"; 
-  } 
-  "RBL_SORBS_HTTP" {  
-    score = 2.5;  
-    description = "List of Open HTTP Proxy Servers."; 
-  } 
-  "RBL_SORBS_SOCKS" { 
-    score = 2.5;  
-    description = "List of Open SOCKS Proxy Servers.";  
-  } 
-  "RBL_SORBS_MISC" {  
-    score = 1.0;  
-    description = "List of open Proxy Servers not listed in the SOCKS or HTTP lists.";  
-  } 
-  "RBL_SORBS_SMTP" {  
-    score = 4.0;  
-    description = "List of Open SMTP relay servers."; 
-  } 
-  "RBL_SORBS_RECENT" {  
-    score = 2.0;  
-    description = "List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS within the last 28 days (includes new.spam.dnsbl.sorbs.net)."; 
-  } 
-  "RBL_SORBS_WEB" { 
-    score = 2.0;  
-    description = "List of web (WWW) servers which have spammer abusable vulnerabilities (e.g. FormMail scripts)";  
-  } 
-  "RBL_SORBS_DUL" { 
-    score = 2.0;  
-    description = "Dynamic IP Address ranges (NOT a Dial Up list!)";  
-  } 
-  "RBL_SORBS_BLOCK" { 
-    score = 0.5;  
-    description = "List of hosts demanding that they never be tested by SORBS.";  
-  } 
-  "RBL_SORBS_ZOMBIE" {  
-    score = 2.0;  
-    description = "List of networks hijacked from their original owners, some of which have already used for spamming.";  
-  }
   "RECEIVED_SPAMHAUS_XBL" {
     weight = 0.0;
     description = "Received address is listed in ZEN XBL";

From 4a052da289c36547fd7863d18e3ba23f8ea5dc78 Mon Sep 17 00:00:00 2001
From: Lasagne <57591331+schichtnudelauflauf@users.noreply.github.com>
Date: Mon, 10 Jun 2024 12:33:02 +0200
Subject: [PATCH 223/755] Add switch to skip fetching certificates
 auto{config,discover} subdomains (#5838)

* Add ACME_DONT_FETCH_CERTS_FOR_HTTP_SUBDOMAINS to acme.sh

* Add ACME_DONT_FETCH_CERTS_FOR_HTTP_SUBDOMAINS to docker-compose.yml

* Add ACME_DONT_FETCH_CERTS_FOR_HTTP_SUBDOMAINS to generate_config.sh

* Add ACME_DONT_FETCH_CERTS_FOR_HTTP_SUBDOMAINS to update.sh

* AUTODISCOVER_SAN instead of long string

default on,
default is fetching certs for auto{discover,conf}

* AUTODISCOVER_SAN instead of long string

also flipped

* AUTODISCOVER_SAN instead of long string

flipped default meaning

* fix explanation for AUTODISCOVER_SAN

* AUTODISCOVER_SAN instead of long string

and flipped meaning of the bool

* fix AUTODISCOVER_SAN explanation

* Merge branch 'mailcow:staging' into staging

* update.sh: corrected syntax for mailcow.conf insertion
---
 data/Dockerfiles/acme/acme.sh |  8 ++++++++
 docker-compose.yml            |  1 +
 generate_config.sh            |  7 +++++++
 update.sh                     | 13 +++++++++++++
 4 files changed, 29 insertions(+)

diff --git a/data/Dockerfiles/acme/acme.sh b/data/Dockerfiles/acme/acme.sh
index 1cd456a49..9d04d10ce 100755
--- a/data/Dockerfiles/acme/acme.sh
+++ b/data/Dockerfiles/acme/acme.sh
@@ -33,6 +33,10 @@ if [[ "${ONLY_MAILCOW_HOSTNAME}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
   ONLY_MAILCOW_HOSTNAME=y
 fi
 
+if [[ "${AUTODISCOVER_SAN}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+  AUTODISCOVER_SAN=y
+fi
+
 # Request individual certificate for every domain
 if [[ "${ENABLE_SSL_SNI}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
   ENABLE_SSL_SNI=y
@@ -211,7 +215,11 @@ while true; do
       ADDITIONAL_SAN_ARR+=($i)
     fi
   done
+
+  if [[ ${AUTODISCOVER_SAN} == "y" ]]; then
+  # Fetch certs for autoconfig and autodiscover subdomains
   ADDITIONAL_WC_ARR+=('autodiscover' 'autoconfig')
+  fi
 
   if [[ ${SKIP_IP_CHECK} != "y" ]]; then
   # Start IP detection
diff --git a/docker-compose.yml b/docker-compose.yml
index 230fd8505..2d4de525c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -411,6 +411,7 @@ services:
         - LOG_LINES=${LOG_LINES:-9999}
         - ACME_CONTACT=${ACME_CONTACT:-}
         - ADDITIONAL_SAN=${ADDITIONAL_SAN}
+        - AUTODISCOVER_SAN=${AUTODISCOVER_SAN:-y}
         - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}
diff --git a/generate_config.sh b/generate_config.sh
index 05d9ee2f1..f97ddd9a4 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -336,6 +336,13 @@ MAILDIR_GC_TIME=7200
 
 ADDITIONAL_SAN=
 
+# Obtain certificates for autodiscover.* and autoconfig.* domains.
+# This can be useful to switch off in case you are in a scenario where a reverse proxy already handles those.
+# There are mixed scenarios where ports 80,443 are occupied and you do not want to share certs
+# between services. So acme-mailcow obtains for maildomains and all web-things get handled
+# in the reverse proxy.
+AUTODISCOVER_SAN=y
+
 # Additional server names for mailcow UI
 #
 # Specify alternative addresses for the mailcow UI to respond to
diff --git a/update.sh b/update.sh
index f1e31652c..0c8f85fed 100755
--- a/update.sh
+++ b/update.sh
@@ -450,6 +450,7 @@ CONFIG_ARRAY=(
   "SKIP_CLAMD"
   "SKIP_IP_CHECK"
   "ADDITIONAL_SAN"
+  "AUTODISCOVER_SAN"
   "DOVEADM_PORT"
   "IPV4_NETWORK"
   "IPV6_NETWORK"
@@ -715,6 +716,18 @@ for option in ${CONFIG_ARRAY[@]}; do
       echo '# Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f' >> mailcow.conf
       echo 'ADDITIONAL_SERVER_NAMES=' >> mailcow.conf
     fi
+
+  elif [[ ${option} == "AUTODISCOVER_SAN" ]]; then
+    if ! grep -q ${option} mailcow.conf; then
+      echo "Adding new option \"${option}\" to mailcow.conf"
+      echo '# Obtain certificates for autodiscover.* and autoconfig.* domains.' >> mailcow.conf
+      echo '# This can be useful to switch off in case you are in a scenario where a reverse proxy already handles those.' >> mailcow.conf
+      echo '# There are mixed scenarios where ports 80,443 are occupied and you do not want to share certs' >> mailcow.conf
+      echo '# between services. So acme-mailcow obtains for maildomains and all web-things get handled' >> mailcow.conf
+      echo '# in the reverse proxy.' >> mailcow.conf
+      echo 'AUTODISCOVER_SAN=y' >> mailcow.conf
+    fi
+
   elif [[ ${option} == "ACME_CONTACT" ]]; then
     if ! grep -q ${option} mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"

From 533c4e7956146baa2f0da8789a3eb39d195ce675 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Mon, 10 Jun 2024 14:21:13 +0200
Subject: [PATCH 224/755] nextcloud: add deprecation notice once script start

---
 helper-scripts/nextcloud.sh | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/helper-scripts/nextcloud.sh b/helper-scripts/nextcloud.sh
index d35493ae9..19b4c28c1 100755
--- a/helper-scripts/nextcloud.sh
+++ b/helper-scripts/nextcloud.sh
@@ -2,6 +2,39 @@
 # renovate: datasource=github-releases depName=nextcloud/server versioning=semver extractVersion=^v(?<version>.*)$
 NEXTCLOUD_VERSION=28.0.6
 
+display_warning() {
+    local message=("$@")
+    local max_length=0
+
+    for line in "${message[@]}"; do
+        if (( ${#line} > max_length )); then
+            max_length=${#line}
+        fi
+    done
+
+    local border=$(printf '%*s' "$((max_length + 4))" '' | tr ' ' '#')
+
+    echo -e "\e[31m${border}"
+    for line in "${message[@]}"; do
+        printf "\e[31m# %-*s #\n" "$max_length" "$line"
+    done
+    echo -e "\e[31m${border}"
+    echo -e "\e[0m"
+}
+
+display_warning "WARNING: This Script is deprecated and will be removed in December 2024!" \
+                "mailcow will drop this installation/maintenance script within December 2024..." \
+                "To ensure you can still use your Nextcloud Datas, please migrate to a standalone" \
+                "Nextcloud instance either on a new Host or this host." \
+                "You can either use Nextcloud in Docker or install it manually." \
+                " "\
+                "mailcow will NOT DELETE any Nextcloud Data, even when this script was removed!!"
+
+echo -e "Waiting 5 seconds before continuing..."
+
+
+sleep 5
+
 echo -ne "Checking prerequisites..."
 sleep 1
 for bin in curl dirmngr tar bzip2; do

From 38b0641742c6b7cfd77d52cc6aa38a2b1b2940ac Mon Sep 17 00:00:00 2001
From: Daniel <daniel.pfund@gmail.com>
Date: Mon, 10 Jun 2024 14:51:55 +0200
Subject: [PATCH 225/755] Remove unnecessary log lines in Postfix's log (#5817)

* Update main.cf

In order to avoid unnecessary log lines, changed:

smtpd_discard_ehlo_keywords = chunking
to this one:

# The non-logging alternative:
smtpd_discard_ehlo_keywords = chunking, silent-discard

Update main.cf to remove unnecessary log lines in Postfix log
---
 data/conf/postfix/main.cf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index 572300db3..6cced6669 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -163,7 +163,7 @@ transport_maps = pcre:/opt/postfix/conf/custom_transport.pcre,
   proxy:mysql:/opt/postfix/conf/sql/mysql_transport_maps.cf
 smtp_sasl_auth_soft_bounce = no
 postscreen_discard_ehlo_keywords = silent-discard, dsn, chunking
-smtpd_discard_ehlo_keywords = chunking
+smtpd_discard_ehlo_keywords = chunking, silent-discard
 compatibility_level = 2
 smtputf8_enable = no
 # Define protocols for SMTPS and submission service

From 9daf2d80c0f584de398df88de8bc52aed4ae76a7 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sun, 16 Jun 2024 19:21:46 +0200
Subject: [PATCH 226/755] Translations update from Weblate (#5908)

* [Web] Updated lang.fr-fr.json

Co-authored-by: Paul FERA <paulfera17@gmail.com>

* [Web] Updated lang.lv-lv.json

[Web] Updated lang.lv-lv.json

Co-authored-by: Deniss <mailcow@rigaden.me>
Co-authored-by: Edgars Andersons <Edgars+Mailcow+Weblate@gaitenis.id.lv>

---------

Co-authored-by: Paul FERA <paulfera17@gmail.com>
Co-authored-by: Deniss <mailcow@rigaden.me>
Co-authored-by: Edgars Andersons <Edgars+Mailcow+Weblate@gaitenis.id.lv>
---
 data/web/lang/lang.fr-fr.json |  4 +--
 data/web/lang/lang.lv-lv.json | 58 ++++++++++++++++++-----------------
 2 files changed, 32 insertions(+), 30 deletions(-)

diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index fbefb2f78..aed9ec567 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -342,7 +342,7 @@
         "f2b_manage_external_info": "Fail2ban maintiendra la liste de bannissement, mais ne définira pas activement de règles pour bloquer le trafic. Utilisez la liste de bannissement générée ci-dessous pour bloquer le trafic de manière externe.",
         "f2b_manage_external": "Gérer Fail2Ban en externe",
         "transport_test_rcpt_info": "&#8226 ; Utilisez null@hosted.mailcow.de pour tester le relais vers une destination étrangère.",
-        "relay_rcpt": "Adresse \"À :\".",
+        "relay_rcpt": "Adresse \"À :\"",
         "is_mx_based": "Basé sur MX"
     },
     "danger": {
@@ -628,7 +628,7 @@
             "from_domain": "{= from_domain =} - Partie de l'enveloppe provenant du domaine",
             "custom": "{= foo =} - Si la boîte de réception possède l'attribut personnalisé \"foo\" avec la valeur \"bar\", elle renvoie \"bar\"",
             "auth_user": "{= auth_user =}    - Nom d'utilisateur authentifié spécifié par un MTA",
-            "from_user": "{= from_user =}   -La partie utilisateur de l'enveloppe, par exemple, pour \"moo@mailcow.tld\", renvoie \"moo\".",
+            "from_user": "{= from_user =}   -La partie utilisateur de l'enveloppe, par exemple, pour \"moo@mailcow.tld\", renvoie \"moo\"",
             "from_name": "{= from_name =} - À partir du nom de l'enveloppe, par exemple, pour \"Mailcow &lt;moo@mailcow.tld&gt ;\" on obtient \"Mailcow\""
         },
         "domain_footer_skip_replies": "Ignorer le pied de page des courriels de réponse",
diff --git a/data/web/lang/lang.lv-lv.json b/data/web/lang/lang.lv-lv.json
index a5a763893..5f486d909 100644
--- a/data/web/lang/lang.lv-lv.json
+++ b/data/web/lang/lang.lv-lv.json
@@ -14,7 +14,9 @@
         "eas_reset": "EAS ierīču atiestatīšana",
         "extend_sender_acl": "Ļauj paplašināt sūtītāja ACL ar ārējām adresēm",
         "login_as": "Pieteikšanās kā pastkastes lietotājam",
-        "mailbox_relayhost": "Pasta kastītes relayhost maiņa"
+        "mailbox_relayhost": "Pasta kastītes relayhost maiņa",
+        "prohibited": "Aizliegts ar ACL",
+        "protocol_access": "Protokola piekļuves maiņa"
     },
     "add": {
         "activate_filter_warn": "Visi pārējie filtri tiks deaktivizēti, kad aktīvs ir atzīmēts.",
@@ -33,7 +35,7 @@
         "delete2duplicates": "Dzēst dublikātus galamērķī",
         "description": "Apraksts",
         "domain": "Domēns",
-        "domain_quota_m": "Kopējā  domēna kvota (MiB)",
+        "domain_quota_m": "Kopējā domēna kvota (MiB)",
         "enc_method": "Šifrēšanas metode",
         "exclude": "Izslēgt objektus (regex)",
         "full_name": "Pilns vārds",
@@ -52,7 +54,7 @@
         "post_domain_add": "SOGO konteineru \"sogo-mailcow\" ir nepieciešams pārsāknēt pēc jauna domēna pievienošanas.<br><br>Papildus vajadzētu pārskatīt domēnu DNS konfigurāciju. Tiklīdz DNS konfigurācija ir apstiprināta, jāpārsāknē \"acme-mailcow\", lai automātiski izveidotu sertifikātus jaunajam domēnam (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;).<br>Šis solis ir izvēles un tiks atkārtots ik pēc 24 stundām.",
         "quota_mb": "Kvota (MiB)",
         "relay_all": "Pārsūtīt visus saņēmējus",
-        "relay_all_info": "<small>Ja izvēlies <b>nepārsūtīt</b> visus saņēmējus, tad Tev būs nepieciešams pievienot (\"tukšu\") pastkasti katram saņēmējam, kas būtu jāpārsūta.</small>",
+        "relay_all_info": "↪ Ja izvēlies <b>nepārsūtīt</b> visus saņēmējus, tad Tev būs nepieciešams pievienot (\"aklo\") pastkasti katram saņēmējam, kas būtu jāpārsūta.",
         "relay_domain": "Pārsūtīt šo domēnu",
         "select": "Lūdzu izvēlaties...",
         "select_domain": "Lūdzu sākumā izvēlaties domēnu",
@@ -104,14 +106,14 @@
         "f2b_ban_time": "Aizlieguma laiks (s)",
         "f2b_max_attempts": "Maks. piegājieni",
         "f2b_netban_ipv4": "IPv4 apakštīkla izmērs, lai piemērotu aizliegumu uz (8-32)",
-        "f2b_netban_ipv6": "IPv6 apakštīkla izmērs, lai piemērotu aizliegumu uz  (8-128)",
+        "f2b_netban_ipv6": "IPv6 apakštīkla izmērs, lai piemērotu aizliegumu uz (8-128)",
         "f2b_parameters": "Fail2ban parametri",
         "f2b_retry_window": "Atkārtošanas logs (s) priekš maks. piegājiena",
         "f2b_whitelist": "Baltā saraksta tīkls/hosts",
         "filter_table": "Filtru tabula",
         "forwarding_hosts": "Hostu pārsūtīšana",
-        "forwarding_hosts_add_hint": "Jūs varat norādīt  IPv4/IPv6 addreses, tīklu iekš CIDR apzīmējuma, hosta nosaukumu (kas tiks atrisinātas IP  adresēs), vai domēna vārdos (kas tiks atrisināts IP adresēs vaicājot SPF ierakstus vai, ja tādu nav, MX ierakstus).",
-        "forwarding_hosts_hint": "Ienākošie ziņojumi ir bez nosacījumiem pieņemti no visiem šeit norādītajiem hostiem. Pēc tam šie hosti netiek pārbaudīti pret DNSBL vai  pakļauti Greylistei. No tiem saņemtās mēstules nekad netiek noraidītas, bet pēc izvēles tās var pārvietot mapē Nevēlamais. Visbiežāk to izmanto, lai precizētu pasta serverus, kuros ir iestatīts noteikums, kas pārsūta ienākošos e-pasta ziņojumus uz jūsu mailcow serveri.",
+        "forwarding_hosts_add_hint": "Var norādīt vai nu IPv4/IPv6 addreses, tīklu ar CIDR apzīmējumu, saimniekdatoru nosaukumus (kas tiks atrisināti IP adresēs) vai arī domēna vārdus (kas tiks atrisināti IP adresēs, vaicājot SPF ierakstus, vai, ja tādu nav, MX ierakstus).",
+        "forwarding_hosts_hint": "Ienākošie ziņojumi tiek bez nosacījumiem pieņemti no visiem šeit norādītajiem saimniekdatoriem. Tie tad netiek pārbaudīti pret DNSBL vai pakļauti ievietošanai pelēkajā sarakstā. No tiem saņemtās mēstules nekad netiek noraidītas, bet pēc izvēles tās var pārvietot mapē \"Nevēlams\". Visbiežāk to izmanto, lai norādītu pasta serverus, kuros ir uzstādīts nosacījums, kas pārsūta ienākošās e-pasta vēstules uz Tavu mailcow serveri.",
         "help_text": "Ignorēt palīdzības tekstu zem pieteikšanās maskas (HTML ir atļauta)",
         "host": "Hosts",
         "import": "Importēt",
@@ -120,7 +122,7 @@
         "inactive": "Neaktīvs",
         "link": "Saite",
         "loading": "Lūgums uzgaidīt...",
-        "logo_info": "Jūsu attēls augšējā navigācijas joslā tiks palielināts līdz 40 pikseļiem un maks. sākumlapas platums par 250 pikseļi. Ir ļoti ieteicama pielāgojama grafikaYour image will be scaled to a height of 40px for the top navigation bar and a max. width of 250px for the start page. Ir ļoti ieteicama pielāgojamā grafika",
+        "logo_info": "Tavs attēls augšējā pārvietošanās joslā tiks mērogots līdz 40 pikseļiem un ne vairāk par 250 pikseļiem platumā sākumlapā. Ļoti ieteicams izmantot mērogojamus attēlus.",
         "main_name": "\"mailcow UI\" nosaukums",
         "merged_vars_hint": "Pelēkās rindas tika apvienotas <code>vars.(local.)inc.php</code> un nevar tikt modificētas.",
         "no_new_rows": "Papildu rindas nav pieejamas",
@@ -130,11 +132,11 @@
         "private_key": "Privāta atslēga",
         "quarantine": "Karantīna",
         "quarantine_exclude_domains": "Neņemt vērā domēnus un aizstājdomēnus",
-        "quarantine_max_size": "Maks. izmērs MiB (lielāki vienumi ir atbrīvoti):",
-        "quarantine_retention_size": "Atlikumi pastkastēs:",
+        "quarantine_max_size": "Lielākais pieļaujamais izmērs MiB (lielāki vienumi tiek atmesti):<br><small>0 <b>nenorāda</b> neierobežotu.</small>",
+        "quarantine_retention_size": "Paturējumi katrā pastkastē:<br><small>0 norāda, ka ir <b>atspējoti</b>.</small>",
         "r_active": "Aktīvie ierobežojumi",
         "r_inactive": "Neaktīvie ierobežojumi",
-        "r_info": " Pelēki/atslēgti elementi aktīvo ierobežojumu sarakstā nav zināmi kā mailcow spēkā esoši ierobežojumi un tos nevar pārvietot. Jebkurā gadījumā nezināmi ierobežojumi tiks sakārtoti pēc pievienošanas. <br>Jūs varat pievienot jaunus elementus <code>inc/vars.local.inc.php</code>, lai varētu tos pārslēgt.",
+        "r_info": "Pelēkie/atspējotie vienumi spēkā esošo ierobežojumu sarakstā mailcow nav zināmi kā derīgi ierobežojumi, un tos nevar pārvietot. Nezināmi ierobežojumi jebkurā gadījumā parādīšanas secībā. <br>Jaunus vienumus var pievienot <code>inc/vars.local.inc.php</code>, lai varētu tos pārslēgt.",
         "recipients": "Adresāts",
         "refresh": "Atsvaidzināt",
         "regen_api_key": "Reģenerēt API atslēgu",
@@ -160,7 +162,7 @@
         "generate": "izveidot",
         "message": "Ziņojums",
         "last_applied": "Pēdējoreiz pielietots",
-        "f2b_regex_info": "Vērā ņemtie žurnāli: SOGO, Postfix, Dovecot, PHP-FPM",
+        "f2b_regex_info": "Vērā ņemtie žurnāli: SOGO, Postfix, Dovecot, PHP-FPM.",
         "sys_mails": "Sistēmas pasts",
         "ip_check_disabled": "IP pārbaude ir atspējota. To var iespējot<br><strong>Sistēma > Konfigurācija > iespējas > Pielāgot</strong>",
         "rspamd_com_settings": "Iestatījuma nosaukums tiks izveidots automātiski. Lūgums zemāk skatīt priekšiestatījumu piemērus. Vairāk informācijas ir <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd dokumentācijā</a>"
@@ -188,7 +190,7 @@
         "invalid_mime_type": "Nederīgs mime tips",
         "is_alias": "%s jau ir zināma kā aizstājadrese",
         "is_alias_or_mailbox": "%s jau ir zināms kā aizstājvārds, pastkaste vai aizstājadrese, kas ir izvērsta no aizstājdomēna.",
-        "is_spam_alias": "%s jau ir zināma kā pagaidu aizstājadrese (aizstājadrese mēstulēm)",
+        "is_spam_alias": "%s jau ir zināma kā pagaidu aizstājadrese (mēstuļu aizstājadrese)",
         "last_key": "Pēdējo atslēgu nevar izdzēst, tā vietā jāatspējo divpakāpju pārbaude.",
         "login_failed": "Ielogošanās neveiksmīga",
         "mailbox_invalid": "Pastkastes vārds ir nederīgs",
@@ -217,7 +219,7 @@
         "validity_missing": "Lūdzu piešķiriet derīguma termiņu"
     },
     "diagnostics": {
-        "cname_from_a": "Vērtība, kas iegūta no  A/AAAA ieraksta. Tas tiek atbalstīts tik ilgi, kamēr ieraksts norāda pareizo resursu.",
+        "cname_from_a": "Vērtība, kas iegūta no A/AAAA ieraksta. Tas tiek atbalstīts tik ilgi, kamēr ieraksts norāda uz pareizo resursu.",
         "dns_records": "DNS Ieraksti",
         "dns_records_24hours": "Lūdzu ņemiet vērā, ka DNS izmaiņas var aizņemt laiku līdz 24 stundām, lai pareizi varētu atspoguļot izmaiņas šajā lapā. Tas ir paredzēts, lai jūs varētu viegli uzzināt, kā konfigurēt savus DNS ierakstus un pārbaudīt, vai visi jūsu ieraksti ir pareizi saglabāti DNS.",
         "dns_records_data": "Pareizi dati",
@@ -262,7 +264,7 @@
         "previous": "Iepriekšējā lapa",
         "quota_mb": "Kvota (MiB)",
         "relay_all": "Pārsūtīt visus adresātus",
-        "relay_all_info": "<small>Ja tu izvēlies <b>nepārsūtīt</b> visus adresātus, tad tev vajadzēs pievienot (\"tukšu\") pastkasti katram saņēmējam, kas būtu jāpārsūta.</small>",
+        "relay_all_info": "↪ Ja izvēlies <b>nepārsūtīt</b> visus adresātus, tad tev vajadzēs pievienot (\"aklo\") pastkasti katram saņēmējam, kas būtu jāpārsūta.",
         "relay_domain": "Pārsūtīt domēnu",
         "remove": "Noņemt",
         "resource": "Resurss",
@@ -272,7 +274,7 @@
         "sieve_type": "Filtra tips",
         "skipcrossduplicates": "Izlaist dublētus ziņojumus pa mapēm (pirmais nāk, pirmais kalpo)",
         "spam_alias": "Izveidot vai mainīt laika ierobežotas aizstājadreses",
-        "spam_policy": "Pievienot vai noņemt  vienības   baltajā-/melnajā sarakstā",
+        "spam_policy": "Pievienot vai noņemt vienumus baltajā-/melnajā sarakstā",
         "spam_score": "Iestatīt pielāgotu surogātpasta vērtējumu",
         "subfolder2": "Sinhronizēt galamērķa apakšmapē<br><small>(tukšs = neizmantot apakšmapi)</small>",
         "syncjob": "Rediģēt sinhronizācijas darbu",
@@ -296,15 +298,15 @@
         "cancel": "Atcelt",
         "confirm_delete": "Apstiprināt dzēšanu",
         "delete_now": "Dzēst tagad",
-        "delete_these_items": "Lūdzu apstipriniet darbīku šiem abjektiem:",
+        "delete_these_items": "Lūgums apstiprināt izmaiņas šim objekta Id",
         "loading": "Lūdzu uzgaidiet...",
         "restart_container": "Restartēt konteineri",
         "restart_container_info": "<b>Important:</b> Piespiedu restartēšana var aizņemt ilgu laiku, lūdzu uzgaidiet.",
-        "restart_now": "Restartēt "
+        "restart_now": "Pārsāknēt tagad"
     },
     "header": {
         "administration": "Konfigurācija un informācija",
-        "debug": "Atkļūdošana",
+        "debug": "Informācija",
         "email": "E-pasts",
         "mailcow_config": "Konfigurācija",
         "quarantine": "Karantīna",
@@ -316,7 +318,7 @@
         "no_action": "No action applicable"
     },
     "login": {
-        "delayed": "Pieslēgšanās aizkavējās par  %s sekundēm.",
+        "delayed": "Pieteikšanās tika aizkavēta %s sekundēm.",
         "login": "Pieslēgties",
         "password": "Parole",
         "username": "Lietotājvārds"
@@ -341,7 +343,7 @@
         "bcc": "BCC",
         "bcc_destination": "BCC galamērķi/s",
         "bcc_destinations": "BCC galamērķi/s",
-        "bcc_info": "BCC kartes tiek izmantotas, lai klusu pārsūtītu visu ziņojumu kopijas uz citu adresi. Saņēmēja kartes tipa ieraksts tiek izmantots, kad vietējais galamērķis darbojas kā pasta adresāts. Sūtītāja kartes atbilst vienam un tam pašam principam. <br/>\r\n   Vietējais galamērķis netiks informēts par piegādes neveiksmi. ",
+        "bcc_info": "BCC kartes tiek izmantotas, lai klusi pārsūtītu visu ziņojumu kopijas uz citu adresi. Saņēmēja kartes veida ieraksts tiek izmantots, kad vietējais galamērķis darbojas kā pasta saņēmējs. Sūtītāja kartes atbilst vienam un tam pašam principam.<br/>\n  Vietējais galamērķis netiks informēts par neizdevušos piegādi.",
         "bcc_local_dest": "Vietējais galamērķis",
         "bcc_map_type": "BCC veids",
         "bcc_maps": "BCC kartes",
@@ -393,11 +395,11 @@
         "running": "Darbojas",
         "set_postfilter": "Atzīmēt kā pēcfiltru",
         "set_prefilter": "Atzīmēt kā pimrsfiltru",
-        "sieve_info": "Jūs varat saglabāt vairākus filtrus katram lietotājam, bet tikai viens pirmsfiltrs un viens pēcfiltrs var būt aktīvs vienlaicīgi.<br>\r\nKatrs filtrs tiks apstrādāts aprakstītajā kārtībā. Kļūdains vai izdots skripts \"Paturēt;\" pārtrauks turpmāko skriptu apstrādi.<br>\r\n<a href=\"https://github.com/mailcow/mailcow-dockerized/blob/master/data/conf/dovecot/global_sieve_before\" target=\"_blank\">Global sieve prefilter</a> → Pirmsfiltrs → Lietotāja skripts → Pēcfiltrs → <a href=\"https://github.com/mailcow/mailcow-dockerized/blob/master/data/conf/dovecot/global_sieve_after\" target=\"_blank\">Global sieve postfilter</a>",
+        "sieve_info": "Katram lietotājam var saglabāt vairākus filtrus, bet tikai viens pirmsfiltrs un viens pēcfiltrs var darboties vienlaicīgi.<br>\nKatrs filtrs tiks apstrādāts norādītajā kārtībā. Ne kļūdains skripts, ne izdots \"keep;\" nepārtrauks turpmāko skriptu apstrādi. Vispārējo sieve skriptu izmaiņas izsauks Dovecot pārsāknēšanu.<br><br>Vispārējais sieve pirmsfiltrs &#8226; Pirmsfiltrs &#8226; Lietotāja skripti &#8226; Pēcfiltrs &#8226; Vispārējais sieve pēcfiltrs",
         "spam_aliases": "Pagaidu aizstājvārds",
         "status": "Status",
         "sync_jobs": "Sinhronizācijas darbi",
-        "target_address": "Doties uz  adresi",
+        "target_address": "Doties uz adresi",
         "target_domain": "Mērķa domēns",
         "tls_enforce_in": "Piespiest TLS ienākošajiem",
         "tls_enforce_out": "Piespiest TLS izejošajiem",
@@ -452,7 +454,7 @@
     },
     "start": {
         "help": "Rādīt/Paslēp palīdzības paneli",
-        "imap_smtp_server_auth_info": "Lūdzu, izmantojiet pilnu e-pasta adresi un PLAIN autentifikācijas mehānismu.<br>\r\nJūsu pieteikšanās dati tiks šifrēti, izmantojot servera puses obligātu šifrēšanu",
+        "imap_smtp_server_auth_info": "Lūgums izmantot pilnu e-pasta adresi un PLAIN autentifikācijas mehānismu.<br>\nPieteikšanās dati tiks šifrēti ar servera puses obligātu šifrēšanu.",
         "mailcow_apps_detail": "Izmantojiet lietotni mailcow, lai piekļūtu savam pastam, kalendāram, kontaktiem un citām lietām.",
         "mailcow_panel_detail": "<b>Domēna pārvaldītāji</b> izveido, maina vai izdzēš pastkastes un aizstājvārdus, maina domēnus un lasa papildu informāciju par piešķirtajiem domēniem.<br>\n<b>Pastkastes lietotāji</b> var izveidot laikā ierobežotus aizstājvārdus (surogātpasta aizstājvārdus), mainīt savu paroli un surogātpasta atlasīšanas iestatījumus."
     },
@@ -474,7 +476,7 @@
         "domain_modified": "Izmaiņas domēnam %s ir saglabātas",
         "domain_removed": "Domēns %s ir noņemts",
         "eas_reset": "ActiveSync ierīces priekš lietotāja %s tika atiestatītas",
-        "f2b_modified": "Izmaiņas  Fail2ban parameteriem ir saglabātas",
+        "f2b_modified": "Fail2ban parametru izmaiņas tika saglabātas",
         "forwarding_host_added": "Pāradresācijas hosts %s pievienotsd",
         "forwarding_host_removed": "Pāradresācijas hosts %s noņemts",
         "item_deleted": "Vērtība %s veiksmīgi dzēsta",
@@ -499,7 +501,7 @@
         "confirm_totp_token": "Lūdzu apstipriniet Jūsu izmaiņas ievadot uzģenerēto tekstu",
         "delete_tfa": "Atspējot TFA",
         "disable_tfa": "Atspējot TFA līdz nākamajai veiksmīgai pieteikšanās",
-        "enter_qr_code": "Jūsu TOTP kods, ja Jūsu ierīce nevar noskanēt QR kodus.",
+        "enter_qr_code": "TOTP kods, ja Tava ierīce nevar nolasīt kvadrātkodus",
         "key_id": "Jūsu YubiKey identifikators",
         "key_id_totp": "Identifikators Jūsu atslēgai",
         "none": "Deaktivizēt",
@@ -534,7 +536,7 @@
         "direct_aliases": "Tiešas aizstājadreses",
         "direct_aliases_desc": "Tiešās aizstājadreses ir surogātpasta atlasīšanas un TLS nosacījumu iestatījumu ietekmētas.",
         "eas_reset": "Atiestatīt ActiveSync ierīces kešatmiņu",
-        "eas_reset_help": "Daudzos gadījumos ierīces kešatmiņas atiestatīšana palīdz atjaunot bojāto ActiveSync profilu.<br><b>Uzmanību:</b> Visi elementi tiks  atkārtoti ielādēti!",
+        "eas_reset_help": "Daudzos gadījumos ierīces kešatmiņas atiestatīšana palīdz atjaunot bojāto ActiveSync profilu.<br><b>Uzmanību:</b> visi vienumi tiks atkārtoti lejupielādēti!",
         "eas_reset_now": "Atiestatīt tagad",
         "edit": "Labot",
         "encryption": "Šifrēšana",
@@ -565,7 +567,7 @@
         "spamfilter_behavior": "Reitings",
         "spamfilter_bl": "Melnais saraksts",
         "spamfilter_bl_desc": "No melnajā sarakstā iekļautajām e-pasta adresēm saņemtās vēstules <b>vienmēr</b> tiks atzīmētas kā mēstules un noraidītas. Noraidītais pasts <b>netiks</b> ievietots karantīnā. Var izmantot aizstājzīmes. Atlasīšana tiek pielietota tikai tiešiem aizstājvārdiem (aizstājvārdiem ar vienu mērķa pastkasti), izņemot visu tverošos aizstājvārdus un pašu pastkasti.",
-        "spamfilter_default_score": "Noklusētās vērtības:",
+        "spamfilter_default_score": "Noklusējuma vērtības",
         "spamfilter_green": "Zaļš: šī nav mēstule",
         "spamfilter_hint": "Pirmā vērtība norāda uz zemu \"Spam vērtējumu\" vērtējumu, otra vērtība par \"Augstu spam vērtējumu\".",
         "spamfilter_red": "Sarkans: Šī vēstule noteikti ir spams un tiek nekavējoties noraidīta",
@@ -617,7 +619,7 @@
     },
     "warning": {
         "domain_added_sogo_failed": "Domēns pievienots, bet neizdevās pārsāknēt SOGO. Lūgums pārbaudīt servera žurnālus.",
-        "dovecot_restart_failed": "Dovecot neizdevās pārsāknēties. Lūgums pārbaudīt žurnālus.",
+        "dovecot_restart_failed": "Dovecot neizdevās pārsāknēties. Lūgums pārbaudīt žurnālus",
         "is_not_primary_alias": "Izlaists aizstājvārds %s, kas nav galvenais"
     }
 }

From 527577b4389ae8c5b9686d1fc3f2480145307a0b Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 17 Jun 2024 17:38:21 +0200
Subject: [PATCH 227/755] chore(deps): update docker/build-push-action action
 to v6 (#5910)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/rebuild_backup_image.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/rebuild_backup_image.yml b/.github/workflows/rebuild_backup_image.yml
index 649d76a13..bf5caddf0 100644
--- a/.github/workflows/rebuild_backup_image.yml
+++ b/.github/workflows/rebuild_backup_image.yml
@@ -26,7 +26,7 @@ jobs:
           password: ${{ secrets.BACKUPIMAGEBUILD_ACTION_DOCKERHUB_TOKEN }}
 
       - name: Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           platforms: linux/amd64,linux/arm64

From 443941e68748472604f9a6ee983e94732a460e0b Mon Sep 17 00:00:00 2001
From: realizelol <bsw.bsw@gmx.de>
Date: Mon, 24 Jun 2024 09:07:12 +0200
Subject: [PATCH 228/755] [Rspamd] Delete overriding obsolete rspamd plugin
 (#5900)

* [Dockerfiles] rspamd: Delete COPY of metadata_exporter.lua plugin

* [Dockerfiles] rspamd: Delete metadata_exporter.lua plugin file

* Dockerfile: changed way of installing rspamd (granular version)

---------

Co-authored-by: DerLinkman <niklas.meyer@servercow.de>
---
 data/Dockerfiles/rspamd/Dockerfile            |  15 +-
 data/Dockerfiles/rspamd/metadata_exporter.lua | 632 ------------------
 2 files changed, 9 insertions(+), 638 deletions(-)
 delete mode 100644 data/Dockerfiles/rspamd/metadata_exporter.lua

diff --git a/data/Dockerfiles/rspamd/Dockerfile b/data/Dockerfiles/rspamd/Dockerfile
index b664691b7..07f0bc36b 100644
--- a/data/Dockerfiles/rspamd/Dockerfile
+++ b/data/Dockerfiles/rspamd/Dockerfile
@@ -2,6 +2,7 @@ FROM debian:bullseye-slim
 LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
+ARG RSPAMD_VER=rspamd_3.7.5-2~8c86c1676   
 ARG CODENAME=bullseye
 ENV LC_ALL C
 
@@ -12,11 +13,14 @@ RUN apt-get update && apt-get install -y \
   apt-transport-https \
   dnsutils \
   netcat \
-  && apt-key adv --fetch-keys https://rspamd.com/apt-stable/gpg.key \
-  && echo "deb https://rspamd.com/apt-stable/ $CODENAME main" > /etc/apt/sources.list.d/rspamd.list \
-  && apt-get update \
-  && apt-get --no-install-recommends -y install rspamd redis-tools procps nano \
-  && rm -rf /var/lib/apt/lists/* \
+  wget \
+  redis-tools \ 
+  procps \ 
+  nano \
+  && arch=$(arch | sed s/aarch64/arm64/ | sed s/x86_64/amd64/) \
+  && wget -P /tmp https://rspamd.com/apt-stable/pool/main/r/rspamd/${RSPAMD_VER}~${CODENAME}_${arch}.deb\
+  && apt install -y /tmp/${RSPAMD_VER}~${CODENAME}_${arch}.deb \
+  && rm -rf /var/lib/apt/lists/* /tmp/*\
   && apt-get autoremove --purge \
   && apt-get clean \
   && mkdir -p /run/rspamd \
@@ -25,7 +29,6 @@ RUN apt-get update && apt-get install -y \
   && sed -i 's/#analysis_keyword_table > 0/analysis_cat_table.macro_exist == "M"/g' /usr/share/rspamd/lualib/lua_scanners/oletools.lua
 
 COPY settings.conf /etc/rspamd/settings.conf
-COPY metadata_exporter.lua /usr/share/rspamd/plugins/metadata_exporter.lua
 COPY set_worker_password.sh /set_worker_password.sh
 COPY docker-entrypoint.sh /docker-entrypoint.sh
 
diff --git a/data/Dockerfiles/rspamd/metadata_exporter.lua b/data/Dockerfiles/rspamd/metadata_exporter.lua
deleted file mode 100644
index 48a5ffce3..000000000
--- a/data/Dockerfiles/rspamd/metadata_exporter.lua
+++ /dev/null
@@ -1,632 +0,0 @@
---[[
-Copyright (c) 2016, Andrew Lewis <nerf@judo.za.org>
-Copyright (c) 2016, Vsevolod Stakhov <vsevolod@highsecure.ru>
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-]]--
-
-if confighelp then
-  return
-end
-
--- A plugin that pushes metadata (or whole messages) to external services
-
-local redis_params
-local lua_util = require "lua_util"
-local rspamd_http = require "rspamd_http"
-local rspamd_util = require "rspamd_util"
-local rspamd_logger = require "rspamd_logger"
-local ucl = require "ucl"
-local E = {}
-local N = 'metadata_exporter'
-
-local settings = {
-  pusher_enabled = {},
-  pusher_format = {},
-  pusher_select = {},
-  mime_type = 'text/plain',
-  defer = false,
-  mail_from = '',
-  mail_to = 'postmaster@localhost',
-  helo = 'rspamd',
-  email_template = [[From: "Rspamd" <$mail_from>
-To: $mail_to
-Subject: Spam alert
-Date: $date
-MIME-Version: 1.0
-Message-ID: <$our_message_id>
-Content-type: text/plain; charset=utf-8
-Content-Transfer-Encoding: 8bit
-
-Authenticated username: $user
-IP: $ip
-Queue ID: $qid
-SMTP FROM: $from
-SMTP RCPT: $rcpt
-MIME From: $header_from
-MIME To: $header_to
-MIME Date: $header_date
-Subject: $header_subject
-Message-ID: $message_id
-Action: $action
-Score: $score
-Symbols: $symbols]],
-}
-
-local function get_general_metadata(task, flatten, no_content)
-  local r = {}
-  local ip = task:get_from_ip()
-  if ip and ip:is_valid() then
-    r.ip = tostring(ip)
-  else
-    r.ip = 'unknown'
-  end
-  r.user = task:get_user() or 'unknown'
-  r.qid = task:get_queue_id() or 'unknown'
-  r.subject = task:get_subject() or 'unknown'
-  r.action = task:get_metric_action('default')
-
-  local s = task:get_metric_score('default')[1]
-  r.score = flatten and string.format('%.2f', s) or s
-
-  local fuzzy = task:get_mempool():get_variable("fuzzy_hashes", "fstrings")
-  if fuzzy and #fuzzy > 0 then
-    local fz = {}
-    for _,h in ipairs(fuzzy) do
-      table.insert(fz, h)
-    end
-    if not flatten then
-      r.fuzzy = fz
-    else
-      r.fuzzy = table.concat(fz, ', ')
-    end
-  else
-    r.fuzzy = 'unknown'
-  end
-
-  local rcpt = task:get_recipients('smtp')
-  if rcpt then
-    local l = {}
-    for _, a in ipairs(rcpt) do
-      table.insert(l, a['addr'])
-    end
-    if not flatten then
-      r.rcpt = l
-    else
-      r.rcpt = table.concat(l, ', ')
-    end
-  else
-    r.rcpt = 'unknown'
-  end
-  local from = task:get_from('smtp')
-  if ((from or E)[1] or E).addr then
-    r.from = from[1].addr
-  else
-    r.from = 'unknown'
-  end
-  local syminf = task:get_symbols_all()
-  if flatten then
-    local l = {}
-    for _, sym in ipairs(syminf) do
-      local txt
-      if sym.options then
-        local topt = table.concat(sym.options, ', ')
-        txt = sym.name .. '(' .. string.format('%.2f', sym.score) .. ')' .. ' [' .. topt .. ']'
-      else
-        txt = sym.name .. '(' .. string.format('%.2f', sym.score) .. ')'
-      end
-      table.insert(l, txt)
-    end
-    r.symbols = table.concat(l, '\n\t')
-  else
-    r.symbols = syminf
-  end
-  local function process_header(name)
-    local hdr = task:get_header_full(name)
-    if hdr then
-      local l = {}
-      for _, h in ipairs(hdr) do
-        table.insert(l, h.decoded)
-      end
-      if not flatten then
-        return l
-      else
-        return table.concat(l, '\n')
-      end
-    else
-      return 'unknown'
-    end
-  end
-  if not no_content then
-    r.header_from = process_header('from')
-    r.header_to = process_header('to')
-    r.header_subject = process_header('subject')
-    r.header_date = process_header('date')
-    r.message_id = task:get_message_id()
-  end
-  return r
-end
-
-local formatters = {
-  default = function(task)
-    return task:get_content(), {}
-  end,
-  email_alert = function(task, rule, extra)
-    local meta = get_general_metadata(task, true)
-    local display_emails = {}
-    local mail_targets = {}
-    meta.mail_from = rule.mail_from or settings.mail_from
-    local mail_rcpt = rule.mail_to or settings.mail_to
-    if type(mail_rcpt) ~= 'table' then
-      table.insert(display_emails, string.format('<%s>', mail_rcpt))
-      table.insert(mail_targets, mail_rcpt)
-    else
-      for _, e in ipairs(mail_rcpt) do
-        table.insert(display_emails, string.format('<%s>', e))
-        table.insert(mail_targets, mail_rcpt)
-      end
-    end
-    if rule.email_alert_sender then
-      local x = task:get_from('smtp')
-      if x and string.len(x[1].addr) > 0 then
-        table.insert(mail_targets, x)
-        table.insert(display_emails, string.format('<%s>', x[1].addr))
-      end
-    end
-    if rule.email_alert_user then
-      local x = task:get_user()
-      if x then
-        table.insert(mail_targets, x)
-        table.insert(display_emails, string.format('<%s>', x))
-      end
-    end
-    if rule.email_alert_recipients then
-      local x = task:get_recipients('smtp')
-      if x then
-        for _, e in ipairs(x) do
-          if string.len(e.addr) > 0 then
-            table.insert(mail_targets, e.addr)
-            table.insert(display_emails, string.format('<%s>', e.addr))
-          end
-        end
-      end
-    end
-    meta.mail_to = table.concat(display_emails, ', ')
-    meta.our_message_id = rspamd_util.random_hex(12) .. '@rspamd'
-    meta.date = rspamd_util.time_to_string(rspamd_util.get_time())
-    return lua_util.template(rule.email_template or settings.email_template, meta), { mail_targets = mail_targets}
-  end,
-  json = function(task)
-    return ucl.to_format(get_general_metadata(task), 'json-compact')
-  end
-}
-
-local function is_spam(action)
-  return (action == 'reject' or action == 'add header' or action == 'rewrite subject')
-end
-
-local selectors = {
-  default = function(task)
-    return true
-  end,
-  is_spam = function(task)
-    local action = task:get_metric_action('default')
-    return is_spam(action)
-  end,
-  is_spam_authed = function(task)
-    if not task:get_user() then
-      return false
-    end
-    local action = task:get_metric_action('default')
-    return is_spam(action)
-  end,
-  is_reject = function(task)
-    local action = task:get_metric_action('default')
-    return (action == 'reject')
-  end,
-  is_reject_authed = function(task)
-    if not task:get_user() then
-      return false
-    end
-    local action = task:get_metric_action('default')
-    return (action == 'reject')
-  end,
-}
-
-local function maybe_defer(task, rule)
-  if rule.defer then
-    rspamd_logger.warnx(task, 'deferring message')
-    task:set_pre_result('soft reject', 'deferred', N)
-  end
-end
-
-local pushers = {
-  redis_pubsub = function(task, formatted, rule)
-    local _,ret,upstream
-    local function redis_pub_cb(err)
-      if err then
-        rspamd_logger.errx(task, 'got error %s when publishing on server %s',
-            err, upstream:get_addr())
-        return maybe_defer(task, rule)
-      end
-      return true
-    end
-    ret,_,upstream = rspamd_redis_make_request(task,
-      redis_params, -- connect params
-      nil, -- hash key
-      true, -- is write
-      redis_pub_cb, --callback
-      'PUBLISH', -- command
-      {rule.channel, formatted} -- arguments
-    )
-    if not ret then
-      rspamd_logger.errx(task, 'error connecting to redis')
-      maybe_defer(task, rule)
-    end
-  end,
-  http = function(task, formatted, rule)
-    local function http_callback(err, code)
-      if err then
-        rspamd_logger.errx(task, 'got error %s in http callback', err)
-        return maybe_defer(task, rule)
-      end
-      if code ~= 200 then
-        rspamd_logger.errx(task, 'got unexpected http status: %s', code)
-        return maybe_defer(task, rule)
-      end
-      return true
-    end
-    local hdrs = {}
-    if rule.meta_headers then
-      local gm = get_general_metadata(task, false, true)
-      local pfx = rule.meta_header_prefix or 'X-Rspamd-'
-      for k, v in pairs(gm) do
-        if type(v) == 'table' then
-          hdrs[pfx .. k] = ucl.to_format(v, 'json-compact')
-        else
-          hdrs[pfx .. k] = v
-        end
-      end
-    end
-    rspamd_http.request({
-      task=task,
-      url=rule.url,
-      body=formatted,
-      callback=http_callback,
-      mime_type=rule.mime_type or settings.mime_type,
-      headers=hdrs,
-    })
-  end,
-  send_mail = function(task, formatted, rule, extra)
-    local lua_smtp = require "lua_smtp"
-    local function sendmail_cb(ret, err)
-      if not ret then
-        rspamd_logger.errx(task, 'SMTP export error: %s', err)
-        maybe_defer(task, rule)
-      end
-    end
-
-    lua_smtp.sendmail({
-      task = task,
-      host = rule.smtp,
-      port = rule.smtp_port or settings.smtp_port or 25,
-      from = rule.mail_from or settings.mail_from,
-      recipients = extra.mail_targets or rule.mail_to or settings.mail_to,
-      helo = rule.helo or settings.helo,
-      timeout = rule.timeout or settings.timeout,
-    }, formatted, sendmail_cb)
-  end,
-}
-
-local opts = rspamd_config:get_all_opt(N)
-if not opts then return end
-local process_settings = {
-  select = function(val)
-    selectors.custom = assert(load(val))()
-  end,
-  format = function(val)
-    formatters.custom = assert(load(val))()
-  end,
-  push = function(val)
-    pushers.custom = assert(load(val))()
-  end,
-  custom_push = function(val)
-    if type(val) == 'table' then
-      for k, v in pairs(val) do
-        pushers[k] = assert(load(v))()
-      end
-    end
-  end,
-  custom_select = function(val)
-    if type(val) == 'table' then
-      for k, v in pairs(val) do
-        selectors[k] = assert(load(v))()
-      end
-    end
-  end,
-  custom_format = function(val)
-    if type(val) == 'table' then
-      for k, v in pairs(val) do
-        formatters[k] = assert(load(v))()
-      end
-    end
-  end,
-  pusher_enabled = function(val)
-    if type(val) == 'string' then
-      if pushers[val] then
-        settings.pusher_enabled[val] = true
-      else
-        rspamd_logger.errx(rspamd_config, 'Pusher type: %s is invalid', val)
-      end
-    elseif type(val) == 'table' then
-      for _, v in ipairs(val) do
-        if pushers[v] then
-          settings.pusher_enabled[v] = true
-        else
-          rspamd_logger.errx(rspamd_config, 'Pusher type: %s is invalid', val)
-        end
-      end
-    end
-  end,
-}
-for k, v in pairs(opts) do
-  local f = process_settings[k]
-  if f then
-    f(opts[k])
-  else
-    settings[k] = v
-  end
-end
-if type(settings.rules) ~= 'table' then
-  -- Legacy config
-  settings.rules = {}
-  if not next(settings.pusher_enabled) then
-    if pushers.custom then
-      rspamd_logger.infox(rspamd_config, 'Custom pusher implicitly enabled')
-      settings.pusher_enabled.custom = true
-    else
-      -- Check legacy options
-      if settings.url then
-        rspamd_logger.warnx(rspamd_config, 'HTTP pusher implicitly enabled')
-        settings.pusher_enabled.http = true
-      end
-      if settings.channel then
-        rspamd_logger.warnx(rspamd_config, 'Redis Pubsub pusher implicitly enabled')
-        settings.pusher_enabled.redis_pubsub = true
-      end
-      if settings.smtp and settings.mail_to then
-        rspamd_logger.warnx(rspamd_config, 'SMTP pusher implicitly enabled')
-        settings.pusher_enabled.send_mail = true
-      end
-    end
-  end
-  if not next(settings.pusher_enabled) then
-    rspamd_logger.errx(rspamd_config, 'No push backend enabled')
-    return
-  end
-  if settings.formatter then
-    settings.format = formatters[settings.formatter]
-    if not settings.format then
-      rspamd_logger.errx(rspamd_config, 'No such formatter: %s', settings.formatter)
-      return
-    end
-  end
-  if settings.selector then
-    settings.select = selectors[settings.selector]
-    if not settings.select then
-      rspamd_logger.errx(rspamd_config, 'No such selector: %s', settings.selector)
-      return
-    end
-  end
-  for k in pairs(settings.pusher_enabled) do
-    local formatter = settings.pusher_format[k]
-    local selector = settings.pusher_select[k]
-    if not formatter then
-      settings.pusher_format[k] = settings.formatter or 'default'
-      rspamd_logger.infox(rspamd_config, 'Using default formatter for %s pusher', k)
-    else
-      if not formatters[formatter] then
-        rspamd_logger.errx(rspamd_config, 'No such formatter: %s - disabling %s', formatter, k)
-        settings.pusher_enabled.k = nil
-      end
-    end
-    if not selector then
-      settings.pusher_select[k] = settings.selector or 'default'
-      rspamd_logger.infox(rspamd_config, 'Using default selector for %s pusher', k)
-    else
-      if not selectors[selector] then
-        rspamd_logger.errx(rspamd_config, 'No such selector: %s - disabling %s', selector, k)
-        settings.pusher_enabled.k = nil
-      end
-    end
-  end
-  if settings.pusher_enabled.redis_pubsub then
-    redis_params = rspamd_parse_redis_server(N)
-    if not redis_params then
-      rspamd_logger.errx(rspamd_config, 'No redis servers are specified')
-      settings.pusher_enabled.redis_pubsub = nil
-    else
-      local r = {}
-      r.backend = 'redis_pubsub'
-      r.channel = settings.channel
-      r.defer = settings.defer
-      r.selector = settings.pusher_select.redis_pubsub
-      r.formatter = settings.pusher_format.redis_pubsub
-      settings.rules[r.backend:upper()] = r
-    end
-  end
-  if settings.pusher_enabled.http then
-    if not settings.url then
-      rspamd_logger.errx(rspamd_config, 'No URL is specified')
-      settings.pusher_enabled.http = nil
-    else
-      local r = {}
-      r.backend = 'http'
-      r.url = settings.url
-      r.mime_type = settings.mime_type
-      r.defer = settings.defer
-      r.selector = settings.pusher_select.http
-      r.formatter = settings.pusher_format.http
-      settings.rules[r.backend:upper()] = r
-    end
-  end
-  if settings.pusher_enabled.send_mail then
-    if not (settings.mail_to and settings.smtp) then
-      rspamd_logger.errx(rspamd_config, 'No mail_to and/or smtp setting is specified')
-      settings.pusher_enabled.send_mail = nil
-    else
-      local r = {}
-      r.backend = 'send_mail'
-      r.mail_to = settings.mail_to
-      r.mail_from = settings.mail_from
-      r.helo = settings.hello
-      r.smtp = settings.smtp
-      r.smtp_port = settings.smtp_port
-      r.email_template = settings.email_template
-      r.defer = settings.defer
-      r.selector = settings.pusher_select.send_mail
-      r.formatter = settings.pusher_format.send_mail
-      settings.rules[r.backend:upper()] = r
-    end
-  end
-  if not next(settings.pusher_enabled) then
-    rspamd_logger.errx(rspamd_config, 'No push backend enabled')
-    return
-  end
-elseif not next(settings.rules) then
-  lua_util.debugm(N, rspamd_config, 'No rules enabled')
-  return
-end
-if not settings.rules or not next(settings.rules) then
-  rspamd_logger.errx(rspamd_config, 'No rules enabled')
-  return
-end
-local backend_required_elements = {
-  http = {
-    'url',
-  },
-  smtp = {
-    'mail_to',
-    'smtp',
-  },
-  redis_pubsub = {
-    'channel',
-  },
-}
-local check_element = {
-  selector = function(k, v)
-    if not selectors[v] then
-      rspamd_logger.errx(rspamd_config, 'Rule %s has invalid selector %s', k, v)
-      return false
-    else
-      return true
-    end
-  end,
-  formatter = function(k, v)
-    if not formatters[v] then
-      rspamd_logger.errx(rspamd_config, 'Rule %s has invalid formatter %s', k, v)
-      return false
-    else
-      return true
-    end
-  end,
-}
-local backend_check = {
-  default = function(k, rule)
-    local reqset = backend_required_elements[rule.backend]
-    if reqset then
-      for _, e in ipairs(reqset) do
-        if not rule[e] then
-          rspamd_logger.errx(rspamd_config, 'Rule %s misses required setting %s', k, e)
-          settings.rules[k] = nil
-        end
-      end
-    end
-    for sett, v in pairs(rule) do
-      local f = check_element[sett]
-      if f then
-        if not f(sett, v) then
-          settings.rules[k] = nil
-        end
-      end
-    end
-  end,
-}
-backend_check.redis_pubsub = function(k, rule)
-  if not redis_params then
-    redis_params = rspamd_parse_redis_server(N)
-  end
-  if not redis_params then
-    rspamd_logger.errx(rspamd_config, 'No redis servers are specified')
-    settings.rules[k] = nil
-  else
-    backend_check.default(k, rule)
-  end
-end
-setmetatable(backend_check, {
-  __index = function()
-    return backend_check.default
-  end,
-})
-for k, v in pairs(settings.rules) do
-  if type(v) == 'table' then
-    local backend = v.backend
-    if not backend then
-      rspamd_logger.errx(rspamd_config, 'Rule %s has no backend', k)
-      settings.rules[k] = nil
-    elseif not pushers[backend] then
-      rspamd_logger.errx(rspamd_config, 'Rule %s has invalid backend %s', k, backend)
-      settings.rules[k] = nil
-    else
-      local f = backend_check[backend]
-      f(k, v)
-    end
-  else
-    rspamd_logger.errx(rspamd_config, 'Rule %s has bad type: %s', k, type(v))
-    settings.rules[k] = nil
-  end
-end
-
-local function gen_exporter(rule)
-  return function (task)
-    if task:has_flag('skip') then return end
-    local selector = rule.selector or 'default'
-    local selected = selectors[selector](task)
-    if selected then
-      lua_util.debugm(N, task, 'Message selected for processing')
-      local formatter = rule.formatter or 'default'
-      local formatted, extra = formatters[formatter](task, rule)
-      if formatted then
-        pushers[rule.backend](task, formatted, rule, extra)
-      else
-        lua_util.debugm(N, task, 'Formatter [%s] returned non-truthy value [%s]', formatter, formatted)
-      end
-    else
-      lua_util.debugm(N, task, 'Selector [%s] returned non-truthy value [%s]', selector, selected)
-    end
-  end
-end
-
-if not next(settings.rules) then
-  rspamd_logger.errx(rspamd_config, 'No rules enabled')
-  lua_util.disable_module(N, "config")
-end
-for k, r in pairs(settings.rules) do
-  rspamd_config:register_symbol({
-    name = 'EXPORT_METADATA_' .. k,
-    type = 'idempotent',
-    callback = gen_exporter(r),
-    priority = 10,
-    flags = 'empty,explicit_disable,ignore_passthrough',
-  })
-end

From 1af9c21a50e0bc937062c348ec9610b1db87418f Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Mon, 24 Jun 2024 09:07:46 +0200
Subject: [PATCH 229/755] Translations update from Weblate (#5912)

* [Web] Updated lang.ca-es.json

[Web] Updated lang.ca-es.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.cs-cz.json

[Web] Updated lang.cs-cz.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.da-dk.json

[Web] Updated lang.da-dk.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.es-es.json

[Web] Updated lang.es-es.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.fi-fi.json

[Web] Updated lang.fi-fi.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.fr-fr.json

[Web] Updated lang.fr-fr.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.hu-hu.json

[Web] Updated lang.hu-hu.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.ro-ro.json

[Web] Updated lang.ro-ro.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.it-it.json

[Web] Updated lang.it-it.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.lv-lv.json

[Web] Updated lang.lv-lv.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.ko-kr.json

[Web] Updated lang.ko-kr.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.nl-nl.json

[Web] Updated lang.nl-nl.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.pl-pl.json

[Web] Updated lang.pl-pl.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.ru-ru.json

[Web] Updated lang.ru-ru.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.sk-sk.json

[Web] Updated lang.sk-sk.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.sv-se.json

[Web] Updated lang.sv-se.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.zh-cn.json

[Web] Updated lang.zh-cn.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.uk-ua.json

Co-authored-by: Anonymous <noreply@weblate.org>

* [Web] Updated lang.zh-tw.json

[Web] Updated lang.zh-tw.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.pt-pt.json

[Web] Updated lang.pt-pt.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.tr-tr.json

[Web] Updated lang.tr-tr.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.si-si.json

[Web] Updated lang.si-si.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.gr-gr.json

[Web] Updated lang.gr-gr.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.nb-no.json

Co-authored-by: Anonymous <noreply@weblate.org>

* [Web] Updated lang.lt-lt.json

Co-authored-by: Anonymous <noreply@weblate.org>

---------

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Peter <magic@kthx.at>
---
 data/web/lang/lang.ca-es.json |  782 +++++++++++++++++++-
 data/web/lang/lang.cs-cz.json |   43 +-
 data/web/lang/lang.da-dk.json |  249 ++++++-
 data/web/lang/lang.es-es.json |  564 +++++++++++++-
 data/web/lang/lang.fi-fi.json |  438 ++++++++++-
 data/web/lang/lang.fr-fr.json |   91 ++-
 data/web/lang/lang.gr-gr.json | 1293 ++++++++++++++++++++++++++++++++-
 data/web/lang/lang.hu-hu.json |  741 ++++++++++++++++++-
 data/web/lang/lang.it-it.json |   54 +-
 data/web/lang/lang.ko-kr.json |  320 +++++++-
 data/web/lang/lang.lt-lt.json |  973 ++++++++++++++++++++++++-
 data/web/lang/lang.lv-lv.json |  724 +++++++++++++++++-
 data/web/lang/lang.nb-no.json |  987 ++++++++++++++++++++++++-
 data/web/lang/lang.nl-nl.json |  169 ++++-
 data/web/lang/lang.pl-pl.json |  905 ++++++++++++++++++++++-
 data/web/lang/lang.pt-pt.json | 1060 ++++++++++++++++++++++++++-
 data/web/lang/lang.ro-ro.json |  120 ++-
 data/web/lang/lang.ru-ru.json |  100 ++-
 data/web/lang/lang.si-si.json |  765 ++++++++++++++++++-
 data/web/lang/lang.sk-sk.json |   70 +-
 data/web/lang/lang.sv-se.json |  220 +++++-
 data/web/lang/lang.tr-tr.json |    6 +-
 data/web/lang/lang.uk-ua.json |   17 +-
 data/web/lang/lang.zh-cn.json |  117 ++-
 data/web/lang/lang.zh-tw.json |   27 +-
 25 files changed, 10553 insertions(+), 282 deletions(-)

diff --git a/data/web/lang/lang.ca-es.json b/data/web/lang/lang.ca-es.json
index 877b46cdb..9b8862c2a 100644
--- a/data/web/lang/lang.ca-es.json
+++ b/data/web/lang/lang.ca-es.json
@@ -19,7 +19,16 @@
         "spam_alias": "Àlies temporals",
         "spam_score": "Puntuació de correu brossa",
         "tls_policy": "Política TLS",
-        "unlimited_quota": "Quota ilimitada per bústies de correo"
+        "unlimited_quota": "Quota ilimitada per bústies de correo",
+        "delimiter_action": "",
+        "ratelimit": "",
+        "smtp_ip_access": "",
+        "sogo_access": "",
+        "domain_relayhost": "",
+        "extend_sender_acl": "",
+        "mailbox_relayhost": "",
+        "pushover": "",
+        "spam_policy": ""
     },
     "add": {
         "activate_filter_warn": "All other filters will be deactivated, when active is checked.",
@@ -73,7 +82,33 @@
         "validate": "Validar",
         "validation_success": "Validated successfully",
         "app_name": "Nom de l'aplicació",
-        "app_password": "Afegir contrasenya a l'aplicació"
+        "app_password": "Afegir contrasenya a l'aplicació",
+        "dry": "",
+        "inactive": "",
+        "disable_login": "",
+        "goto_ham": "",
+        "goto_spam": "",
+        "mailbox_quota_def": "",
+        "private_comment": "",
+        "public_comment": "",
+        "relay_unknown_only": "",
+        "relayhost_wrapped_tls_info": "",
+        "subscribeall": "",
+        "tags": "",
+        "timeout1": "",
+        "timeout2": "",
+        "relay_transport_info": "",
+        "domain_matches_hostname": "",
+        "gal": "",
+        "gal_info": "",
+        "generate": "",
+        "nexthop": "",
+        "app_passwd_protocols": "",
+        "bcc_dest_format": "",
+        "comment_info": "",
+        "custom_params": "",
+        "custom_params_hint": "",
+        "destination": ""
     },
     "admin": {
         "access": "Accés",
@@ -156,7 +191,167 @@
         "ui_texts": "Etiquetes i textos de la UI",
         "unchanged_if_empty": "Si no hi ha canvis, deixa'l en blanc",
         "upload": "Pujar",
-        "username": "Nom d'usuari"
+        "username": "Nom d'usuari",
+        "lookup_mx": "",
+        "logo_dark_label": "",
+        "optional": "",
+        "copy_to_clipboard": "",
+        "f2b_manage_external": "",
+        "f2b_manage_external_info": "",
+        "license_info": "",
+        "message": "",
+        "message_size": "",
+        "nexthop": "",
+        "no": "",
+        "no_active_bans": "",
+        "oauth2_apps": "",
+        "oauth2_client_secret": "",
+        "oauth2_info": "",
+        "password_policy_chars": "",
+        "password_policy_numbers": "",
+        "password_policy_special_chars": "",
+        "priority": "",
+        "quarantine_bcc": "",
+        "quarantine_max_size": "",
+        "quarantine_notification_html": "",
+        "quarantine_redirect": "",
+        "quarantine_release_format_att": "",
+        "quarantine_retention_size": "",
+        "quota_notification_html": "",
+        "quota_notification_subject": "",
+        "quota_notifications": "",
+        "relay_rcpt": "",
+        "relay_run": "",
+        "routing": "",
+        "rspamd_global_filters_regex": "",
+        "title": "",
+        "transport_maps": "",
+        "transport_test_rcpt_info": "",
+        "transports_hint": "",
+        "ui_header_announcement_active": "",
+        "validate_license_now": "",
+        "verify": "",
+        "yes": "",
+        "password_length": "",
+        "password_policy": "",
+        "logo_normal_label": "",
+        "f2b_max_ban_time": "",
+        "f2b_ban_time_increment": "",
+        "add_relayhost_hint": "",
+        "add_transport": "",
+        "add_transports_hint": "",
+        "admins": "",
+        "quarantine_exclude_domains": "",
+        "quarantine_max_age": "",
+        "quarantine_release_format_raw": "",
+        "quota_notification_sender": "",
+        "quota_notifications_info": "",
+        "quota_notifications_vars": "",
+        "r_active": "",
+        "r_inactive": "",
+        "rate_name": "",
+        "regex_maps": "",
+        "ui_header_announcement": "",
+        "cors_settings": "",
+        "allowed_methods": "",
+        "allowed_origins": "",
+        "oauth2_renew_secret": "",
+        "oauth2_revoke_tokens": "",
+        "send": "",
+        "success": "",
+        "sys_mails": "",
+        "text": "",
+        "time": "",
+        "unban_pending": "",
+        "ip_check": "",
+        "quarantine_notification_sender": "",
+        "dkim_domains_wo_keys": "",
+        "dkim_to": "",
+        "duplicate": "",
+        "excludes": "",
+        "f2b_blacklist": "",
+        "f2b_filter": "",
+        "guid": "",
+        "oauth2_add_client": "",
+        "rsetting_content": "",
+        "queue_unban": "",
+        "ip_check_disabled": "",
+        "ip_check_opt_in": "",
+        "options": "",
+        "relayhosts": "",
+        "reset_limit": "",
+        "rsetting_add_rule": "",
+        "rspamd_com_settings": "",
+        "ui_footer": "",
+        "dkim_from": "",
+        "admins_ldap": "",
+        "advanced_settings": "",
+        "api_info": "",
+        "api_read_only": "",
+        "api_read_write": "",
+        "api_skip_ip_check": "",
+        "arrival_time": "",
+        "authed_user": "",
+        "ays": "",
+        "activate_send": "",
+        "active_rspamd_settings_map": "",
+        "add_admin": "",
+        "add_settings_rule": "",
+        "oauth2_redirect_uri": "",
+        "domain_admin": "",
+        "password_policy_length": "",
+        "password_policy_lowerupper": "",
+        "quarantine_release_format": "",
+        "rsetting_none": "",
+        "rsettings_insert_preset": "",
+        "transport_dest_format": "",
+        "ban_list_info": "",
+        "convert_html_to_text": "",
+        "credentials_transport_warning": "",
+        "customer_id": "",
+        "destination": "",
+        "dkim_domains_selector": "",
+        "dkim_from_title": "",
+        "dkim_overwrite_key": "",
+        "dkim_to_title": "",
+        "domain_s": "",
+        "f2b_list_info": "",
+        "f2b_regex_info": "",
+        "from": "",
+        "generate": "",
+        "guid_and_license": "",
+        "hash_remove_info": "",
+        "html": "",
+        "include_exclude": "",
+        "include_exclude_info": "",
+        "includes": "",
+        "is_mx_based": "",
+        "last_applied": "",
+        "login_time": "",
+        "oauth2_client_id": "",
+        "quarantine_max_score": "",
+        "quarantine_notification_subject": "",
+        "rsetting_no_selection": "",
+        "rsettings_preset_1": "",
+        "rsettings_preset_2": "",
+        "rsettings_preset_3": "",
+        "rsettings_preset_4": "",
+        "rspamd_global_filters": "",
+        "rspamd_global_filters_agree": "",
+        "rspamd_global_filters_info": "",
+        "rspamd_settings_map": "",
+        "sal_level": "",
+        "service": "",
+        "service_id": "",
+        "ui_header_announcement_content": "",
+        "ui_header_announcement_help": "",
+        "ui_header_announcement_select": "",
+        "ui_header_announcement_type": "",
+        "ui_header_announcement_type_danger": "",
+        "ui_header_announcement_type_info": "",
+        "ui_header_announcement_type_warning": "",
+        "duplicate_dkim": "",
+        "r_info": ""
     },
     "danger": {
         "access_denied": "Accés denegat o dades incorrectes",
@@ -207,7 +402,87 @@
         "target_domain_invalid": "El domini \"goto\" no és vàlid",
         "targetd_not_found": "No s'ha trobat el domini destí",
         "username_invalid": "El nom d'usuari no es pot fer servir",
-        "validity_missing": "Si et plau posa un període de validesa"
+        "validity_missing": "Si et plau posa un període de validesa",
+        "webauthn_authenticator_failed": "",
+        "webauthn_publickey_failed": "",
+        "value_missing": "",
+        "unknown": "",
+        "app_name_empty": "",
+        "app_passwd_id_invalid": "",
+        "bcc_empty": "",
+        "invalid_bcc_map_type": "",
+        "invalid_filter_type": "",
+        "invalid_host": "",
+        "bcc_exists": "",
+        "bcc_must_be_email": "",
+        "comment_too_long": "",
+        "cors_invalid_method": "",
+        "cors_invalid_origin": "",
+        "defquota_empty": "",
+        "extended_sender_acl_denied": "",
+        "extra_acl_invalid": "",
+        "extra_acl_invalid_domain": "",
+        "fido2_verification_failed": "",
+        "file_open_error": "",
+        "filter_type": "",
+        "from_invalid": "",
+        "global_filter_write_error": "",
+        "global_map_invalid": "",
+        "global_map_write_error": "",
+        "ham_learn_error": "",
+        "invalid_nexthop": "",
+        "invalid_recipient_map_new": "",
+        "invalid_destination": "",
+        "tfa_token_invalid": "",
+        "tls_policy_map_dest_invalid": "",
+        "rl_timeframe": "",
+        "img_dimensions_exceeded": "",
+        "img_size_exceeded": "",
+        "invalid_nexthop_authenticated": "",
+        "invalid_recipient_map_old": "",
+        "private_key_error": "",
+        "pushover_credentials_missing": "",
+        "pushover_key": "",
+        "pushover_token": "",
+        "recipient_map_entry_exists": "",
+        "redis_error": "",
+        "relayhost_invalid": "",
+        "reset_f2b_regex": "",
+        "rspamd_ui_pw_length": "",
+        "script_empty": "",
+        "set_acl_failed": "",
+        "targetd_relay_domain": "",
+        "template_exists": "",
+        "template_id_invalid": "",
+        "template_name_invalid": "",
+        "temp_error": "",
+        "text_empty": "",
+        "tls_policy_map_entry_exists": "",
+        "tls_policy_map_parameter_invalid": "",
+        "totp_verification_failed": "",
+        "transport_dest_exists": "",
+        "webauthn_verification_failed": "",
+        "webauthn_username_failed": "",
+        "unknown_tfa_method": "",
+        "unlimited_quota_acl": "",
+        "yotp_verification_failed": "",
+        "no_user_defined": "",
+        "demo_mode_enabled": "",
+        "dkim_domain_or_sel_exists": "",
+        "domain_cannot_match_hostname": "",
+        "ip_list_empty": "",
+        "settings_map_invalid": "",
+        "sieve_error": "",
+        "spam_learn_error": "",
+        "subject_empty": "",
+        "mailbox_defquota_exceeds_mailbox_maxquota": "",
+        "malformed_username": "",
+        "map_content_empty": "",
+        "mysql_error": "",
+        "network_host_invalid": "",
+        "next_hop_interferes": "",
+        "next_hop_interferes_any": "",
+        "nginx_reload_failed": ""
     },
     "diagnostics": {
         "cname_from_a": "Valor derivat de registre A/AAAA. Això és compatible sempre que el registre assenyali el recurs correcte.",
@@ -217,7 +492,8 @@
         "dns_records_name": "Nom",
         "dns_records_status": "Valor actual",
         "dns_records_type": "Tipus",
-        "optional": "Aquest registre és opcional."
+        "optional": "Aquest registre és opcional.",
+        "dns_records_docs": ""
     },
     "edit": {
         "active": "Actiu",
@@ -273,7 +549,82 @@
         "title": "Editar l'objecte",
         "unchanged_if_empty": "Si no hay cambios dejalo en blanco",
         "username": "Usuari",
-        "validate_save": "Validar i desar"
+        "validate_save": "Validar i desar",
+        "lookup_mx": "",
+        "acl": "",
+        "admin": "",
+        "allow_from_smtp": "",
+        "footer_exclude": "",
+        "domain_footer_skip_replies": "",
+        "domain_footer_plain": "",
+        "gal_info": "",
+        "grant_types": "",
+        "pushover": "",
+        "scope": "",
+        "custom_attributes": "",
+        "disable_login": "",
+        "none_inherit": "",
+        "pushover_info": "",
+        "domain_footer": "",
+        "domain_footer_html": "",
+        "domain_footer_info_vars": {
+            "from_name": "",
+            "from_addr": "",
+            "from_domain": "",
+            "auth_user": "",
+            "from_user": "",
+            "custom": ""
+        },
+        "gal": "",
+        "mbox_rl_info": "",
+        "nexthop": "",
+        "private_comment": "",
+        "public_comment": "",
+        "pushover_evaluate_x_prio": "",
+        "pushover_only_x_prio": "",
+        "pushover_sender_array": "",
+        "pushover_sender_regex": "",
+        "sogo_visible": "",
+        "allow_from_smtp_info": "",
+        "allowed_protocols": "",
+        "app_name": "",
+        "app_passwd": "",
+        "bcc_dest_format": "",
+        "client_id": "",
+        "client_secret": "",
+        "comment_info": "",
+        "created_on": "",
+        "delete_ays": "",
+        "domain_footer_info": "",
+        "inactive": "",
+        "extended_sender_acl": "",
+        "extended_sender_acl_info": "",
+        "last_modified": "",
+        "mailbox_quota_def": "",
+        "mailbox_relayhost_info": "",
+        "pushover_text": "",
+        "pushover_title": "",
+        "sender_acl_disabled": "",
+        "sender_acl_info": "",
+        "sogo_access_info": "",
+        "sogo_visible_info": "",
+        "timeout1": "",
+        "timeout2": "",
+        "generate": "",
+        "app_passwd_protocols": "",
+        "ratelimit": "",
+        "relayhost": "",
+        "pushover_sound": "",
+        "pushover_vars": "",
+        "pushover_verify": "",
+        "quota_warning_bcc": "",
+        "quota_warning_bcc_info": "",
+        "relay_transport_info": "",
+        "relay_unknown_only": "",
+        "spam_filter": "",
+        "advanced_settings": "",
+        "redirect_uri": "",
+        "sogo_access": ""
     },
     "footer": {
         "cancel": "Cancel·lar",
@@ -282,7 +633,13 @@
         "delete_these_items": "Si et plau confirma els canvis al objecte amb id:",
         "loading": "Si et plau espera ...",
         "restart_container_info": "<b>Important:</b> Un reinici pot trigar una estona, si et plau espera a que acabi.",
-        "restart_now": "Reiniciar ara"
+        "restart_now": "Reiniciar ara",
+        "hibp_check": "",
+        "hibp_nok": "",
+        "hibp_ok": "",
+        "nothing_selected": "",
+        "restart_container": "",
+        "restarting_container": ""
     },
     "header": {
         "administration": "Administració",
@@ -291,16 +648,24 @@
         "mailcow_config": "Configuració",
         "quarantine": "Quarantena",
         "restart_sogo": "Reiniciar SOGo",
-        "user_settings": "Preferències d'usuari"
+        "user_settings": "Preferències d'usuari",
+        "restart_netfilter": "",
+        "apps": "",
+        "mailcow_system": ""
     },
     "info": {
-        "no_action": "No hi ha cap acció aplicable"
+        "no_action": "No hi ha cap acció aplicable",
+        "awaiting_tfa_confirmation": "",
+        "session_expires": ""
     },
     "login": {
         "delayed": "Pots iniciar de sessió passats %s segons.",
         "login": "Inici de sessió",
         "password": "Contrasenya",
-        "username": "Nom d'usuari"
+        "username": "Nom d'usuari",
+        "fido2_webauthn": "",
+        "mobileconfig_info": "",
+        "other_logins": ""
     },
     "mailbox": {
         "action": "Acció",
@@ -385,7 +750,97 @@
         "tls_enforce_out": "Forçar TLS al enviar",
         "toggle_all": "Tots",
         "username": "Nom d'usuari",
-        "waiting": "Esperant"
+        "waiting": "Esperant",
+        "booking_0_short": "",
+        "booking_null": "",
+        "booking_custom": "",
+        "sieve_preset_8": "",
+        "sieve_preset_header": "",
+        "sogo_visible": "",
+        "stats": "",
+        "tls_policy_maps_long": "",
+        "quarantine_notification": "",
+        "recipient_map_old_info": "",
+        "table_size_show_n": "",
+        "tls_map_dest": "",
+        "tls_map_dest_info": "",
+        "sieve_preset_2": "",
+        "add_tls_policy_map": "",
+        "sieve_preset_3": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "table_size": "",
+        "tls_map_parameters": "",
+        "disable_x": "",
+        "domain_templates": "",
+        "last_pw_change": "",
+        "no": "",
+        "public_comment": "",
+        "q_add_header": "",
+        "q_reject": "",
+        "recipient": "",
+        "relay_unknown": "",
+        "sieve_preset_1": "",
+        "sieve_preset_7": "",
+        "tls_map_parameters_info": "",
+        "tls_map_policy": "",
+        "tls_policy_maps": "",
+        "dkim_domains_selector": "",
+        "templates": "",
+        "never": "",
+        "add_template": "",
+        "all_domains": "",
+        "allowed_protocols": "",
+        "bcc_map": "",
+        "booking_custom_short": "",
+        "booking_ltnull": "",
+        "booking_lt0_short": "",
+        "catch_all": "",
+        "created_on": "",
+        "daily": "",
+        "disable_login": "",
+        "domain_quota_total": "",
+        "enable_x": "",
+        "gal": "",
+        "goto_ham": "",
+        "goto_spam": "",
+        "hourly": "",
+        "insert_preset": "",
+        "last_mail_login": "",
+        "last_modified": "",
+        "mailbox": "",
+        "mailbox_defaults": "",
+        "mailbox_defaults_info": "",
+        "mailbox_defquota": "",
+        "mailbox_templates": "",
+        "open_logs": "",
+        "private_comment": "",
+        "q_all": "",
+        "quarantine_category": "",
+        "recipient_map_new_info": "",
+        "sender": "",
+        "sieve_preset_4": "",
+        "sieve_preset_5": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "template": "",
+        "tls_policy_maps_enforced_tls": "",
+        "tls_policy_maps_info": "",
+        "weekly": "",
+        "yes": "",
+        "sogo_visible_n": "",
+        "add_alias_expand": "",
+        "alias_domain_alias_hint": "",
+        "alias_domain_backupmx": "",
+        "allow_from_smtp": "",
+        "allow_from_smtp_info": "",
+        "sogo_visible_y": "",
+        "syncjob_check_log": "",
+        "syncjob_EX_OK": "",
+        "sieve_preset_6": ""
     },
     "quarantine": {
         "action": "Acció",
@@ -408,15 +863,59 @@
         "subj": "Assumpte",
         "text_from_html_content": "Contingut (a partir del HTML)",
         "text_plain_content": "Contingut (text/plain)",
-        "toggle_all": "Marcar tots"
+        "toggle_all": "Marcar tots",
+        "deliver_inbox": "",
+        "spam_score": "",
+        "table_size": "",
+        "type": "",
+        "learn_spam_delete": "",
+        "confirm": "",
+        "confirm_delete": "",
+        "danger": "",
+        "disabled_by_config": "",
+        "spam": "",
+        "download_eml": "",
+        "high_danger": "",
+        "info": "",
+        "junk_folder": "",
+        "low_danger": "",
+        "medium_danger": "",
+        "neutral_danger": "",
+        "notified": "",
+        "qhandler_success": "",
+        "qinfo": "",
+        "quick_delete_link": "",
+        "quick_info_link": "",
+        "quick_release_link": "",
+        "rspamd_result": "",
+        "sender_header": "",
+        "settings_info": "",
+        "table_size_show_n": "",
+        "refresh": "",
+        "rejected": "",
+        "rewrite_subject": ""
     },
     "queue": {
-        "queue_manager": "Queue Manager"
+        "queue_manager": "Queue Manager",
+        "delete": "",
+        "flush": "",
+        "info": "",
+        "legend": "",
+        "ays": "",
+        "hold_mail": "",
+        "hold_mail_legend": "",
+        "unhold_mail": "",
+        "unhold_mail_legend": "",
+        "deliver_mail": "",
+        "deliver_mail_legend": "",
+        "show_message": "",
+        "unban": ""
     },
     "start": {
         "help": "Mostrar/Ocultar panell d'ajuda",
         "mailcow_apps_detail": "Tria una aplicació (de moment només SOGo) per a accedir als teus correus, calendari, contactes i més.",
-        "mailcow_panel_detail": "Els <b>administradors del domini</b> poden crear, modificar o esborrar bústies i àlies, configurar i obtenir informació detallada sobre els seus dominis<br>\r\n\tEls <b>usuaris d'e-mail</b> poden crear àlies temporals (spam àlies), canviar la seva contrasenya i la configuració del seu filtre anti-spam."
+        "mailcow_panel_detail": "Els <b>administradors del domini</b> poden crear, modificar o esborrar bústies i àlies, configurar i obtenir informació detallada sobre els seus dominis<br>\r\n\tEls <b>usuaris d'e-mail</b> poden crear àlies temporals (spam àlies), canviar la seva contrasenya i la configuració del seu filtre anti-spam.",
+        "imap_smtp_server_auth_info": ""
     },
     "success": {
         "admin_modified": "Els canvis fets a l'administrador s'han desat",
@@ -453,7 +952,56 @@
         "resource_modified": "S'han desat els canvis fets al recurs %s",
         "resource_removed": "S'ha esborrat el recurs %s",
         "ui_texts": "S'han desat els canvis als noms de App",
-        "upload_success": "El fitxer s'ha pujat"
+        "upload_success": "El fitxer s'ha pujat",
+        "template_removed": "",
+        "tls_policy_map_entry_deleted": "",
+        "app_passwd_added": "",
+        "bcc_saved": "",
+        "hash_deleted": "",
+        "ip_check_opt_in_modified": "",
+        "item_released": "",
+        "learned_ham": "",
+        "license_modified": "",
+        "logged_in_as": "",
+        "pushover_settings_edited": "",
+        "qlearn_spam": "",
+        "queue_command_success": "",
+        "recipient_map_entry_deleted": "",
+        "recipient_map_entry_saved": "",
+        "settings_map_removed": "",
+        "verified_fido2_login": "",
+        "global_filter_written": "",
+        "bcc_deleted": "",
+        "cors_headers_edited": "",
+        "db_init_complete": "",
+        "delete_filter": "",
+        "delete_filters": "",
+        "deleted_syncjob": "",
+        "deleted_syncjobs": "",
+        "domain_add_dkim_available": "",
+        "dkim_duplicated": "",
+        "sogo_profile_reset": "",
+        "template_modified": "",
+        "tls_policy_map_entry_saved": "",
+        "verified_webauthn_login": "",
+        "template_added": "",
+        "acl_saved": "",
+        "admin_added": "",
+        "admin_api_modified": "",
+        "admin_removed": "",
+        "app_passwd_removed": "",
+        "bcc_edited": "",
+        "domain_footer_modified": "",
+        "dovecot_restart_success": "",
+        "f2b_banlist_refreshed": "",
+        "rl_saved": "",
+        "rspamd_ui_pw_set": "",
+        "saved_settings": "",
+        "settings_map_added": "",
+        "verified_totp_login": "",
+        "verified_yotp_login": "",
+        "nginx_reloaded": "",
+        "password_policy_saved": ""
     },
     "tfa": {
         "api_register": "%s fa servir la Yubico Cloud API. Obté una API key per la teva clau <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">aquí</a>",
@@ -473,7 +1021,15 @@
         "webauthn": "Autenticació WebAuthn",
         "waiting_usb_auth": "<i>Esperant el dispositiu USB...</i><br><br>Apreta el botó del teu dispositiu USB WebAuthn ara.",
         "waiting_usb_register": "<i>Esperant el dispositiu USB...</i><br><br>Posa el teu password i confirma el registre del teu WebAuthn apretant el botó del teu dispositiiu USB WebAuthn.",
-        "yubi_otp": "Autenticació OTP de Yubico"
+        "yubi_otp": "Autenticació OTP de Yubico",
+        "reload_retry": "",
+        "authenticators": "",
+        "error_code": "",
+        "start_webauthn_validation": "",
+        "tfa_token_invalid": "",
+        "init_webauthn": "",
+        "u2f_deprecated": "",
+        "u2f_deprecated_important": ""
     },
     "user": {
         "action": "Acció",
@@ -556,6 +1112,198 @@
         "username": "Usuari",
         "waiting": "Esperant",
         "week": "Setmana",
-        "weeks": "Setmanes"
+        "weeks": "Setmanes",
+        "last_mail_login": "",
+        "last_pw_change": "",
+        "last_ui_login": "",
+        "login_history": "",
+        "open_logs": "",
+        "password": "",
+        "pushover_info": "",
+        "pushover_sender_array": "",
+        "app_hint": "",
+        "allowed_protocols": "",
+        "apple_connection_profile": "",
+        "apple_connection_profile_complete": "",
+        "apple_connection_profile_with_app_password": "",
+        "delete_ays": "",
+        "pushover_sound": "",
+        "years": "",
+        "daily": "",
+        "attribute": "",
+        "hourly": "",
+        "mailbox": "",
+        "mailbox_general": "",
+        "mailbox_settings": "",
+        "pushover_evaluate_x_prio": "",
+        "pushover_only_x_prio": "",
+        "q_add_header": "",
+        "quarantine_notification": "",
+        "sogo_profile_reset": "",
+        "app_passwds": "",
+        "created_on": "",
+        "change_password_hint_app_passwords": "",
+        "clear_recent_successful_connections": "",
+        "create_app_passwd": "",
+        "month": "",
+        "months": "",
+        "open_webmail_sso": "",
+        "password_repeat": "",
+        "pushover_text": "",
+        "quarantine_notification_info": "",
+        "recent_successful_connections": "",
+        "save": "",
+        "sender_acl_disabled": "",
+        "sogo_profile_reset_now": "",
+        "verify": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_check_log": "",
+        "title": "",
+        "apple_connection_profile_mailonly": "",
+        "expire_in": "",
+        "fido2_webauthn": "",
+        "pushover_sender_regex": "",
+        "pushover_title": "",
+        "pushover_vars": "",
+        "pushover_verify": "",
+        "q_all": "",
+        "quarantine_category": "",
+        "quarantine_category_info": "",
+        "sogo_profile_reset_help": "",
+        "spam_score_reset": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "value": "",
+        "with_app_password": "",
+        "year": "",
+        "from": "",
+        "text": "",
+        "q_reject": "",
+        "generate": "",
+        "advanced_settings": "",
+        "app_name": "",
+        "direct_protocol_access": "",
+        "email": "",
+        "email_and_dav": "",
+        "empty": "",
+        "never": "",
+        "no_last_login": "",
+        "weekly": ""
+    },
+    "datatables": {
+        "decimal": "",
+        "infoPostFix": "",
+        "collapse_all": "",
+        "emptyTable": "",
+        "expand_all": "",
+        "info": "",
+        "infoEmpty": "",
+        "infoFiltered": "",
+        "lengthMenu": "",
+        "loadingRecords": "",
+        "processing": "",
+        "search": "",
+        "zeroRecords": "",
+        "paginate": {
+            "first": "",
+            "last": "",
+            "next": "",
+            "previous": ""
+        },
+        "aria": {
+            "sortAscending": "",
+            "sortDescending": ""
+        },
+        "thousands": ""
+    },
+    "debug": {
+        "history_all_servers": "",
+        "architecture": "",
+        "containers_info": "",
+        "container_running": "",
+        "docs": "",
+        "login_time": "",
+        "logs": "",
+        "error_show_ip": "",
+        "external_logs": "",
+        "in_memory_logs": "",
+        "jvm_memory_solr": "",
+        "last_modified": "",
+        "log_info": "",
+        "memory": "",
+        "online_users": "",
+        "restart_container": "",
+        "show_ip": "",
+        "size": "",
+        "solr_status": "",
+        "started_at": "",
+        "started_on": "",
+        "static_logs": "",
+        "success": "",
+        "system_containers": "",
+        "timezone": "",
+        "uptime": "",
+        "update_available": "",
+        "no_update_available": "",
+        "chart_this_server": "",
+        "container_disabled": "",
+        "container_stopped": "",
+        "cores": "",
+        "current_time": "",
+        "disk_usage": "",
+        "solr_dead": "",
+        "update_failed": "",
+        "username": "",
+        "wip": "",
+        "service": ""
+    },
+    "warning": {
+        "domain_added_sogo_failed": "",
+        "dovecot_restart_failed": "",
+        "fuzzy_learn_error": "",
+        "hash_not_found": "",
+        "no_active_admin": "",
+        "quota_exceeded_scope": "",
+        "cannot_delete_self": "",
+        "session_token": "",
+        "session_ua": "",
+        "ip_invalid": "",
+        "is_not_primary_alias": ""
+    },
+    "ratelimit": {
+        "hour": "",
+        "day": "",
+        "disabled": "",
+        "second": "",
+        "minute": ""
+    },
+    "oauth2": {
+        "permit": "",
+        "profile": "",
+        "scope_ask_permission": "",
+        "authorize_app": "",
+        "deny": "",
+        "profile_desc": "",
+        "access_denied": ""
+    },
+    "fido2": {
+        "confirm": "",
+        "fido2_auth": "",
+        "fido2_success": "",
+        "fido2_validation_failed": "",
+        "fn": "",
+        "known_ids": "",
+        "register_status": "",
+        "rename": "",
+        "set_fido2": "",
+        "set_fido2_touchid": "",
+        "set_fn": "",
+        "start_fido2_validation": "",
+        "none": ""
     }
 }
diff --git a/data/web/lang/lang.cs-cz.json b/data/web/lang/lang.cs-cz.json
index 593f1cdcf..188eadddf 100644
--- a/data/web/lang/lang.cs-cz.json
+++ b/data/web/lang/lang.cs-cz.json
@@ -346,7 +346,12 @@
         "f2b_ban_time_increment": "Délka banu je prodlužována s každým dalším banem",
         "f2b_max_ban_time": "Maximální délka banu (s)",
         "cors_settings": "Nastavení CORS",
-        "queue_unban": "zrušit ban"
+        "queue_unban": "zrušit ban",
+        "copy_to_clipboard": "",
+        "f2b_manage_external": "",
+        "f2b_manage_external_info": "",
+        "allowed_methods": "",
+        "allowed_origins": ""
     },
     "danger": {
         "access_denied": "Přístup odepřen nebo jsou neplatná data ve formuláři",
@@ -475,7 +480,9 @@
         "webauthn_publickey_failed": "Pro vybraný ověřovací prostředek nebyl uložen žádný veřejný klíč",
         "webauthn_username_failed": "Zvolený ověřovací prostředek patří k jinému účtu",
         "extended_sender_acl_denied": "chybějící ACL pro nastavení externích adres odesílatele",
-        "demo_mode_enabled": "Demo režim je zapnutý"
+        "demo_mode_enabled": "Demo režim je zapnutý",
+        "img_dimensions_exceeded": "",
+        "img_size_exceeded": ""
     },
     "datatables": {
         "emptyTable": "Tabulka neobsahuje žádná data",
@@ -500,7 +507,8 @@
         "decimal": ",",
         "thousands": " ",
         "collapse_all": "Sbalit vše",
-        "expand_all": "Rozbalit vše"
+        "expand_all": "Rozbalit vše",
+        "infoPostFix": ""
     },
     "debug": {
         "chart_this_server": "Graf (tento server)",
@@ -540,7 +548,8 @@
         "update_failed": "Nepodařilo se zkontrolovat aktualizace",
         "wip": "Nedokončená vývojová verze",
         "memory": "Paměť",
-        "container_disabled": "Kontejner je zastaven nebo zakázán"
+        "container_disabled": "Kontejner je zastaven nebo zakázán",
+        "cores": ""
     },
     "diagnostics": {
         "cname_from_a": "Hodnota odvozena z A/AAAA záznamu. Lze použít, pokud záznam ukazuje na správný zdroj.",
@@ -672,12 +681,17 @@
             "auth_user": "{= auth_user =} - Ověřené uživatelské jméno zadané MTA",
             "from_user": "{= from_user =}    - uživatelská část odesílatele, např. pro \"moo@mailcow.tld\" vrátí \"moo\"",
             "from_domain": "{= from_domain =} - Doména odesílatele",
-            "from_addr": "{= from_addr =} - E-mailová adresa odesílatele"
+            "from_addr": "{= from_addr =} - E-mailová adresa odesílatele",
+            "custom": ""
         },
         "domain_footer": "Patička pro celou doménu",
         "domain_footer_html": "HTML text",
         "domain_footer_plain": "Prostý text",
-        "pushover_sound": "Zvukové upozornění"
+        "pushover_sound": "Zvukové upozornění",
+        "footer_exclude": "",
+        "custom_attributes": "",
+        "domain_footer_skip_replies": "",
+        "pushover": ""
     },
     "fido2": {
         "confirm": "Potvrdit",
@@ -985,7 +999,8 @@
         "hold_mail_legend": "Podrží vybrané e-maily. (Zabrání dalším pokusům o doručení)",
         "show_message": "Zobrazit zprávu",
         "unhold_mail": "Uvolnit",
-        "unhold_mail_legend": "Uvolnit vybrané e-maily k doručení. (Pouze v případě předchozího podržení)"
+        "unhold_mail_legend": "Uvolnit vybrané e-maily k doručení. (Pouze v případě předchozího podržení)",
+        "unban": ""
     },
     "ratelimit": {
         "disabled": "Vypnuto",
@@ -1081,7 +1096,10 @@
         "verified_webauthn_login": "WebAuthn přihlášení ověřeno",
         "verified_yotp_login": "Yubico OTP přihlášení ověřeno",
         "cors_headers_edited": "Nastavení CORS byla uložena",
-        "domain_footer_modified": "Změny patičky domény %s byly uloženy"
+        "domain_footer_modified": "Změny patičky domény %s byly uloženy",
+        "f2b_banlist_refreshed": "",
+        "domain_add_dkim_available": "",
+        "ip_check_opt_in_modified": ""
     },
     "tfa": {
         "api_register": "%s používá Yubico Cloud API. Prosím získejte API klíč pro své Yubico <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">ZDE</a>",
@@ -1106,7 +1124,10 @@
         "webauthn": "WebAuthn ověření",
         "waiting_usb_auth": "<i>Čeká se na USB zařízení...</i><br><br>Prosím stiskněte tlačítko na svém WebAuthn USB zařízení.",
         "waiting_usb_register": "<i>Čeká se na USB zařízení...</i><br><br>Prosím zadejte své heslo výše a potvrďte WebAuthn registraci stiskem tlačítka na svém WebAuthn USB zařízení.",
-        "yubi_otp": "Yubico OTP ověření"
+        "yubi_otp": "Yubico OTP ověření",
+        "authenticators": "",
+        "u2f_deprecated": "",
+        "u2f_deprecated_important": ""
     },
     "user": {
         "action": "Akce",
@@ -1268,7 +1289,9 @@
         "with_app_password": "s heslem aplikace",
         "year": "rok",
         "years": "let",
-        "pushover_sound": "Zvukové upozornění"
+        "pushover_sound": "Zvukové upozornění",
+        "attribute": "",
+        "value": ""
     },
     "warning": {
         "cannot_delete_self": "Nelze smazat právě přihlášeného uživatele",
diff --git a/data/web/lang/lang.da-dk.json b/data/web/lang/lang.da-dk.json
index 95db916ef..b8fff15b4 100644
--- a/data/web/lang/lang.da-dk.json
+++ b/data/web/lang/lang.da-dk.json
@@ -107,7 +107,8 @@
         "validation_success": "Valideret med succes",
         "bcc_dest_format": "BCC-destination skal være en enkelt gyldig e-mail-adresse.<br>Hvis du har brug for at sende en kopi til flere adresser, kan du oprette et alias og bruge det her.",
         "app_passwd_protocols": "Tilladte protokoller for app adgangskode",
-        "tags": "Tag's"
+        "tags": "Tag's",
+        "dry": ""
     },
     "admin": {
         "access": "Adgang",
@@ -317,7 +318,40 @@
         "yes": "&#10003;",
         "ip_check_opt_in": "Opt-In for brug af tredjepartstjeneste <strong>ipv4.mailcow.email</strong> og <strong>ipv6.mailcow.email</strong> til at finde eksterne IP-adresser.",
         "queue_unban": "unban",
-        "admins": "Administratorer"
+        "admins": "Administratorer",
+        "copy_to_clipboard": "",
+        "f2b_ban_time_increment": "",
+        "f2b_manage_external": "",
+        "f2b_manage_external_info": "",
+        "logo_normal_label": "",
+        "logo_dark_label": "",
+        "f2b_max_ban_time": "",
+        "cors_settings": "",
+        "allowed_origins": "",
+        "allowed_methods": "",
+        "options": "",
+        "password_length": "",
+        "password_policy": "",
+        "password_policy_chars": "",
+        "password_policy_length": "",
+        "ip_check": "",
+        "login_time": "",
+        "oauth2_apps": "",
+        "oauth2_add_client": "",
+        "password_policy_lowerupper": "",
+        "password_policy_numbers": "",
+        "password_policy_special_chars": "",
+        "relay_rcpt": "",
+        "service": "",
+        "transport_test_rcpt_info": "",
+        "ip_check_disabled": "",
+        "rsettings_preset_4": "",
+        "convert_html_to_text": "",
+        "success": "",
+        "is_mx_based": "",
+        "admins_ldap": "",
+        "api_read_only": "",
+        "api_read_write": ""
     },
     "danger": {
         "access_denied": "Adgang nægtet eller ugyldig formular data",
@@ -435,7 +469,20 @@
         "validity_missing": "Tildel venligst en gyldighedsperiode",
         "value_missing": "Angiv alle værdier",
         "yotp_verification_failed": "Yubico OTP verifikationen mislykkedes: %s",
-        "webauthn_publickey_failed": "Der er ikke gemt nogen offentlig nøgle for den valgte autentifikator"
+        "webauthn_publickey_failed": "Der er ikke gemt nogen offentlig nøgle for den valgte autentifikator",
+        "cors_invalid_method": "",
+        "cors_invalid_origin": "",
+        "img_dimensions_exceeded": "",
+        "img_size_exceeded": "",
+        "webauthn_authenticator_failed": "",
+        "webauthn_username_failed": "",
+        "nginx_reload_failed": "",
+        "template_exists": "",
+        "extended_sender_acl_denied": "",
+        "extra_acl_invalid_domain": "",
+        "template_id_invalid": "",
+        "template_name_invalid": "",
+        "demo_mode_enabled": ""
     },
     "debug": {
         "chart_this_server": "Diagram (denne server)",
@@ -453,7 +500,30 @@
         "started_on": "Startede den",
         "static_logs": "Statiske logfiler",
         "system_containers": "System og Beholdere",
-        "error_show_ip": "Kunne ikke finde de offentlige IP-adresser"
+        "error_show_ip": "Kunne ikke finde de offentlige IP-adresser",
+        "update_available": "",
+        "username": "",
+        "timezone": "",
+        "started_at": "",
+        "success": "",
+        "uptime": "",
+        "architecture": "",
+        "container_running": "",
+        "cores": "",
+        "current_time": "",
+        "docs": "",
+        "last_modified": "",
+        "login_time": "",
+        "memory": "",
+        "show_ip": "",
+        "size": "",
+        "no_update_available": "",
+        "update_failed": "",
+        "wip": "",
+        "online_users": "",
+        "service": "",
+        "container_disabled": "",
+        "container_stopped": ""
     },
     "diagnostics": {
         "cname_from_a": "Værdi afledt af A / AAAA-post. Dette understøttes, så længe posten peger på den korrekte ressource.",
@@ -568,7 +638,34 @@
         "admin": "Rediger administrator",
         "lookup_mx": "Destination er et regulært udtryk, der matcher MX-navnet (<code>.*google\\.dk</code> for at dirigere al e-mail, der er målrettet til en MX, der ender på google.dk, over dette hop)",
         "mailbox_relayhost_info": "Anvendt på postkassen og kun direkte aliasser, og overskriver et domæne relæ-host.",
-        "quota_warning_bcc": "Kvoteadvarsel BCC"
+        "quota_warning_bcc": "Kvoteadvarsel BCC",
+        "footer_exclude": "",
+        "custom_attributes": "",
+        "last_modified": "",
+        "app_passwd_protocols": "",
+        "created_on": "",
+        "domain_footer_info_vars": {
+            "custom": "",
+            "auth_user": "",
+            "from_user": "",
+            "from_name": "",
+            "from_addr": "",
+            "from_domain": ""
+        },
+        "domain_footer_skip_replies": "",
+        "spam_filter": "",
+        "domain_footer": "",
+        "domain_footer_html": "",
+        "domain_footer_info": "",
+        "domain_footer_plain": "",
+        "sogo_access_info": "",
+        "acl": "",
+        "none_inherit": "",
+        "pushover": "",
+        "pushover_sound": "",
+        "quota_warning_bcc_info": "",
+        "ratelimit": "",
+        "sogo_access": ""
     },
     "footer": {
         "cancel": "Afbestille",
@@ -581,7 +678,9 @@
         "restart_container": "Genstart beholderen",
         "restart_container_info": "<b>Vigtig:</b> Det kan tage et stykke tid at gennemføre en yndefuld genstart. Vent til den er færdig.",
         "restart_now": "Genstart nu",
-        "restarting_container": "Genstart af beholder, det kan tage et stykke tid"
+        "restarting_container": "Genstart af beholder, det kan tage et stykke tid",
+        "hibp_check": "",
+        "nothing_selected": ""
     },
     "header": {
         "administration": "Konfiguration og detailer",
@@ -592,7 +691,8 @@
         "quarantine": "Karantæne",
         "restart_netfilter": "Genstart netfilter",
         "restart_sogo": "Genstart SOGo",
-        "user_settings": "Brugerindstillinger"
+        "user_settings": "Brugerindstillinger",
+        "mailcow_system": ""
     },
     "info": {
         "awaiting_tfa_confirmation": "Venter på TFA-bekræftelse",
@@ -757,7 +857,31 @@
         "yes": "&#10003;",
         "goto_ham": "Lær som <b>ønsket</b>",
         "catch_all": "Fang-alt",
-        "open_logs": "Åben logfiler"
+        "open_logs": "Åben logfiler",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "all_domains": "",
+        "domain_templates": "",
+        "last_modified": "",
+        "last_pw_change": "",
+        "mailbox_templates": "",
+        "template": "",
+        "relay_unknown": "",
+        "add_alias_expand": "",
+        "add_template": "",
+        "created_on": "",
+        "goto_spam": "",
+        "recipient": "",
+        "relay_all": "",
+        "sender": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "templates": ""
     },
     "oauth2": {
         "access_denied": "Log ind som mailboks ejer for at give adgang via OAuth2.",
@@ -818,10 +942,24 @@
         "table_size_show_n": "Vis %s genstande",
         "text_from_html_content": "Indhold (konverterede html)",
         "text_plain_content": "Indhold (text/plain)",
-        "toggle_all": "Skift alt"
+        "toggle_all": "Skift alt",
+        "settings_info": ""
     },
     "queue": {
-        "queue_manager": "Køadministrator"
+        "queue_manager": "Køadministrator",
+        "deliver_mail": "",
+        "delete": "",
+        "flush": "",
+        "info": "",
+        "legend": "",
+        "ays": "",
+        "deliver_mail_legend": "",
+        "hold_mail": "",
+        "hold_mail_legend": "",
+        "show_message": "",
+        "unban": "",
+        "unhold_mail": "",
+        "unhold_mail_legend": ""
     },
     "start": {
         "help": "Vis / skjul hjælpepanel",
@@ -903,7 +1041,17 @@
         "verified_totp_login": "Bekræftet TOTP-login",
         "verified_webauthn_login": "Bekræftet WebAuthn-login",
         "verified_fido2_login": "Bekræftet FIDO2-login",
-        "verified_yotp_login": "Bekræftet Yubico OTP-login"
+        "verified_yotp_login": "Bekræftet Yubico OTP-login",
+        "template_removed": "",
+        "domain_footer_modified": "",
+        "cors_headers_edited": "",
+        "domain_add_dkim_available": "",
+        "f2b_banlist_refreshed": "",
+        "ip_check_opt_in_modified": "",
+        "nginx_reloaded": "",
+        "password_policy_saved": "",
+        "template_added": "",
+        "template_modified": ""
     },
     "tfa": {
         "api_register": "%s bruger Yubico Cloud API. Få en API-nøgle til din nøgle <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">here</a>",
@@ -928,7 +1076,10 @@
         "webauthn": "WebAuthn godkendelse",
         "waiting_usb_auth": "<i>Venter på USB-enhed...</i><br><br>Tryk let på knappen på din USB-enhed nu.",
         "waiting_usb_register": "<i>Venter på USB-enhed...</i><br><br>Indtast din adgangskode ovenfor, og bekræft din registrering ved at trykke på knappen på din USB-enhed.",
-        "yubi_otp": "Yubico OTP godkendelse"
+        "yubi_otp": "Yubico OTP godkendelse",
+        "authenticators": "",
+        "u2f_deprecated": "",
+        "u2f_deprecated_important": ""
     },
     "fido2": {
         "set_fn": "Set venneligt navn",
@@ -942,7 +1093,8 @@
         "start_fido2_validation": "Start FIDO2 validering",
         "fido2_auth": "Login med FIDO2",
         "fido2_success": "Enheden blev registreret",
-        "fido2_validation_failed": "Validering mislykkedes"
+        "fido2_validation_failed": "Validering mislykkedes",
+        "set_fido2_touchid": ""
     },
     "user": {
         "action": "Handling",
@@ -1071,7 +1223,42 @@
         "waiting": "Venter",
         "week": "uge",
         "weekly": "Ugeligt",
-        "weeks": "uger"
+        "weeks": "uger",
+        "empty": "",
+        "allowed_protocols": "",
+        "login_history": "",
+        "mailbox": "",
+        "mailbox_general": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "apple_connection_profile_with_app_password": "",
+        "attribute": "",
+        "change_password_hint_app_passwords": "",
+        "clear_recent_successful_connections": "",
+        "created_on": "",
+        "direct_protocol_access": "",
+        "fido2_webauthn": "",
+        "from": "",
+        "last_pw_change": "",
+        "last_ui_login": "",
+        "month": "",
+        "months": "",
+        "open_logs": "",
+        "open_webmail_sso": "",
+        "pushover_sound": "",
+        "recent_successful_connections": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "value": "",
+        "with_app_password": "",
+        "year": "",
+        "years": "",
+        "mailbox_settings": ""
     },
     "warning": {
         "cannot_delete_self": "Kan ikke slette en bruger som er logget ind.",
@@ -1083,12 +1270,40 @@
         "no_active_admin": "Kan ikke deaktivere den sidste administrator",
         "quota_exceeded_scope": "Domænekvote overskredet: Kun ubegrænsede postkasser kan oprettes i dette domæneomfang.",
         "session_token": "Form nøgle ugyldig: Nøgle passer ikke",
-        "session_ua": "Form nøgle ugyldig: Bruger-Agent gyldighedskontrols fejl"
+        "session_ua": "Form nøgle ugyldig: Bruger-Agent gyldighedskontrols fejl",
+        "is_not_primary_alias": ""
     },
     "datatables": {
         "lengthMenu": "Vis _MENU_ poster",
         "paginate": {
-            "first": "Først"
-        }
+            "first": "Først",
+            "last": "",
+            "next": "",
+            "previous": ""
+        },
+        "decimal": "",
+        "infoPostFix": "",
+        "loadingRecords": "",
+        "processing": "",
+        "search": "",
+        "zeroRecords": "",
+        "thousands": "",
+        "emptyTable": "",
+        "expand_all": "",
+        "info": "",
+        "infoEmpty": "",
+        "infoFiltered": "",
+        "aria": {
+            "sortAscending": "",
+            "sortDescending": ""
+        },
+        "collapse_all": ""
+    },
+    "ratelimit": {
+        "day": "",
+        "hour": "",
+        "disabled": "",
+        "second": "",
+        "minute": ""
     }
 }
diff --git a/data/web/lang/lang.es-es.json b/data/web/lang/lang.es-es.json
index 8a8c05274..b464e7ebe 100644
--- a/data/web/lang/lang.es-es.json
+++ b/data/web/lang/lang.es-es.json
@@ -24,7 +24,11 @@
         "protocol_access": "Cambiar protocolo de acceso",
         "quarantine_category": "Cambiar categoría de las notificaciones de cuarentena",
         "domain_relayhost": "Cambiar relayhost por un dominio",
-        "extend_sender_acl": "Permitir extender la ACL del remitente por direcciones externas"
+        "extend_sender_acl": "Permitir extender la ACL del remitente por direcciones externas",
+        "smtp_ip_access": "",
+        "sogo_access": "",
+        "mailbox_relayhost": "",
+        "pushover": ""
     },
     "add": {
         "activate_filter_warn": "Todos los demás filtros se desactivarán cuando este filtro se active.",
@@ -95,7 +99,16 @@
         "app_password": "Añadir contraseña para la app",
         "public_comment": "Comentarios públicos",
         "disable_login": "Desactivar login (el correo entrante seguirá activo)",
-        "comment_info": "Los comentarios privados no son visibles al usuario, mientras que los comentarios públicos aparecerán sobre la información general del usuario"
+        "comment_info": "Los comentarios privados no son visibles al usuario, mientras que los comentarios públicos aparecerán sobre la información general del usuario",
+        "dry": "",
+        "private_comment": "",
+        "relay_transport_info": "",
+        "domain_matches_hostname": "",
+        "relay_unknown_only": "",
+        "relayhost_wrapped_tls_info": "",
+        "app_passwd_protocols": "",
+        "bcc_dest_format": "",
+        "tags": ""
     },
     "admin": {
         "access": "Acceso",
@@ -248,7 +261,97 @@
         "unban_pending": "Desbloqueo pendiente",
         "unchanged_if_empty": "Si no hay cambios déjalo en blanco",
         "upload": "Cargar",
-        "username": "Nombre de usuario"
+        "username": "Nombre de usuario",
+        "lookup_mx": "",
+        "license_info": "",
+        "message": "",
+        "oauth2_apps": "",
+        "transport_dest_format": "",
+        "ui_footer": "",
+        "copy_to_clipboard": "",
+        "f2b_manage_external": "",
+        "f2b_manage_external_info": "",
+        "no": "",
+        "quarantine_max_score": "",
+        "queue_unban": "",
+        "rate_name": "",
+        "regex_maps": "",
+        "relay_rcpt": "",
+        "rsetting_no_selection": "",
+        "rsettings_preset_3": "",
+        "rsettings_preset_4": "",
+        "title": "",
+        "transport_test_rcpt_info": "",
+        "oauth2_add_client": "",
+        "oauth2_revoke_tokens": "",
+        "options": "",
+        "ui_header_announcement": "",
+        "logo_normal_label": "",
+        "logo_dark_label": "",
+        "quarantine_redirect": "",
+        "time": "",
+        "ui_header_announcement_active": "",
+        "ui_header_announcement_type_info": "",
+        "ui_header_announcement_type_warning": "",
+        "validate_license_now": "",
+        "reset_limit": "",
+        "success": "",
+        "allowed_methods": "",
+        "allowed_origins": "",
+        "cors_settings": "",
+        "login_time": "",
+        "yes": "",
+        "f2b_filter": "",
+        "html": "",
+        "oauth2_redirect_uri": "",
+        "oauth2_renew_secret": "",
+        "admins": "",
+        "admins_ldap": "",
+        "guid": "",
+        "guid_and_license": "",
+        "hash_remove_info": "",
+        "is_mx_based": "",
+        "last_applied": "",
+        "ip_check": "",
+        "ip_check_disabled": "",
+        "ip_check_opt_in": "",
+        "rspamd_global_filters_regex": "",
+        "sal_level": "",
+        "service": "",
+        "service_id": "",
+        "oauth2_info": "",
+        "optional": "",
+        "password_length": "",
+        "password_policy": "",
+        "password_policy_chars": "",
+        "password_policy_length": "",
+        "password_policy_lowerupper": "",
+        "password_policy_numbers": "",
+        "priority": "",
+        "quarantine_bcc": "",
+        "rspamd_global_filters": "",
+        "rspamd_global_filters_agree": "",
+        "rspamd_global_filters_info": "",
+        "ui_header_announcement_content": "",
+        "ui_header_announcement_help": "",
+        "ui_header_announcement_select": "",
+        "ui_header_announcement_type": "",
+        "ui_header_announcement_type_danger": "",
+        "verify": "",
+        "customer_id": "",
+        "dkim_overwrite_key": "",
+        "domain_admin": "",
+        "domain_s": "",
+        "f2b_regex_info": "",
+        "advanced_settings": "",
+        "api_info": "",
+        "api_read_only": "",
+        "api_read_write": "",
+        "api_skip_ip_check": "",
+        "authed_user": "",
+        "ays": "",
+        "convert_html_to_text": "",
+        "password_policy_special_chars": ""
     },
     "danger": {
         "access_denied": "Acceso denegado o datos del formulario inválidos",
@@ -336,7 +439,50 @@
         "username_invalid": "Nombre de usuario no se puede utilizar",
         "validity_missing": "Por favor asigna un periodo de validez",
         "value_missing": "Por favor proporcione todos los valores",
-        "yotp_verification_failed": "Verificación Yubico OTP fallida: %s"
+        "yotp_verification_failed": "Verificación Yubico OTP fallida: %s",
+        "invalid_mime_type": "",
+        "description_invalid": "",
+        "dkim_domain_or_sel_exists": "",
+        "extended_sender_acl_denied": "",
+        "extra_acl_invalid": "",
+        "last_key": "",
+        "webauthn_authenticator_failed": "",
+        "webauthn_publickey_failed": "",
+        "webauthn_username_failed": "",
+        "app_name_empty": "",
+        "app_passwd_id_invalid": "",
+        "comment_too_long": "",
+        "cors_invalid_method": "",
+        "cors_invalid_origin": "",
+        "demo_mode_enabled": "",
+        "global_filter_write_error": "",
+        "pushover_credentials_missing": "",
+        "pushover_key": "",
+        "pushover_token": "",
+        "img_dimensions_exceeded": "",
+        "img_size_exceeded": "",
+        "maxquota_empty": "",
+        "nginx_reload_failed": "",
+        "targetd_relay_domain": "",
+        "template_exists": "",
+        "template_id_invalid": "",
+        "temp_error": "",
+        "tfa_token_invalid": "",
+        "tls_policy_map_dest_invalid": "",
+        "extra_acl_invalid_domain": "",
+        "fido2_verification_failed": "",
+        "template_name_invalid": "",
+        "resource_invalid": "",
+        "file_open_error": "",
+        "img_tmp_missing": "",
+        "invalid_filter_type": "",
+        "global_map_invalid": "",
+        "global_map_write_error": "",
+        "ham_learn_error": "",
+        "img_invalid": "",
+        "imagick_exception": "",
+        "max_alias_exceeded": "",
+        "reset_f2b_regex": ""
     },
     "debug": {
         "containers_info": "Información de los contenedores",
@@ -354,7 +500,30 @@
         "solr_status": "Solr status",
         "uptime": "Uptime",
         "static_logs": "Logs estáticos",
-        "system_containers": "Sistema y Contenedores"
+        "system_containers": "Sistema y Contenedores",
+        "container_disabled": "",
+        "architecture": "",
+        "update_failed": "",
+        "wip": "",
+        "chart_this_server": "",
+        "container_running": "",
+        "container_stopped": "",
+        "cores": "",
+        "current_time": "",
+        "error_show_ip": "",
+        "history_all_servers": "",
+        "jvm_memory_solr": "",
+        "memory": "",
+        "online_users": "",
+        "service": "",
+        "show_ip": "",
+        "started_on": "",
+        "success": "",
+        "timezone": "",
+        "update_available": "",
+        "no_update_available": "",
+        "username": "",
+        "login_time": ""
     },
     "diagnostics": {
         "cname_from_a": "Valor derivado del registro A / AAAA. Esto es permitido siempre que el registro apunte al recurso correcto.",
@@ -364,7 +533,8 @@
         "dns_records_name": "Nombre",
         "dns_records_status": "Información actual",
         "dns_records_type": "Tipo",
-        "optional": "Este récord es opcional."
+        "optional": "Este récord es opcional.",
+        "dns_records_docs": ""
     },
     "edit": {
         "active": "Activo",
@@ -432,13 +602,85 @@
         "title": "Editar objeto",
         "unchanged_if_empty": "Si no hay cambios dejalo en blanco",
         "username": "Nombre de usuario",
-        "validate_save": "Validar y guardar"
+        "validate_save": "Validar y guardar",
+        "lookup_mx": "",
+        "footer_exclude": "",
+        "custom_attributes": "",
+        "domain_footer_info_vars": {
+            "from_user": "",
+            "from_name": "",
+            "from_domain": "",
+            "custom": "",
+            "auth_user": "",
+            "from_addr": ""
+        },
+        "domain_footer_plain": "",
+        "domain_footer_skip_replies": "",
+        "sender_acl_info": "",
+        "domain_footer": "",
+        "domain_footer_html": "",
+        "spam_score": "",
+        "domain_footer_info": "",
+        "acl": "",
+        "relay_transport_info": "",
+        "sender_acl_disabled": "",
+        "sogo_access": "",
+        "sogo_access_info": "",
+        "sogo_visible": "",
+        "sogo_visible_info": "",
+        "spam_alias": "",
+        "spam_filter": "",
+        "spam_policy": "",
+        "generate": "",
+        "private_comment": "",
+        "public_comment": "",
+        "pushover": "",
+        "pushover_evaluate_x_prio": "",
+        "pushover_text": "",
+        "admin": "",
+        "advanced_settings": "",
+        "allow_from_smtp": "",
+        "allow_from_smtp_info": "",
+        "allowed_protocols": "",
+        "app_passwd": "",
+        "app_passwd_protocols": "",
+        "comment_info": "",
+        "created_on": "",
+        "delete_ays": "",
+        "extended_sender_acl": "",
+        "extended_sender_acl_info": "",
+        "mbox_rl_info": "",
+        "none_inherit": "",
+        "pushover_only_x_prio": "",
+        "pushover_sender_array": "",
+        "pushover_title": "",
+        "pushover_sound": "",
+        "pushover_vars": "",
+        "mailbox_relayhost_info": "",
+        "pushover_verify": "",
+        "quota_warning_bcc": "",
+        "quota_warning_bcc_info": "",
+        "ratelimit": "",
+        "relay_unknown_only": "",
+        "pushover_info": "",
+        "pushover_sender_regex": "",
+        "app_name": "",
+        "disable_login": ""
     },
     "footer": {
         "hibp_nok": "¡Se encontró coincidencia - esta es una contraseña <b>no segura</b>, selecciona otra!",
         "hibp_ok": "No se encontraron coincidencias",
         "loading": "Espera por favor...",
-        "restart_now": "Reiniciar ahora"
+        "restart_now": "Reiniciar ahora",
+        "cancel": "",
+        "confirm_delete": "",
+        "delete_now": "",
+        "hibp_check": "",
+        "nothing_selected": "",
+        "delete_these_items": "",
+        "restart_container": "",
+        "restarting_container": "",
+        "restart_container_info": ""
     },
     "header": {
         "administration": "Administración",
@@ -447,17 +689,24 @@
         "mailcow_config": "Configuración",
         "quarantine": "Cuarentena",
         "restart_sogo": "Reiniciar SOGo",
-        "user_settings": "Configuraciones de usuario"
+        "user_settings": "Configuraciones de usuario",
+        "apps": "",
+        "mailcow_system": "",
+        "restart_netfilter": ""
     },
     "info": {
         "awaiting_tfa_confirmation": "En espera de confirmación de TFA",
-        "no_action": "No hay acción aplicable"
+        "no_action": "No hay acción aplicable",
+        "session_expires": ""
     },
     "login": {
         "delayed": "El inicio de sesión ha sido retrasado %s segundos.",
         "login": "Inicio de sesión",
         "password": "Contraseña",
-        "username": "Nombre de usuario"
+        "username": "Nombre de usuario",
+        "fido2_webauthn": "",
+        "mobileconfig_info": "",
+        "other_logins": ""
     },
     "mailbox": {
         "action": "Acción",
@@ -569,7 +818,70 @@
         "toggle_all": "Selecionar todo",
         "username": "Nombre de usuario",
         "waiting": "Esperando",
-        "weekly": "Cada semana"
+        "weekly": "Cada semana",
+        "disable_login": "",
+        "templates": "",
+        "public_comment": "",
+        "q_add_header": "",
+        "q_reject": "",
+        "table_size": "",
+        "domain_templates": "",
+        "catch_all": "",
+        "created_on": "",
+        "goto_ham": "",
+        "add_alias_expand": "",
+        "add_template": "",
+        "alias_domain_alias_hint": "",
+        "alias_domain_backupmx": "",
+        "all_domains": "",
+        "allow_from_smtp": "",
+        "allow_from_smtp_info": "",
+        "allowed_protocols": "",
+        "goto_spam": "",
+        "insert_preset": "",
+        "last_mail_login": "",
+        "last_pw_change": "",
+        "last_run_reset": "",
+        "mailbox": "",
+        "mailbox_defaults": "",
+        "no": "",
+        "open_logs": "",
+        "owner": "",
+        "private_comment": "",
+        "q_all": "",
+        "quarantine_category": "",
+        "recipient": "",
+        "relay_unknown": "",
+        "sender": "",
+        "sieve_preset_1": "",
+        "sieve_preset_5": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "template": "",
+        "tls_policy_maps_enforced_tls": "",
+        "yes": "",
+        "table_size_show_n": "",
+        "mailbox_defaults_info": "",
+        "sieve_preset_header": "",
+        "mailbox_templates": "",
+        "sieve_preset_2": "",
+        "sieve_preset_3": "",
+        "sieve_preset_8": "",
+        "sogo_visible": "",
+        "sogo_visible_n": "",
+        "sogo_visible_y": "",
+        "spam_aliases": "",
+        "stats": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "sieve_preset_4": "",
+        "sieve_preset_6": "",
+        "sieve_preset_7": ""
     },
     "oauth2": {
         "access_denied": "Inicie sesión como propietario del buzón para otorgar acceso a través de OAuth2.",
@@ -611,10 +923,43 @@
         "subj": "Asunto",
         "text_from_html_content": "Contenido (html convertido)",
         "text_plain_content": "Contenido (text/plain)",
-        "toggle_all": "Seleccionar todos"
+        "toggle_all": "Seleccionar todos",
+        "spam": "",
+        "confirm": "",
+        "download_eml": "",
+        "info": "",
+        "deliver_inbox": "",
+        "junk_folder": "",
+        "notified": "",
+        "qinfo": "",
+        "quick_delete_link": "",
+        "quick_info_link": "",
+        "quick_release_link": "",
+        "refresh": "",
+        "rejected": "",
+        "rewrite_subject": "",
+        "rspamd_result": "",
+        "sender_header": "",
+        "settings_info": "",
+        "table_size": "",
+        "table_size_show_n": "",
+        "type": ""
     },
     "queue": {
-        "queue_manager": "Administrador de cola"
+        "queue_manager": "Administrador de cola",
+        "legend": "",
+        "ays": "",
+        "deliver_mail": "",
+        "unhold_mail": "",
+        "unhold_mail_legend": "",
+        "delete": "",
+        "flush": "",
+        "info": "",
+        "deliver_mail_legend": "",
+        "hold_mail": "",
+        "hold_mail_legend": "",
+        "show_message": "",
+        "unban": ""
     },
     "start": {
         "help": "Mostrar/Ocultar panel de ayuda",
@@ -670,7 +1015,43 @@
         "tls_policy_map_entry_saved": "Regla de póliza de TLS \"%s\" ha sido guardada",
         "verified_totp_login": "Inicio de sesión TOTP verificado",
         "verified_webauthn_login": "Inicio de sesión WebAuthn verificado",
-        "verified_yotp_login": "Inicio de sesión Yubico OTP verificado"
+        "verified_yotp_login": "Inicio de sesión Yubico OTP verificado",
+        "sogo_profile_reset": "",
+        "template_added": "",
+        "template_removed": "",
+        "ui_texts": "",
+        "upload_success": "",
+        "verified_fido2_login": "",
+        "admin_added": "",
+        "admin_api_modified": "",
+        "admin_removed": "",
+        "app_links": "",
+        "app_passwd_added": "",
+        "app_passwd_removed": "",
+        "cors_headers_edited": "",
+        "domain_add_dkim_available": "",
+        "dkim_duplicated": "",
+        "domain_footer_modified": "",
+        "dovecot_restart_success": "",
+        "eas_reset": "",
+        "f2b_banlist_refreshed": "",
+        "f2b_modified": "",
+        "global_filter_written": "",
+        "hash_deleted": "",
+        "ip_check_opt_in_modified": "",
+        "item_deleted": "",
+        "item_released": "",
+        "items_deleted": "",
+        "items_released": "",
+        "learned_ham": "",
+        "license_modified": "",
+        "nginx_reloaded": "",
+        "object_modified": "",
+        "password_policy_saved": "",
+        "pushover_settings_edited": "",
+        "reset_main_logo": "",
+        "resource_removed": "",
+        "template_modified": ""
     },
     "tfa": {
         "api_register": "%s utiliza la API de la nube de Yubico. Por favor, obtén una clave API para tu llave <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">aquí</a>.",
@@ -690,7 +1071,15 @@
         "webauthn": "Autenticación WebAuthn",
         "waiting_usb_auth": "<i>Esperando al dispositivo USB...</i><br><br>Toque el botón en su dispositivo USB WebAuthn ahora.",
         "waiting_usb_register": "<i>Esperando al dispositivo USB....</i><br><br>Ingrese su contraseña arriba y confirme su registro WebAuthn tocando el botón en su dispositivo USB WebAuthn.",
-        "yubi_otp": "Yubico OTP"
+        "yubi_otp": "Yubico OTP",
+        "authenticators": "",
+        "u2f_deprecated": "",
+        "u2f_deprecated_important": "",
+        "error_code": "",
+        "init_webauthn": "",
+        "reload_retry": "",
+        "start_webauthn_validation": "",
+        "tfa_token_invalid": ""
     },
     "user": {
         "action": "Acción",
@@ -771,11 +1160,150 @@
         "waiting": "Esperando",
         "week": "Semana",
         "weekly": "Cada semana",
-        "weeks": "Semanas"
+        "weeks": "Semanas",
+        "fido2_webauthn": "",
+        "last_pw_change": "",
+        "save": "",
+        "pushover_info": "",
+        "client_configuration": "",
+        "created_on": "",
+        "q_add_header": "",
+        "active_sieve": "",
+        "apple_connection_profile_mailonly": "",
+        "attribute": "",
+        "email": "",
+        "expire_in": "",
+        "last_ui_login": "",
+        "loading": "",
+        "mailbox_general": "",
+        "mailbox_settings": "",
+        "messages": "",
+        "month": "",
+        "months": "",
+        "no_active_filter": "",
+        "password_repeat": "",
+        "pushover_evaluate_x_prio": "",
+        "pushover_only_x_prio": "",
+        "pushover_sender_array": "",
+        "pushover_sender_regex": "",
+        "pushover_text": "",
+        "pushover_title": "",
+        "pushover_sound": "",
+        "pushover_vars": "",
+        "q_reject": "",
+        "quarantine_category": "",
+        "recent_successful_connections": "",
+        "sogo_profile_reset_help": "",
+        "sogo_profile_reset_now": "",
+        "spam_score_reset": "",
+        "spamfilter_table_domain_policy": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "last_mail_login": "",
+        "pushover_verify": "",
+        "q_all": "",
+        "quarantine_category_info": "",
+        "create_app_passwd": "",
+        "no_last_login": "",
+        "sender_acl_disabled": "",
+        "show_sieve_filters": "",
+        "email_and_dav": "",
+        "empty": "",
+        "syncjob_check_log": "",
+        "login_history": "",
+        "mailbox": "",
+        "text": "",
+        "apple_connection_profile_with_app_password": "",
+        "change_password_hint_app_passwords": "",
+        "clear_recent_successful_connections": "",
+        "delete_ays": "",
+        "direct_protocol_access": "",
+        "force_pw_update": "",
+        "from": "",
+        "generate": "",
+        "in_use": "",
+        "open_logs": "",
+        "open_webmail_sso": "",
+        "title": "",
+        "value": "",
+        "verify": "",
+        "with_app_password": "",
+        "year": "",
+        "years": "",
+        "advanced_settings": "",
+        "app_hint": "",
+        "allowed_protocols": "",
+        "app_name": "",
+        "app_passwds": "",
+        "apple_connection_profile": "",
+        "apple_connection_profile_complete": "",
+        "password": ""
     },
     "warning": {
         "domain_added_sogo_failed": "Se agregó el dominio pero no se pudo reiniciar SOGo, revisa los logs del servidor.",
         "fuzzy_learn_error": "Error aprendiendo hash: %s",
-        "ip_invalid": "IP inválida omitida: %s"
+        "ip_invalid": "IP inválida omitida: %s",
+        "session_token": "",
+        "session_ua": "",
+        "cannot_delete_self": "",
+        "dovecot_restart_failed": "",
+        "hash_not_found": "",
+        "is_not_primary_alias": "",
+        "no_active_admin": "",
+        "quota_exceeded_scope": ""
+    },
+    "datatables": {
+        "decimal": "",
+        "infoPostFix": "",
+        "paginate": {
+            "last": "",
+            "first": "",
+            "next": "",
+            "previous": ""
+        },
+        "collapse_all": "",
+        "emptyTable": "",
+        "expand_all": "",
+        "info": "",
+        "infoEmpty": "",
+        "infoFiltered": "",
+        "thousands": "",
+        "lengthMenu": "",
+        "loadingRecords": "",
+        "processing": "",
+        "search": "",
+        "zeroRecords": "",
+        "aria": {
+            "sortAscending": "",
+            "sortDescending": ""
+        }
+    },
+    "fido2": {
+        "set_fn": "",
+        "start_fido2_validation": "",
+        "confirm": "",
+        "fido2_auth": "",
+        "fido2_success": "",
+        "fido2_validation_failed": "",
+        "fn": "",
+        "known_ids": "",
+        "none": "",
+        "register_status": "",
+        "rename": "",
+        "set_fido2": "",
+        "set_fido2_touchid": ""
+    },
+    "ratelimit": {
+        "disabled": "",
+        "second": "",
+        "minute": "",
+        "hour": "",
+        "day": ""
     }
 }
diff --git a/data/web/lang/lang.fi-fi.json b/data/web/lang/lang.fi-fi.json
index d4a5a08ba..e31f01aca 100644
--- a/data/web/lang/lang.fi-fi.json
+++ b/data/web/lang/lang.fi-fi.json
@@ -20,7 +20,15 @@
         "spam_score": "Roskapostitulos",
         "syncjobs": "Synkronoi työt",
         "tls_policy": "TLS-käytäntö",
-        "unlimited_quota": "Rajoittamaton kiintiö sähkö postilaatikoille"
+        "unlimited_quota": "Rajoittamaton kiintiö sähkö postilaatikoille",
+        "app_passwds": "",
+        "domain_desc": "",
+        "domain_relayhost": "",
+        "mailbox_relayhost": "",
+        "protocol_access": "",
+        "pushover": "",
+        "quarantine_category": "",
+        "smtp_ip_access": ""
     },
     "add": {
         "activate_filter_warn": "Kaikki muut suodattimet deaktivoidaan, kun aktiivinen on valittu.",
@@ -90,7 +98,17 @@
         "timeout2": "Aikakatkaisu yhteyden muodostamiseen paikalliseen isäntään",
         "username": "Käyttäjätunnus",
         "validate": "Vahvista",
-        "validation_success": "Vahvistettu onnistuneesti"
+        "validation_success": "Vahvistettu onnistuneesti",
+        "dry": "",
+        "tags": "",
+        "inactive": "",
+        "relay_transport_info": "",
+        "app_name": "",
+        "app_password": "",
+        "app_passwd_protocols": "",
+        "bcc_dest_format": "",
+        "disable_login": "",
+        "relay_unknown_only": ""
     },
     "admin": {
         "access": "Hallinta",
@@ -267,7 +285,73 @@
         "upload": "Lataa",
         "username": "Käyttäjätunnus",
         "validate_license_now": "Vahvista GUID-tunnus lisenssi palvelinta vastaan",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "logo_normal_label": "",
+        "logo_dark_label": "",
+        "copy_to_clipboard": "",
+        "f2b_ban_time_increment": "",
+        "f2b_manage_external": "",
+        "f2b_manage_external_info": "",
+        "f2b_max_ban_time": "",
+        "allowed_methods": "",
+        "allowed_origins": "",
+        "cors_settings": "",
+        "ip_check": "",
+        "rspamd_global_filters": "",
+        "service": "",
+        "password_policy_lowerupper": "",
+        "password_policy_numbers": "",
+        "quarantine_max_score": "",
+        "quarantine_redirect": "",
+        "domain_admin": "",
+        "f2b_filter": "",
+        "f2b_regex_info": "",
+        "html": "",
+        "oauth2_apps": "",
+        "oauth2_add_client": "",
+        "optional": "",
+        "options": "",
+        "password_length": "",
+        "password_policy_chars": "",
+        "rspamd_global_filters_agree": "",
+        "rspamd_global_filters_info": "",
+        "sal_level": "",
+        "success": "",
+        "title": "",
+        "transport_test_rcpt_info": "",
+        "ui_header_announcement": "",
+        "ui_header_announcement_active": "",
+        "ui_header_announcement_content": "",
+        "password_policy": "",
+        "password_policy_length": "",
+        "queue_unban": "",
+        "relay_rcpt": "",
+        "rsettings_preset_3": "",
+        "rsettings_preset_4": "",
+        "ui_header_announcement_help": "",
+        "ui_header_announcement_select": "",
+        "ui_header_announcement_type": "",
+        "ui_header_announcement_type_danger": "",
+        "ui_header_announcement_type_info": "",
+        "ui_header_announcement_type_warning": "",
+        "verify": "",
+        "ip_check_disabled": "",
+        "ip_check_opt_in": "",
+        "is_mx_based": "",
+        "login_time": "",
+        "rspamd_global_filters_regex": "",
+        "password_policy_special_chars": "",
+        "quarantine_bcc": "",
+        "regex_maps": "",
+        "dkim_overwrite_key": "",
+        "admins": "",
+        "admins_ldap": "",
+        "advanced_settings": "",
+        "api_read_only": "",
+        "api_read_write": "",
+        "api_skip_ip_check": "",
+        "ays": "",
+        "convert_html_to_text": ""
     },
     "danger": {
         "access_denied": "Käyttö estetty tai lomake tiedot eivät kelpaa",
@@ -369,7 +453,36 @@
         "username_invalid": "Käyttäjätunnusta %s ei voi käyttää",
         "validity_missing": "Anna voimassaolo aika",
         "value_missing": "Anna kaikki arvot",
-        "yotp_verification_failed": "Yubico OTP todentaminen epäonnistui: %s"
+        "yotp_verification_failed": "Yubico OTP todentaminen epäonnistui: %s",
+        "webauthn_authenticator_failed": "",
+        "webauthn_publickey_failed": "",
+        "cors_invalid_origin": "",
+        "file_open_error": "",
+        "global_filter_write_error": "",
+        "global_map_invalid": "",
+        "global_map_write_error": "",
+        "ham_learn_error": "",
+        "invalid_filter_type": "",
+        "cors_invalid_method": "",
+        "pushover_key": "",
+        "img_dimensions_exceeded": "",
+        "img_size_exceeded": "",
+        "nginx_reload_failed": "",
+        "pushover_credentials_missing": "",
+        "pushover_token": "",
+        "template_exists": "",
+        "template_id_invalid": "",
+        "template_name_invalid": "",
+        "tls_policy_map_dest_invalid": "",
+        "webauthn_username_failed": "",
+        "app_name_empty": "",
+        "app_passwd_id_invalid": "",
+        "demo_mode_enabled": "",
+        "dkim_domain_or_sel_exists": "",
+        "extended_sender_acl_denied": "",
+        "fido2_verification_failed": "",
+        "reset_f2b_regex": "",
+        "tfa_token_invalid": ""
     },
     "debug": {
         "containers_info": "Säilön tiedot",
@@ -389,7 +502,28 @@
         "uptime": "Päällä",
         "started_on": "Aloitettiin",
         "static_logs": "Staattiset lokit",
-        "system_containers": "Systeemi & Säiliöt"
+        "system_containers": "Systeemi & Säiliöt",
+        "memory": "",
+        "architecture": "",
+        "online_users": "",
+        "error_show_ip": "",
+        "success": "",
+        "wip": "",
+        "container_disabled": "",
+        "history_all_servers": "",
+        "service": "",
+        "timezone": "",
+        "update_available": "",
+        "no_update_available": "",
+        "update_failed": "",
+        "username": "",
+        "chart_this_server": "",
+        "container_running": "",
+        "container_stopped": "",
+        "cores": "",
+        "login_time": "",
+        "current_time": "",
+        "show_ip": ""
     },
     "diagnostics": {
         "cname_from_a": "Arvo johdettu A / AAAA-tietueesta. Tätä tuetaan niin kauan kuin tietue osoittaa oikealle resurssille.",
@@ -399,7 +533,8 @@
         "dns_records_name": "Nimi",
         "dns_records_status": "Nykyinen tila",
         "dns_records_type": "Tyyppi",
-        "optional": "Tämä tietue on valinnainen."
+        "optional": "Tämä tietue on valinnainen.",
+        "dns_records_docs": ""
     },
     "edit": {
         "active": "Aktiivinen",
@@ -480,7 +615,57 @@
         "title": "Muokkaa objektia",
         "unchanged_if_empty": "Jos muuttumaton jätä tyhjäksi",
         "username": "Käyttäjätunnus",
-        "validate_save": "Vahvista ja tallenna"
+        "validate_save": "Vahvista ja tallenna",
+        "lookup_mx": "",
+        "footer_exclude": "",
+        "custom_attributes": "",
+        "domain_footer_info_vars": {
+            "from_addr": "",
+            "from_domain": "",
+            "auth_user": "",
+            "from_user": "",
+            "from_name": "",
+            "custom": ""
+        },
+        "allow_from_smtp_info": "",
+        "allowed_protocols": "",
+        "app_name": "",
+        "app_passwd": "",
+        "app_passwd_protocols": "",
+        "created_on": "",
+        "sogo_access": "",
+        "sogo_access_info": "",
+        "domain_footer_skip_replies": "",
+        "domain_footer_plain": "",
+        "domain_footer": "",
+        "domain_footer_html": "",
+        "ratelimit": "",
+        "acl": "",
+        "advanced_settings": "",
+        "allow_from_smtp": "",
+        "domain_footer_info": "",
+        "none_inherit": "",
+        "pushover_only_x_prio": "",
+        "pushover_sender_regex": "",
+        "pushover_verify": "",
+        "quota_warning_bcc_info": "",
+        "relay_transport_info": "",
+        "relay_unknown_only": "",
+        "spam_filter": "",
+        "pushover_text": "",
+        "admin": "",
+        "generate": "",
+        "delete_ays": "",
+        "disable_login": "",
+        "pushover": "",
+        "pushover_info": "",
+        "pushover_sender_array": "",
+        "pushover_title": "",
+        "pushover_sound": "",
+        "mailbox_relayhost_info": "",
+        "pushover_vars": "",
+        "pushover_evaluate_x_prio": "",
+        "quota_warning_bcc": ""
     },
     "footer": {
         "cancel": "Peruuta",
@@ -493,7 +678,9 @@
         "restart_container": "Uudelleen käynnistä moottori",
         "restart_container_info": "<b>Tärkeää:</b> Uudelleenkäynnistys voi kestää jonkin aikaa, odota, kunnes se päättyy.",
         "restart_now": "Käynnistä uudelleen nyt",
-        "restarting_container": "Uudelleen käynnistä container, tämä saattaa kestää jonkin aikaa..."
+        "restarting_container": "Uudelleen käynnistä container, tämä saattaa kestää jonkin aikaa...",
+        "hibp_check": "",
+        "nothing_selected": ""
     },
     "header": {
         "administration": "Kokoonpanon & tiedot",
@@ -504,7 +691,8 @@
         "quarantine": "Karanteeni",
         "restart_netfilter": "Uudelleen käynnistä netfilter",
         "restart_sogo": "Uudelleen käynnistä SOGo",
-        "user_settings": "Käyttäjän asetukset"
+        "user_settings": "Käyttäjän asetukset",
+        "mailcow_system": ""
     },
     "info": {
         "awaiting_tfa_confirmation": "Odotetaan TFA-vahvistusta",
@@ -515,7 +703,10 @@
         "delayed": "Kirjautuminen viivästyi %s sekunttia.",
         "login": "Kirjaudu",
         "password": "Salasana",
-        "username": "Käyttäjätunnus"
+        "username": "Käyttäjätunnus",
+        "fido2_webauthn": "",
+        "mobileconfig_info": "",
+        "other_logins": ""
     },
     "mailbox": {
         "action": "Toiminnot",
@@ -639,7 +830,58 @@
         "username": "Käyttäjätunnus",
         "waiting": "Odotetaan..",
         "weekly": "Viikoittain",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "templates": "",
+        "catch_all": "",
+        "created_on": "",
+        "disable_login": "",
+        "domain_templates": "",
+        "goto_ham": "",
+        "goto_spam": "",
+        "template": "",
+        "sieve_preset_8": "",
+        "allow_from_smtp_info": "",
+        "sieve_preset_header": "",
+        "sender": "",
+        "sieve_preset_6": "",
+        "sieve_preset_7": "",
+        "insert_preset": "",
+        "last_mail_login": "",
+        "add_template": "",
+        "alias_domain_alias_hint": "",
+        "all_domains": "",
+        "allow_from_smtp": "",
+        "allowed_protocols": "",
+        "q_reject": "",
+        "quarantine_category": "",
+        "recipient": "",
+        "relay_unknown": "",
+        "stats": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "table_size": "",
+        "table_size_show_n": "",
+        "tls_policy_maps_enforced_tls": "",
+        "last_pw_change": "",
+        "open_logs": "",
+        "q_add_header": "",
+        "q_all": "",
+        "mailbox_defaults": "",
+        "mailbox_defaults_info": "",
+        "mailbox_templates": "",
+        "sieve_preset_1": "",
+        "sieve_preset_2": "",
+        "sieve_preset_3": "",
+        "sieve_preset_4": "",
+        "sieve_preset_5": "",
+        "add_alias_expand": ""
     },
     "oauth2": {
         "access_denied": "Kirjaudu sisään postilaatikon omistajana myöntääksesi käyttöoikeuden OAuth2: n kautta.",
@@ -683,10 +925,41 @@
         "subj": "Aihe",
         "text_from_html_content": "Sisältö (muunnettu html)",
         "text_plain_content": "Sisältö (teksti / tavallinen)",
-        "toggle_all": "Valitse kaikki"
+        "toggle_all": "Valitse kaikki",
+        "spam": "",
+        "deliver_inbox": "",
+        "info": "",
+        "type": "",
+        "quick_info_link": "",
+        "table_size": "",
+        "table_size_show_n": "",
+        "confirm": "",
+        "qinfo": "",
+        "sender_header": "",
+        "settings_info": "",
+        "rewrite_subject": "",
+        "junk_folder": "",
+        "notified": "",
+        "quick_release_link": "",
+        "rejected": "",
+        "quick_delete_link": "",
+        "refresh": ""
     },
     "queue": {
-        "queue_manager": "Jonon hallinta"
+        "queue_manager": "Jonon hallinta",
+        "deliver_mail": "",
+        "deliver_mail_legend": "",
+        "delete": "",
+        "flush": "",
+        "info": "",
+        "legend": "",
+        "ays": "",
+        "hold_mail": "",
+        "hold_mail_legend": "",
+        "show_message": "",
+        "unban": "",
+        "unhold_mail": "",
+        "unhold_mail_legend": ""
     },
     "start": {
         "help": "Näytä/Piilota help paneeli",
@@ -761,7 +1034,24 @@
         "upload_success": "Tiedosto ladattu onnistuneesti",
         "verified_totp_login": "Vahvistettu TOTP-kirjautuminen",
         "verified_webauthn_login": "Vahvistettu WebAuthn kirjautuminen",
-        "verified_yotp_login": "Vahvistettu Yubico OTP kirjautuminen"
+        "verified_yotp_login": "Vahvistettu Yubico OTP kirjautuminen",
+        "app_passwd_added": "",
+        "global_filter_written": "",
+        "template_added": "",
+        "template_modified": "",
+        "app_passwd_removed": "",
+        "cors_headers_edited": "",
+        "domain_add_dkim_available": "",
+        "domain_footer_modified": "",
+        "dovecot_restart_success": "",
+        "f2b_banlist_refreshed": "",
+        "ip_check_opt_in_modified": "",
+        "learned_ham": "",
+        "nginx_reloaded": "",
+        "password_policy_saved": "",
+        "pushover_settings_edited": "",
+        "template_removed": "",
+        "verified_fido2_login": ""
     },
     "tfa": {
         "api_register": "%s käyttää Yubico Cloud API. Saat avaimesi API-avaimen <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">täältä</a>",
@@ -785,7 +1075,11 @@
         "webauthn": "WebAuthn todennus",
         "waiting_usb_auth": "<i>Odotetaan USB-laitetta...</i><br><br>Napauta painiketta WebAuthn USB-laitteessa nyt",
         "waiting_usb_register": "<i>Odotetaan USB-laitetta...</i><br><br>Anna salasanasi yltä ja vahvista WebAuthn-rekisteröinti napauttamalla painiketta WebAuthn USB-laitteessa.",
-        "yubi_otp": "Yubico OTP-todennus"
+        "yubi_otp": "Yubico OTP-todennus",
+        "authenticators": "",
+        "tfa_token_invalid": "",
+        "u2f_deprecated": "",
+        "u2f_deprecated_important": ""
     },
     "user": {
         "action": "Toiminnot",
@@ -880,7 +1174,76 @@
         "waiting": "Odottaa",
         "week": "Viikko",
         "weekly": "Viikoittain",
-        "weeks": "Viikkoa"
+        "weeks": "Viikkoa",
+        "attribute": "",
+        "last_ui_login": "",
+        "allowed_protocols": "",
+        "delete_ays": "",
+        "email_and_dav": "",
+        "empty": "",
+        "fido2_webauthn": "",
+        "text": "",
+        "generate": "",
+        "last_mail_login": "",
+        "last_pw_change": "",
+        "login_history": "",
+        "mailbox_general": "",
+        "mailbox_settings": "",
+        "month": "",
+        "months": "",
+        "no_last_login": "",
+        "open_logs": "",
+        "open_webmail_sso": "",
+        "password": "",
+        "password_repeat": "",
+        "pushover_evaluate_x_prio": "",
+        "pushover_info": "",
+        "pushover_sender_array": "",
+        "recent_successful_connections": "",
+        "value": "",
+        "mailbox": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "title": "",
+        "verify": "",
+        "with_app_password": "",
+        "year": "",
+        "years": "",
+        "advanced_settings": "",
+        "app_hint": "",
+        "app_name": "",
+        "app_passwds": "",
+        "apple_connection_profile": "",
+        "apple_connection_profile_mailonly": "",
+        "apple_connection_profile_with_app_password": "",
+        "change_password_hint_app_passwords": "",
+        "clear_recent_successful_connections": "",
+        "create_app_passwd": "",
+        "created_on": "",
+        "direct_protocol_access": "",
+        "email": "",
+        "apple_connection_profile_complete": "",
+        "pushover_sender_regex": "",
+        "pushover_text": "",
+        "pushover_title": "",
+        "pushover_sound": "",
+        "pushover_vars": "",
+        "pushover_verify": "",
+        "q_add_header": "",
+        "q_all": "",
+        "q_reject": "",
+        "quarantine_category": "",
+        "quarantine_category_info": "",
+        "pushover_only_x_prio": "",
+        "from": "",
+        "save": "",
+        "syncjob_check_log": ""
     },
     "warning": {
         "cannot_delete_self": "Kirjautuneen käyttäjän poistaminen ei onnistu",
@@ -890,7 +1253,10 @@
         "ip_invalid": "Ohitettu virheellinen IP-osoite: %s",
         "no_active_admin": "Viimeistä aktiivista järjestelmänvalvojaa ei voi poistaa käytöstä",
         "session_token": "Lomakkeen tunnus sanoma ei kelpaa: tunnus sanoman risti riita",
-        "session_ua": "Lomakkeen tunnus sanoma ei kelpaa: käyttäjä agentin tarkistus virhe"
+        "session_ua": "Lomakkeen tunnus sanoma ei kelpaa: käyttäjä agentin tarkistus virhe",
+        "is_not_primary_alias": "",
+        "quota_exceeded_scope": "",
+        "dovecot_restart_failed": ""
     },
     "datatables": {
         "emptyTable": "Tietoja ei ole saatavilla taulukossa",
@@ -901,7 +1267,43 @@
         "search": "Etsi:",
         "paginate": {
             "first": "Ensimmäinen",
-            "last": "Edellinen"
+            "last": "Edellinen",
+            "next": "",
+            "previous": ""
+        },
+        "infoPostFix": "",
+        "decimal": "",
+        "collapse_all": "",
+        "info": "",
+        "infoEmpty": "",
+        "infoFiltered": "",
+        "thousands": "",
+        "zeroRecords": "",
+        "aria": {
+            "sortAscending": "",
+            "sortDescending": ""
         }
+    },
+    "fido2": {
+        "confirm": "",
+        "fido2_auth": "",
+        "fido2_validation_failed": "",
+        "fn": "",
+        "known_ids": "",
+        "register_status": "",
+        "rename": "",
+        "set_fido2": "",
+        "fido2_success": "",
+        "none": "",
+        "set_fido2_touchid": "",
+        "set_fn": "",
+        "start_fido2_validation": ""
+    },
+    "ratelimit": {
+        "disabled": "",
+        "second": "",
+        "minute": "",
+        "hour": "",
+        "day": ""
     }
 }
diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index aed9ec567..48b14ccf6 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -343,7 +343,15 @@
         "f2b_manage_external": "Gérer Fail2Ban en externe",
         "transport_test_rcpt_info": "&#8226 ; Utilisez null@hosted.mailcow.de pour tester le relais vers une destination étrangère.",
         "relay_rcpt": "Adresse \"À :\"",
-        "is_mx_based": "Basé sur MX"
+        "is_mx_based": "Basé sur MX",
+        "service": "",
+        "success": "",
+        "cors_settings": "",
+        "ip_check_opt_in": "",
+        "admins_ldap": "",
+        "login_time": "",
+        "options": "",
+        "queue_unban": ""
     },
     "danger": {
         "access_denied": "Accès refusé ou données de formulaire non valides",
@@ -503,7 +511,19 @@
         "wip": "En cours de réalisation",
         "architecture": "Architecture",
         "cores": "Cœurs",
-        "current_time": "Heure du système"
+        "current_time": "Heure du système",
+        "service": "",
+        "show_ip": "",
+        "memory": "",
+        "success": "",
+        "update_available": "",
+        "no_update_available": "",
+        "update_failed": "",
+        "error_show_ip": "",
+        "container_running": "",
+        "container_disabled": "",
+        "container_stopped": "",
+        "login_time": ""
     },
     "diagnostics": {
         "cname_from_a": "Valeur dérivée de l’enregistrement A/AAAA. Ceci est supporté tant que l’enregistrement indique la bonne ressource.",
@@ -642,7 +662,10 @@
         "quota_warning_bcc": "Avertissement sur les quotas BCC",
         "quota_warning_bcc_info": "Les avertissements seront envoyés en copies séparées aux destinataires suivants. Le sujet sera précédé du nom d'utilisateur correspondant entre parenthèses, par exemple : <code>Avertissement sur les quotas (user@example.com)</code>.",
         "sogo_access_info": "L'authentification unique à partir de l'interface de messagerie reste opérationnelle. Ce paramètre n'affecte pas l'accès à tous les autres services et ne supprime ni ne modifie le profil SOGo existant d'un utilisateur.",
-        "admin": "Modifier l'administrateur"
+        "admin": "Modifier l'administrateur",
+        "pushover": "",
+        "pushover_sound": "",
+        "sogo_access": ""
     },
     "footer": {
         "cancel": "Annuler",
@@ -656,7 +679,8 @@
         "restart_container_info": "<b>Important :</b> Un redémarrage en douceur peut prendre un certain temps, veuillez attendre qu’il soit terminé.",
         "restart_now": "Redémarrer maintenant",
         "restarting_container": "Redémarrage du conteneur, cela peut prendre un certain temps",
-        "nothing_selected": "Rien n'est sélectionné"
+        "nothing_selected": "Rien n'est sélectionné",
+        "hibp_check": ""
     },
     "header": {
         "administration": "Configuration & détails",
@@ -667,7 +691,8 @@
         "quarantine": "Quarantaine",
         "restart_netfilter": "Redémarrer Netfilter",
         "restart_sogo": "Redémarrer SOGo",
-        "user_settings": "Paramètres utilisateur"
+        "user_settings": "Paramètres utilisateur",
+        "mailcow_system": ""
     },
     "info": {
         "awaiting_tfa_confirmation": "En attente de la confirmation de TFA",
@@ -841,7 +866,22 @@
         "mailbox_templates": "Modèle de boîte de réception",
         "relay_unknown": "Relayer les boîtes de réception inconnues",
         "all_domains": "Tous les domaines",
-        "syncjob_EXIT_OVERQUOTA": "Quota dépassé de la boîte de réception cible"
+        "syncjob_EXIT_OVERQUOTA": "Quota dépassé de la boîte de réception cible",
+        "syncjob_check_log": "",
+        "add_template": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "templates": "",
+        "recipient": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "template": "",
+        "domain_templates": "",
+        "open_logs": "",
+        "sender": ""
     },
     "oauth2": {
         "access_denied": "Veuillez vous connecter en tant que propriétaire de la boîte de réception pour accorder l’accès via Oauth2.",
@@ -914,7 +954,12 @@
         "hold_mail_legend": "Met en attente les courriers sélectionnés. (Empêche les tentatives de distribution ultérieures)",
         "unban": "file d'attente d'unban",
         "unhold_mail": "Libérer",
-        "unhold_mail_legend": "Libère les courriers sélectionnés pour la distribution. (Nécessite une mise en attente préalable)"
+        "unhold_mail_legend": "Libère les courriers sélectionnés pour la distribution. (Nécessite une mise en attente préalable)",
+        "deliver_mail": "",
+        "delete": "",
+        "flush": "",
+        "show_message": "",
+        "ays": ""
     },
     "start": {
         "help": "Afficher/masquer le panneau d’aide",
@@ -1004,7 +1049,9 @@
         "template_added": "Modèles ajoutés %s",
         "template_removed": "Le modèle ayant l'ID %s a été supprimé",
         "domain_add_dkim_available": "A DKIM key did already exist",
-        "ip_check_opt_in_modified": "Le contrôle de l'IP a été enregistré avec succès"
+        "ip_check_opt_in_modified": "Le contrôle de l'IP a été enregistré avec succès",
+        "password_policy_saved": "",
+        "template_modified": ""
     },
     "tfa": {
         "api_register": "%s utilise l'API Yubico Cloud. Veuillez obtenir une clé API pour votre clé <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">ici</a>",
@@ -1202,7 +1249,16 @@
         "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Nom d'utilisateur ou mot de passe incorrect",
         "value": "Valeur",
         "allowed_protocols": "Protocoles autorisés",
-        "mailbox": "Boîte de réception"
+        "mailbox": "Boîte de réception",
+        "open_logs": "",
+        "empty": "",
+        "last_pw_change": "",
+        "mailbox_general": "",
+        "mailbox_settings": "",
+        "month": "",
+        "pushover_sound": "",
+        "from": "",
+        "fido2_webauthn": ""
     },
     "warning": {
         "cannot_delete_self": "Impossible de supprimer l’utilisateur connecté",
@@ -1223,7 +1279,9 @@
         "thousands": ",",
         "paginate": {
             "first": "Premier",
-            "last": "Dernier"
+            "last": "Dernier",
+            "next": "",
+            "previous": ""
         },
         "aria": {
             "sortAscending": ": activer pour trier les colonnes en ordre croissant",
@@ -1234,9 +1292,18 @@
         "lengthMenu": "Afficher les entrées _MENU_",
         "loadingRecords": "Chargement…",
         "processing": "Veuillez patienter…",
-        "collapse_all": "Tout réduire"
+        "collapse_all": "Tout réduire",
+        "infoPostFix": "",
+        "emptyTable": "",
+        "info": "",
+        "search": "",
+        "zeroRecords": ""
     },
     "ratelimit": {
-        "disabled": "Désactivé"
+        "disabled": "Désactivé",
+        "day": "",
+        "second": "",
+        "minute": "",
+        "hour": ""
     }
 }
diff --git a/data/web/lang/lang.gr-gr.json b/data/web/lang/lang.gr-gr.json
index df9127aec..8a8f6ad17 100644
--- a/data/web/lang/lang.gr-gr.json
+++ b/data/web/lang/lang.gr-gr.json
@@ -6,7 +6,162 @@
         "weeks": "Εβδομάδες",
         "with_app_password": "με κωδικό εφαρμογής",
         "year": "χρόνος",
-        "years": "χρόνια"
+        "years": "χρόνια",
+        "alias_select_validity": "",
+        "pushover_text": "",
+        "pushover_title": "",
+        "text": "",
+        "action": "",
+        "clear_recent_successful_connections": "",
+        "client_configuration": "",
+        "create_app_passwd": "",
+        "running": "",
+        "save": "",
+        "tag_handling": "",
+        "tag_in_none": "",
+        "alias_time_left": "",
+        "alias_valid_until": "",
+        "aliases_also_send_as": "",
+        "aliases_send_as_all": "",
+        "allowed_protocols": "",
+        "direct_protocol_access": "",
+        "eas_reset": "",
+        "pushover_sound": "",
+        "pushover_verify": "",
+        "q_add_header": "",
+        "q_all": "",
+        "remove": "",
+        "q_reject": "",
+        "quarantine_category": "",
+        "quarantine_category_info": "",
+        "quarantine_notification": "",
+        "quarantine_notification_info": "",
+        "recent_successful_connections": "",
+        "save_changes": "",
+        "sender_acl_disabled": "",
+        "shared_aliases": "",
+        "shared_aliases_desc": "",
+        "show_sieve_filters": "",
+        "sogo_profile_reset": "",
+        "sogo_profile_reset_help": "",
+        "sogo_profile_reset_now": "",
+        "spam_score_reset": "",
+        "spamfilter": "",
+        "spamfilter_behavior": "",
+        "spamfilter_bl": "",
+        "title": "",
+        "tls_policy": "",
+        "tls_policy_warning": "",
+        "user_settings": "",
+        "username": "",
+        "value": "",
+        "waiting": "",
+        "no_record": "",
+        "edit": "",
+        "email": "",
+        "email_and_dav": "",
+        "empty": "",
+        "encryption": "",
+        "spamfilter_default_score": "",
+        "spamfilter_green": "",
+        "spamfilter_red": "",
+        "active": "",
+        "active_sieve": "",
+        "advanced_settings": "",
+        "alias": "",
+        "alias_create_random": "",
+        "alias_extend_all": "",
+        "alias_full_date": "",
+        "alias_remove_all": "",
+        "app_hint": "",
+        "app_name": "",
+        "app_passwds": "",
+        "apple_connection_profile": "",
+        "apple_connection_profile_complete": "",
+        "attribute": "",
+        "create_syncjob": "",
+        "created_on": "",
+        "daily": "",
+        "day": "",
+        "delete_ays": "",
+        "direct_aliases": "",
+        "direct_aliases_desc": "",
+        "eas_reset_help": "",
+        "eas_reset_now": "",
+        "excludes": "",
+        "expire_in": "",
+        "fido2_webauthn": "",
+        "force_pw_update": "",
+        "from": "",
+        "generate": "",
+        "hour": "",
+        "hourly": "",
+        "hours": "",
+        "in_use": "",
+        "interval": "",
+        "is_catch_all": "",
+        "last_mail_login": "",
+        "last_pw_change": "",
+        "last_run": "",
+        "last_ui_login": "",
+        "loading": "",
+        "login_history": "",
+        "mailbox": "",
+        "mailbox_details": "",
+        "mailbox_general": "",
+        "month": "",
+        "months": "",
+        "never": "",
+        "new_password": "",
+        "new_password_repeat": "",
+        "no_active_filter": "",
+        "open_logs": "",
+        "open_webmail_sso": "",
+        "password": "",
+        "password_now": "",
+        "password_repeat": "",
+        "pushover_evaluate_x_prio": "",
+        "pushover_info": "",
+        "pushover_only_x_prio": "",
+        "pushover_sender_array": "",
+        "pushover_sender_regex": "",
+        "pushover_vars": "",
+        "spamfilter_bl_desc": "",
+        "spamfilter_hint": "",
+        "spamfilter_table_action": "",
+        "spamfilter_table_add": "",
+        "spamfilter_table_domain_policy": "",
+        "spamfilter_table_empty": "",
+        "spamfilter_table_remove": "",
+        "spamfilter_table_rule": "",
+        "spamfilter_wl": "",
+        "spamfilter_wl_desc": "",
+        "spamfilter_yellow": "",
+        "sync_jobs": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "tag_help_example": "",
+        "tag_help_explain": "",
+        "tag_in_subfolder": "",
+        "tag_in_subject": "",
+        "tls_enforce_in": "",
+        "tls_enforce_out": "",
+        "no_last_login": "",
+        "status": "",
+        "apple_connection_profile_mailonly": "",
+        "apple_connection_profile_with_app_password": "",
+        "change_password": "",
+        "change_password_hint_app_passwords": "",
+        "mailbox_settings": "",
+        "messages": "",
+        "spam_aliases": ""
     },
     "warning": {
         "cannot_delete_self": "Αδυναμία διαγραφής συνδεδεμένου χρήστη",
@@ -15,6 +170,1140 @@
         "domain_added_sogo_failed": "Προστέθηκε το όνομα χώρου αλλά απέτυχε η επανεκκίνηση του SOGo.",
         "hash_not_found": "Η κατακερματισμένη τιμή (hash value) δεν βρέθηκε ή έχει είδη διαγραφεί.",
         "ip_invalid": "Παραλείφθηκε μη έγκυρη διεύθυνση IP: %s",
-        "is_not_primary_alias": "Παραλείφθηκε μη πρωτεύον ψευδώνυμο %s"
+        "is_not_primary_alias": "Παραλείφθηκε μη πρωτεύον ψευδώνυμο %s",
+        "fuzzy_learn_error": "",
+        "quota_exceeded_scope": "",
+        "session_token": "",
+        "session_ua": ""
+    },
+    "edit": {
+        "footer_exclude": "",
+        "kind": "",
+        "last_modified": "",
+        "lookup_mx": "",
+        "mailbox": "",
+        "mailbox_quota_def": "",
+        "mailbox_relayhost_info": "",
+        "max_aliases": "",
+        "max_mailboxes": "",
+        "max_quota": "",
+        "maxage": "",
+        "maxbytespersecond": "",
+        "gal_info": "",
+        "relay_transport_info": "",
+        "relay_unknown_only": "",
+        "pushover_text": "",
+        "full_name": "",
+        "gal": "",
+        "generate": "",
+        "extended_sender_acl_info": "",
+        "force_pw_update": "",
+        "force_pw_update_info": "",
+        "none_inherit": "",
+        "password": "",
+        "password_repeat": "",
+        "previous": "",
+        "private_comment": "",
+        "public_comment": "",
+        "pushover_info": "",
+        "pushover_only_x_prio": "",
+        "spam_alias": "",
+        "spam_filter": "",
+        "spam_policy": "",
+        "custom_attributes": "",
+        "delete2": "",
+        "delete2duplicates": "",
+        "delete_ays": "",
+        "description": "",
+        "disable_login": "",
+        "domain": "",
+        "domain_admin": "",
+        "domain_footer_info_vars": {
+            "custom": "",
+            "auth_user": "",
+            "from_user": "",
+            "from_name": "",
+            "from_addr": "",
+            "from_domain": ""
+        },
+        "timeout2": "",
+        "unchanged_if_empty": "",
+        "username": "",
+        "domain_footer_skip_replies": "",
+        "exclude": "",
+        "extended_sender_acl": "",
+        "domain_footer": "",
+        "pushover_sender_regex": "",
+        "pushover_title": "",
+        "target_domain": "",
+        "acl": "",
+        "active": "",
+        "admin": "",
+        "advanced_settings": "",
+        "alias": "",
+        "allow_from_smtp": "",
+        "allow_from_smtp_info": "",
+        "allowed_protocols": "",
+        "domain_footer_html": "",
+        "domain_footer_info": "",
+        "grant_types": "",
+        "hostname": "",
+        "domain_footer_plain": "",
+        "domain_quota": "",
+        "domains": "",
+        "dont_check_sender_acl": "",
+        "edit_alias_domain": "",
+        "encryption": "",
+        "mbox_rl_info": "",
+        "mins_interval": "",
+        "multiple_bookings": "",
+        "nexthop": "",
+        "pushover": "",
+        "pushover_evaluate_x_prio": "",
+        "pushover_sender_array": "",
+        "pushover_sound": "",
+        "pushover_vars": "",
+        "inactive": "",
+        "pushover_verify": "",
+        "quota_mb": "",
+        "quota_warning_bcc": "",
+        "quota_warning_bcc_info": "",
+        "ratelimit": "",
+        "redirect_uri": "",
+        "relay_all": "",
+        "relay_all_info": "",
+        "relay_domain": "",
+        "relayhost": "",
+        "remove": "",
+        "resource": "",
+        "save": "",
+        "scope": "",
+        "sender_acl": "",
+        "sender_acl_disabled": "",
+        "sender_acl_info": "",
+        "sieve_desc": "",
+        "sieve_type": "",
+        "skipcrossduplicates": "",
+        "sogo_access": "",
+        "sogo_access_info": "",
+        "sogo_visible": "",
+        "sogo_visible_info": "",
+        "spam_score": "",
+        "subfolder2": "",
+        "syncjob": "",
+        "target_address": "",
+        "timeout1": "",
+        "validate_save": "",
+        "app_name": "",
+        "app_passwd": "",
+        "app_passwd_protocols": "",
+        "automap": "",
+        "backup_mx_options": "",
+        "bcc_dest_format": "",
+        "client_id": "",
+        "client_secret": "",
+        "comment_info": "",
+        "created_on": "",
+        "delete1": "",
+        "title": ""
+    },
+    "admin": {
+        "oauth2_redirect_uri": "",
+        "oauth2_renew_secret": "",
+        "quarantine_exclude_domains": "",
+        "quota_notification_sender": "",
+        "logo_normal_label": "",
+        "logo_dark_label": "",
+        "dkim_add_key": "",
+        "dkim_domains_selector": "",
+        "dkim_domains_wo_keys": "",
+        "dkim_from": "",
+        "dkim_from_title": "",
+        "dkim_key_length": "",
+        "dkim_key_missing": "",
+        "domain_admin": "",
+        "options": "",
+        "save": "",
+        "search_domain_da": "",
+        "send": "",
+        "sender": "",
+        "service": "",
+        "service_id": "",
+        "source": "",
+        "spamfilter": "",
+        "subject": "",
+        "success": "",
+        "copy_to_clipboard": "",
+        "credentials_transport_warning": "",
+        "customer_id": "",
+        "customize": "",
+        "destination": "",
+        "dkim_key_unused": "",
+        "dkim_key_valid": "",
+        "dkim_keys": "",
+        "dkim_overwrite_key": "",
+        "dkim_private_key": "",
+        "dkim_to": "",
+        "dkim_to_title": "",
+        "domain": "",
+        "domain_admins": "",
+        "domain_s": "",
+        "duplicate_dkim": "",
+        "edit": "",
+        "empty": "",
+        "excludes": "",
+        "f2b_ban_time": "",
+        "f2b_ban_time_increment": "",
+        "f2b_blacklist": "",
+        "f2b_filter": "",
+        "f2b_list_info": "",
+        "f2b_manage_external": "",
+        "f2b_manage_external_info": "",
+        "f2b_max_attempts": "",
+        "f2b_max_ban_time": "",
+        "f2b_netban_ipv4": "",
+        "f2b_netban_ipv6": "",
+        "f2b_parameters": "",
+        "f2b_regex_info": "",
+        "f2b_retry_window": "",
+        "forwarding_hosts": "",
+        "forwarding_hosts_add_hint": "",
+        "forwarding_hosts_hint": "",
+        "from": "",
+        "generate": "",
+        "guid": "",
+        "guid_and_license": "",
+        "hash_remove_info": "",
+        "help_text": "",
+        "host": "",
+        "html": "",
+        "import": "",
+        "import_private_key": "",
+        "in_use_by": "",
+        "inactive": "",
+        "include_exclude": "",
+        "include_exclude_info": "",
+        "includes": "",
+        "ip_check": "",
+        "ip_check_disabled": "",
+        "ip_check_opt_in": "",
+        "is_mx_based": "",
+        "last_applied": "",
+        "license_info": "",
+        "link": "",
+        "loading": "",
+        "login_time": "",
+        "logo_info": "",
+        "lookup_mx": "",
+        "main_name": "",
+        "merged_vars_hint": "",
+        "message": "",
+        "message_size": "",
+        "nexthop": "",
+        "no": "",
+        "no_active_bans": "",
+        "no_new_rows": "",
+        "no_record": "",
+        "oauth2_apps": "",
+        "oauth2_add_client": "",
+        "oauth2_client_id": "",
+        "oauth2_client_secret": "",
+        "oauth2_info": "",
+        "oauth2_revoke_tokens": "",
+        "optional": "",
+        "password": "",
+        "password_length": "",
+        "password_policy": "",
+        "password_policy_chars": "",
+        "password_policy_length": "",
+        "password_policy_lowerupper": "",
+        "password_policy_numbers": "",
+        "password_policy_special_chars": "",
+        "password_repeat": "",
+        "priority": "",
+        "private_key": "",
+        "quarantine": "",
+        "quarantine_bcc": "",
+        "quarantine_max_age": "",
+        "quarantine_max_score": "",
+        "quarantine_max_size": "",
+        "quarantine_notification_html": "",
+        "quarantine_notification_sender": "",
+        "quarantine_notification_subject": "",
+        "quarantine_redirect": "",
+        "quarantine_release_format": "",
+        "quarantine_release_format_att": "",
+        "quarantine_release_format_raw": "",
+        "quarantine_retention_size": "",
+        "quota_notification_html": "",
+        "quota_notification_subject": "",
+        "quota_notifications": "",
+        "quota_notifications_info": "",
+        "quota_notifications_vars": "",
+        "queue_unban": "",
+        "r_active": "",
+        "r_inactive": "",
+        "r_info": "",
+        "rate_name": "",
+        "recipients": "",
+        "refresh": "",
+        "regen_api_key": "",
+        "regex_maps": "",
+        "relay_from": "",
+        "relay_run": "",
+        "relayhosts": "",
+        "relayhosts_hint": "",
+        "remove": "",
+        "remove_row": "",
+        "reset_default": "",
+        "reset_limit": "",
+        "routing": "",
+        "rsetting_add_rule": "",
+        "rsetting_content": "",
+        "rsetting_desc": "",
+        "rsetting_no_selection": "",
+        "rsetting_none": "",
+        "rsettings_insert_preset": "",
+        "rsettings_preset_1": "",
+        "rsettings_preset_2": "",
+        "rsettings_preset_3": "",
+        "rsettings_preset_4": "",
+        "rspamd_com_settings": "",
+        "rspamd_global_filters": "",
+        "rspamd_global_filters_agree": "",
+        "rspamd_global_filters_info": "",
+        "rspamd_global_filters_regex": "",
+        "rspamd_settings_map": "",
+        "sal_level": "",
+        "sys_mails": "",
+        "text": "",
+        "time": "",
+        "title": "",
+        "title_name": "",
+        "to_top": "",
+        "transport_dest_format": "",
+        "transport_maps": "",
+        "transport_test_rcpt_info": "",
+        "transports_hint": "",
+        "ui_footer": "",
+        "ui_header_announcement": "",
+        "ui_header_announcement_active": "",
+        "ui_header_announcement_content": "",
+        "ui_header_announcement_help": "",
+        "ui_header_announcement_select": "",
+        "ui_header_announcement_type": "",
+        "ui_header_announcement_type_danger": "",
+        "ui_header_announcement_type_info": "",
+        "ui_header_announcement_type_warning": "",
+        "ui_texts": "",
+        "unban_pending": "",
+        "unchanged_if_empty": "",
+        "upload": "",
+        "username": "",
+        "validate_license_now": "",
+        "verify": "",
+        "yes": "",
+        "relay_rcpt": "",
+        "duplicate": "",
+        "access": "",
+        "action": "",
+        "activate_api": "",
+        "activate_send": "",
+        "active": "",
+        "active_rspamd_settings_map": "",
+        "add": "",
+        "add_admin": "",
+        "add_domain_admin": "",
+        "add_forwarding_host": "",
+        "add_relayhost": "",
+        "add_relayhost_hint": "",
+        "add_row": "",
+        "add_settings_rule": "",
+        "add_transport": "",
+        "add_transports_hint": "",
+        "additional_rows": "",
+        "admin": "",
+        "admin_details": "",
+        "admin_domains": "",
+        "admins": "",
+        "admins_ldap": "",
+        "advanced_settings": "",
+        "allowed_methods": "",
+        "allowed_origins": "",
+        "api_allow_from": "",
+        "api_info": "",
+        "api_key": "",
+        "cors_settings": "",
+        "api_read_only": "",
+        "api_read_write": "",
+        "api_skip_ip_check": "",
+        "app_links": "",
+        "app_name": "",
+        "apps_name": "",
+        "arrival_time": "",
+        "authed_user": "",
+        "ays": "",
+        "ban_list_info": "",
+        "change_logo": "",
+        "configuration": "",
+        "convert_html_to_text": "",
+        "f2b_whitelist": "",
+        "filter_table": ""
+    },
+    "danger": {
+        "release_send_failed": "",
+        "global_filter_write_error": "",
+        "global_map_invalid": "",
+        "global_map_write_error": "",
+        "goto_empty": "",
+        "goto_invalid": "",
+        "ham_learn_error": "",
+        "imagick_exception": "",
+        "img_invalid": "",
+        "img_tmp_missing": "",
+        "ip_list_empty": "",
+        "is_alias": "",
+        "is_spam_alias": "",
+        "reset_f2b_regex": "",
+        "pushover_token": "",
+        "quota_not_0_not_numeric": "",
+        "recipient_map_entry_exists": "",
+        "relayhost_invalid": "",
+        "webauthn_authenticator_failed": "",
+        "webauthn_username_failed": "",
+        "access_denied": "",
+        "alias_domain_invalid": "",
+        "invalid_bcc_map_type": "",
+        "invalid_destination": "",
+        "invalid_filter_type": "",
+        "alias_empty": "",
+        "alias_goto_identical": "",
+        "alias_invalid": "",
+        "aliasd_targetd_identical": "",
+        "aliases_in_use": "",
+        "app_name_empty": "",
+        "app_passwd_id_invalid": "",
+        "bcc_empty": "",
+        "bcc_exists": "",
+        "bcc_must_be_email": "",
+        "dkim_domain_or_sel_exists": "",
+        "dkim_domain_or_sel_invalid": "",
+        "domain_cannot_match_hostname": "",
+        "domain_exists": "",
+        "domain_invalid": "",
+        "domain_not_empty": "",
+        "domain_not_found": "",
+        "extended_sender_acl_denied": "",
+        "extra_acl_invalid": "",
+        "extra_acl_invalid_domain": "",
+        "fido2_verification_failed": "",
+        "file_open_error": "",
+        "filter_type": "",
+        "from_invalid": "",
+        "mailbox_quota_exceeds_domain_quota": "",
+        "mailbox_quota_left_exceeded": "",
+        "template_name_invalid": "",
+        "domain_quota_m_in_use": "",
+        "comment_too_long": "",
+        "cors_invalid_method": "",
+        "cors_invalid_origin": "",
+        "defquota_empty": "",
+        "img_dimensions_exceeded": "",
+        "img_size_exceeded": "",
+        "invalid_host": "",
+        "invalid_mime_type": "",
+        "invalid_nexthop": "",
+        "invalid_nexthop_authenticated": "",
+        "invalid_recipient_map_new": "",
+        "invalid_recipient_map_old": "",
+        "is_alias_or_mailbox": "",
+        "last_key": "",
+        "login_failed": "",
+        "mailbox_defquota_exceeds_mailbox_maxquota": "",
+        "mailbox_invalid": "",
+        "mailbox_quota_exceeded": "",
+        "mailboxes_in_use": "",
+        "malformed_username": "",
+        "map_content_empty": "",
+        "max_alias_exceeded": "",
+        "max_mailbox_exceeded": "",
+        "max_quota_in_use": "",
+        "maxquota_empty": "",
+        "mysql_error": "",
+        "network_host_invalid": "",
+        "next_hop_interferes": "",
+        "next_hop_interferes_any": "",
+        "nginx_reload_failed": "",
+        "no_user_defined": "",
+        "object_exists": "",
+        "object_is_not_numeric": "",
+        "password_complexity": "",
+        "password_empty": "",
+        "password_mismatch": "",
+        "policy_list_from_exists": "",
+        "policy_list_from_invalid": "",
+        "private_key_error": "",
+        "pushover_credentials_missing": "",
+        "pushover_key": "",
+        "redis_error": "",
+        "resource_invalid": "",
+        "rl_timeframe": "",
+        "rspamd_ui_pw_length": "",
+        "script_empty": "",
+        "sender_acl_invalid": "",
+        "set_acl_failed": "",
+        "settings_map_invalid": "",
+        "sieve_error": "",
+        "spam_learn_error": "",
+        "subject_empty": "",
+        "target_domain_invalid": "",
+        "targetd_not_found": "",
+        "targetd_relay_domain": "",
+        "template_exists": "",
+        "template_id_invalid": "",
+        "temp_error": "",
+        "text_empty": "",
+        "tfa_token_invalid": "",
+        "tls_policy_map_dest_invalid": "",
+        "tls_policy_map_entry_exists": "",
+        "tls_policy_map_parameter_invalid": "",
+        "totp_verification_failed": "",
+        "transport_dest_exists": "",
+        "webauthn_verification_failed": "",
+        "webauthn_publickey_failed": "",
+        "unknown": "",
+        "unknown_tfa_method": "",
+        "unlimited_quota_acl": "",
+        "username_invalid": "",
+        "validity_missing": "",
+        "value_missing": "",
+        "yotp_verification_failed": "",
+        "demo_mode_enabled": "",
+        "description_invalid": ""
+    },
+    "success": {
+        "bcc_deleted": "",
+        "bcc_edited": "",
+        "bcc_saved": "",
+        "dkim_removed": "",
+        "domain_added": "",
+        "resource_removed": "",
+        "alias_modified": "",
+        "alias_removed": "",
+        "aliasd_added": "",
+        "app_links": "",
+        "ip_check_opt_in_modified": "",
+        "item_deleted": "",
+        "cors_headers_edited": "",
+        "db_init_complete": "",
+        "learned_ham": "",
+        "license_modified": "",
+        "settings_map_removed": "",
+        "sogo_profile_reset": "",
+        "template_added": "",
+        "template_modified": "",
+        "template_removed": "",
+        "tls_policy_map_entry_deleted": "",
+        "tls_policy_map_entry_saved": "",
+        "upload_success": "",
+        "verified_fido2_login": "",
+        "verified_totp_login": "",
+        "verified_webauthn_login": "",
+        "verified_yotp_login": "",
+        "acl_saved": "",
+        "admin_added": "",
+        "admin_api_modified": "",
+        "admin_modified": "",
+        "admin_removed": "",
+        "alias_added": "",
+        "alias_domain_removed": "",
+        "aliasd_modified": "",
+        "app_passwd_added": "",
+        "app_passwd_removed": "",
+        "delete_filter": "",
+        "delete_filters": "",
+        "deleted_syncjob": "",
+        "deleted_syncjobs": "",
+        "dkim_added": "",
+        "domain_add_dkim_available": "",
+        "dkim_duplicated": "",
+        "domain_admin_added": "",
+        "domain_admin_modified": "",
+        "domain_admin_removed": "",
+        "domain_footer_modified": "",
+        "domain_modified": "",
+        "domain_removed": "",
+        "dovecot_restart_success": "",
+        "eas_reset": "",
+        "f2b_banlist_refreshed": "",
+        "f2b_modified": "",
+        "forwarding_host_added": "",
+        "forwarding_host_removed": "",
+        "global_filter_written": "",
+        "hash_deleted": "",
+        "item_released": "",
+        "items_deleted": "",
+        "items_released": "",
+        "logged_in_as": "",
+        "mailbox_added": "",
+        "mailbox_modified": "",
+        "mailbox_removed": "",
+        "nginx_reloaded": "",
+        "object_modified": "",
+        "password_policy_saved": "",
+        "pushover_settings_edited": "",
+        "qlearn_spam": "",
+        "queue_command_success": "",
+        "recipient_map_entry_deleted": "",
+        "recipient_map_entry_saved": "",
+        "relayhost_added": "",
+        "relayhost_removed": "",
+        "reset_main_logo": "",
+        "resource_added": "",
+        "resource_modified": "",
+        "rl_saved": "",
+        "rspamd_ui_pw_set": "",
+        "saved_settings": "",
+        "settings_map_added": "",
+        "ui_texts": ""
+    },
+    "debug": {
+        "history_all_servers": "",
+        "in_memory_logs": "",
+        "jvm_memory_solr": "",
+        "last_modified": "",
+        "login_time": "",
+        "logs": "",
+        "memory": "",
+        "online_users": "",
+        "username": "",
+        "wip": "",
+        "docs": "",
+        "error_show_ip": "",
+        "external_logs": "",
+        "architecture": "",
+        "chart_this_server": "",
+        "containers_info": "",
+        "container_running": "",
+        "container_disabled": "",
+        "container_stopped": "",
+        "cores": "",
+        "current_time": "",
+        "disk_usage": "",
+        "log_info": "",
+        "restart_container": "",
+        "service": "",
+        "show_ip": "",
+        "size": "",
+        "solr_status": "",
+        "started_at": "",
+        "started_on": "",
+        "static_logs": "",
+        "success": "",
+        "system_containers": "",
+        "timezone": "",
+        "uptime": "",
+        "update_available": "",
+        "no_update_available": "",
+        "update_failed": "",
+        "solr_dead": ""
+    },
+    "diagnostics": {
+        "cname_from_a": "",
+        "dns_records": "",
+        "dns_records_docs": "",
+        "dns_records_24hours": "",
+        "dns_records_data": "",
+        "dns_records_name": "",
+        "dns_records_status": "",
+        "dns_records_type": "",
+        "optional": ""
+    },
+    "mailbox": {
+        "last_mail_login": "",
+        "sieve_preset_1": "",
+        "bcc_to_rcpt": "",
+        "bcc_to_sender": "",
+        "bcc_type": "",
+        "booking_null": "",
+        "mailbox_quota": "",
+        "mailboxes": "",
+        "sieve_preset_2": "",
+        "sieve_preset_3": "",
+        "sieve_preset_4": "",
+        "sieve_preset_5": "",
+        "sieve_preset_6": "",
+        "sieve_preset_7": "",
+        "sieve_preset_8": "",
+        "sieve_preset_header": "",
+        "sogo_visible": "",
+        "sogo_visible_n": "",
+        "sogo_visible_y": "",
+        "spam_aliases": "",
+        "stats": "",
+        "status": "",
+        "tls_map_dest": "",
+        "tls_map_parameters": "",
+        "tls_enforce_in": "",
+        "tls_enforce_out": "",
+        "tls_policy_maps_enforced_tls": "",
+        "tls_policy_maps_info": "",
+        "goto_ham": "",
+        "recipient_maps": "",
+        "quarantine_category": "",
+        "quarantine_notification": "",
+        "quick_actions": "",
+        "recipient_map_info": "",
+        "recipient_map_new": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "table_size": "",
+        "alias_domain_backupmx": "",
+        "aliases": "",
+        "empty": "",
+        "enable_x": "",
+        "excludes": "",
+        "filter_table": "",
+        "filters": "",
+        "fname": "",
+        "force_pw_update": "",
+        "recipient": "",
+        "recipient_map": "",
+        "action": "",
+        "activate": "",
+        "active": "",
+        "add": "",
+        "add_alias": "",
+        "add_alias_expand": "",
+        "add_bcc_entry": "",
+        "add_domain": "",
+        "add_domain_alias": "",
+        "add_domain_record_first": "",
+        "add_filter": "",
+        "add_mailbox": "",
+        "add_recipient_map_entry": "",
+        "add_resource": "",
+        "add_template": "",
+        "add_tls_policy_map": "",
+        "address_rewriting": "",
+        "alias": "",
+        "alias_domain_alias_hint": "",
+        "all_domains": "",
+        "allow_from_smtp": "",
+        "allow_from_smtp_info": "",
+        "allowed_protocols": "",
+        "backup_mx": "",
+        "bcc": "",
+        "bcc_destination": "",
+        "bcc_destinations": "",
+        "bcc_info": "",
+        "bcc_local_dest": "",
+        "bcc_map": "",
+        "bcc_map_type": "",
+        "bcc_maps": "",
+        "bcc_rcpt_map": "",
+        "bcc_sender_map": "",
+        "booking_0_short": "",
+        "booking_custom": "",
+        "booking_custom_short": "",
+        "booking_ltnull": "",
+        "booking_lt0_short": "",
+        "catch_all": "",
+        "created_on": "",
+        "daily": "",
+        "deactivate": "",
+        "description": "",
+        "disable_login": "",
+        "disable_x": "",
+        "dkim_domains_selector": "",
+        "dkim_key_length": "",
+        "domain": "",
+        "domain_admins": "",
+        "domain_quota_total": "",
+        "edit": "",
+        "gal": "",
+        "goto_spam": "",
+        "hourly": "",
+        "in_use": "",
+        "inactive": "",
+        "insert_preset": "",
+        "kind": "",
+        "last_modified": "",
+        "last_pw_change": "",
+        "last_run": "",
+        "last_run_reset": "",
+        "mailbox": "",
+        "mailbox_defaults": "",
+        "mailbox_defaults_info": "",
+        "mailbox_defquota": "",
+        "mailbox_templates": "",
+        "max_aliases": "",
+        "max_mailboxes": "",
+        "max_quota": "",
+        "mins_interval": "",
+        "msg_num": "",
+        "never": "",
+        "no": "",
+        "no_record": "",
+        "no_record_single": "",
+        "open_logs": "",
+        "owner": "",
+        "private_comment": "",
+        "public_comment": "",
+        "q_add_header": "",
+        "q_all": "",
+        "q_reject": "",
+        "recipient_map_new_info": "",
+        "recipient_map_old": "",
+        "recipient_map_old_info": "",
+        "relay_all": "",
+        "relay_unknown": "",
+        "remove": "",
+        "resources": "",
+        "running": "",
+        "sender": "",
+        "set_postfilter": "",
+        "set_prefilter": "",
+        "sieve_info": "",
+        "sync_jobs": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "table_size_show_n": "",
+        "target_address": "",
+        "target_domain": "",
+        "templates": "",
+        "template": "",
+        "tls_map_parameters_info": "",
+        "tls_map_policy": "",
+        "tls_policy_maps": "",
+        "tls_policy_maps_long": "",
+        "toggle_all": "",
+        "username": "",
+        "waiting": "",
+        "weekly": "",
+        "yes": "",
+        "multiple_bookings": "",
+        "domain_aliases": "",
+        "domain_templates": "",
+        "domain_quota": "",
+        "domains": "",
+        "tls_map_dest_info": ""
+    },
+    "quarantine": {
+        "high_danger": "",
+        "quick_delete_link": "",
+        "quick_info_link": "",
+        "quick_release_link": "",
+        "rcpt": "",
+        "received": "",
+        "recipients": "",
+        "text_from_html_content": "",
+        "text_plain_content": "",
+        "qitem": "",
+        "quick_actions": "",
+        "refresh": "",
+        "show_item": "",
+        "spam": "",
+        "spam_score": "",
+        "action": "",
+        "atts": "",
+        "check_hash": "",
+        "confirm": "",
+        "confirm_delete": "",
+        "danger": "",
+        "deliver_inbox": "",
+        "disabled_by_config": "",
+        "download_eml": "",
+        "empty": "",
+        "info": "",
+        "junk_folder": "",
+        "learn_spam_delete": "",
+        "low_danger": "",
+        "medium_danger": "",
+        "neutral_danger": "",
+        "notified": "",
+        "qhandler_success": "",
+        "qid": "",
+        "qinfo": "",
+        "rejected": "",
+        "release": "",
+        "release_body": "",
+        "release_subject": "",
+        "remove": "",
+        "rewrite_subject": "",
+        "rspamd_result": "",
+        "sender": "",
+        "sender_header": "",
+        "settings_info": "",
+        "subj": "",
+        "table_size": "",
+        "table_size_show_n": "",
+        "toggle_all": "",
+        "type": "",
+        "quarantine": ""
+    },
+    "header": {
+        "mailcow_config": "",
+        "quarantine": "",
+        "restart_sogo": "",
+        "user_settings": "",
+        "apps": "",
+        "administration": "",
+        "debug": "",
+        "email": "",
+        "mailcow_system": "",
+        "restart_netfilter": ""
+    },
+    "info": {
+        "no_action": "",
+        "awaiting_tfa_confirmation": "",
+        "session_expires": ""
+    },
+    "login": {
+        "delayed": "",
+        "login": "",
+        "mobileconfig_info": "",
+        "password": "",
+        "fido2_webauthn": "",
+        "username": "",
+        "other_logins": ""
+    },
+    "queue": {
+        "unhold_mail_legend": "",
+        "delete": "",
+        "flush": "",
+        "info": "",
+        "legend": "",
+        "ays": "",
+        "deliver_mail": "",
+        "deliver_mail_legend": "",
+        "hold_mail": "",
+        "hold_mail_legend": "",
+        "queue_manager": "",
+        "show_message": "",
+        "unban": "",
+        "unhold_mail": ""
+    },
+    "ratelimit": {
+        "disabled": "",
+        "second": "",
+        "minute": "",
+        "hour": "",
+        "day": ""
+    },
+    "tfa": {
+        "authenticators": "",
+        "api_register": "",
+        "confirm": "",
+        "confirm_totp_token": "",
+        "error_code": "",
+        "init_webauthn": "",
+        "key_id": "",
+        "key_id_totp": "",
+        "none": "",
+        "reload_retry": "",
+        "select": "",
+        "scan_qr_code": "",
+        "set_tfa": "",
+        "start_webauthn_validation": "",
+        "tfa": "",
+        "tfa_token_invalid": "",
+        "totp": "",
+        "u2f_deprecated": "",
+        "u2f_deprecated_important": "",
+        "webauthn": "",
+        "waiting_usb_auth": "",
+        "waiting_usb_register": "",
+        "yubi_otp": "",
+        "delete_tfa": "",
+        "disable_tfa": "",
+        "enter_qr_code": ""
+    },
+    "acl": {
+        "alias_domains": "",
+        "app_passwds": "",
+        "bcc_maps": "",
+        "delimiter_action": "",
+        "domain_desc": "",
+        "domain_relayhost": "",
+        "eas_reset": "",
+        "extend_sender_acl": "",
+        "filters": "",
+        "login_as": "",
+        "mailbox_relayhost": "",
+        "prohibited": "",
+        "protocol_access": "",
+        "pushover": "",
+        "quarantine": "",
+        "quarantine_attachments": "",
+        "quarantine_category": "",
+        "quarantine_notification": "",
+        "ratelimit": "",
+        "recipient_maps": "",
+        "smtp_ip_access": "",
+        "sogo_access": "",
+        "sogo_profile_reset": "",
+        "spam_alias": "",
+        "spam_policy": "",
+        "spam_score": "",
+        "syncjobs": "",
+        "tls_policy": "",
+        "unlimited_quota": ""
+    },
+    "add": {
+        "activate_filter_warn": "",
+        "active": "",
+        "add": "",
+        "add_domain_only": "",
+        "add_domain_restart": "",
+        "alias_address": "",
+        "alias_address_info": "",
+        "alias_domain": "",
+        "alias_domain_info": "",
+        "app_name": "",
+        "app_password": "",
+        "app_passwd_protocols": "",
+        "automap": "",
+        "backup_mx_options": "",
+        "bcc_dest_format": "",
+        "comment_info": "",
+        "custom_params": "",
+        "custom_params_hint": "",
+        "delete1": "",
+        "delete2": "",
+        "enc_method": "",
+        "delete2duplicates": "",
+        "description": "",
+        "destination": "",
+        "disable_login": "",
+        "domain": "",
+        "domain_matches_hostname": "",
+        "domain_quota_m": "",
+        "generate": "",
+        "tags": "",
+        "dry": "",
+        "exclude": "",
+        "full_name": "",
+        "gal": "",
+        "gal_info": "",
+        "goto_ham": "",
+        "goto_null": "",
+        "goto_spam": "",
+        "hostname": "",
+        "inactive": "",
+        "kind": "",
+        "mailbox_quota_def": "",
+        "mailbox_quota_m": "",
+        "mailbox_username": "",
+        "max_aliases": "",
+        "max_mailboxes": "",
+        "mins_interval": "",
+        "multiple_bookings": "",
+        "nexthop": "",
+        "password": "",
+        "password_repeat": "",
+        "port": "",
+        "post_domain_add": "",
+        "private_comment": "",
+        "public_comment": "",
+        "quota_mb": "",
+        "relay_all": "",
+        "relay_all_info": "",
+        "relay_domain": "",
+        "relay_transport_info": "",
+        "relay_unknown_only": "",
+        "relayhost_wrapped_tls_info": "",
+        "select": "",
+        "select_domain": "",
+        "sieve_desc": "",
+        "sieve_type": "",
+        "skipcrossduplicates": "",
+        "subscribeall": "",
+        "syncjob": "",
+        "syncjob_hint": "",
+        "target_address": "",
+        "target_address_info": "",
+        "target_domain": "",
+        "timeout1": "",
+        "timeout2": "",
+        "username": "",
+        "validate": "",
+        "validation_success": ""
+    },
+    "datatables": {
+        "collapse_all": "",
+        "decimal": "",
+        "emptyTable": "",
+        "expand_all": "",
+        "info": "",
+        "infoEmpty": "",
+        "infoFiltered": "",
+        "thousands": "",
+        "loadingRecords": "",
+        "processing": "",
+        "search": "",
+        "zeroRecords": "",
+        "paginate": {
+            "first": "",
+            "last": "",
+            "next": "",
+            "previous": ""
+        },
+        "aria": {
+            "sortAscending": "",
+            "sortDescending": ""
+        },
+        "lengthMenu": "",
+        "infoPostFix": ""
+    },
+    "fido2": {
+        "confirm": "",
+        "fido2_auth": "",
+        "fido2_success": "",
+        "fido2_validation_failed": "",
+        "fn": "",
+        "known_ids": "",
+        "none": "",
+        "register_status": "",
+        "rename": "",
+        "set_fido2": "",
+        "set_fido2_touchid": "",
+        "set_fn": "",
+        "start_fido2_validation": ""
+    },
+    "footer": {
+        "cancel": "",
+        "confirm_delete": "",
+        "delete_now": "",
+        "delete_these_items": "",
+        "hibp_check": "",
+        "hibp_nok": "",
+        "hibp_ok": "",
+        "loading": "",
+        "nothing_selected": "",
+        "restart_container": "",
+        "restart_container_info": "",
+        "restart_now": "",
+        "restarting_container": ""
+    },
+    "oauth2": {
+        "access_denied": "",
+        "authorize_app": "",
+        "deny": "",
+        "permit": "",
+        "profile": "",
+        "profile_desc": "",
+        "scope_ask_permission": ""
+    },
+    "start": {
+        "help": "",
+        "imap_smtp_server_auth_info": "",
+        "mailcow_apps_detail": "",
+        "mailcow_panel_detail": ""
     }
 }
diff --git a/data/web/lang/lang.hu-hu.json b/data/web/lang/lang.hu-hu.json
index e9762ff51..9cebcd776 100644
--- a/data/web/lang/lang.hu-hu.json
+++ b/data/web/lang/lang.hu-hu.json
@@ -129,7 +129,118 @@
         "customize": "Testreszabás",
         "destination": "Célállomás",
         "customer_id": "Ügyfél azonosító",
-        "apps_name": "\"mailcow Apps\" név"
+        "apps_name": "\"mailcow Apps\" név",
+        "oauth2_redirect_uri": "",
+        "hash_remove_info": "",
+        "ip_check_opt_in": "",
+        "license_info": "",
+        "message_size": "",
+        "nexthop": "",
+        "no_active_bans": "",
+        "no_new_rows": "",
+        "no_record": "",
+        "oauth2_apps": "",
+        "oauth2_add_client": "",
+        "oauth2_client_id": "",
+        "oauth2_client_secret": "",
+        "oauth2_info": "",
+        "oauth2_renew_secret": "",
+        "oauth2_revoke_tokens": "",
+        "optional": "",
+        "options": "",
+        "password": "",
+        "password_length": "",
+        "password_policy": "",
+        "password_policy_chars": "",
+        "password_policy_length": "",
+        "password_policy_lowerupper": "",
+        "password_policy_numbers": "",
+        "password_policy_special_chars": "",
+        "password_repeat": "",
+        "priority": "",
+        "private_key": "",
+        "quarantine": "",
+        "quarantine_exclude_domains": "",
+        "quarantine_release_format_raw": "",
+        "quarantine_retention_size": "",
+        "quota_notification_html": "",
+        "quota_notification_sender": "",
+        "quota_notification_subject": "",
+        "quota_notifications": "",
+        "quota_notifications_info": "",
+        "quota_notifications_vars": "",
+        "r_active": "",
+        "r_inactive": "",
+        "rsettings_preset_1": "",
+        "rsettings_preset_2": "",
+        "rsettings_preset_3": "",
+        "rsettings_preset_4": "",
+        "rspamd_com_settings": "",
+        "rspamd_global_filters": "",
+        "rspamd_global_filters_info": "",
+        "transports_hint": "",
+        "ui_footer": "",
+        "ui_header_announcement_type_danger": "",
+        "ui_header_announcement_type_info": "",
+        "ui_header_announcement_type_warning": "",
+        "ui_texts": "",
+        "unban_pending": "",
+        "unchanged_if_empty": "",
+        "validate_license_now": "",
+        "yes": "",
+        "sal_level": "",
+        "main_name": "",
+        "quarantine_max_age": "",
+        "quarantine_max_score": "",
+        "quarantine_max_size": "",
+        "queue_unban": "",
+        "reset_default": "",
+        "reset_limit": "",
+        "remove": "",
+        "no": "",
+        "rate_name": "",
+        "merged_vars_hint": "",
+        "message": "",
+        "rsetting_desc": "",
+        "rsetting_no_selection": "",
+        "rsetting_none": "",
+        "rsettings_insert_preset": "",
+        "r_info": "",
+        "refresh": "",
+        "regen_api_key": "",
+        "regex_maps": "",
+        "relay_from": "",
+        "relay_rcpt": "",
+        "relay_run": "",
+        "relayhosts": "",
+        "relayhosts_hint": "",
+        "remove_row": "",
+        "rspamd_global_filters_regex": "",
+        "rspamd_settings_map": "",
+        "service_id": "",
+        "success": "",
+        "transport_maps": "",
+        "transport_test_rcpt_info": "",
+        "quarantine_notification_html": "",
+        "quarantine_notification_sender": "",
+        "quarantine_notification_subject": "",
+        "quarantine_redirect": "",
+        "quarantine_release_format": "",
+        "quarantine_release_format_att": "",
+        "routing": "",
+        "rsetting_add_rule": "",
+        "rsetting_content": "",
+        "ui_header_announcement": "",
+        "ui_header_announcement_active": "",
+        "ui_header_announcement_content": "",
+        "ui_header_announcement_help": "",
+        "ui_header_announcement_select": "",
+        "ui_header_announcement_type": "",
+        "recipients": "",
+        "quarantine_bcc": "",
+        "rspamd_global_filters_agree": "",
+        "service": "",
+        "lookup_mx": ""
     },
     "edit": {
         "active": "Aktív",
@@ -146,7 +257,121 @@
         "description": "Leírás",
         "domain_quota": "Domain kvóta",
         "domains": "Domainek",
-        "edit_alias_domain": "Alias domain szerkesztése"
+        "edit_alias_domain": "Alias domain szerkesztése",
+        "footer_exclude": "",
+        "max_aliases": "",
+        "max_mailboxes": "",
+        "max_quota": "",
+        "maxage": "",
+        "maxbytespersecond": "",
+        "grant_types": "",
+        "last_modified": "",
+        "sogo_visible": "",
+        "force_pw_update": "",
+        "sogo_access": "",
+        "mailbox": "",
+        "mailbox_quota_def": "",
+        "sogo_visible_info": "",
+        "spam_alias": "",
+        "spam_filter": "",
+        "spam_score": "",
+        "subfolder2": "",
+        "syncjob": "",
+        "target_address": "",
+        "target_domain": "",
+        "timeout1": "",
+        "timeout2": "",
+        "unchanged_if_empty": "",
+        "username": "",
+        "custom_attributes": "",
+        "delete2": "",
+        "delete2duplicates": "",
+        "delete_ays": "",
+        "disable_login": "",
+        "domain": "",
+        "domain_admin": "",
+        "spam_policy": "",
+        "domain_footer_skip_replies": "",
+        "encryption": "",
+        "exclude": "",
+        "extended_sender_acl": "",
+        "extended_sender_acl_info": "",
+        "relay_all": "",
+        "relay_domain": "",
+        "full_name": "",
+        "generate": "",
+        "admin": "",
+        "created_on": "",
+        "multiple_bookings": "",
+        "acl": "",
+        "pushover_sound": "",
+        "app_passwd_protocols": "",
+        "automap": "",
+        "bcc_dest_format": "",
+        "comment_info": "",
+        "delete1": "",
+        "domain_footer": "",
+        "domain_footer_html": "",
+        "domain_footer_info": "",
+        "domain_footer_info_vars": {
+            "auth_user": "",
+            "from_user": "",
+            "from_name": "",
+            "from_addr": "",
+            "from_domain": "",
+            "custom": ""
+        },
+        "domain_footer_plain": "",
+        "dont_check_sender_acl": "",
+        "force_pw_update_info": "",
+        "mbox_rl_info": "",
+        "mins_interval": "",
+        "mailbox_relayhost_info": "",
+        "none_inherit": "",
+        "nexthop": "",
+        "password": "",
+        "previous": "",
+        "private_comment": "",
+        "public_comment": "",
+        "pushover": "",
+        "pushover_evaluate_x_prio": "",
+        "pushover_info": "",
+        "pushover_only_x_prio": "",
+        "pushover_sender_array": "",
+        "pushover_sender_regex": "",
+        "pushover_text": "",
+        "pushover_title": "",
+        "pushover_vars": "",
+        "pushover_verify": "",
+        "quota_mb": "",
+        "quota_warning_bcc": "",
+        "quota_warning_bcc_info": "",
+        "redirect_uri": "",
+        "relay_all_info": "",
+        "sender_acl": "",
+        "sender_acl_disabled": "",
+        "sieve_type": "",
+        "skipcrossduplicates": "",
+        "sogo_access_info": "",
+        "validate_save": "",
+        "inactive": "",
+        "gal": "",
+        "gal_info": "",
+        "hostname": "",
+        "kind": "",
+        "scope": "",
+        "password_repeat": "",
+        "ratelimit": "",
+        "relay_transport_info": "",
+        "relay_unknown_only": "",
+        "relayhost": "",
+        "remove": "",
+        "resource": "",
+        "save": "",
+        "sender_acl_info": "",
+        "sieve_desc": "",
+        "title": "",
+        "lookup_mx": ""
     },
     "footer": {
         "cancel": "Mégse",
@@ -159,7 +384,9 @@
         "restart_container": "Konténer újraindítása",
         "restart_container_info": "<b>Fontos:</b> A teljes újraindulás eltarthat egy ideig, kérjük várjon, amíg befejeződik!",
         "restart_now": "Újraindítás most",
-        "restarting_container": "Konténer újraindítása. Ez eltarthat egy darabig."
+        "restarting_container": "Konténer újraindítása. Ez eltarthat egy darabig.",
+        "nothing_selected": "",
+        "hibp_check": ""
     },
     "header": {
         "administration": "Beállítások és részletek",
@@ -170,7 +397,8 @@
         "quarantine": "Karantén",
         "restart_netfilter": "Netfilter újraindítása",
         "restart_sogo": "SOGo újraindítása",
-        "user_settings": "Felhasználó beállításai"
+        "user_settings": "Felhasználó beállításai",
+        "mailcow_system": ""
     },
     "info": {
         "awaiting_tfa_confirmation": "TFA megerősítésre várakozás",
@@ -182,7 +410,9 @@
         "login": "Bejelentkezés",
         "mobileconfig_info": "A kért Apple kapcsolat profil letöltéséhez jelentkezzen be, mint postafiók-felhasználó.",
         "password": "Jelszó",
-        "username": "Felhasználónév"
+        "username": "Felhasználónév",
+        "other_logins": "",
+        "fido2_webauthn": ""
     },
     "mailbox": {
         "action": "Művelet",
@@ -277,7 +507,87 @@
         "toggle_all": "Összes átváltása",
         "username": "Felhasználónév",
         "waiting": "Várakozás",
-        "weekly": "Hetente"
+        "weekly": "Hetente",
+        "sieve_preset_6": "",
+        "sieve_preset_8": "",
+        "sender": "",
+        "set_postfilter": "",
+        "set_prefilter": "",
+        "sieve_info": "",
+        "sieve_preset_header": "",
+        "sogo_visible": "",
+        "mailbox_defaults_info": "",
+        "mailbox_templates": "",
+        "q_reject": "",
+        "quarantine_category": "",
+        "recipient_map_old_info": "",
+        "relay_all": "",
+        "relay_unknown": "",
+        "sieve_preset_1": "",
+        "sieve_preset_2": "",
+        "sieve_preset_3": "",
+        "sieve_preset_4": "",
+        "sieve_preset_5": "",
+        "sieve_preset_7": "",
+        "sogo_visible_n": "",
+        "sogo_visible_y": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "templates": "",
+        "tls_policy_maps_enforced_tls": "",
+        "tls_policy_maps_info": "",
+        "tls_map_policy": "",
+        "booking_custom_short": "",
+        "booking_ltnull": "",
+        "booking_lt0_short": "",
+        "catch_all": "",
+        "created_on": "",
+        "dkim_domains_selector": "",
+        "dkim_key_length": "",
+        "domain_templates": "",
+        "template": "",
+        "add_alias_expand": "",
+        "add_template": "",
+        "alias_domain_alias_hint": "",
+        "all_domains": "",
+        "bcc_info": "",
+        "bcc_map_type": "",
+        "bcc_maps": "",
+        "bcc_rcpt_map": "",
+        "bcc_sender_map": "",
+        "bcc_to_rcpt": "",
+        "bcc_to_sender": "",
+        "bcc_type": "",
+        "booking_null": "",
+        "booking_0_short": "",
+        "booking_custom": "",
+        "domain_quota_total": "",
+        "gal": "",
+        "goto_ham": "",
+        "goto_spam": "",
+        "last_modified": "",
+        "last_pw_change": "",
+        "mailbox_defaults": "",
+        "max_aliases": "",
+        "max_mailboxes": "",
+        "max_quota": "",
+        "no": "",
+        "open_logs": "",
+        "q_all": "",
+        "recipient": "",
+        "recipient_map_info": "",
+        "recipient_map_new_info": "",
+        "q_add_header": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "tls_policy_maps": "",
+        "tls_policy_maps_long": "",
+        "yes": ""
     },
     "oauth2": {
         "access_denied": "Kérjük jelentkezzen be postafiók felhasználójával az OAuth2 használatához.",
@@ -324,10 +634,38 @@
         "table_size_show_n": "%s tétel mutatása",
         "text_from_html_content": "Tartalom (konvertált html)",
         "text_plain_content": "Tartalom (sima szöveg)",
-        "toggle_all": "Összes átkapcsolása"
+        "toggle_all": "Összes átkapcsolása",
+        "settings_info": "",
+        "info": "",
+        "junk_folder": "",
+        "disabled_by_config": "",
+        "qhandler_success": "",
+        "release_body": "",
+        "spam": "",
+        "type": "",
+        "quick_info_link": "",
+        "check_hash": "",
+        "confirm": "",
+        "deliver_inbox": "",
+        "rejected": "",
+        "rewrite_subject": "",
+        "qid": ""
     },
     "queue": {
-        "queue_manager": "Queue Manager"
+        "queue_manager": "Queue Manager",
+        "delete": "",
+        "flush": "",
+        "info": "",
+        "legend": "",
+        "ays": "",
+        "deliver_mail": "",
+        "deliver_mail_legend": "",
+        "hold_mail": "",
+        "hold_mail_legend": "",
+        "show_message": "",
+        "unban": "",
+        "unhold_mail": "",
+        "unhold_mail_legend": ""
     },
     "start": {
         "help": "Súgó panel megjelenítése/elrejtése",
@@ -382,7 +720,44 @@
         "resource_modified": "Postafiók %s módosításai mentve",
         "resource_removed": "Erőforrás %s eltávolítva",
         "saved_settings": "Beállítások mentve",
-        "upload_success": "File sikeresen feltöltve"
+        "upload_success": "File sikeresen feltöltve",
+        "reset_main_logo": "",
+        "template_removed": "",
+        "cors_headers_edited": "",
+        "domain_footer_modified": "",
+        "f2b_banlist_refreshed": "",
+        "bcc_saved": "",
+        "domain_add_dkim_available": "",
+        "dkim_duplicated": "",
+        "f2b_modified": "",
+        "forwarding_host_added": "",
+        "forwarding_host_removed": "",
+        "ip_check_opt_in_modified": "",
+        "nginx_reloaded": "",
+        "acl_saved": "",
+        "bcc_deleted": "",
+        "bcc_edited": "",
+        "password_policy_saved": "",
+        "pushover_settings_edited": "",
+        "queue_command_success": "",
+        "recipient_map_entry_deleted": "",
+        "recipient_map_entry_saved": "",
+        "relayhost_added": "",
+        "relayhost_removed": "",
+        "template_added": "",
+        "template_modified": "",
+        "rl_saved": "",
+        "rspamd_ui_pw_set": "",
+        "settings_map_added": "",
+        "settings_map_removed": "",
+        "sogo_profile_reset": "",
+        "tls_policy_map_entry_deleted": "",
+        "tls_policy_map_entry_saved": "",
+        "ui_texts": "",
+        "verified_fido2_login": "",
+        "verified_totp_login": "",
+        "verified_webauthn_login": "",
+        "verified_yotp_login": ""
     },
     "user": {
         "action": "Művelet",
@@ -483,7 +858,70 @@
         "waiting": "Várakozás",
         "week": "hét",
         "weekly": "heti",
-        "weeks": "hét"
+        "weeks": "hét",
+        "aliases_send_as_all": "",
+        "app_hint": "",
+        "direct_aliases_desc": "",
+        "sogo_profile_reset_now": "",
+        "aliases_also_send_as": "",
+        "apple_connection_profile_complete": "",
+        "apple_connection_profile_mailonly": "",
+        "apple_connection_profile_with_app_password": "",
+        "attribute": "",
+        "change_password_hint_app_passwords": "",
+        "clear_recent_successful_connections": "",
+        "eas_reset_help": "",
+        "empty": "",
+        "shared_aliases_desc": "",
+        "value": "",
+        "allowed_protocols": "",
+        "last_pw_change": "",
+        "direct_protocol_access": "",
+        "fido2_webauthn": "",
+        "from": "",
+        "mailbox_general": "",
+        "mailbox_settings": "",
+        "month": "",
+        "months": "",
+        "open_logs": "",
+        "open_webmail_sso": "",
+        "pushover_evaluate_x_prio": "",
+        "pushover_info": "",
+        "pushover_only_x_prio": "",
+        "pushover_sender_array": "",
+        "pushover_sender_regex": "",
+        "pushover_text": "",
+        "pushover_title": "",
+        "pushover_sound": "",
+        "q_all": "",
+        "sogo_profile_reset": "",
+        "sogo_profile_reset_help": "",
+        "spamfilter_table_domain_policy": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "tls_policy_warning": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "last_ui_login": "",
+        "q_add_header": "",
+        "q_reject": "",
+        "quarantine_category": "",
+        "quarantine_category_info": "",
+        "recent_successful_connections": "",
+        "created_on": "",
+        "is_catch_all": "",
+        "login_history": "",
+        "mailbox": "",
+        "pushover_vars": "",
+        "pushover_verify": "",
+        "with_app_password": "",
+        "year": "",
+        "years": ""
     },
     "warning": {
         "cannot_delete_self": "Bejelentkezett felhasználó nem törölhető.",
@@ -491,7 +929,12 @@
         "no_active_admin": "Utolsó aktív admin felhasználó nem deaktiválható.",
         "quota_exceeded_scope": "Domain kvóta átlépve: csak korlátok nélküli postafiókok hozhatók létre ebben a domain-ben.",
         "session_token": "Űrlap-token érvénytelen: Tokenek nem egyeznek",
-        "session_ua": "Űrlap-token érvénytelen: User-Agent hitelesítési probléma"
+        "session_ua": "Űrlap-token érvénytelen: User-Agent hitelesítési probléma",
+        "domain_added_sogo_failed": "",
+        "dovecot_restart_failed": "",
+        "fuzzy_learn_error": "",
+        "hash_not_found": "",
+        "is_not_primary_alias": ""
     },
     "acl": {
         "delimiter_action": "Elhatárolás",
@@ -525,7 +968,15 @@
         "sogo_access": "A SOGo-hozzáférés kezelésének lehetővé tétele"
     },
     "diagnostics": {
-        "dns_records": "DNS bejegyzések"
+        "dns_records": "DNS bejegyzések",
+        "dns_records_data": "",
+        "dns_records_name": "",
+        "dns_records_status": "",
+        "cname_from_a": "",
+        "dns_records_24hours": "",
+        "dns_records_docs": "",
+        "dns_records_type": "",
+        "optional": ""
     },
     "add": {
         "username": "Felhasználónév",
@@ -589,6 +1040,270 @@
         "alias_domain": "Alias domain",
         "alias_domain_info": "<small>Csak érvényes tartománynevek (vesszővel elválasztva).</small>",
         "app_name": "Alkalmazás neve",
-        "app_passwd_protocols": "Engedélyezett protokollok az alkalmazás jelszavához"
+        "app_passwd_protocols": "Engedélyezett protokollok az alkalmazás jelszavához",
+        "multiple_bookings": "",
+        "quota_mb": "",
+        "relay_all": "",
+        "relay_all_info": "",
+        "relay_domain": "",
+        "relay_unknown_only": "",
+        "relayhost_wrapped_tls_info": "",
+        "select_domain": "",
+        "sieve_desc": "",
+        "skipcrossduplicates": "",
+        "relay_transport_info": "",
+        "sieve_type": "",
+        "subscribeall": "",
+        "automap": "",
+        "syncjob": "",
+        "select": ""
+    },
+    "danger": {
+        "webauthn_authenticator_failed": "",
+        "rl_timeframe": "",
+        "mailbox_invalid": "",
+        "is_spam_alias": "",
+        "last_key": "",
+        "access_denied": "",
+        "alias_domain_invalid": "",
+        "alias_empty": "",
+        "alias_goto_identical": "",
+        "alias_invalid": "",
+        "aliasd_targetd_identical": "",
+        "aliases_in_use": "",
+        "bcc_empty": "",
+        "bcc_exists": "",
+        "cors_invalid_method": "",
+        "cors_invalid_origin": "",
+        "domain_cannot_match_hostname": "",
+        "domain_exists": "",
+        "domain_invalid": "",
+        "domain_not_empty": "",
+        "domain_not_found": "",
+        "domain_quota_m_in_use": "",
+        "extended_sender_acl_denied": "",
+        "extra_acl_invalid": "",
+        "extra_acl_invalid_domain": "",
+        "fido2_verification_failed": "",
+        "file_open_error": "",
+        "from_invalid": "",
+        "global_filter_write_error": "",
+        "global_map_invalid": "",
+        "global_map_write_error": "",
+        "goto_empty": "",
+        "goto_invalid": "",
+        "ham_learn_error": "",
+        "imagick_exception": "",
+        "mailbox_quota_exceeded": "",
+        "text_empty": "",
+        "tfa_token_invalid": "",
+        "tls_policy_map_dest_invalid": "",
+        "tls_policy_map_entry_exists": "",
+        "tls_policy_map_parameter_invalid": "",
+        "app_name_empty": "",
+        "app_passwd_id_invalid": "",
+        "private_key_error": "",
+        "img_dimensions_exceeded": "",
+        "img_size_exceeded": "",
+        "login_failed": "",
+        "mailbox_defquota_exceeds_mailbox_maxquota": "",
+        "mailbox_quota_exceeds_domain_quota": "",
+        "mailbox_quota_left_exceeded": "",
+        "mailboxes_in_use": "",
+        "malformed_username": "",
+        "map_content_empty": "",
+        "max_alias_exceeded": "",
+        "next_hop_interferes": "",
+        "next_hop_interferes_any": "",
+        "object_exists": "",
+        "object_is_not_numeric": "",
+        "password_complexity": "",
+        "password_empty": "",
+        "password_mismatch": "",
+        "policy_list_from_exists": "",
+        "policy_list_from_invalid": "",
+        "pushover_credentials_missing": "",
+        "pushover_key": "",
+        "pushover_token": "",
+        "quota_not_0_not_numeric": "",
+        "recipient_map_entry_exists": "",
+        "redis_error": "",
+        "relayhost_invalid": "",
+        "release_send_failed": "",
+        "reset_f2b_regex": "",
+        "resource_invalid": "",
+        "rspamd_ui_pw_length": "",
+        "script_empty": "",
+        "sender_acl_invalid": "",
+        "set_acl_failed": "",
+        "settings_map_invalid": "",
+        "sieve_error": "",
+        "spam_learn_error": "",
+        "subject_empty": "",
+        "target_domain_invalid": "",
+        "targetd_not_found": "",
+        "template_name_invalid": "",
+        "temp_error": "",
+        "totp_verification_failed": "",
+        "transport_dest_exists": "",
+        "webauthn_verification_failed": "",
+        "webauthn_publickey_failed": "",
+        "webauthn_username_failed": "",
+        "unknown": "",
+        "unknown_tfa_method": "",
+        "unlimited_quota_acl": "",
+        "is_alias_or_mailbox": "",
+        "targetd_relay_domain": "",
+        "template_exists": "",
+        "template_id_invalid": "",
+        "no_user_defined": "",
+        "bcc_must_be_email": "",
+        "comment_too_long": "",
+        "defquota_empty": "",
+        "demo_mode_enabled": "",
+        "description_invalid": "",
+        "dkim_domain_or_sel_exists": "",
+        "dkim_domain_or_sel_invalid": "",
+        "img_invalid": "",
+        "img_tmp_missing": "",
+        "invalid_bcc_map_type": "",
+        "invalid_destination": "",
+        "invalid_filter_type": "",
+        "invalid_host": "",
+        "invalid_mime_type": "",
+        "invalid_nexthop": "",
+        "invalid_nexthop_authenticated": "",
+        "invalid_recipient_map_new": "",
+        "invalid_recipient_map_old": "",
+        "ip_list_empty": "",
+        "is_alias": "",
+        "max_mailbox_exceeded": "",
+        "max_quota_in_use": "",
+        "maxquota_empty": "",
+        "network_host_invalid": "",
+        "username_invalid": "",
+        "validity_missing": "",
+        "value_missing": "",
+        "yotp_verification_failed": "",
+        "nginx_reload_failed": "",
+        "filter_type": "",
+        "mysql_error": ""
+    },
+    "debug": {
+        "architecture": "",
+        "started_at": "",
+        "started_on": "",
+        "error_show_ip": "",
+        "external_logs": "",
+        "chart_this_server": "",
+        "containers_info": "",
+        "container_running": "",
+        "container_disabled": "",
+        "online_users": "",
+        "last_modified": "",
+        "login_time": "",
+        "logs": "",
+        "memory": "",
+        "container_stopped": "",
+        "cores": "",
+        "current_time": "",
+        "disk_usage": "",
+        "docs": "",
+        "history_all_servers": "",
+        "in_memory_logs": "",
+        "jvm_memory_solr": "",
+        "log_info": "",
+        "show_ip": "",
+        "size": "",
+        "solr_dead": "",
+        "solr_status": "",
+        "static_logs": "",
+        "success": "",
+        "system_containers": "",
+        "timezone": "",
+        "uptime": "",
+        "update_available": "",
+        "no_update_available": "",
+        "update_failed": "",
+        "username": "",
+        "wip": "",
+        "restart_container": "",
+        "service": ""
+    },
+    "tfa": {
+        "delete_tfa": "",
+        "none": "",
+        "error_code": "",
+        "authenticators": "",
+        "confirm_totp_token": "",
+        "init_webauthn": "",
+        "key_id": "",
+        "select": "",
+        "tfa_token_invalid": "",
+        "u2f_deprecated_important": "",
+        "disable_tfa": "",
+        "enter_qr_code": "",
+        "key_id_totp": "",
+        "reload_retry": "",
+        "scan_qr_code": "",
+        "set_tfa": "",
+        "start_webauthn_validation": "",
+        "tfa": "",
+        "totp": "",
+        "u2f_deprecated": "",
+        "webauthn": "",
+        "waiting_usb_auth": "",
+        "waiting_usb_register": "",
+        "yubi_otp": "",
+        "confirm": "",
+        "api_register": ""
+    },
+    "datatables": {
+        "thousands": "",
+        "lengthMenu": "",
+        "loadingRecords": "",
+        "processing": "",
+        "search": "",
+        "zeroRecords": "",
+        "paginate": {
+            "first": "",
+            "last": "",
+            "previous": "",
+            "next": ""
+        },
+        "aria": {
+            "sortAscending": "",
+            "sortDescending": ""
+        },
+        "emptyTable": "",
+        "expand_all": "",
+        "info": "",
+        "infoEmpty": "",
+        "infoFiltered": "",
+        "collapse_all": "",
+        "infoPostFix": "",
+        "decimal": ""
+    },
+    "ratelimit": {
+        "minute": "",
+        "disabled": "",
+        "second": "",
+        "hour": "",
+        "day": ""
+    },
+    "fido2": {
+        "confirm": "",
+        "fido2_validation_failed": "",
+        "fn": "",
+        "known_ids": "",
+        "none": "",
+        "register_status": "",
+        "rename": "",
+        "set_fido2": "",
+        "fido2_auth": "",
+        "fido2_success": "",
+        "set_fido2_touchid": "",
+        "set_fn": "",
+        "start_fido2_validation": ""
     }
 }
diff --git a/data/web/lang/lang.it-it.json b/data/web/lang/lang.it-it.json
index f65278402..5ec671d23 100644
--- a/data/web/lang/lang.it-it.json
+++ b/data/web/lang/lang.it-it.json
@@ -341,7 +341,17 @@
         "rsettings_preset_4": "Disattivare Rspamd per un dominio",
         "options": "Opzioni",
         "cors_settings": "Impostazioni CORS",
-        "copy_to_clipboard": "Testo copiato negli appunti!"
+        "copy_to_clipboard": "Testo copiato negli appunti!",
+        "logo_normal_label": "",
+        "logo_dark_label": "",
+        "f2b_manage_external": "",
+        "f2b_manage_external_info": "",
+        "allowed_methods": "",
+        "allowed_origins": "",
+        "ip_check": "",
+        "ip_check_disabled": "",
+        "ip_check_opt_in": "",
+        "queue_unban": ""
     },
     "danger": {
         "access_denied": "Accesso negato o form di login non corretto",
@@ -466,7 +476,13 @@
         "template_exists": "Il template %s esiste già",
         "template_id_invalid": "Il template con ID %s non è valido",
         "img_dimensions_exceeded": "L'immagine supera la dimensione massima consentita",
-        "img_size_exceeded": "L'immagine supera la dimensione massima del file"
+        "img_size_exceeded": "L'immagine supera la dimensione massima del file",
+        "webauthn_authenticator_failed": "",
+        "webauthn_username_failed": "",
+        "cors_invalid_method": "",
+        "cors_invalid_origin": "",
+        "webauthn_publickey_failed": "",
+        "extended_sender_acl_denied": ""
     },
     "debug": {
         "chart_this_server": "Grafico (questo server)",
@@ -503,7 +519,11 @@
         "memory": "Memoria",
         "timezone": "Fuso orario",
         "no_update_available": "Il sistema è aggiornato all'ultima versione",
-        "update_failed": "Impossibile verificare la presenza di un aggiornamento"
+        "update_failed": "Impossibile verificare la presenza di un aggiornamento",
+        "architecture": "",
+        "show_ip": "",
+        "wip": "",
+        "error_show_ip": ""
     },
     "diagnostics": {
         "cname_from_a": "Valore letto dal record A/AAAA. Questo è supportato finché il record punta alla risorsa corretta.",
@@ -632,7 +652,20 @@
         "last_modified": "Ultima modifica",
         "pushover_sound": "Suono",
         "custom_attributes": "Attributi personalizzati",
-        "domain_footer_skip_replies": "Ignora il piè di pagina nelle e-mail di risposta"
+        "domain_footer_skip_replies": "Ignora il piè di pagina nelle e-mail di risposta",
+        "footer_exclude": "",
+        "domain_footer_info_vars": {
+            "custom": "",
+            "auth_user": "",
+            "from_user": "",
+            "from_name": "",
+            "from_addr": "",
+            "from_domain": ""
+        },
+        "domain_footer": "",
+        "domain_footer_html": "",
+        "domain_footer_plain": "",
+        "domain_footer_info": ""
     },
     "fido2": {
         "confirm": "Conferma",
@@ -939,7 +972,9 @@
         "show_message": "Mostra messaggio",
         "unhold_mail": "Sblocca",
         "hold_mail_legend": "Blocca le mail selezionate. (Previene ulteriori tentativi di consegna)",
-        "legend": "Funzioni delle azioni della coda di posta:"
+        "legend": "Funzioni delle azioni della coda di posta:",
+        "unban": "",
+        "unhold_mail_legend": ""
     },
     "start": {
         "help": "Mostra/Nascondi pannello di aiuto",
@@ -1028,7 +1063,10 @@
         "template_added": "Aggiunto template %s",
         "template_modified": "Le modifiche al template %s sono state salvate",
         "template_removed": "Il template con ID %s è stato cancellato",
-        "f2b_banlist_refreshed": "L'ID della lista blocchi è stato aggiornato con successo."
+        "f2b_banlist_refreshed": "L'ID della lista blocchi è stato aggiornato con successo.",
+        "domain_footer_modified": "",
+        "ip_check_opt_in_modified": "",
+        "cors_headers_edited": ""
     },
     "tfa": {
         "api_register": "%s usa le API Yubico Cloud. Richiedi una chiave API <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">qui</a>",
@@ -1264,6 +1302,8 @@
         "aria": {
             "sortAscending": ": attivare l'ordinamento crescente delle colonne",
             "sortDescending": ": attivare l'ordinamento decrescente delle colonne"
-        }
+        },
+        "decimal": "",
+        "infoPostFix": ""
     }
 }
diff --git a/data/web/lang/lang.ko-kr.json b/data/web/lang/lang.ko-kr.json
index 3f3cb1535..a8c9b6c6d 100644
--- a/data/web/lang/lang.ko-kr.json
+++ b/data/web/lang/lang.ko-kr.json
@@ -25,7 +25,10 @@
         "syncjobs": "동기화 작업",
         "tls_policy": "TLS 정책",
         "unlimited_quota": "메일에 무제한 할당",
-        "domain_desc": "도메인 설명 변경"
+        "domain_desc": "도메인 설명 변경",
+        "domain_relayhost": "",
+        "mailbox_relayhost": "",
+        "quarantine_category": ""
     },
     "add": {
         "activate_filter_warn": "활성화가 체크되어 있으면 모든 다른 필터들은 비활성화됩니다.",
@@ -101,7 +104,11 @@
         "timeout2": "로컬 호스트 연결 시간 초과",
         "username": "사용자명",
         "validate": "확인하기",
-        "validation_success": "성공적으로 확인됨"
+        "validation_success": "성공적으로 확인됨",
+        "dry": "",
+        "tags": "",
+        "app_passwd_protocols": "",
+        "bcc_dest_format": ""
     },
     "admin": {
         "access": "접근",
@@ -301,7 +308,50 @@
         "username": "사용자 이름",
         "validate_license_now": "라이선스 서버와 GUID 확인",
         "verify": "확인",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "is_mx_based": "",
+        "optional": "",
+        "oauth2_apps": "",
+        "logo_normal_label": "",
+        "logo_dark_label": "",
+        "f2b_manage_external": "",
+        "copy_to_clipboard": "",
+        "domain_admin": "",
+        "f2b_ban_time_increment": "",
+        "f2b_manage_external_info": "",
+        "f2b_max_ban_time": "",
+        "login_time": "",
+        "oauth2_add_client": "",
+        "allowed_methods": "",
+        "allowed_origins": "",
+        "cors_settings": "",
+        "dkim_overwrite_key": "",
+        "f2b_filter": "",
+        "f2b_regex_info": "",
+        "html": "",
+        "options": "",
+        "password_length": "",
+        "password_policy": "",
+        "ip_check": "",
+        "ip_check_disabled": "",
+        "ip_check_opt_in": "",
+        "queue_unban": "",
+        "service": "",
+        "transport_test_rcpt_info": "",
+        "password_policy_chars": "",
+        "password_policy_length": "",
+        "password_policy_lowerupper": "",
+        "password_policy_numbers": "",
+        "password_policy_special_chars": "",
+        "quarantine_max_score": "",
+        "relay_rcpt": "",
+        "rsettings_preset_4": "",
+        "success": "",
+        "admins": "",
+        "admins_ldap": "",
+        "api_read_only": "",
+        "api_read_write": "",
+        "convert_html_to_text": ""
     },
     "danger": {
         "access_denied": "접근이 거부되거나 잘못된 데이터 양식",
@@ -415,7 +465,24 @@
         "username_invalid": "%s는 사용지 이름으로 사용할 수 없습니다.",
         "validity_missing": "유효 기간을 지정해주세요.",
         "value_missing": "모든 값을 입력해주세요.",
-        "yotp_verification_failed": "Yubico OTP 검증 실패: %s"
+        "yotp_verification_failed": "Yubico OTP 검증 실패: %s",
+        "cors_invalid_method": "",
+        "cors_invalid_origin": "",
+        "img_dimensions_exceeded": "",
+        "img_size_exceeded": "",
+        "webauthn_authenticator_failed": "",
+        "webauthn_publickey_failed": "",
+        "webauthn_username_failed": "",
+        "fido2_verification_failed": "",
+        "nginx_reload_failed": "",
+        "template_exists": "",
+        "template_id_invalid": "",
+        "template_name_invalid": "",
+        "demo_mode_enabled": "",
+        "dkim_domain_or_sel_exists": "",
+        "reset_f2b_regex": "",
+        "tfa_token_invalid": "",
+        "extended_sender_acl_denied": ""
     },
     "debug": {
         "chart_this_server": "Chart (this server)",
@@ -437,7 +504,26 @@
         "uptime": "Uptime",
         "started_on": "Started on",
         "static_logs": "Static logs",
-        "system_containers": "System & Containers"
+        "system_containers": "System & Containers",
+        "container_running": "",
+        "architecture": "",
+        "container_disabled": "",
+        "cores": "",
+        "current_time": "",
+        "error_show_ip": "",
+        "memory": "",
+        "online_users": "",
+        "service": "",
+        "show_ip": "",
+        "success": "",
+        "timezone": "",
+        "update_available": "",
+        "no_update_available": "",
+        "update_failed": "",
+        "username": "",
+        "wip": "",
+        "login_time": "",
+        "container_stopped": ""
     },
     "diagnostics": {
         "cname_from_a": "Value derived from A/AAAA record. This is supported as long as the record points to the correct resource.",
@@ -447,7 +533,8 @@
         "dns_records_name": "Name",
         "dns_records_status": "Current State",
         "dns_records_type": "Type",
-        "optional": "This record is optional."
+        "optional": "This record is optional.",
+        "dns_records_docs": ""
     },
     "edit": {
         "active": "Active",
@@ -545,7 +632,40 @@
         "title": "Edit object",
         "unchanged_if_empty": "If unchanged leave blank",
         "username": "Username",
-        "validate_save": "Validate and save"
+        "validate_save": "Validate and save",
+        "lookup_mx": "",
+        "footer_exclude": "",
+        "domain_footer_skip_replies": "",
+        "custom_attributes": "",
+        "domain_footer_info_vars": {
+            "from_addr": "",
+            "auth_user": "",
+            "from_user": "",
+            "from_name": "",
+            "from_domain": "",
+            "custom": ""
+        },
+        "domain_footer": "",
+        "domain_footer_html": "",
+        "domain_footer_info": "",
+        "acl": "",
+        "admin": "",
+        "allow_from_smtp": "",
+        "allow_from_smtp_info": "",
+        "allowed_protocols": "",
+        "app_passwd_protocols": "",
+        "domain_footer_plain": "",
+        "created_on": "",
+        "sogo_access": "",
+        "sogo_access_info": "",
+        "spam_filter": "",
+        "mailbox_relayhost_info": "",
+        "none_inherit": "",
+        "pushover": "",
+        "pushover_sound": "",
+        "quota_warning_bcc": "",
+        "quota_warning_bcc_info": "",
+        "ratelimit": ""
     },
     "footer": {
         "cancel": "Cancel",
@@ -558,7 +678,9 @@
         "restart_container": "Restart container",
         "restart_container_info": "<b>Important:</b> A graceful restart may take a while to complete, please wait for it to finish.",
         "restart_now": "Restart now",
-        "restarting_container": "Restarting container, this may take a while"
+        "restarting_container": "Restarting container, this may take a while",
+        "nothing_selected": "",
+        "hibp_check": ""
     },
     "header": {
         "administration": "Configuration & Details",
@@ -569,7 +691,8 @@
         "quarantine": "Quarantine",
         "restart_netfilter": "Restart netfilter",
         "restart_sogo": "Restart SOGo",
-        "user_settings": "User Settings"
+        "user_settings": "User Settings",
+        "mailcow_system": ""
     },
     "info": {
         "awaiting_tfa_confirmation": "Awaiting TFA confirmation",
@@ -581,7 +704,9 @@
         "login": "Login",
         "mobileconfig_info": "Please login as mailbox user to download the requested Apple connection profile.",
         "password": "Password",
-        "username": "Username"
+        "username": "Username",
+        "fido2_webauthn": "",
+        "other_logins": ""
     },
     "mailbox": {
         "action": "조치",
@@ -722,7 +847,41 @@
         "username": "Username",
         "waiting": "Waiting",
         "weekly": "Weekly",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "domain_templates": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "allow_from_smtp_info": "",
+        "catch_all": "",
+        "goto_spam": "",
+        "last_pw_change": "",
+        "mailbox_defaults": "",
+        "mailbox_templates": "",
+        "open_logs": "",
+        "sender": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "templates": "",
+        "template": "",
+        "q_reject": "",
+        "q_all": "",
+        "quarantine_category": "",
+        "recipient": "",
+        "add_alias_expand": "",
+        "add_template": "",
+        "all_domains": "",
+        "allow_from_smtp": "",
+        "created_on": "",
+        "goto_ham": "",
+        "mailbox_defaults_info": "",
+        "q_add_header": "",
+        "allowed_protocols": "",
+        "relay_unknown": ""
     },
     "oauth2": {
         "access_denied": "Please login as mailbox owner to grant access via OAuth2.",
@@ -774,10 +933,33 @@
         "table_size_show_n": "%s개 항목 보기",
         "text_from_html_content": "내용 (converted html)",
         "text_plain_content": "내용 (text/plain)",
-        "toggle_all": "선택 반전"
+        "toggle_all": "선택 반전",
+        "rejected": "",
+        "quick_info_link": "",
+        "rewrite_subject": "",
+        "confirm": "",
+        "deliver_inbox": "",
+        "info": "",
+        "junk_folder": "",
+        "settings_info": "",
+        "type": "",
+        "spam": ""
     },
     "queue": {
-        "queue_manager": "대기열 관리자"
+        "queue_manager": "대기열 관리자",
+        "deliver_mail": "",
+        "deliver_mail_legend": "",
+        "hold_mail": "",
+        "hold_mail_legend": "",
+        "show_message": "",
+        "unhold_mail": "",
+        "unhold_mail_legend": "",
+        "unban": "",
+        "delete": "",
+        "flush": "",
+        "info": "",
+        "legend": "",
+        "ays": ""
     },
     "start": {
         "help": "Show/Hide help panel",
@@ -858,7 +1040,18 @@
         "upload_success": "File uploaded successfully",
         "verified_totp_login": "Verified TOTP login",
         "verified_webauthn_login": "Verified WebAuthn login",
-        "verified_yotp_login": "Verified Yubico OTP login"
+        "verified_yotp_login": "Verified Yubico OTP login",
+        "f2b_banlist_refreshed": "",
+        "ip_check_opt_in_modified": "",
+        "domain_footer_modified": "",
+        "domain_add_dkim_available": "",
+        "template_added": "",
+        "template_modified": "",
+        "cors_headers_edited": "",
+        "template_removed": "",
+        "nginx_reloaded": "",
+        "password_policy_saved": "",
+        "verified_fido2_login": ""
     },
     "tfa": {
         "api_register": "%s uses the Yubico Cloud API. Please get an API key for your key <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">here</a>",
@@ -882,7 +1075,11 @@
         "webauthn": "WebAuthn authentication",
         "waiting_usb_auth": "<i>Waiting for USB device...</i><br><br>Please tap the button on your WebAuthn USB device now.",
         "waiting_usb_register": "<i>Waiting for USB device...</i><br><br>Please enter your password above and confirm your WebAuthn registration by tapping the button on your WebAuthn USB device.",
-        "yubi_otp": "Yubico OTP authentication"
+        "yubi_otp": "Yubico OTP authentication",
+        "authenticators": "",
+        "tfa_token_invalid": "",
+        "u2f_deprecated": "",
+        "u2f_deprecated_important": ""
     },
     "user": {
         "action": "조치",
@@ -1006,7 +1203,47 @@
         "waiting": "대기중",
         "week": "주",
         "weekly": "매주",
-        "weeks": "주"
+        "weeks": "주",
+        "mailbox": "",
+        "q_all": "",
+        "q_reject": "",
+        "recent_successful_connections": "",
+        "open_logs": "",
+        "syncjob_check_log": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "open_webmail_sso": "",
+        "value": "",
+        "q_add_header": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "apple_connection_profile_with_app_password": "",
+        "attribute": "",
+        "change_password_hint_app_passwords": "",
+        "clear_recent_successful_connections": "",
+        "created_on": "",
+        "direct_protocol_access": "",
+        "fido2_webauthn": "",
+        "last_pw_change": "",
+        "last_ui_login": "",
+        "login_history": "",
+        "mailbox_general": "",
+        "mailbox_settings": "",
+        "month": "",
+        "pushover_sound": "",
+        "quarantine_category": "",
+        "quarantine_category_info": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "with_app_password": "",
+        "years": "",
+        "syncjob_last_run_result": "",
+        "empty": "",
+        "allowed_protocols": "",
+        "from": "",
+        "months": "",
+        "year": ""
     },
     "warning": {
         "cannot_delete_self": "Cannot delete logged in user",
@@ -1018,6 +1255,55 @@
         "no_active_admin": "Cannot deactivate last active admin",
         "quota_exceeded_scope": "Domain quota exceeded: Only unlimited mailboxes can be created in this domain scope.",
         "session_token": "Form token invalid: Token mismatch",
-        "session_ua": "Form token invalid: User-Agent validation error"
+        "session_ua": "Form token invalid: User-Agent validation error",
+        "is_not_primary_alias": ""
+    },
+    "datatables": {
+        "infoPostFix": "",
+        "decimal": "",
+        "collapse_all": "",
+        "emptyTable": "",
+        "loadingRecords": "",
+        "processing": "",
+        "zeroRecords": "",
+        "info": "",
+        "infoEmpty": "",
+        "infoFiltered": "",
+        "thousands": "",
+        "search": "",
+        "aria": {
+            "sortAscending": "",
+            "sortDescending": ""
+        },
+        "expand_all": "",
+        "lengthMenu": "",
+        "paginate": {
+            "first": "",
+            "last": "",
+            "next": "",
+            "previous": ""
+        }
+    },
+    "fido2": {
+        "fido2_validation_failed": "",
+        "fn": "",
+        "known_ids": "",
+        "none": "",
+        "register_status": "",
+        "rename": "",
+        "set_fido2": "",
+        "set_fido2_touchid": "",
+        "set_fn": "",
+        "start_fido2_validation": "",
+        "confirm": "",
+        "fido2_auth": "",
+        "fido2_success": ""
+    },
+    "ratelimit": {
+        "disabled": "",
+        "second": "",
+        "minute": "",
+        "hour": "",
+        "day": ""
     }
 }
diff --git a/data/web/lang/lang.lt-lt.json b/data/web/lang/lang.lt-lt.json
index f5413b1a9..11d6cd7fc 100644
--- a/data/web/lang/lang.lt-lt.json
+++ b/data/web/lang/lang.lt-lt.json
@@ -27,7 +27,8 @@
         "mailbox_relayhost": "Pakeisti siuntimo serverį pašto dėžutei",
         "prohibited": "Draudžiama pagal ACL",
         "spam_alias": "Laikini slapyvardžiai",
-        "syncjobs": "Sinchronizuoti darbus"
+        "syncjobs": "Sinchronizuoti darbus",
+        "pushover": ""
     },
     "add": {
         "active": "Aktyvus",
@@ -72,7 +73,42 @@
         "domain_matches_hostname": "Domenas %s atitinka serverio vardą",
         "exclude": "Išskirti objektus (regex)",
         "gal": "Visuotinis adresų sąrašas",
-        "gal_info": "GAL (Global Address List) apima visus domeno objektus ir jų negali redaguoti joks vartotojas. SOGo trūksta laisvosios/užimtosios informacijos, jei tai išjungta! <b>Perkraukite SOGo, kad pritaikytumėte pakeitimus.</b>"
+        "gal_info": "GAL (Global Address List) apima visus domeno objektus ir jų negali redaguoti joks vartotojas. SOGo trūksta laisvosios/užimtosios informacijos, jei tai išjungta! <b>Perkraukite SOGo, kad pritaikytumėte pakeitimus.</b>",
+        "comment_info": "",
+        "goto_ham": "",
+        "hostname": "",
+        "kind": "",
+        "mailbox_quota_m": "",
+        "mailbox_username": "",
+        "max_aliases": "",
+        "max_mailboxes": "",
+        "mins_interval": "",
+        "syncjob_hint": "",
+        "tags": "",
+        "target_address": "",
+        "target_address_info": "",
+        "target_domain": "",
+        "timeout1": "",
+        "timeout2": "",
+        "username": "",
+        "validate": "",
+        "validation_success": "",
+        "multiple_bookings": "",
+        "nexthop": "",
+        "port": "",
+        "post_domain_add": "",
+        "private_comment": "",
+        "public_comment": "",
+        "quota_mb": "",
+        "relay_all": "",
+        "relay_all_info": "",
+        "relay_domain": "",
+        "relay_transport_info": "",
+        "relay_unknown_only": "",
+        "relayhost_wrapped_tls_info": "",
+        "skipcrossduplicates": "",
+        "subscribeall": "",
+        "syncjob": ""
     },
     "admin": {
         "access": "Prieiga",
@@ -175,7 +211,147 @@
         "f2b_blacklist": "Tinklai juodajame saraše",
         "loading": "Prašau palaukite...",
         "password_policy_lowerupper": "Privalo turėti mažuosius ir didžiuosius ženklus/raides",
-        "relay_from": "„Nuo:“ adresas"
+        "relay_from": "„Nuo:“ adresas",
+        "activate_api": "",
+        "api_read_write": "",
+        "api_skip_ip_check": "",
+        "credentials_transport_warning": "",
+        "customize": "",
+        "destination": "",
+        "dkim_add_key": "",
+        "dkim_domains_selector": "",
+        "dkim_domains_wo_keys": "",
+        "dkim_from_title": "",
+        "dkim_key_missing": "",
+        "dkim_key_unused": "",
+        "dkim_to_title": "",
+        "forwarding_hosts": "",
+        "guid": "",
+        "guid_and_license": "",
+        "logo_info": "",
+        "lookup_mx": "",
+        "main_name": "",
+        "merged_vars_hint": "",
+        "no_active_bans": "",
+        "no_new_rows": "",
+        "oauth2_client_secret": "",
+        "oauth2_redirect_uri": "",
+        "oauth2_revoke_tokens": "",
+        "password_policy": "",
+        "quarantine_bcc": "",
+        "queue_unban": "",
+        "r_info": "",
+        "rate_name": "",
+        "recipients": "",
+        "regex_maps": "",
+        "relayhosts": "",
+        "remove_row": "",
+        "reset_default": "",
+        "rspamd_global_filters_regex": "",
+        "rspamd_settings_map": "",
+        "service": "",
+        "service_id": "",
+        "subject": "",
+        "success": "",
+        "sys_mails": "",
+        "title": "",
+        "title_name": "",
+        "transport_dest_format": "",
+        "transport_maps": "",
+        "ui_texts": "",
+        "unban_pending": "",
+        "unchanged_if_empty": "",
+        "validate_license_now": "",
+        "activate_send": "",
+        "active_rspamd_settings_map": "",
+        "add_forwarding_host": "",
+        "add_relayhost": "",
+        "add_relayhost_hint": "",
+        "add_row": "",
+        "add_transport": "",
+        "add_transports_hint": "",
+        "additional_rows": "",
+        "admin_domains": "",
+        "advanced_settings": "",
+        "allowed_methods": "",
+        "allowed_origins": "",
+        "api_allow_from": "",
+        "api_info": "",
+        "api_read_only": "",
+        "app_links": "",
+        "app_name": "",
+        "apps_name": "",
+        "arrival_time": "",
+        "authed_user": "",
+        "ays": "",
+        "ban_list_info": "",
+        "change_logo": "",
+        "logo_normal_label": "",
+        "logo_dark_label": "",
+        "configuration": "",
+        "excludes": "",
+        "f2b_ban_time": "",
+        "f2b_ban_time_increment": "",
+        "f2b_list_info": "",
+        "f2b_manage_external": "",
+        "f2b_manage_external_info": "",
+        "f2b_max_attempts": "",
+        "f2b_max_ban_time": "",
+        "f2b_netban_ipv4": "",
+        "f2b_netban_ipv6": "",
+        "f2b_regex_info": "",
+        "f2b_retry_window": "",
+        "forwarding_hosts_add_hint": "",
+        "forwarding_hosts_hint": "",
+        "hash_remove_info": "",
+        "help_text": "",
+        "host": "",
+        "in_use_by": "",
+        "include_exclude": "",
+        "include_exclude_info": "",
+        "includes": "",
+        "ip_check": "",
+        "ip_check_disabled": "",
+        "ip_check_opt_in": "",
+        "is_mx_based": "",
+        "last_applied": "",
+        "license_info": "",
+        "link": "",
+        "oauth2_info": "",
+        "priority": "",
+        "quarantine_exclude_domains": "",
+        "quarantine_max_age": "",
+        "quarantine_max_score": "",
+        "quarantine_max_size": "",
+        "quarantine_notification_html": "",
+        "quarantine_notification_subject": "",
+        "quarantine_redirect": "",
+        "quarantine_release_format": "",
+        "quarantine_retention_size": "",
+        "quota_notification_html": "",
+        "quota_notification_sender": "",
+        "quota_notification_subject": "",
+        "quota_notifications_info": "",
+        "quota_notifications_vars": "",
+        "relayhosts_hint": "",
+        "reset_limit": "",
+        "routing": "",
+        "rsetting_content": "",
+        "rsetting_no_selection": "",
+        "rsetting_none": "",
+        "rsettings_insert_preset": "",
+        "rsettings_preset_1": "",
+        "rsettings_preset_2": "",
+        "rsettings_preset_3": "",
+        "rsettings_preset_4": "",
+        "rspamd_com_settings": "",
+        "rspamd_global_filters": "",
+        "rspamd_global_filters_info": "",
+        "transport_test_rcpt_info": "",
+        "transports_hint": "",
+        "ui_footer": "",
+        "ui_header_announcement_active": "",
+        "ui_header_announcement_help": ""
     },
     "danger": {
         "demo_mode_enabled": "Demo Režimas įjungtas",
@@ -194,12 +370,250 @@
         "mailbox_quota_left_exceeded": "Per mažai vietos diske (liko %d MiB)",
         "comment_too_long": "Komentaeas per ilgas, maksimalus leistinas simbolių skaičius yra 160",
         "nginx_reload_failed": "Nginx perkrovimas nepavyko: %s",
-        "invalid_filter_type": "Netinkamas filtro tipas"
+        "invalid_filter_type": "Netinkamas filtro tipas",
+        "access_denied": "",
+        "alias_domain_invalid": "",
+        "alias_empty": "",
+        "alias_goto_identical": "",
+        "alias_invalid": "",
+        "aliasd_targetd_identical": "",
+        "aliases_in_use": "",
+        "app_name_empty": "",
+        "global_filter_write_error": "",
+        "global_map_invalid": "",
+        "global_map_write_error": "",
+        "no_user_defined": "",
+        "app_passwd_id_invalid": "",
+        "bcc_empty": "",
+        "bcc_exists": "",
+        "bcc_must_be_email": "",
+        "cors_invalid_method": "",
+        "cors_invalid_origin": "",
+        "defquota_empty": "",
+        "dkim_domain_or_sel_exists": "",
+        "dkim_domain_or_sel_invalid": "",
+        "domain_cannot_match_hostname": "",
+        "domain_not_empty": "",
+        "extended_sender_acl_denied": "",
+        "extra_acl_invalid": "",
+        "extra_acl_invalid_domain": "",
+        "fido2_verification_failed": "",
+        "from_invalid": "",
+        "goto_empty": "",
+        "goto_invalid": "",
+        "ham_learn_error": "",
+        "imagick_exception": "",
+        "img_dimensions_exceeded": "",
+        "img_size_exceeded": "",
+        "img_tmp_missing": "",
+        "invalid_bcc_map_type": "",
+        "invalid_destination": "",
+        "invalid_host": "",
+        "invalid_nexthop": "",
+        "invalid_nexthop_authenticated": "",
+        "invalid_recipient_map_new": "",
+        "invalid_recipient_map_old": "",
+        "ip_list_empty": "",
+        "is_alias": "",
+        "is_alias_or_mailbox": "",
+        "is_spam_alias": "",
+        "last_key": "",
+        "mailbox_invalid": "",
+        "mailbox_quota_exceeded": "",
+        "mailbox_quota_exceeds_domain_quota": "",
+        "mailboxes_in_use": "",
+        "malformed_username": "",
+        "map_content_empty": "",
+        "max_alias_exceeded": "",
+        "max_mailbox_exceeded": "",
+        "max_quota_in_use": "",
+        "maxquota_empty": "",
+        "network_host_invalid": "",
+        "next_hop_interferes": "",
+        "next_hop_interferes_any": "",
+        "object_exists": "",
+        "object_is_not_numeric": "",
+        "password_complexity": "",
+        "password_empty": "",
+        "password_mismatch": "",
+        "policy_list_from_exists": "",
+        "policy_list_from_invalid": "",
+        "private_key_error": "",
+        "pushover_credentials_missing": "",
+        "pushover_key": "",
+        "pushover_token": "",
+        "quota_not_0_not_numeric": "",
+        "recipient_map_entry_exists": "",
+        "redis_error": "",
+        "relayhost_invalid": "",
+        "release_send_failed": "",
+        "reset_f2b_regex": "",
+        "resource_invalid": "",
+        "rl_timeframe": "",
+        "rspamd_ui_pw_length": "",
+        "script_empty": "",
+        "sender_acl_invalid": "",
+        "set_acl_failed": "",
+        "settings_map_invalid": "",
+        "sieve_error": "",
+        "spam_learn_error": "",
+        "subject_empty": "",
+        "target_domain_invalid": "",
+        "targetd_not_found": "",
+        "targetd_relay_domain": "",
+        "template_exists": "",
+        "template_id_invalid": "",
+        "template_name_invalid": "",
+        "temp_error": "",
+        "text_empty": "",
+        "tfa_token_invalid": "",
+        "tls_policy_map_dest_invalid": "",
+        "tls_policy_map_entry_exists": "",
+        "tls_policy_map_parameter_invalid": "",
+        "totp_verification_failed": "",
+        "transport_dest_exists": "",
+        "webauthn_verification_failed": "",
+        "webauthn_authenticator_failed": "",
+        "webauthn_publickey_failed": "",
+        "webauthn_username_failed": "",
+        "unknown": "",
+        "unknown_tfa_method": "",
+        "unlimited_quota_acl": "",
+        "username_invalid": "",
+        "validity_missing": "",
+        "value_missing": "",
+        "yotp_verification_failed": ""
     },
     "edit": {
         "validate_save": "Patikrinti ir išsaugoti",
         "unchanged_if_empty": "Jei nepakeista, palikite tuščią",
-        "username": "Naudotojo vardas"
+        "username": "Naudotojo vardas",
+        "kind": "",
+        "nexthop": "",
+        "ratelimit": "",
+        "remove": "",
+        "acl": "",
+        "active": "",
+        "admin": "",
+        "advanced_settings": "",
+        "alias": "",
+        "allow_from_smtp": "",
+        "allow_from_smtp_info": "",
+        "allowed_protocols": "",
+        "app_name": "",
+        "app_passwd": "",
+        "app_passwd_protocols": "",
+        "automap": "",
+        "backup_mx_options": "",
+        "bcc_dest_format": "",
+        "client_id": "",
+        "client_secret": "",
+        "comment_info": "",
+        "created_on": "",
+        "custom_attributes": "",
+        "delete1": "",
+        "delete2": "",
+        "delete2duplicates": "",
+        "delete_ays": "",
+        "description": "",
+        "disable_login": "",
+        "domain": "",
+        "domain_admin": "",
+        "domain_footer": "",
+        "domain_footer_html": "",
+        "domain_footer_info": "",
+        "domain_footer_info_vars": {
+            "auth_user": "",
+            "from_user": "",
+            "from_name": "",
+            "from_addr": "",
+            "from_domain": "",
+            "custom": ""
+        },
+        "domain_footer_plain": "",
+        "domain_footer_skip_replies": "",
+        "domain_quota": "",
+        "domains": "",
+        "dont_check_sender_acl": "",
+        "edit_alias_domain": "",
+        "encryption": "",
+        "exclude": "",
+        "extended_sender_acl": "",
+        "extended_sender_acl_info": "",
+        "force_pw_update": "",
+        "force_pw_update_info": "",
+        "footer_exclude": "",
+        "full_name": "",
+        "gal": "",
+        "gal_info": "",
+        "generate": "",
+        "grant_types": "",
+        "hostname": "",
+        "inactive": "",
+        "last_modified": "",
+        "lookup_mx": "",
+        "mailbox": "",
+        "mailbox_quota_def": "",
+        "mailbox_relayhost_info": "",
+        "max_aliases": "",
+        "max_mailboxes": "",
+        "max_quota": "",
+        "maxage": "",
+        "maxbytespersecond": "",
+        "mbox_rl_info": "",
+        "mins_interval": "",
+        "multiple_bookings": "",
+        "none_inherit": "",
+        "password": "",
+        "password_repeat": "",
+        "previous": "",
+        "private_comment": "",
+        "public_comment": "",
+        "pushover": "",
+        "pushover_evaluate_x_prio": "",
+        "pushover_info": "",
+        "pushover_only_x_prio": "",
+        "pushover_sender_array": "",
+        "pushover_sender_regex": "",
+        "pushover_text": "",
+        "pushover_title": "",
+        "pushover_sound": "",
+        "pushover_vars": "",
+        "pushover_verify": "",
+        "quota_mb": "",
+        "quota_warning_bcc": "",
+        "quota_warning_bcc_info": "",
+        "redirect_uri": "",
+        "relay_all": "",
+        "relay_all_info": "",
+        "relay_domain": "",
+        "relay_transport_info": "",
+        "relay_unknown_only": "",
+        "relayhost": "",
+        "resource": "",
+        "save": "",
+        "scope": "",
+        "sender_acl": "",
+        "sender_acl_disabled": "",
+        "sender_acl_info": "",
+        "sieve_desc": "",
+        "sieve_type": "",
+        "skipcrossduplicates": "",
+        "sogo_access": "",
+        "sogo_access_info": "",
+        "sogo_visible": "",
+        "sogo_visible_info": "",
+        "spam_alias": "",
+        "spam_filter": "",
+        "spam_policy": "",
+        "spam_score": "",
+        "subfolder2": "",
+        "syncjob": "",
+        "target_address": "",
+        "target_domain": "",
+        "timeout1": "",
+        "timeout2": "",
+        "title": ""
     },
     "fido2": {
         "confirm": "Patvirtinti",
@@ -254,7 +668,8 @@
         "other_logins": "Prisijungimas raktu",
         "password": "Slaptažodis",
         "username": "Naudotojo vardas",
-        "mobileconfig_info": "Prašome prisijungti kaip pašto dėžutės vartotojui, kad galėtumėte atsisiųsti pageidaujamą „Apple“ ryšio profilį."
+        "mobileconfig_info": "Prašome prisijungti kaip pašto dėžutės vartotojui, kad galėtumėte atsisiųsti pageidaujamą „Apple“ ryšio profilį.",
+        "delayed": ""
     },
     "mailbox": {
         "action": "Veiksmas",
@@ -333,14 +748,156 @@
         "max_mailboxes": "Maks. galimų pašto dėžučių",
         "max_quota": "Maks. kvota kiekvienai pašto dėžutei",
         "mins_interval": "Intervalas (min)",
-        "msg_num": "Žinutė #"
+        "msg_num": "Žinutė #",
+        "bcc_info": "",
+        "bcc_rcpt_map": "",
+        "bcc_sender_map": "",
+        "bcc_to_rcpt": "",
+        "bcc_to_sender": "",
+        "created_on": "",
+        "dkim_domains_selector": "",
+        "empty": "",
+        "excludes": "",
+        "filter_table": "",
+        "force_pw_update": "",
+        "insert_preset": "",
+        "kind": "",
+        "last_mail_login": "",
+        "last_modified": "",
+        "last_pw_change": "",
+        "last_run": "",
+        "no_record_single": "",
+        "open_logs": "",
+        "status": "",
+        "yes": "",
+        "multiple_bookings": "",
+        "never": "",
+        "no": "",
+        "no_record": "",
+        "owner": "",
+        "private_comment": "",
+        "public_comment": "",
+        "q_add_header": "",
+        "q_all": "",
+        "q_reject": "",
+        "quarantine_category": "",
+        "quarantine_notification": "",
+        "quick_actions": "",
+        "recipient": "",
+        "recipient_map": "",
+        "recipient_map_info": "",
+        "recipient_map_new": "",
+        "recipient_map_new_info": "",
+        "recipient_map_old": "",
+        "recipient_map_old_info": "",
+        "recipient_maps": "",
+        "relay_all": "",
+        "relay_unknown": "",
+        "remove": "",
+        "resources": "",
+        "running": "",
+        "sender": "",
+        "set_postfilter": "",
+        "set_prefilter": "",
+        "sieve_info": "",
+        "sieve_preset_1": "",
+        "sieve_preset_2": "",
+        "sieve_preset_3": "",
+        "sieve_preset_4": "",
+        "sieve_preset_5": "",
+        "sieve_preset_6": "",
+        "sieve_preset_7": "",
+        "sieve_preset_8": "",
+        "sieve_preset_header": "",
+        "sogo_visible": "",
+        "sogo_visible_n": "",
+        "sogo_visible_y": "",
+        "spam_aliases": "",
+        "stats": "",
+        "sync_jobs": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "table_size": "",
+        "table_size_show_n": "",
+        "target_address": "",
+        "target_domain": "",
+        "templates": "",
+        "template": "",
+        "tls_enforce_in": "",
+        "tls_enforce_out": "",
+        "tls_map_dest": "",
+        "tls_map_dest_info": "",
+        "tls_map_parameters": "",
+        "tls_map_parameters_info": "",
+        "tls_map_policy": "",
+        "tls_policy_maps": "",
+        "tls_policy_maps_enforced_tls": "",
+        "tls_policy_maps_info": "",
+        "tls_policy_maps_long": "",
+        "toggle_all": "",
+        "username": "",
+        "waiting": "",
+        "weekly": ""
     },
     "quarantine": {
         "atts": "Priedaj",
         "check_hash": "Ieškoti failo Hash'o @ VT",
         "confirm": "Patvirtinti",
         "confirm_delete": "Patvirtinti šio elemento trynimą",
-        "danger": "Pavojus"
+        "danger": "Pavojus",
+        "text_plain_content": "",
+        "action": "",
+        "deliver_inbox": "",
+        "disabled_by_config": "",
+        "download_eml": "",
+        "empty": "",
+        "high_danger": "",
+        "info": "",
+        "junk_folder": "",
+        "learn_spam_delete": "",
+        "low_danger": "",
+        "medium_danger": "",
+        "neutral_danger": "",
+        "notified": "",
+        "qhandler_success": "",
+        "qid": "",
+        "qinfo": "",
+        "qitem": "",
+        "quarantine": "",
+        "quick_actions": "",
+        "quick_delete_link": "",
+        "quick_info_link": "",
+        "quick_release_link": "",
+        "rcpt": "",
+        "received": "",
+        "recipients": "",
+        "refresh": "",
+        "rejected": "",
+        "release": "",
+        "release_body": "",
+        "release_subject": "",
+        "remove": "",
+        "rewrite_subject": "",
+        "rspamd_result": "",
+        "sender": "",
+        "sender_header": "",
+        "settings_info": "",
+        "show_item": "",
+        "spam": "",
+        "spam_score": "",
+        "subj": "",
+        "table_size": "",
+        "table_size_show_n": "",
+        "text_from_html_content": "",
+        "toggle_all": "",
+        "type": ""
     },
     "success": {
         "domain_admin_added": "Pridėtas domeno administractorius %s",
@@ -349,6 +906,404 @@
         "domain_removed": "Domenas %s ištrintas",
         "dovecot_restart_success": "„Doveccot“ perkrautas",
         "domain_added": "Pridėtas domenas %s",
-        "domain_admin_modified": "Pakeitimai domeno adminustratoriui %s išsaugoti"
+        "domain_admin_modified": "Pakeitimai domeno adminustratoriui %s išsaugoti",
+        "bcc_saved": "",
+        "cors_headers_edited": "",
+        "db_init_complete": "",
+        "delete_filter": "",
+        "delete_filters": "",
+        "recipient_map_entry_deleted": "",
+        "recipient_map_entry_saved": "",
+        "relayhost_added": "",
+        "relayhost_removed": "",
+        "reset_main_logo": "",
+        "acl_saved": "",
+        "admin_added": "",
+        "admin_api_modified": "",
+        "admin_modified": "",
+        "admin_removed": "",
+        "alias_added": "",
+        "alias_domain_removed": "",
+        "alias_modified": "",
+        "alias_removed": "",
+        "aliasd_added": "",
+        "aliasd_modified": "",
+        "app_links": "",
+        "app_passwd_added": "",
+        "app_passwd_removed": "",
+        "bcc_deleted": "",
+        "bcc_edited": "",
+        "deleted_syncjob": "",
+        "deleted_syncjobs": "",
+        "dkim_added": "",
+        "domain_add_dkim_available": "",
+        "dkim_duplicated": "",
+        "dkim_removed": "",
+        "domain_footer_modified": "",
+        "eas_reset": "",
+        "f2b_banlist_refreshed": "",
+        "f2b_modified": "",
+        "forwarding_host_added": "",
+        "forwarding_host_removed": "",
+        "global_filter_written": "",
+        "hash_deleted": "",
+        "ip_check_opt_in_modified": "",
+        "item_deleted": "",
+        "item_released": "",
+        "items_deleted": "",
+        "items_released": "",
+        "learned_ham": "",
+        "license_modified": "",
+        "logged_in_as": "",
+        "mailbox_added": "",
+        "mailbox_modified": "",
+        "mailbox_removed": "",
+        "nginx_reloaded": "",
+        "object_modified": "",
+        "password_policy_saved": "",
+        "pushover_settings_edited": "",
+        "qlearn_spam": "",
+        "queue_command_success": "",
+        "resource_added": "",
+        "resource_modified": "",
+        "resource_removed": "",
+        "rl_saved": "",
+        "rspamd_ui_pw_set": "",
+        "saved_settings": "",
+        "settings_map_added": "",
+        "settings_map_removed": "",
+        "sogo_profile_reset": "",
+        "template_added": "",
+        "template_modified": "",
+        "template_removed": "",
+        "tls_policy_map_entry_deleted": "",
+        "tls_policy_map_entry_saved": "",
+        "ui_texts": "",
+        "upload_success": "",
+        "verified_fido2_login": "",
+        "verified_totp_login": "",
+        "verified_webauthn_login": "",
+        "verified_yotp_login": ""
+    },
+    "oauth2": {
+        "access_denied": "",
+        "authorize_app": "",
+        "deny": "",
+        "permit": "",
+        "profile": "",
+        "profile_desc": "",
+        "scope_ask_permission": ""
+    },
+    "ratelimit": {
+        "minute": "",
+        "disabled": "",
+        "second": "",
+        "hour": "",
+        "day": ""
+    },
+    "user": {
+        "user_settings": "",
+        "action": "",
+        "active": "",
+        "active_sieve": "",
+        "advanced_settings": "",
+        "alias": "",
+        "alias_create_random": "",
+        "alias_extend_all": "",
+        "alias_full_date": "",
+        "alias_remove_all": "",
+        "alias_select_validity": "",
+        "alias_time_left": "",
+        "alias_valid_until": "",
+        "aliases_also_send_as": "",
+        "aliases_send_as_all": "",
+        "app_hint": "",
+        "allowed_protocols": "",
+        "app_name": "",
+        "app_passwds": "",
+        "apple_connection_profile": "",
+        "apple_connection_profile_complete": "",
+        "apple_connection_profile_mailonly": "",
+        "apple_connection_profile_with_app_password": "",
+        "attribute": "",
+        "change_password": "",
+        "change_password_hint_app_passwords": "",
+        "clear_recent_successful_connections": "",
+        "client_configuration": "",
+        "create_app_passwd": "",
+        "create_syncjob": "",
+        "created_on": "",
+        "daily": "",
+        "day": "",
+        "delete_ays": "",
+        "direct_aliases": "",
+        "direct_aliases_desc": "",
+        "direct_protocol_access": "",
+        "eas_reset": "",
+        "eas_reset_help": "",
+        "eas_reset_now": "",
+        "edit": "",
+        "email": "",
+        "email_and_dav": "",
+        "empty": "",
+        "encryption": "",
+        "excludes": "",
+        "expire_in": "",
+        "fido2_webauthn": "",
+        "force_pw_update": "",
+        "from": "",
+        "generate": "",
+        "hour": "",
+        "hourly": "",
+        "hours": "",
+        "in_use": "",
+        "interval": "",
+        "is_catch_all": "",
+        "last_mail_login": "",
+        "last_pw_change": "",
+        "last_run": "",
+        "last_ui_login": "",
+        "loading": "",
+        "login_history": "",
+        "mailbox": "",
+        "mailbox_details": "",
+        "mailbox_general": "",
+        "mailbox_settings": "",
+        "messages": "",
+        "month": "",
+        "months": "",
+        "never": "",
+        "new_password": "",
+        "new_password_repeat": "",
+        "no_active_filter": "",
+        "no_last_login": "",
+        "no_record": "",
+        "open_logs": "",
+        "open_webmail_sso": "",
+        "password": "",
+        "password_now": "",
+        "password_repeat": "",
+        "pushover_evaluate_x_prio": "",
+        "pushover_info": "",
+        "pushover_only_x_prio": "",
+        "pushover_sender_array": "",
+        "pushover_sender_regex": "",
+        "pushover_text": "",
+        "pushover_title": "",
+        "pushover_sound": "",
+        "pushover_vars": "",
+        "pushover_verify": "",
+        "q_add_header": "",
+        "q_all": "",
+        "q_reject": "",
+        "quarantine_category": "",
+        "quarantine_category_info": "",
+        "quarantine_notification": "",
+        "quarantine_notification_info": "",
+        "recent_successful_connections": "",
+        "remove": "",
+        "running": "",
+        "save": "",
+        "save_changes": "",
+        "sender_acl_disabled": "",
+        "shared_aliases": "",
+        "shared_aliases_desc": "",
+        "show_sieve_filters": "",
+        "sogo_profile_reset": "",
+        "sogo_profile_reset_help": "",
+        "sogo_profile_reset_now": "",
+        "spam_aliases": "",
+        "spam_score_reset": "",
+        "spamfilter": "",
+        "spamfilter_behavior": "",
+        "spamfilter_bl": "",
+        "spamfilter_bl_desc": "",
+        "spamfilter_default_score": "",
+        "spamfilter_green": "",
+        "spamfilter_hint": "",
+        "spamfilter_red": "",
+        "spamfilter_table_action": "",
+        "spamfilter_table_add": "",
+        "spamfilter_table_domain_policy": "",
+        "spamfilter_table_empty": "",
+        "spamfilter_table_remove": "",
+        "spamfilter_table_rule": "",
+        "spamfilter_wl": "",
+        "spamfilter_wl_desc": "",
+        "spamfilter_yellow": "",
+        "status": "",
+        "sync_jobs": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "tag_handling": "",
+        "tag_help_example": "",
+        "tag_help_explain": "",
+        "tag_in_none": "",
+        "tag_in_subfolder": "",
+        "tag_in_subject": "",
+        "text": "",
+        "title": "",
+        "tls_enforce_in": "",
+        "tls_enforce_out": "",
+        "tls_policy": "",
+        "tls_policy_warning": "",
+        "username": "",
+        "value": "",
+        "verify": "",
+        "waiting": "",
+        "week": "",
+        "weekly": "",
+        "weeks": "",
+        "with_app_password": "",
+        "year": "",
+        "years": ""
+    },
+    "datatables": {
+        "collapse_all": "",
+        "decimal": "",
+        "emptyTable": "",
+        "expand_all": "",
+        "info": "",
+        "infoEmpty": "",
+        "infoFiltered": "",
+        "infoPostFix": "",
+        "thousands": "",
+        "lengthMenu": "",
+        "loadingRecords": "",
+        "processing": "",
+        "search": "",
+        "zeroRecords": "",
+        "paginate": {
+            "first": "",
+            "last": "",
+            "next": "",
+            "previous": ""
+        },
+        "aria": {
+            "sortAscending": "",
+            "sortDescending": ""
+        }
+    },
+    "debug": {
+        "architecture": "",
+        "chart_this_server": "",
+        "containers_info": "",
+        "container_running": "",
+        "container_disabled": "",
+        "container_stopped": "",
+        "cores": "",
+        "current_time": "",
+        "disk_usage": "",
+        "docs": "",
+        "error_show_ip": "",
+        "external_logs": "",
+        "history_all_servers": "",
+        "in_memory_logs": "",
+        "jvm_memory_solr": "",
+        "last_modified": "",
+        "log_info": "",
+        "login_time": "",
+        "logs": "",
+        "memory": "",
+        "online_users": "",
+        "restart_container": "",
+        "service": "",
+        "show_ip": "",
+        "size": "",
+        "solr_dead": "",
+        "solr_status": "",
+        "started_at": "",
+        "started_on": "",
+        "static_logs": "",
+        "success": "",
+        "system_containers": "",
+        "timezone": "",
+        "uptime": "",
+        "update_available": "",
+        "no_update_available": "",
+        "update_failed": "",
+        "username": "",
+        "wip": ""
+    },
+    "diagnostics": {
+        "cname_from_a": "",
+        "dns_records": "",
+        "dns_records_24hours": "",
+        "dns_records_data": "",
+        "dns_records_docs": "",
+        "dns_records_name": "",
+        "dns_records_status": "",
+        "dns_records_type": "",
+        "optional": ""
+    },
+    "queue": {
+        "delete": "",
+        "flush": "",
+        "info": "",
+        "legend": "",
+        "ays": "",
+        "deliver_mail": "",
+        "deliver_mail_legend": "",
+        "hold_mail": "",
+        "hold_mail_legend": "",
+        "queue_manager": "",
+        "show_message": "",
+        "unban": "",
+        "unhold_mail": "",
+        "unhold_mail_legend": ""
+    },
+    "start": {
+        "help": "",
+        "imap_smtp_server_auth_info": "",
+        "mailcow_apps_detail": "",
+        "mailcow_panel_detail": ""
+    },
+    "tfa": {
+        "authenticators": "",
+        "api_register": "",
+        "confirm": "",
+        "confirm_totp_token": "",
+        "delete_tfa": "",
+        "disable_tfa": "",
+        "enter_qr_code": "",
+        "error_code": "",
+        "init_webauthn": "",
+        "key_id": "",
+        "key_id_totp": "",
+        "none": "",
+        "reload_retry": "",
+        "scan_qr_code": "",
+        "select": "",
+        "set_tfa": "",
+        "start_webauthn_validation": "",
+        "tfa": "",
+        "tfa_token_invalid": "",
+        "totp": "",
+        "u2f_deprecated": "",
+        "u2f_deprecated_important": "",
+        "webauthn": "",
+        "waiting_usb_auth": "",
+        "waiting_usb_register": "",
+        "yubi_otp": ""
+    },
+    "warning": {
+        "cannot_delete_self": "",
+        "domain_added_sogo_failed": "",
+        "dovecot_restart_failed": "",
+        "fuzzy_learn_error": "",
+        "hash_not_found": "",
+        "ip_invalid": "",
+        "is_not_primary_alias": "",
+        "no_active_admin": "",
+        "quota_exceeded_scope": "",
+        "session_token": "",
+        "session_ua": ""
     }
 }
diff --git a/data/web/lang/lang.lv-lv.json b/data/web/lang/lang.lv-lv.json
index 5f486d909..63d0f1981 100644
--- a/data/web/lang/lang.lv-lv.json
+++ b/data/web/lang/lang.lv-lv.json
@@ -16,7 +16,19 @@
         "login_as": "Pieteikšanās kā pastkastes lietotājam",
         "mailbox_relayhost": "Pasta kastītes relayhost maiņa",
         "prohibited": "Aizliegts ar ACL",
-        "protocol_access": "Protokola piekļuves maiņa"
+        "protocol_access": "Protokola piekļuves maiņa",
+        "ratelimit": "",
+        "tls_policy": "",
+        "pushover": "",
+        "quarantine": "",
+        "quarantine_attachments": "",
+        "quarantine_category": "",
+        "quarantine_notification": "",
+        "smtp_ip_access": "",
+        "sogo_access": "",
+        "sogo_profile_reset": "",
+        "spam_policy": "",
+        "unlimited_quota": ""
     },
     "add": {
         "activate_filter_warn": "Visi pārējie filtri tiks deaktivizēti, kad aktīvs ir atzīmēts.",
@@ -69,7 +81,34 @@
         "username": "Lietotājvārds",
         "validate": "Apstiprināt",
         "validation_success": "Apstiprināts veiksmīgi",
-        "bcc_dest_format": "BCC galamērķim ir jābūt vienai derīgai e-pasta adresei.<br>Ja ir nepieciešams nosūtīt kopiju vairākām adresēm, jāizveido aizstājvārds un jāizmanto tas šeit."
+        "bcc_dest_format": "BCC galamērķim ir jābūt vienai derīgai e-pasta adresei.<br>Ja ir nepieciešams nosūtīt kopiju vairākām adresēm, jāizveido aizstājvārds un jāizmanto tas šeit.",
+        "dry": "",
+        "timeout1": "",
+        "goto_spam": "",
+        "timeout2": "",
+        "gal": "",
+        "gal_info": "",
+        "generate": "",
+        "goto_ham": "",
+        "inactive": "",
+        "mailbox_quota_def": "",
+        "nexthop": "",
+        "private_comment": "",
+        "public_comment": "",
+        "relay_unknown_only": "",
+        "relayhost_wrapped_tls_info": "",
+        "subscribeall": "",
+        "tags": "",
+        "custom_params": "",
+        "custom_params_hint": "",
+        "destination": "",
+        "disable_login": "",
+        "domain_matches_hostname": "",
+        "relay_transport_info": "",
+        "app_name": "",
+        "app_password": "",
+        "app_passwd_protocols": "",
+        "comment_info": ""
     },
     "admin": {
         "access": "Pieeja",
@@ -165,7 +204,154 @@
         "f2b_regex_info": "Vērā ņemtie žurnāli: SOGO, Postfix, Dovecot, PHP-FPM.",
         "sys_mails": "Sistēmas pasts",
         "ip_check_disabled": "IP pārbaude ir atspējota. To var iespējot<br><strong>Sistēma > Konfigurācija > iespējas > Pielāgot</strong>",
-        "rspamd_com_settings": "Iestatījuma nosaukums tiks izveidots automātiski. Lūgums zemāk skatīt priekšiestatījumu piemērus. Vairāk informācijas ir <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd dokumentācijā</a>"
+        "rspamd_com_settings": "Iestatījuma nosaukums tiks izveidots automātiski. Lūgums zemāk skatīt priekšiestatījumu piemērus. Vairāk informācijas ir <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd dokumentācijā</a>",
+        "lookup_mx": "",
+        "f2b_filter": "",
+        "logo_normal_label": "",
+        "logo_dark_label": "",
+        "f2b_list_info": "",
+        "f2b_max_ban_time": "",
+        "password_policy_numbers": "",
+        "guid": "",
+        "guid_and_license": "",
+        "is_mx_based": "",
+        "oauth2_info": "",
+        "oauth2_revoke_tokens": "",
+        "optional": "",
+        "password_policy_lowerupper": "",
+        "password_policy_special_chars": "",
+        "quarantine_bcc": "",
+        "rspamd_global_filters_agree": "",
+        "rspamd_settings_map": "",
+        "transport_maps": "",
+        "f2b_ban_time_increment": "",
+        "from": "",
+        "copy_to_clipboard": "",
+        "dkim_to_title": "",
+        "duplicate": "",
+        "duplicate_dkim": "",
+        "excludes": "",
+        "f2b_blacklist": "",
+        "f2b_manage_external": "",
+        "f2b_manage_external_info": "",
+        "options": "",
+        "password_length": "",
+        "password_policy": "",
+        "password_policy_chars": "",
+        "password_policy_length": "",
+        "routing": "",
+        "rsetting_add_rule": "",
+        "rsetting_content": "",
+        "rsetting_no_selection": "",
+        "rspamd_global_filters": "",
+        "rsetting_none": "",
+        "rsettings_insert_preset": "",
+        "rsettings_preset_1": "",
+        "rsettings_preset_3": "",
+        "rsettings_preset_4": "",
+        "rspamd_global_filters_info": "",
+        "rspamd_global_filters_regex": "",
+        "sal_level": "",
+        "send": "",
+        "service": "",
+        "service_id": "",
+        "success": "",
+        "text": "",
+        "time": "",
+        "title": "",
+        "transport_dest_format": "",
+        "transport_test_rcpt_info": "",
+        "transports_hint": "",
+        "ui_header_announcement": "",
+        "ui_header_announcement_active": "",
+        "ui_header_announcement_content": "",
+        "validate_license_now": "",
+        "ui_header_announcement_help": "",
+        "ui_header_announcement_select": "",
+        "ui_header_announcement_type": "",
+        "ui_header_announcement_type_danger": "",
+        "ui_header_announcement_type_info": "",
+        "ui_header_announcement_type_warning": "",
+        "unban_pending": "",
+        "yes": "",
+        "cors_settings": "",
+        "credentials_transport_warning": "",
+        "destination": "",
+        "allowed_methods": "",
+        "allowed_origins": "",
+        "api_read_write": "",
+        "api_skip_ip_check": "",
+        "arrival_time": "",
+        "authed_user": "",
+        "ays": "",
+        "convert_html_to_text": "",
+        "html": "",
+        "dkim_domains_selector": "",
+        "dkim_domains_wo_keys": "",
+        "dkim_from": "",
+        "dkim_from_title": "",
+        "rsettings_preset_2": "",
+        "activate_send": "",
+        "active_rspamd_settings_map": "",
+        "login_time": "",
+        "customer_id": "",
+        "quota_notification_html": "",
+        "quota_notification_sender": "",
+        "hash_remove_info": "",
+        "include_exclude": "",
+        "include_exclude_info": "",
+        "message_size": "",
+        "no": "",
+        "no_active_bans": "",
+        "oauth2_apps": "",
+        "oauth2_add_client": "",
+        "oauth2_client_id": "",
+        "oauth2_client_secret": "",
+        "oauth2_redirect_uri": "",
+        "oauth2_renew_secret": "",
+        "dkim_overwrite_key": "",
+        "dkim_to": "",
+        "includes": "",
+        "ip_check": "",
+        "ip_check_opt_in": "",
+        "nexthop": "",
+        "quarantine_max_age": "",
+        "quarantine_max_score": "",
+        "quarantine_notification_html": "",
+        "quarantine_notification_sender": "",
+        "quarantine_notification_subject": "",
+        "quarantine_redirect": "",
+        "quota_notification_subject": "",
+        "quota_notifications": "",
+        "queue_unban": "",
+        "add_settings_rule": "",
+        "add_transport": "",
+        "add_transports_hint": "",
+        "additional_rows": "",
+        "admins": "",
+        "admins_ldap": "",
+        "advanced_settings": "",
+        "api_info": "",
+        "api_read_only": "",
+        "license_info": "",
+        "priority": "",
+        "quarantine_release_format": "",
+        "quarantine_release_format_att": "",
+        "quarantine_release_format_raw": "",
+        "quota_notifications_info": "",
+        "quota_notifications_vars": "",
+        "rate_name": "",
+        "regex_maps": "",
+        "relay_rcpt": "",
+        "relayhosts": "",
+        "reset_limit": "",
+        "ui_footer": "",
+        "verify": "",
+        "add_admin": "",
+        "ban_list_info": "",
+        "domain_admin": "",
+        "add_relayhost_hint": "",
+        "domain_s": ""
     },
     "danger": {
         "access_denied": "Piekļuve liegta, vai nepareizi dati",
@@ -216,7 +402,87 @@
         "target_domain_invalid": "Goto domēns ir nepareizs",
         "targetd_not_found": "Mērķa domēns nav atrasts",
         "username_invalid": "Lietotājvārds nevar tikt izmantots",
-        "validity_missing": "Lūdzu piešķiriet derīguma termiņu"
+        "validity_missing": "Lūdzu piešķiriet derīguma termiņu",
+        "webauthn_authenticator_failed": "",
+        "app_name_empty": "",
+        "app_passwd_id_invalid": "",
+        "bcc_empty": "",
+        "bcc_must_be_email": "",
+        "domain_cannot_match_hostname": "",
+        "extended_sender_acl_denied": "",
+        "bcc_exists": "",
+        "cors_invalid_origin": "",
+        "demo_mode_enabled": "",
+        "invalid_bcc_map_type": "",
+        "extra_acl_invalid": "",
+        "extra_acl_invalid_domain": "",
+        "img_dimensions_exceeded": "",
+        "img_size_exceeded": "",
+        "mailbox_defquota_exceeds_mailbox_maxquota": "",
+        "map_content_empty": "",
+        "mysql_error": "",
+        "next_hop_interferes_any": "",
+        "nginx_reload_failed": "",
+        "no_user_defined": "",
+        "private_key_error": "",
+        "webauthn_publickey_failed": "",
+        "webauthn_username_failed": "",
+        "comment_too_long": "",
+        "cors_invalid_method": "",
+        "network_host_invalid": "",
+        "next_hop_interferes": "",
+        "pushover_credentials_missing": "",
+        "invalid_destination": "",
+        "invalid_filter_type": "",
+        "invalid_host": "",
+        "invalid_nexthop": "",
+        "invalid_nexthop_authenticated": "",
+        "invalid_recipient_map_new": "",
+        "invalid_recipient_map_old": "",
+        "ip_list_empty": "",
+        "fido2_verification_failed": "",
+        "malformed_username": "",
+        "file_open_error": "",
+        "from_invalid": "",
+        "global_filter_write_error": "",
+        "global_map_invalid": "",
+        "global_map_write_error": "",
+        "ham_learn_error": "",
+        "pushover_key": "",
+        "pushover_token": "",
+        "recipient_map_entry_exists": "",
+        "redis_error": "",
+        "relayhost_invalid": "",
+        "reset_f2b_regex": "",
+        "rl_timeframe": "",
+        "rspamd_ui_pw_length": "",
+        "script_empty": "",
+        "set_acl_failed": "",
+        "settings_map_invalid": "",
+        "sieve_error": "",
+        "spam_learn_error": "",
+        "subject_empty": "",
+        "targetd_relay_domain": "",
+        "template_exists": "",
+        "template_id_invalid": "",
+        "template_name_invalid": "",
+        "temp_error": "",
+        "text_empty": "",
+        "tfa_token_invalid": "",
+        "tls_policy_map_dest_invalid": "",
+        "tls_policy_map_entry_exists": "",
+        "tls_policy_map_parameter_invalid": "",
+        "totp_verification_failed": "",
+        "transport_dest_exists": "",
+        "unknown": "",
+        "unknown_tfa_method": "",
+        "unlimited_quota_acl": "",
+        "value_missing": "",
+        "yotp_verification_failed": "",
+        "webauthn_verification_failed": "",
+        "defquota_empty": "",
+        "dkim_domain_or_sel_exists": "",
+        "filter_type": ""
     },
     "diagnostics": {
         "cname_from_a": "Vērtība, kas iegūta no A/AAAA ieraksta. Tas tiek atbalstīts tik ilgi, kamēr ieraksts norāda uz pareizo resursu.",
@@ -226,7 +492,8 @@
         "dns_records_name": "Nosaukums",
         "dns_records_status": "Pašreizējais stāvoklis",
         "dns_records_type": "Tips",
-        "optional": "Šis ieraksts nav obligāts."
+        "optional": "Šis ieraksts nav obligāts.",
+        "dns_records_docs": ""
     },
     "edit": {
         "active": "Aktīvs",
@@ -292,7 +559,72 @@
         "mailbox_relayhost_info": "Tiek piemērots tikai pastkastei un tiešajiem aizstājvārdiem, aizstāj domēna retranslācijas saimniekdatoru.",
         "sender_acl_info": "Ja pastkastes lietotājam A ir ļauts sūtīt kā pastkastes lietotājam B, sūtītāja adrese SOGo netiek automātiski parādīta kā atlasāms lauks \"no\".<br>.\n  Pastkastes lietotājam B SOGo ir jāizveido pilnvarojums, lai pastkastes lietotājs A varētu izvēlēties tā adresi kā sūtītāja. Lai SOGo pilnvarotu pastkasti, pasta skatā jāizmanto izvēlne (trīs punkti) pa labi no pastkastes nosaukuma augšējā kreisajā pusē. Šī darbība neattiecas uz aizstājadresēm.",
         "sogo_visible": "Aizstājvārds ir redzams SOGo",
-        "sogo_visible_info": "Šī iespēja ietekmē tikai tos objektus, kurus var parādīt SOGo (koplietojamās vai nekoplietojamās aizstājadreses, kas norāda uz vismaz vienu vietējo pastkasti). Ja paslēpts, netiks parādīts SOGo kā atlasāms sūtītājs."
+        "sogo_visible_info": "Šī iespēja ietekmē tikai tos objektus, kurus var parādīt SOGo (koplietojamās vai nekoplietojamās aizstājadreses, kas norāda uz vismaz vienu vietējo pastkasti). Ja paslēpts, netiks parādīts SOGo kā atlasāms sūtītājs.",
+        "lookup_mx": "",
+        "footer_exclude": "",
+        "gal_info": "",
+        "scope": "",
+        "custom_attributes": "",
+        "sogo_access": "",
+        "domain_footer_info_vars": {
+            "custom": "",
+            "auth_user": "",
+            "from_user": "",
+            "from_name": "",
+            "from_addr": "",
+            "from_domain": ""
+        },
+        "acl": "",
+        "pushover_text": "",
+        "admin": "",
+        "advanced_settings": "",
+        "allow_from_smtp": "",
+        "allow_from_smtp_info": "",
+        "spam_filter": "",
+        "app_passwd": "",
+        "gal": "",
+        "private_comment": "",
+        "public_comment": "",
+        "pushover_evaluate_x_prio": "",
+        "pushover_only_x_prio": "",
+        "pushover_sender_array": "",
+        "pushover_sender_regex": "",
+        "pushover_title": "",
+        "pushover_verify": "",
+        "quota_warning_bcc": "",
+        "relay_transport_info": "",
+        "generate": "",
+        "grant_types": "",
+        "mailbox_quota_def": "",
+        "client_id": "",
+        "domain_footer": "",
+        "domain_footer_html": "",
+        "domain_footer_info": "",
+        "relayhost": "",
+        "sender_acl_disabled": "",
+        "sogo_access_info": "",
+        "timeout1": "",
+        "allowed_protocols": "",
+        "app_name": "",
+        "app_passwd_protocols": "",
+        "disable_login": "",
+        "domain_footer_plain": "",
+        "extended_sender_acl": "",
+        "pushover_vars": "",
+        "quota_warning_bcc_info": "",
+        "redirect_uri": "",
+        "relay_unknown_only": "",
+        "client_secret": "",
+        "comment_info": "",
+        "created_on": "",
+        "mbox_rl_info": "",
+        "none_inherit": "",
+        "nexthop": "",
+        "ratelimit": "",
+        "timeout2": "",
+        "pushover": "",
+        "delete_ays": "",
+        "pushover_sound": ""
     },
     "footer": {
         "cancel": "Atcelt",
@@ -302,7 +634,12 @@
         "loading": "Lūdzu uzgaidiet...",
         "restart_container": "Restartēt konteineri",
         "restart_container_info": "<b>Important:</b> Piespiedu restartēšana var aizņemt ilgu laiku, lūdzu uzgaidiet.",
-        "restart_now": "Pārsāknēt tagad"
+        "restart_now": "Pārsāknēt tagad",
+        "restarting_container": "",
+        "nothing_selected": "",
+        "hibp_check": "",
+        "hibp_nok": "",
+        "hibp_ok": ""
     },
     "header": {
         "administration": "Konfigurācija un informācija",
@@ -312,16 +649,23 @@
         "quarantine": "Karantīna",
         "restart_sogo": "Restartēt SOGo",
         "user_settings": "Lietotāja uzstādījumi",
-        "mailcow_system": "Sistēma"
+        "mailcow_system": "Sistēma",
+        "restart_netfilter": "",
+        "apps": ""
     },
     "info": {
-        "no_action": "No action applicable"
+        "no_action": "No action applicable",
+        "awaiting_tfa_confirmation": "",
+        "session_expires": ""
     },
     "login": {
         "delayed": "Pieteikšanās tika aizkavēta %s sekundēm.",
         "login": "Pieslēgties",
         "password": "Parole",
-        "username": "Lietotājvārds"
+        "username": "Lietotājvārds",
+        "fido2_webauthn": "",
+        "other_logins": "",
+        "mobileconfig_info": ""
     },
     "mailbox": {
         "action": "Rīcība",
@@ -420,7 +764,83 @@
         "sogo_visible_y": "Rādīt aizstājvārdu SOGo",
         "add_alias_expand": "Izvērst aizstājvārdu pār aizstājdomēniem",
         "alias_domain_alias_hint": "Aizstājvārdi <b>netiek</b> automātiski piemēroti domēnu aizstājvārdiem. Aizstājadrese <code>my-alias@domain</code> <b>nenosedz</b> adresi <code>my-alias@alias-domain</code> (kur \"alias-domain\" ir iedomāts \"domain\" aizstājdomēns).<br>Lūgums izmantot sieta atlasi, lai pārvirzītu pastu uz ārēju pastkasti (skatīt cilti \"Atlasīšana\" vai izmantot SOGo -> Pārsūtītājs). \"Izvērst aizstājvārdu pār aizstājdomēniem\" ir izmantojams, lai automātiski pievienotu trūkstošos aiztājvārdus.",
-        "alias_domain_backupmx": "Aizstājdomēns ir neaktīvs retranslācijas domēnam"
+        "alias_domain_backupmx": "Aizstājdomēns ir neaktīvs retranslācijas domēnam",
+        "all_domains": "",
+        "booking_custom": "",
+        "booking_ltnull": "",
+        "table_size_show_n": "",
+        "booking_null": "",
+        "booking_custom_short": "",
+        "sieve_preset_5": "",
+        "q_reject": "",
+        "quarantine_category": "",
+        "quarantine_notification": "",
+        "catch_all": "",
+        "booking_lt0_short": "",
+        "gal": "",
+        "insert_preset": "",
+        "last_pw_change": "",
+        "no_record": "",
+        "private_comment": "",
+        "public_comment": "",
+        "sieve_preset_6": "",
+        "sieve_preset_7": "",
+        "stats": "",
+        "allow_from_smtp": "",
+        "allow_from_smtp_info": "",
+        "allowed_protocols": "",
+        "created_on": "",
+        "disable_login": "",
+        "disable_x": "",
+        "dkim_domains_selector": "",
+        "domain_templates": "",
+        "enable_x": "",
+        "goto_ham": "",
+        "goto_spam": "",
+        "never": "",
+        "no": "",
+        "q_add_header": "",
+        "q_all": "",
+        "recipient": "",
+        "recipient_map_new_info": "",
+        "recipient_map_old_info": "",
+        "relay_unknown": "",
+        "sender": "",
+        "sieve_preset_1": "",
+        "sieve_preset_3": "",
+        "sieve_preset_4": "",
+        "sieve_preset_header": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "table_size": "",
+        "templates": "",
+        "tls_policy_maps_long": "",
+        "bcc_map": "",
+        "add_domain_record_first": "",
+        "add_template": "",
+        "add_tls_policy_map": "",
+        "mailbox_defaults": "",
+        "mailbox_defaults_info": "",
+        "mailbox_defquota": "",
+        "mailbox_templates": "",
+        "template": "",
+        "tls_map_dest": "",
+        "tls_map_dest_info": "",
+        "tls_map_parameters": "",
+        "tls_map_parameters_info": "",
+        "tls_map_policy": "",
+        "tls_policy_maps": "",
+        "tls_policy_maps_enforced_tls": "",
+        "tls_policy_maps_info": "",
+        "weekly": "",
+        "yes": ""
     },
     "quarantine": {
         "action": "Darbības",
@@ -446,11 +866,50 @@
         "toggle_all": "Pārslēgt visu",
         "disabled_by_config": "Pašreizējā sistēmas konfigurācija atspējo karantīnu. Lūgums iestatīt \"saglabāšanu katrai pastkastītei\" un \"lielākais pieļaujamais lielums\" karantīnas vienumiem.",
         "qhandler_success": "Pieprasījums veiksmīgi nosūtīts sistēmai. Tagad var aizvērt logu.",
-        "qinfo": "Karantīnas sistēma datubāzē saglabās noraidīto pastu (sūtītājam <em>netiks</em> radīts iespaids par piegādātu pastu), kā arī pastu, kas tiek piegādāts kā kopija pastkastes mēstuļu mapē.\n  <br>\"Apgūt kā surogātpastu un izdzēst\" apgūs ziņojumu kā surogātpastu ar Bajesa teorēmu un aprēķinās arī nestriktas jaucējvērtības, lai nākotnē noraidītu līdzīgus ziņojumus.\n  <br>Lūgums apzināties, ka vairāku ziņojumu apgūšana var būt laikietilpīga atkarībā no sistēmas.<br>Melnā saraksta vienumi karantīnā netiek iekļauti."
+        "qinfo": "Karantīnas sistēma datubāzē saglabās noraidīto pastu (sūtītājam <em>netiks</em> radīts iespaids par piegādātu pastu), kā arī pastu, kas tiek piegādāts kā kopija pastkastes mēstuļu mapē.\n  <br>\"Apgūt kā surogātpastu un izdzēst\" apgūs ziņojumu kā surogātpastu ar Bajesa teorēmu un aprēķinās arī nestriktas jaucējvērtības, lai nākotnē noraidītu līdzīgus ziņojumus.\n  <br>Lūgums apzināties, ka vairāku ziņojumu apgūšana var būt laikietilpīga atkarībā no sistēmas.<br>Melnā saraksta vienumi karantīnā netiek iekļauti.",
+        "confirm": "",
+        "confirm_delete": "",
+        "danger": "",
+        "deliver_inbox": "",
+        "download_eml": "",
+        "high_danger": "",
+        "info": "",
+        "junk_folder": "",
+        "learn_spam_delete": "",
+        "low_danger": "",
+        "medium_danger": "",
+        "neutral_danger": "",
+        "notified": "",
+        "table_size": "",
+        "table_size_show_n": "",
+        "quick_delete_link": "",
+        "quick_info_link": "",
+        "quick_release_link": "",
+        "refresh": "",
+        "rejected": "",
+        "rewrite_subject": "",
+        "rspamd_result": "",
+        "sender_header": "",
+        "settings_info": "",
+        "spam": "",
+        "spam_score": "",
+        "type": ""
     },
     "queue": {
         "queue_manager": "Queue Manager",
-        "info": "Pasta rinda satur visus e-pastus, kas gaida piegādi. Ja e-pasts ir iestrēdzis pasta rindā ilgu laiku, sistēma to automātiski izdzēš.<br>Attiecīgā pasta kļūdas ziņojums sniedz informāciju par to, kāpēc pastu neizdevās piegādāt."
+        "info": "Pasta rinda satur visus e-pastus, kas gaida piegādi. Ja e-pasts ir iestrēdzis pasta rindā ilgu laiku, sistēma to automātiski izdzēš.<br>Attiecīgā pasta kļūdas ziņojums sniedz informāciju par to, kāpēc pastu neizdevās piegādāt.",
+        "delete": "",
+        "flush": "",
+        "legend": "",
+        "ays": "",
+        "deliver_mail": "",
+        "deliver_mail_legend": "",
+        "hold_mail": "",
+        "hold_mail_legend": "",
+        "show_message": "",
+        "unban": "",
+        "unhold_mail": "",
+        "unhold_mail_legend": ""
     },
     "start": {
         "help": "Rādīt/Paslēp palīdzības paneli",
@@ -493,7 +952,56 @@
         "resource_modified": "Izmaiņas %s ir saglabātas",
         "resource_removed": "Resurs %s tika noņemts",
         "ui_texts": "Saglabāt UI izmaiņas tekstiem",
-        "upload_success": "Faila augšupielāde veiksmīga"
+        "upload_success": "Faila augšupielāde veiksmīga",
+        "ip_check_opt_in_modified": "",
+        "bcc_saved": "",
+        "f2b_banlist_refreshed": "",
+        "global_filter_written": "",
+        "hash_deleted": "",
+        "saved_settings": "",
+        "dovecot_restart_success": "",
+        "acl_saved": "",
+        "domain_add_dkim_available": "",
+        "dkim_duplicated": "",
+        "cors_headers_edited": "",
+        "db_init_complete": "",
+        "domain_footer_modified": "",
+        "item_released": "",
+        "admin_added": "",
+        "admin_api_modified": "",
+        "admin_removed": "",
+        "app_passwd_added": "",
+        "app_passwd_removed": "",
+        "bcc_deleted": "",
+        "bcc_edited": "",
+        "delete_filter": "",
+        "delete_filters": "",
+        "deleted_syncjob": "",
+        "deleted_syncjobs": "",
+        "learned_ham": "",
+        "license_modified": "",
+        "logged_in_as": "",
+        "nginx_reloaded": "",
+        "password_policy_saved": "",
+        "pushover_settings_edited": "",
+        "qlearn_spam": "",
+        "queue_command_success": "",
+        "recipient_map_entry_deleted": "",
+        "recipient_map_entry_saved": "",
+        "rl_saved": "",
+        "rspamd_ui_pw_set": "",
+        "settings_map_added": "",
+        "settings_map_removed": "",
+        "sogo_profile_reset": "",
+        "template_added": "",
+        "template_modified": "",
+        "template_removed": "",
+        "tls_policy_map_entry_deleted": "",
+        "tls_policy_map_entry_saved": "",
+        "verified_fido2_login": "",
+        "verified_totp_login": "",
+        "verified_webauthn_login": "",
+        "verified_yotp_login": ""
     },
     "tfa": {
         "api_register": "%s izmanto Yubico Cloud API. Lūdzu iegūstiet API atslēgu priekš Jūsu atslēgas<a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">here</a>",
@@ -513,7 +1021,15 @@
         "webauthn": "WebAuthn autentifikācija",
         "waiting_usb_auth": "<i>Gaida USB ierīci...</i><br><br>Lūdzu, tagad nospiežiet pogu uz Jūsu WebAuthn USB ierīces.",
         "waiting_usb_register": "<i>Gaida USB ierīci...</i><br><br>Lūdzu augšā ievadiet Jūsu paroli un apstipriniet WebAuthn reģistrāciju nospiežot pogu uz Jūsu WebAuthn USB ierīces.",
-        "yubi_otp": "Yubico OTP autentifikators"
+        "yubi_otp": "Yubico OTP autentifikators",
+        "authenticators": "",
+        "reload_retry": "",
+        "error_code": "",
+        "init_webauthn": "",
+        "start_webauthn_validation": "",
+        "tfa_token_invalid": "",
+        "u2f_deprecated": "",
+        "u2f_deprecated_important": ""
     },
     "user": {
         "action": "Rīcība",
@@ -599,13 +1115,111 @@
         "weeks": "Nedēļas",
         "open_logs": "Atvērt žurnālus",
         "apple_connection_profile_mailonly": "Šis savienojuma profils iekļauj IMAP un SMTP konfigurācijas parametrus Apple ierīcei.",
-        "pushover_info": "Pašpiegādes paziņojumu iestatījumi attieksies uz visu tīro (ne surogātpasta) pastu, kas piegādāts uz <b>%s</b>, ieskaitot aizstājvārdus (kopīgotus, nekopīgotus, ar birkām)."
+        "pushover_info": "Pašpiegādes paziņojumu iestatījumi attieksies uz visu tīro (ne surogātpasta) pastu, kas piegādāts uz <b>%s</b>, ieskaitot aizstājvārdus (kopīgotus, nekopīgotus, ar birkām).",
+        "years": "",
+        "apple_connection_profile_with_app_password": "",
+        "attribute": "",
+        "create_app_passwd": "",
+        "daily": "",
+        "pushover_sender_regex": "",
+        "change_password_hint_app_passwords": "",
+        "clear_recent_successful_connections": "",
+        "created_on": "",
+        "q_add_header": "",
+        "weekly": "",
+        "with_app_password": "",
+        "year": "",
+        "email_and_dav": "",
+        "empty": "",
+        "syncjob_EX_OK": "",
+        "pushover_sound": "",
+        "delete_ays": "",
+        "direct_protocol_access": "",
+        "email": "",
+        "expire_in": "",
+        "fido2_webauthn": "",
+        "generate": "",
+        "hourly": "",
+        "last_mail_login": "",
+        "last_pw_change": "",
+        "last_ui_login": "",
+        "login_history": "",
+        "mailbox": "",
+        "no_last_login": "",
+        "password_repeat": "",
+        "pushover_evaluate_x_prio": "",
+        "pushover_only_x_prio": "",
+        "pushover_sender_array": "",
+        "pushover_text": "",
+        "pushover_title": "",
+        "pushover_vars": "",
+        "pushover_verify": "",
+        "q_all": "",
+        "q_reject": "",
+        "quarantine_category": "",
+        "quarantine_category_info": "",
+        "quarantine_notification": "",
+        "quarantine_notification_info": "",
+        "sender_acl_disabled": "",
+        "sogo_profile_reset": "",
+        "sogo_profile_reset_help": "",
+        "sogo_profile_reset_now": "",
+        "spam_score_reset": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "title": "",
+        "value": "",
+        "verify": "",
+        "from": "",
+        "recent_successful_connections": "",
+        "mailbox_general": "",
+        "text": "",
+        "advanced_settings": "",
+        "app_hint": "",
+        "allowed_protocols": "",
+        "app_name": "",
+        "app_passwds": "",
+        "apple_connection_profile": "",
+        "apple_connection_profile_complete": "",
+        "mailbox_settings": "",
+        "month": "",
+        "months": "",
+        "never": "",
+        "open_webmail_sso": "",
+        "password": "",
+        "save": ""
     },
     "datatables": {
         "paginate": {
             "first": "Pirmā",
-            "last": "Pēdējā"
-        }
+            "last": "Pēdējā",
+            "next": "",
+            "previous": ""
+        },
+        "infoPostFix": "",
+        "decimal": "",
+        "info": "",
+        "infoEmpty": "",
+        "infoFiltered": "",
+        "expand_all": "",
+        "thousands": "",
+        "lengthMenu": "",
+        "loadingRecords": "",
+        "processing": "",
+        "search": "",
+        "aria": {
+            "sortDescending": "",
+            "sortAscending": ""
+        },
+        "collapse_all": "",
+        "emptyTable": "",
+        "zeroRecords": ""
     },
     "debug": {
         "last_modified": "Pēdējoreiz mainīts",
@@ -615,11 +1229,81 @@
         "system_containers": "Sistēma un konteineri",
         "current_time": "Sistēmas laiks",
         "external_logs": "Ārējie žurnāli",
-        "logs": "Žurnāli"
+        "logs": "Žurnāli",
+        "started_on": "",
+        "architecture": "",
+        "docs": "",
+        "timezone": "",
+        "success": "",
+        "uptime": "",
+        "update_available": "",
+        "wip": "",
+        "containers_info": "",
+        "disk_usage": "",
+        "history_all_servers": "",
+        "online_users": "",
+        "restart_container": "",
+        "chart_this_server": "",
+        "log_info": "",
+        "service": "",
+        "size": "",
+        "update_failed": "",
+        "username": "",
+        "container_running": "",
+        "container_disabled": "",
+        "login_time": "",
+        "container_stopped": "",
+        "cores": "",
+        "error_show_ip": "",
+        "jvm_memory_solr": "",
+        "memory": "",
+        "show_ip": "",
+        "solr_dead": "",
+        "solr_status": "",
+        "started_at": ""
     },
     "warning": {
         "domain_added_sogo_failed": "Domēns pievienots, bet neizdevās pārsāknēt SOGO. Lūgums pārbaudīt servera žurnālus.",
         "dovecot_restart_failed": "Dovecot neizdevās pārsāknēties. Lūgums pārbaudīt žurnālus",
-        "is_not_primary_alias": "Izlaists aizstājvārds %s, kas nav galvenais"
+        "is_not_primary_alias": "Izlaists aizstājvārds %s, kas nav galvenais",
+        "cannot_delete_self": "",
+        "fuzzy_learn_error": "",
+        "hash_not_found": "",
+        "ip_invalid": "",
+        "no_active_admin": "",
+        "quota_exceeded_scope": "",
+        "session_token": "",
+        "session_ua": ""
+    },
+    "fido2": {
+        "set_fido2_touchid": "",
+        "set_fn": "",
+        "start_fido2_validation": "",
+        "confirm": "",
+        "fido2_auth": "",
+        "fido2_success": "",
+        "fido2_validation_failed": "",
+        "none": "",
+        "register_status": "",
+        "rename": "",
+        "set_fido2": "",
+        "fn": "",
+        "known_ids": ""
+    },
+    "oauth2": {
+        "access_denied": "",
+        "authorize_app": "",
+        "deny": "",
+        "permit": "",
+        "profile": "",
+        "profile_desc": "",
+        "scope_ask_permission": ""
+    },
+    "ratelimit": {
+        "disabled": "",
+        "second": "",
+        "minute": "",
+        "hour": "",
+        "day": ""
     }
 }
diff --git a/data/web/lang/lang.nb-no.json b/data/web/lang/lang.nb-no.json
index 830d5b423..30867ea0f 100644
--- a/data/web/lang/lang.nb-no.json
+++ b/data/web/lang/lang.nb-no.json
@@ -158,7 +158,89 @@
         "username": "Brukernavn",
         "validate_license_now": "Validér GUID mot lisenstjener",
         "verify": "Validér",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "from": "",
+        "help_text": "",
+        "no": "",
+        "password_policy_lowerupper": "",
+        "password_policy_numbers": "",
+        "quarantine_max_size": "",
+        "quarantine_release_format": "",
+        "regen_api_key": "",
+        "forwarding_hosts_add_hint": "",
+        "forwarding_hosts_hint": "",
+        "generate": "",
+        "guid": "",
+        "guid_and_license": "",
+        "hash_remove_info": "",
+        "host": "",
+        "html": "",
+        "import": "",
+        "import_private_key": "",
+        "in_use_by": "",
+        "inactive": "",
+        "include_exclude": "",
+        "include_exclude_info": "",
+        "includes": "",
+        "ip_check": "",
+        "ip_check_disabled": "",
+        "ip_check_opt_in": "",
+        "is_mx_based": "",
+        "last_applied": "",
+        "license_info": "",
+        "link": "",
+        "loading": "",
+        "login_time": "",
+        "logo_info": "",
+        "lookup_mx": "",
+        "main_name": "",
+        "merged_vars_hint": "",
+        "message": "",
+        "message_size": "",
+        "nexthop": "",
+        "no_active_bans": "",
+        "no_new_rows": "",
+        "no_record": "",
+        "oauth2_apps": "",
+        "oauth2_add_client": "",
+        "oauth2_client_id": "",
+        "oauth2_client_secret": "",
+        "oauth2_info": "",
+        "oauth2_redirect_uri": "",
+        "oauth2_renew_secret": "",
+        "oauth2_revoke_tokens": "",
+        "optional": "",
+        "options": "",
+        "password": "",
+        "password_length": "",
+        "password_policy": "",
+        "password_policy_chars": "",
+        "password_policy_length": "",
+        "password_policy_special_chars": "",
+        "password_repeat": "",
+        "priority": "",
+        "private_key": "",
+        "quarantine": "",
+        "quarantine_bcc": "",
+        "quarantine_exclude_domains": "",
+        "quarantine_max_age": "",
+        "quarantine_max_score": "",
+        "quarantine_notification_html": "",
+        "quarantine_notification_sender": "",
+        "quarantine_notification_subject": "",
+        "quarantine_redirect": "",
+        "quarantine_release_format_att": "",
+        "quarantine_release_format_raw": "",
+        "quarantine_retention_size": "",
+        "quota_notification_html": "",
+        "quota_notification_sender": "",
+        "quota_notification_subject": "",
+        "quota_notifications": "",
+        "quota_notifications_info": "",
+        "quota_notifications_vars": "",
+        "rate_name": "",
+        "recipients": "",
+        "refresh": ""
     },
     "acl": {
         "ratelimit": "Nivågrense",
@@ -321,6 +403,907 @@
         "invalid_mime_type": "Ugyldig mime-type",
         "invalid_nexthop": "\"Next hop\"-format er ugyldig",
         "img_dimensions_exceeded": "Bildet overskriver maksimal bildestørrelse",
-        "img_size_exceeded": "Bildet overskrider maksimal filstørrelse"
+        "img_size_exceeded": "Bildet overskrider maksimal filstørrelse",
+        "mailboxes_in_use": "",
+        "malformed_username": "",
+        "map_content_empty": "",
+        "max_alias_exceeded": "",
+        "max_mailbox_exceeded": "",
+        "max_quota_in_use": "",
+        "maxquota_empty": "",
+        "transport_dest_exists": "",
+        "invalid_nexthop_authenticated": "",
+        "invalid_recipient_map_new": "",
+        "invalid_recipient_map_old": "",
+        "ip_list_empty": "",
+        "is_alias": "",
+        "is_alias_or_mailbox": "",
+        "is_spam_alias": "",
+        "last_key": "",
+        "login_failed": "",
+        "mailbox_defquota_exceeds_mailbox_maxquota": "",
+        "mailbox_invalid": "",
+        "mailbox_quota_exceeded": "",
+        "mailbox_quota_exceeds_domain_quota": "",
+        "mailbox_quota_left_exceeded": "",
+        "mysql_error": "",
+        "network_host_invalid": "",
+        "next_hop_interferes": "",
+        "next_hop_interferes_any": "",
+        "nginx_reload_failed": "",
+        "no_user_defined": "",
+        "object_exists": "",
+        "object_is_not_numeric": "",
+        "password_complexity": "",
+        "password_empty": "",
+        "password_mismatch": "",
+        "policy_list_from_exists": "",
+        "policy_list_from_invalid": "",
+        "private_key_error": "",
+        "pushover_credentials_missing": "",
+        "pushover_key": "",
+        "pushover_token": "",
+        "quota_not_0_not_numeric": "",
+        "recipient_map_entry_exists": "",
+        "redis_error": "",
+        "relayhost_invalid": "",
+        "release_send_failed": "",
+        "reset_f2b_regex": "",
+        "resource_invalid": "",
+        "rl_timeframe": "",
+        "rspamd_ui_pw_length": "",
+        "script_empty": "",
+        "sender_acl_invalid": "",
+        "set_acl_failed": "",
+        "settings_map_invalid": "",
+        "sieve_error": "",
+        "spam_learn_error": "",
+        "subject_empty": "",
+        "target_domain_invalid": "",
+        "targetd_not_found": "",
+        "targetd_relay_domain": "",
+        "template_exists": "",
+        "template_id_invalid": "",
+        "template_name_invalid": "",
+        "temp_error": "",
+        "text_empty": "",
+        "tfa_token_invalid": "",
+        "tls_policy_map_dest_invalid": "",
+        "tls_policy_map_entry_exists": "",
+        "tls_policy_map_parameter_invalid": "",
+        "totp_verification_failed": "",
+        "webauthn_verification_failed": "",
+        "webauthn_authenticator_failed": "",
+        "webauthn_publickey_failed": "",
+        "webauthn_username_failed": "",
+        "unknown": "",
+        "unknown_tfa_method": "",
+        "unlimited_quota_acl": "",
+        "username_invalid": "",
+        "validity_missing": "",
+        "value_missing": "",
+        "yotp_verification_failed": ""
+    },
+    "quarantine": {
+        "qinfo": "",
+        "qitem": "",
+        "quarantine": "",
+        "quick_actions": "",
+        "quick_delete_link": "",
+        "quick_info_link": "",
+        "danger": "",
+        "medium_danger": "",
+        "neutral_danger": "",
+        "notified": "",
+        "qhandler_success": "",
+        "qid": "",
+        "settings_info": "",
+        "action": "",
+        "atts": "",
+        "check_hash": "",
+        "confirm": "",
+        "confirm_delete": "",
+        "deliver_inbox": "",
+        "disabled_by_config": "",
+        "download_eml": "",
+        "empty": "",
+        "high_danger": "",
+        "info": "",
+        "junk_folder": "",
+        "learn_spam_delete": "",
+        "low_danger": "",
+        "quick_release_link": "",
+        "rcpt": "",
+        "received": "",
+        "recipients": "",
+        "refresh": "",
+        "rejected": "",
+        "release": "",
+        "release_body": "",
+        "release_subject": "",
+        "remove": "",
+        "rewrite_subject": "",
+        "rspamd_result": "",
+        "sender": "",
+        "sender_header": "",
+        "show_item": "",
+        "spam": "",
+        "spam_score": "",
+        "subj": "",
+        "table_size": "",
+        "table_size_show_n": "",
+        "text_from_html_content": "",
+        "text_plain_content": "",
+        "toggle_all": "",
+        "type": ""
+    },
+    "start": {
+        "imap_smtp_server_auth_info": "",
+        "mailcow_apps_detail": "",
+        "help": "",
+        "mailcow_panel_detail": ""
+    },
+    "success": {
+        "domain_admin_added": "",
+        "admin_added": "",
+        "admin_api_modified": "",
+        "domain_admin_modified": "",
+        "domain_admin_removed": "",
+        "domain_footer_modified": "",
+        "domain_modified": "",
+        "domain_removed": "",
+        "dovecot_restart_success": "",
+        "eas_reset": "",
+        "f2b_banlist_refreshed": "",
+        "pushover_settings_edited": "",
+        "qlearn_spam": "",
+        "queue_command_success": "",
+        "recipient_map_entry_deleted": "",
+        "recipient_map_entry_saved": "",
+        "relayhost_added": "",
+        "relayhost_removed": "",
+        "reset_main_logo": "",
+        "resource_added": "",
+        "resource_modified": "",
+        "resource_removed": "",
+        "rl_saved": "",
+        "rspamd_ui_pw_set": "",
+        "saved_settings": "",
+        "settings_map_added": "",
+        "settings_map_removed": "",
+        "sogo_profile_reset": "",
+        "template_added": "",
+        "upload_success": "",
+        "verified_fido2_login": "",
+        "verified_totp_login": "",
+        "verified_webauthn_login": "",
+        "verified_yotp_login": "",
+        "acl_saved": "",
+        "admin_modified": "",
+        "admin_removed": "",
+        "alias_added": "",
+        "alias_domain_removed": "",
+        "alias_modified": "",
+        "alias_removed": "",
+        "aliasd_added": "",
+        "aliasd_modified": "",
+        "app_links": "",
+        "app_passwd_added": "",
+        "app_passwd_removed": "",
+        "bcc_deleted": "",
+        "bcc_edited": "",
+        "bcc_saved": "",
+        "cors_headers_edited": "",
+        "db_init_complete": "",
+        "delete_filter": "",
+        "delete_filters": "",
+        "deleted_syncjob": "",
+        "deleted_syncjobs": "",
+        "dkim_added": "",
+        "domain_add_dkim_available": "",
+        "dkim_duplicated": "",
+        "dkim_removed": "",
+        "domain_added": "",
+        "f2b_modified": "",
+        "forwarding_host_added": "",
+        "forwarding_host_removed": "",
+        "global_filter_written": "",
+        "hash_deleted": "",
+        "ip_check_opt_in_modified": "",
+        "item_deleted": "",
+        "item_released": "",
+        "items_deleted": "",
+        "items_released": "",
+        "learned_ham": "",
+        "license_modified": "",
+        "logged_in_as": "",
+        "mailbox_added": "",
+        "mailbox_modified": "",
+        "mailbox_removed": "",
+        "nginx_reloaded": "",
+        "object_modified": "",
+        "password_policy_saved": "",
+        "template_modified": "",
+        "template_removed": "",
+        "tls_policy_map_entry_deleted": "",
+        "tls_policy_map_entry_saved": "",
+        "ui_texts": ""
+    },
+    "edit": {
+        "description": "",
+        "disable_login": "",
+        "domain": "",
+        "sogo_visible_info": "",
+        "spam_alias": "",
+        "footer_exclude": "",
+        "gal_info": "",
+        "grant_types": "",
+        "hostname": "",
+        "inactive": "",
+        "kind": "",
+        "last_modified": "",
+        "lookup_mx": "",
+        "mailbox": "",
+        "mailbox_quota_def": "",
+        "mailbox_relayhost_info": "",
+        "max_quota": "",
+        "maxage": "",
+        "maxbytespersecond": "",
+        "domain_footer_skip_replies": "",
+        "encryption": "",
+        "exclude": "",
+        "extended_sender_acl": "",
+        "extended_sender_acl_info": "",
+        "pushover_sender_array": "",
+        "pushover_sender_regex": "",
+        "pushover_text": "",
+        "pushover_title": "",
+        "pushover_sound": "",
+        "pushover_vars": "",
+        "pushover_verify": "",
+        "quota_mb": "",
+        "quota_warning_bcc": "",
+        "ratelimit": "",
+        "domain_admin": "",
+        "domain_footer": "",
+        "private_comment": "",
+        "public_comment": "",
+        "skipcrossduplicates": "",
+        "sogo_access": "",
+        "sogo_access_info": "",
+        "sogo_visible": "",
+        "spam_score": "",
+        "subfolder2": "",
+        "spam_filter": "",
+        "spam_policy": "",
+        "syncjob": "",
+        "target_address": "",
+        "target_domain": "",
+        "timeout1": "",
+        "timeout2": "",
+        "title": "",
+        "unchanged_if_empty": "",
+        "username": "",
+        "validate_save": "",
+        "full_name": "",
+        "gal": "",
+        "client_id": "",
+        "max_aliases": "",
+        "mbox_rl_info": "",
+        "mins_interval": "",
+        "multiple_bookings": "",
+        "none_inherit": "",
+        "acl": "",
+        "active": "",
+        "admin": "",
+        "advanced_settings": "",
+        "alias": "",
+        "allow_from_smtp": "",
+        "allow_from_smtp_info": "",
+        "allowed_protocols": "",
+        "app_name": "",
+        "app_passwd": "",
+        "app_passwd_protocols": "",
+        "automap": "",
+        "backup_mx_options": "",
+        "bcc_dest_format": "",
+        "client_secret": "",
+        "comment_info": "",
+        "created_on": "",
+        "custom_attributes": "",
+        "delete1": "",
+        "delete2": "",
+        "delete2duplicates": "",
+        "delete_ays": "",
+        "domain_footer_html": "",
+        "domain_footer_info": "",
+        "domain_footer_info_vars": {
+            "auth_user": "",
+            "from_user": "",
+            "from_name": "",
+            "from_addr": "",
+            "from_domain": "",
+            "custom": ""
+        },
+        "domain_footer_plain": "",
+        "domain_quota": "",
+        "domains": "",
+        "dont_check_sender_acl": "",
+        "edit_alias_domain": "",
+        "force_pw_update": "",
+        "force_pw_update_info": "",
+        "generate": "",
+        "nexthop": "",
+        "password": "",
+        "password_repeat": "",
+        "previous": "",
+        "pushover": "",
+        "pushover_evaluate_x_prio": "",
+        "pushover_info": "",
+        "pushover_only_x_prio": "",
+        "quota_warning_bcc_info": "",
+        "redirect_uri": "",
+        "relay_all": "",
+        "relay_all_info": "",
+        "relay_domain": "",
+        "relay_transport_info": "",
+        "relay_unknown_only": "",
+        "relayhost": "",
+        "remove": "",
+        "resource": "",
+        "save": "",
+        "scope": "",
+        "sender_acl": "",
+        "sender_acl_disabled": "",
+        "sender_acl_info": "",
+        "sieve_desc": "",
+        "sieve_type": "",
+        "max_mailboxes": ""
+    },
+    "fido2": {
+        "none": "",
+        "register_status": "",
+        "rename": "",
+        "set_fido2": "",
+        "set_fido2_touchid": "",
+        "confirm": "",
+        "fido2_auth": "",
+        "fido2_success": "",
+        "fido2_validation_failed": "",
+        "fn": "",
+        "known_ids": "",
+        "set_fn": "",
+        "start_fido2_validation": ""
+    },
+    "mailbox": {
+        "bcc_sender_map": "",
+        "bcc_to_rcpt": "",
+        "bcc_to_sender": "",
+        "bcc_type": "",
+        "booking_null": "",
+        "booking_0_short": "",
+        "booking_custom": "",
+        "booking_custom_short": "",
+        "booking_ltnull": "",
+        "created_on": "",
+        "daily": "",
+        "deactivate": "",
+        "disable_x": "",
+        "domain": "",
+        "excludes": "",
+        "gal": "",
+        "goto_ham": "",
+        "goto_spam": "",
+        "hourly": "",
+        "in_use": "",
+        "mins_interval": "",
+        "msg_num": "",
+        "multiple_bookings": "",
+        "never": "",
+        "sieve_preset_8": "",
+        "sieve_preset_header": "",
+        "sogo_visible": "",
+        "sogo_visible_n": "",
+        "sogo_visible_y": "",
+        "spam_aliases": "",
+        "tls_policy_maps_long": "",
+        "add_domain": "",
+        "booking_lt0_short": "",
+        "catch_all": "",
+        "dkim_domains_selector": "",
+        "description": "",
+        "disable_login": "",
+        "dkim_key_length": "",
+        "domain_admins": "",
+        "domain_aliases": "",
+        "domain_quota": "",
+        "filter_table": "",
+        "filters": "",
+        "fname": "",
+        "force_pw_update": "",
+        "insert_preset": "",
+        "kind": "",
+        "last_mail_login": "",
+        "last_modified": "",
+        "last_pw_change": "",
+        "last_run": "",
+        "last_run_reset": "",
+        "mailbox": "",
+        "mailbox_defaults": "",
+        "mailbox_defaults_info": "",
+        "mailbox_defquota": "",
+        "mailbox_templates": "",
+        "max_aliases": "",
+        "max_mailboxes": "",
+        "remove": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "table_size": "",
+        "action": "",
+        "activate": "",
+        "active": "",
+        "add": "",
+        "add_alias": "",
+        "add_alias_expand": "",
+        "add_bcc_entry": "",
+        "add_domain_alias": "",
+        "add_domain_record_first": "",
+        "add_filter": "",
+        "add_mailbox": "",
+        "add_recipient_map_entry": "",
+        "add_resource": "",
+        "add_template": "",
+        "add_tls_policy_map": "",
+        "address_rewriting": "",
+        "alias": "",
+        "alias_domain_alias_hint": "",
+        "alias_domain_backupmx": "",
+        "aliases": "",
+        "all_domains": "",
+        "allow_from_smtp": "",
+        "allow_from_smtp_info": "",
+        "allowed_protocols": "",
+        "backup_mx": "",
+        "bcc": "",
+        "bcc_destination": "",
+        "bcc_destinations": "",
+        "bcc_info": "",
+        "bcc_local_dest": "",
+        "bcc_map": "",
+        "bcc_map_type": "",
+        "bcc_maps": "",
+        "bcc_rcpt_map": "",
+        "domain_templates": "",
+        "domain_quota_total": "",
+        "domains": "",
+        "edit": "",
+        "empty": "",
+        "enable_x": "",
+        "inactive": "",
+        "mailbox_quota": "",
+        "mailboxes": "",
+        "max_quota": "",
+        "no": "",
+        "no_record": "",
+        "no_record_single": "",
+        "open_logs": "",
+        "owner": "",
+        "private_comment": "",
+        "public_comment": "",
+        "q_add_header": "",
+        "q_all": "",
+        "q_reject": "",
+        "quarantine_category": "",
+        "quarantine_notification": "",
+        "quick_actions": "",
+        "recipient": "",
+        "recipient_map": "",
+        "recipient_map_info": "",
+        "recipient_map_new": "",
+        "recipient_map_new_info": "",
+        "recipient_map_old": "",
+        "recipient_map_old_info": "",
+        "recipient_maps": "",
+        "relay_all": "",
+        "relay_unknown": "",
+        "resources": "",
+        "running": "",
+        "sender": "",
+        "set_postfilter": "",
+        "set_prefilter": "",
+        "sieve_info": "",
+        "sieve_preset_1": "",
+        "sieve_preset_2": "",
+        "sieve_preset_3": "",
+        "sieve_preset_4": "",
+        "sieve_preset_5": "",
+        "sieve_preset_6": "",
+        "sieve_preset_7": "",
+        "stats": "",
+        "status": "",
+        "sync_jobs": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "table_size_show_n": "",
+        "target_address": "",
+        "target_domain": "",
+        "templates": "",
+        "template": "",
+        "tls_enforce_in": "",
+        "tls_enforce_out": "",
+        "tls_map_dest": "",
+        "tls_map_dest_info": "",
+        "tls_map_parameters": "",
+        "tls_map_parameters_info": "",
+        "tls_map_policy": "",
+        "tls_policy_maps": "",
+        "tls_policy_maps_enforced_tls": "",
+        "tls_policy_maps_info": "",
+        "toggle_all": "",
+        "username": "",
+        "waiting": "",
+        "weekly": "",
+        "yes": ""
+    },
+    "info": {
+        "no_action": "",
+        "awaiting_tfa_confirmation": "",
+        "session_expires": ""
+    },
+    "tfa": {
+        "api_register": "",
+        "delete_tfa": "",
+        "authenticators": "",
+        "confirm": "",
+        "confirm_totp_token": "",
+        "disable_tfa": "",
+        "error_code": "",
+        "enter_qr_code": "",
+        "init_webauthn": "",
+        "key_id": "",
+        "key_id_totp": "",
+        "none": "",
+        "reload_retry": "",
+        "scan_qr_code": "",
+        "select": "",
+        "set_tfa": "",
+        "start_webauthn_validation": "",
+        "tfa": "",
+        "tfa_token_invalid": "",
+        "totp": "",
+        "u2f_deprecated": "",
+        "u2f_deprecated_important": "",
+        "webauthn": "",
+        "waiting_usb_auth": "",
+        "waiting_usb_register": "",
+        "yubi_otp": ""
+    },
+    "footer": {
+        "cancel": "",
+        "confirm_delete": "",
+        "delete_now": "",
+        "delete_these_items": "",
+        "hibp_check": "",
+        "hibp_nok": "",
+        "hibp_ok": "",
+        "restart_now": "",
+        "restarting_container": "",
+        "loading": "",
+        "nothing_selected": "",
+        "restart_container": "",
+        "restart_container_info": ""
+    },
+    "header": {
+        "administration": "",
+        "apps": "",
+        "debug": "",
+        "email": "",
+        "mailcow_system": "",
+        "mailcow_config": "",
+        "quarantine": "",
+        "restart_netfilter": "",
+        "restart_sogo": "",
+        "user_settings": ""
+    },
+    "user": {
+        "app_name": "",
+        "direct_aliases": "",
+        "direct_aliases_desc": "",
+        "eas_reset": "",
+        "expire_in": "",
+        "pushover_only_x_prio": "",
+        "quarantine_notification_info": "",
+        "recent_successful_connections": "",
+        "spamfilter_bl": "",
+        "spamfilter_default_score": "",
+        "status": "",
+        "tag_help_explain": "",
+        "tag_in_none": "",
+        "text": "",
+        "aliases_send_as_all": "",
+        "app_hint": "",
+        "interval": "",
+        "is_catch_all": "",
+        "last_mail_login": "",
+        "last_pw_change": "",
+        "last_run": "",
+        "tag_in_subfolder": "",
+        "tag_in_subject": "",
+        "title": "",
+        "quarantine_notification": "",
+        "action": "",
+        "active": "",
+        "active_sieve": "",
+        "advanced_settings": "",
+        "alias": "",
+        "alias_create_random": "",
+        "alias_extend_all": "",
+        "alias_full_date": "",
+        "alias_remove_all": "",
+        "alias_select_validity": "",
+        "alias_time_left": "",
+        "alias_valid_until": "",
+        "aliases_also_send_as": "",
+        "allowed_protocols": "",
+        "app_passwds": "",
+        "apple_connection_profile": "",
+        "apple_connection_profile_complete": "",
+        "apple_connection_profile_mailonly": "",
+        "apple_connection_profile_with_app_password": "",
+        "attribute": "",
+        "change_password": "",
+        "change_password_hint_app_passwords": "",
+        "clear_recent_successful_connections": "",
+        "client_configuration": "",
+        "create_app_passwd": "",
+        "create_syncjob": "",
+        "created_on": "",
+        "daily": "",
+        "day": "",
+        "delete_ays": "",
+        "direct_protocol_access": "",
+        "eas_reset_help": "",
+        "eas_reset_now": "",
+        "edit": "",
+        "email": "",
+        "email_and_dav": "",
+        "empty": "",
+        "encryption": "",
+        "excludes": "",
+        "fido2_webauthn": "",
+        "force_pw_update": "",
+        "from": "",
+        "generate": "",
+        "hour": "",
+        "hourly": "",
+        "hours": "",
+        "in_use": "",
+        "last_ui_login": "",
+        "loading": "",
+        "login_history": "",
+        "mailbox": "",
+        "mailbox_details": "",
+        "mailbox_general": "",
+        "mailbox_settings": "",
+        "messages": "",
+        "month": "",
+        "months": "",
+        "never": "",
+        "new_password": "",
+        "new_password_repeat": "",
+        "no_active_filter": "",
+        "no_last_login": "",
+        "no_record": "",
+        "open_logs": "",
+        "open_webmail_sso": "",
+        "password": "",
+        "password_now": "",
+        "password_repeat": "",
+        "pushover_evaluate_x_prio": "",
+        "pushover_info": "",
+        "pushover_sender_array": "",
+        "pushover_sender_regex": "",
+        "pushover_text": "",
+        "pushover_title": "",
+        "pushover_sound": "",
+        "pushover_vars": "",
+        "pushover_verify": "",
+        "q_add_header": "",
+        "q_all": "",
+        "q_reject": "",
+        "quarantine_category": "",
+        "quarantine_category_info": "",
+        "remove": "",
+        "running": "",
+        "save": "",
+        "save_changes": "",
+        "sender_acl_disabled": "",
+        "shared_aliases": "",
+        "shared_aliases_desc": "",
+        "show_sieve_filters": "",
+        "sogo_profile_reset": "",
+        "sogo_profile_reset_help": "",
+        "sogo_profile_reset_now": "",
+        "spam_aliases": "",
+        "spam_score_reset": "",
+        "spamfilter": "",
+        "spamfilter_behavior": "",
+        "spamfilter_bl_desc": "",
+        "spamfilter_green": "",
+        "spamfilter_hint": "",
+        "spamfilter_red": "",
+        "spamfilter_table_action": "",
+        "spamfilter_table_add": "",
+        "spamfilter_table_domain_policy": "",
+        "spamfilter_table_empty": "",
+        "spamfilter_table_remove": "",
+        "spamfilter_table_rule": "",
+        "spamfilter_wl": "",
+        "spamfilter_wl_desc": "",
+        "spamfilter_yellow": "",
+        "sync_jobs": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "tag_handling": "",
+        "tag_help_example": "",
+        "tls_enforce_in": "",
+        "tls_enforce_out": "",
+        "tls_policy": "",
+        "tls_policy_warning": "",
+        "user_settings": "",
+        "username": "",
+        "value": "",
+        "verify": "",
+        "waiting": "",
+        "week": "",
+        "weekly": "",
+        "weeks": "",
+        "with_app_password": "",
+        "year": "",
+        "years": ""
+    },
+    "warning": {
+        "session_token": "",
+        "session_ua": "",
+        "cannot_delete_self": "",
+        "domain_added_sogo_failed": "",
+        "dovecot_restart_failed": "",
+        "fuzzy_learn_error": "",
+        "hash_not_found": "",
+        "ip_invalid": "",
+        "is_not_primary_alias": "",
+        "no_active_admin": "",
+        "quota_exceeded_scope": ""
+    },
+    "diagnostics": {
+        "dns_records_docs": "",
+        "cname_from_a": "",
+        "dns_records": "",
+        "dns_records_24hours": "",
+        "dns_records_data": "",
+        "dns_records_name": "",
+        "dns_records_status": "",
+        "dns_records_type": "",
+        "optional": ""
+    },
+    "debug": {
+        "service": "",
+        "show_ip": "",
+        "architecture": "",
+        "chart_this_server": "",
+        "containers_info": "",
+        "container_running": "",
+        "container_disabled": "",
+        "container_stopped": "",
+        "cores": "",
+        "current_time": "",
+        "disk_usage": "",
+        "docs": "",
+        "error_show_ip": "",
+        "external_logs": "",
+        "history_all_servers": "",
+        "in_memory_logs": "",
+        "jvm_memory_solr": "",
+        "last_modified": "",
+        "log_info": "",
+        "login_time": "",
+        "logs": "",
+        "memory": "",
+        "online_users": "",
+        "restart_container": "",
+        "size": "",
+        "solr_dead": "",
+        "solr_status": "",
+        "started_at": "",
+        "started_on": "",
+        "static_logs": "",
+        "success": "",
+        "system_containers": "",
+        "timezone": "",
+        "uptime": "",
+        "update_available": "",
+        "no_update_available": "",
+        "update_failed": "",
+        "username": "",
+        "wip": ""
+    },
+    "login": {
+        "fido2_webauthn": "",
+        "delayed": "",
+        "login": "",
+        "mobileconfig_info": "",
+        "other_logins": "",
+        "password": "",
+        "username": ""
+    },
+    "datatables": {
+        "collapse_all": "",
+        "decimal": "",
+        "emptyTable": "",
+        "expand_all": "",
+        "info": "",
+        "infoEmpty": "",
+        "infoFiltered": "",
+        "infoPostFix": "",
+        "thousands": "",
+        "lengthMenu": "",
+        "loadingRecords": "",
+        "processing": "",
+        "search": "",
+        "zeroRecords": "",
+        "paginate": {
+            "first": "",
+            "last": "",
+            "next": "",
+            "previous": ""
+        },
+        "aria": {
+            "sortAscending": "",
+            "sortDescending": ""
+        }
+    },
+    "oauth2": {
+        "access_denied": "",
+        "authorize_app": "",
+        "deny": "",
+        "permit": "",
+        "profile": "",
+        "profile_desc": "",
+        "scope_ask_permission": ""
+    },
+    "queue": {
+        "delete": "",
+        "flush": "",
+        "info": "",
+        "legend": "",
+        "ays": "",
+        "deliver_mail": "",
+        "deliver_mail_legend": "",
+        "hold_mail": "",
+        "hold_mail_legend": "",
+        "queue_manager": "",
+        "show_message": "",
+        "unban": "",
+        "unhold_mail": "",
+        "unhold_mail_legend": ""
+    },
+    "ratelimit": {
+        "disabled": "",
+        "second": "",
+        "minute": "",
+        "hour": "",
+        "day": ""
     }
 }
diff --git a/data/web/lang/lang.nl-nl.json b/data/web/lang/lang.nl-nl.json
index fdfc91c70..725e73bfb 100644
--- a/data/web/lang/lang.nl-nl.json
+++ b/data/web/lang/lang.nl-nl.json
@@ -26,7 +26,9 @@
         "syncjobs": "Sync jobs",
         "tls_policy": "Versleutelingsbeleid",
         "unlimited_quota": "Onbeperkte quota voor mailboxen",
-        "domain_desc": "Wijzig domeinbeschrijving"
+        "domain_desc": "Wijzig domeinbeschrijving",
+        "domain_relayhost": "",
+        "mailbox_relayhost": ""
     },
     "add": {
         "activate_filter_warn": "Alle andere filters worden gedeactiveerd zolang deze geactiveerd is.",
@@ -104,7 +106,9 @@
         "validate": "Verifieer",
         "validation_success": "Succesvol geverifieerd",
         "tags": "Tags",
-        "bcc_dest_format": "BCC-bestemming moet één geldig e-mailadres zijn.<br>Als u een kopie naar meerdere adressen wilt sturen, maak dan een alias aan en gebruik die hier."
+        "bcc_dest_format": "BCC-bestemming moet één geldig e-mailadres zijn.<br>Als u een kopie naar meerdere adressen wilt sturen, maak dan een alias aan en gebruik die hier.",
+        "dry": "",
+        "app_passwd_protocols": ""
     },
     "admin": {
         "access": "Toegang",
@@ -337,7 +341,17 @@
         "admins_ldap": "LDAP administrators",
         "api_read_only": "Alleen-lezen toegang",
         "api_read_write": "Lees en schrijf toegang",
-        "login_time": "Login tijd"
+        "login_time": "Login tijd",
+        "allowed_methods": "",
+        "copy_to_clipboard": "",
+        "f2b_manage_external": "",
+        "f2b_manage_external_info": "",
+        "allowed_origins": "",
+        "ip_check_opt_in": "",
+        "queue_unban": "",
+        "transport_test_rcpt_info": "",
+        "yes": "",
+        "no": ""
     },
     "danger": {
         "access_denied": "Toegang geweigerd of ongeldige gegevens",
@@ -463,7 +477,12 @@
         "demo_mode_enabled": "Demo modus is ingeschakeld",
         "template_exists": "Sjabloon %s bestaat al",
         "template_id_invalid": "Sjabloon ID %s ongeldig",
-        "template_name_invalid": "Sjabloon naam ongeldig"
+        "template_name_invalid": "Sjabloon naam ongeldig",
+        "webauthn_username_failed": "",
+        "cors_invalid_origin": "",
+        "img_dimensions_exceeded": "",
+        "img_size_exceeded": "",
+        "extended_sender_acl_denied": ""
     },
     "debug": {
         "chart_this_server": "Grafiek (deze server)",
@@ -627,7 +646,26 @@
         "acl": "ACL (Toestemming)",
         "domain_footer": "Domeinbreede footer",
         "domain_footer_html": "HTML footer",
-        "mailbox_relayhost_info": "Wordt alleen toegepast op de mailbox en directe aliassen, maar heft een domein relayhost op."
+        "mailbox_relayhost_info": "Wordt alleen toegepast op de mailbox en directe aliassen, maar heft een domein relayhost op.",
+        "lookup_mx": "",
+        "footer_exclude": "",
+        "domain_footer_skip_replies": "",
+        "custom_attributes": "",
+        "quota_warning_bcc": "",
+        "domain_footer_info_vars": {
+            "auth_user": "",
+            "from_user": "",
+            "from_name": "",
+            "from_addr": "",
+            "from_domain": "",
+            "custom": ""
+        },
+        "pushover": "",
+        "domain_footer_plain": "",
+        "none_inherit": "",
+        "quota_warning_bcc_info": "",
+        "sogo_access": "",
+        "sogo_access_info": ""
     },
     "footer": {
         "cancel": "Annuleren",
@@ -640,7 +678,9 @@
         "restart_container": "Herstart container",
         "restart_container_info": "<b>Belangrijk:</b> Een herstart kan enige tijd in beslag nemen, wacht aub totdat dit proces voltooid is.<br>Deze pagina zal zichzelf verversen zodra het proces voltooid is.",
         "restart_now": "Nu herstarten",
-        "restarting_container": "Container wordt herstart, even geduld aub..."
+        "restarting_container": "Container wordt herstart, even geduld aub...",
+        "hibp_check": "",
+        "nothing_selected": ""
     },
     "header": {
         "administration": "Configuratie & details",
@@ -651,7 +691,8 @@
         "quarantine": "Quarantaine",
         "restart_netfilter": "Herstart netfilter",
         "restart_sogo": "Herstart SOGo",
-        "user_settings": "Gebruikersinstellingen"
+        "user_settings": "Gebruikersinstellingen",
+        "mailcow_system": ""
     },
     "info": {
         "awaiting_tfa_confirmation": "In afwachting van tweefactorauthenticatie...",
@@ -812,7 +853,35 @@
         "toggle_all": "Selecteer alles",
         "username": "Gebruikersnaam",
         "waiting": "Wachten",
-        "weekly": "Wekelijks"
+        "weekly": "Wekelijks",
+        "add_alias_expand": "",
+        "all_domains": "",
+        "goto_spam": "",
+        "sender": "",
+        "catch_all": "",
+        "add_template": "",
+        "created_on": "",
+        "domain_templates": "",
+        "domain_quota_total": "",
+        "goto_ham": "",
+        "last_pw_change": "",
+        "mailbox_templates": "",
+        "no": "",
+        "open_logs": "",
+        "recipient": "",
+        "relay_unknown": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "templates": "",
+        "template": "",
+        "yes": ""
     },
     "oauth2": {
         "access_denied": "Log in als een mailboxgebruiker om toegang via OAuth te verlenen",
@@ -877,7 +946,20 @@
         "toggle_all": "Selecteer alles"
     },
     "queue": {
-        "queue_manager": "Queue manager"
+        "queue_manager": "Queue manager",
+        "delete": "",
+        "flush": "",
+        "info": "",
+        "legend": "",
+        "ays": "",
+        "deliver_mail": "",
+        "deliver_mail_legend": "",
+        "hold_mail": "",
+        "hold_mail_legend": "",
+        "show_message": "",
+        "unban": "",
+        "unhold_mail": "",
+        "unhold_mail_legend": ""
     },
     "start": {
         "help": "Toon/verberg hulppaneel",
@@ -960,7 +1042,16 @@
         "verified_totp_login": "TOTP succesvol geverifieerd",
         "verified_webauthn_login": "WebAuthn succesvol geverifieerd",
         "verified_fido2_login": "FIDO2 succesvol geverifieerd",
-        "verified_yotp_login": "Yubico OTP succesvol geverifieerd"
+        "verified_yotp_login": "Yubico OTP succesvol geverifieerd",
+        "f2b_banlist_refreshed": "",
+        "ip_check_opt_in_modified": "",
+        "password_policy_saved": "",
+        "template_added": "",
+        "cors_headers_edited": "",
+        "domain_add_dkim_available": "",
+        "domain_footer_modified": "",
+        "template_modified": "",
+        "template_removed": ""
     },
     "tfa": {
         "api_register": "%s maakt gebruik van de Yubico Cloud API. Om dit te benutten is er een API-key van Yubico vereist, deze kan <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">hier</a> opgevraagd worden",
@@ -985,7 +1076,10 @@
         "webauthn": "WebAuthn",
         "waiting_usb_auth": "<i>In afwachting van USB-apparaat...</i><br><br>Druk nu op de knop van je WebAuthn-apparaat.",
         "waiting_usb_register": "<i>In afwachting van USB-apparaat...</i><br><br>Voer je wachtwoord hierboven in en bevestig de registratie van het WebAuthn-apparaat door op de knop van het apparaat te drukken.",
-        "yubi_otp": "Yubico OTP"
+        "yubi_otp": "Yubico OTP",
+        "authenticators": "",
+        "u2f_deprecated": "",
+        "u2f_deprecated_important": ""
     },
     "fido2": {
         "set_fn": "Stel naam in",
@@ -999,7 +1093,8 @@
         "start_fido2_validation": "Start FIDO2-validatie",
         "fido2_auth": "Aanmelden met FIDO2",
         "fido2_success": "Apparaat succesvol geregistreerd",
-        "fido2_validation_failed": "Validatie mislukt"
+        "fido2_validation_failed": "Validatie mislukt",
+        "set_fido2_touchid": ""
     },
     "user": {
         "action": "Handeling",
@@ -1129,7 +1224,41 @@
         "waiting": "Wachten",
         "week": "week",
         "weekly": "Wekelijks",
-        "weeks": "weken"
+        "weeks": "weken",
+        "attribute": "",
+        "years": "",
+        "value": "",
+        "fido2_webauthn": "",
+        "recent_successful_connections": "",
+        "syncjob_check_log": "",
+        "allowed_protocols": "",
+        "apple_connection_profile_with_app_password": "",
+        "direct_protocol_access": "",
+        "last_pw_change": "",
+        "last_ui_login": "",
+        "login_history": "",
+        "mailbox": "",
+        "mailbox_general": "",
+        "mailbox_settings": "",
+        "month": "",
+        "months": "",
+        "open_logs": "",
+        "open_webmail_sso": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "year": "",
+        "with_app_password": "",
+        "from": "",
+        "change_password_hint_app_passwords": "",
+        "clear_recent_successful_connections": "",
+        "created_on": "",
+        "empty": ""
     },
     "warning": {
         "cannot_delete_self": "Gebruikers kunnen niet worden verwijderd wanneer deze zijn aangemeld",
@@ -1141,7 +1270,8 @@
         "no_active_admin": "Het is niet mogelijk om de laatste actieve administrator te verwijderen",
         "quota_exceeded_scope": "Domeinquota overschreden: Voor dit domein kunnen uitsluitend onbeperkte mailboxen aangemaakt worden.",
         "session_token": "Token ongeldig: komt niet overeen",
-        "session_ua": "Token ongeldig: gebruikersagentvalidatie mislukt"
+        "session_ua": "Token ongeldig: gebruikersagentvalidatie mislukt",
+        "is_not_primary_alias": ""
     },
     "datatables": {
         "emptyTable": "Geen data beschikbaar in tabel",
@@ -1165,6 +1295,15 @@
         "loadingRecords": "Laden...",
         "processing": "Wachten alstublieft..",
         "search": "Zoeken:",
-        "zeroRecords": "Geen overeenkomsten gevonden"
+        "zeroRecords": "Geen overeenkomsten gevonden",
+        "infoPostFix": "",
+        "infoFiltered": ""
+    },
+    "ratelimit": {
+        "disabled": "",
+        "second": "",
+        "minute": "",
+        "hour": "",
+        "day": ""
     }
 }
diff --git a/data/web/lang/lang.pl-pl.json b/data/web/lang/lang.pl-pl.json
index aa185d32e..d10a1e165 100644
--- a/data/web/lang/lang.pl-pl.json
+++ b/data/web/lang/lang.pl-pl.json
@@ -2,7 +2,33 @@
     "acl": {
         "sogo_profile_reset": "Usuń profil SOGo (webmail)",
         "syncjobs": "Polecenie synchronizacji",
-        "alias_domains": "Dodaj aliasy domen"
+        "alias_domains": "Dodaj aliasy domen",
+        "quarantine_notification": "",
+        "ratelimit": "",
+        "recipient_maps": "",
+        "smtp_ip_access": "",
+        "sogo_access": "",
+        "spam_alias": "",
+        "spam_policy": "",
+        "spam_score": "",
+        "tls_policy": "",
+        "unlimited_quota": "",
+        "app_passwds": "",
+        "bcc_maps": "",
+        "delimiter_action": "",
+        "domain_desc": "",
+        "domain_relayhost": "",
+        "eas_reset": "",
+        "extend_sender_acl": "",
+        "filters": "",
+        "login_as": "",
+        "mailbox_relayhost": "",
+        "prohibited": "",
+        "protocol_access": "",
+        "quarantine": "",
+        "quarantine_attachments": "",
+        "quarantine_category": "",
+        "pushover": ""
     },
     "add": {
         "active": "Aktywny",
@@ -43,7 +69,46 @@
         "target_address": "Adresy Idź do:",
         "target_address_info": "<small> Pełny/e adres/y email (oddzielone przecinkami).</small>",
         "target_domain": "Domena docelowa:",
-        "username": "Nazwa użytkownika"
+        "username": "Nazwa użytkownika",
+        "dry": "",
+        "add_domain_only": "",
+        "automap": "",
+        "bcc_dest_format": "",
+        "comment_info": "",
+        "custom_params": "",
+        "custom_params_hint": "",
+        "delete2": "",
+        "disable_login": "",
+        "domain_matches_hostname": "",
+        "destination": "",
+        "sieve_desc": "",
+        "sieve_type": "",
+        "skipcrossduplicates": "",
+        "subscribeall": "",
+        "tags": "",
+        "timeout1": "",
+        "gal": "",
+        "gal_info": "",
+        "goto_ham": "",
+        "goto_null": "",
+        "goto_spam": "",
+        "inactive": "",
+        "mailbox_quota_def": "",
+        "private_comment": "",
+        "public_comment": "",
+        "relay_transport_info": "",
+        "timeout2": "",
+        "validate": "",
+        "relay_unknown_only": "",
+        "relayhost_wrapped_tls_info": "",
+        "validation_success": "",
+        "activate_filter_warn": "",
+        "add_domain_restart": "",
+        "app_name": "",
+        "generate": "",
+        "nexthop": "",
+        "app_password": "",
+        "app_passwd_protocols": ""
     },
     "admin": {
         "access": "Dostęp",
@@ -99,7 +164,194 @@
         "spamfilter": "Filtr spamu",
         "time": "Czas",
         "unchanged_if_empty": "W przypadku braku zmian, nie wypełniaj",
-        "username": "Nazwa użytkownika"
+        "username": "Nazwa użytkownika",
+        "oauth2_redirect_uri": "",
+        "oauth2_renew_secret": "",
+        "oauth2_revoke_tokens": "",
+        "rspamd_global_filters_regex": "",
+        "ui_header_announcement_type_warning": "",
+        "logo_normal_label": "",
+        "logo_dark_label": "",
+        "rate_name": "",
+        "ui_texts": "",
+        "unban_pending": "",
+        "f2b_ban_time_increment": "",
+        "f2b_max_ban_time": "",
+        "relayhosts_hint": "",
+        "copy_to_clipboard": "",
+        "f2b_manage_external": "",
+        "f2b_manage_external_info": "",
+        "in_use_by": "",
+        "include_exclude": "",
+        "include_exclude_info": "",
+        "includes": "",
+        "is_mx_based": "",
+        "nexthop": "",
+        "no": "",
+        "no_active_bans": "",
+        "no_new_rows": "",
+        "oauth2_apps": "",
+        "oauth2_add_client": "",
+        "oauth2_client_id": "",
+        "oauth2_client_secret": "",
+        "oauth2_info": "",
+        "optional": "",
+        "options": "",
+        "password_length": "",
+        "password_policy": "",
+        "password_policy_chars": "",
+        "password_policy_length": "",
+        "quarantine_notification_html": "",
+        "quarantine_notification_subject": "",
+        "quarantine_redirect": "",
+        "quarantine_release_format": "",
+        "quarantine_release_format_att": "",
+        "quarantine_release_format_raw": "",
+        "quarantine_retention_size": "",
+        "quota_notification_html": "",
+        "quota_notification_sender": "",
+        "quota_notification_subject": "",
+        "quota_notifications": "",
+        "quota_notifications_info": "",
+        "quota_notifications_vars": "",
+        "queue_unban": "",
+        "recipients": "",
+        "regen_api_key": "",
+        "relay_rcpt": "",
+        "relay_run": "",
+        "relayhosts": "",
+        "remove_row": "",
+        "reset_default": "",
+        "reset_limit": "",
+        "rsetting_add_rule": "",
+        "rsetting_content": "",
+        "rsetting_desc": "",
+        "rsetting_no_selection": "",
+        "rsetting_none": "",
+        "rsettings_insert_preset": "",
+        "rsettings_preset_1": "",
+        "rsettings_preset_2": "",
+        "rsettings_preset_3": "",
+        "rsettings_preset_4": "",
+        "rspamd_com_settings": "",
+        "rspamd_global_filters": "",
+        "rspamd_global_filters_agree": "",
+        "rspamd_global_filters_info": "",
+        "rspamd_settings_map": "",
+        "sal_level": "",
+        "send": "",
+        "sender": "",
+        "service": "",
+        "service_id": "",
+        "subject": "",
+        "success": "",
+        "sys_mails": "",
+        "text": "",
+        "title": "",
+        "ui_header_announcement_type": "",
+        "ui_header_announcement_type_danger": "",
+        "ui_header_announcement_type_info": "",
+        "validate_license_now": "",
+        "verify": "",
+        "yes": "",
+        "allowed_methods": "",
+        "allowed_origins": "",
+        "cors_settings": "",
+        "customize": "",
+        "credentials_transport_warning": "",
+        "destination": "",
+        "dkim_domains_selector": "",
+        "hash_remove_info": "",
+        "html": "",
+        "message_size": "",
+        "dkim_domains_wo_keys": "",
+        "dkim_from_title": "",
+        "dkim_overwrite_key": "",
+        "excludes": "",
+        "f2b_blacklist": "",
+        "f2b_filter": "",
+        "f2b_list_info": "",
+        "f2b_netban_ipv4": "",
+        "f2b_netban_ipv6": "",
+        "f2b_regex_info": "",
+        "from": "",
+        "generate": "",
+        "guid": "",
+        "guid_and_license": "",
+        "help_text": "",
+        "dkim_to": "",
+        "dkim_to_title": "",
+        "domain_admin": "",
+        "domain_s": "",
+        "duplicate": "",
+        "duplicate_dkim": "",
+        "ip_check": "",
+        "ip_check_disabled": "",
+        "ip_check_opt_in": "",
+        "last_applied": "",
+        "merged_vars_hint": "",
+        "license_info": "",
+        "link": "",
+        "login_time": "",
+        "logo_info": "",
+        "main_name": "",
+        "password_policy_lowerupper": "",
+        "password_policy_numbers": "",
+        "password_policy_special_chars": "",
+        "quarantine_bcc": "",
+        "quarantine_exclude_domains": "",
+        "quarantine_max_age": "",
+        "quarantine_max_score": "",
+        "quarantine_max_size": "",
+        "quarantine_notification_sender": "",
+        "title_name": "",
+        "to_top": "",
+        "transport_dest_format": "",
+        "transport_maps": "",
+        "transport_test_rcpt_info": "",
+        "transports_hint": "",
+        "ui_header_announcement": "",
+        "ui_header_announcement_active": "",
+        "ui_header_announcement_content": "",
+        "ui_header_announcement_help": "",
+        "ui_header_announcement_select": "",
+        "upload": "",
+        "regex_maps": "",
+        "relay_from": "",
+        "dkim_from": "",
+        "activate_api": "",
+        "activate_send": "",
+        "active_rspamd_settings_map": "",
+        "add_admin": "",
+        "add_relayhost": "",
+        "add_relayhost_hint": "",
+        "add_row": "",
+        "add_settings_rule": "",
+        "add_transport": "",
+        "add_transports_hint": "",
+        "customer_id": "",
+        "additional_rows": "",
+        "admins": "",
+        "admins_ldap": "",
+        "advanced_settings": "",
+        "api_allow_from": "",
+        "api_info": "",
+        "api_key": "",
+        "api_read_only": "",
+        "api_read_write": "",
+        "api_skip_ip_check": "",
+        "app_links": "",
+        "app_name": "",
+        "apps_name": "",
+        "arrival_time": "",
+        "authed_user": "",
+        "ays": "",
+        "ban_list_info": "",
+        "change_logo": "",
+        "convert_html_to_text": "",
+        "routing": "",
+        "ui_footer": "",
+        "lookup_mx": ""
     },
     "danger": {
         "access_denied": "Odmowa dostępu lub nieprawidłowe dane w formularzu",
@@ -145,7 +397,92 @@
         "target_domain_invalid": "Domena Idź do jest nieprawidłowa",
         "targetd_not_found": "Nie znaleziono domeny docelowej",
         "username_invalid": "Nie można użyć nazwy użytkownika",
-        "validity_missing": "Proszę wyznaczyć termin ważności"
+        "validity_missing": "Proszę wyznaczyć termin ważności",
+        "webauthn_authenticator_failed": "",
+        "app_name_empty": "",
+        "app_passwd_id_invalid": "",
+        "bcc_empty": "",
+        "bcc_exists": "",
+        "bcc_must_be_email": "",
+        "cors_invalid_method": "",
+        "cors_invalid_origin": "",
+        "mysql_error": "",
+        "img_dimensions_exceeded": "",
+        "img_size_exceeded": "",
+        "invalid_filter_type": "",
+        "invalid_host": "",
+        "invalid_mime_type": "",
+        "invalid_nexthop": "",
+        "invalid_nexthop_authenticated": "",
+        "invalid_recipient_map_new": "",
+        "invalid_recipient_map_old": "",
+        "mailbox_defquota_exceeds_mailbox_maxquota": "",
+        "map_content_empty": "",
+        "network_host_invalid": "",
+        "next_hop_interferes": "",
+        "next_hop_interferes_any": "",
+        "nginx_reload_failed": "",
+        "no_user_defined": "",
+        "tls_policy_map_entry_exists": "",
+        "tls_policy_map_parameter_invalid": "",
+        "totp_verification_failed": "",
+        "transport_dest_exists": "",
+        "webauthn_verification_failed": "",
+        "webauthn_publickey_failed": "",
+        "webauthn_username_failed": "",
+        "unknown": "",
+        "value_missing": "",
+        "yotp_verification_failed": "",
+        "unknown_tfa_method": "",
+        "unlimited_quota_acl": "",
+        "comment_too_long": "",
+        "defquota_empty": "",
+        "demo_mode_enabled": "",
+        "dkim_domain_or_sel_exists": "",
+        "domain_cannot_match_hostname": "",
+        "extended_sender_acl_denied": "",
+        "from_invalid": "",
+        "global_filter_write_error": "",
+        "global_map_invalid": "",
+        "global_map_write_error": "",
+        "ham_learn_error": "",
+        "imagick_exception": "",
+        "img_invalid": "",
+        "img_tmp_missing": "",
+        "invalid_bcc_map_type": "",
+        "invalid_destination": "",
+        "private_key_error": "",
+        "pushover_credentials_missing": "",
+        "pushover_key": "",
+        "pushover_token": "",
+        "recipient_map_entry_exists": "",
+        "redis_error": "",
+        "relayhost_invalid": "",
+        "release_send_failed": "",
+        "reset_f2b_regex": "",
+        "rl_timeframe": "",
+        "rspamd_ui_pw_length": "",
+        "set_acl_failed": "",
+        "settings_map_invalid": "",
+        "sieve_error": "",
+        "spam_learn_error": "",
+        "subject_empty": "",
+        "template_exists": "",
+        "template_id_invalid": "",
+        "template_name_invalid": "",
+        "text_empty": "",
+        "tls_policy_map_dest_invalid": "",
+        "malformed_username": "",
+        "extra_acl_invalid": "",
+        "targetd_relay_domain": "",
+        "temp_error": "",
+        "tfa_token_invalid": "",
+        "script_empty": "",
+        "ip_list_empty": "",
+        "extra_acl_invalid_domain": "",
+        "fido2_verification_failed": "",
+        "file_open_error": "",
+        "filter_type": ""
     },
     "edit": {
         "active": "Aktywny",
@@ -190,7 +527,93 @@
         "target_domain": "Domena docelowa",
         "title": "Edytuj obiekt",
         "unchanged_if_empty": "Jeżli bez zmian, nie wypełniaj",
-        "username": "Nazwa użytkownika"
+        "username": "Nazwa użytkownika",
+        "comment_info": "",
+        "created_on": "",
+        "footer_exclude": "",
+        "domain_footer_skip_replies": "",
+        "relay_transport_info": "",
+        "relay_unknown_only": "",
+        "scope": "",
+        "sender_acl_disabled": "",
+        "sender_acl_info": "",
+        "sieve_type": "",
+        "skipcrossduplicates": "",
+        "sogo_access": "",
+        "sogo_access_info": "",
+        "timeout2": "",
+        "validate_save": "",
+        "custom_attributes": "",
+        "domain_footer_info_vars": {
+            "from_user": "",
+            "from_addr": "",
+            "custom": "",
+            "auth_user": "",
+            "from_name": "",
+            "from_domain": ""
+        },
+        "domain_footer_plain": "",
+        "relayhost": "",
+        "timeout1": "",
+        "acl": "",
+        "admin": "",
+        "advanced_settings": "",
+        "allow_from_smtp": "",
+        "bcc_dest_format": "",
+        "client_id": "",
+        "client_secret": "",
+        "domain_footer": "",
+        "domain_footer_html": "",
+        "domain_footer_info": "",
+        "pushover_sender_array": "",
+        "pushover_sender_regex": "",
+        "pushover_text": "",
+        "pushover_title": "",
+        "ratelimit": "",
+        "redirect_uri": "",
+        "sogo_visible": "",
+        "sogo_visible_info": "",
+        "spam_alias": "",
+        "spam_filter": "",
+        "spam_policy": "",
+        "spam_score": "",
+        "sieve_desc": "",
+        "gal_info": "",
+        "grant_types": "",
+        "last_modified": "",
+        "delete2": "",
+        "delete_ays": "",
+        "disable_login": "",
+        "extended_sender_acl": "",
+        "extended_sender_acl_info": "",
+        "force_pw_update": "",
+        "force_pw_update_info": "",
+        "mailbox_quota_def": "",
+        "mailbox_relayhost_info": "",
+        "mbox_rl_info": "",
+        "none_inherit": "",
+        "nexthop": "",
+        "private_comment": "",
+        "public_comment": "",
+        "pushover": "",
+        "pushover_evaluate_x_prio": "",
+        "pushover_info": "",
+        "pushover_only_x_prio": "",
+        "maxbytespersecond": "",
+        "allow_from_smtp_info": "",
+        "allowed_protocols": "",
+        "app_name": "",
+        "app_passwd": "",
+        "app_passwd_protocols": "",
+        "automap": "",
+        "gal": "",
+        "generate": "",
+        "pushover_sound": "",
+        "pushover_vars": "",
+        "pushover_verify": "",
+        "quota_warning_bcc": "",
+        "quota_warning_bcc_info": "",
+        "lookup_mx": ""
     },
     "footer": {
         "cancel": "Anuluj",
@@ -198,7 +621,14 @@
         "delete_now": "Usuń teraz",
         "delete_these_items": "Czy jesteś pewien, że chcesz usunąć następujące elementy?",
         "loading": "Proszę czekać...",
-        "restart_now": "Uruchom ponownie teraz"
+        "restart_now": "Uruchom ponownie teraz",
+        "hibp_check": "",
+        "hibp_nok": "",
+        "restart_container_info": "",
+        "restarting_container": "",
+        "hibp_ok": "",
+        "nothing_selected": "",
+        "restart_container": ""
     },
     "header": {
         "administration": "Administrowanie",
@@ -206,16 +636,25 @@
         "mailcow_config": "Konfiguracja",
         "quarantine": "Kwarantanna",
         "restart_sogo": "Uruchom ponownie SOGo",
-        "user_settings": "Ustawienia użytkownika"
+        "user_settings": "Ustawienia użytkownika",
+        "apps": "",
+        "debug": "",
+        "mailcow_system": "",
+        "restart_netfilter": ""
     },
     "info": {
-        "no_action": "Żadne działanie nie ma zastosowania"
+        "no_action": "Żadne działanie nie ma zastosowania",
+        "awaiting_tfa_confirmation": "",
+        "session_expires": ""
     },
     "login": {
         "delayed": "Logowanie zostało opóźnione o %s sekund.",
         "login": "Zaloguj się",
         "password": "Hasło",
-        "username": "Nazwa użytkownika"
+        "username": "Nazwa użytkownika",
+        "mobileconfig_info": "",
+        "fido2_webauthn": "",
+        "other_logins": ""
     },
     "mailbox": {
         "action": "Działanie",
@@ -275,7 +714,122 @@
         "tls_enforce_out": "Uruchom TLS wychodzące",
         "toggle_all": "Zaznacz wszystkie",
         "username": "Nazwa użytkownika",
-        "weekly": "Co tydzień"
+        "weekly": "Co tydzień",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "add_alias_expand": "",
+        "add_bcc_entry": "",
+        "add_filter": "",
+        "add_recipient_map_entry": "",
+        "allow_from_smtp": "",
+        "bcc_info": "",
+        "bcc_local_dest": "",
+        "bcc_map": "",
+        "bcc_map_type": "",
+        "bcc_maps": "",
+        "bcc_rcpt_map": "",
+        "bcc_sender_map": "",
+        "bcc_to_rcpt": "",
+        "bcc_to_sender": "",
+        "bcc_type": "",
+        "booking_null": "",
+        "booking_0_short": "",
+        "booking_custom": "",
+        "booking_custom_short": "",
+        "booking_ltnull": "",
+        "booking_lt0_short": "",
+        "catch_all": "",
+        "created_on": "",
+        "goto_spam": "",
+        "insert_preset": "",
+        "last_mail_login": "",
+        "last_modified": "",
+        "last_pw_change": "",
+        "last_run_reset": "",
+        "mailbox": "",
+        "mailbox_defaults": "",
+        "mailbox_defaults_info": "",
+        "mailbox_defquota": "",
+        "mailbox_templates": "",
+        "no": "",
+        "q_add_header": "",
+        "q_all": "",
+        "q_reject": "",
+        "quarantine_category": "",
+        "recipient": "",
+        "recipient_map": "",
+        "recipient_map_info": "",
+        "recipient_map_old": "",
+        "recipient_map_old_info": "",
+        "recipient_maps": "",
+        "relay_unknown": "",
+        "sogo_visible_y": "",
+        "stats": "",
+        "status": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "tls_policy_maps_info": "",
+        "tls_policy_maps_long": "",
+        "waiting": "",
+        "yes": "",
+        "sieve_preset_8": "",
+        "add_template": "",
+        "add_tls_policy_map": "",
+        "address_rewriting": "",
+        "allow_from_smtp_info": "",
+        "table_size": "",
+        "alias_domain_alias_hint": "",
+        "disable_login": "",
+        "disable_x": "",
+        "dkim_domains_selector": "",
+        "domain_templates": "",
+        "sieve_preset_3": "",
+        "sieve_preset_5": "",
+        "allowed_protocols": "",
+        "bcc": "",
+        "bcc_destination": "",
+        "bcc_destinations": "",
+        "enable_x": "",
+        "filters": "",
+        "force_pw_update": "",
+        "gal": "",
+        "goto_ham": "",
+        "open_logs": "",
+        "owner": "",
+        "private_comment": "",
+        "public_comment": "",
+        "recipient_map_new": "",
+        "recipient_map_new_info": "",
+        "running": "",
+        "sender": "",
+        "set_postfilter": "",
+        "set_prefilter": "",
+        "sieve_info": "",
+        "sieve_preset_1": "",
+        "sieve_preset_2": "",
+        "sieve_preset_6": "",
+        "sieve_preset_7": "",
+        "sieve_preset_header": "",
+        "sogo_visible": "",
+        "sogo_visible_n": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "table_size_show_n": "",
+        "templates": "",
+        "template": "",
+        "tls_map_parameters_info": "",
+        "tls_map_policy": "",
+        "tls_policy_maps": "",
+        "tls_policy_maps_enforced_tls": "",
+        "sieve_preset_4": "",
+        "alias_domain_backupmx": "",
+        "all_domains": "",
+        "tls_map_dest": "",
+        "tls_map_dest_info": "",
+        "tls_map_parameters": ""
     },
     "quarantine": {
         "action": "Działanie",
@@ -283,10 +837,68 @@
         "quarantine": "Kwarantanna",
         "quick_actions": "Szybkie działania",
         "remove": "Usuń",
-        "toggle_all": "Zaznacz wszystkie"
+        "toggle_all": "Zaznacz wszystkie",
+        "deliver_inbox": "",
+        "disabled_by_config": "",
+        "download_eml": "",
+        "high_danger": "",
+        "neutral_danger": "",
+        "info": "",
+        "junk_folder": "",
+        "learn_spam_delete": "",
+        "low_danger": "",
+        "medium_danger": "",
+        "notified": "",
+        "rcpt": "",
+        "atts": "",
+        "check_hash": "",
+        "confirm": "",
+        "confirm_delete": "",
+        "danger": "",
+        "qhandler_success": "",
+        "qid": "",
+        "qinfo": "",
+        "quick_delete_link": "",
+        "quick_info_link": "",
+        "quick_release_link": "",
+        "received": "",
+        "recipients": "",
+        "refresh": "",
+        "rejected": "",
+        "release": "",
+        "release_body": "",
+        "rspamd_result": "",
+        "sender": "",
+        "sender_header": "",
+        "show_item": "",
+        "spam": "",
+        "spam_score": "",
+        "subj": "",
+        "table_size": "",
+        "table_size_show_n": "",
+        "text_from_html_content": "",
+        "text_plain_content": "",
+        "type": "",
+        "settings_info": "",
+        "release_subject": "",
+        "rewrite_subject": "",
+        "qitem": ""
     },
     "queue": {
-        "queue_manager": "Queue Manager"
+        "queue_manager": "Queue Manager",
+        "hold_mail_legend": "",
+        "delete": "",
+        "flush": "",
+        "info": "",
+        "legend": "",
+        "ays": "",
+        "deliver_mail": "",
+        "deliver_mail_legend": "",
+        "hold_mail": "",
+        "show_message": "",
+        "unban": "",
+        "unhold_mail": "",
+        "unhold_mail_legend": ""
     },
     "start": {
         "help": "Pokaż/Ukryj panel pomocy",
@@ -322,7 +934,63 @@
         "object_modified": "Zapisano zmiany w obiekcie %s",
         "resource_added": "Dodano śródło %s",
         "resource_modified": "Zapisano zmiany w skrzynce %s",
-        "resource_removed": "Usunięto zasób %s"
+        "resource_removed": "Usunięto zasób %s",
+        "hash_deleted": "",
+        "template_removed": "",
+        "tls_policy_map_entry_saved": "",
+        "ui_texts": "",
+        "upload_success": "",
+        "verified_fido2_login": "",
+        "verified_webauthn_login": "",
+        "verified_totp_login": "",
+        "verified_yotp_login": "",
+        "tls_policy_map_entry_deleted": "",
+        "acl_saved": "",
+        "admin_added": "",
+        "admin_api_modified": "",
+        "admin_removed": "",
+        "app_links": "",
+        "app_passwd_added": "",
+        "app_passwd_removed": "",
+        "bcc_deleted": "",
+        "bcc_edited": "",
+        "bcc_saved": "",
+        "cors_headers_edited": "",
+        "db_init_complete": "",
+        "delete_filter": "",
+        "delete_filters": "",
+        "deleted_syncjob": "",
+        "deleted_syncjobs": "",
+        "domain_add_dkim_available": "",
+        "dkim_duplicated": "",
+        "domain_footer_modified": "",
+        "f2b_banlist_refreshed": "",
+        "ip_check_opt_in_modified": "",
+        "item_released": "",
+        "items_released": "",
+        "learned_ham": "",
+        "license_modified": "",
+        "nginx_reloaded": "",
+        "password_policy_saved": "",
+        "pushover_settings_edited": "",
+        "qlearn_spam": "",
+        "queue_command_success": "",
+        "recipient_map_entry_deleted": "",
+        "recipient_map_entry_saved": "",
+        "relayhost_added": "",
+        "relayhost_removed": "",
+        "reset_main_logo": "",
+        "rl_saved": "",
+        "rspamd_ui_pw_set": "",
+        "saved_settings": "",
+        "settings_map_added": "",
+        "settings_map_removed": "",
+        "sogo_profile_reset": "",
+        "template_added": "",
+        "template_modified": "",
+        "dovecot_restart_success": "",
+        "global_filter_written": "",
+        "logged_in_as": ""
     },
     "tfa": {
         "api_register": "%s używa Yubico Cloud API. Proszę pobrać klucz API dla Twojego klucza <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">here</a>",
@@ -342,7 +1010,15 @@
         "webauthn": "Uwierzytelnianie WebAuthn",
         "waiting_usb_auth": "<i>Czekam na urządzenie USB...</i><br><br>Wciśnij teraz przycisk na urządzeniu WebAuthn USB.",
         "waiting_usb_register": "<i> Czekam na urządzenie USB...</i><br><br>Wprowadź swoje  hasło powyżej i potwierdź rejestrację WebAuthn przez naciśnięcie przycisku na urządzeniu WebAuthn USB.",
-        "yubi_otp": "Uwierzytelnianie Yubico OTP"
+        "yubi_otp": "Uwierzytelnianie Yubico OTP",
+        "authenticators": "",
+        "init_webauthn": "",
+        "reload_retry": "",
+        "start_webauthn_validation": "",
+        "tfa_token_invalid": "",
+        "u2f_deprecated": "",
+        "u2f_deprecated_important": "",
+        "error_code": ""
     },
     "user": {
         "action": "Działanie",
@@ -429,6 +1105,205 @@
         "username": "Nazwa użytkownika",
         "week": "Tydzień",
         "weekly": "Co tydzień",
-        "weeks": "Tygodnie"
+        "weeks": "Tygodnie",
+        "last_ui_login": "",
+        "loading": "",
+        "spam_score_reset": "",
+        "status": "",
+        "change_password_hint_app_passwords": "",
+        "verify": "",
+        "email": "",
+        "login_history": "",
+        "mailbox": "",
+        "mailbox_general": "",
+        "mailbox_settings": "",
+        "month": "",
+        "months": "",
+        "app_name": "",
+        "apple_connection_profile": "",
+        "from": "",
+        "generate": "",
+        "pushover_sound": "",
+        "value": "",
+        "quarantine_category_info": "",
+        "running": "",
+        "pushover_sender_regex": "",
+        "pushover_text": "",
+        "pushover_title": "",
+        "pushover_vars": "",
+        "pushover_verify": "",
+        "title": "",
+        "advanced_settings": "",
+        "app_hint": "",
+        "allowed_protocols": "",
+        "apple_connection_profile_complete": "",
+        "apple_connection_profile_mailonly": "",
+        "apple_connection_profile_with_app_password": "",
+        "attribute": "",
+        "clear_recent_successful_connections": "",
+        "created_on": "",
+        "direct_protocol_access": "",
+        "email_and_dav": "",
+        "fido2_webauthn": "",
+        "last_mail_login": "",
+        "last_pw_change": "",
+        "no_last_login": "",
+        "open_logs": "",
+        "open_webmail_sso": "",
+        "password": "",
+        "password_repeat": "",
+        "pushover_evaluate_x_prio": "",
+        "pushover_info": "",
+        "pushover_only_x_prio": "",
+        "pushover_sender_array": "",
+        "q_add_header": "",
+        "q_all": "",
+        "q_reject": "",
+        "quarantine_category": "",
+        "quarantine_notification_info": "",
+        "recent_successful_connections": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "waiting": "",
+        "with_app_password": "",
+        "year": "",
+        "years": "",
+        "empty": "",
+        "save": "",
+        "sender_acl_disabled": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "expire_in": "",
+        "app_passwds": "",
+        "text": "",
+        "create_app_passwd": "",
+        "delete_ays": ""
+    },
+    "debug": {
+        "size": "",
+        "started_at": "",
+        "started_on": "",
+        "static_logs": "",
+        "show_ip": "",
+        "solr_dead": "",
+        "solr_status": "",
+        "no_update_available": "",
+        "update_failed": "",
+        "architecture": "",
+        "chart_this_server": "",
+        "container_disabled": "",
+        "log_info": "",
+        "online_users": "",
+        "restart_container": "",
+        "success": "",
+        "system_containers": "",
+        "timezone": "",
+        "uptime": "",
+        "update_available": "",
+        "username": "",
+        "wip": "",
+        "containers_info": "",
+        "container_running": "",
+        "in_memory_logs": "",
+        "jvm_memory_solr": "",
+        "last_modified": "",
+        "logs": "",
+        "memory": "",
+        "service": "",
+        "container_stopped": "",
+        "cores": "",
+        "current_time": "",
+        "disk_usage": "",
+        "docs": "",
+        "error_show_ip": "",
+        "external_logs": "",
+        "history_all_servers": "",
+        "login_time": ""
+    },
+    "oauth2": {
+        "deny": "",
+        "access_denied": "",
+        "authorize_app": "",
+        "permit": "",
+        "profile_desc": "",
+        "scope_ask_permission": "",
+        "profile": ""
+    },
+    "fido2": {
+        "confirm": "",
+        "fido2_auth": "",
+        "fido2_success": "",
+        "fido2_validation_failed": "",
+        "fn": "",
+        "known_ids": "",
+        "none": "",
+        "register_status": "",
+        "set_fido2": "",
+        "set_fido2_touchid": "",
+        "set_fn": "",
+        "start_fido2_validation": "",
+        "rename": ""
+    },
+    "warning": {
+        "quota_exceeded_scope": "",
+        "session_token": "",
+        "session_ua": "",
+        "no_active_admin": "",
+        "cannot_delete_self": "",
+        "domain_added_sogo_failed": "",
+        "dovecot_restart_failed": "",
+        "fuzzy_learn_error": "",
+        "hash_not_found": "",
+        "ip_invalid": "",
+        "is_not_primary_alias": ""
+    },
+    "datatables": {
+        "paginate": {
+            "next": "",
+            "first": "",
+            "last": "",
+            "previous": ""
+        },
+        "collapse_all": "",
+        "emptyTable": "",
+        "infoEmpty": "",
+        "infoFiltered": "",
+        "thousands": "",
+        "lengthMenu": "",
+        "loadingRecords": "",
+        "processing": "",
+        "search": "",
+        "zeroRecords": "",
+        "aria": {
+            "sortAscending": "",
+            "sortDescending": ""
+        },
+        "expand_all": "",
+        "info": "",
+        "decimal": "",
+        "infoPostFix": ""
+    },
+    "diagnostics": {
+        "dns_records_24hours": "",
+        "dns_records_data": "",
+        "dns_records_status": "",
+        "dns_records_type": "",
+        "optional": "",
+        "dns_records_docs": "",
+        "dns_records": "",
+        "cname_from_a": "",
+        "dns_records_name": ""
+    },
+    "ratelimit": {
+        "disabled": "",
+        "second": "",
+        "minute": "",
+        "hour": "",
+        "day": ""
     }
 }
diff --git a/data/web/lang/lang.pt-pt.json b/data/web/lang/lang.pt-pt.json
index 624acd6db..73154dac4 100644
--- a/data/web/lang/lang.pt-pt.json
+++ b/data/web/lang/lang.pt-pt.json
@@ -27,7 +27,57 @@
         "target_address": "Encaminhar para:",
         "target_address_info": "<small>Endereço de email completo (separado por vírgulas).</small>",
         "target_domain": "Domínio de Destino:",
-        "username": "Administrador"
+        "username": "Administrador",
+        "dry": "",
+        "enc_method": "",
+        "exclude": "",
+        "gal": "",
+        "gal_info": "",
+        "generate": "",
+        "goto_ham": "",
+        "goto_spam": "",
+        "hostname": "",
+        "inactive": "",
+        "kind": "",
+        "mailbox_quota_def": "",
+        "mins_interval": "",
+        "multiple_bookings": "",
+        "nexthop": "",
+        "post_domain_add": "",
+        "private_comment": "",
+        "public_comment": "",
+        "sieve_desc": "",
+        "sieve_type": "",
+        "skipcrossduplicates": "",
+        "subscribeall": "",
+        "syncjob": "",
+        "syncjob_hint": "",
+        "tags": "",
+        "timeout1": "",
+        "timeout2": "",
+        "validate": "",
+        "validation_success": "",
+        "activate_filter_warn": "",
+        "add_domain_only": "",
+        "add_domain_restart": "",
+        "app_name": "",
+        "app_password": "",
+        "app_passwd_protocols": "",
+        "automap": "",
+        "bcc_dest_format": "",
+        "comment_info": "",
+        "custom_params": "",
+        "custom_params_hint": "",
+        "delete1": "",
+        "delete2": "",
+        "delete2duplicates": "",
+        "destination": "",
+        "disable_login": "",
+        "domain_matches_hostname": "",
+        "goto_null": "",
+        "relay_transport_info": "",
+        "relay_unknown_only": "",
+        "relayhost_wrapped_tls_info": ""
     },
     "admin": {
         "access": "Acessos",
@@ -58,7 +108,219 @@
         "search_domain_da": "Selecione o(s) domínio(s)",
         "spamfilter": "Filtro de Spam",
         "unchanged_if_empty": "Deixar em branco para não alterar",
-        "username": "Administrador"
+        "username": "Administrador",
+        "lookup_mx": "",
+        "relayhosts": "",
+        "logo_normal_label": "",
+        "logo_dark_label": "",
+        "convert_html_to_text": "",
+        "host": "",
+        "html": "",
+        "import": "",
+        "import_private_key": "",
+        "nexthop": "",
+        "no": "",
+        "sal_level": "",
+        "copy_to_clipboard": "",
+        "cors_settings": "",
+        "customer_id": "",
+        "quarantine_notification_html": "",
+        "rspamd_settings_map": "",
+        "sender": "",
+        "credentials_transport_warning": "",
+        "customize": "",
+        "dkim_from": "",
+        "f2b_ban_time_increment": "",
+        "f2b_blacklist": "",
+        "f2b_filter": "",
+        "f2b_manage_external": "",
+        "f2b_manage_external_info": "",
+        "f2b_max_ban_time": "",
+        "f2b_netban_ipv4": "",
+        "f2b_netban_ipv6": "",
+        "f2b_parameters": "",
+        "f2b_regex_info": "",
+        "f2b_retry_window": "",
+        "f2b_whitelist": "",
+        "forwarding_hosts": "",
+        "forwarding_hosts_add_hint": "",
+        "forwarding_hosts_hint": "",
+        "from": "",
+        "generate": "",
+        "guid": "",
+        "hash_remove_info": "",
+        "help_text": "",
+        "in_use_by": "",
+        "inactive": "",
+        "include_exclude": "",
+        "include_exclude_info": "",
+        "includes": "",
+        "ip_check_opt_in": "",
+        "is_mx_based": "",
+        "last_applied": "",
+        "license_info": "",
+        "link": "",
+        "login_time": "",
+        "logo_info": "",
+        "main_name": "",
+        "merged_vars_hint": "",
+        "message_size": "",
+        "no_active_bans": "",
+        "no_new_rows": "",
+        "oauth2_apps": "",
+        "oauth2_add_client": "",
+        "oauth2_client_id": "",
+        "oauth2_client_secret": "",
+        "oauth2_info": "",
+        "oauth2_redirect_uri": "",
+        "priority": "",
+        "private_key": "",
+        "quarantine": "",
+        "quarantine_bcc": "",
+        "quarantine_exclude_domains": "",
+        "quarantine_max_age": "",
+        "quarantine_max_score": "",
+        "quarantine_max_size": "",
+        "quarantine_notification_sender": "",
+        "quarantine_notification_subject": "",
+        "quota_notification_sender": "",
+        "quota_notification_subject": "",
+        "quota_notifications": "",
+        "quota_notifications_info": "",
+        "quota_notifications_vars": "",
+        "queue_unban": "",
+        "rate_name": "",
+        "recipients": "",
+        "refresh": "",
+        "relayhosts_hint": "",
+        "remove_row": "",
+        "reset_default": "",
+        "reset_limit": "",
+        "routing": "",
+        "rsetting_add_rule": "",
+        "rsetting_content": "",
+        "rsetting_none": "",
+        "rsettings_insert_preset": "",
+        "rsettings_preset_1": "",
+        "rsettings_preset_2": "",
+        "rsettings_preset_3": "",
+        "rsettings_preset_4": "",
+        "rspamd_com_settings": "",
+        "rspamd_global_filters": "",
+        "rspamd_global_filters_agree": "",
+        "rspamd_global_filters_info": "",
+        "rspamd_global_filters_regex": "",
+        "service": "",
+        "service_id": "",
+        "source": "",
+        "subject": "",
+        "success": "",
+        "sys_mails": "",
+        "text": "",
+        "time": "",
+        "title": "",
+        "transport_dest_format": "",
+        "transport_test_rcpt_info": "",
+        "ui_header_announcement_active": "",
+        "ui_header_announcement_content": "",
+        "ui_header_announcement_help": "",
+        "ui_header_announcement_select": "",
+        "ui_header_announcement_type": "",
+        "ui_header_announcement_type_danger": "",
+        "ui_header_announcement_type_info": "",
+        "ui_header_announcement_type_warning": "",
+        "ui_texts": "",
+        "unban_pending": "",
+        "validate_license_now": "",
+        "verify": "",
+        "yes": "",
+        "api_read_write": "",
+        "f2b_list_info": "",
+        "f2b_max_attempts": "",
+        "activate_api": "",
+        "activate_send": "",
+        "active_rspamd_settings_map": "",
+        "add_admin": "",
+        "add_forwarding_host": "",
+        "add_relayhost": "",
+        "add_relayhost_hint": "",
+        "allowed_methods": "",
+        "allowed_origins": "",
+        "api_allow_from": "",
+        "api_info": "",
+        "api_read_only": "",
+        "api_skip_ip_check": "",
+        "app_links": "",
+        "app_name": "",
+        "apps_name": "",
+        "arrival_time": "",
+        "authed_user": "",
+        "ays": "",
+        "ban_list_info": "",
+        "change_logo": "",
+        "regen_api_key": "",
+        "regex_maps": "",
+        "relay_from": "",
+        "relay_rcpt": "",
+        "relay_run": "",
+        "transports_hint": "",
+        "ui_footer": "",
+        "ui_header_announcement": "",
+        "dkim_domains_wo_keys": "",
+        "ip_check": "",
+        "message": "",
+        "oauth2_renew_secret": "",
+        "oauth2_revoke_tokens": "",
+        "optional": "",
+        "options": "",
+        "password_length": "",
+        "password_policy": "",
+        "password_policy_chars": "",
+        "password_policy_length": "",
+        "password_policy_lowerupper": "",
+        "password_policy_numbers": "",
+        "password_policy_special_chars": "",
+        "title_name": "",
+        "to_top": "",
+        "transport_maps": "",
+        "upload": "",
+        "ip_check_disabled": "",
+        "duplicate_dkim": "",
+        "empty": "",
+        "excludes": "",
+        "f2b_ban_time": "",
+        "destination": "",
+        "dkim_domains_selector": "",
+        "dkim_from_title": "",
+        "dkim_key_missing": "",
+        "dkim_key_unused": "",
+        "dkim_key_valid": "",
+        "dkim_overwrite_key": "",
+        "dkim_private_key": "",
+        "dkim_to": "",
+        "dkim_to_title": "",
+        "domain_admin": "",
+        "domain_s": "",
+        "duplicate": "",
+        "guid_and_license": "",
+        "send": "",
+        "rsetting_desc": "",
+        "rsetting_no_selection": "",
+        "add_row": "",
+        "add_settings_rule": "",
+        "add_transport": "",
+        "add_transports_hint": "",
+        "additional_rows": "",
+        "admins": "",
+        "admins_ldap": "",
+        "advanced_settings": "",
+        "api_key": "",
+        "quarantine_redirect": "",
+        "quarantine_release_format": "",
+        "quarantine_release_format_att": "",
+        "quarantine_release_format_raw": "",
+        "quarantine_retention_size": "",
+        "quota_notification_html": ""
     },
     "danger": {
         "access_denied": "Acesso negado ou dados inválidos",
@@ -97,7 +359,99 @@
         "target_domain_invalid": "O endereço de Domínio Destino é inválido",
         "targetd_not_found": "Domínio de Destino não encontrado",
         "username_invalid": "Nome de utilizador inválido",
-        "validity_missing": "Você deve definir um período de validade"
+        "validity_missing": "Você deve definir um período de validade",
+        "ip_list_empty": "",
+        "redis_error": "",
+        "targetd_relay_domain": "",
+        "unknown": "",
+        "app_passwd_id_invalid": "",
+        "tls_policy_map_entry_exists": "",
+        "img_invalid": "",
+        "demo_mode_enabled": "",
+        "description_invalid": "",
+        "webauthn_username_failed": "",
+        "bcc_empty": "",
+        "bcc_exists": "",
+        "bcc_must_be_email": "",
+        "comment_too_long": "",
+        "cors_invalid_method": "",
+        "cors_invalid_origin": "",
+        "defquota_empty": "",
+        "dkim_domain_or_sel_exists": "",
+        "domain_cannot_match_hostname": "",
+        "extended_sender_acl_denied": "",
+        "extra_acl_invalid": "",
+        "extra_acl_invalid_domain": "",
+        "fido2_verification_failed": "",
+        "file_open_error": "",
+        "filter_type": "",
+        "from_invalid": "",
+        "global_filter_write_error": "",
+        "global_map_invalid": "",
+        "global_map_write_error": "",
+        "ham_learn_error": "",
+        "imagick_exception": "",
+        "mysql_error": "",
+        "unknown_tfa_method": "",
+        "maxquota_empty": "",
+        "img_dimensions_exceeded": "",
+        "img_size_exceeded": "",
+        "img_tmp_missing": "",
+        "invalid_bcc_map_type": "",
+        "invalid_destination": "",
+        "invalid_filter_type": "",
+        "invalid_host": "",
+        "invalid_nexthop_authenticated": "",
+        "invalid_recipient_map_old": "",
+        "mailbox_defquota_exceeds_mailbox_maxquota": "",
+        "malformed_username": "",
+        "map_content_empty": "",
+        "max_alias_exceeded": "",
+        "network_host_invalid": "",
+        "next_hop_interferes": "",
+        "next_hop_interferes_any": "",
+        "nginx_reload_failed": "",
+        "no_user_defined": "",
+        "policy_list_from_exists": "",
+        "policy_list_from_invalid": "",
+        "private_key_error": "",
+        "pushover_credentials_missing": "",
+        "pushover_key": "",
+        "pushover_token": "",
+        "recipient_map_entry_exists": "",
+        "relayhost_invalid": "",
+        "reset_f2b_regex": "",
+        "resource_invalid": "",
+        "rl_timeframe": "",
+        "rspamd_ui_pw_length": "",
+        "script_empty": "",
+        "set_acl_failed": "",
+        "settings_map_invalid": "",
+        "sieve_error": "",
+        "spam_learn_error": "",
+        "subject_empty": "",
+        "template_exists": "",
+        "template_id_invalid": "",
+        "template_name_invalid": "",
+        "temp_error": "",
+        "text_empty": "",
+        "tfa_token_invalid": "",
+        "tls_policy_map_dest_invalid": "",
+        "tls_policy_map_parameter_invalid": "",
+        "totp_verification_failed": "",
+        "webauthn_verification_failed": "",
+        "webauthn_authenticator_failed": "",
+        "webauthn_publickey_failed": "",
+        "unlimited_quota_acl": "",
+        "value_missing": "",
+        "release_send_failed": "",
+        "last_key": "",
+        "app_name_empty": "",
+        "invalid_mime_type": "",
+        "invalid_nexthop": "",
+        "invalid_recipient_map_new": "",
+        "yotp_verification_failed": "",
+        "transport_dest_exists": ""
     },
     "edit": {
         "active": "Ativo",
@@ -129,25 +483,147 @@
         "target_domain": "Domínio de Destino:",
         "title": "Editar dos Objetos",
         "unchanged_if_empty": "Deixar em branco para não modificar",
-        "username": "Administrador"
+        "username": "Administrador",
+        "lookup_mx": "",
+        "footer_exclude": "",
+        "generate": "",
+        "grant_types": "",
+        "hostname": "",
+        "inactive": "",
+        "kind": "",
+        "last_modified": "",
+        "mailbox_quota_def": "",
+        "mailbox_relayhost_info": "",
+        "maxage": "",
+        "maxbytespersecond": "",
+        "domain_footer_skip_replies": "",
+        "encryption": "",
+        "exclude": "",
+        "extended_sender_acl": "",
+        "sieve_desc": "",
+        "sieve_type": "",
+        "skipcrossduplicates": "",
+        "sogo_access": "",
+        "sogo_access_info": "",
+        "sogo_visible": "",
+        "custom_attributes": "",
+        "delete2": "",
+        "delete2duplicates": "",
+        "delete_ays": "",
+        "ratelimit": "",
+        "redirect_uri": "",
+        "syncjob": "",
+        "nexthop": "",
+        "domain_footer_info_vars": {
+            "from_user": "",
+            "from_name": "",
+            "from_addr": "",
+            "from_domain": "",
+            "custom": "",
+            "auth_user": ""
+        },
+        "domain_footer_plain": "",
+        "extended_sender_acl_info": "",
+        "force_pw_update": "",
+        "pushover_evaluate_x_prio": "",
+        "domain_footer": "",
+        "domain_footer_html": "",
+        "none_inherit": "",
+        "acl": "",
+        "allow_from_smtp_info": "",
+        "allowed_protocols": "",
+        "app_passwd": "",
+        "app_passwd_protocols": "",
+        "automap": "",
+        "bcc_dest_format": "",
+        "client_id": "",
+        "client_secret": "",
+        "comment_info": "",
+        "created_on": "",
+        "delete1": "",
+        "disable_login": "",
+        "domain_footer_info": "",
+        "force_pw_update_info": "",
+        "mbox_rl_info": "",
+        "mins_interval": "",
+        "multiple_bookings": "",
+        "private_comment": "",
+        "public_comment": "",
+        "pushover": "",
+        "gal": "",
+        "gal_info": "",
+        "pushover_info": "",
+        "pushover_only_x_prio": "",
+        "pushover_sender_array": "",
+        "pushover_sender_regex": "",
+        "pushover_text": "",
+        "pushover_title": "",
+        "pushover_sound": "",
+        "pushover_vars": "",
+        "pushover_verify": "",
+        "quota_warning_bcc": "",
+        "quota_warning_bcc_info": "",
+        "relay_transport_info": "",
+        "relay_unknown_only": "",
+        "relayhost": "",
+        "resource": "",
+        "scope": "",
+        "sender_acl_disabled": "",
+        "sender_acl_info": "",
+        "sogo_visible_info": "",
+        "spam_alias": "",
+        "spam_filter": "",
+        "spam_policy": "",
+        "spam_score": "",
+        "subfolder2": "",
+        "timeout1": "",
+        "timeout2": "",
+        "validate_save": "",
+        "admin": "",
+        "advanced_settings": "",
+        "allow_from_smtp": "",
+        "app_name": ""
     },
     "footer": {
-        "loading": "Aguarde..."
+        "loading": "Aguarde...",
+        "restart_container": "",
+        "delete_these_items": "",
+        "hibp_check": "",
+        "confirm_delete": "",
+        "nothing_selected": "",
+        "restart_container_info": "",
+        "cancel": "",
+        "delete_now": "",
+        "restart_now": "",
+        "restarting_container": "",
+        "hibp_nok": "",
+        "hibp_ok": ""
     },
     "header": {
         "administration": "Administração",
         "email": "E-Mail",
         "mailcow_config": "Configuração",
-        "user_settings": "Configurações do utilizador"
+        "user_settings": "Configurações do utilizador",
+        "debug": "",
+        "mailcow_system": "",
+        "quarantine": "",
+        "restart_netfilter": "",
+        "restart_sogo": "",
+        "apps": ""
     },
     "info": {
-        "no_action": "Nenhuma ação foi definida"
+        "no_action": "Nenhuma ação foi definida",
+        "awaiting_tfa_confirmation": "",
+        "session_expires": ""
     },
     "login": {
         "delayed": "Sua entrada será atrasada por %s segundos.",
         "login": "Entrar",
         "password": "Senha",
-        "username": "Utilizador"
+        "username": "Utilizador",
+        "fido2_webauthn": "",
+        "mobileconfig_info": "",
+        "other_logins": ""
     },
     "mailbox": {
         "action": "Ação",
@@ -186,14 +662,212 @@
         "target_domain": "Domínio Destino",
         "tls_enforce_in": "Forçar TLS na entrada",
         "tls_enforce_out": "Forçar TLS na saída",
-        "username": "Utilizador"
+        "username": "Utilizador",
+        "disable_login": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "disable_x": "",
+        "q_add_header": "",
+        "add_tls_policy_map": "",
+        "address_rewriting": "",
+        "inactive": "",
+        "sieve_preset_header": "",
+        "sogo_visible": "",
+        "sogo_visible_n": "",
+        "sogo_visible_y": "",
+        "spam_aliases": "",
+        "stats": "",
+        "status": "",
+        "sync_jobs": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "table_size": "",
+        "yes": "",
+        "insert_preset": "",
+        "kind": "",
+        "last_mail_login": "",
+        "quarantine_notification": "",
+        "quick_actions": "",
+        "recipient": "",
+        "add_domain_record_first": "",
+        "empty": "",
+        "recipient_map": "",
+        "templates": "",
+        "template": "",
+        "weekly": "",
+        "public_comment": "",
+        "filters": "",
+        "force_pw_update": "",
+        "gal": "",
+        "recipient_map_new_info": "",
+        "recipient_map_old": "",
+        "recipient_map_old_info": "",
+        "relay_unknown": "",
+        "activate": "",
+        "add_alias_expand": "",
+        "add_filter": "",
+        "add_recipient_map_entry": "",
+        "add_resource": "",
+        "add_template": "",
+        "alias_domain_alias_hint": "",
+        "alias_domain_backupmx": "",
+        "all_domains": "",
+        "allow_from_smtp": "",
+        "allowed_protocols": "",
+        "bcc": "",
+        "bcc_destination": "",
+        "bcc_info": "",
+        "bcc_map": "",
+        "bcc_map_type": "",
+        "bcc_maps": "",
+        "bcc_rcpt_map": "",
+        "bcc_sender_map": "",
+        "bcc_to_rcpt": "",
+        "bcc_to_sender": "",
+        "bcc_type": "",
+        "booking_null": "",
+        "booking_0_short": "",
+        "booking_custom": "",
+        "booking_custom_short": "",
+        "booking_ltnull": "",
+        "booking_lt0_short": "",
+        "catch_all": "",
+        "created_on": "",
+        "daily": "",
+        "deactivate": "",
+        "dkim_domains_selector": "",
+        "domain_templates": "",
+        "enable_x": "",
+        "excludes": "",
+        "goto_ham": "",
+        "goto_spam": "",
+        "hourly": "",
+        "last_modified": "",
+        "last_pw_change": "",
+        "last_run": "",
+        "last_run_reset": "",
+        "mailbox": "",
+        "mailbox_defaults": "",
+        "mailbox_defaults_info": "",
+        "mailbox_defquota": "",
+        "mailbox_templates": "",
+        "mins_interval": "",
+        "multiple_bookings": "",
+        "never": "",
+        "no": "",
+        "open_logs": "",
+        "owner": "",
+        "private_comment": "",
+        "q_all": "",
+        "q_reject": "",
+        "quarantine_category": "",
+        "recipient_map_info": "",
+        "recipient_map_new": "",
+        "running": "",
+        "sender": "",
+        "set_postfilter": "",
+        "set_prefilter": "",
+        "sieve_info": "",
+        "sieve_preset_1": "",
+        "sieve_preset_2": "",
+        "sieve_preset_3": "",
+        "sieve_preset_4": "",
+        "sieve_preset_5": "",
+        "sieve_preset_6": "",
+        "sieve_preset_7": "",
+        "sieve_preset_8": "",
+        "table_size_show_n": "",
+        "tls_map_dest": "",
+        "tls_map_dest_info": "",
+        "tls_map_parameters": "",
+        "tls_map_parameters_info": "",
+        "tls_map_policy": "",
+        "tls_policy_maps": "",
+        "tls_policy_maps_enforced_tls": "",
+        "tls_policy_maps_info": "",
+        "tls_policy_maps_long": "",
+        "toggle_all": "",
+        "waiting": "",
+        "resources": "",
+        "bcc_local_dest": "",
+        "recipient_maps": "",
+        "add_bcc_entry": "",
+        "allow_from_smtp_info": "",
+        "bcc_destinations": ""
     },
     "quarantine": {
         "action": "Ação",
-        "remove": "Remover"
+        "remove": "Remover",
+        "empty": "",
+        "high_danger": "",
+        "medium_danger": "",
+        "danger": "",
+        "info": "",
+        "junk_folder": "",
+        "qinfo": "",
+        "qitem": "",
+        "quarantine": "",
+        "quick_actions": "",
+        "quick_delete_link": "",
+        "quick_info_link": "",
+        "quick_release_link": "",
+        "received": "",
+        "recipients": "",
+        "refresh": "",
+        "spam": "",
+        "atts": "",
+        "learn_spam_delete": "",
+        "check_hash": "",
+        "confirm": "",
+        "confirm_delete": "",
+        "deliver_inbox": "",
+        "disabled_by_config": "",
+        "download_eml": "",
+        "low_danger": "",
+        "neutral_danger": "",
+        "notified": "",
+        "qhandler_success": "",
+        "qid": "",
+        "rcpt": "",
+        "rejected": "",
+        "release": "",
+        "release_body": "",
+        "release_subject": "",
+        "rewrite_subject": "",
+        "rspamd_result": "",
+        "sender": "",
+        "sender_header": "",
+        "settings_info": "",
+        "show_item": "",
+        "spam_score": "",
+        "subj": "",
+        "table_size_show_n": "",
+        "text_from_html_content": "",
+        "text_plain_content": "",
+        "toggle_all": "",
+        "type": "",
+        "table_size": ""
     },
     "queue": {
-        "queue_manager": "Queue Manager"
+        "queue_manager": "Queue Manager",
+        "delete": "",
+        "flush": "",
+        "info": "",
+        "legend": "",
+        "ays": "",
+        "deliver_mail": "",
+        "deliver_mail_legend": "",
+        "hold_mail": "",
+        "hold_mail_legend": "",
+        "show_message": "",
+        "unban": "",
+        "unhold_mail": "",
+        "unhold_mail_legend": ""
     },
     "start": {
         "help": "Mostrar/Ocultar painel de ajuda",
@@ -220,7 +894,72 @@
         "mailbox_added": "Conta %s adicionada com sucesso",
         "mailbox_modified": "A conta %s foi alterada com sucesso",
         "mailbox_removed": "Conta %s removida com sucesso",
-        "resource_modified": "A conta %s foi alterada com sucesso"
+        "resource_modified": "A conta %s foi alterada com sucesso",
+        "forwarding_host_added": "",
+        "upload_success": "",
+        "verified_totp_login": "",
+        "verified_webauthn_login": "",
+        "verified_yotp_login": "",
+        "verified_fido2_login": "",
+        "nginx_reloaded": "",
+        "hash_deleted": "",
+        "object_modified": "",
+        "password_policy_saved": "",
+        "pushover_settings_edited": "",
+        "qlearn_spam": "",
+        "queue_command_success": "",
+        "recipient_map_entry_deleted": "",
+        "recipient_map_entry_saved": "",
+        "relayhost_added": "",
+        "relayhost_removed": "",
+        "tls_policy_map_entry_saved": "",
+        "ui_texts": "",
+        "delete_filter": "",
+        "acl_saved": "",
+        "admin_added": "",
+        "admin_api_modified": "",
+        "admin_removed": "",
+        "app_links": "",
+        "app_passwd_added": "",
+        "app_passwd_removed": "",
+        "bcc_deleted": "",
+        "bcc_edited": "",
+        "bcc_saved": "",
+        "cors_headers_edited": "",
+        "db_init_complete": "",
+        "delete_filters": "",
+        "deleted_syncjob": "",
+        "deleted_syncjobs": "",
+        "domain_add_dkim_available": "",
+        "dkim_duplicated": "",
+        "domain_footer_modified": "",
+        "dovecot_restart_success": "",
+        "eas_reset": "",
+        "f2b_banlist_refreshed": "",
+        "f2b_modified": "",
+        "forwarding_host_removed": "",
+        "global_filter_written": "",
+        "ip_check_opt_in_modified": "",
+        "item_deleted": "",
+        "item_released": "",
+        "items_deleted": "",
+        "items_released": "",
+        "learned_ham": "",
+        "license_modified": "",
+        "logged_in_as": "",
+        "reset_main_logo": "",
+        "resource_added": "",
+        "resource_removed": "",
+        "rl_saved": "",
+        "rspamd_ui_pw_set": "",
+        "saved_settings": "",
+        "settings_map_added": "",
+        "sogo_profile_reset": "",
+        "template_added": "",
+        "template_modified": "",
+        "template_removed": "",
+        "tls_policy_map_entry_deleted": "",
+        "settings_map_removed": ""
     },
     "user": {
         "action": "Ação",
@@ -270,6 +1009,301 @@
         "user_settings": "Configurações do utilizador",
         "username": "Administrador",
         "week": "Semana",
-        "weeks": "Semanas"
+        "weeks": "Semanas",
+        "clear_recent_successful_connections": "",
+        "created_on": "",
+        "q_add_header": "",
+        "q_all": "",
+        "change_password_hint_app_passwords": "",
+        "password_repeat": "",
+        "pushover_evaluate_x_prio": "",
+        "tag_in_subject": "",
+        "app_name": "",
+        "years": "",
+        "value": "",
+        "encryption": "",
+        "excludes": "",
+        "expire_in": "",
+        "fido2_webauthn": "",
+        "from": "",
+        "generate": "",
+        "hourly": "",
+        "direct_aliases": "",
+        "email_and_dav": "",
+        "attribute": "",
+        "app_hint": "",
+        "direct_aliases_desc": "",
+        "direct_protocol_access": "",
+        "eas_reset": "",
+        "eas_reset_help": "",
+        "eas_reset_now": "",
+        "email": "",
+        "empty": "",
+        "in_use": "",
+        "interval": "",
+        "is_catch_all": "",
+        "last_mail_login": "",
+        "last_pw_change": "",
+        "open_logs": "",
+        "open_webmail_sso": "",
+        "password": "",
+        "active_sieve": "",
+        "advanced_settings": "",
+        "aliases_also_send_as": "",
+        "allowed_protocols": "",
+        "apple_connection_profile": "",
+        "apple_connection_profile_complete": "",
+        "apple_connection_profile_mailonly": "",
+        "apple_connection_profile_with_app_password": "",
+        "client_configuration": "",
+        "create_app_passwd": "",
+        "create_syncjob": "",
+        "daily": "",
+        "delete_ays": "",
+        "force_pw_update": "",
+        "last_run": "",
+        "last_ui_login": "",
+        "loading": "",
+        "login_history": "",
+        "mailbox": "",
+        "mailbox_general": "",
+        "mailbox_settings": "",
+        "messages": "",
+        "month": "",
+        "months": "",
+        "never": "",
+        "no_active_filter": "",
+        "no_last_login": "",
+        "pushover_info": "",
+        "pushover_only_x_prio": "",
+        "pushover_sender_array": "",
+        "pushover_sender_regex": "",
+        "pushover_text": "",
+        "pushover_title": "",
+        "pushover_sound": "",
+        "pushover_vars": "",
+        "pushover_verify": "",
+        "q_reject": "",
+        "quarantine_category": "",
+        "quarantine_category_info": "",
+        "quarantine_notification": "",
+        "quarantine_notification_info": "",
+        "recent_successful_connections": "",
+        "running": "",
+        "save": "",
+        "sender_acl_disabled": "",
+        "shared_aliases": "",
+        "shared_aliases_desc": "",
+        "show_sieve_filters": "",
+        "sogo_profile_reset": "",
+        "sogo_profile_reset_help": "",
+        "sogo_profile_reset_now": "",
+        "spam_score_reset": "",
+        "spamfilter_table_domain_policy": "",
+        "status": "",
+        "sync_jobs": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "tag_handling": "",
+        "tag_help_example": "",
+        "tag_help_explain": "",
+        "tag_in_none": "",
+        "tag_in_subfolder": "",
+        "text": "",
+        "title": "",
+        "verify": "",
+        "waiting": "",
+        "weekly": "",
+        "with_app_password": "",
+        "year": "",
+        "app_passwds": ""
+    },
+    "datatables": {
+        "decimal": "",
+        "infoPostFix": "",
+        "paginate": {
+            "first": "",
+            "last": "",
+            "next": "",
+            "previous": ""
+        },
+        "aria": {
+            "sortAscending": "",
+            "sortDescending": ""
+        },
+        "thousands": "",
+        "loadingRecords": "",
+        "processing": "",
+        "search": "",
+        "collapse_all": "",
+        "emptyTable": "",
+        "expand_all": "",
+        "info": "",
+        "infoEmpty": "",
+        "infoFiltered": "",
+        "lengthMenu": "",
+        "zeroRecords": ""
+    },
+    "debug": {
+        "external_logs": "",
+        "current_time": "",
+        "architecture": "",
+        "cores": "",
+        "chart_this_server": "",
+        "containers_info": "",
+        "container_running": "",
+        "container_disabled": "",
+        "container_stopped": "",
+        "disk_usage": "",
+        "docs": "",
+        "error_show_ip": "",
+        "history_all_servers": "",
+        "timezone": "",
+        "uptime": "",
+        "wip": "",
+        "in_memory_logs": "",
+        "jvm_memory_solr": "",
+        "last_modified": "",
+        "log_info": "",
+        "login_time": "",
+        "logs": "",
+        "memory": "",
+        "online_users": "",
+        "restart_container": "",
+        "service": "",
+        "show_ip": "",
+        "size": "",
+        "solr_dead": "",
+        "solr_status": "",
+        "started_at": "",
+        "started_on": "",
+        "static_logs": "",
+        "success": "",
+        "system_containers": "",
+        "update_available": "",
+        "no_update_available": "",
+        "update_failed": "",
+        "username": ""
+    },
+    "oauth2": {
+        "deny": "",
+        "permit": "",
+        "profile": "",
+        "profile_desc": "",
+        "access_denied": "",
+        "authorize_app": "",
+        "scope_ask_permission": ""
+    },
+    "warning": {
+        "session_ua": "",
+        "ip_invalid": "",
+        "is_not_primary_alias": "",
+        "cannot_delete_self": "",
+        "domain_added_sogo_failed": "",
+        "dovecot_restart_failed": "",
+        "fuzzy_learn_error": "",
+        "hash_not_found": "",
+        "no_active_admin": "",
+        "quota_exceeded_scope": "",
+        "session_token": ""
+    },
+    "tfa": {
+        "webauthn": "",
+        "authenticators": "",
+        "api_register": "",
+        "confirm": "",
+        "confirm_totp_token": "",
+        "delete_tfa": "",
+        "disable_tfa": "",
+        "enter_qr_code": "",
+        "error_code": "",
+        "init_webauthn": "",
+        "key_id": "",
+        "key_id_totp": "",
+        "none": "",
+        "reload_retry": "",
+        "scan_qr_code": "",
+        "select": "",
+        "waiting_usb_auth": "",
+        "yubi_otp": "",
+        "set_tfa": "",
+        "start_webauthn_validation": "",
+        "tfa": "",
+        "tfa_token_invalid": "",
+        "totp": "",
+        "u2f_deprecated": "",
+        "u2f_deprecated_important": "",
+        "waiting_usb_register": ""
+    },
+    "fido2": {
+        "fido2_success": "",
+        "fido2_validation_failed": "",
+        "start_fido2_validation": "",
+        "confirm": "",
+        "fido2_auth": "",
+        "fn": "",
+        "register_status": "",
+        "rename": "",
+        "set_fido2": "",
+        "set_fido2_touchid": "",
+        "set_fn": "",
+        "known_ids": "",
+        "none": ""
+    },
+    "diagnostics": {
+        "optional": "",
+        "dns_records_24hours": "",
+        "dns_records_data": "",
+        "dns_records_name": "",
+        "dns_records_status": "",
+        "dns_records_type": "",
+        "dns_records_docs": "",
+        "cname_from_a": "",
+        "dns_records": ""
+    },
+    "ratelimit": {
+        "disabled": "",
+        "second": "",
+        "minute": "",
+        "hour": "",
+        "day": ""
+    },
+    "acl": {
+        "syncjobs": "",
+        "delimiter_action": "",
+        "domain_desc": "",
+        "domain_relayhost": "",
+        "eas_reset": "",
+        "extend_sender_acl": "",
+        "login_as": "",
+        "mailbox_relayhost": "",
+        "prohibited": "",
+        "protocol_access": "",
+        "pushover": "",
+        "quarantine": "",
+        "quarantine_attachments": "",
+        "quarantine_category": "",
+        "quarantine_notification": "",
+        "recipient_maps": "",
+        "smtp_ip_access": "",
+        "sogo_access": "",
+        "sogo_profile_reset": "",
+        "spam_alias": "",
+        "spam_policy": "",
+        "spam_score": "",
+        "tls_policy": "",
+        "unlimited_quota": "",
+        "ratelimit": "",
+        "alias_domains": "",
+        "app_passwds": "",
+        "bcc_maps": "",
+        "filters": ""
     }
 }
diff --git a/data/web/lang/lang.ro-ro.json b/data/web/lang/lang.ro-ro.json
index 90c96c218..6a7eafa0d 100644
--- a/data/web/lang/lang.ro-ro.json
+++ b/data/web/lang/lang.ro-ro.json
@@ -107,7 +107,8 @@
         "username": "Nume de utilizator",
         "validate": "Validează",
         "validation_success": "Validat cu succes",
-        "tags": "Etichete"
+        "tags": "Etichete",
+        "dry": ""
     },
     "admin": {
         "access": "Acces",
@@ -343,7 +344,14 @@
         "ip_check_disabled": "Verificarea IP este dezactivată. Puteţi activa la<br> <strong>Sistem > Configuraţie > Opţiuni > Personalizează</strong>",
         "ip_check_opt_in": "Alegeţi să folosiţi servicile <strong>ipv4.mailcow.email</strong> şi <strong>ipv6.mailcow.email</strong> să rezolvaţi addrese IP externale.",
         "options": "Opţiuni",
-        "queue_unban": "retractează interzicere"
+        "queue_unban": "retractează interzicere",
+        "logo_normal_label": "",
+        "logo_dark_label": "",
+        "allowed_methods": "",
+        "copy_to_clipboard": "",
+        "f2b_manage_external": "",
+        "f2b_manage_external_info": "",
+        "allowed_origins": ""
     },
     "danger": {
         "access_denied": "Accesul a fost respins sau datele formularului sunt invalide",
@@ -471,7 +479,10 @@
         "extended_sender_acl_denied": "lipseşte ACL pentru setarea adrese externe",
         "template_exists": "Şablon %s deja există",
         "template_id_invalid": "Şablon ID %s este invalid",
-        "template_name_invalid": "Nume de şablon este invalid"
+        "template_name_invalid": "Nume de şablon este invalid",
+        "cors_invalid_origin": "",
+        "img_dimensions_exceeded": "",
+        "img_size_exceeded": ""
     },
     "debug": {
         "chart_this_server": "Grafic (acest server)",
@@ -498,7 +509,21 @@
         "success": "Succes",
         "system_containers": "Sistem și Containere",
         "uptime": "Timp de funcționare",
-        "username": "Utilizator"
+        "username": "Utilizator",
+        "architecture": "",
+        "container_running": "",
+        "show_ip": "",
+        "wip": "",
+        "error_show_ip": "",
+        "memory": "",
+        "timezone": "",
+        "update_available": "",
+        "no_update_available": "",
+        "update_failed": "",
+        "container_disabled": "",
+        "container_stopped": "",
+        "cores": "",
+        "current_time": ""
     },
     "diagnostics": {
         "cname_from_a": "Valoare derivată din înregistrarea A/AAAA. Acest lucru este acceptat atâta timp cât înregistrarea indică resursele corecte.",
@@ -624,7 +649,23 @@
         "title": "Editează obiectul",
         "unchanged_if_empty": "Dacă rămâne neschimbat se lasă necompletat",
         "username": "Nume de utilizator",
-        "validate_save": "Validează și salvează"
+        "validate_save": "Validează și salvează",
+        "footer_exclude": "",
+        "domain_footer_skip_replies": "",
+        "custom_attributes": "",
+        "domain_footer_info_vars": {
+            "custom": "",
+            "auth_user": "",
+            "from_user": "",
+            "from_name": "",
+            "from_addr": "",
+            "from_domain": ""
+        },
+        "domain_footer": "",
+        "domain_footer_html": "",
+        "domain_footer_info": "",
+        "domain_footer_plain": "",
+        "pushover_sound": ""
     },
     "fido2": {
         "set_fn": "Setați un nume prietenos",
@@ -665,7 +706,8 @@
         "quarantine": "Carantină",
         "restart_netfilter": "Repornire netfilter",
         "restart_sogo": "Repornire SOGo",
-        "user_settings": "Setări utilizator"
+        "user_settings": "Setări utilizator",
+        "mailcow_system": ""
     },
     "info": {
         "awaiting_tfa_confirmation": "În așteptarea confirmării TFA",
@@ -848,7 +890,13 @@
         "username": "Nume de utilizator",
         "waiting": "Aşteptare",
         "weekly": "Săptămânal",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "mailbox_templates": "",
+        "template": "",
+        "templates": "",
+        "add_template": "",
+        "domain_templates": "",
+        "relay_unknown": ""
     },
     "oauth2": {
         "access_denied": "Conectează-te ca proprietar al cutiei poștale pentru a acorda acces prin OAuth2.",
@@ -913,7 +961,20 @@
         "toggle_all": "Comută toate"
     },
     "queue": {
-        "queue_manager": "Manager de coadă"
+        "queue_manager": "Manager de coadă",
+        "deliver_mail_legend": "",
+        "hold_mail": "",
+        "hold_mail_legend": "",
+        "show_message": "",
+        "unban": "",
+        "unhold_mail": "",
+        "unhold_mail_legend": "",
+        "delete": "",
+        "flush": "",
+        "ays": "",
+        "deliver_mail": "",
+        "info": "",
+        "legend": ""
     },
     "ratelimit": {
         "disabled": "Dezactivat",
@@ -1005,7 +1066,14 @@
         "verified_webauthn_login": "Autentificarea WebAuthn verificată",
         "verified_fido2_login": "Conectare FIDO2 verificată",
         "verified_yotp_login": "Autentificarea Yubico OTP verificată",
-        "domain_add_dkim_available": "O cheie DKIM deja a existat"
+        "domain_add_dkim_available": "O cheie DKIM deja a existat",
+        "domain_footer_modified": "",
+        "f2b_banlist_refreshed": "",
+        "ip_check_opt_in_modified": "",
+        "cors_headers_edited": "",
+        "template_added": "",
+        "template_modified": "",
+        "template_removed": ""
     },
     "tfa": {
         "api_register": "%s utilizează API-ul Yubico Cloud. Obțineți o cheie API pentru cheia dvs. de <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">aici</a>",
@@ -1030,7 +1098,10 @@
         "webauthn": "Autentificare WebAuthn",
         "waiting_usb_auth": "<i>În așteptarea dispozitivului USB...</i><br><br>Apasă acum butonul de pe dispozitivul tău USB WebAuthn.",
         "waiting_usb_register": "<i>În așteptarea dispozitivului USB...</i><br><br>Introdu parola ta mai sus și confirmă înregistrarea ta WebAuthn atingând butonul de pe dispozitivul tău USB WebAuthn.",
-        "yubi_otp": "Autentificare Yubico OTP"
+        "yubi_otp": "Autentificare Yubico OTP",
+        "authenticators": "",
+        "u2f_deprecated_important": "",
+        "u2f_deprecated": ""
     },
     "user": {
         "action": "Acțiune",
@@ -1191,7 +1262,10 @@
         "weeks": "săptămâni",
         "with_app_password": "cu parola aplicație",
         "year": "an",
-        "years": "ani"
+        "years": "ani",
+        "attribute": "",
+        "pushover_sound": "",
+        "value": ""
     },
     "warning": {
         "cannot_delete_self": "Nu se poate șterge utilizatorul conectat",
@@ -1208,6 +1282,28 @@
     },
     "datatables": {
         "expand_all": "Expandează tot",
-        "decimal": ","
+        "decimal": ",",
+        "infoPostFix": "",
+        "emptyTable": "",
+        "thousands": "",
+        "info": "",
+        "infoEmpty": "",
+        "infoFiltered": "",
+        "lengthMenu": "",
+        "loadingRecords": "",
+        "processing": "",
+        "search": "",
+        "zeroRecords": "",
+        "paginate": {
+            "first": "",
+            "last": "",
+            "next": "",
+            "previous": ""
+        },
+        "aria": {
+            "sortAscending": "",
+            "sortDescending": ""
+        },
+        "collapse_all": ""
     }
 }
diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index db52dceda..9fa442e80 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -348,7 +348,10 @@
         "ip_check_opt_in": "Согласие на использование сторонних служб <strong>ipv4.mailcow.email</strong> и <strong>ipv6.mailcow.email</strong> для разрешения внешних IP-адресов.",
         "f2b_manage_external": "Внешнее управление Fail2Ban",
         "f2b_manage_external_info": "Fail2ban по-прежнему будет вести банлист, но не будет активно устанавливать правила для блокировки трафика. Используйте сгенерированный ниже банлист для внешнего блокирования трафика.",
-        "copy_to_clipboard": "Текст скопирован в буфер обмена!"
+        "copy_to_clipboard": "Текст скопирован в буфер обмена!",
+        "logo_normal_label": "",
+        "logo_dark_label": "",
+        "options": ""
     },
     "danger": {
         "access_denied": "Доступ запрещён, или указаны неверные данные",
@@ -470,7 +473,16 @@
         "yotp_verification_failed": "Ошибка валидации Yubico OTP: %s",
         "cors_invalid_method": "Указан недопустимый метод разрешения",
         "demo_mode_enabled": "Демонстрационный режим включен",
-        "cors_invalid_origin": "Указан неверный Allow-Origin"
+        "cors_invalid_origin": "Указан неверный Allow-Origin",
+        "webauthn_authenticator_failed": "",
+        "img_dimensions_exceeded": "",
+        "img_size_exceeded": "",
+        "webauthn_publickey_failed": "",
+        "webauthn_username_failed": "",
+        "extended_sender_acl_denied": "",
+        "template_exists": "",
+        "template_id_invalid": "",
+        "template_name_invalid": ""
     },
     "debug": {
         "chart_this_server": "Диаграмма (текущий сервер)",
@@ -497,7 +509,21 @@
         "success": "Успех",
         "system_containers": "Система и контейнеры",
         "uptime": "Время работы",
-        "username": "Имя пользователя"
+        "username": "Имя пользователя",
+        "wip": "",
+        "architecture": "",
+        "container_running": "",
+        "container_disabled": "",
+        "container_stopped": "",
+        "cores": "",
+        "current_time": "",
+        "error_show_ip": "",
+        "memory": "",
+        "show_ip": "",
+        "timezone": "",
+        "update_available": "",
+        "no_update_available": "",
+        "update_failed": ""
     },
     "diagnostics": {
         "cname_from_a": "Значение, полученное из записи A/AAAA. Это поддерживается до тех пор, пока запись указывает на правильный ресурс.",
@@ -636,7 +662,10 @@
         "domain_footer": "Нижний колонтитул домена",
         "domain_footer_html": "HTML нижний колонтитул",
         "domain_footer_plain": "ПРОСТОЙ нижний колонтитул",
-        "custom_attributes": "Пользовательские атрибуты"
+        "custom_attributes": "Пользовательские атрибуты",
+        "domain_footer_skip_replies": "",
+        "pushover_sound": "",
+        "sogo_access": ""
     },
     "fido2": {
         "confirm": "Подтвердить",
@@ -677,7 +706,8 @@
         "quarantine": "Карантин",
         "restart_netfilter": "Перезапустить netfilter",
         "restart_sogo": "Перезапустить SOGo",
-        "user_settings": "Настройки пользователя"
+        "user_settings": "Настройки пользователя",
+        "mailcow_system": ""
     },
     "info": {
         "awaiting_tfa_confirmation": "В ожидании подтверждения TFA",
@@ -860,7 +890,13 @@
         "username": "Имя пользователя",
         "waiting": "В ожидании",
         "weekly": "Раз в неделю",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "domain_templates": "",
+        "add_template": "",
+        "mailbox_templates": "",
+        "relay_unknown": "",
+        "templates": "",
+        "template": ""
     },
     "oauth2": {
         "access_denied": "Пожалуйста, войдите в систему как владелец почтового аккаунта, чтобы получить доступ через OAuth2.",
@@ -925,7 +961,20 @@
         "type": "Тип"
     },
     "queue": {
-        "queue_manager": "Очередь на отправку"
+        "queue_manager": "Очередь на отправку",
+        "delete": "",
+        "info": "",
+        "unhold_mail_legend": "",
+        "flush": "",
+        "legend": "",
+        "ays": "",
+        "deliver_mail": "",
+        "deliver_mail_legend": "",
+        "hold_mail": "",
+        "hold_mail_legend": "",
+        "show_message": "",
+        "unban": "",
+        "unhold_mail": ""
     },
     "ratelimit": {
         "disabled": "Отключен",
@@ -1019,7 +1068,12 @@
         "verified_yotp_login": "Авторизация Yubico OTP пройдена",
         "cors_headers_edited": "Настройки CORS сохранены",
         "domain_footer_modified": "Изменения в нижнем колонтитуле домена %s сохранены",
-        "f2b_banlist_refreshed": "Идентификатор банлиста был успешно обновлен."
+        "f2b_banlist_refreshed": "Идентификатор банлиста был успешно обновлен.",
+        "domain_add_dkim_available": "",
+        "ip_check_opt_in_modified": "",
+        "template_added": "",
+        "template_modified": "",
+        "template_removed": ""
     },
     "tfa": {
         "api_register": "%s использует Yubico Cloud API. Пожалуйста, получите ключ API для вашего ключа <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">здесь</a>",
@@ -1045,7 +1099,9 @@
         "waiting_usb_auth": "<i>Ожидание устройства USB...</i><br><br>Пожалуйста, нажмите кнопку на USB устройстве сейчас.",
         "waiting_usb_register": "<i>Ожидание устройства USB...</i><br><br>Пожалуйста, введите пароль выше и подтвердите регистрацию, нажав кнопку на USB устройстве.",
         "yubi_otp": "Yubico OTP аутентификация",
-        "u2f_deprecated": "Похоже, что ваш ключ был зарегистрирован с использованием устаревшего метода U2F. Мы деактивируем для вас двухфакторную аутентификацию и удалим ваш ключ."
+        "u2f_deprecated": "Похоже, что ваш ключ был зарегистрирован с использованием устаревшего метода U2F. Мы деактивируем для вас двухфакторную аутентификацию и удалим ваш ключ.",
+        "authenticators": "",
+        "u2f_deprecated_important": ""
     },
     "user": {
         "action": "Действия",
@@ -1208,7 +1264,8 @@
         "with_app_password": "с паролем приложения",
         "change_password_hint_app_passwords": "В вашей учетной записи есть {{number_of_app_passwords}} паролей приложений, которые не будут изменены. Чтобы управлять ими, перейдите на вкладку \"Пароли приложений\".",
         "attribute": "Атрибут",
-        "value": "Значение"
+        "value": "Значение",
+        "pushover_sound": ""
     },
     "warning": {
         "cannot_delete_self": "Вы не можете удалить сами себя",
@@ -1226,6 +1283,27 @@
     "datatables": {
         "collapse_all": "Свернуть все",
         "expand_all": "Развернуть все",
-        "infoPostFix": ""
+        "infoPostFix": "",
+        "decimal": "",
+        "thousands": "",
+        "lengthMenu": "",
+        "loadingRecords": "",
+        "processing": "",
+        "search": "",
+        "zeroRecords": "",
+        "paginate": {
+            "last": "",
+            "first": "",
+            "next": "",
+            "previous": ""
+        },
+        "aria": {
+            "sortAscending": "",
+            "sortDescending": ""
+        },
+        "emptyTable": "",
+        "info": "",
+        "infoEmpty": "",
+        "infoFiltered": ""
     }
 }
diff --git a/data/web/lang/lang.si-si.json b/data/web/lang/lang.si-si.json
index 3a424631d..66346925b 100644
--- a/data/web/lang/lang.si-si.json
+++ b/data/web/lang/lang.si-si.json
@@ -107,7 +107,8 @@
         "post_domain_add": "SOGo container \"sogo-mailcow\" mora biti ponovno zagnan po dodajanju nove domene!<br><br>Dodatno se mora preveriti DNS konfiguracija domene. Ko je DNS konfiguracija domene odobrena, ponovno zaženite \"acme-mailcow\" za samodejno generiranje certifikatov za novo domeno (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;).<br>Ta korak je opcijski in se ponovno poskuša vsakih 24 ur.",
         "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Info</div> Definirate lahko preslikave transportov za cilj po meri za to domeno. Če ni nastavljena, se ustvari MX poizvedba.",
         "syncjob_hint": "Pozor! Gesla se morajo shraniti v plain-text!",
-        "timeout2": "Časovna omejitev za povezavo do lokalnega gostitelja"
+        "timeout2": "Časovna omejitev za povezavo do lokalnega gostitelja",
+        "dry": ""
     },
     "admin": {
         "access": "Dostop",
@@ -347,7 +348,10 @@
         "logo_dark_label": "Za temni način",
         "cors_settings": "Nastavitve CORS",
         "allowed_methods": "Dovoljene metode za upravljanje dostopa",
-        "allowed_origins": "Upravljanje-dostopa-Dovoljeni-Viri"
+        "allowed_origins": "Upravljanje-dostopa-Dovoljeni-Viri",
+        "copy_to_clipboard": "",
+        "f2b_manage_external": "",
+        "f2b_manage_external_info": ""
     },
     "danger": {
         "alias_goto_identical": "Alias in goto naslov morata biti identična",
@@ -476,7 +480,9 @@
         "temp_error": "Začasna napaka",
         "cors_invalid_method": "Navedena neveljavna Allow metoda",
         "cors_invalid_origin": "Naveden neveljaven Allow-Origin",
-        "invalid_recipient_map_new": "Naveden neveljaven nov prejemnik: %s"
+        "invalid_recipient_map_new": "Naveden neveljaven nov prejemnik: %s",
+        "img_dimensions_exceeded": "",
+        "img_size_exceeded": ""
     },
     "debug": {
         "containers_info": "Informacije o vsebniku (containerju)",
@@ -511,7 +517,13 @@
         "no_update_available": "Sistem je na najnovejši verziji",
         "update_failed": "Ni mogoče preveriti za posodobitve",
         "username": "Uporabniško ime",
-        "wip": "Trenutno v delu"
+        "wip": "Trenutno v delu",
+        "log_info": "",
+        "login_time": "",
+        "logs": "",
+        "memory": "",
+        "online_users": "",
+        "restart_container": ""
     },
     "datatables": {
         "infoFiltered": "(filtrirano od _MAX_ skupaj zapisov)",
@@ -536,7 +548,8 @@
         "aria": {
             "sortAscending": ": aktivirajte za razvrstitev stolpca naraščajoče",
             "sortDescending": ": aktivirajte za razvrstitev stolpca padajoče"
-        }
+        },
+        "infoPostFix": ""
     },
     "diagnostics": {
         "cname_from_a": "Vrednost pridobljena iz A/AAAA zapisa. To je podprto, če zapis kaže na pravilen resurs.",
@@ -551,6 +564,746 @@
     },
     "edit": {
         "acl": "ACL (Dovoljenje)",
-        "active": "Aktivno"
+        "active": "Aktivno",
+        "maxbytespersecond": "",
+        "footer_exclude": "",
+        "gal_info": "",
+        "inactive": "",
+        "kind": "",
+        "last_modified": "",
+        "lookup_mx": "",
+        "mailbox": "",
+        "mailbox_quota_def": "",
+        "mailbox_relayhost_info": "",
+        "maxage": "",
+        "mins_interval": "",
+        "domain_quota": "",
+        "spam_alias": "",
+        "gal": "",
+        "domain_footer_skip_replies": "",
+        "domains": "",
+        "dont_check_sender_acl": "",
+        "full_name": "",
+        "edit_alias_domain": "",
+        "encryption": "",
+        "exclude": "",
+        "extended_sender_acl": "",
+        "pushover_evaluate_x_prio": "",
+        "pushover_info": "",
+        "pushover": "",
+        "pushover_only_x_prio": "",
+        "pushover_sender_array": "",
+        "spam_filter": "",
+        "skipcrossduplicates": "",
+        "sogo_access": "",
+        "sogo_access_info": "",
+        "sogo_visible": "",
+        "sogo_visible_info": "",
+        "spam_policy": "",
+        "spam_score": "",
+        "subfolder2": "",
+        "syncjob": "",
+        "target_address": "",
+        "title": "",
+        "username": "",
+        "app_name": "",
+        "custom_attributes": "",
+        "delete2": "",
+        "delete2duplicates": "",
+        "generate": "",
+        "grant_types": "",
+        "redirect_uri": "",
+        "domain_footer_plain": "",
+        "extended_sender_acl_info": "",
+        "force_pw_update": "",
+        "force_pw_update_info": "",
+        "mbox_rl_info": "",
+        "multiple_bookings": "",
+        "none_inherit": "",
+        "nexthop": "",
+        "password": "",
+        "domain_footer": "",
+        "domain_footer_html": "",
+        "pushover_sender_regex": "",
+        "alias": "",
+        "max_aliases": "",
+        "max_mailboxes": "",
+        "max_quota": "",
+        "admin": "",
+        "advanced_settings": "",
+        "allow_from_smtp": "",
+        "allow_from_smtp_info": "",
+        "allowed_protocols": "",
+        "app_passwd": "",
+        "app_passwd_protocols": "",
+        "automap": "",
+        "backup_mx_options": "",
+        "bcc_dest_format": "",
+        "client_id": "",
+        "client_secret": "",
+        "comment_info": "",
+        "created_on": "",
+        "delete1": "",
+        "delete_ays": "",
+        "description": "",
+        "disable_login": "",
+        "domain": "",
+        "domain_admin": "",
+        "domain_footer_info": "",
+        "domain_footer_info_vars": {
+            "auth_user": "",
+            "from_user": "",
+            "from_name": "",
+            "from_addr": "",
+            "from_domain": "",
+            "custom": ""
+        },
+        "password_repeat": "",
+        "previous": "",
+        "private_comment": "",
+        "public_comment": "",
+        "pushover_text": "",
+        "pushover_title": "",
+        "pushover_sound": "",
+        "pushover_vars": "",
+        "pushover_verify": "",
+        "quota_mb": "",
+        "quota_warning_bcc": "",
+        "quota_warning_bcc_info": "",
+        "ratelimit": "",
+        "relay_all": "",
+        "relay_all_info": "",
+        "relay_domain": "",
+        "relay_transport_info": "",
+        "relay_unknown_only": "",
+        "relayhost": "",
+        "remove": "",
+        "hostname": "",
+        "resource": "",
+        "save": "",
+        "scope": "",
+        "sender_acl": "",
+        "sender_acl_disabled": "",
+        "sender_acl_info": "",
+        "sieve_desc": "",
+        "sieve_type": "",
+        "target_domain": "",
+        "timeout1": "",
+        "timeout2": "",
+        "unchanged_if_empty": "",
+        "validate_save": ""
+    },
+    "mailbox": {
+        "add_resource": "",
+        "domain_templates": "",
+        "activate": "",
+        "public_comment": "",
+        "set_prefilter": "",
+        "sieve_preset_5": "",
+        "active": "",
+        "add": "",
+        "add_alias": "",
+        "add_alias_expand": "",
+        "add_bcc_entry": "",
+        "bcc_destinations": "",
+        "bcc_local_dest": "",
+        "mailbox_defaults_info": "",
+        "mailbox_defquota": "",
+        "mailbox_templates": "",
+        "multiple_bookings": "",
+        "private_comment": "",
+        "q_add_header": "",
+        "q_all": "",
+        "q_reject": "",
+        "quarantine_category": "",
+        "quarantine_notification": "",
+        "quick_actions": "",
+        "recipient": "",
+        "recipient_map": "",
+        "recipient_map_info": "",
+        "recipient_map_new": "",
+        "recipient_map_new_info": "",
+        "recipient_map_old": "",
+        "recipient_map_old_info": "",
+        "recipient_maps": "",
+        "relay_unknown": "",
+        "running": "",
+        "sender": "",
+        "set_postfilter": "",
+        "sieve_preset_1": "",
+        "sieve_preset_2": "",
+        "sieve_info": "",
+        "sieve_preset_3": "",
+        "sieve_preset_4": "",
+        "sieve_preset_6": "",
+        "sieve_preset_7": "",
+        "sieve_preset_8": "",
+        "sogo_visible": "",
+        "status": "",
+        "target_address": "",
+        "target_domain": "",
+        "template": "",
+        "templates": "",
+        "tls_enforce_in": "",
+        "tls_enforce_out": "",
+        "tls_map_dest_info": "",
+        "tls_map_parameters": "",
+        "tls_map_policy": "",
+        "tls_policy_maps": "",
+        "tls_policy_maps_enforced_tls": "",
+        "tls_policy_maps_long": "",
+        "backup_mx": "",
+        "force_pw_update": "",
+        "gal": "",
+        "last_run": "",
+        "last_run_reset": "",
+        "filter_table": "",
+        "filters": "",
+        "fname": "",
+        "remove": "",
+        "tls_map_dest": "",
+        "add_mailbox": "",
+        "domain_admins": "",
+        "domain_aliases": "",
+        "edit": "",
+        "empty": "",
+        "enable_x": "",
+        "excludes": "",
+        "catch_all": "",
+        "no_record_single": "",
+        "relay_all": "",
+        "action": "",
+        "add_domain": "",
+        "add_domain_alias": "",
+        "add_domain_record_first": "",
+        "add_filter": "",
+        "add_recipient_map_entry": "",
+        "add_template": "",
+        "add_tls_policy_map": "",
+        "address_rewriting": "",
+        "alias": "",
+        "alias_domain_alias_hint": "",
+        "alias_domain_backupmx": "",
+        "aliases": "",
+        "all_domains": "",
+        "allow_from_smtp": "",
+        "allow_from_smtp_info": "",
+        "allowed_protocols": "",
+        "bcc": "",
+        "bcc_destination": "",
+        "bcc_info": "",
+        "bcc_map": "",
+        "bcc_map_type": "",
+        "bcc_maps": "",
+        "bcc_rcpt_map": "",
+        "bcc_sender_map": "",
+        "bcc_to_rcpt": "",
+        "bcc_to_sender": "",
+        "bcc_type": "",
+        "booking_null": "",
+        "booking_0_short": "",
+        "booking_custom": "",
+        "booking_custom_short": "",
+        "booking_ltnull": "",
+        "booking_lt0_short": "",
+        "created_on": "",
+        "daily": "",
+        "deactivate": "",
+        "description": "",
+        "disable_login": "",
+        "disable_x": "",
+        "dkim_domains_selector": "",
+        "dkim_key_length": "",
+        "domain": "",
+        "domain_quota": "",
+        "domain_quota_total": "",
+        "domains": "",
+        "goto_ham": "",
+        "goto_spam": "",
+        "hourly": "",
+        "in_use": "",
+        "inactive": "",
+        "insert_preset": "",
+        "kind": "",
+        "last_mail_login": "",
+        "last_modified": "",
+        "last_pw_change": "",
+        "mailbox": "",
+        "mailbox_defaults": "",
+        "mailbox_quota": "",
+        "mailboxes": "",
+        "max_aliases": "",
+        "max_mailboxes": "",
+        "max_quota": "",
+        "mins_interval": "",
+        "msg_num": "",
+        "never": "",
+        "no": "",
+        "no_record": "",
+        "open_logs": "",
+        "owner": "",
+        "resources": "",
+        "sieve_preset_header": "",
+        "sogo_visible_n": "",
+        "sogo_visible_y": "",
+        "spam_aliases": "",
+        "stats": "",
+        "sync_jobs": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "table_size": "",
+        "table_size_show_n": "",
+        "tls_map_parameters_info": "",
+        "tls_policy_maps_info": "",
+        "toggle_all": "",
+        "username": "",
+        "waiting": "",
+        "weekly": "",
+        "yes": ""
+    },
+    "user": {
+        "login_history": "",
+        "advanced_settings": "",
+        "alias": "",
+        "alias_create_random": "",
+        "alias_extend_all": "",
+        "alias_full_date": "",
+        "alias_remove_all": "",
+        "action": "",
+        "active": "",
+        "active_sieve": "",
+        "alias_select_validity": "",
+        "alias_time_left": "",
+        "alias_valid_until": "",
+        "delete_ays": "",
+        "direct_aliases": "",
+        "email_and_dav": "",
+        "spamfilter_table_rule": "",
+        "spamfilter_wl": "",
+        "verify": "",
+        "waiting": "",
+        "week": "",
+        "weekly": "",
+        "month": "",
+        "months": "",
+        "sogo_profile_reset_now": "",
+        "spam_aliases": "",
+        "spam_score_reset": "",
+        "spamfilter": "",
+        "value": "",
+        "eas_reset_now": "",
+        "remove": "",
+        "text": "",
+        "no_active_filter": "",
+        "no_last_login": "",
+        "spamfilter_bl_desc": "",
+        "spamfilter_default_score": "",
+        "day": "",
+        "never": "",
+        "pushover_verify": "",
+        "tag_handling": "",
+        "edit": "",
+        "last_ui_login": "",
+        "title": "",
+        "tls_enforce_in": "",
+        "tls_enforce_out": "",
+        "tls_policy": "",
+        "tls_policy_warning": "",
+        "aliases_also_send_as": "",
+        "aliases_send_as_all": "",
+        "app_hint": "",
+        "allowed_protocols": "",
+        "app_name": "",
+        "app_passwds": "",
+        "apple_connection_profile": "",
+        "apple_connection_profile_complete": "",
+        "apple_connection_profile_mailonly": "",
+        "apple_connection_profile_with_app_password": "",
+        "attribute": "",
+        "change_password": "",
+        "change_password_hint_app_passwords": "",
+        "clear_recent_successful_connections": "",
+        "client_configuration": "",
+        "create_app_passwd": "",
+        "create_syncjob": "",
+        "created_on": "",
+        "daily": "",
+        "direct_aliases_desc": "",
+        "direct_protocol_access": "",
+        "eas_reset": "",
+        "eas_reset_help": "",
+        "email": "",
+        "empty": "",
+        "encryption": "",
+        "excludes": "",
+        "expire_in": "",
+        "fido2_webauthn": "",
+        "force_pw_update": "",
+        "from": "",
+        "generate": "",
+        "hour": "",
+        "hourly": "",
+        "hours": "",
+        "in_use": "",
+        "interval": "",
+        "is_catch_all": "",
+        "last_mail_login": "",
+        "last_pw_change": "",
+        "last_run": "",
+        "loading": "",
+        "mailbox": "",
+        "mailbox_details": "",
+        "mailbox_general": "",
+        "mailbox_settings": "",
+        "messages": "",
+        "new_password": "",
+        "new_password_repeat": "",
+        "no_record": "",
+        "open_logs": "",
+        "open_webmail_sso": "",
+        "password": "",
+        "password_now": "",
+        "password_repeat": "",
+        "pushover_evaluate_x_prio": "",
+        "pushover_info": "",
+        "pushover_only_x_prio": "",
+        "pushover_sender_array": "",
+        "pushover_sender_regex": "",
+        "pushover_text": "",
+        "pushover_title": "",
+        "pushover_sound": "",
+        "pushover_vars": "",
+        "q_add_header": "",
+        "q_all": "",
+        "q_reject": "",
+        "quarantine_category": "",
+        "quarantine_category_info": "",
+        "quarantine_notification": "",
+        "quarantine_notification_info": "",
+        "recent_successful_connections": "",
+        "running": "",
+        "save": "",
+        "save_changes": "",
+        "sender_acl_disabled": "",
+        "shared_aliases": "",
+        "shared_aliases_desc": "",
+        "show_sieve_filters": "",
+        "sogo_profile_reset": "",
+        "sogo_profile_reset_help": "",
+        "spamfilter_behavior": "",
+        "spamfilter_bl": "",
+        "spamfilter_green": "",
+        "spamfilter_hint": "",
+        "spamfilter_red": "",
+        "spamfilter_table_action": "",
+        "spamfilter_table_add": "",
+        "spamfilter_table_domain_policy": "",
+        "spamfilter_table_empty": "",
+        "spamfilter_table_remove": "",
+        "spamfilter_wl_desc": "",
+        "spamfilter_yellow": "",
+        "status": "",
+        "sync_jobs": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
+        "tag_help_example": "",
+        "tag_help_explain": "",
+        "tag_in_none": "",
+        "tag_in_subfolder": "",
+        "tag_in_subject": "",
+        "user_settings": "",
+        "username": "",
+        "weeks": "",
+        "with_app_password": "",
+        "year": "",
+        "years": ""
+    },
+    "fido2": {
+        "set_fn": "",
+        "rename": "",
+        "set_fido2": "",
+        "set_fido2_touchid": "",
+        "start_fido2_validation": "",
+        "confirm": "",
+        "fido2_auth": "",
+        "fido2_success": "",
+        "fido2_validation_failed": "",
+        "fn": "",
+        "known_ids": "",
+        "none": "",
+        "register_status": ""
+    },
+    "footer": {
+        "cancel": "",
+        "confirm_delete": "",
+        "delete_now": "",
+        "delete_these_items": "",
+        "hibp_check": "",
+        "hibp_nok": "",
+        "hibp_ok": "",
+        "loading": "",
+        "nothing_selected": "",
+        "restart_container": "",
+        "restart_container_info": "",
+        "restart_now": "",
+        "restarting_container": ""
+    },
+    "quarantine": {
+        "qid": "",
+        "quarantine": "",
+        "quick_actions": "",
+        "quick_delete_link": "",
+        "neutral_danger": "",
+        "qitem": "",
+        "download_eml": "",
+        "action": "",
+        "atts": "",
+        "check_hash": "",
+        "confirm": "",
+        "confirm_delete": "",
+        "danger": "",
+        "deliver_inbox": "",
+        "disabled_by_config": "",
+        "empty": "",
+        "high_danger": "",
+        "info": "",
+        "junk_folder": "",
+        "learn_spam_delete": "",
+        "low_danger": "",
+        "medium_danger": "",
+        "notified": "",
+        "qhandler_success": "",
+        "qinfo": "",
+        "quick_info_link": "",
+        "quick_release_link": "",
+        "rcpt": "",
+        "received": "",
+        "recipients": "",
+        "refresh": "",
+        "rejected": "",
+        "release": "",
+        "release_body": "",
+        "release_subject": "",
+        "remove": "",
+        "rewrite_subject": "",
+        "rspamd_result": "",
+        "sender": "",
+        "sender_header": "",
+        "settings_info": "",
+        "show_item": "",
+        "spam": "",
+        "spam_score": "",
+        "subj": "",
+        "table_size": "",
+        "table_size_show_n": "",
+        "text_from_html_content": "",
+        "text_plain_content": "",
+        "toggle_all": "",
+        "type": ""
+    },
+    "ratelimit": {
+        "minute": "",
+        "hour": "",
+        "day": "",
+        "disabled": "",
+        "second": ""
+    },
+    "start": {
+        "help": "",
+        "imap_smtp_server_auth_info": "",
+        "mailcow_panel_detail": "",
+        "mailcow_apps_detail": ""
+    },
+    "queue": {
+        "unhold_mail": "",
+        "unhold_mail_legend": "",
+        "delete": "",
+        "flush": "",
+        "info": "",
+        "legend": "",
+        "deliver_mail": "",
+        "ays": "",
+        "deliver_mail_legend": "",
+        "hold_mail": "",
+        "hold_mail_legend": "",
+        "queue_manager": "",
+        "show_message": "",
+        "unban": ""
+    },
+    "success": {
+        "acl_saved": "",
+        "admin_added": "",
+        "cors_headers_edited": "",
+        "db_init_complete": "",
+        "delete_filter": "",
+        "delete_filters": "",
+        "deleted_syncjob": "",
+        "deleted_syncjobs": "",
+        "dkim_added": "",
+        "domain_add_dkim_available": "",
+        "dkim_duplicated": "",
+        "dkim_removed": "",
+        "domain_added": "",
+        "domain_admin_removed": "",
+        "domain_footer_modified": "",
+        "domain_modified": "",
+        "domain_removed": "",
+        "dovecot_restart_success": "",
+        "f2b_banlist_refreshed": "",
+        "domain_admin_added": "",
+        "domain_admin_modified": "",
+        "f2b_modified": "",
+        "forwarding_host_added": "",
+        "resource_modified": "",
+        "resource_removed": "",
+        "rl_saved": "",
+        "reset_main_logo": "",
+        "resource_added": "",
+        "rspamd_ui_pw_set": "",
+        "saved_settings": "",
+        "settings_map_added": "",
+        "settings_map_removed": "",
+        "sogo_profile_reset": "",
+        "template_added": "",
+        "template_modified": "",
+        "template_removed": "",
+        "tls_policy_map_entry_deleted": "",
+        "eas_reset": "",
+        "mailbox_added": "",
+        "items_deleted": "",
+        "items_released": "",
+        "learned_ham": "",
+        "license_modified": "",
+        "logged_in_as": "",
+        "password_policy_saved": "",
+        "hash_deleted": "",
+        "app_links": "",
+        "admin_api_modified": "",
+        "admin_modified": "",
+        "admin_removed": "",
+        "alias_added": "",
+        "alias_domain_removed": "",
+        "alias_modified": "",
+        "alias_removed": "",
+        "aliasd_added": "",
+        "aliasd_modified": "",
+        "app_passwd_added": "",
+        "app_passwd_removed": "",
+        "bcc_deleted": "",
+        "bcc_edited": "",
+        "bcc_saved": "",
+        "forwarding_host_removed": "",
+        "global_filter_written": "",
+        "ip_check_opt_in_modified": "",
+        "item_deleted": "",
+        "item_released": "",
+        "mailbox_modified": "",
+        "mailbox_removed": "",
+        "nginx_reloaded": "",
+        "object_modified": "",
+        "pushover_settings_edited": "",
+        "qlearn_spam": "",
+        "queue_command_success": "",
+        "recipient_map_entry_deleted": "",
+        "recipient_map_entry_saved": "",
+        "relayhost_added": "",
+        "relayhost_removed": "",
+        "tls_policy_map_entry_saved": "",
+        "ui_texts": "",
+        "upload_success": "",
+        "verified_fido2_login": "",
+        "verified_totp_login": "",
+        "verified_webauthn_login": "",
+        "verified_yotp_login": ""
+    },
+    "tfa": {
+        "webauthn": "",
+        "waiting_usb_register": "",
+        "authenticators": "",
+        "api_register": "",
+        "confirm_totp_token": "",
+        "none": "",
+        "select": "",
+        "yubi_otp": "",
+        "waiting_usb_auth": "",
+        "delete_tfa": "",
+        "disable_tfa": "",
+        "enter_qr_code": "",
+        "error_code": "",
+        "init_webauthn": "",
+        "key_id": "",
+        "confirm": "",
+        "key_id_totp": "",
+        "reload_retry": "",
+        "scan_qr_code": "",
+        "set_tfa": "",
+        "start_webauthn_validation": "",
+        "tfa": "",
+        "tfa_token_invalid": "",
+        "totp": "",
+        "u2f_deprecated": "",
+        "u2f_deprecated_important": ""
+    },
+    "header": {
+        "debug": "",
+        "administration": "",
+        "apps": "",
+        "email": "",
+        "mailcow_system": "",
+        "mailcow_config": "",
+        "quarantine": "",
+        "restart_netfilter": "",
+        "restart_sogo": "",
+        "user_settings": ""
+    },
+    "warning": {
+        "domain_added_sogo_failed": "",
+        "dovecot_restart_failed": "",
+        "fuzzy_learn_error": "",
+        "hash_not_found": "",
+        "ip_invalid": "",
+        "no_active_admin": "",
+        "quota_exceeded_scope": "",
+        "session_token": "",
+        "session_ua": "",
+        "cannot_delete_self": "",
+        "is_not_primary_alias": ""
+    },
+    "info": {
+        "awaiting_tfa_confirmation": "",
+        "no_action": "",
+        "session_expires": ""
+    },
+    "login": {
+        "delayed": "",
+        "fido2_webauthn": "",
+        "login": "",
+        "mobileconfig_info": "",
+        "other_logins": "",
+        "password": "",
+        "username": ""
+    },
+    "oauth2": {
+        "access_denied": "",
+        "authorize_app": "",
+        "deny": "",
+        "permit": "",
+        "profile": "",
+        "profile_desc": "",
+        "scope_ask_permission": ""
     }
 }
diff --git a/data/web/lang/lang.sk-sk.json b/data/web/lang/lang.sk-sk.json
index 466afdb85..ba1ed4926 100644
--- a/data/web/lang/lang.sk-sk.json
+++ b/data/web/lang/lang.sk-sk.json
@@ -342,7 +342,16 @@
         "username": "Prihlasovacie meno",
         "validate_license_now": "Validovať GUID cez licenčný server",
         "verify": "Kontrola",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "queue_unban": "",
+        "allowed_origins": "",
+        "cors_settings": "",
+        "f2b_ban_time_increment": "",
+        "f2b_max_ban_time": "",
+        "copy_to_clipboard": "",
+        "f2b_manage_external": "",
+        "f2b_manage_external_info": "",
+        "allowed_methods": ""
     },
     "danger": {
         "access_denied": "Prístup zamietnutý alebo nesprávne dáta formulára",
@@ -464,7 +473,16 @@
         "username_invalid": "Používateľské meno %s nemôže byť použité",
         "validity_missing": "Zadajte periódu platnosti",
         "value_missing": "Prosím poskytnite všetky hodnoty",
-        "yotp_verification_failed": "Overenie cez OTP Yubico zlyhalo: %s"
+        "yotp_verification_failed": "Overenie cez OTP Yubico zlyhalo: %s",
+        "webauthn_publickey_failed": "",
+        "webauthn_username_failed": "",
+        "webauthn_authenticator_failed": "",
+        "cors_invalid_method": "",
+        "cors_invalid_origin": "",
+        "demo_mode_enabled": "",
+        "img_dimensions_exceeded": "",
+        "img_size_exceeded": "",
+        "extended_sender_acl_denied": ""
     },
     "datatables": {
         "info": "Záznamy _START_ až _END_ z celkom _TOTAL_",
@@ -489,7 +507,8 @@
         "decimal": ",",
         "thousands": " ",
         "collapse_all": "Zbaliť všetko",
-        "expand_all": "Rozbaliť všetko"
+        "expand_all": "Rozbaliť všetko",
+        "infoPostFix": ""
     },
     "debug": {
         "chart_this_server": "Graf (tento server)",
@@ -516,7 +535,21 @@
         "success": "Úspech",
         "system_containers": "Systém & Kontajnery",
         "uptime": "Doba behu",
-        "username": "Používateľské meno"
+        "username": "Používateľské meno",
+        "architecture": "",
+        "error_show_ip": "",
+        "update_failed": "",
+        "show_ip": "",
+        "timezone": "",
+        "update_available": "",
+        "no_update_available": "",
+        "wip": "",
+        "current_time": "",
+        "memory": "",
+        "container_running": "",
+        "container_disabled": "",
+        "container_stopped": "",
+        "cores": ""
     },
     "diagnostics": {
         "cname_from_a": "Hodnota odvodená od A/AAAA záznamu. Toto je podporené len v prípade ak záznam poukazuje na správny zdroj.",
@@ -648,12 +681,17 @@
             "from_domain": "{= from_domain =} - Doména odosielateľa",
             "auth_user": "{= auth_user =} - Prihlasovacie meno odosielateľa",
             "from_user": "{= from_user =}   - Používateľská časť e-mailovej adresy odosielateľa, napr. pre \"moo@mailcow.tld\" vráti \"moo\"",
-            "from_name": "{= from_name =}   - Meno odosielateľa, napr. pre \"Mailcow &lt;moo@mailcow.tld&gt;\" vráti \"Mailcow\""
+            "from_name": "{= from_name =}   - Meno odosielateľa, napr. pre \"Mailcow &lt;moo@mailcow.tld&gt;\" vráti \"Mailcow\"",
+            "custom": ""
         },
         "domain_footer": "Pätička pre celú doménu",
         "domain_footer_html": "HTML text",
         "domain_footer_info": "Pätička pre celú doménu sa pridáva do všetkých odchádzajúcich e-mailov spojených s adresou v rámci tejto domény. <br> Pre pätičku je možné použiť nasledujúce premenné:",
-        "domain_footer_plain": "Obyčajný text"
+        "domain_footer_plain": "Obyčajný text",
+        "footer_exclude": "",
+        "domain_footer_skip_replies": "",
+        "custom_attributes": "",
+        "pushover_sound": ""
     },
     "fido2": {
         "confirm": "Potvrdiť",
@@ -883,7 +921,8 @@
         "username": "Používateľské meno",
         "waiting": "Čakanie",
         "weekly": "Týždenný",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "relay_unknown": ""
     },
     "oauth2": {
         "access_denied": "Prosím prihláste sa ako používateľ mailovej schránky, aby ste mohli získať prístup cez OAuth2.",
@@ -960,7 +999,8 @@
         "unhold_mail": "Uvoľniť",
         "unhold_mail_legend": "Uvoľniť vybrané e-maily na doručenie. (Len v prípade predchádzajúceho podržania)",
         "hold_mail": "Podržať",
-        "hold_mail_legend": "Podržať vybrané e-maily. (Zabráni ďalším pokusom o doručenie)"
+        "hold_mail_legend": "Podržať vybrané e-maily. (Zabráni ďalším pokusom o doručenie)",
+        "unban": ""
     },
     "ratelimit": {
         "disabled": "Vypnuté",
@@ -1055,7 +1095,11 @@
         "verified_totp_login": "Overené TOTP prihlásenie",
         "verified_webauthn_login": "Overené WebAuthn prihlásenie",
         "verified_yotp_login": "Overené Yubico OTP prihlásenie",
-        "domain_footer_modified": "Zmeny v pätičke domény %s boli uložené"
+        "domain_footer_modified": "Zmeny v pätičke domény %s boli uložené",
+        "cors_headers_edited": "",
+        "f2b_banlist_refreshed": "",
+        "ip_check_opt_in_modified": "",
+        "domain_add_dkim_available": ""
     },
     "tfa": {
         "api_register": "%s využíva Yubico Cloud API. Prosím, zaobstarajte si API kľúč pre váš kľúč <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">tu</a>",
@@ -1082,7 +1126,8 @@
         "waiting_usb_register": "<i>Čakanie na USB zariadenie...</i><br><br>Prosím zadajte vaše heslo a potvrďte registráciu stlačením tlačidla na vašom USB zariadení.",
         "yubi_otp": "Yubico OTP autentifikácia",
         "u2f_deprecated_important": "Zaregistrujte si svoj Kľúč v paneli správcu pomocou novej metódy WebAuthn.",
-        "u2f_deprecated": "Zdá sa, že váš kľúč bol zaregistrovaný pomocou zastaranej metódy U2F. Deaktivujeme vám dvojfaktorovú autentifikáciu a odstránime váš Kľúč."
+        "u2f_deprecated": "Zdá sa, že váš kľúč bol zaregistrovaný pomocou zastaranej metódy U2F. Deaktivujeme vám dvojfaktorovú autentifikáciu a odstránime váš Kľúč.",
+        "authenticators": ""
     },
     "user": {
         "action": "Akcia",
@@ -1243,7 +1288,10 @@
         "weeks": "týždne",
         "with_app_password": "s heslom aplikácie",
         "year": "rok",
-        "years": "rokov"
+        "years": "rokov",
+        "value": "",
+        "attribute": "",
+        "pushover_sound": ""
     },
     "warning": {
         "cannot_delete_self": "Nemožno vymazať prihláseného používateľa",
diff --git a/data/web/lang/lang.sv-se.json b/data/web/lang/lang.sv-se.json
index bbf0d9586..13396a6f9 100644
--- a/data/web/lang/lang.sv-se.json
+++ b/data/web/lang/lang.sv-se.json
@@ -106,7 +106,9 @@
         "validate": "Validera",
         "validation_success": "Korrekt validerad",
         "app_passwd_protocols": "Tillåtna protokoll för applösenord",
-        "bcc_dest_format": "BCC-destinationen måste vara en enda giltig e-postadress.<br>Om du behöver skicka en kopia till flera adresser skapar du ett alias och använder det här."
+        "bcc_dest_format": "BCC-destinationen måste vara en enda giltig e-postadress.<br>Om du behöver skicka en kopia till flera adresser skapar du ett alias och använder det här.",
+        "dry": "",
+        "tags": ""
     },
     "admin": {
         "access": "Åtkomst",
@@ -325,7 +327,31 @@
         "username": "Användarnamn",
         "validate_license_now": "Validera installations-ID mot licensservern",
         "verify": "Verifiera",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "allowed_origins": "",
+        "allowed_methods": "",
+        "logo_dark_label": "",
+        "cors_settings": "",
+        "logo_normal_label": "",
+        "ip_check": "",
+        "f2b_ban_time_increment": "",
+        "copy_to_clipboard": "",
+        "f2b_manage_external": "",
+        "f2b_manage_external_info": "",
+        "f2b_max_ban_time": "",
+        "ip_check_disabled": "",
+        "login_time": "",
+        "oauth2_apps": "",
+        "oauth2_add_client": "",
+        "options": "",
+        "api_read_only": "",
+        "ip_check_opt_in": "",
+        "is_mx_based": "",
+        "queue_unban": "",
+        "rsettings_preset_4": "",
+        "service": "",
+        "success": "",
+        "api_read_write": ""
     },
     "danger": {
         "access_denied": "Nekad åtkomst, eller ofullständig/ogiltig data",
@@ -444,7 +470,19 @@
         "username_invalid": "Användarnamnet %s kan inte användas",
         "validity_missing": "Ange en giltighetsperiod",
         "value_missing": "Ange alla värden",
-        "yotp_verification_failed": "Yubico OTP-verifiering misslyckades: %s"
+        "yotp_verification_failed": "Yubico OTP-verifiering misslyckades: %s",
+        "webauthn_authenticator_failed": "",
+        "cors_invalid_method": "",
+        "cors_invalid_origin": "",
+        "img_dimensions_exceeded": "",
+        "img_size_exceeded": "",
+        "webauthn_publickey_failed": "",
+        "webauthn_username_failed": "",
+        "demo_mode_enabled": "",
+        "extended_sender_acl_denied": "",
+        "template_exists": "",
+        "template_id_invalid": "",
+        "template_name_invalid": ""
     },
     "debug": {
         "chart_this_server": "Tabell (denna server)",
@@ -467,7 +505,25 @@
         "uptime": "Upptid",
         "started_on": "Startades",
         "static_logs": "Statiska loggar",
-        "system_containers": "System & behållare"
+        "system_containers": "System & behållare",
+        "success": "",
+        "architecture": "",
+        "login_time": "",
+        "update_available": "",
+        "container_running": "",
+        "container_disabled": "",
+        "container_stopped": "",
+        "cores": "",
+        "current_time": "",
+        "error_show_ip": "",
+        "memory": "",
+        "service": "",
+        "show_ip": "",
+        "timezone": "",
+        "update_failed": "",
+        "username": "",
+        "wip": "",
+        "no_update_available": ""
     },
     "diagnostics": {
         "cname_from_a": "Värde härstammar från A/AAAA-uppslaget. Detta stöds så länge som uppslaget pekar mot rätt resurs.",
@@ -585,7 +641,31 @@
         "title": "Ändra objekt",
         "unchanged_if_empty": "Lämna blakt, om oförändrat",
         "username": "Användarnamn",
-        "validate_save": "Validera och spara"
+        "validate_save": "Validera och spara",
+        "footer_exclude": "",
+        "mailbox_relayhost_info": "",
+        "domain_footer_skip_replies": "",
+        "pushover_sound": "",
+        "custom_attributes": "",
+        "sogo_access": "",
+        "domain_footer": "",
+        "domain_footer_html": "",
+        "domain_footer_info_vars": {
+            "auth_user": "",
+            "from_user": "",
+            "from_name": "",
+            "from_addr": "",
+            "from_domain": "",
+            "custom": ""
+        },
+        "app_passwd_protocols": "",
+        "domain_footer_info": "",
+        "domain_footer_plain": "",
+        "none_inherit": "",
+        "sogo_access_info": "",
+        "pushover": "",
+        "acl": "",
+        "lookup_mx": ""
     },
     "footer": {
         "cancel": "Avbryt",
@@ -598,7 +678,9 @@
         "restart_container": "Starta om kontainer",
         "restart_container_info": "<b>Viktigt:</b> En fullständig omstart kan ta ett tag att slutföra, vänta tills att det är klart.",
         "restart_now": "Starta om nu",
-        "restarting_container": "Startar om kontainern, det kan ta en stund"
+        "restarting_container": "Startar om kontainern, det kan ta en stund",
+        "hibp_check": "",
+        "nothing_selected": ""
     },
     "header": {
         "administration": "Konfiguration & detaljer",
@@ -609,7 +691,8 @@
         "quarantine": "Karantän",
         "restart_netfilter": "Starta om netfilter",
         "restart_sogo": "Starta om SOGo",
-        "user_settings": "Användarinställningar"
+        "user_settings": "Användarinställningar",
+        "mailcow_system": ""
     },
     "info": {
         "awaiting_tfa_confirmation": "Inväntar en TFA-bekräftelse",
@@ -775,7 +858,30 @@
         "username": "Användarnamn",
         "waiting": "Väntar",
         "weekly": "Varje vecka",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "goto_ham": "",
+        "goto_spam": "",
+        "templates": "",
+        "template": "",
+        "add_template": "",
+        "catch_all": "",
+        "all_domains": "",
+        "domain_templates": "",
+        "last_pw_change": "",
+        "mailbox_templates": "",
+        "open_logs": "",
+        "recipient": "",
+        "relay_unknown": "",
+        "sender": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": ""
     },
     "oauth2": {
         "access_denied": "Logga in som ägare av en postlåda för att tilldela åtkomst via OAuth2.",
@@ -840,7 +946,20 @@
         "toggle_all": "Markera alla"
     },
     "queue": {
-        "queue_manager": "Kö-hanteraring"
+        "queue_manager": "Kö-hanteraring",
+        "unban": "",
+        "ays": "",
+        "deliver_mail": "",
+        "deliver_mail_legend": "",
+        "hold_mail": "",
+        "hold_mail_legend": "",
+        "delete": "",
+        "flush": "",
+        "info": "",
+        "legend": "",
+        "show_message": "",
+        "unhold_mail": "",
+        "unhold_mail_legend": ""
     },
     "start": {
         "help": "Visa/dölj hjälppanel",
@@ -924,7 +1043,15 @@
         "verified_totp_login": "Verifierad TOTP inloggning",
         "verified_webauthn_login": "Verifierad WebAuthn inloggning",
         "verified_fido2_login": "Verifierad FIDO2 inloggning",
-        "verified_yotp_login": "Verifierad Yubico OTP inloggning"
+        "verified_yotp_login": "Verifierad Yubico OTP inloggning",
+        "domain_footer_modified": "",
+        "template_added": "",
+        "template_modified": "",
+        "cors_headers_edited": "",
+        "domain_add_dkim_available": "",
+        "f2b_banlist_refreshed": "",
+        "ip_check_opt_in_modified": "",
+        "template_removed": ""
     },
     "tfa": {
         "api_register": "%s använder Yubico Moln-API. Vänligen skaffa en API-nyckel för din nyckel <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">här</a>",
@@ -949,7 +1076,10 @@
         "webauthn": "WebAuthn-autentisering",
         "waiting_usb_auth": "<i>Väntar på USB-enhet...</i><br><br>Tryck på knappen på USB-enheten nu.",
         "waiting_usb_register": "<i>Väntar på USB-enhet...</i><br><br>Vänligen fyll i det övre lösenordsfältet först och tryck sedan på knappen på USB-enheten.",
-        "yubi_otp": "Yubico OTP-autentisering"
+        "yubi_otp": "Yubico OTP-autentisering",
+        "authenticators": "",
+        "u2f_deprecated": "",
+        "u2f_deprecated_important": ""
     },
     "fido2": {
         "set_fn": "Ange ett eget namn",
@@ -963,7 +1093,8 @@
         "start_fido2_validation": "Starta FIDO2 verifiering",
         "fido2_auth": "Loggain med FIDO2",
         "fido2_success": "Enheten har registrerats",
-        "fido2_validation_failed": "Verifiering misslyckades"
+        "fido2_validation_failed": "Verifiering misslyckades",
+        "set_fido2_touchid": ""
     },
     "user": {
         "action": "Åtgärd",
@@ -1097,7 +1228,37 @@
         "weekly": "Varje vecka",
         "weeks": "veckor",
         "year": "år",
-        "years": "år"
+        "years": "år",
+        "empty": "",
+        "pushover_sound": "",
+        "fido2_webauthn": "",
+        "recent_successful_connections": "",
+        "value": "",
+        "with_app_password": "",
+        "attribute": "",
+        "from": "",
+        "allowed_protocols": "",
+        "apple_connection_profile_with_app_password": "",
+        "change_password_hint_app_passwords": "",
+        "clear_recent_successful_connections": "",
+        "direct_protocol_access": "",
+        "last_pw_change": "",
+        "last_ui_login": "",
+        "login_history": "",
+        "mailbox": "",
+        "mailbox_general": "",
+        "mailbox_settings": "",
+        "open_logs": "",
+        "open_webmail_sso": "",
+        "syncjob_check_log": "",
+        "syncjob_last_run_result": "",
+        "syncjob_EX_OK": "",
+        "syncjob_EXIT_CONNECTION_FAILURE": "",
+        "syncjob_EXIT_TLS_FAILURE": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
+        "syncjob_EXIT_OVERQUOTA": "",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": ""
     },
     "warning": {
         "cannot_delete_self": "Inloggade användare kan inte tas bort",
@@ -1111,5 +1272,38 @@
         "quota_exceeded_scope": "Domänkvoten fylld: Endast postlådor med obegränsade kvoter kan skapas på den här domänen.",
         "session_token": "Formulär-nyckeln är ogiltig: Nyckeln matchar inte",
         "session_ua": "Formulär-nyckeln är ogiltig: User-Agenten kunde inte valideras"
+    },
+    "datatables": {
+        "info": "",
+        "expand_all": "",
+        "emptyTable": "",
+        "infoFiltered": "",
+        "infoEmpty": "",
+        "lengthMenu": "",
+        "loadingRecords": "",
+        "processing": "",
+        "search": "",
+        "zeroRecords": "",
+        "paginate": {
+            "first": "",
+            "last": "",
+            "next": "",
+            "previous": ""
+        },
+        "aria": {
+            "sortAscending": "",
+            "sortDescending": ""
+        },
+        "collapse_all": "",
+        "thousands": "",
+        "decimal": "",
+        "infoPostFix": ""
+    },
+    "ratelimit": {
+        "day": "",
+        "disabled": "",
+        "second": "",
+        "minute": "",
+        "hour": ""
     }
 }
diff --git a/data/web/lang/lang.tr-tr.json b/data/web/lang/lang.tr-tr.json
index e7fb623ce..f33f23770 100644
--- a/data/web/lang/lang.tr-tr.json
+++ b/data/web/lang/lang.tr-tr.json
@@ -350,7 +350,8 @@
         "reset_limit": "Hashi kaldır",
         "routing": "Yönlendirme",
         "rsetting_add_rule": "Kural ekle",
-        "rsetting_content": "Kural içeriği"
+        "rsetting_content": "Kural içeriği",
+        "add": ""
     },
     "warning": {
         "cannot_delete_self": "Cannot delete logged in user",
@@ -388,7 +389,8 @@
         "loadingRecords": "Yükleniyor...",
         "processing": "Lütfen bekleyin...",
         "search": "Ara:",
-        "zeroRecords": "Eşleşen kayıt bulunamadı"
+        "zeroRecords": "Eşleşen kayıt bulunamadı",
+        "infoPostFix": ""
     },
     "edit": {
         "inactive": "Pasif",
diff --git a/data/web/lang/lang.uk-ua.json b/data/web/lang/lang.uk-ua.json
index 731224642..fbb892f04 100644
--- a/data/web/lang/lang.uk-ua.json
+++ b/data/web/lang/lang.uk-ua.json
@@ -349,7 +349,9 @@
         "queue_unban": "розблокувати",
         "f2b_manage_external": "Керування Fail2Ban ззовні",
         "f2b_manage_external_info": "Fail2ban буде підтримувати список заборонених, але не буде активно встановлювати правила для блокування трафіку. Використовуйте згенерований список заборон нижче для зовнішнього блокування трафіку.",
-        "copy_to_clipboard": "Текст скопійовано в буфер обміну!"
+        "copy_to_clipboard": "Текст скопійовано в буфер обміну!",
+        "logo_normal_label": "",
+        "logo_dark_label": ""
     },
     "danger": {
         "alias_domain_invalid": "Неприпустимий псевдонім домену: %s",
@@ -478,7 +480,9 @@
         "extended_sender_acl_denied": "відсутній ACL для встановлення зовнішніх адрес відправників",
         "template_exists": "Шаблон %s вже існує",
         "template_id_invalid": "Ідентифікатор шаблону %s недійсний",
-        "template_name_invalid": "Ім'я шаблону невірне"
+        "template_name_invalid": "Ім'я шаблону невірне",
+        "img_dimensions_exceeded": "",
+        "img_size_exceeded": ""
     },
     "debug": {
         "chart_this_server": "Діаграма (цей сервер)",
@@ -660,7 +664,8 @@
         },
         "domain_footer_html": "Нижній колонтитул HTML",
         "domain_footer_plain": "ЗВИЧАЙНИЙ нижній колонтитул",
-        "custom_attributes": "Користувацькі атрибути"
+        "custom_attributes": "Користувацькі атрибути",
+        "domain_footer_skip_replies": ""
     },
     "fido2": {
         "confirm": "Підтвердити",
@@ -1067,7 +1072,8 @@
         "cors_headers_edited": "Налаштування CORS збережено",
         "ip_check_opt_in_modified": "Перевірка IP-адреси успішно збережено",
         "template_removed": "Шаблону із ID %s видалено",
-        "f2b_banlist_refreshed": "Ідентифікатор списку заборонених успішно оновлено."
+        "f2b_banlist_refreshed": "Ідентифікатор списку заборонених успішно оновлено.",
+        "domain_footer_modified": ""
     },
     "tfa": {
         "confirm": "Підтвердьте",
@@ -1094,7 +1100,8 @@
         "set_tfa": "Встановити метод двофакторної перевірки",
         "u2f_deprecated": "Схоже, ваш ключ був зареєстрований за допомогою застарілого методу U2F. Ми дезактивуємо двофакторну автентифікацію для вас і видалимо ваш ключ.",
         "waiting_usb_auth": "<i>Очікування пристрою USB...</i><br><br>Будь ласка, натисніть зараз кнопку на USB пристрої.",
-        "waiting_usb_register": "<i>Очікування USB-пристрою...</i><br><br>Будь ласка, введіть пароль вище та підтвердіть реєстрацію, натиснувши кнопку на USB пристрої."
+        "waiting_usb_register": "<i>Очікування USB-пристрою...</i><br><br>Будь ласка, введіть пароль вище та підтвердіть реєстрацію, натиснувши кнопку на USB пристрої.",
+        "authenticators": ""
     },
     "user": {
         "action": "Дії",
diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index 0d660c189..1f7b9cf99 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -107,7 +107,8 @@
         "timeout2": "本地主机连接超时时间",
         "username": "用户名",
         "validate": "验证",
-        "validation_success": "验证成功"
+        "validation_success": "验证成功",
+        "dry": ""
     },
     "admin": {
         "access": "权限管理",
@@ -338,7 +339,19 @@
         "yes": "&#10003;",
         "options": "选项",
         "f2b_max_ban_time": "最长封禁时间（秒）",
-        "copy_to_clipboard": "复制到粘贴板"
+        "copy_to_clipboard": "复制到粘贴板",
+        "allowed_methods": "",
+        "allowed_origins": "",
+        "logo_dark_label": "",
+        "logo_normal_label": "",
+        "cors_settings": "",
+        "f2b_ban_time_increment": "",
+        "f2b_manage_external": "",
+        "f2b_manage_external_info": "",
+        "ip_check": "",
+        "ip_check_disabled": "",
+        "ip_check_opt_in": "",
+        "queue_unban": ""
     },
     "danger": {
         "access_denied": "访问被拒绝或者表单数据无效",
@@ -459,7 +472,17 @@
         "value_missing": "请填入所有值",
         "yotp_verification_failed": "Yubico OTP 认证失败: %s",
         "template_exists": "模板 %s 已存在",
-        "template_name_invalid": "模板名称无效"
+        "template_name_invalid": "模板名称无效",
+        "webauthn_authenticator_failed": "",
+        "webauthn_username_failed": "",
+        "cors_invalid_method": "",
+        "cors_invalid_origin": "",
+        "img_dimensions_exceeded": "",
+        "img_size_exceeded": "",
+        "webauthn_publickey_failed": "",
+        "demo_mode_enabled": "",
+        "extended_sender_acl_denied": "",
+        "template_id_invalid": ""
     },
     "debug": {
         "chart_this_server": "图表 (此服务器)",
@@ -494,7 +517,13 @@
         "error_show_ip": "无法解析公网IP地址",
         "show_ip": "显示公网IP",
         "update_available": "有可用更新",
-        "update_failed": "无法检查更新"
+        "update_failed": "无法检查更新",
+        "container_stopped": "",
+        "architecture": "",
+        "no_update_available": "",
+        "wip": "",
+        "current_time": "",
+        "timezone": ""
     },
     "diagnostics": {
         "cname_from_a": "来自 A/AAAA 记录的值。但只要记录指向正确的资源即可。",
@@ -618,7 +647,25 @@
         "title": "编辑对象",
         "unchanged_if_empty": "如果不更改则留空",
         "username": "用户名",
-        "validate_save": "验证并保存"
+        "validate_save": "验证并保存",
+        "footer_exclude": "",
+        "created_on": "",
+        "domain_footer_skip_replies": "",
+        "last_modified": "",
+        "custom_attributes": "",
+        "domain_footer": "",
+        "domain_footer_html": "",
+        "domain_footer_info": "",
+        "domain_footer_info_vars": {
+            "auth_user": "",
+            "from_user": "",
+            "from_name": "",
+            "from_addr": "",
+            "from_domain": "",
+            "custom": ""
+        },
+        "domain_footer_plain": "",
+        "pushover_sound": ""
     },
     "fido2": {
         "confirm": "确认",
@@ -659,7 +706,8 @@
         "quarantine": "隔离",
         "restart_netfilter": "重启 netfilter",
         "restart_sogo": "重启 SOGo",
-        "user_settings": "用户设置"
+        "user_settings": "用户设置",
+        "mailcow_system": ""
     },
     "info": {
         "awaiting_tfa_confirmation": "等待 TFA 确认",
@@ -838,7 +886,17 @@
         "mailbox_templates": "邮箱模板",
         "gal": "全局地址列表",
         "max_aliases": "最大别名数",
-        "max_mailboxes": "最大可能的邮箱数"
+        "max_mailboxes": "最大可能的邮箱数",
+        "goto_ham": "",
+        "goto_spam": "",
+        "templates": "",
+        "template": "",
+        "force_pw_update": "",
+        "last_modified": "",
+        "add_template": "",
+        "created_on": "",
+        "max_quota": "",
+        "relay_unknown": ""
     },
     "oauth2": {
         "access_denied": "请作为邮箱所有者登录以使用 OAuth2 授权",
@@ -904,7 +962,19 @@
     },
     "queue": {
         "queue_manager": "队列管理器",
-        "delete": "全部删除"
+        "delete": "全部删除",
+        "show_message": "",
+        "unban": "",
+        "unhold_mail": "",
+        "unhold_mail_legend": "",
+        "flush": "",
+        "info": "",
+        "legend": "",
+        "ays": "",
+        "deliver_mail": "",
+        "deliver_mail_legend": "",
+        "hold_mail": "",
+        "hold_mail_legend": ""
     },
     "ratelimit": {
         "disabled": "禁用",
@@ -996,7 +1066,14 @@
         "verified_fido2_login": "FIDO2 登录验证成功",
         "verified_totp_login": "TOTP 登录验证成功",
         "verified_webauthn_login": "WebAuthn 登录验证成功",
-        "verified_yotp_login": "Yubico OTP 登录验证成功"
+        "verified_yotp_login": "Yubico OTP 登录验证成功",
+        "cors_headers_edited": "",
+        "domain_footer_modified": "",
+        "f2b_banlist_refreshed": "",
+        "ip_check_opt_in_modified": "",
+        "template_added": "",
+        "template_modified": "",
+        "template_removed": ""
     },
     "tfa": {
         "api_register": "%s 使用了 Yubico Cloud API，请<a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">在此</a>为你的密钥获取 API 密钥",
@@ -1023,7 +1100,8 @@
         "webauthn": "WebAuthn 认证",
         "waiting_usb_auth": "<i>等待 USB 设备中...</i><br><br>现在请触碰你的 WebAuthn USB 设备上的按钮。",
         "waiting_usb_register": "<i>等待 USB 设备中...</i><br><br>请在上方输入你的密码并请触碰你的 WebAuthn USB 设备上的按钮以确认注册该 WebAuthn 设备。",
-        "yubi_otp": "Yubico OTP 认证"
+        "yubi_otp": "Yubico OTP 认证",
+        "authenticators": ""
     },
     "user": {
         "action": "操作",
@@ -1184,7 +1262,10 @@
         "weeks": "周",
         "with_app_password": "包含应用密码",
         "year": "年",
-        "years": "年"
+        "years": "年",
+        "pushover_sound": "",
+        "attribute": "",
+        "value": ""
     },
     "warning": {
         "cannot_delete_self": "不能删除已登录的用户",
@@ -1211,6 +1292,18 @@
             "last": "最后一页",
             "previous": "上一页",
             "next": "下一页"
-        }
+        },
+        "decimal": "",
+        "infoPostFix": "",
+        "infoFiltered": "",
+        "thousands": "",
+        "lengthMenu": "",
+        "loadingRecords": "",
+        "zeroRecords": "",
+        "aria": {
+            "sortAscending": "",
+            "sortDescending": ""
+        },
+        "emptyTable": ""
     }
 }
diff --git a/data/web/lang/lang.zh-tw.json b/data/web/lang/lang.zh-tw.json
index c3c2cf714..ea5129418 100644
--- a/data/web/lang/lang.zh-tw.json
+++ b/data/web/lang/lang.zh-tw.json
@@ -480,7 +480,9 @@
         "extended_sender_acl_denied": "缺少設定外部寄件者地址的 ACL",
         "template_exists": "模板 %s 已存在",
         "template_id_invalid": "範本 ID %s 無效",
-        "template_name_invalid": "模板名稱無效"
+        "template_name_invalid": "模板名稱無效",
+        "img_dimensions_exceeded": "",
+        "img_size_exceeded": ""
     },
     "debug": {
         "chart_this_server": "圖表 (此伺服器)",
@@ -520,7 +522,8 @@
         "update_available": "有可用更新",
         "no_update_available": "系統已經是最新版本",
         "update_failed": "無法檢查更新",
-        "wip": "工作正在進行中"
+        "wip": "工作正在進行中",
+        "timezone": ""
     },
     "diagnostics": {
         "cname_from_a": "由 A/AAAA 紀錄獲取。只要紀錄指向正確的資源，此功能就會持續運作。",
@@ -650,7 +653,19 @@
         "validate_save": "驗證並儲存",
         "domain_footer_info": "網域範圍的頁尾將會新增至與該網域內的位址關聯的所有外發電子郵件。 <br> 以下變數可用於頁尾：",
         "custom_attributes": "自訂屬性",
-        "pushover_sound": "聲音"
+        "pushover_sound": "聲音",
+        "domain_footer_skip_replies": "",
+        "domain_footer": "",
+        "domain_footer_html": "",
+        "domain_footer_info_vars": {
+            "auth_user": "",
+            "from_user": "",
+            "from_name": "",
+            "from_addr": "",
+            "from_domain": "",
+            "custom": ""
+        },
+        "domain_footer_plain": ""
     },
     "fido2": {
         "confirm": "確認",
@@ -1069,7 +1084,8 @@
         "webauthn": "WebAuthn 認證",
         "waiting_usb_auth": "<i>等待 USB 裝置...</i><br><br>請觸碰 USB 裝置上的按鈕。",
         "waiting_usb_register": "<i>等待 USB 裝置...</i><br><br>請輸入密碼並觸碰 USB 裝置上的按鈕來確認註冊。",
-        "yubi_otp": "Yubico OTP 認證"
+        "yubi_otp": "Yubico OTP 認證",
+        "authenticators": ""
     },
     "user": {
         "action": "操作",
@@ -1271,7 +1287,8 @@
         "collapse_all": "全部折疊",
         "emptyTable": "表中沒有可用數據",
         "thousands": ",",
-        "decimal": "."
+        "decimal": ".",
+        "infoPostFix": ""
     },
     "queue": {
         "deliver_mail_legend": "嘗試重新投遞選定的郵件。",

From bf13af96917ebf86a76d2b90c6745088e156da90 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Mon, 24 Jun 2024 10:00:16 +0200
Subject: [PATCH 230/755] increased rspamd image tag

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 2d4de525c..1a0588877 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -80,7 +80,7 @@ services:
             - clamd
 
     rspamd-mailcow:
-      image: mailcow/rspamd:1.95
+      image: mailcow/rspamd:1.96
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow

From 6fc86dd7d33794fb82cdba774f3b54f1eb3b37dd Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Mon, 24 Jun 2024 10:00:30 +0200
Subject: [PATCH 231/755] acme: corrected acme-tiny download path

---
 data/Dockerfiles/acme/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/acme/Dockerfile b/data/Dockerfiles/acme/Dockerfile
index f22c71628..8688e4400 100644
--- a/data/Dockerfiles/acme/Dockerfile
+++ b/data/Dockerfiles/acme/Dockerfile
@@ -15,7 +15,7 @@ RUN apk upgrade --no-cache \
   tini \
   tzdata \
   python3 \
-  acme-tiny --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing/
+  acme-tiny --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community/
 
 COPY acme.sh /srv/acme.sh
 COPY functions.sh /srv/functions.sh

From 2cf952eb368609e44e9c076f9e2b058effeae6b7 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Wed, 26 Jun 2024 10:44:07 +0200
Subject: [PATCH 232/755] [Postfix] Upgrade to Deb12 + PF to 3.7.10 & Drop TLS
 1.0/1.1 per default (#5635)

* postfix: removed TLS1.0/1.1 support (natively)

* postfix: upgrade to deb12 + pf to 3.7.9

* compose: increased postfix tag

* postfix: shortened TLS syntax with new format of 3.6+
---
 data/Dockerfiles/postfix/Dockerfile            |  2 +-
 .../postfix/syslog-ng-redis_slave.conf         |  2 +-
 data/Dockerfiles/postfix/syslog-ng.conf        |  2 +-
 data/conf/postfix/anonymize_headers.pcre       |  2 +-
 data/conf/postfix/main.cf                      | 18 +++++++++---------
 docker-compose.yml                             |  2 +-
 6 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/data/Dockerfiles/postfix/Dockerfile b/data/Dockerfiles/postfix/Dockerfile
index bda6e07f2..a45ce12b2 100644
--- a/data/Dockerfiles/postfix/Dockerfile
+++ b/data/Dockerfiles/postfix/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:bullseye-slim
+FROM debian:bookworm-slim
 LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
diff --git a/data/Dockerfiles/postfix/syslog-ng-redis_slave.conf b/data/Dockerfiles/postfix/syslog-ng-redis_slave.conf
index 558305ec7..cb1d1aa04 100644
--- a/data/Dockerfiles/postfix/syslog-ng-redis_slave.conf
+++ b/data/Dockerfiles/postfix/syslog-ng-redis_slave.conf
@@ -1,4 +1,4 @@
-@version: 3.28
+@version: 3.38
 @include "scl.conf"
 options {
   chain_hostnames(off);
diff --git a/data/Dockerfiles/postfix/syslog-ng.conf b/data/Dockerfiles/postfix/syslog-ng.conf
index a1ccd07ec..0990f1c05 100644
--- a/data/Dockerfiles/postfix/syslog-ng.conf
+++ b/data/Dockerfiles/postfix/syslog-ng.conf
@@ -1,4 +1,4 @@
-@version: 3.28
+@version: 3.38
 @include "scl.conf"
 options {
   chain_hostnames(off);
diff --git a/data/conf/postfix/anonymize_headers.pcre b/data/conf/postfix/anonymize_headers.pcre
index 061a4bc08..1a59d53a8 100644
--- a/data/conf/postfix/anonymize_headers.pcre
+++ b/data/conf/postfix/anonymize_headers.pcre
@@ -1,6 +1,6 @@
 if /^\s*Received:.*Authenticated sender.*\(Postcow\)/
 #/^Received: from .*? \([\w-.]* \[.*?\]\)\s+\(Authenticated sender: (.+)\)\s+by.+\(Postcow\) with (E?SMTPS?A?) id ([A-F0-9]+).+;.*?/
-/^Received: from .*? \([\w-.]* \[.*?\]\)(.*|\n.*)\(Authenticated sender: (.+)\)\s+by.+\(Postcow\) with (.*)/
+/^Received: from .*? \([\w\-.]* \[.*?\]\)(.*|\n.*)\(Authenticated sender: (.+)\)\s+by.+\(Postcow\) with (.*)/
   REPLACE Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with $3
 endif
 if /^\s*Received: from.* \(.*dovecot-mailcow.*mailcow-network.*\).*\(Postcow\)/
diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index 6cced6669..6a87f2ecb 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -114,14 +114,14 @@ smtpd_tls_loglevel = 1
 
 # Mandatory protocols and ciphers are used when a connections is enforced to use TLS
 # Does _not_ apply to enforced incoming TLS settings per mailbox
-smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+smtp_tls_mandatory_protocols = >=TLSv1.2
+lmtp_tls_mandatory_protocols = >=TLSv1.2
+smtpd_tls_mandatory_protocols = >=TLSv1.2
 smtpd_tls_mandatory_ciphers = high
 
-smtp_tls_protocols = !SSLv2, !SSLv3
-lmtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-smtpd_tls_protocols = !SSLv2, !SSLv3
+smtp_tls_protocols = >=TLSv1.2
+lmtp_tls_protocols = >=TLSv1.2
+smtpd_tls_protocols = >=TLSv1.2
 
 smtpd_tls_security_level = may
 tls_preempt_cipherlist = yes
@@ -164,11 +164,11 @@ transport_maps = pcre:/opt/postfix/conf/custom_transport.pcre,
 smtp_sasl_auth_soft_bounce = no
 postscreen_discard_ehlo_keywords = silent-discard, dsn, chunking
 smtpd_discard_ehlo_keywords = chunking, silent-discard
-compatibility_level = 2
+compatibility_level = 3.7
 smtputf8_enable = no
 # Define protocols for SMTPS and submission service
-submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+submission_smtpd_tls_mandatory_protocols = >=TLSv1.2
+smtps_smtpd_tls_mandatory_protocols = >=TLSv1.2
 parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,qmqpd_authorized_clients
 
 # DO NOT EDIT ANYTHING BELOW #
diff --git a/docker-compose.yml b/docker-compose.yml
index 1a0588877..49b454ec1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -304,7 +304,7 @@ services:
             - dovecot
 
     postfix-mailcow:
-      image: mailcow/postfix:1.74
+      image: mailcow/postfix:1.75
       depends_on:
         mysql-mailcow:
           condition: service_started

From cf6594220cdc74426f71f6eeb11a9a7cd089036b Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Wed, 26 Jun 2024 11:28:18 +0200
Subject: [PATCH 233/755] dovecot: add Flatcurve FTS Engine as EXPERIMENTAL
 (#5920)

* dovecot: experimental added flatcurve backend + switch

* dovecot: bump docker image
---
 data/Dockerfiles/dovecot/Dockerfile           |  3 +
 data/Dockerfiles/dovecot/docker-entrypoint.sh | 55 ++++++++++++++++++-
 data/Dockerfiles/dovecot/optimize-fts.sh      |  7 +++
 data/Dockerfiles/solr/solr.sh                 | 16 +++++-
 data/conf/dovecot/dovecot.conf                |  5 +-
 docker-compose.yml                            |  8 ++-
 6 files changed, 84 insertions(+), 10 deletions(-)
 create mode 100644 data/Dockerfiles/dovecot/optimize-fts.sh

diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index c33772db4..65028b173 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -24,6 +24,7 @@ RUN addgroup -g 5000 vmail \
   envsubst \
   ca-certificates \
   curl \
+  coreutils \
   jq \
   lua \
   lua-cjson \
@@ -104,6 +105,7 @@ RUN addgroup -g 5000 vmail \
   dovecot-pigeonhole-plugin \
   dovecot-pop3d \
   dovecot-fts-solr \
+  dovecot-fts-flatcurve \
   && arch=$(arch | sed s/aarch64/arm64/ | sed s/x86_64/amd64/) \
   && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$arch" \
   && chmod +x /usr/local/bin/gosu \
@@ -127,6 +129,7 @@ COPY stop-supervisor.sh /usr/local/sbin/stop-supervisor.sh
 COPY quarantine_notify.py /usr/local/bin/quarantine_notify.py
 COPY quota_notify.py /usr/local/bin/quota_notify.py
 COPY repl_health.sh /usr/local/bin/repl_health.sh
+COPY optimize-fts.sh /usr/local/bin/optimize-fts.sh
 
 ENTRYPOINT ["/docker-entrypoint.sh"]
 CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index a9545f338..b53c06bed 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -29,6 +29,7 @@ ${REDIS_CMDLINE} SET DOVECOT_REPL_HEALTH 1 > /dev/null
 # Create missing directories
 [[ ! -d /etc/dovecot/sql/ ]] && mkdir -p /etc/dovecot/sql/
 [[ ! -d /etc/dovecot/lua/ ]] && mkdir -p /etc/dovecot/lua/
+[[ ! -d /etc/dovecot/conf.d/ ]] && mkdir -p /etc/dovecot/conf.d/
 [[ ! -d /var/vmail/_garbage ]] && mkdir -p /var/vmail/_garbage
 [[ ! -d /var/vmail/sieve ]] && mkdir -p /var/vmail/sieve
 [[ ! -d /etc/sogo ]] && mkdir -p /etc/sogo
@@ -109,7 +110,14 @@ EOF
 
 echo -n ${ACL_ANYONE} > /etc/dovecot/acl_anyone
 
-if [[ "${SKIP_SOLR}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+if [[ "${FLATCURVE_EXPERIMENTAL}" =~ ^([yY][eE][sS]|[yY]) ]]; then
+echo -e "\e[33mActivating Flatcurve as FTS Backend...\e[0m"
+echo -e "\e[33mDepending on your previous setup a full reindex might be needed... \e[0m"
+echo -e "\e[34mVisit https://docs.mailcow.email/manual-guides/Dovecot/u_e-dovecot-fts/#fts-related-dovecot-commands to learn how to reindex\e[0m"
+echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify fts fts_flatcurve listescape replication' > /etc/dovecot/mail_plugins
+echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify mail_log fts fts_flatcurve listescape replication' > /etc/dovecot/mail_plugins_imap
+echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl fts fts_flatcurve notify listescape replication' > /etc/dovecot/mail_plugins_lmtp
+elif [[ "${SKIP_SOLR}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
 echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify listescape replication' > /etc/dovecot/mail_plugins
 echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify listescape replication mail_log' > /etc/dovecot/mail_plugins_imap
 echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl notify listescape replication' > /etc/dovecot/mail_plugins_lmtp
@@ -239,6 +247,47 @@ function script_deinit()
 end
 EOF
 
+# Temporarily set FTS depending on user choice inside mailcow.conf. Will be removed as soon as Solr is dropped
+if [[ "${FLATCURVE_EXPERIMENTAL}" =~ ^([yY][eE][sS]|[yY])$ ]]; then
+cat <<EOF > /etc/dovecot/conf.d/fts.conf
+# Autogenerated by mailcow
+plugin {
+    fts_autoindex = yes
+    fts_autoindex_exclude = \Junk
+    fts_autoindex_exclude2 = \Trash
+    fts = flatcurve
+
+    # These are not flatcurve settings, but required for Dovecot FTS. See
+    # Dovecot FTS Configuration link above for further information.
+    fts_languages = en es de
+    fts_tokenizer_generic = algorithm=simple
+    fts_tokenizers = generic email-address
+
+    # OPTIONAL: Recommended default FTS core configuration
+    fts_filters = normalizer-icu snowball stopwords
+    fts_filters_en = lowercase snowball english-possessive stopwords
+}
+EOF
+elif [[ ! "${SKIP_SOLR}" =~ ^([yY][eE][sS]|[yY])$ ]]; then
+cat <<EOF > /etc/dovecot/conf.d/fts.conf
+# Autogenerated by mailcow
+plugin {
+  fts = solr
+  fts_autoindex = yes
+  fts_autoindex_exclude = \Junk
+  fts_autoindex_exclude2 = \Trash
+  fts_solr = url=http://solr:8983/solr/dovecot-fts/
+
+  fts_tokenizers = generic email-address
+  fts_tokenizer_generic = algorithm=simple
+
+  fts_filters = normalizer-icu snowball stopwords
+  fts_filters_en = lowercase snowball english-possessive stopwords
+}
+EOF
+fi
+
+
 # Replace patterns in app-passdb.lua
 sed -i "s/__DBUSER__/${DBUSER}/g" /etc/dovecot/lua/passwd-verify.lua
 sed -i "s/__DBPASS__/${DBPASS}/g" /etc/dovecot/lua/passwd-verify.lua
@@ -343,7 +392,6 @@ mail_replica = tcp:${MAILCOW_REPLICA_IP}:${DOVEADM_REPLICA_PORT}
 EOF
 fi
 
-
 # 401 is user dovecot
 if [[ ! -s /mail_crypt/ecprivkey.pem || ! -s /mail_crypt/ecpubkey.pem ]]; then
 	openssl ecparam -name prime256v1 -genkey | openssl pkey -out /mail_crypt/ecprivkey.pem
@@ -387,7 +435,8 @@ chmod +x /usr/lib/dovecot/sieve/rspamd-pipe-ham \
   /usr/local/bin/maildir_gc.sh \
   /usr/local/sbin/stop-supervisor.sh \
   /usr/local/bin/quota_notify.py \
-  /usr/local/bin/repl_health.sh
+  /usr/local/bin/repl_health.sh \
+  /usr/local/bin/optimize-fts.sh
 
 # Prepare environment file for cronjobs
 printenv | sed 's/^\(.*\)$/export \1/g' > /source_env.sh
diff --git a/data/Dockerfiles/dovecot/optimize-fts.sh b/data/Dockerfiles/dovecot/optimize-fts.sh
new file mode 100644
index 000000000..a6e8f91da
--- /dev/null
+++ b/data/Dockerfiles/dovecot/optimize-fts.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+if [[ "${SKIP_SOLR}" =~ ^([yY][eE][sS]|[yY])+$ && ! "${FLATCURVE_EXPERIMENTAL}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+    exit 0
+else
+    doveadm fts optimize -A
+fi
\ No newline at end of file
diff --git a/data/Dockerfiles/solr/solr.sh b/data/Dockerfiles/solr/solr.sh
index 1c5c6f51f..03ab79126 100755
--- a/data/Dockerfiles/solr/solr.sh
+++ b/data/Dockerfiles/solr/solr.sh
@@ -1,7 +1,15 @@
 #!/bin/bash
 
-if [[ "${SKIP_SOLR}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+if [[ "${FLATCURVE_EXPERIMENTAL}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+  echo "FLATCURVE_EXPERIMENTAL=y, skipping Solr but enabling Flatcurve as FTS for Dovecot!"
+  echo "Solr will be removed in the future!"
+  sleep 365d
+  exit 0
+elif [[ "${SKIP_SOLR}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
   echo "SKIP_SOLR=y, skipping Solr..."
+  echo "HINT: You could try the newer FTS Backend Flatcurve, which is currently in experimental state..."
+  echo "Simply set FLATCURVE_EXPERIMENTAL=y inside your mailcow.conf and restart the stack afterwards!"
+  echo "Solr will be removed in the future!"
   sleep 365d
   exit 0
 fi
@@ -57,5 +65,11 @@ if [[ "${1}" == "--bootstrap" ]]; then
   exit 0
 fi
 
+echo "Starting up Solr..."
+echo -e "\e[31mSolr is deprecated! You can try the new FTS System now by enabling FLATCURVE_EXPERIMENTAL=y inside mailcow.conf and restarting the stack\e[0m"
+echo -e "\e[31mSolr will be removed completely soon!\e[0m"
+
+sleep 15
+
 exec gosu solr solr-foreground
 
diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf
index 729686fb1..c230c3495 100644
--- a/data/conf/dovecot/dovecot.conf
+++ b/data/conf/dovecot/dovecot.conf
@@ -10,6 +10,7 @@
 auth_mechanisms = plain login
 #mail_debug = yes
 #auth_debug = yes
+#log_debug = category=fts-flatcurve # Activate Logging for Flatcurve FTS Searchings
 log_path = syslog
 disable_plaintext_auth = yes
 # Uncomment on NFS share
@@ -194,9 +195,6 @@ plugin {
   acl_shared_dict = file:/var/vmail/shared-mailboxes.db
   acl = vfile
   acl_user = %u
-  fts = solr
-  fts_autoindex = yes
-  fts_solr = url=http://solr:8983/solr/dovecot-fts/
   quota = dict:Userquota::proxy::sqlquota
   quota_rule2 = Trash:storage=+100%%
   sieve = /var/vmail/sieve/%u.sieve
@@ -305,6 +303,7 @@ replication_dsync_parameters = -d -l 30 -U -n INBOX
 !include_try /etc/dovecot/extra.conf
 !include_try /etc/dovecot/sogo-sso.conf
 !include_try /etc/dovecot/shared_namespace.conf
+!include_try /etc/dovecot/conf.d/fts.conf
 # </Includes>
 default_client_limit = 10400
 default_vsz_limit = 1024 M
diff --git a/docker-compose.yml b/docker-compose.yml
index 49b454ec1..b0f50dd6d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -221,7 +221,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:1.29
+      image: mailcow/dovecot:1.30
       depends_on:
         - mysql-mailcow
         - netfilter-mailcow
@@ -264,6 +264,7 @@ services:
         - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
         - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
         - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
+        - FLATCURVE_EXPERIMENTAL=${FLATCURVE_EXPERIMENTAL:-n}
       ports:
         - "${DOVEADM_PORT:-127.0.0.1:19991}:12345"
         - "${IMAP_PORT:-143}:143"
@@ -289,7 +290,7 @@ services:
         ofelia.job-exec.dovecot_sarules.schedule: "@every 24h"
         ofelia.job-exec.dovecot_sarules.command: "/bin/bash -c \"/usr/local/bin/sa-rules.sh\""
         ofelia.job-exec.dovecot_fts.schedule: "@every 24h"
-        ofelia.job-exec.dovecot_fts.command: "/usr/bin/curl http://solr:8983/solr/dovecot-fts/update?optimize=true"
+        ofelia.job-exec.dovecot_fts.command: "/bin/bash -c \"/usr/local/bin/gosu vmail /usr/local/bin/optimize-fts.sh\""
         ofelia.job-exec.dovecot_repl_health.schedule: "@every 5m"
         ofelia.job-exec.dovecot_repl_health.command: "/bin/bash -c \"/usr/local/bin/gosu vmail /usr/local/bin/repl_health.sh\""
       ulimits:
@@ -553,7 +554,7 @@ services:
     
     ##### Will be removed soon #####
     solr-mailcow:
-      image: mailcow/solr:1.8.2
+      image: mailcow/solr:1.8.3
       restart: always
       depends_on:
         - netfilter-mailcow
@@ -565,6 +566,7 @@ services:
         - TZ=${TZ}
         - SOLR_HEAP=${SOLR_HEAP:-1024}
         - SKIP_SOLR=${SKIP_SOLR:-y}
+        - FLATCURVE_EXPERIMENTAL=${FLATCURVE_EXPERIMENTAL:-n}
       networks:
         mailcow-network:
           aliases:

From b9f8959d92c7a9bab1b6d0e3ff46b7ca6c94ca2f Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Thu, 27 Jun 2024 13:11:19 +0200
Subject: [PATCH 234/755] Update CONTRIBUTING.md

Added language terms
---
 CONTRIBUTING.md | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index d7a3d86de..623d2cabc 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,31 +1,33 @@
-# Contribution Guidelines (Last modified on 18th December 2023)
+# Contribution Guidelines (Last modified on 27th June 2024)
 
 First of all, thank you for wanting to provide a bugfix or a new feature for the mailcow community, it's because of your help that the project can continue to grow!
 
-## Pull Requests (Last modified on 18th December 2023)
+## Pull Requests (Last modified on 27th June 2024)
 
 However, please note the following regarding pull requests:
 
 1. **ALWAYS** create your PR using the staging branch of your locally cloned mailcow instance, as the pull request will end up in said staging branch of mailcow once approved. Ideally, you should simply create a new branch for your pull request that is named after the type of your PR (e.g. `feat/` for function updates or `fix/` for bug fixes) and the actual content (e.g. `sogo-6.0.0` for an update from SOGo to version 6 or `html-escape` for a fix that includes escaping HTML in mailcow).
-2. Please **keep** this pull request branch **clean** and free of commits that have nothing to do with the changes you have made (e.g. commits from other users from other branches). *If you make changes to the `update.sh` script or other scripts that trigger a commit, there is usually a developer mode for clean working in this case.
-3. **Test your changes before you commit them as a pull request.** <ins>If possible</ins>, write a small **test log** or demonstrate the functionality with a **screenshot or GIF**. *We will of course also test your pull request ourselves, but proof from you will save us the question of whether you have tested your own changes yourself.*
-4. Please **ALWAYS** create the actual pull request against the staging branch and **NEVER** directly against the master branch. *If you forget to do this, our moobot will remind you to switch the branch to staging.*
-5. Wait for a merge commit: It may happen that we do not accept your pull request immediately or sometimes not at all for various reasons. Please do not be disappointed if this is the case. We always endeavor to incorporate any meaningful changes from the community into the mailcow project.
-6. If you are planning larger and therefore more complex pull requests, it would be advisable to first announce this in a separate issue and then start implementing it after the idea has been accepted in order to avoid unnecessary frustration and effort!
+2. **ALWAYS** report/request issues/features in the english language, even though mailcow is a german based company. This is done to allow other GitHub users to reply to your issues/requests too which did not speak german or other languages besides english.
+3. Please **keep** this pull request branch **clean** and free of commits that have nothing to do with the changes you have made (e.g. commits from other users from other branches). *If you make changes to the `update.sh` script or other scripts that trigger a commit, there is usually a developer mode for clean working in this case.
+4. **Test your changes before you commit them as a pull request.** <ins>If possible</ins>, write a small **test log** or demonstrate the functionality with a **screenshot or GIF**. *We will of course also test your pull request ourselves, but proof from you will save us the question of whether you have tested your own changes yourself.*
+5. Please **ALWAYS** create the actual pull request against the staging branch and **NEVER** directly against the master branch. *If you forget to do this, our moobot will remind you to switch the branch to staging.*
+6. Wait for a merge commit: It may happen that we do not accept your pull request immediately or sometimes not at all for various reasons. Please do not be disappointed if this is the case. We always endeavor to incorporate any meaningful changes from the community into the mailcow project.
+7. If you are planning larger and therefore more complex pull requests, it would be advisable to first announce this in a separate issue and then start implementing it after the idea has been accepted in order to avoid unnecessary frustration and effort!
 
 ---
 
-## Issue Reporting (Last modified on 18th December 2023)
+## Issue Reporting (Last modified on 27th June 2024)
 
 If you plan to report a issue within mailcow please read and understand the following rules:
 
 1. **ONLY** use the issue tracker for bug reports or improvement requests and NOT for support questions. For support questions you can either contact the [mailcow community on Telegram](https://docs.mailcow.email/#community-support-and-chat) or the mailcow team directly in exchange for a [support fee](https://docs.mailcow.email/#commercial-support).
 2. **ONLY** report an error if you have the **necessary know-how (at least the basics)** for the administration of an e-mail server and the usage of Docker. mailcow is a complex and fully-fledged e-mail server including groupware components on a Docker basement and it requires a bit of technical know-how for debugging and operating.
-3. **ONLY** report bugs that are contained in the latest mailcow release series. *The definition of the latest release series includes the last major patch (e.g. 2023-12) and all minor patches (revisions) below it (e.g. 2023-12a, b, c etc.).* New issue reports published starting from January 1, 2024 must meet this criterion, as versions below the latest releases are no longer supported by us.
-4. When reporting a problem, please be as detailed as possible and include even the smallest changes to your mailcow installation. Simply fill out the corresponding bug report form in detail and accurately to minimize possible questions.
-5. **Before you open an issue/feature request**, please first check whether a similar request already exists in the mailcow tracker on GitHub. If so, please include yourself in this request.
-6. When you create a issue/feature request: Please note that the creation does <ins>**not guarantee an instant implementation or fix by the mailcow team or the community**</ins>.
-7. Please **ALWAYS** anonymize any sensitive information in your bug report or feature request before submitting it.
+3. **ALWAYS** report/request issues/features in the english language, even though mailcow is a german based company. This is done to allow other GitHub users to reply to your issues/requests too which did not speak german or other languages besides english.
+4. **ONLY** report bugs that are contained in the latest mailcow release series. *The definition of the latest release series includes the last major patch (e.g. 2023-12) and all minor patches (revisions) below it (e.g. 2023-12a, b, c etc.).* New issue reports published starting from January 1, 2024 must meet this criterion, as versions below the latest releases are no longer supported by us.
+5. When reporting a problem, please be as detailed as possible and include even the smallest changes to your mailcow installation. Simply fill out the corresponding bug report form in detail and accurately to minimize possible questions.
+6. **Before you open an issue/feature request**, please first check whether a similar request already exists in the mailcow tracker on GitHub. If so, please include yourself in this request.
+7. When you create a issue/feature request: Please note that the creation does <ins>**not guarantee an instant implementation or fix by the mailcow team or the community**</ins>.
+8. Please **ALWAYS** anonymize any sensitive information in your bug report or feature request before submitting it.
 
 ### Quick guide to reporting problems:
 1. Read your logs; follow them to see what the reason for your problem is.
@@ -36,4 +38,4 @@ If you plan to report a issue within mailcow please read and understand the foll
 6. [Create an issue](https://github.com/mailcow/mailcow-dockerized/issues/new/choose) over at our GitHub repository if you think your problem might be a bug or a missing feature you badly need. But please make sure, that you include **all the logs** and a full description to your problem.
 7. Ask your questions in our community-driven [support channels](https://docs.mailcow.email/#community-support-and-chat).
 
-## When creating an issue/feature request or a pull request, you will be asked to confirm these guidelines.
\ No newline at end of file
+## When creating an issue/feature request or a pull request, you will be asked to confirm these guidelines.

From 9715c5731429fbcb9c9b00f87c864fbb567ff359 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Thu, 27 Jun 2024 18:03:01 +0200
Subject: [PATCH 235/755] Revert "Translations update from Weblate (#5912)"

This reverts commit 1af9c21a50e0bc937062c348ec9610b1db87418f.
---
 data/web/lang/lang.ca-es.json |  782 +-------------------
 data/web/lang/lang.cs-cz.json |   43 +-
 data/web/lang/lang.da-dk.json |  249 +------
 data/web/lang/lang.es-es.json |  564 +-------------
 data/web/lang/lang.fi-fi.json |  438 +----------
 data/web/lang/lang.fr-fr.json |   91 +--
 data/web/lang/lang.gr-gr.json | 1293 +--------------------------------
 data/web/lang/lang.hu-hu.json |  741 +------------------
 data/web/lang/lang.it-it.json |   54 +-
 data/web/lang/lang.ko-kr.json |  320 +-------
 data/web/lang/lang.lt-lt.json |  973 +------------------------
 data/web/lang/lang.lv-lv.json |  724 +-----------------
 data/web/lang/lang.nb-no.json |  987 +------------------------
 data/web/lang/lang.nl-nl.json |  169 +----
 data/web/lang/lang.pl-pl.json |  905 +----------------------
 data/web/lang/lang.pt-pt.json | 1060 +--------------------------
 data/web/lang/lang.ro-ro.json |  120 +--
 data/web/lang/lang.ru-ru.json |  100 +--
 data/web/lang/lang.si-si.json |  765 +------------------
 data/web/lang/lang.sk-sk.json |   70 +-
 data/web/lang/lang.sv-se.json |  220 +-----
 data/web/lang/lang.tr-tr.json |    6 +-
 data/web/lang/lang.uk-ua.json |   17 +-
 data/web/lang/lang.zh-cn.json |  117 +--
 data/web/lang/lang.zh-tw.json |   27 +-
 25 files changed, 282 insertions(+), 10553 deletions(-)

diff --git a/data/web/lang/lang.ca-es.json b/data/web/lang/lang.ca-es.json
index 9b8862c2a..877b46cdb 100644
--- a/data/web/lang/lang.ca-es.json
+++ b/data/web/lang/lang.ca-es.json
@@ -19,16 +19,7 @@
         "spam_alias": "Àlies temporals",
         "spam_score": "Puntuació de correu brossa",
         "tls_policy": "Política TLS",
-        "unlimited_quota": "Quota ilimitada per bústies de correo",
-        "delimiter_action": "",
-        "ratelimit": "",
-        "smtp_ip_access": "",
-        "sogo_access": "",
-        "domain_relayhost": "",
-        "extend_sender_acl": "",
-        "mailbox_relayhost": "",
-        "pushover": "",
-        "spam_policy": ""
+        "unlimited_quota": "Quota ilimitada per bústies de correo"
     },
     "add": {
         "activate_filter_warn": "All other filters will be deactivated, when active is checked.",
@@ -82,33 +73,7 @@
         "validate": "Validar",
         "validation_success": "Validated successfully",
         "app_name": "Nom de l'aplicació",
-        "app_password": "Afegir contrasenya a l'aplicació",
-        "dry": "",
-        "inactive": "",
-        "disable_login": "",
-        "goto_ham": "",
-        "goto_spam": "",
-        "mailbox_quota_def": "",
-        "private_comment": "",
-        "public_comment": "",
-        "relay_unknown_only": "",
-        "relayhost_wrapped_tls_info": "",
-        "subscribeall": "",
-        "tags": "",
-        "timeout1": "",
-        "timeout2": "",
-        "relay_transport_info": "",
-        "domain_matches_hostname": "",
-        "gal": "",
-        "gal_info": "",
-        "generate": "",
-        "nexthop": "",
-        "app_passwd_protocols": "",
-        "bcc_dest_format": "",
-        "comment_info": "",
-        "custom_params": "",
-        "custom_params_hint": "",
-        "destination": ""
+        "app_password": "Afegir contrasenya a l'aplicació"
     },
     "admin": {
         "access": "Accés",
@@ -191,167 +156,7 @@
         "ui_texts": "Etiquetes i textos de la UI",
         "unchanged_if_empty": "Si no hi ha canvis, deixa'l en blanc",
         "upload": "Pujar",
-        "username": "Nom d'usuari",
-        "lookup_mx": "",
-        "logo_dark_label": "",
-        "optional": "",
-        "copy_to_clipboard": "",
-        "f2b_manage_external": "",
-        "f2b_manage_external_info": "",
-        "license_info": "",
-        "message": "",
-        "message_size": "",
-        "nexthop": "",
-        "no": "",
-        "no_active_bans": "",
-        "oauth2_apps": "",
-        "oauth2_client_secret": "",
-        "oauth2_info": "",
-        "password_policy_chars": "",
-        "password_policy_numbers": "",
-        "password_policy_special_chars": "",
-        "priority": "",
-        "quarantine_bcc": "",
-        "quarantine_max_size": "",
-        "quarantine_notification_html": "",
-        "quarantine_redirect": "",
-        "quarantine_release_format_att": "",
-        "quarantine_retention_size": "",
-        "quota_notification_html": "",
-        "quota_notification_subject": "",
-        "quota_notifications": "",
-        "relay_rcpt": "",
-        "relay_run": "",
-        "routing": "",
-        "rspamd_global_filters_regex": "",
-        "title": "",
-        "transport_maps": "",
-        "transport_test_rcpt_info": "",
-        "transports_hint": "",
-        "ui_header_announcement_active": "",
-        "validate_license_now": "",
-        "verify": "",
-        "yes": "",
-        "password_length": "",
-        "password_policy": "",
-        "logo_normal_label": "",
-        "f2b_max_ban_time": "",
-        "f2b_ban_time_increment": "",
-        "add_relayhost_hint": "",
-        "add_transport": "",
-        "add_transports_hint": "",
-        "admins": "",
-        "quarantine_exclude_domains": "",
-        "quarantine_max_age": "",
-        "quarantine_release_format_raw": "",
-        "quota_notification_sender": "",
-        "quota_notifications_info": "",
-        "quota_notifications_vars": "",
-        "r_active": "",
-        "r_inactive": "",
-        "rate_name": "",
-        "regex_maps": "",
-        "ui_header_announcement": "",
-        "cors_settings": "",
-        "allowed_methods": "",
-        "allowed_origins": "",
-        "oauth2_renew_secret": "",
-        "oauth2_revoke_tokens": "",
-        "send": "",
-        "success": "",
-        "sys_mails": "",
-        "text": "",
-        "time": "",
-        "unban_pending": "",
-        "ip_check": "",
-        "quarantine_notification_sender": "",
-        "dkim_domains_wo_keys": "",
-        "dkim_to": "",
-        "duplicate": "",
-        "excludes": "",
-        "f2b_blacklist": "",
-        "f2b_filter": "",
-        "guid": "",
-        "oauth2_add_client": "",
-        "rsetting_content": "",
-        "queue_unban": "",
-        "ip_check_disabled": "",
-        "ip_check_opt_in": "",
-        "options": "",
-        "relayhosts": "",
-        "reset_limit": "",
-        "rsetting_add_rule": "",
-        "rspamd_com_settings": "",
-        "ui_footer": "",
-        "dkim_from": "",
-        "admins_ldap": "",
-        "advanced_settings": "",
-        "api_info": "",
-        "api_read_only": "",
-        "api_read_write": "",
-        "api_skip_ip_check": "",
-        "arrival_time": "",
-        "authed_user": "",
-        "ays": "",
-        "activate_send": "",
-        "active_rspamd_settings_map": "",
-        "add_admin": "",
-        "add_settings_rule": "",
-        "oauth2_redirect_uri": "",
-        "domain_admin": "",
-        "password_policy_length": "",
-        "password_policy_lowerupper": "",
-        "quarantine_release_format": "",
-        "rsetting_none": "",
-        "rsettings_insert_preset": "",
-        "transport_dest_format": "",
-        "ban_list_info": "",
-        "convert_html_to_text": "",
-        "credentials_transport_warning": "",
-        "customer_id": "",
-        "destination": "",
-        "dkim_domains_selector": "",
-        "dkim_from_title": "",
-        "dkim_overwrite_key": "",
-        "dkim_to_title": "",
-        "domain_s": "",
-        "f2b_list_info": "",
-        "f2b_regex_info": "",
-        "from": "",
-        "generate": "",
-        "guid_and_license": "",
-        "hash_remove_info": "",
-        "html": "",
-        "include_exclude": "",
-        "include_exclude_info": "",
-        "includes": "",
-        "is_mx_based": "",
-        "last_applied": "",
-        "login_time": "",
-        "oauth2_client_id": "",
-        "quarantine_max_score": "",
-        "quarantine_notification_subject": "",
-        "rsetting_no_selection": "",
-        "rsettings_preset_1": "",
-        "rsettings_preset_2": "",
-        "rsettings_preset_3": "",
-        "rsettings_preset_4": "",
-        "rspamd_global_filters": "",
-        "rspamd_global_filters_agree": "",
-        "rspamd_global_filters_info": "",
-        "rspamd_settings_map": "",
-        "sal_level": "",
-        "service": "",
-        "service_id": "",
-        "ui_header_announcement_content": "",
-        "ui_header_announcement_help": "",
-        "ui_header_announcement_select": "",
-        "ui_header_announcement_type": "",
-        "ui_header_announcement_type_danger": "",
-        "ui_header_announcement_type_info": "",
-        "ui_header_announcement_type_warning": "",
-        "duplicate_dkim": "",
-        "r_info": ""
+        "username": "Nom d'usuari"
     },
     "danger": {
         "access_denied": "Accés denegat o dades incorrectes",
@@ -402,87 +207,7 @@
         "target_domain_invalid": "El domini \"goto\" no és vàlid",
         "targetd_not_found": "No s'ha trobat el domini destí",
         "username_invalid": "El nom d'usuari no es pot fer servir",
-        "validity_missing": "Si et plau posa un període de validesa",
-        "webauthn_authenticator_failed": "",
-        "webauthn_publickey_failed": "",
-        "value_missing": "",
-        "unknown": "",
-        "app_name_empty": "",
-        "app_passwd_id_invalid": "",
-        "bcc_empty": "",
-        "invalid_bcc_map_type": "",
-        "invalid_filter_type": "",
-        "invalid_host": "",
-        "bcc_exists": "",
-        "bcc_must_be_email": "",
-        "comment_too_long": "",
-        "cors_invalid_method": "",
-        "cors_invalid_origin": "",
-        "defquota_empty": "",
-        "extended_sender_acl_denied": "",
-        "extra_acl_invalid": "",
-        "extra_acl_invalid_domain": "",
-        "fido2_verification_failed": "",
-        "file_open_error": "",
-        "filter_type": "",
-        "from_invalid": "",
-        "global_filter_write_error": "",
-        "global_map_invalid": "",
-        "global_map_write_error": "",
-        "ham_learn_error": "",
-        "invalid_nexthop": "",
-        "invalid_recipient_map_new": "",
-        "invalid_destination": "",
-        "tfa_token_invalid": "",
-        "tls_policy_map_dest_invalid": "",
-        "rl_timeframe": "",
-        "img_dimensions_exceeded": "",
-        "img_size_exceeded": "",
-        "invalid_nexthop_authenticated": "",
-        "invalid_recipient_map_old": "",
-        "private_key_error": "",
-        "pushover_credentials_missing": "",
-        "pushover_key": "",
-        "pushover_token": "",
-        "recipient_map_entry_exists": "",
-        "redis_error": "",
-        "relayhost_invalid": "",
-        "reset_f2b_regex": "",
-        "rspamd_ui_pw_length": "",
-        "script_empty": "",
-        "set_acl_failed": "",
-        "targetd_relay_domain": "",
-        "template_exists": "",
-        "template_id_invalid": "",
-        "template_name_invalid": "",
-        "temp_error": "",
-        "text_empty": "",
-        "tls_policy_map_entry_exists": "",
-        "tls_policy_map_parameter_invalid": "",
-        "totp_verification_failed": "",
-        "transport_dest_exists": "",
-        "webauthn_verification_failed": "",
-        "webauthn_username_failed": "",
-        "unknown_tfa_method": "",
-        "unlimited_quota_acl": "",
-        "yotp_verification_failed": "",
-        "no_user_defined": "",
-        "demo_mode_enabled": "",
-        "dkim_domain_or_sel_exists": "",
-        "domain_cannot_match_hostname": "",
-        "ip_list_empty": "",
-        "settings_map_invalid": "",
-        "sieve_error": "",
-        "spam_learn_error": "",
-        "subject_empty": "",
-        "mailbox_defquota_exceeds_mailbox_maxquota": "",
-        "malformed_username": "",
-        "map_content_empty": "",
-        "mysql_error": "",
-        "network_host_invalid": "",
-        "next_hop_interferes": "",
-        "next_hop_interferes_any": "",
-        "nginx_reload_failed": ""
+        "validity_missing": "Si et plau posa un període de validesa"
     },
     "diagnostics": {
         "cname_from_a": "Valor derivat de registre A/AAAA. Això és compatible sempre que el registre assenyali el recurs correcte.",
@@ -492,8 +217,7 @@
         "dns_records_name": "Nom",
         "dns_records_status": "Valor actual",
         "dns_records_type": "Tipus",
-        "optional": "Aquest registre és opcional.",
-        "dns_records_docs": ""
+        "optional": "Aquest registre és opcional."
     },
     "edit": {
         "active": "Actiu",
@@ -549,82 +273,7 @@
         "title": "Editar l'objecte",
         "unchanged_if_empty": "Si no hay cambios dejalo en blanco",
         "username": "Usuari",
-        "validate_save": "Validar i desar",
-        "lookup_mx": "",
-        "acl": "",
-        "admin": "",
-        "allow_from_smtp": "",
-        "footer_exclude": "",
-        "domain_footer_skip_replies": "",
-        "domain_footer_plain": "",
-        "gal_info": "",
-        "grant_types": "",
-        "pushover": "",
-        "scope": "",
-        "custom_attributes": "",
-        "disable_login": "",
-        "none_inherit": "",
-        "pushover_info": "",
-        "domain_footer": "",
-        "domain_footer_html": "",
-        "domain_footer_info_vars": {
-            "from_name": "",
-            "from_addr": "",
-            "from_domain": "",
-            "auth_user": "",
-            "from_user": "",
-            "custom": ""
-        },
-        "gal": "",
-        "mbox_rl_info": "",
-        "nexthop": "",
-        "private_comment": "",
-        "public_comment": "",
-        "pushover_evaluate_x_prio": "",
-        "pushover_only_x_prio": "",
-        "pushover_sender_array": "",
-        "pushover_sender_regex": "",
-        "sogo_visible": "",
-        "allow_from_smtp_info": "",
-        "allowed_protocols": "",
-        "app_name": "",
-        "app_passwd": "",
-        "bcc_dest_format": "",
-        "client_id": "",
-        "client_secret": "",
-        "comment_info": "",
-        "created_on": "",
-        "delete_ays": "",
-        "domain_footer_info": "",
-        "inactive": "",
-        "extended_sender_acl": "",
-        "extended_sender_acl_info": "",
-        "last_modified": "",
-        "mailbox_quota_def": "",
-        "mailbox_relayhost_info": "",
-        "pushover_text": "",
-        "pushover_title": "",
-        "sender_acl_disabled": "",
-        "sender_acl_info": "",
-        "sogo_access_info": "",
-        "sogo_visible_info": "",
-        "timeout1": "",
-        "timeout2": "",
-        "generate": "",
-        "app_passwd_protocols": "",
-        "ratelimit": "",
-        "relayhost": "",
-        "pushover_sound": "",
-        "pushover_vars": "",
-        "pushover_verify": "",
-        "quota_warning_bcc": "",
-        "quota_warning_bcc_info": "",
-        "relay_transport_info": "",
-        "relay_unknown_only": "",
-        "spam_filter": "",
-        "advanced_settings": "",
-        "redirect_uri": "",
-        "sogo_access": ""
+        "validate_save": "Validar i desar"
     },
     "footer": {
         "cancel": "Cancel·lar",
@@ -633,13 +282,7 @@
         "delete_these_items": "Si et plau confirma els canvis al objecte amb id:",
         "loading": "Si et plau espera ...",
         "restart_container_info": "<b>Important:</b> Un reinici pot trigar una estona, si et plau espera a que acabi.",
-        "restart_now": "Reiniciar ara",
-        "hibp_check": "",
-        "hibp_nok": "",
-        "hibp_ok": "",
-        "nothing_selected": "",
-        "restart_container": "",
-        "restarting_container": ""
+        "restart_now": "Reiniciar ara"
     },
     "header": {
         "administration": "Administració",
@@ -648,24 +291,16 @@
         "mailcow_config": "Configuració",
         "quarantine": "Quarantena",
         "restart_sogo": "Reiniciar SOGo",
-        "user_settings": "Preferències d'usuari",
-        "restart_netfilter": "",
-        "apps": "",
-        "mailcow_system": ""
+        "user_settings": "Preferències d'usuari"
     },
     "info": {
-        "no_action": "No hi ha cap acció aplicable",
-        "awaiting_tfa_confirmation": "",
-        "session_expires": ""
+        "no_action": "No hi ha cap acció aplicable"
     },
     "login": {
         "delayed": "Pots iniciar de sessió passats %s segons.",
         "login": "Inici de sessió",
         "password": "Contrasenya",
-        "username": "Nom d'usuari",
-        "fido2_webauthn": "",
-        "mobileconfig_info": "",
-        "other_logins": ""
+        "username": "Nom d'usuari"
     },
     "mailbox": {
         "action": "Acció",
@@ -750,97 +385,7 @@
         "tls_enforce_out": "Forçar TLS al enviar",
         "toggle_all": "Tots",
         "username": "Nom d'usuari",
-        "waiting": "Esperant",
-        "booking_0_short": "",
-        "booking_null": "",
-        "booking_custom": "",
-        "sieve_preset_8": "",
-        "sieve_preset_header": "",
-        "sogo_visible": "",
-        "stats": "",
-        "tls_policy_maps_long": "",
-        "quarantine_notification": "",
-        "recipient_map_old_info": "",
-        "table_size_show_n": "",
-        "tls_map_dest": "",
-        "tls_map_dest_info": "",
-        "sieve_preset_2": "",
-        "add_tls_policy_map": "",
-        "sieve_preset_3": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "table_size": "",
-        "tls_map_parameters": "",
-        "disable_x": "",
-        "domain_templates": "",
-        "last_pw_change": "",
-        "no": "",
-        "public_comment": "",
-        "q_add_header": "",
-        "q_reject": "",
-        "recipient": "",
-        "relay_unknown": "",
-        "sieve_preset_1": "",
-        "sieve_preset_7": "",
-        "tls_map_parameters_info": "",
-        "tls_map_policy": "",
-        "tls_policy_maps": "",
-        "dkim_domains_selector": "",
-        "templates": "",
-        "never": "",
-        "add_template": "",
-        "all_domains": "",
-        "allowed_protocols": "",
-        "bcc_map": "",
-        "booking_custom_short": "",
-        "booking_ltnull": "",
-        "booking_lt0_short": "",
-        "catch_all": "",
-        "created_on": "",
-        "daily": "",
-        "disable_login": "",
-        "domain_quota_total": "",
-        "enable_x": "",
-        "gal": "",
-        "goto_ham": "",
-        "goto_spam": "",
-        "hourly": "",
-        "insert_preset": "",
-        "last_mail_login": "",
-        "last_modified": "",
-        "mailbox": "",
-        "mailbox_defaults": "",
-        "mailbox_defaults_info": "",
-        "mailbox_defquota": "",
-        "mailbox_templates": "",
-        "open_logs": "",
-        "private_comment": "",
-        "q_all": "",
-        "quarantine_category": "",
-        "recipient_map_new_info": "",
-        "sender": "",
-        "sieve_preset_4": "",
-        "sieve_preset_5": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "template": "",
-        "tls_policy_maps_enforced_tls": "",
-        "tls_policy_maps_info": "",
-        "weekly": "",
-        "yes": "",
-        "sogo_visible_n": "",
-        "add_alias_expand": "",
-        "alias_domain_alias_hint": "",
-        "alias_domain_backupmx": "",
-        "allow_from_smtp": "",
-        "allow_from_smtp_info": "",
-        "sogo_visible_y": "",
-        "syncjob_check_log": "",
-        "syncjob_EX_OK": "",
-        "sieve_preset_6": ""
+        "waiting": "Esperant"
     },
     "quarantine": {
         "action": "Acció",
@@ -863,59 +408,15 @@
         "subj": "Assumpte",
         "text_from_html_content": "Contingut (a partir del HTML)",
         "text_plain_content": "Contingut (text/plain)",
-        "toggle_all": "Marcar tots",
-        "deliver_inbox": "",
-        "spam_score": "",
-        "table_size": "",
-        "type": "",
-        "learn_spam_delete": "",
-        "confirm": "",
-        "confirm_delete": "",
-        "danger": "",
-        "disabled_by_config": "",
-        "spam": "",
-        "download_eml": "",
-        "high_danger": "",
-        "info": "",
-        "junk_folder": "",
-        "low_danger": "",
-        "medium_danger": "",
-        "neutral_danger": "",
-        "notified": "",
-        "qhandler_success": "",
-        "qinfo": "",
-        "quick_delete_link": "",
-        "quick_info_link": "",
-        "quick_release_link": "",
-        "rspamd_result": "",
-        "sender_header": "",
-        "settings_info": "",
-        "table_size_show_n": "",
-        "refresh": "",
-        "rejected": "",
-        "rewrite_subject": ""
+        "toggle_all": "Marcar tots"
     },
     "queue": {
-        "queue_manager": "Queue Manager",
-        "delete": "",
-        "flush": "",
-        "info": "",
-        "legend": "",
-        "ays": "",
-        "hold_mail": "",
-        "hold_mail_legend": "",
-        "unhold_mail": "",
-        "unhold_mail_legend": "",
-        "deliver_mail": "",
-        "deliver_mail_legend": "",
-        "show_message": "",
-        "unban": ""
+        "queue_manager": "Queue Manager"
     },
     "start": {
         "help": "Mostrar/Ocultar panell d'ajuda",
         "mailcow_apps_detail": "Tria una aplicació (de moment només SOGo) per a accedir als teus correus, calendari, contactes i més.",
-        "mailcow_panel_detail": "Els <b>administradors del domini</b> poden crear, modificar o esborrar bústies i àlies, configurar i obtenir informació detallada sobre els seus dominis<br>\r\n\tEls <b>usuaris d'e-mail</b> poden crear àlies temporals (spam àlies), canviar la seva contrasenya i la configuració del seu filtre anti-spam.",
-        "imap_smtp_server_auth_info": ""
+        "mailcow_panel_detail": "Els <b>administradors del domini</b> poden crear, modificar o esborrar bústies i àlies, configurar i obtenir informació detallada sobre els seus dominis<br>\r\n\tEls <b>usuaris d'e-mail</b> poden crear àlies temporals (spam àlies), canviar la seva contrasenya i la configuració del seu filtre anti-spam."
     },
     "success": {
         "admin_modified": "Els canvis fets a l'administrador s'han desat",
@@ -952,56 +453,7 @@
         "resource_modified": "S'han desat els canvis fets al recurs %s",
         "resource_removed": "S'ha esborrat el recurs %s",
         "ui_texts": "S'han desat els canvis als noms de App",
-        "upload_success": "El fitxer s'ha pujat",
-        "template_removed": "",
-        "tls_policy_map_entry_deleted": "",
-        "app_passwd_added": "",
-        "bcc_saved": "",
-        "hash_deleted": "",
-        "ip_check_opt_in_modified": "",
-        "item_released": "",
-        "learned_ham": "",
-        "license_modified": "",
-        "logged_in_as": "",
-        "pushover_settings_edited": "",
-        "qlearn_spam": "",
-        "queue_command_success": "",
-        "recipient_map_entry_deleted": "",
-        "recipient_map_entry_saved": "",
-        "settings_map_removed": "",
-        "verified_fido2_login": "",
-        "global_filter_written": "",
-        "bcc_deleted": "",
-        "cors_headers_edited": "",
-        "db_init_complete": "",
-        "delete_filter": "",
-        "delete_filters": "",
-        "deleted_syncjob": "",
-        "deleted_syncjobs": "",
-        "domain_add_dkim_available": "",
-        "dkim_duplicated": "",
-        "sogo_profile_reset": "",
-        "template_modified": "",
-        "tls_policy_map_entry_saved": "",
-        "verified_webauthn_login": "",
-        "template_added": "",
-        "acl_saved": "",
-        "admin_added": "",
-        "admin_api_modified": "",
-        "admin_removed": "",
-        "app_passwd_removed": "",
-        "bcc_edited": "",
-        "domain_footer_modified": "",
-        "dovecot_restart_success": "",
-        "f2b_banlist_refreshed": "",
-        "rl_saved": "",
-        "rspamd_ui_pw_set": "",
-        "saved_settings": "",
-        "settings_map_added": "",
-        "verified_totp_login": "",
-        "verified_yotp_login": "",
-        "nginx_reloaded": "",
-        "password_policy_saved": ""
+        "upload_success": "El fitxer s'ha pujat"
     },
     "tfa": {
         "api_register": "%s fa servir la Yubico Cloud API. Obté una API key per la teva clau <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">aquí</a>",
@@ -1021,15 +473,7 @@
         "webauthn": "Autenticació WebAuthn",
         "waiting_usb_auth": "<i>Esperant el dispositiu USB...</i><br><br>Apreta el botó del teu dispositiu USB WebAuthn ara.",
         "waiting_usb_register": "<i>Esperant el dispositiu USB...</i><br><br>Posa el teu password i confirma el registre del teu WebAuthn apretant el botó del teu dispositiiu USB WebAuthn.",
-        "yubi_otp": "Autenticació OTP de Yubico",
-        "reload_retry": "",
-        "authenticators": "",
-        "error_code": "",
-        "start_webauthn_validation": "",
-        "tfa_token_invalid": "",
-        "init_webauthn": "",
-        "u2f_deprecated": "",
-        "u2f_deprecated_important": ""
+        "yubi_otp": "Autenticació OTP de Yubico"
     },
     "user": {
         "action": "Acció",
@@ -1112,198 +556,6 @@
         "username": "Usuari",
         "waiting": "Esperant",
         "week": "Setmana",
-        "weeks": "Setmanes",
-        "last_mail_login": "",
-        "last_pw_change": "",
-        "last_ui_login": "",
-        "login_history": "",
-        "open_logs": "",
-        "password": "",
-        "pushover_info": "",
-        "pushover_sender_array": "",
-        "app_hint": "",
-        "allowed_protocols": "",
-        "apple_connection_profile": "",
-        "apple_connection_profile_complete": "",
-        "apple_connection_profile_with_app_password": "",
-        "delete_ays": "",
-        "pushover_sound": "",
-        "years": "",
-        "daily": "",
-        "attribute": "",
-        "hourly": "",
-        "mailbox": "",
-        "mailbox_general": "",
-        "mailbox_settings": "",
-        "pushover_evaluate_x_prio": "",
-        "pushover_only_x_prio": "",
-        "q_add_header": "",
-        "quarantine_notification": "",
-        "sogo_profile_reset": "",
-        "app_passwds": "",
-        "created_on": "",
-        "change_password_hint_app_passwords": "",
-        "clear_recent_successful_connections": "",
-        "create_app_passwd": "",
-        "month": "",
-        "months": "",
-        "open_webmail_sso": "",
-        "password_repeat": "",
-        "pushover_text": "",
-        "quarantine_notification_info": "",
-        "recent_successful_connections": "",
-        "save": "",
-        "sender_acl_disabled": "",
-        "sogo_profile_reset_now": "",
-        "verify": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_check_log": "",
-        "title": "",
-        "apple_connection_profile_mailonly": "",
-        "expire_in": "",
-        "fido2_webauthn": "",
-        "pushover_sender_regex": "",
-        "pushover_title": "",
-        "pushover_vars": "",
-        "pushover_verify": "",
-        "q_all": "",
-        "quarantine_category": "",
-        "quarantine_category_info": "",
-        "sogo_profile_reset_help": "",
-        "spam_score_reset": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "value": "",
-        "with_app_password": "",
-        "year": "",
-        "from": "",
-        "text": "",
-        "q_reject": "",
-        "generate": "",
-        "advanced_settings": "",
-        "app_name": "",
-        "direct_protocol_access": "",
-        "email": "",
-        "email_and_dav": "",
-        "empty": "",
-        "never": "",
-        "no_last_login": "",
-        "weekly": ""
-    },
-    "datatables": {
-        "decimal": "",
-        "infoPostFix": "",
-        "collapse_all": "",
-        "emptyTable": "",
-        "expand_all": "",
-        "info": "",
-        "infoEmpty": "",
-        "infoFiltered": "",
-        "lengthMenu": "",
-        "loadingRecords": "",
-        "processing": "",
-        "search": "",
-        "zeroRecords": "",
-        "paginate": {
-            "first": "",
-            "last": "",
-            "next": "",
-            "previous": ""
-        },
-        "aria": {
-            "sortAscending": "",
-            "sortDescending": ""
-        },
-        "thousands": ""
-    },
-    "debug": {
-        "history_all_servers": "",
-        "architecture": "",
-        "containers_info": "",
-        "container_running": "",
-        "docs": "",
-        "login_time": "",
-        "logs": "",
-        "error_show_ip": "",
-        "external_logs": "",
-        "in_memory_logs": "",
-        "jvm_memory_solr": "",
-        "last_modified": "",
-        "log_info": "",
-        "memory": "",
-        "online_users": "",
-        "restart_container": "",
-        "show_ip": "",
-        "size": "",
-        "solr_status": "",
-        "started_at": "",
-        "started_on": "",
-        "static_logs": "",
-        "success": "",
-        "system_containers": "",
-        "timezone": "",
-        "uptime": "",
-        "update_available": "",
-        "no_update_available": "",
-        "chart_this_server": "",
-        "container_disabled": "",
-        "container_stopped": "",
-        "cores": "",
-        "current_time": "",
-        "disk_usage": "",
-        "solr_dead": "",
-        "update_failed": "",
-        "username": "",
-        "wip": "",
-        "service": ""
-    },
-    "warning": {
-        "domain_added_sogo_failed": "",
-        "dovecot_restart_failed": "",
-        "fuzzy_learn_error": "",
-        "hash_not_found": "",
-        "no_active_admin": "",
-        "quota_exceeded_scope": "",
-        "cannot_delete_self": "",
-        "session_token": "",
-        "session_ua": "",
-        "ip_invalid": "",
-        "is_not_primary_alias": ""
-    },
-    "ratelimit": {
-        "hour": "",
-        "day": "",
-        "disabled": "",
-        "second": "",
-        "minute": ""
-    },
-    "oauth2": {
-        "permit": "",
-        "profile": "",
-        "scope_ask_permission": "",
-        "authorize_app": "",
-        "deny": "",
-        "profile_desc": "",
-        "access_denied": ""
-    },
-    "fido2": {
-        "confirm": "",
-        "fido2_auth": "",
-        "fido2_success": "",
-        "fido2_validation_failed": "",
-        "fn": "",
-        "known_ids": "",
-        "register_status": "",
-        "rename": "",
-        "set_fido2": "",
-        "set_fido2_touchid": "",
-        "set_fn": "",
-        "start_fido2_validation": "",
-        "none": ""
+        "weeks": "Setmanes"
     }
 }
diff --git a/data/web/lang/lang.cs-cz.json b/data/web/lang/lang.cs-cz.json
index 188eadddf..593f1cdcf 100644
--- a/data/web/lang/lang.cs-cz.json
+++ b/data/web/lang/lang.cs-cz.json
@@ -346,12 +346,7 @@
         "f2b_ban_time_increment": "Délka banu je prodlužována s každým dalším banem",
         "f2b_max_ban_time": "Maximální délka banu (s)",
         "cors_settings": "Nastavení CORS",
-        "queue_unban": "zrušit ban",
-        "copy_to_clipboard": "",
-        "f2b_manage_external": "",
-        "f2b_manage_external_info": "",
-        "allowed_methods": "",
-        "allowed_origins": ""
+        "queue_unban": "zrušit ban"
     },
     "danger": {
         "access_denied": "Přístup odepřen nebo jsou neplatná data ve formuláři",
@@ -480,9 +475,7 @@
         "webauthn_publickey_failed": "Pro vybraný ověřovací prostředek nebyl uložen žádný veřejný klíč",
         "webauthn_username_failed": "Zvolený ověřovací prostředek patří k jinému účtu",
         "extended_sender_acl_denied": "chybějící ACL pro nastavení externích adres odesílatele",
-        "demo_mode_enabled": "Demo režim je zapnutý",
-        "img_dimensions_exceeded": "",
-        "img_size_exceeded": ""
+        "demo_mode_enabled": "Demo režim je zapnutý"
     },
     "datatables": {
         "emptyTable": "Tabulka neobsahuje žádná data",
@@ -507,8 +500,7 @@
         "decimal": ",",
         "thousands": " ",
         "collapse_all": "Sbalit vše",
-        "expand_all": "Rozbalit vše",
-        "infoPostFix": ""
+        "expand_all": "Rozbalit vše"
     },
     "debug": {
         "chart_this_server": "Graf (tento server)",
@@ -548,8 +540,7 @@
         "update_failed": "Nepodařilo se zkontrolovat aktualizace",
         "wip": "Nedokončená vývojová verze",
         "memory": "Paměť",
-        "container_disabled": "Kontejner je zastaven nebo zakázán",
-        "cores": ""
+        "container_disabled": "Kontejner je zastaven nebo zakázán"
     },
     "diagnostics": {
         "cname_from_a": "Hodnota odvozena z A/AAAA záznamu. Lze použít, pokud záznam ukazuje na správný zdroj.",
@@ -681,17 +672,12 @@
             "auth_user": "{= auth_user =} - Ověřené uživatelské jméno zadané MTA",
             "from_user": "{= from_user =}    - uživatelská část odesílatele, např. pro \"moo@mailcow.tld\" vrátí \"moo\"",
             "from_domain": "{= from_domain =} - Doména odesílatele",
-            "from_addr": "{= from_addr =} - E-mailová adresa odesílatele",
-            "custom": ""
+            "from_addr": "{= from_addr =} - E-mailová adresa odesílatele"
         },
         "domain_footer": "Patička pro celou doménu",
         "domain_footer_html": "HTML text",
         "domain_footer_plain": "Prostý text",
-        "pushover_sound": "Zvukové upozornění",
-        "footer_exclude": "",
-        "custom_attributes": "",
-        "domain_footer_skip_replies": "",
-        "pushover": ""
+        "pushover_sound": "Zvukové upozornění"
     },
     "fido2": {
         "confirm": "Potvrdit",
@@ -999,8 +985,7 @@
         "hold_mail_legend": "Podrží vybrané e-maily. (Zabrání dalším pokusům o doručení)",
         "show_message": "Zobrazit zprávu",
         "unhold_mail": "Uvolnit",
-        "unhold_mail_legend": "Uvolnit vybrané e-maily k doručení. (Pouze v případě předchozího podržení)",
-        "unban": ""
+        "unhold_mail_legend": "Uvolnit vybrané e-maily k doručení. (Pouze v případě předchozího podržení)"
     },
     "ratelimit": {
         "disabled": "Vypnuto",
@@ -1096,10 +1081,7 @@
         "verified_webauthn_login": "WebAuthn přihlášení ověřeno",
         "verified_yotp_login": "Yubico OTP přihlášení ověřeno",
         "cors_headers_edited": "Nastavení CORS byla uložena",
-        "domain_footer_modified": "Změny patičky domény %s byly uloženy",
-        "f2b_banlist_refreshed": "",
-        "domain_add_dkim_available": "",
-        "ip_check_opt_in_modified": ""
+        "domain_footer_modified": "Změny patičky domény %s byly uloženy"
     },
     "tfa": {
         "api_register": "%s používá Yubico Cloud API. Prosím získejte API klíč pro své Yubico <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">ZDE</a>",
@@ -1124,10 +1106,7 @@
         "webauthn": "WebAuthn ověření",
         "waiting_usb_auth": "<i>Čeká se na USB zařízení...</i><br><br>Prosím stiskněte tlačítko na svém WebAuthn USB zařízení.",
         "waiting_usb_register": "<i>Čeká se na USB zařízení...</i><br><br>Prosím zadejte své heslo výše a potvrďte WebAuthn registraci stiskem tlačítka na svém WebAuthn USB zařízení.",
-        "yubi_otp": "Yubico OTP ověření",
-        "authenticators": "",
-        "u2f_deprecated": "",
-        "u2f_deprecated_important": ""
+        "yubi_otp": "Yubico OTP ověření"
     },
     "user": {
         "action": "Akce",
@@ -1289,9 +1268,7 @@
         "with_app_password": "s heslem aplikace",
         "year": "rok",
         "years": "let",
-        "pushover_sound": "Zvukové upozornění",
-        "attribute": "",
-        "value": ""
+        "pushover_sound": "Zvukové upozornění"
     },
     "warning": {
         "cannot_delete_self": "Nelze smazat právě přihlášeného uživatele",
diff --git a/data/web/lang/lang.da-dk.json b/data/web/lang/lang.da-dk.json
index b8fff15b4..95db916ef 100644
--- a/data/web/lang/lang.da-dk.json
+++ b/data/web/lang/lang.da-dk.json
@@ -107,8 +107,7 @@
         "validation_success": "Valideret med succes",
         "bcc_dest_format": "BCC-destination skal være en enkelt gyldig e-mail-adresse.<br>Hvis du har brug for at sende en kopi til flere adresser, kan du oprette et alias og bruge det her.",
         "app_passwd_protocols": "Tilladte protokoller for app adgangskode",
-        "tags": "Tag's",
-        "dry": ""
+        "tags": "Tag's"
     },
     "admin": {
         "access": "Adgang",
@@ -318,40 +317,7 @@
         "yes": "&#10003;",
         "ip_check_opt_in": "Opt-In for brug af tredjepartstjeneste <strong>ipv4.mailcow.email</strong> og <strong>ipv6.mailcow.email</strong> til at finde eksterne IP-adresser.",
         "queue_unban": "unban",
-        "admins": "Administratorer",
-        "copy_to_clipboard": "",
-        "f2b_ban_time_increment": "",
-        "f2b_manage_external": "",
-        "f2b_manage_external_info": "",
-        "logo_normal_label": "",
-        "logo_dark_label": "",
-        "f2b_max_ban_time": "",
-        "cors_settings": "",
-        "allowed_origins": "",
-        "allowed_methods": "",
-        "options": "",
-        "password_length": "",
-        "password_policy": "",
-        "password_policy_chars": "",
-        "password_policy_length": "",
-        "ip_check": "",
-        "login_time": "",
-        "oauth2_apps": "",
-        "oauth2_add_client": "",
-        "password_policy_lowerupper": "",
-        "password_policy_numbers": "",
-        "password_policy_special_chars": "",
-        "relay_rcpt": "",
-        "service": "",
-        "transport_test_rcpt_info": "",
-        "ip_check_disabled": "",
-        "rsettings_preset_4": "",
-        "convert_html_to_text": "",
-        "success": "",
-        "is_mx_based": "",
-        "admins_ldap": "",
-        "api_read_only": "",
-        "api_read_write": ""
+        "admins": "Administratorer"
     },
     "danger": {
         "access_denied": "Adgang nægtet eller ugyldig formular data",
@@ -469,20 +435,7 @@
         "validity_missing": "Tildel venligst en gyldighedsperiode",
         "value_missing": "Angiv alle værdier",
         "yotp_verification_failed": "Yubico OTP verifikationen mislykkedes: %s",
-        "webauthn_publickey_failed": "Der er ikke gemt nogen offentlig nøgle for den valgte autentifikator",
-        "cors_invalid_method": "",
-        "cors_invalid_origin": "",
-        "img_dimensions_exceeded": "",
-        "img_size_exceeded": "",
-        "webauthn_authenticator_failed": "",
-        "webauthn_username_failed": "",
-        "nginx_reload_failed": "",
-        "template_exists": "",
-        "extended_sender_acl_denied": "",
-        "extra_acl_invalid_domain": "",
-        "template_id_invalid": "",
-        "template_name_invalid": "",
-        "demo_mode_enabled": ""
+        "webauthn_publickey_failed": "Der er ikke gemt nogen offentlig nøgle for den valgte autentifikator"
     },
     "debug": {
         "chart_this_server": "Diagram (denne server)",
@@ -500,30 +453,7 @@
         "started_on": "Startede den",
         "static_logs": "Statiske logfiler",
         "system_containers": "System og Beholdere",
-        "error_show_ip": "Kunne ikke finde de offentlige IP-adresser",
-        "update_available": "",
-        "username": "",
-        "timezone": "",
-        "started_at": "",
-        "success": "",
-        "uptime": "",
-        "architecture": "",
-        "container_running": "",
-        "cores": "",
-        "current_time": "",
-        "docs": "",
-        "last_modified": "",
-        "login_time": "",
-        "memory": "",
-        "show_ip": "",
-        "size": "",
-        "no_update_available": "",
-        "update_failed": "",
-        "wip": "",
-        "online_users": "",
-        "service": "",
-        "container_disabled": "",
-        "container_stopped": ""
+        "error_show_ip": "Kunne ikke finde de offentlige IP-adresser"
     },
     "diagnostics": {
         "cname_from_a": "Værdi afledt af A / AAAA-post. Dette understøttes, så længe posten peger på den korrekte ressource.",
@@ -638,34 +568,7 @@
         "admin": "Rediger administrator",
         "lookup_mx": "Destination er et regulært udtryk, der matcher MX-navnet (<code>.*google\\.dk</code> for at dirigere al e-mail, der er målrettet til en MX, der ender på google.dk, over dette hop)",
         "mailbox_relayhost_info": "Anvendt på postkassen og kun direkte aliasser, og overskriver et domæne relæ-host.",
-        "quota_warning_bcc": "Kvoteadvarsel BCC",
-        "footer_exclude": "",
-        "custom_attributes": "",
-        "last_modified": "",
-        "app_passwd_protocols": "",
-        "created_on": "",
-        "domain_footer_info_vars": {
-            "custom": "",
-            "auth_user": "",
-            "from_user": "",
-            "from_name": "",
-            "from_addr": "",
-            "from_domain": ""
-        },
-        "domain_footer_skip_replies": "",
-        "spam_filter": "",
-        "domain_footer": "",
-        "domain_footer_html": "",
-        "domain_footer_info": "",
-        "domain_footer_plain": "",
-        "sogo_access_info": "",
-        "acl": "",
-        "none_inherit": "",
-        "pushover": "",
-        "pushover_sound": "",
-        "quota_warning_bcc_info": "",
-        "ratelimit": "",
-        "sogo_access": ""
+        "quota_warning_bcc": "Kvoteadvarsel BCC"
     },
     "footer": {
         "cancel": "Afbestille",
@@ -678,9 +581,7 @@
         "restart_container": "Genstart beholderen",
         "restart_container_info": "<b>Vigtig:</b> Det kan tage et stykke tid at gennemføre en yndefuld genstart. Vent til den er færdig.",
         "restart_now": "Genstart nu",
-        "restarting_container": "Genstart af beholder, det kan tage et stykke tid",
-        "hibp_check": "",
-        "nothing_selected": ""
+        "restarting_container": "Genstart af beholder, det kan tage et stykke tid"
     },
     "header": {
         "administration": "Konfiguration og detailer",
@@ -691,8 +592,7 @@
         "quarantine": "Karantæne",
         "restart_netfilter": "Genstart netfilter",
         "restart_sogo": "Genstart SOGo",
-        "user_settings": "Brugerindstillinger",
-        "mailcow_system": ""
+        "user_settings": "Brugerindstillinger"
     },
     "info": {
         "awaiting_tfa_confirmation": "Venter på TFA-bekræftelse",
@@ -857,31 +757,7 @@
         "yes": "&#10003;",
         "goto_ham": "Lær som <b>ønsket</b>",
         "catch_all": "Fang-alt",
-        "open_logs": "Åben logfiler",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "all_domains": "",
-        "domain_templates": "",
-        "last_modified": "",
-        "last_pw_change": "",
-        "mailbox_templates": "",
-        "template": "",
-        "relay_unknown": "",
-        "add_alias_expand": "",
-        "add_template": "",
-        "created_on": "",
-        "goto_spam": "",
-        "recipient": "",
-        "relay_all": "",
-        "sender": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "templates": ""
+        "open_logs": "Åben logfiler"
     },
     "oauth2": {
         "access_denied": "Log ind som mailboks ejer for at give adgang via OAuth2.",
@@ -942,24 +818,10 @@
         "table_size_show_n": "Vis %s genstande",
         "text_from_html_content": "Indhold (konverterede html)",
         "text_plain_content": "Indhold (text/plain)",
-        "toggle_all": "Skift alt",
-        "settings_info": ""
+        "toggle_all": "Skift alt"
     },
     "queue": {
-        "queue_manager": "Køadministrator",
-        "deliver_mail": "",
-        "delete": "",
-        "flush": "",
-        "info": "",
-        "legend": "",
-        "ays": "",
-        "deliver_mail_legend": "",
-        "hold_mail": "",
-        "hold_mail_legend": "",
-        "show_message": "",
-        "unban": "",
-        "unhold_mail": "",
-        "unhold_mail_legend": ""
+        "queue_manager": "Køadministrator"
     },
     "start": {
         "help": "Vis / skjul hjælpepanel",
@@ -1041,17 +903,7 @@
         "verified_totp_login": "Bekræftet TOTP-login",
         "verified_webauthn_login": "Bekræftet WebAuthn-login",
         "verified_fido2_login": "Bekræftet FIDO2-login",
-        "verified_yotp_login": "Bekræftet Yubico OTP-login",
-        "template_removed": "",
-        "domain_footer_modified": "",
-        "cors_headers_edited": "",
-        "domain_add_dkim_available": "",
-        "f2b_banlist_refreshed": "",
-        "ip_check_opt_in_modified": "",
-        "nginx_reloaded": "",
-        "password_policy_saved": "",
-        "template_added": "",
-        "template_modified": ""
+        "verified_yotp_login": "Bekræftet Yubico OTP-login"
     },
     "tfa": {
         "api_register": "%s bruger Yubico Cloud API. Få en API-nøgle til din nøgle <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">here</a>",
@@ -1076,10 +928,7 @@
         "webauthn": "WebAuthn godkendelse",
         "waiting_usb_auth": "<i>Venter på USB-enhed...</i><br><br>Tryk let på knappen på din USB-enhed nu.",
         "waiting_usb_register": "<i>Venter på USB-enhed...</i><br><br>Indtast din adgangskode ovenfor, og bekræft din registrering ved at trykke på knappen på din USB-enhed.",
-        "yubi_otp": "Yubico OTP godkendelse",
-        "authenticators": "",
-        "u2f_deprecated": "",
-        "u2f_deprecated_important": ""
+        "yubi_otp": "Yubico OTP godkendelse"
     },
     "fido2": {
         "set_fn": "Set venneligt navn",
@@ -1093,8 +942,7 @@
         "start_fido2_validation": "Start FIDO2 validering",
         "fido2_auth": "Login med FIDO2",
         "fido2_success": "Enheden blev registreret",
-        "fido2_validation_failed": "Validering mislykkedes",
-        "set_fido2_touchid": ""
+        "fido2_validation_failed": "Validering mislykkedes"
     },
     "user": {
         "action": "Handling",
@@ -1223,42 +1071,7 @@
         "waiting": "Venter",
         "week": "uge",
         "weekly": "Ugeligt",
-        "weeks": "uger",
-        "empty": "",
-        "allowed_protocols": "",
-        "login_history": "",
-        "mailbox": "",
-        "mailbox_general": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "apple_connection_profile_with_app_password": "",
-        "attribute": "",
-        "change_password_hint_app_passwords": "",
-        "clear_recent_successful_connections": "",
-        "created_on": "",
-        "direct_protocol_access": "",
-        "fido2_webauthn": "",
-        "from": "",
-        "last_pw_change": "",
-        "last_ui_login": "",
-        "month": "",
-        "months": "",
-        "open_logs": "",
-        "open_webmail_sso": "",
-        "pushover_sound": "",
-        "recent_successful_connections": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "value": "",
-        "with_app_password": "",
-        "year": "",
-        "years": "",
-        "mailbox_settings": ""
+        "weeks": "uger"
     },
     "warning": {
         "cannot_delete_self": "Kan ikke slette en bruger som er logget ind.",
@@ -1270,40 +1083,12 @@
         "no_active_admin": "Kan ikke deaktivere den sidste administrator",
         "quota_exceeded_scope": "Domænekvote overskredet: Kun ubegrænsede postkasser kan oprettes i dette domæneomfang.",
         "session_token": "Form nøgle ugyldig: Nøgle passer ikke",
-        "session_ua": "Form nøgle ugyldig: Bruger-Agent gyldighedskontrols fejl",
-        "is_not_primary_alias": ""
+        "session_ua": "Form nøgle ugyldig: Bruger-Agent gyldighedskontrols fejl"
     },
     "datatables": {
         "lengthMenu": "Vis _MENU_ poster",
         "paginate": {
-            "first": "Først",
-            "last": "",
-            "next": "",
-            "previous": ""
-        },
-        "decimal": "",
-        "infoPostFix": "",
-        "loadingRecords": "",
-        "processing": "",
-        "search": "",
-        "zeroRecords": "",
-        "thousands": "",
-        "emptyTable": "",
-        "expand_all": "",
-        "info": "",
-        "infoEmpty": "",
-        "infoFiltered": "",
-        "aria": {
-            "sortAscending": "",
-            "sortDescending": ""
-        },
-        "collapse_all": ""
-    },
-    "ratelimit": {
-        "day": "",
-        "hour": "",
-        "disabled": "",
-        "second": "",
-        "minute": ""
+            "first": "Først"
+        }
     }
 }
diff --git a/data/web/lang/lang.es-es.json b/data/web/lang/lang.es-es.json
index b464e7ebe..8a8c05274 100644
--- a/data/web/lang/lang.es-es.json
+++ b/data/web/lang/lang.es-es.json
@@ -24,11 +24,7 @@
         "protocol_access": "Cambiar protocolo de acceso",
         "quarantine_category": "Cambiar categoría de las notificaciones de cuarentena",
         "domain_relayhost": "Cambiar relayhost por un dominio",
-        "extend_sender_acl": "Permitir extender la ACL del remitente por direcciones externas",
-        "smtp_ip_access": "",
-        "sogo_access": "",
-        "mailbox_relayhost": "",
-        "pushover": ""
+        "extend_sender_acl": "Permitir extender la ACL del remitente por direcciones externas"
     },
     "add": {
         "activate_filter_warn": "Todos los demás filtros se desactivarán cuando este filtro se active.",
@@ -99,16 +95,7 @@
         "app_password": "Añadir contraseña para la app",
         "public_comment": "Comentarios públicos",
         "disable_login": "Desactivar login (el correo entrante seguirá activo)",
-        "comment_info": "Los comentarios privados no son visibles al usuario, mientras que los comentarios públicos aparecerán sobre la información general del usuario",
-        "dry": "",
-        "private_comment": "",
-        "relay_transport_info": "",
-        "domain_matches_hostname": "",
-        "relay_unknown_only": "",
-        "relayhost_wrapped_tls_info": "",
-        "app_passwd_protocols": "",
-        "bcc_dest_format": "",
-        "tags": ""
+        "comment_info": "Los comentarios privados no son visibles al usuario, mientras que los comentarios públicos aparecerán sobre la información general del usuario"
     },
     "admin": {
         "access": "Acceso",
@@ -261,97 +248,7 @@
         "unban_pending": "Desbloqueo pendiente",
         "unchanged_if_empty": "Si no hay cambios déjalo en blanco",
         "upload": "Cargar",
-        "username": "Nombre de usuario",
-        "lookup_mx": "",
-        "license_info": "",
-        "message": "",
-        "oauth2_apps": "",
-        "transport_dest_format": "",
-        "ui_footer": "",
-        "copy_to_clipboard": "",
-        "f2b_manage_external": "",
-        "f2b_manage_external_info": "",
-        "no": "",
-        "quarantine_max_score": "",
-        "queue_unban": "",
-        "rate_name": "",
-        "regex_maps": "",
-        "relay_rcpt": "",
-        "rsetting_no_selection": "",
-        "rsettings_preset_3": "",
-        "rsettings_preset_4": "",
-        "title": "",
-        "transport_test_rcpt_info": "",
-        "oauth2_add_client": "",
-        "oauth2_revoke_tokens": "",
-        "options": "",
-        "ui_header_announcement": "",
-        "logo_normal_label": "",
-        "logo_dark_label": "",
-        "quarantine_redirect": "",
-        "time": "",
-        "ui_header_announcement_active": "",
-        "ui_header_announcement_type_info": "",
-        "ui_header_announcement_type_warning": "",
-        "validate_license_now": "",
-        "reset_limit": "",
-        "success": "",
-        "allowed_methods": "",
-        "allowed_origins": "",
-        "cors_settings": "",
-        "login_time": "",
-        "yes": "",
-        "f2b_filter": "",
-        "html": "",
-        "oauth2_redirect_uri": "",
-        "oauth2_renew_secret": "",
-        "admins": "",
-        "admins_ldap": "",
-        "guid": "",
-        "guid_and_license": "",
-        "hash_remove_info": "",
-        "is_mx_based": "",
-        "last_applied": "",
-        "ip_check": "",
-        "ip_check_disabled": "",
-        "ip_check_opt_in": "",
-        "rspamd_global_filters_regex": "",
-        "sal_level": "",
-        "service": "",
-        "service_id": "",
-        "oauth2_info": "",
-        "optional": "",
-        "password_length": "",
-        "password_policy": "",
-        "password_policy_chars": "",
-        "password_policy_length": "",
-        "password_policy_lowerupper": "",
-        "password_policy_numbers": "",
-        "priority": "",
-        "quarantine_bcc": "",
-        "rspamd_global_filters": "",
-        "rspamd_global_filters_agree": "",
-        "rspamd_global_filters_info": "",
-        "ui_header_announcement_content": "",
-        "ui_header_announcement_help": "",
-        "ui_header_announcement_select": "",
-        "ui_header_announcement_type": "",
-        "ui_header_announcement_type_danger": "",
-        "verify": "",
-        "customer_id": "",
-        "dkim_overwrite_key": "",
-        "domain_admin": "",
-        "domain_s": "",
-        "f2b_regex_info": "",
-        "advanced_settings": "",
-        "api_info": "",
-        "api_read_only": "",
-        "api_read_write": "",
-        "api_skip_ip_check": "",
-        "authed_user": "",
-        "ays": "",
-        "convert_html_to_text": "",
-        "password_policy_special_chars": ""
+        "username": "Nombre de usuario"
     },
     "danger": {
         "access_denied": "Acceso denegado o datos del formulario inválidos",
@@ -439,50 +336,7 @@
         "username_invalid": "Nombre de usuario no se puede utilizar",
         "validity_missing": "Por favor asigna un periodo de validez",
         "value_missing": "Por favor proporcione todos los valores",
-        "yotp_verification_failed": "Verificación Yubico OTP fallida: %s",
-        "invalid_mime_type": "",
-        "description_invalid": "",
-        "dkim_domain_or_sel_exists": "",
-        "extended_sender_acl_denied": "",
-        "extra_acl_invalid": "",
-        "last_key": "",
-        "webauthn_authenticator_failed": "",
-        "webauthn_publickey_failed": "",
-        "webauthn_username_failed": "",
-        "app_name_empty": "",
-        "app_passwd_id_invalid": "",
-        "comment_too_long": "",
-        "cors_invalid_method": "",
-        "cors_invalid_origin": "",
-        "demo_mode_enabled": "",
-        "global_filter_write_error": "",
-        "pushover_credentials_missing": "",
-        "pushover_key": "",
-        "pushover_token": "",
-        "img_dimensions_exceeded": "",
-        "img_size_exceeded": "",
-        "maxquota_empty": "",
-        "nginx_reload_failed": "",
-        "targetd_relay_domain": "",
-        "template_exists": "",
-        "template_id_invalid": "",
-        "temp_error": "",
-        "tfa_token_invalid": "",
-        "tls_policy_map_dest_invalid": "",
-        "extra_acl_invalid_domain": "",
-        "fido2_verification_failed": "",
-        "template_name_invalid": "",
-        "resource_invalid": "",
-        "file_open_error": "",
-        "img_tmp_missing": "",
-        "invalid_filter_type": "",
-        "global_map_invalid": "",
-        "global_map_write_error": "",
-        "ham_learn_error": "",
-        "img_invalid": "",
-        "imagick_exception": "",
-        "max_alias_exceeded": "",
-        "reset_f2b_regex": ""
+        "yotp_verification_failed": "Verificación Yubico OTP fallida: %s"
     },
     "debug": {
         "containers_info": "Información de los contenedores",
@@ -500,30 +354,7 @@
         "solr_status": "Solr status",
         "uptime": "Uptime",
         "static_logs": "Logs estáticos",
-        "system_containers": "Sistema y Contenedores",
-        "container_disabled": "",
-        "architecture": "",
-        "update_failed": "",
-        "wip": "",
-        "chart_this_server": "",
-        "container_running": "",
-        "container_stopped": "",
-        "cores": "",
-        "current_time": "",
-        "error_show_ip": "",
-        "history_all_servers": "",
-        "jvm_memory_solr": "",
-        "memory": "",
-        "online_users": "",
-        "service": "",
-        "show_ip": "",
-        "started_on": "",
-        "success": "",
-        "timezone": "",
-        "update_available": "",
-        "no_update_available": "",
-        "username": "",
-        "login_time": ""
+        "system_containers": "Sistema y Contenedores"
     },
     "diagnostics": {
         "cname_from_a": "Valor derivado del registro A / AAAA. Esto es permitido siempre que el registro apunte al recurso correcto.",
@@ -533,8 +364,7 @@
         "dns_records_name": "Nombre",
         "dns_records_status": "Información actual",
         "dns_records_type": "Tipo",
-        "optional": "Este récord es opcional.",
-        "dns_records_docs": ""
+        "optional": "Este récord es opcional."
     },
     "edit": {
         "active": "Activo",
@@ -602,85 +432,13 @@
         "title": "Editar objeto",
         "unchanged_if_empty": "Si no hay cambios dejalo en blanco",
         "username": "Nombre de usuario",
-        "validate_save": "Validar y guardar",
-        "lookup_mx": "",
-        "footer_exclude": "",
-        "custom_attributes": "",
-        "domain_footer_info_vars": {
-            "from_user": "",
-            "from_name": "",
-            "from_domain": "",
-            "custom": "",
-            "auth_user": "",
-            "from_addr": ""
-        },
-        "domain_footer_plain": "",
-        "domain_footer_skip_replies": "",
-        "sender_acl_info": "",
-        "domain_footer": "",
-        "domain_footer_html": "",
-        "spam_score": "",
-        "domain_footer_info": "",
-        "acl": "",
-        "relay_transport_info": "",
-        "sender_acl_disabled": "",
-        "sogo_access": "",
-        "sogo_access_info": "",
-        "sogo_visible": "",
-        "sogo_visible_info": "",
-        "spam_alias": "",
-        "spam_filter": "",
-        "spam_policy": "",
-        "generate": "",
-        "private_comment": "",
-        "public_comment": "",
-        "pushover": "",
-        "pushover_evaluate_x_prio": "",
-        "pushover_text": "",
-        "admin": "",
-        "advanced_settings": "",
-        "allow_from_smtp": "",
-        "allow_from_smtp_info": "",
-        "allowed_protocols": "",
-        "app_passwd": "",
-        "app_passwd_protocols": "",
-        "comment_info": "",
-        "created_on": "",
-        "delete_ays": "",
-        "extended_sender_acl": "",
-        "extended_sender_acl_info": "",
-        "mbox_rl_info": "",
-        "none_inherit": "",
-        "pushover_only_x_prio": "",
-        "pushover_sender_array": "",
-        "pushover_title": "",
-        "pushover_sound": "",
-        "pushover_vars": "",
-        "mailbox_relayhost_info": "",
-        "pushover_verify": "",
-        "quota_warning_bcc": "",
-        "quota_warning_bcc_info": "",
-        "ratelimit": "",
-        "relay_unknown_only": "",
-        "pushover_info": "",
-        "pushover_sender_regex": "",
-        "app_name": "",
-        "disable_login": ""
+        "validate_save": "Validar y guardar"
     },
     "footer": {
         "hibp_nok": "¡Se encontró coincidencia - esta es una contraseña <b>no segura</b>, selecciona otra!",
         "hibp_ok": "No se encontraron coincidencias",
         "loading": "Espera por favor...",
-        "restart_now": "Reiniciar ahora",
-        "cancel": "",
-        "confirm_delete": "",
-        "delete_now": "",
-        "hibp_check": "",
-        "nothing_selected": "",
-        "delete_these_items": "",
-        "restart_container": "",
-        "restarting_container": "",
-        "restart_container_info": ""
+        "restart_now": "Reiniciar ahora"
     },
     "header": {
         "administration": "Administración",
@@ -689,24 +447,17 @@
         "mailcow_config": "Configuración",
         "quarantine": "Cuarentena",
         "restart_sogo": "Reiniciar SOGo",
-        "user_settings": "Configuraciones de usuario",
-        "apps": "",
-        "mailcow_system": "",
-        "restart_netfilter": ""
+        "user_settings": "Configuraciones de usuario"
     },
     "info": {
         "awaiting_tfa_confirmation": "En espera de confirmación de TFA",
-        "no_action": "No hay acción aplicable",
-        "session_expires": ""
+        "no_action": "No hay acción aplicable"
     },
     "login": {
         "delayed": "El inicio de sesión ha sido retrasado %s segundos.",
         "login": "Inicio de sesión",
         "password": "Contraseña",
-        "username": "Nombre de usuario",
-        "fido2_webauthn": "",
-        "mobileconfig_info": "",
-        "other_logins": ""
+        "username": "Nombre de usuario"
     },
     "mailbox": {
         "action": "Acción",
@@ -818,70 +569,7 @@
         "toggle_all": "Selecionar todo",
         "username": "Nombre de usuario",
         "waiting": "Esperando",
-        "weekly": "Cada semana",
-        "disable_login": "",
-        "templates": "",
-        "public_comment": "",
-        "q_add_header": "",
-        "q_reject": "",
-        "table_size": "",
-        "domain_templates": "",
-        "catch_all": "",
-        "created_on": "",
-        "goto_ham": "",
-        "add_alias_expand": "",
-        "add_template": "",
-        "alias_domain_alias_hint": "",
-        "alias_domain_backupmx": "",
-        "all_domains": "",
-        "allow_from_smtp": "",
-        "allow_from_smtp_info": "",
-        "allowed_protocols": "",
-        "goto_spam": "",
-        "insert_preset": "",
-        "last_mail_login": "",
-        "last_pw_change": "",
-        "last_run_reset": "",
-        "mailbox": "",
-        "mailbox_defaults": "",
-        "no": "",
-        "open_logs": "",
-        "owner": "",
-        "private_comment": "",
-        "q_all": "",
-        "quarantine_category": "",
-        "recipient": "",
-        "relay_unknown": "",
-        "sender": "",
-        "sieve_preset_1": "",
-        "sieve_preset_5": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "template": "",
-        "tls_policy_maps_enforced_tls": "",
-        "yes": "",
-        "table_size_show_n": "",
-        "mailbox_defaults_info": "",
-        "sieve_preset_header": "",
-        "mailbox_templates": "",
-        "sieve_preset_2": "",
-        "sieve_preset_3": "",
-        "sieve_preset_8": "",
-        "sogo_visible": "",
-        "sogo_visible_n": "",
-        "sogo_visible_y": "",
-        "spam_aliases": "",
-        "stats": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "sieve_preset_4": "",
-        "sieve_preset_6": "",
-        "sieve_preset_7": ""
+        "weekly": "Cada semana"
     },
     "oauth2": {
         "access_denied": "Inicie sesión como propietario del buzón para otorgar acceso a través de OAuth2.",
@@ -923,43 +611,10 @@
         "subj": "Asunto",
         "text_from_html_content": "Contenido (html convertido)",
         "text_plain_content": "Contenido (text/plain)",
-        "toggle_all": "Seleccionar todos",
-        "spam": "",
-        "confirm": "",
-        "download_eml": "",
-        "info": "",
-        "deliver_inbox": "",
-        "junk_folder": "",
-        "notified": "",
-        "qinfo": "",
-        "quick_delete_link": "",
-        "quick_info_link": "",
-        "quick_release_link": "",
-        "refresh": "",
-        "rejected": "",
-        "rewrite_subject": "",
-        "rspamd_result": "",
-        "sender_header": "",
-        "settings_info": "",
-        "table_size": "",
-        "table_size_show_n": "",
-        "type": ""
+        "toggle_all": "Seleccionar todos"
     },
     "queue": {
-        "queue_manager": "Administrador de cola",
-        "legend": "",
-        "ays": "",
-        "deliver_mail": "",
-        "unhold_mail": "",
-        "unhold_mail_legend": "",
-        "delete": "",
-        "flush": "",
-        "info": "",
-        "deliver_mail_legend": "",
-        "hold_mail": "",
-        "hold_mail_legend": "",
-        "show_message": "",
-        "unban": ""
+        "queue_manager": "Administrador de cola"
     },
     "start": {
         "help": "Mostrar/Ocultar panel de ayuda",
@@ -1015,43 +670,7 @@
         "tls_policy_map_entry_saved": "Regla de póliza de TLS \"%s\" ha sido guardada",
         "verified_totp_login": "Inicio de sesión TOTP verificado",
         "verified_webauthn_login": "Inicio de sesión WebAuthn verificado",
-        "verified_yotp_login": "Inicio de sesión Yubico OTP verificado",
-        "sogo_profile_reset": "",
-        "template_added": "",
-        "template_removed": "",
-        "ui_texts": "",
-        "upload_success": "",
-        "verified_fido2_login": "",
-        "admin_added": "",
-        "admin_api_modified": "",
-        "admin_removed": "",
-        "app_links": "",
-        "app_passwd_added": "",
-        "app_passwd_removed": "",
-        "cors_headers_edited": "",
-        "domain_add_dkim_available": "",
-        "dkim_duplicated": "",
-        "domain_footer_modified": "",
-        "dovecot_restart_success": "",
-        "eas_reset": "",
-        "f2b_banlist_refreshed": "",
-        "f2b_modified": "",
-        "global_filter_written": "",
-        "hash_deleted": "",
-        "ip_check_opt_in_modified": "",
-        "item_deleted": "",
-        "item_released": "",
-        "items_deleted": "",
-        "items_released": "",
-        "learned_ham": "",
-        "license_modified": "",
-        "nginx_reloaded": "",
-        "object_modified": "",
-        "password_policy_saved": "",
-        "pushover_settings_edited": "",
-        "reset_main_logo": "",
-        "resource_removed": "",
-        "template_modified": ""
+        "verified_yotp_login": "Inicio de sesión Yubico OTP verificado"
     },
     "tfa": {
         "api_register": "%s utiliza la API de la nube de Yubico. Por favor, obtén una clave API para tu llave <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">aquí</a>.",
@@ -1071,15 +690,7 @@
         "webauthn": "Autenticación WebAuthn",
         "waiting_usb_auth": "<i>Esperando al dispositivo USB...</i><br><br>Toque el botón en su dispositivo USB WebAuthn ahora.",
         "waiting_usb_register": "<i>Esperando al dispositivo USB....</i><br><br>Ingrese su contraseña arriba y confirme su registro WebAuthn tocando el botón en su dispositivo USB WebAuthn.",
-        "yubi_otp": "Yubico OTP",
-        "authenticators": "",
-        "u2f_deprecated": "",
-        "u2f_deprecated_important": "",
-        "error_code": "",
-        "init_webauthn": "",
-        "reload_retry": "",
-        "start_webauthn_validation": "",
-        "tfa_token_invalid": ""
+        "yubi_otp": "Yubico OTP"
     },
     "user": {
         "action": "Acción",
@@ -1160,150 +771,11 @@
         "waiting": "Esperando",
         "week": "Semana",
         "weekly": "Cada semana",
-        "weeks": "Semanas",
-        "fido2_webauthn": "",
-        "last_pw_change": "",
-        "save": "",
-        "pushover_info": "",
-        "client_configuration": "",
-        "created_on": "",
-        "q_add_header": "",
-        "active_sieve": "",
-        "apple_connection_profile_mailonly": "",
-        "attribute": "",
-        "email": "",
-        "expire_in": "",
-        "last_ui_login": "",
-        "loading": "",
-        "mailbox_general": "",
-        "mailbox_settings": "",
-        "messages": "",
-        "month": "",
-        "months": "",
-        "no_active_filter": "",
-        "password_repeat": "",
-        "pushover_evaluate_x_prio": "",
-        "pushover_only_x_prio": "",
-        "pushover_sender_array": "",
-        "pushover_sender_regex": "",
-        "pushover_text": "",
-        "pushover_title": "",
-        "pushover_sound": "",
-        "pushover_vars": "",
-        "q_reject": "",
-        "quarantine_category": "",
-        "recent_successful_connections": "",
-        "sogo_profile_reset_help": "",
-        "sogo_profile_reset_now": "",
-        "spam_score_reset": "",
-        "spamfilter_table_domain_policy": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "last_mail_login": "",
-        "pushover_verify": "",
-        "q_all": "",
-        "quarantine_category_info": "",
-        "create_app_passwd": "",
-        "no_last_login": "",
-        "sender_acl_disabled": "",
-        "show_sieve_filters": "",
-        "email_and_dav": "",
-        "empty": "",
-        "syncjob_check_log": "",
-        "login_history": "",
-        "mailbox": "",
-        "text": "",
-        "apple_connection_profile_with_app_password": "",
-        "change_password_hint_app_passwords": "",
-        "clear_recent_successful_connections": "",
-        "delete_ays": "",
-        "direct_protocol_access": "",
-        "force_pw_update": "",
-        "from": "",
-        "generate": "",
-        "in_use": "",
-        "open_logs": "",
-        "open_webmail_sso": "",
-        "title": "",
-        "value": "",
-        "verify": "",
-        "with_app_password": "",
-        "year": "",
-        "years": "",
-        "advanced_settings": "",
-        "app_hint": "",
-        "allowed_protocols": "",
-        "app_name": "",
-        "app_passwds": "",
-        "apple_connection_profile": "",
-        "apple_connection_profile_complete": "",
-        "password": ""
+        "weeks": "Semanas"
     },
     "warning": {
         "domain_added_sogo_failed": "Se agregó el dominio pero no se pudo reiniciar SOGo, revisa los logs del servidor.",
         "fuzzy_learn_error": "Error aprendiendo hash: %s",
-        "ip_invalid": "IP inválida omitida: %s",
-        "session_token": "",
-        "session_ua": "",
-        "cannot_delete_self": "",
-        "dovecot_restart_failed": "",
-        "hash_not_found": "",
-        "is_not_primary_alias": "",
-        "no_active_admin": "",
-        "quota_exceeded_scope": ""
-    },
-    "datatables": {
-        "decimal": "",
-        "infoPostFix": "",
-        "paginate": {
-            "last": "",
-            "first": "",
-            "next": "",
-            "previous": ""
-        },
-        "collapse_all": "",
-        "emptyTable": "",
-        "expand_all": "",
-        "info": "",
-        "infoEmpty": "",
-        "infoFiltered": "",
-        "thousands": "",
-        "lengthMenu": "",
-        "loadingRecords": "",
-        "processing": "",
-        "search": "",
-        "zeroRecords": "",
-        "aria": {
-            "sortAscending": "",
-            "sortDescending": ""
-        }
-    },
-    "fido2": {
-        "set_fn": "",
-        "start_fido2_validation": "",
-        "confirm": "",
-        "fido2_auth": "",
-        "fido2_success": "",
-        "fido2_validation_failed": "",
-        "fn": "",
-        "known_ids": "",
-        "none": "",
-        "register_status": "",
-        "rename": "",
-        "set_fido2": "",
-        "set_fido2_touchid": ""
-    },
-    "ratelimit": {
-        "disabled": "",
-        "second": "",
-        "minute": "",
-        "hour": "",
-        "day": ""
+        "ip_invalid": "IP inválida omitida: %s"
     }
 }
diff --git a/data/web/lang/lang.fi-fi.json b/data/web/lang/lang.fi-fi.json
index e31f01aca..d4a5a08ba 100644
--- a/data/web/lang/lang.fi-fi.json
+++ b/data/web/lang/lang.fi-fi.json
@@ -20,15 +20,7 @@
         "spam_score": "Roskapostitulos",
         "syncjobs": "Synkronoi työt",
         "tls_policy": "TLS-käytäntö",
-        "unlimited_quota": "Rajoittamaton kiintiö sähkö postilaatikoille",
-        "app_passwds": "",
-        "domain_desc": "",
-        "domain_relayhost": "",
-        "mailbox_relayhost": "",
-        "protocol_access": "",
-        "pushover": "",
-        "quarantine_category": "",
-        "smtp_ip_access": ""
+        "unlimited_quota": "Rajoittamaton kiintiö sähkö postilaatikoille"
     },
     "add": {
         "activate_filter_warn": "Kaikki muut suodattimet deaktivoidaan, kun aktiivinen on valittu.",
@@ -98,17 +90,7 @@
         "timeout2": "Aikakatkaisu yhteyden muodostamiseen paikalliseen isäntään",
         "username": "Käyttäjätunnus",
         "validate": "Vahvista",
-        "validation_success": "Vahvistettu onnistuneesti",
-        "dry": "",
-        "tags": "",
-        "inactive": "",
-        "relay_transport_info": "",
-        "app_name": "",
-        "app_password": "",
-        "app_passwd_protocols": "",
-        "bcc_dest_format": "",
-        "disable_login": "",
-        "relay_unknown_only": ""
+        "validation_success": "Vahvistettu onnistuneesti"
     },
     "admin": {
         "access": "Hallinta",
@@ -285,73 +267,7 @@
         "upload": "Lataa",
         "username": "Käyttäjätunnus",
         "validate_license_now": "Vahvista GUID-tunnus lisenssi palvelinta vastaan",
-        "yes": "&#10003;",
-        "logo_normal_label": "",
-        "logo_dark_label": "",
-        "copy_to_clipboard": "",
-        "f2b_ban_time_increment": "",
-        "f2b_manage_external": "",
-        "f2b_manage_external_info": "",
-        "f2b_max_ban_time": "",
-        "allowed_methods": "",
-        "allowed_origins": "",
-        "cors_settings": "",
-        "ip_check": "",
-        "rspamd_global_filters": "",
-        "service": "",
-        "password_policy_lowerupper": "",
-        "password_policy_numbers": "",
-        "quarantine_max_score": "",
-        "quarantine_redirect": "",
-        "domain_admin": "",
-        "f2b_filter": "",
-        "f2b_regex_info": "",
-        "html": "",
-        "oauth2_apps": "",
-        "oauth2_add_client": "",
-        "optional": "",
-        "options": "",
-        "password_length": "",
-        "password_policy_chars": "",
-        "rspamd_global_filters_agree": "",
-        "rspamd_global_filters_info": "",
-        "sal_level": "",
-        "success": "",
-        "title": "",
-        "transport_test_rcpt_info": "",
-        "ui_header_announcement": "",
-        "ui_header_announcement_active": "",
-        "ui_header_announcement_content": "",
-        "password_policy": "",
-        "password_policy_length": "",
-        "queue_unban": "",
-        "relay_rcpt": "",
-        "rsettings_preset_3": "",
-        "rsettings_preset_4": "",
-        "ui_header_announcement_help": "",
-        "ui_header_announcement_select": "",
-        "ui_header_announcement_type": "",
-        "ui_header_announcement_type_danger": "",
-        "ui_header_announcement_type_info": "",
-        "ui_header_announcement_type_warning": "",
-        "verify": "",
-        "ip_check_disabled": "",
-        "ip_check_opt_in": "",
-        "is_mx_based": "",
-        "login_time": "",
-        "rspamd_global_filters_regex": "",
-        "password_policy_special_chars": "",
-        "quarantine_bcc": "",
-        "regex_maps": "",
-        "dkim_overwrite_key": "",
-        "admins": "",
-        "admins_ldap": "",
-        "advanced_settings": "",
-        "api_read_only": "",
-        "api_read_write": "",
-        "api_skip_ip_check": "",
-        "ays": "",
-        "convert_html_to_text": ""
+        "yes": "&#10003;"
     },
     "danger": {
         "access_denied": "Käyttö estetty tai lomake tiedot eivät kelpaa",
@@ -453,36 +369,7 @@
         "username_invalid": "Käyttäjätunnusta %s ei voi käyttää",
         "validity_missing": "Anna voimassaolo aika",
         "value_missing": "Anna kaikki arvot",
-        "yotp_verification_failed": "Yubico OTP todentaminen epäonnistui: %s",
-        "webauthn_authenticator_failed": "",
-        "webauthn_publickey_failed": "",
-        "cors_invalid_origin": "",
-        "file_open_error": "",
-        "global_filter_write_error": "",
-        "global_map_invalid": "",
-        "global_map_write_error": "",
-        "ham_learn_error": "",
-        "invalid_filter_type": "",
-        "cors_invalid_method": "",
-        "pushover_key": "",
-        "img_dimensions_exceeded": "",
-        "img_size_exceeded": "",
-        "nginx_reload_failed": "",
-        "pushover_credentials_missing": "",
-        "pushover_token": "",
-        "template_exists": "",
-        "template_id_invalid": "",
-        "template_name_invalid": "",
-        "tls_policy_map_dest_invalid": "",
-        "webauthn_username_failed": "",
-        "app_name_empty": "",
-        "app_passwd_id_invalid": "",
-        "demo_mode_enabled": "",
-        "dkim_domain_or_sel_exists": "",
-        "extended_sender_acl_denied": "",
-        "fido2_verification_failed": "",
-        "reset_f2b_regex": "",
-        "tfa_token_invalid": ""
+        "yotp_verification_failed": "Yubico OTP todentaminen epäonnistui: %s"
     },
     "debug": {
         "containers_info": "Säilön tiedot",
@@ -502,28 +389,7 @@
         "uptime": "Päällä",
         "started_on": "Aloitettiin",
         "static_logs": "Staattiset lokit",
-        "system_containers": "Systeemi & Säiliöt",
-        "memory": "",
-        "architecture": "",
-        "online_users": "",
-        "error_show_ip": "",
-        "success": "",
-        "wip": "",
-        "container_disabled": "",
-        "history_all_servers": "",
-        "service": "",
-        "timezone": "",
-        "update_available": "",
-        "no_update_available": "",
-        "update_failed": "",
-        "username": "",
-        "chart_this_server": "",
-        "container_running": "",
-        "container_stopped": "",
-        "cores": "",
-        "login_time": "",
-        "current_time": "",
-        "show_ip": ""
+        "system_containers": "Systeemi & Säiliöt"
     },
     "diagnostics": {
         "cname_from_a": "Arvo johdettu A / AAAA-tietueesta. Tätä tuetaan niin kauan kuin tietue osoittaa oikealle resurssille.",
@@ -533,8 +399,7 @@
         "dns_records_name": "Nimi",
         "dns_records_status": "Nykyinen tila",
         "dns_records_type": "Tyyppi",
-        "optional": "Tämä tietue on valinnainen.",
-        "dns_records_docs": ""
+        "optional": "Tämä tietue on valinnainen."
     },
     "edit": {
         "active": "Aktiivinen",
@@ -615,57 +480,7 @@
         "title": "Muokkaa objektia",
         "unchanged_if_empty": "Jos muuttumaton jätä tyhjäksi",
         "username": "Käyttäjätunnus",
-        "validate_save": "Vahvista ja tallenna",
-        "lookup_mx": "",
-        "footer_exclude": "",
-        "custom_attributes": "",
-        "domain_footer_info_vars": {
-            "from_addr": "",
-            "from_domain": "",
-            "auth_user": "",
-            "from_user": "",
-            "from_name": "",
-            "custom": ""
-        },
-        "allow_from_smtp_info": "",
-        "allowed_protocols": "",
-        "app_name": "",
-        "app_passwd": "",
-        "app_passwd_protocols": "",
-        "created_on": "",
-        "sogo_access": "",
-        "sogo_access_info": "",
-        "domain_footer_skip_replies": "",
-        "domain_footer_plain": "",
-        "domain_footer": "",
-        "domain_footer_html": "",
-        "ratelimit": "",
-        "acl": "",
-        "advanced_settings": "",
-        "allow_from_smtp": "",
-        "domain_footer_info": "",
-        "none_inherit": "",
-        "pushover_only_x_prio": "",
-        "pushover_sender_regex": "",
-        "pushover_verify": "",
-        "quota_warning_bcc_info": "",
-        "relay_transport_info": "",
-        "relay_unknown_only": "",
-        "spam_filter": "",
-        "pushover_text": "",
-        "admin": "",
-        "generate": "",
-        "delete_ays": "",
-        "disable_login": "",
-        "pushover": "",
-        "pushover_info": "",
-        "pushover_sender_array": "",
-        "pushover_title": "",
-        "pushover_sound": "",
-        "mailbox_relayhost_info": "",
-        "pushover_vars": "",
-        "pushover_evaluate_x_prio": "",
-        "quota_warning_bcc": ""
+        "validate_save": "Vahvista ja tallenna"
     },
     "footer": {
         "cancel": "Peruuta",
@@ -678,9 +493,7 @@
         "restart_container": "Uudelleen käynnistä moottori",
         "restart_container_info": "<b>Tärkeää:</b> Uudelleenkäynnistys voi kestää jonkin aikaa, odota, kunnes se päättyy.",
         "restart_now": "Käynnistä uudelleen nyt",
-        "restarting_container": "Uudelleen käynnistä container, tämä saattaa kestää jonkin aikaa...",
-        "hibp_check": "",
-        "nothing_selected": ""
+        "restarting_container": "Uudelleen käynnistä container, tämä saattaa kestää jonkin aikaa..."
     },
     "header": {
         "administration": "Kokoonpanon & tiedot",
@@ -691,8 +504,7 @@
         "quarantine": "Karanteeni",
         "restart_netfilter": "Uudelleen käynnistä netfilter",
         "restart_sogo": "Uudelleen käynnistä SOGo",
-        "user_settings": "Käyttäjän asetukset",
-        "mailcow_system": ""
+        "user_settings": "Käyttäjän asetukset"
     },
     "info": {
         "awaiting_tfa_confirmation": "Odotetaan TFA-vahvistusta",
@@ -703,10 +515,7 @@
         "delayed": "Kirjautuminen viivästyi %s sekunttia.",
         "login": "Kirjaudu",
         "password": "Salasana",
-        "username": "Käyttäjätunnus",
-        "fido2_webauthn": "",
-        "mobileconfig_info": "",
-        "other_logins": ""
+        "username": "Käyttäjätunnus"
     },
     "mailbox": {
         "action": "Toiminnot",
@@ -830,58 +639,7 @@
         "username": "Käyttäjätunnus",
         "waiting": "Odotetaan..",
         "weekly": "Viikoittain",
-        "yes": "&#10003;",
-        "templates": "",
-        "catch_all": "",
-        "created_on": "",
-        "disable_login": "",
-        "domain_templates": "",
-        "goto_ham": "",
-        "goto_spam": "",
-        "template": "",
-        "sieve_preset_8": "",
-        "allow_from_smtp_info": "",
-        "sieve_preset_header": "",
-        "sender": "",
-        "sieve_preset_6": "",
-        "sieve_preset_7": "",
-        "insert_preset": "",
-        "last_mail_login": "",
-        "add_template": "",
-        "alias_domain_alias_hint": "",
-        "all_domains": "",
-        "allow_from_smtp": "",
-        "allowed_protocols": "",
-        "q_reject": "",
-        "quarantine_category": "",
-        "recipient": "",
-        "relay_unknown": "",
-        "stats": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "table_size": "",
-        "table_size_show_n": "",
-        "tls_policy_maps_enforced_tls": "",
-        "last_pw_change": "",
-        "open_logs": "",
-        "q_add_header": "",
-        "q_all": "",
-        "mailbox_defaults": "",
-        "mailbox_defaults_info": "",
-        "mailbox_templates": "",
-        "sieve_preset_1": "",
-        "sieve_preset_2": "",
-        "sieve_preset_3": "",
-        "sieve_preset_4": "",
-        "sieve_preset_5": "",
-        "add_alias_expand": ""
+        "yes": "&#10003;"
     },
     "oauth2": {
         "access_denied": "Kirjaudu sisään postilaatikon omistajana myöntääksesi käyttöoikeuden OAuth2: n kautta.",
@@ -925,41 +683,10 @@
         "subj": "Aihe",
         "text_from_html_content": "Sisältö (muunnettu html)",
         "text_plain_content": "Sisältö (teksti / tavallinen)",
-        "toggle_all": "Valitse kaikki",
-        "spam": "",
-        "deliver_inbox": "",
-        "info": "",
-        "type": "",
-        "quick_info_link": "",
-        "table_size": "",
-        "table_size_show_n": "",
-        "confirm": "",
-        "qinfo": "",
-        "sender_header": "",
-        "settings_info": "",
-        "rewrite_subject": "",
-        "junk_folder": "",
-        "notified": "",
-        "quick_release_link": "",
-        "rejected": "",
-        "quick_delete_link": "",
-        "refresh": ""
+        "toggle_all": "Valitse kaikki"
     },
     "queue": {
-        "queue_manager": "Jonon hallinta",
-        "deliver_mail": "",
-        "deliver_mail_legend": "",
-        "delete": "",
-        "flush": "",
-        "info": "",
-        "legend": "",
-        "ays": "",
-        "hold_mail": "",
-        "hold_mail_legend": "",
-        "show_message": "",
-        "unban": "",
-        "unhold_mail": "",
-        "unhold_mail_legend": ""
+        "queue_manager": "Jonon hallinta"
     },
     "start": {
         "help": "Näytä/Piilota help paneeli",
@@ -1034,24 +761,7 @@
         "upload_success": "Tiedosto ladattu onnistuneesti",
         "verified_totp_login": "Vahvistettu TOTP-kirjautuminen",
         "verified_webauthn_login": "Vahvistettu WebAuthn kirjautuminen",
-        "verified_yotp_login": "Vahvistettu Yubico OTP kirjautuminen",
-        "app_passwd_added": "",
-        "global_filter_written": "",
-        "template_added": "",
-        "template_modified": "",
-        "app_passwd_removed": "",
-        "cors_headers_edited": "",
-        "domain_add_dkim_available": "",
-        "domain_footer_modified": "",
-        "dovecot_restart_success": "",
-        "f2b_banlist_refreshed": "",
-        "ip_check_opt_in_modified": "",
-        "learned_ham": "",
-        "nginx_reloaded": "",
-        "password_policy_saved": "",
-        "pushover_settings_edited": "",
-        "template_removed": "",
-        "verified_fido2_login": ""
+        "verified_yotp_login": "Vahvistettu Yubico OTP kirjautuminen"
     },
     "tfa": {
         "api_register": "%s käyttää Yubico Cloud API. Saat avaimesi API-avaimen <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">täältä</a>",
@@ -1075,11 +785,7 @@
         "webauthn": "WebAuthn todennus",
         "waiting_usb_auth": "<i>Odotetaan USB-laitetta...</i><br><br>Napauta painiketta WebAuthn USB-laitteessa nyt",
         "waiting_usb_register": "<i>Odotetaan USB-laitetta...</i><br><br>Anna salasanasi yltä ja vahvista WebAuthn-rekisteröinti napauttamalla painiketta WebAuthn USB-laitteessa.",
-        "yubi_otp": "Yubico OTP-todennus",
-        "authenticators": "",
-        "tfa_token_invalid": "",
-        "u2f_deprecated": "",
-        "u2f_deprecated_important": ""
+        "yubi_otp": "Yubico OTP-todennus"
     },
     "user": {
         "action": "Toiminnot",
@@ -1174,76 +880,7 @@
         "waiting": "Odottaa",
         "week": "Viikko",
         "weekly": "Viikoittain",
-        "weeks": "Viikkoa",
-        "attribute": "",
-        "last_ui_login": "",
-        "allowed_protocols": "",
-        "delete_ays": "",
-        "email_and_dav": "",
-        "empty": "",
-        "fido2_webauthn": "",
-        "text": "",
-        "generate": "",
-        "last_mail_login": "",
-        "last_pw_change": "",
-        "login_history": "",
-        "mailbox_general": "",
-        "mailbox_settings": "",
-        "month": "",
-        "months": "",
-        "no_last_login": "",
-        "open_logs": "",
-        "open_webmail_sso": "",
-        "password": "",
-        "password_repeat": "",
-        "pushover_evaluate_x_prio": "",
-        "pushover_info": "",
-        "pushover_sender_array": "",
-        "recent_successful_connections": "",
-        "value": "",
-        "mailbox": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "title": "",
-        "verify": "",
-        "with_app_password": "",
-        "year": "",
-        "years": "",
-        "advanced_settings": "",
-        "app_hint": "",
-        "app_name": "",
-        "app_passwds": "",
-        "apple_connection_profile": "",
-        "apple_connection_profile_mailonly": "",
-        "apple_connection_profile_with_app_password": "",
-        "change_password_hint_app_passwords": "",
-        "clear_recent_successful_connections": "",
-        "create_app_passwd": "",
-        "created_on": "",
-        "direct_protocol_access": "",
-        "email": "",
-        "apple_connection_profile_complete": "",
-        "pushover_sender_regex": "",
-        "pushover_text": "",
-        "pushover_title": "",
-        "pushover_sound": "",
-        "pushover_vars": "",
-        "pushover_verify": "",
-        "q_add_header": "",
-        "q_all": "",
-        "q_reject": "",
-        "quarantine_category": "",
-        "quarantine_category_info": "",
-        "pushover_only_x_prio": "",
-        "from": "",
-        "save": "",
-        "syncjob_check_log": ""
+        "weeks": "Viikkoa"
     },
     "warning": {
         "cannot_delete_self": "Kirjautuneen käyttäjän poistaminen ei onnistu",
@@ -1253,10 +890,7 @@
         "ip_invalid": "Ohitettu virheellinen IP-osoite: %s",
         "no_active_admin": "Viimeistä aktiivista järjestelmänvalvojaa ei voi poistaa käytöstä",
         "session_token": "Lomakkeen tunnus sanoma ei kelpaa: tunnus sanoman risti riita",
-        "session_ua": "Lomakkeen tunnus sanoma ei kelpaa: käyttäjä agentin tarkistus virhe",
-        "is_not_primary_alias": "",
-        "quota_exceeded_scope": "",
-        "dovecot_restart_failed": ""
+        "session_ua": "Lomakkeen tunnus sanoma ei kelpaa: käyttäjä agentin tarkistus virhe"
     },
     "datatables": {
         "emptyTable": "Tietoja ei ole saatavilla taulukossa",
@@ -1267,43 +901,7 @@
         "search": "Etsi:",
         "paginate": {
             "first": "Ensimmäinen",
-            "last": "Edellinen",
-            "next": "",
-            "previous": ""
-        },
-        "infoPostFix": "",
-        "decimal": "",
-        "collapse_all": "",
-        "info": "",
-        "infoEmpty": "",
-        "infoFiltered": "",
-        "thousands": "",
-        "zeroRecords": "",
-        "aria": {
-            "sortAscending": "",
-            "sortDescending": ""
+            "last": "Edellinen"
         }
-    },
-    "fido2": {
-        "confirm": "",
-        "fido2_auth": "",
-        "fido2_validation_failed": "",
-        "fn": "",
-        "known_ids": "",
-        "register_status": "",
-        "rename": "",
-        "set_fido2": "",
-        "fido2_success": "",
-        "none": "",
-        "set_fido2_touchid": "",
-        "set_fn": "",
-        "start_fido2_validation": ""
-    },
-    "ratelimit": {
-        "disabled": "",
-        "second": "",
-        "minute": "",
-        "hour": "",
-        "day": ""
     }
 }
diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index 48b14ccf6..aed9ec567 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -343,15 +343,7 @@
         "f2b_manage_external": "Gérer Fail2Ban en externe",
         "transport_test_rcpt_info": "&#8226 ; Utilisez null@hosted.mailcow.de pour tester le relais vers une destination étrangère.",
         "relay_rcpt": "Adresse \"À :\"",
-        "is_mx_based": "Basé sur MX",
-        "service": "",
-        "success": "",
-        "cors_settings": "",
-        "ip_check_opt_in": "",
-        "admins_ldap": "",
-        "login_time": "",
-        "options": "",
-        "queue_unban": ""
+        "is_mx_based": "Basé sur MX"
     },
     "danger": {
         "access_denied": "Accès refusé ou données de formulaire non valides",
@@ -511,19 +503,7 @@
         "wip": "En cours de réalisation",
         "architecture": "Architecture",
         "cores": "Cœurs",
-        "current_time": "Heure du système",
-        "service": "",
-        "show_ip": "",
-        "memory": "",
-        "success": "",
-        "update_available": "",
-        "no_update_available": "",
-        "update_failed": "",
-        "error_show_ip": "",
-        "container_running": "",
-        "container_disabled": "",
-        "container_stopped": "",
-        "login_time": ""
+        "current_time": "Heure du système"
     },
     "diagnostics": {
         "cname_from_a": "Valeur dérivée de l’enregistrement A/AAAA. Ceci est supporté tant que l’enregistrement indique la bonne ressource.",
@@ -662,10 +642,7 @@
         "quota_warning_bcc": "Avertissement sur les quotas BCC",
         "quota_warning_bcc_info": "Les avertissements seront envoyés en copies séparées aux destinataires suivants. Le sujet sera précédé du nom d'utilisateur correspondant entre parenthèses, par exemple : <code>Avertissement sur les quotas (user@example.com)</code>.",
         "sogo_access_info": "L'authentification unique à partir de l'interface de messagerie reste opérationnelle. Ce paramètre n'affecte pas l'accès à tous les autres services et ne supprime ni ne modifie le profil SOGo existant d'un utilisateur.",
-        "admin": "Modifier l'administrateur",
-        "pushover": "",
-        "pushover_sound": "",
-        "sogo_access": ""
+        "admin": "Modifier l'administrateur"
     },
     "footer": {
         "cancel": "Annuler",
@@ -679,8 +656,7 @@
         "restart_container_info": "<b>Important :</b> Un redémarrage en douceur peut prendre un certain temps, veuillez attendre qu’il soit terminé.",
         "restart_now": "Redémarrer maintenant",
         "restarting_container": "Redémarrage du conteneur, cela peut prendre un certain temps",
-        "nothing_selected": "Rien n'est sélectionné",
-        "hibp_check": ""
+        "nothing_selected": "Rien n'est sélectionné"
     },
     "header": {
         "administration": "Configuration & détails",
@@ -691,8 +667,7 @@
         "quarantine": "Quarantaine",
         "restart_netfilter": "Redémarrer Netfilter",
         "restart_sogo": "Redémarrer SOGo",
-        "user_settings": "Paramètres utilisateur",
-        "mailcow_system": ""
+        "user_settings": "Paramètres utilisateur"
     },
     "info": {
         "awaiting_tfa_confirmation": "En attente de la confirmation de TFA",
@@ -866,22 +841,7 @@
         "mailbox_templates": "Modèle de boîte de réception",
         "relay_unknown": "Relayer les boîtes de réception inconnues",
         "all_domains": "Tous les domaines",
-        "syncjob_EXIT_OVERQUOTA": "Quota dépassé de la boîte de réception cible",
-        "syncjob_check_log": "",
-        "add_template": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "templates": "",
-        "recipient": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "template": "",
-        "domain_templates": "",
-        "open_logs": "",
-        "sender": ""
+        "syncjob_EXIT_OVERQUOTA": "Quota dépassé de la boîte de réception cible"
     },
     "oauth2": {
         "access_denied": "Veuillez vous connecter en tant que propriétaire de la boîte de réception pour accorder l’accès via Oauth2.",
@@ -954,12 +914,7 @@
         "hold_mail_legend": "Met en attente les courriers sélectionnés. (Empêche les tentatives de distribution ultérieures)",
         "unban": "file d'attente d'unban",
         "unhold_mail": "Libérer",
-        "unhold_mail_legend": "Libère les courriers sélectionnés pour la distribution. (Nécessite une mise en attente préalable)",
-        "deliver_mail": "",
-        "delete": "",
-        "flush": "",
-        "show_message": "",
-        "ays": ""
+        "unhold_mail_legend": "Libère les courriers sélectionnés pour la distribution. (Nécessite une mise en attente préalable)"
     },
     "start": {
         "help": "Afficher/masquer le panneau d’aide",
@@ -1049,9 +1004,7 @@
         "template_added": "Modèles ajoutés %s",
         "template_removed": "Le modèle ayant l'ID %s a été supprimé",
         "domain_add_dkim_available": "A DKIM key did already exist",
-        "ip_check_opt_in_modified": "Le contrôle de l'IP a été enregistré avec succès",
-        "password_policy_saved": "",
-        "template_modified": ""
+        "ip_check_opt_in_modified": "Le contrôle de l'IP a été enregistré avec succès"
     },
     "tfa": {
         "api_register": "%s utilise l'API Yubico Cloud. Veuillez obtenir une clé API pour votre clé <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">ici</a>",
@@ -1249,16 +1202,7 @@
         "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Nom d'utilisateur ou mot de passe incorrect",
         "value": "Valeur",
         "allowed_protocols": "Protocoles autorisés",
-        "mailbox": "Boîte de réception",
-        "open_logs": "",
-        "empty": "",
-        "last_pw_change": "",
-        "mailbox_general": "",
-        "mailbox_settings": "",
-        "month": "",
-        "pushover_sound": "",
-        "from": "",
-        "fido2_webauthn": ""
+        "mailbox": "Boîte de réception"
     },
     "warning": {
         "cannot_delete_self": "Impossible de supprimer l’utilisateur connecté",
@@ -1279,9 +1223,7 @@
         "thousands": ",",
         "paginate": {
             "first": "Premier",
-            "last": "Dernier",
-            "next": "",
-            "previous": ""
+            "last": "Dernier"
         },
         "aria": {
             "sortAscending": ": activer pour trier les colonnes en ordre croissant",
@@ -1292,18 +1234,9 @@
         "lengthMenu": "Afficher les entrées _MENU_",
         "loadingRecords": "Chargement…",
         "processing": "Veuillez patienter…",
-        "collapse_all": "Tout réduire",
-        "infoPostFix": "",
-        "emptyTable": "",
-        "info": "",
-        "search": "",
-        "zeroRecords": ""
+        "collapse_all": "Tout réduire"
     },
     "ratelimit": {
-        "disabled": "Désactivé",
-        "day": "",
-        "second": "",
-        "minute": "",
-        "hour": ""
+        "disabled": "Désactivé"
     }
 }
diff --git a/data/web/lang/lang.gr-gr.json b/data/web/lang/lang.gr-gr.json
index 8a8f6ad17..df9127aec 100644
--- a/data/web/lang/lang.gr-gr.json
+++ b/data/web/lang/lang.gr-gr.json
@@ -6,162 +6,7 @@
         "weeks": "Εβδομάδες",
         "with_app_password": "με κωδικό εφαρμογής",
         "year": "χρόνος",
-        "years": "χρόνια",
-        "alias_select_validity": "",
-        "pushover_text": "",
-        "pushover_title": "",
-        "text": "",
-        "action": "",
-        "clear_recent_successful_connections": "",
-        "client_configuration": "",
-        "create_app_passwd": "",
-        "running": "",
-        "save": "",
-        "tag_handling": "",
-        "tag_in_none": "",
-        "alias_time_left": "",
-        "alias_valid_until": "",
-        "aliases_also_send_as": "",
-        "aliases_send_as_all": "",
-        "allowed_protocols": "",
-        "direct_protocol_access": "",
-        "eas_reset": "",
-        "pushover_sound": "",
-        "pushover_verify": "",
-        "q_add_header": "",
-        "q_all": "",
-        "remove": "",
-        "q_reject": "",
-        "quarantine_category": "",
-        "quarantine_category_info": "",
-        "quarantine_notification": "",
-        "quarantine_notification_info": "",
-        "recent_successful_connections": "",
-        "save_changes": "",
-        "sender_acl_disabled": "",
-        "shared_aliases": "",
-        "shared_aliases_desc": "",
-        "show_sieve_filters": "",
-        "sogo_profile_reset": "",
-        "sogo_profile_reset_help": "",
-        "sogo_profile_reset_now": "",
-        "spam_score_reset": "",
-        "spamfilter": "",
-        "spamfilter_behavior": "",
-        "spamfilter_bl": "",
-        "title": "",
-        "tls_policy": "",
-        "tls_policy_warning": "",
-        "user_settings": "",
-        "username": "",
-        "value": "",
-        "waiting": "",
-        "no_record": "",
-        "edit": "",
-        "email": "",
-        "email_and_dav": "",
-        "empty": "",
-        "encryption": "",
-        "spamfilter_default_score": "",
-        "spamfilter_green": "",
-        "spamfilter_red": "",
-        "active": "",
-        "active_sieve": "",
-        "advanced_settings": "",
-        "alias": "",
-        "alias_create_random": "",
-        "alias_extend_all": "",
-        "alias_full_date": "",
-        "alias_remove_all": "",
-        "app_hint": "",
-        "app_name": "",
-        "app_passwds": "",
-        "apple_connection_profile": "",
-        "apple_connection_profile_complete": "",
-        "attribute": "",
-        "create_syncjob": "",
-        "created_on": "",
-        "daily": "",
-        "day": "",
-        "delete_ays": "",
-        "direct_aliases": "",
-        "direct_aliases_desc": "",
-        "eas_reset_help": "",
-        "eas_reset_now": "",
-        "excludes": "",
-        "expire_in": "",
-        "fido2_webauthn": "",
-        "force_pw_update": "",
-        "from": "",
-        "generate": "",
-        "hour": "",
-        "hourly": "",
-        "hours": "",
-        "in_use": "",
-        "interval": "",
-        "is_catch_all": "",
-        "last_mail_login": "",
-        "last_pw_change": "",
-        "last_run": "",
-        "last_ui_login": "",
-        "loading": "",
-        "login_history": "",
-        "mailbox": "",
-        "mailbox_details": "",
-        "mailbox_general": "",
-        "month": "",
-        "months": "",
-        "never": "",
-        "new_password": "",
-        "new_password_repeat": "",
-        "no_active_filter": "",
-        "open_logs": "",
-        "open_webmail_sso": "",
-        "password": "",
-        "password_now": "",
-        "password_repeat": "",
-        "pushover_evaluate_x_prio": "",
-        "pushover_info": "",
-        "pushover_only_x_prio": "",
-        "pushover_sender_array": "",
-        "pushover_sender_regex": "",
-        "pushover_vars": "",
-        "spamfilter_bl_desc": "",
-        "spamfilter_hint": "",
-        "spamfilter_table_action": "",
-        "spamfilter_table_add": "",
-        "spamfilter_table_domain_policy": "",
-        "spamfilter_table_empty": "",
-        "spamfilter_table_remove": "",
-        "spamfilter_table_rule": "",
-        "spamfilter_wl": "",
-        "spamfilter_wl_desc": "",
-        "spamfilter_yellow": "",
-        "sync_jobs": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "tag_help_example": "",
-        "tag_help_explain": "",
-        "tag_in_subfolder": "",
-        "tag_in_subject": "",
-        "tls_enforce_in": "",
-        "tls_enforce_out": "",
-        "no_last_login": "",
-        "status": "",
-        "apple_connection_profile_mailonly": "",
-        "apple_connection_profile_with_app_password": "",
-        "change_password": "",
-        "change_password_hint_app_passwords": "",
-        "mailbox_settings": "",
-        "messages": "",
-        "spam_aliases": ""
+        "years": "χρόνια"
     },
     "warning": {
         "cannot_delete_self": "Αδυναμία διαγραφής συνδεδεμένου χρήστη",
@@ -170,1140 +15,6 @@
         "domain_added_sogo_failed": "Προστέθηκε το όνομα χώρου αλλά απέτυχε η επανεκκίνηση του SOGo.",
         "hash_not_found": "Η κατακερματισμένη τιμή (hash value) δεν βρέθηκε ή έχει είδη διαγραφεί.",
         "ip_invalid": "Παραλείφθηκε μη έγκυρη διεύθυνση IP: %s",
-        "is_not_primary_alias": "Παραλείφθηκε μη πρωτεύον ψευδώνυμο %s",
-        "fuzzy_learn_error": "",
-        "quota_exceeded_scope": "",
-        "session_token": "",
-        "session_ua": ""
-    },
-    "edit": {
-        "footer_exclude": "",
-        "kind": "",
-        "last_modified": "",
-        "lookup_mx": "",
-        "mailbox": "",
-        "mailbox_quota_def": "",
-        "mailbox_relayhost_info": "",
-        "max_aliases": "",
-        "max_mailboxes": "",
-        "max_quota": "",
-        "maxage": "",
-        "maxbytespersecond": "",
-        "gal_info": "",
-        "relay_transport_info": "",
-        "relay_unknown_only": "",
-        "pushover_text": "",
-        "full_name": "",
-        "gal": "",
-        "generate": "",
-        "extended_sender_acl_info": "",
-        "force_pw_update": "",
-        "force_pw_update_info": "",
-        "none_inherit": "",
-        "password": "",
-        "password_repeat": "",
-        "previous": "",
-        "private_comment": "",
-        "public_comment": "",
-        "pushover_info": "",
-        "pushover_only_x_prio": "",
-        "spam_alias": "",
-        "spam_filter": "",
-        "spam_policy": "",
-        "custom_attributes": "",
-        "delete2": "",
-        "delete2duplicates": "",
-        "delete_ays": "",
-        "description": "",
-        "disable_login": "",
-        "domain": "",
-        "domain_admin": "",
-        "domain_footer_info_vars": {
-            "custom": "",
-            "auth_user": "",
-            "from_user": "",
-            "from_name": "",
-            "from_addr": "",
-            "from_domain": ""
-        },
-        "timeout2": "",
-        "unchanged_if_empty": "",
-        "username": "",
-        "domain_footer_skip_replies": "",
-        "exclude": "",
-        "extended_sender_acl": "",
-        "domain_footer": "",
-        "pushover_sender_regex": "",
-        "pushover_title": "",
-        "target_domain": "",
-        "acl": "",
-        "active": "",
-        "admin": "",
-        "advanced_settings": "",
-        "alias": "",
-        "allow_from_smtp": "",
-        "allow_from_smtp_info": "",
-        "allowed_protocols": "",
-        "domain_footer_html": "",
-        "domain_footer_info": "",
-        "grant_types": "",
-        "hostname": "",
-        "domain_footer_plain": "",
-        "domain_quota": "",
-        "domains": "",
-        "dont_check_sender_acl": "",
-        "edit_alias_domain": "",
-        "encryption": "",
-        "mbox_rl_info": "",
-        "mins_interval": "",
-        "multiple_bookings": "",
-        "nexthop": "",
-        "pushover": "",
-        "pushover_evaluate_x_prio": "",
-        "pushover_sender_array": "",
-        "pushover_sound": "",
-        "pushover_vars": "",
-        "inactive": "",
-        "pushover_verify": "",
-        "quota_mb": "",
-        "quota_warning_bcc": "",
-        "quota_warning_bcc_info": "",
-        "ratelimit": "",
-        "redirect_uri": "",
-        "relay_all": "",
-        "relay_all_info": "",
-        "relay_domain": "",
-        "relayhost": "",
-        "remove": "",
-        "resource": "",
-        "save": "",
-        "scope": "",
-        "sender_acl": "",
-        "sender_acl_disabled": "",
-        "sender_acl_info": "",
-        "sieve_desc": "",
-        "sieve_type": "",
-        "skipcrossduplicates": "",
-        "sogo_access": "",
-        "sogo_access_info": "",
-        "sogo_visible": "",
-        "sogo_visible_info": "",
-        "spam_score": "",
-        "subfolder2": "",
-        "syncjob": "",
-        "target_address": "",
-        "timeout1": "",
-        "validate_save": "",
-        "app_name": "",
-        "app_passwd": "",
-        "app_passwd_protocols": "",
-        "automap": "",
-        "backup_mx_options": "",
-        "bcc_dest_format": "",
-        "client_id": "",
-        "client_secret": "",
-        "comment_info": "",
-        "created_on": "",
-        "delete1": "",
-        "title": ""
-    },
-    "admin": {
-        "oauth2_redirect_uri": "",
-        "oauth2_renew_secret": "",
-        "quarantine_exclude_domains": "",
-        "quota_notification_sender": "",
-        "logo_normal_label": "",
-        "logo_dark_label": "",
-        "dkim_add_key": "",
-        "dkim_domains_selector": "",
-        "dkim_domains_wo_keys": "",
-        "dkim_from": "",
-        "dkim_from_title": "",
-        "dkim_key_length": "",
-        "dkim_key_missing": "",
-        "domain_admin": "",
-        "options": "",
-        "save": "",
-        "search_domain_da": "",
-        "send": "",
-        "sender": "",
-        "service": "",
-        "service_id": "",
-        "source": "",
-        "spamfilter": "",
-        "subject": "",
-        "success": "",
-        "copy_to_clipboard": "",
-        "credentials_transport_warning": "",
-        "customer_id": "",
-        "customize": "",
-        "destination": "",
-        "dkim_key_unused": "",
-        "dkim_key_valid": "",
-        "dkim_keys": "",
-        "dkim_overwrite_key": "",
-        "dkim_private_key": "",
-        "dkim_to": "",
-        "dkim_to_title": "",
-        "domain": "",
-        "domain_admins": "",
-        "domain_s": "",
-        "duplicate_dkim": "",
-        "edit": "",
-        "empty": "",
-        "excludes": "",
-        "f2b_ban_time": "",
-        "f2b_ban_time_increment": "",
-        "f2b_blacklist": "",
-        "f2b_filter": "",
-        "f2b_list_info": "",
-        "f2b_manage_external": "",
-        "f2b_manage_external_info": "",
-        "f2b_max_attempts": "",
-        "f2b_max_ban_time": "",
-        "f2b_netban_ipv4": "",
-        "f2b_netban_ipv6": "",
-        "f2b_parameters": "",
-        "f2b_regex_info": "",
-        "f2b_retry_window": "",
-        "forwarding_hosts": "",
-        "forwarding_hosts_add_hint": "",
-        "forwarding_hosts_hint": "",
-        "from": "",
-        "generate": "",
-        "guid": "",
-        "guid_and_license": "",
-        "hash_remove_info": "",
-        "help_text": "",
-        "host": "",
-        "html": "",
-        "import": "",
-        "import_private_key": "",
-        "in_use_by": "",
-        "inactive": "",
-        "include_exclude": "",
-        "include_exclude_info": "",
-        "includes": "",
-        "ip_check": "",
-        "ip_check_disabled": "",
-        "ip_check_opt_in": "",
-        "is_mx_based": "",
-        "last_applied": "",
-        "license_info": "",
-        "link": "",
-        "loading": "",
-        "login_time": "",
-        "logo_info": "",
-        "lookup_mx": "",
-        "main_name": "",
-        "merged_vars_hint": "",
-        "message": "",
-        "message_size": "",
-        "nexthop": "",
-        "no": "",
-        "no_active_bans": "",
-        "no_new_rows": "",
-        "no_record": "",
-        "oauth2_apps": "",
-        "oauth2_add_client": "",
-        "oauth2_client_id": "",
-        "oauth2_client_secret": "",
-        "oauth2_info": "",
-        "oauth2_revoke_tokens": "",
-        "optional": "",
-        "password": "",
-        "password_length": "",
-        "password_policy": "",
-        "password_policy_chars": "",
-        "password_policy_length": "",
-        "password_policy_lowerupper": "",
-        "password_policy_numbers": "",
-        "password_policy_special_chars": "",
-        "password_repeat": "",
-        "priority": "",
-        "private_key": "",
-        "quarantine": "",
-        "quarantine_bcc": "",
-        "quarantine_max_age": "",
-        "quarantine_max_score": "",
-        "quarantine_max_size": "",
-        "quarantine_notification_html": "",
-        "quarantine_notification_sender": "",
-        "quarantine_notification_subject": "",
-        "quarantine_redirect": "",
-        "quarantine_release_format": "",
-        "quarantine_release_format_att": "",
-        "quarantine_release_format_raw": "",
-        "quarantine_retention_size": "",
-        "quota_notification_html": "",
-        "quota_notification_subject": "",
-        "quota_notifications": "",
-        "quota_notifications_info": "",
-        "quota_notifications_vars": "",
-        "queue_unban": "",
-        "r_active": "",
-        "r_inactive": "",
-        "r_info": "",
-        "rate_name": "",
-        "recipients": "",
-        "refresh": "",
-        "regen_api_key": "",
-        "regex_maps": "",
-        "relay_from": "",
-        "relay_run": "",
-        "relayhosts": "",
-        "relayhosts_hint": "",
-        "remove": "",
-        "remove_row": "",
-        "reset_default": "",
-        "reset_limit": "",
-        "routing": "",
-        "rsetting_add_rule": "",
-        "rsetting_content": "",
-        "rsetting_desc": "",
-        "rsetting_no_selection": "",
-        "rsetting_none": "",
-        "rsettings_insert_preset": "",
-        "rsettings_preset_1": "",
-        "rsettings_preset_2": "",
-        "rsettings_preset_3": "",
-        "rsettings_preset_4": "",
-        "rspamd_com_settings": "",
-        "rspamd_global_filters": "",
-        "rspamd_global_filters_agree": "",
-        "rspamd_global_filters_info": "",
-        "rspamd_global_filters_regex": "",
-        "rspamd_settings_map": "",
-        "sal_level": "",
-        "sys_mails": "",
-        "text": "",
-        "time": "",
-        "title": "",
-        "title_name": "",
-        "to_top": "",
-        "transport_dest_format": "",
-        "transport_maps": "",
-        "transport_test_rcpt_info": "",
-        "transports_hint": "",
-        "ui_footer": "",
-        "ui_header_announcement": "",
-        "ui_header_announcement_active": "",
-        "ui_header_announcement_content": "",
-        "ui_header_announcement_help": "",
-        "ui_header_announcement_select": "",
-        "ui_header_announcement_type": "",
-        "ui_header_announcement_type_danger": "",
-        "ui_header_announcement_type_info": "",
-        "ui_header_announcement_type_warning": "",
-        "ui_texts": "",
-        "unban_pending": "",
-        "unchanged_if_empty": "",
-        "upload": "",
-        "username": "",
-        "validate_license_now": "",
-        "verify": "",
-        "yes": "",
-        "relay_rcpt": "",
-        "duplicate": "",
-        "access": "",
-        "action": "",
-        "activate_api": "",
-        "activate_send": "",
-        "active": "",
-        "active_rspamd_settings_map": "",
-        "add": "",
-        "add_admin": "",
-        "add_domain_admin": "",
-        "add_forwarding_host": "",
-        "add_relayhost": "",
-        "add_relayhost_hint": "",
-        "add_row": "",
-        "add_settings_rule": "",
-        "add_transport": "",
-        "add_transports_hint": "",
-        "additional_rows": "",
-        "admin": "",
-        "admin_details": "",
-        "admin_domains": "",
-        "admins": "",
-        "admins_ldap": "",
-        "advanced_settings": "",
-        "allowed_methods": "",
-        "allowed_origins": "",
-        "api_allow_from": "",
-        "api_info": "",
-        "api_key": "",
-        "cors_settings": "",
-        "api_read_only": "",
-        "api_read_write": "",
-        "api_skip_ip_check": "",
-        "app_links": "",
-        "app_name": "",
-        "apps_name": "",
-        "arrival_time": "",
-        "authed_user": "",
-        "ays": "",
-        "ban_list_info": "",
-        "change_logo": "",
-        "configuration": "",
-        "convert_html_to_text": "",
-        "f2b_whitelist": "",
-        "filter_table": ""
-    },
-    "danger": {
-        "release_send_failed": "",
-        "global_filter_write_error": "",
-        "global_map_invalid": "",
-        "global_map_write_error": "",
-        "goto_empty": "",
-        "goto_invalid": "",
-        "ham_learn_error": "",
-        "imagick_exception": "",
-        "img_invalid": "",
-        "img_tmp_missing": "",
-        "ip_list_empty": "",
-        "is_alias": "",
-        "is_spam_alias": "",
-        "reset_f2b_regex": "",
-        "pushover_token": "",
-        "quota_not_0_not_numeric": "",
-        "recipient_map_entry_exists": "",
-        "relayhost_invalid": "",
-        "webauthn_authenticator_failed": "",
-        "webauthn_username_failed": "",
-        "access_denied": "",
-        "alias_domain_invalid": "",
-        "invalid_bcc_map_type": "",
-        "invalid_destination": "",
-        "invalid_filter_type": "",
-        "alias_empty": "",
-        "alias_goto_identical": "",
-        "alias_invalid": "",
-        "aliasd_targetd_identical": "",
-        "aliases_in_use": "",
-        "app_name_empty": "",
-        "app_passwd_id_invalid": "",
-        "bcc_empty": "",
-        "bcc_exists": "",
-        "bcc_must_be_email": "",
-        "dkim_domain_or_sel_exists": "",
-        "dkim_domain_or_sel_invalid": "",
-        "domain_cannot_match_hostname": "",
-        "domain_exists": "",
-        "domain_invalid": "",
-        "domain_not_empty": "",
-        "domain_not_found": "",
-        "extended_sender_acl_denied": "",
-        "extra_acl_invalid": "",
-        "extra_acl_invalid_domain": "",
-        "fido2_verification_failed": "",
-        "file_open_error": "",
-        "filter_type": "",
-        "from_invalid": "",
-        "mailbox_quota_exceeds_domain_quota": "",
-        "mailbox_quota_left_exceeded": "",
-        "template_name_invalid": "",
-        "domain_quota_m_in_use": "",
-        "comment_too_long": "",
-        "cors_invalid_method": "",
-        "cors_invalid_origin": "",
-        "defquota_empty": "",
-        "img_dimensions_exceeded": "",
-        "img_size_exceeded": "",
-        "invalid_host": "",
-        "invalid_mime_type": "",
-        "invalid_nexthop": "",
-        "invalid_nexthop_authenticated": "",
-        "invalid_recipient_map_new": "",
-        "invalid_recipient_map_old": "",
-        "is_alias_or_mailbox": "",
-        "last_key": "",
-        "login_failed": "",
-        "mailbox_defquota_exceeds_mailbox_maxquota": "",
-        "mailbox_invalid": "",
-        "mailbox_quota_exceeded": "",
-        "mailboxes_in_use": "",
-        "malformed_username": "",
-        "map_content_empty": "",
-        "max_alias_exceeded": "",
-        "max_mailbox_exceeded": "",
-        "max_quota_in_use": "",
-        "maxquota_empty": "",
-        "mysql_error": "",
-        "network_host_invalid": "",
-        "next_hop_interferes": "",
-        "next_hop_interferes_any": "",
-        "nginx_reload_failed": "",
-        "no_user_defined": "",
-        "object_exists": "",
-        "object_is_not_numeric": "",
-        "password_complexity": "",
-        "password_empty": "",
-        "password_mismatch": "",
-        "policy_list_from_exists": "",
-        "policy_list_from_invalid": "",
-        "private_key_error": "",
-        "pushover_credentials_missing": "",
-        "pushover_key": "",
-        "redis_error": "",
-        "resource_invalid": "",
-        "rl_timeframe": "",
-        "rspamd_ui_pw_length": "",
-        "script_empty": "",
-        "sender_acl_invalid": "",
-        "set_acl_failed": "",
-        "settings_map_invalid": "",
-        "sieve_error": "",
-        "spam_learn_error": "",
-        "subject_empty": "",
-        "target_domain_invalid": "",
-        "targetd_not_found": "",
-        "targetd_relay_domain": "",
-        "template_exists": "",
-        "template_id_invalid": "",
-        "temp_error": "",
-        "text_empty": "",
-        "tfa_token_invalid": "",
-        "tls_policy_map_dest_invalid": "",
-        "tls_policy_map_entry_exists": "",
-        "tls_policy_map_parameter_invalid": "",
-        "totp_verification_failed": "",
-        "transport_dest_exists": "",
-        "webauthn_verification_failed": "",
-        "webauthn_publickey_failed": "",
-        "unknown": "",
-        "unknown_tfa_method": "",
-        "unlimited_quota_acl": "",
-        "username_invalid": "",
-        "validity_missing": "",
-        "value_missing": "",
-        "yotp_verification_failed": "",
-        "demo_mode_enabled": "",
-        "description_invalid": ""
-    },
-    "success": {
-        "bcc_deleted": "",
-        "bcc_edited": "",
-        "bcc_saved": "",
-        "dkim_removed": "",
-        "domain_added": "",
-        "resource_removed": "",
-        "alias_modified": "",
-        "alias_removed": "",
-        "aliasd_added": "",
-        "app_links": "",
-        "ip_check_opt_in_modified": "",
-        "item_deleted": "",
-        "cors_headers_edited": "",
-        "db_init_complete": "",
-        "learned_ham": "",
-        "license_modified": "",
-        "settings_map_removed": "",
-        "sogo_profile_reset": "",
-        "template_added": "",
-        "template_modified": "",
-        "template_removed": "",
-        "tls_policy_map_entry_deleted": "",
-        "tls_policy_map_entry_saved": "",
-        "upload_success": "",
-        "verified_fido2_login": "",
-        "verified_totp_login": "",
-        "verified_webauthn_login": "",
-        "verified_yotp_login": "",
-        "acl_saved": "",
-        "admin_added": "",
-        "admin_api_modified": "",
-        "admin_modified": "",
-        "admin_removed": "",
-        "alias_added": "",
-        "alias_domain_removed": "",
-        "aliasd_modified": "",
-        "app_passwd_added": "",
-        "app_passwd_removed": "",
-        "delete_filter": "",
-        "delete_filters": "",
-        "deleted_syncjob": "",
-        "deleted_syncjobs": "",
-        "dkim_added": "",
-        "domain_add_dkim_available": "",
-        "dkim_duplicated": "",
-        "domain_admin_added": "",
-        "domain_admin_modified": "",
-        "domain_admin_removed": "",
-        "domain_footer_modified": "",
-        "domain_modified": "",
-        "domain_removed": "",
-        "dovecot_restart_success": "",
-        "eas_reset": "",
-        "f2b_banlist_refreshed": "",
-        "f2b_modified": "",
-        "forwarding_host_added": "",
-        "forwarding_host_removed": "",
-        "global_filter_written": "",
-        "hash_deleted": "",
-        "item_released": "",
-        "items_deleted": "",
-        "items_released": "",
-        "logged_in_as": "",
-        "mailbox_added": "",
-        "mailbox_modified": "",
-        "mailbox_removed": "",
-        "nginx_reloaded": "",
-        "object_modified": "",
-        "password_policy_saved": "",
-        "pushover_settings_edited": "",
-        "qlearn_spam": "",
-        "queue_command_success": "",
-        "recipient_map_entry_deleted": "",
-        "recipient_map_entry_saved": "",
-        "relayhost_added": "",
-        "relayhost_removed": "",
-        "reset_main_logo": "",
-        "resource_added": "",
-        "resource_modified": "",
-        "rl_saved": "",
-        "rspamd_ui_pw_set": "",
-        "saved_settings": "",
-        "settings_map_added": "",
-        "ui_texts": ""
-    },
-    "debug": {
-        "history_all_servers": "",
-        "in_memory_logs": "",
-        "jvm_memory_solr": "",
-        "last_modified": "",
-        "login_time": "",
-        "logs": "",
-        "memory": "",
-        "online_users": "",
-        "username": "",
-        "wip": "",
-        "docs": "",
-        "error_show_ip": "",
-        "external_logs": "",
-        "architecture": "",
-        "chart_this_server": "",
-        "containers_info": "",
-        "container_running": "",
-        "container_disabled": "",
-        "container_stopped": "",
-        "cores": "",
-        "current_time": "",
-        "disk_usage": "",
-        "log_info": "",
-        "restart_container": "",
-        "service": "",
-        "show_ip": "",
-        "size": "",
-        "solr_status": "",
-        "started_at": "",
-        "started_on": "",
-        "static_logs": "",
-        "success": "",
-        "system_containers": "",
-        "timezone": "",
-        "uptime": "",
-        "update_available": "",
-        "no_update_available": "",
-        "update_failed": "",
-        "solr_dead": ""
-    },
-    "diagnostics": {
-        "cname_from_a": "",
-        "dns_records": "",
-        "dns_records_docs": "",
-        "dns_records_24hours": "",
-        "dns_records_data": "",
-        "dns_records_name": "",
-        "dns_records_status": "",
-        "dns_records_type": "",
-        "optional": ""
-    },
-    "mailbox": {
-        "last_mail_login": "",
-        "sieve_preset_1": "",
-        "bcc_to_rcpt": "",
-        "bcc_to_sender": "",
-        "bcc_type": "",
-        "booking_null": "",
-        "mailbox_quota": "",
-        "mailboxes": "",
-        "sieve_preset_2": "",
-        "sieve_preset_3": "",
-        "sieve_preset_4": "",
-        "sieve_preset_5": "",
-        "sieve_preset_6": "",
-        "sieve_preset_7": "",
-        "sieve_preset_8": "",
-        "sieve_preset_header": "",
-        "sogo_visible": "",
-        "sogo_visible_n": "",
-        "sogo_visible_y": "",
-        "spam_aliases": "",
-        "stats": "",
-        "status": "",
-        "tls_map_dest": "",
-        "tls_map_parameters": "",
-        "tls_enforce_in": "",
-        "tls_enforce_out": "",
-        "tls_policy_maps_enforced_tls": "",
-        "tls_policy_maps_info": "",
-        "goto_ham": "",
-        "recipient_maps": "",
-        "quarantine_category": "",
-        "quarantine_notification": "",
-        "quick_actions": "",
-        "recipient_map_info": "",
-        "recipient_map_new": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "table_size": "",
-        "alias_domain_backupmx": "",
-        "aliases": "",
-        "empty": "",
-        "enable_x": "",
-        "excludes": "",
-        "filter_table": "",
-        "filters": "",
-        "fname": "",
-        "force_pw_update": "",
-        "recipient": "",
-        "recipient_map": "",
-        "action": "",
-        "activate": "",
-        "active": "",
-        "add": "",
-        "add_alias": "",
-        "add_alias_expand": "",
-        "add_bcc_entry": "",
-        "add_domain": "",
-        "add_domain_alias": "",
-        "add_domain_record_first": "",
-        "add_filter": "",
-        "add_mailbox": "",
-        "add_recipient_map_entry": "",
-        "add_resource": "",
-        "add_template": "",
-        "add_tls_policy_map": "",
-        "address_rewriting": "",
-        "alias": "",
-        "alias_domain_alias_hint": "",
-        "all_domains": "",
-        "allow_from_smtp": "",
-        "allow_from_smtp_info": "",
-        "allowed_protocols": "",
-        "backup_mx": "",
-        "bcc": "",
-        "bcc_destination": "",
-        "bcc_destinations": "",
-        "bcc_info": "",
-        "bcc_local_dest": "",
-        "bcc_map": "",
-        "bcc_map_type": "",
-        "bcc_maps": "",
-        "bcc_rcpt_map": "",
-        "bcc_sender_map": "",
-        "booking_0_short": "",
-        "booking_custom": "",
-        "booking_custom_short": "",
-        "booking_ltnull": "",
-        "booking_lt0_short": "",
-        "catch_all": "",
-        "created_on": "",
-        "daily": "",
-        "deactivate": "",
-        "description": "",
-        "disable_login": "",
-        "disable_x": "",
-        "dkim_domains_selector": "",
-        "dkim_key_length": "",
-        "domain": "",
-        "domain_admins": "",
-        "domain_quota_total": "",
-        "edit": "",
-        "gal": "",
-        "goto_spam": "",
-        "hourly": "",
-        "in_use": "",
-        "inactive": "",
-        "insert_preset": "",
-        "kind": "",
-        "last_modified": "",
-        "last_pw_change": "",
-        "last_run": "",
-        "last_run_reset": "",
-        "mailbox": "",
-        "mailbox_defaults": "",
-        "mailbox_defaults_info": "",
-        "mailbox_defquota": "",
-        "mailbox_templates": "",
-        "max_aliases": "",
-        "max_mailboxes": "",
-        "max_quota": "",
-        "mins_interval": "",
-        "msg_num": "",
-        "never": "",
-        "no": "",
-        "no_record": "",
-        "no_record_single": "",
-        "open_logs": "",
-        "owner": "",
-        "private_comment": "",
-        "public_comment": "",
-        "q_add_header": "",
-        "q_all": "",
-        "q_reject": "",
-        "recipient_map_new_info": "",
-        "recipient_map_old": "",
-        "recipient_map_old_info": "",
-        "relay_all": "",
-        "relay_unknown": "",
-        "remove": "",
-        "resources": "",
-        "running": "",
-        "sender": "",
-        "set_postfilter": "",
-        "set_prefilter": "",
-        "sieve_info": "",
-        "sync_jobs": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "table_size_show_n": "",
-        "target_address": "",
-        "target_domain": "",
-        "templates": "",
-        "template": "",
-        "tls_map_parameters_info": "",
-        "tls_map_policy": "",
-        "tls_policy_maps": "",
-        "tls_policy_maps_long": "",
-        "toggle_all": "",
-        "username": "",
-        "waiting": "",
-        "weekly": "",
-        "yes": "",
-        "multiple_bookings": "",
-        "domain_aliases": "",
-        "domain_templates": "",
-        "domain_quota": "",
-        "domains": "",
-        "tls_map_dest_info": ""
-    },
-    "quarantine": {
-        "high_danger": "",
-        "quick_delete_link": "",
-        "quick_info_link": "",
-        "quick_release_link": "",
-        "rcpt": "",
-        "received": "",
-        "recipients": "",
-        "text_from_html_content": "",
-        "text_plain_content": "",
-        "qitem": "",
-        "quick_actions": "",
-        "refresh": "",
-        "show_item": "",
-        "spam": "",
-        "spam_score": "",
-        "action": "",
-        "atts": "",
-        "check_hash": "",
-        "confirm": "",
-        "confirm_delete": "",
-        "danger": "",
-        "deliver_inbox": "",
-        "disabled_by_config": "",
-        "download_eml": "",
-        "empty": "",
-        "info": "",
-        "junk_folder": "",
-        "learn_spam_delete": "",
-        "low_danger": "",
-        "medium_danger": "",
-        "neutral_danger": "",
-        "notified": "",
-        "qhandler_success": "",
-        "qid": "",
-        "qinfo": "",
-        "rejected": "",
-        "release": "",
-        "release_body": "",
-        "release_subject": "",
-        "remove": "",
-        "rewrite_subject": "",
-        "rspamd_result": "",
-        "sender": "",
-        "sender_header": "",
-        "settings_info": "",
-        "subj": "",
-        "table_size": "",
-        "table_size_show_n": "",
-        "toggle_all": "",
-        "type": "",
-        "quarantine": ""
-    },
-    "header": {
-        "mailcow_config": "",
-        "quarantine": "",
-        "restart_sogo": "",
-        "user_settings": "",
-        "apps": "",
-        "administration": "",
-        "debug": "",
-        "email": "",
-        "mailcow_system": "",
-        "restart_netfilter": ""
-    },
-    "info": {
-        "no_action": "",
-        "awaiting_tfa_confirmation": "",
-        "session_expires": ""
-    },
-    "login": {
-        "delayed": "",
-        "login": "",
-        "mobileconfig_info": "",
-        "password": "",
-        "fido2_webauthn": "",
-        "username": "",
-        "other_logins": ""
-    },
-    "queue": {
-        "unhold_mail_legend": "",
-        "delete": "",
-        "flush": "",
-        "info": "",
-        "legend": "",
-        "ays": "",
-        "deliver_mail": "",
-        "deliver_mail_legend": "",
-        "hold_mail": "",
-        "hold_mail_legend": "",
-        "queue_manager": "",
-        "show_message": "",
-        "unban": "",
-        "unhold_mail": ""
-    },
-    "ratelimit": {
-        "disabled": "",
-        "second": "",
-        "minute": "",
-        "hour": "",
-        "day": ""
-    },
-    "tfa": {
-        "authenticators": "",
-        "api_register": "",
-        "confirm": "",
-        "confirm_totp_token": "",
-        "error_code": "",
-        "init_webauthn": "",
-        "key_id": "",
-        "key_id_totp": "",
-        "none": "",
-        "reload_retry": "",
-        "select": "",
-        "scan_qr_code": "",
-        "set_tfa": "",
-        "start_webauthn_validation": "",
-        "tfa": "",
-        "tfa_token_invalid": "",
-        "totp": "",
-        "u2f_deprecated": "",
-        "u2f_deprecated_important": "",
-        "webauthn": "",
-        "waiting_usb_auth": "",
-        "waiting_usb_register": "",
-        "yubi_otp": "",
-        "delete_tfa": "",
-        "disable_tfa": "",
-        "enter_qr_code": ""
-    },
-    "acl": {
-        "alias_domains": "",
-        "app_passwds": "",
-        "bcc_maps": "",
-        "delimiter_action": "",
-        "domain_desc": "",
-        "domain_relayhost": "",
-        "eas_reset": "",
-        "extend_sender_acl": "",
-        "filters": "",
-        "login_as": "",
-        "mailbox_relayhost": "",
-        "prohibited": "",
-        "protocol_access": "",
-        "pushover": "",
-        "quarantine": "",
-        "quarantine_attachments": "",
-        "quarantine_category": "",
-        "quarantine_notification": "",
-        "ratelimit": "",
-        "recipient_maps": "",
-        "smtp_ip_access": "",
-        "sogo_access": "",
-        "sogo_profile_reset": "",
-        "spam_alias": "",
-        "spam_policy": "",
-        "spam_score": "",
-        "syncjobs": "",
-        "tls_policy": "",
-        "unlimited_quota": ""
-    },
-    "add": {
-        "activate_filter_warn": "",
-        "active": "",
-        "add": "",
-        "add_domain_only": "",
-        "add_domain_restart": "",
-        "alias_address": "",
-        "alias_address_info": "",
-        "alias_domain": "",
-        "alias_domain_info": "",
-        "app_name": "",
-        "app_password": "",
-        "app_passwd_protocols": "",
-        "automap": "",
-        "backup_mx_options": "",
-        "bcc_dest_format": "",
-        "comment_info": "",
-        "custom_params": "",
-        "custom_params_hint": "",
-        "delete1": "",
-        "delete2": "",
-        "enc_method": "",
-        "delete2duplicates": "",
-        "description": "",
-        "destination": "",
-        "disable_login": "",
-        "domain": "",
-        "domain_matches_hostname": "",
-        "domain_quota_m": "",
-        "generate": "",
-        "tags": "",
-        "dry": "",
-        "exclude": "",
-        "full_name": "",
-        "gal": "",
-        "gal_info": "",
-        "goto_ham": "",
-        "goto_null": "",
-        "goto_spam": "",
-        "hostname": "",
-        "inactive": "",
-        "kind": "",
-        "mailbox_quota_def": "",
-        "mailbox_quota_m": "",
-        "mailbox_username": "",
-        "max_aliases": "",
-        "max_mailboxes": "",
-        "mins_interval": "",
-        "multiple_bookings": "",
-        "nexthop": "",
-        "password": "",
-        "password_repeat": "",
-        "port": "",
-        "post_domain_add": "",
-        "private_comment": "",
-        "public_comment": "",
-        "quota_mb": "",
-        "relay_all": "",
-        "relay_all_info": "",
-        "relay_domain": "",
-        "relay_transport_info": "",
-        "relay_unknown_only": "",
-        "relayhost_wrapped_tls_info": "",
-        "select": "",
-        "select_domain": "",
-        "sieve_desc": "",
-        "sieve_type": "",
-        "skipcrossduplicates": "",
-        "subscribeall": "",
-        "syncjob": "",
-        "syncjob_hint": "",
-        "target_address": "",
-        "target_address_info": "",
-        "target_domain": "",
-        "timeout1": "",
-        "timeout2": "",
-        "username": "",
-        "validate": "",
-        "validation_success": ""
-    },
-    "datatables": {
-        "collapse_all": "",
-        "decimal": "",
-        "emptyTable": "",
-        "expand_all": "",
-        "info": "",
-        "infoEmpty": "",
-        "infoFiltered": "",
-        "thousands": "",
-        "loadingRecords": "",
-        "processing": "",
-        "search": "",
-        "zeroRecords": "",
-        "paginate": {
-            "first": "",
-            "last": "",
-            "next": "",
-            "previous": ""
-        },
-        "aria": {
-            "sortAscending": "",
-            "sortDescending": ""
-        },
-        "lengthMenu": "",
-        "infoPostFix": ""
-    },
-    "fido2": {
-        "confirm": "",
-        "fido2_auth": "",
-        "fido2_success": "",
-        "fido2_validation_failed": "",
-        "fn": "",
-        "known_ids": "",
-        "none": "",
-        "register_status": "",
-        "rename": "",
-        "set_fido2": "",
-        "set_fido2_touchid": "",
-        "set_fn": "",
-        "start_fido2_validation": ""
-    },
-    "footer": {
-        "cancel": "",
-        "confirm_delete": "",
-        "delete_now": "",
-        "delete_these_items": "",
-        "hibp_check": "",
-        "hibp_nok": "",
-        "hibp_ok": "",
-        "loading": "",
-        "nothing_selected": "",
-        "restart_container": "",
-        "restart_container_info": "",
-        "restart_now": "",
-        "restarting_container": ""
-    },
-    "oauth2": {
-        "access_denied": "",
-        "authorize_app": "",
-        "deny": "",
-        "permit": "",
-        "profile": "",
-        "profile_desc": "",
-        "scope_ask_permission": ""
-    },
-    "start": {
-        "help": "",
-        "imap_smtp_server_auth_info": "",
-        "mailcow_apps_detail": "",
-        "mailcow_panel_detail": ""
+        "is_not_primary_alias": "Παραλείφθηκε μη πρωτεύον ψευδώνυμο %s"
     }
 }
diff --git a/data/web/lang/lang.hu-hu.json b/data/web/lang/lang.hu-hu.json
index 9cebcd776..e9762ff51 100644
--- a/data/web/lang/lang.hu-hu.json
+++ b/data/web/lang/lang.hu-hu.json
@@ -129,118 +129,7 @@
         "customize": "Testreszabás",
         "destination": "Célállomás",
         "customer_id": "Ügyfél azonosító",
-        "apps_name": "\"mailcow Apps\" név",
-        "oauth2_redirect_uri": "",
-        "hash_remove_info": "",
-        "ip_check_opt_in": "",
-        "license_info": "",
-        "message_size": "",
-        "nexthop": "",
-        "no_active_bans": "",
-        "no_new_rows": "",
-        "no_record": "",
-        "oauth2_apps": "",
-        "oauth2_add_client": "",
-        "oauth2_client_id": "",
-        "oauth2_client_secret": "",
-        "oauth2_info": "",
-        "oauth2_renew_secret": "",
-        "oauth2_revoke_tokens": "",
-        "optional": "",
-        "options": "",
-        "password": "",
-        "password_length": "",
-        "password_policy": "",
-        "password_policy_chars": "",
-        "password_policy_length": "",
-        "password_policy_lowerupper": "",
-        "password_policy_numbers": "",
-        "password_policy_special_chars": "",
-        "password_repeat": "",
-        "priority": "",
-        "private_key": "",
-        "quarantine": "",
-        "quarantine_exclude_domains": "",
-        "quarantine_release_format_raw": "",
-        "quarantine_retention_size": "",
-        "quota_notification_html": "",
-        "quota_notification_sender": "",
-        "quota_notification_subject": "",
-        "quota_notifications": "",
-        "quota_notifications_info": "",
-        "quota_notifications_vars": "",
-        "r_active": "",
-        "r_inactive": "",
-        "rsettings_preset_1": "",
-        "rsettings_preset_2": "",
-        "rsettings_preset_3": "",
-        "rsettings_preset_4": "",
-        "rspamd_com_settings": "",
-        "rspamd_global_filters": "",
-        "rspamd_global_filters_info": "",
-        "transports_hint": "",
-        "ui_footer": "",
-        "ui_header_announcement_type_danger": "",
-        "ui_header_announcement_type_info": "",
-        "ui_header_announcement_type_warning": "",
-        "ui_texts": "",
-        "unban_pending": "",
-        "unchanged_if_empty": "",
-        "validate_license_now": "",
-        "yes": "",
-        "sal_level": "",
-        "main_name": "",
-        "quarantine_max_age": "",
-        "quarantine_max_score": "",
-        "quarantine_max_size": "",
-        "queue_unban": "",
-        "reset_default": "",
-        "reset_limit": "",
-        "remove": "",
-        "no": "",
-        "rate_name": "",
-        "merged_vars_hint": "",
-        "message": "",
-        "rsetting_desc": "",
-        "rsetting_no_selection": "",
-        "rsetting_none": "",
-        "rsettings_insert_preset": "",
-        "r_info": "",
-        "refresh": "",
-        "regen_api_key": "",
-        "regex_maps": "",
-        "relay_from": "",
-        "relay_rcpt": "",
-        "relay_run": "",
-        "relayhosts": "",
-        "relayhosts_hint": "",
-        "remove_row": "",
-        "rspamd_global_filters_regex": "",
-        "rspamd_settings_map": "",
-        "service_id": "",
-        "success": "",
-        "transport_maps": "",
-        "transport_test_rcpt_info": "",
-        "quarantine_notification_html": "",
-        "quarantine_notification_sender": "",
-        "quarantine_notification_subject": "",
-        "quarantine_redirect": "",
-        "quarantine_release_format": "",
-        "quarantine_release_format_att": "",
-        "routing": "",
-        "rsetting_add_rule": "",
-        "rsetting_content": "",
-        "ui_header_announcement": "",
-        "ui_header_announcement_active": "",
-        "ui_header_announcement_content": "",
-        "ui_header_announcement_help": "",
-        "ui_header_announcement_select": "",
-        "ui_header_announcement_type": "",
-        "recipients": "",
-        "quarantine_bcc": "",
-        "rspamd_global_filters_agree": "",
-        "service": "",
-        "lookup_mx": ""
+        "apps_name": "\"mailcow Apps\" név"
     },
     "edit": {
         "active": "Aktív",
@@ -257,121 +146,7 @@
         "description": "Leírás",
         "domain_quota": "Domain kvóta",
         "domains": "Domainek",
-        "edit_alias_domain": "Alias domain szerkesztése",
-        "footer_exclude": "",
-        "max_aliases": "",
-        "max_mailboxes": "",
-        "max_quota": "",
-        "maxage": "",
-        "maxbytespersecond": "",
-        "grant_types": "",
-        "last_modified": "",
-        "sogo_visible": "",
-        "force_pw_update": "",
-        "sogo_access": "",
-        "mailbox": "",
-        "mailbox_quota_def": "",
-        "sogo_visible_info": "",
-        "spam_alias": "",
-        "spam_filter": "",
-        "spam_score": "",
-        "subfolder2": "",
-        "syncjob": "",
-        "target_address": "",
-        "target_domain": "",
-        "timeout1": "",
-        "timeout2": "",
-        "unchanged_if_empty": "",
-        "username": "",
-        "custom_attributes": "",
-        "delete2": "",
-        "delete2duplicates": "",
-        "delete_ays": "",
-        "disable_login": "",
-        "domain": "",
-        "domain_admin": "",
-        "spam_policy": "",
-        "domain_footer_skip_replies": "",
-        "encryption": "",
-        "exclude": "",
-        "extended_sender_acl": "",
-        "extended_sender_acl_info": "",
-        "relay_all": "",
-        "relay_domain": "",
-        "full_name": "",
-        "generate": "",
-        "admin": "",
-        "created_on": "",
-        "multiple_bookings": "",
-        "acl": "",
-        "pushover_sound": "",
-        "app_passwd_protocols": "",
-        "automap": "",
-        "bcc_dest_format": "",
-        "comment_info": "",
-        "delete1": "",
-        "domain_footer": "",
-        "domain_footer_html": "",
-        "domain_footer_info": "",
-        "domain_footer_info_vars": {
-            "auth_user": "",
-            "from_user": "",
-            "from_name": "",
-            "from_addr": "",
-            "from_domain": "",
-            "custom": ""
-        },
-        "domain_footer_plain": "",
-        "dont_check_sender_acl": "",
-        "force_pw_update_info": "",
-        "mbox_rl_info": "",
-        "mins_interval": "",
-        "mailbox_relayhost_info": "",
-        "none_inherit": "",
-        "nexthop": "",
-        "password": "",
-        "previous": "",
-        "private_comment": "",
-        "public_comment": "",
-        "pushover": "",
-        "pushover_evaluate_x_prio": "",
-        "pushover_info": "",
-        "pushover_only_x_prio": "",
-        "pushover_sender_array": "",
-        "pushover_sender_regex": "",
-        "pushover_text": "",
-        "pushover_title": "",
-        "pushover_vars": "",
-        "pushover_verify": "",
-        "quota_mb": "",
-        "quota_warning_bcc": "",
-        "quota_warning_bcc_info": "",
-        "redirect_uri": "",
-        "relay_all_info": "",
-        "sender_acl": "",
-        "sender_acl_disabled": "",
-        "sieve_type": "",
-        "skipcrossduplicates": "",
-        "sogo_access_info": "",
-        "validate_save": "",
-        "inactive": "",
-        "gal": "",
-        "gal_info": "",
-        "hostname": "",
-        "kind": "",
-        "scope": "",
-        "password_repeat": "",
-        "ratelimit": "",
-        "relay_transport_info": "",
-        "relay_unknown_only": "",
-        "relayhost": "",
-        "remove": "",
-        "resource": "",
-        "save": "",
-        "sender_acl_info": "",
-        "sieve_desc": "",
-        "title": "",
-        "lookup_mx": ""
+        "edit_alias_domain": "Alias domain szerkesztése"
     },
     "footer": {
         "cancel": "Mégse",
@@ -384,9 +159,7 @@
         "restart_container": "Konténer újraindítása",
         "restart_container_info": "<b>Fontos:</b> A teljes újraindulás eltarthat egy ideig, kérjük várjon, amíg befejeződik!",
         "restart_now": "Újraindítás most",
-        "restarting_container": "Konténer újraindítása. Ez eltarthat egy darabig.",
-        "nothing_selected": "",
-        "hibp_check": ""
+        "restarting_container": "Konténer újraindítása. Ez eltarthat egy darabig."
     },
     "header": {
         "administration": "Beállítások és részletek",
@@ -397,8 +170,7 @@
         "quarantine": "Karantén",
         "restart_netfilter": "Netfilter újraindítása",
         "restart_sogo": "SOGo újraindítása",
-        "user_settings": "Felhasználó beállításai",
-        "mailcow_system": ""
+        "user_settings": "Felhasználó beállításai"
     },
     "info": {
         "awaiting_tfa_confirmation": "TFA megerősítésre várakozás",
@@ -410,9 +182,7 @@
         "login": "Bejelentkezés",
         "mobileconfig_info": "A kért Apple kapcsolat profil letöltéséhez jelentkezzen be, mint postafiók-felhasználó.",
         "password": "Jelszó",
-        "username": "Felhasználónév",
-        "other_logins": "",
-        "fido2_webauthn": ""
+        "username": "Felhasználónév"
     },
     "mailbox": {
         "action": "Művelet",
@@ -507,87 +277,7 @@
         "toggle_all": "Összes átváltása",
         "username": "Felhasználónév",
         "waiting": "Várakozás",
-        "weekly": "Hetente",
-        "sieve_preset_6": "",
-        "sieve_preset_8": "",
-        "sender": "",
-        "set_postfilter": "",
-        "set_prefilter": "",
-        "sieve_info": "",
-        "sieve_preset_header": "",
-        "sogo_visible": "",
-        "mailbox_defaults_info": "",
-        "mailbox_templates": "",
-        "q_reject": "",
-        "quarantine_category": "",
-        "recipient_map_old_info": "",
-        "relay_all": "",
-        "relay_unknown": "",
-        "sieve_preset_1": "",
-        "sieve_preset_2": "",
-        "sieve_preset_3": "",
-        "sieve_preset_4": "",
-        "sieve_preset_5": "",
-        "sieve_preset_7": "",
-        "sogo_visible_n": "",
-        "sogo_visible_y": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "templates": "",
-        "tls_policy_maps_enforced_tls": "",
-        "tls_policy_maps_info": "",
-        "tls_map_policy": "",
-        "booking_custom_short": "",
-        "booking_ltnull": "",
-        "booking_lt0_short": "",
-        "catch_all": "",
-        "created_on": "",
-        "dkim_domains_selector": "",
-        "dkim_key_length": "",
-        "domain_templates": "",
-        "template": "",
-        "add_alias_expand": "",
-        "add_template": "",
-        "alias_domain_alias_hint": "",
-        "all_domains": "",
-        "bcc_info": "",
-        "bcc_map_type": "",
-        "bcc_maps": "",
-        "bcc_rcpt_map": "",
-        "bcc_sender_map": "",
-        "bcc_to_rcpt": "",
-        "bcc_to_sender": "",
-        "bcc_type": "",
-        "booking_null": "",
-        "booking_0_short": "",
-        "booking_custom": "",
-        "domain_quota_total": "",
-        "gal": "",
-        "goto_ham": "",
-        "goto_spam": "",
-        "last_modified": "",
-        "last_pw_change": "",
-        "mailbox_defaults": "",
-        "max_aliases": "",
-        "max_mailboxes": "",
-        "max_quota": "",
-        "no": "",
-        "open_logs": "",
-        "q_all": "",
-        "recipient": "",
-        "recipient_map_info": "",
-        "recipient_map_new_info": "",
-        "q_add_header": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "tls_policy_maps": "",
-        "tls_policy_maps_long": "",
-        "yes": ""
+        "weekly": "Hetente"
     },
     "oauth2": {
         "access_denied": "Kérjük jelentkezzen be postafiók felhasználójával az OAuth2 használatához.",
@@ -634,38 +324,10 @@
         "table_size_show_n": "%s tétel mutatása",
         "text_from_html_content": "Tartalom (konvertált html)",
         "text_plain_content": "Tartalom (sima szöveg)",
-        "toggle_all": "Összes átkapcsolása",
-        "settings_info": "",
-        "info": "",
-        "junk_folder": "",
-        "disabled_by_config": "",
-        "qhandler_success": "",
-        "release_body": "",
-        "spam": "",
-        "type": "",
-        "quick_info_link": "",
-        "check_hash": "",
-        "confirm": "",
-        "deliver_inbox": "",
-        "rejected": "",
-        "rewrite_subject": "",
-        "qid": ""
+        "toggle_all": "Összes átkapcsolása"
     },
     "queue": {
-        "queue_manager": "Queue Manager",
-        "delete": "",
-        "flush": "",
-        "info": "",
-        "legend": "",
-        "ays": "",
-        "deliver_mail": "",
-        "deliver_mail_legend": "",
-        "hold_mail": "",
-        "hold_mail_legend": "",
-        "show_message": "",
-        "unban": "",
-        "unhold_mail": "",
-        "unhold_mail_legend": ""
+        "queue_manager": "Queue Manager"
     },
     "start": {
         "help": "Súgó panel megjelenítése/elrejtése",
@@ -720,44 +382,7 @@
         "resource_modified": "Postafiók %s módosításai mentve",
         "resource_removed": "Erőforrás %s eltávolítva",
         "saved_settings": "Beállítások mentve",
-        "upload_success": "File sikeresen feltöltve",
-        "reset_main_logo": "",
-        "template_removed": "",
-        "cors_headers_edited": "",
-        "domain_footer_modified": "",
-        "f2b_banlist_refreshed": "",
-        "bcc_saved": "",
-        "domain_add_dkim_available": "",
-        "dkim_duplicated": "",
-        "f2b_modified": "",
-        "forwarding_host_added": "",
-        "forwarding_host_removed": "",
-        "ip_check_opt_in_modified": "",
-        "nginx_reloaded": "",
-        "acl_saved": "",
-        "bcc_deleted": "",
-        "bcc_edited": "",
-        "password_policy_saved": "",
-        "pushover_settings_edited": "",
-        "queue_command_success": "",
-        "recipient_map_entry_deleted": "",
-        "recipient_map_entry_saved": "",
-        "relayhost_added": "",
-        "relayhost_removed": "",
-        "template_added": "",
-        "template_modified": "",
-        "rl_saved": "",
-        "rspamd_ui_pw_set": "",
-        "settings_map_added": "",
-        "settings_map_removed": "",
-        "sogo_profile_reset": "",
-        "tls_policy_map_entry_deleted": "",
-        "tls_policy_map_entry_saved": "",
-        "ui_texts": "",
-        "verified_fido2_login": "",
-        "verified_totp_login": "",
-        "verified_webauthn_login": "",
-        "verified_yotp_login": ""
+        "upload_success": "File sikeresen feltöltve"
     },
     "user": {
         "action": "Művelet",
@@ -858,70 +483,7 @@
         "waiting": "Várakozás",
         "week": "hét",
         "weekly": "heti",
-        "weeks": "hét",
-        "aliases_send_as_all": "",
-        "app_hint": "",
-        "direct_aliases_desc": "",
-        "sogo_profile_reset_now": "",
-        "aliases_also_send_as": "",
-        "apple_connection_profile_complete": "",
-        "apple_connection_profile_mailonly": "",
-        "apple_connection_profile_with_app_password": "",
-        "attribute": "",
-        "change_password_hint_app_passwords": "",
-        "clear_recent_successful_connections": "",
-        "eas_reset_help": "",
-        "empty": "",
-        "shared_aliases_desc": "",
-        "value": "",
-        "allowed_protocols": "",
-        "last_pw_change": "",
-        "direct_protocol_access": "",
-        "fido2_webauthn": "",
-        "from": "",
-        "mailbox_general": "",
-        "mailbox_settings": "",
-        "month": "",
-        "months": "",
-        "open_logs": "",
-        "open_webmail_sso": "",
-        "pushover_evaluate_x_prio": "",
-        "pushover_info": "",
-        "pushover_only_x_prio": "",
-        "pushover_sender_array": "",
-        "pushover_sender_regex": "",
-        "pushover_text": "",
-        "pushover_title": "",
-        "pushover_sound": "",
-        "q_all": "",
-        "sogo_profile_reset": "",
-        "sogo_profile_reset_help": "",
-        "spamfilter_table_domain_policy": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "tls_policy_warning": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "last_ui_login": "",
-        "q_add_header": "",
-        "q_reject": "",
-        "quarantine_category": "",
-        "quarantine_category_info": "",
-        "recent_successful_connections": "",
-        "created_on": "",
-        "is_catch_all": "",
-        "login_history": "",
-        "mailbox": "",
-        "pushover_vars": "",
-        "pushover_verify": "",
-        "with_app_password": "",
-        "year": "",
-        "years": ""
+        "weeks": "hét"
     },
     "warning": {
         "cannot_delete_self": "Bejelentkezett felhasználó nem törölhető.",
@@ -929,12 +491,7 @@
         "no_active_admin": "Utolsó aktív admin felhasználó nem deaktiválható.",
         "quota_exceeded_scope": "Domain kvóta átlépve: csak korlátok nélküli postafiókok hozhatók létre ebben a domain-ben.",
         "session_token": "Űrlap-token érvénytelen: Tokenek nem egyeznek",
-        "session_ua": "Űrlap-token érvénytelen: User-Agent hitelesítési probléma",
-        "domain_added_sogo_failed": "",
-        "dovecot_restart_failed": "",
-        "fuzzy_learn_error": "",
-        "hash_not_found": "",
-        "is_not_primary_alias": ""
+        "session_ua": "Űrlap-token érvénytelen: User-Agent hitelesítési probléma"
     },
     "acl": {
         "delimiter_action": "Elhatárolás",
@@ -968,15 +525,7 @@
         "sogo_access": "A SOGo-hozzáférés kezelésének lehetővé tétele"
     },
     "diagnostics": {
-        "dns_records": "DNS bejegyzések",
-        "dns_records_data": "",
-        "dns_records_name": "",
-        "dns_records_status": "",
-        "cname_from_a": "",
-        "dns_records_24hours": "",
-        "dns_records_docs": "",
-        "dns_records_type": "",
-        "optional": ""
+        "dns_records": "DNS bejegyzések"
     },
     "add": {
         "username": "Felhasználónév",
@@ -1040,270 +589,6 @@
         "alias_domain": "Alias domain",
         "alias_domain_info": "<small>Csak érvényes tartománynevek (vesszővel elválasztva).</small>",
         "app_name": "Alkalmazás neve",
-        "app_passwd_protocols": "Engedélyezett protokollok az alkalmazás jelszavához",
-        "multiple_bookings": "",
-        "quota_mb": "",
-        "relay_all": "",
-        "relay_all_info": "",
-        "relay_domain": "",
-        "relay_unknown_only": "",
-        "relayhost_wrapped_tls_info": "",
-        "select_domain": "",
-        "sieve_desc": "",
-        "skipcrossduplicates": "",
-        "relay_transport_info": "",
-        "sieve_type": "",
-        "subscribeall": "",
-        "automap": "",
-        "syncjob": "",
-        "select": ""
-    },
-    "danger": {
-        "webauthn_authenticator_failed": "",
-        "rl_timeframe": "",
-        "mailbox_invalid": "",
-        "is_spam_alias": "",
-        "last_key": "",
-        "access_denied": "",
-        "alias_domain_invalid": "",
-        "alias_empty": "",
-        "alias_goto_identical": "",
-        "alias_invalid": "",
-        "aliasd_targetd_identical": "",
-        "aliases_in_use": "",
-        "bcc_empty": "",
-        "bcc_exists": "",
-        "cors_invalid_method": "",
-        "cors_invalid_origin": "",
-        "domain_cannot_match_hostname": "",
-        "domain_exists": "",
-        "domain_invalid": "",
-        "domain_not_empty": "",
-        "domain_not_found": "",
-        "domain_quota_m_in_use": "",
-        "extended_sender_acl_denied": "",
-        "extra_acl_invalid": "",
-        "extra_acl_invalid_domain": "",
-        "fido2_verification_failed": "",
-        "file_open_error": "",
-        "from_invalid": "",
-        "global_filter_write_error": "",
-        "global_map_invalid": "",
-        "global_map_write_error": "",
-        "goto_empty": "",
-        "goto_invalid": "",
-        "ham_learn_error": "",
-        "imagick_exception": "",
-        "mailbox_quota_exceeded": "",
-        "text_empty": "",
-        "tfa_token_invalid": "",
-        "tls_policy_map_dest_invalid": "",
-        "tls_policy_map_entry_exists": "",
-        "tls_policy_map_parameter_invalid": "",
-        "app_name_empty": "",
-        "app_passwd_id_invalid": "",
-        "private_key_error": "",
-        "img_dimensions_exceeded": "",
-        "img_size_exceeded": "",
-        "login_failed": "",
-        "mailbox_defquota_exceeds_mailbox_maxquota": "",
-        "mailbox_quota_exceeds_domain_quota": "",
-        "mailbox_quota_left_exceeded": "",
-        "mailboxes_in_use": "",
-        "malformed_username": "",
-        "map_content_empty": "",
-        "max_alias_exceeded": "",
-        "next_hop_interferes": "",
-        "next_hop_interferes_any": "",
-        "object_exists": "",
-        "object_is_not_numeric": "",
-        "password_complexity": "",
-        "password_empty": "",
-        "password_mismatch": "",
-        "policy_list_from_exists": "",
-        "policy_list_from_invalid": "",
-        "pushover_credentials_missing": "",
-        "pushover_key": "",
-        "pushover_token": "",
-        "quota_not_0_not_numeric": "",
-        "recipient_map_entry_exists": "",
-        "redis_error": "",
-        "relayhost_invalid": "",
-        "release_send_failed": "",
-        "reset_f2b_regex": "",
-        "resource_invalid": "",
-        "rspamd_ui_pw_length": "",
-        "script_empty": "",
-        "sender_acl_invalid": "",
-        "set_acl_failed": "",
-        "settings_map_invalid": "",
-        "sieve_error": "",
-        "spam_learn_error": "",
-        "subject_empty": "",
-        "target_domain_invalid": "",
-        "targetd_not_found": "",
-        "template_name_invalid": "",
-        "temp_error": "",
-        "totp_verification_failed": "",
-        "transport_dest_exists": "",
-        "webauthn_verification_failed": "",
-        "webauthn_publickey_failed": "",
-        "webauthn_username_failed": "",
-        "unknown": "",
-        "unknown_tfa_method": "",
-        "unlimited_quota_acl": "",
-        "is_alias_or_mailbox": "",
-        "targetd_relay_domain": "",
-        "template_exists": "",
-        "template_id_invalid": "",
-        "no_user_defined": "",
-        "bcc_must_be_email": "",
-        "comment_too_long": "",
-        "defquota_empty": "",
-        "demo_mode_enabled": "",
-        "description_invalid": "",
-        "dkim_domain_or_sel_exists": "",
-        "dkim_domain_or_sel_invalid": "",
-        "img_invalid": "",
-        "img_tmp_missing": "",
-        "invalid_bcc_map_type": "",
-        "invalid_destination": "",
-        "invalid_filter_type": "",
-        "invalid_host": "",
-        "invalid_mime_type": "",
-        "invalid_nexthop": "",
-        "invalid_nexthop_authenticated": "",
-        "invalid_recipient_map_new": "",
-        "invalid_recipient_map_old": "",
-        "ip_list_empty": "",
-        "is_alias": "",
-        "max_mailbox_exceeded": "",
-        "max_quota_in_use": "",
-        "maxquota_empty": "",
-        "network_host_invalid": "",
-        "username_invalid": "",
-        "validity_missing": "",
-        "value_missing": "",
-        "yotp_verification_failed": "",
-        "nginx_reload_failed": "",
-        "filter_type": "",
-        "mysql_error": ""
-    },
-    "debug": {
-        "architecture": "",
-        "started_at": "",
-        "started_on": "",
-        "error_show_ip": "",
-        "external_logs": "",
-        "chart_this_server": "",
-        "containers_info": "",
-        "container_running": "",
-        "container_disabled": "",
-        "online_users": "",
-        "last_modified": "",
-        "login_time": "",
-        "logs": "",
-        "memory": "",
-        "container_stopped": "",
-        "cores": "",
-        "current_time": "",
-        "disk_usage": "",
-        "docs": "",
-        "history_all_servers": "",
-        "in_memory_logs": "",
-        "jvm_memory_solr": "",
-        "log_info": "",
-        "show_ip": "",
-        "size": "",
-        "solr_dead": "",
-        "solr_status": "",
-        "static_logs": "",
-        "success": "",
-        "system_containers": "",
-        "timezone": "",
-        "uptime": "",
-        "update_available": "",
-        "no_update_available": "",
-        "update_failed": "",
-        "username": "",
-        "wip": "",
-        "restart_container": "",
-        "service": ""
-    },
-    "tfa": {
-        "delete_tfa": "",
-        "none": "",
-        "error_code": "",
-        "authenticators": "",
-        "confirm_totp_token": "",
-        "init_webauthn": "",
-        "key_id": "",
-        "select": "",
-        "tfa_token_invalid": "",
-        "u2f_deprecated_important": "",
-        "disable_tfa": "",
-        "enter_qr_code": "",
-        "key_id_totp": "",
-        "reload_retry": "",
-        "scan_qr_code": "",
-        "set_tfa": "",
-        "start_webauthn_validation": "",
-        "tfa": "",
-        "totp": "",
-        "u2f_deprecated": "",
-        "webauthn": "",
-        "waiting_usb_auth": "",
-        "waiting_usb_register": "",
-        "yubi_otp": "",
-        "confirm": "",
-        "api_register": ""
-    },
-    "datatables": {
-        "thousands": "",
-        "lengthMenu": "",
-        "loadingRecords": "",
-        "processing": "",
-        "search": "",
-        "zeroRecords": "",
-        "paginate": {
-            "first": "",
-            "last": "",
-            "previous": "",
-            "next": ""
-        },
-        "aria": {
-            "sortAscending": "",
-            "sortDescending": ""
-        },
-        "emptyTable": "",
-        "expand_all": "",
-        "info": "",
-        "infoEmpty": "",
-        "infoFiltered": "",
-        "collapse_all": "",
-        "infoPostFix": "",
-        "decimal": ""
-    },
-    "ratelimit": {
-        "minute": "",
-        "disabled": "",
-        "second": "",
-        "hour": "",
-        "day": ""
-    },
-    "fido2": {
-        "confirm": "",
-        "fido2_validation_failed": "",
-        "fn": "",
-        "known_ids": "",
-        "none": "",
-        "register_status": "",
-        "rename": "",
-        "set_fido2": "",
-        "fido2_auth": "",
-        "fido2_success": "",
-        "set_fido2_touchid": "",
-        "set_fn": "",
-        "start_fido2_validation": ""
+        "app_passwd_protocols": "Engedélyezett protokollok az alkalmazás jelszavához"
     }
 }
diff --git a/data/web/lang/lang.it-it.json b/data/web/lang/lang.it-it.json
index 5ec671d23..f65278402 100644
--- a/data/web/lang/lang.it-it.json
+++ b/data/web/lang/lang.it-it.json
@@ -341,17 +341,7 @@
         "rsettings_preset_4": "Disattivare Rspamd per un dominio",
         "options": "Opzioni",
         "cors_settings": "Impostazioni CORS",
-        "copy_to_clipboard": "Testo copiato negli appunti!",
-        "logo_normal_label": "",
-        "logo_dark_label": "",
-        "f2b_manage_external": "",
-        "f2b_manage_external_info": "",
-        "allowed_methods": "",
-        "allowed_origins": "",
-        "ip_check": "",
-        "ip_check_disabled": "",
-        "ip_check_opt_in": "",
-        "queue_unban": ""
+        "copy_to_clipboard": "Testo copiato negli appunti!"
     },
     "danger": {
         "access_denied": "Accesso negato o form di login non corretto",
@@ -476,13 +466,7 @@
         "template_exists": "Il template %s esiste già",
         "template_id_invalid": "Il template con ID %s non è valido",
         "img_dimensions_exceeded": "L'immagine supera la dimensione massima consentita",
-        "img_size_exceeded": "L'immagine supera la dimensione massima del file",
-        "webauthn_authenticator_failed": "",
-        "webauthn_username_failed": "",
-        "cors_invalid_method": "",
-        "cors_invalid_origin": "",
-        "webauthn_publickey_failed": "",
-        "extended_sender_acl_denied": ""
+        "img_size_exceeded": "L'immagine supera la dimensione massima del file"
     },
     "debug": {
         "chart_this_server": "Grafico (questo server)",
@@ -519,11 +503,7 @@
         "memory": "Memoria",
         "timezone": "Fuso orario",
         "no_update_available": "Il sistema è aggiornato all'ultima versione",
-        "update_failed": "Impossibile verificare la presenza di un aggiornamento",
-        "architecture": "",
-        "show_ip": "",
-        "wip": "",
-        "error_show_ip": ""
+        "update_failed": "Impossibile verificare la presenza di un aggiornamento"
     },
     "diagnostics": {
         "cname_from_a": "Valore letto dal record A/AAAA. Questo è supportato finché il record punta alla risorsa corretta.",
@@ -652,20 +632,7 @@
         "last_modified": "Ultima modifica",
         "pushover_sound": "Suono",
         "custom_attributes": "Attributi personalizzati",
-        "domain_footer_skip_replies": "Ignora il piè di pagina nelle e-mail di risposta",
-        "footer_exclude": "",
-        "domain_footer_info_vars": {
-            "custom": "",
-            "auth_user": "",
-            "from_user": "",
-            "from_name": "",
-            "from_addr": "",
-            "from_domain": ""
-        },
-        "domain_footer": "",
-        "domain_footer_html": "",
-        "domain_footer_plain": "",
-        "domain_footer_info": ""
+        "domain_footer_skip_replies": "Ignora il piè di pagina nelle e-mail di risposta"
     },
     "fido2": {
         "confirm": "Conferma",
@@ -972,9 +939,7 @@
         "show_message": "Mostra messaggio",
         "unhold_mail": "Sblocca",
         "hold_mail_legend": "Blocca le mail selezionate. (Previene ulteriori tentativi di consegna)",
-        "legend": "Funzioni delle azioni della coda di posta:",
-        "unban": "",
-        "unhold_mail_legend": ""
+        "legend": "Funzioni delle azioni della coda di posta:"
     },
     "start": {
         "help": "Mostra/Nascondi pannello di aiuto",
@@ -1063,10 +1028,7 @@
         "template_added": "Aggiunto template %s",
         "template_modified": "Le modifiche al template %s sono state salvate",
         "template_removed": "Il template con ID %s è stato cancellato",
-        "f2b_banlist_refreshed": "L'ID della lista blocchi è stato aggiornato con successo.",
-        "domain_footer_modified": "",
-        "ip_check_opt_in_modified": "",
-        "cors_headers_edited": ""
+        "f2b_banlist_refreshed": "L'ID della lista blocchi è stato aggiornato con successo."
     },
     "tfa": {
         "api_register": "%s usa le API Yubico Cloud. Richiedi una chiave API <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">qui</a>",
@@ -1302,8 +1264,6 @@
         "aria": {
             "sortAscending": ": attivare l'ordinamento crescente delle colonne",
             "sortDescending": ": attivare l'ordinamento decrescente delle colonne"
-        },
-        "decimal": "",
-        "infoPostFix": ""
+        }
     }
 }
diff --git a/data/web/lang/lang.ko-kr.json b/data/web/lang/lang.ko-kr.json
index a8c9b6c6d..3f3cb1535 100644
--- a/data/web/lang/lang.ko-kr.json
+++ b/data/web/lang/lang.ko-kr.json
@@ -25,10 +25,7 @@
         "syncjobs": "동기화 작업",
         "tls_policy": "TLS 정책",
         "unlimited_quota": "메일에 무제한 할당",
-        "domain_desc": "도메인 설명 변경",
-        "domain_relayhost": "",
-        "mailbox_relayhost": "",
-        "quarantine_category": ""
+        "domain_desc": "도메인 설명 변경"
     },
     "add": {
         "activate_filter_warn": "활성화가 체크되어 있으면 모든 다른 필터들은 비활성화됩니다.",
@@ -104,11 +101,7 @@
         "timeout2": "로컬 호스트 연결 시간 초과",
         "username": "사용자명",
         "validate": "확인하기",
-        "validation_success": "성공적으로 확인됨",
-        "dry": "",
-        "tags": "",
-        "app_passwd_protocols": "",
-        "bcc_dest_format": ""
+        "validation_success": "성공적으로 확인됨"
     },
     "admin": {
         "access": "접근",
@@ -308,50 +301,7 @@
         "username": "사용자 이름",
         "validate_license_now": "라이선스 서버와 GUID 확인",
         "verify": "확인",
-        "yes": "&#10003;",
-        "is_mx_based": "",
-        "optional": "",
-        "oauth2_apps": "",
-        "logo_normal_label": "",
-        "logo_dark_label": "",
-        "f2b_manage_external": "",
-        "copy_to_clipboard": "",
-        "domain_admin": "",
-        "f2b_ban_time_increment": "",
-        "f2b_manage_external_info": "",
-        "f2b_max_ban_time": "",
-        "login_time": "",
-        "oauth2_add_client": "",
-        "allowed_methods": "",
-        "allowed_origins": "",
-        "cors_settings": "",
-        "dkim_overwrite_key": "",
-        "f2b_filter": "",
-        "f2b_regex_info": "",
-        "html": "",
-        "options": "",
-        "password_length": "",
-        "password_policy": "",
-        "ip_check": "",
-        "ip_check_disabled": "",
-        "ip_check_opt_in": "",
-        "queue_unban": "",
-        "service": "",
-        "transport_test_rcpt_info": "",
-        "password_policy_chars": "",
-        "password_policy_length": "",
-        "password_policy_lowerupper": "",
-        "password_policy_numbers": "",
-        "password_policy_special_chars": "",
-        "quarantine_max_score": "",
-        "relay_rcpt": "",
-        "rsettings_preset_4": "",
-        "success": "",
-        "admins": "",
-        "admins_ldap": "",
-        "api_read_only": "",
-        "api_read_write": "",
-        "convert_html_to_text": ""
+        "yes": "&#10003;"
     },
     "danger": {
         "access_denied": "접근이 거부되거나 잘못된 데이터 양식",
@@ -465,24 +415,7 @@
         "username_invalid": "%s는 사용지 이름으로 사용할 수 없습니다.",
         "validity_missing": "유효 기간을 지정해주세요.",
         "value_missing": "모든 값을 입력해주세요.",
-        "yotp_verification_failed": "Yubico OTP 검증 실패: %s",
-        "cors_invalid_method": "",
-        "cors_invalid_origin": "",
-        "img_dimensions_exceeded": "",
-        "img_size_exceeded": "",
-        "webauthn_authenticator_failed": "",
-        "webauthn_publickey_failed": "",
-        "webauthn_username_failed": "",
-        "fido2_verification_failed": "",
-        "nginx_reload_failed": "",
-        "template_exists": "",
-        "template_id_invalid": "",
-        "template_name_invalid": "",
-        "demo_mode_enabled": "",
-        "dkim_domain_or_sel_exists": "",
-        "reset_f2b_regex": "",
-        "tfa_token_invalid": "",
-        "extended_sender_acl_denied": ""
+        "yotp_verification_failed": "Yubico OTP 검증 실패: %s"
     },
     "debug": {
         "chart_this_server": "Chart (this server)",
@@ -504,26 +437,7 @@
         "uptime": "Uptime",
         "started_on": "Started on",
         "static_logs": "Static logs",
-        "system_containers": "System & Containers",
-        "container_running": "",
-        "architecture": "",
-        "container_disabled": "",
-        "cores": "",
-        "current_time": "",
-        "error_show_ip": "",
-        "memory": "",
-        "online_users": "",
-        "service": "",
-        "show_ip": "",
-        "success": "",
-        "timezone": "",
-        "update_available": "",
-        "no_update_available": "",
-        "update_failed": "",
-        "username": "",
-        "wip": "",
-        "login_time": "",
-        "container_stopped": ""
+        "system_containers": "System & Containers"
     },
     "diagnostics": {
         "cname_from_a": "Value derived from A/AAAA record. This is supported as long as the record points to the correct resource.",
@@ -533,8 +447,7 @@
         "dns_records_name": "Name",
         "dns_records_status": "Current State",
         "dns_records_type": "Type",
-        "optional": "This record is optional.",
-        "dns_records_docs": ""
+        "optional": "This record is optional."
     },
     "edit": {
         "active": "Active",
@@ -632,40 +545,7 @@
         "title": "Edit object",
         "unchanged_if_empty": "If unchanged leave blank",
         "username": "Username",
-        "validate_save": "Validate and save",
-        "lookup_mx": "",
-        "footer_exclude": "",
-        "domain_footer_skip_replies": "",
-        "custom_attributes": "",
-        "domain_footer_info_vars": {
-            "from_addr": "",
-            "auth_user": "",
-            "from_user": "",
-            "from_name": "",
-            "from_domain": "",
-            "custom": ""
-        },
-        "domain_footer": "",
-        "domain_footer_html": "",
-        "domain_footer_info": "",
-        "acl": "",
-        "admin": "",
-        "allow_from_smtp": "",
-        "allow_from_smtp_info": "",
-        "allowed_protocols": "",
-        "app_passwd_protocols": "",
-        "domain_footer_plain": "",
-        "created_on": "",
-        "sogo_access": "",
-        "sogo_access_info": "",
-        "spam_filter": "",
-        "mailbox_relayhost_info": "",
-        "none_inherit": "",
-        "pushover": "",
-        "pushover_sound": "",
-        "quota_warning_bcc": "",
-        "quota_warning_bcc_info": "",
-        "ratelimit": ""
+        "validate_save": "Validate and save"
     },
     "footer": {
         "cancel": "Cancel",
@@ -678,9 +558,7 @@
         "restart_container": "Restart container",
         "restart_container_info": "<b>Important:</b> A graceful restart may take a while to complete, please wait for it to finish.",
         "restart_now": "Restart now",
-        "restarting_container": "Restarting container, this may take a while",
-        "nothing_selected": "",
-        "hibp_check": ""
+        "restarting_container": "Restarting container, this may take a while"
     },
     "header": {
         "administration": "Configuration & Details",
@@ -691,8 +569,7 @@
         "quarantine": "Quarantine",
         "restart_netfilter": "Restart netfilter",
         "restart_sogo": "Restart SOGo",
-        "user_settings": "User Settings",
-        "mailcow_system": ""
+        "user_settings": "User Settings"
     },
     "info": {
         "awaiting_tfa_confirmation": "Awaiting TFA confirmation",
@@ -704,9 +581,7 @@
         "login": "Login",
         "mobileconfig_info": "Please login as mailbox user to download the requested Apple connection profile.",
         "password": "Password",
-        "username": "Username",
-        "fido2_webauthn": "",
-        "other_logins": ""
+        "username": "Username"
     },
     "mailbox": {
         "action": "조치",
@@ -847,41 +722,7 @@
         "username": "Username",
         "waiting": "Waiting",
         "weekly": "Weekly",
-        "yes": "&#10003;",
-        "domain_templates": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "allow_from_smtp_info": "",
-        "catch_all": "",
-        "goto_spam": "",
-        "last_pw_change": "",
-        "mailbox_defaults": "",
-        "mailbox_templates": "",
-        "open_logs": "",
-        "sender": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "templates": "",
-        "template": "",
-        "q_reject": "",
-        "q_all": "",
-        "quarantine_category": "",
-        "recipient": "",
-        "add_alias_expand": "",
-        "add_template": "",
-        "all_domains": "",
-        "allow_from_smtp": "",
-        "created_on": "",
-        "goto_ham": "",
-        "mailbox_defaults_info": "",
-        "q_add_header": "",
-        "allowed_protocols": "",
-        "relay_unknown": ""
+        "yes": "&#10003;"
     },
     "oauth2": {
         "access_denied": "Please login as mailbox owner to grant access via OAuth2.",
@@ -933,33 +774,10 @@
         "table_size_show_n": "%s개 항목 보기",
         "text_from_html_content": "내용 (converted html)",
         "text_plain_content": "내용 (text/plain)",
-        "toggle_all": "선택 반전",
-        "rejected": "",
-        "quick_info_link": "",
-        "rewrite_subject": "",
-        "confirm": "",
-        "deliver_inbox": "",
-        "info": "",
-        "junk_folder": "",
-        "settings_info": "",
-        "type": "",
-        "spam": ""
+        "toggle_all": "선택 반전"
     },
     "queue": {
-        "queue_manager": "대기열 관리자",
-        "deliver_mail": "",
-        "deliver_mail_legend": "",
-        "hold_mail": "",
-        "hold_mail_legend": "",
-        "show_message": "",
-        "unhold_mail": "",
-        "unhold_mail_legend": "",
-        "unban": "",
-        "delete": "",
-        "flush": "",
-        "info": "",
-        "legend": "",
-        "ays": ""
+        "queue_manager": "대기열 관리자"
     },
     "start": {
         "help": "Show/Hide help panel",
@@ -1040,18 +858,7 @@
         "upload_success": "File uploaded successfully",
         "verified_totp_login": "Verified TOTP login",
         "verified_webauthn_login": "Verified WebAuthn login",
-        "verified_yotp_login": "Verified Yubico OTP login",
-        "f2b_banlist_refreshed": "",
-        "ip_check_opt_in_modified": "",
-        "domain_footer_modified": "",
-        "domain_add_dkim_available": "",
-        "template_added": "",
-        "template_modified": "",
-        "cors_headers_edited": "",
-        "template_removed": "",
-        "nginx_reloaded": "",
-        "password_policy_saved": "",
-        "verified_fido2_login": ""
+        "verified_yotp_login": "Verified Yubico OTP login"
     },
     "tfa": {
         "api_register": "%s uses the Yubico Cloud API. Please get an API key for your key <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">here</a>",
@@ -1075,11 +882,7 @@
         "webauthn": "WebAuthn authentication",
         "waiting_usb_auth": "<i>Waiting for USB device...</i><br><br>Please tap the button on your WebAuthn USB device now.",
         "waiting_usb_register": "<i>Waiting for USB device...</i><br><br>Please enter your password above and confirm your WebAuthn registration by tapping the button on your WebAuthn USB device.",
-        "yubi_otp": "Yubico OTP authentication",
-        "authenticators": "",
-        "tfa_token_invalid": "",
-        "u2f_deprecated": "",
-        "u2f_deprecated_important": ""
+        "yubi_otp": "Yubico OTP authentication"
     },
     "user": {
         "action": "조치",
@@ -1203,47 +1006,7 @@
         "waiting": "대기중",
         "week": "주",
         "weekly": "매주",
-        "weeks": "주",
-        "mailbox": "",
-        "q_all": "",
-        "q_reject": "",
-        "recent_successful_connections": "",
-        "open_logs": "",
-        "syncjob_check_log": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "open_webmail_sso": "",
-        "value": "",
-        "q_add_header": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "apple_connection_profile_with_app_password": "",
-        "attribute": "",
-        "change_password_hint_app_passwords": "",
-        "clear_recent_successful_connections": "",
-        "created_on": "",
-        "direct_protocol_access": "",
-        "fido2_webauthn": "",
-        "last_pw_change": "",
-        "last_ui_login": "",
-        "login_history": "",
-        "mailbox_general": "",
-        "mailbox_settings": "",
-        "month": "",
-        "pushover_sound": "",
-        "quarantine_category": "",
-        "quarantine_category_info": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "with_app_password": "",
-        "years": "",
-        "syncjob_last_run_result": "",
-        "empty": "",
-        "allowed_protocols": "",
-        "from": "",
-        "months": "",
-        "year": ""
+        "weeks": "주"
     },
     "warning": {
         "cannot_delete_self": "Cannot delete logged in user",
@@ -1255,55 +1018,6 @@
         "no_active_admin": "Cannot deactivate last active admin",
         "quota_exceeded_scope": "Domain quota exceeded: Only unlimited mailboxes can be created in this domain scope.",
         "session_token": "Form token invalid: Token mismatch",
-        "session_ua": "Form token invalid: User-Agent validation error",
-        "is_not_primary_alias": ""
-    },
-    "datatables": {
-        "infoPostFix": "",
-        "decimal": "",
-        "collapse_all": "",
-        "emptyTable": "",
-        "loadingRecords": "",
-        "processing": "",
-        "zeroRecords": "",
-        "info": "",
-        "infoEmpty": "",
-        "infoFiltered": "",
-        "thousands": "",
-        "search": "",
-        "aria": {
-            "sortAscending": "",
-            "sortDescending": ""
-        },
-        "expand_all": "",
-        "lengthMenu": "",
-        "paginate": {
-            "first": "",
-            "last": "",
-            "next": "",
-            "previous": ""
-        }
-    },
-    "fido2": {
-        "fido2_validation_failed": "",
-        "fn": "",
-        "known_ids": "",
-        "none": "",
-        "register_status": "",
-        "rename": "",
-        "set_fido2": "",
-        "set_fido2_touchid": "",
-        "set_fn": "",
-        "start_fido2_validation": "",
-        "confirm": "",
-        "fido2_auth": "",
-        "fido2_success": ""
-    },
-    "ratelimit": {
-        "disabled": "",
-        "second": "",
-        "minute": "",
-        "hour": "",
-        "day": ""
+        "session_ua": "Form token invalid: User-Agent validation error"
     }
 }
diff --git a/data/web/lang/lang.lt-lt.json b/data/web/lang/lang.lt-lt.json
index 11d6cd7fc..f5413b1a9 100644
--- a/data/web/lang/lang.lt-lt.json
+++ b/data/web/lang/lang.lt-lt.json
@@ -27,8 +27,7 @@
         "mailbox_relayhost": "Pakeisti siuntimo serverį pašto dėžutei",
         "prohibited": "Draudžiama pagal ACL",
         "spam_alias": "Laikini slapyvardžiai",
-        "syncjobs": "Sinchronizuoti darbus",
-        "pushover": ""
+        "syncjobs": "Sinchronizuoti darbus"
     },
     "add": {
         "active": "Aktyvus",
@@ -73,42 +72,7 @@
         "domain_matches_hostname": "Domenas %s atitinka serverio vardą",
         "exclude": "Išskirti objektus (regex)",
         "gal": "Visuotinis adresų sąrašas",
-        "gal_info": "GAL (Global Address List) apima visus domeno objektus ir jų negali redaguoti joks vartotojas. SOGo trūksta laisvosios/užimtosios informacijos, jei tai išjungta! <b>Perkraukite SOGo, kad pritaikytumėte pakeitimus.</b>",
-        "comment_info": "",
-        "goto_ham": "",
-        "hostname": "",
-        "kind": "",
-        "mailbox_quota_m": "",
-        "mailbox_username": "",
-        "max_aliases": "",
-        "max_mailboxes": "",
-        "mins_interval": "",
-        "syncjob_hint": "",
-        "tags": "",
-        "target_address": "",
-        "target_address_info": "",
-        "target_domain": "",
-        "timeout1": "",
-        "timeout2": "",
-        "username": "",
-        "validate": "",
-        "validation_success": "",
-        "multiple_bookings": "",
-        "nexthop": "",
-        "port": "",
-        "post_domain_add": "",
-        "private_comment": "",
-        "public_comment": "",
-        "quota_mb": "",
-        "relay_all": "",
-        "relay_all_info": "",
-        "relay_domain": "",
-        "relay_transport_info": "",
-        "relay_unknown_only": "",
-        "relayhost_wrapped_tls_info": "",
-        "skipcrossduplicates": "",
-        "subscribeall": "",
-        "syncjob": ""
+        "gal_info": "GAL (Global Address List) apima visus domeno objektus ir jų negali redaguoti joks vartotojas. SOGo trūksta laisvosios/užimtosios informacijos, jei tai išjungta! <b>Perkraukite SOGo, kad pritaikytumėte pakeitimus.</b>"
     },
     "admin": {
         "access": "Prieiga",
@@ -211,147 +175,7 @@
         "f2b_blacklist": "Tinklai juodajame saraše",
         "loading": "Prašau palaukite...",
         "password_policy_lowerupper": "Privalo turėti mažuosius ir didžiuosius ženklus/raides",
-        "relay_from": "„Nuo:“ adresas",
-        "activate_api": "",
-        "api_read_write": "",
-        "api_skip_ip_check": "",
-        "credentials_transport_warning": "",
-        "customize": "",
-        "destination": "",
-        "dkim_add_key": "",
-        "dkim_domains_selector": "",
-        "dkim_domains_wo_keys": "",
-        "dkim_from_title": "",
-        "dkim_key_missing": "",
-        "dkim_key_unused": "",
-        "dkim_to_title": "",
-        "forwarding_hosts": "",
-        "guid": "",
-        "guid_and_license": "",
-        "logo_info": "",
-        "lookup_mx": "",
-        "main_name": "",
-        "merged_vars_hint": "",
-        "no_active_bans": "",
-        "no_new_rows": "",
-        "oauth2_client_secret": "",
-        "oauth2_redirect_uri": "",
-        "oauth2_revoke_tokens": "",
-        "password_policy": "",
-        "quarantine_bcc": "",
-        "queue_unban": "",
-        "r_info": "",
-        "rate_name": "",
-        "recipients": "",
-        "regex_maps": "",
-        "relayhosts": "",
-        "remove_row": "",
-        "reset_default": "",
-        "rspamd_global_filters_regex": "",
-        "rspamd_settings_map": "",
-        "service": "",
-        "service_id": "",
-        "subject": "",
-        "success": "",
-        "sys_mails": "",
-        "title": "",
-        "title_name": "",
-        "transport_dest_format": "",
-        "transport_maps": "",
-        "ui_texts": "",
-        "unban_pending": "",
-        "unchanged_if_empty": "",
-        "validate_license_now": "",
-        "activate_send": "",
-        "active_rspamd_settings_map": "",
-        "add_forwarding_host": "",
-        "add_relayhost": "",
-        "add_relayhost_hint": "",
-        "add_row": "",
-        "add_transport": "",
-        "add_transports_hint": "",
-        "additional_rows": "",
-        "admin_domains": "",
-        "advanced_settings": "",
-        "allowed_methods": "",
-        "allowed_origins": "",
-        "api_allow_from": "",
-        "api_info": "",
-        "api_read_only": "",
-        "app_links": "",
-        "app_name": "",
-        "apps_name": "",
-        "arrival_time": "",
-        "authed_user": "",
-        "ays": "",
-        "ban_list_info": "",
-        "change_logo": "",
-        "logo_normal_label": "",
-        "logo_dark_label": "",
-        "configuration": "",
-        "excludes": "",
-        "f2b_ban_time": "",
-        "f2b_ban_time_increment": "",
-        "f2b_list_info": "",
-        "f2b_manage_external": "",
-        "f2b_manage_external_info": "",
-        "f2b_max_attempts": "",
-        "f2b_max_ban_time": "",
-        "f2b_netban_ipv4": "",
-        "f2b_netban_ipv6": "",
-        "f2b_regex_info": "",
-        "f2b_retry_window": "",
-        "forwarding_hosts_add_hint": "",
-        "forwarding_hosts_hint": "",
-        "hash_remove_info": "",
-        "help_text": "",
-        "host": "",
-        "in_use_by": "",
-        "include_exclude": "",
-        "include_exclude_info": "",
-        "includes": "",
-        "ip_check": "",
-        "ip_check_disabled": "",
-        "ip_check_opt_in": "",
-        "is_mx_based": "",
-        "last_applied": "",
-        "license_info": "",
-        "link": "",
-        "oauth2_info": "",
-        "priority": "",
-        "quarantine_exclude_domains": "",
-        "quarantine_max_age": "",
-        "quarantine_max_score": "",
-        "quarantine_max_size": "",
-        "quarantine_notification_html": "",
-        "quarantine_notification_subject": "",
-        "quarantine_redirect": "",
-        "quarantine_release_format": "",
-        "quarantine_retention_size": "",
-        "quota_notification_html": "",
-        "quota_notification_sender": "",
-        "quota_notification_subject": "",
-        "quota_notifications_info": "",
-        "quota_notifications_vars": "",
-        "relayhosts_hint": "",
-        "reset_limit": "",
-        "routing": "",
-        "rsetting_content": "",
-        "rsetting_no_selection": "",
-        "rsetting_none": "",
-        "rsettings_insert_preset": "",
-        "rsettings_preset_1": "",
-        "rsettings_preset_2": "",
-        "rsettings_preset_3": "",
-        "rsettings_preset_4": "",
-        "rspamd_com_settings": "",
-        "rspamd_global_filters": "",
-        "rspamd_global_filters_info": "",
-        "transport_test_rcpt_info": "",
-        "transports_hint": "",
-        "ui_footer": "",
-        "ui_header_announcement_active": "",
-        "ui_header_announcement_help": ""
+        "relay_from": "„Nuo:“ adresas"
     },
     "danger": {
         "demo_mode_enabled": "Demo Režimas įjungtas",
@@ -370,250 +194,12 @@
         "mailbox_quota_left_exceeded": "Per mažai vietos diske (liko %d MiB)",
         "comment_too_long": "Komentaeas per ilgas, maksimalus leistinas simbolių skaičius yra 160",
         "nginx_reload_failed": "Nginx perkrovimas nepavyko: %s",
-        "invalid_filter_type": "Netinkamas filtro tipas",
-        "access_denied": "",
-        "alias_domain_invalid": "",
-        "alias_empty": "",
-        "alias_goto_identical": "",
-        "alias_invalid": "",
-        "aliasd_targetd_identical": "",
-        "aliases_in_use": "",
-        "app_name_empty": "",
-        "global_filter_write_error": "",
-        "global_map_invalid": "",
-        "global_map_write_error": "",
-        "no_user_defined": "",
-        "app_passwd_id_invalid": "",
-        "bcc_empty": "",
-        "bcc_exists": "",
-        "bcc_must_be_email": "",
-        "cors_invalid_method": "",
-        "cors_invalid_origin": "",
-        "defquota_empty": "",
-        "dkim_domain_or_sel_exists": "",
-        "dkim_domain_or_sel_invalid": "",
-        "domain_cannot_match_hostname": "",
-        "domain_not_empty": "",
-        "extended_sender_acl_denied": "",
-        "extra_acl_invalid": "",
-        "extra_acl_invalid_domain": "",
-        "fido2_verification_failed": "",
-        "from_invalid": "",
-        "goto_empty": "",
-        "goto_invalid": "",
-        "ham_learn_error": "",
-        "imagick_exception": "",
-        "img_dimensions_exceeded": "",
-        "img_size_exceeded": "",
-        "img_tmp_missing": "",
-        "invalid_bcc_map_type": "",
-        "invalid_destination": "",
-        "invalid_host": "",
-        "invalid_nexthop": "",
-        "invalid_nexthop_authenticated": "",
-        "invalid_recipient_map_new": "",
-        "invalid_recipient_map_old": "",
-        "ip_list_empty": "",
-        "is_alias": "",
-        "is_alias_or_mailbox": "",
-        "is_spam_alias": "",
-        "last_key": "",
-        "mailbox_invalid": "",
-        "mailbox_quota_exceeded": "",
-        "mailbox_quota_exceeds_domain_quota": "",
-        "mailboxes_in_use": "",
-        "malformed_username": "",
-        "map_content_empty": "",
-        "max_alias_exceeded": "",
-        "max_mailbox_exceeded": "",
-        "max_quota_in_use": "",
-        "maxquota_empty": "",
-        "network_host_invalid": "",
-        "next_hop_interferes": "",
-        "next_hop_interferes_any": "",
-        "object_exists": "",
-        "object_is_not_numeric": "",
-        "password_complexity": "",
-        "password_empty": "",
-        "password_mismatch": "",
-        "policy_list_from_exists": "",
-        "policy_list_from_invalid": "",
-        "private_key_error": "",
-        "pushover_credentials_missing": "",
-        "pushover_key": "",
-        "pushover_token": "",
-        "quota_not_0_not_numeric": "",
-        "recipient_map_entry_exists": "",
-        "redis_error": "",
-        "relayhost_invalid": "",
-        "release_send_failed": "",
-        "reset_f2b_regex": "",
-        "resource_invalid": "",
-        "rl_timeframe": "",
-        "rspamd_ui_pw_length": "",
-        "script_empty": "",
-        "sender_acl_invalid": "",
-        "set_acl_failed": "",
-        "settings_map_invalid": "",
-        "sieve_error": "",
-        "spam_learn_error": "",
-        "subject_empty": "",
-        "target_domain_invalid": "",
-        "targetd_not_found": "",
-        "targetd_relay_domain": "",
-        "template_exists": "",
-        "template_id_invalid": "",
-        "template_name_invalid": "",
-        "temp_error": "",
-        "text_empty": "",
-        "tfa_token_invalid": "",
-        "tls_policy_map_dest_invalid": "",
-        "tls_policy_map_entry_exists": "",
-        "tls_policy_map_parameter_invalid": "",
-        "totp_verification_failed": "",
-        "transport_dest_exists": "",
-        "webauthn_verification_failed": "",
-        "webauthn_authenticator_failed": "",
-        "webauthn_publickey_failed": "",
-        "webauthn_username_failed": "",
-        "unknown": "",
-        "unknown_tfa_method": "",
-        "unlimited_quota_acl": "",
-        "username_invalid": "",
-        "validity_missing": "",
-        "value_missing": "",
-        "yotp_verification_failed": ""
+        "invalid_filter_type": "Netinkamas filtro tipas"
     },
     "edit": {
         "validate_save": "Patikrinti ir išsaugoti",
         "unchanged_if_empty": "Jei nepakeista, palikite tuščią",
-        "username": "Naudotojo vardas",
-        "kind": "",
-        "nexthop": "",
-        "ratelimit": "",
-        "remove": "",
-        "acl": "",
-        "active": "",
-        "admin": "",
-        "advanced_settings": "",
-        "alias": "",
-        "allow_from_smtp": "",
-        "allow_from_smtp_info": "",
-        "allowed_protocols": "",
-        "app_name": "",
-        "app_passwd": "",
-        "app_passwd_protocols": "",
-        "automap": "",
-        "backup_mx_options": "",
-        "bcc_dest_format": "",
-        "client_id": "",
-        "client_secret": "",
-        "comment_info": "",
-        "created_on": "",
-        "custom_attributes": "",
-        "delete1": "",
-        "delete2": "",
-        "delete2duplicates": "",
-        "delete_ays": "",
-        "description": "",
-        "disable_login": "",
-        "domain": "",
-        "domain_admin": "",
-        "domain_footer": "",
-        "domain_footer_html": "",
-        "domain_footer_info": "",
-        "domain_footer_info_vars": {
-            "auth_user": "",
-            "from_user": "",
-            "from_name": "",
-            "from_addr": "",
-            "from_domain": "",
-            "custom": ""
-        },
-        "domain_footer_plain": "",
-        "domain_footer_skip_replies": "",
-        "domain_quota": "",
-        "domains": "",
-        "dont_check_sender_acl": "",
-        "edit_alias_domain": "",
-        "encryption": "",
-        "exclude": "",
-        "extended_sender_acl": "",
-        "extended_sender_acl_info": "",
-        "force_pw_update": "",
-        "force_pw_update_info": "",
-        "footer_exclude": "",
-        "full_name": "",
-        "gal": "",
-        "gal_info": "",
-        "generate": "",
-        "grant_types": "",
-        "hostname": "",
-        "inactive": "",
-        "last_modified": "",
-        "lookup_mx": "",
-        "mailbox": "",
-        "mailbox_quota_def": "",
-        "mailbox_relayhost_info": "",
-        "max_aliases": "",
-        "max_mailboxes": "",
-        "max_quota": "",
-        "maxage": "",
-        "maxbytespersecond": "",
-        "mbox_rl_info": "",
-        "mins_interval": "",
-        "multiple_bookings": "",
-        "none_inherit": "",
-        "password": "",
-        "password_repeat": "",
-        "previous": "",
-        "private_comment": "",
-        "public_comment": "",
-        "pushover": "",
-        "pushover_evaluate_x_prio": "",
-        "pushover_info": "",
-        "pushover_only_x_prio": "",
-        "pushover_sender_array": "",
-        "pushover_sender_regex": "",
-        "pushover_text": "",
-        "pushover_title": "",
-        "pushover_sound": "",
-        "pushover_vars": "",
-        "pushover_verify": "",
-        "quota_mb": "",
-        "quota_warning_bcc": "",
-        "quota_warning_bcc_info": "",
-        "redirect_uri": "",
-        "relay_all": "",
-        "relay_all_info": "",
-        "relay_domain": "",
-        "relay_transport_info": "",
-        "relay_unknown_only": "",
-        "relayhost": "",
-        "resource": "",
-        "save": "",
-        "scope": "",
-        "sender_acl": "",
-        "sender_acl_disabled": "",
-        "sender_acl_info": "",
-        "sieve_desc": "",
-        "sieve_type": "",
-        "skipcrossduplicates": "",
-        "sogo_access": "",
-        "sogo_access_info": "",
-        "sogo_visible": "",
-        "sogo_visible_info": "",
-        "spam_alias": "",
-        "spam_filter": "",
-        "spam_policy": "",
-        "spam_score": "",
-        "subfolder2": "",
-        "syncjob": "",
-        "target_address": "",
-        "target_domain": "",
-        "timeout1": "",
-        "timeout2": "",
-        "title": ""
+        "username": "Naudotojo vardas"
     },
     "fido2": {
         "confirm": "Patvirtinti",
@@ -668,8 +254,7 @@
         "other_logins": "Prisijungimas raktu",
         "password": "Slaptažodis",
         "username": "Naudotojo vardas",
-        "mobileconfig_info": "Prašome prisijungti kaip pašto dėžutės vartotojui, kad galėtumėte atsisiųsti pageidaujamą „Apple“ ryšio profilį.",
-        "delayed": ""
+        "mobileconfig_info": "Prašome prisijungti kaip pašto dėžutės vartotojui, kad galėtumėte atsisiųsti pageidaujamą „Apple“ ryšio profilį."
     },
     "mailbox": {
         "action": "Veiksmas",
@@ -748,156 +333,14 @@
         "max_mailboxes": "Maks. galimų pašto dėžučių",
         "max_quota": "Maks. kvota kiekvienai pašto dėžutei",
         "mins_interval": "Intervalas (min)",
-        "msg_num": "Žinutė #",
-        "bcc_info": "",
-        "bcc_rcpt_map": "",
-        "bcc_sender_map": "",
-        "bcc_to_rcpt": "",
-        "bcc_to_sender": "",
-        "created_on": "",
-        "dkim_domains_selector": "",
-        "empty": "",
-        "excludes": "",
-        "filter_table": "",
-        "force_pw_update": "",
-        "insert_preset": "",
-        "kind": "",
-        "last_mail_login": "",
-        "last_modified": "",
-        "last_pw_change": "",
-        "last_run": "",
-        "no_record_single": "",
-        "open_logs": "",
-        "status": "",
-        "yes": "",
-        "multiple_bookings": "",
-        "never": "",
-        "no": "",
-        "no_record": "",
-        "owner": "",
-        "private_comment": "",
-        "public_comment": "",
-        "q_add_header": "",
-        "q_all": "",
-        "q_reject": "",
-        "quarantine_category": "",
-        "quarantine_notification": "",
-        "quick_actions": "",
-        "recipient": "",
-        "recipient_map": "",
-        "recipient_map_info": "",
-        "recipient_map_new": "",
-        "recipient_map_new_info": "",
-        "recipient_map_old": "",
-        "recipient_map_old_info": "",
-        "recipient_maps": "",
-        "relay_all": "",
-        "relay_unknown": "",
-        "remove": "",
-        "resources": "",
-        "running": "",
-        "sender": "",
-        "set_postfilter": "",
-        "set_prefilter": "",
-        "sieve_info": "",
-        "sieve_preset_1": "",
-        "sieve_preset_2": "",
-        "sieve_preset_3": "",
-        "sieve_preset_4": "",
-        "sieve_preset_5": "",
-        "sieve_preset_6": "",
-        "sieve_preset_7": "",
-        "sieve_preset_8": "",
-        "sieve_preset_header": "",
-        "sogo_visible": "",
-        "sogo_visible_n": "",
-        "sogo_visible_y": "",
-        "spam_aliases": "",
-        "stats": "",
-        "sync_jobs": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "table_size": "",
-        "table_size_show_n": "",
-        "target_address": "",
-        "target_domain": "",
-        "templates": "",
-        "template": "",
-        "tls_enforce_in": "",
-        "tls_enforce_out": "",
-        "tls_map_dest": "",
-        "tls_map_dest_info": "",
-        "tls_map_parameters": "",
-        "tls_map_parameters_info": "",
-        "tls_map_policy": "",
-        "tls_policy_maps": "",
-        "tls_policy_maps_enforced_tls": "",
-        "tls_policy_maps_info": "",
-        "tls_policy_maps_long": "",
-        "toggle_all": "",
-        "username": "",
-        "waiting": "",
-        "weekly": ""
+        "msg_num": "Žinutė #"
     },
     "quarantine": {
         "atts": "Priedaj",
         "check_hash": "Ieškoti failo Hash'o @ VT",
         "confirm": "Patvirtinti",
         "confirm_delete": "Patvirtinti šio elemento trynimą",
-        "danger": "Pavojus",
-        "text_plain_content": "",
-        "action": "",
-        "deliver_inbox": "",
-        "disabled_by_config": "",
-        "download_eml": "",
-        "empty": "",
-        "high_danger": "",
-        "info": "",
-        "junk_folder": "",
-        "learn_spam_delete": "",
-        "low_danger": "",
-        "medium_danger": "",
-        "neutral_danger": "",
-        "notified": "",
-        "qhandler_success": "",
-        "qid": "",
-        "qinfo": "",
-        "qitem": "",
-        "quarantine": "",
-        "quick_actions": "",
-        "quick_delete_link": "",
-        "quick_info_link": "",
-        "quick_release_link": "",
-        "rcpt": "",
-        "received": "",
-        "recipients": "",
-        "refresh": "",
-        "rejected": "",
-        "release": "",
-        "release_body": "",
-        "release_subject": "",
-        "remove": "",
-        "rewrite_subject": "",
-        "rspamd_result": "",
-        "sender": "",
-        "sender_header": "",
-        "settings_info": "",
-        "show_item": "",
-        "spam": "",
-        "spam_score": "",
-        "subj": "",
-        "table_size": "",
-        "table_size_show_n": "",
-        "text_from_html_content": "",
-        "toggle_all": "",
-        "type": ""
+        "danger": "Pavojus"
     },
     "success": {
         "domain_admin_added": "Pridėtas domeno administractorius %s",
@@ -906,404 +349,6 @@
         "domain_removed": "Domenas %s ištrintas",
         "dovecot_restart_success": "„Doveccot“ perkrautas",
         "domain_added": "Pridėtas domenas %s",
-        "domain_admin_modified": "Pakeitimai domeno adminustratoriui %s išsaugoti",
-        "bcc_saved": "",
-        "cors_headers_edited": "",
-        "db_init_complete": "",
-        "delete_filter": "",
-        "delete_filters": "",
-        "recipient_map_entry_deleted": "",
-        "recipient_map_entry_saved": "",
-        "relayhost_added": "",
-        "relayhost_removed": "",
-        "reset_main_logo": "",
-        "acl_saved": "",
-        "admin_added": "",
-        "admin_api_modified": "",
-        "admin_modified": "",
-        "admin_removed": "",
-        "alias_added": "",
-        "alias_domain_removed": "",
-        "alias_modified": "",
-        "alias_removed": "",
-        "aliasd_added": "",
-        "aliasd_modified": "",
-        "app_links": "",
-        "app_passwd_added": "",
-        "app_passwd_removed": "",
-        "bcc_deleted": "",
-        "bcc_edited": "",
-        "deleted_syncjob": "",
-        "deleted_syncjobs": "",
-        "dkim_added": "",
-        "domain_add_dkim_available": "",
-        "dkim_duplicated": "",
-        "dkim_removed": "",
-        "domain_footer_modified": "",
-        "eas_reset": "",
-        "f2b_banlist_refreshed": "",
-        "f2b_modified": "",
-        "forwarding_host_added": "",
-        "forwarding_host_removed": "",
-        "global_filter_written": "",
-        "hash_deleted": "",
-        "ip_check_opt_in_modified": "",
-        "item_deleted": "",
-        "item_released": "",
-        "items_deleted": "",
-        "items_released": "",
-        "learned_ham": "",
-        "license_modified": "",
-        "logged_in_as": "",
-        "mailbox_added": "",
-        "mailbox_modified": "",
-        "mailbox_removed": "",
-        "nginx_reloaded": "",
-        "object_modified": "",
-        "password_policy_saved": "",
-        "pushover_settings_edited": "",
-        "qlearn_spam": "",
-        "queue_command_success": "",
-        "resource_added": "",
-        "resource_modified": "",
-        "resource_removed": "",
-        "rl_saved": "",
-        "rspamd_ui_pw_set": "",
-        "saved_settings": "",
-        "settings_map_added": "",
-        "settings_map_removed": "",
-        "sogo_profile_reset": "",
-        "template_added": "",
-        "template_modified": "",
-        "template_removed": "",
-        "tls_policy_map_entry_deleted": "",
-        "tls_policy_map_entry_saved": "",
-        "ui_texts": "",
-        "upload_success": "",
-        "verified_fido2_login": "",
-        "verified_totp_login": "",
-        "verified_webauthn_login": "",
-        "verified_yotp_login": ""
-    },
-    "oauth2": {
-        "access_denied": "",
-        "authorize_app": "",
-        "deny": "",
-        "permit": "",
-        "profile": "",
-        "profile_desc": "",
-        "scope_ask_permission": ""
-    },
-    "ratelimit": {
-        "minute": "",
-        "disabled": "",
-        "second": "",
-        "hour": "",
-        "day": ""
-    },
-    "user": {
-        "user_settings": "",
-        "action": "",
-        "active": "",
-        "active_sieve": "",
-        "advanced_settings": "",
-        "alias": "",
-        "alias_create_random": "",
-        "alias_extend_all": "",
-        "alias_full_date": "",
-        "alias_remove_all": "",
-        "alias_select_validity": "",
-        "alias_time_left": "",
-        "alias_valid_until": "",
-        "aliases_also_send_as": "",
-        "aliases_send_as_all": "",
-        "app_hint": "",
-        "allowed_protocols": "",
-        "app_name": "",
-        "app_passwds": "",
-        "apple_connection_profile": "",
-        "apple_connection_profile_complete": "",
-        "apple_connection_profile_mailonly": "",
-        "apple_connection_profile_with_app_password": "",
-        "attribute": "",
-        "change_password": "",
-        "change_password_hint_app_passwords": "",
-        "clear_recent_successful_connections": "",
-        "client_configuration": "",
-        "create_app_passwd": "",
-        "create_syncjob": "",
-        "created_on": "",
-        "daily": "",
-        "day": "",
-        "delete_ays": "",
-        "direct_aliases": "",
-        "direct_aliases_desc": "",
-        "direct_protocol_access": "",
-        "eas_reset": "",
-        "eas_reset_help": "",
-        "eas_reset_now": "",
-        "edit": "",
-        "email": "",
-        "email_and_dav": "",
-        "empty": "",
-        "encryption": "",
-        "excludes": "",
-        "expire_in": "",
-        "fido2_webauthn": "",
-        "force_pw_update": "",
-        "from": "",
-        "generate": "",
-        "hour": "",
-        "hourly": "",
-        "hours": "",
-        "in_use": "",
-        "interval": "",
-        "is_catch_all": "",
-        "last_mail_login": "",
-        "last_pw_change": "",
-        "last_run": "",
-        "last_ui_login": "",
-        "loading": "",
-        "login_history": "",
-        "mailbox": "",
-        "mailbox_details": "",
-        "mailbox_general": "",
-        "mailbox_settings": "",
-        "messages": "",
-        "month": "",
-        "months": "",
-        "never": "",
-        "new_password": "",
-        "new_password_repeat": "",
-        "no_active_filter": "",
-        "no_last_login": "",
-        "no_record": "",
-        "open_logs": "",
-        "open_webmail_sso": "",
-        "password": "",
-        "password_now": "",
-        "password_repeat": "",
-        "pushover_evaluate_x_prio": "",
-        "pushover_info": "",
-        "pushover_only_x_prio": "",
-        "pushover_sender_array": "",
-        "pushover_sender_regex": "",
-        "pushover_text": "",
-        "pushover_title": "",
-        "pushover_sound": "",
-        "pushover_vars": "",
-        "pushover_verify": "",
-        "q_add_header": "",
-        "q_all": "",
-        "q_reject": "",
-        "quarantine_category": "",
-        "quarantine_category_info": "",
-        "quarantine_notification": "",
-        "quarantine_notification_info": "",
-        "recent_successful_connections": "",
-        "remove": "",
-        "running": "",
-        "save": "",
-        "save_changes": "",
-        "sender_acl_disabled": "",
-        "shared_aliases": "",
-        "shared_aliases_desc": "",
-        "show_sieve_filters": "",
-        "sogo_profile_reset": "",
-        "sogo_profile_reset_help": "",
-        "sogo_profile_reset_now": "",
-        "spam_aliases": "",
-        "spam_score_reset": "",
-        "spamfilter": "",
-        "spamfilter_behavior": "",
-        "spamfilter_bl": "",
-        "spamfilter_bl_desc": "",
-        "spamfilter_default_score": "",
-        "spamfilter_green": "",
-        "spamfilter_hint": "",
-        "spamfilter_red": "",
-        "spamfilter_table_action": "",
-        "spamfilter_table_add": "",
-        "spamfilter_table_domain_policy": "",
-        "spamfilter_table_empty": "",
-        "spamfilter_table_remove": "",
-        "spamfilter_table_rule": "",
-        "spamfilter_wl": "",
-        "spamfilter_wl_desc": "",
-        "spamfilter_yellow": "",
-        "status": "",
-        "sync_jobs": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "tag_handling": "",
-        "tag_help_example": "",
-        "tag_help_explain": "",
-        "tag_in_none": "",
-        "tag_in_subfolder": "",
-        "tag_in_subject": "",
-        "text": "",
-        "title": "",
-        "tls_enforce_in": "",
-        "tls_enforce_out": "",
-        "tls_policy": "",
-        "tls_policy_warning": "",
-        "username": "",
-        "value": "",
-        "verify": "",
-        "waiting": "",
-        "week": "",
-        "weekly": "",
-        "weeks": "",
-        "with_app_password": "",
-        "year": "",
-        "years": ""
-    },
-    "datatables": {
-        "collapse_all": "",
-        "decimal": "",
-        "emptyTable": "",
-        "expand_all": "",
-        "info": "",
-        "infoEmpty": "",
-        "infoFiltered": "",
-        "infoPostFix": "",
-        "thousands": "",
-        "lengthMenu": "",
-        "loadingRecords": "",
-        "processing": "",
-        "search": "",
-        "zeroRecords": "",
-        "paginate": {
-            "first": "",
-            "last": "",
-            "next": "",
-            "previous": ""
-        },
-        "aria": {
-            "sortAscending": "",
-            "sortDescending": ""
-        }
-    },
-    "debug": {
-        "architecture": "",
-        "chart_this_server": "",
-        "containers_info": "",
-        "container_running": "",
-        "container_disabled": "",
-        "container_stopped": "",
-        "cores": "",
-        "current_time": "",
-        "disk_usage": "",
-        "docs": "",
-        "error_show_ip": "",
-        "external_logs": "",
-        "history_all_servers": "",
-        "in_memory_logs": "",
-        "jvm_memory_solr": "",
-        "last_modified": "",
-        "log_info": "",
-        "login_time": "",
-        "logs": "",
-        "memory": "",
-        "online_users": "",
-        "restart_container": "",
-        "service": "",
-        "show_ip": "",
-        "size": "",
-        "solr_dead": "",
-        "solr_status": "",
-        "started_at": "",
-        "started_on": "",
-        "static_logs": "",
-        "success": "",
-        "system_containers": "",
-        "timezone": "",
-        "uptime": "",
-        "update_available": "",
-        "no_update_available": "",
-        "update_failed": "",
-        "username": "",
-        "wip": ""
-    },
-    "diagnostics": {
-        "cname_from_a": "",
-        "dns_records": "",
-        "dns_records_24hours": "",
-        "dns_records_data": "",
-        "dns_records_docs": "",
-        "dns_records_name": "",
-        "dns_records_status": "",
-        "dns_records_type": "",
-        "optional": ""
-    },
-    "queue": {
-        "delete": "",
-        "flush": "",
-        "info": "",
-        "legend": "",
-        "ays": "",
-        "deliver_mail": "",
-        "deliver_mail_legend": "",
-        "hold_mail": "",
-        "hold_mail_legend": "",
-        "queue_manager": "",
-        "show_message": "",
-        "unban": "",
-        "unhold_mail": "",
-        "unhold_mail_legend": ""
-    },
-    "start": {
-        "help": "",
-        "imap_smtp_server_auth_info": "",
-        "mailcow_apps_detail": "",
-        "mailcow_panel_detail": ""
-    },
-    "tfa": {
-        "authenticators": "",
-        "api_register": "",
-        "confirm": "",
-        "confirm_totp_token": "",
-        "delete_tfa": "",
-        "disable_tfa": "",
-        "enter_qr_code": "",
-        "error_code": "",
-        "init_webauthn": "",
-        "key_id": "",
-        "key_id_totp": "",
-        "none": "",
-        "reload_retry": "",
-        "scan_qr_code": "",
-        "select": "",
-        "set_tfa": "",
-        "start_webauthn_validation": "",
-        "tfa": "",
-        "tfa_token_invalid": "",
-        "totp": "",
-        "u2f_deprecated": "",
-        "u2f_deprecated_important": "",
-        "webauthn": "",
-        "waiting_usb_auth": "",
-        "waiting_usb_register": "",
-        "yubi_otp": ""
-    },
-    "warning": {
-        "cannot_delete_self": "",
-        "domain_added_sogo_failed": "",
-        "dovecot_restart_failed": "",
-        "fuzzy_learn_error": "",
-        "hash_not_found": "",
-        "ip_invalid": "",
-        "is_not_primary_alias": "",
-        "no_active_admin": "",
-        "quota_exceeded_scope": "",
-        "session_token": "",
-        "session_ua": ""
+        "domain_admin_modified": "Pakeitimai domeno adminustratoriui %s išsaugoti"
     }
 }
diff --git a/data/web/lang/lang.lv-lv.json b/data/web/lang/lang.lv-lv.json
index 63d0f1981..5f486d909 100644
--- a/data/web/lang/lang.lv-lv.json
+++ b/data/web/lang/lang.lv-lv.json
@@ -16,19 +16,7 @@
         "login_as": "Pieteikšanās kā pastkastes lietotājam",
         "mailbox_relayhost": "Pasta kastītes relayhost maiņa",
         "prohibited": "Aizliegts ar ACL",
-        "protocol_access": "Protokola piekļuves maiņa",
-        "ratelimit": "",
-        "tls_policy": "",
-        "pushover": "",
-        "quarantine": "",
-        "quarantine_attachments": "",
-        "quarantine_category": "",
-        "quarantine_notification": "",
-        "smtp_ip_access": "",
-        "sogo_access": "",
-        "sogo_profile_reset": "",
-        "spam_policy": "",
-        "unlimited_quota": ""
+        "protocol_access": "Protokola piekļuves maiņa"
     },
     "add": {
         "activate_filter_warn": "Visi pārējie filtri tiks deaktivizēti, kad aktīvs ir atzīmēts.",
@@ -81,34 +69,7 @@
         "username": "Lietotājvārds",
         "validate": "Apstiprināt",
         "validation_success": "Apstiprināts veiksmīgi",
-        "bcc_dest_format": "BCC galamērķim ir jābūt vienai derīgai e-pasta adresei.<br>Ja ir nepieciešams nosūtīt kopiju vairākām adresēm, jāizveido aizstājvārds un jāizmanto tas šeit.",
-        "dry": "",
-        "timeout1": "",
-        "goto_spam": "",
-        "timeout2": "",
-        "gal": "",
-        "gal_info": "",
-        "generate": "",
-        "goto_ham": "",
-        "inactive": "",
-        "mailbox_quota_def": "",
-        "nexthop": "",
-        "private_comment": "",
-        "public_comment": "",
-        "relay_unknown_only": "",
-        "relayhost_wrapped_tls_info": "",
-        "subscribeall": "",
-        "tags": "",
-        "custom_params": "",
-        "custom_params_hint": "",
-        "destination": "",
-        "disable_login": "",
-        "domain_matches_hostname": "",
-        "relay_transport_info": "",
-        "app_name": "",
-        "app_password": "",
-        "app_passwd_protocols": "",
-        "comment_info": ""
+        "bcc_dest_format": "BCC galamērķim ir jābūt vienai derīgai e-pasta adresei.<br>Ja ir nepieciešams nosūtīt kopiju vairākām adresēm, jāizveido aizstājvārds un jāizmanto tas šeit."
     },
     "admin": {
         "access": "Pieeja",
@@ -204,154 +165,7 @@
         "f2b_regex_info": "Vērā ņemtie žurnāli: SOGO, Postfix, Dovecot, PHP-FPM.",
         "sys_mails": "Sistēmas pasts",
         "ip_check_disabled": "IP pārbaude ir atspējota. To var iespējot<br><strong>Sistēma > Konfigurācija > iespējas > Pielāgot</strong>",
-        "rspamd_com_settings": "Iestatījuma nosaukums tiks izveidots automātiski. Lūgums zemāk skatīt priekšiestatījumu piemērus. Vairāk informācijas ir <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd dokumentācijā</a>",
-        "lookup_mx": "",
-        "f2b_filter": "",
-        "logo_normal_label": "",
-        "logo_dark_label": "",
-        "f2b_list_info": "",
-        "f2b_max_ban_time": "",
-        "password_policy_numbers": "",
-        "guid": "",
-        "guid_and_license": "",
-        "is_mx_based": "",
-        "oauth2_info": "",
-        "oauth2_revoke_tokens": "",
-        "optional": "",
-        "password_policy_lowerupper": "",
-        "password_policy_special_chars": "",
-        "quarantine_bcc": "",
-        "rspamd_global_filters_agree": "",
-        "rspamd_settings_map": "",
-        "transport_maps": "",
-        "f2b_ban_time_increment": "",
-        "from": "",
-        "copy_to_clipboard": "",
-        "dkim_to_title": "",
-        "duplicate": "",
-        "duplicate_dkim": "",
-        "excludes": "",
-        "f2b_blacklist": "",
-        "f2b_manage_external": "",
-        "f2b_manage_external_info": "",
-        "options": "",
-        "password_length": "",
-        "password_policy": "",
-        "password_policy_chars": "",
-        "password_policy_length": "",
-        "routing": "",
-        "rsetting_add_rule": "",
-        "rsetting_content": "",
-        "rsetting_no_selection": "",
-        "rspamd_global_filters": "",
-        "rsetting_none": "",
-        "rsettings_insert_preset": "",
-        "rsettings_preset_1": "",
-        "rsettings_preset_3": "",
-        "rsettings_preset_4": "",
-        "rspamd_global_filters_info": "",
-        "rspamd_global_filters_regex": "",
-        "sal_level": "",
-        "send": "",
-        "service": "",
-        "service_id": "",
-        "success": "",
-        "text": "",
-        "time": "",
-        "title": "",
-        "transport_dest_format": "",
-        "transport_test_rcpt_info": "",
-        "transports_hint": "",
-        "ui_header_announcement": "",
-        "ui_header_announcement_active": "",
-        "ui_header_announcement_content": "",
-        "validate_license_now": "",
-        "ui_header_announcement_help": "",
-        "ui_header_announcement_select": "",
-        "ui_header_announcement_type": "",
-        "ui_header_announcement_type_danger": "",
-        "ui_header_announcement_type_info": "",
-        "ui_header_announcement_type_warning": "",
-        "unban_pending": "",
-        "yes": "",
-        "cors_settings": "",
-        "credentials_transport_warning": "",
-        "destination": "",
-        "allowed_methods": "",
-        "allowed_origins": "",
-        "api_read_write": "",
-        "api_skip_ip_check": "",
-        "arrival_time": "",
-        "authed_user": "",
-        "ays": "",
-        "convert_html_to_text": "",
-        "html": "",
-        "dkim_domains_selector": "",
-        "dkim_domains_wo_keys": "",
-        "dkim_from": "",
-        "dkim_from_title": "",
-        "rsettings_preset_2": "",
-        "activate_send": "",
-        "active_rspamd_settings_map": "",
-        "login_time": "",
-        "customer_id": "",
-        "quota_notification_html": "",
-        "quota_notification_sender": "",
-        "hash_remove_info": "",
-        "include_exclude": "",
-        "include_exclude_info": "",
-        "message_size": "",
-        "no": "",
-        "no_active_bans": "",
-        "oauth2_apps": "",
-        "oauth2_add_client": "",
-        "oauth2_client_id": "",
-        "oauth2_client_secret": "",
-        "oauth2_redirect_uri": "",
-        "oauth2_renew_secret": "",
-        "dkim_overwrite_key": "",
-        "dkim_to": "",
-        "includes": "",
-        "ip_check": "",
-        "ip_check_opt_in": "",
-        "nexthop": "",
-        "quarantine_max_age": "",
-        "quarantine_max_score": "",
-        "quarantine_notification_html": "",
-        "quarantine_notification_sender": "",
-        "quarantine_notification_subject": "",
-        "quarantine_redirect": "",
-        "quota_notification_subject": "",
-        "quota_notifications": "",
-        "queue_unban": "",
-        "add_settings_rule": "",
-        "add_transport": "",
-        "add_transports_hint": "",
-        "additional_rows": "",
-        "admins": "",
-        "admins_ldap": "",
-        "advanced_settings": "",
-        "api_info": "",
-        "api_read_only": "",
-        "license_info": "",
-        "priority": "",
-        "quarantine_release_format": "",
-        "quarantine_release_format_att": "",
-        "quarantine_release_format_raw": "",
-        "quota_notifications_info": "",
-        "quota_notifications_vars": "",
-        "rate_name": "",
-        "regex_maps": "",
-        "relay_rcpt": "",
-        "relayhosts": "",
-        "reset_limit": "",
-        "ui_footer": "",
-        "verify": "",
-        "add_admin": "",
-        "ban_list_info": "",
-        "domain_admin": "",
-        "add_relayhost_hint": "",
-        "domain_s": ""
+        "rspamd_com_settings": "Iestatījuma nosaukums tiks izveidots automātiski. Lūgums zemāk skatīt priekšiestatījumu piemērus. Vairāk informācijas ir <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd dokumentācijā</a>"
     },
     "danger": {
         "access_denied": "Piekļuve liegta, vai nepareizi dati",
@@ -402,87 +216,7 @@
         "target_domain_invalid": "Goto domēns ir nepareizs",
         "targetd_not_found": "Mērķa domēns nav atrasts",
         "username_invalid": "Lietotājvārds nevar tikt izmantots",
-        "validity_missing": "Lūdzu piešķiriet derīguma termiņu",
-        "webauthn_authenticator_failed": "",
-        "app_name_empty": "",
-        "app_passwd_id_invalid": "",
-        "bcc_empty": "",
-        "bcc_must_be_email": "",
-        "domain_cannot_match_hostname": "",
-        "extended_sender_acl_denied": "",
-        "bcc_exists": "",
-        "cors_invalid_origin": "",
-        "demo_mode_enabled": "",
-        "invalid_bcc_map_type": "",
-        "extra_acl_invalid": "",
-        "extra_acl_invalid_domain": "",
-        "img_dimensions_exceeded": "",
-        "img_size_exceeded": "",
-        "mailbox_defquota_exceeds_mailbox_maxquota": "",
-        "map_content_empty": "",
-        "mysql_error": "",
-        "next_hop_interferes_any": "",
-        "nginx_reload_failed": "",
-        "no_user_defined": "",
-        "private_key_error": "",
-        "webauthn_publickey_failed": "",
-        "webauthn_username_failed": "",
-        "comment_too_long": "",
-        "cors_invalid_method": "",
-        "network_host_invalid": "",
-        "next_hop_interferes": "",
-        "pushover_credentials_missing": "",
-        "invalid_destination": "",
-        "invalid_filter_type": "",
-        "invalid_host": "",
-        "invalid_nexthop": "",
-        "invalid_nexthop_authenticated": "",
-        "invalid_recipient_map_new": "",
-        "invalid_recipient_map_old": "",
-        "ip_list_empty": "",
-        "fido2_verification_failed": "",
-        "malformed_username": "",
-        "file_open_error": "",
-        "from_invalid": "",
-        "global_filter_write_error": "",
-        "global_map_invalid": "",
-        "global_map_write_error": "",
-        "ham_learn_error": "",
-        "pushover_key": "",
-        "pushover_token": "",
-        "recipient_map_entry_exists": "",
-        "redis_error": "",
-        "relayhost_invalid": "",
-        "reset_f2b_regex": "",
-        "rl_timeframe": "",
-        "rspamd_ui_pw_length": "",
-        "script_empty": "",
-        "set_acl_failed": "",
-        "settings_map_invalid": "",
-        "sieve_error": "",
-        "spam_learn_error": "",
-        "subject_empty": "",
-        "targetd_relay_domain": "",
-        "template_exists": "",
-        "template_id_invalid": "",
-        "template_name_invalid": "",
-        "temp_error": "",
-        "text_empty": "",
-        "tfa_token_invalid": "",
-        "tls_policy_map_dest_invalid": "",
-        "tls_policy_map_entry_exists": "",
-        "tls_policy_map_parameter_invalid": "",
-        "totp_verification_failed": "",
-        "transport_dest_exists": "",
-        "unknown": "",
-        "unknown_tfa_method": "",
-        "unlimited_quota_acl": "",
-        "value_missing": "",
-        "yotp_verification_failed": "",
-        "webauthn_verification_failed": "",
-        "defquota_empty": "",
-        "dkim_domain_or_sel_exists": "",
-        "filter_type": ""
+        "validity_missing": "Lūdzu piešķiriet derīguma termiņu"
     },
     "diagnostics": {
         "cname_from_a": "Vērtība, kas iegūta no A/AAAA ieraksta. Tas tiek atbalstīts tik ilgi, kamēr ieraksts norāda uz pareizo resursu.",
@@ -492,8 +226,7 @@
         "dns_records_name": "Nosaukums",
         "dns_records_status": "Pašreizējais stāvoklis",
         "dns_records_type": "Tips",
-        "optional": "Šis ieraksts nav obligāts.",
-        "dns_records_docs": ""
+        "optional": "Šis ieraksts nav obligāts."
     },
     "edit": {
         "active": "Aktīvs",
@@ -559,72 +292,7 @@
         "mailbox_relayhost_info": "Tiek piemērots tikai pastkastei un tiešajiem aizstājvārdiem, aizstāj domēna retranslācijas saimniekdatoru.",
         "sender_acl_info": "Ja pastkastes lietotājam A ir ļauts sūtīt kā pastkastes lietotājam B, sūtītāja adrese SOGo netiek automātiski parādīta kā atlasāms lauks \"no\".<br>.\n  Pastkastes lietotājam B SOGo ir jāizveido pilnvarojums, lai pastkastes lietotājs A varētu izvēlēties tā adresi kā sūtītāja. Lai SOGo pilnvarotu pastkasti, pasta skatā jāizmanto izvēlne (trīs punkti) pa labi no pastkastes nosaukuma augšējā kreisajā pusē. Šī darbība neattiecas uz aizstājadresēm.",
         "sogo_visible": "Aizstājvārds ir redzams SOGo",
-        "sogo_visible_info": "Šī iespēja ietekmē tikai tos objektus, kurus var parādīt SOGo (koplietojamās vai nekoplietojamās aizstājadreses, kas norāda uz vismaz vienu vietējo pastkasti). Ja paslēpts, netiks parādīts SOGo kā atlasāms sūtītājs.",
-        "lookup_mx": "",
-        "footer_exclude": "",
-        "gal_info": "",
-        "scope": "",
-        "custom_attributes": "",
-        "sogo_access": "",
-        "domain_footer_info_vars": {
-            "custom": "",
-            "auth_user": "",
-            "from_user": "",
-            "from_name": "",
-            "from_addr": "",
-            "from_domain": ""
-        },
-        "acl": "",
-        "pushover_text": "",
-        "admin": "",
-        "advanced_settings": "",
-        "allow_from_smtp": "",
-        "allow_from_smtp_info": "",
-        "spam_filter": "",
-        "app_passwd": "",
-        "gal": "",
-        "private_comment": "",
-        "public_comment": "",
-        "pushover_evaluate_x_prio": "",
-        "pushover_only_x_prio": "",
-        "pushover_sender_array": "",
-        "pushover_sender_regex": "",
-        "pushover_title": "",
-        "pushover_verify": "",
-        "quota_warning_bcc": "",
-        "relay_transport_info": "",
-        "generate": "",
-        "grant_types": "",
-        "mailbox_quota_def": "",
-        "client_id": "",
-        "domain_footer": "",
-        "domain_footer_html": "",
-        "domain_footer_info": "",
-        "relayhost": "",
-        "sender_acl_disabled": "",
-        "sogo_access_info": "",
-        "timeout1": "",
-        "allowed_protocols": "",
-        "app_name": "",
-        "app_passwd_protocols": "",
-        "disable_login": "",
-        "domain_footer_plain": "",
-        "extended_sender_acl": "",
-        "pushover_vars": "",
-        "quota_warning_bcc_info": "",
-        "redirect_uri": "",
-        "relay_unknown_only": "",
-        "client_secret": "",
-        "comment_info": "",
-        "created_on": "",
-        "mbox_rl_info": "",
-        "none_inherit": "",
-        "nexthop": "",
-        "ratelimit": "",
-        "timeout2": "",
-        "pushover": "",
-        "delete_ays": "",
-        "pushover_sound": ""
+        "sogo_visible_info": "Šī iespēja ietekmē tikai tos objektus, kurus var parādīt SOGo (koplietojamās vai nekoplietojamās aizstājadreses, kas norāda uz vismaz vienu vietējo pastkasti). Ja paslēpts, netiks parādīts SOGo kā atlasāms sūtītājs."
     },
     "footer": {
         "cancel": "Atcelt",
@@ -634,12 +302,7 @@
         "loading": "Lūdzu uzgaidiet...",
         "restart_container": "Restartēt konteineri",
         "restart_container_info": "<b>Important:</b> Piespiedu restartēšana var aizņemt ilgu laiku, lūdzu uzgaidiet.",
-        "restart_now": "Pārsāknēt tagad",
-        "restarting_container": "",
-        "nothing_selected": "",
-        "hibp_check": "",
-        "hibp_nok": "",
-        "hibp_ok": ""
+        "restart_now": "Pārsāknēt tagad"
     },
     "header": {
         "administration": "Konfigurācija un informācija",
@@ -649,23 +312,16 @@
         "quarantine": "Karantīna",
         "restart_sogo": "Restartēt SOGo",
         "user_settings": "Lietotāja uzstādījumi",
-        "mailcow_system": "Sistēma",
-        "restart_netfilter": "",
-        "apps": ""
+        "mailcow_system": "Sistēma"
     },
     "info": {
-        "no_action": "No action applicable",
-        "awaiting_tfa_confirmation": "",
-        "session_expires": ""
+        "no_action": "No action applicable"
     },
     "login": {
         "delayed": "Pieteikšanās tika aizkavēta %s sekundēm.",
         "login": "Pieslēgties",
         "password": "Parole",
-        "username": "Lietotājvārds",
-        "fido2_webauthn": "",
-        "other_logins": "",
-        "mobileconfig_info": ""
+        "username": "Lietotājvārds"
     },
     "mailbox": {
         "action": "Rīcība",
@@ -764,83 +420,7 @@
         "sogo_visible_y": "Rādīt aizstājvārdu SOGo",
         "add_alias_expand": "Izvērst aizstājvārdu pār aizstājdomēniem",
         "alias_domain_alias_hint": "Aizstājvārdi <b>netiek</b> automātiski piemēroti domēnu aizstājvārdiem. Aizstājadrese <code>my-alias@domain</code> <b>nenosedz</b> adresi <code>my-alias@alias-domain</code> (kur \"alias-domain\" ir iedomāts \"domain\" aizstājdomēns).<br>Lūgums izmantot sieta atlasi, lai pārvirzītu pastu uz ārēju pastkasti (skatīt cilti \"Atlasīšana\" vai izmantot SOGo -> Pārsūtītājs). \"Izvērst aizstājvārdu pār aizstājdomēniem\" ir izmantojams, lai automātiski pievienotu trūkstošos aiztājvārdus.",
-        "alias_domain_backupmx": "Aizstājdomēns ir neaktīvs retranslācijas domēnam",
-        "all_domains": "",
-        "booking_custom": "",
-        "booking_ltnull": "",
-        "table_size_show_n": "",
-        "booking_null": "",
-        "booking_custom_short": "",
-        "sieve_preset_5": "",
-        "q_reject": "",
-        "quarantine_category": "",
-        "quarantine_notification": "",
-        "catch_all": "",
-        "booking_lt0_short": "",
-        "gal": "",
-        "insert_preset": "",
-        "last_pw_change": "",
-        "no_record": "",
-        "private_comment": "",
-        "public_comment": "",
-        "sieve_preset_6": "",
-        "sieve_preset_7": "",
-        "stats": "",
-        "allow_from_smtp": "",
-        "allow_from_smtp_info": "",
-        "allowed_protocols": "",
-        "created_on": "",
-        "disable_login": "",
-        "disable_x": "",
-        "dkim_domains_selector": "",
-        "domain_templates": "",
-        "enable_x": "",
-        "goto_ham": "",
-        "goto_spam": "",
-        "never": "",
-        "no": "",
-        "q_add_header": "",
-        "q_all": "",
-        "recipient": "",
-        "recipient_map_new_info": "",
-        "recipient_map_old_info": "",
-        "relay_unknown": "",
-        "sender": "",
-        "sieve_preset_1": "",
-        "sieve_preset_3": "",
-        "sieve_preset_4": "",
-        "sieve_preset_header": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "table_size": "",
-        "templates": "",
-        "tls_policy_maps_long": "",
-        "bcc_map": "",
-        "add_domain_record_first": "",
-        "add_template": "",
-        "add_tls_policy_map": "",
-        "mailbox_defaults": "",
-        "mailbox_defaults_info": "",
-        "mailbox_defquota": "",
-        "mailbox_templates": "",
-        "template": "",
-        "tls_map_dest": "",
-        "tls_map_dest_info": "",
-        "tls_map_parameters": "",
-        "tls_map_parameters_info": "",
-        "tls_map_policy": "",
-        "tls_policy_maps": "",
-        "tls_policy_maps_enforced_tls": "",
-        "tls_policy_maps_info": "",
-        "weekly": "",
-        "yes": ""
+        "alias_domain_backupmx": "Aizstājdomēns ir neaktīvs retranslācijas domēnam"
     },
     "quarantine": {
         "action": "Darbības",
@@ -866,50 +446,11 @@
         "toggle_all": "Pārslēgt visu",
         "disabled_by_config": "Pašreizējā sistēmas konfigurācija atspējo karantīnu. Lūgums iestatīt \"saglabāšanu katrai pastkastītei\" un \"lielākais pieļaujamais lielums\" karantīnas vienumiem.",
         "qhandler_success": "Pieprasījums veiksmīgi nosūtīts sistēmai. Tagad var aizvērt logu.",
-        "qinfo": "Karantīnas sistēma datubāzē saglabās noraidīto pastu (sūtītājam <em>netiks</em> radīts iespaids par piegādātu pastu), kā arī pastu, kas tiek piegādāts kā kopija pastkastes mēstuļu mapē.\n  <br>\"Apgūt kā surogātpastu un izdzēst\" apgūs ziņojumu kā surogātpastu ar Bajesa teorēmu un aprēķinās arī nestriktas jaucējvērtības, lai nākotnē noraidītu līdzīgus ziņojumus.\n  <br>Lūgums apzināties, ka vairāku ziņojumu apgūšana var būt laikietilpīga atkarībā no sistēmas.<br>Melnā saraksta vienumi karantīnā netiek iekļauti.",
-        "confirm": "",
-        "confirm_delete": "",
-        "danger": "",
-        "deliver_inbox": "",
-        "download_eml": "",
-        "high_danger": "",
-        "info": "",
-        "junk_folder": "",
-        "learn_spam_delete": "",
-        "low_danger": "",
-        "medium_danger": "",
-        "neutral_danger": "",
-        "notified": "",
-        "table_size": "",
-        "table_size_show_n": "",
-        "quick_delete_link": "",
-        "quick_info_link": "",
-        "quick_release_link": "",
-        "refresh": "",
-        "rejected": "",
-        "rewrite_subject": "",
-        "rspamd_result": "",
-        "sender_header": "",
-        "settings_info": "",
-        "spam": "",
-        "spam_score": "",
-        "type": ""
+        "qinfo": "Karantīnas sistēma datubāzē saglabās noraidīto pastu (sūtītājam <em>netiks</em> radīts iespaids par piegādātu pastu), kā arī pastu, kas tiek piegādāts kā kopija pastkastes mēstuļu mapē.\n  <br>\"Apgūt kā surogātpastu un izdzēst\" apgūs ziņojumu kā surogātpastu ar Bajesa teorēmu un aprēķinās arī nestriktas jaucējvērtības, lai nākotnē noraidītu līdzīgus ziņojumus.\n  <br>Lūgums apzināties, ka vairāku ziņojumu apgūšana var būt laikietilpīga atkarībā no sistēmas.<br>Melnā saraksta vienumi karantīnā netiek iekļauti."
     },
     "queue": {
         "queue_manager": "Queue Manager",
-        "info": "Pasta rinda satur visus e-pastus, kas gaida piegādi. Ja e-pasts ir iestrēdzis pasta rindā ilgu laiku, sistēma to automātiski izdzēš.<br>Attiecīgā pasta kļūdas ziņojums sniedz informāciju par to, kāpēc pastu neizdevās piegādāt.",
-        "delete": "",
-        "flush": "",
-        "legend": "",
-        "ays": "",
-        "deliver_mail": "",
-        "deliver_mail_legend": "",
-        "hold_mail": "",
-        "hold_mail_legend": "",
-        "show_message": "",
-        "unban": "",
-        "unhold_mail": "",
-        "unhold_mail_legend": ""
+        "info": "Pasta rinda satur visus e-pastus, kas gaida piegādi. Ja e-pasts ir iestrēdzis pasta rindā ilgu laiku, sistēma to automātiski izdzēš.<br>Attiecīgā pasta kļūdas ziņojums sniedz informāciju par to, kāpēc pastu neizdevās piegādāt."
     },
     "start": {
         "help": "Rādīt/Paslēp palīdzības paneli",
@@ -952,56 +493,7 @@
         "resource_modified": "Izmaiņas %s ir saglabātas",
         "resource_removed": "Resurs %s tika noņemts",
         "ui_texts": "Saglabāt UI izmaiņas tekstiem",
-        "upload_success": "Faila augšupielāde veiksmīga",
-        "ip_check_opt_in_modified": "",
-        "bcc_saved": "",
-        "f2b_banlist_refreshed": "",
-        "global_filter_written": "",
-        "hash_deleted": "",
-        "saved_settings": "",
-        "dovecot_restart_success": "",
-        "acl_saved": "",
-        "domain_add_dkim_available": "",
-        "dkim_duplicated": "",
-        "cors_headers_edited": "",
-        "db_init_complete": "",
-        "domain_footer_modified": "",
-        "item_released": "",
-        "admin_added": "",
-        "admin_api_modified": "",
-        "admin_removed": "",
-        "app_passwd_added": "",
-        "app_passwd_removed": "",
-        "bcc_deleted": "",
-        "bcc_edited": "",
-        "delete_filter": "",
-        "delete_filters": "",
-        "deleted_syncjob": "",
-        "deleted_syncjobs": "",
-        "learned_ham": "",
-        "license_modified": "",
-        "logged_in_as": "",
-        "nginx_reloaded": "",
-        "password_policy_saved": "",
-        "pushover_settings_edited": "",
-        "qlearn_spam": "",
-        "queue_command_success": "",
-        "recipient_map_entry_deleted": "",
-        "recipient_map_entry_saved": "",
-        "rl_saved": "",
-        "rspamd_ui_pw_set": "",
-        "settings_map_added": "",
-        "settings_map_removed": "",
-        "sogo_profile_reset": "",
-        "template_added": "",
-        "template_modified": "",
-        "template_removed": "",
-        "tls_policy_map_entry_deleted": "",
-        "tls_policy_map_entry_saved": "",
-        "verified_fido2_login": "",
-        "verified_totp_login": "",
-        "verified_webauthn_login": "",
-        "verified_yotp_login": ""
+        "upload_success": "Faila augšupielāde veiksmīga"
     },
     "tfa": {
         "api_register": "%s izmanto Yubico Cloud API. Lūdzu iegūstiet API atslēgu priekš Jūsu atslēgas<a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">here</a>",
@@ -1021,15 +513,7 @@
         "webauthn": "WebAuthn autentifikācija",
         "waiting_usb_auth": "<i>Gaida USB ierīci...</i><br><br>Lūdzu, tagad nospiežiet pogu uz Jūsu WebAuthn USB ierīces.",
         "waiting_usb_register": "<i>Gaida USB ierīci...</i><br><br>Lūdzu augšā ievadiet Jūsu paroli un apstipriniet WebAuthn reģistrāciju nospiežot pogu uz Jūsu WebAuthn USB ierīces.",
-        "yubi_otp": "Yubico OTP autentifikators",
-        "authenticators": "",
-        "reload_retry": "",
-        "error_code": "",
-        "init_webauthn": "",
-        "start_webauthn_validation": "",
-        "tfa_token_invalid": "",
-        "u2f_deprecated": "",
-        "u2f_deprecated_important": ""
+        "yubi_otp": "Yubico OTP autentifikators"
     },
     "user": {
         "action": "Rīcība",
@@ -1115,111 +599,13 @@
         "weeks": "Nedēļas",
         "open_logs": "Atvērt žurnālus",
         "apple_connection_profile_mailonly": "Šis savienojuma profils iekļauj IMAP un SMTP konfigurācijas parametrus Apple ierīcei.",
-        "pushover_info": "Pašpiegādes paziņojumu iestatījumi attieksies uz visu tīro (ne surogātpasta) pastu, kas piegādāts uz <b>%s</b>, ieskaitot aizstājvārdus (kopīgotus, nekopīgotus, ar birkām).",
-        "years": "",
-        "apple_connection_profile_with_app_password": "",
-        "attribute": "",
-        "create_app_passwd": "",
-        "daily": "",
-        "pushover_sender_regex": "",
-        "change_password_hint_app_passwords": "",
-        "clear_recent_successful_connections": "",
-        "created_on": "",
-        "q_add_header": "",
-        "weekly": "",
-        "with_app_password": "",
-        "year": "",
-        "email_and_dav": "",
-        "empty": "",
-        "syncjob_EX_OK": "",
-        "pushover_sound": "",
-        "delete_ays": "",
-        "direct_protocol_access": "",
-        "email": "",
-        "expire_in": "",
-        "fido2_webauthn": "",
-        "generate": "",
-        "hourly": "",
-        "last_mail_login": "",
-        "last_pw_change": "",
-        "last_ui_login": "",
-        "login_history": "",
-        "mailbox": "",
-        "no_last_login": "",
-        "password_repeat": "",
-        "pushover_evaluate_x_prio": "",
-        "pushover_only_x_prio": "",
-        "pushover_sender_array": "",
-        "pushover_text": "",
-        "pushover_title": "",
-        "pushover_vars": "",
-        "pushover_verify": "",
-        "q_all": "",
-        "q_reject": "",
-        "quarantine_category": "",
-        "quarantine_category_info": "",
-        "quarantine_notification": "",
-        "quarantine_notification_info": "",
-        "sender_acl_disabled": "",
-        "sogo_profile_reset": "",
-        "sogo_profile_reset_help": "",
-        "sogo_profile_reset_now": "",
-        "spam_score_reset": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "title": "",
-        "value": "",
-        "verify": "",
-        "from": "",
-        "recent_successful_connections": "",
-        "mailbox_general": "",
-        "text": "",
-        "advanced_settings": "",
-        "app_hint": "",
-        "allowed_protocols": "",
-        "app_name": "",
-        "app_passwds": "",
-        "apple_connection_profile": "",
-        "apple_connection_profile_complete": "",
-        "mailbox_settings": "",
-        "month": "",
-        "months": "",
-        "never": "",
-        "open_webmail_sso": "",
-        "password": "",
-        "save": ""
+        "pushover_info": "Pašpiegādes paziņojumu iestatījumi attieksies uz visu tīro (ne surogātpasta) pastu, kas piegādāts uz <b>%s</b>, ieskaitot aizstājvārdus (kopīgotus, nekopīgotus, ar birkām)."
     },
     "datatables": {
         "paginate": {
             "first": "Pirmā",
-            "last": "Pēdējā",
-            "next": "",
-            "previous": ""
-        },
-        "infoPostFix": "",
-        "decimal": "",
-        "info": "",
-        "infoEmpty": "",
-        "infoFiltered": "",
-        "expand_all": "",
-        "thousands": "",
-        "lengthMenu": "",
-        "loadingRecords": "",
-        "processing": "",
-        "search": "",
-        "aria": {
-            "sortDescending": "",
-            "sortAscending": ""
-        },
-        "collapse_all": "",
-        "emptyTable": "",
-        "zeroRecords": ""
+            "last": "Pēdējā"
+        }
     },
     "debug": {
         "last_modified": "Pēdējoreiz mainīts",
@@ -1229,81 +615,11 @@
         "system_containers": "Sistēma un konteineri",
         "current_time": "Sistēmas laiks",
         "external_logs": "Ārējie žurnāli",
-        "logs": "Žurnāli",
-        "started_on": "",
-        "architecture": "",
-        "docs": "",
-        "timezone": "",
-        "success": "",
-        "uptime": "",
-        "update_available": "",
-        "wip": "",
-        "containers_info": "",
-        "disk_usage": "",
-        "history_all_servers": "",
-        "online_users": "",
-        "restart_container": "",
-        "chart_this_server": "",
-        "log_info": "",
-        "service": "",
-        "size": "",
-        "update_failed": "",
-        "username": "",
-        "container_running": "",
-        "container_disabled": "",
-        "login_time": "",
-        "container_stopped": "",
-        "cores": "",
-        "error_show_ip": "",
-        "jvm_memory_solr": "",
-        "memory": "",
-        "show_ip": "",
-        "solr_dead": "",
-        "solr_status": "",
-        "started_at": ""
+        "logs": "Žurnāli"
     },
     "warning": {
         "domain_added_sogo_failed": "Domēns pievienots, bet neizdevās pārsāknēt SOGO. Lūgums pārbaudīt servera žurnālus.",
         "dovecot_restart_failed": "Dovecot neizdevās pārsāknēties. Lūgums pārbaudīt žurnālus",
-        "is_not_primary_alias": "Izlaists aizstājvārds %s, kas nav galvenais",
-        "cannot_delete_self": "",
-        "fuzzy_learn_error": "",
-        "hash_not_found": "",
-        "ip_invalid": "",
-        "no_active_admin": "",
-        "quota_exceeded_scope": "",
-        "session_token": "",
-        "session_ua": ""
-    },
-    "fido2": {
-        "set_fido2_touchid": "",
-        "set_fn": "",
-        "start_fido2_validation": "",
-        "confirm": "",
-        "fido2_auth": "",
-        "fido2_success": "",
-        "fido2_validation_failed": "",
-        "none": "",
-        "register_status": "",
-        "rename": "",
-        "set_fido2": "",
-        "fn": "",
-        "known_ids": ""
-    },
-    "oauth2": {
-        "access_denied": "",
-        "authorize_app": "",
-        "deny": "",
-        "permit": "",
-        "profile": "",
-        "profile_desc": "",
-        "scope_ask_permission": ""
-    },
-    "ratelimit": {
-        "disabled": "",
-        "second": "",
-        "minute": "",
-        "hour": "",
-        "day": ""
+        "is_not_primary_alias": "Izlaists aizstājvārds %s, kas nav galvenais"
     }
 }
diff --git a/data/web/lang/lang.nb-no.json b/data/web/lang/lang.nb-no.json
index 30867ea0f..830d5b423 100644
--- a/data/web/lang/lang.nb-no.json
+++ b/data/web/lang/lang.nb-no.json
@@ -158,89 +158,7 @@
         "username": "Brukernavn",
         "validate_license_now": "Validér GUID mot lisenstjener",
         "verify": "Validér",
-        "yes": "&#10003;",
-        "from": "",
-        "help_text": "",
-        "no": "",
-        "password_policy_lowerupper": "",
-        "password_policy_numbers": "",
-        "quarantine_max_size": "",
-        "quarantine_release_format": "",
-        "regen_api_key": "",
-        "forwarding_hosts_add_hint": "",
-        "forwarding_hosts_hint": "",
-        "generate": "",
-        "guid": "",
-        "guid_and_license": "",
-        "hash_remove_info": "",
-        "host": "",
-        "html": "",
-        "import": "",
-        "import_private_key": "",
-        "in_use_by": "",
-        "inactive": "",
-        "include_exclude": "",
-        "include_exclude_info": "",
-        "includes": "",
-        "ip_check": "",
-        "ip_check_disabled": "",
-        "ip_check_opt_in": "",
-        "is_mx_based": "",
-        "last_applied": "",
-        "license_info": "",
-        "link": "",
-        "loading": "",
-        "login_time": "",
-        "logo_info": "",
-        "lookup_mx": "",
-        "main_name": "",
-        "merged_vars_hint": "",
-        "message": "",
-        "message_size": "",
-        "nexthop": "",
-        "no_active_bans": "",
-        "no_new_rows": "",
-        "no_record": "",
-        "oauth2_apps": "",
-        "oauth2_add_client": "",
-        "oauth2_client_id": "",
-        "oauth2_client_secret": "",
-        "oauth2_info": "",
-        "oauth2_redirect_uri": "",
-        "oauth2_renew_secret": "",
-        "oauth2_revoke_tokens": "",
-        "optional": "",
-        "options": "",
-        "password": "",
-        "password_length": "",
-        "password_policy": "",
-        "password_policy_chars": "",
-        "password_policy_length": "",
-        "password_policy_special_chars": "",
-        "password_repeat": "",
-        "priority": "",
-        "private_key": "",
-        "quarantine": "",
-        "quarantine_bcc": "",
-        "quarantine_exclude_domains": "",
-        "quarantine_max_age": "",
-        "quarantine_max_score": "",
-        "quarantine_notification_html": "",
-        "quarantine_notification_sender": "",
-        "quarantine_notification_subject": "",
-        "quarantine_redirect": "",
-        "quarantine_release_format_att": "",
-        "quarantine_release_format_raw": "",
-        "quarantine_retention_size": "",
-        "quota_notification_html": "",
-        "quota_notification_sender": "",
-        "quota_notification_subject": "",
-        "quota_notifications": "",
-        "quota_notifications_info": "",
-        "quota_notifications_vars": "",
-        "rate_name": "",
-        "recipients": "",
-        "refresh": ""
+        "yes": "&#10003;"
     },
     "acl": {
         "ratelimit": "Nivågrense",
@@ -403,907 +321,6 @@
         "invalid_mime_type": "Ugyldig mime-type",
         "invalid_nexthop": "\"Next hop\"-format er ugyldig",
         "img_dimensions_exceeded": "Bildet overskriver maksimal bildestørrelse",
-        "img_size_exceeded": "Bildet overskrider maksimal filstørrelse",
-        "mailboxes_in_use": "",
-        "malformed_username": "",
-        "map_content_empty": "",
-        "max_alias_exceeded": "",
-        "max_mailbox_exceeded": "",
-        "max_quota_in_use": "",
-        "maxquota_empty": "",
-        "transport_dest_exists": "",
-        "invalid_nexthop_authenticated": "",
-        "invalid_recipient_map_new": "",
-        "invalid_recipient_map_old": "",
-        "ip_list_empty": "",
-        "is_alias": "",
-        "is_alias_or_mailbox": "",
-        "is_spam_alias": "",
-        "last_key": "",
-        "login_failed": "",
-        "mailbox_defquota_exceeds_mailbox_maxquota": "",
-        "mailbox_invalid": "",
-        "mailbox_quota_exceeded": "",
-        "mailbox_quota_exceeds_domain_quota": "",
-        "mailbox_quota_left_exceeded": "",
-        "mysql_error": "",
-        "network_host_invalid": "",
-        "next_hop_interferes": "",
-        "next_hop_interferes_any": "",
-        "nginx_reload_failed": "",
-        "no_user_defined": "",
-        "object_exists": "",
-        "object_is_not_numeric": "",
-        "password_complexity": "",
-        "password_empty": "",
-        "password_mismatch": "",
-        "policy_list_from_exists": "",
-        "policy_list_from_invalid": "",
-        "private_key_error": "",
-        "pushover_credentials_missing": "",
-        "pushover_key": "",
-        "pushover_token": "",
-        "quota_not_0_not_numeric": "",
-        "recipient_map_entry_exists": "",
-        "redis_error": "",
-        "relayhost_invalid": "",
-        "release_send_failed": "",
-        "reset_f2b_regex": "",
-        "resource_invalid": "",
-        "rl_timeframe": "",
-        "rspamd_ui_pw_length": "",
-        "script_empty": "",
-        "sender_acl_invalid": "",
-        "set_acl_failed": "",
-        "settings_map_invalid": "",
-        "sieve_error": "",
-        "spam_learn_error": "",
-        "subject_empty": "",
-        "target_domain_invalid": "",
-        "targetd_not_found": "",
-        "targetd_relay_domain": "",
-        "template_exists": "",
-        "template_id_invalid": "",
-        "template_name_invalid": "",
-        "temp_error": "",
-        "text_empty": "",
-        "tfa_token_invalid": "",
-        "tls_policy_map_dest_invalid": "",
-        "tls_policy_map_entry_exists": "",
-        "tls_policy_map_parameter_invalid": "",
-        "totp_verification_failed": "",
-        "webauthn_verification_failed": "",
-        "webauthn_authenticator_failed": "",
-        "webauthn_publickey_failed": "",
-        "webauthn_username_failed": "",
-        "unknown": "",
-        "unknown_tfa_method": "",
-        "unlimited_quota_acl": "",
-        "username_invalid": "",
-        "validity_missing": "",
-        "value_missing": "",
-        "yotp_verification_failed": ""
-    },
-    "quarantine": {
-        "qinfo": "",
-        "qitem": "",
-        "quarantine": "",
-        "quick_actions": "",
-        "quick_delete_link": "",
-        "quick_info_link": "",
-        "danger": "",
-        "medium_danger": "",
-        "neutral_danger": "",
-        "notified": "",
-        "qhandler_success": "",
-        "qid": "",
-        "settings_info": "",
-        "action": "",
-        "atts": "",
-        "check_hash": "",
-        "confirm": "",
-        "confirm_delete": "",
-        "deliver_inbox": "",
-        "disabled_by_config": "",
-        "download_eml": "",
-        "empty": "",
-        "high_danger": "",
-        "info": "",
-        "junk_folder": "",
-        "learn_spam_delete": "",
-        "low_danger": "",
-        "quick_release_link": "",
-        "rcpt": "",
-        "received": "",
-        "recipients": "",
-        "refresh": "",
-        "rejected": "",
-        "release": "",
-        "release_body": "",
-        "release_subject": "",
-        "remove": "",
-        "rewrite_subject": "",
-        "rspamd_result": "",
-        "sender": "",
-        "sender_header": "",
-        "show_item": "",
-        "spam": "",
-        "spam_score": "",
-        "subj": "",
-        "table_size": "",
-        "table_size_show_n": "",
-        "text_from_html_content": "",
-        "text_plain_content": "",
-        "toggle_all": "",
-        "type": ""
-    },
-    "start": {
-        "imap_smtp_server_auth_info": "",
-        "mailcow_apps_detail": "",
-        "help": "",
-        "mailcow_panel_detail": ""
-    },
-    "success": {
-        "domain_admin_added": "",
-        "admin_added": "",
-        "admin_api_modified": "",
-        "domain_admin_modified": "",
-        "domain_admin_removed": "",
-        "domain_footer_modified": "",
-        "domain_modified": "",
-        "domain_removed": "",
-        "dovecot_restart_success": "",
-        "eas_reset": "",
-        "f2b_banlist_refreshed": "",
-        "pushover_settings_edited": "",
-        "qlearn_spam": "",
-        "queue_command_success": "",
-        "recipient_map_entry_deleted": "",
-        "recipient_map_entry_saved": "",
-        "relayhost_added": "",
-        "relayhost_removed": "",
-        "reset_main_logo": "",
-        "resource_added": "",
-        "resource_modified": "",
-        "resource_removed": "",
-        "rl_saved": "",
-        "rspamd_ui_pw_set": "",
-        "saved_settings": "",
-        "settings_map_added": "",
-        "settings_map_removed": "",
-        "sogo_profile_reset": "",
-        "template_added": "",
-        "upload_success": "",
-        "verified_fido2_login": "",
-        "verified_totp_login": "",
-        "verified_webauthn_login": "",
-        "verified_yotp_login": "",
-        "acl_saved": "",
-        "admin_modified": "",
-        "admin_removed": "",
-        "alias_added": "",
-        "alias_domain_removed": "",
-        "alias_modified": "",
-        "alias_removed": "",
-        "aliasd_added": "",
-        "aliasd_modified": "",
-        "app_links": "",
-        "app_passwd_added": "",
-        "app_passwd_removed": "",
-        "bcc_deleted": "",
-        "bcc_edited": "",
-        "bcc_saved": "",
-        "cors_headers_edited": "",
-        "db_init_complete": "",
-        "delete_filter": "",
-        "delete_filters": "",
-        "deleted_syncjob": "",
-        "deleted_syncjobs": "",
-        "dkim_added": "",
-        "domain_add_dkim_available": "",
-        "dkim_duplicated": "",
-        "dkim_removed": "",
-        "domain_added": "",
-        "f2b_modified": "",
-        "forwarding_host_added": "",
-        "forwarding_host_removed": "",
-        "global_filter_written": "",
-        "hash_deleted": "",
-        "ip_check_opt_in_modified": "",
-        "item_deleted": "",
-        "item_released": "",
-        "items_deleted": "",
-        "items_released": "",
-        "learned_ham": "",
-        "license_modified": "",
-        "logged_in_as": "",
-        "mailbox_added": "",
-        "mailbox_modified": "",
-        "mailbox_removed": "",
-        "nginx_reloaded": "",
-        "object_modified": "",
-        "password_policy_saved": "",
-        "template_modified": "",
-        "template_removed": "",
-        "tls_policy_map_entry_deleted": "",
-        "tls_policy_map_entry_saved": "",
-        "ui_texts": ""
-    },
-    "edit": {
-        "description": "",
-        "disable_login": "",
-        "domain": "",
-        "sogo_visible_info": "",
-        "spam_alias": "",
-        "footer_exclude": "",
-        "gal_info": "",
-        "grant_types": "",
-        "hostname": "",
-        "inactive": "",
-        "kind": "",
-        "last_modified": "",
-        "lookup_mx": "",
-        "mailbox": "",
-        "mailbox_quota_def": "",
-        "mailbox_relayhost_info": "",
-        "max_quota": "",
-        "maxage": "",
-        "maxbytespersecond": "",
-        "domain_footer_skip_replies": "",
-        "encryption": "",
-        "exclude": "",
-        "extended_sender_acl": "",
-        "extended_sender_acl_info": "",
-        "pushover_sender_array": "",
-        "pushover_sender_regex": "",
-        "pushover_text": "",
-        "pushover_title": "",
-        "pushover_sound": "",
-        "pushover_vars": "",
-        "pushover_verify": "",
-        "quota_mb": "",
-        "quota_warning_bcc": "",
-        "ratelimit": "",
-        "domain_admin": "",
-        "domain_footer": "",
-        "private_comment": "",
-        "public_comment": "",
-        "skipcrossduplicates": "",
-        "sogo_access": "",
-        "sogo_access_info": "",
-        "sogo_visible": "",
-        "spam_score": "",
-        "subfolder2": "",
-        "spam_filter": "",
-        "spam_policy": "",
-        "syncjob": "",
-        "target_address": "",
-        "target_domain": "",
-        "timeout1": "",
-        "timeout2": "",
-        "title": "",
-        "unchanged_if_empty": "",
-        "username": "",
-        "validate_save": "",
-        "full_name": "",
-        "gal": "",
-        "client_id": "",
-        "max_aliases": "",
-        "mbox_rl_info": "",
-        "mins_interval": "",
-        "multiple_bookings": "",
-        "none_inherit": "",
-        "acl": "",
-        "active": "",
-        "admin": "",
-        "advanced_settings": "",
-        "alias": "",
-        "allow_from_smtp": "",
-        "allow_from_smtp_info": "",
-        "allowed_protocols": "",
-        "app_name": "",
-        "app_passwd": "",
-        "app_passwd_protocols": "",
-        "automap": "",
-        "backup_mx_options": "",
-        "bcc_dest_format": "",
-        "client_secret": "",
-        "comment_info": "",
-        "created_on": "",
-        "custom_attributes": "",
-        "delete1": "",
-        "delete2": "",
-        "delete2duplicates": "",
-        "delete_ays": "",
-        "domain_footer_html": "",
-        "domain_footer_info": "",
-        "domain_footer_info_vars": {
-            "auth_user": "",
-            "from_user": "",
-            "from_name": "",
-            "from_addr": "",
-            "from_domain": "",
-            "custom": ""
-        },
-        "domain_footer_plain": "",
-        "domain_quota": "",
-        "domains": "",
-        "dont_check_sender_acl": "",
-        "edit_alias_domain": "",
-        "force_pw_update": "",
-        "force_pw_update_info": "",
-        "generate": "",
-        "nexthop": "",
-        "password": "",
-        "password_repeat": "",
-        "previous": "",
-        "pushover": "",
-        "pushover_evaluate_x_prio": "",
-        "pushover_info": "",
-        "pushover_only_x_prio": "",
-        "quota_warning_bcc_info": "",
-        "redirect_uri": "",
-        "relay_all": "",
-        "relay_all_info": "",
-        "relay_domain": "",
-        "relay_transport_info": "",
-        "relay_unknown_only": "",
-        "relayhost": "",
-        "remove": "",
-        "resource": "",
-        "save": "",
-        "scope": "",
-        "sender_acl": "",
-        "sender_acl_disabled": "",
-        "sender_acl_info": "",
-        "sieve_desc": "",
-        "sieve_type": "",
-        "max_mailboxes": ""
-    },
-    "fido2": {
-        "none": "",
-        "register_status": "",
-        "rename": "",
-        "set_fido2": "",
-        "set_fido2_touchid": "",
-        "confirm": "",
-        "fido2_auth": "",
-        "fido2_success": "",
-        "fido2_validation_failed": "",
-        "fn": "",
-        "known_ids": "",
-        "set_fn": "",
-        "start_fido2_validation": ""
-    },
-    "mailbox": {
-        "bcc_sender_map": "",
-        "bcc_to_rcpt": "",
-        "bcc_to_sender": "",
-        "bcc_type": "",
-        "booking_null": "",
-        "booking_0_short": "",
-        "booking_custom": "",
-        "booking_custom_short": "",
-        "booking_ltnull": "",
-        "created_on": "",
-        "daily": "",
-        "deactivate": "",
-        "disable_x": "",
-        "domain": "",
-        "excludes": "",
-        "gal": "",
-        "goto_ham": "",
-        "goto_spam": "",
-        "hourly": "",
-        "in_use": "",
-        "mins_interval": "",
-        "msg_num": "",
-        "multiple_bookings": "",
-        "never": "",
-        "sieve_preset_8": "",
-        "sieve_preset_header": "",
-        "sogo_visible": "",
-        "sogo_visible_n": "",
-        "sogo_visible_y": "",
-        "spam_aliases": "",
-        "tls_policy_maps_long": "",
-        "add_domain": "",
-        "booking_lt0_short": "",
-        "catch_all": "",
-        "dkim_domains_selector": "",
-        "description": "",
-        "disable_login": "",
-        "dkim_key_length": "",
-        "domain_admins": "",
-        "domain_aliases": "",
-        "domain_quota": "",
-        "filter_table": "",
-        "filters": "",
-        "fname": "",
-        "force_pw_update": "",
-        "insert_preset": "",
-        "kind": "",
-        "last_mail_login": "",
-        "last_modified": "",
-        "last_pw_change": "",
-        "last_run": "",
-        "last_run_reset": "",
-        "mailbox": "",
-        "mailbox_defaults": "",
-        "mailbox_defaults_info": "",
-        "mailbox_defquota": "",
-        "mailbox_templates": "",
-        "max_aliases": "",
-        "max_mailboxes": "",
-        "remove": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "table_size": "",
-        "action": "",
-        "activate": "",
-        "active": "",
-        "add": "",
-        "add_alias": "",
-        "add_alias_expand": "",
-        "add_bcc_entry": "",
-        "add_domain_alias": "",
-        "add_domain_record_first": "",
-        "add_filter": "",
-        "add_mailbox": "",
-        "add_recipient_map_entry": "",
-        "add_resource": "",
-        "add_template": "",
-        "add_tls_policy_map": "",
-        "address_rewriting": "",
-        "alias": "",
-        "alias_domain_alias_hint": "",
-        "alias_domain_backupmx": "",
-        "aliases": "",
-        "all_domains": "",
-        "allow_from_smtp": "",
-        "allow_from_smtp_info": "",
-        "allowed_protocols": "",
-        "backup_mx": "",
-        "bcc": "",
-        "bcc_destination": "",
-        "bcc_destinations": "",
-        "bcc_info": "",
-        "bcc_local_dest": "",
-        "bcc_map": "",
-        "bcc_map_type": "",
-        "bcc_maps": "",
-        "bcc_rcpt_map": "",
-        "domain_templates": "",
-        "domain_quota_total": "",
-        "domains": "",
-        "edit": "",
-        "empty": "",
-        "enable_x": "",
-        "inactive": "",
-        "mailbox_quota": "",
-        "mailboxes": "",
-        "max_quota": "",
-        "no": "",
-        "no_record": "",
-        "no_record_single": "",
-        "open_logs": "",
-        "owner": "",
-        "private_comment": "",
-        "public_comment": "",
-        "q_add_header": "",
-        "q_all": "",
-        "q_reject": "",
-        "quarantine_category": "",
-        "quarantine_notification": "",
-        "quick_actions": "",
-        "recipient": "",
-        "recipient_map": "",
-        "recipient_map_info": "",
-        "recipient_map_new": "",
-        "recipient_map_new_info": "",
-        "recipient_map_old": "",
-        "recipient_map_old_info": "",
-        "recipient_maps": "",
-        "relay_all": "",
-        "relay_unknown": "",
-        "resources": "",
-        "running": "",
-        "sender": "",
-        "set_postfilter": "",
-        "set_prefilter": "",
-        "sieve_info": "",
-        "sieve_preset_1": "",
-        "sieve_preset_2": "",
-        "sieve_preset_3": "",
-        "sieve_preset_4": "",
-        "sieve_preset_5": "",
-        "sieve_preset_6": "",
-        "sieve_preset_7": "",
-        "stats": "",
-        "status": "",
-        "sync_jobs": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "table_size_show_n": "",
-        "target_address": "",
-        "target_domain": "",
-        "templates": "",
-        "template": "",
-        "tls_enforce_in": "",
-        "tls_enforce_out": "",
-        "tls_map_dest": "",
-        "tls_map_dest_info": "",
-        "tls_map_parameters": "",
-        "tls_map_parameters_info": "",
-        "tls_map_policy": "",
-        "tls_policy_maps": "",
-        "tls_policy_maps_enforced_tls": "",
-        "tls_policy_maps_info": "",
-        "toggle_all": "",
-        "username": "",
-        "waiting": "",
-        "weekly": "",
-        "yes": ""
-    },
-    "info": {
-        "no_action": "",
-        "awaiting_tfa_confirmation": "",
-        "session_expires": ""
-    },
-    "tfa": {
-        "api_register": "",
-        "delete_tfa": "",
-        "authenticators": "",
-        "confirm": "",
-        "confirm_totp_token": "",
-        "disable_tfa": "",
-        "error_code": "",
-        "enter_qr_code": "",
-        "init_webauthn": "",
-        "key_id": "",
-        "key_id_totp": "",
-        "none": "",
-        "reload_retry": "",
-        "scan_qr_code": "",
-        "select": "",
-        "set_tfa": "",
-        "start_webauthn_validation": "",
-        "tfa": "",
-        "tfa_token_invalid": "",
-        "totp": "",
-        "u2f_deprecated": "",
-        "u2f_deprecated_important": "",
-        "webauthn": "",
-        "waiting_usb_auth": "",
-        "waiting_usb_register": "",
-        "yubi_otp": ""
-    },
-    "footer": {
-        "cancel": "",
-        "confirm_delete": "",
-        "delete_now": "",
-        "delete_these_items": "",
-        "hibp_check": "",
-        "hibp_nok": "",
-        "hibp_ok": "",
-        "restart_now": "",
-        "restarting_container": "",
-        "loading": "",
-        "nothing_selected": "",
-        "restart_container": "",
-        "restart_container_info": ""
-    },
-    "header": {
-        "administration": "",
-        "apps": "",
-        "debug": "",
-        "email": "",
-        "mailcow_system": "",
-        "mailcow_config": "",
-        "quarantine": "",
-        "restart_netfilter": "",
-        "restart_sogo": "",
-        "user_settings": ""
-    },
-    "user": {
-        "app_name": "",
-        "direct_aliases": "",
-        "direct_aliases_desc": "",
-        "eas_reset": "",
-        "expire_in": "",
-        "pushover_only_x_prio": "",
-        "quarantine_notification_info": "",
-        "recent_successful_connections": "",
-        "spamfilter_bl": "",
-        "spamfilter_default_score": "",
-        "status": "",
-        "tag_help_explain": "",
-        "tag_in_none": "",
-        "text": "",
-        "aliases_send_as_all": "",
-        "app_hint": "",
-        "interval": "",
-        "is_catch_all": "",
-        "last_mail_login": "",
-        "last_pw_change": "",
-        "last_run": "",
-        "tag_in_subfolder": "",
-        "tag_in_subject": "",
-        "title": "",
-        "quarantine_notification": "",
-        "action": "",
-        "active": "",
-        "active_sieve": "",
-        "advanced_settings": "",
-        "alias": "",
-        "alias_create_random": "",
-        "alias_extend_all": "",
-        "alias_full_date": "",
-        "alias_remove_all": "",
-        "alias_select_validity": "",
-        "alias_time_left": "",
-        "alias_valid_until": "",
-        "aliases_also_send_as": "",
-        "allowed_protocols": "",
-        "app_passwds": "",
-        "apple_connection_profile": "",
-        "apple_connection_profile_complete": "",
-        "apple_connection_profile_mailonly": "",
-        "apple_connection_profile_with_app_password": "",
-        "attribute": "",
-        "change_password": "",
-        "change_password_hint_app_passwords": "",
-        "clear_recent_successful_connections": "",
-        "client_configuration": "",
-        "create_app_passwd": "",
-        "create_syncjob": "",
-        "created_on": "",
-        "daily": "",
-        "day": "",
-        "delete_ays": "",
-        "direct_protocol_access": "",
-        "eas_reset_help": "",
-        "eas_reset_now": "",
-        "edit": "",
-        "email": "",
-        "email_and_dav": "",
-        "empty": "",
-        "encryption": "",
-        "excludes": "",
-        "fido2_webauthn": "",
-        "force_pw_update": "",
-        "from": "",
-        "generate": "",
-        "hour": "",
-        "hourly": "",
-        "hours": "",
-        "in_use": "",
-        "last_ui_login": "",
-        "loading": "",
-        "login_history": "",
-        "mailbox": "",
-        "mailbox_details": "",
-        "mailbox_general": "",
-        "mailbox_settings": "",
-        "messages": "",
-        "month": "",
-        "months": "",
-        "never": "",
-        "new_password": "",
-        "new_password_repeat": "",
-        "no_active_filter": "",
-        "no_last_login": "",
-        "no_record": "",
-        "open_logs": "",
-        "open_webmail_sso": "",
-        "password": "",
-        "password_now": "",
-        "password_repeat": "",
-        "pushover_evaluate_x_prio": "",
-        "pushover_info": "",
-        "pushover_sender_array": "",
-        "pushover_sender_regex": "",
-        "pushover_text": "",
-        "pushover_title": "",
-        "pushover_sound": "",
-        "pushover_vars": "",
-        "pushover_verify": "",
-        "q_add_header": "",
-        "q_all": "",
-        "q_reject": "",
-        "quarantine_category": "",
-        "quarantine_category_info": "",
-        "remove": "",
-        "running": "",
-        "save": "",
-        "save_changes": "",
-        "sender_acl_disabled": "",
-        "shared_aliases": "",
-        "shared_aliases_desc": "",
-        "show_sieve_filters": "",
-        "sogo_profile_reset": "",
-        "sogo_profile_reset_help": "",
-        "sogo_profile_reset_now": "",
-        "spam_aliases": "",
-        "spam_score_reset": "",
-        "spamfilter": "",
-        "spamfilter_behavior": "",
-        "spamfilter_bl_desc": "",
-        "spamfilter_green": "",
-        "spamfilter_hint": "",
-        "spamfilter_red": "",
-        "spamfilter_table_action": "",
-        "spamfilter_table_add": "",
-        "spamfilter_table_domain_policy": "",
-        "spamfilter_table_empty": "",
-        "spamfilter_table_remove": "",
-        "spamfilter_table_rule": "",
-        "spamfilter_wl": "",
-        "spamfilter_wl_desc": "",
-        "spamfilter_yellow": "",
-        "sync_jobs": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "tag_handling": "",
-        "tag_help_example": "",
-        "tls_enforce_in": "",
-        "tls_enforce_out": "",
-        "tls_policy": "",
-        "tls_policy_warning": "",
-        "user_settings": "",
-        "username": "",
-        "value": "",
-        "verify": "",
-        "waiting": "",
-        "week": "",
-        "weekly": "",
-        "weeks": "",
-        "with_app_password": "",
-        "year": "",
-        "years": ""
-    },
-    "warning": {
-        "session_token": "",
-        "session_ua": "",
-        "cannot_delete_self": "",
-        "domain_added_sogo_failed": "",
-        "dovecot_restart_failed": "",
-        "fuzzy_learn_error": "",
-        "hash_not_found": "",
-        "ip_invalid": "",
-        "is_not_primary_alias": "",
-        "no_active_admin": "",
-        "quota_exceeded_scope": ""
-    },
-    "diagnostics": {
-        "dns_records_docs": "",
-        "cname_from_a": "",
-        "dns_records": "",
-        "dns_records_24hours": "",
-        "dns_records_data": "",
-        "dns_records_name": "",
-        "dns_records_status": "",
-        "dns_records_type": "",
-        "optional": ""
-    },
-    "debug": {
-        "service": "",
-        "show_ip": "",
-        "architecture": "",
-        "chart_this_server": "",
-        "containers_info": "",
-        "container_running": "",
-        "container_disabled": "",
-        "container_stopped": "",
-        "cores": "",
-        "current_time": "",
-        "disk_usage": "",
-        "docs": "",
-        "error_show_ip": "",
-        "external_logs": "",
-        "history_all_servers": "",
-        "in_memory_logs": "",
-        "jvm_memory_solr": "",
-        "last_modified": "",
-        "log_info": "",
-        "login_time": "",
-        "logs": "",
-        "memory": "",
-        "online_users": "",
-        "restart_container": "",
-        "size": "",
-        "solr_dead": "",
-        "solr_status": "",
-        "started_at": "",
-        "started_on": "",
-        "static_logs": "",
-        "success": "",
-        "system_containers": "",
-        "timezone": "",
-        "uptime": "",
-        "update_available": "",
-        "no_update_available": "",
-        "update_failed": "",
-        "username": "",
-        "wip": ""
-    },
-    "login": {
-        "fido2_webauthn": "",
-        "delayed": "",
-        "login": "",
-        "mobileconfig_info": "",
-        "other_logins": "",
-        "password": "",
-        "username": ""
-    },
-    "datatables": {
-        "collapse_all": "",
-        "decimal": "",
-        "emptyTable": "",
-        "expand_all": "",
-        "info": "",
-        "infoEmpty": "",
-        "infoFiltered": "",
-        "infoPostFix": "",
-        "thousands": "",
-        "lengthMenu": "",
-        "loadingRecords": "",
-        "processing": "",
-        "search": "",
-        "zeroRecords": "",
-        "paginate": {
-            "first": "",
-            "last": "",
-            "next": "",
-            "previous": ""
-        },
-        "aria": {
-            "sortAscending": "",
-            "sortDescending": ""
-        }
-    },
-    "oauth2": {
-        "access_denied": "",
-        "authorize_app": "",
-        "deny": "",
-        "permit": "",
-        "profile": "",
-        "profile_desc": "",
-        "scope_ask_permission": ""
-    },
-    "queue": {
-        "delete": "",
-        "flush": "",
-        "info": "",
-        "legend": "",
-        "ays": "",
-        "deliver_mail": "",
-        "deliver_mail_legend": "",
-        "hold_mail": "",
-        "hold_mail_legend": "",
-        "queue_manager": "",
-        "show_message": "",
-        "unban": "",
-        "unhold_mail": "",
-        "unhold_mail_legend": ""
-    },
-    "ratelimit": {
-        "disabled": "",
-        "second": "",
-        "minute": "",
-        "hour": "",
-        "day": ""
+        "img_size_exceeded": "Bildet overskrider maksimal filstørrelse"
     }
 }
diff --git a/data/web/lang/lang.nl-nl.json b/data/web/lang/lang.nl-nl.json
index 725e73bfb..fdfc91c70 100644
--- a/data/web/lang/lang.nl-nl.json
+++ b/data/web/lang/lang.nl-nl.json
@@ -26,9 +26,7 @@
         "syncjobs": "Sync jobs",
         "tls_policy": "Versleutelingsbeleid",
         "unlimited_quota": "Onbeperkte quota voor mailboxen",
-        "domain_desc": "Wijzig domeinbeschrijving",
-        "domain_relayhost": "",
-        "mailbox_relayhost": ""
+        "domain_desc": "Wijzig domeinbeschrijving"
     },
     "add": {
         "activate_filter_warn": "Alle andere filters worden gedeactiveerd zolang deze geactiveerd is.",
@@ -106,9 +104,7 @@
         "validate": "Verifieer",
         "validation_success": "Succesvol geverifieerd",
         "tags": "Tags",
-        "bcc_dest_format": "BCC-bestemming moet één geldig e-mailadres zijn.<br>Als u een kopie naar meerdere adressen wilt sturen, maak dan een alias aan en gebruik die hier.",
-        "dry": "",
-        "app_passwd_protocols": ""
+        "bcc_dest_format": "BCC-bestemming moet één geldig e-mailadres zijn.<br>Als u een kopie naar meerdere adressen wilt sturen, maak dan een alias aan en gebruik die hier."
     },
     "admin": {
         "access": "Toegang",
@@ -341,17 +337,7 @@
         "admins_ldap": "LDAP administrators",
         "api_read_only": "Alleen-lezen toegang",
         "api_read_write": "Lees en schrijf toegang",
-        "login_time": "Login tijd",
-        "allowed_methods": "",
-        "copy_to_clipboard": "",
-        "f2b_manage_external": "",
-        "f2b_manage_external_info": "",
-        "allowed_origins": "",
-        "ip_check_opt_in": "",
-        "queue_unban": "",
-        "transport_test_rcpt_info": "",
-        "yes": "",
-        "no": ""
+        "login_time": "Login tijd"
     },
     "danger": {
         "access_denied": "Toegang geweigerd of ongeldige gegevens",
@@ -477,12 +463,7 @@
         "demo_mode_enabled": "Demo modus is ingeschakeld",
         "template_exists": "Sjabloon %s bestaat al",
         "template_id_invalid": "Sjabloon ID %s ongeldig",
-        "template_name_invalid": "Sjabloon naam ongeldig",
-        "webauthn_username_failed": "",
-        "cors_invalid_origin": "",
-        "img_dimensions_exceeded": "",
-        "img_size_exceeded": "",
-        "extended_sender_acl_denied": ""
+        "template_name_invalid": "Sjabloon naam ongeldig"
     },
     "debug": {
         "chart_this_server": "Grafiek (deze server)",
@@ -646,26 +627,7 @@
         "acl": "ACL (Toestemming)",
         "domain_footer": "Domeinbreede footer",
         "domain_footer_html": "HTML footer",
-        "mailbox_relayhost_info": "Wordt alleen toegepast op de mailbox en directe aliassen, maar heft een domein relayhost op.",
-        "lookup_mx": "",
-        "footer_exclude": "",
-        "domain_footer_skip_replies": "",
-        "custom_attributes": "",
-        "quota_warning_bcc": "",
-        "domain_footer_info_vars": {
-            "auth_user": "",
-            "from_user": "",
-            "from_name": "",
-            "from_addr": "",
-            "from_domain": "",
-            "custom": ""
-        },
-        "pushover": "",
-        "domain_footer_plain": "",
-        "none_inherit": "",
-        "quota_warning_bcc_info": "",
-        "sogo_access": "",
-        "sogo_access_info": ""
+        "mailbox_relayhost_info": "Wordt alleen toegepast op de mailbox en directe aliassen, maar heft een domein relayhost op."
     },
     "footer": {
         "cancel": "Annuleren",
@@ -678,9 +640,7 @@
         "restart_container": "Herstart container",
         "restart_container_info": "<b>Belangrijk:</b> Een herstart kan enige tijd in beslag nemen, wacht aub totdat dit proces voltooid is.<br>Deze pagina zal zichzelf verversen zodra het proces voltooid is.",
         "restart_now": "Nu herstarten",
-        "restarting_container": "Container wordt herstart, even geduld aub...",
-        "hibp_check": "",
-        "nothing_selected": ""
+        "restarting_container": "Container wordt herstart, even geduld aub..."
     },
     "header": {
         "administration": "Configuratie & details",
@@ -691,8 +651,7 @@
         "quarantine": "Quarantaine",
         "restart_netfilter": "Herstart netfilter",
         "restart_sogo": "Herstart SOGo",
-        "user_settings": "Gebruikersinstellingen",
-        "mailcow_system": ""
+        "user_settings": "Gebruikersinstellingen"
     },
     "info": {
         "awaiting_tfa_confirmation": "In afwachting van tweefactorauthenticatie...",
@@ -853,35 +812,7 @@
         "toggle_all": "Selecteer alles",
         "username": "Gebruikersnaam",
         "waiting": "Wachten",
-        "weekly": "Wekelijks",
-        "add_alias_expand": "",
-        "all_domains": "",
-        "goto_spam": "",
-        "sender": "",
-        "catch_all": "",
-        "add_template": "",
-        "created_on": "",
-        "domain_templates": "",
-        "domain_quota_total": "",
-        "goto_ham": "",
-        "last_pw_change": "",
-        "mailbox_templates": "",
-        "no": "",
-        "open_logs": "",
-        "recipient": "",
-        "relay_unknown": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "templates": "",
-        "template": "",
-        "yes": ""
+        "weekly": "Wekelijks"
     },
     "oauth2": {
         "access_denied": "Log in als een mailboxgebruiker om toegang via OAuth te verlenen",
@@ -946,20 +877,7 @@
         "toggle_all": "Selecteer alles"
     },
     "queue": {
-        "queue_manager": "Queue manager",
-        "delete": "",
-        "flush": "",
-        "info": "",
-        "legend": "",
-        "ays": "",
-        "deliver_mail": "",
-        "deliver_mail_legend": "",
-        "hold_mail": "",
-        "hold_mail_legend": "",
-        "show_message": "",
-        "unban": "",
-        "unhold_mail": "",
-        "unhold_mail_legend": ""
+        "queue_manager": "Queue manager"
     },
     "start": {
         "help": "Toon/verberg hulppaneel",
@@ -1042,16 +960,7 @@
         "verified_totp_login": "TOTP succesvol geverifieerd",
         "verified_webauthn_login": "WebAuthn succesvol geverifieerd",
         "verified_fido2_login": "FIDO2 succesvol geverifieerd",
-        "verified_yotp_login": "Yubico OTP succesvol geverifieerd",
-        "f2b_banlist_refreshed": "",
-        "ip_check_opt_in_modified": "",
-        "password_policy_saved": "",
-        "template_added": "",
-        "cors_headers_edited": "",
-        "domain_add_dkim_available": "",
-        "domain_footer_modified": "",
-        "template_modified": "",
-        "template_removed": ""
+        "verified_yotp_login": "Yubico OTP succesvol geverifieerd"
     },
     "tfa": {
         "api_register": "%s maakt gebruik van de Yubico Cloud API. Om dit te benutten is er een API-key van Yubico vereist, deze kan <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">hier</a> opgevraagd worden",
@@ -1076,10 +985,7 @@
         "webauthn": "WebAuthn",
         "waiting_usb_auth": "<i>In afwachting van USB-apparaat...</i><br><br>Druk nu op de knop van je WebAuthn-apparaat.",
         "waiting_usb_register": "<i>In afwachting van USB-apparaat...</i><br><br>Voer je wachtwoord hierboven in en bevestig de registratie van het WebAuthn-apparaat door op de knop van het apparaat te drukken.",
-        "yubi_otp": "Yubico OTP",
-        "authenticators": "",
-        "u2f_deprecated": "",
-        "u2f_deprecated_important": ""
+        "yubi_otp": "Yubico OTP"
     },
     "fido2": {
         "set_fn": "Stel naam in",
@@ -1093,8 +999,7 @@
         "start_fido2_validation": "Start FIDO2-validatie",
         "fido2_auth": "Aanmelden met FIDO2",
         "fido2_success": "Apparaat succesvol geregistreerd",
-        "fido2_validation_failed": "Validatie mislukt",
-        "set_fido2_touchid": ""
+        "fido2_validation_failed": "Validatie mislukt"
     },
     "user": {
         "action": "Handeling",
@@ -1224,41 +1129,7 @@
         "waiting": "Wachten",
         "week": "week",
         "weekly": "Wekelijks",
-        "weeks": "weken",
-        "attribute": "",
-        "years": "",
-        "value": "",
-        "fido2_webauthn": "",
-        "recent_successful_connections": "",
-        "syncjob_check_log": "",
-        "allowed_protocols": "",
-        "apple_connection_profile_with_app_password": "",
-        "direct_protocol_access": "",
-        "last_pw_change": "",
-        "last_ui_login": "",
-        "login_history": "",
-        "mailbox": "",
-        "mailbox_general": "",
-        "mailbox_settings": "",
-        "month": "",
-        "months": "",
-        "open_logs": "",
-        "open_webmail_sso": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "year": "",
-        "with_app_password": "",
-        "from": "",
-        "change_password_hint_app_passwords": "",
-        "clear_recent_successful_connections": "",
-        "created_on": "",
-        "empty": ""
+        "weeks": "weken"
     },
     "warning": {
         "cannot_delete_self": "Gebruikers kunnen niet worden verwijderd wanneer deze zijn aangemeld",
@@ -1270,8 +1141,7 @@
         "no_active_admin": "Het is niet mogelijk om de laatste actieve administrator te verwijderen",
         "quota_exceeded_scope": "Domeinquota overschreden: Voor dit domein kunnen uitsluitend onbeperkte mailboxen aangemaakt worden.",
         "session_token": "Token ongeldig: komt niet overeen",
-        "session_ua": "Token ongeldig: gebruikersagentvalidatie mislukt",
-        "is_not_primary_alias": ""
+        "session_ua": "Token ongeldig: gebruikersagentvalidatie mislukt"
     },
     "datatables": {
         "emptyTable": "Geen data beschikbaar in tabel",
@@ -1295,15 +1165,6 @@
         "loadingRecords": "Laden...",
         "processing": "Wachten alstublieft..",
         "search": "Zoeken:",
-        "zeroRecords": "Geen overeenkomsten gevonden",
-        "infoPostFix": "",
-        "infoFiltered": ""
-    },
-    "ratelimit": {
-        "disabled": "",
-        "second": "",
-        "minute": "",
-        "hour": "",
-        "day": ""
+        "zeroRecords": "Geen overeenkomsten gevonden"
     }
 }
diff --git a/data/web/lang/lang.pl-pl.json b/data/web/lang/lang.pl-pl.json
index d10a1e165..aa185d32e 100644
--- a/data/web/lang/lang.pl-pl.json
+++ b/data/web/lang/lang.pl-pl.json
@@ -2,33 +2,7 @@
     "acl": {
         "sogo_profile_reset": "Usuń profil SOGo (webmail)",
         "syncjobs": "Polecenie synchronizacji",
-        "alias_domains": "Dodaj aliasy domen",
-        "quarantine_notification": "",
-        "ratelimit": "",
-        "recipient_maps": "",
-        "smtp_ip_access": "",
-        "sogo_access": "",
-        "spam_alias": "",
-        "spam_policy": "",
-        "spam_score": "",
-        "tls_policy": "",
-        "unlimited_quota": "",
-        "app_passwds": "",
-        "bcc_maps": "",
-        "delimiter_action": "",
-        "domain_desc": "",
-        "domain_relayhost": "",
-        "eas_reset": "",
-        "extend_sender_acl": "",
-        "filters": "",
-        "login_as": "",
-        "mailbox_relayhost": "",
-        "prohibited": "",
-        "protocol_access": "",
-        "quarantine": "",
-        "quarantine_attachments": "",
-        "quarantine_category": "",
-        "pushover": ""
+        "alias_domains": "Dodaj aliasy domen"
     },
     "add": {
         "active": "Aktywny",
@@ -69,46 +43,7 @@
         "target_address": "Adresy Idź do:",
         "target_address_info": "<small> Pełny/e adres/y email (oddzielone przecinkami).</small>",
         "target_domain": "Domena docelowa:",
-        "username": "Nazwa użytkownika",
-        "dry": "",
-        "add_domain_only": "",
-        "automap": "",
-        "bcc_dest_format": "",
-        "comment_info": "",
-        "custom_params": "",
-        "custom_params_hint": "",
-        "delete2": "",
-        "disable_login": "",
-        "domain_matches_hostname": "",
-        "destination": "",
-        "sieve_desc": "",
-        "sieve_type": "",
-        "skipcrossduplicates": "",
-        "subscribeall": "",
-        "tags": "",
-        "timeout1": "",
-        "gal": "",
-        "gal_info": "",
-        "goto_ham": "",
-        "goto_null": "",
-        "goto_spam": "",
-        "inactive": "",
-        "mailbox_quota_def": "",
-        "private_comment": "",
-        "public_comment": "",
-        "relay_transport_info": "",
-        "timeout2": "",
-        "validate": "",
-        "relay_unknown_only": "",
-        "relayhost_wrapped_tls_info": "",
-        "validation_success": "",
-        "activate_filter_warn": "",
-        "add_domain_restart": "",
-        "app_name": "",
-        "generate": "",
-        "nexthop": "",
-        "app_password": "",
-        "app_passwd_protocols": ""
+        "username": "Nazwa użytkownika"
     },
     "admin": {
         "access": "Dostęp",
@@ -164,194 +99,7 @@
         "spamfilter": "Filtr spamu",
         "time": "Czas",
         "unchanged_if_empty": "W przypadku braku zmian, nie wypełniaj",
-        "username": "Nazwa użytkownika",
-        "oauth2_redirect_uri": "",
-        "oauth2_renew_secret": "",
-        "oauth2_revoke_tokens": "",
-        "rspamd_global_filters_regex": "",
-        "ui_header_announcement_type_warning": "",
-        "logo_normal_label": "",
-        "logo_dark_label": "",
-        "rate_name": "",
-        "ui_texts": "",
-        "unban_pending": "",
-        "f2b_ban_time_increment": "",
-        "f2b_max_ban_time": "",
-        "relayhosts_hint": "",
-        "copy_to_clipboard": "",
-        "f2b_manage_external": "",
-        "f2b_manage_external_info": "",
-        "in_use_by": "",
-        "include_exclude": "",
-        "include_exclude_info": "",
-        "includes": "",
-        "is_mx_based": "",
-        "nexthop": "",
-        "no": "",
-        "no_active_bans": "",
-        "no_new_rows": "",
-        "oauth2_apps": "",
-        "oauth2_add_client": "",
-        "oauth2_client_id": "",
-        "oauth2_client_secret": "",
-        "oauth2_info": "",
-        "optional": "",
-        "options": "",
-        "password_length": "",
-        "password_policy": "",
-        "password_policy_chars": "",
-        "password_policy_length": "",
-        "quarantine_notification_html": "",
-        "quarantine_notification_subject": "",
-        "quarantine_redirect": "",
-        "quarantine_release_format": "",
-        "quarantine_release_format_att": "",
-        "quarantine_release_format_raw": "",
-        "quarantine_retention_size": "",
-        "quota_notification_html": "",
-        "quota_notification_sender": "",
-        "quota_notification_subject": "",
-        "quota_notifications": "",
-        "quota_notifications_info": "",
-        "quota_notifications_vars": "",
-        "queue_unban": "",
-        "recipients": "",
-        "regen_api_key": "",
-        "relay_rcpt": "",
-        "relay_run": "",
-        "relayhosts": "",
-        "remove_row": "",
-        "reset_default": "",
-        "reset_limit": "",
-        "rsetting_add_rule": "",
-        "rsetting_content": "",
-        "rsetting_desc": "",
-        "rsetting_no_selection": "",
-        "rsetting_none": "",
-        "rsettings_insert_preset": "",
-        "rsettings_preset_1": "",
-        "rsettings_preset_2": "",
-        "rsettings_preset_3": "",
-        "rsettings_preset_4": "",
-        "rspamd_com_settings": "",
-        "rspamd_global_filters": "",
-        "rspamd_global_filters_agree": "",
-        "rspamd_global_filters_info": "",
-        "rspamd_settings_map": "",
-        "sal_level": "",
-        "send": "",
-        "sender": "",
-        "service": "",
-        "service_id": "",
-        "subject": "",
-        "success": "",
-        "sys_mails": "",
-        "text": "",
-        "title": "",
-        "ui_header_announcement_type": "",
-        "ui_header_announcement_type_danger": "",
-        "ui_header_announcement_type_info": "",
-        "validate_license_now": "",
-        "verify": "",
-        "yes": "",
-        "allowed_methods": "",
-        "allowed_origins": "",
-        "cors_settings": "",
-        "customize": "",
-        "credentials_transport_warning": "",
-        "destination": "",
-        "dkim_domains_selector": "",
-        "hash_remove_info": "",
-        "html": "",
-        "message_size": "",
-        "dkim_domains_wo_keys": "",
-        "dkim_from_title": "",
-        "dkim_overwrite_key": "",
-        "excludes": "",
-        "f2b_blacklist": "",
-        "f2b_filter": "",
-        "f2b_list_info": "",
-        "f2b_netban_ipv4": "",
-        "f2b_netban_ipv6": "",
-        "f2b_regex_info": "",
-        "from": "",
-        "generate": "",
-        "guid": "",
-        "guid_and_license": "",
-        "help_text": "",
-        "dkim_to": "",
-        "dkim_to_title": "",
-        "domain_admin": "",
-        "domain_s": "",
-        "duplicate": "",
-        "duplicate_dkim": "",
-        "ip_check": "",
-        "ip_check_disabled": "",
-        "ip_check_opt_in": "",
-        "last_applied": "",
-        "merged_vars_hint": "",
-        "license_info": "",
-        "link": "",
-        "login_time": "",
-        "logo_info": "",
-        "main_name": "",
-        "password_policy_lowerupper": "",
-        "password_policy_numbers": "",
-        "password_policy_special_chars": "",
-        "quarantine_bcc": "",
-        "quarantine_exclude_domains": "",
-        "quarantine_max_age": "",
-        "quarantine_max_score": "",
-        "quarantine_max_size": "",
-        "quarantine_notification_sender": "",
-        "title_name": "",
-        "to_top": "",
-        "transport_dest_format": "",
-        "transport_maps": "",
-        "transport_test_rcpt_info": "",
-        "transports_hint": "",
-        "ui_header_announcement": "",
-        "ui_header_announcement_active": "",
-        "ui_header_announcement_content": "",
-        "ui_header_announcement_help": "",
-        "ui_header_announcement_select": "",
-        "upload": "",
-        "regex_maps": "",
-        "relay_from": "",
-        "dkim_from": "",
-        "activate_api": "",
-        "activate_send": "",
-        "active_rspamd_settings_map": "",
-        "add_admin": "",
-        "add_relayhost": "",
-        "add_relayhost_hint": "",
-        "add_row": "",
-        "add_settings_rule": "",
-        "add_transport": "",
-        "add_transports_hint": "",
-        "customer_id": "",
-        "additional_rows": "",
-        "admins": "",
-        "admins_ldap": "",
-        "advanced_settings": "",
-        "api_allow_from": "",
-        "api_info": "",
-        "api_key": "",
-        "api_read_only": "",
-        "api_read_write": "",
-        "api_skip_ip_check": "",
-        "app_links": "",
-        "app_name": "",
-        "apps_name": "",
-        "arrival_time": "",
-        "authed_user": "",
-        "ays": "",
-        "ban_list_info": "",
-        "change_logo": "",
-        "convert_html_to_text": "",
-        "routing": "",
-        "ui_footer": "",
-        "lookup_mx": ""
+        "username": "Nazwa użytkownika"
     },
     "danger": {
         "access_denied": "Odmowa dostępu lub nieprawidłowe dane w formularzu",
@@ -397,92 +145,7 @@
         "target_domain_invalid": "Domena Idź do jest nieprawidłowa",
         "targetd_not_found": "Nie znaleziono domeny docelowej",
         "username_invalid": "Nie można użyć nazwy użytkownika",
-        "validity_missing": "Proszę wyznaczyć termin ważności",
-        "webauthn_authenticator_failed": "",
-        "app_name_empty": "",
-        "app_passwd_id_invalid": "",
-        "bcc_empty": "",
-        "bcc_exists": "",
-        "bcc_must_be_email": "",
-        "cors_invalid_method": "",
-        "cors_invalid_origin": "",
-        "mysql_error": "",
-        "img_dimensions_exceeded": "",
-        "img_size_exceeded": "",
-        "invalid_filter_type": "",
-        "invalid_host": "",
-        "invalid_mime_type": "",
-        "invalid_nexthop": "",
-        "invalid_nexthop_authenticated": "",
-        "invalid_recipient_map_new": "",
-        "invalid_recipient_map_old": "",
-        "mailbox_defquota_exceeds_mailbox_maxquota": "",
-        "map_content_empty": "",
-        "network_host_invalid": "",
-        "next_hop_interferes": "",
-        "next_hop_interferes_any": "",
-        "nginx_reload_failed": "",
-        "no_user_defined": "",
-        "tls_policy_map_entry_exists": "",
-        "tls_policy_map_parameter_invalid": "",
-        "totp_verification_failed": "",
-        "transport_dest_exists": "",
-        "webauthn_verification_failed": "",
-        "webauthn_publickey_failed": "",
-        "webauthn_username_failed": "",
-        "unknown": "",
-        "value_missing": "",
-        "yotp_verification_failed": "",
-        "unknown_tfa_method": "",
-        "unlimited_quota_acl": "",
-        "comment_too_long": "",
-        "defquota_empty": "",
-        "demo_mode_enabled": "",
-        "dkim_domain_or_sel_exists": "",
-        "domain_cannot_match_hostname": "",
-        "extended_sender_acl_denied": "",
-        "from_invalid": "",
-        "global_filter_write_error": "",
-        "global_map_invalid": "",
-        "global_map_write_error": "",
-        "ham_learn_error": "",
-        "imagick_exception": "",
-        "img_invalid": "",
-        "img_tmp_missing": "",
-        "invalid_bcc_map_type": "",
-        "invalid_destination": "",
-        "private_key_error": "",
-        "pushover_credentials_missing": "",
-        "pushover_key": "",
-        "pushover_token": "",
-        "recipient_map_entry_exists": "",
-        "redis_error": "",
-        "relayhost_invalid": "",
-        "release_send_failed": "",
-        "reset_f2b_regex": "",
-        "rl_timeframe": "",
-        "rspamd_ui_pw_length": "",
-        "set_acl_failed": "",
-        "settings_map_invalid": "",
-        "sieve_error": "",
-        "spam_learn_error": "",
-        "subject_empty": "",
-        "template_exists": "",
-        "template_id_invalid": "",
-        "template_name_invalid": "",
-        "text_empty": "",
-        "tls_policy_map_dest_invalid": "",
-        "malformed_username": "",
-        "extra_acl_invalid": "",
-        "targetd_relay_domain": "",
-        "temp_error": "",
-        "tfa_token_invalid": "",
-        "script_empty": "",
-        "ip_list_empty": "",
-        "extra_acl_invalid_domain": "",
-        "fido2_verification_failed": "",
-        "file_open_error": "",
-        "filter_type": ""
+        "validity_missing": "Proszę wyznaczyć termin ważności"
     },
     "edit": {
         "active": "Aktywny",
@@ -527,93 +190,7 @@
         "target_domain": "Domena docelowa",
         "title": "Edytuj obiekt",
         "unchanged_if_empty": "Jeżli bez zmian, nie wypełniaj",
-        "username": "Nazwa użytkownika",
-        "comment_info": "",
-        "created_on": "",
-        "footer_exclude": "",
-        "domain_footer_skip_replies": "",
-        "relay_transport_info": "",
-        "relay_unknown_only": "",
-        "scope": "",
-        "sender_acl_disabled": "",
-        "sender_acl_info": "",
-        "sieve_type": "",
-        "skipcrossduplicates": "",
-        "sogo_access": "",
-        "sogo_access_info": "",
-        "timeout2": "",
-        "validate_save": "",
-        "custom_attributes": "",
-        "domain_footer_info_vars": {
-            "from_user": "",
-            "from_addr": "",
-            "custom": "",
-            "auth_user": "",
-            "from_name": "",
-            "from_domain": ""
-        },
-        "domain_footer_plain": "",
-        "relayhost": "",
-        "timeout1": "",
-        "acl": "",
-        "admin": "",
-        "advanced_settings": "",
-        "allow_from_smtp": "",
-        "bcc_dest_format": "",
-        "client_id": "",
-        "client_secret": "",
-        "domain_footer": "",
-        "domain_footer_html": "",
-        "domain_footer_info": "",
-        "pushover_sender_array": "",
-        "pushover_sender_regex": "",
-        "pushover_text": "",
-        "pushover_title": "",
-        "ratelimit": "",
-        "redirect_uri": "",
-        "sogo_visible": "",
-        "sogo_visible_info": "",
-        "spam_alias": "",
-        "spam_filter": "",
-        "spam_policy": "",
-        "spam_score": "",
-        "sieve_desc": "",
-        "gal_info": "",
-        "grant_types": "",
-        "last_modified": "",
-        "delete2": "",
-        "delete_ays": "",
-        "disable_login": "",
-        "extended_sender_acl": "",
-        "extended_sender_acl_info": "",
-        "force_pw_update": "",
-        "force_pw_update_info": "",
-        "mailbox_quota_def": "",
-        "mailbox_relayhost_info": "",
-        "mbox_rl_info": "",
-        "none_inherit": "",
-        "nexthop": "",
-        "private_comment": "",
-        "public_comment": "",
-        "pushover": "",
-        "pushover_evaluate_x_prio": "",
-        "pushover_info": "",
-        "pushover_only_x_prio": "",
-        "maxbytespersecond": "",
-        "allow_from_smtp_info": "",
-        "allowed_protocols": "",
-        "app_name": "",
-        "app_passwd": "",
-        "app_passwd_protocols": "",
-        "automap": "",
-        "gal": "",
-        "generate": "",
-        "pushover_sound": "",
-        "pushover_vars": "",
-        "pushover_verify": "",
-        "quota_warning_bcc": "",
-        "quota_warning_bcc_info": "",
-        "lookup_mx": ""
+        "username": "Nazwa użytkownika"
     },
     "footer": {
         "cancel": "Anuluj",
@@ -621,14 +198,7 @@
         "delete_now": "Usuń teraz",
         "delete_these_items": "Czy jesteś pewien, że chcesz usunąć następujące elementy?",
         "loading": "Proszę czekać...",
-        "restart_now": "Uruchom ponownie teraz",
-        "hibp_check": "",
-        "hibp_nok": "",
-        "restart_container_info": "",
-        "restarting_container": "",
-        "hibp_ok": "",
-        "nothing_selected": "",
-        "restart_container": ""
+        "restart_now": "Uruchom ponownie teraz"
     },
     "header": {
         "administration": "Administrowanie",
@@ -636,25 +206,16 @@
         "mailcow_config": "Konfiguracja",
         "quarantine": "Kwarantanna",
         "restart_sogo": "Uruchom ponownie SOGo",
-        "user_settings": "Ustawienia użytkownika",
-        "apps": "",
-        "debug": "",
-        "mailcow_system": "",
-        "restart_netfilter": ""
+        "user_settings": "Ustawienia użytkownika"
     },
     "info": {
-        "no_action": "Żadne działanie nie ma zastosowania",
-        "awaiting_tfa_confirmation": "",
-        "session_expires": ""
+        "no_action": "Żadne działanie nie ma zastosowania"
     },
     "login": {
         "delayed": "Logowanie zostało opóźnione o %s sekund.",
         "login": "Zaloguj się",
         "password": "Hasło",
-        "username": "Nazwa użytkownika",
-        "mobileconfig_info": "",
-        "fido2_webauthn": "",
-        "other_logins": ""
+        "username": "Nazwa użytkownika"
     },
     "mailbox": {
         "action": "Działanie",
@@ -714,122 +275,7 @@
         "tls_enforce_out": "Uruchom TLS wychodzące",
         "toggle_all": "Zaznacz wszystkie",
         "username": "Nazwa użytkownika",
-        "weekly": "Co tydzień",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "add_alias_expand": "",
-        "add_bcc_entry": "",
-        "add_filter": "",
-        "add_recipient_map_entry": "",
-        "allow_from_smtp": "",
-        "bcc_info": "",
-        "bcc_local_dest": "",
-        "bcc_map": "",
-        "bcc_map_type": "",
-        "bcc_maps": "",
-        "bcc_rcpt_map": "",
-        "bcc_sender_map": "",
-        "bcc_to_rcpt": "",
-        "bcc_to_sender": "",
-        "bcc_type": "",
-        "booking_null": "",
-        "booking_0_short": "",
-        "booking_custom": "",
-        "booking_custom_short": "",
-        "booking_ltnull": "",
-        "booking_lt0_short": "",
-        "catch_all": "",
-        "created_on": "",
-        "goto_spam": "",
-        "insert_preset": "",
-        "last_mail_login": "",
-        "last_modified": "",
-        "last_pw_change": "",
-        "last_run_reset": "",
-        "mailbox": "",
-        "mailbox_defaults": "",
-        "mailbox_defaults_info": "",
-        "mailbox_defquota": "",
-        "mailbox_templates": "",
-        "no": "",
-        "q_add_header": "",
-        "q_all": "",
-        "q_reject": "",
-        "quarantine_category": "",
-        "recipient": "",
-        "recipient_map": "",
-        "recipient_map_info": "",
-        "recipient_map_old": "",
-        "recipient_map_old_info": "",
-        "recipient_maps": "",
-        "relay_unknown": "",
-        "sogo_visible_y": "",
-        "stats": "",
-        "status": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "tls_policy_maps_info": "",
-        "tls_policy_maps_long": "",
-        "waiting": "",
-        "yes": "",
-        "sieve_preset_8": "",
-        "add_template": "",
-        "add_tls_policy_map": "",
-        "address_rewriting": "",
-        "allow_from_smtp_info": "",
-        "table_size": "",
-        "alias_domain_alias_hint": "",
-        "disable_login": "",
-        "disable_x": "",
-        "dkim_domains_selector": "",
-        "domain_templates": "",
-        "sieve_preset_3": "",
-        "sieve_preset_5": "",
-        "allowed_protocols": "",
-        "bcc": "",
-        "bcc_destination": "",
-        "bcc_destinations": "",
-        "enable_x": "",
-        "filters": "",
-        "force_pw_update": "",
-        "gal": "",
-        "goto_ham": "",
-        "open_logs": "",
-        "owner": "",
-        "private_comment": "",
-        "public_comment": "",
-        "recipient_map_new": "",
-        "recipient_map_new_info": "",
-        "running": "",
-        "sender": "",
-        "set_postfilter": "",
-        "set_prefilter": "",
-        "sieve_info": "",
-        "sieve_preset_1": "",
-        "sieve_preset_2": "",
-        "sieve_preset_6": "",
-        "sieve_preset_7": "",
-        "sieve_preset_header": "",
-        "sogo_visible": "",
-        "sogo_visible_n": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "table_size_show_n": "",
-        "templates": "",
-        "template": "",
-        "tls_map_parameters_info": "",
-        "tls_map_policy": "",
-        "tls_policy_maps": "",
-        "tls_policy_maps_enforced_tls": "",
-        "sieve_preset_4": "",
-        "alias_domain_backupmx": "",
-        "all_domains": "",
-        "tls_map_dest": "",
-        "tls_map_dest_info": "",
-        "tls_map_parameters": ""
+        "weekly": "Co tydzień"
     },
     "quarantine": {
         "action": "Działanie",
@@ -837,68 +283,10 @@
         "quarantine": "Kwarantanna",
         "quick_actions": "Szybkie działania",
         "remove": "Usuń",
-        "toggle_all": "Zaznacz wszystkie",
-        "deliver_inbox": "",
-        "disabled_by_config": "",
-        "download_eml": "",
-        "high_danger": "",
-        "neutral_danger": "",
-        "info": "",
-        "junk_folder": "",
-        "learn_spam_delete": "",
-        "low_danger": "",
-        "medium_danger": "",
-        "notified": "",
-        "rcpt": "",
-        "atts": "",
-        "check_hash": "",
-        "confirm": "",
-        "confirm_delete": "",
-        "danger": "",
-        "qhandler_success": "",
-        "qid": "",
-        "qinfo": "",
-        "quick_delete_link": "",
-        "quick_info_link": "",
-        "quick_release_link": "",
-        "received": "",
-        "recipients": "",
-        "refresh": "",
-        "rejected": "",
-        "release": "",
-        "release_body": "",
-        "rspamd_result": "",
-        "sender": "",
-        "sender_header": "",
-        "show_item": "",
-        "spam": "",
-        "spam_score": "",
-        "subj": "",
-        "table_size": "",
-        "table_size_show_n": "",
-        "text_from_html_content": "",
-        "text_plain_content": "",
-        "type": "",
-        "settings_info": "",
-        "release_subject": "",
-        "rewrite_subject": "",
-        "qitem": ""
+        "toggle_all": "Zaznacz wszystkie"
     },
     "queue": {
-        "queue_manager": "Queue Manager",
-        "hold_mail_legend": "",
-        "delete": "",
-        "flush": "",
-        "info": "",
-        "legend": "",
-        "ays": "",
-        "deliver_mail": "",
-        "deliver_mail_legend": "",
-        "hold_mail": "",
-        "show_message": "",
-        "unban": "",
-        "unhold_mail": "",
-        "unhold_mail_legend": ""
+        "queue_manager": "Queue Manager"
     },
     "start": {
         "help": "Pokaż/Ukryj panel pomocy",
@@ -934,63 +322,7 @@
         "object_modified": "Zapisano zmiany w obiekcie %s",
         "resource_added": "Dodano śródło %s",
         "resource_modified": "Zapisano zmiany w skrzynce %s",
-        "resource_removed": "Usunięto zasób %s",
-        "hash_deleted": "",
-        "template_removed": "",
-        "tls_policy_map_entry_saved": "",
-        "ui_texts": "",
-        "upload_success": "",
-        "verified_fido2_login": "",
-        "verified_webauthn_login": "",
-        "verified_totp_login": "",
-        "verified_yotp_login": "",
-        "tls_policy_map_entry_deleted": "",
-        "acl_saved": "",
-        "admin_added": "",
-        "admin_api_modified": "",
-        "admin_removed": "",
-        "app_links": "",
-        "app_passwd_added": "",
-        "app_passwd_removed": "",
-        "bcc_deleted": "",
-        "bcc_edited": "",
-        "bcc_saved": "",
-        "cors_headers_edited": "",
-        "db_init_complete": "",
-        "delete_filter": "",
-        "delete_filters": "",
-        "deleted_syncjob": "",
-        "deleted_syncjobs": "",
-        "domain_add_dkim_available": "",
-        "dkim_duplicated": "",
-        "domain_footer_modified": "",
-        "f2b_banlist_refreshed": "",
-        "ip_check_opt_in_modified": "",
-        "item_released": "",
-        "items_released": "",
-        "learned_ham": "",
-        "license_modified": "",
-        "nginx_reloaded": "",
-        "password_policy_saved": "",
-        "pushover_settings_edited": "",
-        "qlearn_spam": "",
-        "queue_command_success": "",
-        "recipient_map_entry_deleted": "",
-        "recipient_map_entry_saved": "",
-        "relayhost_added": "",
-        "relayhost_removed": "",
-        "reset_main_logo": "",
-        "rl_saved": "",
-        "rspamd_ui_pw_set": "",
-        "saved_settings": "",
-        "settings_map_added": "",
-        "settings_map_removed": "",
-        "sogo_profile_reset": "",
-        "template_added": "",
-        "template_modified": "",
-        "dovecot_restart_success": "",
-        "global_filter_written": "",
-        "logged_in_as": ""
+        "resource_removed": "Usunięto zasób %s"
     },
     "tfa": {
         "api_register": "%s używa Yubico Cloud API. Proszę pobrać klucz API dla Twojego klucza <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">here</a>",
@@ -1010,15 +342,7 @@
         "webauthn": "Uwierzytelnianie WebAuthn",
         "waiting_usb_auth": "<i>Czekam na urządzenie USB...</i><br><br>Wciśnij teraz przycisk na urządzeniu WebAuthn USB.",
         "waiting_usb_register": "<i> Czekam na urządzenie USB...</i><br><br>Wprowadź swoje  hasło powyżej i potwierdź rejestrację WebAuthn przez naciśnięcie przycisku na urządzeniu WebAuthn USB.",
-        "yubi_otp": "Uwierzytelnianie Yubico OTP",
-        "authenticators": "",
-        "init_webauthn": "",
-        "reload_retry": "",
-        "start_webauthn_validation": "",
-        "tfa_token_invalid": "",
-        "u2f_deprecated": "",
-        "u2f_deprecated_important": "",
-        "error_code": ""
+        "yubi_otp": "Uwierzytelnianie Yubico OTP"
     },
     "user": {
         "action": "Działanie",
@@ -1105,205 +429,6 @@
         "username": "Nazwa użytkownika",
         "week": "Tydzień",
         "weekly": "Co tydzień",
-        "weeks": "Tygodnie",
-        "last_ui_login": "",
-        "loading": "",
-        "spam_score_reset": "",
-        "status": "",
-        "change_password_hint_app_passwords": "",
-        "verify": "",
-        "email": "",
-        "login_history": "",
-        "mailbox": "",
-        "mailbox_general": "",
-        "mailbox_settings": "",
-        "month": "",
-        "months": "",
-        "app_name": "",
-        "apple_connection_profile": "",
-        "from": "",
-        "generate": "",
-        "pushover_sound": "",
-        "value": "",
-        "quarantine_category_info": "",
-        "running": "",
-        "pushover_sender_regex": "",
-        "pushover_text": "",
-        "pushover_title": "",
-        "pushover_vars": "",
-        "pushover_verify": "",
-        "title": "",
-        "advanced_settings": "",
-        "app_hint": "",
-        "allowed_protocols": "",
-        "apple_connection_profile_complete": "",
-        "apple_connection_profile_mailonly": "",
-        "apple_connection_profile_with_app_password": "",
-        "attribute": "",
-        "clear_recent_successful_connections": "",
-        "created_on": "",
-        "direct_protocol_access": "",
-        "email_and_dav": "",
-        "fido2_webauthn": "",
-        "last_mail_login": "",
-        "last_pw_change": "",
-        "no_last_login": "",
-        "open_logs": "",
-        "open_webmail_sso": "",
-        "password": "",
-        "password_repeat": "",
-        "pushover_evaluate_x_prio": "",
-        "pushover_info": "",
-        "pushover_only_x_prio": "",
-        "pushover_sender_array": "",
-        "q_add_header": "",
-        "q_all": "",
-        "q_reject": "",
-        "quarantine_category": "",
-        "quarantine_notification_info": "",
-        "recent_successful_connections": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "waiting": "",
-        "with_app_password": "",
-        "year": "",
-        "years": "",
-        "empty": "",
-        "save": "",
-        "sender_acl_disabled": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "expire_in": "",
-        "app_passwds": "",
-        "text": "",
-        "create_app_passwd": "",
-        "delete_ays": ""
-    },
-    "debug": {
-        "size": "",
-        "started_at": "",
-        "started_on": "",
-        "static_logs": "",
-        "show_ip": "",
-        "solr_dead": "",
-        "solr_status": "",
-        "no_update_available": "",
-        "update_failed": "",
-        "architecture": "",
-        "chart_this_server": "",
-        "container_disabled": "",
-        "log_info": "",
-        "online_users": "",
-        "restart_container": "",
-        "success": "",
-        "system_containers": "",
-        "timezone": "",
-        "uptime": "",
-        "update_available": "",
-        "username": "",
-        "wip": "",
-        "containers_info": "",
-        "container_running": "",
-        "in_memory_logs": "",
-        "jvm_memory_solr": "",
-        "last_modified": "",
-        "logs": "",
-        "memory": "",
-        "service": "",
-        "container_stopped": "",
-        "cores": "",
-        "current_time": "",
-        "disk_usage": "",
-        "docs": "",
-        "error_show_ip": "",
-        "external_logs": "",
-        "history_all_servers": "",
-        "login_time": ""
-    },
-    "oauth2": {
-        "deny": "",
-        "access_denied": "",
-        "authorize_app": "",
-        "permit": "",
-        "profile_desc": "",
-        "scope_ask_permission": "",
-        "profile": ""
-    },
-    "fido2": {
-        "confirm": "",
-        "fido2_auth": "",
-        "fido2_success": "",
-        "fido2_validation_failed": "",
-        "fn": "",
-        "known_ids": "",
-        "none": "",
-        "register_status": "",
-        "set_fido2": "",
-        "set_fido2_touchid": "",
-        "set_fn": "",
-        "start_fido2_validation": "",
-        "rename": ""
-    },
-    "warning": {
-        "quota_exceeded_scope": "",
-        "session_token": "",
-        "session_ua": "",
-        "no_active_admin": "",
-        "cannot_delete_self": "",
-        "domain_added_sogo_failed": "",
-        "dovecot_restart_failed": "",
-        "fuzzy_learn_error": "",
-        "hash_not_found": "",
-        "ip_invalid": "",
-        "is_not_primary_alias": ""
-    },
-    "datatables": {
-        "paginate": {
-            "next": "",
-            "first": "",
-            "last": "",
-            "previous": ""
-        },
-        "collapse_all": "",
-        "emptyTable": "",
-        "infoEmpty": "",
-        "infoFiltered": "",
-        "thousands": "",
-        "lengthMenu": "",
-        "loadingRecords": "",
-        "processing": "",
-        "search": "",
-        "zeroRecords": "",
-        "aria": {
-            "sortAscending": "",
-            "sortDescending": ""
-        },
-        "expand_all": "",
-        "info": "",
-        "decimal": "",
-        "infoPostFix": ""
-    },
-    "diagnostics": {
-        "dns_records_24hours": "",
-        "dns_records_data": "",
-        "dns_records_status": "",
-        "dns_records_type": "",
-        "optional": "",
-        "dns_records_docs": "",
-        "dns_records": "",
-        "cname_from_a": "",
-        "dns_records_name": ""
-    },
-    "ratelimit": {
-        "disabled": "",
-        "second": "",
-        "minute": "",
-        "hour": "",
-        "day": ""
+        "weeks": "Tygodnie"
     }
 }
diff --git a/data/web/lang/lang.pt-pt.json b/data/web/lang/lang.pt-pt.json
index 73154dac4..624acd6db 100644
--- a/data/web/lang/lang.pt-pt.json
+++ b/data/web/lang/lang.pt-pt.json
@@ -27,57 +27,7 @@
         "target_address": "Encaminhar para:",
         "target_address_info": "<small>Endereço de email completo (separado por vírgulas).</small>",
         "target_domain": "Domínio de Destino:",
-        "username": "Administrador",
-        "dry": "",
-        "enc_method": "",
-        "exclude": "",
-        "gal": "",
-        "gal_info": "",
-        "generate": "",
-        "goto_ham": "",
-        "goto_spam": "",
-        "hostname": "",
-        "inactive": "",
-        "kind": "",
-        "mailbox_quota_def": "",
-        "mins_interval": "",
-        "multiple_bookings": "",
-        "nexthop": "",
-        "post_domain_add": "",
-        "private_comment": "",
-        "public_comment": "",
-        "sieve_desc": "",
-        "sieve_type": "",
-        "skipcrossduplicates": "",
-        "subscribeall": "",
-        "syncjob": "",
-        "syncjob_hint": "",
-        "tags": "",
-        "timeout1": "",
-        "timeout2": "",
-        "validate": "",
-        "validation_success": "",
-        "activate_filter_warn": "",
-        "add_domain_only": "",
-        "add_domain_restart": "",
-        "app_name": "",
-        "app_password": "",
-        "app_passwd_protocols": "",
-        "automap": "",
-        "bcc_dest_format": "",
-        "comment_info": "",
-        "custom_params": "",
-        "custom_params_hint": "",
-        "delete1": "",
-        "delete2": "",
-        "delete2duplicates": "",
-        "destination": "",
-        "disable_login": "",
-        "domain_matches_hostname": "",
-        "goto_null": "",
-        "relay_transport_info": "",
-        "relay_unknown_only": "",
-        "relayhost_wrapped_tls_info": ""
+        "username": "Administrador"
     },
     "admin": {
         "access": "Acessos",
@@ -108,219 +58,7 @@
         "search_domain_da": "Selecione o(s) domínio(s)",
         "spamfilter": "Filtro de Spam",
         "unchanged_if_empty": "Deixar em branco para não alterar",
-        "username": "Administrador",
-        "lookup_mx": "",
-        "relayhosts": "",
-        "logo_normal_label": "",
-        "logo_dark_label": "",
-        "convert_html_to_text": "",
-        "host": "",
-        "html": "",
-        "import": "",
-        "import_private_key": "",
-        "nexthop": "",
-        "no": "",
-        "sal_level": "",
-        "copy_to_clipboard": "",
-        "cors_settings": "",
-        "customer_id": "",
-        "quarantine_notification_html": "",
-        "rspamd_settings_map": "",
-        "sender": "",
-        "credentials_transport_warning": "",
-        "customize": "",
-        "dkim_from": "",
-        "f2b_ban_time_increment": "",
-        "f2b_blacklist": "",
-        "f2b_filter": "",
-        "f2b_manage_external": "",
-        "f2b_manage_external_info": "",
-        "f2b_max_ban_time": "",
-        "f2b_netban_ipv4": "",
-        "f2b_netban_ipv6": "",
-        "f2b_parameters": "",
-        "f2b_regex_info": "",
-        "f2b_retry_window": "",
-        "f2b_whitelist": "",
-        "forwarding_hosts": "",
-        "forwarding_hosts_add_hint": "",
-        "forwarding_hosts_hint": "",
-        "from": "",
-        "generate": "",
-        "guid": "",
-        "hash_remove_info": "",
-        "help_text": "",
-        "in_use_by": "",
-        "inactive": "",
-        "include_exclude": "",
-        "include_exclude_info": "",
-        "includes": "",
-        "ip_check_opt_in": "",
-        "is_mx_based": "",
-        "last_applied": "",
-        "license_info": "",
-        "link": "",
-        "login_time": "",
-        "logo_info": "",
-        "main_name": "",
-        "merged_vars_hint": "",
-        "message_size": "",
-        "no_active_bans": "",
-        "no_new_rows": "",
-        "oauth2_apps": "",
-        "oauth2_add_client": "",
-        "oauth2_client_id": "",
-        "oauth2_client_secret": "",
-        "oauth2_info": "",
-        "oauth2_redirect_uri": "",
-        "priority": "",
-        "private_key": "",
-        "quarantine": "",
-        "quarantine_bcc": "",
-        "quarantine_exclude_domains": "",
-        "quarantine_max_age": "",
-        "quarantine_max_score": "",
-        "quarantine_max_size": "",
-        "quarantine_notification_sender": "",
-        "quarantine_notification_subject": "",
-        "quota_notification_sender": "",
-        "quota_notification_subject": "",
-        "quota_notifications": "",
-        "quota_notifications_info": "",
-        "quota_notifications_vars": "",
-        "queue_unban": "",
-        "rate_name": "",
-        "recipients": "",
-        "refresh": "",
-        "relayhosts_hint": "",
-        "remove_row": "",
-        "reset_default": "",
-        "reset_limit": "",
-        "routing": "",
-        "rsetting_add_rule": "",
-        "rsetting_content": "",
-        "rsetting_none": "",
-        "rsettings_insert_preset": "",
-        "rsettings_preset_1": "",
-        "rsettings_preset_2": "",
-        "rsettings_preset_3": "",
-        "rsettings_preset_4": "",
-        "rspamd_com_settings": "",
-        "rspamd_global_filters": "",
-        "rspamd_global_filters_agree": "",
-        "rspamd_global_filters_info": "",
-        "rspamd_global_filters_regex": "",
-        "service": "",
-        "service_id": "",
-        "source": "",
-        "subject": "",
-        "success": "",
-        "sys_mails": "",
-        "text": "",
-        "time": "",
-        "title": "",
-        "transport_dest_format": "",
-        "transport_test_rcpt_info": "",
-        "ui_header_announcement_active": "",
-        "ui_header_announcement_content": "",
-        "ui_header_announcement_help": "",
-        "ui_header_announcement_select": "",
-        "ui_header_announcement_type": "",
-        "ui_header_announcement_type_danger": "",
-        "ui_header_announcement_type_info": "",
-        "ui_header_announcement_type_warning": "",
-        "ui_texts": "",
-        "unban_pending": "",
-        "validate_license_now": "",
-        "verify": "",
-        "yes": "",
-        "api_read_write": "",
-        "f2b_list_info": "",
-        "f2b_max_attempts": "",
-        "activate_api": "",
-        "activate_send": "",
-        "active_rspamd_settings_map": "",
-        "add_admin": "",
-        "add_forwarding_host": "",
-        "add_relayhost": "",
-        "add_relayhost_hint": "",
-        "allowed_methods": "",
-        "allowed_origins": "",
-        "api_allow_from": "",
-        "api_info": "",
-        "api_read_only": "",
-        "api_skip_ip_check": "",
-        "app_links": "",
-        "app_name": "",
-        "apps_name": "",
-        "arrival_time": "",
-        "authed_user": "",
-        "ays": "",
-        "ban_list_info": "",
-        "change_logo": "",
-        "regen_api_key": "",
-        "regex_maps": "",
-        "relay_from": "",
-        "relay_rcpt": "",
-        "relay_run": "",
-        "transports_hint": "",
-        "ui_footer": "",
-        "ui_header_announcement": "",
-        "dkim_domains_wo_keys": "",
-        "ip_check": "",
-        "message": "",
-        "oauth2_renew_secret": "",
-        "oauth2_revoke_tokens": "",
-        "optional": "",
-        "options": "",
-        "password_length": "",
-        "password_policy": "",
-        "password_policy_chars": "",
-        "password_policy_length": "",
-        "password_policy_lowerupper": "",
-        "password_policy_numbers": "",
-        "password_policy_special_chars": "",
-        "title_name": "",
-        "to_top": "",
-        "transport_maps": "",
-        "upload": "",
-        "ip_check_disabled": "",
-        "duplicate_dkim": "",
-        "empty": "",
-        "excludes": "",
-        "f2b_ban_time": "",
-        "destination": "",
-        "dkim_domains_selector": "",
-        "dkim_from_title": "",
-        "dkim_key_missing": "",
-        "dkim_key_unused": "",
-        "dkim_key_valid": "",
-        "dkim_overwrite_key": "",
-        "dkim_private_key": "",
-        "dkim_to": "",
-        "dkim_to_title": "",
-        "domain_admin": "",
-        "domain_s": "",
-        "duplicate": "",
-        "guid_and_license": "",
-        "send": "",
-        "rsetting_desc": "",
-        "rsetting_no_selection": "",
-        "add_row": "",
-        "add_settings_rule": "",
-        "add_transport": "",
-        "add_transports_hint": "",
-        "additional_rows": "",
-        "admins": "",
-        "admins_ldap": "",
-        "advanced_settings": "",
-        "api_key": "",
-        "quarantine_redirect": "",
-        "quarantine_release_format": "",
-        "quarantine_release_format_att": "",
-        "quarantine_release_format_raw": "",
-        "quarantine_retention_size": "",
-        "quota_notification_html": ""
+        "username": "Administrador"
     },
     "danger": {
         "access_denied": "Acesso negado ou dados inválidos",
@@ -359,99 +97,7 @@
         "target_domain_invalid": "O endereço de Domínio Destino é inválido",
         "targetd_not_found": "Domínio de Destino não encontrado",
         "username_invalid": "Nome de utilizador inválido",
-        "validity_missing": "Você deve definir um período de validade",
-        "ip_list_empty": "",
-        "redis_error": "",
-        "targetd_relay_domain": "",
-        "unknown": "",
-        "app_passwd_id_invalid": "",
-        "tls_policy_map_entry_exists": "",
-        "img_invalid": "",
-        "demo_mode_enabled": "",
-        "description_invalid": "",
-        "webauthn_username_failed": "",
-        "bcc_empty": "",
-        "bcc_exists": "",
-        "bcc_must_be_email": "",
-        "comment_too_long": "",
-        "cors_invalid_method": "",
-        "cors_invalid_origin": "",
-        "defquota_empty": "",
-        "dkim_domain_or_sel_exists": "",
-        "domain_cannot_match_hostname": "",
-        "extended_sender_acl_denied": "",
-        "extra_acl_invalid": "",
-        "extra_acl_invalid_domain": "",
-        "fido2_verification_failed": "",
-        "file_open_error": "",
-        "filter_type": "",
-        "from_invalid": "",
-        "global_filter_write_error": "",
-        "global_map_invalid": "",
-        "global_map_write_error": "",
-        "ham_learn_error": "",
-        "imagick_exception": "",
-        "mysql_error": "",
-        "unknown_tfa_method": "",
-        "maxquota_empty": "",
-        "img_dimensions_exceeded": "",
-        "img_size_exceeded": "",
-        "img_tmp_missing": "",
-        "invalid_bcc_map_type": "",
-        "invalid_destination": "",
-        "invalid_filter_type": "",
-        "invalid_host": "",
-        "invalid_nexthop_authenticated": "",
-        "invalid_recipient_map_old": "",
-        "mailbox_defquota_exceeds_mailbox_maxquota": "",
-        "malformed_username": "",
-        "map_content_empty": "",
-        "max_alias_exceeded": "",
-        "network_host_invalid": "",
-        "next_hop_interferes": "",
-        "next_hop_interferes_any": "",
-        "nginx_reload_failed": "",
-        "no_user_defined": "",
-        "policy_list_from_exists": "",
-        "policy_list_from_invalid": "",
-        "private_key_error": "",
-        "pushover_credentials_missing": "",
-        "pushover_key": "",
-        "pushover_token": "",
-        "recipient_map_entry_exists": "",
-        "relayhost_invalid": "",
-        "reset_f2b_regex": "",
-        "resource_invalid": "",
-        "rl_timeframe": "",
-        "rspamd_ui_pw_length": "",
-        "script_empty": "",
-        "set_acl_failed": "",
-        "settings_map_invalid": "",
-        "sieve_error": "",
-        "spam_learn_error": "",
-        "subject_empty": "",
-        "template_exists": "",
-        "template_id_invalid": "",
-        "template_name_invalid": "",
-        "temp_error": "",
-        "text_empty": "",
-        "tfa_token_invalid": "",
-        "tls_policy_map_dest_invalid": "",
-        "tls_policy_map_parameter_invalid": "",
-        "totp_verification_failed": "",
-        "webauthn_verification_failed": "",
-        "webauthn_authenticator_failed": "",
-        "webauthn_publickey_failed": "",
-        "unlimited_quota_acl": "",
-        "value_missing": "",
-        "release_send_failed": "",
-        "last_key": "",
-        "app_name_empty": "",
-        "invalid_mime_type": "",
-        "invalid_nexthop": "",
-        "invalid_recipient_map_new": "",
-        "yotp_verification_failed": "",
-        "transport_dest_exists": ""
+        "validity_missing": "Você deve definir um período de validade"
     },
     "edit": {
         "active": "Ativo",
@@ -483,147 +129,25 @@
         "target_domain": "Domínio de Destino:",
         "title": "Editar dos Objetos",
         "unchanged_if_empty": "Deixar em branco para não modificar",
-        "username": "Administrador",
-        "lookup_mx": "",
-        "footer_exclude": "",
-        "generate": "",
-        "grant_types": "",
-        "hostname": "",
-        "inactive": "",
-        "kind": "",
-        "last_modified": "",
-        "mailbox_quota_def": "",
-        "mailbox_relayhost_info": "",
-        "maxage": "",
-        "maxbytespersecond": "",
-        "domain_footer_skip_replies": "",
-        "encryption": "",
-        "exclude": "",
-        "extended_sender_acl": "",
-        "sieve_desc": "",
-        "sieve_type": "",
-        "skipcrossduplicates": "",
-        "sogo_access": "",
-        "sogo_access_info": "",
-        "sogo_visible": "",
-        "custom_attributes": "",
-        "delete2": "",
-        "delete2duplicates": "",
-        "delete_ays": "",
-        "ratelimit": "",
-        "redirect_uri": "",
-        "syncjob": "",
-        "nexthop": "",
-        "domain_footer_info_vars": {
-            "from_user": "",
-            "from_name": "",
-            "from_addr": "",
-            "from_domain": "",
-            "custom": "",
-            "auth_user": ""
-        },
-        "domain_footer_plain": "",
-        "extended_sender_acl_info": "",
-        "force_pw_update": "",
-        "pushover_evaluate_x_prio": "",
-        "domain_footer": "",
-        "domain_footer_html": "",
-        "none_inherit": "",
-        "acl": "",
-        "allow_from_smtp_info": "",
-        "allowed_protocols": "",
-        "app_passwd": "",
-        "app_passwd_protocols": "",
-        "automap": "",
-        "bcc_dest_format": "",
-        "client_id": "",
-        "client_secret": "",
-        "comment_info": "",
-        "created_on": "",
-        "delete1": "",
-        "disable_login": "",
-        "domain_footer_info": "",
-        "force_pw_update_info": "",
-        "mbox_rl_info": "",
-        "mins_interval": "",
-        "multiple_bookings": "",
-        "private_comment": "",
-        "public_comment": "",
-        "pushover": "",
-        "gal": "",
-        "gal_info": "",
-        "pushover_info": "",
-        "pushover_only_x_prio": "",
-        "pushover_sender_array": "",
-        "pushover_sender_regex": "",
-        "pushover_text": "",
-        "pushover_title": "",
-        "pushover_sound": "",
-        "pushover_vars": "",
-        "pushover_verify": "",
-        "quota_warning_bcc": "",
-        "quota_warning_bcc_info": "",
-        "relay_transport_info": "",
-        "relay_unknown_only": "",
-        "relayhost": "",
-        "resource": "",
-        "scope": "",
-        "sender_acl_disabled": "",
-        "sender_acl_info": "",
-        "sogo_visible_info": "",
-        "spam_alias": "",
-        "spam_filter": "",
-        "spam_policy": "",
-        "spam_score": "",
-        "subfolder2": "",
-        "timeout1": "",
-        "timeout2": "",
-        "validate_save": "",
-        "admin": "",
-        "advanced_settings": "",
-        "allow_from_smtp": "",
-        "app_name": ""
+        "username": "Administrador"
     },
     "footer": {
-        "loading": "Aguarde...",
-        "restart_container": "",
-        "delete_these_items": "",
-        "hibp_check": "",
-        "confirm_delete": "",
-        "nothing_selected": "",
-        "restart_container_info": "",
-        "cancel": "",
-        "delete_now": "",
-        "restart_now": "",
-        "restarting_container": "",
-        "hibp_nok": "",
-        "hibp_ok": ""
+        "loading": "Aguarde..."
     },
     "header": {
         "administration": "Administração",
         "email": "E-Mail",
         "mailcow_config": "Configuração",
-        "user_settings": "Configurações do utilizador",
-        "debug": "",
-        "mailcow_system": "",
-        "quarantine": "",
-        "restart_netfilter": "",
-        "restart_sogo": "",
-        "apps": ""
+        "user_settings": "Configurações do utilizador"
     },
     "info": {
-        "no_action": "Nenhuma ação foi definida",
-        "awaiting_tfa_confirmation": "",
-        "session_expires": ""
+        "no_action": "Nenhuma ação foi definida"
     },
     "login": {
         "delayed": "Sua entrada será atrasada por %s segundos.",
         "login": "Entrar",
         "password": "Senha",
-        "username": "Utilizador",
-        "fido2_webauthn": "",
-        "mobileconfig_info": "",
-        "other_logins": ""
+        "username": "Utilizador"
     },
     "mailbox": {
         "action": "Ação",
@@ -662,212 +186,14 @@
         "target_domain": "Domínio Destino",
         "tls_enforce_in": "Forçar TLS na entrada",
         "tls_enforce_out": "Forçar TLS na saída",
-        "username": "Utilizador",
-        "disable_login": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "disable_x": "",
-        "q_add_header": "",
-        "add_tls_policy_map": "",
-        "address_rewriting": "",
-        "inactive": "",
-        "sieve_preset_header": "",
-        "sogo_visible": "",
-        "sogo_visible_n": "",
-        "sogo_visible_y": "",
-        "spam_aliases": "",
-        "stats": "",
-        "status": "",
-        "sync_jobs": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "table_size": "",
-        "yes": "",
-        "insert_preset": "",
-        "kind": "",
-        "last_mail_login": "",
-        "quarantine_notification": "",
-        "quick_actions": "",
-        "recipient": "",
-        "add_domain_record_first": "",
-        "empty": "",
-        "recipient_map": "",
-        "templates": "",
-        "template": "",
-        "weekly": "",
-        "public_comment": "",
-        "filters": "",
-        "force_pw_update": "",
-        "gal": "",
-        "recipient_map_new_info": "",
-        "recipient_map_old": "",
-        "recipient_map_old_info": "",
-        "relay_unknown": "",
-        "activate": "",
-        "add_alias_expand": "",
-        "add_filter": "",
-        "add_recipient_map_entry": "",
-        "add_resource": "",
-        "add_template": "",
-        "alias_domain_alias_hint": "",
-        "alias_domain_backupmx": "",
-        "all_domains": "",
-        "allow_from_smtp": "",
-        "allowed_protocols": "",
-        "bcc": "",
-        "bcc_destination": "",
-        "bcc_info": "",
-        "bcc_map": "",
-        "bcc_map_type": "",
-        "bcc_maps": "",
-        "bcc_rcpt_map": "",
-        "bcc_sender_map": "",
-        "bcc_to_rcpt": "",
-        "bcc_to_sender": "",
-        "bcc_type": "",
-        "booking_null": "",
-        "booking_0_short": "",
-        "booking_custom": "",
-        "booking_custom_short": "",
-        "booking_ltnull": "",
-        "booking_lt0_short": "",
-        "catch_all": "",
-        "created_on": "",
-        "daily": "",
-        "deactivate": "",
-        "dkim_domains_selector": "",
-        "domain_templates": "",
-        "enable_x": "",
-        "excludes": "",
-        "goto_ham": "",
-        "goto_spam": "",
-        "hourly": "",
-        "last_modified": "",
-        "last_pw_change": "",
-        "last_run": "",
-        "last_run_reset": "",
-        "mailbox": "",
-        "mailbox_defaults": "",
-        "mailbox_defaults_info": "",
-        "mailbox_defquota": "",
-        "mailbox_templates": "",
-        "mins_interval": "",
-        "multiple_bookings": "",
-        "never": "",
-        "no": "",
-        "open_logs": "",
-        "owner": "",
-        "private_comment": "",
-        "q_all": "",
-        "q_reject": "",
-        "quarantine_category": "",
-        "recipient_map_info": "",
-        "recipient_map_new": "",
-        "running": "",
-        "sender": "",
-        "set_postfilter": "",
-        "set_prefilter": "",
-        "sieve_info": "",
-        "sieve_preset_1": "",
-        "sieve_preset_2": "",
-        "sieve_preset_3": "",
-        "sieve_preset_4": "",
-        "sieve_preset_5": "",
-        "sieve_preset_6": "",
-        "sieve_preset_7": "",
-        "sieve_preset_8": "",
-        "table_size_show_n": "",
-        "tls_map_dest": "",
-        "tls_map_dest_info": "",
-        "tls_map_parameters": "",
-        "tls_map_parameters_info": "",
-        "tls_map_policy": "",
-        "tls_policy_maps": "",
-        "tls_policy_maps_enforced_tls": "",
-        "tls_policy_maps_info": "",
-        "tls_policy_maps_long": "",
-        "toggle_all": "",
-        "waiting": "",
-        "resources": "",
-        "bcc_local_dest": "",
-        "recipient_maps": "",
-        "add_bcc_entry": "",
-        "allow_from_smtp_info": "",
-        "bcc_destinations": ""
+        "username": "Utilizador"
     },
     "quarantine": {
         "action": "Ação",
-        "remove": "Remover",
-        "empty": "",
-        "high_danger": "",
-        "medium_danger": "",
-        "danger": "",
-        "info": "",
-        "junk_folder": "",
-        "qinfo": "",
-        "qitem": "",
-        "quarantine": "",
-        "quick_actions": "",
-        "quick_delete_link": "",
-        "quick_info_link": "",
-        "quick_release_link": "",
-        "received": "",
-        "recipients": "",
-        "refresh": "",
-        "spam": "",
-        "atts": "",
-        "learn_spam_delete": "",
-        "check_hash": "",
-        "confirm": "",
-        "confirm_delete": "",
-        "deliver_inbox": "",
-        "disabled_by_config": "",
-        "download_eml": "",
-        "low_danger": "",
-        "neutral_danger": "",
-        "notified": "",
-        "qhandler_success": "",
-        "qid": "",
-        "rcpt": "",
-        "rejected": "",
-        "release": "",
-        "release_body": "",
-        "release_subject": "",
-        "rewrite_subject": "",
-        "rspamd_result": "",
-        "sender": "",
-        "sender_header": "",
-        "settings_info": "",
-        "show_item": "",
-        "spam_score": "",
-        "subj": "",
-        "table_size_show_n": "",
-        "text_from_html_content": "",
-        "text_plain_content": "",
-        "toggle_all": "",
-        "type": "",
-        "table_size": ""
+        "remove": "Remover"
     },
     "queue": {
-        "queue_manager": "Queue Manager",
-        "delete": "",
-        "flush": "",
-        "info": "",
-        "legend": "",
-        "ays": "",
-        "deliver_mail": "",
-        "deliver_mail_legend": "",
-        "hold_mail": "",
-        "hold_mail_legend": "",
-        "show_message": "",
-        "unban": "",
-        "unhold_mail": "",
-        "unhold_mail_legend": ""
+        "queue_manager": "Queue Manager"
     },
     "start": {
         "help": "Mostrar/Ocultar painel de ajuda",
@@ -894,72 +220,7 @@
         "mailbox_added": "Conta %s adicionada com sucesso",
         "mailbox_modified": "A conta %s foi alterada com sucesso",
         "mailbox_removed": "Conta %s removida com sucesso",
-        "resource_modified": "A conta %s foi alterada com sucesso",
-        "forwarding_host_added": "",
-        "upload_success": "",
-        "verified_totp_login": "",
-        "verified_webauthn_login": "",
-        "verified_yotp_login": "",
-        "verified_fido2_login": "",
-        "nginx_reloaded": "",
-        "hash_deleted": "",
-        "object_modified": "",
-        "password_policy_saved": "",
-        "pushover_settings_edited": "",
-        "qlearn_spam": "",
-        "queue_command_success": "",
-        "recipient_map_entry_deleted": "",
-        "recipient_map_entry_saved": "",
-        "relayhost_added": "",
-        "relayhost_removed": "",
-        "tls_policy_map_entry_saved": "",
-        "ui_texts": "",
-        "delete_filter": "",
-        "acl_saved": "",
-        "admin_added": "",
-        "admin_api_modified": "",
-        "admin_removed": "",
-        "app_links": "",
-        "app_passwd_added": "",
-        "app_passwd_removed": "",
-        "bcc_deleted": "",
-        "bcc_edited": "",
-        "bcc_saved": "",
-        "cors_headers_edited": "",
-        "db_init_complete": "",
-        "delete_filters": "",
-        "deleted_syncjob": "",
-        "deleted_syncjobs": "",
-        "domain_add_dkim_available": "",
-        "dkim_duplicated": "",
-        "domain_footer_modified": "",
-        "dovecot_restart_success": "",
-        "eas_reset": "",
-        "f2b_banlist_refreshed": "",
-        "f2b_modified": "",
-        "forwarding_host_removed": "",
-        "global_filter_written": "",
-        "ip_check_opt_in_modified": "",
-        "item_deleted": "",
-        "item_released": "",
-        "items_deleted": "",
-        "items_released": "",
-        "learned_ham": "",
-        "license_modified": "",
-        "logged_in_as": "",
-        "reset_main_logo": "",
-        "resource_added": "",
-        "resource_removed": "",
-        "rl_saved": "",
-        "rspamd_ui_pw_set": "",
-        "saved_settings": "",
-        "settings_map_added": "",
-        "sogo_profile_reset": "",
-        "template_added": "",
-        "template_modified": "",
-        "template_removed": "",
-        "tls_policy_map_entry_deleted": "",
-        "settings_map_removed": ""
+        "resource_modified": "A conta %s foi alterada com sucesso"
     },
     "user": {
         "action": "Ação",
@@ -1009,301 +270,6 @@
         "user_settings": "Configurações do utilizador",
         "username": "Administrador",
         "week": "Semana",
-        "weeks": "Semanas",
-        "clear_recent_successful_connections": "",
-        "created_on": "",
-        "q_add_header": "",
-        "q_all": "",
-        "change_password_hint_app_passwords": "",
-        "password_repeat": "",
-        "pushover_evaluate_x_prio": "",
-        "tag_in_subject": "",
-        "app_name": "",
-        "years": "",
-        "value": "",
-        "encryption": "",
-        "excludes": "",
-        "expire_in": "",
-        "fido2_webauthn": "",
-        "from": "",
-        "generate": "",
-        "hourly": "",
-        "direct_aliases": "",
-        "email_and_dav": "",
-        "attribute": "",
-        "app_hint": "",
-        "direct_aliases_desc": "",
-        "direct_protocol_access": "",
-        "eas_reset": "",
-        "eas_reset_help": "",
-        "eas_reset_now": "",
-        "email": "",
-        "empty": "",
-        "in_use": "",
-        "interval": "",
-        "is_catch_all": "",
-        "last_mail_login": "",
-        "last_pw_change": "",
-        "open_logs": "",
-        "open_webmail_sso": "",
-        "password": "",
-        "active_sieve": "",
-        "advanced_settings": "",
-        "aliases_also_send_as": "",
-        "allowed_protocols": "",
-        "apple_connection_profile": "",
-        "apple_connection_profile_complete": "",
-        "apple_connection_profile_mailonly": "",
-        "apple_connection_profile_with_app_password": "",
-        "client_configuration": "",
-        "create_app_passwd": "",
-        "create_syncjob": "",
-        "daily": "",
-        "delete_ays": "",
-        "force_pw_update": "",
-        "last_run": "",
-        "last_ui_login": "",
-        "loading": "",
-        "login_history": "",
-        "mailbox": "",
-        "mailbox_general": "",
-        "mailbox_settings": "",
-        "messages": "",
-        "month": "",
-        "months": "",
-        "never": "",
-        "no_active_filter": "",
-        "no_last_login": "",
-        "pushover_info": "",
-        "pushover_only_x_prio": "",
-        "pushover_sender_array": "",
-        "pushover_sender_regex": "",
-        "pushover_text": "",
-        "pushover_title": "",
-        "pushover_sound": "",
-        "pushover_vars": "",
-        "pushover_verify": "",
-        "q_reject": "",
-        "quarantine_category": "",
-        "quarantine_category_info": "",
-        "quarantine_notification": "",
-        "quarantine_notification_info": "",
-        "recent_successful_connections": "",
-        "running": "",
-        "save": "",
-        "sender_acl_disabled": "",
-        "shared_aliases": "",
-        "shared_aliases_desc": "",
-        "show_sieve_filters": "",
-        "sogo_profile_reset": "",
-        "sogo_profile_reset_help": "",
-        "sogo_profile_reset_now": "",
-        "spam_score_reset": "",
-        "spamfilter_table_domain_policy": "",
-        "status": "",
-        "sync_jobs": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "tag_handling": "",
-        "tag_help_example": "",
-        "tag_help_explain": "",
-        "tag_in_none": "",
-        "tag_in_subfolder": "",
-        "text": "",
-        "title": "",
-        "verify": "",
-        "waiting": "",
-        "weekly": "",
-        "with_app_password": "",
-        "year": "",
-        "app_passwds": ""
-    },
-    "datatables": {
-        "decimal": "",
-        "infoPostFix": "",
-        "paginate": {
-            "first": "",
-            "last": "",
-            "next": "",
-            "previous": ""
-        },
-        "aria": {
-            "sortAscending": "",
-            "sortDescending": ""
-        },
-        "thousands": "",
-        "loadingRecords": "",
-        "processing": "",
-        "search": "",
-        "collapse_all": "",
-        "emptyTable": "",
-        "expand_all": "",
-        "info": "",
-        "infoEmpty": "",
-        "infoFiltered": "",
-        "lengthMenu": "",
-        "zeroRecords": ""
-    },
-    "debug": {
-        "external_logs": "",
-        "current_time": "",
-        "architecture": "",
-        "cores": "",
-        "chart_this_server": "",
-        "containers_info": "",
-        "container_running": "",
-        "container_disabled": "",
-        "container_stopped": "",
-        "disk_usage": "",
-        "docs": "",
-        "error_show_ip": "",
-        "history_all_servers": "",
-        "timezone": "",
-        "uptime": "",
-        "wip": "",
-        "in_memory_logs": "",
-        "jvm_memory_solr": "",
-        "last_modified": "",
-        "log_info": "",
-        "login_time": "",
-        "logs": "",
-        "memory": "",
-        "online_users": "",
-        "restart_container": "",
-        "service": "",
-        "show_ip": "",
-        "size": "",
-        "solr_dead": "",
-        "solr_status": "",
-        "started_at": "",
-        "started_on": "",
-        "static_logs": "",
-        "success": "",
-        "system_containers": "",
-        "update_available": "",
-        "no_update_available": "",
-        "update_failed": "",
-        "username": ""
-    },
-    "oauth2": {
-        "deny": "",
-        "permit": "",
-        "profile": "",
-        "profile_desc": "",
-        "access_denied": "",
-        "authorize_app": "",
-        "scope_ask_permission": ""
-    },
-    "warning": {
-        "session_ua": "",
-        "ip_invalid": "",
-        "is_not_primary_alias": "",
-        "cannot_delete_self": "",
-        "domain_added_sogo_failed": "",
-        "dovecot_restart_failed": "",
-        "fuzzy_learn_error": "",
-        "hash_not_found": "",
-        "no_active_admin": "",
-        "quota_exceeded_scope": "",
-        "session_token": ""
-    },
-    "tfa": {
-        "webauthn": "",
-        "authenticators": "",
-        "api_register": "",
-        "confirm": "",
-        "confirm_totp_token": "",
-        "delete_tfa": "",
-        "disable_tfa": "",
-        "enter_qr_code": "",
-        "error_code": "",
-        "init_webauthn": "",
-        "key_id": "",
-        "key_id_totp": "",
-        "none": "",
-        "reload_retry": "",
-        "scan_qr_code": "",
-        "select": "",
-        "waiting_usb_auth": "",
-        "yubi_otp": "",
-        "set_tfa": "",
-        "start_webauthn_validation": "",
-        "tfa": "",
-        "tfa_token_invalid": "",
-        "totp": "",
-        "u2f_deprecated": "",
-        "u2f_deprecated_important": "",
-        "waiting_usb_register": ""
-    },
-    "fido2": {
-        "fido2_success": "",
-        "fido2_validation_failed": "",
-        "start_fido2_validation": "",
-        "confirm": "",
-        "fido2_auth": "",
-        "fn": "",
-        "register_status": "",
-        "rename": "",
-        "set_fido2": "",
-        "set_fido2_touchid": "",
-        "set_fn": "",
-        "known_ids": "",
-        "none": ""
-    },
-    "diagnostics": {
-        "optional": "",
-        "dns_records_24hours": "",
-        "dns_records_data": "",
-        "dns_records_name": "",
-        "dns_records_status": "",
-        "dns_records_type": "",
-        "dns_records_docs": "",
-        "cname_from_a": "",
-        "dns_records": ""
-    },
-    "ratelimit": {
-        "disabled": "",
-        "second": "",
-        "minute": "",
-        "hour": "",
-        "day": ""
-    },
-    "acl": {
-        "syncjobs": "",
-        "delimiter_action": "",
-        "domain_desc": "",
-        "domain_relayhost": "",
-        "eas_reset": "",
-        "extend_sender_acl": "",
-        "login_as": "",
-        "mailbox_relayhost": "",
-        "prohibited": "",
-        "protocol_access": "",
-        "pushover": "",
-        "quarantine": "",
-        "quarantine_attachments": "",
-        "quarantine_category": "",
-        "quarantine_notification": "",
-        "recipient_maps": "",
-        "smtp_ip_access": "",
-        "sogo_access": "",
-        "sogo_profile_reset": "",
-        "spam_alias": "",
-        "spam_policy": "",
-        "spam_score": "",
-        "tls_policy": "",
-        "unlimited_quota": "",
-        "ratelimit": "",
-        "alias_domains": "",
-        "app_passwds": "",
-        "bcc_maps": "",
-        "filters": ""
+        "weeks": "Semanas"
     }
 }
diff --git a/data/web/lang/lang.ro-ro.json b/data/web/lang/lang.ro-ro.json
index 6a7eafa0d..90c96c218 100644
--- a/data/web/lang/lang.ro-ro.json
+++ b/data/web/lang/lang.ro-ro.json
@@ -107,8 +107,7 @@
         "username": "Nume de utilizator",
         "validate": "Validează",
         "validation_success": "Validat cu succes",
-        "tags": "Etichete",
-        "dry": ""
+        "tags": "Etichete"
     },
     "admin": {
         "access": "Acces",
@@ -344,14 +343,7 @@
         "ip_check_disabled": "Verificarea IP este dezactivată. Puteţi activa la<br> <strong>Sistem > Configuraţie > Opţiuni > Personalizează</strong>",
         "ip_check_opt_in": "Alegeţi să folosiţi servicile <strong>ipv4.mailcow.email</strong> şi <strong>ipv6.mailcow.email</strong> să rezolvaţi addrese IP externale.",
         "options": "Opţiuni",
-        "queue_unban": "retractează interzicere",
-        "logo_normal_label": "",
-        "logo_dark_label": "",
-        "allowed_methods": "",
-        "copy_to_clipboard": "",
-        "f2b_manage_external": "",
-        "f2b_manage_external_info": "",
-        "allowed_origins": ""
+        "queue_unban": "retractează interzicere"
     },
     "danger": {
         "access_denied": "Accesul a fost respins sau datele formularului sunt invalide",
@@ -479,10 +471,7 @@
         "extended_sender_acl_denied": "lipseşte ACL pentru setarea adrese externe",
         "template_exists": "Şablon %s deja există",
         "template_id_invalid": "Şablon ID %s este invalid",
-        "template_name_invalid": "Nume de şablon este invalid",
-        "cors_invalid_origin": "",
-        "img_dimensions_exceeded": "",
-        "img_size_exceeded": ""
+        "template_name_invalid": "Nume de şablon este invalid"
     },
     "debug": {
         "chart_this_server": "Grafic (acest server)",
@@ -509,21 +498,7 @@
         "success": "Succes",
         "system_containers": "Sistem și Containere",
         "uptime": "Timp de funcționare",
-        "username": "Utilizator",
-        "architecture": "",
-        "container_running": "",
-        "show_ip": "",
-        "wip": "",
-        "error_show_ip": "",
-        "memory": "",
-        "timezone": "",
-        "update_available": "",
-        "no_update_available": "",
-        "update_failed": "",
-        "container_disabled": "",
-        "container_stopped": "",
-        "cores": "",
-        "current_time": ""
+        "username": "Utilizator"
     },
     "diagnostics": {
         "cname_from_a": "Valoare derivată din înregistrarea A/AAAA. Acest lucru este acceptat atâta timp cât înregistrarea indică resursele corecte.",
@@ -649,23 +624,7 @@
         "title": "Editează obiectul",
         "unchanged_if_empty": "Dacă rămâne neschimbat se lasă necompletat",
         "username": "Nume de utilizator",
-        "validate_save": "Validează și salvează",
-        "footer_exclude": "",
-        "domain_footer_skip_replies": "",
-        "custom_attributes": "",
-        "domain_footer_info_vars": {
-            "custom": "",
-            "auth_user": "",
-            "from_user": "",
-            "from_name": "",
-            "from_addr": "",
-            "from_domain": ""
-        },
-        "domain_footer": "",
-        "domain_footer_html": "",
-        "domain_footer_info": "",
-        "domain_footer_plain": "",
-        "pushover_sound": ""
+        "validate_save": "Validează și salvează"
     },
     "fido2": {
         "set_fn": "Setați un nume prietenos",
@@ -706,8 +665,7 @@
         "quarantine": "Carantină",
         "restart_netfilter": "Repornire netfilter",
         "restart_sogo": "Repornire SOGo",
-        "user_settings": "Setări utilizator",
-        "mailcow_system": ""
+        "user_settings": "Setări utilizator"
     },
     "info": {
         "awaiting_tfa_confirmation": "În așteptarea confirmării TFA",
@@ -890,13 +848,7 @@
         "username": "Nume de utilizator",
         "waiting": "Aşteptare",
         "weekly": "Săptămânal",
-        "yes": "&#10003;",
-        "mailbox_templates": "",
-        "template": "",
-        "templates": "",
-        "add_template": "",
-        "domain_templates": "",
-        "relay_unknown": ""
+        "yes": "&#10003;"
     },
     "oauth2": {
         "access_denied": "Conectează-te ca proprietar al cutiei poștale pentru a acorda acces prin OAuth2.",
@@ -961,20 +913,7 @@
         "toggle_all": "Comută toate"
     },
     "queue": {
-        "queue_manager": "Manager de coadă",
-        "deliver_mail_legend": "",
-        "hold_mail": "",
-        "hold_mail_legend": "",
-        "show_message": "",
-        "unban": "",
-        "unhold_mail": "",
-        "unhold_mail_legend": "",
-        "delete": "",
-        "flush": "",
-        "ays": "",
-        "deliver_mail": "",
-        "info": "",
-        "legend": ""
+        "queue_manager": "Manager de coadă"
     },
     "ratelimit": {
         "disabled": "Dezactivat",
@@ -1066,14 +1005,7 @@
         "verified_webauthn_login": "Autentificarea WebAuthn verificată",
         "verified_fido2_login": "Conectare FIDO2 verificată",
         "verified_yotp_login": "Autentificarea Yubico OTP verificată",
-        "domain_add_dkim_available": "O cheie DKIM deja a existat",
-        "domain_footer_modified": "",
-        "f2b_banlist_refreshed": "",
-        "ip_check_opt_in_modified": "",
-        "cors_headers_edited": "",
-        "template_added": "",
-        "template_modified": "",
-        "template_removed": ""
+        "domain_add_dkim_available": "O cheie DKIM deja a existat"
     },
     "tfa": {
         "api_register": "%s utilizează API-ul Yubico Cloud. Obțineți o cheie API pentru cheia dvs. de <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">aici</a>",
@@ -1098,10 +1030,7 @@
         "webauthn": "Autentificare WebAuthn",
         "waiting_usb_auth": "<i>În așteptarea dispozitivului USB...</i><br><br>Apasă acum butonul de pe dispozitivul tău USB WebAuthn.",
         "waiting_usb_register": "<i>În așteptarea dispozitivului USB...</i><br><br>Introdu parola ta mai sus și confirmă înregistrarea ta WebAuthn atingând butonul de pe dispozitivul tău USB WebAuthn.",
-        "yubi_otp": "Autentificare Yubico OTP",
-        "authenticators": "",
-        "u2f_deprecated_important": "",
-        "u2f_deprecated": ""
+        "yubi_otp": "Autentificare Yubico OTP"
     },
     "user": {
         "action": "Acțiune",
@@ -1262,10 +1191,7 @@
         "weeks": "săptămâni",
         "with_app_password": "cu parola aplicație",
         "year": "an",
-        "years": "ani",
-        "attribute": "",
-        "pushover_sound": "",
-        "value": ""
+        "years": "ani"
     },
     "warning": {
         "cannot_delete_self": "Nu se poate șterge utilizatorul conectat",
@@ -1282,28 +1208,6 @@
     },
     "datatables": {
         "expand_all": "Expandează tot",
-        "decimal": ",",
-        "infoPostFix": "",
-        "emptyTable": "",
-        "thousands": "",
-        "info": "",
-        "infoEmpty": "",
-        "infoFiltered": "",
-        "lengthMenu": "",
-        "loadingRecords": "",
-        "processing": "",
-        "search": "",
-        "zeroRecords": "",
-        "paginate": {
-            "first": "",
-            "last": "",
-            "next": "",
-            "previous": ""
-        },
-        "aria": {
-            "sortAscending": "",
-            "sortDescending": ""
-        },
-        "collapse_all": ""
+        "decimal": ","
     }
 }
diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index 9fa442e80..db52dceda 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -348,10 +348,7 @@
         "ip_check_opt_in": "Согласие на использование сторонних служб <strong>ipv4.mailcow.email</strong> и <strong>ipv6.mailcow.email</strong> для разрешения внешних IP-адресов.",
         "f2b_manage_external": "Внешнее управление Fail2Ban",
         "f2b_manage_external_info": "Fail2ban по-прежнему будет вести банлист, но не будет активно устанавливать правила для блокировки трафика. Используйте сгенерированный ниже банлист для внешнего блокирования трафика.",
-        "copy_to_clipboard": "Текст скопирован в буфер обмена!",
-        "logo_normal_label": "",
-        "logo_dark_label": "",
-        "options": ""
+        "copy_to_clipboard": "Текст скопирован в буфер обмена!"
     },
     "danger": {
         "access_denied": "Доступ запрещён, или указаны неверные данные",
@@ -473,16 +470,7 @@
         "yotp_verification_failed": "Ошибка валидации Yubico OTP: %s",
         "cors_invalid_method": "Указан недопустимый метод разрешения",
         "demo_mode_enabled": "Демонстрационный режим включен",
-        "cors_invalid_origin": "Указан неверный Allow-Origin",
-        "webauthn_authenticator_failed": "",
-        "img_dimensions_exceeded": "",
-        "img_size_exceeded": "",
-        "webauthn_publickey_failed": "",
-        "webauthn_username_failed": "",
-        "extended_sender_acl_denied": "",
-        "template_exists": "",
-        "template_id_invalid": "",
-        "template_name_invalid": ""
+        "cors_invalid_origin": "Указан неверный Allow-Origin"
     },
     "debug": {
         "chart_this_server": "Диаграмма (текущий сервер)",
@@ -509,21 +497,7 @@
         "success": "Успех",
         "system_containers": "Система и контейнеры",
         "uptime": "Время работы",
-        "username": "Имя пользователя",
-        "wip": "",
-        "architecture": "",
-        "container_running": "",
-        "container_disabled": "",
-        "container_stopped": "",
-        "cores": "",
-        "current_time": "",
-        "error_show_ip": "",
-        "memory": "",
-        "show_ip": "",
-        "timezone": "",
-        "update_available": "",
-        "no_update_available": "",
-        "update_failed": ""
+        "username": "Имя пользователя"
     },
     "diagnostics": {
         "cname_from_a": "Значение, полученное из записи A/AAAA. Это поддерживается до тех пор, пока запись указывает на правильный ресурс.",
@@ -662,10 +636,7 @@
         "domain_footer": "Нижний колонтитул домена",
         "domain_footer_html": "HTML нижний колонтитул",
         "domain_footer_plain": "ПРОСТОЙ нижний колонтитул",
-        "custom_attributes": "Пользовательские атрибуты",
-        "domain_footer_skip_replies": "",
-        "pushover_sound": "",
-        "sogo_access": ""
+        "custom_attributes": "Пользовательские атрибуты"
     },
     "fido2": {
         "confirm": "Подтвердить",
@@ -706,8 +677,7 @@
         "quarantine": "Карантин",
         "restart_netfilter": "Перезапустить netfilter",
         "restart_sogo": "Перезапустить SOGo",
-        "user_settings": "Настройки пользователя",
-        "mailcow_system": ""
+        "user_settings": "Настройки пользователя"
     },
     "info": {
         "awaiting_tfa_confirmation": "В ожидании подтверждения TFA",
@@ -890,13 +860,7 @@
         "username": "Имя пользователя",
         "waiting": "В ожидании",
         "weekly": "Раз в неделю",
-        "yes": "&#10003;",
-        "domain_templates": "",
-        "add_template": "",
-        "mailbox_templates": "",
-        "relay_unknown": "",
-        "templates": "",
-        "template": ""
+        "yes": "&#10003;"
     },
     "oauth2": {
         "access_denied": "Пожалуйста, войдите в систему как владелец почтового аккаунта, чтобы получить доступ через OAuth2.",
@@ -961,20 +925,7 @@
         "type": "Тип"
     },
     "queue": {
-        "queue_manager": "Очередь на отправку",
-        "delete": "",
-        "info": "",
-        "unhold_mail_legend": "",
-        "flush": "",
-        "legend": "",
-        "ays": "",
-        "deliver_mail": "",
-        "deliver_mail_legend": "",
-        "hold_mail": "",
-        "hold_mail_legend": "",
-        "show_message": "",
-        "unban": "",
-        "unhold_mail": ""
+        "queue_manager": "Очередь на отправку"
     },
     "ratelimit": {
         "disabled": "Отключен",
@@ -1068,12 +1019,7 @@
         "verified_yotp_login": "Авторизация Yubico OTP пройдена",
         "cors_headers_edited": "Настройки CORS сохранены",
         "domain_footer_modified": "Изменения в нижнем колонтитуле домена %s сохранены",
-        "f2b_banlist_refreshed": "Идентификатор банлиста был успешно обновлен.",
-        "domain_add_dkim_available": "",
-        "ip_check_opt_in_modified": "",
-        "template_added": "",
-        "template_modified": "",
-        "template_removed": ""
+        "f2b_banlist_refreshed": "Идентификатор банлиста был успешно обновлен."
     },
     "tfa": {
         "api_register": "%s использует Yubico Cloud API. Пожалуйста, получите ключ API для вашего ключа <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">здесь</a>",
@@ -1099,9 +1045,7 @@
         "waiting_usb_auth": "<i>Ожидание устройства USB...</i><br><br>Пожалуйста, нажмите кнопку на USB устройстве сейчас.",
         "waiting_usb_register": "<i>Ожидание устройства USB...</i><br><br>Пожалуйста, введите пароль выше и подтвердите регистрацию, нажав кнопку на USB устройстве.",
         "yubi_otp": "Yubico OTP аутентификация",
-        "u2f_deprecated": "Похоже, что ваш ключ был зарегистрирован с использованием устаревшего метода U2F. Мы деактивируем для вас двухфакторную аутентификацию и удалим ваш ключ.",
-        "authenticators": "",
-        "u2f_deprecated_important": ""
+        "u2f_deprecated": "Похоже, что ваш ключ был зарегистрирован с использованием устаревшего метода U2F. Мы деактивируем для вас двухфакторную аутентификацию и удалим ваш ключ."
     },
     "user": {
         "action": "Действия",
@@ -1264,8 +1208,7 @@
         "with_app_password": "с паролем приложения",
         "change_password_hint_app_passwords": "В вашей учетной записи есть {{number_of_app_passwords}} паролей приложений, которые не будут изменены. Чтобы управлять ими, перейдите на вкладку \"Пароли приложений\".",
         "attribute": "Атрибут",
-        "value": "Значение",
-        "pushover_sound": ""
+        "value": "Значение"
     },
     "warning": {
         "cannot_delete_self": "Вы не можете удалить сами себя",
@@ -1283,27 +1226,6 @@
     "datatables": {
         "collapse_all": "Свернуть все",
         "expand_all": "Развернуть все",
-        "infoPostFix": "",
-        "decimal": "",
-        "thousands": "",
-        "lengthMenu": "",
-        "loadingRecords": "",
-        "processing": "",
-        "search": "",
-        "zeroRecords": "",
-        "paginate": {
-            "last": "",
-            "first": "",
-            "next": "",
-            "previous": ""
-        },
-        "aria": {
-            "sortAscending": "",
-            "sortDescending": ""
-        },
-        "emptyTable": "",
-        "info": "",
-        "infoEmpty": "",
-        "infoFiltered": ""
+        "infoPostFix": ""
     }
 }
diff --git a/data/web/lang/lang.si-si.json b/data/web/lang/lang.si-si.json
index 66346925b..3a424631d 100644
--- a/data/web/lang/lang.si-si.json
+++ b/data/web/lang/lang.si-si.json
@@ -107,8 +107,7 @@
         "post_domain_add": "SOGo container \"sogo-mailcow\" mora biti ponovno zagnan po dodajanju nove domene!<br><br>Dodatno se mora preveriti DNS konfiguracija domene. Ko je DNS konfiguracija domene odobrena, ponovno zaženite \"acme-mailcow\" za samodejno generiranje certifikatov za novo domeno (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;).<br>Ta korak je opcijski in se ponovno poskuša vsakih 24 ur.",
         "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Info</div> Definirate lahko preslikave transportov za cilj po meri za to domeno. Če ni nastavljena, se ustvari MX poizvedba.",
         "syncjob_hint": "Pozor! Gesla se morajo shraniti v plain-text!",
-        "timeout2": "Časovna omejitev za povezavo do lokalnega gostitelja",
-        "dry": ""
+        "timeout2": "Časovna omejitev za povezavo do lokalnega gostitelja"
     },
     "admin": {
         "access": "Dostop",
@@ -348,10 +347,7 @@
         "logo_dark_label": "Za temni način",
         "cors_settings": "Nastavitve CORS",
         "allowed_methods": "Dovoljene metode za upravljanje dostopa",
-        "allowed_origins": "Upravljanje-dostopa-Dovoljeni-Viri",
-        "copy_to_clipboard": "",
-        "f2b_manage_external": "",
-        "f2b_manage_external_info": ""
+        "allowed_origins": "Upravljanje-dostopa-Dovoljeni-Viri"
     },
     "danger": {
         "alias_goto_identical": "Alias in goto naslov morata biti identična",
@@ -480,9 +476,7 @@
         "temp_error": "Začasna napaka",
         "cors_invalid_method": "Navedena neveljavna Allow metoda",
         "cors_invalid_origin": "Naveden neveljaven Allow-Origin",
-        "invalid_recipient_map_new": "Naveden neveljaven nov prejemnik: %s",
-        "img_dimensions_exceeded": "",
-        "img_size_exceeded": ""
+        "invalid_recipient_map_new": "Naveden neveljaven nov prejemnik: %s"
     },
     "debug": {
         "containers_info": "Informacije o vsebniku (containerju)",
@@ -517,13 +511,7 @@
         "no_update_available": "Sistem je na najnovejši verziji",
         "update_failed": "Ni mogoče preveriti za posodobitve",
         "username": "Uporabniško ime",
-        "wip": "Trenutno v delu",
-        "log_info": "",
-        "login_time": "",
-        "logs": "",
-        "memory": "",
-        "online_users": "",
-        "restart_container": ""
+        "wip": "Trenutno v delu"
     },
     "datatables": {
         "infoFiltered": "(filtrirano od _MAX_ skupaj zapisov)",
@@ -548,8 +536,7 @@
         "aria": {
             "sortAscending": ": aktivirajte za razvrstitev stolpca naraščajoče",
             "sortDescending": ": aktivirajte za razvrstitev stolpca padajoče"
-        },
-        "infoPostFix": ""
+        }
     },
     "diagnostics": {
         "cname_from_a": "Vrednost pridobljena iz A/AAAA zapisa. To je podprto, če zapis kaže na pravilen resurs.",
@@ -564,746 +551,6 @@
     },
     "edit": {
         "acl": "ACL (Dovoljenje)",
-        "active": "Aktivno",
-        "maxbytespersecond": "",
-        "footer_exclude": "",
-        "gal_info": "",
-        "inactive": "",
-        "kind": "",
-        "last_modified": "",
-        "lookup_mx": "",
-        "mailbox": "",
-        "mailbox_quota_def": "",
-        "mailbox_relayhost_info": "",
-        "maxage": "",
-        "mins_interval": "",
-        "domain_quota": "",
-        "spam_alias": "",
-        "gal": "",
-        "domain_footer_skip_replies": "",
-        "domains": "",
-        "dont_check_sender_acl": "",
-        "full_name": "",
-        "edit_alias_domain": "",
-        "encryption": "",
-        "exclude": "",
-        "extended_sender_acl": "",
-        "pushover_evaluate_x_prio": "",
-        "pushover_info": "",
-        "pushover": "",
-        "pushover_only_x_prio": "",
-        "pushover_sender_array": "",
-        "spam_filter": "",
-        "skipcrossduplicates": "",
-        "sogo_access": "",
-        "sogo_access_info": "",
-        "sogo_visible": "",
-        "sogo_visible_info": "",
-        "spam_policy": "",
-        "spam_score": "",
-        "subfolder2": "",
-        "syncjob": "",
-        "target_address": "",
-        "title": "",
-        "username": "",
-        "app_name": "",
-        "custom_attributes": "",
-        "delete2": "",
-        "delete2duplicates": "",
-        "generate": "",
-        "grant_types": "",
-        "redirect_uri": "",
-        "domain_footer_plain": "",
-        "extended_sender_acl_info": "",
-        "force_pw_update": "",
-        "force_pw_update_info": "",
-        "mbox_rl_info": "",
-        "multiple_bookings": "",
-        "none_inherit": "",
-        "nexthop": "",
-        "password": "",
-        "domain_footer": "",
-        "domain_footer_html": "",
-        "pushover_sender_regex": "",
-        "alias": "",
-        "max_aliases": "",
-        "max_mailboxes": "",
-        "max_quota": "",
-        "admin": "",
-        "advanced_settings": "",
-        "allow_from_smtp": "",
-        "allow_from_smtp_info": "",
-        "allowed_protocols": "",
-        "app_passwd": "",
-        "app_passwd_protocols": "",
-        "automap": "",
-        "backup_mx_options": "",
-        "bcc_dest_format": "",
-        "client_id": "",
-        "client_secret": "",
-        "comment_info": "",
-        "created_on": "",
-        "delete1": "",
-        "delete_ays": "",
-        "description": "",
-        "disable_login": "",
-        "domain": "",
-        "domain_admin": "",
-        "domain_footer_info": "",
-        "domain_footer_info_vars": {
-            "auth_user": "",
-            "from_user": "",
-            "from_name": "",
-            "from_addr": "",
-            "from_domain": "",
-            "custom": ""
-        },
-        "password_repeat": "",
-        "previous": "",
-        "private_comment": "",
-        "public_comment": "",
-        "pushover_text": "",
-        "pushover_title": "",
-        "pushover_sound": "",
-        "pushover_vars": "",
-        "pushover_verify": "",
-        "quota_mb": "",
-        "quota_warning_bcc": "",
-        "quota_warning_bcc_info": "",
-        "ratelimit": "",
-        "relay_all": "",
-        "relay_all_info": "",
-        "relay_domain": "",
-        "relay_transport_info": "",
-        "relay_unknown_only": "",
-        "relayhost": "",
-        "remove": "",
-        "hostname": "",
-        "resource": "",
-        "save": "",
-        "scope": "",
-        "sender_acl": "",
-        "sender_acl_disabled": "",
-        "sender_acl_info": "",
-        "sieve_desc": "",
-        "sieve_type": "",
-        "target_domain": "",
-        "timeout1": "",
-        "timeout2": "",
-        "unchanged_if_empty": "",
-        "validate_save": ""
-    },
-    "mailbox": {
-        "add_resource": "",
-        "domain_templates": "",
-        "activate": "",
-        "public_comment": "",
-        "set_prefilter": "",
-        "sieve_preset_5": "",
-        "active": "",
-        "add": "",
-        "add_alias": "",
-        "add_alias_expand": "",
-        "add_bcc_entry": "",
-        "bcc_destinations": "",
-        "bcc_local_dest": "",
-        "mailbox_defaults_info": "",
-        "mailbox_defquota": "",
-        "mailbox_templates": "",
-        "multiple_bookings": "",
-        "private_comment": "",
-        "q_add_header": "",
-        "q_all": "",
-        "q_reject": "",
-        "quarantine_category": "",
-        "quarantine_notification": "",
-        "quick_actions": "",
-        "recipient": "",
-        "recipient_map": "",
-        "recipient_map_info": "",
-        "recipient_map_new": "",
-        "recipient_map_new_info": "",
-        "recipient_map_old": "",
-        "recipient_map_old_info": "",
-        "recipient_maps": "",
-        "relay_unknown": "",
-        "running": "",
-        "sender": "",
-        "set_postfilter": "",
-        "sieve_preset_1": "",
-        "sieve_preset_2": "",
-        "sieve_info": "",
-        "sieve_preset_3": "",
-        "sieve_preset_4": "",
-        "sieve_preset_6": "",
-        "sieve_preset_7": "",
-        "sieve_preset_8": "",
-        "sogo_visible": "",
-        "status": "",
-        "target_address": "",
-        "target_domain": "",
-        "template": "",
-        "templates": "",
-        "tls_enforce_in": "",
-        "tls_enforce_out": "",
-        "tls_map_dest_info": "",
-        "tls_map_parameters": "",
-        "tls_map_policy": "",
-        "tls_policy_maps": "",
-        "tls_policy_maps_enforced_tls": "",
-        "tls_policy_maps_long": "",
-        "backup_mx": "",
-        "force_pw_update": "",
-        "gal": "",
-        "last_run": "",
-        "last_run_reset": "",
-        "filter_table": "",
-        "filters": "",
-        "fname": "",
-        "remove": "",
-        "tls_map_dest": "",
-        "add_mailbox": "",
-        "domain_admins": "",
-        "domain_aliases": "",
-        "edit": "",
-        "empty": "",
-        "enable_x": "",
-        "excludes": "",
-        "catch_all": "",
-        "no_record_single": "",
-        "relay_all": "",
-        "action": "",
-        "add_domain": "",
-        "add_domain_alias": "",
-        "add_domain_record_first": "",
-        "add_filter": "",
-        "add_recipient_map_entry": "",
-        "add_template": "",
-        "add_tls_policy_map": "",
-        "address_rewriting": "",
-        "alias": "",
-        "alias_domain_alias_hint": "",
-        "alias_domain_backupmx": "",
-        "aliases": "",
-        "all_domains": "",
-        "allow_from_smtp": "",
-        "allow_from_smtp_info": "",
-        "allowed_protocols": "",
-        "bcc": "",
-        "bcc_destination": "",
-        "bcc_info": "",
-        "bcc_map": "",
-        "bcc_map_type": "",
-        "bcc_maps": "",
-        "bcc_rcpt_map": "",
-        "bcc_sender_map": "",
-        "bcc_to_rcpt": "",
-        "bcc_to_sender": "",
-        "bcc_type": "",
-        "booking_null": "",
-        "booking_0_short": "",
-        "booking_custom": "",
-        "booking_custom_short": "",
-        "booking_ltnull": "",
-        "booking_lt0_short": "",
-        "created_on": "",
-        "daily": "",
-        "deactivate": "",
-        "description": "",
-        "disable_login": "",
-        "disable_x": "",
-        "dkim_domains_selector": "",
-        "dkim_key_length": "",
-        "domain": "",
-        "domain_quota": "",
-        "domain_quota_total": "",
-        "domains": "",
-        "goto_ham": "",
-        "goto_spam": "",
-        "hourly": "",
-        "in_use": "",
-        "inactive": "",
-        "insert_preset": "",
-        "kind": "",
-        "last_mail_login": "",
-        "last_modified": "",
-        "last_pw_change": "",
-        "mailbox": "",
-        "mailbox_defaults": "",
-        "mailbox_quota": "",
-        "mailboxes": "",
-        "max_aliases": "",
-        "max_mailboxes": "",
-        "max_quota": "",
-        "mins_interval": "",
-        "msg_num": "",
-        "never": "",
-        "no": "",
-        "no_record": "",
-        "open_logs": "",
-        "owner": "",
-        "resources": "",
-        "sieve_preset_header": "",
-        "sogo_visible_n": "",
-        "sogo_visible_y": "",
-        "spam_aliases": "",
-        "stats": "",
-        "sync_jobs": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "table_size": "",
-        "table_size_show_n": "",
-        "tls_map_parameters_info": "",
-        "tls_policy_maps_info": "",
-        "toggle_all": "",
-        "username": "",
-        "waiting": "",
-        "weekly": "",
-        "yes": ""
-    },
-    "user": {
-        "login_history": "",
-        "advanced_settings": "",
-        "alias": "",
-        "alias_create_random": "",
-        "alias_extend_all": "",
-        "alias_full_date": "",
-        "alias_remove_all": "",
-        "action": "",
-        "active": "",
-        "active_sieve": "",
-        "alias_select_validity": "",
-        "alias_time_left": "",
-        "alias_valid_until": "",
-        "delete_ays": "",
-        "direct_aliases": "",
-        "email_and_dav": "",
-        "spamfilter_table_rule": "",
-        "spamfilter_wl": "",
-        "verify": "",
-        "waiting": "",
-        "week": "",
-        "weekly": "",
-        "month": "",
-        "months": "",
-        "sogo_profile_reset_now": "",
-        "spam_aliases": "",
-        "spam_score_reset": "",
-        "spamfilter": "",
-        "value": "",
-        "eas_reset_now": "",
-        "remove": "",
-        "text": "",
-        "no_active_filter": "",
-        "no_last_login": "",
-        "spamfilter_bl_desc": "",
-        "spamfilter_default_score": "",
-        "day": "",
-        "never": "",
-        "pushover_verify": "",
-        "tag_handling": "",
-        "edit": "",
-        "last_ui_login": "",
-        "title": "",
-        "tls_enforce_in": "",
-        "tls_enforce_out": "",
-        "tls_policy": "",
-        "tls_policy_warning": "",
-        "aliases_also_send_as": "",
-        "aliases_send_as_all": "",
-        "app_hint": "",
-        "allowed_protocols": "",
-        "app_name": "",
-        "app_passwds": "",
-        "apple_connection_profile": "",
-        "apple_connection_profile_complete": "",
-        "apple_connection_profile_mailonly": "",
-        "apple_connection_profile_with_app_password": "",
-        "attribute": "",
-        "change_password": "",
-        "change_password_hint_app_passwords": "",
-        "clear_recent_successful_connections": "",
-        "client_configuration": "",
-        "create_app_passwd": "",
-        "create_syncjob": "",
-        "created_on": "",
-        "daily": "",
-        "direct_aliases_desc": "",
-        "direct_protocol_access": "",
-        "eas_reset": "",
-        "eas_reset_help": "",
-        "email": "",
-        "empty": "",
-        "encryption": "",
-        "excludes": "",
-        "expire_in": "",
-        "fido2_webauthn": "",
-        "force_pw_update": "",
-        "from": "",
-        "generate": "",
-        "hour": "",
-        "hourly": "",
-        "hours": "",
-        "in_use": "",
-        "interval": "",
-        "is_catch_all": "",
-        "last_mail_login": "",
-        "last_pw_change": "",
-        "last_run": "",
-        "loading": "",
-        "mailbox": "",
-        "mailbox_details": "",
-        "mailbox_general": "",
-        "mailbox_settings": "",
-        "messages": "",
-        "new_password": "",
-        "new_password_repeat": "",
-        "no_record": "",
-        "open_logs": "",
-        "open_webmail_sso": "",
-        "password": "",
-        "password_now": "",
-        "password_repeat": "",
-        "pushover_evaluate_x_prio": "",
-        "pushover_info": "",
-        "pushover_only_x_prio": "",
-        "pushover_sender_array": "",
-        "pushover_sender_regex": "",
-        "pushover_text": "",
-        "pushover_title": "",
-        "pushover_sound": "",
-        "pushover_vars": "",
-        "q_add_header": "",
-        "q_all": "",
-        "q_reject": "",
-        "quarantine_category": "",
-        "quarantine_category_info": "",
-        "quarantine_notification": "",
-        "quarantine_notification_info": "",
-        "recent_successful_connections": "",
-        "running": "",
-        "save": "",
-        "save_changes": "",
-        "sender_acl_disabled": "",
-        "shared_aliases": "",
-        "shared_aliases_desc": "",
-        "show_sieve_filters": "",
-        "sogo_profile_reset": "",
-        "sogo_profile_reset_help": "",
-        "spamfilter_behavior": "",
-        "spamfilter_bl": "",
-        "spamfilter_green": "",
-        "spamfilter_hint": "",
-        "spamfilter_red": "",
-        "spamfilter_table_action": "",
-        "spamfilter_table_add": "",
-        "spamfilter_table_domain_policy": "",
-        "spamfilter_table_empty": "",
-        "spamfilter_table_remove": "",
-        "spamfilter_wl_desc": "",
-        "spamfilter_yellow": "",
-        "status": "",
-        "sync_jobs": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "",
-        "tag_help_example": "",
-        "tag_help_explain": "",
-        "tag_in_none": "",
-        "tag_in_subfolder": "",
-        "tag_in_subject": "",
-        "user_settings": "",
-        "username": "",
-        "weeks": "",
-        "with_app_password": "",
-        "year": "",
-        "years": ""
-    },
-    "fido2": {
-        "set_fn": "",
-        "rename": "",
-        "set_fido2": "",
-        "set_fido2_touchid": "",
-        "start_fido2_validation": "",
-        "confirm": "",
-        "fido2_auth": "",
-        "fido2_success": "",
-        "fido2_validation_failed": "",
-        "fn": "",
-        "known_ids": "",
-        "none": "",
-        "register_status": ""
-    },
-    "footer": {
-        "cancel": "",
-        "confirm_delete": "",
-        "delete_now": "",
-        "delete_these_items": "",
-        "hibp_check": "",
-        "hibp_nok": "",
-        "hibp_ok": "",
-        "loading": "",
-        "nothing_selected": "",
-        "restart_container": "",
-        "restart_container_info": "",
-        "restart_now": "",
-        "restarting_container": ""
-    },
-    "quarantine": {
-        "qid": "",
-        "quarantine": "",
-        "quick_actions": "",
-        "quick_delete_link": "",
-        "neutral_danger": "",
-        "qitem": "",
-        "download_eml": "",
-        "action": "",
-        "atts": "",
-        "check_hash": "",
-        "confirm": "",
-        "confirm_delete": "",
-        "danger": "",
-        "deliver_inbox": "",
-        "disabled_by_config": "",
-        "empty": "",
-        "high_danger": "",
-        "info": "",
-        "junk_folder": "",
-        "learn_spam_delete": "",
-        "low_danger": "",
-        "medium_danger": "",
-        "notified": "",
-        "qhandler_success": "",
-        "qinfo": "",
-        "quick_info_link": "",
-        "quick_release_link": "",
-        "rcpt": "",
-        "received": "",
-        "recipients": "",
-        "refresh": "",
-        "rejected": "",
-        "release": "",
-        "release_body": "",
-        "release_subject": "",
-        "remove": "",
-        "rewrite_subject": "",
-        "rspamd_result": "",
-        "sender": "",
-        "sender_header": "",
-        "settings_info": "",
-        "show_item": "",
-        "spam": "",
-        "spam_score": "",
-        "subj": "",
-        "table_size": "",
-        "table_size_show_n": "",
-        "text_from_html_content": "",
-        "text_plain_content": "",
-        "toggle_all": "",
-        "type": ""
-    },
-    "ratelimit": {
-        "minute": "",
-        "hour": "",
-        "day": "",
-        "disabled": "",
-        "second": ""
-    },
-    "start": {
-        "help": "",
-        "imap_smtp_server_auth_info": "",
-        "mailcow_panel_detail": "",
-        "mailcow_apps_detail": ""
-    },
-    "queue": {
-        "unhold_mail": "",
-        "unhold_mail_legend": "",
-        "delete": "",
-        "flush": "",
-        "info": "",
-        "legend": "",
-        "deliver_mail": "",
-        "ays": "",
-        "deliver_mail_legend": "",
-        "hold_mail": "",
-        "hold_mail_legend": "",
-        "queue_manager": "",
-        "show_message": "",
-        "unban": ""
-    },
-    "success": {
-        "acl_saved": "",
-        "admin_added": "",
-        "cors_headers_edited": "",
-        "db_init_complete": "",
-        "delete_filter": "",
-        "delete_filters": "",
-        "deleted_syncjob": "",
-        "deleted_syncjobs": "",
-        "dkim_added": "",
-        "domain_add_dkim_available": "",
-        "dkim_duplicated": "",
-        "dkim_removed": "",
-        "domain_added": "",
-        "domain_admin_removed": "",
-        "domain_footer_modified": "",
-        "domain_modified": "",
-        "domain_removed": "",
-        "dovecot_restart_success": "",
-        "f2b_banlist_refreshed": "",
-        "domain_admin_added": "",
-        "domain_admin_modified": "",
-        "f2b_modified": "",
-        "forwarding_host_added": "",
-        "resource_modified": "",
-        "resource_removed": "",
-        "rl_saved": "",
-        "reset_main_logo": "",
-        "resource_added": "",
-        "rspamd_ui_pw_set": "",
-        "saved_settings": "",
-        "settings_map_added": "",
-        "settings_map_removed": "",
-        "sogo_profile_reset": "",
-        "template_added": "",
-        "template_modified": "",
-        "template_removed": "",
-        "tls_policy_map_entry_deleted": "",
-        "eas_reset": "",
-        "mailbox_added": "",
-        "items_deleted": "",
-        "items_released": "",
-        "learned_ham": "",
-        "license_modified": "",
-        "logged_in_as": "",
-        "password_policy_saved": "",
-        "hash_deleted": "",
-        "app_links": "",
-        "admin_api_modified": "",
-        "admin_modified": "",
-        "admin_removed": "",
-        "alias_added": "",
-        "alias_domain_removed": "",
-        "alias_modified": "",
-        "alias_removed": "",
-        "aliasd_added": "",
-        "aliasd_modified": "",
-        "app_passwd_added": "",
-        "app_passwd_removed": "",
-        "bcc_deleted": "",
-        "bcc_edited": "",
-        "bcc_saved": "",
-        "forwarding_host_removed": "",
-        "global_filter_written": "",
-        "ip_check_opt_in_modified": "",
-        "item_deleted": "",
-        "item_released": "",
-        "mailbox_modified": "",
-        "mailbox_removed": "",
-        "nginx_reloaded": "",
-        "object_modified": "",
-        "pushover_settings_edited": "",
-        "qlearn_spam": "",
-        "queue_command_success": "",
-        "recipient_map_entry_deleted": "",
-        "recipient_map_entry_saved": "",
-        "relayhost_added": "",
-        "relayhost_removed": "",
-        "tls_policy_map_entry_saved": "",
-        "ui_texts": "",
-        "upload_success": "",
-        "verified_fido2_login": "",
-        "verified_totp_login": "",
-        "verified_webauthn_login": "",
-        "verified_yotp_login": ""
-    },
-    "tfa": {
-        "webauthn": "",
-        "waiting_usb_register": "",
-        "authenticators": "",
-        "api_register": "",
-        "confirm_totp_token": "",
-        "none": "",
-        "select": "",
-        "yubi_otp": "",
-        "waiting_usb_auth": "",
-        "delete_tfa": "",
-        "disable_tfa": "",
-        "enter_qr_code": "",
-        "error_code": "",
-        "init_webauthn": "",
-        "key_id": "",
-        "confirm": "",
-        "key_id_totp": "",
-        "reload_retry": "",
-        "scan_qr_code": "",
-        "set_tfa": "",
-        "start_webauthn_validation": "",
-        "tfa": "",
-        "tfa_token_invalid": "",
-        "totp": "",
-        "u2f_deprecated": "",
-        "u2f_deprecated_important": ""
-    },
-    "header": {
-        "debug": "",
-        "administration": "",
-        "apps": "",
-        "email": "",
-        "mailcow_system": "",
-        "mailcow_config": "",
-        "quarantine": "",
-        "restart_netfilter": "",
-        "restart_sogo": "",
-        "user_settings": ""
-    },
-    "warning": {
-        "domain_added_sogo_failed": "",
-        "dovecot_restart_failed": "",
-        "fuzzy_learn_error": "",
-        "hash_not_found": "",
-        "ip_invalid": "",
-        "no_active_admin": "",
-        "quota_exceeded_scope": "",
-        "session_token": "",
-        "session_ua": "",
-        "cannot_delete_self": "",
-        "is_not_primary_alias": ""
-    },
-    "info": {
-        "awaiting_tfa_confirmation": "",
-        "no_action": "",
-        "session_expires": ""
-    },
-    "login": {
-        "delayed": "",
-        "fido2_webauthn": "",
-        "login": "",
-        "mobileconfig_info": "",
-        "other_logins": "",
-        "password": "",
-        "username": ""
-    },
-    "oauth2": {
-        "access_denied": "",
-        "authorize_app": "",
-        "deny": "",
-        "permit": "",
-        "profile": "",
-        "profile_desc": "",
-        "scope_ask_permission": ""
+        "active": "Aktivno"
     }
 }
diff --git a/data/web/lang/lang.sk-sk.json b/data/web/lang/lang.sk-sk.json
index ba1ed4926..466afdb85 100644
--- a/data/web/lang/lang.sk-sk.json
+++ b/data/web/lang/lang.sk-sk.json
@@ -342,16 +342,7 @@
         "username": "Prihlasovacie meno",
         "validate_license_now": "Validovať GUID cez licenčný server",
         "verify": "Kontrola",
-        "yes": "&#10003;",
-        "queue_unban": "",
-        "allowed_origins": "",
-        "cors_settings": "",
-        "f2b_ban_time_increment": "",
-        "f2b_max_ban_time": "",
-        "copy_to_clipboard": "",
-        "f2b_manage_external": "",
-        "f2b_manage_external_info": "",
-        "allowed_methods": ""
+        "yes": "&#10003;"
     },
     "danger": {
         "access_denied": "Prístup zamietnutý alebo nesprávne dáta formulára",
@@ -473,16 +464,7 @@
         "username_invalid": "Používateľské meno %s nemôže byť použité",
         "validity_missing": "Zadajte periódu platnosti",
         "value_missing": "Prosím poskytnite všetky hodnoty",
-        "yotp_verification_failed": "Overenie cez OTP Yubico zlyhalo: %s",
-        "webauthn_publickey_failed": "",
-        "webauthn_username_failed": "",
-        "webauthn_authenticator_failed": "",
-        "cors_invalid_method": "",
-        "cors_invalid_origin": "",
-        "demo_mode_enabled": "",
-        "img_dimensions_exceeded": "",
-        "img_size_exceeded": "",
-        "extended_sender_acl_denied": ""
+        "yotp_verification_failed": "Overenie cez OTP Yubico zlyhalo: %s"
     },
     "datatables": {
         "info": "Záznamy _START_ až _END_ z celkom _TOTAL_",
@@ -507,8 +489,7 @@
         "decimal": ",",
         "thousands": " ",
         "collapse_all": "Zbaliť všetko",
-        "expand_all": "Rozbaliť všetko",
-        "infoPostFix": ""
+        "expand_all": "Rozbaliť všetko"
     },
     "debug": {
         "chart_this_server": "Graf (tento server)",
@@ -535,21 +516,7 @@
         "success": "Úspech",
         "system_containers": "Systém & Kontajnery",
         "uptime": "Doba behu",
-        "username": "Používateľské meno",
-        "architecture": "",
-        "error_show_ip": "",
-        "update_failed": "",
-        "show_ip": "",
-        "timezone": "",
-        "update_available": "",
-        "no_update_available": "",
-        "wip": "",
-        "current_time": "",
-        "memory": "",
-        "container_running": "",
-        "container_disabled": "",
-        "container_stopped": "",
-        "cores": ""
+        "username": "Používateľské meno"
     },
     "diagnostics": {
         "cname_from_a": "Hodnota odvodená od A/AAAA záznamu. Toto je podporené len v prípade ak záznam poukazuje na správny zdroj.",
@@ -681,17 +648,12 @@
             "from_domain": "{= from_domain =} - Doména odosielateľa",
             "auth_user": "{= auth_user =} - Prihlasovacie meno odosielateľa",
             "from_user": "{= from_user =}   - Používateľská časť e-mailovej adresy odosielateľa, napr. pre \"moo@mailcow.tld\" vráti \"moo\"",
-            "from_name": "{= from_name =}   - Meno odosielateľa, napr. pre \"Mailcow &lt;moo@mailcow.tld&gt;\" vráti \"Mailcow\"",
-            "custom": ""
+            "from_name": "{= from_name =}   - Meno odosielateľa, napr. pre \"Mailcow &lt;moo@mailcow.tld&gt;\" vráti \"Mailcow\""
         },
         "domain_footer": "Pätička pre celú doménu",
         "domain_footer_html": "HTML text",
         "domain_footer_info": "Pätička pre celú doménu sa pridáva do všetkých odchádzajúcich e-mailov spojených s adresou v rámci tejto domény. <br> Pre pätičku je možné použiť nasledujúce premenné:",
-        "domain_footer_plain": "Obyčajný text",
-        "footer_exclude": "",
-        "domain_footer_skip_replies": "",
-        "custom_attributes": "",
-        "pushover_sound": ""
+        "domain_footer_plain": "Obyčajný text"
     },
     "fido2": {
         "confirm": "Potvrdiť",
@@ -921,8 +883,7 @@
         "username": "Používateľské meno",
         "waiting": "Čakanie",
         "weekly": "Týždenný",
-        "yes": "&#10003;",
-        "relay_unknown": ""
+        "yes": "&#10003;"
     },
     "oauth2": {
         "access_denied": "Prosím prihláste sa ako používateľ mailovej schránky, aby ste mohli získať prístup cez OAuth2.",
@@ -999,8 +960,7 @@
         "unhold_mail": "Uvoľniť",
         "unhold_mail_legend": "Uvoľniť vybrané e-maily na doručenie. (Len v prípade predchádzajúceho podržania)",
         "hold_mail": "Podržať",
-        "hold_mail_legend": "Podržať vybrané e-maily. (Zabráni ďalším pokusom o doručenie)",
-        "unban": ""
+        "hold_mail_legend": "Podržať vybrané e-maily. (Zabráni ďalším pokusom o doručenie)"
     },
     "ratelimit": {
         "disabled": "Vypnuté",
@@ -1095,11 +1055,7 @@
         "verified_totp_login": "Overené TOTP prihlásenie",
         "verified_webauthn_login": "Overené WebAuthn prihlásenie",
         "verified_yotp_login": "Overené Yubico OTP prihlásenie",
-        "domain_footer_modified": "Zmeny v pätičke domény %s boli uložené",
-        "cors_headers_edited": "",
-        "f2b_banlist_refreshed": "",
-        "ip_check_opt_in_modified": "",
-        "domain_add_dkim_available": ""
+        "domain_footer_modified": "Zmeny v pätičke domény %s boli uložené"
     },
     "tfa": {
         "api_register": "%s využíva Yubico Cloud API. Prosím, zaobstarajte si API kľúč pre váš kľúč <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">tu</a>",
@@ -1126,8 +1082,7 @@
         "waiting_usb_register": "<i>Čakanie na USB zariadenie...</i><br><br>Prosím zadajte vaše heslo a potvrďte registráciu stlačením tlačidla na vašom USB zariadení.",
         "yubi_otp": "Yubico OTP autentifikácia",
         "u2f_deprecated_important": "Zaregistrujte si svoj Kľúč v paneli správcu pomocou novej metódy WebAuthn.",
-        "u2f_deprecated": "Zdá sa, že váš kľúč bol zaregistrovaný pomocou zastaranej metódy U2F. Deaktivujeme vám dvojfaktorovú autentifikáciu a odstránime váš Kľúč.",
-        "authenticators": ""
+        "u2f_deprecated": "Zdá sa, že váš kľúč bol zaregistrovaný pomocou zastaranej metódy U2F. Deaktivujeme vám dvojfaktorovú autentifikáciu a odstránime váš Kľúč."
     },
     "user": {
         "action": "Akcia",
@@ -1288,10 +1243,7 @@
         "weeks": "týždne",
         "with_app_password": "s heslom aplikácie",
         "year": "rok",
-        "years": "rokov",
-        "value": "",
-        "attribute": "",
-        "pushover_sound": ""
+        "years": "rokov"
     },
     "warning": {
         "cannot_delete_self": "Nemožno vymazať prihláseného používateľa",
diff --git a/data/web/lang/lang.sv-se.json b/data/web/lang/lang.sv-se.json
index 13396a6f9..bbf0d9586 100644
--- a/data/web/lang/lang.sv-se.json
+++ b/data/web/lang/lang.sv-se.json
@@ -106,9 +106,7 @@
         "validate": "Validera",
         "validation_success": "Korrekt validerad",
         "app_passwd_protocols": "Tillåtna protokoll för applösenord",
-        "bcc_dest_format": "BCC-destinationen måste vara en enda giltig e-postadress.<br>Om du behöver skicka en kopia till flera adresser skapar du ett alias och använder det här.",
-        "dry": "",
-        "tags": ""
+        "bcc_dest_format": "BCC-destinationen måste vara en enda giltig e-postadress.<br>Om du behöver skicka en kopia till flera adresser skapar du ett alias och använder det här."
     },
     "admin": {
         "access": "Åtkomst",
@@ -327,31 +325,7 @@
         "username": "Användarnamn",
         "validate_license_now": "Validera installations-ID mot licensservern",
         "verify": "Verifiera",
-        "yes": "&#10003;",
-        "allowed_origins": "",
-        "allowed_methods": "",
-        "logo_dark_label": "",
-        "cors_settings": "",
-        "logo_normal_label": "",
-        "ip_check": "",
-        "f2b_ban_time_increment": "",
-        "copy_to_clipboard": "",
-        "f2b_manage_external": "",
-        "f2b_manage_external_info": "",
-        "f2b_max_ban_time": "",
-        "ip_check_disabled": "",
-        "login_time": "",
-        "oauth2_apps": "",
-        "oauth2_add_client": "",
-        "options": "",
-        "api_read_only": "",
-        "ip_check_opt_in": "",
-        "is_mx_based": "",
-        "queue_unban": "",
-        "rsettings_preset_4": "",
-        "service": "",
-        "success": "",
-        "api_read_write": ""
+        "yes": "&#10003;"
     },
     "danger": {
         "access_denied": "Nekad åtkomst, eller ofullständig/ogiltig data",
@@ -470,19 +444,7 @@
         "username_invalid": "Användarnamnet %s kan inte användas",
         "validity_missing": "Ange en giltighetsperiod",
         "value_missing": "Ange alla värden",
-        "yotp_verification_failed": "Yubico OTP-verifiering misslyckades: %s",
-        "webauthn_authenticator_failed": "",
-        "cors_invalid_method": "",
-        "cors_invalid_origin": "",
-        "img_dimensions_exceeded": "",
-        "img_size_exceeded": "",
-        "webauthn_publickey_failed": "",
-        "webauthn_username_failed": "",
-        "demo_mode_enabled": "",
-        "extended_sender_acl_denied": "",
-        "template_exists": "",
-        "template_id_invalid": "",
-        "template_name_invalid": ""
+        "yotp_verification_failed": "Yubico OTP-verifiering misslyckades: %s"
     },
     "debug": {
         "chart_this_server": "Tabell (denna server)",
@@ -505,25 +467,7 @@
         "uptime": "Upptid",
         "started_on": "Startades",
         "static_logs": "Statiska loggar",
-        "system_containers": "System & behållare",
-        "success": "",
-        "architecture": "",
-        "login_time": "",
-        "update_available": "",
-        "container_running": "",
-        "container_disabled": "",
-        "container_stopped": "",
-        "cores": "",
-        "current_time": "",
-        "error_show_ip": "",
-        "memory": "",
-        "service": "",
-        "show_ip": "",
-        "timezone": "",
-        "update_failed": "",
-        "username": "",
-        "wip": "",
-        "no_update_available": ""
+        "system_containers": "System & behållare"
     },
     "diagnostics": {
         "cname_from_a": "Värde härstammar från A/AAAA-uppslaget. Detta stöds så länge som uppslaget pekar mot rätt resurs.",
@@ -641,31 +585,7 @@
         "title": "Ändra objekt",
         "unchanged_if_empty": "Lämna blakt, om oförändrat",
         "username": "Användarnamn",
-        "validate_save": "Validera och spara",
-        "footer_exclude": "",
-        "mailbox_relayhost_info": "",
-        "domain_footer_skip_replies": "",
-        "pushover_sound": "",
-        "custom_attributes": "",
-        "sogo_access": "",
-        "domain_footer": "",
-        "domain_footer_html": "",
-        "domain_footer_info_vars": {
-            "auth_user": "",
-            "from_user": "",
-            "from_name": "",
-            "from_addr": "",
-            "from_domain": "",
-            "custom": ""
-        },
-        "app_passwd_protocols": "",
-        "domain_footer_info": "",
-        "domain_footer_plain": "",
-        "none_inherit": "",
-        "sogo_access_info": "",
-        "pushover": "",
-        "acl": "",
-        "lookup_mx": ""
+        "validate_save": "Validera och spara"
     },
     "footer": {
         "cancel": "Avbryt",
@@ -678,9 +598,7 @@
         "restart_container": "Starta om kontainer",
         "restart_container_info": "<b>Viktigt:</b> En fullständig omstart kan ta ett tag att slutföra, vänta tills att det är klart.",
         "restart_now": "Starta om nu",
-        "restarting_container": "Startar om kontainern, det kan ta en stund",
-        "hibp_check": "",
-        "nothing_selected": ""
+        "restarting_container": "Startar om kontainern, det kan ta en stund"
     },
     "header": {
         "administration": "Konfiguration & detaljer",
@@ -691,8 +609,7 @@
         "quarantine": "Karantän",
         "restart_netfilter": "Starta om netfilter",
         "restart_sogo": "Starta om SOGo",
-        "user_settings": "Användarinställningar",
-        "mailcow_system": ""
+        "user_settings": "Användarinställningar"
     },
     "info": {
         "awaiting_tfa_confirmation": "Inväntar en TFA-bekräftelse",
@@ -858,30 +775,7 @@
         "username": "Användarnamn",
         "waiting": "Väntar",
         "weekly": "Varje vecka",
-        "yes": "&#10003;",
-        "goto_ham": "",
-        "goto_spam": "",
-        "templates": "",
-        "template": "",
-        "add_template": "",
-        "catch_all": "",
-        "all_domains": "",
-        "domain_templates": "",
-        "last_pw_change": "",
-        "mailbox_templates": "",
-        "open_logs": "",
-        "recipient": "",
-        "relay_unknown": "",
-        "sender": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": ""
+        "yes": "&#10003;"
     },
     "oauth2": {
         "access_denied": "Logga in som ägare av en postlåda för att tilldela åtkomst via OAuth2.",
@@ -946,20 +840,7 @@
         "toggle_all": "Markera alla"
     },
     "queue": {
-        "queue_manager": "Kö-hanteraring",
-        "unban": "",
-        "ays": "",
-        "deliver_mail": "",
-        "deliver_mail_legend": "",
-        "hold_mail": "",
-        "hold_mail_legend": "",
-        "delete": "",
-        "flush": "",
-        "info": "",
-        "legend": "",
-        "show_message": "",
-        "unhold_mail": "",
-        "unhold_mail_legend": ""
+        "queue_manager": "Kö-hanteraring"
     },
     "start": {
         "help": "Visa/dölj hjälppanel",
@@ -1043,15 +924,7 @@
         "verified_totp_login": "Verifierad TOTP inloggning",
         "verified_webauthn_login": "Verifierad WebAuthn inloggning",
         "verified_fido2_login": "Verifierad FIDO2 inloggning",
-        "verified_yotp_login": "Verifierad Yubico OTP inloggning",
-        "domain_footer_modified": "",
-        "template_added": "",
-        "template_modified": "",
-        "cors_headers_edited": "",
-        "domain_add_dkim_available": "",
-        "f2b_banlist_refreshed": "",
-        "ip_check_opt_in_modified": "",
-        "template_removed": ""
+        "verified_yotp_login": "Verifierad Yubico OTP inloggning"
     },
     "tfa": {
         "api_register": "%s använder Yubico Moln-API. Vänligen skaffa en API-nyckel för din nyckel <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">här</a>",
@@ -1076,10 +949,7 @@
         "webauthn": "WebAuthn-autentisering",
         "waiting_usb_auth": "<i>Väntar på USB-enhet...</i><br><br>Tryck på knappen på USB-enheten nu.",
         "waiting_usb_register": "<i>Väntar på USB-enhet...</i><br><br>Vänligen fyll i det övre lösenordsfältet först och tryck sedan på knappen på USB-enheten.",
-        "yubi_otp": "Yubico OTP-autentisering",
-        "authenticators": "",
-        "u2f_deprecated": "",
-        "u2f_deprecated_important": ""
+        "yubi_otp": "Yubico OTP-autentisering"
     },
     "fido2": {
         "set_fn": "Ange ett eget namn",
@@ -1093,8 +963,7 @@
         "start_fido2_validation": "Starta FIDO2 verifiering",
         "fido2_auth": "Loggain med FIDO2",
         "fido2_success": "Enheten har registrerats",
-        "fido2_validation_failed": "Verifiering misslyckades",
-        "set_fido2_touchid": ""
+        "fido2_validation_failed": "Verifiering misslyckades"
     },
     "user": {
         "action": "Åtgärd",
@@ -1228,37 +1097,7 @@
         "weekly": "Varje vecka",
         "weeks": "veckor",
         "year": "år",
-        "years": "år",
-        "empty": "",
-        "pushover_sound": "",
-        "fido2_webauthn": "",
-        "recent_successful_connections": "",
-        "value": "",
-        "with_app_password": "",
-        "attribute": "",
-        "from": "",
-        "allowed_protocols": "",
-        "apple_connection_profile_with_app_password": "",
-        "change_password_hint_app_passwords": "",
-        "clear_recent_successful_connections": "",
-        "direct_protocol_access": "",
-        "last_pw_change": "",
-        "last_ui_login": "",
-        "login_history": "",
-        "mailbox": "",
-        "mailbox_general": "",
-        "mailbox_settings": "",
-        "open_logs": "",
-        "open_webmail_sso": "",
-        "syncjob_check_log": "",
-        "syncjob_last_run_result": "",
-        "syncjob_EX_OK": "",
-        "syncjob_EXIT_CONNECTION_FAILURE": "",
-        "syncjob_EXIT_TLS_FAILURE": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "",
-        "syncjob_EXIT_OVERQUOTA": "",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": ""
+        "years": "år"
     },
     "warning": {
         "cannot_delete_self": "Inloggade användare kan inte tas bort",
@@ -1272,38 +1111,5 @@
         "quota_exceeded_scope": "Domänkvoten fylld: Endast postlådor med obegränsade kvoter kan skapas på den här domänen.",
         "session_token": "Formulär-nyckeln är ogiltig: Nyckeln matchar inte",
         "session_ua": "Formulär-nyckeln är ogiltig: User-Agenten kunde inte valideras"
-    },
-    "datatables": {
-        "info": "",
-        "expand_all": "",
-        "emptyTable": "",
-        "infoFiltered": "",
-        "infoEmpty": "",
-        "lengthMenu": "",
-        "loadingRecords": "",
-        "processing": "",
-        "search": "",
-        "zeroRecords": "",
-        "paginate": {
-            "first": "",
-            "last": "",
-            "next": "",
-            "previous": ""
-        },
-        "aria": {
-            "sortAscending": "",
-            "sortDescending": ""
-        },
-        "collapse_all": "",
-        "thousands": "",
-        "decimal": "",
-        "infoPostFix": ""
-    },
-    "ratelimit": {
-        "day": "",
-        "disabled": "",
-        "second": "",
-        "minute": "",
-        "hour": ""
     }
 }
diff --git a/data/web/lang/lang.tr-tr.json b/data/web/lang/lang.tr-tr.json
index f33f23770..e7fb623ce 100644
--- a/data/web/lang/lang.tr-tr.json
+++ b/data/web/lang/lang.tr-tr.json
@@ -350,8 +350,7 @@
         "reset_limit": "Hashi kaldır",
         "routing": "Yönlendirme",
         "rsetting_add_rule": "Kural ekle",
-        "rsetting_content": "Kural içeriği",
-        "add": ""
+        "rsetting_content": "Kural içeriği"
     },
     "warning": {
         "cannot_delete_self": "Cannot delete logged in user",
@@ -389,8 +388,7 @@
         "loadingRecords": "Yükleniyor...",
         "processing": "Lütfen bekleyin...",
         "search": "Ara:",
-        "zeroRecords": "Eşleşen kayıt bulunamadı",
-        "infoPostFix": ""
+        "zeroRecords": "Eşleşen kayıt bulunamadı"
     },
     "edit": {
         "inactive": "Pasif",
diff --git a/data/web/lang/lang.uk-ua.json b/data/web/lang/lang.uk-ua.json
index fbb892f04..731224642 100644
--- a/data/web/lang/lang.uk-ua.json
+++ b/data/web/lang/lang.uk-ua.json
@@ -349,9 +349,7 @@
         "queue_unban": "розблокувати",
         "f2b_manage_external": "Керування Fail2Ban ззовні",
         "f2b_manage_external_info": "Fail2ban буде підтримувати список заборонених, але не буде активно встановлювати правила для блокування трафіку. Використовуйте згенерований список заборон нижче для зовнішнього блокування трафіку.",
-        "copy_to_clipboard": "Текст скопійовано в буфер обміну!",
-        "logo_normal_label": "",
-        "logo_dark_label": ""
+        "copy_to_clipboard": "Текст скопійовано в буфер обміну!"
     },
     "danger": {
         "alias_domain_invalid": "Неприпустимий псевдонім домену: %s",
@@ -480,9 +478,7 @@
         "extended_sender_acl_denied": "відсутній ACL для встановлення зовнішніх адрес відправників",
         "template_exists": "Шаблон %s вже існує",
         "template_id_invalid": "Ідентифікатор шаблону %s недійсний",
-        "template_name_invalid": "Ім'я шаблону невірне",
-        "img_dimensions_exceeded": "",
-        "img_size_exceeded": ""
+        "template_name_invalid": "Ім'я шаблону невірне"
     },
     "debug": {
         "chart_this_server": "Діаграма (цей сервер)",
@@ -664,8 +660,7 @@
         },
         "domain_footer_html": "Нижній колонтитул HTML",
         "domain_footer_plain": "ЗВИЧАЙНИЙ нижній колонтитул",
-        "custom_attributes": "Користувацькі атрибути",
-        "domain_footer_skip_replies": ""
+        "custom_attributes": "Користувацькі атрибути"
     },
     "fido2": {
         "confirm": "Підтвердити",
@@ -1072,8 +1067,7 @@
         "cors_headers_edited": "Налаштування CORS збережено",
         "ip_check_opt_in_modified": "Перевірка IP-адреси успішно збережено",
         "template_removed": "Шаблону із ID %s видалено",
-        "f2b_banlist_refreshed": "Ідентифікатор списку заборонених успішно оновлено.",
-        "domain_footer_modified": ""
+        "f2b_banlist_refreshed": "Ідентифікатор списку заборонених успішно оновлено."
     },
     "tfa": {
         "confirm": "Підтвердьте",
@@ -1100,8 +1094,7 @@
         "set_tfa": "Встановити метод двофакторної перевірки",
         "u2f_deprecated": "Схоже, ваш ключ був зареєстрований за допомогою застарілого методу U2F. Ми дезактивуємо двофакторну автентифікацію для вас і видалимо ваш ключ.",
         "waiting_usb_auth": "<i>Очікування пристрою USB...</i><br><br>Будь ласка, натисніть зараз кнопку на USB пристрої.",
-        "waiting_usb_register": "<i>Очікування USB-пристрою...</i><br><br>Будь ласка, введіть пароль вище та підтвердіть реєстрацію, натиснувши кнопку на USB пристрої.",
-        "authenticators": ""
+        "waiting_usb_register": "<i>Очікування USB-пристрою...</i><br><br>Будь ласка, введіть пароль вище та підтвердіть реєстрацію, натиснувши кнопку на USB пристрої."
     },
     "user": {
         "action": "Дії",
diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index 1f7b9cf99..0d660c189 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -107,8 +107,7 @@
         "timeout2": "本地主机连接超时时间",
         "username": "用户名",
         "validate": "验证",
-        "validation_success": "验证成功",
-        "dry": ""
+        "validation_success": "验证成功"
     },
     "admin": {
         "access": "权限管理",
@@ -339,19 +338,7 @@
         "yes": "&#10003;",
         "options": "选项",
         "f2b_max_ban_time": "最长封禁时间（秒）",
-        "copy_to_clipboard": "复制到粘贴板",
-        "allowed_methods": "",
-        "allowed_origins": "",
-        "logo_dark_label": "",
-        "logo_normal_label": "",
-        "cors_settings": "",
-        "f2b_ban_time_increment": "",
-        "f2b_manage_external": "",
-        "f2b_manage_external_info": "",
-        "ip_check": "",
-        "ip_check_disabled": "",
-        "ip_check_opt_in": "",
-        "queue_unban": ""
+        "copy_to_clipboard": "复制到粘贴板"
     },
     "danger": {
         "access_denied": "访问被拒绝或者表单数据无效",
@@ -472,17 +459,7 @@
         "value_missing": "请填入所有值",
         "yotp_verification_failed": "Yubico OTP 认证失败: %s",
         "template_exists": "模板 %s 已存在",
-        "template_name_invalid": "模板名称无效",
-        "webauthn_authenticator_failed": "",
-        "webauthn_username_failed": "",
-        "cors_invalid_method": "",
-        "cors_invalid_origin": "",
-        "img_dimensions_exceeded": "",
-        "img_size_exceeded": "",
-        "webauthn_publickey_failed": "",
-        "demo_mode_enabled": "",
-        "extended_sender_acl_denied": "",
-        "template_id_invalid": ""
+        "template_name_invalid": "模板名称无效"
     },
     "debug": {
         "chart_this_server": "图表 (此服务器)",
@@ -517,13 +494,7 @@
         "error_show_ip": "无法解析公网IP地址",
         "show_ip": "显示公网IP",
         "update_available": "有可用更新",
-        "update_failed": "无法检查更新",
-        "container_stopped": "",
-        "architecture": "",
-        "no_update_available": "",
-        "wip": "",
-        "current_time": "",
-        "timezone": ""
+        "update_failed": "无法检查更新"
     },
     "diagnostics": {
         "cname_from_a": "来自 A/AAAA 记录的值。但只要记录指向正确的资源即可。",
@@ -647,25 +618,7 @@
         "title": "编辑对象",
         "unchanged_if_empty": "如果不更改则留空",
         "username": "用户名",
-        "validate_save": "验证并保存",
-        "footer_exclude": "",
-        "created_on": "",
-        "domain_footer_skip_replies": "",
-        "last_modified": "",
-        "custom_attributes": "",
-        "domain_footer": "",
-        "domain_footer_html": "",
-        "domain_footer_info": "",
-        "domain_footer_info_vars": {
-            "auth_user": "",
-            "from_user": "",
-            "from_name": "",
-            "from_addr": "",
-            "from_domain": "",
-            "custom": ""
-        },
-        "domain_footer_plain": "",
-        "pushover_sound": ""
+        "validate_save": "验证并保存"
     },
     "fido2": {
         "confirm": "确认",
@@ -706,8 +659,7 @@
         "quarantine": "隔离",
         "restart_netfilter": "重启 netfilter",
         "restart_sogo": "重启 SOGo",
-        "user_settings": "用户设置",
-        "mailcow_system": ""
+        "user_settings": "用户设置"
     },
     "info": {
         "awaiting_tfa_confirmation": "等待 TFA 确认",
@@ -886,17 +838,7 @@
         "mailbox_templates": "邮箱模板",
         "gal": "全局地址列表",
         "max_aliases": "最大别名数",
-        "max_mailboxes": "最大可能的邮箱数",
-        "goto_ham": "",
-        "goto_spam": "",
-        "templates": "",
-        "template": "",
-        "force_pw_update": "",
-        "last_modified": "",
-        "add_template": "",
-        "created_on": "",
-        "max_quota": "",
-        "relay_unknown": ""
+        "max_mailboxes": "最大可能的邮箱数"
     },
     "oauth2": {
         "access_denied": "请作为邮箱所有者登录以使用 OAuth2 授权",
@@ -962,19 +904,7 @@
     },
     "queue": {
         "queue_manager": "队列管理器",
-        "delete": "全部删除",
-        "show_message": "",
-        "unban": "",
-        "unhold_mail": "",
-        "unhold_mail_legend": "",
-        "flush": "",
-        "info": "",
-        "legend": "",
-        "ays": "",
-        "deliver_mail": "",
-        "deliver_mail_legend": "",
-        "hold_mail": "",
-        "hold_mail_legend": ""
+        "delete": "全部删除"
     },
     "ratelimit": {
         "disabled": "禁用",
@@ -1066,14 +996,7 @@
         "verified_fido2_login": "FIDO2 登录验证成功",
         "verified_totp_login": "TOTP 登录验证成功",
         "verified_webauthn_login": "WebAuthn 登录验证成功",
-        "verified_yotp_login": "Yubico OTP 登录验证成功",
-        "cors_headers_edited": "",
-        "domain_footer_modified": "",
-        "f2b_banlist_refreshed": "",
-        "ip_check_opt_in_modified": "",
-        "template_added": "",
-        "template_modified": "",
-        "template_removed": ""
+        "verified_yotp_login": "Yubico OTP 登录验证成功"
     },
     "tfa": {
         "api_register": "%s 使用了 Yubico Cloud API，请<a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">在此</a>为你的密钥获取 API 密钥",
@@ -1100,8 +1023,7 @@
         "webauthn": "WebAuthn 认证",
         "waiting_usb_auth": "<i>等待 USB 设备中...</i><br><br>现在请触碰你的 WebAuthn USB 设备上的按钮。",
         "waiting_usb_register": "<i>等待 USB 设备中...</i><br><br>请在上方输入你的密码并请触碰你的 WebAuthn USB 设备上的按钮以确认注册该 WebAuthn 设备。",
-        "yubi_otp": "Yubico OTP 认证",
-        "authenticators": ""
+        "yubi_otp": "Yubico OTP 认证"
     },
     "user": {
         "action": "操作",
@@ -1262,10 +1184,7 @@
         "weeks": "周",
         "with_app_password": "包含应用密码",
         "year": "年",
-        "years": "年",
-        "pushover_sound": "",
-        "attribute": "",
-        "value": ""
+        "years": "年"
     },
     "warning": {
         "cannot_delete_self": "不能删除已登录的用户",
@@ -1292,18 +1211,6 @@
             "last": "最后一页",
             "previous": "上一页",
             "next": "下一页"
-        },
-        "decimal": "",
-        "infoPostFix": "",
-        "infoFiltered": "",
-        "thousands": "",
-        "lengthMenu": "",
-        "loadingRecords": "",
-        "zeroRecords": "",
-        "aria": {
-            "sortAscending": "",
-            "sortDescending": ""
-        },
-        "emptyTable": ""
+        }
     }
 }
diff --git a/data/web/lang/lang.zh-tw.json b/data/web/lang/lang.zh-tw.json
index ea5129418..c3c2cf714 100644
--- a/data/web/lang/lang.zh-tw.json
+++ b/data/web/lang/lang.zh-tw.json
@@ -480,9 +480,7 @@
         "extended_sender_acl_denied": "缺少設定外部寄件者地址的 ACL",
         "template_exists": "模板 %s 已存在",
         "template_id_invalid": "範本 ID %s 無效",
-        "template_name_invalid": "模板名稱無效",
-        "img_dimensions_exceeded": "",
-        "img_size_exceeded": ""
+        "template_name_invalid": "模板名稱無效"
     },
     "debug": {
         "chart_this_server": "圖表 (此伺服器)",
@@ -522,8 +520,7 @@
         "update_available": "有可用更新",
         "no_update_available": "系統已經是最新版本",
         "update_failed": "無法檢查更新",
-        "wip": "工作正在進行中",
-        "timezone": ""
+        "wip": "工作正在進行中"
     },
     "diagnostics": {
         "cname_from_a": "由 A/AAAA 紀錄獲取。只要紀錄指向正確的資源，此功能就會持續運作。",
@@ -653,19 +650,7 @@
         "validate_save": "驗證並儲存",
         "domain_footer_info": "網域範圍的頁尾將會新增至與該網域內的位址關聯的所有外發電子郵件。 <br> 以下變數可用於頁尾：",
         "custom_attributes": "自訂屬性",
-        "pushover_sound": "聲音",
-        "domain_footer_skip_replies": "",
-        "domain_footer": "",
-        "domain_footer_html": "",
-        "domain_footer_info_vars": {
-            "auth_user": "",
-            "from_user": "",
-            "from_name": "",
-            "from_addr": "",
-            "from_domain": "",
-            "custom": ""
-        },
-        "domain_footer_plain": ""
+        "pushover_sound": "聲音"
     },
     "fido2": {
         "confirm": "確認",
@@ -1084,8 +1069,7 @@
         "webauthn": "WebAuthn 認證",
         "waiting_usb_auth": "<i>等待 USB 裝置...</i><br><br>請觸碰 USB 裝置上的按鈕。",
         "waiting_usb_register": "<i>等待 USB 裝置...</i><br><br>請輸入密碼並觸碰 USB 裝置上的按鈕來確認註冊。",
-        "yubi_otp": "Yubico OTP 認證",
-        "authenticators": ""
+        "yubi_otp": "Yubico OTP 認證"
     },
     "user": {
         "action": "操作",
@@ -1287,8 +1271,7 @@
         "collapse_all": "全部折疊",
         "emptyTable": "表中沒有可用數據",
         "thousands": ",",
-        "decimal": ".",
-        "infoPostFix": ""
+        "decimal": "."
     },
     "queue": {
         "deliver_mail_legend": "嘗試重新投遞選定的郵件。",

From 8e2d3a6db539019be4f1cbd19d504dc96a4670f9 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Mon, 1 Jul 2024 00:16:55 +0000
Subject: [PATCH 236/755] update postscreen_access.cidr

---
 data/conf/postfix/postscreen_access.cidr | 17 +++++------------
 1 file changed, 5 insertions(+), 12 deletions(-)

diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr
index d8c9c893b..e24e0fa76 100644
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@@ -1,6 +1,6 @@
-# Whitelist generated by Postwhite v3.4 on Sat Jun  1 00:15:02 UTC 2024
+# Whitelist generated by Postwhite v3.4 on Mon Jul  1 00:16:55 UTC 2024
 # https://github.com/stevejenkins/postwhite/
-# 2000 total rules
+# 1993 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
 2a01:111:f403:8000::/50	permit
@@ -23,11 +23,7 @@
 8.40.222.0/23	permit
 10.162.0.0/16	permit
 12.130.86.238	permit
-13.70.32.43	permit
 13.72.50.45	permit
-13.74.143.28	permit
-13.78.233.182	permit
-13.92.31.129	permit
 13.110.208.0/21	permit
 13.110.209.0/24	permit
 13.110.216.0/22	permit
@@ -110,6 +106,7 @@
 35.176.132.251	permit
 35.190.247.0/24	permit
 35.191.0.0/16	permit
+35.205.92.9	permit
 35.242.169.159	permit
 37.218.248.47	permit
 37.218.249.47	permit
@@ -185,8 +182,6 @@
 50.18.126.162	permit
 50.31.32.0/19	permit
 50.56.130.220/30	permit
-51.137.58.21	permit
-51.140.75.55	permit
 52.1.14.157	permit
 52.5.230.59	permit
 52.27.5.72	permit
@@ -216,7 +211,6 @@
 52.100.0.0/14	permit
 52.103.0.0/17	permit
 52.119.213.144/28	permit
-52.165.175.144	permit
 52.185.106.240/28	permit
 52.200.59.0/24	permit
 52.205.61.79	permit
@@ -1142,7 +1136,6 @@
 104.47.108.0/23	permit
 104.130.96.0/28	permit
 104.130.122.0/23	permit
-104.214.25.77	permit
 106.10.144.64/27	permit
 106.10.144.100/31	permit
 106.10.144.103	permit
@@ -1373,6 +1366,7 @@
 136.147.176.0/20	permit
 136.147.176.0/24	permit
 136.147.182.0/24	permit
+136.147.224.0/20	permit
 136.179.50.206	permit
 138.91.172.26	permit
 139.60.152.0/22	permit
@@ -1435,7 +1429,6 @@
 157.55.61.0/24	permit
 157.55.157.128/25	permit
 157.55.225.0/25	permit
-157.55.254.216	permit
 157.56.24.0/25	permit
 157.56.120.128/26	permit
 157.56.232.0/21	permit
@@ -1753,6 +1746,7 @@
 205.251.233.36	permit
 206.25.247.143	permit
 206.25.247.155	permit
+206.55.144.0/20	permit
 206.165.246.80/29	permit
 206.191.224.0/19	permit
 206.246.157.1	permit
@@ -1770,7 +1764,6 @@
 207.46.132.128/27	permit
 207.46.198.0/25	permit
 207.46.200.0/27	permit
-207.46.225.107	permit
 207.58.147.64/28	permit
 207.67.38.0/24	permit
 207.67.98.192/27	permit

From ffeeb179e1894bf83513fe9630f47f27bec69ef7 Mon Sep 17 00:00:00 2001
From: Daniel Muehlbachler-Pietrzykowski <daniel@muehlbachler.io>
Date: Wed, 3 Jul 2024 10:53:37 +0200
Subject: [PATCH 237/755] restore: remove tty requirement from restore process
 to allow for automated restores

---
 helper-scripts/backup_and_restore.sh | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/helper-scripts/backup_and_restore.sh b/helper-scripts/backup_and_restore.sh
index 03390927b..2977eab20 100755
--- a/helper-scripts/backup_and_restore.sh
+++ b/helper-scripts/backup_and_restore.sh
@@ -199,7 +199,7 @@ function restore() {
     case "$1" in
     vmail)
       docker stop $(docker ps -qf name=dovecot-mailcow)
-      docker run -it --name mailcow-backup --rm \
+      docker run -i --name mailcow-backup --rm \
         -v ${RESTORE_LOCATION}:/backup:z \
         -v $(docker volume ls -qf name=^${CMPS_PRJ}_vmail-vol-1$):/vmail:z \
         ${DEBIAN_DOCKER_IMAGE} /bin/tar --use-compress-program="pigz -d -p ${THREADS}" -Pxvf /backup/backup_vmail.tar.gz
@@ -218,7 +218,7 @@ function restore() {
       ;;
     redis)
       docker stop $(docker ps -qf name=redis-mailcow)
-      docker run -it --name mailcow-backup --rm \
+      docker run -i --name mailcow-backup --rm \
         -v ${RESTORE_LOCATION}:/backup:z \
         -v $(docker volume ls -qf name=^${CMPS_PRJ}_redis-vol-1$):/redis:z \
         ${DEBIAN_DOCKER_IMAGE} /bin/tar --use-compress-program="pigz -d -p ${THREADS}" -Pxvf /backup/backup_redis.tar.gz
@@ -226,7 +226,7 @@ function restore() {
       ;;
     crypt)
       docker stop $(docker ps -qf name=dovecot-mailcow)
-      docker run -it --name mailcow-backup --rm \
+      docker run -i --name mailcow-backup --rm \
         -v ${RESTORE_LOCATION}:/backup:z \
         -v $(docker volume ls -qf name=^${CMPS_PRJ}_crypt-vol-1$):/crypt:z \
         ${DEBIAN_DOCKER_IMAGE} /bin/tar --use-compress-program="pigz -d -p ${THREADS}" -Pxvf /backup/backup_crypt.tar.gz
@@ -239,7 +239,7 @@ function restore() {
         echo -e "Continuing anyhow. If rspamd is crashing opon boot try remove the rspamd volume with docker volume rm ${CMPS_PRJ}_rspamd-vol-1 after you've stopped the stack.\e[0m"
         sleep 2
         docker stop $(docker ps -qf name=rspamd-mailcow)
-        docker run -it --name mailcow-backup --rm \
+        docker run -i --name mailcow-backup --rm \
           -v ${RESTORE_LOCATION}:/backup:z \
           -v $(docker volume ls -qf name=^${CMPS_PRJ}_rspamd-vol-1$):/rspamd:z \
           ${DEBIAN_DOCKER_IMAGE} /bin/tar --use-compress-program="pigz -d -p ${THREADS}" -Pxvf /backup/backup_rspamd.tar.gz
@@ -250,7 +250,7 @@ function restore() {
         echo -e "Skipping rspamd due to compatibility issues!\e[0m"
       else
         docker stop $(docker ps -qf name=rspamd-mailcow)
-        docker run -it --name mailcow-backup --rm \
+        docker run -i --name mailcow-backup --rm \
           -v ${RESTORE_LOCATION}:/backup:z \
           -v $(docker volume ls -qf name=^${CMPS_PRJ}_rspamd-vol-1$):/rspamd:z \
           ${DEBIAN_DOCKER_IMAGE} /bin/tar --use-compress-program="pigz -d -p ${THREADS}" -Pxvf /backup/backup_rspamd.tar.gz
@@ -259,7 +259,7 @@ function restore() {
       ;;
     postfix)
       docker stop $(docker ps -qf name=postfix-mailcow)
-      docker run -it --name mailcow-backup --rm \
+      docker run -i --name mailcow-backup --rm \
         -v ${RESTORE_LOCATION}:/backup:z \
         -v $(docker volume ls -qf name=^${CMPS_PRJ}_postfix-vol-1$):/postfix:z \
         ${DEBIAN_DOCKER_IMAGE} /bin/tar --use-compress-program="pigz -d -p ${THREADS}" -Pxvf /backup/backup_postfix.tar.gz
@@ -295,7 +295,7 @@ function restore() {
           ${SQLIMAGE} /bin/bash -c "shopt -s dotglob ; /bin/rm -rf /var/lib/mysql/* ; rsync -avh --usermap=root:mysql --groupmap=root:mysql /backup/ /var/lib/mysql/"
         elif [[ -f "${RESTORE_LOCATION}/backup_mysql.gz" ]]; then
         docker run \
-          -it --name mailcow-backup --rm \
+          -i --name mailcow-backup --rm \
           -v $(docker volume ls -qf name=^${CMPS_PRJ}_mysql-vol-1$):/var/lib/mysql/:z \
           --entrypoint= \
           -u mysql \

From f33d82ffc11ed3438609d4e7a6baa78cb3305bc3 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 3 Jul 2024 15:50:17 +0200
Subject: [PATCH 238/755] [Web] use correct user to fetch TFA authenticators

---
 data/web/inc/functions.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 8e0ac580b..b81bf34ff 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1560,7 +1560,7 @@ function unset_tfa_key($_data) {
 }
 function get_tfa($username = null, $id = null) {
   global $pdo;
-  if (isset($_SESSION['mailcow_cc_username'])) {
+  if (empty($username) && isset($_SESSION['mailcow_cc_username'])) {
     $username = $_SESSION['mailcow_cc_username'];
   }
   elseif (empty($username)) {

From 384e5a2e6462fa1a519f7b216821ddf7f1c8e1fe Mon Sep 17 00:00:00 2001
From: Julian Raufelder <Julian@Raufelder.com>
Date: Tue, 9 Jul 2024 19:52:15 +0200
Subject: [PATCH 239/755] Don't expose SMTP/IMAP if announced "not provided"
 via SRV

Fixes #5944
---
 data/web/autoconfig.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/data/web/autoconfig.php b/data/web/autoconfig.php
index 95952df0d..750463419 100644
--- a/data/web/autoconfig.php
+++ b/data/web/autoconfig.php
@@ -39,6 +39,9 @@ header('Content-Type: application/xml');
          <username>%EMAILADDRESS%</username>
          <authentication>password-cleartext</authentication>
       </incomingServer>
+<?php
+$records = dns_get_record('_imap._tcp.' . $domain, DNS_SRV); // check if IMAP is announced as "not provided" via SRV record
+if (count($records) == 0 || $records[0]['target'] != '') { ?>
       <incomingServer type="imap">
          <hostname><?=$autodiscover_config['imap']['server']; ?></hostname>
          <port><?=$autodiscover_config['imap']['tlsport']; ?></port>
@@ -46,6 +49,7 @@ header('Content-Type: application/xml');
          <username>%EMAILADDRESS%</username>
          <authentication>password-cleartext</authentication>
       </incomingServer>
+<?php } ?>
 
 <?php
 $records = dns_get_record('_pop3s._tcp.' . $domain, DNS_SRV); // check if POP3 is announced as "not provided" via SRV record
@@ -77,6 +81,9 @@ if (count($records) == 0 || $records[0]['target'] != '') { ?>
          <username>%EMAILADDRESS%</username>
          <authentication>password-cleartext</authentication>
       </outgoingServer>
+<?php
+$records = dns_get_record('_smtp._tcp.' . $domain, DNS_SRV); // check if SMTP is announced as "not provided" via SRV record
+if (count($records) == 0 || $records[0]['target'] != '') { ?>
       <outgoingServer type="smtp">
          <hostname><?=$autodiscover_config['smtp']['server']; ?></hostname>
          <port><?=$autodiscover_config['smtp']['tlsport']; ?></port>
@@ -84,6 +91,7 @@ if (count($records) == 0 || $records[0]['target'] != '') { ?>
          <username>%EMAILADDRESS%</username>
          <authentication>password-cleartext</authentication>
       </outgoingServer>
+<?php } ?>
 
       <enable visiturl="https://<?=$mailcow_hostname; ?><?php if ($port != 443) echo ':'.$port; ?>/admin.php">
          <instruction>If you didn't change the password given to you by the administrator or if you didn't change it in a long time, please consider doing that now.</instruction>

From 9b478b3859f0261f69110b06822acc23055d5362 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Fri, 12 Jul 2024 09:40:10 +0200
Subject: [PATCH 240/755] php: Rebase on Debian 12 (#5951)

* php: rebuild on debian 12

* Restored one build dockerfile

* cleanup Dockerfile
---
 data/Dockerfiles/phpfpm/Dockerfile           | 106 +++++++++----------
 data/Dockerfiles/phpfpm/docker-entrypoint.sh |   5 +-
 docker-compose.yml                           |   2 +-
 3 files changed, 54 insertions(+), 59 deletions(-)

diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index ef600fef6..5d9817fbd 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:8.2-fpm-alpine3.20
+FROM php:8.2-fpm-bookworm
 LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 # renovate: datasource=github-tags depName=krakjoe/apcu versioning=semver-coerced extractVersion=^v(?<version>.*)$
@@ -14,54 +14,51 @@ ARG REDIS_PECL_VERSION=6.0.2
 # renovate: datasource=github-tags depName=composer/composer versioning=semver-coerced extractVersion=(?<version>.*)$
 ARG COMPOSER_VERSION=2.6.6
 
-RUN apk add -U --no-cache autoconf \
-  aspell-dev \
-  aspell-libs \
+RUN apt-get update && apt-get install --no-install-recommends -y \
+  aspell \
+  aspell-en \
+  autoconf \
   bash \
-  c-client \
-  cyrus-sasl-dev \
-  freetype \
-  freetype-dev \
+  default-mysql-client \
+  dnsutils \
   g++ \
-  git \
   gettext \
-  gettext-dev \
-  gmp-dev \
+  git \
   gnupg \
-  icu-dev \
-  icu-libs \
   imagemagick \
-  imagemagick-dev \
-  imap-dev \
   jq \
-  libavif \
-  libavif-dev \
-  libjpeg-turbo \
-  libjpeg-turbo-dev \
-  libmemcached \
+  libc-client-dev \
+  libc-client2007e \
+  libfreetype6-dev \
+  libgettextpo-dev \
+  libgmp-dev \
+  libicu-dev \
+  libjpeg62-turbo-dev \
+  libkrb5-3 \
+  libkrb5-dev \
+  libldap2-dev \
+  libmagickcore-dev \
+  libmagickwand-dev \
   libmemcached-dev \
-  libpng \
+  libmemcached11 \
+  libpcre3-dev \
   libpng-dev \
-  libressl \
-  libressl-dev \
-  librsvg \
-  libtool \
+  libpspell-dev \
+  librsvg2-dev \
+  libsasl2-dev \
+  libssl-dev \
   libwebp-dev \
   libxml2-dev \
-  libxpm \
   libxpm-dev \
-  libzip \
+  libxpm4 \
   libzip-dev \
-  linux-headers \
+  libzip4 \
   make \
-  mysql-client \
-  openldap-dev \
-  pcre-dev \
   re2c \
-  redis \
-  samba-client \
-  zlib-dev \
+  redis-tools \
+  smbclient \
   tzdata \
+  zlib1g-dev \
   && pecl install APCu-${APCU_PECL_VERSION} \
   && pecl install imagick-${IMAGICK_PECL_VERSION} \
   && pecl install mailparse-${MAILPARSE_PECL_VERSION} \
@@ -71,40 +68,37 @@ RUN apk add -U --no-cache autoconf \
   && pecl clear-cache \
   && docker-php-ext-configure intl \
   && docker-php-ext-configure exif \
-  && docker-php-ext-configure gd --with-freetype=/usr/include/ \  
-    --with-jpeg=/usr/include/ \
-    --with-webp \
-    --with-xpm \
-    --with-avif \
+  && docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp --with-xpm \
   && docker-php-ext-install -j 4 exif gd gettext intl ldap opcache pcntl pdo pdo_mysql pspell soap sockets sysvsem zip bcmath gmp \
-  && docker-php-ext-configure imap --with-imap --with-imap-ssl \
-  && docker-php-ext-install -j 4 imap \
+  && docker-php-ext-configure imap --with-imap --with-imap-ssl --with-kerberos \
+  && docker-php-ext-install -j 4 imap  \
   && curl --silent --show-error https://getcomposer.org/installer | php -- --version=${COMPOSER_VERSION} \
   && mv composer.phar /usr/local/bin/composer \
   && chmod +x /usr/local/bin/composer \
-  && apk del --purge autoconf \
-    aspell-dev \
-    cyrus-sasl-dev \
-    freetype-dev \
+  && apt-get purge -y --auto-remove \
+    autoconf \
     g++ \
-    gettext-dev \
-    icu-dev \
-    imagemagick-dev \
-    imap-dev \
-    libavif-dev \
-    libjpeg-turbo-dev \
+    libc-client-dev \
+    libfreetype6-dev \
+    libgettextpo-dev \
+    libicu-dev \
+    libjpeg62-turbo-dev \
+    libkrb5-dev \
+    libldap2-dev \
+    libmagickcore-dev \
+    libmagickwand-dev \
     libmemcached-dev \
+    libpcre3-dev \
     libpng-dev \
-    libressl-dev \
+    libpspell-dev \
+    libsasl2-dev \
+    libssl-dev \
     libwebp-dev \
     libxml2-dev \
     libxpm-dev \
     libzip-dev \
-    linux-headers \
     make \
-    openldap-dev \
-    pcre-dev \
-    zlib-dev
+    zlib1g-dev
 
 COPY ./docker-entrypoint.sh /
 
diff --git a/data/Dockerfiles/phpfpm/docker-entrypoint.sh b/data/Dockerfiles/phpfpm/docker-entrypoint.sh
index 37370113d..8f0f9984b 100755
--- a/data/Dockerfiles/phpfpm/docker-entrypoint.sh
+++ b/data/Dockerfiles/phpfpm/docker-entrypoint.sh
@@ -24,6 +24,7 @@ done
 CONTAINER_ID=
 until [[ ! -z "${CONTAINER_ID}" ]] && [[ "${CONTAINER_ID}" =~ ^[[:alnum:]]*$ ]]; do
   CONTAINER_ID=$(curl --silent --insecure https://dockerapi/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], project: .Config.Labels[\"com.docker.compose.project\"], id: .Id}" 2> /dev/null | jq -rc "select( .name | tostring | contains(\"mysql-mailcow\")) | select( .project | tostring | contains(\"${COMPOSE_PROJECT_NAME,,}\")) | .id" 2> /dev/null)
+  echo "Could not get mysql-mailcow container id... trying again"
   sleep 2
 done
 echo "MySQL @ ${CONTAINER_ID}"
@@ -197,10 +198,10 @@ fi
 [[ ! -f /web/css/build/0081-custom-mailcow.css ]] && echo '/* Autogenerated by mailcow */' > /web/css/build/0081-custom-mailcow.css
 
 # Fix permissions for global filters
-chown -R 82:82 /global_sieve/*
+chown -R 33:33 /global_sieve/*
 
 # Fix permissions on twig cache folder
-chown -R 82:82 /web/templates/cache
+chown -R 33:33 /web/templates/cache
 # Clear cache
 find /web/templates/cache/* -not -name '.gitkeep' -delete
 
diff --git a/docker-compose.yml b/docker-compose.yml
index b0f50dd6d..72f4cf5a2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -110,7 +110,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.88
+      image: mailcow/phpfpm:1.89
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow

From fc7ea7a24722fb38700f19331b23c51be0cfbf5a Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Fri, 12 Jul 2024 10:15:06 +0200
Subject: [PATCH 241/755] web: remove WIP notice for ARM64 from ui

---
 data/web/js/site/debug.js | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/data/web/js/site/debug.js b/data/web/js/site/debug.js
index 512d9551e..4f3f4aaf4 100644
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@@ -1294,13 +1294,7 @@ function update_stats(timeout=5){
       $("#host_cpu_usage").text(parseInt(data.cpu.usage).toString() + "%");
       $("#host_memory_total").text((data.memory.total / (1024 ** 3)).toFixed(2).toString() + "GB");
       $("#host_memory_usage").text(parseInt(data.memory.usage).toString() + "%");
-      if (data.architecture == "aarch64"){
-        $("#host_architecture").html('<span data-bs-toggle="tooltip" data-bs-placement="top" title="' + lang_debug.wip +'">' + data.architecture + ' ⚠️</span>');
-      }
-      else {
-        $("#host_architecture").html(data.architecture);
-      }
-
+      $("#host_architecture").html(data.architecture);
       // update cpu and mem chart
       var cpu_chart = Chart.getChart("host_cpu_chart");
       var mem_chart = Chart.getChart("host_mem_chart");

From 58c0a46459661570ead125a5b9c5865d25ad40c2 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Fri, 12 Jul 2024 16:04:19 +0200
Subject: [PATCH 242/755] Revert "Update debug.twig to include a link to the
 git project URL for the mailcow version tag"

---
 data/web/templates/debug.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/templates/debug.twig b/data/web/templates/debug.twig
index f63ef1f1f..867371177 100644
--- a/data/web/templates/debug.twig
+++ b/data/web/templates/debug.twig
@@ -77,7 +77,7 @@
                         <td>Version</td>
                         <td class="text-break">
                           <div class="fw-bolder">
-                            <p><a href="{{ mailcow_info.git_project_url }}/releases/tag/{{ mailcow_info.version_tag }}" id="mailcow_version" target="_blank">{{ mailcow_info.version_tag }}</a></p>
+                            <p ><a href="#" id="mailcow_version">{{ mailcow_info.version_tag }}</a></p>
                             <p id="mailcow_update"></p>
                           </div>
                         </td>

From eea81e21f653730640a87ef265b557a9ee7cddc8 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Fri, 12 Jul 2024 16:21:53 +0200
Subject: [PATCH 243/755] Revert "php: Rebase on Debian 12" (#5956)

* Revert "php: Rebase on Debian 12 (#5951)"

This reverts commit 9b478b3859f0261f69110b06822acc23055d5362.

* Revert all before "the storm" in php world
---
 data/Dockerfiles/phpfpm/Dockerfile           | 106 ++++++++++---------
 data/Dockerfiles/phpfpm/docker-entrypoint.sh |   4 +-
 docker-compose.yml                           |   2 +-
 3 files changed, 59 insertions(+), 53 deletions(-)

diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index 5d9817fbd..22036b9b3 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:8.2-fpm-bookworm
+FROM php:8.2-fpm-alpine3.18
 LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 # renovate: datasource=github-tags depName=krakjoe/apcu versioning=semver-coerced extractVersion=^v(?<version>.*)$
@@ -14,51 +14,54 @@ ARG REDIS_PECL_VERSION=6.0.2
 # renovate: datasource=github-tags depName=composer/composer versioning=semver-coerced extractVersion=(?<version>.*)$
 ARG COMPOSER_VERSION=2.6.6
 
-RUN apt-get update && apt-get install --no-install-recommends -y \
-  aspell \
-  aspell-en \
-  autoconf \
+RUN apk add -U --no-cache autoconf \
+  aspell-dev \
+  aspell-libs \
   bash \
-  default-mysql-client \
-  dnsutils \
+  c-client \
+  cyrus-sasl-dev \
+  freetype \
+  freetype-dev \
   g++ \
-  gettext \
   git \
+  gettext \
+  gettext-dev \
+  gmp-dev \
   gnupg \
+  icu-dev \
+  icu-libs \
   imagemagick \
+  imagemagick-dev \
+  imap-dev \
   jq \
-  libc-client-dev \
-  libc-client2007e \
-  libfreetype6-dev \
-  libgettextpo-dev \
-  libgmp-dev \
-  libicu-dev \
-  libjpeg62-turbo-dev \
-  libkrb5-3 \
-  libkrb5-dev \
-  libldap2-dev \
-  libmagickcore-dev \
-  libmagickwand-dev \
+  libavif \
+  libavif-dev \
+  libjpeg-turbo \
+  libjpeg-turbo-dev \
+  libmemcached \
   libmemcached-dev \
-  libmemcached11 \
-  libpcre3-dev \
+  libpng \
   libpng-dev \
-  libpspell-dev \
-  librsvg2-dev \
-  libsasl2-dev \
-  libssl-dev \
+  libressl \
+  libressl-dev \
+  librsvg \
+  libtool \
   libwebp-dev \
   libxml2-dev \
+  libxpm \
   libxpm-dev \
-  libxpm4 \
+  libzip \
   libzip-dev \
-  libzip4 \
+  linux-headers \
   make \
+  mysql-client \
+  openldap-dev \
+  pcre-dev \
   re2c \
-  redis-tools \
-  smbclient \
+  redis \
+  samba-client \
+  zlib-dev \
   tzdata \
-  zlib1g-dev \
   && pecl install APCu-${APCU_PECL_VERSION} \
   && pecl install imagick-${IMAGICK_PECL_VERSION} \
   && pecl install mailparse-${MAILPARSE_PECL_VERSION} \
@@ -68,37 +71,40 @@ RUN apt-get update && apt-get install --no-install-recommends -y \
   && pecl clear-cache \
   && docker-php-ext-configure intl \
   && docker-php-ext-configure exif \
-  && docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp --with-xpm \
+  && docker-php-ext-configure gd --with-freetype=/usr/include/ \  
+    --with-jpeg=/usr/include/ \
+    --with-webp \
+    --with-xpm \
+    --with-avif \
   && docker-php-ext-install -j 4 exif gd gettext intl ldap opcache pcntl pdo pdo_mysql pspell soap sockets sysvsem zip bcmath gmp \
-  && docker-php-ext-configure imap --with-imap --with-imap-ssl --with-kerberos \
-  && docker-php-ext-install -j 4 imap  \
+  && docker-php-ext-configure imap --with-imap --with-imap-ssl \
+  && docker-php-ext-install -j 4 imap \
   && curl --silent --show-error https://getcomposer.org/installer | php -- --version=${COMPOSER_VERSION} \
   && mv composer.phar /usr/local/bin/composer \
   && chmod +x /usr/local/bin/composer \
-  && apt-get purge -y --auto-remove \
-    autoconf \
+  && apk del --purge autoconf \
+    aspell-dev \
+    cyrus-sasl-dev \
+    freetype-dev \
     g++ \
-    libc-client-dev \
-    libfreetype6-dev \
-    libgettextpo-dev \
-    libicu-dev \
-    libjpeg62-turbo-dev \
-    libkrb5-dev \
-    libldap2-dev \
-    libmagickcore-dev \
-    libmagickwand-dev \
+    gettext-dev \
+    icu-dev \
+    imagemagick-dev \
+    imap-dev \
+    libavif-dev \
+    libjpeg-turbo-dev \
     libmemcached-dev \
-    libpcre3-dev \
     libpng-dev \
-    libpspell-dev \
-    libsasl2-dev \
-    libssl-dev \
+    libressl-dev \
     libwebp-dev \
     libxml2-dev \
     libxpm-dev \
     libzip-dev \
+    linux-headers \
     make \
-    zlib1g-dev
+    openldap-dev \
+    pcre-dev \
+    zlib-dev
 
 COPY ./docker-entrypoint.sh /
 
diff --git a/data/Dockerfiles/phpfpm/docker-entrypoint.sh b/data/Dockerfiles/phpfpm/docker-entrypoint.sh
index 8f0f9984b..e6c26fd19 100755
--- a/data/Dockerfiles/phpfpm/docker-entrypoint.sh
+++ b/data/Dockerfiles/phpfpm/docker-entrypoint.sh
@@ -198,10 +198,10 @@ fi
 [[ ! -f /web/css/build/0081-custom-mailcow.css ]] && echo '/* Autogenerated by mailcow */' > /web/css/build/0081-custom-mailcow.css
 
 # Fix permissions for global filters
-chown -R 33:33 /global_sieve/*
+chown -R 82:82 /global_sieve/*
 
 # Fix permissions on twig cache folder
-chown -R 33:33 /web/templates/cache
+chown -R 82:82 /web/templates/cache
 # Clear cache
 find /web/templates/cache/* -not -name '.gitkeep' -delete
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 72f4cf5a2..ece85026e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -110,7 +110,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.89
+      image: mailcow/phpfpm:1.87
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow

From 66aa28b5de282fc037e0d2f02fbdc84539b614a1 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 22 Jul 2024 15:04:29 +0200
Subject: [PATCH 244/755] [Web] escapeHtml in api_log table

---
 data/web/js/site/debug.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/data/web/js/site/debug.js b/data/web/js/site/debug.js
index 512d9551e..8229e9f66 100644
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@@ -325,7 +325,10 @@ jQuery(function($){
           title: 'URI',
           data: 'uri',
           defaultContent: '',
-          className: 'dtr-col-md dtr-break-all'
+          className: 'dtr-col-md dtr-break-all',
+          render: function (data, type) {
+            return escapeHtml(data);
+          }
         },
         {
           title: 'Method',

From efb2572f0fa57628ad98a76a4ae884a10cac0a1a Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 22 Jul 2024 15:05:43 +0200
Subject: [PATCH 245/755] [Web] escapeHtml in relayhosts table

---
 data/web/js/site/admin.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index 80da64167..a2c7954dc 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -397,7 +397,10 @@ jQuery(function($){
         {
           title: lang.host,
           data: 'hostname',
-          defaultContent: ''
+          defaultContent: '',
+          render: function (data, type) {
+            return escapeHtml(data);
+          }
         },
         {
           title: lang.username,

From 73257151c41252f08d1e6e6eb67b0846960416a5 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 24 Jul 2024 15:29:28 +0200
Subject: [PATCH 246/755] postfix: remove forced helo restrictions from
 master.cf

---
 data/conf/postfix/master.cf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/data/conf/postfix/master.cf b/data/conf/postfix/master.cf
index 63ce875da..df91a3900 100644
--- a/data/conf/postfix/master.cf
+++ b/data/conf/postfix/master.cf
@@ -4,7 +4,6 @@ smtp       inet  n       -       n       -       1       postscreen
   -o postscreen_upstream_proxy_protocol=haproxy
   -o syslog_name=haproxy
 smtpd      pass  -       -       n       -       -       smtpd
-  -o smtpd_helo_restrictions=permit_mynetworks,reject_non_fqdn_helo_hostname
   -o smtpd_sasl_auth_enable=no
   -o smtpd_sender_restrictions=permit_mynetworks,reject_unlisted_sender,reject_unknown_sender_domain
 

From 7f7a869678293a4577eb34fa5f0de9ff72c62fc3 Mon Sep 17 00:00:00 2001
From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com>
Date: Sun, 28 Jul 2024 13:19:03 +0200
Subject: [PATCH 247/755] Do not add MAILCOW_WHITE on failed DMARC

---
 data/conf/rspamd/local.d/composites.conf | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/data/conf/rspamd/local.d/composites.conf b/data/conf/rspamd/local.d/composites.conf
index cde34b574..9bb84424a 100644
--- a/data/conf/rspamd/local.d/composites.conf
+++ b/data/conf/rspamd/local.d/composites.conf
@@ -21,6 +21,10 @@ FREEMAIL_TO_UNDISC_RCPT {
 SOGO_CONTACT_EXCLUDE {
   expression = "(-WHITELISTED_FWD_HOST | -g+:policies) & ^SOGO_CONTACT & !DMARC_POLICY_ALLOW";
 }
+# Remove MAILCOW_WHITE symbol for senders with broken policy recieved not from fwd hosts
+MAILCOW_WHITE_EXCLUDE {
+  expression = "^MAILCOW_WHITE & (-DMARC_POLICY_REJECT | -DMARC_POLICY_QUARANTINE | -R_SPF_PERMFAIL) & !WHITELISTED_FWD_HOST";
+}
 # Spoofed header from and broken policy (excluding sieve host, rspamd host, whitelisted senders, authenticated senders and forward hosts)
 SPOOFED_UNAUTH {
   expression = "!MAILCOW_AUTH & !MAILCOW_WHITE & !RSPAMD_HOST & !SIEVE_HOST & MAILCOW_DOMAIN_HEADER_FROM & !WHITELISTED_FWD_HOST & -g+:policies";
@@ -103,4 +107,4 @@ CLAMD_JS_MALWARE {
   expression = "CLAM_SECI_JS & !MAILCOW_WHITE";
   description = "JS malware found, Securite JS malware Flag set through ClamAV";
   score = 8;
-}
\ No newline at end of file
+}

From 8fbfd99dd6f74e20e65f9f71a1e185ab3dce27be Mon Sep 17 00:00:00 2001
From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com>
Date: Sun, 28 Jul 2024 13:20:24 +0200
Subject: [PATCH 248/755] Update composites.conf


From e426c3a7e7fbf80e989329853cd039a6dd482489 Mon Sep 17 00:00:00 2001
From: John Rallis <rallisf1@yahoo.gr>
Date: Mon, 29 Jul 2024 16:46:03 +0300
Subject: [PATCH 249/755] Greek names of dovecot folders

Names taken from MSO 2016
---
 data/conf/dovecot/dovecot.folders.conf | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/data/conf/dovecot/dovecot.folders.conf b/data/conf/dovecot/dovecot.folders.conf
index 99c9670fa..fa6872679 100644
--- a/data/conf/dovecot/dovecot.folders.conf
+++ b/data/conf/dovecot/dovecot.folders.conf
@@ -289,5 +289,20 @@ namespace inbox {
   mailbox "Kladde" {
     special_use = \Drafts
   }
+  mailbox "Πρόχειρα" {
+    special_use = \Drafts
+  }
+  mailbox "Απεσταλμένα" {
+    special_use = \Sent
+  }
+  mailbox "Κάδος απορριμάτων" {
+    special_use = \Trash
+  }
+  mailbox "Ανεπιθύμητα" {
+    special_use = \Junk
+  }
+  mailbox "Αρχειοθετημένα" {
+    special_use = \Archive
+  }
   prefix =
-}
\ No newline at end of file
+}

From 2208d7e6fb2864e2ddc672104b61b2a496fc1e02 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 30 Jul 2024 14:46:08 +0200
Subject: [PATCH 250/755] [Web] add function to reset user passwords

---
 data/assets/templates/pw_reset_html.tpl       |  29 ++
 data/assets/templates/pw_reset_text.tpl       |  11 +
 data/web/admin.php                            |   1 +
 data/web/inc/functions.inc.php                | 451 +++++++++++++++++-
 data/web/inc/functions.mailbox.inc.php        |  91 ++--
 data/web/inc/init_db.inc.php                  |  16 +-
 data/web/inc/triggers.inc.php                 |  60 ++-
 data/web/inc/vars.inc.php                     |   6 +
 data/web/json_api.php                         |   4 +-
 data/web/lang/lang.de-de.json                 |  25 +
 data/web/lang/lang.en-gb.json                 |  25 +
 data/web/reset-password.php                   |  31 ++
 data/web/templates/admin.twig                 |   4 +-
 .../admin/tab-config-password-policy.twig     |  40 --
 .../admin/tab-config-password-settings.twig   | 102 ++++
 data/web/templates/edit/mailbox.twig          |   7 +
 data/web/templates/index.twig                 |   3 +
 data/web/templates/modals/user.twig           |  27 ++
 data/web/templates/reset-password.twig        |  57 +++
 data/web/templates/user/tab-user-auth.twig    |   1 +
 20 files changed, 883 insertions(+), 108 deletions(-)
 create mode 100644 data/assets/templates/pw_reset_html.tpl
 create mode 100644 data/assets/templates/pw_reset_text.tpl
 create mode 100644 data/web/reset-password.php
 delete mode 100644 data/web/templates/admin/tab-config-password-policy.twig
 create mode 100644 data/web/templates/admin/tab-config-password-settings.twig
 create mode 100644 data/web/templates/reset-password.twig

diff --git a/data/assets/templates/pw_reset_html.tpl b/data/assets/templates/pw_reset_html.tpl
new file mode 100644
index 000000000..481f8cbef
--- /dev/null
+++ b/data/assets/templates/pw_reset_html.tpl
@@ -0,0 +1,29 @@
+<html>
+  <head>
+  <meta name="x-apple-disable-message-reformatting" />
+  <style>
+  body {
+    font-family: Helvetica, Arial, Sans-Serif;
+  }
+  /* mobile devices */
+  @media all and (max-width: 480px) {
+    .mob {
+      display: none;
+    }    
+  }
+  </style>
+  </head>
+  <body>
+Hello {{username2}},<br><br>
+
+Somebody requested a new password for the {{hostname}} account associated with {{username}}.<br>
+<small>Date of the password reset request: {{date}}</small><br><br>
+
+You can reset your password by clicking the link below:<br>
+<a href="{{link}}">{{link}}</a><br><br>
+
+The link will be valid for the next {{token_lifetime}} minutes.<br><br>
+
+If you did not request a new password, please ignore this email.<br>
+  </body>
+</html>
diff --git a/data/assets/templates/pw_reset_text.tpl b/data/assets/templates/pw_reset_text.tpl
new file mode 100644
index 000000000..fabe1e71a
--- /dev/null
+++ b/data/assets/templates/pw_reset_text.tpl
@@ -0,0 +1,11 @@
+Hello {{username2}},
+
+Somebody requested a new password for the {{hostname}} account associated with {{username}}.
+Date of the password reset request: {{date}}
+
+You can reset your password by clicking the link below:
+{{link}}
+
+The link will be valid for the next {{token_lifetime}} minutes.
+
+If you did not request a new password, please ignore this email.
diff --git a/data/web/admin.php b/data/web/admin.php
index d0fcbc992..5dd7b3c6b 100644
--- a/data/web/admin.php
+++ b/data/web/admin.php
@@ -107,6 +107,7 @@ $template_data = [
   'f2b_banlist_url' => getBaseUrl() . "/api/v1/get/fail2ban/banlist/" . $f2b_data['banlist_id'],
   'q_data' => quarantine('settings'),
   'qn_data' => quota_notification('get'),
+  'pw_reset_data' => reset_password('get_notification'),
   'rsettings_map' => file_get_contents('http://nginx:8081/settings.php'),
   'rsettings' => $rsettings,
   'rspamd_regex_maps' => $rspamd_regex_maps,
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 8e0ac580b..af74d1407 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1073,13 +1073,17 @@ function update_sogo_static_view($mailbox = null) {
 function edit_user_account($_data) {
   global $lang;
   global $pdo;
+
   $_data_log = $_data;
   !isset($_data_log['user_new_pass']) ?: $_data_log['user_new_pass'] = '*';
   !isset($_data_log['user_new_pass2']) ?: $_data_log['user_new_pass2'] = '*';
   !isset($_data_log['user_old_pass']) ?: $_data_log['user_old_pass'] = '*';
+
   $username = $_SESSION['mailcow_cc_username'];
   $role = $_SESSION['mailcow_cc_role'];
   $password_old = $_data['user_old_pass'];
+  $pw_recovery_email = $_data['pw_recovery_email'];
+
   if (filter_var($username, FILTER_VALIDATE_EMAIL === false) || $role != 'user') {
     $_SESSION['return'][] =  array(
       'type' => 'danger',
@@ -1088,20 +1092,24 @@ function edit_user_account($_data) {
     );
     return false;
   }
-  $stmt = $pdo->prepare("SELECT `password` FROM `mailbox`
-      WHERE `kind` NOT REGEXP 'location|thing|group'
-        AND `username` = :user");
-  $stmt->execute(array(':user' => $username));
-  $row = $stmt->fetch(PDO::FETCH_ASSOC);
-  if (!verify_hash($row['password'], $password_old)) {
-    $_SESSION['return'][] =  array(
-      'type' => 'danger',
-      'log' => array(__FUNCTION__, $_data_log),
-      'msg' => 'access_denied'
-    );
-    return false;
-  }
-  if (!empty($_data['user_new_pass']) && !empty($_data['user_new_pass2'])) {
+
+  // edit password
+  if (!empty($password_old) && !empty($_data['user_new_pass']) && !empty($_data['user_new_pass2'])) {
+    $stmt = $pdo->prepare("SELECT `password` FROM `mailbox`
+        WHERE `kind` NOT REGEXP 'location|thing|group'
+          AND `username` = :user");
+    $stmt->execute(array(':user' => $username));
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);
+  
+    if (!verify_hash($row['password'], $password_old)) {
+      $_SESSION['return'][] =  array(
+        'type' => 'danger',
+        'log' => array(__FUNCTION__, $_data_log),
+        'msg' => 'access_denied'
+      );
+      return false;
+    }
+  
     $password_new = $_data['user_new_pass'];
     $password_new2  = $_data['user_new_pass2'];
     if (password_check($password_new, $password_new2) !== true) {
@@ -1116,8 +1124,29 @@ function edit_user_account($_data) {
       ':password_hashed' => $password_hashed,
       ':username' => $username
     ));
+  
+    update_sogo_static_view();
   }
-  update_sogo_static_view();
+  // edit password recovery email
+  elseif (isset($pw_recovery_email)) {
+    if (!isset($_SESSION['acl']['pw_reset']) || $_SESSION['acl']['pw_reset'] != "1" ) {
+      $_SESSION['return'][] = array(
+        'type' => 'danger',
+        'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+        'msg' => 'access_denied'
+      );
+      return false;
+    }
+    
+    $pw_recovery_email = (!filter_var($pw_recovery_email, FILTER_VALIDATE_EMAIL)) ? '' : $pw_recovery_email;
+    $stmt = $pdo->prepare("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.recovery_email', :recovery_email)
+      WHERE `username` = :username");
+    $stmt->execute(array(
+      ':recovery_email' => $pw_recovery_email,
+      ':username' => $username
+    ));
+  }
+
   $_SESSION['return'][] =  array(
     'type' => 'success',
     'log' => array(__FUNCTION__, $_data_log),
@@ -2261,6 +2290,398 @@ function uuid4() {
 
   return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4));
 }
+function reset_password($action, $data = null) {
+  global $pdo;
+  global $redis;
+  global $mailcow_hostname;
+  global $PW_RESET_TOKEN_LIMIT;
+  global $PW_RESET_TOKEN_LIFETIME;
+
+	$_data_log = $data;
+  if (isset($_data_log['new_password'])) $_data_log['new_password'] = '*';
+  if (isset($_data_log['new_password2'])) $_data_log['new_password2'] = '*';
+
+  switch ($action) {
+    case 'check':
+      $token = $data;
+
+      $stmt = $pdo->prepare("SELECT `t1`.`username` FROM `reset_password` AS `t1` JOIN `mailbox` AS `t2` ON `t1`.`username` = `t2`.`username` WHERE `t1`.`token` = :token AND `t1`.`created` > DATE_SUB(NOW(), INTERVAL :lifetime MINUTE) AND `t2`.`active` = 1;");
+      $stmt->execute(array(
+        ':token' => preg_replace('/[^a-zA-Z0-9-]/', '', $token),
+        ':lifetime' => $PW_RESET_TOKEN_LIFETIME
+      ));
+      $return = $stmt->fetch(PDO::FETCH_ASSOC);
+      return empty($return['username']) ? false : $return['username'];
+    break;
+    case 'issue':
+      $username = $data;
+      
+      // perform cleanup
+      $stmt = $pdo->prepare("DELETE FROM `reset_password` WHERE created < DATE_SUB(NOW(), INTERVAL :lifetime MINUTE);");
+      $stmt->execute(array(':lifetime' => $PW_RESET_TOKEN_LIFETIME));
+
+      if (filter_var($username, FILTER_VALIDATE_EMAIL) === false) {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $action, $_data_log),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+
+      $stmt = $pdo->prepare("SELECT * FROM `mailbox`
+        WHERE `username` = :username");
+      $stmt->execute(array(':username' => $username));
+      $mailbox_data = $stmt->fetch(PDO::FETCH_ASSOC);
+
+      if (empty($mailbox_data)) {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $action, $_data_log),
+          'msg' => 'password_reset_invalid_user'
+        );
+        return false;
+      }
+
+      $mailbox_attr = json_decode($mailbox_data['attributes'], true);
+      if (empty($mailbox_attr['recovery_email']) || filter_var($mailbox_attr['recovery_email'], FILTER_VALIDATE_EMAIL) === false) {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $action, $_data_log),
+          'msg' => "password_reset_invalid_user"
+        );
+        return false;
+      }
+
+      $stmt = $pdo->prepare("SELECT * FROM `reset_password`
+        WHERE `username` = :username");
+      $stmt->execute(array(':username' => $username));
+      $generated_token_count = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+      if ($generated_token_count >= $PW_RESET_TOKEN_LIMIT) {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $action, $_data_log),
+          'msg' => "reset_token_limit_exceeded"
+        );
+        return false;
+      }
+
+      $token = implode('-', array(
+        strtoupper(bin2hex(random_bytes(3))),
+        strtoupper(bin2hex(random_bytes(3))),
+        strtoupper(bin2hex(random_bytes(3))),
+        strtoupper(bin2hex(random_bytes(3))),
+        strtoupper(bin2hex(random_bytes(3)))
+      ));
+
+      $stmt = $pdo->prepare("INSERT INTO `reset_password` (`username`, `token`)
+        VALUES (:username, :token)");
+      $stmt->execute(array(
+        ':username' => $username,
+        ':token' => $token
+      ));
+
+      $pw_reset_notification = reset_password('get_notification', 'raw');
+      if (!$pw_reset_notification) return false;
+
+      $reset_link = getBaseURL() . "/reset-password?token=" . $token;
+
+      $request_date = new DateTime();
+      $locale_date = locale_get_default();
+      $date_formatter = new IntlDateFormatter(
+        $locale_date, 
+        IntlDateFormatter::FULL, 
+        IntlDateFormatter::FULL
+      );
+      $formatted_request_date = $date_formatter->format($request_date);
+
+      // set template vars
+      // subject
+      $pw_reset_notification['subject'] = str_replace('{{hostname}}', $mailcow_hostname, $pw_reset_notification['subject']);
+      $pw_reset_notification['subject'] = str_replace('{{link}}', $reset_link, $pw_reset_notification['subject']);
+      $pw_reset_notification['subject'] = str_replace('{{username}}', $username, $pw_reset_notification['subject']);
+      $pw_reset_notification['subject'] = str_replace('{{username2}}', $mailbox_attr['recovery_email'], $pw_reset_notification['subject']);
+      $pw_reset_notification['subject'] = str_replace('{{date}}', $formatted_request_date, $pw_reset_notification['subject']);
+      $pw_reset_notification['subject'] = str_replace('{{token_lifetime}}', $PW_RESET_TOKEN_LIFETIME, $pw_reset_notification['subject']);
+      // text
+      $pw_reset_notification['text_tmpl'] = str_replace('{{hostname}}', $mailcow_hostname, $pw_reset_notification['text_tmpl']);
+      $pw_reset_notification['text_tmpl'] = str_replace('{{link}}', $reset_link, $pw_reset_notification['text_tmpl']);
+      $pw_reset_notification['text_tmpl'] = str_replace('{{username}}', $username, $pw_reset_notification['text_tmpl']);
+      $pw_reset_notification['text_tmpl'] = str_replace('{{username2}}', $mailbox_attr['recovery_email'], $pw_reset_notification['text_tmpl']);
+      $pw_reset_notification['text_tmpl'] = str_replace('{{date}}', $formatted_request_date, $pw_reset_notification['text_tmpl']);
+      $pw_reset_notification['text_tmpl'] = str_replace('{{token_lifetime}}', $PW_RESET_TOKEN_LIFETIME, $pw_reset_notification['text_tmpl']);
+      // html
+      $pw_reset_notification['html_tmpl'] = str_replace('{{hostname}}', $mailcow_hostname, $pw_reset_notification['html_tmpl']);
+      $pw_reset_notification['html_tmpl'] = str_replace('{{link}}', $reset_link, $pw_reset_notification['html_tmpl']);
+      $pw_reset_notification['html_tmpl'] = str_replace('{{username}}', $username, $pw_reset_notification['html_tmpl']);
+      $pw_reset_notification['html_tmpl'] = str_replace('{{username2}}', $mailbox_attr['recovery_email'], $pw_reset_notification['html_tmpl']);
+      $pw_reset_notification['html_tmpl'] = str_replace('{{date}}', $formatted_request_date, $pw_reset_notification['html_tmpl']);
+      $pw_reset_notification['html_tmpl'] = str_replace('{{token_lifetime}}', $PW_RESET_TOKEN_LIFETIME, $pw_reset_notification['html_tmpl']);
+
+
+      $email_sent = reset_password('send_mail', array(
+        "from" => $pw_reset_notification['from'],
+        "to" => $mailbox_attr['recovery_email'],
+        "subject" => $pw_reset_notification['subject'],
+        "text" => $pw_reset_notification['text_tmpl'],
+        "html" => $pw_reset_notification['html_tmpl']
+      ));
+
+      if (!$email_sent){
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $action, $_data_log),
+          'msg' => "recovery_email_failed"
+        );
+        return false;
+      }
+
+      list($localPart, $domainPart) = explode('@', $mailbox_attr['recovery_email']);
+      if (strlen($localPart) > 1) {
+        $maskedLocalPart = $localPart[0] . str_repeat('*', strlen($localPart) - 1);
+      } else {
+        $maskedLocalPart = "*";
+      }
+      $_SESSION['return'][] = array(
+        'type' => 'success',
+        'log' => array(__FUNCTION__, $action, $_data_log),
+        'msg' => array("recovery_email_sent", $maskedLocalPart . '@' . $domainPart)
+      );
+      return array(
+        "username" => $username,
+        "issue" => "success"
+      );
+    break;
+    case 'reset':
+      $token = $data['token'];
+      $new_password = $data['new_password'];
+      $new_password2 = $data['new_password2'];
+      $username = $data['username'];
+      $check_tfa = $data['check_tfa'];
+
+      if (!$username || !$token) {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $action, $_data_log),
+          'msg' => 'invalid_reset_token'
+        );
+        return false;
+      }
+
+      # check new password
+      if (!password_check($new_password, $new_password2)) {
+        return false;
+      }
+
+      if ($check_tfa){
+        // check for tfa authenticators
+        $authenticators = get_tfa($username);
+        if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) {
+          $_SESSION['pending_mailcow_cc_username'] = $username;
+          $_SESSION['pending_pw_reset_token'] = $token;
+          $_SESSION['pending_pw_new_password'] = $new_password;
+          $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
+          $_SESSION['return'][] =  array(
+            'type' => 'info',
+            'log' => array(__FUNCTION__, $user, '*'),
+            'msg' => 'awaiting_tfa_confirmation'
+          );
+          return false;
+        }
+      }
+
+      # set new password
+      $password_hashed = hash_password($new_password);
+      $stmt = $pdo->prepare("UPDATE `mailbox` SET
+        `password` = :password_hashed,
+        `attributes` = JSON_SET(`attributes`, '$.passwd_update', NOW())
+        WHERE `username` = :username");
+      $stmt->execute(array(
+        ':password_hashed' => $password_hashed,
+        ':username' => $username
+      ));
+
+      // perform cleanup
+      $stmt = $pdo->prepare("DELETE FROM `reset_password` WHERE `username` = :username;");
+      $stmt->execute(array(
+        ':username' => $username
+      ));
+   
+      $_SESSION['return'][] = array(
+        'type' => 'success',
+        'log' => array(__FUNCTION__, $action, $_data_log),
+        'msg' => 'password_changed_success'
+      );
+      return true;
+    break;
+    case 'get_notification':
+      $type = $data;
+
+      try {
+        $settings['from'] = $redis->Get('PW_RESET_FROM');
+        $settings['subject'] = $redis->Get('PW_RESET_SUBJ');
+        $settings['html_tmpl'] = $redis->Get('PW_RESET_HTML');
+        $settings['text_tmpl'] = $redis->Get('PW_RESET_TEXT');
+        if (empty($settings['html_tmpl']) && empty($settings['text_tmpl'])) {
+          $settings['html_tmpl'] = file_get_contents("/tpls/pw_reset_html.tpl");
+          $settings['text_tmpl'] = file_get_contents("/tpls/pw_reset_text.tpl");
+        }
+
+        if ($type != "raw") {
+          $settings['html_tmpl'] = htmlspecialchars($settings['html_tmpl']);
+          $settings['text_tmpl'] = htmlspecialchars($settings['text_tmpl']);
+        }
+      }
+      catch (RedisException $e) {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $action, $_data_log),
+          'msg' => array('redis_error', $e)
+        );
+        return false;
+      }
+
+      return $settings;
+    break;
+    case 'send_mail':
+      $from = $data['from'];
+      $to = $data['to'];
+      $text = $data['text'];
+      $html = $data['html'];
+      $subject = $data['subject'];
+    
+      if (!filter_var($from, FILTER_VALIDATE_EMAIL)) {
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $action, $_data_log),
+          'msg' => 'from_invalid'
+        );
+        return false;
+      }
+      if (!filter_var($to, FILTER_VALIDATE_EMAIL)) {
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $action, $_data_log),
+          'msg' => 'to_invalid'
+        );
+        return false;
+      }
+      if (empty($subject)) {
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $action, $_data_log),
+          'msg' => 'subject_empty'
+        );
+        return false;
+      }
+      if (empty($text)) {
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $action, $_data_log),
+          'msg' => 'text_empty'
+        );
+        return false;
+      }
+    
+      ini_set('max_execution_time', 0);
+      ini_set('max_input_time', 0);
+      $mail = new PHPMailer;
+      $mail->Timeout = 10;
+      $mail->SMTPOptions = array(
+        'ssl' => array(
+          'verify_peer' => false,
+          'verify_peer_name' => false,
+          'allow_self_signed' => true
+        )
+      );
+      $mail->isSMTP();
+      $mail->Host = 'postfix-mailcow';
+      $mail->SMTPAuth = false;
+      $mail->Port = 25;
+      $mail->setFrom($from);
+      $mail->Subject = $subject;
+      $mail->CharSet ="UTF-8";
+      if (!empty($html)) {
+        $mail->Body = $html;
+        $mail->AltBody = $text;
+      }
+      else {
+        $mail->Body = $text;
+      }
+      $mail->XMailer = 'MooMail';
+      $mail->AddAddress($to);
+      if (!$mail->send()) {
+        return false;
+      }
+      $mail->ClearAllRecipients();
+    
+      return true;
+    break;
+  }
+
+  if ($_SESSION['mailcow_cc_role'] != "admin") {
+    $_SESSION['return'][] = array(
+      'type' => 'danger',
+      'log' => array(__FUNCTION__, $action, $_data_log),
+      'msg' => 'access_denied'
+    );
+    return false;
+  }
+
+  switch ($action) {
+    case 'edit_notification':
+      $subject = $data['subject'];
+      $from = preg_replace('/[\x00-\x1F\x80-\xFF]/', '', $data['from']);
+
+      if (filter_var($from, FILTER_VALIDATE_EMAIL) === false) {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $action, $_data_log),
+          'msg' => '???'
+        );
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $action, $_data_log),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+
+      $text = (empty($data['text_tmpl'])) ? "" : $data['text_tmpl'];
+      $html = (empty($data['html_tmpl'])) ? "" : $data['html_tmpl'];
+      if (empty($text) && empty($html)) {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $action, $_data_log),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+
+      try {
+        $redis->Set('PW_RESET_FROM', $from);
+        $redis->Set('PW_RESET_SUBJ', $subject);
+        $redis->Set('PW_RESET_HTML', $html);
+        $redis->Set('PW_RESET_TEXT', $text);
+      }
+      catch (RedisException $e) {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $action, $_data_log),
+          'msg' => array('redis_error', $e)
+        );
+        return false;
+      }
+
+      $_SESSION['return'][] = array(
+        'type' => 'success',
+        'log' => array(__FUNCTION__, $action, $_data_log),
+        'msg' => 'saved_settings'
+      );
+    break;
+  }
+}
+
 
 function get_logs($application, $lines = false) {
   if ($lines === false) {
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 00c11deec..7c9414f0a 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -2865,21 +2865,22 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               $_data['sieve_access'] = (in_array('sieve', $_data['protocol_access'])) ? 1 : 0;
             }
             if (!empty($is_now)) {
-              $active     = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
+              $active               = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
               (int)$force_pw_update = (isset($_data['force_pw_update'])) ? intval($_data['force_pw_update']) : intval($is_now['attributes']['force_pw_update']);
-              (int)$sogo_access = (isset($_data['sogo_access']) && isset($_SESSION['acl']['sogo_access']) && $_SESSION['acl']['sogo_access'] == "1") ? intval($_data['sogo_access']) : intval($is_now['attributes']['sogo_access']);
-              (int)$imap_access = (isset($_data['imap_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") ? intval($_data['imap_access']) : intval($is_now['attributes']['imap_access']);
-              (int)$pop3_access = (isset($_data['pop3_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") ? intval($_data['pop3_access']) : intval($is_now['attributes']['pop3_access']);
-              (int)$smtp_access = (isset($_data['smtp_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") ? intval($_data['smtp_access']) : intval($is_now['attributes']['smtp_access']);
-              (int)$sieve_access = (isset($_data['sieve_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") ? intval($_data['sieve_access']) : intval($is_now['attributes']['sieve_access']);
-              (int)$relayhost = (isset($_data['relayhost']) && isset($_SESSION['acl']['mailbox_relayhost']) && $_SESSION['acl']['mailbox_relayhost'] == "1") ? intval($_data['relayhost']) : intval($is_now['attributes']['relayhost']);
-              (int)$quota_m = (isset_has_content($_data['quota'])) ? intval($_data['quota']) : ($is_now['quota'] / 1048576);
-              $name       = (!empty($_data['name'])) ? ltrim(rtrim($_data['name'], '>'), '<') : $is_now['name'];
-              $domain     = $is_now['domain'];
-              $quota_b    = $quota_m * 1048576;
-              $password   = (!empty($_data['password'])) ? $_data['password'] : null;
-              $password2  = (!empty($_data['password2'])) ? $_data['password2'] : null;
-              $tags       = (is_array($_data['tags']) ? $_data['tags'] : array());
+              (int)$sogo_access     = (isset($_data['sogo_access']) && isset($_SESSION['acl']['sogo_access']) && $_SESSION['acl']['sogo_access'] == "1") ? intval($_data['sogo_access']) : intval($is_now['attributes']['sogo_access']);
+              (int)$imap_access     = (isset($_data['imap_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") ? intval($_data['imap_access']) : intval($is_now['attributes']['imap_access']);
+              (int)$pop3_access     = (isset($_data['pop3_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") ? intval($_data['pop3_access']) : intval($is_now['attributes']['pop3_access']);
+              (int)$smtp_access     = (isset($_data['smtp_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") ? intval($_data['smtp_access']) : intval($is_now['attributes']['smtp_access']);
+              (int)$sieve_access    = (isset($_data['sieve_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") ? intval($_data['sieve_access']) : intval($is_now['attributes']['sieve_access']);
+              (int)$relayhost       = (isset($_data['relayhost']) && isset($_SESSION['acl']['mailbox_relayhost']) && $_SESSION['acl']['mailbox_relayhost'] == "1") ? intval($_data['relayhost']) : intval($is_now['attributes']['relayhost']);
+              (int)$quota_m         = (isset_has_content($_data['quota'])) ? intval($_data['quota']) : ($is_now['quota'] / 1048576);
+              $name                 = (!empty($_data['name'])) ? ltrim(rtrim($_data['name'], '>'), '<') : $is_now['name'];
+              $domain               = $is_now['domain'];
+              $quota_b              = $quota_m * 1048576;
+              $password             = (!empty($_data['password'])) ? $_data['password'] : null;
+              $password2            = (!empty($_data['password2'])) ? $_data['password2'] : null;
+              $pw_recovery_email     = (isset($_data['pw_recovery_email'])) ? $_data['pw_recovery_email'] : $is_now['attributes']['recovery_email'];
+              $tags                 = (is_array($_data['tags']) ? $_data['tags'] : array());
             }
             else {
               $_SESSION['return'][] = array(
@@ -3132,31 +3133,43 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               ':address' => $username,
               ':active' => $active
             ));
-            $stmt = $pdo->prepare("UPDATE `mailbox` SET
-                `active` = :active,
-                `name`= :name,
-                `quota` = :quota_b,
-                `attributes` = JSON_SET(`attributes`, '$.force_pw_update', :force_pw_update),
-                `attributes` = JSON_SET(`attributes`, '$.sogo_access', :sogo_access),
-                `attributes` = JSON_SET(`attributes`, '$.imap_access', :imap_access),
-                `attributes` = JSON_SET(`attributes`, '$.sieve_access', :sieve_access),
-                `attributes` = JSON_SET(`attributes`, '$.pop3_access', :pop3_access),
-                `attributes` = JSON_SET(`attributes`, '$.relayhost', :relayhost),
-                `attributes` = JSON_SET(`attributes`, '$.smtp_access', :smtp_access)
-                  WHERE `username` = :username");
-            $stmt->execute(array(
-              ':active' => $active,
-              ':name' => $name,
-              ':quota_b' => $quota_b,
-              ':force_pw_update' => $force_pw_update,
-              ':sogo_access' => $sogo_access,
-              ':imap_access' => $imap_access,
-              ':pop3_access' => $pop3_access,
-              ':sieve_access' => $sieve_access,
-              ':smtp_access' => $smtp_access,
-              ':relayhost' => $relayhost,
-              ':username' => $username
-            ));
+            try {
+              $stmt = $pdo->prepare("UPDATE `mailbox` SET
+                  `active` = :active,
+                  `name`= :name,
+                  `quota` = :quota_b,
+                  `attributes` = JSON_SET(`attributes`, '$.force_pw_update', :force_pw_update),
+                  `attributes` = JSON_SET(`attributes`, '$.sogo_access', :sogo_access),
+                  `attributes` = JSON_SET(`attributes`, '$.imap_access', :imap_access),
+                  `attributes` = JSON_SET(`attributes`, '$.sieve_access', :sieve_access),
+                  `attributes` = JSON_SET(`attributes`, '$.pop3_access', :pop3_access),
+                  `attributes` = JSON_SET(`attributes`, '$.relayhost', :relayhost),
+                  `attributes` = JSON_SET(`attributes`, '$.smtp_access', :smtp_access),
+                  `attributes` = JSON_SET(`attributes`, '$.recovery_email', :recovery_email)
+                    WHERE `username` = :username");
+                $stmt->execute(array(
+                  ':active' => $active,
+                  ':name' => $name,
+                  ':quota_b' => $quota_b,
+                  ':force_pw_update' => $force_pw_update,
+                  ':sogo_access' => $sogo_access,
+                  ':imap_access' => $imap_access,
+                  ':pop3_access' => $pop3_access,
+                  ':sieve_access' => $sieve_access,
+                  ':smtp_access' => $smtp_access,
+                  ':recovery_email' => $pw_recovery_email,
+                  ':relayhost' => $relayhost,
+                  ':username' => $username
+                ));
+            }
+            catch (PDOException $e) {
+              $_SESSION['return'][] = array(
+                'type' => 'danger',
+                'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+                'msg' => $e->getMessage()
+              );
+              return false;
+            }
             // save tags
             foreach($tags as $index => $tag){
               if (empty($tag)) continue;
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index f62858b3f..8c4951d57 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "26022024_1433";
+    $db_version = "29072024_1000";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -483,6 +483,7 @@ function init_db_schema() {
           "quarantine_notification" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "quarantine_category" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "app_passwds" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "pw_reset" => "TINYINT(1) NOT NULL DEFAULT '1'",
           ),
         "keys" => array(
           "primary" => array(
@@ -694,6 +695,19 @@ function init_db_schema() {
         ),
         "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
       ),
+      "reset_password" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "token" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("token", "created")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
       "imapsync" => array(
         "cols" => array(
           "id" => "INT NOT NULL AUTO_INCREMENT",
diff --git a/data/web/inc/triggers.inc.php b/data/web/inc/triggers.inc.php
index 6922429b8..5c625e414 100644
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -10,16 +10,54 @@ if (!empty($_GET['sso_token'])) {
   }
 }
 
+if (isset($_POST["pw_reset_request"]) && !empty($_POST['username'])) {
+  reset_password("issue", $_POST['username']);
+  header("Location: /");
+  exit;
+}
+if (isset($_POST["pw_reset"])) {
+  $username = reset_password("check", $_POST['token']);
+  $reset_result = reset_password("reset", array(
+    'new_password' => $_POST['new_password'], 
+    'new_password2' => $_POST['new_password2'],
+    'token' => $_POST['token'],
+    'username' => $username,
+    'check_tfa' => True
+  ));
+
+  if ($reset_result){
+    header("Location: /");
+    exit;
+  }
+}
 if (isset($_POST["verify_tfa_login"])) {
   if (verify_tfa_login($_SESSION['pending_mailcow_cc_username'], $_POST)) {
-    $_SESSION['mailcow_cc_username'] = $_SESSION['pending_mailcow_cc_username'];
-    $_SESSION['mailcow_cc_role'] = $_SESSION['pending_mailcow_cc_role'];
-    unset($_SESSION['pending_mailcow_cc_username']);
-    unset($_SESSION['pending_mailcow_cc_role']);
-    unset($_SESSION['pending_tfa_methods']);
+    if (isset($_SESSION['pending_mailcow_cc_username']) && isset($_SESSION['pending_pw_reset_token']) && isset($_SESSION['pending_pw_new_password'])) {
+      reset_password("reset", array(
+        'new_password' => $_SESSION['pending_pw_new_password'],
+        'new_password2' => $_SESSION['pending_pw_new_password'],
+        'token' => $_SESSION['pending_pw_reset_token'],
+        'username' => $_SESSION['pending_mailcow_cc_username']
+      ));
+      unset($_SESSION['pending_pw_reset_token']);
+      unset($_SESSION['pending_pw_new_password']);
+      unset($_SESSION['pending_mailcow_cc_username']);
+      unset($_SESSION['pending_tfa_methods']);
 
-    header("Location: /user");
+      header("Location: /");
+      exit;
+    } else {
+      $_SESSION['mailcow_cc_username'] = $_SESSION['pending_mailcow_cc_username'];
+      $_SESSION['mailcow_cc_role'] = $_SESSION['pending_mailcow_cc_role'];
+      unset($_SESSION['pending_mailcow_cc_username']);
+      unset($_SESSION['pending_mailcow_cc_role']);
+      unset($_SESSION['pending_tfa_methods']);
+  
+      header("Location: /user");
+    }
   } else {
+    unset($_SESSION['pending_pw_reset_token']);
+    unset($_SESSION['pending_pw_new_password']);
     unset($_SESSION['pending_mailcow_cc_username']);
     unset($_SESSION['pending_mailcow_cc_role']);
     unset($_SESSION['pending_tfa_methods']);
@@ -27,11 +65,13 @@ if (isset($_POST["verify_tfa_login"])) {
 }
 
 if (isset($_GET["cancel_tfa_login"])) {
-    unset($_SESSION['pending_mailcow_cc_username']);
-    unset($_SESSION['pending_mailcow_cc_role']);
-    unset($_SESSION['pending_tfa_methods']);
+  unset($_SESSION['pending_pw_reset_token']);
+  unset($_SESSION['pending_pw_new_password']);
+  unset($_SESSION['pending_mailcow_cc_username']);
+  unset($_SESSION['pending_mailcow_cc_role']);
+  unset($_SESSION['pending_tfa_methods']);
 
-    header("Location: /");
+  header("Location: /");
 }
 
 if (isset($_POST["quick_release"])) {
diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php
index 830b21805..d3165b8af 100644
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@@ -210,6 +210,12 @@ $MAILBOX_DEFAULT_ATTRIBUTES['mailbox_format'] = 'maildir:';
 // Show last IMAP and POP3 logins
 $SHOW_LAST_LOGIN = true;
 
+// Maximum number of password reset tokens that can be generated at once per user
+$PW_RESET_TOKEN_LIMIT = 3;
+
+// Maximum time in minutes a password reset token is valid
+$PW_RESET_TOKEN_LIFETIME = 15;
+
 // UV flag handling in FIDO2/WebAuthn - defaults to false to allow iOS logins
 // true = required
 // false = preferred
diff --git a/data/web/json_api.php b/data/web/json_api.php
index 9e165b68e..e14dd9962 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -1973,7 +1973,6 @@ if (isset($_GET['query'])) {
         case "quota_notification_bcc":
           process_edit_return(quota_notification_bcc('edit', $attr));
         break;
-        break;
         case "mailq":
           process_edit_return(mailq('edit', array_merge(array('qid' => $items), $attr)));
         break;
@@ -2069,6 +2068,9 @@ if (isset($_GET['query'])) {
         case "cors":
           process_edit_return(cors('edit', $attr));
         break;
+        case "reset-password-notification":
+          process_edit_return(reset_password('edit_notification', $attr));
+        break;
         // return no route found if no case is matched
         default:
           http_response_code(404);
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 2298e1cbd..a734e09cb 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -14,6 +14,7 @@
         "prohibited": "Untersagt durch Richtlinie",
         "protocol_access": "Ändern der erlaubten Protokolle",
         "pushover": "Pushover",
+        "pw_reset": "Verwalten der E-Mail zur Passwortwiederherstellung erlauben",
         "quarantine": "Quarantäne-Aktionen",
         "quarantine_attachments": "Anhänge aus Quarantäne",
         "quarantine_category": "Ändern der Quarantäne-Benachrichtigungskategorie",
@@ -248,6 +249,11 @@
         "password_policy_numbers": "Muss eine Ziffer enthalten",
         "password_policy_special_chars": "Muss Sonderzeichen enthalten",
         "password_repeat": "Passwort wiederholen",
+        "password_reset_info": "Wenn keine E-Mail zur Passwortwiederherstellung hinterlegt ist, kann diese Funktion nicht genutzt werden.",
+        "password_reset_settings": "Einstellungen zur Passwortwiederherstellung",
+        "password_reset_tmpl_html": "HTML Vorlage",
+        "password_reset_tmpl_text": "Text Vorlage",
+        "password_settings": "Passwort Einstellungen",
         "priority": "Gewichtung",
         "private_key": "Private Key",
         "quarantine": "Quarantäne",
@@ -287,6 +293,8 @@
         "remove_row": "Entfernen",
         "reset_default": "Zurücksetzen auf Standard",
         "reset_limit": "Hash entfernen",
+        "reset_password_vars": "<code>{{link}}</code> Der generierte Passwort-Reset-Link<br><code>{{username}}</code> Die E-Mail-Adresse des Benutzers, der die Passwortzurücksetzung angefordert hat<br><code>{{username2}}</code> Die E-Mail-Adresse zur Wiederherstellung<br><code>{{date}}</code> Das Datum, an dem die Passwort-Reset-Anfrage gestellt wurde<br><code>{{token_lifetime}}</code> Die Gültigkeitsdauer des Tokens in Minuten<br><code>{{hostname}}</code> Der mailcow Hostname",
+        "restore_template": "Leer lassen, um Standard-Template wiederherzustellen.",
         "routing": "Routing",
         "rsetting_add_rule": "Regel hinzufügen",
         "rsetting_content": "Regelinhalt",
@@ -407,6 +415,7 @@
         "invalid_nexthop_authenticated": "Dieser Next Hop existiert bereits mit abweichenden Authentifizierungsdaten. Die bestehenden Authentifizierungsdaten dieses \"Next Hops\" müssen vorab angepasst werden.",
         "invalid_recipient_map_new": "Neuer Empfänger \"%s\" ist ungültig",
         "invalid_recipient_map_old": "Originaler Empfänger \"%s\" ist ungültig",
+        "invalid_reset_token": "Ungültiger Rücksetz-Token",
         "ip_list_empty": "Liste erlaubter IPs darf nicht leer sein",
         "is_alias": "%s lautet bereits eine Alias-Adresse",
         "is_alias_or_mailbox": "Eine Mailbox, ein Alias oder eine sich aus einer Alias-Domain ergebende Adresse mit dem Namen %s ist bereits vorhanden",
@@ -436,6 +445,7 @@
         "password_complexity": "Passwort entspricht nicht den Richtlinien",
         "password_empty": "Passwort darf nicht leer sein",
         "password_mismatch": "Passwort-Wiederholung stimmt nicht überein",
+        "password_reset_invalid_user": "Benutzer nicht gefunden oder keine E-Mail-Adresse zur Wiederherstellung eingerichtet",
         "policy_list_from_exists": "Ein Eintrag mit diesem Wert existiert bereits",
         "policy_list_from_invalid": "Eintrag hat ein ungültiges Format",
         "private_key_error": "Schlüsselfehler: %s",
@@ -444,10 +454,12 @@
         "pushover_token": "Pushover Token hat das falsche Format",
         "quota_not_0_not_numeric": "Speicherplatz muss numerisch und >= 0 sein",
         "recipient_map_entry_exists": "Eine Empfängerumschreibung für Objekt \"%s\" existiert bereits",
+        "recovery_email_failed": "E-Mail zur Wiederherstellung konnte nicht gesendet werden. Bitte wenden Sie sich an Ihren Administrator.",
         "redis_error": "Redis Fehler: %s",
         "relayhost_invalid": "Map-Eintrag %s ist ungültig",
         "release_send_failed": "Die Nachricht konnte nicht versendet werden: %s",
         "reset_f2b_regex": "Regex-Filter konnten nicht in vorgegebener Zeit zurückgesetzt werden, bitte erneut versuchen oder die Webseite neu laden.",
+        "reset_token_limit_exceeded": "Das Limit für Rücksetz-Tokens wurde überschritten. Bitte versuchen Sie es später erneut.",
         "resource_invalid": "Ressourcenname %s ist ungültig",
         "rl_timeframe": "Ratelimit-Zeitraum ist inkorrekt",
         "rspamd_ui_pw_length": "Rspamd UI-Passwort muss mindestens 6 Zeichen lang sein",
@@ -467,6 +479,7 @@
         "tls_policy_map_dest_invalid": "Ziel ist ungültig",
         "tls_policy_map_entry_exists": "Eine TLS-Richtlinie \"%s\" existiert bereits",
         "tls_policy_map_parameter_invalid": "Parameter ist ungültig",
+        "to_invalid": "Empfänger darf nicht leer sein",
         "totp_verification_failed": "TOTP-Verifizierung fehlgeschlagen",
         "transport_dest_exists": "Transport-Maps-Ziel \"%s\" existiert bereits",
         "webauthn_verification_failed": "WebAuthn-Verifizierung fehlgeschlagen: %s",
@@ -638,6 +651,7 @@
         "nexthop": "Next Hop",
         "none_inherit": "Keine Auswahl / Erben",
         "password": "Passwort",
+        "password_recovery_email": "E-Mail zur Passwortwiederherstellung",
         "password_repeat": "Passwort wiederholen",
         "previous": "Vorherige Seite",
         "private_comment": "Privater Kommentar",
@@ -741,12 +755,19 @@
         "session_expires": "Die Sitzung wird in etwa 15 Sekunden beendet."
     },
     "login": {
+        "back_to_mailcow": "Zurück zu mailcow",
         "delayed": "Login wurde zur Sicherheit um %s Sekunde/n verzögert.",
         "fido2_webauthn": "FIDO2/WebAuthn Login",
+        "forgot_password": "> Passwort vergessen?",
+        "invalid_pass_reset_token": "Der Rücksetz-Token für das Passwort ist ungültig oder abgelaufen.<br>Bitte fordern Sie einen neuen Link zur Passwortwiederherstellung an.",
         "login": "Anmelden",
         "mobileconfig_info": "Bitte als Mailbox-Benutzer einloggen, um das Verbindungsprofil herunterzuladen.",
+        "new_password": "Neues Passwort",
+        "new_password_confirm": "Neues Passwort bestätigen",        
         "other_logins": "Key Login",
         "password": "Passwort",
+        "reset_password": "Passwort zurücksetzen",
+        "request_reset_password": "Passwortänderung anfordern",
         "username": "Benutzername"
     },
     "mailbox": {
@@ -1065,11 +1086,13 @@
         "nginx_reloaded": "Nginx wurde neu geladen",
         "object_modified": "Änderungen an Objekt %s wurden gespeichert",
         "password_policy_saved": "Passwortrichtlinie wurde erfolgreich gespeichert",
+        "password_changed_success": "Das Passwort wurde erfolgreich geändert",
         "pushover_settings_edited": "Pushover-Konfiguration gespeichert, bitte den Zugang im Anschluss verifizieren.",
         "qlearn_spam": "Nachricht-ID %s wurde als Spam gelernt und gelöscht",
         "queue_command_success": "Queue-Aufgabe erfolgreich ausgeführt",
         "recipient_map_entry_deleted": "Empfängerumschreibung mit der ID %s wurde gelöscht",
         "recipient_map_entry_saved": "Empfängerumschreibung für Objekt \"%s\" wurde gespeichert",
+        "recovery_email_sent": "Wiederherstellungs-E-Mail an %s gesendet",
         "relayhost_added": "Map-Eintrag %s wurde hinzugefügt",
         "relayhost_removed": "Map-Eintrag %s wurde entfernt",
         "reset_main_logo": "Standardgrafik wurde wiederhergestellt",
@@ -1202,6 +1225,7 @@
         "password": "Passwort",
         "password_now": "Aktuelles Passwort (Änderungen bestätigen)",
         "password_repeat": "Passwort (Wiederholung)",
+        "password_reset_info": "Wenn keine E-Mail zur Passwortwiederherstellung hinterlegt ist, kann diese Funktion nicht genutzt werden.",
         "pushover_evaluate_x_prio": "Hohe Priorität eskalieren [<code>X-Priority: 1</code>]",
         "pushover_info": "Push-Benachrichtungen werden angewendet auf alle nicht-Spam Nachrichten zugestellt an <b>%s</b>, einschließlich Alias-Adressen (shared, non-shared, tagged).",
         "pushover_only_x_prio": "Nur Mail mit hoher Priorität berücksichtigen [<code>X-Priority: 1</code>]",
@@ -1211,6 +1235,7 @@
         "pushover_title": "Notification Titel",
         "pushover_vars": "Wenn kein Sender-Filter definiert ist, werden alle E-Mails berücksichtigt.<br>Die direkte Absenderprüfung und reguläre Ausdrücke werden unabhängig voneinander geprüft, sie <b>hängen nicht voneinander ab</b> und werden der Reihe nach ausgeführt. <br>Verwendbare Variablen für Titel und Text (Datenschutzrichtlinien beachten)",
         "pushover_verify": "Verbindung verifizieren",
+        "pw_recovery_email": "E-Mail zur Passwortwiederherstellung",
         "q_add_header": "Junk-Ordner",
         "q_all": "Alle Kategorien",
         "q_reject": "Abgelehnt",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 964caade6..636c1aded 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -14,6 +14,7 @@
         "prohibited": "Prohibited by ACL",
         "protocol_access": "Change protocol access",
         "pushover": "Pushover",
+        "pw_reset": "Allow to reset mailcow user password",
         "quarantine": "Quarantine actions",
         "quarantine_attachments": "Quarantine attachments",
         "quarantine_category": "Change quarantine notification category",
@@ -256,6 +257,11 @@
         "password_policy_numbers": "Must contain at least one number",
         "password_policy_special_chars": "Must contain special characters",
         "password_repeat": "Confirmation password (repeat)",
+        "password_reset_info": "If no recovery email is provided, this function cannot be used.",
+        "password_reset_settings": "Password Recovery Settings",
+        "password_reset_tmpl_html": "HTML Template",
+        "password_reset_tmpl_text": "Text Template",
+        "password_settings": "Password Settings",
         "priority": "Priority",
         "private_key": "Private key",
         "quarantine": "Quarantine",
@@ -296,6 +302,8 @@
         "remove_row": "Remove row",
         "reset_default": "Reset to default",
         "reset_limit": "Remove hash",
+        "reset_password_vars": "<code>{{link}}</code> The generated password reset link<br><code>{{username}}</code> The mailbox name of the user who requested the password reset<br><code>{{username2}}</code> The recovery mailbox name<br><code>{{date}}</code> The date the password reset request was made<br><code>{{token_lifetime}}</code> The token lifetime in minutes<br><code>{{hostname}}</code> The mailcow hostname",
+        "restore_template": "Leave empty to restore default template.",
         "routing": "Routing",
         "rsetting_add_rule": "Add rule",
         "rsetting_content": "Rule content",
@@ -407,6 +415,7 @@
         "invalid_nexthop_authenticated": "Next hop exists with different credentials, please update the existing credentials for this next hop first.",
         "invalid_recipient_map_new": "Invalid new recipient specified: %s",
         "invalid_recipient_map_old": "Invalid original recipient specified: %s",
+        "invalid_reset_token": "Invalid reset token",
         "ip_list_empty": "List of allowed IPs cannot be empty",
         "is_alias": "%s is already known as an alias address",
         "is_alias_or_mailbox": "%s is already known as an alias, a mailbox or an alias address expanded from an alias domain.",
@@ -436,6 +445,7 @@
         "password_complexity": "Password does not meet the policy",
         "password_empty": "Password must not be empty",
         "password_mismatch": "Confirmation password does not match",
+        "password_reset_invalid_user": "Mailbox not found or no recovery email is set",
         "policy_list_from_exists": "A record with given name exists",
         "policy_list_from_invalid": "Record has invalid format",
         "private_key_error": "Private key error: %s",
@@ -444,10 +454,12 @@
         "pushover_token": "Pushover token has a wrong format",
         "quota_not_0_not_numeric": "Quota must be numeric and >= 0",
         "recipient_map_entry_exists": "A Recipient map entry \"%s\" exists",
+        "recovery_email_failed": "Could not send a recovery email. Please contact your administrator.",
         "redis_error": "Redis error: %s",
         "relayhost_invalid": "Map entry %s is invalid",
         "release_send_failed": "Message could not be released: %s",
         "reset_f2b_regex": "Regex filter could not be reset in time, please try again or wait a few more seconds and reload the website.",
+        "reset_token_limit_exceeded": "Reset token limit has been exceeded. Please try again later.",
         "resource_invalid": "Resource name %s is invalid",
         "rl_timeframe": "Rate limit time frame is incorrect",
         "rspamd_ui_pw_length": "Rspamd UI password should be at least 6 chars long",
@@ -470,6 +482,7 @@
         "tls_policy_map_dest_invalid": "Policy destination is invalid",
         "tls_policy_map_entry_exists": "A TLS policy map entry \"%s\" exists",
         "tls_policy_map_parameter_invalid": "Policy parameter is invalid",
+        "to_invalid": "Recipient must not be empty",
         "totp_verification_failed": "TOTP verification failed",
         "transport_dest_exists": "Transport destination \"%s\" exists",
         "webauthn_verification_failed": "WebAuthn verification failed: %s",
@@ -638,6 +651,7 @@
         "none_inherit": "None / Inherit",
         "nexthop": "Next hop",
         "password": "Password",
+        "password_recovery_email": "Password recovery email",
         "password_repeat": "Confirmation password (repeat)",
         "previous": "Previous page",
         "private_comment": "Private comment",
@@ -741,12 +755,19 @@
         "session_expires": "Your session will expire in about 15 seconds"
     },
     "login": {
+        "back_to_mailcow": "Back to mailcow",
         "delayed": "Login was delayed by %s seconds.",
         "fido2_webauthn": "FIDO2/WebAuthn Login",
+        "forgot_password": "> Forgot Password?",
+        "invalid_pass_reset_token": "The reset password token is invalid or has expired.<br>Please request a new password reset link.",
         "login": "Login",
         "mobileconfig_info": "Please login as mailbox user to download the requested Apple connection profile.",
+        "new_password": "New Password",
+        "new_password_confirm": "Confirm new password",
         "other_logins": "Key login",
         "password": "Password",
+        "reset_password": "Reset Password",
+        "request_reset_password": "Request password change",
         "username": "Username"
     },
     "mailbox": {
@@ -1072,11 +1093,13 @@
         "nginx_reloaded": "Nginx was reloaded",
         "object_modified": "Changes to object %s have been saved",
         "password_policy_saved": "Password policy was saved successfully",
+        "password_changed_success": "Password was successfully changed",
         "pushover_settings_edited": "Pushover settings successfully set, please verify credentials.",
         "qlearn_spam": "Message ID %s was learned as spam and deleted",
         "queue_command_success": "Queue command completed successfully",
         "recipient_map_entry_deleted": "Recipient map ID %s has been deleted",
         "recipient_map_entry_saved": "Recipient map entry \"%s\" has been saved",
+        "recovery_email_sent": "Recovery email sent to %s",
         "relayhost_added": "Map entry %s has been added",
         "relayhost_removed": "Map entry %s has been removed",
         "reset_main_logo": "Reset to default logo",
@@ -1210,6 +1233,7 @@
         "password": "Password",
         "password_now": "Current password (confirm changes)",
         "password_repeat": "Password (repeat)",
+        "password_reset_info": "If no email for password recovery is provided, this function cannot be used.",
         "pushover_evaluate_x_prio": "Escalate high priority mail [<code>X-Priority: 1</code>]",
         "pushover_info": "Push notification settings will apply to all clean (non-spam) mail delivered to <b>%s</b> including aliases (shared, non-shared, tagged).",
         "pushover_only_x_prio": "Only consider high priority mail [<code>X-Priority: 1</code>]",
@@ -1220,6 +1244,7 @@
         "pushover_sound": "Sound",
         "pushover_vars": "When no sender filter is defined, all mails will be considered.<br>Regex filters as well as exact sender checks can be defined individually and will be considered sequentially. They do not depend on each other.<br>Useable variables for text and title (please take note of data protection policies)",
         "pushover_verify": "Verify credentials",
+        "pw_recovery_email": "Password recovery email",
         "q_add_header": "Junk folder",
         "q_all": "All categories",
         "q_reject": "Rejected",
diff --git a/data/web/reset-password.php b/data/web/reset-password.php
new file mode 100644
index 000000000..a0225dc6a
--- /dev/null
+++ b/data/web/reset-password.php
@@ -0,0 +1,31 @@
+<?php
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+
+if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'admin') {
+  header('Location: /debug');
+  exit();
+}
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'domainadmin') {
+  header('Location: /mailbox');
+  exit();
+}
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
+  header('Location: /user');
+  exit();
+}
+
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';
+$_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
+$_SESSION['index_query_string'] = $_SERVER['QUERY_STRING'];
+
+if (isset($_GET['token'])) $is_reset_token_valid = reset_password("check", $_GET['token']);
+else $is_reset_token_valid = False;
+
+$template = 'reset-password.twig';
+$template_data = [
+  'is_mobileconfig' => str_contains($_SESSION['index_query_string'], 'mobileconfig'),
+  'is_reset_token_valid' => $is_reset_token_valid,
+  'reset_token' => $_GET['token']
+];
+
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/footer.inc.php';
diff --git a/data/web/templates/admin.twig b/data/web/templates/admin.twig
index 33f2422b5..0d238eee7 100644
--- a/data/web/templates/admin.twig
+++ b/data/web/templates/admin.twig
@@ -22,7 +22,7 @@
         <li><button class="dropdown-item" data-bs-target="#tab-config-quarantine" aria-selected="false" aria-controls="tab-config-quarantine" role="tab" data-bs-toggle="tab">{{ lang.admin.quarantine }}</button></li>
         <li><button class="dropdown-item" data-bs-target="#tab-config-quota" aria-selected="false" aria-controls="tab-config-quota" role="tab" data-bs-toggle="tab">{{ lang.admin.quota_notifications }}</button></li>
         <li><button class="dropdown-item" data-bs-target="#tab-config-rsettings" aria-selected="false" aria-controls="tab-config-rsettings" role="tab" data-bs-toggle="tab">{{ lang.admin.rspamd_settings_map }}</button></li>
-        <li><button class="dropdown-item" data-bs-target="#tab-config-password-policy" aria-selected="false" aria-controls="tab-config-password-policy" role="tab" data-bs-toggle="tab">{{ lang.admin.password_policy }}</button></li>
+        <li><button class="dropdown-item" data-bs-target="#tab-config-password-settings" aria-selected="false" aria-controls="tab-config-password-settings" role="tab" data-bs-toggle="tab">{{ lang.admin.password_settings }}</button></li>
         <li><button class="dropdown-item" data-bs-target="#tab-config-customize" aria-selected="false" aria-controls="tab-config-customize" role="tab" data-bs-toggle="tab">{{ lang.admin.customize }}</button></li>
       </ul>
     </li>
@@ -51,7 +51,7 @@
         {% include 'admin/tab-config-quota.twig' %}
         {% include 'admin/tab-config-rsettings.twig' %}
         {% include 'admin/tab-config-customize.twig' %}
-        {% include 'admin/tab-config-password-policy.twig' %}
+        {% include 'admin/tab-config-password-settings.twig' %}
         {% include 'admin/tab-sys-mails.twig' %}
         {% include 'admin/tab-globalfilter-regex.twig' %}
       </div>
diff --git a/data/web/templates/admin/tab-config-password-policy.twig b/data/web/templates/admin/tab-config-password-policy.twig
deleted file mode 100644
index 8209ba542..000000000
--- a/data/web/templates/admin/tab-config-password-policy.twig
+++ /dev/null
@@ -1,40 +0,0 @@
-<div class="tab-pane fade" id="tab-config-password-policy" role="tabpanel" aria-labelledby="tab-config-password-policy">
-  <div class="card mb-4">
-    <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-password-policy" data-bs-toggle="collapse" aria-controls="collapse-tab-config-password-policy">
-        {{ lang.admin.password_policy }}
-      </button>
-      <span class="d-none d-md-block">{{ lang.admin.password_policy }}</span>
-    </div>
-    <div id="collapse-tab-config-password-policy" class="card-body collapse" data-bs-parent="#admin-content">
-      <form class="form-horizontal" data-id="passwordpolicy" role="form" method="post">
-        {% for name, value in password_complexity %}
-          {% if name == 'length' %}
-            <div class="row mb-4">
-              <label class="control-label col-sm-3 text-sm-end" for="length">{{ lang.admin.password_length }}:</label>
-              <div class="col-sm-2">
-                <input type="number" class="form-control" min="3" max="64" name="length" id="length" value="{{ value }}" required>
-              </div>
-            </div>
-          {% else %}
-            <input type="hidden" name="{{ name }}" value="0">
-            <div class="row mb-2">
-              <div class="offset-sm-3 col-sm-9">
-                <label>
-                  <input type="checkbox" class="form-check-input" name="{{ name }}" id="{{ name }}" value="1" {% if value == 1 %}checked{% endif %}> {{ lang.admin['password_policy_'~name] }}
-                </label>
-              </div>
-            </div>
-          {% endif %}
-        {% endfor %}
-        <div class="row mt-4 mb-2">
-          <div class="offset-sm-3 col-sm-9">
-            <div class="btn-group">
-              <button class="btn btn-sm d-block d-sm-inline btn-success" data-item="passwordpolicy" data-action="edit_selected" data-id="passwordpolicy" data-api-url='edit/passwordpolicy' data-api-attr='{}' href="#"><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
-            </div>
-          </div>
-        </div>
-      </form>
-    </div>
-  </div>
-</div>
diff --git a/data/web/templates/admin/tab-config-password-settings.twig b/data/web/templates/admin/tab-config-password-settings.twig
new file mode 100644
index 000000000..6b2c494c2
--- /dev/null
+++ b/data/web/templates/admin/tab-config-password-settings.twig
@@ -0,0 +1,102 @@
+<div class="tab-pane fade" id="tab-config-password-settings" role="tabpanel" aria-labelledby="tab-config-password-settings">
+  <div class="card mb-4">
+    <div class="card-header d-flex fs-5">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-password-settings" data-bs-toggle="collapse" aria-controls="collapse-tab-config-password-settings">
+        {{ lang.admin.password_settings }}
+      </button>
+      <span class="d-none d-md-block">{{ lang.admin.password_settings }}</span>
+    </div>
+    <div id="collapse-tab-config-password-settings" class="card-body collapse" data-bs-parent="#admin-content">
+      <form class="form-horizontal" data-id="passwordpolicy" role="form" method="post">
+        <div class="row">
+          <div class="col-sm-12">
+            <legend>
+              {{ lang.admin.password_policy }}
+            </legend>
+            <hr />
+          </div>
+        </div>
+        {% for name, value in password_complexity %}
+          {% if name == 'length' %}
+            <div class="row mb-4">
+              <label class="control-label col-sm-3 text-sm-end" for="length">{{ lang.admin.password_length }}:</label>
+              <div class="col-sm-2">
+                <input type="number" class="form-control" min="3" max="64" name="length" id="length" value="{{ value }}" required>
+              </div>
+            </div>
+          {% else %}
+            <input type="hidden" name="{{ name }}" value="0">
+            <div class="row mb-2">
+              <div class="offset-sm-3 col-sm-9">
+                <label>
+                  <input type="checkbox" class="form-check-input" name="{{ name }}" id="{{ name }}" value="1" {% if value == 1 %}checked{% endif %}> {{ lang.admin['password_policy_'~name] }}
+                </label>
+              </div>
+            </div>
+          {% endif %}
+        {% endfor %}
+        <div class="row mt-4 mb-2">
+          <div class="offset-sm-3 col-sm-9">
+            <div class="btn-group">
+              <button class="btn btn-sm d-block d-sm-inline btn-success" data-item="passwordpolicy" data-action="edit_selected" data-id="passwordpolicy" data-api-url='edit/passwordpolicy' data-api-attr='{}' href="#"><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
+            </div>
+          </div>
+        </div>
+      </form>
+
+      <form class="form" role="form" data-id="pw_reset_notification" method="post" style="margin-top: 50px;">
+        <div class="row">
+          <div class="col-sm-12">
+            <legend>
+              {{ lang.admin.password_reset_settings }}
+            </legend>
+            <hr />
+            <small>{{ lang.admin.reset_password_vars|raw }}</small><br><br>
+          </div>
+        </div>
+        <div class="row mb-4">
+          <div class="col-sm-6">
+            <div>
+              <label for="quota_notification_sender">{{ lang.admin.quota_notification_sender }}:</label>
+              <input type="email" class="form-control" id="quota_notification_sender" name="from" value="{{ pw_reset_data.from }}" placeholder="quota-warning@localhost">
+            </div>
+          </div>
+          <div class="col-sm-6">
+            <div>
+              <label for="quota_notification_subject">{{ lang.admin.quota_notification_subject }}:</label>
+              <input type="text" class="form-control" id="quota_notification_subject" name="subject" value="{{ pw_reset_data.subject }}" placeholder="Quota warning">
+            </div>
+          </div>
+        </div>
+        <div class="row">
+          <div class="col-12" data-bs-target="#text_template" style="cursor:pointer" unselectable="on" data-bs-toggle="collapse">
+            <span class="d-block"><i style="font-size:10pt;" class="bi bi-plus-square"></i> {{ lang.admin.password_reset_tmpl_text }}</span>
+            <small>{{ lang.admin.restore_template }}</small>
+          </div>
+          <div id="text_template" class="col-12 collapse">
+            <textarea autocorrect="off" spellcheck="false" autocapitalize="none" class="form-control textarea-code mb-2" rows="20" name="text_tmpl">{{ pw_reset_data.text_tmpl|raw }}</textarea>
+          </div>
+          <div class="col-12 mt-3" data-bs-target="#html_template" style="cursor:pointer" unselectable="on" data-bs-toggle="collapse">
+            <span class="d-block"><i style="font-size:10pt;" class="bi bi-plus-square"></i> {{ lang.admin.password_reset_tmpl_html }}</span>
+            <small>{{ lang.admin.restore_template }}</small>
+          </div>
+          <div id="html_template" class="col-12 collapse">
+            <textarea autocorrect="off" spellcheck="false" autocapitalize="none" class="form-control textarea-code" rows="20" name="html_tmpl">{{ pw_reset_data.html_tmpl|raw }}</textarea>
+          </div>
+        </div>
+        <div class="row">
+          <div class="col-sm-10">
+            <div>
+              <br>
+              <a type="button" class="btn btn-sm d-block d-sm-inline btn-success" data-action="edit_selected"
+                 data-item="pw_reset_notification"
+                 data-id="pw_reset_notification"
+                 data-api-url='edit/reset-password-notification'
+                 data-api-attr='{}'><i class="bi bi-check-lg"></i> {{ lang.user.save_changes }}</a>
+            </div>
+          </div>
+        </div>
+      </form>
+    </div>
+  </div>
+</div>
diff --git a/data/web/templates/edit/mailbox.twig b/data/web/templates/edit/mailbox.twig
index 8960ee938..8de0095f2 100644
--- a/data/web/templates/edit/mailbox.twig
+++ b/data/web/templates/edit/mailbox.twig
@@ -203,6 +203,13 @@
                       <input type="password" data-pwgen-field="true" class="form-control" name="password2" autocomplete="new-password">
                     </div>
                   </div>
+                  <div class="row mb-4">
+                    <label class="control-label col-sm-2" for="pw_recovery_email">{{ lang.edit.password_recovery_email }}</label>
+                    <div class="col-sm-10">
+                      <input type="email" class="form-control" name="pw_recovery_email" value="{{ result.attributes.recovery_email }}">
+                      <small class="text-muted">{{ lang.admin.password_reset_info }}</small>
+                    </div>
+                  </div>
                   <div data-acl="{{ acl.extend_sender_acl }}" class="row mb-4">
                     <label class="control-label col-sm-2" for="extended_sender_acl">{{ lang.edit.extended_sender_acl }}</label>
                     <div class="col-sm-10">
diff --git a/data/web/templates/index.twig b/data/web/templates/index.twig
index aa282547c..90e232caf 100644
--- a/data/web/templates/index.twig
+++ b/data/web/templates/index.twig
@@ -63,6 +63,9 @@
             {% endif %}
           </div>
         </form>
+        <div class="mt-3 mb-4">
+          <a href="/reset-password">{{ lang.login.forgot_password }}</a>
+        </div>
         {% if login_delay %}
         <p><div class="my-4 alert alert-info">{{ lang.login.delayed|format(login_delay) }}</b></div></p>
         {% endif %}
diff --git a/data/web/templates/modals/user.twig b/data/web/templates/modals/user.twig
index b4188773c..c9cd4b97e 100644
--- a/data/web/templates/modals/user.twig
+++ b/data/web/templates/modals/user.twig
@@ -309,6 +309,33 @@
     </div>
   </div>
 </div><!-- pw change modal -->
+<!-- pw recovery email modal -->
+<div class="modal fade" id="pwRecoveryEmailModal" tabindex="-1" role="dialog" aria-labelledby="pwRecoveryEmailModalLabel">
+  <div class="modal-dialog modal-lg" role="document">
+    <div class="modal-content">
+      <div class="modal-header">
+        <h3 class="modal-title">{{ lang.user.pw_recovery_email }}</h3>
+        <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
+      </div>
+      <div class="modal-body">
+        <form class="form-horizontal" data-cached-form="false" data-id="pw_recovery_change" role="form" method="post" autocomplete="off">
+          <div class="row mb-4">
+            <label class="control-label col-sm-3" for="pw_recovery_email">{{ lang.user.email }}</label>
+            <div class="col-sm-9">
+              <input type="email" class="form-control" name="pw_recovery_email" value="{{ mailboxdata.attributes.recovery_email }}">
+              <small class="text-muted">{{ lang.user.password_reset_info }}</small>
+            </div>
+          </div>
+          <div class="row">
+            <div class="offset-sm-3 col-sm-9">
+              <button class="btn btn-xs-lg d-block d-sm-inline btn-success" data-action="edit_selected" data-id="pw_recovery_change" data-item="null" data-api-url='edit/self' data-api-attr='{}' href="#">{{ lang.user.save }}</button>
+            </div>
+          </div>
+        </form>
+      </div>
+    </div>
+  </div>
+</div><!-- pw recovery email modal -->
 <!-- temp alias modal -->
 <div class="modal fade" id="tempAliasModal" tabindex="-1" role="dialog" aria-labelledby="tempAliasModalLabel">
   <div class="modal-dialog modal-lg" role="document">
diff --git a/data/web/templates/reset-password.twig b/data/web/templates/reset-password.twig
new file mode 100644
index 000000000..5eb2027a4
--- /dev/null
+++ b/data/web/templates/reset-password.twig
@@ -0,0 +1,57 @@
+{% extends 'base.twig' %}
+
+{% block navbar %}{% endblock %}
+
+{% block content %}
+<div class="row mb-4" style="margin-top: 60px">
+  <div class="col-12 col-md-7 col-lg-6 col-xl-5 ms-auto me-auto">
+    <div class="card">
+      <div class="card-header d-flex align-items-center">
+        <i class="bi bi-person-fill me-2"></i> {{ lang.login.reset_password }}
+        <div class="ms-auto form-check form-switch my-auto d-flex align-items-center">
+          <label class="form-check-label"><i class="bi bi-moon-fill"></i></label>
+          <input class="form-check-input ms-2" type="checkbox" id="dark-mode-toggle">
+        </div>
+      </div>
+      <div class="card-body">
+        <div class="text-center mailcow-logo mb-4">
+          <img class="main-logo" src="{{ logo|default('/img/cow_mailcow.svg') }}" alt="mailcow">
+          <img class="main-logo-dark" src="{{ logo_dark|default('/img/cow_mailcow.svg') }}" alt="mailcow-logo-dark">
+        </div>
+        <legend>{{ ui_texts.main_name|raw }}</legend><hr />
+
+        {% if is_reset_token_valid %}
+        <form method="post" autofill="off">
+          <input type="hidden" name="token" value="{{ reset_token }}" />
+          <input type="password" autocorrect="off" autocapitalize="none" class="form-control mb-2" name="new_password" placeholder="{{ lang.login.new_password }}" />
+          <input type="password" autocorrect="off" autocapitalize="none" class="form-control mb-2" name="new_password2" placeholder="{{ lang.login.new_password_confirm }}" />
+
+          <small id="mismatch_alert" class="text-danger d-none">{{ lang.login.password_mismatch }}</small>
+          <div class="d-flex justify-content-end mt-4" style="position: relative">
+            <button type="submit" class="btn btn-xs-lg d-block d-sm-inline btn-success" name="pw_reset">{{ lang.login.reset_password }}</button>
+          </div>
+        </form>
+        {% elseif reset_token is null %}
+        <form method="post" autofill="off">
+          <input type="text" autocorrect="off" autocapitalize="none" class="form-control mb-2" name="username" placeholder="{{ lang.login.username }}" />
+
+          <div class="d-flex justify-content-end mt-4" style="position: relative">
+            <button type="submit" class="btn btn-xs-lg d-block d-sm-inline btn-success" name="pw_reset_request">{{ lang.login.request_reset_password }}</button>
+          </div>
+        </form>
+        {% else %}
+        <p class="text-center">{{ lang.login.invalid_pass_reset_token|raw }}</p>
+        <a href="/">{{ lang.login.back_to_mailcow }}</a>
+        {% endif %}
+
+
+      </div>
+    </div>
+  </div>
+</div>
+
+<script type='text/javascript'>
+  var csrf_token = '{{ csrf_token }}';
+  var mailcow_cc_username = '{{ mailcow_cc_username }}';
+</script>
+{% endblock %}
diff --git a/data/web/templates/user/tab-user-auth.twig b/data/web/templates/user/tab-user-auth.twig
index bc15dfb05..24c9eb48e 100644
--- a/data/web/templates/user/tab-user-auth.twig
+++ b/data/web/templates/user/tab-user-auth.twig
@@ -50,6 +50,7 @@
           <p>{{ mailboxdata.quota_used|formatBytes(2) }} / {% if mailboxdata.quota == 0 %}∞{% else %}{{ mailboxdata.quota|formatBytes(2) }}{% endif %}<br>{{ mailboxdata.messages }} {{ lang.user.messages }}</p>
           <hr>
           <p><a href="#pwChangeModal" data-bs-toggle="modal"><i class="bi bi-pencil-fill"></i> {{ lang.user.change_password }}</a></p>
+          {% if acl.pw_reset == 1 %}<p><a href="#pwRecoveryEmailModal" data-bs-toggle="modal"><i class="bi bi-pencil-fill"></i> {{ lang.user.pw_recovery_email }}</a></p>{% endif %}
         </div>
       </div>
       <hr>

From c37bf0bb32aa58266d75ca84ac8f8f36f93d0939 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 31 Jul 2024 09:22:52 +0200
Subject: [PATCH 251/755] [Web] improve error handling for user password resets

---
 data/web/inc/functions.inc.php                | 40 +++++++------------
 data/web/lang/lang.de-de.json                 |  1 +
 data/web/lang/lang.en-gb.json                 |  1 +
 .../admin/tab-config-password-settings.twig   |  8 ++--
 4 files changed, 20 insertions(+), 30 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index af74d1407..562af71d3 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1137,7 +1137,7 @@ function edit_user_account($_data) {
       );
       return false;
     }
-    
+
     $pw_recovery_email = (!filter_var($pw_recovery_email, FILTER_VALIDATE_EMAIL)) ? '' : $pw_recovery_email;
     $stmt = $pdo->prepare("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.recovery_email', :recovery_email)
       WHERE `username` = :username");
@@ -2329,6 +2329,17 @@ function reset_password($action, $data = null) {
         return false;
       }
 
+      $pw_reset_notification = reset_password('get_notification', 'raw');
+      if (!$pw_reset_notification) return false;
+      if (empty($pw_reset_notification['from']) || empty($pw_reset_notification['subject'])) {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $action, $_data_log),
+          'msg' => 'password_reset_na'
+        );
+        return false;
+      }
+
       $stmt = $pdo->prepare("SELECT * FROM `mailbox`
         WHERE `username` = :username");
       $stmt->execute(array(':username' => $username));
@@ -2381,9 +2392,6 @@ function reset_password($action, $data = null) {
         ':token' => $token
       ));
 
-      $pw_reset_notification = reset_password('get_notification', 'raw');
-      if (!$pw_reset_notification) return false;
-
       $reset_link = getBaseURL() . "/reset-password?token=" . $token;
 
       $request_date = new DateTime();
@@ -2633,30 +2641,10 @@ function reset_password($action, $data = null) {
       $subject = $data['subject'];
       $from = preg_replace('/[\x00-\x1F\x80-\xFF]/', '', $data['from']);
 
-      if (filter_var($from, FILTER_VALIDATE_EMAIL) === false) {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $action, $_data_log),
-          'msg' => '???'
-        );
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $action, $_data_log),
-          'msg' => 'access_denied'
-        );
-        return false;
-      }
-
+      $from = (!filter_var($from, FILTER_VALIDATE_EMAIL)) ? "" : $from;
+      $subject = (empty($subject)) ? "" : $subject;
       $text = (empty($data['text_tmpl'])) ? "" : $data['text_tmpl'];
       $html = (empty($data['html_tmpl'])) ? "" : $data['html_tmpl'];
-      if (empty($text) && empty($html)) {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $action, $_data_log),
-          'msg' => 'access_denied'
-        );
-        return false;
-      }
 
       try {
         $redis->Set('PW_RESET_FROM', $from);
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index a734e09cb..189774eec 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -446,6 +446,7 @@
         "password_empty": "Passwort darf nicht leer sein",
         "password_mismatch": "Passwort-Wiederholung stimmt nicht überein",
         "password_reset_invalid_user": "Benutzer nicht gefunden oder keine E-Mail-Adresse zur Wiederherstellung eingerichtet",
+        "password_reset_na": "Die Passwortwiederherstellung ist momentan nicht verfügbar. Bitte wenden Sie sich an Ihren Administrator.",
         "policy_list_from_exists": "Ein Eintrag mit diesem Wert existiert bereits",
         "policy_list_from_invalid": "Eintrag hat ein ungültiges Format",
         "private_key_error": "Schlüsselfehler: %s",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 636c1aded..600441809 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -446,6 +446,7 @@
         "password_empty": "Password must not be empty",
         "password_mismatch": "Confirmation password does not match",
         "password_reset_invalid_user": "Mailbox not found or no recovery email is set",
+        "password_reset_na": "The password recovery is currently unavailable. Please contact your administrator.",
         "policy_list_from_exists": "A record with given name exists",
         "policy_list_from_invalid": "Record has invalid format",
         "private_key_error": "Private key error: %s",
diff --git a/data/web/templates/admin/tab-config-password-settings.twig b/data/web/templates/admin/tab-config-password-settings.twig
index 6b2c494c2..5998c6382 100644
--- a/data/web/templates/admin/tab-config-password-settings.twig
+++ b/data/web/templates/admin/tab-config-password-settings.twig
@@ -57,14 +57,14 @@
         <div class="row mb-4">
           <div class="col-sm-6">
             <div>
-              <label for="quota_notification_sender">{{ lang.admin.quota_notification_sender }}:</label>
-              <input type="email" class="form-control" id="quota_notification_sender" name="from" value="{{ pw_reset_data.from }}" placeholder="quota-warning@localhost">
+              <label for="pw_reset_from">{{ lang.admin.quota_notification_sender }}:</label>
+              <input type="email" class="form-control" id="pw_reset_from" name="from" value="{{ pw_reset_data.from }}">
             </div>
           </div>
           <div class="col-sm-6">
             <div>
-              <label for="quota_notification_subject">{{ lang.admin.quota_notification_subject }}:</label>
-              <input type="text" class="form-control" id="quota_notification_subject" name="subject" value="{{ pw_reset_data.subject }}" placeholder="Quota warning">
+              <label for="pw_reset_subject">{{ lang.admin.quota_notification_subject }}:</label>
+              <input type="text" class="form-control" id="pw_reset_subject" name="subject" value="{{ pw_reset_data.subject }}">
             </div>
           </div>
         </div>

From fbecd60e563d3e924e2c085681a5dfe976e692d9 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 31 Jul 2024 09:23:53 +0200
Subject: [PATCH 252/755] [Web] add new pw_reset acl to mailbox templates

---
 data/web/inc/functions.mailbox.inc.php         | 12 +++++++++---
 data/web/js/site/mailbox.js                    |  3 +++
 data/web/templates/edit/mailbox-templates.twig |  1 +
 data/web/templates/modals/mailbox.twig         |  2 ++
 4 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 7c9414f0a..ffcc38208 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -184,6 +184,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             'msg' => 'global_filter_written'
           );
           return true;
+        break;
         case 'filter':
           $sieve = new Sieve\SieveParser();
           if (!isset($_SESSION['acl']['filters']) || $_SESSION['acl']['filters'] != "1" ) {
@@ -1249,6 +1250,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             $_data['quarantine_notification'] = (in_array('quarantine_notification', $_data['acl'])) ? 1 : 0;
             $_data['quarantine_category'] = (in_array('quarantine_category', $_data['acl'])) ? 1 : 0;
             $_data['app_passwds'] = (in_array('app_passwds', $_data['acl'])) ? 1 : 0;
+            $_data['pw_reset'] = (in_array('pw_reset', $_data['acl'])) ? 1 : 0;
           } else {
             $_data['spam_alias'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_spam_alias']);
             $_data['tls_policy'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_tls_policy']);
@@ -1264,14 +1266,15 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             $_data['quarantine_notification'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_quarantine_notification']);
             $_data['quarantine_category'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_quarantine_category']);
             $_data['app_passwds'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_app_passwds']);     
+            $_data['pw_reset'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_pw_reset']);     
           }
 
           try {
             $stmt = $pdo->prepare("INSERT INTO `user_acl` 
               (`username`, `spam_alias`, `tls_policy`, `spam_score`, `spam_policy`, `delimiter_action`, `syncjobs`, `eas_reset`, `sogo_profile_reset`,
-                `pushover`, `quarantine`, `quarantine_attachments`, `quarantine_notification`, `quarantine_category`, `app_passwds`) 
+                `pushover`, `quarantine`, `quarantine_attachments`, `quarantine_notification`, `quarantine_category`, `app_passwds`, `pw_reset`) 
               VALUES (:username, :spam_alias, :tls_policy, :spam_score, :spam_policy, :delimiter_action, :syncjobs, :eas_reset, :sogo_profile_reset,
-                :pushover, :quarantine, :quarantine_attachments, :quarantine_notification, :quarantine_category, :app_passwds) ");
+                :pushover, :quarantine, :quarantine_attachments, :quarantine_notification, :quarantine_category, :app_passwds, :pw_reset) ");
             $stmt->execute(array(
               ':username' => $username,
               ':spam_alias' => $_data['spam_alias'],
@@ -1287,7 +1290,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               ':quarantine_attachments' => $_data['quarantine_attachments'],
               ':quarantine_notification' => $_data['quarantine_notification'],
               ':quarantine_category' => $_data['quarantine_category'],
-              ':app_passwds' => $_data['app_passwds']
+              ':app_passwds' => $_data['app_passwds'],
+              ':pw_reset' => $_data['pw_reset']
             ));
           }
           catch (PDOException $e) {
@@ -1576,6 +1580,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             $attr['acl_quarantine_notification'] = (in_array('quarantine_notification', $_data['acl'])) ? 1 : 0;
             $attr['acl_quarantine_category'] = (in_array('quarantine_category', $_data['acl'])) ? 1 : 0;
             $attr['acl_app_passwds'] = (in_array('app_passwds', $_data['acl'])) ? 1 : 0;
+            $attr['acl_pw_reset'] = (in_array('pw_reset', $_data['acl'])) ? 1 : 0;
           } else {
             $_data['acl'] = (array)$_data['acl'];
             $attr['acl_spam_alias'] = 0;
@@ -3276,6 +3281,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               $attr['acl_quarantine_notification'] = (in_array('quarantine_notification', $_data['acl'])) ? 1 : 0;
               $attr['acl_quarantine_category'] = (in_array('quarantine_category', $_data['acl'])) ? 1 : 0;
               $attr['acl_app_passwds'] = (in_array('app_passwds', $_data['acl'])) ? 1 : 0;
+              $attr['acl_pw_reset'] = (in_array('pw_reset', $_data['acl'])) ? 1 : 0;
             } else {    
               foreach ($is_now as $key => $value){
                 $attr[$key] = $is_now[$key];
diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index e2016e3ed..51dbcf435 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -380,6 +380,9 @@ $(document).ready(function() {
     if (template.acl_app_passwds == 1){
       acl.push("app_passwds");
     }
+    if (template.acl_pw_reset == 1){
+      acl.push("pw_reset");
+    }
     $('#user_acl').selectpicker('val', acl);
 
     $('#rl_value').val(template.rl_value);
diff --git a/data/web/templates/edit/mailbox-templates.twig b/data/web/templates/edit/mailbox-templates.twig
index f606bd452..6d150b263 100644
--- a/data/web/templates/edit/mailbox-templates.twig
+++ b/data/web/templates/edit/mailbox-templates.twig
@@ -112,6 +112,7 @@
           <option value="quarantine_notification" {% if template.attributes.acl_quarantine_notification == '1' %} selected{% endif %}>{{ lang.acl["quarantine_notification"] }}</option>
           <option value="quarantine_category" {% if template.attributes.acl_quarantine_category == '1' %} selected{% endif %}>{{ lang.acl["quarantine_category"] }}</option>
           <option value="app_passwds" {% if template.attributes.acl_app_passwds == '1' %} selected{% endif %}>{{ lang.acl["app_passwds"] }}</option>
+          <option value="pw_reset" {% if template.attributes.acl_pw_reset == '1' %} selected{% endif %}>{{ lang.acl["pw_reset"] }}</option>
         </select>
       </div>
     </div>
diff --git a/data/web/templates/modals/mailbox.twig b/data/web/templates/modals/mailbox.twig
index 6316d9fb0..0f1b23a7e 100644
--- a/data/web/templates/modals/mailbox.twig
+++ b/data/web/templates/modals/mailbox.twig
@@ -149,6 +149,7 @@
                   <option value="quarantine_notification" selected>{{ lang.acl["quarantine_notification"] }}</option>
                   <option value="quarantine_category" selected>{{ lang.acl["quarantine_category"] }}</option>
                   <option value="app_passwds" selected>{{ lang.acl["app_passwds"] }}</option>
+                  <option value="pw_reset" selected>{{ lang.acl["pw_reset"] }}</option>
               </select>
             </div>
           </div>
@@ -318,6 +319,7 @@
                 <option value="quarantine_notification" selected>{{ lang.acl["quarantine_notification"] }}</option>
                 <option value="quarantine_category" selected>{{ lang.acl["quarantine_category"] }}</option>
                 <option value="app_passwds" selected>{{ lang.acl["app_passwds"] }}</option>
+                <option value="pw_reset" selected>{{ lang.acl["pw_reset"] }}</option>
               </select>
             </div>
           </div>

From ff34eb12e2dbd9f9905aba0020fcb5921c2be7a0 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Thu, 1 Aug 2024 00:16:46 +0000
Subject: [PATCH 253/755] update postscreen_access.cidr

---
 data/conf/postfix/postscreen_access.cidr | 55 ++++--------------------
 1 file changed, 8 insertions(+), 47 deletions(-)

diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr
index e24e0fa76..78ffc3a89 100644
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@@ -1,6 +1,6 @@
-# Whitelist generated by Postwhite v3.4 on Mon Jul  1 00:16:55 UTC 2024
+# Whitelist generated by Postwhite v3.4 on Thu Aug  1 00:16:45 UTC 2024
 # https://github.com/stevejenkins/postwhite/
-# 1993 total rules
+# 1954 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
 2a01:111:f403:8000::/50	permit
@@ -19,11 +19,8 @@
 8.20.114.31	permit
 8.25.194.0/23	permit
 8.25.196.0/23	permit
-8.39.54.0/23	permit
-8.40.222.0/23	permit
 10.162.0.0/16	permit
 12.130.86.238	permit
-13.72.50.45	permit
 13.110.208.0/21	permit
 13.110.209.0/24	permit
 13.110.216.0/22	permit
@@ -44,6 +41,7 @@
 18.198.96.88	permit
 18.208.124.128/25	permit
 18.216.232.154	permit
+18.235.27.253	permit
 18.236.40.242	permit
 18.236.56.161	permit
 20.51.6.32/30	permit
@@ -66,7 +64,6 @@
 20.112.250.133	permit
 20.118.139.208/30	permit
 20.141.10.196	permit
-20.185.213.0/24	permit
 20.185.214.0/27	permit
 20.185.214.32/27	permit
 20.185.214.64/27	permit
@@ -112,13 +109,13 @@
 37.218.249.47	permit
 37.218.251.62	permit
 39.156.163.64/29	permit
-40.71.187.0/24	permit
 40.92.0.0/15	permit
 40.92.0.0/16	permit
 40.107.0.0/16	permit
 40.112.65.63	permit
 43.228.184.0/22	permit
 44.206.138.57	permit
+44.217.45.156	permit
 44.236.56.93	permit
 44.238.220.251	permit
 46.19.170.16	permit
@@ -181,6 +178,7 @@
 50.18.125.237	permit
 50.18.126.162	permit
 50.31.32.0/19	permit
+50.31.36.205	permit
 50.56.130.220/30	permit
 52.1.14.157	permit
 52.5.230.59	permit
@@ -202,7 +200,6 @@
 52.96.91.34	permit
 52.96.111.82	permit
 52.96.172.98	permit
-52.96.214.50	permit
 52.96.222.194	permit
 52.96.222.226	permit
 52.96.223.2	permit
@@ -223,10 +220,6 @@
 52.234.172.96/28	permit
 52.235.253.128	permit
 52.236.28.240/28	permit
-52.244.206.214	permit
-52.247.53.144	permit
-52.250.107.196	permit
-52.250.126.174	permit
 54.90.148.255	permit
 54.165.19.38	permit
 54.172.97.247	permit
@@ -331,7 +324,6 @@
 65.110.161.77	permit
 65.123.29.213	permit
 65.123.29.220	permit
-65.154.166.0/24	permit
 65.212.180.36	permit
 66.102.0.0/20	permit
 66.119.150.192/26	permit
@@ -450,7 +442,6 @@
 69.171.232.0/24	permit
 69.171.244.0/23	permit
 70.37.151.128/25	permit
-70.42.149.0/24	permit
 70.42.149.35	permit
 72.14.192.0/18	permit
 72.21.192.0/19	permit
@@ -567,7 +558,6 @@
 77.238.189.142	permit
 77.238.189.146/31	permit
 77.238.189.148/30	permit
-81.7.169.128/25	permit
 81.223.46.0/27	permit
 82.165.159.2	permit
 82.165.159.3	permit
@@ -1257,6 +1247,7 @@
 106.10.244.0/24	permit
 106.39.212.64/29	permit
 106.50.16.0/28	permit
+107.20.18.111	permit
 107.20.210.250	permit
 108.174.0.0/24	permit
 108.174.0.215	permit
@@ -1292,8 +1283,6 @@
 117.120.16.0/21	permit
 119.42.242.52/31	permit
 119.42.242.156	permit
-121.244.91.48	permit
-122.15.156.182	permit
 123.126.78.64/29	permit
 124.108.96.24/31	permit
 124.108.96.28/31	permit
@@ -1349,18 +1338,7 @@
 134.170.141.64/26	permit
 134.170.143.0/24	permit
 134.170.174.0/24	permit
-135.84.80.0/24	permit
-135.84.81.0/24	permit
-135.84.82.0/24	permit
-135.84.83.0/24	permit
 135.84.216.0/22	permit
-136.143.160.0/24	permit
-136.143.161.0/24	permit
-136.143.178.49	permit
-136.143.182.0/23	permit
-136.143.184.0/24	permit
-136.143.188.0/24	permit
-136.143.190.0/23	permit
 136.147.128.0/20	permit
 136.147.135.0/24	permit
 136.147.176.0/20	permit
@@ -1368,7 +1346,6 @@
 136.147.182.0/24	permit
 136.147.224.0/20	permit
 136.179.50.206	permit
-138.91.172.26	permit
 139.60.152.0/22	permit
 139.138.35.44	permit
 139.138.46.121	permit
@@ -1419,6 +1396,7 @@
 150.230.98.160	permit
 152.67.105.195	permit
 152.69.200.236	permit
+152.70.155.126	permit
 155.248.208.51	permit
 157.55.0.192/26	permit
 157.55.1.128/26	permit
@@ -1475,7 +1453,6 @@
 163.114.134.16	permit
 163.114.135.16	permit
 164.177.132.168/30	permit
-165.173.128.0/24	permit
 166.78.68.0/22	permit
 166.78.68.221	permit
 166.78.69.169	permit
@@ -1484,6 +1461,7 @@
 167.89.0.0/17	permit
 167.89.46.159	permit
 167.89.54.103	permit
+167.89.60.95	permit
 167.89.64.9	permit
 167.89.65.0	permit
 167.89.65.53	permit
@@ -1502,11 +1480,6 @@
 168.245.12.252	permit
 168.245.46.9	permit
 168.245.127.231	permit
-169.148.129.0/24	permit
-169.148.131.0/24	permit
-169.148.142.10	permit
-169.148.144.0/25	permit
-169.148.144.10	permit
 170.10.68.0/22	permit
 170.10.128.0/24	permit
 170.10.129.0/24	permit
@@ -1661,15 +1634,7 @@
 199.16.156.0/22	permit
 199.33.145.1	permit
 199.33.145.32	permit
-199.34.22.36	permit
 199.59.148.0/22	permit
-199.67.80.2	permit
-199.67.80.20	permit
-199.67.82.2	permit
-199.67.82.20	permit
-199.67.84.0/24	permit
-199.67.86.0/24	permit
-199.67.88.0/24	permit
 199.101.161.130	permit
 199.101.162.0/25	permit
 199.122.120.0/21	permit
@@ -1726,8 +1691,6 @@
 204.92.114.187	permit
 204.92.114.203	permit
 204.92.114.204/31	permit
-204.141.32.0/23	permit
-204.141.42.0/23	permit
 204.220.160.0/20	permit
 204.232.168.0/24	permit
 205.139.110.0/24	permit
@@ -1979,8 +1942,6 @@
 2603:1030:20e:3::23c	permit
 2603:1030:b:3::152	permit
 2603:1030:c02:8::14	permit
-2607:13c0:0001:0000:0000:0000:0000:7000/116	permit
-2607:13c0:0002:0000:0000:0000:0000:1000/116	permit
 2607:f8b0:4000::/36	permit
 2620:109:c003:104::/64	permit
 2620:109:c003:104::215	permit

From 82fde23cc1e42136444ea45e99dc15fea35afa28 Mon Sep 17 00:00:00 2001
From: Marcel Schuster <mrclschstr@users.noreply.github.com>
Date: Thu, 1 Aug 2024 19:14:29 +0200
Subject: [PATCH 254/755] Bump watchdog to v2.03

---
 docker-compose.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 3efd6a42b..1e444e0d7 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -460,7 +460,7 @@ services:
         - /lib/modules:/lib/modules:ro
 
     watchdog-mailcow:
-      image: mailcow/watchdog:2.02
+      image: mailcow/watchdog:2.03
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       tmpfs:
@@ -477,7 +477,6 @@ services:
         - mysql-mailcow
         - acme-mailcow
         - redis-mailcow
-
       environment:
         - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
         - LOG_LINES=${LOG_LINES:-9999}

From 3885b07a997719ed518ee8cbabf9dc4608f5aab3 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Mon, 5 Aug 2024 19:36:55 +0200
Subject: [PATCH 255/755] [Web] Updated lang.nb-no.json (#5980)

Co-authored-by: Christer Solstrand Johannessen <csjoh@users.noreply.translate.mailcow.email>
---
 data/web/lang/lang.nb-no.json | 143 ++++++++++++++++++++++++++++++++++
 1 file changed, 143 insertions(+)

diff --git a/data/web/lang/lang.nb-no.json b/data/web/lang/lang.nb-no.json
index 830d5b423..a6a7a0ca7 100644
--- a/data/web/lang/lang.nb-no.json
+++ b/data/web/lang/lang.nb-no.json
@@ -322,5 +322,148 @@
         "invalid_nexthop": "\"Next hop\"-format er ugyldig",
         "img_dimensions_exceeded": "Bildet overskriver maksimal bildestørrelse",
         "img_size_exceeded": "Bildet overskrider maksimal filstørrelse"
+    },
+    "debug": {
+        "logs": "Logger",
+        "update_available": "En oppdatering er tilgjengelig",
+        "service": "Tjeneste",
+        "show_ip": "Vis offentlig IP",
+        "solr_dead": "Solr starter, er deaktivert eller døde",
+        "memory": "Minne",
+        "online_users": "Tilkoblede brukere",
+        "restart_container": "Omstart",
+        "size": "Størrelse",
+        "solr_status": "Solr-status",
+        "started_at": "Startet ved",
+        "started_on": "Startet den",
+        "static_logs": "Statiske logger",
+        "success": "Suksess",
+        "system_containers": "System og kontainere",
+        "timezone": "Tidssone",
+        "uptime": "Oppetid",
+        "no_update_available": "Systemet kjører siste versjon",
+        "update_failed": "Kunne ikke se etter oppdateringer",
+        "username": "Brukernavn",
+        "wip": "Foreløpig under utvikling"
+    },
+    "diagnostics": {
+        "dns_records_24hours": "Vennligst vær oppmerksom på at endringer gjort i DNS kan ta opp til 24 timer før riktig status vises på denne siden. Den er ment som en måte for deg å enkelt se hvordan du kan sette opp DNS-oppføringene dine og se at alle oppføringer er korrekt lagret i DNS.",
+        "cname_from_a": "Verdi hentet fra A/AAAA-oppføring. Dette er støttet så lenge oppføringen peker til riktig ressurs.",
+        "dns_records_docs": "Vennligst også se <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">dokumentasjonen</a>.",
+        "dns_records": "DNS-oppføringer",
+        "dns_records_data": "Korrekte data",
+        "dns_records_name": "Navn",
+        "dns_records_status": "Nåværende status",
+        "dns_records_type": "Type",
+        "optional": "Denne oppføringen er valgfri."
+    },
+    "edit": {
+        "bcc_dest_format": "BCC-destinasjon må være en enkelt, gyldig epostadresse.<br>Hvis du trenger å sende en kopi til flere adresser, opprett et alias og bruk det her.",
+        "pushover_info": "Innstillinger for pushvarslinger vil gjelde alle rene (ikke-spam) eposter levert til <b>%s</b>, inkludert aliaser (delte, ikke-delte, taggede).",
+        "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Info</div> Du kan definere transportmappinger for et spesifikt mål for dette domenet. Hvis dette ikke er definert, blir det gjort et MX-oppslag.",
+        "delete2duplicates": "Slett duplikater på målvert",
+        "description": "Beskrivelse",
+        "disable_login": "Ikke tillat innlogging (innkommende epost blir likevel mottatt)",
+        "domain_admin": "Endre domeneadministrator",
+        "max_mailboxes": "Maks antall mailbokser",
+        "quota_warning_bcc_info": "Advarsler blir sendt som separate kopier til de følgende mottakerne. Emnet vil få lagt til det korresponderende brukernavnet i parantes, for eksempel: <code>Kvotevarsel (user@example.com)</code>.",
+        "domain_footer_skip_replies": "Ignorer bunntekst ved svar på epost",
+        "extended_sender_acl": "Eksterne avsenderadresser",
+        "extended_sender_acl_info": "En DKIM-domenenøkkel bør importeres, hvis tilgjengelig.<br>\n  Husk å legge denne serveren til den korresponderende SPF TXT-oppføringen.<br>\n  Når et domene eller aliasdomene legges til på denne serveren, og det overlapper med en ekstern adresse, blir den eksterne adressen fjernet.<br>\n  Bruk @domain.tld for å tillate sending som *@domain.tld.",
+        "password_repeat": "Bekreft passord (gjenta)",
+        "pushover_title": "Varslingstittel",
+        "pushover_vars": "Når et avsenderfilter ikke er definert, vil alle epostere bli vurdert.<br>Regex-filtre såvel så eksakte avsendersjekker kan bli individuelt definert og vil bli vurdert sekvensielt. De er ikke avhengige av hverandre.<br>Tilgjengelige variabler for tekst og tittel (vennligst observer policyer for databeskyttelse)",
+        "admin": "Endre administrator",
+        "domain_footer_info": "Bunntekst for hele domenet leggese til alle utgående eposter assosiert med en adresse innenfor dette domenet. <br> De følgende variablene kan brukes for bunnteksten:",
+        "domain_footer_info_vars": {
+            "custom": "{= foo =}         - Hvis mailboksen har en spesialattributt \"foo\" med verdi \"bar\", vil den vise \"bar\"",
+            "auth_user": "{= auth_user =}   - Autentisert brukernavn spesifisert av en MTA",
+            "from_user": "{= from_user =}   - Fra brukerdelen av konvolutten, f.eks. for \"moo@mailcow.tld\" vil den returnere \"moo\"",
+            "from_name": "{= from_name =}   - Fra-navn fra konvolutten, f.eks. for \"Mailcow &lt;moo@mailcow.tld&gt;\" vil den vise \"Mailcow\"",
+            "from_addr": "{= from_addr =}   - Fra adressedelen av konvolutten",
+            "from_domain": "{= from_domain =} - Fra domene-delen av konvolutten"
+        },
+        "mailbox_relayhost_info": "Aktiveres kun for mailboksen og direkte aliaser, overstyrer domene-videresendingsvert.",
+        "mbox_rl_info": "Denne begrensningen gjelder for SASL-innloggingsnavnet, dersom det er likt noen \"from\"-adresser benyttet av den innloggede brukeren. En mailboks-begrensning overstyrer en domene-begrensning.",
+        "allow_from_smtp_info": "La stå tom for å tillate alle avsendere.<br>IPv4/IPv6-adresser og -nettverk.",
+        "domain": "Endre domene",
+        "encryption": "Kryptering",
+        "exclude": "Ekskluder objekter (regex)",
+        "footer_exclude": "Ekskluder fra bunntekst",
+        "gal_info": "GAL inneholder alle objeker i et domene og kan ikke redigeres av noen brukere. Ledig/opptatt-informasjon i SOGo mangler dersom den deaktiveres! <b>Start SOGo på nytt for å aktivere endringene.</b>",
+        "grant_types": "Grant-typer",
+        "hostname": "Vertsnavn",
+        "inactive": "Inaktiv",
+        "kind": "Type",
+        "last_modified": "Sist endret",
+        "lookup_mx": "Målet er et regex-uttrykk for å matche mot MX_navnet (<code>*\\.google\\.com</code> for å route all epost som skal til en MX-server som slutter på google.com, via dette målet)",
+        "mailbox": "Endre mailboks",
+        "mailbox_quota_def": "Standardkvote for mailboks",
+        "max_quota": "Maks kvote pr. mailboks (MiB)",
+        "maxage": "Maksimal alder for meldinger, i dager, som vil hentes fra ekstern<br><small>(0 = ignorer alder)</small>",
+        "maxbytespersecond": "Maks bytes pr. sekund <br><small>(0 = ubegrenset)</small>",
+        "pushover_sender_array": "Bare vurder de følgende avsenderadressene <small>(komma-separert)</small>",
+        "pushover_sender_regex": "Vurder følgende avsender-regex",
+        "pushover_text": "Varslingstekst",
+        "pushover_sound": "Lyd",
+        "pushover_verify": "Bekreft identifikasjon",
+        "quota_mb": "Kvote (MiB)",
+        "quota_warning_bcc": "Kvotevarsling BCC",
+        "ratelimit": "Mengdebegrensning",
+        "domain_footer": "Bunntekst for hele domenet",
+        "private_comment": "Privat kommentar",
+        "public_comment": "Offentlig kommentar",
+        "client_id": "Klient-ID",
+        "full_name": "Fullt navn",
+        "gal": "Global adresseliste",
+        "max_aliases": "Maks. antall aliaser",
+        "mins_interval": "Intervall (min)",
+        "multiple_bookings": "Flere bookinger",
+        "none_inherit": "Ingen / arve",
+        "acl": "ACL (rettighet)",
+        "active": "Aktiv",
+        "advanced_settings": "Avanserte innstillinger",
+        "alias": "Endre alias",
+        "allow_from_smtp": "Tillat kun disse IPene å bruke <b>SMTP</b>",
+        "allowed_protocols": "Tillatte protokoller",
+        "app_name": "Appnavn",
+        "app_passwd": "App-passord",
+        "app_passwd_protocols": "Tillatte protokoller for app-passord",
+        "automap": "Prøv å automatisk mappe opp mapper (\"Sent items\", \"Sent\" => \"Sendt\" etc.)",
+        "backup_mx_options": "Videresendingsalternativer",
+        "client_secret": "Klient-hemmelighet",
+        "comment_info": "En privat kommentar er ikke synlig for brukeren, mens en offentlig kommentar vises som et tooltip når man holder muspekeren over det",
+        "created_on": "Opprettet den",
+        "custom_attributes": "Valgfrie attributter",
+        "delete1": "Slett fra kilde når fullført",
+        "delete2": "Slett meldinger på målvert som ikke finnes på kildeverten",
+        "delete_ays": "Vennligst bekreft slettingen.",
+        "domain_footer_html": "HTML-bunntekst",
+        "domain_footer_plain": "PLAIN-bunntekst",
+        "domain_quota": "Domenekvote",
+        "domains": "Domener",
+        "dont_check_sender_acl": "Deaktivere sendersjekk for domene %s (+ aliasdomener)",
+        "edit_alias_domain": "Endre aliasdomene",
+        "force_pw_update": "Tving endring av passord ved neste innlogging",
+        "force_pw_update_info": "Denne brukeren vil bare kunne logge inn på %s. App-passord kan fremdeles brukes.",
+        "generate": "generer",
+        "nexthop": "Neste hopp",
+        "password": "Passord",
+        "previous": "Forrige side",
+        "pushover": "Pushover",
+        "pushover_evaluate_x_prio": "Eskaler mail med høy prioritet [<code>X-Priority: 1</code>]",
+        "pushover_only_x_prio": "Bare vurder epost med høy prioritet [<code>X-Priority: 1</code>]",
+        "redirect_uri": "Omdirigerings-/tilbakekallings-URL",
+        "relay_all": "Videresend alle mottakere",
+        "relay_all_info": "↪ Hvis du velger å <b>ikke</b> videresende alle mottakkere, så må du legge til en (\"blind\") mailboks for hver eneste mottaker det skal videresendes for.",
+        "relay_domain": "Videresend dette domenet",
+        "relay_unknown_only": "Videresend kun ikke-eksisterende mailbokser. Eksisterende mailbokser vil bli levert lokalt.",
+        "relayhost": "Avsender-avhengige transportmetoder",
+        "remove": "Fjern",
+        "resource": "Ressurs",
+        "save": "Lagre endringer",
+        "scope": "Omfang",
+        "sender_acl": "Tillat å sende som",
+        "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">Avsender-sjekk er deaktivert</span>"
     }
 }

From c9187261430672f41fdb7b432444e270454278ff Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Tue, 6 Aug 2024 12:04:04 +0200
Subject: [PATCH 256/755] dovecot: fix precompiling of sieve scripts

---
 data/Dockerfiles/dovecot/docker-entrypoint.sh | 8 --------
 docker-compose.yml                            | 2 +-
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index b53c06bed..bd1a44f38 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -407,14 +407,6 @@ sievec /var/vmail/sieve/global_sieve_after.sieve
 sievec /usr/lib/dovecot/sieve/report-spam.sieve
 sievec /usr/lib/dovecot/sieve/report-ham.sieve
 
-for file in /var/vmail/*/*/sieve/*.sieve ; do
-  if [[ "$file" == "/var/vmail/*/*/sieve/*.sieve" ]]; then
-    continue
-  fi
-  sievec "$file" "$(dirname "$file")/../.dovecot.svbin"
-  chown vmail:vmail "$(dirname "$file")/../.dovecot.svbin"
-done
-
 # Fix permissions
 chown root:root /etc/dovecot/sql/*.conf
 chown root:dovecot /etc/dovecot/sql/dovecot-dict-sql-sieve* /etc/dovecot/sql/dovecot-dict-sql-quota* /etc/dovecot/lua/passwd-verify.lua
diff --git a/docker-compose.yml b/docker-compose.yml
index ece85026e..f673f1a0f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -221,7 +221,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:1.30
+      image: mailcow/dovecot:2.0
       depends_on:
         - mysql-mailcow
         - netfilter-mailcow

From 6ee0303b0f5b3953f66a21195eec1d08bdae1d98 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Tue, 6 Aug 2024 15:33:40 +0200
Subject: [PATCH 257/755] ui: added enotify and mime as valid options for ui

---
 data/web/inc/lib/sieve/extensions/enotify.xml | 33 +++++++++++
 data/web/inc/lib/sieve/extensions/mime.xml    | 58 +++++++++++++++++++
 2 files changed, 91 insertions(+)
 create mode 100644 data/web/inc/lib/sieve/extensions/enotify.xml
 create mode 100644 data/web/inc/lib/sieve/extensions/mime.xml

diff --git a/data/web/inc/lib/sieve/extensions/enotify.xml b/data/web/inc/lib/sieve/extensions/enotify.xml
new file mode 100644
index 000000000..b4686a333
--- /dev/null
+++ b/data/web/inc/lib/sieve/extensions/enotify.xml
@@ -0,0 +1,33 @@
+<?xml version='1.0' standalone='yes'?>
+
+<extension name="enotify">
+    <command name="notify">
+        <parameter type="tag" name="from" occurrence="optional">
+            <parameter type="string" name="from-address" />
+        </parameter>
+
+        <parameter type="tag" name="importance" regex="(1|2|3)" occurrence="optional" />
+
+        <parameter type="tag" name="options" occurrence="optional">
+            <parameter type="stringlist" name="option-strings" />
+        </parameter>
+
+        <parameter type="tag" name="message" occurrence="optional">
+            <parameter type="string" name="message-text" />
+        </parameter>
+
+        <parameter type="string" name="method" />
+    </command>
+
+    <test name="valid_notify_method">
+        <parameter type="stringlist" name="notification-uris" />
+    </test>
+
+    <test name="notify_method_capability">
+        <parameter type="string" name="notification-uri" />
+        <parameter type="string" name="notification-capability" />
+        <parameter type="stringlist" name="key-list" />
+    </test>
+
+    <modifier name="encodeurl" />
+</extension>
\ No newline at end of file
diff --git a/data/web/inc/lib/sieve/extensions/mime.xml b/data/web/inc/lib/sieve/extensions/mime.xml
new file mode 100644
index 000000000..d7e200f02
--- /dev/null
+++ b/data/web/inc/lib/sieve/extensions/mime.xml
@@ -0,0 +1,58 @@
+<?xml version='1.0' standalone='yes'?>
+
+<extension name="mime">
+    <command name="foreverypart">
+        <parameter type="string" name="name" occurrence="optional" />
+        <block />
+    </command>
+
+    <command name="break">
+        <parameter type="string" name="name" occurrence="optional" />
+    </command>
+
+    <tagged-argument extends="(header|address|exists)">
+        <parameter type="tag" name="mime" regex="mime" occurrence="optional" />
+    </tagged-argument>
+    <tagged-argument extends="(header|address|exists)">
+        <parameter type="tag" name="anychild" regex="anychild" occurrence="optional" />
+    </tagged-argument>
+    <tagged-argument extends="(header)">
+        <parameter type="tag" name="type" occurrence="optional" />
+    </tagged-argument>
+    <tagged-argument extends="(header)">
+        <parameter type="tag" name="subtype" occurrence="optional" />
+    </tagged-argument>
+    <tagged-argument extends="(header)">
+        <parameter type="tag" name="contenttype" occurrence="optional" />
+    </tagged-argument>
+    <tagged-argument extends="(header)">
+        <parameter type="tag" name="param" regex="param" occurrence="optional">
+            <parameter type="stringlist" name="param-list" />
+        </parameter>
+    </tagged-argument>
+    <tagged-argument extends="(header|address|exists)">
+        <parameter type="stringlist" name="header-names" />
+    </tagged-argument>
+    <tagged-argument extends="(header)">
+        <parameter type="stringlist" name="key-list" />
+    </tagged-argument>
+
+    <action name="replace">
+        <parameter type="tag" name="mime" regex="mime" occurrence="optional" />
+        <parameter type="string" name="subject" occurrence="optional" />
+        <parameter type="string" name="from" occurrence="optional" />
+        <parameter type="string" name="replacement" />
+    </action>
+
+    <action name="enclose">
+        <parameter type="string" name="subject" occurrence="optional" />
+        <parameter type="stringlist" name="headers" occurrence="optional" />
+        <parameter type="string" name="text" />
+    </action>
+
+    <action name="extracttext">
+        <parameter type="tag" name="first" regex="first" occurrence="optional" />
+        <parameter type="number" name="number" occurrence="optional" />
+        <parameter type="string" name="varname" />
+    </action>
+</extension>
\ No newline at end of file

From b0339372b5482781fffff6c39a286c01e5a2c65d Mon Sep 17 00:00:00 2001
From: Hassan A Hashim <h3ssan@protonmail.com>
Date: Tue, 6 Aug 2024 17:12:54 +0300
Subject: [PATCH 258/755] Check `mailcow.conf` exists before source it

---
 update.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/update.sh b/update.sh
index 0c8f85fed..ddfd06de4 100755
--- a/update.sh
+++ b/update.sh
@@ -404,12 +404,13 @@ while (($#)); do
   shift
 done
 
+[[ ! -f mailcow.conf ]] && { echo "mailcow.conf is missing! Is mailcow installed?"; exit 1;}
+
 chmod 600 mailcow.conf
 source mailcow.conf
 
 detect_docker_compose_command
 
-[[ ! -f mailcow.conf ]] && { echo "mailcow.conf is missing! Is mailcow installed?"; exit 1;}
 DOTS=${MAILCOW_HOSTNAME//[^.]};
 if [ ${#DOTS} -lt 1 ]; then
   echo -e "\e[31mMAILCOW_HOSTNAME (${MAILCOW_HOSTNAME}) is not a FQDN!\e[0m"

From 926af87cfb19cb3fdad8da992dccc2d506400079 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Tue, 6 Aug 2024 16:20:28 +0200
Subject: [PATCH 259/755] scripts: adding docker version check to align to docs
 (24.X)

---
 generate_config.sh | 10 ++++++++++
 update.sh          | 10 ++++++++++
 2 files changed, 20 insertions(+)

diff --git a/generate_config.sh b/generate_config.sh
index 4b99092b3..cc5ba1ce2 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -25,6 +25,16 @@ for bin in openssl curl docker git awk sha1sum grep cut; do
   if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
 done
 
+# Check Docker Version (need at least 24.X)
+docker_version=$(docker -v | grep -oP '\d+\.\d+\.\d+' | cut -d '.' -f 1)
+
+if [[ $docker_version -lt 24 ]]; then
+  echo -e "\e[31mCannot find Docker with a Version higher or equals 24.0.0\e[0m"
+  echo -e "\e[33mmailcow needs a newer Docker version to work properly...\e[0m"
+  echo -e "\e[31mPlease update your Docker installation... exiting\e[0m"
+  exit 1
+fi
+
 if docker compose > /dev/null 2>&1; then
     if docker compose version --short | grep -e "^2." -e "^v2." > /dev/null 2>&1; then
       COMPOSE_VERSION=native
diff --git a/update.sh b/update.sh
index 0c8f85fed..b07ebb0ad 100755
--- a/update.sh
+++ b/update.sh
@@ -328,6 +328,16 @@ for bin in curl docker git awk sha1sum grep cut; do
   fi  
 done
 
+# Check Docker Version (need at least 24.X)
+docker_version=$(docker -v | grep -oP '\d+\.\d+\.\d+' | cut -d '.' -f 1)
+
+if [[ $docker_version -lt 24 ]]; then
+  echo -e "\e[31mCannot find Docker with a Version higher or equals 24.0.0\e[0m"
+  echo -e "\e[33mmailcow needs a newer Docker version to work properly... continuing on your own risk!\e[0m"
+  echo -e "\e[31mPlease update your Docker installation... exiting\e[0m"
+  sleep 10
+fi
+
 export LC_ALL=C
 DATE=$(date +%Y-%m-%d_%H_%M_%S)
 BRANCH=$(cd ${SCRIPT_DIR}; git rev-parse --abbrev-ref HEAD)

From a001a0584f12c19efd6054b417284a5488f8eb74 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Tue, 6 Aug 2024 16:21:28 +0200
Subject: [PATCH 260/755] update.sh: fix text for min. docker ver

---
 update.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/update.sh b/update.sh
index b07ebb0ad..fe4ebf890 100755
--- a/update.sh
+++ b/update.sh
@@ -334,7 +334,7 @@ docker_version=$(docker -v | grep -oP '\d+\.\d+\.\d+' | cut -d '.' -f 1)
 if [[ $docker_version -lt 24 ]]; then
   echo -e "\e[31mCannot find Docker with a Version higher or equals 24.0.0\e[0m"
   echo -e "\e[33mmailcow needs a newer Docker version to work properly... continuing on your own risk!\e[0m"
-  echo -e "\e[31mPlease update your Docker installation... exiting\e[0m"
+  echo -e "\e[31mPlease update your Docker installation... sleeping 10s\e[0m"
   sleep 10
 fi
 

From cc0dc2eae090fec01320d619b0008e82bebca315 Mon Sep 17 00:00:00 2001
From: Hassan A Hashim <h3ssan@protonmail.com>
Date: Tue, 6 Aug 2024 17:51:46 +0300
Subject: [PATCH 261/755] Add color-coded error message for missing
 `mailcow.conf`

---
 update.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/update.sh b/update.sh
index ddfd06de4..6db943a0a 100755
--- a/update.sh
+++ b/update.sh
@@ -404,7 +404,7 @@ while (($#)); do
   shift
 done
 
-[[ ! -f mailcow.conf ]] && { echo "mailcow.conf is missing! Is mailcow installed?"; exit 1;}
+[[ ! -f mailcow.conf ]] && { echo -e "\e[31mmailcow.conf is missing! Is mailcow installed?\e[0m"; exit 1;}
 
 chmod 600 mailcow.conf
 source mailcow.conf

From e994cf4d0575aec5690663c2713f974f415db862 Mon Sep 17 00:00:00 2001
From: Hassan A Hashim <h3ssan@protonmail.com>
Date: Tue, 6 Aug 2024 20:38:18 +0300
Subject: [PATCH 262/755] Fix typo in `update.sh`: Proceeding

---
 update.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/update.sh b/update.sh
index fe4ebf890..5e1108107 100755
--- a/update.sh
+++ b/update.sh
@@ -434,7 +434,7 @@ elif [ ${#DOTS} -eq 1 ]; then
   echo "Find more information about why this message exists here: https://github.com/mailcow/mailcow-dockerized/issues/1572"
   read -r -p "Do you want to proceed anyway? [y/N] " response
   if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-    echo "OK. Procceding."
+    echo "OK. Proceeding."
   else
     echo "OK. Exiting."
     exit 1

From b3e0a6622297bc1c7d25d5d70ab84c7eab0943c7 Mon Sep 17 00:00:00 2001
From: Hassan A Hashim <h3ssan@protonmail.com>
Date: Tue, 6 Aug 2024 21:03:17 +0300
Subject: [PATCH 263/755] Fix typo: receiving updates from `an` unsupported
 branch

---
 update.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/update.sh b/update.sh
index 5e1108107..af18e7c6e 100755
--- a/update.sh
+++ b/update.sh
@@ -817,7 +817,7 @@ if ! [ $NEW_BRANCH ]; then
     echo -e "\e[33mTo change that run the update.sh Script one time with the --stable parameter to switch to stable builds.\e[0m"
 
   else
-    echo -e "\e[33mYou are receiving updates from a unsupported branch.\e[0m"
+    echo -e "\e[33mYou are receiving updates from an unsupported branch.\e[0m"
     sleep 1
     echo -e "\e[33mThe mailcow stack might still work but it is recommended to switch to the master branch (stable builds).\e[0m"
     echo -e "\e[33mTo change that run the update.sh Script one time with the --stable parameter to switch to stable builds.\e[0m"

From 292306b191f952d2b853fb02458e6fc9bf066c2b Mon Sep 17 00:00:00 2001
From: Hassan A Hashim <h3ssan@protonmail.com>
Date: Tue, 6 Aug 2024 21:12:20 +0300
Subject: [PATCH 264/755] Fix typos and English grammar in `update.sh`

German is different in using upper-case than English lol
---
 update.sh | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/update.sh b/update.sh
index af18e7c6e..148dfe670 100755
--- a/update.sh
+++ b/update.sh
@@ -828,14 +828,14 @@ elif [ $FORCE ]; then
   echo -e "\e[31mPlease rerun the update.sh Script without the --force/-f parameter.\e[0m"
   sleep 1
 elif [ $NEW_BRANCH == "master" ] && [ $CURRENT_BRANCH != "master" ]; then
-  echo -e "\e[33mYou are about to switch your mailcow Updates to the stable (master) branch.\e[0m"
+  echo -e "\e[33mYou are about to switch your mailcow updates to the stable (master) branch.\e[0m"
   sleep 1
-  echo -e "\e[33mBefore you do: Please take a backup of all components to ensure that no Data is lost...\e[0m"
+  echo -e "\e[33mBefore you do: Please take a backup of all components to ensure that no data is lost...\e[0m"
   sleep 1
-  echo -e "\e[31mWARNING: Please see on GitHub or ask in the communitys if a switch to master is stable or not.
-  In some rear cases a Update back to master can destroy your mailcow configuration in case of Database Upgrades etc.
-  Normally a upgrade back to master should be safe during each full release. 
-  Check GitHub for Database Changes and Update only if there similar to the full release!\e[0m"
+  echo -e "\e[31mWARNING: Please see on GitHub or ask in the community if a switch to master is stable or not.
+  In some rear cases an update back to master can destroy your mailcow configuration such as database upgrade, etc.
+  Normally an upgrade back to master should be safe during each full release.
+  Check GitHub for Database changes and update only if there similar to the full release!\e[0m"
   read -r -p "Are you sure you that want to continue upgrading to the stable (master) branch? [y/N] " response
   if [[ ! "${response}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
     echo "OK. If you prepared yourself for that please run the update.sh Script with the --stable parameter again to trigger this process here."

From 3bf90c1f73412073eca44219eb55a1c54d793406 Mon Sep 17 00:00:00 2001
From: Hassan A Hashim <h3ssan@protonmail.com>
Date: Tue, 6 Aug 2024 21:22:30 +0300
Subject: [PATCH 265/755] Fix typo for word `Potential` in `update.sh` file.

---
 update.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/update.sh b/update.sh
index 148dfe670..9191055dc 100755
--- a/update.sh
+++ b/update.sh
@@ -982,7 +982,7 @@ if [ ! $DEV ]; then
     echo -e "\e[31m\nOh no, what happened?\n=> You most likely added files to your local mailcow instance that were now added to the official mailcow repository. Please move them to another location before updating mailcow.\e[0m"
     exit 1
   elif [[ ${MERGE_RETURN} == 1 ]]; then
-    echo -e "\e[93mPotenial conflict, trying to fix...\e[0m"
+    echo -e "\e[93mPotential conflict, trying to fix...\e[0m"
     git status --porcelain | grep -E "UD|DU" | awk '{print $2}' | xargs rm -v
     git add -A
     git commit -m "After update on ${DATE}" > /dev/null

From edd85dea8dc194092aa4ae1b60ec943213ea0928 Mon Sep 17 00:00:00 2001
From: Hassan A Hashim <h3ssan@protonmail.com>
Date: Tue, 6 Aug 2024 22:44:59 +0300
Subject: [PATCH 266/755] Fix `LABEL` in Dockerfile, should be key=value

Refering to the [Official Docker Docs](`https://docs.docker.com/reference/dockerfile/#label`), clearly said the format of LABEL is `LABEL <key>=<value> <key>=<value> <key>=<value> ...`.
---
 data/Dockerfiles/acme/Dockerfile      | 2 +-
 data/Dockerfiles/clamd/Dockerfile     | 2 +-
 data/Dockerfiles/dockerapi/Dockerfile | 2 +-
 data/Dockerfiles/dovecot/Dockerfile   | 3 ++-
 data/Dockerfiles/netfilter/Dockerfile | 3 ++-
 data/Dockerfiles/olefy/Dockerfile     | 3 ++-
 data/Dockerfiles/phpfpm/Dockerfile    | 3 ++-
 data/Dockerfiles/postfix/Dockerfile   | 3 ++-
 data/Dockerfiles/rspamd/Dockerfile    | 3 ++-
 data/Dockerfiles/sogo/Dockerfile      | 3 ++-
 data/Dockerfiles/unbound/Dockerfile   | 2 +-
 data/Dockerfiles/watchdog/Dockerfile  | 3 ++-
 12 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/data/Dockerfiles/acme/Dockerfile b/data/Dockerfiles/acme/Dockerfile
index 8688e4400..8aa16ad58 100644
--- a/data/Dockerfiles/acme/Dockerfile
+++ b/data/Dockerfiles/acme/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:3.20
 
-LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
+LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
 
 RUN apk upgrade --no-cache \
diff --git a/data/Dockerfiles/clamd/Dockerfile b/data/Dockerfiles/clamd/Dockerfile
index ab1e2550f..1850d4bed 100644
--- a/data/Dockerfiles/clamd/Dockerfile
+++ b/data/Dockerfiles/clamd/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:3.20
 
-LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
+LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
 RUN apk upgrade --no-cache \
   && apk add --update --no-cache \
diff --git a/data/Dockerfiles/dockerapi/Dockerfile b/data/Dockerfiles/dockerapi/Dockerfile
index 511c46234..92c19dcc1 100644
--- a/data/Dockerfiles/dockerapi/Dockerfile
+++ b/data/Dockerfiles/dockerapi/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:3.20
 
-LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
+LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG PIP_BREAK_SYSTEM_PACKAGES=1
 WORKDIR /app
diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index 65028b173..a832bff6b 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -1,5 +1,6 @@
 FROM alpine:3.20
-LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
+
+LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
 # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced extractVersion=^(?<version>.*)$
 ARG GOSU_VERSION=1.16
diff --git a/data/Dockerfiles/netfilter/Dockerfile b/data/Dockerfiles/netfilter/Dockerfile
index 4f65f8e08..86f9e3f69 100644
--- a/data/Dockerfiles/netfilter/Dockerfile
+++ b/data/Dockerfiles/netfilter/Dockerfile
@@ -1,5 +1,6 @@
 FROM alpine:3.20
-LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
+
+LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
 WORKDIR /app
 
diff --git a/data/Dockerfiles/olefy/Dockerfile b/data/Dockerfiles/olefy/Dockerfile
index e71ea9ff2..3b2729134 100644
--- a/data/Dockerfiles/olefy/Dockerfile
+++ b/data/Dockerfiles/olefy/Dockerfile
@@ -1,5 +1,6 @@
 FROM alpine:3.20
-LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
+
+LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG PIP_BREAK_SYSTEM_PACKAGES=1
 WORKDIR /app
diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index 22036b9b3..0ac722b22 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -1,5 +1,6 @@
 FROM php:8.2-fpm-alpine3.18
-LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
+
+LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
 # renovate: datasource=github-tags depName=krakjoe/apcu versioning=semver-coerced extractVersion=^v(?<version>.*)$
 ARG APCU_PECL_VERSION=5.1.23
diff --git a/data/Dockerfiles/postfix/Dockerfile b/data/Dockerfiles/postfix/Dockerfile
index a45ce12b2..0f1911c62 100644
--- a/data/Dockerfiles/postfix/Dockerfile
+++ b/data/Dockerfiles/postfix/Dockerfile
@@ -1,5 +1,6 @@
 FROM debian:bookworm-slim
-LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
+
+LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
 ENV LC_ALL C
diff --git a/data/Dockerfiles/rspamd/Dockerfile b/data/Dockerfiles/rspamd/Dockerfile
index 07f0bc36b..769562443 100644
--- a/data/Dockerfiles/rspamd/Dockerfile
+++ b/data/Dockerfiles/rspamd/Dockerfile
@@ -1,5 +1,6 @@
 FROM debian:bullseye-slim
-LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
+
+LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
 ARG RSPAMD_VER=rspamd_3.7.5-2~8c86c1676   
diff --git a/data/Dockerfiles/sogo/Dockerfile b/data/Dockerfiles/sogo/Dockerfile
index 760c95014..6366c12ff 100644
--- a/data/Dockerfiles/sogo/Dockerfile
+++ b/data/Dockerfiles/sogo/Dockerfile
@@ -1,5 +1,6 @@
 FROM debian:bullseye-slim
-LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
+
+LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
 ARG DEBIAN_VERSION=bullseye
diff --git a/data/Dockerfiles/unbound/Dockerfile b/data/Dockerfiles/unbound/Dockerfile
index 0ad5a05f0..958d24e5f 100644
--- a/data/Dockerfiles/unbound/Dockerfile
+++ b/data/Dockerfiles/unbound/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:3.20
 
-LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
+LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
 RUN apk add --update --no-cache \
 	curl \
diff --git a/data/Dockerfiles/watchdog/Dockerfile b/data/Dockerfiles/watchdog/Dockerfile
index a844d73bc..0f3e7dfb9 100644
--- a/data/Dockerfiles/watchdog/Dockerfile
+++ b/data/Dockerfiles/watchdog/Dockerfile
@@ -1,5 +1,6 @@
 FROM alpine:3.20
-LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
+
+LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
 # Installation
 RUN apk add --update \

From 8fe1cc49618b4525c8ed163092a2a3271ccbf9e7 Mon Sep 17 00:00:00 2001
From: Kasim <kasim@rafique.co.uk>
Date: Mon, 22 Jul 2024 23:55:31 +0100
Subject: [PATCH 267/755] change nginx address

#5962
---
 data/Dockerfiles/acme/acme.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/acme/acme.sh b/data/Dockerfiles/acme/acme.sh
index 9d04d10ce..f6821af44 100755
--- a/data/Dockerfiles/acme/acme.sh
+++ b/data/Dockerfiles/acme/acme.sh
@@ -123,7 +123,7 @@ done
 log_f "Database OK"
 
 log_f "Waiting for Nginx..."
-until $(curl --output /dev/null --silent --head --fail http://nginx:8081); do
+until $(curl --output /dev/null --silent --head --fail http://nginx.mailcowdockerized_mailcow-network:8081); do
   sleep 2
 done
 log_f "Nginx OK"
@@ -137,7 +137,7 @@ log_f "Resolver OK"
 # Waiting for domain table
 log_f "Waiting for domain table..."
 while [[ -z ${DOMAIN_TABLE} ]]; do
-  curl --silent http://nginx/ >/dev/null 2>&1
+  curl --silent http://nginx.mailcowdockerized_mailcow-network/ >/dev/null 2>&1
   DOMAIN_TABLE=$(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SHOW TABLES LIKE 'domain'" -Bs)
   [[ -z ${DOMAIN_TABLE} ]] && sleep 10
 done

From 0cdf7647c4669eb84942e9a978f13817a5c80ac1 Mon Sep 17 00:00:00 2001
From: Kasim <kasim@rafique.co.uk>
Date: Wed, 24 Jul 2024 23:07:42 +0100
Subject: [PATCH 268/755] Include COMPOSE_PROJECT_NAME in Nginx url

---
 data/Dockerfiles/acme/acme.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/acme/acme.sh b/data/Dockerfiles/acme/acme.sh
index f6821af44..9682684e4 100755
--- a/data/Dockerfiles/acme/acme.sh
+++ b/data/Dockerfiles/acme/acme.sh
@@ -123,7 +123,7 @@ done
 log_f "Database OK"
 
 log_f "Waiting for Nginx..."
-until $(curl --output /dev/null --silent --head --fail http://nginx.mailcowdockerized_mailcow-network:8081); do
+until $(curl --output /dev/null --silent --head --fail http://nginx.${COMPOSE_PROJECT_NAME}_mailcow-network:8081); do
   sleep 2
 done
 log_f "Nginx OK"
@@ -137,7 +137,7 @@ log_f "Resolver OK"
 # Waiting for domain table
 log_f "Waiting for domain table..."
 while [[ -z ${DOMAIN_TABLE} ]]; do
-  curl --silent http://nginx.mailcowdockerized_mailcow-network/ >/dev/null 2>&1
+  curl --silent http://nginx.${COMPOSE_PROJECT_NAME}_mailcow-network/ >/dev/null 2>&1
   DOMAIN_TABLE=$(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SHOW TABLES LIKE 'domain'" -Bs)
   [[ -z ${DOMAIN_TABLE} ]] && sleep 10
 done

From b56291f62b07df92ebff1b119379c0007bfe9d47 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 7 Aug 2024 09:50:57 +0200
Subject: [PATCH 269/755] adapt scheme to affected curl containers (dirty
 way... but workaround)

---
 data/Dockerfiles/acme/reload-configurations.sh | 14 +++++++-------
 data/Dockerfiles/dovecot/rspamd-pipe-ham       |  6 +++---
 data/Dockerfiles/dovecot/rspamd-pipe-spam      |  6 +++---
 data/Dockerfiles/dovecot/sa-rules.sh           |  4 ++--
 data/Dockerfiles/phpfpm/docker-entrypoint.sh   | 10 +++++-----
 data/Dockerfiles/watchdog/watchdog.sh          | 14 +++++++-------
 6 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/data/Dockerfiles/acme/reload-configurations.sh b/data/Dockerfiles/acme/reload-configurations.sh
index d5461a4db..8d194b68b 100644
--- a/data/Dockerfiles/acme/reload-configurations.sh
+++ b/data/Dockerfiles/acme/reload-configurations.sh
@@ -2,32 +2,32 @@
 
 # Reading container IDs
 # Wrapping as array to ensure trimmed content when calling $NGINX etc.
-NGINX=($(curl --silent --insecure https://dockerapi/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], project: .Config.Labels[\"com.docker.compose.project\"], id: .Id}" | jq -rc "select( .name | tostring | contains(\"nginx-mailcow\")) | select( .project | tostring | contains(\"${COMPOSE_PROJECT_NAME,,}\")) | .id" | tr "\n" " "))
-DOVECOT=($(curl --silent --insecure https://dockerapi/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], project: .Config.Labels[\"com.docker.compose.project\"], id: .Id}" | jq -rc "select( .name | tostring | contains(\"dovecot-mailcow\")) | select( .project | tostring | contains(\"${COMPOSE_PROJECT_NAME,,}\")) | .id" | tr "\n" " "))
-POSTFIX=($(curl --silent --insecure https://dockerapi/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], project: .Config.Labels[\"com.docker.compose.project\"], id: .Id}" | jq -rc "select( .name | tostring | contains(\"postfix-mailcow\")) | select( .project | tostring | contains(\"${COMPOSE_PROJECT_NAME,,}\")) | .id" | tr "\n" " "))
+NGINX=($(curl --silent --insecure https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], project: .Config.Labels[\"com.docker.compose.project\"], id: .Id}" | jq -rc "select( .name | tostring | contains(\"nginx-mailcow\")) | select( .project | tostring | contains(\"${COMPOSE_PROJECT_NAME,,}\")) | .id" | tr "\n" " "))
+DOVECOT=($(curl --silent --insecure https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], project: .Config.Labels[\"com.docker.compose.project\"], id: .Id}" | jq -rc "select( .name | tostring | contains(\"dovecot-mailcow\")) | select( .project | tostring | contains(\"${COMPOSE_PROJECT_NAME,,}\")) | .id" | tr "\n" " "))
+POSTFIX=($(curl --silent --insecure https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], project: .Config.Labels[\"com.docker.compose.project\"], id: .Id}" | jq -rc "select( .name | tostring | contains(\"postfix-mailcow\")) | select( .project | tostring | contains(\"${COMPOSE_PROJECT_NAME,,}\")) | .id" | tr "\n" " "))
 
 reload_nginx(){
   echo "Reloading Nginx..."
-  NGINX_RELOAD_RET=$(curl -X POST --insecure https://dockerapi/containers/${NGINX}/exec -d '{"cmd":"reload", "task":"nginx"}' --silent -H 'Content-type: application/json' | jq -r .type)
+  NGINX_RELOAD_RET=$(curl -X POST --insecure https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/${NGINX}/exec -d '{"cmd":"reload", "task":"nginx"}' --silent -H 'Content-type: application/json' | jq -r .type)
   [[ ${NGINX_RELOAD_RET} != 'success' ]] && { echo "Could not reload Nginx, restarting container..."; restart_container ${NGINX} ; }
 }
 
 reload_dovecot(){
   echo "Reloading Dovecot..."
-  DOVECOT_RELOAD_RET=$(curl -X POST --insecure https://dockerapi/containers/${DOVECOT}/exec -d '{"cmd":"reload", "task":"dovecot"}' --silent -H 'Content-type: application/json' | jq -r .type)
+  DOVECOT_RELOAD_RET=$(curl -X POST --insecure https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/${DOVECOT}/exec -d '{"cmd":"reload", "task":"dovecot"}' --silent -H 'Content-type: application/json' | jq -r .type)
   [[ ${DOVECOT_RELOAD_RET} != 'success' ]] && { echo "Could not reload Dovecot, restarting container..."; restart_container ${DOVECOT} ; }
 }
 
 reload_postfix(){
   echo "Reloading Postfix..."
-  POSTFIX_RELOAD_RET=$(curl -X POST --insecure https://dockerapi/containers/${POSTFIX}/exec -d '{"cmd":"reload", "task":"postfix"}' --silent -H 'Content-type: application/json' | jq -r .type)
+  POSTFIX_RELOAD_RET=$(curl -X POST --insecure https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/${POSTFIX}/exec -d '{"cmd":"reload", "task":"postfix"}' --silent -H 'Content-type: application/json' | jq -r .type)
   [[ ${POSTFIX_RELOAD_RET} != 'success' ]] && { echo "Could not reload Postfix, restarting container..."; restart_container ${POSTFIX} ; }
 }
 
 restart_container(){
   for container in $*; do
     echo "Restarting ${container}..."
-    C_REST_OUT=$(curl -X POST --insecure https://dockerapi/containers/${container}/restart --silent | jq -r '.msg')
+    C_REST_OUT=$(curl -X POST --insecure https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/${container}/restart --silent | jq -r '.msg')
     echo "${C_REST_OUT}"
   done
 }
diff --git a/data/Dockerfiles/dovecot/rspamd-pipe-ham b/data/Dockerfiles/dovecot/rspamd-pipe-ham
index 732af8585..b9a84f1bf 100755
--- a/data/Dockerfiles/dovecot/rspamd-pipe-ham
+++ b/data/Dockerfiles/dovecot/rspamd-pipe-ham
@@ -3,8 +3,8 @@ FILE=/tmp/mail$$
 cat > $FILE
 trap "/bin/rm -f $FILE" 0 1 2 3 13 15
 
-cat ${FILE} | /usr/bin/curl -H "Flag: 11" -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd/fuzzydel
-cat ${FILE} | /usr/bin/curl -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd/learnham
-cat ${FILE} | /usr/bin/curl -H "Flag: 13" -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd/fuzzyadd
+cat ${FILE} | /usr/bin/curl -H "Flag: 11" -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd.${COMPOSE_PROJECT_NAME}_mailcow-network/fuzzydel
+cat ${FILE} | /usr/bin/curl -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd.${COMPOSE_PROJECT_NAME}_mailcow-network/learnham
+cat ${FILE} | /usr/bin/curl -H "Flag: 13" -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd.${COMPOSE_PROJECT_NAME}_mailcow-network/fuzzyadd
 
 exit 0
diff --git a/data/Dockerfiles/dovecot/rspamd-pipe-spam b/data/Dockerfiles/dovecot/rspamd-pipe-spam
index a4b91a01f..3f02c4872 100755
--- a/data/Dockerfiles/dovecot/rspamd-pipe-spam
+++ b/data/Dockerfiles/dovecot/rspamd-pipe-spam
@@ -3,8 +3,8 @@ FILE=/tmp/mail$$
 cat > $FILE
 trap "/bin/rm -f $FILE" 0 1 2 3 13 15
 
-cat ${FILE} | /usr/bin/curl -H "Flag: 13" -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd/fuzzydel
-cat ${FILE} | /usr/bin/curl -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd/learnspam
-cat ${FILE} | /usr/bin/curl -H "Flag: 11" -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd/fuzzyadd
+cat ${FILE} | /usr/bin/curl -H "Flag: 13" -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd.${COMPOSE_PROJECT_NAME}_mailcow-network/fuzzydel
+cat ${FILE} | /usr/bin/curl -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd.${COMPOSE_PROJECT_NAME}_mailcow-network/learnspam
+cat ${FILE} | /usr/bin/curl -H "Flag: 11" -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd.${COMPOSE_PROJECT_NAME}_mailcow-network/fuzzyadd
 
 exit 0
diff --git a/data/Dockerfiles/dovecot/sa-rules.sh b/data/Dockerfiles/dovecot/sa-rules.sh
index cbfeb5af2..107ea7172 100755
--- a/data/Dockerfiles/dovecot/sa-rules.sh
+++ b/data/Dockerfiles/dovecot/sa-rules.sh
@@ -21,11 +21,11 @@ sed -i -e 's/\([^\\]\)\$\([^\/]\)/\1\\$\2/g' /etc/rspamd/custom/sa-rules
 
 if [[ "$(cat /etc/rspamd/custom/sa-rules | md5sum | cut -d' ' -f1)" != "${HASH_SA_RULES}" ]]; then
   CONTAINER_NAME=rspamd-mailcow
-  CONTAINER_ID=$(curl --silent --insecure https://dockerapi/containers/json | \
+  CONTAINER_ID=$(curl --silent --insecure https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/json | \
     jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], project: .Config.Labels[\"com.docker.compose.project\"], id: .Id}" | \
     jq -rc "select( .name | tostring | contains(\"${CONTAINER_NAME}\")) | select( .project | tostring | contains(\"${COMPOSE_PROJECT_NAME,,}\")) | .id")
   if [[ ! -z ${CONTAINER_ID} ]]; then
-    curl --silent --insecure -XPOST --connect-timeout 15 --max-time 120 https://dockerapi/containers/${CONTAINER_ID}/restart
+    curl --silent --insecure -XPOST --connect-timeout 15 --max-time 120 https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/${CONTAINER_ID}/restart
   fi
 fi
 
diff --git a/data/Dockerfiles/phpfpm/docker-entrypoint.sh b/data/Dockerfiles/phpfpm/docker-entrypoint.sh
index e6c26fd19..87b4e298d 100755
--- a/data/Dockerfiles/phpfpm/docker-entrypoint.sh
+++ b/data/Dockerfiles/phpfpm/docker-entrypoint.sh
@@ -23,7 +23,7 @@ done
 # Check mysql_upgrade (master and slave)
 CONTAINER_ID=
 until [[ ! -z "${CONTAINER_ID}" ]] && [[ "${CONTAINER_ID}" =~ ^[[:alnum:]]*$ ]]; do
-  CONTAINER_ID=$(curl --silent --insecure https://dockerapi/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], project: .Config.Labels[\"com.docker.compose.project\"], id: .Id}" 2> /dev/null | jq -rc "select( .name | tostring | contains(\"mysql-mailcow\")) | select( .project | tostring | contains(\"${COMPOSE_PROJECT_NAME,,}\")) | .id" 2> /dev/null)
+  CONTAINER_ID=$(curl --silent --insecure https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], project: .Config.Labels[\"com.docker.compose.project\"], id: .Id}" 2> /dev/null | jq -rc "select( .name | tostring | contains(\"mysql-mailcow\")) | select( .project | tostring | contains(\"${COMPOSE_PROJECT_NAME,,}\")) | .id" 2> /dev/null)
   echo "Could not get mysql-mailcow container id... trying again"
   sleep 2
 done
@@ -35,7 +35,7 @@ until [[ ${SQL_UPGRADE_STATUS} == 'success' ]]; do
     echo "Tried to upgrade MySQL and failed, giving up after ${SQL_LOOP_C} retries and starting container (oops, not good)"
     break
   fi
-  SQL_FULL_UPGRADE_RETURN=$(curl --silent --insecure -XPOST https://dockerapi/containers/${CONTAINER_ID}/exec -d '{"cmd":"system", "task":"mysql_upgrade"}' --silent -H 'Content-type: application/json')
+  SQL_FULL_UPGRADE_RETURN=$(curl --silent --insecure -XPOST https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/${CONTAINER_ID}/exec -d '{"cmd":"system", "task":"mysql_upgrade"}' --silent -H 'Content-type: application/json')
   SQL_UPGRADE_STATUS=$(echo ${SQL_FULL_UPGRADE_RETURN} | jq -r .type)
   SQL_LOOP_C=$((SQL_LOOP_C+1))
   echo "SQL upgrade iteration #${SQL_LOOP_C}"
@@ -60,12 +60,12 @@ done
 
 # doing post-installation stuff, if SQL was upgraded (master and slave)
 if [ ${SQL_CHANGED} -eq 1 ]; then
-  POSTFIX=$(curl --silent --insecure https://dockerapi/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], project: .Config.Labels[\"com.docker.compose.project\"], id: .Id}" 2> /dev/null | jq -rc "select( .name | tostring | contains(\"postfix-mailcow\")) | select( .project | tostring | contains(\"${COMPOSE_PROJECT_NAME,,}\")) | .id" 2> /dev/null)
+  POSTFIX=$(curl --silent --insecure https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], project: .Config.Labels[\"com.docker.compose.project\"], id: .Id}" 2> /dev/null | jq -rc "select( .name | tostring | contains(\"postfix-mailcow\")) | select( .project | tostring | contains(\"${COMPOSE_PROJECT_NAME,,}\")) | .id" 2> /dev/null)
   if [[ -z "${POSTFIX}" ]] || ! [[ "${POSTFIX}" =~ ^[[:alnum:]]*$ ]]; then
     echo "Could not determine Postfix container ID, skipping Postfix restart."
   else
     echo "Restarting Postfix"
-    curl -X POST --silent --insecure https://dockerapi/containers/${POSTFIX}/restart | jq -r '.msg'
+    curl -X POST --silent --insecure https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/${POSTFIX}/restart | jq -r '.msg'
     echo "Sleeping 5 seconds..."
     sleep 5
   fi
@@ -74,7 +74,7 @@ fi
 # Check mysql tz import (master and slave)
 TZ_CHECK=$(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT CONVERT_TZ('2019-11-02 23:33:00','Europe/Berlin','UTC') AS time;" -BN 2> /dev/null)
 if [[ -z ${TZ_CHECK} ]] || [[ "${TZ_CHECK}" == "NULL" ]]; then
-  SQL_FULL_TZINFO_IMPORT_RETURN=$(curl --silent --insecure -XPOST https://dockerapi/containers/${CONTAINER_ID}/exec -d '{"cmd":"system", "task":"mysql_tzinfo_to_sql"}' --silent -H 'Content-type: application/json')
+  SQL_FULL_TZINFO_IMPORT_RETURN=$(curl --silent --insecure -XPOST https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/${CONTAINER_ID}/exec -d '{"cmd":"system", "task":"mysql_tzinfo_to_sql"}' --silent -H 'Content-type: application/json')
   echo "MySQL mysql_tzinfo_to_sql - debug output:"
   echo ${SQL_FULL_TZINFO_IMPORT_RETURN}
 fi
diff --git a/data/Dockerfiles/watchdog/watchdog.sh b/data/Dockerfiles/watchdog/watchdog.sh
index cb342c138..d4de6d8db 100755
--- a/data/Dockerfiles/watchdog/watchdog.sh
+++ b/data/Dockerfiles/watchdog/watchdog.sh
@@ -191,12 +191,12 @@ get_container_ip() {
     else
       sleep 0.5
       # get long container id for exact match
-      CONTAINER_ID=($(curl --silent --insecure https://dockerapi/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], project: .Config.Labels[\"com.docker.compose.project\"], id: .Id}" | jq -rc "select( .name | tostring == \"${1}\") | select( .project | tostring | contains(\"${COMPOSE_PROJECT_NAME,,}\")) | .id"))
+      CONTAINER_ID=($(curl --silent --insecure https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], project: .Config.Labels[\"com.docker.compose.project\"], id: .Id}" | jq -rc "select( .name | tostring == \"${1}\") | select( .project | tostring | contains(\"${COMPOSE_PROJECT_NAME,,}\")) | .id"))
       # returned id can have multiple elements (if scaled), shuffle for random test
       CONTAINER_ID=($(printf "%s\n" "${CONTAINER_ID[@]}" | shuf))
       if [[ ! -z ${CONTAINER_ID} ]]; then
         for matched_container in "${CONTAINER_ID[@]}"; do
-          CONTAINER_IPS=($(curl --silent --insecure https://dockerapi/containers/${matched_container}/json | jq -r '.NetworkSettings.Networks[].IPAddress'))
+          CONTAINER_IPS=($(curl --silent --insecure https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/${matched_container}/json | jq -r '.NetworkSettings.Networks[].IPAddress'))
           for ip_match in "${CONTAINER_IPS[@]}"; do
             # grep will do nothing if one of these vars is empty
             [[ -z ${ip_match} ]] && continue
@@ -716,7 +716,7 @@ rspamd_checks() {
 From: watchdog@localhost
 
 Empty
-' | usr/bin/curl --max-time 10 -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd/scan | jq -rc .default.required_score | sed 's/\..*//' )
+' | usr/bin/curl --max-time 10 -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd.${COMPOSE_PROJECT_NAME}_mailcow-network/scan | jq -rc .default.required_score | sed 's/\..*//' )
     if [[ ${SCORE} -ne 9999 ]]; then
       echo "Rspamd settings check failed, score returned: ${SCORE}" 2>> /tmp/rspamd-mailcow 1>&2
       err_count=$(( ${err_count} + 1))
@@ -1095,12 +1095,12 @@ while true; do
   elif [[ ${com_pipe_answer} =~ .+-mailcow ]]; then
     kill -STOP ${BACKGROUND_TASKS[*]}
     sleep 10
-    CONTAINER_ID=$(curl --silent --insecure https://dockerapi/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], project: .Config.Labels[\"com.docker.compose.project\"], id: .Id}" | jq -rc "select( .name | tostring | contains(\"${com_pipe_answer}\")) | select( .project | tostring | contains(\"${COMPOSE_PROJECT_NAME,,}\")) | .id")
+    CONTAINER_ID=$(curl --silent --insecure https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], project: .Config.Labels[\"com.docker.compose.project\"], id: .Id}" | jq -rc "select( .name | tostring | contains(\"${com_pipe_answer}\")) | select( .project | tostring | contains(\"${COMPOSE_PROJECT_NAME,,}\")) | .id")
     if [[ ! -z ${CONTAINER_ID} ]]; then
       if [[ "${com_pipe_answer}" == "php-fpm-mailcow" ]]; then
-        HAS_INITDB=$(curl --silent --insecure -XPOST https://dockerapi/containers/${CONTAINER_ID}/top | jq '.msg.Processes[] | contains(["php -c /usr/local/etc/php -f /web/inc/init_db.inc.php"])' | grep true)
+        HAS_INITDB=$(curl --silent --insecure -XPOST https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/${CONTAINER_ID}/top | jq '.msg.Processes[] | contains(["php -c /usr/local/etc/php -f /web/inc/init_db.inc.php"])' | grep true)
       fi
-      S_RUNNING=$(($(date +%s) - $(curl --silent --insecure https://dockerapi/containers/${CONTAINER_ID}/json | jq .State.StartedAt | xargs -n1 date +%s -d)))
+      S_RUNNING=$(($(date +%s) - $(curl --silent --insecure https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/${CONTAINER_ID}/json | jq .State.StartedAt | xargs -n1 date +%s -d)))
       if [ ${S_RUNNING} -lt 360 ]; then
         log_msg "Container is running for less than 360 seconds, skipping action..."
       elif [[ ! -z ${HAS_INITDB} ]]; then
@@ -1108,7 +1108,7 @@ while true; do
         sleep 60
       else
         log_msg "Sending restart command to ${CONTAINER_ID}..."
-        curl --silent --insecure -XPOST https://dockerapi/containers/${CONTAINER_ID}/restart
+        curl --silent --insecure -XPOST https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/${CONTAINER_ID}/restart
         notify_error "${com_pipe_answer}"
         log_msg "Wait for restarted container to settle and continue watching..."
         sleep 35

From a4c006828e7d167b41fd9856262ac5bbbd343c14 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 7 Aug 2024 09:51:47 +0200
Subject: [PATCH 270/755] compose: bump container tags

---
 docker-compose.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index f673f1a0f..b58754819 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -110,7 +110,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.87
+      image: mailcow/phpfpm:1.88
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow
@@ -405,7 +405,7 @@ services:
           condition: service_started
         unbound-mailcow:
           condition: service_healthy
-      image: mailcow/acme:1.88
+      image: mailcow/acme:1.89
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:

From 2fe21e964126e0f4a251ad72443f21ef622c6edb Mon Sep 17 00:00:00 2001
From: Hassan A Hashim <h3ssan@protonmail.com>
Date: Wed, 7 Aug 2024 14:57:36 +0300
Subject: [PATCH 271/755] Refactor: `update.sh` script with `--help` should
 exit with status code 0

---
 update.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/update.sh b/update.sh
index 38942cc5d..b89514e58 100755
--- a/update.sh
+++ b/update.sh
@@ -409,7 +409,7 @@ while (($#)); do
   -f|--force           -   Force update, do not ask questions
   -d|--dev             -   Enables Developer Mode (No Checkout of update.sh for tests)
 '
-    exit 1
+    exit 0
   esac
   shift
 done

From 4b400eadb1112c07d8e6ac523cebf099912210e2 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 6 Jun 2024 10:30:59 +0200
Subject: [PATCH 272/755] rspamd: Added DQS RBLs when key is set

---
 data/Dockerfiles/rspamd/docker-entrypoint.sh | 188 ++++++++++++++
 data/conf/rspamd/local.d/rbl.conf            |   6 +-
 data/conf/rspamd/local.d/rbl_group.conf      | 257 +++++++++++++++++++
 3 files changed, 450 insertions(+), 1 deletion(-)

diff --git a/data/Dockerfiles/rspamd/docker-entrypoint.sh b/data/Dockerfiles/rspamd/docker-entrypoint.sh
index 8af7619c2..a6141c57f 100755
--- a/data/Dockerfiles/rspamd/docker-entrypoint.sh
+++ b/data/Dockerfiles/rspamd/docker-entrypoint.sh
@@ -124,4 +124,192 @@ for file in /hooks/*; do
   fi
 done
 
+# If DQS KEY is set in mailcow.conf add Spamhaus DQS RBLs
+if [[ ! -z ${SPAMHAUS_DQS_KEY} ]]; then
+    cat <<EOF > /etc/rspamd/custom/dqs-rbl.conf
+  # Autogenerated by mailcow. DO NOT TOUCH!
+  rbls {
+    spamhaus {
+        rbl = "${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net";
+        from = false;
+    }
+    spamhaus_from {
+        from = true;
+        received = false;
+        rbl = "${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net";
+        returncodes {
+          SPAMHAUS_ZEN = [ "127.0.0.2", "127.0.0.3", "127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7", "127.0.0.9", "127.0.0.10", "127.0.0.11" ];
+        }
+    }
+    spamhaus_authbl_received {
+        # Check if the sender client is listed in AuthBL (AuthBL is *not* part of ZEN)
+        rbl = "${SPAMHAUS_DQS_KEY}.authbl.dq.spamhaus.net";
+        from = false;
+        received = true;
+        ipv6 = true;
+        returncodes {
+          SH_AUTHBL_RECEIVED = "127.0.0.20"
+        }
+    }
+    spamhaus_dbl {
+        # Add checks on the HELO string
+        rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net";
+        helo = true;
+        rdns = true;
+        dkim = true;
+        disable_monitoring = true;
+        returncodes {
+            RBL_DBL_SPAM = "127.0.1.2";
+            RBL_DBL_PHISH = "127.0.1.4";
+            RBL_DBL_MALWARE = "127.0.1.5";
+            RBL_DBL_BOTNET = "127.0.1.6";
+            RBL_DBL_ABUSED_SPAM = "127.0.1.102";
+            RBL_DBL_ABUSED_PHISH = "127.0.1.104";
+            RBL_DBL_ABUSED_MALWARE = "127.0.1.105";
+            RBL_DBL_ABUSED_BOTNET = "127.0.1.106";
+            RBL_DBL_DONT_QUERY_IPS = "127.0.1.255";
+        }
+    }
+    spamhaus_dbl_fullurls {
+        ignore_defaults = true;
+        no_ip = true;
+        rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net";
+        selector = 'urls:get_host'
+        disable_monitoring = true;
+        returncodes {
+            DBLABUSED_SPAM_FULLURLS = "127.0.1.102";
+            DBLABUSED_PHISH_FULLURLS = "127.0.1.104";
+            DBLABUSED_MALWARE_FULLURLS = "127.0.1.105";
+            DBLABUSED_BOTNET_FULLURLS = "127.0.1.106";
+        }
+    }
+    spamhaus_zrd {
+        # Add checks on the HELO string also for DQS
+        rbl = "${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net";
+        helo = true;
+        rdns = true;
+        dkim = true;
+        disable_monitoring = true;
+        returncodes {
+            RBL_ZRD_VERY_FRESH_DOMAIN = ["127.0.2.2", "127.0.2.3", "127.0.2.4"];
+            RBL_ZRD_FRESH_DOMAIN = [
+              "127.0.2.5", "127.0.2.6", "127.0.2.7", "127.0.2.8", "127.0.2.9", "127.0.2.10", "127.0.2.11", "127.0.2.12", "127.0.2.13", "127.0.2.14", "127.0.2.15", "127.0.2.16", "127.0.2.17", "127.0.2.18", "127.0.2.19", "127.0.2.20", "127.0.2.21", "127.0.2.22", "127.0.2.23", "127.0.2.24"
+            ];
+            RBL_ZRD_DONT_QUERY_IPS = "127.0.2.255";
+        }
+    }
+    "SPAMHAUS_ZEN_URIBL" {
+      enabled = true;
+      rbl = "${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net";
+      resolve_ip = true;
+      checks = ['urls'];
+      replyto = true;
+      emails = true;
+      ipv4 = true;
+      ipv6 = true;
+      emails_domainonly = true;
+      returncodes {
+        URIBL_SBL = "127.0.0.2";
+        URIBL_SBL_CSS = "127.0.0.3";
+        URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"];
+        URIBL_PBL = ["127.0.0.10", "127.0.0.11"];
+        URIBL_DROP = "127.0.0.9";
+      }
+    }
+    SH_EMAIL_DBL {
+      ignore_defaults = true;
+      replyto = true;
+      emails_domainonly = true;
+      disable_monitoring = true;
+      rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net"
+      returncodes = {
+        SH_EMAIL_DBL = [
+          "127.0.1.2",
+          "127.0.1.4",
+          "127.0.1.5",
+          "127.0.1.6"
+        ];
+        SH_EMAIL_DBL_ABUSED = [
+          "127.0.1.102",
+          "127.0.1.104",
+          "127.0.1.105",
+          "127.0.1.106"
+        ];
+        SH_EMAIL_DBL_DONT_QUERY_IPS = [ "127.0.1.255" ];
+      }
+    }
+    SH_EMAIL_ZRD {
+      ignore_defaults = true;
+      replyto = true;
+      emails_domainonly = true;
+      disable_monitoring = true;
+      rbl = "${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net"
+      returncodes = {
+        SH_EMAIL_ZRD_VERY_FRESH_DOMAIN = ["127.0.2.2", "127.0.2.3", "127.0.2.4"];
+        SH_EMAIL_ZRD_FRESH_DOMAIN = [
+          "127.0.2.5", "127.0.2.6", "127.0.2.7", "127.0.2.8", "127.0.2.9", "127.0.2.10", "127.0.2.11", "127.0.2.12", "127.0.2.13", "127.0.2.14", "127.0.2.15", "127.0.2.16", "127.0.2.17", "127.0.2.18", "127.0.2.19", "127.0.2.20", "127.0.2.21", "127.0.2.22", "127.0.2.23", "127.0.2.24"
+        ];
+        SH_EMAIL_ZRD_DONT_QUERY_IPS = [ "127.0.2.255" ];
+      }
+  }
+  "DBL" {
+      # override the defaults for DBL defined in modules.d/rbl.conf
+      rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net";
+      disable_monitoring = true;
+  }
+  "ZRD" {
+      ignore_defaults = true;
+      rbl = "${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net";
+      no_ip = true;
+      dkim = true;
+      emails = true;
+      emails_domainonly = true;
+      urls = true;
+      returncodes = {
+          ZRD_VERY_FRESH_DOMAIN = ["127.0.2.2", "127.0.2.3", "127.0.2.4"];
+          ZRD_FRESH_DOMAIN = ["127.0.2.5", "127.0.2.6", "127.0.2.7", "127.0.2.8", "127.0.2.9", "127.0.2.10", "127.0.2.11", "127.0.2.12", "127.0.2.13", "127.0.2.14", "127.0.2.15", "127.0.2.16", "127.0.2.17", "127.0.2.18", "127.0.2.19", "127.0.2.20", "127.0.2.21", "127.0.2.22", "127.0.2.23", "127.0.2.24"];
+      }
+  }
+  spamhaus_sbl_url {
+        ignore_defaults = true
+        rbl = "${SPAMHAUS_DQS_KEY}.sbl.dq.spamhaus.net";
+        checks = ['urls'];
+        disable_monitoring = true;
+        returncodes {
+            SPAMHAUS_SBL_URL = "127.0.0.2";
+        }
+    }
+
+    SH_HBL_EMAIL {
+      ignore_defaults = true;
+      rbl = "_email.${SPAMHAUS_DQS_KEY}.hbl.dq.spamhaus.net";
+      emails_domainonly = false;
+      selector = "from('smtp').lower;from('mime').lower";
+      ignore_whitelist = true;
+      checks = ['emails', 'replyto'];
+      hash = "sha1";
+      returncodes = {
+        SH_HBL_EMAIL = [
+          "127.0.3.2"
+        ];
+      }
+    }
+
+    spamhaus_dqs_hbl {
+      symbol = "HBL_FILE_UNKNOWN";
+      rbl = "_file.${SPAMHAUS_DQS_KEY}.hbl.dq.spamhaus.net.";
+      selector = "attachments('rbase32', 'sha256')";
+      ignore_whitelist = true;
+      ignore_defaults = true;
+      returncodes {
+        SH_HBL_FILE_MALICIOUS = "127.0.3.10";
+        SH_HBL_FILE_SUSPICIOUS = "127.0.3.15";
+      }
+    }
+  }
+EOF
+else
+  rm -rf /etc/rspamd/custom/dqs-rbl.conf
+fi
+
 exec "$@"
diff --git a/data/conf/rspamd/local.d/rbl.conf b/data/conf/rspamd/local.d/rbl.conf
index d49dae034..509435d5d 100644
--- a/data/conf/rspamd/local.d/rbl.conf
+++ b/data/conf/rspamd/local.d/rbl.conf
@@ -2,6 +2,7 @@ rbls {
   interserver_ip {
     symbol = "RBL_INTERSERVER_IP";
     rbl = "rbl.interserver.net";
+    from = true;
     ipv6 = false;
     returncodes {
       RBL_INTERSERVER_BAD_IP = "127.0.0.2";
@@ -19,4 +20,7 @@ rbls {
       RBL_INTERSERVER_BAD_URI = "127.0.0.2";
     }
   }
-}
+
+.include(try=true,priority=5) "$LOCAL_CONFDIR/custom/dqs-rbl.conf"  
+
+}
\ No newline at end of file
diff --git a/data/conf/rspamd/local.d/rbl_group.conf b/data/conf/rspamd/local.d/rbl_group.conf
index 4d346f158..916de4ef0 100644
--- a/data/conf/rspamd/local.d/rbl_group.conf
+++ b/data/conf/rspamd/local.d/rbl_group.conf
@@ -17,4 +17,261 @@ symbols = {
     score = 4.0;
     description = "Listed on Interserver RBL";
   }
+
+  "SPAMHAUS_ZEN" {
+      weight = 7.0;
+      }
+  "SH_AUTHBL_RECEIVED" {
+      weight = 4.0;
+      }
+  "RBL_DBL_SPAM" {
+      weight = 7.0;
+      }
+  "RBL_DBL_PHISH" {
+      weight = 7.0;
+      }
+  "RBL_DBL_MALWARE" {
+      weight = 7.0;
+      }
+  "RBL_DBL_BOTNET" {
+      weight = 7.0;
+      }
+  "RBL_DBL_ABUSED_SPAM" {
+      weight = 3.0;
+      }
+  "RBL_DBL_ABUSED_PHISH" {
+      weight = 3.0;
+      }
+  "RBL_DBL_ABUSED_MALWARE" {
+      weight = 3.0;
+      }
+  "RBL_DBL_ABUSED_BOTNET" {
+      weight = 3.0;
+      }
+  "RBL_ZRD_VERY_FRESH_DOMAIN" {
+      weight = 7.0;
+      }
+  "RBL_ZRD_FRESH_DOMAIN" {
+      weight = 4.0;
+      }
+  "ZRD_VERY_FRESH_DOMAIN" {
+      weight = 7.0;
+      }
+  "ZRD_FRESH_DOMAIN" {
+      weight = 4.0;
+      }
+  "SH_EMAIL_DBL" {
+      weight = 7.0;
+      }
+  "SH_EMAIL_DBL_ABUSED" {
+      weight = 7.0;
+      }
+  "SH_EMAIL_ZRD_VERY_FRESH_DOMAIN" {
+      weight = 7.0;
+      }
+  "SH_EMAIL_ZRD_FRESH_DOMAIN" {
+      weight = 4.0;
+      }
+  "RBL_DBL_DONT_QUERY_IPS" {
+      weight = 0.0;
+      }
+  "RBL_ZRD_DONT_QUERY_IPS" {
+      weight = 0.0;
+      }
+  "SH_EMAIL_ZRD_DONT_QUERY_IPS" {
+      weight = 0.0;
+      }
+  "SH_EMAIL_DBL_DONT_QUERY_IPS" {
+      weight = 0.0;
+      }
+  "DBL" {
+      weight = 0.0;
+      description = "DBL unknown result";
+      groups = ["spamhaus"];
+  }
+  "DBL_SPAM" {
+      weight = 7;
+      description = "DBL uribl spam";
+      groups = ["spamhaus"];
+  }
+  "DBL_PHISH" {
+      weight = 7;
+      description = "DBL uribl phishing";
+      groups = ["spamhaus"];
+  }
+  "DBL_MALWARE" {
+      weight = 7;
+      description = "DBL uribl malware";
+      groups = ["spamhaus"];
+  }
+  "DBL_BOTNET" {
+      weight = 7;
+      description = "DBL uribl botnet C&C domain";
+      groups = ["spamhaus"];
+  }
+
+
+  "DBLABUSED_SPAM_FULLURLS" {
+      weight = 5.5;
+      description = "DBL uribl abused legit spam";
+      groups = ["spamhaus"];
+  }
+  "DBLABUSED_PHISH_FULLURLS" {
+      weight = 5.5;
+      description = "DBL uribl abused legit phish";
+      groups = ["spamhaus"];
+  }
+  "DBLABUSED_MALWARE_FULLURLS" {
+      weight = 5.5;
+      description = "DBL uribl abused legit malware";
+      groups = ["spamhaus"];
+  }
+  "DBLABUSED_BOTNET_FULLURLS" {
+      weight = 5.5;
+      description = "DBL uribl abused legit botnet";
+      groups = ["spamhaus"];
+  }
+  
+  "DBL_ABUSE" {
+      weight = 5.5;
+      description = "DBL uribl abused legit spam";
+      groups = ["spamhaus"];
+  }
+  "DBL_ABUSE_REDIR" {
+      weight = 1.5;
+      description = "DBL uribl abused spammed redirector domain";
+      groups = ["spamhaus"];
+  }
+  "DBL_ABUSE_PHISH" {
+      weight = 5.5;
+      description = "DBL uribl abused legit phish";
+      groups = ["spamhaus"];
+  }
+  "DBL_ABUSE_MALWARE" {
+      weight = 5.5;
+      description = "DBL uribl abused legit malware";
+      groups = ["spamhaus"];
+  }
+  "DBL_ABUSE_BOTNET" {
+      weight = 5.5;
+      description = "DBL uribl abused legit botnet C&C";
+      groups = ["spamhaus"];
+  }
+  "DBL_PROHIBIT" {
+      weight = 0.0;
+      description = "DBL uribl IP queries prohibited!";
+      groups = ["spamhaus"];
+  }
+  "DBL_BLOCKED_OPENRESOLVER" {
+    weight = 0.0;
+    description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/";
+    groups = ["spamhaus"];
+  }
+  "DBL_BLOCKED" {
+    weight = 0.0;
+    description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/";
+    groups = ["spamhaus"];
+  }
+  "SPAMHAUS_ZEN_URIBL" {
+      weight = 0.0;
+      description = "Spamhaus ZEN URIBL: Filtered result";
+      groups = ["spamhaus"];
+  }
+  "URIBL_SBL" {
+      weight = 6.5;
+      description = "A domain in the message body resolves to an IP listed in Spamhaus SBL";
+      one_shot = true;
+      groups = ["spamhaus"];
+  }
+  "URIBL_SBL_CSS" {
+      weight = 6.5;
+      description = "A domain in the message body resolves to an IP listed in Spamhaus SBL CSS";
+      one_shot = true;
+      groups = ["spamhaus"];
+  }
+  "URIBL_PBL" {
+      weight = 0.01;
+      description = "A domain in the message body resolves to an IP listed in Spamhaus PBL";
+      one_shot = true;
+      groups = ["spamhaus"];
+  }
+  "URIBL_DROP" {
+      weight = 6.5;
+      description = "A domain in the message body resolves to an IP listed in Spamhaus DROP";
+      one_shot = true;
+      groups = ["spamhaus"];
+  }
+  "URIBL_XBL" {
+      weight = 5.0;
+      description = "A domain in the message body resolves to an IP listed in Spamhaus XBL";
+      one_shot = true;
+      groups = ["spamhaus"];
+  }
+  "SPAMHAUS_SBL_URL" {
+      weight = 6.5;
+      description = "A numeric URL in the message body is listed in Spamhaus SBL";
+      one_shot = true;
+      groups = ["spamhaus"];
+  }
+
+  "SH_HBL_EMAIL" {
+      weight = 7;
+      description = "Email listed in HBL";
+      groups = ["spamhaus"];
+  }
+
+  "SH_HBL_FILE_MALICIOUS" {
+      weight = 7;
+      description = "An attachment hash is listed in Spamhaus HBL as malicious";
+      groups = ["spamhaus"];
+  }
+
+  "SH_HBL_FILE_SUSPICIOUS" {
+      weight = 5;
+      description = "An attachment hash is listed in Spamhaus HBL as suspicious";
+      groups = ["spamhaus"];
+  }
+
+  "RBL_SPAMHAUS_CW_BTC" {
+      score = 7;
+      description = "Bitcoin found in Spamhaus cryptowallet list";
+      groups = ["spamhaus"];
+  }
+
+  "RBL_SPAMHAUS_CW_ETH" {
+      score = 7;
+      description = "Ethereum found in Spamhaus cryptowallet list";
+      groups = ["spamhaus"];
+  }
+
+  "RBL_SPAMHAUS_CW_BCH" {
+      score = 7;
+      description = "Bitcoinhash found in Spamhaus cryptowallet list";
+      groups = ["spamhaus"];
+  }
+
+  "RBL_SPAMHAUS_CW_XMR" {
+      score = 7;
+      description = "Monero found in Spamhaus cryptowallet list";
+      groups = ["spamhaus"];
+  }
+
+  "RBL_SPAMHAUS_CW_LTC" {
+      score = 7;
+      description = "Litecoin found in Spamhaus cryptowallet list";
+      groups = ["spamhaus"];
+  }
+
+  "RBL_SPAMHAUS_CW_XRP" {
+      score = 7;
+      description = "Ripple found in Spamhaus cryptowallet list";
+      groups = ["spamhaus"];
+  }
+
+  "RBL_SPAMHAUS_HBL_URL" {
+      score = 7;
+      description = "URL found in spamhaus HBL blocklist";
+      groups = ["spamhaus"];
+  }
+
 }

From 5d7c9b20bc2fe101ab7da37f768d0812aec37e02 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 1 Aug 2024 12:37:31 +0200
Subject: [PATCH 273/755] rspamd: upgrade to 3.9.1 + upgrade to bookworm

---
 data/Dockerfiles/rspamd/Dockerfile | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/data/Dockerfiles/rspamd/Dockerfile b/data/Dockerfiles/rspamd/Dockerfile
index 769562443..df15a0bed 100644
--- a/data/Dockerfiles/rspamd/Dockerfile
+++ b/data/Dockerfiles/rspamd/Dockerfile
@@ -1,11 +1,10 @@
-FROM debian:bullseye-slim
-
+FROM debian:bookworm-slim
 LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG RSPAMD_VER=rspamd_3.7.5-2~8c86c1676   
-ARG CODENAME=bullseye
-ENV LC_ALL C
+ARG RSPAMD_VER=rspamd_3.9.1-1~82f43560f
+ARG CODENAME=bookworm
+ENV LC_ALL=C
 
 RUN apt-get update && apt-get install -y \
   tzdata \
@@ -13,11 +12,12 @@ RUN apt-get update && apt-get install -y \
   gnupg2 \
   apt-transport-https \
   dnsutils \
-  netcat \
+  netcat-traditional \
   wget \
   redis-tools \ 
   procps \ 
   nano \
+  lua-cjson \
   && arch=$(arch | sed s/aarch64/arm64/ | sed s/x86_64/amd64/) \
   && wget -P /tmp https://rspamd.com/apt-stable/pool/main/r/rspamd/${RSPAMD_VER}~${CODENAME}_${arch}.deb\
   && apt install -y /tmp/${RSPAMD_VER}~${CODENAME}_${arch}.deb \

From b6c036496d03634c48cd953d09aeba67bf19a29d Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 1 Aug 2024 12:37:49 +0200
Subject: [PATCH 274/755] rspamd: fixed dqs rbl insertion handling

---
 data/Dockerfiles/rspamd/docker-entrypoint.sh | 46 ++++++++++----------
 data/conf/rspamd/local.d/rbl.conf            |  2 +-
 2 files changed, 23 insertions(+), 25 deletions(-)

diff --git a/data/Dockerfiles/rspamd/docker-entrypoint.sh b/data/Dockerfiles/rspamd/docker-entrypoint.sh
index a6141c57f..cf09ee48f 100755
--- a/data/Dockerfiles/rspamd/docker-entrypoint.sh
+++ b/data/Dockerfiles/rspamd/docker-entrypoint.sh
@@ -128,7 +128,6 @@ done
 if [[ ! -z ${SPAMHAUS_DQS_KEY} ]]; then
     cat <<EOF > /etc/rspamd/custom/dqs-rbl.conf
   # Autogenerated by mailcow. DO NOT TOUCH!
-  rbls {
     spamhaus {
         rbl = "${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net";
         from = false;
@@ -221,7 +220,7 @@ if [[ ! -z ${SPAMHAUS_DQS_KEY} ]]; then
       replyto = true;
       emails_domainonly = true;
       disable_monitoring = true;
-      rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net"
+      rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net";
       returncodes = {
         SH_EMAIL_DBL = [
           "127.0.1.2",
@@ -243,7 +242,7 @@ if [[ ! -z ${SPAMHAUS_DQS_KEY} ]]; then
       replyto = true;
       emails_domainonly = true;
       disable_monitoring = true;
-      rbl = "${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net"
+      rbl = "${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net";
       returncodes = {
         SH_EMAIL_ZRD_VERY_FRESH_DOMAIN = ["127.0.2.2", "127.0.2.3", "127.0.2.4"];
         SH_EMAIL_ZRD_FRESH_DOMAIN = [
@@ -251,26 +250,26 @@ if [[ ! -z ${SPAMHAUS_DQS_KEY} ]]; then
         ];
         SH_EMAIL_ZRD_DONT_QUERY_IPS = [ "127.0.2.255" ];
       }
-  }
-  "DBL" {
-      # override the defaults for DBL defined in modules.d/rbl.conf
-      rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net";
-      disable_monitoring = true;
-  }
-  "ZRD" {
-      ignore_defaults = true;
-      rbl = "${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net";
-      no_ip = true;
-      dkim = true;
-      emails = true;
-      emails_domainonly = true;
-      urls = true;
-      returncodes = {
-          ZRD_VERY_FRESH_DOMAIN = ["127.0.2.2", "127.0.2.3", "127.0.2.4"];
-          ZRD_FRESH_DOMAIN = ["127.0.2.5", "127.0.2.6", "127.0.2.7", "127.0.2.8", "127.0.2.9", "127.0.2.10", "127.0.2.11", "127.0.2.12", "127.0.2.13", "127.0.2.14", "127.0.2.15", "127.0.2.16", "127.0.2.17", "127.0.2.18", "127.0.2.19", "127.0.2.20", "127.0.2.21", "127.0.2.22", "127.0.2.23", "127.0.2.24"];
-      }
-  }
-  spamhaus_sbl_url {
+    }
+    "DBL" {
+        # override the defaults for DBL defined in modules.d/rbl.conf
+        rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net";
+        disable_monitoring = true;
+    }
+    "ZRD" {
+        ignore_defaults = true;
+        rbl = "${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net";
+        no_ip = true;
+        dkim = true;
+        emails = true;
+        emails_domainonly = true;
+        urls = true;
+        returncodes = {
+            ZRD_VERY_FRESH_DOMAIN = ["127.0.2.2", "127.0.2.3", "127.0.2.4"];
+            ZRD_FRESH_DOMAIN = ["127.0.2.5", "127.0.2.6", "127.0.2.7", "127.0.2.8", "127.0.2.9", "127.0.2.10", "127.0.2.11", "127.0.2.12", "127.0.2.13", "127.0.2.14", "127.0.2.15", "127.0.2.16", "127.0.2.17", "127.0.2.18", "127.0.2.19", "127.0.2.20", "127.0.2.21", "127.0.2.22", "127.0.2.23", "127.0.2.24"];
+        }
+    }
+    spamhaus_sbl_url {
         ignore_defaults = true
         rbl = "${SPAMHAUS_DQS_KEY}.sbl.dq.spamhaus.net";
         checks = ['urls'];
@@ -306,7 +305,6 @@ if [[ ! -z ${SPAMHAUS_DQS_KEY} ]]; then
         SH_HBL_FILE_SUSPICIOUS = "127.0.3.15";
       }
     }
-  }
 EOF
 else
   rm -rf /etc/rspamd/custom/dqs-rbl.conf
diff --git a/data/conf/rspamd/local.d/rbl.conf b/data/conf/rspamd/local.d/rbl.conf
index 509435d5d..7f2976a08 100644
--- a/data/conf/rspamd/local.d/rbl.conf
+++ b/data/conf/rspamd/local.d/rbl.conf
@@ -21,6 +21,6 @@ rbls {
     }
   }
 
-.include(try=true,priority=5) "$LOCAL_CONFDIR/custom/dqs-rbl.conf"  
+.include(try=true,override=true,priority=5) "$LOCAL_CONFDIR/custom/dqs-rbl.conf"  
 
 }
\ No newline at end of file

From 6e00d653ce64d17092fa86c178509900aa84821b Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 1 Aug 2024 12:38:00 +0200
Subject: [PATCH 275/755] compose: bumped rspamd tag

---
 docker-compose.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index b58754819..baec698ec 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -80,7 +80,7 @@ services:
             - clamd
 
     rspamd-mailcow:
-      image: mailcow/rspamd:1.96
+      image: mailcow/rspamd:1.97
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow
@@ -90,6 +90,7 @@ services:
         - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
         - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
         - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
+        - SPAMHAUS_DQS_KEY=${SPAMHAUS_DQS_KEY:-}
       volumes:
         - ./data/hooks/rspamd:/hooks:Z
         - ./data/conf/rspamd/custom/:/etc/rspamd/custom:z

From 52431a39425c90db35bb2a76a0078ac050fd42cb Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 7 Aug 2024 14:50:12 +0200
Subject: [PATCH 276/755] compose: bump watchdog image

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 9257fe355..e1b9f0fc6 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -462,7 +462,7 @@ services:
         - /lib/modules:/lib/modules:ro
 
     watchdog-mailcow:
-      image: mailcow/watchdog:2.03
+      image: mailcow/watchdog:2.04
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       tmpfs:

From 7f790c5360bd40b534afd96b67ef2d127e63344a Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Wed, 7 Aug 2024 18:39:38 +0200
Subject: [PATCH 277/755] [Web] Updated lang.si-si.json (#5995)

Co-authored-by: gomiunik <boris@gomiunik.net>
---
 data/web/lang/lang.si-si.json | 114 ++++++++++++++++++++++++++++++++--
 1 file changed, 109 insertions(+), 5 deletions(-)

diff --git a/data/web/lang/lang.si-si.json b/data/web/lang/lang.si-si.json
index 3a424631d..e9468e0cb 100644
--- a/data/web/lang/lang.si-si.json
+++ b/data/web/lang/lang.si-si.json
@@ -107,7 +107,8 @@
         "post_domain_add": "SOGo container \"sogo-mailcow\" mora biti ponovno zagnan po dodajanju nove domene!<br><br>Dodatno se mora preveriti DNS konfiguracija domene. Ko je DNS konfiguracija domene odobrena, ponovno zaženite \"acme-mailcow\" za samodejno generiranje certifikatov za novo domeno (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;).<br>Ta korak je opcijski in se ponovno poskuša vsakih 24 ur.",
         "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Info</div> Definirate lahko preslikave transportov za cilj po meri za to domeno. Če ni nastavljena, se ustvari MX poizvedba.",
         "syncjob_hint": "Pozor! Gesla se morajo shraniti v plain-text!",
-        "timeout2": "Časovna omejitev za povezavo do lokalnega gostitelja"
+        "timeout2": "Časovna omejitev za povezavo do lokalnega gostitelja",
+        "dry": "Simuliraj sinhronizacijo"
     },
     "admin": {
         "access": "Dostop",
@@ -347,7 +348,10 @@
         "logo_dark_label": "Za temni način",
         "cors_settings": "Nastavitve CORS",
         "allowed_methods": "Dovoljene metode za upravljanje dostopa",
-        "allowed_origins": "Upravljanje-dostopa-Dovoljeni-Viri"
+        "allowed_origins": "Upravljanje-dostopa-Dovoljeni-Viri",
+        "copy_to_clipboard": "Besedilo kopirano v odložišče!",
+        "f2b_manage_external": "Zunanje upravljanje Fail2Ban",
+        "f2b_manage_external_info": "Fail2ban bo še vedno vzdrževal seznam prepovedi, vendar ne bo aktivno nastavil pravil za blokiranje prometa. Uporabite spodnji ustvarjeni seznam prepovedi za zunanje blokiranje prometa."
     },
     "danger": {
         "alias_goto_identical": "Alias in goto naslov morata biti identična",
@@ -476,7 +480,9 @@
         "temp_error": "Začasna napaka",
         "cors_invalid_method": "Navedena neveljavna Allow metoda",
         "cors_invalid_origin": "Naveden neveljaven Allow-Origin",
-        "invalid_recipient_map_new": "Naveden neveljaven nov prejemnik: %s"
+        "invalid_recipient_map_new": "Naveden neveljaven nov prejemnik: %s",
+        "img_dimensions_exceeded": "Slika presega največje dovoljene dimenzije",
+        "img_size_exceeded": "Slika presega največjo dovoljeno velikost datoteke"
     },
     "debug": {
         "containers_info": "Informacije o vsebniku (containerju)",
@@ -511,7 +517,13 @@
         "no_update_available": "Sistem je na najnovejši verziji",
         "update_failed": "Ni mogoče preveriti za posodobitve",
         "username": "Uporabniško ime",
-        "wip": "Trenutno v delu"
+        "wip": "Trenutno v delu",
+        "log_info": "<p>mailcow <b>in-memory dnevniki</b> se zbirajo v Redis seznamih in se vsako minuto omejijo na LOG_LINES (%d) da se zmanjša obremenitev.\n  <br>In-memory dnevniki niso namenjeni trajnemu shranjevanju. Vse aplikacije, ki beležijo dnevnike in-memory, tudi beležijo v Docker daemon in posledično v privzeti gonilnik za dnevnik.\n  <br>In-memory dnevniki se naj uporabljajo za odpravljanje manjših napak s containerji.</p>\n  <p><b>Eksterni dnevniki</b> se zbirajo preko API-ja posamezne aplikacije.</p>\n  <p><b>Statični dnevniki</b> so večinoma dnevniki aktivnosti, ki se ne beležijo v Dockerd, a jih je vseeno treba hraniti (razen API dnevnikov).</p>",
+        "login_time": "Čas",
+        "logs": "Dnevniki",
+        "memory": "Spomin",
+        "online_users": "Prijavljeni uporabniki",
+        "restart_container": "Ponovno zaženi"
     },
     "datatables": {
         "infoFiltered": "(filtrirano od _MAX_ skupaj zapisov)",
@@ -551,6 +563,98 @@
     },
     "edit": {
         "acl": "ACL (Dovoljenje)",
-        "active": "Aktivno"
+        "active": "Aktivno",
+        "allow_from_smtp": "Dovoli samo tem IP naslovom da uporabijo <b>SMTP</b>",
+        "bcc_dest_format": "Cilj BCC mora biti en veljaven email naslov.<br>Če morate poslati kopijo na več naslovov, ustvarite alias in ga uporabite tukaj.",
+        "automap": "Poskušaj samodejno preslikati mape (\"Sent items\", \"Sent\" => \"Poslano\" ipd.)",
+        "admin": "Uredi skrbnika",
+        "domain_footer_info_vars": {
+            "custom": "{= foo =}         - Če ima poštni predal atribut po meri \"foo\" z vrednostjo \"bar\", spremenljivka vrne \"bar\"",
+            "auth_user": "{= auth_user =}   - Prijavljeno uporabniško ime, ki ga določi MTA",
+            "from_user": "{= from_user =}   - leva stran email naslova uporabnika, npr. za \"moo@mailcow.tld\" vrne \"moo\"",
+            "from_name": "{= from_name =}   - Prikazno ime, npr. za \"Mailcow &lt;moo@mailcow.tld&gt;\" vrne \"Mailcow\"",
+            "from_addr": "{= from_addr =}   - e-poštni naslov \"Od\"",
+            "from_domain": "{= from_domain =} - domena e-poštnega naslova \"Od\""
+        },
+        "dont_check_sender_acl": "Onemogoči kontrolo pošiljatelja za domeno %s (+ alias domene)",
+        "pushover_title": "Naslov obvestila",
+        "domains": "Domene",
+        "extended_sender_acl_info": "Če je DKIM domenski ključ na voljo, ga uvozite.<br>\n  Ne pozabite dodati ta strežnik k ustreznemu SPF TXT zapisu.<br>\n  Kadar koli je domena ali alias domena dodana k tem strežniku, ki se prekriva z zunanjim naslovom, je zunanji naslov odstranjen.<br>\n  uporabite @domain.tld da dovolite pošiljanje kot *@domain.tld.",
+        "lookup_mx": "Cilj je regular expression za ujemanje MX zapisov (<code>.*\\.google\\.com</code> za usmeritev vse pošte na MX, ki se konča z google.com, preko tega skoka)",
+        "maxbytespersecond": "Največ bytov na sekundo <br><small>(0 = neomejeno)</small>",
+        "pushover_sender_array": "Upoštevaj samo sledeče e-poštne naslove pošiljateljev <small>(ločeni z vejico)</small>",
+        "mbox_rl_info": "Ta omejitev velja za SASL uporabniško ime, preverja se ujemanje s katerim koli \"from\" naslovom, ki ga uporablja prijavljeni uporabnik. Omejitev pošiljanja za poštni predal preglasi pravilo omejitve za domeno.",
+        "kind": "Tip",
+        "client_secret": "Client secret",
+        "comment_info": "Zasebni komentar ni viden uporabniku, javni komentar pa je viden kot tooltip v uporabnikovem pregledu.",
+        "created_on": "Ustvarjeno",
+        "custom_attributes": "Atributi po meri",
+        "delete1": "Izbriši na viru, ko je končano",
+        "delete2": "Izbriši sporočila na cilju, ki ne obstajajo na viru",
+        "delete2duplicates": "Izbriši dvojnike na cilju",
+        "delete_ays": "Prosim potrdite proces izbrisa.",
+        "description": "Opis",
+        "disable_login": "Onemogoči prijavo (dohodna pošta je še vedno sprejeta)",
+        "domain": "Uredi domeno",
+        "domain_admin": "Uredi domenskega skrbnika",
+        "domain_footer": "Noga za celo domeno",
+        "domain_footer_html": "HTML noga",
+        "pushover_vars": "Če ni definiran noben filter pošiljatelja, bodo upoštevana vsa sporočila.<br>Regex filtre in natančna preverjanja pošiljateljev je mogoče definirati posamezno in bodo obravnavani v nadaljevanju. Niso odvisni drug od drugega.<br>Uporabne spremenljivke za besedilo in naslov (prosimo, upoštevajte politike varstva podatkov)",
+        "pushover_verify": "Preveri poverilnice",
+        "quota_mb": "Omejitev (MiB)",
+        "quota_warning_bcc": "BCC za sporočilo z opozorilom omejitve",
+        "quota_warning_bcc_info": "Opozorila bodo poslana kot ločene kopije sledečim prejemnikom. K naslovu sporočila bo dodano uporabniško ime v oklepajih, npr. <code>Opozorilo omejitve (user@example.com)</code>",
+        "ratelimit": "Omejitev pošiljanja",
+        "advanced_settings": "Napredne nastavitve",
+        "allow_from_smtp_info": "Pustite prazno da dovolite vse pošiljatelje.<br>IPv4/IPv6 naslovi in omrežja.",
+        "allowed_protocols": "Dovoljeni protokoli",
+        "app_name": "Ime aplikacije",
+        "app_passwd": "Geslo aplikacije",
+        "app_passwd_protocols": "Dovoljeni protokoli za geslo aplikacije",
+        "backup_mx_options": "Možnosti posredovanja (relay)",
+        "client_id": "Client ID",
+        "domain_footer_info": "Noge za celo domeno so dodane k vsem izhodnim e-poštnim sporočilom v tej domeni.<br> V nogi se lahko uporabijo sledeče spremenljivke:",
+        "domain_footer_plain": "PLAIN noga",
+        "domain_footer_skip_replies": "Ne dodajaj noge v odgovorih na e-poštna sporočila",
+        "domain_quota": "Omejitev (kvota) domene",
+        "edit_alias_domain": "Uredi alias domeno",
+        "exclude": "Izključi objekte (regex)",
+        "extended_sender_acl": "Naslovi zunanjih pošiljateljev",
+        "force_pw_update": "Obvezna zamenjava gesla ob naslednji prijavi",
+        "force_pw_update_info": "Ta uporabnik se bo lahko prijavil samo v %s. Gesla aplikacij ostajajo v rabi.",
+        "footer_exclude": "Izključi iz noge",
+        "full_name": "Polno ime",
+        "gal": "Globalni seznam naslovov (GAL)",
+        "gal_info": "GAL vsebuje vse objekte v domeni in jih uporabniki ne morejo urejati. Če je onemogočeno, ni podatkov o o zasedenosti objekta! <b>Ponovno zaženite SOGo za uveljavitev sprememb.</b>",
+        "generate": "generiraj",
+        "grant_types": "Vrste dovoljenj",
+        "hostname": "Ime gostitelja",
+        "inactive": "Neaktivno",
+        "last_modified": "Nazadnje spremenjeno",
+        "mailbox": "Uredi poštni predal",
+        "mailbox_quota_def": "Privzeta omejitev/kvota za poštni predal",
+        "mailbox_relayhost_info": "Velja samo za poštni predal in neposredne aliase. Ne prepiše domenskega relay gostitelja.",
+        "max_aliases": "Največ aliasov",
+        "max_mailboxes": "Največ možnih poštnih predalov",
+        "max_quota": "Največja omejitev/kvota na poštni predal (MiB)",
+        "maxage": "Največja starost sporočil (v dnevih), po katerih bo poizvedeno iz oddaljenega vira <br><small>(0 = ne omejuj)</small>",
+        "mins_interval": "Interval (min)",
+        "multiple_bookings": "Več rezervacij",
+        "none_inherit": "Brez / podeduj",
+        "nexthop": "Naslednji skok",
+        "password": "Geslo",
+        "password_repeat": "Potrditev gesla (ponovite)",
+        "previous": "Prejšnja stran",
+        "private_comment": "Zasebni komentar",
+        "public_comment": "Javni komentar",
+        "pushover": "Pushover",
+        "pushover_evaluate_x_prio": "Eskaliraj visoko prednostno pošto [<code>X-Priority: 1</code>]",
+        "pushover_info": "Nastavitve potisnih obvestil bodo veljala za vsa čisto (ne spam) elektronsko pošto dostavljeno v <b>%s</b> vključno z aliasi (deljeni, nedeljeni, označeni)",
+        "pushover_only_x_prio": "Upoštevaj samo pošto z visoko prioriteto [<code>X-Priority: 1</code>]",
+        "pushover_sender_regex": "Upoštevaj sledeči regex za pošiljatelja",
+        "pushover_text": "Besedilo obvestila",
+        "pushover_sound": "Zvok",
+        "encryption": "Šifriranje",
+        "alias": "Uredi alias"
     }
 }

From 824a473fea3227a82e4bfc1f135b7d1459691fcb Mon Sep 17 00:00:00 2001
From: Kitof <github@kitof.net>
Date: Thu, 8 Aug 2024 08:42:50 +0200
Subject: [PATCH 278/755] ofelia: limit scope to mailcow project (#5776)

* Filter to limit ofelia scope

See https://github.com/mailcow/mailcow-dockerized/issues/5775

* compose: added ${COMPOSE_PROJECT_NAME} ENV to ofelia container
---
 docker-compose.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index e1b9f0fc6..a0fb03dcd 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -594,9 +594,10 @@ services:
     ofelia-mailcow:
       image: mcuadros/ofelia:latest
       restart: always
-      command: daemon --docker
+      command: daemon --docker -f label=com.docker.compose.project=${COMPOSE_PROJECT_NAME}
       environment:
         - TZ=${TZ}
+        - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME}
       depends_on:
         - sogo-mailcow
         - dovecot-mailcow

From 294a406b91b44d9519cdb2ef0282cbedebdf3788 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 8 Aug 2024 09:25:52 +0200
Subject: [PATCH 279/755] fix: disabled api call to solr in ui when mailbox
 deleted but using flatcurve

---
 data/web/inc/functions.mailbox.inc.php | 2 +-
 docker-compose.yml                     | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 00c11deec..ff8d56e2f 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -5212,7 +5212,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                 'msg' => 'Could not move maildir to garbage collector: variables local_part and/or domain empty'
               );
             }
-            if (strtolower(getenv('SKIP_SOLR')) == 'n') {
+            if (strtolower(getenv('SKIP_SOLR')) == 'n' && strtolower(getenv('FLATCURVE_EXPERIMENTAL')) != 'y') {
               $curl = curl_init();
               curl_setopt($curl, CURLOPT_URL, 'http://solr:8983/solr/dovecot-fts/update?commit=true');
               curl_setopt($curl, CURLOPT_HTTPHEADER,array('Content-Type: text/xml'));
diff --git a/docker-compose.yml b/docker-compose.yml
index a0fb03dcd..0f96aeace 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -168,6 +168,7 @@ services:
         - DEMO_MODE=${DEMO_MODE:-n}
         - WEBAUTHN_ONLY_TRUSTED_VENDORS=${WEBAUTHN_ONLY_TRUSTED_VENDORS:-n}
         - CLUSTERMODE=${CLUSTERMODE:-}
+        - FLATCURVE_EXPERIMENTAL=${FLATCURVE_EXPERIMENTAL:-}
       restart: always
       networks:
         mailcow-network:

From b39b7c24a5db7a5809b0a951b1f06f6460313706 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 8 Aug 2024 17:04:56 +0200
Subject: [PATCH 280/755] [Web] fix incorrect user role assignment after TFA
 verification

---
 data/web/inc/triggers.inc.php | 48 +++++++++++++++++++++++++----------
 1 file changed, 35 insertions(+), 13 deletions(-)

diff --git a/data/web/inc/triggers.inc.php b/data/web/inc/triggers.inc.php
index 0e29011de..30198778a 100644
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -40,21 +40,43 @@ if (!empty($_GET['sso_token'])) {
 
 if (isset($_POST["verify_tfa_login"])) {
   if (verify_tfa_login($_SESSION['pending_mailcow_cc_username'], $_POST)) {
-    set_user_loggedin_session($_SESSION['pending_mailcow_cc_username']);
-    $user_details = mailbox("get", "mailbox_details", $_SESSION['mailcow_cc_username']);
-    $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
-    if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual) {
-      header("Location: /SOGo/so/{$_SESSION['mailcow_cc_username']}");
-      die();
-    } else {
-      header("Location: /user");
+    if ($_SESSION['pending_mailcow_cc_role'] == "admin") {
+      $_SESSION['mailcow_cc_username'] = $_SESSION['pending_mailcow_cc_username'];
+      $_SESSION['mailcow_cc_role'] = "admin";
+      unset($_SESSION['pending_mailcow_cc_username']);
+      unset($_SESSION['pending_mailcow_cc_role']);
+      unset($_SESSION['pending_tfa_methods']);
+      
+		  header("Location: /debug");
       die();
     }
-  } else {
-    unset($_SESSION['pending_mailcow_cc_username']);
-    unset($_SESSION['pending_mailcow_cc_role']);
-    unset($_SESSION['pending_tfa_methods']);
+    elseif ($_SESSION['pending_mailcow_cc_role'] == "domainadmin") {
+      $_SESSION['mailcow_cc_username'] = $_SESSION['pending_mailcow_cc_username'];
+      $_SESSION['mailcow_cc_role'] = "domainadmin";
+      unset($_SESSION['pending_mailcow_cc_username']);
+      unset($_SESSION['pending_mailcow_cc_role']);
+      unset($_SESSION['pending_tfa_methods']);
+      
+		  header("Location: /mailbox");
+      die();
+    }
+    elseif ($_SESSION['pending_mailcow_cc_role'] == "user") {
+      set_user_loggedin_session($_SESSION['pending_mailcow_cc_username']);
+      $user_details = mailbox("get", "mailbox_details", $_SESSION['mailcow_cc_username']);
+      $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
+      if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual) {
+        header("Location: /SOGo/so/{$_SESSION['mailcow_cc_username']}");
+        die();
+      } else {
+        header("Location: /user");
+        die();
+      }
+    }
   }
+
+  unset($_SESSION['pending_mailcow_cc_username']);
+  unset($_SESSION['pending_mailcow_cc_role']);
+  unset($_SESSION['pending_tfa_methods']);
 }
 
 if (isset($_GET["cancel_tfa_login"])) {
@@ -80,7 +102,7 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
   if ($as == "admin") {
 		$_SESSION['mailcow_cc_username'] = $login_user;
 		$_SESSION['mailcow_cc_role'] = "admin";
-		header("Location: /admin");
+		header("Location: /debug");
 	}
 	elseif ($as == "domainadmin") {
 		$_SESSION['mailcow_cc_username'] = $login_user;

From 9fee5680827d9a95e5b33a5cb64d3524ff785ee3 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sat, 10 Aug 2024 20:44:40 +0200
Subject: [PATCH 281/755] Translations update from Weblate (#5999)

* [Web] Updated lang.ru-ru.json

Co-authored-by: Oleksii Kruhlenko <a.kruglenko@gmail.com>

* [Web] Updated lang.uk-ua.json

Co-authored-by: Oleksii Kruhlenko <a.kruglenko@gmail.com>

---------

Co-authored-by: Oleksii Kruhlenko <a.kruglenko@gmail.com>
---
 data/web/lang/lang.ru-ru.json | 14 +++++++-------
 data/web/lang/lang.uk-ua.json | 11 ++++++-----
 2 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index db52dceda..21775cb16 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -2,7 +2,7 @@
     "acl": {
         "alias_domains": "Создание псевдонимов домена",
         "app_passwds": "Пароли приложений",
-        "bcc_maps": "Правила BBC",
+        "bcc_maps": "Правила BCC",
         "delimiter_action": "Обработка тегированной почты",
         "domain_desc": "Изменение описания домена",
         "domain_relayhost": "Изменение промежуточных узлов для домена",
@@ -389,7 +389,7 @@
         "imagick_exception": "Ошибка в Imagick при чтении изображения",
         "img_invalid": "Невозможно проверить файл изображения",
         "img_tmp_missing": "Невозможно проверить файл изображения: временный файл не найден",
-        "invalid_bcc_map_type": "Неверный тип правила BBC",
+        "invalid_bcc_map_type": "Неверный тип правила BCC",
         "invalid_destination": "Назначение \"%s\" указано неверно",
         "invalid_filter_type": "Неверный тип фильтра",
         "invalid_host": "Хост %s указан неверно",
@@ -523,7 +523,7 @@
         "app_passwd": "Пароль приложения",
         "automap": "Автоматическое слияние папок (\"Sent items\", \"Sent\" => \"Sent\" etc.)",
         "backup_mx_options": "Параметры резервного копирования MX",
-        "bcc_dest_format": "Назначением для правила BBC должен быть единственный действительный адрес электронной почты.",
+        "bcc_dest_format": "Назначением для правила BCC должен быть единственный действительный адрес электронной почты.",
         "client_id": "ID клиента",
         "client_secret": "Секретный ключ пользователя",
         "comment_info": "Приватный комментарий не виден пользователям, а публичный - отображается рядом с псевдонимом в личном кабинете пользователя",
@@ -700,7 +700,7 @@
         "add": "Добавить",
         "add_alias": "Добавить псевдоним",
         "add_alias_expand": "Скопировать псевдонимы на псевдонимы домена",
-        "add_bcc_entry": "Добавить правило BBC",
+        "add_bcc_entry": "Добавить правило BCC",
         "add_domain": "Добавить домен",
         "add_domain_alias": "Добавить псевдоним домена",
         "add_domain_record_first": "Пожалуйста, сначала добавьте домен",
@@ -719,14 +719,14 @@
         "allow_from_smtp_info": "Укажите IPv4/IPv6 адреса и/или подсети.<br>Оставьте поле пустым, чтобы разрешить отправку с любых адресов.",
         "allowed_protocols": "Разрешенные протоколы",
         "backup_mx": "Резервный MX",
-        "bcc": "Правила BBC",
+        "bcc": "Правила BCC",
         "bcc_destination": "Назначение BCC",
         "bcc_destinations": "Назначение BCC",
         "bcc_info": "Правила BCC используются для скрытой пересылки копий всех сообщений на другой адрес. Правило типа \"получатель\" используется, когда локальный получатель выступает в качестве получателя почты. Правило типа \"отправитель\" соответствуют тому же принципу. Локальный домен не будут проинформированы о неудачной доставке.",
         "bcc_local_dest": "Локальный домен",
-        "bcc_map": "Правила BBC",
+        "bcc_map": "Правила BCC",
         "bcc_map_type": "Тип BCC",
-        "bcc_maps": "Правила BBC",
+        "bcc_maps": "Правила BCC",
         "bcc_rcpt_map": "Получатель",
         "bcc_sender_map": "Отправитель",
         "bcc_to_rcpt": "Переключиться на тип \"получатель\"",
diff --git a/data/web/lang/lang.uk-ua.json b/data/web/lang/lang.uk-ua.json
index 731224642..5cc704456 100644
--- a/data/web/lang/lang.uk-ua.json
+++ b/data/web/lang/lang.uk-ua.json
@@ -391,7 +391,7 @@
         "last_key": "Останній ключ не можна видалити, натомість вимкніть TFA.",
         "login_failed": "Введено неправильний логін або пароль",
         "mailbox_invalid": "Неприпустима адреса поштового акаунту",
-        "mailbox_quota_left_exceeded": "Недостатньо вільного місця (місця залишилося: %d МіБ)",
+        "mailbox_quota_left_exceeded": "Недостатньо вільного місця (залишилося: %d МіБ)",
         "malformed_username": "Некоректне ім'я користувача",
         "map_content_empty": "Зміст правила не може бути порожнім",
         "max_alias_exceeded": "Перевищено максимальну кількість псевдонімів",
@@ -478,7 +478,8 @@
         "extended_sender_acl_denied": "відсутній ACL для встановлення зовнішніх адрес відправників",
         "template_exists": "Шаблон %s вже існує",
         "template_id_invalid": "Ідентифікатор шаблону %s недійсний",
-        "template_name_invalid": "Ім'я шаблону невірне"
+        "template_name_invalid": "Ім'я шаблону невірне",
+        "img_size_exceeded": "Зображення перевищує максимальний розмір файлу"
     },
     "debug": {
         "chart_this_server": "Діаграма (цей сервер)",
@@ -626,7 +627,7 @@
         "admin": "Редагувати адміністратора",
         "allow_from_smtp": "Дозволити <b>SMTP</b> тільки для цих IP",
         "allow_from_smtp_info": "Вкажіть IPv4/IPv6 адреси та/або підмережі.<br>Залиште поле порожнім, щоб дозволити відправлення з будь-яких адрес.",
-        "bcc_dest_format": "Призначенням правила BBC має бути єдина дійсна адреса електронної пошти.<br>Якщо вам потрібно надіслати копію на кілька адрес, створіть псевдонім і використовуйте його тут.",
+        "bcc_dest_format": "Призначенням правила BCC має бути єдина дійсна адреса електронної пошти.<br>Якщо вам потрібно надіслати копію на кілька адрес, створіть псевдонім і використовуйте його тут.",
         "comment_info": "Приватний коментар не видно користувачам, а публічний - відображається поряд із псевдонімом в особистому кабінеті користувача",
         "domain_quota": "Квота домену",
         "dont_check_sender_acl": "Вимкнути перевірку відправника для домену %s та псевдонімів домену",
@@ -725,7 +726,7 @@
         "add": "Додати",
         "add_alias": "Додати псевдонім",
         "add_alias_expand": "Копіювати псевдоніми на псевдоніми домену",
-        "add_bcc_entry": "Додати правило BBC",
+        "add_bcc_entry": "Додати правило BCC",
         "add_domain": "Додати домен",
         "add_domain_alias": "Додати псевдонім домену",
         "add_filter": "Додати фільтр",
@@ -745,7 +746,7 @@
         "bcc_local_dest": "Локальний домен",
         "bcc_map": "Правила ВВС",
         "bcc_map_type": "Тип BCC",
-        "bcc_maps": "Правила BBC",
+        "bcc_maps": "Правила BCC",
         "bcc_rcpt_map": "Одержувач",
         "bcc_sender_map": "Відправник",
         "bcc_to_rcpt": "Перейти на тип \"одержувач\"",

From 8753ea2be61d886de220b7ceff77d98c179dc22c Mon Sep 17 00:00:00 2001
From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com>
Date: Mon, 12 Aug 2024 10:05:08 +0200
Subject: [PATCH 282/755] [Rspamd] Fix bayes config (#6000)

* [Rspamd] Fix bayes config

Add hint about classifier name, and add missing learn_condition

* Update statistic.conf
---
 data/conf/rspamd/local.d/statistic.conf | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/data/conf/rspamd/local.d/statistic.conf b/data/conf/rspamd/local.d/statistic.conf
index 1ca3e0822..baa3f1c20 100644
--- a/data/conf/rspamd/local.d/statistic.conf
+++ b/data/conf/rspamd/local.d/statistic.conf
@@ -1,12 +1,14 @@
 classifier "bayes" {
+    # name = "custom";  # 'name' parameter must be set if multiple classifiers are defined
+    learn_condition = 'return require("lua_bayes_learn").can_learn';
+    new_schema = true;
     tokenizer {
       name = "osb";
     }
     backend = "redis";
     min_tokens = 11;
     min_learns = 5;
-    new_schema = true;
-    expire = 2592000;
+    expire = 7776000;
     statfile {
       symbol = "BAYES_HAM";
       spam = false;

From c034f4bd27738c22d48075260c3e73e0f040dbe8 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 12 Aug 2024 10:10:33 +0200
Subject: [PATCH 283/755] [Web] fix wrong log type on PDOException

---
 data/web/inc/functions.mailbox.inc.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index af11a47d5..c6e789d81 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1328,9 +1328,9 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
        
           try {
             update_sogo_static_view($username);
-          }catch (PDOException $e) {
+          } catch (PDOException $e) {
             $_SESSION['return'][] = array(
-              'type' => 'success',
+              'type' => 'danger',
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
               'msg' => $e->getMessage()
             );
@@ -3257,9 +3257,9 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
             try {
               update_sogo_static_view($username);
-            }catch (PDOException $e) {
+            } catch (PDOException $e) {
               $_SESSION['return'][] = array(
-                'type' => 'success',
+                'type' => 'danger',
                 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
                 'msg' => $e->getMessage()
               );

From 092d3cd80b64e1f4a4ff46508b4deac8f0eea9c9 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 12 Aug 2024 10:14:53 +0200
Subject: [PATCH 284/755] [Web] extend ldap auth logging

---
 data/web/inc/functions.auth.inc.php | 30 ++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 78aca3c67..e9a1e4a6d 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -502,9 +502,31 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
 
     $user_res = $ldap_query->firstOrFail();
   } catch (Exception $e) {
+    $_SESSION['return'][] =  array(
+      'type' => 'danger',
+      'log' => array(__FUNCTION__, $user, '*'),
+      'msg' => $e->getMessage()
+    );
+    clear_session();
     return false;
   }
-  if (!$iam_provider->auth()->attempt($user_res['distinguishedname'][0], $pass)) {
+  try {
+    if (!$iam_provider->auth()->attempt($user_res['distinguishedname'][0], $pass)) {
+      $_SESSION['return'][] =  array(
+        'type' => 'danger',
+        'log' => array(__FUNCTION__, $user, '*', $user_res),
+        'msg' => 'failed_ldap_auth'
+      );
+      clear_session();
+      return false;
+    }
+  } catch (Exception $e) {
+    $_SESSION['return'][] =  array(
+      'type' => 'danger',
+      'log' => array(__FUNCTION__, $user, '*', $user_res),
+      'msg' => $e->getMessage()
+    );
+    clear_session();
     return false;
   }
 
@@ -512,6 +534,12 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
   // also return false if no mappers were defined
   $user_template = $user_res[$iam_settings['attribute_field']][0];
   if ($create && (empty($iam_settings['mappers']) || !$user_template)){
+    $_SESSION['return'][] =  array(
+      'type' => 'danger',
+      'log' => array(__FUNCTION__, $user, '*', $user_res),
+      'msg' => 'no_matching_template'
+    );
+    clear_session();
     return false;
   } else if (!$create) {
     // login success - dont create mailbox

From 519d95cb8b4b5437a63f3a69f27ffbba2c7fd5b2 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 13 Aug 2024 09:30:54 +0200
Subject: [PATCH 285/755] [Web] extend ldap auth logging

---
 data/web/inc/functions.auth.inc.php | 21 ++++++++-------------
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index e9a1e4a6d..9ab54e4bb 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -502,12 +502,13 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
 
     $user_res = $ldap_query->firstOrFail();
   } catch (Exception $e) {
+    // clear $_SESSION['return'] to not leak data
+    $_SESSION['return'] = array();
     $_SESSION['return'][] =  array(
       'type' => 'danger',
       'log' => array(__FUNCTION__, $user, '*'),
-      'msg' => $e->getMessage()
+      'msg' => 'ldap_error'
     );
-    clear_session();
     return false;
   }
   try {
@@ -515,18 +516,18 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
       $_SESSION['return'][] =  array(
         'type' => 'danger',
         'log' => array(__FUNCTION__, $user, '*', $user_res),
-        'msg' => 'failed_ldap_auth'
+        'msg' => 'ldap_auth_failed'
       );
-      clear_session();
       return false;
     }
   } catch (Exception $e) {
+    // clear $_SESSION['return'] to not leak data
+    $_SESSION['return'] = array();
     $_SESSION['return'][] =  array(
       'type' => 'danger',
-      'log' => array(__FUNCTION__, $user, '*', $user_res),
-      'msg' => $e->getMessage()
+      'log' => array(__FUNCTION__, $user, '*'),
+      'msg' => 'ldap_error'
     );
-    clear_session();
     return false;
   }
 
@@ -534,12 +535,6 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
   // also return false if no mappers were defined
   $user_template = $user_res[$iam_settings['attribute_field']][0];
   if ($create && (empty($iam_settings['mappers']) || !$user_template)){
-    $_SESSION['return'][] =  array(
-      'type' => 'danger',
-      'log' => array(__FUNCTION__, $user, '*', $user_res),
-      'msg' => 'no_matching_template'
-    );
-    clear_session();
     return false;
   } else if (!$create) {
     // login success - dont create mailbox

From b1c1e403d2ff9993c07c5c62ba82744a69238564 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Tue, 13 Aug 2024 09:43:59 +0200
Subject: [PATCH 286/755] sogo: update to 5.11.0 + Rebase on Bookworm (#6002)

* sogo: update to 5.11.0

* compose: bump sogo compose tag
---
 data/Dockerfiles/sogo/Dockerfile                 | 8 ++++----
 data/Dockerfiles/sogo/syslog-ng-redis_slave.conf | 2 +-
 data/Dockerfiles/sogo/syslog-ng.conf             | 2 +-
 docker-compose.yml                               | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/data/Dockerfiles/sogo/Dockerfile b/data/Dockerfiles/sogo/Dockerfile
index 6366c12ff..2485b6a8e 100644
--- a/data/Dockerfiles/sogo/Dockerfile
+++ b/data/Dockerfiles/sogo/Dockerfile
@@ -1,13 +1,13 @@
-FROM debian:bullseye-slim
+FROM debian:bookworm-slim
 
-LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
+LABEL maintainer="The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG DEBIAN_VERSION=bullseye
+ARG DEBIAN_VERSION=bookworm
 ARG SOGO_DEBIAN_REPOSITORY=http://www.axis.cz/linux/debian
 # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced extractVersion=^(?<version>.*)$
 ARG GOSU_VERSION=1.17
-ENV LC_ALL C
+ENV LC_ALL=C
 
 # Prerequisites
 RUN echo "Building from repository $SOGO_DEBIAN_REPOSITORY" \
diff --git a/data/Dockerfiles/sogo/syslog-ng-redis_slave.conf b/data/Dockerfiles/sogo/syslog-ng-redis_slave.conf
index 9b460bd31..7abfc4b59 100644
--- a/data/Dockerfiles/sogo/syslog-ng-redis_slave.conf
+++ b/data/Dockerfiles/sogo/syslog-ng-redis_slave.conf
@@ -1,4 +1,4 @@
-@version: 3.28
+@version: 3.38
 @include "scl.conf"
 options {
   chain_hostnames(off);
diff --git a/data/Dockerfiles/sogo/syslog-ng.conf b/data/Dockerfiles/sogo/syslog-ng.conf
index 889a3f328..f16a2920a 100644
--- a/data/Dockerfiles/sogo/syslog-ng.conf
+++ b/data/Dockerfiles/sogo/syslog-ng.conf
@@ -1,4 +1,4 @@
-@version: 3.28
+@version: 3.38
 @include "scl.conf"
 options {
   chain_hostnames(off);
diff --git a/docker-compose.yml b/docker-compose.yml
index 0f96aeace..1df07ea15 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -176,7 +176,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.123
+      image: mailcow/sogo:1.124
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}

From 58a5a4578ce452b5e946ad753d0e39dd0f4a8963 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 13 Aug 2024 12:14:05 +0200
Subject: [PATCH 287/755] [Web] use cn as fallback ldap login

---
 data/web/inc/functions.auth.inc.php | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 9ab54e4bb..f93eb54cf 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -498,7 +498,7 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
       $ldap_query = $ldap_query->rawFilter($iam_settings['filter']);
     }
     $ldap_query = $ldap_query->where($iam_settings['username_field'], '=', $user)
-      ->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname', 'distinguishedname']);
+      ->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname', 'distinguishedname', 'cn']);
 
     $user_res = $ldap_query->firstOrFail();
   } catch (Exception $e) {
@@ -513,12 +513,15 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
   }
   try {
     if (!$iam_provider->auth()->attempt($user_res['distinguishedname'][0], $pass)) {
-      $_SESSION['return'][] =  array(
-        'type' => 'danger',
-        'log' => array(__FUNCTION__, $user, '*', $user_res),
-        'msg' => 'ldap_auth_failed'
-      );
-      return false;
+      // fallback to cn
+      if (!$iam_provider->auth()->attempt($user_res['cn'][0], $pass)) {
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $user, '*', $user_res),
+          'msg' => 'ldap_auth_failed'
+        );
+        return false;
+      }
     }
   } catch (Exception $e) {
     // clear $_SESSION['return'] to not leak data

From b26ccc2019921aa399d801a5241dbdf21b8350c0 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Tue, 13 Aug 2024 15:59:57 +0200
Subject: [PATCH 288/755] unbound: fix healthcheck logging + added fail
 tolerance to checks (#6004)

* unbound: fix healthcheck logging to stdout + rewrote healthcheck logic

* compose: bump unbound tag

* unbound: fixed healthcheck logic
---
 data/Dockerfiles/unbound/Dockerfile         |  15 ++-
 data/Dockerfiles/unbound/healthcheck.sh     | 128 ++++++++++++--------
 data/Dockerfiles/unbound/stop-supervisor.sh |  10 ++
 data/Dockerfiles/unbound/supervisord.conf   |  32 +++++
 data/Dockerfiles/unbound/syslog-ng.conf     |  21 ++++
 docker-compose.yml                          |   2 +-
 6 files changed, 152 insertions(+), 56 deletions(-)
 create mode 100755 data/Dockerfiles/unbound/stop-supervisor.sh
 create mode 100644 data/Dockerfiles/unbound/supervisord.conf
 create mode 100644 data/Dockerfiles/unbound/syslog-ng.conf

diff --git a/data/Dockerfiles/unbound/Dockerfile b/data/Dockerfiles/unbound/Dockerfile
index 958d24e5f..fc7b14817 100644
--- a/data/Dockerfiles/unbound/Dockerfile
+++ b/data/Dockerfiles/unbound/Dockerfile
@@ -5,14 +5,17 @@ LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 RUN apk add --update --no-cache \
 	curl \
 	bind-tools \
+	coreutils \
 	unbound \
 	bash \
 	openssl \
 	drill \
 	tzdata \
+	syslog-ng \
+	supervisor \
 	&& curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache \
 	&& chown root:unbound /etc/unbound \
-  && adduser unbound tty \
+    && adduser unbound tty \
 	&& chmod 775 /etc/unbound
 
 EXPOSE 53/udp 53/tcp
@@ -21,9 +24,13 @@ COPY docker-entrypoint.sh /docker-entrypoint.sh
 
 # healthcheck (dig, ping)
 COPY healthcheck.sh /healthcheck.sh
+COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
+COPY supervisord.conf /etc/supervisor/supervisord.conf
+COPY stop-supervisor.sh /usr/local/sbin/stop-supervisor.sh
+
 RUN chmod +x /healthcheck.sh
-HEALTHCHECK --interval=30s --timeout=30s CMD [ "/healthcheck.sh" ]
+HEALTHCHECK --interval=30s --timeout=10s \
+  CMD sh -c '[ -f /tmp/healthcheck_status ] && [ "$(cat /tmp/healthcheck_status)" -eq 0 ] || exit 1'
 
 ENTRYPOINT ["/docker-entrypoint.sh"]
-
-CMD ["/usr/sbin/unbound"]
+CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
diff --git a/data/Dockerfiles/unbound/healthcheck.sh b/data/Dockerfiles/unbound/healthcheck.sh
index 3da98e245..7d9181127 100644
--- a/data/Dockerfiles/unbound/healthcheck.sh
+++ b/data/Dockerfiles/unbound/healthcheck.sh
@@ -1,76 +1,102 @@
 #!/bin/bash
 
-# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!)
-if [[ "${SKIP_UNBOUND_HEALTHCHECK}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-    SKIP_UNBOUND_HEALTHCHECK=y
-fi
+STATUS_FILE="/tmp/healthcheck_status"
+RUNS=0
 
-# Reset logfile
-echo "$(date +"%Y-%m-%d %H:%M:%S"): Starting health check - logs can be found in /var/log/healthcheck.log"
-echo "$(date +"%Y-%m-%d %H:%M:%S"): Starting health check" > /var/log/healthcheck.log
-
-# Declare log function for logfile inside container
-function log_to_file() {
-    echo "$(date +"%Y-%m-%d %H:%M:%S"): $1" >> /var/log/healthcheck.log
+# Declare log function for logfile to stdout
+function log_to_stdout() {
+echo "$(date +"%Y-%m-%d %H:%M:%S"): $1"
 }
 
 # General Ping function to check general pingability
 function check_ping() {
-    declare -a ipstoping=("1.1.1.1" "8.8.8.8" "9.9.9.9")
+declare -a ipstoping=("1.1.1.1" "8.8.8.8" "9.9.9.9")
+local fail_tolerance=1
+local failures=0
 
-    for ip in "${ipstoping[@]}" ; do
-            ping -q -c 3 -w 5 "$ip"
-            if [ $? -ne 0 ]; then
-                log_to_file "Healthcheck: Couldn't ping $ip for 5 seconds... Gave up!"
-                log_to_file "Please check your internet connection or firewall rules to fix this error, because a simple ping test should always go through from the unbound container!"
-                return 1
-            fi
+for ip in "${ipstoping[@]}" ; do
+    success=false
+    for ((i=1; i<=3; i++)); do
+        ping -q -c 3 -w 5 "$ip" > /dev/null
+        if [ $? -eq 0 ]; then
+            success=true
+            break
+        else
+            log_to_stdout "Healthcheck: Failed to ping $ip on attempt $i. Trying again..."
+        fi
     done
+    
+    if [ "$success" = false ]; then
+        log_to_stdout "Healthcheck: Couldn't ping $ip after 3 attempts. Marking this IP as failed."
+        ((failures++))
+    fi
+done
+
+if [ $failures -gt $fail_tolerance ]; then
+    log_to_stdout "Healthcheck: Too many ping failures ($fail_tolerance failures allowed, you got $failures failures), marking Healthcheck as unhealthy..."
+    return 1
+fi
+
+return 0
 
-    log_to_file "Healthcheck: Ping Checks WORKING properly!"
-    return 0
 }
 
 # General DNS Resolve Check against Unbound Resolver himself
 function check_dns() {
-    declare -a domains=("mailcow.email" "github.com" "hub.docker.com")
+declare -a domains=("fuzzy.mailcow.email" "github.com" "hub.docker.com")
+local fail_tolerance=1
+local failures=0
 
-    for domain in "${domains[@]}" ; do
-        for ((i=1; i<=3; i++)); do
-            dig +short +timeout=2 +tries=1 "$domain" @127.0.0.1 > /dev/null
-        if [ $? -ne 0 ]; then
-            log_to_file "Healthcheck: DNS Resolution Failed on $i attempt! Trying again..."
-            if [ $i -eq 3 ]; then
-                log_to_file "Healthcheck: DNS Resolution not possible after $i attempts... Gave up!"
-                log_to_file "Maybe check your outbound firewall, as it needs to resolve DNS over TCP AND UDP!"
-                return 1
-            fi
+for domain in "${domains[@]}" ; do
+    success=false
+    for ((i=1; i<=3; i++)); do
+        dig_output=$(dig +short +timeout=2 +tries=1 "$domain" @127.0.0.1 2>/dev/null)
+        dig_rc=$?
+
+        if [ $dig_rc -ne 0 ] || [ -z "$dig_output" ]; then
+            log_to_stdout "Healthcheck: DNS Resolution Failed on attempt $i for $domain! Trying again..."
+        else
+            success=true
+            break
         fi
-        done
     done
-
-    log_to_file "Healthcheck: DNS Resolver WORKING properly!"
-    return 0
     
+    if [ "$success" = false ]; then
+        log_to_stdout "Healthcheck: DNS Resolution not possible after 3 attempts for $domain... Gave up!"
+        ((failures++))
+    fi
+done
+
+if [ $failures -gt $fail_tolerance ]; then
+    log_to_stdout "Healthcheck: Too many DNS failures ($fail_tolerance failures allowed, you got $failures failures), marking Healthcheck as unhealthy..."
+    return 1
+fi
+
+return 0
 }
 
-if [[ ${SKIP_UNBOUND_HEALTHCHECK} == "y" ]]; then
-    log_to_file "Healthcheck: ALL CHECKS WERE SKIPPED! Unbound is healthy!"
-    exit 0
-fi
+while true; do
 
-# run checks, if check is not returning 0 (return value if check is ok), healthcheck will exit with 1 (marked in docker as unhealthy)
-check_ping
+    if [[ ${SKIP_UNBOUND_HEALTHCHECK} == "y" ]]; then
+    log_to_stdout "Healthcheck: ALL CHECKS WERE SKIPPED! Unbound is healthy!"
+    echo "0" > $STATUS_FILE
+    sleep 365d
+    fi
 
-if [ $? -ne 0 ]; then
-    exit 1
-fi
+    # run checks, if check is not returning 0 (return value if check is ok), healthcheck will exit with 1 (marked in docker as unhealthy)
+    check_ping
+    PING_STATUS=$?
 
-check_dns
+    check_dns
+    DNS_STATUS=$?
 
-if [ $? -ne 0 ]; then
-    exit 1
-fi
+    if [ $PING_STATUS -ne 0 ] || [ $DNS_STATUS -ne 0 ]; then
+        echo "1" > $STATUS_FILE
 
-log_to_file "Healthcheck: ALL CHECKS WERE SUCCESSFUL! Unbound is healthy!"
-exit 0
\ No newline at end of file
+    else
+        echo "0" > $STATUS_FILE
+    fi
+
+    sleep 30
+
+done
\ No newline at end of file
diff --git a/data/Dockerfiles/unbound/stop-supervisor.sh b/data/Dockerfiles/unbound/stop-supervisor.sh
new file mode 100755
index 000000000..acd402738
--- /dev/null
+++ b/data/Dockerfiles/unbound/stop-supervisor.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+printf "READY\n";
+
+while read line; do
+  echo "Processing Event: $line" >&2;
+  kill -3 $(cat "/var/run/supervisord.pid")
+done < /dev/stdin
+
+rm -rf /tmp/healthcheck_status
\ No newline at end of file
diff --git a/data/Dockerfiles/unbound/supervisord.conf b/data/Dockerfiles/unbound/supervisord.conf
new file mode 100644
index 000000000..b47c8b11b
--- /dev/null
+++ b/data/Dockerfiles/unbound/supervisord.conf
@@ -0,0 +1,32 @@
+[supervisord]
+nodaemon=true
+user=root
+pidfile=/var/run/supervisord.pid
+
+[program:syslog-ng]
+command=/usr/sbin/syslog-ng --foreground --no-caps
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+autostart=true
+
+[program:unbound]
+command=/usr/sbin/unbound
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+autorestart=true
+
+[program:unbound-healthcheck]
+command=/bin/bash /healthcheck.sh
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+autorestart=true
+
+[eventlistener:processes]
+command=/usr/local/sbin/stop-supervisor.sh
+events=PROCESS_STATE_STOPPED, PROCESS_STATE_EXITED, PROCESS_STATE_FATAL
diff --git a/data/Dockerfiles/unbound/syslog-ng.conf b/data/Dockerfiles/unbound/syslog-ng.conf
new file mode 100644
index 000000000..de858f9e0
--- /dev/null
+++ b/data/Dockerfiles/unbound/syslog-ng.conf
@@ -0,0 +1,21 @@
+@version: 4.5
+@include "scl.conf"
+options {
+  chain_hostnames(off);
+  flush_lines(0);
+  use_dns(no);
+  use_fqdn(no);
+  owner("root"); group("adm"); perm(0640);
+  stats(freq(0));
+  keep_timestamp(no);
+  bad_hostname("^gconfd$");
+};
+source s_dgram {
+  unix-dgram("/dev/log");
+  internal();
+};
+destination d_stdout { pipe("/dev/stdout"); };
+log {
+  source(s_dgram);
+  destination(d_stdout);
+};
diff --git a/docker-compose.yml b/docker-compose.yml
index 1df07ea15..59f417856 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,7 @@
 services:
 
     unbound-mailcow:
-      image: mailcow/unbound:1.22
+      image: mailcow/unbound:1.23
       environment:
         - TZ=${TZ}
         - SKIP_UNBOUND_HEALTHCHECK=${SKIP_UNBOUND_HEALTHCHECK:-n}

From a6f71faf46d5f30c762c35f5f6d16fac293a53e5 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Tue, 13 Aug 2024 16:07:09 +0200
Subject: [PATCH 289/755] github-actions: compacted auto nightly pr

---
 .github/ISSUE_TEMPLATE/pr_to_nighty_template.yml | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/pr_to_nighty_template.yml b/.github/ISSUE_TEMPLATE/pr_to_nighty_template.yml
index 8854ac9de..d9f878584 100644
--- a/.github/ISSUE_TEMPLATE/pr_to_nighty_template.yml
+++ b/.github/ISSUE_TEMPLATE/pr_to_nighty_template.yml
@@ -1,13 +1,3 @@
-## :memo:  Brief description
-<!-- Diff summary - START -->
-<!-- Diff summary - END -->
-
-
-## :computer:  Commits
-<!-- Diff commits - START -->
-<!-- Diff commits - END -->
-
-
 ## :file_folder:  Modified files
 <!-- Diff files - START -->
-<!-- Diff files - END -->
+<!-- Diff files - END -->
\ No newline at end of file

From e34afd3fdddabb82f4d71bf7e1e554d13ff21497 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 14 Aug 2024 10:02:59 +0200
Subject: [PATCH 290/755] flatcurve-fts: limit tokenizers for email adresses

---
 data/Dockerfiles/dovecot/docker-entrypoint.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index bd1a44f38..c7564cadd 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -257,10 +257,14 @@ plugin {
     fts_autoindex_exclude2 = \Trash
     fts = flatcurve
 
+    # Maximum term length can be set via the 'maxlen' argument (maxlen is
+    # specified in bytes, not number of UTF-8 characters)
+    fts_tokenizer_email_address = maxlen=100
+    fts_tokenizer_generic = algorithm=simple maxlen=30
+
     # These are not flatcurve settings, but required for Dovecot FTS. See
     # Dovecot FTS Configuration link above for further information.
     fts_languages = en es de
-    fts_tokenizer_generic = algorithm=simple
     fts_tokenizers = generic email-address
 
     # OPTIONAL: Recommended default FTS core configuration

From 1994f706c09f7a6d0ff0c8a858e2fa0db9af17dd Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 14 Aug 2024 10:03:42 +0200
Subject: [PATCH 291/755] dovecot: optimized dockerfile syntax

---
 data/Dockerfiles/dovecot/Dockerfile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index a832bff6b..4b004cdf1 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -1,12 +1,12 @@
 FROM alpine:3.20
 
-LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
+LABEL maintainer="The Infrastructure Company GmbH <info@servercow.de>"
 
 # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced extractVersion=^(?<version>.*)$
 ARG GOSU_VERSION=1.16
 
-ENV LANG C.UTF-8
-ENV LC_ALL C.UTF-8
+ENV LANG=C.UTF-8
+ENV LC_ALL=C.UTF-8
 
 # Add groups and users before installing Dovecot to not break compatibility
 RUN addgroup -g 5000 vmail \
@@ -133,4 +133,4 @@ COPY repl_health.sh /usr/local/bin/repl_health.sh
 COPY optimize-fts.sh /usr/local/bin/optimize-fts.sh
 
 ENTRYPOINT ["/docker-entrypoint.sh"]
-CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]

From 1fc964d72e9ddfee505b4039e45049bdf52cf365 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 14 Aug 2024 10:12:10 +0200
Subject: [PATCH 292/755] compose: bump dovecot image to newest nightly
 (20240814)

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 7e0cf46b9..3913067bc 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -238,7 +238,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:nightly-20240807
+      image: mailcow/dovecot:nightly-20240814
       depends_on:
         - mysql-mailcow
         - netfilter-mailcow

From 6c97c4f372b35bc9237a0d9f9b5696ff24cf0797 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Thu, 15 Aug 2024 09:50:36 +0200
Subject: [PATCH 293/755] Revert "Don't expose SMTP/IMAP if announced "not
 provided" via SRV"

---
 data/web/autoconfig.php | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/data/web/autoconfig.php b/data/web/autoconfig.php
index 750463419..95952df0d 100644
--- a/data/web/autoconfig.php
+++ b/data/web/autoconfig.php
@@ -39,9 +39,6 @@ header('Content-Type: application/xml');
          <username>%EMAILADDRESS%</username>
          <authentication>password-cleartext</authentication>
       </incomingServer>
-<?php
-$records = dns_get_record('_imap._tcp.' . $domain, DNS_SRV); // check if IMAP is announced as "not provided" via SRV record
-if (count($records) == 0 || $records[0]['target'] != '') { ?>
       <incomingServer type="imap">
          <hostname><?=$autodiscover_config['imap']['server']; ?></hostname>
          <port><?=$autodiscover_config['imap']['tlsport']; ?></port>
@@ -49,7 +46,6 @@ if (count($records) == 0 || $records[0]['target'] != '') { ?>
          <username>%EMAILADDRESS%</username>
          <authentication>password-cleartext</authentication>
       </incomingServer>
-<?php } ?>
 
 <?php
 $records = dns_get_record('_pop3s._tcp.' . $domain, DNS_SRV); // check if POP3 is announced as "not provided" via SRV record
@@ -81,9 +77,6 @@ if (count($records) == 0 || $records[0]['target'] != '') { ?>
          <username>%EMAILADDRESS%</username>
          <authentication>password-cleartext</authentication>
       </outgoingServer>
-<?php
-$records = dns_get_record('_smtp._tcp.' . $domain, DNS_SRV); // check if SMTP is announced as "not provided" via SRV record
-if (count($records) == 0 || $records[0]['target'] != '') { ?>
       <outgoingServer type="smtp">
          <hostname><?=$autodiscover_config['smtp']['server']; ?></hostname>
          <port><?=$autodiscover_config['smtp']['tlsport']; ?></port>
@@ -91,7 +84,6 @@ if (count($records) == 0 || $records[0]['target'] != '') { ?>
          <username>%EMAILADDRESS%</username>
          <authentication>password-cleartext</authentication>
       </outgoingServer>
-<?php } ?>
 
       <enable visiturl="https://<?=$mailcow_hostname; ?><?php if ($port != 443) echo ':'.$port; ?>/admin.php">
          <instruction>If you didn't change the password given to you by the administrator or if you didn't change it in a long time, please consider doing that now.</instruction>

From c5e399ebc2c15f5ff2eb570894ffe37ef82bda27 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 15 Aug 2024 11:09:37 +0200
Subject: [PATCH 294/755] .github: Add pull_request_template.md

---
 .github/PULL_REQUEST_TEMPLATE.md | 38 ++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 .github/PULL_REQUEST_TEMPLATE.md

diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 000000000..68ead39fa
--- /dev/null
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,38 @@
+<!-- _Please make sure to review and check all of these items, otherwise we might refuse your PR:_ -->
+
+## Contribution Guidelines
+
+* [ ] I've read the [contribution guidelines](https://github.com/mailcow/mailcow-dockerized/blob/master/CONTRIBUTING.md) and wholeheartedly agree them
+
+<!-- _NOTE: this tickbox is needed to fullfil on order to get your PR reviewed._ -->
+
+## What does this PR include?
+
+### Short Description
+
+<!-- Please write a short description, what your PR does here. -->
+
+###  Affected Containers
+
+<!-- Please list all affected Docker containers here, which you commited changes to -->
+
+<!--
+
+Please list them like this:
+
+- container1
+- container2
+- container3
+etc.
+
+-->
+
+## Did you run tests?
+
+### What did you tested?
+
+<!-- Please write shortly, what you've tested (which components etc.). -->
+
+### What were the final results? (Awaited, got)
+
+<!-- Please write shortly, what your final tests results were. What did you awaited? Was the outcome the awaited one? -->
\ No newline at end of file

From e00d0d5f8de369fd8499aae78825aa4a670449e3 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 15 Aug 2024 11:32:28 +0200
Subject: [PATCH 295/755] Updated contributing.md

---
 CONTRIBUTING.md | 33 +++++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 623d2cabc..fae8f1d5f 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,25 +1,42 @@
-# Contribution Guidelines (Last modified on 27th June 2024)
+# Contribution Guidelines
+**_Last modified on 15th August 2024_**
 
 First of all, thank you for wanting to provide a bugfix or a new feature for the mailcow community, it's because of your help that the project can continue to grow!
 
-## Pull Requests (Last modified on 27th June 2024)
+As we want to keep mailcow's development structured we setup these Guidelines which helps you to create your issue/pull request accordingly.
+
+**PLEASE NOTE, THAT WE MIGHT CLOSE ISSUES/PULL REQUESTS IF THEY DON'T FULLFIL OUR WRITTEN GUIDELINES WRITTEN INSIDE THIS DOCUMENT**. So please check this guidelines before you propose a Issue/Pull Request.
+
+## Topics
+
+- [Pull Requests](#pull-requests)
+- [Issue Reporting](#issue-reporting)
+    - [Guidelines](#issue-reporting-guidelines)
+    - [Issue Report Guide](#issue-report-guide)
+
+## Pull Requests
+**_Last modified on 15th August 2024_**
 
 However, please note the following regarding pull requests:
 
 1. **ALWAYS** create your PR using the staging branch of your locally cloned mailcow instance, as the pull request will end up in said staging branch of mailcow once approved. Ideally, you should simply create a new branch for your pull request that is named after the type of your PR (e.g. `feat/` for function updates or `fix/` for bug fixes) and the actual content (e.g. `sogo-6.0.0` for an update from SOGo to version 6 or `html-escape` for a fix that includes escaping HTML in mailcow).
 2. **ALWAYS** report/request issues/features in the english language, even though mailcow is a german based company. This is done to allow other GitHub users to reply to your issues/requests too which did not speak german or other languages besides english.
-3. Please **keep** this pull request branch **clean** and free of commits that have nothing to do with the changes you have made (e.g. commits from other users from other branches). *If you make changes to the `update.sh` script or other scripts that trigger a commit, there is usually a developer mode for clean working in this case.
+3. Please **keep** this pull request branch **clean** and free of commits that have nothing to do with the changes you have made (e.g. commits from other users from other branches). *If you make changes to the `update.sh` script or other scripts that trigger a commit, there is usually a developer mode for clean working in this case.*
 4. **Test your changes before you commit them as a pull request.** <ins>If possible</ins>, write a small **test log** or demonstrate the functionality with a **screenshot or GIF**. *We will of course also test your pull request ourselves, but proof from you will save us the question of whether you have tested your own changes yourself.*
-5. Please **ALWAYS** create the actual pull request against the staging branch and **NEVER** directly against the master branch. *If you forget to do this, our moobot will remind you to switch the branch to staging.*
-6. Wait for a merge commit: It may happen that we do not accept your pull request immediately or sometimes not at all for various reasons. Please do not be disappointed if this is the case. We always endeavor to incorporate any meaningful changes from the community into the mailcow project.
-7. If you are planning larger and therefore more complex pull requests, it would be advisable to first announce this in a separate issue and then start implementing it after the idea has been accepted in order to avoid unnecessary frustration and effort!
+5. **Please use** the pull request template we provide once creating a pull request. *HINT: During editing you encounter comments which looks like: `<!-- CONTENT -->`. These can be removed or kept, as they will not rendered later on GitHub! Please only create actual content without the said comments.* 
+6. Please **ALWAYS** create the actual pull request against the staging branch and **NEVER** directly against the master branch. *If you forget to do this, our moobot will remind you to switch the branch to staging.*
+7. Wait for a merge commit: It may happen that we do not accept your pull request immediately or sometimes not at all for various reasons. Please do not be disappointed if this is the case. We always endeavor to incorporate any meaningful changes from the community into the mailcow project.
+8. If you are planning larger and therefore more complex pull requests, it would be advisable to first announce this in a separate issue and then start implementing it after the idea has been accepted in order to avoid unnecessary frustration and effort!
 
 ---
 
-## Issue Reporting (Last modified on 27th June 2024)
+## Issue Reporting
+**_Last modified on 15th August 2024_**
 
 If you plan to report a issue within mailcow please read and understand the following rules:
 
+### Issue Reporting Guidelines
+
 1. **ONLY** use the issue tracker for bug reports or improvement requests and NOT for support questions. For support questions you can either contact the [mailcow community on Telegram](https://docs.mailcow.email/#community-support-and-chat) or the mailcow team directly in exchange for a [support fee](https://docs.mailcow.email/#commercial-support).
 2. **ONLY** report an error if you have the **necessary know-how (at least the basics)** for the administration of an e-mail server and the usage of Docker. mailcow is a complex and fully-fledged e-mail server including groupware components on a Docker basement and it requires a bit of technical know-how for debugging and operating.
 3. **ALWAYS** report/request issues/features in the english language, even though mailcow is a german based company. This is done to allow other GitHub users to reply to your issues/requests too which did not speak german or other languages besides english.
@@ -29,7 +46,7 @@ If you plan to report a issue within mailcow please read and understand the foll
 7. When you create a issue/feature request: Please note that the creation does <ins>**not guarantee an instant implementation or fix by the mailcow team or the community**</ins>.
 8. Please **ALWAYS** anonymize any sensitive information in your bug report or feature request before submitting it.
 
-### Quick guide to reporting problems:
+### Issue Report Guide
 1. Read your logs; follow them to see what the reason for your problem is.
 2. Follow the leads given to you in your logfiles and start investigating.
 3. Restarting the troubled service or the whole stack to see if the problem persists.

From fa3c453d6eed90acc6e86d1600802494f9e5dd87 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 15 Aug 2024 12:49:57 +0200
Subject: [PATCH 296/755] Use DN instead of DistinguishedName for LDAP login

---
 data/web/inc/functions.auth.inc.php | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index f93eb54cf..943bb1647 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -498,7 +498,7 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
       $ldap_query = $ldap_query->rawFilter($iam_settings['filter']);
     }
     $ldap_query = $ldap_query->where($iam_settings['username_field'], '=', $user)
-      ->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname', 'distinguishedname', 'cn']);
+      ->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname', 'distinguishedname', 'dn']);
 
     $user_res = $ldap_query->firstOrFail();
   } catch (Exception $e) {
@@ -506,29 +506,26 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
     $_SESSION['return'] = array();
     $_SESSION['return'][] =  array(
       'type' => 'danger',
-      'log' => array(__FUNCTION__, $user, '*'),
+      'log' => array(__FUNCTION__, $user, '*', $e->getMessage()),
       'msg' => 'ldap_error'
     );
     return false;
   }
   try {
-    if (!$iam_provider->auth()->attempt($user_res['distinguishedname'][0], $pass)) {
-      // fallback to cn
-      if (!$iam_provider->auth()->attempt($user_res['cn'][0], $pass)) {
-        $_SESSION['return'][] =  array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $user, '*', $user_res),
-          'msg' => 'ldap_auth_failed'
-        );
-        return false;
-      }
+    if (!$iam_provider->auth()->attempt($user_res['dn'], $pass)) {
+      $_SESSION['return'][] =  array(
+        'type' => 'danger',
+        'log' => array(__FUNCTION__, $user, '*', $user_res),
+        'msg' => 'ldap_auth_failed'
+      );
+      return false;
     }
   } catch (Exception $e) {
     // clear $_SESSION['return'] to not leak data
     $_SESSION['return'] = array();
     $_SESSION['return'][] =  array(
       'type' => 'danger',
-      'log' => array(__FUNCTION__, $user, '*'),
+      'log' => array(__FUNCTION__, $user, '*', $e->getMessage()),
       'msg' => 'ldap_error'
     );
     return false;

From eb3f88fc91b38688baa91529c3d39fe2e486c3e1 Mon Sep 17 00:00:00 2001
From: Janek <6506725+jkrgr0@users.noreply.github.com>
Date: Fri, 16 Aug 2024 08:47:03 +0200
Subject: [PATCH 297/755] =?UTF-8?q?fix:=20=F0=9F=9A=91=20Fixed=20version?=
 =?UTF-8?q?=20parsing=20of=20docker?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Only the first result (the major version) is relevant

Closes #6015
---
 update.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/update.sh b/update.sh
index b89514e58..9b7fd2652 100755
--- a/update.sh
+++ b/update.sh
@@ -329,7 +329,7 @@ for bin in curl docker git awk sha1sum grep cut; do
 done
 
 # Check Docker Version (need at least 24.X)
-docker_version=$(docker -v | grep -oP '\d+\.\d+\.\d+' | cut -d '.' -f 1)
+docker_version=$(docker -v | grep -oP '\d+\.\d+\.\d+' | cut -d '.' -f 1 | head -1)
 
 if [[ $docker_version -lt 24 ]]; then
   echo -e "\e[31mCannot find Docker with a Version higher or equals 24.0.0\e[0m"

From f3da8bb85ff98164f45c742aff957c960b75c69e Mon Sep 17 00:00:00 2001
From: Hassan A Hashim <h3ssan@protonmail.com>
Date: Mon, 19 Aug 2024 11:42:11 +0300
Subject: [PATCH 298/755] Refactor/Change Dockerfiles cmd from shell to exec
 form (#6019)

* Update `dockerapi/Dockerfile` CMD from shell to exec format

* Update `postfix/Dockerfile` CMD from shell to exec format

* Update `sogo/Dockerfile` CMD from shell to exec format

* Update `unbound/Dockerfile` CMD from shell to exec format

* Update `watchdog/Dockerfile` CMD from shell to exec format
---
 data/Dockerfiles/dockerapi/Dockerfile | 2 +-
 data/Dockerfiles/postfix/Dockerfile   | 2 +-
 data/Dockerfiles/sogo/Dockerfile      | 2 +-
 data/Dockerfiles/unbound/Dockerfile   | 2 +-
 data/Dockerfiles/watchdog/Dockerfile  | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/data/Dockerfiles/dockerapi/Dockerfile b/data/Dockerfiles/dockerapi/Dockerfile
index 92c19dcc1..bbd4542e6 100644
--- a/data/Dockerfiles/dockerapi/Dockerfile
+++ b/data/Dockerfiles/dockerapi/Dockerfile
@@ -24,4 +24,4 @@ COPY main.py /app/main.py
 COPY modules/ /app/modules/
 
 ENTRYPOINT ["/bin/sh", "/app/docker-entrypoint.sh"]
-CMD exec python main.py
\ No newline at end of file
+CMD ["python", "main.py"]
\ No newline at end of file
diff --git a/data/Dockerfiles/postfix/Dockerfile b/data/Dockerfiles/postfix/Dockerfile
index 0f1911c62..5449360b3 100644
--- a/data/Dockerfiles/postfix/Dockerfile
+++ b/data/Dockerfiles/postfix/Dockerfile
@@ -60,4 +60,4 @@ EXPOSE 588
 
 ENTRYPOINT ["/docker-entrypoint.sh"]
 
-CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
diff --git a/data/Dockerfiles/sogo/Dockerfile b/data/Dockerfiles/sogo/Dockerfile
index 2485b6a8e..7b8b1c717 100644
--- a/data/Dockerfiles/sogo/Dockerfile
+++ b/data/Dockerfiles/sogo/Dockerfile
@@ -55,4 +55,4 @@ RUN chmod +x /bootstrap-sogo.sh \
 
 ENTRYPOINT ["/docker-entrypoint.sh"]
 
-CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
\ No newline at end of file
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
\ No newline at end of file
diff --git a/data/Dockerfiles/unbound/Dockerfile b/data/Dockerfiles/unbound/Dockerfile
index fc7b14817..7e4f18dec 100644
--- a/data/Dockerfiles/unbound/Dockerfile
+++ b/data/Dockerfiles/unbound/Dockerfile
@@ -33,4 +33,4 @@ HEALTHCHECK --interval=30s --timeout=10s \
   CMD sh -c '[ -f /tmp/healthcheck_status ] && [ "$(cat /tmp/healthcheck_status)" -eq 0 ] || exit 1'
 
 ENTRYPOINT ["/docker-entrypoint.sh"]
-CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
diff --git a/data/Dockerfiles/watchdog/Dockerfile b/data/Dockerfiles/watchdog/Dockerfile
index 0f3e7dfb9..f8aa262bb 100644
--- a/data/Dockerfiles/watchdog/Dockerfile
+++ b/data/Dockerfiles/watchdog/Dockerfile
@@ -37,4 +37,4 @@ RUN apk add --update \
 COPY watchdog.sh /watchdog.sh
 COPY check_mysql_slavestatus.sh /usr/lib/nagios/plugins/check_mysql_slavestatus.sh
 
-CMD /watchdog.sh
+CMD ["/watchdog.sh"]

From cb50d08605875e4f1862d6309e3ff9145423c9ad Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Mon, 19 Aug 2024 11:08:13 +0200
Subject: [PATCH 299/755] dovecot: added timeout option when sa-rules cannot be
 downloaded (#6025)

* dovecot: added timeout option when sa-rules cannot be downloaded

* dovecot: changed sa-rules exit code to 0 to allow dovecot to start afterwards
---
 data/Dockerfiles/dovecot/sa-rules.sh | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/data/Dockerfiles/dovecot/sa-rules.sh b/data/Dockerfiles/dovecot/sa-rules.sh
index 107ea7172..2a513805a 100755
--- a/data/Dockerfiles/dovecot/sa-rules.sh
+++ b/data/Dockerfiles/dovecot/sa-rules.sh
@@ -11,10 +11,14 @@ else
 fi
 
 # Deploy
-curl --connect-timeout 15 --retry 10 --max-time 30 https://www.spamassassin.heinlein-support.de/$(dig txt 1.4.3.spamassassin.heinlein-support.de +short | tr -d '"' | tr -dc '0-9').tar.gz --output /tmp/sa-rules-heinlein.tar.gz
-if gzip -t /tmp/sa-rules-heinlein.tar.gz; then
-  tar xfvz /tmp/sa-rules-heinlein.tar.gz -C /tmp/sa-rules-heinlein
-  cat /tmp/sa-rules-heinlein/*cf > /etc/rspamd/custom/sa-rules
+if curl --connect-timeout 15 --retry 10 --max-time 30 https://www.spamassassin.heinlein-support.de/$(dig txt 1.4.3.spamassassin.heinlein-support.de +short | tr -d '"' | tr -dc '0-9').tar.gz --output /tmp/sa-rules-heinlein.tar.gz; then
+  if gzip -t /tmp/sa-rules-heinlein.tar.gz; then
+    tar xfvz /tmp/sa-rules-heinlein.tar.gz -C /tmp/sa-rules-heinlein
+    cat /tmp/sa-rules-heinlein/*cf > /etc/rspamd/custom/sa-rules
+  fi
+else
+  echo "Failed to download SA rules. Exiting."
+  exit 0 # Must be 0 otherwise dovecot would not start at all
 fi
 
 sed -i -e 's/\([^\\]\)\$\([^\/]\)/\1\\$\2/g' /etc/rspamd/custom/sa-rules

From b70bcd36fbe84136285ccbce92fa7839f830e350 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Mon, 19 Aug 2024 11:33:28 +0200
Subject: [PATCH 300/755] containers: use mariadb-admin instead of deprecated
 mysqladmin (#6026)

* dockerfiles: use mariadb-admin instead of deprecated mysqladmin command

* compose: bump compose tags
---
 data/Dockerfiles/acme/acme.sh                 |  2 +-
 data/Dockerfiles/dovecot/docker-entrypoint.sh |  2 +-
 data/Dockerfiles/phpfpm/docker-entrypoint.sh  |  4 ++--
 data/Dockerfiles/postfix/postfix.sh           |  2 +-
 data/Dockerfiles/sogo/bootstrap-sogo.sh       |  2 +-
 data/Dockerfiles/watchdog/watchdog.sh         |  2 +-
 docker-compose.yml                            | 12 ++++++------
 7 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/data/Dockerfiles/acme/acme.sh b/data/Dockerfiles/acme/acme.sh
index 9682684e4..3c7658d84 100755
--- a/data/Dockerfiles/acme/acme.sh
+++ b/data/Dockerfiles/acme/acme.sh
@@ -117,7 +117,7 @@ fi
 chmod 600 ${ACME_BASE}/key.pem
 
 log_f "Waiting for database..."
-while ! mysqladmin status --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent > /dev/null; do
+while ! /usr/bin/mariadb-admin status --ssl=false --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent > /dev/null; do
   sleep 2
 done
 log_f "Database OK"
diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index c7564cadd..2f0bfadf3 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -2,7 +2,7 @@
 set -e
 
 # Wait for MySQL to warm-up
-while ! mysqladmin status --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
+while ! mariadb-admin status --ssl=false --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
   echo "Waiting for database to come up..."
   sleep 2
 done
diff --git a/data/Dockerfiles/phpfpm/docker-entrypoint.sh b/data/Dockerfiles/phpfpm/docker-entrypoint.sh
index 87b4e298d..798a25851 100755
--- a/data/Dockerfiles/phpfpm/docker-entrypoint.sh
+++ b/data/Dockerfiles/phpfpm/docker-entrypoint.sh
@@ -3,7 +3,7 @@
 function array_by_comma { local IFS=","; echo "$*"; }
 
 # Wait for containers
-while ! mysqladmin status --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
+while ! mariadb-admin status --ssl=false --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
   echo "Waiting for SQL..."
   sleep 2
 done
@@ -44,7 +44,7 @@ until [[ ${SQL_UPGRADE_STATUS} == 'success' ]]; do
     echo "MySQL applied an upgrade, debug output:"
     echo ${SQL_FULL_UPGRADE_RETURN}
     sleep 3
-    while ! mysqladmin status --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
+    while ! mariadb-admin status --ssl=false --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
       echo "Waiting for SQL to return, please wait"
       sleep 2
     done
diff --git a/data/Dockerfiles/postfix/postfix.sh b/data/Dockerfiles/postfix/postfix.sh
index a173e9a77..8ffb76f6a 100755
--- a/data/Dockerfiles/postfix/postfix.sh
+++ b/data/Dockerfiles/postfix/postfix.sh
@@ -5,7 +5,7 @@ trap "postfix stop" EXIT
 [[ ! -d /opt/postfix/conf/sql/ ]] && mkdir -p /opt/postfix/conf/sql/
 
 # Wait for MySQL to warm-up
-while ! mysqladmin status --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
+while ! mariadb-admin status --ssl=false --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
   echo "Waiting for database to come up..."
   sleep 2
 done
diff --git a/data/Dockerfiles/sogo/bootstrap-sogo.sh b/data/Dockerfiles/sogo/bootstrap-sogo.sh
index bae060542..51880ea60 100755
--- a/data/Dockerfiles/sogo/bootstrap-sogo.sh
+++ b/data/Dockerfiles/sogo/bootstrap-sogo.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # Wait for MySQL to warm-up
-while ! mysqladmin status --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
+while ! mariadb-admin status --ssl=false --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
   echo "Waiting for database to come up..."
   sleep 2
 done
diff --git a/data/Dockerfiles/watchdog/watchdog.sh b/data/Dockerfiles/watchdog/watchdog.sh
index 7f125f76d..81d65d907 100755
--- a/data/Dockerfiles/watchdog/watchdog.sh
+++ b/data/Dockerfiles/watchdog/watchdog.sh
@@ -33,7 +33,7 @@ if [[ ! -p /tmp/com_pipe ]]; then
 fi
 
 # Wait for containers
-while ! mysqladmin status --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
+while ! mariadb-admin status --ssl=false --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
   echo "Waiting for SQL..."
   sleep 2
 done
diff --git a/docker-compose.yml b/docker-compose.yml
index 59f417856..cf0a028ff 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -111,7 +111,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.88
+      image: mailcow/phpfpm:1.89
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow
@@ -176,7 +176,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.124
+      image: mailcow/sogo:1.125
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}
@@ -223,7 +223,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:2.0
+      image: mailcow/dovecot:2.1
       depends_on:
         - mysql-mailcow
         - netfilter-mailcow
@@ -307,7 +307,7 @@ services:
             - dovecot
 
     postfix-mailcow:
-      image: mailcow/postfix:1.75
+      image: mailcow/postfix:1.76
       depends_on:
         mysql-mailcow:
           condition: service_started
@@ -407,7 +407,7 @@ services:
           condition: service_started
         unbound-mailcow:
           condition: service_healthy
-      image: mailcow/acme:1.89
+      image: mailcow/acme:1.90
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:
@@ -463,7 +463,7 @@ services:
         - /lib/modules:/lib/modules:ro
 
     watchdog-mailcow:
-      image: mailcow/watchdog:2.04
+      image: mailcow/watchdog:2.05
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       tmpfs:

From 3d628696643d5b1a1dd68bcbc5ff3051c0d1b0c6 Mon Sep 17 00:00:00 2001
From: Hassan A Hashim <h3ssan@protonmail.com>
Date: Mon, 19 Aug 2024 16:47:55 +0300
Subject: [PATCH 301/755] Fix: bash variables are not quoted (#6022)

* Fix: Double quote variables to prevent word splitting

* Fix `update.sh`: Double quote to prevent word splitting

* Refactor: Remove unnecessary white-spaces.
---
 generate_config.sh |  10 +-
 update.sh          | 290 ++++++++++++++++++++++-----------------------
 2 files changed, 150 insertions(+), 150 deletions(-)

diff --git a/generate_config.sh b/generate_config.sh
index cc5ba1ce2..4d8fcd263 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -9,7 +9,7 @@ if [[ "$(uname -r)" =~ ^4\.15\.0-60 ]]; then
 fi
 
 if [[ "$(uname -r)" =~ ^4\.4\. ]]; then
-  if grep -q Ubuntu <<< $(uname -a); then
+  if grep -q Ubuntu <<< "$(uname -a)"; then
     echo "DO NOT RUN mailcow ON THIS UBUNTU KERNEL!";
     echo "Please update to linux-generic-hwe-16.04 by running \"apt-get install --install-recommends linux-generic-hwe-16.04\""
     exit 1
@@ -158,7 +158,7 @@ done
 MEM_TOTAL=$(awk '/MemTotal/ {print $2}' /proc/meminfo)
 
 if [ -z "${SKIP_CLAMD}" ]; then
-  if [ ${MEM_TOTAL} -le "2621440" ]; then
+  if [ "${MEM_TOTAL}" -le "2621440" ]; then
     echo "Installed memory is <= 2.5 GiB. It is recommended to disable ClamAV to prevent out-of-memory situations."
     echo "ClamAV can be re-enabled by setting SKIP_CLAMD=n in mailcow.conf."
     read -r -p  "Do you want to disable ClamAV now? [Y/n] " response
@@ -176,10 +176,10 @@ if [ -z "${SKIP_CLAMD}" ]; then
 fi
 
 if [ -z "${SKIP_SOLR}" ]; then
-  if [ ${MEM_TOTAL} -le "2097152" ]; then
+  if [ "${MEM_TOTAL}" -le "2097152" ]; then
     echo "Disabling Solr on low-memory system."
     SKIP_SOLR=y
-  elif [ ${MEM_TOTAL} -le "3670016" ]; then
+  elif [ "${MEM_TOTAL}" -le "3670016" ]; then
     echo "Installed memory is <= 3.5 GiB. It is recommended to disable Solr to prevent out-of-memory situations."
     echo "Solr is a prone to run OOM and should be monitored. The default Solr heap size is 1024 MiB and should be set in mailcow.conf according to your expected load."
     echo "Solr can be re-enabled by setting SKIP_SOLR=n in mailcow.conf but will refuse to start with less than 2 GB total memory."
@@ -218,7 +218,7 @@ if [[ ${SKIP_BRANCH} != y ]]; then
   done
 
   git fetch --all
-  git checkout -f $MAILCOW_BRANCH
+  git checkout -f "$MAILCOW_BRANCH"
 
 elif [[ ${SKIP_BRANCH} == y ]]; then
   echo -e "\033[33mEnabled Dev Mode.\033[0m"
diff --git a/update.sh b/update.sh
index 9b7fd2652..6195c4fea 100755
--- a/update.sh
+++ b/update.sh
@@ -22,13 +22,13 @@ prefetch_images() {
       fi
     fi
     RET_C=0
-    until docker pull ${image}; do
+    until docker pull "${image}"; do
       RET_C=$((RET_C + 1))
       echo -e "\e[33m\nError pulling $image, retrying...\e[0m"
       [ ${RET_C} -gt 3 ] && { echo -e "\e[31m\nToo many failed retries, exiting\e[0m"; exit 1; }
       sleep 1
     done
-  done < <(git show origin/${BRANCH}:docker-compose.yml | grep "image:" | awk '{ gsub("image:","", $3); print $2 }')
+  done < <(git show "origin/${BRANCH}:docker-compose.yml" | grep "image:" | awk '{ gsub("image:","", $3); print $2 }')
 }
 
 docker_garbage() {
@@ -39,9 +39,9 @@ docker_garbage() {
   COMPOSE_IMAGES=($(grep -oP "image: \Kmailcow.+" "${SCRIPT_DIR}/docker-compose.yml"))
 
   for existing_image in $(docker images --format "{{.ID}}:{{.Repository}}:{{.Tag}}" | grep 'mailcow/'); do
-      ID=$(echo $existing_image | cut -d ':' -f 1)
-      REPOSITORY=$(echo $existing_image | cut -d ':' -f 2)
-      TAG=$(echo $existing_image | cut -d ':' -f 3)
+      ID=$(echo "$existing_image" | cut -d ':' -f 1)
+      REPOSITORY=$(echo "$existing_image" | cut -d ':' -f 2)
+      TAG=$(echo "$existing_image" | cut -d ':' -f 3)
 
       if [[ " ${COMPOSE_IMAGES[@]} " =~ " ${REPOSITORY}:${TAG} " ]]; then
           continue
@@ -109,12 +109,12 @@ migrate_docker_nat() {
           echo -e "\e[33mWarning:\e[0m You seem to have modified the /etc/docker/daemon.json configuration by yourself and not fully/correctly activated the native IPv6 NAT implementation."
           echo "You will need to merge your existing configuration manually or fix/delete the existing daemon.json configuration before trying the update process again."
           echo -e "Please merge the following content and restart the Docker daemon:\n"
-          echo ${NAT_CONFIG}
+          echo "${NAT_CONFIG}"
           return 1
       fi
     else
       echo "Working on IPv6 NAT, please wait..."
-      echo ${NAT_CONFIG} > /etc/docker/daemon.json
+      echo "${NAT_CONFIG}" > /etc/docker/daemon.json
       ip6tables -F -t nat
       [[ -e /etc/rc.conf ]] && rc-service docker restart || systemctl restart docker.service
       if [[ $? -ne 0 ]]; then
@@ -165,7 +165,7 @@ remove_obsolete_nginx_ports() {
           fi
         fi
     fi
-    done        
+    done
 }
 
 detect_docker_compose_command(){
@@ -176,11 +176,11 @@ if ! [[ "${DOCKER_COMPOSE_VERSION}" =~ ^(native|standalone)$ ]]; then
         COMPOSE_COMMAND="docker compose"
         echo -e "\e[33mFound Docker Compose Plugin (native).\e[0m"
         echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
-        sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=native/' $SCRIPT_DIR/mailcow.conf 
+        sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=native/' "$SCRIPT_DIR/mailcow.conf"
         sleep 2
         echo -e "\e[33mNotice: You'll have to update this Compose Version via your Package Manager manually!\e[0m"
       else
-        echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" 
+        echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
         echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
         exit 1
       fi
@@ -191,58 +191,58 @@ if ! [[ "${DOCKER_COMPOSE_VERSION}" =~ ^(native|standalone)$ ]]; then
         COMPOSE_COMMAND="docker-compose"
         echo -e "\e[33mFound Docker Compose Standalone.\e[0m"
         echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m"
-        sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=standalone/' $SCRIPT_DIR/mailcow.conf
+        sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=standalone/' "$SCRIPT_DIR/mailcow.conf"
         sleep 2
         echo -e "\e[33mNotice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.\e[0m"
       else
-        echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" 
+        echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
         echo -e "\e[31mPlease update/install regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
         exit 1
       fi
     fi
 
   else
-    echo -e "\e[31mCannot find Docker Compose.\e[0m" 
+    echo -e "\e[31mCannot find Docker Compose.\e[0m"
     echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
     exit 1
   fi
 
 elif [ "${DOCKER_COMPOSE_VERSION}" == "native" ]; then
   COMPOSE_COMMAND="docker compose"
-  # Check if Native Compose works and has not been deleted  
+  # Check if Native Compose works and has not been deleted
   if ! $COMPOSE_COMMAND > /dev/null 2>&1; then
     # IF it not exists/work anymore try the other command
     COMPOSE_COMMAND="docker-compose"
     if ! $COMPOSE_COMMAND > /dev/null 2>&1 || ! $COMPOSE_COMMAND --version | grep "^2." > /dev/null 2>&1; then
       # IF it cannot find Standalone in > 2.X, then script stops
-      echo -e "\e[31mCannot find Docker Compose or the Version is lower then 2.X.X.\e[0m" 
+      echo -e "\e[31mCannot find Docker Compose or the Version is lower then 2.X.X.\e[0m"
       echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
       exit 1
     fi
       # If it finds the standalone Plugin it will use this instead and change the mailcow.conf Variable accordingly
       echo -e "\e[31mFound different Docker Compose Version then declared in mailcow.conf!\e[0m"
       echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable from native to standalone\e[0m"
-      sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=standalone/' $SCRIPT_DIR/mailcow.conf 
+      sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=standalone/' "$SCRIPT_DIR/mailcow.conf"
       sleep 2
   fi
 
 
 elif [ "${DOCKER_COMPOSE_VERSION}" == "standalone" ]; then
   COMPOSE_COMMAND="docker-compose"
-  # Check if Standalone Compose works and has not been deleted  
+  # Check if Standalone Compose works and has not been deleted
   if ! $COMPOSE_COMMAND > /dev/null 2>&1 && ! $COMPOSE_COMMAND --version > /dev/null 2>&1 | grep "^2." > /dev/null 2>&1; then
     # IF it not exists/work anymore try the other command
     COMPOSE_COMMAND="docker compose"
     if ! $COMPOSE_COMMAND > /dev/null 2>&1; then
       # IF it cannot find Native in > 2.X, then script stops
-      echo -e "\e[31mCannot find Docker Compose.\e[0m" 
+      echo -e "\e[31mCannot find Docker Compose.\e[0m"
       echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
       exit 1
     fi
       # If it finds the native Plugin it will use this instead and change the mailcow.conf Variable accordingly
       echo -e "\e[31mFound different Docker Compose Version then declared in mailcow.conf!\e[0m"
       echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable from standalone to native\e[0m"
-      sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=native/' $SCRIPT_DIR/mailcow.conf 
+      sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=native/' "$SCRIPT_DIR/mailcow.conf"
       sleep 2
   fi
 fi
@@ -297,7 +297,7 @@ if [[ "$(uname -r)" =~ ^4\.15\.0-60 ]]; then
 fi
 
 if [[ "$(uname -r)" =~ ^4\.4\. ]]; then
-  if grep -q Ubuntu <<< $(uname -a); then
+  if grep -q Ubuntu <<< "$(uname -a)"; then
     echo "DO NOT RUN mailcow ON THIS UBUNTU KERNEL!"
     echo "Please update to linux-generic-hwe-16.04 by running \"apt-get install --install-recommends linux-generic-hwe-16.04\""
     exit 1
@@ -322,10 +322,10 @@ unset COMPOSE_COMMAND
 unset DOCKER_COMPOSE_VERSION
 
 for bin in curl docker git awk sha1sum grep cut; do
-  if [[ -z $(command -v ${bin}) ]]; then 
-  echo "Cannot find ${bin}, exiting..." 
+  if [[ -z $(command -v ${bin}) ]]; then
+  echo "Cannot find ${bin}, exiting..."
   exit 1;
-  fi  
+  fi
 done
 
 # Check Docker Version (need at least 24.X)
@@ -340,20 +340,20 @@ fi
 
 export LC_ALL=C
 DATE=$(date +%Y-%m-%d_%H_%M_%S)
-BRANCH=$(cd ${SCRIPT_DIR}; git rev-parse --abbrev-ref HEAD)
+BRANCH="$(cd "${SCRIPT_DIR}"; git rev-parse --abbrev-ref HEAD)"
 
 while (($#)); do
   case "${1}" in
     --check|-c)
       echo "Checking remote code for updates..."
-      LATEST_REV=$(git ls-remote --exit-code --refs --quiet https://github.com/mailcow/mailcow-dockerized ${BRANCH} | cut -f1)
-      if [ $? -ne 0 ]; then
+      LATEST_REV=$(git ls-remote --exit-code --refs --quiet https://github.com/mailcow/mailcow-dockerized "${BRANCH}" | cut -f1)
+      if [ "$?" -ne 0 ]; then
         echo "A problem occurred while trying to fetch the latest revision from github."
         exit 99
       fi
       if [[ -z $(git log HEAD --pretty=format:"%H" | grep "${LATEST_REV}") ]]; then
         echo -e "Updated code is available.\nThe changes can be found here: https://github.com/mailcow/mailcow-dockerized/commits/master"
-        git log --date=short --pretty=format:"%ad - %s" $(git rev-parse --short HEAD)..origin/master
+        git log --date=short --pretty=format:"%ad - %s" "$(git rev-parse --short HEAD)"..origin/master
         exit 0
       else
         echo "No updates available."
@@ -370,7 +370,7 @@ while (($#)); do
       SKIP_PING_CHECK=y
     ;;
     --stable)
-      CURRENT_BRANCH="$(cd ${SCRIPT_DIR}; git rev-parse --abbrev-ref HEAD)"
+      CURRENT_BRANCH="$(cd "${SCRIPT_DIR}"; git rev-parse --abbrev-ref HEAD)"
       NEW_BRANCH="master"
     ;;
     --gc)
@@ -379,7 +379,7 @@ while (($#)); do
       exit 0
     ;;
     --nightly)
-      CURRENT_BRANCH="$(cd ${SCRIPT_DIR}; git rev-parse --abbrev-ref HEAD)"
+      CURRENT_BRANCH="$(cd "${SCRIPT_DIR}"; git rev-parse --abbrev-ref HEAD)"
       NEW_BRANCH="nightly"
     ;;
     --prefetch)
@@ -499,19 +499,19 @@ CONFIG_ARRAY=(
 detect_bad_asn
 
 sed -i --follow-symlinks '$a\' mailcow.conf
-for option in ${CONFIG_ARRAY[@]}; do
+for option in "${CONFIG_ARRAY[@]}"; do
   if [[ ${option} == "ADDITIONAL_SAN" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo "${option}=" >> mailcow.conf
     fi
-  elif [[ ${option} == "COMPOSE_PROJECT_NAME" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "COMPOSE_PROJECT_NAME" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo "COMPOSE_PROJECT_NAME=mailcowdockerized" >> mailcow.conf
     fi
-  elif [[ ${option} == "DOCKER_COMPOSE_VERSION" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "DOCKER_COMPOSE_VERSION" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo "# Used Docker Compose version" >> mailcow.conf
       echo "# Switch here between native (compose plugin) and standalone" >> mailcow.conf
@@ -521,73 +521,73 @@ for option in ${CONFIG_ARRAY[@]}; do
       echo "" >> mailcow.conf
       echo "DOCKER_COMPOSE_VERSION=${DOCKER_COMPOSE_VERSION}" >> mailcow.conf
     fi
-  elif [[ ${option} == "DOVEADM_PORT" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "DOVEADM_PORT" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo "DOVEADM_PORT=127.0.0.1:19991" >> mailcow.conf
     fi
-  elif [[ ${option} == "WATCHDOG_NOTIFY_EMAIL" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "WATCHDOG_NOTIFY_EMAIL" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo "WATCHDOG_NOTIFY_EMAIL=" >> mailcow.conf
     fi
-  elif [[ ${option} == "LOG_LINES" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "LOG_LINES" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Max log lines per service to keep in Redis logs' >> mailcow.conf
       echo "LOG_LINES=9999" >> mailcow.conf
     fi
-  elif [[ ${option} == "IPV4_NETWORK" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "IPV4_NETWORK" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Internal IPv4 /24 subnet, format n.n.n. (expands to n.n.n.0/24)' >> mailcow.conf
       echo "IPV4_NETWORK=172.22.1" >> mailcow.conf
     fi
-  elif [[ ${option} == "IPV6_NETWORK" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "IPV6_NETWORK" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Internal IPv6 subnet in fc00::/7' >> mailcow.conf
       echo "IPV6_NETWORK=fd4d:6169:6c63:6f77::/64" >> mailcow.conf
     fi
-  elif [[ ${option} == "SQL_PORT" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "SQL_PORT" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Bind SQL to 127.0.0.1 on port 13306' >> mailcow.conf
       echo "SQL_PORT=127.0.0.1:13306" >> mailcow.conf
     fi
-  elif [[ ${option} == "API_KEY" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "API_KEY" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Create or override API key for web UI' >> mailcow.conf
       echo "#API_KEY=" >> mailcow.conf
     fi
-  elif [[ ${option} == "API_KEY_READ_ONLY" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "API_KEY_READ_ONLY" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Create or override read-only API key for web UI' >> mailcow.conf
       echo "#API_KEY_READ_ONLY=" >> mailcow.conf
     fi
-  elif [[ ${option} == "API_ALLOW_FROM" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "API_ALLOW_FROM" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Must be set for API_KEY to be active' >> mailcow.conf
       echo '# IPs only, no networks (networks can be set via UI)' >> mailcow.conf
       echo "#API_ALLOW_FROM=" >> mailcow.conf
     fi
-  elif [[ ${option} == "SNAT_TO_SOURCE" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "SNAT_TO_SOURCE" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Use this IPv4 for outgoing connections (SNAT)' >> mailcow.conf
       echo "#SNAT_TO_SOURCE=" >> mailcow.conf
     fi
-  elif [[ ${option} == "SNAT6_TO_SOURCE" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "SNAT6_TO_SOURCE" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Use this IPv6 for outgoing connections (SNAT)' >> mailcow.conf
       echo "#SNAT6_TO_SOURCE=" >> mailcow.conf
     fi
-  elif [[ ${option} == "MAILDIR_GC_TIME" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "MAILDIR_GC_TIME" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Garbage collector cleanup' >> mailcow.conf
       echo '# Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring' >> mailcow.conf
@@ -595,8 +595,8 @@ for option in ${CONFIG_ARRAY[@]}; do
       echo '# Check interval is hourly' >> mailcow.conf
       echo 'MAILDIR_GC_TIME=1440' >> mailcow.conf
     fi
-  elif [[ ${option} == "ACL_ANYONE" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "ACL_ANYONE" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Set this to "allow" to enable the anyone pseudo user. Disabled by default.' >> mailcow.conf
       echo '# When enabled, ACL can be created, that apply to "All authenticated users"' >> mailcow.conf
@@ -604,96 +604,96 @@ for option in ${CONFIG_ARRAY[@]}; do
       echo '# Otherwise a user might share data with too many other users.' >> mailcow.conf
       echo 'ACL_ANYONE=disallow' >> mailcow.conf
     fi
-  elif [[ ${option} == "SOLR_HEAP" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "SOLR_HEAP" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Solr heap size, there is no recommendation, please see Solr docs.' >> mailcow.conf
       echo '# Solr is a prone to run OOM on large systems and should be monitored. Unmonitored Solr setups are not recommended.' >> mailcow.conf
       echo '# Solr will refuse to start with total system memory below or equal to 2 GB.' >> mailcow.conf
       echo "SOLR_HEAP=1024" >> mailcow.conf
     fi
-  elif [[ ${option} == "SKIP_SOLR" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "SKIP_SOLR" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Solr is disabled by default after upgrading from non-Solr to Solr-enabled mailcows.' >> mailcow.conf
       echo '# Disable Solr or if you do not want to store a readable index of your mails in solr-vol-1.' >> mailcow.conf
       echo "SKIP_SOLR=y" >> mailcow.conf
     fi
-  elif [[ ${option} == "ENABLE_SSL_SNI" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "ENABLE_SSL_SNI" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Create seperate certificates for all domains - y/n' >> mailcow.conf
       echo '# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames' >> mailcow.conf
       echo '# see https://wiki.dovecot.org/SSL/SNIClientSupport' >> mailcow.conf
       echo "ENABLE_SSL_SNI=n" >> mailcow.conf
     fi
-  elif [[ ${option} == "SKIP_SOGO" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "SKIP_SOGO" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n' >> mailcow.conf
       echo "SKIP_SOGO=n" >> mailcow.conf
     fi
-  elif [[ ${option} == "MAILDIR_SUB" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "MAILDIR_SUB" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# MAILDIR_SUB defines a path in a users virtual home to keep the maildir in. Leave empty for updated setups.' >> mailcow.conf
       echo "#MAILDIR_SUB=Maildir" >> mailcow.conf
       echo "MAILDIR_SUB=" >> mailcow.conf
     fi
-  elif [[ ${option} == "WATCHDOG_NOTIFY_WEBHOOK" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "WATCHDOG_NOTIFY_WEBHOOK" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Send notifications to a webhook URL that receives a POST request with the content type "application/json".' >> mailcow.conf
       echo '# You can use this to send notifications to services like Discord, Slack and others.' >> mailcow.conf
       echo '#WATCHDOG_NOTIFY_WEBHOOK=https://discord.com/api/webhooks/XXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' >> mailcow.conf
     fi
-  elif [[ ${option} == "WATCHDOG_NOTIFY_WEBHOOK_BODY" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "WATCHDOG_NOTIFY_WEBHOOK_BODY" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# JSON body included in the webhook POST request. Needs to be in single quotes.' >> mailcow.conf
       echo '# Following variables are available: SUBJECT, BODY' >> mailcow.conf
       WEBHOOK_BODY='{"username": "mailcow Watchdog", "content": "**${SUBJECT}**\n${BODY}"}'
       echo "#WATCHDOG_NOTIFY_WEBHOOK_BODY='${WEBHOOK_BODY}'" >> mailcow.conf
     fi
-  elif [[ ${option} == "WATCHDOG_NOTIFY_BAN" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "WATCHDOG_NOTIFY_BAN" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Notify about banned IP. Includes whois lookup.' >> mailcow.conf
       echo "WATCHDOG_NOTIFY_BAN=y" >> mailcow.conf
     fi
-  elif [[ ${option} == "WATCHDOG_NOTIFY_START" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "WATCHDOG_NOTIFY_START" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Send a notification when the watchdog is started.' >> mailcow.conf
       echo "WATCHDOG_NOTIFY_START=y" >> mailcow.conf
     fi
-  elif [[ ${option} == "WATCHDOG_SUBJECT" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "WATCHDOG_SUBJECT" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Subject for watchdog mails. Defaults to "Watchdog ALERT" followed by the error message.' >> mailcow.conf
       echo "#WATCHDOG_SUBJECT=" >> mailcow.conf
     fi
-  elif [[ ${option} == "WATCHDOG_EXTERNAL_CHECKS" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "WATCHDOG_EXTERNAL_CHECKS" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Checks if mailcow is an open relay. Requires a SAL. More checks will follow.' >> mailcow.conf
       echo '# No data is collected. Opt-in and anonymous.' >> mailcow.conf
       echo '# Will only work with unmodified mailcow setups.' >> mailcow.conf
       echo "WATCHDOG_EXTERNAL_CHECKS=n" >> mailcow.conf
     fi
-  elif [[ ${option} == "SOGO_EXPIRE_SESSION" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "SOGO_EXPIRE_SESSION" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# SOGo session timeout in minutes' >> mailcow.conf
       echo "SOGO_EXPIRE_SESSION=480" >> mailcow.conf
     fi
-  elif [[ ${option} == "REDIS_PORT" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "REDIS_PORT" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo "REDIS_PORT=127.0.0.1:7654" >> mailcow.conf
     fi
-  elif [[ ${option} == "DOVECOT_MASTER_USER" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "DOVECOT_MASTER_USER" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# DOVECOT_MASTER_USER and _PASS must _both_ be provided. No special chars.' >> mailcow.conf
       echo '# Empty by default to auto-generate master user and password on start.' >> mailcow.conf
@@ -701,22 +701,22 @@ for option in ${CONFIG_ARRAY[@]}; do
       echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
       echo "DOVECOT_MASTER_USER=" >> mailcow.conf
     fi
-  elif [[ ${option} == "DOVECOT_MASTER_PASS" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "DOVECOT_MASTER_PASS" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
       echo "DOVECOT_MASTER_PASS=" >> mailcow.conf
     fi
-  elif [[ ${option} == "MAILCOW_PASS_SCHEME" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "MAILCOW_PASS_SCHEME" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Password hash algorithm' >> mailcow.conf
       echo '# Only certain password hash algorithm are supported. For a fully list of supported schemes,' >> mailcow.conf
       echo '# see https://docs.mailcow.email/models/model-passwd/' >> mailcow.conf
       echo "MAILCOW_PASS_SCHEME=BLF-CRYPT" >> mailcow.conf
     fi
-  elif [[ ${option} == "ADDITIONAL_SERVER_NAMES" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "ADDITIONAL_SERVER_NAMES" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Additional server names for mailcow UI' >> mailcow.conf
       echo '#' >> mailcow.conf
@@ -728,8 +728,8 @@ for option in ${CONFIG_ARRAY[@]}; do
       echo 'ADDITIONAL_SERVER_NAMES=' >> mailcow.conf
     fi
 
-  elif [[ ${option} == "AUTODISCOVER_SAN" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "AUTODISCOVER_SAN" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Obtain certificates for autodiscover.* and autoconfig.* domains.' >> mailcow.conf
       echo '# This can be useful to switch off in case you are in a scenario where a reverse proxy already handles those.' >> mailcow.conf
@@ -739,8 +739,8 @@ for option in ${CONFIG_ARRAY[@]}; do
       echo 'AUTODISCOVER_SAN=y' >> mailcow.conf
     fi
 
-  elif [[ ${option} == "ACME_CONTACT" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "ACME_CONTACT" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Lets Encrypt registration contact information' >> mailcow.conf
       echo '# Optional: Leave empty for none' >> mailcow.conf
@@ -749,16 +749,16 @@ for option in ${CONFIG_ARRAY[@]}; do
       echo '# https://docs.mailcow.email/troubleshooting/debug-reset_tls/' >> mailcow.conf
       echo 'ACME_CONTACT=' >> mailcow.conf
     fi
-  elif [[ ${option} == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo "# WebAuthn device manufacturer verification" >> mailcow.conf
       echo '# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed' >> mailcow.conf
       echo '# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates' >> mailcow.conf
       echo 'WEBAUTHN_ONLY_TRUSTED_VENDORS=n' >> mailcow.conf
     fi
-  elif [[ ${option} == "SPAMHAUS_DQS_KEY" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "SPAMHAUS_DQS_KEY" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo "# Spamhaus Data Query Service Key" >> mailcow.conf
       echo '# Optional: Leave empty for none' >> mailcow.conf
@@ -767,32 +767,32 @@ for option in ${CONFIG_ARRAY[@]}; do
       echo '# Otherwise it will work as usual.' >> mailcow.conf
       echo 'SPAMHAUS_DQS_KEY=' >> mailcow.conf
     fi
-  elif [[ ${option} == "WATCHDOG_VERBOSE" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "WATCHDOG_VERBOSE" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Enable watchdog verbose logging' >> mailcow.conf
       echo 'WATCHDOG_VERBOSE=n' >> mailcow.conf
     fi
-  elif [[ ${option} == "SKIP_UNBOUND_HEALTHCHECK" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "SKIP_UNBOUND_HEALTHCHECK" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n' >> mailcow.conf
       echo 'SKIP_UNBOUND_HEALTHCHECK=n' >> mailcow.conf
     fi
-  elif [[ ${option} == "DISABLE_NETFILTER_ISOLATION_RULE" ]]; then
-    if ! grep -q ${option} mailcow.conf; then
+  elif [[ "${option}" == "DISABLE_NETFILTER_ISOLATION_RULE" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Prevent netfilter from setting an iptables/nftables rule to isolate the mailcow docker network - y/n' >> mailcow.conf
       echo '# CAUTION: Disabling this may expose container ports to other neighbors on the same subnet, even if the ports are bound to localhost' >> mailcow.conf
       echo 'DISABLE_NETFILTER_ISOLATION_RULE=n' >> mailcow.conf
-    fi 
-  elif ! grep -q ${option} mailcow.conf; then
+    fi
+  elif ! grep -q "${option}" mailcow.conf; then
     echo "Adding new option \"${option}\" to mailcow.conf"
     echo "${option}=n" >> mailcow.conf
   fi
 done
 
-if [[( ${SKIP_PING_CHECK} == "y")]]; then
+if [[ ("${SKIP_PING_CHECK}" == "y") ]]; then
 echo -e "\e[32mSkipping Ping Check...\e[0m"
 
 else
@@ -805,14 +805,14 @@ else
    fi
 fi
 
-if ! [ $NEW_BRANCH ]; then
+if ! [ "$NEW_BRANCH" ]; then
   echo -e "\e[33mDetecting which build your mailcow runs on...\e[0m"
   sleep 1
-  if [ ${BRANCH} == "master" ]; then
+  if [ "${BRANCH}" == "master" ]; then
     echo -e "\e[32mYou are receiving stable updates (master).\e[0m"
     echo -e "\e[33mTo change that run the update.sh Script one time with the --nightly parameter to switch to nightly builds.\e[0m"
 
-  elif [ ${BRANCH} == "nightly" ]; then
+  elif [ "${BRANCH}" == "nightly" ]; then
     echo -e "\e[31mYou are receiving unstable updates (nightly). These are for testing purposes only!!!\e[0m"
     sleep 1
     echo -e "\e[33mTo change that run the update.sh Script one time with the --stable parameter to switch to stable builds.\e[0m"
@@ -823,12 +823,12 @@ if ! [ $NEW_BRANCH ]; then
     echo -e "\e[33mThe mailcow stack might still work but it is recommended to switch to the master branch (stable builds).\e[0m"
     echo -e "\e[33mTo change that run the update.sh Script one time with the --stable parameter to switch to stable builds.\e[0m"
   fi
-elif [ $FORCE ]; then
+elif [ "$FORCE" ]; then
   echo -e "\e[31mYou are running in forced mode!\e[0m"
   echo -e "\e[31mA Branch Switch can only be performed manually (monitored).\e[0m"
   echo -e "\e[31mPlease rerun the update.sh Script without the --force/-f parameter.\e[0m"
   sleep 1
-elif [ $NEW_BRANCH == "master" ] && [ $CURRENT_BRANCH != "master" ]; then
+elif [ "$NEW_BRANCH" == "master" ] && [ "$CURRENT_BRANCH" != "master" ]; then
   echo -e "\e[33mYou are about to switch your mailcow updates to the stable (master) branch.\e[0m"
   sleep 1
   echo -e "\e[33mBefore you do: Please take a backup of all components to ensure that no data is lost...\e[0m"
@@ -842,21 +842,21 @@ elif [ $NEW_BRANCH == "master" ] && [ $CURRENT_BRANCH != "master" ]; then
     echo "OK. If you prepared yourself for that please run the update.sh Script with the --stable parameter again to trigger this process here."
     exit 0
   fi
-  BRANCH=$NEW_BRANCH
+  BRANCH="$NEW_BRANCH"
   DIFF_DIRECTORY=update_diffs
-  DIFF_FILE=${DIFF_DIRECTORY}/diff_before_upgrade_to_master_$(date +"%Y-%m-%d-%H-%M-%S")
-  mv diff_before_upgrade* ${DIFF_DIRECTORY}/ 2> /dev/null
+  DIFF_FILE="${DIFF_DIRECTORY}/diff_before_upgrade_to_master_$(date +"%Y-%m-%d-%H-%M-%S")"
+  mv diff_before_upgrade* "${DIFF_DIRECTORY}/" 2> /dev/null
   if ! git diff-index --quiet HEAD; then
     echo -e "\e[32mSaving diff to ${DIFF_FILE}...\e[0m"
-    mkdir -p ${DIFF_DIRECTORY}
-    git diff ${BRANCH} --stat > ${DIFF_FILE}
-    git diff ${BRANCH} >> ${DIFF_FILE}
+    mkdir -p "${DIFF_DIRECTORY}"
+    git diff "${BRANCH}" --stat > "${DIFF_FILE}"
+    git diff "${BRANCH}" >> "${DIFF_FILE}"
   fi
   echo -e "\e[32mSwitching Branch to ${BRANCH}...\e[0m"
   git fetch origin
-  git checkout -f ${BRANCH}
+  git checkout -f "${BRANCH}"
 
-elif [ $NEW_BRANCH == "nightly" ] && [ $CURRENT_BRANCH != "nightly" ]; then
+elif [ "$NEW_BRANCH" == "nightly" ] && [ "$CURRENT_BRANCH" != "nightly" ]; then
   echo -e "\e[33mYou are about to switch your mailcow Updates to the unstable (nightly) branch.\e[0m"
   sleep 1
   echo -e "\e[33mBefore you do: Please take a backup of all components to ensure that no Data is lost...\e[0m"
@@ -874,27 +874,27 @@ elif [ $NEW_BRANCH == "nightly" ] && [ $CURRENT_BRANCH != "nightly" ]; then
   if ! git diff-index --quiet HEAD; then
     echo -e "\e[32mSaving diff to ${DIFF_FILE}...\e[0m"
     mkdir -p ${DIFF_DIRECTORY}
-    git diff ${BRANCH} --stat > ${DIFF_FILE}
-    git diff ${BRANCH} >> ${DIFF_FILE}
+    git diff "${BRANCH}" --stat > "${DIFF_FILE}"
+    git diff "${BRANCH}" >> "${DIFF_FILE}"
   fi
   git fetch origin
-  git checkout -f ${BRANCH}
+  git checkout -f "${BRANCH}"
 fi
 
-if [ ! $DEV ]; then
+if [ ! "$DEV" ]; then
   echo -e "\e[32mChecking for newer update script...\e[0m"
-  SHA1_1=$(sha1sum update.sh)
+  SHA1_1="$(sha1sum update.sh)"
   git fetch origin #${BRANCH}
-  git checkout origin/${BRANCH} update.sh
+  git checkout "origin/${BRANCH}" update.sh
   SHA1_2=$(sha1sum update.sh)
-  if [[ ${SHA1_1} != ${SHA1_2} ]]; then
+  if [[ "${SHA1_1}" != "${SHA1_2}" ]]; then
     echo "update.sh changed, please run this script again, exiting."
     chmod +x update.sh
     exit 2
   fi
 fi
 
-if [ ! $FORCE ]; then
+if [ ! "$FORCE" ]; then
   read -r -p "Are you sure you want to update mailcow: dockerized? All containers will be stopped. [y/N] " response
   if [[ ! "${response}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
     echo "OK, exiting."
@@ -916,8 +916,8 @@ fi
 echo -e "\e[32mChecking for conflicting bridges...\e[0m"
 MAILCOW_BRIDGE=$($COMPOSE_COMMAND config | grep -i com.docker.network.bridge.name | cut -d':' -f2)
 while read NAT_ID; do
-  iptables -t nat -D POSTROUTING $NAT_ID
-done < <(iptables -L -vn -t nat --line-numbers | grep $IPV4_NETWORK | grep -E 'MASQUERADE.*all' | grep -v ${MAILCOW_BRIDGE} | cut -d' ' -f1)
+  iptables -t nat -D POSTROUTING "$NAT_ID"
+done < <(iptables -L -vn -t nat --line-numbers | grep "$IPV4_NETWORK" | grep -E 'MASQUERADE.*all' | grep -v "${MAILCOW_BRIDGE}" | cut -d' ' -f1)
 
 DIFF_DIRECTORY=update_diffs
 DIFF_FILE=${DIFF_DIRECTORY}/diff_before_update_$(date +"%Y-%m-%d-%H-%M-%S")
@@ -925,8 +925,8 @@ mv diff_before_update* ${DIFF_DIRECTORY}/ 2> /dev/null
 if ! git diff-index --quiet HEAD; then
   echo -e "\e[32mSaving diff to ${DIFF_FILE}...\e[0m"
   mkdir -p ${DIFF_DIRECTORY}
-  git diff --stat > ${DIFF_FILE}
-  git diff >> ${DIFF_FILE}
+  git diff --stat > "${DIFF_FILE}"
+  git diff >> "${DIFF_FILE}"
 fi
 
 echo -e "\e[32mPrefetching images...\e[0m"
@@ -948,13 +948,13 @@ done
 # Silently fixing remote url from andryyy to mailcow
 # git remote set-url origin https://github.com/mailcow/mailcow-dockerized
 
-DEFAULT_REPO=https://github.com/mailcow/mailcow-dockerized
+DEFAULT_REPO="https://github.com/mailcow/mailcow-dockerized"
 CURRENT_REPO=$(git config --get remote.origin.url)
-if [ "$CURRENT_REPO" != "$DEFAULT_REPO" ]; then 
+if [ "$CURRENT_REPO" != "$DEFAULT_REPO" ]; then
   echo "The Repository currently used is not the default Mailcow Repository."
   echo "Currently Repository: $CURRENT_REPO"
   echo "Default Repository:   $DEFAULT_REPO"
-  if [ ! $FORCE ]; then
+  if [ ! "$FORCE" ]; then
     read -r -p "Should it be changed back to default? [y/N] " repo_response
     if [[ "$repo_response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
       git remote set-url origin $DEFAULT_REPO
@@ -965,7 +965,7 @@ if [ "$CURRENT_REPO" != "$DEFAULT_REPO" ]; then
   fi
 fi
 
-if [ ! $DEV ]; then
+if [ ! "$DEV" ]; then
   echo -e "\e[32mCommitting current status...\e[0m"
   [[ -z "$(git config user.name)" ]] && git config user.name moo
   [[ -z "$(git config user.email)" ]] && git config user.email moo@cow.moo
@@ -976,7 +976,7 @@ if [ ! $DEV ]; then
   git fetch origin #${BRANCH}
   echo -e "\e[32mMerging local with remote code (recursive, strategy: \"${MERGE_STRATEGY:-theirs}\", options: \"patience\"...\e[0m"
   git config merge.defaultToUpstream true
-  git merge -X${MERGE_STRATEGY:-theirs} -Xpatience -m "After update on ${DATE}"
+  git merge -X"${MERGE_STRATEGY:-theirs}" -Xpatience -m "After update on ${DATE}"
   # Need to use a variable to not pass return codes of if checks
   MERGE_RETURN=$?
   if [[ ${MERGE_RETURN} == 128 ]]; then
@@ -995,7 +995,7 @@ if [ ! $DEV ]; then
     echo "Run $COMPOSE_COMMAND up -d to restart your stack without updates or try again after fixing the mentioned errors."
     exit 1
   fi
-elif [ $DEV ]; then
+elif [ "$DEV" ]; then
   echo -e "\e[33mDEVELOPER MODE: Not creating a git diff and commiting it to prevent development stuff within a backup diff...\e[0m"
 fi
 
@@ -1042,7 +1042,7 @@ fi
 
 # Set app_info.inc.php
 if [ ${BRANCH} == "master" ]; then
-  mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`)
+  mailcow_git_version=$(git describe --tags $(git rev-list --tags --max-count=1))
 elif [ ${BRANCH} == "nightly" ]; then
   mailcow_git_version=$(git rev-parse --short $(git rev-parse @{upstream}))
   mailcow_last_git_version=""
@@ -1051,7 +1051,7 @@ else
   mailcow_last_git_version=""
 fi
 
-mailcow_git_commit=$(git rev-parse origin/${BRANCH})
+mailcow_git_commit=$(git rev-parse "origin/${BRANCH}")
 mailcow_git_commit_date=$(git log -1 --format=%ci @{upstream} )
 
 if [ $? -eq 0 ]; then

From f9a7712025db1b6118afc37941e30e3e8c473f95 Mon Sep 17 00:00:00 2001
From: Hassan A Hashim <h3ssan@protonmail.com>
Date: Tue, 20 Aug 2024 09:08:34 +0300
Subject: [PATCH 302/755] Replace weird character to the correct `'` (#6029)

* Replace weird character to the correct `'`

* Replace final weird character, just found.
---
 generate_config.sh | 4 ++--
 update.sh          | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/generate_config.sh b/generate_config.sh
index 4d8fcd263..f5a2a01b2 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -41,7 +41,7 @@ if docker compose > /dev/null 2>&1; then
       echo -e "\e[33mFound Docker Compose Plugin (native).\e[0m"
       echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
       sleep 2
-      echo -e "\e[33mNotice: You´ll have to update this Compose Version via your Package Manager manually!\e[0m"
+      echo -e "\e[33mNotice: You'll have to update this Compose Version via your Package Manager manually!\e[0m"
     else
       echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" 
       echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
@@ -206,7 +206,7 @@ if [[ ${SKIP_BRANCH} != y ]]; then
   sleep 1
 
   while [ -z "${MAILCOW_BRANCH}" ]; do
-    read -r -p  "Choose the Branch with it´s number [1/2] " branch
+    read -r -p  "Choose the Branch with it's number [1/2] " branch
     case $branch in
       [2])
         MAILCOW_BRANCH="nightly"
diff --git a/update.sh b/update.sh
index 6195c4fea..1f61ba995 100755
--- a/update.sh
+++ b/update.sh
@@ -404,7 +404,7 @@ while (($#)); do
   --nightly            -   Switch your mailcow updates to the unstable (nightly) branch. FOR TESTING PURPOSES ONLY!!!!
   --prefetch           -   Only prefetch new images and exit (useful to prepare updates)
   --skip-start         -   Do not start mailcow after update
-  --skip-ping-check    -   Skip ICMP Check to public DNS resolvers (Use it only if you´ve blocked any ICMP Connections to your mailcow machine)
+  --skip-ping-check    -   Skip ICMP Check to public DNS resolvers (Use it only if you've blocked any ICMP Connections to your mailcow machine)
   --stable             -   Switch your mailcow updates to the stable (master) branch. Default unless you changed it with --nightly.
   -f|--force           -   Force update, do not ask questions
   -d|--dev             -   Enables Developer Mode (No Checkout of update.sh for tests)

From 567ebbc324496f1a6a36867a29470c648bcc409e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?D=C3=A9lano?= <bluewalk@users.noreply.github.com>
Date: Tue, 20 Aug 2024 13:39:20 +0200
Subject: [PATCH 303/755] Pushover/Quarantine utf 8 fix - fixes #6028 (#6031)

* Decode rspamd-subject for pushover notifications

Fixes #6028

* Apply iconv_mime_decode to the quarantine function as well
This might contain utf-8 encoded text as well

* Moved the iconv_mime_decode "fix" back to pipe.php
---
 data/conf/rspamd/meta_exporter/pipe.php     | 2 +-
 data/conf/rspamd/meta_exporter/pushover.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/conf/rspamd/meta_exporter/pipe.php b/data/conf/rspamd/meta_exporter/pipe.php
index 88e66e8ef..1858ee668 100644
--- a/data/conf/rspamd/meta_exporter/pipe.php
+++ b/data/conf/rspamd/meta_exporter/pipe.php
@@ -52,7 +52,7 @@ $headers = getallheaders();
 
 $qid      = $headers['X-Rspamd-Qid'];
 $fuzzy    = $headers['X-Rspamd-Fuzzy'];
-$subject  = $headers['X-Rspamd-Subject'];
+$subject  = iconv_mime_decode($headers['X-Rspamd-Subject']);
 $score    = $headers['X-Rspamd-Score'];
 $rcpts    = $headers['X-Rspamd-Rcpt'];
 $user     = $headers['X-Rspamd-User'];
diff --git a/data/conf/rspamd/meta_exporter/pushover.php b/data/conf/rspamd/meta_exporter/pushover.php
index 10265d15f..f122b281a 100644
--- a/data/conf/rspamd/meta_exporter/pushover.php
+++ b/data/conf/rspamd/meta_exporter/pushover.php
@@ -53,7 +53,7 @@ $qid      = $headers['X-Rspamd-Qid'];
 $rcpts    = $headers['X-Rspamd-Rcpt'];
 $sender   = $headers['X-Rspamd-From'];
 $ip       = $headers['X-Rspamd-Ip'];
-$subject  = $headers['X-Rspamd-Subject'];
+$subject  = iconv_mime_decode($headers['X-Rspamd-Subject']);
 $messageid= $json_body->message_id;
 $priority = 0;
 

From bb7fd483f7762a5df55acdd4463b70e0409849fb Mon Sep 17 00:00:00 2001
From: Hassan A Hashim <h3ssan@protonmail.com>
Date: Tue, 20 Aug 2024 15:08:08 +0300
Subject: [PATCH 304/755] Fix: Escape a `'` character in `update.sh` (#6034)

---
 update.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/update.sh b/update.sh
index 1f61ba995..dcc2020eb 100755
--- a/update.sh
+++ b/update.sh
@@ -404,7 +404,7 @@ while (($#)); do
   --nightly            -   Switch your mailcow updates to the unstable (nightly) branch. FOR TESTING PURPOSES ONLY!!!!
   --prefetch           -   Only prefetch new images and exit (useful to prepare updates)
   --skip-start         -   Do not start mailcow after update
-  --skip-ping-check    -   Skip ICMP Check to public DNS resolvers (Use it only if you've blocked any ICMP Connections to your mailcow machine)
+  --skip-ping-check    -   Skip ICMP Check to public DNS resolvers (Use it only if you'\''ve blocked any ICMP Connections to your mailcow machine)
   --stable             -   Switch your mailcow updates to the stable (master) branch. Default unless you changed it with --nightly.
   -f|--force           -   Force update, do not ask questions
   -d|--dev             -   Enables Developer Mode (No Checkout of update.sh for tests)

From aeeac63e1fb832ee6f997a806558e042b9c2bd3f Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Tue, 20 Aug 2024 14:22:51 +0200
Subject: [PATCH 305/755] Fix: Escape a `'` character in `update.sh` (#6034)
 (#6035)

Co-authored-by: Hassan A Hashim <h3ssan@protonmail.com>
---
 update.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/update.sh b/update.sh
index 1f61ba995..dcc2020eb 100755
--- a/update.sh
+++ b/update.sh
@@ -404,7 +404,7 @@ while (($#)); do
   --nightly            -   Switch your mailcow updates to the unstable (nightly) branch. FOR TESTING PURPOSES ONLY!!!!
   --prefetch           -   Only prefetch new images and exit (useful to prepare updates)
   --skip-start         -   Do not start mailcow after update
-  --skip-ping-check    -   Skip ICMP Check to public DNS resolvers (Use it only if you've blocked any ICMP Connections to your mailcow machine)
+  --skip-ping-check    -   Skip ICMP Check to public DNS resolvers (Use it only if you'\''ve blocked any ICMP Connections to your mailcow machine)
   --stable             -   Switch your mailcow updates to the stable (master) branch. Default unless you changed it with --nightly.
   -f|--force           -   Force update, do not ask questions
   -d|--dev             -   Enables Developer Mode (No Checkout of update.sh for tests)

From 89398c47263d3e1682ef30a4f38b87401a7fe7dd Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Tue, 20 Aug 2024 14:22:55 +0200
Subject: [PATCH 306/755] Before update on 2024-08-20_14_22_10

---
 docker-compose.yml | 30 ------------------------------
 1 file changed, 30 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index cf0a028ff..16789083a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -613,36 +613,6 @@ services:
           aliases:
             - ofelia
 
-    ipv6nat-mailcow:
-      depends_on:
-        - unbound-mailcow
-        - mysql-mailcow
-        - redis-mailcow
-        - clamd-mailcow
-        - rspamd-mailcow
-        - php-fpm-mailcow
-        - sogo-mailcow
-        - dovecot-mailcow
-        - postfix-mailcow
-        - memcached-mailcow
-        - nginx-mailcow
-        - acme-mailcow
-        - netfilter-mailcow
-        - watchdog-mailcow
-        - dockerapi-mailcow
-        - solr-mailcow
-      environment:
-        - TZ=${TZ}
-      image: robbertkl/ipv6nat
-      security_opt:
-        - label=disable
-      restart: always
-      privileged: true
-      network_mode: "host"
-      volumes:
-        - /var/run/docker.sock:/var/run/docker.sock:ro
-        - /lib/modules:/lib/modules:ro
-
 networks:
   mailcow-network:
     driver: bridge

From cc5138da13e04e26540e47d27bd145cebd3d981d Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Tue, 20 Aug 2024 21:34:04 +0200
Subject: [PATCH 307/755] Translations update from Weblate (#6039)

* [Web] Updated lang.fr-fr.json

[Web] Updated lang.fr-fr.json

Co-authored-by: GeistFighter <lorentzjohan1@gmail.com>
Co-authored-by: Samuel F <20537389+samuelfranzini@users.noreply.github.com>

* [Web] Updated lang.fi-fi.json

Co-authored-by: Berttas <mika@tarh.fi>

* [Web] Updated lang.ru-ru.json

Co-authored-by: Habetdin <15926758+Habetdin@users.noreply.github.com>

* [Web] Updated lang.uk-ua.json

Co-authored-by: DRago_Angel <dragoangel@users.noreply.translate.mailcow.email>

* [Web] Updated lang.pt-br.json

Co-authored-by: xmacaba <lixo@macaba.com.br>

---------

Co-authored-by: GeistFighter <lorentzjohan1@gmail.com>
Co-authored-by: Samuel F <20537389+samuelfranzini@users.noreply.github.com>
Co-authored-by: Berttas <mika@tarh.fi>
Co-authored-by: Habetdin <15926758+Habetdin@users.noreply.github.com>
Co-authored-by: DRago_Angel <dragoangel@users.noreply.translate.mailcow.email>
Co-authored-by: xmacaba <lixo@macaba.com.br>
---
 data/web/lang/lang.fi-fi.json |  6 ++++-
 data/web/lang/lang.fr-fr.json | 41 +++++++++++++++++++++++++++++------
 data/web/lang/lang.pt-br.json |  3 ++-
 data/web/lang/lang.ru-ru.json |  3 ++-
 data/web/lang/lang.uk-ua.json | 29 +++++++++++++++++--------
 5 files changed, 63 insertions(+), 19 deletions(-)

diff --git a/data/web/lang/lang.fi-fi.json b/data/web/lang/lang.fi-fi.json
index d4a5a08ba..9b3cc8488 100644
--- a/data/web/lang/lang.fi-fi.json
+++ b/data/web/lang/lang.fi-fi.json
@@ -267,7 +267,11 @@
         "upload": "Lataa",
         "username": "Käyttäjätunnus",
         "validate_license_now": "Vahvista GUID-tunnus lisenssi palvelinta vastaan",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "allowed_methods": "Kulunvalvonta-salli-menetelmät",
+        "admins": "Järjestelmänvalvojat",
+        "admins_ldap": "LDAP-ylläpitäjät",
+        "advanced_settings": "Lisäasetukset"
     },
     "danger": {
         "access_denied": "Käyttö estetty tai lomake tiedot eivät kelpaa",
diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index aed9ec567..6a59bbc3d 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -28,7 +28,8 @@
         "unlimited_quota": "Quota illimité pour les boîtes de réception",
         "domain_desc": "Modifier la description du domaine",
         "domain_relayhost": "Changer le relais pour un domaine",
-        "mailbox_relayhost": "Changer le relais d’une boîte de réception"
+        "mailbox_relayhost": "Changer le relais d’une boîte de réception",
+        "pw_reset": "Autoriser la réinitialisation du mot de passe de l'utilisateur"
     },
     "add": {
         "activate_filter_warn": "Tous les autres filtres seront désactivés, quand activé est coché.",
@@ -343,7 +344,15 @@
         "f2b_manage_external": "Gérer Fail2Ban en externe",
         "transport_test_rcpt_info": "&#8226 ; Utilisez null@hosted.mailcow.de pour tester le relais vers une destination étrangère.",
         "relay_rcpt": "Adresse \"À :\"",
-        "is_mx_based": "Basé sur MX"
+        "is_mx_based": "Basé sur MX",
+        "password_reset_info": "Si aucune adresse de messagerie de récupération n'est fournie, cette fonction ne peut pas être utilisée.",
+        "password_settings": "Paramètres des mots de passe",
+        "reset_password_vars": "<code>{{link}}</code> Le lien généré pour la réinitialisation du mot de passe<br><code>{{username}}</code> L'adresse de la boîte mail de l'utilisateur qui a demandé la réinitialisation du mot de passe ayant un compte mailcow<br><code>{{username2}}</code> L'adresse de la boîte mail de récupération<br><code>{{date}}</code> La date à laquelle la demande de réinitialisation du mot de passe a été faite<br><code>{{token_lifetime}}</code> La durée de vie du jeton en minutes<br><code>{{hostname}}</code> Le nom d'hôte de votre serveur mailcow",
+        "password_reset_settings": "Paramètres de récupération des mots de passe",
+        "password_reset_tmpl_html": "Modèle HTML",
+        "password_reset_tmpl_text": "Modèle en texte",
+        "restore_template": "Laisser vide pour restaurer le modèle par défaut.",
+        "admins_ldap": "Si aucune adresse de messagerie de récupération n'est fournie, cette fonction ne peut pas être utilisée."
     },
     "danger": {
         "access_denied": "Accès refusé ou données de formulaire non valides",
@@ -474,7 +483,13 @@
         "cors_invalid_method": "Allow-Method specifiée invalide",
         "cors_invalid_origin": "Allow-Origin spécifiée invalide",
         "extended_sender_acl_denied": "ACL manquante pour définir les adresses des expéditeurs externes",
-        "webauthn_username_failed": "L'authentificateur sélectionné appartient à un autre compte"
+        "webauthn_username_failed": "L'authentificateur sélectionné appartient à un autre compte",
+        "recovery_email_failed": "Impossible d'envoyer un email de réinitialisation. Veuillez contacter votre administrateur.",
+        "invalid_reset_token": "Jeton de réinitialisation invalide",
+        "password_reset_invalid_user": "Boîte mail introuvable ou aucune adresse de récupération n'a été définie",
+        "password_reset_na": "La réinitialisation des mots de passe est actuellement indisponible. Veuillez contacter votre administrateur.",
+        "reset_token_limit_exceeded": "Le nombre limite de jetons de réinitialisation a été dépassé. Veuillez réessayer plus tard.",
+        "to_invalid": "Le destinataire ne doit pas être vide"
     },
     "debug": {
         "chart_this_server": "Graphique (ce serveur)",
@@ -642,7 +657,8 @@
         "quota_warning_bcc": "Avertissement sur les quotas BCC",
         "quota_warning_bcc_info": "Les avertissements seront envoyés en copies séparées aux destinataires suivants. Le sujet sera précédé du nom d'utilisateur correspondant entre parenthèses, par exemple : <code>Avertissement sur les quotas (user@example.com)</code>.",
         "sogo_access_info": "L'authentification unique à partir de l'interface de messagerie reste opérationnelle. Ce paramètre n'affecte pas l'accès à tous les autres services et ne supprime ni ne modifie le profil SOGo existant d'un utilisateur.",
-        "admin": "Modifier l'administrateur"
+        "admin": "Modifier l'administrateur",
+        "password_recovery_email": "Adresse email de récupération"
     },
     "footer": {
         "cancel": "Annuler",
@@ -681,7 +697,14 @@
         "mobileconfig_info": "Veuillez vous connecter en tant qu’utilisateur de la boîte de réception pour télécharger le profil de connexion Apple demandé.",
         "other_logins": "Clé d'authentification",
         "password": "Mot de passe",
-        "username": "Nom d'utilisateur"
+        "username": "Nom d'utilisateur",
+        "back_to_mailcow": "Revenir sur mailcow",
+        "forgot_password": "> Mot de passe oublié ?",
+        "invalid_pass_reset_token": "Le jeton de réinitialisation du mot de passe est invalide ou a expiré.<br>Veuillez demander un nouveau lien de réinitialisation de mot de passe.",
+        "new_password": "Nouveau mot de passe",
+        "new_password_confirm": "Confirmer le nouveau mot de passe",
+        "reset_password": "Réinitialiser le mot de passe",
+        "request_reset_password": "Demander le changement du mot de passe"
     },
     "mailbox": {
         "action": "Action",
@@ -1004,7 +1027,9 @@
         "template_added": "Modèles ajoutés %s",
         "template_removed": "Le modèle ayant l'ID %s a été supprimé",
         "domain_add_dkim_available": "A DKIM key did already exist",
-        "ip_check_opt_in_modified": "Le contrôle de l'IP a été enregistré avec succès"
+        "ip_check_opt_in_modified": "Le contrôle de l'IP a été enregistré avec succès",
+        "password_changed_success": "Le mot de passe a été modifié avec succès",
+        "recovery_email_sent": "Email de réinitialisation envoyé à %s"
     },
     "tfa": {
         "api_register": "%s utilise l'API Yubico Cloud. Veuillez obtenir une clé API pour votre clé <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">ici</a>",
@@ -1202,7 +1227,9 @@
         "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Nom d'utilisateur ou mot de passe incorrect",
         "value": "Valeur",
         "allowed_protocols": "Protocoles autorisés",
-        "mailbox": "Boîte de réception"
+        "mailbox": "Boîte de réception",
+        "password_reset_info": "Si aucun email pour la récupération du mot de passe n'est fourni, cette fonction ne peut pas être utilisée.",
+        "pw_recovery_email": "Email de récupération pour son mot de passe"
     },
     "warning": {
         "cannot_delete_self": "Impossible de supprimer l’utilisateur connecté",
diff --git a/data/web/lang/lang.pt-br.json b/data/web/lang/lang.pt-br.json
index 5854cc1f2..45dbf5147 100644
--- a/data/web/lang/lang.pt-br.json
+++ b/data/web/lang/lang.pt-br.json
@@ -28,7 +28,8 @@
         "spam_score": "Pontuação de spam",
         "syncjobs": "Trabalhos de sincronização",
         "tls_policy": "Política de TLS",
-        "unlimited_quota": "Cota ilimitada para mailboxes"
+        "unlimited_quota": "Cota ilimitada para mailboxes",
+        "pw_reset": "Permite redefinir a senha do usuário"
     },
     "add": {
         "activate_filter_warn": "Todos os outros filtros serão desativados quando a opção ativa estiver marcada.",
diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index 21775cb16..4a1092f27 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -28,7 +28,8 @@
         "spam_score": "Политика фильтрации спама",
         "syncjobs": "Задания синхронизации",
         "tls_policy": "Политика шифрования",
-        "unlimited_quota": "Неограниченная квота для почтовых ящиков"
+        "unlimited_quota": "Неограниченная квота для почтовых ящиков",
+        "pw_reset": "Разрешить сброс пароля пользователей mailcow"
     },
     "add": {
         "activate_filter_warn": "Активация этого фильтра отключит все остальные фильтры этого типа.",
diff --git a/data/web/lang/lang.uk-ua.json b/data/web/lang/lang.uk-ua.json
index 5cc704456..f2884cd47 100644
--- a/data/web/lang/lang.uk-ua.json
+++ b/data/web/lang/lang.uk-ua.json
@@ -28,13 +28,14 @@
         "app_passwds": "Паролі додатків",
         "domain_relayhost": "Змінити relayhost для домену",
         "login_as": "Увійти як користувач поштової скриньки",
-        "sogo_profile_reset": "Скинути профіль SOGo"
+        "sogo_profile_reset": "Скинути профіль SOGo",
+        "pw_reset": "Скидання паролю користувача"
     },
     "add": {
         "app_name": "Назва додатка",
         "app_password": "Додати пароль додатка",
         "app_passwd_protocols": "Дозволені протоколи для пароля додатка",
-        "comment_info": "Приватний коментар не видно користувачам, а публічний – відображається поряд із псевдонімом в особистому кабінеті користувача.",
+        "comment_info": "Приватний коментар не видно користувачам, а публічний – відображається поряд із псевдонімом в особистому кабінеті користувача",
         "custom_params": "Налаштування користувача",
         "gal": "GAL - Глобальна адресна книга",
         "mailbox_quota_m": "Максимальна квота поштового акаунту (MiB)",
@@ -77,7 +78,7 @@
         "password_repeat": "Підтвердження пароля (повтор)",
         "post_domain_add": "Після додавання нового домену контейнер SOGo (\"sogo-mailcow\") необхідно перезапустити!<br><br>Крім того, слід перевірити конфігурацію DNS доменів. Після затвердження конфігурації DNS перезапустіть контейнер \"acme-mailcow\", щоб автоматично згенерувати сертифікати для вашого нового домену.<br>Цей крок не є обов'язковим і повторюватиметься кожні 24 години.",
         "relay_all_info": "Якщо ви вирішите <b>не</b> ретранслювати всіх одержувачів, вам потрібно буде додати (\"сліпу\") поштову адресу для кожного одержувача, якого слід ретранслювати.",
-        "relay_transport_info": "<div class=\"label label-info\">Інфо</div> Ви можете налаштувати власний транспорт для домену. Якщо такої установки немає, то доставка буде виконана на основі MX-записів.",
+        "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Інфо</div> Ви можете налаштувати власний транспорт для домену. Якщо такої установки немає, то доставка буде виконана на основі MX-записів.",
         "relayhost_wrapped_tls_info": "Будь ласка, <b>не</b> використовуйте TLS порти (в основному це 465 порт).<br>\nВикористовуйте будь-який <b>не</b> порт TLS, який підтримує STARTTLS. А для захисту від downgrate атак - налаштуйте примусову політику TLS.",
         "syncjob_hint": "Паролі до вашого акаунту будуть збережені на сервері у вигляді простого тексту!",
         "timeout1": "Тайм-аут для підключення до віддаленого хоста",
@@ -299,7 +300,7 @@
         "api_allow_from": "Список IP-адрес для доступу до API (розділених комою або новим рядком)",
         "api_skip_ip_check": "Пропустити перевірку IP для API",
         "arrival_time": "Время получения (час. пояс сервера)",
-        "ban_list_info": "Список заблокованих IP-адрес: <b>підмережа (час, що залишився) - [дія]</b>.<br />IP-адреси, що знаходяться в черзі на розблокування, будуть видалені зі списку активних блокувань протягом декількох секунд.<br> />Червона мітка означає, що підмережа/хост знаходиться в чорному списку.",
+        "ban_list_info": "Список заблокованих IP-адрес: <b>підмережа (час, що залишився) - [дія]</b>.<br />IP-адреси, що знаходяться в черзі на розблокування, будуть видалені зі списку активних блокувань протягом декількох секунд.<br>Червона мітка означає, що підмережа/хост знаходиться в чорному списку.",
         "credentials_transport_warning": "<b>Попередження</b>: додавання нового запису перезапише облікові дані для всіх записів з таким самим <i>наступним хостом</i>.",
         "dkim_to_title": "Цільовий домен(и) (DKIM буде перезаписаний)",
         "duplicate_dkim": "Копіювання DKIM запису",
@@ -349,7 +350,13 @@
         "queue_unban": "розблокувати",
         "f2b_manage_external": "Керування Fail2Ban ззовні",
         "f2b_manage_external_info": "Fail2ban буде підтримувати список заборонених, але не буде активно встановлювати правила для блокування трафіку. Використовуйте згенерований список заборон нижче для зовнішнього блокування трафіку.",
-        "copy_to_clipboard": "Текст скопійовано в буфер обміну!"
+        "copy_to_clipboard": "Текст скопійовано в буфер обміну!",
+        "password_reset_tmpl_text": "Plain-text шаблон",
+        "password_reset_info": "Якщо електронну адресу для відновлення не надано, ця функція не може бути використана.",
+        "logo_dark_label": "Темна тема",
+        "password_reset_settings": "Налаштування відновлення паролів",
+        "password_reset_tmpl_html": "HTML шаблон",
+        "logo_normal_label": "Світла тема"
     },
     "danger": {
         "alias_domain_invalid": "Неприпустимий псевдонім домену: %s",
@@ -479,7 +486,8 @@
         "template_exists": "Шаблон %s вже існує",
         "template_id_invalid": "Ідентифікатор шаблону %s недійсний",
         "template_name_invalid": "Ім'я шаблону невірне",
-        "img_size_exceeded": "Зображення перевищує максимальний розмір файлу"
+        "img_size_exceeded": "Зображення перевищує максимальний розмір файлу",
+        "img_dimensions_exceeded": "Зображення перевищує максимальний розмір"
     },
     "debug": {
         "chart_this_server": "Діаграма (цей сервер)",
@@ -661,7 +669,8 @@
         },
         "domain_footer_html": "Нижній колонтитул HTML",
         "domain_footer_plain": "ЗВИЧАЙНИЙ нижній колонтитул",
-        "custom_attributes": "Користувацькі атрибути"
+        "custom_attributes": "Користувацькі атрибути",
+        "domain_footer_skip_replies": "Ігнорувати нижній колонтитул у листах-відповідях"
     },
     "fido2": {
         "confirm": "Підтвердити",
@@ -1068,7 +1077,8 @@
         "cors_headers_edited": "Налаштування CORS збережено",
         "ip_check_opt_in_modified": "Перевірка IP-адреси успішно збережено",
         "template_removed": "Шаблону із ID %s видалено",
-        "f2b_banlist_refreshed": "Ідентифікатор списку заборонених успішно оновлено."
+        "f2b_banlist_refreshed": "Ідентифікатор списку заборонених успішно оновлено.",
+        "domain_footer_modified": "Зміни в нижньому колонтитулі домену %s збережено"
     },
     "tfa": {
         "confirm": "Підтвердьте",
@@ -1095,7 +1105,8 @@
         "set_tfa": "Встановити метод двофакторної перевірки",
         "u2f_deprecated": "Схоже, ваш ключ був зареєстрований за допомогою застарілого методу U2F. Ми дезактивуємо двофакторну автентифікацію для вас і видалимо ваш ключ.",
         "waiting_usb_auth": "<i>Очікування пристрою USB...</i><br><br>Будь ласка, натисніть зараз кнопку на USB пристрої.",
-        "waiting_usb_register": "<i>Очікування USB-пристрою...</i><br><br>Будь ласка, введіть пароль вище та підтвердіть реєстрацію, натиснувши кнопку на USB пристрої."
+        "waiting_usb_register": "<i>Очікування USB-пристрою...</i><br><br>Будь ласка, введіть пароль вище та підтвердіть реєстрацію, натиснувши кнопку на USB пристрої.",
+        "authenticators": "Аутентифікатори"
     },
     "user": {
         "action": "Дії",

From 10dfd0a4433df4ad519115e8dc380b58543b383b Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 21 Aug 2024 10:10:34 +0200
Subject: [PATCH 308/755] [Web][DockerApi] Add the ability to rename the local
 part of a mailbox

---
 .../dockerapi/modules/DockerApi.py            |  44 +++-
 data/web/inc/functions.inc.php                |  62 ++---
 data/web/inc/functions.mailbox.inc.php        | 238 ++++++++++++++----
 data/web/inc/triggers.inc.php                 |  29 ++-
 data/web/js/site/edit.js                      |   5 +
 data/web/js/site/mailbox.js                   |   6 +-
 data/web/json_api.php                         |   5 +-
 data/web/lang/lang.de-de.json                 |   7 +-
 data/web/lang/lang.en-gb.json                 |   5 +
 data/web/templates/edit/mailbox.twig          |  58 ++++-
 docker-compose.yml                            |   4 +-
 11 files changed, 356 insertions(+), 107 deletions(-)

diff --git a/data/Dockerfiles/dockerapi/modules/DockerApi.py b/data/Dockerfiles/dockerapi/modules/DockerApi.py
index 560199091..9fdd039e4 100644
--- a/data/Dockerfiles/dockerapi/modules/DockerApi.py
+++ b/data/Dockerfiles/dockerapi/modules/DockerApi.py
@@ -159,7 +159,7 @@ class DockerApi:
             postqueue_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postqueue " + i], user='postfix')
             # todo: check each exit code
           res = { 'type': 'success', 'msg': 'Scheduled immediate delivery'}
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")        
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
   # api call: container_post - post_action: exec - cmd: mailq - task: list
   def container_post__exec__mailq__list(self, request_json, **kwargs):
     if 'container_id' in kwargs:
@@ -318,7 +318,7 @@ class DockerApi:
 
     if 'username' in request_json and 'script_name' in request_json:
       for container in self.sync_docker_client.containers.list(filters=filters):
-        cmd = ["/bin/bash", "-c", "/usr/bin/doveadm sieve get -u '" + request_json['username'].replace("'", "'\\''") + "' '" + request_json['script_name'].replace("'", "'\\''") + "'"]  
+        cmd = ["/bin/bash", "-c", "/usr/bin/doveadm sieve get -u '" + request_json['username'].replace("'", "'\\''") + "' '" + request_json['script_name'].replace("'", "'\\''") + "'"]
         sieve_return = container.exec_run(cmd)
         return self.exec_run_handler('utf8_text_only', sieve_return)
   # api call: container_post - post_action: exec - cmd: maildir - task: cleanup
@@ -342,6 +342,30 @@ class DockerApi:
           cmd = ["/bin/bash", "-c", cmd_vmail]
         maildir_cleanup = container.exec_run(cmd, user='vmail')
         return self.exec_run_handler('generic', maildir_cleanup)
+  # api call: container_post - post_action: exec - cmd: maildir - task: move
+  def container_post__exec__maildir__move(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    if 'old_maildir' in request_json and 'new_maildir' in request_json:
+      for container in self.sync_docker_client.containers.list(filters=filters):
+        vmail_name = request_json['old_maildir'].replace("'", "'\\''")
+        new_vmail_name = request_json['new_maildir'].replace("'", "'\\''")
+        cmd_vmail = "if [[ -d '/var/vmail/" + vmail_name + "' ]]; then /bin/mv '/var/vmail/" + vmail_name + "' '/var/vmail/" + new_vmail_name + "'; fi"
+
+        index_name = request_json['old_maildir'].split("/")
+        new_index_name = request_json['new_maildir'].split("/")
+        if len(index_name) > 1 and len(new_index_name) > 1:
+          index_name = index_name[1].replace("'", "'\\''") + "@" + index_name[0].replace("'", "'\\''")
+          new_index_name = new_index_name[1].replace("'", "'\\''") + "@" + new_index_name[0].replace("'", "'\\''")
+          cmd_vmail_index = "if [[ -d '/var/vmail_index/" + index_name + "' ]]; then /bin/mv '/var/vmail_index/" + index_name + "' '/var/vmail_index/" + new_index_name + "_index'; fi"
+          cmd = ["/bin/bash", "-c", cmd_vmail + " && " + cmd_vmail_index]
+        else:
+          cmd = ["/bin/bash", "-c", cmd_vmail]
+        maildir_move = container.exec_run(cmd, user='vmail')
+        return self.exec_run_handler('generic', maildir_move)
   # api call: container_post - post_action: exec - cmd: rspamd - task: worker_password
   def container_post__exec__rspamd__worker_password(self, request_json, **kwargs):
     if 'container_id' in kwargs:
@@ -374,6 +398,20 @@ class DockerApi:
           self.logger.error('failed changing Rspamd password')
           res = { 'type': 'danger', 'msg': 'command did not complete' }
           return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  # api call: container_post - post_action: exec - cmd: sogo - task: rename
+  def container_post__exec__sogo__rename_user(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    if 'old_username' in request_json and 'new_username' in request_json:
+      for container in self.sync_docker_client.containers.list(filters=filters):
+        old_username = request_json['old_username'].replace("'", "'\\''")
+        new_username = request_json['new_username'].replace("'", "'\\''")
+
+        sogo_return = container.exec_run(['sogo-tool', 'rename-user', old_username, new_username], user='sogo')
+        return self.exec_run_handler('generic', sogo_return)
 
   # Collect host stats
   async def get_host_stats(self, wait=5):
@@ -462,7 +500,7 @@ class DockerApi:
         except:
           pass
       return ''.join(total_data)
-      
+
     try :
       socket = container.exec_run([shell_cmd], stdin=True, socket=True, user=user).output._sock
       if not cmd.endswith("\n"):
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 25d08b9fe..fd6c7fc2f 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -939,10 +939,10 @@ function check_login($user, $pass, $app_passwd_data = false) {
     $stmt->execute(array(':user' => $user));
     $rows = array_merge($rows, $stmt->fetchAll(PDO::FETCH_ASSOC));
   }
-  foreach ($rows as $row) { 
+  foreach ($rows as $row) {
     // verify password
     if (verify_hash($row['password'], $pass) !== false) {
-      if (!array_key_exists("app_passwd_id", $row)){ 
+      if (!array_key_exists("app_passwd_id", $row)){
         // password is not a app password
         // check for tfa authenticators
         $authenticators = get_tfa($user);
@@ -953,11 +953,6 @@ function check_login($user, $pass, $app_passwd_data = false) {
           $_SESSION['pending_mailcow_cc_role'] = "user";
           $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
           unset($_SESSION['ldelay']);
-          $_SESSION['return'][] =  array(
-            'type' => 'success',
-            'log' => array(__FUNCTION__, $user, '*'),
-            'msg' => array('logged_in_as', $user)
-          );
           return "pending";
         } else if (!isset($authenticators['additional']) || !is_array($authenticators['additional']) || count($authenticators['additional']) == 0) {
           // no authenticators found, login successfull
@@ -966,6 +961,11 @@ function check_login($user, $pass, $app_passwd_data = false) {
           $stmt->execute(array(':user' => $user));
 
           unset($_SESSION['ldelay']);
+          $_SESSION['return'][] =  array(
+            'type' => 'success',
+            'log' => array(__FUNCTION__, $user, '*'),
+            'msg' => array('logged_in_as', $user)
+          );
           return "user";
         }
       } elseif ($app_passwd_data['eas'] === true || $app_passwd_data['dav'] === true) {
@@ -1028,7 +1028,7 @@ function update_sogo_static_view($mailbox = null) {
     // Check if the mailbox exists
     $stmt = $pdo->prepare("SELECT username FROM mailbox WHERE username = :mailbox AND active = '1'");
     $stmt->execute(array(':mailbox' => $mailbox));
-    $row = $stmt->fetch(PDO::FETCH_ASSOC);  
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);
     if ($row){
       $mailbox_exists = true;
     }
@@ -1056,7 +1056,7 @@ function update_sogo_static_view($mailbox = null) {
               LEFT OUTER JOIN grouped_sender_acl_external external_acl ON external_acl.username = mailbox.username
             WHERE
               mailbox.active = '1'";
-  
+
   if ($mailbox_exists) {
     $query .= " AND mailbox.username = :mailbox";
     $stmt = $pdo->prepare($query);
@@ -1065,9 +1065,9 @@ function update_sogo_static_view($mailbox = null) {
     $query .= " GROUP BY mailbox.username";
     $stmt = $pdo->query($query);
   }
-  
+
   $stmt = $pdo->query("DELETE FROM _sogo_static_view WHERE `c_uid` NOT IN (SELECT `username` FROM `mailbox` WHERE `active` = '1');");
-  
+
   flush_memcached();
 }
 function edit_user_account($_data) {
@@ -1100,7 +1100,7 @@ function edit_user_account($_data) {
           AND `username` = :user");
     $stmt->execute(array(':user' => $username));
     $row = $stmt->fetch(PDO::FETCH_ASSOC);
-  
+
     if (!verify_hash($row['password'], $password_old)) {
       $_SESSION['return'][] =  array(
         'type' => 'danger',
@@ -1109,7 +1109,7 @@ function edit_user_account($_data) {
       );
       return false;
     }
-  
+
     $password_new = $_data['user_new_pass'];
     $password_new2  = $_data['user_new_pass2'];
     if (password_check($password_new, $password_new2) !== true) {
@@ -1124,7 +1124,7 @@ function edit_user_account($_data) {
       ':password_hashed' => $password_hashed,
       ':username' => $username
     ));
-  
+
     update_sogo_static_view();
   }
   // edit password recovery email
@@ -1374,7 +1374,7 @@ function set_tfa($_data) {
             $_data['registration']->certificate,
             0
         ));
-    
+
         $_SESSION['return'][] =  array(
             'type' => 'success',
             'log' => array(__FUNCTION__, $_data_log),
@@ -1544,7 +1544,7 @@ function unset_tfa_key($_data) {
 
   try {
     if (!is_numeric($id)) $access_denied = true;
-    
+
     // set access_denied error
     if ($access_denied){
       $_SESSION['return'][] = array(
@@ -1553,7 +1553,7 @@ function unset_tfa_key($_data) {
         'msg' => 'access_denied'
       );
       return false;
-    } 
+    }
 
     // check if it's last key
     $stmt = $pdo->prepare("SELECT COUNT(*) AS `keys` FROM `tfa`
@@ -1602,7 +1602,7 @@ function get_tfa($username = null, $id = null) {
         WHERE `username` = :username AND `active` = '1'");
     $stmt->execute(array(':username' => $username));
     $results = $stmt->fetchAll(PDO::FETCH_ASSOC);
- 
+
     // no tfa methods found
     if (count($results) == 0) {
         $data['name'] = 'none';
@@ -1810,8 +1810,8 @@ function verify_tfa_login($username, $_data) {
                   'msg' => array('webauthn_authenticator_failed')
               );
               return false;
-            } 
-            
+            }
+
             if (empty($process_webauthn['publicKey']) || $process_webauthn['publicKey'] === false) {
                 $_SESSION['return'][] =  array(
                     'type' => 'danger',
@@ -2173,7 +2173,7 @@ function cors($action, $data = null) {
           'msg' => 'access_denied'
         );
         return false;
-      }    
+      }
 
       $allowed_origins = isset($data['allowed_origins']) ? $data['allowed_origins'] : array($_SERVER['SERVER_NAME']);
       $allowed_origins = !is_array($allowed_origins) ? array_filter(array_map('trim', explode("\n", $allowed_origins))) : $allowed_origins;
@@ -2206,7 +2206,7 @@ function cors($action, $data = null) {
         $redis->hMSet('CORS_SETTINGS', array(
           'allowed_origins' => implode(', ', $allowed_origins),
           'allowed_methods' => implode(', ', $allowed_methods)
-        ));   
+        ));
       } catch (RedisException $e) {
         $_SESSION['return'][] = array(
           'type' => 'danger',
@@ -2258,10 +2258,10 @@ function cors($action, $data = null) {
       header('Access-Control-Allow-Headers: Accept, Content-Type, X-Api-Key, Origin');
 
       // Access-Control settings requested, this is just a preflight request
-      if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS' && 
+      if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS' &&
         isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']) &&
         isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) {
-  
+
         $allowed_methods = explode(', ', $cors_settings["allowed_methods"]);
         if (in_array($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'], $allowed_methods, true))
           // method allowed send 200 OK
@@ -2315,7 +2315,7 @@ function reset_password($action, $data = null) {
     break;
     case 'issue':
       $username = $data;
-      
+
       // perform cleanup
       $stmt = $pdo->prepare("DELETE FROM `reset_password` WHERE created < DATE_SUB(NOW(), INTERVAL :lifetime MINUTE);");
       $stmt->execute(array(':lifetime' => $PW_RESET_TOKEN_LIFETIME));
@@ -2397,8 +2397,8 @@ function reset_password($action, $data = null) {
       $request_date = new DateTime();
       $locale_date = locale_get_default();
       $date_formatter = new IntlDateFormatter(
-        $locale_date, 
-        IntlDateFormatter::FULL, 
+        $locale_date,
+        IntlDateFormatter::FULL,
         IntlDateFormatter::FULL
       );
       $formatted_request_date = $date_formatter->format($request_date);
@@ -2514,7 +2514,7 @@ function reset_password($action, $data = null) {
       $stmt->execute(array(
         ':username' => $username
       ));
-   
+
       $_SESSION['return'][] = array(
         'type' => 'success',
         'log' => array(__FUNCTION__, $action, $_data_log),
@@ -2557,7 +2557,7 @@ function reset_password($action, $data = null) {
       $text = $data['text'];
       $html = $data['html'];
       $subject = $data['subject'];
-    
+
       if (!filter_var($from, FILTER_VALIDATE_EMAIL)) {
         $_SESSION['return'][] =  array(
           'type' => 'danger',
@@ -2590,7 +2590,7 @@ function reset_password($action, $data = null) {
         );
         return false;
       }
-    
+
       ini_set('max_execution_time', 0);
       ini_set('max_input_time', 0);
       $mail = new PHPMailer;
@@ -2622,7 +2622,7 @@ function reset_password($action, $data = null) {
         return false;
       }
       $mail->ClearAllRecipients();
-    
+
       return true;
     break;
   }
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index c927ce494..35e21f1c8 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1233,7 +1233,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             ':active' => $active
           ));
 
-          
+
           if (isset($_data['acl'])) {
             $_data['acl'] = (array)$_data['acl'];
             $_data['spam_alias'] = (in_array('spam_alias', $_data['acl'])) ? 1 : 0;
@@ -1265,14 +1265,14 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             $_data['quarantine_attachments'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_quarantine_attachments']);
             $_data['quarantine_notification'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_quarantine_notification']);
             $_data['quarantine_category'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_quarantine_category']);
-            $_data['app_passwds'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_app_passwds']);     
-            $_data['pw_reset'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_pw_reset']);     
+            $_data['app_passwds'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_app_passwds']);
+            $_data['pw_reset'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_pw_reset']);
           }
 
           try {
-            $stmt = $pdo->prepare("INSERT INTO `user_acl` 
+            $stmt = $pdo->prepare("INSERT INTO `user_acl`
               (`username`, `spam_alias`, `tls_policy`, `spam_score`, `spam_policy`, `delimiter_action`, `syncjobs`, `eas_reset`, `sogo_profile_reset`,
-                `pushover`, `quarantine`, `quarantine_attachments`, `quarantine_notification`, `quarantine_category`, `app_passwds`, `pw_reset`) 
+                `pushover`, `quarantine`, `quarantine_attachments`, `quarantine_notification`, `quarantine_category`, `app_passwds`, `pw_reset`)
               VALUES (:username, :spam_alias, :tls_policy, :spam_score, :spam_policy, :delimiter_action, :syncjobs, :eas_reset, :sogo_profile_reset,
                 :pushover, :quarantine, :quarantine_attachments, :quarantine_notification, :quarantine_category, :app_passwds, :pw_reset) ");
             $stmt->execute(array(
@@ -1467,7 +1467,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             );
             return false;
           }
-          
+
           // check attributes
           $attr = array();
           $attr['tags']                       = (isset($_data['tags'])) ? $_data['tags'] : array();
@@ -1557,7 +1557,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             $attr['pop3_access'] = (in_array('pop3', $_data['protocol_access'])) ? 1 : 0;
             $attr['smtp_access'] = (in_array('smtp', $_data['protocol_access'])) ? 1 : 0;
             $attr['sieve_access'] = (in_array('sieve', $_data['protocol_access'])) ? 1 : 0;
-          }   
+          }
           else {
             $attr['imap_access'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['imap_access']);
             $attr['pop3_access'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['pop3_access']);
@@ -2109,7 +2109,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                 );
                 return false;
               }
-  
+
               // check if param is whitelisted
               if (!in_array(strtolower($param), $GLOBALS["IMAPSYNC_OPTIONS"]["whitelist"])){
                 // bad option
@@ -2802,11 +2802,11 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             // check name
             if ($is_now["template"] == "Default" && $is_now["template"] != $_data["template"]){
               // keep template name of Default template
-              $_data["template"]                   = $is_now["template"]; 
+              $_data["template"]                   = $is_now["template"];
             }
             else {
-              $_data["template"]                   = (isset($_data["template"])) ? $_data["template"] : $is_now["template"]; 
-            }   
+              $_data["template"]                   = (isset($_data["template"])) ? $_data["template"] : $is_now["template"];
+            }
             // check attributes
             $attr = array();
             $attr['tags']                       = (isset($_data['tags'])) ? $_data['tags'] : array();
@@ -2833,10 +2833,10 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               ":id" => $id ,
               ":template" => $_data["template"] ,
               ":attributes" => json_encode($attr)
-            )); 
+            ));
           }
 
-  
+
           $_SESSION['return'][] = array(
             'type' => 'success',
             'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -3192,7 +3192,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                 ':tag_name' => $tag,
               ));
             }
-            
+
             $_SESSION['return'][] = array(
               'type' => 'success',
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -3203,6 +3203,146 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           }
           return true;
         break;
+        case 'mailbox_rename':
+          $domain = $_data['domain'];
+          $old_local_part = $_data['old_local_part'];
+          $old_username = $old_local_part . "@" . $domain;
+          $new_local_part = $_data['new_local_part'];
+          $new_username = $new_local_part . "@" . $domain;
+          $create_alias = intval($_data['create_alias']);
+
+          if (!filter_var($old_username, FILTER_VALIDATE_EMAIL)) {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+              'msg' => array('username_invalid', $old_username)
+            );
+            return false;
+          }
+          if (!filter_var($new_username, FILTER_VALIDATE_EMAIL)) {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+              'msg' => array('username_invalid', $new_username)
+            );
+            return false;
+          }
+
+          $is_now = mailbox('get', 'mailbox_details', $old_username);
+          if (empty($is_now)) {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+              'msg' => 'access_denied'
+            );
+            return false;
+          }
+
+          if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $is_now['domain'])) {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+              'msg' => 'access_denied'
+            );
+            return false;
+          }
+
+          // rename username in sql
+          try {
+            $pdo->beginTransaction();
+            $pdo->exec('SET FOREIGN_KEY_CHECKS = 0');
+
+            $pdo->prepare('UPDATE mailbox SET username = :new_username, local_part = :new_local_part WHERE username = :old_username')
+              ->execute([
+                ':new_username' => $new_username,
+                ':new_local_part' => $new_local_part,
+                ':old_username' => $old_username
+              ]);
+
+            // Update the username in all related tables
+            $tables = [
+              'tags_mailbox' => 'username',
+              'sieve_filters' => 'username',
+              'app_passwd' => 'mailbox',
+              'user_acl' => 'username',
+              'da_acl' => 'username',
+              'quota2' => 'username',
+              'quota2replica' => 'username',
+              'pushover' => 'username'
+            ];
+
+            foreach ($tables as $table => $column) {
+              $pdo->prepare("UPDATE $table SET $column = :new_username WHERE $column = :old_username")
+                ->execute([
+                  ':new_username' => $new_username,
+                  ':old_username' => $old_username
+                ]);
+            }
+
+            $pdo->prepare("UPDATE _sogo_static_view SET c_uid = :new_username, c_name = :new_username2, mail = :new_username3 WHERE c_uid = :old_username")
+              ->execute([
+                ':new_username' => $new_username,
+                ':new_username2' => $new_username,
+                ':new_username3' => $new_username,
+                ':old_username' => $old_username
+              ]);
+
+            $pdo->prepare("UPDATE alias SET address = :new_username, goto = :new_username2 WHERE address = :old_username")
+              ->execute([
+                ':new_username' => $new_username,
+                ':new_username2' => $new_username,
+                ':old_username' => $old_username
+              ]);
+
+
+            // Re-enable foreign key checks
+            $pdo->exec('SET FOREIGN_KEY_CHECKS = 1');
+            $pdo->commit();
+          } catch (PDOException $e) {
+            // Rollback the transaction if something goes wrong
+            $pdo->rollBack();
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+              'msg' => $e->getMessage()
+            );
+          }
+
+          // move maildir
+          $exec_fields = array(
+            'cmd' => 'maildir',
+            'task' => 'move',
+            'old_maildir' => $domain . '/' . $old_local_part,
+            'new_maildir' => $domain . '/' . $new_local_part
+          );
+          docker('post', 'dovecot-mailcow', 'exec', $exec_fields);
+
+          // rename username in sogo
+          $exec_fields = array(
+            'cmd' => 'sogo',
+            'task' => 'rename_user',
+            'old_username' => $old_username,
+            'new_username' => $new_username
+          );
+          docker('post', 'sogo-mailcow', 'exec', $exec_fields);
+
+          // create alias
+          if ($create_alias == 1) {
+            mailbox("add", "alias", array(
+              "address" => $old_username,
+              "goto" => $new_username,
+              "active" => 1,
+              "sogo_visible" => 1,
+              "private_comment" => sprintf($lang['success']['mailbox_renamed'], $old_username, $new_username)
+            ));
+          }
+
+          $_SESSION['return'][] = array(
+            'type' => 'success',
+            'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+            'msg' => array('mailbox_renamed', $old_username, $new_username)
+          );
+        break;
         case 'mailbox_templates':
           if ($_SESSION['mailcow_cc_role'] != "admin") {
             $_SESSION['return'][] = array(
@@ -3235,11 +3375,11 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             // check name
             if ($is_now["template"] == "Default" && $is_now["template"] != $_data["template"]){
               // keep template name of Default template
-              $_data["template"]                   = $is_now["template"]; 
+              $_data["template"]                   = $is_now["template"];
             }
             else {
-              $_data["template"]                   = (isset($_data["template"])) ? $_data["template"] : $is_now["template"]; 
-            }   
+              $_data["template"]                   = (isset($_data["template"])) ? $_data["template"] : $is_now["template"];
+            }
             // check attributes
             $attr = array();
             $attr["quota"]                       = isset($_data['quota']) ? intval($_data['quota']) * 1048576 : 0;
@@ -3259,11 +3399,11 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               $attr['pop3_access'] = (in_array('pop3', $_data['protocol_access'])) ? 1 : 0;
               $attr['smtp_access'] = (in_array('smtp', $_data['protocol_access'])) ? 1 : 0;
               $attr['sieve_access'] = (in_array('sieve', $_data['protocol_access'])) ? 1 : 0;
-            }          
-            else { 
+            }
+            else {
               foreach ($is_now as $key => $value){
                 $attr[$key] = $is_now[$key];
-              }    
+              }
             }
             if (isset($_data['acl'])) {
               $_data['acl'] = (array)$_data['acl'];
@@ -3282,10 +3422,10 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               $attr['acl_quarantine_category'] = (in_array('quarantine_category', $_data['acl'])) ? 1 : 0;
               $attr['acl_app_passwds'] = (in_array('app_passwds', $_data['acl'])) ? 1 : 0;
               $attr['acl_pw_reset'] = (in_array('pw_reset', $_data['acl'])) ? 1 : 0;
-            } else {    
+            } else {
               foreach ($is_now as $key => $value){
                 $attr[$key] = $is_now[$key];
-              }        
+              }
             }
 
 
@@ -3297,7 +3437,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               ":id" => $id ,
               ":template" => $_data["template"] ,
               ":attributes" => json_encode($attr)
-            )); 
+            ));
           }
 
 
@@ -3326,7 +3466,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               );
               continue;
             }
-            $is_now = mailbox('get', 'mailbox_details', $mailbox);            
+            $is_now = mailbox('get', 'mailbox_details', $mailbox);
             if(!empty($is_now)){
               if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $is_now['domain'])) {
                 $_SESSION['return'][] = array(
@@ -3353,15 +3493,15 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             $stmt->execute(array(
               ":username" => $mailbox,
               ":custom_attributes" => json_encode($attributes)
-            ));             
-            
+            ));
+
             $_SESSION['return'][] = array(
               'type' => 'success',
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
               'msg' => array('mailbox_modified', $mailbox)
             );
           }
-          
+
           return true;
         break;
         case 'resource':
@@ -3443,7 +3583,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             );
           }
         break;
-        case 'domain_wide_footer':  
+        case 'domain_wide_footer':
           if (!is_array($_data['domains'])) {
             $domains = array();
             $domains[] = $_data['domains'];
@@ -3696,7 +3836,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
             // prepend domain to array
             $params = array();
-            foreach ($tags as $key => $val){ 
+            foreach ($tags as $key => $val){
               array_push($params, '%'.$_data.'%');
               array_push($params, '%'.$val.'%');
             }
@@ -3705,7 +3845,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
             $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
             while($row = array_shift($rows)) {
-              if (hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], explode('@', $row['username'])[1])) 
+              if (hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], explode('@', $row['username'])[1]))
                 $mailboxes[] = $row['username'];
             }
           }
@@ -4260,7 +4400,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             while($row = array_shift($rows)) {
               if ($_SESSION['mailcow_cc_role'] == "admin")
                 $domains[] = $row['domain'];
-              elseif (hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['domain'])) 
+              elseif (hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['domain']))
                 $domains[] = $row['domain'];
             }
           } else {
@@ -4420,19 +4560,19 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           }
           $_data = (isset($_data)) ? intval($_data) : null;
 
-          if (isset($_data)){          
-            $stmt = $pdo->prepare("SELECT * FROM `templates` 
+          if (isset($_data)){
+            $stmt = $pdo->prepare("SELECT * FROM `templates`
               WHERE `id` = :id AND type = :type");
             $stmt->execute(array(
               ":id" => $_data,
               ":type" => "domain"
             ));
             $row = $stmt->fetch(PDO::FETCH_ASSOC);
-  
+
             if (empty($row)){
               return false;
             }
-  
+
             $row["attributes"] = json_decode($row["attributes"], true);
             return $row;
           }
@@ -4440,11 +4580,11 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             $stmt = $pdo->prepare("SELECT * FROM `templates` WHERE `type` =  'domain'");
             $stmt->execute();
             $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-  
+
             if (empty($rows)){
               return false;
             }
-  
+
             foreach($rows as $key => $row){
               $rows[$key]["attributes"] = json_decode($row["attributes"], true);
             }
@@ -4610,19 +4750,19 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           }
           $_data = (isset($_data)) ? intval($_data) : null;
 
-          if (isset($_data)){          
-            $stmt = $pdo->prepare("SELECT * FROM `templates` 
+          if (isset($_data)){
+            $stmt = $pdo->prepare("SELECT * FROM `templates`
               WHERE `id` = :id AND type = :type");
             $stmt->execute(array(
               ":id" => $_data,
               ":type" => "mailbox"
             ));
             $row = $stmt->fetch(PDO::FETCH_ASSOC);
-  
+
             if (empty($row)){
               return false;
             }
-  
+
             $row["attributes"] = json_decode($row["attributes"], true);
             return $row;
           }
@@ -5064,7 +5204,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             $ids = $_data['ids'];
           }
 
-          
+
           foreach ($ids as $id) {
             // delete template
             $stmt = $pdo->prepare("DELETE FROM `templates`
@@ -5377,7 +5517,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               );
               continue;
             }
-            
+
             update_sogo_static_view($username);
             $_SESSION['return'][] = array(
               'type' => 'success',
@@ -5404,7 +5544,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             $ids = $_data['ids'];
           }
 
-          
+
           foreach ($ids as $id) {
             // delete template
             $stmt = $pdo->prepare("DELETE FROM `templates`
@@ -5413,7 +5553,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               ":id" => $id,
               ":type" => "mailbox",
               ":template" => "Default"
-            )); 
+            ));
           }
 
           $_SESSION['return'][] = array(
@@ -5487,7 +5627,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             );
           }
         break;
-        case 'tags_domain':    
+        case 'tags_domain':
           if (!is_array($_data['domain'])) {
             $domains = array();
             $domains[] = $_data['domain'];
@@ -5500,7 +5640,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
 
           $wasModified = false;
-          foreach ($domains as $domain) {            
+          foreach ($domains as $domain) {
             if (!is_valid_domain_name($domain)) {
               $_SESSION['return'][] = array(
                 'type' => 'danger',
@@ -5517,7 +5657,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               );
               return false;
             }
-            
+
             foreach($tags as $tag){
               // delete tag
               $wasModified = true;
@@ -5572,7 +5712,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             // delete tags
             foreach($tags as $tag){
               $wasModified = true;
-              
+
               $stmt = $pdo->prepare("DELETE FROM `tags_mailbox` WHERE `username` = :username AND `tag_name` = :tag_name");
               $stmt->execute(array(
                 ':username' => $username,
diff --git a/data/web/inc/triggers.inc.php b/data/web/inc/triggers.inc.php
index 5c625e414..34e47a544 100644
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -18,7 +18,7 @@ if (isset($_POST["pw_reset_request"]) && !empty($_POST['username'])) {
 if (isset($_POST["pw_reset"])) {
   $username = reset_password("check", $_POST['token']);
   $reset_result = reset_password("reset", array(
-    'new_password' => $_POST['new_password'], 
+    'new_password' => $_POST['new_password'],
     'new_password2' => $_POST['new_password2'],
     'token' => $_POST['token'],
     'username' => $username,
@@ -52,7 +52,7 @@ if (isset($_POST["verify_tfa_login"])) {
       unset($_SESSION['pending_mailcow_cc_username']);
       unset($_SESSION['pending_mailcow_cc_role']);
       unset($_SESSION['pending_tfa_methods']);
-  
+
       header("Location: /user");
     }
   } else {
@@ -89,27 +89,30 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
 	if ($as == "admin") {
 		$_SESSION['mailcow_cc_username'] = $login_user;
 		$_SESSION['mailcow_cc_role'] = "admin";
-		header("Location: /admin");
+		header("Location: /debug");
+    die();
 	}
 	elseif ($as == "domainadmin") {
 		$_SESSION['mailcow_cc_username'] = $login_user;
 		$_SESSION['mailcow_cc_role'] = "domainadmin";
 		header("Location: /mailbox");
+    die();
 	}
 	elseif ($as == "user") {
 		$_SESSION['mailcow_cc_username'] = $login_user;
 		$_SESSION['mailcow_cc_role'] = "user";
-        $http_parameters = explode('&', $_SESSION['index_query_string']);
-        unset($_SESSION['index_query_string']);
-        if (in_array('mobileconfig', $http_parameters)) {
-            if (in_array('only_email', $http_parameters)) {
-                header("Location: /mobileconfig.php?only_email");
-                die();
-            }
-            header("Location: /mobileconfig.php");
-            die();
-        }
+    $http_parameters = explode('&', $_SESSION['index_query_string']);
+    unset($_SESSION['index_query_string']);
+    if (in_array('mobileconfig', $http_parameters)) {
+      if (in_array('only_email', $http_parameters)) {
+        header("Location: /mobileconfig.php?only_email");
+        die();
+      }
+      header("Location: /mobileconfig.php");
+      die();
+    }
 		header("Location: /user");
+    die();
 	}
 	elseif ($as != "pending") {
     unset($_SESSION['pending_mailcow_cc_username']);
diff --git a/data/web/js/site/edit.js b/data/web/js/site/edit.js
index d68954989..f9fe707c6 100644
--- a/data/web/js/site/edit.js
+++ b/data/web/js/site/edit.js
@@ -58,6 +58,11 @@ $(document).ready(function() {
     $('input[name=multiple_bookings]').val($("#multiple_bookings_custom").val());
   });
 
+  $("#show_mailbox_rename_form").click(function() {
+    $("#rename_warning").hide();
+    $("#rename_form").removeClass("d-none");
+  });
+
   // load tags
   if ($('#tags').length){
     var tagsEl = $('#tags').parent().find('.tag-values')[0];
diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index 51dbcf435..2c9fba8f5 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -2354,7 +2354,7 @@ jQuery(function($){
     else
       $(tab).find(".table_collapse_option").hide();
   }
-  
+
   function filterByDomain(json, column, table){
     var tableId = $(table.table().container()).attr('id');
     // Create the `select` element
@@ -2377,12 +2377,12 @@ jQuery(function($){
         }
       });
     });
-    
+
     // get unique domain list
     domains = domains.filter(function(value, index, array) {
       return array.indexOf(value) === index;
     });
-    
+
     // add domains to select
     domains.forEach(function(domain) {
         select.append($('<option>' + domain + '</option>'));
diff --git a/data/web/json_api.php b/data/web/json_api.php
index e14dd9962..66054e6d3 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -509,7 +509,7 @@ if (isset($_GET['query'])) {
           print(json_encode($getArgs));
           $_SESSION['challenge'] = $WebAuthn->getChallenge();
           return;
-        break;          
+        break;
         case "fail2ban":
           if (!isset($_SESSION['mailcow_cc_role'])){
             switch ($object) {
@@ -2020,6 +2020,9 @@ if (isset($_GET['query'])) {
         case "rl-mbox":
           process_edit_return(ratelimit('edit', 'mailbox', array_merge(array('object' => $items), $attr)));
         break;
+        case "rename-mbox":
+          process_edit_return(mailbox('edit', 'mailbox_rename', array_merge(array('mailbox' => $items), $attr)));
+        break;
         case "user-acl":
           process_edit_return(acl('edit', 'user', array_merge(array('username' => $items), $attr)));
         break;
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 189774eec..79a6dc383 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -641,6 +641,10 @@
         "mailbox": "Mailbox bearbeiten",
         "mailbox_quota_def": "Standard-Quota einer Mailbox",
         "mailbox_relayhost_info": "Wird auf eine Mailbox und direkte Alias-Adressen angewendet. Überschreibt die Einstellung einer Domain.",
+        "mailbox_rename": "Mailbox umbennnen",
+        "mailbox_rename_agree": "Ich habe ein Backup erstellt.",
+        "mailbox_rename_warning": "WICHTIG! Vor dem Umbenennen der Mailbox ein Backup erstellen.",
+        "mailbox_rename_alias": "Alias automatisch erstellen",
         "max_aliases": "Max. Aliasse",
         "max_mailboxes": "Max. Mailboxanzahl",
         "max_quota": "Max. Größe per Mailbox (MiB)",
@@ -764,7 +768,7 @@
         "login": "Anmelden",
         "mobileconfig_info": "Bitte als Mailbox-Benutzer einloggen, um das Verbindungsprofil herunterzuladen.",
         "new_password": "Neues Passwort",
-        "new_password_confirm": "Neues Passwort bestätigen",        
+        "new_password_confirm": "Neues Passwort bestätigen",
         "other_logins": "Key Login",
         "password": "Passwort",
         "reset_password": "Passwort zurücksetzen",
@@ -1084,6 +1088,7 @@
         "mailbox_added": "Mailbox %s wurde angelegt",
         "mailbox_modified": "Änderungen an Mailbox %s wurden gespeichert",
         "mailbox_removed": "Mailbox %s wurde entfernt",
+        "mailbox_renamed": "Mailbox wurde von %s in %s umbenannt",
         "nginx_reloaded": "Nginx wurde neu geladen",
         "object_modified": "Änderungen an Objekt %s wurden gespeichert",
         "password_policy_saved": "Passwortrichtlinie wurde erfolgreich gespeichert",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 600441809..7833d7e43 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -641,6 +641,10 @@
         "mailbox": "Edit mailbox",
         "mailbox_quota_def": "Default mailbox quota",
         "mailbox_relayhost_info": "Applied to the mailbox and direct aliases only, does override a domain relayhost.",
+        "mailbox_rename": "Rename mailbox",
+        "mailbox_rename_agree": "I have created a backup.",
+        "mailbox_rename_warning": "IMPORTANT! Create a backup before renaming the mailbox.",
+        "mailbox_rename_alias": "Create alias automatically",
         "max_aliases": "Max. aliases",
         "max_mailboxes": "Max. possible mailboxes",
         "max_quota": "Max. quota per mailbox (MiB)",
@@ -1091,6 +1095,7 @@
         "mailbox_added": "Mailbox %s has been added",
         "mailbox_modified": "Changes to mailbox %s have been saved",
         "mailbox_removed": "Mailbox %s has been removed",
+        "mailbox_renamed": "Mailbox was renamed from %s to %s",
         "nginx_reloaded": "Nginx was reloaded",
         "object_modified": "Changes to object %s have been saved",
         "password_policy_saved": "Password policy was saved successfully",
diff --git a/data/web/templates/edit/mailbox.twig b/data/web/templates/edit/mailbox.twig
index 8de0095f2..b21ff2eec 100644
--- a/data/web/templates/edit/mailbox.twig
+++ b/data/web/templates/edit/mailbox.twig
@@ -9,6 +9,7 @@
       <li role="presentation" class="nav-item"><button class="nav-link" data-bs-toggle="tab" data-bs-target="#mpushover">{{ lang.edit.pushover }}</button></li>
       <li role="presentation" class="nav-item"><button class="nav-link" data-bs-toggle="tab" data-bs-target="#macl">{{ lang.edit.acl }}</button></li>
       <li role="presentation" class="nav-item"><button class="nav-link" data-bs-toggle="tab" data-bs-target="#mrl">{{ lang.edit.ratelimit }}</button></li>
+      <li role="presentation" class="nav-item"><button class="nav-link" data-bs-toggle="tab" data-bs-target="#mrename">⚠️ {{ lang.edit.mailbox_rename }}</button></li>
     </ul>
     <hr class="d-none d-md-block">
     <div class="tab-content">
@@ -287,10 +288,10 @@
         <div class="card mb-4">
           <div class="card-header d-flex d-md-none fs-5">
             <button class="btn flex-grow-1 text-start" data-bs-target="#collapse-tab-mattr" data-bs-toggle="collapse" aria-controls="collapse-tab-mattr">
-              {{ lang.edit.mailbox }} <span class="badge bg-info table-lines"></span>
+              {{ lang.edit.custom_attributes }} <span class="badge bg-info table-lines"></span>
             </button>
           </div>
-          <div id="collapse-tab-mattr" class="card-body collapse show" data-bs-parent="#mailbox-content">
+          <div id="collapse-tab-mattr" class="card-body collapse" data-bs-parent="#mailbox-content">
             <form class="form-inline" data-id="mbox_attr" role="form" method="post">
               <table class="table table-condensed" style="white-space: nowrap;" id="mbox_attr_table">
                 <tr>
@@ -465,10 +466,10 @@
                         {% include 'mailbox/rl-frame.twig' %}
                         </select>
                       </div>
-                    </div>  
+                    </div>
                   </div>
                   <div class="row mb-2">
-                    <div class="offset-sm-2 col-sm-10">  
+                    <div class="offset-sm-2 col-sm-10">
                       <button class="btn btn-xs-lg d-block d-sm-inline btn-secondary" data-action="edit_selected" data-id="mboxratelimit" data-item="{{ mailbox }}" data-api-url='edit/rl-mbox' data-api-attr='{}' href="#">{{ lang.edit.save }}</button>
                       <p class="text-muted mt-2">{{ lang.edit.mbox_rl_info }}</p>
                     </div>
@@ -477,6 +478,55 @@
             </div>
         </div>
       </div>
+      <div id="mrename" class="tab-pane fade" role="tabpanel" aria-labelledby="mailbox-rename">
+        <div class="card mb-4">
+            <div class="card-header d-flex d-md-none fs-5">
+              <button class="btn flex-grow-1 text-start" data-bs-target="#collapse-tab-mrename" data-bs-toggle="collapse" aria-controls="collapse-tab-mrename">
+                ⚠️ {{ lang.edit.mailbox_rename }}<span class="badge bg-info table-lines"></span>
+              </button>
+            </div>
+            <div id="collapse-tab-mrename" class="card-body collapse" data-bs-parent="#mailbox-content">
+              <div class="well">
+                <div id="rename_warning">
+                  <p>{{ lang.edit.mailbox_rename_warning }}</p>
+                  <div id="confirm_show_rspamd_global_filters">
+                    <div class="row">
+                      <div class="offset-sm-2 col-sm-10">
+                        <label>
+                          <input type="checkbox" class="form-check-input" id="show_mailbox_rename_form"> {{ lang.edit.mailbox_rename_agree }}
+                        </label>
+                      </div>
+                    </div>
+                  </div>
+                </div>
+                <div id="rename_form" class="d-none">
+                  <form data-id="mboxrename" method="post">
+                    <input name="domain" type="hidden" value="{{ result.domain }}">
+                    <input name="old_local_part" type="hidden" value="{{ result.local_part }}">
+                    <div class="row mb-2">
+                      <div class="offset-sm-2 col-sm-10 col-md-8 col-xl-6">
+                        <div class="input-group mb-2">
+                          <input type="text" class="form-control" name="new_local_part" autocomplete="off" value="{{ result.local_part }}">
+                          <span class="input-group-text">@{{ result.domain }}</span>
+                        </div>
+                      </div>
+                    </div>
+                    <div class="row mb-4">
+                      <div class="offset-sm-2 col-sm-10">
+                        <label><input type="checkbox" class="form-check-input" value="1" name="create_alias" checked> {{ lang.edit.mailbox_rename_alias }}</label>
+                      </div>
+                    </div>
+                    <div class="row mb-2">
+                      <div class="offset-sm-2 col-sm-10">
+                        <button class="btn btn-xs-lg d-block d-sm-inline btn-secondary" data-action="edit_selected" data-id="mboxrename" data-item="{{ mailbox }}" data-api-url='edit/rename-mbox' data-api-attr='{}' data-api-reload-location="/mailbox" href="#">{{ lang.edit.save }}</button>
+                      </div>
+                    </div>
+                  </form>
+                </div>
+              </div>
+            </div>
+        </div>
+      </div>
     </div>
 </div>
 {% else %}
diff --git a/docker-compose.yml b/docker-compose.yml
index cf0a028ff..86a033236 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -534,7 +534,7 @@ services:
             - watchdog
 
     dockerapi-mailcow:
-      image: mailcow/dockerapi:2.08
+      image: mailcow/dockerapi:2.09
       security_opt:
         - label=disable
       restart: always
@@ -552,7 +552,7 @@ services:
           aliases:
             - dockerapi
 
-    
+
     ##### Will be removed soon #####
     solr-mailcow:
       image: mailcow/solr:1.8.3

From dbf87e99fc11970721763a1abe92fc9a20857254 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 21 Aug 2024 10:48:04 +0200
Subject: [PATCH 309/755] [Web] Convert LDAP username_field and attribute_field
 to lowercase

---
 data/web/inc/functions.inc.php | 85 +++++++++++++++++-----------------
 1 file changed, 43 insertions(+), 42 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 97f97a421..15c3b0b9e 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -834,7 +834,7 @@ function update_sogo_static_view($mailbox = null) {
     // Check if the mailbox exists
     $stmt = $pdo->prepare("SELECT username FROM mailbox WHERE username = :mailbox AND active = '1'");
     $stmt->execute(array(':mailbox' => $mailbox));
-    $row = $stmt->fetch(PDO::FETCH_ASSOC);  
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);
     if ($row){
       $mailbox_exists = true;
     }
@@ -844,7 +844,7 @@ function update_sogo_static_view($mailbox = null) {
   $random_password = base64_encode(openssl_random_pseudo_bytes(24));
   $random_salt = base64_encode(openssl_random_pseudo_bytes(16));
   $random_hash = '{SSHA256}' . base64_encode(hash('sha256', base64_decode($password) . $salt, true) . $salt);
-  
+
   $subquery = "GROUP BY mailbox.username";
   if ($mailbox_exists) {
     $subquery = "AND mailbox.username = :mailbox";
@@ -882,7 +882,7 @@ function update_sogo_static_view($mailbox = null) {
         `kind` = VALUES(`kind`),
         `multiple_bookings` = VALUES(`multiple_bookings`)";
 
-  
+
   if ($mailbox_exists) {
     $stmt = $pdo->prepare($query);
     $stmt->execute(array(
@@ -895,9 +895,9 @@ function update_sogo_static_view($mailbox = null) {
       ':random_hash' => $random_hash
     ));
   }
-  
+
   $stmt = $pdo->query("DELETE FROM _sogo_static_view WHERE `c_uid` NOT IN (SELECT `username` FROM `mailbox` WHERE `active` = '1');");
-  
+
   flush_memcached();
 }
 function edit_user_account($_data) {
@@ -930,7 +930,7 @@ function edit_user_account($_data) {
           AND `username` = :user AND authsource = 'mailcow'");
     $stmt->execute(array(':user' => $username));
     $row = $stmt->fetch(PDO::FETCH_ASSOC);
-  
+
     if (!verify_hash($row['password'], $password_old)) {
       $_SESSION['return'][] =  array(
         'type' => 'danger',
@@ -939,7 +939,7 @@ function edit_user_account($_data) {
       );
       return false;
     }
-  
+
     $password_new = $_data['user_new_pass'];
     $password_new2  = $_data['user_new_pass2'];
     if (password_check($password_new, $password_new2) !== true) {
@@ -954,7 +954,7 @@ function edit_user_account($_data) {
       ':password_hashed' => $password_hashed,
       ':username' => $username
     ));
-  
+
     update_sogo_static_view();
   }
   // edit password recovery email
@@ -1210,7 +1210,7 @@ function set_tfa($_data) {
             $_data['registration']->certificate,
             0
         ));
-    
+
         $_SESSION['return'][] =  array(
             'type' => 'success',
             'log' => array(__FUNCTION__, $_data_log),
@@ -1380,7 +1380,7 @@ function unset_tfa_key($_data) {
 
   try {
     if (!is_numeric($id)) $access_denied = true;
-    
+
     // set access_denied error
     if ($access_denied){
       $_SESSION['return'][] = array(
@@ -1389,7 +1389,7 @@ function unset_tfa_key($_data) {
         'msg' => 'access_denied'
       );
       return false;
-    } 
+    }
 
     // check if it's last key
     $stmt = $pdo->prepare("SELECT COUNT(*) AS `keys` FROM `tfa`
@@ -1438,7 +1438,7 @@ function get_tfa($username = null, $id = null) {
         WHERE `username` = :username AND `active` = '1'");
     $stmt->execute(array(':username' => $username));
     $results = $stmt->fetchAll(PDO::FETCH_ASSOC);
- 
+
     // no tfa methods found
     if (count($results) == 0) {
         $data['name'] = 'none';
@@ -1646,8 +1646,8 @@ function verify_tfa_login($username, $_data) {
                   'msg' => array('webauthn_authenticator_failed')
               );
               return false;
-            } 
-            
+            }
+
             if (empty($process_webauthn['publicKey']) || $process_webauthn['publicKey'] === false) {
                 $_SESSION['return'][] =  array(
                     'type' => 'danger',
@@ -2009,7 +2009,7 @@ function cors($action, $data = null) {
           'msg' => 'access_denied'
         );
         return false;
-      }    
+      }
 
       $allowed_origins = isset($data['allowed_origins']) ? $data['allowed_origins'] : array($_SERVER['SERVER_NAME']);
       $allowed_origins = !is_array($allowed_origins) ? array_filter(array_map('trim', explode("\n", $allowed_origins))) : $allowed_origins;
@@ -2042,7 +2042,7 @@ function cors($action, $data = null) {
         $redis->hMSet('CORS_SETTINGS', array(
           'allowed_origins' => implode(', ', $allowed_origins),
           'allowed_methods' => implode(', ', $allowed_methods)
-        ));   
+        ));
       } catch (RedisException $e) {
         $_SESSION['return'][] = array(
           'type' => 'danger',
@@ -2094,10 +2094,10 @@ function cors($action, $data = null) {
       header('Access-Control-Allow-Headers: Accept, Content-Type, X-Api-Key, Origin');
 
       // Access-Control settings requested, this is just a preflight request
-      if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS' && 
+      if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS' &&
         isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']) &&
         isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) {
-  
+
         $allowed_methods = explode(', ', $cors_settings["allowed_methods"]);
         if (in_array($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'], $allowed_methods, true))
           // method allowed send 200 OK
@@ -2216,7 +2216,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       $stmt = $pdo->prepare("SELECT * FROM `mailbox`
           WHERE `authsource` != 'mailcow'
           AND `authsource` IS NOT NULL
-          AND `authsource` != :authsource");  
+          AND `authsource` != :authsource");
       $stmt->execute(array(':authsource' => $_data['authsource']));
       $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
       if ($rows) {
@@ -2247,7 +2247,8 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
         break;
         case "ldap":
           $_data['port']              = (!empty($_data['port'])) ? intval($_data['port']) : 389;
-          $_data['username_field']    = (!empty($_data['username_field'])) ? $_data['username_field'] : "mail";
+          $_data['username_field']    = (!empty($_data['username_field'])) ? strtolower($_data['username_field']) : "mail";
+          $_data['attribute_field']   = (!empty($_data['attribute_field'])) ? strtolower($_data['attribute_field']) : "";
           $_data['filter']            = (!empty($_data['filter'])) ? $_data['filter'] : "";
           $_data['periodic_sync']     = isset($_data['periodic_sync']) ? intval($_data['periodic_sync']) : 0;
           $_data['import_users']      = isset($_data['import_users']) ? intval($_data['import_users']) : 0;
@@ -2259,7 +2260,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
           $required_settings          = array('authsource', 'host', 'port', 'basedn', 'username_field', 'filter', 'attribute_field', 'binddn', 'bindpass', 'periodic_sync', 'import_users', 'sync_interval', 'use_ssl', 'use_tls', 'ignore_ssl_error');
         break;
       }
-      
+
       $pdo->beginTransaction();
       $stmt = $pdo->prepare("INSERT INTO identity_provider (`key`, `value`) VALUES (:key, :value) ON DUPLICATE KEY UPDATE `value` = VALUES(`value`);");
       // add connection settings
@@ -2343,7 +2344,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
           $res = curl_exec($curl);
           $code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
           curl_close ($curl);
-          
+
           if ($code != 200) {
             return false;
           }
@@ -2391,7 +2392,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
         );
         return false;
       }
-      
+
       $stmt = $pdo->query("SELECT * FROM `mailbox`
           WHERE `authsource` != 'mailcow'
           AND `authsource` IS NOT NULL");
@@ -2428,7 +2429,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
               'clientId'              => $iam_settings['client_id'],
               'clientSecret'          => $iam_settings['client_secret'],
               'redirectUri'           => $iam_settings['redirect_url'],
-              'version'               => $iam_settings['version'],                            
+              'version'               => $iam_settings['version'],
               // 'encryptionAlgorithm'   => 'RS256',                             // optional
               // 'encryptionKeyPath'     => '../key.pem'                         // optional
               // 'encryptionKey'         => 'contents_of_key_or_certificate'     // optional
@@ -2488,7 +2489,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
         );
         return false;
       }
-    
+
       try {
         $token = $provider->getAccessToken('authorization_code', ['code' => $_GET['code']]);
         $_SESSION['iam_token'] = $token->getToken();
@@ -2504,7 +2505,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       }
       // check if email address is given
       if (empty($info['email'])) return false;
-    
+
       // token valid, get mailbox
       $stmt = $pdo->prepare("SELECT * FROM `mailbox`
         INNER JOIN domain on mailbox.domain = domain.domain
@@ -2530,7 +2531,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       // also return false if no mappers were defined
       $user_template = $info['mailcow_template'];
       if (empty($iam_settings['mappers']) || empty($user_template)){
-        clear_session();  
+        clear_session();
         $_SESSION['return'][] =  array(
           'type' => 'danger',
           'log' => array(__FUNCTION__, $info['email']),
@@ -2542,7 +2543,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       // check if matching attribute exist
       $mapper_key = array_search($user_template, $iam_settings['mappers']);
       if ($mapper_key === false) {
-        clear_session();  
+        clear_session();
         $_SESSION['return'][] =  array(
           'type' => 'danger',
           'log' => array(__FUNCTION__, $info['email']),
@@ -2560,7 +2561,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
         'template' => $iam_settings['templates'][$mapper_key]
       ));
       if (!$create_res){
-        clear_session();  
+        clear_session();
         $_SESSION['return'][] =  array(
           'type' => 'danger',
           'log' => array(__FUNCTION__, $info['email']),
@@ -2568,7 +2569,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
         );
         return false;
       }
-    
+
       set_user_loggedin_session($info['email']);
       $_SESSION['return'][] =  array(
         'type' => 'success',
@@ -2586,7 +2587,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
         $_SESSION['iam_refresh_token'] = $token->getRefreshToken();
         $info = $provider->getResourceOwner($token)->toArray();
       } catch (Throwable $e) {
-        clear_session();  
+        clear_session();
         $_SESSION['return'][] =  array(
           'type' => 'danger',
           'log' => array(__FUNCTION__),
@@ -2596,7 +2597,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       }
 
       if (empty($info['email'])){
-        clear_session();  
+        clear_session();
         $_SESSION['return'][] =  array(
           'type' => 'danger',
           'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
@@ -2604,14 +2605,14 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
         );
         return false;
       }
-    
+
       $_SESSION['mailcow_cc_username'] = $info['email'];
       $_SESSION['mailcow_cc_role'] = "user";
       return true;
     break;
     case "get-redirect":
       $iam_settings = identity_provider('get');
-      if ($iam_settings['authsource'] != 'keycloak' && $iam_settings['authsource'] != 'generic-oidc') 
+      if ($iam_settings['authsource'] != 'keycloak' && $iam_settings['authsource'] != 'generic-oidc')
         return false;
       $provider = $_data['iam_provider'];
       $authUrl = $provider->getAuthorizationUrl();
@@ -2667,7 +2668,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       if ($code != 200) {
         return false;
       }
-      
+
       $stmt = $pdo->prepare("INSERT INTO identity_provider (`key`, `value`) VALUES (:key, :value) ON DUPLICATE KEY UPDATE `value` = VALUES(`value`);");
       $stmt->execute(array(
         ':key' => 'access_token',
@@ -2702,7 +2703,7 @@ function reset_password($action, $data = null) {
     break;
     case 'issue':
       $username = $data;
-      
+
       // perform cleanup
       $stmt = $pdo->prepare("DELETE FROM `reset_password` WHERE created < DATE_SUB(NOW(), INTERVAL :lifetime MINUTE);");
       $stmt->execute(array(':lifetime' => $PW_RESET_TOKEN_LIFETIME));
@@ -2784,8 +2785,8 @@ function reset_password($action, $data = null) {
       $request_date = new DateTime();
       $locale_date = locale_get_default();
       $date_formatter = new IntlDateFormatter(
-        $locale_date, 
-        IntlDateFormatter::FULL, 
+        $locale_date,
+        IntlDateFormatter::FULL,
         IntlDateFormatter::FULL
       );
       $formatted_request_date = $date_formatter->format($request_date);
@@ -2901,7 +2902,7 @@ function reset_password($action, $data = null) {
       $stmt->execute(array(
         ':username' => $username
       ));
-   
+
       $_SESSION['return'][] = array(
         'type' => 'success',
         'log' => array(__FUNCTION__, $action, $_data_log),
@@ -2944,7 +2945,7 @@ function reset_password($action, $data = null) {
       $text = $data['text'];
       $html = $data['html'];
       $subject = $data['subject'];
-    
+
       if (!filter_var($from, FILTER_VALIDATE_EMAIL)) {
         $_SESSION['return'][] =  array(
           'type' => 'danger',
@@ -2977,7 +2978,7 @@ function reset_password($action, $data = null) {
         );
         return false;
       }
-    
+
       ini_set('max_execution_time', 0);
       ini_set('max_input_time', 0);
       $mail = new PHPMailer;
@@ -3009,7 +3010,7 @@ function reset_password($action, $data = null) {
         return false;
       }
       $mail->ClearAllRecipients();
-    
+
       return true;
     break;
   }

From be5a181be5b4717c080faf05e47965e8273ea9ea Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 22 Aug 2024 10:10:05 +0200
Subject: [PATCH 310/755] [Web][DockerApi] migrate imap acl on mbox rename

---
 data/Dockerfiles/dockerapi/main.py            |  8 +-
 .../dockerapi/modules/DockerApi.py            | 81 ++++++++++++++++++-
 data/web/inc/functions.mailbox.inc.php        | 32 ++++++++
 3 files changed, 115 insertions(+), 6 deletions(-)

diff --git a/data/Dockerfiles/dockerapi/main.py b/data/Dockerfiles/dockerapi/main.py
index fca61bb02..6f7a6042c 100644
--- a/data/Dockerfiles/dockerapi/main.py
+++ b/data/Dockerfiles/dockerapi/main.py
@@ -90,7 +90,7 @@ async def get_container(container_id : str):
         if container._id == container_id:
           container_info = await container.show()
           return Response(content=json.dumps(container_info, indent=4), media_type="application/json")
-     
+
       res = {
         "type": "danger",
         "msg": "no container found"
@@ -130,7 +130,7 @@ async def get_containers():
 async def post_containers(container_id : str, post_action : str, request: Request):
   global dockerapi
 
-  try : 
+  try:
     request_json = await request.json()
   except Exception as err:
     request_json = {}
@@ -191,7 +191,7 @@ async def post_container_update_stats(container_id : str):
 
   stats = json.loads(await dockerapi.redis_client.get(container_id + '_stats'))
   return Response(content=json.dumps(stats, indent=4), media_type="application/json")
-  
+
 
 # PubSub Handler
 async def handle_pubsub_messages(channel: aioredis.client.PubSub):
@@ -244,7 +244,7 @@ async def handle_pubsub_messages(channel: aioredis.client.PubSub):
               dockerapi.logger.error("Unknwon PubSub recieved - %s" % json.dumps(data_json))
           else:
             dockerapi.logger.error("Unknwon PubSub recieved - %s" % json.dumps(data_json))
-              
+
         await asyncio.sleep(0.0)
     except asyncio.TimeoutError:
       pass
diff --git a/data/Dockerfiles/dockerapi/modules/DockerApi.py b/data/Dockerfiles/dockerapi/modules/DockerApi.py
index 9fdd039e4..da0cc34ba 100644
--- a/data/Dockerfiles/dockerapi/modules/DockerApi.py
+++ b/data/Dockerfiles/dockerapi/modules/DockerApi.py
@@ -353,14 +353,14 @@ class DockerApi:
       for container in self.sync_docker_client.containers.list(filters=filters):
         vmail_name = request_json['old_maildir'].replace("'", "'\\''")
         new_vmail_name = request_json['new_maildir'].replace("'", "'\\''")
-        cmd_vmail = "if [[ -d '/var/vmail/" + vmail_name + "' ]]; then /bin/mv '/var/vmail/" + vmail_name + "' '/var/vmail/" + new_vmail_name + "'; fi"
+        cmd_vmail = f"if [[ -d '/var/vmail/{vmail_name}' ]]; then /bin/mv '/var/vmail/{vmail_name}' '/var/vmail/{new_vmail_name}'; fi"
 
         index_name = request_json['old_maildir'].split("/")
         new_index_name = request_json['new_maildir'].split("/")
         if len(index_name) > 1 and len(new_index_name) > 1:
           index_name = index_name[1].replace("'", "'\\''") + "@" + index_name[0].replace("'", "'\\''")
           new_index_name = new_index_name[1].replace("'", "'\\''") + "@" + new_index_name[0].replace("'", "'\\''")
-          cmd_vmail_index = "if [[ -d '/var/vmail_index/" + index_name + "' ]]; then /bin/mv '/var/vmail_index/" + index_name + "' '/var/vmail_index/" + new_index_name + "_index'; fi"
+          cmd_vmail_index = f"if [[ -d '/var/vmail_index/{index_name}' ]]; then /bin/mv '/var/vmail_index/{index_name}' '/var/vmail_index/{new_index_name}_index'; fi"
           cmd = ["/bin/bash", "-c", cmd_vmail + " && " + cmd_vmail_index]
         else:
           cmd = ["/bin/bash", "-c", cmd_vmail]
@@ -412,6 +412,83 @@ class DockerApi:
 
         sogo_return = container.exec_run(['sogo-tool', 'rename-user', old_username, new_username], user='sogo')
         return self.exec_run_handler('generic', sogo_return)
+  # api call: container_post - post_action: exec - cmd: dovecot - task: get_acl
+  def container_post__exec__dovecot__get_acl(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    for container in self.sync_docker_client.containers.list(filters=filters):
+      vmail_name = request_json['maildir'].replace("'", "'\\''")
+      shared_folders = container.exec_run(["/bin/bash", "-c", f"find /var/vmail/{vmail_name}/Maildir/Shared -mindepth 2 -type d | sed 's:^/var/vmail/{vmail_name}/Maildir/Shared/::' | tr '/' '\\\\'"])
+      shared_folders = shared_folders.output.decode('utf-8')
+      formatted_acls = []
+      if shared_folders:
+        shared_folders = shared_folders.splitlines()
+        for shared_folder in shared_folders:
+          if "\\." not in shared_folder:
+            continue
+          shared_folder = shared_folder.split("\\.")
+          acls = container.exec_run(["/bin/bash", "-c", f"doveadm acl get -u {shared_folder[0]} {shared_folder[1]}"])
+          acls = acls.output.decode('utf-8').strip().splitlines()
+          if len(acls) >= 2:
+            for acl in acls[1:]:
+              id, rights = acls[1].split(maxsplit=1)
+              id = id.replace("user=", "")
+              formatted_acls.append({ 'user': shared_folder[0], 'id': id, 'mailbox': shared_folder[1], 'rights': rights.split() })
+
+      return Response(content=json.dumps(formatted_acls, indent=4), media_type="application/json")
+  # api call: container_post - post_action: exec - cmd: dovecot - task: delete_acl
+  def container_post__exec__dovecot__delete_acl(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    for container in self.sync_docker_client.containers.list(filters=filters):
+      user = request_json['user'].replace("'", "'\\''")
+      mailbox = request_json['mailbox'].replace("'", "'\\''")
+      id = request_json['id'].replace("'", "'\\''")
+
+      if user and mailbox and id:
+        acl_delete_return = container.exec_run(["/bin/bash", "-c", f'doveadm acl delete -u {user} {mailbox} "user={id}"'])
+        return self.exec_run_handler('generic', acl_delete_return)
+  # api call: container_post - post_action: exec - cmd: dovecot - task: set_acl
+  def container_post__exec__dovecot__set_acl(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    for container in self.sync_docker_client.containers.list(filters=filters):
+      user = request_json['user'].replace("'", "'\\''")
+      mailbox = request_json['mailbox'].replace("'", "'\\''")
+      id = request_json['id'].replace("'", "'\\''")
+      rights = ""
+
+      available_rights = [
+        "admin",
+        "create",
+        "delete",
+        "expunge",
+        "insert",
+        "lookup",
+        "post",
+        "read",
+        "write",
+        "write-deleted",
+        "write-seen"
+      ]
+      for right in request_json['rights']:
+        right = right.replace("'", "'\\''").lower()
+        if right in available_rights:
+          rights += right + " "
+
+      if user and mailbox and id and rights:
+        acl_set_return = container.exec_run(["/bin/bash", "-c", f'doveadm acl set -u {user} {mailbox} "user={id}" {rights}'])
+        return self.exec_run_handler('generic', acl_set_return)
+
 
   # Collect host stats
   async def get_host_stats(self, wait=5):
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 35e21f1c8..762f233eb 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -3247,6 +3247,25 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             return false;
           }
 
+          // get imap acls
+          $exec_fields = array(
+            'cmd' => 'dovecot',
+            'task' => 'get_acl',
+            'maildir' => $domain . '/' . $old_local_part,
+          );
+          $imap_acls = json_decode(docker('post', 'dovecot-mailcow', 'exec', $exec_fields), true);
+          // delete imap acls
+          foreach ($imap_acls as $imap_acl) {
+            $exec_fields = array(
+              'cmd' => 'dovecot',
+              'task' => 'delete_acl',
+              'user' => $imap_acl['user'],
+              'mailbox' => $imap_acl['mailbox'],
+              'id' => $imap_acl['id']
+            );
+            docker('post', 'dovecot-mailcow', 'exec', $exec_fields);
+          }
+
           // rename username in sql
           try {
             $pdo->beginTransaction();
@@ -3326,6 +3345,19 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           );
           docker('post', 'sogo-mailcow', 'exec', $exec_fields);
 
+          // set imap acls
+          foreach ($imap_acls as $imap_acl) {
+            $exec_fields = array(
+              'cmd' => 'dovecot',
+              'task' => 'set_acl',
+              'user' => $imap_acl['user'],
+              'mailbox' => $imap_acl['mailbox'],
+              'id' => $new_username,
+              'rights' => $imap_acl['rights']
+            );
+            docker('post', 'dovecot-mailcow', 'exec', $exec_fields);
+          }
+
           // create alias
           if ($create_alias == 1) {
             mailbox("add", "alias", array(

From c62b467ac4144fb98a1fe39ca90613ec1358cb90 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 22 Aug 2024 11:16:01 +0200
Subject: [PATCH 311/755] [PHP-FPM] Use redis as session store

---
 data/Dockerfiles/phpfpm/docker-entrypoint.sh | 13 +++++++++++--
 docker-compose.yml                           |  4 ++--
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/data/Dockerfiles/phpfpm/docker-entrypoint.sh b/data/Dockerfiles/phpfpm/docker-entrypoint.sh
index 798a25851..20e9a405c 100755
--- a/data/Dockerfiles/phpfpm/docker-entrypoint.sh
+++ b/data/Dockerfiles/phpfpm/docker-entrypoint.sh
@@ -10,16 +10,25 @@ done
 
 # Do not attempt to write to slave
 if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
-  REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT}"
+  REDIS_HOST=$REDIS_SLAVEOF_IP
+  REDIS_PORT=$REDIS_SLAVEOF_PORT
 else
-  REDIS_CMDLINE="redis-cli -h redis -p 6379"
+  REDIS_HOST="redis"
+  REDIS_PORT="6379"
 fi
+REDIS_CMDLINE="redis-cli -h ${REDIS_HOST} -p ${REDIS_PORT}"
 
 until [[ $(${REDIS_CMDLINE} PING) == "PONG" ]]; do
   echo "Waiting for Redis..."
   sleep 2
 done
 
+# Set redis session store
+echo -n '
+session.save_handler = redis
+session.save_path = "tcp://'${REDIS_HOST}':'${REDIS_PORT}'"
+' > /usr/local/etc/php/conf.d/session_store.ini
+
 # Check mysql_upgrade (master and slave)
 CONTAINER_ID=
 until [[ ! -z "${CONTAINER_ID}" ]] && [[ "${CONTAINER_ID}" =~ ^[[:alnum:]]*$ ]]; do
diff --git a/docker-compose.yml b/docker-compose.yml
index cf0a028ff..19ffcaf4e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -111,7 +111,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.89
+      image: mailcow/phpfpm:1.90
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow
@@ -552,7 +552,7 @@ services:
           aliases:
             - dockerapi
 
-    
+
     ##### Will be removed soon #####
     solr-mailcow:
       image: mailcow/solr:1.8.3

From 8e7b27aae469d5dbe757779cd11df6eb11430b8c Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 23 Aug 2024 09:30:23 +0200
Subject: [PATCH 312/755] [DockerApi] rework doveadm__get_acl function

---
 .../dockerapi/modules/DockerApi.py            | 52 +++++++++++--------
 data/web/inc/functions.mailbox.inc.php        |  8 +--
 2 files changed, 35 insertions(+), 25 deletions(-)

diff --git a/data/Dockerfiles/dockerapi/modules/DockerApi.py b/data/Dockerfiles/dockerapi/modules/DockerApi.py
index da0cc34ba..909ac2872 100644
--- a/data/Dockerfiles/dockerapi/modules/DockerApi.py
+++ b/data/Dockerfiles/dockerapi/modules/DockerApi.py
@@ -412,35 +412,45 @@ class DockerApi:
 
         sogo_return = container.exec_run(['sogo-tool', 'rename-user', old_username, new_username], user='sogo')
         return self.exec_run_handler('generic', sogo_return)
-  # api call: container_post - post_action: exec - cmd: dovecot - task: get_acl
-  def container_post__exec__dovecot__get_acl(self, request_json, **kwargs):
+  # api call: container_post - post_action: exec - cmd: doveadm - task: get_acl
+  def container_post__exec__doveadm__get_acl(self, request_json, **kwargs):
     if 'container_id' in kwargs:
       filters = {"id": kwargs['container_id']}
     elif 'container_name' in kwargs:
       filters = {"name": kwargs['container_name']}
 
     for container in self.sync_docker_client.containers.list(filters=filters):
-      vmail_name = request_json['maildir'].replace("'", "'\\''")
-      shared_folders = container.exec_run(["/bin/bash", "-c", f"find /var/vmail/{vmail_name}/Maildir/Shared -mindepth 2 -type d | sed 's:^/var/vmail/{vmail_name}/Maildir/Shared/::' | tr '/' '\\\\'"])
+      id = request_json['id'].replace("'", "'\\''")
+
+      shared_folders = container.exec_run(["/bin/bash", "-c", f"doveadm mailbox list -u {id}"])
       shared_folders = shared_folders.output.decode('utf-8')
+      shared_folders = shared_folders.splitlines()
+
       formatted_acls = []
-      if shared_folders:
-        shared_folders = shared_folders.splitlines()
-        for shared_folder in shared_folders:
-          if "\\." not in shared_folder:
-            continue
-          shared_folder = shared_folder.split("\\.")
-          acls = container.exec_run(["/bin/bash", "-c", f"doveadm acl get -u {shared_folder[0]} {shared_folder[1]}"])
-          acls = acls.output.decode('utf-8').strip().splitlines()
-          if len(acls) >= 2:
-            for acl in acls[1:]:
-              id, rights = acls[1].split(maxsplit=1)
-              id = id.replace("user=", "")
-              formatted_acls.append({ 'user': shared_folder[0], 'id': id, 'mailbox': shared_folder[1], 'rights': rights.split() })
+      mailbox_seen = []
+      for shared_folder in shared_folders:
+        if "Shared" not in shared_folder and "/" not in shared_folder:
+          continue
+        shared_folder = shared_folder.split("/")
+        if len(shared_folder) < 3:
+          continue
+
+        user = shared_folder[1]
+        mailbox = '/'.join(shared_folder[2:])
+        if mailbox in mailbox_seen:
+          continue
+
+        acls = container.exec_run(["/bin/bash", "-c", f"doveadm acl get -u {user} {mailbox}"])
+        acls = acls.output.decode('utf-8').strip().splitlines()
+        if len(acls) >= 2:
+          for acl in acls[1:]:
+            _, rights = acls[1].split(maxsplit=1)
+            mailbox_seen.append(mailbox)
+            formatted_acls.append({ 'user': user, 'id': id, 'mailbox': mailbox, 'rights': rights.split() })
 
       return Response(content=json.dumps(formatted_acls, indent=4), media_type="application/json")
-  # api call: container_post - post_action: exec - cmd: dovecot - task: delete_acl
-  def container_post__exec__dovecot__delete_acl(self, request_json, **kwargs):
+  # api call: container_post - post_action: exec - cmd: doveadm - task: delete_acl
+  def container_post__exec__doveadm__delete_acl(self, request_json, **kwargs):
     if 'container_id' in kwargs:
       filters = {"id": kwargs['container_id']}
     elif 'container_name' in kwargs:
@@ -454,8 +464,8 @@ class DockerApi:
       if user and mailbox and id:
         acl_delete_return = container.exec_run(["/bin/bash", "-c", f'doveadm acl delete -u {user} {mailbox} "user={id}"'])
         return self.exec_run_handler('generic', acl_delete_return)
-  # api call: container_post - post_action: exec - cmd: dovecot - task: set_acl
-  def container_post__exec__dovecot__set_acl(self, request_json, **kwargs):
+  # api call: container_post - post_action: exec - cmd: doveadm - task: set_acl
+  def container_post__exec__doveadm__set_acl(self, request_json, **kwargs):
     if 'container_id' in kwargs:
       filters = {"id": kwargs['container_id']}
     elif 'container_name' in kwargs:
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 762f233eb..baf635dda 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -3249,15 +3249,15 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
           // get imap acls
           $exec_fields = array(
-            'cmd' => 'dovecot',
+            'cmd' => 'doveadm',
             'task' => 'get_acl',
-            'maildir' => $domain . '/' . $old_local_part,
+            'id' => $old_username
           );
           $imap_acls = json_decode(docker('post', 'dovecot-mailcow', 'exec', $exec_fields), true);
           // delete imap acls
           foreach ($imap_acls as $imap_acl) {
             $exec_fields = array(
-              'cmd' => 'dovecot',
+              'cmd' => 'doveadm',
               'task' => 'delete_acl',
               'user' => $imap_acl['user'],
               'mailbox' => $imap_acl['mailbox'],
@@ -3348,7 +3348,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           // set imap acls
           foreach ($imap_acls as $imap_acl) {
             $exec_fields = array(
-              'cmd' => 'dovecot',
+              'cmd' => 'doveadm',
               'task' => 'set_acl',
               'user' => $imap_acl['user'],
               'mailbox' => $imap_acl['mailbox'],

From 75f18df1435b72cb827af1f114f58de92c498f5e Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Fri, 23 Aug 2024 09:54:10 +0200
Subject: [PATCH 313/755] Revert "Before update on 2024-08-20_14_22_10"

This reverts commit 89398c47263d3e1682ef30a4f38b87401a7fe7dd.
---
 docker-compose.yml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index 16789083a..cf0a028ff 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -613,6 +613,36 @@ services:
           aliases:
             - ofelia
 
+    ipv6nat-mailcow:
+      depends_on:
+        - unbound-mailcow
+        - mysql-mailcow
+        - redis-mailcow
+        - clamd-mailcow
+        - rspamd-mailcow
+        - php-fpm-mailcow
+        - sogo-mailcow
+        - dovecot-mailcow
+        - postfix-mailcow
+        - memcached-mailcow
+        - nginx-mailcow
+        - acme-mailcow
+        - netfilter-mailcow
+        - watchdog-mailcow
+        - dockerapi-mailcow
+        - solr-mailcow
+      environment:
+        - TZ=${TZ}
+      image: robbertkl/ipv6nat
+      security_opt:
+        - label=disable
+      restart: always
+      privileged: true
+      network_mode: "host"
+      volumes:
+        - /var/run/docker.sock:/var/run/docker.sock:ro
+        - /lib/modules:/lib/modules:ro
+
 networks:
   mailcow-network:
     driver: bridge

From 0066040bdc516dd2d5ffb3f89a97e26af647f17f Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sat, 24 Aug 2024 14:09:28 +0200
Subject: [PATCH 314/755] Translations update from Weblate (#6049)

* [Web] Updated lang.cs-cz.json

Co-authored-by: Kristian Feldsam <feldsam@gmail.com>

* [Web] Updated lang.fr-fr.json

Co-authored-by: Samuel F <20537389+samuelfranzini@users.noreply.github.com>

---------

Co-authored-by: Kristian Feldsam <feldsam@gmail.com>
Co-authored-by: Samuel F <20537389+samuelfranzini@users.noreply.github.com>
---
 data/web/lang/lang.cs-cz.json | 42 ++++++++++++++++++++++++++++-------
 data/web/lang/lang.fr-fr.json |  5 +++--
 2 files changed, 37 insertions(+), 10 deletions(-)

diff --git a/data/web/lang/lang.cs-cz.json b/data/web/lang/lang.cs-cz.json
index 593f1cdcf..e72fb216a 100644
--- a/data/web/lang/lang.cs-cz.json
+++ b/data/web/lang/lang.cs-cz.json
@@ -28,7 +28,8 @@
         "spam_score": "Skóre spamu",
         "syncjobs": "Synchronizační úlohy",
         "tls_policy": "Pravidla TLS",
-        "unlimited_quota": "Neomezené kvóty pro mailové schránky"
+        "unlimited_quota": "Neomezené kvóty pro mailové schránky",
+        "pw_reset": "Povolit obnovení hesla uživatele mailcow"
     },
     "add": {
         "activate_filter_warn": "Pokud je zaškrtlá volba \"Aktivní\", budou všechny ostatní filtry deaktivovány.",
@@ -346,7 +347,14 @@
         "f2b_ban_time_increment": "Délka banu je prodlužována s každým dalším banem",
         "f2b_max_ban_time": "Maximální délka banu (s)",
         "cors_settings": "Nastavení CORS",
-        "queue_unban": "zrušit ban"
+        "queue_unban": "zrušit ban",
+        "password_reset_info": "Pokud není zadán žádný e-mail pro obnovení, nelze tuto funkci použít.",
+        "password_reset_settings": "Nastavení obnovení hesla",
+        "password_settings": "Nastavení hesel",
+        "password_reset_tmpl_html": "HTML šablona",
+        "password_reset_tmpl_text": "Textová šablona",
+        "reset_password_vars": "<code>{{link}}</code> Vygenerovaný odkaz pro obnovení hesla<br><code>{{username}}</code> Název mailboxu uživatele, který požádal o resetování hesla.<br><code>{{username2}}</code> Název schránky pro obnovení<br><code>{{date}}</code> Datum podání žádosti o obnovení hesla<br><code>{{token_lifetime}}</code> Délka životnosti tokenu v minutách<br><code>{{hostname}}</code> Název serveru mailcow",
+        "restore_template": "Ponechte prázdné pro obnovení výchozí šablony."
     },
     "danger": {
         "access_denied": "Přístup odepřen nebo jsou neplatná data ve formuláři",
@@ -475,7 +483,10 @@
         "webauthn_publickey_failed": "Pro vybraný ověřovací prostředek nebyl uložen žádný veřejný klíč",
         "webauthn_username_failed": "Zvolený ověřovací prostředek patří k jinému účtu",
         "extended_sender_acl_denied": "chybějící ACL pro nastavení externích adres odesílatele",
-        "demo_mode_enabled": "Demo režim je zapnutý"
+        "demo_mode_enabled": "Demo režim je zapnutý",
+        "recovery_email_failed": "Nepodařilo se odeslat e-mail pro obnovení. Obraťte se prosím na svého správce.",
+        "password_reset_invalid_user": "Mailbox nebyl nalezen nebo není nastaven žádný e-mail pro obnovu",
+        "password_reset_na": "Obnovení hesla není v současné době k dispozici. Obraťte se prosím na svého správce."
     },
     "datatables": {
         "emptyTable": "Tabulka neobsahuje žádná data",
@@ -672,12 +683,17 @@
             "auth_user": "{= auth_user =} - Ověřené uživatelské jméno zadané MTA",
             "from_user": "{= from_user =}    - uživatelská část odesílatele, např. pro \"moo@mailcow.tld\" vrátí \"moo\"",
             "from_domain": "{= from_domain =} - Doména odesílatele",
-            "from_addr": "{= from_addr =} - E-mailová adresa odesílatele"
+            "from_addr": "{= from_addr =} - E-mailová adresa odesílatele",
+            "custom": "{= foo =}         - Pokud má schránka vlastní atribut „foo“ s hodnotou „bar“, vrátí „bar“"
         },
         "domain_footer": "Patička pro celou doménu",
         "domain_footer_html": "HTML text",
         "domain_footer_plain": "Prostý text",
-        "pushover_sound": "Zvukové upozornění"
+        "pushover_sound": "Zvukové upozornění",
+        "custom_attributes": "Vlastní atributy",
+        "footer_exclude": "Vyloučit ze zápatí",
+        "domain_footer_skip_replies": "Ignorovat patičku u odpovědí na e-maily",
+        "password_recovery_email": "E-mail pro obnovu hesla"
     },
     "fido2": {
         "confirm": "Potvrdit",
@@ -733,7 +749,14 @@
         "mobileconfig_info": "Ke stažení profilového souboru se přihlaste jako uživatel schránky.",
         "other_logins": "Přihlášení klíčem",
         "password": "Heslo",
-        "username": "Uživatelské jméno"
+        "username": "Uživatelské jméno",
+        "back_to_mailcow": "Zpět do mailcow",
+        "forgot_password": "> Zapomněli jste heslo?",
+        "invalid_pass_reset_token": "Token pro obnovení hesla je neplatný nebo jeho platnost vypršela.<br>Prosím, vyžádejte si nový odkaz pro obnovení hesla.",
+        "new_password": "Nové heslo",
+        "new_password_confirm": "Ověření nového hesla",
+        "reset_password": "Obnovit heslo",
+        "request_reset_password": "Požádat o změnu hesla"
     },
     "mailbox": {
         "action": "Akce",
@@ -1081,7 +1104,8 @@
         "verified_webauthn_login": "WebAuthn přihlášení ověřeno",
         "verified_yotp_login": "Yubico OTP přihlášení ověřeno",
         "cors_headers_edited": "Nastavení CORS byla uložena",
-        "domain_footer_modified": "Změny patičky domény %s byly uloženy"
+        "domain_footer_modified": "Změny patičky domény %s byly uloženy",
+        "recovery_email_sent": "E-mail k obnovení byl odeslán na adresu %s"
     },
     "tfa": {
         "api_register": "%s používá Yubico Cloud API. Prosím získejte API klíč pro své Yubico <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">ZDE</a>",
@@ -1268,7 +1292,9 @@
         "with_app_password": "s heslem aplikace",
         "year": "rok",
         "years": "let",
-        "pushover_sound": "Zvukové upozornění"
+        "pushover_sound": "Zvukové upozornění",
+        "password_reset_info": "Pokud není zadán e-mail pro obnovení hesla, nelze tuto funkci použít.",
+        "pw_recovery_email": "E-mail pro obnovení hesla"
     },
     "warning": {
         "cannot_delete_self": "Nelze smazat právě přihlášeného uživatele",
diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index 6a59bbc3d..d87632c68 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -656,7 +656,7 @@
         "none_inherit": "Aucun / Héritage",
         "quota_warning_bcc": "Avertissement sur les quotas BCC",
         "quota_warning_bcc_info": "Les avertissements seront envoyés en copies séparées aux destinataires suivants. Le sujet sera précédé du nom d'utilisateur correspondant entre parenthèses, par exemple : <code>Avertissement sur les quotas (user@example.com)</code>.",
-        "sogo_access_info": "L'authentification unique à partir de l'interface de messagerie reste opérationnelle. Ce paramètre n'affecte pas l'accès à tous les autres services et ne supprime ni ne modifie le profil SOGo existant d'un utilisateur.",
+        "sogo_access_info": "L'authentification unique à partir de l'interface de messagerie reste opérationnelle. Ce paramètre n'affecte pas l'accès à tous les autres services et ne supprime ni, ne modifie le profil SOGo existant d'un utilisateur.",
         "admin": "Modifier l'administrateur",
         "password_recovery_email": "Adresse email de récupération"
     },
@@ -1261,7 +1261,8 @@
         "lengthMenu": "Afficher les entrées _MENU_",
         "loadingRecords": "Chargement…",
         "processing": "Veuillez patienter…",
-        "collapse_all": "Tout réduire"
+        "collapse_all": "Tout réduire",
+        "info": "Affichage de _START_ de _END_ sur _TOTAL_ entrées"
     },
     "ratelimit": {
         "disabled": "Désactivé"

From 37beed6ad93f259b97cad41877982bce95295629 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Mon, 26 Aug 2024 09:56:49 +0200
Subject: [PATCH 315/755] update FUNDING.yml

---
 .github/FUNDING.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
index 11402129a..71cd7eda9 100644
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1 +1,2 @@
+github: mailcow
 custom: ["https://www.servercow.de/mailcow?lang=en#sal"]

From 822d9a7de6e72efbfecc882245d47629ba26cc9e Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 27 Aug 2024 10:07:07 +0200
Subject: [PATCH 316/755] [Web] rename goto in alias table

---
 data/web/inc/functions.mailbox.inc.php | 22 ++++++++++++----------
 data/web/lang/lang.de-de.json          |  1 +
 data/web/lang/lang.en-gb.json          |  1 +
 data/web/templates/edit/mailbox.twig   |  9 ++++++---
 4 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index baf635dda..6c24c13f5 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -3271,6 +3271,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             $pdo->beginTransaction();
             $pdo->exec('SET FOREIGN_KEY_CHECKS = 0');
 
+            // Update username in mailbox table
             $pdo->prepare('UPDATE mailbox SET username = :new_username, local_part = :new_local_part WHERE username = :old_username')
               ->execute([
                 ':new_username' => $new_username,
@@ -3278,6 +3279,13 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                 ':old_username' => $old_username
               ]);
 
+            $pdo->prepare("UPDATE alias SET address = :new_username, goto = :new_username2 WHERE address = :old_username")
+            ->execute([
+              ':new_username' => $new_username,
+              ':new_username2' => $new_username,
+              ':old_username' => $old_username
+            ]);
+
             // Update the username in all related tables
             $tables = [
               'tags_mailbox' => 'username',
@@ -3287,9 +3295,9 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               'da_acl' => 'username',
               'quota2' => 'username',
               'quota2replica' => 'username',
-              'pushover' => 'username'
+              'pushover' => 'username',
+              'alias' => 'goto'
             ];
-
             foreach ($tables as $table => $column) {
               $pdo->prepare("UPDATE $table SET $column = :new_username WHERE $column = :old_username")
                 ->execute([
@@ -3298,6 +3306,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                 ]);
             }
 
+            // Update c_uid, c_name and mail in _sogo_static_view table
             $pdo->prepare("UPDATE _sogo_static_view SET c_uid = :new_username, c_name = :new_username2, mail = :new_username3 WHERE c_uid = :old_username")
               ->execute([
                 ':new_username' => $new_username,
@@ -3306,14 +3315,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                 ':old_username' => $old_username
               ]);
 
-            $pdo->prepare("UPDATE alias SET address = :new_username, goto = :new_username2 WHERE address = :old_username")
-              ->execute([
-                ':new_username' => $new_username,
-                ':new_username2' => $new_username,
-                ':old_username' => $old_username
-              ]);
-
-
             // Re-enable foreign key checks
             $pdo->exec('SET FOREIGN_KEY_CHECKS = 1');
             $pdo->commit();
@@ -3325,6 +3326,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
               'msg' => $e->getMessage()
             );
+            return false;
           }
 
           // move maildir
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 79a6dc383..d22187c6a 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -645,6 +645,7 @@
         "mailbox_rename_agree": "Ich habe ein Backup erstellt.",
         "mailbox_rename_warning": "WICHTIG! Vor dem Umbenennen der Mailbox ein Backup erstellen.",
         "mailbox_rename_alias": "Alias automatisch erstellen",
+        "mailbox_rename_title": "Neuer Lokaler Mailbox Name",
         "max_aliases": "Max. Aliasse",
         "max_mailboxes": "Max. Mailboxanzahl",
         "max_quota": "Max. Größe per Mailbox (MiB)",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 7833d7e43..6e898099b 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -645,6 +645,7 @@
         "mailbox_rename_agree": "I have created a backup.",
         "mailbox_rename_warning": "IMPORTANT! Create a backup before renaming the mailbox.",
         "mailbox_rename_alias": "Create alias automatically",
+        "mailbox_rename_title": "New local mailbox name",
         "max_aliases": "Max. aliases",
         "max_mailboxes": "Max. possible mailboxes",
         "max_quota": "Max. quota per mailbox (MiB)",
diff --git a/data/web/templates/edit/mailbox.twig b/data/web/templates/edit/mailbox.twig
index b21ff2eec..04be194c1 100644
--- a/data/web/templates/edit/mailbox.twig
+++ b/data/web/templates/edit/mailbox.twig
@@ -504,7 +504,10 @@
                     <input name="domain" type="hidden" value="{{ result.domain }}">
                     <input name="old_local_part" type="hidden" value="{{ result.local_part }}">
                     <div class="row mb-2">
-                      <div class="offset-sm-2 col-sm-10 col-md-8 col-xl-6">
+                      <div class="col-sm-12 col-md-2">
+                        <span>{{ lang.edit.mailbox_rename_title }}</span>
+                      </div>
+                      <div class="col-sm-12 col-md-10 col-xl-8">
                         <div class="input-group mb-2">
                           <input type="text" class="form-control" name="new_local_part" autocomplete="off" value="{{ result.local_part }}">
                           <span class="input-group-text">@{{ result.domain }}</span>
@@ -512,12 +515,12 @@
                       </div>
                     </div>
                     <div class="row mb-4">
-                      <div class="offset-sm-2 col-sm-10">
+                      <div class="col-sm-12 offset-md-2 col-md-10 col-xl-8">
                         <label><input type="checkbox" class="form-check-input" value="1" name="create_alias" checked> {{ lang.edit.mailbox_rename_alias }}</label>
                       </div>
                     </div>
                     <div class="row mb-2">
-                      <div class="offset-sm-2 col-sm-10">
+                      <div class="col-sm-12 offset-md-2 col-md-10 col-xl-8">
                         <button class="btn btn-xs-lg d-block d-sm-inline btn-secondary" data-action="edit_selected" data-id="mboxrename" data-item="{{ mailbox }}" data-api-url='edit/rename-mbox' data-api-attr='{}' data-api-reload-location="/mailbox" href="#">{{ lang.edit.save }}</button>
                       </div>
                     </div>

From d21c1bfa72b761507ff3ba47ff3454315356aa50 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 28 Aug 2024 10:48:44 +0200
Subject: [PATCH 317/755] [Web] add error handling for get_acl call

---
 data/web/inc/functions.mailbox.inc.php | 35 ++++++++++++++++----------
 1 file changed, 22 insertions(+), 13 deletions(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 6c24c13f5..9a1ae5777 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -3248,22 +3248,31 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           }
 
           // get imap acls
-          $exec_fields = array(
-            'cmd' => 'doveadm',
-            'task' => 'get_acl',
-            'id' => $old_username
-          );
-          $imap_acls = json_decode(docker('post', 'dovecot-mailcow', 'exec', $exec_fields), true);
-          // delete imap acls
-          foreach ($imap_acls as $imap_acl) {
+          try {
             $exec_fields = array(
               'cmd' => 'doveadm',
-              'task' => 'delete_acl',
-              'user' => $imap_acl['user'],
-              'mailbox' => $imap_acl['mailbox'],
-              'id' => $imap_acl['id']
+              'task' => 'get_acl',
+              'id' => $old_username
             );
-            docker('post', 'dovecot-mailcow', 'exec', $exec_fields);
+            $imap_acls = json_decode(docker('post', 'dovecot-mailcow', 'exec', $exec_fields), true);
+            // delete imap acls
+            foreach ($imap_acls as $imap_acl) {
+              $exec_fields = array(
+                'cmd' => 'doveadm',
+                'task' => 'delete_acl',
+                'user' => $imap_acl['user'],
+                'mailbox' => $imap_acl['mailbox'],
+                'id' => $imap_acl['id']
+              );
+              docker('post', 'dovecot-mailcow', 'exec', $exec_fields);
+            }
+          } catch (Exception $e) {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+              'msg' => $e->getMessage()
+            );
+            return false;
           }
 
           // rename username in sql

From 4f9e37c0c3f8543406d83b452e91b22298cb0550 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 28 Aug 2024 11:16:29 +0200
Subject: [PATCH 318/755] [Web] rename user in bcc_maps, recipient_maps and
 imapsync table

---
 data/web/inc/functions.mailbox.inc.php | 35 +++++++++++++++-----------
 1 file changed, 20 insertions(+), 15 deletions(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 9a1ae5777..9c01e78e1 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -3297,22 +3297,27 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
             // Update the username in all related tables
             $tables = [
-              'tags_mailbox' => 'username',
-              'sieve_filters' => 'username',
-              'app_passwd' => 'mailbox',
-              'user_acl' => 'username',
-              'da_acl' => 'username',
-              'quota2' => 'username',
-              'quota2replica' => 'username',
-              'pushover' => 'username',
-              'alias' => 'goto'
+              'tags_mailbox' => ['username'],
+              'sieve_filters' => ['username'],
+              'app_passwd' => ['mailbox'],
+              'user_acl' => ['username'],
+              'da_acl' => ['username'],
+              'quota2' => ['username'],
+              'quota2replica' => ['username'],
+              'pushover' => ['username'],
+              'alias' => ['goto'],
+              "imapsync" => ['user2'],
+              'bcc_maps' => ['local_dest', 'bcc_dest'],
+              'recipient_maps' => ['old_dest', 'new_dest']
             ];
-            foreach ($tables as $table => $column) {
-              $pdo->prepare("UPDATE $table SET $column = :new_username WHERE $column = :old_username")
-                ->execute([
-                  ':new_username' => $new_username,
-                  ':old_username' => $old_username
-                ]);
+            foreach ($tables as $table => $columns) {
+              foreach ($columns as $column) {
+                $stmt = $pdo->prepare("UPDATE $table SET $column = :new_username WHERE $column = :old_username")
+                  ->execute([
+                    ':new_username' => $new_username,
+                    ':old_username' => $old_username
+                  ]);
+              }
             }
 
             // Update c_uid, c_name and mail in _sogo_static_view table

From ef238e533214c8a3e9e6e4b4d9dfdd564bfd57e6 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 28 Aug 2024 11:28:37 +0200
Subject: [PATCH 319/755] [LDAP] skip sync user if username_field in LDAP is
 empty

---
 data/conf/phpfpm/crons/ldap-sync.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/data/conf/phpfpm/crons/ldap-sync.php b/data/conf/phpfpm/crons/ldap-sync.php
index 1a53884c3..93b22b941 100644
--- a/data/conf/phpfpm/crons/ldap-sync.php
+++ b/data/conf/phpfpm/crons/ldap-sync.php
@@ -146,6 +146,11 @@ foreach ($response as $user) {
     continue;
   }
 
+  if (empty($user[$iam_settings['username_field']][0])){
+    logMsg("warning", "Skipping user " . $user['displayname'][0] . " due to empty LDAP ". $iam_settings['username_field'] . "property.'");
+    continue;
+  }
+
   if (!$row && intval($iam_settings['import_users']) == 1){
     // mailbox user does not exist, create...
     logMsg("info", "Creating user " .  $user[$iam_settings['username_field']][0]);

From 7203735532dae24da8c9e454618cdd161156347c Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Thu, 29 Aug 2024 20:27:23 +0200
Subject: [PATCH 320/755] [Web] Updated lang.it-it.json (#6053)

Co-authored-by: Stefano <stefano.vassena@gmail.com>
---
 data/web/lang/lang.it-it.json | 84 ++++++++++++++++++++++++++---------
 1 file changed, 63 insertions(+), 21 deletions(-)

diff --git a/data/web/lang/lang.it-it.json b/data/web/lang/lang.it-it.json
index f65278402..f73f938bf 100644
--- a/data/web/lang/lang.it-it.json
+++ b/data/web/lang/lang.it-it.json
@@ -28,7 +28,8 @@
         "spam_score": "Punteggio SPAM",
         "syncjobs": "Processi di sync",
         "tls_policy": "Politica TLS",
-        "unlimited_quota": "Spazio illimitato per le caselle di posta"
+        "unlimited_quota": "Spazio illimitato per le caselle di posta",
+        "pw_reset": "Permettere di reimpostare la password dell'utente mailcow"
     },
     "add": {
         "activate_filter_warn": "Tutti gli altri filtri saranno disattivati, quando è attivo.",
@@ -116,7 +117,7 @@
         "activate_api": "Attiva API",
         "activate_send": "Attiva bottone di invio",
         "active": "Attiva",
-        "active_rspamd_settings_map": "Active settings map",
+        "active_rspamd_settings_map": "Mappa delle impostazioni attive",
         "add": "Aggiungi",
         "add_admin": "Aggiungi amministratore",
         "add_domain_admin": "Aggiungi amministratore di dominio",
@@ -124,7 +125,7 @@
         "add_relayhost": "Add sender-dependent transport",
         "add_relayhost_hint": "Tieni presente che i dati di autenticazione, se presenti, verranno archiviati come testo semplice.",
         "add_row": "Aggiungi riga",
-        "add_settings_rule": "Add settings rule",
+        "add_settings_rule": "Aggiungi regola delle impostazioni",
         "add_transport": "Aggiungi transport",
         "add_transports_hint": "Tieni presente che i dati di autenticazione, se presenti, verranno archiviati come testo semplice.",
         "additional_rows": " righe aggiuntive inserite",
@@ -134,7 +135,7 @@
         "admins": "Amministratori",
         "admins_ldap": "Amministratori LDAP",
         "advanced_settings": "Impostazioni avanzate",
-        "api_allow_from": "Allow API access from these IPs/CIDR network notations",
+        "api_allow_from": "Consenti l'accesso API da questi indirizzi IP/notazione di rete CIDR",
         "api_info": "Questa API è in modifica. La documentazione può essere trovata su <a href=\"/api\">/api</a>",
         "api_key": "Chiave API",
         "api_skip_ip_check": "Salta il controllo dell'IP per l'API",
@@ -156,7 +157,7 @@
         "dkim_domains_selector": "Selettore",
         "dkim_domains_wo_keys": "Seleziona i domini senza chiavi",
         "dkim_from": "Da",
-        "dkim_from_title": "Source domain to copy data from",
+        "dkim_from_title": "Dominio di origine da cui copiare i dati",
         "dkim_key_length": "Lunghezza chiave DKIM (bits)",
         "dkim_key_missing": "Chiave mancante",
         "dkim_key_unused": "Chiave non usata",
@@ -182,8 +183,8 @@
         "f2b_list_info": "Un host oppure una rete in blacklist, avrà sempre un peso maggiore rispetto ad una in whitelist. <b>L'aggiornamento della lista richiede alcuni secondi per la sua entrata in azione.</b>",
         "f2b_max_attempts": "Tentativi massimi",
         "f2b_max_ban_time": "Tempo massimo di blocco (s)",
-        "f2b_netban_ipv4": "IPv4 subnet size to apply ban on (8-32)",
-        "f2b_netban_ipv6": "IPv6 subnet size to apply ban on (8-128)",
+        "f2b_netban_ipv4": "Dimensione della subnet IPv4 su cui applicare il blocco (8-32)",
+        "f2b_netban_ipv6": "Dimensione della subnet IPv6 su cui applicare il blocco (8-128)",
         "f2b_parameters": "Parametri Fail2ban",
         "f2b_regex_info": "Log presi in considerazione: SOGo, Postfix, Dovecot, PHP-FPM.",
         "f2b_retry_window": "Retry window (s) for max. attempts",
@@ -219,16 +220,16 @@
         "merged_vars_hint": "Greyed out rows were merged from <code>vars.(local.)inc.php</code> and cannot be modified.",
         "message": "Messaggio",
         "message_size": "Dimensione mesaggio",
-        "nexthop": "Next hop",
+        "nexthop": "Prossimo hop",
         "no": "&#10005;",
         "no_active_bans": "Nessun ban attivo",
         "no_new_rows": "Nessuna ulteriore riga disponibile",
         "no_record": "Nessun risultato",
         "oauth2_client_id": "ID cliente",
-        "oauth2_client_secret": "Client secret",
+        "oauth2_client_secret": "Chiave segreta del client",
         "oauth2_info": "The OAuth2 implementation supports the grant type \"Authorization Code\" and issues refresh tokens.<br>\r\nThe server also automatically issues new refresh tokens, after a refresh token has been used.<br><br>\r\n&#8226; The default scope is <i>profile</i>. Only mailbox users can be authenticated against OAuth2. If the scope parameter is omitted, it falls back to <i>profile</i>.<br>\r\n&#8226; The <i>state</i> parameter is required to be sent by the client as part of the authorize request.<br><br>\r\nPaths for requests to the OAuth2 API: <br>\r\n<ul>\r\n  <li>Authorization endpoint: <code>/oauth/authorize</code></li>\r\n  <li>Token endpoint: <code>/oauth/token</code></li>\r\n  <li>Resource page:  <code>/oauth/profile</code></li>\r\n</ul>\r\nRegenerating the client secret will not expire existing authorization codes, but they will fail to renew their token.<br><br>\r\nRevoking client tokens will cause immediate termination of all active sessions. All clients need to re-authenticate.",
         "oauth2_redirect_uri": "URI di reindirizzamento",
-        "oauth2_renew_secret": "Generate new client secret",
+        "oauth2_renew_secret": "Genera una nuova chiave segreta per il client",
         "oauth2_revoke_tokens": "Revoca tutti i token del client",
         "optional": "facoltativo",
         "password": "Password",
@@ -269,7 +270,7 @@
         "recipients": "Destinatari",
         "refresh": "Aggiorna",
         "regen_api_key": "Rinnova la chiave delle API",
-        "regex_maps": "Regex maps",
+        "regex_maps": "Mappe Regex",
         "relay_from": "\"Da:\" indirizzi",
         "relay_rcpt": "\"A:\" indirizzi",
         "relay_run": "Esegui test",
@@ -286,7 +287,7 @@
         "rsetting_no_selection": "Seleziona una regola",
         "rsetting_none": "Nessuna regola presente",
         "rsettings_insert_preset": "Insert example preset \"%s\"",
-        "rsettings_preset_1": "Disable all but DKIM and rate limit for authenticated users",
+        "rsettings_preset_1": "Disattivare tutto tranne DKIM e il limite di velocità per gli utenti autenticati",
         "rsettings_preset_2": "I postmaster vogliono lo spam",
         "rsettings_preset_3": "Consenti solo mittenti specifici per una casella di posta (ad esempio: utilizzo solo come casella di posta interna)",
         "rspamd_com_settings": "A setting name will be auto-generated, please see the example presets below. For more details see <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd docs</a>",
@@ -341,7 +342,18 @@
         "rsettings_preset_4": "Disattivare Rspamd per un dominio",
         "options": "Opzioni",
         "cors_settings": "Impostazioni CORS",
-        "copy_to_clipboard": "Testo copiato negli appunti!"
+        "copy_to_clipboard": "Testo copiato negli appunti!",
+        "f2b_manage_external": "Gestione esterna di Fail2Ban",
+        "password_reset_info": "Se non viene fornita alcuna e-mail di recupero, questa funzione non può essere utilizzata.",
+        "password_reset_tmpl_text": "Template testuale",
+        "logo_dark_label": "Invertito per la modalità scura",
+        "ip_check": "Controllo IP",
+        "password_reset_settings": "Impostazioni per il recupero della password",
+        "password_reset_tmpl_html": "Template HTML",
+        "password_settings": "Impostazioni della password",
+        "queue_unban": "sblocca",
+        "restore_template": "Lasciare vuoto per ripristinare il modello predefinito.",
+        "logo_normal_label": "Normale"
     },
     "danger": {
         "access_denied": "Accesso negato o form di login non corretto",
@@ -466,7 +478,13 @@
         "template_exists": "Il template %s esiste già",
         "template_id_invalid": "Il template con ID %s non è valido",
         "img_dimensions_exceeded": "L'immagine supera la dimensione massima consentita",
-        "img_size_exceeded": "L'immagine supera la dimensione massima del file"
+        "img_size_exceeded": "L'immagine supera la dimensione massima del file",
+        "extended_sender_acl_denied": "Autorizzazioni ACL mancanti per configurare indirizzi esterni come mittente",
+        "invalid_reset_token": "Token di reset non valido",
+        "password_reset_invalid_user": "La casella di posta elettronica non è stata trovata o non è stata impostata un'e-mail di recupero",
+        "password_reset_na": "Il recupero della password non è attualmente disponibile. Contattare l'amministratore.",
+        "recovery_email_failed": "Impossibile inviare un'e-mail di recupero. Contattare l'amministratore.",
+        "to_invalid": "Il destinatario non deve essere vuoto"
     },
     "debug": {
         "chart_this_server": "Grafico (questo server)",
@@ -503,7 +521,11 @@
         "memory": "Memoria",
         "timezone": "Fuso orario",
         "no_update_available": "Il sistema è aggiornato all'ultima versione",
-        "update_failed": "Impossibile verificare la presenza di un aggiornamento"
+        "update_failed": "Impossibile verificare la presenza di un aggiornamento",
+        "architecture": "Architettura",
+        "error_show_ip": "Impossibile risolvere gli indirizzi IP pubblici",
+        "show_ip": "Mostra IP pubblico",
+        "wip": "Attualmente in lavorazione"
     },
     "diagnostics": {
         "cname_from_a": "Valore letto dal record A/AAAA. Questo è supportato finché il record punta alla risorsa corretta.",
@@ -632,7 +654,11 @@
         "last_modified": "Ultima modifica",
         "pushover_sound": "Suono",
         "custom_attributes": "Attributi personalizzati",
-        "domain_footer_skip_replies": "Ignora il piè di pagina nelle e-mail di risposta"
+        "domain_footer_skip_replies": "Ignora il piè di pagina nelle e-mail di risposta",
+        "domain_footer_html": "Piè di pagina HTML",
+        "domain_footer_plain": "Piè di pagina PLAIN",
+        "footer_exclude": "Escludi dal piè di pagina",
+        "password_recovery_email": "E-mail di recupero password"
     },
     "fido2": {
         "confirm": "Conferma",
@@ -688,7 +714,13 @@
         "mobileconfig_info": "Please login as mailbox user to download the requested Apple connection profile.",
         "other_logins": "Key login",
         "password": "Password",
-        "username": "Nome utente"
+        "username": "Nome utente",
+        "request_reset_password": "Richiesta di modifica della password",
+        "back_to_mailcow": "Torna a mailcow",
+        "forgot_password": "> Password dimenticata?",
+        "new_password": "Nuova password",
+        "new_password_confirm": "Conferma la nuova password",
+        "reset_password": "Ripristino della password"
     },
     "mailbox": {
         "action": "Azione",
@@ -939,7 +971,9 @@
         "show_message": "Mostra messaggio",
         "unhold_mail": "Sblocca",
         "hold_mail_legend": "Blocca le mail selezionate. (Previene ulteriori tentativi di consegna)",
-        "legend": "Funzioni delle azioni della coda di posta:"
+        "legend": "Funzioni delle azioni della coda di posta:",
+        "unban": "Coda di sblocco",
+        "unhold_mail_legend": "Rilascia le mail selezionate per la consegna. (Richiede una prenotazione preventiva)"
     },
     "start": {
         "help": "Mostra/Nascondi pannello di aiuto",
@@ -1028,7 +1062,12 @@
         "template_added": "Aggiunto template %s",
         "template_modified": "Le modifiche al template %s sono state salvate",
         "template_removed": "Il template con ID %s è stato cancellato",
-        "f2b_banlist_refreshed": "L'ID della lista blocchi è stato aggiornato con successo."
+        "f2b_banlist_refreshed": "L'ID della lista blocchi è stato aggiornato con successo.",
+        "domain_footer_modified": "Le modifiche al piè di pagina del dominio %s sono state salvate",
+        "cors_headers_edited": "Le impostazioni CORS sono state salvate",
+        "ip_check_opt_in_modified": "Il controllo dell'indirizzo IP è stato salvato con successo",
+        "password_changed_success": "La password è stata modificata con successo",
+        "recovery_email_sent": "Email di recupero inviata a %s"
     },
     "tfa": {
         "api_register": "%s usa le API Yubico Cloud. Richiedi una chiave API <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">qui</a>",
@@ -1220,7 +1259,9 @@
         "direct_protocol_access": "Questo utente della mailbox ha <b>accesso diretto ed esterno</b> ai seguenti protocolli e applicazioni. Questa impostazione è controllata dal tuo amministratore. Le password delle applicazioni possono essere create per garantire l'accesso ai singoli protocolli e applicazioni.<br>Il pulsante \"Accedi alla webmail\" fornisce un singolo accesso a SOGo ed è sempre disponibile.",
         "pushover_sound": "Suono",
         "attribute": "Attributo",
-        "value": "Valore"
+        "value": "Valore",
+        "password_reset_info": "Se non viene fornita alcuna e-mail per il recupero della password, questa funzione non può essere utilizzata.",
+        "pw_recovery_email": "Email di recupero password"
     },
     "warning": {
         "cannot_delete_self": "Cannot delete logged in user",
@@ -1264,6 +1305,7 @@
         "aria": {
             "sortAscending": ": attivare l'ordinamento crescente delle colonne",
             "sortDescending": ": attivare l'ordinamento decrescente delle colonne"
-        }
+        },
+        "decimal": "."
     }
 }

From af0c61b90adcdf3564efd8e30fe7659a74a2ddd9 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sun, 1 Sep 2024 00:19:08 +0000
Subject: [PATCH 321/755] update postscreen_access.cidr

---
 data/conf/postfix/postscreen_access.cidr | 44 ++++++++++++++++++++++--
 1 file changed, 42 insertions(+), 2 deletions(-)

diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr
index 78ffc3a89..f77d4e9ce 100644
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@@ -1,6 +1,6 @@
-# Whitelist generated by Postwhite v3.4 on Thu Aug  1 00:16:45 UTC 2024
+# Whitelist generated by Postwhite v3.4 on Sun Sep  1 00:19:07 UTC 2024
 # https://github.com/stevejenkins/postwhite/
-# 1954 total rules
+# 1994 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
 2a01:111:f403:8000::/50	permit
@@ -19,6 +19,8 @@
 8.20.114.31	permit
 8.25.194.0/23	permit
 8.25.196.0/23	permit
+8.39.54.0/23	permit
+8.40.222.0/23	permit
 10.162.0.0/16	permit
 12.130.86.238	permit
 13.110.208.0/21	permit
@@ -200,6 +202,7 @@
 52.96.91.34	permit
 52.96.111.82	permit
 52.96.172.98	permit
+52.96.214.50	permit
 52.96.222.194	permit
 52.96.222.226	permit
 52.96.223.2	permit
@@ -324,6 +327,7 @@
 65.110.161.77	permit
 65.123.29.213	permit
 65.123.29.220	permit
+65.154.166.0/24	permit
 65.212.180.36	permit
 66.102.0.0/20	permit
 66.119.150.192/26	permit
@@ -1283,6 +1287,9 @@
 117.120.16.0/21	permit
 119.42.242.52/31	permit
 119.42.242.156	permit
+121.244.91.48	permit
+121.244.91.52	permit
+122.15.156.182	permit
 123.126.78.64/29	permit
 124.108.96.24/31	permit
 124.108.96.28/31	permit
@@ -1338,7 +1345,18 @@
 134.170.141.64/26	permit
 134.170.143.0/24	permit
 134.170.174.0/24	permit
+135.84.80.0/24	permit
+135.84.81.0/24	permit
+135.84.82.0/24	permit
+135.84.83.0/24	permit
 135.84.216.0/22	permit
+136.143.160.0/24	permit
+136.143.161.0/24	permit
+136.143.178.49	permit
+136.143.182.0/23	permit
+136.143.184.0/24	permit
+136.143.188.0/24	permit
+136.143.190.0/23	permit
 136.147.128.0/20	permit
 136.147.135.0/24	permit
 136.147.176.0/20	permit
@@ -1353,6 +1371,7 @@
 139.138.46.219	permit
 139.138.57.55	permit
 139.138.58.119	permit
+139.167.79.86	permit
 139.180.17.0/24	permit
 141.148.159.229	permit
 141.193.32.0/23	permit
@@ -1452,7 +1471,9 @@
 163.114.132.120	permit
 163.114.134.16	permit
 163.114.135.16	permit
+164.152.23.32	permit
 164.177.132.168/30	permit
+165.173.128.0/24	permit
 166.78.68.0/22	permit
 166.78.68.221	permit
 166.78.69.169	permit
@@ -1480,9 +1501,16 @@
 168.245.12.252	permit
 168.245.46.9	permit
 168.245.127.231	permit
+169.148.129.0/24	permit
+169.148.131.0/24	permit
+169.148.142.10	permit
+169.148.144.0/25	permit
+169.148.144.10	permit
 170.10.68.0/22	permit
 170.10.128.0/24	permit
 170.10.129.0/24	permit
+170.10.132.56/29	permit
+170.10.132.64/29	permit
 170.10.133.0/24	permit
 172.217.0.0/19	permit
 172.217.32.0/20	permit
@@ -1634,7 +1662,15 @@
 199.16.156.0/22	permit
 199.33.145.1	permit
 199.33.145.32	permit
+199.34.22.36	permit
 199.59.148.0/22	permit
+199.67.80.2	permit
+199.67.80.20	permit
+199.67.82.2	permit
+199.67.82.20	permit
+199.67.84.0/24	permit
+199.67.86.0/24	permit
+199.67.88.0/24	permit
 199.101.161.130	permit
 199.101.162.0/25	permit
 199.122.120.0/21	permit
@@ -1691,6 +1727,8 @@
 204.92.114.187	permit
 204.92.114.203	permit
 204.92.114.204/31	permit
+204.141.32.0/23	permit
+204.141.42.0/23	permit
 204.220.160.0/20	permit
 204.232.168.0/24	permit
 205.139.110.0/24	permit
@@ -1942,6 +1980,8 @@
 2603:1030:20e:3::23c	permit
 2603:1030:b:3::152	permit
 2603:1030:c02:8::14	permit
+2607:13c0:0001:0000:0000:0000:0000:7000/116	permit
+2607:13c0:0002:0000:0000:0000:0000:1000/116	permit
 2607:f8b0:4000::/36	permit
 2620:109:c003:104::/64	permit
 2620:109:c003:104::215	permit

From b307e0a0d55474825d54f83b12339ee75c9b1a72 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 2 Sep 2024 09:57:33 +0200
Subject: [PATCH 322/755] [PHP-FPM] Add missing space in log message

---
 data/conf/phpfpm/crons/ldap-sync.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/conf/phpfpm/crons/ldap-sync.php b/data/conf/phpfpm/crons/ldap-sync.php
index 93b22b941..75eddc7a1 100644
--- a/data/conf/phpfpm/crons/ldap-sync.php
+++ b/data/conf/phpfpm/crons/ldap-sync.php
@@ -147,7 +147,7 @@ foreach ($response as $user) {
   }
 
   if (empty($user[$iam_settings['username_field']][0])){
-    logMsg("warning", "Skipping user " . $user['displayname'][0] . " due to empty LDAP ". $iam_settings['username_field'] . "property.'");
+    logMsg("warning", "Skipping user " . $user['displayname'][0] . " due to empty LDAP ". $iam_settings['username_field'] . " property.");
     continue;
   }
 

From 320bd31d372770b8abf444223b5d74376ff4c5b1 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 2 Sep 2024 10:02:10 +0200
Subject: [PATCH 323/755] [Web] fix LDAP "ignore ssl errors" option

---
 data/web/inc/functions.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 15c3b0b9e..3588d36ed 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2359,7 +2359,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
           $_data['ignore_ssl_error'] = isset($_data['ignore_ssl_error']) ? boolval($_data['ignore_ssl_error']) : false;
           $options = array();
           if ($_data['ignore_ssl_error']) {
-            $options['LDAP_OPT_X_TLS_REQUIRE_CERT'] = "LDAP_OPT_X_TLS_NEVER";
+            $options[LDAP_OPT_X_TLS_REQUIRE_CERT] = LDAP_OPT_X_TLS_NEVER;
           }
           $provider = new \LdapRecord\Connection([
             'hosts'                     => [$_data['host']],
@@ -2455,7 +2455,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
             $iam_settings['binddn'] && $iam_settings['bindpass']){
             $options = array();
             if ($iam_settings['ignore_ssl_error']) {
-              $options['LDAP_OPT_X_TLS_REQUIRE_CERT'] = "LDAP_OPT_X_TLS_NEVER";
+              $options[LDAP_OPT_X_TLS_REQUIRE_CERT] = LDAP_OPT_X_TLS_NEVER;
             }
             $provider = new \LdapRecord\Connection([
               'hosts'                     => [$iam_settings['host']],

From 82fcddb177639ae1a1884094ce3d7fbb8dbbafda Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 2 Sep 2024 10:12:51 +0200
Subject: [PATCH 324/755] [Web] Fix catch block in LDAP connection test

---
 data/web/inc/functions.inc.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 3588d36ed..fc703c353 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2373,9 +2373,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
           ]);
           try {
             $provider->connect();
-          } catch (TypeError $e) {
-            return false;
-          } catch (\LdapRecord\Auth\BindException $e) {
+          } catch (Throwable $e) {
             return false;
           }
         break;

From ae3653a925189825b44566f10a3b823b9b5b9ab8 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 2 Sep 2024 10:22:51 +0200
Subject: [PATCH 325/755] [SOGo] vacation auto reply date shifting #5394

---
 data/Dockerfiles/sogo/docker-entrypoint.sh | 2 ++
 docker-compose.yml                         | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/sogo/docker-entrypoint.sh b/data/Dockerfiles/sogo/docker-entrypoint.sh
index 2ff602a3c..4e20e960e 100755
--- a/data/Dockerfiles/sogo/docker-entrypoint.sh
+++ b/data/Dockerfiles/sogo/docker-entrypoint.sh
@@ -10,6 +10,8 @@ if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
   cp /etc/syslog-ng/syslog-ng-redis_slave.conf /etc/syslog-ng/syslog-ng.conf
 fi
 
+echo "$TZ" > /etc/timezone
+
 # Run hooks
 for file in /hooks/*; do
   if [ -x "${file}" ]; then
diff --git a/docker-compose.yml b/docker-compose.yml
index cf0a028ff..6ec97c9ad 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -176,7 +176,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.125
+      image: mailcow/sogo:1.126
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}
@@ -552,7 +552,7 @@ services:
           aliases:
             - dockerapi
 
-    
+
     ##### Will be removed soon #####
     solr-mailcow:
       image: mailcow/solr:1.8.3

From 710cec996cc60219dcb152b2459e1beffe722130 Mon Sep 17 00:00:00 2001
From: Finn Hoffhenke <26007800+Finnlife@users.noreply.github.com>
Date: Mon, 2 Sep 2024 15:40:29 +0200
Subject: [PATCH 326/755] feat: Added check for newer version tags on remote
 (#6054)

---
 update.sh | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/update.sh b/update.sh
index dcc2020eb..fe8aee72f 100755
--- a/update.sh
+++ b/update.sh
@@ -360,6 +360,21 @@ while (($#)); do
         exit 3
       fi
     ;;
+    --check-tags)
+      echo "Checking remote tags for updates..."
+      LATEST_TAG_REV=$(git ls-remote --exit-code --quiet --tags origin | tail -1 | cut -f1)
+      if [ "$?" -ne 0 ]; then
+        echo "A problem occurred while trying to fetch the latest tag from github."
+        exit 99
+      fi
+      if [[ -z $(git log HEAD --pretty=format:"%H" | grep "${LATEST_TAG_REV}") ]]; then
+        echo -e "New tag is available.\nThe changes can be found here: https://github.com/mailcow/mailcow-dockerized/releases/latest"
+        exit 0
+      else
+        echo "No updates available."
+        exit 3
+      fi
+    ;;
     --ours)
       MERGE_STRATEGY=ours
     ;;
@@ -396,9 +411,10 @@ while (($#)); do
       DEV=y
     ;;
     --help|-h)
-    echo './update.sh [-c|--check, --ours, --gc, --nightly, --prefetch, --skip-start, --skip-ping-check, --stable, -f|--force, -d|--dev, -h|--help]
+    echo './update.sh [-c|--check, --check-tags, --ours, --gc, --nightly, --prefetch, --skip-start, --skip-ping-check, --stable, -f|--force, -d|--dev, -h|--help]
 
   -c|--check           -   Check for updates and exit (exit codes => 0: update available, 3: no updates)
+  --check-tags         -   Check for newer tags and exit (exit codes => 0: newer tag available, 3: no newer tag)
   --ours               -   Use merge strategy option "ours" to solve conflicts in favor of non-mailcow code (local changes over remote changes), not recommended!
   --gc                 -   Run garbage collector to delete old image tags
   --nightly            -   Switch your mailcow updates to the unstable (nightly) branch. FOR TESTING PURPOSES ONLY!!!!

From 8b2d67169bb09f8fb57a7dcc67982c4c5d16647f Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 3 Sep 2024 19:42:10 +0200
Subject: [PATCH 327/755] chore(deps): update peter-evans/create-pull-request
 action to v7 (#6059)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/update_postscreen_access_list.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/update_postscreen_access_list.yml b/.github/workflows/update_postscreen_access_list.yml
index ddfa7ac86..3d79e801b 100644
--- a/.github/workflows/update_postscreen_access_list.yml
+++ b/.github/workflows/update_postscreen_access_list.yml
@@ -22,7 +22,7 @@ jobs:
           bash helper-scripts/update_postscreen_whitelist.sh
 
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v6
+      uses: peter-evans/create-pull-request@v7
       with:
         token: ${{ secrets.mailcow_action_Update_postscreen_access_cidr_pat }}
         commit-message: update postscreen_access.cidr

From bb6f4058416b60ac0cb3e808740056de4a7cbc92 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Wed, 4 Sep 2024 14:42:30 +0200
Subject: [PATCH 328/755] compose: added clamd as depends_on to rspamd (#6062)

---
 docker-compose.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index cf0a028ff..6023a9072 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -84,6 +84,7 @@ services:
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow
+        - clamd-mailcow
       environment:
         - TZ=${TZ}
         - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}

From f2e35dff68c1763c94a1b05eb389ae3b0ec4406b Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 5 Sep 2024 12:40:30 +0200
Subject: [PATCH 329/755] [Web] rename user in sender_acl table

---
 data/web/inc/functions.mailbox.inc.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 9c01e78e1..276e5629f 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -3308,7 +3308,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               'alias' => ['goto'],
               "imapsync" => ['user2'],
               'bcc_maps' => ['local_dest', 'bcc_dest'],
-              'recipient_maps' => ['old_dest', 'new_dest']
+              'recipient_maps' => ['old_dest', 'new_dest'],
+              'sender_acl' => ['logged_in_as', 'send_as']
             ];
             foreach ($tables as $table => $columns) {
               foreach ($columns as $column) {

From 29d8cfe2bab1ac2afe59ee98fa75115fb3d55c9f Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 5 Sep 2024 14:02:04 +0200
Subject: [PATCH 330/755] [Web] Set min-width and text-align for last login
 badges

---
 data/web/js/site/mailbox.js | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index 2ec2f9fa4..af2862a37 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -1013,10 +1013,10 @@ jQuery(function($){
           responsivePriority: 7,
           render: function (data, type) {
             res = data.split("/");
-            return '<div class="badge bg-info mb-2">IMAP @ ' + unix_time_format(Number(res[0])) + '</div><br>' +
-              '<div class="badge bg-info mb-2">POP3 @ ' + unix_time_format(Number(res[1])) + '</div><br>' +
-              '<div class="badge bg-info">SMTP @ ' + unix_time_format(Number(res[2])) + '</div><br>' +
-              '<div class="badge bg-info">SSO @ ' + unix_time_format(Number(res[3])) + '</div>';
+            return '<div class="text-start badge bg-info mb-2" style="min-width: 70px;">IMAP @ ' + unix_time_format(Number(res[0])) + '</div><br>' +
+              '<div class="text-start badge bg-info mb-2" style="min-width: 70px;">POP3 @ ' + unix_time_format(Number(res[1])) + '</div><br>' +
+              '<div class="text-start badge bg-info mb-2" style="min-width: 70px;">SMTP @ ' + unix_time_format(Number(res[2])) + '</div><br>' +
+              '<div class="text-start badge bg-info" style="min-width: 70px;">SSO @ ' + unix_time_format(Number(res[3])) + '</div>';
           }
         },
         {
@@ -2355,7 +2355,7 @@ jQuery(function($){
     else
       $(tab).find(".table_collapse_option").hide();
   }
-  
+
   function filterByDomain(json, column, table){
     var tableId = $(table.table().container()).attr('id');
     // Create the `select` element
@@ -2378,12 +2378,12 @@ jQuery(function($){
         }
       });
     });
-    
+
     // get unique domain list
     domains = domains.filter(function(value, index, array) {
       return array.indexOf(value) === index;
     });
-    
+
     // add domains to select
     domains.forEach(function(domain) {
         select.append($('<option>' + domain + '</option>'));

From 22f7f61ac95c1d094efe0064ae692820339609a1 Mon Sep 17 00:00:00 2001
From: airon-assustadus <122687837+airon-assustadus@users.noreply.github.com>
Date: Thu, 5 Sep 2024 10:09:49 -0300
Subject: [PATCH 331/755] feat/brazilian-translations (#6048)

# What
- Adding some brazilian translations that were missing

Co-authored-by: Airon Teixeira <airon@ymail.com>
---
 data/web/lang/lang.pt-br.json | 114 +++++++++++++++++++++++++++-------
 1 file changed, 92 insertions(+), 22 deletions(-)

diff --git a/data/web/lang/lang.pt-br.json b/data/web/lang/lang.pt-br.json
index 45dbf5147..0364bd191 100644
--- a/data/web/lang/lang.pt-br.json
+++ b/data/web/lang/lang.pt-br.json
@@ -14,6 +14,7 @@
         "prohibited": "Proibido pela ACL",
         "protocol_access": "Alterar o acesso ao protocolo",
         "pushover": "Pushover",
+        "pw_reset": "Permite resetar a senha do usuário do Mailcow",
         "quarantine": "Ações de quarentena",
         "quarantine_attachments": "Anexos de quarentena",
         "quarantine_category": "Alterar categoria de notificação de quarentena",
@@ -28,8 +29,7 @@
         "spam_score": "Pontuação de spam",
         "syncjobs": "Trabalhos de sincronização",
         "tls_policy": "Política de TLS",
-        "unlimited_quota": "Cota ilimitada para mailboxes",
-        "pw_reset": "Permite redefinir a senha do usuário"
+        "unlimited_quota": "Cota ilimitada para mailboxes"
     },
     "add": {
         "activate_filter_warn": "Todos os outros filtros serão desativados quando a opção ativa estiver marcada.",
@@ -143,6 +143,7 @@
         "api_read_only": "Acesso somente para leitura",
         "api_read_write": "Acesso de leitura e gravação",
         "api_skip_ip_check": "Ignorar verificação de IP para API",
+        "app_hide": "Esconder para login",
         "app_links": "Links de aplicativos",
         "app_name": "Nome do aplicativo",
         "apps_name": "Nome “mailcow Apps”",
@@ -155,6 +156,7 @@
         "logo_dark_label": "Invertido para o modo escuro",
         "configuration": "Configuração",
         "convert_html_to_text": "Converter HTML em texto sem formatação",
+        "copy_to_clipboard": "Text copied to clipboard!",
         "cors_settings": "Configurações do CORS",
         "credentials_transport_warning": "<b>Aviso</b>: Adicionar uma nova entrada no mapa de transporte atualizará as credenciais de todas as entradas com uma coluna correspondente do próximo salto.",
         "customer_id": "ID do cliente",
@@ -188,6 +190,8 @@
         "f2b_blacklist": "Redes/hosts na lista negra",
         "f2b_filter": "Filtros Regex",
         "f2b_list_info": "Um host ou rede na lista negra sempre superará uma entidade na lista branca. <b>As atualizações da lista levarão alguns segundos para serem aplicadas.</b>",
+        "f2b_manage_external": "Gerenciar Fail2Ban externamente",
+        "f2b_manage_external_info": "O Fail2ban ainda manterá a lista de banimentos, mas não definirá ativamente regras para bloquear o tráfego. Use a lista de banimento gerada abaixo para bloquear externamente o tráfego.",
         "f2b_max_attempts": "Máximo de tentativas",
         "f2b_max_ban_time": "Tempo (s) máximo (s) de banimento",
         "f2b_netban_ipv4": "Tamanho da sub-rede IPv4 a ser proibida (8-32)",
@@ -196,6 +200,7 @@
         "f2b_regex_info": "Registros considerados: SoGo, Postfix, Dovecot, PHP-FPM.",
         "f2b_retry_window": "Repita a (s) janela (s) para o máximo de tentativas",
         "f2b_whitelist": "Redes/hosts incluídos na lista branca",
+        "filter": "Filtro",
         "filter_table": "Tabela de filtros",
         "forwarding_hosts": "Anfitriões de encaminhamento",
         "forwarding_hosts_add_hint": "Você pode especificar endereços IPv4/IPv6, redes em notação CIDR, nomes de host (que serão resolvidos para endereços IP) ou nomes de domínio (que serão resolvidos para endereços IP consultando registros SPF ou, na ausência deles, registros MX).",
@@ -208,6 +213,38 @@
         "help_text": "Substituir texto de ajuda abaixo da máscara de login (HTML permitido)",
         "host": "Anfitrião",
         "html": "HTML",
+        "iam": "Provedor de Identificação",
+        "iam_attribute_field": "Campo de Atributo",
+        "iam_authorize_url": "Endpoint de Autorização",
+        "iam_auth_flow": "Fluxo de Autenticação",
+        "iam_auth_flow_info": "Além do fluxo de código de autorização (Standard Flow no Keycloak), que é usado para login no Single-Sign On, o mailcow também suporta o fluxo de autenticação com credenciais diretas. O fluxo Mailpassword tenta validar as credenciais do usuário usando a API REST Admin do Keycloak. O mailcow recupera a senha com o hash do atributo <code>mailcow_password</code>, que é mapeado no Keycloak.",
+        "iam_basedn": "DN Base",
+        "iam_client_id": "ID do Cliente",
+        "iam_client_secret": "Secret do Cliente",
+        "iam_client_scopes": "Escopos do Cliente",
+        "iam_description": "Configure um provedor externo para autenticação<br>As caixas de emails dos usuários serão automaticamente criadas no primeiro login, garanta que um atributo de mapeamento foi definido.",
+        "iam_extra_permission": "Para que as seguintes configurações funcionem, o cliente do mailcow no Keycloak precisa de um <code>Service Account</code> e de permissão para <code>view-users</code>",
+        "iam_host": "Servidor",
+        "iam_import_users": "Importar usuários",
+        "iam_mapping": "Atributo de mapeamento",
+        "iam_bindpass": "Senha de monitoramento",
+        "iam_periodic_full_sync": "Sincronização completa periódica",
+        "iam_port": "Porta",
+        "iam_realm": "Realm",
+        "iam_redirect_url": "Url de redirecionamento",
+        "iam_rest_flow": "Fluxo de Mailpassword",
+        "iam_server_url": "URL do Servidor",
+        "iam_sso": "SSO",
+        "iam_sync_interval": "Sincronizar / Intervalo de importação (min)",
+        "iam_test_connection": "Testar conexão",
+        "iam_token_url": "Endpoint do Token",
+        "iam_userinfo_url": "Endpoint de informações do Usuário",
+        "iam_username_field": "Campo de nome do usuário (username)",
+        "iam_binddn": "DN de monitoramento",
+        "iam_use_ssl": "Usar SSL",
+        "iam_use_tls": "Usar TLS",
+        "iam_version": "Versão",
+        "ignore_ssl_error": "Ignora erros de SSL",
         "import": "Importar",
         "import_private_key": "Importar chave privada",
         "in_use_by": "Em uso por",
@@ -254,6 +291,11 @@
         "password_policy_numbers": "Deve conter pelo menos um número",
         "password_policy_special_chars": "Deve conter caracteres especiais",
         "password_repeat": "Senha de confirmação (repetição)",
+        "password_reset_info": "Se nenhum email de recuperação for definido, esta função não poderá ser utilizada.",
+        "password_reset_settings": "Configurações de recuperação de senha",
+        "password_reset_tmpl_html": "Template HTML",
+        "password_reset_tmpl_text": "Template de Texto",
+        "password_settings": "Configurações de senha",
         "priority": "Prioridade",
         "private_key": "Chave privada",
         "quarantine": "Quarentena",
@@ -294,6 +336,8 @@
         "remove_row": "Remover linha",
         "reset_default": "Redefinir para o padrão",
         "reset_limit": "Remover o hash",
+        "reset_password_vars": "<code>{{link}}</code> Link de recuperação de senha gerado<br><code>{{username}}</code> nome da caixa de email do usuário que requisitou a recuperação de senha<br><code>{{username2}}</code> Nome da caixa de email recuperada<br><code>{{date}}</code> Data que a requisição de recuperação de senha foi feita<br><code>{{token_lifetime}}</code> O tempo de vida em minutos do token<br><code>{{hostname}}</code> O servidor do mailcow",
+        "restore_template": "Deixe limpo para o template padrão de recuperação.",
         "routing": "Roteamento",
         "rsetting_add_rule": "Adicionar regra",
         "rsetting_content": "Conteúdo da regra",
@@ -323,6 +367,7 @@
         "subject": "Assunto",
         "success": "Sucesso",
         "sys_mails": "E-mails do sistema",
+        "task": "Tarefa",
         "text": "Texto",
         "time": "Hora",
         "title": "Título",
@@ -347,12 +392,10 @@
         "unchanged_if_empty": "Se inalterado, deixe em branco",
         "upload": "Carregar",
         "username": "Nome de usuário",
+        "user_link": "Link do User",
         "validate_license_now": "Valide o GUID em relação ao servidor de licenças",
         "verify": "Verificar",
-        "yes": "✓",
-        "copy_to_clipboard": "Texto copiado para a área de transferência!",
-        "f2b_manage_external": "Gerenciar Fail2Ban externamente",
-        "f2b_manage_external_info": "O Fail2ban ainda manterá a lista de banimentos, mas não definirá ativamente regras para bloquear o tráfego. Use a lista de banimento gerada abaixo para bloquear externamente o tráfego."
+        "yes": "✓"
     },
     "danger": {
         "access_denied": "Acesso negado ou dados de formulário inválidos",
@@ -364,6 +407,7 @@
         "aliases_in_use": "O máximo de aliases deve ser maior ou igual a %d",
         "app_name_empty": "O nome do aplicativo não pode estar vazio",
         "app_passwd_id_invalid": "ID de senha do aplicativo %s inválida",
+        "authsource_in_use": "O provedor de identificação não pode ser alterado ou removido por estar sendo utilizado por um ou mais usuários.",
         "bcc_empty": "O destino do BCC não pode estar vazio",
         "bcc_exists": "Existe um mapa BCC %s para o tipo %s",
         "bcc_must_be_email": "O destino %s do BCC não é um endereço de e-mail válido",
@@ -394,8 +438,11 @@
         "goto_empty": "Um endereço de alias deve conter pelo menos um endereço de destino válido",
         "goto_invalid": "O endereço Goto %s é inválido",
         "ham_learn_error": "Erro de aprendizado do Ham: %s",
+        "iam_test_connection": "Falha na conexão",
         "imagick_exception": "Erro: exceção Imagick ao ler a imagem",
+        "img_dimensions_exceeded": "A imagem excede o tamanho máximo",
         "img_invalid": "Não é possível validar o arquivo de imagem",
+        "img_size_exceeded": "A imagem excede o tamanho máximo",
         "img_tmp_missing": "Não é possível validar o arquivo de imagem: Arquivo temporário não encontrado",
         "invalid_bcc_map_type": "Tipo de mapa BCC inválido",
         "invalid_destination": "O formato de destino “%s” é inválido",
@@ -406,6 +453,7 @@
         "invalid_nexthop_authenticated": "O próximo salto existe com credenciais diferentes. Primeiro, atualize as credenciais existentes para o próximo salto.",
         "invalid_recipient_map_new": "Novo destinatário inválido especificado: %s",
         "invalid_recipient_map_old": "Destinatário original inválido especificado: %s",
+        "invalid_reset_token": "Token de recuperação inválido",
         "ip_list_empty": "A lista de IPs permitidos não pode estar vazia",
         "is_alias": "%s já é conhecido como endereço de alias",
         "is_alias_or_mailbox": "%s já é conhecido como alias, mailbox ou alias de endereço expandido a partir de um domínio de alias.",
@@ -435,6 +483,8 @@
         "password_complexity": "A senha não atende à política",
         "password_empty": "A senha não deve estar vazia",
         "password_mismatch": "A senha de confirmação não corresponde",
+        "password_reset_invalid_user": "Caixa de email não encontrada ou email de recuperação não definido",
+        "password_reset_na": "A recuperação de senha está indisponível no momento. Por favor, contacte o administrador.",
         "policy_list_from_exists": "Existe um registro com nome próprio",
         "policy_list_from_invalid": "O registro tem formato inválido",
         "private_key_error": "Erro de chave privada: %s",
@@ -443,10 +493,13 @@
         "pushover_token": "O token Pushover tem um formato errado",
         "quota_not_0_not_numeric": "A cota deve ser numérica e >= 0",
         "recipient_map_entry_exists": "Existe uma entrada de mapa de destinatários “%s”",
+        "recovery_email_failed": "Não foi possível enviar um email de recuperação. Por favor, contacte seu administrador.",
         "redis_error": "Erro do Redis: %s",
         "relayhost_invalid": "A entrada de mapa %s é inválida",
         "release_send_failed": "A mensagem não pôde ser liberada: %s",
+        "required_data_missing": "O campo obrigatório %s está faltando",
         "reset_f2b_regex": "O filtro Regex não pôde ser redefinido a tempo. Tente novamente ou aguarde mais alguns segundos e recarregue o site.",
+        "reset_token_limit_exceeded": "O limite de token de recuperação foi excedido. Por favor tente novamente mais tarde.",
         "resource_invalid": "O nome do recurso %s é inválido",
         "rl_timeframe": "O prazo do limite de taxa está incorreto",
         "rspamd_ui_pw_length": "A senha do Rspamd UI deve ter pelo menos 6 caracteres",
@@ -469,6 +522,7 @@
         "tls_policy_map_dest_invalid": "O destino da política é inválido",
         "tls_policy_map_entry_exists": "Existe uma entrada “%s” no mapa de políticas TLS",
         "tls_policy_map_parameter_invalid": "O parâmetro de política é inválido",
+        "to_invalid": "Destinatário não pode ser vazio",
         "totp_verification_failed": "Falha na verificação do TOTP",
         "transport_dest_exists": "O destino de transporte “%s” existe",
         "webauthn_verification_failed": "Falha na verificação do WebAuthn: %s",
@@ -481,9 +535,7 @@
         "username_invalid": "O nome de usuário %s não pode ser usado",
         "validity_missing": "Por favor, atribua um período de validade",
         "value_missing": "Forneça todos os valores",
-        "yotp_verification_failed": "Falha na verificação do Yubico OTP: %s",
-        "img_dimensions_exceeded": "A imagem excede o tamanho máximo",
-        "img_size_exceeded": "A imagem excede o tamanho máximo"
+        "yotp_verification_failed": "Falha na verificação do Yubico OTP: %s"
     },
     "datatables": {
         "collapse_all": "Recolher tudo",
@@ -582,6 +634,7 @@
         "client_secret": "Segredo do cliente",
         "comment_info": "Um comentário privado não é visível para o usuário, enquanto um comentário público é mostrado como dica de ferramenta ao passar o mouse sobre ele na visão geral do usuário",
         "created_on": "Criado em",
+        "custom_attributes": "Atributos personalizados",
         "delete1": "Excluir da fonte quando concluído",
         "delete2": "Excluir mensagens no destino que não estão na origem",
         "delete2duplicates": "Excluir duplicatas no destino",
@@ -602,6 +655,7 @@
             "custom": "{= foo =}         - Se o mailbox tiver o atributo personalizado \"foo\" com valor \"bar\", retornará \"bar\""
         },
         "domain_footer_plain": "Rodapé simples",
+        "domain_footer_skip_replies": "Ignore o rodapé nos e-mails de resposta",
         "domain_quota": "Cota de domínio",
         "domains": "Domínios",
         "dont_check_sender_acl": "Desativar a verificação de remetente para o domínio %s (+ domínios de alias)",
@@ -637,6 +691,7 @@
         "none_inherit": "Nenhum/Herdar",
         "nexthop": "Próximo salto",
         "password": "Senha",
+        "password_recovery_email": "Email de recuperação de senha",
         "password_repeat": "Senha de confirmação (repetição)",
         "previous": "Página anterior",
         "private_comment": "Comentário privado",
@@ -673,8 +728,8 @@
         "sieve_desc": "Breve descrição",
         "sieve_type": "Tipo de filtro",
         "skipcrossduplicates": "Ignore mensagens duplicadas entre pastas (primeiro a chegar, primeiro a ser servido)",
-        "sogo_access": "Conceder acesso de login direto ao SoGo",
-        "sogo_access_info": "O login único de dentro da interface do usuário de e-mail continua funcionando. Essa configuração não afeta o acesso a todos os outros serviços nem exclui ou altera o perfil SoGo existente de um usuário.",
+        "sogo_access": "Encaminhamento direto para o SOGoo",
+        "sogo_access_info": "Depois de fazer login, o usuário é automaticamente redirecionado para o SOGo.",
         "sogo_visible": "O alias é visível no SoGo",
         "sogo_visible_info": "Essa opção afeta somente objetos, que podem ser exibidos no SoGo (endereços de alias compartilhados ou não compartilhados apontando para pelo menos uma mailbox local). Se estiver oculto, um alias não aparecerá como remetente selecionável no SoGo.",
         "spam_alias": "Crie ou altere endereços de alias com limite de tempo",
@@ -690,9 +745,7 @@
         "title": "Editar objeto",
         "unchanged_if_empty": "Se inalterado, deixe em branco",
         "username": "Nome de usuário",
-        "validate_save": "Valide e salve",
-        "custom_attributes": "Atributos personalizados",
-        "domain_footer_skip_replies": "Ignore o rodapé nos e-mails de resposta"
+        "validate_save": "Valide e salve"
     },
     "fido2": {
         "confirm": "Confirme",
@@ -742,12 +795,19 @@
         "session_expires": "Sua sessão expirará em cerca de 15 segundos"
     },
     "login": {
+        "back_to_mailcow": "Voltar para o mailcow",
         "delayed": "O login foi atrasado em %s segundos.",
         "fido2_webauthn": "Login do FIDO2/WebAuthn",
+        "forgot_password": "> Esqueceu a senha?",
+        "invalid_pass_reset_token": "O token de recuperação de senha está inválido ou expirado.<br>Por favor solicite um novo link de recuperação de senha.",
         "login": "Login",
         "mobileconfig_info": "Faça login como usuário da mailbox para baixar o perfil de conexão Apple solicitado.",
+        "new_password": "Nova senha",
+        "new_password_confirm": "Confirmar nova senha",
         "other_logins": "Login com chave",
         "password": "Senha",
+        "reset_password": "Recuperar a senha",
+        "request_reset_password": "Solicitar troca de senha",
         "username": "Nome de usuário"
     },
     "mailbox": {
@@ -824,6 +884,7 @@
         "goto_ham": "Aprenda como <b>presunto</b>",
         "goto_spam": "Aprenda como <b>spam</b>",
         "hourly": "A cada hora",
+        "iam": "Provedor de Identificação",
         "in_use": "Em uso (%)",
         "inactive": "Inativo",
         "insert_preset": "Inserir exemplo de predefinição “%s”",
@@ -1053,11 +1114,13 @@
         "domain_removed": "O domínio %s foi removido",
         "dovecot_restart_success": "O Dovecot foi reiniciado com sucesso",
         "eas_reset": "Os dispositivos ActiveSync para o usuário %s foram redefinidos",
+        "f2b_banlist_refreshed": "O Banlist ID foi atualizado com sucesso.",
         "f2b_modified": "As alterações nos parâmetros do Fail2ban foram salvas",
         "forwarding_host_added": "O host de encaminhamento %s foi adicionado",
         "forwarding_host_removed": "O host de encaminhamento %s foi removido",
         "global_filter_written": "O filtro foi gravado com sucesso no arquivo",
         "hash_deleted": "Hash excluído",
+        "iam_test_connection": "Conexão realizada com sucesso",
         "ip_check_opt_in_modified": "A verificação de IP foi salva com sucesso",
         "item_deleted": "Item %s excluído com sucesso",
         "item_released": "Item %s lançado",
@@ -1072,11 +1135,13 @@
         "nginx_reloaded": "O Nginx foi recarregado",
         "object_modified": "As alterações no objeto %s foram salvas",
         "password_policy_saved": "A política de senha foi salva com sucesso",
+        "password_changed_success": "Alteração de senha realizada com sucesso",
         "pushover_settings_edited": "Configurações de Pushover definidas com sucesso. Verifique as credenciais.",
         "qlearn_spam": "A ID da mensagem %s foi detectada como spam e excluída",
         "queue_command_success": "Comando de fila concluído com sucesso",
         "recipient_map_entry_deleted": "A ID do mapa do destinatário %s foi excluída",
         "recipient_map_entry_saved": "A entrada “%s” do mapa do destinatário foi salva",
+        "recovery_email_sent": "Email de recuperação enviado para %s",
         "relayhost_added": "A entrada de mapa %s foi adicionada",
         "relayhost_removed": "A entrada de mapa %s foi removida",
         "reset_main_logo": "Redefinir para o logotipo padrão",
@@ -1099,10 +1164,10 @@
         "verified_fido2_login": "Login FIDO2 verificado",
         "verified_totp_login": "Login TOTP verificado",
         "verified_webauthn_login": "Login verificado do WebAuthn",
-        "verified_yotp_login": "Login OTP verificado do Yubico",
-        "f2b_banlist_refreshed": "O Banlist ID foi atualizado com sucesso."
+        "verified_yotp_login": "Login OTP verificado do Yubico"
     },
     "tfa": {
+        "authenticators": "Autenticadores",
         "api_register": "%s usa a API Yubico Cloud. Obtenha uma chave de API para sua chave <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">aqui</a>",
         "confirm": "Confirme",
         "confirm_totp_token": "Confirme suas alterações inserindo o token gerado",
@@ -1127,8 +1192,7 @@
         "webauthn": "Autenticação WebAuthn",
         "waiting_usb_auth": "<i>Aguardando o dispositivo USB...</i> <br><br>Toque no botão no seu dispositivo USB agora.",
         "waiting_usb_register": "<i>Aguardando o dispositivo USB...</i> <br><br>Digite sua senha acima e confirme seu registro tocando no botão no seu dispositivo USB.",
-        "yubi_otp": "Autenticação Yubico OTP",
-        "authenticators": "Autenticadores"
+        "yubi_otp": "Autenticação Yubico OTP"
     },
     "user": {
         "action": "Ação",
@@ -1153,6 +1217,8 @@
         "apple_connection_profile_complete": "Esse perfil de conexão inclui parâmetros IMAP e SMTP, bem como caminhos CalDAV (calendários) e CardDAV (contatos) para um dispositivo Apple.",
         "apple_connection_profile_mailonly": "Esse perfil de conexão inclui parâmetros de configuração IMAP e SMTP para um dispositivo Apple.",
         "apple_connection_profile_with_app_password": "Uma nova senha de aplicativo é gerada e adicionada ao perfil para que nenhuma senha precise ser inserida ao configurar seu dispositivo. Não compartilhe o arquivo, pois ele concede acesso total à sua mailbox.",
+        "attribute": "Atributo",
+        "authentication": "Autenticação",
         "change_password": "Alterar senha",
         "change_password_hint_app_passwords": "Sua conta tem %d senhas de aplicativos que não serão alteradas. Para gerenciá-las, acesse a guia Senhas do aplicativo.",
         "clear_recent_successful_connections": "Conexões bem-sucedidas e claras",
@@ -1206,10 +1272,13 @@
         "no_last_login": "Nenhuma informação de login da última interface",
         "no_record": "Sem registro",
         "open_logs": "Registros abertos",
-        "open_webmail_sso": "Faça login no webmail",
+        "open_webmail_sso": "Webmail",
+        "overview": "Overview",
         "password": "Senha",
         "password_now": "Senha atual (confirme as alterações)",
         "password_repeat": "Senha (repetição)",
+        "password_reset_info": "Se nenhum email de recuperação for definido, esta função não poderá ser utilizada.",
+        "protocols": "Protocolos",
         "pushover_evaluate_x_prio": "Escale e-mails de alta prioridade [<code>X-Priority:</code> 1]",
         "pushover_info": "As configurações de notificação push serão aplicadas a todos os e-mails limpos (sem spam) entregues a <b>%s</b>, incluindo aliases (compartilhados, não compartilhados, marcados).",
         "pushover_only_x_prio": "Considere somente e-mails de alta prioridade [<code>X-Priority: 1</code>]",
@@ -1220,6 +1289,7 @@
         "pushover_sound": "Som",
         "pushover_vars": "Quando nenhum filtro de remetente for definido, todos os e-mails serão considerados. <br>Os filtros Regex, bem como as verificações exatas do remetente, podem ser definidos individualmente e serão considerados sequencialmente. Eles não dependem um do outro. <br>Variáveis utilizáveis para texto e título (observe as políticas de proteção de dados)",
         "pushover_verify": "Verifique as credenciais",
+        "pw_recovery_email": "Email de recuperação de senha",
         "q_add_header": "Pasta de lixo eletrônico",
         "q_all": "Todas as categorias",
         "q_reject": "Rejeitado",
@@ -1276,6 +1346,7 @@
         "tag_in_subfolder": "Na subpasta",
         "tag_in_subject": "No assunto",
         "text": "Texto",
+        "tfa_info": "Duplo fator de autenticação ajuda a proteger sua conta. Se você habilitar, você pode precisar de senhas de aplicativos para logar nos aplicativos ou serviços que não suportam duplo fator de autenticação (Ex. Clientes de email).",
         "title": "Título",
         "tls_enforce_in": "Imponha a entrada de TLS",
         "tls_enforce_out": "Imponha a saída TLS",
@@ -1283,6 +1354,7 @@
         "tls_policy_warning": "<strong>Aviso:</strong> Se você decidir impor a transferência de e-mail criptografada, poderá perder e-mails. <br>As mensagens que não satisfizerem a política serão devolvidas com uma falha grave pelo sistema de correio. <br>Essa opção se aplica ao seu endereço de e-mail principal (nome de login), a todos os endereços derivados de domínios de alias, bem como aos endereços de alias <b>com apenas essa única mailbox </b> como destino.",
         "user_settings": "Configurações do usuário",
         "username": "Nome de usuário",
+        "value": "Valor",
         "verify": "Verificar",
         "waiting": "Esperando",
         "week": "semana",
@@ -1290,9 +1362,7 @@
         "weeks": "semanas",
         "with_app_password": "com senha do aplicativo",
         "year": "ano",
-        "years": "anos",
-        "attribute": "Atributo",
-        "value": "Valor"
+        "years": "anos"
     },
     "warning": {
         "cannot_delete_self": "Não é possível excluir o usuário conectado",

From fe3d08515ead7b53732966a1434231768f977a91 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 6 Sep 2024 07:13:59 +0200
Subject: [PATCH 332/755] [Web] Language file updated by 'Cleanup translation
 files' addon (#6064)

---
 data/web/lang/lang.pt-br.json | 45 -----------------------------------
 1 file changed, 45 deletions(-)

diff --git a/data/web/lang/lang.pt-br.json b/data/web/lang/lang.pt-br.json
index 0364bd191..2fbd43535 100644
--- a/data/web/lang/lang.pt-br.json
+++ b/data/web/lang/lang.pt-br.json
@@ -143,7 +143,6 @@
         "api_read_only": "Acesso somente para leitura",
         "api_read_write": "Acesso de leitura e gravação",
         "api_skip_ip_check": "Ignorar verificação de IP para API",
-        "app_hide": "Esconder para login",
         "app_links": "Links de aplicativos",
         "app_name": "Nome do aplicativo",
         "apps_name": "Nome “mailcow Apps”",
@@ -200,7 +199,6 @@
         "f2b_regex_info": "Registros considerados: SoGo, Postfix, Dovecot, PHP-FPM.",
         "f2b_retry_window": "Repita a (s) janela (s) para o máximo de tentativas",
         "f2b_whitelist": "Redes/hosts incluídos na lista branca",
-        "filter": "Filtro",
         "filter_table": "Tabela de filtros",
         "forwarding_hosts": "Anfitriões de encaminhamento",
         "forwarding_hosts_add_hint": "Você pode especificar endereços IPv4/IPv6, redes em notação CIDR, nomes de host (que serão resolvidos para endereços IP) ou nomes de domínio (que serão resolvidos para endereços IP consultando registros SPF ou, na ausência deles, registros MX).",
@@ -213,38 +211,6 @@
         "help_text": "Substituir texto de ajuda abaixo da máscara de login (HTML permitido)",
         "host": "Anfitrião",
         "html": "HTML",
-        "iam": "Provedor de Identificação",
-        "iam_attribute_field": "Campo de Atributo",
-        "iam_authorize_url": "Endpoint de Autorização",
-        "iam_auth_flow": "Fluxo de Autenticação",
-        "iam_auth_flow_info": "Além do fluxo de código de autorização (Standard Flow no Keycloak), que é usado para login no Single-Sign On, o mailcow também suporta o fluxo de autenticação com credenciais diretas. O fluxo Mailpassword tenta validar as credenciais do usuário usando a API REST Admin do Keycloak. O mailcow recupera a senha com o hash do atributo <code>mailcow_password</code>, que é mapeado no Keycloak.",
-        "iam_basedn": "DN Base",
-        "iam_client_id": "ID do Cliente",
-        "iam_client_secret": "Secret do Cliente",
-        "iam_client_scopes": "Escopos do Cliente",
-        "iam_description": "Configure um provedor externo para autenticação<br>As caixas de emails dos usuários serão automaticamente criadas no primeiro login, garanta que um atributo de mapeamento foi definido.",
-        "iam_extra_permission": "Para que as seguintes configurações funcionem, o cliente do mailcow no Keycloak precisa de um <code>Service Account</code> e de permissão para <code>view-users</code>",
-        "iam_host": "Servidor",
-        "iam_import_users": "Importar usuários",
-        "iam_mapping": "Atributo de mapeamento",
-        "iam_bindpass": "Senha de monitoramento",
-        "iam_periodic_full_sync": "Sincronização completa periódica",
-        "iam_port": "Porta",
-        "iam_realm": "Realm",
-        "iam_redirect_url": "Url de redirecionamento",
-        "iam_rest_flow": "Fluxo de Mailpassword",
-        "iam_server_url": "URL do Servidor",
-        "iam_sso": "SSO",
-        "iam_sync_interval": "Sincronizar / Intervalo de importação (min)",
-        "iam_test_connection": "Testar conexão",
-        "iam_token_url": "Endpoint do Token",
-        "iam_userinfo_url": "Endpoint de informações do Usuário",
-        "iam_username_field": "Campo de nome do usuário (username)",
-        "iam_binddn": "DN de monitoramento",
-        "iam_use_ssl": "Usar SSL",
-        "iam_use_tls": "Usar TLS",
-        "iam_version": "Versão",
-        "ignore_ssl_error": "Ignora erros de SSL",
         "import": "Importar",
         "import_private_key": "Importar chave privada",
         "in_use_by": "Em uso por",
@@ -367,7 +333,6 @@
         "subject": "Assunto",
         "success": "Sucesso",
         "sys_mails": "E-mails do sistema",
-        "task": "Tarefa",
         "text": "Texto",
         "time": "Hora",
         "title": "Título",
@@ -392,7 +357,6 @@
         "unchanged_if_empty": "Se inalterado, deixe em branco",
         "upload": "Carregar",
         "username": "Nome de usuário",
-        "user_link": "Link do User",
         "validate_license_now": "Valide o GUID em relação ao servidor de licenças",
         "verify": "Verificar",
         "yes": "✓"
@@ -407,7 +371,6 @@
         "aliases_in_use": "O máximo de aliases deve ser maior ou igual a %d",
         "app_name_empty": "O nome do aplicativo não pode estar vazio",
         "app_passwd_id_invalid": "ID de senha do aplicativo %s inválida",
-        "authsource_in_use": "O provedor de identificação não pode ser alterado ou removido por estar sendo utilizado por um ou mais usuários.",
         "bcc_empty": "O destino do BCC não pode estar vazio",
         "bcc_exists": "Existe um mapa BCC %s para o tipo %s",
         "bcc_must_be_email": "O destino %s do BCC não é um endereço de e-mail válido",
@@ -438,7 +401,6 @@
         "goto_empty": "Um endereço de alias deve conter pelo menos um endereço de destino válido",
         "goto_invalid": "O endereço Goto %s é inválido",
         "ham_learn_error": "Erro de aprendizado do Ham: %s",
-        "iam_test_connection": "Falha na conexão",
         "imagick_exception": "Erro: exceção Imagick ao ler a imagem",
         "img_dimensions_exceeded": "A imagem excede o tamanho máximo",
         "img_invalid": "Não é possível validar o arquivo de imagem",
@@ -497,7 +459,6 @@
         "redis_error": "Erro do Redis: %s",
         "relayhost_invalid": "A entrada de mapa %s é inválida",
         "release_send_failed": "A mensagem não pôde ser liberada: %s",
-        "required_data_missing": "O campo obrigatório %s está faltando",
         "reset_f2b_regex": "O filtro Regex não pôde ser redefinido a tempo. Tente novamente ou aguarde mais alguns segundos e recarregue o site.",
         "reset_token_limit_exceeded": "O limite de token de recuperação foi excedido. Por favor tente novamente mais tarde.",
         "resource_invalid": "O nome do recurso %s é inválido",
@@ -884,7 +845,6 @@
         "goto_ham": "Aprenda como <b>presunto</b>",
         "goto_spam": "Aprenda como <b>spam</b>",
         "hourly": "A cada hora",
-        "iam": "Provedor de Identificação",
         "in_use": "Em uso (%)",
         "inactive": "Inativo",
         "insert_preset": "Inserir exemplo de predefinição “%s”",
@@ -1120,7 +1080,6 @@
         "forwarding_host_removed": "O host de encaminhamento %s foi removido",
         "global_filter_written": "O filtro foi gravado com sucesso no arquivo",
         "hash_deleted": "Hash excluído",
-        "iam_test_connection": "Conexão realizada com sucesso",
         "ip_check_opt_in_modified": "A verificação de IP foi salva com sucesso",
         "item_deleted": "Item %s excluído com sucesso",
         "item_released": "Item %s lançado",
@@ -1218,7 +1177,6 @@
         "apple_connection_profile_mailonly": "Esse perfil de conexão inclui parâmetros de configuração IMAP e SMTP para um dispositivo Apple.",
         "apple_connection_profile_with_app_password": "Uma nova senha de aplicativo é gerada e adicionada ao perfil para que nenhuma senha precise ser inserida ao configurar seu dispositivo. Não compartilhe o arquivo, pois ele concede acesso total à sua mailbox.",
         "attribute": "Atributo",
-        "authentication": "Autenticação",
         "change_password": "Alterar senha",
         "change_password_hint_app_passwords": "Sua conta tem %d senhas de aplicativos que não serão alteradas. Para gerenciá-las, acesse a guia Senhas do aplicativo.",
         "clear_recent_successful_connections": "Conexões bem-sucedidas e claras",
@@ -1273,12 +1231,10 @@
         "no_record": "Sem registro",
         "open_logs": "Registros abertos",
         "open_webmail_sso": "Webmail",
-        "overview": "Overview",
         "password": "Senha",
         "password_now": "Senha atual (confirme as alterações)",
         "password_repeat": "Senha (repetição)",
         "password_reset_info": "Se nenhum email de recuperação for definido, esta função não poderá ser utilizada.",
-        "protocols": "Protocolos",
         "pushover_evaluate_x_prio": "Escale e-mails de alta prioridade [<code>X-Priority:</code> 1]",
         "pushover_info": "As configurações de notificação push serão aplicadas a todos os e-mails limpos (sem spam) entregues a <b>%s</b>, incluindo aliases (compartilhados, não compartilhados, marcados).",
         "pushover_only_x_prio": "Considere somente e-mails de alta prioridade [<code>X-Priority: 1</code>]",
@@ -1346,7 +1302,6 @@
         "tag_in_subfolder": "Na subpasta",
         "tag_in_subject": "No assunto",
         "text": "Texto",
-        "tfa_info": "Duplo fator de autenticação ajuda a proteger sua conta. Se você habilitar, você pode precisar de senhas de aplicativos para logar nos aplicativos ou serviços que não suportam duplo fator de autenticação (Ex. Clientes de email).",
         "title": "Título",
         "tls_enforce_in": "Imponha a entrada de TLS",
         "tls_enforce_out": "Imponha a saída TLS",

From 220fdbb168792c07493db330d898b345cc902055 Mon Sep 17 00:00:00 2001
From: Hassan A Hashim <h3ssan@protonmail.com>
Date: Fri, 6 Sep 2024 08:14:34 +0300
Subject: [PATCH 333/755] Add missing `Russian` translation (#6065)

---
 data/web/lang/lang.ru-ru.json | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index 4a1092f27..792d32661 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -476,6 +476,10 @@
     "debug": {
         "chart_this_server": "Диаграмма (текущий сервер)",
         "containers_info": "Статус контейнеров Docker",
+        "container_running": "Работающий",
+        "container_disabled": "Контейнер остановлен или отключен",
+        "container_stopped": "Остановлен",
+        "current_time": "Системное время",
         "disk_usage": "Использование дискового пространства",
         "docs": "Проиндексировано объектов",
         "external_logs": "Внешние журналы",
@@ -496,6 +500,7 @@
         "started_on": "Запущен в",
         "static_logs": "Статические журналы",
         "success": "Успех",
+        "no_update_available": "Система обновлена до последней версии",
         "system_containers": "Система и контейнеры",
         "uptime": "Время работы",
         "username": "Имя пользователя"
@@ -674,6 +679,7 @@
         "apps": "Приложения",
         "debug": "Состояние сервера",
         "email": "E-Mail",
+        "mailcow_system": "Система",
         "mailcow_config": "Конфигурация",
         "quarantine": "Карантин",
         "restart_netfilter": "Перезапустить netfilter",

From 0b9b8c906061857addaed0f10603b3ffc49f9c14 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 6 Sep 2024 10:05:00 +0200
Subject: [PATCH 334/755] [Web] Ensure correct SOGo SSO password is used after
 Dovecot restart

---
 data/web/sogo-auth.php | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/data/web/sogo-auth.php b/data/web/sogo-auth.php
index 640a8e00c..dbc54d7c2 100644
--- a/data/web/sogo-auth.php
+++ b/data/web/sogo-auth.php
@@ -47,13 +47,10 @@ elseif (isset($_GET['login'])) {
     (($_SESSION['acl']['login_as'] == "1" && $ALLOW_ADMIN_EMAIL_LOGIN !== 0) || ($is_dual === false && $login == $_SESSION['mailcow_cc_username']))) {
     if (filter_var($login, FILTER_VALIDATE_EMAIL)) {
       if (user_get_alias_details($login) !== false) {
-        // load master password
-        $sogo_sso_pass = file_get_contents("/etc/sogo-sso/sogo-sso.pass");
-        // register username and password in session
+        // register username in session
         $_SESSION[$session_var_user_allowed][] = $login;
-        $_SESSION[$session_var_pass] = $sogo_sso_pass;
         // set dual login
-        if ($_SESSION['acl']['login_as'] == "1" && $ALLOW_ADMIN_EMAIL_LOGIN !== 0 && $is_dual === false && $_SESSION['mailcow_cc_role'] != "user"){      
+        if ($_SESSION['acl']['login_as'] == "1" && $ALLOW_ADMIN_EMAIL_LOGIN !== 0 && $is_dual === false && $_SESSION['mailcow_cc_role'] != "user"){
           $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
           $_SESSION["dual-login"]["role"]     = $_SESSION['mailcow_cc_role'];
           $_SESSION['mailcow_cc_username']    = $login;
@@ -95,7 +92,7 @@ elseif (isset($_SERVER['HTTP_X_ORIGINAL_URI']) && strcasecmp(substr($_SERVER['HT
         in_array($email, $_SESSION[$session_var_user_allowed])
     ) {
       $username = $email;
-      $password = $_SESSION[$session_var_pass];
+      $password = file_get_contents("/etc/sogo-sso/sogo-sso.pass");
       header("X-User: $username");
       header("X-Auth: Basic ".base64_encode("$username:$password"));
       header("X-Auth-Type: Basic");

From 1528e8766a0af49e3eb378b479d03c41ff8ae75f Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 6 Sep 2024 15:59:52 +0200
Subject: [PATCH 335/755] [DockerApi] correctly escape user input

---
 data/Dockerfiles/dockerapi/modules/DockerApi.py | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/data/Dockerfiles/dockerapi/modules/DockerApi.py b/data/Dockerfiles/dockerapi/modules/DockerApi.py
index 909ac2872..64bcc4d95 100644
--- a/data/Dockerfiles/dockerapi/modules/DockerApi.py
+++ b/data/Dockerfiles/dockerapi/modules/DockerApi.py
@@ -410,7 +410,7 @@ class DockerApi:
         old_username = request_json['old_username'].replace("'", "'\\''")
         new_username = request_json['new_username'].replace("'", "'\\''")
 
-        sogo_return = container.exec_run(['sogo-tool', 'rename-user', old_username, new_username], user='sogo')
+        sogo_return = container.exec_run(["/bin/bash", "-c", f"sogo-tool rename-user '{old_username}' '{new_username}'"], user='sogo')
         return self.exec_run_handler('generic', sogo_return)
   # api call: container_post - post_action: exec - cmd: doveadm - task: get_acl
   def container_post__exec__doveadm__get_acl(self, request_json, **kwargs):
@@ -422,7 +422,7 @@ class DockerApi:
     for container in self.sync_docker_client.containers.list(filters=filters):
       id = request_json['id'].replace("'", "'\\''")
 
-      shared_folders = container.exec_run(["/bin/bash", "-c", f"doveadm mailbox list -u {id}"])
+      shared_folders = container.exec_run(["/bin/bash", "-c", f"doveadm mailbox list -u '{id}'"])
       shared_folders = shared_folders.output.decode('utf-8')
       shared_folders = shared_folders.splitlines()
 
@@ -435,12 +435,12 @@ class DockerApi:
         if len(shared_folder) < 3:
           continue
 
-        user = shared_folder[1]
-        mailbox = '/'.join(shared_folder[2:])
+        user = shared_folder[1].replace("'", "'\\''")
+        mailbox = '/'.join(shared_folder[2:]).replace("'", "'\\''")
         if mailbox in mailbox_seen:
           continue
 
-        acls = container.exec_run(["/bin/bash", "-c", f"doveadm acl get -u {user} {mailbox}"])
+        acls = container.exec_run(["/bin/bash", "-c", f"doveadm acl get -u '{user}' '{mailbox}'"])
         acls = acls.output.decode('utf-8').strip().splitlines()
         if len(acls) >= 2:
           for acl in acls[1:]:
@@ -462,7 +462,7 @@ class DockerApi:
       id = request_json['id'].replace("'", "'\\''")
 
       if user and mailbox and id:
-        acl_delete_return = container.exec_run(["/bin/bash", "-c", f'doveadm acl delete -u {user} {mailbox} "user={id}"'])
+        acl_delete_return = container.exec_run(["/bin/bash", "-c", f"doveadm acl delete -u '{user}' '{mailbox}' 'user={id}'"])
         return self.exec_run_handler('generic', acl_delete_return)
   # api call: container_post - post_action: exec - cmd: doveadm - task: set_acl
   def container_post__exec__doveadm__set_acl(self, request_json, **kwargs):
@@ -496,7 +496,7 @@ class DockerApi:
           rights += right + " "
 
       if user and mailbox and id and rights:
-        acl_set_return = container.exec_run(["/bin/bash", "-c", f'doveadm acl set -u {user} {mailbox} "user={id}" {rights}'])
+        acl_set_return = container.exec_run(["/bin/bash", "-c", f"doveadm acl set -u '{user}' '{mailbox}' 'user={id}' {rights}"])
         return self.exec_run_handler('generic', acl_set_return)
 
 

From f9304dcd9befcbcae3c1ffdbd4c9cfecad722f2b Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 9 Oct 2024 12:34:39 +0200
Subject: [PATCH 336/755] [Web] check if $iam_provider is null on
 ldap_mbox_login

---
 data/web/inc/functions.auth.inc.php | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 943bb1647..a0424f3ed 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -2,7 +2,7 @@
 function check_login($user, $pass, $app_passwd_data = false, $extra = null) {
   global $pdo;
   global $redis;
-  
+
   $is_internal = $extra['is_internal'];
   $role = $extra['role'];
 
@@ -194,7 +194,7 @@ function user_login($user, $pass, $extra = null){
       $result = ldap_mbox_login($user, $pass, $iam_settings, array('is_internal' => $is_internal, 'create' => true));
       if ($result !== false) return $result;
     }
-  } 
+  }
   if ($row['active'] != 1) {
     return false;
   }
@@ -313,7 +313,7 @@ function user_login($user, $pass, $extra = null){
       }
     break;
   }
- 
+
   return false;
 }
 function apppass_login($user, $pass, $app_passwd_data, $extra = null){
@@ -364,7 +364,7 @@ function apppass_login($user, $pass, $app_passwd_data, $extra = null){
     ':user' => $user,
   ));
   $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-  
+
   foreach ($rows as $row) {
     if ($protocol && $row[$protocol . '_access'] != '1'){
       continue;
@@ -476,7 +476,7 @@ function keycloak_mbox_login_rest($user, $pass, $iam_settings, $extra = null){
 }
 function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
   global $pdo;
-  
+
   $iam_provider = identity_provider();
   $is_internal = $extra['is_internal'];
   $create = $extra['create'];
@@ -491,6 +491,9 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
     }
     return false;
   }
+  if (!$iam_provider) {
+    return false;
+  }
 
   try {
     $ldap_query = $iam_provider->query();

From fda95301ba62fa1b354d177aa0e88526d9e6fd9e Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Tue, 15 Oct 2024 10:32:08 +0200
Subject: [PATCH 337/755] fix: added tls1.0/1.1 patch for openssl when using
 older tls versions in override (#6105)

---
 data/Dockerfiles/dovecot/docker-entrypoint.sh | 11 +++++++++++
 data/Dockerfiles/postfix/docker-entrypoint.sh | 11 +++++++++++
 docker-compose.yml                            |  4 ++--
 3 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index 2f0bfadf3..3cfdd77a6 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -405,6 +405,17 @@ else
 	chown 401 /mail_crypt/ecprivkey.pem /mail_crypt/ecpubkey.pem
 fi
 
+# Fix OpenSSL 3.X TLS1.0, 1.1 support (https://community.mailcow.email/d/4062-hi-all/20)
+if grep -qE 'ssl_min_protocol\s*=\s*(TLSv1|TLSv1\.1)\s*$' /etc/dovecot/dovecot.conf /etc/dovecot/extra.conf; then
+    sed -i '/\[openssl_init\]/a ssl_conf = ssl_configuration' /etc/ssl/openssl.cnf
+
+    echo "[ssl_configuration]" >> /etc/ssl/openssl.cnf
+    echo "system_default = tls_system_default" >> /etc/ssl/openssl.cnf
+    echo "[tls_system_default]" >> /etc/ssl/openssl.cnf
+    echo "MinProtocol = TLSv1" >> /etc/ssl/openssl.cnf
+    echo "CipherString = DEFAULT@SECLEVEL=0" >> /etc/ssl/openssl.cnf
+fi
+
 # Compile sieve scripts
 sievec /var/vmail/sieve/global_sieve_before.sieve
 sievec /var/vmail/sieve/global_sieve_after.sieve
diff --git a/data/Dockerfiles/postfix/docker-entrypoint.sh b/data/Dockerfiles/postfix/docker-entrypoint.sh
index c97b12844..7b6c5d4aa 100755
--- a/data/Dockerfiles/postfix/docker-entrypoint.sh
+++ b/data/Dockerfiles/postfix/docker-entrypoint.sh
@@ -12,4 +12,15 @@ if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
   cp /etc/syslog-ng/syslog-ng-redis_slave.conf /etc/syslog-ng/syslog-ng.conf
 fi
 
+# Fix OpenSSL 3.X TLS1.0, 1.1 support (https://community.mailcow.email/d/4062-hi-all/20)
+if grep -qE '\!SSLv2|\!SSLv3|>=TLSv1(\.[0-1])?$' /opt/postfix/conf/main.cf /opt/postfix/conf/extra.cf; then
+    sed -i '/\[openssl_init\]/a ssl_conf = ssl_configuration' /etc/ssl/openssl.cnf
+
+    echo "[ssl_configuration]" >> /etc/ssl/openssl.cnf
+    echo "system_default = tls_system_default" >> /etc/ssl/openssl.cnf
+    echo "[tls_system_default]" >> /etc/ssl/openssl.cnf
+    echo "MinProtocol = TLSv1" >> /etc/ssl/openssl.cnf
+    echo "CipherString = DEFAULT@SECLEVEL=0" >> /etc/ssl/openssl.cnf
+fi  
+
 exec "$@"
diff --git a/docker-compose.yml b/docker-compose.yml
index df5f296c5..f0bee182b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -224,7 +224,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:2.1
+      image: mailcow/dovecot:2.2
       depends_on:
         - mysql-mailcow
         - netfilter-mailcow
@@ -308,7 +308,7 @@ services:
             - dovecot
 
     postfix-mailcow:
-      image: mailcow/postfix:1.76
+      image: mailcow/postfix:1.77
       depends_on:
         mysql-mailcow:
           condition: service_started

From 54a0d53deb16fa3089d8717fd9e6c5b833a8d82e Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 15 Oct 2024 10:34:19 +0200
Subject: [PATCH 338/755] chore(deps): update
 thollander/actions-comment-pull-request action to v3 (#6102)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/check_prs_if_on_staging.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/check_prs_if_on_staging.yml b/.github/workflows/check_prs_if_on_staging.yml
index 3e779a448..6ba3b89c0 100644
--- a/.github/workflows/check_prs_if_on_staging.yml
+++ b/.github/workflows/check_prs_if_on_staging.yml
@@ -10,7 +10,7 @@ jobs:
     if: github.event.pull_request.base.ref != 'staging' #check if the target branch is not staging
     steps:
       - name: Send message
-        uses: thollander/actions-comment-pull-request@v2.5.0
+        uses: thollander/actions-comment-pull-request@v3.0.0
         with:
           GITHUB_TOKEN: ${{ secrets.CHECKIFPRISSTAGING_ACTION_PAT }}
           message: |

From 1538fda71c7b615cffb4382b695fbbb45de21708 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Tue, 15 Oct 2024 10:34:39 +0200
Subject: [PATCH 339/755] update postscreen_access.cidr (#6093)

---
 data/conf/postfix/postscreen_access.cidr | 30 ++++++++++++++++--------
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr
index f77d4e9ce..b9a185aa5 100644
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@@ -1,6 +1,6 @@
-# Whitelist generated by Postwhite v3.4 on Sun Sep  1 00:19:07 UTC 2024
+# Whitelist generated by Postwhite v3.4 on Tue Oct  1 00:18:56 UTC 2024
 # https://github.com/stevejenkins/postwhite/
-# 1994 total rules
+# 1970 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
 2a01:111:f403:8000::/50	permit
@@ -115,6 +115,9 @@
 40.92.0.0/16	permit
 40.107.0.0/16	permit
 40.112.65.63	permit
+40.233.64.216	permit
+40.233.83.78	permit
+40.233.88.28	permit
 43.228.184.0/22	permit
 44.206.138.57	permit
 44.217.45.156	permit
@@ -208,12 +211,12 @@
 52.96.223.2	permit
 52.96.228.130	permit
 52.96.229.242	permit
-52.100.0.0/14	permit
+52.100.0.0/15	permit
+52.102.0.0/16	permit
 52.103.0.0/17	permit
 52.119.213.144/28	permit
 52.185.106.240/28	permit
 52.200.59.0/24	permit
-52.205.61.79	permit
 52.207.191.216	permit
 52.222.62.51	permit
 52.222.73.83	permit
@@ -225,7 +228,6 @@
 52.236.28.240/28	permit
 54.90.148.255	permit
 54.165.19.38	permit
-54.172.97.247	permit
 54.174.52.0/24	permit
 54.174.57.0/24	permit
 54.174.59.0/24	permit
@@ -273,7 +275,6 @@
 64.127.115.252	permit
 64.132.88.0/23	permit
 64.132.92.0/24	permit
-64.147.123.128/27	permit
 64.207.219.7	permit
 64.207.219.8	permit
 64.207.219.9	permit
@@ -1373,6 +1374,7 @@
 139.138.58.119	permit
 139.167.79.86	permit
 139.180.17.0/24	permit
+140.238.148.191	permit
 141.148.159.229	permit
 141.193.32.0/23	permit
 141.193.184.32/27	permit
@@ -1413,10 +1415,14 @@
 149.72.248.236	permit
 149.97.173.180	permit
 150.230.98.160	permit
+151.145.38.14	permit
 152.67.105.195	permit
 152.69.200.236	permit
 152.70.155.126	permit
 155.248.208.51	permit
+155.248.220.138	permit
+155.248.234.149	permit
+155.248.237.141	permit
 157.55.0.192/26	permit
 157.55.1.128/26	permit
 157.55.2.0/25	permit
@@ -1497,6 +1503,7 @@
 167.220.67.232/29	permit
 168.138.5.36	permit
 168.138.73.51	permit
+168.138.77.31	permit
 168.245.0.0/17	permit
 168.245.12.252	permit
 168.245.46.9	permit
@@ -1519,6 +1526,7 @@
 172.217.192.0/19	permit
 172.253.56.0/21	permit
 172.253.112.0/20	permit
+173.0.84.0/29	permit
 173.0.84.224/27	permit
 173.0.94.244/30	permit
 173.194.0.0/16	permit
@@ -1537,7 +1545,6 @@
 174.36.114.148/30	permit
 174.36.114.152/29	permit
 174.37.67.28/30	permit
-174.129.203.189	permit
 175.41.215.51	permit
 176.32.105.0/24	permit
 176.32.127.0/24	permit
@@ -1610,6 +1617,8 @@
 188.172.128.0/20	permit
 192.0.64.0/18	permit
 192.18.139.154	permit
+192.18.145.36	permit
+192.18.152.58	permit
 192.30.252.0/22	permit
 192.161.144.0/20	permit
 192.162.87.0/24	permit
@@ -1677,6 +1686,7 @@
 199.122.123.0/24	permit
 199.127.232.0/22	permit
 199.255.192.0/22	permit
+202.12.124.128/27	permit
 202.129.242.0/23	permit
 202.165.102.47	permit
 202.177.148.100	permit
@@ -1727,9 +1737,9 @@
 204.92.114.187	permit
 204.92.114.203	permit
 204.92.114.204/31	permit
-204.141.32.0/23	permit
-204.141.42.0/23	permit
-204.220.160.0/20	permit
+204.220.160.0/21	permit
+204.220.168.0/21	permit
+204.220.176.0/20	permit
 204.232.168.0/24	permit
 205.139.110.0/24	permit
 205.201.128.0/20	permit

From 932cf453de345f6546832e958e8e3f3779212cdc Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 15 Oct 2024 10:34:57 +0200
Subject: [PATCH 340/755] chore(deps): update dependency nextcloud/server to
 v28.0.11 (#6101)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helper-scripts/nextcloud.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helper-scripts/nextcloud.sh b/helper-scripts/nextcloud.sh
index 19b4c28c1..2df3ca161 100755
--- a/helper-scripts/nextcloud.sh
+++ b/helper-scripts/nextcloud.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # renovate: datasource=github-releases depName=nextcloud/server versioning=semver extractVersion=^v(?<version>.*)$
-NEXTCLOUD_VERSION=28.0.6
+NEXTCLOUD_VERSION=28.0.11
 
 display_warning() {
     local message=("$@")

From 9a58e5e35a8e8484a7c3d68c1e0dc11fe2fcba98 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 15 Oct 2024 10:45:32 +0200
Subject: [PATCH 341/755] chore(deps): update dependency phpredis/phpredis to
 v6.1.0 (#6098)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
---
 data/Dockerfiles/phpfpm/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index 0ac722b22..e00609509 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -11,7 +11,7 @@ ARG MAILPARSE_PECL_VERSION=3.1.6
 # renovate: datasource=github-tags depName=php-memcached-dev/php-memcached versioning=semver-coerced extractVersion=^v(?<version>.*)$
 ARG MEMCACHED_PECL_VERSION=3.2.0
 # renovate: datasource=github-tags depName=phpredis/phpredis versioning=semver-coerced extractVersion=(?<version>.*)$
-ARG REDIS_PECL_VERSION=6.0.2
+ARG REDIS_PECL_VERSION=6.1.0
 # renovate: datasource=github-tags depName=composer/composer versioning=semver-coerced extractVersion=(?<version>.*)$
 ARG COMPOSER_VERSION=2.6.6
 

From 4c9690e87cd350640d423d821122328e78ae9fb1 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 15 Oct 2024 11:09:23 +0200
Subject: [PATCH 342/755] chore(deps): update dependency
 php/pecl-mail-mailparse to v3.1.8 (#6096)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 data/Dockerfiles/phpfpm/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index e00609509..1ec4e0c22 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -7,7 +7,7 @@ ARG APCU_PECL_VERSION=5.1.23
 # renovate: datasource=github-tags depName=Imagick/imagick versioning=semver-coerced extractVersion=(?<version>.*)$
 ARG IMAGICK_PECL_VERSION=3.7.0
 # renovate: datasource=github-tags depName=php/pecl-mail-mailparse versioning=semver-coerced extractVersion=^v(?<version>.*)$
-ARG MAILPARSE_PECL_VERSION=3.1.6
+ARG MAILPARSE_PECL_VERSION=3.1.8
 # renovate: datasource=github-tags depName=php-memcached-dev/php-memcached versioning=semver-coerced extractVersion=^v(?<version>.*)$
 ARG MEMCACHED_PECL_VERSION=3.2.0
 # renovate: datasource=github-tags depName=phpredis/phpredis versioning=semver-coerced extractVersion=(?<version>.*)$

From 382056ec181565470f8d2791d5af4059d1aa41d0 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 15 Oct 2024 11:24:26 +0200
Subject: [PATCH 343/755] chore(deps): update dependency krakjoe/apcu to
 v5.1.24 (#6087)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 data/Dockerfiles/phpfpm/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index 1ec4e0c22..b4704cfb0 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -3,7 +3,7 @@ FROM php:8.2-fpm-alpine3.18
 LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
 # renovate: datasource=github-tags depName=krakjoe/apcu versioning=semver-coerced extractVersion=^v(?<version>.*)$
-ARG APCU_PECL_VERSION=5.1.23
+ARG APCU_PECL_VERSION=5.1.24
 # renovate: datasource=github-tags depName=Imagick/imagick versioning=semver-coerced extractVersion=(?<version>.*)$
 ARG IMAGICK_PECL_VERSION=3.7.0
 # renovate: datasource=github-tags depName=php/pecl-mail-mailparse versioning=semver-coerced extractVersion=^v(?<version>.*)$

From 982e823c71ab64efe5b82de5842406f995af35a4 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Tue, 15 Oct 2024 16:13:51 +0200
Subject: [PATCH 344/755] sogo: upgrade to 5.11.1 (#6109)

---
 data/Dockerfiles/sogo/Dockerfile | 5 +++--
 docker-compose.yml               | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/data/Dockerfiles/sogo/Dockerfile b/data/Dockerfiles/sogo/Dockerfile
index 7b8b1c717..78da39bec 100644
--- a/data/Dockerfiles/sogo/Dockerfile
+++ b/data/Dockerfiles/sogo/Dockerfile
@@ -33,13 +33,14 @@ RUN echo "Building from repository $SOGO_DEBIAN_REPOSITORY" \
   && gosu nobody true \
   && mkdir /usr/share/doc/sogo \
   && touch /usr/share/doc/sogo/empty.sh \
-  && apt-key adv --keyserver keys.openpgp.org --recv-key 74FFC6D72B925A34B5D356BDF8A27B36A6E2EAE9 \
+  && wget http://www.axis.cz/linux/debian/axis-archive-keyring.deb -O /tmp/axis-archive-keyring.deb \
+  && apt install -y /tmp/axis-archive-keyring.deb \
   && echo "deb [trusted=yes] ${SOGO_DEBIAN_REPOSITORY} ${DEBIAN_VERSION} sogo-v5" > /etc/apt/sources.list.d/sogo.list \
   && apt-get update && apt-get install -y --no-install-recommends \
     sogo \
     sogo-activesync \
   && apt-get autoclean \
-  && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/sogo.list \
+  && rm -rf /var/lib/apt/lists/* \
   && touch /etc/default/locale
 
 COPY ./bootstrap-sogo.sh /bootstrap-sogo.sh
diff --git a/docker-compose.yml b/docker-compose.yml
index f0bee182b..52bce5ed1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -177,7 +177,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.126
+      image: mailcow/sogo:1.127
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}

From c53bf85480697c24912214bf74a1718a73052a06 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Wed, 16 Oct 2024 10:35:39 +0200
Subject: [PATCH 345/755] postfix: add X-Original-To header per default (#6110)

---
 data/conf/postfix/main.cf   | 2 ++
 data/conf/postfix/master.cf | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index 6a87f2ecb..6721204cb 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -170,6 +170,8 @@ smtputf8_enable = no
 submission_smtpd_tls_mandatory_protocols = >=TLSv1.2
 smtps_smtpd_tls_mandatory_protocols = >=TLSv1.2
 parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,qmqpd_authorized_clients
+# This Option is added to correctly set the X-Original-To Header when mails are send to lmtp (dovecot)
+lmtp_destination_recipient_limit=1
 
 # DO NOT EDIT ANYTHING BELOW #
 # Overrides #
diff --git a/data/conf/postfix/master.cf b/data/conf/postfix/master.cf
index df91a3900..d5114df28 100644
--- a/data/conf/postfix/master.cf
+++ b/data/conf/postfix/master.cf
@@ -105,7 +105,7 @@ retry      unix  -       -       n       -       -       error
 discard    unix  -       -       n       -       -       discard
 local      unix  -       n       n       -       -       local
 virtual    unix  -       n       n       -       -       virtual
-lmtp       unix  -       -       n       -       -       lmtp
+lmtp       unix  -       -       n       -       -       lmtp flags=O
 anvil      unix  -       -       n       -       1       anvil
 scache     unix  -       -       n       -       1       scache
 maildrop   unix  -       n       n       -       -       pipe flags=DRhu

From 8dcaffe925f095630ab194fbd5efa8b71d3731c1 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Wed, 16 Oct 2024 10:35:54 +0200
Subject: [PATCH 346/755] php: upgrade to alpine 3.20 (base os) (#6106)

---
 data/Dockerfiles/phpfpm/Dockerfile | 2 +-
 docker-compose.yml                 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index b4704cfb0..e9ebe071c 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:8.2-fpm-alpine3.18
+FROM php:8.2-fpm-alpine3.20
 
 LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 52bce5ed1..01f8ee90b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -112,7 +112,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.90
+      image: mailcow/phpfpm:1.91
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow

From 5a0f20b9eaad8a04aa8e8db9e959dae5c4d663b5 Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Wed, 16 Oct 2024 15:29:16 +0200
Subject: [PATCH 347/755] Update dependency twig/twig to v3.14.0 (#6071)

---
 data/web/inc/lib/composer.lock                |  178 +-
 data/web/inc/lib/vendor/autoload.php          |   17 +-
 .../inc/lib/vendor/composer/ClassLoader.php   |  137 +-
 .../lib/vendor/composer/InstalledVersions.php |   17 +-
 .../lib/vendor/composer/autoload_classmap.php |    2 +
 .../lib/vendor/composer/autoload_files.php    |    6 +
 .../inc/lib/vendor/composer/autoload_psr4.php |    1 +
 .../inc/lib/vendor/composer/autoload_real.php |   27 +-
 .../lib/vendor/composer/autoload_static.php   |   13 +
 .../inc/lib/vendor/composer/installed.json    |  184 +-
 .../web/inc/lib/vendor/composer/installed.php |   28 +-
 .../lib/vendor/composer/platform_check.php    |    4 +-
 .../deprecation-contracts/CHANGELOG.md        |    5 +
 .../symfony/deprecation-contracts/LICENSE     |   19 +
 .../symfony/deprecation-contracts/README.md   |   26 +
 .../deprecation-contracts/composer.json       |   35 +
 .../deprecation-contracts/function.php        |   27 +
 .../lib/vendor/symfony/polyfill-php81/LICENSE |   19 +
 .../vendor/symfony/polyfill-php81/Php81.php   |   37 +
 .../vendor/symfony/polyfill-php81/README.md   |   18 +
 .../Resources/stubs/CURLStringFile.php        |   51 +
 .../Resources/stubs/ReturnTypeWillChange.php  |   20 +
 .../symfony/polyfill-php81/bootstrap.php      |   28 +
 .../symfony/polyfill-php81/composer.json      |   33 +
 .../inc/lib/vendor/twig/twig/.editorconfig    |   18 -
 .../inc/lib/vendor/twig/twig/.gitattributes   |    4 -
 .../vendor/twig/twig/.github/workflows/ci.yml |  149 -
 .../twig/.github/workflows/documentation.yml  |   64 -
 data/web/inc/lib/vendor/twig/twig/.gitignore  |    6 -
 .../vendor/twig/twig/.php-cs-fixer.dist.php   |   20 -
 data/web/inc/lib/vendor/twig/twig/CHANGELOG   |  177 +-
 data/web/inc/lib/vendor/twig/twig/LICENSE     |    2 +-
 data/web/inc/lib/vendor/twig/twig/README.rst  |    2 +-
 .../inc/lib/vendor/twig/twig/composer.json    |   21 +-
 .../twig/twig/src/AbstractTwigCallable.php    |  136 +
 .../Attribute/FirstClassTwigCallableReady.php |   20 +
 .../twig/twig/src/Attribute/YieldReady.php    |   20 +
 .../vendor/twig/twig/src/Cache/ChainCache.php |   79 +
 .../twig/twig/src/Cache/FilesystemCache.php   |    8 +-
 .../src/Cache/ReadOnlyFilesystemCache.php     |   25 +
 .../inc/lib/vendor/twig/twig/src/Compiler.php |   69 +-
 .../lib/vendor/twig/twig/src/Environment.php  |  123 +-
 .../lib/vendor/twig/twig/src/Error/Error.php  |   18 +-
 .../twig/twig/src/Error/SyntaxError.php       |    4 +-
 .../vendor/twig/twig/src/ExpressionParser.php |  418 +--
 .../twig/src/Extension/AbstractExtension.php  |    2 +-
 .../twig/twig/src/Extension/CoreExtension.php | 2841 +++++++++--------
 .../twig/src/Extension/DebugExtension.php     |   66 +-
 .../twig/src/Extension/EscaperExtension.php   |  394 +--
 .../twig/src/Extension/ExtensionInterface.php |    7 +
 .../twig/src/Extension/GlobalsInterface.php   |    8 +-
 .../twig/src/Extension/OptimizerExtension.php |    8 +-
 .../twig/src/Extension/SandboxExtension.php   |   34 +-
 .../twig/src/Extension/StagingExtension.php   |    8 +-
 .../src/Extension/StringLoaderExtension.php   |   38 +-
 .../src/Extension/YieldNotReadyExtension.php  |   30 +
 .../lib/vendor/twig/twig/src/ExtensionSet.php |  101 +-
 .../src/FileExtensionEscapingStrategy.php     |    2 +-
 .../inc/lib/vendor/twig/twig/src/Lexer.php    |  147 +-
 .../twig/twig/src/Loader/ArrayLoader.php      |   14 +-
 .../twig/twig/src/Loader/ChainLoader.php      |   43 +-
 .../twig/twig/src/Loader/FilesystemLoader.php |   20 +-
 .../inc/lib/vendor/twig/twig/src/Markup.php   |    4 +-
 .../twig/twig/src/Node/AutoEscapeNode.php     |    6 +-
 .../vendor/twig/twig/src/Node/BlockNode.php   |   12 +-
 .../twig/twig/src/Node/BlockReferenceNode.php |    8 +-
 .../vendor/twig/twig/src/Node/BodyNode.php    |    3 +
 .../vendor/twig/twig/src/Node/CaptureNode.php |   57 +
 .../twig/src/Node/CheckSecurityCallNode.php   |    4 +-
 .../twig/twig/src/Node/CheckSecurityNode.php  |   31 +-
 .../twig/twig/src/Node/CheckToStringNode.php  |    4 +-
 .../twig/twig/src/Node/DeprecatedNode.php     |   40 +-
 .../lib/vendor/twig/twig/src/Node/DoNode.php  |    6 +-
 .../vendor/twig/twig/src/Node/EmbedNode.php   |    6 +-
 .../Node/Expression/AbstractExpression.php    |    4 +
 .../src/Node/Expression/ArrayExpression.php   |   66 +-
 .../Expression/ArrowFunctionExpression.php    |    4 +-
 .../Node/Expression/Binary/EndsWithBinary.php |    6 +-
 .../Node/Expression/Binary/EqualBinary.php    |    2 +-
 .../Node/Expression/Binary/GreaterBinary.php  |    2 +-
 .../Expression/Binary/GreaterEqualBinary.php  |    2 +-
 .../Node/Expression/Binary/HasEveryBinary.php |   33 +
 .../Node/Expression/Binary/HasSomeBinary.php  |   33 +
 .../src/Node/Expression/Binary/InBinary.php   |    2 +-
 .../src/Node/Expression/Binary/LessBinary.php |    2 +-
 .../Expression/Binary/LessEqualBinary.php     |    2 +-
 .../Node/Expression/Binary/MatchesBinary.php  |    2 +-
 .../Node/Expression/Binary/NotEqualBinary.php |    2 +-
 .../Node/Expression/Binary/NotInBinary.php    |    2 +-
 .../Expression/Binary/StartsWithBinary.php    |    6 +-
 .../Expression/BlockReferenceExpression.php   |    9 +-
 .../src/Node/Expression/CallExpression.php    |  193 +-
 .../Node/Expression/ConditionalExpression.php |   27 +-
 .../Node/Expression/ConstantExpression.php    |    3 +
 .../Node/Expression/Filter/DefaultFilter.php  |   23 +-
 .../src/Node/Expression/Filter/RawFilter.php  |   36 +
 .../src/Node/Expression/FilterExpression.php  |   55 +-
 .../Node/Expression/FunctionExpression.php    |   53 +-
 .../FunctionNode/EnumCasesFunction.php        |   41 +
 .../src/Node/Expression/GetAttrExpression.php |    2 +-
 .../twig/src/Node/Expression/InlinePrint.php  |    3 +-
 .../Node/Expression/MethodCallExpression.php  |    6 +-
 .../src/Node/Expression/NameExpression.php    |   14 +-
 .../Expression/NullCoalesceExpression.php     |    5 +-
 .../src/Node/Expression/ParentExpression.php  |    6 +-
 .../src/Node/Expression/Test/ConstantTest.php |    6 +-
 .../src/Node/Expression/Test/DefinedTest.php  |    9 +-
 .../Node/Expression/Test/DivisiblebyTest.php  |    2 +-
 .../src/Node/Expression/Test/SameasTest.php   |    2 +-
 .../src/Node/Expression/TestExpression.php    |   40 +-
 .../vendor/twig/twig/src/Node/FlushNode.php   |   17 +-
 .../vendor/twig/twig/src/Node/ForLoopNode.php |    8 +-
 .../lib/vendor/twig/twig/src/Node/ForNode.php |   19 +-
 .../lib/vendor/twig/twig/src/Node/IfNode.php  |   13 +-
 .../vendor/twig/twig/src/Node/ImportNode.php  |   16 +-
 .../vendor/twig/twig/src/Node/IncludeNode.php |   22 +-
 .../vendor/twig/twig/src/Node/MacroNode.php   |   45 +-
 .../vendor/twig/twig/src/Node/ModuleNode.php  |  101 +-
 .../twig/twig/src/Node/NameDeprecation.php    |   46 +
 .../lib/vendor/twig/twig/src/Node/Node.php    |  146 +-
 .../vendor/twig/twig/src/Node/PrintNode.php   |   13 +-
 .../vendor/twig/twig/src/Node/SandboxNode.php |    6 +-
 .../lib/vendor/twig/twig/src/Node/SetNode.php |   51 +-
 .../vendor/twig/twig/src/Node/TextNode.php    |    7 +-
 .../vendor/twig/twig/src/Node/TypesNode.php   |   28 +
 .../vendor/twig/twig/src/Node/WithNode.php    |   20 +-
 .../src/NodeVisitor/AbstractNodeVisitor.php   |    4 +-
 .../src/NodeVisitor/EscaperNodeVisitor.php    |   35 +-
 .../MacroAutoImportNodeVisitor.php            |   10 +-
 .../src/NodeVisitor/OptimizerNodeVisitor.php  |   70 +-
 .../NodeVisitor/SafeAnalysisNodeVisitor.php   |   28 +-
 .../src/NodeVisitor/SandboxNodeVisitor.php    |   15 +-
 .../NodeVisitor/YieldNotReadyNodeVisitor.php  |   59 +
 .../inc/lib/vendor/twig/twig/src/Parser.php   |   77 +-
 .../twig/src/Profiler/Dumper/BaseDumper.php   |    2 +-
 .../src/Profiler/Dumper/BlackfireDumper.php   |    6 +-
 .../twig/src/Profiler/Dumper/HtmlDumper.php   |    6 +-
 .../twig/src/Profiler/Dumper/TextDumper.php   |    6 +-
 .../src/Profiler/Node/EnterProfileNode.php    |    6 +-
 .../src/Profiler/Node/LeaveProfileNode.php    |    4 +-
 .../NodeVisitor/ProfilerNodeVisitor.php       |    9 +-
 .../vendor/twig/twig/src/Profiler/Profile.php |   17 +-
 .../vendor/twig/twig/src/Resources/core.php   |  541 ++++
 .../vendor/twig/twig/src/Resources/debug.php  |   25 +
 .../twig/twig/src/Resources/escaper.php       |   51 +
 .../twig/twig/src/Resources/string_loader.php |   26 +
 .../twig/twig/src/Runtime/EscaperRuntime.php  |  327 ++
 .../RuntimeLoader/ContainerRuntimeLoader.php  |    8 +-
 .../RuntimeLoader/FactoryRuntimeLoader.php    |    8 +-
 .../twig/twig/src/Sandbox/SecurityPolicy.php  |   26 +-
 .../src/Sandbox/SourcePolicyInterface.php     |   24 +
 .../inc/lib/vendor/twig/twig/src/Source.php   |   14 +-
 .../inc/lib/vendor/twig/twig/src/Template.php |  313 +-
 .../vendor/twig/twig/src/TemplateWrapper.php  |   39 +-
 .../twig/src/Test/IntegrationTestCase.php     |   59 +-
 .../twig/twig/src/Test/NodeTestCase.php       |   74 +-
 .../inc/lib/vendor/twig/twig/src/Token.php    |   32 +-
 .../twig/src/TokenParser/ApplyTokenParser.php |    8 +-
 .../src/TokenParser/AutoEscapeTokenParser.php |    8 +-
 .../twig/src/TokenParser/BlockTokenParser.php |   15 +-
 .../src/TokenParser/DeprecatedTokenParser.php |   29 +-
 .../twig/src/TokenParser/DoTokenParser.php    |    4 +-
 .../twig/src/TokenParser/EmbedTokenParser.php |   18 +-
 .../src/TokenParser/ExtendsTokenParser.php    |    7 +-
 .../twig/src/TokenParser/FlushTokenParser.php |    4 +-
 .../twig/src/TokenParser/ForTokenParser.php   |   16 +-
 .../twig/src/TokenParser/FromTokenParser.php  |   16 +-
 .../twig/src/TokenParser/IfTokenParser.php    |   12 +-
 .../src/TokenParser/ImportTokenParser.php     |    8 +-
 .../src/TokenParser/IncludeTokenParser.php    |   14 +-
 .../twig/src/TokenParser/MacroTokenParser.php |   14 +-
 .../src/TokenParser/SandboxTokenParser.php    |    6 +-
 .../twig/src/TokenParser/SetTokenParser.php   |   10 +-
 .../twig/src/TokenParser/TypesTokenParser.php |   86 +
 .../twig/src/TokenParser/UseTokenParser.php   |   14 +-
 .../twig/src/TokenParser/WithTokenParser.php  |   10 +-
 .../lib/vendor/twig/twig/src/TokenStream.php  |   23 +-
 .../twig/twig/src/TwigCallableInterface.php   |   53 +
 .../lib/vendor/twig/twig/src/TwigFilter.php   |   78 +-
 .../lib/vendor/twig/twig/src/TwigFunction.php |   79 +-
 .../inc/lib/vendor/twig/twig/src/TwigTest.php |   69 +-
 .../src/Util/CallableArgumentsExtractor.php   |  204 ++
 .../twig/src/Util/DeprecationCollector.php    |   10 +-
 .../twig/twig/src/Util/ReflectionCallable.php |   92 +
 184 files changed, 6895 insertions(+), 3455 deletions(-)
 create mode 100644 data/web/inc/lib/vendor/symfony/deprecation-contracts/CHANGELOG.md
 create mode 100644 data/web/inc/lib/vendor/symfony/deprecation-contracts/LICENSE
 create mode 100644 data/web/inc/lib/vendor/symfony/deprecation-contracts/README.md
 create mode 100644 data/web/inc/lib/vendor/symfony/deprecation-contracts/composer.json
 create mode 100644 data/web/inc/lib/vendor/symfony/deprecation-contracts/function.php
 create mode 100644 data/web/inc/lib/vendor/symfony/polyfill-php81/LICENSE
 create mode 100644 data/web/inc/lib/vendor/symfony/polyfill-php81/Php81.php
 create mode 100644 data/web/inc/lib/vendor/symfony/polyfill-php81/README.md
 create mode 100644 data/web/inc/lib/vendor/symfony/polyfill-php81/Resources/stubs/CURLStringFile.php
 create mode 100644 data/web/inc/lib/vendor/symfony/polyfill-php81/Resources/stubs/ReturnTypeWillChange.php
 create mode 100644 data/web/inc/lib/vendor/symfony/polyfill-php81/bootstrap.php
 create mode 100644 data/web/inc/lib/vendor/symfony/polyfill-php81/composer.json
 delete mode 100644 data/web/inc/lib/vendor/twig/twig/.editorconfig
 delete mode 100644 data/web/inc/lib/vendor/twig/twig/.gitattributes
 delete mode 100644 data/web/inc/lib/vendor/twig/twig/.github/workflows/ci.yml
 delete mode 100644 data/web/inc/lib/vendor/twig/twig/.github/workflows/documentation.yml
 delete mode 100644 data/web/inc/lib/vendor/twig/twig/.gitignore
 delete mode 100644 data/web/inc/lib/vendor/twig/twig/.php-cs-fixer.dist.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/AbstractTwigCallable.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/Attribute/FirstClassTwigCallableReady.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/Attribute/YieldReady.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/Cache/ChainCache.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/Cache/ReadOnlyFilesystemCache.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/Extension/YieldNotReadyExtension.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/Node/CaptureNode.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/HasEveryBinary.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/HasSomeBinary.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Filter/RawFilter.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/Node/Expression/FunctionNode/EnumCasesFunction.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/Node/NameDeprecation.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/Node/TypesNode.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/YieldNotReadyNodeVisitor.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/Resources/core.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/Resources/debug.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/Resources/escaper.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/Resources/string_loader.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/Runtime/EscaperRuntime.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/Sandbox/SourcePolicyInterface.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/TokenParser/TypesTokenParser.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/TwigCallableInterface.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/Util/CallableArgumentsExtractor.php
 create mode 100644 data/web/inc/lib/vendor/twig/twig/src/Util/ReflectionCallable.php

diff --git a/data/web/inc/lib/composer.lock b/data/web/inc/lib/composer.lock
index 758535375..422d353ab 100644
--- a/data/web/inc/lib/composer.lock
+++ b/data/web/inc/lib/composer.lock
@@ -1039,6 +1039,73 @@
             },
             "time": "2017-04-19T22:01:50+00:00"
         },
+        {
+            "name": "symfony/deprecation-contracts",
+            "version": "v3.5.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/deprecation-contracts.git",
+                "reference": "0e0d29ce1f20deffb4ab1b016a7257c4f1e789a1"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/0e0d29ce1f20deffb4ab1b016a7257c4f1e789a1",
+                "reference": "0e0d29ce1f20deffb4ab1b016a7257c4f1e789a1",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=8.1"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-main": "3.5-dev"
+                },
+                "thanks": {
+                    "name": "symfony/contracts",
+                    "url": "https://github.com/symfony/contracts"
+                }
+            },
+            "autoload": {
+                "files": [
+                    "function.php"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "A generic function and convention to trigger deprecation notices",
+            "homepage": "https://symfony.com",
+            "support": {
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.5.0"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2024-04-18T09:32:20+00:00"
+        },
         {
             "name": "symfony/polyfill-ctype",
             "version": "v1.24.0",
@@ -1287,6 +1354,82 @@
             ],
             "time": "2021-09-13T13:58:33+00:00"
         },
+        {
+            "name": "symfony/polyfill-php81",
+            "version": "v1.31.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/polyfill-php81.git",
+                "reference": "4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c",
+                "reference": "4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=7.2"
+            },
+            "type": "library",
+            "extra": {
+                "thanks": {
+                    "name": "symfony/polyfill",
+                    "url": "https://github.com/symfony/polyfill"
+                }
+            },
+            "autoload": {
+                "files": [
+                    "bootstrap.php"
+                ],
+                "psr-4": {
+                    "Symfony\\Polyfill\\Php81\\": ""
+                },
+                "classmap": [
+                    "Resources/stubs"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Symfony polyfill backporting some PHP 8.1+ features to lower PHP versions",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "compatibility",
+                "polyfill",
+                "portable",
+                "shim"
+            ],
+            "support": {
+                "source": "https://github.com/symfony/polyfill-php81/tree/v1.31.0"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2024-09-09T11:45:10+00:00"
+        },
         {
             "name": "symfony/translation",
             "version": "v6.0.5",
@@ -1604,34 +1747,37 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.4.3",
+            "version": "v3.14.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "c38fd6b0b7f370c198db91ffd02e23b517426b58"
+                "reference": "126b2c97818dbff0cdf3fbfc881aedb3d40aae72"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/c38fd6b0b7f370c198db91ffd02e23b517426b58",
-                "reference": "c38fd6b0b7f370c198db91ffd02e23b517426b58",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/126b2c97818dbff0cdf3fbfc881aedb3d40aae72",
+                "reference": "126b2c97818dbff0cdf3fbfc881aedb3d40aae72",
                 "shasum": ""
             },
             "require": {
-                "php": ">=7.2.5",
+                "php": ">=8.0.2",
+                "symfony/deprecation-contracts": "^2.5|^3",
                 "symfony/polyfill-ctype": "^1.8",
-                "symfony/polyfill-mbstring": "^1.3"
+                "symfony/polyfill-mbstring": "^1.3",
+                "symfony/polyfill-php81": "^1.29"
             },
             "require-dev": {
-                "psr/container": "^1.0",
-                "symfony/phpunit-bridge": "^4.4.9|^5.0.9|^6.0"
+                "psr/container": "^1.0|^2.0",
+                "symfony/phpunit-bridge": "^5.4.9|^6.4|^7.0"
             },
             "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-master": "3.4-dev"
-                }
-            },
             "autoload": {
+                "files": [
+                    "src/Resources/core.php",
+                    "src/Resources/debug.php",
+                    "src/Resources/escaper.php",
+                    "src/Resources/string_loader.php"
+                ],
                 "psr-4": {
                     "Twig\\": "src/"
                 }
@@ -1664,7 +1810,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.4.3"
+                "source": "https://github.com/twigphp/Twig/tree/v3.14.0"
             },
             "funding": [
                 {
@@ -1676,7 +1822,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-09-28T08:42:51+00:00"
+            "time": "2024-09-09T17:55:12+00:00"
         },
         {
             "name": "yubico/u2flib-server",
@@ -1728,5 +1874,5 @@
     "prefer-lowest": false,
     "platform": [],
     "platform-dev": [],
-    "plugin-api-version": "2.3.0"
+    "plugin-api-version": "2.6.0"
 }
diff --git a/data/web/inc/lib/vendor/autoload.php b/data/web/inc/lib/vendor/autoload.php
index c21364e81..a0fb8f4ac 100644
--- a/data/web/inc/lib/vendor/autoload.php
+++ b/data/web/inc/lib/vendor/autoload.php
@@ -3,8 +3,21 @@
 // autoload.php @generated by Composer
 
 if (PHP_VERSION_ID < 50600) {
-    echo 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL;
-    exit(1);
+    if (!headers_sent()) {
+        header('HTTP/1.1 500 Internal Server Error');
+    }
+    $err = 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL;
+    if (!ini_get('display_errors')) {
+        if (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') {
+            fwrite(STDERR, $err);
+        } elseif (!headers_sent()) {
+            echo $err;
+        }
+    }
+    trigger_error(
+        $err,
+        E_USER_ERROR
+    );
 }
 
 require_once __DIR__ . '/composer/autoload_real.php';
diff --git a/data/web/inc/lib/vendor/composer/ClassLoader.php b/data/web/inc/lib/vendor/composer/ClassLoader.php
index afef3fa2a..7824d8f7e 100644
--- a/data/web/inc/lib/vendor/composer/ClassLoader.php
+++ b/data/web/inc/lib/vendor/composer/ClassLoader.php
@@ -42,35 +42,37 @@ namespace Composer\Autoload;
  */
 class ClassLoader
 {
-    /** @var ?string */
+    /** @var \Closure(string):void */
+    private static $includeFile;
+
+    /** @var string|null */
     private $vendorDir;
 
     // PSR-4
     /**
-     * @var array[]
-     * @psalm-var array<string, array<string, int>>
+     * @var array<string, array<string, int>>
      */
     private $prefixLengthsPsr4 = array();
     /**
-     * @var array[]
-     * @psalm-var array<string, array<int, string>>
+     * @var array<string, list<string>>
      */
     private $prefixDirsPsr4 = array();
     /**
-     * @var array[]
-     * @psalm-var array<string, string>
+     * @var list<string>
      */
     private $fallbackDirsPsr4 = array();
 
     // PSR-0
     /**
-     * @var array[]
-     * @psalm-var array<string, array<string, string[]>>
+     * List of PSR-0 prefixes
+     *
+     * Structured as array('F (first letter)' => array('Foo\Bar (full prefix)' => array('path', 'path2')))
+     *
+     * @var array<string, array<string, list<string>>>
      */
     private $prefixesPsr0 = array();
     /**
-     * @var array[]
-     * @psalm-var array<string, string>
+     * @var list<string>
      */
     private $fallbackDirsPsr0 = array();
 
@@ -78,8 +80,7 @@ class ClassLoader
     private $useIncludePath = false;
 
     /**
-     * @var string[]
-     * @psalm-var array<string, string>
+     * @var array<string, string>
      */
     private $classMap = array();
 
@@ -87,29 +88,29 @@ class ClassLoader
     private $classMapAuthoritative = false;
 
     /**
-     * @var bool[]
-     * @psalm-var array<string, bool>
+     * @var array<string, bool>
      */
     private $missingClasses = array();
 
-    /** @var ?string */
+    /** @var string|null */
     private $apcuPrefix;
 
     /**
-     * @var self[]
+     * @var array<string, self>
      */
     private static $registeredLoaders = array();
 
     /**
-     * @param ?string $vendorDir
+     * @param string|null $vendorDir
      */
     public function __construct($vendorDir = null)
     {
         $this->vendorDir = $vendorDir;
+        self::initializeIncludeClosure();
     }
 
     /**
-     * @return string[]
+     * @return array<string, list<string>>
      */
     public function getPrefixes()
     {
@@ -121,8 +122,7 @@ class ClassLoader
     }
 
     /**
-     * @return array[]
-     * @psalm-return array<string, array<int, string>>
+     * @return array<string, list<string>>
      */
     public function getPrefixesPsr4()
     {
@@ -130,8 +130,7 @@ class ClassLoader
     }
 
     /**
-     * @return array[]
-     * @psalm-return array<string, string>
+     * @return list<string>
      */
     public function getFallbackDirs()
     {
@@ -139,8 +138,7 @@ class ClassLoader
     }
 
     /**
-     * @return array[]
-     * @psalm-return array<string, string>
+     * @return list<string>
      */
     public function getFallbackDirsPsr4()
     {
@@ -148,8 +146,7 @@ class ClassLoader
     }
 
     /**
-     * @return string[] Array of classname => path
-     * @psalm-return array<string, string>
+     * @return array<string, string> Array of classname => path
      */
     public function getClassMap()
     {
@@ -157,8 +154,7 @@ class ClassLoader
     }
 
     /**
-     * @param string[] $classMap Class to filename map
-     * @psalm-param array<string, string> $classMap
+     * @param array<string, string> $classMap Class to filename map
      *
      * @return void
      */
@@ -175,24 +171,25 @@ class ClassLoader
      * Registers a set of PSR-0 directories for a given prefix, either
      * appending or prepending to the ones previously set for this prefix.
      *
-     * @param string          $prefix  The prefix
-     * @param string[]|string $paths   The PSR-0 root directories
-     * @param bool            $prepend Whether to prepend the directories
+     * @param string              $prefix  The prefix
+     * @param list<string>|string $paths   The PSR-0 root directories
+     * @param bool                $prepend Whether to prepend the directories
      *
      * @return void
      */
     public function add($prefix, $paths, $prepend = false)
     {
+        $paths = (array) $paths;
         if (!$prefix) {
             if ($prepend) {
                 $this->fallbackDirsPsr0 = array_merge(
-                    (array) $paths,
+                    $paths,
                     $this->fallbackDirsPsr0
                 );
             } else {
                 $this->fallbackDirsPsr0 = array_merge(
                     $this->fallbackDirsPsr0,
-                    (array) $paths
+                    $paths
                 );
             }
 
@@ -201,19 +198,19 @@ class ClassLoader
 
         $first = $prefix[0];
         if (!isset($this->prefixesPsr0[$first][$prefix])) {
-            $this->prefixesPsr0[$first][$prefix] = (array) $paths;
+            $this->prefixesPsr0[$first][$prefix] = $paths;
 
             return;
         }
         if ($prepend) {
             $this->prefixesPsr0[$first][$prefix] = array_merge(
-                (array) $paths,
+                $paths,
                 $this->prefixesPsr0[$first][$prefix]
             );
         } else {
             $this->prefixesPsr0[$first][$prefix] = array_merge(
                 $this->prefixesPsr0[$first][$prefix],
-                (array) $paths
+                $paths
             );
         }
     }
@@ -222,9 +219,9 @@ class ClassLoader
      * Registers a set of PSR-4 directories for a given namespace, either
      * appending or prepending to the ones previously set for this namespace.
      *
-     * @param string          $prefix  The prefix/namespace, with trailing '\\'
-     * @param string[]|string $paths   The PSR-4 base directories
-     * @param bool            $prepend Whether to prepend the directories
+     * @param string              $prefix  The prefix/namespace, with trailing '\\'
+     * @param list<string>|string $paths   The PSR-4 base directories
+     * @param bool                $prepend Whether to prepend the directories
      *
      * @throws \InvalidArgumentException
      *
@@ -232,17 +229,18 @@ class ClassLoader
      */
     public function addPsr4($prefix, $paths, $prepend = false)
     {
+        $paths = (array) $paths;
         if (!$prefix) {
             // Register directories for the root namespace.
             if ($prepend) {
                 $this->fallbackDirsPsr4 = array_merge(
-                    (array) $paths,
+                    $paths,
                     $this->fallbackDirsPsr4
                 );
             } else {
                 $this->fallbackDirsPsr4 = array_merge(
                     $this->fallbackDirsPsr4,
-                    (array) $paths
+                    $paths
                 );
             }
         } elseif (!isset($this->prefixDirsPsr4[$prefix])) {
@@ -252,18 +250,18 @@ class ClassLoader
                 throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator.");
             }
             $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length;
-            $this->prefixDirsPsr4[$prefix] = (array) $paths;
+            $this->prefixDirsPsr4[$prefix] = $paths;
         } elseif ($prepend) {
             // Prepend directories for an already registered namespace.
             $this->prefixDirsPsr4[$prefix] = array_merge(
-                (array) $paths,
+                $paths,
                 $this->prefixDirsPsr4[$prefix]
             );
         } else {
             // Append directories for an already registered namespace.
             $this->prefixDirsPsr4[$prefix] = array_merge(
                 $this->prefixDirsPsr4[$prefix],
-                (array) $paths
+                $paths
             );
         }
     }
@@ -272,8 +270,8 @@ class ClassLoader
      * Registers a set of PSR-0 directories for a given prefix,
      * replacing any others previously set for this prefix.
      *
-     * @param string          $prefix The prefix
-     * @param string[]|string $paths  The PSR-0 base directories
+     * @param string              $prefix The prefix
+     * @param list<string>|string $paths  The PSR-0 base directories
      *
      * @return void
      */
@@ -290,8 +288,8 @@ class ClassLoader
      * Registers a set of PSR-4 directories for a given namespace,
      * replacing any others previously set for this namespace.
      *
-     * @param string          $prefix The prefix/namespace, with trailing '\\'
-     * @param string[]|string $paths  The PSR-4 base directories
+     * @param string              $prefix The prefix/namespace, with trailing '\\'
+     * @param list<string>|string $paths  The PSR-4 base directories
      *
      * @throws \InvalidArgumentException
      *
@@ -425,7 +423,8 @@ class ClassLoader
     public function loadClass($class)
     {
         if ($file = $this->findFile($class)) {
-            includeFile($file);
+            $includeFile = self::$includeFile;
+            $includeFile($file);
 
             return true;
         }
@@ -476,9 +475,9 @@ class ClassLoader
     }
 
     /**
-     * Returns the currently registered loaders indexed by their corresponding vendor directories.
+     * Returns the currently registered loaders keyed by their corresponding vendor directories.
      *
-     * @return self[]
+     * @return array<string, self>
      */
     public static function getRegisteredLoaders()
     {
@@ -555,18 +554,26 @@ class ClassLoader
 
         return false;
     }
-}
 
-/**
- * Scope isolated include.
- *
- * Prevents access to $this/self from included files.
- *
- * @param  string $file
- * @return void
- * @private
- */
-function includeFile($file)
-{
-    include $file;
+    /**
+     * @return void
+     */
+    private static function initializeIncludeClosure()
+    {
+        if (self::$includeFile !== null) {
+            return;
+        }
+
+        /**
+         * Scope isolated include.
+         *
+         * Prevents access to $this/self from included files.
+         *
+         * @param  string $file
+         * @return void
+         */
+        self::$includeFile = \Closure::bind(static function($file) {
+            include $file;
+        }, null, null);
+    }
 }
diff --git a/data/web/inc/lib/vendor/composer/InstalledVersions.php b/data/web/inc/lib/vendor/composer/InstalledVersions.php
index c6b54af7b..51e734a77 100644
--- a/data/web/inc/lib/vendor/composer/InstalledVersions.php
+++ b/data/web/inc/lib/vendor/composer/InstalledVersions.php
@@ -98,7 +98,7 @@ class InstalledVersions
     {
         foreach (self::getInstalled() as $installed) {
             if (isset($installed['versions'][$packageName])) {
-                return $includeDevRequirements || empty($installed['versions'][$packageName]['dev_requirement']);
+                return $includeDevRequirements || !isset($installed['versions'][$packageName]['dev_requirement']) || $installed['versions'][$packageName]['dev_requirement'] === false;
             }
         }
 
@@ -119,7 +119,7 @@ class InstalledVersions
      */
     public static function satisfies(VersionParser $parser, $packageName, $constraint)
     {
-        $constraint = $parser->parseConstraints($constraint);
+        $constraint = $parser->parseConstraints((string) $constraint);
         $provided = $parser->parseConstraints(self::getVersionRanges($packageName));
 
         return $provided->matches($constraint);
@@ -328,7 +328,9 @@ class InstalledVersions
                 if (isset(self::$installedByVendor[$vendorDir])) {
                     $installed[] = self::$installedByVendor[$vendorDir];
                 } elseif (is_file($vendorDir.'/composer/installed.php')) {
-                    $installed[] = self::$installedByVendor[$vendorDir] = require $vendorDir.'/composer/installed.php';
+                    /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */
+                    $required = require $vendorDir.'/composer/installed.php';
+                    $installed[] = self::$installedByVendor[$vendorDir] = $required;
                     if (null === self::$installed && strtr($vendorDir.'/composer', '\\', '/') === strtr(__DIR__, '\\', '/')) {
                         self::$installed = $installed[count($installed) - 1];
                     }
@@ -340,12 +342,17 @@ class InstalledVersions
             // only require the installed.php file if this file is loaded from its dumped location,
             // and not from its source location in the composer/composer package, see https://github.com/composer/composer/issues/9937
             if (substr(__DIR__, -8, 1) !== 'C') {
-                self::$installed = require __DIR__ . '/installed.php';
+                /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */
+                $required = require __DIR__ . '/installed.php';
+                self::$installed = $required;
             } else {
                 self::$installed = array();
             }
         }
-        $installed[] = self::$installed;
+
+        if (self::$installed !== array()) {
+            $installed[] = self::$installed;
+        }
 
         return $installed;
     }
diff --git a/data/web/inc/lib/vendor/composer/autoload_classmap.php b/data/web/inc/lib/vendor/composer/autoload_classmap.php
index f3327f110..83b86c267 100644
--- a/data/web/inc/lib/vendor/composer/autoload_classmap.php
+++ b/data/web/inc/lib/vendor/composer/autoload_classmap.php
@@ -7,7 +7,9 @@ $baseDir = dirname($vendorDir);
 
 return array(
     'Attribute' => $vendorDir . '/symfony/polyfill-php80/Resources/stubs/Attribute.php',
+    'CURLStringFile' => $vendorDir . '/symfony/polyfill-php81/Resources/stubs/CURLStringFile.php',
     'Composer\\InstalledVersions' => $vendorDir . '/composer/InstalledVersions.php',
+    'ReturnTypeWillChange' => $vendorDir . '/symfony/polyfill-php81/Resources/stubs/ReturnTypeWillChange.php',
     'Stringable' => $vendorDir . '/symfony/polyfill-php80/Resources/stubs/Stringable.php',
     'UnhandledMatchError' => $vendorDir . '/symfony/polyfill-php80/Resources/stubs/UnhandledMatchError.php',
     'ValueError' => $vendorDir . '/symfony/polyfill-php80/Resources/stubs/ValueError.php',
diff --git a/data/web/inc/lib/vendor/composer/autoload_files.php b/data/web/inc/lib/vendor/composer/autoload_files.php
index 502893f7d..526f6b6f4 100644
--- a/data/web/inc/lib/vendor/composer/autoload_files.php
+++ b/data/web/inc/lib/vendor/composer/autoload_files.php
@@ -10,8 +10,14 @@ return array(
     'a4a119a56e50fbb293281d9a48007e0e' => $vendorDir . '/symfony/polyfill-php80/bootstrap.php',
     'a1105708a18b76903365ca1c4aa61b02' => $vendorDir . '/symfony/translation/Resources/functions.php',
     '667aeda72477189d0494fecd327c3641' => $vendorDir . '/symfony/var-dumper/Resources/functions/dump.php',
+    '6e3fae29631ef280660b3cdad06f25a8' => $vendorDir . '/symfony/deprecation-contracts/function.php',
     '320cde22f66dd4f5d3fd621d3e88b98f' => $vendorDir . '/symfony/polyfill-ctype/bootstrap.php',
+    '23c18046f52bef3eea034657bafda50f' => $vendorDir . '/symfony/polyfill-php81/bootstrap.php',
     'fe62ba7e10580d903cc46d808b5961a4' => $vendorDir . '/tightenco/collect/src/Collect/Support/helpers.php',
     'caf31cc6ec7cf2241cb6f12c226c3846' => $vendorDir . '/tightenco/collect/src/Collect/Support/alias.php',
     '04c6c5c2f7095ccf6c481d3e53e1776f' => $vendorDir . '/mustangostang/spyc/Spyc.php',
+    '89efb1254ef2d1c5d80096acd12c4098' => $vendorDir . '/twig/twig/src/Resources/core.php',
+    'ffecb95d45175fd40f75be8a23b34f90' => $vendorDir . '/twig/twig/src/Resources/debug.php',
+    'c7baa00073ee9c61edf148c51917cfb4' => $vendorDir . '/twig/twig/src/Resources/escaper.php',
+    'f844ccf1d25df8663951193c3fc307c8' => $vendorDir . '/twig/twig/src/Resources/string_loader.php',
 );
diff --git a/data/web/inc/lib/vendor/composer/autoload_psr4.php b/data/web/inc/lib/vendor/composer/autoload_psr4.php
index 83d1f5655..0a55fb6cd 100644
--- a/data/web/inc/lib/vendor/composer/autoload_psr4.php
+++ b/data/web/inc/lib/vendor/composer/autoload_psr4.php
@@ -8,6 +8,7 @@ $baseDir = dirname($vendorDir);
 return array(
     'Twig\\' => array($vendorDir . '/twig/twig/src'),
     'Tightenco\\Collect\\' => array($vendorDir . '/tightenco/collect/src/Collect'),
+    'Symfony\\Polyfill\\Php81\\' => array($vendorDir . '/symfony/polyfill-php81'),
     'Symfony\\Polyfill\\Php80\\' => array($vendorDir . '/symfony/polyfill-php80'),
     'Symfony\\Polyfill\\Mbstring\\' => array($vendorDir . '/symfony/polyfill-mbstring'),
     'Symfony\\Polyfill\\Ctype\\' => array($vendorDir . '/symfony/polyfill-ctype'),
diff --git a/data/web/inc/lib/vendor/composer/autoload_real.php b/data/web/inc/lib/vendor/composer/autoload_real.php
index 6891b0c9e..5e2082534 100644
--- a/data/web/inc/lib/vendor/composer/autoload_real.php
+++ b/data/web/inc/lib/vendor/composer/autoload_real.php
@@ -33,25 +33,18 @@ class ComposerAutoloaderInit873464e4bd965a3168f133248b1b218b
 
         $loader->register(true);
 
-        $includeFiles = \Composer\Autoload\ComposerStaticInit873464e4bd965a3168f133248b1b218b::$files;
-        foreach ($includeFiles as $fileIdentifier => $file) {
-            composerRequire873464e4bd965a3168f133248b1b218b($fileIdentifier, $file);
+        $filesToLoad = \Composer\Autoload\ComposerStaticInit873464e4bd965a3168f133248b1b218b::$files;
+        $requireFile = \Closure::bind(static function ($fileIdentifier, $file) {
+            if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {
+                $GLOBALS['__composer_autoload_files'][$fileIdentifier] = true;
+
+                require $file;
+            }
+        }, null, null);
+        foreach ($filesToLoad as $fileIdentifier => $file) {
+            $requireFile($fileIdentifier, $file);
         }
 
         return $loader;
     }
 }
-
-/**
- * @param string $fileIdentifier
- * @param string $file
- * @return void
- */
-function composerRequire873464e4bd965a3168f133248b1b218b($fileIdentifier, $file)
-{
-    if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {
-        $GLOBALS['__composer_autoload_files'][$fileIdentifier] = true;
-
-        require $file;
-    }
-}
diff --git a/data/web/inc/lib/vendor/composer/autoload_static.php b/data/web/inc/lib/vendor/composer/autoload_static.php
index 94606e831..6b2f04a5f 100644
--- a/data/web/inc/lib/vendor/composer/autoload_static.php
+++ b/data/web/inc/lib/vendor/composer/autoload_static.php
@@ -11,10 +11,16 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
         'a4a119a56e50fbb293281d9a48007e0e' => __DIR__ . '/..' . '/symfony/polyfill-php80/bootstrap.php',
         'a1105708a18b76903365ca1c4aa61b02' => __DIR__ . '/..' . '/symfony/translation/Resources/functions.php',
         '667aeda72477189d0494fecd327c3641' => __DIR__ . '/..' . '/symfony/var-dumper/Resources/functions/dump.php',
+        '6e3fae29631ef280660b3cdad06f25a8' => __DIR__ . '/..' . '/symfony/deprecation-contracts/function.php',
         '320cde22f66dd4f5d3fd621d3e88b98f' => __DIR__ . '/..' . '/symfony/polyfill-ctype/bootstrap.php',
+        '23c18046f52bef3eea034657bafda50f' => __DIR__ . '/..' . '/symfony/polyfill-php81/bootstrap.php',
         'fe62ba7e10580d903cc46d808b5961a4' => __DIR__ . '/..' . '/tightenco/collect/src/Collect/Support/helpers.php',
         'caf31cc6ec7cf2241cb6f12c226c3846' => __DIR__ . '/..' . '/tightenco/collect/src/Collect/Support/alias.php',
         '04c6c5c2f7095ccf6c481d3e53e1776f' => __DIR__ . '/..' . '/mustangostang/spyc/Spyc.php',
+        '89efb1254ef2d1c5d80096acd12c4098' => __DIR__ . '/..' . '/twig/twig/src/Resources/core.php',
+        'ffecb95d45175fd40f75be8a23b34f90' => __DIR__ . '/..' . '/twig/twig/src/Resources/debug.php',
+        'c7baa00073ee9c61edf148c51917cfb4' => __DIR__ . '/..' . '/twig/twig/src/Resources/escaper.php',
+        'f844ccf1d25df8663951193c3fc307c8' => __DIR__ . '/..' . '/twig/twig/src/Resources/string_loader.php',
     );
 
     public static $prefixLengthsPsr4 = array (
@@ -25,6 +31,7 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
         ),
         'S' => 
         array (
+            'Symfony\\Polyfill\\Php81\\' => 23,
             'Symfony\\Polyfill\\Php80\\' => 23,
             'Symfony\\Polyfill\\Mbstring\\' => 26,
             'Symfony\\Polyfill\\Ctype\\' => 23,
@@ -80,6 +87,10 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
         array (
             0 => __DIR__ . '/..' . '/tightenco/collect/src/Collect',
         ),
+        'Symfony\\Polyfill\\Php81\\' => 
+        array (
+            0 => __DIR__ . '/..' . '/symfony/polyfill-php81',
+        ),
         'Symfony\\Polyfill\\Php80\\' => 
         array (
             0 => __DIR__ . '/..' . '/symfony/polyfill-php80',
@@ -170,7 +181,9 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
 
     public static $classMap = array (
         'Attribute' => __DIR__ . '/..' . '/symfony/polyfill-php80/Resources/stubs/Attribute.php',
+        'CURLStringFile' => __DIR__ . '/..' . '/symfony/polyfill-php81/Resources/stubs/CURLStringFile.php',
         'Composer\\InstalledVersions' => __DIR__ . '/..' . '/composer/InstalledVersions.php',
+        'ReturnTypeWillChange' => __DIR__ . '/..' . '/symfony/polyfill-php81/Resources/stubs/ReturnTypeWillChange.php',
         'Stringable' => __DIR__ . '/..' . '/symfony/polyfill-php80/Resources/stubs/Stringable.php',
         'UnhandledMatchError' => __DIR__ . '/..' . '/symfony/polyfill-php80/Resources/stubs/UnhandledMatchError.php',
         'ValueError' => __DIR__ . '/..' . '/symfony/polyfill-php80/Resources/stubs/ValueError.php',
diff --git a/data/web/inc/lib/vendor/composer/installed.json b/data/web/inc/lib/vendor/composer/installed.json
index e21edcc68..dfb2fb0cc 100644
--- a/data/web/inc/lib/vendor/composer/installed.json
+++ b/data/web/inc/lib/vendor/composer/installed.json
@@ -1068,6 +1068,76 @@
             ],
             "install-path": "../soundasleep/html2text"
         },
+        {
+            "name": "symfony/deprecation-contracts",
+            "version": "v3.5.0",
+            "version_normalized": "3.5.0.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/deprecation-contracts.git",
+                "reference": "0e0d29ce1f20deffb4ab1b016a7257c4f1e789a1"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/0e0d29ce1f20deffb4ab1b016a7257c4f1e789a1",
+                "reference": "0e0d29ce1f20deffb4ab1b016a7257c4f1e789a1",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=8.1"
+            },
+            "time": "2024-04-18T09:32:20+00:00",
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-main": "3.5-dev"
+                },
+                "thanks": {
+                    "name": "symfony/contracts",
+                    "url": "https://github.com/symfony/contracts"
+                }
+            },
+            "installation-source": "dist",
+            "autoload": {
+                "files": [
+                    "function.php"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "A generic function and convention to trigger deprecation notices",
+            "homepage": "https://symfony.com",
+            "support": {
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.5.0"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "install-path": "../symfony/deprecation-contracts"
+        },
         {
             "name": "symfony/polyfill-ctype",
             "version": "v1.24.0",
@@ -1325,6 +1395,85 @@
             ],
             "install-path": "../symfony/polyfill-php80"
         },
+        {
+            "name": "symfony/polyfill-php81",
+            "version": "v1.31.0",
+            "version_normalized": "1.31.0.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/polyfill-php81.git",
+                "reference": "4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c",
+                "reference": "4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=7.2"
+            },
+            "time": "2024-09-09T11:45:10+00:00",
+            "type": "library",
+            "extra": {
+                "thanks": {
+                    "name": "symfony/polyfill",
+                    "url": "https://github.com/symfony/polyfill"
+                }
+            },
+            "installation-source": "dist",
+            "autoload": {
+                "files": [
+                    "bootstrap.php"
+                ],
+                "psr-4": {
+                    "Symfony\\Polyfill\\Php81\\": ""
+                },
+                "classmap": [
+                    "Resources/stubs"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Symfony polyfill backporting some PHP 8.1+ features to lower PHP versions",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "compatibility",
+                "polyfill",
+                "portable",
+                "shim"
+            ],
+            "support": {
+                "source": "https://github.com/symfony/polyfill-php81/tree/v1.31.0"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "install-path": "../symfony/polyfill-php81"
+        },
         {
             "name": "symfony/translation",
             "version": "v6.0.5",
@@ -1654,37 +1803,40 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.4.3",
-            "version_normalized": "3.4.3.0",
+            "version": "v3.14.0",
+            "version_normalized": "3.14.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "c38fd6b0b7f370c198db91ffd02e23b517426b58"
+                "reference": "126b2c97818dbff0cdf3fbfc881aedb3d40aae72"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/c38fd6b0b7f370c198db91ffd02e23b517426b58",
-                "reference": "c38fd6b0b7f370c198db91ffd02e23b517426b58",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/126b2c97818dbff0cdf3fbfc881aedb3d40aae72",
+                "reference": "126b2c97818dbff0cdf3fbfc881aedb3d40aae72",
                 "shasum": ""
             },
             "require": {
-                "php": ">=7.2.5",
+                "php": ">=8.0.2",
+                "symfony/deprecation-contracts": "^2.5|^3",
                 "symfony/polyfill-ctype": "^1.8",
-                "symfony/polyfill-mbstring": "^1.3"
+                "symfony/polyfill-mbstring": "^1.3",
+                "symfony/polyfill-php81": "^1.29"
             },
             "require-dev": {
-                "psr/container": "^1.0",
-                "symfony/phpunit-bridge": "^4.4.9|^5.0.9|^6.0"
+                "psr/container": "^1.0|^2.0",
+                "symfony/phpunit-bridge": "^5.4.9|^6.4|^7.0"
             },
-            "time": "2022-09-28T08:42:51+00:00",
+            "time": "2024-09-09T17:55:12+00:00",
             "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-master": "3.4-dev"
-                }
-            },
             "installation-source": "dist",
             "autoload": {
+                "files": [
+                    "src/Resources/core.php",
+                    "src/Resources/debug.php",
+                    "src/Resources/escaper.php",
+                    "src/Resources/string_loader.php"
+                ],
                 "psr-4": {
                     "Twig\\": "src/"
                 }
@@ -1717,7 +1869,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.4.3"
+                "source": "https://github.com/twigphp/Twig/tree/v3.14.0"
             },
             "funding": [
                 {
diff --git a/data/web/inc/lib/vendor/composer/installed.php b/data/web/inc/lib/vendor/composer/installed.php
index c45f177e2..5d78fc9f3 100644
--- a/data/web/inc/lib/vendor/composer/installed.php
+++ b/data/web/inc/lib/vendor/composer/installed.php
@@ -3,7 +3,7 @@
         'name' => '__root__',
         'pretty_version' => 'dev-master',
         'version' => 'dev-master',
-        'reference' => '8e0b1d8aee4af02311692cb031695cc2ac3850fd',
+        'reference' => '220fdbb168792c07493db330d898b345cc902055',
         'type' => 'library',
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
@@ -13,7 +13,7 @@
         '__root__' => array(
             'pretty_version' => 'dev-master',
             'version' => 'dev-master',
-            'reference' => '8e0b1d8aee4af02311692cb031695cc2ac3850fd',
+            'reference' => '220fdbb168792c07493db330d898b345cc902055',
             'type' => 'library',
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),
@@ -175,6 +175,15 @@
             'aliases' => array(),
             'dev_requirement' => false,
         ),
+        'symfony/deprecation-contracts' => array(
+            'pretty_version' => 'v3.5.0',
+            'version' => '3.5.0.0',
+            'reference' => '0e0d29ce1f20deffb4ab1b016a7257c4f1e789a1',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/deprecation-contracts',
+            'aliases' => array(),
+            'dev_requirement' => false,
+        ),
         'symfony/polyfill-ctype' => array(
             'pretty_version' => 'v1.24.0',
             'version' => '1.24.0.0',
@@ -202,6 +211,15 @@
             'aliases' => array(),
             'dev_requirement' => false,
         ),
+        'symfony/polyfill-php81' => array(
+            'pretty_version' => 'v1.31.0',
+            'version' => '1.31.0.0',
+            'reference' => '4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/polyfill-php81',
+            'aliases' => array(),
+            'dev_requirement' => false,
+        ),
         'symfony/translation' => array(
             'pretty_version' => 'v6.0.5',
             'version' => '6.0.5.0',
@@ -245,9 +263,9 @@
             'dev_requirement' => false,
         ),
         'twig/twig' => array(
-            'pretty_version' => 'v3.4.3',
-            'version' => '3.4.3.0',
-            'reference' => 'c38fd6b0b7f370c198db91ffd02e23b517426b58',
+            'pretty_version' => 'v3.14.0',
+            'version' => '3.14.0.0',
+            'reference' => '126b2c97818dbff0cdf3fbfc881aedb3d40aae72',
             'type' => 'library',
             'install_path' => __DIR__ . '/../twig/twig',
             'aliases' => array(),
diff --git a/data/web/inc/lib/vendor/composer/platform_check.php b/data/web/inc/lib/vendor/composer/platform_check.php
index b168ddd5d..4c3a5d68f 100644
--- a/data/web/inc/lib/vendor/composer/platform_check.php
+++ b/data/web/inc/lib/vendor/composer/platform_check.php
@@ -4,8 +4,8 @@
 
 $issues = array();
 
-if (!(PHP_VERSION_ID >= 80002)) {
-    $issues[] = 'Your Composer dependencies require a PHP version ">= 8.0.2". You are running ' . PHP_VERSION . '.';
+if (!(PHP_VERSION_ID >= 80100)) {
+    $issues[] = 'Your Composer dependencies require a PHP version ">= 8.1.0". You are running ' . PHP_VERSION . '.';
 }
 
 if ($issues) {
diff --git a/data/web/inc/lib/vendor/symfony/deprecation-contracts/CHANGELOG.md b/data/web/inc/lib/vendor/symfony/deprecation-contracts/CHANGELOG.md
new file mode 100644
index 000000000..7932e2613
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/deprecation-contracts/CHANGELOG.md
@@ -0,0 +1,5 @@
+CHANGELOG
+=========
+
+The changelog is maintained for all Symfony contracts at the following URL:
+https://github.com/symfony/contracts/blob/main/CHANGELOG.md
diff --git a/data/web/inc/lib/vendor/symfony/deprecation-contracts/LICENSE b/data/web/inc/lib/vendor/symfony/deprecation-contracts/LICENSE
new file mode 100644
index 000000000..0ed3a2465
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/deprecation-contracts/LICENSE
@@ -0,0 +1,19 @@
+Copyright (c) 2020-present Fabien Potencier
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is furnished
+to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/data/web/inc/lib/vendor/symfony/deprecation-contracts/README.md b/data/web/inc/lib/vendor/symfony/deprecation-contracts/README.md
new file mode 100644
index 000000000..9814864c0
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/deprecation-contracts/README.md
@@ -0,0 +1,26 @@
+Symfony Deprecation Contracts
+=============================
+
+A generic function and convention to trigger deprecation notices.
+
+This package provides a single global function named `trigger_deprecation()` that triggers silenced deprecation notices.
+
+By using a custom PHP error handler such as the one provided by the Symfony ErrorHandler component,
+the triggered deprecations can be caught and logged for later discovery, both on dev and prod environments.
+
+The function requires at least 3 arguments:
+ - the name of the Composer package that is triggering the deprecation
+ - the version of the package that introduced the deprecation
+ - the message of the deprecation
+ - more arguments can be provided: they will be inserted in the message using `printf()` formatting
+
+Example:
+```php
+trigger_deprecation('symfony/blockchain', '8.9', 'Using "%s" is deprecated, use "%s" instead.', 'bitcoin', 'fabcoin');
+```
+
+This will generate the following message:
+`Since symfony/blockchain 8.9: Using "bitcoin" is deprecated, use "fabcoin" instead.`
+
+While not recommended, the deprecation notices can be completely ignored by declaring an empty
+`function trigger_deprecation() {}` in your application.
diff --git a/data/web/inc/lib/vendor/symfony/deprecation-contracts/composer.json b/data/web/inc/lib/vendor/symfony/deprecation-contracts/composer.json
new file mode 100644
index 000000000..ceb6c0796
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/deprecation-contracts/composer.json
@@ -0,0 +1,35 @@
+{
+    "name": "symfony/deprecation-contracts",
+    "type": "library",
+    "description": "A generic function and convention to trigger deprecation notices",
+    "homepage": "https://symfony.com",
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Nicolas Grekas",
+            "email": "p@tchwork.com"
+        },
+        {
+            "name": "Symfony Community",
+            "homepage": "https://symfony.com/contributors"
+        }
+    ],
+    "require": {
+        "php": ">=8.1"
+    },
+    "autoload": {
+        "files": [
+            "function.php"
+        ]
+    },
+    "minimum-stability": "dev",
+    "extra": {
+        "branch-alias": {
+            "dev-main": "3.5-dev"
+        },
+        "thanks": {
+            "name": "symfony/contracts",
+            "url": "https://github.com/symfony/contracts"
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/symfony/deprecation-contracts/function.php b/data/web/inc/lib/vendor/symfony/deprecation-contracts/function.php
new file mode 100644
index 000000000..2d56512ba
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/deprecation-contracts/function.php
@@ -0,0 +1,27 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+if (!function_exists('trigger_deprecation')) {
+    /**
+     * Triggers a silenced deprecation notice.
+     *
+     * @param string $package The name of the Composer package that is triggering the deprecation
+     * @param string $version The version of the package that introduced the deprecation
+     * @param string $message The message of the deprecation
+     * @param mixed  ...$args Values to insert in the message using printf() formatting
+     *
+     * @author Nicolas Grekas <p@tchwork.com>
+     */
+    function trigger_deprecation(string $package, string $version, string $message, mixed ...$args): void
+    {
+        @trigger_error(($package || $version ? "Since $package $version: " : '').($args ? vsprintf($message, $args) : $message), \E_USER_DEPRECATED);
+    }
+}
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-php81/LICENSE b/data/web/inc/lib/vendor/symfony/polyfill-php81/LICENSE
new file mode 100644
index 000000000..99c6bdf35
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/polyfill-php81/LICENSE
@@ -0,0 +1,19 @@
+Copyright (c) 2021-present Fabien Potencier
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is furnished
+to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-php81/Php81.php b/data/web/inc/lib/vendor/symfony/polyfill-php81/Php81.php
new file mode 100644
index 000000000..f0507b765
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/polyfill-php81/Php81.php
@@ -0,0 +1,37 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Polyfill\Php81;
+
+/**
+ * @author Nicolas Grekas <p@tchwork.com>
+ *
+ * @internal
+ */
+final class Php81
+{
+    public static function array_is_list(array $array): bool
+    {
+        if ([] === $array || $array === array_values($array)) {
+            return true;
+        }
+
+        $nextKey = -1;
+
+        foreach ($array as $k => $v) {
+            if ($k !== ++$nextKey) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+}
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-php81/README.md b/data/web/inc/lib/vendor/symfony/polyfill-php81/README.md
new file mode 100644
index 000000000..c07ef7820
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/polyfill-php81/README.md
@@ -0,0 +1,18 @@
+Symfony Polyfill / Php81
+========================
+
+This component provides features added to PHP 8.1 core:
+
+- [`array_is_list`](https://php.net/array_is_list)
+- [`enum_exists`](https://php.net/enum-exists)
+- [`MYSQLI_REFRESH_REPLICA`](https://php.net/mysqli.constants#constantmysqli-refresh-replica) constant
+- [`ReturnTypeWillChange`](https://wiki.php.net/rfc/internal_method_return_types)
+- [`CURLStringFile`](https://php.net/CURLStringFile) (but only if PHP >= 7.4 is used)
+
+More information can be found in the
+[main Polyfill README](https://github.com/symfony/polyfill/blob/main/README.md).
+
+License
+=======
+
+This library is released under the [MIT license](LICENSE).
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-php81/Resources/stubs/CURLStringFile.php b/data/web/inc/lib/vendor/symfony/polyfill-php81/Resources/stubs/CURLStringFile.php
new file mode 100644
index 000000000..5ff93fcaf
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/polyfill-php81/Resources/stubs/CURLStringFile.php
@@ -0,0 +1,51 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+if (\PHP_VERSION_ID >= 70400 && extension_loaded('curl')) {
+    /**
+     * @property string $data
+     */
+    class CURLStringFile extends CURLFile
+    {
+        private $data;
+
+        public function __construct(string $data, string $postname, string $mime = 'application/octet-stream')
+        {
+            $this->data = $data;
+            parent::__construct('data://application/octet-stream;base64,'.base64_encode($data), $mime, $postname);
+        }
+
+        public function __set(string $name, $value): void
+        {
+            if ('data' !== $name) {
+                $this->$name = $value;
+
+                return;
+            }
+
+            if (is_object($value) ? !method_exists($value, '__toString') : !is_scalar($value)) {
+                throw new TypeError('Cannot assign '.gettype($value).' to property CURLStringFile::$data of type string');
+            }
+
+            $this->name = 'data://application/octet-stream;base64,'.base64_encode($value);
+        }
+
+        public function __isset(string $name): bool
+        {
+            return isset($this->$name);
+        }
+
+        public function &__get(string $name)
+        {
+            return $this->$name;
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-php81/Resources/stubs/ReturnTypeWillChange.php b/data/web/inc/lib/vendor/symfony/polyfill-php81/Resources/stubs/ReturnTypeWillChange.php
new file mode 100644
index 000000000..cb7720a8d
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/polyfill-php81/Resources/stubs/ReturnTypeWillChange.php
@@ -0,0 +1,20 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+if (\PHP_VERSION_ID < 80100) {
+    #[Attribute(Attribute::TARGET_METHOD)]
+    final class ReturnTypeWillChange
+    {
+        public function __construct()
+        {
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-php81/bootstrap.php b/data/web/inc/lib/vendor/symfony/polyfill-php81/bootstrap.php
new file mode 100644
index 000000000..9f872e02f
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/polyfill-php81/bootstrap.php
@@ -0,0 +1,28 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+use Symfony\Polyfill\Php81 as p;
+
+if (\PHP_VERSION_ID >= 80100) {
+    return;
+}
+
+if (defined('MYSQLI_REFRESH_SLAVE') && !defined('MYSQLI_REFRESH_REPLICA')) {
+    define('MYSQLI_REFRESH_REPLICA', 64);
+}
+
+if (!function_exists('array_is_list')) {
+    function array_is_list(array $array): bool { return p\Php81::array_is_list($array); }
+}
+
+if (!function_exists('enum_exists')) {
+    function enum_exists(string $enum, bool $autoload = true): bool { return $autoload && class_exists($enum) && false; }
+}
diff --git a/data/web/inc/lib/vendor/symfony/polyfill-php81/composer.json b/data/web/inc/lib/vendor/symfony/polyfill-php81/composer.json
new file mode 100644
index 000000000..28b6408ea
--- /dev/null
+++ b/data/web/inc/lib/vendor/symfony/polyfill-php81/composer.json
@@ -0,0 +1,33 @@
+{
+    "name": "symfony/polyfill-php81",
+    "type": "library",
+    "description": "Symfony polyfill backporting some PHP 8.1+ features to lower PHP versions",
+    "keywords": ["polyfill", "shim", "compatibility", "portable"],
+    "homepage": "https://symfony.com",
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Nicolas Grekas",
+            "email": "p@tchwork.com"
+        },
+        {
+            "name": "Symfony Community",
+            "homepage": "https://symfony.com/contributors"
+        }
+    ],
+    "require": {
+        "php": ">=7.2"
+    },
+    "autoload": {
+        "psr-4": { "Symfony\\Polyfill\\Php81\\": "" },
+        "files": [ "bootstrap.php" ],
+        "classmap": [ "Resources/stubs" ]
+    },
+    "minimum-stability": "dev",
+    "extra": {
+        "thanks": {
+            "name": "symfony/polyfill",
+            "url": "https://github.com/symfony/polyfill"
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/.editorconfig b/data/web/inc/lib/vendor/twig/twig/.editorconfig
deleted file mode 100644
index 270f1d1b7..000000000
--- a/data/web/inc/lib/vendor/twig/twig/.editorconfig
+++ /dev/null
@@ -1,18 +0,0 @@
-; top-most EditorConfig file
-root = true
-
-; Unix-style newlines
-[*]
-end_of_line = LF
-
-[*.php]
-indent_style = space
-indent_size = 4
-
-[*.test]
-indent_style = space
-indent_size = 4
-
-[*.rst]
-indent_style = space
-indent_size = 4
diff --git a/data/web/inc/lib/vendor/twig/twig/.gitattributes b/data/web/inc/lib/vendor/twig/twig/.gitattributes
deleted file mode 100644
index 06bc36713..000000000
--- a/data/web/inc/lib/vendor/twig/twig/.gitattributes
+++ /dev/null
@@ -1,4 +0,0 @@
-/doc/ export-ignore
-/extra/ export-ignore
-/tests/ export-ignore
-/phpunit.xml.dist export-ignore
diff --git a/data/web/inc/lib/vendor/twig/twig/.github/workflows/ci.yml b/data/web/inc/lib/vendor/twig/twig/.github/workflows/ci.yml
deleted file mode 100644
index 65c2c4077..000000000
--- a/data/web/inc/lib/vendor/twig/twig/.github/workflows/ci.yml
+++ /dev/null
@@ -1,149 +0,0 @@
-name: "CI"
-
-on:
-    pull_request:
-    push:
-        branches:
-            - '3.x'
-
-env:
-    SYMFONY_PHPUNIT_DISABLE_RESULT_CACHE: 1
-
-permissions:
-  contents: read
-
-jobs:
-    tests:
-        name: "PHP ${{ matrix.php-version }}"
-
-        runs-on: 'ubuntu-latest'
-
-        continue-on-error: ${{ matrix.experimental }}
-
-        strategy:
-            matrix:
-                php-version:
-                    - '7.2.5'
-                    - '7.3'
-                    - '7.4'
-                    - '8.0'
-                    - '8.1'
-                experimental: [false]
-
-        steps:
-            - name: "Checkout code"
-              uses: actions/checkout@v4
-
-            - name: "Install PHP with extensions"
-              uses: shivammathur/setup-php@v2
-              with:
-                  coverage: "none"
-                  php-version: ${{ matrix.php-version }}
-                  ini-values: memory_limit=-1
-
-            - name: "Add PHPUnit matcher"
-              run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
-
-            - run: composer install
-
-            - name: "Install PHPUnit"
-              run: vendor/bin/simple-phpunit install
-
-            - name: "PHPUnit version"
-              run: vendor/bin/simple-phpunit --version
-
-            - name: "Run tests"
-              run: vendor/bin/simple-phpunit
-
-    extension-tests:
-        needs:
-            - 'tests'
-
-        name: "${{ matrix.extension }} with PHP ${{ matrix.php-version }}"
-
-        runs-on: 'ubuntu-latest'
-
-        continue-on-error: true
-
-        strategy:
-            matrix:
-                php-version:
-                    - '7.2.5'
-                    - '7.3'
-                    - '7.4'
-                    - '8.0'
-                    - '8.1'
-                extension:
-                    - 'extra/cache-extra'
-                    - 'extra/cssinliner-extra'
-                    - 'extra/html-extra'
-                    - 'extra/inky-extra'
-                    - 'extra/intl-extra'
-                    - 'extra/markdown-extra'
-                    - 'extra/string-extra'
-                    - 'extra/twig-extra-bundle'
-                experimental: [false]
-
-        steps:
-            - name: "Checkout code"
-              uses: actions/checkout@v4
-
-            - name: "Install PHP with extensions"
-              uses: shivammathur/setup-php@v2
-              with:
-                  coverage: "none"
-                  php-version: ${{ matrix.php-version }}
-                  ini-values: memory_limit=-1
-
-            - name: "Add PHPUnit matcher"
-              run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
-
-            - run: composer install
-
-            - name: "Install PHPUnit"
-              run: vendor/bin/simple-phpunit install
-
-            - name: "PHPUnit version"
-              run: vendor/bin/simple-phpunit --version
-
-            - name: "Composer install"
-              working-directory: ${{ matrix.extension}}
-              run: composer install
-
-            - name: "Run tests"
-              working-directory: ${{ matrix.extension}}
-              run: ../../vendor/bin/simple-phpunit
-
-#
-#    Drupal does not support Twig 3 now!
-#
-#    integration-tests:
-#        needs:
-#            - 'tests'
-#
-#        name: "Integration tests with PHP ${{ matrix.php-version }}"
-#
-#        runs-on: 'ubuntu-20.04'
-#
-#        continue-on-error: true
-#
-#        strategy:
-#            matrix:
-#                php-version:
-#                    - '7.3'
-#
-#        steps:
-#            - name: "Checkout code"
-#              uses: actions/checkout@v2
-#
-#            - name: "Install PHP with extensions"
-#              uses: shivammathur/setup-php@2
-#              with:
-#                  coverage: "none"
-#                  extensions: "gd, pdo_sqlite"
-#                  php-version: ${{ matrix.php-version }}
-#                  ini-values: memory_limit=-1
-#                  tools: composer:v2
-#
-#            - run: bash ./tests/drupal_test.sh
-#              shell: "bash"
diff --git a/data/web/inc/lib/vendor/twig/twig/.github/workflows/documentation.yml b/data/web/inc/lib/vendor/twig/twig/.github/workflows/documentation.yml
deleted file mode 100644
index 5caa8a33f..000000000
--- a/data/web/inc/lib/vendor/twig/twig/.github/workflows/documentation.yml
+++ /dev/null
@@ -1,64 +0,0 @@
-name: "Documentation"
-
-on:
-    pull_request:
-    push:
-        branches:
-            - '2.x'
-            - '3.x'
-
-permissions:
-  contents: read
-
-jobs:
-    build:
-        name: "Build"
-
-        runs-on: ubuntu-latest
-
-        steps:
-            -   name: "Checkout code"
-                uses: actions/checkout@v4
-
-            -   name: "Set-up PHP"
-                uses: shivammathur/setup-php@v2
-                with:
-                    php-version: 8.1
-                    coverage: none
-                    tools: "composer:v2"
-
-            -   name: Get composer cache directory
-                id: composercache
-                working-directory: doc/_build
-                run: echo "::set-output name=dir::$(composer config cache-files-dir)"
-
-            -   name: Cache dependencies
-                uses: actions/cache@v3
-                with:
-                    path: ${{ steps.composercache.outputs.dir }}
-                    key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
-                    restore-keys: ${{ runner.os }}-composer-
-
-            -   name: "Install dependencies"
-                working-directory: doc/_build
-                run: composer install --prefer-dist --no-progress
-
-            -   name: "Build the docs"
-                working-directory: doc/_build
-                run: php build.php --disable-cache
-
-    doctor-rst:
-        name: "DOCtor-RST"
-
-        runs-on: ubuntu-latest
-
-        steps:
-            - name: "Checkout code"
-              uses: actions/checkout@v4
-
-            - name: "Run DOCtor-RST"
-              uses: docker://oskarstark/doctor-rst
-              with:
-                  args: --short
-              env:
-                  DOCS_DIR: 'doc/'
diff --git a/data/web/inc/lib/vendor/twig/twig/.gitignore b/data/web/inc/lib/vendor/twig/twig/.gitignore
deleted file mode 100644
index b197246ba..000000000
--- a/data/web/inc/lib/vendor/twig/twig/.gitignore
+++ /dev/null
@@ -1,6 +0,0 @@
-/doc/_build/vendor
-/doc/_build/output
-/composer.lock
-/phpunit.xml
-/vendor
-.phpunit.result.cache
diff --git a/data/web/inc/lib/vendor/twig/twig/.php-cs-fixer.dist.php b/data/web/inc/lib/vendor/twig/twig/.php-cs-fixer.dist.php
deleted file mode 100644
index b07ac7fca..000000000
--- a/data/web/inc/lib/vendor/twig/twig/.php-cs-fixer.dist.php
+++ /dev/null
@@ -1,20 +0,0 @@
-<?php
-
-return (new PhpCsFixer\Config())
-    ->setRules([
-        '@Symfony' => true,
-        '@Symfony:risky' => true,
-        '@PHPUnit75Migration:risky' => true,
-        'php_unit_dedicate_assert' => ['target' => '5.6'],
-        'array_syntax' => ['syntax' => 'short'],
-        'php_unit_fqcn_annotation' => true,
-        'no_unreachable_default_argument_value' => false,
-        'braces' => ['allow_single_line_closure' => true],
-        'heredoc_to_nowdoc' => false,
-        'ordered_imports' => true,
-        'phpdoc_types_order' => ['null_adjustment' => 'always_last', 'sort_algorithm' => 'none'],
-        'native_function_invocation' => ['include' => ['@compiler_optimized'], 'scope' => 'all'],
-    ])
-    ->setRiskyAllowed(true)
-    ->setFinder((new PhpCsFixer\Finder())->in(__DIR__))
-;
diff --git a/data/web/inc/lib/vendor/twig/twig/CHANGELOG b/data/web/inc/lib/vendor/twig/twig/CHANGELOG
index 379387644..44c79b133 100644
--- a/data/web/inc/lib/vendor/twig/twig/CHANGELOG
+++ b/data/web/inc/lib/vendor/twig/twig/CHANGELOG
@@ -1,3 +1,178 @@
+# 3.14.0 (2024-09-09)
+
+ * Fix a security issue when an included sandboxed template has been loaded before without the sandbox context
+ * Add the possibility to reset globals via `Environment::resetGlobals()`
+ * Deprecate `Environment::mergeGlobals()`
+
+# 3.13.0 (2024-09-07)
+
+ * Add the `types` tag (experimental)
+ * Deprecate the `Twig\Test\NodeTestCase::getTests()` data provider, override `provideTests()` instead.
+ * Mark `Twig\Test\NodeTestCase::getEnvironment()` as final, override `createEnvironment()` instead.
+ * Deprecate `Twig\Test\NodeTestCase::getVariableGetter()`, call `createVariableGetter()` instead.
+ * Deprecate `Twig\Test\NodeTestCase::getAttributeGetter()`, call `createAttributeGetter()` instead.
+ * Deprecate not overriding `Twig\Test\IntegrationTestCase::getFixturesDirectory()`, this method will be abstract in 4.0
+ * Marked `Twig\Test\IntegrationTestCase::getTests()` and `getLegacyTests()` as final
+
+# 3.12.0 (2024-08-29)
+
+ * Deprecate the fact that the `extends` and `use` tags are always allowed in a sandboxed template.
+   This behavior will change in 4.0 where these tags will need to be explicitly allowed like any other tag.
+ * Deprecate the "tag" constructor argument of the "Twig\Node\Node" class as the tag is now automatically set by the Parser when needed
+ * Fix precedence of two-word tests when the first word is a valid test
+ * Deprecate the `spaceless` filter
+ * Deprecate some internal methods from `Parser`: `getBlockStack()`, `hasBlock()`, `getBlock()`, `hasMacro()`, `hasTraits()`, `getParent()`
+ * Deprecate passing `null` to `Twig\Parser::setParent()`
+ * Update `Node::__toString()` to include the node tag if set
+ * Add support for integers in methods of `Twig\Node\Node` that take a Node name
+ * Deprecate not passing a `BodyNode` instance as the body of a `ModuleNode` or `MacroNode` constructor
+ * Deprecate returning "null" from "TokenParserInterface::parse()".
+ * Deprecate `OptimizerNodeVisitor::OPTIMIZE_TEXT_NODES`
+ * Fix performance regression when `use_yield` is `false` (which is the default)
+ * Improve compatibility when `use_yield` is `false` (as extensions still using `echo` will work as is)
+ * Accept colons (`:`) in addition to equals (`=`) to separate argument names and values in named arguments
+ * Add the `html_cva` function (in the HTML extra package)
+ * Add support for named arguments to the `block` and `attribute` functions
+ * Throw a SyntaxError exception at compile time when a Twig callable has not the minimum number of required arguments
+ * Add a `CallableArgumentsExtractor` class
+ * Deprecate passing a name to `FunctionExpression`, `FilterExpression`, and `TestExpression`;
+   pass a `TwigFunction`, `TwigFilter`, or `TestFilter` instead
+ * Deprecate all Twig callable attributes on `FunctionExpression`, `FilterExpression`, and `TestExpression`
+ * Deprecate the `filter` node of `FilterExpression`
+ * Add the notion of Twig callables (functions, filters, and tests)
+ * Bump minimum PHP version to 8.0
+ * Fix integration tests when a test has more than one data/expect section and deprecations
+ * Add the `enum_cases` function
+
+# 3.11.0 (2024-08-08)
+
+ * Deprecate `OptimizerNodeVisitor::OPTIMIZE_RAW_FILTER`
+ * Add `Twig\Cache\ChainCache` and `Twig\Cache\ReadOnlyFilesystemCache`
+ * Add the possibility to deprecate attributes and nodes on `Node`
+ * Add the possibility to add a package and a version to the `deprecated` tag
+ * Add the possibility to add a package for filter/function/test deprecations
+ * Mark `ConstantExpression` as being `@final`
+ * Add the `find` filter
+ * Fix optimizer mode validation in `OptimizerNodeVisitor`
+ * Add the possibility to yield from a generator in `PrintNode`
+ * Add the `shuffle` filter
+ * Add the `singular` and `plural` filters in `StringExtension`
+ * Deprecate the second argument of `Twig\Node\Expression\CallExpression::compileArguments()`
+ * Deprecate `Twig\ExpressionParser\parseHashExpression()` in favor of
+   `Twig\ExpressionParser::parseMappingExpression()`
+ * Deprecate `Twig\ExpressionParser\parseArrayExpression()` in favor of
+   `Twig\ExpressionParser::parseSequenceExpression()`
+ * Add `sequence` and `mapping` tests
+ * Deprecate `Twig\Node\Expression\NameExpression::isSimple()` and
+    `Twig\Node\Expression\NameExpression::isSpecial()`
+
+# 3.10.3 (2024-05-16)
+
+ * Fix missing ; in generated code
+
+# 3.10.2 (2024-05-14)
+
+ * Fix support for the deprecated escaper signature
+
+# 3.10.1 (2024-05-12)
+
+ * Fix BC break on escaper extension
+ * Fix constant return type
+
+# 3.10.0 (2024-05-11)
+
+ * Make `CoreExtension::formatDate`, `CoreExtension::convertDate`, and
+   `CoreExtension::formatNumber` part of the public API
+ * Add `needs_charset` option for filters and functions
+ * Extract the escaping logic from the `EscaperExtension` class to a new
+   `EscaperRuntime` class.
+
+   The following methods from ``Twig\\Extension\\EscaperExtension`` are
+   deprecated: ``setEscaper()``, ``getEscapers()``, ``setSafeClasses``,
+   ``addSafeClasses()``. Use the same methods on the
+   ``Twig\\Runtime\\EscaperRuntime`` class instead.
+  * Fix capturing output from extensions that still use echo
+  * Fix a PHP warning in the Lexer on malformed templates
+  * Fix blocks not available under some circumstances
+  * Synchronize source context in templates when setting a Node on a Node
+
+# 3.9.3 (2024-04-18)
+
+ * Add missing `twig_escape_filter_is_safe` deprecated function
+ * Fix yield usage with CaptureNode
+ * Add missing unwrap call when using a TemplateWrapper instance internally
+ * Ensure Lexer is initialized early on
+
+# 3.9.2 (2024-04-17)
+
+ * Fix usage of display_end hook
+
+# 3.9.1 (2024-04-17)
+
+ * Fix missing `$blocks` variable in `CaptureNode`
+
+# 3.9.0 (2024-04-16)
+
+ * Add support for PHP 8.4
+ * Deprecate AbstractNodeVisitor
+ * Deprecate passing Template to Environment::resolveTemplate(), Environment::load(), and Template::loadTemplate()
+ * Add a new "yield" mode for output generation;
+   Node implementations that use "echo" or "print" should use "yield" instead;
+   all Node implementations should be flagged with `#[YieldReady]` once they've been made ready for "yield";
+   the "use_yield" Environment option can be turned on when all nodes have been made `#[YieldReady]`;
+   "yield" will be the only strategy supported in the next major version
+ * Add return type for Symfony 7 compatibility
+ * Fix premature loop exit in Security Policy lookup of allowed methods/properties
+ * Deprecate all internal extension functions in favor of methods on the extension classes
+ * Mark all extension functions as @internal
+ * Add SourcePolicyInterface to selectively enable the Sandbox based on a template's Source
+ * Throw a proper Twig exception when using cycle on an empty array
+
+# 3.8.0 (2023-11-21)
+
+ * Catch errors thrown during template rendering
+ * Fix IntlExtension::formatDateTime use of date formatter prototype
+ * Fix premature loop exit in Security Policy lookup of allowed methods/properties
+ * Remove NumberFormatter::TYPE_CURRENCY (deprecated in PHP 8.3)
+ * Restore return type annotations
+ * Allow Symfony 7 packages to be installed
+ * Deprecate `twig_test_iterable` function. Use the native `is_iterable` instead.
+
+# 3.7.1 (2023-08-28)
+
+ * Fix some phpdocs
+
+# 3.7.0 (2023-07-26)
+
+ * Add support for the ...spread operator on arrays and hashes
+
+# 3.6.1 (2023-06-08)
+
+ * Suppress some native return type deprecation messages
+
+# 3.6.0 (2023-05-03)
+
+ * Allow psr/container 2.0
+ * Add the new PHP 8.0 IntlDateFormatter::RELATIVE_* constants for date formatting
+ * Make the Lexer initialize itself lazily
+
+# 3.5.1 (2023-02-08)
+
+ * Arrow functions passed to the "reduce" filter now accept the current key as a third argument
+ * Restores the leniency of the matches twig comparison
+ * Fix error messages in sandboxed mode for "has some" and "has every"
+
+# 3.5.0 (2022-12-27)
+
+ * Make Twig\ExpressionParser non-internal
+ * Add "has some" and "has every" operators
+ * Add Compile::reset()
+ * Throw a better runtime error when the "matches" regexp is not valid
+ * Add "twig *_names" intl functions
+ * Fix optimizing closures callbacks
+ * Add a better exception when getting an undefined constant via `constant`
+ * Fix `if` nodes when outside of a block and with an empty body
+
 # 3.4.3 (2022-09-28)
 
  * Fix a security issue on filesystem loader (possibility to load a template outside a configured directory)
@@ -141,7 +316,7 @@
  * removed Parser::isReservedMacroName()
  * removed SanboxedPrintNode
  * removed Node::setTemplateName()
- * made classes maked as "@final" final
+ * made classes marked as "@final" final
  * removed InitRuntimeInterface, ExistsLoaderInterface, and SourceContextLoaderInterface
  * removed the "spaceless" tag
  * removed Twig\Environment::getBaseTemplateClass() and Twig\Environment::setBaseTemplateClass()
diff --git a/data/web/inc/lib/vendor/twig/twig/LICENSE b/data/web/inc/lib/vendor/twig/twig/LICENSE
index 8711927f6..fd8234e51 100644
--- a/data/web/inc/lib/vendor/twig/twig/LICENSE
+++ b/data/web/inc/lib/vendor/twig/twig/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2009-2022 by the Twig Team.
+Copyright (c) 2009-present by the Twig Team.
 
 All rights reserved.
 
diff --git a/data/web/inc/lib/vendor/twig/twig/README.rst b/data/web/inc/lib/vendor/twig/twig/README.rst
index fbe7e9a9f..7bf8c673e 100644
--- a/data/web/inc/lib/vendor/twig/twig/README.rst
+++ b/data/web/inc/lib/vendor/twig/twig/README.rst
@@ -11,7 +11,7 @@ Sponsors
 
 .. raw:: html
 
-    <a href="https://blackfire.io/docs/introduction?utm_source=twig&utm_medium=github_readme&utm_campaign=logo">
+    <a href="https://docs.blackfire.io/introduction?utm_source=twig&utm_medium=github_readme&utm_campaign=logo">
         <img src="https://static.blackfire.io/assets/intemporals/logo/png/blackfire-io_secondary_horizontal_transparent.png?1" width="255px" alt="Blackfire.io">
     </a>
 
diff --git a/data/web/inc/lib/vendor/twig/twig/composer.json b/data/web/inc/lib/vendor/twig/twig/composer.json
index 33e46405c..e0c3e6c6c 100644
--- a/data/web/inc/lib/vendor/twig/twig/composer.json
+++ b/data/web/inc/lib/vendor/twig/twig/composer.json
@@ -24,15 +24,23 @@
         }
     ],
     "require": {
-        "php": ">=7.2.5",
+        "php": ">=8.0.2",
+        "symfony/deprecation-contracts": "^2.5|^3",
         "symfony/polyfill-mbstring": "^1.3",
-        "symfony/polyfill-ctype": "^1.8"
+        "symfony/polyfill-ctype": "^1.8",
+        "symfony/polyfill-php81": "^1.29"
     },
     "require-dev": {
-        "symfony/phpunit-bridge": "^4.4.9|^5.0.9|^6.0",
-        "psr/container": "^1.0"
+        "symfony/phpunit-bridge": "^5.4.9|^6.4|^7.0",
+        "psr/container": "^1.0|^2.0"
     },
     "autoload": {
+        "files": [
+            "src/Resources/core.php",
+            "src/Resources/debug.php",
+            "src/Resources/escaper.php",
+            "src/Resources/string_loader.php"
+        ],
         "psr-4" : {
             "Twig\\" : "src/"
         }
@@ -41,10 +49,5 @@
         "psr-4" : {
             "Twig\\Tests\\" : "tests/"
         }
-    },
-    "extra": {
-        "branch-alias": {
-            "dev-master": "3.4-dev"
-        }
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/AbstractTwigCallable.php b/data/web/inc/lib/vendor/twig/twig/src/AbstractTwigCallable.php
new file mode 100644
index 000000000..f67184300
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/AbstractTwigCallable.php
@@ -0,0 +1,136 @@
+<?php
+
+/*
+ * This file is part of Twig.
+ *
+ * (c) Fabien Potencier
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Twig;
+
+/**
+ * @author Fabien Potencier <fabien@symfony.com>
+ */
+abstract class AbstractTwigCallable implements TwigCallableInterface
+{
+    protected $options;
+
+    private $name;
+    private $dynamicName;
+    private $callable;
+    private $arguments;
+
+    public function __construct(string $name, $callable = null, array $options = [])
+    {
+        $this->name = $this->dynamicName = $name;
+        $this->callable = $callable;
+        $this->arguments = [];
+        $this->options = array_merge([
+            'needs_environment' => false,
+            'needs_context' => false,
+            'needs_charset' => false,
+            'is_variadic' => false,
+            'deprecated' => false,
+            'deprecating_package' => '',
+            'alternative' => null,
+        ], $options);
+    }
+
+    public function __toString(): string
+    {
+        return \sprintf('%s(%s)', static::class, $this->name);
+    }
+
+    public function getName(): string
+    {
+        return $this->name;
+    }
+
+    public function getDynamicName(): string
+    {
+        return $this->dynamicName;
+    }
+
+    public function getCallable()
+    {
+        return $this->callable;
+    }
+
+    public function getNodeClass(): string
+    {
+        return $this->options['node_class'];
+    }
+
+    public function needsCharset(): bool
+    {
+        return $this->options['needs_charset'];
+    }
+
+    public function needsEnvironment(): bool
+    {
+        return $this->options['needs_environment'];
+    }
+
+    public function needsContext(): bool
+    {
+        return $this->options['needs_context'];
+    }
+
+    public function withDynamicArguments(string $name, string $dynamicName, array $arguments): self
+    {
+        $new = clone $this;
+        $new->name = $name;
+        $new->dynamicName = $dynamicName;
+        $new->arguments = $arguments;
+
+        return $new;
+    }
+
+    /**
+     * @deprecated since Twig 3.12, use withDynamicArguments() instead
+     */
+    public function setArguments(array $arguments): void
+    {
+        trigger_deprecation('twig/twig', '3.12', 'The "%s::setArguments()" method is deprecated, use "%s::withDynamicArguments()" instead.', static::class, static::class);
+
+        $this->arguments = $arguments;
+    }
+
+    public function getArguments(): array
+    {
+        return $this->arguments;
+    }
+
+    public function isVariadic(): bool
+    {
+        return $this->options['is_variadic'];
+    }
+
+    public function isDeprecated(): bool
+    {
+        return (bool) $this->options['deprecated'];
+    }
+
+    public function getDeprecatingPackage(): string
+    {
+        return $this->options['deprecating_package'];
+    }
+
+    public function getDeprecatedVersion(): string
+    {
+        return \is_bool($this->options['deprecated']) ? '' : $this->options['deprecated'];
+    }
+
+    public function getAlternative(): ?string
+    {
+        return $this->options['alternative'];
+    }
+
+    public function getMinimalNumberOfRequiredArguments(): int
+    {
+        return ($this->options['needs_charset'] ? 1 : 0) + ($this->options['needs_environment'] ? 1 : 0) + ($this->options['needs_context'] ? 1 : 0) + \count($this->arguments);
+    }
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Attribute/FirstClassTwigCallableReady.php b/data/web/inc/lib/vendor/twig/twig/src/Attribute/FirstClassTwigCallableReady.php
new file mode 100644
index 000000000..ffd8cffc8
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/Attribute/FirstClassTwigCallableReady.php
@@ -0,0 +1,20 @@
+<?php
+
+/*
+ * This file is part of Twig.
+ *
+ * (c) Fabien Potencier
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Twig\Attribute;
+
+/**
+ * Marks nodes that are ready to accept a TwigCallable instead of its name.
+ */
+#[\Attribute(\Attribute::TARGET_METHOD)]
+final class FirstClassTwigCallableReady
+{
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Attribute/YieldReady.php b/data/web/inc/lib/vendor/twig/twig/src/Attribute/YieldReady.php
new file mode 100644
index 000000000..335c4351e
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/Attribute/YieldReady.php
@@ -0,0 +1,20 @@
+<?php
+
+/*
+ * This file is part of Twig.
+ *
+ * (c) Fabien Potencier
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Twig\Attribute;
+
+/**
+ * Marks nodes that are ready for using "yield" instead of "echo" or "print()" for rendering.
+ */
+#[\Attribute(\Attribute::TARGET_CLASS)]
+final class YieldReady
+{
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Cache/ChainCache.php b/data/web/inc/lib/vendor/twig/twig/src/Cache/ChainCache.php
new file mode 100644
index 000000000..c94afdb43
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/Cache/ChainCache.php
@@ -0,0 +1,79 @@
+<?php
+
+/*
+ * This file is part of Twig.
+ *
+ * (c) Fabien Potencier
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Twig\Cache;
+
+/**
+ * Chains several caches together.
+ *
+ * Cached items are fetched from the first cache having them in its data store.
+ * They are saved and deleted in all adapters at once.
+ *
+ * @author Quentin Devos <quentin@devos.pm>
+ */
+final class ChainCache implements CacheInterface
+{
+    /**
+     * @param iterable<CacheInterface> $caches The ordered list of caches used to store and fetch cached items
+     */
+    public function __construct(
+        private iterable $caches,
+    ) {
+    }
+
+    public function generateKey(string $name, string $className): string
+    {
+        return $className.'#'.$name;
+    }
+
+    public function write(string $key, string $content): void
+    {
+        $splitKey = $this->splitKey($key);
+
+        foreach ($this->caches as $cache) {
+            $cache->write($cache->generateKey(...$splitKey), $content);
+        }
+    }
+
+    public function load(string $key): void
+    {
+        [$name, $className] = $this->splitKey($key);
+
+        foreach ($this->caches as $cache) {
+            $cache->load($cache->generateKey($name, $className));
+
+            if (class_exists($className, false)) {
+                break;
+            }
+        }
+    }
+
+    public function getTimestamp(string $key): int
+    {
+        $splitKey = $this->splitKey($key);
+
+        foreach ($this->caches as $cache) {
+            if (0 < $timestamp = $cache->getTimestamp($cache->generateKey(...$splitKey))) {
+                return $timestamp;
+            }
+        }
+
+        return 0;
+    }
+
+    /**
+     * @return string[]
+     */
+    private function splitKey(string $key): array
+    {
+        return array_reverse(explode('#', $key, 2));
+    }
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Cache/FilesystemCache.php b/data/web/inc/lib/vendor/twig/twig/src/Cache/FilesystemCache.php
index e075563ae..2e79fac05 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Cache/FilesystemCache.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Cache/FilesystemCache.php
@@ -50,11 +50,11 @@ class FilesystemCache implements CacheInterface
             if (false === @mkdir($dir, 0777, true)) {
                 clearstatcache(true, $dir);
                 if (!is_dir($dir)) {
-                    throw new \RuntimeException(sprintf('Unable to create the cache directory (%s).', $dir));
+                    throw new \RuntimeException(\sprintf('Unable to create the cache directory (%s).', $dir));
                 }
             }
         } elseif (!is_writable($dir)) {
-            throw new \RuntimeException(sprintf('Unable to write in the cache directory (%s).', $dir));
+            throw new \RuntimeException(\sprintf('Unable to write in the cache directory (%s).', $dir));
         }
 
         $tmpFile = tempnam($dir, basename($key));
@@ -63,7 +63,7 @@ class FilesystemCache implements CacheInterface
 
             if (self::FORCE_BYTECODE_INVALIDATION == ($this->options & self::FORCE_BYTECODE_INVALIDATION)) {
                 // Compile cached file into bytecode cache
-                if (\function_exists('opcache_invalidate') && filter_var(ini_get('opcache.enable'), \FILTER_VALIDATE_BOOLEAN)) {
+                if (\function_exists('opcache_invalidate') && filter_var(\ini_get('opcache.enable'), \FILTER_VALIDATE_BOOLEAN)) {
                     @opcache_invalidate($key, true);
                 } elseif (\function_exists('apc_compile_file')) {
                     apc_compile_file($key);
@@ -73,7 +73,7 @@ class FilesystemCache implements CacheInterface
             return;
         }
 
-        throw new \RuntimeException(sprintf('Failed to write cache file "%s".', $key));
+        throw new \RuntimeException(\sprintf('Failed to write cache file "%s".', $key));
     }
 
     public function getTimestamp(string $key): int
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Cache/ReadOnlyFilesystemCache.php b/data/web/inc/lib/vendor/twig/twig/src/Cache/ReadOnlyFilesystemCache.php
new file mode 100644
index 000000000..3ba6514c9
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/Cache/ReadOnlyFilesystemCache.php
@@ -0,0 +1,25 @@
+<?php
+
+/*
+ * This file is part of Twig.
+ *
+ * (c) Fabien Potencier
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Twig\Cache;
+
+/**
+ * Implements a cache on the filesystem that can only be read, not written to.
+ *
+ * @author Quentin Devos <quentin@devos.pm>
+ */
+class ReadOnlyFilesystemCache extends FilesystemCache
+{
+    public function write(string $key, string $content): void
+    {
+        // Do nothing with the content, it's a read-only filesystem.
+    }
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Compiler.php b/data/web/inc/lib/vendor/twig/twig/src/Compiler.php
index 95e1f183b..1a43aa7f6 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Compiler.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Compiler.php
@@ -22,15 +22,16 @@ class Compiler
     private $lastLine;
     private $source;
     private $indentation;
-    private $env;
     private $debugInfo = [];
     private $sourceOffset;
     private $sourceLine;
     private $varNameSalt = 0;
+    private $didUseEcho = false;
+    private $didUseEchoStack = [];
 
-    public function __construct(Environment $env)
-    {
-        $this->env = $env;
+    public function __construct(
+        private Environment $env,
+    ) {
     }
 
     public function getEnvironment(): Environment
@@ -46,7 +47,7 @@ class Compiler
     /**
      * @return $this
      */
-    public function compile(Node $node, int $indentation = 0)
+    public function reset(int $indentation = 0)
     {
         $this->lastLine = null;
         $this->source = '';
@@ -57,23 +58,54 @@ class Compiler
         $this->indentation = $indentation;
         $this->varNameSalt = 0;
 
-        $node->compile($this);
-
         return $this;
     }
 
+    /**
+     * @return $this
+     */
+    public function compile(Node $node, int $indentation = 0)
+    {
+        $this->reset($indentation);
+        $this->didUseEchoStack[] = $this->didUseEcho;
+
+        try {
+            $this->didUseEcho = false;
+            $node->compile($this);
+
+            if ($this->didUseEcho) {
+                trigger_deprecation('twig/twig', '3.9', 'Using "%s" is deprecated, use "yield" instead in "%s", then flag the class with #[YieldReady].', $this->didUseEcho, \get_class($node));
+            }
+
+            return $this;
+        } finally {
+            $this->didUseEcho = array_pop($this->didUseEchoStack);
+        }
+    }
+
     /**
      * @return $this
      */
     public function subcompile(Node $node, bool $raw = true)
     {
-        if (false === $raw) {
+        if (!$raw) {
             $this->source .= str_repeat(' ', $this->indentation * 4);
         }
 
-        $node->compile($this);
+        $this->didUseEchoStack[] = $this->didUseEcho;
 
-        return $this;
+        try {
+            $this->didUseEcho = false;
+            $node->compile($this);
+
+            if ($this->didUseEcho) {
+                trigger_deprecation('twig/twig', '3.9', 'Using "%s" is deprecated, use "yield" instead in "%s", then flag the class with #[YieldReady].', $this->didUseEcho, \get_class($node));
+            }
+
+            return $this;
+        } finally {
+            $this->didUseEcho = array_pop($this->didUseEchoStack);
+        }
     }
 
     /**
@@ -83,6 +115,7 @@ class Compiler
      */
     public function raw(string $string)
     {
+        $this->checkForEcho($string);
         $this->source .= $string;
 
         return $this;
@@ -96,6 +129,7 @@ class Compiler
     public function write(...$strings)
     {
         foreach ($strings as $string) {
+            $this->checkForEcho($string);
             $this->source .= str_repeat(' ', $this->indentation * 4).$string;
         }
 
@@ -109,7 +143,7 @@ class Compiler
      */
     public function string(string $value)
     {
-        $this->source .= sprintf('"%s"', addcslashes($value, "\0\t\"\$\\"));
+        $this->source .= \sprintf('"%s"', addcslashes($value, "\0\t\"\$\\"));
 
         return $this;
     }
@@ -161,7 +195,7 @@ class Compiler
     public function addDebugInfo(Node $node)
     {
         if ($node->getTemplateLine() != $this->lastLine) {
-            $this->write(sprintf("// line %d\n", $node->getTemplateLine()));
+            $this->write(\sprintf("// line %d\n", $node->getTemplateLine()));
 
             $this->sourceLine += substr_count($this->source, "\n", $this->sourceOffset);
             $this->sourceOffset = \strlen($this->source);
@@ -209,6 +243,15 @@ class Compiler
 
     public function getVarName(): string
     {
-        return sprintf('__internal_compile_%d', $this->varNameSalt++);
+        return \sprintf('__internal_compile_%d', $this->varNameSalt++);
+    }
+
+    private function checkForEcho(string $string): void
+    {
+        if ($this->didUseEcho) {
+            return;
+        }
+
+        $this->didUseEcho = preg_match('/^\s*+(echo|print)\b/', $string, $m) ? $m[1] : false;
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Environment.php b/data/web/inc/lib/vendor/twig/twig/src/Environment.php
index 85aaab916..24e55e979 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Environment.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Environment.php
@@ -22,12 +22,17 @@ use Twig\Extension\CoreExtension;
 use Twig\Extension\EscaperExtension;
 use Twig\Extension\ExtensionInterface;
 use Twig\Extension\OptimizerExtension;
+use Twig\Extension\YieldNotReadyExtension;
 use Twig\Loader\ArrayLoader;
 use Twig\Loader\ChainLoader;
 use Twig\Loader\LoaderInterface;
+use Twig\Node\Expression\Binary\AbstractBinary;
+use Twig\Node\Expression\Unary\AbstractUnary;
 use Twig\Node\ModuleNode;
 use Twig\Node\Node;
 use Twig\NodeVisitor\NodeVisitorInterface;
+use Twig\Runtime\EscaperRuntime;
+use Twig\RuntimeLoader\FactoryRuntimeLoader;
 use Twig\RuntimeLoader\RuntimeLoaderInterface;
 use Twig\TokenParser\TokenParserInterface;
 
@@ -38,11 +43,11 @@ use Twig\TokenParser\TokenParserInterface;
  */
 class Environment
 {
-    public const VERSION = '3.4.3';
-    public const VERSION_ID = 30403;
+    public const VERSION = '3.14.0';
+    public const VERSION_ID = 31400;
     public const MAJOR_VERSION = 3;
-    public const MINOR_VERSION = 4;
-    public const RELEASE_VERSION = 3;
+    public const MINOR_VERSION = 14;
+    public const RELEASE_VERSION = 0;
     public const EXTRA_VERSION = '';
 
     private $charset;
@@ -53,16 +58,19 @@ class Environment
     private $lexer;
     private $parser;
     private $compiler;
+    /** @var array<string, mixed> */
     private $globals = [];
     private $resolvedGlobals;
     private $loadedTemplates;
     private $strictVariables;
-    private $templateClassPrefix = '__TwigTemplate_';
     private $originalCache;
     private $extensionSet;
     private $runtimeLoaders = [];
     private $runtimes = [];
     private $optionsHash;
+    /** @var bool */
+    private $useYield;
+    private $defaultRuntimeLoader;
 
     /**
      * Constructor.
@@ -94,8 +102,12 @@ class Environment
      *  * optimizations: A flag that indicates which optimizations to apply
      *                   (default to -1 which means that all optimizations are enabled;
      *                   set it to 0 to disable).
+     *
+     *  * use_yield: true: forces templates to exclusively use "yield" instead of "echo" (all extensions must be yield ready)
+     *               false (default): allows templates to use a mix of "yield" and "echo" calls to allow for a progressive migration
+     *               Switch to "true" when possible as this will be the only supported mode in Twig 4.0
      */
-    public function __construct(LoaderInterface $loader, $options = [])
+    public function __construct(LoaderInterface $loader, array $options = [])
     {
         $this->setLoader($loader);
 
@@ -107,20 +119,38 @@ class Environment
             'cache' => false,
             'auto_reload' => null,
             'optimizations' => -1,
+            'use_yield' => false,
         ], $options);
 
+        $this->useYield = (bool) $options['use_yield'];
         $this->debug = (bool) $options['debug'];
         $this->setCharset($options['charset'] ?? 'UTF-8');
         $this->autoReload = null === $options['auto_reload'] ? $this->debug : (bool) $options['auto_reload'];
         $this->strictVariables = (bool) $options['strict_variables'];
         $this->setCache($options['cache']);
         $this->extensionSet = new ExtensionSet();
+        $this->defaultRuntimeLoader = new FactoryRuntimeLoader([
+            EscaperRuntime::class => function () { return new EscaperRuntime($this->charset); },
+        ]);
 
         $this->addExtension(new CoreExtension());
-        $this->addExtension(new EscaperExtension($options['autoescape']));
+        $escaperExt = new EscaperExtension($options['autoescape']);
+        $escaperExt->setEnvironment($this, false);
+        $this->addExtension($escaperExt);
+        if (\PHP_VERSION_ID >= 80000) {
+            $this->addExtension(new YieldNotReadyExtension($this->useYield));
+        }
         $this->addExtension(new OptimizerExtension($options['optimizations']));
     }
 
+    /**
+     * @internal
+     */
+    public function useYield(): bool
+    {
+        return $this->useYield;
+    }
+
     /**
      * Enables debugging mode.
      */
@@ -246,7 +276,6 @@ class Environment
      *
      *  * The cache key for the given template;
      *  * The currently enabled extensions;
-     *  * Whether the Twig C extension is available or not;
      *  * PHP version;
      *  * Twig version;
      *  * Options with what environment was created.
@@ -256,11 +285,11 @@ class Environment
      *
      * @internal
      */
-    public function getTemplateClass(string $name, int $index = null): string
+    public function getTemplateClass(string $name, ?int $index = null): string
     {
         $key = $this->getLoader()->getCacheKey($name).$this->optionsHash;
 
-        return $this->templateClassPrefix.hash(\PHP_VERSION_ID < 80100 ? 'sha256' : 'xxh128', $key).(null === $index ? '' : '___'.$index);
+        return '__TwigTemplate_'.hash(\PHP_VERSION_ID < 80100 ? 'sha256' : 'xxh128', $key).(null === $index ? '' : '___'.$index);
     }
 
     /**
@@ -305,6 +334,11 @@ class Environment
         if ($name instanceof TemplateWrapper) {
             return $name;
         }
+        if ($name instanceof Template) {
+            trigger_deprecation('twig/twig', '3.9', 'Passing a "%s" instance to "%s" is deprecated.', self::class, __METHOD__);
+
+            return $name;
+        }
 
         return new TemplateWrapper($this, $this->loadTemplate($this->getTemplateClass($name), $name));
     }
@@ -315,8 +349,8 @@ class Environment
      * This method is for internal use only and should never be called
      * directly.
      *
-     * @param string $name  The template name
-     * @param int    $index The index if it is an embedded template
+     * @param string   $name  The template name
+     * @param int|null $index The index if it is an embedded template
      *
      * @throws LoaderError  When the template cannot be found
      * @throws RuntimeError When a previously generated cache is corrupted
@@ -324,7 +358,7 @@ class Environment
      *
      * @internal
      */
-    public function loadTemplate(string $cls, string $name, int $index = null): Template
+    public function loadTemplate(string $cls, string $name, ?int $index = null): Template
     {
         $mainCls = $cls;
         if (null !== $index) {
@@ -342,7 +376,6 @@ class Environment
                 $this->cache->load($key);
             }
 
-            $source = null;
             if (!class_exists($cls, false)) {
                 $source = $this->getLoader()->getSourceContext($name);
                 $content = $this->compileSource($source);
@@ -359,7 +392,7 @@ class Environment
                 }
 
                 if (!class_exists($cls, false)) {
-                    throw new RuntimeError(sprintf('Failed to load Twig template "%s", index "%s": cache might be corrupted.', $name, $index), -1, $source);
+                    throw new RuntimeError(\sprintf('Failed to load Twig template "%s", index "%s": cache might be corrupted.', $name, $index), -1, $source);
                 }
             }
         }
@@ -374,19 +407,19 @@ class Environment
      *
      * This method should not be used as a generic way to load templates.
      *
-     * @param string $template The template source
-     * @param string $name     An optional name of the template to be used in error messages
+     * @param string      $template The template source
+     * @param string|null $name     An optional name of the template to be used in error messages
      *
      * @throws LoaderError When the template cannot be found
      * @throws SyntaxError When an error occurred during compilation
      */
-    public function createTemplate(string $template, string $name = null): TemplateWrapper
+    public function createTemplate(string $template, ?string $name = null): TemplateWrapper
     {
         $hash = hash(\PHP_VERSION_ID < 80100 ? 'sha256' : 'xxh128', $template, false);
         if (null !== $name) {
-            $name = sprintf('%s (string template %s)', $name, $hash);
+            $name = \sprintf('%s (string template %s)', $name, $hash);
         } else {
-            $name = sprintf('__string_template__%s', $hash);
+            $name = \sprintf('__string_template__%s', $hash);
         }
 
         $loader = new ChainLoader([
@@ -419,10 +452,10 @@ class Environment
     /**
      * Tries to load a template consecutively from an array.
      *
-     * Similar to load() but it also accepts instances of \Twig\Template and
-     * \Twig\TemplateWrapper, and an array of templates where each is tried to be loaded.
+     * Similar to load() but it also accepts instances of \Twig\TemplateWrapper
+     * and an array of templates where each is tried to be loaded.
      *
-     * @param string|TemplateWrapper|array $names A template or an array of templates to try consecutively
+     * @param string|TemplateWrapper|array<string|TemplateWrapper> $names A template or an array of templates to try consecutively
      *
      * @throws LoaderError When none of the templates can be found
      * @throws SyntaxError When an error occurred during compilation
@@ -436,7 +469,9 @@ class Environment
         $count = \count($names);
         foreach ($names as $name) {
             if ($name instanceof Template) {
-                return $name;
+                trigger_deprecation('twig/twig', '3.9', 'Passing a "%s" instance to "%s" is deprecated.', Template::class, __METHOD__);
+
+                return new TemplateWrapper($this, $name);
             }
             if ($name instanceof TemplateWrapper) {
                 return $name;
@@ -449,7 +484,7 @@ class Environment
             return $this->load($name);
         }
 
-        throw new LoaderError(sprintf('Unable to find one of the following templates: "%s".', implode('", "', $names)));
+        throw new LoaderError(\sprintf('Unable to find one of the following templates: "%s".', implode('", "', $names)));
     }
 
     public function setLexer(Lexer $lexer)
@@ -518,7 +553,7 @@ class Environment
             $e->setSourceContext($source);
             throw $e;
         } catch (\Exception $e) {
-            throw new SyntaxError(sprintf('An exception has been thrown during the compilation of a template ("%s").', $e->getMessage()), -1, $source, $e);
+            throw new SyntaxError(\sprintf('An exception has been thrown during the compilation of a template ("%s").', $e->getMessage()), -1, $source, $e);
         }
     }
 
@@ -534,7 +569,7 @@ class Environment
 
     public function setCharset(string $charset)
     {
-        if ('UTF8' === $charset = null === $charset ? null : strtoupper($charset)) {
+        if ('UTF8' === $charset = strtoupper($charset ?: '')) {
             // iconv on Windows requires "UTF-8" instead of "UTF8"
             $charset = 'UTF-8';
         }
@@ -592,7 +627,11 @@ class Environment
             }
         }
 
-        throw new RuntimeError(sprintf('Unable to load the "%s" runtime.', $class));
+        if (null !== $runtime = $this->defaultRuntimeLoader->load($class)) {
+            return $this->runtimes[$class] = $runtime;
+        }
+
+        throw new RuntimeError(\sprintf('Unable to load the "%s" runtime.', $class));
     }
 
     public function addExtension(ExtensionInterface $extension)
@@ -763,7 +802,7 @@ class Environment
     public function addGlobal(string $name, $value)
     {
         if ($this->extensionSet->isInitialized() && !\array_key_exists($name, $this->getGlobals())) {
-            throw new \LogicException(sprintf('Unable to add global "%s" as the runtime or the extensions have already been initialized.', $name));
+            throw new \LogicException(\sprintf('Unable to add global "%s" as the runtime or the extensions have already been initialized.', $name));
         }
 
         if (null !== $this->resolvedGlobals) {
@@ -775,6 +814,8 @@ class Environment
 
     /**
      * @internal
+     *
+     * @return array<string, mixed>
      */
     public function getGlobals(): array
     {
@@ -789,21 +830,26 @@ class Environment
         return array_merge($this->extensionSet->getGlobals(), $this->globals);
     }
 
+    public function resetGlobals(): void
+    {
+        $this->resolvedGlobals = null;
+        $this->extensionSet->resetGlobals();
+    }
+
+    /**
+     * @deprecated since Twig 3.14
+     */
     public function mergeGlobals(array $context): array
     {
-        // we don't use array_merge as the context being generally
-        // bigger than globals, this code is faster.
-        foreach ($this->getGlobals() as $key => $value) {
-            if (!\array_key_exists($key, $context)) {
-                $context[$key] = $value;
-            }
-        }
+        trigger_deprecation('twig/twig', '3.14', 'The "%s" method is deprecated.', __METHOD__);
 
-        return $context;
+        return $context + $this->getGlobals();
     }
 
     /**
      * @internal
+     *
+     * @return array<string, array{precedence: int, class: class-string<AbstractUnary>}>
      */
     public function getUnaryOperators(): array
     {
@@ -812,6 +858,8 @@ class Environment
 
     /**
      * @internal
+     *
+     * @return array<string, array{precedence: int, class: class-string<AbstractBinary>, associativity: ExpressionParser::OPERATOR_*}>
      */
     public function getBinaryOperators(): array
     {
@@ -827,6 +875,7 @@ class Environment
             self::VERSION,
             (int) $this->debug,
             (int) $this->strictVariables,
+            $this->useYield ? '1' : '0',
         ]);
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Error/Error.php b/data/web/inc/lib/vendor/twig/twig/src/Error/Error.php
index a68be65f2..61c309fa1 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Error/Error.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Error/Error.php
@@ -53,7 +53,7 @@ class Error extends \Exception
      * @param int         $lineno  The template line where the error occurred
      * @param Source|null $source  The source context where the error occurred
      */
-    public function __construct(string $message, int $lineno = -1, Source $source = null, \Exception $previous = null)
+    public function __construct(string $message, int $lineno = -1, ?Source $source = null, ?\Throwable $previous = null)
     {
         parent::__construct('', 0, $previous);
 
@@ -93,7 +93,7 @@ class Error extends \Exception
         return $this->name ? new Source($this->sourceCode, $this->name, $this->sourcePath) : null;
     }
 
-    public function setSourceContext(Source $source = null): void
+    public function setSourceContext(?Source $source = null): void
     {
         if (null === $source) {
             $this->sourceCode = $this->name = $this->sourcePath = null;
@@ -130,28 +130,28 @@ class Error extends \Exception
         }
 
         $dot = false;
-        if ('.' === substr($this->message, -1)) {
+        if (str_ends_with($this->message, '.')) {
             $this->message = substr($this->message, 0, -1);
             $dot = true;
         }
 
         $questionMark = false;
-        if ('?' === substr($this->message, -1)) {
+        if (str_ends_with($this->message, '?')) {
             $this->message = substr($this->message, 0, -1);
             $questionMark = true;
         }
 
         if ($this->name) {
-            if (\is_string($this->name) || (\is_object($this->name) && method_exists($this->name, '__toString'))) {
-                $name = sprintf('"%s"', $this->name);
+            if (\is_string($this->name) || $this->name instanceof \Stringable) {
+                $name = \sprintf('"%s"', $this->name);
             } else {
                 $name = json_encode($this->name);
             }
-            $this->message .= sprintf(' in %s', $name);
+            $this->message .= \sprintf(' in %s', $name);
         }
 
         if ($this->lineno && $this->lineno >= 0) {
-            $this->message .= sprintf(' at line %d', $this->lineno);
+            $this->message .= \sprintf(' at line %d', $this->lineno);
         }
 
         if ($dot) {
@@ -172,7 +172,7 @@ class Error extends \Exception
         foreach ($backtrace as $trace) {
             if (isset($trace['object']) && $trace['object'] instanceof Template) {
                 $currentClass = \get_class($trace['object']);
-                $isEmbedContainer = null === $templateClass ? false : 0 === strpos($templateClass, $currentClass);
+                $isEmbedContainer = null === $templateClass ? false : str_starts_with($templateClass, $currentClass);
                 if (null === $this->name || ($this->name == $trace['object']->getTemplateName() && !$isEmbedContainer)) {
                     $template = $trace['object'];
                     $templateClass = \get_class($trace['object']);
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Error/SyntaxError.php b/data/web/inc/lib/vendor/twig/twig/src/Error/SyntaxError.php
index 726b3309e..841b653f5 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Error/SyntaxError.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Error/SyntaxError.php
@@ -30,7 +30,7 @@ class SyntaxError extends Error
         $alternatives = [];
         foreach ($items as $item) {
             $lev = levenshtein($name, $item);
-            if ($lev <= \strlen($name) / 3 || false !== strpos($item, $name)) {
+            if ($lev <= \strlen($name) / 3 || str_contains($item, $name)) {
                 $alternatives[$item] = $lev;
             }
         }
@@ -41,6 +41,6 @@ class SyntaxError extends Error
 
         asort($alternatives);
 
-        $this->appendMessage(sprintf(' Did you mean "%s"?', implode('", "', array_keys($alternatives))));
+        $this->appendMessage(\sprintf(' Did you mean "%s"?', implode('", "', array_keys($alternatives))));
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/ExpressionParser.php b/data/web/inc/lib/vendor/twig/twig/src/ExpressionParser.php
index 70b6eb05c..dc4a6015d 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/ExpressionParser.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/ExpressionParser.php
@@ -12,20 +12,21 @@
 
 namespace Twig;
 
+use Twig\Attribute\FirstClassTwigCallableReady;
 use Twig\Error\SyntaxError;
 use Twig\Node\Expression\AbstractExpression;
 use Twig\Node\Expression\ArrayExpression;
 use Twig\Node\Expression\ArrowFunctionExpression;
 use Twig\Node\Expression\AssignNameExpression;
+use Twig\Node\Expression\Binary\AbstractBinary;
 use Twig\Node\Expression\Binary\ConcatBinary;
-use Twig\Node\Expression\BlockReferenceExpression;
 use Twig\Node\Expression\ConditionalExpression;
 use Twig\Node\Expression\ConstantExpression;
 use Twig\Node\Expression\GetAttrExpression;
 use Twig\Node\Expression\MethodCallExpression;
 use Twig\Node\Expression\NameExpression;
-use Twig\Node\Expression\ParentExpression;
 use Twig\Node\Expression\TestExpression;
+use Twig\Node\Expression\Unary\AbstractUnary;
 use Twig\Node\Expression\Unary\NegUnary;
 use Twig\Node\Expression\Unary\NotUnary;
 use Twig\Node\Expression\Unary\PosUnary;
@@ -40,23 +41,22 @@ use Twig\Node\Node;
  * @see https://en.wikipedia.org/wiki/Operator-precedence_parser
  *
  * @author Fabien Potencier <fabien@symfony.com>
- *
- * @internal
  */
 class ExpressionParser
 {
     public const OPERATOR_LEFT = 1;
     public const OPERATOR_RIGHT = 2;
 
-    private $parser;
-    private $env;
+    /** @var array<string, array{precedence: int, class: class-string<AbstractUnary>}> */
     private $unaryOperators;
+    /** @var array<string, array{precedence: int, class: class-string<AbstractBinary>, associativity: self::OPERATOR_*}> */
     private $binaryOperators;
+    private $readyNodes = [];
 
-    public function __construct(Parser $parser, Environment $env)
-    {
-        $this->parser = $parser;
-        $this->env = $env;
+    public function __construct(
+        private Parser $parser,
+        private Environment $env,
+    ) {
         $this->unaryOperators = $env->getUnaryOperators();
         $this->binaryOperators = $env->getBinaryOperators();
     }
@@ -80,7 +80,7 @@ class ExpressionParser
             } elseif (isset($op['callable'])) {
                 $expr = $op['callable']($this->parser, $expr);
             } else {
-                $expr1 = $this->parseExpression(self::OPERATOR_LEFT === $op['associativity'] ? $op['precedence'] + 1 : $op['precedence']);
+                $expr1 = $this->parseExpression(self::OPERATOR_LEFT === $op['associativity'] ? $op['precedence'] + 1 : $op['precedence'], true);
                 $class = $op['class'];
                 $expr = new $class($expr, $expr1, $token->getLine());
             }
@@ -103,52 +103,52 @@ class ExpressionParser
         $stream = $this->parser->getStream();
 
         // short array syntax (one argument, no parentheses)?
-        if ($stream->look(1)->test(/* Token::ARROW_TYPE */ 12)) {
+        if ($stream->look(1)->test(Token::ARROW_TYPE)) {
             $line = $stream->getCurrent()->getLine();
-            $token = $stream->expect(/* Token::NAME_TYPE */ 5);
+            $token = $stream->expect(Token::NAME_TYPE);
             $names = [new AssignNameExpression($token->getValue(), $token->getLine())];
-            $stream->expect(/* Token::ARROW_TYPE */ 12);
+            $stream->expect(Token::ARROW_TYPE);
 
             return new ArrowFunctionExpression($this->parseExpression(0), new Node($names), $line);
         }
 
         // first, determine if we are parsing an arrow function by finding => (long form)
         $i = 0;
-        if (!$stream->look($i)->test(/* Token::PUNCTUATION_TYPE */ 9, '(')) {
+        if (!$stream->look($i)->test(Token::PUNCTUATION_TYPE, '(')) {
             return null;
         }
         ++$i;
         while (true) {
             // variable name
             ++$i;
-            if (!$stream->look($i)->test(/* Token::PUNCTUATION_TYPE */ 9, ',')) {
+            if (!$stream->look($i)->test(Token::PUNCTUATION_TYPE, ',')) {
                 break;
             }
             ++$i;
         }
-        if (!$stream->look($i)->test(/* Token::PUNCTUATION_TYPE */ 9, ')')) {
+        if (!$stream->look($i)->test(Token::PUNCTUATION_TYPE, ')')) {
             return null;
         }
         ++$i;
-        if (!$stream->look($i)->test(/* Token::ARROW_TYPE */ 12)) {
+        if (!$stream->look($i)->test(Token::ARROW_TYPE)) {
             return null;
         }
 
         // yes, let's parse it properly
-        $token = $stream->expect(/* Token::PUNCTUATION_TYPE */ 9, '(');
+        $token = $stream->expect(Token::PUNCTUATION_TYPE, '(');
         $line = $token->getLine();
 
         $names = [];
         while (true) {
-            $token = $stream->expect(/* Token::NAME_TYPE */ 5);
+            $token = $stream->expect(Token::NAME_TYPE);
             $names[] = new AssignNameExpression($token->getValue(), $token->getLine());
 
-            if (!$stream->nextIf(/* Token::PUNCTUATION_TYPE */ 9, ',')) {
+            if (!$stream->nextIf(Token::PUNCTUATION_TYPE, ',')) {
                 break;
             }
         }
-        $stream->expect(/* Token::PUNCTUATION_TYPE */ 9, ')');
-        $stream->expect(/* Token::ARROW_TYPE */ 12);
+        $stream->expect(Token::PUNCTUATION_TYPE, ')');
+        $stream->expect(Token::ARROW_TYPE);
 
         return new ArrowFunctionExpression($this->parseExpression(0), new Node($names), $line);
     }
@@ -164,10 +164,10 @@ class ExpressionParser
             $class = $operator['class'];
 
             return $this->parsePostfixExpression(new $class($expr, $token->getLine()));
-        } elseif ($token->test(/* Token::PUNCTUATION_TYPE */ 9, '(')) {
+        } elseif ($token->test(Token::PUNCTUATION_TYPE, '(')) {
             $this->parser->getStream()->next();
             $expr = $this->parseExpression();
-            $this->parser->getStream()->expect(/* Token::PUNCTUATION_TYPE */ 9, ')', 'An opened parenthesis is not properly closed');
+            $this->parser->getStream()->expect(Token::PUNCTUATION_TYPE, ')', 'An opened parenthesis is not properly closed');
 
             return $this->parsePostfixExpression($expr);
         }
@@ -177,15 +177,18 @@ class ExpressionParser
 
     private function parseConditionalExpression($expr): AbstractExpression
     {
-        while ($this->parser->getStream()->nextIf(/* Token::PUNCTUATION_TYPE */ 9, '?')) {
-            if (!$this->parser->getStream()->nextIf(/* Token::PUNCTUATION_TYPE */ 9, ':')) {
+        while ($this->parser->getStream()->nextIf(Token::PUNCTUATION_TYPE, '?')) {
+            if (!$this->parser->getStream()->nextIf(Token::PUNCTUATION_TYPE, ':')) {
                 $expr2 = $this->parseExpression();
-                if ($this->parser->getStream()->nextIf(/* Token::PUNCTUATION_TYPE */ 9, ':')) {
+                if ($this->parser->getStream()->nextIf(Token::PUNCTUATION_TYPE, ':')) {
+                    // Ternary operator (expr ? expr2 : expr3)
                     $expr3 = $this->parseExpression();
                 } else {
+                    // Ternary without else (expr ? expr2)
                     $expr3 = new ConstantExpression('', $this->parser->getCurrentToken()->getLine());
                 }
             } else {
+                // Ternary without then (expr ?: expr3)
                 $expr2 = $expr;
                 $expr3 = $this->parseExpression();
             }
@@ -198,19 +201,19 @@ class ExpressionParser
 
     private function isUnary(Token $token): bool
     {
-        return $token->test(/* Token::OPERATOR_TYPE */ 8) && isset($this->unaryOperators[$token->getValue()]);
+        return $token->test(Token::OPERATOR_TYPE) && isset($this->unaryOperators[$token->getValue()]);
     }
 
     private function isBinary(Token $token): bool
     {
-        return $token->test(/* Token::OPERATOR_TYPE */ 8) && isset($this->binaryOperators[$token->getValue()]);
+        return $token->test(Token::OPERATOR_TYPE) && isset($this->binaryOperators[$token->getValue()]);
     }
 
     public function parsePrimaryExpression()
     {
         $token = $this->parser->getCurrentToken();
         switch ($token->getType()) {
-            case /* Token::NAME_TYPE */ 5:
+            case Token::NAME_TYPE:
                 $this->parser->getStream()->next();
                 switch ($token->getValue()) {
                     case 'true':
@@ -239,17 +242,17 @@ class ExpressionParser
                 }
                 break;
 
-            case /* Token::NUMBER_TYPE */ 6:
+            case Token::NUMBER_TYPE:
                 $this->parser->getStream()->next();
                 $node = new ConstantExpression($token->getValue(), $token->getLine());
                 break;
 
-            case /* Token::STRING_TYPE */ 7:
-            case /* Token::INTERPOLATION_START_TYPE */ 10:
+            case Token::STRING_TYPE:
+            case Token::INTERPOLATION_START_TYPE:
                 $node = $this->parseStringExpression();
                 break;
 
-            case /* Token::OPERATOR_TYPE */ 8:
+            case Token::OPERATOR_TYPE:
                 if (preg_match(Lexer::REGEX_NAME, $token->getValue(), $matches) && $matches[0] == $token->getValue()) {
                     // in this context, string operators are variable names
                     $this->parser->getStream()->next();
@@ -260,7 +263,7 @@ class ExpressionParser
                 if (isset($this->unaryOperators[$token->getValue()])) {
                     $class = $this->unaryOperators[$token->getValue()]['class'];
                     if (!\in_array($class, [NegUnary::class, PosUnary::class])) {
-                        throw new SyntaxError(sprintf('Unexpected unary operator "%s".', $token->getValue()), $token->getLine(), $this->parser->getStream()->getSourceContext());
+                        throw new SyntaxError(\sprintf('Unexpected unary operator "%s".', $token->getValue()), $token->getLine(), $this->parser->getStream()->getSourceContext());
                     }
 
                     $this->parser->getStream()->next();
@@ -272,14 +275,14 @@ class ExpressionParser
 
                 // no break
             default:
-                if ($token->test(/* Token::PUNCTUATION_TYPE */ 9, '[')) {
-                    $node = $this->parseArrayExpression();
-                } elseif ($token->test(/* Token::PUNCTUATION_TYPE */ 9, '{')) {
-                    $node = $this->parseHashExpression();
-                } elseif ($token->test(/* Token::OPERATOR_TYPE */ 8, '=') && ('==' === $this->parser->getStream()->look(-1)->getValue() || '!=' === $this->parser->getStream()->look(-1)->getValue())) {
-                    throw new SyntaxError(sprintf('Unexpected operator of value "%s". Did you try to use "===" or "!==" for strict comparison? Use "is same as(value)" instead.', $token->getValue()), $token->getLine(), $this->parser->getStream()->getSourceContext());
+                if ($token->test(Token::PUNCTUATION_TYPE, '[')) {
+                    $node = $this->parseSequenceExpression();
+                } elseif ($token->test(Token::PUNCTUATION_TYPE, '{')) {
+                    $node = $this->parseMappingExpression();
+                } elseif ($token->test(Token::OPERATOR_TYPE, '=') && ('==' === $this->parser->getStream()->look(-1)->getValue() || '!=' === $this->parser->getStream()->look(-1)->getValue())) {
+                    throw new SyntaxError(\sprintf('Unexpected operator of value "%s". Did you try to use "===" or "!==" for strict comparison? Use "is same as(value)" instead.', $token->getValue()), $token->getLine(), $this->parser->getStream()->getSourceContext());
                 } else {
-                    throw new SyntaxError(sprintf('Unexpected token "%s" of value "%s".', Token::typeToEnglish($token->getType()), $token->getValue()), $token->getLine(), $this->parser->getStream()->getSourceContext());
+                    throw new SyntaxError(\sprintf('Unexpected token "%s" of value "%s".', Token::typeToEnglish($token->getType()), $token->getValue()), $token->getLine(), $this->parser->getStream()->getSourceContext());
                 }
         }
 
@@ -294,12 +297,12 @@ class ExpressionParser
         // a string cannot be followed by another string in a single expression
         $nextCanBeString = true;
         while (true) {
-            if ($nextCanBeString && $token = $stream->nextIf(/* Token::STRING_TYPE */ 7)) {
+            if ($nextCanBeString && $token = $stream->nextIf(Token::STRING_TYPE)) {
                 $nodes[] = new ConstantExpression($token->getValue(), $token->getLine());
                 $nextCanBeString = false;
-            } elseif ($stream->nextIf(/* Token::INTERPOLATION_START_TYPE */ 10)) {
+            } elseif ($stream->nextIf(Token::INTERPOLATION_START_TYPE)) {
                 $nodes[] = $this->parseExpression();
-                $stream->expect(/* Token::INTERPOLATION_END_TYPE */ 11);
+                $stream->expect(Token::INTERPOLATION_END_TYPE);
                 $nextCanBeString = true;
             } else {
                 break;
@@ -314,56 +317,91 @@ class ExpressionParser
         return $expr;
     }
 
+    /**
+     * @deprecated since 3.11, use parseSequenceExpression() instead
+     */
     public function parseArrayExpression()
+    {
+        trigger_deprecation('twig/twig', '3.11', 'Calling "%s()" is deprecated, use "parseSequenceExpression()" instead.', __METHOD__);
+
+        return $this->parseSequenceExpression();
+    }
+
+    public function parseSequenceExpression()
     {
         $stream = $this->parser->getStream();
-        $stream->expect(/* Token::PUNCTUATION_TYPE */ 9, '[', 'An array element was expected');
+        $stream->expect(Token::PUNCTUATION_TYPE, '[', 'A sequence element was expected');
 
         $node = new ArrayExpression([], $stream->getCurrent()->getLine());
         $first = true;
-        while (!$stream->test(/* Token::PUNCTUATION_TYPE */ 9, ']')) {
+        while (!$stream->test(Token::PUNCTUATION_TYPE, ']')) {
             if (!$first) {
-                $stream->expect(/* Token::PUNCTUATION_TYPE */ 9, ',', 'An array element must be followed by a comma');
+                $stream->expect(Token::PUNCTUATION_TYPE, ',', 'A sequence element must be followed by a comma');
 
                 // trailing ,?
-                if ($stream->test(/* Token::PUNCTUATION_TYPE */ 9, ']')) {
+                if ($stream->test(Token::PUNCTUATION_TYPE, ']')) {
                     break;
                 }
             }
             $first = false;
 
-            $node->addElement($this->parseExpression());
+            if ($stream->test(Token::SPREAD_TYPE)) {
+                $stream->next();
+                $expr = $this->parseExpression();
+                $expr->setAttribute('spread', true);
+                $node->addElement($expr);
+            } else {
+                $node->addElement($this->parseExpression());
+            }
         }
-        $stream->expect(/* Token::PUNCTUATION_TYPE */ 9, ']', 'An opened array is not properly closed');
+        $stream->expect(Token::PUNCTUATION_TYPE, ']', 'An opened sequence is not properly closed');
 
         return $node;
     }
 
+    /**
+     * @deprecated since 3.11, use parseMappingExpression() instead
+     */
     public function parseHashExpression()
+    {
+        trigger_deprecation('twig/twig', '3.11', 'Calling "%s()" is deprecated, use "parseMappingExpression()" instead.', __METHOD__);
+
+        return $this->parseMappingExpression();
+    }
+
+    public function parseMappingExpression()
     {
         $stream = $this->parser->getStream();
-        $stream->expect(/* Token::PUNCTUATION_TYPE */ 9, '{', 'A hash element was expected');
+        $stream->expect(Token::PUNCTUATION_TYPE, '{', 'A mapping element was expected');
 
         $node = new ArrayExpression([], $stream->getCurrent()->getLine());
         $first = true;
-        while (!$stream->test(/* Token::PUNCTUATION_TYPE */ 9, '}')) {
+        while (!$stream->test(Token::PUNCTUATION_TYPE, '}')) {
             if (!$first) {
-                $stream->expect(/* Token::PUNCTUATION_TYPE */ 9, ',', 'A hash value must be followed by a comma');
+                $stream->expect(Token::PUNCTUATION_TYPE, ',', 'A mapping value must be followed by a comma');
 
                 // trailing ,?
-                if ($stream->test(/* Token::PUNCTUATION_TYPE */ 9, '}')) {
+                if ($stream->test(Token::PUNCTUATION_TYPE, '}')) {
                     break;
                 }
             }
             $first = false;
 
-            // a hash key can be:
+            if ($stream->test(Token::SPREAD_TYPE)) {
+                $stream->next();
+                $value = $this->parseExpression();
+                $value->setAttribute('spread', true);
+                $node->addElement($value);
+                continue;
+            }
+
+            // a mapping key can be:
             //
             //  * a number -- 12
             //  * a string -- 'a'
             //  * a name, which is equivalent to a string -- a
             //  * an expression, which must be enclosed in parentheses -- (1 + 2)
-            if ($token = $stream->nextIf(/* Token::NAME_TYPE */ 5)) {
+            if ($token = $stream->nextIf(Token::NAME_TYPE)) {
                 $key = new ConstantExpression($token->getValue(), $token->getLine());
 
                 // {a} is a shortcut for {a:a}
@@ -372,22 +410,22 @@ class ExpressionParser
                     $node->addElement($value, $key);
                     continue;
                 }
-            } elseif (($token = $stream->nextIf(/* Token::STRING_TYPE */ 7)) || $token = $stream->nextIf(/* Token::NUMBER_TYPE */ 6)) {
+            } elseif (($token = $stream->nextIf(Token::STRING_TYPE)) || $token = $stream->nextIf(Token::NUMBER_TYPE)) {
                 $key = new ConstantExpression($token->getValue(), $token->getLine());
-            } elseif ($stream->test(/* Token::PUNCTUATION_TYPE */ 9, '(')) {
+            } elseif ($stream->test(Token::PUNCTUATION_TYPE, '(')) {
                 $key = $this->parseExpression();
             } else {
                 $current = $stream->getCurrent();
 
-                throw new SyntaxError(sprintf('A hash key must be a quoted string, a number, a name, or an expression enclosed in parentheses (unexpected token "%s" of value "%s".', Token::typeToEnglish($current->getType()), $current->getValue()), $current->getLine(), $stream->getSourceContext());
+                throw new SyntaxError(\sprintf('A mapping key must be a quoted string, a number, a name, or an expression enclosed in parentheses (unexpected token "%s" of value "%s".', Token::typeToEnglish($current->getType()), $current->getValue()), $current->getLine(), $stream->getSourceContext());
             }
 
-            $stream->expect(/* Token::PUNCTUATION_TYPE */ 9, ':', 'A hash key must be followed by a colon (:)');
+            $stream->expect(Token::PUNCTUATION_TYPE, ':', 'A mapping key must be followed by a colon (:)');
             $value = $this->parseExpression();
 
             $node->addElement($value, $key);
         }
-        $stream->expect(/* Token::PUNCTUATION_TYPE */ 9, '}', 'An opened hash is not properly closed');
+        $stream->expect(Token::PUNCTUATION_TYPE, '}', 'An opened mapping is not properly closed');
 
         return $node;
     }
@@ -396,7 +434,7 @@ class ExpressionParser
     {
         while (true) {
             $token = $this->parser->getCurrentToken();
-            if (/* Token::PUNCTUATION_TYPE */ 9 == $token->getType()) {
+            if (Token::PUNCTUATION_TYPE == $token->getType()) {
                 if ('.' == $token->getValue() || '[' == $token->getValue()) {
                     $node = $this->parseSubscriptExpression($node);
                 } elseif ('|' == $token->getValue()) {
@@ -414,50 +452,37 @@ class ExpressionParser
 
     public function getFunctionNode($name, $line)
     {
-        switch ($name) {
-            case 'parent':
-                $this->parseArguments();
-                if (!\count($this->parser->getBlockStack())) {
-                    throw new SyntaxError('Calling "parent" outside a block is forbidden.', $line, $this->parser->getStream()->getSourceContext());
-                }
+        if (null !== $alias = $this->parser->getImportedSymbol('function', $name)) {
+            $arguments = new ArrayExpression([], $line);
+            foreach ($this->parseArguments() as $n) {
+                $arguments->addElement($n);
+            }
 
-                if (!$this->parser->getParent() && !$this->parser->hasTraits()) {
-                    throw new SyntaxError('Calling "parent" on a template that does not extend nor "use" another template is forbidden.', $line, $this->parser->getStream()->getSourceContext());
-                }
+            $node = new MethodCallExpression($alias['node'], $alias['name'], $arguments, $line);
+            $node->setAttribute('safe', true);
 
-                return new ParentExpression($this->parser->peekBlockStack(), $line);
-            case 'block':
-                $args = $this->parseArguments();
-                if (\count($args) < 1) {
-                    throw new SyntaxError('The "block" function takes one argument (the block name).', $line, $this->parser->getStream()->getSourceContext());
-                }
-
-                return new BlockReferenceExpression($args->getNode(0), \count($args) > 1 ? $args->getNode(1) : null, $line);
-            case 'attribute':
-                $args = $this->parseArguments();
-                if (\count($args) < 2) {
-                    throw new SyntaxError('The "attribute" function takes at least two arguments (the variable and the attributes).', $line, $this->parser->getStream()->getSourceContext());
-                }
-
-                return new GetAttrExpression($args->getNode(0), $args->getNode(1), \count($args) > 2 ? $args->getNode(2) : null, Template::ANY_CALL, $line);
-            default:
-                if (null !== $alias = $this->parser->getImportedSymbol('function', $name)) {
-                    $arguments = new ArrayExpression([], $line);
-                    foreach ($this->parseArguments() as $n) {
-                        $arguments->addElement($n);
-                    }
-
-                    $node = new MethodCallExpression($alias['node'], $alias['name'], $arguments, $line);
-                    $node->setAttribute('safe', true);
-
-                    return $node;
-                }
-
-                $args = $this->parseArguments(true);
-                $class = $this->getFunctionNodeClass($name, $line);
-
-                return new $class($name, $args, $line);
+            return $node;
         }
+
+        $args = $this->parseArguments(true);
+        $function = $this->getFunction($name, $line);
+
+        if ($function->getParserCallable()) {
+            $fakeNode = new Node(lineno: $line);
+            $fakeNode->setSourceContext($this->parser->getStream()->getSourceContext());
+
+            return ($function->getParserCallable())($this->parser, $fakeNode, $args, $line);
+        }
+
+        if (!isset($this->readyNodes[$class = $function->getNodeClass()])) {
+            $this->readyNodes[$class] = (bool) (new \ReflectionClass($class))->getConstructor()->getAttributes(FirstClassTwigCallableReady::class);
+        }
+
+        if (!$ready = $this->readyNodes[$class]) {
+            trigger_deprecation('twig/twig', '3.12', 'Twig node "%s" is not marked as ready for passing a "TwigFunction" in the constructor instead of its name; please update your code and then add #[FirstClassTwigCallableReady] attribute to the constructor.', $class);
+        }
+
+        return new $class($ready ? $function : $function->getName(), $args, $line);
     }
 
     public function parseSubscriptExpression($node)
@@ -470,29 +495,25 @@ class ExpressionParser
         if ('.' == $token->getValue()) {
             $token = $stream->next();
             if (
-                /* Token::NAME_TYPE */ 5 == $token->getType()
+                Token::NAME_TYPE == $token->getType()
                 ||
-                /* Token::NUMBER_TYPE */ 6 == $token->getType()
+                Token::NUMBER_TYPE == $token->getType()
                 ||
-                (/* Token::OPERATOR_TYPE */ 8 == $token->getType() && preg_match(Lexer::REGEX_NAME, $token->getValue()))
+                (Token::OPERATOR_TYPE == $token->getType() && preg_match(Lexer::REGEX_NAME, $token->getValue()))
             ) {
                 $arg = new ConstantExpression($token->getValue(), $lineno);
 
-                if ($stream->test(/* Token::PUNCTUATION_TYPE */ 9, '(')) {
+                if ($stream->test(Token::PUNCTUATION_TYPE, '(')) {
                     $type = Template::METHOD_CALL;
                     foreach ($this->parseArguments() as $n) {
                         $arguments->addElement($n);
                     }
                 }
             } else {
-                throw new SyntaxError(sprintf('Expected name or number, got value "%s" of type %s.', $token->getValue(), Token::typeToEnglish($token->getType())), $lineno, $stream->getSourceContext());
+                throw new SyntaxError(\sprintf('Expected name or number, got value "%s" of type %s.', $token->getValue(), Token::typeToEnglish($token->getType())), $lineno, $stream->getSourceContext());
             }
 
             if ($node instanceof NameExpression && null !== $this->parser->getImportedSymbol('template', $node->getAttribute('name'))) {
-                if (!$arg instanceof ConstantExpression) {
-                    throw new SyntaxError(sprintf('Dynamic macro names are not supported (called on "%s").', $node->getAttribute('name')), $token->getLine(), $stream->getSourceContext());
-                }
-
                 $name = $arg->getAttribute('value');
 
                 $node = new MethodCallExpression($node, 'macro_'.$name, $arguments, $lineno);
@@ -505,34 +526,34 @@ class ExpressionParser
 
             // slice?
             $slice = false;
-            if ($stream->test(/* Token::PUNCTUATION_TYPE */ 9, ':')) {
+            if ($stream->test(Token::PUNCTUATION_TYPE, ':')) {
                 $slice = true;
                 $arg = new ConstantExpression(0, $token->getLine());
             } else {
                 $arg = $this->parseExpression();
             }
 
-            if ($stream->nextIf(/* Token::PUNCTUATION_TYPE */ 9, ':')) {
+            if ($stream->nextIf(Token::PUNCTUATION_TYPE, ':')) {
                 $slice = true;
             }
 
             if ($slice) {
-                if ($stream->test(/* Token::PUNCTUATION_TYPE */ 9, ']')) {
+                if ($stream->test(Token::PUNCTUATION_TYPE, ']')) {
                     $length = new ConstantExpression(null, $token->getLine());
                 } else {
                     $length = $this->parseExpression();
                 }
 
-                $class = $this->getFilterNodeClass('slice', $token->getLine());
+                $filter = $this->getFilter('slice', $token->getLine());
                 $arguments = new Node([$arg, $length]);
-                $filter = new $class($node, new ConstantExpression('slice', $token->getLine()), $arguments, $token->getLine());
+                $filter = new ($filter->getNodeClass())($node, $filter, $arguments, $token->getLine());
 
-                $stream->expect(/* Token::PUNCTUATION_TYPE */ 9, ']');
+                $stream->expect(Token::PUNCTUATION_TYPE, ']');
 
                 return $filter;
             }
 
-            $stream->expect(/* Token::PUNCTUATION_TYPE */ 9, ']');
+            $stream->expect(Token::PUNCTUATION_TYPE, ']');
         }
 
         return new GetAttrExpression($node, $arg, $arguments, $type, $lineno);
@@ -545,23 +566,35 @@ class ExpressionParser
         return $this->parseFilterExpressionRaw($node);
     }
 
-    public function parseFilterExpressionRaw($node, $tag = null)
+    public function parseFilterExpressionRaw($node)
     {
-        while (true) {
-            $token = $this->parser->getStream()->expect(/* Token::NAME_TYPE */ 5);
+        if (\func_num_args() > 1) {
+            trigger_deprecation('twig/twig', '3.12', 'Passing a second argument to "%s()" is deprecated.', __METHOD__);
+        }
 
-            $name = new ConstantExpression($token->getValue(), $token->getLine());
-            if (!$this->parser->getStream()->test(/* Token::PUNCTUATION_TYPE */ 9, '(')) {
+        while (true) {
+            $token = $this->parser->getStream()->expect(Token::NAME_TYPE);
+
+            if (!$this->parser->getStream()->test(Token::PUNCTUATION_TYPE, '(')) {
                 $arguments = new Node();
             } else {
                 $arguments = $this->parseArguments(true, false, true);
             }
 
-            $class = $this->getFilterNodeClass($name->getAttribute('value'), $token->getLine());
+            $filter = $this->getFilter($token->getValue(), $token->getLine());
 
-            $node = new $class($node, $name, $arguments, $token->getLine(), $tag);
+            $ready = true;
+            if (!isset($this->readyNodes[$class = $filter->getNodeClass()])) {
+                $this->readyNodes[$class] = (bool) (new \ReflectionClass($class))->getConstructor()->getAttributes(FirstClassTwigCallableReady::class);
+            }
 
-            if (!$this->parser->getStream()->test(/* Token::PUNCTUATION_TYPE */ 9, '|')) {
+            if (!$ready = $this->readyNodes[$class]) {
+                trigger_deprecation('twig/twig', '3.12', 'Twig node "%s" is not marked as ready for passing a "TwigFilter" in the constructor instead of its name; please update your code and then add #[FirstClassTwigCallableReady] attribute to the constructor.', $class);
+            }
+
+            $node = new $class($node, $ready ? $filter : new ConstantExpression($filter->getName(), $token->getLine()), $arguments, $token->getLine());
+
+            if (!$this->parser->getStream()->test(Token::PUNCTUATION_TYPE, '|')) {
                 break;
             }
 
@@ -575,7 +608,7 @@ class ExpressionParser
      * Parses arguments.
      *
      * @param bool $namedArguments Whether to allow named arguments or not
-     * @param bool $definition     Whether we are parsing arguments for a function definition
+     * @param bool $definition     Whether we are parsing arguments for a function (or macro) definition
      *
      * @return Node
      *
@@ -586,28 +619,28 @@ class ExpressionParser
         $args = [];
         $stream = $this->parser->getStream();
 
-        $stream->expect(/* Token::PUNCTUATION_TYPE */ 9, '(', 'A list of arguments must begin with an opening parenthesis');
-        while (!$stream->test(/* Token::PUNCTUATION_TYPE */ 9, ')')) {
+        $stream->expect(Token::PUNCTUATION_TYPE, '(', 'A list of arguments must begin with an opening parenthesis');
+        while (!$stream->test(Token::PUNCTUATION_TYPE, ')')) {
             if (!empty($args)) {
-                $stream->expect(/* Token::PUNCTUATION_TYPE */ 9, ',', 'Arguments must be separated by a comma');
+                $stream->expect(Token::PUNCTUATION_TYPE, ',', 'Arguments must be separated by a comma');
 
                 // if the comma above was a trailing comma, early exit the argument parse loop
-                if ($stream->test(/* Token::PUNCTUATION_TYPE */ 9, ')')) {
+                if ($stream->test(Token::PUNCTUATION_TYPE, ')')) {
                     break;
                 }
             }
 
             if ($definition) {
-                $token = $stream->expect(/* Token::NAME_TYPE */ 5, null, 'An argument must be a name');
+                $token = $stream->expect(Token::NAME_TYPE, null, 'An argument must be a name');
                 $value = new NameExpression($token->getValue(), $this->parser->getCurrentToken()->getLine());
             } else {
                 $value = $this->parseExpression(0, $allowArrow);
             }
 
             $name = null;
-            if ($namedArguments && $token = $stream->nextIf(/* Token::OPERATOR_TYPE */ 8, '=')) {
+            if ($namedArguments && (($token = $stream->nextIf(Token::OPERATOR_TYPE, '=')) || ($token = $stream->nextIf(Token::PUNCTUATION_TYPE, ':')))) {
                 if (!$value instanceof NameExpression) {
-                    throw new SyntaxError(sprintf('A parameter name must be a string, "%s" given.', \get_class($value)), $token->getLine(), $stream->getSourceContext());
+                    throw new SyntaxError(\sprintf('A parameter name must be a string, "%s" given.', \get_class($value)), $token->getLine(), $stream->getSourceContext());
                 }
                 $name = $value->getAttribute('name');
 
@@ -615,7 +648,7 @@ class ExpressionParser
                     $value = $this->parsePrimaryExpression();
 
                     if (!$this->checkConstantExpression($value)) {
-                        throw new SyntaxError('A default value for an argument must be a constant (a boolean, a string, a number, or an array).', $token->getLine(), $stream->getSourceContext());
+                        throw new SyntaxError('A default value for an argument must be a constant (a boolean, a string, a number, a sequence, or a mapping).', $token->getLine(), $stream->getSourceContext());
                     }
                 } else {
                     $value = $this->parseExpression(0, $allowArrow);
@@ -626,6 +659,7 @@ class ExpressionParser
                 if (null === $name) {
                     $name = $value->getAttribute('name');
                     $value = new ConstantExpression(null, $this->parser->getCurrentToken()->getLine());
+                    $value->setAttribute('is_implicit', true);
                 }
                 $args[$name] = $value;
             } else {
@@ -636,7 +670,7 @@ class ExpressionParser
                 }
             }
         }
-        $stream->expect(/* Token::PUNCTUATION_TYPE */ 9, ')', 'A list of arguments must be closed by a parenthesis');
+        $stream->expect(Token::PUNCTUATION_TYPE, ')', 'A list of arguments must be closed by a parenthesis');
 
         return new Node($args);
     }
@@ -647,19 +681,19 @@ class ExpressionParser
         $targets = [];
         while (true) {
             $token = $this->parser->getCurrentToken();
-            if ($stream->test(/* Token::OPERATOR_TYPE */ 8) && preg_match(Lexer::REGEX_NAME, $token->getValue())) {
+            if ($stream->test(Token::OPERATOR_TYPE) && preg_match(Lexer::REGEX_NAME, $token->getValue())) {
                 // in this context, string operators are variable names
                 $this->parser->getStream()->next();
             } else {
-                $stream->expect(/* Token::NAME_TYPE */ 5, null, 'Only variables can be assigned to');
+                $stream->expect(Token::NAME_TYPE, null, 'Only variables can be assigned to');
             }
             $value = $token->getValue();
             if (\in_array(strtr($value, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), ['true', 'false', 'none', 'null'])) {
-                throw new SyntaxError(sprintf('You cannot assign a value to "%s".', $value), $token->getLine(), $stream->getSourceContext());
+                throw new SyntaxError(\sprintf('You cannot assign a value to "%s".', $value), $token->getLine(), $stream->getSourceContext());
             }
             $targets[] = new AssignNameExpression($value, $token->getLine());
 
-            if (!$stream->nextIf(/* Token::PUNCTUATION_TYPE */ 9, ',')) {
+            if (!$stream->nextIf(Token::PUNCTUATION_TYPE, ',')) {
                 break;
             }
         }
@@ -672,7 +706,7 @@ class ExpressionParser
         $targets = [];
         while (true) {
             $targets[] = $this->parseExpression();
-            if (!$this->parser->getStream()->nextIf(/* Token::PUNCTUATION_TYPE */ 9, ',')) {
+            if (!$this->parser->getStream()->nextIf(Token::PUNCTUATION_TYPE, ',')) {
                 break;
             }
         }
@@ -688,121 +722,115 @@ class ExpressionParser
     private function parseTestExpression(Node $node): TestExpression
     {
         $stream = $this->parser->getStream();
-        list($name, $test) = $this->getTest($node->getTemplateLine());
+        $test = $this->getTest($node->getTemplateLine());
 
-        $class = $this->getTestNodeClass($test);
         $arguments = null;
-        if ($stream->test(/* Token::PUNCTUATION_TYPE */ 9, '(')) {
+        if ($stream->test(Token::PUNCTUATION_TYPE, '(')) {
             $arguments = $this->parseArguments(true);
         } elseif ($test->hasOneMandatoryArgument()) {
             $arguments = new Node([0 => $this->parsePrimaryExpression()]);
         }
 
-        if ('defined' === $name && $node instanceof NameExpression && null !== $alias = $this->parser->getImportedSymbol('function', $node->getAttribute('name'))) {
+        if ('defined' === $test->getName() && $node instanceof NameExpression && null !== $alias = $this->parser->getImportedSymbol('function', $node->getAttribute('name'))) {
             $node = new MethodCallExpression($alias['node'], $alias['name'], new ArrayExpression([], $node->getTemplateLine()), $node->getTemplateLine());
             $node->setAttribute('safe', true);
         }
 
-        return new $class($node, $name, $arguments, $this->parser->getCurrentToken()->getLine());
-    }
-
-    private function getTest(int $line): array
-    {
-        $stream = $this->parser->getStream();
-        $name = $stream->expect(/* Token::NAME_TYPE */ 5)->getValue();
-
-        if ($test = $this->env->getTest($name)) {
-            return [$name, $test];
+        $ready = $test instanceof TwigTest;
+        if (!isset($this->readyNodes[$class = $test->getNodeClass()])) {
+            $this->readyNodes[$class] = (bool) (new \ReflectionClass($class))->getConstructor()->getAttributes(FirstClassTwigCallableReady::class);
         }
 
-        if ($stream->test(/* Token::NAME_TYPE */ 5)) {
+        if (!$ready = $this->readyNodes[$class]) {
+            trigger_deprecation('twig/twig', '3.12', 'Twig node "%s" is not marked as ready for passing a "TwigTest" in the constructor instead of its name; please update your code and then add #[FirstClassTwigCallableReady] attribute to the constructor.', $class);
+        }
+
+        return new $class($node, $ready ? $test : $test->getName(), $arguments, $this->parser->getCurrentToken()->getLine());
+    }
+
+    private function getTest(int $line): TwigTest
+    {
+        $stream = $this->parser->getStream();
+        $name = $stream->expect(Token::NAME_TYPE)->getValue();
+
+        if ($stream->test(Token::NAME_TYPE)) {
             // try 2-words tests
             $name = $name.' '.$this->parser->getCurrentToken()->getValue();
 
             if ($test = $this->env->getTest($name)) {
                 $stream->next();
-
-                return [$name, $test];
             }
+        } else {
+            $test = $this->env->getTest($name);
         }
 
-        $e = new SyntaxError(sprintf('Unknown "%s" test.', $name), $line, $stream->getSourceContext());
-        $e->addSuggestions($name, array_keys($this->env->getTests()));
+        if (!$test) {
+            $e = new SyntaxError(\sprintf('Unknown "%s" test.', $name), $line, $stream->getSourceContext());
+            $e->addSuggestions($name, array_keys($this->env->getTests()));
 
-        throw $e;
-    }
+            throw $e;
+        }
 
-    private function getTestNodeClass(TwigTest $test): string
-    {
         if ($test->isDeprecated()) {
             $stream = $this->parser->getStream();
-            $message = sprintf('Twig Test "%s" is deprecated', $test->getName());
+            $message = \sprintf('Twig Test "%s" is deprecated', $test->getName());
 
-            if ($test->getDeprecatedVersion()) {
-                $message .= sprintf(' since version %s', $test->getDeprecatedVersion());
-            }
             if ($test->getAlternative()) {
-                $message .= sprintf('. Use "%s" instead', $test->getAlternative());
+                $message .= \sprintf('. Use "%s" instead', $test->getAlternative());
             }
             $src = $stream->getSourceContext();
-            $message .= sprintf(' in %s at line %d.', $src->getPath() ?: $src->getName(), $stream->getCurrent()->getLine());
+            $message .= \sprintf(' in %s at line %d.', $src->getPath() ?: $src->getName(), $stream->getCurrent()->getLine());
 
-            @trigger_error($message, \E_USER_DEPRECATED);
+            trigger_deprecation($test->getDeprecatingPackage(), $test->getDeprecatedVersion(), $message);
         }
 
-        return $test->getNodeClass();
+        return $test;
     }
 
-    private function getFunctionNodeClass(string $name, int $line): string
+    private function getFunction(string $name, int $line): TwigFunction
     {
         if (!$function = $this->env->getFunction($name)) {
-            $e = new SyntaxError(sprintf('Unknown "%s" function.', $name), $line, $this->parser->getStream()->getSourceContext());
+            $e = new SyntaxError(\sprintf('Unknown "%s" function.', $name), $line, $this->parser->getStream()->getSourceContext());
             $e->addSuggestions($name, array_keys($this->env->getFunctions()));
 
             throw $e;
         }
 
         if ($function->isDeprecated()) {
-            $message = sprintf('Twig Function "%s" is deprecated', $function->getName());
-            if ($function->getDeprecatedVersion()) {
-                $message .= sprintf(' since version %s', $function->getDeprecatedVersion());
-            }
+            $message = \sprintf('Twig Function "%s" is deprecated', $function->getName());
             if ($function->getAlternative()) {
-                $message .= sprintf('. Use "%s" instead', $function->getAlternative());
+                $message .= \sprintf('. Use "%s" instead', $function->getAlternative());
             }
             $src = $this->parser->getStream()->getSourceContext();
-            $message .= sprintf(' in %s at line %d.', $src->getPath() ?: $src->getName(), $line);
+            $message .= \sprintf(' in %s at line %d.', $src->getPath() ?: $src->getName(), $line);
 
-            @trigger_error($message, \E_USER_DEPRECATED);
+            trigger_deprecation($function->getDeprecatingPackage(), $function->getDeprecatedVersion(), $message);
         }
 
-        return $function->getNodeClass();
+        return $function;
     }
 
-    private function getFilterNodeClass(string $name, int $line): string
+    private function getFilter(string $name, int $line): TwigFilter
     {
         if (!$filter = $this->env->getFilter($name)) {
-            $e = new SyntaxError(sprintf('Unknown "%s" filter.', $name), $line, $this->parser->getStream()->getSourceContext());
+            $e = new SyntaxError(\sprintf('Unknown "%s" filter.', $name), $line, $this->parser->getStream()->getSourceContext());
             $e->addSuggestions($name, array_keys($this->env->getFilters()));
 
             throw $e;
         }
 
         if ($filter->isDeprecated()) {
-            $message = sprintf('Twig Filter "%s" is deprecated', $filter->getName());
-            if ($filter->getDeprecatedVersion()) {
-                $message .= sprintf(' since version %s', $filter->getDeprecatedVersion());
-            }
+            $message = \sprintf('Twig Filter "%s" is deprecated', $filter->getName());
             if ($filter->getAlternative()) {
-                $message .= sprintf('. Use "%s" instead', $filter->getAlternative());
+                $message .= \sprintf('. Use "%s" instead', $filter->getAlternative());
             }
             $src = $this->parser->getStream()->getSourceContext();
-            $message .= sprintf(' in %s at line %d.', $src->getPath() ?: $src->getName(), $line);
+            $message .= \sprintf(' in %s at line %d.', $src->getPath() ?: $src->getName(), $line);
 
-            @trigger_error($message, \E_USER_DEPRECATED);
+            trigger_deprecation($filter->getDeprecatingPackage(), $filter->getDeprecatedVersion(), $message);
         }
 
-        return $filter->getNodeClass();
+        return $filter;
     }
 
     // checks that the node only contains "constant" elements
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Extension/AbstractExtension.php b/data/web/inc/lib/vendor/twig/twig/src/Extension/AbstractExtension.php
index 422925f31..a1b083b68 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Extension/AbstractExtension.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Extension/AbstractExtension.php
@@ -40,6 +40,6 @@ abstract class AbstractExtension implements ExtensionInterface
 
     public function getOperators()
     {
-        return [];
+        return [[], []];
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Extension/CoreExtension.php b/data/web/inc/lib/vendor/twig/twig/src/Extension/CoreExtension.php
index b77985859..3ed27a35c 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Extension/CoreExtension.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Extension/CoreExtension.php
@@ -9,8 +9,15 @@
  * file that was distributed with this source code.
  */
 
-namespace Twig\Extension {
+namespace Twig\Extension;
+
+use Twig\Environment;
+use Twig\Error\LoaderError;
+use Twig\Error\RuntimeError;
+use Twig\Error\SyntaxError;
 use Twig\ExpressionParser;
+use Twig\Markup;
+use Twig\Node\Expression\AbstractExpression;
 use Twig\Node\Expression\Binary\AddBinary;
 use Twig\Node\Expression\Binary\AndBinary;
 use Twig\Node\Expression\Binary\BitwiseAndBinary;
@@ -23,6 +30,8 @@ use Twig\Node\Expression\Binary\EqualBinary;
 use Twig\Node\Expression\Binary\FloorDivBinary;
 use Twig\Node\Expression\Binary\GreaterBinary;
 use Twig\Node\Expression\Binary\GreaterEqualBinary;
+use Twig\Node\Expression\Binary\HasEveryBinary;
+use Twig\Node\Expression\Binary\HasSomeBinary;
 use Twig\Node\Expression\Binary\InBinary;
 use Twig\Node\Expression\Binary\LessBinary;
 use Twig\Node\Expression\Binary\LessEqualBinary;
@@ -37,8 +46,12 @@ use Twig\Node\Expression\Binary\RangeBinary;
 use Twig\Node\Expression\Binary\SpaceshipBinary;
 use Twig\Node\Expression\Binary\StartsWithBinary;
 use Twig\Node\Expression\Binary\SubBinary;
+use Twig\Node\Expression\BlockReferenceExpression;
 use Twig\Node\Expression\Filter\DefaultFilter;
+use Twig\Node\Expression\FunctionNode\EnumCasesFunction;
+use Twig\Node\Expression\GetAttrExpression;
 use Twig\Node\Expression\NullCoalesceExpression;
+use Twig\Node\Expression\ParentExpression;
 use Twig\Node\Expression\Test\ConstantTest;
 use Twig\Node\Expression\Test\DefinedTest;
 use Twig\Node\Expression\Test\DivisiblebyTest;
@@ -49,7 +62,12 @@ use Twig\Node\Expression\Test\SameasTest;
 use Twig\Node\Expression\Unary\NegUnary;
 use Twig\Node\Expression\Unary\NotUnary;
 use Twig\Node\Expression\Unary\PosUnary;
+use Twig\Node\Node;
 use Twig\NodeVisitor\MacroAutoImportNodeVisitor;
+use Twig\Parser;
+use Twig\Source;
+use Twig\Template;
+use Twig\TemplateWrapper;
 use Twig\TokenParser\ApplyTokenParser;
 use Twig\TokenParser\BlockTokenParser;
 use Twig\TokenParser\DeprecatedTokenParser;
@@ -64,11 +82,13 @@ use Twig\TokenParser\ImportTokenParser;
 use Twig\TokenParser\IncludeTokenParser;
 use Twig\TokenParser\MacroTokenParser;
 use Twig\TokenParser\SetTokenParser;
+use Twig\TokenParser\TypesTokenParser;
 use Twig\TokenParser\UseTokenParser;
 use Twig\TokenParser\WithTokenParser;
 use Twig\TwigFilter;
 use Twig\TwigFunction;
 use Twig\TwigTest;
+use Twig\Util\CallableArgumentsExtractor;
 
 final class CoreExtension extends AbstractExtension
 {
@@ -79,8 +99,8 @@ final class CoreExtension extends AbstractExtension
     /**
      * Sets the default format to be used by the date filter.
      *
-     * @param string $format             The default date format string
-     * @param string $dateIntervalFormat The default date interval format string
+     * @param string|null $format             The default date format string
+     * @param string|null $dateIntervalFormat The default date interval format string
      */
     public function setDateFormat($format = null, $dateIntervalFormat = null)
     {
@@ -163,6 +183,7 @@ final class CoreExtension extends AbstractExtension
             new ImportTokenParser(),
             new FromTokenParser(),
             new SetTokenParser(),
+            new TypesTokenParser(),
             new FlushTokenParser(),
             new DoTokenParser(),
             new EmbedTokenParser(),
@@ -175,65 +196,71 @@ final class CoreExtension extends AbstractExtension
     {
         return [
             // formatting filters
-            new TwigFilter('date', 'twig_date_format_filter', ['needs_environment' => true]),
-            new TwigFilter('date_modify', 'twig_date_modify_filter', ['needs_environment' => true]),
-            new TwigFilter('format', 'twig_sprintf'),
-            new TwigFilter('replace', 'twig_replace_filter'),
-            new TwigFilter('number_format', 'twig_number_format_filter', ['needs_environment' => true]),
+            new TwigFilter('date', [$this, 'formatDate']),
+            new TwigFilter('date_modify', [$this, 'modifyDate']),
+            new TwigFilter('format', [self::class, 'sprintf']),
+            new TwigFilter('replace', [self::class, 'replace']),
+            new TwigFilter('number_format', [$this, 'formatNumber']),
             new TwigFilter('abs', 'abs'),
-            new TwigFilter('round', 'twig_round'),
+            new TwigFilter('round', [self::class, 'round']),
 
             // encoding
-            new TwigFilter('url_encode', 'twig_urlencode_filter'),
+            new TwigFilter('url_encode', [self::class, 'urlencode']),
             new TwigFilter('json_encode', 'json_encode'),
-            new TwigFilter('convert_encoding', 'twig_convert_encoding'),
+            new TwigFilter('convert_encoding', [self::class, 'convertEncoding']),
 
             // string filters
-            new TwigFilter('title', 'twig_title_string_filter', ['needs_environment' => true]),
-            new TwigFilter('capitalize', 'twig_capitalize_string_filter', ['needs_environment' => true]),
-            new TwigFilter('upper', 'twig_upper_filter', ['needs_environment' => true]),
-            new TwigFilter('lower', 'twig_lower_filter', ['needs_environment' => true]),
-            new TwigFilter('striptags', 'twig_striptags'),
-            new TwigFilter('trim', 'twig_trim_filter'),
-            new TwigFilter('nl2br', 'twig_nl2br', ['pre_escape' => 'html', 'is_safe' => ['html']]),
-            new TwigFilter('spaceless', 'twig_spaceless', ['is_safe' => ['html']]),
+            new TwigFilter('title', [self::class, 'titleCase'], ['needs_charset' => true]),
+            new TwigFilter('capitalize', [self::class, 'capitalize'], ['needs_charset' => true]),
+            new TwigFilter('upper', [self::class, 'upper'], ['needs_charset' => true]),
+            new TwigFilter('lower', [self::class, 'lower'], ['needs_charset' => true]),
+            new TwigFilter('striptags', [self::class, 'striptags']),
+            new TwigFilter('trim', [self::class, 'trim']),
+            new TwigFilter('nl2br', [self::class, 'nl2br'], ['pre_escape' => 'html', 'is_safe' => ['html']]),
+            new TwigFilter('spaceless', [self::class, 'spaceless'], ['is_safe' => ['html'], 'deprecated' => '3.12', 'deprecating_package' => 'twig/twig']),
 
             // array helpers
-            new TwigFilter('join', 'twig_join_filter'),
-            new TwigFilter('split', 'twig_split_filter', ['needs_environment' => true]),
-            new TwigFilter('sort', 'twig_sort_filter', ['needs_environment' => true]),
-            new TwigFilter('merge', 'twig_array_merge'),
-            new TwigFilter('batch', 'twig_array_batch'),
-            new TwigFilter('column', 'twig_array_column'),
-            new TwigFilter('filter', 'twig_array_filter', ['needs_environment' => true]),
-            new TwigFilter('map', 'twig_array_map', ['needs_environment' => true]),
-            new TwigFilter('reduce', 'twig_array_reduce', ['needs_environment' => true]),
+            new TwigFilter('join', [self::class, 'join']),
+            new TwigFilter('split', [self::class, 'split'], ['needs_charset' => true]),
+            new TwigFilter('sort', [self::class, 'sort'], ['needs_environment' => true]),
+            new TwigFilter('merge', [self::class, 'merge']),
+            new TwigFilter('batch', [self::class, 'batch']),
+            new TwigFilter('column', [self::class, 'column']),
+            new TwigFilter('filter', [self::class, 'filter'], ['needs_environment' => true]),
+            new TwigFilter('map', [self::class, 'map'], ['needs_environment' => true]),
+            new TwigFilter('reduce', [self::class, 'reduce'], ['needs_environment' => true]),
+            new TwigFilter('find', [self::class, 'find'], ['needs_environment' => true]),
 
             // string/array filters
-            new TwigFilter('reverse', 'twig_reverse_filter', ['needs_environment' => true]),
-            new TwigFilter('length', 'twig_length_filter', ['needs_environment' => true]),
-            new TwigFilter('slice', 'twig_slice', ['needs_environment' => true]),
-            new TwigFilter('first', 'twig_first', ['needs_environment' => true]),
-            new TwigFilter('last', 'twig_last', ['needs_environment' => true]),
+            new TwigFilter('reverse', [self::class, 'reverse'], ['needs_charset' => true]),
+            new TwigFilter('shuffle', [self::class, 'shuffle'], ['needs_charset' => true]),
+            new TwigFilter('length', [self::class, 'length'], ['needs_charset' => true]),
+            new TwigFilter('slice', [self::class, 'slice'], ['needs_charset' => true]),
+            new TwigFilter('first', [self::class, 'first'], ['needs_charset' => true]),
+            new TwigFilter('last', [self::class, 'last'], ['needs_charset' => true]),
 
             // iteration and runtime
-            new TwigFilter('default', '_twig_default_filter', ['node_class' => DefaultFilter::class]),
-            new TwigFilter('keys', 'twig_get_array_keys_filter'),
+            new TwigFilter('default', [self::class, 'default'], ['node_class' => DefaultFilter::class]),
+            new TwigFilter('keys', [self::class, 'keys']),
         ];
     }
 
     public function getFunctions(): array
     {
         return [
+            new TwigFunction('parent', null, ['parser_callable' => [self::class, 'parseParentFunction']]),
+            new TwigFunction('block', null, ['parser_callable' => [self::class, 'parseBlockFunction']]),
+            new TwigFunction('attribute', null, ['parser_callable' => [self::class, 'parseAttributeFunction']]),
             new TwigFunction('max', 'max'),
             new TwigFunction('min', 'min'),
             new TwigFunction('range', 'range'),
-            new TwigFunction('constant', 'twig_constant'),
-            new TwigFunction('cycle', 'twig_cycle'),
-            new TwigFunction('random', 'twig_random', ['needs_environment' => true]),
-            new TwigFunction('date', 'twig_date_converter', ['needs_environment' => true]),
-            new TwigFunction('include', 'twig_include', ['needs_environment' => true, 'needs_context' => true, 'is_safe' => ['all']]),
-            new TwigFunction('source', 'twig_source', ['needs_environment' => true, 'is_safe' => ['all']]),
+            new TwigFunction('constant', [self::class, 'constant']),
+            new TwigFunction('cycle', [self::class, 'cycle']),
+            new TwigFunction('random', [self::class, 'random'], ['needs_charset' => true]),
+            new TwigFunction('date', [$this, 'convertDate']),
+            new TwigFunction('include', [self::class, 'include'], ['needs_environment' => true, 'needs_context' => true, 'is_safe' => ['all']]),
+            new TwigFunction('source', [self::class, 'source'], ['needs_environment' => true, 'is_safe' => ['all']]),
+            new TwigFunction('enum_cases', [self::class, 'enumCases'], ['node_class' => EnumCasesFunction::class]),
         ];
     }
 
@@ -248,8 +275,10 @@ final class CoreExtension extends AbstractExtension
             new TwigTest('null', null, ['node_class' => NullTest::class]),
             new TwigTest('divisible by', null, ['node_class' => DivisiblebyTest::class, 'one_mandatory_argument' => true]),
             new TwigTest('constant', null, ['node_class' => ConstantTest::class]),
-            new TwigTest('empty', 'twig_test_empty'),
-            new TwigTest('iterable', 'twig_test_iterable'),
+            new TwigTest('empty', [self::class, 'testEmpty']),
+            new TwigTest('iterable', 'is_iterable'),
+            new TwigTest('sequence', [self::class, 'testSequence']),
+            new TwigTest('mapping', [self::class, 'testMapping']),
         ];
     }
 
@@ -284,6 +313,8 @@ final class CoreExtension extends AbstractExtension
                 'matches' => ['precedence' => 20, 'class' => MatchesBinary::class, 'associativity' => ExpressionParser::OPERATOR_LEFT],
                 'starts with' => ['precedence' => 20, 'class' => StartsWithBinary::class, 'associativity' => ExpressionParser::OPERATOR_LEFT],
                 'ends with' => ['precedence' => 20, 'class' => EndsWithBinary::class, 'associativity' => ExpressionParser::OPERATOR_LEFT],
+                'has some' => ['precedence' => 20, 'class' => HasSomeBinary::class, 'associativity' => ExpressionParser::OPERATOR_LEFT],
+                'has every' => ['precedence' => 20, 'class' => HasEveryBinary::class, 'associativity' => ExpressionParser::OPERATOR_LEFT],
                 '..' => ['precedence' => 25, 'class' => RangeBinary::class, 'associativity' => ExpressionParser::OPERATOR_LEFT],
                 '+' => ['precedence' => 30, 'class' => AddBinary::class, 'associativity' => ExpressionParser::OPERATOR_LEFT],
                 '-' => ['precedence' => 30, 'class' => SubBinary::class, 'associativity' => ExpressionParser::OPERATOR_LEFT],
@@ -299,193 +330,226 @@ final class CoreExtension extends AbstractExtension
             ],
         ];
     }
-}
-}
 
-namespace {
-    use Twig\Environment;
-    use Twig\Error\LoaderError;
-    use Twig\Error\RuntimeError;
-    use Twig\Extension\CoreExtension;
-    use Twig\Extension\SandboxExtension;
-    use Twig\Markup;
-    use Twig\Source;
-    use Twig\Template;
-    use Twig\TemplateWrapper;
+    /**
+     * Cycles over a sequence.
+     *
+     * @param array|\ArrayAccess $values   A non-empty sequence of values
+     * @param positive-int       $position The position of the value to return in the cycle
+     *
+     * @return mixed The value at the given position in the sequence, wrapping around as needed
+     *
+     * @internal
+     */
+    public static function cycle($values, $position): mixed
+    {
+        if (!\is_array($values)) {
+            if (!$values instanceof \ArrayAccess) {
+                throw new RuntimeError('The "cycle" function expects an array or "ArrayAccess" as first argument.');
+            }
 
-/**
- * Cycles over a value.
- *
- * @param \ArrayAccess|array $values
- * @param int                $position The cycle position
- *
- * @return string The next value in the cycle
- */
-function twig_cycle($values, $position)
-{
-    if (!\is_array($values) && !$values instanceof \ArrayAccess) {
-        return $values;
+            if (!is_countable($values)) {
+                // To be uncommented in 4.0
+                // throw new RuntimeError('The "cycle" function expects a countable sequence as first argument.');
+
+                trigger_deprecation('twig/twig', '3.12', 'Passing a non-countable sequence of values to "%s()" is deprecated.', __METHOD__);
+
+                return $values;
+            }
+
+            $values = self::toArray($values, false);
+        }
+
+        if (!$count = \count($values)) {
+            throw new RuntimeError('The "cycle" function does not work on empty sequences.');
+        }
+
+        return $values[$position % $count];
     }
 
-    return $values[$position % \count($values)];
-}
+    /**
+     * Returns a random value depending on the supplied parameter type:
+     * - a random item from a \Traversable or array
+     * - a random character from a string
+     * - a random integer between 0 and the integer parameter.
+     *
+     * @param \Traversable|array|int|float|string $values The values to pick a random item from
+     * @param int|null                            $max    Maximum value used when $values is an int
+     *
+     * @return mixed A random value from the given sequence
+     *
+     * @throws RuntimeError when $values is an empty array (does not apply to an empty string which is returned as is)
+     *
+     * @internal
+     */
+    public static function random(string $charset, $values = null, $max = null)
+    {
+        if (null === $values) {
+            return null === $max ? mt_rand() : mt_rand(0, (int) $max);
+        }
 
-/**
- * Returns a random value depending on the supplied parameter type:
- * - a random item from a \Traversable or array
- * - a random character from a string
- * - a random integer between 0 and the integer parameter.
- *
- * @param \Traversable|array|int|float|string $values The values to pick a random item from
- * @param int|null                            $max    Maximum value used when $values is an int
- *
- * @throws RuntimeError when $values is an empty array (does not apply to an empty string which is returned as is)
- *
- * @return mixed A random value from the given sequence
- */
-function twig_random(Environment $env, $values = null, $max = null)
-{
-    if (null === $values) {
-        return null === $max ? mt_rand() : mt_rand(0, (int) $max);
-    }
-
-    if (\is_int($values) || \is_float($values)) {
-        if (null === $max) {
-            if ($values < 0) {
-                $max = 0;
-                $min = $values;
+        if (\is_int($values) || \is_float($values)) {
+            if (null === $max) {
+                if ($values < 0) {
+                    $max = 0;
+                    $min = $values;
+                } else {
+                    $max = $values;
+                    $min = 0;
+                }
             } else {
-                $max = $values;
-                $min = 0;
+                $min = $values;
             }
+
+            return mt_rand((int) $min, (int) $max);
+        }
+
+        if (\is_string($values)) {
+            if ('' === $values) {
+                return '';
+            }
+
+            if ('UTF-8' !== $charset) {
+                $values = self::convertEncoding($values, 'UTF-8', $charset);
+            }
+
+            // unicode version of str_split()
+            // split at all positions, but not after the start and not before the end
+            $values = preg_split('/(?<!^)(?!$)/u', $values);
+
+            if ('UTF-8' !== $charset) {
+                foreach ($values as $i => $value) {
+                    $values[$i] = self::convertEncoding($value, $charset, 'UTF-8');
+                }
+            }
+        }
+
+        if (!is_iterable($values)) {
+            return $values;
+        }
+
+        $values = self::toArray($values);
+
+        if (0 === \count($values)) {
+            throw new RuntimeError('The random function cannot pick from an empty sequence/mapping.');
+        }
+
+        return $values[array_rand($values, 1)];
+    }
+
+    /**
+     * Formats a date.
+     *
+     *   {{ post.published_at|date("m/d/Y") }}
+     *
+     * @param \DateTimeInterface|\DateInterval|string $date     A date
+     * @param string|null                             $format   The target format, null to use the default
+     * @param \DateTimeZone|string|false|null         $timezone The target timezone, null to use the default, false to leave unchanged
+     */
+    public function formatDate($date, $format = null, $timezone = null): string
+    {
+        if (null === $format) {
+            $formats = $this->getDateFormat();
+            $format = $date instanceof \DateInterval ? $formats[1] : $formats[0];
+        }
+
+        if ($date instanceof \DateInterval) {
+            return $date->format($format);
+        }
+
+        return $this->convertDate($date, $timezone)->format($format);
+    }
+
+    /**
+     * Returns a new date object modified.
+     *
+     *   {{ post.published_at|date_modify("-1day")|date("m/d/Y") }}
+     *
+     * @param \DateTimeInterface|string $date     A date
+     * @param string                    $modifier A modifier string
+     *
+     * @return \DateTime|\DateTimeImmutable
+     *
+     * @internal
+     */
+    public function modifyDate($date, $modifier)
+    {
+        return $this->convertDate($date, false)->modify($modifier);
+    }
+
+    /**
+     * Returns a formatted string.
+     *
+     * @param string|null $format
+     * @param ...$values
+     *
+     * @internal
+     */
+    public static function sprintf($format, ...$values): string
+    {
+        return \sprintf($format ?? '', ...$values);
+    }
+
+    /**
+     * @internal
+     */
+    public static function dateConverter(Environment $env, $date, $format = null, $timezone = null): string
+    {
+        return $env->getExtension(self::class)->formatDate($date, $format, $timezone);
+    }
+
+    /**
+     * Converts an input to a \DateTime instance.
+     *
+     *    {% if date(user.created_at) < date('+2days') %}
+     *      {# do something #}
+     *    {% endif %}
+     *
+     * @param \DateTimeInterface|string|null  $date     A date or null to use the current time
+     * @param \DateTimeZone|string|false|null $timezone The target timezone, null to use the default, false to leave unchanged
+     *
+     * @return \DateTime|\DateTimeImmutable
+     */
+    public function convertDate($date = null, $timezone = null)
+    {
+        // determine the timezone
+        if (false !== $timezone) {
+            if (null === $timezone) {
+                $timezone = $this->getTimezone();
+            } elseif (!$timezone instanceof \DateTimeZone) {
+                $timezone = new \DateTimeZone($timezone);
+            }
+        }
+
+        // immutable dates
+        if ($date instanceof \DateTimeImmutable) {
+            return false !== $timezone ? $date->setTimezone($timezone) : $date;
+        }
+
+        if ($date instanceof \DateTime) {
+            $date = clone $date;
+            if (false !== $timezone) {
+                $date->setTimezone($timezone);
+            }
+
+            return $date;
+        }
+
+        if (null === $date || 'now' === $date) {
+            if (null === $date) {
+                $date = 'now';
+            }
+
+            return new \DateTime($date, false !== $timezone ? $timezone : $this->getTimezone());
+        }
+
+        $asString = (string) $date;
+        if (ctype_digit($asString) || (!empty($asString) && '-' === $asString[0] && ctype_digit(substr($asString, 1)))) {
+            $date = new \DateTime('@'.$date);
         } else {
-            $min = $values;
-            $max = $max;
+            $date = new \DateTime($date, $this->getTimezone());
         }
 
-        return mt_rand((int) $min, (int) $max);
-    }
-
-    if (\is_string($values)) {
-        if ('' === $values) {
-            return '';
-        }
-
-        $charset = $env->getCharset();
-
-        if ('UTF-8' !== $charset) {
-            $values = twig_convert_encoding($values, 'UTF-8', $charset);
-        }
-
-        // unicode version of str_split()
-        // split at all positions, but not after the start and not before the end
-        $values = preg_split('/(?<!^)(?!$)/u', $values);
-
-        if ('UTF-8' !== $charset) {
-            foreach ($values as $i => $value) {
-                $values[$i] = twig_convert_encoding($value, $charset, 'UTF-8');
-            }
-        }
-    }
-
-    if (!twig_test_iterable($values)) {
-        return $values;
-    }
-
-    $values = twig_to_array($values);
-
-    if (0 === \count($values)) {
-        throw new RuntimeError('The random function cannot pick from an empty array.');
-    }
-
-    return $values[array_rand($values, 1)];
-}
-
-/**
- * Converts a date to the given format.
- *
- *   {{ post.published_at|date("m/d/Y") }}
- *
- * @param \DateTimeInterface|\DateInterval|string $date     A date
- * @param string|null                             $format   The target format, null to use the default
- * @param \DateTimeZone|string|false|null         $timezone The target timezone, null to use the default, false to leave unchanged
- *
- * @return string The formatted date
- */
-function twig_date_format_filter(Environment $env, $date, $format = null, $timezone = null)
-{
-    if (null === $format) {
-        $formats = $env->getExtension(CoreExtension::class)->getDateFormat();
-        $format = $date instanceof \DateInterval ? $formats[1] : $formats[0];
-    }
-
-    if ($date instanceof \DateInterval) {
-        return $date->format($format);
-    }
-
-    return twig_date_converter($env, $date, $timezone)->format($format);
-}
-
-/**
- * Returns a new date object modified.
- *
- *   {{ post.published_at|date_modify("-1day")|date("m/d/Y") }}
- *
- * @param \DateTimeInterface|string $date     A date
- * @param string                    $modifier A modifier string
- *
- * @return \DateTimeInterface
- */
-function twig_date_modify_filter(Environment $env, $date, $modifier)
-{
-    $date = twig_date_converter($env, $date, false);
-
-    return $date->modify($modifier);
-}
-
-/**
- * Returns a formatted string.
- *
- * @param string|null $format
- * @param ...$values
- *
- * @return string
- */
-function twig_sprintf($format, ...$values)
-{
-    return sprintf($format ?? '', ...$values);
-}
-
-/**
- * Converts an input to a \DateTime instance.
- *
- *    {% if date(user.created_at) < date('+2days') %}
- *      {# do something #}
- *    {% endif %}
- *
- * @param \DateTimeInterface|string|null  $date     A date or null to use the current time
- * @param \DateTimeZone|string|false|null $timezone The target timezone, null to use the default, false to leave unchanged
- *
- * @return \DateTimeInterface
- */
-function twig_date_converter(Environment $env, $date = null, $timezone = null)
-{
-    // determine the timezone
-    if (false !== $timezone) {
-        if (null === $timezone) {
-            $timezone = $env->getExtension(CoreExtension::class)->getTimezone();
-        } elseif (!$timezone instanceof \DateTimeZone) {
-            $timezone = new \DateTimeZone($timezone);
-        }
-    }
-
-    // immutable dates
-    if ($date instanceof \DateTimeImmutable) {
-        return false !== $timezone ? $date->setTimezone($timezone) : $date;
-    }
-
-    if ($date instanceof \DateTimeInterface) {
-        $date = clone $date;
         if (false !== $timezone) {
             $date->setTimezone($timezone);
         }
@@ -493,968 +557,1086 @@ function twig_date_converter(Environment $env, $date = null, $timezone = null)
         return $date;
     }
 
-    if (null === $date || 'now' === $date) {
-        if (null === $date) {
-            $date = 'now';
+    /**
+     * Replaces strings within a string.
+     *
+     * @param string|null        $str  String to replace in
+     * @param array|\Traversable $from Replace values
+     *
+     * @internal
+     */
+    public static function replace($str, $from): string
+    {
+        if (!is_iterable($from)) {
+            throw new RuntimeError(\sprintf('The "replace" filter expects a sequence/mapping or "Traversable" as replace values, got "%s".', \is_object($from) ? \get_class($from) : \gettype($from)));
         }
 
-        return new \DateTime($date, false !== $timezone ? $timezone : $env->getExtension(CoreExtension::class)->getTimezone());
+        return strtr($str ?? '', self::toArray($from));
     }
 
-    $asString = (string) $date;
-    if (ctype_digit($asString) || (!empty($asString) && '-' === $asString[0] && ctype_digit(substr($asString, 1)))) {
-        $date = new \DateTime('@'.$date);
-    } else {
-        $date = new \DateTime($date, $env->getExtension(CoreExtension::class)->getTimezone());
-    }
+    /**
+     * Rounds a number.
+     *
+     * @param int|float|string|null $value     The value to round
+     * @param int|float             $precision The rounding precision
+     * @param string                $method    The method to use for rounding
+     *
+     * @return int|float The rounded number
+     *
+     * @internal
+     */
+    public static function round($value, $precision = 0, $method = 'common')
+    {
+        $value = (float) $value;
 
-    if (false !== $timezone) {
-        $date->setTimezone($timezone);
-    }
-
-    return $date;
-}
-
-/**
- * Replaces strings within a string.
- *
- * @param string|null        $str  String to replace in
- * @param array|\Traversable $from Replace values
- *
- * @return string
- */
-function twig_replace_filter($str, $from)
-{
-    if (!twig_test_iterable($from)) {
-        throw new RuntimeError(sprintf('The "replace" filter expects an array or "Traversable" as replace values, got "%s".', \is_object($from) ? \get_class($from) : \gettype($from)));
-    }
-
-    return strtr($str ?? '', twig_to_array($from));
-}
-
-/**
- * Rounds a number.
- *
- * @param int|float|string|null $value     The value to round
- * @param int|float             $precision The rounding precision
- * @param string                $method    The method to use for rounding
- *
- * @return int|float The rounded number
- */
-function twig_round($value, $precision = 0, $method = 'common')
-{
-    $value = (float) $value;
-
-    if ('common' === $method) {
-        return round($value, $precision);
-    }
-
-    if ('ceil' !== $method && 'floor' !== $method) {
-        throw new RuntimeError('The round filter only supports the "common", "ceil", and "floor" methods.');
-    }
-
-    return $method($value * 10 ** $precision) / 10 ** $precision;
-}
-
-/**
- * Number format filter.
- *
- * All of the formatting options can be left null, in that case the defaults will
- * be used. Supplying any of the parameters will override the defaults set in the
- * environment object.
- *
- * @param mixed  $number       A float/int/string of the number to format
- * @param int    $decimal      the number of decimal points to display
- * @param string $decimalPoint the character(s) to use for the decimal point
- * @param string $thousandSep  the character(s) to use for the thousands separator
- *
- * @return string The formatted number
- */
-function twig_number_format_filter(Environment $env, $number, $decimal = null, $decimalPoint = null, $thousandSep = null)
-{
-    $defaults = $env->getExtension(CoreExtension::class)->getNumberFormat();
-    if (null === $decimal) {
-        $decimal = $defaults[0];
-    }
-
-    if (null === $decimalPoint) {
-        $decimalPoint = $defaults[1];
-    }
-
-    if (null === $thousandSep) {
-        $thousandSep = $defaults[2];
-    }
-
-    return number_format((float) $number, $decimal, $decimalPoint, $thousandSep);
-}
-
-/**
- * URL encodes (RFC 3986) a string as a path segment or an array as a query string.
- *
- * @param string|array|null $url A URL or an array of query parameters
- *
- * @return string The URL encoded value
- */
-function twig_urlencode_filter($url)
-{
-    if (\is_array($url)) {
-        return http_build_query($url, '', '&', \PHP_QUERY_RFC3986);
-    }
-
-    return rawurlencode($url ?? '');
-}
-
-/**
- * Merges an array with another one.
- *
- *  {% set items = { 'apple': 'fruit', 'orange': 'fruit' } %}
- *
- *  {% set items = items|merge({ 'peugeot': 'car' }) %}
- *
- *  {# items now contains { 'apple': 'fruit', 'orange': 'fruit', 'peugeot': 'car' } #}
- *
- * @param array|\Traversable $arr1 An array
- * @param array|\Traversable $arr2 An array
- *
- * @return array The merged array
- */
-function twig_array_merge($arr1, $arr2)
-{
-    if (!twig_test_iterable($arr1)) {
-        throw new RuntimeError(sprintf('The merge filter only works with arrays or "Traversable", got "%s" as first argument.', \gettype($arr1)));
-    }
-
-    if (!twig_test_iterable($arr2)) {
-        throw new RuntimeError(sprintf('The merge filter only works with arrays or "Traversable", got "%s" as second argument.', \gettype($arr2)));
-    }
-
-    return array_merge(twig_to_array($arr1), twig_to_array($arr2));
-}
-
-/**
- * Slices a variable.
- *
- * @param mixed $item         A variable
- * @param int   $start        Start of the slice
- * @param int   $length       Size of the slice
- * @param bool  $preserveKeys Whether to preserve key or not (when the input is an array)
- *
- * @return mixed The sliced variable
- */
-function twig_slice(Environment $env, $item, $start, $length = null, $preserveKeys = false)
-{
-    if ($item instanceof \Traversable) {
-        while ($item instanceof \IteratorAggregate) {
-            $item = $item->getIterator();
+        if ('common' === $method) {
+            return round($value, $precision);
         }
 
-        if ($start >= 0 && $length >= 0 && $item instanceof \Iterator) {
-            try {
-                return iterator_to_array(new \LimitIterator($item, $start, null === $length ? -1 : $length), $preserveKeys);
-            } catch (\OutOfBoundsException $e) {
-                return [];
+        if ('ceil' !== $method && 'floor' !== $method) {
+            throw new RuntimeError('The round filter only supports the "common", "ceil", and "floor" methods.');
+        }
+
+        return $method($value * 10 ** $precision) / 10 ** $precision;
+    }
+
+    /**
+     * Formats a number.
+     *
+     * All of the formatting options can be left null, in that case the defaults will
+     * be used. Supplying any of the parameters will override the defaults set in the
+     * environment object.
+     *
+     * @param mixed       $number       A float/int/string of the number to format
+     * @param int|null    $decimal      the number of decimal points to display
+     * @param string|null $decimalPoint the character(s) to use for the decimal point
+     * @param string|null $thousandSep  the character(s) to use for the thousands separator
+     */
+    public function formatNumber($number, $decimal = null, $decimalPoint = null, $thousandSep = null): string
+    {
+        $defaults = $this->getNumberFormat();
+        if (null === $decimal) {
+            $decimal = $defaults[0];
+        }
+
+        if (null === $decimalPoint) {
+            $decimalPoint = $defaults[1];
+        }
+
+        if (null === $thousandSep) {
+            $thousandSep = $defaults[2];
+        }
+
+        return number_format((float) $number, $decimal, $decimalPoint, $thousandSep);
+    }
+
+    /**
+     * URL encodes (RFC 3986) a string as a path segment or an array as a query string.
+     *
+     * @param string|array|null $url A URL or an array of query parameters
+     *
+     * @internal
+     */
+    public static function urlencode($url): string
+    {
+        if (\is_array($url)) {
+            return http_build_query($url, '', '&', \PHP_QUERY_RFC3986);
+        }
+
+        return rawurlencode($url ?? '');
+    }
+
+    /**
+     * Merges any number of arrays or Traversable objects.
+     *
+     *  {% set items = { 'apple': 'fruit', 'orange': 'fruit' } %}
+     *
+     *  {% set items = items|merge({ 'peugeot': 'car' }, { 'banana': 'fruit' }) %}
+     *
+     *  {# items now contains { 'apple': 'fruit', 'orange': 'fruit', 'peugeot': 'car', 'banana': 'fruit' } #}
+     *
+     * @param array|\Traversable ...$arrays Any number of arrays or Traversable objects to merge
+     *
+     * @internal
+     */
+    public static function merge(...$arrays): array
+    {
+        $result = [];
+
+        foreach ($arrays as $argNumber => $array) {
+            if (!is_iterable($array)) {
+                throw new RuntimeError(\sprintf('The merge filter only works with sequences/mappings or "Traversable", got "%s" for argument %d.', \gettype($array), $argNumber + 1));
             }
+
+            $result = array_merge($result, self::toArray($array));
         }
 
-        $item = iterator_to_array($item, $preserveKeys);
+        return $result;
     }
 
-    if (\is_array($item)) {
-        return \array_slice($item, $start, $length, $preserveKeys);
-    }
+    /**
+     * Slices a variable.
+     *
+     * @param mixed $item         A variable
+     * @param int   $start        Start of the slice
+     * @param int   $length       Size of the slice
+     * @param bool  $preserveKeys Whether to preserve key or not (when the input is an array)
+     *
+     * @return mixed The sliced variable
+     *
+     * @internal
+     */
+    public static function slice(string $charset, $item, $start, $length = null, $preserveKeys = false)
+    {
+        if ($item instanceof \Traversable) {
+            while ($item instanceof \IteratorAggregate) {
+                $item = $item->getIterator();
+            }
 
-    return (string) mb_substr((string) $item, $start, $length, $env->getCharset());
-}
+            if ($start >= 0 && $length >= 0 && $item instanceof \Iterator) {
+                try {
+                    return iterator_to_array(new \LimitIterator($item, $start, $length ?? -1), $preserveKeys);
+                } catch (\OutOfBoundsException $e) {
+                    return [];
+                }
+            }
 
-/**
- * Returns the first element of the item.
- *
- * @param mixed $item A variable
- *
- * @return mixed The first element of the item
- */
-function twig_first(Environment $env, $item)
-{
-    $elements = twig_slice($env, $item, 0, 1, false);
-
-    return \is_string($elements) ? $elements : current($elements);
-}
-
-/**
- * Returns the last element of the item.
- *
- * @param mixed $item A variable
- *
- * @return mixed The last element of the item
- */
-function twig_last(Environment $env, $item)
-{
-    $elements = twig_slice($env, $item, -1, 1, false);
-
-    return \is_string($elements) ? $elements : current($elements);
-}
-
-/**
- * Joins the values to a string.
- *
- * The separators between elements are empty strings per default, you can define them with the optional parameters.
- *
- *  {{ [1, 2, 3]|join(', ', ' and ') }}
- *  {# returns 1, 2 and 3 #}
- *
- *  {{ [1, 2, 3]|join('|') }}
- *  {# returns 1|2|3 #}
- *
- *  {{ [1, 2, 3]|join }}
- *  {# returns 123 #}
- *
- * @param array       $value An array
- * @param string      $glue  The separator
- * @param string|null $and   The separator for the last pair
- *
- * @return string The concatenated string
- */
-function twig_join_filter($value, $glue = '', $and = null)
-{
-    if (!twig_test_iterable($value)) {
-        $value = (array) $value;
-    }
-
-    $value = twig_to_array($value, false);
-
-    if (0 === \count($value)) {
-        return '';
-    }
-
-    if (null === $and || $and === $glue) {
-        return implode($glue, $value);
-    }
-
-    if (1 === \count($value)) {
-        return $value[0];
-    }
-
-    return implode($glue, \array_slice($value, 0, -1)).$and.$value[\count($value) - 1];
-}
-
-/**
- * Splits the string into an array.
- *
- *  {{ "one,two,three"|split(',') }}
- *  {# returns [one, two, three] #}
- *
- *  {{ "one,two,three,four,five"|split(',', 3) }}
- *  {# returns [one, two, "three,four,five"] #}
- *
- *  {{ "123"|split('') }}
- *  {# returns [1, 2, 3] #}
- *
- *  {{ "aabbcc"|split('', 2) }}
- *  {# returns [aa, bb, cc] #}
- *
- * @param string|null $value     A string
- * @param string      $delimiter The delimiter
- * @param int         $limit     The limit
- *
- * @return array The split string as an array
- */
-function twig_split_filter(Environment $env, $value, $delimiter, $limit = null)
-{
-    $value = $value ?? '';
-
-    if (\strlen($delimiter) > 0) {
-        return null === $limit ? explode($delimiter, $value) : explode($delimiter, $value, $limit);
-    }
-
-    if ($limit <= 1) {
-        return preg_split('/(?<!^)(?!$)/u', $value);
-    }
-
-    $length = mb_strlen($value, $env->getCharset());
-    if ($length < $limit) {
-        return [$value];
-    }
-
-    $r = [];
-    for ($i = 0; $i < $length; $i += $limit) {
-        $r[] = mb_substr($value, $i, $limit, $env->getCharset());
-    }
-
-    return $r;
-}
-
-// The '_default' filter is used internally to avoid using the ternary operator
-// which costs a lot for big contexts (before PHP 5.4). So, on average,
-// a function call is cheaper.
-/**
- * @internal
- */
-function _twig_default_filter($value, $default = '')
-{
-    if (twig_test_empty($value)) {
-        return $default;
-    }
-
-    return $value;
-}
-
-/**
- * Returns the keys for the given array.
- *
- * It is useful when you want to iterate over the keys of an array:
- *
- *  {% for key in array|keys %}
- *      {# ... #}
- *  {% endfor %}
- *
- * @param array $array An array
- *
- * @return array The keys
- */
-function twig_get_array_keys_filter($array)
-{
-    if ($array instanceof \Traversable) {
-        while ($array instanceof \IteratorAggregate) {
-            $array = $array->getIterator();
+            $item = iterator_to_array($item, $preserveKeys);
         }
 
-        $keys = [];
-        if ($array instanceof \Iterator) {
-            $array->rewind();
-            while ($array->valid()) {
-                $keys[] = $array->key();
-                $array->next();
+        if (\is_array($item)) {
+            return \array_slice($item, $start, $length, $preserveKeys);
+        }
+
+        return mb_substr((string) $item, $start, $length, $charset);
+    }
+
+    /**
+     * Returns the first element of the item.
+     *
+     * @param mixed $item A variable
+     *
+     * @return mixed The first element of the item
+     *
+     * @internal
+     */
+    public static function first(string $charset, $item)
+    {
+        $elements = self::slice($charset, $item, 0, 1, false);
+
+        return \is_string($elements) ? $elements : current($elements);
+    }
+
+    /**
+     * Returns the last element of the item.
+     *
+     * @param mixed $item A variable
+     *
+     * @return mixed The last element of the item
+     *
+     * @internal
+     */
+    public static function last(string $charset, $item)
+    {
+        $elements = self::slice($charset, $item, -1, 1, false);
+
+        return \is_string($elements) ? $elements : current($elements);
+    }
+
+    /**
+     * Joins the values to a string.
+     *
+     * The separators between elements are empty strings per default, you can define them with the optional parameters.
+     *
+     *  {{ [1, 2, 3]|join(', ', ' and ') }}
+     *  {# returns 1, 2 and 3 #}
+     *
+     *  {{ [1, 2, 3]|join('|') }}
+     *  {# returns 1|2|3 #}
+     *
+     *  {{ [1, 2, 3]|join }}
+     *  {# returns 123 #}
+     *
+     * @param array       $value An array
+     * @param string      $glue  The separator
+     * @param string|null $and   The separator for the last pair
+     *
+     * @internal
+     */
+    public static function join($value, $glue = '', $and = null): string
+    {
+        if (!is_iterable($value)) {
+            $value = (array) $value;
+        }
+
+        $value = self::toArray($value, false);
+
+        if (0 === \count($value)) {
+            return '';
+        }
+
+        if (null === $and || $and === $glue) {
+            return implode($glue, $value);
+        }
+
+        if (1 === \count($value)) {
+            return $value[0];
+        }
+
+        return implode($glue, \array_slice($value, 0, -1)).$and.$value[\count($value) - 1];
+    }
+
+    /**
+     * Splits the string into an array.
+     *
+     *  {{ "one,two,three"|split(',') }}
+     *  {# returns [one, two, three] #}
+     *
+     *  {{ "one,two,three,four,five"|split(',', 3) }}
+     *  {# returns [one, two, "three,four,five"] #}
+     *
+     *  {{ "123"|split('') }}
+     *  {# returns [1, 2, 3] #}
+     *
+     *  {{ "aabbcc"|split('', 2) }}
+     *  {# returns [aa, bb, cc] #}
+     *
+     * @param string|null $value     A string
+     * @param string      $delimiter The delimiter
+     * @param int|null    $limit     The limit
+     *
+     * @internal
+     */
+    public static function split(string $charset, $value, $delimiter, $limit = null): array
+    {
+        $value = $value ?? '';
+
+        if ('' !== $delimiter) {
+            return null === $limit ? explode($delimiter, $value) : explode($delimiter, $value, $limit);
+        }
+
+        if ($limit <= 1) {
+            return preg_split('/(?<!^)(?!$)/u', $value);
+        }
+
+        $length = mb_strlen($value, $charset);
+        if ($length < $limit) {
+            return [$value];
+        }
+
+        $r = [];
+        for ($i = 0; $i < $length; $i += $limit) {
+            $r[] = mb_substr($value, $i, $limit, $charset);
+        }
+
+        return $r;
+    }
+
+    /**
+     * @internal
+     */
+    public static function default($value, $default = '')
+    {
+        if (self::testEmpty($value)) {
+            return $default;
+        }
+
+        return $value;
+    }
+
+    /**
+     * Returns the keys for the given array.
+     *
+     * It is useful when you want to iterate over the keys of an array:
+     *
+     *  {% for key in array|keys %}
+     *      {# ... #}
+     *  {% endfor %}
+     *
+     * @internal
+     */
+    public static function keys($array): array
+    {
+        if ($array instanceof \Traversable) {
+            while ($array instanceof \IteratorAggregate) {
+                $array = $array->getIterator();
+            }
+
+            $keys = [];
+            if ($array instanceof \Iterator) {
+                $array->rewind();
+                while ($array->valid()) {
+                    $keys[] = $array->key();
+                    $array->next();
+                }
+
+                return $keys;
+            }
+
+            foreach ($array as $key => $item) {
+                $keys[] = $key;
             }
 
             return $keys;
         }
 
-        foreach ($array as $key => $item) {
-            $keys[] = $key;
+        if (!\is_array($array)) {
+            return [];
         }
 
-        return $keys;
+        return array_keys($array);
     }
 
-    if (!\is_array($array)) {
-        return [];
-    }
-
-    return array_keys($array);
-}
-
-/**
- * Reverses a variable.
- *
- * @param array|\Traversable|string|null $item         An array, a \Traversable instance, or a string
- * @param bool                           $preserveKeys Whether to preserve key or not
- *
- * @return mixed The reversed input
- */
-function twig_reverse_filter(Environment $env, $item, $preserveKeys = false)
-{
-    if ($item instanceof \Traversable) {
-        return array_reverse(iterator_to_array($item), $preserveKeys);
-    }
-
-    if (\is_array($item)) {
-        return array_reverse($item, $preserveKeys);
-    }
-
-    $string = (string) $item;
-
-    $charset = $env->getCharset();
-
-    if ('UTF-8' !== $charset) {
-        $string = twig_convert_encoding($string, 'UTF-8', $charset);
-    }
-
-    preg_match_all('/./us', $string, $matches);
-
-    $string = implode('', array_reverse($matches[0]));
-
-    if ('UTF-8' !== $charset) {
-        $string = twig_convert_encoding($string, $charset, 'UTF-8');
-    }
-
-    return $string;
-}
-
-/**
- * Sorts an array.
- *
- * @param array|\Traversable $array
- *
- * @return array
- */
-function twig_sort_filter(Environment $env, $array, $arrow = null)
-{
-    if ($array instanceof \Traversable) {
-        $array = iterator_to_array($array);
-    } elseif (!\is_array($array)) {
-        throw new RuntimeError(sprintf('The sort filter only works with arrays or "Traversable", got "%s".', \gettype($array)));
-    }
-
-    if (null !== $arrow) {
-        twig_check_arrow_in_sandbox($env, $arrow, 'sort', 'filter');
-
-        uasort($array, $arrow);
-    } else {
-        asort($array);
-    }
-
-    return $array;
-}
-
-/**
- * @internal
- */
-function twig_in_filter($value, $compare)
-{
-    if ($value instanceof Markup) {
-        $value = (string) $value;
-    }
-    if ($compare instanceof Markup) {
-        $compare = (string) $compare;
-    }
-
-    if (\is_string($compare)) {
-        if (\is_string($value) || \is_int($value) || \is_float($value)) {
-            return '' === $value || false !== strpos($compare, (string) $value);
+    /**
+     * Reverses a variable.
+     *
+     * @param array|\Traversable|string|null $item         An array, a \Traversable instance, or a string
+     * @param bool                           $preserveKeys Whether to preserve key or not
+     *
+     * @return mixed The reversed input
+     *
+     * @internal
+     */
+    public static function reverse(string $charset, $item, $preserveKeys = false)
+    {
+        if ($item instanceof \Traversable) {
+            return array_reverse(iterator_to_array($item), $preserveKeys);
         }
 
-        return false;
+        if (\is_array($item)) {
+            return array_reverse($item, $preserveKeys);
+        }
+
+        $string = (string) $item;
+
+        if ('UTF-8' !== $charset) {
+            $string = self::convertEncoding($string, 'UTF-8', $charset);
+        }
+
+        preg_match_all('/./us', $string, $matches);
+
+        $string = implode('', array_reverse($matches[0]));
+
+        if ('UTF-8' !== $charset) {
+            $string = self::convertEncoding($string, $charset, 'UTF-8');
+        }
+
+        return $string;
     }
 
-    if (!is_iterable($compare)) {
-        return false;
+    /**
+     * Shuffles an array, a \Traversable instance, or a string.
+     * The function does not preserve keys.
+     *
+     * @param array|\Traversable|string|null $item
+     *
+     * @return mixed
+     *
+     * @internal
+     */
+    public static function shuffle(string $charset, $item)
+    {
+        if (\is_string($item)) {
+            if ('UTF-8' !== $charset) {
+                $item = self::convertEncoding($item, 'UTF-8', $charset);
+            }
+
+            $item = preg_split('/(?<!^)(?!$)/u', $item, -1);
+            shuffle($item);
+            $item = implode('', $item);
+
+            if ('UTF-8' !== $charset) {
+                $item = self::convertEncoding($item, $charset, 'UTF-8');
+            }
+
+            return $item;
+        }
+
+        if (is_iterable($item)) {
+            $item = self::toArray($item, false);
+            shuffle($item);
+        }
+
+        return $item;
     }
 
-    if (\is_object($value) || \is_resource($value)) {
-        if (!\is_array($compare)) {
-            foreach ($compare as $item) {
-                if ($item === $value) {
-                    return true;
-                }
+    /**
+     * Sorts an array.
+     *
+     * @param array|\Traversable $array
+     *
+     * @internal
+     */
+    public static function sort(Environment $env, $array, $arrow = null): array
+    {
+        if ($array instanceof \Traversable) {
+            $array = iterator_to_array($array);
+        } elseif (!\is_array($array)) {
+            throw new RuntimeError(\sprintf('The sort filter only works with sequences/mappings or "Traversable", got "%s".', \gettype($array)));
+        }
+
+        if (null !== $arrow) {
+            self::checkArrowInSandbox($env, $arrow, 'sort', 'filter');
+
+            uasort($array, $arrow);
+        } else {
+            asort($array);
+        }
+
+        return $array;
+    }
+
+    /**
+     * @internal
+     */
+    public static function inFilter($value, $compare)
+    {
+        if ($value instanceof Markup) {
+            $value = (string) $value;
+        }
+        if ($compare instanceof Markup) {
+            $compare = (string) $compare;
+        }
+
+        if (\is_string($compare)) {
+            if (\is_string($value) || \is_int($value) || \is_float($value)) {
+                return '' === $value || str_contains($compare, (string) $value);
             }
 
             return false;
         }
 
-        return \in_array($value, $compare, true);
+        if (!is_iterable($compare)) {
+            return false;
+        }
+
+        if (\is_object($value) || \is_resource($value)) {
+            if (!\is_array($compare)) {
+                foreach ($compare as $item) {
+                    if ($item === $value) {
+                        return true;
+                    }
+                }
+
+                return false;
+            }
+
+            return \in_array($value, $compare, true);
+        }
+
+        foreach ($compare as $item) {
+            if (0 === self::compare($value, $item)) {
+                return true;
+            }
+        }
+
+        return false;
     }
 
-    foreach ($compare as $item) {
-        if (0 === twig_compare($value, $item)) {
-            return true;
+    /**
+     * Compares two values using a more strict version of the PHP non-strict comparison operator.
+     *
+     * @see https://wiki.php.net/rfc/string_to_number_comparison
+     * @see https://wiki.php.net/rfc/trailing_whitespace_numerics
+     *
+     * @internal
+     */
+    public static function compare($a, $b)
+    {
+        // int <=> string
+        if (\is_int($a) && \is_string($b)) {
+            $bTrim = trim($b, " \t\n\r\v\f");
+            if (!is_numeric($bTrim)) {
+                return (string) $a <=> $b;
+            }
+            if ((int) $bTrim == $bTrim) {
+                return $a <=> (int) $bTrim;
+            } else {
+                return (float) $a <=> (float) $bTrim;
+            }
+        }
+        if (\is_string($a) && \is_int($b)) {
+            $aTrim = trim($a, " \t\n\r\v\f");
+            if (!is_numeric($aTrim)) {
+                return $a <=> (string) $b;
+            }
+            if ((int) $aTrim == $aTrim) {
+                return (int) $aTrim <=> $b;
+            } else {
+                return (float) $aTrim <=> (float) $b;
+            }
+        }
+
+        // float <=> string
+        if (\is_float($a) && \is_string($b)) {
+            if (is_nan($a)) {
+                return 1;
+            }
+            $bTrim = trim($b, " \t\n\r\v\f");
+            if (!is_numeric($bTrim)) {
+                return (string) $a <=> $b;
+            }
+
+            return $a <=> (float) $bTrim;
+        }
+        if (\is_string($a) && \is_float($b)) {
+            if (is_nan($b)) {
+                return 1;
+            }
+            $aTrim = trim($a, " \t\n\r\v\f");
+            if (!is_numeric($aTrim)) {
+                return $a <=> (string) $b;
+            }
+
+            return (float) $aTrim <=> $b;
+        }
+
+        // fallback to <=>
+        return $a <=> $b;
+    }
+
+    /**
+     * @throws RuntimeError When an invalid pattern is used
+     *
+     * @internal
+     */
+    public static function matches(string $regexp, ?string $str): int
+    {
+        set_error_handler(function ($t, $m) use ($regexp) {
+            throw new RuntimeError(\sprintf('Regexp "%s" passed to "matches" is not valid', $regexp).substr($m, 12));
+        });
+        try {
+            return preg_match($regexp, $str ?? '');
+        } finally {
+            restore_error_handler();
         }
     }
 
-    return false;
-}
+    /**
+     * Returns a trimmed string.
+     *
+     * @param string|null $string
+     * @param string|null $characterMask
+     * @param string      $side
+     *
+     * @throws RuntimeError When an invalid trimming side is used (not a string or not 'left', 'right', or 'both')
+     *
+     * @internal
+     */
+    public static function trim($string, $characterMask = null, $side = 'both'): string
+    {
+        if (null === $characterMask) {
+            $characterMask = " \t\n\r\0\x0B";
+        }
 
-/**
- * Compares two values using a more strict version of the PHP non-strict comparison operator.
- *
- * @see https://wiki.php.net/rfc/string_to_number_comparison
- * @see https://wiki.php.net/rfc/trailing_whitespace_numerics
- *
- * @internal
- */
-function twig_compare($a, $b)
-{
-    // int <=> string
-    if (\is_int($a) && \is_string($b)) {
-        $bTrim = trim($b, " \t\n\r\v\f");
-        if (!is_numeric($bTrim)) {
-            return (string) $a <=> $b;
-        }
-        if ((int) $bTrim == $bTrim) {
-            return $a <=> (int) $bTrim;
-        } else {
-            return (float) $a <=> (float) $bTrim;
-        }
-    }
-    if (\is_string($a) && \is_int($b)) {
-        $aTrim = trim($a, " \t\n\r\v\f");
-        if (!is_numeric($aTrim)) {
-            return $a <=> (string) $b;
-        }
-        if ((int) $aTrim == $aTrim) {
-            return (int) $aTrim <=> $b;
-        } else {
-            return (float) $aTrim <=> (float) $b;
+        switch ($side) {
+            case 'both':
+                return trim($string ?? '', $characterMask);
+            case 'left':
+                return ltrim($string ?? '', $characterMask);
+            case 'right':
+                return rtrim($string ?? '', $characterMask);
+            default:
+                throw new RuntimeError('Trimming side must be "left", "right" or "both".');
         }
     }
 
-    // float <=> string
-    if (\is_float($a) && \is_string($b)) {
-        if (is_nan($a)) {
-            return 1;
-        }
-        $bTrim = trim($b, " \t\n\r\v\f");
-        if (!is_numeric($bTrim)) {
-            return (string) $a <=> $b;
+    /**
+     * Inserts HTML line breaks before all newlines in a string.
+     *
+     * @param string|null $string
+     *
+     * @internal
+     */
+    public static function nl2br($string): string
+    {
+        return nl2br($string ?? '');
+    }
+
+    /**
+     * Removes whitespaces between HTML tags.
+     *
+     * @param string|null $content
+     *
+     * @internal
+     */
+    public static function spaceless($content): string
+    {
+        return trim(preg_replace('/>\s+</', '><', $content ?? ''));
+    }
+
+    /**
+     * @param string|null $string
+     * @param string      $to
+     * @param string      $from
+     *
+     * @internal
+     */
+    public static function convertEncoding($string, $to, $from): string
+    {
+        if (!\function_exists('iconv')) {
+            throw new RuntimeError('Unable to convert encoding: required function iconv() does not exist. You should install ext-iconv or symfony/polyfill-iconv.');
         }
 
-        return $a <=> (float) $bTrim;
+        return iconv($from, $to, $string ?? '');
     }
-    if (\is_string($a) && \is_float($b)) {
-        if (is_nan($b)) {
-            return 1;
-        }
-        $aTrim = trim($a, " \t\n\r\v\f");
-        if (!is_numeric($aTrim)) {
-            return $a <=> (string) $b;
+
+    /**
+     * Returns the length of a variable.
+     *
+     * @param mixed $thing A variable
+     *
+     * @internal
+     */
+    public static function length(string $charset, $thing): int
+    {
+        if (null === $thing) {
+            return 0;
         }
 
-        return (float) $aTrim <=> $b;
+        if (\is_scalar($thing)) {
+            return mb_strlen($thing, $charset);
+        }
+
+        if ($thing instanceof \Countable || \is_array($thing) || $thing instanceof \SimpleXMLElement) {
+            return \count($thing);
+        }
+
+        if ($thing instanceof \Traversable) {
+            return iterator_count($thing);
+        }
+
+        if ($thing instanceof \Stringable) {
+            return mb_strlen((string) $thing, $charset);
+        }
+
+        return 1;
     }
 
-    // fallback to <=>
-    return $a <=> $b;
-}
-
-/**
- * Returns a trimmed string.
- *
- * @param string|null $string
- * @param string|null $characterMask
- * @param string      $side
- *
- * @return string
- *
- * @throws RuntimeError When an invalid trimming side is used (not a string or not 'left', 'right', or 'both')
- */
-function twig_trim_filter($string, $characterMask = null, $side = 'both')
-{
-    if (null === $characterMask) {
-        $characterMask = " \t\n\r\0\x0B";
+    /**
+     * Converts a string to uppercase.
+     *
+     * @param string|null $string A string
+     *
+     * @internal
+     */
+    public static function upper(string $charset, $string): string
+    {
+        return mb_strtoupper($string ?? '', $charset);
     }
 
-    switch ($side) {
-        case 'both':
-            return trim($string ?? '', $characterMask);
-        case 'left':
-            return ltrim($string ?? '', $characterMask);
-        case 'right':
-            return rtrim($string ?? '', $characterMask);
-        default:
-            throw new RuntimeError('Trimming side must be "left", "right" or "both".');
-    }
-}
-
-/**
- * Inserts HTML line breaks before all newlines in a string.
- *
- * @param string|null $string
- *
- * @return string
- */
-function twig_nl2br($string)
-{
-    return nl2br($string ?? '');
-}
-
-/**
- * Removes whitespaces between HTML tags.
- *
- * @param string|null $string
- *
- * @return string
- */
-function twig_spaceless($content)
-{
-    return trim(preg_replace('/>\s+</', '><', $content ?? ''));
-}
-
-/**
- * @param string|null $string
- * @param string      $to
- * @param string      $from
- *
- * @return string
- */
-function twig_convert_encoding($string, $to, $from)
-{
-    if (!\function_exists('iconv')) {
-        throw new RuntimeError('Unable to convert encoding: required function iconv() does not exist. You should install ext-iconv or symfony/polyfill-iconv.');
+    /**
+     * Converts a string to lowercase.
+     *
+     * @param string|null $string A string
+     *
+     * @internal
+     */
+    public static function lower(string $charset, $string): string
+    {
+        return mb_strtolower($string ?? '', $charset);
     }
 
-    return iconv($from, $to, $string ?? '');
-}
-
-/**
- * Returns the length of a variable.
- *
- * @param mixed $thing A variable
- *
- * @return int The length of the value
- */
-function twig_length_filter(Environment $env, $thing)
-{
-    if (null === $thing) {
-        return 0;
+    /**
+     * Strips HTML and PHP tags from a string.
+     *
+     * @param string|null          $string
+     * @param string[]|string|null $allowable_tags
+     *
+     * @internal
+     */
+    public static function striptags($string, $allowable_tags = null): string
+    {
+        return strip_tags($string ?? '', $allowable_tags);
     }
 
-    if (is_scalar($thing)) {
-        return mb_strlen($thing, $env->getCharset());
-    }
-
-    if ($thing instanceof \Countable || \is_array($thing) || $thing instanceof \SimpleXMLElement) {
-        return \count($thing);
-    }
-
-    if ($thing instanceof \Traversable) {
-        return iterator_count($thing);
-    }
-
-    if (method_exists($thing, '__toString') && !$thing instanceof \Countable) {
-        return mb_strlen((string) $thing, $env->getCharset());
-    }
-
-    return 1;
-}
-
-/**
- * Converts a string to uppercase.
- *
- * @param string|null $string A string
- *
- * @return string The uppercased string
- */
-function twig_upper_filter(Environment $env, $string)
-{
-    return mb_strtoupper($string ?? '', $env->getCharset());
-}
-
-/**
- * Converts a string to lowercase.
- *
- * @param string|null $string A string
- *
- * @return string The lowercased string
- */
-function twig_lower_filter(Environment $env, $string)
-{
-    return mb_strtolower($string ?? '', $env->getCharset());
-}
-
-/**
- * Strips HTML and PHP tags from a string.
- *
- * @param string|null $string
- * @param string[]|string|null $string
- *
- * @return string
- */
-function twig_striptags($string, $allowable_tags = null)
-{
-    return strip_tags($string ?? '', $allowable_tags);
-}
-
-/**
- * Returns a titlecased string.
- *
- * @param string|null $string A string
- *
- * @return string The titlecased string
- */
-function twig_title_string_filter(Environment $env, $string)
-{
-    if (null !== $charset = $env->getCharset()) {
+    /**
+     * Returns a titlecased string.
+     *
+     * @param string|null $string A string
+     *
+     * @internal
+     */
+    public static function titleCase(string $charset, $string): string
+    {
         return mb_convert_case($string ?? '', \MB_CASE_TITLE, $charset);
     }
 
-    return ucwords(strtolower($string ?? ''));
-}
+    /**
+     * Returns a capitalized string.
+     *
+     * @param string|null $string A string
+     *
+     * @internal
+     */
+    public static function capitalize(string $charset, $string): string
+    {
+        return mb_strtoupper(mb_substr($string ?? '', 0, 1, $charset), $charset).mb_strtolower(mb_substr($string ?? '', 1, null, $charset), $charset);
+    }
 
-/**
- * Returns a capitalized string.
- *
- * @param string|null $string A string
- *
- * @return string The capitalized string
- */
-function twig_capitalize_string_filter(Environment $env, $string)
-{
-    $charset = $env->getCharset();
+    /**
+     * @internal
+     */
+    public static function callMacro(Template $template, string $method, array $args, int $lineno, array $context, Source $source)
+    {
+        if (!method_exists($template, $method)) {
+            $parent = $template;
+            while ($parent = $parent->getParent($context)) {
+                if (method_exists($parent, $method)) {
+                    return $parent->$method(...$args);
+                }
+            }
 
-    return mb_strtoupper(mb_substr($string ?? '', 0, 1, $charset), $charset).mb_strtolower(mb_substr($string ?? '', 1, null, $charset), $charset);
-}
+            throw new RuntimeError(\sprintf('Macro "%s" is not defined in template "%s".', substr($method, \strlen('macro_')), $template->getTemplateName()), $lineno, $source);
+        }
 
-/**
- * @internal
- */
-function twig_call_macro(Template $template, string $method, array $args, int $lineno, array $context, Source $source)
-{
-    if (!method_exists($template, $method)) {
-        $parent = $template;
-        while ($parent = $parent->getParent($context)) {
-            if (method_exists($parent, $method)) {
-                return $parent->$method(...$args);
+        return $template->$method(...$args);
+    }
+
+    /**
+     * @template TSequence
+     *
+     * @param TSequence $seq
+     *
+     * @return ($seq is iterable ? TSequence : array{})
+     *
+     * @internal
+     */
+    public static function ensureTraversable($seq)
+    {
+        if (is_iterable($seq)) {
+            return $seq;
+        }
+
+        return [];
+    }
+
+    /**
+     * @internal
+     */
+    public static function toArray($seq, $preserveKeys = true)
+    {
+        if ($seq instanceof \Traversable) {
+            return iterator_to_array($seq, $preserveKeys);
+        }
+
+        if (!\is_array($seq)) {
+            return $seq;
+        }
+
+        return $preserveKeys ? $seq : array_values($seq);
+    }
+
+    /**
+     * Checks if a variable is empty.
+     *
+     *    {# evaluates to true if the foo variable is null, false, or the empty string #}
+     *    {% if foo is empty %}
+     *        {# ... #}
+     *    {% endif %}
+     *
+     * @param mixed $value A variable
+     *
+     * @internal
+     */
+    public static function testEmpty($value): bool
+    {
+        if ($value instanceof \Countable) {
+            return 0 === \count($value);
+        }
+
+        if ($value instanceof \Traversable) {
+            return !iterator_count($value);
+        }
+
+        if ($value instanceof \Stringable) {
+            return '' === (string) $value;
+        }
+
+        return '' === $value || false === $value || null === $value || [] === $value;
+    }
+
+    /**
+     * Checks if a variable is a sequence.
+     *
+     *    {# evaluates to true if the foo variable is a sequence #}
+     *    {% if foo is sequence %}
+     *        {# ... #}
+     *    {% endif %}
+     *
+     * @param mixed $value
+     *
+     * @internal
+     */
+    public static function testSequence($value): bool
+    {
+        if ($value instanceof \ArrayObject) {
+            $value = $value->getArrayCopy();
+        }
+
+        if ($value instanceof \Traversable) {
+            $value = iterator_to_array($value);
+        }
+
+        return \is_array($value) && array_is_list($value);
+    }
+
+    /**
+     * Checks if a variable is a mapping.
+     *
+     *    {# evaluates to true if the foo variable is a mapping #}
+     *    {% if foo is mapping %}
+     *        {# ... #}
+     *    {% endif %}
+     *
+     * @param mixed $value
+     *
+     * @internal
+     */
+    public static function testMapping($value): bool
+    {
+        if ($value instanceof \ArrayObject) {
+            $value = $value->getArrayCopy();
+        }
+
+        if ($value instanceof \Traversable) {
+            $value = iterator_to_array($value);
+        }
+
+        return (\is_array($value) && !array_is_list($value)) || \is_object($value);
+    }
+
+    /**
+     * Renders a template.
+     *
+     * @param array                        $context
+     * @param string|array|TemplateWrapper $template      The template to render or an array of templates to try consecutively
+     * @param array                        $variables     The variables to pass to the template
+     * @param bool                         $withContext
+     * @param bool                         $ignoreMissing Whether to ignore missing templates or not
+     * @param bool                         $sandboxed     Whether to sandbox the template or not
+     *
+     * @internal
+     */
+    public static function include(Environment $env, $context, $template, $variables = [], $withContext = true, $ignoreMissing = false, $sandboxed = false): string
+    {
+        $alreadySandboxed = false;
+        $sandbox = null;
+        if ($withContext) {
+            $variables = array_merge($context, $variables);
+        }
+
+        if ($isSandboxed = $sandboxed && $env->hasExtension(SandboxExtension::class)) {
+            $sandbox = $env->getExtension(SandboxExtension::class);
+            if (!$alreadySandboxed = $sandbox->isSandboxed()) {
+                $sandbox->enableSandbox();
             }
         }
 
-        throw new RuntimeError(sprintf('Macro "%s" is not defined in template "%s".', substr($method, \strlen('macro_')), $template->getTemplateName()), $lineno, $source);
-    }
-
-    return $template->$method(...$args);
-}
-
-/**
- * @internal
- */
-function twig_ensure_traversable($seq)
-{
-    if ($seq instanceof \Traversable || \is_array($seq)) {
-        return $seq;
-    }
-
-    return [];
-}
-
-/**
- * @internal
- */
-function twig_to_array($seq, $preserveKeys = true)
-{
-    if ($seq instanceof \Traversable) {
-        return iterator_to_array($seq, $preserveKeys);
-    }
-
-    if (!\is_array($seq)) {
-        return $seq;
-    }
-
-    return $preserveKeys ? $seq : array_values($seq);
-}
-
-/**
- * Checks if a variable is empty.
- *
- *    {# evaluates to true if the foo variable is null, false, or the empty string #}
- *    {% if foo is empty %}
- *        {# ... #}
- *    {% endif %}
- *
- * @param mixed $value A variable
- *
- * @return bool true if the value is empty, false otherwise
- */
-function twig_test_empty($value)
-{
-    if ($value instanceof \Countable) {
-        return 0 === \count($value);
-    }
-
-    if ($value instanceof \Traversable) {
-        return !iterator_count($value);
-    }
-
-    if (\is_object($value) && method_exists($value, '__toString')) {
-        return '' === (string) $value;
-    }
-
-    return '' === $value || false === $value || null === $value || [] === $value;
-}
-
-/**
- * Checks if a variable is traversable.
- *
- *    {# evaluates to true if the foo variable is an array or a traversable object #}
- *    {% if foo is iterable %}
- *        {# ... #}
- *    {% endif %}
- *
- * @param mixed $value A variable
- *
- * @return bool true if the value is traversable
- */
-function twig_test_iterable($value)
-{
-    return $value instanceof \Traversable || \is_array($value);
-}
-
-/**
- * Renders a template.
- *
- * @param array        $context
- * @param string|array $template      The template to render or an array of templates to try consecutively
- * @param array        $variables     The variables to pass to the template
- * @param bool         $withContext
- * @param bool         $ignoreMissing Whether to ignore missing templates or not
- * @param bool         $sandboxed     Whether to sandbox the template or not
- *
- * @return string The rendered template
- */
-function twig_include(Environment $env, $context, $template, $variables = [], $withContext = true, $ignoreMissing = false, $sandboxed = false)
-{
-    $alreadySandboxed = false;
-    $sandbox = null;
-    if ($withContext) {
-        $variables = array_merge($context, $variables);
-    }
-
-    if ($isSandboxed = $sandboxed && $env->hasExtension(SandboxExtension::class)) {
-        $sandbox = $env->getExtension(SandboxExtension::class);
-        if (!$alreadySandboxed = $sandbox->isSandboxed()) {
-            $sandbox->enableSandbox();
-        }
-
-        foreach ((\is_array($template) ? $template : [$template]) as $name) {
-            // if a Template instance is passed, it might have been instantiated outside of a sandbox, check security
-            if ($name instanceof TemplateWrapper || $name instanceof Template) {
-                $name->unwrap()->checkSecurity();
-            }
-        }
-    }
-
-    try {
-        $loaded = null;
         try {
-            $loaded = $env->resolveTemplate($template);
+            $loaded = null;
+            try {
+                $loaded = $env->resolveTemplate($template);
+            } catch (LoaderError $e) {
+                if (!$ignoreMissing) {
+                    throw $e;
+                }
+
+                return '';
+            }
+
+            if ($isSandboxed) {
+                $loaded->unwrap()->checkSecurity();
+            }
+
+            return $loaded->render($variables);
+        } finally {
+            if ($isSandboxed && !$alreadySandboxed) {
+                $sandbox->disableSandbox();
+            }
+        }
+    }
+
+    /**
+     * Returns a template content without rendering it.
+     *
+     * @param string $name          The template name
+     * @param bool   $ignoreMissing Whether to ignore missing templates or not
+     *
+     * @internal
+     */
+    public static function source(Environment $env, $name, $ignoreMissing = false): string
+    {
+        $loader = $env->getLoader();
+        try {
+            return $loader->getSourceContext($name)->getCode();
         } catch (LoaderError $e) {
             if (!$ignoreMissing) {
                 throw $e;
             }
-        }
 
-        return $loaded ? $loaded->render($variables) : '';
-    } finally {
-        if ($isSandboxed && !$alreadySandboxed) {
-            $sandbox->disableSandbox();
-        }
-    }
-}
-
-/**
- * Returns a template content without rendering it.
- *
- * @param string $name          The template name
- * @param bool   $ignoreMissing Whether to ignore missing templates or not
- *
- * @return string The template source
- */
-function twig_source(Environment $env, $name, $ignoreMissing = false)
-{
-    $loader = $env->getLoader();
-    try {
-        return $loader->getSourceContext($name)->getCode();
-    } catch (LoaderError $e) {
-        if (!$ignoreMissing) {
-            throw $e;
-        }
-    }
-}
-
-/**
- * Provides the ability to get constants from instances as well as class/global constants.
- *
- * @param string      $constant The name of the constant
- * @param object|null $object   The object to get the constant from
- *
- * @return string
- */
-function twig_constant($constant, $object = null)
-{
-    if (null !== $object) {
-        if ('class' === $constant) {
-            return \get_class($object);
-        }
-
-        $constant = \get_class($object).'::'.$constant;
-    }
-
-    return \constant($constant);
-}
-
-/**
- * Checks if a constant exists.
- *
- * @param string      $constant The name of the constant
- * @param object|null $object   The object to get the constant from
- *
- * @return bool
- */
-function twig_constant_is_defined($constant, $object = null)
-{
-    if (null !== $object) {
-        if ('class' === $constant) {
-            return true;
-        }
-
-        $constant = \get_class($object).'::'.$constant;
-    }
-
-    return \defined($constant);
-}
-
-/**
- * Batches item.
- *
- * @param array $items An array of items
- * @param int   $size  The size of the batch
- * @param mixed $fill  A value used to fill missing items
- *
- * @return array
- */
-function twig_array_batch($items, $size, $fill = null, $preserveKeys = true)
-{
-    if (!twig_test_iterable($items)) {
-        throw new RuntimeError(sprintf('The "batch" filter expects an array or "Traversable", got "%s".', \is_object($items) ? \get_class($items) : \gettype($items)));
-    }
-
-    $size = ceil($size);
-
-    $result = array_chunk(twig_to_array($items, $preserveKeys), $size, $preserveKeys);
-
-    if (null !== $fill && $result) {
-        $last = \count($result) - 1;
-        if ($fillCount = $size - \count($result[$last])) {
-            for ($i = 0; $i < $fillCount; ++$i) {
-                $result[$last][] = $fill;
-            }
+            return '';
         }
     }
 
-    return $result;
-}
+    /**
+     * Returns the list of cases of the enum.
+     *
+     * @template T of \UnitEnum
+     *
+     * @param class-string<T> $enum
+     *
+     * @return list<T>
+     *
+     * @internal
+     */
+    public static function enumCases(string $enum): array
+    {
+        if (!enum_exists($enum)) {
+            throw new RuntimeError(\sprintf('Enum "%s" does not exist.', $enum));
+        }
 
-/**
- * Returns the attribute value for a given array/object.
- *
- * @param mixed  $object            The object or array from where to get the item
- * @param mixed  $item              The item to get from the array or object
- * @param array  $arguments         An array of arguments to pass if the item is an object method
- * @param string $type              The type of attribute (@see \Twig\Template constants)
- * @param bool   $isDefinedTest     Whether this is only a defined check
- * @param bool   $ignoreStrictCheck Whether to ignore the strict attribute check or not
- * @param int    $lineno            The template line where the attribute was called
- *
- * @return mixed The attribute value, or a Boolean when $isDefinedTest is true, or null when the attribute is not set and $ignoreStrictCheck is true
- *
- * @throws RuntimeError if the attribute does not exist and Twig is running in strict mode and $isDefinedTest is false
- *
- * @internal
- */
-function twig_get_attribute(Environment $env, Source $source, $object, $item, array $arguments = [], $type = /* Template::ANY_CALL */ 'any', $isDefinedTest = false, $ignoreStrictCheck = false, $sandboxed = false, int $lineno = -1)
-{
-    // array
-    if (/* Template::METHOD_CALL */ 'method' !== $type) {
-        $arrayItem = \is_bool($item) || \is_float($item) ? (int) $item : $item;
+        return $enum::cases();
+    }
 
-        if (((\is_array($object) || $object instanceof \ArrayObject) && (isset($object[$arrayItem]) || \array_key_exists($arrayItem, (array) $object)))
-            || ($object instanceof ArrayAccess && isset($object[$arrayItem]))
-        ) {
-            if ($isDefinedTest) {
-                return true;
+    /**
+     * Provides the ability to get constants from instances as well as class/global constants.
+     *
+     * @param string      $constant     The name of the constant
+     * @param object|null $object       The object to get the constant from
+     * @param bool        $checkDefined Whether to check if the constant is defined or not
+     *
+     * @return mixed Class constants can return many types like scalars, arrays, and
+     *               objects depending on the PHP version (\BackedEnum, \UnitEnum, etc.)
+     *               When $checkDefined is true, returns true when the constant is defined, false otherwise
+     *
+     * @internal
+     */
+    public static function constant($constant, $object = null, bool $checkDefined = false)
+    {
+        if (null !== $object) {
+            if ('class' === $constant) {
+                return $checkDefined ? true : \get_class($object);
             }
 
-            return $object[$arrayItem];
+            $constant = \get_class($object).'::'.$constant;
         }
 
-        if (/* Template::ARRAY_CALL */ 'array' === $type || !\is_object($object)) {
+        if (!\defined($constant)) {
+            if ($checkDefined) {
+                return false;
+            }
+
+            if ('::class' === strtolower(substr($constant, -7))) {
+                throw new RuntimeError(\sprintf('You cannot use the Twig function "constant()" to access "%s". You could provide an object and call constant("class", $object) or use the class name directly as a string.', $constant));
+            }
+
+            throw new RuntimeError(\sprintf('Constant "%s" is undefined.', $constant));
+        }
+
+        return $checkDefined ? true : \constant($constant);
+    }
+
+    /**
+     * Batches item.
+     *
+     * @param array $items An array of items
+     * @param int   $size  The size of the batch
+     * @param mixed $fill  A value used to fill missing items
+     *
+     * @internal
+     */
+    public static function batch($items, $size, $fill = null, $preserveKeys = true): array
+    {
+        if (!is_iterable($items)) {
+            throw new RuntimeError(\sprintf('The "batch" filter expects a sequence/mapping or "Traversable", got "%s".', \is_object($items) ? \get_class($items) : \gettype($items)));
+        }
+
+        $size = (int) ceil($size);
+
+        $result = array_chunk(self::toArray($items, $preserveKeys), $size, $preserveKeys);
+
+        if (null !== $fill && $result) {
+            $last = \count($result) - 1;
+            if ($fillCount = $size - \count($result[$last])) {
+                for ($i = 0; $i < $fillCount; ++$i) {
+                    $result[$last][] = $fill;
+                }
+            }
+        }
+
+        return $result;
+    }
+
+    /**
+     * Returns the attribute value for a given array/object.
+     *
+     * @param mixed  $object            The object or array from where to get the item
+     * @param mixed  $item              The item to get from the array or object
+     * @param array  $arguments         An array of arguments to pass if the item is an object method
+     * @param string $type              The type of attribute (@see \Twig\Template constants)
+     * @param bool   $isDefinedTest     Whether this is only a defined check
+     * @param bool   $ignoreStrictCheck Whether to ignore the strict attribute check or not
+     * @param int    $lineno            The template line where the attribute was called
+     *
+     * @return mixed The attribute value, or a Boolean when $isDefinedTest is true, or null when the attribute is not set and $ignoreStrictCheck is true
+     *
+     * @throws RuntimeError if the attribute does not exist and Twig is running in strict mode and $isDefinedTest is false
+     *
+     * @internal
+     */
+    public static function getAttribute(Environment $env, Source $source, $object, $item, array $arguments = [], $type = Template::ANY_CALL, $isDefinedTest = false, $ignoreStrictCheck = false, $sandboxed = false, int $lineno = -1)
+    {
+        // array
+        if (Template::METHOD_CALL !== $type) {
+            $arrayItem = \is_bool($item) || \is_float($item) ? (int) $item : $item;
+
+            if (((\is_array($object) || $object instanceof \ArrayObject) && (isset($object[$arrayItem]) || \array_key_exists($arrayItem, (array) $object)))
+                || ($object instanceof \ArrayAccess && isset($object[$arrayItem]))
+            ) {
+                if ($isDefinedTest) {
+                    return true;
+                }
+
+                return $object[$arrayItem];
+            }
+
+            if (Template::ARRAY_CALL === $type || !\is_object($object)) {
+                if ($isDefinedTest) {
+                    return false;
+                }
+
+                if ($ignoreStrictCheck || !$env->isStrictVariables()) {
+                    return;
+                }
+
+                if ($object instanceof \ArrayAccess) {
+                    $message = \sprintf('Key "%s" in object with ArrayAccess of class "%s" does not exist.', $arrayItem, \get_class($object));
+                } elseif (\is_object($object)) {
+                    $message = \sprintf('Impossible to access a key "%s" on an object of class "%s" that does not implement ArrayAccess interface.', $item, \get_class($object));
+                } elseif (\is_array($object)) {
+                    if (empty($object)) {
+                        $message = \sprintf('Key "%s" does not exist as the sequence/mapping is empty.', $arrayItem);
+                    } else {
+                        $message = \sprintf('Key "%s" for sequence/mapping with keys "%s" does not exist.', $arrayItem, implode(', ', array_keys($object)));
+                    }
+                } elseif (Template::ARRAY_CALL === $type) {
+                    if (null === $object) {
+                        $message = \sprintf('Impossible to access a key ("%s") on a null variable.', $item);
+                    } else {
+                        $message = \sprintf('Impossible to access a key ("%s") on a %s variable ("%s").', $item, \gettype($object), $object);
+                    }
+                } elseif (null === $object) {
+                    $message = \sprintf('Impossible to access an attribute ("%s") on a null variable.', $item);
+                } else {
+                    $message = \sprintf('Impossible to access an attribute ("%s") on a %s variable ("%s").', $item, \gettype($object), $object);
+                }
+
+                throw new RuntimeError($message, $lineno, $source);
+            }
+        }
+
+        if (!\is_object($object)) {
             if ($isDefinedTest) {
                 return false;
             }
@@ -1463,233 +1645,326 @@ function twig_get_attribute(Environment $env, Source $source, $object, $item, ar
                 return;
             }
 
-            if ($object instanceof ArrayAccess) {
-                $message = sprintf('Key "%s" in object with ArrayAccess of class "%s" does not exist.', $arrayItem, \get_class($object));
-            } elseif (\is_object($object)) {
-                $message = sprintf('Impossible to access a key "%s" on an object of class "%s" that does not implement ArrayAccess interface.', $item, \get_class($object));
+            if (null === $object) {
+                $message = \sprintf('Impossible to invoke a method ("%s") on a null variable.', $item);
             } elseif (\is_array($object)) {
-                if (empty($object)) {
-                    $message = sprintf('Key "%s" does not exist as the array is empty.', $arrayItem);
-                } else {
-                    $message = sprintf('Key "%s" for array with keys "%s" does not exist.', $arrayItem, implode(', ', array_keys($object)));
-                }
-            } elseif (/* Template::ARRAY_CALL */ 'array' === $type) {
-                if (null === $object) {
-                    $message = sprintf('Impossible to access a key ("%s") on a null variable.', $item);
-                } else {
-                    $message = sprintf('Impossible to access a key ("%s") on a %s variable ("%s").', $item, \gettype($object), $object);
-                }
-            } elseif (null === $object) {
-                $message = sprintf('Impossible to access an attribute ("%s") on a null variable.', $item);
+                $message = \sprintf('Impossible to invoke a method ("%s") on a sequence/mapping.', $item);
             } else {
-                $message = sprintf('Impossible to access an attribute ("%s") on a %s variable ("%s").', $item, \gettype($object), $object);
+                $message = \sprintf('Impossible to invoke a method ("%s") on a %s variable ("%s").', $item, \gettype($object), $object);
             }
 
             throw new RuntimeError($message, $lineno, $source);
         }
-    }
 
-    if (!\is_object($object)) {
-        if ($isDefinedTest) {
-            return false;
+        if ($object instanceof Template) {
+            throw new RuntimeError('Accessing \Twig\Template attributes is forbidden.', $lineno, $source);
         }
 
-        if ($ignoreStrictCheck || !$env->isStrictVariables()) {
-            return;
-        }
+        // object property
+        if (Template::METHOD_CALL !== $type) {
+            if (isset($object->$item) || \array_key_exists((string) $item, (array) $object)) {
+                if ($isDefinedTest) {
+                    return true;
+                }
 
-        if (null === $object) {
-            $message = sprintf('Impossible to invoke a method ("%s") on a null variable.', $item);
-        } elseif (\is_array($object)) {
-            $message = sprintf('Impossible to invoke a method ("%s") on an array.', $item);
-        } else {
-            $message = sprintf('Impossible to invoke a method ("%s") on a %s variable ("%s").', $item, \gettype($object), $object);
-        }
+                if ($sandboxed) {
+                    $env->getExtension(SandboxExtension::class)->checkPropertyAllowed($object, $item, $lineno, $source);
+                }
 
-        throw new RuntimeError($message, $lineno, $source);
-    }
-
-    if ($object instanceof Template) {
-        throw new RuntimeError('Accessing \Twig\Template attributes is forbidden.', $lineno, $source);
-    }
-
-    // object property
-    if (/* Template::METHOD_CALL */ 'method' !== $type) {
-        if (isset($object->$item) || \array_key_exists((string) $item, (array) $object)) {
-            if ($isDefinedTest) {
-                return true;
+                return $object->$item;
             }
-
-            if ($sandboxed) {
-                $env->getExtension(SandboxExtension::class)->checkPropertyAllowed($object, $item, $lineno, $source);
-            }
-
-            return $object->$item;
         }
-    }
 
-    static $cache = [];
+        static $cache = [];
 
-    $class = \get_class($object);
+        $class = \get_class($object);
 
-    // object method
-    // precedence: getXxx() > isXxx() > hasXxx()
-    if (!isset($cache[$class])) {
-        $methods = get_class_methods($object);
-        sort($methods);
-        $lcMethods = array_map(function ($value) { return strtr($value, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'); }, $methods);
-        $classCache = [];
-        foreach ($methods as $i => $method) {
-            $classCache[$method] = $method;
-            $classCache[$lcName = $lcMethods[$i]] = $method;
+        // object method
+        // precedence: getXxx() > isXxx() > hasXxx()
+        if (!isset($cache[$class])) {
+            $methods = get_class_methods($object);
+            sort($methods);
+            $lcMethods = array_map(function ($value) { return strtr($value, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'); }, $methods);
+            $classCache = [];
+            foreach ($methods as $i => $method) {
+                $classCache[$method] = $method;
+                $classCache[$lcName = $lcMethods[$i]] = $method;
 
-            if ('g' === $lcName[0] && 0 === strpos($lcName, 'get')) {
-                $name = substr($method, 3);
-                $lcName = substr($lcName, 3);
-            } elseif ('i' === $lcName[0] && 0 === strpos($lcName, 'is')) {
-                $name = substr($method, 2);
-                $lcName = substr($lcName, 2);
-            } elseif ('h' === $lcName[0] && 0 === strpos($lcName, 'has')) {
-                $name = substr($method, 3);
-                $lcName = substr($lcName, 3);
-                if (\in_array('is'.$lcName, $lcMethods)) {
+                if ('g' === $lcName[0] && str_starts_with($lcName, 'get')) {
+                    $name = substr($method, 3);
+                    $lcName = substr($lcName, 3);
+                } elseif ('i' === $lcName[0] && str_starts_with($lcName, 'is')) {
+                    $name = substr($method, 2);
+                    $lcName = substr($lcName, 2);
+                } elseif ('h' === $lcName[0] && str_starts_with($lcName, 'has')) {
+                    $name = substr($method, 3);
+                    $lcName = substr($lcName, 3);
+                    if (\in_array('is'.$lcName, $lcMethods)) {
+                        continue;
+                    }
+                } else {
                     continue;
                 }
-            } else {
-                continue;
-            }
 
-            // skip get() and is() methods (in which case, $name is empty)
-            if ($name) {
-                if (!isset($classCache[$name])) {
-                    $classCache[$name] = $method;
-                }
+                // skip get() and is() methods (in which case, $name is empty)
+                if ($name) {
+                    if (!isset($classCache[$name])) {
+                        $classCache[$name] = $method;
+                    }
 
-                if (!isset($classCache[$lcName])) {
-                    $classCache[$lcName] = $method;
+                    if (!isset($classCache[$lcName])) {
+                        $classCache[$lcName] = $method;
+                    }
                 }
             }
+            $cache[$class] = $classCache;
+        }
+
+        $call = false;
+        if (isset($cache[$class][$item])) {
+            $method = $cache[$class][$item];
+        } elseif (isset($cache[$class][$lcItem = strtr($item, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz')])) {
+            $method = $cache[$class][$lcItem];
+        } elseif (isset($cache[$class]['__call'])) {
+            $method = $item;
+            $call = true;
+        } else {
+            if ($isDefinedTest) {
+                return false;
+            }
+
+            if ($ignoreStrictCheck || !$env->isStrictVariables()) {
+                return;
+            }
+
+            throw new RuntimeError(\sprintf('Neither the property "%1$s" nor one of the methods "%1$s()", "get%1$s()"/"is%1$s()"/"has%1$s()" or "__call()" exist and have public access in class "%2$s".', $item, $class), $lineno, $source);
         }
-        $cache[$class] = $classCache;
-    }
 
-    $call = false;
-    if (isset($cache[$class][$item])) {
-        $method = $cache[$class][$item];
-    } elseif (isset($cache[$class][$lcItem = strtr($item, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz')])) {
-        $method = $cache[$class][$lcItem];
-    } elseif (isset($cache[$class]['__call'])) {
-        $method = $item;
-        $call = true;
-    } else {
         if ($isDefinedTest) {
-            return false;
+            return true;
         }
 
-        if ($ignoreStrictCheck || !$env->isStrictVariables()) {
-            return;
+        if ($sandboxed) {
+            $env->getExtension(SandboxExtension::class)->checkMethodAllowed($object, $method, $lineno, $source);
         }
 
-        throw new RuntimeError(sprintf('Neither the property "%1$s" nor one of the methods "%1$s()", "get%1$s()"/"is%1$s()"/"has%1$s()" or "__call()" exist and have public access in class "%2$s".', $item, $class), $lineno, $source);
+        // Some objects throw exceptions when they have __call, and the method we try
+        // to call is not supported. If ignoreStrictCheck is true, we should return null.
+        try {
+            $ret = $object->$method(...$arguments);
+        } catch (\BadMethodCallException $e) {
+            if ($call && ($ignoreStrictCheck || !$env->isStrictVariables())) {
+                return;
+            }
+            throw $e;
+        }
+
+        return $ret;
     }
 
-    if ($isDefinedTest) {
+    /**
+     * Returns the values from a single column in the input array.
+     *
+     * <pre>
+     *  {% set items = [{ 'fruit' : 'apple'}, {'fruit' : 'orange' }] %}
+     *
+     *  {% set fruits = items|column('fruit') %}
+     *
+     *  {# fruits now contains ['apple', 'orange'] #}
+     * </pre>
+     *
+     * @param array|\Traversable $array An array
+     * @param int|string         $name  The column name
+     * @param int|string|null    $index The column to use as the index/keys for the returned array
+     *
+     * @return array The array of values
+     *
+     * @internal
+     */
+    public static function column($array, $name, $index = null): array
+    {
+        if ($array instanceof \Traversable) {
+            $array = iterator_to_array($array);
+        } elseif (!\is_array($array)) {
+            throw new RuntimeError(\sprintf('The column filter only works with sequences/mappings or "Traversable", got "%s" as first argument.', \gettype($array)));
+        }
+
+        return array_column($array, $name, $index);
+    }
+
+    /**
+     * @internal
+     */
+    public static function filter(Environment $env, $array, $arrow)
+    {
+        if (!is_iterable($array)) {
+            throw new RuntimeError(\sprintf('The "filter" filter expects a sequence/mapping or "Traversable", got "%s".', \is_object($array) ? \get_class($array) : \gettype($array)));
+        }
+
+        self::checkArrowInSandbox($env, $arrow, 'filter', 'filter');
+
+        if (\is_array($array)) {
+            return array_filter($array, $arrow, \ARRAY_FILTER_USE_BOTH);
+        }
+
+        // the IteratorIterator wrapping is needed as some internal PHP classes are \Traversable but do not implement \Iterator
+        return new \CallbackFilterIterator(new \IteratorIterator($array), $arrow);
+    }
+
+    /**
+     * @internal
+     */
+    public static function find(Environment $env, $array, $arrow)
+    {
+        self::checkArrowInSandbox($env, $arrow, 'find', 'filter');
+
+        foreach ($array as $k => $v) {
+            if ($arrow($v, $k)) {
+                return $v;
+            }
+        }
+
+        return null;
+    }
+
+    /**
+     * @internal
+     */
+    public static function map(Environment $env, $array, $arrow)
+    {
+        if (!is_iterable($array)) {
+            throw new RuntimeError(\sprintf('The "map" filter expects a sequence/mapping or "Traversable", got "%s".', get_debug_type($array)));
+        }
+
+        self::checkArrowInSandbox($env, $arrow, 'map', 'filter');
+
+        $r = [];
+        foreach ($array as $k => $v) {
+            $r[$k] = $arrow($v, $k);
+        }
+
+        return $r;
+    }
+
+    /**
+     * @internal
+     */
+    public static function reduce(Environment $env, $array, $arrow, $initial = null)
+    {
+        self::checkArrowInSandbox($env, $arrow, 'reduce', 'filter');
+
+        if (!\is_array($array) && !$array instanceof \Traversable) {
+            throw new RuntimeError(\sprintf('The "reduce" filter only works with sequences/mappings or "Traversable", got "%s" as first argument.', \gettype($array)));
+        }
+
+        $accumulator = $initial;
+        foreach ($array as $key => $value) {
+            $accumulator = $arrow($accumulator, $value, $key);
+        }
+
+        return $accumulator;
+    }
+
+    /**
+     * @internal
+     */
+    public static function arraySome(Environment $env, $array, $arrow)
+    {
+        self::checkArrowInSandbox($env, $arrow, 'has some', 'operator');
+
+        foreach ($array as $k => $v) {
+            if ($arrow($v, $k)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * @internal
+     */
+    public static function arrayEvery(Environment $env, $array, $arrow)
+    {
+        self::checkArrowInSandbox($env, $arrow, 'has every', 'operator');
+
+        foreach ($array as $k => $v) {
+            if (!$arrow($v, $k)) {
+                return false;
+            }
+        }
+
         return true;
     }
 
-    if ($sandboxed) {
-        $env->getExtension(SandboxExtension::class)->checkMethodAllowed($object, $method, $lineno, $source);
-    }
-
-    // Some objects throw exceptions when they have __call, and the method we try
-    // to call is not supported. If ignoreStrictCheck is true, we should return null.
-    try {
-        $ret = $object->$method(...$arguments);
-    } catch (\BadMethodCallException $e) {
-        if ($call && ($ignoreStrictCheck || !$env->isStrictVariables())) {
-            return;
+    /**
+     * @internal
+     */
+    public static function checkArrowInSandbox(Environment $env, $arrow, $thing, $type)
+    {
+        if (!$arrow instanceof \Closure && $env->hasExtension(SandboxExtension::class) && $env->getExtension(SandboxExtension::class)->isSandboxed()) {
+            throw new RuntimeError(\sprintf('The callable passed to the "%s" %s must be a Closure in sandbox mode.', $thing, $type));
         }
-        throw $e;
     }
 
-    return $ret;
-}
+    /**
+     * @internal to be removed in Twig 4
+     */
+    public static function captureOutput(iterable $body): string
+    {
+        $level = ob_get_level();
+        ob_start();
 
-/**
- * Returns the values from a single column in the input array.
- *
- * <pre>
- *  {% set items = [{ 'fruit' : 'apple'}, {'fruit' : 'orange' }] %}
- *
- *  {% set fruits = items|column('fruit') %}
- *
- *  {# fruits now contains ['apple', 'orange'] #}
- * </pre>
- *
- * @param array|Traversable $array An array
- * @param mixed             $name  The column name
- * @param mixed             $index The column to use as the index/keys for the returned array
- *
- * @return array The array of values
- */
-function twig_array_column($array, $name, $index = null): array
-{
-    if ($array instanceof Traversable) {
-        $array = iterator_to_array($array);
-    } elseif (!\is_array($array)) {
-        throw new RuntimeError(sprintf('The column filter only works with arrays or "Traversable", got "%s" as first argument.', \gettype($array)));
-    }
+        try {
+            foreach ($body as $data) {
+                echo $data;
+            }
+        } catch (\Throwable $e) {
+            while (ob_get_level() > $level) {
+                ob_end_clean();
+            }
 
-    return array_column($array, $name, $index);
-}
-
-function twig_array_filter(Environment $env, $array, $arrow)
-{
-    if (!twig_test_iterable($array)) {
-        throw new RuntimeError(sprintf('The "filter" filter expects an array or "Traversable", got "%s".', \is_object($array) ? \get_class($array) : \gettype($array)));
-    }
-
-    twig_check_arrow_in_sandbox($env, $arrow, 'filter', 'filter');
-
-    if (\is_array($array)) {
-        return array_filter($array, $arrow, \ARRAY_FILTER_USE_BOTH);
-    }
-
-    // the IteratorIterator wrapping is needed as some internal PHP classes are \Traversable but do not implement \Iterator
-    return new \CallbackFilterIterator(new \IteratorIterator($array), $arrow);
-}
-
-function twig_array_map(Environment $env, $array, $arrow)
-{
-    twig_check_arrow_in_sandbox($env, $arrow, 'map', 'filter');
-
-    $r = [];
-    foreach ($array as $k => $v) {
-        $r[$k] = $arrow($v, $k);
-    }
-
-    return $r;
-}
-
-function twig_array_reduce(Environment $env, $array, $arrow, $initial = null)
-{
-    twig_check_arrow_in_sandbox($env, $arrow, 'reduce', 'filter');
-
-    if (!\is_array($array)) {
-        if (!$array instanceof \Traversable) {
-            throw new RuntimeError(sprintf('The "reduce" filter only works with arrays or "Traversable", got "%s" as first argument.', \gettype($array)));
+            throw $e;
         }
 
-        $array = iterator_to_array($array);
+        return ob_get_clean();
     }
 
-    return array_reduce($array, $arrow, $initial);
-}
+    /**
+     * @internal
+     */
+    public static function parseParentFunction(Parser $parser, Node $fakeNode, $args, int $line): AbstractExpression
+    {
+        if (!$blockName = $parser->peekBlockStack()) {
+            throw new SyntaxError('Calling the "parent" function outside of a block is forbidden.', $line, $parser->getStream()->getSourceContext());
+        }
 
-function twig_check_arrow_in_sandbox(Environment $env, $arrow, $thing, $type)
-{
-    if (!$arrow instanceof Closure && $env->hasExtension('\Twig\Extension\SandboxExtension') && $env->getExtension('\Twig\Extension\SandboxExtension')->isSandboxed()) {
-        throw new RuntimeError(sprintf('The callable passed to the "%s" %s must be a Closure in sandbox mode.', $thing, $type));
+        if (!$parser->hasInheritance()) {
+            throw new SyntaxError('Calling the "parent" function on a template that does not call "extends" or "use" is forbidden.', $line, $parser->getStream()->getSourceContext());
+        }
+
+        return new ParentExpression($blockName, $line);
+    }
+
+    /**
+     * @internal
+     */
+    public static function parseBlockFunction(Parser $parser, Node $fakeNode, $args, int $line): AbstractExpression
+    {
+        $fakeFunction = new TwigFunction('block', fn ($name, $template = null) => null);
+        $args = (new CallableArgumentsExtractor($fakeNode, $fakeFunction))->extractArguments($args);
+
+        return new BlockReferenceExpression($args[0], $args[1] ?? null, $line);
+    }
+
+    /**
+     * @internal
+     */
+    public static function parseAttributeFunction(Parser $parser, Node $fakeNode, $args, int $line): AbstractExpression
+    {
+        $fakeFunction = new TwigFunction('attribute', fn ($variable, $attribute, $arguments = null) => null);
+        $args = (new CallableArgumentsExtractor($fakeNode, $fakeFunction))->extractArguments($args);
+
+        return new GetAttrExpression($args[0], $args[1], $args[2] ?? null, Template::ANY_CALL, $line);
     }
 }
-}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Extension/DebugExtension.php b/data/web/inc/lib/vendor/twig/twig/src/Extension/DebugExtension.php
index bfb23d7bd..dac21c317 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Extension/DebugExtension.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Extension/DebugExtension.php
@@ -9,7 +9,11 @@
  * file that was distributed with this source code.
  */
 
-namespace Twig\Extension {
+namespace Twig\Extension;
+
+use Twig\Environment;
+use Twig\Template;
+use Twig\TemplateWrapper;
 use Twig\TwigFunction;
 
 final class DebugExtension extends AbstractExtension
@@ -18,47 +22,41 @@ final class DebugExtension extends AbstractExtension
     {
         // dump is safe if var_dump is overridden by xdebug
         $isDumpOutputHtmlSafe = \extension_loaded('xdebug')
-            // false means that it was not set (and the default is on) or it explicitly enabled
-            && (false === ini_get('xdebug.overload_var_dump') || ini_get('xdebug.overload_var_dump'))
-            // false means that it was not set (and the default is on) or it explicitly enabled
-            // xdebug.overload_var_dump produces HTML only when html_errors is also enabled
-            && (false === ini_get('html_errors') || ini_get('html_errors'))
+            // Xdebug overloads var_dump in develop mode when html_errors is enabled
+            && str_contains(\ini_get('xdebug.mode'), 'develop')
+            && (false === \ini_get('html_errors') || \ini_get('html_errors'))
             || 'cli' === \PHP_SAPI
         ;
 
         return [
-            new TwigFunction('dump', 'twig_var_dump', ['is_safe' => $isDumpOutputHtmlSafe ? ['html'] : [], 'needs_context' => true, 'needs_environment' => true, 'is_variadic' => true]),
+            new TwigFunction('dump', [self::class, 'dump'], ['is_safe' => $isDumpOutputHtmlSafe ? ['html'] : [], 'needs_context' => true, 'needs_environment' => true, 'is_variadic' => true]),
         ];
     }
-}
-}
 
-namespace {
-use Twig\Environment;
-use Twig\Template;
-use Twig\TemplateWrapper;
-
-function twig_var_dump(Environment $env, $context, ...$vars)
-{
-    if (!$env->isDebug()) {
-        return;
-    }
-
-    ob_start();
-
-    if (!$vars) {
-        $vars = [];
-        foreach ($context as $key => $value) {
-            if (!$value instanceof Template && !$value instanceof TemplateWrapper) {
-                $vars[$key] = $value;
-            }
+    /**
+     * @internal
+     */
+    public static function dump(Environment $env, $context, ...$vars)
+    {
+        if (!$env->isDebug()) {
+            return;
         }
 
-        var_dump($vars);
-    } else {
-        var_dump(...$vars);
-    }
+        ob_start();
 
-    return ob_get_clean();
-}
+        if (!$vars) {
+            $vars = [];
+            foreach ($context as $key => $value) {
+                if (!$value instanceof Template && !$value instanceof TemplateWrapper) {
+                    $vars[$key] = $value;
+                }
+            }
+
+            var_dump($vars);
+        } else {
+            var_dump(...$vars);
+        }
+
+        return ob_get_clean();
+    }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Extension/EscaperExtension.php b/data/web/inc/lib/vendor/twig/twig/src/Extension/EscaperExtension.php
index 9d2251dc6..52531c436 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Extension/EscaperExtension.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Extension/EscaperExtension.php
@@ -9,22 +9,24 @@
  * file that was distributed with this source code.
  */
 
-namespace Twig\Extension {
+namespace Twig\Extension;
+
+use Twig\Environment;
 use Twig\FileExtensionEscapingStrategy;
+use Twig\Node\Expression\ConstantExpression;
+use Twig\Node\Expression\Filter\RawFilter;
+use Twig\Node\Node;
 use Twig\NodeVisitor\EscaperNodeVisitor;
+use Twig\Runtime\EscaperRuntime;
 use Twig\TokenParser\AutoEscapeTokenParser;
 use Twig\TwigFilter;
 
 final class EscaperExtension extends AbstractExtension
 {
-    private $defaultStrategy;
+    private $environment;
     private $escapers = [];
-
-    /** @internal */
-    public $safeClasses = [];
-
-    /** @internal */
-    public $safeLookup = [];
+    private $escaper;
+    private $defaultStrategy;
 
     /**
      * @param string|false|callable $defaultStrategy An escaping strategy
@@ -49,19 +51,43 @@ final class EscaperExtension extends AbstractExtension
     public function getFilters(): array
     {
         return [
-            new TwigFilter('escape', 'twig_escape_filter', ['needs_environment' => true, 'is_safe_callback' => 'twig_escape_filter_is_safe']),
-            new TwigFilter('e', 'twig_escape_filter', ['needs_environment' => true, 'is_safe_callback' => 'twig_escape_filter_is_safe']),
-            new TwigFilter('raw', 'twig_raw_filter', ['is_safe' => ['all']]),
+            new TwigFilter('escape', [EscaperRuntime::class, 'escape'], ['is_safe_callback' => [self::class, 'escapeFilterIsSafe']]),
+            new TwigFilter('e', [EscaperRuntime::class, 'escape'], ['is_safe_callback' => [self::class, 'escapeFilterIsSafe']]),
+            new TwigFilter('raw', null, ['is_safe' => ['all'], 'node_class' => RawFilter::class]),
         ];
     }
 
+    /**
+     * @deprecated since Twig 3.10
+     */
+    public function setEnvironment(Environment $environment): void
+    {
+        $triggerDeprecation = \func_num_args() > 1 ? func_get_arg(1) : true;
+        if ($triggerDeprecation) {
+            trigger_deprecation('twig/twig', '3.10', 'The "%s()" method is deprecated and not needed if you are using methods from "Twig\Runtime\EscaperRuntime".', __METHOD__);
+        }
+
+        $this->environment = $environment;
+        $this->escaper = $environment->getRuntime(EscaperRuntime::class);
+    }
+
+    /**
+     * @deprecated since Twig 3.10
+     */
+    public function setEscaperRuntime(EscaperRuntime $escaper)
+    {
+        trigger_deprecation('twig/twig', '3.10', 'The "%s()" method is deprecated and not needed if you are using methods from "Twig\Runtime\EscaperRuntime".', __METHOD__);
+
+        $this->escaper = $escaper;
+    }
+
     /**
      * Sets the default strategy to use when not defined by the user.
      *
      * The strategy can be a valid PHP callback that takes the template
      * name as an argument and returns the strategy to use.
      *
-     * @param string|false|callable $defaultStrategy An escaping strategy
+     * @param string|false|callable(string $templateName): string $defaultStrategy An escaping strategy
      */
     public function setDefaultStrategy($defaultStrategy): void
     {
@@ -93,324 +119,82 @@ final class EscaperExtension extends AbstractExtension
     /**
      * Defines a new escaper to be used via the escape filter.
      *
-     * @param string   $strategy The strategy name that should be used as a strategy in the escape call
-     * @param callable $callable A valid PHP callable
+     * @param string                                        $strategy The strategy name that should be used as a strategy in the escape call
+     * @param callable(Environment, string, string): string $callable A valid PHP callable
+     *
+     * @deprecated since Twig 3.10
      */
     public function setEscaper($strategy, callable $callable)
     {
+        trigger_deprecation('twig/twig', '3.10', 'The "%s()" method is deprecated, use the "Twig\Runtime\EscaperRuntime::setEscaper()" method instead (be warned that Environment is not passed anymore to the callable).', __METHOD__);
+
+        if (!isset($this->environment)) {
+            throw new \LogicException(\sprintf('You must call "setEnvironment()" before calling "%s()".', __METHOD__));
+        }
+
         $this->escapers[$strategy] = $callable;
+        $callable = function ($string, $charset) use ($callable) {
+            return $callable($this->environment, $string, $charset);
+        };
+
+        $this->escaper->setEscaper($strategy, $callable);
     }
 
     /**
      * Gets all defined escapers.
      *
-     * @return callable[] An array of escapers
+     * @return array<string, callable(Environment, string, string): string> An array of escapers
+     *
+     * @deprecated since Twig 3.10
      */
     public function getEscapers()
     {
+        trigger_deprecation('twig/twig', '3.10', 'The "%s()" method is deprecated, use the "Twig\Runtime\EscaperRuntime::getEscaper()" method instead.', __METHOD__);
+
         return $this->escapers;
     }
 
+    /**
+     * @deprecated since Twig 3.10
+     */
     public function setSafeClasses(array $safeClasses = [])
     {
-        $this->safeClasses = [];
-        $this->safeLookup = [];
-        foreach ($safeClasses as $class => $strategies) {
-            $this->addSafeClass($class, $strategies);
+        trigger_deprecation('twig/twig', '3.10', 'The "%s()" method is deprecated, use the "Twig\Runtime\EscaperRuntime::setSafeClasses()" method instead.', __METHOD__);
+
+        if (!isset($this->escaper)) {
+            throw new \LogicException(\sprintf('You must call "setEnvironment()" before calling "%s()".', __METHOD__));
         }
+
+        $this->escaper->setSafeClasses($safeClasses);
     }
 
+    /**
+     * @deprecated since Twig 3.10
+     */
     public function addSafeClass(string $class, array $strategies)
     {
-        $class = ltrim($class, '\\');
-        if (!isset($this->safeClasses[$class])) {
-            $this->safeClasses[$class] = [];
-        }
-        $this->safeClasses[$class] = array_merge($this->safeClasses[$class], $strategies);
+        trigger_deprecation('twig/twig', '3.10', 'The "%s()" method is deprecated, use the "Twig\Runtime\EscaperRuntime::addSafeClass()" method instead.', __METHOD__);
 
-        foreach ($strategies as $strategy) {
-            $this->safeLookup[$strategy][$class] = true;
-        }
-    }
-}
-}
-
-namespace {
-use Twig\Environment;
-use Twig\Error\RuntimeError;
-use Twig\Extension\EscaperExtension;
-use Twig\Markup;
-use Twig\Node\Expression\ConstantExpression;
-use Twig\Node\Node;
-
-/**
- * Marks a variable as being safe.
- *
- * @param string $string A PHP variable
- */
-function twig_raw_filter($string)
-{
-    return $string;
-}
-
-/**
- * Escapes a string.
- *
- * @param mixed  $string     The value to be escaped
- * @param string $strategy   The escaping strategy
- * @param string $charset    The charset
- * @param bool   $autoescape Whether the function is called by the auto-escaping feature (true) or by the developer (false)
- *
- * @return string
- */
-function twig_escape_filter(Environment $env, $string, $strategy = 'html', $charset = null, $autoescape = false)
-{
-    if ($autoescape && $string instanceof Markup) {
-        return $string;
-    }
-
-    if (!\is_string($string)) {
-        if (\is_object($string) && method_exists($string, '__toString')) {
-            if ($autoescape) {
-                $c = \get_class($string);
-                $ext = $env->getExtension(EscaperExtension::class);
-                if (!isset($ext->safeClasses[$c])) {
-                    $ext->safeClasses[$c] = [];
-                    foreach (class_parents($string) + class_implements($string) as $class) {
-                        if (isset($ext->safeClasses[$class])) {
-                            $ext->safeClasses[$c] = array_unique(array_merge($ext->safeClasses[$c], $ext->safeClasses[$class]));
-                            foreach ($ext->safeClasses[$class] as $s) {
-                                $ext->safeLookup[$s][$c] = true;
-                            }
-                        }
-                    }
-                }
-                if (isset($ext->safeLookup[$strategy][$c]) || isset($ext->safeLookup['all'][$c])) {
-                    return (string) $string;
-                }
-            }
-
-            $string = (string) $string;
-        } elseif (\in_array($strategy, ['html', 'js', 'css', 'html_attr', 'url'])) {
-            return $string;
-        }
-    }
-
-    if ('' === $string) {
-        return '';
-    }
-
-    if (null === $charset) {
-        $charset = $env->getCharset();
-    }
-
-    switch ($strategy) {
-        case 'html':
-            // see https://www.php.net/htmlspecialchars
-
-            // Using a static variable to avoid initializing the array
-            // each time the function is called. Moving the declaration on the
-            // top of the function slow downs other escaping strategies.
-            static $htmlspecialcharsCharsets = [
-                'ISO-8859-1' => true, 'ISO8859-1' => true,
-                'ISO-8859-15' => true, 'ISO8859-15' => true,
-                'utf-8' => true, 'UTF-8' => true,
-                'CP866' => true, 'IBM866' => true, '866' => true,
-                'CP1251' => true, 'WINDOWS-1251' => true, 'WIN-1251' => true,
-                '1251' => true,
-                'CP1252' => true, 'WINDOWS-1252' => true, '1252' => true,
-                'KOI8-R' => true, 'KOI8-RU' => true, 'KOI8R' => true,
-                'BIG5' => true, '950' => true,
-                'GB2312' => true, '936' => true,
-                'BIG5-HKSCS' => true,
-                'SHIFT_JIS' => true, 'SJIS' => true, '932' => true,
-                'EUC-JP' => true, 'EUCJP' => true,
-                'ISO8859-5' => true, 'ISO-8859-5' => true, 'MACROMAN' => true,
-            ];
-
-            if (isset($htmlspecialcharsCharsets[$charset])) {
-                return htmlspecialchars($string, \ENT_QUOTES | \ENT_SUBSTITUTE, $charset);
-            }
-
-            if (isset($htmlspecialcharsCharsets[strtoupper($charset)])) {
-                // cache the lowercase variant for future iterations
-                $htmlspecialcharsCharsets[$charset] = true;
-
-                return htmlspecialchars($string, \ENT_QUOTES | \ENT_SUBSTITUTE, $charset);
-            }
-
-            $string = twig_convert_encoding($string, 'UTF-8', $charset);
-            $string = htmlspecialchars($string, \ENT_QUOTES | \ENT_SUBSTITUTE, 'UTF-8');
-
-            return iconv('UTF-8', $charset, $string);
-
-        case 'js':
-            // escape all non-alphanumeric characters
-            // into their \x or \uHHHH representations
-            if ('UTF-8' !== $charset) {
-                $string = twig_convert_encoding($string, 'UTF-8', $charset);
-            }
-
-            if (!preg_match('//u', $string)) {
-                throw new RuntimeError('The string to escape is not a valid UTF-8 string.');
-            }
-
-            $string = preg_replace_callback('#[^a-zA-Z0-9,\._]#Su', function ($matches) {
-                $char = $matches[0];
-
-                /*
-                 * A few characters have short escape sequences in JSON and JavaScript.
-                 * Escape sequences supported only by JavaScript, not JSON, are omitted.
-                 * \" is also supported but omitted, because the resulting string is not HTML safe.
-                 */
-                static $shortMap = [
-                    '\\' => '\\\\',
-                    '/' => '\\/',
-                    "\x08" => '\b',
-                    "\x0C" => '\f',
-                    "\x0A" => '\n',
-                    "\x0D" => '\r',
-                    "\x09" => '\t',
-                ];
-
-                if (isset($shortMap[$char])) {
-                    return $shortMap[$char];
-                }
-
-                $codepoint = mb_ord($char, 'UTF-8');
-                if (0x10000 > $codepoint) {
-                    return sprintf('\u%04X', $codepoint);
-                }
-
-                // Split characters outside the BMP into surrogate pairs
-                // https://tools.ietf.org/html/rfc2781.html#section-2.1
-                $u = $codepoint - 0x10000;
-                $high = 0xD800 | ($u >> 10);
-                $low = 0xDC00 | ($u & 0x3FF);
-
-                return sprintf('\u%04X\u%04X', $high, $low);
-            }, $string);
-
-            if ('UTF-8' !== $charset) {
-                $string = iconv('UTF-8', $charset, $string);
-            }
-
-            return $string;
-
-        case 'css':
-            if ('UTF-8' !== $charset) {
-                $string = twig_convert_encoding($string, 'UTF-8', $charset);
-            }
-
-            if (!preg_match('//u', $string)) {
-                throw new RuntimeError('The string to escape is not a valid UTF-8 string.');
-            }
-
-            $string = preg_replace_callback('#[^a-zA-Z0-9]#Su', function ($matches) {
-                $char = $matches[0];
-
-                return sprintf('\\%X ', 1 === \strlen($char) ? \ord($char) : mb_ord($char, 'UTF-8'));
-            }, $string);
-
-            if ('UTF-8' !== $charset) {
-                $string = iconv('UTF-8', $charset, $string);
-            }
-
-            return $string;
-
-        case 'html_attr':
-            if ('UTF-8' !== $charset) {
-                $string = twig_convert_encoding($string, 'UTF-8', $charset);
-            }
-
-            if (!preg_match('//u', $string)) {
-                throw new RuntimeError('The string to escape is not a valid UTF-8 string.');
-            }
-
-            $string = preg_replace_callback('#[^a-zA-Z0-9,\.\-_]#Su', function ($matches) {
-                /**
-                 * This function is adapted from code coming from Zend Framework.
-                 *
-                 * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (https://www.zend.com)
-                 * @license   https://framework.zend.com/license/new-bsd New BSD License
-                 */
-                $chr = $matches[0];
-                $ord = \ord($chr);
-
-                /*
-                 * The following replaces characters undefined in HTML with the
-                 * hex entity for the Unicode replacement character.
-                 */
-                if (($ord <= 0x1f && "\t" != $chr && "\n" != $chr && "\r" != $chr) || ($ord >= 0x7f && $ord <= 0x9f)) {
-                    return '&#xFFFD;';
-                }
-
-                /*
-                 * Check if the current character to escape has a name entity we should
-                 * replace it with while grabbing the hex value of the character.
-                 */
-                if (1 === \strlen($chr)) {
-                    /*
-                     * While HTML supports far more named entities, the lowest common denominator
-                     * has become HTML5's XML Serialisation which is restricted to the those named
-                     * entities that XML supports. Using HTML entities would result in this error:
-                     *     XML Parsing Error: undefined entity
-                     */
-                    static $entityMap = [
-                        34 => '&quot;', /* quotation mark */
-                        38 => '&amp;',  /* ampersand */
-                        60 => '&lt;',   /* less-than sign */
-                        62 => '&gt;',   /* greater-than sign */
-                    ];
-
-                    if (isset($entityMap[$ord])) {
-                        return $entityMap[$ord];
-                    }
-
-                    return sprintf('&#x%02X;', $ord);
-                }
-
-                /*
-                 * Per OWASP recommendations, we'll use hex entities for any other
-                 * characters where a named entity does not exist.
-                 */
-                return sprintf('&#x%04X;', mb_ord($chr, 'UTF-8'));
-            }, $string);
-
-            if ('UTF-8' !== $charset) {
-                $string = iconv('UTF-8', $charset, $string);
-            }
-
-            return $string;
-
-        case 'url':
-            return rawurlencode($string);
-
-        default:
-            $escapers = $env->getExtension(EscaperExtension::class)->getEscapers();
-            if (array_key_exists($strategy, $escapers)) {
-                return $escapers[$strategy]($env, $string, $charset);
-            }
-
-            $validStrategies = implode(', ', array_merge(['html', 'js', 'url', 'css', 'html_attr'], array_keys($escapers)));
-
-            throw new RuntimeError(sprintf('Invalid escaping strategy "%s" (valid ones: %s).', $strategy, $validStrategies));
-    }
-}
-
-/**
- * @internal
- */
-function twig_escape_filter_is_safe(Node $filterArgs)
-{
-    foreach ($filterArgs as $arg) {
-        if ($arg instanceof ConstantExpression) {
-            return [$arg->getAttribute('value')];
+        if (!isset($this->escaper)) {
+            throw new \LogicException(\sprintf('You must call "setEnvironment()" before calling "%s()".', __METHOD__));
         }
 
-        return [];
+        $this->escaper->addSafeClass($class, $strategies);
     }
 
-    return ['html'];
-}
+    /**
+     * @internal
+     */
+    public static function escapeFilterIsSafe(Node $filterArgs)
+    {
+        foreach ($filterArgs as $arg) {
+            if ($arg instanceof ConstantExpression) {
+                return [$arg->getAttribute('value')];
+            }
+
+            return [];
+        }
+
+        return ['html'];
+    }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Extension/ExtensionInterface.php b/data/web/inc/lib/vendor/twig/twig/src/Extension/ExtensionInterface.php
index 75fa237e1..10a42b6b1 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Extension/ExtensionInterface.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Extension/ExtensionInterface.php
@@ -11,6 +11,8 @@
 
 namespace Twig\Extension;
 
+use Twig\ExpressionParser;
+use Twig\Node\Expression\AbstractExpression;
 use Twig\NodeVisitor\NodeVisitorInterface;
 use Twig\TokenParser\TokenParserInterface;
 use Twig\TwigFilter;
@@ -63,6 +65,11 @@ interface ExtensionInterface
      * Returns a list of operators to add to the existing list.
      *
      * @return array<array> First array of unary operators, second array of binary operators
+     *
+     * @psalm-return array{
+     *     array<string, array{precedence: int, class: class-string<AbstractExpression>}>,
+     *     array<string, array{precedence: int, class?: class-string<AbstractExpression>, associativity: ExpressionParser::OPERATOR_*}>
+     * }
      */
     public function getOperators();
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Extension/GlobalsInterface.php b/data/web/inc/lib/vendor/twig/twig/src/Extension/GlobalsInterface.php
index ec0c68292..d52cd107e 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Extension/GlobalsInterface.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Extension/GlobalsInterface.php
@@ -12,14 +12,14 @@
 namespace Twig\Extension;
 
 /**
- * Enables usage of the deprecated Twig\Extension\AbstractExtension::getGlobals() method.
- *
- * Explicitly implement this interface if you really need to implement the
- * deprecated getGlobals() method in your extensions.
+ * Allows Twig extensions to add globals to the context.
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
 interface GlobalsInterface
 {
+    /**
+     * @return array<string, mixed>
+     */
     public function getGlobals(): array;
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Extension/OptimizerExtension.php b/data/web/inc/lib/vendor/twig/twig/src/Extension/OptimizerExtension.php
index 965bfdb04..d3fe46a67 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Extension/OptimizerExtension.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Extension/OptimizerExtension.php
@@ -15,11 +15,9 @@ use Twig\NodeVisitor\OptimizerNodeVisitor;
 
 final class OptimizerExtension extends AbstractExtension
 {
-    private $optimizers;
-
-    public function __construct(int $optimizers = -1)
-    {
-        $this->optimizers = $optimizers;
+    public function __construct(
+        private int $optimizers = -1,
+    ) {
     }
 
     public function getNodeVisitors(): array
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Extension/SandboxExtension.php b/data/web/inc/lib/vendor/twig/twig/src/Extension/SandboxExtension.php
index c861159b6..4e96760f7 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Extension/SandboxExtension.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Extension/SandboxExtension.php
@@ -15,6 +15,7 @@ use Twig\NodeVisitor\SandboxNodeVisitor;
 use Twig\Sandbox\SecurityNotAllowedMethodError;
 use Twig\Sandbox\SecurityNotAllowedPropertyError;
 use Twig\Sandbox\SecurityPolicyInterface;
+use Twig\Sandbox\SourcePolicyInterface;
 use Twig\Source;
 use Twig\TokenParser\SandboxTokenParser;
 
@@ -23,11 +24,13 @@ final class SandboxExtension extends AbstractExtension
     private $sandboxedGlobally;
     private $sandboxed;
     private $policy;
+    private $sourcePolicy;
 
-    public function __construct(SecurityPolicyInterface $policy, $sandboxed = false)
+    public function __construct(SecurityPolicyInterface $policy, $sandboxed = false, ?SourcePolicyInterface $sourcePolicy = null)
     {
         $this->policy = $policy;
         $this->sandboxedGlobally = $sandboxed;
+        $this->sourcePolicy = $sourcePolicy;
     }
 
     public function getTokenParsers(): array
@@ -50,9 +53,9 @@ final class SandboxExtension extends AbstractExtension
         $this->sandboxed = false;
     }
 
-    public function isSandboxed(): bool
+    public function isSandboxed(?Source $source = null): bool
     {
-        return $this->sandboxedGlobally || $this->sandboxed;
+        return $this->sandboxedGlobally || $this->sandboxed || $this->isSourceSandboxed($source);
     }
 
     public function isSandboxedGlobally(): bool
@@ -60,6 +63,15 @@ final class SandboxExtension extends AbstractExtension
         return $this->sandboxedGlobally;
     }
 
+    private function isSourceSandboxed(?Source $source): bool
+    {
+        if (null === $source || null === $this->sourcePolicy) {
+            return false;
+        }
+
+        return $this->sourcePolicy->enableSandbox($source);
+    }
+
     public function setSecurityPolicy(SecurityPolicyInterface $policy)
     {
         $this->policy = $policy;
@@ -70,16 +82,16 @@ final class SandboxExtension extends AbstractExtension
         return $this->policy;
     }
 
-    public function checkSecurity($tags, $filters, $functions): void
+    public function checkSecurity($tags, $filters, $functions, ?Source $source = null): void
     {
-        if ($this->isSandboxed()) {
+        if ($this->isSandboxed($source)) {
             $this->policy->checkSecurity($tags, $filters, $functions);
         }
     }
 
-    public function checkMethodAllowed($obj, $method, int $lineno = -1, Source $source = null): void
+    public function checkMethodAllowed($obj, $method, int $lineno = -1, ?Source $source = null): void
     {
-        if ($this->isSandboxed()) {
+        if ($this->isSandboxed($source)) {
             try {
                 $this->policy->checkMethodAllowed($obj, $method);
             } catch (SecurityNotAllowedMethodError $e) {
@@ -91,9 +103,9 @@ final class SandboxExtension extends AbstractExtension
         }
     }
 
-    public function checkPropertyAllowed($obj, $property, int $lineno = -1, Source $source = null): void
+    public function checkPropertyAllowed($obj, $property, int $lineno = -1, ?Source $source = null): void
     {
-        if ($this->isSandboxed()) {
+        if ($this->isSandboxed($source)) {
             try {
                 $this->policy->checkPropertyAllowed($obj, $property);
             } catch (SecurityNotAllowedPropertyError $e) {
@@ -105,9 +117,9 @@ final class SandboxExtension extends AbstractExtension
         }
     }
 
-    public function ensureToStringAllowed($obj, int $lineno = -1, Source $source = null)
+    public function ensureToStringAllowed($obj, int $lineno = -1, ?Source $source = null)
     {
-        if ($this->isSandboxed() && \is_object($obj) && method_exists($obj, '__toString')) {
+        if ($this->isSandboxed($source) && $obj instanceof \Stringable) {
             try {
                 $this->policy->checkMethodAllowed($obj, '__toString');
             } catch (SecurityNotAllowedMethodError $e) {
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Extension/StagingExtension.php b/data/web/inc/lib/vendor/twig/twig/src/Extension/StagingExtension.php
index 0ea47f90c..59db2ca7d 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Extension/StagingExtension.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Extension/StagingExtension.php
@@ -35,7 +35,7 @@ final class StagingExtension extends AbstractExtension
     public function addFunction(TwigFunction $function): void
     {
         if (isset($this->functions[$function->getName()])) {
-            throw new \LogicException(sprintf('Function "%s" is already registered.', $function->getName()));
+            throw new \LogicException(\sprintf('Function "%s" is already registered.', $function->getName()));
         }
 
         $this->functions[$function->getName()] = $function;
@@ -49,7 +49,7 @@ final class StagingExtension extends AbstractExtension
     public function addFilter(TwigFilter $filter): void
     {
         if (isset($this->filters[$filter->getName()])) {
-            throw new \LogicException(sprintf('Filter "%s" is already registered.', $filter->getName()));
+            throw new \LogicException(\sprintf('Filter "%s" is already registered.', $filter->getName()));
         }
 
         $this->filters[$filter->getName()] = $filter;
@@ -73,7 +73,7 @@ final class StagingExtension extends AbstractExtension
     public function addTokenParser(TokenParserInterface $parser): void
     {
         if (isset($this->tokenParsers[$parser->getTag()])) {
-            throw new \LogicException(sprintf('Tag "%s" is already registered.', $parser->getTag()));
+            throw new \LogicException(\sprintf('Tag "%s" is already registered.', $parser->getTag()));
         }
 
         $this->tokenParsers[$parser->getTag()] = $parser;
@@ -87,7 +87,7 @@ final class StagingExtension extends AbstractExtension
     public function addTest(TwigTest $test): void
     {
         if (isset($this->tests[$test->getName()])) {
-            throw new \LogicException(sprintf('Test "%s" is already registered.', $test->getName()));
+            throw new \LogicException(\sprintf('Test "%s" is already registered.', $test->getName()));
         }
 
         $this->tests[$test->getName()] = $test;
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Extension/StringLoaderExtension.php b/data/web/inc/lib/vendor/twig/twig/src/Extension/StringLoaderExtension.php
index 7b4514710..698d181f1 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Extension/StringLoaderExtension.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Extension/StringLoaderExtension.php
@@ -9,7 +9,10 @@
  * file that was distributed with this source code.
  */
 
-namespace Twig\Extension {
+namespace Twig\Extension;
+
+use Twig\Environment;
+use Twig\TemplateWrapper;
 use Twig\TwigFunction;
 
 final class StringLoaderExtension extends AbstractExtension
@@ -17,26 +20,21 @@ final class StringLoaderExtension extends AbstractExtension
     public function getFunctions(): array
     {
         return [
-            new TwigFunction('template_from_string', 'twig_template_from_string', ['needs_environment' => true]),
+            new TwigFunction('template_from_string', [self::class, 'templateFromString'], ['needs_environment' => true]),
         ];
     }
-}
-}
 
-namespace {
-use Twig\Environment;
-use Twig\TemplateWrapper;
-
-/**
- * Loads a template from a string.
- *
- *     {{ include(template_from_string("Hello {{ name }}")) }}
- *
- * @param string $template A template as a string or object implementing __toString()
- * @param string $name     An optional name of the template to be used in error messages
- */
-function twig_template_from_string(Environment $env, $template, string $name = null): TemplateWrapper
-{
-    return $env->createTemplate((string) $template, $name);
-}
+    /**
+     * Loads a template from a string.
+     *
+     *     {{ include(template_from_string("Hello {{ name }}")) }}
+     *
+     * @param string|null $name An optional name of the template to be used in error messages
+     *
+     * @internal
+     */
+    public static function templateFromString(Environment $env, string|\Stringable $template, ?string $name = null): TemplateWrapper
+    {
+        return $env->createTemplate((string) $template, $name);
+    }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Extension/YieldNotReadyExtension.php b/data/web/inc/lib/vendor/twig/twig/src/Extension/YieldNotReadyExtension.php
new file mode 100644
index 000000000..49dfb8085
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/Extension/YieldNotReadyExtension.php
@@ -0,0 +1,30 @@
+<?php
+
+/*
+ * This file is part of Twig.
+ *
+ * (c) Fabien Potencier
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Twig\Extension;
+
+use Twig\NodeVisitor\YieldNotReadyNodeVisitor;
+
+/**
+ * @internal to be removed in Twig 4
+ */
+final class YieldNotReadyExtension extends AbstractExtension
+{
+    public function __construct(
+        private bool $useYield,
+    ) {
+    }
+
+    public function getNodeVisitors(): array
+    {
+        return [new YieldNotReadyNodeVisitor($this->useYield)];
+    }
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/ExtensionSet.php b/data/web/inc/lib/vendor/twig/twig/src/ExtensionSet.php
index 36e5bbc59..28d57a41c 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/ExtensionSet.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/ExtensionSet.php
@@ -15,6 +15,9 @@ use Twig\Error\RuntimeError;
 use Twig\Extension\ExtensionInterface;
 use Twig\Extension\GlobalsInterface;
 use Twig\Extension\StagingExtension;
+use Twig\Node\Expression\AbstractExpression;
+use Twig\Node\Expression\Binary\AbstractBinary;
+use Twig\Node\Expression\Unary\AbstractUnary;
 use Twig\NodeVisitor\NodeVisitorInterface;
 use Twig\TokenParser\TokenParserInterface;
 
@@ -31,11 +34,23 @@ final class ExtensionSet
     private $staging;
     private $parsers;
     private $visitors;
+    /** @var array<string, TwigFilter> */
     private $filters;
+    /** @var array<string, TwigFilter> */
+    private $dynamicFilters;
+    /** @var array<string, TwigTest> */
     private $tests;
+    /** @var array<string, TwigTest> */
+    private $dynamicTests;
+    /** @var array<string, TwigFunction> */
     private $functions;
+    /** @var array<string, TwigFunction> */
+    private $dynamicFunctions;
+    /** @var array<string, array{precedence: int, class: class-string<AbstractExpression>}> */
     private $unaryOperators;
+    /** @var array<string, array{precedence: int, class?: class-string<AbstractExpression>, associativity: ExpressionParser::OPERATOR_*}> */
     private $binaryOperators;
+    /** @var array<string, mixed> */
     private $globals;
     private $functionCallbacks = [];
     private $filterCallbacks = [];
@@ -62,7 +77,7 @@ final class ExtensionSet
         $class = ltrim($class, '\\');
 
         if (!isset($this->extensions[$class])) {
-            throw new RuntimeError(sprintf('The "%s" extension is not enabled.', $class));
+            throw new RuntimeError(\sprintf('The "%s" extension is not enabled.', $class));
         }
 
         return $this->extensions[$class];
@@ -117,11 +132,11 @@ final class ExtensionSet
         $class = \get_class($extension);
 
         if ($this->initialized) {
-            throw new \LogicException(sprintf('Unable to register extension "%s" as extensions have already been initialized.', $class));
+            throw new \LogicException(\sprintf('Unable to register extension "%s" as extensions have already been initialized.', $class));
         }
 
         if (isset($this->extensions[$class])) {
-            throw new \LogicException(sprintf('Unable to register extension "%s" as it is already registered.', $class));
+            throw new \LogicException(\sprintf('Unable to register extension "%s" as it is already registered.', $class));
         }
 
         $this->extensions[$class] = $extension;
@@ -130,7 +145,7 @@ final class ExtensionSet
     public function addFunction(TwigFunction $function): void
     {
         if ($this->initialized) {
-            throw new \LogicException(sprintf('Unable to add function "%s" as extensions have already been initialized.', $function->getName()));
+            throw new \LogicException(\sprintf('Unable to add function "%s" as extensions have already been initialized.', $function->getName()));
         }
 
         $this->staging->addFunction($function);
@@ -158,14 +173,11 @@ final class ExtensionSet
             return $this->functions[$name];
         }
 
-        foreach ($this->functions as $pattern => $function) {
-            $pattern = str_replace('\\*', '(.*?)', preg_quote($pattern, '#'), $count);
-
-            if ($count && preg_match('#^'.$pattern.'$#', $name, $matches)) {
+        foreach ($this->dynamicFunctions as $pattern => $function) {
+            if (preg_match($pattern, $name, $matches)) {
                 array_shift($matches);
-                $function->setArguments($matches);
 
-                return $function;
+                return $function->withDynamicArguments($name, $function->getName(), $matches);
             }
         }
 
@@ -186,7 +198,7 @@ final class ExtensionSet
     public function addFilter(TwigFilter $filter): void
     {
         if ($this->initialized) {
-            throw new \LogicException(sprintf('Unable to add filter "%s" as extensions have already been initialized.', $filter->getName()));
+            throw new \LogicException(\sprintf('Unable to add filter "%s" as extensions have already been initialized.', $filter->getName()));
         }
 
         $this->staging->addFilter($filter);
@@ -214,14 +226,11 @@ final class ExtensionSet
             return $this->filters[$name];
         }
 
-        foreach ($this->filters as $pattern => $filter) {
-            $pattern = str_replace('\\*', '(.*?)', preg_quote($pattern, '#'), $count);
-
-            if ($count && preg_match('#^'.$pattern.'$#', $name, $matches)) {
+        foreach ($this->dynamicFilters as $pattern => $filter) {
+            if (preg_match($pattern, $name, $matches)) {
                 array_shift($matches);
-                $filter->setArguments($matches);
 
-                return $filter;
+                return $filter->withDynamicArguments($name, $filter->getName(), $matches);
             }
         }
 
@@ -305,6 +314,9 @@ final class ExtensionSet
         $this->parserCallbacks[] = $callable;
     }
 
+    /**
+     * @return array<string, mixed>
+     */
     public function getGlobals(): array
     {
         if (null !== $this->globals) {
@@ -317,12 +329,7 @@ final class ExtensionSet
                 continue;
             }
 
-            $extGlobals = $extension->getGlobals();
-            if (!\is_array($extGlobals)) {
-                throw new \UnexpectedValueException(sprintf('"%s::getGlobals()" must return an array of globals.', \get_class($extension)));
-            }
-
-            $globals = array_merge($globals, $extGlobals);
+            $globals = array_merge($globals, $extension->getGlobals());
         }
 
         if ($this->initialized) {
@@ -332,10 +339,15 @@ final class ExtensionSet
         return $globals;
     }
 
+    public function resetGlobals(): void
+    {
+        $this->globals = null;
+    }
+
     public function addTest(TwigTest $test): void
     {
         if ($this->initialized) {
-            throw new \LogicException(sprintf('Unable to add test "%s" as extensions have already been initialized.', $test->getName()));
+            throw new \LogicException(\sprintf('Unable to add test "%s" as extensions have already been initialized.', $test->getName()));
         }
 
         $this->staging->addTest($test);
@@ -363,22 +375,20 @@ final class ExtensionSet
             return $this->tests[$name];
         }
 
-        foreach ($this->tests as $pattern => $test) {
-            $pattern = str_replace('\\*', '(.*?)', preg_quote($pattern, '#'), $count);
+        foreach ($this->dynamicTests as $pattern => $test) {
+            if (preg_match($pattern, $name, $matches)) {
+                array_shift($matches);
 
-            if ($count) {
-                if (preg_match('#^'.$pattern.'$#', $name, $matches)) {
-                    array_shift($matches);
-                    $test->setArguments($matches);
-
-                    return $test;
-                }
+                return $test->withDynamicArguments($name, $test->getName(), $matches);
             }
         }
 
         return null;
     }
 
+    /**
+     * @return array<string, array{precedence: int, class: class-string<AbstractExpression>}>
+     */
     public function getUnaryOperators(): array
     {
         if (!$this->initialized) {
@@ -388,6 +398,9 @@ final class ExtensionSet
         return $this->unaryOperators;
     }
 
+    /**
+     * @return array<string, array{precedence: int, class?: class-string<AbstractExpression>, associativity: ExpressionParser::OPERATOR_*}>
+     */
     public function getBinaryOperators(): array
     {
         if (!$this->initialized) {
@@ -403,6 +416,9 @@ final class ExtensionSet
         $this->filters = [];
         $this->functions = [];
         $this->tests = [];
+        $this->dynamicFilters = [];
+        $this->dynamicFunctions = [];
+        $this->dynamicTests = [];
         $this->visitors = [];
         $this->unaryOperators = [];
         $this->binaryOperators = [];
@@ -419,17 +435,26 @@ final class ExtensionSet
     {
         // filters
         foreach ($extension->getFilters() as $filter) {
-            $this->filters[$filter->getName()] = $filter;
+            $this->filters[$name = $filter->getName()] = $filter;
+            if (str_contains($name, '*')) {
+                $this->dynamicFilters['#^'.str_replace('\\*', '(.*?)', preg_quote($name, '#')).'$#'] = $filter;
+            }
         }
 
         // functions
         foreach ($extension->getFunctions() as $function) {
-            $this->functions[$function->getName()] = $function;
+            $this->functions[$name = $function->getName()] = $function;
+            if (str_contains($name, '*')) {
+                $this->dynamicFunctions['#^'.str_replace('\\*', '(.*?)', preg_quote($name, '#')).'$#'] = $function;
+            }
         }
 
         // tests
         foreach ($extension->getTests() as $test) {
-            $this->tests[$test->getName()] = $test;
+            $this->tests[$name = $test->getName()] = $test;
+            if (str_contains($name, '*')) {
+                $this->dynamicTests['#^'.str_replace('\\*', '(.*?)', preg_quote($name, '#')).'$#'] = $test;
+            }
         }
 
         // token parsers
@@ -449,11 +474,11 @@ final class ExtensionSet
         // operators
         if ($operators = $extension->getOperators()) {
             if (!\is_array($operators)) {
-                throw new \InvalidArgumentException(sprintf('"%s::getOperators()" must return an array with operators, got "%s".', \get_class($extension), \is_object($operators) ? \get_class($operators) : \gettype($operators).(\is_resource($operators) ? '' : '#'.$operators)));
+                throw new \InvalidArgumentException(\sprintf('"%s::getOperators()" must return an array with operators, got "%s".', \get_class($extension), \is_object($operators) ? \get_class($operators) : \gettype($operators).(\is_resource($operators) ? '' : '#'.$operators)));
             }
 
             if (2 !== \count($operators)) {
-                throw new \InvalidArgumentException(sprintf('"%s::getOperators()" must return an array of 2 elements, got %d.', \get_class($extension), \count($operators)));
+                throw new \InvalidArgumentException(\sprintf('"%s::getOperators()" must return an array of 2 elements, got %d.', \get_class($extension), \count($operators)));
             }
 
             $this->unaryOperators = array_merge($this->unaryOperators, $operators[0]);
diff --git a/data/web/inc/lib/vendor/twig/twig/src/FileExtensionEscapingStrategy.php b/data/web/inc/lib/vendor/twig/twig/src/FileExtensionEscapingStrategy.php
index 65198bbb6..812071bf9 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/FileExtensionEscapingStrategy.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/FileExtensionEscapingStrategy.php
@@ -37,7 +37,7 @@ class FileExtensionEscapingStrategy
             return 'html'; // return html for directories
         }
 
-        if ('.twig' === substr($name, -5)) {
+        if (str_ends_with($name, '.twig')) {
             $name = substr($name, 0, -5);
         }
 
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Lexer.php b/data/web/inc/lib/vendor/twig/twig/src/Lexer.php
index 9ff028c87..28feaa2c1 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Lexer.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Lexer.php
@@ -19,6 +19,8 @@ use Twig\Error\SyntaxError;
  */
 class Lexer
 {
+    private $isInitialized = false;
+
     private $tokens;
     private $code;
     private $cursor;
@@ -48,6 +50,14 @@ class Lexer
     public const REGEX_DQ_STRING_PART = '/[^#"\\\\]*(?:(?:\\\\.|#(?!\{))[^#"\\\\]*)*/As';
     public const PUNCTUATION = '()[]{}?:.,|';
 
+    private const SPECIAL_CHARS = [
+        'f' => "\f",
+        'n' => "\n",
+        'r' => "\r",
+        't' => "\t",
+        'v' => "\v",
+    ];
+
     public function __construct(Environment $env, array $options = [])
     {
         $this->env = $env;
@@ -61,6 +71,13 @@ class Lexer
             'whitespace_line_chars' => ' \t\0\x0B',
             'interpolation' => ['#{', '}'],
         ], $options);
+    }
+
+    private function initialize()
+    {
+        if ($this->isInitialized) {
+            return;
+        }
 
         // when PHP 7.3 is the min version, we will be able to remove the '#' part in preg_quote as it's part of the default
         $this->regexes = [
@@ -149,10 +166,14 @@ class Lexer
             'interpolation_start' => '{'.preg_quote($this->options['interpolation'][0], '#').'\s*}A',
             'interpolation_end' => '{\s*'.preg_quote($this->options['interpolation'][1], '#').'}A',
         ];
+
+        $this->isInitialized = true;
     }
 
     public function tokenize(Source $source): TokenStream
     {
+        $this->initialize();
+
         $this->source = $source;
         $this->code = str_replace(["\r\n", "\r"], "\n", $source->getCode());
         $this->cursor = 0;
@@ -194,11 +215,11 @@ class Lexer
             }
         }
 
-        $this->pushToken(/* Token::EOF_TYPE */ -1);
+        $this->pushToken(Token::EOF_TYPE);
 
         if (!empty($this->brackets)) {
-            list($expect, $lineno) = array_pop($this->brackets);
-            throw new SyntaxError(sprintf('Unclosed "%s".', $expect), $lineno, $this->source);
+            [$expect, $lineno] = array_pop($this->brackets);
+            throw new SyntaxError(\sprintf('Unclosed "%s".', $expect), $lineno, $this->source);
         }
 
         return new TokenStream($this->tokens, $this->source);
@@ -208,7 +229,7 @@ class Lexer
     {
         // if no matches are left we return the rest of the template as simple text token
         if ($this->position == \count($this->positions[0]) - 1) {
-            $this->pushToken(/* Token::TEXT_TYPE */ 0, substr($this->code, $this->cursor));
+            $this->pushToken(Token::TEXT_TYPE, substr($this->code, $this->cursor));
             $this->cursor = $this->end;
 
             return;
@@ -237,7 +258,7 @@ class Lexer
                 $text = rtrim($text, " \t\0\x0B");
             }
         }
-        $this->pushToken(/* Token::TEXT_TYPE */ 0, $text);
+        $this->pushToken(Token::TEXT_TYPE, $text);
         $this->moveCursor($textContent.$position[0]);
 
         switch ($this->positions[1][$this->position][0]) {
@@ -255,14 +276,14 @@ class Lexer
                     $this->moveCursor($match[0]);
                     $this->lineno = (int) $match[1];
                 } else {
-                    $this->pushToken(/* Token::BLOCK_START_TYPE */ 1);
+                    $this->pushToken(Token::BLOCK_START_TYPE);
                     $this->pushState(self::STATE_BLOCK);
                     $this->currentVarBlockLine = $this->lineno;
                 }
                 break;
 
             case $this->options['tag_variable'][0]:
-                $this->pushToken(/* Token::VAR_START_TYPE */ 2);
+                $this->pushToken(Token::VAR_START_TYPE);
                 $this->pushState(self::STATE_VAR);
                 $this->currentVarBlockLine = $this->lineno;
                 break;
@@ -272,7 +293,7 @@ class Lexer
     private function lexBlock(): void
     {
         if (empty($this->brackets) && preg_match($this->regexes['lex_block'], $this->code, $match, 0, $this->cursor)) {
-            $this->pushToken(/* Token::BLOCK_END_TYPE */ 3);
+            $this->pushToken(Token::BLOCK_END_TYPE);
             $this->moveCursor($match[0]);
             $this->popState();
         } else {
@@ -283,7 +304,7 @@ class Lexer
     private function lexVar(): void
     {
         if (empty($this->brackets) && preg_match($this->regexes['lex_var'], $this->code, $match, 0, $this->cursor)) {
-            $this->pushToken(/* Token::VAR_END_TYPE */ 4);
+            $this->pushToken(Token::VAR_END_TYPE);
             $this->moveCursor($match[0]);
             $this->popState();
         } else {
@@ -298,23 +319,28 @@ class Lexer
             $this->moveCursor($match[0]);
 
             if ($this->cursor >= $this->end) {
-                throw new SyntaxError(sprintf('Unclosed "%s".', self::STATE_BLOCK === $this->state ? 'block' : 'variable'), $this->currentVarBlockLine, $this->source);
+                throw new SyntaxError(\sprintf('Unclosed "%s".', self::STATE_BLOCK === $this->state ? 'block' : 'variable'), $this->currentVarBlockLine, $this->source);
             }
         }
 
+        // spread operator
+        if ('.' === $this->code[$this->cursor] && ($this->cursor + 2 < $this->end) && '.' === $this->code[$this->cursor + 1] && '.' === $this->code[$this->cursor + 2]) {
+            $this->pushToken(Token::SPREAD_TYPE, '...');
+            $this->moveCursor('...');
+        }
         // arrow function
-        if ('=' === $this->code[$this->cursor] && '>' === $this->code[$this->cursor + 1]) {
+        elseif ('=' === $this->code[$this->cursor] && ($this->cursor + 1 < $this->end) && '>' === $this->code[$this->cursor + 1]) {
             $this->pushToken(Token::ARROW_TYPE, '=>');
             $this->moveCursor('=>');
         }
         // operators
         elseif (preg_match($this->regexes['operator'], $this->code, $match, 0, $this->cursor)) {
-            $this->pushToken(/* Token::OPERATOR_TYPE */ 8, preg_replace('/\s+/', ' ', $match[0]));
+            $this->pushToken(Token::OPERATOR_TYPE, preg_replace('/\s+/', ' ', $match[0]));
             $this->moveCursor($match[0]);
         }
         // names
         elseif (preg_match(self::REGEX_NAME, $this->code, $match, 0, $this->cursor)) {
-            $this->pushToken(/* Token::NAME_TYPE */ 5, $match[0]);
+            $this->pushToken(Token::NAME_TYPE, $match[0]);
             $this->moveCursor($match[0]);
         }
         // numbers
@@ -323,33 +349,33 @@ class Lexer
             if (ctype_digit($match[0]) && $number <= \PHP_INT_MAX) {
                 $number = (int) $match[0]; // integers lower than the maximum
             }
-            $this->pushToken(/* Token::NUMBER_TYPE */ 6, $number);
+            $this->pushToken(Token::NUMBER_TYPE, $number);
             $this->moveCursor($match[0]);
         }
         // punctuation
-        elseif (false !== strpos(self::PUNCTUATION, $this->code[$this->cursor])) {
+        elseif (str_contains(self::PUNCTUATION, $this->code[$this->cursor])) {
             // opening bracket
-            if (false !== strpos('([{', $this->code[$this->cursor])) {
+            if (str_contains('([{', $this->code[$this->cursor])) {
                 $this->brackets[] = [$this->code[$this->cursor], $this->lineno];
             }
             // closing bracket
-            elseif (false !== strpos(')]}', $this->code[$this->cursor])) {
+            elseif (str_contains(')]}', $this->code[$this->cursor])) {
                 if (empty($this->brackets)) {
-                    throw new SyntaxError(sprintf('Unexpected "%s".', $this->code[$this->cursor]), $this->lineno, $this->source);
+                    throw new SyntaxError(\sprintf('Unexpected "%s".', $this->code[$this->cursor]), $this->lineno, $this->source);
                 }
 
-                list($expect, $lineno) = array_pop($this->brackets);
+                [$expect, $lineno] = array_pop($this->brackets);
                 if ($this->code[$this->cursor] != strtr($expect, '([{', ')]}')) {
-                    throw new SyntaxError(sprintf('Unclosed "%s".', $expect), $lineno, $this->source);
+                    throw new SyntaxError(\sprintf('Unclosed "%s".', $expect), $lineno, $this->source);
                 }
             }
 
-            $this->pushToken(/* Token::PUNCTUATION_TYPE */ 9, $this->code[$this->cursor]);
+            $this->pushToken(Token::PUNCTUATION_TYPE, $this->code[$this->cursor]);
             ++$this->cursor;
         }
         // strings
         elseif (preg_match(self::REGEX_STRING, $this->code, $match, 0, $this->cursor)) {
-            $this->pushToken(/* Token::STRING_TYPE */ 7, stripcslashes(substr($match[0], 1, -1)));
+            $this->pushToken(Token::STRING_TYPE, $this->stripcslashes(substr($match[0], 1, -1), substr($match[0], 0, 1)));
             $this->moveCursor($match[0]);
         }
         // opening double quoted string
@@ -360,10 +386,67 @@ class Lexer
         }
         // unlexable
         else {
-            throw new SyntaxError(sprintf('Unexpected character "%s".', $this->code[$this->cursor]), $this->lineno, $this->source);
+            throw new SyntaxError(\sprintf('Unexpected character "%s".', $this->code[$this->cursor]), $this->lineno, $this->source);
         }
     }
 
+    private function stripcslashes(string $str, string $quoteType): string
+    {
+        $result = '';
+        $length = \strlen($str);
+
+        $i = 0;
+        while ($i < $length) {
+            if (false === $pos = strpos($str, '\\', $i)) {
+                $result .= substr($str, $i);
+                break;
+            }
+
+            $result .= substr($str, $i, $pos - $i);
+            $i = $pos + 1;
+
+            if ($i >= $length) {
+                $result .= '\\';
+                break;
+            }
+
+            $nextChar = $str[$i];
+
+            if (isset(self::SPECIAL_CHARS[$nextChar])) {
+                $result .= self::SPECIAL_CHARS[$nextChar];
+            } elseif ('\\' === $nextChar) {
+                $result .= $nextChar;
+            } elseif ("'" === $nextChar || '"' === $nextChar) {
+                if ($nextChar !== $quoteType) {
+                    trigger_deprecation('twig/twig', '3.12', 'Character "%s" at position %d should not be escaped; the "\" character is ignored in Twig v3 but will not be in v4. Please remove the extra "\" character.', $nextChar, $i + 1);
+                }
+                $result .= $nextChar;
+            } elseif ('#' === $nextChar && $i + 1 < $length && '{' === $str[$i + 1]) {
+                $result .= '#{';
+                ++$i;
+            } elseif ('x' === $nextChar && $i + 1 < $length && ctype_xdigit($str[$i + 1])) {
+                $hex = $str[++$i];
+                if ($i + 1 < $length && ctype_xdigit($str[$i + 1])) {
+                    $hex .= $str[++$i];
+                }
+                $result .= \chr(hexdec($hex));
+            } elseif (ctype_digit($nextChar) && $nextChar < '8') {
+                $octal = $nextChar;
+                while ($i + 1 < $length && ctype_digit($str[$i + 1]) && $str[$i + 1] < '8' && \strlen($octal) < 3) {
+                    $octal .= $str[++$i];
+                }
+                $result .= \chr(octdec($octal));
+            } else {
+                trigger_deprecation('twig/twig', '3.12', 'Character "%s" at position %d should not be escaped; the "\" character is ignored in Twig v3 but will not be in v4. Please remove the extra "\" character.', $nextChar, $i + 1);
+                $result .= $nextChar;
+            }
+
+            ++$i;
+        }
+
+        return $result;
+    }
+
     private function lexRawData(): void
     {
         if (!preg_match($this->regexes['lex_raw_data'], $this->code, $match, \PREG_OFFSET_CAPTURE, $this->cursor)) {
@@ -385,7 +468,7 @@ class Lexer
             }
         }
 
-        $this->pushToken(/* Token::TEXT_TYPE */ 0, $text);
+        $this->pushToken(Token::TEXT_TYPE, $text);
     }
 
     private function lexComment(): void
@@ -401,23 +484,23 @@ class Lexer
     {
         if (preg_match($this->regexes['interpolation_start'], $this->code, $match, 0, $this->cursor)) {
             $this->brackets[] = [$this->options['interpolation'][0], $this->lineno];
-            $this->pushToken(/* Token::INTERPOLATION_START_TYPE */ 10);
+            $this->pushToken(Token::INTERPOLATION_START_TYPE);
             $this->moveCursor($match[0]);
             $this->pushState(self::STATE_INTERPOLATION);
-        } elseif (preg_match(self::REGEX_DQ_STRING_PART, $this->code, $match, 0, $this->cursor) && \strlen($match[0]) > 0) {
-            $this->pushToken(/* Token::STRING_TYPE */ 7, stripcslashes($match[0]));
+        } elseif (preg_match(self::REGEX_DQ_STRING_PART, $this->code, $match, 0, $this->cursor) && '' !== $match[0]) {
+            $this->pushToken(Token::STRING_TYPE, $this->stripcslashes($match[0], '"'));
             $this->moveCursor($match[0]);
         } elseif (preg_match(self::REGEX_DQ_STRING_DELIM, $this->code, $match, 0, $this->cursor)) {
-            list($expect, $lineno) = array_pop($this->brackets);
+            [$expect, $lineno] = array_pop($this->brackets);
             if ('"' != $this->code[$this->cursor]) {
-                throw new SyntaxError(sprintf('Unclosed "%s".', $expect), $lineno, $this->source);
+                throw new SyntaxError(\sprintf('Unclosed "%s".', $expect), $lineno, $this->source);
             }
 
             $this->popState();
             ++$this->cursor;
         } else {
             // unlexable
-            throw new SyntaxError(sprintf('Unexpected character "%s".', $this->code[$this->cursor]), $this->lineno, $this->source);
+            throw new SyntaxError(\sprintf('Unexpected character "%s".', $this->code[$this->cursor]), $this->lineno, $this->source);
         }
     }
 
@@ -426,7 +509,7 @@ class Lexer
         $bracket = end($this->brackets);
         if ($this->options['interpolation'][0] === $bracket[0] && preg_match($this->regexes['interpolation_end'], $this->code, $match, 0, $this->cursor)) {
             array_pop($this->brackets);
-            $this->pushToken(/* Token::INTERPOLATION_END_TYPE */ 11);
+            $this->pushToken(Token::INTERPOLATION_END_TYPE);
             $this->moveCursor($match[0]);
             $this->popState();
         } else {
@@ -437,7 +520,7 @@ class Lexer
     private function pushToken($type, $value = ''): void
     {
         // do not push empty text tokens
-        if (/* Token::TEXT_TYPE */ 0 === $type && '' === $value) {
+        if (Token::TEXT_TYPE === $type && '' === $value) {
             return;
         }
 
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Loader/ArrayLoader.php b/data/web/inc/lib/vendor/twig/twig/src/Loader/ArrayLoader.php
index 5d726c35a..2bb54b7a8 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Loader/ArrayLoader.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Loader/ArrayLoader.php
@@ -28,14 +28,12 @@ use Twig\Source;
  */
 final class ArrayLoader implements LoaderInterface
 {
-    private $templates = [];
-
     /**
      * @param array $templates An array of templates (keys are the names, and values are the source code)
      */
-    public function __construct(array $templates = [])
-    {
-        $this->templates = $templates;
+    public function __construct(
+        private array $templates = [],
+    ) {
     }
 
     public function setTemplate(string $name, string $template): void
@@ -46,7 +44,7 @@ final class ArrayLoader implements LoaderInterface
     public function getSourceContext(string $name): Source
     {
         if (!isset($this->templates[$name])) {
-            throw new LoaderError(sprintf('Template "%s" is not defined.', $name));
+            throw new LoaderError(\sprintf('Template "%s" is not defined.', $name));
         }
 
         return new Source($this->templates[$name], $name);
@@ -60,7 +58,7 @@ final class ArrayLoader implements LoaderInterface
     public function getCacheKey(string $name): string
     {
         if (!isset($this->templates[$name])) {
-            throw new LoaderError(sprintf('Template "%s" is not defined.', $name));
+            throw new LoaderError(\sprintf('Template "%s" is not defined.', $name));
         }
 
         return $name.':'.$this->templates[$name];
@@ -69,7 +67,7 @@ final class ArrayLoader implements LoaderInterface
     public function isFresh(string $name, int $time): bool
     {
         if (!isset($this->templates[$name])) {
-            throw new LoaderError(sprintf('Template "%s" is not defined.', $name));
+            throw new LoaderError(\sprintf('Template "%s" is not defined.', $name));
         }
 
         return true;
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Loader/ChainLoader.php b/data/web/inc/lib/vendor/twig/twig/src/Loader/ChainLoader.php
index fbf4f3a06..6e4f9511c 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Loader/ChainLoader.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Loader/ChainLoader.php
@@ -21,22 +21,28 @@ use Twig\Source;
  */
 final class ChainLoader implements LoaderInterface
 {
+    /**
+     * @var array<string, bool>
+     */
     private $hasSourceCache = [];
-    private $loaders = [];
 
     /**
-     * @param LoaderInterface[] $loaders
+     * @param iterable<LoaderInterface> $loaders
      */
-    public function __construct(array $loaders = [])
-    {
-        foreach ($loaders as $loader) {
-            $this->addLoader($loader);
-        }
+    public function __construct(
+        private iterable $loaders = [],
+    ) {
     }
 
     public function addLoader(LoaderInterface $loader): void
     {
-        $this->loaders[] = $loader;
+        $current = $this->loaders;
+
+        $this->loaders = (static function () use ($current, $loader): \Generator {
+            yield from $current;
+            yield $loader;
+        })();
+
         $this->hasSourceCache = [];
     }
 
@@ -45,13 +51,18 @@ final class ChainLoader implements LoaderInterface
      */
     public function getLoaders(): array
     {
+        if (!\is_array($this->loaders)) {
+            $this->loaders = iterator_to_array($this->loaders, false);
+        }
+
         return $this->loaders;
     }
 
     public function getSourceContext(string $name): Source
     {
         $exceptions = [];
-        foreach ($this->loaders as $loader) {
+
+        foreach ($this->getLoaders() as $loader) {
             if (!$loader->exists($name)) {
                 continue;
             }
@@ -63,7 +74,7 @@ final class ChainLoader implements LoaderInterface
             }
         }
 
-        throw new LoaderError(sprintf('Template "%s" is not defined%s.', $name, $exceptions ? ' ('.implode(', ', $exceptions).')' : ''));
+        throw new LoaderError(\sprintf('Template "%s" is not defined%s.', $name, $exceptions ? ' ('.implode(', ', $exceptions).')' : ''));
     }
 
     public function exists(string $name): bool
@@ -72,7 +83,7 @@ final class ChainLoader implements LoaderInterface
             return $this->hasSourceCache[$name];
         }
 
-        foreach ($this->loaders as $loader) {
+        foreach ($this->getLoaders() as $loader) {
             if ($loader->exists($name)) {
                 return $this->hasSourceCache[$name] = true;
             }
@@ -84,7 +95,8 @@ final class ChainLoader implements LoaderInterface
     public function getCacheKey(string $name): string
     {
         $exceptions = [];
-        foreach ($this->loaders as $loader) {
+
+        foreach ($this->getLoaders() as $loader) {
             if (!$loader->exists($name)) {
                 continue;
             }
@@ -96,13 +108,14 @@ final class ChainLoader implements LoaderInterface
             }
         }
 
-        throw new LoaderError(sprintf('Template "%s" is not defined%s.', $name, $exceptions ? ' ('.implode(', ', $exceptions).')' : ''));
+        throw new LoaderError(\sprintf('Template "%s" is not defined%s.', $name, $exceptions ? ' ('.implode(', ', $exceptions).')' : ''));
     }
 
     public function isFresh(string $name, int $time): bool
     {
         $exceptions = [];
-        foreach ($this->loaders as $loader) {
+
+        foreach ($this->getLoaders() as $loader) {
             if (!$loader->exists($name)) {
                 continue;
             }
@@ -114,6 +127,6 @@ final class ChainLoader implements LoaderInterface
             }
         }
 
-        throw new LoaderError(sprintf('Template "%s" is not defined%s.', $name, $exceptions ? ' ('.implode(', ', $exceptions).')' : ''));
+        throw new LoaderError(\sprintf('Template "%s" is not defined%s.', $name, $exceptions ? ' ('.implode(', ', $exceptions).')' : ''));
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Loader/FilesystemLoader.php b/data/web/inc/lib/vendor/twig/twig/src/Loader/FilesystemLoader.php
index 62267a11c..c60964f5f 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Loader/FilesystemLoader.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Loader/FilesystemLoader.php
@@ -34,9 +34,9 @@ class FilesystemLoader implements LoaderInterface
      * @param string|array $paths    A path or an array of paths where to look for templates
      * @param string|null  $rootPath The root path common to all relative paths (null for getcwd())
      */
-    public function __construct($paths = [], string $rootPath = null)
+    public function __construct($paths = [], ?string $rootPath = null)
     {
-        $this->rootPath = (null === $rootPath ? getcwd() : $rootPath).\DIRECTORY_SEPARATOR;
+        $this->rootPath = ($rootPath ?? getcwd()).\DIRECTORY_SEPARATOR;
         if (null !== $rootPath && false !== ($realPath = realpath($rootPath))) {
             $this->rootPath = $realPath.\DIRECTORY_SEPARATOR;
         }
@@ -89,7 +89,7 @@ class FilesystemLoader implements LoaderInterface
 
         $checkPath = $this->isAbsolutePath($path) ? $path : $this->rootPath.$path;
         if (!is_dir($checkPath)) {
-            throw new LoaderError(sprintf('The "%s" directory does not exist ("%s").', $path, $checkPath));
+            throw new LoaderError(\sprintf('The "%s" directory does not exist ("%s").', $path, $checkPath));
         }
 
         $this->paths[$namespace][] = rtrim($path, '/\\');
@@ -105,7 +105,7 @@ class FilesystemLoader implements LoaderInterface
 
         $checkPath = $this->isAbsolutePath($path) ? $path : $this->rootPath.$path;
         if (!is_dir($checkPath)) {
-            throw new LoaderError(sprintf('The "%s" directory does not exist ("%s").', $path, $checkPath));
+            throw new LoaderError(\sprintf('The "%s" directory does not exist ("%s").', $path, $checkPath));
         }
 
         $path = rtrim($path, '/\\');
@@ -183,7 +183,7 @@ class FilesystemLoader implements LoaderInterface
         }
 
         try {
-            list($namespace, $shortname) = $this->parseName($name);
+            [$namespace, $shortname] = $this->parseName($name);
 
             $this->validateName($shortname);
         } catch (LoaderError $e) {
@@ -195,7 +195,7 @@ class FilesystemLoader implements LoaderInterface
         }
 
         if (!isset($this->paths[$namespace])) {
-            $this->errorCache[$name] = sprintf('There are no registered paths for namespace "%s".', $namespace);
+            $this->errorCache[$name] = \sprintf('There are no registered paths for namespace "%s".', $namespace);
 
             if (!$throw) {
                 return null;
@@ -218,7 +218,7 @@ class FilesystemLoader implements LoaderInterface
             }
         }
 
-        $this->errorCache[$name] = sprintf('Unable to find template "%s" (looked into: %s).', $name, implode(', ', $this->paths[$namespace]));
+        $this->errorCache[$name] = \sprintf('Unable to find template "%s" (looked into: %s).', $name, implode(', ', $this->paths[$namespace]));
 
         if (!$throw) {
             return null;
@@ -236,7 +236,7 @@ class FilesystemLoader implements LoaderInterface
     {
         if (isset($name[0]) && '@' == $name[0]) {
             if (false === $pos = strpos($name, '/')) {
-                throw new LoaderError(sprintf('Malformed namespaced template name "%s" (expecting "@namespace/template_name").', $name));
+                throw new LoaderError(\sprintf('Malformed namespaced template name "%s" (expecting "@namespace/template_name").', $name));
             }
 
             $namespace = substr($name, 1, $pos - 1);
@@ -250,7 +250,7 @@ class FilesystemLoader implements LoaderInterface
 
     private function validateName(string $name): void
     {
-        if (false !== strpos($name, "\0")) {
+        if (str_contains($name, "\0")) {
             throw new LoaderError('A template name cannot contain NUL bytes.');
         }
 
@@ -265,7 +265,7 @@ class FilesystemLoader implements LoaderInterface
             }
 
             if ($level < 0) {
-                throw new LoaderError(sprintf('Looks like you try to load a template outside configured directories (%s).', $name));
+                throw new LoaderError(\sprintf('Looks like you try to load a template outside configured directories (%s).', $name));
             }
         }
     }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Markup.php b/data/web/inc/lib/vendor/twig/twig/src/Markup.php
index 1788acc4f..4fae779ee 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Markup.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Markup.php
@@ -16,10 +16,10 @@ namespace Twig;
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
-class Markup implements \Countable, \JsonSerializable
+class Markup implements \Countable, \JsonSerializable, \Stringable
 {
     private $content;
-    private $charset;
+    private ?string $charset;
 
     public function __construct($content, $charset)
     {
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/AutoEscapeNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/AutoEscapeNode.php
index cd970411b..ee806396e 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/AutoEscapeNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/AutoEscapeNode.php
@@ -11,6 +11,7 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 
 /**
@@ -24,11 +25,12 @@ use Twig\Compiler;
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class AutoEscapeNode extends Node
 {
-    public function __construct($value, Node $body, int $lineno, string $tag = 'autoescape')
+    public function __construct($value, Node $body, int $lineno)
     {
-        parent::__construct(['body' => $body], ['value' => $value], $lineno, $tag);
+        parent::__construct(['body' => $body], ['value' => $value], $lineno);
     }
 
     public function compile(Compiler $compiler): void
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/BlockNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/BlockNode.php
index 0632ba747..b4f939cf6 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/BlockNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/BlockNode.php
@@ -12,6 +12,7 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 
 /**
@@ -19,24 +20,29 @@ use Twig\Compiler;
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class BlockNode extends Node
 {
-    public function __construct(string $name, Node $body, int $lineno, string $tag = null)
+    public function __construct(string $name, Node $body, int $lineno)
     {
-        parent::__construct(['body' => $body], ['name' => $name], $lineno, $tag);
+        parent::__construct(['body' => $body], ['name' => $name], $lineno);
     }
 
     public function compile(Compiler $compiler): void
     {
         $compiler
             ->addDebugInfo($this)
-            ->write(sprintf("public function block_%s(\$context, array \$blocks = [])\n", $this->getAttribute('name')), "{\n")
+            ->write("/**\n")
+            ->write(" * @return iterable<null|scalar|\Stringable>\n")
+            ->write(" */\n")
+            ->write(\sprintf("public function block_%s(array \$context, array \$blocks = []): iterable\n", $this->getAttribute('name')), "{\n")
             ->indent()
             ->write("\$macros = \$this->macros;\n")
         ;
 
         $compiler
             ->subcompile($this->getNode('body'))
+            ->write("yield from [];\n")
             ->outdent()
             ->write("}\n\n")
         ;
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/BlockReferenceNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/BlockReferenceNode.php
index cc8af5b52..7c313a04c 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/BlockReferenceNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/BlockReferenceNode.php
@@ -12,6 +12,7 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 
 /**
@@ -19,18 +20,19 @@ use Twig\Compiler;
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class BlockReferenceNode extends Node implements NodeOutputInterface
 {
-    public function __construct(string $name, int $lineno, string $tag = null)
+    public function __construct(string $name, int $lineno)
     {
-        parent::__construct([], ['name' => $name], $lineno, $tag);
+        parent::__construct([], ['name' => $name], $lineno);
     }
 
     public function compile(Compiler $compiler): void
     {
         $compiler
             ->addDebugInfo($this)
-            ->write(sprintf("\$this->displayBlock('%s', \$context, \$blocks);\n", $this->getAttribute('name')))
+            ->write(\sprintf("yield from \$this->unwrap()->yieldBlock('%s', \$context, \$blocks);\n", $this->getAttribute('name')))
         ;
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/BodyNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/BodyNode.php
index 041cbf685..08115b3bd 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/BodyNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/BodyNode.php
@@ -11,11 +11,14 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
+
 /**
  * Represents a body node.
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class BodyNode extends Node
 {
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/CaptureNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/CaptureNode.php
new file mode 100644
index 000000000..3b7f0b6d8
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/CaptureNode.php
@@ -0,0 +1,57 @@
+<?php
+
+/*
+ * This file is part of Twig.
+ *
+ * (c) Fabien Potencier
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Twig\Node;
+
+use Twig\Attribute\YieldReady;
+use Twig\Compiler;
+
+/**
+ * Represents a node for which we need to capture the output.
+ *
+ * @author Fabien Potencier <fabien@symfony.com>
+ */
+#[YieldReady]
+class CaptureNode extends Node
+{
+    public function __construct(Node $body, int $lineno)
+    {
+        parent::__construct(['body' => $body], ['raw' => false], $lineno);
+    }
+
+    public function compile(Compiler $compiler): void
+    {
+        $useYield = $compiler->getEnvironment()->useYield();
+
+        if (!$this->getAttribute('raw')) {
+            $compiler->raw("('' === \$tmp = ");
+        }
+        $compiler
+            ->raw($useYield ? "implode('', iterator_to_array(" : '\\Twig\\Extension\\CoreExtension::captureOutput(')
+            ->raw("(function () use (&\$context, \$macros, \$blocks) {\n")
+            ->indent()
+            ->subcompile($this->getNode('body'))
+            ->write("yield from [];\n")
+            ->outdent()
+            ->write('})()')
+        ;
+        if ($useYield) {
+            $compiler->raw(', false))');
+        } else {
+            $compiler->raw(')');
+        }
+        if (!$this->getAttribute('raw')) {
+            $compiler->raw(") ? '' : new Markup(\$tmp, \$this->env->getCharset());");
+        } else {
+            $compiler->raw(';');
+        }
+    }
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/CheckSecurityCallNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/CheckSecurityCallNode.php
index a78a38d80..9c162d129 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/CheckSecurityCallNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/CheckSecurityCallNode.php
@@ -11,17 +11,19 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 
 /**
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class CheckSecurityCallNode extends Node
 {
     public function compile(Compiler $compiler)
     {
         $compiler
-            ->write("\$this->sandbox = \$this->env->getExtension('\Twig\Extension\SandboxExtension');\n")
+            ->write("\$this->sandbox = \$this->extensions[SandboxExtension::class];\n")
             ->write("\$this->checkSecurity();\n")
         ;
     }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/CheckSecurityNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/CheckSecurityNode.php
index 472732796..6e591aad4 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/CheckSecurityNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/CheckSecurityNode.php
@@ -11,17 +11,24 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 
 /**
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class CheckSecurityNode extends Node
 {
     private $usedFilters;
     private $usedTags;
     private $usedFunctions;
 
+    /**
+     * @param array<string, int> $usedFilters
+     * @param array<string, int> $usedTags
+     * @param array<string, int> $usedFunctions
+     */
     public function __construct(array $usedFilters, array $usedTags, array $usedFunctions)
     {
         $this->usedFilters = $usedFilters;
@@ -33,32 +40,22 @@ class CheckSecurityNode extends Node
 
     public function compile(Compiler $compiler): void
     {
-        $tags = $filters = $functions = [];
-        foreach (['tags', 'filters', 'functions'] as $type) {
-            foreach ($this->{'used'.ucfirst($type)} as $name => $node) {
-                if ($node instanceof Node) {
-                    ${$type}[$name] = $node->getTemplateLine();
-                } else {
-                    ${$type}[$node] = null;
-                }
-            }
-        }
-
         $compiler
             ->write("\n")
             ->write("public function checkSecurity()\n")
             ->write("{\n")
             ->indent()
-            ->write('static $tags = ')->repr(array_filter($tags))->raw(";\n")
-            ->write('static $filters = ')->repr(array_filter($filters))->raw(";\n")
-            ->write('static $functions = ')->repr(array_filter($functions))->raw(";\n\n")
+            ->write('static $tags = ')->repr(array_filter($this->usedTags))->raw(";\n")
+            ->write('static $filters = ')->repr(array_filter($this->usedFilters))->raw(";\n")
+            ->write('static $functions = ')->repr(array_filter($this->usedFunctions))->raw(";\n\n")
             ->write("try {\n")
             ->indent()
             ->write("\$this->sandbox->checkSecurity(\n")
             ->indent()
-            ->write(!$tags ? "[],\n" : "['".implode("', '", array_keys($tags))."'],\n")
-            ->write(!$filters ? "[],\n" : "['".implode("', '", array_keys($filters))."'],\n")
-            ->write(!$functions ? "[]\n" : "['".implode("', '", array_keys($functions))."']\n")
+            ->write(!$this->usedTags ? "[],\n" : "['".implode("', '", array_keys($this->usedTags))."'],\n")
+            ->write(!$this->usedFilters ? "[],\n" : "['".implode("', '", array_keys($this->usedFilters))."'],\n")
+            ->write(!$this->usedFunctions ? "[],\n" : "['".implode("', '", array_keys($this->usedFunctions))."'],\n")
+            ->write("\$this->source\n")
             ->outdent()
             ->write(");\n")
             ->outdent()
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/CheckToStringNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/CheckToStringNode.php
index c7a9d6984..937240c1d 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/CheckToStringNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/CheckToStringNode.php
@@ -11,6 +11,7 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 use Twig\Node\Expression\AbstractExpression;
 
@@ -24,11 +25,12 @@ use Twig\Node\Expression\AbstractExpression;
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class CheckToStringNode extends AbstractExpression
 {
     public function __construct(AbstractExpression $expr)
     {
-        parent::__construct(['expr' => $expr], [], $expr->getTemplateLine(), $expr->getNodeTag());
+        parent::__construct(['expr' => $expr], [], $expr->getTemplateLine());
     }
 
     public function compile(Compiler $compiler): void
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/DeprecatedNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/DeprecatedNode.php
index 5ff44307f..0772adfc3 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/DeprecatedNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/DeprecatedNode.php
@@ -11,6 +11,7 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 use Twig\Node\Expression\AbstractExpression;
 use Twig\Node\Expression\ConstantExpression;
@@ -20,11 +21,12 @@ use Twig\Node\Expression\ConstantExpression;
  *
  * @author Yonel Ceruto <yonelceruto@gmail.com>
  */
+#[YieldReady]
 class DeprecatedNode extends Node
 {
-    public function __construct(AbstractExpression $expr, int $lineno, string $tag = null)
+    public function __construct(AbstractExpression $expr, int $lineno)
     {
-        parent::__construct(['expr' => $expr], [], $lineno, $tag);
+        parent::__construct(['expr' => $expr], [], $lineno);
     }
 
     public function compile(Compiler $compiler): void
@@ -33,21 +35,39 @@ class DeprecatedNode extends Node
 
         $expr = $this->getNode('expr');
 
-        if ($expr instanceof ConstantExpression) {
-            $compiler->write('@trigger_error(')
-                ->subcompile($expr);
-        } else {
+        if (!$expr instanceof ConstantExpression) {
             $varName = $compiler->getVarName();
-            $compiler->write(sprintf('$%s = ', $varName))
+            $compiler
+                ->write(\sprintf('$%s = ', $varName))
                 ->subcompile($expr)
                 ->raw(";\n")
-                ->write(sprintf('@trigger_error($%s', $varName));
+            ;
+        }
+
+        $compiler->write('trigger_deprecation(');
+        if ($this->hasNode('package')) {
+            $compiler->subcompile($this->getNode('package'));
+        } else {
+            $compiler->raw("''");
+        }
+        $compiler->raw(', ');
+        if ($this->hasNode('version')) {
+            $compiler->subcompile($this->getNode('version'));
+        } else {
+            $compiler->raw("''");
+        }
+        $compiler->raw(', ');
+
+        if ($expr instanceof ConstantExpression) {
+            $compiler->subcompile($expr);
+        } else {
+            $compiler->write(\sprintf('$%s', $varName));
         }
 
         $compiler
             ->raw('.')
-            ->string(sprintf(' ("%s" at line %d).', $this->getTemplateName(), $this->getTemplateLine()))
-            ->raw(", E_USER_DEPRECATED);\n")
+            ->string(\sprintf(' in "%s" at line %d.', $this->getTemplateName(), $this->getTemplateLine()))
+            ->raw(");\n")
         ;
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/DoNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/DoNode.php
index f7783d19f..1593fd050 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/DoNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/DoNode.php
@@ -11,6 +11,7 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 use Twig\Node\Expression\AbstractExpression;
 
@@ -19,11 +20,12 @@ use Twig\Node\Expression\AbstractExpression;
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class DoNode extends Node
 {
-    public function __construct(AbstractExpression $expr, int $lineno, string $tag = null)
+    public function __construct(AbstractExpression $expr, int $lineno)
     {
-        parent::__construct(['expr' => $expr], [], $lineno, $tag);
+        parent::__construct(['expr' => $expr], [], $lineno);
     }
 
     public function compile(Compiler $compiler): void
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/EmbedNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/EmbedNode.php
index 903c3f6c7..4cd3b38f2 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/EmbedNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/EmbedNode.php
@@ -11,6 +11,7 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 use Twig\Node\Expression\AbstractExpression;
 use Twig\Node\Expression\ConstantExpression;
@@ -20,12 +21,13 @@ use Twig\Node\Expression\ConstantExpression;
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class EmbedNode extends IncludeNode
 {
     // we don't inject the module to avoid node visitors to traverse it twice (as it will be already visited in the main module)
-    public function __construct(string $name, int $index, ?AbstractExpression $variables, bool $only, bool $ignoreMissing, int $lineno, string $tag = null)
+    public function __construct(string $name, int $index, ?AbstractExpression $variables, bool $only, bool $ignoreMissing, int $lineno)
     {
-        parent::__construct(new ConstantExpression('not_used', $lineno), $variables, $only, $ignoreMissing, $lineno, $tag);
+        parent::__construct(new ConstantExpression('not_used', $lineno), $variables, $only, $ignoreMissing, $lineno);
 
         $this->setAttribute('name', $name);
         $this->setAttribute('index', $index);
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/AbstractExpression.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/AbstractExpression.php
index 42da0559d..1692f5671 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/AbstractExpression.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/AbstractExpression.php
@@ -21,4 +21,8 @@ use Twig\Node\Node;
  */
 abstract class AbstractExpression extends Node
 {
+    public function isGenerator(): bool
+    {
+        return $this->hasAttribute('is_generator') && $this->getAttribute('is_generator');
+    }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/ArrayExpression.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/ArrayExpression.php
index 0e25fe46a..5f8b0f63f 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/ArrayExpression.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/ArrayExpression.php
@@ -55,7 +55,7 @@ class ArrayExpression extends AbstractExpression
         return false;
     }
 
-    public function addElement(AbstractExpression $value, AbstractExpression $key = null): void
+    public function addElement(AbstractExpression $value, ?AbstractExpression $key = null): void
     {
         if (null === $key) {
             $key = new ConstantExpression(++$this->index, $value->getTemplateLine());
@@ -66,20 +66,70 @@ class ArrayExpression extends AbstractExpression
 
     public function compile(Compiler $compiler): void
     {
+        $keyValuePairs = $this->getKeyValuePairs();
+        $needsArrayMergeSpread = \PHP_VERSION_ID < 80100 && $this->hasSpreadItem($keyValuePairs);
+
+        if ($needsArrayMergeSpread) {
+            $compiler->raw('CoreExtension::merge(');
+        }
         $compiler->raw('[');
         $first = true;
-        foreach ($this->getKeyValuePairs() as $pair) {
+        $reopenAfterMergeSpread = false;
+        $nextIndex = 0;
+        foreach ($keyValuePairs as $pair) {
+            if ($reopenAfterMergeSpread) {
+                $compiler->raw(', [');
+                $reopenAfterMergeSpread = false;
+            }
+
+            if ($needsArrayMergeSpread && $pair['value']->hasAttribute('spread')) {
+                $compiler->raw('], ')->subcompile($pair['value']);
+                $first = true;
+                $reopenAfterMergeSpread = true;
+                continue;
+            }
             if (!$first) {
                 $compiler->raw(', ');
             }
             $first = false;
 
-            $compiler
-                ->subcompile($pair['key'])
-                ->raw(' => ')
-                ->subcompile($pair['value'])
-            ;
+            if ($pair['value']->hasAttribute('spread') && !$needsArrayMergeSpread) {
+                $compiler->raw('...')->subcompile($pair['value']);
+                ++$nextIndex;
+            } else {
+                $key = $pair['key'] instanceof ConstantExpression ? $pair['key']->getAttribute('value') : null;
+
+                if ($nextIndex !== $key) {
+                    if (\is_int($key)) {
+                        $nextIndex = $key + 1;
+                    }
+                    $compiler
+                        ->subcompile($pair['key'])
+                        ->raw(' => ')
+                    ;
+                } else {
+                    ++$nextIndex;
+                }
+
+                $compiler->subcompile($pair['value']);
+            }
         }
-        $compiler->raw(']');
+        if (!$reopenAfterMergeSpread) {
+            $compiler->raw(']');
+        }
+        if ($needsArrayMergeSpread) {
+            $compiler->raw(')');
+        }
+    }
+
+    private function hasSpreadItem(array $pairs): bool
+    {
+        foreach ($pairs as $pair) {
+            if ($pair['value']->hasAttribute('spread')) {
+                return true;
+            }
+        }
+
+        return false;
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/ArrowFunctionExpression.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/ArrowFunctionExpression.php
index eaad03c9c..2bae4edd7 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/ArrowFunctionExpression.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/ArrowFunctionExpression.php
@@ -21,9 +21,9 @@ use Twig\Node\Node;
  */
 class ArrowFunctionExpression extends AbstractExpression
 {
-    public function __construct(AbstractExpression $expr, Node $names, $lineno, $tag = null)
+    public function __construct(AbstractExpression $expr, Node $names, $lineno)
     {
-        parent::__construct(['expr' => $expr, 'names' => $names], [], $lineno, $tag);
+        parent::__construct(['expr' => $expr, 'names' => $names], [], $lineno);
     }
 
     public function compile(Compiler $compiler): void
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/EndsWithBinary.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/EndsWithBinary.php
index c3516b853..a73a5608d 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/EndsWithBinary.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/EndsWithBinary.php
@@ -20,11 +20,11 @@ class EndsWithBinary extends AbstractBinary
         $left = $compiler->getVarName();
         $right = $compiler->getVarName();
         $compiler
-            ->raw(sprintf('(is_string($%s = ', $left))
+            ->raw(\sprintf('(is_string($%s = ', $left))
             ->subcompile($this->getNode('left'))
-            ->raw(sprintf(') && is_string($%s = ', $right))
+            ->raw(\sprintf(') && is_string($%s = ', $right))
             ->subcompile($this->getNode('right'))
-            ->raw(sprintf(') && (\'\' === $%2$s || $%2$s === substr($%1$s, -strlen($%2$s))))', $left, $right))
+            ->raw(\sprintf(') && str_ends_with($%1$s, $%2$s))', $left, $right))
         ;
     }
 
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/EqualBinary.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/EqualBinary.php
index 6b48549ef..5f423196f 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/EqualBinary.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/EqualBinary.php
@@ -24,7 +24,7 @@ class EqualBinary extends AbstractBinary
         }
 
         $compiler
-            ->raw('(0 === twig_compare(')
+            ->raw('(0 === CoreExtension::compare(')
             ->subcompile($this->getNode('left'))
             ->raw(', ')
             ->subcompile($this->getNode('right'))
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/GreaterBinary.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/GreaterBinary.php
index e1dd06780..f42de3f86 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/GreaterBinary.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/GreaterBinary.php
@@ -24,7 +24,7 @@ class GreaterBinary extends AbstractBinary
         }
 
         $compiler
-            ->raw('(1 === twig_compare(')
+            ->raw('(1 === CoreExtension::compare(')
             ->subcompile($this->getNode('left'))
             ->raw(', ')
             ->subcompile($this->getNode('right'))
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/GreaterEqualBinary.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/GreaterEqualBinary.php
index df9bfcfbf..0c4f43fd9 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/GreaterEqualBinary.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/GreaterEqualBinary.php
@@ -24,7 +24,7 @@ class GreaterEqualBinary extends AbstractBinary
         }
 
         $compiler
-            ->raw('(0 <= twig_compare(')
+            ->raw('(0 <= CoreExtension::compare(')
             ->subcompile($this->getNode('left'))
             ->raw(', ')
             ->subcompile($this->getNode('right'))
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/HasEveryBinary.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/HasEveryBinary.php
new file mode 100644
index 000000000..c57bb20e9
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/HasEveryBinary.php
@@ -0,0 +1,33 @@
+<?php
+
+/*
+ * This file is part of Twig.
+ *
+ * (c) Fabien Potencier
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Twig\Node\Expression\Binary;
+
+use Twig\Compiler;
+
+class HasEveryBinary extends AbstractBinary
+{
+    public function compile(Compiler $compiler): void
+    {
+        $compiler
+            ->raw('CoreExtension::arrayEvery($this->env, ')
+            ->subcompile($this->getNode('left'))
+            ->raw(', ')
+            ->subcompile($this->getNode('right'))
+            ->raw(')')
+        ;
+    }
+
+    public function operator(Compiler $compiler): Compiler
+    {
+        return $compiler->raw('');
+    }
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/HasSomeBinary.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/HasSomeBinary.php
new file mode 100644
index 000000000..12293f84c
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/HasSomeBinary.php
@@ -0,0 +1,33 @@
+<?php
+
+/*
+ * This file is part of Twig.
+ *
+ * (c) Fabien Potencier
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Twig\Node\Expression\Binary;
+
+use Twig\Compiler;
+
+class HasSomeBinary extends AbstractBinary
+{
+    public function compile(Compiler $compiler): void
+    {
+        $compiler
+            ->raw('CoreExtension::arraySome($this->env, ')
+            ->subcompile($this->getNode('left'))
+            ->raw(', ')
+            ->subcompile($this->getNode('right'))
+            ->raw(')')
+        ;
+    }
+
+    public function operator(Compiler $compiler): Compiler
+    {
+        return $compiler->raw('');
+    }
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/InBinary.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/InBinary.php
index 6dbfa97f0..68a98fe15 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/InBinary.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/InBinary.php
@@ -18,7 +18,7 @@ class InBinary extends AbstractBinary
     public function compile(Compiler $compiler): void
     {
         $compiler
-            ->raw('twig_in_filter(')
+            ->raw('CoreExtension::inFilter(')
             ->subcompile($this->getNode('left'))
             ->raw(', ')
             ->subcompile($this->getNode('right'))
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/LessBinary.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/LessBinary.php
index 598e62913..fb3264a2d 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/LessBinary.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/LessBinary.php
@@ -24,7 +24,7 @@ class LessBinary extends AbstractBinary
         }
 
         $compiler
-            ->raw('(-1 === twig_compare(')
+            ->raw('(-1 === CoreExtension::compare(')
             ->subcompile($this->getNode('left'))
             ->raw(', ')
             ->subcompile($this->getNode('right'))
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/LessEqualBinary.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/LessEqualBinary.php
index e3c4af58d..8f3653892 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/LessEqualBinary.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/LessEqualBinary.php
@@ -24,7 +24,7 @@ class LessEqualBinary extends AbstractBinary
         }
 
         $compiler
-            ->raw('(0 >= twig_compare(')
+            ->raw('(0 >= CoreExtension::compare(')
             ->subcompile($this->getNode('left'))
             ->raw(', ')
             ->subcompile($this->getNode('right'))
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/MatchesBinary.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/MatchesBinary.php
index bc97292cd..4669044e0 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/MatchesBinary.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/MatchesBinary.php
@@ -18,7 +18,7 @@ class MatchesBinary extends AbstractBinary
     public function compile(Compiler $compiler): void
     {
         $compiler
-            ->raw('preg_match(')
+            ->raw('CoreExtension::matches(')
             ->subcompile($this->getNode('right'))
             ->raw(', ')
             ->subcompile($this->getNode('left'))
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/NotEqualBinary.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/NotEqualBinary.php
index db47a2890..d137ef627 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/NotEqualBinary.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/NotEqualBinary.php
@@ -24,7 +24,7 @@ class NotEqualBinary extends AbstractBinary
         }
 
         $compiler
-            ->raw('(0 !== twig_compare(')
+            ->raw('(0 !== CoreExtension::compare(')
             ->subcompile($this->getNode('left'))
             ->raw(', ')
             ->subcompile($this->getNode('right'))
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/NotInBinary.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/NotInBinary.php
index fcba6cca1..80c8755d8 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/NotInBinary.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/NotInBinary.php
@@ -18,7 +18,7 @@ class NotInBinary extends AbstractBinary
     public function compile(Compiler $compiler): void
     {
         $compiler
-            ->raw('!twig_in_filter(')
+            ->raw('!CoreExtension::inFilter(')
             ->subcompile($this->getNode('left'))
             ->raw(', ')
             ->subcompile($this->getNode('right'))
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/StartsWithBinary.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/StartsWithBinary.php
index d0df1c4b6..4519f30d9 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/StartsWithBinary.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Binary/StartsWithBinary.php
@@ -20,11 +20,11 @@ class StartsWithBinary extends AbstractBinary
         $left = $compiler->getVarName();
         $right = $compiler->getVarName();
         $compiler
-            ->raw(sprintf('(is_string($%s = ', $left))
+            ->raw(\sprintf('(is_string($%s = ', $left))
             ->subcompile($this->getNode('left'))
-            ->raw(sprintf(') && is_string($%s = ', $right))
+            ->raw(\sprintf(') && is_string($%s = ', $right))
             ->subcompile($this->getNode('right'))
-            ->raw(sprintf(') && (\'\' === $%2$s || 0 === strpos($%1$s, $%2$s)))', $left, $right))
+            ->raw(\sprintf(') && str_starts_with($%1$s, $%2$s))', $left, $right))
         ;
     }
 
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/BlockReferenceExpression.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/BlockReferenceExpression.php
index b1e2a8f7b..acd231e15 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/BlockReferenceExpression.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/BlockReferenceExpression.php
@@ -22,14 +22,14 @@ use Twig\Node\Node;
  */
 class BlockReferenceExpression extends AbstractExpression
 {
-    public function __construct(Node $name, ?Node $template, int $lineno, string $tag = null)
+    public function __construct(Node $name, ?Node $template, int $lineno)
     {
         $nodes = ['name' => $name];
         if (null !== $template) {
             $nodes['template'] = $template;
         }
 
-        parent::__construct($nodes, ['is_defined_test' => false, 'output' => false], $lineno, $tag);
+        parent::__construct($nodes, ['is_defined_test' => false, 'output' => false], $lineno);
     }
 
     public function compile(Compiler $compiler): void
@@ -40,8 +40,9 @@ class BlockReferenceExpression extends AbstractExpression
             if ($this->getAttribute('output')) {
                 $compiler->addDebugInfo($this);
 
+                $compiler->write('yield from ');
                 $this
-                    ->compileTemplateCall($compiler, 'displayBlock')
+                    ->compileTemplateCall($compiler, 'yieldBlock')
                     ->raw(";\n");
             } else {
                 $this->compileTemplateCall($compiler, 'renderBlock');
@@ -65,7 +66,7 @@ class BlockReferenceExpression extends AbstractExpression
             ;
         }
 
-        $compiler->raw(sprintf('->%s', $method));
+        $compiler->raw(\sprintf('->unwrap()->%s', $method));
 
         return $this->compileBlockArguments($compiler);
     }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/CallExpression.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/CallExpression.php
index 28881066b..6fc6f66e0 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/CallExpression.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/CallExpression.php
@@ -15,40 +15,49 @@ use Twig\Compiler;
 use Twig\Error\SyntaxError;
 use Twig\Extension\ExtensionInterface;
 use Twig\Node\Node;
+use Twig\TwigCallableInterface;
+use Twig\TwigFilter;
+use Twig\TwigFunction;
+use Twig\TwigTest;
+use Twig\Util\CallableArgumentsExtractor;
+use Twig\Util\ReflectionCallable;
 
 abstract class CallExpression extends AbstractExpression
 {
-    private $reflector;
+    private $reflector = null;
 
     protected function compileCallable(Compiler $compiler)
     {
-        $callable = $this->getAttribute('callable');
+        $twigCallable = $this->getTwigCallable();
+        $callable = $twigCallable->getCallable();
 
-        if (\is_string($callable) && false === strpos($callable, '::')) {
+        if (\is_string($callable) && !str_contains($callable, '::')) {
             $compiler->raw($callable);
         } else {
-            [$r, $callable] = $this->reflectCallable($callable);
+            $rc = $this->reflectCallable($twigCallable);
+            $r = $rc->getReflector();
+            $callable = $rc->getCallable();
 
             if (\is_string($callable)) {
                 $compiler->raw($callable);
             } elseif (\is_array($callable) && \is_string($callable[0])) {
                 if (!$r instanceof \ReflectionMethod || $r->isStatic()) {
-                    $compiler->raw(sprintf('%s::%s', $callable[0], $callable[1]));
+                    $compiler->raw(\sprintf('%s::%s', $callable[0], $callable[1]));
                 } else {
-                    $compiler->raw(sprintf('$this->env->getRuntime(\'%s\')->%s', $callable[0], $callable[1]));
+                    $compiler->raw(\sprintf('$this->env->getRuntime(\'%s\')->%s', $callable[0], $callable[1]));
                 }
             } elseif (\is_array($callable) && $callable[0] instanceof ExtensionInterface) {
                 $class = \get_class($callable[0]);
                 if (!$compiler->getEnvironment()->hasExtension($class)) {
                     // Compile a non-optimized call to trigger a \Twig\Error\RuntimeError, which cannot be a compile-time error
-                    $compiler->raw(sprintf('$this->env->getExtension(\'%s\')', $class));
+                    $compiler->raw(\sprintf('$this->env->getExtension(\'%s\')', $class));
                 } else {
-                    $compiler->raw(sprintf('$this->extensions[\'%s\']', ltrim($class, '\\')));
+                    $compiler->raw(\sprintf('$this->extensions[\'%s\']', ltrim($class, '\\')));
                 }
 
-                $compiler->raw(sprintf('->%s', $callable[1]));
+                $compiler->raw(\sprintf('->%s', $callable[1]));
             } else {
-                $compiler->raw(sprintf('$this->env->get%s(\'%s\')->getCallable()', ucfirst($this->getAttribute('type')), $this->getAttribute('name')));
+                $compiler->raw(\sprintf('$this->env->get%s(\'%s\')->getCallable()', ucfirst($this->getAttribute('type')), $twigCallable->getDynamicName()));
             }
         }
 
@@ -57,16 +66,30 @@ abstract class CallExpression extends AbstractExpression
 
     protected function compileArguments(Compiler $compiler, $isArray = false): void
     {
+        if (\func_num_args() >= 2) {
+            trigger_deprecation('twig/twig', '3.11', 'Passing a second argument to "%s()" is deprecated.', __METHOD__);
+        }
+
         $compiler->raw($isArray ? '[' : '(');
 
         $first = true;
 
-        if ($this->hasAttribute('needs_environment') && $this->getAttribute('needs_environment')) {
+        $twigCallable = $this->getAttribute('twig_callable');
+
+        if ($twigCallable->needsCharset()) {
+            $compiler->raw('$this->env->getCharset()');
+            $first = false;
+        }
+
+        if ($twigCallable->needsEnvironment()) {
+            if (!$first) {
+                $compiler->raw(', ');
+            }
             $compiler->raw('$this->env');
             $first = false;
         }
 
-        if ($this->hasAttribute('needs_context') && $this->getAttribute('needs_context')) {
+        if ($twigCallable->needsContext()) {
             if (!$first) {
                 $compiler->raw(', ');
             }
@@ -74,14 +97,12 @@ abstract class CallExpression extends AbstractExpression
             $first = false;
         }
 
-        if ($this->hasAttribute('arguments')) {
-            foreach ($this->getAttribute('arguments') as $argument) {
-                if (!$first) {
-                    $compiler->raw(', ');
-                }
-                $compiler->string($argument);
-                $first = false;
+        foreach ($twigCallable->getArguments() as $argument) {
+            if (!$first) {
+                $compiler->raw(', ');
             }
+            $compiler->string($argument);
+            $first = false;
         }
 
         if ($this->hasNode('node')) {
@@ -93,8 +114,7 @@ abstract class CallExpression extends AbstractExpression
         }
 
         if ($this->hasNode('arguments')) {
-            $callable = $this->getAttribute('callable');
-            $arguments = $this->getArguments($callable, $this->getNode('arguments'));
+            $arguments = (new CallableArgumentsExtractor($this, $this->getTwigCallable()))->extractArguments($this->getNode('arguments'));
             foreach ($arguments as $node) {
                 if (!$first) {
                     $compiler->raw(', ');
@@ -107,8 +127,13 @@ abstract class CallExpression extends AbstractExpression
         $compiler->raw($isArray ? ']' : ')');
     }
 
+    /**
+     * @deprecated since 3.12, use Twig\Util\CallableArgumentsExtractor::getArguments() instead
+     */
     protected function getArguments($callable, $arguments)
     {
+        trigger_deprecation('twig/twig', '3.12', 'The "%s()" method is deprecated, use Twig\Util\CallableArgumentsExtractor::getArguments() instead.', __METHOD__);
+
         $callType = $this->getAttribute('type');
         $callName = $this->getAttribute('name');
 
@@ -119,28 +144,28 @@ abstract class CallExpression extends AbstractExpression
                 $named = true;
                 $name = $this->normalizeName($name);
             } elseif ($named) {
-                throw new SyntaxError(sprintf('Positional arguments cannot be used after named arguments for %s "%s".', $callType, $callName), $this->getTemplateLine(), $this->getSourceContext());
+                throw new SyntaxError(\sprintf('Positional arguments cannot be used after named arguments for %s "%s".', $callType, $callName), $this->getTemplateLine(), $this->getSourceContext());
             }
 
             $parameters[$name] = $node;
         }
 
-        $isVariadic = $this->hasAttribute('is_variadic') && $this->getAttribute('is_variadic');
+        $isVariadic = $this->getAttribute('twig_callable')->isVariadic();
         if (!$named && !$isVariadic) {
             return $parameters;
         }
 
         if (!$callable) {
             if ($named) {
-                $message = sprintf('Named arguments are not supported for %s "%s".', $callType, $callName);
+                $message = \sprintf('Named arguments are not supported for %s "%s".', $callType, $callName);
             } else {
-                $message = sprintf('Arbitrary positional arguments are not supported for %s "%s".', $callType, $callName);
+                $message = \sprintf('Arbitrary positional arguments are not supported for %s "%s".', $callType, $callName);
             }
 
             throw new \LogicException($message);
         }
 
-        list($callableParameters, $isPhpVariadic) = $this->getCallableParameters($callable, $isVariadic);
+        [$callableParameters, $isPhpVariadic] = $this->getCallableParameters($callable, $isVariadic);
         $arguments = [];
         $names = [];
         $missingArguments = [];
@@ -160,11 +185,11 @@ abstract class CallExpression extends AbstractExpression
 
             if (\array_key_exists($name, $parameters)) {
                 if (\array_key_exists($pos, $parameters)) {
-                    throw new SyntaxError(sprintf('Argument "%s" is defined twice for %s "%s".', $name, $callType, $callName), $this->getTemplateLine(), $this->getSourceContext());
+                    throw new SyntaxError(\sprintf('Argument "%s" is defined twice for %s "%s".', $name, $callType, $callName), $this->getTemplateLine(), $this->getSourceContext());
                 }
 
                 if (\count($missingArguments)) {
-                    throw new SyntaxError(sprintf(
+                    throw new SyntaxError(\sprintf(
                         'Argument "%s" could not be assigned for %s "%s(%s)" because it is mapped to an internal PHP function which cannot determine default value for optional argument%s "%s".',
                         $name, $callType, $callName, implode(', ', $names), \count($missingArguments) > 1 ? 's' : '', implode('", "', $missingArguments)
                     ), $this->getTemplateLine(), $this->getSourceContext());
@@ -189,7 +214,7 @@ abstract class CallExpression extends AbstractExpression
                     $missingArguments[] = $name;
                 }
             } else {
-                throw new SyntaxError(sprintf('Value for argument "%s" is required for %s "%s".', $name, $callType, $callName), $this->getTemplateLine(), $this->getSourceContext());
+                throw new SyntaxError(\sprintf('Value for argument "%s" is required for %s "%s".', $name, $callType, $callName), $this->getTemplateLine(), $this->getSourceContext());
             }
         }
 
@@ -220,7 +245,7 @@ abstract class CallExpression extends AbstractExpression
             }
 
             throw new SyntaxError(
-                sprintf(
+                \sprintf(
                     'Unknown argument%s "%s" for %s "%s(%s)".',
                     \count($parameters) > 1 ? 's' : '', implode('", "', array_keys($parameters)), $callType, $callName, implode(', ', $names)
                 ),
@@ -232,88 +257,106 @@ abstract class CallExpression extends AbstractExpression
         return $arguments;
     }
 
+    /**
+     * @deprecated since 3.12
+     */
     protected function normalizeName(string $name): string
     {
+        trigger_deprecation('twig/twig', '3.12', 'The "%s()" method is deprecated.', __METHOD__);
+
         return strtolower(preg_replace(['/([A-Z]+)([A-Z][a-z])/', '/([a-z\d])([A-Z])/'], ['\\1_\\2', '\\1_\\2'], $name));
     }
 
+    // To be removed in 4.0
     private function getCallableParameters($callable, bool $isVariadic): array
     {
-        [$r, , $callableName] = $this->reflectCallable($callable);
+        $twigCallable = $this->getAttribute('twig_callable');
+        $rc = $this->reflectCallable($twigCallable);
+        $r = $rc->getReflector();
+        $callableName = $rc->getName();
 
         $parameters = $r->getParameters();
         if ($this->hasNode('node')) {
             array_shift($parameters);
         }
-        if ($this->hasAttribute('needs_environment') && $this->getAttribute('needs_environment')) {
+        if ($twigCallable->needsCharset()) {
             array_shift($parameters);
         }
-        if ($this->hasAttribute('needs_context') && $this->getAttribute('needs_context')) {
+        if ($twigCallable->needsEnvironment()) {
             array_shift($parameters);
         }
-        if ($this->hasAttribute('arguments') && null !== $this->getAttribute('arguments')) {
-            foreach ($this->getAttribute('arguments') as $argument) {
-                array_shift($parameters);
-            }
+        if ($twigCallable->needsContext()) {
+            array_shift($parameters);
         }
+        foreach ($twigCallable->getArguments() as $argument) {
+            array_shift($parameters);
+        }
+
         $isPhpVariadic = false;
         if ($isVariadic) {
             $argument = end($parameters);
-            $isArray = $argument && $argument->hasType() && 'array' === $argument->getType()->getName();
+            $isArray = $argument && $argument->hasType() && $argument->getType() instanceof \ReflectionNamedType && 'array' === $argument->getType()->getName();
             if ($isArray && $argument->isDefaultValueAvailable() && [] === $argument->getDefaultValue()) {
                 array_pop($parameters);
             } elseif ($argument && $argument->isVariadic()) {
                 array_pop($parameters);
                 $isPhpVariadic = true;
             } else {
-                throw new \LogicException(sprintf('The last parameter of "%s" for %s "%s" must be an array with default value, eg. "array $arg = []".', $callableName, $this->getAttribute('type'), $this->getAttribute('name')));
+                throw new \LogicException(\sprintf('The last parameter of "%s" for %s "%s" must be an array with default value, eg. "array $arg = []".', $callableName, $this->getAttribute('type'), $twigCallable->getName()));
             }
         }
 
         return [$parameters, $isPhpVariadic];
     }
 
-    private function reflectCallable($callable)
+    private function reflectCallable(TwigCallableInterface $callable): ReflectionCallable
     {
-        if (null !== $this->reflector) {
-            return $this->reflector;
+        if (!$this->reflector) {
+            $this->reflector = new ReflectionCallable($callable);
         }
 
-        if (\is_string($callable) && false !== $pos = strpos($callable, '::')) {
-            $callable = [substr($callable, 0, $pos), substr($callable, 2 + $pos)];
-        }
+        return $this->reflector;
+    }
 
-        if (\is_array($callable) && method_exists($callable[0], $callable[1])) {
-            $r = new \ReflectionMethod($callable[0], $callable[1]);
+    /**
+     * Overrides the Twig callable based on attributes (as potentially, attributes changed between the creation and the compilation of the node).
+     *
+     * To be removed in 4.0 and replace by $this->getAttribute('twig_callable').
+     */
+    private function getTwigCallable(): TwigCallableInterface
+    {
+        $current = $this->getAttribute('twig_callable');
 
-            return $this->reflector = [$r, $callable, $r->class.'::'.$r->name];
-        }
+        $this->setAttribute('twig_callable', match ($this->getAttribute('type')) {
+            'test' => (new TwigTest(
+                $this->getAttribute('name'),
+                $this->hasAttribute('callable') ? $this->getAttribute('callable') : $current->getCallable(),
+                [
+                    'is_variadic' => $this->hasAttribute('is_variadic') ? $this->getAttribute('is_variadic') : $current->isVariadic(),
+                ],
+            ))->withDynamicArguments($this->getAttribute('name'), $this->hasAttribute('dynamic_name') ? $this->getAttribute('dynamic_name') : $current->getDynamicName(), $this->hasAttribute('arguments') ?: $current->getArguments()),
+            'function' => (new TwigFunction(
+                $this->hasAttribute('name') ? $this->getAttribute('name') : $current->getName(),
+                $this->hasAttribute('callable') ? $this->getAttribute('callable') : $current->getCallable(),
+                [
+                    'needs_environment' => $this->hasAttribute('needs_environment') ? $this->getAttribute('needs_environment') : $current->needsEnvironment(),
+                    'needs_context' => $this->hasAttribute('needs_context') ? $this->getAttribute('needs_context') : $current->needsContext(),
+                    'needs_charset' => $this->hasAttribute('needs_charset') ? $this->getAttribute('needs_charset') : $current->needsCharset(),
+                    'is_variadic' => $this->hasAttribute('is_variadic') ? $this->getAttribute('is_variadic') : $current->isVariadic(),
+                ],
+            ))->withDynamicArguments($this->getAttribute('name'), $this->hasAttribute('dynamic_name') ? $this->getAttribute('dynamic_name') : $current->getDynamicName(), $this->hasAttribute('arguments') ?: $current->getArguments()),
+            'filter' => (new TwigFilter(
+                $this->getAttribute('name'),
+                $this->hasAttribute('callable') ? $this->getAttribute('callable') : $current->getCallable(),
+                [
+                    'needs_environment' => $this->hasAttribute('needs_environment') ? $this->getAttribute('needs_environment') : $current->needsEnvironment(),
+                    'needs_context' => $this->hasAttribute('needs_context') ? $this->getAttribute('needs_context') : $current->needsContext(),
+                    'needs_charset' => $this->hasAttribute('needs_charset') ? $this->getAttribute('needs_charset') : $current->needsCharset(),
+                    'is_variadic' => $this->hasAttribute('is_variadic') ? $this->getAttribute('is_variadic') : $current->isVariadic(),
+                ],
+            ))->withDynamicArguments($this->getAttribute('name'), $this->hasAttribute('dynamic_name') ? $this->getAttribute('dynamic_name') : $current->getDynamicName(), $this->hasAttribute('arguments') ?: $current->getArguments()),
+        });
 
-        $checkVisibility = $callable instanceof \Closure;
-        try {
-            $closure = \Closure::fromCallable($callable);
-        } catch (\TypeError $e) {
-            throw new \LogicException(sprintf('Callback for %s "%s" is not callable in the current scope.', $this->getAttribute('type'), $this->getAttribute('name')), 0, $e);
-        }
-        $r = new \ReflectionFunction($closure);
-
-        if (false !== strpos($r->name, '{closure}')) {
-            return $this->reflector = [$r, $callable, 'Closure'];
-        }
-
-        if ($object = $r->getClosureThis()) {
-            $callable = [$object, $r->name];
-            $callableName = (\function_exists('get_debug_type') ? get_debug_type($object) : \get_class($object)).'::'.$r->name;
-        } elseif ($class = $r->getClosureScopeClass()) {
-            $callableName = (\is_array($callable) ? $callable[0] : $class->name).'::'.$r->name;
-        } else {
-            $callable = $callableName = $r->name;
-        }
-
-        if ($checkVisibility && \is_array($callable) && method_exists(...$callable) && !(new \ReflectionMethod(...$callable))->isPublic()) {
-            $callable = $r->getClosure();
-        }
-
-        return $this->reflector = [$r, $callable, $callableName];
+        return $this->getAttribute('twig_callable');
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/ConditionalExpression.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/ConditionalExpression.php
index 2c7bd0a27..d7db99357 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/ConditionalExpression.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/ConditionalExpression.php
@@ -23,14 +23,23 @@ class ConditionalExpression extends AbstractExpression
 
     public function compile(Compiler $compiler): void
     {
-        $compiler
-            ->raw('((')
-            ->subcompile($this->getNode('expr1'))
-            ->raw(') ? (')
-            ->subcompile($this->getNode('expr2'))
-            ->raw(') : (')
-            ->subcompile($this->getNode('expr3'))
-            ->raw('))')
-        ;
+        // Ternary with no then uses Elvis operator
+        if ($this->getNode('expr1') === $this->getNode('expr2')) {
+            $compiler
+                ->raw('((')
+                ->subcompile($this->getNode('expr1'))
+                ->raw(') ?: (')
+                ->subcompile($this->getNode('expr3'))
+                ->raw('))');
+        } else {
+            $compiler
+                ->raw('((')
+                ->subcompile($this->getNode('expr1'))
+                ->raw(') ? (')
+                ->subcompile($this->getNode('expr2'))
+                ->raw(') : (')
+                ->subcompile($this->getNode('expr3'))
+                ->raw('))');
+        }
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/ConstantExpression.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/ConstantExpression.php
index 7ddbcc6fa..2a8909d54 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/ConstantExpression.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/ConstantExpression.php
@@ -14,6 +14,9 @@ namespace Twig\Node\Expression;
 
 use Twig\Compiler;
 
+/**
+ * @final
+ */
 class ConstantExpression extends AbstractExpression
 {
     public function __construct($value, int $lineno)
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Filter/DefaultFilter.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Filter/DefaultFilter.php
index 6a572d488..75b6d18c2 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Filter/DefaultFilter.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Filter/DefaultFilter.php
@@ -11,7 +11,9 @@
 
 namespace Twig\Node\Expression\Filter;
 
+use Twig\Attribute\FirstClassTwigCallableReady;
 use Twig\Compiler;
+use Twig\Extension\CoreExtension;
 use Twig\Node\Expression\ConditionalExpression;
 use Twig\Node\Expression\ConstantExpression;
 use Twig\Node\Expression\FilterExpression;
@@ -19,6 +21,8 @@ use Twig\Node\Expression\GetAttrExpression;
 use Twig\Node\Expression\NameExpression;
 use Twig\Node\Expression\Test\DefinedTest;
 use Twig\Node\Node;
+use Twig\TwigFilter;
+use Twig\TwigTest;
 
 /**
  * Returns the value or the default value when it is undefined or empty.
@@ -29,20 +33,27 @@ use Twig\Node\Node;
  */
 class DefaultFilter extends FilterExpression
 {
-    public function __construct(Node $node, ConstantExpression $filterName, Node $arguments, int $lineno, string $tag = null)
+    #[FirstClassTwigCallableReady]
+    public function __construct(Node $node, TwigFilter|ConstantExpression $filter, Node $arguments, int $lineno)
     {
-        $default = new FilterExpression($node, new ConstantExpression('default', $node->getTemplateLine()), $arguments, $node->getTemplateLine());
+        if ($filter instanceof TwigFilter) {
+            $name = $filter->getName();
+            $default = new FilterExpression($node, $filter, $arguments, $node->getTemplateLine());
+        } else {
+            $name = $filter->getAttribute('value');
+            $default = new FilterExpression($node, new TwigFilter('default', [CoreExtension::class, 'default']), $arguments, $node->getTemplateLine());
+        }
 
-        if ('default' === $filterName->getAttribute('value') && ($node instanceof NameExpression || $node instanceof GetAttrExpression)) {
-            $test = new DefinedTest(clone $node, 'defined', new Node(), $node->getTemplateLine());
-            $false = \count($arguments) ? $arguments->getNode(0) : new ConstantExpression('', $node->getTemplateLine());
+        if ('default' === $name && ($node instanceof NameExpression || $node instanceof GetAttrExpression)) {
+            $test = new DefinedTest(clone $node, new TwigTest('defined'), new Node(), $node->getTemplateLine());
+            $false = \count($arguments) ? $arguments->getNode('0') : new ConstantExpression('', $node->getTemplateLine());
 
             $node = new ConditionalExpression($test, $default, $false, $node->getTemplateLine());
         } else {
             $node = $default;
         }
 
-        parent::__construct($node, $filterName, $arguments, $lineno, $tag);
+        parent::__construct($node, $filter, $arguments, $lineno);
     }
 
     public function compile(Compiler $compiler): void
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Filter/RawFilter.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Filter/RawFilter.php
new file mode 100644
index 000000000..e115ab194
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Filter/RawFilter.php
@@ -0,0 +1,36 @@
+<?php
+
+/*
+ * This file is part of Twig.
+ *
+ * (c) Fabien Potencier
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Twig\Node\Expression\Filter;
+
+use Twig\Attribute\FirstClassTwigCallableReady;
+use Twig\Compiler;
+use Twig\Node\Expression\ConstantExpression;
+use Twig\Node\Expression\FilterExpression;
+use Twig\Node\Node;
+use Twig\TwigFilter;
+
+/**
+ * @author Fabien Potencier <fabien@symfony.com>
+ */
+class RawFilter extends FilterExpression
+{
+    #[FirstClassTwigCallableReady]
+    public function __construct(Node $node, TwigFilter|ConstantExpression|null $filter = null, ?Node $arguments = null, int $lineno = 0)
+    {
+        parent::__construct($node, $filter ?: new TwigFilter('raw', null, ['is_safe' => ['all']]), $arguments ?: new Node(), $lineno ?: $node->getTemplateLine());
+    }
+
+    public function compile(Compiler $compiler): void
+    {
+        $compiler->subcompile($this->getNode('node'));
+    }
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/FilterExpression.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/FilterExpression.php
index 0fc158869..efc91193e 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/FilterExpression.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/FilterExpression.php
@@ -12,28 +12,61 @@
 
 namespace Twig\Node\Expression;
 
+use Twig\Attribute\FirstClassTwigCallableReady;
 use Twig\Compiler;
+use Twig\Node\NameDeprecation;
 use Twig\Node\Node;
+use Twig\TwigFilter;
 
 class FilterExpression extends CallExpression
 {
-    public function __construct(Node $node, ConstantExpression $filterName, Node $arguments, int $lineno, string $tag = null)
+    #[FirstClassTwigCallableReady]
+    public function __construct(Node $node, TwigFilter|ConstantExpression $filter, Node $arguments, int $lineno)
     {
-        parent::__construct(['node' => $node, 'filter' => $filterName, 'arguments' => $arguments], [], $lineno, $tag);
+        if ($filter instanceof TwigFilter) {
+            $name = $filter->getName();
+            $filterName = new ConstantExpression($name, $lineno);
+        } else {
+            $name = $filter->getAttribute('value');
+            $filterName = $filter;
+            trigger_deprecation('twig/twig', '3.12', 'Not passing an instance of "TwigFilter" when creating a "%s" filter of type "%s" is deprecated.', $name, static::class);
+        }
+
+        parent::__construct(['node' => $node, 'filter' => $filterName, 'arguments' => $arguments], ['name' => $name, 'type' => 'filter'], $lineno);
+
+        if ($filter instanceof TwigFilter) {
+            $this->setAttribute('twig_callable', $filter);
+        }
+
+        $this->deprecateNode('filter', new NameDeprecation('twig/twig', '3.12'));
+
+        $this->deprecateAttribute('needs_charset', new NameDeprecation('twig/twig', '3.12'));
+        $this->deprecateAttribute('needs_environment', new NameDeprecation('twig/twig', '3.12'));
+        $this->deprecateAttribute('needs_context', new NameDeprecation('twig/twig', '3.12'));
+        $this->deprecateAttribute('arguments', new NameDeprecation('twig/twig', '3.12'));
+        $this->deprecateAttribute('callable', new NameDeprecation('twig/twig', '3.12'));
+        $this->deprecateAttribute('is_variadic', new NameDeprecation('twig/twig', '3.12'));
+        $this->deprecateAttribute('dynamic_name', new NameDeprecation('twig/twig', '3.12'));
     }
 
     public function compile(Compiler $compiler): void
     {
-        $name = $this->getNode('filter')->getAttribute('value');
-        $filter = $compiler->getEnvironment()->getFilter($name);
+        $name = $this->getNode('filter', false)->getAttribute('value');
+        if ($name !== $this->getAttribute('name')) {
+            trigger_deprecation('twig/twig', '3.11', 'Changing the value of a "filter" node in a NodeVisitor class is not supported anymore.');
+            $this->removeAttribute('twig_callable');
+        }
+        if ('raw' === $name) {
+            trigger_deprecation('twig/twig', '3.11', 'Creating the "raw" filter via "FilterExpression" is deprecated; use "RawFilter" instead.');
 
-        $this->setAttribute('name', $name);
-        $this->setAttribute('type', 'filter');
-        $this->setAttribute('needs_environment', $filter->needsEnvironment());
-        $this->setAttribute('needs_context', $filter->needsContext());
-        $this->setAttribute('arguments', $filter->getArguments());
-        $this->setAttribute('callable', $filter->getCallable());
-        $this->setAttribute('is_variadic', $filter->isVariadic());
+            $compiler->subcompile($this->getNode('node'));
+
+            return;
+        }
+
+        if (!$this->hasAttribute('twig_callable')) {
+            $this->setAttribute('twig_callable', $compiler->getEnvironment()->getFilter($name));
+        }
 
         $this->compileCallable($compiler);
     }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/FunctionExpression.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/FunctionExpression.php
index 71269775c..6215c6abf 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/FunctionExpression.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/FunctionExpression.php
@@ -11,32 +11,57 @@
 
 namespace Twig\Node\Expression;
 
+use Twig\Attribute\FirstClassTwigCallableReady;
 use Twig\Compiler;
+use Twig\Node\NameDeprecation;
 use Twig\Node\Node;
+use Twig\TwigFunction;
 
 class FunctionExpression extends CallExpression
 {
-    public function __construct(string $name, Node $arguments, int $lineno)
+    #[FirstClassTwigCallableReady]
+    public function __construct(TwigFunction|string $function, Node $arguments, int $lineno)
     {
-        parent::__construct(['arguments' => $arguments], ['name' => $name, 'is_defined_test' => false], $lineno);
+        if ($function instanceof TwigFunction) {
+            $name = $function->getName();
+        } else {
+            $name = $function;
+            trigger_deprecation('twig/twig', '3.12', 'Not passing an instance of "TwigFunction" when creating a "%s" function of type "%s" is deprecated.', $name, static::class);
+        }
+
+        parent::__construct(['arguments' => $arguments], ['name' => $name, 'type' => 'function', 'is_defined_test' => false], $lineno);
+
+        if ($function instanceof TwigFunction) {
+            $this->setAttribute('twig_callable', $function);
+        }
+
+        $this->deprecateAttribute('needs_charset', new NameDeprecation('twig/twig', '3.12'));
+        $this->deprecateAttribute('needs_environment', new NameDeprecation('twig/twig', '3.12'));
+        $this->deprecateAttribute('needs_context', new NameDeprecation('twig/twig', '3.12'));
+        $this->deprecateAttribute('arguments', new NameDeprecation('twig/twig', '3.12'));
+        $this->deprecateAttribute('callable', new NameDeprecation('twig/twig', '3.12'));
+        $this->deprecateAttribute('is_variadic', new NameDeprecation('twig/twig', '3.12'));
+        $this->deprecateAttribute('dynamic_name', new NameDeprecation('twig/twig', '3.12'));
     }
 
     public function compile(Compiler $compiler)
     {
         $name = $this->getAttribute('name');
-        $function = $compiler->getEnvironment()->getFunction($name);
-
-        $this->setAttribute('name', $name);
-        $this->setAttribute('type', 'function');
-        $this->setAttribute('needs_environment', $function->needsEnvironment());
-        $this->setAttribute('needs_context', $function->needsContext());
-        $this->setAttribute('arguments', $function->getArguments());
-        $callable = $function->getCallable();
-        if ('constant' === $name && $this->getAttribute('is_defined_test')) {
-            $callable = 'twig_constant_is_defined';
+        if ($this->hasAttribute('twig_callable')) {
+            $name = $this->getAttribute('twig_callable')->getName();
+            if ($name !== $this->getAttribute('name')) {
+                trigger_deprecation('twig/twig', '3.12', 'Changing the value of a "function" node in a NodeVisitor class is not supported anymore.');
+                $this->removeAttribute('twig_callable');
+            }
+        }
+
+        if (!$this->hasAttribute('twig_callable')) {
+            $this->setAttribute('twig_callable', $compiler->getEnvironment()->getFunction($name));
+        }
+
+        if ('constant' === $name && $this->getAttribute('is_defined_test')) {
+            $this->getNode('arguments')->setNode('checkDefined', new ConstantExpression(true, $this->getTemplateLine()));
         }
-        $this->setAttribute('callable', $callable);
-        $this->setAttribute('is_variadic', $function->isVariadic());
 
         $this->compileCallable($compiler);
     }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/FunctionNode/EnumCasesFunction.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/FunctionNode/EnumCasesFunction.php
new file mode 100644
index 000000000..7e5c25ff4
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/FunctionNode/EnumCasesFunction.php
@@ -0,0 +1,41 @@
+<?php
+
+namespace Twig\Node\Expression\FunctionNode;
+
+use Twig\Compiler;
+use Twig\Error\SyntaxError;
+use Twig\Node\Expression\ConstantExpression;
+use Twig\Node\Expression\FunctionExpression;
+
+class EnumCasesFunction extends FunctionExpression
+{
+    public function compile(Compiler $compiler): void
+    {
+        $arguments = $this->getNode('arguments');
+        if ($arguments->hasNode('enum')) {
+            $firstArgument = $arguments->getNode('enum');
+        } elseif ($arguments->hasNode('0')) {
+            $firstArgument = $arguments->getNode('0');
+        } else {
+            $firstArgument = null;
+        }
+
+        if (!$firstArgument instanceof ConstantExpression || 1 !== \count($arguments)) {
+            parent::compile($compiler);
+
+            return;
+        }
+
+        $value = $firstArgument->getAttribute('value');
+
+        if (!\is_string($value)) {
+            throw new SyntaxError('The first argument of the "enum_cases" function must be a string.', $this->getTemplateLine(), $this->getSourceContext());
+        }
+
+        if (!enum_exists($value)) {
+            throw new SyntaxError(\sprintf('The first argument of the "enum_cases" function must be the name of an enum, "%s" given.', $value), $this->getTemplateLine(), $this->getSourceContext());
+        }
+
+        $compiler->raw(\sprintf('%s::cases()', $value));
+    }
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/GetAttrExpression.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/GetAttrExpression.php
index e6a75ce94..29a446b88 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/GetAttrExpression.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/GetAttrExpression.php
@@ -57,7 +57,7 @@ class GetAttrExpression extends AbstractExpression
             return;
         }
 
-        $compiler->raw('twig_get_attribute($this->env, $this->source, ');
+        $compiler->raw('CoreExtension::getAttribute($this->env, $this->source, ');
 
         if ($this->getAttribute('ignore_strict_check')) {
             $this->getNode('node')->setAttribute('ignore_strict_check', true);
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/InlinePrint.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/InlinePrint.php
index 1ad4751e4..0a3c2e4f9 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/InlinePrint.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/InlinePrint.php
@@ -27,9 +27,8 @@ final class InlinePrint extends AbstractExpression
     public function compile(Compiler $compiler): void
     {
         $compiler
-            ->raw('print (')
+            ->raw('yield ')
             ->subcompile($this->getNode('node'))
-            ->raw(')')
         ;
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/MethodCallExpression.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/MethodCallExpression.php
index d5ec0b6ef..01806f91d 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/MethodCallExpression.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/MethodCallExpression.php
@@ -39,14 +39,16 @@ class MethodCallExpression extends AbstractExpression
         }
 
         $compiler
-            ->raw('twig_call_macro($macros[')
+            ->raw('CoreExtension::callMacro($macros[')
             ->repr($this->getNode('node')->getAttribute('name'))
             ->raw('], ')
             ->repr($this->getAttribute('method'))
             ->raw(', [')
         ;
         $first = true;
-        foreach ($this->getNode('arguments')->getKeyValuePairs() as $pair) {
+        /** @var ArrayExpression */
+        $args = $this->getNode('arguments');
+        foreach ($args->getKeyValuePairs() as $pair) {
             if (!$first) {
                 $compiler->raw(', ');
             }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/NameExpression.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/NameExpression.php
index c3563f012..286aa5ae2 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/NameExpression.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/NameExpression.php
@@ -34,7 +34,7 @@ class NameExpression extends AbstractExpression
         $compiler->addDebugInfo($this);
 
         if ($this->getAttribute('is_defined_test')) {
-            if ($this->isSpecial()) {
+            if (isset($this->specialVars[$name])) {
                 $compiler->repr(true);
             } elseif (\PHP_VERSION_ID >= 70400) {
                 $compiler
@@ -51,7 +51,7 @@ class NameExpression extends AbstractExpression
                     ->raw(', $context))')
                 ;
             }
-        } elseif ($this->isSpecial()) {
+        } elseif (isset($this->specialVars[$name])) {
             $compiler->raw($this->specialVars[$name]);
         } elseif ($this->getAttribute('always_defined')) {
             $compiler
@@ -85,13 +85,23 @@ class NameExpression extends AbstractExpression
         }
     }
 
+    /**
+     * @deprecated since Twig 3.11 (to be removed in 4.0)
+     */
     public function isSpecial()
     {
+        trigger_deprecation('twig/twig', '3.11', 'The "%s()" method is deprecated and will be removed in Twig 4.0.', __METHOD__);
+
         return isset($this->specialVars[$this->getAttribute('name')]);
     }
 
+    /**
+     * @deprecated since Twig 3.11 (to be removed in 4.0)
+     */
     public function isSimple()
     {
+        trigger_deprecation('twig/twig', '3.11', 'The "%s()" method is deprecated and will be removed in Twig 4.0.', __METHOD__);
+
         return !$this->isSpecial() && !$this->getAttribute('is_defined_test');
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/NullCoalesceExpression.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/NullCoalesceExpression.php
index a72bc4fc6..98630f7f0 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/NullCoalesceExpression.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/NullCoalesceExpression.php
@@ -17,17 +17,18 @@ use Twig\Node\Expression\Test\DefinedTest;
 use Twig\Node\Expression\Test\NullTest;
 use Twig\Node\Expression\Unary\NotUnary;
 use Twig\Node\Node;
+use Twig\TwigTest;
 
 class NullCoalesceExpression extends ConditionalExpression
 {
     public function __construct(Node $left, Node $right, int $lineno)
     {
-        $test = new DefinedTest(clone $left, 'defined', new Node(), $left->getTemplateLine());
+        $test = new DefinedTest(clone $left, new TwigTest('defined'), new Node(), $left->getTemplateLine());
         // for "block()", we don't need the null test as the return value is always a string
         if (!$left instanceof BlockReferenceExpression) {
             $test = new AndBinary(
                 $test,
-                new NotUnary(new NullTest($left, 'null', new Node(), $left->getTemplateLine()), $left->getTemplateLine()),
+                new NotUnary(new NullTest($left, new TwigTest('null'), new Node(), $left->getTemplateLine()), $left->getTemplateLine()),
                 $left->getTemplateLine()
             );
         }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/ParentExpression.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/ParentExpression.php
index 254919718..22fe38f6a 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/ParentExpression.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/ParentExpression.php
@@ -21,9 +21,9 @@ use Twig\Compiler;
  */
 class ParentExpression extends AbstractExpression
 {
-    public function __construct(string $name, int $lineno, string $tag = null)
+    public function __construct(string $name, int $lineno)
     {
-        parent::__construct([], ['output' => false, 'name' => $name], $lineno, $tag);
+        parent::__construct([], ['output' => false, 'name' => $name], $lineno);
     }
 
     public function compile(Compiler $compiler): void
@@ -31,7 +31,7 @@ class ParentExpression extends AbstractExpression
         if ($this->getAttribute('output')) {
             $compiler
                 ->addDebugInfo($this)
-                ->write('$this->displayParentBlock(')
+                ->write('yield from $this->yieldParentBlock(')
                 ->string($this->getAttribute('name'))
                 ->raw(", \$context, \$blocks);\n")
             ;
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Test/ConstantTest.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Test/ConstantTest.php
index 57e9319d5..867fd0951 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Test/ConstantTest.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Test/ConstantTest.php
@@ -33,16 +33,16 @@ class ConstantTest extends TestExpression
             ->raw(' === constant(')
         ;
 
-        if ($this->getNode('arguments')->hasNode(1)) {
+        if ($this->getNode('arguments')->hasNode('1')) {
             $compiler
                 ->raw('get_class(')
-                ->subcompile($this->getNode('arguments')->getNode(1))
+                ->subcompile($this->getNode('arguments')->getNode('1'))
                 ->raw(')."::".')
             ;
         }
 
         $compiler
-            ->subcompile($this->getNode('arguments')->getNode(0))
+            ->subcompile($this->getNode('arguments')->getNode('0'))
             ->raw('))')
         ;
     }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Test/DefinedTest.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Test/DefinedTest.php
index 3953bbbe2..24d3ee82c 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Test/DefinedTest.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Test/DefinedTest.php
@@ -11,6 +11,7 @@
 
 namespace Twig\Node\Expression\Test;
 
+use Twig\Attribute\FirstClassTwigCallableReady;
 use Twig\Compiler;
 use Twig\Error\SyntaxError;
 use Twig\Node\Expression\ArrayExpression;
@@ -22,6 +23,7 @@ use Twig\Node\Expression\MethodCallExpression;
 use Twig\Node\Expression\NameExpression;
 use Twig\Node\Expression\TestExpression;
 use Twig\Node\Node;
+use Twig\TwigTest;
 
 /**
  * Checks if a variable is defined in the current context.
@@ -35,7 +37,8 @@ use Twig\Node\Node;
  */
 class DefinedTest extends TestExpression
 {
-    public function __construct(Node $node, string $name, ?Node $arguments, int $lineno)
+    #[FirstClassTwigCallableReady]
+    public function __construct(Node $node, TwigTest|string $name, ?Node $arguments, int $lineno)
     {
         if ($node instanceof NameExpression) {
             $node->setAttribute('is_defined_test', true);
@@ -54,6 +57,10 @@ class DefinedTest extends TestExpression
             throw new SyntaxError('The "defined" test only works with simple variables.', $lineno);
         }
 
+        if (\is_string($name) && 'defined' !== $name) {
+            trigger_deprecation('twig/twig', '3.12', 'Creating a "DefinedTest" instance with a test name that is not "defined" is deprecated.');
+        }
+
         parent::__construct($node, $name, $arguments, $lineno);
     }
 
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Test/DivisiblebyTest.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Test/DivisiblebyTest.php
index 4cb3ee096..90d58a49a 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Test/DivisiblebyTest.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Test/DivisiblebyTest.php
@@ -29,7 +29,7 @@ class DivisiblebyTest extends TestExpression
             ->raw('(0 == ')
             ->subcompile($this->getNode('node'))
             ->raw(' % ')
-            ->subcompile($this->getNode('arguments')->getNode(0))
+            ->subcompile($this->getNode('arguments')->getNode('0'))
             ->raw(')')
         ;
     }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Test/SameasTest.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Test/SameasTest.php
index c96d2bc01..f1e24db6f 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Test/SameasTest.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/Test/SameasTest.php
@@ -27,7 +27,7 @@ class SameasTest extends TestExpression
             ->raw('(')
             ->subcompile($this->getNode('node'))
             ->raw(' === ')
-            ->subcompile($this->getNode('arguments')->getNode(0))
+            ->subcompile($this->getNode('arguments')->getNode('0'))
             ->raw(')')
         ;
     }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/TestExpression.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/TestExpression.php
index e518bd8f1..080d85aaa 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/TestExpression.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Expression/TestExpression.php
@@ -11,31 +11,55 @@
 
 namespace Twig\Node\Expression;
 
+use Twig\Attribute\FirstClassTwigCallableReady;
 use Twig\Compiler;
+use Twig\Node\NameDeprecation;
 use Twig\Node\Node;
+use Twig\TwigTest;
 
 class TestExpression extends CallExpression
 {
-    public function __construct(Node $node, string $name, ?Node $arguments, int $lineno)
+    #[FirstClassTwigCallableReady]
+    public function __construct(Node $node, string|TwigTest $test, ?Node $arguments, int $lineno)
     {
         $nodes = ['node' => $node];
         if (null !== $arguments) {
             $nodes['arguments'] = $arguments;
         }
 
-        parent::__construct($nodes, ['name' => $name], $lineno);
+        if ($test instanceof TwigTest) {
+            $name = $test->getName();
+        } else {
+            $name = $test;
+            trigger_deprecation('twig/twig', '3.12', 'Not passing an instance of "TwigTest" when creating a "%s" test of type "%s" is deprecated.', $name, static::class);
+        }
+
+        parent::__construct($nodes, ['name' => $name, 'type' => 'test'], $lineno);
+
+        if ($test instanceof TwigTest) {
+            $this->setAttribute('twig_callable', $test);
+        }
+
+        $this->deprecateAttribute('arguments', new NameDeprecation('twig/twig', '3.12'));
+        $this->deprecateAttribute('callable', new NameDeprecation('twig/twig', '3.12'));
+        $this->deprecateAttribute('is_variadic', new NameDeprecation('twig/twig', '3.12'));
+        $this->deprecateAttribute('dynamic_name', new NameDeprecation('twig/twig', '3.12'));
     }
 
     public function compile(Compiler $compiler): void
     {
         $name = $this->getAttribute('name');
-        $test = $compiler->getEnvironment()->getTest($name);
+        if ($this->hasAttribute('twig_callable')) {
+            $name = $this->getAttribute('twig_callable')->getName();
+            if ($name !== $this->getAttribute('name')) {
+                trigger_deprecation('twig/twig', '3.12', 'Changing the value of a "test" node in a NodeVisitor class is not supported anymore.');
+                $this->removeAttribute('twig_callable');
+            }
+        }
 
-        $this->setAttribute('name', $name);
-        $this->setAttribute('type', 'test');
-        $this->setAttribute('arguments', $test->getArguments());
-        $this->setAttribute('callable', $test->getCallable());
-        $this->setAttribute('is_variadic', $test->isVariadic());
+        if (!$this->hasAttribute('twig_callable')) {
+            $this->setAttribute('twig_callable', $compiler->getEnvironment()->getTest($this->getAttribute('name')));
+        }
 
         $this->compileCallable($compiler);
     }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/FlushNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/FlushNode.php
index fa50a88ee..ff3bd1cf1 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/FlushNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/FlushNode.php
@@ -11,6 +11,7 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 
 /**
@@ -18,18 +19,22 @@ use Twig\Compiler;
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class FlushNode extends Node
 {
-    public function __construct(int $lineno, string $tag)
+    public function __construct(int $lineno)
     {
-        parent::__construct([], [], $lineno, $tag);
+        parent::__construct([], [], $lineno);
     }
 
     public function compile(Compiler $compiler): void
     {
-        $compiler
-            ->addDebugInfo($this)
-            ->write("flush();\n")
-        ;
+        $compiler->addDebugInfo($this);
+
+        if ($compiler->getEnvironment()->useYield()) {
+            $compiler->write("yield '';\n");
+        }
+
+        $compiler->write("flush();\n");
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/ForLoopNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/ForLoopNode.php
index d5ce845a7..1f0a4f321 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/ForLoopNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/ForLoopNode.php
@@ -11,6 +11,7 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 
 /**
@@ -18,11 +19,12 @@ use Twig\Compiler;
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class ForLoopNode extends Node
 {
-    public function __construct(int $lineno, string $tag = null)
+    public function __construct(int $lineno)
     {
-        parent::__construct([], ['with_loop' => false, 'ifexpr' => false, 'else' => false], $lineno, $tag);
+        parent::__construct([], ['with_loop' => false, 'ifexpr' => false, 'else' => false], $lineno);
     }
 
     public function compile(Compiler $compiler): void
@@ -36,7 +38,7 @@ class ForLoopNode extends Node
                 ->write("++\$context['loop']['index0'];\n")
                 ->write("++\$context['loop']['index'];\n")
                 ->write("\$context['loop']['first'] = false;\n")
-                ->write("if (isset(\$context['loop']['length'])) {\n")
+                ->write("if (isset(\$context['loop']['revindex0'], \$context['loop']['revindex'])) {\n")
                 ->indent()
                 ->write("--\$context['loop']['revindex0'];\n")
                 ->write("--\$context['loop']['revindex'];\n")
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/ForNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/ForNode.php
index 04addfbfe..2fc014792 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/ForNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/ForNode.php
@@ -12,6 +12,7 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 use Twig\Node\Expression\AbstractExpression;
 use Twig\Node\Expression\AssignNameExpression;
@@ -21,20 +22,21 @@ use Twig\Node\Expression\AssignNameExpression;
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class ForNode extends Node
 {
     private $loop;
 
-    public function __construct(AssignNameExpression $keyTarget, AssignNameExpression $valueTarget, AbstractExpression $seq, ?Node $ifexpr, Node $body, ?Node $else, int $lineno, string $tag = null)
+    public function __construct(AssignNameExpression $keyTarget, AssignNameExpression $valueTarget, AbstractExpression $seq, ?Node $ifexpr, Node $body, ?Node $else, int $lineno)
     {
-        $body = new Node([$body, $this->loop = new ForLoopNode($lineno, $tag)]);
+        $body = new Node([$body, $this->loop = new ForLoopNode($lineno)]);
 
         $nodes = ['key_target' => $keyTarget, 'value_target' => $valueTarget, 'seq' => $seq, 'body' => $body];
         if (null !== $else) {
             $nodes['else'] = $else;
         }
 
-        parent::__construct($nodes, ['with_loop' => true], $lineno, $tag);
+        parent::__construct($nodes, ['with_loop' => true], $lineno);
     }
 
     public function compile(Compiler $compiler): void
@@ -42,7 +44,7 @@ class ForNode extends Node
         $compiler
             ->addDebugInfo($this)
             ->write("\$context['_parent'] = \$context;\n")
-            ->write("\$context['_seq'] = twig_ensure_traversable(")
+            ->write("\$context['_seq'] = CoreExtension::ensureTraversable(")
             ->subcompile($this->getNode('seq'))
             ->raw(");\n")
         ;
@@ -99,7 +101,14 @@ class ForNode extends Node
         $compiler->write("\$_parent = \$context['_parent'];\n");
 
         // remove some "private" loop variables (needed for nested loops)
-        $compiler->write('unset($context[\'_seq\'], $context[\'_iterated\'], $context[\''.$this->getNode('key_target')->getAttribute('name').'\'], $context[\''.$this->getNode('value_target')->getAttribute('name').'\'], $context[\'_parent\'], $context[\'loop\']);'."\n");
+        $compiler->write('unset($context[\'_seq\'], $context[\''.$this->getNode('key_target')->getAttribute('name').'\'], $context[\''.$this->getNode('value_target')->getAttribute('name').'\'], $context[\'_parent\']');
+        if ($this->hasNode('else')) {
+            $compiler->raw(', $context[\'_iterated\']');
+        }
+        if ($this->getAttribute('with_loop')) {
+            $compiler->raw(', $context[\'loop\']');
+        }
+        $compiler->raw(");\n");
 
         // keep the values set in the inner context for variables defined in the outer context
         $compiler->write("\$context = array_intersect_key(\$context, \$_parent) + \$_parent;\n");
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/IfNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/IfNode.php
index 5fa20082a..2af48fa81 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/IfNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/IfNode.php
@@ -12,6 +12,7 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 
 /**
@@ -19,16 +20,17 @@ use Twig\Compiler;
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class IfNode extends Node
 {
-    public function __construct(Node $tests, ?Node $else, int $lineno, string $tag = null)
+    public function __construct(Node $tests, ?Node $else, int $lineno)
     {
         $nodes = ['tests' => $tests];
         if (null !== $else) {
             $nodes['else'] = $else;
         }
 
-        parent::__construct($nodes, [], $lineno, $tag);
+        parent::__construct($nodes, [], $lineno);
     }
 
     public function compile(Compiler $compiler): void
@@ -47,11 +49,14 @@ class IfNode extends Node
             }
 
             $compiler
-                ->subcompile($this->getNode('tests')->getNode($i))
+                ->subcompile($this->getNode('tests')->getNode((string) $i))
                 ->raw(") {\n")
                 ->indent()
-                ->subcompile($this->getNode('tests')->getNode($i + 1))
             ;
+            // The node might not exists if the content is empty
+            if ($this->getNode('tests')->hasNode((string) ($i + 1))) {
+                $compiler->subcompile($this->getNode('tests')->getNode((string) ($i + 1)));
+            }
         }
 
         if ($this->hasNode('else')) {
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/ImportNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/ImportNode.php
index 5378d799e..9a6033f21 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/ImportNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/ImportNode.php
@@ -11,6 +11,7 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 use Twig\Node\Expression\AbstractExpression;
 use Twig\Node\Expression\NameExpression;
@@ -20,11 +21,22 @@ use Twig\Node\Expression\NameExpression;
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class ImportNode extends Node
 {
-    public function __construct(AbstractExpression $expr, AbstractExpression $var, int $lineno, string $tag = null, bool $global = true)
+    /**
+     * @param bool $global
+     */
+    public function __construct(AbstractExpression $expr, AbstractExpression $var, int $lineno, $global = true)
     {
-        parent::__construct(['expr' => $expr, 'var' => $var], ['global' => $global], $lineno, $tag);
+        if (null === $global || \is_string($global)) {
+            trigger_deprecation('twig/twig', '3.12', 'Passing a tag to %s() is deprecated.', __METHOD__);
+            $global = \func_num_args() > 4 ? func_get_arg(4) : true;
+        } elseif (!\is_bool($global)) {
+            throw new \TypeError(\sprintf('Argument 4 passed to "%s()" must be a boolean, "%s" given.', __METHOD__, get_debug_type($global)));
+        }
+
+        parent::__construct(['expr' => $expr, 'var' => $var], ['global' => $global], $lineno);
     }
 
     public function compile(Compiler $compiler): void
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/IncludeNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/IncludeNode.php
index d540d6b23..1c18292c5 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/IncludeNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/IncludeNode.php
@@ -12,6 +12,7 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 use Twig\Node\Expression\AbstractExpression;
 
@@ -20,16 +21,17 @@ use Twig\Node\Expression\AbstractExpression;
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class IncludeNode extends Node implements NodeOutputInterface
 {
-    public function __construct(AbstractExpression $expr, ?AbstractExpression $variables, bool $only, bool $ignoreMissing, int $lineno, string $tag = null)
+    public function __construct(AbstractExpression $expr, ?AbstractExpression $variables, bool $only, bool $ignoreMissing, int $lineno)
     {
         $nodes = ['expr' => $expr];
         if (null !== $variables) {
             $nodes['variables'] = $variables;
         }
 
-        parent::__construct($nodes, ['only' => $only, 'ignore_missing' => $ignoreMissing], $lineno, $tag);
+        parent::__construct($nodes, ['only' => $only, 'ignore_missing' => $ignoreMissing], $lineno);
     }
 
     public function compile(Compiler $compiler): void
@@ -40,10 +42,10 @@ class IncludeNode extends Node implements NodeOutputInterface
             $template = $compiler->getVarName();
 
             $compiler
-                ->write(sprintf("$%s = null;\n", $template))
+                ->write(\sprintf("$%s = null;\n", $template))
                 ->write("try {\n")
                 ->indent()
-                ->write(sprintf('$%s = ', $template))
+                ->write(\sprintf('$%s = ', $template))
             ;
 
             $this->addGetTemplate($compiler);
@@ -56,10 +58,11 @@ class IncludeNode extends Node implements NodeOutputInterface
                 ->write("// ignore missing template\n")
                 ->outdent()
                 ->write("}\n")
-                ->write(sprintf("if ($%s) {\n", $template))
+                ->write(\sprintf("if ($%s) {\n", $template))
                 ->indent()
-                ->write(sprintf('$%s->display(', $template))
+                ->write(\sprintf('yield from $%s->unwrap()->yield(', $template))
             ;
+
             $this->addTemplateArguments($compiler);
             $compiler
                 ->raw(");\n")
@@ -67,8 +70,9 @@ class IncludeNode extends Node implements NodeOutputInterface
                 ->write("}\n")
             ;
         } else {
+            $compiler->write('yield from ');
             $this->addGetTemplate($compiler);
-            $compiler->raw('->display(');
+            $compiler->raw('->unwrap()->yield(');
             $this->addTemplateArguments($compiler);
             $compiler->raw(");\n");
         }
@@ -93,12 +97,12 @@ class IncludeNode extends Node implements NodeOutputInterface
             $compiler->raw(false === $this->getAttribute('only') ? '$context' : '[]');
         } elseif (false === $this->getAttribute('only')) {
             $compiler
-                ->raw('twig_array_merge($context, ')
+                ->raw('CoreExtension::merge($context, ')
                 ->subcompile($this->getNode('variables'))
                 ->raw(')')
             ;
         } else {
-            $compiler->raw('twig_to_array(');
+            $compiler->raw('CoreExtension::toArray(');
             $compiler->subcompile($this->getNode('variables'));
             $compiler->raw(')');
         }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/MacroNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/MacroNode.php
index 7f1b24d53..5a2543a9f 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/MacroNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/MacroNode.php
@@ -11,6 +11,7 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 use Twig\Error\SyntaxError;
 
@@ -19,26 +20,34 @@ use Twig\Error\SyntaxError;
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class MacroNode extends Node
 {
     public const VARARGS_NAME = 'varargs';
 
-    public function __construct(string $name, Node $body, Node $arguments, int $lineno, string $tag = null)
+    /**
+     * @param BodyNode $body
+     */
+    public function __construct(string $name, Node $body, Node $arguments, int $lineno)
     {
+        if (!$body instanceof BodyNode) {
+            trigger_deprecation('twig/twig', '3.12', \sprintf('Not passing a "%s" instance as the "body" argument of the "%s" constructor is deprecated.', BodyNode::class, static::class));
+        }
+
         foreach ($arguments as $argumentName => $argument) {
             if (self::VARARGS_NAME === $argumentName) {
-                throw new SyntaxError(sprintf('The argument "%s" in macro "%s" cannot be defined because the variable "%s" is reserved for arbitrary arguments.', self::VARARGS_NAME, $name, self::VARARGS_NAME), $argument->getTemplateLine(), $argument->getSourceContext());
+                throw new SyntaxError(\sprintf('The argument "%s" in macro "%s" cannot be defined because the variable "%s" is reserved for arbitrary arguments.', self::VARARGS_NAME, $name, self::VARARGS_NAME), $argument->getTemplateLine(), $argument->getSourceContext());
             }
         }
 
-        parent::__construct(['body' => $body, 'arguments' => $arguments], ['name' => $name], $lineno, $tag);
+        parent::__construct(['body' => $body, 'arguments' => $arguments], ['name' => $name], $lineno);
     }
 
     public function compile(Compiler $compiler): void
     {
         $compiler
             ->addDebugInfo($this)
-            ->write(sprintf('public function macro_%s(', $this->getAttribute('name')))
+            ->write(\sprintf('public function macro_%s(', $this->getAttribute('name')))
         ;
 
         $count = \count($this->getNode('arguments'));
@@ -64,7 +73,7 @@ class MacroNode extends Node
             ->write("{\n")
             ->indent()
             ->write("\$macros = \$this->macros;\n")
-            ->write("\$context = \$this->env->mergeGlobals([\n")
+            ->write("\$context = [\n")
             ->indent()
         ;
 
@@ -77,35 +86,19 @@ class MacroNode extends Node
             ;
         }
 
+        $node = new CaptureNode($this->getNode('body'), $this->getNode('body')->lineno);
+
         $compiler
             ->write('')
             ->string(self::VARARGS_NAME)
             ->raw(' => ')
-        ;
-
-        $compiler
             ->raw("\$__varargs__,\n")
             ->outdent()
-            ->write("]);\n\n")
+            ->write("] + \$this->env->getGlobals();\n\n")
             ->write("\$blocks = [];\n\n")
-        ;
-        if ($compiler->getEnvironment()->isDebug()) {
-            $compiler->write("ob_start();\n");
-        } else {
-            $compiler->write("ob_start(function () { return ''; });\n");
-        }
-        $compiler
-            ->write("try {\n")
-            ->indent()
-            ->subcompile($this->getNode('body'))
+            ->write('return ')
+            ->subcompile($node)
             ->raw("\n")
-            ->write("return ('' === \$tmp = ob_get_contents()) ? '' : new Markup(\$tmp, \$this->env->getCharset());\n")
-            ->outdent()
-            ->write("} finally {\n")
-            ->indent()
-            ->write("ob_end_clean();\n")
-            ->outdent()
-            ->write("}\n")
             ->outdent()
             ->write("}\n\n")
         ;
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/ModuleNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/ModuleNode.php
index e972b6ba5..d2fb216b1 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/ModuleNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/ModuleNode.php
@@ -12,6 +12,7 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 use Twig\Node\Expression\AbstractExpression;
 use Twig\Node\Expression\ConstantExpression;
@@ -20,16 +21,24 @@ use Twig\Source;
 /**
  * Represents a module node.
  *
- * Consider this class as being final. If you need to customize the behavior of
- * the generated class, consider adding nodes to the following nodes: display_start,
- * display_end, constructor_start, constructor_end, and class_end.
+ * If you need to customize the behavior of the generated class, add nodes to
+ * the following nodes: display_start, display_end, constructor_start,
+ * constructor_end, and class_end.
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 final class ModuleNode extends Node
 {
+    /**
+     * @param BodyNode $body
+     */
     public function __construct(Node $body, ?AbstractExpression $parent, Node $blocks, Node $macros, Node $traits, $embeddedTemplates, Source $source)
     {
+        if (!$body instanceof BodyNode) {
+            trigger_deprecation('twig/twig', '3.12', \sprintf('Not passing a "%s" instance as the "body" argument of the "%s" constructor is deprecated.', BodyNode::class, static::class));
+        }
+
         $nodes = [
             'body' => $body,
             'blocks' => $blocks,
@@ -106,7 +115,7 @@ final class ModuleNode extends Node
         $parent = $this->getNode('parent');
 
         $compiler
-            ->write("protected function doGetParent(array \$context)\n", "{\n")
+            ->write("protected function doGetParent(array \$context): bool|string|Template|TemplateWrapper\n", "{\n")
             ->indent()
             ->addDebugInfo($parent)
             ->write('return ')
@@ -143,6 +152,7 @@ final class ModuleNode extends Node
                 ->write("use Twig\Environment;\n")
                 ->write("use Twig\Error\LoaderError;\n")
                 ->write("use Twig\Error\RuntimeError;\n")
+                ->write("use Twig\Extension\CoreExtension;\n")
                 ->write("use Twig\Extension\SandboxExtension;\n")
                 ->write("use Twig\Markup;\n")
                 ->write("use Twig\Sandbox\SecurityError;\n")
@@ -150,7 +160,9 @@ final class ModuleNode extends Node
                 ->write("use Twig\Sandbox\SecurityNotAllowedFilterError;\n")
                 ->write("use Twig\Sandbox\SecurityNotAllowedFunctionError;\n")
                 ->write("use Twig\Source;\n")
-                ->write("use Twig\Template;\n\n")
+                ->write("use Twig\Template;\n")
+                ->write("use Twig\TemplateWrapper;\n")
+                ->write("\n")
             ;
         }
         $compiler
@@ -160,8 +172,11 @@ final class ModuleNode extends Node
             ->raw(" extends Template\n")
             ->write("{\n")
             ->indent()
-            ->write("private \$source;\n")
-            ->write("private \$macros = [];\n\n")
+            ->write("private Source \$source;\n")
+            ->write("/**\n")
+            ->write(" * @var array<string, Template>\n")
+            ->write(" */\n")
+            ->write("private array \$macros = [];\n\n")
         ;
     }
 
@@ -188,14 +203,14 @@ final class ModuleNode extends Node
 
                 $compiler
                     ->addDebugInfo($node)
-                    ->write(sprintf('$_trait_%s = $this->loadTemplate(', $i))
+                    ->write(\sprintf('$_trait_%s = $this->loadTemplate(', $i))
                     ->subcompile($node)
                     ->raw(', ')
                     ->repr($node->getTemplateName())
                     ->raw(', ')
                     ->repr($node->getTemplateLine())
                     ->raw(");\n")
-                    ->write(sprintf("if (!\$_trait_%s->isTraitable()) {\n", $i))
+                    ->write(\sprintf("if (!\$_trait_%s->unwrap()->isTraitable()) {\n", $i))
                     ->indent()
                     ->write("throw new RuntimeError('Template \"'.")
                     ->subcompile($trait->getNode('template'))
@@ -204,12 +219,12 @@ final class ModuleNode extends Node
                     ->raw(", \$this->source);\n")
                     ->outdent()
                     ->write("}\n")
-                    ->write(sprintf("\$_trait_%s_blocks = \$_trait_%s->getBlocks();\n\n", $i, $i))
+                    ->write(\sprintf("\$_trait_%s_blocks = \$_trait_%s->unwrap()->getBlocks();\n\n", $i, $i))
                 ;
 
                 foreach ($trait->getNode('targets') as $key => $value) {
                     $compiler
-                        ->write(sprintf('if (!isset($_trait_%s_blocks[', $i))
+                        ->write(\sprintf('if (!isset($_trait_%s_blocks[', $i))
                         ->string($key)
                         ->raw("])) {\n")
                         ->indent()
@@ -223,11 +238,11 @@ final class ModuleNode extends Node
                         ->outdent()
                         ->write("}\n\n")
 
-                        ->write(sprintf('$_trait_%s_blocks[', $i))
+                        ->write(\sprintf('$_trait_%s_blocks[', $i))
                         ->subcompile($value)
-                        ->raw(sprintf('] = $_trait_%s_blocks[', $i))
+                        ->raw(\sprintf('] = $_trait_%s_blocks[', $i))
                         ->string($key)
-                        ->raw(sprintf(']; unset($_trait_%s_blocks[', $i))
+                        ->raw(\sprintf(']; unset($_trait_%s_blocks[', $i))
                         ->string($key)
                         ->raw("]);\n\n")
                     ;
@@ -242,7 +257,7 @@ final class ModuleNode extends Node
 
                 for ($i = 0; $i < $countTraits; ++$i) {
                     $compiler
-                        ->write(sprintf('$_trait_%s_blocks'.($i == $countTraits - 1 ? '' : ',')."\n", $i))
+                        ->write(\sprintf('$_trait_%s_blocks'.($i == $countTraits - 1 ? '' : ',')."\n", $i))
                     ;
                 }
 
@@ -275,7 +290,7 @@ final class ModuleNode extends Node
 
         foreach ($this->getNode('blocks') as $name => $node) {
             $compiler
-                ->write(sprintf("'%s' => [\$this, 'block_%s'],\n", $name, $name))
+                ->write(\sprintf("'%s' => [\$this, 'block_%s'],\n", $name, $name))
             ;
         }
 
@@ -303,7 +318,7 @@ final class ModuleNode extends Node
     protected function compileDisplay(Compiler $compiler)
     {
         $compiler
-            ->write("protected function doDisplay(array \$context, array \$blocks = [])\n", "{\n")
+            ->write("protected function doDisplay(array \$context, array \$blocks = []): iterable\n", "{\n")
             ->indent()
             ->write("\$macros = \$this->macros;\n")
             ->subcompile($this->getNode('display_start'))
@@ -324,15 +339,24 @@ final class ModuleNode extends Node
                     ->repr($parent->getTemplateLine())
                     ->raw(");\n")
                 ;
-                $compiler->write('$this->parent');
-            } else {
-                $compiler->write('$this->getParent($context)');
             }
-            $compiler->raw("->display(\$context, array_merge(\$this->blocks, \$blocks));\n");
+            $compiler->write('yield from ');
+
+            if ($parent instanceof ConstantExpression) {
+                $compiler->raw('$this->parent');
+            } else {
+                $compiler->raw('$this->getParent($context)');
+            }
+            $compiler->raw("->unwrap()->yield(\$context, array_merge(\$this->blocks, \$blocks));\n");
+        }
+
+        $compiler->subcompile($this->getNode('display_end'));
+
+        if (!$this->hasNode('parent')) {
+            $compiler->write("yield from [];\n");
         }
 
         $compiler
-            ->subcompile($this->getNode('display_end'))
             ->outdent()
             ->write("}\n\n")
         ;
@@ -355,7 +379,10 @@ final class ModuleNode extends Node
     protected function compileGetTemplateName(Compiler $compiler)
     {
         $compiler
-            ->write("public function getTemplateName()\n", "{\n")
+            ->write("/**\n")
+            ->write(" * @codeCoverageIgnore\n")
+            ->write(" */\n")
+            ->write("public function getTemplateName(): string\n", "{\n")
             ->indent()
             ->write('return ')
             ->repr($this->getSourceContext()->getName())
@@ -377,7 +404,7 @@ final class ModuleNode extends Node
         $traitable = !$this->hasNode('parent') && 0 === \count($this->getNode('macros'));
         if ($traitable) {
             if ($this->getNode('body') instanceof BodyNode) {
-                $nodes = $this->getNode('body')->getNode(0);
+                $nodes = $this->getNode('body')->getNode('0');
             } else {
                 $nodes = $this->getNode('body');
             }
@@ -391,14 +418,6 @@ final class ModuleNode extends Node
                     continue;
                 }
 
-                if ($node instanceof TextNode && ctype_space($node->getAttribute('data'))) {
-                    continue;
-                }
-
-                if ($node instanceof BlockReferenceNode) {
-                    continue;
-                }
-
                 $traitable = false;
                 break;
             }
@@ -409,9 +428,12 @@ final class ModuleNode extends Node
         }
 
         $compiler
-            ->write("public function isTraitable()\n", "{\n")
+            ->write("/**\n")
+            ->write(" * @codeCoverageIgnore\n")
+            ->write(" */\n")
+            ->write("public function isTraitable(): bool\n", "{\n")
             ->indent()
-            ->write(sprintf("return %s;\n", $traitable ? 'true' : 'false'))
+            ->write("return false;\n")
             ->outdent()
             ->write("}\n\n")
         ;
@@ -420,9 +442,12 @@ final class ModuleNode extends Node
     protected function compileDebugInfo(Compiler $compiler)
     {
         $compiler
-            ->write("public function getDebugInfo()\n", "{\n")
+            ->write("/**\n")
+            ->write(" * @codeCoverageIgnore\n")
+            ->write(" */\n")
+            ->write("public function getDebugInfo(): array\n", "{\n")
             ->indent()
-            ->write(sprintf("return %s;\n", str_replace("\n", '', var_export(array_reverse($compiler->getDebugInfo(), true), true))))
+            ->write(\sprintf("return %s;\n", str_replace("\n", '', var_export(array_reverse($compiler->getDebugInfo(), true), true))))
             ->outdent()
             ->write("}\n\n")
         ;
@@ -431,7 +456,7 @@ final class ModuleNode extends Node
     protected function compileGetSourceContext(Compiler $compiler)
     {
         $compiler
-            ->write("public function getSourceContext()\n", "{\n")
+            ->write("public function getSourceContext(): Source\n", "{\n")
             ->indent()
             ->write('return new Source(')
             ->string($compiler->getEnvironment()->isDebug() ? $this->getSourceContext()->getCode() : '')
@@ -449,7 +474,7 @@ final class ModuleNode extends Node
     {
         if ($node instanceof ConstantExpression) {
             $compiler
-                ->write(sprintf('%s = $this->loadTemplate(', $var))
+                ->write(\sprintf('%s = $this->loadTemplate(', $var))
                 ->subcompile($node)
                 ->raw(', ')
                 ->repr($node->getTemplateName())
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/NameDeprecation.php b/data/web/inc/lib/vendor/twig/twig/src/Node/NameDeprecation.php
new file mode 100644
index 000000000..63ab28576
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/NameDeprecation.php
@@ -0,0 +1,46 @@
+<?php
+
+/*
+ * This file is part of Twig.
+ *
+ * (c) Fabien Potencier
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Twig\Node;
+
+/**
+ * Represents a deprecation for a named node or attribute on a Node.
+ *
+ * @author Fabien Potencier <fabien@symfony.com>
+ */
+class NameDeprecation
+{
+    private $package;
+    private $version;
+    private $newName;
+
+    public function __construct(string $package = '', string $version = '', string $newName = '')
+    {
+        $this->package = $package;
+        $this->version = $version;
+        $this->newName = $newName;
+    }
+
+    public function getPackage(): string
+    {
+        return $this->package;
+    }
+
+    public function getVersion(): string
+    {
+        return $this->version;
+    }
+
+    public function getNewName(): string
+    {
+        return $this->newName;
+    }
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/Node.php b/data/web/inc/lib/vendor/twig/twig/src/Node/Node.php
index c0558b9af..2ccbcf610 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/Node.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/Node.php
@@ -12,6 +12,7 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 use Twig\Source;
 
@@ -20,61 +21,82 @@ use Twig\Source;
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class Node implements \Countable, \IteratorAggregate
 {
+    /**
+     * @var array<string|int, Node>
+     */
     protected $nodes;
     protected $attributes;
     protected $lineno;
     protected $tag;
 
-    private $name;
     private $sourceContext;
+    /** @var array<string, NameDeprecation> */
+    private $nodeNameDeprecations = [];
+    /** @var array<string, NameDeprecation> */
+    private $attributeNameDeprecations = [];
 
     /**
-     * @param array  $nodes      An array of named nodes
-     * @param array  $attributes An array of attributes (should not be nodes)
-     * @param int    $lineno     The line number
-     * @param string $tag        The tag name associated with the Node
+     * @param array<string|int, Node> $nodes      An array of named nodes
+     * @param array                   $attributes An array of attributes (should not be nodes)
+     * @param int                     $lineno     The line number
      */
-    public function __construct(array $nodes = [], array $attributes = [], int $lineno = 0, string $tag = null)
+    public function __construct(array $nodes = [], array $attributes = [], int $lineno = 0)
     {
         foreach ($nodes as $name => $node) {
             if (!$node instanceof self) {
-                throw new \InvalidArgumentException(sprintf('Using "%s" for the value of node "%s" of "%s" is not supported. You must pass a \Twig\Node\Node instance.', \is_object($node) ? \get_class($node) : (null === $node ? 'null' : \gettype($node)), $name, static::class));
+                throw new \InvalidArgumentException(\sprintf('Using "%s" for the value of node "%s" of "%s" is not supported. You must pass a \Twig\Node\Node instance.', \is_object($node) ? $node::class : (null === $node ? 'null' : \gettype($node)), $name, static::class));
             }
         }
         $this->nodes = $nodes;
         $this->attributes = $attributes;
         $this->lineno = $lineno;
-        $this->tag = $tag;
+
+        if (\func_num_args() > 3) {
+            trigger_deprecation('twig/twig', '3.12', \sprintf('The "tag" constructor argument of the "%s" class is deprecated and ignored (check which TokenParser class set it to "%s"), the tag is now automatically set by the Parser when needed.', static::class, func_get_arg(3) ?: 'null'));
+        }
     }
 
     public function __toString()
     {
-        $attributes = [];
-        foreach ($this->attributes as $name => $value) {
-            $attributes[] = sprintf('%s: %s', $name, str_replace("\n", '', var_export($value, true)));
+        $repr = static::class;
+
+        if ($this->tag) {
+            $repr .= \sprintf("\n  tag: %s", $this->tag);
         }
 
-        $repr = [static::class.'('.implode(', ', $attributes)];
+        $attributes = [];
+        foreach ($this->attributes as $name => $value) {
+            if (\is_callable($value)) {
+                $v = '\Closure';
+            } elseif ($value instanceof \Stringable) {
+                $v = (string) $value;
+            } else {
+                $v = str_replace("\n", '', var_export($value, true));
+            }
+            $attributes[] = \sprintf('%s: %s', $name, $v);
+        }
+
+        if ($attributes) {
+            $repr .= \sprintf("\n  attributes:\n    %s", implode("\n    ", $attributes));
+        }
 
         if (\count($this->nodes)) {
+            $repr .= "\n  nodes:";
             foreach ($this->nodes as $name => $node) {
-                $len = \strlen($name) + 4;
+                $len = \strlen($name) + 6;
                 $noderepr = [];
                 foreach (explode("\n", (string) $node) as $line) {
                     $noderepr[] = str_repeat(' ', $len).$line;
                 }
 
-                $repr[] = sprintf('  %s: %s', $name, ltrim(implode("\n", $noderepr)));
+                $repr .= \sprintf("\n    %s: %s", $name, ltrim(implode("\n", $noderepr)));
             }
-
-            $repr[] = ')';
-        } else {
-            $repr[0] .= ')';
         }
 
-        return implode("\n", $repr);
+        return $repr;
     }
 
     /**
@@ -83,7 +105,7 @@ class Node implements \Countable, \IteratorAggregate
     public function compile(Compiler $compiler)
     {
         foreach ($this->nodes as $node) {
-            $node->compile($compiler);
+            $compiler->subcompile($node);
         }
     }
 
@@ -97,6 +119,18 @@ class Node implements \Countable, \IteratorAggregate
         return $this->tag;
     }
 
+    /**
+     * @internal
+     */
+    public function setNodeTag(string $tag): void
+    {
+        if ($this->tag) {
+            throw new \LogicException('The tag of a node can only be set once.');
+        }
+
+        $this->tag = $tag;
+    }
+
     public function hasAttribute(string $name): bool
     {
         return \array_key_exists($name, $this->attributes);
@@ -105,7 +139,17 @@ class Node implements \Countable, \IteratorAggregate
     public function getAttribute(string $name)
     {
         if (!\array_key_exists($name, $this->attributes)) {
-            throw new \LogicException(sprintf('Attribute "%s" does not exist for Node "%s".', $name, static::class));
+            throw new \LogicException(\sprintf('Attribute "%s" does not exist for Node "%s".', $name, static::class));
+        }
+
+        $triggerDeprecation = \func_num_args() > 1 ? func_get_arg(1) : true;
+        if ($triggerDeprecation && isset($this->attributeNameDeprecations[$name])) {
+            $dep = $this->attributeNameDeprecations[$name];
+            if ($dep->getNewName()) {
+                trigger_deprecation($dep->getPackage(), $dep->getVersion(), 'Getting attribute "%s" on a "%s" class is deprecated, get the "%s" attribute instead.', $name, static::class, $dep->getNewName());
+            } else {
+                trigger_deprecation($dep->getPackage(), $dep->getVersion(), 'Getting attribute "%s" on a "%s" class is deprecated.', $name, static::class);
+            }
         }
 
         return $this->attributes[$name];
@@ -113,38 +157,96 @@ class Node implements \Countable, \IteratorAggregate
 
     public function setAttribute(string $name, $value): void
     {
+        $triggerDeprecation = \func_num_args() > 2 ? func_get_arg(2) : true;
+        if ($triggerDeprecation && isset($this->attributeNameDeprecations[$name])) {
+            $dep = $this->attributeNameDeprecations[$name];
+            if ($dep->getNewName()) {
+                trigger_deprecation($dep->getPackage(), $dep->getVersion(), 'Setting attribute "%s" on a "%s" class is deprecated, set the "%s" attribute instead.', $name, static::class, $dep->getNewName());
+            } else {
+                trigger_deprecation($dep->getPackage(), $dep->getVersion(), 'Setting attribute "%s" on a "%s" class is deprecated.', $name, static::class);
+            }
+        }
+
         $this->attributes[$name] = $value;
     }
 
+    public function deprecateAttribute(string $name, NameDeprecation $dep): void
+    {
+        $this->attributeNameDeprecations[$name] = $dep;
+    }
+
     public function removeAttribute(string $name): void
     {
         unset($this->attributes[$name]);
     }
 
+    /**
+     * @param string|int $name
+     */
     public function hasNode(string $name): bool
     {
         return isset($this->nodes[$name]);
     }
 
+    /**
+     * @param string|int $name
+     */
     public function getNode(string $name): self
     {
         if (!isset($this->nodes[$name])) {
-            throw new \LogicException(sprintf('Node "%s" does not exist for Node "%s".', $name, static::class));
+            throw new \LogicException(\sprintf('Node "%s" does not exist for Node "%s".', $name, static::class));
+        }
+
+        $triggerDeprecation = \func_num_args() > 1 ? func_get_arg(1) : true;
+        if ($triggerDeprecation && isset($this->nodeNameDeprecations[$name])) {
+            $dep = $this->nodeNameDeprecations[$name];
+            if ($dep->getNewName()) {
+                trigger_deprecation($dep->getPackage(), $dep->getVersion(), 'Getting node "%s" on a "%s" class is deprecated, get the "%s" node instead.', $name, static::class, $dep->getNewName());
+            } else {
+                trigger_deprecation($dep->getPackage(), $dep->getVersion(), 'Getting node "%s" on a "%s" class is deprecated.', $name, static::class);
+            }
         }
 
         return $this->nodes[$name];
     }
 
+    /**
+     * @param string|int $name
+     */
     public function setNode(string $name, self $node): void
     {
+        $triggerDeprecation = \func_num_args() > 2 ? func_get_arg(2) : true;
+        if ($triggerDeprecation && isset($this->nodeNameDeprecations[$name])) {
+            $dep = $this->nodeNameDeprecations[$name];
+            if ($dep->getNewName()) {
+                trigger_deprecation($dep->getPackage(), $dep->getVersion(), 'Setting node "%s" on a "%s" class is deprecated, set the "%s" node instead.', $name, static::class, $dep->getNewName());
+            } else {
+                trigger_deprecation($dep->getPackage(), $dep->getVersion(), 'Setting node "%s" on a "%s" class is deprecated.', $name, static::class);
+            }
+        }
+
+        if (null !== $this->sourceContext) {
+            $node->setSourceContext($this->sourceContext);
+        }
         $this->nodes[$name] = $node;
     }
 
+    /**
+     * @param string|int $name
+     */
     public function removeNode(string $name): void
     {
         unset($this->nodes[$name]);
     }
 
+    /**
+     * @param string|int $name
+     */
+    public function deprecateNode(string $name, NameDeprecation $dep): void
+    {
+        $this->nodeNameDeprecations[$name] = $dep;
+    }
+
     /**
      * @return int
      */
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/PrintNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/PrintNode.php
index 60386d299..e3c23bbfa 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/PrintNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/PrintNode.php
@@ -12,6 +12,7 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 use Twig\Node\Expression\AbstractExpression;
 
@@ -20,19 +21,23 @@ use Twig\Node\Expression\AbstractExpression;
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class PrintNode extends Node implements NodeOutputInterface
 {
-    public function __construct(AbstractExpression $expr, int $lineno, string $tag = null)
+    public function __construct(AbstractExpression $expr, int $lineno)
     {
-        parent::__construct(['expr' => $expr], [], $lineno, $tag);
+        parent::__construct(['expr' => $expr], [], $lineno);
     }
 
     public function compile(Compiler $compiler): void
     {
+        /** @var AbstractExpression */
+        $expr = $this->getNode('expr');
+
         $compiler
             ->addDebugInfo($this)
-            ->write('echo ')
-            ->subcompile($this->getNode('expr'))
+            ->write($expr->isGenerator() ? 'yield from ' : 'yield ')
+            ->subcompile($expr)
             ->raw(";\n")
         ;
     }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/SandboxNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/SandboxNode.php
index 4d5666bff..d51cea44b 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/SandboxNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/SandboxNode.php
@@ -11,6 +11,7 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 
 /**
@@ -18,11 +19,12 @@ use Twig\Compiler;
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class SandboxNode extends Node
 {
-    public function __construct(Node $body, int $lineno, string $tag = null)
+    public function __construct(Node $body, int $lineno)
     {
-        parent::__construct(['body' => $body], [], $lineno, $tag);
+        parent::__construct(['body' => $body], [], $lineno);
     }
 
     public function compile(Compiler $compiler): void
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/SetNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/SetNode.php
index 96b6bd8bf..67725104e 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/SetNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/SetNode.php
@@ -11,6 +11,7 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 use Twig\Node\Expression\ConstantExpression;
 
@@ -19,26 +20,28 @@ use Twig\Node\Expression\ConstantExpression;
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class SetNode extends Node implements NodeCaptureInterface
 {
-    public function __construct(bool $capture, Node $names, Node $values, int $lineno, string $tag = null)
+    public function __construct(bool $capture, Node $names, Node $values, int $lineno)
     {
-        parent::__construct(['names' => $names, 'values' => $values], ['capture' => $capture, 'safe' => false], $lineno, $tag);
-
         /*
          * Optimizes the node when capture is used for a large block of text.
          *
          * {% set foo %}foo{% endset %} is compiled to $context['foo'] = new Twig\Markup("foo");
          */
-        if ($this->getAttribute('capture')) {
-            $this->setAttribute('safe', true);
-
-            $values = $this->getNode('values');
+        $safe = false;
+        if ($capture) {
+            $safe = true;
             if ($values instanceof TextNode) {
-                $this->setNode('values', new ConstantExpression($values->getAttribute('data'), $values->getTemplateLine()));
-                $this->setAttribute('capture', false);
+                $values = new ConstantExpression($values->getAttribute('data'), $values->getTemplateLine());
+                $capture = false;
+            } else {
+                $values = new CaptureNode($values, $values->getTemplateLine());
             }
         }
+
+        parent::__construct(['names' => $names, 'values' => $values], ['capture' => $capture, 'safe' => $safe], $lineno);
     }
 
     public function compile(Compiler $compiler): void
@@ -46,7 +49,7 @@ class SetNode extends Node implements NodeCaptureInterface
         $compiler->addDebugInfo($this);
 
         if (\count($this->getNode('names')) > 1) {
-            $compiler->write('list(');
+            $compiler->write('[');
             foreach ($this->getNode('names') as $idx => $node) {
                 if ($idx) {
                     $compiler->raw(', ');
@@ -54,29 +57,15 @@ class SetNode extends Node implements NodeCaptureInterface
 
                 $compiler->subcompile($node);
             }
-            $compiler->raw(')');
+            $compiler->raw(']');
         } else {
-            if ($this->getAttribute('capture')) {
-                if ($compiler->getEnvironment()->isDebug()) {
-                    $compiler->write("ob_start();\n");
-                } else {
-                    $compiler->write("ob_start(function () { return ''; });\n");
-                }
-                $compiler
-                    ->subcompile($this->getNode('values'))
-                ;
-            }
-
             $compiler->subcompile($this->getNode('names'), false);
-
-            if ($this->getAttribute('capture')) {
-                $compiler->raw(" = ('' === \$tmp = ob_get_clean()) ? '' : new Markup(\$tmp, \$this->env->getCharset())");
-            }
         }
+        $compiler->raw(' = ');
 
-        if (!$this->getAttribute('capture')) {
-            $compiler->raw(' = ');
-
+        if ($this->getAttribute('capture')) {
+            $compiler->subcompile($this->getNode('values'));
+        } else {
             if (\count($this->getNode('names')) > 1) {
                 $compiler->write('[');
                 foreach ($this->getNode('values') as $idx => $value) {
@@ -98,8 +87,10 @@ class SetNode extends Node implements NodeCaptureInterface
                     $compiler->subcompile($this->getNode('values'));
                 }
             }
+
+            $compiler->raw(';');
         }
 
-        $compiler->raw(";\n");
+        $compiler->raw("\n");
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/TextNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/TextNode.php
index d74ebe630..fae65fb2c 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/TextNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/TextNode.php
@@ -12,6 +12,7 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 
 /**
@@ -19,6 +20,7 @@ use Twig\Compiler;
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class TextNode extends Node implements NodeOutputInterface
 {
     public function __construct(string $data, int $lineno)
@@ -28,9 +30,10 @@ class TextNode extends Node implements NodeOutputInterface
 
     public function compile(Compiler $compiler): void
     {
+        $compiler->addDebugInfo($this);
+
         $compiler
-            ->addDebugInfo($this)
-            ->write('echo ')
+            ->write('yield ')
             ->string($this->getAttribute('data'))
             ->raw(";\n")
         ;
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/TypesNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/TypesNode.php
new file mode 100644
index 000000000..ebb304d49
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/TypesNode.php
@@ -0,0 +1,28 @@
+<?php
+
+namespace Twig\Node;
+
+use Twig\Attribute\YieldReady;
+use Twig\Compiler;
+
+/**
+ * Represents a types node.
+ *
+ * @author Jeroen Versteeg <jeroen@alisqi.com>
+ */
+#[YieldReady]
+class TypesNode extends Node
+{
+    /**
+     * @param array<string, array{type: string, optional: bool}> $types
+     */
+    public function __construct(array $types, int $lineno)
+    {
+        parent::__construct([], ['mapping' => $types], $lineno);
+    }
+
+    public function compile(Compiler $compiler)
+    {
+        // Don't compile anything.
+    }
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Node/WithNode.php b/data/web/inc/lib/vendor/twig/twig/src/Node/WithNode.php
index 56a334496..487e2800b 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Node/WithNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Node/WithNode.php
@@ -11,6 +11,7 @@
 
 namespace Twig\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 
 /**
@@ -18,16 +19,17 @@ use Twig\Compiler;
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class WithNode extends Node
 {
-    public function __construct(Node $body, ?Node $variables, bool $only, int $lineno, string $tag = null)
+    public function __construct(Node $body, ?Node $variables, bool $only, int $lineno)
     {
         $nodes = ['body' => $body];
         if (null !== $variables) {
             $nodes['variables'] = $variables;
         }
 
-        parent::__construct($nodes, ['only' => $only], $lineno, $tag);
+        parent::__construct($nodes, ['only' => $only], $lineno);
     }
 
     public function compile(Compiler $compiler): void
@@ -36,35 +38,35 @@ class WithNode extends Node
 
         $parentContextName = $compiler->getVarName();
 
-        $compiler->write(sprintf("\$%s = \$context;\n", $parentContextName));
+        $compiler->write(\sprintf("\$%s = \$context;\n", $parentContextName));
 
         if ($this->hasNode('variables')) {
             $node = $this->getNode('variables');
             $varsName = $compiler->getVarName();
             $compiler
-                ->write(sprintf('$%s = ', $varsName))
+                ->write(\sprintf('$%s = ', $varsName))
                 ->subcompile($node)
                 ->raw(";\n")
-                ->write(sprintf("if (!twig_test_iterable(\$%s)) {\n", $varsName))
+                ->write(\sprintf("if (!is_iterable(\$%s)) {\n", $varsName))
                 ->indent()
-                ->write("throw new RuntimeError('Variables passed to the \"with\" tag must be a hash.', ")
+                ->write("throw new RuntimeError('Variables passed to the \"with\" tag must be a mapping.', ")
                 ->repr($node->getTemplateLine())
                 ->raw(", \$this->getSourceContext());\n")
                 ->outdent()
                 ->write("}\n")
-                ->write(sprintf("\$%s = twig_to_array(\$%s);\n", $varsName, $varsName))
+                ->write(\sprintf("\$%s = CoreExtension::toArray(\$%s);\n", $varsName, $varsName))
             ;
 
             if ($this->getAttribute('only')) {
                 $compiler->write("\$context = [];\n");
             }
 
-            $compiler->write(sprintf("\$context = \$this->env->mergeGlobals(array_merge(\$context, \$%s));\n", $varsName));
+            $compiler->write(\sprintf("\$context = \$%s + \$context + \$this->env->getGlobals();\n", $varsName));
         }
 
         $compiler
             ->subcompile($this->getNode('body'))
-            ->write(sprintf("\$context = \$%s;\n", $parentContextName))
+            ->write(\sprintf("\$context = \$%s;\n", $parentContextName))
         ;
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/AbstractNodeVisitor.php b/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/AbstractNodeVisitor.php
index d7036ae55..5de35fd09 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/AbstractNodeVisitor.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/AbstractNodeVisitor.php
@@ -17,9 +17,9 @@ use Twig\Node\Node;
 /**
  * Used to make node visitors compatible with Twig 1.x and 2.x.
  *
- * To be removed in Twig 3.1.
- *
  * @author Fabien Potencier <fabien@symfony.com>
+ *
+ * @deprecated since 3.9 (to be removed in 4.0)
  */
 abstract class AbstractNodeVisitor implements NodeVisitorInterface
 {
diff --git a/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/EscaperNodeVisitor.php b/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/EscaperNodeVisitor.php
index fe56ea307..32f49ab1e 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/EscaperNodeVisitor.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/EscaperNodeVisitor.php
@@ -57,7 +57,7 @@ final class EscaperNodeVisitor implements NodeVisitorInterface
         } elseif ($node instanceof AutoEscapeNode) {
             $this->statusStack[] = $node->getAttribute('value');
         } elseif ($node instanceof BlockNode) {
-            $this->statusStack[] = isset($this->blocks[$node->getAttribute('name')]) ? $this->blocks[$node->getAttribute('name')] : $this->needEscaping($env);
+            $this->statusStack[] = $this->blocks[$node->getAttribute('name')] ?? $this->needEscaping();
         } elseif ($node instanceof ImportNode) {
             $this->safeVars[] = $node->getNode('var')->getAttribute('name');
         }
@@ -73,7 +73,7 @@ final class EscaperNodeVisitor implements NodeVisitorInterface
             $this->blocks = [];
         } elseif ($node instanceof FilterExpression) {
             return $this->preEscapeFilterNode($node, $env);
-        } elseif ($node instanceof PrintNode && false !== $type = $this->needEscaping($env)) {
+        } elseif ($node instanceof PrintNode && false !== $type = $this->needEscaping()) {
             $expression = $node->getNode('expr');
             if ($expression instanceof ConditionalExpression && $this->shouldUnwrapConditional($expression, $env, $type)) {
                 return new DoNode($this->unwrapConditional($expression, $env, $type), $expression->getTemplateLine());
@@ -85,7 +85,7 @@ final class EscaperNodeVisitor implements NodeVisitorInterface
         if ($node instanceof AutoEscapeNode || $node instanceof BlockNode) {
             array_pop($this->statusStack);
         } elseif ($node instanceof BlockReferenceNode) {
-            $this->blocks[$node->getAttribute('name')] = $this->needEscaping($env);
+            $this->blocks[$node->getAttribute('name')] = $this->needEscaping();
         }
 
         return $node;
@@ -126,15 +126,11 @@ final class EscaperNodeVisitor implements NodeVisitorInterface
             return $node;
         }
 
-        return new InlinePrint($this->getEscaperFilter($type, $expression), $node->getTemplateLine());
+        return new InlinePrint($this->getEscaperFilter($env, $type, $expression), $node->getTemplateLine());
     }
 
     private function escapePrintNode(PrintNode $node, Environment $env, string $type): Node
     {
-        if (false === $type) {
-            return $node;
-        }
-
         $expression = $node->getNode('expr');
 
         if ($this->isSafeFor($type, $expression, $env)) {
@@ -143,14 +139,19 @@ final class EscaperNodeVisitor implements NodeVisitorInterface
 
         $class = \get_class($node);
 
-        return new $class($this->getEscaperFilter($type, $expression), $node->getTemplateLine());
+        return new $class($this->getEscaperFilter($env, $type, $expression), $node->getTemplateLine());
     }
 
     private function preEscapeFilterNode(FilterExpression $filter, Environment $env): FilterExpression
     {
-        $name = $filter->getNode('filter')->getAttribute('value');
+        if ($filter->hasAttribute('twig_callable')) {
+            $type = $filter->getAttribute('twig_callable')->getPreEscape();
+        } else {
+            // legacy
+            $name = $filter->getNode('filter', false)->getAttribute('value');
+            $type = $env->getFilter($name)->getPreEscape();
+        }
 
-        $type = $env->getFilter($name)->getPreEscape();
         if (null === $type) {
             return $filter;
         }
@@ -160,7 +161,7 @@ final class EscaperNodeVisitor implements NodeVisitorInterface
             return $filter;
         }
 
-        $filter->setNode('node', $this->getEscaperFilter($type, $node));
+        $filter->setNode('node', $this->getEscaperFilter($env, $type, $node));
 
         return $filter;
     }
@@ -183,22 +184,22 @@ final class EscaperNodeVisitor implements NodeVisitorInterface
         return \in_array($type, $safe) || \in_array('all', $safe);
     }
 
-    private function needEscaping(Environment $env)
+    private function needEscaping()
     {
         if (\count($this->statusStack)) {
             return $this->statusStack[\count($this->statusStack) - 1];
         }
 
-        return $this->defaultStrategy ? $this->defaultStrategy : false;
+        return $this->defaultStrategy ?: false;
     }
 
-    private function getEscaperFilter(string $type, Node $node): FilterExpression
+    private function getEscaperFilter(Environment $env, string $type, Node $node): FilterExpression
     {
         $line = $node->getTemplateLine();
-        $name = new ConstantExpression('escape', $line);
+        $filter = $env->getFilter('escape');
         $args = new Node([new ConstantExpression($type, $line), new ConstantExpression(null, $line), new ConstantExpression(true, $line)]);
 
-        return new FilterExpression($node, $name, $args, $line);
+        return new FilterExpression($node, $filter, $args, $line);
     }
 
     public function getPriority(): int
diff --git a/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/MacroAutoImportNodeVisitor.php b/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/MacroAutoImportNodeVisitor.php
index af477e653..01d5a997f 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/MacroAutoImportNodeVisitor.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/MacroAutoImportNodeVisitor.php
@@ -46,14 +46,14 @@ final class MacroAutoImportNodeVisitor implements NodeVisitorInterface
         if ($node instanceof ModuleNode) {
             $this->inAModule = false;
             if ($this->hasMacroCalls) {
-                $node->getNode('constructor_end')->setNode('_auto_macro_import', new ImportNode(new NameExpression('_self', 0), new AssignNameExpression('_self', 0), 0, 'import', true));
+                $node->getNode('constructor_end')->setNode('_auto_macro_import', new ImportNode(new NameExpression('_self', 0), new AssignNameExpression('_self', 0), 0, true));
             }
         } elseif ($this->inAModule) {
             if (
-                $node instanceof GetAttrExpression &&
-                $node->getNode('node') instanceof NameExpression &&
-                '_self' === $node->getNode('node')->getAttribute('name') &&
-                $node->getNode('attribute') instanceof ConstantExpression
+                $node instanceof GetAttrExpression
+                && $node->getNode('node') instanceof NameExpression
+                && '_self' === $node->getNode('node')->getAttribute('name')
+                && $node->getNode('attribute') instanceof ConstantExpression
             ) {
                 $this->hasMacroCalls = true;
 
diff --git a/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/OptimizerNodeVisitor.php b/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/OptimizerNodeVisitor.php
index 7ac75e41a..a943f45c3 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/OptimizerNodeVisitor.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/OptimizerNodeVisitor.php
@@ -15,7 +15,6 @@ use Twig\Environment;
 use Twig\Node\BlockReferenceNode;
 use Twig\Node\Expression\BlockReferenceExpression;
 use Twig\Node\Expression\ConstantExpression;
-use Twig\Node\Expression\FilterExpression;
 use Twig\Node\Expression\FunctionExpression;
 use Twig\Node\Expression\GetAttrExpression;
 use Twig\Node\Expression\NameExpression;
@@ -24,6 +23,7 @@ use Twig\Node\ForNode;
 use Twig\Node\IncludeNode;
 use Twig\Node\Node;
 use Twig\Node\PrintNode;
+use Twig\Node\TextNode;
 
 /**
  * Tries to optimize the AST.
@@ -43,27 +43,34 @@ final class OptimizerNodeVisitor implements NodeVisitorInterface
     public const OPTIMIZE_NONE = 0;
     public const OPTIMIZE_FOR = 2;
     public const OPTIMIZE_RAW_FILTER = 4;
+    public const OPTIMIZE_TEXT_NODES = 8;
 
     private $loops = [];
     private $loopsTargets = [];
-    private $optimizers;
 
     /**
      * @param int $optimizers The optimizer mode
      */
-    public function __construct(int $optimizers = -1)
-    {
-        if ($optimizers > (self::OPTIMIZE_FOR | self::OPTIMIZE_RAW_FILTER)) {
-            throw new \InvalidArgumentException(sprintf('Optimizer mode "%s" is not valid.', $optimizers));
+    public function __construct(
+        private int $optimizers = -1,
+    ) {
+        if ($optimizers > (self::OPTIMIZE_FOR | self::OPTIMIZE_RAW_FILTER | self::OPTIMIZE_TEXT_NODES)) {
+            throw new \InvalidArgumentException(\sprintf('Optimizer mode "%s" is not valid.', $optimizers));
         }
 
-        $this->optimizers = $optimizers;
+        if (-1 !== $optimizers && self::OPTIMIZE_RAW_FILTER === (self::OPTIMIZE_RAW_FILTER & $optimizers)) {
+            trigger_deprecation('twig/twig', '3.11', 'The "Twig\NodeVisitor\OptimizerNodeVisitor::OPTIMIZE_RAW_FILTER" option is deprecated and does nothing.');
+        }
+
+        if (-1 !== $optimizers && self::OPTIMIZE_TEXT_NODES === (self::OPTIMIZE_TEXT_NODES & $optimizers)) {
+            trigger_deprecation('twig/twig', '3.12', 'The "Twig\NodeVisitor\OptimizerNodeVisitor::OPTIMIZE_TEXT_NODES" option is deprecated and does nothing.');
+        }
     }
 
     public function enterNode(Node $node, Environment $env): Node
     {
         if (self::OPTIMIZE_FOR === (self::OPTIMIZE_FOR & $this->optimizers)) {
-            $this->enterOptimizeFor($node, $env);
+            $this->enterOptimizeFor($node);
         }
 
         return $node;
@@ -72,14 +79,10 @@ final class OptimizerNodeVisitor implements NodeVisitorInterface
     public function leaveNode(Node $node, Environment $env): ?Node
     {
         if (self::OPTIMIZE_FOR === (self::OPTIMIZE_FOR & $this->optimizers)) {
-            $this->leaveOptimizeFor($node, $env);
+            $this->leaveOptimizeFor($node);
         }
 
-        if (self::OPTIMIZE_RAW_FILTER === (self::OPTIMIZE_RAW_FILTER & $this->optimizers)) {
-            $node = $this->optimizeRawFilter($node, $env);
-        }
-
-        $node = $this->optimizePrintNode($node, $env);
+        $node = $this->optimizePrintNode($node);
 
         return $node;
     }
@@ -91,16 +94,21 @@ final class OptimizerNodeVisitor implements NodeVisitorInterface
      *
      *   * "echo $this->render(Parent)Block()" with "$this->display(Parent)Block()"
      */
-    private function optimizePrintNode(Node $node, Environment $env): Node
+    private function optimizePrintNode(Node $node): Node
     {
         if (!$node instanceof PrintNode) {
             return $node;
         }
 
         $exprNode = $node->getNode('expr');
+
+        if ($exprNode instanceof ConstantExpression && \is_string($exprNode->getAttribute('value'))) {
+            return new TextNode($exprNode->getAttribute('value'), $exprNode->getTemplateLine());
+        }
+
         if (
-            $exprNode instanceof BlockReferenceExpression ||
-            $exprNode instanceof ParentExpression
+            $exprNode instanceof BlockReferenceExpression
+            || $exprNode instanceof ParentExpression
         ) {
             $exprNode->setAttribute('output', true);
 
@@ -110,22 +118,10 @@ final class OptimizerNodeVisitor implements NodeVisitorInterface
         return $node;
     }
 
-    /**
-     * Removes "raw" filters.
-     */
-    private function optimizeRawFilter(Node $node, Environment $env): Node
-    {
-        if ($node instanceof FilterExpression && 'raw' == $node->getNode('filter')->getAttribute('value')) {
-            return $node->getNode('node');
-        }
-
-        return $node;
-    }
-
     /**
      * Optimizes "for" tag by removing the "loop" variable creation whenever possible.
      */
-    private function enterOptimizeFor(Node $node, Environment $env): void
+    private function enterOptimizeFor(Node $node): void
     {
         if ($node instanceof ForNode) {
             // disable the loop variable by default
@@ -166,7 +162,7 @@ final class OptimizerNodeVisitor implements NodeVisitorInterface
             && 'include' === $node->getAttribute('name')
             && (!$node->getNode('arguments')->hasNode('with_context')
                  || false !== $node->getNode('arguments')->getNode('with_context')->getAttribute('value')
-               )
+            )
         ) {
             $this->addLoopToAll();
         }
@@ -175,12 +171,12 @@ final class OptimizerNodeVisitor implements NodeVisitorInterface
         elseif ($node instanceof GetAttrExpression
             && (!$node->getNode('attribute') instanceof ConstantExpression
                 || 'parent' === $node->getNode('attribute')->getAttribute('value')
-               )
+            )
             && (true === $this->loops[0]->getAttribute('with_loop')
-                || ($node->getNode('node') instanceof NameExpression
-                    && 'loop' === $node->getNode('node')->getAttribute('name')
-                   )
-               )
+             || ($node->getNode('node') instanceof NameExpression
+                 && 'loop' === $node->getNode('node')->getAttribute('name')
+             )
+            )
         ) {
             $this->addLoopToAll();
         }
@@ -189,7 +185,7 @@ final class OptimizerNodeVisitor implements NodeVisitorInterface
     /**
      * Optimizes "for" tag by removing the "loop" variable creation whenever possible.
      */
-    private function leaveOptimizeFor(Node $node, Environment $env): void
+    private function leaveOptimizeFor(Node $node): void
     {
         if ($node instanceof ForNode) {
             array_shift($this->loops);
diff --git a/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/SafeAnalysisNodeVisitor.php b/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/SafeAnalysisNodeVisitor.php
index 90d6f2e0f..07672164e 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/SafeAnalysisNodeVisitor.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/SafeAnalysisNodeVisitor.php
@@ -96,10 +96,15 @@ final class SafeAnalysisNodeVisitor implements NodeVisitorInterface
             $this->setSafe($node, $safe);
         } elseif ($node instanceof FilterExpression) {
             // filter expression is safe when the filter is safe
-            $name = $node->getNode('filter')->getAttribute('value');
-            $args = $node->getNode('arguments');
-            if ($filter = $env->getFilter($name)) {
-                $safe = $filter->getSafe($args);
+            if ($node->hasAttribute('twig_callable')) {
+                $filter = $node->getAttribute('twig_callable');
+            } else {
+                // legacy
+                $filter = $env->getFilter($node->getAttribute('name'));
+            }
+
+            if ($filter) {
+                $safe = $filter->getSafe($node->getNode('arguments'));
                 if (null === $safe) {
                     $safe = $this->intersectSafe($this->getSafe($node->getNode('node')), $filter->getPreservesSafety());
                 }
@@ -109,10 +114,15 @@ final class SafeAnalysisNodeVisitor implements NodeVisitorInterface
             }
         } elseif ($node instanceof FunctionExpression) {
             // function expression is safe when the function is safe
-            $name = $node->getAttribute('name');
-            $args = $node->getNode('arguments');
-            if ($function = $env->getFunction($name)) {
-                $this->setSafe($node, $function->getSafe($args));
+            if ($node->hasAttribute('twig_callable')) {
+                $function = $node->getAttribute('twig_callable');
+            } else {
+                // legacy
+                $function = $env->getFunction($node->getAttribute('name'));
+            }
+
+            if ($function) {
+                $this->setSafe($node, $function->getSafe($node->getNode('arguments')));
             } else {
                 $this->setSafe($node, []);
             }
@@ -136,7 +146,7 @@ final class SafeAnalysisNodeVisitor implements NodeVisitorInterface
         return $node;
     }
 
-    private function intersectSafe(array $a = null, array $b = null): array
+    private function intersectSafe(?array $a = null, ?array $b = null): array
     {
         if (null === $a || null === $b) {
             return [];
diff --git a/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/SandboxNodeVisitor.php b/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/SandboxNodeVisitor.php
index 1446cee6b..37e184a3e 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/SandboxNodeVisitor.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/SandboxNodeVisitor.php
@@ -34,8 +34,11 @@ use Twig\Node\SetNode;
 final class SandboxNodeVisitor implements NodeVisitorInterface
 {
     private $inAModule = false;
+    /** @var array<string, int> */
     private $tags;
+    /** @var array<string, int> */
     private $filters;
+    /** @var array<string, int> */
     private $functions;
     private $needsToStringWrap = false;
 
@@ -51,22 +54,22 @@ final class SandboxNodeVisitor implements NodeVisitorInterface
         } elseif ($this->inAModule) {
             // look for tags
             if ($node->getNodeTag() && !isset($this->tags[$node->getNodeTag()])) {
-                $this->tags[$node->getNodeTag()] = $node;
+                $this->tags[$node->getNodeTag()] = $node->getTemplateLine();
             }
 
             // look for filters
-            if ($node instanceof FilterExpression && !isset($this->filters[$node->getNode('filter')->getAttribute('value')])) {
-                $this->filters[$node->getNode('filter')->getAttribute('value')] = $node;
+            if ($node instanceof FilterExpression && !isset($this->filters[$node->getAttribute('name')])) {
+                $this->filters[$node->getAttribute('name')] = $node->getTemplateLine();
             }
 
             // look for functions
             if ($node instanceof FunctionExpression && !isset($this->functions[$node->getAttribute('name')])) {
-                $this->functions[$node->getAttribute('name')] = $node;
+                $this->functions[$node->getAttribute('name')] = $node->getTemplateLine();
             }
 
             // the .. operator is equivalent to the range() function
             if ($node instanceof RangeBinary && !isset($this->functions['range'])) {
-                $this->functions['range'] = $node;
+                $this->functions['range'] = $node->getTemplateLine();
             }
 
             if ($node instanceof PrintNode) {
@@ -116,7 +119,7 @@ final class SandboxNodeVisitor implements NodeVisitorInterface
     private function wrapNode(Node $node, string $name): void
     {
         $expr = $node->getNode($name);
-        if ($expr instanceof NameExpression || $expr instanceof GetAttrExpression) {
+        if (($expr instanceof NameExpression || $expr instanceof GetAttrExpression) && !$expr->isGenerator()) {
             $node->setNode($name, new CheckToStringNode($expr));
         }
     }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/YieldNotReadyNodeVisitor.php b/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/YieldNotReadyNodeVisitor.php
new file mode 100644
index 000000000..4b190b414
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/NodeVisitor/YieldNotReadyNodeVisitor.php
@@ -0,0 +1,59 @@
+<?php
+
+/*
+ * This file is part of Twig.
+ *
+ * (c) Fabien Potencier
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Twig\NodeVisitor;
+
+use Twig\Attribute\YieldReady;
+use Twig\Environment;
+use Twig\Node\Expression\AbstractExpression;
+use Twig\Node\Node;
+
+/**
+ * @internal to be removed in Twig 4
+ */
+final class YieldNotReadyNodeVisitor implements NodeVisitorInterface
+{
+    private $yieldReadyNodes = [];
+
+    public function __construct(
+        private bool $useYield,
+    ) {
+    }
+
+    public function enterNode(Node $node, Environment $env): Node
+    {
+        $class = \get_class($node);
+
+        if ($node instanceof AbstractExpression || isset($this->yieldReadyNodes[$class])) {
+            return $node;
+        }
+
+        if (!$this->yieldReadyNodes[$class] = (bool) (new \ReflectionClass($class))->getAttributes(YieldReady::class)) {
+            if ($this->useYield) {
+                throw new \LogicException(\sprintf('You cannot enable the "use_yield" option of Twig as node "%s" is not marked as ready for it; please make it ready and then flag it with the #[YieldReady] attribute.', $class));
+            }
+
+            trigger_deprecation('twig/twig', '3.9', 'Twig node "%s" is not marked as ready for using "yield" instead of "echo"; please make it ready and then flag it with the #[YieldReady] attribute.', $class);
+        }
+
+        return $node;
+    }
+
+    public function leaveNode(Node $node, Environment $env): ?Node
+    {
+        return $node;
+    }
+
+    public function getPriority(): int
+    {
+        return 255;
+    }
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Parser.php b/data/web/inc/lib/vendor/twig/twig/src/Parser.php
index 4428208fe..40370bb1b 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Parser.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Parser.php
@@ -25,6 +25,7 @@ use Twig\Node\NodeOutputInterface;
 use Twig\Node\PrintNode;
 use Twig\Node\TextNode;
 use Twig\TokenParser\TokenParserInterface;
+use Twig\Util\ReflectionCallable;
 
 /**
  * @author Fabien Potencier <fabien@symfony.com>
@@ -39,20 +40,19 @@ class Parser
     private $blocks;
     private $blockStack;
     private $macros;
-    private $env;
     private $importedSymbols;
     private $traits;
     private $embeddedTemplates = [];
     private $varNameSalt = 0;
 
-    public function __construct(Environment $env)
-    {
-        $this->env = $env;
+    public function __construct(
+        private Environment $env,
+    ) {
     }
 
     public function getVarName(): string
     {
-        return sprintf('__internal_parse_%d', $this->varNameSalt++);
+        return \sprintf('__internal_parse_%d', $this->varNameSalt++);
     }
 
     public function parse(TokenStream $stream, $test = null, bool $dropNeedle = false): ModuleNode
@@ -91,7 +91,7 @@ class Parser
             }
 
             if (!$e->getTemplateLine()) {
-                $e->setTemplateLine($this->stream->getCurrent()->getLine());
+                $e->setTemplateLine($this->getCurrentToken()->getLine());
             }
 
             throw $e;
@@ -101,6 +101,9 @@ class Parser
 
         $traverser = new NodeTraverser($this->env, $this->visitors);
 
+        /**
+         * @var ModuleNode $node
+         */
         $node = $traverser->traverse($node);
 
         // restore previous stack so previous parse() call can resume working
@@ -117,23 +120,23 @@ class Parser
         $rv = [];
         while (!$this->stream->isEOF()) {
             switch ($this->getCurrentToken()->getType()) {
-                case /* Token::TEXT_TYPE */ 0:
+                case Token::TEXT_TYPE:
                     $token = $this->stream->next();
                     $rv[] = new TextNode($token->getValue(), $token->getLine());
                     break;
 
-                case /* Token::VAR_START_TYPE */ 2:
+                case Token::VAR_START_TYPE:
                     $token = $this->stream->next();
                     $expr = $this->expressionParser->parseExpression();
-                    $this->stream->expect(/* Token::VAR_END_TYPE */ 4);
+                    $this->stream->expect(Token::VAR_END_TYPE);
                     $rv[] = new PrintNode($expr, $token->getLine());
                     break;
 
-                case /* Token::BLOCK_START_TYPE */ 1:
+                case Token::BLOCK_START_TYPE:
                     $this->stream->next();
                     $token = $this->getCurrentToken();
 
-                    if (/* Token::NAME_TYPE */ 5 !== $token->getType()) {
+                    if (Token::NAME_TYPE !== $token->getType()) {
                         throw new SyntaxError('A block must start with a tag name.', $token->getLine(), $this->stream->getSourceContext());
                     }
 
@@ -151,13 +154,14 @@ class Parser
 
                     if (!$subparser = $this->env->getTokenParser($token->getValue())) {
                         if (null !== $test) {
-                            $e = new SyntaxError(sprintf('Unexpected "%s" tag', $token->getValue()), $token->getLine(), $this->stream->getSourceContext());
+                            $e = new SyntaxError(\sprintf('Unexpected "%s" tag', $token->getValue()), $token->getLine(), $this->stream->getSourceContext());
 
-                            if (\is_array($test) && isset($test[0]) && $test[0] instanceof TokenParserInterface) {
-                                $e->appendMessage(sprintf(' (expecting closing tag for the "%s" tag defined near line %s).', $test[0]->getTag(), $lineno));
+                            $callable = (new ReflectionCallable(new TwigTest('decision', $test)))->getCallable();
+                            if (\is_array($callable) && $callable[0] instanceof TokenParserInterface) {
+                                $e->appendMessage(\sprintf(' (expecting closing tag for the "%s" tag defined near line %s).', $callable[0]->getTag(), $lineno));
                             }
                         } else {
-                            $e = new SyntaxError(sprintf('Unknown "%s" tag.', $token->getValue()), $token->getLine(), $this->stream->getSourceContext());
+                            $e = new SyntaxError(\sprintf('Unknown "%s" tag.', $token->getValue()), $token->getLine(), $this->stream->getSourceContext());
                             $e->addSuggestions($token->getValue(), array_keys($this->env->getTokenParsers()));
                         }
 
@@ -168,13 +172,16 @@ class Parser
 
                     $subparser->setParser($this);
                     $node = $subparser->parse($token);
-                    if (null !== $node) {
+                    if (!$node) {
+                        trigger_deprecation('twig/twig', '3.12', 'Returning "null" from "%s" is deprecated and forbidden by "TokenParserInterface".', $subparser::class);
+                    } else {
+                        $node->setNodeTag($subparser->getTag());
                         $rv[] = $node;
                     }
                     break;
 
                 default:
-                    throw new SyntaxError('Lexer or parser ended up in unsupported state.', $this->getCurrentToken()->getLine(), $this->stream->getSourceContext());
+                    throw new SyntaxError('The lexer or the parser ended up in an unsupported state.', $this->getCurrentToken()->getLine(), $this->stream->getSourceContext());
             }
         }
 
@@ -187,6 +194,8 @@ class Parser
 
     public function getBlockStack(): array
     {
+        trigger_deprecation('twig/twig', '3.12', 'Method "%s()" is deprecated.', __METHOD__);
+
         return $this->blockStack;
     }
 
@@ -207,21 +216,31 @@ class Parser
 
     public function hasBlock(string $name): bool
     {
+        trigger_deprecation('twig/twig', '3.12', 'Method "%s()" is deprecated.', __METHOD__);
+
         return isset($this->blocks[$name]);
     }
 
     public function getBlock(string $name): Node
     {
+        trigger_deprecation('twig/twig', '3.12', 'Method "%s()" is deprecated.', __METHOD__);
+
         return $this->blocks[$name];
     }
 
     public function setBlock(string $name, BlockNode $value): void
     {
+        if (isset($this->blocks[$name])) {
+            throw new SyntaxError(\sprintf("The block '%s' has already been defined line %d.", $name, $this->blocks[$name]->getTemplateLine()), $this->getCurrentToken()->getLine(), $this->blocks[$name]->getSourceContext());
+        }
+
         $this->blocks[$name] = new BodyNode([$value], [], $value->getTemplateLine());
     }
 
     public function hasMacro(string $name): bool
     {
+        trigger_deprecation('twig/twig', '3.12', 'Method "%s()" is deprecated.', __METHOD__);
+
         return isset($this->macros[$name]);
     }
 
@@ -237,6 +256,8 @@ class Parser
 
     public function hasTraits(): bool
     {
+        trigger_deprecation('twig/twig', '3.12', 'Method "%s()" is deprecated.', __METHOD__);
+
         return \count($this->traits) > 0;
     }
 
@@ -247,7 +268,7 @@ class Parser
         $this->embeddedTemplates[] = $template;
     }
 
-    public function addImportedSymbol(string $type, string $alias, string $name = null, AbstractExpression $node = null): void
+    public function addImportedSymbol(string $type, string $alias, ?string $name = null, ?AbstractExpression $node = null): void
     {
         $this->importedSymbols[0][$type][$alias] = ['name' => $name, 'node' => $node];
     }
@@ -280,11 +301,26 @@ class Parser
 
     public function getParent(): ?Node
     {
+        trigger_deprecation('twig/twig', '3.12', 'Method "%s()" is deprecated.', __METHOD__);
+
         return $this->parent;
     }
 
+    public function hasInheritance()
+    {
+        return $this->parent || 0 < \count($this->traits);
+    }
+
     public function setParent(?Node $parent): void
     {
+        if (null === $parent) {
+            trigger_deprecation('twig/twig', '3.12', 'Passing "null" to "%s()" is deprecated.', __METHOD__);
+        }
+
+        if (null !== $this->parent) {
+            throw new SyntaxError('Multiple extends tags are forbidden.', $parent->getTemplateLine(), $parent->getSourceContext());
+        }
+
         $this->parent = $parent;
     }
 
@@ -303,10 +339,9 @@ class Parser
         // check that the body does not contain non-empty output nodes
         if (
             ($node instanceof TextNode && !ctype_space($node->getAttribute('data')))
-            ||
-            (!$node instanceof TextNode && !$node instanceof BlockReferenceNode && $node instanceof NodeOutputInterface)
+            || (!$node instanceof TextNode && !$node instanceof BlockReferenceNode && $node instanceof NodeOutputInterface)
         ) {
-            if (false !== strpos((string) $node, \chr(0xEF).\chr(0xBB).\chr(0xBF))) {
+            if (str_contains((string) $node, \chr(0xEF).\chr(0xBB).\chr(0xBF))) {
                 $t = substr($node->getAttribute('data'), 3);
                 if ('' === $t || ctype_space($t)) {
                     // bypass empty nodes starting with a BOM
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Profiler/Dumper/BaseDumper.php b/data/web/inc/lib/vendor/twig/twig/src/Profiler/Dumper/BaseDumper.php
index 4da43e475..267718c1f 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Profiler/Dumper/BaseDumper.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Profiler/Dumper/BaseDumper.php
@@ -50,7 +50,7 @@ abstract class BaseDumper
         if ($profile->getDuration() * 1000 < 1) {
             $str = $start."\n";
         } else {
-            $str = sprintf("%s %s\n", $start, $this->formatTime($profile, $percent));
+            $str = \sprintf("%s %s\n", $start, $this->formatTime($profile, $percent));
         }
 
         $nCount = \count($profile->getProfiles());
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Profiler/Dumper/BlackfireDumper.php b/data/web/inc/lib/vendor/twig/twig/src/Profiler/Dumper/BlackfireDumper.php
index 03abe0fa0..bb3fbb52a 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Profiler/Dumper/BlackfireDumper.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Profiler/Dumper/BlackfireDumper.php
@@ -24,7 +24,7 @@ final class BlackfireDumper
         $this->dumpProfile('main()', $profile, $data);
         $this->dumpChildren('main()', $profile, $data);
 
-        $start = sprintf('%f', microtime(true));
+        $start = \sprintf('%f', microtime(true));
         $str = <<<EOF
 file-format: BlackfireProbe
 cost-dimensions: wt mu pmu
@@ -46,9 +46,9 @@ EOF;
             if ($p->isTemplate()) {
                 $name = $p->getTemplate();
             } else {
-                $name = sprintf('%s::%s(%s)', $p->getTemplate(), $p->getType(), $p->getName());
+                $name = \sprintf('%s::%s(%s)', $p->getTemplate(), $p->getType(), $p->getName());
             }
-            $this->dumpProfile(sprintf('%s==>%s', $parent, $name), $p, $data);
+            $this->dumpProfile(\sprintf('%s==>%s', $parent, $name), $p, $data);
             $this->dumpChildren($name, $p, $data);
         }
     }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Profiler/Dumper/HtmlDumper.php b/data/web/inc/lib/vendor/twig/twig/src/Profiler/Dumper/HtmlDumper.php
index 1f2433b4d..cdab2de59 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Profiler/Dumper/HtmlDumper.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Profiler/Dumper/HtmlDumper.php
@@ -32,16 +32,16 @@ final class HtmlDumper extends BaseDumper
 
     protected function formatTemplate(Profile $profile, $prefix): string
     {
-        return sprintf('%s└ <span style="background-color: %s">%s</span>', $prefix, self::$colors['template'], $profile->getTemplate());
+        return \sprintf('%s└ <span style="background-color: %s">%s</span>', $prefix, self::$colors['template'], $profile->getTemplate());
     }
 
     protected function formatNonTemplate(Profile $profile, $prefix): string
     {
-        return sprintf('%s└ %s::%s(<span style="background-color: %s">%s</span>)', $prefix, $profile->getTemplate(), $profile->getType(), isset(self::$colors[$profile->getType()]) ? self::$colors[$profile->getType()] : 'auto', $profile->getName());
+        return \sprintf('%s└ %s::%s(<span style="background-color: %s">%s</span>)', $prefix, $profile->getTemplate(), $profile->getType(), self::$colors[$profile->getType()] ?? 'auto', $profile->getName());
     }
 
     protected function formatTime(Profile $profile, $percent): string
     {
-        return sprintf('<span style="color: %s">%.2fms/%.0f%%</span>', $percent > 20 ? self::$colors['big'] : 'auto', $profile->getDuration() * 1000, $percent);
+        return \sprintf('<span style="color: %s">%.2fms/%.0f%%</span>', $percent > 20 ? self::$colors['big'] : 'auto', $profile->getDuration() * 1000, $percent);
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Profiler/Dumper/TextDumper.php b/data/web/inc/lib/vendor/twig/twig/src/Profiler/Dumper/TextDumper.php
index 31561c466..1c1f77e94 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Profiler/Dumper/TextDumper.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Profiler/Dumper/TextDumper.php
@@ -20,16 +20,16 @@ final class TextDumper extends BaseDumper
 {
     protected function formatTemplate(Profile $profile, $prefix): string
     {
-        return sprintf('%s└ %s', $prefix, $profile->getTemplate());
+        return \sprintf('%s└ %s', $prefix, $profile->getTemplate());
     }
 
     protected function formatNonTemplate(Profile $profile, $prefix): string
     {
-        return sprintf('%s└ %s::%s(%s)', $prefix, $profile->getTemplate(), $profile->getType(), $profile->getName());
+        return \sprintf('%s└ %s::%s(%s)', $prefix, $profile->getTemplate(), $profile->getType(), $profile->getName());
     }
 
     protected function formatTime(Profile $profile, $percent): string
     {
-        return sprintf('%.2fms/%.0f%%', $profile->getDuration() * 1000, $percent);
+        return \sprintf('%.2fms/%.0f%%', $profile->getDuration() * 1000, $percent);
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Profiler/Node/EnterProfileNode.php b/data/web/inc/lib/vendor/twig/twig/src/Profiler/Node/EnterProfileNode.php
index 1494baf44..4d8e504d1 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Profiler/Node/EnterProfileNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Profiler/Node/EnterProfileNode.php
@@ -11,6 +11,7 @@
 
 namespace Twig\Profiler\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 use Twig\Node\Node;
 
@@ -19,6 +20,7 @@ use Twig\Node\Node;
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class EnterProfileNode extends Node
 {
     public function __construct(string $extensionName, string $type, string $name, string $varName)
@@ -29,10 +31,10 @@ class EnterProfileNode extends Node
     public function compile(Compiler $compiler): void
     {
         $compiler
-            ->write(sprintf('$%s = $this->extensions[', $this->getAttribute('var_name')))
+            ->write(\sprintf('$%s = $this->extensions[', $this->getAttribute('var_name')))
             ->repr($this->getAttribute('extension_name'))
             ->raw("];\n")
-            ->write(sprintf('$%s->enter($%s = new \Twig\Profiler\Profile($this->getTemplateName(), ', $this->getAttribute('var_name'), $this->getAttribute('var_name').'_prof'))
+            ->write(\sprintf('$%s->enter($%s = new \Twig\Profiler\Profile($this->getTemplateName(), ', $this->getAttribute('var_name'), $this->getAttribute('var_name').'_prof'))
             ->repr($this->getAttribute('type'))
             ->raw(', ')
             ->repr($this->getAttribute('name'))
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Profiler/Node/LeaveProfileNode.php b/data/web/inc/lib/vendor/twig/twig/src/Profiler/Node/LeaveProfileNode.php
index 94cebbaa8..bd9227e52 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Profiler/Node/LeaveProfileNode.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Profiler/Node/LeaveProfileNode.php
@@ -11,6 +11,7 @@
 
 namespace Twig\Profiler\Node;
 
+use Twig\Attribute\YieldReady;
 use Twig\Compiler;
 use Twig\Node\Node;
 
@@ -19,6 +20,7 @@ use Twig\Node\Node;
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[YieldReady]
 class LeaveProfileNode extends Node
 {
     public function __construct(string $varName)
@@ -30,7 +32,7 @@ class LeaveProfileNode extends Node
     {
         $compiler
             ->write("\n")
-            ->write(sprintf("\$%s->leave(\$%s);\n\n", $this->getAttribute('var_name'), $this->getAttribute('var_name').'_prof'))
+            ->write(\sprintf("\$%s->leave(\$%s);\n\n", $this->getAttribute('var_name'), $this->getAttribute('var_name').'_prof'))
         ;
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Profiler/NodeVisitor/ProfilerNodeVisitor.php b/data/web/inc/lib/vendor/twig/twig/src/Profiler/NodeVisitor/ProfilerNodeVisitor.php
index 91abee807..1458bc5fc 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Profiler/NodeVisitor/ProfilerNodeVisitor.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Profiler/NodeVisitor/ProfilerNodeVisitor.php
@@ -27,13 +27,12 @@ use Twig\Profiler\Profile;
  */
 final class ProfilerNodeVisitor implements NodeVisitorInterface
 {
-    private $extensionName;
     private $varName;
 
-    public function __construct(string $extensionName)
-    {
-        $this->extensionName = $extensionName;
-        $this->varName = sprintf('__internal_%s', hash(\PHP_VERSION_ID < 80100 ? 'sha256' : 'xxh128', $extensionName));
+    public function __construct(
+        private string $extensionName,
+    ) {
+        $this->varName = \sprintf('__internal_%s', hash(\PHP_VERSION_ID < 80100 ? 'sha256' : 'xxh128', $extensionName));
     }
 
     public function enterNode(Node $node, Environment $env): Node
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Profiler/Profile.php b/data/web/inc/lib/vendor/twig/twig/src/Profiler/Profile.php
index 252ca9b0c..2928e1646 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Profiler/Profile.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Profiler/Profile.php
@@ -20,19 +20,16 @@ final class Profile implements \IteratorAggregate, \Serializable
     public const BLOCK = 'block';
     public const TEMPLATE = 'template';
     public const MACRO = 'macro';
-
-    private $template;
-    private $name;
-    private $type;
     private $starts = [];
     private $ends = [];
     private $profiles = [];
 
-    public function __construct(string $template = 'main', string $type = self::ROOT, string $name = 'main')
-    {
-        $this->template = $template;
-        $this->type = $type;
-        $this->name = 0 === strpos($name, '__internal_') ? 'INTERNAL' : $name;
+    public function __construct(
+        private string $template = 'main',
+        private string $type = self::ROOT,
+        private string $name = 'main',
+    ) {
+        $this->name = str_starts_with($name, '__internal_') ? 'INTERNAL' : $name;
         $this->enter();
     }
 
@@ -176,6 +173,6 @@ final class Profile implements \IteratorAggregate, \Serializable
      */
     public function __unserialize(array $data): void
     {
-        list($this->template, $this->name, $this->type, $this->starts, $this->ends, $this->profiles) = $data;
+        [$this->template, $this->name, $this->type, $this->starts, $this->ends, $this->profiles] = $data;
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Resources/core.php b/data/web/inc/lib/vendor/twig/twig/src/Resources/core.php
new file mode 100644
index 000000000..6e2fcfb07
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/Resources/core.php
@@ -0,0 +1,541 @@
+<?php
+
+/*
+ * This file is part of Twig.
+ *
+ * (c) Fabien Potencier
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+use Twig\Environment;
+use Twig\Extension\CoreExtension;
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_cycle($values, $position)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::cycle($values, $position);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_random(Environment $env, $values = null, $max = null)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::random($env->getCharset(), $values, $max);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_date_format_filter(Environment $env, $date, $format = null, $timezone = null)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return $env->getExtension(CoreExtension::class)->formatDate($date, $format, $timezone);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_date_modify_filter(Environment $env, $date, $modifier)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return $env->getExtension(CoreExtension::class)->modifyDate($date, $modifier);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_sprintf($format, ...$values)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::sprintf($format, ...$values);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_date_converter(Environment $env, $date = null, $timezone = null)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return $env->getExtension(CoreExtension::class)->convertDate($date, $timezone);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_replace_filter($str, $from)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::replace($str, $from);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_round($value, $precision = 0, $method = 'common')
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::round($value, $precision, $method);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_number_format_filter(Environment $env, $number, $decimal = null, $decimalPoint = null, $thousandSep = null)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return $env->getExtension(CoreExtension::class)->formatNumber($number, $decimal, $decimalPoint, $thousandSep);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_urlencode_filter($url)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::urlencode($url);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_array_merge(...$arrays)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::merge(...$arrays);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_slice(Environment $env, $item, $start, $length = null, $preserveKeys = false)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::slice($env->getCharset(), $item, $start, $length, $preserveKeys);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_first(Environment $env, $item)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::first($env->getCharset(), $item);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_last(Environment $env, $item)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::last($env->getCharset(), $item);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_join_filter($value, $glue = '', $and = null)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::join($value, $glue, $and);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_split_filter(Environment $env, $value, $delimiter, $limit = null)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::split($env->getCharset(), $value, $delimiter, $limit);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_get_array_keys_filter($array)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::keys($array);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_reverse_filter(Environment $env, $item, $preserveKeys = false)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::reverse($env->getCharset(), $item, $preserveKeys);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_sort_filter(Environment $env, $array, $arrow = null)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::sort($env, $array, $arrow);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_matches(string $regexp, ?string $str)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::matches($regexp, $str);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_trim_filter($string, $characterMask = null, $side = 'both')
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::trim($string, $characterMask, $side);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_nl2br($string)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::nl2br($string);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_spaceless($content)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::spaceless($content);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_convert_encoding($string, $to, $from)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::convertEncoding($string, $to, $from);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_length_filter(Environment $env, $thing)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::length($env->getCharset(), $thing);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_upper_filter(Environment $env, $string)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::upper($env->getCharset(), $string);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_lower_filter(Environment $env, $string)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::lower($env->getCharset(), $string);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_striptags($string, $allowable_tags = null)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::striptags($string, $allowable_tags);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_title_string_filter(Environment $env, $string)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::titleCase($env->getCharset(), $string);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_capitalize_string_filter(Environment $env, $string)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::capitalize($env->getCharset(), $string);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_test_empty($value)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::testEmpty($value);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_test_iterable($value)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return is_iterable($value);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_include(Environment $env, $context, $template, $variables = [], $withContext = true, $ignoreMissing = false, $sandboxed = false)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::include($env, $context, $template, $variables, $withContext, $ignoreMissing, $sandboxed);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_source(Environment $env, $name, $ignoreMissing = false)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::source($env, $name, $ignoreMissing);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_constant($constant, $object = null)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::constant($constant, $object);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_constant_is_defined($constant, $object = null)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::constant($constant, $object, true);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_array_batch($items, $size, $fill = null, $preserveKeys = true)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::batch($items, $size, $fill, $preserveKeys);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_array_column($array, $name, $index = null): array
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::column($array, $name, $index);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_array_filter(Environment $env, $array, $arrow)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::filter($env, $array, $arrow);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_array_map(Environment $env, $array, $arrow)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::map($env, $array, $arrow);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_array_reduce(Environment $env, $array, $arrow, $initial = null)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::reduce($env, $array, $arrow, $initial);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_array_some(Environment $env, $array, $arrow)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::arraySome($env, $array, $arrow);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_array_every(Environment $env, $array, $arrow)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::arrayEvery($env, $array, $arrow);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_check_arrow_in_sandbox(Environment $env, $arrow, $thing, $type)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return CoreExtension::checkArrowInSandbox($env, $arrow, $thing, $type);
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Resources/debug.php b/data/web/inc/lib/vendor/twig/twig/src/Resources/debug.php
new file mode 100644
index 000000000..104b4f4e0
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/Resources/debug.php
@@ -0,0 +1,25 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+use Twig\Environment;
+use Twig\Extension\DebugExtension;
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_var_dump(Environment $env, $context, ...$vars)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    DebugExtension::dump($env, $context, ...$vars);
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Resources/escaper.php b/data/web/inc/lib/vendor/twig/twig/src/Resources/escaper.php
new file mode 100644
index 000000000..a2ee8e7aa
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/Resources/escaper.php
@@ -0,0 +1,51 @@
+<?php
+
+/*
+ * This file is part of Twig.
+ *
+ * (c) Fabien Potencier
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+use Twig\Environment;
+use Twig\Extension\EscaperExtension;
+use Twig\Node\Node;
+use Twig\Runtime\EscaperRuntime;
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_raw_filter($string)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return $string;
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_escape_filter(Environment $env, $string, $strategy = 'html', $charset = null, $autoescape = false)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return $env->getRuntime(EscaperRuntime::class)->escape($string, $strategy, $charset, $autoescape);
+}
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_escape_filter_is_safe(Node $filterArgs)
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return EscaperExtension::escapeFilterIsSafe($filterArgs);
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Resources/string_loader.php b/data/web/inc/lib/vendor/twig/twig/src/Resources/string_loader.php
new file mode 100644
index 000000000..8f0e6492a
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/Resources/string_loader.php
@@ -0,0 +1,26 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+use Twig\Environment;
+use Twig\Extension\StringLoaderExtension;
+use Twig\TemplateWrapper;
+
+/**
+ * @internal
+ *
+ * @deprecated since Twig 3.9
+ */
+function twig_template_from_string(Environment $env, $template, ?string $name = null): TemplateWrapper
+{
+    trigger_deprecation('twig/twig', '3.9', 'Using the internal "%s" function is deprecated.', __FUNCTION__);
+
+    return StringLoaderExtension::templateFromString($env, $template, $name);
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Runtime/EscaperRuntime.php b/data/web/inc/lib/vendor/twig/twig/src/Runtime/EscaperRuntime.php
new file mode 100644
index 000000000..a3ce17146
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/Runtime/EscaperRuntime.php
@@ -0,0 +1,327 @@
+<?php
+
+/*
+ * This file is part of Twig.
+ *
+ * (c) Fabien Potencier
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Twig\Runtime;
+
+use Twig\Error\RuntimeError;
+use Twig\Extension\RuntimeExtensionInterface;
+use Twig\Markup;
+
+final class EscaperRuntime implements RuntimeExtensionInterface
+{
+    /** @var array<string, callable(string $string, string $charset): string> */
+    private $escapers = [];
+
+    /** @internal */
+    public $safeClasses = [];
+
+    /** @internal */
+    public $safeLookup = [];
+
+    public function __construct(
+        private $charset = 'UTF-8',
+    ) {
+    }
+
+    /**
+     * Defines a new escaper to be used via the escape filter.
+     *
+     * @param string                                            $strategy The strategy name that should be used as a strategy in the escape call
+     * @param callable(string $string, string $charset): string $callable A valid PHP callable
+     */
+    public function setEscaper($strategy, callable $callable)
+    {
+        $this->escapers[$strategy] = $callable;
+    }
+
+    /**
+     * Gets all defined escapers.
+     *
+     * @return array<string, callable(string $string, string $charset): string> An array of escapers
+     */
+    public function getEscapers()
+    {
+        return $this->escapers;
+    }
+
+    public function setSafeClasses(array $safeClasses = [])
+    {
+        $this->safeClasses = [];
+        $this->safeLookup = [];
+        foreach ($safeClasses as $class => $strategies) {
+            $this->addSafeClass($class, $strategies);
+        }
+    }
+
+    public function addSafeClass(string $class, array $strategies)
+    {
+        $class = ltrim($class, '\\');
+        if (!isset($this->safeClasses[$class])) {
+            $this->safeClasses[$class] = [];
+        }
+        $this->safeClasses[$class] = array_merge($this->safeClasses[$class], $strategies);
+
+        foreach ($strategies as $strategy) {
+            $this->safeLookup[$strategy][$class] = true;
+        }
+    }
+
+    /**
+     * Escapes a string.
+     *
+     * @param mixed       $string     The value to be escaped
+     * @param string      $strategy   The escaping strategy
+     * @param string|null $charset    The charset
+     * @param bool        $autoescape Whether the function is called by the auto-escaping feature (true) or by the developer (false)
+     *
+     * @throws RuntimeError
+     */
+    public function escape($string, string $strategy = 'html', ?string $charset = null, bool $autoescape = false)
+    {
+        if ($autoescape && $string instanceof Markup) {
+            return $string;
+        }
+
+        if (!\is_string($string)) {
+            if ($string instanceof \Stringable) {
+                if ($autoescape) {
+                    $c = \get_class($string);
+                    if (!isset($this->safeClasses[$c])) {
+                        $this->safeClasses[$c] = [];
+                        foreach (class_parents($string) + class_implements($string) as $class) {
+                            if (isset($this->safeClasses[$class])) {
+                                $this->safeClasses[$c] = array_unique(array_merge($this->safeClasses[$c], $this->safeClasses[$class]));
+                                foreach ($this->safeClasses[$class] as $s) {
+                                    $this->safeLookup[$s][$c] = true;
+                                }
+                            }
+                        }
+                    }
+                    if (isset($this->safeLookup[$strategy][$c]) || isset($this->safeLookup['all'][$c])) {
+                        return (string) $string;
+                    }
+                }
+
+                $string = (string) $string;
+            } elseif (\in_array($strategy, ['html', 'js', 'css', 'html_attr', 'url'])) {
+                // we return the input as is (which can be of any type)
+                return $string;
+            }
+        }
+
+        if ('' === $string) {
+            return '';
+        }
+
+        $charset = $charset ?: $this->charset;
+
+        switch ($strategy) {
+            case 'html':
+                // see https://www.php.net/htmlspecialchars
+
+                // Using a static variable to avoid initializing the array
+                // each time the function is called. Moving the declaration on the
+                // top of the function slow downs other escaping strategies.
+                static $htmlspecialcharsCharsets = [
+                    'ISO-8859-1' => true, 'ISO8859-1' => true,
+                    'ISO-8859-15' => true, 'ISO8859-15' => true,
+                    'utf-8' => true, 'UTF-8' => true,
+                    'CP866' => true, 'IBM866' => true, '866' => true,
+                    'CP1251' => true, 'WINDOWS-1251' => true, 'WIN-1251' => true,
+                    '1251' => true,
+                    'CP1252' => true, 'WINDOWS-1252' => true, '1252' => true,
+                    'KOI8-R' => true, 'KOI8-RU' => true, 'KOI8R' => true,
+                    'BIG5' => true, '950' => true,
+                    'GB2312' => true, '936' => true,
+                    'BIG5-HKSCS' => true,
+                    'SHIFT_JIS' => true, 'SJIS' => true, '932' => true,
+                    'EUC-JP' => true, 'EUCJP' => true,
+                    'ISO8859-5' => true, 'ISO-8859-5' => true, 'MACROMAN' => true,
+                ];
+
+                if (isset($htmlspecialcharsCharsets[$charset])) {
+                    return htmlspecialchars($string, \ENT_QUOTES | \ENT_SUBSTITUTE, $charset);
+                }
+
+                if (isset($htmlspecialcharsCharsets[strtoupper($charset)])) {
+                    // cache the lowercase variant for future iterations
+                    $htmlspecialcharsCharsets[$charset] = true;
+
+                    return htmlspecialchars($string, \ENT_QUOTES | \ENT_SUBSTITUTE, $charset);
+                }
+
+                $string = $this->convertEncoding($string, 'UTF-8', $charset);
+                $string = htmlspecialchars($string, \ENT_QUOTES | \ENT_SUBSTITUTE, 'UTF-8');
+
+                return iconv('UTF-8', $charset, $string);
+
+            case 'js':
+                // escape all non-alphanumeric characters
+                // into their \x or \uHHHH representations
+                if ('UTF-8' !== $charset) {
+                    $string = $this->convertEncoding($string, 'UTF-8', $charset);
+                }
+
+                if (!preg_match('//u', $string)) {
+                    throw new RuntimeError('The string to escape is not a valid UTF-8 string.');
+                }
+
+                $string = preg_replace_callback('#[^a-zA-Z0-9,\._]#Su', function ($matches) {
+                    $char = $matches[0];
+
+                    /*
+                    * A few characters have short escape sequences in JSON and JavaScript.
+                    * Escape sequences supported only by JavaScript, not JSON, are omitted.
+                    * \" is also supported but omitted, because the resulting string is not HTML safe.
+                    */
+                    static $shortMap = [
+                        '\\' => '\\\\',
+                        '/' => '\\/',
+                        "\x08" => '\b',
+                        "\x0C" => '\f',
+                        "\x0A" => '\n',
+                        "\x0D" => '\r',
+                        "\x09" => '\t',
+                    ];
+
+                    if (isset($shortMap[$char])) {
+                        return $shortMap[$char];
+                    }
+
+                    $codepoint = mb_ord($char, 'UTF-8');
+                    if (0x10000 > $codepoint) {
+                        return \sprintf('\u%04X', $codepoint);
+                    }
+
+                    // Split characters outside the BMP into surrogate pairs
+                    // https://tools.ietf.org/html/rfc2781.html#section-2.1
+                    $u = $codepoint - 0x10000;
+                    $high = 0xD800 | ($u >> 10);
+                    $low = 0xDC00 | ($u & 0x3FF);
+
+                    return \sprintf('\u%04X\u%04X', $high, $low);
+                }, $string);
+
+                if ('UTF-8' !== $charset) {
+                    $string = iconv('UTF-8', $charset, $string);
+                }
+
+                return $string;
+
+            case 'css':
+                if ('UTF-8' !== $charset) {
+                    $string = $this->convertEncoding($string, 'UTF-8', $charset);
+                }
+
+                if (!preg_match('//u', $string)) {
+                    throw new RuntimeError('The string to escape is not a valid UTF-8 string.');
+                }
+
+                $string = preg_replace_callback('#[^a-zA-Z0-9]#Su', function ($matches) {
+                    $char = $matches[0];
+
+                    return \sprintf('\\%X ', 1 === \strlen($char) ? \ord($char) : mb_ord($char, 'UTF-8'));
+                }, $string);
+
+                if ('UTF-8' !== $charset) {
+                    $string = iconv('UTF-8', $charset, $string);
+                }
+
+                return $string;
+
+            case 'html_attr':
+                if ('UTF-8' !== $charset) {
+                    $string = $this->convertEncoding($string, 'UTF-8', $charset);
+                }
+
+                if (!preg_match('//u', $string)) {
+                    throw new RuntimeError('The string to escape is not a valid UTF-8 string.');
+                }
+
+                $string = preg_replace_callback('#[^a-zA-Z0-9,\.\-_]#Su', function ($matches) {
+                    /**
+                     * This function is adapted from code coming from Zend Framework.
+                     *
+                     * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (https://www.zend.com)
+                     * @license   https://framework.zend.com/license/new-bsd New BSD License
+                     */
+                    $chr = $matches[0];
+                    $ord = \ord($chr);
+
+                    /*
+                    * The following replaces characters undefined in HTML with the
+                    * hex entity for the Unicode replacement character.
+                    */
+                    if (($ord <= 0x1F && "\t" != $chr && "\n" != $chr && "\r" != $chr) || ($ord >= 0x7F && $ord <= 0x9F)) {
+                        return '&#xFFFD;';
+                    }
+
+                    /*
+                    * Check if the current character to escape has a name entity we should
+                    * replace it with while grabbing the hex value of the character.
+                    */
+                    if (1 === \strlen($chr)) {
+                        /*
+                        * While HTML supports far more named entities, the lowest common denominator
+                        * has become HTML5's XML Serialisation which is restricted to the those named
+                        * entities that XML supports. Using HTML entities would result in this error:
+                        *     XML Parsing Error: undefined entity
+                        */
+                        static $entityMap = [
+                            34 => '&quot;', /* quotation mark */
+                            38 => '&amp;',  /* ampersand */
+                            60 => '&lt;',   /* less-than sign */
+                            62 => '&gt;',   /* greater-than sign */
+                        ];
+
+                        if (isset($entityMap[$ord])) {
+                            return $entityMap[$ord];
+                        }
+
+                        return \sprintf('&#x%02X;', $ord);
+                    }
+
+                    /*
+                    * Per OWASP recommendations, we'll use hex entities for any other
+                    * characters where a named entity does not exist.
+                    */
+                    return \sprintf('&#x%04X;', mb_ord($chr, 'UTF-8'));
+                }, $string);
+
+                if ('UTF-8' !== $charset) {
+                    $string = iconv('UTF-8', $charset, $string);
+                }
+
+                return $string;
+
+            case 'url':
+                return rawurlencode($string);
+
+            default:
+                if (\array_key_exists($strategy, $this->escapers)) {
+                    return $this->escapers[$strategy]($string, $charset);
+                }
+
+                $validStrategies = implode('", "', array_merge(['html', 'js', 'url', 'css', 'html_attr'], array_keys($this->escapers)));
+
+                throw new RuntimeError(\sprintf('Invalid escaping strategy "%s" (valid ones: "%s").', $strategy, $validStrategies));
+        }
+    }
+
+    private function convertEncoding(string $string, string $to, string $from)
+    {
+        if (!\function_exists('iconv')) {
+            throw new RuntimeError('Unable to convert encoding: required function iconv() does not exist. You should install ext-iconv or symfony/polyfill-iconv.');
+        }
+
+        return iconv($from, $to, $string);
+    }
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/RuntimeLoader/ContainerRuntimeLoader.php b/data/web/inc/lib/vendor/twig/twig/src/RuntimeLoader/ContainerRuntimeLoader.php
index b360d7bea..05106680c 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/RuntimeLoader/ContainerRuntimeLoader.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/RuntimeLoader/ContainerRuntimeLoader.php
@@ -23,11 +23,9 @@ use Psr\Container\ContainerInterface;
  */
 class ContainerRuntimeLoader implements RuntimeLoaderInterface
 {
-    private $container;
-
-    public function __construct(ContainerInterface $container)
-    {
-        $this->container = $container;
+    public function __construct(
+        private ContainerInterface $container,
+    ) {
     }
 
     public function load(string $class)
diff --git a/data/web/inc/lib/vendor/twig/twig/src/RuntimeLoader/FactoryRuntimeLoader.php b/data/web/inc/lib/vendor/twig/twig/src/RuntimeLoader/FactoryRuntimeLoader.php
index 130648392..5d4e70b92 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/RuntimeLoader/FactoryRuntimeLoader.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/RuntimeLoader/FactoryRuntimeLoader.php
@@ -18,14 +18,12 @@ namespace Twig\RuntimeLoader;
  */
 class FactoryRuntimeLoader implements RuntimeLoaderInterface
 {
-    private $map;
-
     /**
      * @param array $map An array where keys are class names and values factory callables
      */
-    public function __construct(array $map = [])
-    {
-        $this->map = $map;
+    public function __construct(
+        private array $map = [],
+    ) {
     }
 
     public function load(string $class)
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Sandbox/SecurityPolicy.php b/data/web/inc/lib/vendor/twig/twig/src/Sandbox/SecurityPolicy.php
index 2fc0d0131..988e37216 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Sandbox/SecurityPolicy.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Sandbox/SecurityPolicy.php
@@ -68,19 +68,25 @@ final class SecurityPolicy implements SecurityPolicyInterface
     {
         foreach ($tags as $tag) {
             if (!\in_array($tag, $this->allowedTags)) {
-                throw new SecurityNotAllowedTagError(sprintf('Tag "%s" is not allowed.', $tag), $tag);
+                if ('extends' === $tag) {
+                    trigger_deprecation('twig/twig', '3.12', 'The "extends" tag is always allowed in sandboxes, but won\'t be in 4.0, please enable it explicitly in your sandbox policy if needed.');
+                } elseif ('use' === $tag) {
+                    trigger_deprecation('twig/twig', '3.12', 'The "use" tag is always allowed in sandboxes, but won\'t be in 4.0, please enable it explicitly in your sandbox policy if needed.');
+                } else {
+                    throw new SecurityNotAllowedTagError(\sprintf('Tag "%s" is not allowed.', $tag), $tag);
+                }
             }
         }
 
         foreach ($filters as $filter) {
             if (!\in_array($filter, $this->allowedFilters)) {
-                throw new SecurityNotAllowedFilterError(sprintf('Filter "%s" is not allowed.', $filter), $filter);
+                throw new SecurityNotAllowedFilterError(\sprintf('Filter "%s" is not allowed.', $filter), $filter);
             }
         }
 
         foreach ($functions as $function) {
             if (!\in_array($function, $this->allowedFunctions)) {
-                throw new SecurityNotAllowedFunctionError(sprintf('Function "%s" is not allowed.', $function), $function);
+                throw new SecurityNotAllowedFunctionError(\sprintf('Function "%s" is not allowed.', $function), $function);
             }
         }
     }
@@ -94,16 +100,15 @@ final class SecurityPolicy implements SecurityPolicyInterface
         $allowed = false;
         $method = strtr($method, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz');
         foreach ($this->allowedMethods as $class => $methods) {
-            if ($obj instanceof $class) {
-                $allowed = \in_array($method, $methods);
-
+            if ($obj instanceof $class && \in_array($method, $methods)) {
+                $allowed = true;
                 break;
             }
         }
 
         if (!$allowed) {
             $class = \get_class($obj);
-            throw new SecurityNotAllowedMethodError(sprintf('Calling "%s" method on a "%s" object is not allowed.', $method, $class), $class, $method);
+            throw new SecurityNotAllowedMethodError(\sprintf('Calling "%s" method on a "%s" object is not allowed.', $method, $class), $class, $method);
         }
     }
 
@@ -111,16 +116,15 @@ final class SecurityPolicy implements SecurityPolicyInterface
     {
         $allowed = false;
         foreach ($this->allowedProperties as $class => $properties) {
-            if ($obj instanceof $class) {
-                $allowed = \in_array($property, \is_array($properties) ? $properties : [$properties]);
-
+            if ($obj instanceof $class && \in_array($property, \is_array($properties) ? $properties : [$properties])) {
+                $allowed = true;
                 break;
             }
         }
 
         if (!$allowed) {
             $class = \get_class($obj);
-            throw new SecurityNotAllowedPropertyError(sprintf('Calling "%s" property on a "%s" object is not allowed.', $property, $class), $class, $property);
+            throw new SecurityNotAllowedPropertyError(\sprintf('Calling "%s" property on a "%s" object is not allowed.', $property, $class), $class, $property);
         }
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Sandbox/SourcePolicyInterface.php b/data/web/inc/lib/vendor/twig/twig/src/Sandbox/SourcePolicyInterface.php
new file mode 100644
index 000000000..b952f1ea6
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/Sandbox/SourcePolicyInterface.php
@@ -0,0 +1,24 @@
+<?php
+
+/*
+ * This file is part of Twig.
+ *
+ * (c) Fabien Potencier
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Twig\Sandbox;
+
+use Twig\Source;
+
+/**
+ * Interface for a class that can optionally enable the sandbox mode based on a template's Twig\Source.
+ *
+ * @author Yaakov Saxon
+ */
+interface SourcePolicyInterface
+{
+    public function enableSandbox(Source $source): bool;
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Source.php b/data/web/inc/lib/vendor/twig/twig/src/Source.php
index 3cb02403c..0f626b62d 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Source.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Source.php
@@ -18,20 +18,16 @@ namespace Twig;
  */
 final class Source
 {
-    private $code;
-    private $name;
-    private $path;
-
     /**
      * @param string $code The template source code
      * @param string $name The template logical name
      * @param string $path The filesystem path of the template if any
      */
-    public function __construct(string $code, string $name, string $path = '')
-    {
-        $this->code = $code;
-        $this->name = $name;
-        $this->path = $path;
+    public function __construct(
+        private string $code,
+        private string $name,
+        private string $path = '',
+    ) {
     }
 
     public function getCode(): string
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Template.php b/data/web/inc/lib/vendor/twig/twig/src/Template.php
index e04bd04a6..7b3ce8161 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Template.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Template.php
@@ -35,38 +35,36 @@ abstract class Template
 
     protected $parent;
     protected $parents = [];
-    protected $env;
     protected $blocks = [];
     protected $traits = [];
     protected $extensions = [];
     protected $sandbox;
 
-    public function __construct(Environment $env)
-    {
-        $this->env = $env;
+    private $useYield;
+
+    public function __construct(
+        protected Environment $env,
+    ) {
+        $this->useYield = $env->useYield();
         $this->extensions = $env->getExtensions();
     }
 
     /**
      * Returns the template name.
-     *
-     * @return string The template name
      */
-    abstract public function getTemplateName();
+    abstract public function getTemplateName(): string;
 
     /**
      * Returns debug information about the template.
      *
-     * @return array Debug information
+     * @return array<int, int> Debug information
      */
-    abstract public function getDebugInfo();
+    abstract public function getDebugInfo(): array;
 
     /**
      * Returns information about the original template source code.
-     *
-     * @return Source
      */
-    abstract public function getSourceContext();
+    abstract public function getSourceContext(): Source;
 
     /**
      * Returns the parent template.
@@ -74,18 +72,16 @@ abstract class Template
      * This method is for internal use only and should never be called
      * directly.
      *
-     * @return Template|TemplateWrapper|false The parent template or false if there is no parent
+     * @return self|TemplateWrapper|false The parent template or false if there is no parent
      */
-    public function getParent(array $context)
+    public function getParent(array $context): self|TemplateWrapper|false
     {
         if (null !== $this->parent) {
             return $this->parent;
         }
 
         try {
-            $parent = $this->doGetParent($context);
-
-            if (false === $parent) {
+            if (!$parent = $this->doGetParent($context)) {
                 return false;
             }
 
@@ -106,12 +102,12 @@ abstract class Template
         return $this->parents[$parent];
     }
 
-    protected function doGetParent(array $context)
+    protected function doGetParent(array $context): bool|string|self|TemplateWrapper
     {
         return false;
     }
 
-    public function isTraitable()
+    public function isTraitable(): bool
     {
         return true;
     }
@@ -126,14 +122,10 @@ abstract class Template
      * @param array  $context The context
      * @param array  $blocks  The current set of blocks
      */
-    public function displayParentBlock($name, array $context, array $blocks = [])
+    public function displayParentBlock($name, array $context, array $blocks = []): void
     {
-        if (isset($this->traits[$name])) {
-            $this->traits[$name][0]->displayBlock($name, $context, $blocks, false);
-        } elseif (false !== $parent = $this->getParent($context)) {
-            $parent->displayBlock($name, $context, $blocks, false);
-        } else {
-            throw new RuntimeError(sprintf('The template has no parent and no traits defining the "%s" block.', $name), -1, $this->getSourceContext());
+        foreach ($this->yieldParentBlock($name, $context, $blocks) as $data) {
+            echo $data;
         }
     }
 
@@ -148,51 +140,10 @@ abstract class Template
      * @param array  $blocks    The current set of blocks
      * @param bool   $useBlocks Whether to use the current set of blocks
      */
-    public function displayBlock($name, array $context, array $blocks = [], $useBlocks = true, self $templateContext = null)
+    public function displayBlock($name, array $context, array $blocks = [], $useBlocks = true, ?self $templateContext = null): void
     {
-        if ($useBlocks && isset($blocks[$name])) {
-            $template = $blocks[$name][0];
-            $block = $blocks[$name][1];
-        } elseif (isset($this->blocks[$name])) {
-            $template = $this->blocks[$name][0];
-            $block = $this->blocks[$name][1];
-        } else {
-            $template = null;
-            $block = null;
-        }
-
-        // avoid RCEs when sandbox is enabled
-        if (null !== $template && !$template instanceof self) {
-            throw new \LogicException('A block must be a method on a \Twig\Template instance.');
-        }
-
-        if (null !== $template) {
-            try {
-                $template->$block($context, $blocks);
-            } catch (Error $e) {
-                if (!$e->getSourceContext()) {
-                    $e->setSourceContext($template->getSourceContext());
-                }
-
-                // this is mostly useful for \Twig\Error\LoaderError exceptions
-                // see \Twig\Error\LoaderError
-                if (-1 === $e->getTemplateLine()) {
-                    $e->guess();
-                }
-
-                throw $e;
-            } catch (\Exception $e) {
-                $e = new RuntimeError(sprintf('An exception has been thrown during the rendering of a template ("%s").', $e->getMessage()), -1, $template->getSourceContext(), $e);
-                $e->guess();
-
-                throw $e;
-            }
-        } elseif (false !== $parent = $this->getParent($context)) {
-            $parent->displayBlock($name, $context, array_merge($this->blocks, $blocks), false, $templateContext ?? $this);
-        } elseif (isset($blocks[$name])) {
-            throw new RuntimeError(sprintf('Block "%s" should not call parent() in "%s" as the block does not exist in the parent template "%s".', $name, $blocks[$name][0]->getTemplateName(), $this->getTemplateName()), -1, $blocks[$name][0]->getSourceContext());
-        } else {
-            throw new RuntimeError(sprintf('Block "%s" on template "%s" does not exist.', $name, $this->getTemplateName()), -1, ($templateContext ?? $this)->getSourceContext());
+        foreach ($this->yieldBlock($name, $context, $blocks, $useBlocks, $templateContext) as $data) {
+            echo $data;
         }
     }
 
@@ -208,16 +159,25 @@ abstract class Template
      *
      * @return string The rendered block
      */
-    public function renderParentBlock($name, array $context, array $blocks = [])
+    public function renderParentBlock($name, array $context, array $blocks = []): string
     {
-        if ($this->env->isDebug()) {
-            ob_start();
-        } else {
-            ob_start(function () { return ''; });
-        }
-        $this->displayParentBlock($name, $context, $blocks);
+        if (!$this->useYield) {
+            if ($this->env->isDebug()) {
+                ob_start();
+            } else {
+                ob_start(function () { return ''; });
+            }
+            $this->displayParentBlock($name, $context, $blocks);
 
-        return ob_get_clean();
+            return ob_get_clean();
+        }
+
+        $content = '';
+        foreach ($this->yieldParentBlock($name, $context, $blocks) as $data) {
+            $content .= $data;
+        }
+
+        return $content;
     }
 
     /**
@@ -233,16 +193,34 @@ abstract class Template
      *
      * @return string The rendered block
      */
-    public function renderBlock($name, array $context, array $blocks = [], $useBlocks = true)
+    public function renderBlock($name, array $context, array $blocks = [], $useBlocks = true): string
     {
-        if ($this->env->isDebug()) {
-            ob_start();
-        } else {
-            ob_start(function () { return ''; });
-        }
-        $this->displayBlock($name, $context, $blocks, $useBlocks);
+        if (!$this->useYield) {
+            $level = ob_get_level();
+            if ($this->env->isDebug()) {
+                ob_start();
+            } else {
+                ob_start(function () { return ''; });
+            }
+            try {
+                $this->displayBlock($name, $context, $blocks, $useBlocks);
+            } catch (\Throwable $e) {
+                while (ob_get_level() > $level) {
+                    ob_end_clean();
+                }
 
-        return ob_get_clean();
+                throw $e;
+            }
+
+            return ob_get_clean();
+        }
+
+        $content = '';
+        foreach ($this->yieldBlock($name, $context, $blocks, $useBlocks) as $data) {
+            $content .= $data;
+        }
+
+        return $content;
     }
 
     /**
@@ -257,7 +235,7 @@ abstract class Template
      *
      * @return bool true if the block exists, false otherwise
      */
-    public function hasBlock($name, array $context, array $blocks = [])
+    public function hasBlock($name, array $context, array $blocks = []): bool
     {
         if (isset($blocks[$name])) {
             return $blocks[$name][0] instanceof self;
@@ -267,7 +245,7 @@ abstract class Template
             return true;
         }
 
-        if (false !== $parent = $this->getParent($context)) {
+        if ($parent = $this->getParent($context)) {
             return $parent->hasBlock($name, $context);
         }
 
@@ -283,13 +261,13 @@ abstract class Template
      * @param array $context The context
      * @param array $blocks  The current set of blocks
      *
-     * @return array An array of block names
+     * @return array<string> An array of block names
      */
-    public function getBlockNames(array $context, array $blocks = [])
+    public function getBlockNames(array $context, array $blocks = []): array
     {
         $names = array_merge(array_keys($blocks), array_keys($this->blocks));
 
-        if (false !== $parent = $this->getParent($context)) {
+        if ($parent = $this->getParent($context)) {
             $names = array_merge($names, $parent->getBlockNames($context));
         }
 
@@ -297,16 +275,22 @@ abstract class Template
     }
 
     /**
-     * @return Template|TemplateWrapper
+     * @param string|TemplateWrapper|array<string|TemplateWrapper> $template
      */
-    protected function loadTemplate($template, $templateName = null, $line = null, $index = null)
+    protected function loadTemplate($template, $templateName = null, $line = null, $index = null): self|TemplateWrapper
     {
         try {
             if (\is_array($template)) {
                 return $this->env->resolveTemplate($template);
             }
 
-            if ($template instanceof self || $template instanceof TemplateWrapper) {
+            if ($template instanceof TemplateWrapper) {
+                return $template;
+            }
+
+            if ($template instanceof self) {
+                trigger_deprecation('twig/twig', '3.9', 'Passing a "%s" instance to "%s" is deprecated.', self::class, __METHOD__);
+
                 return $template;
             }
 
@@ -341,10 +325,8 @@ abstract class Template
 
     /**
      * @internal
-     *
-     * @return Template
      */
-    public function unwrap()
+    public function unwrap(): self
     {
         return $this;
     }
@@ -357,41 +339,58 @@ abstract class Template
      *
      * @return array An array of blocks
      */
-    public function getBlocks()
+    public function getBlocks(): array
     {
         return $this->blocks;
     }
 
-    public function display(array $context, array $blocks = [])
+    public function display(array $context, array $blocks = []): void
     {
-        $this->displayWithErrorHandling($this->env->mergeGlobals($context), array_merge($this->blocks, $blocks));
+        foreach ($this->yield($context, $blocks) as $data) {
+            echo $data;
+        }
     }
 
-    public function render(array $context)
+    public function render(array $context): string
     {
-        $level = ob_get_level();
-        if ($this->env->isDebug()) {
-            ob_start();
-        } else {
-            ob_start(function () { return ''; });
-        }
-        try {
-            $this->display($context);
-        } catch (\Throwable $e) {
-            while (ob_get_level() > $level) {
-                ob_end_clean();
+        if (!$this->useYield) {
+            $level = ob_get_level();
+            if ($this->env->isDebug()) {
+                ob_start();
+            } else {
+                ob_start(function () { return ''; });
+            }
+            try {
+                $this->display($context);
+            } catch (\Throwable $e) {
+                while (ob_get_level() > $level) {
+                    ob_end_clean();
+                }
+
+                throw $e;
             }
 
-            throw $e;
+            return ob_get_clean();
         }
 
-        return ob_get_clean();
+        $content = '';
+        foreach ($this->yield($context) as $data) {
+            $content .= $data;
+        }
+
+        return $content;
     }
 
-    protected function displayWithErrorHandling(array $context, array $blocks = [])
+    /**
+     * @return iterable<scalar|\Stringable|null>
+     */
+    public function yield(array $context, array $blocks = []): iterable
     {
+        $context += $this->env->getGlobals();
+        $blocks = array_merge($this->blocks, $blocks);
+
         try {
-            $this->doDisplay($context, $blocks);
+            yield from $this->doDisplay($context, $blocks);
         } catch (Error $e) {
             if (!$e->getSourceContext()) {
                 $e->setSourceContext($this->getSourceContext());
@@ -404,19 +403,95 @@ abstract class Template
             }
 
             throw $e;
-        } catch (\Exception $e) {
-            $e = new RuntimeError(sprintf('An exception has been thrown during the rendering of a template ("%s").', $e->getMessage()), -1, $this->getSourceContext(), $e);
+        } catch (\Throwable $e) {
+            $e = new RuntimeError(\sprintf('An exception has been thrown during the rendering of a template ("%s").', $e->getMessage()), -1, $this->getSourceContext(), $e);
             $e->guess();
 
             throw $e;
         }
     }
 
+    /**
+     * @return iterable<scalar|\Stringable|null>
+     */
+    public function yieldBlock($name, array $context, array $blocks = [], $useBlocks = true, ?self $templateContext = null): iterable
+    {
+        if ($useBlocks && isset($blocks[$name])) {
+            $template = $blocks[$name][0];
+            $block = $blocks[$name][1];
+        } elseif (isset($this->blocks[$name])) {
+            $template = $this->blocks[$name][0];
+            $block = $this->blocks[$name][1];
+        } else {
+            $template = null;
+            $block = null;
+        }
+
+        // avoid RCEs when sandbox is enabled
+        if (null !== $template && !$template instanceof self) {
+            throw new \LogicException('A block must be a method on a \Twig\Template instance.');
+        }
+
+        if (null !== $template) {
+            try {
+                yield from $template->$block($context, $blocks);
+            } catch (Error $e) {
+                if (!$e->getSourceContext()) {
+                    $e->setSourceContext($template->getSourceContext());
+                }
+
+                // this is mostly useful for \Twig\Error\LoaderError exceptions
+                // see \Twig\Error\LoaderError
+                if (-1 === $e->getTemplateLine()) {
+                    $e->guess();
+                }
+
+                throw $e;
+            } catch (\Throwable $e) {
+                $e = new RuntimeError(\sprintf('An exception has been thrown during the rendering of a template ("%s").', $e->getMessage()), -1, $template->getSourceContext(), $e);
+                $e->guess();
+
+                throw $e;
+            }
+        } elseif ($parent = $this->getParent($context)) {
+            yield from $parent->unwrap()->yieldBlock($name, $context, array_merge($this->blocks, $blocks), false, $templateContext ?? $this);
+        } elseif (isset($blocks[$name])) {
+            throw new RuntimeError(\sprintf('Block "%s" should not call parent() in "%s" as the block does not exist in the parent template "%s".', $name, $blocks[$name][0]->getTemplateName(), $this->getTemplateName()), -1, $blocks[$name][0]->getSourceContext());
+        } else {
+            throw new RuntimeError(\sprintf('Block "%s" on template "%s" does not exist.', $name, $this->getTemplateName()), -1, ($templateContext ?? $this)->getSourceContext());
+        }
+    }
+
+    /**
+     * Yields a parent block.
+     *
+     * This method is for internal use only and should never be called
+     * directly.
+     *
+     * @param string $name    The block name to display from the parent
+     * @param array  $context The context
+     * @param array  $blocks  The current set of blocks
+     *
+     * @return iterable<scalar|\Stringable|null>
+     */
+    public function yieldParentBlock($name, array $context, array $blocks = []): iterable
+    {
+        if (isset($this->traits[$name])) {
+            yield from $this->traits[$name][0]->yieldBlock($name, $context, $blocks, false);
+        } elseif ($parent = $this->getParent($context)) {
+            yield from $parent->unwrap()->yieldBlock($name, $context, $blocks, false);
+        } else {
+            throw new RuntimeError(\sprintf('The template has no parent and no traits defining the "%s" block.', $name), -1, $this->getSourceContext());
+        }
+    }
+
     /**
      * Auto-generated method to display the template with the given context.
      *
      * @param array $context An array of parameters to pass to the template
      * @param array $blocks  An array of blocks to pass to the template
+     *
+     * @return iterable<scalar|\Stringable|null>
      */
-    abstract protected function doDisplay(array $context, array $blocks = []);
+    abstract protected function doDisplay(array $context, array $blocks = []): iterable;
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TemplateWrapper.php b/data/web/inc/lib/vendor/twig/twig/src/TemplateWrapper.php
index c9c6b07c6..135c59188 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/TemplateWrapper.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/TemplateWrapper.php
@@ -18,26 +18,21 @@ namespace Twig;
  */
 final class TemplateWrapper
 {
-    private $env;
-    private $template;
-
     /**
      * This method is for internal use only and should never be called
      * directly (use Twig\Environment::load() instead).
      *
      * @internal
      */
-    public function __construct(Environment $env, Template $template)
-    {
-        $this->env = $env;
-        $this->template = $template;
+    public function __construct(
+        private Environment $env,
+        private Template $template,
+    ) {
     }
 
     public function render(array $context = []): string
     {
-        // using func_get_args() allows to not expose the blocks argument
-        // as it should only be used by internal code
-        return $this->template->render($context, \func_get_args()[1] ?? []);
+        return $this->template->render($context);
     }
 
     public function display(array $context = [])
@@ -62,29 +57,15 @@ final class TemplateWrapper
 
     public function renderBlock(string $name, array $context = []): string
     {
-        $context = $this->env->mergeGlobals($context);
-        $level = ob_get_level();
-        if ($this->env->isDebug()) {
-            ob_start();
-        } else {
-            ob_start(function () { return ''; });
-        }
-        try {
-            $this->template->displayBlock($name, $context);
-        } catch (\Throwable $e) {
-            while (ob_get_level() > $level) {
-                ob_end_clean();
-            }
-
-            throw $e;
-        }
-
-        return ob_get_clean();
+        return $this->template->renderBlock($name, $context + $this->env->getGlobals());
     }
 
     public function displayBlock(string $name, array $context = [])
     {
-        $this->template->displayBlock($name, $this->env->mergeGlobals($context));
+        $context += $this->env->getGlobals();
+        foreach ($this->template->yieldBlock($name, $context) as $data) {
+            echo $data;
+        }
     }
 
     public function getSourceContext(): Source
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Test/IntegrationTestCase.php b/data/web/inc/lib/vendor/twig/twig/src/Test/IntegrationTestCase.php
index 307302bb6..8690a809e 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Test/IntegrationTestCase.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Test/IntegrationTestCase.php
@@ -30,9 +30,19 @@ use Twig\TwigTest;
 abstract class IntegrationTestCase extends TestCase
 {
     /**
+     * @deprecated since Twig 3.13, use getFixturesDirectory() instead.
+     *
      * @return string
      */
-    abstract protected function getFixturesDir();
+    protected function getFixturesDir()
+    {
+        throw new \BadMethodCallException('Not implemented.');
+    }
+
+    protected static function getFixturesDirectory(): string
+    {
+        throw new \BadMethodCallException('Not implemented.');
+    }
 
     /**
      * @return RuntimeLoaderInterface[]
@@ -84,6 +94,7 @@ abstract class IntegrationTestCase extends TestCase
 
     /**
      * @dataProvider getLegacyTests
+     *
      * @group legacy
      */
     public function testLegacyIntegration($file, $message, $condition, $templates, $exception, $outputs, $deprecation = '')
@@ -91,9 +102,19 @@ abstract class IntegrationTestCase extends TestCase
         $this->doIntegrationTest($file, $message, $condition, $templates, $exception, $outputs, $deprecation);
     }
 
+    /**
+     * @final since Twig 3.13
+     */
     public function getTests($name, $legacyTests = false)
     {
-        $fixturesDir = realpath($this->getFixturesDir());
+        try {
+            $fixturesDir = static::getFixturesDirectory();
+        } catch (\BadMethodCallException) {
+            trigger_deprecation('twig/twig', '3.13', 'Not overriding "%s::getFixturesDirectory()" in "%s" is deprecated. This method will be abstract in 4.0.', self::class, static::class);
+            $fixturesDir = $this->getFixturesDir();
+        }
+
+        $fixturesDir = realpath($fixturesDir);
         $tests = [];
 
         foreach (new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($fixturesDir), \RecursiveIteratorIterator::LEAVES_ONLY) as $file) {
@@ -101,7 +122,7 @@ abstract class IntegrationTestCase extends TestCase
                 continue;
             }
 
-            if ($legacyTests xor false !== strpos($file->getRealpath(), '.legacy.test')) {
+            if ($legacyTests xor str_contains($file->getRealpath(), '.legacy.test')) {
                 continue;
             }
 
@@ -122,7 +143,7 @@ abstract class IntegrationTestCase extends TestCase
                 $exception = false;
                 preg_match_all('/--DATA--(.*?)(?:--CONFIG--(.*?))?--EXPECT--(.*?)(?=\-\-DATA\-\-|$)/s', $test, $outputs, \PREG_SET_ORDER);
             } else {
-                throw new \InvalidArgumentException(sprintf('Test "%s" is not valid.', str_replace($fixturesDir.'/', '', $file)));
+                throw new \InvalidArgumentException(\sprintf('Test "%s" is not valid.', str_replace($fixturesDir.'/', '', $file)));
             }
 
             $tests[] = [str_replace($fixturesDir.'/', '', $file), $message, $condition, $templates, $exception, $outputs, $deprecation];
@@ -136,6 +157,9 @@ abstract class IntegrationTestCase extends TestCase
         return $tests;
     }
 
+    /**
+     * @final since Twig 3.13
+     */
     public function getLegacyTests()
     {
         return $this->getTests('testLegacyIntegration', true);
@@ -148,19 +172,23 @@ abstract class IntegrationTestCase extends TestCase
         }
 
         if ($condition) {
+            $ret = '';
             eval('$ret = '.$condition.';');
             if (!$ret) {
                 $this->markTestSkipped($condition);
             }
         }
 
-        $loader = new ArrayLoader($templates);
-
         foreach ($outputs as $i => $match) {
             $config = array_merge([
                 'cache' => false,
                 'strict_variables' => true,
             ], $match[2] ? eval($match[2].';') : []);
+            // make sure that template are always compiled even if they are the same (useful when testing with more than one data/expect sections)
+            foreach ($templates as $j => $template) {
+                $templates[$j] = $template.str_repeat(' ', $i);
+            }
+            $loader = new ArrayLoader($templates);
             $twig = new Environment($loader, $config);
             $twig->addGlobal('global', 'global');
             foreach ($this->getRuntimeLoaders() as $runtimeLoader) {
@@ -183,11 +211,6 @@ abstract class IntegrationTestCase extends TestCase
                 $twig->addFunction($function);
             }
 
-            // avoid using the same PHP class name for different cases
-            $p = new \ReflectionProperty($twig, 'templateClassPrefix');
-            $p->setAccessible(true);
-            $p->setValue($twig, '__TwigTemplate_'.hash(\PHP_VERSION_ID < 80100 ? 'sha256' : 'xxh128', uniqid(mt_rand(), true), false).'_');
-
             $deprecations = [];
             try {
                 $prevHandler = set_error_handler(function ($type, $msg, $file, $line, $context = []) use (&$deprecations, &$prevHandler) {
@@ -204,14 +227,14 @@ abstract class IntegrationTestCase extends TestCase
             } catch (\Exception $e) {
                 if (false !== $exception) {
                     $message = $e->getMessage();
-                    $this->assertSame(trim($exception), trim(sprintf('%s: %s', \get_class($e), $message)));
+                    $this->assertSame(trim($exception), trim(\sprintf('%s: %s', \get_class($e), $message)));
                     $last = substr($message, \strlen($message) - 1);
                     $this->assertTrue('.' === $last || '?' === $last, 'Exception message must end with a dot or a question mark.');
 
                     return;
                 }
 
-                throw new Error(sprintf('%s: %s', \get_class($e), $e->getMessage()), -1, null, $e);
+                throw new Error(\sprintf('%s: %s', \get_class($e), $e->getMessage()), -1, null, $e);
             } finally {
                 restore_error_handler();
             }
@@ -222,18 +245,18 @@ abstract class IntegrationTestCase extends TestCase
                 $output = trim($template->render(eval($match[1].';')), "\n ");
             } catch (\Exception $e) {
                 if (false !== $exception) {
-                    $this->assertSame(trim($exception), trim(sprintf('%s: %s', \get_class($e), $e->getMessage())));
+                    $this->assertSame(trim($exception), trim(\sprintf('%s: %s', \get_class($e), $e->getMessage())));
 
                     return;
                 }
 
-                $e = new Error(sprintf('%s: %s', \get_class($e), $e->getMessage()), -1, null, $e);
+                $e = new Error(\sprintf('%s: %s', \get_class($e), $e->getMessage()), -1, null, $e);
 
-                $output = trim(sprintf('%s: %s', \get_class($e), $e->getMessage()));
+                $output = trim(\sprintf('%s: %s', \get_class($e), $e->getMessage()));
             }
 
             if (false !== $exception) {
-                list($class) = explode(':', $exception);
+                [$class] = explode(':', $exception);
                 $constraintClass = class_exists('PHPUnit\Framework\Constraint\Exception') ? 'PHPUnit\Framework\Constraint\Exception' : 'PHPUnit_Framework_Constraint_Exception';
                 $this->assertThat(null, new $constraintClass($class));
             }
@@ -257,7 +280,7 @@ abstract class IntegrationTestCase extends TestCase
         $templates = [];
         preg_match_all('/--TEMPLATE(?:\((.*?)\))?--(.*?)(?=\-\-TEMPLATE|$)/s', $test, $matches, \PREG_SET_ORDER);
         foreach ($matches as $match) {
-            $templates[($match[1] ?: 'index.twig')] = $match[2];
+            $templates[$match[1] ?: 'index.twig'] = $match[2];
         }
 
         return $templates;
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Test/NodeTestCase.php b/data/web/inc/lib/vendor/twig/twig/src/Test/NodeTestCase.php
index 3b8b2c86c..bac0ea6d0 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Test/NodeTestCase.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Test/NodeTestCase.php
@@ -11,6 +11,8 @@
 
 namespace Twig\Test;
 
+use PHPUnit\Framework\Attributes\BeforeClass;
+use PHPUnit\Framework\Attributes\DataProvider;
 use PHPUnit\Framework\TestCase;
 use Twig\Compiler;
 use Twig\Environment;
@@ -19,17 +21,37 @@ use Twig\Node\Node;
 
 abstract class NodeTestCase extends TestCase
 {
-    abstract public function getTests();
+    /**
+     * @var Environment
+     */
+    private $currentEnv;
+
+    public function getTests()
+    {
+        return [];
+    }
+
+    /**
+     * @return iterable<array{0: Node, 1: string, 2?: Environment|null, 3?: bool}>
+     */
+    public static function provideTests(): iterable
+    {
+        trigger_deprecation('twig/twig', '3.13', 'Not implementing "%s()" in "%s" is deprecated. This method will be abstract in 4.0.', __METHOD__, static::class);
+
+        return [];
+    }
 
     /**
      * @dataProvider getTests
+     * @dataProvider provideTests
      */
+    #[DataProvider('getTests'), DataProvider('provideTests')]
     public function testCompile($node, $source, $environment = null, $isPattern = false)
     {
         $this->assertNodeCompilation($source, $node, $environment, $isPattern);
     }
 
-    public function assertNodeCompilation($source, Node $node, Environment $environment = null, $isPattern = false)
+    public function assertNodeCompilation($source, Node $node, ?Environment $environment = null, $isPattern = false)
     {
         $compiler = $this->getCompiler($environment);
         $compiler->compile($node);
@@ -41,25 +63,63 @@ abstract class NodeTestCase extends TestCase
         }
     }
 
-    protected function getCompiler(Environment $environment = null)
+    protected function getCompiler(?Environment $environment = null)
     {
-        return new Compiler(null === $environment ? $this->getEnvironment() : $environment);
+        return new Compiler($environment ?? $this->getEnvironment());
     }
 
+    /**
+     * @final since Twig 3.13
+     */
     protected function getEnvironment()
     {
-        return new Environment(new ArrayLoader([]));
+        return $this->currentEnv ??= static::createEnvironment();
     }
 
+    protected static function createEnvironment(): Environment
+    {
+        return new Environment(new ArrayLoader());
+    }
+
+    /**
+     * @deprecated since Twig 3.13, use createVariableGetter() instead.
+     */
     protected function getVariableGetter($name, $line = false)
+    {
+        trigger_deprecation('twig/twig', '3.13', 'Method "%s()" is deprecated, use "createVariableGetter()" instead.', __METHOD__);
+
+        return self::createVariableGetter($name, $line);
+    }
+
+    final protected static function createVariableGetter(string $name, bool $line = false): string
     {
         $line = $line > 0 ? "// line $line\n" : '';
 
-        return sprintf('%s($context["%s"] ?? null)', $line, $name);
+        return \sprintf('%s($context["%s"] ?? null)', $line, $name);
     }
 
+    /**
+     * @deprecated since Twig 3.13, use createAttributeGetter() instead.
+     */
     protected function getAttributeGetter()
     {
-        return 'twig_get_attribute($this->env, $this->source, ';
+        trigger_deprecation('twig/twig', '3.13', 'Method "%s()" is deprecated, use "createAttributeGetter()" instead.', __METHOD__);
+
+        return self::createAttributeGetter();
+    }
+
+    final protected static function createAttributeGetter(): string
+    {
+        return 'CoreExtension::getAttribute($this->env, $this->source, ';
+    }
+
+    /** @beforeClass */
+    #[BeforeClass]
+    final public static function checkDataProvider(): void
+    {
+        $r = new \ReflectionMethod(static::class, 'getTests');
+        if (self::class !== $r->getDeclaringClass()->getName()) {
+            trigger_deprecation('twig/twig', '3.13', 'Implementing "%s::getTests()" in "%s" is deprecated, implement "provideTests()" instead.', self::class, static::class);
+        }
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Token.php b/data/web/inc/lib/vendor/twig/twig/src/Token.php
index 53a6cafc3..237634ad1 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Token.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Token.php
@@ -17,10 +17,6 @@ namespace Twig;
  */
 final class Token
 {
-    private $value;
-    private $type;
-    private $lineno;
-
     public const EOF_TYPE = -1;
     public const TEXT_TYPE = 0;
     public const BLOCK_START_TYPE = 1;
@@ -35,17 +31,18 @@ final class Token
     public const INTERPOLATION_START_TYPE = 10;
     public const INTERPOLATION_END_TYPE = 11;
     public const ARROW_TYPE = 12;
+    public const SPREAD_TYPE = 13;
 
-    public function __construct(int $type, $value, int $lineno)
-    {
-        $this->type = $type;
-        $this->value = $value;
-        $this->lineno = $lineno;
+    public function __construct(
+        private int $type,
+        private $value,
+        private int $lineno,
+    ) {
     }
 
     public function __toString()
     {
-        return sprintf('%s(%s)', self::typeToString($this->type, true), $this->value);
+        return \sprintf('%s(%s)', self::typeToString($this->type, true), $this->value);
     }
 
     /**
@@ -67,9 +64,9 @@ final class Token
         }
 
         return ($this->type === $type) && (
-            null === $values ||
-            (\is_array($values) && \in_array($this->value, $values)) ||
-            $this->value == $values
+            null === $values
+            || (\is_array($values) && \in_array($this->value, $values))
+            || $this->value == $values
         );
     }
 
@@ -133,8 +130,11 @@ final class Token
             case self::ARROW_TYPE:
                 $name = 'ARROW_TYPE';
                 break;
+            case self::SPREAD_TYPE:
+                $name = 'SPREAD_TYPE';
+                break;
             default:
-                throw new \LogicException(sprintf('Token of type "%s" does not exist.', $type));
+                throw new \LogicException(\sprintf('Token of type "%s" does not exist.', $type));
         }
 
         return $short ? $name : 'Twig\Token::'.$name;
@@ -171,8 +171,10 @@ final class Token
                 return 'end of string interpolation';
             case self::ARROW_TYPE:
                 return 'arrow function';
+            case self::SPREAD_TYPE:
+                return 'spread operator';
             default:
-                throw new \LogicException(sprintf('Token of type "%s" does not exist.', $type));
+                throw new \LogicException(\sprintf('Token of type "%s" does not exist.', $type));
         }
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/ApplyTokenParser.php b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/ApplyTokenParser.php
index 4dbf30406..0a6c1afb5 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/ApplyTokenParser.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/ApplyTokenParser.php
@@ -36,16 +36,16 @@ final class ApplyTokenParser extends AbstractTokenParser
         $ref = new TempNameExpression($name, $lineno);
         $ref->setAttribute('always_defined', true);
 
-        $filter = $this->parser->getExpressionParser()->parseFilterExpressionRaw($ref, $this->getTag());
+        $filter = $this->parser->getExpressionParser()->parseFilterExpressionRaw($ref);
 
         $this->parser->getStream()->expect(Token::BLOCK_END_TYPE);
         $body = $this->parser->subparse([$this, 'decideApplyEnd'], true);
         $this->parser->getStream()->expect(Token::BLOCK_END_TYPE);
 
         return new Node([
-            new SetNode(true, $ref, $body, $lineno, $this->getTag()),
-            new PrintNode($filter, $lineno, $this->getTag()),
-        ]);
+            new SetNode(true, $ref, $body, $lineno),
+            new PrintNode($filter, $lineno),
+        ], [], $lineno);
     }
 
     public function decideApplyEnd(Token $token): bool
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/AutoEscapeTokenParser.php b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/AutoEscapeTokenParser.php
index b674bea4a..b50b29e65 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/AutoEscapeTokenParser.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/AutoEscapeTokenParser.php
@@ -29,7 +29,7 @@ final class AutoEscapeTokenParser extends AbstractTokenParser
         $lineno = $token->getLine();
         $stream = $this->parser->getStream();
 
-        if ($stream->test(/* Token::BLOCK_END_TYPE */ 3)) {
+        if ($stream->test(Token::BLOCK_END_TYPE)) {
             $value = 'html';
         } else {
             $expr = $this->parser->getExpressionParser()->parseExpression();
@@ -39,11 +39,11 @@ final class AutoEscapeTokenParser extends AbstractTokenParser
             $value = $expr->getAttribute('value');
         }
 
-        $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+        $stream->expect(Token::BLOCK_END_TYPE);
         $body = $this->parser->subparse([$this, 'decideBlockEnd'], true);
-        $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+        $stream->expect(Token::BLOCK_END_TYPE);
 
-        return new AutoEscapeNode($value, $body, $lineno, $this->getTag());
+        return new AutoEscapeNode($value, $body, $lineno);
     }
 
     public function decideBlockEnd(Token $token): bool
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/BlockTokenParser.php b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/BlockTokenParser.php
index 5878131be..81d675db0 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/BlockTokenParser.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/BlockTokenParser.php
@@ -35,21 +35,18 @@ final class BlockTokenParser extends AbstractTokenParser
     {
         $lineno = $token->getLine();
         $stream = $this->parser->getStream();
-        $name = $stream->expect(/* Token::NAME_TYPE */ 5)->getValue();
-        if ($this->parser->hasBlock($name)) {
-            throw new SyntaxError(sprintf("The block '%s' has already been defined line %d.", $name, $this->parser->getBlock($name)->getTemplateLine()), $stream->getCurrent()->getLine(), $stream->getSourceContext());
-        }
+        $name = $stream->expect(Token::NAME_TYPE)->getValue();
         $this->parser->setBlock($name, $block = new BlockNode($name, new Node([]), $lineno));
         $this->parser->pushLocalScope();
         $this->parser->pushBlockStack($name);
 
-        if ($stream->nextIf(/* Token::BLOCK_END_TYPE */ 3)) {
+        if ($stream->nextIf(Token::BLOCK_END_TYPE)) {
             $body = $this->parser->subparse([$this, 'decideBlockEnd'], true);
-            if ($token = $stream->nextIf(/* Token::NAME_TYPE */ 5)) {
+            if ($token = $stream->nextIf(Token::NAME_TYPE)) {
                 $value = $token->getValue();
 
                 if ($value != $name) {
-                    throw new SyntaxError(sprintf('Expected endblock for block "%s" (but "%s" given).', $name, $value), $stream->getCurrent()->getLine(), $stream->getSourceContext());
+                    throw new SyntaxError(\sprintf('Expected endblock for block "%s" (but "%s" given).', $name, $value), $stream->getCurrent()->getLine(), $stream->getSourceContext());
                 }
             }
         } else {
@@ -57,13 +54,13 @@ final class BlockTokenParser extends AbstractTokenParser
                 new PrintNode($this->parser->getExpressionParser()->parseExpression(), $lineno),
             ]);
         }
-        $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+        $stream->expect(Token::BLOCK_END_TYPE);
 
         $block->setNode('body', $body);
         $this->parser->popBlockStack();
         $this->parser->popLocalScope();
 
-        return new BlockReferenceNode($name, $lineno, $this->getTag());
+        return new BlockReferenceNode($name, $lineno);
     }
 
     public function decideBlockEnd(Token $token): bool
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/DeprecatedTokenParser.php b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/DeprecatedTokenParser.php
index 31416c79c..164ef26ee 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/DeprecatedTokenParser.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/DeprecatedTokenParser.php
@@ -11,6 +11,7 @@
 
 namespace Twig\TokenParser;
 
+use Twig\Error\SyntaxError;
 use Twig\Node\DeprecatedNode;
 use Twig\Node\Node;
 use Twig\Token;
@@ -21,6 +22,8 @@ use Twig\Token;
  *    {% deprecated 'The "base.twig" template is deprecated, use "layout.twig" instead.' %}
  *    {% extends 'layout.html.twig' %}
  *
+ *    {% deprecated 'The "base.twig" template is deprecated, use "layout.twig" instead.' package="foo/bar" version="1.1" %}
+ *
  * @author Yonel Ceruto <yonelceruto@gmail.com>
  *
  * @internal
@@ -29,11 +32,31 @@ final class DeprecatedTokenParser extends AbstractTokenParser
 {
     public function parse(Token $token): Node
     {
-        $expr = $this->parser->getExpressionParser()->parseExpression();
+        $stream = $this->parser->getStream();
+        $expressionParser = $this->parser->getExpressionParser();
+        $expr = $expressionParser->parseExpression();
+        $node = new DeprecatedNode($expr, $token->getLine());
 
-        $this->parser->getStream()->expect(Token::BLOCK_END_TYPE);
+        while ($stream->test(Token::NAME_TYPE)) {
+            $k = $stream->getCurrent()->getValue();
+            $stream->next();
+            $stream->expect(Token::OPERATOR_TYPE, '=');
 
-        return new DeprecatedNode($expr, $token->getLine(), $this->getTag());
+            switch ($k) {
+                case 'package':
+                    $node->setNode('package', $expressionParser->parseExpression());
+                    break;
+                case 'version':
+                    $node->setNode('version', $expressionParser->parseExpression());
+                    break;
+                default:
+                    throw new SyntaxError(\sprintf('Unknown "%s" option.', $k), $stream->getCurrent()->getLine(), $stream->getSourceContext());
+            }
+        }
+
+        $stream->expect(Token::BLOCK_END_TYPE);
+
+        return $node;
     }
 
     public function getTag(): string
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/DoTokenParser.php b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/DoTokenParser.php
index 32c8f12ff..8afd48559 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/DoTokenParser.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/DoTokenParser.php
@@ -26,9 +26,9 @@ final class DoTokenParser extends AbstractTokenParser
     {
         $expr = $this->parser->getExpressionParser()->parseExpression();
 
-        $this->parser->getStream()->expect(/* Token::BLOCK_END_TYPE */ 3);
+        $this->parser->getStream()->expect(Token::BLOCK_END_TYPE);
 
-        return new DoNode($expr, $token->getLine(), $this->getTag());
+        return new DoNode($expr, $token->getLine());
     }
 
     public function getTag(): string
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/EmbedTokenParser.php b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/EmbedTokenParser.php
index 64b4f296f..7bf3233e2 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/EmbedTokenParser.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/EmbedTokenParser.php
@@ -30,21 +30,21 @@ final class EmbedTokenParser extends IncludeTokenParser
 
         $parent = $this->parser->getExpressionParser()->parseExpression();
 
-        list($variables, $only, $ignoreMissing) = $this->parseArguments();
+        [$variables, $only, $ignoreMissing] = $this->parseArguments();
 
-        $parentToken = $fakeParentToken = new Token(/* Token::STRING_TYPE */ 7, '__parent__', $token->getLine());
+        $parentToken = $fakeParentToken = new Token(Token::STRING_TYPE, '__parent__', $token->getLine());
         if ($parent instanceof ConstantExpression) {
-            $parentToken = new Token(/* Token::STRING_TYPE */ 7, $parent->getAttribute('value'), $token->getLine());
+            $parentToken = new Token(Token::STRING_TYPE, $parent->getAttribute('value'), $token->getLine());
         } elseif ($parent instanceof NameExpression) {
-            $parentToken = new Token(/* Token::NAME_TYPE */ 5, $parent->getAttribute('name'), $token->getLine());
+            $parentToken = new Token(Token::NAME_TYPE, $parent->getAttribute('name'), $token->getLine());
         }
 
         // inject a fake parent to make the parent() function work
         $stream->injectTokens([
-            new Token(/* Token::BLOCK_START_TYPE */ 1, '', $token->getLine()),
-            new Token(/* Token::NAME_TYPE */ 5, 'extends', $token->getLine()),
+            new Token(Token::BLOCK_START_TYPE, '', $token->getLine()),
+            new Token(Token::NAME_TYPE, 'extends', $token->getLine()),
             $parentToken,
-            new Token(/* Token::BLOCK_END_TYPE */ 3, '', $token->getLine()),
+            new Token(Token::BLOCK_END_TYPE, '', $token->getLine()),
         ]);
 
         $module = $this->parser->parse($stream, [$this, 'decideBlockEnd'], true);
@@ -56,9 +56,9 @@ final class EmbedTokenParser extends IncludeTokenParser
 
         $this->parser->embedTemplate($module);
 
-        $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+        $stream->expect(Token::BLOCK_END_TYPE);
 
-        return new EmbedNode($module->getTemplateName(), $module->getAttribute('index'), $variables, $only, $ignoreMissing, $token->getLine(), $this->getTag());
+        return new EmbedNode($module->getTemplateName(), $module->getAttribute('index'), $variables, $only, $ignoreMissing, $token->getLine());
     }
 
     public function decideBlockEnd(Token $token): bool
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/ExtendsTokenParser.php b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/ExtendsTokenParser.php
index 0ca46dd29..86ddfdfba 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/ExtendsTokenParser.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/ExtendsTokenParser.php
@@ -35,14 +35,11 @@ final class ExtendsTokenParser extends AbstractTokenParser
             throw new SyntaxError('Cannot use "extend" in a macro.', $token->getLine(), $stream->getSourceContext());
         }
 
-        if (null !== $this->parser->getParent()) {
-            throw new SyntaxError('Multiple extends tags are forbidden.', $token->getLine(), $stream->getSourceContext());
-        }
         $this->parser->setParent($this->parser->getExpressionParser()->parseExpression());
 
-        $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+        $stream->expect(Token::BLOCK_END_TYPE);
 
-        return new Node();
+        return new Node([], [], $token->getLine());
     }
 
     public function getTag(): string
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/FlushTokenParser.php b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/FlushTokenParser.php
index 02c74aa13..0d2388745 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/FlushTokenParser.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/FlushTokenParser.php
@@ -26,9 +26,9 @@ final class FlushTokenParser extends AbstractTokenParser
 {
     public function parse(Token $token): Node
     {
-        $this->parser->getStream()->expect(/* Token::BLOCK_END_TYPE */ 3);
+        $this->parser->getStream()->expect(Token::BLOCK_END_TYPE);
 
-        return new FlushNode($token->getLine(), $this->getTag());
+        return new FlushNode($token->getLine());
     }
 
     public function getTag(): string
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/ForTokenParser.php b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/ForTokenParser.php
index bac8ba2da..cf655f842 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/ForTokenParser.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/ForTokenParser.php
@@ -35,30 +35,30 @@ final class ForTokenParser extends AbstractTokenParser
         $lineno = $token->getLine();
         $stream = $this->parser->getStream();
         $targets = $this->parser->getExpressionParser()->parseAssignmentExpression();
-        $stream->expect(/* Token::OPERATOR_TYPE */ 8, 'in');
+        $stream->expect(Token::OPERATOR_TYPE, 'in');
         $seq = $this->parser->getExpressionParser()->parseExpression();
 
-        $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+        $stream->expect(Token::BLOCK_END_TYPE);
         $body = $this->parser->subparse([$this, 'decideForFork']);
         if ('else' == $stream->next()->getValue()) {
-            $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+            $stream->expect(Token::BLOCK_END_TYPE);
             $else = $this->parser->subparse([$this, 'decideForEnd'], true);
         } else {
             $else = null;
         }
-        $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+        $stream->expect(Token::BLOCK_END_TYPE);
 
         if (\count($targets) > 1) {
-            $keyTarget = $targets->getNode(0);
+            $keyTarget = $targets->getNode('0');
             $keyTarget = new AssignNameExpression($keyTarget->getAttribute('name'), $keyTarget->getTemplateLine());
-            $valueTarget = $targets->getNode(1);
+            $valueTarget = $targets->getNode('1');
         } else {
             $keyTarget = new AssignNameExpression('_key', $lineno);
-            $valueTarget = $targets->getNode(0);
+            $valueTarget = $targets->getNode('0');
         }
         $valueTarget = new AssignNameExpression($valueTarget->getAttribute('name'), $valueTarget->getTemplateLine());
 
-        return new ForNode($keyTarget, $valueTarget, $seq, null, $body, $else, $lineno, $this->getTag());
+        return new ForNode($keyTarget, $valueTarget, $seq, null, $body, $else, $lineno);
     }
 
     public function decideForFork(Token $token): bool
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/FromTokenParser.php b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/FromTokenParser.php
index 35098c267..2ccff5fbe 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/FromTokenParser.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/FromTokenParser.php
@@ -29,28 +29,28 @@ final class FromTokenParser extends AbstractTokenParser
     {
         $macro = $this->parser->getExpressionParser()->parseExpression();
         $stream = $this->parser->getStream();
-        $stream->expect(/* Token::NAME_TYPE */ 5, 'import');
+        $stream->expect(Token::NAME_TYPE, 'import');
 
         $targets = [];
-        do {
-            $name = $stream->expect(/* Token::NAME_TYPE */ 5)->getValue();
+        while (true) {
+            $name = $stream->expect(Token::NAME_TYPE)->getValue();
 
             $alias = $name;
             if ($stream->nextIf('as')) {
-                $alias = $stream->expect(/* Token::NAME_TYPE */ 5)->getValue();
+                $alias = $stream->expect(Token::NAME_TYPE)->getValue();
             }
 
             $targets[$name] = $alias;
 
-            if (!$stream->nextIf(/* Token::PUNCTUATION_TYPE */ 9, ',')) {
+            if (!$stream->nextIf(Token::PUNCTUATION_TYPE, ',')) {
                 break;
             }
-        } while (true);
+        }
 
-        $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+        $stream->expect(Token::BLOCK_END_TYPE);
 
         $var = new AssignNameExpression($this->parser->getVarName(), $token->getLine());
-        $node = new ImportNode($macro, $var, $token->getLine(), $this->getTag(), $this->parser->isMainScope());
+        $node = new ImportNode($macro, $var, $token->getLine(), $this->parser->isMainScope());
 
         foreach ($targets as $name => $alias) {
             $this->parser->addImportedSymbol('function', $alias, 'macro_'.$name, $var);
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/IfTokenParser.php b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/IfTokenParser.php
index c0fe6df0d..4ea6f3df9 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/IfTokenParser.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/IfTokenParser.php
@@ -37,7 +37,7 @@ final class IfTokenParser extends AbstractTokenParser
         $lineno = $token->getLine();
         $expr = $this->parser->getExpressionParser()->parseExpression();
         $stream = $this->parser->getStream();
-        $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+        $stream->expect(Token::BLOCK_END_TYPE);
         $body = $this->parser->subparse([$this, 'decideIfFork']);
         $tests = [$expr, $body];
         $else = null;
@@ -46,13 +46,13 @@ final class IfTokenParser extends AbstractTokenParser
         while (!$end) {
             switch ($stream->next()->getValue()) {
                 case 'else':
-                    $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+                    $stream->expect(Token::BLOCK_END_TYPE);
                     $else = $this->parser->subparse([$this, 'decideIfEnd']);
                     break;
 
                 case 'elseif':
                     $expr = $this->parser->getExpressionParser()->parseExpression();
-                    $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+                    $stream->expect(Token::BLOCK_END_TYPE);
                     $body = $this->parser->subparse([$this, 'decideIfFork']);
                     $tests[] = $expr;
                     $tests[] = $body;
@@ -63,13 +63,13 @@ final class IfTokenParser extends AbstractTokenParser
                     break;
 
                 default:
-                    throw new SyntaxError(sprintf('Unexpected end of template. Twig was looking for the following tags "else", "elseif", or "endif" to close the "if" block started at line %d).', $lineno), $stream->getCurrent()->getLine(), $stream->getSourceContext());
+                    throw new SyntaxError(\sprintf('Unexpected end of template. Twig was looking for the following tags "else", "elseif", or "endif" to close the "if" block started at line %d).', $lineno), $stream->getCurrent()->getLine(), $stream->getSourceContext());
             }
         }
 
-        $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+        $stream->expect(Token::BLOCK_END_TYPE);
 
-        return new IfNode(new Node($tests), $else, $lineno, $this->getTag());
+        return new IfNode(new Node($tests), $else, $lineno);
     }
 
     public function decideIfFork(Token $token): bool
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/ImportTokenParser.php b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/ImportTokenParser.php
index 44cb4dad7..f20f35ab3 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/ImportTokenParser.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/ImportTokenParser.php
@@ -28,13 +28,13 @@ final class ImportTokenParser extends AbstractTokenParser
     public function parse(Token $token): Node
     {
         $macro = $this->parser->getExpressionParser()->parseExpression();
-        $this->parser->getStream()->expect(/* Token::NAME_TYPE */ 5, 'as');
-        $var = new AssignNameExpression($this->parser->getStream()->expect(/* Token::NAME_TYPE */ 5)->getValue(), $token->getLine());
-        $this->parser->getStream()->expect(/* Token::BLOCK_END_TYPE */ 3);
+        $this->parser->getStream()->expect(Token::NAME_TYPE, 'as');
+        $var = new AssignNameExpression($this->parser->getStream()->expect(Token::NAME_TYPE)->getValue(), $token->getLine());
+        $this->parser->getStream()->expect(Token::BLOCK_END_TYPE);
 
         $this->parser->addImportedSymbol('template', $var->getAttribute('name'));
 
-        return new ImportNode($macro, $var, $token->getLine(), $this->getTag(), $this->parser->isMainScope());
+        return new ImportNode($macro, $var, $token->getLine(), $this->parser->isMainScope());
     }
 
     public function getTag(): string
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/IncludeTokenParser.php b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/IncludeTokenParser.php
index 28beb8ae4..466f2288c 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/IncludeTokenParser.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/IncludeTokenParser.php
@@ -31,9 +31,9 @@ class IncludeTokenParser extends AbstractTokenParser
     {
         $expr = $this->parser->getExpressionParser()->parseExpression();
 
-        list($variables, $only, $ignoreMissing) = $this->parseArguments();
+        [$variables, $only, $ignoreMissing] = $this->parseArguments();
 
-        return new IncludeNode($expr, $variables, $only, $ignoreMissing, $token->getLine(), $this->getTag());
+        return new IncludeNode($expr, $variables, $only, $ignoreMissing, $token->getLine());
     }
 
     protected function parseArguments()
@@ -41,23 +41,23 @@ class IncludeTokenParser extends AbstractTokenParser
         $stream = $this->parser->getStream();
 
         $ignoreMissing = false;
-        if ($stream->nextIf(/* Token::NAME_TYPE */ 5, 'ignore')) {
-            $stream->expect(/* Token::NAME_TYPE */ 5, 'missing');
+        if ($stream->nextIf(Token::NAME_TYPE, 'ignore')) {
+            $stream->expect(Token::NAME_TYPE, 'missing');
 
             $ignoreMissing = true;
         }
 
         $variables = null;
-        if ($stream->nextIf(/* Token::NAME_TYPE */ 5, 'with')) {
+        if ($stream->nextIf(Token::NAME_TYPE, 'with')) {
             $variables = $this->parser->getExpressionParser()->parseExpression();
         }
 
         $only = false;
-        if ($stream->nextIf(/* Token::NAME_TYPE */ 5, 'only')) {
+        if ($stream->nextIf(Token::NAME_TYPE, 'only')) {
             $only = true;
         }
 
-        $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+        $stream->expect(Token::BLOCK_END_TYPE);
 
         return [$variables, $only, $ignoreMissing];
     }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/MacroTokenParser.php b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/MacroTokenParser.php
index f584927e9..c7762075c 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/MacroTokenParser.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/MacroTokenParser.php
@@ -32,26 +32,26 @@ final class MacroTokenParser extends AbstractTokenParser
     {
         $lineno = $token->getLine();
         $stream = $this->parser->getStream();
-        $name = $stream->expect(/* Token::NAME_TYPE */ 5)->getValue();
+        $name = $stream->expect(Token::NAME_TYPE)->getValue();
 
         $arguments = $this->parser->getExpressionParser()->parseArguments(true, true);
 
-        $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+        $stream->expect(Token::BLOCK_END_TYPE);
         $this->parser->pushLocalScope();
         $body = $this->parser->subparse([$this, 'decideBlockEnd'], true);
-        if ($token = $stream->nextIf(/* Token::NAME_TYPE */ 5)) {
+        if ($token = $stream->nextIf(Token::NAME_TYPE)) {
             $value = $token->getValue();
 
             if ($value != $name) {
-                throw new SyntaxError(sprintf('Expected endmacro for macro "%s" (but "%s" given).', $name, $value), $stream->getCurrent()->getLine(), $stream->getSourceContext());
+                throw new SyntaxError(\sprintf('Expected endmacro for macro "%s" (but "%s" given).', $name, $value), $stream->getCurrent()->getLine(), $stream->getSourceContext());
             }
         }
         $this->parser->popLocalScope();
-        $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+        $stream->expect(Token::BLOCK_END_TYPE);
 
-        $this->parser->setMacro($name, new MacroNode($name, new BodyNode([$body]), $arguments, $lineno, $this->getTag()));
+        $this->parser->setMacro($name, new MacroNode($name, new BodyNode([$body]), $arguments, $lineno));
 
-        return new Node();
+        return new Node([], [], $lineno);
     }
 
     public function decideBlockEnd(Token $token): bool
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/SandboxTokenParser.php b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/SandboxTokenParser.php
index c919556ec..70869fbc5 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/SandboxTokenParser.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/SandboxTokenParser.php
@@ -34,9 +34,9 @@ final class SandboxTokenParser extends AbstractTokenParser
     public function parse(Token $token): Node
     {
         $stream = $this->parser->getStream();
-        $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+        $stream->expect(Token::BLOCK_END_TYPE);
         $body = $this->parser->subparse([$this, 'decideBlockEnd'], true);
-        $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+        $stream->expect(Token::BLOCK_END_TYPE);
 
         // in a sandbox tag, only include tags are allowed
         if (!$body instanceof IncludeNode) {
@@ -51,7 +51,7 @@ final class SandboxTokenParser extends AbstractTokenParser
             }
         }
 
-        return new SandboxNode($body, $token->getLine(), $this->getTag());
+        return new SandboxNode($body, $token->getLine());
     }
 
     public function decideBlockEnd(Token $token): bool
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/SetTokenParser.php b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/SetTokenParser.php
index 2fbdfe090..bb43907bd 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/SetTokenParser.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/SetTokenParser.php
@@ -37,10 +37,10 @@ final class SetTokenParser extends AbstractTokenParser
         $names = $this->parser->getExpressionParser()->parseAssignmentExpression();
 
         $capture = false;
-        if ($stream->nextIf(/* Token::OPERATOR_TYPE */ 8, '=')) {
+        if ($stream->nextIf(Token::OPERATOR_TYPE, '=')) {
             $values = $this->parser->getExpressionParser()->parseMultitargetExpression();
 
-            $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+            $stream->expect(Token::BLOCK_END_TYPE);
 
             if (\count($names) !== \count($values)) {
                 throw new SyntaxError('When using set, you must have the same number of variables and assignments.', $stream->getCurrent()->getLine(), $stream->getSourceContext());
@@ -52,13 +52,13 @@ final class SetTokenParser extends AbstractTokenParser
                 throw new SyntaxError('When using set with a block, you cannot have a multi-target.', $stream->getCurrent()->getLine(), $stream->getSourceContext());
             }
 
-            $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+            $stream->expect(Token::BLOCK_END_TYPE);
 
             $values = $this->parser->subparse([$this, 'decideBlockEnd'], true);
-            $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+            $stream->expect(Token::BLOCK_END_TYPE);
         }
 
-        return new SetNode($capture, $names, $values, $lineno, $this->getTag());
+        return new SetNode($capture, $names, $values, $lineno);
     }
 
     public function decideBlockEnd(Token $token): bool
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/TypesTokenParser.php b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/TypesTokenParser.php
new file mode 100644
index 000000000..2e0850e7e
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/TypesTokenParser.php
@@ -0,0 +1,86 @@
+<?php
+
+/*
+ * This file is part of Twig.
+ *
+ * (c) Fabien Potencier
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Twig\TokenParser;
+
+use Twig\Error\SyntaxError;
+use Twig\Node\Node;
+use Twig\Node\TypesNode;
+use Twig\Token;
+use Twig\TokenStream;
+
+/**
+ * Declare variable types.
+ *
+ *  {% types {foo: 'int', bar?: 'string'} %}
+ *
+ * @author Jeroen Versteeg <jeroen@alisqi.com>
+ *
+ * @internal
+ */
+final class TypesTokenParser extends AbstractTokenParser
+{
+    public function parse(Token $token): Node
+    {
+        $stream = $this->parser->getStream();
+
+        $types = $this->parseSimpleMappingExpression($stream);
+
+        $stream->expect(Token::BLOCK_END_TYPE);
+
+        return new TypesNode($types, $token->getLine());
+    }
+
+    /**
+     * @return array<string, array{type: string, optional: bool}>
+     *
+     * @throws SyntaxError
+     */
+    private function parseSimpleMappingExpression(TokenStream $stream): array
+    {
+        $stream->expect(Token::PUNCTUATION_TYPE, '{', 'A mapping element was expected');
+
+        $types = [];
+
+        $first = true;
+        while (!$stream->test(Token::PUNCTUATION_TYPE, '}')) {
+            if (!$first) {
+                $stream->expect(Token::PUNCTUATION_TYPE, ',', 'A type string must be followed by a comma');
+
+                // trailing ,?
+                if ($stream->test(Token::PUNCTUATION_TYPE, '}')) {
+                    break;
+                }
+            }
+            $first = false;
+
+            $nameToken = $stream->expect(Token::NAME_TYPE);
+            $isOptional = null !== $stream->nextIf(Token::PUNCTUATION_TYPE, '?');
+
+            $stream->expect(Token::PUNCTUATION_TYPE, ':', 'A type name must be followed by a colon (:)');
+
+            $valueToken = $stream->expect(Token::STRING_TYPE);
+
+            $types[$nameToken->getValue()] = [
+                'type' => $valueToken->getValue(),
+                'optional' => $isOptional,
+            ];
+        }
+        $stream->expect(Token::PUNCTUATION_TYPE, '}', 'An opened mapping is not properly closed');
+
+        return $types;
+    }
+
+    public function getTag(): string
+    {
+        return 'types';
+    }
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/UseTokenParser.php b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/UseTokenParser.php
index d0a2de41a..1b96b4047 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/UseTokenParser.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/UseTokenParser.php
@@ -43,27 +43,27 @@ final class UseTokenParser extends AbstractTokenParser
 
         $targets = [];
         if ($stream->nextIf('with')) {
-            do {
-                $name = $stream->expect(/* Token::NAME_TYPE */ 5)->getValue();
+            while (true) {
+                $name = $stream->expect(Token::NAME_TYPE)->getValue();
 
                 $alias = $name;
                 if ($stream->nextIf('as')) {
-                    $alias = $stream->expect(/* Token::NAME_TYPE */ 5)->getValue();
+                    $alias = $stream->expect(Token::NAME_TYPE)->getValue();
                 }
 
                 $targets[$name] = new ConstantExpression($alias, -1);
 
-                if (!$stream->nextIf(/* Token::PUNCTUATION_TYPE */ 9, ',')) {
+                if (!$stream->nextIf(Token::PUNCTUATION_TYPE, ',')) {
                     break;
                 }
-            } while (true);
+            }
         }
 
-        $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+        $stream->expect(Token::BLOCK_END_TYPE);
 
         $this->parser->addTrait(new Node(['template' => $template, 'targets' => new Node($targets)]));
 
-        return new Node();
+        return new Node([], [], $token->getLine());
     }
 
     public function getTag(): string
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/WithTokenParser.php b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/WithTokenParser.php
index 7d8cbe261..8ce4f02b2 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/TokenParser/WithTokenParser.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/TokenParser/WithTokenParser.php
@@ -30,18 +30,18 @@ final class WithTokenParser extends AbstractTokenParser
 
         $variables = null;
         $only = false;
-        if (!$stream->test(/* Token::BLOCK_END_TYPE */ 3)) {
+        if (!$stream->test(Token::BLOCK_END_TYPE)) {
             $variables = $this->parser->getExpressionParser()->parseExpression();
-            $only = (bool) $stream->nextIf(/* Token::NAME_TYPE */ 5, 'only');
+            $only = (bool) $stream->nextIf(Token::NAME_TYPE, 'only');
         }
 
-        $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+        $stream->expect(Token::BLOCK_END_TYPE);
 
         $body = $this->parser->subparse([$this, 'decideWithEnd'], true);
 
-        $stream->expect(/* Token::BLOCK_END_TYPE */ 3);
+        $stream->expect(Token::BLOCK_END_TYPE);
 
-        return new WithNode($body, $variables, $only, $token->getLine(), $this->getTag());
+        return new WithNode($body, $variables, $only, $token->getLine());
     }
 
     public function decideWithEnd(Token $token): bool
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TokenStream.php b/data/web/inc/lib/vendor/twig/twig/src/TokenStream.php
index 1eac11a02..c91701bfe 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/TokenStream.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/TokenStream.php
@@ -21,13 +21,12 @@ use Twig\Error\SyntaxError;
  */
 final class TokenStream
 {
-    private $tokens;
     private $current = 0;
-    private $source;
 
-    public function __construct(array $tokens, Source $source = null)
-    {
-        $this->tokens = $tokens;
+    public function __construct(
+        private array $tokens,
+        private ?Source $source = null,
+    ) {
         $this->source = $source ?: new Source('', '');
     }
 
@@ -60,24 +59,22 @@ final class TokenStream
      */
     public function nextIf($primary, $secondary = null)
     {
-        if ($this->tokens[$this->current]->test($primary, $secondary)) {
-            return $this->next();
-        }
+        return $this->tokens[$this->current]->test($primary, $secondary) ? $this->next() : null;
     }
 
     /**
      * Tests a token and returns it or throws a syntax error.
      */
-    public function expect($type, $value = null, string $message = null): Token
+    public function expect($type, $value = null, ?string $message = null): Token
     {
         $token = $this->tokens[$this->current];
         if (!$token->test($type, $value)) {
             $line = $token->getLine();
-            throw new SyntaxError(sprintf('%sUnexpected token "%s"%s ("%s" expected%s).',
+            throw new SyntaxError(\sprintf('%sUnexpected token "%s"%s ("%s" expected%s).',
                 $message ? $message.'. ' : '',
                 Token::typeToEnglish($token->getType()),
-                $token->getValue() ? sprintf(' of value "%s"', $token->getValue()) : '',
-                Token::typeToEnglish($type), $value ? sprintf(' with value "%s"', $value) : ''),
+                $token->getValue() ? \sprintf(' of value "%s"', $token->getValue()) : '',
+                Token::typeToEnglish($type), $value ? \sprintf(' with value "%s"', $value) : ''),
                 $line,
                 $this->source
             );
@@ -112,7 +109,7 @@ final class TokenStream
      */
     public function isEOF(): bool
     {
-        return /* Token::EOF_TYPE */ -1 === $this->tokens[$this->current]->getType();
+        return Token::EOF_TYPE === $this->tokens[$this->current]->getType();
     }
 
     public function getCurrent(): Token
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TwigCallableInterface.php b/data/web/inc/lib/vendor/twig/twig/src/TwigCallableInterface.php
new file mode 100644
index 000000000..2a8ff6116
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/TwigCallableInterface.php
@@ -0,0 +1,53 @@
+<?php
+
+/*
+ * This file is part of Twig.
+ *
+ * (c) Fabien Potencier
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Twig;
+
+/**
+ * @author Fabien Potencier <fabien@symfony.com>
+ */
+interface TwigCallableInterface extends \Stringable
+{
+    public function getName(): string;
+
+    public function getType(): string;
+
+    public function getDynamicName(): string;
+
+    /**
+     * @return callable|array{class-string, string}|null
+     */
+    public function getCallable();
+
+    public function getNodeClass(): string;
+
+    public function needsCharset(): bool;
+
+    public function needsEnvironment(): bool;
+
+    public function needsContext(): bool;
+
+    public function withDynamicArguments(string $name, string $dynamicName, array $arguments): self;
+
+    public function getArguments(): array;
+
+    public function isVariadic(): bool;
+
+    public function isDeprecated(): bool;
+
+    public function getDeprecatingPackage(): string;
+
+    public function getDeprecatedVersion(): string;
+
+    public function getAlternative(): ?string;
+
+    public function getMinimalNumberOfRequiredArguments(): int;
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TwigFilter.php b/data/web/inc/lib/vendor/twig/twig/src/TwigFilter.php
index 94e5f9b01..70b1f8f3f 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/TwigFilter.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/TwigFilter.php
@@ -21,72 +21,27 @@ use Twig\Node\Node;
  *
  * @see https://twig.symfony.com/doc/templates.html#filters
  */
-final class TwigFilter
+final class TwigFilter extends AbstractTwigCallable
 {
-    private $name;
-    private $callable;
-    private $options;
-    private $arguments = [];
-
     /**
-     * @param callable|null $callable A callable implementing the filter. If null, you need to overwrite the "node_class" option to customize compilation.
+     * @param callable|array{class-string, string}|null $callable A callable implementing the filter. If null, you need to overwrite the "node_class" option to customize compilation.
      */
     public function __construct(string $name, $callable = null, array $options = [])
     {
-        $this->name = $name;
-        $this->callable = $callable;
+        parent::__construct($name, $callable, $options);
+
         $this->options = array_merge([
-            'needs_environment' => false,
-            'needs_context' => false,
-            'is_variadic' => false,
             'is_safe' => null,
             'is_safe_callback' => null,
             'pre_escape' => null,
             'preserves_safety' => null,
             'node_class' => FilterExpression::class,
-            'deprecated' => false,
-            'alternative' => null,
-        ], $options);
+        ], $this->options);
     }
 
-    public function getName(): string
+    public function getType(): string
     {
-        return $this->name;
-    }
-
-    /**
-     * Returns the callable to execute for this filter.
-     *
-     * @return callable|null
-     */
-    public function getCallable()
-    {
-        return $this->callable;
-    }
-
-    public function getNodeClass(): string
-    {
-        return $this->options['node_class'];
-    }
-
-    public function setArguments(array $arguments): void
-    {
-        $this->arguments = $arguments;
-    }
-
-    public function getArguments(): array
-    {
-        return $this->arguments;
-    }
-
-    public function needsEnvironment(): bool
-    {
-        return $this->options['needs_environment'];
-    }
-
-    public function needsContext(): bool
-    {
-        return $this->options['needs_context'];
+        return 'filter';
     }
 
     public function getSafe(Node $filterArgs): ?array
@@ -112,23 +67,8 @@ final class TwigFilter
         return $this->options['pre_escape'];
     }
 
-    public function isVariadic(): bool
+    public function getMinimalNumberOfRequiredArguments(): int
     {
-        return $this->options['is_variadic'];
-    }
-
-    public function isDeprecated(): bool
-    {
-        return (bool) $this->options['deprecated'];
-    }
-
-    public function getDeprecatedVersion(): string
-    {
-        return \is_bool($this->options['deprecated']) ? '' : $this->options['deprecated'];
-    }
-
-    public function getAlternative(): ?string
-    {
-        return $this->options['alternative'];
+        return parent::getMinimalNumberOfRequiredArguments() + 1;
     }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TwigFunction.php b/data/web/inc/lib/vendor/twig/twig/src/TwigFunction.php
index 494d45b08..4a10df95e 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/TwigFunction.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/TwigFunction.php
@@ -21,70 +21,31 @@ use Twig\Node\Node;
  *
  * @see https://twig.symfony.com/doc/templates.html#functions
  */
-final class TwigFunction
+final class TwigFunction extends AbstractTwigCallable
 {
-    private $name;
-    private $callable;
-    private $options;
-    private $arguments = [];
-
     /**
-     * @param callable|null $callable A callable implementing the function. If null, you need to overwrite the "node_class" option to customize compilation.
+     * @param callable|array{class-string, string}|null $callable A callable implementing the function. If null, you need to overwrite the "node_class" option to customize compilation.
      */
     public function __construct(string $name, $callable = null, array $options = [])
     {
-        $this->name = $name;
-        $this->callable = $callable;
+        parent::__construct($name, $callable, $options);
+
         $this->options = array_merge([
-            'needs_environment' => false,
-            'needs_context' => false,
-            'is_variadic' => false,
             'is_safe' => null,
             'is_safe_callback' => null,
             'node_class' => FunctionExpression::class,
-            'deprecated' => false,
-            'alternative' => null,
-        ], $options);
+            'parser_callable' => null,
+        ], $this->options);
     }
 
-    public function getName(): string
+    public function getType(): string
     {
-        return $this->name;
+        return 'function';
     }
 
-    /**
-     * Returns the callable to execute for this function.
-     *
-     * @return callable|null
-     */
-    public function getCallable()
+    public function getParserCallable(): ?callable
     {
-        return $this->callable;
-    }
-
-    public function getNodeClass(): string
-    {
-        return $this->options['node_class'];
-    }
-
-    public function setArguments(array $arguments): void
-    {
-        $this->arguments = $arguments;
-    }
-
-    public function getArguments(): array
-    {
-        return $this->arguments;
-    }
-
-    public function needsEnvironment(): bool
-    {
-        return $this->options['needs_environment'];
-    }
-
-    public function needsContext(): bool
-    {
-        return $this->options['needs_context'];
+        return $this->options['parser_callable'];
     }
 
     public function getSafe(Node $functionArgs): ?array
@@ -99,24 +60,4 @@ final class TwigFunction
 
         return [];
     }
-
-    public function isVariadic(): bool
-    {
-        return (bool) $this->options['is_variadic'];
-    }
-
-    public function isDeprecated(): bool
-    {
-        return (bool) $this->options['deprecated'];
-    }
-
-    public function getDeprecatedVersion(): string
-    {
-        return \is_bool($this->options['deprecated']) ? '' : $this->options['deprecated'];
-    }
-
-    public function getAlternative(): ?string
-    {
-        return $this->options['alternative'];
-    }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/TwigTest.php b/data/web/inc/lib/vendor/twig/twig/src/TwigTest.php
index 4c18632f5..5e58ad8b0 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/TwigTest.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/TwigTest.php
@@ -20,81 +20,48 @@ use Twig\Node\Expression\TestExpression;
  *
  * @see https://twig.symfony.com/doc/templates.html#test-operator
  */
-final class TwigTest
+final class TwigTest extends AbstractTwigCallable
 {
-    private $name;
-    private $callable;
-    private $options;
-    private $arguments = [];
-
     /**
-     * @param callable|null $callable A callable implementing the test. If null, you need to overwrite the "node_class" option to customize compilation.
+     * @param callable|array{class-string, string}|null $callable A callable implementing the test. If null, you need to overwrite the "node_class" option to customize compilation.
      */
     public function __construct(string $name, $callable = null, array $options = [])
     {
-        $this->name = $name;
-        $this->callable = $callable;
+        parent::__construct($name, $callable, $options);
+
         $this->options = array_merge([
-            'is_variadic' => false,
             'node_class' => TestExpression::class,
-            'deprecated' => false,
-            'alternative' => null,
             'one_mandatory_argument' => false,
-        ], $options);
+        ], $this->options);
     }
 
-    public function getName(): string
+    public function getType(): string
     {
-        return $this->name;
+        return 'test';
     }
 
-    /**
-     * Returns the callable to execute for this test.
-     *
-     * @return callable|null
-     */
-    public function getCallable()
+    public function needsCharset(): bool
     {
-        return $this->callable;
+        return false;
     }
 
-    public function getNodeClass(): string
+    public function needsEnvironment(): bool
     {
-        return $this->options['node_class'];
+        return false;
     }
 
-    public function setArguments(array $arguments): void
+    public function needsContext(): bool
     {
-        $this->arguments = $arguments;
-    }
-
-    public function getArguments(): array
-    {
-        return $this->arguments;
-    }
-
-    public function isVariadic(): bool
-    {
-        return (bool) $this->options['is_variadic'];
-    }
-
-    public function isDeprecated(): bool
-    {
-        return (bool) $this->options['deprecated'];
-    }
-
-    public function getDeprecatedVersion(): string
-    {
-        return \is_bool($this->options['deprecated']) ? '' : $this->options['deprecated'];
-    }
-
-    public function getAlternative(): ?string
-    {
-        return $this->options['alternative'];
+        return false;
     }
 
     public function hasOneMandatoryArgument(): bool
     {
         return (bool) $this->options['one_mandatory_argument'];
     }
+
+    public function getMinimalNumberOfRequiredArguments(): int
+    {
+        return parent::getMinimalNumberOfRequiredArguments() + 1;
+    }
 }
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Util/CallableArgumentsExtractor.php b/data/web/inc/lib/vendor/twig/twig/src/Util/CallableArgumentsExtractor.php
new file mode 100644
index 000000000..8811ca9c8
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/Util/CallableArgumentsExtractor.php
@@ -0,0 +1,204 @@
+<?php
+
+/*
+ * This file is part of Twig.
+ *
+ * (c) Fabien Potencier
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Twig\Util;
+
+use Twig\Error\SyntaxError;
+use Twig\Node\Expression\ArrayExpression;
+use Twig\Node\Expression\ConstantExpression;
+use Twig\Node\Expression\VariadicExpression;
+use Twig\Node\Node;
+use Twig\TwigCallableInterface;
+
+/**
+ * @author Fabien Potencier <fabien@symfony.com>
+ *
+ * @internal
+ */
+final class CallableArgumentsExtractor
+{
+    private ReflectionCallable $rc;
+
+    public function __construct(
+        private Node $node,
+        private TwigCallableInterface $twigCallable,
+    ) {
+        $this->rc = new ReflectionCallable($twigCallable);
+    }
+
+    /**
+     * @return array<Node>
+     */
+    public function extractArguments(Node $arguments): array
+    {
+        $extractedArguments = [];
+        $named = false;
+        foreach ($arguments as $name => $node) {
+            if (!\is_int($name)) {
+                $named = true;
+                $name = $this->normalizeName($name);
+            } elseif ($named) {
+                throw new SyntaxError(\sprintf('Positional arguments cannot be used after named arguments for %s "%s".', $this->twigCallable->getType(), $this->twigCallable->getName()), $this->node->getTemplateLine(), $this->node->getSourceContext());
+            }
+
+            $extractedArguments[$name] = $node;
+        }
+
+        if (!$named && !$this->twigCallable->isVariadic()) {
+            $min = $this->twigCallable->getMinimalNumberOfRequiredArguments();
+            if (\count($extractedArguments) < $this->rc->getReflector()->getNumberOfRequiredParameters() - $min) {
+                throw new SyntaxError(\sprintf('Value for argument "%s" is required for %s "%s".', $this->rc->getReflector()->getParameters()[$min + \count($extractedArguments)]->getName(), $this->twigCallable->getType(), $this->twigCallable->getName()), $this->node->getTemplateLine(), $this->node->getSourceContext());
+            }
+
+            return $extractedArguments;
+        }
+
+        if (!$callable = $this->twigCallable->getCallable()) {
+            if ($named) {
+                throw new SyntaxError(\sprintf('Named arguments are not supported for %s "%s".', $this->twigCallable->getType(), $this->twigCallable->getName()));
+            }
+
+            throw new SyntaxError(\sprintf('Arbitrary positional arguments are not supported for %s "%s".', $this->twigCallable->getType(), $this->twigCallable->getName()));
+        }
+
+        [$callableParameters, $isPhpVariadic] = $this->getCallableParameters();
+        $arguments = [];
+        $names = [];
+        $missingArguments = [];
+        $optionalArguments = [];
+        $pos = 0;
+        foreach ($callableParameters as $callableParameter) {
+            $name = $this->normalizeName($callableParameter->name);
+            if (\PHP_VERSION_ID >= 80000 && 'range' === $callable) {
+                if ('start' === $name) {
+                    $name = 'low';
+                } elseif ('end' === $name) {
+                    $name = 'high';
+                }
+            }
+
+            $names[] = $name;
+
+            if (\array_key_exists($name, $extractedArguments)) {
+                if (\array_key_exists($pos, $extractedArguments)) {
+                    throw new SyntaxError(\sprintf('Argument "%s" is defined twice for %s "%s".', $name, $this->twigCallable->getType(), $this->twigCallable->getName()), $this->node->getTemplateLine(), $this->node->getSourceContext());
+                }
+
+                if (\count($missingArguments)) {
+                    throw new SyntaxError(\sprintf(
+                        'Argument "%s" could not be assigned for %s "%s(%s)" because it is mapped to an internal PHP function which cannot determine default value for optional argument%s "%s".',
+                        $name, $this->twigCallable->getType(), $this->twigCallable->getName(), implode(', ', $names), \count($missingArguments) > 1 ? 's' : '', implode('", "', $missingArguments)
+                    ), $this->node->getTemplateLine(), $this->node->getSourceContext());
+                }
+
+                $arguments = array_merge($arguments, $optionalArguments);
+                $arguments[] = $extractedArguments[$name];
+                unset($extractedArguments[$name]);
+                $optionalArguments = [];
+            } elseif (\array_key_exists($pos, $extractedArguments)) {
+                $arguments = array_merge($arguments, $optionalArguments);
+                $arguments[] = $extractedArguments[$pos];
+                unset($extractedArguments[$pos]);
+                $optionalArguments = [];
+                ++$pos;
+            } elseif ($callableParameter->isDefaultValueAvailable()) {
+                $optionalArguments[] = new ConstantExpression($callableParameter->getDefaultValue(), $this->node->getTemplateLine());
+            } elseif ($callableParameter->isOptional()) {
+                if (!$extractedArguments) {
+                    break;
+                }
+
+                $missingArguments[] = $name;
+            } else {
+                throw new SyntaxError(\sprintf('Value for argument "%s" is required for %s "%s".', $name, $this->twigCallable->getType(), $this->twigCallable->getName()), $this->node->getTemplateLine(), $this->node->getSourceContext());
+            }
+        }
+
+        if ($this->twigCallable->isVariadic()) {
+            $arbitraryArguments = $isPhpVariadic ? new VariadicExpression([], $this->node->getTemplateLine()) : new ArrayExpression([], $this->node->getTemplateLine());
+            foreach ($extractedArguments as $key => $value) {
+                if (\is_int($key)) {
+                    $arbitraryArguments->addElement($value);
+                } else {
+                    $arbitraryArguments->addElement($value, new ConstantExpression($key, $this->node->getTemplateLine()));
+                }
+                unset($extractedArguments[$key]);
+            }
+
+            if ($arbitraryArguments->count()) {
+                $arguments = array_merge($arguments, $optionalArguments);
+                $arguments[] = $arbitraryArguments;
+            }
+        }
+
+        if ($extractedArguments) {
+            $unknownArgument = null;
+            foreach ($extractedArguments as $extractedArgument) {
+                if ($extractedArgument instanceof Node) {
+                    $unknownArgument = $extractedArgument;
+                    break;
+                }
+            }
+
+            throw new SyntaxError(
+                \sprintf(
+                    'Unknown argument%s "%s" for %s "%s(%s)".',
+                    \count($extractedArguments) > 1 ? 's' : '', implode('", "', array_keys($extractedArguments)), $this->twigCallable->getType(), $this->twigCallable->getName(), implode(', ', $names)
+                ),
+                $unknownArgument ? $unknownArgument->getTemplateLine() : $this->node->getTemplateLine(),
+                $unknownArgument ? $unknownArgument->getSourceContext() : $this->node->getSourceContext()
+            );
+        }
+
+        return $arguments;
+    }
+
+    private function normalizeName(string $name): string
+    {
+        return strtolower(preg_replace(['/([A-Z]+)([A-Z][a-z])/', '/([a-z\d])([A-Z])/'], ['\\1_\\2', '\\1_\\2'], $name));
+    }
+
+    private function getCallableParameters(): array
+    {
+        $parameters = $this->rc->getReflector()->getParameters();
+        if ($this->node->hasNode('node')) {
+            array_shift($parameters);
+        }
+        if ($this->twigCallable->needsCharset()) {
+            array_shift($parameters);
+        }
+        if ($this->twigCallable->needsEnvironment()) {
+            array_shift($parameters);
+        }
+        if ($this->twigCallable->needsContext()) {
+            array_shift($parameters);
+        }
+        foreach ($this->twigCallable->getArguments() as $argument) {
+            array_shift($parameters);
+        }
+
+        $isPhpVariadic = false;
+        if ($this->twigCallable->isVariadic()) {
+            $argument = end($parameters);
+            $isArray = $argument && $argument->hasType() && $argument->getType() instanceof \ReflectionNamedType && 'array' === $argument->getType()->getName();
+            if ($isArray && $argument->isDefaultValueAvailable() && [] === $argument->getDefaultValue()) {
+                array_pop($parameters);
+            } elseif ($argument && $argument->isVariadic()) {
+                array_pop($parameters);
+                $isPhpVariadic = true;
+            } else {
+                throw new SyntaxError(\sprintf('The last parameter of "%s" for %s "%s" must be an array with default value, eg. "array $arg = []".', $this->rc->getName(), $this->twigCallable->getType(), $this->twigCallable->getName()));
+            }
+        }
+
+        return [$parameters, $isPhpVariadic];
+    }
+}
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Util/DeprecationCollector.php b/data/web/inc/lib/vendor/twig/twig/src/Util/DeprecationCollector.php
index 378b666bd..0ea26ed4b 100644
--- a/data/web/inc/lib/vendor/twig/twig/src/Util/DeprecationCollector.php
+++ b/data/web/inc/lib/vendor/twig/twig/src/Util/DeprecationCollector.php
@@ -20,11 +20,9 @@ use Twig\Source;
  */
 final class DeprecationCollector
 {
-    private $twig;
-
-    public function __construct(Environment $twig)
-    {
-        $this->twig = $twig;
+    public function __construct(
+        private Environment $twig,
+    ) {
     }
 
     /**
@@ -60,6 +58,8 @@ final class DeprecationCollector
             if (\E_USER_DEPRECATED === $type) {
                 $deprecations[] = $msg;
             }
+
+            return false;
         });
 
         foreach ($iterator as $name => $contents) {
diff --git a/data/web/inc/lib/vendor/twig/twig/src/Util/ReflectionCallable.php b/data/web/inc/lib/vendor/twig/twig/src/Util/ReflectionCallable.php
new file mode 100644
index 000000000..16734d9df
--- /dev/null
+++ b/data/web/inc/lib/vendor/twig/twig/src/Util/ReflectionCallable.php
@@ -0,0 +1,92 @@
+<?php
+
+/*
+ * This file is part of Twig.
+ *
+ * (c) Fabien Potencier
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Twig\Util;
+
+use Twig\TwigCallableInterface;
+
+/**
+ * @author Fabien Potencier <fabien@symfony.com>
+ *
+ * @internal
+ */
+final class ReflectionCallable
+{
+    private $reflector;
+    private $callable;
+    private $name;
+
+    public function __construct(
+        TwigCallableInterface $twigCallable,
+    ) {
+        $callable = $twigCallable->getCallable();
+        if (\is_string($callable) && false !== $pos = strpos($callable, '::')) {
+            $callable = [substr($callable, 0, $pos), substr($callable, 2 + $pos)];
+        }
+
+        if (\is_array($callable) && method_exists($callable[0], $callable[1])) {
+            $this->reflector = $r = new \ReflectionMethod($callable[0], $callable[1]);
+            $this->callable = $callable;
+            $this->name = $r->class.'::'.$r->name;
+
+            return;
+        }
+
+        $checkVisibility = $callable instanceof \Closure;
+        try {
+            $closure = \Closure::fromCallable($callable);
+        } catch (\TypeError $e) {
+            throw new \LogicException(\sprintf('Callback for %s "%s" is not callable in the current scope.', $twigCallable->getType(), $twigCallable->getName()), 0, $e);
+        }
+        $this->reflector = $r = new \ReflectionFunction($closure);
+
+        if (str_contains($r->name, '{closure')) {
+            $this->callable = $callable;
+            $this->name = 'Closure';
+
+            return;
+        }
+
+        if ($object = $r->getClosureThis()) {
+            $callable = [$object, $r->name];
+            $this->name = get_debug_type($object).'::'.$r->name;
+        } elseif (\PHP_VERSION_ID >= 80111 && $class = $r->getClosureCalledClass()) {
+            $callable = [$class->name, $r->name];
+            $this->name = $class->name.'::'.$r->name;
+        } elseif (\PHP_VERSION_ID < 80111 && $class = $r->getClosureScopeClass()) {
+            $callable = [\is_array($callable) ? $callable[0] : $class->name, $r->name];
+            $this->name = (\is_array($callable) ? $callable[0] : $class->name).'::'.$r->name;
+        } else {
+            $callable = $this->name = $r->name;
+        }
+
+        if ($checkVisibility && \is_array($callable) && method_exists(...$callable) && !(new \ReflectionMethod(...$callable))->isPublic()) {
+            $callable = $r->getClosure();
+        }
+
+        $this->callable = $callable;
+    }
+
+    public function getReflector(): \ReflectionFunctionAbstract
+    {
+        return $this->reflector;
+    }
+
+    public function getCallable()
+    {
+        return $this->callable;
+    }
+
+    public function getName(): string
+    {
+        return $this->name;
+    }
+}

From 38907b50323c91b16cec1e2597e84b6ea9f890d6 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Wed, 16 Oct 2024 15:56:40 +0200
Subject: [PATCH 348/755] dovecot: activate lazy_expunge plugin per default
 (unconfigured) (#6112)

---
 data/Dockerfiles/dovecot/docker-entrypoint.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index 3cfdd77a6..35c4691c5 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -114,15 +114,15 @@ if [[ "${FLATCURVE_EXPERIMENTAL}" =~ ^([yY][eE][sS]|[yY]) ]]; then
 echo -e "\e[33mActivating Flatcurve as FTS Backend...\e[0m"
 echo -e "\e[33mDepending on your previous setup a full reindex might be needed... \e[0m"
 echo -e "\e[34mVisit https://docs.mailcow.email/manual-guides/Dovecot/u_e-dovecot-fts/#fts-related-dovecot-commands to learn how to reindex\e[0m"
-echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify fts fts_flatcurve listescape replication' > /etc/dovecot/mail_plugins
+echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify fts fts_flatcurve listescape replication lazy_expunge' > /etc/dovecot/mail_plugins
 echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify mail_log fts fts_flatcurve listescape replication' > /etc/dovecot/mail_plugins_imap
 echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl fts fts_flatcurve notify listescape replication' > /etc/dovecot/mail_plugins_lmtp
 elif [[ "${SKIP_SOLR}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify listescape replication' > /etc/dovecot/mail_plugins
+echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify listescape replication lazy_expunge' > /etc/dovecot/mail_plugins
 echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify listescape replication mail_log' > /etc/dovecot/mail_plugins_imap
 echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl notify listescape replication' > /etc/dovecot/mail_plugins_lmtp
 else
-echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify fts fts_solr listescape replication' > /etc/dovecot/mail_plugins
+echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify fts fts_solr listescape replication lazy_expunge' > /etc/dovecot/mail_plugins
 echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify mail_log fts fts_solr listescape replication' > /etc/dovecot/mail_plugins_imap
 echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl fts fts_solr notify listescape replication' > /etc/dovecot/mail_plugins_lmtp
 fi

From fce93609dda7ba209cac1f30f72ac262ce6356d8 Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik+github@kernstock.net>
Date: Thu, 17 Oct 2024 09:11:55 +0200
Subject: [PATCH 349/755] Update mime_types.conf configuration (#6013)

In the last months and years, the default `mime_types.conf` of rspamd has changed and it might be also useful to make some adjustments to the weight of certain file extensions.

This PR is removing all file extensions from `mime_types.conf` which are already in rspamd's default configuration at [rspamd/src/plugins/lua/mime_types.lua](https://github.com/rspamd/rspamd/blob/master/src/plugins/lua/mime_types.lua). If file extension is not present or has a different score compared to rspamd default, it is still in the list.

There are also a few major differences to certain file extensions, which might be useful to discuss and carefully adjust. For example, `.exe` files are rated very 'badly' due to high chance of being malicious, so are other extensions like `bat`, `cmd`, etc.

Current suggestion:
```lua
# Extensions that are treated as 'bad'
# Number is score multiply factor
bad_extensions = {
  apk = 4,
  appx = 4,
  appxbundle = 4,
  bat = 8,
  cab = 20,
  cmd = 8,
  com = 20,
  diagcfg = 4,
  diagpack = 4,
  dmg = 8,
  ex = 20,
  ex_ = 20,
  exe = 20,
  img = 4,
  jar = 8,
  jnlp = 8,
  js = 8,
  jse = 8,
  lnk = 20,
  mjs = 8,
  msi = 4,
  msix = 4,
  msixbundle = 4,
  ps1 = 8,
  scr = 20,
  sct = 20,
  vb = 20,
  vbe = 20,
  vbs = 20,
  vhd = 4,
  py = 4,
  reg = 8,
  scf = 8,
  vhdx = 4,
};

# Extensions that are particularly penalized for archives
bad_archive_extensions = {
  pptx = 0.5,
  docx = 0.5,
  xlsx = 0.5,
  pdf = 1.0,
  jar = 12,
  jnlp = 12,
  bat = 12,
  cmd = 12,
};

# Used to detect another archive in archive
archive_extensions = {
  tar = 1,
  ['tar.gz'] = 1,
};
```

**As a important reminder**: For all remaining and additional file extensions and score weights, please check above default rspamd configuration!
---
 data/conf/rspamd/local.d/mime_types.conf | 72 ++++++++++++++----------
 1 file changed, 43 insertions(+), 29 deletions(-)

diff --git a/data/conf/rspamd/local.d/mime_types.conf b/data/conf/rspamd/local.d/mime_types.conf
index 08a08b699..d149e588a 100644
--- a/data/conf/rspamd/local.d/mime_types.conf
+++ b/data/conf/rspamd/local.d/mime_types.conf
@@ -1,27 +1,45 @@
+###############################################################################
+# This list is added/merged with defined defaults in LUA module:
+# https://github.com/rspamd/rspamd/blob/master/src/plugins/lua/mime_types.lua
+###############################################################################
+
 # Extensions that are treated as 'bad'
 # Number is score multiply factor
 bad_extensions = {
-  scr = 20,
-  lnk = 20,
-  exe = 20,
-  msi = 1,
-  msp = 1,
-  msu = 1,
-  jar = 2,
-  com = 20,
-  bat = 4,
-  cmd = 4,
-  ps1 = 4,
-  ace = 4,
-  arj = 4,
+  apk = 4,
+  appx = 4,
+  appxbundle = 4,
+  bat = 8,
   cab = 20,
+  cmd = 8,
+  com = 20,
+  diagcfg = 4,
+  diagpack = 4,
+  dmg = 8,
+  ex = 20,
+  ex_ = 20,
+  exe = 20,
+  img = 4,
+  jar = 8,
+  jnlp = 8,
+  js = 8,
+  jse = 8,
+  lnk = 20,
+  mjs = 8,
+  msi = 4,
+  msix = 4,
+  msixbundle = 4,
+  ps1 = 8,
+  scr = 20,
+  sct = 20,
+  vb = 20,
+  vbe = 20,
   vbs = 20,
-  hta = 4,
-  shs = 4,
-  wsc = 4,
-  wsf = 4,
-  iso = 8,
-  img = 8
+  vhd = 4,
+  py = 4,
+  reg = 8,
+  scf = 8,
+  vhdx = 4,
 };
 
 # Extensions that are particularly penalized for archives
@@ -30,18 +48,14 @@ bad_archive_extensions = {
   docx = 0.5,
   xlsx = 0.5,
   pdf = 1.0,
-  jar = 3,
-  js = 0.5,
-  vbs = 20,
-  exe = 20
+  jar = 12,
+  jnlp = 12,
+  bat = 12,
+  cmd = 12,
 };
 
 # Used to detect another archive in archive
 archive_extensions = {
-  zip = 1,
-  arj = 1,
-  rar = 1,
-  ace = 1,
-  7z = 1,
-  cab = 1
+  tar = 1,
+  ['tar.gz'] = 1,
 };

From 399630cf3443c2adf91cc0b55948bdcce1a8a608 Mon Sep 17 00:00:00 2001
From: SamWang8891 <g348.8891@gmail.com>
Date: Thu, 17 Oct 2024 20:50:05 +0800
Subject: [PATCH 350/755] Update lang.zh-tw.json (#6114)

---
 data/web/lang/lang.zh-tw.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/lang/lang.zh-tw.json b/data/web/lang/lang.zh-tw.json
index c3c2cf714..6dcd519e6 100644
--- a/data/web/lang/lang.zh-tw.json
+++ b/data/web/lang/lang.zh-tw.json
@@ -511,7 +511,7 @@
         "architecture": "結構",
         "current_time": "系統時間",
         "container_running": "正在執行",
-        "memory": "記憶",
+        "memory": "記憶體",
         "container_disabled": "容器停止或停用",
         "container_stopped": "已停止",
         "cores": "核心",

From ee2791d93af2335a759d46f855994ef4824480d1 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Fri, 18 Oct 2024 15:50:45 +0200
Subject: [PATCH 351/755] rspamd: update to 3.10.1 (#6115)

* rspamd: upgrade to 3.10.1

* rspamd: adapt 30s task timeout per default now
---
 data/Dockerfiles/rspamd/Dockerfile   | 4 ++--
 data/conf/rspamd/local.d/options.inc | 1 +
 docker-compose.yml                   | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/data/Dockerfiles/rspamd/Dockerfile b/data/Dockerfiles/rspamd/Dockerfile
index df15a0bed..ca4f9f71d 100644
--- a/data/Dockerfiles/rspamd/Dockerfile
+++ b/data/Dockerfiles/rspamd/Dockerfile
@@ -1,8 +1,8 @@
 FROM debian:bookworm-slim
-LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
+LABEL maintainer="The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG RSPAMD_VER=rspamd_3.9.1-1~82f43560f
+ARG RSPAMD_VER=rspamd_3.10.1-1~9de95c2b6
 ARG CODENAME=bookworm
 ENV LC_ALL=C
 
diff --git a/data/conf/rspamd/local.d/options.inc b/data/conf/rspamd/local.d/options.inc
index 105bbdcd8..99197ff55 100644
--- a/data/conf/rspamd/local.d/options.inc
+++ b/data/conf/rspamd/local.d/options.inc
@@ -2,6 +2,7 @@ dns {
   enable_dnssec = true;
 }
 map_watch_interval = 30s;
+task_timeout = 30s;
 disable_monitoring = true;
 # In case a task times out (like DNS lookup), soft reject the message
 # instead of silently accepting the message without further processing.
diff --git a/docker-compose.yml b/docker-compose.yml
index 01f8ee90b..110de288d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -80,7 +80,7 @@ services:
             - clamd
 
     rspamd-mailcow:
-      image: mailcow/rspamd:1.97
+      image: mailcow/rspamd:1.98
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow

From 502a7100ca18adaf4a6f3bbf0cfc5a38c91e168a Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sat, 19 Oct 2024 22:24:45 +0200
Subject: [PATCH 352/755] [Web] Updated lang.zh-cn.json (#6120)

Co-authored-by: SamWang8891 <g348.8891@gmail.com>
---
 data/web/lang/lang.zh-cn.json | 28 +++++++++++++++++++++++++---
 1 file changed, 25 insertions(+), 3 deletions(-)

diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index 0d660c189..bac42e5d7 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -28,7 +28,8 @@
         "spam_score": "垃圾邮件分数",
         "syncjobs": "同步任务",
         "tls_policy": "TLS 策略",
-        "unlimited_quota": "无限邮箱容量配额"
+        "unlimited_quota": "无限邮箱容量配额",
+        "pw_reset": "允许重置mailcow使用者密码"
     },
     "add": {
         "activate_filter_warn": "当“启用”选项被勾选后，其它所有的过滤器都会被禁用。",
@@ -338,7 +339,26 @@
         "yes": "&#10003;",
         "options": "选项",
         "f2b_max_ban_time": "最长封禁时间（秒）",
-        "copy_to_clipboard": "复制到粘贴板"
+        "copy_to_clipboard": "复制到粘贴板",
+        "reset_password_vars": "<code>{{link}}</code> 生成的密码重置链接<br><code>{{username}}</code> 要求重置密码的使用者的邮箱名称<br><code>{{username2}}</code> 复原邮箱名称<br><code>{{date}}</code> 要求重置密码之日期<br><code>{{token_lifetime}}</code> 令牌(token)过期时间(以分钟计)<br><code>{{hostname}}</code> mailcow 主机名",
+        "logo_normal_label": "正常",
+        "f2b_manage_external_info": "Fail2Ban 还会持续维护封禁列表，但不会主动设置规则阻挡流量。请使用以下生成的封禁列表在外部阻止流量。",
+        "password_reset_info": "若无提供复原电子邮箱，此功能将无法使用。",
+        "f2b_ban_time_increment": "禁止时间会随着禁止次数增加",
+        "logo_dark_label": "为深色模式反色",
+        "cors_settings": "CORS 设定",
+        "f2b_manage_external": "外部管理Fail2Ban",
+        "ip_check_opt_in": "使用第三方服务 <strong>ipv4.mailcow.email</strong> 及 <strong>ipv6.mailcow.email</strong> 以解析外部IP地址。",
+        "password_reset_settings": "密码复原设置",
+        "password_reset_tmpl_html": "HTML 模版",
+        "password_reset_tmpl_text": "文字模版",
+        "password_settings": "密码设定",
+        "restore_template": "留空以恢复预设模版",
+        "ip_check": "IP 检查",
+        "ip_check_disabled": "IP 检查已禁用。你可透过以下路径启用<br> <strong>系统 > 配置 > 选项 > 页面自定义</strong>",
+        "queue_unban": "解除封禁",
+        "allowed_methods": "访问控制允许方式",
+        "allowed_origins": "访问控制允许原"
     },
     "danger": {
         "access_denied": "访问被拒绝或者表单数据无效",
@@ -459,7 +479,9 @@
         "value_missing": "请填入所有值",
         "yotp_verification_failed": "Yubico OTP 认证失败: %s",
         "template_exists": "模板 %s 已存在",
-        "template_name_invalid": "模板名称无效"
+        "template_name_invalid": "模板名称无效",
+        "cors_invalid_method": "制定的允许模式无效",
+        "cors_invalid_origin": "指定的允许原无效"
     },
     "debug": {
         "chart_this_server": "图表 (此服务器)",

From b106945c73e8d00df2ad912870fb7744535cb399 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Mon, 21 Oct 2024 16:03:51 +0200
Subject: [PATCH 353/755] Feat/rspamd 3.10.2 (#6122)

* rspamd: update to 3.10.2

* rspamd: fix broken archive_extension gz
---
 data/Dockerfiles/rspamd/Dockerfile       | 2 +-
 data/conf/rspamd/local.d/mime_types.conf | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/data/Dockerfiles/rspamd/Dockerfile b/data/Dockerfiles/rspamd/Dockerfile
index ca4f9f71d..64376bbd3 100644
--- a/data/Dockerfiles/rspamd/Dockerfile
+++ b/data/Dockerfiles/rspamd/Dockerfile
@@ -2,7 +2,7 @@ FROM debian:bookworm-slim
 LABEL maintainer="The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG RSPAMD_VER=rspamd_3.10.1-1~9de95c2b6
+ARG RSPAMD_VER=rspamd_3.10.2-1~b8a232043
 ARG CODENAME=bookworm
 ENV LC_ALL=C
 
diff --git a/data/conf/rspamd/local.d/mime_types.conf b/data/conf/rspamd/local.d/mime_types.conf
index d149e588a..83561862f 100644
--- a/data/conf/rspamd/local.d/mime_types.conf
+++ b/data/conf/rspamd/local.d/mime_types.conf
@@ -57,5 +57,5 @@ bad_archive_extensions = {
 # Used to detect another archive in archive
 archive_extensions = {
   tar = 1,
-  ['tar.gz'] = 1,
-};
+  gz = 1,
+};
\ No newline at end of file

From 5c88030b5a39e8368bdfb564f4bfcde87b2e6ace Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Tue, 22 Oct 2024 21:52:42 +0200
Subject: [PATCH 354/755] Translations update from Weblate (#6123)

* [Web] Updated lang.lv-lv.json

Co-authored-by: Edgars Andersons <Edgars+Mailcow+Weblate@gaitenis.id.lv>

* [Web] Updated lang.zh-tw.json

[Web] Updated lang.zh-tw.json

Co-authored-by: SamWang8891 <g348.8891@gmail.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

---------

Co-authored-by: Edgars Andersons <Edgars+Mailcow+Weblate@gaitenis.id.lv>
Co-authored-by: SamWang8891 <g348.8891@gmail.com>
---
 data/web/lang/lang.lv-lv.json | 38 +++++++++++++++---------
 data/web/lang/lang.zh-tw.json | 55 ++++++++++++++++++++++++++++++-----
 2 files changed, 71 insertions(+), 22 deletions(-)

diff --git a/data/web/lang/lang.lv-lv.json b/data/web/lang/lang.lv-lv.json
index 5f486d909..31c31301c 100644
--- a/data/web/lang/lang.lv-lv.json
+++ b/data/web/lang/lang.lv-lv.json
@@ -40,7 +40,7 @@
         "exclude": "Izslēgt objektus (regex)",
         "full_name": "Pilns vārds",
         "goto_null": "Klusām dzēst pastu",
-        "hostname": "Hosta nosaukums",
+        "hostname": "Saimniekdators",
         "kind": "Veids",
         "mailbox_quota_m": "Maks. kvota pastkastei (MiB)",
         "mailbox_username": "Lietotājvārds (kriesā daļa no epasta adreses)",
@@ -69,7 +69,8 @@
         "username": "Lietotājvārds",
         "validate": "Apstiprināt",
         "validation_success": "Apstiprināts veiksmīgi",
-        "bcc_dest_format": "BCC galamērķim ir jābūt vienai derīgai e-pasta adresei.<br>Ja ir nepieciešams nosūtīt kopiju vairākām adresēm, jāizveido aizstājvārds un jāizmanto tas šeit."
+        "bcc_dest_format": "BCC galamērķim ir jābūt vienai derīgai e-pasta adresei.<br>Ja ir nepieciešams nosūtīt kopiju vairākām adresēm, jāizveido aizstājvārds un jāizmanto tas šeit.",
+        "domain_matches_hostname": "Domēns %s atbilst saimniekdatora nosaukumam"
     },
     "admin": {
         "access": "Pieeja",
@@ -165,7 +166,8 @@
         "f2b_regex_info": "Vērā ņemtie žurnāli: SOGO, Postfix, Dovecot, PHP-FPM.",
         "sys_mails": "Sistēmas pasts",
         "ip_check_disabled": "IP pārbaude ir atspējota. To var iespējot<br><strong>Sistēma > Konfigurācija > iespējas > Pielāgot</strong>",
-        "rspamd_com_settings": "Iestatījuma nosaukums tiks izveidots automātiski. Lūgums zemāk skatīt priekšiestatījumu piemērus. Vairāk informācijas ir <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd dokumentācijā</a>"
+        "rspamd_com_settings": "Iestatījuma nosaukums tiks izveidots automātiski. Lūgums zemāk skatīt priekšiestatījumu piemērus. Vairāk informācijas ir <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd dokumentācijā</a>",
+        "reset_password_vars": "<code>{{link}}</code> Izveidotā paroles atiestatīšanas saite<br><code>{{username}}</code> Lietotāja, kurš pieprasīja paroles atiestatīšanu, pastkastes nosaukums<br><code>{{username2}}</code> Atkopšanas pastkastes nosaukums<br><code>{{date}}</code> Paroles atiestatīšanas pieprasījuma veikšanas datums<br><code>{{token_lifetime}}</code> Pilnvaras derīgums minūtēs<br><code>{{hostname}}</code> mailcow saimniekdatora nosaukums"
     },
     "danger": {
         "access_denied": "Piekļuve liegta, vai nepareizi dati",
@@ -216,7 +218,8 @@
         "target_domain_invalid": "Goto domēns ir nepareizs",
         "targetd_not_found": "Mērķa domēns nav atrasts",
         "username_invalid": "Lietotājvārds nevar tikt izmantots",
-        "validity_missing": "Lūdzu piešķiriet derīguma termiņu"
+        "validity_missing": "Lūdzu piešķiriet derīguma termiņu",
+        "domain_cannot_match_hostname": "Domēns nevar atbilst saimniekdatora nosaukumam"
     },
     "diagnostics": {
         "cname_from_a": "Vērtība, kas iegūta no A/AAAA ieraksta. Tas tiek atbalstīts tik ilgi, kamēr ieraksts norāda uz pareizo resursu.",
@@ -248,14 +251,14 @@
         "force_pw_update": "Piespiedu paroles atjaunošana pie nākošās pieslēgšanās",
         "force_pw_update_info": "Šis lietotājs varēs pieslēgties tikai %s.",
         "full_name": "Pilns vārds",
-        "hostname": "Hosta nosaukums",
+        "hostname": "Saimniekdatora nosaukums",
         "inactive": "Neaktīvs",
         "kind": "Veids",
         "mailbox": "Rediģēt pastkasti",
         "max_aliases": "Lielākais aizstājvārdu skaits",
         "max_mailboxes": "Maks. iespējamās pastkastes",
         "max_quota": "Maks. kvota uz pastkasti (MiB)",
-        "maxage": "Maximum age of messages in days that will be polled from remote<br><small>(0 = ignore age)</small>",
+        "maxage": "Lielākais ziņojumu, kuri tiks vaicāti attālajā serverī, vecums dienās<br><small>(0 = neņemt vērā vecumu)</small>",
         "maxbytespersecond": "Maks. baiti sekundē (0 ir vienāds ar neierobežotu skaitu)",
         "mins_interval": "Intervāls (min)",
         "multiple_bookings": "Vairāki rezervējumi",
@@ -325,7 +328,7 @@
     },
     "mailbox": {
         "action": "Rīcība",
-        "activate": "Activate",
+        "activate": "Aktivizēt",
         "active": "Aktīvs",
         "add": "Pievienot",
         "add_alias": "Pievienot aizstājvārdu",
@@ -449,11 +452,11 @@
         "qinfo": "Karantīnas sistēma datubāzē saglabās noraidīto pastu (sūtītājam <em>netiks</em> radīts iespaids par piegādātu pastu), kā arī pastu, kas tiek piegādāts kā kopija pastkastes mēstuļu mapē.\n  <br>\"Apgūt kā surogātpastu un izdzēst\" apgūs ziņojumu kā surogātpastu ar Bajesa teorēmu un aprēķinās arī nestriktas jaucējvērtības, lai nākotnē noraidītu līdzīgus ziņojumus.\n  <br>Lūgums apzināties, ka vairāku ziņojumu apgūšana var būt laikietilpīga atkarībā no sistēmas.<br>Melnā saraksta vienumi karantīnā netiek iekļauti."
     },
     "queue": {
-        "queue_manager": "Queue Manager",
+        "queue_manager": "Rindas pārvaldnieks",
         "info": "Pasta rinda satur visus e-pastus, kas gaida piegādi. Ja e-pasts ir iestrēdzis pasta rindā ilgu laiku, sistēma to automātiski izdzēš.<br>Attiecīgā pasta kļūdas ziņojums sniedz informāciju par to, kāpēc pastu neizdevās piegādāt."
     },
     "start": {
-        "help": "Rādīt/Paslēp palīdzības paneli",
+        "help": "Rādīt/Paslēpt palīdzības paneli",
         "imap_smtp_server_auth_info": "Lūgums izmantot pilnu e-pasta adresi un PLAIN autentifikācijas mehānismu.<br>\nPieteikšanās dati tiks šifrēti ar servera puses obligātu šifrēšanu.",
         "mailcow_apps_detail": "Izmantojiet lietotni mailcow, lai piekļūtu savam pastam, kalendāram, kontaktiem un citām lietām.",
         "mailcow_panel_detail": "<b>Domēna pārvaldītāji</b> izveido, maina vai izdzēš pastkastes un aizstājvārdus, maina domēnus un lasa papildu informāciju par piešķirtajiem domēniem.<br>\n<b>Pastkastes lietotāji</b> var izveidot laikā ierobežotus aizstājvārdus (surogātpasta aizstājvārdus), mainīt savu paroli un surogātpasta atlasīšanas iestatījumus."
@@ -489,7 +492,7 @@
         "relayhost_added": "Relejhosts %s pievienots",
         "relayhost_removed": "Relejhosts %s noņemts",
         "reset_main_logo": "Atjaunot noklusējuma logotipu",
-        "resource_added": "Resource %s has been added",
+        "resource_added": "Avots %s tika pievienots",
         "resource_modified": "Izmaiņas %s ir saglabātas",
         "resource_removed": "Resurs %s tika noņemts",
         "ui_texts": "Saglabāt UI izmaiņas tekstiem",
@@ -513,7 +516,8 @@
         "webauthn": "WebAuthn autentifikācija",
         "waiting_usb_auth": "<i>Gaida USB ierīci...</i><br><br>Lūdzu, tagad nospiežiet pogu uz Jūsu WebAuthn USB ierīces.",
         "waiting_usb_register": "<i>Gaida USB ierīci...</i><br><br>Lūdzu augšā ievadiet Jūsu paroli un apstipriniet WebAuthn reģistrāciju nospiežot pogu uz Jūsu WebAuthn USB ierīces.",
-        "yubi_otp": "Yubico OTP autentifikators"
+        "yubi_otp": "Yubico OTP autentifikators",
+        "authenticators": "Autentificētāji"
     },
     "user": {
         "action": "Rīcība",
@@ -557,7 +561,7 @@
         "no_record": "Nav ieraksta",
         "password_now": "Pašreizējā parole (Apstiprināt izmaiņas)",
         "remove": "Noņemt",
-        "running": "Running",
+        "running": "Darbojas",
         "save_changes": "Saglabāt izmaiņas",
         "shared_aliases": "Kopīgotās aizstājadreses",
         "shared_aliases_desc": "Tādi lietotāja iestatījumi kā surogātpasta atlasīšana vai šifrēšanas nosacījumi neietekmē kopīgotos aizstājvārdus. Atbilstošu surogātpasta atlasi var izveidot tikai pārvaldītājs kā domēnu aptverošu nosacījumu.",
@@ -594,7 +598,7 @@
         "tls_policy_warning": "<strong>Brīdinājums:</strong> Ja tiek izlemts ieviest šifrēta pasta nosūtīšanu, var tikt pazaudēti e-pasti.<br>Ziņojumi, kas neatbilst nosacījumiem, pasta sistēma atmetīs ar kļūdu.<br>Šī iespēja attiecas uz galveno e-pasta adresi (pieteikšanās vārdu), visām adresēm, kas atvasinātas no aizsājdomēniem, kā arī aizstājadreses, <b>kas norāda tikai uz šo pastkasti</b>.",
         "user_settings": "Lietotāja iestatījumi",
         "username": "Lietotājvārds",
-        "waiting": "Waiting",
+        "waiting": "Gaida",
         "week": "Nedēļa",
         "weeks": "Nedēļas",
         "open_logs": "Atvērt žurnālus",
@@ -615,7 +619,13 @@
         "system_containers": "Sistēma un konteineri",
         "current_time": "Sistēmas laiks",
         "external_logs": "Ārējie žurnāli",
-        "logs": "Žurnāli"
+        "logs": "Žurnāli",
+        "architecture": "Arhitektūra",
+        "disk_usage": "Diska lietojums",
+        "jvm_memory_solr": "JVM atmiņas lietojums",
+        "memory": "Atmiņa",
+        "timezone": "Laika josla",
+        "uptime": "Darbošanās laiks"
     },
     "warning": {
         "domain_added_sogo_failed": "Domēns pievienots, bet neizdevās pārsāknēt SOGO. Lūgums pārbaudīt servera žurnālus.",
diff --git a/data/web/lang/lang.zh-tw.json b/data/web/lang/lang.zh-tw.json
index 6dcd519e6..2017d1ddd 100644
--- a/data/web/lang/lang.zh-tw.json
+++ b/data/web/lang/lang.zh-tw.json
@@ -28,7 +28,8 @@
         "spam_score": "垃圾郵件分數",
         "syncjobs": "同步任務",
         "tls_policy": "TLS 規則",
-        "unlimited_quota": "信箱容量配額無上限"
+        "unlimited_quota": "信箱容量配額無上限",
+        "pw_reset": "允許重置mailcow使用者密碼"
     },
     "add": {
         "activate_filter_warn": "當\"啟用\"被勾選，所有其他過濾器都會被消除。",
@@ -351,7 +352,14 @@
         "ip_check_opt_in": "選擇使用第三方服務 <strong>ipv4.mailcow.email</strong> 和 <strong>ipv6.mailcow.email</strong> 來解析外部 IP 位址。",
         "ip_check_disabled": "IP 檢查已停用。 您可以在<br> <strong>系統 > 配置 > 選項 > 自訂</strong>下啟用它",
         "options": "選項",
-        "queue_unban": "解除禁令"
+        "queue_unban": "解除禁令",
+        "reset_password_vars": "<code>{{link}}</code> 生成密碼重置連結<br><code>{{username}}</code> 請求密碼重置的使用者信箱<br><code>{{username2}}</code> 備援電子信箱名稱<br><code>{{date}}</code> 密碼重置要求之日期<br><code>{{token_lifetime}}</code> 權杖(token)壽命(以分鐘計)<br><code>{{hostname}}</code> mailcow 主機名稱(hostname)",
+        "password_reset_info": "若無提供備援電子郵件，此功能將無法使用。",
+        "password_reset_settings": "密碼復原設定",
+        "password_reset_tmpl_html": "HTML 範本",
+        "password_reset_tmpl_text": "文字範本",
+        "password_settings": "密碼設定",
+        "restore_template": "留白以還原預設範本"
     },
     "danger": {
         "access_denied": "存取拒絕或表單資料有誤",
@@ -480,7 +488,14 @@
         "extended_sender_acl_denied": "缺少設定外部寄件者地址的 ACL",
         "template_exists": "模板 %s 已存在",
         "template_id_invalid": "範本 ID %s 無效",
-        "template_name_invalid": "模板名稱無效"
+        "template_name_invalid": "模板名稱無效",
+        "password_reset_invalid_user": "查無此信箱或無設定備援郵件",
+        "password_reset_na": "密碼恢復目前無法使用。請聯繫您的管理員。",
+        "to_invalid": "收件者不能為空",
+        "img_size_exceeded": "圖片超出最大檔案大小",
+        "recovery_email_failed": "無法寄送還原電子郵件。請聯絡您的管理員。",
+        "reset_token_limit_exceeded": "重置權杖(token)已達上限。請稍後再試。",
+        "img_dimensions_exceeded": "圖片超出最大圖片大小"
     },
     "debug": {
         "chart_this_server": "圖表 (此伺服器)",
@@ -650,7 +665,19 @@
         "validate_save": "驗證並儲存",
         "domain_footer_info": "網域範圍的頁尾將會新增至與該網域內的位址關聯的所有外發電子郵件。 <br> 以下變數可用於頁尾：",
         "custom_attributes": "自訂屬性",
-        "pushover_sound": "聲音"
+        "pushover_sound": "聲音",
+        "domain_footer": "全域頁腳",
+        "domain_footer_info_vars": {
+            "from_name": "{= from_name =}   - 從信封中的名稱部分，例如：\"Mailcow &lt;moo@mailcow.tld&gt;\" 則回傳 \"Mailcow\"",
+            "auth_user": "{= auth_user =}   - MTA所認證之指定使用者名稱",
+            "from_user": "{= from_user =}   - 從信封中的使用者部分。例如：\"moo@mailcow.tld\" 則回傳\"moo\"",
+            "from_addr": "{= from_addr =}   - 從信封中的地址部分",
+            "from_domain": "{= from_domain =} - 從信封中的域名(domain)部分"
+        },
+        "domain_footer_skip_replies": "於回信中忽落頁腳",
+        "domain_footer_html": "HTML 頁腳",
+        "password_recovery_email": "密碼重置備援信箱",
+        "domain_footer_plain": "純文字頁腳"
     },
     "fido2": {
         "confirm": "確認",
@@ -706,7 +733,14 @@
         "mobileconfig_info": "請使用信箱使用者登入以下載 Apple 連接描述檔案。",
         "other_logins": "金鑰登入",
         "password": "密碼",
-        "username": "使用者名稱"
+        "username": "使用者名稱",
+        "back_to_mailcow": "返回至mailcow",
+        "invalid_pass_reset_token": "密碼重置權杖(token)無效或已過期<br>請重新請求新的重置連結。",
+        "forgot_password": "> 忘記密碼?",
+        "new_password": "新密碼",
+        "new_password_confirm": "確認新密碼",
+        "reset_password": "重置密碼",
+        "request_reset_password": "要求重置密碼"
     },
     "mailbox": {
         "action": "操作",
@@ -1042,7 +1076,9 @@
         "cors_headers_edited": "CORS 設定已儲存",
         "domain_footer_modified": "網域頁尾 %s 的變更已儲存",
         "f2b_banlist_refreshed": "禁止清單 ID 已成功刷新。",
-        "ip_check_opt_in_modified": "IP檢查已成功儲存"
+        "ip_check_opt_in_modified": "IP檢查已成功儲存",
+        "password_changed_success": "密碼重置成功",
+        "recovery_email_sent": "已寄送復原郵件至 %s"
     },
     "tfa": {
         "api_register": "%s 使用 Yubico Cloud API，請在<a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">這裡</a>為這把金鑰獲取 API 金鑰",
@@ -1069,7 +1105,8 @@
         "webauthn": "WebAuthn 認證",
         "waiting_usb_auth": "<i>等待 USB 裝置...</i><br><br>請觸碰 USB 裝置上的按鈕。",
         "waiting_usb_register": "<i>等待 USB 裝置...</i><br><br>請輸入密碼並觸碰 USB 裝置上的按鈕來確認註冊。",
-        "yubi_otp": "Yubico OTP 認證"
+        "yubi_otp": "Yubico OTP 認證",
+        "authenticators": "驗證器(Authenticators)"
     },
     "user": {
         "action": "操作",
@@ -1233,7 +1270,9 @@
         "years": "年",
         "attribute": "屬性",
         "pushover_sound": "聲音",
-        "value": "數值"
+        "value": "數值",
+        "password_reset_info": "若無提供密碼備援電子信箱，此功能將無法使用。",
+        "pw_recovery_email": "密碼備援電子信箱"
     },
     "warning": {
         "cannot_delete_self": "不能刪除已登入的使用者",

From 672bb345fd755ce3aeb13ca584fde8a5ec9eec68 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 25 Oct 2024 10:47:53 +0200
Subject: [PATCH 355/755] Fix mailbox_rename de-de translation

---
 data/web/lang/lang.de-de.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index d22187c6a..807393d77 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -641,7 +641,7 @@
         "mailbox": "Mailbox bearbeiten",
         "mailbox_quota_def": "Standard-Quota einer Mailbox",
         "mailbox_relayhost_info": "Wird auf eine Mailbox und direkte Alias-Adressen angewendet. Überschreibt die Einstellung einer Domain.",
-        "mailbox_rename": "Mailbox umbennnen",
+        "mailbox_rename": "Mailbox umbenennen",
         "mailbox_rename_agree": "Ich habe ein Backup erstellt.",
         "mailbox_rename_warning": "WICHTIG! Vor dem Umbenennen der Mailbox ein Backup erstellen.",
         "mailbox_rename_alias": "Alias automatisch erstellen",

From d8c8e4ab1bc9168f0ed5ecb4074dcd42176ad7ea Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 31 Oct 2024 11:00:03 +0100
Subject: [PATCH 356/755] [DockerApi] Fix IMAP ACL migration issue when
 renaming mailbox

---
 .../dockerapi/modules/DockerApi.py            | 46 ++++++++++++-------
 data/web/inc/functions.mailbox.inc.php        |  6 ++-
 2 files changed, 34 insertions(+), 18 deletions(-)

diff --git a/data/Dockerfiles/dockerapi/modules/DockerApi.py b/data/Dockerfiles/dockerapi/modules/DockerApi.py
index 64bcc4d95..4701cbf51 100644
--- a/data/Dockerfiles/dockerapi/modules/DockerApi.py
+++ b/data/Dockerfiles/dockerapi/modules/DockerApi.py
@@ -429,24 +429,38 @@ class DockerApi:
       formatted_acls = []
       mailbox_seen = []
       for shared_folder in shared_folders:
-        if "Shared" not in shared_folder and "/" not in shared_folder:
-          continue
-        shared_folder = shared_folder.split("/")
-        if len(shared_folder) < 3:
-          continue
+        if "Shared" not in shared_folder:
+          mailbox = shared_folder.replace("'", "'\\''")
+          if mailbox in mailbox_seen:
+            continue
 
-        user = shared_folder[1].replace("'", "'\\''")
-        mailbox = '/'.join(shared_folder[2:]).replace("'", "'\\''")
-        if mailbox in mailbox_seen:
-          continue
+          acls = container.exec_run(["/bin/bash", "-c", f"doveadm acl get -u '{id}' '{mailbox}'"])
+          acls = acls.output.decode('utf-8').strip().splitlines()
+          if len(acls) >= 2:
+            for acl in acls[1:]:
+              user_id, rights = acl.split(maxsplit=1)
+              user_id = user_id.split('=')[1]
+              mailbox_seen.append(mailbox)
+              formatted_acls.append({ 'user': id, 'id': user_id, 'mailbox': mailbox, 'rights': rights.split() })
+        elif "Shared" in shared_folder and "/" in shared_folder:
+          shared_folder = shared_folder.split("/")
+          if len(shared_folder) < 3:
+            continue
 
-        acls = container.exec_run(["/bin/bash", "-c", f"doveadm acl get -u '{user}' '{mailbox}'"])
-        acls = acls.output.decode('utf-8').strip().splitlines()
-        if len(acls) >= 2:
-          for acl in acls[1:]:
-            _, rights = acls[1].split(maxsplit=1)
-            mailbox_seen.append(mailbox)
-            formatted_acls.append({ 'user': user, 'id': id, 'mailbox': mailbox, 'rights': rights.split() })
+          user = shared_folder[1].replace("'", "'\\''")
+          mailbox = '/'.join(shared_folder[2:]).replace("'", "'\\''")
+          if mailbox in mailbox_seen:
+            continue
+
+          acls = container.exec_run(["/bin/bash", "-c", f"doveadm acl get -u '{user}' '{mailbox}'"])
+          acls = acls.output.decode('utf-8').strip().splitlines()
+          if len(acls) >= 2:
+            for acl in acls[1:]:
+              user_id, rights = acl.split(maxsplit=1)
+              user_id = user_id.split('=')[1].replace("'", "'\\''")
+              if user_id == id and mailbox not in mailbox_seen:
+                mailbox_seen.append(mailbox)
+                formatted_acls.append({ 'user': user, 'id': id, 'mailbox': mailbox, 'rights': rights.split() })
 
       return Response(content=json.dumps(formatted_acls, indent=4), media_type="application/json")
   # api call: container_post - post_action: exec - cmd: doveadm - task: delete_acl
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 9dec594b5..9de665675 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -3364,12 +3364,14 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
           // set imap acls
           foreach ($imap_acls as $imap_acl) {
+            $user_id = ($imap_acl['id'] == $old_username) ? $new_username : $imap_acl['id'];
+            $user = ($imap_acl['user'] == $old_username) ? $new_username : $imap_acl['user'];
             $exec_fields = array(
               'cmd' => 'doveadm',
               'task' => 'set_acl',
-              'user' => $imap_acl['user'],
+              'user' => $user,
               'mailbox' => $imap_acl['mailbox'],
-              'id' => $new_username,
+              'id' => $user_id,
               'rights' => $imap_acl['rights']
             );
             docker('post', 'dovecot-mailcow', 'exec', $exec_fields);

From 93cf99cc9e62c7eb9d0d08ce41e8ba2787e07e7b Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sat, 2 Nov 2024 20:38:18 +0100
Subject: [PATCH 357/755] chore(deps): update
 thollander/actions-comment-pull-request action to v3.0.1 (#6130)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/check_prs_if_on_staging.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/check_prs_if_on_staging.yml b/.github/workflows/check_prs_if_on_staging.yml
index 6ba3b89c0..7f840c568 100644
--- a/.github/workflows/check_prs_if_on_staging.yml
+++ b/.github/workflows/check_prs_if_on_staging.yml
@@ -10,7 +10,7 @@ jobs:
     if: github.event.pull_request.base.ref != 'staging' #check if the target branch is not staging
     steps:
       - name: Send message
-        uses: thollander/actions-comment-pull-request@v3.0.0
+        uses: thollander/actions-comment-pull-request@v3.0.1
         with:
           GITHUB_TOKEN: ${{ secrets.CHECKIFPRISSTAGING_ACTION_PAT }}
           message: |

From 8b2f71f97ee31e36d5544c79accf4cac14b2041e Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Tue, 5 Nov 2024 16:20:57 +0100
Subject: [PATCH 358/755] update postscreen_access.cidr (#6129)

---
 data/conf/postfix/postscreen_access.cidr | 39 +++++++++++++++---------
 1 file changed, 24 insertions(+), 15 deletions(-)

diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr
index b9a185aa5..7a1cbf6ae 100644
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@@ -1,6 +1,6 @@
-# Whitelist generated by Postwhite v3.4 on Tue Oct  1 00:18:56 UTC 2024
+# Whitelist generated by Postwhite v3.4 on Fri Nov  1 00:18:49 UTC 2024
 # https://github.com/stevejenkins/postwhite/
-# 1970 total rules
+# 2013 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
 2a01:111:f403:8000::/50	permit
@@ -21,7 +21,6 @@
 8.25.196.0/23	permit
 8.39.54.0/23	permit
 8.40.222.0/23	permit
-10.162.0.0/16	permit
 12.130.86.238	permit
 13.110.208.0/21	permit
 13.110.209.0/24	permit
@@ -32,11 +31,10 @@
 15.200.21.50	permit
 15.200.44.248	permit
 15.200.201.185	permit
-17.41.0.0/16	permit
 17.57.155.0/24	permit
 17.57.156.0/24	permit
 17.58.0.0/16	permit
-17.142.0.0/15	permit
+17.143.234.140/30	permit
 18.156.89.250	permit
 18.157.243.190	permit
 18.194.95.56	permit
@@ -123,6 +121,7 @@
 44.217.45.156	permit
 44.236.56.93	permit
 44.238.220.251	permit
+45.14.148.0/22	permit
 46.19.170.16	permit
 46.226.48.0/21	permit
 46.228.36.37	permit
@@ -184,7 +183,9 @@
 50.18.126.162	permit
 50.31.32.0/19	permit
 50.31.36.205	permit
-50.56.130.220/30	permit
+50.56.130.220	permit
+50.56.130.221	permit
+50.56.130.222	permit
 52.1.14.157	permit
 52.5.230.59	permit
 52.27.5.72	permit
@@ -244,16 +245,12 @@
 54.244.54.130	permit
 54.244.242.0/24	permit
 54.255.61.23	permit
+57.103.64.0/18	permit
 62.13.128.0/24	permit
-62.13.128.196	permit
 62.13.129.128/25	permit
-62.13.136.0/22	permit
-62.13.140.0/22	permit
-62.13.144.0/22	permit
-62.13.148.0/23	permit
-62.13.150.0/23	permit
-62.13.152.0/23	permit
-62.13.159.196	permit
+62.13.136.0/21	permit
+62.13.144.0/21	permit
+62.13.152.0/21	permit
 62.17.146.128/26	permit
 62.179.121.0/24	permit
 62.201.172.0/27	permit
@@ -1319,7 +1316,9 @@
 129.41.77.70	permit
 129.41.169.249	permit
 129.80.5.164	permit
+129.80.64.36	permit
 129.80.67.121	permit
+129.80.145.156	permit
 129.145.74.12	permit
 129.146.88.28	permit
 129.146.147.105	permit
@@ -1330,6 +1329,9 @@
 129.153.168.146	permit
 129.153.190.200	permit
 129.153.194.228	permit
+129.154.255.129	permit
+129.158.56.255	permit
+129.159.22.159	permit
 129.159.87.137	permit
 129.213.195.191	permit
 130.61.9.72	permit
@@ -1353,6 +1355,7 @@
 135.84.216.0/22	permit
 136.143.160.0/24	permit
 136.143.161.0/24	permit
+136.143.162.0/24	permit
 136.143.178.49	permit
 136.143.182.0/23	permit
 136.143.184.0/24	permit
@@ -1383,6 +1386,7 @@
 141.193.185.32/27	permit
 141.193.185.64/26	permit
 141.193.185.128/25	permit
+143.47.120.152	permit
 143.55.224.0/21	permit
 143.55.232.0/22	permit
 143.55.236.0/22	permit
@@ -1396,7 +1400,10 @@
 144.178.38.0/24	permit
 145.253.228.160/29	permit
 145.253.239.128/29	permit
-146.20.14.104/30	permit
+146.20.14.104	permit
+146.20.14.105	permit
+146.20.14.106	permit
+146.20.14.107	permit
 146.20.112.0/26	permit
 146.20.113.0/24	permit
 146.20.191.0/24	permit
@@ -1737,6 +1744,8 @@
 204.92.114.187	permit
 204.92.114.203	permit
 204.92.114.204/31	permit
+204.141.32.0/23	permit
+204.141.42.0/23	permit
 204.220.160.0/21	permit
 204.220.168.0/21	permit
 204.220.176.0/20	permit

From 6ec1e357c3027a39cb3016f36ba1e56295205919 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Tue, 5 Nov 2024 16:21:14 +0100
Subject: [PATCH 359/755] fix: broken sogo cron notifications (for appointments
 etc.) (#6128)

---
 .gitignore                                    | 1 +
 data/Dockerfiles/dovecot/docker-entrypoint.sh | 2 ++
 docker-compose.yml                            | 4 ++--
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index e25639a70..b22abfd6e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -45,6 +45,7 @@ data/conf/rspamd/override.d/*
 data/conf/sogo/custom-theme.js
 data/conf/sogo/plist_ldap
 data/conf/sogo/sieve.creds
+data/conf/sogo/cron.creds
 data/conf/sogo/sogo-full.svg
 data/gitea/
 data/gogs/
diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index 35c4691c5..55eed7956 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -371,6 +371,8 @@ EOF
 # Create random master Password for SOGo SSO
 RAND_PASS=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 32 | head -n 1)
 echo -n ${RAND_PASS} > /etc/phpfpm/sogo-sso.pass
+# Creating additional creds file for SOGo notify crons (calendars, etc)
+echo -n ${RAND_USER}@mailcow.local:${RAND_PASS} > /etc/sogo/cron.creds
 cat <<EOF > /etc/dovecot/sogo-sso.conf
 # Autogenerated by mailcow
 passdb {
diff --git a/docker-compose.yml b/docker-compose.yml
index 4e7bfb2ed..c462ba88c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -211,9 +211,9 @@ services:
         ofelia.job-exec.sogo_sessions.schedule: "@every 1m"
         ofelia.job-exec.sogo_sessions.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool -v expire-sessions $${SOGO_EXPIRE_SESSION} || exit 0\""
         ofelia.job-exec.sogo_ealarms.schedule: "@every 1m"
-        ofelia.job-exec.sogo_ealarms.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-ealarms-notify -p /etc/sogo/sieve.creds || exit 0\""
+        ofelia.job-exec.sogo_ealarms.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-ealarms-notify -p /etc/sogo/cron.creds || exit 0\""
         ofelia.job-exec.sogo_eautoreply.schedule: "@every 5m"
-        ofelia.job-exec.sogo_eautoreply.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool update-autoreply -p /etc/sogo/sieve.creds || exit 0\""
+        ofelia.job-exec.sogo_eautoreply.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool update-autoreply -p /etc/sogo/cron.creds || exit 0\""
         ofelia.job-exec.sogo_backup.schedule: "@every 24h"
         ofelia.job-exec.sogo_backup.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool backup /sogo_backup ALL || exit 0\""
       restart: always

From be79f320d28cbdd1e6b19d8807d2b93367ec1a69 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Wed, 6 Nov 2024 19:08:53 +0100
Subject: [PATCH 360/755] Translations update from Weblate (#6140)

* [Web] Updated lang.lv-lv.json

Co-authored-by: Edgars Andersons <Edgars+Mailcow+Weblate@gaitenis.id.lv>

* [Web] Updated lang.tr-tr.json

Co-authored-by: Furkan <furkan43500@gmail.com>

---------

Co-authored-by: Edgars Andersons <Edgars+Mailcow+Weblate@gaitenis.id.lv>
Co-authored-by: Furkan <furkan43500@gmail.com>
---
 data/web/lang/lang.lv-lv.json | 65 +++++++++++++++++++++++++----------
 data/web/lang/lang.tr-tr.json | 15 ++++++--
 2 files changed, 58 insertions(+), 22 deletions(-)

diff --git a/data/web/lang/lang.lv-lv.json b/data/web/lang/lang.lv-lv.json
index 31c31301c..98cb04ae8 100644
--- a/data/web/lang/lang.lv-lv.json
+++ b/data/web/lang/lang.lv-lv.json
@@ -70,7 +70,8 @@
         "validate": "Apstiprināt",
         "validation_success": "Apstiprināts veiksmīgi",
         "bcc_dest_format": "BCC galamērķim ir jābūt vienai derīgai e-pasta adresei.<br>Ja ir nepieciešams nosūtīt kopiju vairākām adresēm, jāizveido aizstājvārds un jāizmanto tas šeit.",
-        "domain_matches_hostname": "Domēns %s atbilst saimniekdatora nosaukumam"
+        "domain_matches_hostname": "Domēns %s atbilst saimniekdatora nosaukumam",
+        "disable_login": "Neļaut pieteikšanos (ienākošais pasts joprojām tiks pieņemts)"
     },
     "admin": {
         "access": "Pieeja",
@@ -115,7 +116,7 @@
         "forwarding_hosts": "Hostu pārsūtīšana",
         "forwarding_hosts_add_hint": "Var norādīt vai nu IPv4/IPv6 addreses, tīklu ar CIDR apzīmējumu, saimniekdatoru nosaukumus (kas tiks atrisināti IP adresēs) vai arī domēna vārdus (kas tiks atrisināti IP adresēs, vaicājot SPF ierakstus, vai, ja tādu nav, MX ierakstus).",
         "forwarding_hosts_hint": "Ienākošie ziņojumi tiek bez nosacījumiem pieņemti no visiem šeit norādītajiem saimniekdatoriem. Tie tad netiek pārbaudīti pret DNSBL vai pakļauti ievietošanai pelēkajā sarakstā. No tiem saņemtās mēstules nekad netiek noraidītas, bet pēc izvēles tās var pārvietot mapē \"Nevēlams\". Visbiežāk to izmanto, lai norādītu pasta serverus, kuros ir uzstādīts nosacījums, kas pārsūta ienākošās e-pasta vēstules uz Tavu mailcow serveri.",
-        "help_text": "Ignorēt palīdzības tekstu zem pieteikšanās maskas (HTML ir atļauta)",
+        "help_text": "Pārrakstīt palīdzības tekstu zem pieteikšanās maskas (var izmantot HTML)",
         "host": "Hosts",
         "import": "Importēt",
         "import_private_key": "Importēt privātu atslēgu",
@@ -167,7 +168,9 @@
         "sys_mails": "Sistēmas pasts",
         "ip_check_disabled": "IP pārbaude ir atspējota. To var iespējot<br><strong>Sistēma > Konfigurācija > iespējas > Pielāgot</strong>",
         "rspamd_com_settings": "Iestatījuma nosaukums tiks izveidots automātiski. Lūgums zemāk skatīt priekšiestatījumu piemērus. Vairāk informācijas ir <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd dokumentācijā</a>",
-        "reset_password_vars": "<code>{{link}}</code> Izveidotā paroles atiestatīšanas saite<br><code>{{username}}</code> Lietotāja, kurš pieprasīja paroles atiestatīšanu, pastkastes nosaukums<br><code>{{username2}}</code> Atkopšanas pastkastes nosaukums<br><code>{{date}}</code> Paroles atiestatīšanas pieprasījuma veikšanas datums<br><code>{{token_lifetime}}</code> Pilnvaras derīgums minūtēs<br><code>{{hostname}}</code> mailcow saimniekdatora nosaukums"
+        "reset_password_vars": "<code>{{link}}</code> Izveidotā paroles atiestatīšanas saite<br><code>{{username}}</code> Lietotāja, kurš pieprasīja paroles atiestatīšanu, pastkastes nosaukums<br><code>{{username2}}</code> Atkopšanas pastkastes nosaukums<br><code>{{date}}</code> Paroles atiestatīšanas pieprasījuma veikšanas datums<br><code>{{token_lifetime}}</code> Pilnvaras derīgums minūtēs<br><code>{{hostname}}</code> mailcow saimniekdatora nosaukums",
+        "ui_header_announcement_help": "Paziņojums ir redzams visiem lietotājiem, kuri ir pieteikušies, un pieteikšanās ekrānā saskarnē.",
+        "login_time": "Pieteikšanās laiks"
     },
     "danger": {
         "access_denied": "Piekļuve liegta, vai nepareizi dati",
@@ -194,7 +197,7 @@
         "is_alias_or_mailbox": "%s jau ir zināms kā aizstājvārds, pastkaste vai aizstājadrese, kas ir izvērsta no aizstājdomēna.",
         "is_spam_alias": "%s jau ir zināma kā pagaidu aizstājadrese (mēstuļu aizstājadrese)",
         "last_key": "Pēdējo atslēgu nevar izdzēst, tā vietā jāatspējo divpakāpju pārbaude.",
-        "login_failed": "Ielogošanās neveiksmīga",
+        "login_failed": "Pieteikšanās neizdevās",
         "mailbox_invalid": "Pastkastes vārds ir nederīgs",
         "mailbox_quota_exceeded": "Kvota pārsniedz domēna limitu (max. %d MiB)",
         "mailbox_quota_exceeds_domain_quota": "Pastkastes izmērs pārsniedz maksimāli pieļaujamo",
@@ -248,8 +251,8 @@
         "edit_alias_domain": "Labot aizstājdomēnu",
         "encryption": "Šifrēšana",
         "exclude": "Neiekļaut objektus (regex)",
-        "force_pw_update": "Piespiedu paroles atjaunošana pie nākošās pieslēgšanās",
-        "force_pw_update_info": "Šis lietotājs varēs pieslēgties tikai %s.",
+        "force_pw_update": "Piespiedu paroles atjaunošana nākamajā pieteikšanās reizē",
+        "force_pw_update_info": "Šis lietotājs varēs pieteikties tikai %s. Lietotņu paroles joprojām būs izmantojamas.",
         "full_name": "Pilns vārds",
         "hostname": "Saimniekdatora nosaukums",
         "inactive": "Neaktīvs",
@@ -295,16 +298,19 @@
         "mailbox_relayhost_info": "Tiek piemērots tikai pastkastei un tiešajiem aizstājvārdiem, aizstāj domēna retranslācijas saimniekdatoru.",
         "sender_acl_info": "Ja pastkastes lietotājam A ir ļauts sūtīt kā pastkastes lietotājam B, sūtītāja adrese SOGo netiek automātiski parādīta kā atlasāms lauks \"no\".<br>.\n  Pastkastes lietotājam B SOGo ir jāizveido pilnvarojums, lai pastkastes lietotājs A varētu izvēlēties tā adresi kā sūtītāja. Lai SOGo pilnvarotu pastkasti, pasta skatā jāizmanto izvēlne (trīs punkti) pa labi no pastkastes nosaukuma augšējā kreisajā pusē. Šī darbība neattiecas uz aizstājadresēm.",
         "sogo_visible": "Aizstājvārds ir redzams SOGo",
-        "sogo_visible_info": "Šī iespēja ietekmē tikai tos objektus, kurus var parādīt SOGo (koplietojamās vai nekoplietojamās aizstājadreses, kas norāda uz vismaz vienu vietējo pastkasti). Ja paslēpts, netiks parādīts SOGo kā atlasāms sūtītājs."
+        "sogo_visible_info": "Šī iespēja ietekmē tikai tos objektus, kurus var parādīt SOGo (koplietojamās vai nekoplietojamās aizstājadreses, kas norāda uz vismaz vienu vietējo pastkasti). Ja paslēpts, netiks parādīts SOGo kā atlasāms sūtītājs.",
+        "mbox_rl_info": "Šis pieprasījumu ierobežojums tiek piemērots SASL pieteikšanās vārdam, tas atbilst jebkurai \"from\" adresei, ko izmanto lietotājs, kurš ir pieteicies. Pastkastes pieprasījumu ierobežojums pārraksta domēna mēroga pieprasījumu ierobežojumu.",
+        "sogo_access": "Nodrošināt tiešu pieteikšanās piekļuvi SOGo",
+        "disable_login": "Neļaut pieteikšanos (ienākošais pasts joprojām tiks pieņemts)"
     },
     "footer": {
         "cancel": "Atcelt",
         "confirm_delete": "Apstiprināt dzēšanu",
         "delete_now": "Dzēst tagad",
         "delete_these_items": "Lūgums apstiprināt izmaiņas šim objekta Id",
-        "loading": "Lūdzu uzgaidiet...",
+        "loading": "Lūgums uzgaidīt...",
         "restart_container": "Restartēt konteineri",
-        "restart_container_info": "<b>Important:</b> Piespiedu restartēšana var aizņemt ilgu laiku, lūdzu uzgaidiet.",
+        "restart_container_info": "<b>Svarīgi:</b> nesteidzīga pārsāknēšana var aizņemt ilgāku laiku. Lūgums uzgaidīt, līdz tā tiek pabeigta.",
         "restart_now": "Pārsāknēt tagad"
     },
     "header": {
@@ -321,10 +327,13 @@
         "no_action": "No action applicable"
     },
     "login": {
-        "delayed": "Pieteikšanās tika aizkavēta %s sekundēm.",
-        "login": "Pieslēgties",
+        "delayed": "Pieteikšanās tika aizkavēta %s sekundes.",
+        "login": "Pieteikties",
         "password": "Parole",
-        "username": "Lietotājvārds"
+        "username": "Lietotājvārds",
+        "fido2_webauthn": "FIDO/WebAuthn pieteikšanās",
+        "mobileconfig_info": "Lūgums pieteikties kā pastkastes lietotājam, lai lejupielādētu pieprasīto Apple savienojuma profilu.",
+        "other_logins": "Pieteikšanās ar atslēgu"
     },
     "mailbox": {
         "action": "Rīcība",
@@ -370,7 +379,7 @@
         "filter_table": "Filtra tabula",
         "filters": "Filtri",
         "fname": "Pilns vārds",
-        "force_pw_update": "Piespiedu paroles atjaunošana pie nākošās pieslēgšanās",
+        "force_pw_update": "Piespiedu paroles atjaunināšana nākamajā pieteikšanās reizē",
         "in_use": "Lietošanā (%)",
         "inactive": "Neaktīvs",
         "kind": "Veids",
@@ -423,7 +432,8 @@
         "sogo_visible_y": "Rādīt aizstājvārdu SOGo",
         "add_alias_expand": "Izvērst aizstājvārdu pār aizstājdomēniem",
         "alias_domain_alias_hint": "Aizstājvārdi <b>netiek</b> automātiski piemēroti domēnu aizstājvārdiem. Aizstājadrese <code>my-alias@domain</code> <b>nenosedz</b> adresi <code>my-alias@alias-domain</code> (kur \"alias-domain\" ir iedomāts \"domain\" aizstājdomēns).<br>Lūgums izmantot sieta atlasi, lai pārvirzītu pastu uz ārēju pastkasti (skatīt cilti \"Atlasīšana\" vai izmantot SOGo -> Pārsūtītājs). \"Izvērst aizstājvārdu pār aizstājdomēniem\" ir izmantojams, lai automātiski pievienotu trūkstošos aiztājvārdus.",
-        "alias_domain_backupmx": "Aizstājdomēns ir neaktīvs retranslācijas domēnam"
+        "alias_domain_backupmx": "Aizstājdomēns ir neaktīvs retranslācijas domēnam",
+        "disable_login": "Neļaut pieteikšanos (ienākošais pasts joprojām tiks pieņemts)"
     },
     "quarantine": {
         "action": "Darbības",
@@ -457,7 +467,7 @@
     },
     "start": {
         "help": "Rādīt/Paslēpt palīdzības paneli",
-        "imap_smtp_server_auth_info": "Lūgums izmantot pilnu e-pasta adresi un PLAIN autentifikācijas mehānismu.<br>\nPieteikšanās dati tiks šifrēti ar servera puses obligātu šifrēšanu.",
+        "imap_smtp_server_auth_info": "Lūgums izmantot pilnu e-pasta adresi un PLAIN autentificēšanās mehānismu.<br>\nPieteikšanās dati tiks šifrēti ar servera puses obligātu šifrēšanu.",
         "mailcow_apps_detail": "Izmantojiet lietotni mailcow, lai piekļūtu savam pastam, kalendāram, kontaktiem un citām lietām.",
         "mailcow_panel_detail": "<b>Domēna pārvaldītāji</b> izveido, maina vai izdzēš pastkastes un aizstājvārdus, maina domēnus un lasa papildu informāciju par piešķirtajiem domēniem.<br>\n<b>Pastkastes lietotāji</b> var izveidot laikā ierobežotus aizstājvārdus (surogātpasta aizstājvārdus), mainīt savu paroli un surogātpasta atlasīšanas iestatījumus."
     },
@@ -496,14 +506,18 @@
         "resource_modified": "Izmaiņas %s ir saglabātas",
         "resource_removed": "Resurs %s tika noņemts",
         "ui_texts": "Saglabāt UI izmaiņas tekstiem",
-        "upload_success": "Faila augšupielāde veiksmīga"
+        "upload_success": "Faila augšupielāde veiksmīga",
+        "verified_fido2_login": "Apliecināta FIDO2 pieteikšanās",
+        "verified_webauthn_login": "Apliecināta WebAuthn pieteikšanās",
+        "verified_totp_login": "Apliecināta TOTP pieteikšanās",
+        "verified_yotp_login": "Apliecināta Yubico OTP pieteikšanās"
     },
     "tfa": {
         "api_register": "%s izmanto Yubico Cloud API. Lūdzu iegūstiet API atslēgu priekš Jūsu atslēgas<a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">here</a>",
         "confirm": "Apstiprināt",
         "confirm_totp_token": "Lūdzu apstipriniet Jūsu izmaiņas ievadot uzģenerēto tekstu",
         "delete_tfa": "Atspējot TFA",
-        "disable_tfa": "Atspējot TFA līdz nākamajai veiksmīgai pieteikšanās",
+        "disable_tfa": "Atspējot TFA līdz nākamajai veiksmīgajai pieteikšanās reizei",
         "enter_qr_code": "TOTP kods, ja Tava ierīce nevar nolasīt kvadrātkodus",
         "key_id": "Jūsu YubiKey identifikators",
         "key_id_totp": "Identifikators Jūsu atslēgai",
@@ -595,7 +609,7 @@
         "tls_enforce_in": "Piespiest TLS ienākošajiem",
         "tls_enforce_out": "Piespiest TLS izejošajiem",
         "tls_policy": "Šifrēšanas politika",
-        "tls_policy_warning": "<strong>Brīdinājums:</strong> Ja tiek izlemts ieviest šifrēta pasta nosūtīšanu, var tikt pazaudēti e-pasti.<br>Ziņojumi, kas neatbilst nosacījumiem, pasta sistēma atmetīs ar kļūdu.<br>Šī iespēja attiecas uz galveno e-pasta adresi (pieteikšanās vārdu), visām adresēm, kas atvasinātas no aizsājdomēniem, kā arī aizstājadreses, <b>kas norāda tikai uz šo pastkasti</b>.",
+        "tls_policy_warning": "<strong>Brīdinājums:</strong> ja tiek izlemts ieviest šifrēta pasta nosūtīšanu, var tikt pazaudēti e-pasta ziņojumi.<br>Ziņojumi, kas neatbilst nosacījumiem, pasta sistēma atmetīs ar kļūdu.<br>Šī iespēja attiecas uz galveno e-pasta adresi (pieteikšanās vārdu), visām adresēm, kas atvasinātas no aizstājdomēniem, kā arī aizstājadreses, <b>kas norāda tikai uz šo pastkasti</b>.",
         "user_settings": "Lietotāja iestatījumi",
         "username": "Lietotājvārds",
         "waiting": "Gaida",
@@ -603,7 +617,14 @@
         "weeks": "Nedēļas",
         "open_logs": "Atvērt žurnālus",
         "apple_connection_profile_mailonly": "Šis savienojuma profils iekļauj IMAP un SMTP konfigurācijas parametrus Apple ierīcei.",
-        "pushover_info": "Pašpiegādes paziņojumu iestatījumi attieksies uz visu tīro (ne surogātpasta) pastu, kas piegādāts uz <b>%s</b>, ieskaitot aizstājvārdus (kopīgotus, nekopīgotus, ar birkām)."
+        "pushover_info": "Pašpiegādes paziņojumu iestatījumi attieksies uz visu tīro (ne surogātpasta) pastu, kas piegādāts uz <b>%s</b>, ieskaitot aizstājvārdus (kopīgotus, nekopīgotus, ar birkām).",
+        "app_hint": "Lietotņu paroles ir aizstājējparoles, lai pieteiktos IMAP, SMTP, CalDAV, CardDAV un EAS. Lietotājvārds paliek nemainīgs. SOGo tīmekļa pasts nav pieejams ar lietotņu parolēm.",
+        "direct_protocol_access": "Šim pastkastes lietotājam ir <b> tieša, ārēja piekļuve</b> zemāk uzskaitītajiem protokoliem un lietotnēm. Šo iestatījumu pārrauga pārvaldītājs. Lietotņu paroles var izveidot, lai nodrošinātu piekļuvi atsevišķiem protokoliem un lietotnēm.<br>Poga \"Pieteikties tīmekļa pastā\" nodrošina vienotu pieteikšanos SOGo un vienmēr ir pieejama.",
+        "last_ui_login": "Pēdējā pieteikšanās saskarnē",
+        "login_history": "Pieteikšanās vēsture",
+        "no_last_login": "Nav informācijas par pēdējām pieteikšanās saskarnē reizēm",
+        "open_webmail_sso": "Pieteikšanās tīmekļa pastā",
+        "last_mail_login": "Pēdējā pasta pieteikšanās"
     },
     "datatables": {
         "paginate": {
@@ -631,5 +652,11 @@
         "domain_added_sogo_failed": "Domēns pievienots, bet neizdevās pārsāknēt SOGO. Lūgums pārbaudīt servera žurnālus.",
         "dovecot_restart_failed": "Dovecot neizdevās pārsāknēties. Lūgums pārbaudīt žurnālus",
         "is_not_primary_alias": "Izlaists aizstājvārds %s, kas nav galvenais"
+    },
+    "oauth2": {
+        "access_denied": "Lūgums pieteikties kā pastkastes īpašniekam, lai nodrošinātu piekļuvi ar OAuth2."
+    },
+    "fido2": {
+        "fido2_auth": "Pieteikties ar FIDO2"
     }
 }
diff --git a/data/web/lang/lang.tr-tr.json b/data/web/lang/lang.tr-tr.json
index e7fb623ce..7049046c2 100644
--- a/data/web/lang/lang.tr-tr.json
+++ b/data/web/lang/lang.tr-tr.json
@@ -28,7 +28,8 @@
         "spam_score": "Spam skoru",
         "syncjobs": "Görevleri senkronize et",
         "tls_policy": "TLS ilkesi",
-        "unlimited_quota": "E-postalar için sınırsız kota"
+        "unlimited_quota": "E-postalar için sınırsız kota",
+        "pw_reset": "Mailcow kullanıcı şifresini sıfırlamaya izin ver"
     },
     "add": {
         "activate_filter_warn": "Aktif edilirse diğer tüm filtreler devre dışı bırakılacak.",
@@ -350,7 +351,13 @@
         "reset_limit": "Hashi kaldır",
         "routing": "Yönlendirme",
         "rsetting_add_rule": "Kural ekle",
-        "rsetting_content": "Kural içeriği"
+        "rsetting_content": "Kural içeriği",
+        "password_reset_info": "Herhangi bir kurtarma e-postası sağlanmamışsa, bu işlev kullanılamaz.",
+        "restore_template": "Varsayılan şablonu geri yüklemek için boş bırakın.",
+        "password_reset_settings": "Parola Kurtarma Ayarları",
+        "password_reset_tmpl_html": "HTML Şablonu",
+        "password_reset_tmpl_text": "Metin Şablonu",
+        "password_settings": "Şifre Ayarları"
     },
     "warning": {
         "cannot_delete_self": "Cannot delete logged in user",
@@ -661,7 +668,9 @@
         "tls_policy_map_entry_exists": "Bir TLS ilke haritası girişi \\\"%s\\\" mevcut",
         "tls_policy_map_parameter_invalid": "Politika parametresi geçersiz",
         "totp_verification_failed": "TOTP doğrulaması başarısız oldu",
-        "transport_dest_exists": "\\\"%s\\\" aktarım hedefi mevcut"
+        "transport_dest_exists": "\\\"%s\\\" aktarım hedefi mevcut",
+        "password_reset_invalid_user": "Posta kutusu bulunamadı veya kurtarma e-postası ayarlanmadı",
+        "invalid_reset_token": "Geçersiz sıfırlama token'ı"
     },
     "debug": {
         "container_disabled": "Container durduruldu veya devre dışı bırakıldı",

From 6550f0a3e889f5ee417a02e690cb577e1f8dc1d8 Mon Sep 17 00:00:00 2001
From: Habetdin <15926758+Habetdin@users.noreply.github.com>
Date: Fri, 13 Sep 2024 11:21:09 +0300
Subject: [PATCH 361/755] Only show active protocols on "last login" in mailbox
 overview

---
 data/web/js/site/mailbox.js | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index af2862a37..5342eac39 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -894,7 +894,10 @@ jQuery(function($){
             item.quota.value = humanFileSize(item.quota_used) + "/" + item.quota.value;
 
             item.max_quota_for_mbox = humanFileSize(item.max_quota_for_mbox);
-            item.last_mail_login = item.last_imap_login + '/' + item.last_pop3_login + '/' + item.last_smtp_login + '/' + item.last_sso_login;
+            item.last_mail_login = (item.attributes.imap_access == 1 ? '<div class="text-start badge bg-info mb-2" style="min-width: 70px;">IMAP @ ' + unix_time_format(Number(item.last_imap_login)) + '</div><br>' : '') +
+                                   (item.attributes.pop3_access == 1 ? '<div class="text-start badge bg-info mb-2" style="min-width: 70px;">POP3 @ ' + unix_time_format(Number(item.last_pop3_login)) + '</div><br>' : '') +
+                                   (item.attributes.smtp_access == 1 ? '<div class="text-start badge bg-info mb-2" style="min-width: 70px;">SMTP @ ' + unix_time_format(Number(item.last_smtp_login)) + '</div><br>' : '') +
+                                   '<div class="text-start badge bg-info" style="min-width: 70px;">SSO @ ' + unix_time_format(Number(item.last_sso_login)) + '</div>';
             /*
             if (!item.rl) {
               item.rl = '∞';
@@ -1010,14 +1013,7 @@ jQuery(function($){
           data: 'last_mail_login',
           searchable: false,
           defaultContent: '',
-          responsivePriority: 7,
-          render: function (data, type) {
-            res = data.split("/");
-            return '<div class="text-start badge bg-info mb-2" style="min-width: 70px;">IMAP @ ' + unix_time_format(Number(res[0])) + '</div><br>' +
-              '<div class="text-start badge bg-info mb-2" style="min-width: 70px;">POP3 @ ' + unix_time_format(Number(res[1])) + '</div><br>' +
-              '<div class="text-start badge bg-info mb-2" style="min-width: 70px;">SMTP @ ' + unix_time_format(Number(res[2])) + '</div><br>' +
-              '<div class="text-start badge bg-info" style="min-width: 70px;">SSO @ ' + unix_time_format(Number(res[3])) + '</div>';
-          }
+          responsivePriority: 7
         },
         {
           title: lang.last_pw_change,

From 52f3f93aeef939dcf831ba26e82d1c9e34aa54b8 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Mon, 11 Nov 2024 16:50:14 +0100
Subject: [PATCH 362/755] update.sh: precaution ask for deletion of
 dns_blocklists.cf if old format (#6154)

---
 update.sh | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/update.sh b/update.sh
index fe8aee72f..cf94eb71c 100755
--- a/update.sh
+++ b/update.sh
@@ -275,6 +275,34 @@ detect_bad_asn() {
   fi
 }
 
+fix_broken_dnslist_conf() {
+
+# Fixing issue: #6143. To be removed in a later patch
+
+  local file="${SCRIPT_DIR}/data/conf/postfix/dns_blocklists.cf"
+    # Check if the file exists
+  if [[ ! -f "$file" ]]; then
+      return 1
+  fi
+
+  # Check if the file contains the autogenerated comment
+  if grep -q "# Autogenerated by mailcow" "$file"; then
+      # Ask the user if custom changes were made
+      echo -e "\e[91mWARNING!!! \e[31mAn old version of dns_blocklists.cnf has been detected which may cause a broken postfix upon startup (see: https://github.com/mailcow/mailcow-dockerized/issues/6143)...\e[0m"
+      echo -e "\e[31mIf you have any custom settings in there you might copy it away and adapt the changes after the file is regenerated...\e[0m"
+      read -p "Do you want to delete the file now and let mailcow regenerate it properly? " response
+      if [[ "${response}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+        rm "$file"
+        echo -e "\e[32mdns_blocklists.cf has been deleted and will be properly regenerated"
+        return 0
+      else
+        echo -e "\e[35mOk, not deleting it! Please make sure you take a look at postfix upon start then..."
+        return 2
+      fi
+  fi  
+
+}
+
 ############## End Function Section ##############
 
 # Check permissions
@@ -437,6 +465,8 @@ source mailcow.conf
 
 detect_docker_compose_command
 
+fix_broken_dnslist_conf
+
 DOTS=${MAILCOW_HOSTNAME//[^.]};
 if [ ${#DOTS} -lt 1 ]; then
   echo -e "\e[31mMAILCOW_HOSTNAME (${MAILCOW_HOSTNAME}) is not a FQDN!\e[0m"

From dc5a28111d1d77915234d1e4d9f2853fb9e4b59a Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Mon, 11 Nov 2024 21:39:15 +0100
Subject: [PATCH 363/755] [Web] Updated lang.zh-cn.json (#6151)

[Web] Updated lang.zh-cn.json

Co-authored-by: Easton Man <me@eastonman.com>
---
 data/web/lang/lang.zh-cn.json | 145 ++++++++++++++++++++++++++++------
 1 file changed, 123 insertions(+), 22 deletions(-)

diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index bac42e5d7..ca6c9aaf2 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -63,7 +63,7 @@
         "exclude": "拒绝对象 (Regex)",
         "full_name": "全称",
         "gal": "全球地址簿",
-        "gal_info": "<b>全球地址簿</b>包含了域名下的所有对象，并且此行为不能被用户更改。如果关闭，用户的 \"空闲/繁忙\" 的状态将无法在 SOGo 中显示。 <b>重启 SOGo 服务以应用更改。</b>",
+        "gal_info": "全球地址簿包含了域名下的所有对象，并且此行为不能被用户更改。如果关闭，用户的 \"空闲/繁忙\" 的状态将无法在 SOGo 中显示。 <b>重启 SOGo 服务以应用更改。</b>",
         "generate": "生成",
         "goto_ham": "学习为<span class=\"text-success\"><b>非垃圾邮件</b></span>",
         "goto_null": "静默丢弃邮件",
@@ -146,7 +146,7 @@
         "arrival_time": "到达时间 (服务器时间)",
         "authed_user": "已认证用户",
         "ays": "确定继续操作?",
-        "ban_list_info": "以下为被封禁的 IP 列表: <b>网络 (剩余封禁时间) - [操作]</b>。<br />被取消封禁的 IP 将会在几秒之内从封禁列表中移除<br />红色标签表示因黑名单而导致的永久封禁",
+        "ban_list_info": "以下为被封禁的 IP 列表: <b>网络 (剩余封禁时间) - [操作]</b>。<br />被取消封禁的 IP 将会在几秒之内从封禁列表中移除<br />红色标签表示因黑名单而导致的永久封禁。",
         "change_logo": "更改 Logo",
         "configuration": "配置",
         "convert_html_to_text": "将 HTML 转换为纯文本内容",
@@ -292,7 +292,7 @@
         "rsettings_preset_2": "允许管理员接收垃圾邮件",
         "rsettings_preset_3": "只允许指定的发件人发信 (例如只允许内部邮箱发送)",
         "rsettings_preset_4": "禁用域名的 Rspamd 服务",
-        "rspamd_com_settings": "设置名称将会自动生成，请看参考下方的示例预设。查看<a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd 文档</a>以了解更多的细节。",
+        "rspamd_com_settings": "设置名称将会自动生成，请看参考下方的示例预设。查看<a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd 文档</a>以了解更多的细节",
         "rspamd_global_filters": "全局过滤规则",
         "rspamd_global_filters_agree": "我会小心谨慎的!",
         "rspamd_global_filters_info": "全局过滤规则包含了不同类型的全局黑名单和白名单。",
@@ -353,7 +353,7 @@
         "password_reset_tmpl_html": "HTML 模版",
         "password_reset_tmpl_text": "文字模版",
         "password_settings": "密码设定",
-        "restore_template": "留空以恢复预设模版",
+        "restore_template": "留空以恢复预设模版。",
         "ip_check": "IP 检查",
         "ip_check_disabled": "IP 检查已禁用。你可透过以下路径启用<br> <strong>系统 > 配置 > 选项 > 页面自定义</strong>",
         "queue_unban": "解除封禁",
@@ -481,7 +481,21 @@
         "template_exists": "模板 %s 已存在",
         "template_name_invalid": "模板名称无效",
         "cors_invalid_method": "制定的允许模式无效",
-        "cors_invalid_origin": "指定的允许原无效"
+        "cors_invalid_origin": "指定的允许原无效",
+        "reset_token_limit_exceeded": "Reset token 数量已达上限。请稍后再尝试。",
+        "extended_sender_acl_denied": "缺少设置外部发送者地址的 ACL",
+        "img_dimensions_exceeded": "图片超出最大图片大小",
+        "img_size_exceeded": "图片超过最大文件大小",
+        "invalid_reset_token": "不合法的 reset token",
+        "password_reset_invalid_user": "未找到此信箱或未设置恢复邮箱",
+        "password_reset_na": "密码恢复目前无法使用。请联系您的管理员。",
+        "recovery_email_failed": "无法发送恢复邮件。请联系您的管理员。",
+        "template_id_invalid": "Template ID %s 无效",
+        "to_invalid": "收件人不能为空",
+        "webauthn_authenticator_failed": "找不到所选的 authenticator",
+        "webauthn_publickey_failed": "没有为选定的身份验证器保存公钥",
+        "webauthn_username_failed": "所选的 authenticator 属于另一个账户",
+        "demo_mode_enabled": "演示模式已开启"
     },
     "debug": {
         "chart_this_server": "图表 (此服务器)",
@@ -516,7 +530,13 @@
         "error_show_ip": "无法解析公网IP地址",
         "show_ip": "显示公网IP",
         "update_available": "有可用更新",
-        "update_failed": "无法检查更新"
+        "update_failed": "无法检查更新",
+        "architecture": "结构",
+        "container_stopped": "已停止",
+        "current_time": "系统时间",
+        "timezone": "时区",
+        "no_update_available": "系统已经是最新版本",
+        "wip": "正在施工中"
     },
     "diagnostics": {
         "cname_from_a": "来自 A/AAAA 记录的值。但只要记录指向正确的资源即可。",
@@ -640,7 +660,31 @@
         "title": "编辑对象",
         "unchanged_if_empty": "如果不更改则留空",
         "username": "用户名",
-        "validate_save": "验证并保存"
+        "validate_save": "验证并保存",
+        "domain_footer_info_vars": {
+            "from_name": "{= from_name =}   - 信件中的 From name 字段，例如对于 \"Mailcow &lt;moo@mailcow.tld&gt;\" 来说它是 \"Mailcow\"",
+            "auth_user": "{= auth_user =}   - MTA 指定的经过认证的用户名",
+            "from_user": "{= from_user =}   - 信件中的 From user 字段，例如对于 \"moo@mailcow.tld\" 来说它是 \"moo\"",
+            "from_addr": "{= from_addr =}   - 信件中的 From address 字段",
+            "from_domain": "{= from_domain =} - 信件中的 From domain 字段",
+            "custom": "{= foo =}         - 如果信箱有一个自定义属性 \"foo\" 的值为 \"bar\"， 它将返回 \"bar\""
+        },
+        "created_on": "创建于",
+        "custom_attributes": "自定义属性",
+        "mailbox_rename": "重命名信箱",
+        "mailbox_rename_agree": "我已经创建了一个备份。",
+        "mailbox_rename_warning": "重要！ 重命名信箱之前请先创建备份。",
+        "mailbox_rename_alias": "自动创建别名",
+        "mailbox_rename_title": "新本地信箱的名字",
+        "password_recovery_email": "密码重置邮箱",
+        "domain_footer": "域页脚",
+        "domain_footer_html": "HTML footer",
+        "domain_footer_info": "Domain-wide footers 会被加入到该 domain 下的地址发出的所有邮件中。 <br> 下列变量可以在 footer 中使用：",
+        "domain_footer_plain": "纯文字 footer",
+        "domain_footer_skip_replies": "在回信中忽略 footer",
+        "footer_exclude": "从 footer 中排除",
+        "last_modified": "上次修改时间",
+        "pushover_sound": "声音"
     },
     "fido2": {
         "confirm": "确认",
@@ -675,13 +719,14 @@
     "header": {
         "administration": "配置和管理",
         "apps": "应用",
-        "debug": "系统信息",
+        "debug": "信息",
         "email": "E-Mail",
         "mailcow_config": "配置",
         "quarantine": "隔离",
         "restart_netfilter": "重启 netfilter",
         "restart_sogo": "重启 SOGo",
-        "user_settings": "用户设置"
+        "user_settings": "用户设置",
+        "mailcow_system": "系统"
     },
     "info": {
         "awaiting_tfa_confirmation": "等待 TFA 确认",
@@ -695,7 +740,14 @@
         "mobileconfig_info": "请使用邮箱用户登录以下载 Apple 连接描述文件。",
         "other_logins": "Key 登录",
         "password": "密码",
-        "username": "用户名"
+        "username": "用户名",
+        "forgot_password": "> 忘记密码？",
+        "back_to_mailcow": "返回到 mailcow",
+        "new_password": "新密码",
+        "new_password_confirm": "确认新密码",
+        "reset_password": "重置密码",
+        "request_reset_password": "请求重置密码",
+        "invalid_pass_reset_token": "密码重置 token 无效或已过期。<br> 请重新获取新的密码重置链接。"
     },
     "mailbox": {
         "action": "操作",
@@ -799,9 +851,9 @@
         "recipient_map": "收件人映射",
         "recipient_map_info": "收件人映射用于在邮件被发送前替换收件人的地址。",
         "recipient_map_new": "新收件人",
-        "recipient_map_new_info": "新收件人必须为合法的邮箱地址",
+        "recipient_map_new_info": "新收件人必须为合法的邮箱地址。",
         "recipient_map_old": "原收件人",
-        "recipient_map_old_info": "原收件人必须为合法的邮箱地址",
+        "recipient_map_old_info": "原收件人必须为合法的邮箱地址。",
         "recipient_maps": "收件人映射",
         "relay_all": "中继所有收件人",
         "remove": "删除",
@@ -818,7 +870,7 @@
         "sieve_preset_5": "自动回复 (休假)",
         "sieve_preset_6": "拒绝接收邮件并通知",
         "sieve_preset_7": "重定向邮件并保留或删除",
-        "sieve_preset_8": "删除发件人发送给自己别名地址的邮件",
+        "sieve_preset_8": "重定向来自特定发件人的邮件，标记为已读并放入子文件夹中",
         "sieve_preset_header": "请看下方的示例预设。 查看 <a href=\"https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)\" target=\"_blank\">Sieve Wikipedia 页面 (英文)</a>以了解更多细节。",
         "sogo_visible": "SOGo 别名显示",
         "sogo_visible_n": "在 SOGo 中隐藏别名",
@@ -860,10 +912,20 @@
         "mailbox_templates": "邮箱模板",
         "gal": "全局地址列表",
         "max_aliases": "最大别名数",
-        "max_mailboxes": "最大可能的邮箱数"
+        "max_mailboxes": "最大可能的邮箱数",
+        "created_on": "建立于",
+        "force_pw_update": "强制在下一次登陆时更新密码",
+        "add_template": "新增模板",
+        "goto_ham": "学习为 <b> 非垃圾邮件 </b>",
+        "goto_spam": "学习为 <b> 垃圾邮件 </b>",
+        "last_modified": "上次修改时间",
+        "max_quota": "每个信箱的最大容量配额",
+        "relay_unknown": "转发未知信箱",
+        "templates": "模板",
+        "template": "模板"
     },
     "oauth2": {
-        "access_denied": "请作为邮箱所有者登录以使用 OAuth2 授权",
+        "access_denied": "请作为邮箱所有者登录以使用 OAuth2 授权。",
         "authorize_app": "授权应用",
         "deny": "拒绝",
         "permit": "授权应用",
@@ -926,7 +988,19 @@
     },
     "queue": {
         "queue_manager": "队列管理器",
-        "delete": "全部删除"
+        "delete": "全部删除",
+        "info": "邮件队列包含所有等待投递的邮件。如果邮件长时间停留在邮件队列中，系统会自动将其删除。<br>对应的邮件错误信息会提供有关邮件无法送达的原因。",
+        "flush": "刷新队列",
+        "legend": "邮件队列操作功能：",
+        "ays": "请确认您要删除当前队列中的所有项目。",
+        "deliver_mail": "投递",
+        "deliver_mail_legend": "尝试重新投递选中的邮件。",
+        "hold_mail": "保留",
+        "hold_mail_legend": "保持选中的邮件。（不继续投递）",
+        "show_message": "显示内容",
+        "unban": "队列解除限制",
+        "unhold_mail": "取消保持",
+        "unhold_mail_legend": "允许选中的邮件继续投递。（需要在保持状态）"
     },
     "ratelimit": {
         "disabled": "禁用",
@@ -994,7 +1068,7 @@
         "nginx_reloaded": "Nginx 已重新启动",
         "object_modified": "已保存对象 %s 更改",
         "password_policy_saved": "已成功保存密码规则",
-        "pushover_settings_edited": "已成功设置 Pushover，请重新校验凭证",
+        "pushover_settings_edited": "Pushover 设置已保存，请重新校验凭证。",
         "qlearn_spam": "消息 ID %s 已被学习为垃圾邮件并被删除",
         "queue_command_success": "成功执行配额命令",
         "recipient_map_entry_deleted": "已删除接收人映射 ID %s",
@@ -1018,7 +1092,17 @@
         "verified_fido2_login": "FIDO2 登录验证成功",
         "verified_totp_login": "TOTP 登录验证成功",
         "verified_webauthn_login": "WebAuthn 登录验证成功",
-        "verified_yotp_login": "Yubico OTP 登录验证成功"
+        "verified_yotp_login": "Yubico OTP 登录验证成功",
+        "domain_footer_modified": "对域 footer %s 的修改已保存",
+        "cors_headers_edited": "CORS 设置已保存",
+        "ip_check_opt_in_modified": "IP 检查已保存",
+        "f2b_banlist_refreshed": "黑名单 ID 已成功刷新。",
+        "mailbox_renamed": "信箱 %s 已被重命名为 %s",
+        "password_changed_success": "密码重置成功",
+        "recovery_email_sent": "重置邮件已发送至 %s",
+        "template_added": "新增了模板 %s",
+        "template_modified": "模板 %s 的修改已保存",
+        "template_removed": "模板 ID %s 已删除"
     },
     "tfa": {
         "api_register": "%s 使用了 Yubico Cloud API，请<a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">在此</a>为你的密钥获取 API 密钥",
@@ -1045,7 +1129,8 @@
         "webauthn": "WebAuthn 认证",
         "waiting_usb_auth": "<i>等待 USB 设备中...</i><br><br>现在请触碰你的 WebAuthn USB 设备上的按钮。",
         "waiting_usb_register": "<i>等待 USB 设备中...</i><br><br>请在上方输入你的密码并请触碰你的 WebAuthn USB 设备上的按钮以确认注册该 WebAuthn 设备。",
-        "yubi_otp": "Yubico OTP 认证"
+        "yubi_otp": "Yubico OTP 认证",
+        "authenticators": "验证器（Authenticators）"
     },
     "user": {
         "action": "操作",
@@ -1062,7 +1147,7 @@
         "alias_valid_until": "有效至",
         "aliases_also_send_as": "同时允许发送为",
         "aliases_send_as_all": "已关闭发件人可访性检查的域名和域名别名",
-        "app_hint": "应用密码是你登录 <b>IMAP 和 SMTP</b> 时的可选替代密码，用户名仍然保持不变。<br>应用密码不适用于 SOGo (包括 ActiveSync) ",
+        "app_hint": "应用密码是你登录 <b>IMAP 和 SMTP</b> 时的可选替代密码，用户名仍然保持不变。<br>应用密码不适用于 SOGo (包括 ActiveSync)。",
         "allowed_protocols": "允许使用的协议",
         "app_name": "应用名称",
         "app_passwds": "应用密码",
@@ -1206,7 +1291,12 @@
         "weeks": "周",
         "with_app_password": "包含应用密码",
         "year": "年",
-        "years": "年"
+        "years": "年",
+        "pw_recovery_email": "密码重置邮箱",
+        "password_reset_info": "如果不提供密码重置邮箱，此功能将无法使用。",
+        "pushover_sound": "声音",
+        "value": "值",
+        "attribute": "属性"
     },
     "warning": {
         "cannot_delete_self": "不能删除已登录的用户",
@@ -1233,6 +1323,17 @@
             "last": "最后一页",
             "previous": "上一页",
             "next": "下一页"
-        }
+        },
+        "aria": {
+            "sortDescending": ": 激活以降序对列进行排序",
+            "sortAscending": ": 激活以升序对列进行排序"
+        },
+        "decimal": ".",
+        "emptyTable": "表中没有可用的数据",
+        "infoFiltered": "（从 _MAX_ 个总条目中过滤）",
+        "thousands": ",",
+        "lengthMenu": "显示 _MENU_ 条目",
+        "loadingRecords": "加载中...",
+        "zeroRecords": "未找到符合条件的记录"
     }
 }

From afe0ba74d28665c64dbbfebfea8654ea144ec959 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Tue, 12 Nov 2024 11:11:34 +0100
Subject: [PATCH 364/755] compose: bump sogo version to include 5.11.2 (#6156)

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index c462ba88c..56e6d4bfb 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -177,7 +177,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.127
+      image: mailcow/sogo:1.127.1
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}

From b90375b6e5f76d8653002eb13f52901b28e2adc5 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Tue, 12 Nov 2024 15:56:23 +0100
Subject: [PATCH 365/755] php: use correct php image + workaround of #6149
 (#6159)

* compose: bump php-fpm container to correctly use patched c-ares

* [Web] check $containers_info contains required fields

---------

Co-authored-by: FreddleSpl0it <patschul@posteo.de>
---
 data/web/debug.php | 22 +++++++++++++---------
 docker-compose.yml |  2 +-
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/data/web/debug.php b/data/web/debug.php
index 9c338009c..4a099cb6e 100644
--- a/data/web/debug.php
+++ b/data/web/debug.php
@@ -23,11 +23,15 @@ $exec_fields = array('cmd' => 'system', 'task' => 'df', 'dir' => '/var/vmail');
 $vmail_df = explode(',', (string)json_decode(docker('post', 'dovecot-mailcow', 'exec', $exec_fields), true));
 
 // containers
-$containers = (array) docker('info');
-if ($clamd_status === false) unset($containers['clamd-mailcow']);
-if ($solr_status === false) unset($containers['solr-mailcow']);
-ksort($containers);
-foreach ($containers as $container => $container_info) {
+$containers_info = (array) docker('info');
+if ($clamd_status === false) unset($containers_info['clamd-mailcow']);
+if ($solr_status === false) unset($containers_info['solr-mailcow']);
+ksort($containers_info);
+$containers = array();
+foreach ($containers_info as $container => $container_info) {
+  if (!isset($container_info['State']) || !is_array($container_info['State']) || !isset($container_info['State']['StartedAt'])){
+    continue;
+  }
   date_default_timezone_set('UTC');
   $StartedAt = date_parse($container_info['State']['StartedAt']);
   if ($StartedAt['hour'] !== false) {
@@ -42,15 +46,15 @@ foreach ($containers as $container => $container_info) {
     try {
       $user_tz = new DateTimeZone(getenv('TZ'));
       $date->setTimezone($user_tz);
-      $started = $date->format('r');
+      $container_info['State']['StartedAtHR'] = $date->format('r');
     } catch(Exception $e) {
-      $started = '?';
+      $container_info['State']['StartedAtHR'] = '?';
     }
   }
   else {
-    $started = '?';
+    $container_info['State']['StartedAtHR'] = '?';
   }
-  $containers[$container]['State']['StartedAtHR'] = $started;
+  $containers[$container] = $container_info;
 }
 
 // get mailcow data
diff --git a/docker-compose.yml b/docker-compose.yml
index 56e6d4bfb..b0324521a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -112,7 +112,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.91
+      image: mailcow/phpfpm:1.91.1
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow

From 4d688c55007216e50434060398ee91b2755e25d6 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Tue, 12 Nov 2024 15:57:17 +0100
Subject: [PATCH 366/755] 2024-11a (#6160)

* update.sh: precaution ask for deletion of dns_blocklists.cf if old format (#6154)

* [Web] Updated lang.zh-cn.json (#6151)

[Web] Updated lang.zh-cn.json

Co-authored-by: Easton Man <me@eastonman.com>

* compose: bump sogo version to include 5.11.2 (#6156)

* php: use correct php image + workaround of #6149 (#6159)

* compose: bump php-fpm container to correctly use patched c-ares

* [Web] check $containers_info contains required fields

---------

Co-authored-by: FreddleSpl0it <patschul@posteo.de>

---------

Co-authored-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: Easton Man <me@eastonman.com>
Co-authored-by: FreddleSpl0it <patschul@posteo.de>
---
 data/web/debug.php            |  22 +++---
 data/web/lang/lang.zh-cn.json | 145 ++++++++++++++++++++++++++++------
 docker-compose.yml            |   4 +-
 update.sh                     |  30 +++++++
 4 files changed, 168 insertions(+), 33 deletions(-)

diff --git a/data/web/debug.php b/data/web/debug.php
index 9c338009c..4a099cb6e 100644
--- a/data/web/debug.php
+++ b/data/web/debug.php
@@ -23,11 +23,15 @@ $exec_fields = array('cmd' => 'system', 'task' => 'df', 'dir' => '/var/vmail');
 $vmail_df = explode(',', (string)json_decode(docker('post', 'dovecot-mailcow', 'exec', $exec_fields), true));
 
 // containers
-$containers = (array) docker('info');
-if ($clamd_status === false) unset($containers['clamd-mailcow']);
-if ($solr_status === false) unset($containers['solr-mailcow']);
-ksort($containers);
-foreach ($containers as $container => $container_info) {
+$containers_info = (array) docker('info');
+if ($clamd_status === false) unset($containers_info['clamd-mailcow']);
+if ($solr_status === false) unset($containers_info['solr-mailcow']);
+ksort($containers_info);
+$containers = array();
+foreach ($containers_info as $container => $container_info) {
+  if (!isset($container_info['State']) || !is_array($container_info['State']) || !isset($container_info['State']['StartedAt'])){
+    continue;
+  }
   date_default_timezone_set('UTC');
   $StartedAt = date_parse($container_info['State']['StartedAt']);
   if ($StartedAt['hour'] !== false) {
@@ -42,15 +46,15 @@ foreach ($containers as $container => $container_info) {
     try {
       $user_tz = new DateTimeZone(getenv('TZ'));
       $date->setTimezone($user_tz);
-      $started = $date->format('r');
+      $container_info['State']['StartedAtHR'] = $date->format('r');
     } catch(Exception $e) {
-      $started = '?';
+      $container_info['State']['StartedAtHR'] = '?';
     }
   }
   else {
-    $started = '?';
+    $container_info['State']['StartedAtHR'] = '?';
   }
-  $containers[$container]['State']['StartedAtHR'] = $started;
+  $containers[$container] = $container_info;
 }
 
 // get mailcow data
diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index bac42e5d7..ca6c9aaf2 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -63,7 +63,7 @@
         "exclude": "拒绝对象 (Regex)",
         "full_name": "全称",
         "gal": "全球地址簿",
-        "gal_info": "<b>全球地址簿</b>包含了域名下的所有对象，并且此行为不能被用户更改。如果关闭，用户的 \"空闲/繁忙\" 的状态将无法在 SOGo 中显示。 <b>重启 SOGo 服务以应用更改。</b>",
+        "gal_info": "全球地址簿包含了域名下的所有对象，并且此行为不能被用户更改。如果关闭，用户的 \"空闲/繁忙\" 的状态将无法在 SOGo 中显示。 <b>重启 SOGo 服务以应用更改。</b>",
         "generate": "生成",
         "goto_ham": "学习为<span class=\"text-success\"><b>非垃圾邮件</b></span>",
         "goto_null": "静默丢弃邮件",
@@ -146,7 +146,7 @@
         "arrival_time": "到达时间 (服务器时间)",
         "authed_user": "已认证用户",
         "ays": "确定继续操作?",
-        "ban_list_info": "以下为被封禁的 IP 列表: <b>网络 (剩余封禁时间) - [操作]</b>。<br />被取消封禁的 IP 将会在几秒之内从封禁列表中移除<br />红色标签表示因黑名单而导致的永久封禁",
+        "ban_list_info": "以下为被封禁的 IP 列表: <b>网络 (剩余封禁时间) - [操作]</b>。<br />被取消封禁的 IP 将会在几秒之内从封禁列表中移除<br />红色标签表示因黑名单而导致的永久封禁。",
         "change_logo": "更改 Logo",
         "configuration": "配置",
         "convert_html_to_text": "将 HTML 转换为纯文本内容",
@@ -292,7 +292,7 @@
         "rsettings_preset_2": "允许管理员接收垃圾邮件",
         "rsettings_preset_3": "只允许指定的发件人发信 (例如只允许内部邮箱发送)",
         "rsettings_preset_4": "禁用域名的 Rspamd 服务",
-        "rspamd_com_settings": "设置名称将会自动生成，请看参考下方的示例预设。查看<a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd 文档</a>以了解更多的细节。",
+        "rspamd_com_settings": "设置名称将会自动生成，请看参考下方的示例预设。查看<a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd 文档</a>以了解更多的细节",
         "rspamd_global_filters": "全局过滤规则",
         "rspamd_global_filters_agree": "我会小心谨慎的!",
         "rspamd_global_filters_info": "全局过滤规则包含了不同类型的全局黑名单和白名单。",
@@ -353,7 +353,7 @@
         "password_reset_tmpl_html": "HTML 模版",
         "password_reset_tmpl_text": "文字模版",
         "password_settings": "密码设定",
-        "restore_template": "留空以恢复预设模版",
+        "restore_template": "留空以恢复预设模版。",
         "ip_check": "IP 检查",
         "ip_check_disabled": "IP 检查已禁用。你可透过以下路径启用<br> <strong>系统 > 配置 > 选项 > 页面自定义</strong>",
         "queue_unban": "解除封禁",
@@ -481,7 +481,21 @@
         "template_exists": "模板 %s 已存在",
         "template_name_invalid": "模板名称无效",
         "cors_invalid_method": "制定的允许模式无效",
-        "cors_invalid_origin": "指定的允许原无效"
+        "cors_invalid_origin": "指定的允许原无效",
+        "reset_token_limit_exceeded": "Reset token 数量已达上限。请稍后再尝试。",
+        "extended_sender_acl_denied": "缺少设置外部发送者地址的 ACL",
+        "img_dimensions_exceeded": "图片超出最大图片大小",
+        "img_size_exceeded": "图片超过最大文件大小",
+        "invalid_reset_token": "不合法的 reset token",
+        "password_reset_invalid_user": "未找到此信箱或未设置恢复邮箱",
+        "password_reset_na": "密码恢复目前无法使用。请联系您的管理员。",
+        "recovery_email_failed": "无法发送恢复邮件。请联系您的管理员。",
+        "template_id_invalid": "Template ID %s 无效",
+        "to_invalid": "收件人不能为空",
+        "webauthn_authenticator_failed": "找不到所选的 authenticator",
+        "webauthn_publickey_failed": "没有为选定的身份验证器保存公钥",
+        "webauthn_username_failed": "所选的 authenticator 属于另一个账户",
+        "demo_mode_enabled": "演示模式已开启"
     },
     "debug": {
         "chart_this_server": "图表 (此服务器)",
@@ -516,7 +530,13 @@
         "error_show_ip": "无法解析公网IP地址",
         "show_ip": "显示公网IP",
         "update_available": "有可用更新",
-        "update_failed": "无法检查更新"
+        "update_failed": "无法检查更新",
+        "architecture": "结构",
+        "container_stopped": "已停止",
+        "current_time": "系统时间",
+        "timezone": "时区",
+        "no_update_available": "系统已经是最新版本",
+        "wip": "正在施工中"
     },
     "diagnostics": {
         "cname_from_a": "来自 A/AAAA 记录的值。但只要记录指向正确的资源即可。",
@@ -640,7 +660,31 @@
         "title": "编辑对象",
         "unchanged_if_empty": "如果不更改则留空",
         "username": "用户名",
-        "validate_save": "验证并保存"
+        "validate_save": "验证并保存",
+        "domain_footer_info_vars": {
+            "from_name": "{= from_name =}   - 信件中的 From name 字段，例如对于 \"Mailcow &lt;moo@mailcow.tld&gt;\" 来说它是 \"Mailcow\"",
+            "auth_user": "{= auth_user =}   - MTA 指定的经过认证的用户名",
+            "from_user": "{= from_user =}   - 信件中的 From user 字段，例如对于 \"moo@mailcow.tld\" 来说它是 \"moo\"",
+            "from_addr": "{= from_addr =}   - 信件中的 From address 字段",
+            "from_domain": "{= from_domain =} - 信件中的 From domain 字段",
+            "custom": "{= foo =}         - 如果信箱有一个自定义属性 \"foo\" 的值为 \"bar\"， 它将返回 \"bar\""
+        },
+        "created_on": "创建于",
+        "custom_attributes": "自定义属性",
+        "mailbox_rename": "重命名信箱",
+        "mailbox_rename_agree": "我已经创建了一个备份。",
+        "mailbox_rename_warning": "重要！ 重命名信箱之前请先创建备份。",
+        "mailbox_rename_alias": "自动创建别名",
+        "mailbox_rename_title": "新本地信箱的名字",
+        "password_recovery_email": "密码重置邮箱",
+        "domain_footer": "域页脚",
+        "domain_footer_html": "HTML footer",
+        "domain_footer_info": "Domain-wide footers 会被加入到该 domain 下的地址发出的所有邮件中。 <br> 下列变量可以在 footer 中使用：",
+        "domain_footer_plain": "纯文字 footer",
+        "domain_footer_skip_replies": "在回信中忽略 footer",
+        "footer_exclude": "从 footer 中排除",
+        "last_modified": "上次修改时间",
+        "pushover_sound": "声音"
     },
     "fido2": {
         "confirm": "确认",
@@ -675,13 +719,14 @@
     "header": {
         "administration": "配置和管理",
         "apps": "应用",
-        "debug": "系统信息",
+        "debug": "信息",
         "email": "E-Mail",
         "mailcow_config": "配置",
         "quarantine": "隔离",
         "restart_netfilter": "重启 netfilter",
         "restart_sogo": "重启 SOGo",
-        "user_settings": "用户设置"
+        "user_settings": "用户设置",
+        "mailcow_system": "系统"
     },
     "info": {
         "awaiting_tfa_confirmation": "等待 TFA 确认",
@@ -695,7 +740,14 @@
         "mobileconfig_info": "请使用邮箱用户登录以下载 Apple 连接描述文件。",
         "other_logins": "Key 登录",
         "password": "密码",
-        "username": "用户名"
+        "username": "用户名",
+        "forgot_password": "> 忘记密码？",
+        "back_to_mailcow": "返回到 mailcow",
+        "new_password": "新密码",
+        "new_password_confirm": "确认新密码",
+        "reset_password": "重置密码",
+        "request_reset_password": "请求重置密码",
+        "invalid_pass_reset_token": "密码重置 token 无效或已过期。<br> 请重新获取新的密码重置链接。"
     },
     "mailbox": {
         "action": "操作",
@@ -799,9 +851,9 @@
         "recipient_map": "收件人映射",
         "recipient_map_info": "收件人映射用于在邮件被发送前替换收件人的地址。",
         "recipient_map_new": "新收件人",
-        "recipient_map_new_info": "新收件人必须为合法的邮箱地址",
+        "recipient_map_new_info": "新收件人必须为合法的邮箱地址。",
         "recipient_map_old": "原收件人",
-        "recipient_map_old_info": "原收件人必须为合法的邮箱地址",
+        "recipient_map_old_info": "原收件人必须为合法的邮箱地址。",
         "recipient_maps": "收件人映射",
         "relay_all": "中继所有收件人",
         "remove": "删除",
@@ -818,7 +870,7 @@
         "sieve_preset_5": "自动回复 (休假)",
         "sieve_preset_6": "拒绝接收邮件并通知",
         "sieve_preset_7": "重定向邮件并保留或删除",
-        "sieve_preset_8": "删除发件人发送给自己别名地址的邮件",
+        "sieve_preset_8": "重定向来自特定发件人的邮件，标记为已读并放入子文件夹中",
         "sieve_preset_header": "请看下方的示例预设。 查看 <a href=\"https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)\" target=\"_blank\">Sieve Wikipedia 页面 (英文)</a>以了解更多细节。",
         "sogo_visible": "SOGo 别名显示",
         "sogo_visible_n": "在 SOGo 中隐藏别名",
@@ -860,10 +912,20 @@
         "mailbox_templates": "邮箱模板",
         "gal": "全局地址列表",
         "max_aliases": "最大别名数",
-        "max_mailboxes": "最大可能的邮箱数"
+        "max_mailboxes": "最大可能的邮箱数",
+        "created_on": "建立于",
+        "force_pw_update": "强制在下一次登陆时更新密码",
+        "add_template": "新增模板",
+        "goto_ham": "学习为 <b> 非垃圾邮件 </b>",
+        "goto_spam": "学习为 <b> 垃圾邮件 </b>",
+        "last_modified": "上次修改时间",
+        "max_quota": "每个信箱的最大容量配额",
+        "relay_unknown": "转发未知信箱",
+        "templates": "模板",
+        "template": "模板"
     },
     "oauth2": {
-        "access_denied": "请作为邮箱所有者登录以使用 OAuth2 授权",
+        "access_denied": "请作为邮箱所有者登录以使用 OAuth2 授权。",
         "authorize_app": "授权应用",
         "deny": "拒绝",
         "permit": "授权应用",
@@ -926,7 +988,19 @@
     },
     "queue": {
         "queue_manager": "队列管理器",
-        "delete": "全部删除"
+        "delete": "全部删除",
+        "info": "邮件队列包含所有等待投递的邮件。如果邮件长时间停留在邮件队列中，系统会自动将其删除。<br>对应的邮件错误信息会提供有关邮件无法送达的原因。",
+        "flush": "刷新队列",
+        "legend": "邮件队列操作功能：",
+        "ays": "请确认您要删除当前队列中的所有项目。",
+        "deliver_mail": "投递",
+        "deliver_mail_legend": "尝试重新投递选中的邮件。",
+        "hold_mail": "保留",
+        "hold_mail_legend": "保持选中的邮件。（不继续投递）",
+        "show_message": "显示内容",
+        "unban": "队列解除限制",
+        "unhold_mail": "取消保持",
+        "unhold_mail_legend": "允许选中的邮件继续投递。（需要在保持状态）"
     },
     "ratelimit": {
         "disabled": "禁用",
@@ -994,7 +1068,7 @@
         "nginx_reloaded": "Nginx 已重新启动",
         "object_modified": "已保存对象 %s 更改",
         "password_policy_saved": "已成功保存密码规则",
-        "pushover_settings_edited": "已成功设置 Pushover，请重新校验凭证",
+        "pushover_settings_edited": "Pushover 设置已保存，请重新校验凭证。",
         "qlearn_spam": "消息 ID %s 已被学习为垃圾邮件并被删除",
         "queue_command_success": "成功执行配额命令",
         "recipient_map_entry_deleted": "已删除接收人映射 ID %s",
@@ -1018,7 +1092,17 @@
         "verified_fido2_login": "FIDO2 登录验证成功",
         "verified_totp_login": "TOTP 登录验证成功",
         "verified_webauthn_login": "WebAuthn 登录验证成功",
-        "verified_yotp_login": "Yubico OTP 登录验证成功"
+        "verified_yotp_login": "Yubico OTP 登录验证成功",
+        "domain_footer_modified": "对域 footer %s 的修改已保存",
+        "cors_headers_edited": "CORS 设置已保存",
+        "ip_check_opt_in_modified": "IP 检查已保存",
+        "f2b_banlist_refreshed": "黑名单 ID 已成功刷新。",
+        "mailbox_renamed": "信箱 %s 已被重命名为 %s",
+        "password_changed_success": "密码重置成功",
+        "recovery_email_sent": "重置邮件已发送至 %s",
+        "template_added": "新增了模板 %s",
+        "template_modified": "模板 %s 的修改已保存",
+        "template_removed": "模板 ID %s 已删除"
     },
     "tfa": {
         "api_register": "%s 使用了 Yubico Cloud API，请<a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">在此</a>为你的密钥获取 API 密钥",
@@ -1045,7 +1129,8 @@
         "webauthn": "WebAuthn 认证",
         "waiting_usb_auth": "<i>等待 USB 设备中...</i><br><br>现在请触碰你的 WebAuthn USB 设备上的按钮。",
         "waiting_usb_register": "<i>等待 USB 设备中...</i><br><br>请在上方输入你的密码并请触碰你的 WebAuthn USB 设备上的按钮以确认注册该 WebAuthn 设备。",
-        "yubi_otp": "Yubico OTP 认证"
+        "yubi_otp": "Yubico OTP 认证",
+        "authenticators": "验证器（Authenticators）"
     },
     "user": {
         "action": "操作",
@@ -1062,7 +1147,7 @@
         "alias_valid_until": "有效至",
         "aliases_also_send_as": "同时允许发送为",
         "aliases_send_as_all": "已关闭发件人可访性检查的域名和域名别名",
-        "app_hint": "应用密码是你登录 <b>IMAP 和 SMTP</b> 时的可选替代密码，用户名仍然保持不变。<br>应用密码不适用于 SOGo (包括 ActiveSync) ",
+        "app_hint": "应用密码是你登录 <b>IMAP 和 SMTP</b> 时的可选替代密码，用户名仍然保持不变。<br>应用密码不适用于 SOGo (包括 ActiveSync)。",
         "allowed_protocols": "允许使用的协议",
         "app_name": "应用名称",
         "app_passwds": "应用密码",
@@ -1206,7 +1291,12 @@
         "weeks": "周",
         "with_app_password": "包含应用密码",
         "year": "年",
-        "years": "年"
+        "years": "年",
+        "pw_recovery_email": "密码重置邮箱",
+        "password_reset_info": "如果不提供密码重置邮箱，此功能将无法使用。",
+        "pushover_sound": "声音",
+        "value": "值",
+        "attribute": "属性"
     },
     "warning": {
         "cannot_delete_self": "不能删除已登录的用户",
@@ -1233,6 +1323,17 @@
             "last": "最后一页",
             "previous": "上一页",
             "next": "下一页"
-        }
+        },
+        "aria": {
+            "sortDescending": ": 激活以降序对列进行排序",
+            "sortAscending": ": 激活以升序对列进行排序"
+        },
+        "decimal": ".",
+        "emptyTable": "表中没有可用的数据",
+        "infoFiltered": "（从 _MAX_ 个总条目中过滤）",
+        "thousands": ",",
+        "lengthMenu": "显示 _MENU_ 条目",
+        "loadingRecords": "加载中...",
+        "zeroRecords": "未找到符合条件的记录"
     }
 }
diff --git a/docker-compose.yml b/docker-compose.yml
index c462ba88c..b0324521a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -112,7 +112,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.91
+      image: mailcow/phpfpm:1.91.1
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow
@@ -177,7 +177,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.127
+      image: mailcow/sogo:1.127.1
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}
diff --git a/update.sh b/update.sh
index fe8aee72f..cf94eb71c 100755
--- a/update.sh
+++ b/update.sh
@@ -275,6 +275,34 @@ detect_bad_asn() {
   fi
 }
 
+fix_broken_dnslist_conf() {
+
+# Fixing issue: #6143. To be removed in a later patch
+
+  local file="${SCRIPT_DIR}/data/conf/postfix/dns_blocklists.cf"
+    # Check if the file exists
+  if [[ ! -f "$file" ]]; then
+      return 1
+  fi
+
+  # Check if the file contains the autogenerated comment
+  if grep -q "# Autogenerated by mailcow" "$file"; then
+      # Ask the user if custom changes were made
+      echo -e "\e[91mWARNING!!! \e[31mAn old version of dns_blocklists.cnf has been detected which may cause a broken postfix upon startup (see: https://github.com/mailcow/mailcow-dockerized/issues/6143)...\e[0m"
+      echo -e "\e[31mIf you have any custom settings in there you might copy it away and adapt the changes after the file is regenerated...\e[0m"
+      read -p "Do you want to delete the file now and let mailcow regenerate it properly? " response
+      if [[ "${response}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+        rm "$file"
+        echo -e "\e[32mdns_blocklists.cf has been deleted and will be properly regenerated"
+        return 0
+      else
+        echo -e "\e[35mOk, not deleting it! Please make sure you take a look at postfix upon start then..."
+        return 2
+      fi
+  fi  
+
+}
+
 ############## End Function Section ##############
 
 # Check permissions
@@ -437,6 +465,8 @@ source mailcow.conf
 
 detect_docker_compose_command
 
+fix_broken_dnslist_conf
+
 DOTS=${MAILCOW_HOSTNAME//[^.]};
 if [ ${#DOTS} -lt 1 ]; then
   echo -e "\e[31mMAILCOW_HOSTNAME (${MAILCOW_HOSTNAME}) is not a FQDN!\e[0m"

From b9f52df3f10e43c1fc9364ff0ef5a6008d959a40 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 13 Nov 2024 12:04:49 +0100
Subject: [PATCH 367/755] [Web] update _sogo_static_view on password reset

---
 data/web/inc/functions.inc.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index fd6c7fc2f..124683dbf 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2515,6 +2515,8 @@ function reset_password($action, $data = null) {
         ':username' => $username
       ));
 
+      update_sogo_static_view($username);
+
       $_SESSION['return'][] = array(
         'type' => 'success',
         'log' => array(__FUNCTION__, $action, $_data_log),

From 6d1f7482edae6927fa1b2b540d5ef11fa8e2bcb2 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 13 Nov 2024 10:42:38 +0100
Subject: [PATCH 368/755] [Web] broadcast maildir move to dovecot containers on
 mailbox_rename

---
 data/web/inc/functions.mailbox.inc.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 9de665675..73c115411 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -3351,7 +3351,12 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             'old_maildir' => $domain . '/' . $old_local_part,
             'new_maildir' => $domain . '/' . $new_local_part
           );
-          docker('post', 'dovecot-mailcow', 'exec', $exec_fields);
+          if (getenv("CLUSTERMODE") == "replication") {
+            // broadcast to each dovecot container
+            docker('broadcast', 'dovecot-mailcow', 'exec', $exec_fields);
+          } else {
+            docker('post', 'dovecot-mailcow', 'exec', $exec_fields);
+          }
 
           // rename username in sogo
           $exec_fields = array(

From d10d64dd9216ca0d0f70280a3c7a4c12bbc463dc Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Fri, 15 Nov 2024 16:07:18 +0100
Subject: [PATCH 369/755] mysql: increased thread_stack to 192k since 10.5.27

---
 data/conf/mysql/my.cnf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/conf/mysql/my.cnf b/data/conf/mysql/my.cnf
index b4c348863..489b973c4 100644
--- a/data/conf/mysql/my.cnf
+++ b/data/conf/mysql/my.cnf
@@ -20,7 +20,7 @@ thread_cache_size       = 8
 query_cache_type        = 0
 query_cache_size        = 0
 max_heap_table_size     = 48M
-thread_stack            = 128K
+thread_stack            = 192K
 skip-host-cache
 skip-name-resolve
 log-warnings            = 0

From 5ad4ab5b60b5f4496d01b623dca44d862cfff868 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Fri, 15 Nov 2024 16:39:06 +0100
Subject: [PATCH 370/755] update.sh: fixed typos

---
 update.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/update.sh b/update.sh
index cf94eb71c..3afe623c2 100755
--- a/update.sh
+++ b/update.sh
@@ -288,9 +288,9 @@ fix_broken_dnslist_conf() {
   # Check if the file contains the autogenerated comment
   if grep -q "# Autogenerated by mailcow" "$file"; then
       # Ask the user if custom changes were made
-      echo -e "\e[91mWARNING!!! \e[31mAn old version of dns_blocklists.cnf has been detected which may cause a broken postfix upon startup (see: https://github.com/mailcow/mailcow-dockerized/issues/6143)...\e[0m"
+      echo -e "\e[91mWARNING!!! \e[31mAn old version of dns_blocklists.cf has been detected which may cause a broken postfix upon startup (see: https://github.com/mailcow/mailcow-dockerized/issues/6143)...\e[0m"
       echo -e "\e[31mIf you have any custom settings in there you might copy it away and adapt the changes after the file is regenerated...\e[0m"
-      read -p "Do you want to delete the file now and let mailcow regenerate it properly? " response
+      read -p "Do you want to delete the file now and let mailcow regenerate it properly? [y/n]" response
       if [[ "${response}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
         rm "$file"
         echo -e "\e[32mdns_blocklists.cf has been deleted and will be properly regenerated"

From 70ca5fde9520f78414b66b2db789a0524cb4975f Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 19 Nov 2024 08:39:52 +0100
Subject: [PATCH 371/755] [Nginx] Use jinja2 for templating nginx configuration

---
 data/Dockerfiles/nginx/Dockerfile             |  18 ++
 data/Dockerfiles/nginx/bootstrap.py           |  76 +++++
 data/Dockerfiles/nginx/docker-entrypoint.sh   |  26 ++
 data/conf/nginx/000-map-size.conf             |   3 -
 data/conf/nginx/dynmaps.conf                  |  19 --
 data/conf/nginx/includes/site-defaults.conf   | 242 ---------------
 data/conf/nginx/includes/sogo_proxy_auth.conf |   8 -
 data/conf/nginx/meta_exporter.conf            |  19 --
 data/conf/nginx/nginx.conf.j2                 | 119 ++++++++
 data/conf/nginx/site.conf                     |  10 -
 data/conf/nginx/sites-default.conf.j2         | 276 ++++++++++++++++++
 .../nginx/templates/listen_plain.template     |   2 -
 data/conf/nginx/templates/listen_ssl.template |   3 -
 .../nginx/templates/server_name.template.sh   |   1 -
 data/conf/nginx/templates/sites.template.sh   |  38 ---
 data/conf/nginx/templates/sogo.template       |   1 -
 .../conf/nginx/templates/sogo_eas.template.sh |   5 -
 docker-compose.yml                            |  29 +-
 18 files changed, 526 insertions(+), 369 deletions(-)
 create mode 100644 data/Dockerfiles/nginx/Dockerfile
 create mode 100644 data/Dockerfiles/nginx/bootstrap.py
 create mode 100755 data/Dockerfiles/nginx/docker-entrypoint.sh
 delete mode 100644 data/conf/nginx/000-map-size.conf
 delete mode 100644 data/conf/nginx/dynmaps.conf
 delete mode 100644 data/conf/nginx/includes/site-defaults.conf
 delete mode 100644 data/conf/nginx/includes/sogo_proxy_auth.conf
 delete mode 100644 data/conf/nginx/meta_exporter.conf
 create mode 100644 data/conf/nginx/nginx.conf.j2
 delete mode 100644 data/conf/nginx/site.conf
 create mode 100644 data/conf/nginx/sites-default.conf.j2
 delete mode 100644 data/conf/nginx/templates/listen_plain.template
 delete mode 100644 data/conf/nginx/templates/listen_ssl.template
 delete mode 100755 data/conf/nginx/templates/server_name.template.sh
 delete mode 100644 data/conf/nginx/templates/sites.template.sh
 delete mode 100644 data/conf/nginx/templates/sogo.template
 delete mode 100644 data/conf/nginx/templates/sogo_eas.template.sh

diff --git a/data/Dockerfiles/nginx/Dockerfile b/data/Dockerfiles/nginx/Dockerfile
new file mode 100644
index 000000000..7d2ce34f3
--- /dev/null
+++ b/data/Dockerfiles/nginx/Dockerfile
@@ -0,0 +1,18 @@
+FROM nginx:alpine
+LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
+
+ENV PIP_BREAK_SYSTEM_PACKAGES=1
+
+RUN apk add --no-cache nginx \
+  python3 \
+  py3-pip && \
+  pip install --upgrade pip && \
+  pip install Jinja2
+
+RUN mkdir -p /etc/nginx/includes
+
+COPY ./bootstrap.py /
+COPY ./docker-entrypoint.sh /
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
+CMD ["nginx", "-g", "daemon off;"]
diff --git a/data/Dockerfiles/nginx/bootstrap.py b/data/Dockerfiles/nginx/bootstrap.py
new file mode 100644
index 000000000..0d24ae9b2
--- /dev/null
+++ b/data/Dockerfiles/nginx/bootstrap.py
@@ -0,0 +1,76 @@
+import os
+import subprocess
+from jinja2 import Environment, FileSystemLoader
+
+
+def sites_default_conf(env, template_vars):
+  config_name = "sites-default.conf"
+  template = env.get_template(f"{config_name}.j2")
+  config = template.render(template_vars)
+
+  with open(f"/etc/nginx/includes/{config_name}", "w") as f:
+    f.write(config)
+
+def nginx_conf(env, template_vars):
+  config_name = "nginx.conf"
+  template = env.get_template(f"{config_name}.j2")
+  config = template.render(template_vars)
+
+  with open(f"/etc/nginx/{config_name}", "w") as f:
+    f.write(config)
+
+def prepare_template_vars():
+  template_vars = {
+    'IPV4_NETWORK': os.getenv("IPV4_NETWORK", "172.22.1"),
+    'TRUSTED_NETWORK': os.getenv("TRUSTED_NETWORK", False),
+    'SKIP_RSPAMD': os.getenv("SKIP_RSPAMD", "n").lower() in ("y", "yes"),
+    'SKIP_SOGO': os.getenv("SKIP_SOGO", "n").lower() in ("y", "yes"),
+    'NGINX_USE_PROXY_PROTOCOL': os.getenv("NGINX_USE_PROXY_PROTOCOL", "n").lower() in ("y", "yes"),
+    'MAILCOW_HOSTNAME': os.getenv("MAILCOW_HOSTNAME", ""),
+    'ADDITIONAL_SERVER_NAMES': os.getenv("ADDITIONAL_SERVER_NAMES", "").replace(',', ' '),
+    'HTTP_PORT': os.getenv("HTTP_PORT", "80"),
+    'HTTPS_PORT': os.getenv("HTTPS_PORT", "443"),
+    'SOGOHOST': os.getenv("SOGOHOST", "sogo-mailcow"),
+    'RSPAMDHOST': os.getenv("RSPAMDHOST", "rspamd-mailcow"),
+    'PHPFPMHOST': os.getenv("PHPFPMHOST", "php-fpm-mailcow"),
+  }
+
+  ssl_dir = '/etc/ssl/mail/'
+  template_vars['valid_cert_dirs'] = []
+  for d in os.listdir(ssl_dir):
+    full_path = os.path.join(ssl_dir, d)
+    if not os.path.isdir(full_path):
+      continue
+
+    cert_path = os.path.join(full_path, 'cert.pem')
+    key_path = os.path.join(full_path, 'key.pem')
+    domains_path = os.path.join(full_path, 'domains')
+
+    if os.path.isfile(cert_path) and os.path.isfile(key_path) and os.path.isfile(domains_path):
+      with open(domains_path, 'r') as file:
+        domains = file.read().strip()
+      domains_list = domains.split()
+      if domains_list and template_vars["MAILCOW_HOSTNAME"] not in domains_list:
+        template_vars['valid_cert_dirs'].append({
+          'cert_path': full_path + '/',
+          'domains': domains
+        })
+
+  return template_vars
+
+def main():
+  env = Environment(loader=FileSystemLoader('./etc/nginx/conf.d'))
+
+  # Render config
+  print("Render config")
+  template_vars = prepare_template_vars()
+  sites_default_conf(env, template_vars)
+  nginx_conf(env, template_vars)
+
+  # Validate config
+  print("Validate config")
+  subprocess.run(["nginx", "-qt"])
+
+
+if __name__ == "__main__":
+  main()
diff --git a/data/Dockerfiles/nginx/docker-entrypoint.sh b/data/Dockerfiles/nginx/docker-entrypoint.sh
new file mode 100755
index 000000000..beb0b4d9e
--- /dev/null
+++ b/data/Dockerfiles/nginx/docker-entrypoint.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+until ping ${REDISHOST} -c1 > /dev/null; do
+  echo "Waiting for Redis..."
+  sleep 1
+done
+until ping ${PHPFPMHOST} -c1 > /dev/null; do
+  echo "Waiting for PHP..."
+  sleep 1
+done
+if printf "%s\n" "${SKIP_SOGO}" | grep -E '^([yY][eE][sS]|[yY])+$' >/dev/null; then
+  until ping ${SOGOHOST} -c1 > /dev/null; do
+    echo "Waiting for SOGo..."
+    sleep 1
+  done
+fi
+if printf "%s\n" "${SKIP_RSPAMD}" | grep -E '^([yY][eE][sS]|[yY])+$' >/dev/null; then
+  until ping ${RSPAMDHOST} -c1 > /dev/null; do
+    echo "Waiting for Rspamd..."
+    sleep 1
+  done
+fi
+
+python3 /bootstrap.py
+
+exec "$@"
diff --git a/data/conf/nginx/000-map-size.conf b/data/conf/nginx/000-map-size.conf
deleted file mode 100644
index a834306ed..000000000
--- a/data/conf/nginx/000-map-size.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-map_hash_max_size 256;
-map_hash_bucket_size 256;
-
diff --git a/data/conf/nginx/dynmaps.conf b/data/conf/nginx/dynmaps.conf
deleted file mode 100644
index 99c0c6aaa..000000000
--- a/data/conf/nginx/dynmaps.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-server {
-  listen 8081;
-  listen [::]:8081;
-  index index.php index.html;
-  server_name _;
-  error_log  /var/log/nginx/error.log;
-  access_log /var/log/nginx/access.log;
-  root /dynmaps;
-
-  location ~ \.php$ {
-    try_files $uri =404;
-    fastcgi_split_path_info ^(.+\.php)(/.+)$;
-    fastcgi_pass phpfpm:9001;
-    fastcgi_index index.php;
-    include fastcgi_params;
-    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-    fastcgi_param PATH_INFO $fastcgi_path_info;
-  }
-}
diff --git a/data/conf/nginx/includes/site-defaults.conf b/data/conf/nginx/includes/site-defaults.conf
deleted file mode 100644
index 1d03e9398..000000000
--- a/data/conf/nginx/includes/site-defaults.conf
+++ /dev/null
@@ -1,242 +0,0 @@
-
-  include /etc/nginx/mime.types;
-  charset utf-8;
-  override_charset on;
-
-  server_tokens off;
-
-  ssl_protocols TLSv1.2 TLSv1.3;
-  ssl_prefer_server_ciphers on;
-  ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
-  ssl_ecdh_curve X25519:X448:secp384r1:secp256k1;
-  ssl_session_cache shared:SSL:50m;
-  ssl_session_timeout 1d;
-  ssl_session_tickets off;
-
-  add_header Strict-Transport-Security "max-age=15768000;";
-  add_header X-Content-Type-Options nosniff;
-  add_header X-XSS-Protection "1; mode=block";
-  add_header X-Robots-Tag none;
-  add_header X-Download-Options noopen;
-  add_header X-Frame-Options "SAMEORIGIN" always;
-  add_header X-Permitted-Cross-Domain-Policies none;
-  add_header Referrer-Policy strict-origin;
-
-  index index.php index.html;
-
-  client_max_body_size 0;
-
-  gzip on;
-  gzip_disable "msie6";
-
-  gzip_vary on;
-  gzip_proxied off;
-  gzip_comp_level 6;
-  gzip_buffers 16 8k;
-  gzip_http_version 1.1;
-  gzip_min_length 256;
-  gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
-
-  location ~ ^/(fonts|js|css|img)/ {
-    expires max;
-    add_header Cache-Control public;
-  }
-
-  error_log  /var/log/nginx/error.log;
-  access_log /var/log/nginx/access.log;
-  fastcgi_hide_header X-Powered-By;
-  absolute_redirect off;
-  root /web;
-
-  location / {
-    try_files $uri $uri/ @strip-ext;
-  }
-
-  location /qhandler {
-    rewrite ^/qhandler/(.*)/(.*) /qhandler.php?action=$1&hash=$2;
-  }
-
-  location /edit {
-    rewrite ^/edit/(.*)/(.*) /edit.php?$1=$2;
-  }
-
-  location @strip-ext {
-    rewrite ^(.*)$ $1.php last;
-  }
-
-  location ~ ^/api/v1/(.*)$ {
-    try_files $uri $uri/ /json_api.php?query=$1&$args;
-  }
-
-  location ^~ /.well-known/acme-challenge/ {
-    allow all;
-    default_type "text/plain";
-  }
-
-  # If behind reverse proxy, forwards the correct IP
-  set_real_ip_from 10.0.0.0/8;
-  set_real_ip_from 172.16.0.0/12;
-  set_real_ip_from 192.168.0.0/16;
-  set_real_ip_from fc00::/7;
-  real_ip_header X-Forwarded-For;
-  real_ip_recursive on;
-
-  rewrite ^/.well-known/caldav$ /SOGo/dav/ permanent;
-  rewrite ^/.well-known/carddav$ /SOGo/dav/ permanent;
-
-  location ^~ /principals {
-    return 301 /SOGo/dav;
-  }
-
-  location ^~ /inc/lib/ {
-    deny all;
-    return 403;
-  }
-
-  location ~ \.php$ {
-    try_files $uri =404;
-    fastcgi_split_path_info ^(.+\.php)(/.+)$;
-    fastcgi_pass phpfpm:9002;
-    fastcgi_index index.php;
-    include /etc/nginx/fastcgi_params;
-    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-    fastcgi_param PATH_INFO $fastcgi_path_info;
-    fastcgi_read_timeout 3600;
-    fastcgi_send_timeout 3600;
-  }
-
-  location /rspamd/ {
-    location /rspamd/auth {
-      # proxy_pass is not inherited
-      proxy_pass       http://rspamd:11334/auth;
-      proxy_intercept_errors on;
-      proxy_set_header Host      $http_host;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_redirect off;
-      error_page 401 /_rspamderror.php;
-    }
-    proxy_pass       http://rspamd:11334/;
-    proxy_set_header Host      $http_host;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_redirect off;
-  }
-
-  location ~* ^/Autodiscover/Autodiscover.xml {
-    fastcgi_split_path_info ^(.+\.php)(/.+)$;
-    fastcgi_pass phpfpm:9002;
-    include /etc/nginx/fastcgi_params;
-    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-    try_files /autodiscover.php =404;
-  }
-
-  location ~* ^/Autodiscover/Autodiscover.json {
-    fastcgi_split_path_info ^(.+\.php)(/.+)$;
-    fastcgi_pass phpfpm:9002;
-    include /etc/nginx/fastcgi_params;
-    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-    try_files /autodiscover-json.php =404;
-  }
-
-  location ~ /(?:m|M)ail/(?:c|C)onfig-v1.1.xml {
-    fastcgi_split_path_info ^(.+\.php)(/.+)$;
-    fastcgi_pass phpfpm:9002;
-    include /etc/nginx/fastcgi_params;
-    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-    try_files /autoconfig.php =404;
-  }
-
-  location /sogo-auth-verify {
-    internal;
-    proxy_set_header  X-Original-URI $request_uri;
-    proxy_set_header  X-Real-IP $remote_addr;
-    proxy_set_header  Host $http_host;
-    proxy_set_header  Content-Length "";
-    proxy_pass        http://127.0.0.1:65510/sogo-auth;
-    proxy_pass_request_body off;
-  }
-
-  location ^~ /Microsoft-Server-ActiveSync {
-    include /etc/nginx/conf.d/includes/sogo_proxy_auth.conf;
-    include /etc/nginx/conf.d/sogo_eas.active;
-    proxy_connect_timeout 75;
-    proxy_send_timeout 3600;
-    proxy_read_timeout 3600;
-    proxy_buffer_size 128k;
-    proxy_buffers 64 512k;
-    proxy_busy_buffers_size 512k;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header Host $http_host;
-    client_body_buffer_size 512k;
-    client_max_body_size 0;
-  }
-
-  location ^~ /SOGo {
-    location ~* ^/SOGo/so/.*\.(xml|js|html|xhtml)$ {
-      include /etc/nginx/conf.d/includes/sogo_proxy_auth.conf;
-      include /etc/nginx/conf.d/sogo.active;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header Host $http_host;
-      proxy_set_header x-webobjects-server-protocol HTTP/1.0;
-      proxy_set_header x-webobjects-remote-host $remote_addr;
-      proxy_set_header x-webobjects-server-name $server_name;
-      proxy_set_header x-webobjects-server-url $client_req_scheme://$http_host;
-      proxy_set_header x-webobjects-server-port $server_port;
-      proxy_hide_header Content-Type;
-      add_header Content-Type text/plain;
-      break;
-    }
-    include /etc/nginx/conf.d/includes/sogo_proxy_auth.conf;
-    include /etc/nginx/conf.d/sogo.active;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header Host $http_host;
-    proxy_set_header x-webobjects-server-protocol HTTP/1.0;
-    proxy_set_header x-webobjects-remote-host $remote_addr;
-    proxy_set_header x-webobjects-server-name $server_name;
-    proxy_set_header x-webobjects-server-url $client_req_scheme://$http_host;
-    proxy_set_header x-webobjects-server-port $server_port;
-    proxy_buffer_size 128k;
-    proxy_buffers 64 512k;
-    proxy_busy_buffers_size 512k;
-    proxy_send_timeout 3600;
-    proxy_read_timeout 3600;
-    client_body_buffer_size 128k;
-    client_max_body_size 0;
-    break;
-  }
-
-  location ~* /sogo$ {
-    return 301 $client_req_scheme://$http_host/SOGo;
-  }
-
-  location /SOGo.woa/WebServerResources/ {
-    alias /usr/lib/GNUstep/SOGo/WebServerResources/;
-  }
-
-  location /.woa/WebServerResources/ {
-    alias /usr/lib/GNUstep/SOGo/WebServerResources/;
-  }
-
-  location /SOGo/WebServerResources/ {
-    alias /usr/lib/GNUstep/SOGo/WebServerResources/;
-  }
-
-  location (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$) {
-    alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
-  }
-
-  include /etc/nginx/conf.d/site.*.custom;
-
-  error_page 502 @awaitingupstream;
-
-  location @awaitingupstream {
-    rewrite ^(.*)$ /_status.502.html break;
-  }
-
-  location ~ ^/cache/(.*)$ {
-      try_files $uri $uri/ /resource.php?file=$1;
-  }
diff --git a/data/conf/nginx/includes/sogo_proxy_auth.conf b/data/conf/nginx/includes/sogo_proxy_auth.conf
deleted file mode 100644
index 045b98adc..000000000
--- a/data/conf/nginx/includes/sogo_proxy_auth.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-auth_request /sogo-auth-verify;
-auth_request_set $user $upstream_http_x_user;
-auth_request_set $auth $upstream_http_x_auth;
-auth_request_set $auth_type $upstream_http_x_auth_type;
-proxy_set_header x-webobjects-remote-user "$user";
-proxy_set_header Authorization "$auth";
-proxy_set_header x-webobjects-auth-type "$auth_type";
-
diff --git a/data/conf/nginx/meta_exporter.conf b/data/conf/nginx/meta_exporter.conf
deleted file mode 100644
index 74291b147..000000000
--- a/data/conf/nginx/meta_exporter.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-server {
-  listen 9081;
-  index index.php index.html;
-  server_name _;
-  error_log  /var/log/nginx/error.log;
-  access_log /var/log/nginx/access.log;
-  root /meta_exporter;
-  client_max_body_size 10M;
-  location ~ \.php$ {
-    client_max_body_size 10M;
-    try_files $uri =404;
-    fastcgi_split_path_info ^(.+\.php)(/.+)$;
-    fastcgi_pass phpfpm:9001;
-    fastcgi_index pipe.php;
-    include fastcgi_params;
-    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-    fastcgi_param PATH_INFO $fastcgi_path_info;
-  }
-}
diff --git a/data/conf/nginx/nginx.conf.j2 b/data/conf/nginx/nginx.conf.j2
new file mode 100644
index 000000000..13444129f
--- /dev/null
+++ b/data/conf/nginx/nginx.conf.j2
@@ -0,0 +1,119 @@
+user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log notice;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    # map-size.conf:
+    map_hash_max_size 256;
+    map_hash_bucket_size 256;
+
+    # site.conf:
+    proxy_cache_path /tmp levels=1:2 keys_zone=sogo:10m inactive=24h  max_size=1g;
+    server_names_hash_max_size 512;
+    server_names_hash_bucket_size 128;
+
+    map $http_x_forwarded_proto $client_req_scheme {
+        default $scheme;
+        https https;
+    }
+
+    # Default
+    server {
+        listen 127.0.0.1:65510; # sogo-auth verify internal
+        listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
+        listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
+        listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
+        listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
+        http2 on;
+
+        ssl_certificate /etc/ssl/mail/cert.pem;
+        ssl_certificate_key /etc/ssl/mail/key.pem;
+
+        server_name {{ MAILCOW_HOSTNAME }} autodiscover.* autoconfig.* {{ ADDITIONAL_SERVER_NAMES }};
+
+        include /etc/nginx/includes/sites-default.conf;
+    }
+
+    # rspamd dynmaps:
+    server {
+        listen 8081;
+        listen [::]:8081;
+        index index.php index.html;
+        server_name _;
+        error_log  /var/log/nginx/error.log;
+        access_log /var/log/nginx/access.log;
+        root /dynmaps;
+
+        location ~ \.php$ {
+            try_files $uri =404;
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            fastcgi_pass {{ PHPFPMHOST }}:9001;
+            fastcgi_index index.php;
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_param PATH_INFO $fastcgi_path_info;
+        }
+    }
+
+    # rspamd meta_exporter:
+    server {
+        listen 9081;
+        index index.php index.html;
+        server_name _;
+        error_log  /var/log/nginx/error.log;
+        access_log /var/log/nginx/access.log;
+        root /meta_exporter;
+        client_max_body_size 10M;
+        location ~ \.php$ {
+            client_max_body_size 10M;
+            try_files $uri =404;
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            fastcgi_pass {{ PHPFPMHOST }}:9001;
+            fastcgi_index pipe.php;
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_param PATH_INFO $fastcgi_path_info;
+        }
+    }
+
+    {% for cert in valid_cert_dirs %}
+    server {
+        listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
+        listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
+        listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
+        listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
+        http2 on;
+
+        ssl_certificate {{ cert.cert_path }}cert.pem;
+        ssl_certificate_key {{ cert.cert_path }}key.pem;
+
+        server_name {{ cert.domains }};
+
+        include /etc/nginx/includes/sites-default.conf;
+    }
+    {% endfor %}
+}
diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf
deleted file mode 100644
index fb40de879..000000000
--- a/data/conf/nginx/site.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-proxy_cache_path /tmp levels=1:2 keys_zone=sogo:10m inactive=24h  max_size=1g;
-server_names_hash_max_size 512;
-server_names_hash_bucket_size 128;
-
-map $http_x_forwarded_proto $client_req_scheme {
-     default $scheme;
-     https https;
-}
-
-include /etc/nginx/conf.d/sites.active;
diff --git a/data/conf/nginx/sites-default.conf.j2 b/data/conf/nginx/sites-default.conf.j2
new file mode 100644
index 000000000..783723bfc
--- /dev/null
+++ b/data/conf/nginx/sites-default.conf.j2
@@ -0,0 +1,276 @@
+include /etc/nginx/mime.types;
+charset utf-8;
+override_charset on;
+
+server_tokens off;
+
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_prefer_server_ciphers on;
+ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
+ssl_ecdh_curve X25519:X448:secp384r1:secp256k1;
+ssl_session_cache shared:SSL:50m;
+ssl_session_timeout 1d;
+ssl_session_tickets off;
+
+add_header Strict-Transport-Security "max-age=15768000;";
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+add_header X-Robots-Tag none;
+add_header X-Download-Options noopen;
+add_header X-Frame-Options "SAMEORIGIN" always;
+add_header X-Permitted-Cross-Domain-Policies none;
+add_header Referrer-Policy strict-origin;
+
+index index.php index.html;
+
+client_max_body_size 0;
+
+gzip on;
+gzip_disable "msie6";
+
+gzip_vary on;
+gzip_proxied off;
+gzip_comp_level 6;
+gzip_buffers 16 8k;
+gzip_http_version 1.1;
+gzip_min_length 256;
+gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
+
+location ~ ^/(fonts|js|css|img)/ {
+    expires max;
+    add_header Cache-Control public;
+}
+
+error_log  /var/log/nginx/error.log;
+access_log /var/log/nginx/access.log;
+fastcgi_hide_header X-Powered-By;
+absolute_redirect off;
+root /web;
+
+# If behind reverse proxy, forwards the correct IP
+set_real_ip_from 10.0.0.0/8;
+set_real_ip_from 172.16.0.0/12;
+set_real_ip_from 192.168.0.0/16;
+set_real_ip_from fc00::/7;
+{% if not TRUSTED_NETWORK %}
+real_ip_header X-Forwarded-For;
+{% else %}
+set_real_ip_from {{ TRUSTED_NETWORK }};
+real_ip_header proxy_protocol;
+{% endif %}
+real_ip_recursive on;
+
+
+location @strip-ext {
+    rewrite ^(.*)$ $1.php last;
+}
+
+location ^~ /inc/lib/ {
+    deny all;
+    return 403;
+}
+
+location ^~ /.well-known/acme-challenge/ {
+    allow all;
+    default_type "text/plain";
+}
+
+rewrite ^/.well-known/caldav$ /SOGo/dav/ permanent;
+rewrite ^/.well-known/carddav$ /SOGo/dav/ permanent;
+
+
+location / {
+    try_files $uri $uri/ @strip-ext;
+}
+
+location /qhandler {
+    rewrite ^/qhandler/(.*)/(.*) /qhandler.php?action=$1&hash=$2;
+}
+
+location /edit {
+    rewrite ^/edit/(.*)/(.*) /edit.php?$1=$2;
+}
+
+location ~ ^/api/v1/(.*)$ {
+    try_files $uri $uri/ /json_api.php?query=$1&$args;
+}
+
+location ~ ^/cache/(.*)$ {
+    try_files $uri $uri/ /resource.php?file=$1;
+}
+
+location ~ \.php$ {
+    try_files $uri =404;
+    fastcgi_split_path_info ^(.+\.php)(/.+)$;
+    fastcgi_pass {{ PHPFPMHOST }}:9002;
+    fastcgi_index index.php;
+    include /etc/nginx/fastcgi_params;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    fastcgi_param PATH_INFO $fastcgi_path_info;
+    fastcgi_read_timeout 3600;
+    fastcgi_send_timeout 3600;
+}
+
+location ~* ^/Autodiscover/Autodiscover.xml {
+    fastcgi_split_path_info ^(.+\.php)(/.+)$;
+    fastcgi_pass {{ PHPFPMHOST }}:9002;
+    include /etc/nginx/fastcgi_params;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    try_files /autodiscover.php =404;
+}
+
+location ~* ^/Autodiscover/Autodiscover.json {
+    fastcgi_split_path_info ^(.+\.php)(/.+)$;
+    fastcgi_pass {{ PHPFPMHOST }}:9002;
+    include /etc/nginx/fastcgi_params;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    try_files /autodiscover-json.php =404;
+}
+
+location ~ /(?:m|M)ail/(?:c|C)onfig-v1.1.xml {
+    fastcgi_split_path_info ^(.+\.php)(/.+)$;
+    fastcgi_pass {{ PHPFPMHOST }}:9002;
+    include /etc/nginx/fastcgi_params;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    try_files /autoconfig.php =404;
+}
+
+{% if not SKIP_RSPAMD %}
+location /rspamd/ {
+    proxy_pass       http://{{ RSPAMDHOST }}:11334/;
+    proxy_set_header Host      $http_host;
+    proxy_set_header X-Forwarded-For {% if not NGINX_USE_PROXY_PROTOCOL %}$proxy_add_x_forwarded_for{% else %}$proxy_protocol_addr{%endif%};
+    proxy_set_header X-Real-IP {% if not NGINX_USE_PROXY_PROTOCOL %}$remote_addr{% else %}$proxy_protocol_addr{%endif%};
+    proxy_redirect off;
+    proxy_intercept_errors on;
+    error_page 401 /_rspamderror.php;
+}
+{% endif %}
+
+{% if not SKIP_SOGO %}
+location ^~ /principals {
+    return 301 /SOGo/dav;
+}
+
+location /sogo-auth-verify {
+    internal;
+    proxy_set_header  X-Original-URI $request_uri;
+    proxy_set_header  X-Real-IP $remote_addr;
+    proxy_set_header  Host $http_host;
+    proxy_set_header  Content-Length "";
+    proxy_pass        http://127.0.0.1:65510/sogo-auth;
+    proxy_pass_request_body off;
+}
+
+location ^~ /Microsoft-Server-ActiveSync {
+    auth_request /sogo-auth-verify;
+    auth_request_set $user $upstream_http_x_user;
+    auth_request_set $auth $upstream_http_x_auth;
+    auth_request_set $auth_type $upstream_http_x_auth_type;
+    proxy_set_header x-webobjects-remote-user "$user";
+    proxy_set_header Authorization "$auth";
+    proxy_set_header x-webobjects-auth-type "$auth_type";
+
+    proxy_pass http://{{ SOGOHOST }}:20000/SOGo/Microsoft-Server-ActiveSync;
+
+    proxy_set_header X-Forwarded-For {% if not NGINX_USE_PROXY_PROTOCOL %}$proxy_add_x_forwarded_for{% else %}$proxy_protocol_addr{%endif%};
+    proxy_set_header X-Real-IP {% if not NGINX_USE_PROXY_PROTOCOL %}$remote_addr{% else %}$proxy_protocol_addr{%endif%};
+    proxy_connect_timeout 75;
+    proxy_send_timeout 3600;
+    proxy_read_timeout 3600;
+    proxy_buffer_size 128k;
+    proxy_buffers 64 512k;
+    proxy_busy_buffers_size 512k;
+    proxy_set_header Host $http_host;
+    client_body_buffer_size 512k;
+    client_max_body_size 0;
+}
+
+location ^~ /SOGo {
+    location ~* ^/SOGo/so/.*\.(xml|js|html|xhtml)$ {
+        auth_request /sogo-auth-verify;
+        auth_request_set $user $upstream_http_x_user;
+        auth_request_set $auth $upstream_http_x_auth;
+        auth_request_set $auth_type $upstream_http_x_auth_type;
+        proxy_set_header x-webobjects-remote-user "$user";
+        proxy_set_header Authorization "$auth";
+        proxy_set_header x-webobjects-auth-type "$auth_type";
+
+        proxy_pass http://{{ SOGOHOST }}:20000;
+
+        proxy_set_header X-Forwarded-For {% if not NGINX_USE_PROXY_PROTOCOL %}$proxy_add_x_forwarded_for{% else %}$proxy_protocol_addr{%endif%};
+        proxy_set_header X-Real-IP {% if not NGINX_USE_PROXY_PROTOCOL %}$remote_addr{% else %}$proxy_protocol_addr{%endif%};
+        proxy_set_header Host $http_host;
+        proxy_set_header x-webobjects-server-protocol HTTP/1.0;
+        proxy_set_header x-webobjects-remote-host $remote_addr;
+        proxy_set_header x-webobjects-server-name $server_name;
+        proxy_set_header x-webobjects-server-url $client_req_scheme://$http_host;
+        proxy_set_header x-webobjects-server-port $server_port;
+        proxy_hide_header Content-Type;
+        add_header Content-Type text/plain;
+        break;
+    }
+    auth_request /sogo-auth-verify;
+    auth_request_set $user $upstream_http_x_user;
+    auth_request_set $auth $upstream_http_x_auth;
+    auth_request_set $auth_type $upstream_http_x_auth_type;
+    proxy_set_header x-webobjects-remote-user "$user";
+    proxy_set_header Authorization "$auth";
+    proxy_set_header x-webobjects-auth-type "$auth_type";
+
+    proxy_pass http://{{ SOGOHOST }}:20000;
+
+    proxy_set_header X-Forwarded-For {% if not NGINX_USE_PROXY_PROTOCOL %}$proxy_add_x_forwarded_for{% else %}$proxy_protocol_addr{%endif%};
+    proxy_set_header X-Real-IP {% if not NGINX_USE_PROXY_PROTOCOL %}$remote_addr{% else %}$proxy_protocol_addr{%endif%};
+    proxy_set_header Host $http_host;
+    proxy_set_header x-webobjects-server-protocol HTTP/1.0;
+    proxy_set_header x-webobjects-remote-host $remote_addr;
+    proxy_set_header x-webobjects-server-name $server_name;
+    proxy_set_header x-webobjects-server-url $client_req_scheme://$http_host;
+    proxy_set_header x-webobjects-server-port $server_port;
+    proxy_buffer_size 128k;
+    proxy_buffers 64 512k;
+    proxy_busy_buffers_size 512k;
+    proxy_send_timeout 3600;
+    proxy_read_timeout 3600;
+    client_body_buffer_size 128k;
+    client_max_body_size 0;
+    break;
+}
+
+location ~* /sogo$ {
+    return 301 $client_req_scheme://$http_host/SOGo;
+}
+
+location /SOGo.woa/WebServerResources/ {
+    alias /usr/lib/GNUstep/SOGo/WebServerResources/;
+}
+
+location /.woa/WebServerResources/ {
+    alias /usr/lib/GNUstep/SOGo/WebServerResources/;
+}
+
+location /SOGo/WebServerResources/ {
+    alias /usr/lib/GNUstep/SOGo/WebServerResources/;
+}
+
+location (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$) {
+    alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
+}
+{% endif %}
+
+
+include /etc/nginx/conf.d/site.*.custom;
+
+error_page 502 @awaitingupstream;
+
+location @awaitingupstream {
+    rewrite ^(.*)$ /_status.502.html break;
+}
+
+location ~* \.php$ {
+    return 404;
+}
+location ~* \.twig$ {
+    return 404;
+}
diff --git a/data/conf/nginx/templates/listen_plain.template b/data/conf/nginx/templates/listen_plain.template
deleted file mode 100644
index a044b22f2..000000000
--- a/data/conf/nginx/templates/listen_plain.template
+++ /dev/null
@@ -1,2 +0,0 @@
-listen ${HTTP_PORT};
-listen [::]:${HTTP_PORT};
diff --git a/data/conf/nginx/templates/listen_ssl.template b/data/conf/nginx/templates/listen_ssl.template
deleted file mode 100644
index 40c402d04..000000000
--- a/data/conf/nginx/templates/listen_ssl.template
+++ /dev/null
@@ -1,3 +0,0 @@
-listen ${HTTPS_PORT} ssl;
-listen [::]:${HTTPS_PORT} ssl;
-http2 on;
diff --git a/data/conf/nginx/templates/server_name.template.sh b/data/conf/nginx/templates/server_name.template.sh
deleted file mode 100755
index 291b378fb..000000000
--- a/data/conf/nginx/templates/server_name.template.sh
+++ /dev/null
@@ -1 +0,0 @@
-echo "server_name ${MAILCOW_HOSTNAME} autodiscover.* autoconfig.* $(echo ${ADDITIONAL_SERVER_NAMES} | tr ',' ' ');"
diff --git a/data/conf/nginx/templates/sites.template.sh b/data/conf/nginx/templates/sites.template.sh
deleted file mode 100644
index 782c8141b..000000000
--- a/data/conf/nginx/templates/sites.template.sh
+++ /dev/null
@@ -1,38 +0,0 @@
-echo '
-server {
-  listen 127.0.0.1:65510;
-  include /etc/nginx/conf.d/listen_plain.active;
-  include /etc/nginx/conf.d/listen_ssl.active;
-
-  ssl_certificate /etc/ssl/mail/cert.pem;
-  ssl_certificate_key /etc/ssl/mail/key.pem;
-
-  include /etc/nginx/conf.d/server_name.active;
-
-  include /etc/nginx/conf.d/includes/site-defaults.conf;
-}
-';
-for cert_dir in /etc/ssl/mail/*/ ; do
-  if [[ ! -f ${cert_dir}domains ]] || [[ ! -f ${cert_dir}cert.pem ]] || [[ ! -f ${cert_dir}key.pem ]]; then
-    continue
-  fi
-  # do not create vhost for default-certificate. the cert is already in the default server listen
-  domains="$(cat ${cert_dir}domains | sed -e 's/^[[:space:]]*//')"
-  case "${domains}" in
-    "") continue;;
-    "${MAILCOW_HOSTNAME}"*) continue;;
-  esac
-  echo -n '
-server {
-  include /etc/nginx/conf.d/listen_ssl.active;
-
-  ssl_certificate '${cert_dir}'cert.pem;
-  ssl_certificate_key '${cert_dir}'key.pem;
-';
-  echo -n '
-  server_name '${domains}';
-
-  include /etc/nginx/conf.d/includes/site-defaults.conf;
-}
-';
-done
diff --git a/data/conf/nginx/templates/sogo.template b/data/conf/nginx/templates/sogo.template
deleted file mode 100644
index 2c084389f..000000000
--- a/data/conf/nginx/templates/sogo.template
+++ /dev/null
@@ -1 +0,0 @@
-proxy_pass http://${IPV4_NETWORK}.248:20000;
diff --git a/data/conf/nginx/templates/sogo_eas.template.sh b/data/conf/nginx/templates/sogo_eas.template.sh
deleted file mode 100644
index b241ef0e7..000000000
--- a/data/conf/nginx/templates/sogo_eas.template.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-if printf "%s\n" "${SKIP_SOGO}" | grep -E '^([yY][eE][sS]|[yY])+$' >/dev/null; then
-  echo "return 410;"
-else
-  echo "proxy_pass http://${IPV4_NETWORK}.248:20000/SOGo/Microsoft-Server-ActiveSync;"
-fi
diff --git a/docker-compose.yml b/docker-compose.yml
index b0324521a..31d6f56fd 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -359,33 +359,26 @@ services:
 
     nginx-mailcow:
       depends_on:
-        - sogo-mailcow
-        - php-fpm-mailcow
         - redis-mailcow
-      image: nginx:mainline-alpine
+        - php-fpm-mailcow
+        - sogo-mailcow
+        - rspamd-mailcow
+      image: mailcow/nginx:1.00
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
-      command: /bin/sh -c "envsubst < /etc/nginx/conf.d/templates/listen_plain.template > /etc/nginx/conf.d/listen_plain.active &&
-        envsubst < /etc/nginx/conf.d/templates/listen_ssl.template > /etc/nginx/conf.d/listen_ssl.active &&
-        envsubst < /etc/nginx/conf.d/templates/sogo.template > /etc/nginx/conf.d/sogo.active &&
-        . /etc/nginx/conf.d/templates/server_name.template.sh > /etc/nginx/conf.d/server_name.active &&
-        . /etc/nginx/conf.d/templates/sites.template.sh > /etc/nginx/conf.d/sites.active &&
-        . /etc/nginx/conf.d/templates/sogo_eas.template.sh > /etc/nginx/conf.d/sogo_eas.active &&
-        nginx -qt &&
-        until ping phpfpm -c1 > /dev/null; do sleep 1; done &&
-        until ping sogo -c1 > /dev/null; do sleep 1; done &&
-        until ping redis -c1 > /dev/null; do sleep 1; done &&
-        until ping rspamd -c1 > /dev/null; do sleep 1; done &&
-        exec nginx -g 'daemon off;'"
       environment:
         - HTTPS_PORT=${HTTPS_PORT:-443}
         - HTTP_PORT=${HTTP_PORT:-80}
         - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
-        - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
+        - ADDITIONAL_SERVER_NAMES=${ADDITIONAL_SERVER_NAMES:-}
         - TZ=${TZ}
         - SKIP_SOGO=${SKIP_SOGO:-n}
-        - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
-        - ADDITIONAL_SERVER_NAMES=${ADDITIONAL_SERVER_NAMES:-}
+        - SKIP_RSPAMD=${SKIP_RSPAMD:-n}
+        - PHPFPMHOST=${PHPFPMHOST:-php-fpm-mailcow}
+        - SOGOHOST=${SOGOHOST:-sogo-mailcow}
+        - RSPAMDHOST=${RSPAMDHOST:-rspamd-mailcow}
+        - REDISHOST=${REDISHOST:-redis-mailcow}
+        - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
       volumes:
         - ./data/web:/web:ro,z
         - ./data/conf/rspamd/dynmaps:/dynmaps:ro,z

From bca4e1a03d7a36b81a7e0b2399db3bbe932dc88c Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Mon, 11 Nov 2024 16:50:14 +0100
Subject: [PATCH 372/755] update.sh: precaution ask for deletion of
 dns_blocklists.cf if old format (#6154)

---
 update.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/update.sh b/update.sh
index 3afe623c2..a388d1a25 100755
--- a/update.sh
+++ b/update.sh
@@ -299,7 +299,7 @@ fix_broken_dnslist_conf() {
         echo -e "\e[35mOk, not deleting it! Please make sure you take a look at postfix upon start then..."
         return 2
       fi
-  fi  
+  fi
 
 }
 

From 852d944cfba4c06dcc3af44d698f68c25425a07c Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 4 Apr 2024 16:27:48 +0200
Subject: [PATCH 373/755] [Web] remove f2b banlist from json_api.php

---
 data/web/admin.php                           |  2 +-
 data/web/f2b-banlist.php                     | 11 +++++++++++
 data/web/json_api.php                        | 14 --------------
 data/web/templates/admin/tab-config-f2b.twig |  2 +-
 4 files changed, 13 insertions(+), 16 deletions(-)
 create mode 100644 data/web/f2b-banlist.php

diff --git a/data/web/admin.php b/data/web/admin.php
index 5dd7b3c6b..f03e52e76 100644
--- a/data/web/admin.php
+++ b/data/web/admin.php
@@ -104,7 +104,7 @@ $template_data = [
   'all_domains' => $all_domains,
   'mailboxes' => $mailboxes,
   'f2b_data' => $f2b_data,
-  'f2b_banlist_url' => getBaseUrl() . "/api/v1/get/fail2ban/banlist/" . $f2b_data['banlist_id'],
+  'f2b_banlist_url' => getBaseUrl() . "/f2b-banlist?id=" . $f2b_data['banlist_id'],
   'q_data' => quarantine('settings'),
   'qn_data' => quota_notification('get'),
   'pw_reset_data' => reset_password('get_notification'),
diff --git a/data/web/f2b-banlist.php b/data/web/f2b-banlist.php
new file mode 100644
index 000000000..05c769907
--- /dev/null
+++ b/data/web/f2b-banlist.php
@@ -0,0 +1,11 @@
+<?php
+
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+
+if (isset($_GET['id'])) {
+    header('Content-Type: text/plain');
+    echo fail2ban('banlist', 'get', $_GET['id']);
+} else {
+    header('HTTP/1.1 404 Not Found');
+    exit;
+}
diff --git a/data/web/json_api.php b/data/web/json_api.php
index 66054e6d3..86ab21c60 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -510,16 +510,6 @@ if (isset($_GET['query'])) {
           $_SESSION['challenge'] = $WebAuthn->getChallenge();
           return;
         break;
-        case "fail2ban":
-          if (!isset($_SESSION['mailcow_cc_role'])){
-            switch ($object) {
-              case 'banlist':
-                header('Content-Type: text/plain');
-                echo fail2ban('banlist', 'get', $extra);
-              break;
-            }
-          }
-        break;
       }
       if (isset($_SESSION['mailcow_cc_role'])) {
         switch ($category) {
@@ -1420,10 +1410,6 @@ if (isset($_GET['query'])) {
           break;
           case "fail2ban":
             switch ($object) {
-              case 'banlist':
-                header('Content-Type: text/plain');
-                echo fail2ban('banlist', 'get', $extra);
-              break;
               default:
                 $data = fail2ban('get');
                 process_get_return($data);
diff --git a/data/web/templates/admin/tab-config-f2b.twig b/data/web/templates/admin/tab-config-f2b.twig
index bb4a2e85a..75c626641 100644
--- a/data/web/templates/admin/tab-config-f2b.twig
+++ b/data/web/templates/admin/tab-config-f2b.twig
@@ -99,7 +99,7 @@
       {% endif %}
       <form class="form-inline" data-id="f2b_banlist" role="form" method="post">
         <div class="input-group mb-3">
-          <input type="text" class="form-control" aria-label="Banlist url" value="{{ f2b_banlist_url}}" id="banlist_url">
+          <input type="text" class="form-control" aria-label="Banlist url" value="{{ f2b_banlist_url }}" id="banlist_url">
           {% if is_https %}
           <button class="btn btn-secondary" type="button" onclick="copyToClipboard('banlist_url')"><i class="bi bi-clipboard"></i></button>
           {% endif %}

From 89fb1322c6f486a9883e6435a73537b13fbf3582 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 8 Nov 2024 10:53:22 +0100
Subject: [PATCH 374/755] Enable password protection for Redis

---
 data/Dockerfiles/acme/acme.sh                 |  4 +--
 data/Dockerfiles/acme/obtain-certificate.sh   |  2 +-
 data/Dockerfiles/dockerapi/main.py            |  4 +--
 data/Dockerfiles/dovecot/clean_q_aged.sh      |  2 +-
 data/Dockerfiles/dovecot/docker-entrypoint.sh |  4 +--
 data/Dockerfiles/dovecot/quarantine_notify.py |  2 +-
 data/Dockerfiles/dovecot/quota_notify.py      |  2 +-
 data/Dockerfiles/dovecot/repl_health.sh       |  4 +--
 .../dovecot/syslog-ng-redis_slave.conf        |  2 ++
 data/Dockerfiles/dovecot/syslog-ng.conf       |  2 ++
 data/Dockerfiles/dovecot/trim_logs.sh         |  4 +--
 data/Dockerfiles/netfilter/main.py            |  8 ++---
 data/Dockerfiles/phpfpm/docker-entrypoint.sh  |  4 +--
 .../postfix/syslog-ng-redis_slave.conf        |  2 ++
 data/Dockerfiles/postfix/syslog-ng.conf       |  2 ++
 data/Dockerfiles/rspamd/docker-entrypoint.sh  | 12 ++++----
 .../sogo/syslog-ng-redis_slave.conf           |  2 ++
 data/Dockerfiles/sogo/syslog-ng.conf          |  2 ++
 data/Dockerfiles/watchdog/watchdog.sh         | 20 ++++++-------
 data/conf/rspamd/dynmaps/aliasexp.php         |  1 +
 data/conf/rspamd/dynmaps/forwardinghosts.php  |  1 +
 data/conf/rspamd/meta_exporter/pipe.php       |  7 +++--
 data/conf/rspamd/meta_exporter/pipe_rl.php    |  1 +
 data/conf/rspamd/meta_exporter/pushover.php   |  1 +
 data/web/_rspamderror.php                     |  1 +
 data/web/autodiscover.php                     |  1 +
 data/web/inc/prerequisites.inc.php            |  3 +-
 docker-compose.yml                            | 29 +++++++++++++------
 generate_config.sh                            | 16 ++++++----
 helper-scripts/_cold-standby.sh               |  4 +--
 helper-scripts/backup_and_restore.sh          |  2 +-
 helper-scripts/nextcloud.sh                   |  4 +--
 helper-scripts/reset-learns.sh                | 10 +++----
 update.sh                                     |  9 ++++++
 34 files changed, 111 insertions(+), 63 deletions(-)

diff --git a/data/Dockerfiles/acme/acme.sh b/data/Dockerfiles/acme/acme.sh
index 3c7658d84..a63c1f199 100755
--- a/data/Dockerfiles/acme/acme.sh
+++ b/data/Dockerfiles/acme/acme.sh
@@ -4,9 +4,9 @@ exec 5>&1
 
 # Do not attempt to write to slave
 if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
-  export REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT}"
+  export REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS}"
 else
-  export REDIS_CMDLINE="redis-cli -h redis -p 6379"
+  export REDIS_CMDLINE="redis-cli -h redis -p 6379 -a ${REDISPASS}"
 fi
 
 until [[ $(${REDIS_CMDLINE} PING) == "PONG" ]]; do
diff --git a/data/Dockerfiles/acme/obtain-certificate.sh b/data/Dockerfiles/acme/obtain-certificate.sh
index 743441197..f9eb29d1f 100644
--- a/data/Dockerfiles/acme/obtain-certificate.sh
+++ b/data/Dockerfiles/acme/obtain-certificate.sh
@@ -124,7 +124,7 @@ case "$SUCCESS" in
     ;;
   *) # non-zero is non-fun
     log_f "Failed to obtain certificate ${CERT} for domains '${CERT_DOMAINS[*]}'"
-    redis-cli -h redis SET ACME_FAIL_TIME "$(date +%s)"
+    redis-cli -h redis -a ${REDISPASS} SET ACME_FAIL_TIME "$(date +%s)"
     exit 100${SUCCESS}
     ;;
 esac
diff --git a/data/Dockerfiles/dockerapi/main.py b/data/Dockerfiles/dockerapi/main.py
index 6f7a6042c..00c2ad5e3 100644
--- a/data/Dockerfiles/dockerapi/main.py
+++ b/data/Dockerfiles/dockerapi/main.py
@@ -34,9 +34,9 @@ async def lifespan(app: FastAPI):
 
   # Init redis client
   if os.environ['REDIS_SLAVEOF_IP'] != "":
-    redis_client = redis = await aioredis.from_url(f"redis://{os.environ['REDIS_SLAVEOF_IP']}:{os.environ['REDIS_SLAVEOF_PORT']}/0")
+    redis_client = redis = await aioredis.from_url(f"redis://{os.environ['REDIS_SLAVEOF_IP']}:{os.environ['REDIS_SLAVEOF_PORT']}/0", password=os.environ['REDISPASS'])
   else:
-    redis_client = redis = await aioredis.from_url("redis://redis-mailcow:6379/0")
+    redis_client = redis = await aioredis.from_url("redis://redis-mailcow:6379/0", password=os.environ['REDISPASS'])
 
   # Init docker clients
   sync_docker_client = docker.DockerClient(base_url='unix://var/run/docker.sock', version='auto')
diff --git a/data/Dockerfiles/dovecot/clean_q_aged.sh b/data/Dockerfiles/dovecot/clean_q_aged.sh
index ef6b61f1f..a43853646 100755
--- a/data/Dockerfiles/dovecot/clean_q_aged.sh
+++ b/data/Dockerfiles/dovecot/clean_q_aged.sh
@@ -2,7 +2,7 @@
 
 source /source_env.sh
 
-MAX_AGE=$(redis-cli --raw -h redis-mailcow GET Q_MAX_AGE)
+MAX_AGE=$(redis-cli --raw -h redis-mailcow -a ${REDISPASS} GET Q_MAX_AGE)
 
 if [[ -z ${MAX_AGE} ]]; then
   echo "Max age for quarantine items not defined"
diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index 55eed7956..72d560a5f 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -14,9 +14,9 @@ done
 
 # Do not attempt to write to slave
 if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
-  REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT}"
+  REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS}"
 else
-  REDIS_CMDLINE="redis-cli -h redis -p 6379"
+  REDIS_CMDLINE="redis-cli -h redis -p 6379 -a ${REDISPASS}"
 fi
 
 until [[ $(${REDIS_CMDLINE} PING) == "PONG" ]]; do
diff --git a/data/Dockerfiles/dovecot/quarantine_notify.py b/data/Dockerfiles/dovecot/quarantine_notify.py
index e8d743b31..dfcb1f2c6 100755
--- a/data/Dockerfiles/dovecot/quarantine_notify.py
+++ b/data/Dockerfiles/dovecot/quarantine_notify.py
@@ -31,7 +31,7 @@ try:
 
   while True:
     try:
-      r = redis.StrictRedis(host='redis', decode_responses=True, port=6379, db=0)
+      r = redis.StrictRedis(host='redis', decode_responses=True, port=6379, db=0, password=os.environ['REDISPASS'])
       r.ping()
     except Exception as ex:
       print('%s - trying again...'  % (ex))
diff --git a/data/Dockerfiles/dovecot/quota_notify.py b/data/Dockerfiles/dovecot/quota_notify.py
index 34b3e0ed9..c2c73e7a9 100755
--- a/data/Dockerfiles/dovecot/quota_notify.py
+++ b/data/Dockerfiles/dovecot/quota_notify.py
@@ -23,7 +23,7 @@ else:
 
 while True:
   try:
-    r = redis.StrictRedis(host='redis', decode_responses=True, port=6379, db=0)
+    r = redis.StrictRedis(host='redis', decode_responses=True, port=6379, db=0, password=os.environ['REDISPASS'])
     r.ping()
   except Exception as ex:
     print('%s - trying again...'  % (ex))
diff --git a/data/Dockerfiles/dovecot/repl_health.sh b/data/Dockerfiles/dovecot/repl_health.sh
index 93b66da49..447fbee5c 100755
--- a/data/Dockerfiles/dovecot/repl_health.sh
+++ b/data/Dockerfiles/dovecot/repl_health.sh
@@ -4,9 +4,9 @@ source /source_env.sh
 
 # Do not attempt to write to slave
 if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
-  REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT}"
+  REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS}"
 else
-  REDIS_CMDLINE="redis-cli -h redis -p 6379"
+  REDIS_CMDLINE="redis-cli -h redis -p 6379 -a ${REDISPASS}"
 fi
 
 # Is replication active?
diff --git a/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf b/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf
index 519928954..4b9bf287c 100644
--- a/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf
+++ b/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf
@@ -20,6 +20,7 @@ destination d_redis_ui_log {
     host("`REDIS_SLAVEOF_IP`")
     persist-name("redis1")
     port(`REDIS_SLAVEOF_PORT`)
+    auth("`REDISPASS`")
     command("LPUSH" "DOVECOT_MAILLOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
   );
 };
@@ -28,6 +29,7 @@ destination d_redis_f2b_channel {
     host("`REDIS_SLAVEOF_IP`")
     persist-name("redis2")
     port(`REDIS_SLAVEOF_PORT`)
+    auth("`REDISPASS`")
     command("PUBLISH" "F2B_CHANNEL" "$(sanitize $MESSAGE)")
   );
 };
diff --git a/data/Dockerfiles/dovecot/syslog-ng.conf b/data/Dockerfiles/dovecot/syslog-ng.conf
index 3e929e7b9..c79eb92ee 100644
--- a/data/Dockerfiles/dovecot/syslog-ng.conf
+++ b/data/Dockerfiles/dovecot/syslog-ng.conf
@@ -20,6 +20,7 @@ destination d_redis_ui_log {
     host("redis-mailcow")
     persist-name("redis1")
     port(6379)
+    auth("`REDISPASS`")
     command("LPUSH" "DOVECOT_MAILLOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
   );
 };
@@ -28,6 +29,7 @@ destination d_redis_f2b_channel {
     host("redis-mailcow")
     persist-name("redis2")
     port(6379)
+    auth("`REDISPASS`")
     command("PUBLISH" "F2B_CHANNEL" "$(sanitize $MESSAGE)")
   );
 };
diff --git a/data/Dockerfiles/dovecot/trim_logs.sh b/data/Dockerfiles/dovecot/trim_logs.sh
index 9b0824e1c..1055c985a 100755
--- a/data/Dockerfiles/dovecot/trim_logs.sh
+++ b/data/Dockerfiles/dovecot/trim_logs.sh
@@ -10,9 +10,9 @@ catch_non_zero() {
 source /source_env.sh
 # Do not attempt to write to slave
 if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
-  REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT}"
+  REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS}"
 else
-  REDIS_CMDLINE="redis-cli -h redis -p 6379"
+  REDIS_CMDLINE="redis-cli -h redis -p 6379 -a ${REDISPASS}"
 fi
 catch_non_zero "${REDIS_CMDLINE} LTRIM ACME_LOG 0 ${LOG_LINES}"
 catch_non_zero "${REDIS_CMDLINE} LTRIM POSTFIX_MAILLOG 0 ${LOG_LINES}"
diff --git a/data/Dockerfiles/netfilter/main.py b/data/Dockerfiles/netfilter/main.py
index c5667dc5f..36304bf0c 100644
--- a/data/Dockerfiles/netfilter/main.py
+++ b/data/Dockerfiles/netfilter/main.py
@@ -106,7 +106,7 @@ def get_ip(address):
     ip = ip.ipv4_mapped
   if ip.is_private or ip.is_loopback:
     return False
-  
+
   return ip
 
 def ban(address):
@@ -434,9 +434,9 @@ if __name__ == '__main__':
       redis_slaveof_ip = os.getenv('REDIS_SLAVEOF_IP', '')
       redis_slaveof_port = os.getenv('REDIS_SLAVEOF_PORT', '')
       if "".__eq__(redis_slaveof_ip):
-        r = redis.StrictRedis(host=os.getenv('IPV4_NETWORK', '172.22.1') + '.249', decode_responses=True, port=6379, db=0)
+        r = redis.StrictRedis(host=os.getenv('IPV4_NETWORK', '172.22.1') + '.249', decode_responses=True, port=6379, db=0, password=os.environ['REDISPASS'])
       else:
-        r = redis.StrictRedis(host=redis_slaveof_ip, decode_responses=True, port=redis_slaveof_port, db=0)
+        r = redis.StrictRedis(host=redis_slaveof_ip, decode_responses=True, port=redis_slaveof_port, db=0, password=os.environ['REDISPASS'])
       r.ping()
       pubsub = r.pubsub()
     except Exception as ex:
@@ -452,7 +452,7 @@ if __name__ == '__main__':
   # clear bans in redis
   r.delete('F2B_ACTIVE_BANS')
   r.delete('F2B_PERM_BANS')
-  
+
   refreshF2boptions()
 
   watch_thread = Thread(target=watch)
diff --git a/data/Dockerfiles/phpfpm/docker-entrypoint.sh b/data/Dockerfiles/phpfpm/docker-entrypoint.sh
index 20e9a405c..c9ca6e454 100755
--- a/data/Dockerfiles/phpfpm/docker-entrypoint.sh
+++ b/data/Dockerfiles/phpfpm/docker-entrypoint.sh
@@ -16,7 +16,7 @@ else
   REDIS_HOST="redis"
   REDIS_PORT="6379"
 fi
-REDIS_CMDLINE="redis-cli -h ${REDIS_HOST} -p ${REDIS_PORT}"
+REDIS_CMDLINE="redis-cli -h ${REDIS_HOST} -p ${REDIS_PORT} -a ${REDISPASS}"
 
 until [[ $(${REDIS_CMDLINE} PING) == "PONG" ]]; do
   echo "Waiting for Redis..."
@@ -26,7 +26,7 @@ done
 # Set redis session store
 echo -n '
 session.save_handler = redis
-session.save_path = "tcp://'${REDIS_HOST}':'${REDIS_PORT}'"
+session.save_path = "tcp://'${REDIS_HOST}':'${REDIS_PORT}'?auth='${REDISPASS}'"
 ' > /usr/local/etc/php/conf.d/session_store.ini
 
 # Check mysql_upgrade (master and slave)
diff --git a/data/Dockerfiles/postfix/syslog-ng-redis_slave.conf b/data/Dockerfiles/postfix/syslog-ng-redis_slave.conf
index cb1d1aa04..8e15932a2 100644
--- a/data/Dockerfiles/postfix/syslog-ng-redis_slave.conf
+++ b/data/Dockerfiles/postfix/syslog-ng-redis_slave.conf
@@ -20,6 +20,7 @@ destination d_redis_ui_log {
     host("`REDIS_SLAVEOF_IP`")
     persist-name("redis1")
     port(`REDIS_SLAVEOF_PORT`)
+    auth("`REDISPASS`")
     command("LPUSH" "POSTFIX_MAILLOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
   );
 };
@@ -28,6 +29,7 @@ destination d_redis_f2b_channel {
     host("`REDIS_SLAVEOF_IP`")
     persist-name("redis2")
     port(`REDIS_SLAVEOF_PORT`)
+    auth("`REDISPASS`")
     command("PUBLISH" "F2B_CHANNEL" "$(sanitize $MESSAGE)")
   );
 };
diff --git a/data/Dockerfiles/postfix/syslog-ng.conf b/data/Dockerfiles/postfix/syslog-ng.conf
index 0990f1c05..fc7d1aa0f 100644
--- a/data/Dockerfiles/postfix/syslog-ng.conf
+++ b/data/Dockerfiles/postfix/syslog-ng.conf
@@ -20,6 +20,7 @@ destination d_redis_ui_log {
     host("redis-mailcow")
     persist-name("redis1")
     port(6379)
+    auth("`REDISPASS`")
     command("LPUSH" "POSTFIX_MAILLOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
   );
 };
@@ -28,6 +29,7 @@ destination d_redis_f2b_channel {
     host("redis-mailcow")
     persist-name("redis2")
     port(6379)
+    auth("`REDISPASS`")
     command("PUBLISH" "F2B_CHANNEL" "$(sanitize $MESSAGE)")
   );
 };
diff --git a/data/Dockerfiles/rspamd/docker-entrypoint.sh b/data/Dockerfiles/rspamd/docker-entrypoint.sh
index cf09ee48f..513ca70a4 100755
--- a/data/Dockerfiles/rspamd/docker-entrypoint.sh
+++ b/data/Dockerfiles/rspamd/docker-entrypoint.sh
@@ -56,27 +56,29 @@ if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
   cat <<EOF > /etc/rspamd/local.d/redis.conf
 read_servers = "redis:6379";
 write_servers = "${REDIS_SLAVEOF_IP}:${REDIS_SLAVEOF_PORT}";
+password = "${REDISPASS}";
 timeout = 10;
 EOF
-  until [[ $(redis-cli -h redis-mailcow PING) == "PONG" ]]; do
+  until [[ $(redis-cli -h redis-mailcow -a ${REDISPASS} PING) == "PONG" ]]; do
     echo "Waiting for Redis @redis-mailcow..."
     sleep 2
   done
-  until [[ $(redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} PING) == "PONG" ]]; do
+  until [[ $(redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS} PING) == "PONG" ]]; do
     echo "Waiting for Redis @${REDIS_SLAVEOF_IP}..."
     sleep 2
   done
-  redis-cli -h redis-mailcow SLAVEOF ${REDIS_SLAVEOF_IP} ${REDIS_SLAVEOF_PORT}
+  redis-cli -h redis-mailcow -a ${REDISPASS} SLAVEOF ${REDIS_SLAVEOF_IP} ${REDIS_SLAVEOF_PORT}
 else
   cat <<EOF > /etc/rspamd/local.d/redis.conf
 servers = "redis:6379";
+password = "${REDISPASS}";
 timeout = 10;
 EOF
-  until [[ $(redis-cli -h redis-mailcow PING) == "PONG" ]]; do
+  until [[ $(redis-cli -h redis-mailcow -a ${REDISPASS} PING) == "PONG" ]]; do
     echo "Waiting for Redis slave..."
     sleep 2
   done
-  redis-cli -h redis-mailcow SLAVEOF NO ONE
+  redis-cli -h redis-mailcow -a ${REDISPASS} SLAVEOF NO ONE
 fi
 
 # Provide additional lua modules
diff --git a/data/Dockerfiles/sogo/syslog-ng-redis_slave.conf b/data/Dockerfiles/sogo/syslog-ng-redis_slave.conf
index 7abfc4b59..675e4c67a 100644
--- a/data/Dockerfiles/sogo/syslog-ng-redis_slave.conf
+++ b/data/Dockerfiles/sogo/syslog-ng-redis_slave.conf
@@ -22,6 +22,7 @@ destination d_redis_ui_log {
     host("`REDIS_SLAVEOF_IP`")
     persist-name("redis1")
     port(`REDIS_SLAVEOF_PORT`)
+    auth("`REDISPASS`")
     command("LPUSH" "SOGO_LOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
   );
 };
@@ -30,6 +31,7 @@ destination d_redis_f2b_channel {
     host("`REDIS_SLAVEOF_IP`")
     persist-name("redis2")
     port(`REDIS_SLAVEOF_PORT`)
+    auth("`REDISPASS`")
     command("PUBLISH" "F2B_CHANNEL" "$(sanitize $MESSAGE)")
   );
 };
diff --git a/data/Dockerfiles/sogo/syslog-ng.conf b/data/Dockerfiles/sogo/syslog-ng.conf
index f16a2920a..8460f2f95 100644
--- a/data/Dockerfiles/sogo/syslog-ng.conf
+++ b/data/Dockerfiles/sogo/syslog-ng.conf
@@ -22,6 +22,7 @@ destination d_redis_ui_log {
     host("redis-mailcow")
     persist-name("redis1")
     port(6379)
+    auth("`REDISPASS`")
     command("LPUSH" "SOGO_LOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
   );
 };
@@ -30,6 +31,7 @@ destination d_redis_f2b_channel {
     host("redis-mailcow")
     persist-name("redis2")
     port(6379)
+    auth("`REDISPASS`")
     command("PUBLISH" "F2B_CHANNEL" "$(sanitize $MESSAGE)")
   );
 };
diff --git a/data/Dockerfiles/watchdog/watchdog.sh b/data/Dockerfiles/watchdog/watchdog.sh
index 81d65d907..46d48da6d 100755
--- a/data/Dockerfiles/watchdog/watchdog.sh
+++ b/data/Dockerfiles/watchdog/watchdog.sh
@@ -40,9 +40,9 @@ done
 
 # Do not attempt to write to slave
 if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
-  REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT}"
+  REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS}"
 else
-  REDIS_CMDLINE="redis-cli -h redis -p 6379"
+  REDIS_CMDLINE="redis-cli -h redis -p 6379 -a ${REDISPASS}"
 fi
 
 until [[ $(${REDIS_CMDLINE} PING) == "PONG" ]]; do
@@ -330,7 +330,7 @@ redis_checks() {
     touch /tmp/redis-mailcow; echo "$(tail -50 /tmp/redis-mailcow)" > /tmp/redis-mailcow
     host_ip=$(get_container_ip redis-mailcow)
     err_c_cur=${err_count}
-    /usr/lib/nagios/plugins/check_tcp -4 -H redis-mailcow -p 6379 -E -s "PING\n" -q "QUIT" -e "PONG" 2>> /tmp/redis-mailcow 1>&2; err_count=$(( ${err_count} + $? ))
+    /usr/lib/nagios/plugins/check_tcp -4 -H redis-mailcow -p 6379 -E -s "AUTH ${REDISPASS}\nPING\n" -q "QUIT" -e "PONG" 2>> /tmp/redis-mailcow 1>&2; err_count=$(( ${err_count} + $? ))
     [ ${err_c_cur} -eq ${err_count} ] && [ ! $((${err_count} - 1)) -lt 0 ] && err_count=$((${err_count} - 1)) diff_c=1
     [ ${err_c_cur} -ne ${err_count} ] && diff_c=$(( ${err_c_cur} - ${err_count} ))
     progress "Redis" ${THRESHOLD} $(( ${THRESHOLD} - ${err_count} )) ${diff_c}
@@ -503,12 +503,12 @@ dovecot_repl_checks() {
   err_count=0
   diff_c=0
   THRESHOLD=${DOVECOT_REPL_THRESHOLD}
-  D_REPL_STATUS=$(redis-cli -h redis -r GET DOVECOT_REPL_HEALTH)
+  D_REPL_STATUS=$(redis-cli -h redis -a ${REDISPASS} -r GET DOVECOT_REPL_HEALTH)
   # Reduce error count by 2 after restarting an unhealthy container
   trap "[ ${err_count} -gt 1 ] && err_count=$(( ${err_count} - 2 ))" USR1
   while [ ${err_count} -lt ${THRESHOLD} ]; do
     err_c_cur=${err_count}
-    D_REPL_STATUS=$(redis-cli --raw -h redis GET DOVECOT_REPL_HEALTH)
+    D_REPL_STATUS=$(redis-cli --raw -h redis -a ${REDISPASS} GET DOVECOT_REPL_HEALTH)
     if [[ "${D_REPL_STATUS}" != "1" ]]; then
       err_count=$(( ${err_count} + 1 ))
     fi
@@ -578,19 +578,19 @@ ratelimit_checks() {
   err_count=0
   diff_c=0
   THRESHOLD=${RATELIMIT_THRESHOLD}
-  RL_LOG_STATUS=$(redis-cli -h redis LRANGE RL_LOG 0 0 | jq .qid)
+  RL_LOG_STATUS=$(redis-cli -h redis -a ${REDISPASS} LRANGE RL_LOG 0 0 | jq .qid)
   # Reduce error count by 2 after restarting an unhealthy container
   trap "[ ${err_count} -gt 1 ] && err_count=$(( ${err_count} - 2 ))" USR1
   while [ ${err_count} -lt ${THRESHOLD} ]; do
     err_c_cur=${err_count}
     RL_LOG_STATUS_PREV=${RL_LOG_STATUS}
-    RL_LOG_STATUS=$(redis-cli -h redis LRANGE RL_LOG 0 0 | jq .qid)
+    RL_LOG_STATUS=$(redis-cli -h redis -a ${REDISPASS} LRANGE RL_LOG 0 0 | jq .qid)
     if [[ ${RL_LOG_STATUS_PREV} != ${RL_LOG_STATUS} ]]; then
       err_count=$(( ${err_count} + 1 ))
       echo 'Last 10 applied ratelimits (may overlap with previous reports).' > /tmp/ratelimit
       echo 'Full ratelimit buckets can be emptied by deleting the ratelimit hash from within mailcow UI (see /debug -> Protocols -> Ratelimit):' >> /tmp/ratelimit
       echo >> /tmp/ratelimit
-      redis-cli --raw -h redis LRANGE RL_LOG 0 10 | jq . >> /tmp/ratelimit
+      redis-cli --raw -h redis -a ${REDISPASS} LRANGE RL_LOG 0 10 | jq . >> /tmp/ratelimit
     fi
     [ ${err_c_cur} -eq ${err_count} ] && [ ! $((${err_count} - 1)) -lt 0 ] && err_count=$((${err_count} - 1)) diff_c=1
     [ ${err_c_cur} -ne ${err_count} ] && diff_c=$(( ${err_c_cur} - ${err_count} ))
@@ -673,7 +673,7 @@ acme_checks() {
   err_count=0
   diff_c=0
   THRESHOLD=${ACME_THRESHOLD}
-  ACME_LOG_STATUS=$(redis-cli -h redis GET ACME_FAIL_TIME)
+  ACME_LOG_STATUS=$(redis-cli -h redis -a ${REDISPASS} GET ACME_FAIL_TIME)
   if [[ -z "${ACME_LOG_STATUS}" ]]; then
     ${REDIS_CMDLINE} SET ACME_FAIL_TIME 0
     ACME_LOG_STATUS=0
@@ -685,7 +685,7 @@ acme_checks() {
     ACME_LOG_STATUS_PREV=${ACME_LOG_STATUS}
     ACME_LC=0
     until [[ ! -z ${ACME_LOG_STATUS} ]] || [ ${ACME_LC} -ge 3 ]; do
-      ACME_LOG_STATUS=$(redis-cli -h redis GET ACME_FAIL_TIME 2> /dev/null)
+      ACME_LOG_STATUS=$(redis-cli -h redis -a ${REDISPASS} GET ACME_FAIL_TIME 2> /dev/null)
       sleep 3
       ACME_LC=$((ACME_LC+1))
     done
diff --git a/data/conf/rspamd/dynmaps/aliasexp.php b/data/conf/rspamd/dynmaps/aliasexp.php
index 947a02444..824037cf1 100644
--- a/data/conf/rspamd/dynmaps/aliasexp.php
+++ b/data/conf/rspamd/dynmaps/aliasexp.php
@@ -25,6 +25,7 @@ catch (PDOException $e) {
 // Init Redis
 $redis = new Redis();
 $redis->connect('redis-mailcow', 6379);
+$redis->auth(getenv("REDISPASS"));
 
 function parse_email($email) {
   if(!filter_var($email, FILTER_VALIDATE_EMAIL)) return false;
diff --git a/data/conf/rspamd/dynmaps/forwardinghosts.php b/data/conf/rspamd/dynmaps/forwardinghosts.php
index 10285b715..2186d7f26 100644
--- a/data/conf/rspamd/dynmaps/forwardinghosts.php
+++ b/data/conf/rspamd/dynmaps/forwardinghosts.php
@@ -4,6 +4,7 @@ ini_set('error_reporting', 0);
 
 $redis = new Redis();
 $redis->connect('redis-mailcow', 6379);
+$redis->auth(getenv("REDISPASS"));
 
 function in_net($addr, $net) {
   $net = explode('/', $net);
diff --git a/data/conf/rspamd/meta_exporter/pipe.php b/data/conf/rspamd/meta_exporter/pipe.php
index 1858ee668..4d8e2a132 100644
--- a/data/conf/rspamd/meta_exporter/pipe.php
+++ b/data/conf/rspamd/meta_exporter/pipe.php
@@ -24,6 +24,7 @@ catch (PDOException $e) {
 // Init Redis
 $redis = new Redis();
 $redis->connect('redis-mailcow', 6379);
+$redis->auth(getenv("REDISPASS"));
 
 // Functions
 function parse_email($email) {
@@ -96,10 +97,10 @@ $rcpt_final_mailboxes = array();
 foreach (json_decode($rcpts, true) as $rcpt) {
   // Remove tag
   $rcpt = preg_replace('/^(.*?)\+.*(@.*)$/', '$1$2', $rcpt);
-  
+
   // Break rcpt into local part and domain part
   $parsed_rcpt = parse_email($rcpt);
-  
+
   // Skip if not a mailcow handled domain
   try {
     if (!$redis->hGet('DOMAIN_MAP', $parsed_rcpt['domain'])) {
@@ -243,7 +244,7 @@ foreach ($rcpt_final_mailboxes as $rcpt_final) {
         WHERE `rcpt` = :rcpt2
         ORDER BY id DESC
         LIMIT :retention_size
-      ) x 
+      ) x
     );');
     $stmt->execute(array(
       ':rcpt' => $rcpt_final,
diff --git a/data/conf/rspamd/meta_exporter/pipe_rl.php b/data/conf/rspamd/meta_exporter/pipe_rl.php
index 5f7fd42c3..f9a21caf7 100644
--- a/data/conf/rspamd/meta_exporter/pipe_rl.php
+++ b/data/conf/rspamd/meta_exporter/pipe_rl.php
@@ -14,6 +14,7 @@ try {
   else {
     $redis->connect('redis-mailcow', 6379);
   }
+  $redis->auth(getenv("REDISPASS"));
 }
 catch (Exception $e) {
   exit;
diff --git a/data/conf/rspamd/meta_exporter/pushover.php b/data/conf/rspamd/meta_exporter/pushover.php
index f122b281a..af1b21ebc 100644
--- a/data/conf/rspamd/meta_exporter/pushover.php
+++ b/data/conf/rspamd/meta_exporter/pushover.php
@@ -24,6 +24,7 @@ catch (PDOException $e) {
 // Init Redis
 $redis = new Redis();
 $redis->connect('redis-mailcow', 6379);
+$redis->auth(getenv("REDISPASS"));
 
 // Functions
 function parse_email($email) {
diff --git a/data/web/_rspamderror.php b/data/web/_rspamderror.php
index 6bdfb3495..4976e0b5e 100644
--- a/data/web/_rspamderror.php
+++ b/data/web/_rspamderror.php
@@ -7,6 +7,7 @@ try {
   else {
     $redis->connect('redis-mailcow', 6379);
   }
+  $redis->auth(getenv("REDISPASS"));
 }
 catch (Exception $e) {
   exit;
diff --git a/data/web/autodiscover.php b/data/web/autodiscover.php
index 992524b35..6e1634bb7 100644
--- a/data/web/autodiscover.php
+++ b/data/web/autodiscover.php
@@ -16,6 +16,7 @@ try {
   else {
     $redis->connect('redis-mailcow', 6379);
   }
+  $redis->auth(getenv("REDISPASS"));
 }
 catch (Exception $e) {
   exit;
diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php
index 9c5203e7f..d64313127 100644
--- a/data/web/inc/prerequisites.inc.php
+++ b/data/web/inc/prerequisites.inc.php
@@ -68,6 +68,7 @@ try {
   else {
     $redis->connect('redis-mailcow', 6379);
   }
+  $redis->auth(getenv("REDISPASS"));
 }
 catch (Exception $e) {
 // Stop when redis is not available
@@ -321,7 +322,7 @@ $UI_TEXTS = customize('get', 'ui_texts');
 if (file_exists('/web/css/themes/'.$UI_THEME.'-bootstrap.css'))
   $css_minifier->add('/web/css/themes/'.$UI_THEME.'-bootstrap.css');
 else
-  $css_minifier->add('/web/css/themes/lumen-bootstrap.css'); 
+  $css_minifier->add('/web/css/themes/lumen-bootstrap.css');
 // minify css build files
 foreach ($css_dir as $css_file) {
   $css_minifier->add('/web/css/build/' . $css_file);
diff --git a/docker-compose.yml b/docker-compose.yml
index 31d6f56fd..ccb2a7271 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -43,6 +43,7 @@ services:
 
     redis-mailcow:
       image: redis:7-alpine
+      command: '--requirepass ${REDISPASS}'
       volumes:
         - redis-vol-1:/data/
       restart: always
@@ -52,6 +53,7 @@ services:
         - "${REDIS_PORT:-127.0.0.1:7654}:6379"
       environment:
         - TZ=${TZ}
+        - REDISPASS=${REDISPASS}
       sysctls:
         - net.core.somaxconn=4096
       networks:
@@ -80,7 +82,7 @@ services:
             - clamd
 
     rspamd-mailcow:
-      image: mailcow/rspamd:1.98
+      image: mailcow/rspamd:1.99
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow
@@ -91,6 +93,7 @@ services:
         - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
         - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
         - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
+        - REDISPASS=${REDISPASS}
         - SPAMHAUS_DQS_KEY=${SPAMHAUS_DQS_KEY:-}
       volumes:
         - ./data/hooks/rspamd:/hooks:Z
@@ -112,7 +115,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.91.1
+      image: mailcow/phpfpm:1.92
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow
@@ -139,6 +142,7 @@ services:
       environment:
         - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
         - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
+        - REDISPASS=${REDISPASS}
         - LOG_LINES=${LOG_LINES:-9999}
         - TZ=${TZ}
         - DBNAME=${DBNAME}
@@ -177,7 +181,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.127.1
+      image: mailcow/sogo:1.128
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}
@@ -194,6 +198,7 @@ services:
         - MASTER=${MASTER:-y}
         - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
         - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
+        - REDISPASS=${REDISPASS}
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       volumes:
@@ -224,7 +229,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:2.2
+      image: mailcow/dovecot:2.21
       depends_on:
         - mysql-mailcow
         - netfilter-mailcow
@@ -266,6 +271,7 @@ services:
         - MASTER=${MASTER:-y}
         - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
         - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
+        - REDISPASS=${REDISPASS}
         - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
         - FLATCURVE_EXPERIMENTAL=${FLATCURVE_EXPERIMENTAL:-n}
       ports:
@@ -308,7 +314,7 @@ services:
             - dovecot
 
     postfix-mailcow:
-      image: mailcow/postfix:1.77
+      image: mailcow/postfix:1.78
       depends_on:
         mysql-mailcow:
           condition: service_started
@@ -330,6 +336,7 @@ services:
         - DBPASS=${DBPASS}
         - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
         - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
+        - REDISPASS=${REDISPASS}
         - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
         - SPAMHAUS_DQS_KEY=${SPAMHAUS_DQS_KEY:-}
       cap_add:
@@ -401,7 +408,7 @@ services:
           condition: service_started
         unbound-mailcow:
           condition: service_healthy
-      image: mailcow/acme:1.90
+      image: mailcow/acme:1.91
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:
@@ -424,6 +431,7 @@ services:
         - TZ=${TZ}
         - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
         - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
+        - REDISPASS=${REDISPASS}
         - SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
         - SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
       volumes:
@@ -438,7 +446,7 @@ services:
             - acme
 
     netfilter-mailcow:
-      image: mailcow/netfilter:1.59
+      image: mailcow/netfilter:1.60
       stop_grace_period: 30s
       restart: always
       privileged: true
@@ -450,6 +458,7 @@ services:
         - SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
         - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
         - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
+        - REDISPASS=${REDISPASS}
         - MAILCOW_REPLICA_IP=${MAILCOW_REPLICA_IP:-}
         - DISABLE_NETFILTER_ISOLATION_RULE=${DISABLE_NETFILTER_ISOLATION_RULE:-n}
       network_mode: "host"
@@ -457,7 +466,7 @@ services:
         - /lib/modules:/lib/modules:ro
 
     watchdog-mailcow:
-      image: mailcow/watchdog:2.05
+      image: mailcow/watchdog:2.06
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       tmpfs:
@@ -503,6 +512,7 @@ services:
         - HTTPS_PORT=${HTTPS_PORT:-443}
         - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
         - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
+        - REDISPASS=${REDISPASS}
         - EXTERNAL_CHECKS_THRESHOLD=${EXTERNAL_CHECKS_THRESHOLD:-1}
         - NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
         - UNBOUND_THRESHOLD=${UNBOUND_THRESHOLD:-5}
@@ -528,7 +538,7 @@ services:
             - watchdog
 
     dockerapi-mailcow:
-      image: mailcow/dockerapi:2.09
+      image: mailcow/dockerapi:2.10
       security_opt:
         - label=disable
       restart: always
@@ -539,6 +549,7 @@ services:
         - TZ=${TZ}
         - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
         - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
+        - REDISPASS=${REDISPASS}
       volumes:
         - /var/run/docker.sock:/var/run/docker.sock:ro
       networks:
diff --git a/generate_config.sh b/generate_config.sh
index f5a2a01b2..46a36a179 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -43,7 +43,7 @@ if docker compose > /dev/null 2>&1; then
       sleep 2
       echo -e "\e[33mNotice: You'll have to update this Compose Version via your Package Manager manually!\e[0m"
     else
-      echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" 
+      echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
       echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
       exit 1
     fi
@@ -56,14 +56,14 @@ elif docker-compose > /dev/null 2>&1; then
       sleep 2
       echo -e "\e[33mNotice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.\e[0m"
     else
-      echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" 
+      echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
       echo -e "\e[31mPlease update/install manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
       exit 1
     fi
   fi
 
 else
-  echo -e "\e[31mCannot find Docker Compose.\e[0m" 
+  echo -e "\e[31mCannot find Docker Compose.\e[0m"
   echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
   exit 1
 fi
@@ -229,7 +229,7 @@ else
   echo -e "\033[31mCould not determine branch input..."
   echo -e "\033[31mExiting."
   exit 1
-fi  
+fi
 
 if [ ! -z "${MAILCOW_BRANCH}" ]; then
   git_branch=${MAILCOW_BRANCH}
@@ -264,6 +264,12 @@ DBUSER=mailcow
 DBPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
 DBROOT=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
 
+# ------------------------------
+# REDIS configuration
+# ------------------------------
+
+REDISPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
+
 # ------------------------------
 # HTTP/S Bindings
 # ------------------------------
@@ -510,7 +516,7 @@ WEBAUTHN_ONLY_TRUSTED_VENDORS=n
 
 # Spamhaus Data Query Service Key
 # Optional: Leave empty for none
-# Enter your key here if you are using a blocked ASN (OVH, AWS, Cloudflare e.g) for the unregistered Spamhaus Blocklist. 
+# Enter your key here if you are using a blocked ASN (OVH, AWS, Cloudflare e.g) for the unregistered Spamhaus Blocklist.
 # If empty, it will completely disable Spamhaus blocklists if it detects that you are running on a server using a blocked AS.
 # Otherwise it will work normally.
 SPAMHAUS_DQS_KEY=
diff --git a/helper-scripts/_cold-standby.sh b/helper-scripts/_cold-standby.sh
index ff0512e07..2fd1dcb67 100755
--- a/helper-scripts/_cold-standby.sh
+++ b/helper-scripts/_cold-standby.sh
@@ -150,7 +150,7 @@ else
   exit 1
 fi
 
- REMOTE_ARCH=$(ssh -o StrictHostKeyChecking=no -i "${REMOTE_SSH_KEY}" ${REMOTE_SSH_HOST} -p ${REMOTE_SSH_PORT} "uname -m") 
+ REMOTE_ARCH=$(ssh -o StrictHostKeyChecking=no -i "${REMOTE_SSH_KEY}" ${REMOTE_SSH_HOST} -p ${REMOTE_SSH_PORT} "uname -m")
 
 }
 
@@ -204,7 +204,7 @@ fi
 
 # Trigger a Redis save for a consistent Redis copy
 echo -ne "\033[1mRunning redis-cli save... \033[0m"
-docker exec $(docker ps -qf name=redis-mailcow) redis-cli save
+docker exec $(docker ps -qf name=redis-mailcow) redis-cli -a ${REDISPASS} save
 
 # Syncing volumes related to compose project
 # Same here: make sure destination exists
diff --git a/helper-scripts/backup_and_restore.sh b/helper-scripts/backup_and_restore.sh
index dc30d5ea1..f8deb590e 100755
--- a/helper-scripts/backup_and_restore.sh
+++ b/helper-scripts/backup_and_restore.sh
@@ -119,7 +119,7 @@ function backup() {
         ${DEBIAN_DOCKER_IMAGE} /bin/tar --warning='no-file-ignored' --use-compress-program="pigz --rsyncable -p ${THREADS}" -Pcvpf /backup/backup_crypt.tar.gz /crypt
       ;;&
     redis|all)
-      docker exec $(docker ps -qf name=redis-mailcow) redis-cli save
+      docker exec $(docker ps -qf name=redis-mailcow) redis-cli -a ${REDISPASS} save
       docker run --name mailcow-backup --rm \
         -v ${BACKUP_LOCATION}/mailcow-${DATE}:/backup:z \
         -v $(docker volume ls -qf name=^${CMPS_PRJ}_redis-vol-1$):/redis:ro,z \
diff --git a/helper-scripts/nextcloud.sh b/helper-scripts/nextcloud.sh
index 2df3ca161..b05a3c93b 100755
--- a/helper-scripts/nextcloud.sh
+++ b/helper-scripts/nextcloud.sh
@@ -101,11 +101,11 @@ if [[ ${NC_PURGE} == "y" ]]; then
     echo -e "\033[33mNot purging anything...\033[0m"
     exit 1
   fi
-  docker exec -it $(docker ps -f name=redis-mailcow -q) /bin/sh -c ' cat <<EOF | redis-cli
+  docker exec -it $(docker ps -f name=redis-mailcow -q) /bin/sh -c "cat <<EOF | redis-cli -a ${REDISPASS}
 SELECT 10
 FLUSHDB
 EOF
-'
+"
   if [ -d ./data/web/nextcloud/config ]; then
     mv ./data/web/nextcloud/config/ ./data/conf/nextcloud-config-folder-$(date +%s).bak
   fi
diff --git a/helper-scripts/reset-learns.sh b/helper-scripts/reset-learns.sh
index 9fd112327..bdf2c97c8 100755
--- a/helper-scripts/reset-learns.sh
+++ b/helper-scripts/reset-learns.sh
@@ -15,15 +15,15 @@ if [[ "$response" =~ ^(yes|y)$ ]]; then
     docker stop ${RSPAMD_ID}
     echo "LUA will return nil when it succeeds or print a warning/error when it fails."
     echo "Deleting all RS* keys - if any"
-    docker exec -it ${REDIS_ID} redis-cli EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'RS*'
+    docker exec -it ${REDIS_ID} redis-cli -a ${REDISPASS} EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'RS*'
     echo "Deleting all BAYES* keys - if any"
-    docker exec -it ${REDIS_ID} redis-cli EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'BAYES*'
+    docker exec -it ${REDIS_ID} redis-cli -a ${REDISPASS} EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'BAYES*'
     echo "Deleting all learned* keys - if any"
-    docker exec -it ${REDIS_ID} redis-cli EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'learned*'
+    docker exec -it ${REDIS_ID} redis-cli -a ${REDISPASS} EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'learned*'
     echo "Deleting all fuzzy* keys - if any"
-    docker exec -it ${REDIS_ID} redis-cli EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'fuzzy*'
+    docker exec -it ${REDIS_ID} redis-cli -a ${REDISPASS} EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'fuzzy*'
     echo "Deleting all tRFANN* keys - if any"
-    docker exec -it ${REDIS_ID} redis-cli EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'tRFANN*'
+    docker exec -it ${REDIS_ID} redis-cli -a ${REDISPASS} EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'tRFANN*'
     echo "Starting Rspamd container"
     docker start ${RSPAMD_ID}
   fi
diff --git a/update.sh b/update.sh
index 3afe623c2..deb75e183 100755
--- a/update.sh
+++ b/update.sh
@@ -540,6 +540,7 @@ CONFIG_ARRAY=(
   "SPAMHAUS_DQS_KEY"
   "SKIP_UNBOUND_HEALTHCHECK"
   "DISABLE_NETFILTER_ISOLATION_RULE"
+  "REDISPASS"
 )
 
 detect_bad_asn
@@ -832,6 +833,14 @@ for option in "${CONFIG_ARRAY[@]}"; do
       echo '# CAUTION: Disabling this may expose container ports to other neighbors on the same subnet, even if the ports are bound to localhost' >> mailcow.conf
       echo 'DISABLE_NETFILTER_ISOLATION_RULE=n' >> mailcow.conf
     fi
+  elif [[ "${option}" == "REDISPASS" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
+      echo "Adding new option \"${option}\" to mailcow.conf"
+      echo -e '\n# ------------------------------' >> mailcow.conf
+      echo '# REDIS configuration' >> mailcow.conf
+      echo -e '# ------------------------------\n' >> mailcow.conf
+      echo "REDISPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)" >> mailcow.conf
+    fi
   elif ! grep -q "${option}" mailcow.conf; then
     echo "Adding new option \"${option}\" to mailcow.conf"
     echo "${option}=n" >> mailcow.conf

From c1903f121d079d5cd32d6ecc10747f767362d73b Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 13 Nov 2024 16:48:30 +0100
Subject: [PATCH 375/755] [Redis] set password via docker-entrypoint.sh

---
 data/conf/redis/docker-entrypoint.sh | 6 ++++++
 docker-compose.yml                   | 3 ++-
 2 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100755 data/conf/redis/docker-entrypoint.sh

diff --git a/data/conf/redis/docker-entrypoint.sh b/data/conf/redis/docker-entrypoint.sh
new file mode 100755
index 000000000..00bdab1b6
--- /dev/null
+++ b/data/conf/redis/docker-entrypoint.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+cat <<EOF > /redis.conf
+requirepass $REDISPASS
+EOF
+exec redis-server /redis.conf
diff --git a/docker-compose.yml b/docker-compose.yml
index ccb2a7271..6d32da7d0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -43,9 +43,10 @@ services:
 
     redis-mailcow:
       image: redis:7-alpine
-      command: '--requirepass ${REDISPASS}'
+      entrypoint: /docker-entrypoint.sh
       volumes:
         - redis-vol-1:/data/
+        - ./data/conf/redis/docker-entrypoint.sh:/docker-entrypoint.sh:z
       restart: always
       depends_on:
         - netfilter-mailcow

From b0de756a7c741c1fd2ff560783833620b6878573 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 19 Nov 2024 14:54:36 +0100
Subject: [PATCH 376/755] [Redis] Rename docker-entrypoint.sh to redis-conf.sh

---
 data/conf/redis/{docker-entrypoint.sh => redis-conf.sh} | 1 +
 docker-compose.yml                                      | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)
 rename data/conf/redis/{docker-entrypoint.sh => redis-conf.sh} (98%)

diff --git a/data/conf/redis/docker-entrypoint.sh b/data/conf/redis/redis-conf.sh
similarity index 98%
rename from data/conf/redis/docker-entrypoint.sh
rename to data/conf/redis/redis-conf.sh
index 00bdab1b6..95d50a39a 100755
--- a/data/conf/redis/docker-entrypoint.sh
+++ b/data/conf/redis/redis-conf.sh
@@ -3,4 +3,5 @@
 cat <<EOF > /redis.conf
 requirepass $REDISPASS
 EOF
+
 exec redis-server /redis.conf
diff --git a/docker-compose.yml b/docker-compose.yml
index 6d32da7d0..226c48ac8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -43,10 +43,10 @@ services:
 
     redis-mailcow:
       image: redis:7-alpine
-      entrypoint: /docker-entrypoint.sh
+      entrypoint: /redis-conf.sh
       volumes:
         - redis-vol-1:/data/
-        - ./data/conf/redis/docker-entrypoint.sh:/docker-entrypoint.sh:z
+        - ./data/conf/redis/redis-conf.sh:/redis-conf.sh:z
       restart: always
       depends_on:
         - netfilter-mailcow

From 6831f94fdb209fb4a558f5f81fb7db340c856bd2 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 19 Nov 2024 15:10:52 +0100
Subject: [PATCH 377/755] [Redis] redis-cli suppress auth warning

---
 data/Dockerfiles/acme/acme.sh                 |  4 ++--
 data/Dockerfiles/acme/obtain-certificate.sh   |  2 +-
 data/Dockerfiles/dovecot/clean_q_aged.sh      |  2 +-
 data/Dockerfiles/dovecot/docker-entrypoint.sh |  4 ++--
 data/Dockerfiles/dovecot/repl_health.sh       |  4 ++--
 data/Dockerfiles/dovecot/trim_logs.sh         |  4 ++--
 data/Dockerfiles/phpfpm/docker-entrypoint.sh  |  2 +-
 data/Dockerfiles/rspamd/docker-entrypoint.sh  | 10 +++++-----
 data/Dockerfiles/watchdog/watchdog.sh         | 18 +++++++++---------
 helper-scripts/_cold-standby.sh               |  2 +-
 helper-scripts/backup_and_restore.sh          |  2 +-
 helper-scripts/nextcloud.sh                   |  2 +-
 helper-scripts/reset-learns.sh                | 10 +++++-----
 13 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/data/Dockerfiles/acme/acme.sh b/data/Dockerfiles/acme/acme.sh
index a63c1f199..64a4d1765 100755
--- a/data/Dockerfiles/acme/acme.sh
+++ b/data/Dockerfiles/acme/acme.sh
@@ -4,9 +4,9 @@ exec 5>&1
 
 # Do not attempt to write to slave
 if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
-  export REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS}"
+  export REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS} --no-auth-warning"
 else
-  export REDIS_CMDLINE="redis-cli -h redis -p 6379 -a ${REDISPASS}"
+  export REDIS_CMDLINE="redis-cli -h redis -p 6379 -a ${REDISPASS} --no-auth-warning"
 fi
 
 until [[ $(${REDIS_CMDLINE} PING) == "PONG" ]]; do
diff --git a/data/Dockerfiles/acme/obtain-certificate.sh b/data/Dockerfiles/acme/obtain-certificate.sh
index f9eb29d1f..16c4e2588 100644
--- a/data/Dockerfiles/acme/obtain-certificate.sh
+++ b/data/Dockerfiles/acme/obtain-certificate.sh
@@ -124,7 +124,7 @@ case "$SUCCESS" in
     ;;
   *) # non-zero is non-fun
     log_f "Failed to obtain certificate ${CERT} for domains '${CERT_DOMAINS[*]}'"
-    redis-cli -h redis -a ${REDISPASS} SET ACME_FAIL_TIME "$(date +%s)"
+    redis-cli -h redis -a ${REDISPASS} --no-auth-warning SET ACME_FAIL_TIME "$(date +%s)"
     exit 100${SUCCESS}
     ;;
 esac
diff --git a/data/Dockerfiles/dovecot/clean_q_aged.sh b/data/Dockerfiles/dovecot/clean_q_aged.sh
index a43853646..3fa8a7ddb 100755
--- a/data/Dockerfiles/dovecot/clean_q_aged.sh
+++ b/data/Dockerfiles/dovecot/clean_q_aged.sh
@@ -2,7 +2,7 @@
 
 source /source_env.sh
 
-MAX_AGE=$(redis-cli --raw -h redis-mailcow -a ${REDISPASS} GET Q_MAX_AGE)
+MAX_AGE=$(redis-cli --raw -h redis-mailcow -a ${REDISPASS} --no-auth-warning GET Q_MAX_AGE)
 
 if [[ -z ${MAX_AGE} ]]; then
   echo "Max age for quarantine items not defined"
diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index 72d560a5f..7c6f46c60 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -14,9 +14,9 @@ done
 
 # Do not attempt to write to slave
 if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
-  REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS}"
+  REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS} --no-auth-warning"
 else
-  REDIS_CMDLINE="redis-cli -h redis -p 6379 -a ${REDISPASS}"
+  REDIS_CMDLINE="redis-cli -h redis -p 6379 -a ${REDISPASS} --no-auth-warning"
 fi
 
 until [[ $(${REDIS_CMDLINE} PING) == "PONG" ]]; do
diff --git a/data/Dockerfiles/dovecot/repl_health.sh b/data/Dockerfiles/dovecot/repl_health.sh
index 447fbee5c..2d7674bdc 100755
--- a/data/Dockerfiles/dovecot/repl_health.sh
+++ b/data/Dockerfiles/dovecot/repl_health.sh
@@ -4,9 +4,9 @@ source /source_env.sh
 
 # Do not attempt to write to slave
 if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
-  REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS}"
+  REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS} --no-auth-warning"
 else
-  REDIS_CMDLINE="redis-cli -h redis -p 6379 -a ${REDISPASS}"
+  REDIS_CMDLINE="redis-cli -h redis -p 6379 -a ${REDISPASS} --no-auth-warning"
 fi
 
 # Is replication active?
diff --git a/data/Dockerfiles/dovecot/trim_logs.sh b/data/Dockerfiles/dovecot/trim_logs.sh
index 1055c985a..fceaae564 100755
--- a/data/Dockerfiles/dovecot/trim_logs.sh
+++ b/data/Dockerfiles/dovecot/trim_logs.sh
@@ -10,9 +10,9 @@ catch_non_zero() {
 source /source_env.sh
 # Do not attempt to write to slave
 if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
-  REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS}"
+  REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS} --no-auth-warning"
 else
-  REDIS_CMDLINE="redis-cli -h redis -p 6379 -a ${REDISPASS}"
+  REDIS_CMDLINE="redis-cli -h redis -p 6379 -a ${REDISPASS} --no-auth-warning"
 fi
 catch_non_zero "${REDIS_CMDLINE} LTRIM ACME_LOG 0 ${LOG_LINES}"
 catch_non_zero "${REDIS_CMDLINE} LTRIM POSTFIX_MAILLOG 0 ${LOG_LINES}"
diff --git a/data/Dockerfiles/phpfpm/docker-entrypoint.sh b/data/Dockerfiles/phpfpm/docker-entrypoint.sh
index c9ca6e454..e6510de7a 100755
--- a/data/Dockerfiles/phpfpm/docker-entrypoint.sh
+++ b/data/Dockerfiles/phpfpm/docker-entrypoint.sh
@@ -16,7 +16,7 @@ else
   REDIS_HOST="redis"
   REDIS_PORT="6379"
 fi
-REDIS_CMDLINE="redis-cli -h ${REDIS_HOST} -p ${REDIS_PORT} -a ${REDISPASS}"
+REDIS_CMDLINE="redis-cli -h ${REDIS_HOST} -p ${REDIS_PORT} -a ${REDISPASS} --no-auth-warning"
 
 until [[ $(${REDIS_CMDLINE} PING) == "PONG" ]]; do
   echo "Waiting for Redis..."
diff --git a/data/Dockerfiles/rspamd/docker-entrypoint.sh b/data/Dockerfiles/rspamd/docker-entrypoint.sh
index 513ca70a4..cf44c3063 100755
--- a/data/Dockerfiles/rspamd/docker-entrypoint.sh
+++ b/data/Dockerfiles/rspamd/docker-entrypoint.sh
@@ -59,26 +59,26 @@ write_servers = "${REDIS_SLAVEOF_IP}:${REDIS_SLAVEOF_PORT}";
 password = "${REDISPASS}";
 timeout = 10;
 EOF
-  until [[ $(redis-cli -h redis-mailcow -a ${REDISPASS} PING) == "PONG" ]]; do
+  until [[ $(redis-cli -h redis-mailcow -a ${REDISPASS} --no-auth-warning PING) == "PONG" ]]; do
     echo "Waiting for Redis @redis-mailcow..."
     sleep 2
   done
-  until [[ $(redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS} PING) == "PONG" ]]; do
+  until [[ $(redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS} --no-auth-warning PING) == "PONG" ]]; do
     echo "Waiting for Redis @${REDIS_SLAVEOF_IP}..."
     sleep 2
   done
-  redis-cli -h redis-mailcow -a ${REDISPASS} SLAVEOF ${REDIS_SLAVEOF_IP} ${REDIS_SLAVEOF_PORT}
+  redis-cli -h redis-mailcow -a ${REDISPASS} --no-auth-warning SLAVEOF ${REDIS_SLAVEOF_IP} ${REDIS_SLAVEOF_PORT}
 else
   cat <<EOF > /etc/rspamd/local.d/redis.conf
 servers = "redis:6379";
 password = "${REDISPASS}";
 timeout = 10;
 EOF
-  until [[ $(redis-cli -h redis-mailcow -a ${REDISPASS} PING) == "PONG" ]]; do
+  until [[ $(redis-cli -h redis-mailcow -a ${REDISPASS} --no-auth-warning PING) == "PONG" ]]; do
     echo "Waiting for Redis slave..."
     sleep 2
   done
-  redis-cli -h redis-mailcow -a ${REDISPASS} SLAVEOF NO ONE
+  redis-cli -h redis-mailcow -a ${REDISPASS} --no-auth-warning SLAVEOF NO ONE
 fi
 
 # Provide additional lua modules
diff --git a/data/Dockerfiles/watchdog/watchdog.sh b/data/Dockerfiles/watchdog/watchdog.sh
index 46d48da6d..dac0335fb 100755
--- a/data/Dockerfiles/watchdog/watchdog.sh
+++ b/data/Dockerfiles/watchdog/watchdog.sh
@@ -40,9 +40,9 @@ done
 
 # Do not attempt to write to slave
 if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
-  REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS}"
+  REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS} --no-auth-warning"
 else
-  REDIS_CMDLINE="redis-cli -h redis -p 6379 -a ${REDISPASS}"
+  REDIS_CMDLINE="redis-cli -h redis -p 6379 -a ${REDISPASS} --no-auth-warning"
 fi
 
 until [[ $(${REDIS_CMDLINE} PING) == "PONG" ]]; do
@@ -503,12 +503,12 @@ dovecot_repl_checks() {
   err_count=0
   diff_c=0
   THRESHOLD=${DOVECOT_REPL_THRESHOLD}
-  D_REPL_STATUS=$(redis-cli -h redis -a ${REDISPASS} -r GET DOVECOT_REPL_HEALTH)
+  D_REPL_STATUS=$(redis-cli -h redis -a ${REDISPASS} --no-auth-warning -r GET DOVECOT_REPL_HEALTH)
   # Reduce error count by 2 after restarting an unhealthy container
   trap "[ ${err_count} -gt 1 ] && err_count=$(( ${err_count} - 2 ))" USR1
   while [ ${err_count} -lt ${THRESHOLD} ]; do
     err_c_cur=${err_count}
-    D_REPL_STATUS=$(redis-cli --raw -h redis -a ${REDISPASS} GET DOVECOT_REPL_HEALTH)
+    D_REPL_STATUS=$(redis-cli --raw -h redis -a ${REDISPASS} --no-auth-warning GET DOVECOT_REPL_HEALTH)
     if [[ "${D_REPL_STATUS}" != "1" ]]; then
       err_count=$(( ${err_count} + 1 ))
     fi
@@ -578,19 +578,19 @@ ratelimit_checks() {
   err_count=0
   diff_c=0
   THRESHOLD=${RATELIMIT_THRESHOLD}
-  RL_LOG_STATUS=$(redis-cli -h redis -a ${REDISPASS} LRANGE RL_LOG 0 0 | jq .qid)
+  RL_LOG_STATUS=$(redis-cli -h redis -a ${REDISPASS} --no-auth-warning LRANGE RL_LOG 0 0 | jq .qid)
   # Reduce error count by 2 after restarting an unhealthy container
   trap "[ ${err_count} -gt 1 ] && err_count=$(( ${err_count} - 2 ))" USR1
   while [ ${err_count} -lt ${THRESHOLD} ]; do
     err_c_cur=${err_count}
     RL_LOG_STATUS_PREV=${RL_LOG_STATUS}
-    RL_LOG_STATUS=$(redis-cli -h redis -a ${REDISPASS} LRANGE RL_LOG 0 0 | jq .qid)
+    RL_LOG_STATUS=$(redis-cli -h redis -a ${REDISPASS} --no-auth-warning LRANGE RL_LOG 0 0 | jq .qid)
     if [[ ${RL_LOG_STATUS_PREV} != ${RL_LOG_STATUS} ]]; then
       err_count=$(( ${err_count} + 1 ))
       echo 'Last 10 applied ratelimits (may overlap with previous reports).' > /tmp/ratelimit
       echo 'Full ratelimit buckets can be emptied by deleting the ratelimit hash from within mailcow UI (see /debug -> Protocols -> Ratelimit):' >> /tmp/ratelimit
       echo >> /tmp/ratelimit
-      redis-cli --raw -h redis -a ${REDISPASS} LRANGE RL_LOG 0 10 | jq . >> /tmp/ratelimit
+      redis-cli --raw -h redis -a ${REDISPASS} --no-auth-warning LRANGE RL_LOG 0 10 | jq . >> /tmp/ratelimit
     fi
     [ ${err_c_cur} -eq ${err_count} ] && [ ! $((${err_count} - 1)) -lt 0 ] && err_count=$((${err_count} - 1)) diff_c=1
     [ ${err_c_cur} -ne ${err_count} ] && diff_c=$(( ${err_c_cur} - ${err_count} ))
@@ -673,7 +673,7 @@ acme_checks() {
   err_count=0
   diff_c=0
   THRESHOLD=${ACME_THRESHOLD}
-  ACME_LOG_STATUS=$(redis-cli -h redis -a ${REDISPASS} GET ACME_FAIL_TIME)
+  ACME_LOG_STATUS=$(redis-cli -h redis -a ${REDISPASS} --no-auth-warning GET ACME_FAIL_TIME)
   if [[ -z "${ACME_LOG_STATUS}" ]]; then
     ${REDIS_CMDLINE} SET ACME_FAIL_TIME 0
     ACME_LOG_STATUS=0
@@ -685,7 +685,7 @@ acme_checks() {
     ACME_LOG_STATUS_PREV=${ACME_LOG_STATUS}
     ACME_LC=0
     until [[ ! -z ${ACME_LOG_STATUS} ]] || [ ${ACME_LC} -ge 3 ]; do
-      ACME_LOG_STATUS=$(redis-cli -h redis -a ${REDISPASS} GET ACME_FAIL_TIME 2> /dev/null)
+      ACME_LOG_STATUS=$(redis-cli -h redis -a ${REDISPASS} --no-auth-warning GET ACME_FAIL_TIME 2> /dev/null)
       sleep 3
       ACME_LC=$((ACME_LC+1))
     done
diff --git a/helper-scripts/_cold-standby.sh b/helper-scripts/_cold-standby.sh
index 2fd1dcb67..815152735 100755
--- a/helper-scripts/_cold-standby.sh
+++ b/helper-scripts/_cold-standby.sh
@@ -204,7 +204,7 @@ fi
 
 # Trigger a Redis save for a consistent Redis copy
 echo -ne "\033[1mRunning redis-cli save... \033[0m"
-docker exec $(docker ps -qf name=redis-mailcow) redis-cli -a ${REDISPASS} save
+docker exec $(docker ps -qf name=redis-mailcow) redis-cli -a ${REDISPASS} --no-auth-warning save
 
 # Syncing volumes related to compose project
 # Same here: make sure destination exists
diff --git a/helper-scripts/backup_and_restore.sh b/helper-scripts/backup_and_restore.sh
index f8deb590e..581a84091 100755
--- a/helper-scripts/backup_and_restore.sh
+++ b/helper-scripts/backup_and_restore.sh
@@ -119,7 +119,7 @@ function backup() {
         ${DEBIAN_DOCKER_IMAGE} /bin/tar --warning='no-file-ignored' --use-compress-program="pigz --rsyncable -p ${THREADS}" -Pcvpf /backup/backup_crypt.tar.gz /crypt
       ;;&
     redis|all)
-      docker exec $(docker ps -qf name=redis-mailcow) redis-cli -a ${REDISPASS} save
+      docker exec $(docker ps -qf name=redis-mailcow) redis-cli -a ${REDISPASS} --no-auth-warning save
       docker run --name mailcow-backup --rm \
         -v ${BACKUP_LOCATION}/mailcow-${DATE}:/backup:z \
         -v $(docker volume ls -qf name=^${CMPS_PRJ}_redis-vol-1$):/redis:ro,z \
diff --git a/helper-scripts/nextcloud.sh b/helper-scripts/nextcloud.sh
index b05a3c93b..12dab3ef2 100755
--- a/helper-scripts/nextcloud.sh
+++ b/helper-scripts/nextcloud.sh
@@ -101,7 +101,7 @@ if [[ ${NC_PURGE} == "y" ]]; then
     echo -e "\033[33mNot purging anything...\033[0m"
     exit 1
   fi
-  docker exec -it $(docker ps -f name=redis-mailcow -q) /bin/sh -c "cat <<EOF | redis-cli -a ${REDISPASS}
+  docker exec -it $(docker ps -f name=redis-mailcow -q) /bin/sh -c "cat <<EOF | redis-cli -a ${REDISPASS} --no-auth-warning
 SELECT 10
 FLUSHDB
 EOF
diff --git a/helper-scripts/reset-learns.sh b/helper-scripts/reset-learns.sh
index bdf2c97c8..b6723f5ae 100755
--- a/helper-scripts/reset-learns.sh
+++ b/helper-scripts/reset-learns.sh
@@ -15,15 +15,15 @@ if [[ "$response" =~ ^(yes|y)$ ]]; then
     docker stop ${RSPAMD_ID}
     echo "LUA will return nil when it succeeds or print a warning/error when it fails."
     echo "Deleting all RS* keys - if any"
-    docker exec -it ${REDIS_ID} redis-cli -a ${REDISPASS} EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'RS*'
+    docker exec -it ${REDIS_ID} redis-cli -a ${REDISPASS} --no-auth-warning EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'RS*'
     echo "Deleting all BAYES* keys - if any"
-    docker exec -it ${REDIS_ID} redis-cli -a ${REDISPASS} EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'BAYES*'
+    docker exec -it ${REDIS_ID} redis-cli -a ${REDISPASS} --no-auth-warning EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'BAYES*'
     echo "Deleting all learned* keys - if any"
-    docker exec -it ${REDIS_ID} redis-cli -a ${REDISPASS} EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'learned*'
+    docker exec -it ${REDIS_ID} redis-cli -a ${REDISPASS} --no-auth-warning EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'learned*'
     echo "Deleting all fuzzy* keys - if any"
-    docker exec -it ${REDIS_ID} redis-cli -a ${REDISPASS} EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'fuzzy*'
+    docker exec -it ${REDIS_ID} redis-cli -a ${REDISPASS} --no-auth-warning EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'fuzzy*'
     echo "Deleting all tRFANN* keys - if any"
-    docker exec -it ${REDIS_ID} redis-cli -a ${REDISPASS} EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'tRFANN*'
+    docker exec -it ${REDIS_ID} redis-cli -a ${REDISPASS} --no-auth-warning EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'tRFANN*'
     echo "Starting Rspamd container"
     docker start ${RSPAMD_ID}
   fi

From fe7211f27f839a6d3ab8d95b88e0a654417ebdf5 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 20 Nov 2024 09:57:14 +0100
Subject: [PATCH 378/755] [Web] add missing translation for ratelimit in
 templates overview

---
 data/web/js/site/mailbox.js     | 27 ++++++++-------------------
 data/web/mailbox.php            |  1 +
 data/web/templates/mailbox.twig |  1 +
 3 files changed, 10 insertions(+), 19 deletions(-)

diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index af2862a37..dcde0d8a0 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -693,8 +693,8 @@ jQuery(function($){
             } else if (item.attributes.rl_frame === "d"){
               item.attributes.rl_frame = lang_rl.day;
             }
-            item.attributes.rl_value = escapeHtml(item.attributes.rl_value);
-
+            item.attributes.rl_value = (!item.attributes.rl_value) ? "∞" : escapeHtml(item.attributes.rl_value);
+            item.attributes.ratelimit = item.attributes.rl_value + " " + item.attributes.rl_frame;
 
             if (item.template.toLowerCase() == "default"){
               item.action = '<div class="btn-group">' +
@@ -818,14 +818,8 @@ jQuery(function($){
           }
         },
         {
-          title: 'rl_frame',
-          data: 'attributes.rl_frame',
-          defaultContent: '',
-          class: 'none',
-        },
-        {
-          title: 'rl_value',
-          data: 'attributes.rl_value',
+          title: lang_edit.ratelimit,
+          data: 'attributes.ratelimit',
           defaultContent: '',
           class: 'none',
         },
@@ -1183,7 +1177,8 @@ jQuery(function($){
             } else if (item.attributes.rl_frame === "d"){
               item.attributes.rl_frame = lang_rl.day;
             }
-            item.attributes.rl_value = escapeHtml(item.attributes.rl_value);
+            item.attributes.rl_value = (!item.attributes.rl_value) ? "∞" : escapeHtml(item.attributes.rl_value);
+            item.attributes.ratelimit = item.attributes.rl_value + " " + item.attributes.rl_frame;
 
             item.attributes.quota = humanFileSize(item.attributes.quota);
 
@@ -1328,14 +1323,8 @@ jQuery(function($){
           }
         },
         {
-          title: "rl_frame",
-          data: 'attributes.rl_frame',
-          defaultContent: '',
-          class: 'none',
-        },
-        {
-          title: 'rl_value',
-          data: 'attributes.rl_value',
+          title: lang_edit.ratelimit,
+          data: 'attributes.ratelimit',
           defaultContent: '',
           class: 'none',
         },
diff --git a/data/web/mailbox.php b/data/web/mailbox.php
index 65c76f531..a84e32c47 100644
--- a/data/web/mailbox.php
+++ b/data/web/mailbox.php
@@ -41,6 +41,7 @@ $template_data = [
   'mailboxes' => $mailboxes,
   'lang_mailbox' => json_encode($lang['mailbox']),
   'lang_rl' => json_encode($lang['ratelimit']),
+  'lang_edit' => json_encode($lang['edit']),
   'lang_datatables' => json_encode($lang['datatables']),
 ];
 
diff --git a/data/web/templates/mailbox.twig b/data/web/templates/mailbox.twig
index b61896d70..f0b1af464 100644
--- a/data/web/templates/mailbox.twig
+++ b/data/web/templates/mailbox.twig
@@ -68,6 +68,7 @@
   var acl = '{{ acl_json|raw }}';
   var lang = {{ lang_mailbox|raw }};
   var lang_rl = {{ lang_rl|raw }};
+  var lang_edit = {{ lang_edit|raw }};
   var lang_datatables = {{ lang_datatables|raw }};
   var csrf_token = '{{ csrf_token }}';
   var pagination_size = Math.trunc('{{ pagination_size }}');

From d08b9aec32ca0d901e5ded54954ed20655aec4c9 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 20 Nov 2024 11:09:49 +0100
Subject: [PATCH 379/755] [Web] Add additional columns to _sogo_static_view

---
 data/web/inc/init_db.inc.php | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 8c4951d57..3cfeb37df 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "29072024_1000";
+    $db_version = "20112024_1105";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -111,6 +111,10 @@ function init_db_schema() {
           "c_name" => "VARCHAR(255) NOT NULL",
           "c_password" => "VARCHAR(255) NOT NULL DEFAULT ''",
           "c_cn" => "VARCHAR(255)",
+          "c_l" => "VARCHAR(255)",
+          "c_o" => "VARCHAR(255)",
+          "c_ou" => "VARCHAR(255)",
+          "c_telephonenumber" => "VARCHAR(255)",
           "mail" => "VARCHAR(255) NOT NULL",
           // TODO -> use TEXT and check if SOGo login breaks on empty aliases
           "aliases" => "TEXT NOT NULL",
@@ -1004,7 +1008,7 @@ function init_db_schema() {
           )
         ),
         "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),      
+      ),
       "pushover" => array(
         "cols" => array(
           "username" => "VARCHAR(255) NOT NULL",
@@ -1388,7 +1392,7 @@ function init_db_schema() {
         "key_size" => 2048,
         "max_quota_for_domain" => 10240 * 1048576,
       )
-    );     
+    );
     $default_mailbox_template = array(
       "template" => "Default",
       "type" => "mailbox",
@@ -1423,7 +1427,7 @@ function init_db_schema() {
         "acl_quarantine_category" => 1,
         "acl_app_passwds" => 1,
       )
-    );        
+    );
     $stmt = $pdo->prepare("SELECT id FROM `templates` WHERE `type` = :type AND `template` = :template");
     $stmt->execute(array(
       ":type" => "domain",
@@ -1437,8 +1441,8 @@ function init_db_schema() {
         ":type" => "domain",
         ":template" => $default_domain_template["template"],
         ":attributes" => json_encode($default_domain_template["attributes"])
-      )); 
-    }    
+      ));
+    }
     $stmt = $pdo->prepare("SELECT id FROM `templates` WHERE `type` = :type AND `template` = :template");
     $stmt->execute(array(
       ":type" => "mailbox",
@@ -1452,8 +1456,8 @@ function init_db_schema() {
         ":type" => "mailbox",
         ":template" => $default_mailbox_template["template"],
         ":attributes" => json_encode($default_mailbox_template["attributes"])
-      )); 
-    } 
+      ));
+    }
 
     if (php_sapi_name() == "cli") {
       echo "DB initialization completed" . PHP_EOL;

From ba282233ea06823e827d85fad014ff68e23854b5 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 20 Nov 2024 13:05:02 +0100
Subject: [PATCH 380/755] [Web] allow dots in dkim selectors

---
 data/web/inc/functions.dkim.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/inc/functions.dkim.inc.php b/data/web/inc/functions.dkim.inc.php
index 29b32d5d3..8b1766a20 100644
--- a/data/web/inc/functions.dkim.inc.php
+++ b/data/web/inc/functions.dkim.inc.php
@@ -26,7 +26,7 @@ function dkim($_action, $_data = null, $privkey = false) {
           );
           continue;
         }
-        if (!ctype_alnum(str_replace(['-', '_'], '', $dkim_selector))) {
+        if (!ctype_alnum(str_replace(['-', '_', '.'], '', $dkim_selector))) {
           $_SESSION['return'][] = array(
             'type' => 'danger',
             'log' => array(__FUNCTION__, $_action, $_data),
@@ -188,7 +188,7 @@ function dkim($_action, $_data = null, $privkey = false) {
           return false;
         }
       }
-      if (!ctype_alnum($dkim_selector)) {
+      if (!ctype_alnum(str_replace(['-', '_', '.'], '', $dkim_selector))) {
         $_SESSION['return'][] = array(
           'type' => 'danger',
           'log' => array(__FUNCTION__, $_action, $_data),

From 4dbfd3abadf1a4cf75db19332cf22a25ce07169b Mon Sep 17 00:00:00 2001
From: Habetdin <15926758+Habetdin@users.noreply.github.com>
Date: Mon, 25 Nov 2024 18:01:17 +0300
Subject: [PATCH 381/755] Update lang.ru-ru.json (#6184)

---
 data/web/lang/lang.ru-ru.json | 316 ++++++++++++++++++++++------------
 1 file changed, 204 insertions(+), 112 deletions(-)

diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index 792d32661..ec86d7d06 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -14,6 +14,7 @@
         "prohibited": "Запрещено правилами ACL",
         "protocol_access": "Настройка разрешенных протоколов",
         "pushover": "Pushover API",
+        "pw_reset": "Разрешить пользователям mailcow восстановление паролей",
         "quarantine": "Карантин - действия",
         "quarantine_attachments": "Карантин - вложения",
         "quarantine_category": "Категория уведомлений о спаме",
@@ -28,8 +29,7 @@
         "spam_score": "Политика фильтрации спама",
         "syncjobs": "Задания синхронизации",
         "tls_policy": "Политика шифрования",
-        "unlimited_quota": "Неограниченная квота для почтовых ящиков",
-        "pw_reset": "Разрешить сброс пароля пользователей mailcow"
+        "unlimited_quota": "Неограниченная квота для почтовых ящиков"
     },
     "add": {
         "activate_filter_warn": "Активация этого фильтра отключит все остальные фильтры этого типа.",
@@ -42,13 +42,14 @@
         "alias_domain": "Псевдоним домена",
         "alias_domain_info": "<small>Действительные имена доменов, раздёленные запятыми.</small>",
         "app_name": "Название приложения",
+        "app_passwd_protocols": "Разрешенные протоколы для пароля приложения",
         "app_password": "Добавить пароль приложения",
         "automap": "Автоматическое слияние папок (\"Sent items\", \"Sent\" => \"Sent\" etc.)",
         "backup_mx_options": "Параметры резервного MX",
         "bcc_dest_format": "Место назначения BCC должно быть единственным действительным адресом электронной почты.<br>Если вам нужно отправить копию на несколько адресов - используйте псевдоним.",
         "comment_info": "Приватный комментарий не виден пользователям, а публичный - отображается рядом с псевдонимом в личном кабинете пользователя.",
         "custom_params": "Пользовательские параметры",
-        "custom_params_hint": "Верно: --param=xy, не верно: --param xy",
+        "custom_params_hint": "Верно: --param=xy, неверно: --param xy",
         "delete1": "Удаление из источника после завершения",
         "delete2": "Удаление писем по месту назначения, которые не находятся на исходном",
         "delete2duplicates": "Удаление дубликатов по назначению",
@@ -58,6 +59,7 @@
         "domain": "Домен",
         "domain_matches_hostname": "Домен %s соответствует имени хоста",
         "domain_quota_m": "Квота домена (MiB)",
+        "dry": "Имитировать синхронизацию",
         "enc_method": "Метод шифрования",
         "exclude": "Исключить объекты (regex)",
         "full_name": "Полное имя",
@@ -89,7 +91,7 @@
         "relay_all_info": "↪<small>Если вы решите <b>не</b> ретранслировать всех получателей, вам нужно будет добавить (\"слепой\") почтовый адрес для каждого получателя, которого следует ретранслировать.</small>",
         "relay_domain": "Ретрансляция этого домена",
         "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Инфо</div> Вы можете настроить собственный транспорт для домена. Если такой настройки нет, то доставка будет выполнена на основе MX записей.",
-        "relay_unknown_only": "Ретрансляция только не существующих почтовых ящиков. Почта к существующим почтовым ящикам будут доставляться локально.",
+        "relay_unknown_only": "Ретрансляция только несуществующих почтовых ящиков. Почта существующих почтовых ящиков будут доставляться локально.",
         "relayhost_wrapped_tls_info": "Пожалуйста <b>не</b> используйте TLS порты (в основном это 465 порт).<br>\r\nИспользуйте любой <b>не</b> TLS порт который поддерживает STARTTLS. А для защиты от downgrate атак - настройке принудительную политику TLS.",
         "select": "Пожалуйста, выберите...",
         "select_domain": "Пожалуйста, сначала выберите домен",
@@ -99,6 +101,7 @@
         "subscribeall": "Подписаться на все папки и подпапки",
         "syncjob": "Добавить задание синхронизации",
         "syncjob_hint": "Пароли к вашему аккаунту будут сохранены на сервере в виде простого текста!",
+        "tags": "Теги",
         "target_address": "Владельцы псевдонима",
         "target_address_info": "<small>Адреса почтовых ящиков, разделенные запятыми.</small>",
         "target_domain": "Целевой домен",
@@ -106,10 +109,7 @@
         "timeout2": "Тайм-аут для подключения к локальному хосту",
         "username": "Имя пользователя",
         "validate": "Проверить",
-        "validation_success": "Проверка прошла успешно",
-        "tags": "Теги",
-        "app_passwd_protocols": "Разрешенные протоколы для пароля приложения",
-        "dry": "Имитировать синхронизацию"
+        "validation_success": "Проверка прошла успешно"
     },
     "admin": {
         "access": "Настройки доступа",
@@ -135,6 +135,8 @@
         "admins": "Администраторы",
         "admins_ldap": "Администраторы LDAP",
         "advanced_settings": "Расширенные настройки",
+        "allowed_methods": "Access-Control-Allow-Methods",
+        "allowed_origins": "Access-Control-Allow-Origin",
         "api_allow_from": "Список IP-адресов для доступа к API (разделенных запятой или новой строкой)",
         "api_info": "API находится в стадии разработки. Документация находится по адресу <a href=\"/api\">/api</a>",
         "api_key": "Ключ API",
@@ -151,6 +153,8 @@
         "change_logo": "Изменить логотип",
         "configuration": "Глобальные настройки",
         "convert_html_to_text": "Сконвертировать HTML в обычный текст",
+        "copy_to_clipboard": "Текст скопирован в буфер обмена!",
+        "cors_settings": "Настройки CORS",
         "credentials_transport_warning": "<b>Предупреждение</b>: добавление новой записи перезапишет учетные данные для всех записей с таким же <i>следующим хостом</i>.",
         "customer_id": "ID клиента",
         "customize": "Персонализация",
@@ -179,10 +183,14 @@
         "empty": "Пусто",
         "excludes": "Исключает этих получателей",
         "f2b_ban_time": "Время бана (в секундах)",
+        "f2b_ban_time_increment": "Время бана увеличивается с каждым баном",
         "f2b_blacklist": "Черный список подсетей/хостов",
         "f2b_filter": "Правила фильтрации с помощью регулярных выражений",
         "f2b_list_info": "Хосты или подсети, занесенные в черный список, всегда будут перевешивать объекты из белого списка. <b>Обновление списка займет несколько секунд.</b>",
+        "f2b_manage_external": "Внешнее управление Fail2Ban",
+        "f2b_manage_external_info": "Fail2ban по-прежнему будет вести банлист, но не будет активно устанавливать правила для блокировки трафика. Используйте сгенерированный ниже банлист для внешнего блокирования трафика.",
         "f2b_max_attempts": "Максимальное количество попыток",
+        "f2b_max_ban_time": "Максимальное время блокировки",
         "f2b_netban_ipv4": "Размер подсети IPv4 для применения бана (8-32)",
         "f2b_netban_ipv6": "Размер подсети IPv6 для применения бана (8-128)",
         "f2b_parameters": "Настройки Fail2ban",
@@ -208,13 +216,18 @@
         "include_exclude": "Включить/Исключить",
         "include_exclude_info": "По умолчанию - без выбора - <b>все почтовые ящики</b> адресованы",
         "includes": "Включить этих получателей",
+        "ip_check": "Проверить IP",
+        "ip_check_disabled": "Проверка IP отключена. Вы можете включить его в разделе <br> <strong>Система > Конфигурация > Параметры > Персонализация</strong>.",
+        "ip_check_opt_in": "Согласие на использование сторонних служб <strong>ipv4.mailcow.email</strong> и <strong>ipv6.mailcow.email</strong> для разрешения внешних IP-адресов.",
         "is_mx_based": "На основе MX",
         "last_applied": "Посл. применение",
-        "license_info": "Лицензия не обязательна, но её приобретение помогает дальнейшему развитию mailcow.<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL order\">Зарегистрируйте свой GUID здесь</a> или <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Заказать поддержку\">приобретите поддержку для вашей установки mailcow.</a>",
+        "license_info": "Лицензия необязательна, но её приобретение помогает дальнейшему развитию mailcow.<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL order\">Зарегистрируйте свой GUID здесь</a> или <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Заказать поддержку\">приобретите поддержку для вашей установки mailcow.</a>",
         "link": "Ссылка",
         "loading": "Пожалуйста, подождите...",
         "login_time": "Время входа",
-        "logo_info": "Ваше изображение будет масштабироваться до высоты 40px для верхней панели навигации и до 250px ширины для стартовой страницы. <br>Рекомендуется использовать векторную графику, на пример: .svg.",
+        "logo_dark_label": "Инвертированный для темного режима",
+        "logo_info": "Ваше изображение будет масштабироваться до высоты 40px для верхней панели навигации и до 250px ширины для стартовой страницы. <br>Рекомендуется использовать векторную графику, например: .svg.",
+        "logo_normal_label": "Обычный",
         "lookup_mx": "Назначение на основе резовинга MX записи по регулярному выражению (<code>.*\\.example\\.com$</code> для маршрутизации всей почты через этот хост, если MX заканчивающийся на example.com)",
         "main_name": "Название для \"mailcow UI\"",
         "merged_vars_hint": "Серым цветом выделены строки полученные из <code>vars.(local.)inc.php</code>, они не могут быть изменены.",
@@ -225,15 +238,16 @@
         "no_active_bans": "В данный момент нет забаненных подсетей/хостов",
         "no_new_rows": "Нет доступных строк",
         "no_record": "Нет записей",
-        "oauth2_client_id": "ID клиента",
-        "oauth2_apps": "Приложения OAuth2",
         "oauth2_add_client": "Добавить клиента OAuth2",
+        "oauth2_apps": "Приложения OAuth2",
+        "oauth2_client_id": "ID клиента",
         "oauth2_client_secret": "Секретный ключ пользователя",
         "oauth2_info": "Реализация OAuth2 поддерживает предоставления кодов авторизации и выдает токены продления сессии.<br>\r\nСервер также автоматически выдает новый токен продления сессии, после того, как предыдущий был использован.<br><br>\r\n&#8226; Scope по умолчанию: <i>profile</i>. Только пользователи почтовых аккаунтов могут проходить аутентификацию через OAuth2. Если параметр области не указан, он возвращается к <i>profile</i>.<br>\r\n&#8226; Параметр <i>state</i> должен быть отправлен клиентом как часть запроса для авторизации.<br><br>\r\nПути для запросов OAuth2 API: <br>\r\n<ul>\r\n  <li>Authorization endpoint: <code>/oauth/authorize</code></li>\r\n  <li>Token endpoint: <code>/oauth/token</code></li>\r\n  <li>Resource page:  <code>/oauth/profile</code></li>\r\n</ul>\r\nГенерирование нового клиентского секрета не приводит к истечению существующих кодов авторизации, но они не смогут обновить свой токен.<br><br>\r\nОтзыв клиентских токенов приведет к немедленному прекращению всех активных сеансов. Все клиенты должны будут пройти повторную аутентификацию.",
         "oauth2_redirect_uri": "Переадресация URI",
         "oauth2_renew_secret": "Сгенерировать новый ключ клиента",
         "oauth2_revoke_tokens": "Отозвать все клиентские токены",
         "optional": "опционально",
+        "options": "Параметры",
         "password": "Пароль",
         "password_length": "Минимальная длина пароля",
         "password_policy": "Политика паролей",
@@ -243,6 +257,11 @@
         "password_policy_numbers": "Должен содержать цифру",
         "password_policy_special_chars": "Должны содержать специальный символ",
         "password_repeat": "Подтверждение пароля (повтор)",
+        "password_reset_info": "Если получатель не указан, использование данной функции недоступно.",
+        "password_reset_settings": "Параметры восстановления паролей",
+        "password_reset_tmpl_html": "Шаблон в виде HTML",
+        "password_reset_tmpl_text": "Шаблон в виде обычного текста",
+        "password_settings": "Параметры паролей",
         "priority": "Приоритет",
         "private_key": "Закрытый ключ",
         "quarantine": "Карантин",
@@ -250,7 +269,7 @@
         "quarantine_exclude_domains": "Исключить домены и псевдонимы доменов",
         "quarantine_max_age": "Максимальный период хранения в днях<br><small>Значение должно быть равно или больше 1 дня.</small>",
         "quarantine_max_score": "Не уведомлять о спаме, если оценка письма выше, чем:<br><small>По умолчанию 9999.0</small>",
-        "quarantine_max_size": "Максимальный размер в MiB (письма большего размера не будет сохранены):<br><small>0 означает, что карантин <b>отключён</b>.</small>",
+        "quarantine_max_size": "Максимальный размер в MiB (письма большего размера не будут сохранены):<br><small>0 означает, что карантин <b>отключён</b>.</small>",
         "quarantine_notification_html": "Шаблон уведомления:<br><small>Оставьте пустым, чтобы восстановить шаблон по умолчанию.</small>",
         "quarantine_notification_sender": "Email-адрес для отправки уведомления",
         "quarantine_notification_subject": "Тема письма",
@@ -259,6 +278,7 @@
         "quarantine_release_format_att": "Как вложение",
         "quarantine_release_format_raw": "Оригинальное письмо",
         "quarantine_retention_size": "Количество писем, сохраняемых в карантине на аккаунт:<br><small>0 означает, что карантин <b>отключён</b>.</small>",
+        "queue_unban": "разблокировать",
         "quota_notification_html": "Шаблон уведомления:<br><small>Оставьте пустым, чтобы восстановить шаблон по умолчанию.</small>",
         "quota_notification_sender": "Email-адрес для отправки уведомления",
         "quota_notification_subject": "Тема письма",
@@ -267,7 +287,7 @@
         "quota_notifications_vars": "{{percent}} равно текущей квоте пользователя<br>{{username}} - имя почтового аккаунта",
         "r_active": "Включенные ограничения",
         "r_inactive": "Отключенные ограничения",
-        "r_info": "Не активные (серые) элементы списка ограничений - это не валидные ограничения, и они не могут быть перемещены. <br>Вы можете добавить новые элементы в <code>inc/vars.local.inc.php</code> чтобы иметь возможность настраивать их.",
+        "r_info": "Неактивные (серые) элементы списка ограничений - это некорректные ограничения, и они не могут быть перемещены. <br>Вы можете добавить новые элементы в <code>inc/vars.local.inc.php</code> чтобы иметь возможность настраивать их.",
         "rate_name": "Название очереди",
         "recipients": "Получатели",
         "refresh": "Обновить",
@@ -282,6 +302,8 @@
         "remove_row": "Удалить строку",
         "reset_default": "Восстановить по умолчанию",
         "reset_limit": "Удалить хэш",
+        "reset_password_vars": "<code>{{link}}</code> Сгенерированная ссылка для восстановление пароля<br><code>{{username}}</code> Имя почтового ящика пользователя, запросившего восстановление пароля<br><code>{{username2}}</code> Имя почтового ящика для восстановления<br><code>{{date}}</code> Дата запроса на восстановление пароля<br><code>{{token_lifetime}}</code> Срок действия токена в минутах<br><code>{{hostname}}</code> Имя хоста mailcow",
+        "restore_template": "Оставьте пустым, чтобы восстановить шаблон по умолчанию.",
         "routing": "Маршрутизация",
         "rsetting_add_rule": "Добавить правило",
         "rsetting_content": "Содержание правила",
@@ -290,14 +312,14 @@
         "rsetting_none": "Нет доступных правил",
         "rsettings_insert_preset": "Вставить пример \"%s\"",
         "rsettings_preset_1": "Отключить все, кроме DKIM и ограничения скорости для аутентифицированных пользователей",
-        "rsettings_preset_2": "Не проверять письма на спам Postmaster",
+        "rsettings_preset_2": "Не проверять письма Postmaster на спам",
         "rsettings_preset_3": "Разрешить только определённых отправителей для почтового ящика (использование только в качестве внутреннего почтового ящика)",
         "rsettings_preset_4": "Отключить Rspamd для домена",
         "rspamd_com_settings": "Имена правил будут сгенерированы на основе их ID.<br> Инструкция доступна на сайте <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">документация Rspamd user settings</a>, заготовленные шаблоны:",
         "rspamd_global_filters": "Глобальные правила фильтрации",
         "rspamd_global_filters_agree": "Я понимаю, что я делаю, и буду осторожен!",
         "rspamd_global_filters_info": "Глобальные правила фильтрации содержат различные виды глобальных черных и белых списков.",
-        "rspamd_global_filters_regex": "Названия фильтров отражают их предназначение. Все правила должены состоять из регулярных выражений в формате \"/pattern/options\" (на пример: <code>/.+@domain\\.tld/i</code>).<br>\r\nНесмотря на то, что перед сохранением правил выполняется проверка регулярных выражений, функциональность Rspamds может быть нарушена, если будет использован<br>\r\n некорректный синтаксис. Будьте внимательны при написании правил.<br>Электронные письма от адресов электронной почты, проходящие по регулярным выражениям черных списков, будут отклонены без сохранения в карантин.<br>\r\n Rspamd попытается прочитать содержимое правил при их изменении. Но, если что, вы можете <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">перезапустить Rspamd</a>, чтобы принять последние изменения принудительно.",
+        "rspamd_global_filters_regex": "Названия фильтров отражают их предназначение. Все правила должены состоять из регулярных выражений в формате \"/pattern/options\" (например: <code>/.+@domain\\.tld/i</code>).<br>\r\nНесмотря на то, что перед сохранением правил выполняется проверка регулярных выражений, функциональность Rspamds может быть нарушена, если будет использован<br>\r\n некорректный синтаксис. Будьте внимательны при написании правил.<br>Электронные письма от адресов электронной почты, проходящие по регулярным выражениям черных списков, будут отклонены без сохранения в карантин.<br>\r\n Rspamd попытается прочитать содержимое правил при их изменении. Но, если что, вы можете <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">перезапустить Rspamd</a>, чтобы принять последние изменения принудительно.",
         "rspamd_settings_map": "Правила Rspamd",
         "sal_level": "Уровень Муу",
         "save": "Сохранить изменения",
@@ -337,19 +359,7 @@
         "username": "Имя пользователя",
         "validate_license_now": "Получить лицензию на основе GUID с сервера лицензий",
         "verify": "Проверить",
-        "yes": "&#10003;",
-        "queue_unban": "разблокировать",
-        "f2b_ban_time_increment": "Время бана увеличивается с каждым баном",
-        "f2b_max_ban_time": "Максимальное время блокировки",
-        "allowed_origins": "Access-Control-Allow-Origin",
-        "cors_settings": "Настройки CORS",
-        "allowed_methods": "Access-Control-Allow-Methods",
-        "ip_check": "Проверить IP",
-        "ip_check_disabled": "Проверка IP отключена. Вы можете включить его в разделе <br> <strong>Система > Конфигурация > Параметры > Настроить</strong>.",
-        "ip_check_opt_in": "Согласие на использование сторонних служб <strong>ipv4.mailcow.email</strong> и <strong>ipv6.mailcow.email</strong> для разрешения внешних IP-адресов.",
-        "f2b_manage_external": "Внешнее управление Fail2Ban",
-        "f2b_manage_external_info": "Fail2ban по-прежнему будет вести банлист, но не будет активно устанавливать правила для блокировки трафика. Используйте сгенерированный ниже банлист для внешнего блокирования трафика.",
-        "copy_to_clipboard": "Текст скопирован в буфер обмена!"
+        "yes": "&#10003;"
     },
     "danger": {
         "access_denied": "Доступ запрещён, или указаны неверные данные",
@@ -365,7 +375,10 @@
         "bcc_exists": "Для типов %s уже существует карта BCC %s",
         "bcc_must_be_email": "Назначение BCC %s не является правильным адресом электронной почты",
         "comment_too_long": "Комментарий слишком длинный, придел 160 символов",
+        "cors_invalid_method": "Указан недопустимый метод разрешения",
+        "cors_invalid_origin": "Указан неверный Allow-Origin",
         "defquota_empty": "Квота по умолчанию не может быть 0.",
+        "demo_mode_enabled": "Демонстрационный режим включен",
         "description_invalid": "Недопустимое описание ресурса %s",
         "dkim_domain_or_sel_exists": "Ключ DKIM для \"%s\" уже существует",
         "dkim_domain_or_sel_invalid": "DKIM домен или селектор недопустимы для %s",
@@ -375,20 +388,23 @@
         "domain_not_empty": "Нельзя удалить непустой домен %s",
         "domain_not_found": "Домен %s не найден",
         "domain_quota_m_in_use": "Квота домена должна быть больше или равна %s MiB",
-        "extra_acl_invalid": "Адрес внешнего отправителя \"%s\" не валидный.",
-        "extra_acl_invalid_domain": "Адрес внешнего отправителя \"%s\" не валидный домен",
+        "extended_sender_acl_denied": "отсутствует ACL для установки внешних адресов отправителей",
+        "extra_acl_invalid": "Адрес внешнего отправителя \"%s\" некорректен",
+        "extra_acl_invalid_domain": "Адрес внешнего отправителя \"%s\" содержит некорректный домен",
         "fido2_verification_failed": "Ошибка валидации FIDO2: %s",
         "file_open_error": "Файл не может быть открыт на запись",
         "filter_type": "Неверный тип фильтра",
         "from_invalid": "Отправитель не может быть пустым",
         "global_filter_write_error": "Ошибка записи фильтра в файл: %s",
-        "global_map_invalid": "Идентификатор глобального правила %s не валидный",
+        "global_map_invalid": "Недопустимый идентификатор глобального правила %s",
         "global_map_write_error": "Не удалось создать глобальное правило ID %s: %s",
-        "goto_empty": "Псевдоним должен содержать по крайней мере один валидный адрес владельца",
+        "goto_empty": "Псевдоним должен содержать по крайней мере один действующий адрес владельца",
         "goto_invalid": "Недопустимый основной адрес %s",
         "ham_learn_error": "Ошибка при обучении полезной почты: %s",
         "imagick_exception": "Ошибка в Imagick при чтении изображения",
+        "img_dimensions_exceeded": "Разрешение изображения превышает допустимое значение",
         "img_invalid": "Невозможно проверить файл изображения",
+        "img_size_exceeded": "Изображение превышает допустимый размер файла",
         "img_tmp_missing": "Невозможно проверить файл изображения: временный файл не найден",
         "invalid_bcc_map_type": "Неверный тип правила BCC",
         "invalid_destination": "Назначение \"%s\" указано неверно",
@@ -397,8 +413,9 @@
         "invalid_mime_type": "Неверный mime type",
         "invalid_nexthop": "Формат следующего хоста неверен",
         "invalid_nexthop_authenticated": "Следующий хост существует с разными данными авторизации, пожалуйста, обновите существующие данные авторизации сначала для этого хоста.",
-        "invalid_recipient_map_new": "Новый получатель: %s не валидный",
-        "invalid_recipient_map_old": "Первоначальный получатель: %s не валидный",
+        "invalid_recipient_map_new": "Недопустимый новый получатель: %s",
+        "invalid_recipient_map_old": "Недопустимый исходный получатель: %s",
+        "invalid_reset_token": "Неверный токен восстановления",
         "ip_list_empty": "Список разрешенных IP адресов не может быть пустым",
         "is_alias": "%s уже известен как псевдоним адреса",
         "is_alias_or_mailbox": "%s уже известен как псевдоним или почтовый аккаунт",
@@ -418,7 +435,7 @@
         "max_quota_in_use": "Квота почтового аккаунта должна быть больше или равна %d MiB",
         "maxquota_empty": "Максимальная квота почтового аккаунта не должна быть 0.",
         "mysql_error": "Ошибка в MySQL: %s",
-        "network_host_invalid": "Сеть или хост: %s не валидный",
+        "network_host_invalid": "Недопустимые сеть или хост: %s",
         "next_hop_interferes": "%s пересекается с %s",
         "next_hop_interferes_any": "Существующий хост пересекается с %s",
         "nginx_reload_failed": "Обновление конфигурации Nginx не удалось: %s",
@@ -428,6 +445,8 @@
         "password_complexity": "Пароль не соответствует требованиям",
         "password_empty": "Пароль не может быть пустым",
         "password_mismatch": "Введенные пароли не совпадают",
+        "password_reset_invalid_user": "Почтовый ящик не найден или не задан адрес электронной почты для восстановления",
+        "password_reset_na": "Восстановление пароля в настоящее время недоступно. Пожалуйста, свяжитесь с вашим администратором.",
         "policy_list_from_exists": "Запись с указанным именем уже существует",
         "policy_list_from_invalid": "Запись имеет недопустимый формат",
         "private_key_error": "Ошибка приватного ключа: %s",
@@ -436,17 +455,19 @@
         "pushover_token": "Токен Pushover указан в неверном формате",
         "quota_not_0_not_numeric": "Размер квоты должен быть больше или равен нулю",
         "recipient_map_entry_exists": "Правило перезаписи \"%s\" уже существует",
+        "recovery_email_failed": "Не удалось отправить письмо для восстановления. Пожалуйста, свяжитесь с вашим администратором.",
         "redis_error": "Ошибка в Redis: %s",
-        "relayhost_invalid": "Правило %s не валидное",
+        "relayhost_invalid": "Недопустимое правило %s",
         "release_send_failed": "Сообщение не может быть восстановлено: %s",
         "reset_f2b_regex": "Сброс фильтров не был выполнен за отведённый промежуток времени, пожалуйста, повторите попытку или подождите еще несколько секунд и перезагрузите веб страницу.",
+        "reset_token_limit_exceeded": "Превышен лимит запросов на восстановление. Пожалуйста, попробуйте ещё раз позже.",
         "resource_invalid": "Недопустимое имя ресурса",
         "rl_timeframe": "Не верный временной интервал для лимита отправки",
         "rspamd_ui_pw_length": "Длина пароля должна составлять не менее 6 символов для Rspamd UI",
         "script_empty": "Скрипт не может быть пустым",
         "sender_acl_invalid": "Недопустимое значение ACL для: %s",
         "set_acl_failed": "Не удалось установить ACL",
-        "settings_map_invalid": "Правило ID: %s не валидное",
+        "settings_map_invalid": "Недопустимое правило ID %s",
         "sieve_error": "Ошибка в синтаксисе Sieve: %s",
         "spam_learn_error": "Ошибка при обучении спам фильтра: %s",
         "subject_empty": "Тема письма не может быть пустой",
@@ -454,34 +475,57 @@
         "targetd_not_found": "Основной домен %s не найден",
         "targetd_relay_domain": "Целевой домен %s уже является домен ретрансляции",
         "temp_error": "Временная ошибка",
-        "text_empty": "Текст не должен быть пустым",
+        "template_exists": "Шаблон %s уже существует",
+        "template_id_invalid": "Недопустимое значение ID шаблона: %s",
+        "template_name_invalid": "Недопустимое название шаблона",
+        "text_empty": "Текст не может быть пустым",
         "tfa_token_invalid": "Неправильный TFA токен",
         "tls_policy_map_dest_invalid": "Недопустимое значение назначения политики",
         "tls_policy_map_entry_exists": "Правило политики шифрования \"%s\" уже существует",
         "tls_policy_map_parameter_invalid": "Недопустимое значение параметра политики",
+        "to_invalid": "Получатель не может быть пустым",
         "totp_verification_failed": "Ошибка валидации TOTP",
         "transport_dest_exists": "Назначение для отправки \"%s\" уже существует",
-        "webauthn_verification_failed": "Ошибка валидации WebAuthn: %s",
         "unknown": "Произошла неизвестная ошибка",
         "unknown_tfa_method": "Неизвестный метод TFA",
         "unlimited_quota_acl": "Неограниченная квота запрещена политикой доступа",
         "username_invalid": "Имя пользователя %s нельзя использовать",
         "validity_missing": "Пожалуйста, назначьте срок действия",
         "value_missing": "Пожалуйста заполните все поля",
-        "yotp_verification_failed": "Ошибка валидации Yubico OTP: %s",
-        "cors_invalid_method": "Указан недопустимый метод разрешения",
-        "demo_mode_enabled": "Демонстрационный режим включен",
-        "cors_invalid_origin": "Указан неверный Allow-Origin"
+        "webauthn_authenticator_failed": "Выбранный аутентификатор не был найден",
+        "webauthn_publickey_failed": "Для выбранного аутентификатора не был сохранен открытый ключ",
+        "webauthn_username_failed": "Выбранный аутентификатор принадлежит другой учетной записи",
+        "webauthn_verification_failed": "Ошибка валидации WebAuthn: %s",
+        "yotp_verification_failed": "Ошибка валидации Yubico OTP: %s"
+    },
+    "datatables": {
+        "collapse_all": "Свернуть все",
+        "decimal": ",",
+        "emptyTable": "В таблице отсутствуют данные",
+        "expand_all": "Развернуть все",
+        "info": "Показаны записи с _START_ по _END_ из _TOTAL_",
+        "infoEmpty": "Показано 0 записей",
+        "infoFiltered": "(отфильтровано из _MAX_ всех записей)",
+        "infoPostFix": "",
+        "lengthMenu": "Показать _MENU_ записей",
+        "loadingRecords": "Загрузка...",
+        "processing": "Пожалуйста, подождите...",
+        "search": "Поиск:",
+        "thousands": " ",
+        "zeroRecords": "Не найдено соответствующих записей"
     },
     "debug": {
+        "architecture": "Архитектура",
         "chart_this_server": "Диаграмма (текущий сервер)",
-        "containers_info": "Статус контейнеров Docker",
-        "container_running": "Работающий",
         "container_disabled": "Контейнер остановлен или отключен",
+        "container_running": "Работающий",
         "container_stopped": "Остановлен",
+        "containers_info": "Статус контейнеров Docker",
+        "cores": "яд.",
         "current_time": "Системное время",
         "disk_usage": "Использование дискового пространства",
         "docs": "Проиндексировано объектов",
+        "error_show_ip": "Не удалось определить публичные IP-адреса",
         "external_logs": "Внешние журналы",
         "history_all_servers": "История (все серверы)",
         "in_memory_logs": "Журналы контейнеров",
@@ -490,9 +534,12 @@
         "log_info": "<p><b>Журналы контейнеров</b> mailcow сохраняются в Redis, и раз в минуту строки журнала за пределами <code>LOG_LINES (%d)</code> удаляются, чтобы уменьшить нагрузку на сервер.\r\n  <br>Сами журналы контейнеров не сохраняются после перезагрузки контейнера. Все контейнеры дополнительно пишут логи в службу Docker, и, следовательно, используют драйвер логирования по умолчанию. Журналы контейнеров предусмотрены только для отладки мелких проблем. Для других задач, пожалуйста, настройте драйвер логирования Docker самостоятельно.</p>\r\n  <p><b>Внешние журналы</b> собираются через API приложений.</p>\r\n  <p><b>Статические журналы</b> &ndash; это, в основном, журналы активности, которые не записываются в Dockerd, но все равно должны быть постоянными (за исключением журналов API).</p>",
         "login_time": "Время входа",
         "logs": "Журналы",
+        "memory": "Память",
+        "no_update_available": "Система обновлена до последней версии",
         "online_users": "Подключено пользователей",
         "restart_container": "Перезапустить",
         "service": "Сервис",
+        "show_ip": "Показать публичные IP-адреса",
         "size": "Индексы занимают",
         "solr_dead": "Solr не запущен. Если вы включили Solf в файле настроек <code>mailcow.conf</code> и это сообщение отображается более получаса, скорее всего Solr сломан.",
         "solr_status": "Состояние Solr",
@@ -500,10 +547,13 @@
         "started_on": "Запущен в",
         "static_logs": "Статические журналы",
         "success": "Успех",
-        "no_update_available": "Система обновлена до последней версии",
         "system_containers": "Система и контейнеры",
+        "timezone": "Часовой пояс",
+        "update_available": "Доступно обновление",
+        "update_failed": "Не удалось проверить наличие обновлений",
         "uptime": "Время работы",
-        "username": "Имя пользователя"
+        "username": "Имя пользователя",
+        "wip": "В настоящее время идёт разработка"
     },
     "diagnostics": {
         "cname_from_a": "Значение, полученное из записи A/AAAA. Это поддерживается до тех пор, пока запись указывает на правильный ресурс.",
@@ -514,7 +564,7 @@
         "dns_records_name": "Название",
         "dns_records_status": "Статус",
         "dns_records_type": "Тип",
-        "optional": "Эта запись не обязательна."
+        "optional": "Эта запись необязательна."
     },
     "edit": {
         "acl": "ACL (Список прав)",
@@ -527,6 +577,7 @@
         "allowed_protocols": "Разрешённые протоколы",
         "app_name": "Название приложения",
         "app_passwd": "Пароль приложения",
+        "app_passwd_protocols": "Разрешенные протоколы для пароля приложения",
         "automap": "Автоматическое слияние папок (\"Sent items\", \"Sent\" => \"Sent\" etc.)",
         "backup_mx_options": "Параметры резервного копирования MX",
         "bcc_dest_format": "Назначением для правила BCC должен быть единственный действительный адрес электронной почты.",
@@ -534,6 +585,7 @@
         "client_secret": "Секретный ключ пользователя",
         "comment_info": "Приватный комментарий не виден пользователям, а публичный - отображается рядом с псевдонимом в личном кабинете пользователя",
         "created_on": "Дата создания",
+        "custom_attributes": "Пользовательские атрибуты",
         "delete1": "Удаление из источника после завершения",
         "delete2": "Удаление писем по месту назначения, которые не находятся на исходном",
         "delete2duplicates": "Удаление дубликатов по назначению",
@@ -542,6 +594,19 @@
         "disable_login": "Вход в систему запрещен",
         "domain": "Изменение домена",
         "domain_admin": "Изменение администратора домена",
+        "domain_footer": "Нижний колонтитул домена",
+        "domain_footer_html": "HTML нижний колонтитул",
+        "domain_footer_info": "Нижние колонтитулы на уровне домена добавляются ко всем исходящим электронным письмам, связанным с адресом в этом домене. <br> Для нижнего колонтитула можно использовать следующие переменные:",
+        "domain_footer_info_vars": {
+            "auth_user": "{= auth_user =} - Аутентифицированное имя пользователя, указанное MTA",
+            "custom": "{= foo =}         - Если почтовый ящик имеет пользовательский атрибут \"foo\" со значением \"bar\", он возвращает \"bar\".",
+            "from_addr": "{= from_addr =} - Из адресной части envelope",
+            "from_domain": "{= from_domain =} - из доменной части envelope",
+            "from_name": "{= from_name =} - Из названия envelope, например, для \"Mailcow &lt;moo@mailcow.tld&gt;\" возвращается \"Mailcow\"",
+            "from_user": "{= from_user =} - Из пользовательской части envelope, например, для \"moo@mailcow.tld\" возвращается \"moo\""
+        },
+        "domain_footer_plain": "ПРОСТОЙ нижний колонтитул",
+        "domain_footer_skip_replies": "Ignore footer on reply e-mails",
         "domain_quota": "Квота домена",
         "domains": "Домены",
         "dont_check_sender_acl": "Отключить проверку отправителя для домена %s и псевдонимов домена",
@@ -550,9 +615,9 @@
         "exclude": "Исключить объекты (regex)",
         "extended_sender_acl": "Внешние адреса почты",
         "extended_sender_acl_info": "Для внешних доменов должен быть импортирован или сгенерирован доменный ключ DKIM с соответствующей записью TXT в домене, если внешний домен использует DMARC.<br>\r\n  Не забудьте добавить этот сервер к соответствующей записи SPF TXT внешнего домена.<br>\r\n  Добавление домена из списка внешних адресов в mailcow автоматически удалит соответствующие записи из внешних адресов пользователей.<br>\r\n  Чтобы разрешить пользователю отправку от имени *@domain.tld, укажите @domain.tld.",
+        "footer_exclude": "Исключить из нижнего колонтитула",
         "force_pw_update": "Требовать смены пароля при следующем входе в систему",
         "force_pw_update_info": "Пользователь должен будет войти в %s и сменить свой пароль. mailcow OAuth2, SOGo, EAS, IMAP/POP3 и SMTP будут не доступны до смены пароля.",
-        "footer_exclude": "Исключить из нижнего колонтитула",
         "full_name": "Полное имя",
         "gal": "GAL - Глобальная адресная книга",
         "gal_info": "GAL содержит все объекты домена и не подлежит редактированию. Информация о занятости в SOGo будет отсутствовать для домена, если данная функция будет отключена! <b>Требуется перезапустить SOGo, чтобы применить изменения.</b>",
@@ -566,6 +631,11 @@
         "mailbox": "Изменение почтового аккаунта",
         "mailbox_quota_def": "Квота по умолчанию",
         "mailbox_relayhost_info": "Применяется только к почтовому ящику и личным псевдонимам, вне зависимости от настроек маршрутизации на уровне домена.",
+        "mailbox_rename": "Переименовать почтовый ящик",
+        "mailbox_rename_agree": "Я сделал резервную копию.",
+        "mailbox_rename_alias": "Автоматически создать псевдоним",
+        "mailbox_rename_title": "Новое имя локального почтового ящика",
+        "mailbox_rename_warning": "ВАЖНО! Перед переименованием почтового ящика создайте резервную копию.",
         "max_aliases": "Максимум псевдонимов",
         "max_mailboxes": "Максимум почтовых ящиков",
         "max_quota": "Максимальная квота почтового аккаунта (MiB)",
@@ -574,9 +644,10 @@
         "mbox_rl_info": "Этот лимит применяется к SASL логину пользователя и соответствует любому адресу отправителя, используемому зарегистрированным пользователем. Лимит скорости почтового аккаунта перекрывает лимит скорости для всего домена.",
         "mins_interval": "Интервал (в минутах)",
         "multiple_bookings": "Несколько бронирований",
-        "none_inherit": "Отсутствует / Наследуется",
         "nexthop": "Следующий хост",
+        "none_inherit": "Отсутствует / Наследуется",
         "password": "Пароль",
+        "password_recovery_email": "Адрес для восстановления пароля",
         "password_repeat": "Подтверждение пароля (повтор)",
         "previous": "Предыдущая страница",
         "private_comment": "Приватный комментарий",
@@ -587,6 +658,7 @@
         "pushover_only_x_prio": "Получать уведомления только об письмах с высоким приоритетом [<code>X-Priority: 1</code>]",
         "pushover_sender_array": "Получать уведомления от списка адресов электронной почты <small>(envelop-from разделенные запятыми)</small>:",
         "pushover_sender_regex": "Получать уведомления от отправителей, удовлетворяющих regex-выражению:",
+        "pushover_sound": "Звук уведомления",
         "pushover_text": "Текст уведомления",
         "pushover_title": "Заголовок уведомления",
         "pushover_vars": "Когда фильтрация по отправителю не определена, уведомления будут доставлятся от всех отправителей.<br>Можно использовать обычный фильтр по отправителю и расширенный regex-фильтр, а также оба сразу.<br>Пожалуйста, ознакомьтесь с <a href=\"https://pushover.net/privacy\">Pushover Privacy Policy</a> перед использованием шаблонов для текста и заголовка",
@@ -600,7 +672,7 @@
         "relay_all_info": "↪<small>Если вы решите <b>не</b> ретранслировать всех получателей, вам нужно будет добавить (\"слепой\") почтовый аккаунт для каждого получателя, которого следует ретранслировать.</small>",
         "relay_domain": "Ретрансляция этого домена",
         "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Инфо</div> Вы можете настроить собственный транспорт для домена. Если такой настройки нет, то доставка будет выполнена на основе MX записей.",
-        "relay_unknown_only": "Ретрансляция только не существующих почтовых ящиков. Почта к существующим почтовым ящикам будут доставляться локально.",
+        "relay_unknown_only": "Ретрансляция только несуществующих почтовых ящиков. Почта к существующим почтовым ящикам будут доставляться локально.",
         "relayhost": "Маршрутизация на основе отправителя",
         "remove": "Удалить",
         "resource": "Ресурс",
@@ -612,6 +684,8 @@
         "sieve_desc": "Краткое описание",
         "sieve_type": "Тип фильтра",
         "skipcrossduplicates": "Пропускать повторяющиеся сообщения в папках",
+        "sogo_access": "Предоставить прямой доступ к SOGo",
+        "sogo_access_info": "Единый вход из интерфейса почты продолжает работать. Эта настройка не влияет на доступ ко всем другим службам, а также не удаляет или изменяет существующий профиль пользователя SOGo.",
         "sogo_visible": "Отображать псевдоним в SOGo",
         "sogo_visible_info": "Влияет только на объекты, которые могут отображаться в SOGo (персональные или общие псевдонимы, указывающие как минимум на один локальный почтовый аккаунт). Учтите, что если функция отключена, у пользователей не будет возможности выбрать адрес псевдонима в качестве отправителя в SOGo.",
         "spam_alias": "Создать или изменить временные (спам) псевдонимы",
@@ -627,22 +701,7 @@
         "title": "Изменение объекта",
         "unchanged_if_empty": "Если без изменений - оставьте пустым",
         "username": "Имя пользователя",
-        "validate_save": "Подтвердить и сохранить",
-        "sogo_access_info": "Единый вход из интерфейса почты продолжает работать. Эта настройка не влияет на доступ ко всем другим службам, а также не удаляет или изменяет существующий профиль пользователя SOGo.",
-        "app_passwd_protocols": "Разрешенные протоколы для пароля приложения",
-        "domain_footer_info": "Нижние колонтитулы на уровне домена добавляются ко всем исходящим электронным письмам, связанным с адресом в этом домене. <br> Для нижнего колонтитула можно использовать следующие переменные:",
-        "domain_footer_info_vars": {
-            "from_name": "{= from_name =} - Из названия envelope, например, для \"Mailcow &lt;moo@mailcow.tld&gt;\" возвращается \"Mailcow\"",
-            "auth_user": "{= auth_user =} - Аутентифицированное имя пользователя, указанное MTA",
-            "from_user": "{= from_user =} - Из пользовательской части envelope, например, для \"moo@mailcow.tld\" возвращается \"moo\"",
-            "from_addr": "{= from_addr =} - Из адресной части envelope",
-            "from_domain": "{= from_domain =} - из доменной части envelope",
-            "custom": "{= foo =}         - Если почтовый ящик имеет пользовательский атрибут \"foo\" со значением \"bar\", он возвращает \"bar\"."
-        },
-        "domain_footer": "Нижний колонтитул домена",
-        "domain_footer_html": "HTML нижний колонтитул",
-        "domain_footer_plain": "ПРОСТОЙ нижний колонтитул",
-        "custom_attributes": "Пользовательские атрибуты"
+        "validate_save": "Подтвердить и сохранить"
     },
     "fido2": {
         "confirm": "Подтвердить",
@@ -679,8 +738,8 @@
         "apps": "Приложения",
         "debug": "Состояние сервера",
         "email": "E-Mail",
-        "mailcow_system": "Система",
         "mailcow_config": "Конфигурация",
+        "mailcow_system": "Система",
         "quarantine": "Карантин",
         "restart_netfilter": "Перезапустить netfilter",
         "restart_sogo": "Перезапустить SOGo",
@@ -692,12 +751,19 @@
         "session_expires": "Ваш сеанс закончится примерно через 15 секунд"
     },
     "login": {
+        "back_to_mailcow": "Вернуться к mailcow",
         "delayed": "Вход был отложен на %s секунд.",
         "fido2_webauthn": "FIDO2/WebAuthn Login",
+        "forgot_password": "> Забыли пароль?",
+        "invalid_pass_reset_token": "Токен восстановления пароля недействителен или срок его действия истек.<br>Пожалуйста, запросите новую ссылку для восстановления пароля.",
         "login": "Войти",
         "mobileconfig_info": "Пожалуйста, войдите в систему как пользователь почтового аккаунта для загрузки профиля подключения Apple.",
+        "new_password": "Новый пароль",
+        "new_password_confirm": "Повторите новый пароль",
         "other_logins": "Вход с помощью ключа",
         "password": "Пароль",
+        "request_reset_password": "Запросить восстановление пароля",
+        "reset_password": "Восстановление пароля",
         "username": "Имя пользователя"
     },
     "mailbox": {
@@ -715,6 +781,7 @@
         "add_mailbox": "Добавить почтовый аккаунт",
         "add_recipient_map_entry": "Добавить перезапись получателя",
         "add_resource": "Добавить ресурс",
+        "add_template": "Добавить шаблон",
         "add_tls_policy_map": "Добавить политику TLS",
         "address_rewriting": "Перезапись адресов",
         "alias": "Псевдоним",
@@ -739,12 +806,12 @@
         "bcc_to_rcpt": "Переключиться на тип \"получатель\"",
         "bcc_to_sender": "Переключиться на тип \"отправитель\"",
         "bcc_type": "Тип BCC",
-        "booking_null": "Всегда показывать как свободный",
         "booking_0_short": "Всегда свободнен",
         "booking_custom": "Лимит на количество бронирований",
         "booking_custom_short": "Жесткий лимит",
-        "booking_ltnull": "Неограниченный, занят при бронировании",
         "booking_lt0_short": "Неограниченный лимит",
+        "booking_ltnull": "Неограниченный, занят при бронировании",
+        "booking_null": "Всегда показывать как свободный",
         "catch_all": "Catch-all",
         "created_on": "Дата создания",
         "daily": "Раз в день",
@@ -759,6 +826,7 @@
         "domain_aliases": "Псевдонимы доменов",
         "domain_quota": "Квота",
         "domain_quota_total": "Квота домена",
+        "domain_templates": "Шаблоны доменов",
         "domains": "Домены",
         "edit": "Изменить",
         "empty": "Пусто",
@@ -786,6 +854,7 @@
         "mailbox_defaults_info": "Установите настройки по умолчанию для новых почтовых аккаунтов.",
         "mailbox_defquota": "Квота по умолчанию",
         "mailbox_quota": "Макс. квота почт. ящика",
+        "mailbox_templates": "Шаблоны почтовых ящиков",
         "mailboxes": "Почтовые ящики",
         "max_aliases": "Максимум псевдонимов",
         "max_mailboxes": "Максимум почтовых ящиков",
@@ -813,16 +882,17 @@
         "recipient_map_new": "Перезапись на",
         "recipient_map_new_info": "Должен быть действующим почтовым ящиком.",
         "recipient_map_old": "Получатель",
-        "recipient_map_old_info": "Должен быть валидный почтовым ящиком или доменом.",
+        "recipient_map_old_info": "Должен быть действующим почтовым ящиком или доменом.",
         "recipient_maps": "Перезапись получателя",
         "relay_all": "Ретрансляция всех получателей",
+        "relay_unknown": "Ретрансляция неизвестных получателей",
         "remove": "Удалить",
         "resources": "Ресурсы",
         "running": "В процессе",
         "sender": "Отправитель",
         "set_postfilter": "Использовать как постфильтр",
         "set_prefilter": "Использовать как предварительный фильтр",
-        "sieve_info": "Вы можете сохранить несколько фильтров для каждого пользователя, но только один предварительный фильтр и один постфильтр могут быть активными одновременно.<br>\r\n Каждый фильтр будет обработан в описанном порядке. Не сломанный скрипт, не <code>keep;</code> не остановит обработку дальнейших скриптов.<br><br>Global sieve prefilter &#8226; Prefilter &#8226; User scripts &#8226; Postfilter &#8226; Global sieve postfilter",
+        "sieve_info": "Вы можете сохранить несколько фильтров для каждого пользователя, но только один предварительный фильтр и один постфильтр могут быть активными одновременно.<br>\r\n Каждый фильтр будет обработан в описанном порядке. Ни сломанный скрипт, ни <code>keep;</code> не остановит обработку дальнейших скриптов.<br><br>Global sieve prefilter &#8226; Prefilter &#8226; User scripts &#8226; Postfilter &#8226; Global sieve postfilter",
         "sieve_preset_1": "Discard mail with probable dangerous file types",
         "sieve_preset_2": "Always mark the e-mail of a specific sender as seen",
         "sieve_preset_3": "Discard silently, stop all further sieve processing",
@@ -839,25 +909,27 @@
         "stats": "Статистика",
         "status": "Статус",
         "sync_jobs": "Задания синхронизации",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Ошибка авторизации",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Неправильное имя пользователя или пароль",
+        "syncjob_EXIT_CONNECTION_FAILURE": "Ошибка связи с сервером",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Не удалось подключиться к удаленному серверу",
+        "syncjob_EXIT_OVERQUOTA": "Целевой почтовый ящик превысил квоту",
+        "syncjob_EXIT_TLS_FAILURE": "Ошибка установки шифрованного соединения",
+        "syncjob_EX_OK": "Успешно",
         "syncjob_check_log": "Проверить журнал",
         "syncjob_last_run_result": "Результат последнего запуска",
-        "syncjob_EX_OK": "Успешно",
-        "syncjob_EXIT_CONNECTION_FAILURE": "Ошибка связи с сервером",
-        "syncjob_EXIT_TLS_FAILURE": "Ошибка установки шифрованного соединения",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Ошибка авторизации",
-        "syncjob_EXIT_OVERQUOTA": "Целевой почтовый ящик превысил квоту",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Не удалось подключиться к удаленному серверу",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Неправильное имя пользователя или пароль",
         "table_size": "Размер таблицы",
         "table_size_show_n": "Отображать %s полей",
         "target_address": "Владельцы псевдонима",
         "target_domain": "Целевой домен",
+        "template": "Шаблон",
+        "templates": "Шаблоны",
         "tls_enforce_in": "Принудительный TLS (входящие)",
         "tls_enforce_out": "Принудительный TLS (исходящие)",
         "tls_map_dest": "Назначение",
         "tls_map_dest_info": "пример: example.org, .example.org, [mail.example.org]:25",
         "tls_map_parameters": "Параметры",
-        "tls_map_parameters_info": "Оставьте поле пустым или укажите параметры, на пример: protocols=!SSLv2 ciphers=medium exclude=3DES",
+        "tls_map_parameters_info": "Оставьте поле пустым или укажите параметры, например: protocols=!SSLv2 ciphers=medium exclude=3DES",
         "tls_map_policy": "Политика",
         "tls_policy_maps": "Правила TLS",
         "tls_policy_maps_enforced_tls": "Для исходящих сообщений от пользователей с включенной принудительной политикой шифрования исходящих соединений не описанные глобальной политикой,<br>\r\n будут применены значения по умолчанию, указанные в <code>smtp_tls_mandatory_protocols</code> и <code>smtp_tls_mandatory_ciphers</code>.",
@@ -932,14 +1004,26 @@
         "type": "Тип"
     },
     "queue": {
-        "queue_manager": "Очередь на отправку"
+        "ays": "Пожалуйста, подтвердите, что вы хотите удалить все элементы из текущей очереди.",
+        "delete": "Удалить все",
+        "deliver_mail": "Доставить",
+        "deliver_mail_legend": "Попытаться повторно доставить выбранные письма.",
+        "flush": "Обработать очередь",
+        "hold_mail": "Отложить",
+        "hold_mail_legend": "Удержать выбранные сообщения. (Предотвратить дальнейшие попытки доставки)",
+        "info": "Очередь отправки почты содержит все письма, которые ожидают доставки. Если письмо надолго задерживается в почтовой очереди, оно автоматически удаляется системой.<br>Сообщение об ошибке в соответствующих письмах содержит информацию о том, почему письмо не удалось доставить.",
+        "legend": "Описание действий с почтовой очередью:",
+        "queue_manager": "Очередь на отправку",
+        "show_message": "Показать сообщение",
+        "unhold_mail": "Высвободить",
+        "unhold_mail_legend": "Освобождает выбранные письма для доставки. (Требуется предварительное удержание)"
     },
     "ratelimit": {
+        "day": "сообщений / день",
         "disabled": "Отключен",
-        "second": "сообщений / секунду",
-        "minute": "сообщений / минуту",
         "hour": "сообщений / час",
-        "day": "сообщений / день"
+        "minute": "сообщений / минуту",
+        "second": "сообщений / секунду"
     },
     "start": {
         "help": "Справка",
@@ -965,6 +1049,7 @@
         "bcc_deleted": "Правила BCC удалены: %s",
         "bcc_edited": "Правило BCC %s отредактировано",
         "bcc_saved": "Правило BCC сохранено",
+        "cors_headers_edited": "Настройки CORS сохранены",
         "db_init_complete": "Инициализация базы данных завершена",
         "delete_filter": "Фильтр ID %s удалён",
         "delete_filters": "Фильтры удалены: %s",
@@ -973,19 +1058,23 @@
         "dkim_added": "DKIM ключ сохранён",
         "dkim_duplicated": "DKIM ключи для домена %s были скопированы в %s",
         "dkim_removed": "DKIM ключ %s удалён",
+        "domain_add_dkim_available": "DKIM ключ уже существует",
         "domain_added": "Добавлен домен %s",
         "domain_admin_added": "Администратор домена %s добавлен",
         "domain_admin_modified": "Сохранить изменения администратора домена %s",
         "domain_admin_removed": "Администратор домена %s удалён",
+        "domain_footer_modified": "Изменения в нижнем колонтитуле домена %s сохранены",
         "domain_modified": "Сохранить изменения домена %s",
         "domain_removed": "Домен %s удалён",
         "dovecot_restart_success": "Dovecot перезапущен успешно",
         "eas_reset": "Кеш ActiveSync для пользователя %s был сброшен",
+        "f2b_banlist_refreshed": "Идентификатор банлиста был успешно обновлен.",
         "f2b_modified": "Изменения параметров Fail2ban сохранены",
         "forwarding_host_added": "Перенаправление узла %s добавлено",
         "forwarding_host_removed": "Перенаправление узла %s удалено",
         "global_filter_written": "Фильтр успешно записан в файл",
         "hash_deleted": "Хеш удалён",
+        "ip_check_opt_in_modified": "Параметры проверки IP успешно обновлены",
         "item_deleted": "Обьект %s удалён",
         "item_released": "Письмо %s восстановлено из карантина",
         "items_deleted": "Обьекты %s удалены",
@@ -996,14 +1085,17 @@
         "mailbox_added": "Почтовый аккаунт %s добавлен",
         "mailbox_modified": "Изменения почтового аккаунта %s сохранены",
         "mailbox_removed": "Почтовый аккаунт %s удалён",
+        "mailbox_renamed": "Почтовый аккаунт %s был переименован в %s",
         "nginx_reloaded": "Обновление конфигурация Nginx закончено",
         "object_modified": "Изменения объекта %s сохранены",
+        "password_changed_success": "Пароль был успешно изменен",
         "password_policy_saved": "Политика паролей сохранена",
         "pushover_settings_edited": "Настройки сохранены, пожалуйста, выполните проверку доступа",
         "qlearn_spam": "Письмо ID %s было изучено как спам и удалено",
         "queue_command_success": "Команда выполнена успешно",
         "recipient_map_entry_deleted": "Правило перезаписи получателя ID %s было удалено",
         "recipient_map_entry_saved": "Правило перезаписи получателя \"%s\" было сохранено",
+        "recovery_email_sent": "Письмо для восстановления пароля отправлено на %s",
         "relayhost_added": "Промежуточный узел %s добавлен",
         "relayhost_removed": "Промежуточный узел %s удалён",
         "reset_main_logo": "Восстановить логотип по умолчанию",
@@ -1016,6 +1108,9 @@
         "settings_map_added": "Правило добавлено",
         "settings_map_removed": "Правило ID %s удалено",
         "sogo_profile_reset": "Профиль пользователя SOGo %s сброшен",
+        "template_added": "Шаблон %s добавлен",
+        "template_modified": "Изменения шаблона %s сохранены",
+        "template_removed": "Шаблон ID %s удален",
         "tls_policy_map_entry_deleted": "Политика TLS ID %s удалено",
         "tls_policy_map_entry_saved": "Политика TLS \"%s\" сохранена",
         "ui_texts": "Изменения текстов UI сохранены",
@@ -1023,13 +1118,11 @@
         "verified_fido2_login": "Авторизация FIDO2 пройдена",
         "verified_totp_login": "Авторизация TOTP пройдена",
         "verified_webauthn_login": "Авторизация WebAuthn пройдена",
-        "verified_yotp_login": "Авторизация Yubico OTP пройдена",
-        "cors_headers_edited": "Настройки CORS сохранены",
-        "domain_footer_modified": "Изменения в нижнем колонтитуле домена %s сохранены",
-        "f2b_banlist_refreshed": "Идентификатор банлиста был успешно обновлен."
+        "verified_yotp_login": "Авторизация Yubico OTP пройдена"
     },
     "tfa": {
         "api_register": "%s использует Yubico Cloud API. Пожалуйста, получите ключ API для вашего ключа <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">здесь</a>",
+        "authenticators": "Аутентификаторы",
         "confirm": "Подтвердите",
         "confirm_totp_token": "Пожалуйста, подтвердите изменения, введя сгенерированный код",
         "delete_tfa": "Отключить TFA",
@@ -1048,11 +1141,12 @@
         "tfa": "Двухфакторная проверка подлинности",
         "tfa_token_invalid": "Неправильный TFA токен",
         "totp": "OTP (Authy, Google Authenticator и др.)",
-        "webauthn": "WebAuthn аутентификация",
+        "u2f_deprecated": "Похоже, что ваш ключ был зарегистрирован с использованием устаревшего метода U2F. Мы деактивируем для вас двухфакторную аутентификацию и удалим ваш ключ.",
+        "u2f_deprecated_important": "Пожалуйста, зарегистрируйте ваш ключ в панели администратора с помощью нового метода WebAuthn.",
         "waiting_usb_auth": "<i>Ожидание устройства USB...</i><br><br>Пожалуйста, нажмите кнопку на USB устройстве сейчас.",
         "waiting_usb_register": "<i>Ожидание устройства USB...</i><br><br>Пожалуйста, введите пароль выше и подтвердите регистрацию, нажав кнопку на USB устройстве.",
-        "yubi_otp": "Yubico OTP аутентификация",
-        "u2f_deprecated": "Похоже, что ваш ключ был зарегистрирован с использованием устаревшего метода U2F. Мы деактивируем для вас двухфакторную аутентификацию и удалим ваш ключ."
+        "webauthn": "WebAuthn аутентификация",
+        "yubi_otp": "Yubico OTP аутентификация"
     },
     "user": {
         "action": "Действия",
@@ -1069,13 +1163,17 @@
         "alias_valid_until": "Действителен до",
         "aliases_also_send_as": "Разрешено отправлять письма от имени",
         "aliases_send_as_all": "Разрешено отправлять письма от любого имени для домена и его псевдонимов",
+        "allowed_protocols": "Разрешенные протоколы",
         "app_hint": "Пароли приложений - это альтернативные пароли для авторизации в IMAP, SMTP, CalDAV, CardDAV и EAS. При этом имя пользователя остается неизменным. <br>SOGo недоступен через пароли приложений.",
         "app_name": "Название приложения",
         "app_passwds": "Пароли приложений",
         "apple_connection_profile": "Профиль подключения Apple",
         "apple_connection_profile_complete": "Этот профиль включает настройки IMAP и SMTP, а также CalDAV (календарей) и CardDAV (контактов) для устройства Apple.",
         "apple_connection_profile_mailonly": "Этот профиль включает только настройки IMAP и SMTP для устройства Apple.",
+        "apple_connection_profile_with_app_password": "Новый пароль приложения генерируется и добавляется в профиль, поэтому при настройке устройства не требуется вводить пароль. Не предоставляйте доступ к файлу, поскольку он предоставляет полный доступ к вашему почтовому ящику.",
+        "attribute": "Атрибут",
         "change_password": "Изменить пароль",
+        "change_password_hint_app_passwords": "В вашей учетной записи есть {{number_of_app_passwords}} паролей приложений, которые не будут изменены. Чтобы управлять ими, перейдите на вкладку \"Пароли приложений\".",
         "clear_recent_successful_connections": "Очистить историю успешных подключений",
         "client_configuration": "Показать руководство по настройке почтовых клиентов и смартфонов",
         "create_app_passwd": "Создать новый пароль",
@@ -1086,6 +1184,7 @@
         "delete_ays": "Пожалуйста, подтвердите удаление",
         "direct_aliases": "Личные псевдонимы",
         "direct_aliases_desc": "На личные псевдонимы распространяются фильтры нежелательной почты и параметры политики TLS.",
+        "direct_protocol_access": "Этот пользователь почтового ящика имеет <b>прямой, внешний доступ</b> к следующим протоколам и приложениям. Эта настройка контролируется вашим администратором. Для предоставления доступа к отдельным протоколам и приложениям могут быть созданы пароли приложений.<br> Кнопка \"Вход в веб-почту\" обеспечивает единый вход в SOGo и всегда доступна.",
         "eas_reset": "Сбросить кеш ActiveSync устройств",
         "eas_reset_help": "Во многих случаях сброс кеша устройств помогает восстановить повреждённый профиль ActiveSync.<br><b>Внимание:</b> все письма, календари и контакты будут загружены заново на все ваши устройства!",
         "eas_reset_now": "Сбросить кеш сейчас",
@@ -1130,15 +1229,18 @@
         "password": "Пароль",
         "password_now": "Текущий пароль (подтверждение изменения)",
         "password_repeat": "Подтверждение пароля (повтор)",
+        "password_reset_info": "If no email for password recovery is provided, this function cannot be used.",
         "pushover_evaluate_x_prio": "Установить высокий приоритет уведомлений для писем с высоким приоритетом [<code>X-Priority: 1</code>]",
         "pushover_info": "Настройки Push-уведомления будут применяться ко всей почте <b>%s</b> (за исключением спама), включая псевдонимы (личные, общие и тегированные).",
         "pushover_only_x_prio": "Получать уведомления только о письмах с высоким приоритетом [<code>X-Priority: 1</code>]",
         "pushover_sender_array": "Получать уведомления от списка адресов электронной почты <small>(envelop-from, разделённые запятыми)</small>:",
         "pushover_sender_regex": "Получать уведомления от отправителей, удовлетворяющих regex-выражению:",
+        "pushover_sound": "Звук уведомления",
         "pushover_text": "Текст уведомления",
         "pushover_title": "Заголовок уведомления",
         "pushover_vars": "Когда фильтрация по отправителю не определена, уведомения будут доставлятся от всех отправителей.<br>Можно использовать обычный фильтр по отправителю и расширенный regex-фильтр, а также оба сразу.<br>Пожалуйста, ознакомьтесь с <a href=\"https://pushover.net/privacy\">Pushover Privacy Policy</a> перед использованием шаблонов для текста и заголовка",
         "pushover_verify": "Проверить доступ",
+        "pw_recovery_email": "Адрес для восстановления пароля",
         "q_add_header": "Нежелательная почта",
         "q_all": "Все категории",
         "q_reject": "Отклонённая почта",
@@ -1179,15 +1281,15 @@
         "spamfilter_yellow": "Жёлтый: эти письма могут быть спамом, будут доставлены в папку \"Спам\"",
         "status": "Статус",
         "sync_jobs": "Задания синхронизации",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Ошибка авторизации",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Неправильное имя пользователя или пароль",
+        "syncjob_EXIT_CONNECTION_FAILURE": "Ошибка связи с сервером",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Не удалось подключиться к удаленному серверу",
+        "syncjob_EXIT_OVERQUOTA": "Целевой почтовый ящик превысил квоту",
+        "syncjob_EXIT_TLS_FAILURE": "Ошибка установки шифрованного соединения",
+        "syncjob_EX_OK": "Успешно",
         "syncjob_check_log": "Проверить журнал",
         "syncjob_last_run_result": "Результат",
-        "syncjob_EX_OK": "Успешно",
-        "syncjob_EXIT_CONNECTION_FAILURE": "Ошибка связи с сервером",
-        "syncjob_EXIT_TLS_FAILURE": "Ошибка установки шифрованного соединения",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Ошибка авторизации",
-        "syncjob_EXIT_OVERQUOTA": "Целевой почтовый ящик превысил квоту",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Не удалось подключиться к удаленному серверу",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Неправильное имя пользователя или пароль",
         "tag_handling": "Обработка тегированной почты",
         "tag_help_example": "Пример тегированного адреса электронной почты: <code>ich<b>+Facebook</b>@example.org</code>",
         "tag_help_explain": "Переместить в подпапку: будет создана новая подпапка в INBOX с именем тега, например: \"INBOX/Facebook\".<br>\r\n  Добавить к теме письма: имя тега будет добавлено к теме письма, например: \"[Facebook] My News\".",
@@ -1202,20 +1304,15 @@
         "tls_policy_warning": "<strong>Предупреждение:</strong> Если вы включите принудительное шифрованние почты, вы можете столкнуться с потерей писем.<br>Сообщения, которые не соответствуют политике, будут отбрасываться с сообщением почтовым сервером о серьёзном сбое.<br>Этот параметр применяется к вашему основному адресу электронной почты (логину), всем личным псевдонимам и псевдонимам доменов. Подразумеваются только псевдонимы <b>с одним почтовым ящиком</b>, как получатель.",
         "user_settings": "Настройки пользователя",
         "username": "Имя пользователя",
+        "value": "Значение",
         "verify": "Проверить",
         "waiting": "В ожидании",
         "week": "неделю",
         "weekly": "Раз в неделю",
         "weeks": "недели",
-        "year": "год",
-        "years": "лет",
-        "allowed_protocols": "Разрешенные протоколы",
-        "apple_connection_profile_with_app_password": "Новый пароль приложения генерируется и добавляется в профиль, поэтому при настройке устройства не требуется вводить пароль. Не предоставляйте доступ к файлу, поскольку он предоставляет полный доступ к вашему почтовому ящику.",
-        "direct_protocol_access": "Этот пользователь почтового ящика имеет <b>прямой, внешний доступ</b> к следующим протоколам и приложениям. Эта настройка контролируется вашим администратором. Для предоставления доступа к отдельным протоколам и приложениям могут быть созданы пароли приложений.<br> Кнопка \"Вход в веб-почту\" обеспечивает единый вход в SOGo и всегда доступна.",
         "with_app_password": "с паролем приложения",
-        "change_password_hint_app_passwords": "В вашей учетной записи есть {{number_of_app_passwords}} паролей приложений, которые не будут изменены. Чтобы управлять ими, перейдите на вкладку \"Пароли приложений\".",
-        "attribute": "Атрибут",
-        "value": "Значение"
+        "year": "год",
+        "years": "лет"
     },
     "warning": {
         "cannot_delete_self": "Вы не можете удалить сами себя",
@@ -1229,10 +1326,5 @@
         "quota_exceeded_scope": "Квота домена превышена: могут быть созданы только почтовые ящики без лимита.",
         "session_token": "Неверный токен формы: несоответствие токена",
         "session_ua": "Неверный токен формы: ошибка проверки User-Agent"
-    },
-    "datatables": {
-        "collapse_all": "Свернуть все",
-        "expand_all": "Развернуть все",
-        "infoPostFix": ""
     }
 }

From 31185e3de1dd6eeda801c7434eef699918ed205e Mon Sep 17 00:00:00 2001
From: Hassan A Hashim <h3ssan@protonmail.com>
Date: Wed, 27 Nov 2024 14:47:57 +0300
Subject: [PATCH 382/755] Implement search mailboxes by fullname

---
 data/web/json_api.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/data/web/json_api.php b/data/web/json_api.php
index 86ab21c60..abaf749f1 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -1067,9 +1067,10 @@ if (isset($_GET['query'])) {
                   ['db' => 'last_mail_login', 'dt' => 4, 'dummy' => true, 'order_subquery' => "SELECT MAX(`datetime`) FROM `sasl_log` WHERE `service` != 'SSO' AND `username` = `m`.`username`"],
                   ['db' => 'last_pw_change', 'dt' => 5, 'dummy' => true, 'order_subquery' => "JSON_EXTRACT(attributes, '$.passwd_update')"],
                   ['db' => 'in_use', 'dt' => 6, 'dummy' => true, 'order_subquery' => "(SELECT SUM(bytes) FROM `quota2` WHERE `quota2`.`username` = `m`.`username`) / `m`.`quota`"],
+                  ['db' => 'name', 'dt' => 7],
                   ['db' => 'messages', 'dt' => 17, 'dummy' => true, 'order_subquery' => "SELECT SUM(messages) FROM `quota2` WHERE `quota2`.`username` = `m`.`username`"],
                   ['db' => 'tags', 'dt' => 20, 'dummy' => true, 'search' => ['join' => 'LEFT JOIN `tags_mailbox` AS `tm` ON `tm`.`username` = `m`.`username`', 'where_column' => '`tm`.`tag_name`']],
-                  ['db' => 'active', 'dt' => 21]
+                  ['db' => 'active', 'dt' => 21],
                 ];
 
                 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/lib/ssp.class.php';

From 05e4bd7602e2d7fecdab638e8e3a8aa2562c5f53 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 29 Nov 2024 15:50:35 +0100
Subject: [PATCH 383/755] [Web] use global vars for iam_provider and
 iam_settings

---
 data/web/admin.php                  |  2 -
 data/web/autodiscover.php           |  1 +
 data/web/edit.php                   |  1 -
 data/web/inc/functions.auth.inc.php | 22 +++----
 data/web/inc/functions.inc.php      | 89 ++++++++++++-----------------
 data/web/inc/prerequisites.inc.php  |  3 +-
 data/web/inc/triggers.inc.php       |  8 +--
 data/web/index.php                  |  4 +-
 data/web/json_api.php               |  2 +-
 9 files changed, 60 insertions(+), 72 deletions(-)

diff --git a/data/web/admin.php b/data/web/admin.php
index 9af7b6449..2081f34a6 100644
--- a/data/web/admin.php
+++ b/data/web/admin.php
@@ -86,8 +86,6 @@ $cors_settings['allowed_origins'] = str_replace(", ", "\n", $cors_settings['allo
 $cors_settings['allowed_methods'] = explode(", ", $cors_settings['allowed_methods']);
 
 $f2b_data = fail2ban('get');
-// identity provider
-$iam_settings = identity_provider('get');
 // mbox templates
 $mbox_templates = mailbox('get', 'mailbox_templates');
 
diff --git a/data/web/autodiscover.php b/data/web/autodiscover.php
index 323f89e78..0b03eb3ce 100644
--- a/data/web/autodiscover.php
+++ b/data/web/autodiscover.php
@@ -55,6 +55,7 @@ $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
 
 // Init Identity Provider
 $iam_provider = identity_provider('init');
+$iam_settings = identity_provider('get');
 
 $login_user = strtolower(trim($_SERVER['PHP_AUTH_USER']));
 $login_pass = trim(htmlspecialchars_decode($_SERVER['PHP_AUTH_PW']));
diff --git a/data/web/edit.php b/data/web/edit.php
index fb7051b4c..b6359d172 100644
--- a/data/web/edit.php
+++ b/data/web/edit.php
@@ -119,7 +119,6 @@ if (isset($_SESSION['mailcow_cc_role'])) {
         $quarantine_category = mailbox('get', 'quarantine_category', $mailbox);
         $get_tls_policy = mailbox('get', 'tls_policy', $mailbox);
         $rlyhosts = relayhost('get');
-        $iam_settings = identity_provider('get');
         $template = 'edit/mailbox.twig';
         $template_data = [
           'acl' => $_SESSION['acl'],
diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index a0424f3ed..74cd6d956 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -162,6 +162,8 @@ function domainadmin_login($user, $pass){
 }
 function user_login($user, $pass, $extra = null){
   global $pdo;
+  global $iam_provider;
+  global $iam_settings;
 
   $is_internal = $extra['is_internal'];
 
@@ -186,12 +188,11 @@ function user_login($user, $pass, $extra = null){
 
   // user does not exist, try call idp login and create user if possible via rest flow
   if (!$row){
-    $iam_settings = identity_provider('get');
     if ($iam_settings['authsource'] == 'keycloak' && intval($iam_settings['mailpassword_flow']) == 1){
-      $result = keycloak_mbox_login_rest($user, $pass, $iam_settings, array('is_internal' => $is_internal, 'create' => true));
+      $result = keycloak_mbox_login_rest($user, $pass, array('is_internal' => $is_internal, 'create' => true));
       if ($result !== false) return $result;
     } else if ($iam_settings['authsource'] == 'ldap') {
-      $result = ldap_mbox_login($user, $pass, $iam_settings, array('is_internal' => $is_internal, 'create' => true));
+      $result = ldap_mbox_login($user, $pass, array('is_internal' => $is_internal, 'create' => true));
       if ($result !== false) return $result;
     }
   }
@@ -202,9 +203,8 @@ function user_login($user, $pass, $extra = null){
   switch ($row['authsource']) {
     case 'keycloak':
       // user authsource is keycloak, try using via rest flow
-      $iam_settings = identity_provider('get');
       if (intval($iam_settings['mailpassword_flow']) == 1){
-        $result = keycloak_mbox_login_rest($user, $pass, $iam_settings, array('is_internal' => $is_internal));
+        $result = keycloak_mbox_login_rest($user, $pass, array('is_internal' => $is_internal));
         if ($result !== false) {
           // check for tfa authenticators
           $authenticators = get_tfa($user);
@@ -243,8 +243,7 @@ function user_login($user, $pass, $extra = null){
     break;
     case 'ldap':
       // user authsource is ldap
-      $iam_settings = identity_provider('get');
-      $result = ldap_mbox_login($user, $pass, $iam_settings, array('is_internal' => $is_internal));
+      $result = ldap_mbox_login($user, $pass, array('is_internal' => $is_internal));
       if ($result !== false) {
         // check for tfa authenticators
         $authenticators = get_tfa($user);
@@ -397,8 +396,10 @@ function apppass_login($user, $pass, $app_passwd_data, $extra = null){
 // Keycloak REST Api Flow - auth user by mailcow_password attribute
 // This password will be used for direct UI, IMAP and SMTP Auth
 // To use direct user credentials, only Authorization Code Flow is valid
-function keycloak_mbox_login_rest($user, $pass, $iam_settings, $extra = null){
+function keycloak_mbox_login_rest($user, $pass, $extra = null){
   global $pdo;
+  global $iam_provider;
+  global $iam_settings;
 
   $is_internal = $extra['is_internal'];
   $create = $extra['create'];
@@ -474,10 +475,11 @@ function keycloak_mbox_login_rest($user, $pass, $iam_settings, $extra = null){
 
   return 'user';
 }
-function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
+function ldap_mbox_login($user, $pass, $extra = null){
   global $pdo;
+  global $iam_provider;
+  global $iam_settings;
 
-  $iam_provider = identity_provider();
   $is_internal = $extra['is_internal'];
   $create = $extra['create'];
 
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index fc703c353..c7cab469d 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1072,6 +1072,8 @@ function set_tfa($_data) {
   global $pdo;
   global $yubi;
   global $tfa;
+  global $iam_settings;
+
   $_data_log = $_data;
   $access_denied = null;
   !isset($_data_log['confirm_password']) ?: $_data_log['confirm_password'] = '*';
@@ -1100,7 +1102,6 @@ function set_tfa($_data) {
     $row = $stmt->fetch(PDO::FETCH_ASSOC);
     if ($row) {
       if ($row['authsource'] == 'ldap'){
-        $iam_settings = identity_provider('get');
         if (!ldap_mbox_login($username, $_data["confirm_password"], $iam_settings)) $access_denied = true;
         else $access_denied = false;
       } else {
@@ -2129,20 +2130,13 @@ function uuid4() {
 function identity_provider($_action = null, $_data = null, $_extra = null) {
   global $pdo;
   global $iam_provider;
+  global $iam_settings;
 
   $data_log = $_data;
   if (isset($data_log['client_secret'])) $data_log['client_secret'] = '*';
   if (isset($data_log['access_token'])) $data_log['access_token'] = '*';
 
   switch ($_action) {
-    case NULL:
-      if ($iam_provider) {
-        return $iam_provider;
-      } else {
-        $iam_provider = identity_provider("init");
-        return $iam_provider;
-      }
-    break;
     case 'get':
       $settings = array();
       $stmt = $pdo->prepare("SELECT * FROM `identity_provider`;");
@@ -2414,20 +2408,20 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       return true;
     break;
     case "init":
-      $iam_settings = identity_provider('get');
+      $settings = identity_provider('get');
       $provider = null;
 
-      switch ($iam_settings['authsource']) {
+      switch ($settings['authsource']) {
         case "keycloak":
-          if ($iam_settings['server_url'] && $iam_settings['realm'] && $iam_settings['client_id'] &&
-            $iam_settings['client_secret'] && $iam_settings['redirect_url'] && $iam_settings['version']){
+          if ($settings['server_url'] && $settings['realm'] && $settings['client_id'] &&
+            $settings['client_secret'] && $settings['redirect_url'] && $settings['version']){
             $provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
-              'authServerUrl'         => $iam_settings['server_url'],
-              'realm'                 => $iam_settings['realm'],
-              'clientId'              => $iam_settings['client_id'],
-              'clientSecret'          => $iam_settings['client_secret'],
-              'redirectUri'           => $iam_settings['redirect_url'],
-              'version'               => $iam_settings['version'],
+              'authServerUrl'         => $settings['server_url'],
+              'realm'                 => $settings['realm'],
+              'clientId'              => $settings['client_id'],
+              'clientSecret'          => $settings['client_secret'],
+              'redirectUri'           => $settings['redirect_url'],
+              'version'               => $settings['version'],
               // 'encryptionAlgorithm'   => 'RS256',                             // optional
               // 'encryptionKeyPath'     => '../key.pem'                         // optional
               // 'encryptionKey'         => 'contents_of_key_or_certificate'     // optional
@@ -2435,34 +2429,34 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
           }
         break;
         case "generic-oidc":
-          if ($iam_settings['client_id'] && $iam_settings['client_secret'] && $iam_settings['redirect_url'] &&
-            $iam_settings['authorize_url'] && $iam_settings['token_url'] && $iam_settings['userinfo_url']){
+          if ($settings['client_id'] && $settings['client_secret'] && $settings['redirect_url'] &&
+            $settings['authorize_url'] && $settings['token_url'] && $settings['userinfo_url']){
             $provider = new \League\OAuth2\Client\Provider\GenericProvider([
-              'clientId'                => $iam_settings['client_id'],
-              'clientSecret'            => $iam_settings['client_secret'],
-              'redirectUri'             => $iam_settings['redirect_url'],
-              'urlAuthorize'            => $iam_settings['authorize_url'],
-              'urlAccessToken'          => $iam_settings['token_url'],
-              'urlResourceOwnerDetails' => $iam_settings['userinfo_url'],
-              'scopes'                  => $iam_settings['client_scopes']
+              'clientId'                => $settings['client_id'],
+              'clientSecret'            => $settings['client_secret'],
+              'redirectUri'             => $settings['redirect_url'],
+              'urlAuthorize'            => $settings['authorize_url'],
+              'urlAccessToken'          => $settings['token_url'],
+              'urlResourceOwnerDetails' => $settings['userinfo_url'],
+              'scopes'                  => $settings['client_scopes']
             ]);
           }
         break;
         case "ldap":
-          if ($iam_settings['host'] && $iam_settings['port'] && $iam_settings['basedn'] &&
-            $iam_settings['binddn'] && $iam_settings['bindpass']){
+          if ($settings['host'] && $settings['port'] && $settings['basedn'] &&
+            $settings['binddn'] && $settings['bindpass']){
             $options = array();
-            if ($iam_settings['ignore_ssl_error']) {
+            if ($settings['ignore_ssl_error']) {
               $options[LDAP_OPT_X_TLS_REQUIRE_CERT] = LDAP_OPT_X_TLS_NEVER;
             }
             $provider = new \LdapRecord\Connection([
-              'hosts'                     => [$iam_settings['host']],
-              'port'                      => $iam_settings['port'],
-              'base_dn'                   => $iam_settings['basedn'],
-              'username'                  => $iam_settings['binddn'],
-              'password'                  => $iam_settings['bindpass'],
-              'use_ssl'                   => $iam_settings['use_ssl'],
-              'use_tls'                   => $iam_settings['use_tls'],
+              'hosts'                     => [$settings['host']],
+              'port'                      => $settings['port'],
+              'base_dn'                   => $settings['basedn'],
+              'username'                  => $settings['binddn'],
+              'password'                  => $settings['bindpass'],
+              'use_ssl'                   => $settings['use_ssl'],
+              'use_tls'                   => $settings['use_tls'],
               'options'                   => $options
             ]);
             try {
@@ -2477,8 +2471,6 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       return $provider;
     break;
     case "verify-sso":
-      $provider = $_data['iam_provider'];
-      $iam_settings = identity_provider('get');
       if ($iam_settings['authsource'] != 'keycloak' && $iam_settings['authsource'] != 'generic-oidc'){
         $_SESSION['return'][] =  array(
           'type' => 'danger',
@@ -2489,10 +2481,10 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       }
 
       try {
-        $token = $provider->getAccessToken('authorization_code', ['code' => $_GET['code']]);
+        $token = $iam_provider->getAccessToken('authorization_code', ['code' => $_GET['code']]);
         $_SESSION['iam_token'] = $token->getToken();
         $_SESSION['iam_refresh_token'] = $token->getRefreshToken();
-        $info = $provider->getResourceOwner($token)->toArray();
+        $info = $iam_provider->getResourceOwner($token)->toArray();
       } catch (Throwable $e) {
         $_SESSION['return'][] =  array(
           'type' => 'danger',
@@ -2577,13 +2569,11 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       return true;
     break;
     case "refresh-token":
-      $provider = $_data['iam_provider'];
-
       try {
-        $token = $provider->getAccessToken('refresh_token', ['refresh_token' => $_SESSION['iam_refresh_token']]);
+        $token = $iam_provider->getAccessToken('refresh_token', ['refresh_token' => $_SESSION['iam_refresh_token']]);
         $_SESSION['iam_token'] = $token->getToken();
         $_SESSION['iam_refresh_token'] = $token->getRefreshToken();
-        $info = $provider->getResourceOwner($token)->toArray();
+        $info = $iam_provider->getResourceOwner($token)->toArray();
       } catch (Throwable $e) {
         clear_session();
         $_SESSION['return'][] =  array(
@@ -2609,17 +2599,14 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       return true;
     break;
     case "get-redirect":
-      $iam_settings = identity_provider('get');
       if ($iam_settings['authsource'] != 'keycloak' && $iam_settings['authsource'] != 'generic-oidc')
         return false;
-      $provider = $_data['iam_provider'];
-      $authUrl = $provider->getAuthorizationUrl();
-      $_SESSION['oauth2state'] = $provider->getState();
+      $authUrl = $iam_provider->getAuthorizationUrl();
+      $_SESSION['oauth2state'] = $iam_provider->getState();
       return $authUrl;
     break;
     case "get-keycloak-admin-token":
       // get access_token for service account of mailcow client
-      $iam_settings = identity_provider('get');
       if ($iam_settings['authsource'] !== 'keycloak') return false;
       if (isset($iam_settings['access_token'])) {
         // check if access_token is valid
diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php
index fb30956f4..e67271412 100644
--- a/data/web/inc/prerequisites.inc.php
+++ b/data/web/inc/prerequisites.inc.php
@@ -180,6 +180,7 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/sessions.inc.php';
 
 // Init Identity Provider
 $iam_provider = identity_provider('init');
+$iam_settings = identity_provider('get');
 
 // IMAP lib
 // use Ddeboer\Imap\Server;
@@ -323,7 +324,7 @@ $UI_TEXTS = customize('get', 'ui_texts');
 if (file_exists('/web/css/themes/'.$UI_THEME.'-bootstrap.css'))
   $css_minifier->add('/web/css/themes/'.$UI_THEME.'-bootstrap.css');
 else
-  $css_minifier->add('/web/css/themes/lumen-bootstrap.css'); 
+  $css_minifier->add('/web/css/themes/lumen-bootstrap.css');
 // minify css build files
 foreach ($css_dir as $css_file) {
   $css_minifier->add('/web/css/build/' . $css_file);
diff --git a/data/web/inc/triggers.inc.php b/data/web/inc/triggers.inc.php
index 7f330ba1c..b0c2237d6 100644
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -3,18 +3,18 @@
 if ($iam_provider){
   if (isset($_GET['iam_sso'])){
     // redirect for sso
-    $redirect_uri = identity_provider('get-redirect', array('iam_provider' => $iam_provider));
+    $redirect_uri = identity_provider('get-redirect');
     $redirect_uri = !empty($redirect_uri) ? $redirect_uri : '/';
     header('Location: ' . $redirect_uri);
     die();
   }
   if ($_SESSION['iam_token'] && $_SESSION['iam_refresh_token']) {
     // Session found, try to refresh
-    $isRefreshed = identity_provider('refresh-token', array('iam_provider' => $iam_provider));
+    $isRefreshed = identity_provider('refresh-token');
 
     if (!$isRefreshed){
       // Session could not be refreshed, redirect to provider
-      $redirect_uri = identity_provider('get-redirect', array('iam_provider' => $iam_provider));
+      $redirect_uri = identity_provider('get-redirect');
       $redirect_uri = !empty($redirect_uri) ? $redirect_uri : '/';
       header('Location: ' . $redirect_uri);
       die();
@@ -23,7 +23,7 @@ if ($iam_provider){
     // Check given state against previously stored one to mitigate CSRF attack
     // Recieved access token in $_GET['code']
     // extract info and verify user
-    identity_provider('verify-sso', array('iam_provider' => $iam_provider));
+    identity_provider('verify-sso');
   }
 }
 
diff --git a/data/web/index.php b/data/web/index.php
index 08857006f..0282e4835 100644
--- a/data/web/index.php
+++ b/data/web/index.php
@@ -15,7 +15,7 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
   header('Location: /mailbox');
   exit();
 }
-elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {    
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
   $user_details = mailbox("get", "mailbox_details", $_SESSION['mailcow_cc_username']);
   $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
   if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual) {
@@ -32,7 +32,7 @@ $_SESSION['index_query_string'] = $_SERVER['QUERY_STRING'];
 
 $has_iam_sso = false;
 if ($iam_provider){
-  $has_iam_sso = identity_provider("get-redirect", array('iam_provider' => $iam_provider)) ? true : false; 
+  $has_iam_sso = identity_provider("get-redirect") ? true : false;
 }
 
 
diff --git a/data/web/json_api.php b/data/web/json_api.php
index a3103ffa1..4e9d2a0ed 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -1708,7 +1708,7 @@ if (isset($_GET['query'])) {
               $score = array("score" => preg_replace("/\s+/", "", $score));
             process_get_return($score);
           case "identity_provider":
-            process_get_return(identity_provider('get'));
+            process_get_return($iam_settings);
           break;
         break;
         // return no route found if no case is matched

From b2db8e6b314d586a062b248b9553f533f4ed67a5 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 29 Nov 2024 16:52:34 +0100
Subject: [PATCH 384/755] [Dovecot] init identity provider before user login

---
 data/conf/dovecot/auth/mailcowauth.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/data/conf/dovecot/auth/mailcowauth.php b/data/conf/dovecot/auth/mailcowauth.php
index 2c3c01b30..6d7660577 100644
--- a/data/conf/dovecot/auth/mailcowauth.php
+++ b/data/conf/dovecot/auth/mailcowauth.php
@@ -12,7 +12,7 @@ $return = array("success" => false);
 if(!isset($post['username']) || !isset($post['password']) || !isset($post['real_rip'])){
   error_log("MAILCOWAUTH: Bad Request");
   http_response_code(400); // Bad Request
-  echo json_encode($return); 
+  echo json_encode($return);
   exit();
 }
 
@@ -35,7 +35,7 @@ try {
 catch (PDOException $e) {
   error_log("MAILCOWAUTH: " . $e . PHP_EOL);
   http_response_code(500); // Internal Server Error
-  echo json_encode($return); 
+  echo json_encode($return);
   exit;
 }
 
@@ -57,7 +57,6 @@ if ($isSOGoRequest) {
     error_log('MAILCOWAUTH: SOGo SSO auth for user ' . $post['username']);
     $result = true;
   }
-  
 }
 if ($result === false){
   $result = apppass_login($post['username'], $post['password'], $protocol, array(
@@ -67,6 +66,10 @@ if ($result === false){
   if ($result) error_log('MAILCOWAUTH: App auth for user ' . $post['username']);
 }
 if ($result === false){
+  // Init Identity Provider
+  $iam_provider = identity_provider('init');
+  $iam_settings = identity_provider('get');
+  error_log('MAILCOWAUTH Try: User auth for user ' . $post['username']);
   $result = user_login($post['username'], $post['password'], $protocol, array('is_internal' => true));
   if ($result) error_log('MAILCOWAUTH: User auth for user ' . $post['username']);
 }
@@ -80,6 +83,6 @@ if ($result) {
 }
 
 
-echo json_encode($return); 
+echo json_encode($return);
 session_destroy();
 exit;

From ec4b9b088c875f967fdc160a21481361a101127b Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 29 Nov 2024 18:59:07 +0100
Subject: [PATCH 385/755] [Web] support multiple ldap hosts separated by comma

---
 data/web/inc/functions.inc.php                |   5 +-
 data/web/lang/lang.en-gb.json                 |   1 +
 .../admin/tab-config-identity-provider.twig   | 153 +++++++++++++-----
 3 files changed, 116 insertions(+), 43 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index c7cab469d..6ae49e7bc 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2240,6 +2240,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
           $required_settings          = array('authsource', 'authorize_url', 'token_url', 'client_id', 'client_secret', 'redirect_url', 'userinfo_url', 'client_scopes');
         break;
         case "ldap":
+          $_data['host']              = (!empty($_data['host'])) ? str_replace(" ", "", $_data['host']) : "";
           $_data['port']              = (!empty($_data['port'])) ? intval($_data['port']) : 389;
           $_data['username_field']    = (!empty($_data['username_field'])) ? strtolower($_data['username_field']) : "mail";
           $_data['attribute_field']   = (!empty($_data['attribute_field'])) ? strtolower($_data['attribute_field']) : "";
@@ -2356,7 +2357,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
             $options[LDAP_OPT_X_TLS_REQUIRE_CERT] = LDAP_OPT_X_TLS_NEVER;
           }
           $provider = new \LdapRecord\Connection([
-            'hosts'                     => [$_data['host']],
+            'hosts'                     => explode(",", $_data['host']),
             'port'                      => $_data['port'],
             'base_dn'                   => $_data['basedn'],
             'username'                  => $_data['binddn'],
@@ -2450,7 +2451,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
               $options[LDAP_OPT_X_TLS_REQUIRE_CERT] = LDAP_OPT_X_TLS_NEVER;
             }
             $provider = new \LdapRecord\Connection([
-              'hosts'                     => [$settings['host']],
+              'hosts'                     => explode(",", $settings['host']),
               'port'                      => $settings['port'],
               'base_dn'                   => $settings['basedn'],
               'username'                  => $settings['binddn'],
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 5c9c1b21b..c9a7f9dfa 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -225,6 +225,7 @@
         "iam_description": "Configure an external Provider for Authentication<br>User's mailboxes will be automatically created upon their first login, provided that an attribute mapping has been set.",
         "iam_extra_permission": "For the following settings to work, the mailcow client in Keycloak needs a <code>Service account</code> and the permission to <code>view-users</code>.",
         "iam_host": "Host",
+        "iam_host_info": "Enter one or more LDAP hosts, separated by commas.",
         "iam_import_users": "Import Users",
         "iam_mapping": "Attribute Mapping",
         "iam_bindpass": "Bind Password",
diff --git a/data/web/templates/admin/tab-config-identity-provider.twig b/data/web/templates/admin/tab-config-identity-provider.twig
index e5103d970..e2cc56838 100644
--- a/data/web/templates/admin/tab-config-identity-provider.twig
+++ b/data/web/templates/admin/tab-config-identity-provider.twig
@@ -9,7 +9,9 @@
     <div id="collapse-tab-config-identity-provider" class="card-body collapse" data-bs-parent="#admin-content">
       <p class="offset-sm-3 mb-4">{{ lang.admin.iam_description|raw }}</p>
       <div class="row mb-4">
-        <label class="control-label col-md-3 text-sm-end" for="iam_realm">{{ lang.admin.iam }}:</label>
+        <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+          <label class="control-label" for="iam_realm">{{ lang.admin.iam }}:</label>
+        </div>
         <div class="col-12 col-md-9 col-lg-4">
           <select
             data-style="btn btn-secondary"
@@ -26,25 +28,33 @@
         <form class="form-horizontal" autocapitalize="none" data-id="iam_keycloak" autocorrect="off" role="form" method="post">
           <input type="hidden" name="authsource" value="keycloak">
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end" for="iam_keycloak_url">{{ lang.admin.iam_server_url }}:</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+                <label class="control-label" for="iam_keycloak_url">{{ lang.admin.iam_server_url }}:</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" id="iam_keycloak_url" name="server_url" value="{{ iam_settings.server_url }}" required>
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end" for="iam_keycloak_realm">{{ lang.admin.iam_realm }}:</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label" for="iam_keycloak_realm">{{ lang.admin.iam_realm }}:</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" id="iam_keycloak_realm" name="realm" value="{{ iam_settings.realm }}" required>
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end" for="iam_keycloak_clientid">{{ lang.admin.iam_client_id }}:</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label" for="iam_keycloak_clientid">{{ lang.admin.iam_client_id }}:</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" id="iam_keycloak_clientid" name="client_id" value="{{ iam_settings.client_id }}" required>
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end" for="iam_keycloak_clientsecret">{{ lang.admin.iam_client_secret }}:</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label" for="iam_keycloak_clientsecret">{{ lang.admin.iam_client_secret }}:</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <div class="reveal-password-input input-group">
                 <input type="password" class="password-field form-control" id="iam_keycloak_clientsecret" name="client_secret" value="{{ iam_settings.client_secret }}" required>
@@ -53,19 +63,25 @@
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end" for="iam_keycloak_redirecturl">{{ lang.admin.iam_redirect_url }}:</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label" for="iam_keycloak_redirecturl">{{ lang.admin.iam_redirect_url }}:</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" id="iam_keycloak_redirecturl" name="redirect_url" value="{{ iam_settings.redirect_url }}" required>
             </div>
           </div>
           <div class="row mb-4">
-            <label class="control-label col-md-3 text-sm-end" for="iam_keycloak_version">{{ lang.admin.iam_version }}:</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label" for="iam_keycloak_version">{{ lang.admin.iam_version }}:</label>
+            </div>
             <div class="col-sm-4">
               <input type="text" class="form-control" id="iam_keycloak_version" name="version" value="{{ iam_settings.version }}" required>
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_mapping }}:</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label">{{ lang.admin.iam_mapping }}:</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <div class="row px-2 align-items-center">
                 <span class="col-5 p-0 pe-2">Attribute</span>
@@ -121,13 +137,15 @@
             {% endif %}
           </div>
           <div class="row mb-2 mt-4">
-            <label class="control-label col-md-3 text-sm-end"></label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end"></div>
             <div class="col-12 col-md-9">
               <span>{{ lang.admin.iam_extra_permission|raw }}</span>
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_rest_flow }}</label>
+            <div class="col-md-3 d-flex align-items-start justify-content-md-end">
+              <label class="control-label">{{ lang.admin.iam_rest_flow }}</label>
+            </div>
             <div class="col-12 col-md-9">
               <div class="form-check form-switch">
                 <input class="form-check-input" type="checkbox" role="switch" name="mailpassword_flow" value="1" {% if iam_settings.mailpassword_flow == 1 %}checked{% endif %}>
@@ -140,7 +158,9 @@
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_periodic_full_sync }}</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label">{{ lang.admin.iam_periodic_full_sync }}</label>
+            </div>
             <div class="col-12 col-md-9">
               <div class="form-check form-switch">
                 <input class="form-check-input" type="checkbox" role="switch" name="periodic_sync"  value="1" {% if iam_settings.periodic_sync == 1 %}checked{% endif %}>
@@ -148,7 +168,9 @@
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_import_users }}</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label">{{ lang.admin.iam_import_users }}</label>
+            </div>
             <div class="col-12 col-md-9">
               <div class="form-check form-switch">
                 <input class="form-check-input" type="checkbox" role="switch" name="import_users"  value="1" {% if iam_settings.import_users == 1 %}checked{% endif %}>
@@ -156,14 +178,16 @@
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_sync_interval }}</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label">{{ lang.admin.iam_sync_interval }}</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <input class="form-control" type="number" min="1" name="sync_interval" style="width: 80px;"  {% if iam_settings.sync_interval %}value="{{ iam_settings.sync_interval }}"{% else %}value="15"{% endif %}>
             </div>
           </div>
           <div class="row mt-4 mb-2">
             <div class="offset-md-3 col-12 col-md-9 d-flex flex-wrap">
-              <div class="btn-group mb-2">   
+              <div class="btn-group mb-2">
                 <button class="btn btn-sm d-block d-sm-inline btn-secondary iam_test_connection iam_test_connection" data-id="iam_keycloak"><i class="bi bi-play"></i> {{ lang.admin.iam_test_connection }}</button>
                 <button class="btn btn-sm d-block d-sm-inline btn-success" data-item="identity-provider" data-action="edit_selected" data-id="iam_keycloak" data-api-url='edit/identity-provider' data-api-attr='{}'><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
               </div>
@@ -176,31 +200,41 @@
         <form class="form-horizontal" autocapitalize="none" data-id="iam_generic" autocorrect="off" role="form" method="post">
           <input type="hidden" name="authsource" value="generic-oidc">
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end" for="iam_authorize_url">{{ lang.admin.iam_authorize_url }}:</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label" for="iam_authorize_url">{{ lang.admin.iam_authorize_url }}:</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" id="iam_authorize_url" name="authorize_url" value="{{ iam_settings.authorize_url }}" required>
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end" for="iam_token_url">{{ lang.admin.iam_token_url }}:</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label" for="iam_token_url">{{ lang.admin.iam_token_url }}:</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" id="iam_token_url" name="token_url" value="{{ iam_settings.token_url }}" required>
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end" for="iam_userinfo_url">{{ lang.admin.iam_userinfo_url }}:</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label" for="iam_userinfo_url">{{ lang.admin.iam_userinfo_url }}:</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" id="iam_userinfo_url" name="userinfo_url" value="{{ iam_settings.userinfo_url }}" required>
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end" for="iam_client_id">{{ lang.admin.iam_client_id }}:</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label" for="iam_client_id">{{ lang.admin.iam_client_id }}:</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" id="iam_client_id" name="client_id" value="{{ iam_settings.client_id }}" required>
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end" for="iam_client_secret">{{ lang.admin.iam_client_secret }}:</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label" for="iam_client_secret">{{ lang.admin.iam_client_secret }}:</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <div class="reveal-password-input input-group">
                 <input type="password" class="password-field form-control" id="iam_client_secret" name="client_secret" value="{{ iam_settings.client_secret }}" required>
@@ -209,19 +243,25 @@
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end" for="iam_redirect_url">{{ lang.admin.iam_redirect_url }}:</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label" for="iam_redirect_url">{{ lang.admin.iam_redirect_url }}:</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" id="iam_redirect_url" name="redirect_url" value="{{ iam_settings.redirect_url }}" required>
             </div>
           </div>
           <div class="row mb-4">
-            <label class="control-label col-md-3 text-sm-end" for="iam_client_scopes">{{ lang.admin.iam_client_scopes }}:</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label" for="iam_client_scopes">{{ lang.admin.iam_client_scopes }}:</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <input type="text" placeholder="openid profile email" class="form-control" id="iam_client_scopes" name="client_scopes" value="{{ iam_settings.client_scopes }}">
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_mapping }}:</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label">{{ lang.admin.iam_mapping }}:</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <div class="row px-2 align-items-center">
                 <span class="col-5 p-0 pe-2">Attribute</span>
@@ -278,7 +318,7 @@
           </div>
           <div class="row mt-4 mb-2">
             <div class="offset-md-3 col-12 col-md-9 d-flex flex-wrap">
-              <div class="btn-group mb-2">   
+              <div class="btn-group mb-2">
                 <button class="btn btn-sm d-block d-sm-inline btn-secondary iam_test_connection" data-id="iam_generic"><i class="bi bi-play"></i> {{ lang.admin.iam_test_connection }}</button>
                 <button class="btn btn-sm d-block d-sm-inline btn-success" data-item="identity-provider" data-action="edit_selected" data-id="iam_generic" data-api-url='edit/identity-provider' data-api-attr='{}'><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
               </div>
@@ -291,19 +331,26 @@
         <form class="form-horizontal" autocapitalize="none" data-id="iam_ldap" autocorrect="off" role="form" method="post">
           <input type="hidden" name="authsource" value="ldap">
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end" for="iam_ldap_host">{{ lang.admin.iam_host }}:</label>
-            <div class="col-12 col-md-9 col-lg-4">
-              <input type="text" class="form-control" id="iam_ldap_host" name="host" value="{{ iam_settings.host }}" required>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill m-2 ms-0" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.admin.iam_host_info }}"></i>
+              <label class="control-label" for="iam_ldap_host">{{ lang.admin.iam_host }}:</label>
+            </div>
+            <div class="col-12 col-md-9 col-lg-4 d-flex">
+            <input type="text" class="form-control" id="iam_ldap_host" name="host" value="{{ iam_settings.host }}" required>
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end" for="iam_ldap_port">{{ lang.admin.iam_port }}:</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label" for="iam_ldap_port">{{ lang.admin.iam_port }}:</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <input type="number" class="form-control" id="iam_ldap_port" name="port" value="{{ iam_settings.port }}" required>
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_use_ssl }}</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label">{{ lang.admin.iam_use_ssl }}</label>
+            </div>
             <div class="col-12 col-md-9">
               <div class="form-check form-switch">
                 <input class="form-check-input" type="checkbox" role="switch" name="use_ssl" value="1" {% if iam_settings.use_ssl == 1 %}checked{% endif %}>
@@ -311,7 +358,9 @@
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_use_tls }}</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label">{{ lang.admin.iam_use_tls }}</label>
+            </div>
             <div class="col-12 col-md-9">
               <div class="form-check form-switch">
                 <input class="form-check-input" type="checkbox" role="switch" name="use_tls" value="1" {% if iam_settings.use_tls == 1 %}checked{% endif %}>
@@ -319,7 +368,9 @@
             </div>
           </div>
           <div class="row mb-4">
-            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.ignore_ssl_error }}</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label">{{ lang.admin.ignore_ssl_error }}</label>
+            </div>
             <div class="col-12 col-md-9">
               <div class="form-check form-switch">
                 <input class="form-check-input" type="checkbox" role="switch" name="ignore_ssl_error" value="1" {% if iam_settings.ignore_ssl_error == 1 %}checked{% endif %}>
@@ -327,37 +378,49 @@
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end" for="iam_ldap_basedn">{{ lang.admin.iam_basedn }}:</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label" for="iam_ldap_basedn">{{ lang.admin.iam_basedn }}:</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" id="iam_ldap_basedn" name="basedn" value="{{ iam_settings.basedn }}" required>
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end" for="iam_ldap_username_field">{{ lang.admin.iam_username_field }}:</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label" for="iam_ldap_username_field">{{ lang.admin.iam_username_field }}:</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" placeholder="mail" id="iam_ldap_username_field" name="username_field" value="{{ iam_settings.username_field }}">
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end" for="iam_ldap_filter">{{ lang.admin.filter }}:</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label" for="iam_ldap_filter">{{ lang.admin.filter }}:</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" placeholder="" id="iam_ldap_filter" name="filter" value="{{ iam_settings.filter }}">
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end" for="iam_ldap_attribute_field">{{ lang.admin.iam_attribute_field }}:</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label" for="iam_ldap_attribute_field">{{ lang.admin.iam_attribute_field }}:</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" id="iam_ldap_attribute_field" name="attribute_field" value="{{ iam_settings.attribute_field }}" required>
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end" for="iam_ldap_binddn">{{ lang.admin.iam_binddn }}:</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label" for="iam_ldap_binddn">{{ lang.admin.iam_binddn }}:</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <input type="text" class="form-control" id="iam_ldap_binddn" name="binddn" value="{{ iam_settings.binddn }}" required>
             </div>
           </div>
           <div class="row mb-4">
-            <label class="control-label col-md-3 text-sm-end" for="iam_ldap_bindpass">{{ lang.admin.iam_bindpass }}:</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label" for="iam_ldap_bindpass">{{ lang.admin.iam_bindpass }}:</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <div class="reveal-password-input input-group">
                 <input type="password" class="password-field form-control" id="iam_ldap_bindpass" name="bindpass" value="{{ iam_settings.bindpass }}" required>
@@ -366,7 +429,9 @@
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_mapping }}:</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label">{{ lang.admin.iam_mapping }}:</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <div class="row px-2 align-items-center">
                 <span class="col-5 p-0 pe-2">Attribute</span>
@@ -422,7 +487,9 @@
             {% endif %}
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_periodic_full_sync }}</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label">{{ lang.admin.iam_periodic_full_sync }}</label>
+            </div>
             <div class="col-12 col-md-9">
               <div class="form-check form-switch">
                 <input class="form-check-input" type="checkbox" role="switch" name="periodic_sync"  value="1" {% if iam_settings.periodic_sync == 1 %}checked{% endif %}>
@@ -430,7 +497,9 @@
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_import_users }}</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label">{{ lang.admin.iam_import_users }}</label>
+            </div>
             <div class="col-12 col-md-9">
               <div class="form-check form-switch">
                 <input class="form-check-input" type="checkbox" role="switch" name="import_users"  value="1" {% if iam_settings.import_users == 1 %}checked{% endif %}>
@@ -438,14 +507,16 @@
             </div>
           </div>
           <div class="row mb-2">
-            <label class="control-label col-md-3 text-sm-end">{{ lang.admin.iam_sync_interval }}</label>
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label">{{ lang.admin.iam_sync_interval }}</label>
+            </div>
             <div class="col-12 col-md-9 col-lg-4">
               <input class="form-control" type="number" min="1" name="sync_interval" style="width: 80px;"  {% if iam_settings.sync_interval %}value="{{ iam_settings.sync_interval }}"{% else %}value="15"{% endif %}>
             </div>
           </div>
           <div class="row mt-4 mb-2">
             <div class="offset-md-3 col-12 col-md-9 d-flex flex-wrap">
-              <div class="btn-group mb-2">   
+              <div class="btn-group mb-2">
                 <button class="btn btn-sm d-block d-sm-inline btn-secondary iam_test_connection iam_test_connection" data-id="iam_ldap"><i class="bi bi-play"></i> {{ lang.admin.iam_test_connection }}</button>
                 <button class="btn btn-sm d-block d-sm-inline btn-success" data-item="identity-provider" data-action="edit_selected" data-id="iam_ldap" data-api-url='edit/identity-provider' data-api-attr='{}'><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
               </div>

From c8c4cfd939a5c4fd91cbe0c892a9cc9614314f0e Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Sat, 30 Nov 2024 14:37:07 +0100
Subject: [PATCH 386/755] [Web] add ignore ssl option for keycloak and
 generic-oidc provider

---
 data/web/inc/functions.inc.php                | 23 +++++++++++++++----
 .../admin/tab-config-identity-provider.twig   | 20 ++++++++++++++++
 2 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 6ae49e7bc..dfe3a15ad 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2222,6 +2222,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
         return false;
       }
 
+      $_data['ignore_ssl_error']  = isset($_data['ignore_ssl_error']) ? boolval($_data['ignore_ssl_error']) : false;
       switch ($_data['authsource']) {
         case "keycloak":
           $_data['server_url']        = (!empty($_data['server_url'])) ? rtrim($_data['server_url'], '/') : null;
@@ -2230,14 +2231,14 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
           $_data['import_users']      = isset($_data['import_users']) ? intval($_data['import_users']) : 0;
           $_data['sync_interval']     = (!empty($_data['sync_interval'])) ? intval($_data['sync_interval']) : 15;
           $_data['sync_interval']     = $_data['sync_interval'] < 1 ? 1 : $_data['sync_interval'];
-          $required_settings          = array('authsource', 'server_url', 'realm', 'client_id', 'client_secret', 'redirect_url', 'version', 'mailpassword_flow', 'periodic_sync', 'import_users', 'sync_interval');
+          $required_settings          = array('authsource', 'server_url', 'realm', 'client_id', 'client_secret', 'redirect_url', 'version', 'mailpassword_flow', 'periodic_sync', 'import_users', 'sync_interval', 'ignore_ssl_error');
         break;
         case "generic-oidc":
           $_data['authorize_url']     = (!empty($_data['authorize_url'])) ? $_data['authorize_url'] : null;
           $_data['token_url']         = (!empty($_data['token_url'])) ? $_data['token_url'] : null;
           $_data['userinfo_url']      = (!empty($_data['userinfo_url'])) ? $_data['userinfo_url'] : null;
           $_data['client_scopes']     = (!empty($_data['client_scopes'])) ? $_data['client_scopes'] : "openid profile email";
-          $required_settings          = array('authsource', 'authorize_url', 'token_url', 'client_id', 'client_secret', 'redirect_url', 'userinfo_url', 'client_scopes');
+          $required_settings          = array('authsource', 'authorize_url', 'token_url', 'client_id', 'client_secret', 'redirect_url', 'userinfo_url', 'client_scopes', 'ignore_ssl_error');
         break;
         case "ldap":
           $_data['host']              = (!empty($_data['host'])) ? str_replace(" ", "", $_data['host']) : "";
@@ -2249,7 +2250,6 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
           $_data['import_users']      = isset($_data['import_users']) ? intval($_data['import_users']) : 0;
           $_data['use_ssl']           = isset($_data['use_ssl']) ? boolval($_data['use_ssl']) : false;
           $_data['use_tls']           = isset($_data['use_tls']) && !$_data['use_ssl'] ? boolval($_data['use_tls']) : false;
-          $_data['ignore_ssl_error']  = isset($_data['ignore_ssl_error']) ? boolval($_data['ignore_ssl_error']) : false;
           $_data['sync_interval']     = (!empty($_data['sync_interval'])) ? intval($_data['sync_interval']) : 15;
           $_data['sync_interval']     = $_data['sync_interval'] < 1 ? 1 : $_data['sync_interval'];
           $required_settings          = array('authsource', 'host', 'port', 'basedn', 'username_field', 'filter', 'attribute_field', 'binddn', 'bindpass', 'periodic_sync', 'import_users', 'sync_interval', 'use_ssl', 'use_tls', 'ignore_ssl_error');
@@ -2416,6 +2416,13 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
         case "keycloak":
           if ($settings['server_url'] && $settings['realm'] && $settings['client_id'] &&
             $settings['client_secret'] && $settings['redirect_url'] && $settings['version']){
+            $guzzyClient = new GuzzleHttp\Client([
+              'defaults' => [
+                \GuzzleHttp\RequestOptions::CONNECT_TIMEOUT => 5,
+                \GuzzleHttp\RequestOptions::ALLOW_REDIRECTS => true],
+                \GuzzleHttp\RequestOptions::VERIFY => !$settings['ignore_ssl_error'],
+              ]
+            );
             $provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
               'authServerUrl'         => $settings['server_url'],
               'realm'                 => $settings['realm'],
@@ -2427,11 +2434,19 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
               // 'encryptionKeyPath'     => '../key.pem'                         // optional
               // 'encryptionKey'         => 'contents_of_key_or_certificate'     // optional
             ]);
+            $provider->setHttpClient($guzzyClient);
           }
         break;
         case "generic-oidc":
           if ($settings['client_id'] && $settings['client_secret'] && $settings['redirect_url'] &&
             $settings['authorize_url'] && $settings['token_url'] && $settings['userinfo_url']){
+            $guzzyClient = new GuzzleHttp\Client([
+              'defaults' => [
+                \GuzzleHttp\RequestOptions::CONNECT_TIMEOUT => 5,
+                \GuzzleHttp\RequestOptions::ALLOW_REDIRECTS => true],
+                \GuzzleHttp\RequestOptions::VERIFY => !$settings['ignore_ssl_error'],
+              ]
+            );
             $provider = new \League\OAuth2\Client\Provider\GenericProvider([
               'clientId'                => $settings['client_id'],
               'clientSecret'            => $settings['client_secret'],
@@ -2441,6 +2456,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
               'urlResourceOwnerDetails' => $settings['userinfo_url'],
               'scopes'                  => $settings['client_scopes']
             ]);
+            $provider->setHttpClient($guzzyClient);
           }
         break;
         case "ldap":
@@ -2468,7 +2484,6 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
           }
         break;
       }
-
       return $provider;
     break;
     case "verify-sso":
diff --git a/data/web/templates/admin/tab-config-identity-provider.twig b/data/web/templates/admin/tab-config-identity-provider.twig
index e2cc56838..e2cea7fa2 100644
--- a/data/web/templates/admin/tab-config-identity-provider.twig
+++ b/data/web/templates/admin/tab-config-identity-provider.twig
@@ -157,6 +157,16 @@
               </p>
             </div>
           </div>
+          <div class="row mb-2">
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label">{{ lang.admin.ignore_ssl_error }}</label>
+            </div>
+            <div class="col-12 col-md-9">
+              <div class="form-check form-switch">
+                <input class="form-check-input" type="checkbox" role="switch" name="ignore_ssl_error" value="1" {% if iam_settings.ignore_ssl_error == 1 %}checked{% endif %}>
+              </div>
+            </div>
+          </div>
           <div class="row mb-2">
             <div class="col-md-3 d-flex align-items-center justify-content-md-end">
               <label class="control-label">{{ lang.admin.iam_periodic_full_sync }}</label>
@@ -316,6 +326,16 @@
             </div>
             {% endif %}
           </div>
+          <div class="row mb-4">
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label">{{ lang.admin.ignore_ssl_error }}</label>
+            </div>
+            <div class="col-12 col-md-9">
+              <div class="form-check form-switch">
+                <input class="form-check-input" type="checkbox" role="switch" name="ignore_ssl_error" value="1" {% if iam_settings.ignore_ssl_error == 1 %}checked{% endif %}>
+              </div>
+            </div>
+          </div>
           <div class="row mt-4 mb-2">
             <div class="offset-md-3 col-12 col-md-9 d-flex flex-wrap">
               <div class="btn-group mb-2">

From d61a08c2a9bc108cd085f8320bc1c3b09db17ede Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Sat, 30 Nov 2024 14:39:05 +0100
Subject: [PATCH 387/755] [Web] hide auth heading for external managed users

---
 data/web/templates/user/tab-user-auth.twig | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/data/web/templates/user/tab-user-auth.twig b/data/web/templates/user/tab-user-auth.twig
index 0f30d333c..5c90bedf5 100644
--- a/data/web/templates/user/tab-user-auth.twig
+++ b/data/web/templates/user/tab-user-auth.twig
@@ -43,7 +43,7 @@
               {{ mailboxdata.percent_in_use }}%
             </div>
           </div>
-          
+
           <div class="row">
             <div class="col-12 col-md-3 d-flex">
               <span class="mt-2 w-100 text-md-end">{{ lang.user.protocols }}:</span>
@@ -64,12 +64,12 @@
             </div>
             <div class="col-12 col-md-8">
               <div class="d-flex">
-                <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill me-2" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.user.apple_connection_profile_mailonly }}"></i> 
+                <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill me-2" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.user.apple_connection_profile_mailonly }}"></i>
                 <a href="/mobileconfig.php?only_email">{{ lang.user.email }} <small>[IMAP, SMTP]</small></a>
-              </div> 
+              </div>
               {% if not skip_sogo %}
               <div class="d-flex">
-                <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill me-2" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.user.apple_connection_profile_complete }}"></i>  
+                <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill me-2" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.user.apple_connection_profile_complete }}"></i>
                 <a href="/mobileconfig.php">{{ lang.user.email_and_dav }} <small>[IMAP, SMTP, Cal/CardDAV]</small></a>
               </div>
               {% endif %}
@@ -81,12 +81,12 @@
             </div>
             <div class="col-12 col-md-9">
               <div class="d-flex">
-                <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill me-2" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.user.apple_connection_profile_mailonly }} {{ lang.user.apple_connection_profile_with_app_password }}"></i> 
+                <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill me-2" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.user.apple_connection_profile_mailonly }} {{ lang.user.apple_connection_profile_with_app_password }}"></i>
                 <a href="/mobileconfig.php?only_email&amp;app_password">{{ lang.user.email }} <small>[IMAP, SMTP]</small></a>
               </div>
               {% if not skip_sogo %}
               <div class="d-flex">
-                <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill me-2" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.user.apple_connection_profile_complete }} {{ lang.user.apple_connection_profile_with_app_password }}"></i> 
+                <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill me-2" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.user.apple_connection_profile_complete }} {{ lang.user.apple_connection_profile_with_app_password }}"></i>
                 <a href="/mobileconfig.php?app_password">{{ lang.user.email_and_dav }} <small>[IMAP, SMTP, Cal/CardDAV]</small></a>
               </div>
               {% endif %}
@@ -99,10 +99,10 @@
             </div>
           </div>
 
+          {% if mailboxdata.authsource == "mailcow" %}
           <legend class="mt-4">{{ lang.user.authentication }}</legend>
           <hr>
           {# Password Change #}
-          {% if mailboxdata.authsource == "mailcow" %}
           <div class="row">
             <div class="col-12 col-md-3 d-flex"></div>
             <div class="col-12 col-md-9 d-flex flex-wrap">

From 45c13c687b7c294d24708cd44eb05062d0862d33 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Sun, 1 Dec 2024 16:36:16 +0100
Subject: [PATCH 388/755] [Web] update user based on template after login

---
 data/conf/phpfpm/crons/keycloak-sync.php | 16 +++---
 data/conf/phpfpm/crons/ldap-sync.php     |  6 ++-
 data/web/inc/functions.acl.inc.php       | 10 ++--
 data/web/inc/functions.auth.inc.php      |  2 +-
 data/web/inc/functions.inc.php           | 55 ++++++++++++---------
 data/web/inc/functions.mailbox.inc.php   | 62 ++++++++++++------------
 data/web/inc/functions.ratelimit.inc.php |  4 +-
 7 files changed, 85 insertions(+), 70 deletions(-)

diff --git a/data/conf/phpfpm/crons/keycloak-sync.php b/data/conf/phpfpm/crons/keycloak-sync.php
index 3a7b1da7b..a7e46c4fd 100644
--- a/data/conf/phpfpm/crons/keycloak-sync.php
+++ b/data/conf/phpfpm/crons/keycloak-sync.php
@@ -114,7 +114,7 @@ $iam_provider = identity_provider('init');
 while (true) {
   // Get admin access token
   $admin_token = identity_provider("get-keycloak-admin-token");
-  
+
   // Make the API request to retrieve the users
   $url = "{$iam_settings['server_url']}/admin/realms/{$iam_settings['realm']}/users?first=$start&max=$max";
   $ch = curl_init();
@@ -127,7 +127,7 @@ while (true) {
   $response = curl_exec($ch);
   $code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
   curl_close($ch);
-  
+
   if ($code != 200){
     logMsg("err", "Recieved HTTP {$code}");
     session_destroy();
@@ -157,8 +157,8 @@ while (true) {
       logMsg("warning", "No attributes in keycloak found for user " . $user['email']);
       continue;
     }
-    if (!isset($user['attributes']['mailcow_template']) || 
-        !is_array($user['attributes']['mailcow_template']) || 
+    if (!isset($user['attributes']['mailcow_template']) ||
+        !is_array($user['attributes']['mailcow_template']) ||
         count($user['attributes']['mailcow_template']) == 0) {
       logMsg("warning", "No mailcow_template in keycloak found for user " . $user['email']);
       continue;
@@ -195,7 +195,8 @@ while (true) {
         'local_part' => explode('@', $user['email'])[0],
         'name' => $user['firstName'] . " " . $user['lastName'],
         'authsource' => 'keycloak',
-        'template' => $mbox_template
+        'template' => $mbox_template,
+        'hasAccess' => true
       ));
     } else if ($row && intval($iam_settings['periodic_sync']) == 1) {
       // mailbox user does exist, sync attribtues...
@@ -203,7 +204,8 @@ while (true) {
       mailbox('edit', 'mailbox_from_template', array(
         'username' => $user['email'],
         'name' => $user['firstName'] . " " . $user['lastName'],
-        'template' => $mbox_template
+        'template' => $mbox_template,
+        'hasAccess' => true
       ));
     } else {
       // skip mailbox user
@@ -212,7 +214,7 @@ while (true) {
 
     sleep(0.025);
   }
-  
+
   // Update the pagination variables for the next batch
   $start += $max;
   sleep(1);
diff --git a/data/conf/phpfpm/crons/ldap-sync.php b/data/conf/phpfpm/crons/ldap-sync.php
index 75eddc7a1..da5533b39 100644
--- a/data/conf/phpfpm/crons/ldap-sync.php
+++ b/data/conf/phpfpm/crons/ldap-sync.php
@@ -159,7 +159,8 @@ foreach ($response as $user) {
       'local_part' => explode('@',  $user[$iam_settings['username_field']][0])[0],
       'name' => $user['displayname'][0],
       'authsource' => 'ldap',
-      'template' => $mbox_template
+      'template' => $mbox_template,
+      'hasAccess' => true
     ));
   } else if ($row && intval($iam_settings['periodic_sync']) == 1) {
     // mailbox user does exist, sync attribtues...
@@ -167,7 +168,8 @@ foreach ($response as $user) {
     mailbox('edit', 'mailbox_from_template', array(
       'username' =>  $user[$iam_settings['username_field']][0],
       'name' => $user['displayname'][0],
-      'template' => $mbox_template
+      'template' => $mbox_template,
+      'hasAccess' => true
     ));
   } else {
     // skip mailbox user
diff --git a/data/web/inc/functions.acl.inc.php b/data/web/inc/functions.acl.inc.php
index ffce9f44c..ffc7408fe 100644
--- a/data/web/inc/functions.acl.inc.php
+++ b/data/web/inc/functions.acl.inc.php
@@ -1,5 +1,5 @@
 <?php
-function acl($_action, $_scope = null, $_data = null) {
+function acl($_action, $_scope = null, $_data = null, $_extra = null) {
   global $pdo;
   global $lang;
   $_data_log = $_data;
@@ -23,8 +23,8 @@ function acl($_action, $_scope = null, $_data = null) {
               $acl_post[$acl_val] = 1;
             }
             // Users cannot change their own ACL
-            if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)
-              || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin')) {
+            if (!$_extra['hasAccess'] && (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)
+              || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin'))) {
               $_SESSION['return'][] = array(
                 'type' => 'danger',
                 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
@@ -34,7 +34,7 @@ function acl($_action, $_scope = null, $_data = null) {
             }
             // Read all available acl options by calling acl(get)
             // Set all available acl options we cannot find in the post data to 0, else 1
-            $is_now = acl('get', 'user', $username);
+            $is_now = acl('get', 'user', $username, $_extra);
             if (!empty($is_now)) {
               foreach ($is_now as $acl_now_name => $acl_now_val) {
                 $set_acls[$acl_now_name] = (isset($acl_post[$acl_now_name])) ? 1 : 0;
@@ -130,7 +130,7 @@ function acl($_action, $_scope = null, $_data = null) {
     case 'get':
       switch ($_scope) {
         case 'user':
-          if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
+          if (!$_extra['hasAccess'] && !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
             return false;
           }
           $stmt = $pdo->prepare("SELECT * FROM `user_acl` WHERE `username` = :username");
diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 74cd6d956..83c0a32eb 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -467,7 +467,7 @@ function keycloak_mbox_login_rest($user, $pass, $extra = null){
   $create_res = mailbox('add', 'mailbox_from_template', array(
     'domain' => explode('@', $user)[1],
     'local_part' => explode('@', $user)[0],
-    'name' => $user_res['firstName'] . " " . $user_res['lastName'],
+    'name' => $user_res['name'],
     'authsource' => 'keycloak',
     'template' => $iam_settings['templates'][$mapper_key]
   ));
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index dfe3a15ad..943d53e97 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2512,27 +2512,6 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       // check if email address is given
       if (empty($info['email'])) return false;
 
-      // token valid, get mailbox
-      $stmt = $pdo->prepare("SELECT * FROM `mailbox`
-        INNER JOIN domain on mailbox.domain = domain.domain
-        WHERE `kind` NOT REGEXP 'location|thing|group'
-          AND `mailbox`.`active`='1'
-          AND `domain`.`active`='1'
-          AND `username` = :user
-          AND (`authsource`='keycloak' OR `authsource`='generic-oidc')");
-      $stmt->execute(array(':user' => $info['email']));
-      $row = $stmt->fetch(PDO::FETCH_ASSOC);
-      if ($row){
-        // success
-        set_user_loggedin_session($info['email']);
-        $_SESSION['return'][] =  array(
-          'type' => 'success',
-          'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
-          'msg' => array('logged_in_as', $_SESSION['mailcow_cc_username'])
-        );
-        return true;
-      }
-
       // get mapped template, if not set return false
       // also return false if no mappers were defined
       $user_template = $info['mailcow_template'];
@@ -2558,13 +2537,43 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
         return false;
       }
 
+
+      // token valid, get mailbox
+      $stmt = $pdo->prepare("SELECT * FROM `mailbox`
+        INNER JOIN domain on mailbox.domain = domain.domain
+        WHERE `kind` NOT REGEXP 'location|thing|group'
+          AND `mailbox`.`active`='1'
+          AND `domain`.`active`='1'
+          AND `username` = :user
+          AND (`authsource`='keycloak' OR `authsource`='generic-oidc')");
+      $stmt->execute(array(':user' => $info['email']));
+      $row = $stmt->fetch(PDO::FETCH_ASSOC);
+      if ($row){
+        // success
+        // update user
+        mailbox('edit', 'mailbox_from_template', array(
+          'username' => $info['email'],
+          'name' => $info['name'],
+          'template' => $iam_settings['templates'][$mapper_key],
+          'hasAccess' => true
+        ));
+        set_user_loggedin_session($info['email']);
+        $_SESSION['return'][] =  array(
+          'type' => 'success',
+          'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
+          'msg' => array('logged_in_as', $_SESSION['mailcow_cc_username'])
+        );
+        return true;
+      }
+
       // create mailbox
       $create_res = mailbox('add', 'mailbox_from_template', array(
         'domain' => explode('@', $info['email'])[1],
         'local_part' => explode('@', $info['email'])[0],
-        'name' => $info['firstName'] . " " . $info['lastName'],
+        'name' => $info['name'],
         'authsource' => $iam_settings['authsource'],
-        'template' => $iam_settings['templates'][$mapper_key]
+        'template' => $iam_settings['templates'][$mapper_key],
+        'hasAccess' => true
       ));
       if (!$create_res){
         clear_session();
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 1b5b577f8..5c8d50d41 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1045,7 +1045,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             $password2 = '';
             $password_hashed = '';
           }
-          if (!$_extra['iam_create_login'] && ((!isset($_SESSION['acl']['unlimited_quota']) || $_SESSION['acl']['unlimited_quota'] != "1") && $quota_m === 0)) {
+          if (!$_extra['hasAccess'] && ((!isset($_SESSION['acl']['unlimited_quota']) || $_SESSION['acl']['unlimited_quota'] != "1") && $quota_m === 0)) {
             $_SESSION['return'][] = array(
               'type' => 'danger',
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -1101,7 +1101,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             );
             return false;
           }
-          if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain) && !$_extra['iam_create_login']) {
+          if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain) && !$_extra['hasAccess']) {
             $_SESSION['return'][] = array(
               'type' => 'danger',
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -1364,6 +1364,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           $attribute_hash = sha1(json_encode($mbox_template_data["attributes"]));
           $mbox_template_data = json_decode($mbox_template_data["attributes"], true);
           $mbox_template_data['domain'] = $_data['domain'];
+          $mbox_template_data['name'] = $_data['name'];
           $mbox_template_data['local_part'] = $_data['local_part'];
           $mbox_template_data['authsource'] = $_data['authsource'];
           $mbox_template_data['attribute_hash'] = $attribute_hash;
@@ -1381,7 +1382,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             }
           }
 
-          return mailbox('add', 'mailbox', $mailbox_attributes, array('iam_create_login' => true));
+          return mailbox('add', 'mailbox', $mailbox_attributes, array('hasAccess' => $_data['hasAccess']));
         break;
         case 'resource':
           $domain             = idn_to_ascii(strtolower(trim($_data['domain'])), 0, INTL_IDNA_VARIANT_UTS46);
@@ -1749,7 +1750,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           else {
             $usernames = $_data['username'];
           }
-          if (!isset($_SESSION['acl']['tls_policy']) || $_SESSION['acl']['tls_policy'] != "1" ) {
+          if (!$_extra['hasAccess'] && (!isset($_SESSION['acl']['tls_policy']) || $_SESSION['acl']['tls_policy'] != "1")) {
             $_SESSION['return'][] = array(
               'type' => 'danger',
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -1758,7 +1759,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             return false;
           }
           foreach ($usernames as $username) {
-            if (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
+            if (!$_extra['hasAccess'] && (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username))) {
               $_SESSION['return'][] = array(
                 'type' => 'danger',
                 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -1766,7 +1767,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               );
               continue;
             }
-            $is_now = mailbox('get', 'tls_policy', $username);
+            $is_now = mailbox('get', 'tls_policy', $username, $_extra);
             if (!empty($is_now)) {
               $tls_enforce_in = (isset($_data['tls_enforce_in'])) ? intval($_data['tls_enforce_in']) : $is_now['tls_enforce_in'];
               $tls_enforce_out = (isset($_data['tls_enforce_out'])) ? intval($_data['tls_enforce_out']) : $is_now['tls_enforce_out'];
@@ -1803,7 +1804,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           else {
             $usernames = $_data['username'];
           }
-          if (!isset($_SESSION['acl']['quarantine_notification']) || $_SESSION['acl']['quarantine_notification'] != "1" ) {
+          if (!$_extra['hasAccess'] && (!isset($_SESSION['acl']['quarantine_notification']) || $_SESSION['acl']['quarantine_notification'] != "1")) {
             $_SESSION['return'][] = array(
               'type' => 'danger',
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -1812,7 +1813,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             return false;
           }
           foreach ($usernames as $username) {
-            if (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
+            if (!$_extra['hasAccess'] && (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username))) {
               $_SESSION['return'][] = array(
                 'type' => 'danger',
                 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -1820,7 +1821,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               );
               continue;
             }
-            $is_now = mailbox('get', 'quarantine_notification', $username);
+            $is_now = mailbox('get', 'quarantine_notification', $username, $_extra);
             if (!empty($is_now)) {
               $quarantine_notification = (isset($_data['quarantine_notification'])) ? $_data['quarantine_notification'] : $is_now['quarantine_notification'];
             }
@@ -1862,7 +1863,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           else {
             $usernames = $_data['username'];
           }
-          if (!isset($_SESSION['acl']['quarantine_category']) || $_SESSION['acl']['quarantine_category'] != "1" ) {
+          if (!$_extra['hasAccess'] && (!isset($_SESSION['acl']['quarantine_category']) || $_SESSION['acl']['quarantine_category'] != "1")) {
             $_SESSION['return'][] = array(
               'type' => 'danger',
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -1871,7 +1872,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             return false;
           }
           foreach ($usernames as $username) {
-            if (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
+            if (!$_extra['hasAccess'] && (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username))) {
               $_SESSION['return'][] = array(
                 'type' => 'danger',
                 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -1879,7 +1880,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               );
               continue;
             }
-            $is_now = mailbox('get', 'quarantine_category', $username);
+            $is_now = mailbox('get', 'quarantine_category', $username, $_extra);
             if (!empty($is_now)) {
               $quarantine_category = (isset($_data['quarantine_category'])) ? $_data['quarantine_category'] : $is_now['quarantine_category'];
             }
@@ -2923,7 +2924,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               );
               continue;
             }
-            $is_now = mailbox('get', 'mailbox_details', $username);
+            $is_now = mailbox('get', 'mailbox_details', $username, $_extra);
             if (isset($_data['protocol_access'])) {
               $_data['protocol_access'] = (array)$_data['protocol_access'];
               $_data['imap_access'] = (in_array('imap', $_data['protocol_access'])) ? 1 : 0;
@@ -2963,7 +2964,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               continue;
             }
             // if already 0 == ok
-            if ((!isset($_SESSION['acl']['unlimited_quota']) || $_SESSION['acl']['unlimited_quota'] != "1") && ($quota_m == 0 && $is_now['quota'] != 0)) {
+            if (!$_extra['hasAccess'] && (!isset($_SESSION['acl']['unlimited_quota']) || $_SESSION['acl']['unlimited_quota'] != "1") && ($quota_m == 0 && $is_now['quota'] != 0)) {
               $_SESSION['return'][] = array(
                 'type' => 'danger',
                 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -2971,7 +2972,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               );
               return false;
             }
-            if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+            if (!$_extra['hasAccess'] && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
               $_SESSION['return'][] = array(
                 'type' => 'danger',
                 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -2998,7 +2999,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             }
             $extra_acls = array();
             if (isset($_data['extended_sender_acl'])) {
-              if (!isset($_SESSION['acl']['extend_sender_acl']) || $_SESSION['acl']['extend_sender_acl'] != "1" ) {
+              if (!$_extra['hasAccess'] && (!isset($_SESSION['acl']['extend_sender_acl']) || $_SESSION['acl']['extend_sender_acl'] != "1")) {
                 $_SESSION['return'][] = array(
                   'type' => 'danger',
                   'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -3493,7 +3494,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           }
 
           $attribute_hash = sha1(json_encode($mbox_template_data["attributes"]));
-          $is_now = mailbox('get', 'mailbox_details', $_data['username']);
+          $is_now = mailbox('get', 'mailbox_details', $_data['username'], array('hasAccess' => $_data['hasAccess']));
           $name = ltrim(rtrim($_data['name'], '>'), '<');
           if ($is_now['attributes']['attribute_hash'] == $attribute_hash && $is_now['name'] == $name)
             return true;
@@ -3529,19 +3530,20 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           }
 
           $mailbox_attributes['quota'] = intval($mailbox_attributes['quota'] / 1048576);
-          $result = mailbox('edit', 'mailbox', $mailbox_attributes);
+          $result = mailbox('edit', 'mailbox', $mailbox_attributes, array('hasAccess' => $_data['hasAccess']));
           if ($result === false) return $result;
-          $result = mailbox('edit', 'tls_policy', $tls_attributes);
+          $result = mailbox('edit', 'tls_policy', $tls_attributes, array('hasAccess' => $_data['hasAccess']));
           if ($result === false) return $result;
-          $result = mailbox('edit', 'quarantine_notification', $quarantine_attributes);
+          $result = mailbox('edit', 'quarantine_notification', $quarantine_attributes, array('hasAccess' => $_data['hasAccess']));
           if ($result === false) return $result;
-          $result = mailbox('edit', 'quarantine_category', $quarantine_attributes);
+          $result = mailbox('edit', 'quarantine_category', $quarantine_attributes, array('hasAccess' => $_data['hasAccess']));
           if ($result === false) return $result;
-          $result = ratelimit('edit', 'mailbox', $ratelimit_attributes);
+          $result = ratelimit('edit', 'mailbox', $ratelimit_attributes, array('hasAccess' => $_data['hasAccess']));
           if ($result === false) return $result;
-          $result = acl('edit', 'user', $acl_attributes);
+          $result = acl('edit', 'user', $acl_attributes, array('hasAccess' => $_data['hasAccess']));
           if ($result === false) return $result;
 
+          $_SESSION['return'] = array();
           return true;
         break;
         case 'mailbox_templates':
@@ -4077,7 +4079,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
         case 'tls_policy':
           $attrs = array();
           if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) {
-            if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
+            if (!$_extra['hasAccess'] && !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
               return false;
             }
           }
@@ -4096,7 +4098,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
         case 'quarantine_notification':
           $attrs = array();
           if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) {
-            if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
+            if (!$_extra['hasAccess'] && !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
               return false;
             }
           }
@@ -4112,7 +4114,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
         case 'quarantine_category':
           $attrs = array();
           if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) {
-            if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
+            if (!$_extra['hasAccess'] && (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data))) {
               return false;
             }
           }
@@ -4793,7 +4795,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           }
         break;
         case 'mailbox_details':
-          if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
+          if (!$_extra['hasAccess'] && !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
             return false;
           }
           $mailboxdata = array();
@@ -4891,7 +4893,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             else if ($SaslLogs['service'] == 'pop3') {
               $last_pop3_login = strtotime($SaslLogs['datetime']);
             }
-			else if ($SaslLogs['service'] == 'SSO') {
+			      else if ($SaslLogs['service'] == 'SSO') {
               $last_sso_login = strtotime($SaslLogs['datetime']);
             }
           }
@@ -4904,7 +4906,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           if (!isset($last_pop3_login) || $GLOBALS['SHOW_LAST_LOGIN'] === false) {
             $last_pop3_login = 0;
           }
-		  if (!isset($last_sso_login) || $GLOBALS['SHOW_LAST_LOGIN'] === false) {
+		      if (!isset($last_sso_login) || $GLOBALS['SHOW_LAST_LOGIN'] === false) {
             $last_sso_login = 0;
           }
           $mailboxdata['last_imap_login'] = $last_imap_login;
@@ -4956,7 +4958,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           return $mailboxdata;
         break;
         case 'mailbox_templates':
-          if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin" && !$_extra['iam_create_login']) {
+          if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin" && !$_extra['hasAccess']) {
             return false;
           }
           $_data = (isset($_data)) ? intval($_data) : null;
diff --git a/data/web/inc/functions.ratelimit.inc.php b/data/web/inc/functions.ratelimit.inc.php
index bc05cd362..c59accb54 100644
--- a/data/web/inc/functions.ratelimit.inc.php
+++ b/data/web/inc/functions.ratelimit.inc.php
@@ -4,7 +4,7 @@ function ratelimit($_action, $_scope, $_data = null, $_extra = null) {
   $_data_log = $_data;
   switch ($_action) {
     case 'edit':
-      if ((!isset($_SESSION['acl']['ratelimit']) || $_SESSION['acl']['ratelimit'] != "1") && !$_extra['iam_create_login']) {
+      if ((!isset($_SESSION['acl']['ratelimit']) || $_SESSION['acl']['ratelimit'] != "1") && !$_extra['hasAccess']) {
         $_SESSION['return'][] = array(
           'type' => 'danger',
           'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -93,7 +93,7 @@ function ratelimit($_action, $_scope, $_data = null, $_extra = null) {
               continue;
             }
             if ((!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)
-                || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin')) && !$_extra['iam_create_login']) {
+                || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin')) && !$_extra['hasAccess']) {
               $_SESSION['return'][] = array(
                 'type' => 'danger',
                 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),

From ccc8595665ea28ba92c3e6d66bd40b2d65890eca Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Sun, 1 Dec 2024 16:51:56 +0100
Subject: [PATCH 389/755] [SOGo] redirect to /user if unauthenticated

---
 data/conf/sogo/custom-sogo.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/conf/sogo/custom-sogo.js b/data/conf/sogo/custom-sogo.js
index e794372f0..1070efa40 100644
--- a/data/conf/sogo/custom-sogo.js
+++ b/data/conf/sogo/custom-sogo.js
@@ -2,7 +2,7 @@
 document.addEventListener('DOMContentLoaded', function () {
     var loginForm = document.forms.namedItem("loginForm");
     if (loginForm) {
-        window.location.href = '/';
+        window.location.href = '/user';
     }
 
     angularReady = false;
@@ -34,7 +34,7 @@ document.addEventListener('DOMContentLoaded', function () {
     function mcElementsExists() {
         if (document.getElementById("mc_backlink"))
             return true;
-        else 
+        else
             return false;
     }
     function addMCElements() {

From 59c68f2603680ca961d14021842e750cd2ec5ae0 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sun, 1 Dec 2024 17:49:10 +0100
Subject: [PATCH 390/755] Translations update from Weblate (#6190)

---
 data/web/lang/lang.fr-fr.json |  2 +-
 data/web/lang/lang.ru-ru.json | 25 ++++++++++++++++++-------
 2 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index d87632c68..386a4dfc6 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -207,7 +207,7 @@
         "include_exclude_info": "Par défaut - sans sélection - <b>toutes les boîte de réception</b> sont adressées",
         "includes": "Inclure ces destinataires",
         "last_applied": "Dernière application",
-        "license_info": "Une licence n’est pas requise, mais contribue au développement.<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL order\">Enregistrer votre GUID ici</a> or <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Support order\">acheter le support pour votre intallation Mailcow.</a>",
+        "license_info": "Une licence n’est pas requise, mais contribue au développement.<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL order\">Enregistrer votre GUID ici</a> ou <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Support order\">acheter le support pour votre installation Mailcow.</a>",
         "link": "Lien",
         "loading": "Veuillez patienter…",
         "logo_info": "Votre image sera redimensionnée à une hauteur de 40 pixels pour la barre de navigation du haut et à un maximum de 250 pixels en largeur pour la page d'accueil. Un graphique extensible est fortement recommandé.",
diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index ec86d7d06..5d1ef9af2 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -217,7 +217,7 @@
         "include_exclude_info": "По умолчанию - без выбора - <b>все почтовые ящики</b> адресованы",
         "includes": "Включить этих получателей",
         "ip_check": "Проверить IP",
-        "ip_check_disabled": "Проверка IP отключена. Вы можете включить его в разделе <br> <strong>Система > Конфигурация > Параметры > Персонализация</strong>.",
+        "ip_check_disabled": "Проверка IP-адресов отключена. Вы можете включить её в разделе <br> <strong>Система > Конфигурация > Параметры > Персонализация</strong>.",
         "ip_check_opt_in": "Согласие на использование сторонних служб <strong>ipv4.mailcow.email</strong> и <strong>ipv6.mailcow.email</strong> для разрешения внешних IP-адресов.",
         "is_mx_based": "На основе MX",
         "last_applied": "Посл. применение",
@@ -228,7 +228,7 @@
         "logo_dark_label": "Инвертированный для темного режима",
         "logo_info": "Ваше изображение будет масштабироваться до высоты 40px для верхней панели навигации и до 250px ширины для стартовой страницы. <br>Рекомендуется использовать векторную графику, например: .svg.",
         "logo_normal_label": "Обычный",
-        "lookup_mx": "Назначение на основе резовинга MX записи по регулярному выражению (<code>.*\\.example\\.com$</code> для маршрутизации всей почты через этот хост, если MX заканчивающийся на example.com)",
+        "lookup_mx": "Назначение - регулярное выражение для сопоставления с именем MX (<code>.*\\.google\\.com</code> для направления всей почты, адресованной MX, заканчивающейся на google.com, через этот хоп)",
         "main_name": "Название для \"mailcow UI\"",
         "merged_vars_hint": "Серым цветом выделены строки полученные из <code>vars.(local.)inc.php</code>, они не могут быть изменены.",
         "message": "Сообщение",
@@ -512,7 +512,17 @@
         "processing": "Пожалуйста, подождите...",
         "search": "Поиск:",
         "thousands": " ",
-        "zeroRecords": "Не найдено соответствующих записей"
+        "zeroRecords": "Не найдено соответствующих записей",
+        "paginate": {
+            "first": "Первая",
+            "last": "Последняя",
+            "next": "Следующая",
+            "previous": "Предыдущая"
+        },
+        "aria": {
+            "sortAscending": ": активируйте для сортировки столбца по возрастанию",
+            "sortDescending": ": активируйте для сортировки столбца по убыванию"
+        }
     },
     "debug": {
         "architecture": "Архитектура",
@@ -736,7 +746,7 @@
     "header": {
         "administration": "Настройка сервера",
         "apps": "Приложения",
-        "debug": "Состояние сервера",
+        "debug": "Информация",
         "email": "E-Mail",
         "mailcow_config": "Конфигурация",
         "mailcow_system": "Система",
@@ -900,7 +910,7 @@
         "sieve_preset_5": "Auto responder (vacation)",
         "sieve_preset_6": "Reject mail with response",
         "sieve_preset_7": "Redirect and keep/drop",
-        "sieve_preset_8": "Discard message sent to an alias address the sender is part of",
+        "sieve_preset_8": "Переслать письмо от определенного отправителя, пометить его как прочитанное и поместить в подпапку",
         "sieve_preset_header": "Пожалуйста, ознакомьтесь с примерами ниже. Для более подробной информации прочитайте <a href=\"https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)\" target=\"_blank\">Sieve Wikipedia</a>.",
         "sogo_visible": "Отображать псевдоним в SOGo",
         "sogo_visible_n": "Не отображать псевдоним в SOGo",
@@ -1016,7 +1026,8 @@
         "queue_manager": "Очередь на отправку",
         "show_message": "Показать сообщение",
         "unhold_mail": "Высвободить",
-        "unhold_mail_legend": "Освобождает выбранные письма для доставки. (Требуется предварительное удержание)"
+        "unhold_mail_legend": "Освобождает выбранные письма для доставки. (Требуется предварительное удержание)",
+        "unban": "освободить очередь"
     },
     "ratelimit": {
         "day": "сообщений / день",
@@ -1173,7 +1184,7 @@
         "apple_connection_profile_with_app_password": "Новый пароль приложения генерируется и добавляется в профиль, поэтому при настройке устройства не требуется вводить пароль. Не предоставляйте доступ к файлу, поскольку он предоставляет полный доступ к вашему почтовому ящику.",
         "attribute": "Атрибут",
         "change_password": "Изменить пароль",
-        "change_password_hint_app_passwords": "В вашей учетной записи есть {{number_of_app_passwords}} паролей приложений, которые не будут изменены. Чтобы управлять ими, перейдите на вкладку \"Пароли приложений\".",
+        "change_password_hint_app_passwords": "В вашей учетной записи есть %d паролей приложений, которые не будут изменены. Чтобы управлять ими, перейдите на вкладку \"Пароли приложений\".",
         "clear_recent_successful_connections": "Очистить историю успешных подключений",
         "client_configuration": "Показать руководство по настройке почтовых клиентов и смартфонов",
         "create_app_passwd": "Создать новый пароль",

From f3060b37a6f58e52500b87c2a59026af93e8c99d Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sun, 1 Dec 2024 17:49:28 +0100
Subject: [PATCH 391/755] update postscreen_access.cidr (#6189)

---
 data/conf/postfix/postscreen_access.cidr | 76 ++++++------------------
 1 file changed, 17 insertions(+), 59 deletions(-)

diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr
index 7a1cbf6ae..1dbe94773 100644
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@@ -1,6 +1,6 @@
-# Whitelist generated by Postwhite v3.4 on Fri Nov  1 00:18:49 UTC 2024
+# Whitelist generated by Postwhite v3.4 on Sun Dec  1 00:21:36 UTC 2024
 # https://github.com/stevejenkins/postwhite/
-# 2013 total rules
+# 1971 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
 2a01:111:f403:8000::/50	permit
@@ -19,8 +19,7 @@
 8.20.114.31	permit
 8.25.194.0/23	permit
 8.25.196.0/23	permit
-8.39.54.0/23	permit
-8.40.222.0/23	permit
+10.162.0.0/16	permit
 12.130.86.238	permit
 13.110.208.0/21	permit
 13.110.209.0/24	permit
@@ -31,9 +30,11 @@
 15.200.21.50	permit
 15.200.44.248	permit
 15.200.201.185	permit
+17.41.0.0/16	permit
 17.57.155.0/24	permit
 17.57.156.0/24	permit
 17.58.0.0/16	permit
+17.142.0.0/15	permit
 17.143.234.140/30	permit
 18.156.89.250	permit
 18.157.243.190	permit
@@ -116,7 +117,6 @@
 40.233.64.216	permit
 40.233.83.78	permit
 40.233.88.28	permit
-43.228.184.0/22	permit
 44.206.138.57	permit
 44.217.45.156	permit
 44.236.56.93	permit
@@ -325,7 +325,6 @@
 65.110.161.77	permit
 65.123.29.213	permit
 65.123.29.220	permit
-65.154.166.0/24	permit
 65.212.180.36	permit
 66.102.0.0/20	permit
 66.119.150.192/26	permit
@@ -1114,10 +1113,8 @@
 98.139.245.212/31	permit
 99.78.197.208/28	permit
 99.83.190.102	permit
-103.2.140.0/22	permit
 103.9.96.0/22	permit
 103.28.42.0/24	permit
-103.47.204.0/22	permit
 103.151.192.0/23	permit
 103.168.172.128/27	permit
 104.43.243.237	permit
@@ -1285,9 +1282,6 @@
 117.120.16.0/21	permit
 119.42.242.52/31	permit
 119.42.242.156	permit
-121.244.91.48	permit
-121.244.91.52	permit
-122.15.156.182	permit
 123.126.78.64/29	permit
 124.108.96.24/31	permit
 124.108.96.28/31	permit
@@ -1348,19 +1342,7 @@
 134.170.141.64/26	permit
 134.170.143.0/24	permit
 134.170.174.0/24	permit
-135.84.80.0/24	permit
-135.84.81.0/24	permit
-135.84.82.0/24	permit
-135.84.83.0/24	permit
 135.84.216.0/22	permit
-136.143.160.0/24	permit
-136.143.161.0/24	permit
-136.143.162.0/24	permit
-136.143.178.49	permit
-136.143.182.0/23	permit
-136.143.184.0/24	permit
-136.143.188.0/24	permit
-136.143.190.0/23	permit
 136.147.128.0/20	permit
 136.147.135.0/24	permit
 136.147.176.0/20	permit
@@ -1375,7 +1357,6 @@
 139.138.46.219	permit
 139.138.57.55	permit
 139.138.58.119	permit
-139.167.79.86	permit
 139.180.17.0/24	permit
 140.238.148.191	permit
 141.148.159.229	permit
@@ -1410,6 +1391,7 @@
 146.20.215.0/24	permit
 146.20.215.182	permit
 146.88.28.0/24	permit
+147.154.32.0/25	permit
 147.243.1.47	permit
 147.243.1.48	permit
 147.243.1.153	permit
@@ -1450,7 +1432,6 @@
 157.151.208.65	permit
 157.255.1.64/29	permit
 158.101.211.207	permit
-158.120.80.0/21	permit
 158.247.16.0/20	permit
 159.92.154.0/24	permit
 159.92.155.0/24	permit
@@ -1478,6 +1459,11 @@
 161.38.204.0/22	permit
 161.71.32.0/19	permit
 161.71.64.0/20	permit
+162.88.4.0/23	permit
+162.88.8.0/24	permit
+162.88.24.0/24	permit
+162.88.25.0/24	permit
+162.88.36.0/24	permit
 162.247.216.0/22	permit
 163.47.180.0/22	permit
 163.114.130.16	permit
@@ -1486,7 +1472,6 @@
 163.114.135.16	permit
 164.152.23.32	permit
 164.177.132.168/30	permit
-165.173.128.0/24	permit
 166.78.68.0/22	permit
 166.78.68.221	permit
 166.78.69.169	permit
@@ -1515,12 +1500,6 @@
 168.245.12.252	permit
 168.245.46.9	permit
 168.245.127.231	permit
-169.148.129.0/24	permit
-169.148.131.0/24	permit
-169.148.142.10	permit
-169.148.144.0/25	permit
-169.148.144.10	permit
-170.10.68.0/22	permit
 170.10.128.0/24	permit
 170.10.129.0/24	permit
 170.10.132.56/29	permit
@@ -1626,6 +1605,7 @@
 192.18.139.154	permit
 192.18.145.36	permit
 192.18.152.58	permit
+192.29.103.128/25	permit
 192.30.252.0/22	permit
 192.161.144.0/20	permit
 192.162.87.0/24	permit
@@ -1651,14 +1631,6 @@
 195.234.109.226	permit
 195.245.230.0/23	permit
 198.2.128.0/18	permit
-198.2.128.0/24	permit
-198.2.132.0/22	permit
-198.2.136.0/23	permit
-198.2.145.0/24	permit
-198.2.177.0/24	permit
-198.2.178.0/23	permit
-198.2.180.0/24	permit
-198.2.186.0/23	permit
 198.21.0.0/21	permit
 198.37.144.0/20	permit
 198.37.152.186	permit
@@ -1678,15 +1650,7 @@
 199.16.156.0/22	permit
 199.33.145.1	permit
 199.33.145.32	permit
-199.34.22.36	permit
 199.59.148.0/22	permit
-199.67.80.2	permit
-199.67.80.20	permit
-199.67.82.2	permit
-199.67.82.20	permit
-199.67.84.0/24	permit
-199.67.86.0/24	permit
-199.67.88.0/24	permit
 199.101.161.130	permit
 199.101.162.0/25	permit
 199.122.120.0/21	permit
@@ -1698,7 +1662,6 @@
 202.165.102.47	permit
 202.177.148.100	permit
 202.177.148.110	permit
-203.31.36.0/22	permit
 203.32.4.25	permit
 203.55.21.0/24	permit
 203.81.17.0/24	permit
@@ -1744,19 +1707,13 @@
 204.92.114.187	permit
 204.92.114.203	permit
 204.92.114.204/31	permit
-204.141.32.0/23	permit
-204.141.42.0/23	permit
 204.220.160.0/21	permit
 204.220.168.0/21	permit
 204.220.176.0/20	permit
 204.232.168.0/24	permit
 205.139.110.0/24	permit
 205.201.128.0/20	permit
-205.201.131.128/25	permit
-205.201.134.128/25	permit
-205.201.136.0/23	permit
 205.201.137.229	permit
-205.201.139.0/24	permit
 205.207.104.0/22	permit
 205.220.167.17	permit
 205.220.167.98	permit
@@ -1784,7 +1741,6 @@
 207.46.132.128/27	permit
 207.46.198.0/25	permit
 207.46.200.0/27	permit
-207.58.147.64/28	permit
 207.67.38.0/24	permit
 207.67.98.192/27	permit
 207.68.176.0/26	permit
@@ -1831,6 +1787,8 @@
 208.74.204.5	permit
 208.74.204.9	permit
 208.75.120.0/22	permit
+208.76.62.0/24	permit
+208.76.63.0/24	permit
 208.82.237.96/29	permit
 208.82.237.104/31	permit
 208.82.238.96/29	permit
@@ -1930,7 +1888,6 @@
 213.199.177.0/26	permit
 216.17.150.242	permit
 216.17.150.251	permit
-216.22.15.224/27	permit
 216.24.224.0/20	permit
 216.39.60.154/31	permit
 216.39.60.156/30	permit
@@ -1973,7 +1930,10 @@
 216.136.162.65	permit
 216.136.162.120/29	permit
 216.136.168.80/28	permit
+216.139.64.0/19	permit
 216.145.221.0/24	permit
+216.146.32.0/24	permit
+216.146.33.0/24	permit
 216.198.0.0/18	permit
 216.203.30.55	permit
 216.203.33.178/31	permit
@@ -1999,8 +1959,6 @@
 2603:1030:20e:3::23c	permit
 2603:1030:b:3::152	permit
 2603:1030:c02:8::14	permit
-2607:13c0:0001:0000:0000:0000:0000:7000/116	permit
-2607:13c0:0002:0000:0000:0000:0000:1000/116	permit
 2607:f8b0:4000::/36	permit
 2620:109:c003:104::/64	permit
 2620:109:c003:104::215	permit

From 6fa1c9f63df04b95a3e634f6b0fe417278c53ff3 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 2 Dec 2024 10:24:15 +0100
Subject: [PATCH 392/755] [Web] protect /get/identity-provider

---
 data/web/json_api.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/data/web/json_api.php b/data/web/json_api.php
index 4e9d2a0ed..36b39b0e6 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -1707,8 +1707,13 @@ if (isset($_GET['query'])) {
             if ($score)
               $score = array("score" => preg_replace("/\s+/", "", $score));
             process_get_return($score);
-          case "identity_provider":
-            process_get_return($iam_settings);
+          break;
+          case "identity-provider":
+            if($_SESSION['mailcow_cc_role'] === 'admin') {
+              process_get_return($iam_settings);
+            } else {
+              process_get_return(null);
+            }
           break;
         break;
         // return no route found if no case is matched
@@ -2086,7 +2091,6 @@ if (isset($_GET['query'])) {
         break;
         case "cors":
           process_edit_return(cors('edit', $attr));
-        case "identity_provider":
         case "identity-provider":
           process_edit_return(identity_provider('edit', $attr));
         break;

From f36184df64eb6481c23a9fc11fd06569c62d118c Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 2 Dec 2024 10:35:45 +0100
Subject: [PATCH 393/755] [Web] update mailbox on idp login

---
 data/web/inc/functions.auth.inc.php | 50 ++++++++++++++++--------
 data/web/inc/functions.inc.php      | 59 ++++++++++++++---------------
 2 files changed, 63 insertions(+), 46 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 83c0a32eb..9bea24995 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -449,18 +449,26 @@ function keycloak_mbox_login_rest($user, $pass, $extra = null){
     return false;
   }
 
-  // get mapped template, if not set return false
-  // also return false if no mappers were defined
+  // get mapped template
   $user_template = $user_res['attributes']['mailcow_template'][0];
-  if ($create && (empty($iam_settings['mappers']) || !$user_template)){
-    return false;
-  } else if (!$create) {
-    // login success - dont create mailbox
+  $mapper_key = array_search($user_template, $iam_settings['mappers']);
+
+  if (!$create) {
+    // login success
+    if ($mapper_key !== false) {
+      // update user
+      mailbox('edit', 'mailbox_from_template', array(
+        'username' => $user,
+        'name' => $user_res['name'],
+        'template' => $iam_settings['templates'][$mapper_key],
+        'hasAccess' => true
+      ));
+    }
     return 'user';
   }
 
   // check if matching attribute exist
-  $mapper_key = array_search($user_template, $iam_settings['mappers']);
+  if (empty($iam_settings['mappers']) || !$user_template) return false;
   if ($mapper_key === false) return false;
 
   // create mailbox
@@ -469,7 +477,8 @@ function keycloak_mbox_login_rest($user, $pass, $extra = null){
     'local_part' => explode('@', $user)[0],
     'name' => $user_res['name'],
     'authsource' => 'keycloak',
-    'template' => $iam_settings['templates'][$mapper_key]
+    'template' => $iam_settings['templates'][$mapper_key],
+    'hasAccess' => true
   ));
   if (!$create_res) return false;
 
@@ -536,18 +545,26 @@ function ldap_mbox_login($user, $pass, $extra = null){
     return false;
   }
 
-  // get mapped template, if not set return false
-  // also return false if no mappers were defined
+  // get mapped template
   $user_template = $user_res[$iam_settings['attribute_field']][0];
-  if ($create && (empty($iam_settings['mappers']) || !$user_template)){
-    return false;
-  } else if (!$create) {
-    // login success - dont create mailbox
+  $mapper_key = array_search($user_template, $iam_settings['mappers']);
+
+  if (!$create) {
+    // login success
+    if ($mapper_key !== false) {
+      // update user
+      mailbox('edit', 'mailbox_from_template', array(
+        'username' => $user,
+        'name' => $user_res['displayname'][0],
+        'template' => $iam_settings['templates'][$mapper_key],
+        'hasAccess' => true
+      ));
+    }
     return 'user';
   }
 
   // check if matching attribute exist
-  $mapper_key = array_search($user_template, $iam_settings['mappers']);
+  if (empty($iam_settings['mappers']) || !$user_template) return false;
   if ($mapper_key === false) return false;
 
   // create mailbox
@@ -556,7 +573,8 @@ function ldap_mbox_login($user, $pass, $extra = null){
     'local_part' => explode('@', $user)[0],
     'name' => $user_res['displayname'][0],
     'authsource' => 'ldap',
-    'template' => $iam_settings['templates'][$mapper_key]
+    'template' => $iam_settings['templates'][$mapper_key],
+    'hasAccess' => true
   ));
   if (!$create_res) return false;
 
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 943d53e97..dece39eef 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2512,31 +2512,9 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       // check if email address is given
       if (empty($info['email'])) return false;
 
-      // get mapped template, if not set return false
-      // also return false if no mappers were defined
+      // get mapped template
       $user_template = $info['mailcow_template'];
-      if (empty($iam_settings['mappers']) || empty($user_template)){
-        clear_session();
-        $_SESSION['return'][] =  array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $info['email']),
-          'msg' => array('login_failed', 'empty attribute mapping or missing template attribute')
-        );
-        return false;
-      }
-
-      // check if matching attribute exist
       $mapper_key = array_search($user_template, $iam_settings['mappers']);
-      if ($mapper_key === false) {
-        clear_session();
-        $_SESSION['return'][] =  array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $info['email']),
-          'msg' => array('login_failed', 'specified template not found')
-        );
-        return false;
-      }
-
 
       // token valid, get mailbox
       $stmt = $pdo->prepare("SELECT * FROM `mailbox`
@@ -2550,13 +2528,15 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       $row = $stmt->fetch(PDO::FETCH_ASSOC);
       if ($row){
         // success
-        // update user
-        mailbox('edit', 'mailbox_from_template', array(
-          'username' => $info['email'],
-          'name' => $info['name'],
-          'template' => $iam_settings['templates'][$mapper_key],
-          'hasAccess' => true
-        ));
+        if ($mapper_key !== false) {
+          // update user
+          mailbox('edit', 'mailbox_from_template', array(
+            'username' => $info['email'],
+            'name' => $info['name'],
+            'template' => $iam_settings['templates'][$mapper_key],
+            'hasAccess' => true
+          ));
+        }
         set_user_loggedin_session($info['email']);
         $_SESSION['return'][] =  array(
           'type' => 'success',
@@ -2566,6 +2546,25 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
         return true;
       }
 
+      if (empty($iam_settings['mappers']) || empty($user_template)){
+        clear_session();
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $info['email']),
+          'msg' => array('login_failed', 'empty attribute mapping or missing template attribute')
+        );
+        return false;
+      }
+      if ($mapper_key === false) {
+        clear_session();
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $info['email']),
+          'msg' => array('login_failed', 'specified template not found')
+        );
+        return false;
+      }
+
       // create mailbox
       $create_res = mailbox('add', 'mailbox_from_template', array(
         'domain' => explode('@', $info['email'])[1],

From 83e53eb524c816b9b99209bb1a5000ea8821b9e1 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 2 Dec 2024 11:55:17 +0100
Subject: [PATCH 394/755] [Web] fix incomplete session on broken logins

---
 data/web/inc/functions.inc.php | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index dece39eef..711bd5787 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2498,8 +2498,8 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
 
       try {
         $token = $iam_provider->getAccessToken('authorization_code', ['code' => $_GET['code']]);
-        $_SESSION['iam_token'] = $token->getToken();
-        $_SESSION['iam_refresh_token'] = $token->getRefreshToken();
+        $plain_token = $token->getToken();
+        $plain_refreshtoken = $token->getRefreshToken();
         $info = $iam_provider->getResourceOwner($token)->toArray();
       } catch (Throwable $e) {
         $_SESSION['return'][] =  array(
@@ -2538,6 +2538,8 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
           ));
         }
         set_user_loggedin_session($info['email']);
+        $_SESSION['iam_token'] = $plain_token;
+        $_SESSION['iam_refresh_token'] = $plain_refreshtoken;
         $_SESSION['return'][] =  array(
           'type' => 'success',
           'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
@@ -2585,6 +2587,8 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       }
 
       set_user_loggedin_session($info['email']);
+      $_SESSION['iam_token'] = $plain_token;
+      $_SESSION['iam_refresh_token'] = $plain_refreshtoken;
       $_SESSION['return'][] =  array(
         'type' => 'success',
         'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']),
@@ -2595,8 +2599,8 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
     case "refresh-token":
       try {
         $token = $iam_provider->getAccessToken('refresh_token', ['refresh_token' => $_SESSION['iam_refresh_token']]);
-        $_SESSION['iam_token'] = $token->getToken();
-        $_SESSION['iam_refresh_token'] = $token->getRefreshToken();
+        $plain_token = $token->getToken();
+        $plain_refreshtoken = $token->getRefreshToken();
         $info = $iam_provider->getResourceOwner($token)->toArray();
       } catch (Throwable $e) {
         clear_session();
@@ -2618,8 +2622,9 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
         return false;
       }
 
-      $_SESSION['mailcow_cc_username'] = $info['email'];
-      $_SESSION['mailcow_cc_role'] = "user";
+      set_user_loggedin_session($info['email']);
+      $_SESSION['iam_token'] = $plain_token;
+      $_SESSION['iam_refresh_token'] = $plain_refreshtoken;
       return true;
     break;
     case "get-redirect":

From 896a9638d6b55c15081a8ca0ee172797988640e5 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 2 Dec 2024 14:16:43 +0100
Subject: [PATCH 395/755] Fix mailcowauth

---
 data/conf/dovecot/auth/mailcowauth.php   | 23 +++++++++++++++++++++--
 data/web/inc/functions.ratelimit.inc.php |  8 ++++----
 docker-compose.yml                       |  1 +
 3 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/data/conf/dovecot/auth/mailcowauth.php b/data/conf/dovecot/auth/mailcowauth.php
index 6d7660577..4f10ed535 100644
--- a/data/conf/dovecot/auth/mailcowauth.php
+++ b/data/conf/dovecot/auth/mailcowauth.php
@@ -22,6 +22,24 @@ if (file_exists('../../../web/inc/vars.local.inc.php')) {
 }
 require_once '../../../web/inc/lib/vendor/autoload.php';
 
+
+// Init Redis
+$redis = new Redis();
+try {
+  if (!empty(getenv('REDIS_SLAVEOF_IP'))) {
+    $redis->connect(getenv('REDIS_SLAVEOF_IP'), getenv('REDIS_SLAVEOF_PORT'));
+  }
+  else {
+    $redis->connect('redis-mailcow', 6379);
+  }
+}
+catch (Exception $e) {
+  error_log("MAILCOWAUTH: " . $e . PHP_EOL);
+  http_response_code(500); // Internal Server Error
+  echo json_encode($return);
+  exit;
+}
+
 // Init database
 $dsn = $database_type . ":unix_socket=" . $database_sock . ";dbname=" . $database_name;
 $opt = [
@@ -44,6 +62,8 @@ require_once 'functions.inc.php';
 require_once 'functions.auth.inc.php';
 require_once 'sessions.inc.php';
 require_once 'functions.mailbox.inc.php';
+require_once 'functions.ratelimit.inc.php';
+require_once 'functions.acl.inc.php';
 
 
 $isSOGoRequest = $post['real_rip'] == getenv('IPV4_NETWORK') . '.248';
@@ -69,8 +89,7 @@ if ($result === false){
   // Init Identity Provider
   $iam_provider = identity_provider('init');
   $iam_settings = identity_provider('get');
-  error_log('MAILCOWAUTH Try: User auth for user ' . $post['username']);
-  $result = user_login($post['username'], $post['password'], $protocol, array('is_internal' => true));
+  $result = user_login($post['username'], $post['password'], array('is_internal' => true));
   if ($result) error_log('MAILCOWAUTH: User auth for user ' . $post['username']);
 }
 
diff --git a/data/web/inc/functions.ratelimit.inc.php b/data/web/inc/functions.ratelimit.inc.php
index c59accb54..5779ad77c 100644
--- a/data/web/inc/functions.ratelimit.inc.php
+++ b/data/web/inc/functions.ratelimit.inc.php
@@ -92,8 +92,8 @@ function ratelimit($_action, $_scope, $_data = null, $_extra = null) {
               );
               continue;
             }
-            if ((!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)
-                || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin')) && !$_extra['hasAccess']) {
+            if (((!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)
+                || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin'))) && !$_extra['hasAccess']) {
               $_SESSION['return'][] = array(
                 'type' => 'danger',
                 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
@@ -139,7 +139,7 @@ function ratelimit($_action, $_scope, $_data = null, $_extra = null) {
     case 'get':
       switch ($_scope) {
         case 'domain':
-          if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
+          if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data) && !$_extra['hasAccess']) {
             return false;
           }
           try {
@@ -164,7 +164,7 @@ function ratelimit($_action, $_scope, $_data = null, $_extra = null) {
           return false;
         break;
         case 'mailbox':
-          if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)
+          if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data && !$_extra['hasAccess'])
             || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin')) {
             return false;
           }
diff --git a/docker-compose.yml b/docker-compose.yml
index a55f0c02c..85395b645 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -127,6 +127,7 @@ services:
         - ./data/web/inc/sessions.inc.php:/mailcowauth/sessions.inc.php:z
         - ./data/web/inc/functions.mailbox.inc.php:/mailcowauth/functions.mailbox.inc.php:z
         - ./data/web/inc/functions.ratelimit.inc.php:/mailcowauth/functions.ratelimit.inc.php:z
+        - ./data/web/inc/functions.acl.inc.php:/mailcowauth/functions.acl.inc.php:z
         - rspamd-vol-1:/var/lib/rspamd
         - mysql-socket-vol-1:/var/run/mysqld/
         - ./data/conf/sogo/:/etc/sogo/:z

From 6e8e13cebc45c4e6172fa78c8fb8481d53e0d7e5 Mon Sep 17 00:00:00 2001
From: i-curve <wjuncurve@gmail.com>
Date: Wed, 4 Dec 2024 19:28:14 +0800
Subject: [PATCH 396/755] fix: check docker version fail in generate_config.sh
 #6187 (#6188)

close #6187

Signed-off-by: i-curve <i-curve@qq.com>
Co-authored-by: Niklas Meyer <niklas.meyer@servercow.de>
---
 generate_config.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/generate_config.sh b/generate_config.sh
index 46a36a179..915a5d907 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -26,7 +26,7 @@ for bin in openssl curl docker git awk sha1sum grep cut; do
 done
 
 # Check Docker Version (need at least 24.X)
-docker_version=$(docker -v | grep -oP '\d+\.\d+\.\d+' | cut -d '.' -f 1)
+docker_version=$(docker -v | grep -oP '\d+\.\d+\.\d+' | head -n 1 | cut -d '.' -f 1)
 
 if [[ $docker_version -lt 24 ]]; then
   echo -e "\e[31mCannot find Docker with a Version higher or equals 24.0.0\e[0m"

From 1d6513ffbabdde974bca853d15f4ecd889111c09 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 4 Dec 2024 14:49:31 +0100
Subject: [PATCH 397/755] [Web] fix idp login alerts and updates

---
 data/web/inc/functions.auth.inc.php    | 10 ++++++++--
 data/web/inc/functions.mailbox.inc.php | 22 ++++++++++++++--------
 2 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 9bea24995..f9d82f1ad 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -480,7 +480,10 @@ function keycloak_mbox_login_rest($user, $pass, $extra = null){
     'template' => $iam_settings['templates'][$mapper_key],
     'hasAccess' => true
   ));
-  if (!$create_res) return false;
+  if (!$create_res){
+    clear_session();
+    return false;
+  }
 
   return 'user';
 }
@@ -576,7 +579,10 @@ function ldap_mbox_login($user, $pass, $extra = null){
     'template' => $iam_settings['templates'][$mapper_key],
     'hasAccess' => true
   ));
-  if (!$create_res) return false;
+  if (!$create_res){
+    clear_session();
+    return false;
+  }
 
   return 'user';
 }
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 5c8d50d41..cd62d5d7c 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1075,6 +1075,9 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           $quarantine_category = (isset($_data['quarantine_category'])) ? strval($_data['quarantine_category']) : strval($MAILBOX_DEFAULT_ATTRIBUTES['quarantine_category']);
           $quota_b    = ($quota_m * 1048576);
           $attribute_hash = (!empty($_data['attribute_hash'])) ? $_data['attribute_hash'] : '';
+          if (in_array($authsource, array('keycloak', 'generic-oidc', 'ldap'))){
+            $force_pw_update = 0;
+          }
           $mailbox_attrs = json_encode(
             array(
               'force_pw_update' => strval($force_pw_update),
@@ -2935,12 +2938,12 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             if (!empty($is_now)) {
               $active               = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
               (int)$force_pw_update = (isset($_data['force_pw_update'])) ? intval($_data['force_pw_update']) : intval($is_now['attributes']['force_pw_update']);
-              (int)$sogo_access     = (isset($_data['sogo_access']) && isset($_SESSION['acl']['sogo_access']) && $_SESSION['acl']['sogo_access'] == "1") ? intval($_data['sogo_access']) : intval($is_now['attributes']['sogo_access']);
-              (int)$imap_access     = (isset($_data['imap_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") ? intval($_data['imap_access']) : intval($is_now['attributes']['imap_access']);
-              (int)$pop3_access     = (isset($_data['pop3_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") ? intval($_data['pop3_access']) : intval($is_now['attributes']['pop3_access']);
-              (int)$smtp_access     = (isset($_data['smtp_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") ? intval($_data['smtp_access']) : intval($is_now['attributes']['smtp_access']);
-              (int)$sieve_access    = (isset($_data['sieve_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") ? intval($_data['sieve_access']) : intval($is_now['attributes']['sieve_access']);
-              (int)$relayhost       = (isset($_data['relayhost']) && isset($_SESSION['acl']['mailbox_relayhost']) && $_SESSION['acl']['mailbox_relayhost'] == "1") ? intval($_data['relayhost']) : intval($is_now['attributes']['relayhost']);
+              (int)$sogo_access     = ((isset($_data['sogo_access']) && isset($_SESSION['acl']['sogo_access']) && $_SESSION['acl']['sogo_access'] == "1") || $_extra['hasAccess']) ? intval($_data['sogo_access']) : intval($is_now['attributes']['sogo_access']);
+              (int)$imap_access     = ((isset($_data['imap_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") || $_extra['hasAccess']) ? intval($_data['imap_access']) : intval($is_now['attributes']['imap_access']);
+              (int)$pop3_access     = ((isset($_data['pop3_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") || $_extra['hasAccess']) ? intval($_data['pop3_access']) : intval($is_now['attributes']['pop3_access']);
+              (int)$smtp_access     = ((isset($_data['smtp_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") || $_extra['hasAccess']) ? intval($_data['smtp_access']) : intval($is_now['attributes']['smtp_access']);
+              (int)$sieve_access    = ((isset($_data['sieve_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") || $_extra['hasAccess']) ? intval($_data['sieve_access']) : intval($is_now['attributes']['sieve_access']);
+              (int)$relayhost       = ((isset($_data['relayhost']) && isset($_SESSION['acl']['mailbox_relayhost']) && $_SESSION['acl']['mailbox_relayhost'] == "1") || $_extra['hasAccess']) ? intval($_data['relayhost']) : intval($is_now['attributes']['relayhost']);
               (int)$quota_m         = (isset_has_content($_data['quota'])) ? intval($_data['quota']) : ($is_now['quota'] / 1048576);
               $name                 = (!empty($_data['name'])) ? ltrim(rtrim($_data['name'], '>'), '<') : $is_now['name'];
               $domain               = $is_now['domain'];
@@ -2953,6 +2956,9 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               if (in_array($_data['authsource'], array('mailcow', 'keycloak', 'generic-oidc', 'ldap'))){
                 $authsource = $_data['authsource'];
               }
+              if (in_array($authsource, array('keycloak', 'generic-oidc', 'ldap'))){
+                $force_pw_update = 0;
+              }
               $pw_recovery_email    = (isset($_data['pw_recovery_email']) && $authsource == 'mailcow') ? $_data['pw_recovery_email'] : $is_now['attributes']['recovery_email'];
             }
             else {
@@ -2980,7 +2986,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               );
               continue;
             }
-            $DomainData = mailbox('get', 'domain_details', $domain);
+            $DomainData = mailbox('get', 'domain_details', $domain, $_extra);
             if ($quota_m > ($is_now['max_new_quota'] / 1048576)) {
               $_SESSION['return'][] = array(
                 'type' => 'danger',
@@ -4629,7 +4635,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
         case 'domain_details':
           $domaindata = array();
           $_data = idn_to_ascii(strtolower(trim($_data)), 0, INTL_IDNA_VARIANT_UTS46);
-          if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
+          if (!$_extra['hasAccess'] && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
             return false;
           }
           $stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` =  :domain");

From bbddfc3eabf3696b0a5e4fe6bf4dedf0d6b9d48b Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 5 Dec 2024 15:21:07 +0100
Subject: [PATCH 398/755] [Web] rearrange login buttons

---
 data/web/css/build/014-mailcow.css | 56 +++++++++++++++++++++---------
 data/web/lang/lang.cs-cz.json      |  2 +-
 data/web/lang/lang.da-dk.json      |  2 +-
 data/web/lang/lang.de-de.json      |  2 +-
 data/web/lang/lang.en-gb.json      |  4 +--
 data/web/lang/lang.fr-fr.json      |  2 +-
 data/web/lang/lang.it-it.json      |  2 +-
 data/web/lang/lang.lt-lt.json      |  2 +-
 data/web/lang/lang.lv-lv.json      |  2 +-
 data/web/lang/lang.nl-nl.json      |  2 +-
 data/web/lang/lang.pt-br.json      |  2 +-
 data/web/lang/lang.ro-ro.json      |  2 +-
 data/web/lang/lang.ru-ru.json      |  2 +-
 data/web/lang/lang.sk-sk.json      |  2 +-
 data/web/lang/lang.sv-se.json      |  2 +-
 data/web/lang/lang.tr-tr.json      |  2 +-
 data/web/lang/lang.uk-ua.json      |  2 +-
 data/web/lang/lang.zh-cn.json      |  2 +-
 data/web/lang/lang.zh-tw.json      |  2 +-
 data/web/templates/index.twig      | 20 +++++------
 20 files changed, 67 insertions(+), 47 deletions(-)

diff --git a/data/web/css/build/014-mailcow.css b/data/web/css/build/014-mailcow.css
index d1d6ac45d..3e1ace79d 100644
--- a/data/web/css/build/014-mailcow.css
+++ b/data/web/css/build/014-mailcow.css
@@ -81,7 +81,7 @@ body {
   align-items: center;
   padding: 0 10px !important;
 }
-.navbar-fixed-bottom .navbar-collapse, 
+.navbar-fixed-bottom .navbar-collapse,
 .navbar-fixed-top .navbar-collapse {
   max-height: 1000px
 }
@@ -143,18 +143,18 @@ body {
   }
 }
 @keyframes blink {
-  50% { 
-    color: transparent 
+  50% {
+    color: transparent
   }
 }
-.loader-dot { 
-  animation: 1s blink infinite 
+.loader-dot {
+  animation: 1s blink infinite
 }
-.loader-dot:nth-child(2) { 
-  animation-delay: 250ms 
+.loader-dot:nth-child(2) {
+  animation-delay: 250ms
 }
-.loader-dot:nth-child(3) { 
-  animation-delay: 500ms 
+.loader-dot:nth-child(3) {
+  animation-delay: 500ms
 }
 
 pre{white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word;}
@@ -220,13 +220,13 @@ legend {
 }
 .haveibeenpwned {
   cursor: pointer;
-  -webkit-user-select: none;  
-  -moz-user-select: none;    
-  -ms-user-select: none;      
+  -webkit-user-select: none;
+  -moz-user-select: none;
+  -ms-user-select: none;
   user-select: none;
 }
 .full-width-select {
-  width: 100%!important;  
+  width: 100%!important;
 }
 .tooltip {
   font-family: inherit;
@@ -350,7 +350,7 @@ code {
 .caret {
   transform: rotate(0deg);
 }
-a[aria-expanded='true'] > .caret, 
+a[aria-expanded='true'] > .caret,
 button[aria-expanded='true'] > .caret {
   transform: rotate(-180deg);
 }
@@ -360,7 +360,7 @@ button[aria-expanded='true'] > .caret {
 }
 .list-group-header {
   background: #f7f7f7;
-} 
+}
 
 
 .bg-primary, .alert-primary, .btn-primary {
@@ -387,12 +387,12 @@ button[aria-expanded='true'] > .caret {
 }
 .btn.btn-outline-secondary {
   color: #000000 !important;
-  border-color: #cfcfcf !important;  
+  border-color: #cfcfcf !important;
 }
 .btn-check:checked+.btn-outline-secondary, .btn-check:active+.btn-outline-secondary, .btn-outline-secondary:active, .btn-outline-secondary.active, .btn-outline-secondary.dropdown-toggle.show {
     background-color: #f0f0f0 !important;
 }
-.btn-check:checked+.btn-light, .btn-check:active+.btn-light, .btn-light:active, .btn-light.active, .show>.btn-light.dropdown-toggle {    
+.btn-check:checked+.btn-light, .btn-check:active+.btn-light, .btn-light:active, .btn-light.active, .show>.btn-light.dropdown-toggle {
     color: #fff;
     background-color: #555;
     background-image: none;
@@ -410,4 +410,26 @@ button[aria-expanded='true'] > .caret {
 .badge.bg-danger > a {
     color: #fff !important;
     text-decoration: none;
+}
+
+.hr-title {
+  display: flex;
+  align-items: center;
+  text-align: center;
+  margin: 20px 0;
+}
+
+.hr-title::before,
+.hr-title::after {
+  content: "";
+  flex: 1;
+  border-bottom: 1px solid #ccc;
+}
+
+.hr-title:not(:empty)::before {
+  margin-right: 10px;
+}
+
+.hr-title:not(:empty)::after {
+  margin-left: 10px;
 }
\ No newline at end of file
diff --git a/data/web/lang/lang.cs-cz.json b/data/web/lang/lang.cs-cz.json
index d28132721..7a337eff0 100644
--- a/data/web/lang/lang.cs-cz.json
+++ b/data/web/lang/lang.cs-cz.json
@@ -747,7 +747,7 @@
         "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Přihlásit",
         "mobileconfig_info": "Ke stažení profilového souboru se přihlaste jako uživatel schránky.",
-        "other_logins": "Přihlášení klíčem",
+        "other_logins": "nebo přihlásit s",
         "password": "Heslo",
         "username": "Uživatelské jméno",
         "back_to_mailcow": "Zpět do mailcow",
diff --git a/data/web/lang/lang.da-dk.json b/data/web/lang/lang.da-dk.json
index 95db916ef..c5605f758 100644
--- a/data/web/lang/lang.da-dk.json
+++ b/data/web/lang/lang.da-dk.json
@@ -604,7 +604,7 @@
         "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Login",
         "mobileconfig_info": "Log ind som postkassebruger for at downloade den anmodede Apple-forbindelsesprofil.",
-        "other_logins": "Nøgle login",
+        "other_logins": "eller log ind med",
         "password": "Adgangskode",
         "username": "Brugernavn"
     },
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index dac01d4e2..17eb800d8 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -772,7 +772,7 @@
         "mobileconfig_info": "Bitte als Mailbox-Benutzer einloggen, um das Verbindungsprofil herunterzuladen.",
         "new_password": "Neues Passwort",
         "new_password_confirm": "Neues Passwort bestätigen",
-        "other_logins": "Key Login",
+        "other_logins": "oder anmelden mit",
         "password": "Passwort",
         "reset_password": "Passwort zurücksetzen",
         "request_reset_password": "Passwortänderung anfordern",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index c9a7f9dfa..6ef6193bb 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -235,7 +235,7 @@
         "iam_redirect_url": "Redirect Url",
         "iam_rest_flow": "Mailpassword Flow",
         "iam_server_url": "Server Url",
-        "iam_sso": "SSO",
+        "iam_sso": "Single Sign-On",
         "iam_sync_interval": "Sync / Import interval (min)",
         "iam_test_connection": "Test Connection",
         "iam_token_url": "Token endpoint",
@@ -810,7 +810,7 @@
         "mobileconfig_info": "Please login as mailbox user to download the requested Apple connection profile.",
         "new_password": "New Password",
         "new_password_confirm": "Confirm new password",
-        "other_logins": "Key login",
+        "other_logins": "or login with",
         "password": "Password",
         "reset_password": "Reset Password",
         "request_reset_password": "Request password change",
diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index 386a4dfc6..0fdb86fa5 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -695,7 +695,7 @@
         "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Connexion",
         "mobileconfig_info": "Veuillez vous connecter en tant qu’utilisateur de la boîte de réception pour télécharger le profil de connexion Apple demandé.",
-        "other_logins": "Clé d'authentification",
+        "other_logins": "ou se connecter avec",
         "password": "Mot de passe",
         "username": "Nom d'utilisateur",
         "back_to_mailcow": "Revenir sur mailcow",
diff --git a/data/web/lang/lang.it-it.json b/data/web/lang/lang.it-it.json
index 45fabc8eb..845dea5db 100644
--- a/data/web/lang/lang.it-it.json
+++ b/data/web/lang/lang.it-it.json
@@ -712,7 +712,7 @@
         "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Login",
         "mobileconfig_info": "Please login as mailbox user to download the requested Apple connection profile.",
-        "other_logins": "Key login",
+        "other_logins": "o accedi con",
         "password": "Password",
         "username": "Nome utente",
         "request_reset_password": "Richiesta di modifica della password",
diff --git a/data/web/lang/lang.lt-lt.json b/data/web/lang/lang.lt-lt.json
index f5413b1a9..78e48ea13 100644
--- a/data/web/lang/lang.lt-lt.json
+++ b/data/web/lang/lang.lt-lt.json
@@ -251,7 +251,7 @@
     "login": {
         "fido2_webauthn": "FIDO2/WebAuthn Prisijungimas",
         "login": "Prisijungti",
-        "other_logins": "Prisijungimas raktu",
+        "other_logins": "ar prisijungti su",
         "password": "Slaptažodis",
         "username": "Naudotojo vardas",
         "mobileconfig_info": "Prašome prisijungti kaip pašto dėžutės vartotojui, kad galėtumėte atsisiųsti pageidaujamą „Apple“ ryšio profilį."
diff --git a/data/web/lang/lang.lv-lv.json b/data/web/lang/lang.lv-lv.json
index 98cb04ae8..7d41e325e 100644
--- a/data/web/lang/lang.lv-lv.json
+++ b/data/web/lang/lang.lv-lv.json
@@ -333,7 +333,7 @@
         "username": "Lietotājvārds",
         "fido2_webauthn": "FIDO/WebAuthn pieteikšanās",
         "mobileconfig_info": "Lūgums pieteikties kā pastkastes lietotājam, lai lejupielādētu pieprasīto Apple savienojuma profilu.",
-        "other_logins": "Pieteikšanās ar atslēgu"
+        "other_logins": "vai pieslēgties ar"
     },
     "mailbox": {
         "action": "Rīcība",
diff --git a/data/web/lang/lang.nl-nl.json b/data/web/lang/lang.nl-nl.json
index fdfc91c70..6775f4b3d 100644
--- a/data/web/lang/lang.nl-nl.json
+++ b/data/web/lang/lang.nl-nl.json
@@ -663,7 +663,7 @@
         "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Aanmelden",
         "mobileconfig_info": "Log in als mailboxgebruiker om het Apple-verbindingsprofiel te downloaden.",
-        "other_logins": "Meld aan met key",
+        "other_logins": "of aanmelden met",
         "password": "Wachtwoord",
         "username": "Gebruikersnaam"
     },
diff --git a/data/web/lang/lang.pt-br.json b/data/web/lang/lang.pt-br.json
index 2fbd43535..8bdf25345 100644
--- a/data/web/lang/lang.pt-br.json
+++ b/data/web/lang/lang.pt-br.json
@@ -765,7 +765,7 @@
         "mobileconfig_info": "Faça login como usuário da mailbox para baixar o perfil de conexão Apple solicitado.",
         "new_password": "Nova senha",
         "new_password_confirm": "Confirmar nova senha",
-        "other_logins": "Login com chave",
+        "other_logins": "ou faça login com",
         "password": "Senha",
         "reset_password": "Recuperar a senha",
         "request_reset_password": "Solicitar troca de senha",
diff --git a/data/web/lang/lang.ro-ro.json b/data/web/lang/lang.ro-ro.json
index a33356f78..a3779c052 100644
--- a/data/web/lang/lang.ro-ro.json
+++ b/data/web/lang/lang.ro-ro.json
@@ -677,7 +677,7 @@
         "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Autentificare",
         "mobileconfig_info": "Autentificați-vă cu adresa de email pentru a descărca profilul de conexiune Apple.",
-        "other_logins": "Autentificare cu cheie",
+        "other_logins": "sau autentificare cu",
         "password": "Parolă",
         "username": "Nume de utilizator"
     },
diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index f64664aa7..63f65e23f 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -770,7 +770,7 @@
         "mobileconfig_info": "Пожалуйста, войдите в систему как пользователь почтового аккаунта для загрузки профиля подключения Apple.",
         "new_password": "Новый пароль",
         "new_password_confirm": "Повторите новый пароль",
-        "other_logins": "Вход с помощью ключа",
+        "other_logins": "или войти с",
         "password": "Пароль",
         "request_reset_password": "Запросить восстановление пароля",
         "reset_password": "Восстановление пароля",
diff --git a/data/web/lang/lang.sk-sk.json b/data/web/lang/lang.sk-sk.json
index 2950026b3..078dac8ff 100644
--- a/data/web/lang/lang.sk-sk.json
+++ b/data/web/lang/lang.sk-sk.json
@@ -707,7 +707,7 @@
         "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Prihlásenie",
         "mobileconfig_info": "Prosím, prihláste sa ako mailový používateľ pre stiahnutie požadovaného Apple profilu.",
-        "other_logins": "Prihlásenie kľúčom",
+        "other_logins": "alebo prihlásiť sa s",
         "password": "Heslo",
         "username": "Používateľské meno alebo email"
     },
diff --git a/data/web/lang/lang.sv-se.json b/data/web/lang/lang.sv-se.json
index bbf0d9586..79a5192ca 100644
--- a/data/web/lang/lang.sv-se.json
+++ b/data/web/lang/lang.sv-se.json
@@ -621,7 +621,7 @@
         "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Logga in",
         "mobileconfig_info": "Logga in som en användare av brevlåda för att ladda ner den begärda Apple-anslutningsprofilen.",
-        "other_logins": "Loggain med nyckel",
+        "other_logins": "eller logga in med",
         "password": "Lösenord",
         "username": "Användarnamn"
     },
diff --git a/data/web/lang/lang.tr-tr.json b/data/web/lang/lang.tr-tr.json
index 7049046c2..269e95ea1 100644
--- a/data/web/lang/lang.tr-tr.json
+++ b/data/web/lang/lang.tr-tr.json
@@ -895,7 +895,7 @@
         "login": "Giriş",
         "password": "Şifre",
         "username": "Kullanıcı Adı",
-        "other_logins": "Anahtar girişi"
+        "other_logins": "veya ile giriş yap"
     },
     "success": {
         "bcc_saved": "BCC harita girişi kaydedildi",
diff --git a/data/web/lang/lang.uk-ua.json b/data/web/lang/lang.uk-ua.json
index e800b0fd5..8688c823f 100644
--- a/data/web/lang/lang.uk-ua.json
+++ b/data/web/lang/lang.uk-ua.json
@@ -722,7 +722,7 @@
     "login": {
         "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Увійти",
-        "other_logins": "Вхід за допомогою ключа",
+        "other_logins": "або увійти з",
         "password": "Пароль",
         "username": "Ім'я користувача",
         "delayed": "Вхід був затриманий на %s секунд.",
diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index 368056f5d..28b1ca26d 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -738,7 +738,7 @@
         "fido2_webauthn": "使用 FIDO2/WebAuthn Login 登录",
         "login": "登录",
         "mobileconfig_info": "请使用邮箱用户登录以下载 Apple 连接描述文件。",
-        "other_logins": "Key 登录",
+        "other_logins": "或通过以下方式登录",
         "password": "密码",
         "username": "用户名",
         "forgot_password": "> 忘记密码？",
diff --git a/data/web/lang/lang.zh-tw.json b/data/web/lang/lang.zh-tw.json
index abb75a868..25e3d8fb0 100644
--- a/data/web/lang/lang.zh-tw.json
+++ b/data/web/lang/lang.zh-tw.json
@@ -731,7 +731,7 @@
         "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "登入",
         "mobileconfig_info": "請使用信箱使用者登入以下載 Apple 連接描述檔案。",
-        "other_logins": "金鑰登入",
+        "other_logins": "或透過以下方式登入",
         "password": "密碼",
         "username": "使用者名稱",
         "back_to_mailcow": "返回至mailcow",
diff --git a/data/web/templates/index.twig b/data/web/templates/index.twig
index b4175a0f2..07274e6bd 100644
--- a/data/web/templates/index.twig
+++ b/data/web/templates/index.twig
@@ -41,16 +41,7 @@
             </div>
           </div>
           <div class="d-flex justify-content-between mt-4" style="position: relative">
-            <div class="btn-group">
-              <button type="submit" class="btn btn-xs-lg btn-success" value="Login">{{ lang.login.login }}</button>
-              <button type="button" class="btn btn-xs-lg btn-success dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false"></button>
-              <ul class="dropdown-menu">
-                <li><a class="dropdown-item" href="#" id="fido2-login"><i class="bi bi-shield-fill-check"></i> {{ lang.login.fido2_webauthn }}</a></li>
-                {% if has_iam_sso %}
-                <li><a class="dropdown-item" href="/?iam_sso=1"><i class="bi bi-cloud-arrow-up-fill"></i> {{ lang.admin.iam_sso }}</a></li>
-                {% endif %}
-              </ul>
-            </div>
+            <button type="submit" class="btn btn-xs-lg btn-success" value="Login">{{ lang.login.login }}</button>
             {% if not oauth2_request %}
             <div class="d-grid d-sm-block">
             <button type="button" {% if available_languages|length == 1 %}disabled="true"{% endif %} class="btn btn-secondary ms-auto dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
@@ -69,9 +60,16 @@
             {% endif %}
           </div>
         </form>
-        <div class="mt-3 mb-4">
+        <div class="mt-3">
           <a href="/reset-password">{{ lang.login.forgot_password }}</a>
         </div>
+        <div class="hr-title mt-5"><strong>{{ lang.login.other_logins }}</strong></div>
+        <div class="d-flex flex-column align-items-center">
+          <a class="btn btn-xs-lg btn-secondary w-100" style="max-width: 400px;" href="#" id="fido2-login"><i class="bi bi-shield-fill-check"></i> {{ lang.login.fido2_webauthn }}</a>
+          {% if has_iam_sso %}
+          <a class="btn btn-xs-lg btn-secondary w-100 mt-2" style="max-width: 400px;" href="/?iam_sso=1"><i class="bi bi-cloud-arrow-up-fill"></i> {{ lang.admin.iam_sso }}</a>
+          {% endif %}
+        </div>
         {% if login_delay %}
         <p><div class="my-4 alert alert-info">{{ lang.login.delayed|format(login_delay) }}</b></div></p>
         {% endif %}

From d1af52b4e7fdc6e4d6e81526488c13573b7e3165 Mon Sep 17 00:00:00 2001
From: Tatsuya Yokota <net@acoustype.com>
Date: Fri, 6 Dec 2024 17:44:16 +0900
Subject: [PATCH 399/755] Add initial Japanese language files (#6198)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Add initial Japanese language files

* Reordered language list: moved Japanese (日本語) below Italian (Italiano)

---------

Co-authored-by: Tatsuya Yokota <git@acoustype.com>
---
 data/web/inc/vars.inc.php     |    1 +
 data/web/lang/lang.ja-jp.json | 1341 +++++++++++++++++++++++++++++++++
 2 files changed, 1342 insertions(+)
 create mode 100644 data/web/lang/lang.ja-jp.json

diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php
index d3165b8af..29791cb68 100644
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@@ -93,6 +93,7 @@ $AVAILABLE_LANGUAGES = array(
   'gr-gr' => 'Ελληνικά (Greek)',
   'hu-hu' => 'Magyar (Hungarian)',
   'it-it' => 'Italiano (Italian)',
+  'ja-jp' => '日本語 (Japanese)',
   'ko-kr' => '한국어 (Korean)',
   'lv-lv' => 'latviešu (Latvian)',
   'lt-lt' => 'Lietuvių (Lithuanian)',
diff --git a/data/web/lang/lang.ja-jp.json b/data/web/lang/lang.ja-jp.json
new file mode 100644
index 000000000..963d72358
--- /dev/null
+++ b/data/web/lang/lang.ja-jp.json
@@ -0,0 +1,1341 @@
+{
+    "acl": {
+        "alias_domains": "エイリアスドメインを追加",
+        "app_passwds": "アプリパスワードの管理",
+        "bcc_maps": "BCCマップ",
+        "delimiter_action": "デリミタの動作",
+        "domain_desc": "ドメイン説明の変更",
+        "domain_relayhost": "ドメインのリレーホストを変更",
+        "eas_reset": "EASデバイスをリセット",
+        "extend_sender_acl": "外部アドレスで送信者ACLを拡張可能にする",
+        "filters": "フィルター",
+        "login_as": "メールボックスユーザーとしてログイン",
+        "mailbox_relayhost": "メールボックスのリレーホストを変更",
+        "prohibited": "ACLにより禁止されています",
+        "protocol_access": "プロトコルアクセスを変更",
+        "pushover": "Pushover",
+        "pw_reset": "mailcowユーザーパスワードのリセットを許可",
+        "quarantine": "隔離操作",
+        "quarantine_attachments": "隔離添付ファイル",
+        "quarantine_category": "隔離通知カテゴリの変更",
+        "quarantine_notification": "隔離通知の変更",
+        "ratelimit": "レート制限",
+        "recipient_maps": "受信者マップ",
+        "smtp_ip_access": "SMTPで許可されるホストの変更",
+        "sogo_access": "SOGoアクセス管理を許可",
+        "sogo_profile_reset": "SOGoプロファイルをリセット",
+        "spam_alias": "一時的なエイリアス",
+        "spam_policy": "ブラックリスト/ホワイトリスト",
+        "spam_score": "スパムスコア",
+        "syncjobs": "同期ジョブ",
+        "tls_policy": "TLSポリシー",
+        "unlimited_quota": "メールボックスの無制限クォータ"
+    },
+    "add": {
+        "activate_filter_warn": "有効を選択すると、他のすべてのフィルターは無効になります。",
+        "active": "有効",
+        "add": "追加",
+        "add_domain_only": "ドメインのみを追加",
+        "add_domain_restart": "ドメインを追加してSOGoを再起動",
+        "alias_address": "エイリアスアドレス",
+        "alias_address_info": "<small>完全なメールアドレスまたは@example.com（ドメインのすべてのメッセージをキャッチ、カンマ区切り）。<b>mailcowドメインのみ対応</b>。</small>",
+        "alias_domain": "エイリアスドメイン",
+        "alias_domain_info": "<small>有効なドメイン名のみ（カンマ区切り）。</small>",
+        "app_name": "アプリ名",
+        "app_password": "アプリパスワードを追加",
+        "app_passwd_protocols": "アプリパスワードの許可プロトコル",
+        "automap": "フォルダーを自動マッピングする試み（例：「送信済みアイテム」、「送信済み」=>「送信済み」）",
+        "backup_mx_options": "リレーオプション",
+        "bcc_dest_format": "BCC送信先は単一の有効なメールアドレスである必要があります。<br>複数のアドレスにコピーを送信する必要がある場合は、エイリアスを作成し、ここで使用してください。",
+        "comment_info": "プライベートコメントはユーザーには表示されませんが、パブリックコメントはユーザーの概要でホバーするとツールチップとして表示されます。",
+        "custom_params": "カスタムパラメータ",
+        "custom_params_hint": "正: --param=xy, 誤: --param xy",
+        "delete1": "完了時にソースから削除",
+        "delete2": "ソースに存在しないメッセージを送信先で削除",
+        "delete2duplicates": "送信先で重複を削除",
+        "description": "説明",
+        "destination": "送信先",
+        "disable_login": "ログインを禁止（受信メールは許可）",
+        "domain": "ドメイン",
+        "domain_matches_hostname": "ドメイン %s はホスト名と一致します",
+        "domain_quota_m": "ドメインの総クォータ（MiB）",
+        "dry": "同期をシミュレーション",
+        "enc_method": "暗号化方式",
+        "exclude": "オブジェクトを除外（正規表現）",
+        "full_name": "フルネーム",
+        "gal": "グローバルアドレスリスト",
+        "gal_info": "GALにはドメインのすべてのオブジェクトが含まれ、どのユーザーも編集できません。無効にすると、SOGoの空き/取り込み情報が表示されなくなります！<b>変更を適用するにはSOGoを再起動してください。</b>",
+        "generate": "生成",
+        "goto_ham": "<span class=\"text-success\"><b>ハム</b></span>として学習",
+        "goto_null": "メールを静かに破棄",
+        "goto_spam": "<span class=\"text-danger\"><b>スパム</b></span>として学習",
+        "hostname": "ホスト名",
+        "inactive": "無効",
+        "kind": "種類",
+        "mailbox_quota_def": "デフォルトのメールボックスクォータ",
+        "mailbox_quota_m": "メールボックスごとの最大クォータ（MiB）",
+        "mailbox_username": "ユーザー名（メールアドレスの左部分）",
+        "max_aliases": "作成可能なエイリアスの最大数",
+        "max_mailboxes": "作成可能なメールボックスの最大数",
+        "mins_interval": "ポーリング間隔（分）",
+        "multiple_bookings": "複数の予約",
+        "nexthop": "次のホップ",
+        "password": "パスワード",
+        "password_repeat": "確認用パスワード（再入力）",
+        "port": "ポート",
+        "post_domain_add": "新しいドメインを追加した後、SOGoコンテナ \"sogo-mailcow\" を再起動する必要があります。<br><br>さらに、ドメインのDNS設定を確認してください。DNS設定が承認されたら、\"acme-mailcow\" を再起動して新しいドメインの証明書を自動生成してください（autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;）。<br>この手順は任意で、24時間ごとに再試行されます。",
+        "private_comment": "プライベートコメント",
+        "public_comment": "パブリックコメント",
+        "quota_mb": "クォータ（MiB）",
+        "relay_all": "すべての受信者をリレー",
+        "relay_all_info": "<b>すべて</b>の受信者をリレーしない場合、リレーする各受信者のために（\"ブラインド\"）メールボックスを追加する必要があります。",
+        "relay_domain": "このドメインをリレー",
+        "relay_transport_info": "<div class=\"badge fs-6 bg-info\">情報</div> このドメインのカスタム送信先のトランスポートマップを定義できます。設定されていない場合は、MXルックアップが実行されます。",
+        "relay_unknown_only": "存在しないメールボックスのみをリレー。存在するメールボックスはローカルに配信されます。",
+        "relayhost_wrapped_tls_info": "TLSラップされたポート（主にポート465で使用）を<b>使用しないでください</b>。<br>\r\n非ラップポートを使用し、STARTTLSを発行してください。TLSを強制するTLSポリシーを \"TLSポリシーマップ\" に作成できます。",
+        "select": "選択してください...",
+        "select_domain": "最初にドメインを選択してください",
+        "sieve_desc": "簡単な説明",
+        "sieve_type": "フィルタータイプ",
+        "skipcrossduplicates": "フォルダー間で重複するメッセージをスキップ（先着順）",
+        "subscribeall": "すべてのフォルダーを購読",
+        "syncjob": "同期ジョブを追加",
+        "syncjob_hint": "パスワードはプレーンテキストで保存される必要があることに注意してください！",
+        "tags": "タグ",
+        "target_address": "宛先アドレス",
+        "target_address_info": "<small>完全なメールアドレス（カンマ区切り）。</small>",
+        "target_domain": "ターゲットドメイン",
+        "timeout1": "リモートホストへの接続タイムアウト",
+        "timeout2": "ローカルホストへの接続タイムアウト",
+        "username": "ユーザー名",
+        "validate": "検証",
+        "validation_success": "正常に検証されました"
+    },
+    "admin": {
+        "access": "アクセス",
+        "action": "アクション",
+        "activate_api": "APIを有効化",
+        "activate_send": "送信ボタンを有効化",
+        "active": "アクティブ",
+        "active_rspamd_settings_map": "アクティブな設定マップ",
+        "add": "追加",
+        "add_admin": "管理者を追加",
+        "add_domain_admin": "ドメイン管理者を追加",
+        "add_forwarding_host": "転送ホストを追加",
+        "add_relayhost": "送信者依存のトランスポートを追加",
+        "add_relayhost_hint": "認証データがある場合、それはプレーンテキストとして保存されることに注意してください。",
+        "add_row": "行を追加",
+        "add_settings_rule": "設定ルールを追加",
+        "add_transport": "トランスポートを追加",
+        "add_transports_hint": "認証データがある場合、それはプレーンテキストとして保存されることに注意してください。",
+        "additional_rows": " 追加の行が追加されました",
+        "admin": "管理者",
+        "admin_details": "管理者の詳細を編集",
+        "admin_domains": "ドメインの割り当て",
+        "admins": "管理者",
+        "admins_ldap": "LDAP 管理者",
+        "advanced_settings": "詳細設定",
+        "allowed_methods": "Access-Control-Allow-Methods",
+        "allowed_origins": "Access-Control-Allow-Origin",
+        "api_allow_from": "これらのIPまたはCIDRネットワーク表記からのAPIアクセスを許可",
+        "api_info": "APIは進行中の作業です。ドキュメントは<a href=\"/api\">/api</a>にあります。",
+        "api_key": "APIキー",
+        "api_read_only": "読み取り専用アクセス",
+        "api_read_write": "読み取り書き込みアクセス",
+        "api_skip_ip_check": "APIのIPチェックをスキップ",
+        "app_links": "アプリリンク",
+        "app_name": "アプリ名",
+        "apps_name": "\"mailcow アプリ\" の名前",
+        "arrival_time": "到着時刻 (サーバー時刻)",
+        "authed_user": "認証済みユーザー",
+        "ays": "本当に続行しますか？",
+        "ban_list_info": "以下に禁止されたIPのリストを表示します: <b>ネットワーク (残りの禁止時間) - [アクション]</b>。<br />キューに入れられたIPは、数秒以内にアクティブな禁止リストから削除されます。<br />赤いラベルはブラックリストによる永久禁止を示します。",
+        "change_logo": "ロゴを変更",
+        "logo_normal_label": "通常",
+        "logo_dark_label": "ダークモード用の反転",
+        "configuration": "設定",
+        "convert_html_to_text": "HTMLをプレーンテキストに変換",
+        "copy_to_clipboard": "テキストがクリップボードにコピーされました！",
+        "cors_settings": "CORS設定",
+        "credentials_transport_warning": "<b>警告</b>: 新しいトランスポートマップエントリを追加すると、一致するネクストホップ列を持つすべてのエントリの認証情報が更新されます。",
+        "customer_id": "顧客ID",
+        "customize": "カスタマイズ",
+        "destination": "宛先",
+        "dkim_add_key": "ARC/DKIMキーを追加",
+        "dkim_domains_selector": "セレクタ",
+        "dkim_domains_wo_keys": "キーが不足しているドメインを選択",
+        "dkim_from": "From",
+        "dkim_from_title": "データをコピーする元のドメイン",
+        "dkim_key_length": "DKIMキー長 (ビット)",
+        "dkim_key_missing": "キーが不足しています",
+        "dkim_key_unused": "キーが未使用です",
+        "dkim_key_valid": "キーが有効です",
+        "dkim_keys": "ARC/DKIMキー",
+        "dkim_overwrite_key": "既存のDKIMキーを上書き",
+        "dkim_private_key": "プライベートキー",
+        "dkim_to": "To",
+        "dkim_to_title": "対象のドメイン - 上書きされます",
+        "domain": "ドメイン",
+        "domain_admin": "ドメイン管理者",
+        "domain_admins": "ドメイン管理者",
+        "domain_s": "ドメイン",
+        "duplicate": "重複",
+        "duplicate_dkim": "DKIMレコードを複製",
+        "edit": "編集",
+        "empty": "結果がありません",
+        "excludes": "これらの受信者を除外",
+        "f2b_ban_time": "禁止時間 (秒)",
+        "f2b_ban_time_increment": "禁止時間は各禁止ごとに増加します",
+        "f2b_blacklist": "ブラックリスト登録されたネットワーク/ホスト",
+        "f2b_filter": "正規表現フィルター",
+        "f2b_list_info": "ブラックリスト登録されたホストまたはネットワークは、常にホワイトリストよりも優先されます。<b>リストの更新には数秒かかります。</b>",
+        "f2b_manage_external": "Fail2Banを外部で管理",
+        "f2b_manage_external_info": "Fail2Banは引き続き禁止リストを管理しますが、トラフィックをブロックするルールをアクティブに設定しません。以下の生成された禁止リストを使用して外部でトラフィックをブロックしてください。",
+        "f2b_max_attempts": "最大試行回数",
+        "f2b_max_ban_time": "最大禁止時間 (秒)",
+        "f2b_netban_ipv4": "禁止を適用するIPv4サブネットサイズ (8-32)",
+        "f2b_netban_ipv6": "禁止を適用するIPv6サブネットサイズ (8-128)",
+        "f2b_parameters": "Fail2Banパラメータ",
+        "f2b_regex_info": "考慮されるログ: SOGo、Postfix、Dovecot、PHP-FPM。",
+        "f2b_retry_window": "最大試行回数のための再試行ウィンドウ (秒)",
+        "f2b_whitelist": "ホワイトリスト登録されたネットワーク/ホスト",
+        "filter_table": "フィルターテーブル",
+        "forwarding_hosts": "転送ホスト",
+        "forwarding_hosts_add_hint": "IPv4/IPv6アドレス、CIDR表記のネットワーク、ホスト名（IPアドレスに解決されます）、またはドメイン名（SPFレコードやMXレコードを照会してIPアドレスに解決）を指定できます。",
+        "forwarding_hosts_hint": "ここにリストされたホストからのメッセージは無条件に受け入れられます。これらのホストは、DNSBL（ブラックリスト）やグレイリスティングのチェック対象外となります。これらのホストから受信したスパムは拒否されませんが、オプションで迷惑メールフォルダーに振り分けることができます。最も一般的な使用例は、受信メールをmailcowサーバーに転送するように設定したメールサーバーを指定することです。",
+        "from": "送信元",
+        "generate": "生成",
+        "guid": "GUID - 一意のインスタンスID",
+        "guid_and_license": "GUID & ライセンス",
+        "hash_remove_info": "レート制限ハッシュ（まだ存在する場合）を削除すると、そのカウンターが完全にリセットされます。<br>\r\n各ハッシュは個別の色で表示されます。",
+        "help_text": "ログイン画面下部に表示するヘルプテキスト（HTML使用可能）",
+        "host": "ホスト",
+        "html": "HTML",
+        "import": "インポート",
+        "import_private_key": "プライベートキーをインポート",
+        "in_use_by": "使用中",
+        "inactive": "非アクティブ",
+        "include_exclude": "含める/除外する",
+        "include_exclude_info": "デフォルトでは（選択なしの場合）、<b>すべてのメールボックス</b>が対象となります",
+        "includes": "含める受信者",
+        "ip_check": "IPチェック",
+        "ip_check_disabled": "IPチェックが無効です。有効にするには<br> <strong>システム > 設定 > オプション > カスタマイズ</strong> から設定してください。",
+        "ip_check_opt_in": "外部サービス<strong>ipv4.mailcow.email</strong>および<strong>ipv6.mailcow.email</strong>を利用して外部IPアドレスを解決するオプトイン。",
+        "is_mx_based": "MXベース",
+        "last_applied": "最終適用",
+        "license_info": "ライセンスは必須ではありませんが、さらなる開発を支援します。<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL order\">こちらでGUIDを登録</a>するか、<a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Support order\">mailcowインストールのサポートを購入</a>してください。",
+        "link": "リンク",
+        "loading": "お待ちください...",
+        "login_time": "ログイン時間",
+        "logo_info": "ナビゲーションバーの高さを40px、スタートページの最大幅を250pxにスケーリングします。スケーラブルな画像を推奨します。",
+        "lookup_mx": "宛先がMX名に一致する正規表現です（例：<code>.*\\.google\\.com</code> はgoogle.comで終わるMX宛のすべてのメールをこのホップにルートします）",
+        "main_name": "\"mailcow UI\" 名称",
+        "merged_vars_hint": "グレー表示された行は<code>vars.(local.)inc.php</code>からマージされており、変更できません。",
+        "message": "メッセージ",
+        "message_size": "メッセージサイズ",
+        "nexthop": "次のホップ",
+        "no": "&#10005;",
+        "no_active_bans": "アクティブな禁止はありません",
+        "no_new_rows": "新しい行はありません",
+        "no_record": "レコードなし",
+        "oauth2_apps": "OAuth2 アプリ",
+        "oauth2_add_client": "OAuth2クライアントを追加",
+        "oauth2_client_id": "クライアントID",
+        "oauth2_client_secret": "クライアントシークレット",
+        "oauth2_info": "OAuth2は、\"Authorization Code\"のグラントタイプをサポートし、リフレッシュトークンを発行します。<br>\r\nサーバーはリフレッシュトークンが使用された後、自動的に新しいリフレッシュトークンを発行します。<br><br>\r\n&#8226; デフォルトのスコープは<i>profile</i>です。メールボックスユーザーのみOAuth2認証が可能です。スコープパラメータが省略されると、デフォルトで<i>profile</i>に戻ります。<br>\r\n&#8226; <i>state</i>パラメータは、クライアントが認可リクエストの一部として送信する必要があります。<br><br>\r\nOAuth2 APIリクエスト用のパス:<br>\r\n<ul>\r\n  <li>認可エンドポイント: <code>/oauth/authorize</code></li>\r\n  <li>トークンエンドポイント: <code>/oauth/token</code></li>\r\n  <li>リソースページ:  <code>/oauth/profile</code></li>\r\n</ul>\r\nクライアントシークレットを再生成しても既存の認可コードは失効しませんが、トークンの更新は失敗します。<br><br>\r\nクライアントトークンを取り消すと、すべてのアクティブなセッションが即座に終了します。すべてのクライアントは再認証が必要です。",
+        "oauth2_redirect_uri": "リダイレクトURI",
+        "oauth2_renew_secret": "新しいクライアントシークレットを生成",
+        "oauth2_revoke_tokens": "すべてのクライアントトークンを取り消す",
+        "optional": "任意",
+        "options": "オプション",
+        "password": "パスワード",
+        "password_length": "パスワード長",
+        "password_policy": "パスワードポリシー",
+        "password_policy_chars": "少なくとも1文字のアルファベットを含む必要があります",
+        "password_policy_length": "パスワードの最小長は %d です",
+        "password_policy_lowerupper": "大文字と小文字を含む必要があります",
+        "password_policy_numbers": "少なくとも1つの数字を含む必要があります",
+        "password_policy_special_chars": "特殊文字を含む必要があります",
+        "password_repeat": "確認用パスワード（再入力）",
+        "password_reset_info": "リカバリー用メールが提供されていない場合、この機能は使用できません。",
+        "password_reset_settings": "パスワードリカバリー設定",
+        "password_reset_tmpl_html": "HTMLテンプレート",
+        "password_reset_tmpl_text": "テキストテンプレート",
+        "password_settings": "パスワード設定",
+        "priority": "優先度",
+        "private_key": "プライベートキー",
+        "quarantine": "隔離",
+        "quarantine_bcc": "すべての通知をコピー（BCC）でこの受信者に送信:<br><small>無効にする場合は空欄にしてください。<b>署名なし、チェックされていないメール。内部でのみ配信してください。</b></small>",
+        "quarantine_exclude_domains": "ドメインおよびエイリアスドメインを除外",
+        "quarantine_max_age": "最大保存期間（日数）<br><small>値は1日以上である必要があります。</small>",
+        "quarantine_max_score": "スパムスコアがこの値を超えるメールの通知を破棄:<br><small>デフォルトは9999.0です。</small>",
+        "quarantine_max_size": "最大サイズ（MiB）（これを超える要素は破棄されます）:<br><small>0は<b>無制限ではありません</b>。</small>",
+        "quarantine_notification_html": "通知メールのテンプレート:<br><small>空欄にするとデフォルトテンプレートに戻ります。</small>",
+        "quarantine_notification_sender": "通知メールの送信者",
+        "quarantine_notification_subject": "通知メールの件名",
+        "quarantine_redirect": "<b>すべての通知をリダイレクト</b>してこの受信者に送信:<br><small>無効にする場合は空欄にしてください。<b>署名なし、チェックされていないメール。内部でのみ配信してください。</b></small>",
+        "quarantine_release_format": "リリースされたアイテムの形式",
+        "quarantine_release_format_att": "添付ファイルとして",
+        "quarantine_release_format_raw": "変更されていないオリジナル",
+        "quarantine_retention_size": "メールボックスごとの保持量:<br><small>0は<b>無効</b>を示します。</small>",
+        "quota_notification_html": "通知メールのテンプレート:<br><small>空欄にするとデフォルトテンプレートに戻ります。</small>",
+        "quota_notification_sender": "通知メールの送信者",
+        "quota_notification_subject": "通知メールの件名",
+        "quota_notifications": "クォータ通知",
+        "quota_notifications_info": "クォータ通知は、使用率が80％と95％を超えたときに1回ずつユーザーに送信されます。",
+        "quota_notifications_vars": "{{percent}} はユーザーの現在のクォータ使用率を表します<br>{{username}} はメールボックスの名前です",
+        "queue_unban": "禁止解除",
+        "r_active": "アクティブな制限",
+        "r_inactive": "非アクティブな制限",
+        "r_info": "アクティブな制限リストでグレーアウトまたは無効化された要素は、mailcowで有効な制限として認識されていませんが、リストの順序に従って設定されます。<br>新しい要素を<code>inc/vars.local.inc.php</code>に追加することで切り替え可能にできます。",
+        "rate_name": "レート名",
+        "recipients": "受信者",
+        "refresh": "更新",
+        "regen_api_key": "APIキーを再生成",
+        "regex_maps": "正規表現マップ",
+        "relay_from": "\"送信元:\" アドレス",
+        "relay_rcpt": "\"受信先:\" アドレス",
+        "relay_run": "テストを実行",
+        "relayhosts": "送信者依存のトランスポート",
+        "relayhosts_hint": "送信者依存のトランスポートを定義し、ドメイン構成ダイアログで選択できるようにします。<br>\r\n  トランスポートサービスは常に \"smtp:\" であり、提供された場合はTLSを試みます。TLSラップ（SMTPS）はサポートされていません。ユーザーごとの個別の送信TLSポリシー設定が考慮されます。<br>\r\n  選択したドメインおよびエイリアスドメインに影響します。",
+        "remove": "削除",
+        "remove_row": "行を削除",
+        "reset_default": "デフォルトにリセット",
+        "reset_limit": "ハッシュを削除",
+        "reset_password_vars": "<code>{{link}}</code> 生成されたパスワードリセットリンク<br><code>{{username}}</code> パスワードリセットをリクエストしたユーザーのメールボックス名<br><code>{{username2}}</code> リカバリーメールボックス名<br><code>{{date}}</code> パスワードリセットリクエストが行われた日付<br><code>{{token_lifetime}}</code> トークンの有効期間（分）<br><code>{{hostname}}</code> mailcowのホスト名",
+        "restore_template": "空欄にするとデフォルトテンプレートに戻ります。",
+        "routing": "ルーティング",
+        "rsetting_add_rule": "ルールを追加",
+        "rsetting_content": "ルールの内容",
+        "rsetting_desc": "簡単な説明",
+        "rsetting_no_selection": "ルールを選択してください",
+        "rsetting_none": "利用可能なルールがありません",
+        "rsettings_insert_preset": "例のプリセット \"%s\" を挿入",
+        "rsettings_preset_1": "認証済みユーザーに対してDKIMとレート制限以外を無効化",
+        "rsettings_preset_2": "ポストマスターはスパムを許可",
+        "rsettings_preset_3": "特定の送信者のみを許可（内部メールボックスとして使用）",
+        "rsettings_preset_4": "ドメインに対するRspamdを無効化",
+        "rspamd_com_settings": "設定名は自動生成されます。以下の例のプリセットをご覧ください。詳細については<a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamdのドキュメント</a>を参照してください。",
+        "rspamd_global_filters": "グローバルフィルターマップ",
+        "rspamd_global_filters_agree": "注意して操作します！",
+        "rspamd_global_filters_info": "グローバルフィルターマップには、ブラックリストやホワイトリストなど、さまざまな種類が含まれています。",
+        "rspamd_global_filters_regex": "名前はその目的を説明します。すべてのコンテンツは、\"/パターン/オプション\"（例: <code>/.+@domain\\.tld/i</code>）の形式で有効な正規表現を含む必要があります。<br>\r\n  正規表現の各行に対して簡易チェックが実行されますが、Rspamdが構文を正しく読み取れない場合、機能が損なわれる可能性があります。<br>\r\n  マップの内容が変更された場合、Rspamdはそれを読み取ろうとします。問題が発生した場合は、<a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">Rspamdを再起動</a>してマップの再読み込みを強制してください。<br>ブラックリストに登録された要素は隔離の対象外です。",
+        "rspamd_settings_map": "Rspamd設定マップ",
+        "sal_level": "Mooレベル",
+        "save": "変更を保存",
+        "search_domain_da": "ドメインを検索",
+        "send": "送信",
+        "sender": "送信者",
+        "service": "サービス",
+        "service_id": "サービスID",
+        "source": "ソース",
+        "spamfilter": "スパムフィルター",
+        "subject": "件名",
+        "success": "成功",
+        "sys_mails": "システムメール",
+        "text": "テキスト",
+        "time": "時間",
+        "title": "タイトル",
+        "title_name": "\"mailcow UI\" サイトのタイトル",
+        "to_top": "トップへ戻る",
+        "transport_dest_format": "正規表現または構文: example.org, .example.org, *, box@example.org（複数の値はカンマ区切りで指定可能）",
+        "transport_maps": "トランスポートマップ",
+        "transport_test_rcpt_info": "&#8226; 外部宛先へのリレーをテストするには null@hosted.mailcow.de を使用してください。",
+        "transports_hint": "&#8226; トランスポートマップのエントリーは送信者依存のトランスポートマップを<b>上書き</b>します。<br>\r\n&#8226; MXベースのトランスポートが優先的に使用されます。<br>\r\n&#8226; ユーザーごとの送信TLSポリシー設定は無視され、TLSポリシーマップエントリーによってのみ強制できます。<br>\r\n&#8226; 定義されたトランスポートのトランスポートサービスは常に \"smtp:\" であり、提供された場合はTLSを試みます。TLSラップ（SMTPS）はサポートされていません。<br>\r\n&#8226; アドレスが \"/localhost$/\" に一致する場合、それらは常に \"local:\" 経由で転送されるため、\"*\" 宛先はこれらのアドレスには適用されません。<br>\r\n&#8226; 次のホップ \"[host]:25\" の認証情報を判定するために、Postfixは<b>常に</b> \"host\" を最初に照会し、その後 \"[host]:25\" を検索します。この動作により、\"host\" と \"[host]:25\" を同時に使用することはできません。",
+        "ui_footer": "フッター（HTML使用可）",
+        "ui_header_announcement": "お知らせ",
+        "ui_header_announcement_active": "お知らせを有効に設定",
+        "ui_header_announcement_content": "テキスト（HTML使用可）",
+        "ui_header_announcement_help": "お知らせはすべてのログイン済みユーザーとUIのログイン画面に表示されます。",
+        "ui_header_announcement_select": "お知らせタイプを選択",
+        "ui_header_announcement_type": "タイプ",
+        "ui_header_announcement_type_danger": "非常に重要",
+        "ui_header_announcement_type_info": "情報",
+        "ui_header_announcement_type_warning": "重要",
+        "ui_texts": "UIラベルとテキスト",
+        "unban_pending": "禁止解除保留中",
+        "unchanged_if_empty": "変更がない場合は空白のままにしてください",
+        "upload": "アップロード",
+        "username": "ユーザー名",
+        "validate_license_now": "GUIDをライセンスサーバーで検証",
+        "verify": "確認",
+        "yes": "&#10003;"
+    },
+    "danger": {
+        "access_denied": "アクセスが拒否されるか、フォームデータが無効です",
+        "alias_domain_invalid": "エイリアスドメイン %s は無効です",
+        "alias_empty": "エイリアスアドレスを空にすることはできません",
+        "alias_goto_identical": "エイリアスと転送先アドレスは同一であってはなりません",
+        "alias_invalid": "エイリアスアドレス %s は無効です",
+        "aliasd_targetd_identical": "エイリアスドメインはターゲットドメインと同じであってはなりません: %s",
+        "aliases_in_use": "最大エイリアス数は %d 以上である必要があります",
+        "app_name_empty": "アプリ名を空にすることはできません",
+        "app_passwd_id_invalid": "アプリパスワードID %s は無効です",
+        "bcc_empty": "BCC送信先を空にすることはできません",
+        "bcc_exists": "BCCマップ %s がタイプ %s に存在します",
+        "bcc_must_be_email": "BCC送信先 %s は有効なメールアドレスではありません",
+        "comment_too_long": "コメントが長すぎます。最大160文字まで許可されます",
+        "cors_invalid_method": "指定された許可メソッドが無効です",
+        "cors_invalid_origin": "指定された許可オリジンが無効です",
+        "defquota_empty": "メールボックスごとのデフォルトクォータを0にすることはできません。",
+        "demo_mode_enabled": "デモモードが有効です",
+        "description_invalid": "リソース %s の説明が無効です",
+        "dkim_domain_or_sel_exists": "\"%s\" のDKIMキーが既に存在しており、上書きされません",
+        "dkim_domain_or_sel_invalid": "DKIMドメインまたはセレクタが無効です: %s",
+        "domain_cannot_match_hostname": "ドメインはホスト名と一致してはなりません",
+        "domain_exists": "ドメイン %s は既に存在します",
+        "domain_invalid": "ドメイン名が空か無効です",
+        "domain_not_empty": "非空のドメイン %s を削除することはできません",
+        "domain_not_found": "ドメイン %s が見つかりません",
+        "domain_quota_m_in_use": "ドメインクォータは %s MiB 以上である必要があります",
+        "extended_sender_acl_denied": "外部送信者アドレスを設定するためのACLが不足しています",
+        "extra_acl_invalid": "外部送信者アドレス \"%s\" は無効です",
+        "extra_acl_invalid_domain": "外部送信者 \"%s\" は無効なドメインを使用しています",
+        "fido2_verification_failed": "FIDO2認証に失敗しました: %s",
+        "file_open_error": "ファイルを開いて書き込むことができません",
+        "filter_type": "フィルタタイプが間違っています",
+        "from_invalid": "送信者を空にすることはできません",
+        "global_filter_write_error": "フィルターファイルを書き込めません: %s",
+        "global_map_invalid": "グローバルマップID %s は無効です",
+        "global_map_write_error": "グローバルマップID %s を書き込めません: %s",
+        "goto_empty": "エイリアスアドレスには少なくとも1つの有効な転送先アドレスが含まれている必要があります",
+        "goto_invalid": "転送先アドレス %s は無効です",
+        "ham_learn_error": "ハム学習エラー: %s",
+        "imagick_exception": "エラー: 画像の読み取り中にImagick例外が発生しました",
+        "img_dimensions_exceeded": "画像が最大サイズを超えています",
+        "img_invalid": "画像ファイルを検証できません",
+        "img_size_exceeded": "画像が最大ファイルサイズを超えています",
+        "img_tmp_missing": "画像ファイルを検証できません: 一時ファイルが見つかりません",
+        "invalid_bcc_map_type": "無効なBCCマップタイプ",
+        "invalid_destination": "送信先フォーマット \"%s\" は無効です",
+        "invalid_filter_type": "無効なフィルタタイプ",
+        "invalid_host": "無効なホストが指定されました: %s",
+        "invalid_mime_type": "無効なMIMEタイプ",
+        "invalid_nexthop": "次のホップフォーマットが無効です",
+        "invalid_nexthop_authenticated": "異なる認証情報で次のホップが存在します。最初にこの次のホップの既存の認証情報を更新してください。",
+        "invalid_recipient_map_new": "無効な新しい受信者が指定されました: %s",
+        "invalid_recipient_map_old": "無効な元の受信者が指定されました: %s",
+        "invalid_reset_token": "無効なリセットトークン",
+        "ip_list_empty": "許可されるIPリストを空にすることはできません",
+        "is_alias": "%s は既にエイリアスアドレスとして登録されています",
+        "is_alias_or_mailbox": "%s は既にエイリアス、メールボックス、またはエイリアスドメインから展開されたエイリアスアドレスとして登録されています。",
+        "is_spam_alias": "%s は既に一時的なエイリアスアドレス（スパムエイリアスアドレス）として登録されています",
+        "last_key": "最後のキーを削除することはできません。代わりにTFAを無効化してください。",
+        "login_failed": "ログインに失敗しました",
+        "mailbox_defquota_exceeds_mailbox_maxquota": "デフォルトクォータが最大クォータ制限を超えています",
+        "mailbox_invalid": "メールボックス名が無効です",
+        "mailbox_quota_exceeded": "クォータがドメイン制限を超えています（最大 %d MiB）",
+        "mailbox_quota_exceeds_domain_quota": "最大クォータがドメインクォータ制限を超えています",
+        "mailbox_quota_left_exceeded": "残り容量が不足しています（残り容量: %d MiB）",
+        "mailboxes_in_use": "最大メールボックス数は %d 以上である必要があります",
+        "malformed_username": "ユーザー名が不正な形式です",
+        "map_content_empty": "マップの内容を空にすることはできません",
+        "max_alias_exceeded": "最大エイリアス数を超えています",
+        "max_mailbox_exceeded": "最大メールボックス数を超えています（%d / %d）",
+        "max_quota_in_use": "メールボックスクォータは %d MiB 以上である必要があります",
+        "maxquota_empty": "メールボックスごとの最大クォータを0にすることはできません。",
+        "mysql_error": "MySQLエラー: %s",
+        "network_host_invalid": "無効なネットワークまたはホスト: %s",
+        "next_hop_interferes": "%s は次のホップ %s と干渉しています",
+        "next_hop_interferes_any": "既存の次のホップが %s と干渉しています",
+        "nginx_reload_failed": "Nginxのリロードに失敗しました: %s",
+        "no_user_defined": "ユーザーが定義されていません",
+        "object_exists": "オブジェクト %s は既に存在します",
+        "object_is_not_numeric": "値 %s は数値ではありません",
+        "password_complexity": "パスワードがポリシーを満たしていません",
+        "password_empty": "パスワードを空にすることはできません",
+        "password_mismatch": "確認用パスワードが一致しません",
+        "password_reset_invalid_user": "メールボックスが見つからないか、リカバリーメールが設定されていません",
+        "password_reset_na": "現在パスワードリカバリは利用できません。管理者にお問い合わせください。",
+        "policy_list_from_exists": "指定された名前のレコードが存在します",
+        "policy_list_from_invalid": "レコードの形式が無効です",
+        "private_key_error": "プライベートキーエラー: %s",
+        "pushover_credentials_missing": "Pushoverトークンまたはキーが不足しています",
+        "pushover_key": "Pushoverキーの形式が間違っています",
+        "pushover_token": "Pushoverトークンの形式が間違っています",
+        "quota_not_0_not_numeric": "クォータは数値で >= 0 である必要があります",
+        "recipient_map_entry_exists": "受信者マップエントリ \"%s\" が存在します",
+        "recovery_email_failed": "リカバリーメールを送信できませんでした。管理者にお問い合わせください。",
+        "redis_error": "Redisエラー: %s",
+        "relayhost_invalid": "マップエントリ %s は無効です",
+        "release_send_failed": "メッセージをリリースできませんでした: %s",
+        "reset_f2b_regex": "正規表現フィルターをタイムリーにリセットできませんでした。再試行するか、数秒待ってからウェブサイトをリロードしてください。",
+        "reset_token_limit_exceeded": "リセットトークン制限を超えました。後でもう一度試してください。",
+        "resource_invalid": "リソース名 %s は無効です",
+        "rl_timeframe": "レート制限の時間枠が正しくありません",
+        "rspamd_ui_pw_length": "Rspamd UIのパスワードは6文字以上である必要があります",
+        "script_empty": "スクリプトを空にすることはできません",
+        "sender_acl_invalid": "送信者ACL値 %s は無効です",
+        "set_acl_failed": "ACLの設定に失敗しました",
+        "settings_map_invalid": "設定マップID %s は無効です",
+        "sieve_error": "Sieveパーサーエラー: %s",
+        "spam_learn_error": "スパム学習エラー: %s",
+        "subject_empty": "件名を空にすることはできません",
+        "target_domain_invalid": "ターゲットドメイン %s は無効です",
+        "targetd_not_found": "ターゲットドメイン %s が見つかりません",
+        "targetd_relay_domain": "ターゲットドメイン %s はリレードメインです",
+        "template_exists": "テンプレート %s は既に存在します",
+        "template_id_invalid": "テンプレートID %s は無効です",
+        "template_name_invalid": "テンプレート名が無効です",
+        "temp_error": "一時的なエラー",
+        "text_empty": "テキストを空にすることはできません",
+        "tfa_token_invalid": "TFAトークンが無効です",
+        "tls_policy_map_dest_invalid": "ポリシーの宛先が無効です",
+        "tls_policy_map_entry_exists": "TLSポリシーマップエントリ \"%s\" が存在します",
+        "tls_policy_map_parameter_invalid": "ポリシーパラメータが無効です",
+        "to_invalid": "受信者を空にすることはできません",
+        "totp_verification_failed": "TOTP認証に失敗しました",
+        "transport_dest_exists": "トランスポートの宛先 \"%s\" が存在します",
+        "webauthn_verification_failed": "WebAuthn認証に失敗しました: %s",
+        "webauthn_authenticator_failed": "選択された認証器が見つかりませんでした",
+        "webauthn_publickey_failed": "選択された認証器に公開鍵が保存されていません",
+        "webauthn_username_failed": "選択された認証器は別のアカウントに属しています",
+        "unknown": "不明なエラーが発生しました",
+        "unknown_tfa_method": "未知のTFA方法",
+        "unlimited_quota_acl": "ACLによって無制限クォータは禁止されています",
+        "username_invalid": "ユーザー名 %s は使用できません",
+        "validity_missing": "有効期限を設定してください",
+        "value_missing": "すべての値を入力してください",
+        "yotp_verification_failed": "Yubico OTP認証に失敗しました: %s"
+    },
+    "datatables": {
+        "collapse_all": "すべて折りたたむ",
+        "decimal": ".",
+        "emptyTable": "テーブルにデータがありません",
+        "expand_all": "すべて展開する",
+        "info": "_TOTAL_ 件中 _START_ から _END_ を表示中",
+        "infoEmpty": "0 件中 0 から 0 を表示中",
+        "infoFiltered": "（_MAX_ 件のデータから絞り込み）",
+        "infoPostFix": "",
+        "thousands": ",",
+        "lengthMenu": "_MENU_ 件を表示",
+        "loadingRecords": "読み込み中...",
+        "processing": "お待ちください...",
+        "search": "検索:",
+        "zeroRecords": "一致する記録が見つかりません",
+        "paginate": {
+            "first": "最初",
+            "last": "最後",
+            "next": "次へ",
+            "previous": "前へ"
+        },
+        "aria": {
+            "sortAscending": ": 昇順に並べ替えるには有効化",
+            "sortDescending": ": 降順に並べ替えるには有効化"
+        }
+    },
+    "debug": {
+        "architecture": "アーキテクチャ",
+        "chart_this_server": "チャート（このサーバー）",
+        "containers_info": "コンテナ情報",
+        "container_running": "稼働中",
+        "container_disabled": "コンテナ停止または無効",
+        "container_stopped": "停止",
+        "cores": "コア数",
+        "current_time": "システム時間",
+        "disk_usage": "ディスク使用量",
+        "docs": "ドキュメント",
+        "error_show_ip": "パブリックIPアドレスを解決できませんでした",
+        "external_logs": "外部ログ",
+        "history_all_servers": "履歴（すべてのサーバー）",
+        "in_memory_logs": "インメモリーログ",
+        "jvm_memory_solr": "JVMメモリ使用量",
+        "last_modified": "最終更新日時",
+        "log_info": "<p>mailcowの<b>インメモリーログ</b>はRedisリストに収集され、ハンマリングを軽減するために1分ごとにLOG_LINES (%d)にトリムされます。\r\n  <br>インメモリーログは永続化を目的としたものではありません。インメモリーログを記録するすべてのアプリケーションは、Dockerデーモンとデフォルトのログドライバーにもログを記録します。\r\n  <br>インメモリーログタイプは、コンテナの軽微な問題をデバッグするために使用してください。</p>\r\n  <p><b>外部ログ</b>は指定されたアプリケーションのAPIを介して収集されます。</p>\r\n  <p><b>静的ログ</b>は主にアクティビティログであり、Dockerdには記録されませんが（APIログを除く）、永続化が必要です。</p>",
+        "login_time": "ログイン時間",
+        "logs": "ログ",
+        "memory": "メモリ",
+        "online_users": "オンラインユーザー",
+        "restart_container": "再起動",
+        "service": "サービス",
+        "show_ip": "パブリックIPを表示",
+        "size": "サイズ",
+        "solr_dead": "Solrは起動中、無効化、または停止しました。",
+        "solr_status": "Solrのステータス",
+        "started_at": "開始時刻",
+        "started_on": "開始日",
+        "static_logs": "静的ログ",
+        "success": "成功",
+        "system_containers": "システムとコンテナ",
+        "timezone": "タイムゾーン",
+        "uptime": "稼働時間",
+        "update_available": "利用可能なアップデートがあります",
+        "no_update_available": "システムは最新バージョンです",
+        "update_failed": "アップデートの確認に失敗しました",
+        "username": "ユーザー名",
+        "wip": "作業中"
+    },
+    "diagnostics": {
+        "cname_from_a": "A/AAAAレコードから派生した値です。この値は、レコードが正しいリソースを指している限りサポートされています。",
+        "dns_records": "DNSレコード",
+        "dns_records_24hours": "DNSに加えた変更が正しく反映されるまで最大24時間かかる場合があります。このページは、DNSレコードの設定方法を簡単に確認したり、すべてのレコードがDNSに正しく保存されているかを確認するためのものです。",
+        "dns_records_data": "正しいデータ",
+        "dns_records_docs": "<a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">ドキュメント</a>も参照してください。",
+        "dns_records_name": "名前",
+        "dns_records_status": "現在の状態",
+        "dns_records_type": "タイプ",
+        "optional": "このレコードは任意です。"
+    },
+    "edit": {
+        "acl": "ACL（権限）",
+        "active": "アクティブ",
+        "admin": "管理者を編集",
+        "advanced_settings": "詳細設定",
+        "alias": "エイリアスを編集",
+        "allow_from_smtp": "<b>SMTP</b>を使用するこれらのIPのみを許可",
+        "allow_from_smtp_info": "すべての送信者を許可するには空欄にしてください。<br>IPv4/IPv6アドレスおよびネットワークを指定できます。",
+        "allowed_protocols": "許可されたプロトコル",
+        "app_name": "アプリ名",
+        "app_passwd": "アプリパスワード",
+        "app_passwd_protocols": "アプリパスワードで許可されるプロトコル",
+        "automap": "フォルダーを自動マッピングする（例：\"Sent items\", \"Sent\" => \"Sent\" など）",
+        "backup_mx_options": "リレーオプション",
+        "bcc_dest_format": "BCC送信先は1つの有効なメールアドレスである必要があります。<br>複数のアドレスにコピーを送信する必要がある場合は、エイリアスを作成してここで使用してください。",
+        "client_id": "クライアントID",
+        "client_secret": "クライアントシークレット",
+        "comment_info": "プライベートコメントはユーザーには表示されませんが、パブリックコメントはユーザー概要でホバーするとツールチップとして表示されます。",
+        "created_on": "作成日時",
+        "custom_attributes": "カスタム属性",
+        "delete1": "完了時にソースから削除",
+        "delete2": "ソースに存在しないメッセージを送信先で削除",
+        "delete2duplicates": "送信先で重複を削除",
+        "delete_ays": "削除プロセスを確認してください。",
+        "description": "説明",
+        "disable_login": "ログインを禁止（受信メールは許可）",
+        "domain": "ドメインを編集",
+        "domain_admin": "ドメイン管理者を編集",
+        "domain_footer": "ドメイン全体のフッター",
+        "domain_footer_html": "HTMLフッター",
+        "domain_footer_info": "ドメイン全体のフッターは、このドメイン内のアドレスに関連付けられたすべての送信メールに追加されます。<br>フッターで使用できる変数は以下の通りです：",
+        "domain_footer_info_vars": {
+            "auth_user": "{= auth_user =}   - MTAによって指定された認証済みユーザー名",
+            "from_user": "{= from_user =}   - エンベロープの送信者部分。例：「moo@mailcow.tld」の場合、「moo」を返します。",
+            "from_name": "{= from_name =}   - エンベロープの送信者名。例：「Mailcow <moo@mailcow.tld>」の場合、「Mailcow」を返します。",
+            "from_addr": "{= from_addr =}   - エンベロープの送信者アドレス部分",
+            "from_domain": "{= from_domain =} - エンベロープの送信者ドメイン部分",
+            "custom": "{= foo =}         - メールボックスに「foo」というカスタム属性があり、その値が「bar」の場合、「bar」を返します。"
+        },
+        "domain_footer_plain": "プレインテキストのフッター",
+        "domain_footer_skip_replies": "返信メールでフッターを無視",
+        "domain_quota": "ドメインクォータ",
+        "domains": "ドメイン",
+        "dont_check_sender_acl": "ドメイン %s（およびエイリアスドメイン）の送信者チェックを無効化",
+        "edit_alias_domain": "エイリアスドメインを編集",
+        "encryption": "暗号化",
+        "exclude": "オブジェクトを除外（正規表現）",
+        "extended_sender_acl": "外部送信者アドレス",
+        "extended_sender_acl_info": "可能であればDKIMドメインキーをインポートしてください。<br>\r\n  このサーバーを対応するSPF TXTレコードに追加することを忘れないでください。<br>\r\n  このサーバーに外部アドレスと重複するドメインまたはエイリアスドメインを追加するたびに、外部アドレスは削除されます。<br>\r\n  *@domain.tld として送信を許可するには @domain.tld を使用してください。",
+        "force_pw_update": "次回ログイン時にパスワードの更新を強制",
+        "force_pw_update_info": "このユーザーは %s にのみログインできます。アプリパスワードは引き続き使用可能です。",
+        "footer_exclude": "フッターから除外",
+        "full_name": "フルネーム",
+        "gal": "グローバルアドレスリスト",
+        "gal_info": "GALにはドメインのすべてのオブジェクトが含まれ、ユーザーは編集できません。無効にすると、SOGoの空き/取り込み情報が欠落します！<b>変更を適用するにはSOGoを再起動してください。</b>",
+        "generate": "生成",
+        "grant_types": "付与タイプ",
+        "hostname": "ホスト名",
+        "inactive": "非アクティブ",
+        "kind": "種類",
+        "last_modified": "最終更新日時",
+        "lookup_mx": "宛先がMX名に一致する正規表現です（例：<code>.*\\.google\\.com</code> は google.com で終わるMX宛のすべてのメールをこのホップにルートします）",
+        "mailbox": "メールボックスを編集",
+        "mailbox_quota_def": "デフォルトのメールボックスクォータ",
+        "mailbox_relayhost_info": "メールボックスおよび直接エイリアスにのみ適用され、ドメインリレーホストを上書きします。",
+        "mailbox_rename": "メールボックス名を変更",
+        "mailbox_rename_agree": "バックアップを作成しました。",
+        "mailbox_rename_warning": "重要！メールボックス名を変更する前にバックアップを作成してください。",
+        "mailbox_rename_alias": "エイリアスを自動作成",
+        "mailbox_rename_title": "新しいローカルメールボックス名",
+        "max_aliases": "最大エイリアス数",
+        "max_mailboxes": "作成可能な最大メールボックス数",
+        "max_quota": "メールボックスごとの最大クォータ（MiB）",
+        "maxage": "リモートから取得するメッセージの最大日数<br><small>(0 = 日数を無視)</small>",
+        "maxbytespersecond": "毎秒の最大バイト数<br><small>(0 = 無制限)</small>",
+        "mbox_rl_info": "このレート制限はSASLログイン名に適用され、ログインしたユーザーによって使用されるすべての「送信者」アドレスに一致します。メールボックスレート制限は、ドメイン全体のレート制限を上書きします。",
+        "mins_interval": "間隔（分）",
+        "multiple_bookings": "複数予約",
+        "none_inherit": "なし / 継承",
+        "nexthop": "次のホップ",
+        "password": "パスワード",
+        "password_recovery_email": "パスワードリカバリメール",
+        "password_repeat": "確認用パスワード（再入力）",
+        "previous": "前のページ",
+        "private_comment": "プライベートコメント",
+        "public_comment": "パブリックコメント",
+        "pushover": "Pushover",
+        "pushover_evaluate_x_prio": "高優先度メールをエスカレーションする [<code>X-Priority: 1</code>]",
+        "pushover_info": "プッシュ通知設定は<b>%s</b>に配信されるすべてのクリーン（スパムでない）メールに適用されます。エイリアス（共有、非共有、タグ付き）も含まれます。",
+        "pushover_only_x_prio": "高優先度メールのみを考慮 [<code>X-Priority: 1</code>]",
+        "pushover_sender_array": "以下の送信者メールアドレスのみを考慮<small>（カンマ区切り）</small>",
+        "pushover_sender_regex": "以下の送信者正規表現を考慮",
+        "pushover_text": "通知テキスト",
+        "pushover_title": "通知タイトル",
+        "pushover_sound": "通知音",
+        "pushover_vars": "送信者フィルターが定義されていない場合、すべてのメールが考慮されます。<br>正規表現フィルターおよび正確な送信者チェックを個別に定義可能で、順次考慮されます。これらは互いに依存しません。<br>テキストおよびタイトルに使用可能な変数（データ保護ポリシーに注意してください）",
+        "pushover_verify": "資格情報を確認",
+        "quota_mb": "クォータ（MiB）",
+        "quota_warning_bcc": "クォータ警告BCC",
+        "quota_warning_bcc_info": "警告は別のコピーとして以下の受信者に送信されます。件名には対応するユーザー名が括弧内に付加されます（例：<code>Quota warning (user@example.com)</code>）。",
+        "ratelimit": "レート制限",
+        "redirect_uri": "リダイレクト/コールバックURL",
+        "relay_all": "すべての受信者をリレー",
+        "relay_all_info": "↪ すべての受信者をリレー<b>しない</b>場合、リレーする必要のある各受信者のために（\"ブラインド\"）メールボックスを追加する必要があります。",
+        "relay_domain": "このドメインをリレー",
+        "relay_transport_info": "<div class=\"badge fs-6 bg-info\">情報</div> このドメインのカスタム宛先のトランスポートマップを定義できます。設定されていない場合、MXルックアップが実行されます。",
+        "relay_unknown_only": "存在しないメールボックスのみをリレー。存在するメールボックスはローカルに配信されます。",
+        "relayhost": "送信者依存のトランスポート",
+        "remove": "削除",
+        "resource": "リソース",
+        "save": "変更を保存",
+        "scope": "スコープ",
+        "sender_acl": "送信を許可するアドレス",
+        "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">送信者チェックが無効です</span>",
+        "sender_acl_info": "メールボックスユーザーAがメールボックスユーザーBとして送信することを許可されている場合、SOGoで送信者アドレスが自動的に選択可能な「送信者」フィールドとして表示されることはありません。<br>\r\n  メールボックスユーザーBは、SOGoでメールボックスを委任する必要があります。この委任は、メールビューの左上にあるメールボックス名の右にあるメニュー（三点ボタン）を使用して行います。この動作はエイリアスアドレスには適用されません。",
+        "sieve_desc": "簡単な説明",
+        "sieve_type": "フィルタータイプ",
+        "skipcrossduplicates": "フォルダー間で重複するメッセージをスキップ（先着順）",
+        "sogo_access": "SOGoへの直接ログインアクセスを許可",
+        "sogo_access_info": "メールUI内からのシングルサインオンは引き続き動作します。この設定は他のすべてのサービスへのアクセスには影響しません。また、ユーザーの既存のSOGoプロファイルを削除または変更するものでもありません。",
+        "sogo_visible": "SOGoにエイリアスが表示される",
+        "sogo_visible_info": "このオプションは、SOGoで表示可能なオブジェクト（ローカルメールボックスを指す共有または非共有のエイリアスアドレス）にのみ影響します。非表示にすると、SOGoで選択可能な送信者としてエイリアスは表示されません。",
+        "spam_alias": "時間制限付きエイリアスアドレスを作成または変更",
+        "spam_filter": "スパムフィルター",
+        "spam_policy": "ホワイトリスト/ブラックリストにアイテムを追加または削除",
+        "spam_score": "カスタムスパムスコアを設定",
+        "subfolder2": "送信先でサブフォルダーに同期<br><small>（空欄 = サブフォルダーを使用しない）</small>",
+        "syncjob": "同期ジョブを編集",
+        "target_address": "転送先アドレス<small>（カンマ区切り）</small>",
+        "target_domain": "ターゲットドメイン",
+        "timeout1": "リモートホストへの接続タイムアウト",
+        "timeout2": "ローカルホストへの接続タイムアウト",
+        "title": "オブジェクトを編集",
+        "unchanged_if_empty": "変更がない場合は空欄にしてください",
+        "username": "ユーザー名",
+        "validate_save": "検証して保存"
+    },
+    "fido2": {
+        "confirm": "確認",
+        "fido2_auth": "FIDO2でログイン",
+        "fido2_success": "デバイスが正常に登録されました",
+        "fido2_validation_failed": "検証に失敗しました",
+        "fn": "フレンドリーネーム",
+        "known_ids": "登録済みID",
+        "none": "無効",
+        "register_status": "登録状況",
+        "rename": "名前を変更",
+        "set_fido2": "FIDO2デバイスを登録",
+        "set_fido2_touchid": "Apple M1でTouch IDを登録",
+        "set_fn": "フレンドリーネームを設定",
+        "start_fido2_validation": "FIDO2検証を開始"
+    },
+    "footer": {
+        "cancel": "キャンセル",
+        "confirm_delete": "削除の確認",
+        "delete_now": "今すぐ削除",
+        "delete_these_items": "次のオブジェクトIDに対する変更を確認してください",
+        "hibp_check": "haveibeenpwned.comで確認",
+        "hibp_nok": "一致しました！これは潜在的に危険なパスワードです！",
+        "hibp_ok": "一致は見つかりませんでした。",
+        "loading": "お待ちください...",
+        "nothing_selected": "選択されていません",
+        "restart_container": "コンテナを再起動",
+        "restart_container_info": "<b>重要：</b> 優雅な再起動には時間がかかる場合があります。完了するまでお待ちください。",
+        "restart_now": "今すぐ再起動",
+        "restarting_container": "コンテナを再起動中です。これには時間がかかる場合があります。"
+    },
+    "header": {
+        "administration": "構成と詳細",
+        "apps": "アプリ",
+        "debug": "情報",
+        "email": "Eメール",
+        "mailcow_system": "システム",
+        "mailcow_config": "構成",
+        "quarantine": "隔離",
+        "restart_netfilter": "netfilterを再起動",
+        "restart_sogo": "SOGoを再起動",
+        "user_settings": "ユーザー設定"
+    },
+    "info": {
+        "awaiting_tfa_confirmation": "TFA（二要素認証）の確認待ち",
+        "no_action": "適用可能なアクションはありません",
+        "session_expires": "セッションは約15秒で期限切れになります"
+    },
+    "login": {
+        "back_to_mailcow": "mailcowに戻る",
+        "delayed": "ログインが %s 秒遅れました。",
+        "fido2_webauthn": "FIDO2/WebAuthnでログイン",
+        "forgot_password": "> パスワードをお忘れですか？",
+        "invalid_pass_reset_token": "パスワードリセットトークンが無効または期限切れです。<br>新しいパスワードリセットリンクをリクエストしてください。",
+        "login": "ログイン",
+        "mobileconfig_info": "リクエストされたApple接続プロファイルをダウンロードするには、メールボックスユーザーとしてログインしてください。",
+        "new_password": "新しいパスワード",
+        "new_password_confirm": "新しいパスワードを確認",
+        "other_logins": "キーでログイン",
+        "password": "パスワード",
+        "reset_password": "パスワードをリセット",
+        "request_reset_password": "パスワード変更をリクエスト",
+        "username": "ユーザー名"
+    },
+    "mailbox": {
+        "action": "アクション",
+        "activate": "有効化",
+        "active": "有効",
+        "add": "追加",
+        "add_alias": "エイリアスを追加",
+        "add_alias_expand": "エイリアスドメインでエイリアスを展開",
+        "add_bcc_entry": "BCCマップを追加",
+        "add_domain": "ドメインを追加",
+        "add_domain_alias": "ドメインエイリアスを追加",
+        "add_domain_record_first": "まずドメインを追加してください",
+        "add_filter": "フィルタを追加",
+        "add_mailbox": "メールボックスを追加",
+        "add_recipient_map_entry": "受信者マップを追加",
+        "add_resource": "リソースを追加",
+        "add_template": "テンプレートを追加",
+        "add_tls_policy_map": "TLSポリシーマップを追加",
+        "address_rewriting": "アドレス書き換え",
+        "alias": "エイリアス",
+        "alias_domain_alias_hint": "エイリアスはドメインエイリアスに自動的には適用<b>されません</b>。エイリアスアドレス<code>my-alias@domain</code>は、アドレス<code>my-alias@alias-domain</code>を<b>カバーしません</b>（\"alias-domain\"は\"domain\"の仮想エイリアスドメイン）。<br>外部メールボックスにメールを転送するには、シーブフィルタを使用してください（\"Filters\"タブまたはSOGoのForwarderを使用）。\"エイリアスドメインでエイリアスを展開\"を使用して不足しているエイリアスを自動的に追加できます。",
+        "alias_domain_backupmx": "リレードメイン用にエイリアスドメインが無効",
+        "aliases": "エイリアス",
+        "all_domains": "すべてのドメイン",
+        "allow_from_smtp": "<b>SMTP</b>を使用するこれらのIPのみを許可",
+        "allow_from_smtp_info": "すべての送信者を許可するには空欄にしてください。<br>IPv4/IPv6アドレスおよびネットワークを指定可能。",
+        "allowed_protocols": "直接ユーザーアクセスで許可されるプロトコル（アプリパスワードプロトコルには影響しません）",
+        "backup_mx": "リレードメイン",
+        "bcc": "BCC",
+        "bcc_destination": "BCC送信先",
+        "bcc_destinations": "BCC送信先",
+        "bcc_info": "BCCマップはすべてのメッセージのコピーを他のアドレスに静かに転送するために使用されます。ローカル送信先がメールの受信者として機能するときに受信者マップタイプのエントリが使用されます。送信者マップも同じ原則に従います。<br>\r\n  ローカル送信先は配送失敗について通知されません。",
+        "bcc_local_dest": "ローカル送信先",
+        "bcc_map": "BCCマップ",
+        "bcc_map_type": "BCCタイプ",
+        "bcc_maps": "BCCマップ",
+        "bcc_rcpt_map": "受信者マップ",
+        "bcc_sender_map": "送信者マップ",
+        "bcc_to_rcpt": "受信者マップタイプに切り替え",
+        "bcc_to_sender": "送信者マップタイプに切り替え",
+        "bcc_type": "BCCタイプ",
+        "booking_null": "常に空きとして表示",
+        "booking_0_short": "常に空き",
+        "booking_custom": "特定の予約数に制限",
+        "booking_custom_short": "ハードリミット",
+        "booking_ltnull": "無制限だが予約時は使用中として表示",
+        "booking_lt0_short": "ソフトリミット",
+        "catch_all": "キャッチオール",
+        "created_on": "作成日",
+        "daily": "毎日",
+        "deactivate": "無効化",
+        "description": "説明",
+        "disable_login": "ログインを禁止（受信メールは許可）",
+        "disable_x": "無効化",
+        "dkim_domains_selector": "セレクタ",
+        "dkim_key_length": "DKIMキーの長さ（ビット）",
+        "domain": "ドメイン",
+        "domain_admins": "ドメイン管理者",
+        "domain_aliases": "ドメインエイリアス",
+        "domain_templates": "ドメインテンプレート",
+        "domain_quota": "クォータ",
+        "domain_quota_total": "ドメイン全体のクォータ",
+        "domains": "ドメイン",
+        "edit": "編集",
+        "empty": "結果なし",
+        "enable_x": "有効化",
+        "excludes": "除外",
+        "filter_table": "フィルタテーブル",
+        "filters": "フィルタ",
+        "fname": "フルネーム",
+        "force_pw_update": "次回ログイン時にパスワード更新を強制",
+        "gal": "グローバルアドレスリスト",
+        "goto_ham": "<b>Ham</b>として学習",
+        "goto_spam": "<b>Spam</b>として学習",
+        "hourly": "毎時",
+        "in_use": "使用中 (%)",
+        "inactive": "非アクティブ",
+        "insert_preset": "例のプリセット \"%s\" を挿入",
+        "kind": "種類",
+        "last_mail_login": "最後のメールログイン",
+        "last_modified": "最終更新日",
+        "last_pw_change": "最後のパスワード変更",
+        "last_run": "最後の実行",
+        "last_run_reset": "次回のスケジュール設定",
+        "mailbox": "メールボックス",
+        "mailbox_defaults": "デフォルト設定",
+        "mailbox_defaults_info": "新しいメールボックスのデフォルト設定を定義します。",
+        "mailbox_defquota": "デフォルトのメールボックスサイズ",
+        "mailbox_templates": "メールボックステンプレート",
+        "mailbox_quota": "メールボックスの最大サイズ",
+        "mailboxes": "メールボックス",
+        "max_aliases": "最大エイリアス数",
+        "max_mailboxes": "作成可能な最大メールボックス数",
+        "max_quota": "メールボックスごとの最大クォータ",
+        "mins_interval": "間隔（分）",
+        "msg_num": "メッセージ番号",
+        "multiple_bookings": "複数予約",
+        "never": "なし",
+        "no": "&#10005;",
+        "no_record": "オブジェクト %s に記録がありません",
+        "no_record_single": "記録なし",
+        "open_logs": "ログを開く",
+        "owner": "所有者",
+        "private_comment": "プライベートコメント",
+        "public_comment": "パブリックコメント",
+        "q_add_header": "迷惑メールフォルダに移動時",
+        "q_all": "迷惑メールフォルダに移動時および拒否時",
+        "q_reject": "拒否時",
+        "quarantine_category": "隔離通知カテゴリ",
+        "quarantine_notification": "隔離通知",
+        "quick_actions": "アクション",
+        "recipient": "受信者",
+        "recipient_map": "受信者マップ",
+        "recipient_map_info": "受信者マップは、メッセージが配信される前に宛先アドレスを置き換えるために使用されます。",
+        "recipient_map_new": "新しい受信者",
+        "recipient_map_new_info": "受信者マップの宛先は有効なメールアドレスである必要があります。",
+        "recipient_map_old": "元の受信者",
+        "recipient_map_old_info": "受信者マップの元の宛先は有効なメールアドレスまたはドメイン名である必要があります。",
+        "recipient_maps": "受信者マップ",
+        "relay_all": "すべての受信者をリレー",
+        "relay_unknown": "未知のメールボックスをリレー",
+        "remove": "削除",
+        "resources": "リソース",
+        "running": "稼働中",
+        "sender": "送信者",
+        "set_postfilter": "ポストフィルターとして設定",
+        "set_prefilter": "プリフィルターとして設定",
+        "sieve_info": "ユーザーごとに複数のフィルタを保存できますが、同時にアクティブにできるのは1つのプリフィルタと1つのポストフィルタだけです。<br>\r\n各フィルタは指定された順序で処理されます。スクリプトの失敗や\"keep;\"の発行は、後続のスクリプトの処理を停止しません。グローバルシーブスクリプトの変更はDovecotの再起動をトリガーします。<br><br>グローバルシーブプリフィルタ &#8226; プリフィルタ &#8226; ユーザースクリプト &#8226; ポストフィルタ &#8226; グローバルシーブポストフィルタ",
+        "sieve_preset_1": "危険性の高いファイルタイプのメールを破棄",
+        "sieve_preset_2": "特定の送信者のメールを常に既読としてマーク",
+        "sieve_preset_3": "静かに破棄し、すべてのシーブ処理を停止",
+        "sieve_preset_4": "INBOXにファイルし、シーブフィルタによるさらなる処理をスキップ",
+        "sieve_preset_5": "自動返信（バケーション）",
+        "sieve_preset_6": "応答付きでメールを拒否",
+        "sieve_preset_7": "リダイレクトして保持/削除",
+        "sieve_preset_8": "特定の送信者からのメールをリダイレクトし、既読としてマークしてサブフォルダーに分類",
+        "sieve_preset_header": "以下の例のプリセットをご覧ください。詳細については<a href=\"https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)\" target=\"_blank\">Wikipedia</a>を参照してください。",
+        "sogo_visible": "エイリアスはSOGoで表示されます",
+        "sogo_visible_n": "SOGoでエイリアスを非表示",
+        "sogo_visible_y": "SOGoでエイリアスを表示",
+        "spam_aliases": "一時的なエイリアス",
+        "stats": "統計",
+        "status": "ステータス",
+        "sync_jobs": "同期ジョブ",
+        "syncjob_check_log": "ログを確認",
+        "syncjob_last_run_result": "最後の実行結果",
+        "syncjob_EX_OK": "成功",
+        "syncjob_EXIT_CONNECTION_FAILURE": "接続問題",
+        "syncjob_EXIT_TLS_FAILURE": "暗号化接続の問題",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "認証問題",
+        "syncjob_EXIT_OVERQUOTA": "宛先メールボックスがクォータを超過",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "リモートサーバーに接続できません",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "ユーザー名またはパスワードが間違っています",
+        "table_size": "テーブルサイズ",
+        "table_size_show_n": "%s 件を表示",
+        "target_address": "転送先アドレス",
+        "target_domain": "ターゲットドメイン",
+        "templates": "テンプレート",
+        "template": "テンプレート",
+        "tls_enforce_in": "TLSの受信を強制",
+        "tls_enforce_out": "TLSの送信を強制",
+        "tls_map_dest": "宛先",
+        "tls_map_dest_info": "例: example.org, .example.org, [mail.example.org]:25",
+        "tls_map_parameters": "パラメータ",
+        "tls_map_parameters_info": "空欄またはパラメータ（例: protocols=!SSLv2 ciphers=medium exclude=3DES）",
+        "tls_map_policy": "ポリシー",
+        "tls_policy_maps": "TLSポリシーマップ",
+        "tls_policy_maps_enforced_tls": "これらのポリシーは、送信TLS接続を強制するメールボックスユーザーの動作も上書きします。以下にポリシーが存在しない場合、これらのユーザーはデフォルト値（<code>smtp_tls_mandatory_protocols</code>および<code>smtp_tls_mandatory_ciphers</code>）を適用します。",
+        "tls_policy_maps_info": "このポリシーマップは、ユーザーのTLSポリシー設定とは無関係に送信TLSトランスポートルールを上書きします。<br>\r\n  詳細については<a href=\"http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps\" target=\"_blank\">\"smtp_tls_policy_maps\"のドキュメント</a>をご確認ください。",
+        "tls_policy_maps_long": "送信TLSポリシーマップの上書き",
+        "toggle_all": "すべて切り替え",
+        "username": "ユーザー名",
+        "waiting": "待機中",
+        "weekly": "毎週",
+        "yes": "&#10003;"
+    },
+    "oauth2": {
+        "access_denied": "OAuth2経由でアクセスを許可するには、メールボックスの所有者としてログインしてください。",
+        "authorize_app": "アプリケーションを認証",
+        "deny": "拒否",
+        "permit": "アプリケーションを許可",
+        "profile": "プロファイル",
+        "profile_desc": "個人情報を表示: ユーザー名、フルネーム、作成日、更新日、アクティブ状態",
+        "scope_ask_permission": "以下の権限を要求するアプリケーションがあります"
+    },
+    "quarantine": {
+        "action": "アクション",
+        "atts": "添付ファイル",
+        "check_hash": "ファイルハッシュをVTで検索",
+        "confirm": "確認",
+        "confirm_delete": "この要素の削除を確認してください。",
+        "danger": "危険",
+        "deliver_inbox": "受信トレイに配信",
+        "disabled_by_config": "現在のシステム設定では隔離機能が無効になっています。「メールボックスごとの保存期間」と「隔離要素の最大サイズ」を設定してください。",
+        "download_eml": "ダウンロード（.eml）",
+        "empty": "結果がありません",
+        "high_danger": "高",
+        "info": "情報",
+        "junk_folder": "迷惑メールフォルダ",
+        "learn_spam_delete": "スパムとして学習して削除",
+        "low_danger": "低",
+        "medium_danger": "中",
+        "neutral_danger": "中立",
+        "notified": "通知済み",
+        "qhandler_success": "リクエストがシステムに正常に送信されました。このウィンドウを閉じることができます。",
+        "qid": "Rspamd QID",
+        "qinfo": "隔離システムは拒否されたメールをデータベースに保存します（送信者には配信されたようには見えません）。また、メールボックスの迷惑メールフォルダにコピーとして配信されたメールも保存します。\r\n  <br>「スパムとして学習して削除」は、ベイズ理論を使用してメッセージをスパムとして学習し、将来的に類似メッセージを拒否するためのファジーハッシュを計算します。\r\n  <br>複数のメッセージを学習することは、システムによっては時間がかかる場合があります。<br>ブラックリスト登録された要素は隔離対象外です。",
+        "qitem": "隔離項目",
+        "quarantine": "隔離",
+        "quick_actions": "クイックアクション",
+        "quick_delete_link": "クイック削除リンクを開く",
+        "quick_info_link": "情報リンクを開く",
+        "quick_release_link": "クイックリリースリンクを開く",
+        "rcpt": "受信者",
+        "received": "受信日時",
+        "recipients": "受信者",
+        "refresh": "更新",
+        "rejected": "拒否",
+        "release": "リリース",
+        "release_body": "メッセージを.emlファイルとして添付しました。",
+        "release_subject": "潜在的に危険な隔離項目 %s",
+        "remove": "削除",
+        "rewrite_subject": "件名の書き換え",
+        "rspamd_result": "Rspamd 結果",
+        "sender": "送信者（SMTP）",
+        "sender_header": "送信者（「From」ヘッダー）",
+        "settings_info": "隔離対象の要素数の最大値: %s<br>最大メールサイズ: %s MiB",
+        "show_item": "項目を表示",
+        "spam": "スパム",
+        "spam_score": "スコア",
+        "subj": "件名",
+        "table_size": "テーブルサイズ",
+        "table_size_show_n": "%s 件表示",
+        "text_from_html_content": "コンテンツ（変換されたHTML）",
+        "text_plain_content": "コンテンツ（text/plain）",
+        "toggle_all": "すべて選択/解除",
+        "type": "タイプ"
+    },
+    "queue": {
+        "delete": "すべて削除",
+        "flush": "キューをフラッシュ",
+        "info": "メールキューには、配信を待っているすべてのメールが含まれています。メールが長時間メールキューに停滞している場合、システムによって自動的に削除されます。<br>該当メールのエラーメッセージは、メールが配信できなかった理由についての情報を提供します。",
+        "legend": "メールキュー操作機能:",
+        "ays": "現在のキューからすべてのアイテムを削除することを確認してください。",
+        "deliver_mail": "配信",
+        "deliver_mail_legend": "選択されたメールの再配信を試みます。",
+        "hold_mail": "保留",
+        "hold_mail_legend": "選択されたメールを保留します。（さらに配信を試みるのを防ぎます）",
+        "queue_manager": "キューマネージャー",
+        "show_message": "メッセージを表示",
+        "unban": "キューの禁止解除",
+        "unhold_mail": "保留解除",
+        "unhold_mail_legend": "配信のために選択されたメールを解放します。（事前に保留が必要）"
+    },
+    "ratelimit": {
+        "disabled": "無効",
+        "second": "通数 / 秒",
+        "minute": "通数 / 分",
+        "hour": "通数 / 時間",
+        "day": "通数 / 日"
+    },
+    "start": {
+        "help": "ヘルプパネルを表示/非表示",
+        "imap_smtp_server_auth_info": "メールアドレス全体を使用し、PLAIN認証メカニズムを使用してください。<br>\r\nログインデータはサーバー側の強制暗号化により保護されます。",
+        "mailcow_apps_detail": "mailcowアプリを使用して、メール、カレンダー、連絡先などにアクセスできます。",
+        "mailcow_panel_detail": "<b>ドメイン管理者</b>は、メールボックスやエイリアスを作成、変更、削除したり、ドメインを変更したり、割り当てられたドメインに関する情報を確認できます。<br>\r\n<b>メールボックスユーザー</b>は、期間限定のエイリアス（スパムエイリアス）を作成したり、パスワードやスパムフィルターの設定を変更したりできます。"
+    },
+    "success": {
+        "acl_saved": "オブジェクト %s のACLを保存しました",
+        "admin_added": "管理者 %s が追加されました",
+        "admin_api_modified": "APIの変更が保存されました",
+        "admin_modified": "管理者の変更が保存されました",
+        "admin_removed": "管理者 %s が削除されました",
+        "alias_added": "エイリアスアドレス %s (%d) が追加されました",
+        "alias_domain_removed": "エイリアスドメイン %s が削除されました",
+        "alias_modified": "エイリアスアドレス %s の変更が保存されました",
+        "alias_removed": "エイリアス %s が削除されました",
+        "aliasd_added": "エイリアスドメイン %s が追加されました",
+        "aliasd_modified": "エイリアスドメイン %s の変更が保存されました",
+        "app_links": "アプリリンクの変更を保存しました",
+        "app_passwd_added": "新しいアプリパスワードを追加しました",
+        "app_passwd_removed": "アプリパスワードID %s を削除しました",
+        "bcc_deleted": "BCCマップエントリを削除しました: %s",
+        "bcc_edited": "BCCマップエントリ %s を編集しました",
+        "bcc_saved": "BCCマップエントリを保存しました",
+        "cors_headers_edited": "CORS設定が保存されました",
+        "db_init_complete": "データベースの初期化が完了しました",
+        "delete_filter": "フィルターID %s を削除しました",
+        "delete_filters": "フィルターを削除しました: %s",
+        "deleted_syncjob": "同期ジョブID %s を削除しました",
+        "deleted_syncjobs": "同期ジョブを削除しました: %s",
+        "dkim_added": "DKIMキー %s を保存しました",
+        "domain_add_dkim_available": "既にDKIMキーが存在していました",
+        "dkim_duplicated": "ドメイン %s のDKIMキーを %s にコピーしました",
+        "dkim_removed": "DKIMキー %s を削除しました",
+        "domain_added": "ドメイン %s を追加しました",
+        "domain_admin_added": "ドメイン管理者 %s が追加されました",
+        "domain_admin_modified": "ドメイン管理者 %s の変更が保存されました",
+        "domain_admin_removed": "ドメイン管理者 %s が削除されました",
+        "domain_footer_modified": "ドメインフッター %s の変更が保存されました",
+        "domain_modified": "ドメイン %s の変更が保存されました",
+        "domain_removed": "ドメイン %s が削除されました",
+        "dovecot_restart_success": "Dovecotが正常に再起動されました",
+        "eas_reset": "ユーザー %s のActiveSyncデバイスをリセットしました",
+        "f2b_banlist_refreshed": "Banlist ID が正常に更新されました。",
+        "f2b_modified": "Fail2banのパラメータの変更が保存されました",
+        "forwarding_host_added": "転送ホスト %s を追加しました",
+        "forwarding_host_removed": "転送ホスト %s を削除しました",
+        "global_filter_written": "フィルターが正常にファイルに書き込まれました",
+        "hash_deleted": "ハッシュを削除しました",
+        "ip_check_opt_in_modified": "IPチェックが正常に保存されました",
+        "item_deleted": "アイテム %s を正常に削除しました",
+        "item_released": "アイテム %s をリリースしました",
+        "items_deleted": "アイテム %s を正常に削除しました",
+        "items_released": "選択されたアイテムをリリースしました",
+        "learned_ham": "ID %s をhamとして正常に学習しました",
+        "license_modified": "ライセンスの変更が保存されました",
+        "logged_in_as": "%s としてログインしました",
+        "mailbox_added": "メールボックス %s を追加しました",
+        "mailbox_modified": "メールボックス %s の変更が保存されました",
+        "mailbox_removed": "メールボックス %s が削除されました",
+        "mailbox_renamed": "メールボックス名を %s から %s に変更しました",
+        "nginx_reloaded": "Nginxをリロードしました",
+        "object_modified": "オブジェクト %s の変更が保存されました",
+        "password_policy_saved": "パスワードポリシーが正常に保存されました",
+        "password_changed_success": "パスワードが正常に変更されました",
+        "pushover_settings_edited": "Pushover設定が正常に設定されました。資格情報を確認してください。",
+        "qlearn_spam": "メッセージID %s をスパムとして学習し削除しました",
+        "queue_command_success": "キューコマンドが正常に完了しました",
+        "recipient_map_entry_deleted": "受信者マップID %s を削除しました",
+        "recipient_map_entry_saved": "受信者マップエントリ \"%s\" を保存しました",
+        "recovery_email_sent": "リカバリーメールを %s に送信しました",
+        "relayhost_added": "マップエントリ %s を追加しました",
+        "relayhost_removed": "マップエントリ %s を削除しました",
+        "reset_main_logo": "メインロゴをデフォルトにリセットしました",
+        "resource_added": "リソース %s を追加しました",
+        "resource_modified": "メールボックス %s の変更が保存されました",
+        "resource_removed": "リソース %s を削除しました",
+        "rl_saved": "オブジェクト %s のレート制限を保存しました",
+        "rspamd_ui_pw_set": "Rspamd UIパスワードを正常に設定しました",
+        "saved_settings": "設定を保存しました",
+        "settings_map_added": "設定マップエントリを追加しました",
+        "settings_map_removed": "設定マップID %s を削除しました",
+        "sogo_profile_reset": "ユーザー %s のSOGoプロファイルをリセットしました",
+        "template_added": "テンプレート %s を追加しました",
+        "template_modified": "テンプレート %s の変更が保存されました",
+        "template_removed": "テンプレートID %s を削除しました",
+        "tls_policy_map_entry_deleted": "TLSポリシーマップID %s を削除しました",
+        "tls_policy_map_entry_saved": "TLSポリシーマップエントリ \"%s\" を保存しました",
+        "ui_texts": "UIテキストの変更を保存しました",
+        "upload_success": "ファイルを正常にアップロードしました",
+        "verified_fido2_login": "FIDO2ログインを確認しました",
+        "verified_totp_login": "TOTPログインを確認しました",
+        "verified_webauthn_login": "WebAuthnログインを確認しました",
+        "verified_yotp_login": "Yubico OTPログインを確認しました"
+    },
+    "tfa": {
+        "authenticators": "認証アプリ",
+        "api_register": "%s は Yubico Cloud API を使用しています。<a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">こちら</a>からAPIキーを取得してください。",
+        "confirm": "確認",
+        "confirm_totp_token": "生成されたトークンを入力して変更を確認してください。",
+        "delete_tfa": "TFAを無効化",
+        "disable_tfa": "次回の成功したログインまでTFAを無効化",
+        "enter_qr_code": "デバイスがQRコードをスキャンできない場合、以下のTOTPコードを入力してください。",
+        "error_code": "エラーコード",
+        "init_webauthn": "初期化中です。しばらくお待ちください...",
+        "key_id": "デバイスの識別子",
+        "key_id_totp": "キーの識別子",
+        "none": "無効化",
+        "reload_retry": "- (エラーが続く場合はブラウザを再読み込みしてください)",
+        "scan_qr_code": "以下のコードを認証アプリでスキャンするか、手動でコードを入力してください。",
+        "select": "選択してください",
+        "set_tfa": "二要素認証方法を設定",
+        "start_webauthn_validation": "検証を開始",
+        "tfa": "二要素認証",
+        "tfa_token_invalid": "TFAトークンが無効です",
+        "totp": "時間ベースOTP（Google Authenticator、Authyなど）",
+        "u2f_deprecated": "キーが非推奨のU2F方式で登録されているようです。二要素認証を無効化し、キーを削除します。",
+        "u2f_deprecated_important": "管理パネルで新しいWebAuthn方式を使用してキーを登録してください。",
+        "webauthn": "WebAuthn認証",
+        "waiting_usb_auth": "<i>USBデバイスを待っています...</i><br><br>USBデバイスのボタンを押してください。",
+        "waiting_usb_register": "<i>USBデバイスを待っています...</i><br><br>上記にパスワードを入力し、USBデバイスのボタンを押して登録を確認してください。",
+        "yubi_otp": "Yubico OTP認証"
+    },
+    "user": {
+        "action": "アクション",
+        "active": "有効",
+        "active_sieve": "アクティブなフィルタ",
+        "advanced_settings": "詳細設定",
+        "alias": "エイリアス",
+        "alias_create_random": "ランダムなエイリアスを生成",
+        "alias_extend_all": "エイリアスを1時間延長",
+        "alias_full_date": "d.m.Y, H:i:s T",
+        "alias_remove_all": "すべてのエイリアスを削除",
+        "alias_select_validity": "有効期間",
+        "alias_time_left": "残り時間",
+        "alias_valid_until": "有効期限",
+        "aliases_also_send_as": "ユーザーとしての送信も許可",
+        "aliases_send_as_all": "以下のドメインおよびそのエイリアスドメインの送信者アクセスを確認しない",
+        "app_hint": "アプリパスワードは、IMAP、SMTP、CalDAV、CardDAV、EASのログイン用の代替パスワードです。ユーザー名は変更されません。SOGoウェブメールはアプリパスワードで利用できません。",
+        "allowed_protocols": "許可されたプロトコル",
+        "app_name": "アプリ名",
+        "app_passwds": "アプリパスワード",
+        "apple_connection_profile": "Apple接続プロファイル",
+        "apple_connection_profile_complete": "この接続プロファイルには、Appleデバイス向けのIMAPおよびSMTPパラメータ、CalDAV（カレンダー）、CardDAV（連絡先）のパスが含まれます。",
+        "apple_connection_profile_mailonly": "この接続プロファイルには、Appleデバイス向けのIMAPおよびSMTP設定パラメータが含まれます。",
+        "apple_connection_profile_with_app_password": "新しいアプリパスワードが生成され、プロファイルに追加されるため、デバイスのセットアップ時にパスワードを入力する必要はありません。このファイルを共有しないでください。メールボックスへの完全なアクセス権を与えます。",
+        "attribute": "属性",
+        "change_password": "パスワードを変更",
+        "change_password_hint_app_passwords": "アカウントには %d のアプリパスワードがあり、それらは変更されません。これらを管理するには、「アプリパスワード」タブに移動してください。",
+        "clear_recent_successful_connections": "最近の成功した接続をクリア",
+        "client_configuration": "メールクライアントとスマートフォンの設定ガイドを表示",
+        "create_app_passwd": "アプリパスワードを作成",
+        "create_syncjob": "新しい同期ジョブを作成",
+        "created_on": "作成日",
+        "daily": "毎日",
+        "day": "日",
+        "delete_ays": "削除プロセスを確認してください。",
+        "direct_aliases": "直接エイリアスアドレス",
+        "direct_aliases_desc": "直接エイリアスアドレスは、スパムフィルターおよびTLSポリシー設定の影響を受けます。",
+        "direct_protocol_access": "このメールボックスユーザーは以下のプロトコルおよびアプリケーションへの<b>直接的かつ外部からのアクセス</b>が可能です。この設定は管理者によって制御されます。アプリパスワードを作成することで、個々のプロトコルおよびアプリケーションへのアクセスを許可できます。<br>「ウェブメールにログイン」ボタンはSOGoへのシングルサインオンを提供し、常に利用可能です。",
+        "eas_reset": "ActiveSyncデバイスキャッシュをリセット",
+        "eas_reset_help": "多くの場合、デバイスキャッシュのリセットは壊れたActiveSyncプロファイルの回復に役立ちます。<br><b>注意:</b> すべての要素が再ダウンロードされます！",
+        "eas_reset_now": "今すぐリセット",
+        "edit": "編集",
+        "email": "メール",
+        "email_and_dav": "メール、カレンダー、および連絡先",
+        "empty": "結果なし",
+        "encryption": "暗号化",
+        "excludes": "除外",
+        "expire_in": "有効期限まで",
+        "fido2_webauthn": "FIDO2/WebAuthn",
+        "force_pw_update": "グループウェア関連サービスにアクセスするには、新しいパスワードを<b>必ず</b>設定する必要があります。",
+        "from": "送信元",
+        "generate": "生成",
+        "hour": "時間",
+        "hourly": "毎時",
+        "hours": "時間",
+        "in_use": "使用中",
+        "interval": "間隔",
+        "is_catch_all": "ドメイン用キャッチオール",
+        "last_mail_login": "最後のメールログイン",
+        "last_pw_change": "最後のパスワード変更",
+        "last_run": "最後の実行",
+        "last_ui_login": "最後のUIログイン",
+        "loading": "読み込み中...",
+        "login_history": "ログイン履歴",
+        "mailbox": "メールボックス",
+        "mailbox_details": "詳細",
+        "mailbox_general": "一般",
+        "mailbox_settings": "設定",
+        "messages": "メッセージ",
+        "month": "月",
+        "months": "ヶ月",
+        "never": "なし",
+        "new_password": "新しいパスワード",
+        "new_password_repeat": "確認用パスワード（再入力）",
+        "no_active_filter": "利用可能なアクティブなフィルタがありません",
+        "no_last_login": "最後のUIログイン情報がありません",
+        "no_record": "記録なし",
+        "open_logs": "ログを開く",
+        "open_webmail_sso": "ウェブメールにログイン",
+        "password": "パスワード",
+        "password_now": "現在のパスワード（変更を確認）",
+        "password_repeat": "パスワード（再入力）",
+        "password_reset_info": "パスワードリカバリ用のメールが提供されていない場合、この機能は使用できません。",
+        "pushover_evaluate_x_prio": "高優先度メールをエスカレーション [<code>X-Priority: 1</code>]",
+        "pushover_info": "プッシュ通知設定は、<b>%s</b>に配信されるすべてのクリーン（スパムでない）メールに適用されます。エイリアス（共有、非共有、タグ付き）も含まれます。",
+        "pushover_only_x_prio": "高優先度メールのみを考慮 [<code>X-Priority: 1</code>]",
+        "pushover_sender_array": "以下の送信者メールアドレスを考慮<small>（カンマ区切り）</small>",
+        "pushover_sender_regex": "以下の正規表現で送信者を一致",
+        "pushover_text": "通知テキスト",
+        "pushover_title": "通知タイトル",
+        "pushover_sound": "通知音",
+        "pushover_vars": "送信者フィルターが定義されていない場合、すべてのメールが考慮されます。<br>正規表現フィルターおよび正確な送信者チェックを個別に定義可能で、順次考慮されます。これらは互いに依存しません。<br>テキストおよびタイトルに使用可能な変数（データ保護ポリシーに注意してください）",
+        "pushover_verify": "資格情報を確認",
+        "pw_recovery_email": "パスワードリカバリメール",
+        "q_add_header": "迷惑メールフォルダ",
+        "q_all": "すべてのカテゴリ",
+        "q_reject": "拒否された",
+        "quarantine_category": "隔離通知カテゴリ",
+        "quarantine_category_info": "通知カテゴリ\"拒否\"には拒否されたメールが含まれます。一方\"迷惑メールフォルダ\"は、迷惑メールフォルダに振り分けられたメールをユーザーに通知します。",
+        "quarantine_notification": "隔離通知",
+        "quarantine_notification_info": "通知が送信されると、アイテムは\"通知済み\"としてマークされ、該当アイテムに対してさらに通知は送信されません。",
+        "recent_successful_connections": "最近の成功した接続",
+        "remove": "削除",
+        "running": "稼働中",
+        "save": "変更を保存",
+        "save_changes": "変更を保存",
+        "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">送信者チェックが無効です</span>",
+        "shared_aliases": "共有エイリアスアドレス",
+        "shared_aliases_desc": "共有エイリアスは、スパムフィルターや暗号化ポリシーなどのユーザー固有の設定の影響を受けません。対応するスパムフィルターは、ドメイン全体のポリシーとして管理者のみが設定可能です。",
+        "show_sieve_filters": "アクティブなユーザーシーブフィルタを表示",
+        "sogo_profile_reset": "SOGoプロファイルをリセット",
+        "sogo_profile_reset_help": "これにより、ユーザーのSOGoプロファイルが破壊され、<b>連絡先とカレンダーデータが完全に削除されます</b>。",
+        "sogo_profile_reset_now": "今すぐプロファイルをリセット",
+        "spam_aliases": "一時メールエイリアス",
+        "spam_score_reset": "サーバーデフォルトにリセット",
+        "spamfilter": "スパムフィルター",
+        "spamfilter_behavior": "評価",
+        "spamfilter_bl": "ブラックリスト",
+        "spamfilter_bl_desc": "ブラックリストに登録されたメールアドレスは<b>常に</b>スパムとして分類され拒否されます。拒否されたメールは<b>隔離されません</b>。ワイルドカードを使用できます。フィルターは直接エイリアス（単一ターゲットメールボックスを持つエイリアス）にのみ適用され、キャッチオールエイリアスやメールボックス自体には適用されません。",
+        "spamfilter_default_score": "デフォルト値",
+        "spamfilter_green": "緑: このメッセージはスパムではありません",
+        "spamfilter_hint": "最初の値は「低スパムスコア」を表し、2番目の値は「高スパムスコア」を表します。",
+        "spamfilter_red": "赤: このメッセージはスパムであり、サーバーによって拒否されます",
+        "spamfilter_table_action": "アクション",
+        "spamfilter_table_add": "アイテムを追加",
+        "spamfilter_table_domain_policy": "該当なし（ドメインポリシー）",
+        "spamfilter_table_empty": "表示するデータがありません",
+        "spamfilter_table_remove": "削除",
+        "spamfilter_table_rule": "ルール",
+        "spamfilter_wl": "ホワイトリスト",
+        "spamfilter_wl_desc": "ホワイトリストに登録されたメールアドレスは<b>絶対に</b>スパムとして分類されません。ワイルドカードを使用できます。フィルターは直接エイリアス（単一ターゲットメールボックスを持つエイリアス）にのみ適用され、キャッチオールエイリアスやメールボックス自体には適用されません。",
+        "spamfilter_yellow": "黄: このメッセージはスパムの可能性があり、スパムとしてタグ付けされ、迷惑メールフォルダに移動されます",
+        "status": "ステータス",
+        "sync_jobs": "同期ジョブ",
+        "syncjob_check_log": "ログを確認",
+        "syncjob_last_run_result": "最後の実行結果",
+        "syncjob_EX_OK": "成功",
+        "syncjob_EXIT_CONNECTION_FAILURE": "接続問題",
+        "syncjob_EXIT_TLS_FAILURE": "暗号化接続の問題",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "認証問題",
+        "syncjob_EXIT_OVERQUOTA": "宛先メールボックスがクォータ超過",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "リモートサーバーに接続できません",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "ユーザー名またはパスワードが間違っています",
+        "tag_handling": "タグ付きメールの処理を設定",
+        "tag_help_example": "タグ付きメールアドレスの例: me<b>+Facebook</b>@example.org",
+        "tag_help_explain": "サブフォルダー: タグ名に基づいて新しいサブフォルダーがINBOXの下に作成されます（例: \"INBOX/Facebook\"）。<br>\r\n件名: タグ名がメールの件名に追加されます（例: \"[Facebook] My News\"）。",
+        "tag_in_none": "何もしない",
+        "tag_in_subfolder": "サブフォルダーに移動",
+        "tag_in_subject": "件名に追加",
+        "text": "テキスト",
+        "title": "タイトル",
+        "tls_enforce_in": "TLS受信を強制",
+        "tls_enforce_out": "TLS送信を強制",
+        "tls_policy": "暗号化ポリシー",
+        "tls_policy_warning": "<strong>警告:</strong> 暗号化メール転送を強制する場合、メールを失う可能性があります。<br>ポリシーを満たさないメッセージは、メールシステムによってハードフェイルでバウンスされます。<br>このオプションは、プライマリメールアドレス（ログイン名）、エイリアスドメインから派生したすべてのアドレス、および<b>この単一メールボックスのみ</b>をターゲットとするエイリアスアドレスに適用されます。",
+        "user_settings": "ユーザー設定",
+        "username": "ユーザー名",
+        "value": "値",
+        "verify": "確認",
+        "waiting": "待機中",
+        "week": "週",
+        "weekly": "毎週",
+        "weeks": "週",
+        "with_app_password": "アプリパスワードを使用",
+        "year": "年",
+        "years": "年"
+    },
+    "warning": {
+        "cannot_delete_self": "ログイン中のユーザーは削除できません",
+        "domain_added_sogo_failed": "ドメインは追加されましたが、SOGoの再起動に失敗しました。サーバーログを確認してください。",
+        "dovecot_restart_failed": "Dovecotの再起動に失敗しました。ログを確認してください。",
+        "fuzzy_learn_error": "ファジーハッシュ学習エラー: %s",
+        "hash_not_found": "ハッシュが見つからないか、すでに削除されています",
+        "ip_invalid": "無効なIPをスキップしました: %s",
+        "is_not_primary_alias": "プライマリアイアスではないためスキップされました: %s",
+        "no_active_admin": "最後のアクティブな管理者を無効化することはできません",
+        "quota_exceeded_scope": "ドメインのクォータを超えています。このドメインスコープでは無制限のメールボックスのみ作成可能です。",
+        "session_token": "フォームトークンが無効です: トークンの不一致",
+        "session_ua": "フォームトークンが無効です: ユーザーエージェント検証エラー"
+    }
+}

From c9dd102741da085f057b7f4bfcd9e308e591bc7a Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 6 Dec 2024 12:55:44 +0100
Subject: [PATCH 400/755] [Dovecot] use auth_cache

---
 data/conf/dovecot/dovecot.conf | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf
index b6f7318c9..e6744ee40 100644
--- a/data/conf/dovecot/dovecot.conf
+++ b/data/conf/dovecot/dovecot.conf
@@ -53,7 +53,7 @@ mail_shared_explicit_inbox = yes
 mail_prefetch_count = 30
 passdb {
   driver = lua
-  args = file=/etc/dovecot/auth/passwd-verify.lua blocking=yes
+  args = file=/etc/dovecot/auth/passwd-verify.lua blocking=yes cache_key=%u:%w
   result_success = return-ok
   result_failure = continue
   result_internalfail = continue
@@ -125,6 +125,7 @@ service managesieve-login {
 }
 service imap-login {
   service_count = 1
+  process_min_avail = 2
   process_limit = 10000
   vsz_limit = 1G
   user = dovenull
@@ -140,6 +141,7 @@ service imap-login {
 }
 service pop3-login {
   service_count = 1
+  process_min_avail = 1
   vsz_limit = 1G
   inet_listener pop3_haproxy {
     port = 10110
@@ -274,10 +276,10 @@ service stats {
   }
 }
 imap_max_line_length = 2 M
-#auth_cache_verify_password_with_worker = yes
-#auth_cache_negative_ttl = 0
-#auth_cache_ttl = 30 s
-#auth_cache_size = 2 M
+auth_cache_verify_password_with_worker = yes
+auth_cache_negative_ttl = 60s
+auth_cache_ttl = 300s
+auth_cache_size = 10M
 service replicator {
   process_min_avail = 1
 }

From 8853e2c44ae87d285069d549e3f318ad4559d9cd Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 9 Dec 2024 09:50:16 +0100
Subject: [PATCH 401/755] [Nginx] Use SOGo IPv4 for upstream

---
 data/Dockerfiles/nginx/bootstrap.py         | 5 +++--
 data/Dockerfiles/nginx/docker-entrypoint.sh | 8 ++++----
 docker-compose.yml                          | 8 ++++----
 3 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/data/Dockerfiles/nginx/bootstrap.py b/data/Dockerfiles/nginx/bootstrap.py
index 0d24ae9b2..d47e6318a 100644
--- a/data/Dockerfiles/nginx/bootstrap.py
+++ b/data/Dockerfiles/nginx/bootstrap.py
@@ -20,8 +20,9 @@ def nginx_conf(env, template_vars):
     f.write(config)
 
 def prepare_template_vars():
+  ipv4_network = os.getenv("IPV4_NETWORK", "172.22.1")
   template_vars = {
-    'IPV4_NETWORK': os.getenv("IPV4_NETWORK", "172.22.1"),
+    'IPV4_NETWORK': ipv4_network,
     'TRUSTED_NETWORK': os.getenv("TRUSTED_NETWORK", False),
     'SKIP_RSPAMD': os.getenv("SKIP_RSPAMD", "n").lower() in ("y", "yes"),
     'SKIP_SOGO': os.getenv("SKIP_SOGO", "n").lower() in ("y", "yes"),
@@ -30,7 +31,7 @@ def prepare_template_vars():
     'ADDITIONAL_SERVER_NAMES': os.getenv("ADDITIONAL_SERVER_NAMES", "").replace(',', ' '),
     'HTTP_PORT': os.getenv("HTTP_PORT", "80"),
     'HTTPS_PORT': os.getenv("HTTPS_PORT", "443"),
-    'SOGOHOST': os.getenv("SOGOHOST", "sogo-mailcow"),
+    'SOGOHOST': os.getenv("SOGOHOST", ipv4_network + ".248"),
     'RSPAMDHOST': os.getenv("RSPAMDHOST", "rspamd-mailcow"),
     'PHPFPMHOST': os.getenv("PHPFPMHOST", "php-fpm-mailcow"),
   }
diff --git a/data/Dockerfiles/nginx/docker-entrypoint.sh b/data/Dockerfiles/nginx/docker-entrypoint.sh
index beb0b4d9e..ea2e048e9 100755
--- a/data/Dockerfiles/nginx/docker-entrypoint.sh
+++ b/data/Dockerfiles/nginx/docker-entrypoint.sh
@@ -1,9 +1,9 @@
 #!/bin/sh
 
-until ping ${REDISHOST} -c1 > /dev/null; do
-  echo "Waiting for Redis..."
-  sleep 1
-done
+PHPFPMHOST=${PHPFPMHOST:-"php-fpm-mailcow"}
+SOGOHOST=${SOGOHOST:-"$IPV4_NETWORK.248"}
+RSPAMDHOST=${RSPAMDHOST:-"rspamd-mailcow"}
+
 until ping ${PHPFPMHOST} -c1 > /dev/null; do
   echo "Waiting for PHP..."
   sleep 1
diff --git a/docker-compose.yml b/docker-compose.yml
index 226c48ac8..f815ab9b4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -382,10 +382,10 @@ services:
         - TZ=${TZ}
         - SKIP_SOGO=${SKIP_SOGO:-n}
         - SKIP_RSPAMD=${SKIP_RSPAMD:-n}
-        - PHPFPMHOST=${PHPFPMHOST:-php-fpm-mailcow}
-        - SOGOHOST=${SOGOHOST:-sogo-mailcow}
-        - RSPAMDHOST=${RSPAMDHOST:-rspamd-mailcow}
-        - REDISHOST=${REDISHOST:-redis-mailcow}
+        - PHPFPMHOST=${PHPFPMHOST:-}
+        - SOGOHOST=${SOGOHOST:-}
+        - RSPAMDHOST=${RSPAMDHOST:-}
+        - REDISHOST=${REDISHOST:-}
         - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
       volumes:
         - ./data/web:/web:ro,z

From 49e05f512061400db89cdbe6e435898e6e27bdc4 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 9 Dec 2024 11:36:05 +0100
Subject: [PATCH 402/755] [Web] fix oauth2 redirect after login

---
 data/web/inc/triggers.inc.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/data/web/inc/triggers.inc.php b/data/web/inc/triggers.inc.php
index 34e47a544..360f57277 100644
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -111,8 +111,10 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
       header("Location: /mobileconfig.php");
       die();
     }
-		header("Location: /user");
-    die();
+    if (!isset($_SESSION['oauth2_request'])) {
+      header("Location: /user");
+      die();
+    }
 	}
 	elseif ($as != "pending") {
     unset($_SESSION['pending_mailcow_cc_username']);

From fa3b789fbbe3843075a63c1f4bb9e3458f7829b6 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 9 Dec 2024 13:07:00 +0100
Subject: [PATCH 403/755] [Web] fix issue #6185

---
 data/web/templates/user.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/templates/user.twig b/data/web/templates/user.twig
index 5536abe4e..bf244f742 100644
--- a/data/web/templates/user.twig
+++ b/data/web/templates/user.twig
@@ -15,7 +15,7 @@
     {% if acl.spam_alias == 1 %}
     <li class="nav-item" role="presentation"><button class="nav-link" role="tab" aria-selected="false" aria-controls="SpamAliases" role="tab" data-bs-toggle="tab" data-bs-target="#SpamAliases">{{ lang.user.spam_aliases }}</button></li>
     {% endif %}
-    {% if acl.spam_score == 1 %}
+    {% if acl.spam_score == 1 or acl.spam_policy == 1 %}
     <li class="nav-item" role="presentation"><button class="nav-link" role="tab" aria-selected="false" aria-controls="Spamfilter" role="tab" data-bs-toggle="tab" data-bs-target="#Spamfilter">{{ lang.user.spamfilter }}</button></li>
     {% endif %}
     {% if acl.syncjobs == 1 %}
@@ -36,7 +36,7 @@
         {% include 'user/tab-user-details.twig' %}
         {% include 'user/tab-user-settings.twig' %}
         {% if acl.spam_alias == 1 %}{% include 'user/SpamAliases.twig' %}{% endif %}
-        {% if acl.spam_score == 1 %}{% include 'user/Spamfilter.twig' %}{% endif %}
+        {% if acl.spam_score == 1 or acl.spam_policy == 1 %}{% include 'user/Spamfilter.twig' %}{% endif %}
         {% if acl.syncjobs == 1 %}{% include 'user/Syncjobs.twig' %}{% endif %}
         {% if acl.app_passwds == 1 %}{% include 'user/AppPasswds.twig' %}{% endif %}
         {% if acl.pushover == 1 %}{% include 'user/Pushover.twig' %}{% endif %}

From ed2837edd800751447005d3a877d48899d6f17b7 Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Mon, 9 Dec 2024 13:49:24 +0100
Subject: [PATCH 404/755] Remove legacy Nextcloud settings (#6050)

---
 .github/renovate.json                |   6 -
 data/Dockerfiles/phpfpm/Dockerfile   |   2 +-
 data/assets/nextcloud/nextcloud.conf | 130 -------------
 data/assets/nextcloud/occ            |   2 -
 helper-scripts/nextcloud.sh          | 264 ---------------------------
 5 files changed, 1 insertion(+), 403 deletions(-)
 delete mode 100644 data/assets/nextcloud/nextcloud.conf
 delete mode 100755 data/assets/nextcloud/occ
 delete mode 100755 helper-scripts/nextcloud.sh

diff --git a/.github/renovate.json b/.github/renovate.json
index 62cbf93fd..08f87ea37 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -15,12 +15,6 @@
     "data\/web\/inc\/lib\/vendor\/**"
   ],
   "regexManagers": [
-    {
-      "fileMatch": ["^helper-scripts\/nextcloud.sh$"],
-      "matchStrings": [
-        "#\\srenovate:\\sdatasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?( extractVersion=(?<extractVersion>.*?))?\\s.*?_VERSION=(?<currentValue>.*)"
-       ]
-    },
     {
       "fileMatch": ["(^|/)Dockerfile[^/]*$"],
       "matchStrings": [
diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index e9ebe071c..038c586a8 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -77,7 +77,7 @@ RUN apk add -U --no-cache autoconf \
     --with-webp \
     --with-xpm \
     --with-avif \
-  && docker-php-ext-install -j 4 exif gd gettext intl ldap opcache pcntl pdo pdo_mysql pspell soap sockets sysvsem zip bcmath gmp \
+  && docker-php-ext-install -j 4 exif gd gettext intl ldap opcache pcntl pdo pdo_mysql pspell soap sockets zip bcmath gmp \
   && docker-php-ext-configure imap --with-imap --with-imap-ssl \
   && docker-php-ext-install -j 4 imap \
   && curl --silent --show-error https://getcomposer.org/installer | php -- --version=${COMPOSER_VERSION} \
diff --git a/data/assets/nextcloud/nextcloud.conf b/data/assets/nextcloud/nextcloud.conf
deleted file mode 100644
index 81567d39a..000000000
--- a/data/assets/nextcloud/nextcloud.conf
+++ /dev/null
@@ -1,130 +0,0 @@
-map $http_x_forwarded_proto $client_req_scheme_nc {
-     default $scheme;
-     https https;
-}
-
-server {
-  include /etc/nginx/conf.d/listen_ssl.active;
-  include /etc/nginx/conf.d/listen_plain.active;
-  include /etc/nginx/mime.types;
-  charset utf-8;
-  override_charset on;
-
-  ssl_certificate /etc/ssl/mail/cert.pem;
-  ssl_certificate_key /etc/ssl/mail/key.pem;
-  ssl_protocols TLSv1.2 TLSv1.3;
-  ssl_prefer_server_ciphers on;
-  ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
-  ssl_ecdh_curve X25519:X448:secp384r1:secp256k1;
-  ssl_session_cache shared:SSL:50m;
-  ssl_session_timeout 1d;
-  ssl_session_tickets off;
-  add_header Referrer-Policy "no-referrer" always;
-  add_header X-Content-Type-Options "nosniff" always;
-  add_header X-Download-Options "noopen" always;
-  add_header X-Frame-Options "SAMEORIGIN" always;
-  add_header X-Permitted-Cross-Domain-Policies "none" always;
-  add_header X-Robots-Tag "noindex, nofollow" always;
-  add_header X-XSS-Protection "1; mode=block" always;
-
-  fastcgi_hide_header X-Powered-By;
-
-  server_name NC_SUBD;
-
-  root /web/nextcloud/;
-
-  location = /robots.txt {
-    allow all;
-    log_not_found off;
-    access_log off;
-  }
-
-  location = /.well-known/carddav {
-    return 301 $client_req_scheme_nc://$host/remote.php/dav;
-  }
-
-  location = /.well-known/caldav {
-    return 301 $client_req_scheme_nc://$host/remote.php/dav;
-  }
-
-  location = /.well-known/webfinger {
-    return 301 $client_req_scheme_nc://$host/index.php/.well-known/webfinger;
-  }
-
-  location = /.well-known/nodeinfo {
-    return 301 $client_req_scheme_nc://$host/index.php/.well-known/nodeinfo;
-  }
-
-  location ^~ /.well-known/acme-challenge/ {
-    default_type "text/plain";
-    root /web;
-  }
-
-  fastcgi_buffers 64 4K;
-
-  gzip on;
-  gzip_vary on;
-  gzip_comp_level 4;
-  gzip_min_length 256;
-  gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
-  gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
-  set_real_ip_from fc00::/7;
-  set_real_ip_from 10.0.0.0/8;
-  set_real_ip_from 172.16.0.0/12;
-  set_real_ip_from 192.168.0.0/16;
-  real_ip_header X-Forwarded-For;
-  real_ip_recursive on;
-
-  location / {
-    rewrite ^ /index.php$uri;
-  }
-
-  location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
-    deny all;
-  }
-  location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
-    deny all;
-  }
-
-  location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+)\.php(?:$|\/) {
-    fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
-    set $path_info $fastcgi_path_info;
-    try_files $fastcgi_script_name =404;
-    include fastcgi_params;
-    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-    fastcgi_param PATH_INFO $path_info;
-    fastcgi_param HTTPS on;
-    # Avoid sending the security headers twice
-    fastcgi_param modHeadersAvailable true;
-    # Enable pretty urls
-    fastcgi_param front_controller_active true;
-    fastcgi_pass phpfpm:9002;
-    fastcgi_intercept_errors on;
-    fastcgi_request_buffering off;
-    client_max_body_size 0;
-    fastcgi_read_timeout 1200;
-  }
-
-  location ~ ^\/(?:updater|ocs-provider)(?:$|\/) {
-    try_files $uri/ =404;
-    index index.php;
-  }
-
-  location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
-    try_files $uri /index.php$request_uri;
-    add_header Cache-Control "public, max-age=15778463";
-    add_header Referrer-Policy "no-referrer" always;
-    add_header X-Content-Type-Options "nosniff" always;
-    add_header X-Download-Options "noopen" always;
-    add_header X-Frame-Options "SAMEORIGIN" always;
-    add_header X-Permitted-Cross-Domain-Policies "none" always;
-    add_header X-Robots-Tag "none" always;
-    add_header X-XSS-Protection "1; mode=block" always;
-    access_log off;
-  }
-
-  location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
-    try_files $uri /index.php$request_uri;
-    access_log off;
-  }
-}
diff --git a/data/assets/nextcloud/occ b/data/assets/nextcloud/occ
deleted file mode 100755
index 5113ac01c..000000000
--- a/data/assets/nextcloud/occ
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/bash
-docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) php /web/nextcloud/occ ${@}
diff --git a/helper-scripts/nextcloud.sh b/helper-scripts/nextcloud.sh
deleted file mode 100755
index 12dab3ef2..000000000
--- a/helper-scripts/nextcloud.sh
+++ /dev/null
@@ -1,264 +0,0 @@
-#!/usr/bin/env bash
-# renovate: datasource=github-releases depName=nextcloud/server versioning=semver extractVersion=^v(?<version>.*)$
-NEXTCLOUD_VERSION=28.0.11
-
-display_warning() {
-    local message=("$@")
-    local max_length=0
-
-    for line in "${message[@]}"; do
-        if (( ${#line} > max_length )); then
-            max_length=${#line}
-        fi
-    done
-
-    local border=$(printf '%*s' "$((max_length + 4))" '' | tr ' ' '#')
-
-    echo -e "\e[31m${border}"
-    for line in "${message[@]}"; do
-        printf "\e[31m# %-*s #\n" "$max_length" "$line"
-    done
-    echo -e "\e[31m${border}"
-    echo -e "\e[0m"
-}
-
-display_warning "WARNING: This Script is deprecated and will be removed in December 2024!" \
-                "mailcow will drop this installation/maintenance script within December 2024..." \
-                "To ensure you can still use your Nextcloud Datas, please migrate to a standalone" \
-                "Nextcloud instance either on a new Host or this host." \
-                "You can either use Nextcloud in Docker or install it manually." \
-                " "\
-                "mailcow will NOT DELETE any Nextcloud Data, even when this script was removed!!"
-
-echo -e "Waiting 5 seconds before continuing..."
-
-
-sleep 5
-
-echo -ne "Checking prerequisites..."
-sleep 1
-for bin in curl dirmngr tar bzip2; do
-  if [[ -z $(which ${bin}) ]]; then echo -ne "\r\033[31mCannot find ${bin}, exiting...\033[0m\n"; exit 1; fi
-done
-echo -ne "\r\033[32mFound all prerequisites! Continuing...\033[0m\n"
-
-[[ -z ${1} ]] && NC_HELP=y
-
-while [ "$1" != '' ]; do
-  if [[ $# -ne 1 ]]; then
-      echo -e "\033[31mPlease use only one parameter at the same time!\033[0m" >&2
-      exit 2
-  fi
-  case "${1}" in
-    -p|--purge) NC_PURGE=y && shift;;
-    -i|--install) NC_INSTALL=y && shift;;
-    -u|--update)  NC_UPDATE=y && shift;;
-    -r|--resetpw) NC_RESETPW=y && shift;;
-    -h|--help) NC_HELP=y && shift;;
-    *) echo "Unknown parameter: ${1}" && shift;;
-  esac
-done
-
-if [[ ${NC_HELP} == "y" ]]; then
-  printf 'Usage:\n\n'
-  printf '  -p|--purge\n    Purge Nextcloud\n'
-  printf '  -i|--install\n    Install Nextcloud\n'
-  printf '  -u|--update\n    Update Nextcloud\n'
-  printf '  -r|--resetpw\n    Reset password\n\n'
-  exit 0
-fi
-
-SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-cd ${SCRIPT_DIR}/../
-source mailcow.conf
-
-if [[ ${NC_PURGE} == "y" ]]; then
-  read -r -p "Are you sure you want to purge Nextcloud? [y/N] " response
-  response=${response,,}
-  if [[ ! "$response" =~ ^(yes|y)$ ]]; then
-    echo "OK, aborting."
-    exit 1
-  fi
-
-  echo -e "\033[33mDetecting Database information...\033[0m"
-  if [[ $(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "Show databases" | grep "nextcloud") ]]; then
-    echo -e "\033[32mFound seperate Nextcloud database (newer scheme)!\033[0m"
-    echo -e "\033[31mPurging...\033[0m"
-    docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "DROP DATABASE nextcloud;" > /dev/null
-    docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "DROP USER 'nextcloud'@'%';" > /dev/null
-  elif [[ $(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} mailcow -e "SHOW TABLES LIKE 'oc_%'") && $? -eq 0 ]]; then
-    echo -e "\033[32mFound Nextcloud (oc) tables inside of mailcow database (old scheme)!\033[0m"
-    echo -e "\033[31mPurging...\033[0m"
-    docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e \
-     "$(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "SELECT IFNULL(GROUP_CONCAT('DROP TABLE ', TABLE_SCHEMA, '.', TABLE_NAME SEPARATOR ';'),'SELECT NULL;') FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE 'oc_%' AND TABLE_SCHEMA = '${DBNAME}';" -BN)" > /dev/null
-  elif [[ $(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} mailcow -e "SHOW TABLES LIKE 'nc_%'") && $? -eq 0 ]]; then
-    echo -e "\033[32mFound Nextcloud (nc) tables inside of mailcow database (old scheme)!\033[0m"
-    echo -e "\033[31mPurging...\033[0m"
-    docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e \
-     "$(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "SELECT IFNULL(GROUP_CONCAT('DROP TABLE ', TABLE_SCHEMA, '.', TABLE_NAME SEPARATOR ';'),'SELECT NULL;') FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE 'nc_%' AND TABLE_SCHEMA = '${DBNAME}';" -BN)" > /dev/null
-  else
-    echo -e "\033[31mError: No Nextcloud databases/tables found!"
-    echo -e "\033[33mNot purging anything...\033[0m"
-    exit 1
-  fi
-  docker exec -it $(docker ps -f name=redis-mailcow -q) /bin/sh -c "cat <<EOF | redis-cli -a ${REDISPASS} --no-auth-warning
-SELECT 10
-FLUSHDB
-EOF
-"
-  if [ -d ./data/web/nextcloud/config ]; then
-    mv ./data/web/nextcloud/config/ ./data/conf/nextcloud-config-folder-$(date +%s).bak
-  fi
-  [[ -d ./data/web/nextcloud ]] && rm -rf ./data/web/nextcloud
-
-  [[ -f ./data/conf/nginx/site.nextcloud.custom ]] && mv ./data/conf/nginx/site.nextcloud.custom ./data/conf/nginx/site.nextcloud.custom-$(date +%s).bak
-  [[ -f ./data/conf/nginx/nextcloud.conf ]] && mv ./data/conf/nginx/nextcloud.conf ./data/conf/nginx/nextcloud.conf-$(date +%s).bak
-
-  docker restart $(docker ps -aqf name=nginx-mailcow)
-
-  echo -e "\033[32mNextcloud has been uninstalled sucessfully!\033[0m"
-
-elif [[ ${NC_UPDATE} == "y" ]]; then
-  read -r -p "Are you sure you want to update Nextcloud (with Nextclouds own updater)? [y/N] " response
-  response=${response,,}
-  if [[ ! "$response" =~ ^(yes|y)$ ]]; then
-    echo "OK, aborting."
-    exit 1
-  fi
-
-  if [ ! -f data/web/nextcloud/occ ]; then
-    echo -e "\033[31mError: Nextcloud occ not found. Is Nextcloud installed?\033[0m"
-    exit 1
-  fi
-  if grep -Pq 'This version of Nextcloud is not compatible with (?:PHP)?(?>=?)(?:PHP)?(?>.+)' <<<$(docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ --no-warnings status"); then
-    echo -e "\033[31mError: This version of Nextcloud is not compatible with the current PHP version of php-fpm-mailcow, we'll fix it\033[0m"
-    wget -q https://raw.githubusercontent.com/nextcloud/server/v26.0.0/lib/versioncheck.php -O ./data/web/nextcloud/lib/versioncheck.php
-	echo -e "\e[33mPlease restart the update again.\e[0m"
-  elif ! grep -q 'installed: true' <<<$(docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ --no-warnings status"); then
-    echo -e "\033[31mError: Nextcloud seems not to be installed.\033[0m"
-    exit 1
-  else
-    docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "php /web/nextcloud/updater/updater.phar"
-    NC_SUBD=$(docker exec -i -u www-data $(docker ps -f name=php-fpm-mailcow -q) /web/nextcloud/occ config:system:get overwritehost)
-    mv ./data/conf/nginx/nextcloud.conf ./data/conf/nginx/nextcloud.conf-$(date +%s).bak
-    cp ./data/assets/nextcloud/nextcloud.conf ./data/conf/nginx/
-    sed -i "s/NC_SUBD/${NC_SUBD}/g" ./data/conf/nginx/nextcloud.conf
-  fi
-
-elif [[ ${NC_INSTALL} == "y" ]]; then
-  NC_SUBD=
-  while [[ -z ${NC_SUBD} ]]; do
-    read -p "Subdomain to run Nextcloud from [format: nextcloud.domain.tld]: " NC_SUBD
-  done
-  if ! ping -q -c2 ${NC_SUBD} > /dev/null 2>&1 ; then
-    read -p "Cannot ping subdomain, continue anyway? [y|N] " NC_CONT_FAIL
-    [[ ! ${NC_CONT_FAIL,,} =~ ^(yes|y)$ ]] && { echo "Ok, exiting..."; exit 1; }
-  fi
-
-  echo -e "\033[33mDownloading \033[34mNextcloud ${NEXTCLOUD_VERSION}\033[33m...\033[0m"
-  curl -L# -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-$NEXTCLOUD_VERSION.tar.bz2" || { echo "Failed to download Nextcloud archive."; exit 1; } \
-    && tar -xjf nextcloud.tar.bz2 -C ./data/web/ \
-    && rm nextcloud.tar.bz2 \
-    && mkdir -p ./data/web/nextcloud/data \
-    && chmod +x ./data/web/nextcloud/occ
-
-  echo -e "\033[33mCreating 'nextcloud' database...\033[0m"
-  NC_DBPASS=$(</dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
-  NC_DBUSER=nextcloud
-  NC_DBNAME=nextcloud
-
-  echo -ne "[1/3] Creating 'nextcloud' database"
-  docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "CREATE DATABASE ${NC_DBNAME};"
-  sleep 2
-  echo -ne "\r[2/3] Creating 'nextcloud' database user"
-  docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "CREATE USER '${NC_DBUSER}'@'%' IDENTIFIED BY '${NC_DBPASS}';"
-  sleep 2
-  echo -ne "\r[3/3] Granting 'nextcloud' user all permissions on database 'nextcloud'"
-  docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "GRANT ALL PRIVILEGES ON ${NC_DBNAME}.* TO '${NC_DBUSER}'@'%';"
-  sleep 2
-
-  echo ""
-  echo -e "\033[33mInstalling Nextcloud...\033[0m"
-  ADMIN_NC_PASS=$(</dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
-
-  echo -ne "[1/4] Setting correct permissions for www-data"
-  docker exec -it $(docker ps -f name=php-fpm-mailcow -q) /bin/bash -c "chown -R www-data:www-data /web/nextcloud"
-  sleep 2
-  echo -ne "\r[2/4] Running occ maintenance:install to install Nextcloud"
-  docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) /web/nextcloud/occ --no-warnings maintenance:install \
-    --database mysql \
-    --database-host mysql \
-    --database-name ${NC_DBNAME} \
-    --database-user ${NC_DBUSER} \
-    --database-pass ${NC_DBPASS} \
-    --admin-user admin \
-    --admin-pass ${ADMIN_NC_PASS} \
-    --data-dir /web/nextcloud/data > /dev/null 2>&1
-
-  echo -ne "\r[3/4] Setting custom parameters inside the Nextcloud config file"
-  echo ""
-  docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ --no-warnings config:system:set redis host --value=redis --type=string; \
-    /web/nextcloud/occ --no-warnings config:system:set redis port --value=6379 --type=integer; \
-    /web/nextcloud/occ --no-warnings config:system:set redis timeout --value=0.0 --type=integer; \
-    /web/nextcloud/occ --no-warnings config:system:set redis dbindex --value=10 --type=integer; \
-    /web/nextcloud/occ --no-warnings config:system:set memcache.locking --value='\OC\Memcache\Redis' --type=string; \
-    /web/nextcloud/occ --no-warnings config:system:set memcache.local --value='\OC\Memcache\Redis' --type=string; \
-    /web/nextcloud/occ --no-warnings config:system:set trusted_domains 1 --value=${NC_SUBD}; \
-    /web/nextcloud/occ --no-warnings config:system:set trusted_proxies 0 --value=${IPV6_NETWORK}; \
-    /web/nextcloud/occ --no-warnings config:system:set trusted_proxies 1 --value=${IPV4_NETWORK}.0/24; \
-    /web/nextcloud/occ --no-warnings config:system:set overwritehost --value=${NC_SUBD}; \
-    /web/nextcloud/occ --no-warnings config:system:set overwriteprotocol --value=https; \
-    /web/nextcloud/occ --no-warnings config:system:set overwritewebroot --value=/; \
-    /web/nextcloud/occ --no-warnings config:system:set mail_smtpmode --value=smtp; \
-    /web/nextcloud/occ --no-warnings config:system:set mail_smtpauthtype --value=LOGIN; \
-    /web/nextcloud/occ --no-warnings config:system:set mail_from_address --value=nextcloud; \
-    /web/nextcloud/occ --no-warnings config:system:set mail_domain --value=${MAILCOW_HOSTNAME}; \
-    /web/nextcloud/occ --no-warnings config:system:set mail_smtphost --value=postfix; \
-    /web/nextcloud/occ --no-warnings config:system:set mail_smtpport --value=588; \
-    /web/nextcloud/occ --no-warnings config:system:set mail_smtpstreamoptions ssl verify_peer --value=false --type=boolean
-    /web/nextcloud/occ --no-warnings config:system:set mail_smtpstreamoptions ssl verify_peer_name --value=false --type=boolean
-    /web/nextcloud/occ --no-warnings db:convert-filecache-bigint -n"
-
-    # Not installing by default, broke too often
-    #/web/nextcloud/occ --no-warnings app:install user_external; \
-    #/web/nextcloud/occ --no-warnings config:system:set user_backends 0 arguments 0 --value={dovecot:143/imap/tls/novalidate-cert}; \
-    #/web/nextcloud/occ --no-warnings config:system:set user_backends 0 class --value=OC_User_IMAP; \
-
-    echo -e "\r[4/4] Enabling Nginx Configuration"
-    cp ./data/assets/nextcloud/nextcloud.conf ./data/conf/nginx/
-    sed -i "s/NC_SUBD/${NC_SUBD}/g" ./data/conf/nginx/nextcloud.conf
-    sleep 2
-
-  echo ""
-  echo -e "\033[33mFinalizing installation...\033[0m"
-  docker restart $(docker ps -aqf name=nginx-mailcow)
-
-  echo ""
-  echo "******************************************"
-  echo "*        SAVE THESE CREDENTIALS          *"
-  echo "*    INSTALL DATE: $(date +%Y-%m-%d_%H-%M-%S)   *"
-  echo "******************************************"
-  echo ""
-  echo -e "\033[36mDatabase name:      ${NC_DBNAME}\033[0m"
-  echo -e "\033[36mDatabase user:      ${NC_DBUSER}\033[0m"
-  echo -e "\033[36mDatabase password:  ${NC_DBPASS}\033[0m"
-  echo ""
-  echo -e "\033[31mUI admin password:  ${ADMIN_NC_PASS}\033[0m"
-  echo ""
-
-
-elif [[ ${NC_RESETPW} == "y" ]]; then
-    printf 'You are about to set a new password for a Nextcloud user.\n\nDo not use this option if your Nextcloud is configured to use mailcow for authentication.\nSet a new password for the corresponding mailbox in mailcow, instead.\n\n'
-    read -r -p "Continue? [y/N] " response
-    response=${response,,}
-    if [[ ! "$response" =~ ^(yes|y)$ ]]; then
-      echo "OK, aborting."
-      exit 1
-    fi
-
-    NC_USER=
-    while [[ -z ${NC_USER} ]]; do
-      read -p "Enter the username: " NC_USER
-    done
-    docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) /web/nextcloud/occ user:resetpassword ${NC_USER}
-fi

From 69b03791a2987ee8a18c16aaf5d5bfb79c09a49f Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 9 Dec 2024 13:54:44 +0100
Subject: [PATCH 405/755] Add missing Redis authentication

---
 data/conf/dovecot/auth/mailcowauth.php   | 1 +
 data/conf/phpfpm/crons/keycloak-sync.php | 1 +
 data/conf/phpfpm/crons/ldap-sync.php     | 1 +
 3 files changed, 3 insertions(+)

diff --git a/data/conf/dovecot/auth/mailcowauth.php b/data/conf/dovecot/auth/mailcowauth.php
index 4f10ed535..fc17df724 100644
--- a/data/conf/dovecot/auth/mailcowauth.php
+++ b/data/conf/dovecot/auth/mailcowauth.php
@@ -32,6 +32,7 @@ try {
   else {
     $redis->connect('redis-mailcow', 6379);
   }
+  $redis->auth(getenv("REDISPASS"));
 }
 catch (Exception $e) {
   error_log("MAILCOWAUTH: " . $e . PHP_EOL);
diff --git a/data/conf/phpfpm/crons/keycloak-sync.php b/data/conf/phpfpm/crons/keycloak-sync.php
index a7e46c4fd..f6d92266f 100644
--- a/data/conf/phpfpm/crons/keycloak-sync.php
+++ b/data/conf/phpfpm/crons/keycloak-sync.php
@@ -32,6 +32,7 @@ try {
   else {
     $redis->connect('redis-mailcow', 6379);
   }
+  $redis->auth(getenv("REDISPASS"));
 }
 catch (Exception $e) {
   echo "Exiting: " . $e->getMessage();
diff --git a/data/conf/phpfpm/crons/ldap-sync.php b/data/conf/phpfpm/crons/ldap-sync.php
index da5533b39..87f2dddb9 100644
--- a/data/conf/phpfpm/crons/ldap-sync.php
+++ b/data/conf/phpfpm/crons/ldap-sync.php
@@ -32,6 +32,7 @@ try {
   else {
     $redis->connect('redis-mailcow', 6379);
   }
+  $redis->auth(getenv("REDISPASS"));
 }
 catch (Exception $e) {
   echo "Exiting: " . $e->getMessage();

From 60ca25026dd194ae8f2681df761070fa9b1ce414 Mon Sep 17 00:00:00 2001
From: Filip Marek <filip.marek.external@worldline.com>
Date: Fri, 9 Aug 2024 17:23:48 +0200
Subject: [PATCH 406/755] add temporary email description

---
 data/web/inc/functions.mailbox.inc.php   |  7 ++++--
 data/web/inc/init_db.inc.php             |  1 +
 data/web/js/site/user.js                 |  5 ++++
 data/web/lang/lang.ca-es.json            |  3 ++-
 data/web/lang/lang.cs-cz.json            |  3 ++-
 data/web/lang/lang.da-dk.json            |  3 ++-
 data/web/lang/lang.de-de.json            |  3 ++-
 data/web/lang/lang.en-gb.json            |  3 ++-
 data/web/lang/lang.es-es.json            |  3 ++-
 data/web/lang/lang.fi-fi.json            |  3 ++-
 data/web/lang/lang.fr-fr.json            |  3 ++-
 data/web/lang/lang.hu-hu.json            |  3 ++-
 data/web/lang/lang.it-it.json            |  3 ++-
 data/web/lang/lang.ko-kr.json            |  3 ++-
 data/web/lang/lang.lv-lv.json            |  3 ++-
 data/web/lang/lang.nl-nl.json            |  3 ++-
 data/web/lang/lang.pl-pl.json            |  3 ++-
 data/web/lang/lang.pt-br.json            |  3 ++-
 data/web/lang/lang.pt-pt.json            |  3 ++-
 data/web/lang/lang.ro-ro.json            |  3 ++-
 data/web/lang/lang.ru-ru.json            |  3 ++-
 data/web/lang/lang.sk-sk.json            |  3 ++-
 data/web/lang/lang.sv-se.json            |  3 ++-
 data/web/lang/lang.tr-tr.json            |  3 ++-
 data/web/lang/lang.uk-ua.json            |  3 ++-
 data/web/lang/lang.zh-cn.json            |  3 ++-
 data/web/lang/lang.zh-tw.json            |  3 ++-
 data/web/templates/modals/user.twig      | 29 ++++++++----------------
 data/web/templates/user/SpamAliases.twig |  2 +-
 29 files changed, 70 insertions(+), 46 deletions(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 73c115411..069b40c29 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -48,6 +48,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             $_data["validity"] = 8760;
           }
           $domain = $_data['domain'];
+          $description = $_data['description'];
           $valid_domains[] = mailbox('get', 'mailbox_details', $username)['domain'];
           $valid_alias_domains = user_get_alias_details($username)['alias_domains'];
           if (!empty($valid_alias_domains)) {
@@ -62,10 +63,11 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             return false;
           }
           $validity = strtotime("+" . $_data["validity"] . " hour");
-          $stmt = $pdo->prepare("INSERT INTO `spamalias` (`address`, `goto`, `validity`) VALUES
-            (:address, :goto, :validity)");
+          $stmt = $pdo->prepare("INSERT INTO `spamalias` (`address`, `description`, `goto`, `validity`) VALUES
+            (:address, :description, :goto, :validity)");
           $stmt->execute(array(
             ':address' => readable_random_string(rand(rand(3, 9), rand(3, 9))) . '.' . readable_random_string(rand(rand(3, 9), rand(3, 9))) . '@' . $domain,
+            ':description' => $description,
             ':goto' => $username,
             ':validity' => $validity
           ));
@@ -4201,6 +4203,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           }
           $stmt = $pdo->prepare("SELECT `address`,
             `goto`,
+            `description`,
             `validity`,
             `created`,
             `modified`
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 3cfeb37df..67a6dff8b 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -527,6 +527,7 @@ function init_db_schema() {
         "cols" => array(
           "address" => "VARCHAR(255) NOT NULL",
           "goto" => "TEXT NOT NULL",
+          "description" => "TEXT NOT NULL",
           "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
           "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
           "validity" => "INT(11)"
diff --git a/data/web/js/site/user.js b/data/web/js/site/user.js
index 59d65d8ce..c1a680805 100644
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@@ -202,6 +202,11 @@ jQuery(function($){
           data: 'address',
           defaultContent: ''
         },
+        {
+          title: lang.description,
+          data: 'description',
+          defaultContent: ''
+        },
         {
           title: lang.alias_valid_until,
           data: 'validity',
diff --git a/data/web/lang/lang.ca-es.json b/data/web/lang/lang.ca-es.json
index 877b46cdb..43079339d 100644
--- a/data/web/lang/lang.ca-es.json
+++ b/data/web/lang/lang.ca-es.json
@@ -493,6 +493,7 @@
         "client_configuration": "Guies de configuració per als clients de correu més habituals",
         "create_syncjob": "Afegir treball de sincronitzaió",
         "day": "Dia",
+        "description": "Descripció",
         "direct_aliases": "Adreces àlies directes",
         "direct_aliases_desc": "Els àlies directes sí que es veuen afectat per la configuració de l'usuari",
         "eas_reset": "Fer un reset de la cache d'ActiveSync del dispositiu",
@@ -558,4 +559,4 @@
         "week": "Setmana",
         "weeks": "Setmanes"
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.cs-cz.json b/data/web/lang/lang.cs-cz.json
index e72fb216a..6efdd31e4 100644
--- a/data/web/lang/lang.cs-cz.json
+++ b/data/web/lang/lang.cs-cz.json
@@ -1164,6 +1164,7 @@
         "created_on": "Vytvoreno",
         "daily": "Každý den",
         "day": "den",
+        "description": "Popis",
         "delete_ays": "Potvrďte odstranění.",
         "direct_aliases": "Přímé aliasy",
         "direct_aliases_desc": "Na přímé aliasy se uplatňuje filtr spamu a nastavení pravidel TLS",
@@ -1309,4 +1310,4 @@
         "session_token": "Token formuláře není platný: Token mismatch",
         "session_ua": "Token formuláře není platný: User-Agent validation error"
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.da-dk.json b/data/web/lang/lang.da-dk.json
index 95db916ef..f0f3bb922 100644
--- a/data/web/lang/lang.da-dk.json
+++ b/data/web/lang/lang.da-dk.json
@@ -971,6 +971,7 @@
         "create_syncjob": "Opret nyt sync job",
         "daily": "Dagligt",
         "day": "dag",
+        "description": "Beskrivelse",
         "delete_ays": "Bekræft venligst ønsket om sletning.",
         "direct_aliases": "Direkte alias addresser",
         "direct_aliases_desc": "Direkte alias-adresser påvirkes af spamfilter og TLS-politiske indstillinger.",
@@ -1091,4 +1092,4 @@
             "first": "Først"
         }
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 807393d77..d8eb5de79 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -1185,6 +1185,7 @@
         "created_on": "Erstellt am",
         "daily": "Täglich",
         "day": "Tag",
+        "description": "Beschreibung",
         "delete_ays": "Soll der Löschvorgang wirklich ausgeführt werden?",
         "direct_aliases": "Direkte Alias-Adressen",
         "direct_aliases_desc": "Nur direkte Alias-Adressen werden für benutzerdefinierte Einstellungen berücksichtigt.",
@@ -1338,4 +1339,4 @@
         "hour": "Nachrichten / Stunde",
         "day": "Nachrichten / Tag"
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 6e898099b..28d9ca148 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -1192,6 +1192,7 @@
         "created_on": "Created on",
         "daily": "Daily",
         "day": "day",
+        "description": "Description",
         "delete_ays": "Please confirm the deletion process.",
         "direct_aliases": "Direct alias addresses",
         "direct_aliases_desc": "Direct alias addresses are affected by spam filter and TLS policy settings.",
@@ -1338,4 +1339,4 @@
         "session_token": "Form token invalid: Token mismatch",
         "session_ua": "Form token invalid: User-Agent validation error"
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.es-es.json b/data/web/lang/lang.es-es.json
index 8a8c05274..6cc02f5b6 100644
--- a/data/web/lang/lang.es-es.json
+++ b/data/web/lang/lang.es-es.json
@@ -709,6 +709,7 @@
         "create_syncjob": "Crear nuevo trabajo de sincronización",
         "daily": "Cada día",
         "day": "Día",
+        "description": "Descripción",
         "direct_aliases": "Alias directos",
         "direct_aliases_desc": "Los alias directos se ven afectadas por el filtro de correo no deseado y la configuración de la política TLS del usuario.",
         "eas_reset": "Resetear el caché ActiveSync",
@@ -778,4 +779,4 @@
         "fuzzy_learn_error": "Error aprendiendo hash: %s",
         "ip_invalid": "IP inválida omitida: %s"
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.fi-fi.json b/data/web/lang/lang.fi-fi.json
index 9b3cc8488..dfa8e8167 100644
--- a/data/web/lang/lang.fi-fi.json
+++ b/data/web/lang/lang.fi-fi.json
@@ -810,6 +810,7 @@
         "create_syncjob": "Luo uusi synkronointi työ",
         "daily": "Päivittäin",
         "day": "Päivä",
+        "description": "Kuvaus",
         "direct_aliases": "Suorat alias osoitteet",
         "direct_aliases_desc": "Roska posti suodatus-ja TLS-käytäntö asetukset vaikuttavat suora aliaksen osoitteisiin.",
         "eas_reset": "Tyhjennä ActiveSync-laitteen väli muisti",
@@ -908,4 +909,4 @@
             "last": "Edellinen"
         }
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index 386a4dfc6..56c888147 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -1101,6 +1101,7 @@
         "create_syncjob": "Créer une tâche de synchronisation",
         "daily": "Quotidien",
         "day": "jour",
+        "description": "Description",
         "delete_ays": "Veuillez confirmer le processus de suppression.",
         "direct_aliases": "Adresses alias directes",
         "direct_aliases_desc": "Les adresses d’alias directes sont affectées par le filtre anti-spam et les paramètres de politique TLS.",
@@ -1267,4 +1268,4 @@
     "ratelimit": {
         "disabled": "Désactivé"
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.hu-hu.json b/data/web/lang/lang.hu-hu.json
index e9762ff51..5737794fd 100644
--- a/data/web/lang/lang.hu-hu.json
+++ b/data/web/lang/lang.hu-hu.json
@@ -406,6 +406,7 @@
         "create_syncjob": "Új szinkronizációs művelet létrehozása",
         "daily": "Napi",
         "day": "nap",
+        "description": "Leírás",
         "delete_ays": "Erősítse meg a törlést.",
         "direct_aliases": "Közvetlen alias címek",
         "eas_reset": "ActiveSync eszköz gyorsítótár ürítése",
@@ -591,4 +592,4 @@
         "app_name": "Alkalmazás neve",
         "app_passwd_protocols": "Engedélyezett protokollok az alkalmazás jelszavához"
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.it-it.json b/data/web/lang/lang.it-it.json
index f73f938bf..d0d28fce8 100644
--- a/data/web/lang/lang.it-it.json
+++ b/data/web/lang/lang.it-it.json
@@ -1126,6 +1126,7 @@
         "created_on": "Creato il",
         "daily": "Giornaliero",
         "day": "giorno",
+        "description": "Descrizione",
         "delete_ays": "Please confirm the deletion process.",
         "direct_aliases": "Direct alias addresses",
         "direct_aliases_desc": "Direct alias addresses are affected by spam filter and TLS policy settings.",
@@ -1308,4 +1309,4 @@
         },
         "decimal": "."
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.ko-kr.json b/data/web/lang/lang.ko-kr.json
index 3f3cb1535..14c7966d0 100644
--- a/data/web/lang/lang.ko-kr.json
+++ b/data/web/lang/lang.ko-kr.json
@@ -911,6 +911,7 @@
         "create_syncjob": "새 동기화 작업 생성",
         "daily": "매일",
         "day": "일",
+        "description": "Description",
         "delete_ays": "진짜 삭제하겠습니까?",
         "direct_aliases": "Direct alias addresses",
         "direct_aliases_desc": "Direct alias addresses are affected by spam filter and TLS policy settings.",
@@ -1020,4 +1021,4 @@
         "session_token": "Form token invalid: Token mismatch",
         "session_ua": "Form token invalid: User-Agent validation error"
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.lv-lv.json b/data/web/lang/lang.lv-lv.json
index 98cb04ae8..856566ae4 100644
--- a/data/web/lang/lang.lv-lv.json
+++ b/data/web/lang/lang.lv-lv.json
@@ -551,6 +551,7 @@
         "client_configuration": "Parādīt konfigurācijas norādes e-pasta klientiem un tālruņiem",
         "create_syncjob": "Izveidot jaunu sinhronizācijas darbu",
         "day": "Dienas",
+        "description": "Apraksts",
         "direct_aliases": "Tiešas aizstājadreses",
         "direct_aliases_desc": "Tiešās aizstājadreses ir surogātpasta atlasīšanas un TLS nosacījumu iestatījumu ietekmētas.",
         "eas_reset": "Atiestatīt ActiveSync ierīces kešatmiņu",
@@ -659,4 +660,4 @@
     "fido2": {
         "fido2_auth": "Pieteikties ar FIDO2"
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.nl-nl.json b/data/web/lang/lang.nl-nl.json
index fdfc91c70..49113cd31 100644
--- a/data/web/lang/lang.nl-nl.json
+++ b/data/web/lang/lang.nl-nl.json
@@ -1028,6 +1028,7 @@
         "create_syncjob": "Voeg sync job toe",
         "daily": "Dagelijks",
         "day": "dag",
+        "description": "Beschrijving",
         "delete_ays": "Bevestig de verwijdering.",
         "direct_aliases": "Directe aliasadressen",
         "direct_aliases_desc": "Directe aliasadressen worden beïnvloed door spamfilters en het versleutelingsbeleid.",
@@ -1167,4 +1168,4 @@
         "search": "Zoeken:",
         "zeroRecords": "Geen overeenkomsten gevonden"
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.pl-pl.json b/data/web/lang/lang.pl-pl.json
index aa185d32e..cba7372a0 100644
--- a/data/web/lang/lang.pl-pl.json
+++ b/data/web/lang/lang.pl-pl.json
@@ -363,6 +363,7 @@
         "create_syncjob": "Utwórz nowe polecenie synchronizacji",
         "daily": "Co dzień",
         "day": "Dzień",
+        "description": "Opis",
         "direct_aliases": "Aliasy bezpośrednie",
         "direct_aliases_desc": "Na aliasy bezpośrednie wpływają filtry spamu i ustawienia TLS.",
         "eas_reset": "Zresetuj pamięć podręczną urządzenia ActiveSync",
@@ -431,4 +432,4 @@
         "weekly": "Co tydzień",
         "weeks": "Tygodnie"
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.pt-br.json b/data/web/lang/lang.pt-br.json
index 2fbd43535..7afea2587 100644
--- a/data/web/lang/lang.pt-br.json
+++ b/data/web/lang/lang.pt-br.json
@@ -1186,6 +1186,7 @@
         "created_on": "Criado em",
         "daily": "Diariamente",
         "day": "dia",
+        "description": "Descrição",
         "delete_ays": "Confirme o processo de exclusão.",
         "direct_aliases": "Endereços de alias diretos",
         "direct_aliases_desc": "Os endereços de alias diretos são afetados pelo filtro de spam e pelas configurações da política TLS.",
@@ -1332,4 +1333,4 @@
         "session_token": "Token de formulário inválido: incompatibilidade de token",
         "session_ua": "Token de formulário inválido: erro de validação do agente de usuário"
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.pt-pt.json b/data/web/lang/lang.pt-pt.json
index 624acd6db..2279c2cec 100644
--- a/data/web/lang/lang.pt-pt.json
+++ b/data/web/lang/lang.pt-pt.json
@@ -236,6 +236,7 @@
         "aliases_send_as_all": "Não verificar remetente para os domínios",
         "change_password": "Alterar senha",
         "day": "Dia",
+        "description": "Descrição",
         "edit": "Editar",
         "hour": "Hora",
         "hours": "Horas",
@@ -272,4 +273,4 @@
         "week": "Semana",
         "weeks": "Semanas"
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.ro-ro.json b/data/web/lang/lang.ro-ro.json
index 90c96c218..04fb31fed 100644
--- a/data/web/lang/lang.ro-ro.json
+++ b/data/web/lang/lang.ro-ro.json
@@ -1064,6 +1064,7 @@
         "created_on": "Creat în",
         "daily": "Zilnic",
         "day": "zi",
+        "description": "Descriere",
         "delete_ays": "Vă rugăm să confirmați stergerea.",
         "direct_aliases": "Adrese alias directe",
         "direct_aliases_desc": "Adresele alias directe sunt afectate de setările filtrului de spam și ale politicii TLS.",
@@ -1210,4 +1211,4 @@
         "expand_all": "Expandează tot",
         "decimal": ","
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index 5d1ef9af2..b021fd695 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -1192,6 +1192,7 @@
         "created_on": "Дата создания",
         "daily": "Раз в день",
         "day": "день",
+        "description": "Описание",
         "delete_ays": "Пожалуйста, подтвердите удаление",
         "direct_aliases": "Личные псевдонимы",
         "direct_aliases_desc": "На личные псевдонимы распространяются фильтры нежелательной почты и параметры политики TLS.",
@@ -1338,4 +1339,4 @@
         "session_token": "Неверный токен формы: несоответствие токена",
         "session_ua": "Неверный токен формы: ошибка проверки User-Agent"
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.sk-sk.json b/data/web/lang/lang.sk-sk.json
index 466afdb85..0abe95d4f 100644
--- a/data/web/lang/lang.sk-sk.json
+++ b/data/web/lang/lang.sk-sk.json
@@ -1116,6 +1116,7 @@
         "created_on": "Vytvorené",
         "daily": "Denne",
         "day": "deň",
+        "description": "Popis",
         "delete_ays": "Potvrďte zmazanie.",
         "direct_aliases": "Priame alias adresy",
         "direct_aliases_desc": "Priame aliasy sú ovplyvnené spam filtrom a nastavením TLS pravidiel.",
@@ -1258,4 +1259,4 @@
         "session_token": "Formulárový token neplatný: Tokenová nezhoda",
         "session_ua": "Formulárový token neplatný: User-Agent validation error"
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.sv-se.json b/data/web/lang/lang.sv-se.json
index bbf0d9586..31cc14874 100644
--- a/data/web/lang/lang.sv-se.json
+++ b/data/web/lang/lang.sv-se.json
@@ -993,6 +993,7 @@
         "created_on": "Skapad vid",
         "daily": "Dagligen",
         "day": "dag",
+        "description": "Beskrivning",
         "delete_ays": "Är du säker att du vill ta bort det här objektet?",
         "direct_aliases": "Direkta aliasadresser",
         "direct_aliases_desc": "Endast direkta aliasadresser påverkas av spamfilter och TLS-policyföreskrifter.",
@@ -1112,4 +1113,4 @@
         "session_token": "Formulär-nyckeln är ogiltig: Nyckeln matchar inte",
         "session_ua": "Formulär-nyckeln är ogiltig: User-Agenten kunde inte valideras"
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.tr-tr.json b/data/web/lang/lang.tr-tr.json
index 7049046c2..4d18a73ba 100644
--- a/data/web/lang/lang.tr-tr.json
+++ b/data/web/lang/lang.tr-tr.json
@@ -1207,6 +1207,7 @@
         "created_on": "Oluşturulma tarihi",
         "daily": "Günlük",
         "day": "Gün",
+        "description": "Açıklama",
         "delete_ays": "Lütfen silme işlemini onaylayın.",
         "direct_aliases": "Doğrudan takma ad adresleri",
         "eas_reset_help": "Birçok durumda cihaz önbelleğini sıfırlama, bozuk bir ActiveSync profilini kurtarmaya yardımcı olur.<br><b>Dikkat:</b> Tüm öğeler yeniden indirilecek!",
@@ -1313,4 +1314,4 @@
         "q_reject": "Reddedildi",
         "week": "Hafta"
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.uk-ua.json b/data/web/lang/lang.uk-ua.json
index f2884cd47..d003b9fda 100644
--- a/data/web/lang/lang.uk-ua.json
+++ b/data/web/lang/lang.uk-ua.json
@@ -1135,6 +1135,7 @@
         "created_on": "Дата створення",
         "daily": "Раз на день",
         "day": "день",
+        "description": "Опис",
         "delete_ays": "Будь ласка, підтвердіть видалення.",
         "eas_reset": "Скинути кеш ActiveSync пристроїв",
         "eas_reset_help": "У багатьох випадках скидання кешу пристроїв допомагає відновити пошкоджений профіль ActiveSync.<br><b>Увага:</b> всі листи, календарі та контакти будуть завантажені заново на всі ваші пристрої!",
@@ -1311,4 +1312,4 @@
         },
         "collapse_all": "Згорнути все"
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index ca6c9aaf2..5cdaef09e 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -1164,6 +1164,7 @@
         "created_on": "添加于",
         "daily": "每日",
         "day": "日",
+        "description": "描述",
         "delete_ays": "请确认删除。",
         "direct_aliases": "直接别名",
         "direct_aliases_desc": "垃圾邮件过滤和 TLS 策略会作用于直接别名。",
@@ -1336,4 +1337,4 @@
         "loadingRecords": "加载中...",
         "zeroRecords": "未找到符合条件的记录"
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.zh-tw.json b/data/web/lang/lang.zh-tw.json
index 2017d1ddd..e3cc3aed9 100644
--- a/data/web/lang/lang.zh-tw.json
+++ b/data/web/lang/lang.zh-tw.json
@@ -1140,6 +1140,7 @@
         "created_on": "建立於",
         "daily": "每日",
         "day": "日",
+        "description": "描述",
         "delete_ays": "請確認刪除。",
         "direct_aliases": "直接別名",
         "direct_aliases_desc": "直接別名會受到垃圾郵件過濾器和 TLS 規則限制。",
@@ -1328,4 +1329,4 @@
         "hold_mail": "保留",
         "unhold_mail": "取消保留"
     }
-}
+}
\ No newline at end of file
diff --git a/data/web/templates/modals/user.twig b/data/web/templates/modals/user.twig
index c9cd4b97e..b8e3bf3ab 100644
--- a/data/web/templates/modals/user.twig
+++ b/data/web/templates/modals/user.twig
@@ -340,31 +340,22 @@
 <div class="modal fade" id="tempAliasModal" tabindex="-1" role="dialog" aria-labelledby="tempAliasModalLabel">
   <div class="modal-dialog modal-lg" role="document">
     <div class="modal-content">
+      <div class="modal-header">
+        <h3 class="modal-title">{{ lang.user.alias_create_random }}</h3>
+        <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
+      </div>
       <div class="modal-body">
-        <form class="form-horizontal" data-cached-form="false" data-id="pwchange" role="form" method="post" autocomplete="off">
-          <div class="row">
-            <label class="control-label col-sm-3" for="user_new_pass">{{ lang.user.new_password }} (<a href="#" class="generate_password">{{ lang.user.generate }}</a>)</label>
+        <form class="form-horizontal" data-cached-form="false" data-id="tempaliascreate" role="form" method="post" autocomplete="off">
+          <div class="row mb-4">
+            <label class="control-label col-sm-3" for="description">{{ lang.user.description }}</label>
             <div class="col-sm-5">
-              <input type="password" data-pwgen-field="true" data-hibp="true" class="form-control" name="user_new_pass" autocomplete="new-password" required>
-            </div>
-          </div>
-          <div class="row">
-            <label class="control-label col-sm-3" for="user_new_pass2">{{ lang.user.new_password_repeat }}</label>
-            <div class="col-sm-5">
-              <input type="password" data-pwgen-field="true" class="form-control" name="user_new_pass2" autocomplete="new-password" required>
-              <p class="text-muted">{{ lang.user.new_password_description }}</p>
-            </div>
-          </div>
-          <hr>
-          <div class="row">
-            <label class="control-label col-sm-3" for="user_old_pass">{{ lang.user.password_now }}</label>
-            <div class="col-sm-5">
-              <input type="password" class="form-control" name="user_old_pass" autocomplete="off" required>
+              <input type="hidden" id="temp_alias_domain" name="domain">
+              <input type="description" id="temp_alias_description" class="form-control" name="description" autocomplete="off">
             </div>
           </div>
           <div class="row">
             <div class="offset-sm-3 col-sm-9">
-              <button class="btn btn-xs-lg d-block d-sm-inline btn-success" data-action="edit_selected" data-id="pwchange" data-item="null" data-api-url='edit/self' data-api-attr='{}' href="#">{{ lang.user.change_password }}</button>
+              <button class="btn btn-xs-lg d-block d-sm-inline btn-success" data-action="add_item" data-id="tempaliascreate" data-item="null" data-api-url='add/time_limited_alias' data-api-attr='' href="#">{{ lang.admin.add }}</button>
             </div>
           </div>
         </form>
diff --git a/data/web/templates/user/SpamAliases.twig b/data/web/templates/user/SpamAliases.twig
index 40b3ec77d..83b056c34 100644
--- a/data/web/templates/user/SpamAliases.twig
+++ b/data/web/templates/user/SpamAliases.twig
@@ -33,7 +33,7 @@
             <ul class="dropdown-menu">
               {% for domain in user_domains %}
                 <li>
-                  <a class="dropdown-item" data-action="add_item" data-api-url='add/time_limited_alias' data-api-attr='{"domain":"{{ domain }}"}' href="#">
+                  <a class="dropdown-item" data-bs-toggle="modal" data-bs-target="#tempAliasModal" onclick='$("#tempAliasModal #temp_alias_domain").val("{{ domain }}")' href="#">
                     @ {{ domain }}
                   </a>
                 </li>

From 0d635e26587a07556e82453720e5199df77f0161 Mon Sep 17 00:00:00 2001
From: Filip Marek <filip.marek.external@worldline.com>
Date: Mon, 12 Aug 2024 18:46:57 +0200
Subject: [PATCH 407/755] increase migrations verion

---
 data/web/inc/init_db.inc.php | 60 ++++++++++++++++--------------------
 1 file changed, 26 insertions(+), 34 deletions(-)

diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 67a6dff8b..d8e7147b2 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -1,5 +1,6 @@
 <?php
-function init_db_schema() {
+function init_db_schema()
+{
   try {
     global $pdo;
 
@@ -488,7 +489,7 @@ function init_db_schema() {
           "quarantine_category" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "app_passwds" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "pw_reset" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          ),
+        ),
         "keys" => array(
           "primary" => array(
             "" => array("username")
@@ -679,7 +680,7 @@ function init_db_schema() {
           "mailbox_relayhost" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "domain_relayhost" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "domain_desc" => "TINYINT(1) NOT NULL DEFAULT '0'"
-          ),
+        ),
         "keys" => array(
           "primary" => array(
             "" => array("username")
@@ -1152,7 +1153,7 @@ function init_db_schema() {
         while ($row = array_shift($rows)) {
           $pdo->query($row['FKEY_DROP']);
         }
-        foreach($properties['cols'] as $column => $type) {
+        foreach ($properties['cols'] as $column => $type) {
           $stmt = $pdo->query("SHOW COLUMNS FROM `" . $table . "` LIKE '" . $column . "'");
           $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
           if ($num_results == 0) {
@@ -1166,12 +1167,11 @@ function init_db_schema() {
               }
             }
             $pdo->query("ALTER TABLE `" . $table . "` ADD `" . $column . "` " . $type);
-          }
-          else {
+          } else {
             $pdo->query("ALTER TABLE `" . $table . "` MODIFY COLUMN `" . $column . "` " . $type);
           }
         }
-        foreach($properties['keys'] as $key_type => $key_content) {
+        foreach ($properties['keys'] as $key_type => $key_content) {
           if (strtolower($key_type) == 'primary') {
             foreach ($key_content as $key_values) {
               $fields = "`" . implode("`, `", $key_values) . "`";
@@ -1228,18 +1228,18 @@ function init_db_schema() {
         $keys_to_exist = array();
         if (isset($properties['keys']['unique']) && is_array($properties['keys']['unique'])) {
           foreach ($properties['keys']['unique'] as $key_name => $key_values) {
-             $keys_to_exist[] = $key_name;
+            $keys_to_exist[] = $key_name;
           }
         }
         if (isset($properties['keys']['key']) && is_array($properties['keys']['key'])) {
           foreach ($properties['keys']['key'] as $key_name => $key_values) {
-             $keys_to_exist[] = $key_name;
+            $keys_to_exist[] = $key_name;
           }
         }
         // Index for foreign key must exist
         if (isset($properties['keys']['fkey']) && is_array($properties['keys']['fkey'])) {
           foreach ($properties['keys']['fkey'] as $key_name => $key_values) {
-             $keys_to_exist[] = $key_name;
+            $keys_to_exist[] = $key_name;
           }
         }
         // Step 2: Drop all vanished indexes
@@ -1256,33 +1256,29 @@ function init_db_schema() {
             $pdo->query("ALTER TABLE `" . $table . "` DROP PRIMARY KEY");
           }
         }
-      }
-      else {
+      } else {
         // Create table if it is missing
         $sql = "CREATE TABLE IF NOT EXISTS `" . $table . "` (";
-        foreach($properties['cols'] as $column => $type) {
+        foreach ($properties['cols'] as $column => $type) {
           $sql .= "`" . $column . "` " . $type . ",";
         }
-        foreach($properties['keys'] as $key_type => $key_content) {
+        foreach ($properties['keys'] as $key_type => $key_content) {
           if (strtolower($key_type) == 'primary') {
             foreach ($key_content as $key_values) {
               $fields = "`" . implode("`, `", $key_values) . "`";
               $sql .= "PRIMARY KEY (" . $fields . ")" . ",";
             }
-          }
-          elseif (strtolower($key_type) == 'key') {
+          } elseif (strtolower($key_type) == 'key') {
             foreach ($key_content as $key_name => $key_values) {
               $fields = "`" . implode("`, `", $key_values) . "`";
               $sql .= "KEY `" . $key_name . "` (" . $fields . ")" . ",";
             }
-          }
-          elseif (strtolower($key_type) == 'unique') {
+          } elseif (strtolower($key_type) == 'unique') {
             foreach ($key_content as $key_name => $key_values) {
               $fields = "`" . implode("`, `", $key_values) . "`";
               $sql .= "UNIQUE KEY `" . $key_name . "` (" . $fields . ")" . ",";
             }
-          }
-          elseif (strtolower($key_type) == 'fkey') {
+          } elseif (strtolower($key_type) == 'fkey') {
             foreach ($key_content as $key_name => $key_values) {
               @list($table_ref, $field_ref) = explode('.', $key_values['ref']);
               $sql .= "FOREIGN KEY `" . $key_name . "` (" . $key_values['col'] . ") REFERENCES `" . $table_ref . "` (`" . $field_ref . "`)
@@ -1296,7 +1292,6 @@ function init_db_schema() {
       }
       // Reset table attributes
       $pdo->query("ALTER TABLE `" . $table . "` " . $properties['attr'] . ";");
-
     }
 
     // Recreate SQL views
@@ -1323,12 +1318,12 @@ function init_db_schema() {
     $stmt = $pdo->query("SELECT NULL FROM `admin`");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
     if ($num_results == 0) {
-    $pdo->query("INSERT INTO `admin` (`username`, `password`, `superadmin`, `created`, `modified`, `active`)
+      $pdo->query("INSERT INTO `admin` (`username`, `password`, `superadmin`, `created`, `modified`, `active`)
       VALUES ('admin', '{SSHA256}K8eVJ6YsZbQCfuJvSUbaQRLr0HPLz5rC9IAp0PAFl0tmNDBkMDc0NDAyOTAxN2Rk', 1, NOW(), NOW(), 1)");
-    $pdo->query("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
+      $pdo->query("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
         SELECT `username`, 'ALL', NOW(), 1 FROM `admin`
           WHERE superadmin='1' AND `username` NOT IN (SELECT `username` FROM `domain_admins`);");
-    $pdo->query("DELETE FROM `admin` WHERE `username` NOT IN  (SELECT `username` FROM `domain_admins`);");
+      $pdo->query("DELETE FROM `admin` WHERE `username` NOT IN  (SELECT `username` FROM `domain_admins`);");
     }
     // Insert new DB schema version
     $pdo->query("REPLACE INTO `versions` (`application`, `version`) VALUES ('db_schema', '" . $db_version . "');");
@@ -1356,7 +1351,7 @@ function init_db_schema() {
     $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.mailbox_format', \"maildir:\") WHERE JSON_VALUE(`attributes`, '$.mailbox_format') IS NULL;");
     $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.quarantine_notification', \"never\") WHERE JSON_VALUE(`attributes`, '$.quarantine_notification') IS NULL;");
     $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.quarantine_category', \"reject\") WHERE JSON_VALUE(`attributes`, '$.quarantine_category') IS NULL;");
-    foreach($tls_options as $tls_user => $tls_options) {
+    foreach ($tls_options as $tls_user => $tls_options) {
       $stmt = $pdo->prepare("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.tls_enforce_in', :tls_enforce_in),
         `attributes` = JSON_SET(`attributes`, '$.tls_enforce_out', :tls_enforce_out)
           WHERE `username` = :username");
@@ -1435,7 +1430,7 @@ function init_db_schema() {
       ":template" => $default_domain_template["template"]
     ));
     $row = $stmt->fetch(PDO::FETCH_ASSOC);
-    if (empty($row)){
+    if (empty($row)) {
       $stmt = $pdo->prepare("INSERT INTO `templates` (`type`, `template`, `attributes`)
         VALUES (:type, :template, :attributes)");
       $stmt->execute(array(
@@ -1450,7 +1445,7 @@ function init_db_schema() {
       ":template" => $default_mailbox_template["template"]
     ));
     $row = $stmt->fetch(PDO::FETCH_ASSOC);
-    if (empty($row)){
+    if (empty($row)) {
       $stmt = $pdo->prepare("INSERT INTO `templates` (`type`, `template`, `attributes`)
         VALUES (:type, :template, :attributes)");
       $stmt->execute(array(
@@ -1469,8 +1464,7 @@ function init_db_schema() {
         'msg' => 'db_init_complete'
       );
     }
-  }
-  catch (PDOException $e) {
+  } catch (PDOException $e) {
     if (php_sapi_name() == "cli") {
       echo "DB initialization failed: " . print_r($e, true) . PHP_EOL;
     } else {
@@ -1509,8 +1503,7 @@ if (php_sapi_name() == "cli") {
         SELECT `c_uid`, `domain`, `c_name`, `c_password`, `c_cn`, `mail`, `aliases`, `ad_aliases`, `ext_acl`, `kind`, `multiple_bookings` from sogo_view");
       $stmt = $pdo->query("DELETE FROM _sogo_static_view WHERE `c_uid` NOT IN (SELECT `username` FROM `mailbox` WHERE `active` = '1');");
       echo "Fixed _sogo_static_view" . PHP_EOL;
-    }
-    catch ( Exception $e ) {
+    } catch (Exception $e) {
       // Dunno
     }
   }
@@ -1518,9 +1511,8 @@ if (php_sapi_name() == "cli") {
     $m = new Memcached();
     $m->addServer('memcached', 11211);
     $m->flush();
-    echo "Cleaned up memcached". PHP_EOL;
-  }
-  catch ( Exception $e ) {
+    echo "Cleaned up memcached" . PHP_EOL;
+  } catch (Exception $e) {
     // Dunno
   }
   init_db_schema();

From 1a8e1a2677b5bfe65206818c55ebbe29817dcb77 Mon Sep 17 00:00:00 2001
From: Filip Marek <filip.marek.external@worldline.com>
Date: Thu, 15 Aug 2024 15:09:29 +0200
Subject: [PATCH 408/755] add escape html for description

---
 data/web/js/site/user.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/data/web/js/site/user.js b/data/web/js/site/user.js
index c1a680805..2a5eccdf8 100644
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@@ -205,7 +205,10 @@ jQuery(function($){
         {
           title: lang.description,
           data: 'description',
-          defaultContent: ''
+          defaultContent: '',
+          render: function (data, type) {
+            return escapeHtml(data);
+          }
         },
         {
           title: lang.alias_valid_until,

From 7c8e5c10cad47d1faab0f28b9b81953835c1622e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20=F0=9F=A6=84?=
 <43847817+codiflow@users.noreply.github.com>
Date: Tue, 10 Dec 2024 09:25:29 +0100
Subject: [PATCH 409/755] Add create command to prevent external: true warnings
 (#6203)

This is related to https://github.com/mailcow/mailcow-dockerized/issues/5970 and https://community.mailcow.email/d/2126-backup-restore/2

It adds `docker compose create` to the script which gets executed directly after the sync of the mailcow-dockerized directory. This way the Docker daemon on the remote side creates everything and we get rid of the warning "volume "XYZ" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume"

This is helpful if you use the create-cold-standby.sh script to migrate your mailcow installation to another server and don't want to get those warnings after migration.

Co-authored-by: Niklas Meyer <niklas.meyer@servercow.de>
---
 helper-scripts/_cold-standby.sh | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/helper-scripts/_cold-standby.sh b/helper-scripts/_cold-standby.sh
index 815152735..e2e5f1556 100755
--- a/helper-scripts/_cold-standby.sh
+++ b/helper-scripts/_cold-standby.sh
@@ -202,6 +202,17 @@ if [ ${ec} -ne 0 ] && [ ${ec} -ne 24 ]; then
   exit 1
 fi
 
+# Let the remote side create all network, volumes and containers to prevent need for external:true #
+echo -e "\e[33mCreating networks, volumes and containers on remote...\e[0m"
+
+if ! ssh -o StrictHostKeyChecking=no \
+  -i "${REMOTE_SSH_KEY}" \
+  ${REMOTE_SSH_HOST} \
+  -p ${REMOTE_SSH_PORT} \
+  ${COMPOSE_COMMAND} -f "${SCRIPT_DIR}/../docker-compose.yml" create 2>&1 ; then
+    >&2 echo -e "\e[31m[ERR]\e[0m - Could not create networks, volumes and containers on remote"
+fi
+
 # Trigger a Redis save for a consistent Redis copy
 echo -ne "\033[1mRunning redis-cli save... \033[0m"
 docker exec $(docker ps -qf name=redis-mailcow) redis-cli -a ${REDISPASS} --no-auth-warning save
@@ -326,4 +337,4 @@ if ! ssh -o StrictHostKeyChecking=no \
     >&2 echo -e "\e[31m[ERR]\e[0m - Could not cleanup old images on remote"
 fi
 
-echo -e "\e[32mDone\e[0m"
\ No newline at end of file
+echo -e "\e[32mDone\e[0m"

From 3875e8377a75ccf00cddef79f574ce8fa22bdae3 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Tue, 10 Dec 2024 15:59:02 +0100
Subject: [PATCH 410/755] sogo: added SOGoDisableOrganizerEventCheck value to
 sogo.conf (#6204)

---
 data/conf/sogo/sogo.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/data/conf/sogo/sogo.conf b/data/conf/sogo/sogo.conf
index d398eb053..8455f0cf3 100644
--- a/data/conf/sogo/sogo.conf
+++ b/data/conf/sogo/sogo.conf
@@ -16,6 +16,9 @@
     SOGoFoldersSendEMailNotifications = YES;
     SOGoForwardEnabled = YES;
 
+    // Fixes "MODIFICATION_FAILED" error (HTTP 412) in Clients when accepting invitations from external services
+    SOGoDisableOrganizerEventCheck = YES;
+
     // Option to set Users as admin to globally manage calendar permissions etc. Disabled by default
     // SOGoSuperUsernames = ("moo@example.com");
 

From f0658424024fb48b34c3867b6d763273888a2fa1 Mon Sep 17 00:00:00 2001
From: Phoenix Eve Aspacio <aspaciop@gmail.com>
Date: Wed, 11 Dec 2024 10:03:47 +0800
Subject: [PATCH 411/755] Updated to $_REQUEST.

tested from my end.
---
 data/web/inc/ajax/sieve_validation.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/data/web/inc/ajax/sieve_validation.php b/data/web/inc/ajax/sieve_validation.php
index eb421b4a4..99be1f0c0 100644
--- a/data/web/inc/ajax/sieve_validation.php
+++ b/data/web/inc/ajax/sieve_validation.php
@@ -4,14 +4,14 @@ header('Content-Type: application/json');
 if (!isset($_SESSION['mailcow_cc_role'])) {
   exit();
 }
-if (isset($_GET['script'])) {
+if (isset($_REQUEST['script'])) {
   $sieve = new Sieve\SieveParser();
   try {
-    if (empty($_GET['script'])) {
+    if (empty($_REQUEST['script'])) {
       echo json_encode(array('type' => 'danger', 'msg' => $lang['danger']['script_empty']));
       exit();
     }
-    $sieve->parse($_GET['script']);
+    $sieve->parse($_REQUEST['script']);
   }
   catch (Exception $e) {
     echo json_encode(array('type' => 'danger', 'msg' => $e->getMessage()));

From d09e4ff0209515cca58e1c502da648b5b86287da Mon Sep 17 00:00:00 2001
From: Phoenix Eve Aspacio <aspaciop@gmail.com>
Date: Wed, 11 Dec 2024 10:06:10 +0800
Subject: [PATCH 412/755] Convert AJAX to POST request

This AJAX request sends form data in $_GET request query. This is problematic and unreliable when validating superrrr loooooong conditions, especially in environments that use reverse-proxy.

Been having this problem and this PR solves it. :)
---
 data/web/js/site/mailbox.js | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index af2862a37..018233673 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -179,9 +179,8 @@ $(document).ready(function() {
     // Get script_data textarea content from form the button was clicked in
     var script = $('textarea[name="script_data"]', $(this).parents('form:first')).val();
     $.ajax({
-      dataType: 'json',
       url: "/inc/ajax/sieve_validation.php",
-      type: "get",
+      type: "post",
       data: { script: script },
       complete: function(data) {
         var response = (data.responseText);

From b087ac9e271550fa595b700023c8059c1afe2f27 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Wed, 11 Dec 2024 18:10:51 +0100
Subject: [PATCH 413/755] Translations update from Weblate (#6206)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Web] Updated lang.fr-fr.json

Co-authored-by: Neuronnexion <support@nnx.com>

* [Web] Updated lang.si-si.json

Co-authored-by: Matjaž Tekavec <matjaz@moj-svet.si>

---------

Co-authored-by: Neuronnexion <support@nnx.com>
Co-authored-by: Matjaž Tekavec <matjaz@moj-svet.si>
---
 data/web/lang/lang.fr-fr.json | 12 +++++++---
 data/web/lang/lang.si-si.json | 45 ++++++++++++++++++-----------------
 2 files changed, 32 insertions(+), 25 deletions(-)

diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index 386a4dfc6..a7b2e6ff7 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -374,7 +374,7 @@
         "dkim_domain_or_sel_invalid": "Domaine ou sélection DKIM non valide : %s",
         "domain_cannot_match_hostname": "Le domaine ne correspond pas au nom d’hôte",
         "domain_exists": "Le domaine %s exite déjà",
-        "domain_invalid": "Le mom de domaine est vide ou non valide",
+        "domain_invalid": "Le nom de domaine est vide ou non valide",
         "domain_not_empty": "Impossible de supprimer le domaine non vide %s",
         "domain_not_found": "Le domaine %s est introuvable",
         "domain_quota_m_in_use": "Le quota de domaine doit être supérieur ou égal à %s Mo",
@@ -658,7 +658,12 @@
         "quota_warning_bcc_info": "Les avertissements seront envoyés en copies séparées aux destinataires suivants. Le sujet sera précédé du nom d'utilisateur correspondant entre parenthèses, par exemple : <code>Avertissement sur les quotas (user@example.com)</code>.",
         "sogo_access_info": "L'authentification unique à partir de l'interface de messagerie reste opérationnelle. Ce paramètre n'affecte pas l'accès à tous les autres services et ne supprime ni, ne modifie le profil SOGo existant d'un utilisateur.",
         "admin": "Modifier l'administrateur",
-        "password_recovery_email": "Adresse email de récupération"
+        "password_recovery_email": "Adresse email de récupération",
+        "mailbox_rename_title": "Nouveau nom de la partie locale de la boîte de réception",
+        "mailbox_rename": "Renommer la boîte de réception",
+        "mailbox_rename_agree": "J'ai fait une sauvegarde.",
+        "mailbox_rename_warning": "IMPORTANT ! Faites une sauvegarde avant de renommer la boîte de réception.",
+        "mailbox_rename_alias": "Créer un alias automatiquement"
     },
     "footer": {
         "cancel": "Annuler",
@@ -1029,7 +1034,8 @@
         "domain_add_dkim_available": "A DKIM key did already exist",
         "ip_check_opt_in_modified": "Le contrôle de l'IP a été enregistré avec succès",
         "password_changed_success": "Le mot de passe a été modifié avec succès",
-        "recovery_email_sent": "Email de réinitialisation envoyé à %s"
+        "recovery_email_sent": "Email de réinitialisation envoyé à %s",
+        "mailbox_renamed": "La boîte de réception a été renommée de %s à %s"
     },
     "tfa": {
         "api_register": "%s utilise l'API Yubico Cloud. Veuillez obtenir une clé API pour votre clé <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">ici</a>",
diff --git a/data/web/lang/lang.si-si.json b/data/web/lang/lang.si-si.json
index e9468e0cb..0f8467a75 100644
--- a/data/web/lang/lang.si-si.json
+++ b/data/web/lang/lang.si-si.json
@@ -3,11 +3,11 @@
         "app_passwds": "Upravljaj gesla aplikacij",
         "bcc_maps": "Preslikave SKP (BCC)",
         "delimiter_action": "Dejanje ločila",
-        "domain_relayhost": "Spremeni gostitelja relay za domeno",
+        "domain_relayhost": "Spremenite posrednika za domeno",
         "eas_reset": "Ponastavi EAS naprave",
         "filters": "Filtri",
         "login_as": "Prijavi se kot uporabnik poštnega predala",
-        "mailbox_relayhost": "Spremeni gostitelja relay za poštni predal",
+        "mailbox_relayhost": "Spremenite posrednika za e-poštni nabiralnik",
         "prohibited": "Prepovedano z ACL",
         "protocol_access": "Spremeni dostop do protokola",
         "pushover": "Pushover",
@@ -17,33 +17,34 @@
         "ratelimit": "Omejitev pošiljanja",
         "recipient_maps": "Preslikave prejemnikov",
         "smtp_ip_access": "Spremeni dovoljene gostitelje za SMTP",
-        "sogo_access": "Dovoli upravljanje SOGo dostopov",
+        "sogo_access": "Dovoli upravljanje SOGo dostopa",
         "sogo_profile_reset": "Ponastavi SOGo profil",
-        "spam_alias": "Začasni aliasi",
-        "spam_policy": "Blacklist/Whitelist",
+        "spam_alias": "Začasni vzdevki",
+        "spam_policy": "Črna lista/Bela lista",
         "spam_score": "Ocena neželene pošte",
         "tls_policy": "Politika TLS",
         "unlimited_quota": "Neomejena kvota za poštne predale",
-        "alias_domains": "Dodaj alias domene",
+        "alias_domains": "Dodaj vzdevke domen",
         "domain_desc": "Spremeni opis domene",
         "extend_sender_acl": "Dovoli razširitev pošiljateljevega ACL z zunanjimi e-poštnimi naslovi",
         "quarantine_category": "Spremeni kategorijo obvestil o karanteni",
-        "syncjobs": "Opravila sinhronizacije"
+        "syncjobs": "Sinhronizacijska opravila",
+        "pw_reset": "Dovoli ponastavitev uporabniškega gesla mailcow"
     },
     "add": {
         "active": "Aktivno",
         "add": "Dodaj",
         "add_domain_only": "Dodaj samo domeno",
         "add_domain_restart": "Dodaj domeno in ponovno zaženi SOGo",
-        "alias_address": "Alias naslov/i",
-        "alias_domain": "Alias domena",
+        "alias_address": "Naslov/i vzdevk/a/ov",
+        "alias_domain": "Vzdevek domene",
         "alias_domain_info": "<small>Samo veljavne domene (ločene z vejico).</small>",
         "app_name": "Ime aplikacije",
         "app_password": "Dodaj geslo aplikacije",
         "app_passwd_protocols": "Dovoljeni protokoli za geslo aplikacije",
         "automap": "Poskusi samodejno preslikati mape (\"Sent items\", \"Sent\" => \"Poslano\" ipd.)",
         "backup_mx_options": "Možnosti posredovanja (relay)",
-        "comment_info": "Zasebni komentarji niso vidni uporabnikom, javni komentarji pa so prikazani kot tooltip, ko se z miško postavimo nad uporabnika v pregledu",
+        "comment_info": "Zasebni komentarji niso vidni uporabnikom, javni komentarji pa so prikazani kot opis, ko se z miško postavimo nad uporabnika v pregledu",
         "custom_params": "Parametri po meri",
         "custom_params_hint": "Pravilno: --param=xy, napačno: --param xy",
         "delete1": "Izbriši na viru, ko je končano",
@@ -67,7 +68,7 @@
         "kind": "Tip",
         "mailbox_quota_def": "Privzeta kvota za poštni predal",
         "mailbox_username": "Uporabniško ime (levi del e-poštnega naslova)",
-        "max_aliases": "Največje število dovoljenih aliasov",
+        "max_aliases": "Največje število dovoljenih vzdevkov",
         "max_mailboxes": "Največje dovoljeno število poštnih predalov",
         "mins_interval": "Interval preverjanja (minute)",
         "multiple_bookings": "Več rezervacij",
@@ -88,25 +89,25 @@
         "sieve_type": "Vrsta filtra",
         "skipcrossduplicates": "Preskoči podvojena sporočila po mapah (prvi pride, prvi melje)",
         "subscribeall": "Prijavi vse mape",
-        "syncjob": "Dodaj opravilo sinhronizacije",
+        "syncjob": "Dodaj sinhronizacijsko opravilo",
         "tags": "Oznake",
-        "target_address": "Goto naslov",
+        "target_address": "Pojdi na naslov",
         "target_address_info": "<small>Polni e-poštni naslov/i (ločeni z vejico).</small>",
         "target_domain": "Ciljna domena",
         "timeout1": "Časovna omejitev za povezavo do oddaljenega gostitelja",
         "username": "Uporabniško ime",
-        "validate": "Preveri",
-        "validation_success": "Uspešno preverjeno",
-        "activate_filter_warn": "Ko je aktivni izbran, bodo vsi ostali filtri deaktivirani.",
-        "alias_address_info": "<small>Polni email naslov/i oziroma @example.com za zajem vseh sporočil domene (ločeno z vejico), <b>samo domene mailcow</b>.</small>",
-        "bcc_dest_format": "BCC naslov mora biti en veljaven e-poštni naslov.<br>Če morate poslati kopijo na več naslov, ustvarite alias in ga uporabite tukaj.",
+        "validate": "Potrditev",
+        "validation_success": "Uspešno potrjeno",
+        "activate_filter_warn": "Vsi drugi filtri bodo deaktivirani, če je označeno aktivno.",
+        "alias_address_info": "<small>Polni e-poštni naslov/i oziroma @example.com za zajem vseh sporočil domene (ločeno z vejico), <b>samo domene mailcow</b>.</small>",
+        "bcc_dest_format": "BCC naslov mora biti en veljaven e-poštni naslov.<br>Če morate poslati kopijo na več naslov, ustvarite vzdevek in ga uporabite tukaj.",
         "disable_login": "Prepovej vpis (vhodna e-pošta je še vedno sprejeta)",
         "gal_info": "GAL vsebuje vse objekte domene in ga uporabniki ne morejo urejati. Informacija o zasedenosti v SOGo ni na voljo, če je onemogočena! <b>Ponovno zaženi SOGo za uveljavitev sprememb.</b>",
         "mailbox_quota_m": "Najvišja kvota na poštni predal (MiB)",
         "password": "Geslo",
-        "post_domain_add": "SOGo container \"sogo-mailcow\" mora biti ponovno zagnan po dodajanju nove domene!<br><br>Dodatno se mora preveriti DNS konfiguracija domene. Ko je DNS konfiguracija domene odobrena, ponovno zaženite \"acme-mailcow\" za samodejno generiranje certifikatov za novo domeno (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;).<br>Ta korak je opcijski in se ponovno poskuša vsakih 24 ur.",
+        "post_domain_add": "SOGo zabojnik\"sogo-mailcow\" mora biti ponovno zagnan po dodajanju nove domene!<br><br>Dodatno se mora preveriti DNS konfiguracija domene. Ko je DNS konfiguracija domene odobrena, ponovno zaženite \"acme-mailcow\" za samodejno generiranje certifikatov za novo domeno (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;).<br>Ta korak je opcijski in se ponovno poskuša vsakih 24 ur.",
         "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Info</div> Definirate lahko preslikave transportov za cilj po meri za to domeno. Če ni nastavljena, se ustvari MX poizvedba.",
-        "syncjob_hint": "Pozor! Gesla se morajo shraniti v plain-text!",
+        "syncjob_hint": "Pozor! Gesla se morajo shraniti v golo besedilo!",
         "timeout2": "Časovna omejitev za povezavo do lokalnega gostitelja",
         "dry": "Simuliraj sinhronizacijo"
     },
@@ -124,7 +125,7 @@
         "add_row": "Dodaj vrstico",
         "add_settings_rule": "Dodaj pravilo nastavitev",
         "add_transport": "Dodaj transport",
-        "add_transports_hint": "Prosimo zavedajte se, da se podatki za avtentikacijo, če obstajajo, shranijo v plain text.",
+        "add_transports_hint": "Prosimo zavedajte se, da se podatki za avtentikacijo, če obstajajo, shranijo v golo besedilo.",
         "additional_rows": " nove vrstice so bile dodane",
         "admin_details": "Uredi podrobnosti skrbnika",
         "admin_domains": "Dodeljene domene",
@@ -282,7 +283,7 @@
         "rspamd_global_filters_agree": "Previden bom!",
         "rspamd_global_filters_info": "Globalne preslikave filtrov vsebujejo različne vrste globalnih blacklist in whitelist.",
         "add_admin": "Dodaj skrbnika",
-        "add_relayhost_hint": "Prosimo zavedajte se, da se podatki za avtentikacijo, če obstajajo, shranijo v plain text.",
+        "add_relayhost_hint": "Prosimo zavedajte se, da se podatki za avtentikacijo, če obstajajo, shranijo v golo besedilo.",
         "admin": "Skrbnik",
         "api_allow_from": "Dovoli API dostop s teh IP naslovov / CIDR mrežnih zapisov",
         "apps_name": "Ime aplikacije v mailcow",

From 3e8bb06a3776b778ddff8709fe4ec9f2d14451fb Mon Sep 17 00:00:00 2001
From: Niklas Meyer <niklas.meyer@servercow.de>
Date: Thu, 12 Dec 2024 16:44:42 +0100
Subject: [PATCH 414/755] dovecot: replace solr fts with flatcurve (xapian)
 (#5680)

* fts-flatcurve: inital implementation

* fts: removed solr from compose.yml

* flatcurve: added heap and proc logic to dovecot

* added logic for update.sh & generate for Flatcurve

* delete old iteration of fts-flatcurve.conf

* updated default fts.conf

* updated .gitignore to exclude fts.conf for further git updates

* Remove autogeneration of fts.conf (disable override)

* cleanup all left solr stuff

* renamed SKIP_FLATCURVE to SKIP_FTS

* cleanup leftovers solr in lang files

* moved lazy_expunge plugin only to mail_plugins

* added fts timeout value

* compose: remove dev image of dovecot

* updated japanese translation
---
 .github/workflows/image_builds.yml            |   1 -
 .gitignore                                    |   1 +
 data/Dockerfiles/dovecot/Dockerfile           |   1 -
 data/Dockerfiles/dovecot/docker-entrypoint.sh |  71 +--
 data/Dockerfiles/dovecot/optimize-fts.sh      |   4 +-
 data/Dockerfiles/solr/Dockerfile              |  31 --
 data/Dockerfiles/solr/solr-config-7.7.0.xml   | 289 ------------
 data/Dockerfiles/solr/solr-schema-7.7.0.xml   |  49 ---
 data/Dockerfiles/solr/solr.sh                 |  75 ----
 data/conf/dovecot/conf.d/fts.conf             |  35 ++
 data/web/api/openapi.yaml                     |  30 --
 data/web/debug.php                            |   4 -
 data/web/inc/functions.inc.php                |  44 --
 data/web/inc/functions.mailbox.inc.php        |  19 -
 data/web/json_api.php                         |  17 -
 data/web/lang/lang.cs-cz.json                 |   3 -
 data/web/lang/lang.da-dk.json                 |   3 -
 data/web/lang/lang.de-de.json                 |   3 -
 data/web/lang/lang.en-gb.json                 |   3 -
 data/web/lang/lang.es-es.json                 |   2 -
 data/web/lang/lang.fi-fi.json                 |   3 -
 data/web/lang/lang.fr-fr.json                 |   3 -
 data/web/lang/lang.it-it.json                 |   3 -
 data/web/lang/lang.ja-jp.json                 |   3 -
 data/web/lang/lang.ko-kr.json                 |   3 -
 data/web/lang/lang.lv-lv.json                 |   1 -
 data/web/lang/lang.nb-no.json                 |   2 -
 data/web/lang/lang.nl-nl.json                 |   3 -
 data/web/lang/lang.pt-br.json                 |   3 -
 data/web/lang/lang.ro-ro.json                 |   3 -
 data/web/lang/lang.ru-ru.json                 |   3 -
 data/web/lang/lang.si-si.json                 |   3 -
 data/web/lang/lang.sk-sk.json                 |   3 -
 data/web/lang/lang.sv-se.json                 |   3 -
 data/web/lang/lang.tr-tr.json                 |   3 -
 data/web/lang/lang.uk-ua.json                 |   3 -
 data/web/lang/lang.zh-cn.json                 |   3 -
 data/web/lang/lang.zh-tw.json                 |   3 -
 data/web/templates/debug.twig                 | 102 -----
 docker-compose.yml                            |  33 +-
 generate_config.sh                            |  41 +-
 .../BUILD_FLAGS/docker-compose.override.yml   |   3 -
 update.sh                                     | 414 +++++++++++++++++-
 43 files changed, 467 insertions(+), 862 deletions(-)
 delete mode 100644 data/Dockerfiles/solr/Dockerfile
 delete mode 100644 data/Dockerfiles/solr/solr-config-7.7.0.xml
 delete mode 100644 data/Dockerfiles/solr/solr-schema-7.7.0.xml
 delete mode 100755 data/Dockerfiles/solr/solr.sh
 create mode 100644 data/conf/dovecot/conf.d/fts.conf

diff --git a/.github/workflows/image_builds.yml b/.github/workflows/image_builds.yml
index 496d4f73d..27fc9a2d5 100644
--- a/.github/workflows/image_builds.yml
+++ b/.github/workflows/image_builds.yml
@@ -23,7 +23,6 @@ jobs:
           - "postfix-mailcow"
           - "rspamd-mailcow"
           - "sogo-mailcow"
-          - "solr-mailcow"
           - "unbound-mailcow"
           - "watchdog-mailcow"
     runs-on: ubuntu-latest
diff --git a/.gitignore b/.gitignore
index b22abfd6e..7894407ae 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,6 +23,7 @@ data/conf/dovecot/sni.conf
 data/conf/dovecot/sogo-sso.conf
 data/conf/dovecot/sogo_trusted_ip.conf
 data/conf/dovecot/sql
+data/conf/dovecot/conf.d/fts.conf
 data/conf/nextcloud-*.bak
 data/conf/nginx/*.active
 data/conf/nginx/*.bak
diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index 4b004cdf1..1c35639e9 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -105,7 +105,6 @@ RUN addgroup -g 5000 vmail \
   dovecot-submissiond \
   dovecot-pigeonhole-plugin \
   dovecot-pop3d \
-  dovecot-fts-solr \
   dovecot-fts-flatcurve \
   && arch=$(arch | sed s/aarch64/arm64/ | sed s/x86_64/amd64/) \
   && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$arch" \
diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index 7c6f46c60..af67579f1 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -110,21 +110,16 @@ EOF
 
 echo -n ${ACL_ANYONE} > /etc/dovecot/acl_anyone
 
-if [[ "${FLATCURVE_EXPERIMENTAL}" =~ ^([yY][eE][sS]|[yY]) ]]; then
-echo -e "\e[33mActivating Flatcurve as FTS Backend...\e[0m"
-echo -e "\e[33mDepending on your previous setup a full reindex might be needed... \e[0m"
-echo -e "\e[34mVisit https://docs.mailcow.email/manual-guides/Dovecot/u_e-dovecot-fts/#fts-related-dovecot-commands to learn how to reindex\e[0m"
-echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify fts fts_flatcurve listescape replication lazy_expunge' > /etc/dovecot/mail_plugins
-echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify mail_log fts fts_flatcurve listescape replication' > /etc/dovecot/mail_plugins_imap
-echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl fts fts_flatcurve notify listescape replication' > /etc/dovecot/mail_plugins_lmtp
-elif [[ "${SKIP_SOLR}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+if [[ "${SKIP_FTS}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+echo -e "\e[33mDetecting SKIP_FTS=y... not enabling Flatcurve (FTS) then...\e[0m"
 echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify listescape replication lazy_expunge' > /etc/dovecot/mail_plugins
 echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify listescape replication mail_log' > /etc/dovecot/mail_plugins_imap
 echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl notify listescape replication' > /etc/dovecot/mail_plugins_lmtp
 else
-echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify fts fts_solr listescape replication lazy_expunge' > /etc/dovecot/mail_plugins
-echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify mail_log fts fts_solr listescape replication' > /etc/dovecot/mail_plugins_imap
-echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl fts fts_solr notify listescape replication' > /etc/dovecot/mail_plugins_lmtp
+echo -e "\e[32mDetecting SKIP_FTS=n... enabling Flatcurve (FTS)\e[0m"
+echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify fts fts_flatcurve listescape replication lazy_expunge' > /etc/dovecot/mail_plugins
+echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify mail_log fts fts_flatcurve listescape replication' > /etc/dovecot/mail_plugins_imap
+echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl fts fts_flatcurve notify listescape replication' > /etc/dovecot/mail_plugins_lmtp
 fi
 chmod 644 /etc/dovecot/mail_plugins /etc/dovecot/mail_plugins_imap /etc/dovecot/mail_plugins_lmtp /templates/quarantine.tpl
 
@@ -247,51 +242,6 @@ function script_deinit()
 end
 EOF
 
-# Temporarily set FTS depending on user choice inside mailcow.conf. Will be removed as soon as Solr is dropped
-if [[ "${FLATCURVE_EXPERIMENTAL}" =~ ^([yY][eE][sS]|[yY])$ ]]; then
-cat <<EOF > /etc/dovecot/conf.d/fts.conf
-# Autogenerated by mailcow
-plugin {
-    fts_autoindex = yes
-    fts_autoindex_exclude = \Junk
-    fts_autoindex_exclude2 = \Trash
-    fts = flatcurve
-
-    # Maximum term length can be set via the 'maxlen' argument (maxlen is
-    # specified in bytes, not number of UTF-8 characters)
-    fts_tokenizer_email_address = maxlen=100
-    fts_tokenizer_generic = algorithm=simple maxlen=30
-
-    # These are not flatcurve settings, but required for Dovecot FTS. See
-    # Dovecot FTS Configuration link above for further information.
-    fts_languages = en es de
-    fts_tokenizers = generic email-address
-
-    # OPTIONAL: Recommended default FTS core configuration
-    fts_filters = normalizer-icu snowball stopwords
-    fts_filters_en = lowercase snowball english-possessive stopwords
-}
-EOF
-elif [[ ! "${SKIP_SOLR}" =~ ^([yY][eE][sS]|[yY])$ ]]; then
-cat <<EOF > /etc/dovecot/conf.d/fts.conf
-# Autogenerated by mailcow
-plugin {
-  fts = solr
-  fts_autoindex = yes
-  fts_autoindex_exclude = \Junk
-  fts_autoindex_exclude2 = \Trash
-  fts_solr = url=http://solr:8983/solr/dovecot-fts/
-
-  fts_tokenizers = generic email-address
-  fts_tokenizer_generic = algorithm=simple
-
-  fts_filters = normalizer-icu snowball stopwords
-  fts_filters_en = lowercase snowball english-possessive stopwords
-}
-EOF
-fi
-
-
 # Replace patterns in app-passdb.lua
 sed -i "s/__DBUSER__/${DBUSER}/g" /etc/dovecot/lua/passwd-verify.lua
 sed -i "s/__DBPASS__/${DBPASS}/g" /etc/dovecot/lua/passwd-verify.lua
@@ -398,6 +348,15 @@ mail_replica = tcp:${MAILCOW_REPLICA_IP}:${DOVEADM_REPLICA_PORT}
 EOF
 fi
 
+# Setting variables for indexer-worker inside fts.conf automatically according to mailcow.conf settings
+if [[ "${SKIP_FTS}" =~ ^([nN][oO]|[nN])+$ ]]; then
+  echo -e "\e[94mConfiguring FTS Settings...\e[0m"
+  echo -e "\e[94mSetting FTS Memory Limit (per process) to ${FTS_HEAP} MB\e[0m"
+  sed -i "s/vsz_limit\s*=\s*[0-9]*\s*MB*/vsz_limit=${FTS_HEAP} MB/" /etc/dovecot/conf.d/fts.conf
+  echo -e "\e[94mSetting FTS Process Limit to ${FTS_PROCS}\e[0m"
+  sed -i "s/process_limit\s*=\s*[0-9]*/process_limit=${FTS_PROCS}/" /etc/dovecot/conf.d/fts.conf
+fi
+
 # 401 is user dovecot
 if [[ ! -s /mail_crypt/ecprivkey.pem || ! -s /mail_crypt/ecpubkey.pem ]]; then
 	openssl ecparam -name prime256v1 -genkey | openssl pkey -out /mail_crypt/ecprivkey.pem
diff --git a/data/Dockerfiles/dovecot/optimize-fts.sh b/data/Dockerfiles/dovecot/optimize-fts.sh
index a6e8f91da..c19d6e5a7 100644
--- a/data/Dockerfiles/dovecot/optimize-fts.sh
+++ b/data/Dockerfiles/dovecot/optimize-fts.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
-if [[ "${SKIP_SOLR}" =~ ^([yY][eE][sS]|[yY])+$ && ! "${FLATCURVE_EXPERIMENTAL}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+if [[ "${SKIP_FTS}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
     exit 0
 else
     doveadm fts optimize -A
-fi
\ No newline at end of file
+fi
diff --git a/data/Dockerfiles/solr/Dockerfile b/data/Dockerfiles/solr/Dockerfile
deleted file mode 100644
index 429133519..000000000
--- a/data/Dockerfiles/solr/Dockerfile
+++ /dev/null
@@ -1,31 +0,0 @@
-FROM solr:7.7-slim
-
-USER root
-
-# renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced extractVersion=(?<version>.*)$
-ARG GOSU_VERSION=1.17
-
-COPY solr.sh /
-COPY solr-config-7.7.0.xml /
-COPY solr-schema-7.7.0.xml /
-
-RUN dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
-  && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
-  && chmod +x /usr/local/bin/gosu \
-  && gosu nobody true \
-  && apt-get update && apt-get install -y --no-install-recommends \
-  tzdata \
-  curl \
-  bash \
-  zip \
-  && apt-get autoclean \
-  && rm -rf /var/lib/apt/lists/* \
-  && chmod +x /solr.sh \
-  && sync \
-  && bash /solr.sh --bootstrap
-  
-RUN zip -q -d /opt/solr/server/lib/ext/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
-
-RUN apt remove zip -y  
-
-CMD ["/solr.sh"]
diff --git a/data/Dockerfiles/solr/solr-config-7.7.0.xml b/data/Dockerfiles/solr/solr-config-7.7.0.xml
deleted file mode 100644
index 3661874d6..000000000
--- a/data/Dockerfiles/solr/solr-config-7.7.0.xml
+++ /dev/null
@@ -1,289 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-
-<!-- This is the default config with stuff non-essential to Dovecot removed. -->
-
-<config>
-  <!-- Controls what version of Lucene various components of Solr
-       adhere to.  Generally, you want to use the latest version to
-       get all bug fixes and improvements. It is highly recommended
-       that you fully re-index after changing this setting as it can
-       affect both how text is indexed and queried.
-  -->
-  <luceneMatchVersion>7.7.0</luceneMatchVersion>
-
-  <!-- A 'dir' option by itself adds any files found in the directory
-       to the classpath, this is useful for including all jars in a
-       directory.
-
-       When a 'regex' is specified in addition to a 'dir', only the
-       files in that directory which completely match the regex
-       (anchored on both ends) will be included.
-
-       If a 'dir' option (with or without a regex) is used and nothing
-       is found that matches, a warning will be logged.
-
-       The examples below can be used to load some solr-contribs along
-       with their external dependencies.
-    -->
-  <lib dir="${solr.install.dir:../../../..}/contrib/extraction/lib" regex=".*\.jar" />
-  <lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-cell-\d.*\.jar" />
-
-  <lib dir="${solr.install.dir:../../../..}/contrib/clustering/lib/" regex=".*\.jar" />
-  <lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-clustering-\d.*\.jar" />
-
-  <lib dir="${solr.install.dir:../../../..}/contrib/langid/lib/" regex=".*\.jar" />
-  <lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-langid-\d.*\.jar" />
-
-  <lib dir="${solr.install.dir:../../../..}/contrib/velocity/lib" regex=".*\.jar" />
-  <lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-velocity-\d.*\.jar" />
-
-  <!-- Data Directory
-
-       Used to specify an alternate directory to hold all index data
-       other than the default ./data under the Solr home.  If
-       replication is in use, this should match the replication
-       configuration.
-    -->
-  <dataDir>${solr.data.dir:}</dataDir>
-
-  <!-- The default high-performance update handler -->
-  <updateHandler class="solr.DirectUpdateHandler2">
-
-    <!-- Enables a transaction log, used for real-time get, durability, and
-         and solr cloud replica recovery.  The log can grow as big as
-         uncommitted changes to the index, so use of a hard autoCommit
-         is recommended (see below).
-         "dir" - the target directory for transaction logs, defaults to the
-                solr data directory.
-         "numVersionBuckets" - sets the number of buckets used to keep
-                track of max version values when checking for re-ordered
-                updates; increase this value to reduce the cost of
-                synchronizing access to version buckets during high-volume
-                indexing, this requires 8 bytes (long) * numVersionBuckets
-                of heap space per Solr core.
-    -->
-    <updateLog>
-      <str name="dir">${solr.ulog.dir:}</str>
-      <int name="numVersionBuckets">${solr.ulog.numVersionBuckets:65536}</int>
-    </updateLog>
-
-    <!-- AutoCommit
-
-         Perform a hard commit automatically under certain conditions.
-         Instead of enabling autoCommit, consider using "commitWithin"
-         when adding documents.
-
-         http://wiki.apache.org/solr/UpdateXmlMessages
-
-         maxDocs - Maximum number of documents to add since the last
-                   commit before automatically triggering a new commit.
-
-         maxTime - Maximum amount of time in ms that is allowed to pass
-                   since a document was added before automatically
-                   triggering a new commit.
-         openSearcher - if false, the commit causes recent index changes
-           to be flushed to stable storage, but does not cause a new
-           searcher to be opened to make those changes visible.
-
-         If the updateLog is enabled, then it's highly recommended to
-         have some sort of hard autoCommit to limit the log size.
-      -->
-    <autoCommit>
-      <maxTime>${solr.autoCommit.maxTime:15000}</maxTime>
-      <openSearcher>false</openSearcher>
-    </autoCommit>
-
-    <!-- softAutoCommit is like autoCommit except it causes a
-         'soft' commit which only ensures that changes are visible
-         but does not ensure that data is synced to disk.  This is
-         faster and more near-realtime friendly than a hard commit.
-      -->
-    <autoSoftCommit>
-      <maxTime>${solr.autoSoftCommit.maxTime:-1}</maxTime>
-    </autoSoftCommit>
-
-    <!-- Update Related Event Listeners
-
-         Various IndexWriter related events can trigger Listeners to
-         take actions.
-
-         postCommit - fired after every commit or optimize command
-         postOptimize - fired after every optimize command
-      -->
-
-  </updateHandler>
-
-  <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-       Query section - these settings control query time things like caches
-       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
-  <query>
-    <!-- Solr Internal Query Caches
-
-         There are two implementations of cache available for Solr,
-         LRUCache, based on a synchronized LinkedHashMap, and
-         FastLRUCache, based on a ConcurrentHashMap.
-
-         FastLRUCache has faster gets and slower puts in single
-         threaded operation and thus is generally faster than LRUCache
-         when the hit ratio of the cache is high (> 75%), and may be
-         faster under other scenarios on multi-cpu systems.
-    -->
-
-    <!-- Filter Cache
-
-         Cache used by SolrIndexSearcher for filters (DocSets),
-         unordered sets of *all* documents that match a query.  When a
-         new searcher is opened, its caches may be prepopulated or
-         "autowarmed" using data from caches in the old searcher.
-         autowarmCount is the number of items to prepopulate.  For
-         LRUCache, the autowarmed items will be the most recently
-         accessed items.
-
-         Parameters:
-           class - the SolrCache implementation LRUCache or
-               (LRUCache or FastLRUCache)
-           size - the maximum number of entries in the cache
-           initialSize - the initial capacity (number of entries) of
-               the cache.  (see java.util.HashMap)
-           autowarmCount - the number of entries to prepopulate from
-               and old cache.
-           maxRamMB - the maximum amount of RAM (in MB) that this cache is allowed
-                      to occupy. Note that when this option is specified, the size
-                      and initialSize parameters are ignored.
-      -->
-    <filterCache class="solr.FastLRUCache"
-                 size="512"
-                 initialSize="512"
-                 autowarmCount="0"/>
-
-    <!-- Query Result Cache
-
-         Caches results of searches - ordered lists of document ids
-         (DocList) based on a query, a sort, and the range of documents requested.
-         Additional supported parameter by LRUCache:
-            maxRamMB - the maximum amount of RAM (in MB) that this cache is allowed
-                       to occupy
-      -->
-    <queryResultCache class="solr.LRUCache"
-                      size="512"
-                      initialSize="512"
-                      autowarmCount="0"/>
-
-    <!-- Document Cache
-
-         Caches Lucene Document objects (the stored fields for each
-         document).  Since Lucene internal document ids are transient,
-         this cache will not be autowarmed.
-      -->
-    <documentCache class="solr.LRUCache"
-                   size="512"
-                   initialSize="512"
-                   autowarmCount="0"/>
-
-    <!-- custom cache currently used by block join -->
-    <cache name="perSegFilter"
-           class="solr.search.LRUCache"
-           size="10"
-           initialSize="0"
-           autowarmCount="10"
-           regenerator="solr.NoOpRegenerator" />
-
-    <!-- Lazy Field Loading
-
-         If true, stored fields that are not requested will be loaded
-         lazily.  This can result in a significant speed improvement
-         if the usual case is to not load all stored fields,
-         especially if the skipped fields are large compressed text
-         fields.
-    -->
-    <enableLazyFieldLoading>true</enableLazyFieldLoading>
-
-    <!-- Result Window Size
-
-         An optimization for use with the queryResultCache.  When a search
-         is requested, a superset of the requested number of document ids
-         are collected.  For example, if a search for a particular query
-         requests matching documents 10 through 19, and queryWindowSize is 50,
-         then documents 0 through 49 will be collected and cached.  Any further
-         requests in that range can be satisfied via the cache.
-      -->
-    <queryResultWindowSize>20</queryResultWindowSize>
-
-    <!-- Maximum number of documents to cache for any entry in the
-         queryResultCache.
-      -->
-    <queryResultMaxDocsCached>200</queryResultMaxDocsCached>
-
-    <!-- Use Cold Searcher
-
-         If a search request comes in and there is no current
-         registered searcher, then immediately register the still
-         warming searcher and use it.  If "false" then all requests
-         will block until the first searcher is done warming.
-      -->
-    <useColdSearcher>false</useColdSearcher>
-
-  </query>
-
-
-  <!-- Request Dispatcher
-
-       This section contains instructions for how the SolrDispatchFilter
-       should behave when processing requests for this SolrCore.
-
-    -->
-  <requestDispatcher>
-    <httpCaching never304="true" />
-  </requestDispatcher>
-
-  <!-- Request Handlers
-
-       http://wiki.apache.org/solr/SolrRequestHandler
-
-       Incoming queries will be dispatched to a specific handler by name
-       based on the path specified in the request.
-
-       If a Request Handler is declared with startup="lazy", then it will
-       not be initialized until the first request that uses it.
-
-    -->
-  <!-- SearchHandler
-
-       http://wiki.apache.org/solr/SearchHandler
-
-       For processing Search Queries, the primary Request Handler
-       provided with Solr is "SearchHandler" It delegates to a sequent
-       of SearchComponents (see below) and supports distributed
-       queries across multiple shards
-    -->
-  <requestHandler name="/select" class="solr.SearchHandler">
-    <!-- default values for query parameters can be specified, these
-         will be overridden by parameters in the request
-      -->
-    <lst name="defaults">
-      <str name="echoParams">explicit</str>
-      <int name="rows">10</int>
-    </lst>
-  </requestHandler>
-
-  <initParams path="/update/**,/select">
-    <lst name="defaults">
-      <str name="df">_text_</str>
-    </lst>
-  </initParams>
-
-  <!-- Response Writers
-
-       http://wiki.apache.org/solr/QueryResponseWriter
-
-       Request responses will be written using the writer specified by
-       the 'wt' request parameter matching the name of a registered
-       writer.
-
-       The "default" writer is the default and will be used if 'wt' is
-       not specified in the request.
-    -->
-  <queryResponseWriter name="xml"
-                       default="true"
-                       class="solr.XMLResponseWriter" />
-</config>
diff --git a/data/Dockerfiles/solr/solr-schema-7.7.0.xml b/data/Dockerfiles/solr/solr-schema-7.7.0.xml
deleted file mode 100644
index 2c2e63438..000000000
--- a/data/Dockerfiles/solr/solr-schema-7.7.0.xml
+++ /dev/null
@@ -1,49 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<schema name="dovecot-fts" version="2.0">
-  <fieldType name="string" class="solr.StrField" omitNorms="true" sortMissingLast="true"/>
-  <fieldType name="long" class="solr.LongPointField" positionIncrementGap="0"/>
-  <fieldType name="boolean" class="solr.BoolField" sortMissingLast="true"/>
-
-  <fieldType name="text" class="solr.TextField" autoGeneratePhraseQueries="true" positionIncrementGap="100">
-    <analyzer type="index">
-      <tokenizer class="solr.StandardTokenizerFactory"/>
-      <filter class="solr.EdgeNGramFilterFactory" minGramSize="3" maxGramSize="20"/>
-      <filter class="solr.StopFilterFactory" words="stopwords.txt" ignoreCase="true"/>
-      <filter class="solr.WordDelimiterGraphFilterFactory" catenateNumbers="1" generateNumberParts="1" splitOnCaseChange="1" generateWordParts="1" splitOnNumerics="1" catenateAll="1" catenateWords="1"/>
-      <filter class="solr.FlattenGraphFilterFactory"/>
-      <filter class="solr.LowerCaseFilterFactory"/>
-      <filter class="solr.KeywordMarkerFilterFactory" protected="protwords.txt"/>
-      <filter class="solr.PorterStemFilterFactory"/>
-    </analyzer>
-    <analyzer type="query">
-      <tokenizer class="solr.StandardTokenizerFactory"/>
-      <filter class="solr.SynonymGraphFilterFactory" expand="true" ignoreCase="true" synonyms="synonyms.txt"/>
-      <filter class="solr.FlattenGraphFilterFactory"/>
-      <filter class="solr.StopFilterFactory" words="stopwords.txt" ignoreCase="true"/>
-      <filter class="solr.WordDelimiterGraphFilterFactory" catenateNumbers="1" generateNumberParts="1" splitOnCaseChange="1" generateWordParts="1" splitOnNumerics="1" catenateAll="1" catenateWords="1"/>
-      <filter class="solr.LowerCaseFilterFactory"/>
-      <filter class="solr.KeywordMarkerFilterFactory" protected="protwords.txt"/>
-      <filter class="solr.PorterStemFilterFactory"/>
-    </analyzer>
-  </fieldType>
-
-  <field name="id" type="string" indexed="true" required="true" stored="true"/>
-  <field name="uid" type="long" indexed="true" required="true" stored="true"/>
-  <field name="box" type="string" indexed="true" required="true" stored="true"/>
-  <field name="user" type="string" indexed="true" required="true" stored="true"/>
-
-  <field name="hdr" type="text" indexed="true" stored="false"/>
-  <field name="body" type="text" indexed="true" stored="false"/>
-
-  <field name="from" type="text" indexed="true" stored="false"/>
-  <field name="to" type="text" indexed="true" stored="false"/>
-  <field name="cc" type="text" indexed="true" stored="false"/>
-  <field name="bcc" type="text" indexed="true" stored="false"/>
-  <field name="subject" type="text" indexed="true" stored="false"/>
-
-  <!-- Used by Solr internally: -->
-  <field name="_version_" type="long" indexed="true" stored="true"/>
-
-  <uniqueKey>id</uniqueKey>
-</schema>
diff --git a/data/Dockerfiles/solr/solr.sh b/data/Dockerfiles/solr/solr.sh
deleted file mode 100755
index 03ab79126..000000000
--- a/data/Dockerfiles/solr/solr.sh
+++ /dev/null
@@ -1,75 +0,0 @@
-#!/bin/bash
-
-if [[ "${FLATCURVE_EXPERIMENTAL}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-  echo "FLATCURVE_EXPERIMENTAL=y, skipping Solr but enabling Flatcurve as FTS for Dovecot!"
-  echo "Solr will be removed in the future!"
-  sleep 365d
-  exit 0
-elif [[ "${SKIP_SOLR}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-  echo "SKIP_SOLR=y, skipping Solr..."
-  echo "HINT: You could try the newer FTS Backend Flatcurve, which is currently in experimental state..."
-  echo "Simply set FLATCURVE_EXPERIMENTAL=y inside your mailcow.conf and restart the stack afterwards!"
-  echo "Solr will be removed in the future!"
-  sleep 365d
-  exit 0
-fi
-
-MEM_TOTAL=$(awk '/MemTotal/ {print $2}' /proc/meminfo)
-
-if [[ "${1}" != "--bootstrap" ]]; then
-  if [ ${MEM_TOTAL} -lt "2097152" ]; then
-    echo "System memory less than 2 GB, skipping Solr..."
-    sleep 365d
-    exit 0
-  fi
-fi
-
-set -e
-
-# run the optional initdb
-. /opt/docker-solr/scripts/run-initdb
-
-# fixing volume permission
-[[ -d /opt/solr/server/solr/dovecot-fts/data ]] && chown -R solr:solr /opt/solr/server/solr/dovecot-fts/data
-if [[ "${1}" != "--bootstrap" ]]; then
-  sed -i '/SOLR_HEAP=/c\SOLR_HEAP="'${SOLR_HEAP:-1024}'m"' /opt/solr/bin/solr.in.sh
-else
-  sed -i '/SOLR_HEAP=/c\SOLR_HEAP="256m"' /opt/solr/bin/solr.in.sh
-fi
-
-if [[ "${1}" == "--bootstrap" ]]; then
-  echo "Creating initial configuration"
-  echo "Modifying default config set"
-  cp /solr-config-7.7.0.xml /opt/solr/server/solr/configsets/_default/conf/solrconfig.xml
-  cp /solr-schema-7.7.0.xml /opt/solr/server/solr/configsets/_default/conf/schema.xml
-  rm /opt/solr/server/solr/configsets/_default/conf/managed-schema
-
-  echo "Starting local Solr instance to setup configuration"
-  gosu solr start-local-solr
-
-  echo "Creating core \"dovecot-fts\""
-  gosu solr /opt/solr/bin/solr create -c "dovecot-fts"
-
-  # See https://github.com/docker-solr/docker-solr/issues/27
-  echo "Checking core"
-  while ! wget -O - 'http://localhost:8983/solr/admin/cores?action=STATUS' | grep -q instanceDir; do
-    echo "Could not find any cores, waiting..."
-    sleep 3
-  done
-
-  echo "Created core \"dovecot-fts\""
-
-  echo "Stopping local Solr"
-  gosu solr stop-local-solr
-
-  exit 0
-fi
-
-echo "Starting up Solr..."
-echo -e "\e[31mSolr is deprecated! You can try the new FTS System now by enabling FLATCURVE_EXPERIMENTAL=y inside mailcow.conf and restarting the stack\e[0m"
-echo -e "\e[31mSolr will be removed completely soon!\e[0m"
-
-sleep 15
-
-exec gosu solr solr-foreground
-
diff --git a/data/conf/dovecot/conf.d/fts.conf b/data/conf/dovecot/conf.d/fts.conf
new file mode 100644
index 000000000..acc6f1243
--- /dev/null
+++ b/data/conf/dovecot/conf.d/fts.conf
@@ -0,0 +1,35 @@
+# mailcow FTS Flatcurve Settings, change them as you like.
+plugin {
+    fts_autoindex = yes
+    fts_autoindex_exclude = \Junk
+    fts_autoindex_exclude2 = \Trash
+    fts = flatcurve
+
+    # Maximum term length can be set via the 'maxlen' argument (maxlen is
+    # specified in bytes, not number of UTF-8 characters)
+    fts_tokenizer_email_address = maxlen=100
+    fts_tokenizer_generic = algorithm=simple maxlen=30
+
+    # These are not flatcurve settings, but required for Dovecot FTS. See
+    # Dovecot FTS Configuration link above for further information.
+    fts_languages = en es de
+    fts_tokenizers = generic email-address
+
+    # OPTIONAL: Recommended default FTS core configuration
+    fts_filters = normalizer-icu snowball stopwords
+    fts_filters_en = lowercase snowball english-possessive stopwords
+
+    fts_index_timeout = 300
+}
+
+### THIS PART WILL BE CHANGED BY MODIFYING mailcow.conf AUTOMATICALLY DURING RUNTIME! ###
+
+service indexer-worker {
+  # Max amount of simultaniously running indexer jobs.
+  process_limit=5
+
+  # Max amount of RAM used by EACH indexer process.
+  vsz_limit=128 MB
+}
+
+### THIS PART WILL BE CHANGED BY MODIFYING mailcow.conf AUTOMATICALLY DURING RUNTIME! ###
\ No newline at end of file
diff --git a/data/web/api/openapi.yaml b/data/web/api/openapi.yaml
index 09d613aa2..d153ec74c 100644
--- a/data/web/api/openapi.yaml
+++ b/data/web/api/openapi.yaml
@@ -5415,12 +5415,6 @@ paths:
                       started_at: "2019-12-22T20:59:58.382274592Z"
                       state: running
                       type: info
-                    solr-mailcow:
-                      container: solr-mailcow
-                      image: "mailcow/solr:1.7"
-                      started_at: "2019-12-22T20:59:59.635413798Z"
-                      state: running
-                      type: info
                     unbound-mailcow:
                       container: unbound-mailcow
                       image: "mailcow/unbound:1.10"
@@ -5442,30 +5436,6 @@ paths:
         hey where started and a few other details.
       operationId: Get container status
       summary: Get container status
-  /api/v1/get/status/solr:
-    get:
-      responses:
-        "401":
-          $ref: "#/components/responses/Unauthorized"
-        "200":
-          content:
-            application/json:
-              examples:
-                response:
-                  value:
-                    solr_documents: null
-                    solr_enabled: false
-                    solr_size: null
-                    type: info
-          description: OK
-          headers: {}
-      tags:
-        - Status
-      description: >-
-        Using this endpoint you can get the status of all containers and when
-        hey where started and a few other details.
-      operationId: Get solr status
-      summary: Get solr status
   /api/v1/get/status/vmail:
     get:
       responses:
diff --git a/data/web/debug.php b/data/web/debug.php
index 4a099cb6e..e93b2a659 100644
--- a/data/web/debug.php
+++ b/data/web/debug.php
@@ -8,7 +8,6 @@ if (!isset($_SESSION['mailcow_cc_role']) || $_SESSION['mailcow_cc_role'] != "adm
 
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';
 $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
-$solr_status = (preg_match("/^([yY][eE][sS]|[yY])+$/", $_ENV["SKIP_SOLR"])) ? false : solr_status();
 $clamd_status = (preg_match("/^([yY][eE][sS]|[yY])+$/", $_ENV["SKIP_CLAMD"])) ? false : true;
 
 
@@ -25,7 +24,6 @@ $vmail_df = explode(',', (string)json_decode(docker('post', 'dovecot-mailcow', '
 // containers
 $containers_info = (array) docker('info');
 if ($clamd_status === false) unset($containers_info['clamd-mailcow']);
-if ($solr_status === false) unset($containers_info['solr-mailcow']);
 ksort($containers_info);
 $containers = array();
 foreach ($containers_info as $container => $container_info) {
@@ -69,8 +67,6 @@ $template_data = [
   'timezone' => $timezone,
   'gal' => @$_SESSION['gal'],
   'license_guid' => license('guid'),
-  'solr_status' => $solr_status,
-  'solr_uptime' => round($solr_status['status']['dovecot-fts']['uptime'] / 1000 / 60 / 60),
   'clamd_status' => $clamd_status,
   'containers' => $containers,
   'ip_check' => customize('get', 'ip_check'),
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 124683dbf..cfe507549 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2908,50 +2908,6 @@ function getGUID() {
         .substr($charid,16, 4).$hyphen
         .substr($charid,20,12);
 }
-function solr_status() {
-  $curl = curl_init();
-  $endpoint = 'http://solr:8983/solr/admin/cores';
-  $params = array(
-    'action' => 'STATUS',
-    'core' => 'dovecot-fts',
-    'indexInfo' => 'true'
-  );
-  $url = $endpoint . '?' . http_build_query($params);
-  curl_setopt($curl, CURLOPT_URL, $url);
-  curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
-  curl_setopt($curl, CURLOPT_POST, 0);
-  curl_setopt($curl, CURLOPT_TIMEOUT, 10);
-  $response_core = curl_exec($curl);
-  if ($response_core === false) {
-    $err = curl_error($curl);
-    curl_close($curl);
-    return false;
-  }
-  else {
-    curl_close($curl);
-    $curl = curl_init();
-    $status_core = json_decode($response_core, true);
-    $url = 'http://solr:8983/solr/admin/info/system';
-    curl_setopt($curl, CURLOPT_URL, $url);
-    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
-    curl_setopt($curl, CURLOPT_POST, 0);
-    curl_setopt($curl, CURLOPT_TIMEOUT, 10);
-    $response_sysinfo = curl_exec($curl);
-    if ($response_sysinfo === false) {
-      $err = curl_error($curl);
-      curl_close($curl);
-      return false;
-    }
-    else {
-      curl_close($curl);
-      $status_sysinfo = json_decode($response_sysinfo, true);
-      $status = array_merge($status_core, $status_sysinfo);
-      return (!empty($status['status']['dovecot-fts']) && !empty($status['jvm']['memory'])) ? $status : false;
-    }
-    return (!empty($status['status']['dovecot-fts'])) ? $status['status']['dovecot-fts'] : false;
-  }
-  return false;
-}
 
 function cleanupJS($ignore = '', $folder = '/tmp/*.js') {
   $now = time();
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 73c115411..6cc98e92e 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -5434,25 +5434,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                 'msg' => 'Could not move maildir to garbage collector: variables local_part and/or domain empty'
               );
             }
-            if (strtolower(getenv('SKIP_SOLR')) == 'n' && strtolower(getenv('FLATCURVE_EXPERIMENTAL')) != 'y') {
-              $curl = curl_init();
-              curl_setopt($curl, CURLOPT_URL, 'http://solr:8983/solr/dovecot-fts/update?commit=true');
-              curl_setopt($curl, CURLOPT_HTTPHEADER,array('Content-Type: text/xml'));
-              curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
-              curl_setopt($curl, CURLOPT_POST, 1);
-              curl_setopt($curl, CURLOPT_POSTFIELDS, '<delete><query>user:' . $username . '</query></delete>');
-              curl_setopt($curl, CURLOPT_TIMEOUT, 30);
-              $response = curl_exec($curl);
-              if ($response === false) {
-                $err = curl_error($curl);
-                $_SESSION['return'][] = array(
-                  'type' => 'warning',
-                  'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-                  'msg' => 'Could not remove Solr index: ' . print_r($err, true)
-                );
-              }
-              curl_close($curl);
-            }
             $stmt = $pdo->prepare("DELETE FROM `alias` WHERE `goto` = :username");
             $stmt->execute(array(
               ':username' => $username
diff --git a/data/web/json_api.php b/data/web/json_api.php
index abaf749f1..b6e051ed3 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -1628,23 +1628,6 @@ if (isset($_GET['query'])) {
                   );
                   echo json_encode($temp, JSON_UNESCAPED_SLASHES);
                 break;
-                case "solr":
-                  $solr_status = solr_status();
-                  $solr_size = ($solr_status['status']['dovecot-fts']['index']['size']);
-                  $solr_documents = ($solr_status['status']['dovecot-fts']['index']['numDocs']);
-                  if (strtolower(getenv('SKIP_SOLR')) != 'n') {
-                    $solr_enabled = false;
-                  }
-                  else {
-                    $solr_enabled = true;
-                  }
-                  echo json_encode(array(
-                    'type' => 'info',
-                    'solr_enabled' => $solr_enabled,
-                    'solr_size' => $solr_size,
-                    'solr_documents' => $solr_documents
-                  ));
-                break;
                 case "host":
                   if (!$extra){
                     $stats = docker("host_stats");
diff --git a/data/web/lang/lang.cs-cz.json b/data/web/lang/lang.cs-cz.json
index e72fb216a..5dc16e049 100644
--- a/data/web/lang/lang.cs-cz.json
+++ b/data/web/lang/lang.cs-cz.json
@@ -521,7 +521,6 @@
         "external_logs": "Externí logy",
         "history_all_servers": "Záznam (všechny servery)",
         "in_memory_logs": "Logy v paměti",
-        "jvm_memory_solr": "Spotřeba paměti JVM",
         "last_modified": "Naposledy změněn",
         "log_info": "<p><b>Logy v paměti</b> jsou shromažďovány v Redis seznamech a jsou oříznuty na LOG_LINES (%d) každou minutu, aby se nepřetěžoval server.\r\n  <br>Logy v paměti nemají být trvalé. Všechny aplikace, které logují do paměti, zároveň logují i do Docker služby podle nastavení logging driveru.\r\n  <br>Logy v paměti lze použít pro ladění drobných problémů s kontejnery.</p>\r\n  <p><b>Externí logy</b> jsou shromažďovány pomocí API dané aplikace.</p>\r\n  <p><b>Statické logy</b> jsou většinou logy činností, které nejsou zaznamenávány do Docker služby, ale přesto je dobré je schraňovat (výjimkou jsou logy API).</p>",
         "login_time": "Čas",
@@ -530,8 +529,6 @@
         "restart_container": "Restartovat",
         "service": "Služba",
         "size": "Velikost",
-        "solr_dead": "Solr se spouští, je vypnutý nebo spadl.",
-        "solr_status": "Stav Solr",
         "started_at": "Spuštěn",
         "started_on": "Spuštěno",
         "static_logs": "Statické logy",
diff --git a/data/web/lang/lang.da-dk.json b/data/web/lang/lang.da-dk.json
index 95db916ef..8b65285a8 100644
--- a/data/web/lang/lang.da-dk.json
+++ b/data/web/lang/lang.da-dk.json
@@ -444,12 +444,9 @@
         "external_logs": "Eksterne logfiler",
         "history_all_servers": "Historie (alle servere)",
         "in_memory_logs": "In-memory logs",
-        "jvm_memory_solr": "Brug af JVM-hukommelse",
         "log_info": "<p>mailcow <b>in-memory logs</b> er samlet i Redis-lister og trimmet til LOG_LINES (%d) hvert minut for at reducere hamring.\r\n  <br>Logbøger i hukommelsen er ikke beregnet til at være vedholdende. Alle applikationer, der logger ind i hukommelsen, logger også på Docker-dæmonen og derfor til standardlogdriveren.\r\n  <br>Logtypen i hukommelsen skal bruges til fejlfinding af mindre problemer med containere.</p>\r\n  <p><b>Eksterne logfiler</b> indsamles via API for den givne applikation.</p>\r\n  <p><b>Statiske logfiler</b> er for det meste aktivitetslogfiler, der ikke er logget på Dockerd, men stadig skal være vedholdende (undtagen API-logfiler).</p>",
         "logs": "Logs",
         "restart_container": "Genstart",
-        "solr_dead": "Solr starter, deaktiveres eller døde.",
-        "solr_status": "Solr-status",
         "started_on": "Startede den",
         "static_logs": "Statiske logfiler",
         "system_containers": "System og Beholdere",
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 807393d77..82bbc9669 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -539,7 +539,6 @@
         "external_logs": "Externe Logs",
         "history_all_servers": "History (alle Server)",
         "in_memory_logs": "In-memory Logs",
-        "jvm_memory_solr": "JVM-Speicherauslastung",
         "last_modified": "Zuletzt geändert",
         "log_info": "<p>mailcow <b>in-memory Logs</b> werden in Redis Listen gespeichert, die maximale Anzahl der Einträge pro Anwendung richtet sich nach LOG_LINES (%d).\r\n  <br>In-memory Logs sind vergänglich und nicht zur ständigen Aufbewahrung bestimmt. Alle Anwendungen, die in-memory protokollieren, schreiben ebenso in den Docker Daemon.\r\n  <br>Das in-memory Protokoll versteht sich als schnelle Übersicht zum Debugging eines Containers, für komplexere Protokolle sollte der Docker Daemon konsultiert werden.</p>\r\n  <p><b>Externe Logs</b> werden via API externer Applikationen bezogen.</p>\r\n  <p><b>Statische Logs</b> sind weitestgehend Aktivitätsprotokolle, die nicht in den Docker Daemon geschrieben werden, jedoch permanent verfügbar sein müssen (ausgeschlossen API Logs).</p>",
         "login_time": "Zeit",
@@ -550,8 +549,6 @@
         "service": "Dienst",
         "show_ip": "Zeige öffentliche IP",
         "size": "Größe",
-        "solr_dead": "Solr startet, ist deaktiviert oder temporär nicht erreichbar.",
-        "solr_status": "Solr Status",
         "started_at": "Gestartet am",
         "started_on": "Gestartet am",
         "static_logs": "Statische Logs",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 6e898099b..44b419a01 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -539,7 +539,6 @@
         "external_logs": "External logs",
         "history_all_servers": "History (all servers)",
         "in_memory_logs": "In-memory logs",
-        "jvm_memory_solr": "JVM memory usage",
         "last_modified": "Last modified",
         "log_info": "<p>mailcow <b>in-memory logs</b> are collected in Redis lists and trimmed to LOG_LINES (%d) every minute to reduce hammering.\r\n  <br>In-memory logs are not meant to be persistent. All applications that log in-memory, also log to the Docker daemon and therefore to the default logging driver.\r\n  <br>The in-memory log type should be used for debugging minor issues with containers.</p>\r\n  <p><b>External logs</b> are collected via API of the given application.</p>\r\n  <p><b>Static logs</b> are mostly activity logs, that are not logged to the Dockerd but still need to be persistent (except for API logs).</p>",
         "login_time": "Time",
@@ -550,8 +549,6 @@
         "service": "Service",
         "show_ip": "Show public IP",
         "size": "Size",
-        "solr_dead": "Solr is starting, disabled or died.",
-        "solr_status": "Solr status",
         "started_at": "Started at",
         "started_on": "Started on",
         "static_logs": "Static logs",
diff --git a/data/web/lang/lang.es-es.json b/data/web/lang/lang.es-es.json
index 8a8c05274..5d0524d51 100644
--- a/data/web/lang/lang.es-es.json
+++ b/data/web/lang/lang.es-es.json
@@ -346,12 +346,10 @@
         "log_info": "<p>Los <b>logs en memoria</b> son recopilados en listas de Redis y recortados a LOG_LINES (%d) cada minuto para prevenir sobrecarga en el sistema.\r\n  <br>Los logs en memoria no están destinados a ser persistentes. Todas las aplicaciones que logean a la memoria, también logean en el daemon de Docker y, por lo tanto, en el controlador de registro predeterminado.\r\n  El log en memoria se debe utilizar para analizar problemas menores con los contenedores.</p>\r\n  <p>Los <b>logs externos</b> se recopilan a través de la API de la aplicación dada.</p>\r\n  <p>Los <b>logs estáticos</b> son principalmente registros de actividad, que no están registrados en Dockerd pero que aún deben ser persistentes (excepto los registros de API).</p>",
         "logs": "Logs",
         "restart_container": "Reiniciar",
-        "solr_dead": "Solr está empezando, deshabilitado o caído.",
         "docs": "Docs",
         "last_modified": "Última modificación",
         "size": "Tamaño",
         "started_at": "Iniciado el",
-        "solr_status": "Solr status",
         "uptime": "Uptime",
         "static_logs": "Logs estáticos",
         "system_containers": "Sistema y Contenedores"
diff --git a/data/web/lang/lang.fi-fi.json b/data/web/lang/lang.fi-fi.json
index 9b3cc8488..54e7cda2e 100644
--- a/data/web/lang/lang.fi-fi.json
+++ b/data/web/lang/lang.fi-fi.json
@@ -380,16 +380,13 @@
         "disk_usage": "Levyn käyttö",
         "external_logs": "Ulkoiset loki",
         "in_memory_logs": "Muistissa olevat lokit",
-        "jvm_memory_solr": "JVM-muistin käyttö",
         "log_info": "<p>mailcow <b>muistissa olevat lokit</b> kerätään Redis-luetteloihin ja leikataan LOG_LINES (%d) joka minuutti lyömisen vähentämiseksi.\r\n  <br>Muistissa olevien lokien ei ole tarkoitus olla pysyviä. Kaikki sovellukset, jotka kirjautuvat muistiin, kirjautuvat myös Docker-daemoniin ja siten oletusarvoiseen lokitiedostoon.\r\n  <br>Muistin lokityyppiä olisi käytettävä virheiden virheenkorjaukseen säilöissä.</p>\r\n  <p><b>Ulkoiset lokit</b> kerätään annetun sovelluksen API: n kautta.</p>\r\n  <p><b>Staattiset lokit</b> ovat useimmiten toimintalokkeja, joita ei kirjata Dockerdiin, mutta joiden on silti oltava pysyviä (paitsi API-lokit).</p>",
         "logs": "Logit tausta palveluista",
         "restart_container": "Uudelleen käynnistä",
-        "solr_dead": "Solr käynnistyy, on poissa käytöstä tai kuoli.",
         "docs": "Docs",
         "last_modified": "Viimeksi muokattu",
         "size": "Koko",
         "started_at": "Käynnistetty",
-        "solr_status": "Solr-tila",
         "uptime": "Päällä",
         "started_on": "Aloitettiin",
         "static_logs": "Staattiset lokit",
diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index a7b2e6ff7..7348b6b5e 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -498,17 +498,14 @@
         "external_logs": "Logs externe",
         "history_all_servers": "Historique (tous les serveurs)",
         "in_memory_logs": "Logs En-mémoire",
-        "jvm_memory_solr": "Utilisation mémoire JVM",
         "log_info": "<p>Les logs <b>En-mémoire</b> Mailcow sont collectés dans des listes Redis et découpées en LOG_LINES (%d) chaque minute pour réduire la charge.\n  <br>Les logs En-mémoire ne sont pas destinés à être persistants. Toutes les applications qui se connectent en mémoire, se connectent également au démon Docker, et donc au pilote de journalisation par défaut.\n  <br>Le type de journal en mémoire doit être utilisé pour déboguer les problèmes mineurs avec les conteneurs.</p>\n  <p><b>Les logs externes</b> sont collectés via l'API de l'application concernée.</p>\n  <p>Les journaux <b>statiques</b> sont principalement des journaux d’activité, qui ne sont pas enregistrés dans Dockerd, mais qui doivent toujours être persistants (sauf pour les logs API).</p>",
         "logs": "Logs",
         "restart_container": "Redémarrer",
-        "solr_dead": "Solr est en cours de démarrage, désactivé ou mort.",
         "docs": "Docs",
         "last_modified": "Dernière modification",
         "online_users": "Utilisateurs en ligne",
         "size": "Taille",
         "started_at": "Démarré à",
-        "solr_status": "Etat Solr",
         "uptime": "Disponibilité",
         "started_on": "Démarré à",
         "static_logs": "Logs statiques",
diff --git a/data/web/lang/lang.it-it.json b/data/web/lang/lang.it-it.json
index f73f938bf..4edaf6296 100644
--- a/data/web/lang/lang.it-it.json
+++ b/data/web/lang/lang.it-it.json
@@ -494,7 +494,6 @@
         "external_logs": "Log esterni",
         "history_all_servers": "Cronologia (tutti i server)",
         "in_memory_logs": "In-memory logs",
-        "jvm_memory_solr": "JVM memory usage",
         "last_modified": "Ultima modifica",
         "log_info": "<p>mailcow <b>in-memory logs</b> are collected in Redis lists and trimmed to LOG_LINES (%d) every minute to reduce hammering.\r\n  <br>In-memory logs are not meant to be persistent. All applications that log in-memory, also log to the Docker daemon and therefore to the default logging driver.\r\n  <br>The in-memory log type should be used for debugging minor issues with containers.</p>\r\n  <p><b>External logs</b> are collected via API of the given application.</p>\r\n  <p><b>Static logs</b> are mostly activity logs, that are not logged to the Dockerd but still need to be persistent (except for API logs).</p>",
         "login_time": "Orario",
@@ -503,8 +502,6 @@
         "restart_container": "Riavvio",
         "service": "Servizio",
         "size": "Dimensione",
-        "solr_dead": "Solr sta partendo, è disabilitato o morto.",
-        "solr_status": "Stato Solr",
         "started_at": "Iniziato alle",
         "started_on": "Iniziato",
         "static_logs": "Log statici",
diff --git a/data/web/lang/lang.ja-jp.json b/data/web/lang/lang.ja-jp.json
index 963d72358..c6efbb579 100644
--- a/data/web/lang/lang.ja-jp.json
+++ b/data/web/lang/lang.ja-jp.json
@@ -539,7 +539,6 @@
         "external_logs": "外部ログ",
         "history_all_servers": "履歴（すべてのサーバー）",
         "in_memory_logs": "インメモリーログ",
-        "jvm_memory_solr": "JVMメモリ使用量",
         "last_modified": "最終更新日時",
         "log_info": "<p>mailcowの<b>インメモリーログ</b>はRedisリストに収集され、ハンマリングを軽減するために1分ごとにLOG_LINES (%d)にトリムされます。\r\n  <br>インメモリーログは永続化を目的としたものではありません。インメモリーログを記録するすべてのアプリケーションは、Dockerデーモンとデフォルトのログドライバーにもログを記録します。\r\n  <br>インメモリーログタイプは、コンテナの軽微な問題をデバッグするために使用してください。</p>\r\n  <p><b>外部ログ</b>は指定されたアプリケーションのAPIを介して収集されます。</p>\r\n  <p><b>静的ログ</b>は主にアクティビティログであり、Dockerdには記録されませんが（APIログを除く）、永続化が必要です。</p>",
         "login_time": "ログイン時間",
@@ -550,8 +549,6 @@
         "service": "サービス",
         "show_ip": "パブリックIPを表示",
         "size": "サイズ",
-        "solr_dead": "Solrは起動中、無効化、または停止しました。",
-        "solr_status": "Solrのステータス",
         "started_at": "開始時刻",
         "started_on": "開始日",
         "static_logs": "静的ログ",
diff --git a/data/web/lang/lang.ko-kr.json b/data/web/lang/lang.ko-kr.json
index 3f3cb1535..7dd38506e 100644
--- a/data/web/lang/lang.ko-kr.json
+++ b/data/web/lang/lang.ko-kr.json
@@ -424,16 +424,13 @@
         "external_logs": "External logs",
         "history_all_servers": "History (all servers)",
         "in_memory_logs": "In-memory logs",
-        "jvm_memory_solr": "JVM memory usage",
         "log_info": "<p>mailcow <b>in-memory logs</b> are collected in Redis lists and trimmed to LOG_LINES (%d) every minute to reduce hammering.\r\n  <br>In-memory logs are not meant to be persistent. All applications that log in-memory, also log to the Docker daemon and therefore to the default logging driver.\r\n  <br>The in-memory log type should be used for debugging minor issues with containers.</p>\r\n  <p><b>External logs</b> are collected via API of the given application.</p>\r\n  <p><b>Static logs</b> are mostly activity logs, that are not logged to the Dockerd but still need to be persistent (except for API logs).</p>",
         "logs": "Logs",
         "restart_container": "Restart",
-        "solr_dead": "Solr is starting, disabled or died.",
         "docs": "Docs",
         "last_modified": "Last modified",
         "size": "Size",
         "started_at": "Started at",
-        "solr_status": "Solr status",
         "uptime": "Uptime",
         "started_on": "Started on",
         "static_logs": "Static logs",
diff --git a/data/web/lang/lang.lv-lv.json b/data/web/lang/lang.lv-lv.json
index 98cb04ae8..40bf5efe3 100644
--- a/data/web/lang/lang.lv-lv.json
+++ b/data/web/lang/lang.lv-lv.json
@@ -643,7 +643,6 @@
         "logs": "Žurnāli",
         "architecture": "Arhitektūra",
         "disk_usage": "Diska lietojums",
-        "jvm_memory_solr": "JVM atmiņas lietojums",
         "memory": "Atmiņa",
         "timezone": "Laika josla",
         "uptime": "Darbošanās laiks"
diff --git a/data/web/lang/lang.nb-no.json b/data/web/lang/lang.nb-no.json
index a6a7a0ca7..3b267b9ea 100644
--- a/data/web/lang/lang.nb-no.json
+++ b/data/web/lang/lang.nb-no.json
@@ -328,12 +328,10 @@
         "update_available": "En oppdatering er tilgjengelig",
         "service": "Tjeneste",
         "show_ip": "Vis offentlig IP",
-        "solr_dead": "Solr starter, er deaktivert eller døde",
         "memory": "Minne",
         "online_users": "Tilkoblede brukere",
         "restart_container": "Omstart",
         "size": "Størrelse",
-        "solr_status": "Solr-status",
         "started_at": "Startet ved",
         "started_on": "Startet den",
         "static_logs": "Statiske logger",
diff --git a/data/web/lang/lang.nl-nl.json b/data/web/lang/lang.nl-nl.json
index fdfc91c70..fcdc5580e 100644
--- a/data/web/lang/lang.nl-nl.json
+++ b/data/web/lang/lang.nl-nl.json
@@ -472,17 +472,14 @@
         "external_logs": "Externe logs",
         "history_all_servers": "Geschiedenis (alle servers)",
         "in_memory_logs": "Geheugenlogs",
-        "jvm_memory_solr": "JVM-geheugengebruik",
         "log_info": "<p>Mailcows <b>geheugenlogs</b> worden elke minuut afgesneden naar maximaal %d regels (LOG_LINES) om de stabiliteit te garanderen.<br>Geheugenlogs zijn niet bedoeld om bewaard te blijven. Alle applicaties die geheugenlogs schrijven worden ook naar het Docker-proces gelogd.<br>De geheugenlogs kunnen gebruikt worden voor het oplossen van problemen met bepaalde containers.</p><p><b>Externe logs</b> worden verzameld door middel van de API van deze applicaties.</p><p><b>Statische logs</b> zijn activiteitenlogs die niet naar het Docker-proces worden gelogd, maar wel bewaard moeten blijven (uitgezonderd API-logs).</p>",
         "logs": "Logs",
         "restart_container": "Herstart",
-        "solr_dead": "Solr is uitgeschakeld, uitgevallen of nog bezig met opstarten.",
         "docs": "Documenten",
         "last_modified": "Voor het laatst bijgewerkt op",
         "online_users": "Gebruikers online",
         "size": "Grootte",
         "started_at": "Opgestart op",
-        "solr_status": "Solr-status",
         "uptime": "Uptime",
         "started_on": "Gestart op",
         "static_logs": "Statische logs",
diff --git a/data/web/lang/lang.pt-br.json b/data/web/lang/lang.pt-br.json
index 2fbd43535..c115d8e5a 100644
--- a/data/web/lang/lang.pt-br.json
+++ b/data/web/lang/lang.pt-br.json
@@ -539,7 +539,6 @@
         "external_logs": "Registros externos",
         "history_all_servers": "Histórico (todos os servidores)",
         "in_memory_logs": "Registros na memória",
-        "jvm_memory_solr": "Uso de memória JVM",
         "last_modified": "Última modificação",
         "log_info": "<p>Os <b>registros na memória do</b> mailcow são coletados em listas do Redis e reduzidos para LOG_LINES (%d) a cada minuto para reduzir o martelamento.\r\n Os <br>registros na memória não devem ser persistentes. Todos os aplicativos que fazem login na memória também fazem login no daemon do Docker e, portanto, no driver de registro padrão.\r\n </p><br>O tipo de registro na memória deve ser usado para depurar pequenos problemas com contêineres.\r\n <p>Os <b>registros externos</b> são coletados por meio da API do aplicativo em questão.</p>\r\n <p>Os <b>registros estáticos</b> são principalmente registros de atividades, que não são registrados no Dockerd, mas ainda precisam ser persistentes (exceto os registros da API).</p>",
         "login_time": "Hora",
@@ -550,8 +549,6 @@
         "service": "Serviço",
         "show_ip": "Mostrar IP público",
         "size": "Tamanho",
-        "solr_dead": "O Solr está iniciando, desativado ou morreu.",
-        "solr_status": "Status do solr",
         "started_at": "Começou em",
         "started_on": "Começou em",
         "static_logs": "Registros estáticos",
diff --git a/data/web/lang/lang.ro-ro.json b/data/web/lang/lang.ro-ro.json
index 90c96c218..627dadfbc 100644
--- a/data/web/lang/lang.ro-ro.json
+++ b/data/web/lang/lang.ro-ro.json
@@ -481,7 +481,6 @@
         "external_logs": "Jurnale externe",
         "history_all_servers": "Istoric (toate serverele)",
         "in_memory_logs": "Jurnale din memorie",
-        "jvm_memory_solr": "Memorie utilizată de JVM",
         "last_modified": "Ultima modificare",
         "log_info": "<p><b>jurnalele din memorie</b> pentru mailcow sunt colectate în listele Redis și trimise la LOG_LINES (%d) în fiecare minut pentru a reduce ciocnirea.\n  <br>Jurnalele din memorie nu sunt menite a fi persistente. Toate aplicațiile care înregistrează jurnale în memorie, înregistrează de asemenea jurnale în daemonul Docker și, prin urmare, în driverul de jurnale implicit.\n  <br>Tipul de jurnal din memorie trebuie utilizat pentru depanarea problemelor minore cu containerele.</p>\n  <p><b>Jurnalele externe</b> sunt colectate prin API-ul aplicației respective.</p>\n  <p><b>Jurnalele statice</b> sunt, în majoritate, jurnale de activitate care nu sunt înregistrate în Docker, dar trebuie să fie persistente (cu excepția jurnalelor API).</p>",
         "login_time": "Moment",
@@ -490,8 +489,6 @@
         "restart_container": "Repornire",
         "service": "Serviciu",
         "size": "Mărime",
-        "solr_dead": "Solr începe, este invalid sau s-a oprit.",
-        "solr_status": "Stare Solr",
         "started_at": "Pornit la",
         "started_on": "Început pe",
         "static_logs": "Jurnale statice",
diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index 5d1ef9af2..a778ae44a 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -539,7 +539,6 @@
         "external_logs": "Внешние журналы",
         "history_all_servers": "История (все серверы)",
         "in_memory_logs": "Журналы контейнеров",
-        "jvm_memory_solr": "Использовано оперативной памяти JVM",
         "last_modified": "Последние изменения",
         "log_info": "<p><b>Журналы контейнеров</b> mailcow сохраняются в Redis, и раз в минуту строки журнала за пределами <code>LOG_LINES (%d)</code> удаляются, чтобы уменьшить нагрузку на сервер.\r\n  <br>Сами журналы контейнеров не сохраняются после перезагрузки контейнера. Все контейнеры дополнительно пишут логи в службу Docker, и, следовательно, используют драйвер логирования по умолчанию. Журналы контейнеров предусмотрены только для отладки мелких проблем. Для других задач, пожалуйста, настройте драйвер логирования Docker самостоятельно.</p>\r\n  <p><b>Внешние журналы</b> собираются через API приложений.</p>\r\n  <p><b>Статические журналы</b> &ndash; это, в основном, журналы активности, которые не записываются в Dockerd, но все равно должны быть постоянными (за исключением журналов API).</p>",
         "login_time": "Время входа",
@@ -551,8 +550,6 @@
         "service": "Сервис",
         "show_ip": "Показать публичные IP-адреса",
         "size": "Индексы занимают",
-        "solr_dead": "Solr не запущен. Если вы включили Solf в файле настроек <code>mailcow.conf</code> и это сообщение отображается более получаса, скорее всего Solr сломан.",
-        "solr_status": "Состояние Solr",
         "started_at": "Запущен",
         "started_on": "Запущен в",
         "static_logs": "Статические журналы",
diff --git a/data/web/lang/lang.si-si.json b/data/web/lang/lang.si-si.json
index 0f8467a75..b5a093a35 100644
--- a/data/web/lang/lang.si-si.json
+++ b/data/web/lang/lang.si-si.json
@@ -501,12 +501,9 @@
         "last_modified": "Nazadnje spremenjeno",
         "history_all_servers": "Zgodovina (vsi strežniki)",
         "in_memory_logs": "In-memory dnevniki",
-        "jvm_memory_solr": "JVM zasedenost spomina",
         "service": "Servis",
         "show_ip": "Prikaži javni IP",
         "size": "Velikost",
-        "solr_dead": "Solr se zaganja, je onemogočen ali se je ustavil.",
-        "solr_status": "Status Solr",
         "started_at": "Zagnano ob",
         "started_on": "Zagnano na",
         "static_logs": "Statični dnevniki",
diff --git a/data/web/lang/lang.sk-sk.json b/data/web/lang/lang.sk-sk.json
index 466afdb85..8b68c3df1 100644
--- a/data/web/lang/lang.sk-sk.json
+++ b/data/web/lang/lang.sk-sk.json
@@ -499,7 +499,6 @@
         "external_logs": "Externé logy",
         "history_all_servers": "História (všetky servery)",
         "in_memory_logs": "Logy uložené v pamäti",
-        "jvm_memory_solr": "JVM spotreba pamäte",
         "last_modified": "Naposledy upravené",
         "log_info": "<b>Logy v pamäti</b> sú zbierané do Redis listu s max. limitom LOG_LINES (%d) riadkov každú minútu, čo bráni nadmernej záťaži servera.\r\n  <br>Logy v pamäti nemajú trvalý charakter. Všetky aplikácie ktoré vedú logy v pamäti, tiež logujú do Docker démona a súčasne do nastaveného logging drivera.\r\n  <br>Logy v pamäti sa môžu použiť na ladenie menších problémov s kontajnermi.</p>\r\n  <p><b>Externé logy</b> sú zbierané cez API danej aplikácie.</p>\r\n  <p><b>Statické logy</b> sú väčšinou aktivity, ktoré nie sú logované do Docker démona, ale musia byť trvalo zaznamenané (s výnimkou API záznamov).</p>",
         "login_time": "Čas",
@@ -508,8 +507,6 @@
         "restart_container": "Reštartovať",
         "service": "Služba",
         "size": "Veľkosť",
-        "solr_dead": "Solr štartuje, je vypnutý alebo nebeží.",
-        "solr_status": "Solr status",
         "started_at": "Spustený",
         "started_on": "Spustený",
         "static_logs": "Statické logy",
diff --git a/data/web/lang/lang.sv-se.json b/data/web/lang/lang.sv-se.json
index bbf0d9586..2e3494d16 100644
--- a/data/web/lang/lang.sv-se.json
+++ b/data/web/lang/lang.sv-se.json
@@ -453,17 +453,14 @@
         "external_logs": "Externa loggar",
         "history_all_servers": "Historik (alla servrar)",
         "in_memory_logs": "Loggar sparade i minnet",
-        "jvm_memory_solr": "JVM minnesanvändning",
         "log_info": "<p>mailcow <b>loggar sparade i minnet</b> samlas in i Redis-listor och trimmas till LOG_LINES (%d) varje minut för att minska lasten.\r\n  <br>Loggar sparade i minnet är inte tänkta att vara beständiga. Alla applikationer som loggar i minnet loggar också till Docker-demonen och därefter till standardrutinen för loggning.\r\n  <br>Loggar sparade i minnet bör användas för felsökning av mindre problem med olika behållare.</p>\r\n  <p><b>Externa loggar</b> samlas in via ett API på den givna applikationen.</p>\r\n  <p><b>Statiska loggar</b> är mestadels aktivitetsloggar som inte är loggas i Docker, men som fortfarande måste vara beständiga (utom API-loggar).</p>",
         "logs": "Loggar",
         "restart_container": "Omstart",
-        "solr_dead": "Solr är i uppstart, har inaktiveras eller är tillfälligt avstängd.",
         "online_users": "Användare online",
         "docs": "Dokumentation",
         "last_modified": "Senast ändrad",
         "size": "Storlek",
         "started_at": "Startades kl.",
-        "solr_status": "Solr status",
         "uptime": "Upptid",
         "started_on": "Startades",
         "static_logs": "Statiska loggar",
diff --git a/data/web/lang/lang.tr-tr.json b/data/web/lang/lang.tr-tr.json
index 7049046c2..e125cc263 100644
--- a/data/web/lang/lang.tr-tr.json
+++ b/data/web/lang/lang.tr-tr.json
@@ -694,15 +694,12 @@
         "external_logs": "Harici günlükler",
         "history_all_servers": "Geçmiş (tüm sunucular)",
         "in_memory_logs": "Bellek içi günlükler",
-        "jvm_memory_solr": "JVM bellek kullanımı",
         "memory": "Hafıza",
         "online_users": "Aktif kullanıcılar",
         "restart_container": "Yeniden başlat",
         "service": "Servis",
         "show_ip": "Genel IP'yi göster",
         "size": "Boyut",
-        "solr_dead": "Solr başlatılıyor, devre dışı bırakıldı veya öldü.",
-        "solr_status": "Solr durumu",
         "started_at": "Başlangıç",
         "system_containers": "Sistem ve Konteynerler",
         "timezone": "Zaman Dilimi",
diff --git a/data/web/lang/lang.uk-ua.json b/data/web/lang/lang.uk-ua.json
index f2884cd47..edc23006f 100644
--- a/data/web/lang/lang.uk-ua.json
+++ b/data/web/lang/lang.uk-ua.json
@@ -503,8 +503,6 @@
         "restart_container": "Перезапустити",
         "service": "Сервіс",
         "size": "Розмір індексів",
-        "solr_dead": "Solr запускається, відключений або сламаний.",
-        "solr_status": "Стан Solr",
         "started_at": "Запущений",
         "started_on": "Запущений у",
         "static_logs": "Статичні журнали",
@@ -513,7 +511,6 @@
         "uptime": "Час роботи",
         "username": "Ім'я користувача",
         "external_logs": "Зовнішні журнали",
-        "jvm_memory_solr": "Використання оперативної пам'яті JVM",
         "log_info": "<p><b>Журнали контейнерів</b> mailcow зберігаються в Redis, і раз на хвилину рядки журналу за межами <code>LOG_LINES (%d)</code> видаляються, щоб зменшити навантаження на сервер.\n  <br>Самі журнали контейнерів не зберігаються після перезавантаження контейнера. Усі контейнери додатково пишуть логи у службу Docker, і, отже, використовують драйвер логування за промовчанням. Журнали контейнерів призначені лише для налагодження дрібних проблем. Для інших завдань, будь ласка, настройте драйвер логування Docker самостійно.</p>\n  <p><b>Зовнішні журнали</b> збираються через API програм.</p>\n  <p><b>Статичні журнали</b> &ndash; це в основному журнали активності, які не записуються в Dockerd, але все одно повинні бути постійними (за винятком журналів API).</p>",
         "error_show_ip": "Не вдалося розпізнати публічні IP-адреси",
         "no_update_available": "Система працює на останній версії",
diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index ca6c9aaf2..cf0c22b61 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -505,7 +505,6 @@
         "external_logs": "外部日志",
         "history_all_servers": "历史 (所有服务器)",
         "in_memory_logs": "内存日志",
-        "jvm_memory_solr": "JVM 内存使用",
         "last_modified": "最后修改",
         "log_info": "<p>Mailcow 的<b>内存日志</b>储存于 Redis 列表中，并且每分钟自动降低到 LOG_LINES (%d) 以减少错误。\r\n  <br>内存日志不是为了持久化储存的，所有使用内存日志的应用同时也会写入日志到 Docker 的守护进程的默认日志驱动中。\r\n  <br>内存日志应该用于分析 (Debug) 容器中不明显的问题。</p>\r\n  <p><b>外部日志</b>通过相应应用提供的 API 收集。</p>\r\n  <p><b>静态日志</b>大多数为不写入日志到 Docker ，但仍然需要被持久化的活动日志 (API 日志外的)。</p>",
         "login_time": "时间",
@@ -514,8 +513,6 @@
         "restart_container": "重启",
         "service": "服务",
         "size": "大小",
-        "solr_dead": "Solr 在启动中、已关闭或已停止。",
-        "solr_status": "Solr 状态",
         "started_at": "开始于",
         "started_on": "启动于",
         "static_logs": "静态日志",
diff --git a/data/web/lang/lang.zh-tw.json b/data/web/lang/lang.zh-tw.json
index 2017d1ddd..a75cfe924 100644
--- a/data/web/lang/lang.zh-tw.json
+++ b/data/web/lang/lang.zh-tw.json
@@ -505,7 +505,6 @@
         "external_logs": "外部紀錄",
         "history_all_servers": "歷史 (所有伺服器)",
         "in_memory_logs": "記憶體紀錄",
-        "jvm_memory_solr": "JVM 記憶體使用量",
         "last_modified": "上次修改時間",
         "log_info": "<p>mailcow 的<b>記憶體紀錄</b>會被收集到 Redis 清單中並且每分鐘自動縮減到 LOG_LINES (%d) 以避免重複撞擊 (hammering) 造成的大量記錄。\r\n<br>記憶體紀錄並不會永久保存。所有記錄到記憶體的應用程式也會同時透過預設紀錄的驅動程式寫入紀錄到 Docker 常駐程式中。\r\n<br>記憶體紀錄是設計用來為容器中的小問題除錯的。</p>\r\n<p><b>外部紀錄</b>透過應用程式提供的 API 收集。</p>\r\n<p><b>靜態紀錄</b>大多為不寫入到 Dockerd，但仍然需要被保存的活動紀錄 (API 紀錄除外)。</p>",
         "login_time": "時間",
@@ -514,8 +513,6 @@
         "restart_container": "重新啟動",
         "service": "服務",
         "size": "大小",
-        "solr_dead": "Solr 正在啟動,停用或已停止運行.",
-        "solr_status": "Solr 狀態",
         "started_at": "啟動於",
         "started_on": "啟動於",
         "static_logs": "靜態紀錄",
diff --git a/data/web/templates/debug.twig b/data/web/templates/debug.twig
index 867371177..6d3c1349a 100644
--- a/data/web/templates/debug.twig
+++ b/data/web/templates/debug.twig
@@ -161,9 +161,6 @@
             </div>
           </div>
         </div>
-
-
-
         <!-- container info -->
         <div class="card mb-4">
           <div class="card-header fs-5">
@@ -171,106 +168,8 @@
           </div>
           <div class="card-body p-0">
             <div class="row mx-0">
-              <!-- solr info -->
-              <div class="col-md-6 col-sm-12 p-2">
-                <div class="list-group-item p-0">
-                  <div class="d-flex p-2 list-group-header">
-                    <div>
-                      <span class="fw-bold">solr-mailcow</span>
-                      {% if containers["solr-mailcow"].State.Running == 1 %}
-                      <span class="d-block d-md-inline">({{ containers["solr-mailcow"].Config.Image }})</span>
-                      {% endif %}
-                      {% if containers["solr-mailcow"].State.Running == 1 %}
-                      <small class="d-block">({{ lang.debug.started_on }} <span class="parse_date">{{ containers["solr-mailcow"].State.StartedAtHR }}</span>)</small>
-                      {% elseif containers["solr-mailcow"].State.Running != 1 %}
-                      <small class="d-block">{{ lang.debug.container_disabled }}</small>
-                      {% endif %}
-                      {% if containers["solr-mailcow"].State.Running == 1 %}
-                        <span class="badge fs-7 bg-success loader" style="min-width:100px">
-                          {{ lang.debug.container_running }}
-                          <span class="loader-dot">.</span>
-                          <span class="loader-dot">.</span>
-                          <span class="loader-dot">.</span>
-                        </span>
-                      {% elseif containers["solr-mailcow"].State.Running != 1 %}
-                        <span class="badge fs-7 bg-danger" style="min-width:100px">
-                          {{ lang.debug.container_stopped }}
-                          <i class="bi-x ms-1"></i>
-                        </span>
-                      {% endif %}
-                    </div>
-                  {% if containers["solr-mailcow"].State.Running == 1 %}
-                    <div class="mt-auto ms-auto">
-                      <button class="btn btn-light" type="button" data-bs-toggle="collapse" data-bs-target="#solr-mailcowCollapse" aria-expanded="false" aria-controls="solr-mailcowCollapse">
-                        <i class="bi bi-caret-down-fill caret"></i>
-                      </button>
-                    </div>
-                  {% endif %}
-                  </div>
-                  {% if containers["solr-mailcow"].State.Running == 1 %}
-                  <div class="collapse p-0 list-group-details container-details-collapse" id="solr-mailcowCollapse" data-id="{{ containers["solr-mailcow"].Id }}">
-                    <div class="row p-2 pt-4">
-                      <div class="col-sm-3">
-                        <p><img class="img-responsive" alt="Solr Logo" width="128px" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAABlCAYAAAAI2qyuAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAXEUAAFxFAbktYiwAAAAYdEVYdFNvZnR3YXJlAHBhaW50Lm5ldCA0LjEuNWRHWFIAABv7SURBVHhe7V0JuBxVlX4JMy6jM4qOC4rp6qWq+jW+ruoXkIjoS1d3EhYXRvNkFHFBYECUAXGAASEOyiLIrigOEpDoACIqwogLiwMSkIghYF4viSFhiUGWCAQIyXuZ/9w+3V3VdXtfee/+33e+16/uqXtv1T2n7j33nnvukIJCP7BjbOzvsgt0O5cyjsymzG9mU8YvcylzIucYT2Ydczt+7xDkGFuR/hf8XplxzHG6d20qauSSkfCSJUOzRWYKCtMBE3uZ/5hxjE9A4K+FEmwuKUFj9Nd1Y9brdwwNzco6xr10DXk8DAX77kTaXEQKx8UoKLz8AGE+D73BcxVC3zBl09HPUz6ZpOHI0kEboXhnrU3H5ogCFRQGHSvmzv17+stf/ZaVA71EppgXFO0Xcp4CYai2LZeKLs2m9BDxKygMHEg4Mynz+kzK2IP+X52KvlEmzI1SPml+kPLB8CyOXmJKxuMnYyvoG7l9Iv9E9yoo9B3Xjg/thC/8cegtnsffFyGcr6TrBWNcJsQNkGPeIjIHkO8yKU9teiSXiryfs1BQ6A8eWhTdBV/3W4qCid/3c9IQ9QAugW2YoGSTeSc6Snn8KTkcKAyf5Ly1iHudi9eNBV4lKqSg0Evk0tF5EN7HPILpmN/l5CEMdY71pDVKjnkFZ0HDqwulPE1QJmneM5E238ZZKih0H3ln+AB8oV/wC6TxOWYhBfmGP702offYknX0t9P9Dy6MvaE9I99Fjrk+50RiomIKCt0EBO7jENzyop6LVqNXYTbiu6YyvR5NpMz/4tuH8PvLMp6WyTFO5awVFLoDfIkXQ9CkygHatuL9c/+BWYfQwyyX8FQlKN1jGxfEX0P3blg879XoTTbJ+JolskUySeNEUae0PkxEvxUUOgoMfd4rZqkkQkgEAV/FrALgfVzGV41gb3yWbx3KYKgm42mWqKfLpqKHU54Fg9/cgHqtp8kFUZCCQidAK9UQrpoCD2H8HrMPUU9SbRhWhVZeOz6+E927A39h/K+R8DRHjrGVejzKM7dP5E3IM1NMQ92WF6ejFRTawoPjsVdA0O72CJ+E0AMcxbcMkVOhjEdGYgiUNlJ861DeMcdlfM2R8SyM8gWUHy0aQllWSPguFgUqKLSDfMrYRyJcPppImnvxLSTkSRmPlBzjRr5NAMr4eylfo+QYT2A4+C7Ki9ZAsk70NhmfUEw8myhUQaFV0PBKJmBuwvDlpXVjY6UFOVw7pJKnCm3LObHS9Cv1JBKeZuiRfHJ4N8qLPH2hbD+V8JTJMdY/OBZ7rShcQaEV7FgyNBtj9iekAsaE9AeYXSDjRJfI+CoJBvO3+BYBKNrNMr5GCHXIToyZGuVDjpIZx7xCxucjxzhbFK6g0CogSP/rEywXQThLBjoBw5fLZHxugnJsJuOZbxnKLtQtGvbIeOsRyr9vrfPOt1A+pBzoOc6V8ckIivRiUbEUFFoCBPcsmXAVKTvfPJpZBSCgv5bxecgxjmd2gXzKvErKV4egHLevTYdex9lQXZteYMykyi4yCgp1UXT3KAJC9JFKoXJTZoHxHmYVgPBnZXxFwlDqIbcTYatOidmkccNd83Z9NWczlEubR0BBpLy1iNZ31NqIQsOgIRL/FPgzBFgmWET4gm9fySvgBLFRSuqnVSYo4L8yuwAUqmmnxIxjXFncUEWgPFHupIy3EZpwzNM4KwWF6kBvEKRZqdtc+70L43q5oQ6h/BOzCZAtIOMrEgR7OeXH7IWNVU06JaJ+F7jzyM83F1GdZbyNEnqRh4uLlQoKVTGRLIzhK/d5QwApAolfuBzzSmYRoB2FUj4QlGkqM987HAP/KTJeGdH9EOST+VaBNRjeNatg1YjWbzhbBQU5MGQS0UMyaWNvviQAwTyzUqCIILReA72GvQJl+BGzCWyA/YB8G3JKLAyfyu70hDUpcwQK+pSMvxWinomzVlDwY82C0JsLgigE5iC+LABBXOwWpiKREyOzCOTmG8fL+cwXK4MqgLdBp0Rjaz41fCDfJiDcWRzjUTl/a4Q65jl7BQU/3EpQdBEvYt0iU3MLExG+uNsedbm4E6oZ3Og9zmEWAbJxoIx1nRIhtFvI3YVvE1i9KLpLxjHXyvjbIRrCqdkshapAb1BaYIOCeJz5eEX9abdAQaFWc3IJuH69h6dAIgAcswhAYQ6U8HkICviU28eLsGr/kZ0hyPfL+Nsmx9iu7BCFqoDg/colMDfx5RIgQN4FwLTXQCdgOOTznEW+HjuFAOWq45RoPDYBG4PZBWg6GUp6l5y/daLVdDzbpVBGk4tSUPAjk6RwOQWhwdf7Qb5cAoTobLdg5dLGMZwkUFgDqexlygHgiqgRKVEQ8siTjcHsAsLtPlnb5aVZwvANBr5x+rqx2Fu5mKHMmPHP/FNBoYyCa3h5oQ2/N7vXGgj5tPFRj4Alh9/HSQIUh9edhyDH/AAnl4BeoJZT4v3r9isLLKEwvDOvlvC2RJmU+TCGeF/c5PLkLYQwMi6nHoovKSiUwTv5HigKEQRyigSekwUecG2EQvp2t4ARMguNaDFd8KSMWyuVjALKkTHs5ivxO+Ydq/Ye2ZlZBUSv5JiXyPibJsdYlU1FP7XD1aPRPviC97HxLPFAQR7iJAUFL/BV9WyOyiZ1i5ME+EsuIrRDkLJ8uYTcgujC0r2pcgA4N6A0PyjyeMgxbnIHfSgCw7ivSvmbINTldjzLfm5lpWeBjXMInsMzVYz/NzOLgoIfEJDS8CefDIv4uG5gyPQbTv8hXyoBaUcU7804RikAXBHVnBJJacjGYLYSYKu0FnwOhOfYDrpudTpSCkVURGa+kULafbL7yGBnNgUFPwqr04WACxh6lPaZF4Gv8ddFGsbwfKkECPTXhKA5xnOVHsEEKMIFRUEsEuyBi+lrziwl4Iv/yWpDsVqEe15AOd9ekx7WOasSKOQP6nYjeKT3EikFeZkgEom8skixmP/r2k3Q/ggWljP4UgklQz0dHeNLJaAHuZLSMAzzecZWOiWSkIJKgeLcgPJ9CDxNub+jR3gyl4qevsoJio1TbhSimujfRHl184RyPcu3KQwq5u0679VG0NpWJF2z/8JJPYHwyHWMZyDwV/OlEvILYxHqYSoNeAKE9DbQY7J93rjn1LIQmpMQ2C9wkgf5VHg+0mu6y7sJ5a3HcO4YWZk0M4e0E4p2UyOEsh/m29vB+E6RyGjYDCY+YASsYwzN+oYRtJfi73X4eyPoZ3rQvhZ/L0cDnwOeY00t8UG6Z2hoiTpjrg4KCmLvKBIU5AlO6hkgVCeDlvO/JYjZLsdYwf96AIVam0uah/C/JRQiJRocV8t4CcryCU7yYCIZnYsy/1YptDJCfqvy6eGDZcew0TmGtFIPnnWye2tRNmn+gbNpDqY2YhqB+IkQ/JuhCJvdDdgMobGfMjT7el2zDo9G93gjZ6/gwiAoCPlY5R3DpyAECHgpCmIRPMP1e5k9AWE9UggfnSEyX9+fL3uQGTOiULCanr34uk9hCHQreoV9K6ePiyAvZFJs2f0N0vWcVX0EAmOvigTjn4Uwr3A3WKcIDb8VtAzkmU6c6RgEBSFMpMyDZLNLlQ6KBDLKi8Ha3Cg6JUJoN1d6/hbxwMLd3gHlWS8RVkFI2w7F+NFaPr1KBvIURjnXgqR5NEpQ5tM5y+oYw0OZocQR+NI/4m6oLtIkhOCqUCj+Zq7CjMagKAgNVXYc7nUTqYZqoTzFUCdl/qVyTaWI3N6RN6HnWC0TVtHjpMxLyO5hdh/W7z2yM5TvXFDVuMHNUDYZ/RhnLcdw2NpND1p/cDdQJWGYtR22xWr8vUYPJk6LBOJHmEF7cVSzFpphK4nr6TBsDj1gfRrDsRNwz6XohX6HfLdU5uUhzd5EeXBVZiwGRUHahVgFx5c/vzAsFXAy9KEcPqdFKMaTGMZ9dc2C6h9MWg0nQx+8NWN2NUu05ZiL8ANCPg7BlwoxhP5p/P0uGeaRyLtaOiSRpiuFAmn2+aQMlWUI0mjmxj6Ub5mRmC4KQj5VsvUQgvD9gj3hFk78/xB6jKNrRTskpYMNcgAUo2bklFYo45gbqtk2QwZsDTTGlLthBIlhlnXU3F384852QMoiytSsh31loh5kxDPrjMN0UZBqoJkwCGRp3wiU4n6yd9yBImQQs1wp8/bifR0nx7yUi/IirI18sDBscgupNUlTtPF4OaRLNxB/S/w1EIBzC+V5hGJ7JBj3eYLOBExnBSnMdhnfg6BTAIZbaLdg1a82Iw8jHsL7ffC3HNanESJ/LS6yDGNOPOiftrWep3ULZukJxJpK0H7OXQ8IxjM0vcwsMwbTWUHyKf0sCPo1E2Pm7nypKoSNkjK+Rsa6TKA7SajT47IZu1lQjl9VNMbWfhnKEc0eI+V01wdDvPt67WrRb0xXBaHTZnPJ3TwboWSgoVY+qR8GxdgoE+ZuEG035uLLMEKJlLshiCCk/87JfYEZtD/uqZNm5aPh0bmcPCMw3W2QWshgyAXFKO1L6RTxkG4T8qYtwT/OOcY55KKC3x9ZkzZ3l7nawzC3r/c2hEW7qfruCoJeYyno50bI3hf/zjjXlJmoIGsWRN8JO+MXbqFujjAMc8y1UIDb8HspeoTToACH0h4V2sjljgXcEDBseS2E8EV3Q0QGZw2iptE23TGTFOTBsdhbs0nzvyHYVc80LHz9yVvXXJlNGTeA//y8ox8HA//A1anou8m5kmbGOMumUHWCgBbz3I0AZSEvxhktmIOCmaAghYM+zZMg+M9guLMVtB49wB15x1iWSRtnkP8WzSpRz1I8HrpdkBLRPpGsE6VA17Sv5TcoV36ADnoLWuEuK0jQvpyTFPqMmaAgFPCBfLNoIXFFg+4szYCUgcL4YJj1CSjiebQoib+VnsJ/rRrFBC/+Ik8jBOPHcZJCnzGTjfRWQLNeHDDioGxKPx/KcHsxCEMtQg9V3e/KCFpXeBohYNd20poBGMdXJxqMG7QGZGr20REtfooesL5Cbv6RgPUZXUu8zzDmdj1uklKQ6qAYW3TwJ3qDT2N4dCGGSndimNZ0dHcM4f6Hs5QDNscyTyMEEh/mpBkFWsk3g9ZBeB8/9i+YSmkK9tsEhPZcnn7uuN3WDQWJBO3FyOvuIpG3NifVw6xhLRGIzME7ClrnmIWNcLdRHnrQuh3pXZtlJGWg6IprUvqncmnjIgj2negdOrFouJrOT+di5MADXgoqN7yWOJiTZgTItR7PfTaInDDL76FZ0ux7IsEEucR0TFG6oSAQ5s+788THoOa+B+opjVD8RJS9ynOfi5Dn80uWdGaHKLnLk0t8Nq0flqP94465HNT5FXTHeGJ1KmpwsdUBm+Msz8Nq9pc4aVpjLr5KRsg6XtesZ9zP3wG6VQ/sNszFtIV+Kkhh+t86A71F7a0JoHYURNgNwitXBIW7G387sp+jJlGk+Ipg2FUBAfm3igdeyknTFhhGDuM5a+11mYIwrscQ6ic0nMA7+rIRsk/EfafBLrkM/9+L9K2S+5isF0DHoqi2epN+KYgZsOaD7yEPXw3qQA8yi06yyiajH86n9K9AiG/CEGoj7Aq5gLdBUMAtFBOYy60PjEF39zysZq3H5Wm7DmIErAMg+M+6n7lEmrUBdsjJ4XCCNvbUfAf8hf0o7rsZ5N8eANJD9nXtbA/oh4IYwcQX/R7dLtJs2pawVOQTju+jByw7FprrOaatE6CFO/LZghH9IQyHTsVX/0YIeFs+WVC4pzNj3hOz6oK21eKBPeNvchbk5GmFQm/pdacnguD9FX8/R8MuZm0K4fDIKITql5X5EuH68tiu897ArE2hxwoyC/mf50ljwvWt+LBcYYZtGpb09eO5Hkoz4ZgfEEqTMn4GwX+EVtgrlcFHjpGjgHGcTXPAV2FpxQu5BZenVS8C5TgMz+b70uP6dZGI/SZmawez0GN8DArhM/YhlPe2svuylwqC3zRRUb5eTr+OtkKImwcTs2hLbjYV3R/Dp5PR0/wUfze4lQP//3T9/t5g2E1B10b3lLycabPdVQ/Y+0G4vMMGzdrWDY9lfc7uISjd/Z6yCnQz9dbM1hB6pSAUS8BzTVy3/6aHEp5zzF9OEEqT1PeDwizGv+1/7PFCbqh4SS/Qghgnv2yh67uH8CyerzoE+CU9EO/aeg/1FhjK3e4uU5QbtM9ilobQIwX5Fb0P9zXwPBoMjnpOdeoGyM7IJaMLs46xDMOkSzBkOoW23NKRzrR7sPLAnb6CDC28LM8CGRrkWSOQ8Byc+HICrYgbWvx3Fc9EW3g/wixdAxnxELzfu8sGTVKwCmapi54oSCVRRJlgvP76QAfB8XovhIJs9Q6NyLPXeAi/f5tPmVdRzN1M0jgy4xj75pxIjBb5KCQRZ9N90FcVL6linG5NRoLWOdTgzPaygVQYQtYJnNx1vDO451t41qdUPuqUp0B8zFITvVYQ6knYEO8LaOEOCnF9o9O7ZJzDvtgMRbor6+j/wtl0FzTNh5clmba0NqKHOb4XPkidQGzX2BtQ76fczwAB+AWSejr5wNuHPTNn5EHNyTXRawUxNevLzNZX5NKRMfQo98qUokjkdwXl+Dl+H7I2HXod39ob4GUdWjkuLRIaaSsU5SY0+rG0hjKoPYseTJxZUe9nIpGRXTm5p0AvcrG7LqCnGpnV6qmCaPYDzU4idBMU9YRc1KEo69BTPJ6lU3Md88pMKvrFtWljb1lghZ4iHEi8Gw2Slb5ML01BYTCMsH4LI/RqNMAluHY2rp2O31+BDXAKudCbgfghwjsWSsWhRbs2dhRGsmb9zVPPBr/a3UAgYL2ehNtdH12L13Xp6aWC4Lo0mHS/US8UUF9Bh7agUb6E3oQW0nwvtS0iAdbse4xg/DvkQt7JrzuU9ShvWfYm8tbl5L6AFNRTp6C1BpdrfiR6qCB/RNK0WvfqKchdAkpyGBr1LrxM30p0h4iiKN5LaxNkP3DRLQH5eGaPIBTSE4x6Ce5FPPG+jFC8pttDDxVkRod47SjMdyTeRsGoIYTfxstegb+d9oYFkQepdVEssIfnnOxGQHsWKvKa7IavUCvQtcRl7rrh3fljMLnQCwXB/1tM039KlELnMDsOm2JYi+8Z1uwPmSHr0xDKo0wtfjSdKBWhma+QvQSNcRFslGvQyHdiuLGBBNfdUDIC/7NmSKx2N2yvwNbxrApDAAbmQHg8jydABuo2wUlS9KQH0ezGD4pR6B12LTT+HjSkgsLcBPKEHvIQ0kOhuQ1N5UEIv+++Vw+OnMRJfUcsFnsFhNztSTxZa9q8Nwoi3w+iMGAYmTOys67FvwAh+LOnAYsUsFY2clQbeB903zdo7jIQyF+768dB8aRQCqLgg9jpR7NQ0n3h1l21VqHFvZ4geNakae41UONrPBcddFp+poB1DCf5oBREoSpEtPmgfZ+nMQv0HWbxgfeXl3ghUD09NrkRROhIO3cdQ/Z5nOSDUhCFmqCvv65Zd3gaNGhPVdvQJU7g9fBaKzlpYKCHhL9buY6avYyTfFAKolAXBdvEyrsbFYJyJyd7EAnEEx6+oJyvnzC1+CJ3HSl8Dif5oBREoSGE59h7oTErHCgTcU4uga55eDS7tcPguwgjYO/rrqNSEIWOAML+c3fDoqF9q+O6PkKbo8o8mvUoJw0MaFuuu46gqlFklIIoNAxDix/oadig9VtOKqGwk6/c00AYttN6CycPBMTCqes5UMczOckHpSAKDYPcTtwNC/viKU5yYzZdd/OR9zCnDQRQp8vd9cOQ60hO8kEpiEIzmI0hk3ttZErmQ0Q9i4sHZB3FSQMBDBU9C5kUpI2TfFAKotAUIOye2SxynOSkEiBEnthO6FF+wkl9R3TO6C6oU3kIqFkv1dpwphREoSlAQf7kblzy3OWkEiAA+7t5IFTPDYodEtWsw911A93NSVIoBVFoCmjcR92NKwv4Vti74t13Yc6xDuLkvgIK7gkFhN7tPzlJCqUgCg2DegE07rZy41ovVdtDjbQfuIUAgnUHJ/UNw2FrN9TFvZYzxTGAq0IpiELDoN137obF1zfDST4YoVHHzUsUDSfezcl9AQSzwg1fhHetCaUgAwLybepFJL12gF7hQk/D1j5slGa8POE/9WD8Vlzvy75rCLaF+ns2iOkhez9OrgqlIAOAsJY4WLiIa/amMIYBfHmgQF66EHjP1t560REjQXvczU+kB+I9jzUrojsW9vK760LGeV1lVQrSZ0ApTsVLKo+LNetx/N2DkwcFs1CvH5XqKMjaSLvzOL0aZlUKJglYr2NjkSHurgNoSg+OvpeTa0IpSJ8BBaG94uWXJcjaMkhRvSmmVmUdaZsuJ9cEHe4CgfAGZobBTuGMmKWrQC+2AALomlggsq7g5LpQCjIAwAs72fPCCkQnuH47Hu9vLCnagkt1cdcN9V3RTARA2UcAz3b1+ND4TszSFaCcPSB8nuB1KHcdhf9hlrpQCjIgwIv6LK3qel6ceHn2WjYme2rc0rZalF0ZrpME7MlIZDTMbA2BbAAI1m8q84po1g8bGKa1BD048l6UUXmQzgsQzncxS0PwKYjc/6wpKAVpETSNipfnWYgrkhCwOkHOOgU6bgGCMOGvh7Wl1TrQEWh4Nn+emvV/MneVNjArEkgcgfdVccCnNUneyMzTMArH49GBoKW8JqNvqx+4ohaUgrQBsae7Yt+Fl6zlaPxPxmJjHQ1YLcLhhOIfhmLcKS1XszbXcuprBBQ8Dvn7I6Zo1uN6wP4YWNrqJUX+/kOIQNakGUwcwmxNA3n80Z0fnuE4TmoJSkHaxyxDSxyMF1k1Hi/StuDFXodh2WF8fl3TwhWNju5iBu1x5EHHKlcvS7MfMAJzo3xbW9B16+0Q2JXScqCctB0WbE0F1aYeCHmeA3rel69mvdju1DIJsDtPvI9nYnPsGCdLEQvEqkakVArSIVBXjsb4ptQ2qaTC9PAvhd2gWSfga/8ZCP9iI2wdEC4clXwoBPAkPWR9C79vBs9jpXurEMreijy+3mlHQ3KRp22usjIFafYaPRj/uqmNLiqEPvUY87PI10vsfZ8jQhNRwDvpkcl4b+t1Lb4n39cywuHd34E6eYLq4V0+jWunGKFEKkrnj9BmMjFlb/0Q6WtBNLEhna5XCtJh0HFceKnfx8uvmK7sDqGsbaZmX9XtY8AovjDK82yukpP1PIT9cSjsJiGY9YN3k3AupWATXFTbQLmVaymNkDSkqFKQLoGGUpGgfTZe8EbPC+4UafFHIIhn9vLIYfIGpl6toV6yAcK7+Z0Rst7D2XcSs2nWTVZmdbIm9UDCdy64UpAug2ZWCt164gx06/fgBbtnWRomNNQTuPfXES1+SiQwOm9oaEnvDmOsQOEA08QZqJN0Fq8OPY8v/LUYVjZ8OGdrWDLbLCya+s5h95Nok7vRC7+fby5BKUiPQeE+zeDICPlGURhN9DJfZVvjcijQMnydL6PogRjSnGwER8gWSfPUal8cB2tjyWzy+kUdT4Lg3ADKg9zj/yk80yYMt+7E81xAdlavQ5vSDkTU6aOgM+g4BROE+pyH9/wfZO+R9wC1CbP7QDOVtE+/SDRxwUkKHgwN/T/fvy7K4dvMgwAAAABJRU5ErkJggg==" /></p>
-                      </div>
-                      <div class="col-sm-9">
-                        {% if solr_status != false %}
-                        <div class="progress">
-                          <div class="progress-bar bg-info" role="progressbar" style="width:{{ solr_status.jvm.memory.raw['used%']|round }}%"></div>
-                        </div>
-                        <p>{{ lang.debug.jvm_memory_solr }}: {{ (solr_status.jvm.memory.total - solr_status.jvm.memory.free) }} / {{ solr_status.jvm.memory.total }}
-                          ({{ solr_status.jvm.memory.raw['used%']|round }}%)</p>
-                        <hr>
-                        <span class="d-block">{{ lang.debug.uptime }}: {{ solr_uptime }}h</span>
-                        <span class="d-block">{{ lang.debug.started_at }}: <span class="parse_date">{{ solr_status.status['dovecot-fts'].startTime }}</span></span>
-                        <span class="d-block">{{ lang.debug.last_modified }}: <span class="parse_date">{{ solr_status.status['dovecot-fts'].index.lastModified }}</span></span>
-                        <span class="d-block">{{ lang.debug.size }}: {{ solr_status.status['dovecot-fts'].index.size }}</span>
-                        <span class="d-block"><i class="bi bi-file-text"></i> {{ lang.debug.docs }}: {{ solr_status.status['dovecot-fts'].index.numDocs }}</span>
-                        {% else %}
-                        <span class="d-block">{{ lang.debug.solr_dead }}</span>
-                        {% endif %}
-                      </div>
-                      <div class="mt-4 col-sm-12 col-md-6 d-flex flex-column">
-                        <h6>Disk I/O</h6>
-                        <div class="spinner-border my-4 mx-auto" role="status">
-                          <span class="visually-hidden">Loading...</span>
-                        </div>
-                        <canvas class="d-none" id="solr-mailcow_DiskIOChart" width="400" height="200"></canvas>
-                      </div>
-                      <div class="mt-4 col-sm-12 col-md-6 d-flex flex-column">
-                        <h6>Net I/O</h6>
-                        <div class="spinner-border my-4 mx-auto" role="status">
-                          <span class="visually-hidden">Loading...</span>
-                        </div>
-                        <canvas class="d-none" id="solr-mailcow_NetIOChart" width="400" height="200"></canvas>
-                      </div>
-                      <div class="col-sm-12 d-flex" style="height: 40px">
-                        <a href data-bs-toggle="modal"
-                          data-container="solr-mailcow"
-                          data-bs-target="#RestartContainer"
-                          class="btn btn-sm btn-secondary d-flex align-items-center justify-content-center mb-2 ms-auto"
-                          style="height: 30px;">{{ lang.debug.restart_container }}
-                            <i class="ms-1 bi
-                            {% if containers["solr-mailcow"].State.Running == 1 %}
-                            bi-record-fill text-success
-                            {% elseif containers["solr-mailcow"].State %}
-                            bi-record-fill text-danger
-                            {% else %}
-                            default
-                            {% endif %}
-                            "
-                          ></i>
-                        </a>
-                      </div>
-                    </div>
-                  </div>
-                  {% endif %}
-                </div>
-              </div>
-
               <!-- rest of the containers -->
               {% for container, container_info in containers %}
-                {% if container != "solr-mailcow" %}
                   <div class="col-md-6 col-sm-12 p-2">
                     <div class="list-group-item p-0">
                       <div class="d-flex p-2 list-group-header">
@@ -336,7 +235,6 @@
                       </div>
                     </div>
                   </div>
-                {% endif %}
               {% endfor %}
             </div>
           </div>
diff --git a/docker-compose.yml b/docker-compose.yml
index f815ab9b4..55481fb50 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -165,7 +165,7 @@ services:
         - API_KEY_READ_ONLY=${API_KEY_READ_ONLY:-invalid}
         - API_ALLOW_FROM=${API_ALLOW_FROM:-invalid}
         - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
-        - SKIP_SOLR=${SKIP_SOLR:-y}
+        - SKIP_FTS=${SKIP_FTS:-y}
         - SKIP_CLAMD=${SKIP_CLAMD:-n}
         - SKIP_SOGO=${SKIP_SOGO:-n}
         - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
@@ -174,7 +174,6 @@ services:
         - DEMO_MODE=${DEMO_MODE:-n}
         - WEBAUTHN_ONLY_TRUSTED_VENDORS=${WEBAUTHN_ONLY_TRUSTED_VENDORS:-n}
         - CLUSTERMODE=${CLUSTERMODE:-}
-        - FLATCURVE_EXPERIMENTAL=${FLATCURVE_EXPERIMENTAL:-}
       restart: always
       networks:
         mailcow-network:
@@ -234,6 +233,7 @@ services:
       depends_on:
         - mysql-mailcow
         - netfilter-mailcow
+        - redis-mailcow
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       cap_add:
@@ -267,14 +267,15 @@ services:
         - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
         - MAILDIR_GC_TIME=${MAILDIR_GC_TIME:-7200}
         - ACL_ANYONE=${ACL_ANYONE:-disallow}
-        - SKIP_SOLR=${SKIP_SOLR:-y}
+        - SKIP_FTS=${SKIP_FTS:-y}
+        - FTS_HEAP=${FTS_HEAP:-512}
+        - FTS_PROCS=${FTS_PROCS:-3}
         - MAILDIR_SUB=${MAILDIR_SUB:-}
         - MASTER=${MASTER:-y}
         - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
         - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
         - REDISPASS=${REDISPASS}
         - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
-        - FLATCURVE_EXPERIMENTAL=${FLATCURVE_EXPERIMENTAL:-n}
       ports:
         - "${DOVEADM_PORT:-127.0.0.1:19991}:12345"
         - "${IMAP_PORT:-143}:143"
@@ -558,28 +559,6 @@ services:
           aliases:
             - dockerapi
 
-
-    ##### Will be removed soon #####
-    solr-mailcow:
-      image: mailcow/solr:1.8.3
-      restart: always
-      depends_on:
-        - netfilter-mailcow
-      volumes:
-        - solr-vol-1:/opt/solr/server/solr/dovecot-fts/data
-      ports:
-        - "${SOLR_PORT:-127.0.0.1:18983}:8983"
-      environment:
-        - TZ=${TZ}
-        - SOLR_HEAP=${SOLR_HEAP:-1024}
-        - SKIP_SOLR=${SKIP_SOLR:-y}
-        - FLATCURVE_EXPERIMENTAL=${FLATCURVE_EXPERIMENTAL:-n}
-      networks:
-        mailcow-network:
-          aliases:
-            - solr
-    ################################
-
     olefy-mailcow:
       image: mailcow/olefy:1.13
       restart: always
@@ -636,7 +615,6 @@ services:
         - netfilter-mailcow
         - watchdog-mailcow
         - dockerapi-mailcow
-        - solr-mailcow
       environment:
         - TZ=${TZ}
       image: robbertkl/ipv6nat
@@ -668,7 +646,6 @@ volumes:
   mysql-socket-vol-1:
   redis-vol-1:
   rspamd-vol-1:
-  solr-vol-1:
   postfix-vol-1:
   crypt-vol-1:
   sogo-web-vol-1:
diff --git a/generate_config.sh b/generate_config.sh
index 915a5d907..6e66c9197 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -175,28 +175,6 @@ if [ -z "${SKIP_CLAMD}" ]; then
   fi
 fi
 
-if [ -z "${SKIP_SOLR}" ]; then
-  if [ "${MEM_TOTAL}" -le "2097152" ]; then
-    echo "Disabling Solr on low-memory system."
-    SKIP_SOLR=y
-  elif [ "${MEM_TOTAL}" -le "3670016" ]; then
-    echo "Installed memory is <= 3.5 GiB. It is recommended to disable Solr to prevent out-of-memory situations."
-    echo "Solr is a prone to run OOM and should be monitored. The default Solr heap size is 1024 MiB and should be set in mailcow.conf according to your expected load."
-    echo "Solr can be re-enabled by setting SKIP_SOLR=n in mailcow.conf but will refuse to start with less than 2 GB total memory."
-    read -r -p  "Do you want to disable Solr now? [Y/n] " response
-    case $response in
-      [nN][oO]|[nN])
-        SKIP_SOLR=n
-        ;;
-      *)
-        SKIP_SOLR=y
-      ;;
-    esac
-  else
-    SKIP_SOLR=n
-  fi
-fi
-
 if [[ ${SKIP_BRANCH} != y ]]; then
   echo "Which branch of mailcow do you want to use?"
   echo ""
@@ -305,7 +283,6 @@ POPS_PORT=995
 SIEVE_PORT=4190
 DOVEADM_PORT=127.0.0.1:19991
 SQL_PORT=127.0.0.1:13306
-SOLR_PORT=127.0.0.1:18983
 REDIS_PORT=127.0.0.1:7654
 
 # Your timezone
@@ -402,14 +379,22 @@ SKIP_CLAMD=${SKIP_CLAMD}
 
 SKIP_SOGO=n
 
-# Skip Solr on low-memory systems or if you do not want to store a readable index of your mails in solr-vol-1.
+# Skip FTS (Fulltext Search) for Dovecot on low-memory systems or if you simply want to disable it.
+# Dovecot inside mailcow use Flatcurve as FTS Backend.
 
-SKIP_SOLR=${SKIP_SOLR}
+SKIP_FTS=n
 
-# Solr heap size in MB, there is no recommendation, please see Solr docs.
-# Solr is a prone to run OOM and should be monitored. Unmonitored Solr setups are not recommended.
+# Dovecot Indexing (FTS) Process maximum heap size in MB, there is no recommendation, please see Dovecot docs.
+# Flatcurve (Xapian backend) is used as the FTS Indexer. It is supposed to be efficient in CPU and RAM consumption.
+# However: Please always monitor your Resource consumption!
 
-SOLR_HEAP=1024
+FTS_HEAP=128
+
+# Controls how many processes the Dovecot indexing process can spawn at max.
+# Too many indexing processes can use a lot of CPU and Disk I/O.
+# Please visit: https://doc.dovecot.org/configuration_manual/service_configuration/#indexer-worker for more informations
+
+FTS_PROCS=5
 
 # Allow admins to log into SOGo as email user (without any password)
 
diff --git a/helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml b/helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml
index d2dd0f606..00128de37 100644
--- a/helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml
+++ b/helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml
@@ -34,8 +34,5 @@ services:
   dockerapi-mailcow:
     build: ./data/Dockerfiles/dockerapi
 
-  solr-mailcow:
-    build: ./data/Dockerfiles/solr
-
   olefy-mailcow:
     build: ./data/Dockerfiles/olefy
diff --git a/update.sh b/update.sh
index 8ed414d03..d488c4784 100755
--- a/update.sh
+++ b/update.sh
@@ -303,6 +303,400 @@ fix_broken_dnslist_conf() {
 
 }
 
+adapt_new_options() {
+
+  CONFIG_ARRAY=(
+  "SKIP_LETS_ENCRYPT"
+  "SKIP_SOGO"
+  "USE_WATCHDOG"
+  "WATCHDOG_NOTIFY_EMAIL"
+  "WATCHDOG_NOTIFY_WEBHOOK"
+  "WATCHDOG_NOTIFY_WEBHOOK_BODY"
+  "WATCHDOG_NOTIFY_BAN"
+  "WATCHDOG_NOTIFY_START"
+  "WATCHDOG_EXTERNAL_CHECKS"
+  "WATCHDOG_SUBJECT"
+  "SKIP_CLAMD"
+  "SKIP_IP_CHECK"
+  "ADDITIONAL_SAN"
+  "DOVEADM_PORT"
+  "IPV4_NETWORK"
+  "IPV6_NETWORK"
+  "LOG_LINES"
+  "SNAT_TO_SOURCE"
+  "SNAT6_TO_SOURCE"
+  "COMPOSE_PROJECT_NAME"
+  "DOCKER_COMPOSE_VERSION"
+  "SQL_PORT"
+  "API_KEY"
+  "API_KEY_READ_ONLY"
+  "API_ALLOW_FROM"
+  "MAILDIR_GC_TIME"
+  "MAILDIR_SUB"
+  "ACL_ANYONE"
+  "FTS_HEAP"
+  "FTS_PROCS"
+  "SKIP_FTS"
+  "ENABLE_SSL_SNI"
+  "ALLOW_ADMIN_EMAIL_LOGIN"
+  "SKIP_HTTP_VERIFICATION"
+  "SOGO_EXPIRE_SESSION"
+  "REDIS_PORT"
+  "DOVECOT_MASTER_USER"
+  "DOVECOT_MASTER_PASS"
+  "MAILCOW_PASS_SCHEME"
+  "ADDITIONAL_SERVER_NAMES"
+  "ACME_CONTACT"
+  "WATCHDOG_VERBOSE"
+  "WEBAUTHN_ONLY_TRUSTED_VENDORS"
+  "SPAMHAUS_DQS_KEY"
+  "SKIP_UNBOUND_HEALTHCHECK"
+  "DISABLE_NETFILTER_ISOLATION_RULE"
+  )
+
+  sed -i --follow-symlinks '$a\' mailcow.conf
+  for option in ${CONFIG_ARRAY[@]}; do
+    if [[ ${option} == "ADDITIONAL_SAN" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo "${option}=" >> mailcow.conf
+      fi
+    elif [[ ${option} == "COMPOSE_PROJECT_NAME" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo "COMPOSE_PROJECT_NAME=mailcowdockerized" >> mailcow.conf
+      fi
+    elif [[ ${option} == "DOCKER_COMPOSE_VERSION" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo "# Used Docker Compose version" >> mailcow.conf
+        echo "# Switch here between native (compose plugin) and standalone" >> mailcow.conf
+        echo "# For more informations take a look at the mailcow docs regarding the configuration options." >> mailcow.conf
+        echo "# Normally this should be untouched but if you decided to use either of those you can switch it manually here." >> mailcow.conf
+        echo "# Please be aware that at least one of those variants should be installed on your maschine or mailcow will fail." >> mailcow.conf
+        echo "" >> mailcow.conf
+        echo "DOCKER_COMPOSE_VERSION=${DOCKER_COMPOSE_VERSION}" >> mailcow.conf
+      fi
+    elif [[ ${option} == "DOVEADM_PORT" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo "DOVEADM_PORT=127.0.0.1:19991" >> mailcow.conf
+      fi
+    elif [[ ${option} == "WATCHDOG_NOTIFY_EMAIL" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo "WATCHDOG_NOTIFY_EMAIL=" >> mailcow.conf
+      fi
+    elif [[ ${option} == "LOG_LINES" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Max log lines per service to keep in Redis logs' >> mailcow.conf
+        echo "LOG_LINES=9999" >> mailcow.conf
+      fi
+    elif [[ ${option} == "IPV4_NETWORK" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Internal IPv4 /24 subnet, format n.n.n. (expands to n.n.n.0/24)' >> mailcow.conf
+        echo "IPV4_NETWORK=172.22.1" >> mailcow.conf
+      fi
+    elif [[ ${option} == "IPV6_NETWORK" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Internal IPv6 subnet in fc00::/7' >> mailcow.conf
+        echo "IPV6_NETWORK=fd4d:6169:6c63:6f77::/64" >> mailcow.conf
+      fi
+    elif [[ ${option} == "SQL_PORT" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Bind SQL to 127.0.0.1 on port 13306' >> mailcow.conf
+        echo "SQL_PORT=127.0.0.1:13306" >> mailcow.conf
+      fi
+    elif [[ ${option} == "API_KEY" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Create or override API key for web UI' >> mailcow.conf
+        echo "#API_KEY=" >> mailcow.conf
+      fi
+    elif [[ ${option} == "API_KEY_READ_ONLY" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Create or override read-only API key for web UI' >> mailcow.conf
+        echo "#API_KEY_READ_ONLY=" >> mailcow.conf
+      fi
+    elif [[ ${option} == "API_ALLOW_FROM" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Must be set for API_KEY to be active' >> mailcow.conf
+        echo '# IPs only, no networks (networks can be set via UI)' >> mailcow.conf
+        echo "#API_ALLOW_FROM=" >> mailcow.conf
+      fi
+    elif [[ ${option} == "SNAT_TO_SOURCE" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Use this IPv4 for outgoing connections (SNAT)' >> mailcow.conf
+        echo "#SNAT_TO_SOURCE=" >> mailcow.conf
+      fi
+    elif [[ ${option} == "SNAT6_TO_SOURCE" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Use this IPv6 for outgoing connections (SNAT)' >> mailcow.conf
+        echo "#SNAT6_TO_SOURCE=" >> mailcow.conf
+      fi
+    elif [[ ${option} == "MAILDIR_GC_TIME" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Garbage collector cleanup' >> mailcow.conf
+        echo '# Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring' >> mailcow.conf
+        echo '# How long should objects remain in the garbage until they are being deleted? (value in minutes)' >> mailcow.conf
+        echo '# Check interval is hourly' >> mailcow.conf
+        echo 'MAILDIR_GC_TIME=1440' >> mailcow.conf
+      fi
+    elif [[ ${option} == "ACL_ANYONE" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Set this to "allow" to enable the anyone pseudo user. Disabled by default.' >> mailcow.conf
+        echo '# When enabled, ACL can be created, that apply to "All authenticated users"' >> mailcow.conf
+        echo '# This should probably only be activated on mail hosts, that are used exclusivly by one organisation.' >> mailcow.conf
+        echo '# Otherwise a user might share data with too many other users.' >> mailcow.conf
+        echo 'ACL_ANYONE=disallow' >> mailcow.conf
+      fi
+    elif [[ ${option} == "FTS_HEAP" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Dovecot Indexing (FTS) Process maximum heap size in MB, there is no recommendation, please see Dovecot docs.' >> mailcow.conf
+        echo '# Flatcurve is used as FTS Engine. It is supposed to be pretty efficient in CPU and RAM consumption.' >> mailcow.conf
+        echo '# Please always monitor your Resource consumption!' >> mailcow.conf
+        echo "FTS_HEAP=1024" >> mailcow.conf
+      fi
+    elif [[ ${option} == "SKIP_FTS" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Skip FTS (Fulltext Search) for Dovecot on low-memory systems or if you simply want to disable it.' >> mailcow.conf
+        echo "# Dovecot inside mailcow use Flatcurve as FTS Backend." >> mailcow.conf
+        echo "SKIP_FTS=n" >> mailcow.conf
+      fi
+    elif [[ ${option} == "FTS_PROCS" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Controls how many processes the Dovecot indexing process can spawn at max.' >> mailcow.conf
+        echo '# Too many indexing processes can use a lot of CPU and Disk I/O' >> mailcow.conf
+        echo '# Please visit: https://doc.dovecot.org/configuration_manual/service_configuration/#indexer-worker for more informations' >> mailcow.conf
+        echo "FTS_PROCS=2" >> mailcow.conf
+      fi
+    elif [[ ${option} == "ENABLE_SSL_SNI" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Create seperate certificates for all domains - y/n' >> mailcow.conf
+        echo '# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames' >> mailcow.conf
+        echo '# see https://wiki.dovecot.org/SSL/SNIClientSupport' >> mailcow.conf
+        echo "ENABLE_SSL_SNI=n" >> mailcow.conf
+      fi
+    elif [[ ${option} == "SKIP_SOGO" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n' >> mailcow.conf
+        echo "SKIP_SOGO=n" >> mailcow.conf
+      fi
+    elif [[ ${option} == "MAILDIR_SUB" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# MAILDIR_SUB defines a path in a users virtual home to keep the maildir in. Leave empty for updated setups.' >> mailcow.conf
+        echo "#MAILDIR_SUB=Maildir" >> mailcow.conf
+        echo "MAILDIR_SUB=" >> mailcow.conf
+      fi
+    elif [[ ${option} == "WATCHDOG_NOTIFY_WEBHOOK" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Send notifications to a webhook URL that receives a POST request with the content type "application/json".' >> mailcow.conf
+        echo '# You can use this to send notifications to services like Discord, Slack and others.' >> mailcow.conf
+        echo '#WATCHDOG_NOTIFY_WEBHOOK=https://discord.com/api/webhooks/XXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' >> mailcow.conf
+      fi
+    elif [[ ${option} == "WATCHDOG_NOTIFY_WEBHOOK_BODY" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# JSON body included in the webhook POST request. Needs to be in single quotes.' >> mailcow.conf
+        echo '# Following variables are available: SUBJECT, BODY' >> mailcow.conf
+        WEBHOOK_BODY='{"username": "mailcow Watchdog", "content": "**${SUBJECT}**\n${BODY}"}'
+        echo "#WATCHDOG_NOTIFY_WEBHOOK_BODY='${WEBHOOK_BODY}'" >> mailcow.conf
+      fi
+    elif [[ ${option} == "WATCHDOG_NOTIFY_BAN" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Notify about banned IP. Includes whois lookup.' >> mailcow.conf
+        echo "WATCHDOG_NOTIFY_BAN=y" >> mailcow.conf
+      fi
+    elif [[ ${option} == "WATCHDOG_NOTIFY_START" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Send a notification when the watchdog is started.' >> mailcow.conf
+        echo "WATCHDOG_NOTIFY_START=y" >> mailcow.conf
+      fi
+    elif [[ ${option} == "WATCHDOG_SUBJECT" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Subject for watchdog mails. Defaults to "Watchdog ALERT" followed by the error message.' >> mailcow.conf
+        echo "#WATCHDOG_SUBJECT=" >> mailcow.conf
+      fi
+    elif [[ ${option} == "WATCHDOG_EXTERNAL_CHECKS" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Checks if mailcow is an open relay. Requires a SAL. More checks will follow.' >> mailcow.conf
+        echo '# No data is collected. Opt-in and anonymous.' >> mailcow.conf
+        echo '# Will only work with unmodified mailcow setups.' >> mailcow.conf
+        echo "WATCHDOG_EXTERNAL_CHECKS=n" >> mailcow.conf
+      fi
+    elif [[ ${option} == "SOGO_EXPIRE_SESSION" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# SOGo session timeout in minutes' >> mailcow.conf
+        echo "SOGO_EXPIRE_SESSION=480" >> mailcow.conf
+      fi
+    elif [[ ${option} == "REDIS_PORT" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo "REDIS_PORT=127.0.0.1:7654" >> mailcow.conf
+      fi
+    elif [[ ${option} == "DOVECOT_MASTER_USER" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# DOVECOT_MASTER_USER and _PASS must _both_ be provided. No special chars.' >> mailcow.conf
+        echo '# Empty by default to auto-generate master user and password on start.' >> mailcow.conf
+        echo '# User expands to DOVECOT_MASTER_USER@mailcow.local' >> mailcow.conf
+        echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
+        echo "DOVECOT_MASTER_USER=" >> mailcow.conf
+      fi
+    elif [[ ${option} == "DOVECOT_MASTER_PASS" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
+        echo "DOVECOT_MASTER_PASS=" >> mailcow.conf
+      fi
+    elif [[ ${option} == "MAILCOW_PASS_SCHEME" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Password hash algorithm' >> mailcow.conf
+        echo '# Only certain password hash algorithm are supported. For a fully list of supported schemes,' >> mailcow.conf
+        echo '# see https://docs.mailcow.email/models/model-passwd/' >> mailcow.conf
+        echo "MAILCOW_PASS_SCHEME=BLF-CRYPT" >> mailcow.conf
+      fi
+    elif [[ ${option} == "ADDITIONAL_SERVER_NAMES" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Additional server names for mailcow UI' >> mailcow.conf
+        echo '#' >> mailcow.conf
+        echo '# Specify alternative addresses for the mailcow UI to respond to' >> mailcow.conf
+        echo '# This is useful when you set mail.* as ADDITIONAL_SAN and want to make sure mail.maildomain.com will always point to the mailcow UI.' >> mailcow.conf
+        echo '# If the server name does not match a known site, Nginx decides by best-guess and may redirect users to the wrong web root.' >> mailcow.conf
+        echo '# You can understand this as server_name directive in Nginx.' >> mailcow.conf
+        echo '# Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f' >> mailcow.conf
+        echo 'ADDITIONAL_SERVER_NAMES=' >> mailcow.conf
+      fi
+    elif [[ ${option} == "ACME_CONTACT" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Lets Encrypt registration contact information' >> mailcow.conf
+        echo '# Optional: Leave empty for none' >> mailcow.conf
+        echo '# This value is only used on first order!' >> mailcow.conf
+        echo '# Setting it at a later point will require the following steps:' >> mailcow.conf
+        echo '# https://docs.mailcow.email/troubleshooting/debug-reset_tls/' >> mailcow.conf
+        echo 'ACME_CONTACT=' >> mailcow.conf
+      fi
+    elif [[ ${option} == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo "# WebAuthn device manufacturer verification" >> mailcow.conf
+        echo '# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed' >> mailcow.conf
+        echo '# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates' >> mailcow.conf
+        echo 'WEBAUTHN_ONLY_TRUSTED_VENDORS=n' >> mailcow.conf
+      fi
+    elif [[ ${option} == "SPAMHAUS_DQS_KEY" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo "# Spamhaus Data Query Service Key" >> mailcow.conf
+        echo '# Optional: Leave empty for none' >> mailcow.conf
+        echo '# Enter your key here if you are using a blocked ASN (OVH, AWS, Cloudflare e.g) for the unregistered Spamhaus Blocklist.' >> mailcow.conf
+        echo '# If empty, it will completely disable Spamhaus blocklists if it detects that you are running on a server using a blocked AS.' >> mailcow.conf
+        echo '# Otherwise it will work as usual.' >> mailcow.conf
+        echo 'SPAMHAUS_DQS_KEY=' >> mailcow.conf
+      fi
+    elif [[ ${option} == "WATCHDOG_VERBOSE" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Enable watchdog verbose logging' >> mailcow.conf
+        echo 'WATCHDOG_VERBOSE=n' >> mailcow.conf
+      fi
+    elif [[ ${option} == "SKIP_UNBOUND_HEALTHCHECK" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n' >> mailcow.conf
+        echo 'SKIP_UNBOUND_HEALTHCHECK=n' >> mailcow.conf
+      fi
+    elif [[ ${option} == "DISABLE_NETFILTER_ISOLATION_RULE" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Prevent netfilter from setting an iptables/nftables rule to isolate the mailcow docker network - y/n' >> mailcow.conf
+        echo '# CAUTION: Disabling this may expose container ports to other neighbors on the same subnet, even if the ports are bound to localhost' >> mailcow.conf
+        echo 'DISABLE_NETFILTER_ISOLATION_RULE=n' >> mailcow.conf
+      fi 
+    elif ! grep -q ${option} mailcow.conf; then
+      echo "Adding new option \"${option}\" to mailcow.conf"
+      echo "${option}=n" >> mailcow.conf
+    fi
+  done
+}
+
+migrate_solr_config_options() {
+
+  sed -i --follow-symlinks '$a\' mailcow.conf
+
+  if grep -q "SOLR_HEAP" mailcow.conf; then
+    echo "Removing SOLR_HEAP in mailcow.conf"
+    sed -i '/# Solr heap size in MB\b/d' mailcow.conf
+    sed -i '/# Solr is a prone to run\b/d' mailcow.conf
+    sed -i '/SOLR_HEAP\b/d' mailcow.conf
+  fi
+
+  if grep -q "SKIP_SOLR" mailcow.conf; then
+    echo "Removing SKIP_SOLR in mailcow.conf"
+    sed -i '/\bSkip Solr on low-memory\b/d' mailcow.conf
+    sed -i '/\bSolr is disabled by default\b/d' mailcow.conf
+    sed -i '/\bDisable Solr or\b/d' mailcow.conf
+    sed -i '/\bSKIP_SOLR\b/d' mailcow.conf
+  fi
+
+  if grep -q "SOLR_PORT" mailcow.conf; then
+    echo "Removing SOLR_PORT in mailcow.conf"
+    sed -i '/\bSOLR_PORT\b/d' mailcow.conf
+  fi
+
+  if grep -q "FLATCURVE_EXPERIMENTAL" mailcow.conf; then
+    echo "Removing FLATCURVE_EXPERIMENTAL in mailcow.conf"
+    sed -i '/\bFLATCURVE_EXPERIMENTAL\b/d' mailcow.conf
+  fi
+
+  solr_volume=$(docker volume ls -qf name=^${COMPOSE_PROJECT_NAME}_solr-vol-1)
+  if [[ -n $solr_volume ]]; then
+    echo -e "\e[34mSolr has been replaced within mailcow since 2024-12.\e[0m"
+    sleep 1
+    echo -e "\e[34mTherefore the volume $solr_volume is unused.\e[0m"
+    sleep 1
+    read -r -p "Would you like to remove the $solr_volume? " response
+    if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+      echo -e "\e[33mRemoving $solr_volume...\e[0m"
+      docker volume rm $solr_volume
+      if [[ $? != 0 ]]; then
+        echo -e "\e[31mCould not remove the volume... Please remove it manually!\e[0m"
+      else
+        echo -e "\e[32mSucessfully removed $solr_volume!\e[0m"
+      fi
+    else
+      echo "Ok! Not removing $solr_volume then."
+      echo "Once you decided on removing the volume simply run docker volume rm $solr_volume to remove it manually."
+      echo "This can be done anytime. mailcow does not use this volume anymore."
+    fi
+  fi  
+}
+
 ############## End Function Section ##############
 
 # Check permissions
@@ -523,8 +917,6 @@ CONFIG_ARRAY=(
   "MAILDIR_GC_TIME"
   "MAILDIR_SUB"
   "ACL_ANYONE"
-  "SOLR_HEAP"
-  "SKIP_SOLR"
   "ENABLE_SSL_SNI"
   "ALLOW_ADMIN_EMAIL_LOGIN"
   "SKIP_HTTP_VERIFICATION"
@@ -651,21 +1043,6 @@ for option in "${CONFIG_ARRAY[@]}"; do
       echo '# Otherwise a user might share data with too many other users.' >> mailcow.conf
       echo 'ACL_ANYONE=disallow' >> mailcow.conf
     fi
-  elif [[ "${option}" == "SOLR_HEAP" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Solr heap size, there is no recommendation, please see Solr docs.' >> mailcow.conf
-      echo '# Solr is a prone to run OOM on large systems and should be monitored. Unmonitored Solr setups are not recommended.' >> mailcow.conf
-      echo '# Solr will refuse to start with total system memory below or equal to 2 GB.' >> mailcow.conf
-      echo "SOLR_HEAP=1024" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "SKIP_SOLR" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Solr is disabled by default after upgrading from non-Solr to Solr-enabled mailcows.' >> mailcow.conf
-      echo '# Disable Solr or if you do not want to store a readable index of your mails in solr-vol-1.' >> mailcow.conf
-      echo "SKIP_SOLR=y" >> mailcow.conf
-    fi
   elif [[ "${option}" == "ENABLE_SSL_SNI" ]]; then
     if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
@@ -998,7 +1375,8 @@ for container in "${MAILCOW_CONTAINERS[@]}"; do
 done
 
 [[ -f data/conf/nginx/ZZZ-ejabberd.conf ]] && rm data/conf/nginx/ZZZ-ejabberd.conf
-
+migrate_solr_config_options
+adapt_new_options
 
 # Silently fixing remote url from andryyy to mailcow
 # git remote set-url origin https://github.com/mailcow/mailcow-dockerized

From de80c120c9cd4f41b75ba21ce3ad58a999fc6ea2 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 12 Dec 2024 16:57:32 +0100
Subject: [PATCH 415/755] update.sh: added silent fix for removing old fts.conf
 in order to update properly

---
 update.sh | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/update.sh b/update.sh
index d488c4784..6d9f8dd7e 100755
--- a/update.sh
+++ b/update.sh
@@ -694,7 +694,15 @@ migrate_solr_config_options() {
       echo "Once you decided on removing the volume simply run docker volume rm $solr_volume to remove it manually."
       echo "This can be done anytime. mailcow does not use this volume anymore."
     fi
-  fi  
+  fi
+
+  # Delete old fts.conf before forced switch to flatcurve to ensure update is working properly
+  FTS_CONF_PATH="data/conf/dovecot/conf.d/fts.conf"
+  if [[ -f "$FTS_CONF_PATH" ]]; then
+    if grep -q "Autogenerated by mailcow" "$FTS_CONF_PATH"; then
+      rm -rf $FTS_CONF_PATH
+    fi
+  fi
 }
 
 ############## End Function Section ##############

From 1c6684a5392ec66332a1e70653c50cce23114dd6 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 12 Dec 2024 17:02:21 +0100
Subject: [PATCH 416/755] compose: fix dovecot tagging

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 55481fb50..fc2ad58ca 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -229,7 +229,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:2.21
+      image: mailcow/dovecot:2.3
       depends_on:
         - mysql-mailcow
         - netfilter-mailcow

From 357a4d7fb34b3714f9274b3d98fbaa0e78885fc8 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 13 Dec 2024 12:21:12 +0100
Subject: [PATCH 417/755] [Web] Updated lang.fr-fr.json (#6209)

Co-authored-by: Neuronnexion <support@nnx.com>
---
 data/web/lang/lang.fr-fr.json | 71 ++++++++++++++++++++---------------
 1 file changed, 40 insertions(+), 31 deletions(-)

diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index 7348b6b5e..adcbd2a28 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -3,13 +3,13 @@
         "alias_domains": "Ajouter un alias de domaine",
         "app_passwds": "Gérer les mots de passe d'application",
         "bcc_maps": "Mapping BCC",
-        "delimiter_action": "Délimitation d'action",
+        "delimiter_action": "Action du délimiteur",
         "eas_reset": "Réinitialiser les périphériques EA",
         "extend_sender_acl": "Autoriser l'extension des ACL par des adresses externes",
         "filters": "Filtres",
         "login_as": "S'identifier en tant qu'utilisateur",
         "prohibited": "Interdit par les ACL",
-        "protocol_access": "Modifier le protocol d'acces",
+        "protocol_access": "Modifier le protocole d’accès",
         "pushover": "Pushover",
         "quarantine": "Actions de quarantaine",
         "quarantine_attachments": "Pièces jointes en quarantaine",
@@ -20,7 +20,7 @@
         "smtp_ip_access": "Changer les hôtes autorisés pour SMTP",
         "sogo_access": "Autoriser la gestion des accès à SOGo",
         "sogo_profile_reset": "Réinitialiser le profil SOGo",
-        "spam_alias": "Alias temporaire",
+        "spam_alias": "Alias temporaires",
         "spam_policy": "Liste Noire/Liste Blanche",
         "spam_score": "Score SPAM",
         "syncjobs": "Tâches de synchronisation",
@@ -48,13 +48,13 @@
         "comment_info": "Un commentaire privé n'est pas visible pour l'utilisateur, tandis qu'un commentaire public est affiché sous forme d'info-bulle lorsqu'on le survole dans un aperçu des utilisateurs",
         "custom_params": "Paramètres personnalisés",
         "custom_params_hint": "Correct : --param=xy, Incorrect : --param xy",
-        "delete1": "Supprimer à la source lorsque la synchronisation terminée",
-        "delete2": "Supprimer les messages à destination qui ne sont pas présents à la source",
-        "delete2duplicates": "Supprimer les doubles à destination",
+        "delete1": "Supprimer sur la source lorsque la synchronisation est terminée",
+        "delete2": "Supprimer les messages sur la destination qui ne sont pas présents sur la source",
+        "delete2duplicates": "Supprimer les doublons sur la destination",
         "description": "Description",
         "destination": "Destination",
         "disable_login": "Désactiver l'authentification (les courriels entrants resteront acceptés)",
-        "domain": "domaine",
+        "domain": "Domaine",
         "domain_matches_hostname": "Le domaine %s correspond à la machine (hostname)",
         "domain_quota_m": "Quota total du domaine (Mo)",
         "enc_method": "Méthode de chiffrement",
@@ -80,7 +80,7 @@
         "password": "Mot de passe",
         "password_repeat": "Confirmation du mot de passe (répéter)",
         "port": "Port",
-        "post_domain_add": "le conteneur SOGo, \"sogo-mailcow\", doit être redémarré après l'ajout d'un nouveau domaine!<br><br>De plus, la configuration DNS doit être révisée. Lorsque la configuration DNS est approuvée, redémarrer \"acme-mailcow\" pour générer automatiquement les certificats pour votre nouveau domaine (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;).<br>Cette étape est optionelle et sera réessayée toutes les 24 heures.",
+        "post_domain_add": "Le conteneur SOGo, « sogo-mailcow », doit être redémarré après l'ajout d'un nouveau domaine !<br><br>De plus, la configuration DNS doit être révisée. Lorsque la configuration DNS est approuvée, redémarrer « acme-mailcow » pour générer automatiquement les certificats pour votre nouveau domaine (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;).<br>Cette étape est optionnelle et sera réessayée toutes les 24 heures.",
         "private_comment": "Commentaire privé",
         "public_comment": "Commentaire public",
         "quota_mb": "Quota (Mo)",
@@ -286,7 +286,7 @@
         "rspamd_settings_map": "Carte des paramètres Rspamd",
         "sal_level": "Niveau Moo",
         "save": "Enregistrer les modifications",
-        "search_domain_da": "Recherche domaines",
+        "search_domain_da": "Rechercher des domaines",
         "send": "Envoyer",
         "sender": "Expéditeur",
         "service_id": "ID du service",
@@ -415,7 +415,7 @@
         "mailboxes_in_use": "Le max. des boîtes de réception doit être supérieur ou égal à %d",
         "malformed_username": "Nom d’utilisateur malformé",
         "map_content_empty": "Le contenu de la carte ne peut pas être vide",
-        "max_alias_exceeded": "Le nombre max. d'aliases est dépassé",
+        "max_alias_exceeded": "Le nombre max. d'alias est dépassé",
         "max_mailbox_exceeded": "Le nombre max. de boîte de réception est dépassé (%d of %d)",
         "max_quota_in_use": "Le quota de la boîte de réception doit être supérieur ou égal à %d Mo",
         "maxquota_empty": "Le quota maximum par boîte de réception ne doit pas être de 0.",
@@ -515,7 +515,9 @@
         "wip": "En cours de réalisation",
         "architecture": "Architecture",
         "cores": "Cœurs",
-        "current_time": "Heure du système"
+        "current_time": "Heure du système",
+        "container_disabled": "Conteneur arrêté ou désactivé",
+        "error_show_ip": "Impossible de résoudre les adresses IP publiques"
     },
     "diagnostics": {
         "cname_from_a": "Valeur dérivée de l’enregistrement A/AAAA. Ceci est supporté tant que l’enregistrement indique la bonne ressource.",
@@ -526,7 +528,7 @@
         "dns_records_name": "Nom",
         "dns_records_status": "État courant",
         "dns_records_type": "Type",
-        "optional": "Cet enregistrement est optionel."
+        "optional": "Cet enregistrement est optionnel."
     },
     "edit": {
         "active": "Actif",
@@ -545,7 +547,7 @@
         "comment_info": "Un commentaire privé n’est pas visible pour l’utilisateur, tandis qu’un commentaire public est affiché comme infobulle lorsque vous le placez dans un aperçu des utilisateurs",
         "delete1": "Supprimer de la source une fois terminé",
         "delete2": "Supprimer les messages sur la destination qui ne sont pas sur la source",
-        "delete2duplicates": "Supprimer les doublons à destination",
+        "delete2duplicates": "Supprimer les doublons sur la destination",
         "delete_ays": "Veuillez confirmer le processus de suppression.",
         "description": "Description",
         "disable_login": "Refuser l’ouverture de session (le courrier entrant est toujours accepté)",
@@ -660,7 +662,8 @@
         "mailbox_rename": "Renommer la boîte de réception",
         "mailbox_rename_agree": "J'ai fait une sauvegarde.",
         "mailbox_rename_warning": "IMPORTANT ! Faites une sauvegarde avant de renommer la boîte de réception.",
-        "mailbox_rename_alias": "Créer un alias automatiquement"
+        "mailbox_rename_alias": "Créer un alias automatiquement",
+        "sogo_access": "Autoriser la connexion directe à SOGo"
     },
     "footer": {
         "cancel": "Annuler",
@@ -725,9 +728,9 @@
         "add_tls_policy_map": "Ajouter la carte de la politique des TLS",
         "address_rewriting": "Réécriture de l’adresse",
         "alias": "Alias",
-        "alias_domain_alias_hint": "Les alias <b>ne sont pas</b> appliqués automatiquement sur les alias de domaine. Un alias d'adresse <code>my-alias@domain</code> <b>ne couvre pas</b> l'adresse <code>my-alias@alias-domain</code> (où \"alias-domain\" est un alias imaginaire pour \"domain\").<br>Veuillez utiliser un filtre à tamis pour rediriger le courrier vers une boîte de réception externe (voir l'onglet « Filtres » ou utilisez SOGo → Transférer).",
+        "alias_domain_alias_hint": "Les alias <b>ne sont pas</b> appliqués automatiquement sur les alias de domaine. Un alias d'adresse <code>my-alias@domain</code> <b>ne couvre pas</b> l'adresse <code>my-alias@alias-domain</code> (où « alias-domain » est un alias imaginaire pour « domain »).<br>Veuillez utiliser un filtre sieve pour rediriger le courrier vers une boîte de réception externe (voir l'onglet « Filtres » ou utilisez SOGo → Transférer). Utilisez « Étendre l'alias aux alias de domaine » pour ajouter automatiquement les alias manquants.",
         "alias_domain_backupmx": "Alias de domaine inactif pour le domaine relais",
-        "aliases": "Aliases",
+        "aliases": "Alias",
         "allow_from_smtp": "Restreindre l'utilisation de <b>SMTP</b> à ces adresses IP",
         "allow_from_smtp_info": "Laissez vide pour autoriser tous les expéditeurs.<br>Adresses IPv4/IPv6 et réseaux.",
         "allowed_protocols": "Protocoles autorisés",
@@ -820,7 +823,7 @@
         "running": "En fonctionnement",
         "set_postfilter": "Marquer comme postfiltre",
         "set_prefilter": "Marquer comme préfiltre",
-        "sieve_info": "Vous pouvez stocker plusieurs filtres par utilisateur, mais un seul préfiltre et un seul postfiltre peuvent être actifs simultanément.<br>\nChaque filtre sera traité dans l’ordre décrit. Ni un script « rejeter » ni un « garder » n’arrêtera le traitement des autres scripts. Les modifications apportées aux scripts de tamis globaux déclencheront un redémarrage de Dovecot.<br><br>Préfiltre de tamis global → Préfiltre → Scripts utilisateur → Postfiltre → Postfiltre du tamis global",
+        "sieve_info": "Vous pouvez stocker plusieurs filtres par utilisateur, mais un seul préfiltre et un seul postfiltre peuvent être actifs simultanément.<br>\nChaque filtre sera traité dans l’ordre décrit. Ni un script en échec ni un « keep; » n’arrêtera le traitement des autres scripts. Les modifications apportées aux scripts sieve globaux déclencheront un redémarrage de Dovecot.<br><br>Préfiltre sieve global → Préfiltre → Scripts utilisateur → Postfiltre → Postfiltre sieve global",
         "sieve_preset_1": "Jeter le courrier avec les types de fichiers dangereux probables",
         "sieve_preset_2": "Toujours marquer l'adresse de courriel d’un expéditeur spécifique comme vu",
         "sieve_preset_3": "Jeter en silence, arrêter tout traitement supplémentaire par filtre sieve",
@@ -866,7 +869,9 @@
         "mailbox_templates": "Modèle de boîte de réception",
         "relay_unknown": "Relayer les boîtes de réception inconnues",
         "all_domains": "Tous les domaines",
-        "syncjob_EXIT_OVERQUOTA": "Quota dépassé de la boîte de réception cible"
+        "syncjob_EXIT_OVERQUOTA": "Quota dépassé de la boîte de réception cible",
+        "domain_templates": "Modèles de domaine",
+        "syncjob_last_run_result": "Résultat de la dernière exécution"
     },
     "oauth2": {
         "access_denied": "Veuillez vous connecter en tant que propriétaire de la boîte de réception pour accorder l’accès via Oauth2.",
@@ -939,7 +944,8 @@
         "hold_mail_legend": "Met en attente les courriers sélectionnés. (Empêche les tentatives de distribution ultérieures)",
         "unban": "file d'attente d'unban",
         "unhold_mail": "Libérer",
-        "unhold_mail_legend": "Libère les courriers sélectionnés pour la distribution. (Nécessite une mise en attente préalable)"
+        "unhold_mail_legend": "Libère les courriers sélectionnés pour la distribution. (Nécessite une mise en attente préalable)",
+        "show_message": "Afficher le message"
     },
     "start": {
         "help": "Afficher/masquer le panneau d’aide",
@@ -962,14 +968,14 @@
         "app_links": "Modifications enregistrées dans les liens d’application",
         "app_passwd_added": "Ajout d’un nouveau mot de passe d’application",
         "app_passwd_removed": "Suppression de l’identifiant du mot de passe de l’application %s",
-        "bcc_deleted": "Suppression des entrées de la carte BCC : %s",
+        "bcc_deleted": "Suppression des entrées de la carte BCC : %s",
         "bcc_edited": "Entrée de la carte BCC %s modifiée",
         "bcc_saved": "Saisie de carte BCC enregistrée",
         "db_init_complete": "Initialisation de la base de données terminée",
         "delete_filter": "ID des filtres supprimés %s",
         "delete_filters": "Filtres supprimés : %s",
-        "deleted_syncjob": "ID du travail de synchronisation supprimé : %s",
-        "deleted_syncjobs": "Travail de synchronisation supprimé : %s",
+        "deleted_syncjob": "ID de la tâche de synchronisation supprimée : %s",
+        "deleted_syncjobs": "Tâche de synchronisation supprimée : %s",
         "dkim_added": "La clé DKIM %s a été enregistrée",
         "dkim_duplicated": "La clé DKIM pour le domaine %s a été copiée vers %s",
         "dkim_removed": "La clé DKIM %s a été supprimée",
@@ -1105,7 +1111,7 @@
         "daily": "Quotidien",
         "day": "jour",
         "delete_ays": "Veuillez confirmer le processus de suppression.",
-        "direct_aliases": "Adresses alias directes",
+        "direct_aliases": "Adresses d'alias directes",
         "direct_aliases_desc": "Les adresses d’alias directes sont affectées par le filtre anti-spam et les paramètres de politique TLS.",
         "eas_reset": "Réinitialiser le cache de l’appareil ActiveSync",
         "eas_reset_help": "Dans de nombreux cas, une réinitialisation du cache de l’appareil aidera à récupérer un profil ActiveSync cassé.<br><b>Attention :</b> Tous les éléments seront de nouveau téléchargés !",
@@ -1170,7 +1176,7 @@
         "spamfilter": "Filtre de spam",
         "spamfilter_behavior": "Note",
         "spamfilter_bl": "Liste noire (BlackList)",
-        "spamfilter_bl_desc": "Les adresses de courriel sur la liste noire de <b>toujours</b> peuvent être classées comme des pourriels et rejetées. Des caractères génériques peuvent être utilisés. Un filtre n’est appliqué qu’aux alias directs (alias avec une seule boîte de réception cible), à l’exclusion des alias tous azimuts et d’une boîte de réception elle-même.",
+        "spamfilter_bl_desc": "Les adresses de courriel sur liste noire qui doivent <b>toujours</b> être classées comme des pourriels et rejetées. Les messages rejetés <b>ne seront pas<b> copiés dans la quarantaine. Des caractères génériques peuvent être utilisés. Un filtre n’est appliqué qu’aux alias directs (alias avec une seule boîte de réception cible), à l’exclusion des alias attrape-tout et d’une boîte de réception elle-même.",
         "spamfilter_default_score": "Valeurs par défaut",
         "spamfilter_green": "Vert : ce message n'est pas un spam",
         "spamfilter_hint": "La première valeur indique un « faible score de spam », la seconde représente un « haut score de spam ».",
@@ -1182,10 +1188,10 @@
         "spamfilter_table_remove": "supprimer",
         "spamfilter_table_rule": "Règle",
         "spamfilter_wl": "Liste blanche (WhiteList)",
-        "spamfilter_wl_desc": "La liste blanche est programmée pour <b> ne jamais</b> classer comme spam les adresses de courriel qu'elle contient. Des caractères génériques peuvent être utilisés. Un filtre n’est appliqué qu’aux alias directs (alias avec une seule boîte de réception cible), à l’exclusion des alias catch-all et d’une boîte de réception.",
+        "spamfilter_wl_desc": "La liste blanche est programmée pour <b> ne jamais</b> classer comme spam les adresses de courriel qu'elle contient. Des caractères génériques peuvent être utilisés. Un filtre n’est appliqué qu’aux alias directs (alias avec une seule boîte de réception cible), à l’exclusion des alias attrape-tout et d’une boîte de réception.",
         "spamfilter_yellow": "Jaune : ce message est peut être un spam, il sera étiqueté comme spam et déplacé vers votre dossier Pourriel",
         "status": "Statut",
-        "sync_jobs": "Jobs de synchronisation",
+        "sync_jobs": "Tâches de synchronisation",
         "tag_handling": "Régler la manipulation du courrier étiqueté",
         "tag_help_example": "Exemple pour une adresse de courriel étiquetée : me<b>+Facebook</b>@example.org",
         "tag_help_explain": "Dans un sous-dossier : un nouveau sous-dossier nommé selon l'étiquette sera créé sous INBOX (\"INBOX/Facebook\").<br>\nDans le sujet : le nom des balises sera ajouté au début du sujet de l'e-mail, exemple : \"[Facebook] My News\".",
@@ -1232,13 +1238,15 @@
         "allowed_protocols": "Protocoles autorisés",
         "mailbox": "Boîte de réception",
         "password_reset_info": "Si aucun email pour la récupération du mot de passe n'est fourni, cette fonction ne peut pas être utilisée.",
-        "pw_recovery_email": "Email de récupération pour son mot de passe"
+        "pw_recovery_email": "Email de récupération pour son mot de passe",
+        "month": "mois",
+        "from": "de"
     },
     "warning": {
         "cannot_delete_self": "Impossible de supprimer l’utilisateur connecté",
         "domain_added_sogo_failed": "Ajout d’un domaine mais échec du redémarrage de Sogo, veuillez vérifier les journaux de votre serveur.",
         "dovecot_restart_failed": "Dovecot n’a pas pu redémarrer, veuillez vérifier les journaux",
-        "fuzzy_learn_error": "Erreur d’apprentissage du hachage flou: %s",
+        "fuzzy_learn_error": "Erreur d’apprentissage du hachage flou : %s",
         "hash_not_found": "Hachage non trouvé ou déjà supprimé",
         "ip_invalid": "IP non valide ignorée : %s",
         "no_active_admin": "Impossible de désactiver le dernier administrateur actif",
@@ -1259,13 +1267,14 @@
             "sortAscending": ": activer pour trier les colonnes en ordre croissant",
             "sortDescending": ": activer pour trier les colonnes en ordre décroissant"
         },
-        "infoEmpty": "Affichage de 0 à 0 de 0 entrées",
-        "infoFiltered": "(filtré à partir de _MAX_ entrées totales)",
+        "infoEmpty": "Affichage de 0 à 0 sur 0 entrée",
+        "infoFiltered": "(filtré à partir de _MAX_ entrée(s) totale(s))",
         "lengthMenu": "Afficher les entrées _MENU_",
         "loadingRecords": "Chargement…",
         "processing": "Veuillez patienter…",
         "collapse_all": "Tout réduire",
-        "info": "Affichage de _START_ de _END_ sur _TOTAL_ entrées"
+        "info": "Affichage de _START_ à _END_ sur _TOTAL_ entrée(s)",
+        "search": "Rechercher :"
     },
     "ratelimit": {
         "disabled": "Désactivé"

From c6f6eda0bffce56169e55c9bfc41fe41ff5b249d Mon Sep 17 00:00:00 2001
From: Jan Oratowski <54535207+jan-oratowski@users.noreply.github.com>
Date: Sat, 14 Dec 2024 15:27:37 +0100
Subject: [PATCH 418/755] Fix missing property in Create Sync Job request

In example there was property called "user1", but it was missing from request definition.

This resulted in nswagger generating incorrect C# API code.
---
 data/web/api/openapi.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/data/web/api/openapi.yaml b/data/web/api/openapi.yaml
index 09d613aa2..8f9e96590 100644
--- a/data/web/api/openapi.yaml
+++ b/data/web/api/openapi.yaml
@@ -1531,6 +1531,9 @@ paths:
                 port1:
                   description: the smtp port of the target mail server
                   type: string
+                user1:
+                  description: the username of the mailbox
+                  type: string
                 password:
                   description: the password of the mailbox
                   type: string

From 65bc8f09729ff79bb46b885202fd095b09a04d80 Mon Sep 17 00:00:00 2001
From: Amin <74154304+Babybatrick@users.noreply.github.com>
Date: Thu, 19 Dec 2024 21:59:05 +0800
Subject: [PATCH 419/755] Update docker-compose.yml (sogo-mailcow)

This commit includes the addition of 3 lines, in the volumes part of the sogo-mailcow container, to allow for better customisation of the user interface on the web client page.
---
 docker-compose.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index fc2ad58ca..a9c7c9469 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -206,6 +206,9 @@ services:
         - ./data/conf/sogo/:/etc/sogo/:z
         - ./data/web/inc/init_db.inc.php:/init_db.inc.php:z
         - ./data/conf/sogo/custom-favicon.ico:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo.ico:z
+        - ./data/conf/sogo/custom-shortlogo.svg:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-compact.svg:z
+        - ./data/conf/sogo/custom-fulllogo.svg:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-full.svg:z
+        - ./data/conf/sogo/custom-fulllogo.png:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-logo.png:z
         - ./data/conf/sogo/custom-theme.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/theme.js:z
         - ./data/conf/sogo/custom-sogo.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/custom-sogo.js:z
         - mysql-socket-vol-1:/var/run/mysqld/

From ade20d79d45a4f82b7c4f5d4896b9e77b501b43f Mon Sep 17 00:00:00 2001
From: Amin <74154304+Babybatrick@users.noreply.github.com>
Date: Thu, 19 Dec 2024 22:13:27 +0800
Subject: [PATCH 420/755] Uploading of the necessary files, after new volumes
 were added to docker-compose.yml (sogo-mailcow container)

After new volumes were added to docker-compose.yml in the sogo-mailcow container, it is necessary to include the specified files in the path, in order for docker to correctly start after running `docker compose up` command, otherwise error will appear, as necessary files would be missing.
The files uploaded are original SOGo UI elements, obtained from the sogo-mailcow container. Whenever users will need to change the UI elements, they would just need to change these files. Hence simplifying the process.
---
 data/conf/sogo/custom-fulllogo.png  | Bin 0 -> 2272 bytes
 data/conf/sogo/custom-fulllogo.svg  |  44 ++++++++++++++++++++++++++++
 data/conf/sogo/custom-shortlogo.svg |  16 ++++++++++
 3 files changed, 60 insertions(+)
 create mode 100644 data/conf/sogo/custom-fulllogo.png
 create mode 100644 data/conf/sogo/custom-fulllogo.svg
 create mode 100644 data/conf/sogo/custom-shortlogo.svg

diff --git a/data/conf/sogo/custom-fulllogo.png b/data/conf/sogo/custom-fulllogo.png
new file mode 100644
index 0000000000000000000000000000000000000000..f5d3a75562c398f8ef2ff46ca67284882ac69718
GIT binary patch
literal 2272
zcmb7GXH*gl8+DOd4iw8{X^N@2P;=&d9pIuA2cm*2R~F&OELW5>ckb~j9=9oK;)*nj
zw32dVN|6f(`kISObI0fV@BRBd=brmK_nvd_?<WOeXC-+0{Amsj4nZ4hs3Qjlr|QYw
z!^eHXJ0#!dCrb-)%^AjKvk_$L{|j4Zq{mO<BH@m9P8>kfN3TcN<slm0EwfphG6<kT
z^H~lKKDZ6k%=rQ5+E;*Rp9~N%ny8v)v5BV}P)$87_k*=Bn%JE*{C8M}HR8Hq?`V;6
zht5wlZ6zY7D+*-q7n>UYQ+ZzQ`tzSQgw#~VN2&@HRO%Ml#1l73JiW|RByDq<mFI`%
zyBJ)qo^bQ?RS`7LLH^Vxmk|f2H89x<N+l)AW2)g^I%9qUt}T{w{xzSqudtOH!HyQ7
zv@mA917*vfbFS;IrN$)}aw@t|g=FjVs<q6&#HApu^81u)b>F=yU}OnWLgB4U)!18`
zHv1=0H(kwe`QN?ZZR#_>G;|^!+;k@_^~dhJmGrANj%EdC{;B<O=^*Fp<-gc(!o=EL
zwrywI!e3iV6(1I^d)+u)TysTtJnKeS0n>D70^)X?i}EHtjZ1cu-TutE$qS<UJ2Xy7
zH#RatszPE({3u?Y`nqCp!ei1s4IAFSzTKyjXMnF4>^Ly@^`i`3EZ6K<R)=c7$6vX3
zJ7SKYK8quADb0@+X&)Et-SXv$GZ3oYhtjhsBCL&TSkYc?a(#wcS*ot77&Htx?f{)p
z`ZkTYope928vMyu@}4sKaFgu;=niSD2+r#@1`1hcK4seJa0S+>=Q8(Vf__Ml%^60;
zaUo)Ows)J-@l`jY;N^OZJa0Ebh<Efu6r2`;vryzz>+{R@pYW&@cjyFFtc9A#6K7B&
zkQfy$C4J(|;exdOimZYW$&KGP?MT#Z@_IcGzts^#@aNA5fOaHMk#~-51QT1C=#`>j
z>%Q{LoEqaSZZ$_7!N`GU-4Qts8AfK7o1b3El^-IYr;s3;f<ET`+1sJj!(NgdD9UsZ
ze(*R&%tuIEN6dF?r}Sf}+eTH&?!D><N#P7qw9GuOaK52CiSRSq1D*W~4yJgVHwH(k
zfAZh8#E4zc%n-(q(K}T}XZpDmg>22<DU{wq#XtiSc`lFJfu^J%Yww$@olV**hR7ka
zRo<V=l=D=?SPz88=-e7GqmBxjeS17o;ThV=k~*a%G8hPdWQ7lv#hl7XLeIW6?q+PP
zueMWJO15*Q3$EKF-~jC*Q%A_Edak$l@7L|JA4Up;x}6}xY4(gTREO*+L{H*{ZkBL%
z&3ne+)>4RXM~;o{8oEiK_Se&?XX`{iAL8Vw-;U7IT#>z?i<0RX9`M**5v#M=6WxS!
z(iTl}(X3X-e3=HMX{t}f4ScTz-5d+#7EBQ8T#!$5sL9%ZkH5TP+jWGHPLS>pxHua3
z#;-%GM`DI+^`i&aX*8iWt40);98MLuIoF_f{^gC`OU7rsb)N%{7E{7mFLzC1aGA4r
z!A|zS!(aK5#+yI$p05T`x<>lbU#<8|7-U-<L5qIts#yh=P;g=5+OY#P6#wkQkY9l!
zxfeQGaWI?J04c5H`AfI-F7fZfIyn|FW(Hh{pXKBI^g41TLe2CXnas_%fN4!K<0s_o
zd>zo%XJS6$ZaYX|lYD@DJHfd+GBuhOug03{C*hc%E<s_xsPh1MBJGP4-vTS8y&A9L
zW{uiVyC2J*+H5Fo3i5MP=AG=tNE+(v>+qmp{OHY`{Nx^Re2Z+Q8Pw?VElE#D&Q44r
zap+<oY>#S68>W^d+(8n3C+ln$zWJ5wzi-Xuv^l%=wvO6n5ICYiwjJTEU8OjuDeQ0^
zL9(hBKxS{}aVaz`cFY=?u094eopH7L7(p()t4fn~A_UIzx`U`UaYl*`RXDmDvv3xK
z{BFRowm$RPg_<0<I1JdT^jJQJO^RF(Zp7x2?7#b0#MBHCG67#QM=!wAtz{qE(GwBg
z+ownjzEY;vmAU3WUPAGC{y)l;Y04R~=w|P|{nTwpsSGFP;~;$42<LMrabb1k+q60M
zy25+m?;g2Bh7!tad8s~2piW8SLU%As#!+E8kr`1xkkVIU**VxIFlsLo9fI5L#k+rd
z;tRcCA467Wost2W$Z@;=9R0=fVlY|xTJ-z}I9iQWD;0j!zr%;>iO~RD=w4gGHy@OF
z5)ei2TE!Wu&jGujxh2XJ5m>TY@kfyjaUHIFwbp~;&C+T<m|leS7_vpV$vs-1v1P99
zyT^Kw-+~7lWX;5BSC_G6Rft5d$Bijik%WrXq|qq3ubzs(y`Cyxc)^7gUUH+MT!{Vb
zzGVdJkQwlhTGDN#7GO}CF0jS-`)|e*|5|rCT!-&rm}oo?bgRX6Sak!1mz3<?qdHhv
z))M~eb=U>smjjo-boHr~R2!^*a9iBoZ8)4=p9X|6H3S~{IE5HTY~bk-p4zG$XWR~6
z??IH$=h7LPoyvGn2Ip4%$g^wydg~BTu7Klp9vJ%=aJ@YB5%?_Uuz4mi_;o-<PmNCk
zl5_n5%(g3xkXw2!Mb1PuZGJ5$rKnQEQd<OUS7i&vL>D0I!f^>vcl^=G6fsG(6{K=v
zvhS|yQp120iM}ZLrE87Ka<MfLlXwH!%X8k3&9)8td{`Fp<Y0Vp(dfEE6*EII(zCeg
zU_X=<eUr`$hdF>Z;9`Gy;th+WHbW$>i|FW;o#cXr)o9HuUAu?nq?h_VjkDf#uWl{M
zm{+@I9hefu1`xdI7p3@IG*MUml25ec^x_`upnNCSZucl9pe=KZRd-v@b<JhgCap4~
zp!5O5$mjF9<NHi=6N5&TJB}ery3>q_j-0$1dnmcZ{>NSUU`1SLWm!xY_J(C+Ok7QR
zfMR#UtS~%Vu9bA3l?F@oTru2h;nx@_iEm_bT-p7j?<CCIk3p{Q0vqcR=cq$A|4f>2
jFc6>ef|S{3{_`5>1#<RQX{aj6{p;Dl?4Zr&-f{l}h`B~U

literal 0
HcmV?d00001

diff --git a/data/conf/sogo/custom-fulllogo.svg b/data/conf/sogo/custom-fulllogo.svg
new file mode 100644
index 000000000..98ff2fc3b
--- /dev/null
+++ b/data/conf/sogo/custom-fulllogo.svg
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 16.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [
+	<!ENTITY st0 "fill:#50BD37;">
+]>
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 width="640px" height="350px" viewBox="78.712 58.488 640 350" style="enable-background:new 78.712 58.488 640 350;"
+	 xml:space="preserve">
+<path style="&st0;" d="M648.541,145.679c-9.947,0-17.009-7.278-17.009-17.048c0-9.777,7.062-17.057,17.009-17.057
+	c10.024,0,17.086,7.279,17.086,17.057C665.627,138.401,658.565,145.679,648.541,145.679z M648.511,94.893
+	c-19.693,0-33.679,14.4-33.679,33.738c0,19.33,13.985,33.729,33.679,33.729c19.822,0,33.808-14.4,33.808-33.729
+	C682.318,109.293,668.333,94.893,648.511,94.893z M648.482,179.843c-29.889,0-51.123-21.868-51.123-51.212
+	c0-29.353,21.234-51.209,51.123-51.209c30.082,0,51.307,21.856,51.307,51.209C699.789,157.975,678.564,179.843,648.482,179.843z
+	 M648.442,58.488c-40.929,0-69.995,29.946-69.995,70.143c0,40.189,29.066,70.125,69.995,70.125c41.194,0,70.27-29.937,70.27-70.125
+	C718.712,88.434,689.637,58.488,648.442,58.488z M158.166,183.902l-21.018-5.008c-19.131-4.396-28.849-9.413-28.849-23.21
+	c0-15.684,15.99-21.965,30.419-21.965c14.667,0,25.382,7.329,31.693,18.737c0.02,0.048,0.051,0.097,0.09,0.157
+	c0.127,0.247,0.276,0.484,0.403,0.731l0.03-0.02c1.985,3.002,5.323,5.008,8.919,5.008c6.122,0,10.558-4.425,10.558-10.547
+	c0-2.341-0.504-4.82-1.601-6.688c-10.764-18.302-28.513-26.192-48.838-26.192c-27.594,0-54.262,13.797-54.262,44.218
+	c0,27.921,27.605,36.079,37.64,38.578l20.069,4.71c15.368,3.763,27.912,8.791,27.912,23.517c0,16.938-17.561,23.943-34.499,23.943
+	c-17.245,0-30.015-9.37-38.814-22.37h-0.01c-1.956-3-4.988-4.328-8.702-4.328c-5.984,0-10.805,5.185-10.587,11.162
+	c0.098,2.438,0.909,4.637,2.153,6.405c13.787,20.633,33.728,28.41,55.96,28.41c28.543,0,57.085-13.143,57.085-45.132
+	C193.918,203.325,178.551,188.613,158.166,183.902z M298.479,250.312c-33.866,0-55.199-25.403-55.199-58.331
+	c0-32.939,21.333-58.343,55.199-58.343c34.192,0,55.516,25.403,55.516,58.343C353.996,224.91,332.672,250.312,298.479,250.312z
+	 M298.479,114.823c-45.471,0-77.777,32.93-77.777,77.158c0,44.217,32.306,77.146,77.777,77.146
+	c45.786,0,78.093-32.929,78.093-77.146C376.572,147.753,344.266,114.823,298.479,114.823z M518.715,234.312
+	c-0.771,0.74-1.549,1.472-2.399,2.175c-1.106,1.014-2.391,2.112-3.854,3.208c-8.829,6.391-19.979,10.094-33.017,10.094
+	c-33.876,0-55.198-25.402-55.198-58.332c0-32.939,21.322-58.342,55.198-58.342c34.183,0,55.506,25.403,55.506,58.342
+	C534.951,208.653,529.135,223.774,518.715,234.312z M468.097,317.938c2.528,0,5.146-0.168,7.863-0.504
+	c5.018-0.631,9.588-0.909,13.729-0.909c19.24,0.109,29.036,5.7,34.943,12.158c5.895,6.499,8.168,15.311,8.158,22.796
+	c0.01,3.586-0.555,6.795-1.177,8.721c-2.944,8.93-8.888,15.002-17.996,19.576c-9.035,4.484-21.095,6.777-33.707,6.757
+	c-4.514,0-9.105-0.288-13.639-0.831c-8.573-0.987-19.911-4.671-28.13-11.093c-4.138-3.199-6.458-6.991-8.858-11.485
+	c-2.379-4.514-2.783-9.748-2.783-16.442v-0.742c0-12.346,4.84-20.544,11.051-26.5c3.07-2.904,5.69-5.064,7.99-6.438
+	c0.366-0.218,0.438-0.416,0.755-0.593C452.39,316.014,459.684,317.968,468.097,317.938z M479.445,114.301
+	c-45.471,0-77.786,32.929-77.786,77.157c0,29.887,14.765,54.598,38.378,67.489c-0.314,0.314-0.621,0.641-0.916,0.966
+	c-6.104,6.687-9.226,15.25-9.236,23.913c-0.008,3.821,0.624,7.741,1.977,11.494c-3.062,1.956-6.717,4.634-10.46,8.147
+	c-9.026,8.408-18.734,22.541-19.021,42.097c-0.01,0.454-0.01,0.829-0.01,1.118c-0.01,10.071,2.379,19.157,6.459,26.774
+	c6.133,11.466,15.683,19.445,25.539,24.77c9.917,5.334,20.257,8.166,29.273,9.274c5.373,0.643,10.826,0.988,16.268,0.988
+	c15.151-0.02,30.261-2.578,43.409-9.019c13.085-6.34,24.333-17.253,29.192-32.562c1.443-4.553,2.212-9.719,2.231-15.428
+	c-0.02-11.595-3.349-25.759-13.767-37.452c-10.421-11.734-27.654-19.566-51.288-19.459c-5.138,0-10.606,0.356-16.426,1.078
+	c-1.877,0.227-3.596,0.334-5.166,0.334c-7.239-0.048-10.872-2.053-13.036-4.098c-2.133-2.084-3.2-4.839-3.229-8.058
+	c-0.01-3.28,1.284-6.727,3.467-9.078c2.231-2.332,5.008-3.91,9.846-3.97c0.436,0,0.9,0.01,1.374,0.05
+	c3.101,0.216,6.112,0.325,9.037,0.325c24.188,0.047,42.38-7.448,54.756-17.759c12.415-10.312,18.971-22.854,22.071-32.76l-0.04-0.01
+	c3.37-8.899,5.197-18.715,5.197-29.166C557.539,147.229,525.234,114.301,479.445,114.301z"/>
+</svg>
diff --git a/data/conf/sogo/custom-shortlogo.svg b/data/conf/sogo/custom-shortlogo.svg
new file mode 100644
index 000000000..b5adf534c
--- /dev/null
+++ b/data/conf/sogo/custom-shortlogo.svg
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 16.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [
+	<!ENTITY st0 "fill:#50BD37;">
+]>
+<svg version="1.1" id="SOGo" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 width="140.263px" height="140.269px" viewBox="499.737 0 140.263 140.269"
+	 style="enable-background:new 499.737 0 140.263 140.269;" xml:space="preserve">
+<path style="&st0;" d="M569.697,87.024c-9.928,0-16.975-7.264-16.975-17.017c0-9.757,7.047-17.022,16.975-17.022
+	c10.006,0,17.054,7.265,17.054,17.022C586.751,79.76,579.703,87.024,569.697,87.024z M569.667,36.335
+	c-19.657,0-33.614,14.372-33.614,33.673c0,19.294,13.955,33.667,33.614,33.667c19.787,0,33.745-14.372,33.745-33.667
+	C603.411,50.707,589.454,36.335,569.667,36.335z M569.639,121.123c-29.833,0-51.025-21.825-51.025-51.115
+	c0-29.296,21.192-51.111,51.025-51.111c30.025,0,51.213,21.815,51.213,51.111C620.852,99.298,599.664,121.123,569.639,121.123z
+	 M569.602,0c-40.854,0-69.864,29.889-69.864,70.007c0,40.112,29.01,69.993,69.864,69.993c41.116,0,70.136-29.88,70.136-69.993
+	C639.737,29.889,610.719,0,569.602,0z"/>
+</svg>

From 2d2dacb70efb8bb5a28cae66105185b10d0f8c96 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Thu, 19 Dec 2024 17:10:43 +0100
Subject: [PATCH 421/755] [Web] Updated lang.fr-fr.json (#6221)

[Web] Updated lang.fr-fr.json

Co-authored-by: Neuronnexion <support@nnx.com>
Co-authored-by: Peter <magic@kthx.at>
---
 data/web/lang/lang.fr-fr.json | 263 ++++++++++++++++++++--------------
 1 file changed, 159 insertions(+), 104 deletions(-)

diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index adcbd2a28..0e250b0ae 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -4,7 +4,7 @@
         "app_passwds": "Gérer les mots de passe d'application",
         "bcc_maps": "Mapping BCC",
         "delimiter_action": "Action du délimiteur",
-        "eas_reset": "Réinitialiser les périphériques EA",
+        "eas_reset": "Réinitialiser les périphériques EAS",
         "extend_sender_acl": "Autoriser l'extension des ACL par des adresses externes",
         "filters": "Filtres",
         "login_as": "S'identifier en tant qu'utilisateur",
@@ -43,11 +43,11 @@
         "alias_domain_info": "<small>Seulement des noms de domaines valides (séparés par des virgules).</small>",
         "app_name": "Nom de l'application",
         "app_password": "Mot de passe de l'application",
-        "automap": "Tenter de cibler automatiquement les dossiers (\"Sent items\", \"Sent\" => \"Sent\" etc.)",
+        "automap": "Tenter de cibler automatiquement les dossiers (« Sent items », « Sent » => « Sent » etc.)",
         "backup_mx_options": "Options de MX secondaire",
         "comment_info": "Un commentaire privé n'est pas visible pour l'utilisateur, tandis qu'un commentaire public est affiché sous forme d'info-bulle lorsqu'on le survole dans un aperçu des utilisateurs",
         "custom_params": "Paramètres personnalisés",
-        "custom_params_hint": "Correct : --param=xy, Incorrect : --param xy",
+        "custom_params_hint": "Correct : --param=xy, incorrect : --param xy",
         "delete1": "Supprimer sur la source lorsque la synchronisation est terminée",
         "delete2": "Supprimer les messages sur la destination qui ne sont pas présents sur la source",
         "delete2duplicates": "Supprimer les doublons sur la destination",
@@ -85,11 +85,11 @@
         "public_comment": "Commentaire public",
         "quota_mb": "Quota (Mo)",
         "relay_all": "Relayer tous les destinataires",
-        "relay_all_info": "↪ Si vous choissisez <b>de ne pas</b> relayer tous les destinataires, vous devez ajouter une boîte de réception (\"aveugle\") pour chaque destinataire simple qui doit être relayé.",
+        "relay_all_info": "↪ Si vous choisissez <b>de ne pas</b> relayer tous les destinataires, vous devez ajouter une boîte de réception (« aveugle ») pour chaque destinataire simple qui doit être relayé.",
         "relay_domain": "Relayer ce domaine",
-        "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Info</div> Vous pouvez définir des cartes de transport vers une destination personnalisée pour ce domaine. sinon, une recherche MX sera effectuée.",
+        "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Info</div> Vous pouvez définir des cartes de transport vers une destination personnalisée pour ce domaine. Sinon, une recherche MX sera effectuée.",
         "relay_unknown_only": "Relayer uniquement les boîtes de réception inexistantes. Les boîtes de réception existantes seront livrées localement.",
-        "relayhost_wrapped_tls_info": "Veuillez <b>ne pas</b> utiliser des ports TLS wrappés (généralement utilisés sur le port 465).<br>\r\nUtilisez n'importe quel port non encapsulé et lancez STARTTLS. Une politique TLS pour appliquer TLS peut être créée dans \"Cartes de politique TLS\".",
+        "relayhost_wrapped_tls_info": "Veuillez <b>ne pas</b> utiliser des ports TLS wrappés (généralement utilisés sur le port 465).<br>\nUtilisez n'importe quel port non encapsulé et lancez STARTTLS. Une politique TLS pour appliquer TLS peut être créée dans « Cartes de politique TLS ».",
         "select": "Veuillez sélectionner…",
         "select_domain": "Sélectionner d'abord un domaine",
         "sieve_desc": "Description courte",
@@ -139,15 +139,15 @@
         "api_skip_ip_check": "Passer la vérification d'IP pour l'API",
         "app_links": "Liens des applications",
         "app_name": "Nom de l'application",
-        "apps_name": "\"mailcow Apps\" nom",
+        "apps_name": "Nom « mailcow Apps »",
         "arrival_time": "Heure d'arrivée (heure du serveur)",
         "authed_user": "Utilisateur autorisé",
         "ays": "Voulez-vous vraiment le faire ?",
-        "ban_list_info": "Consultez la liste des adresses IP bannies ci-dessous : <b>réseau (durée de bannissement restante) - [actions]</b>.<br />Les adresses IP mises en file d'attente pour être dé-bannies seront supprimées de la liste de bannissement dans quelques secondes.<br />Les étiquettes rouges indiquent les bannissement permanent par liste noire.",
+        "ban_list_info": "Consultez la liste des adresses IP bannies ci-dessous : <b>réseau (durée de bannissement restante) - [actions]</b>.<br />Les adresses IP mises en file d'attente pour être dé-bannies seront supprimées de la liste de bannissement dans quelques secondes.<br />Les étiquettes rouges indiquent les bannissements permanent par liste noire.",
         "change_logo": "Changer de logo",
         "configuration": "Configuration",
         "convert_html_to_text": "Convertir le code HTML en texte brut",
-        "credentials_transport_warning": "<b>Attention</b> : L’ajout d’une nouvelle entrée de carte de transport mettra à jour les informations d’identification pour toutes les entrées avec une colonne nexthop.",
+        "credentials_transport_warning": "<b>Attention</b> : L’ajout d’une nouvelle entrée de carte de transport mettra à jour les informations d’identification pour toutes les entrées avec une colonne nexthop.",
         "customer_id": "ID client",
         "customize": "Personnaliser",
         "destination": "Destination",
@@ -184,7 +184,7 @@
         "f2b_netban_ipv4": "Taille du sous-réseau IPv4 pour l'application du bannissement (8-32)",
         "f2b_netban_ipv6": "Taille du sous-réseau IPv6 pour l'application du bannissement (8-128)",
         "f2b_parameters": "Paramètres Fail2ban",
-        "f2b_regex_info": "Logs pris en compte : SOGo, Postfix, Dovecot, PHP-FPM.",
+        "f2b_regex_info": "Logs pris en compte : SOGo, Postfix, Dovecot, PHP-FPM.",
         "f2b_retry_window": "Fenêtre de nouvel essai pour le nb max. de tentatives",
         "f2b_whitelist": "Réseaux/hôtes en liste blanche",
         "filter_table": "Table de filtrage",
@@ -200,19 +200,19 @@
         "host": "Hôte",
         "html": "HTML",
         "import": "Importer",
-        "import_private_key": "Importer la clè privée",
+        "import_private_key": "Importer la clé privée",
         "in_use_by": "Utilisé par",
         "inactive": "Inactif",
         "include_exclude": "Inclure/Exclure",
         "include_exclude_info": "Par défaut - sans sélection - <b>toutes les boîte de réception</b> sont adressées",
         "includes": "Inclure ces destinataires",
         "last_applied": "Dernière application",
-        "license_info": "Une licence n’est pas requise, mais contribue au développement.<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL order\">Enregistrer votre GUID ici</a> ou <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Support order\">acheter le support pour votre installation Mailcow.</a>",
+        "license_info": "Une licence n’est pas requise, mais contribue au développement.<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL order\">Enregistrer votre GUID ici</a> ou <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Support order\">acheter le support pour votre installation mailcow.</a>",
         "link": "Lien",
         "loading": "Veuillez patienter…",
         "logo_info": "Votre image sera redimensionnée à une hauteur de 40 pixels pour la barre de navigation du haut et à un maximum de 250 pixels en largeur pour la page d'accueil. Un graphique extensible est fortement recommandé.",
         "lookup_mx": "Faire correspondre la destination à MX (<code>.*\\.google\\.com</code> pour acheminer tous les messages ciblés vers un MX se terminant par google.com sur ce tronçon)",
-        "main_name": "\"mailcow UI\" nom",
+        "main_name": "Nom « mailcow UI »",
         "merged_vars_hint": "Les lignes grisées ont été importées depuis <code>vars.(local.)inc.php</code> et ne peuvent pas être modifiées.",
         "message": "Message",
         "message_size": "Taille du message",
@@ -223,7 +223,7 @@
         "no_record": "Aucun enregistrement",
         "oauth2_client_id": "Client ID",
         "oauth2_client_secret": "Secret client",
-        "oauth2_info": "L'implémentation OAuth2 prend en charge le type d'autorisation \"Authorization Code\" et émet des jetons d'actualisation.<br>\nLe serveur émet également automatiquement de nouveaux jetons d'actualisation, après qu'un jeton d'actualisation a été utilisé.<br><br>\n→ La portée par défaut est <i>profile</i>. Seuls les utilisateurs d'une boîte de réception peuvent être authentifiés par rapport à OAuth2. Si le paramètre scope est omis, il revient au <i>profile</i>.<br>\n→ Le paramètre <i>state</i> doit être envoyé par le client dans le cadre de la demande d'autorisation.<br><br>\nChemins d'accès aux requêtes vers l'API OAuth <br>\n<ul>\n  <li>Point de terminaison d'autorisation : <code>/oauth/authorize</code></li>\n  <li>Point de terminaison du jeton : <code>/oauth/token</code></li>\n  <li>Page de ressource : <code>/oauth/profile</code></li>\n</ul>\nLa régénération du secret client ne fera pas expirer les codes d'autorisation existants, mais ils ne pourront pas renouveler leur jeton.<br><br>\nLa révocation des jetons clients entraînera la fin immédiate de toutes les sessions actives. Tous les clients doivent se ré-authentifier.",
+        "oauth2_info": "L'implémentation OAuth2 prend en charge le type d'autorisation « Authorization Code » et émet des jetons d'actualisation.<br>\nLe serveur émet également automatiquement de nouveaux jetons d'actualisation, après qu'un jeton d'actualisation a été utilisé.<br><br>\n→ La portée par défaut est <i>profile</i>. Seuls les utilisateurs d'une boîte de réception peuvent être authentifiés par rapport à OAuth2. Si le paramètre scope est omis, il revient au <i>profile</i>.<br>\n→ Le paramètre <i>state</i> doit être envoyé par le client dans le cadre de la demande d'autorisation.<br><br>\nChemins d'accès aux requêtes vers l'API OAuth <br>\n<ul>\n  <li>Point de terminaison d'autorisation : <code>/oauth/authorize</code></li>\n  <li>Point de terminaison du jeton : <code>/oauth/token</code></li>\n  <li>Page de ressource : <code>/oauth/profile</code></li>\n</ul>\nLa régénération du secret client ne fera pas expirer les codes d'autorisation existants, mais ils ne pourront pas renouveler leur jeton.<br><br>\nLa révocation des jetons clients entraînera la fin immédiate de toutes les sessions actives. Tous les clients doivent se ré-authentifier.",
         "oauth2_redirect_uri": "URI de redirection",
         "oauth2_renew_secret": "Générer un nouveau secret client",
         "oauth2_revoke_tokens": "Révoquer tous les jetons",
@@ -233,19 +233,19 @@
         "priority": "Priorité",
         "private_key": "Clé privée",
         "quarantine": "Quarantaine",
-        "quarantine_bcc": "Envoyer une copie de toutes les notifications (BCC) à ce destinataire:<br><small>Laisser vide pour le désactiver. <b>Courrier non signé et non coché. Doit être livré en l’interne seulement.</b></small>",
+        "quarantine_bcc": "Envoyer une copie de toutes les notifications (BCC) à ce destinataire :<br><small>Laisser vide pour le désactiver. <b>Courrier non signé et non coché. Doit être livré en interne seulement.</b></small>",
         "quarantine_exclude_domains": "Exclure les domaines et les alias de domaine",
         "quarantine_max_age": "Âge maximun en jour(s)<br><small>La valeur doit être égale ou supérieure à 1 jour.</small>",
-        "quarantine_max_size": "Taille maximum en Mo (les éléments plus grands sont mis au rebut):<br><small>0 ne signifie <b>pas</b> illimité.</small>",
-        "quarantine_max_score": "Ignorer la notification si le score de spam est au dessus de cette valeur :<br><small>Par défaut : 9999.0</small>",
+        "quarantine_max_size": "Taille maximum en Mo (les éléments plus grands sont mis au rebut) :<br><small>0 ne signifie <b>pas</b> illimité.</small>",
+        "quarantine_max_score": "Ignorer la notification si le score de spam est au dessus de cette valeur :<br><small>Par défaut : 9999.0</small>",
         "quarantine_notification_html": "Modèle de courriel de notification :<br><small>Laisser vide pour restaurer le modèle par défaut.</small>",
         "quarantine_notification_sender": "Notification par courriel de l’expéditeur",
         "quarantine_notification_subject": "Objet du courriel de notification",
-        "quarantine_redirect": "<b>Rediriger toutes les notifications</b> vers ce destinataire:<br><small>Laisser vide pour désactiver. <b>Courrier non signé et non coché. Doit être livré en interne seulement.</b></small>",
+        "quarantine_redirect": "<b>Rediriger toutes les notifications</b> vers ce destinataire :<br><small>Laisser vide pour désactiver. <b>Courrier non signé et non coché. Doit être livré en interne seulement.</b></small>",
         "quarantine_release_format": "Format des éléments diffusés",
         "quarantine_release_format_att": "En pièce jointe",
         "quarantine_release_format_raw": "Original non modifié",
-        "quarantine_retention_size": "Rétentions par boîte de réception:<br><small>0 indique <b>inactive</b>.</small>",
+        "quarantine_retention_size": "Rétentions par boîte de réception :<br><small>0 indique <b>inactive</b>.</small>",
         "quota_notification_html": "Modèle de courriel de notification :<br><small>Laisser vide pour restaurer le modèle par défaut.</small>",
         "quota_notification_sender": "Notification par courriel de l’expéditeur",
         "quota_notification_subject": "Objet du courriel de notification",
@@ -263,7 +263,7 @@
         "relay_from": "\"De:\" adresse",
         "relay_run": "Lancer le test",
         "relayhosts": "Transports dépendant de l’expéditeur",
-        "relayhosts_hint": "Définir les transports dépendant de l’expéditeur pour pouvoir les sélectionner dans un dialogue de configuration de domaines.<br>\n  Le service de transport est toujours \"SMTP:\" et va donc essayer TLS lorsqu’il est proposé. Le TLS encapsulé (SMTPS) n’est pas pris en charge. Il est tenu compte de la définition de la politique TLS pour chaque utilisateur sortant.<br>\n  Affecte les domaines sélectionnés, y compris les domaines alias.",
+        "relayhosts_hint": "Définir les transports dépendant de l’expéditeur pour pouvoir les sélectionner dans un dialogue de configuration de domaines.<br>\n  Le service de transport est toujours « smtp: » et va donc essayer TLS lorsqu’il est proposé. Le TLS encapsulé (SMTPS) n’est pas pris en charge. Il est tenu compte de la définition de la politique TLS pour chaque utilisateur sortant.<br>\n  Affecte les domaines sélectionnés, y compris les domaines alias.",
         "remove": "Supprimer",
         "remove_row": "Supprimer la ligne",
         "reset_default": "Réinitialisation à la valeur par défaut",
@@ -274,7 +274,7 @@
         "rsetting_desc": "Description courte",
         "rsetting_no_selection": "Veuillez sélectionner une règle",
         "rsetting_none": "Pas de règles disponibles",
-        "rsettings_insert_preset": "Insérer un exemple de préréglage \"%s\"",
+        "rsettings_insert_preset": "Insérer un exemple de préréglage « %s »",
         "rsettings_preset_1": "Désactiver tout sauf DKIM et la limite d'envoi pour les utilisateurs authentifiés",
         "rsettings_preset_2": "Les postmasters veulent du spam",
         "rsettings_preset_3": "Autoriser uniquement des expéditeurs particuliers pour une boîte de réception (c.-à-d. utilisation comme boîte de réception interne seulement)",
@@ -297,11 +297,11 @@
         "text": "Texte",
         "time": "Heure",
         "title": "Titre",
-        "title_name": "\"mailcow UI\" titre du site web",
+        "title_name": "Titre du site web « mailcow UI »",
         "to_top": "Retour en haut",
         "transport_dest_format": "Syntaxe : example.org, .example.org, *, box@example.org (les valeurs multiples peuvent être séparées par des virgules)",
         "transport_maps": "Plans de transport",
-        "transports_hint": "→ Une entrée de carte de transport <b>annule</b> une carte de transport dépendante de l’expéditeur</b>.<br>\n→ Les transports basés sur le MX sont préférables.<br>\n→ Les paramètres de politique TLS sortants par utilisateur sont ignorés et ne peuvent être appliqués que par les entrées de carte de politique TLS.<br>\n→ Pour chaque transports défini, le servie de transports sera \"smtp:\", TLS sera essayé lorsque disponible. Le Wrapped TLS (SMTPS) n’est pas pris en charge.<br>\n→ Les adresses qui correspondent à\"/localhost$/\" seront toujours transportées via \"local:\", donc une destination \"*\" ne s'applique pas à ces adresses.<br>\n→ Pour déterminer les informations d'identification dans l'exemple suivant \"[host]:25\", Postfix va <b>toujours</b> faire une requête pour \"host\" avant de chercher \"[host]:25\". Ce comportement rend impossible l’utilisation \"host\" et \"[host]:25\" en même temps.",
+        "transports_hint": "→ Une entrée de carte de transport <b>annule</b> une carte de transport dépendante de l’expéditeur</b>.<br>\n→ Les transports basés sur le MX sont préférables.<br>\n→ Les paramètres de politique TLS sortants par utilisateur sont ignorés et ne peuvent être appliqués que par les entrées de carte de politique TLS.<br>\n→ Pour chaque transports défini, le servie de transports sera « smtp: », TLS sera essayé lorsque disponible. Le Wrapped TLS (SMTPS) n’est pas pris en charge.<br>\n→ Les adresses qui correspondent à « /localhost$/ » seront toujours transportées via « local: », donc une destination « * » ne s'applique pas à ces adresses.<br>\n→ Pour déterminer les informations d'identification dans l'exemple suivant « [host]:25 », Postfix va <b>toujours</b> faire une requête pour « host » avant de chercher « [host]:25 ». Ce comportement rend impossible l’utilisation de « host » et « [host]:25 » en même temps.",
         "ui_footer": "Pied de page (HTML autorisé)",
         "ui_header_announcement": "Annonces",
         "ui_header_announcement_active": "Définir l’annonce active",
@@ -352,7 +352,14 @@
         "password_reset_tmpl_html": "Modèle HTML",
         "password_reset_tmpl_text": "Modèle en texte",
         "restore_template": "Laisser vide pour restaurer le modèle par défaut.",
-        "admins_ldap": "Si aucune adresse de messagerie de récupération n'est fournie, cette fonction ne peut pas être utilisée."
+        "admins_ldap": "Administrateurs LDAP",
+        "options": "Options",
+        "ip_check_opt_in": "Utiliser le service tiers <strong>ipv4.mailcow.email</strong> et <strong>ipv6.mailcow.email</strong> pour résoudre les adresses IP externes.",
+        "queue_unban": "débannir",
+        "service": "Service",
+        "success": "Succès",
+        "cors_settings": "Paramètres CORS",
+        "login_time": "Horodatage de connexion"
     },
     "danger": {
         "access_denied": "Accès refusé ou données de formulaire non valides",
@@ -370,37 +377,37 @@
         "comment_too_long": "Le commentaire est trop long, 160 caractère max sont permis",
         "defquota_empty": "Le quota par défaut par boîte de réception doit pas être 0.",
         "description_invalid": "La description des ressources pour %s est non valide",
-        "dkim_domain_or_sel_exists": "Une clé DKIM pour \"%s\" existe et ne sera pas écrasée",
-        "dkim_domain_or_sel_invalid": "Domaine ou sélection DKIM non valide : %s",
+        "dkim_domain_or_sel_exists": "Une clé DKIM pour « %s » existe et ne sera pas écrasée",
+        "dkim_domain_or_sel_invalid": "Domaine ou sélecteur DKIM non valide : %s",
         "domain_cannot_match_hostname": "Le domaine ne correspond pas au nom d’hôte",
         "domain_exists": "Le domaine %s exite déjà",
         "domain_invalid": "Le nom de domaine est vide ou non valide",
         "domain_not_empty": "Impossible de supprimer le domaine non vide %s",
         "domain_not_found": "Le domaine %s est introuvable",
         "domain_quota_m_in_use": "Le quota de domaine doit être supérieur ou égal à %s Mo",
-        "extra_acl_invalid": "L'adresse de l’expéditeur externe \"%s\" est non valide",
-        "extra_acl_invalid_domain": "L'expéditeur externe \"%s\" utilise un domaine non valide",
+        "extra_acl_invalid": "L'adresse de l’expéditeur externe « %s » est non valide",
+        "extra_acl_invalid_domain": "L'expéditeur externe « %s » utilise un domaine non valide",
         "file_open_error": "Le fichier ne peut pas être ouvert pour l'écriture",
         "filter_type": "Type de fltre erroné",
         "from_invalid": "Expéditeur ne peut pas être vide",
-        "global_filter_write_error": "Impossible d’écrire le fichier de filtre : %s",
+        "global_filter_write_error": "Impossible d’écrire le fichier de filtre : %s",
         "global_map_invalid": "ID de carte globale %s non valide",
-        "global_map_write_error": "Impossible d’écrire l’ID de la carte globale %s : %s",
+        "global_map_write_error": "Impossible d’écrire l’ID de la carte globale %s : %s",
         "goto_empty": "Une adresse alias doit contenir au moins une adresse 'goto'valide",
         "goto_invalid": "Adresse Goto %s non valide",
-        "ham_learn_error": "Erreur d'apprentissage Ham : %s",
-        "imagick_exception": "Erreur : Exception Imagick lors de la lecture de l’image",
+        "ham_learn_error": "Erreur d'apprentissage Ham : %s",
+        "imagick_exception": "Erreur : Exception Imagick lors de la lecture de l’image",
         "img_invalid": "Impossible de valider le fichier image",
-        "img_tmp_missing": "Impossible de valider le fichier image : Fichier temporaire introuvable",
+        "img_tmp_missing": "Impossible de valider le fichier image : Fichier temporaire introuvable",
         "invalid_bcc_map_type": "Type de carte BCC non valide",
-        "invalid_destination": "Le format de la destination \"%s\" est non valide",
+        "invalid_destination": "Le format de la destination « %s » est non valide",
         "invalid_filter_type": "Type de filtre non valide",
-        "invalid_host": "Hôte non valide spécifié : %s",
+        "invalid_host": "Hôte non valide spécifié : %s",
         "invalid_mime_type": "Type mime non valide",
         "invalid_nexthop": "Le format de saut suivant est non valide",
         "invalid_nexthop_authenticated": "Next hop existe avec différents identifiants, veuillez d’abord mettre à jour les identifiants existants pour ce prochain saut.",
-        "invalid_recipient_map_new": "Nouveau destinataire spécifié non valide : %s",
-        "invalid_recipient_map_old": "Destinataire original spécifié non valide : %s",
+        "invalid_recipient_map_new": "Nouveau destinataire spécifié non valide : %s",
+        "invalid_recipient_map_old": "Destinataire original spécifié non valide : %s",
         "ip_list_empty": "La liste des adresses IP autorisées ne peut pas être vide",
         "is_alias": "%s est déjà connu comme une adresse alias",
         "is_alias_or_mailbox": "%s est déjà connu comme un alias, une boîte de réception ou une adresse alias développée à partir d’un domaine alias.",
@@ -411,7 +418,7 @@
         "mailbox_invalid": "Le nom de la boîte de réception n'est pas valide",
         "mailbox_quota_exceeded": "Le quota dépasse la limite du domaine (max. %d Mo)",
         "mailbox_quota_exceeds_domain_quota": "Le quota maximal dépasse la limite du quota de domaine",
-        "mailbox_quota_left_exceeded": "Espace libre insuffisant (espace libre : %d Mio)",
+        "mailbox_quota_left_exceeded": "Espace libre insuffisant (espace libre : %d Mio)",
         "mailboxes_in_use": "Le max. des boîtes de réception doit être supérieur ou égal à %d",
         "malformed_username": "Nom d’utilisateur malformé",
         "map_content_empty": "Le contenu de la carte ne peut pas être vide",
@@ -419,9 +426,9 @@
         "max_mailbox_exceeded": "Le nombre max. de boîte de réception est dépassé (%d of %d)",
         "max_quota_in_use": "Le quota de la boîte de réception doit être supérieur ou égal à %d Mo",
         "maxquota_empty": "Le quota maximum par boîte de réception ne doit pas être de 0.",
-        "mysql_error": "Erreur MySQL : %s",
-        "nginx_reload_failed": "Le rechargement de Nginx a échoué : %s",
-        "network_host_invalid": "Réseau ou hôte non valide : %s",
+        "mysql_error": "Erreur MySQL : %s",
+        "nginx_reload_failed": "Le rechargement de Nginx a échoué : %s",
+        "network_host_invalid": "Réseau ou hôte non valide : %s",
         "next_hop_interferes": "%s interfère avec le nexthop %s",
         "next_hop_interferes_any": "Un saut suivant existant interfère avec %s",
         "no_user_defined": "Aucun utilisateur défini",
@@ -432,15 +439,15 @@
         "password_mismatch": "Le mot de passe de confirmation ne correspond pas",
         "policy_list_from_exists": "Un enregistrement avec ce nom existe déjà",
         "policy_list_from_invalid": "Le format de l’enregistrement est invalide",
-        "private_key_error": "Erreur de clé privée : %s",
+        "private_key_error": "Erreur de clé privée : %s",
         "pushover_credentials_missing": "Jeton Pushover ou clé manquante",
         "pushover_key": "La clé Pushover a un mauvais format",
         "pushover_token": "Le jeton Pushover a un mauvais format",
         "quota_not_0_not_numeric": "Le quota doit être numerique et >= 0",
-        "recipient_map_entry_exists": "Une entrée dans la carte du bénéficiaire \"%s\" existe",
-        "redis_error": "Erreur Redis : %s",
+        "recipient_map_entry_exists": "Une entrée dans la carte du destinataire « %s » existe",
+        "redis_error": "Erreur Redis : %s",
         "relayhost_invalid": "La saisie de la carte %s est invalide",
-        "release_send_failed": "Le message n’a pas pu être diffusé : %s",
+        "release_send_failed": "Le message n’a pas pu être diffusé : %s",
         "reset_f2b_regex": "Le filtre regex n'a pas pu être réinitialisé à temps, veuillez réessayer ou attendre quelques secondes de plus et recharger le site web.",
         "resource_invalid": "Le nom de la resource %s n'est pas valide",
         "rl_timeframe": "Le délai de la limite d'envoi est incorrect",
@@ -449,8 +456,8 @@
         "sender_acl_invalid": "La valeur ACL de l’expéditeur %s est invalide",
         "set_acl_failed": "Impossible de définir l'ACL",
         "settings_map_invalid": "La carte des paramètres %s est invalide",
-        "sieve_error": "Erreur d'analyse syntaxique Sieve : %s",
-        "spam_learn_error": "Erreur d'apprentissage du spam : %s",
+        "sieve_error": "Erreur d'analyse syntaxique Sieve : %s",
+        "spam_learn_error": "Erreur d'apprentissage du spam : %s",
         "subject_empty": "Le sujet ne peut pas être vide",
         "target_domain_invalid": "Le domaine cible %s n'est pas valide",
         "targetd_not_found": "Le domaine cible %s est introuvable",
@@ -459,19 +466,19 @@
         "text_empty": "La zone texte ne peut pas être vide",
         "tfa_token_invalid": "Le token TFA est invalide",
         "tls_policy_map_dest_invalid": "La politique de destination n'est pas valide",
-        "tls_policy_map_entry_exists": "Une entrée de carte de politique \"%s\" existe",
+        "tls_policy_map_entry_exists": "Une entrée de carte de politique « %s » existe",
         "tls_policy_map_parameter_invalid": "Le paramètre Policy est invalide",
         "totp_verification_failed": "Echec de la vérification TOTP",
-        "transport_dest_exists": "La destination de transport \"%s\" existe",
-        "webauthn_verification_failed": "Échec de la vérification WebAuthn : %s",
-        "fido2_verification_failed": "La vérification FIDO2 a échoué : %s",
+        "transport_dest_exists": "La destination de transport « %s » existe",
+        "webauthn_verification_failed": "Échec de la vérification WebAuthn : %s",
+        "fido2_verification_failed": "La vérification FIDO2 a échoué : %s",
         "unknown": "Une erreur inconnue est survenue",
         "unknown_tfa_method": "Methode TFA inconnue",
         "unlimited_quota_acl": "Quota illimité interdit par les ACL",
         "username_invalid": "Le nom d'utilisateur %s ne peut pas être utilisé",
         "validity_missing": "Veuillez attribuer une période de validité",
         "value_missing": "Veuillez fournir toutes les valeurs",
-        "yotp_verification_failed": "La vérification Yubico OTP a échoué : %s",
+        "yotp_verification_failed": "La vérification Yubico OTP a échoué : %s",
         "webauthn_authenticator_failed": "L'authentificateur sélectionné est introuvable",
         "demo_mode_enabled": "Le mode de démonstration est activé",
         "template_exists": "Le modèle %s existe déjà",
@@ -479,7 +486,7 @@
         "template_name_invalid": "Le nom du modèle est invalide",
         "img_dimensions_exceeded": "L'image dépasse les dimensions maximales",
         "img_size_exceeded": "L'image dépasse la taille maximale de fichier",
-        "webauthn_publickey_failed": "Aucune clé publique n'a été stockée pour l'authentificateur sélectionné.",
+        "webauthn_publickey_failed": "Aucune clé publique n'a été stockée pour l'authentificateur sélectionné",
         "cors_invalid_method": "Allow-Method specifiée invalide",
         "cors_invalid_origin": "Allow-Origin spécifiée invalide",
         "extended_sender_acl_denied": "ACL manquante pour définir les adresses des expéditeurs externes",
@@ -495,7 +502,7 @@
         "chart_this_server": "Graphique (ce serveur)",
         "containers_info": "Informations des conteneurs",
         "disk_usage": "Utilisation du disque",
-        "external_logs": "Logs externe",
+        "external_logs": "Logs externes",
         "history_all_servers": "Historique (tous les serveurs)",
         "in_memory_logs": "Logs En-mémoire",
         "log_info": "<p>Les logs <b>En-mémoire</b> Mailcow sont collectés dans des listes Redis et découpées en LOG_LINES (%d) chaque minute pour réduire la charge.\n  <br>Les logs En-mémoire ne sont pas destinés à être persistants. Toutes les applications qui se connectent en mémoire, se connectent également au démon Docker, et donc au pilote de journalisation par défaut.\n  <br>Le type de journal en mémoire doit être utilisé pour déboguer les problèmes mineurs avec les conteneurs.</p>\n  <p><b>Les logs externes</b> sont collectés via l'API de l'application concernée.</p>\n  <p>Les journaux <b>statiques</b> sont principalement des journaux d’activité, qui ne sont pas enregistrés dans Dockerd, mais qui doivent toujours être persistants (sauf pour les logs API).</p>",
@@ -517,7 +524,17 @@
         "cores": "Cœurs",
         "current_time": "Heure du système",
         "container_disabled": "Conteneur arrêté ou désactivé",
-        "error_show_ip": "Impossible de résoudre les adresses IP publiques"
+        "error_show_ip": "Impossible de résoudre les adresses IP publiques",
+        "no_update_available": "Le système utilise la version la plus récente",
+        "container_running": "En cours d'exécution",
+        "container_stopped": "Arrêté",
+        "memory": "Mémoire",
+        "login_time": "Horodatage",
+        "service": "Service",
+        "success": "Succès",
+        "update_available": "Une mise à jour est disponible",
+        "update_failed": "Impossible de vérifier la présence d'une mise à jour",
+        "show_ip": "Afficher l'IP publique"
     },
     "diagnostics": {
         "cname_from_a": "Valeur dérivée de l’enregistrement A/AAAA. Ceci est supporté tant que l’enregistrement indique la bonne ressource.",
@@ -539,7 +556,7 @@
         "allowed_protocols": "Protocoles autorisés",
         "app_name": "Nom de l'application",
         "app_passwd": "Mot de passe de l'application",
-        "automap": "Essayer d’automatiser les dossiers (\"Sent items\", \"Sent\" => \"Sent\" etc.)",
+        "automap": "Tenter de cibler automatiquement les dossiers (« Sent items », « Sent » => « Sent » etc.)",
         "backup_mx_options": "Options Backup MX",
         "bcc_dest_format": "La destination BCC doit être une seule adresse de courriel valide.",
         "client_id": "ID client",
@@ -579,7 +596,7 @@
         "max_quota": "Quota max. par boîte de réception (Mo)",
         "maxage": "Âge maximal en jours des messages qui seront consultés à distance<br><small>(0 = ignorer la durée)</small>",
         "maxbytespersecond": "Octets max. par seconde <br><small>(0 = pas de limite)</small>",
-        "mbox_rl_info": "Cette limite d'envoi est appliquée au nom de connexion SASL, elle correspond à toute adresse \"from\" utilisée par l’utilisateur connecté. Une limite d'envoi pour les boîtes de réception remplace une limite d'envoi pour l’ensemble du domaine.",
+        "mbox_rl_info": "Cette limite d'envoi est appliquée au nom de connexion SASL, elle correspond à toute adresse « from » utilisée par l’utilisateur connecté. Une limite d'envoi pour les boîtes de réception remplace une limite d'envoi pour l’ensemble du domaine.",
         "mins_interval": "Intervalle (min)",
         "multiple_bookings": "Réservations multiples",
         "nexthop": "Saut suivant",
@@ -601,7 +618,7 @@
         "ratelimit": "Limite d'envoi",
         "redirect_uri": "URL de redirection/callback",
         "relay_all": "Relayer tous les destinataires",
-        "relay_all_info": "↪ Si vous <b>ne choisissez pas</b> de relayer tous les destinataires, vous devrez ajouter une boîte de réception (\"aveugle\") pour chaque destinataire qui devrait être relayé.",
+        "relay_all_info": "↪ Si vous <b>ne choisissez pas</b> de relayer tous les destinataires, vous devrez ajouter une boîte de réception (« aveugle ») pour chaque destinataire qui devrait être relayé.",
         "relay_domain": "Relayer ce domaine",
         "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Info</div> Vous pouvez définir des cartes de transport vers une destination personnalisée pour ce domaine. Si elle n’est pas configurée, une recherche MX sera effectuée.",
         "relay_unknown_only": "Relais des boîtes de réception non existantes seulement. Les boîtes de réception existantes seront livrées localement.",
@@ -612,7 +629,7 @@
         "scope": "Portée",
         "sender_acl": "Permettre d’envoyer comme",
         "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">Le contrôle de l’expéditeur est désactivé</span>",
-        "sender_acl_info": "Si l’utilisateur de la boîte de réception A est autorisé à envoyer en tant qu’utilisateur de la boîte de réception B, l’adresse de l’expéditeur n’est pas automatiquement affichée comme sélectionnable du champ \"de\" dans SOGo.<br>\n  L’utilisateur B de la boîte de réception doit créer une délégation dans Sogo pour permettre à l’utilisateur A de la boîte de réception de sélectionner son adresse comme expéditeur. Pour déléguer une boîte de réception dans Sogo, utilisez le menu (trois points) à droite du nom de votre boîte dans le coin supérieur gauche dans la vue de courrier. Ce comportement ne s’applique pas aux adresses alias.",
+        "sender_acl_info": "Si l’utilisateur de la boîte de réception A est autorisé à envoyer en tant qu’utilisateur de la boîte de réception B, l’adresse de l’expéditeur n’est pas automatiquement affichée comme sélectionnable du champ « de » dans SOGo.<br>\n  L’utilisateur B de la boîte de réception doit créer une délégation dans SOGo pour permettre à l’utilisateur A de la boîte de réception de sélectionner son adresse comme expéditeur. Pour déléguer une boîte de réception dans SOGo, utilisez le menu (trois points) à droite du nom de votre boîte dans le coin supérieur gauche dans la vue de courrier. Ce comportement ne s’applique pas aux adresses alias.",
         "sieve_desc": "Description courte",
         "sieve_type": "Type de filtre",
         "skipcrossduplicates": "Ignorer les messages en double dans les dossiers (premier arrivé, premier servi)",
@@ -640,15 +657,15 @@
         "domain_footer_info_vars": {
             "from_addr": "{= from_addr =} - Partie de l'enveloppe relative à l'adresse de provenance",
             "from_domain": "{= from_domain =} - Partie de l'enveloppe provenant du domaine",
-            "custom": "{= foo =} - Si la boîte de réception possède l'attribut personnalisé \"foo\" avec la valeur \"bar\", elle renvoie \"bar\"",
+            "custom": "{= foo =} - Si la boîte de réception possède l'attribut personnalisé « foo » avec la valeur « bar », elle renvoie « bar »",
             "auth_user": "{= auth_user =}    - Nom d'utilisateur authentifié spécifié par un MTA",
-            "from_user": "{= from_user =}   -La partie utilisateur de l'enveloppe, par exemple, pour \"moo@mailcow.tld\", renvoie \"moo\"",
-            "from_name": "{= from_name =} - À partir du nom de l'enveloppe, par exemple, pour \"Mailcow &lt;moo@mailcow.tld&gt ;\" on obtient \"Mailcow\""
+            "from_user": "{= from_user =}   -La partie utilisateur de l'enveloppe, par exemple, pour « moo@mailcow.tld », renvoie « moo »",
+            "from_name": "{= from_name =} - À partir du nom de l'enveloppe, par exemple, pour « Mailcow &lt;moo@mailcow.tld&gt ; » on obtient « Mailcow »"
         },
         "domain_footer_skip_replies": "Ignorer le pied de page des courriels de réponse",
         "domain_footer": "Pied de page du domaine",
         "domain_footer_html": "Pied de page HTML",
-        "domain_footer_info": "Les pieds de page du domaine sont ajoutés à tous les courriels sortants associés à une adresse au sein de ce domaine. <br> Les variables suivantes peuvent être utilisées pour le pied de page :",
+        "domain_footer_info": "Les pieds de page du domaine sont ajoutés à tous les courriels sortants associés à une adresse au sein de ce domaine. <br> Les variables suivantes peuvent être utilisées pour le pied de page :",
         "domain_footer_plain": "Pied de page",
         "app_passwd_protocols": "Protocoles autorisés pour le mot de passe d'application",
         "created_on": "Créé le",
@@ -663,7 +680,9 @@
         "mailbox_rename_agree": "J'ai fait une sauvegarde.",
         "mailbox_rename_warning": "IMPORTANT ! Faites une sauvegarde avant de renommer la boîte de réception.",
         "mailbox_rename_alias": "Créer un alias automatiquement",
-        "sogo_access": "Autoriser la connexion directe à SOGo"
+        "sogo_access": "Autoriser la connexion directe à SOGo",
+        "pushover": "Pushover",
+        "pushover_sound": "Son"
     },
     "footer": {
         "cancel": "Annuler",
@@ -677,7 +696,8 @@
         "restart_container_info": "<b>Important :</b> Un redémarrage en douceur peut prendre un certain temps, veuillez attendre qu’il soit terminé.",
         "restart_now": "Redémarrer maintenant",
         "restarting_container": "Redémarrage du conteneur, cela peut prendre un certain temps",
-        "nothing_selected": "Rien n'est sélectionné"
+        "nothing_selected": "Rien n'est sélectionné",
+        "hibp_check": "Vérifier avec haveibeenpwned.com"
     },
     "header": {
         "administration": "Configuration & détails",
@@ -688,7 +708,8 @@
         "quarantine": "Quarantaine",
         "restart_netfilter": "Redémarrer Netfilter",
         "restart_sogo": "Redémarrer SOGo",
-        "user_settings": "Paramètres utilisateur"
+        "user_settings": "Paramètres utilisateur",
+        "mailcow_system": "Système"
     },
     "info": {
         "awaiting_tfa_confirmation": "En attente de la confirmation de TFA",
@@ -779,7 +800,7 @@
         "hourly": "Toutes les heures",
         "in_use": "Utilisé (%)",
         "inactive": "Inactif",
-        "insert_preset": "Insérer un exemple de préréglage \"%s\"",
+        "insert_preset": "Insérer un exemple de préréglage « %s »",
         "kind": "Type",
         "last_mail_login": "Dernière connexion mail",
         "last_modified": "Dernière modification",
@@ -831,7 +852,7 @@
         "sieve_preset_5": "Répondeur auto (vacances)",
         "sieve_preset_6": "Rejeter le courrier avec réponse",
         "sieve_preset_7": "Rediriger et garder/déposer",
-        "sieve_preset_8": "Rediriger les courriels d'un expéditeur spécifique, les marquer comme lus et les classer dans des sous-dossiers.",
+        "sieve_preset_8": "Rediriger les courriels d'un expéditeur spécifique, les marquer comme lus et les classer dans des sous-dossiers",
         "sieve_preset_header": "Voir les exemples de préréglages ci-dessous. Pour plus de détails, voir <a href=\"https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)\" target=\"_blank\">Wikipédia</a>.",
         "sogo_visible": "Alias visible dans SOGo",
         "sogo_visible_n": "Masquer alias dans SOGo",
@@ -871,7 +892,20 @@
         "all_domains": "Tous les domaines",
         "syncjob_EXIT_OVERQUOTA": "Quota dépassé de la boîte de réception cible",
         "domain_templates": "Modèles de domaine",
-        "syncjob_last_run_result": "Résultat de la dernière exécution"
+        "syncjob_last_run_result": "Résultat de la dernière exécution",
+        "sender": "Expéditeur",
+        "add_template": "Ajouter un modèle",
+        "syncjob_EX_OK": "Succès",
+        "syncjob_EXIT_CONNECTION_FAILURE": "Problème de connexion",
+        "syncjob_EXIT_TLS_FAILURE": "Problème avec le chiffrement de la connexion",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Problème d'authentification",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Impossible de se connecter au serveur distant",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Utilisateur ou mot de passe erroné",
+        "templates": "Modèles",
+        "template": "Modèle",
+        "syncjob_check_log": "Vérifier le journal",
+        "recipient": "Destinataire",
+        "open_logs": "Afficher les journaux"
     },
     "oauth2": {
         "access_denied": "Veuillez vous connecter en tant que propriétaire de la boîte de réception pour accorder l’accès via Oauth2.",
@@ -889,9 +923,9 @@
         "confirm": "Confirmer",
         "confirm_delete": "Confirmer la suppression de cet élément.",
         "danger": "Danger",
-        "deliver_inbox": "Envoyer dans la boîte de reception",
-        "disabled_by_config": "La configuration actuelle du système désactive la fonctionnalité de quarantaine. Veuillez définir « retentions par boîte » et une « taille maximale » pour les éléments en quarantaine.",
-        "settings_info": "Quantité maximale d'éléments à mettre en quarantaine : %s<br>Taille maximale des courriels : %s MiB",
+        "deliver_inbox": "Envoyer dans la boîte de réception",
+        "disabled_by_config": "La configuration actuelle du système désactive la fonctionnalité de quarantaine. Veuillez définir « retentions par boîte » et une « taille maximale » pour les éléments en quarantaine.",
+        "settings_info": "Quantité maximale d'éléments à mettre en quarantaine : %s<br>Taille maximale des courriels : %s Mio",
         "download_eml": "Télécharger (.eml)",
         "empty": "Pas de résultat",
         "high_danger": "Haut",
@@ -904,7 +938,7 @@
         "notified": "Notifié",
         "qhandler_success": "Demande envoyée avec succès au système. Vous pouvez maintenant fermer la fenêtre.",
         "qid": "Rspamd QID",
-        "qinfo": "Le système de quarantaine enregistrera le courrier rejeté dans la base de données (l'expéditeur n'aura <em> pas </em> l'impression d'un courrier remis) ainsi que le courrier, remis sous forme de copie dans le dossier indésirable d'une boîte de réception.\n  <br>« Apprendre comme spam et supprimer » apprendra un message comme spam via le théorème Bayésien calculera également des hachages flous pour refuser des messages similaires à l'avenir.\n  <br>Veuillez noter que l'apprentissage de plusieurs messages peut prendre du temps, selon votre système. <br> Les éléments figurant sur la liste noire sont exclus de la quarantaine.",
+        "qinfo": "Le système de quarantaine enregistrera le courrier rejeté dans la base de données (l'expéditeur n'aura <em>pas</em> l'impression d'un courrier remis) ainsi que le courrier, remis sous forme de copie dans le dossier indésirable d'une boîte de réception.\n  <br>« Apprendre comme spam et supprimer » apprendra un message comme spam via le théorème Bayésien et calculera également des hachages flous pour refuser des messages similaires à l'avenir.\n  <br>Veuillez noter que l'apprentissage de plusieurs messages peut prendre du temps, selon votre système.<br>Les éléments figurant sur la liste noire sont exclus de la quarantaine.",
         "qitem": "Élément de quarantaine",
         "quarantine": "Quarantaine",
         "quick_actions": "Actions",
@@ -920,7 +954,7 @@
         "rewrite_subject": "Réécrire le sujet",
         "rspamd_result": "Résultat Rspamd",
         "sender": "Expéditeur (SMTP)",
-        "sender_header": "Expéditeur (\"From\" header)",
+        "sender_header": "Expéditeur (« From » header)",
         "type": "Type",
         "quick_release_link": "Ouvrir le lien de dégagement rapide",
         "quick_delete_link": "Ouvrir le lien de suppression rapide",
@@ -938,14 +972,18 @@
     "queue": {
         "queue_manager": "Gestion de la file d'attente",
         "hold_mail": "Garder",
-        "legend": "Fonctions d'action de la file d'attente du courrier :",
+        "legend": "Fonctions d'action de la file d'attente du courrier :",
         "info": "La file d'attente contient tous les courriels en attente de livraison. Si un courriel reste longtemps dans la file d'attente, il est automatiquement supprimé par le système.<br>Le message d'erreur du courriel concerné indique pourquoi le courriel n'a pas pu être distribué.",
         "deliver_mail_legend": "Tentatives de réexpédition des courriers sélectionnés.",
         "hold_mail_legend": "Met en attente les courriers sélectionnés. (Empêche les tentatives de distribution ultérieures)",
         "unban": "file d'attente d'unban",
         "unhold_mail": "Libérer",
         "unhold_mail_legend": "Libère les courriers sélectionnés pour la distribution. (Nécessite une mise en attente préalable)",
-        "show_message": "Afficher le message"
+        "show_message": "Afficher le message",
+        "delete": "Tout supprimer",
+        "flush": "Vider la file d'attente",
+        "ays": "Veuillez confirmer que vous souhaitez supprimer tous les éléments de la file d'attente actuelle.",
+        "deliver_mail": "Délivrer"
     },
     "start": {
         "help": "Afficher/masquer le panneau d’aide",
@@ -973,9 +1011,9 @@
         "bcc_saved": "Saisie de carte BCC enregistrée",
         "db_init_complete": "Initialisation de la base de données terminée",
         "delete_filter": "ID des filtres supprimés %s",
-        "delete_filters": "Filtres supprimés : %s",
-        "deleted_syncjob": "ID de la tâche de synchronisation supprimée : %s",
-        "deleted_syncjobs": "Tâche de synchronisation supprimée : %s",
+        "delete_filters": "Filtres supprimés : %s",
+        "deleted_syncjob": "ID de la tâche de synchronisation supprimée : %s",
+        "deleted_syncjobs": "Tâche de synchronisation supprimée : %s",
         "dkim_added": "La clé DKIM %s a été enregistrée",
         "dkim_duplicated": "La clé DKIM pour le domaine %s a été copiée vers %s",
         "dkim_removed": "La clé DKIM %s a été supprimée",
@@ -1008,7 +1046,7 @@
         "qlearn_spam": "Le message ID %s a été appris comme spam et supprimé",
         "queue_command_success": "Queue de commande terminée avec succès",
         "recipient_map_entry_deleted": "La carte du destinataire ID %s a été effacée",
-        "recipient_map_entry_saved": "L'entrée de la carte du bénéficiaire \"%s\" a été enregistrée",
+        "recipient_map_entry_saved": "L'entrée de la carte du destinataire « %s » a été enregistrée",
         "relayhost_added": "L'entrée de la carte %s a été ajoutée",
         "relayhost_removed": "L'entrée de la carte %s a été supprimée",
         "reset_main_logo": "Réinitialisation du logo par défaut",
@@ -1022,7 +1060,7 @@
         "settings_map_removed": "Suppression de la carte des paramètres ID %s",
         "sogo_profile_reset": "Le profil SOGo profile pour l'utilisateur %s est remis à zéro",
         "tls_policy_map_entry_deleted": "La carte de stratégie TLS ID %s a été supprimée",
-        "tls_policy_map_entry_saved": "La carte de stratégie TLS ID \"%s\" a été enregistrée",
+        "tls_policy_map_entry_saved": "La carte de stratégie TLS ID « %s » a été enregistrée",
         "ui_texts": "Enregistrement des modifications apportées aux textes de l’interface utilisateur",
         "upload_success": "Fichier téléchargé avec succès",
         "verified_totp_login": "Authentification TOTP vérifiée",
@@ -1038,7 +1076,9 @@
         "ip_check_opt_in_modified": "Le contrôle de l'IP a été enregistré avec succès",
         "password_changed_success": "Le mot de passe a été modifié avec succès",
         "recovery_email_sent": "Email de réinitialisation envoyé à %s",
-        "mailbox_renamed": "La boîte de réception a été renommée de %s à %s"
+        "mailbox_renamed": "La boîte de réception a été renommée de %s à %s",
+        "template_modified": "Les modifications au modèle %s ont été enregistrées",
+        "password_policy_saved": "La politique de mot de passe a été enregistrée avec succès"
     },
     "tfa": {
         "api_register": "%s utilise l'API Yubico Cloud. Veuillez obtenir une clé API pour votre clé <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">ici</a>",
@@ -1059,7 +1099,7 @@
         "start_webauthn_validation": "Début de la validation",
         "tfa": "Authentification à deux facteurs",
         "tfa_token_invalid": "Token TFA invalide",
-        "totp": "OTP (One Time Password = Mot de passe à usage unique : Google Authenticator, Authy, etc.)",
+        "totp": "OTP (One Time Password = Mot de passe à usage unique : Google Authenticator, Authy, etc.)",
         "webauthn": "Authentification WebAuthn",
         "waiting_usb_auth": "<i>En attente d’un périphérique USB…</i><br><br>S’il vous plaît appuyez maintenant sur le bouton de votre périphérique USB WebAuthn.",
         "waiting_usb_register": "<i>En attente d’un périphérique USB…</i><br><br>Veuillez entrer votre mot de passe ci-dessus et confirmer votre inscription WebAuthn en appuyant sur le bouton de votre périphérique USB WebAuthn.",
@@ -1098,7 +1138,7 @@
         "alias_valid_until": "Valide jusque",
         "aliases_also_send_as": "Aussi autorisé à envoyer en tant qu’utilisateur",
         "aliases_send_as_all": "Ne pas vérifier l’accès de l’expéditeur pour les domaines suivants et leurs alias",
-        "app_hint": "Les mots de passe d’application sont des mots de passe alternatifs pour votre connexion IMAP, SMTP, Caldav, Carddav et EAS. Le nom d’utilisateur reste inchangé.<br>SOGo n'est pas disponible au travers des mots de passe d'application.",
+        "app_hint": "Les mots de passe d’application sont des mots de passe alternatifs pour votre connexion IMAP, SMTP, CalDAV, CardDAV et EAS. Le nom d’utilisateur reste inchangé.<br>Le webmail SOGo n'est pas disponible au travers des mots de passe d'application.",
         "app_name": "Nom d'application",
         "app_passwds": "Mots de passe d'applications",
         "apple_connection_profile": "Profil de connexion Apple",
@@ -1114,7 +1154,7 @@
         "direct_aliases": "Adresses d'alias directes",
         "direct_aliases_desc": "Les adresses d’alias directes sont affectées par le filtre anti-spam et les paramètres de politique TLS.",
         "eas_reset": "Réinitialiser le cache de l’appareil ActiveSync",
-        "eas_reset_help": "Dans de nombreux cas, une réinitialisation du cache de l’appareil aidera à récupérer un profil ActiveSync cassé.<br><b>Attention :</b> Tous les éléments seront de nouveau téléchargés !",
+        "eas_reset_help": "Dans de nombreux cas, une réinitialisation du cache de l’appareil aidera à récupérer un profil ActiveSync cassé.<br><b>Attention :</b> Tous les éléments seront de nouveau téléchargés !",
         "eas_reset_now": "Réinitialiser maintenant",
         "edit": "Éditer",
         "email": "Courriel",
@@ -1147,7 +1187,7 @@
         "pushover_evaluate_x_prio": "Acheminement du courrier hautement prioritaire [<code>X-Priority: 1</code>]",
         "pushover_info": "Les paramètres de notification push s’appliqueront à tout le courrier propre (non spam) livré à <b>%s</b> y compris les alias (partagés, non partagés, étiquetés).",
         "pushover_only_x_prio": "Ne tenir compte que du courrier hautement prioritaire [<code>X-Priority: 1</code>]",
-        "pushover_sender_array": "Tenir compte des adresses de courriel suivantes de l’expéditeur : <small>(comma-separated)</small>",
+        "pushover_sender_array": "Tenir compte des adresses de courriel de l’expéditeur suivantes : <small>(séparées par des virgules)</small>",
         "pushover_sender_regex": "Apparier les expéditeurs par le regex suivant",
         "pushover_text": "Texte de notification",
         "pushover_title": "Titre de la notification",
@@ -1158,8 +1198,8 @@
         "q_reject": "Rejeté",
         "quarantine_notification": "Avis de quarantaine",
         "quarantine_category": "Catégorie de la notification de quarantaine",
-        "quarantine_notification_info": "Une fois qu’un avis a été envoyé, les articles seront marqués comme « notifiés » et aucune autre notification ne sera envoyée pour ce point particulier.",
-        "quarantine_category_info": "La catégorie de notification « Rejeté » inclut le courrier rejeté, tandis que « Dossier indésirable » informera un utilisateur des courriels placés dans le dossier indésirable.",
+        "quarantine_notification_info": "Une fois qu’un avis a été envoyé, les articles seront marqués comme « notifiés » et aucune autre notification ne sera envoyée pour ce point particulier.",
+        "quarantine_category_info": "La catégorie de notification « Rejeté » inclut le courrier rejeté, tandis que « Dossier indésirable » informera un utilisateur des courriels placés dans le dossier indésirable.",
         "remove": "Enlever",
         "running": "En fonctionnement",
         "save": "Enregistrer les changements",
@@ -1176,11 +1216,11 @@
         "spamfilter": "Filtre de spam",
         "spamfilter_behavior": "Note",
         "spamfilter_bl": "Liste noire (BlackList)",
-        "spamfilter_bl_desc": "Les adresses de courriel sur liste noire qui doivent <b>toujours</b> être classées comme des pourriels et rejetées. Les messages rejetés <b>ne seront pas<b> copiés dans la quarantaine. Des caractères génériques peuvent être utilisés. Un filtre n’est appliqué qu’aux alias directs (alias avec une seule boîte de réception cible), à l’exclusion des alias attrape-tout et d’une boîte de réception elle-même.",
+        "spamfilter_bl_desc": "Les adresses de courriel sur liste noire qui doivent <b>toujours</b> être classées comme des pourriels et rejetées. Les messages rejetés ne seront <b>pas</b> copiés dans la quarantaine. Des caractères génériques peuvent être utilisés. Un filtre n’est appliqué qu’aux alias directs (alias avec une seule boîte de réception cible), à l’exclusion des alias attrape-tout et d’une boîte de réception elle-même.",
         "spamfilter_default_score": "Valeurs par défaut",
-        "spamfilter_green": "Vert : ce message n'est pas un spam",
-        "spamfilter_hint": "La première valeur indique un « faible score de spam », la seconde représente un « haut score de spam ».",
-        "spamfilter_red": "Rouge : Ce message est un spam et sera rejeté par le serveur",
+        "spamfilter_green": "Vert : ce message n'est pas un spam",
+        "spamfilter_hint": "La première valeur indique un « faible score de spam », la seconde représente un « haut score de spam ».",
+        "spamfilter_red": "Rouge : Ce message est un spam et sera rejeté par le serveur",
         "spamfilter_table_action": "Action",
         "spamfilter_table_add": "Ajouter un élément",
         "spamfilter_table_domain_policy": "n/a (politique de domaine)",
@@ -1189,12 +1229,12 @@
         "spamfilter_table_rule": "Règle",
         "spamfilter_wl": "Liste blanche (WhiteList)",
         "spamfilter_wl_desc": "La liste blanche est programmée pour <b> ne jamais</b> classer comme spam les adresses de courriel qu'elle contient. Des caractères génériques peuvent être utilisés. Un filtre n’est appliqué qu’aux alias directs (alias avec une seule boîte de réception cible), à l’exclusion des alias attrape-tout et d’une boîte de réception.",
-        "spamfilter_yellow": "Jaune : ce message est peut être un spam, il sera étiqueté comme spam et déplacé vers votre dossier Pourriel",
+        "spamfilter_yellow": "Jaune : ce message est peut-être un spam, il sera étiqueté comme spam et déplacé vers votre dossier Pourriel",
         "status": "Statut",
         "sync_jobs": "Tâches de synchronisation",
         "tag_handling": "Régler la manipulation du courrier étiqueté",
-        "tag_help_example": "Exemple pour une adresse de courriel étiquetée : me<b>+Facebook</b>@example.org",
-        "tag_help_explain": "Dans un sous-dossier : un nouveau sous-dossier nommé selon l'étiquette sera créé sous INBOX (\"INBOX/Facebook\").<br>\nDans le sujet : le nom des balises sera ajouté au début du sujet de l'e-mail, exemple : \"[Facebook] My News\".",
+        "tag_help_example": "Exemple pour une adresse de courriel étiquetée : me<b>+Facebook</b>@example.org",
+        "tag_help_explain": "Dans un sous-dossier : un nouveau sous-dossier nommé selon l'étiquette sera créé sous INBOX (« INBOX/Facebook »).<br>\nDans le sujet : le nom des balises sera ajouté au début du sujet de l'e-mail, exemple : « [Facebook] My News ».",
         "tag_in_none": "Ne rien faire",
         "tag_in_subfolder": "Dans un sous dossier",
         "tag_in_subject": "Dans le sujet",
@@ -1217,7 +1257,7 @@
         "with_app_password": "avec le mot de passe de l'application",
         "apple_connection_profile_with_app_password": "Un nouveau mot de passe est généré et ajouté au profil, de sorte qu'aucun mot de passe ne doit être saisi lors de la configuration de votre appareil. Ne partagez pas le fichier car il vous donne un accès complet à votre boîte de réception.",
         "attribute": "Attribut",
-        "direct_protocol_access": "Cet utilisateur de la boîte aux lettres dispose d'un <b>accès externe direct</b> aux protocoles et applications suivants. Votre administrateur contrôle ce paramètre. Il est possible de créer des mots de passe d'application pour accorder l'accès à des protocoles et des applications individuels.<br>Le bouton « Connexion au webmail » permet une connexion unique à SOGo et est toujours disponible.",
+        "direct_protocol_access": "Cet utilisateur de la boîte aux lettres dispose d'un <b>accès externe direct</b> aux protocoles et applications suivants. Votre administrateur contrôle ce paramètre. Il est possible de créer des mots de passe d'application pour accorder l'accès à des protocoles et des applications individuels.<br>Le bouton « Connexion au webmail » permet une connexion unique à SOGo et est toujours disponible.",
         "open_webmail_sso": "Connexion au webmail",
         "recent_successful_connections": "Voir les connexions réussies",
         "syncjob_EXIT_TLS_FAILURE": "Problème de connexion chiffrée",
@@ -1240,7 +1280,14 @@
         "password_reset_info": "Si aucun email pour la récupération du mot de passe n'est fourni, cette fonction ne peut pas être utilisée.",
         "pw_recovery_email": "Email de récupération pour son mot de passe",
         "month": "mois",
-        "from": "de"
+        "from": "de",
+        "empty": "Aucun résultat",
+        "fido2_webauthn": "FIDO2/WebAuthn",
+        "last_pw_change": "Dernier changement de mot de passe",
+        "open_logs": "Afficher les journaux",
+        "pushover_sound": "Son",
+        "mailbox_general": "Général",
+        "mailbox_settings": "Paramètres"
     },
     "warning": {
         "cannot_delete_self": "Impossible de supprimer l’utilisateur connecté",
@@ -1248,11 +1295,11 @@
         "dovecot_restart_failed": "Dovecot n’a pas pu redémarrer, veuillez vérifier les journaux",
         "fuzzy_learn_error": "Erreur d’apprentissage du hachage flou : %s",
         "hash_not_found": "Hachage non trouvé ou déjà supprimé",
-        "ip_invalid": "IP non valide ignorée : %s",
+        "ip_invalid": "IP non valide ignorée : %s",
         "no_active_admin": "Impossible de désactiver le dernier administrateur actif",
-        "quota_exceeded_scope": "Dépassement du quota de domaine : Seules des boîtes de réception illimitées peuvent être créées dans ce domaine.",
-        "session_token": "Jeton de formulaire invalide : Jeton différent",
-        "session_ua": "Jeton de formulaire invalide : erreur de validation User-Agent",
+        "quota_exceeded_scope": "Dépassement du quota de domaine : Seules des boîtes de réception illimitées peuvent être créées dans ce domaine.",
+        "session_token": "Jeton de formulaire invalide : Jeton différent",
+        "session_ua": "Jeton de formulaire invalide : erreur de validation User-Agent",
         "is_not_primary_alias": "Alias non primaire ignoré %s"
     },
     "datatables": {
@@ -1261,7 +1308,9 @@
         "thousands": ",",
         "paginate": {
             "first": "Premier",
-            "last": "Dernier"
+            "last": "Dernier",
+            "next": "Suivant",
+            "previous": "Précédent"
         },
         "aria": {
             "sortAscending": ": activer pour trier les colonnes en ordre croissant",
@@ -1274,9 +1323,15 @@
         "processing": "Veuillez patienter…",
         "collapse_all": "Tout réduire",
         "info": "Affichage de _START_ à _END_ sur _TOTAL_ entrée(s)",
-        "search": "Rechercher :"
+        "search": "Rechercher :",
+        "emptyTable": "Aucune donnée présente dans la table",
+        "zeroRecords": "Aucun enregistrement correspondant trouvé"
     },
     "ratelimit": {
-        "disabled": "Désactivé"
+        "disabled": "Désactivé",
+        "second": "msgs / seconde",
+        "minute": "msgs / minute",
+        "hour": "msgs / heure",
+        "day": "msgs / jour"
     }
 }

From d92aa4b15d6639f6e6750a590925ab0a15be7b4f Mon Sep 17 00:00:00 2001
From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com>
Date: Fri, 20 Dec 2024 15:39:41 +0100
Subject: [PATCH 422/755] Update dhparams.pem

Use https://ssl-config.mozilla.org/ffdhe2048.txt due to better security of the key
---
 data/assets/ssl-example/dhparams.pem | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/data/assets/ssl-example/dhparams.pem b/data/assets/ssl-example/dhparams.pem
index b245f051e..9b182b720 100644
--- a/data/assets/ssl-example/dhparams.pem
+++ b/data/assets/ssl-example/dhparams.pem
@@ -1,8 +1,8 @@
 -----BEGIN DH PARAMETERS-----
-MIIBCAKCAQEA9iHB0CRDhV8wfBgqnmvuJpl0fzL3qL75R4ZvQHlfMNLrxuIz2x9D
-9zcDhPcBTVzV5Ay0AAkke4wP6r6wDQqXqBP4Y8IOkYAyLh3jM40jfHQzQt+5JdQl
-ond3kiscBsFOch/vMfSLMu3lAb0YhPNTvrxhMz7LcVAWYl82swASupdiKR+MgaQr
-XsugpmDKsHW60VmIM9B7K9Y+rNHwvMWkmISd0KxA8oOy1WJvsVEissMALZDE3c4w
-2xHmO2lXxgEx3aez28736t4m/KW3g9Zr31a1M0KusmfY//fGkPk4NUrLBOS2xrgp
-Y/rG1qSBdcVyerM0Ki93qCyHKYu4ene0OwIBAg==
+MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
+ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
 -----END DH PARAMETERS-----

From 40a8bc808ab72ddcef36f382dabb148b06260751 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Wed, 1 Jan 2025 03:26:18 +0100
Subject: [PATCH 423/755] update postscreen_access.cidr (#6232)

---
 data/conf/postfix/postscreen_access.cidr | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr
index 1dbe94773..741b32298 100644
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@@ -1,6 +1,6 @@
-# Whitelist generated by Postwhite v3.4 on Sun Dec  1 00:21:36 UTC 2024
+# Whitelist generated by Postwhite v3.4 on Wed Jan  1 00:18:52 UTC 2025
 # https://github.com/stevejenkins/postwhite/
-# 1971 total rules
+# 2014 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
 2a01:111:f403:8000::/50	permit
@@ -19,6 +19,10 @@
 8.20.114.31	permit
 8.25.194.0/23	permit
 8.25.196.0/23	permit
+8.39.54.0/23	permit
+8.39.54.250/31	permit
+8.40.222.0/23	permit
+8.40.222.250/31	permit
 10.162.0.0/16	permit
 12.130.86.238	permit
 13.110.208.0/21	permit
@@ -1472,6 +1476,9 @@
 163.114.135.16	permit
 164.152.23.32	permit
 164.177.132.168/30	permit
+165.173.128.0/24	permit
+165.173.180.250/31	permit
+165.173.182.250/31	permit
 166.78.68.0/22	permit
 166.78.68.221	permit
 166.78.69.169	permit
@@ -1500,6 +1507,12 @@
 168.245.12.252	permit
 168.245.46.9	permit
 168.245.127.231	permit
+169.148.129.0/24	permit
+169.148.131.0/24	permit
+169.148.142.10	permit
+169.148.144.0/25	permit
+169.148.144.10	permit
+169.148.146.0/23	permit
 170.10.128.0/24	permit
 170.10.129.0/24	permit
 170.10.132.56/29	permit
@@ -1959,6 +1972,9 @@
 2603:1030:20e:3::23c	permit
 2603:1030:b:3::152	permit
 2603:1030:c02:8::14	permit
+2607:13c0:0001:0000:0000:0000:0000:7000/116	permit
+2607:13c0:0002:0000:0000:0000:0000:1000/116	permit
+2607:13c0:0004:0000:0000:0000:0000:0000/116	permit
 2607:f8b0:4000::/36	permit
 2620:109:c003:104::/64	permit
 2620:109:c003:104::215	permit

From 10328981b6abe2f65deecd7ba6f2eb7d284c6014 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sun, 5 Jan 2025 15:25:45 +0100
Subject: [PATCH 424/755] Translations update from Weblate (#6235)

* [Web] Updated lang.fr-fr.json

Co-authored-by: Neuronnexion <support@nnx.com>

* [Web] Updated lang.zh-cn.json

Co-authored-by: Easton Man <me@eastonman.com>

---------

Co-authored-by: Neuronnexion <support@nnx.com>
Co-authored-by: Easton Man <me@eastonman.com>
---
 data/web/lang/lang.fr-fr.json | 2 +-
 data/web/lang/lang.zh-cn.json | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index 0e250b0ae..61739bf85 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -805,7 +805,7 @@
         "last_mail_login": "Dernière connexion mail",
         "last_modified": "Dernière modification",
         "last_run": "Dernière exécution",
-        "last_run_reset": "Calendrier suivant",
+        "last_run_reset": "Exécuter maintenant",
         "mailbox": "Boîte de réception",
         "mailbox_defquota": "Taille de boîte de réception par défaut",
         "mailbox_quota": "Taille max. d’une boîte de réception",
diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index cf0c22b61..7e26422cc 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -205,7 +205,7 @@
         "in_use_by": "使用者",
         "inactive": "禁用",
         "include_exclude": "包括/排除",
-        "include_exclude_info": "默认 - 没有选择时默认包括所有邮箱",
+        "include_exclude_info": "默认 - 没有选择时默认包括<b>所有邮箱</b>",
         "includes": "包括这些收件人",
         "is_mx_based": "基于 MX 记录",
         "last_applied": "最后应用的条目",
@@ -339,7 +339,7 @@
         "yes": "&#10003;",
         "options": "选项",
         "f2b_max_ban_time": "最长封禁时间（秒）",
-        "copy_to_clipboard": "复制到粘贴板",
+        "copy_to_clipboard": "已复制到粘贴板！",
         "reset_password_vars": "<code>{{link}}</code> 生成的密码重置链接<br><code>{{username}}</code> 要求重置密码的使用者的邮箱名称<br><code>{{username2}}</code> 复原邮箱名称<br><code>{{date}}</code> 要求重置密码之日期<br><code>{{token_lifetime}}</code> 令牌(token)过期时间(以分钟计)<br><code>{{hostname}}</code> mailcow 主机名",
         "logo_normal_label": "正常",
         "f2b_manage_external_info": "Fail2Ban 还会持续维护封禁列表，但不会主动设置规则阻挡流量。请使用以下生成的封禁列表在外部阻止流量。",
@@ -584,7 +584,7 @@
         "force_pw_update_info": "此用户只能登录到 %s。",
         "full_name": "全名",
         "gal": "全球地址簿",
-        "gal_info": "<b>全球地址簿</b>包含了域名下的所有对象，并且此行为不能被用户更改。如果关闭，用户的 \"空闲/繁忙\" 的信息将不能在 SOGo 中显示。 <b>重启 SOGo 服务以应用更改。</b>",
+        "gal_info": "全球地址簿（GAL）包含了域名下的所有对象，并且此行为不能被用户更改。如果关闭，用户的 \"空闲/繁忙\" 的信息将不能在 SOGo 中显示。 <b>重启 SOGo 服务以应用更改。</b>",
         "generate": "生成",
         "grant_types": "授权类型",
         "hostname": "主机名",

From 69f6a82905e98ad23210f4d8a0dd70ce6d5c7d1b Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Thu, 9 Jan 2025 06:51:42 +0100
Subject: [PATCH 425/755] [Web] Updated lang.fr-fr.json (#6238)

Co-authored-by: Neuronnexion <support@nnx.com>
---
 data/web/lang/lang.fr-fr.json | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index 61739bf85..68226c1fd 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -56,7 +56,7 @@
         "disable_login": "Désactiver l'authentification (les courriels entrants resteront acceptés)",
         "domain": "Domaine",
         "domain_matches_hostname": "Le domaine %s correspond à la machine (hostname)",
-        "domain_quota_m": "Quota total du domaine (Mo)",
+        "domain_quota_m": "Quota total du domaine (Mio)",
         "enc_method": "Méthode de chiffrement",
         "exclude": "Exclure des objets (expression régulière - regex)",
         "full_name": "Nom complet",
@@ -70,7 +70,7 @@
         "inactive": "Inactif",
         "kind": "Type",
         "mailbox_quota_def": "Quota boîte de réception par défaut",
-        "mailbox_quota_m": "Quota max par boîte de réception (Mo)",
+        "mailbox_quota_m": "Quota max par boîte de réception (Mio)",
         "mailbox_username": "Identifiant (partie gauche d'une adresse de courriel)",
         "max_aliases": "Nombre maximal d'alias",
         "max_mailboxes": "Nombre maximal de boîtes de réception",
@@ -83,7 +83,7 @@
         "post_domain_add": "Le conteneur SOGo, « sogo-mailcow », doit être redémarré après l'ajout d'un nouveau domaine !<br><br>De plus, la configuration DNS doit être révisée. Lorsque la configuration DNS est approuvée, redémarrer « acme-mailcow » pour générer automatiquement les certificats pour votre nouveau domaine (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;).<br>Cette étape est optionnelle et sera réessayée toutes les 24 heures.",
         "private_comment": "Commentaire privé",
         "public_comment": "Commentaire public",
-        "quota_mb": "Quota (Mo)",
+        "quota_mb": "Quota (Mio)",
         "relay_all": "Relayer tous les destinataires",
         "relay_all_info": "↪ Si vous choisissez <b>de ne pas</b> relayer tous les destinataires, vous devez ajouter une boîte de réception (« aveugle ») pour chaque destinataire simple qui doit être relayé.",
         "relay_domain": "Relayer ce domaine",
@@ -236,7 +236,7 @@
         "quarantine_bcc": "Envoyer une copie de toutes les notifications (BCC) à ce destinataire :<br><small>Laisser vide pour le désactiver. <b>Courrier non signé et non coché. Doit être livré en interne seulement.</b></small>",
         "quarantine_exclude_domains": "Exclure les domaines et les alias de domaine",
         "quarantine_max_age": "Âge maximun en jour(s)<br><small>La valeur doit être égale ou supérieure à 1 jour.</small>",
-        "quarantine_max_size": "Taille maximum en Mo (les éléments plus grands sont mis au rebut) :<br><small>0 ne signifie <b>pas</b> illimité.</small>",
+        "quarantine_max_size": "Taille maximum en Mio (les éléments plus grands sont mis au rebut) :<br><small>0 ne signifie <b>pas</b> illimité.</small>",
         "quarantine_max_score": "Ignorer la notification si le score de spam est au dessus de cette valeur :<br><small>Par défaut : 9999.0</small>",
         "quarantine_notification_html": "Modèle de courriel de notification :<br><small>Laisser vide pour restaurer le modèle par défaut.</small>",
         "quarantine_notification_sender": "Notification par courriel de l’expéditeur",
@@ -384,7 +384,7 @@
         "domain_invalid": "Le nom de domaine est vide ou non valide",
         "domain_not_empty": "Impossible de supprimer le domaine non vide %s",
         "domain_not_found": "Le domaine %s est introuvable",
-        "domain_quota_m_in_use": "Le quota de domaine doit être supérieur ou égal à %s Mo",
+        "domain_quota_m_in_use": "Le quota de domaine doit être supérieur ou égal à %s Mio",
         "extra_acl_invalid": "L'adresse de l’expéditeur externe « %s » est non valide",
         "extra_acl_invalid_domain": "L'expéditeur externe « %s » utilise un domaine non valide",
         "file_open_error": "Le fichier ne peut pas être ouvert pour l'écriture",
@@ -416,7 +416,7 @@
         "login_failed": "La connexion a échoué",
         "mailbox_defquota_exceeds_mailbox_maxquota": "Le quota par défaut dépasse la limite maximale du quota",
         "mailbox_invalid": "Le nom de la boîte de réception n'est pas valide",
-        "mailbox_quota_exceeded": "Le quota dépasse la limite du domaine (max. %d Mo)",
+        "mailbox_quota_exceeded": "Le quota dépasse la limite du domaine (max. %d Mio)",
         "mailbox_quota_exceeds_domain_quota": "Le quota maximal dépasse la limite du quota de domaine",
         "mailbox_quota_left_exceeded": "Espace libre insuffisant (espace libre : %d Mio)",
         "mailboxes_in_use": "Le max. des boîtes de réception doit être supérieur ou égal à %d",
@@ -424,7 +424,7 @@
         "map_content_empty": "Le contenu de la carte ne peut pas être vide",
         "max_alias_exceeded": "Le nombre max. d'alias est dépassé",
         "max_mailbox_exceeded": "Le nombre max. de boîte de réception est dépassé (%d of %d)",
-        "max_quota_in_use": "Le quota de la boîte de réception doit être supérieur ou égal à %d Mo",
+        "max_quota_in_use": "Le quota de la boîte de réception doit être supérieur ou égal à %d Mio",
         "maxquota_empty": "Le quota maximum par boîte de réception ne doit pas être de 0.",
         "mysql_error": "Erreur MySQL : %s",
         "nginx_reload_failed": "Le rechargement de Nginx a échoué : %s",
@@ -593,7 +593,7 @@
         "mailbox_quota_def": "Quota par défaut de la boîte de réception",
         "max_aliases": "Nombre max. d'alias",
         "max_mailboxes": "Nombre max. de boîte de réception possibles",
-        "max_quota": "Quota max. par boîte de réception (Mo)",
+        "max_quota": "Quota max. par boîte de réception (Mio)",
         "maxage": "Âge maximal en jours des messages qui seront consultés à distance<br><small>(0 = ignorer la durée)</small>",
         "maxbytespersecond": "Octets max. par seconde <br><small>(0 = pas de limite)</small>",
         "mbox_rl_info": "Cette limite d'envoi est appliquée au nom de connexion SASL, elle correspond à toute adresse « from » utilisée par l’utilisateur connecté. Une limite d'envoi pour les boîtes de réception remplace une limite d'envoi pour l’ensemble du domaine.",
@@ -614,7 +614,7 @@
         "pushover_title": "Titre de la notification",
         "pushover_vars": "Lorsque aucun filtre d’expéditeur n’est défini, tous les messages seront considérés.<br>Les filtres Regex ainsi que les vérifications exactes de l’expéditeur peuvent être définis individuellement et seront considérés de façon séquentielle. Ils ne dépendent pas les uns des autres.<br>Variables utilisables pour le texte et le titre (veuillez prendre note des politiques de protection des données)",
         "pushover_verify": "Vérifier les informations d'identification",
-        "quota_mb": "Quota (Mo)",
+        "quota_mb": "Quota (Mio)",
         "ratelimit": "Limite d'envoi",
         "redirect_uri": "URL de redirection/callback",
         "relay_all": "Relayer tous les destinataires",

From abd789f629a88e5cf7e5eb45f2c19224e91e2f25 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 14 Jan 2025 11:18:20 +0100
Subject: [PATCH 426/755] [Web] Escape mailbox name before querying aliases

---
 data/web/inc/functions.inc.php         | 4 ++--
 data/web/inc/functions.mailbox.inc.php | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index cfe507549..7efbee166 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1174,7 +1174,7 @@ function user_get_alias_details($username) {
     AND `goto` != :username_goto2
     AND `address` != :username_address");
   $stmt->execute(array(
-    ':username_goto' => '(^|,)'.$username.'($|,)',
+    ':username_goto' => '(^|,)'.preg_quote($username, '/').'($|,)',
     ':username_goto2' => $username,
     ':username_address' => $username
     ));
@@ -1222,7 +1222,7 @@ function user_get_alias_details($username) {
     $data['aliases_send_as_all'] = $row['send_as'];
   }
   $stmt = $pdo->prepare("SELECT IFNULL(GROUP_CONCAT(`address` SEPARATOR ', '), '') as `address` FROM `alias` WHERE `goto` REGEXP :username AND `address` LIKE '@%';");
-  $stmt->execute(array(':username' => '(^|,)'.$username.'($|,)'));
+  $stmt->execute(array(':username' => '(^|,)'.preg_quote($username, '/').'($|,)'));
   $run = $stmt->fetchAll(PDO::FETCH_ASSOC);
   while ($row = array_shift($run)) {
     $data['is_catch_all'] = $row['address'];
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 6cc98e92e..1b6f9ae47 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -3768,7 +3768,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           $data['external_sender_aliases']                = array();
           // Fixed addresses
           $stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE `goto` REGEXP :goto AND `address` NOT LIKE '@%'");
-          $stmt->execute(array(':goto' => '(^|,)'.$_data.'($|,)'));
+          $stmt->execute(array(':goto' => '(^|,)'.preg_quote($_data, '/').'($|,)'));
           $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
           while ($row = array_shift($rows)) {
             $data['fixed_sender_aliases'][] = $row['address'];
@@ -5534,7 +5534,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             ));
             $stmt = $pdo->prepare("SELECT `address`, `goto` FROM `alias`
                 WHERE `goto` REGEXP :username");
-            $stmt->execute(array(':username' => '(^|,)'.$username.'($|,)'));
+            $stmt->execute(array(':username' => '(^|,)'.preg_quote($username, '/').'($|,)'));
             $GotoData = $stmt->fetchAll(PDO::FETCH_ASSOC);
             foreach ($GotoData as $gotos) {
               $goto_exploded = explode(',', $gotos['goto']);

From d280025b511bb27c2d45f04ff9201fe0ed359372 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 14 Jan 2025 11:30:41 +0100
Subject: [PATCH 427/755] [Web] Regenerate session_id on successful login

---
 data/web/inc/triggers.inc.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/data/web/inc/triggers.inc.php b/data/web/inc/triggers.inc.php
index 360f57277..a49ba78c8 100644
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -4,6 +4,7 @@ if (!empty($_GET['sso_token'])) {
   $username = domain_admin_sso('check', $_GET['sso_token']);
 
   if ($username !== false) {
+    session_regenerate_id();
     $_SESSION['mailcow_cc_username'] = $username;
     $_SESSION['mailcow_cc_role'] = 'domainadmin';
     header('Location: /mailbox');
@@ -87,18 +88,21 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
 	$as = check_login($login_user, $_POST["pass_user"]);
 
 	if ($as == "admin") {
+    session_regenerate_id();
 		$_SESSION['mailcow_cc_username'] = $login_user;
 		$_SESSION['mailcow_cc_role'] = "admin";
 		header("Location: /debug");
     die();
 	}
 	elseif ($as == "domainadmin") {
+    session_regenerate_id();
 		$_SESSION['mailcow_cc_username'] = $login_user;
 		$_SESSION['mailcow_cc_role'] = "domainadmin";
 		header("Location: /mailbox");
     die();
 	}
 	elseif ($as == "user") {
+    session_regenerate_id();
 		$_SESSION['mailcow_cc_username'] = $login_user;
 		$_SESSION['mailcow_cc_role'] = "user";
     $http_parameters = explode('&', $_SESSION['index_query_string']);
@@ -122,7 +126,9 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
     unset($_SESSION['pending_tfa_methods']);
 		unset($_SESSION['mailcow_cc_username']);
 		unset($_SESSION['mailcow_cc_role']);
-	}
+	} else {
+    session_regenerate_id();
+  }
 }
 
 if (isset($_SESSION['mailcow_cc_role']) && (isset($_SESSION['acl']['login_as']) && $_SESSION['acl']['login_as'] == "1")) {

From 8048e0a53c793ed587cba0b5ee5eadb80efed88e Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 15 Jan 2025 12:48:10 +0100
Subject: [PATCH 428/755] [Web] Fix permission exception in IdP actions

---
 data/conf/phpfpm/crons/keycloak-sync.php |  8 +--
 data/conf/phpfpm/crons/ldap-sync.php     |  8 +--
 data/web/inc/functions.acl.inc.php       |  6 +--
 data/web/inc/functions.auth.inc.php      | 20 +++++---
 data/web/inc/functions.inc.php           | 33 ++++++++++---
 data/web/inc/functions.mailbox.inc.php   | 62 ++++++++++++------------
 data/web/inc/functions.ratelimit.inc.php | 10 ++--
 data/web/inc/sessions.inc.php            |  2 +
 8 files changed, 88 insertions(+), 61 deletions(-)

diff --git a/data/conf/phpfpm/crons/keycloak-sync.php b/data/conf/phpfpm/crons/keycloak-sync.php
index f6d92266f..98010648b 100644
--- a/data/conf/phpfpm/crons/keycloak-sync.php
+++ b/data/conf/phpfpm/crons/keycloak-sync.php
@@ -188,6 +188,7 @@ while (true) {
       continue;
     }
 
+    $_SESSION['access_all_exception'] = '1';
     if (!$row && intval($iam_settings['import_users']) == 1){
       // mailbox user does not exist, create...
       logMsg("info", "Creating user " . $user['email']);
@@ -196,8 +197,7 @@ while (true) {
         'local_part' => explode('@', $user['email'])[0],
         'name' => $user['firstName'] . " " . $user['lastName'],
         'authsource' => 'keycloak',
-        'template' => $mbox_template,
-        'hasAccess' => true
+        'template' => $mbox_template
       ));
     } else if ($row && intval($iam_settings['periodic_sync']) == 1) {
       // mailbox user does exist, sync attribtues...
@@ -205,13 +205,13 @@ while (true) {
       mailbox('edit', 'mailbox_from_template', array(
         'username' => $user['email'],
         'name' => $user['firstName'] . " " . $user['lastName'],
-        'template' => $mbox_template,
-        'hasAccess' => true
+        'template' => $mbox_template
       ));
     } else {
       // skip mailbox user
       logMsg("info", "Skipping user " . $user['email']);
     }
+    $_SESSION['access_all_exception'] = '0';
 
     sleep(0.025);
   }
diff --git a/data/conf/phpfpm/crons/ldap-sync.php b/data/conf/phpfpm/crons/ldap-sync.php
index 87f2dddb9..8f7a08bf5 100644
--- a/data/conf/phpfpm/crons/ldap-sync.php
+++ b/data/conf/phpfpm/crons/ldap-sync.php
@@ -152,6 +152,7 @@ foreach ($response as $user) {
     continue;
   }
 
+  $_SESSION['access_all_exception'] = '1';
   if (!$row && intval($iam_settings['import_users']) == 1){
     // mailbox user does not exist, create...
     logMsg("info", "Creating user " .  $user[$iam_settings['username_field']][0]);
@@ -160,8 +161,7 @@ foreach ($response as $user) {
       'local_part' => explode('@',  $user[$iam_settings['username_field']][0])[0],
       'name' => $user['displayname'][0],
       'authsource' => 'ldap',
-      'template' => $mbox_template,
-      'hasAccess' => true
+      'template' => $mbox_template
     ));
   } else if ($row && intval($iam_settings['periodic_sync']) == 1) {
     // mailbox user does exist, sync attribtues...
@@ -169,13 +169,13 @@ foreach ($response as $user) {
     mailbox('edit', 'mailbox_from_template', array(
       'username' =>  $user[$iam_settings['username_field']][0],
       'name' => $user['displayname'][0],
-      'template' => $mbox_template,
-      'hasAccess' => true
+      'template' => $mbox_template
     ));
   } else {
     // skip mailbox user
     logMsg("info", "Skipping user " .  $user[$iam_settings['username_field']][0]);
   }
+  $_SESSION['access_all_exception'] = '0';
 
   sleep(0.025);
 }
diff --git a/data/web/inc/functions.acl.inc.php b/data/web/inc/functions.acl.inc.php
index ffc7408fe..dde9b1236 100644
--- a/data/web/inc/functions.acl.inc.php
+++ b/data/web/inc/functions.acl.inc.php
@@ -23,8 +23,8 @@ function acl($_action, $_scope = null, $_data = null, $_extra = null) {
               $acl_post[$acl_val] = 1;
             }
             // Users cannot change their own ACL
-            if (!$_extra['hasAccess'] && (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)
-              || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin'))) {
+            if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)
+              || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin' && $_SESSION['access_all_exception'] != '1')) {
               $_SESSION['return'][] = array(
                 'type' => 'danger',
                 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
@@ -130,7 +130,7 @@ function acl($_action, $_scope = null, $_data = null, $_extra = null) {
     case 'get':
       switch ($_scope) {
         case 'user':
-          if (!$_extra['hasAccess'] && !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
+          if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
             return false;
           }
           $stmt = $pdo->prepare("SELECT * FROM `user_acl` WHERE `username` = :username");
diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index f9d82f1ad..62329e305 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -457,12 +457,13 @@ function keycloak_mbox_login_rest($user, $pass, $extra = null){
     // login success
     if ($mapper_key !== false) {
       // update user
+      $_SESSION['access_all_exception'] = '1';
       mailbox('edit', 'mailbox_from_template', array(
         'username' => $user,
         'name' => $user_res['name'],
-        'template' => $iam_settings['templates'][$mapper_key],
-        'hasAccess' => true
+        'template' => $iam_settings['templates'][$mapper_key]
       ));
+      $_SESSION['access_all_exception'] = '0';
     }
     return 'user';
   }
@@ -472,14 +473,15 @@ function keycloak_mbox_login_rest($user, $pass, $extra = null){
   if ($mapper_key === false) return false;
 
   // create mailbox
+  $_SESSION['access_all_exception'] = '1';
   $create_res = mailbox('add', 'mailbox_from_template', array(
     'domain' => explode('@', $user)[1],
     'local_part' => explode('@', $user)[0],
     'name' => $user_res['name'],
     'authsource' => 'keycloak',
-    'template' => $iam_settings['templates'][$mapper_key],
-    'hasAccess' => true
+    'template' => $iam_settings['templates'][$mapper_key]
   ));
+  $_SESSION['access_all_exception'] = '0';
   if (!$create_res){
     clear_session();
     return false;
@@ -556,12 +558,13 @@ function ldap_mbox_login($user, $pass, $extra = null){
     // login success
     if ($mapper_key !== false) {
       // update user
+      $_SESSION['access_all_exception'] = '1';
       mailbox('edit', 'mailbox_from_template', array(
         'username' => $user,
         'name' => $user_res['displayname'][0],
-        'template' => $iam_settings['templates'][$mapper_key],
-        'hasAccess' => true
+        'template' => $iam_settings['templates'][$mapper_key]
       ));
+      $_SESSION['access_all_exception'] = '0';
     }
     return 'user';
   }
@@ -571,14 +574,15 @@ function ldap_mbox_login($user, $pass, $extra = null){
   if ($mapper_key === false) return false;
 
   // create mailbox
+  $_SESSION['access_all_exception'] = '1';
   $create_res = mailbox('add', 'mailbox_from_template', array(
     'domain' => explode('@', $user)[1],
     'local_part' => explode('@', $user)[0],
     'name' => $user_res['displayname'][0],
     'authsource' => 'ldap',
-    'template' => $iam_settings['templates'][$mapper_key],
-    'hasAccess' => true
+    'template' => $iam_settings['templates'][$mapper_key]
   ));
+  $_SESSION['access_all_exception'] = '0';
   if (!$create_res){
     clear_session();
     return false;
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index d351eccf4..ed41379f4 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -538,10 +538,13 @@ function logger($_data = false) {
 }
 function hasDomainAccess($username, $role, $domain) {
   global $pdo;
-  if (!filter_var($username, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
+  if (empty($domain) || !is_valid_domain_name($domain)) {
     return false;
   }
-  if (empty($domain) || !is_valid_domain_name($domain)) {
+  if (isset($_SESSION['access_all_exception']) && $_SESSION['access_all_exception'] == "1") {
+    return true;
+  }
+  if (!filter_var($username, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
     return false;
   }
   if ($role != 'admin' && $role != 'domainadmin') {
@@ -577,6 +580,9 @@ function hasDomainAccess($username, $role, $domain) {
 }
 function hasMailboxObjectAccess($username, $role, $object) {
   global $pdo;
+  if (isset($_SESSION['access_all_exception']) && $_SESSION['access_all_exception'] == "1") {
+    return true;
+  }
   if (empty($username) || empty($role) || empty($object)) {
     return false;
   }
@@ -600,6 +606,9 @@ function hasMailboxObjectAccess($username, $role, $object) {
 // does also verify mailboxes as a mailbox is a alias == goto
 function hasAliasObjectAccess($username, $role, $object) {
   global $pdo;
+  if (isset($_SESSION['access_all_exception']) && $_SESSION['access_all_exception'] == "1") {
+    return true;
+  }
   if (empty($username) || empty($role) || empty($object)) {
     return false;
   }
@@ -617,6 +626,16 @@ function hasAliasObjectAccess($username, $role, $object) {
   }
   return false;
 }
+function hasACLAccess($type) {
+  if (isset($_SESSION['access_all_exception']) && $_SESSION['access_all_exception'] == "1") {
+    return true;
+  }
+  if (isset($_SESSION['acl'][$type]) && $_SESSION['acl'][$type] == "1") {
+    return true;
+  }
+
+  return false;
+}
 function pem_to_der($pem_key) {
   // Need to remove BEGIN/END PUBLIC KEY
   $lines = explode("\n", trim($pem_key));
@@ -2530,12 +2549,13 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
         // success
         if ($mapper_key !== false) {
           // update user
+          $_SESSION['access_all_exception'] = '1';
           mailbox('edit', 'mailbox_from_template', array(
             'username' => $info['email'],
             'name' => $info['name'],
-            'template' => $iam_settings['templates'][$mapper_key],
-            'hasAccess' => true
+            'template' => $iam_settings['templates'][$mapper_key]
           ));
+          $_SESSION['access_all_exception'] = '0';
         }
         set_user_loggedin_session($info['email']);
         $_SESSION['iam_token'] = $plain_token;
@@ -2568,14 +2588,15 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       }
 
       // create mailbox
+      $_SESSION['access_all_exception'] = '1';
       $create_res = mailbox('add', 'mailbox_from_template', array(
         'domain' => explode('@', $info['email'])[1],
         'local_part' => explode('@', $info['email'])[0],
         'name' => $info['name'],
         'authsource' => $iam_settings['authsource'],
-        'template' => $iam_settings['templates'][$mapper_key],
-        'hasAccess' => true
+        'template' => $iam_settings['templates'][$mapper_key]
       ));
+      $_SESSION['access_all_exception'] = '0';
       if (!$create_res){
         clear_session();
         $_SESSION['return'][] =  array(
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index c63a0d37b..84bc3f169 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1045,7 +1045,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             $password2 = '';
             $password_hashed = '';
           }
-          if (!$_extra['hasAccess'] && ((!isset($_SESSION['acl']['unlimited_quota']) || $_SESSION['acl']['unlimited_quota'] != "1") && $quota_m === 0)) {
+          if (!hasACLAccess("unlimited_quota") && $quota_m === 0) {
             $_SESSION['return'][] = array(
               'type' => 'danger',
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -1104,7 +1104,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             );
             return false;
           }
-          if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain) && !$_extra['hasAccess']) {
+          if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
             $_SESSION['return'][] = array(
               'type' => 'danger',
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -1385,7 +1385,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             }
           }
 
-          return mailbox('add', 'mailbox', $mailbox_attributes, array('hasAccess' => $_data['hasAccess']));
+          return mailbox('add', 'mailbox', $mailbox_attributes);
         break;
         case 'resource':
           $domain             = idn_to_ascii(strtolower(trim($_data['domain'])), 0, INTL_IDNA_VARIANT_UTS46);
@@ -1753,7 +1753,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           else {
             $usernames = $_data['username'];
           }
-          if (!$_extra['hasAccess'] && (!isset($_SESSION['acl']['tls_policy']) || $_SESSION['acl']['tls_policy'] != "1")) {
+          if (!hasACLAccess("tls_policy")) {
             $_SESSION['return'][] = array(
               'type' => 'danger',
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -1762,7 +1762,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             return false;
           }
           foreach ($usernames as $username) {
-            if (!$_extra['hasAccess'] && (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username))) {
+            if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
               $_SESSION['return'][] = array(
                 'type' => 'danger',
                 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -1807,7 +1807,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           else {
             $usernames = $_data['username'];
           }
-          if (!$_extra['hasAccess'] && (!isset($_SESSION['acl']['quarantine_notification']) || $_SESSION['acl']['quarantine_notification'] != "1")) {
+          if (!hasACLAccess("quarantine_notification")) {
             $_SESSION['return'][] = array(
               'type' => 'danger',
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -1816,7 +1816,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             return false;
           }
           foreach ($usernames as $username) {
-            if (!$_extra['hasAccess'] && (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username))) {
+            if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
               $_SESSION['return'][] = array(
                 'type' => 'danger',
                 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -1866,7 +1866,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           else {
             $usernames = $_data['username'];
           }
-          if (!$_extra['hasAccess'] && (!isset($_SESSION['acl']['quarantine_category']) || $_SESSION['acl']['quarantine_category'] != "1")) {
+          if (!hasACLAccess("quarantine_category")) {
             $_SESSION['return'][] = array(
               'type' => 'danger',
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -1875,7 +1875,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             return false;
           }
           foreach ($usernames as $username) {
-            if (!$_extra['hasAccess'] && (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username))) {
+            if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
               $_SESSION['return'][] = array(
                 'type' => 'danger',
                 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -2938,12 +2938,12 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             if (!empty($is_now)) {
               $active               = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
               (int)$force_pw_update = (isset($_data['force_pw_update'])) ? intval($_data['force_pw_update']) : intval($is_now['attributes']['force_pw_update']);
-              (int)$sogo_access     = ((isset($_data['sogo_access']) && isset($_SESSION['acl']['sogo_access']) && $_SESSION['acl']['sogo_access'] == "1") || $_extra['hasAccess']) ? intval($_data['sogo_access']) : intval($is_now['attributes']['sogo_access']);
-              (int)$imap_access     = ((isset($_data['imap_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") || $_extra['hasAccess']) ? intval($_data['imap_access']) : intval($is_now['attributes']['imap_access']);
-              (int)$pop3_access     = ((isset($_data['pop3_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") || $_extra['hasAccess']) ? intval($_data['pop3_access']) : intval($is_now['attributes']['pop3_access']);
-              (int)$smtp_access     = ((isset($_data['smtp_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") || $_extra['hasAccess']) ? intval($_data['smtp_access']) : intval($is_now['attributes']['smtp_access']);
-              (int)$sieve_access    = ((isset($_data['sieve_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") || $_extra['hasAccess']) ? intval($_data['sieve_access']) : intval($is_now['attributes']['sieve_access']);
-              (int)$relayhost       = ((isset($_data['relayhost']) && isset($_SESSION['acl']['mailbox_relayhost']) && $_SESSION['acl']['mailbox_relayhost'] == "1") || $_extra['hasAccess']) ? intval($_data['relayhost']) : intval($is_now['attributes']['relayhost']);
+              (int)$sogo_access     = (isset($_data['sogo_access']) && hasACLAccess("sogo_access")) ? intval($_data['sogo_access']) : intval($is_now['attributes']['sogo_access']);
+              (int)$imap_access     = (isset($_data['imap_access']) && hasACLAccess("protocol_access")) ? intval($_data['imap_access']) : intval($is_now['attributes']['imap_access']);
+              (int)$pop3_access     = (isset($_data['pop3_access']) && hasACLAccess("protocol_access")) ? intval($_data['pop3_access']) : intval($is_now['attributes']['pop3_access']);
+              (int)$smtp_access     = (isset($_data['smtp_access']) && hasACLAccess("protocol_access")) ? intval($_data['smtp_access']) : intval($is_now['attributes']['smtp_access']);
+              (int)$sieve_access    = (isset($_data['sieve_access']) && hasACLAccess("protocol_access")) ? intval($_data['sieve_access']) : intval($is_now['attributes']['sieve_access']);
+              (int)$relayhost       = (isset($_data['relayhost']) && hasACLAccess("mailbox_relayhost")) ? intval($_data['relayhost']) : intval($is_now['attributes']['relayhost']);
               (int)$quota_m         = (isset_has_content($_data['quota'])) ? intval($_data['quota']) : ($is_now['quota'] / 1048576);
               $name                 = (!empty($_data['name'])) ? ltrim(rtrim($_data['name'], '>'), '<') : $is_now['name'];
               $domain               = $is_now['domain'];
@@ -2970,7 +2970,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               continue;
             }
             // if already 0 == ok
-            if (!$_extra['hasAccess'] && (!isset($_SESSION['acl']['unlimited_quota']) || $_SESSION['acl']['unlimited_quota'] != "1") && ($quota_m == 0 && $is_now['quota'] != 0)) {
+            if (!hasACLAccess("unlimited_quota") && ($quota_m == 0 && $is_now['quota'] != 0)) {
               $_SESSION['return'][] = array(
                 'type' => 'danger',
                 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -2978,7 +2978,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               );
               return false;
             }
-            if (!$_extra['hasAccess'] && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+            if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
               $_SESSION['return'][] = array(
                 'type' => 'danger',
                 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -3005,7 +3005,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             }
             $extra_acls = array();
             if (isset($_data['extended_sender_acl'])) {
-              if (!$_extra['hasAccess'] && (!isset($_SESSION['acl']['extend_sender_acl']) || $_SESSION['acl']['extend_sender_acl'] != "1")) {
+              if (!hasACLAccess("extend_sender_acl")) {
                 $_SESSION['return'][] = array(
                   'type' => 'danger',
                   'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -3505,7 +3505,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           }
 
           $attribute_hash = sha1(json_encode($mbox_template_data["attributes"]));
-          $is_now = mailbox('get', 'mailbox_details', $_data['username'], array('hasAccess' => $_data['hasAccess']));
+          $is_now = mailbox('get', 'mailbox_details', $_data['username']);
           $name = ltrim(rtrim($_data['name'], '>'), '<');
           if ($is_now['attributes']['attribute_hash'] == $attribute_hash && $is_now['name'] == $name)
             return true;
@@ -3541,17 +3541,17 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           }
 
           $mailbox_attributes['quota'] = intval($mailbox_attributes['quota'] / 1048576);
-          $result = mailbox('edit', 'mailbox', $mailbox_attributes, array('hasAccess' => $_data['hasAccess']));
+          $result = mailbox('edit', 'mailbox', $mailbox_attributes);
           if ($result === false) return $result;
-          $result = mailbox('edit', 'tls_policy', $tls_attributes, array('hasAccess' => $_data['hasAccess']));
+          $result = mailbox('edit', 'tls_policy', $tls_attributes);
           if ($result === false) return $result;
-          $result = mailbox('edit', 'quarantine_notification', $quarantine_attributes, array('hasAccess' => $_data['hasAccess']));
+          $result = mailbox('edit', 'quarantine_notification', $quarantine_attributes);
           if ($result === false) return $result;
-          $result = mailbox('edit', 'quarantine_category', $quarantine_attributes, array('hasAccess' => $_data['hasAccess']));
+          $result = mailbox('edit', 'quarantine_category', $quarantine_attributes);
           if ($result === false) return $result;
-          $result = ratelimit('edit', 'mailbox', $ratelimit_attributes, array('hasAccess' => $_data['hasAccess']));
+          $result = ratelimit('edit', 'mailbox', $ratelimit_attributes);
           if ($result === false) return $result;
-          $result = acl('edit', 'user', $acl_attributes, array('hasAccess' => $_data['hasAccess']));
+          $result = acl('edit', 'user', $acl_attributes);
           if ($result === false) return $result;
 
           $_SESSION['return'] = array();
@@ -4090,7 +4090,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
         case 'tls_policy':
           $attrs = array();
           if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) {
-            if (!$_extra['hasAccess'] && !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
+            if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
               return false;
             }
           }
@@ -4109,7 +4109,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
         case 'quarantine_notification':
           $attrs = array();
           if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) {
-            if (!$_extra['hasAccess'] && !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
+            if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
               return false;
             }
           }
@@ -4125,7 +4125,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
         case 'quarantine_category':
           $attrs = array();
           if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) {
-            if (!$_extra['hasAccess'] && (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data))) {
+            if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
               return false;
             }
           }
@@ -4640,7 +4640,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
         case 'domain_details':
           $domaindata = array();
           $_data = idn_to_ascii(strtolower(trim($_data)), 0, INTL_IDNA_VARIANT_UTS46);
-          if (!$_extra['hasAccess'] && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
+          if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
             return false;
           }
           $stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` =  :domain");
@@ -4806,7 +4806,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           }
         break;
         case 'mailbox_details':
-          if (!$_extra['hasAccess'] && !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
+          if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
             return false;
           }
           $mailboxdata = array();
@@ -4969,7 +4969,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           return $mailboxdata;
         break;
         case 'mailbox_templates':
-          if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin" && !$_extra['hasAccess']) {
+          if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin" && $_SESSION['access_all_exception'] != "1") {
             return false;
           }
           $_data = (isset($_data)) ? intval($_data) : null;
diff --git a/data/web/inc/functions.ratelimit.inc.php b/data/web/inc/functions.ratelimit.inc.php
index 5779ad77c..91ac999e2 100644
--- a/data/web/inc/functions.ratelimit.inc.php
+++ b/data/web/inc/functions.ratelimit.inc.php
@@ -4,7 +4,7 @@ function ratelimit($_action, $_scope, $_data = null, $_extra = null) {
   $_data_log = $_data;
   switch ($_action) {
     case 'edit':
-      if ((!isset($_SESSION['acl']['ratelimit']) || $_SESSION['acl']['ratelimit'] != "1") && !$_extra['hasAccess']) {
+      if (!hasACLAccess("ratelimit")) {
         $_SESSION['return'][] = array(
           'type' => 'danger',
           'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -92,8 +92,8 @@ function ratelimit($_action, $_scope, $_data = null, $_extra = null) {
               );
               continue;
             }
-            if (((!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)
-                || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin'))) && !$_extra['hasAccess']) {
+            if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)
+                || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin' && $_SESSION['access_all_exception'] != '1')) {
               $_SESSION['return'][] = array(
                 'type' => 'danger',
                 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
@@ -139,7 +139,7 @@ function ratelimit($_action, $_scope, $_data = null, $_extra = null) {
     case 'get':
       switch ($_scope) {
         case 'domain':
-          if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data) && !$_extra['hasAccess']) {
+          if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
             return false;
           }
           try {
@@ -164,7 +164,7 @@ function ratelimit($_action, $_scope, $_data = null, $_extra = null) {
           return false;
         break;
         case 'mailbox':
-          if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data && !$_extra['hasAccess'])
+          if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)
             || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin')) {
             return false;
           }
diff --git a/data/web/inc/sessions.inc.php b/data/web/inc/sessions.inc.php
index b73ad2816..67bdd35b3 100644
--- a/data/web/inc/sessions.inc.php
+++ b/data/web/inc/sessions.inc.php
@@ -5,6 +5,8 @@ if (session_status() !== PHP_SESSION_ACTIVE) {
   ini_set('session.gc_maxlifetime', $SESSION_LIFETIME);
 }
 
+$_SESSION['access_all_exception'] = '0';
+
 if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
   strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == "https") {
   if (session_status() !== PHP_SESSION_ACTIVE) {

From 1e70a2018858b24047ebeb5e4c08a8f4689d2520 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 15 Jan 2025 16:15:25 +0100
Subject: [PATCH 429/755] [SOGo] Add mailcow Buttons to SOGo navbar

---
 data/Dockerfiles/sogo/Dockerfile          |  1 +
 data/Dockerfiles/sogo/bootstrap-sogo.sh   |  4 +++
 data/Dockerfiles/sogo/navMailcowBtns.diff | 20 +++++++++++
 data/conf/sogo/custom-sogo.js             | 42 -----------------------
 docker-compose.yml                        |  2 +-
 5 files changed, 26 insertions(+), 43 deletions(-)
 create mode 100644 data/Dockerfiles/sogo/navMailcowBtns.diff

diff --git a/data/Dockerfiles/sogo/Dockerfile b/data/Dockerfiles/sogo/Dockerfile
index 78da39bec..4eb36638a 100644
--- a/data/Dockerfiles/sogo/Dockerfile
+++ b/data/Dockerfiles/sogo/Dockerfile
@@ -48,6 +48,7 @@ COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
 COPY syslog-ng-redis_slave.conf /etc/syslog-ng/syslog-ng-redis_slave.conf
 COPY supervisord.conf /etc/supervisor/supervisord.conf
 COPY acl.diff /acl.diff
+COPY navMailcowBtns.diff /navMailcowBtns.diff
 COPY stop-supervisor.sh /usr/local/sbin/stop-supervisor.sh
 COPY docker-entrypoint.sh /
 
diff --git a/data/Dockerfiles/sogo/bootstrap-sogo.sh b/data/Dockerfiles/sogo/bootstrap-sogo.sh
index 11b077cfd..566d812fc 100755
--- a/data/Dockerfiles/sogo/bootstrap-sogo.sh
+++ b/data/Dockerfiles/sogo/bootstrap-sogo.sh
@@ -136,6 +136,10 @@ chmod 600 /var/lib/sogo/GNUstep/Defaults/sogod.plist
 #  fi
 #fi
 
+if patch -R -sfN --dry-run /usr/lib/GNUstep/SOGo/Templates/UIxTopnavToolbar.wox < /navMailcowBtns.diff > /dev/null; then
+  patch -R /usr/lib/GNUstep/SOGo/Templates/UIxTopnavToolbar.wox < /navMailcowBtns.diff;
+fi
+
 # Copy logo, if any
 [[ -f /etc/sogo/sogo-full.svg ]] && cp /etc/sogo/sogo-full.svg /usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-full.svg
 
diff --git a/data/Dockerfiles/sogo/navMailcowBtns.diff b/data/Dockerfiles/sogo/navMailcowBtns.diff
new file mode 100644
index 000000000..1b469aa60
--- /dev/null
+++ b/data/Dockerfiles/sogo/navMailcowBtns.diff
@@ -0,0 +1,20 @@
+59,65d58
+<                ng-show="::!activeUser.isSuperUser"
+<                var:ng-click="navButtonClick"
+<                ng-href="/user">
+<       <md-icon>build</md-icon>
+<       <md-tooltip><var:string label:value="mailcow"/></md-tooltip>
+<     </md-button>
+<     <md-button class="md-icon-button"
+83c76
+<                onclick="document.getElementById('mc_logout').setAttribute('action', '/'); document.getElementById('mc_logout').submit();"
+---
+>                ng-show="::activeUser.path.logoff.length"
+85c78
+<                ng-href="#">
+---
+>                ng-href="{{::activeUser.path.logoff}}">
+89,91d81
+<     <form method="POST" id="mc_logout" action="user">
+<       <input type="hidden" name="logout" value="1">
+<     </form>
diff --git a/data/conf/sogo/custom-sogo.js b/data/conf/sogo/custom-sogo.js
index 1070efa40..e1f27e8ff 100644
--- a/data/conf/sogo/custom-sogo.js
+++ b/data/conf/sogo/custom-sogo.js
@@ -4,48 +4,6 @@ document.addEventListener('DOMContentLoaded', function () {
     if (loginForm) {
         window.location.href = '/user';
     }
-
-    angularReady = false;
-    function observe() {
-        angularReady = toolbarExists();
-        if (angularReady && !mcElementsExists()) addMCElements();
-
-        const observer = new MutationObserver(function(mutations) {
-            if (!angularReady) {
-                mutations.forEach(function(mutation) {
-                    if (mutation.addedNodes.length > 0) angularReady = toolbarExists();
-                });
-            } else if (angularReady && !mcElementsExists()) {
-                addMCElements();
-            }
-        });
-
-        const targetNode = document.body;
-        const config = { childList: true, subtree: true };
-        observer.observe(targetNode, config);
-    }
-    function toolbarExists() {
-        const toolbarElement = document.body.querySelector('md-toolbar');
-        if (toolbarElement)
-            return true;
-        else
-            return false;
-    }
-    function mcElementsExists() {
-        if (document.getElementById("mc_backlink"))
-            return true;
-        else
-            return false;
-    }
-    function addMCElements() {
-        const toolbarElement = document.body.querySelector('.md-toolbar-tools.sg-toolbar-group-last.layout-align-end-center.layout-row');
-        var htmlCode = '<a id="mc_backlink" class="md-icon-button md-button md-ink-ripple" aria-label="mailcow" href="/user" aria-hidden="false" tabindex="-1">' +
-            '<md-icon class="material-icons" role="img" aria-label="build">build</md-icon>' +
-            '</a>';
-        toolbarElement.insertAdjacentHTML('beforeend', htmlCode);
-    }
-
-    observe();
 });
 
 // Custom SOGo JS
diff --git a/docker-compose.yml b/docker-compose.yml
index 9218b3960..aaa8a3a03 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -198,7 +198,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:nightly-20241205
+      image: mailcow/sogo:nightly-20250115
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}

From 31e001ebee861c227cf24df9a14ca00871426816 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 16 Jan 2025 11:37:15 +0100
Subject: [PATCH 430/755] flatcurve: change default amount of processes to 1

---
 generate_config.sh | 2 +-
 update.sh          | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/generate_config.sh b/generate_config.sh
index 6e66c9197..3044ab8d7 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -394,7 +394,7 @@ FTS_HEAP=128
 # Too many indexing processes can use a lot of CPU and Disk I/O.
 # Please visit: https://doc.dovecot.org/configuration_manual/service_configuration/#indexer-worker for more informations
 
-FTS_PROCS=5
+FTS_PROCS=1
 
 # Allow admins to log into SOGo as email user (without any password)
 
diff --git a/update.sh b/update.sh
index 6d9f8dd7e..1d0bfe8b6 100755
--- a/update.sh
+++ b/update.sh
@@ -466,7 +466,7 @@ adapt_new_options() {
         echo '# Dovecot Indexing (FTS) Process maximum heap size in MB, there is no recommendation, please see Dovecot docs.' >> mailcow.conf
         echo '# Flatcurve is used as FTS Engine. It is supposed to be pretty efficient in CPU and RAM consumption.' >> mailcow.conf
         echo '# Please always monitor your Resource consumption!' >> mailcow.conf
-        echo "FTS_HEAP=1024" >> mailcow.conf
+        echo "FTS_HEAP=128" >> mailcow.conf
       fi
     elif [[ ${option} == "SKIP_FTS" ]]; then
       if ! grep -q ${option} mailcow.conf; then
@@ -481,7 +481,7 @@ adapt_new_options() {
         echo '# Controls how many processes the Dovecot indexing process can spawn at max.' >> mailcow.conf
         echo '# Too many indexing processes can use a lot of CPU and Disk I/O' >> mailcow.conf
         echo '# Please visit: https://doc.dovecot.org/configuration_manual/service_configuration/#indexer-worker for more informations' >> mailcow.conf
-        echo "FTS_PROCS=2" >> mailcow.conf
+        echo "FTS_PROCS=1" >> mailcow.conf
       fi
     elif [[ ${option} == "ENABLE_SSL_SNI" ]]; then
       if ! grep -q ${option} mailcow.conf; then

From 08599c1960e663b211f82c5ef23240e118b91851 Mon Sep 17 00:00:00 2001
From: gwelch-contegix <111144057+gwelch-contegix@users.noreply.github.com>
Date: Mon, 20 Jan 2025 05:09:31 -0800
Subject: [PATCH 431/755] Fix community support url (#6245)

---
 .github/ISSUE_TEMPLATE/config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index 5c422bb47..9d1990ffe 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,7 +1,7 @@
 blank_issues_enabled: false
 contact_links:
   - name: ❓ Community-driven support (Free)
-    url: https://docs.mailcow.email/#get-support
+    url: https://docs.mailcow.email/#community-support-and-chat
     about: Please use the community forum for questions or assistance
   - name: 🔥 Premium Support (Paid)
     url: https://www.servercow.de/mailcow?lang=en#support

From 36db68677ca41f68f7117f8d1c6abf53af5adcbe Mon Sep 17 00:00:00 2001
From: Alyx <alyx@lyratris.com>
Date: Mon, 20 Jan 2025 13:10:29 +0000
Subject: [PATCH 432/755] Reduce sa rules download retry limit to 5 (#6225)

Reduces the retry limit for the sa rules download to a more reasonable 5 retries to prevent running in a timeout condition.
---
 data/Dockerfiles/dovecot/sa-rules.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/dovecot/sa-rules.sh b/data/Dockerfiles/dovecot/sa-rules.sh
index 2a513805a..e948d438c 100755
--- a/data/Dockerfiles/dovecot/sa-rules.sh
+++ b/data/Dockerfiles/dovecot/sa-rules.sh
@@ -11,7 +11,7 @@ else
 fi
 
 # Deploy
-if curl --connect-timeout 15 --retry 10 --max-time 30 https://www.spamassassin.heinlein-support.de/$(dig txt 1.4.3.spamassassin.heinlein-support.de +short | tr -d '"' | tr -dc '0-9').tar.gz --output /tmp/sa-rules-heinlein.tar.gz; then
+if curl --connect-timeout 15 --retry 5 --max-time 30 https://www.spamassassin.heinlein-support.de/$(dig txt 1.4.3.spamassassin.heinlein-support.de +short | tr -d '"' | tr -dc '0-9').tar.gz --output /tmp/sa-rules-heinlein.tar.gz; then
   if gzip -t /tmp/sa-rules-heinlein.tar.gz; then
     tar xfvz /tmp/sa-rules-heinlein.tar.gz -C /tmp/sa-rules-heinlein
     cat /tmp/sa-rules-heinlein/*cf > /etc/rspamd/custom/sa-rules

From 746915cbddbeac7ca5feac492749448882efc1b8 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Mon, 20 Jan 2025 14:21:15 +0100
Subject: [PATCH 433/755] fts: change autoindex to occur on mailboxes of
 receiving 20 or more mails daily

---
 data/conf/dovecot/conf.d/fts.conf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/data/conf/dovecot/conf.d/fts.conf b/data/conf/dovecot/conf.d/fts.conf
index acc6f1243..1ad5201f7 100644
--- a/data/conf/dovecot/conf.d/fts.conf
+++ b/data/conf/dovecot/conf.d/fts.conf
@@ -3,6 +3,8 @@ plugin {
     fts_autoindex = yes
     fts_autoindex_exclude = \Junk
     fts_autoindex_exclude2 = \Trash
+    # Tweak this setting if you only want to ensure big and frequent folders are indexed, not all.
+    fts_autoindex_max_recent_msgs = 20
     fts = flatcurve
 
     # Maximum term length can be set via the 'maxlen' argument (maxlen is
@@ -26,7 +28,7 @@ plugin {
 
 service indexer-worker {
   # Max amount of simultaniously running indexer jobs.
-  process_limit=5
+  process_limit=1
 
   # Max amount of RAM used by EACH indexer process.
   vsz_limit=128 MB

From 4708b1398b7955e2525b17c1a72844c50b29a0e0 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Mon, 20 Jan 2025 15:41:48 +0100
Subject: [PATCH 434/755] update.sh: fix mailcow fts update versioning

---
 update.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/update.sh b/update.sh
index 1d0bfe8b6..715ab3fee 100755
--- a/update.sh
+++ b/update.sh
@@ -676,7 +676,7 @@ migrate_solr_config_options() {
 
   solr_volume=$(docker volume ls -qf name=^${COMPOSE_PROJECT_NAME}_solr-vol-1)
   if [[ -n $solr_volume ]]; then
-    echo -e "\e[34mSolr has been replaced within mailcow since 2024-12.\e[0m"
+    echo -e "\e[34mSolr has been replaced within mailcow since 2025-01.\e[0m"
     sleep 1
     echo -e "\e[34mTherefore the volume $solr_volume is unused.\e[0m"
     sleep 1
@@ -697,7 +697,7 @@ migrate_solr_config_options() {
   fi
 
   # Delete old fts.conf before forced switch to flatcurve to ensure update is working properly
-  FTS_CONF_PATH="data/conf/dovecot/conf.d/fts.conf"
+  FTS_CONF_PATH="${SCRIPT_DIR}/data/conf/dovecot/conf.d/fts.conf"
   if [[ -f "$FTS_CONF_PATH" ]]; then
     if grep -q "Autogenerated by mailcow" "$FTS_CONF_PATH"; then
       rm -rf $FTS_CONF_PATH

From ee7a8624fcefed734da76bd73185ab50f7f8a5b8 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 21 Jan 2025 06:38:13 +0100
Subject: [PATCH 435/755] chore(deps): update actions/stale action to v9.1.0
 (#6247)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/close_old_issues_and_prs.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/close_old_issues_and_prs.yml b/.github/workflows/close_old_issues_and_prs.yml
index 391de66d5..af5fd807d 100644
--- a/.github/workflows/close_old_issues_and_prs.yml
+++ b/.github/workflows/close_old_issues_and_prs.yml
@@ -14,7 +14,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Mark/Close Stale Issues and Pull Requests 🗑️
-        uses: actions/stale@v9.0.0
+        uses: actions/stale@v9.1.0
         with:
           repo-token: ${{ secrets.STALE_ACTION_PAT }}
           days-before-stale: 60

From 7bcd61ecb553aadc69efa517802ef581d054a261 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 22 Jan 2025 14:30:47 +0100
Subject: [PATCH 436/755] [Nginx] Generate includes for custom configs

---
 data/Dockerfiles/nginx/bootstrap.py           | 29 +++++++++++++++----
 data/conf/nginx/{ => templates}/nginx.conf.j2 | 10 +++++--
 .../{ => templates}/sites-default.conf.j2     |  0
 docker-compose.yml                            |  3 +-
 4 files changed, 34 insertions(+), 8 deletions(-)
 rename data/conf/nginx/{ => templates}/nginx.conf.j2 (96%)
 rename data/conf/nginx/{ => templates}/sites-default.conf.j2 (100%)

diff --git a/data/Dockerfiles/nginx/bootstrap.py b/data/Dockerfiles/nginx/bootstrap.py
index d47e6318a..de7824334 100644
--- a/data/Dockerfiles/nginx/bootstrap.py
+++ b/data/Dockerfiles/nginx/bootstrap.py
@@ -2,6 +2,27 @@ import os
 import subprocess
 from jinja2 import Environment, FileSystemLoader
 
+def includes_conf(env, template_vars):
+  server_name = "server_name.active"
+  listen_plain = "listen_plain.active"
+  listen_ssl = "listen_ssl.active"
+
+  server_name_config = f"server_name {template_vars['MAILCOW_HOSTNAME']} autodiscover.* autoconfig.* {template_vars['ADDITIONAL_SERVER_NAMES']};"
+  listen_plain_config = f"listen {template_vars['HTTP_PORT']};"
+  listen_ssl_config = f"listen {template_vars['HTTPS_PORT']};"
+  if not template_vars['DISABLE_IPv6']:
+    listen_plain_config += f"\nlisten [::]:{template_vars['HTTP_PORT']};"
+    listen_ssl_config += f"\nlisten [::]:{template_vars['HTTPS_PORT']} ssl;"
+  listen_ssl_config += "\nhttp2 on;"
+
+  with open(f"/etc/nginx/conf.d/{server_name}", "w") as f:
+    f.write(server_name_config)
+
+  with open(f"/etc/nginx/conf.d/{listen_plain}", "w") as f:
+    f.write(listen_plain_config)
+
+  with open(f"/etc/nginx/conf.d/{listen_ssl}", "w") as f:
+    f.write(listen_ssl_config)
 
 def sites_default_conf(env, template_vars):
   config_name = "sites-default.conf"
@@ -34,6 +55,7 @@ def prepare_template_vars():
     'SOGOHOST': os.getenv("SOGOHOST", ipv4_network + ".248"),
     'RSPAMDHOST': os.getenv("RSPAMDHOST", "rspamd-mailcow"),
     'PHPFPMHOST': os.getenv("PHPFPMHOST", "php-fpm-mailcow"),
+    'DISABLE_IPv6': os.getenv("DISABLE_IPv6", "n").lower() in ("y", "yes"),
   }
 
   ssl_dir = '/etc/ssl/mail/'
@@ -60,17 +82,14 @@ def prepare_template_vars():
   return template_vars
 
 def main():
-  env = Environment(loader=FileSystemLoader('./etc/nginx/conf.d'))
+  env = Environment(loader=FileSystemLoader('./etc/nginx/conf.d/templates'))
 
   # Render config
   print("Render config")
   template_vars = prepare_template_vars()
   sites_default_conf(env, template_vars)
   nginx_conf(env, template_vars)
-
-  # Validate config
-  print("Validate config")
-  subprocess.run(["nginx", "-qt"])
+  includes_conf(env, template_vars)
 
 
 if __name__ == "__main__":
diff --git a/data/conf/nginx/nginx.conf.j2 b/data/conf/nginx/templates/nginx.conf.j2
similarity index 96%
rename from data/conf/nginx/nginx.conf.j2
rename to data/conf/nginx/templates/nginx.conf.j2
index 13444129f..1e5481d93 100644
--- a/data/conf/nginx/nginx.conf.j2
+++ b/data/conf/nginx/templates/nginx.conf.j2
@@ -27,6 +27,8 @@ http {
 
     #gzip  on;
 
+    include /etc/nginx/conf.d/*.conf;
+
     # map-size.conf:
     map_hash_max_size 256;
     map_hash_bucket_size 256;
@@ -45,9 +47,11 @@ http {
     server {
         listen 127.0.0.1:65510; # sogo-auth verify internal
         listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
-        listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
         listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
+        {% if not DISABLE_IPv6 %}
+        listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
         listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
+        {%endif%}
         http2 on;
 
         ssl_certificate /etc/ssl/mail/cert.pem;
@@ -103,9 +107,11 @@ http {
     {% for cert in valid_cert_dirs %}
     server {
         listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
-        listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
         listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
+        {% if not DISABLE_IPv6 %}
+        listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
         listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
+        {%endif%}
         http2 on;
 
         ssl_certificate {{ cert.cert_path }}cert.pem;
diff --git a/data/conf/nginx/sites-default.conf.j2 b/data/conf/nginx/templates/sites-default.conf.j2
similarity index 100%
rename from data/conf/nginx/sites-default.conf.j2
rename to data/conf/nginx/templates/sites-default.conf.j2
diff --git a/docker-compose.yml b/docker-compose.yml
index fc2ad58ca..cd85304b4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -372,7 +372,7 @@ services:
         - php-fpm-mailcow
         - sogo-mailcow
         - rspamd-mailcow
-      image: mailcow/nginx:1.00
+      image: mailcow/nginx:1.01
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:
@@ -383,6 +383,7 @@ services:
         - TZ=${TZ}
         - SKIP_SOGO=${SKIP_SOGO:-n}
         - SKIP_RSPAMD=${SKIP_RSPAMD:-n}
+        - DISABLE_IPv6=${DISABLE_IPv6:-n}
         - PHPFPMHOST=${PHPFPMHOST:-}
         - SOGOHOST=${SOGOHOST:-}
         - RSPAMDHOST=${RSPAMDHOST:-}

From 1fca328266eb980da6ca8376db51c9ea201d59c6 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 22 Jan 2025 15:11:46 +0100
Subject: [PATCH 437/755] [Nginx] Disable IPv6 listener for Rspamd dynmaps when
 DISABLE_IPv6=y

---
 data/conf/nginx/templates/nginx.conf.j2 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/data/conf/nginx/templates/nginx.conf.j2 b/data/conf/nginx/templates/nginx.conf.j2
index 1e5481d93..a6f32ebb7 100644
--- a/data/conf/nginx/templates/nginx.conf.j2
+++ b/data/conf/nginx/templates/nginx.conf.j2
@@ -65,7 +65,9 @@ http {
     # rspamd dynmaps:
     server {
         listen 8081;
+        {% if not DISABLE_IPv6 %}
         listen [::]:8081;
+        {%endif%}
         index index.php index.html;
         server_name _;
         error_log  /var/log/nginx/error.log;

From a30f6696a39d371424300e22182317a0317575b7 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 23 Jan 2025 08:30:48 +0100
Subject: [PATCH 438/755] update.sh: fixed --force for solr-removal + code
 optimization

---
 update.sh | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/update.sh b/update.sh
index 715ab3fee..94c1a8423 100755
--- a/update.sh
+++ b/update.sh
@@ -676,23 +676,21 @@ migrate_solr_config_options() {
 
   solr_volume=$(docker volume ls -qf name=^${COMPOSE_PROJECT_NAME}_solr-vol-1)
   if [[ -n $solr_volume ]]; then
-    echo -e "\e[34mSolr has been replaced within mailcow since 2025-01.\e[0m"
+    echo -e "\e[34mSolr has been replaced within mailcow since 2025-01.\nThe volume $solr_volume is unused.\e[0m"
     sleep 1
-    echo -e "\e[34mTherefore the volume $solr_volume is unused.\e[0m"
-    sleep 1
-    read -r -p "Would you like to remove the $solr_volume? " response
-    if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-      echo -e "\e[33mRemoving $solr_volume...\e[0m"
-      docker volume rm $solr_volume
-      if [[ $? != 0 ]]; then
-        echo -e "\e[31mCould not remove the volume... Please remove it manually!\e[0m"
+    if [ ! "$FORCE" ]; then
+      read -r -p "Remove $solr_volume? [y/N] " response
+      if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+        echo -e "\e[33mRemoving $solr_volume...\e[0m"
+        docker volume rm $solr_volume || echo -e "\e[31mFailed to remove. Remove it manually!\e[0m" && exit
+        echo -e "\e[32mSuccessfully removed $solr_volume!\e[0m"
       else
-        echo -e "\e[32mSucessfully removed $solr_volume!\e[0m"
+        echo -e "Not removing $solr_volume. Run \`docker volume rm $solr_volume\` manually if needed."
       fi
     else
-      echo "Ok! Not removing $solr_volume then."
-      echo "Once you decided on removing the volume simply run docker volume rm $solr_volume to remove it manually."
-      echo "This can be done anytime. mailcow does not use this volume anymore."
+      echo -e "\e[33mForce removing $solr_volume...\e[0m"
+      docker volume rm $solr_volume || echo -e "\e[31mFailed to remove. Remove it manually!\e[0m" && exit
+      echo -e "\e[32mSuccessfully removed $solr_volume!\e[0m"
     fi
   fi
 

From 5a04942d89b220da3f1e5f5d1c5f318fca19d2f1 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 23 Jan 2025 08:38:14 +0100
Subject: [PATCH 439/755] update.sh: changed SKIP_FTS default to y instead n
 for updates

---
 update.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/update.sh b/update.sh
index 94c1a8423..128abfda7 100755
--- a/update.sh
+++ b/update.sh
@@ -473,7 +473,7 @@ adapt_new_options() {
         echo "Adding new option \"${option}\" to mailcow.conf"
         echo '# Skip FTS (Fulltext Search) for Dovecot on low-memory systems or if you simply want to disable it.' >> mailcow.conf
         echo "# Dovecot inside mailcow use Flatcurve as FTS Backend." >> mailcow.conf
-        echo "SKIP_FTS=n" >> mailcow.conf
+        echo "SKIP_FTS=y" >> mailcow.conf
       fi
     elif [[ ${option} == "FTS_PROCS" ]]; then
       if ! grep -q ${option} mailcow.conf; then

From 1dac8f1f66ad1767bf7cb5c64f4a95a2af94f2c8 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 23 Jan 2025 08:42:22 +0100
Subject: [PATCH 440/755] scripts: changed SKIP_FTS text to warn on lower
 threaded systems

---
 generate_config.sh | 2 +-
 update.sh          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/generate_config.sh b/generate_config.sh
index 3044ab8d7..8f03e3899 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -379,7 +379,7 @@ SKIP_CLAMD=${SKIP_CLAMD}
 
 SKIP_SOGO=n
 
-# Skip FTS (Fulltext Search) for Dovecot on low-memory systems or if you simply want to disable it.
+# Skip FTS (Fulltext Search) for Dovecot on low-memory, low-threaded systems or if you simply want to disable it.
 # Dovecot inside mailcow use Flatcurve as FTS Backend.
 
 SKIP_FTS=n
diff --git a/update.sh b/update.sh
index 128abfda7..268fe7326 100755
--- a/update.sh
+++ b/update.sh
@@ -471,7 +471,7 @@ adapt_new_options() {
     elif [[ ${option} == "SKIP_FTS" ]]; then
       if ! grep -q ${option} mailcow.conf; then
         echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Skip FTS (Fulltext Search) for Dovecot on low-memory systems or if you simply want to disable it.' >> mailcow.conf
+        echo '# Skip FTS (Fulltext Search) for Dovecot on low-memory, low-threaded systems or if you simply want to disable it.' >> mailcow.conf
         echo "# Dovecot inside mailcow use Flatcurve as FTS Backend." >> mailcow.conf
         echo "SKIP_FTS=y" >> mailcow.conf
       fi

From 5f45f8ae34cf5fde56be4627a159e2c853fe346b Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 23 Jan 2025 09:18:45 +0100
Subject: [PATCH 441/755] [Web] Fix mailbox datatable search

---
 data/web/json_api.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/json_api.php b/data/web/json_api.php
index 92644ffc5..14e7c47d3 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -1079,7 +1079,7 @@ if (isset($_GET['query'])) {
                   ['db' => 'last_pw_change', 'dt' => 5, 'dummy' => true, 'order_subquery' => "JSON_EXTRACT(attributes, '$.passwd_update')"],
                   ['db' => 'in_use', 'dt' => 6, 'dummy' => true, 'order_subquery' => "(SELECT SUM(bytes) FROM `quota2` WHERE `quota2`.`username` = `m`.`username`) / `m`.`quota`"],
                   ['db' => 'name', 'dt' => 7],
-                  ['db' => 'messages', 'dt' => 17, 'dummy' => true, 'order_subquery' => "SELECT SUM(messages) FROM `quota2` WHERE `quota2`.`username` = `m`.`username`"],
+                  ['db' => 'messages', 'dt' => 18, 'dummy' => true, 'order_subquery' => "SELECT SUM(messages) FROM `quota2` WHERE `quota2`.`username` = `m`.`username`"],
                   ['db' => 'tags', 'dt' => 20, 'dummy' => true, 'search' => ['join' => 'LEFT JOIN `tags_mailbox` AS `tm` ON `tm`.`username` = `m`.`username`', 'where_column' => '`tm`.`tag_name`']],
                   ['db' => 'active', 'dt' => 21],
                 ];

From d83111568eb98926d905aeb1667d70a1f2bfc4a3 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 23 Jan 2025 11:30:05 +0100
Subject: [PATCH 442/755] update.sh: remove accidentally added exit at end of
 solr volume removal

---
 update.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/update.sh b/update.sh
index 268fe7326..4240dad37 100755
--- a/update.sh
+++ b/update.sh
@@ -682,14 +682,14 @@ migrate_solr_config_options() {
       read -r -p "Remove $solr_volume? [y/N] " response
       if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
         echo -e "\e[33mRemoving $solr_volume...\e[0m"
-        docker volume rm $solr_volume || echo -e "\e[31mFailed to remove. Remove it manually!\e[0m" && exit
+        docker volume rm $solr_volume || echo -e "\e[31mFailed to remove. Remove it manually!\e[0m"
         echo -e "\e[32mSuccessfully removed $solr_volume!\e[0m"
       else
         echo -e "Not removing $solr_volume. Run \`docker volume rm $solr_volume\` manually if needed."
       fi
     else
       echo -e "\e[33mForce removing $solr_volume...\e[0m"
-      docker volume rm $solr_volume || echo -e "\e[31mFailed to remove. Remove it manually!\e[0m" && exit
+      docker volume rm $solr_volume || echo -e "\e[31mFailed to remove. Remove it manually!\e[0m"
       echo -e "\e[32mSuccessfully removed $solr_volume!\e[0m"
     fi
   fi

From 43f945fe018f8b1f28bda343de72673e4776bd0a Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 23 Jan 2025 11:51:41 +0100
Subject: [PATCH 443/755] dovecot: fix index timeout seconds

---
 data/conf/dovecot/conf.d/fts.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/conf/dovecot/conf.d/fts.conf b/data/conf/dovecot/conf.d/fts.conf
index 1ad5201f7..e8a2f73f5 100644
--- a/data/conf/dovecot/conf.d/fts.conf
+++ b/data/conf/dovecot/conf.d/fts.conf
@@ -21,7 +21,7 @@ plugin {
     fts_filters = normalizer-icu snowball stopwords
     fts_filters_en = lowercase snowball english-possessive stopwords
 
-    fts_index_timeout = 300
+    fts_index_timeout = 300s
 }
 
 ### THIS PART WILL BE CHANGED BY MODIFYING mailcow.conf AUTOMATICALLY DURING RUNTIME! ###

From da02e261729a51f3a10b42daf717133b4d1fbb74 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 23 Jan 2025 11:59:01 +0100
Subject: [PATCH 444/755] [Web] Delete old session_id after regenerate

---
 data/web/inc/triggers.inc.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/data/web/inc/triggers.inc.php b/data/web/inc/triggers.inc.php
index a49ba78c8..5dbd44ab5 100644
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -4,7 +4,7 @@ if (!empty($_GET['sso_token'])) {
   $username = domain_admin_sso('check', $_GET['sso_token']);
 
   if ($username !== false) {
-    session_regenerate_id();
+    session_regenerate_id(true);
     $_SESSION['mailcow_cc_username'] = $username;
     $_SESSION['mailcow_cc_role'] = 'domainadmin';
     header('Location: /mailbox');
@@ -88,21 +88,21 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
 	$as = check_login($login_user, $_POST["pass_user"]);
 
 	if ($as == "admin") {
-    session_regenerate_id();
+    session_regenerate_id(true);
 		$_SESSION['mailcow_cc_username'] = $login_user;
 		$_SESSION['mailcow_cc_role'] = "admin";
 		header("Location: /debug");
     die();
 	}
 	elseif ($as == "domainadmin") {
-    session_regenerate_id();
+    session_regenerate_id(true);
 		$_SESSION['mailcow_cc_username'] = $login_user;
 		$_SESSION['mailcow_cc_role'] = "domainadmin";
 		header("Location: /mailbox");
     die();
 	}
 	elseif ($as == "user") {
-    session_regenerate_id();
+    session_regenerate_id(true);
 		$_SESSION['mailcow_cc_username'] = $login_user;
 		$_SESSION['mailcow_cc_role'] = "user";
     $http_parameters = explode('&', $_SESSION['index_query_string']);
@@ -127,7 +127,7 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
 		unset($_SESSION['mailcow_cc_username']);
 		unset($_SESSION['mailcow_cc_role']);
 	} else {
-    session_regenerate_id();
+    session_regenerate_id(true);
   }
 }
 

From 04058ab06e3ae586b37d88016464d0ab3fba012f Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 23 Jan 2025 14:54:28 +0100
Subject: [PATCH 445/755] [Nginx] move conf.d include to end of nginx.conf

---
 data/conf/nginx/templates/nginx.conf.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/conf/nginx/templates/nginx.conf.j2 b/data/conf/nginx/templates/nginx.conf.j2
index a6f32ebb7..bcb4612bc 100644
--- a/data/conf/nginx/templates/nginx.conf.j2
+++ b/data/conf/nginx/templates/nginx.conf.j2
@@ -27,8 +27,6 @@ http {
 
     #gzip  on;
 
-    include /etc/nginx/conf.d/*.conf;
-
     # map-size.conf:
     map_hash_max_size 256;
     map_hash_bucket_size 256;
@@ -124,4 +122,6 @@ http {
         include /etc/nginx/includes/sites-default.conf;
     }
     {% endfor %}
+
+    include /etc/nginx/conf.d/*.conf;
 }

From 04116982a5035f040969f38edc8297d33518265e Mon Sep 17 00:00:00 2001
From: Michael Kuron <1748330+mkuron@users.noreply.github.com>
Date: Thu, 23 Jan 2025 22:16:54 +0100
Subject: [PATCH 446/755] Remove discontinued Nixspam DNSBL

---
 data/Dockerfiles/postfix/postfix.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/data/Dockerfiles/postfix/postfix.sh b/data/Dockerfiles/postfix/postfix.sh
index 8ffb76f6a..da0b93769 100755
--- a/data/Dockerfiles/postfix/postfix.sh
+++ b/data/Dockerfiles/postfix/postfix.sh
@@ -403,7 +403,6 @@ postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
   list.dnswl.org=127.0.[0..255].1*-4
   list.dnswl.org=127.0.[0..255].2*-6
   list.dnswl.org=127.0.[0..255].3*-8
-  ix.dnsbl.manitu.net*2
   bl.spamcop.net*2
   bl.suomispam.net*2
   hostkarma.junkemailfilter.com=127.0.0.2*3

From de6bd222fcce86b9cd27c3364543c3983be71696 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 24 Jan 2025 09:25:19 +0100
Subject: [PATCH 447/755] [Web] increase db_version

---
 data/web/inc/init_db.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index b1459136d..3c6721090 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -4,7 +4,7 @@ function init_db_schema()
   try {
     global $pdo;
 
-    $db_version = "20112024_1105";
+    $db_version = "24012025_0923";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));

From 45d14254f292c498a23eaca7c9f6e02a9de26834 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 24 Jan 2025 10:06:50 +0100
Subject: [PATCH 448/755] [Postfix] Remove discontinued Nixspam DNSBL from
 existing dns_blocklists.cf

---
 data/Dockerfiles/postfix/postfix.sh | 5 ++++-
 docker-compose.yml                  | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/postfix/postfix.sh b/data/Dockerfiles/postfix/postfix.sh
index da0b93769..2960444cb 100755
--- a/data/Dockerfiles/postfix/postfix.sh
+++ b/data/Dockerfiles/postfix/postfix.sh
@@ -395,7 +395,7 @@ EOF
 
 if [ ! -f /opt/postfix/conf/dns_blocklists.cf ]; then
   cat <<EOF > /opt/postfix/conf/dns_blocklists.cf
-# This file can be edited. 
+# This file can be edited.
 # Delete this file and restart postfix container to revert any changes.
 postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
   hostkarma.junkemailfilter.com=127.0.0.1*-2
@@ -418,6 +418,9 @@ EOF
 fi
 DNSBL_CONFIG=$(grep -v '^#' /opt/postfix/conf/dns_blocklists.cf | grep '\S')
 
+# Remove discontinued Nixspam DNSBL from existing dns_blocklists.cf
+sed -i '/ix\.dnsbl\.manitu\.net\*2/d' /opt/postfix/conf/dns_blocklists.cf
+
 if [ ! -z "$DNSBL_CONFIG" ]; then
   echo -e "\e[33mChecking if ASN for your IP is listed for Spamhaus Bad ASN List...\e[0m"
   if [ -n "$SPAMHAUS_DQS_KEY" ]; then
diff --git a/docker-compose.yml b/docker-compose.yml
index cd85304b4..a11e02d1a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -316,7 +316,7 @@ services:
             - dovecot
 
     postfix-mailcow:
-      image: mailcow/postfix:1.78
+      image: mailcow/postfix:1.79
       depends_on:
         mysql-mailcow:
           condition: service_started

From aca01c8aa2607777205226a86be29df338eb51d9 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 27 Jan 2025 15:59:50 +0100
Subject: [PATCH 449/755] [Web] Separate Login pages

---
 data/web/{debug.php => admin/dashboard.php}   |  17 +-
 data/web/admin/index.php                      |  29 ++
 data/web/{ => admin}/mailbox.php              |  16 +-
 data/web/{ => admin}/queue.php                |  15 +-
 data/web/{admin.php => admin/system.php}      |  13 +-
 data/web/css/site/admin.css                   |   3 -
 data/web/domainadmin/index.php                |  28 ++
 data/web/domainadmin/mailbox.php              |  58 ++++
 data/web/domainadmin/user.php                 |  44 +++
 data/web/inc/functions.inc.php                |   1 +
 data/web/inc/init_db.inc.php                  |   2 +-
 data/web/inc/prerequisites.inc.php            |   2 +-
 data/web/inc/sessions.inc.php                 |  19 +-
 data/web/inc/triggers.admin.inc.php           |  93 +++++++
 data/web/inc/triggers.domainadmin.inc.php     |  62 +++++
 data/web/inc/triggers.global.inc.php          |  48 ++++
 data/web/inc/triggers.inc.php                 | 263 ------------------
 data/web/inc/triggers.user.inc.php            | 132 +++++++++
 data/web/index.php                            |  19 +-
 data/web/js/site/{debug.js => dashboard.js}   |   0
 data/web/js/site/mailbox.js                   |   2 +-
 data/web/reset-password.php                   |   4 +-
 data/web/templates/admin_index.twig           |  91 ++++++
 data/web/templates/base.twig                  |  43 +--
 .../templates/{debug.twig => dashboard.twig}  |   4 +-
 data/web/templates/domainadmin_index.twig     |  91 ++++++
 data/web/templates/user/tab-user-auth.twig    |   4 +-
 .../templates/{index.twig => user_index.twig} |   0
 data/web/user.php                             |  33 +--
 29 files changed, 798 insertions(+), 338 deletions(-)
 rename data/web/{debug.php => admin/dashboard.php} (83%)
 create mode 100644 data/web/admin/index.php
 rename data/web/{ => admin}/mailbox.php (73%)
 rename data/web/{ => admin}/queue.php (55%)
 rename data/web/{admin.php => admin/system.php} (90%)
 create mode 100644 data/web/domainadmin/index.php
 create mode 100644 data/web/domainadmin/mailbox.php
 create mode 100644 data/web/domainadmin/user.php
 create mode 100644 data/web/inc/triggers.admin.inc.php
 create mode 100644 data/web/inc/triggers.domainadmin.inc.php
 create mode 100644 data/web/inc/triggers.global.inc.php
 delete mode 100644 data/web/inc/triggers.inc.php
 create mode 100644 data/web/inc/triggers.user.inc.php
 rename data/web/js/site/{debug.js => dashboard.js} (100%)
 create mode 100644 data/web/templates/admin_index.twig
 rename data/web/templates/{debug.twig => dashboard.twig} (99%)
 create mode 100644 data/web/templates/domainadmin_index.twig
 rename data/web/templates/{index.twig => user_index.twig} (100%)

diff --git a/data/web/debug.php b/data/web/admin/dashboard.php
similarity index 83%
rename from data/web/debug.php
rename to data/web/admin/dashboard.php
index 4a099cb6e..894b1c645 100644
--- a/data/web/debug.php
+++ b/data/web/admin/dashboard.php
@@ -1,8 +1,17 @@
 <?php
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.admin.inc.php';
 
-if (!isset($_SESSION['mailcow_cc_role']) || $_SESSION['mailcow_cc_role'] != "admin") {
-  header('Location: /');
+if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'domainadmin') {
+  header('Location: /domainadmin/mailbox');
+  exit();
+}
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
+  header('Location: /user');
+  exit();
+}
+elseif (!isset($_SESSION['mailcow_cc_role']) || $_SESSION['mailcow_cc_role'] != "admin") {
+  header('Location: /admin');
   exit();
 }
 
@@ -16,7 +25,7 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
   $_SESSION['gal'] = json_decode($license_cache, true);
 }
 
-$js_minifier->add('/web/js/site/debug.js');
+$js_minifier->add('/web/js/site/dashboard.js');
 
 // vmail df
 $exec_fields = array('cmd' => 'system', 'task' => 'df', 'dir' => '/var/vmail');
@@ -61,7 +70,7 @@ foreach ($containers_info as $container => $container_info) {
 $hostname = getenv('MAILCOW_HOSTNAME');
 $timezone = getenv('TZ');
 
-$template = 'debug.twig';
+$template = 'dashboard.twig';
 $template_data = [
   'log_lines' => getenv('LOG_LINES'),
   'vmail_df' => $vmail_df,
diff --git a/data/web/admin/index.php b/data/web/admin/index.php
new file mode 100644
index 000000000..05ba70337
--- /dev/null
+++ b/data/web/admin/index.php
@@ -0,0 +1,29 @@
+<?php
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.admin.inc.php';
+
+if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'admin') {
+  header('Location: /admin/dashboard');
+  exit();
+}
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'domainadmin') {
+  header('Location: /domainadmin/mailbox');
+  exit();
+}
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
+  header('Location: /user');
+  exit();
+}
+
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';
+$_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
+$_SESSION['index_query_string'] = $_SERVER['QUERY_STRING'];
+
+
+$template = 'admin_index.twig';
+$template_data = [
+  'login_delay' => @$_SESSION['ldelay']
+];
+
+$js_minifier->add('/web/js/site/index.js');
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/footer.inc.php';
diff --git a/data/web/mailbox.php b/data/web/admin/mailbox.php
similarity index 73%
rename from data/web/mailbox.php
rename to data/web/admin/mailbox.php
index a84e32c47..d0073bbd6 100644
--- a/data/web/mailbox.php
+++ b/data/web/admin/mailbox.php
@@ -1,10 +1,20 @@
 <?php
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.admin.inc.php';
 
-if (!isset($_SESSION['mailcow_cc_role']) || $_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {
-  header('Location: /');
+if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'domainadmin') {
+  header('Location: /domainadmin/mailbox');
   exit();
 }
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
+  header('Location: /user');
+  exit();
+}
+elseif (!isset($_SESSION['mailcow_cc_role']) || $_SESSION['mailcow_cc_role'] != "admin") {
+  header('Location: /admin');
+  exit();
+}
+
 require_once $_SERVER['DOCUMENT_ROOT'] .  '/inc/header.inc.php';
 $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
 
@@ -14,7 +24,7 @@ $js_minifier->add('/web/js/site/mailbox.js');
 $js_minifier->add('/web/js/presets/sieveMailbox.js');
 $js_minifier->add('/web/js/site/pwgen.js');
 
-$role = ($_SESSION['mailcow_cc_role'] == "admin") ? 'admin' : 'domainadmin';
+$role = "admin";
 $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? 'true' : 'false';
 $allow_admin_email_login = (preg_match("/^([yY][eE][sS]|[yY])+$/", $_ENV["ALLOW_ADMIN_EMAIL_LOGIN"])) ? 'true' : 'false';
 
diff --git a/data/web/queue.php b/data/web/admin/queue.php
similarity index 55%
rename from data/web/queue.php
rename to data/web/admin/queue.php
index ffce8d8b0..85ec59401 100644
--- a/data/web/queue.php
+++ b/data/web/admin/queue.php
@@ -1,8 +1,17 @@
 <?php
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.admin.inc.php';
 
-if (!isset($_SESSION['mailcow_cc_role']) || $_SESSION['mailcow_cc_role'] != "admin") {
-  header('Location: /');
+if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'domainadmin') {
+  header('Location: /domainadmin/mailbox');
+  exit();
+}
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
+  header('Location: /user');
+  exit();
+}
+elseif (!isset($_SESSION['mailcow_cc_role']) || $_SESSION['mailcow_cc_role'] != "admin") {
+  header('Location: /admin');
   exit();
 }
 
@@ -11,7 +20,7 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';
 $js_minifier->add('/web/js/site/queue.js');
 $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
 
-$role = ($_SESSION['mailcow_cc_role'] == "admin") ? 'admin' : 'domainadmin';
+$role = "admin";
 
 $template = 'queue.twig';
 $template_data = [
diff --git a/data/web/admin.php b/data/web/admin/system.php
similarity index 90%
rename from data/web/admin.php
rename to data/web/admin/system.php
index 5a8895dee..c21d43f0d 100644
--- a/data/web/admin.php
+++ b/data/web/admin/system.php
@@ -1,8 +1,17 @@
 <?php
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.admin.inc.php';
 
-if (!isset($_SESSION['mailcow_cc_role']) || $_SESSION['mailcow_cc_role'] != "admin") {
-  header('Location: /');
+if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'domainadmin') {
+  header('Location: /domainadmin/mailbox');
+  exit();
+}
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
+  header('Location: /user');
+  exit();
+}
+elseif (!isset($_SESSION['mailcow_cc_role']) || $_SESSION['mailcow_cc_role'] != "admin") {
+  header('Location: /admin');
   exit();
 }
 
diff --git a/data/web/css/site/admin.css b/data/web/css/site/admin.css
index e49046b00..b54148026 100644
--- a/data/web/css/site/admin.css
+++ b/data/web/css/site/admin.css
@@ -59,9 +59,6 @@ body.modal-open {
 .table-condensed > thead > tr > th, .table-condensed > tbody > tr > th, .table-condensed > tfoot > tr > th, .table-condensed > thead > tr > td, .table-condensed > tbody > tr > td, .table-condensed > tfoot > tr > td {
   padding: 3px;
 }
-table tbody tr {
-  cursor: pointer;
-}
 table tbody tr td input[type="checkbox"] {
   cursor: pointer;
 }
diff --git a/data/web/domainadmin/index.php b/data/web/domainadmin/index.php
new file mode 100644
index 000000000..2d909f97f
--- /dev/null
+++ b/data/web/domainadmin/index.php
@@ -0,0 +1,28 @@
+<?php
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.domainadmin.inc.php';
+
+if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'domainadmin') {
+  header('Location: /domainadmin/mailbox');
+  exit();
+}
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'admin') {
+  header('Location: /admin/dashboard');
+  exit();
+}
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
+  header('Location: /user');
+  exit();
+}
+
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';
+$_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
+$_SESSION['index_query_string'] = $_SERVER['QUERY_STRING'];
+
+$template = 'domainadmin_index.twig';
+$template_data = [
+  'login_delay' => @$_SESSION['ldelay'],
+];
+
+$js_minifier->add('/web/js/site/index.js');
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/footer.inc.php';
diff --git a/data/web/domainadmin/mailbox.php b/data/web/domainadmin/mailbox.php
new file mode 100644
index 000000000..bb2ef16f3
--- /dev/null
+++ b/data/web/domainadmin/mailbox.php
@@ -0,0 +1,58 @@
+<?php
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.domainadmin.inc.php';
+
+if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'admin') {
+  header('Location: /admin/dashboard');
+  exit();
+}
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
+  header('Location: /user');
+  exit();
+}
+elseif (!isset($_SESSION['mailcow_cc_role']) || $_SESSION['mailcow_cc_role'] != "domainadmin") {
+  header('Location: /domainadmin');
+  exit();
+}
+
+require_once $_SERVER['DOCUMENT_ROOT'] .  '/inc/header.inc.php';
+$_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
+
+
+
+$js_minifier->add('/web/js/site/mailbox.js');
+$js_minifier->add('/web/js/presets/sieveMailbox.js');
+$js_minifier->add('/web/js/site/pwgen.js');
+
+$role = "domainadmin";
+$is_dual = (!empty($_SESSION["dual-login"]["username"])) ? 'true' : 'false';
+$allow_admin_email_login = (preg_match("/^([yY][eE][sS]|[yY])+$/", $_ENV["ALLOW_ADMIN_EMAIL_LOGIN"])) ? 'true' : 'false';
+
+// domains
+$domains = mailbox('get', 'domains');
+
+// mailboxes
+$mailboxes = [];
+foreach ($domains as $domain) {
+  foreach (mailbox('get', 'mailboxes', $domain) as $mailbox) {
+    $mailboxes[] = $mailbox;
+  }
+}
+
+$template = 'mailbox.twig';
+$template_data = [
+  'acl' => $_SESSION['acl'],
+  'acl_json' => json_encode($_SESSION['acl']),
+  'role' => $role,
+  'is_dual' => $is_dual,
+  'allow_admin_email_login' => $allow_admin_email_login,
+  'global_filters' => mailbox('get', 'global_filter_details'),
+  'domains' => $domains,
+  'mailboxes' => $mailboxes,
+  'lang_mailbox' => json_encode($lang['mailbox']),
+  'lang_rl' => json_encode($lang['ratelimit']),
+  'lang_edit' => json_encode($lang['edit']),
+  'lang_datatables' => json_encode($lang['datatables']),
+];
+
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/footer.inc.php';
\ No newline at end of file
diff --git a/data/web/domainadmin/user.php b/data/web/domainadmin/user.php
new file mode 100644
index 000000000..7f1b392e0
--- /dev/null
+++ b/data/web/domainadmin/user.php
@@ -0,0 +1,44 @@
+<?php
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.domainadmin.inc.php';
+
+if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'domainadmin') {
+
+  /*
+  / DOMAIN ADMIN
+  */
+
+  require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';
+  $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
+  $tfa_data = get_tfa();
+  $fido2_data = fido2(array("action" => "get_friendly_names"));
+  $username = $_SESSION['mailcow_cc_username'];
+
+  $template = 'domainadmin.twig';
+  $template_data = [
+    'acl' => $_SESSION['acl'],
+    'acl_json' => json_encode($_SESSION['acl']),
+    'user_spam_score' => mailbox('get', 'spam_score', $username),
+    'tfa_data' => $tfa_data,
+    'fido2_data' => $fido2_data,
+    'lang_user' => json_encode($lang['user']),
+    'lang_datatables' => json_encode($lang['datatables']),
+  ];
+}
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'admin') {
+  header('Location: /admin/dashboard');
+  exit();
+}
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
+  header('Location: /user');
+  exit();
+}
+else {
+  header('Location: /domainadmin');
+  exit();
+}
+
+$js_minifier->add('/web/js/site/user.js');
+$js_minifier->add('/web/js/site/pwgen.js');
+
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/footer.inc.php';
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index ed41379f4..233624278 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -3101,6 +3101,7 @@ function clear_session(){
   session_write_close();
 }
 function set_user_loggedin_session($user) {
+  session_regenerate_id(true);
   $_SESSION['mailcow_cc_username'] = $user;
   $_SESSION['mailcow_cc_role'] = 'user';
   $sogo_sso_pass = file_get_contents("/etc/sogo-sso/sogo-sso.pass");
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 7fb619d44..156856c24 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "20112024_1105";
+    $db_version = "27012025_1555";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php
index 5738e7c0a..deb5da8fa 100644
--- a/data/web/inc/prerequisites.inc.php
+++ b/data/web/inc/prerequisites.inc.php
@@ -297,7 +297,7 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.rspamd.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.tls_policy_maps.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.transports.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/init_db.inc.php';
-require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.global.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/twig.inc.php';
 init_db_schema();
 if (isset($_SESSION['mailcow_cc_role'])) {
diff --git a/data/web/inc/sessions.inc.php b/data/web/inc/sessions.inc.php
index 67bdd35b3..bbc08cf13 100644
--- a/data/web/inc/sessions.inc.php
+++ b/data/web/inc/sessions.inc.php
@@ -99,15 +99,30 @@ if (isset($_POST["logout"])) {
     unset($_SESSION['sogo-sso-user-allowed']);
     unset($_SESSION['sogo-sso-pass']);
     unset($_SESSION["dual-login"]);
-    header("Location: /mailbox");
+    if ($_SESSION["mailcow_cc_role"] == "admin"){
+      header("Location: /admin/mailbox");
+    } elseif ($_SESSION["mailcow_cc_role"] == "domainadmin") {
+      header("Location: /domainadmin/mailbox");
+    } else {
+      header("Location: /");
+    }
     exit();
   }
   else {
+    $role = $_SESSION["mailcow_cc_role"];
     session_regenerate_id(true);
     session_unset();
     session_destroy();
     session_write_close();
-    header("Location: /");
+    if ($role == "admin") {
+      header("Location: /admin");
+    }
+    elseif ($role == "domainadmin") {
+      header("Location: /domainadmin");
+    }
+    else {
+      header("Location: /");
+    }
   }
 }
 
diff --git a/data/web/inc/triggers.admin.inc.php b/data/web/inc/triggers.admin.inc.php
new file mode 100644
index 000000000..5b1061f7e
--- /dev/null
+++ b/data/web/inc/triggers.admin.inc.php
@@ -0,0 +1,93 @@
+<?php
+
+if (isset($_POST["verify_tfa_login"])) {
+  if (verify_tfa_login($_SESSION['pending_mailcow_cc_username'], $_POST)) {
+    if ($_SESSION['pending_mailcow_cc_role'] == "admin") {
+      $_SESSION['mailcow_cc_username'] = $_SESSION['pending_mailcow_cc_username'];
+      $_SESSION['mailcow_cc_role'] = "admin";
+      unset($_SESSION['pending_mailcow_cc_username']);
+      unset($_SESSION['pending_mailcow_cc_role']);
+      unset($_SESSION['pending_tfa_methods']);
+
+		  header("Location: /admin/dashboard");
+      die();
+    }
+  }
+
+  unset($_SESSION['pending_mailcow_cc_username']);
+  unset($_SESSION['pending_mailcow_cc_role']);
+  unset($_SESSION['pending_tfa_methods']);
+}
+
+if (isset($_GET["cancel_tfa_login"])) {
+  unset($_SESSION['pending_pw_reset_token']);
+  unset($_SESSION['pending_pw_new_password']);
+  unset($_SESSION['pending_mailcow_cc_username']);
+  unset($_SESSION['pending_mailcow_cc_role']);
+  unset($_SESSION['pending_tfa_methods']);
+
+  header("Location: /admin");
+}
+
+if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
+  $login_user = strtolower(trim($_POST["login_user"]));
+  $as = check_login($login_user, $_POST["pass_user"], false, array("role" => "admin"));
+
+  if ($as == "admin") {
+    session_regenerate_id(true);
+		$_SESSION['mailcow_cc_username'] = $login_user;
+		$_SESSION['mailcow_cc_role'] = "admin";
+		header("Location: /admin/dashboard");
+    die();
+	}
+	elseif ($as != "pending") {
+    unset($_SESSION['pending_mailcow_cc_username']);
+    unset($_SESSION['pending_mailcow_cc_role']);
+    unset($_SESSION['pending_tfa_methods']);
+		unset($_SESSION['mailcow_cc_username']);
+		unset($_SESSION['mailcow_cc_role']);
+	}
+}
+
+if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admin" && !isset($_SESSION['mailcow_cc_api'])) {
+  // TODO: Move file upload to API?
+	if (isset($_POST["submit_main_logo"])) {
+    if ($_FILES['main_logo']['error'] == 0) {
+      customize('add', 'main_logo', $_FILES);
+    }
+    if ($_FILES['main_logo_dark']['error'] == 0) {
+      customize('add', 'main_logo_dark', $_FILES);
+    }
+	}
+	if (isset($_POST["reset_main_logo"])) {
+    customize('delete', 'main_logo');
+    customize('delete', 'main_logo_dark');
+	}
+  // Some actions will not be available via API
+	if (isset($_POST["license_validate_now"])) {
+		license('verify');
+	}
+  if (isset($_POST["admin_api"])) {
+    if (isset($_POST["admin_api"]["ro"])) {
+      admin_api('ro', 'edit', $_POST);
+    }
+    elseif (isset($_POST["admin_api"]["rw"])) {
+      admin_api('rw', 'edit', $_POST);
+    }
+	}
+  if (isset($_POST["admin_api_regen_key"])) {
+    if (isset($_POST["admin_api_regen_key"]["ro"])) {
+      admin_api('ro', 'regen_key', $_POST);
+    }
+    elseif (isset($_POST["admin_api_regen_key"]["rw"])) {
+      admin_api('rw', 'regen_key', $_POST);
+    }
+	}
+	if (isset($_POST["rspamd_ui"])) {
+		rspamd_ui('edit', $_POST);
+	}
+	if (isset($_POST["mass_send"])) {
+		sys_mail($_POST);
+	}
+}
+?>
diff --git a/data/web/inc/triggers.domainadmin.inc.php b/data/web/inc/triggers.domainadmin.inc.php
new file mode 100644
index 000000000..9ee53d67a
--- /dev/null
+++ b/data/web/inc/triggers.domainadmin.inc.php
@@ -0,0 +1,62 @@
+<?php
+// SSO Domain Admin
+if (!empty($_GET['sso_token'])) {
+  $username = domain_admin_sso('check', $_GET['sso_token']);
+
+  if ($username !== false) {
+    session_regenerate_id(true);
+    $_SESSION['mailcow_cc_username'] = $username;
+    $_SESSION['mailcow_cc_role'] = 'domainadmin';
+    header('Location: /domainadmin/mailbox');
+  }
+}
+
+if (isset($_POST["verify_tfa_login"])) {
+  if (verify_tfa_login($_SESSION['pending_mailcow_cc_username'], $_POST)) {
+    if ($_SESSION['pending_mailcow_cc_role'] == "domainadmin") {
+      $_SESSION['mailcow_cc_username'] = $_SESSION['pending_mailcow_cc_username'];
+      $_SESSION['mailcow_cc_role'] = "domainadmin";
+      unset($_SESSION['pending_mailcow_cc_username']);
+      unset($_SESSION['pending_mailcow_cc_role']);
+      unset($_SESSION['pending_tfa_methods']);
+
+		  header("Location: /domainadmin/mailbox");
+      die();
+    }
+  }
+
+  unset($_SESSION['pending_mailcow_cc_username']);
+  unset($_SESSION['pending_mailcow_cc_role']);
+  unset($_SESSION['pending_tfa_methods']);
+}
+
+if (isset($_GET["cancel_tfa_login"])) {
+  unset($_SESSION['pending_pw_reset_token']);
+  unset($_SESSION['pending_pw_new_password']);
+  unset($_SESSION['pending_mailcow_cc_username']);
+  unset($_SESSION['pending_mailcow_cc_role']);
+  unset($_SESSION['pending_tfa_methods']);
+
+  header("Location: /domainadmin");
+}
+
+if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
+  $login_user = strtolower(trim($_POST["login_user"]));
+  $as = check_login($login_user, $_POST["pass_user"], false, array("role" => "domain_admin"));
+
+  if ($as == "domainadmin") {
+    session_regenerate_id(true);
+		$_SESSION['mailcow_cc_username'] = $login_user;
+		$_SESSION['mailcow_cc_role'] = "domainadmin";
+		header("Location: /domainadmin/mailbox");
+    die();
+	}
+	elseif ($as != "pending") {
+    unset($_SESSION['pending_mailcow_cc_username']);
+    unset($_SESSION['pending_mailcow_cc_role']);
+    unset($_SESSION['pending_tfa_methods']);
+		unset($_SESSION['mailcow_cc_username']);
+		unset($_SESSION['mailcow_cc_role']);
+	}
+}
+?>
diff --git a/data/web/inc/triggers.global.inc.php b/data/web/inc/triggers.global.inc.php
new file mode 100644
index 000000000..dd88fad56
--- /dev/null
+++ b/data/web/inc/triggers.global.inc.php
@@ -0,0 +1,48 @@
+<?php
+if (isset($_POST["quick_release"])) {
+	quarantine('quick_release', $_POST["quick_release"]);
+}
+
+if (isset($_POST["quick_delete"])) {
+	quarantine('quick_delete', $_POST["quick_delete"]);
+}
+
+if (isset($_SESSION['mailcow_cc_role']) && (isset($_SESSION['acl']['login_as']) && $_SESSION['acl']['login_as'] == "1")) {
+	if (isset($_GET["duallogin"])) {
+    $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
+    if (!$is_dual) {
+      $duallogin = html_entity_decode(rawurldecode($_GET["duallogin"]));
+      if (filter_var($duallogin, FILTER_VALIDATE_EMAIL)) {
+        if (!empty(mailbox('get', 'mailbox_details', $duallogin))) {
+          $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
+          $_SESSION["dual-login"]["role"]     = $_SESSION['mailcow_cc_role'];
+          $_SESSION['mailcow_cc_username']    = $duallogin;
+          $_SESSION['mailcow_cc_role']        = "user";
+          header("Location: /user");
+        }
+      }
+      else {
+        if (!empty(domain_admin('details', $duallogin))) {
+          $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
+          $_SESSION["dual-login"]["role"]     = $_SESSION['mailcow_cc_role'];
+          $_SESSION['mailcow_cc_username']    = $duallogin;
+          $_SESSION['mailcow_cc_role']        = "domainadmin";
+          header("Location: /user");
+        }
+      }
+    }
+  }
+}
+
+if (isset($_SESSION['mailcow_cc_role'])) {
+	if (isset($_POST["set_tfa"])) {
+		set_tfa($_POST);
+	}
+	if (isset($_POST["unset_tfa_key"])) {
+		unset_tfa_key($_POST);
+	}
+	if (isset($_POST["unset_fido2_key"])) {
+		fido2(array("action" => "unset_fido2_key", "post_data" => $_POST));
+	}
+}
+?>
diff --git a/data/web/inc/triggers.inc.php b/data/web/inc/triggers.inc.php
deleted file mode 100644
index b0c2237d6..000000000
--- a/data/web/inc/triggers.inc.php
+++ /dev/null
@@ -1,263 +0,0 @@
-<?php
-// handle iam authentication
-if ($iam_provider){
-  if (isset($_GET['iam_sso'])){
-    // redirect for sso
-    $redirect_uri = identity_provider('get-redirect');
-    $redirect_uri = !empty($redirect_uri) ? $redirect_uri : '/';
-    header('Location: ' . $redirect_uri);
-    die();
-  }
-  if ($_SESSION['iam_token'] && $_SESSION['iam_refresh_token']) {
-    // Session found, try to refresh
-    $isRefreshed = identity_provider('refresh-token');
-
-    if (!$isRefreshed){
-      // Session could not be refreshed, redirect to provider
-      $redirect_uri = identity_provider('get-redirect');
-      $redirect_uri = !empty($redirect_uri) ? $redirect_uri : '/';
-      header('Location: ' . $redirect_uri);
-      die();
-    }
-  } elseif ($_GET['code'] && $_GET['state'] === $_SESSION['oauth2state']) {
-    // Check given state against previously stored one to mitigate CSRF attack
-    // Recieved access token in $_GET['code']
-    // extract info and verify user
-    identity_provider('verify-sso');
-  }
-}
-
-// SSO Domain Admin
-if (!empty($_GET['sso_token'])) {
-  $username = domain_admin_sso('check', $_GET['sso_token']);
-
-  if ($username !== false) {
-    $_SESSION['mailcow_cc_username'] = $username;
-    $_SESSION['mailcow_cc_role'] = 'domainadmin';
-    header('Location: /mailbox');
-  }
-}
-
-if (isset($_POST["pw_reset_request"]) && !empty($_POST['username'])) {
-  reset_password("issue", $_POST['username']);
-  header("Location: /");
-  exit;
-}
-if (isset($_POST["pw_reset"])) {
-  $username = reset_password("check", $_POST['token']);
-  $reset_result = reset_password("reset", array(
-    'new_password' => $_POST['new_password'],
-    'new_password2' => $_POST['new_password2'],
-    'token' => $_POST['token'],
-    'username' => $username,
-    'check_tfa' => True
-  ));
-
-  if ($reset_result){
-    header("Location: /");
-    exit;
-  }
-}
-if (isset($_POST["verify_tfa_login"])) {
-  if (verify_tfa_login($_SESSION['pending_mailcow_cc_username'], $_POST)) {
-    if ($_SESSION['pending_mailcow_cc_role'] == "admin") {
-      $_SESSION['mailcow_cc_username'] = $_SESSION['pending_mailcow_cc_username'];
-      $_SESSION['mailcow_cc_role'] = "admin";
-      unset($_SESSION['pending_mailcow_cc_username']);
-      unset($_SESSION['pending_mailcow_cc_role']);
-      unset($_SESSION['pending_tfa_methods']);
-
-		  header("Location: /debug");
-      die();
-    }
-    elseif ($_SESSION['pending_mailcow_cc_role'] == "domainadmin") {
-      $_SESSION['mailcow_cc_username'] = $_SESSION['pending_mailcow_cc_username'];
-      $_SESSION['mailcow_cc_role'] = "domainadmin";
-      unset($_SESSION['pending_mailcow_cc_username']);
-      unset($_SESSION['pending_mailcow_cc_role']);
-      unset($_SESSION['pending_tfa_methods']);
-
-		  header("Location: /mailbox");
-      die();
-    }
-    elseif ($_SESSION['pending_mailcow_cc_role'] == "user") {
-      if (isset($_SESSION['pending_pw_reset_token']) && isset($_SESSION['pending_pw_new_password'])) {
-        reset_password("reset", array(
-          'new_password' => $_SESSION['pending_pw_new_password'],
-          'new_password2' => $_SESSION['pending_pw_new_password'],
-          'token' => $_SESSION['pending_pw_reset_token'],
-          'username' => $_SESSION['pending_mailcow_cc_username']
-        ));
-        unset($_SESSION['pending_pw_reset_token']);
-        unset($_SESSION['pending_pw_new_password']);
-        unset($_SESSION['pending_mailcow_cc_username']);
-        unset($_SESSION['pending_tfa_methods']);
-
-        header("Location: /");
-        die();
-      } else {
-        set_user_loggedin_session($_SESSION['pending_mailcow_cc_username']);
-        $user_details = mailbox("get", "mailbox_details", $_SESSION['mailcow_cc_username']);
-        $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
-        if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual) {
-          header("Location: /SOGo/so/{$_SESSION['mailcow_cc_username']}");
-          die();
-        } else {
-          header("Location: /user");
-          die();
-        }
-      }
-    }
-  }
-
-  unset($_SESSION['pending_mailcow_cc_username']);
-  unset($_SESSION['pending_mailcow_cc_role']);
-  unset($_SESSION['pending_tfa_methods']);
-}
-
-if (isset($_GET["cancel_tfa_login"])) {
-  unset($_SESSION['pending_pw_reset_token']);
-  unset($_SESSION['pending_pw_new_password']);
-  unset($_SESSION['pending_mailcow_cc_username']);
-  unset($_SESSION['pending_mailcow_cc_role']);
-  unset($_SESSION['pending_tfa_methods']);
-
-  header("Location: /");
-}
-
-if (isset($_POST["quick_release"])) {
-	quarantine('quick_release', $_POST["quick_release"]);
-}
-
-if (isset($_POST["quick_delete"])) {
-	quarantine('quick_delete', $_POST["quick_delete"]);
-}
-
-if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
-  $login_user = strtolower(trim($_POST["login_user"]));
-  $as = check_login($login_user, $_POST["pass_user"]);
-
-  if ($as == "admin") {
-		$_SESSION['mailcow_cc_username'] = $login_user;
-		$_SESSION['mailcow_cc_role'] = "admin";
-		header("Location: /debug");
-    die();
-	}
-	elseif ($as == "domainadmin") {
-		$_SESSION['mailcow_cc_username'] = $login_user;
-		$_SESSION['mailcow_cc_role'] = "domainadmin";
-		header("Location: /mailbox");
-    die();
-	}
-	elseif ($as == "user") {
-    set_user_loggedin_session($login_user);
-    $http_parameters = explode('&', $_SESSION['index_query_string']);
-    unset($_SESSION['index_query_string']);
-    if (in_array('mobileconfig', $http_parameters)) {
-        if (in_array('only_email', $http_parameters)) {
-            header("Location: /mobileconfig.php?only_email");
-            die();
-        }
-        header("Location: /mobileconfig.php");
-        die();
-    }
-
-    $user_details = mailbox("get", "mailbox_details", $login_user);
-    $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
-    if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual) {
-      header("Location: /SOGo/so/{$login_user}");
-      die();
-    } else {
-      header("Location: /user");
-      die();
-    }
-	}
-	elseif ($as != "pending") {
-    unset($_SESSION['pending_mailcow_cc_username']);
-    unset($_SESSION['pending_mailcow_cc_role']);
-    unset($_SESSION['pending_tfa_methods']);
-		unset($_SESSION['mailcow_cc_username']);
-		unset($_SESSION['mailcow_cc_role']);
-	}
-}
-
-if (isset($_SESSION['mailcow_cc_role']) && (isset($_SESSION['acl']['login_as']) && $_SESSION['acl']['login_as'] == "1")) {
-	if (isset($_GET["duallogin"])) {
-    $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
-    if (!$is_dual) {
-      $duallogin = html_entity_decode(rawurldecode($_GET["duallogin"]));
-      if (filter_var($duallogin, FILTER_VALIDATE_EMAIL)) {
-        if (!empty(mailbox('get', 'mailbox_details', $duallogin))) {
-          $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
-          $_SESSION["dual-login"]["role"]     = $_SESSION['mailcow_cc_role'];
-          $_SESSION['mailcow_cc_username']    = $duallogin;
-          $_SESSION['mailcow_cc_role']        = "user";
-          header("Location: /user");
-        }
-      }
-      else {
-        if (!empty(domain_admin('details', $duallogin))) {
-          $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
-          $_SESSION["dual-login"]["role"]     = $_SESSION['mailcow_cc_role'];
-          $_SESSION['mailcow_cc_username']    = $duallogin;
-          $_SESSION['mailcow_cc_role']        = "domainadmin";
-          header("Location: /user");
-        }
-      }
-    }
-  }
-}
-
-if (isset($_SESSION['mailcow_cc_role'])) {
-	if (isset($_POST["set_tfa"])) {
-		set_tfa($_POST);
-	}
-	if (isset($_POST["unset_tfa_key"])) {
-		unset_tfa_key($_POST);
-	}
-	if (isset($_POST["unset_fido2_key"])) {
-		fido2(array("action" => "unset_fido2_key", "post_data" => $_POST));
-	}
-}
-if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admin" && !isset($_SESSION['mailcow_cc_api'])) {
-  // TODO: Move file upload to API?
-	if (isset($_POST["submit_main_logo"])) {
-    if ($_FILES['main_logo']['error'] == 0) {
-      customize('add', 'main_logo', $_FILES);
-    }
-    if ($_FILES['main_logo_dark']['error'] == 0) {
-      customize('add', 'main_logo_dark', $_FILES);
-    }
-	}
-	if (isset($_POST["reset_main_logo"])) {
-    customize('delete', 'main_logo');
-    customize('delete', 'main_logo_dark');
-	}
-  // Some actions will not be available via API
-	if (isset($_POST["license_validate_now"])) {
-		license('verify');
-	}
-  if (isset($_POST["admin_api"])) {
-    if (isset($_POST["admin_api"]["ro"])) {
-      admin_api('ro', 'edit', $_POST);
-    }
-    elseif (isset($_POST["admin_api"]["rw"])) {
-      admin_api('rw', 'edit', $_POST);
-    }
-	}
-  if (isset($_POST["admin_api_regen_key"])) {
-    if (isset($_POST["admin_api_regen_key"]["ro"])) {
-      admin_api('ro', 'regen_key', $_POST);
-    }
-    elseif (isset($_POST["admin_api_regen_key"]["rw"])) {
-      admin_api('rw', 'regen_key', $_POST);
-    }
-	}
-	if (isset($_POST["rspamd_ui"])) {
-		rspamd_ui('edit', $_POST);
-	}
-	if (isset($_POST["mass_send"])) {
-		sys_mail($_POST);
-	}
-}
-?>
diff --git a/data/web/inc/triggers.user.inc.php b/data/web/inc/triggers.user.inc.php
new file mode 100644
index 000000000..c16edc10e
--- /dev/null
+++ b/data/web/inc/triggers.user.inc.php
@@ -0,0 +1,132 @@
+<?php
+// handle iam authentication
+if ($iam_provider){
+  if (isset($_GET['iam_sso'])){
+    // redirect for sso
+    $redirect_uri = identity_provider('get-redirect');
+    $redirect_uri = !empty($redirect_uri) ? $redirect_uri : '/';
+    header('Location: ' . $redirect_uri);
+    die();
+  }
+  if ($_SESSION['iam_token'] && $_SESSION['iam_refresh_token']) {
+    // Session found, try to refresh
+    $isRefreshed = identity_provider('refresh-token');
+
+    if (!$isRefreshed){
+      // Session could not be refreshed, redirect to provider
+      $redirect_uri = identity_provider('get-redirect');
+      $redirect_uri = !empty($redirect_uri) ? $redirect_uri : '/';
+      header('Location: ' . $redirect_uri);
+      die();
+    }
+  } elseif ($_GET['code'] && $_GET['state'] === $_SESSION['oauth2state']) {
+    // Check given state against previously stored one to mitigate CSRF attack
+    // Recieved access token in $_GET['code']
+    // extract info and verify user
+    identity_provider('verify-sso');
+  }
+}
+
+if (isset($_POST["pw_reset_request"]) && !empty($_POST['username'])) {
+  reset_password("issue", $_POST['username']);
+  header("Location: /");
+  exit;
+}
+if (isset($_POST["pw_reset"])) {
+  $username = reset_password("check", $_POST['token']);
+  $reset_result = reset_password("reset", array(
+    'new_password' => $_POST['new_password'],
+    'new_password2' => $_POST['new_password2'],
+    'token' => $_POST['token'],
+    'username' => $username,
+    'check_tfa' => True
+  ));
+
+  if ($reset_result){
+    header("Location: /");
+    exit;
+  }
+}
+if (isset($_POST["verify_tfa_login"])) {
+  if (verify_tfa_login($_SESSION['pending_mailcow_cc_username'], $_POST)) {
+    if ($_SESSION['pending_mailcow_cc_role'] == "user") {
+      if (isset($_SESSION['pending_pw_reset_token']) && isset($_SESSION['pending_pw_new_password'])) {
+        reset_password("reset", array(
+          'new_password' => $_SESSION['pending_pw_new_password'],
+          'new_password2' => $_SESSION['pending_pw_new_password'],
+          'token' => $_SESSION['pending_pw_reset_token'],
+          'username' => $_SESSION['pending_mailcow_cc_username']
+        ));
+        unset($_SESSION['pending_pw_reset_token']);
+        unset($_SESSION['pending_pw_new_password']);
+        unset($_SESSION['pending_mailcow_cc_username']);
+        unset($_SESSION['pending_tfa_methods']);
+
+        header("Location: /");
+        die();
+      } else {
+        set_user_loggedin_session($_SESSION['pending_mailcow_cc_username']);
+        $user_details = mailbox("get", "mailbox_details", $_SESSION['mailcow_cc_username']);
+        $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
+        if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual) {
+          header("Location: /SOGo/so/{$_SESSION['mailcow_cc_username']}");
+          die();
+        } else {
+          header("Location: /user");
+          die();
+        }
+      }
+    }
+  }
+
+  unset($_SESSION['pending_mailcow_cc_username']);
+  unset($_SESSION['pending_mailcow_cc_role']);
+  unset($_SESSION['pending_tfa_methods']);
+}
+
+if (isset($_GET["cancel_tfa_login"])) {
+  unset($_SESSION['pending_pw_reset_token']);
+  unset($_SESSION['pending_pw_new_password']);
+  unset($_SESSION['pending_mailcow_cc_username']);
+  unset($_SESSION['pending_mailcow_cc_role']);
+  unset($_SESSION['pending_tfa_methods']);
+
+  header("Location: /");
+}
+
+if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
+  $login_user = strtolower(trim($_POST["login_user"]));
+  $as = check_login($login_user, $_POST["pass_user"], false, array("role" => "user"));
+
+  if ($as == "user") {
+    set_user_loggedin_session($login_user);
+    $http_parameters = explode('&', $_SESSION['index_query_string']);
+    unset($_SESSION['index_query_string']);
+    if (in_array('mobileconfig', $http_parameters)) {
+        if (in_array('only_email', $http_parameters)) {
+            header("Location: /mobileconfig.php?only_email");
+            die();
+        }
+        header("Location: /mobileconfig.php");
+        die();
+    }
+
+    $user_details = mailbox("get", "mailbox_details", $login_user);
+    $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
+    if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual) {
+      header("Location: /SOGo/so/{$login_user}");
+      die();
+    } else {
+      header("Location: /user");
+      die();
+    }
+	}
+	elseif ($as != "pending") {
+    unset($_SESSION['pending_mailcow_cc_username']);
+    unset($_SESSION['pending_mailcow_cc_role']);
+    unset($_SESSION['pending_tfa_methods']);
+		unset($_SESSION['mailcow_cc_username']);
+		unset($_SESSION['mailcow_cc_role']);
+	}
+}
+?>
diff --git a/data/web/index.php b/data/web/index.php
index 0282e4835..1e91cb785 100644
--- a/data/web/index.php
+++ b/data/web/index.php
@@ -1,5 +1,6 @@
 <?php
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.user.inc.php';
 
 if (isset($_SESSION['mailcow_cc_role']) && isset($_SESSION['oauth2_request'])) {
   $oauth2_request = $_SESSION['oauth2_request'];
@@ -7,14 +8,6 @@ if (isset($_SESSION['mailcow_cc_role']) && isset($_SESSION['oauth2_request'])) {
   header('Location: ' . $oauth2_request);
   exit();
 }
-elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'admin') {
-  header('Location: /debug');
-  exit();
-}
-elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'domainadmin') {
-  header('Location: /mailbox');
-  exit();
-}
 elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
   $user_details = mailbox("get", "mailbox_details", $_SESSION['mailcow_cc_username']);
   $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
@@ -25,6 +18,14 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
   }
   exit();
 }
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'admin') {
+  header('Location: /admin/dashboard');
+  exit();
+}
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'domainadmin') {
+  header('Location: /domainadmin/mailbox');
+  exit();
+}
 
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';
 $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
@@ -36,7 +37,7 @@ if ($iam_provider){
 }
 
 
-$template = 'index.twig';
+$template = 'user_index.twig';
 $template_data = [
   'oauth2_request' => @$_SESSION['oauth2_request'],
   'is_mobileconfig' => str_contains($_SESSION['index_query_string'], 'mobileconfig'),
diff --git a/data/web/js/site/debug.js b/data/web/js/site/dashboard.js
similarity index 100%
rename from data/web/js/site/debug.js
rename to data/web/js/site/dashboard.js
diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index 0c9ffb3d4..3c21c18b0 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -939,7 +939,7 @@ jQuery(function($){
               '<a href="#" data-action="delete_selected" data-id="single-mailbox" data-api-url="delete/mailbox" data-item="' + encodeURIComponent(item.username) + '" class="btn btn-sm btn-xs-lg btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
               '<a href="/index.php?duallogin=' + encodeURIComponent(item.username) + '" class="login_as btn btn-sm btn-xs-lg btn-xs-half btn-success"><i class="bi bi-person-fill"></i> Login</a>';
               if (ALLOW_ADMIN_EMAIL_LOGIN) {
-                item.action += '<a href="/sogo-auth.php?login=' + encodeURIComponent(item.username) + '" class="login_as btn btn-sm btn-xs-lg btn-xs-half btn-primary" target="_blank"><i class="bi bi-envelope-fill"></i> SOGo</a>';
+                item.action += '<a href="/sogo-auth.php?login=' + encodeURIComponent(item.username) + '" class="login_as btn btn-sm btn-xs-lg btn-xs-half btn-primary"><i class="bi bi-envelope-fill"></i> SOGo</a>';
               }
               item.action += '</div>';
             }
diff --git a/data/web/reset-password.php b/data/web/reset-password.php
index a0225dc6a..7544d40c3 100644
--- a/data/web/reset-password.php
+++ b/data/web/reset-password.php
@@ -2,11 +2,11 @@
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
 
 if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'admin') {
-  header('Location: /debug');
+  header('Location: /admin/dashboard');
   exit();
 }
 elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'domainadmin') {
-  header('Location: /mailbox');
+  header('Location: /domainadmin/mailbox');
   exit();
 }
 elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
diff --git a/data/web/templates/admin_index.twig b/data/web/templates/admin_index.twig
new file mode 100644
index 000000000..4127a6a21
--- /dev/null
+++ b/data/web/templates/admin_index.twig
@@ -0,0 +1,91 @@
+{% extends 'base.twig' %}
+
+{% block navbar %}{% endblock %}
+
+{% block content %}
+<div class="row mb-4" style="margin-top: 60px">
+  <div class="col-12 col-md-7 col-lg-6 col-xl-5 ms-auto me-auto">
+    <div class="card">
+      <div class="card-header d-flex align-items-center">
+        <i class="bi bi-person-fill me-2"></i> {{ lang.login.login }}
+        <div class="ms-auto form-check form-switch my-auto d-flex align-items-center">
+          <label class="form-check-label"><i class="bi bi-moon-fill"></i></label>
+          <input class="form-check-input ms-2" type="checkbox" id="dark-mode-toggle">
+        </div>
+      </div>
+      <div class="card-body">
+        <div class="text-center mailcow-logo mb-4">
+          <img class="main-logo" src="{{ logo|default('/img/cow_mailcow.svg') }}" alt="mailcow">
+          <img class="main-logo-dark" src="{{ logo_dark|default('/img/cow_mailcow.svg') }}" alt="mailcow-logo-dark">
+        </div>
+        {% if ui_texts.ui_announcement_text and ui_texts.ui_announcement_active %}
+        <div class="my-4 alert alert-{{ ui_texts.ui_announcement_type }} rot-enc ui-announcement-alert">{{ ui_texts.ui_announcement_text|rot13 }}</div>
+        {% endif %}
+        <form method="post" autofill="off">
+          <div class="d-flex mt-3">
+            <label class="visually-hidden" for="login_user">{{ lang.login.username }}</label>
+            <div class="input-group">
+              <div class="input-group-text"><i class="bi bi-person-fill"></i></div>
+              <input name="login_user" autocorrect="off" autocapitalize="none" type="text" id="login_user" class="form-control" placeholder="{{ lang.login.username }}" required="" autofocus="" autocomplete="username">
+            </div>
+          </div>
+          <div class="d-flex mt-3">
+            <label class="visually-hidden" for="pass_user">{{ lang.login.password }}</label>
+            <div class="input-group">
+              <div class="input-group-text"><i class="bi bi-lock-fill"></i></div>
+              <input name="pass_user" type="password" id="pass_user" class="form-control" placeholder="{{ lang.login.password }}" required="" autocomplete="current-password">
+            </div>
+          </div>
+          <div class="d-flex justify-content-between mt-4" style="position: relative">
+            <button type="submit" class="btn btn-xs-lg btn-success" value="Login">{{ lang.login.login }}</button>            <div class="d-grid d-sm-block">
+            <button type="button" {% if available_languages|length == 1 %}disabled="true"{% endif %} class="btn btn-secondary ms-auto dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+              <span class="flag-icon flag-icon-{{ mailcow_locale[-2:] }}"></span>
+            </button>
+            <ul class="dropdown-menu ms-auto login">
+              {% for key, val in available_languages %}
+                <li>
+                  <a class="dropdown-item {% if mailcow_locale == key %}active{% endif %}" href="?{{ query_string({'lang': key}) }}">
+                    <span class="flag-icon flag-icon-{{ key[-2:] }}"></span>{{ val }}
+                  </a>
+                </li>
+              {% endfor %}
+            </ul>
+            </div>
+          </div>
+        </form>
+        <div class="hr-title mt-5"><strong>{{ lang.login.other_logins }}</strong></div>
+        <div class="d-flex flex-column align-items-center">
+          <a class="btn btn-xs-lg btn-secondary w-100" style="max-width: 400px;" href="#" id="fido2-login"><i class="bi bi-shield-fill-check"></i> {{ lang.login.fido2_webauthn }}</a>
+        </div>
+        {% if login_delay %}
+        <p><div class="my-4 alert alert-info">{{ lang.login.delayed|format(login_delay) }}</b></div></p>
+        {% endif %}
+        <div class="my-4" id="fido2-alerts"></div>
+        {% if (mailcow_apps or app_links) and not hide_mailcow_apps %}
+        <legend><i class="bi bi-link-45deg"></i> {{ ui_texts.apps_name|raw }}</legend><hr />
+        <div class="my-2 d-grid gap-2 d-sm-block apps">
+          {% for app in mailcow_apps %}
+            {% if not app.hide %}
+              {% if not skip_sogo or not is_uri('SOGo', app.link) %}
+              <div class="m-2">
+                <a href="{{ app.link }}" role="button" {% if app.description %}title="{{ app.description }}"{% endif %} class="btn btn-primary btn-block">{{ app.name }}</a>
+              </div>
+            {% endif %}
+          {% endif %}
+          {% endfor %}
+          {% for row in app_links %}
+            {% for key, val in row %}
+            {% if not val.hide %}
+              <div class="m-2">
+                <a href="{{ val.link }}" role="button" class="btn btn-primary btn-block">{{ key }}</a>
+              </div>
+            {% endif %}
+            {% endfor %}
+          {% endfor %}
+        </div>
+        {% endif %}
+      </div>
+    </div>
+  </div>
+</div>
+{% endblock %}
diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig
index 2634574d8..4d0a30251 100644
--- a/data/web/templates/base.twig
+++ b/data/web/templates/base.twig
@@ -66,27 +66,36 @@
         <li class="nav-item dropdown">
           <a href="#" class="nav-link dropdown-toggle" data-bs-toggle="dropdown" role="button" aria-expanded="false">{{ lang.header.mailcow_system }}</a>
           <ul class="dropdown-menu">
-            <li><a href="/debug" class="dropdown-item {% if is_uri('debug') %}active{% endif %}">{{ lang.header.debug }}</a></li>
-            <li><a href="/admin" class="dropdown-item {% if is_uri('admin') %}active{% endif %}">{{ lang.header.mailcow_config }}</a></li>
+            <li><a href="/admin/dashboard" class="dropdown-item {% if is_uri('dashboard') %}active{% endif %}">{{ lang.header.debug }}</a></li>
+            <li><a href="/admin/system" class="dropdown-item {% if is_uri('system') %}active{% endif %}">{{ lang.header.mailcow_config }}</a></li>
+          </ul>
+        </li>
+        <li class="nav-item dropdown">
+          <a href="#" class="nav-link dropdown-toggle" data-bs-toggle="dropdown" role="button" aria-expanded="false">{{ lang.header.email }}</a>
+          <ul class="dropdown-menu">
+            <li><a href="/admin/mailbox" class="dropdown-item {% if is_uri('mailbox') %}active{% endif %}">{{ lang.header.mailcow_config }}</a></li>
+            <li><a href="/quarantine" class="dropdown-item {% if is_uri('quarantine') %}active{% endif %}">{{ lang.header.quarantine }}</a></li>
+            <li><a href="/admin/queue" class="dropdown-item {% if is_uri('queue') %}active{% endif %}">{{ lang.queue.queue_manager }}</a></li>
+            <li><a href="#" class="dropdown-item" data-bs-toggle="modal" data-container="sogo-mailcow" data-bs-target="#RestartContainer">{{ lang.header.restart_sogo }}</a></li>
           </ul>
         </li>
         {% endif %}
-        {% if mailcow_cc_role != 'admin' %}
+        {% if mailcow_cc_role == 'domainadmin' %}
+        <li class="nav-item dropdown">
+          <a href="/domainadmin/user" class="nav-link" role="button" aria-expanded="false">{{ lang.header.user_settings }}</a>
+        </li>
+        {% elseif mailcow_cc_role == 'user' %}
         <li class="nav-item dropdown">
           <a href="/user" class="nav-link" role="button" aria-expanded="false">{{ lang.header.user_settings }}</a>
         </li>
         {% endif %}
 
-        {% if mailcow_cc_role == 'admin' or mailcow_cc_role == 'domainadmin' %}
+        {% if mailcow_cc_role == 'domainadmin' %}
         <li class="nav-item dropdown">
           <a href="#" class="nav-link dropdown-toggle" data-bs-toggle="dropdown" role="button" aria-expanded="false">{{ lang.header.email }}</a>
           <ul class="dropdown-menu">
-            <li><a href="/mailbox" class="dropdown-item {% if is_uri('mailbox') %}active{% endif %}">{{ lang.header.mailcow_config }}</a></li>
+            <li><a href="/domainadmin/mailbox" class="dropdown-item {% if is_uri('mailbox') %}active{% endif %}">{{ lang.header.mailcow_config }}</a></li>
             <li><a href="/quarantine" class="dropdown-item {% if is_uri('quarantine') %}active{% endif %}">{{ lang.header.quarantine }}</a></li>
-            {% if mailcow_cc_role == 'admin' %}
-            <li><a href="/queue" class="dropdown-item {% if is_uri('queue') %}active{% endif %}">{{ lang.queue.queue_manager }}</a></li>
-            <li><a href="#" class="dropdown-item" data-bs-toggle="modal" data-container="sogo-mailcow" data-bs-target="#RestartContainer">{{ lang.header.restart_sogo }}</a></li>
-            {% endif %}
           </ul>
         </li>
         {% endif %}
@@ -246,7 +255,7 @@ function recursiveBase64StrToArrayBuffer(obj) {
     $(".totp-authenticator-selection").click(function(){
       $(".totp-authenticator-selection").removeClass("active");
       $(this).addClass("active");
-      
+
       var id = $(this).children('input').first().val();
       $("#totp_selected_id").val(id);
 
@@ -255,7 +264,7 @@ function recursiveBase64StrToArrayBuffer(obj) {
     if ($('.totp-authenticator-selection').length == 1 &&
         $('#pending_tfa_tab_yubi_otp').length == 0 &&
         $('.webauthn-authenticator-selection').length == 0){
-      
+
       // select default if only one authenticator exists
       $('.totp-authenticator-selection').addClass("active");
 
@@ -268,7 +277,7 @@ function recursiveBase64StrToArrayBuffer(obj) {
     $('#pending_tfa_tab_totp').on('shown.bs.tab', function() {
       // autofocus
       setTimeout(function() { $("#collapseTotpTFA").find('input[name="token"]').focus(); }, 200);
-    });    
+    });
     // validate Yubi OTP tfa
     if ($('.webauthn-authenticator-selection').length == 0){
       // autofocus
@@ -287,10 +296,10 @@ function recursiveBase64StrToArrayBuffer(obj) {
     $(".webauthn-authenticator-selection").click(function(){
       $(".webauthn-authenticator-selection").removeClass("active");
       $(this).addClass("active");
-      
+
       var id = $(this).children('input').first().val();
       $("#webauthn_selected_id").val(id);
-      
+
       var webauthn_status_auth = document.getElementById('webauthn_status_auth');
       webauthn_status_auth.style.setProperty('display', 'flex', 'important');
       var webauthn_return_code = document.getElementById('webauthn_return_code');
@@ -313,7 +322,7 @@ function recursiveBase64StrToArrayBuffer(obj) {
           console.log(json);
           if (json.success === false) throw new Error();
           if (json.type === "error") throw new Error(json.msg);
-      
+
           recursiveBase64StrToArrayBuffer(json);
           return json;
         }).then(getCredentialArgs => {
@@ -340,7 +349,7 @@ function recursiveBase64StrToArrayBuffer(obj) {
           webauthn_return_code.style.setProperty('display', 'block', 'important');
           webauthn_return_code.innerHTML = lang_tfa.error_code + ': ' + err + ' ' + lang_tfa.reload_retry;
         });
-      } 
+      }
     });
     $('#ConfirmTFAModal').on('hidden.bs.modal', function(){
       // cancel pending login
@@ -551,7 +560,7 @@ function recursiveBase64StrToArrayBuffer(obj) {
         Version: <a href="{{ mailcow_info.git_project_url }}/releases/tag/{{ mailcow_info.version_tag }}" target="_blank">{{ mailcow_info.version_tag }}
     </a>
   </span>
-  {% endif %}  
+  {% endif %}
   {% if mailcow_cc_username and mailcow_info.mailcow_branch|lower == "nightly" and mailcow_info.version_tag|default %}
   <span class="version">
     🛠️🐮 + 🐋 = 💕
diff --git a/data/web/templates/debug.twig b/data/web/templates/dashboard.twig
similarity index 99%
rename from data/web/templates/debug.twig
rename to data/web/templates/dashboard.twig
index c148856cb..8f8c2d99f 100644
--- a/data/web/templates/debug.twig
+++ b/data/web/templates/dashboard.twig
@@ -42,8 +42,8 @@
                 <img class="main-logo-dark img-responsive my-auto m-auto" alt="mailcow-logo-dark" style="max-width: 85%; max-height: 85%;" src="{{ logo_dark|default('/img/cow_mailcow.svg') }}">
               </div>
               <div class="col-sm-12 col-md-8">
-                <div class="table-responsive" style="margin-top: 10px;">
-                  <table class="table table-striped table-condensed w-100">
+                <div style="margin-top: 10px;">
+                  <table class="table table-striped w-100">
                     <tbody>
                       <tr>
                         <td>Hostname</td>
diff --git a/data/web/templates/domainadmin_index.twig b/data/web/templates/domainadmin_index.twig
new file mode 100644
index 000000000..4127a6a21
--- /dev/null
+++ b/data/web/templates/domainadmin_index.twig
@@ -0,0 +1,91 @@
+{% extends 'base.twig' %}
+
+{% block navbar %}{% endblock %}
+
+{% block content %}
+<div class="row mb-4" style="margin-top: 60px">
+  <div class="col-12 col-md-7 col-lg-6 col-xl-5 ms-auto me-auto">
+    <div class="card">
+      <div class="card-header d-flex align-items-center">
+        <i class="bi bi-person-fill me-2"></i> {{ lang.login.login }}
+        <div class="ms-auto form-check form-switch my-auto d-flex align-items-center">
+          <label class="form-check-label"><i class="bi bi-moon-fill"></i></label>
+          <input class="form-check-input ms-2" type="checkbox" id="dark-mode-toggle">
+        </div>
+      </div>
+      <div class="card-body">
+        <div class="text-center mailcow-logo mb-4">
+          <img class="main-logo" src="{{ logo|default('/img/cow_mailcow.svg') }}" alt="mailcow">
+          <img class="main-logo-dark" src="{{ logo_dark|default('/img/cow_mailcow.svg') }}" alt="mailcow-logo-dark">
+        </div>
+        {% if ui_texts.ui_announcement_text and ui_texts.ui_announcement_active %}
+        <div class="my-4 alert alert-{{ ui_texts.ui_announcement_type }} rot-enc ui-announcement-alert">{{ ui_texts.ui_announcement_text|rot13 }}</div>
+        {% endif %}
+        <form method="post" autofill="off">
+          <div class="d-flex mt-3">
+            <label class="visually-hidden" for="login_user">{{ lang.login.username }}</label>
+            <div class="input-group">
+              <div class="input-group-text"><i class="bi bi-person-fill"></i></div>
+              <input name="login_user" autocorrect="off" autocapitalize="none" type="text" id="login_user" class="form-control" placeholder="{{ lang.login.username }}" required="" autofocus="" autocomplete="username">
+            </div>
+          </div>
+          <div class="d-flex mt-3">
+            <label class="visually-hidden" for="pass_user">{{ lang.login.password }}</label>
+            <div class="input-group">
+              <div class="input-group-text"><i class="bi bi-lock-fill"></i></div>
+              <input name="pass_user" type="password" id="pass_user" class="form-control" placeholder="{{ lang.login.password }}" required="" autocomplete="current-password">
+            </div>
+          </div>
+          <div class="d-flex justify-content-between mt-4" style="position: relative">
+            <button type="submit" class="btn btn-xs-lg btn-success" value="Login">{{ lang.login.login }}</button>            <div class="d-grid d-sm-block">
+            <button type="button" {% if available_languages|length == 1 %}disabled="true"{% endif %} class="btn btn-secondary ms-auto dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+              <span class="flag-icon flag-icon-{{ mailcow_locale[-2:] }}"></span>
+            </button>
+            <ul class="dropdown-menu ms-auto login">
+              {% for key, val in available_languages %}
+                <li>
+                  <a class="dropdown-item {% if mailcow_locale == key %}active{% endif %}" href="?{{ query_string({'lang': key}) }}">
+                    <span class="flag-icon flag-icon-{{ key[-2:] }}"></span>{{ val }}
+                  </a>
+                </li>
+              {% endfor %}
+            </ul>
+            </div>
+          </div>
+        </form>
+        <div class="hr-title mt-5"><strong>{{ lang.login.other_logins }}</strong></div>
+        <div class="d-flex flex-column align-items-center">
+          <a class="btn btn-xs-lg btn-secondary w-100" style="max-width: 400px;" href="#" id="fido2-login"><i class="bi bi-shield-fill-check"></i> {{ lang.login.fido2_webauthn }}</a>
+        </div>
+        {% if login_delay %}
+        <p><div class="my-4 alert alert-info">{{ lang.login.delayed|format(login_delay) }}</b></div></p>
+        {% endif %}
+        <div class="my-4" id="fido2-alerts"></div>
+        {% if (mailcow_apps or app_links) and not hide_mailcow_apps %}
+        <legend><i class="bi bi-link-45deg"></i> {{ ui_texts.apps_name|raw }}</legend><hr />
+        <div class="my-2 d-grid gap-2 d-sm-block apps">
+          {% for app in mailcow_apps %}
+            {% if not app.hide %}
+              {% if not skip_sogo or not is_uri('SOGo', app.link) %}
+              <div class="m-2">
+                <a href="{{ app.link }}" role="button" {% if app.description %}title="{{ app.description }}"{% endif %} class="btn btn-primary btn-block">{{ app.name }}</a>
+              </div>
+            {% endif %}
+          {% endif %}
+          {% endfor %}
+          {% for row in app_links %}
+            {% for key, val in row %}
+            {% if not val.hide %}
+              <div class="m-2">
+                <a href="{{ val.link }}" role="button" class="btn btn-primary btn-block">{{ key }}</a>
+              </div>
+            {% endif %}
+            {% endfor %}
+          {% endfor %}
+        </div>
+        {% endif %}
+      </div>
+    </div>
+  </div>
+</div>
+{% endblock %}
diff --git a/data/web/templates/user/tab-user-auth.twig b/data/web/templates/user/tab-user-auth.twig
index 5c90bedf5..a7e025431 100644
--- a/data/web/templates/user/tab-user-auth.twig
+++ b/data/web/templates/user/tab-user-auth.twig
@@ -20,11 +20,11 @@
                   {{ lang.user.open_webmail_sso }} <i class="bi bi-arrow-right"></i>
                 </button>
               {% elseif dual_login %}
-                <a target="_blank" href="/sogo-auth.php?login={{ mailcow_cc_username  }}" role="button" class="btn btn-primary btn-lg btn-block btn-xs-lg w-100">
+                <a href="/sogo-auth.php?login={{ mailcow_cc_username  }}" role="button" class="btn btn-primary btn-lg btn-block btn-xs-lg w-100">
                   {{ lang.user.open_webmail_sso }} <i class="bi bi-arrow-right"></i>
                 </a>
               {% else %}
-                <a target="_blank" href="/SOGo/so" role="button" class="btn btn-primary btn-lg btn-block btn-xs-lg w-100">
+                <a href="/SOGo/so" role="button" class="btn btn-primary btn-lg btn-block btn-xs-lg w-100">
                   {{ lang.user.open_webmail_sso }} <i class="bi bi-arrow-right"></i>
                 </a>
               {% endif %}
diff --git a/data/web/templates/index.twig b/data/web/templates/user_index.twig
similarity index 100%
rename from data/web/templates/index.twig
rename to data/web/templates/user_index.twig
diff --git a/data/web/user.php b/data/web/user.php
index 19aafdddc..7c34ba953 100644
--- a/data/web/user.php
+++ b/data/web/user.php
@@ -1,29 +1,8 @@
 <?php
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
-if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'domainadmin') {
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.user.inc.php';
 
-  /*
-  / DOMAIN ADMIN
-  */
-
-  require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';
-  $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
-  $tfa_data = get_tfa();
-  $fido2_data = fido2(array("action" => "get_friendly_names"));
-  $username = $_SESSION['mailcow_cc_username'];
-
-  $template = 'domainadmin.twig';
-  $template_data = [
-    'acl' => $_SESSION['acl'],
-    'acl_json' => json_encode($_SESSION['acl']),
-    'user_spam_score' => mailbox('get', 'spam_score', $username),
-    'tfa_data' => $tfa_data,
-    'fido2_data' => $fido2_data,
-    'lang_user' => json_encode($lang['user']),
-    'lang_datatables' => json_encode($lang['datatables']),
-  ];
-}
-elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
+if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
 
   /*
   / USER
@@ -95,6 +74,14 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
     'lang_datatables' => json_encode($lang['datatables']),
   ];
 }
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'admin') {
+  header('Location: /admin/dashboard');
+  exit();
+}
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'domainadmin') {
+  header('Location: /domainadmin/mailbox');
+  exit();
+}
 else {
   header('Location: /');
   exit();

From 60a2270d1e7d0985901378bea83295b3df6bf127 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Tue, 28 Jan 2025 14:25:56 +0100
Subject: [PATCH 450/755] clamd: update to 1.4.2 + build from source instead
 using alpine packages

---
 data/Dockerfiles/clamd/Dockerfile | 104 ++++++++++++++++++++++++++++--
 data/Dockerfiles/clamd/clamd.sh   |   1 +
 docker-compose.yml                |   2 +-
 3 files changed, 99 insertions(+), 8 deletions(-)

diff --git a/data/Dockerfiles/clamd/Dockerfile b/data/Dockerfiles/clamd/Dockerfile
index 1850d4bed..4392c84e5 100644
--- a/data/Dockerfiles/clamd/Dockerfile
+++ b/data/Dockerfiles/clamd/Dockerfile
@@ -1,14 +1,104 @@
-FROM alpine:3.20
+FROM alpine:3.21 AS builder
 
-LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
+WORKDIR /src
+ENV CLAMD_VERSION=1.4.2
 
 RUN apk upgrade --no-cache \
   && apk add --update --no-cache \
-  rsync \
-  clamav \
-  bind-tools \
-  bash \
-  tini
+    g++ \
+    gcc \
+    gdb \
+    make \
+    cmake \
+    py3-pytest \
+    python3 \
+    valgrind \
+    bzip2-dev \
+    check-dev \
+    curl-dev \
+    json-c-dev \
+    libmilter-dev \
+    libxml2-dev \
+    linux-headers \
+    ncurses-dev \
+    openssl-dev \
+    pcre2-dev \
+    zlib-dev \
+    cargo \
+    rust
+
+RUN mkdir -p /src \
+  && wget -P /src https://www.clamav.net/downloads/production/clamav-${CLAMD_VERSION}.tar.gz \
+  && tar xzfv /src/clamav-${CLAMD_VERSION}.tar.gz \
+  && cd /src/clamav-${CLAMD_VERSION} \
+  && mkdir build \
+  && cmake . \
+  -D CMAKE_BUILD_TYPE="Release"                                                       \
+  -D CMAKE_INSTALL_PREFIX="/usr"                                                      \
+  -D CMAKE_INSTALL_LIBDIR="/usr/lib"                                                  \
+  -D APP_CONFIG_DIRECTORY="/etc/clamav"                                               \
+  -D DATABASE_DIRECTORY="/var/lib/clamav"                                             \
+  -D ENABLE_CLAMONACC=OFF                                                             \
+  -D ENABLE_EXAMPLES=OFF                                                              \
+  -D ENABLE_MILTER=ON                                                                 \
+  -D ENABLE_MAN_PAGES=OFF                                                             \
+  -D ENABLE_STATIC_LIB=OFF                                                            \
+  -D ENABLE_JSON_SHARED=ON                                                            \ 
+  && cmake --build . \
+  && make DESTDIR="/clamav" -j$(($(nproc) - 1)) install \
+  && rm -r "/clamav/usr/lib/pkgconfig/" \
+  && sed -e "s|^\(Example\)|\# \1|" \
+    -e "s|.*\(LocalSocket\) .*|\1 /tmp/clamd.sock|" \
+    -e "s|.*\(TCPSocket\) .*|\1 3310|" \
+    -e "s|.*\(TCPAddr\) .*|#\1 0.0.0.0|" \
+    -e "s|.*\(User\) .*|\1 clamav|" \
+    -e "s|^\#\(LogFile\) .*|\1 /var/log/clamav/clamd.log|" \
+    -e "s|^\#\(LogTime\).*|\1 yes|" \
+    "/clamav/etc/clamav/clamd.conf.sample" > "/clamav/etc/clamav/clamd.conf" \
+  && sed -e "s|^\(Example\)|\# \1|" \
+    -e "s|.*\(DatabaseOwner\) .*|\1 clamav|" \
+    -e "s|^\#\(UpdateLogFile\) .*|\1 /var/log/clamav/freshclam.log|" \
+    -e "s|^\#\(NotifyClamd\).*|\1 /etc/clamav/clamd.conf|" \
+    -e "s|^\#\(ScriptedUpdates\).*|\1 yes|" \
+    "/clamav/etc/clamav/freshclam.conf.sample" > "/clamav/etc/clamav/freshclam.conf" \
+  && sed -e "s|^\(Example\)|\# \1|" \
+  -e "s|.*\(MilterSocket\) .*|\1 inet:7357|" \
+  -e "s|.*\(User\) .*|\1 clamav|" \
+  -e "s|^\#\(LogFile\) .*|\1 /var/log/clamav/milter.log|" \
+  -e "s|^\#\(LogTime\).*|\1 yes|" \
+  -e "s|.*\(\ClamdSocket\) .*|\1 unix:/tmp/clamd.sock|" \
+  "/clamav/etc/clamav/clamav-milter.conf.sample" > "/clamav/etc/clamav/clamav-milter.conf" || exit 1
+
+
+FROM alpine:3.21
+
+LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
+
+EXPOSE 3310
+EXPOSE 7357
+
+RUN apk upgrade --no-cache \
+  && apk add --update --no-cache \
+    tzdata \
+    rsync \
+    bind-tools \
+    bash \
+    tini \
+    json-c \
+    libbz2 \
+    libcurl \
+    libmilter \
+    libxml2 \
+    ncurses-libs \
+    pcre2 \
+    zlib \
+    libgcc \
+  && addgroup -S "clamav" && \
+    adduser -D -G "clamav" -h "/var/lib/clamav" -s "/bin/false" -S "clamav" && \
+    install -d -m 755 -g "clamav" -o "clamav" "/var/log/clamav" && \
+    chown -R clamav:clamav /var/lib/clamav
+
+COPY --from=builder "/clamav" "/"
 
 # init
 COPY clamd.sh /clamd.sh
diff --git a/data/Dockerfiles/clamd/clamd.sh b/data/Dockerfiles/clamd/clamd.sh
index 10df8072b..2c6e75dc6 100755
--- a/data/Dockerfiles/clamd/clamd.sh
+++ b/data/Dockerfiles/clamd/clamd.sh
@@ -91,6 +91,7 @@ done
 ) &
 BACKGROUND_TASKS+=($!)
 
+echo "$(clamd -V) is starting... please wait a moment."
 nice -n10 clamd &
 BACKGROUND_TASKS+=($!)
 
diff --git a/docker-compose.yml b/docker-compose.yml
index cd85304b4..706a02309 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -64,7 +64,7 @@ services:
             - redis
 
     clamd-mailcow:
-      image: mailcow/clamd:1.66
+      image: mailcow/clamd:1.70
       restart: always
       depends_on:
         unbound-mailcow:

From 65bc581fab5331fbb35b92f775d2c6a3f31f1bcd Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Tue, 28 Jan 2025 14:36:43 +0100
Subject: [PATCH 451/755] clamd: remove exposed ports from buildfile

---
 data/Dockerfiles/clamd/Dockerfile | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/data/Dockerfiles/clamd/Dockerfile b/data/Dockerfiles/clamd/Dockerfile
index 4392c84e5..12158160d 100644
--- a/data/Dockerfiles/clamd/Dockerfile
+++ b/data/Dockerfiles/clamd/Dockerfile
@@ -74,9 +74,6 @@ FROM alpine:3.21
 
 LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
-EXPOSE 3310
-EXPOSE 7357
-
 RUN apk upgrade --no-cache \
   && apk add --update --no-cache \
     tzdata \

From 1a087bb2c8a1f5866f698629f070e8f895e61ec2 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Tue, 28 Jan 2025 14:49:11 +0100
Subject: [PATCH 452/755] clamd: cleanup dockerfile

---
 data/Dockerfiles/clamd/Dockerfile | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/data/Dockerfiles/clamd/Dockerfile b/data/Dockerfiles/clamd/Dockerfile
index 12158160d..e60e7eef1 100644
--- a/data/Dockerfiles/clamd/Dockerfile
+++ b/data/Dockerfiles/clamd/Dockerfile
@@ -27,11 +27,9 @@ RUN apk upgrade --no-cache \
     cargo \
     rust
 
-RUN mkdir -p /src \
-  && wget -P /src https://www.clamav.net/downloads/production/clamav-${CLAMD_VERSION}.tar.gz \
+RUN wget -P /src https://www.clamav.net/downloads/production/clamav-${CLAMD_VERSION}.tar.gz \
   && tar xzfv /src/clamav-${CLAMD_VERSION}.tar.gz \
   && cd /src/clamav-${CLAMD_VERSION} \
-  && mkdir build \
   && cmake . \
   -D CMAKE_BUILD_TYPE="Release"                                                       \
   -D CMAKE_INSTALL_PREFIX="/usr"                                                      \

From f92ddd86c543d115aab78bf5b3fe7e6414136a52 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 29 Jan 2025 09:49:04 +0100
Subject: [PATCH 453/755] clamd: update to 1.4.2 + build from source instead
 using alpine packages (#6273)

* clamd: update to 1.4.2 + build from source instead using alpine packages

* clamd: remove exposed ports from buildfile

* clamd: cleanup dockerfile
---
 data/Dockerfiles/clamd/Dockerfile | 97 +++++++++++++++++++++++++++++--
 data/Dockerfiles/clamd/clamd.sh   |  1 +
 docker-compose.yml                |  2 +-
 3 files changed, 93 insertions(+), 7 deletions(-)

diff --git a/data/Dockerfiles/clamd/Dockerfile b/data/Dockerfiles/clamd/Dockerfile
index 1850d4bed..e60e7eef1 100644
--- a/data/Dockerfiles/clamd/Dockerfile
+++ b/data/Dockerfiles/clamd/Dockerfile
@@ -1,14 +1,99 @@
-FROM alpine:3.20
+FROM alpine:3.21 AS builder
+
+WORKDIR /src
+ENV CLAMD_VERSION=1.4.2
+
+RUN apk upgrade --no-cache \
+  && apk add --update --no-cache \
+    g++ \
+    gcc \
+    gdb \
+    make \
+    cmake \
+    py3-pytest \
+    python3 \
+    valgrind \
+    bzip2-dev \
+    check-dev \
+    curl-dev \
+    json-c-dev \
+    libmilter-dev \
+    libxml2-dev \
+    linux-headers \
+    ncurses-dev \
+    openssl-dev \
+    pcre2-dev \
+    zlib-dev \
+    cargo \
+    rust
+
+RUN wget -P /src https://www.clamav.net/downloads/production/clamav-${CLAMD_VERSION}.tar.gz \
+  && tar xzfv /src/clamav-${CLAMD_VERSION}.tar.gz \
+  && cd /src/clamav-${CLAMD_VERSION} \
+  && cmake . \
+  -D CMAKE_BUILD_TYPE="Release"                                                       \
+  -D CMAKE_INSTALL_PREFIX="/usr"                                                      \
+  -D CMAKE_INSTALL_LIBDIR="/usr/lib"                                                  \
+  -D APP_CONFIG_DIRECTORY="/etc/clamav"                                               \
+  -D DATABASE_DIRECTORY="/var/lib/clamav"                                             \
+  -D ENABLE_CLAMONACC=OFF                                                             \
+  -D ENABLE_EXAMPLES=OFF                                                              \
+  -D ENABLE_MILTER=ON                                                                 \
+  -D ENABLE_MAN_PAGES=OFF                                                             \
+  -D ENABLE_STATIC_LIB=OFF                                                            \
+  -D ENABLE_JSON_SHARED=ON                                                            \ 
+  && cmake --build . \
+  && make DESTDIR="/clamav" -j$(($(nproc) - 1)) install \
+  && rm -r "/clamav/usr/lib/pkgconfig/" \
+  && sed -e "s|^\(Example\)|\# \1|" \
+    -e "s|.*\(LocalSocket\) .*|\1 /tmp/clamd.sock|" \
+    -e "s|.*\(TCPSocket\) .*|\1 3310|" \
+    -e "s|.*\(TCPAddr\) .*|#\1 0.0.0.0|" \
+    -e "s|.*\(User\) .*|\1 clamav|" \
+    -e "s|^\#\(LogFile\) .*|\1 /var/log/clamav/clamd.log|" \
+    -e "s|^\#\(LogTime\).*|\1 yes|" \
+    "/clamav/etc/clamav/clamd.conf.sample" > "/clamav/etc/clamav/clamd.conf" \
+  && sed -e "s|^\(Example\)|\# \1|" \
+    -e "s|.*\(DatabaseOwner\) .*|\1 clamav|" \
+    -e "s|^\#\(UpdateLogFile\) .*|\1 /var/log/clamav/freshclam.log|" \
+    -e "s|^\#\(NotifyClamd\).*|\1 /etc/clamav/clamd.conf|" \
+    -e "s|^\#\(ScriptedUpdates\).*|\1 yes|" \
+    "/clamav/etc/clamav/freshclam.conf.sample" > "/clamav/etc/clamav/freshclam.conf" \
+  && sed -e "s|^\(Example\)|\# \1|" \
+  -e "s|.*\(MilterSocket\) .*|\1 inet:7357|" \
+  -e "s|.*\(User\) .*|\1 clamav|" \
+  -e "s|^\#\(LogFile\) .*|\1 /var/log/clamav/milter.log|" \
+  -e "s|^\#\(LogTime\).*|\1 yes|" \
+  -e "s|.*\(\ClamdSocket\) .*|\1 unix:/tmp/clamd.sock|" \
+  "/clamav/etc/clamav/clamav-milter.conf.sample" > "/clamav/etc/clamav/clamav-milter.conf" || exit 1
+
+
+FROM alpine:3.21
 
 LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
 RUN apk upgrade --no-cache \
   && apk add --update --no-cache \
-  rsync \
-  clamav \
-  bind-tools \
-  bash \
-  tini
+    tzdata \
+    rsync \
+    bind-tools \
+    bash \
+    tini \
+    json-c \
+    libbz2 \
+    libcurl \
+    libmilter \
+    libxml2 \
+    ncurses-libs \
+    pcre2 \
+    zlib \
+    libgcc \
+  && addgroup -S "clamav" && \
+    adduser -D -G "clamav" -h "/var/lib/clamav" -s "/bin/false" -S "clamav" && \
+    install -d -m 755 -g "clamav" -o "clamav" "/var/log/clamav" && \
+    chown -R clamav:clamav /var/lib/clamav
+
+COPY --from=builder "/clamav" "/"
 
 # init
 COPY clamd.sh /clamd.sh
diff --git a/data/Dockerfiles/clamd/clamd.sh b/data/Dockerfiles/clamd/clamd.sh
index 10df8072b..2c6e75dc6 100755
--- a/data/Dockerfiles/clamd/clamd.sh
+++ b/data/Dockerfiles/clamd/clamd.sh
@@ -91,6 +91,7 @@ done
 ) &
 BACKGROUND_TASKS+=($!)
 
+echo "$(clamd -V) is starting... please wait a moment."
 nice -n10 clamd &
 BACKGROUND_TASKS+=($!)
 
diff --git a/docker-compose.yml b/docker-compose.yml
index cd85304b4..706a02309 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -64,7 +64,7 @@ services:
             - redis
 
     clamd-mailcow:
-      image: mailcow/clamd:1.66
+      image: mailcow/clamd:1.70
       restart: always
       depends_on:
         unbound-mailcow:

From 0ad327bbe56a8a14d1de2ed88343b571f343d127 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 29 Jan 2025 09:51:45 +0100
Subject: [PATCH 454/755] [Nginx] Use separate vhosts for additional server
 names

---
 data/Dockerfiles/nginx/bootstrap.py     |  6 ++++--
 data/conf/nginx/templates/nginx.conf.j2 | 25 +++++++++++++++++++++++--
 data/web/inc/functions.inc.php          |  2 +-
 docker-compose.yml                      |  2 +-
 4 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/data/Dockerfiles/nginx/bootstrap.py b/data/Dockerfiles/nginx/bootstrap.py
index de7824334..f294e7cce 100644
--- a/data/Dockerfiles/nginx/bootstrap.py
+++ b/data/Dockerfiles/nginx/bootstrap.py
@@ -7,7 +7,7 @@ def includes_conf(env, template_vars):
   listen_plain = "listen_plain.active"
   listen_ssl = "listen_ssl.active"
 
-  server_name_config = f"server_name {template_vars['MAILCOW_HOSTNAME']} autodiscover.* autoconfig.* {template_vars['ADDITIONAL_SERVER_NAMES']};"
+  server_name_config = f"server_name {template_vars['MAILCOW_HOSTNAME']} autodiscover.* autoconfig.* {' '.join(template_vars['ADDITIONAL_SERVER_NAMES'])};"
   listen_plain_config = f"listen {template_vars['HTTP_PORT']};"
   listen_ssl_config = f"listen {template_vars['HTTPS_PORT']};"
   if not template_vars['DISABLE_IPv6']:
@@ -42,6 +42,8 @@ def nginx_conf(env, template_vars):
 
 def prepare_template_vars():
   ipv4_network = os.getenv("IPV4_NETWORK", "172.22.1")
+  additional_server_names = os.getenv("ADDITIONAL_SERVER_NAMES", "")
+
   template_vars = {
     'IPV4_NETWORK': ipv4_network,
     'TRUSTED_NETWORK': os.getenv("TRUSTED_NETWORK", False),
@@ -49,7 +51,7 @@ def prepare_template_vars():
     'SKIP_SOGO': os.getenv("SKIP_SOGO", "n").lower() in ("y", "yes"),
     'NGINX_USE_PROXY_PROTOCOL': os.getenv("NGINX_USE_PROXY_PROTOCOL", "n").lower() in ("y", "yes"),
     'MAILCOW_HOSTNAME': os.getenv("MAILCOW_HOSTNAME", ""),
-    'ADDITIONAL_SERVER_NAMES': os.getenv("ADDITIONAL_SERVER_NAMES", "").replace(',', ' '),
+    'ADDITIONAL_SERVER_NAMES': [item.strip() for item in additional_server_names.split(",")],
     'HTTP_PORT': os.getenv("HTTP_PORT", "80"),
     'HTTPS_PORT': os.getenv("HTTPS_PORT", "443"),
     'SOGOHOST': os.getenv("SOGOHOST", ipv4_network + ".248"),
diff --git a/data/conf/nginx/templates/nginx.conf.j2 b/data/conf/nginx/templates/nginx.conf.j2
index bcb4612bc..b35aeeea3 100644
--- a/data/conf/nginx/templates/nginx.conf.j2
+++ b/data/conf/nginx/templates/nginx.conf.j2
@@ -41,7 +41,7 @@ http {
         https https;
     }
 
-    # Default
+    # Default Server Name
     server {
         listen 127.0.0.1:65510; # sogo-auth verify internal
         listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
@@ -55,11 +55,32 @@ http {
         ssl_certificate /etc/ssl/mail/cert.pem;
         ssl_certificate_key /etc/ssl/mail/key.pem;
 
-        server_name {{ MAILCOW_HOSTNAME }} autodiscover.* autoconfig.* {{ ADDITIONAL_SERVER_NAMES }};
+        server_name {{ MAILCOW_HOSTNAME }} autodiscover.* autoconfig.*;
 
         include /etc/nginx/includes/sites-default.conf;
     }
 
+    # Additional Server Names
+    {% for SERVER_NAME in ADDITIONAL_SERVER_NAMES %}
+    server {
+        listen 127.0.0.1:65510; # sogo-auth verify internal
+        listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
+        listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
+        {% if not DISABLE_IPv6 %}
+        listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
+        listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
+        {%endif%}
+        http2 on;
+
+        ssl_certificate /etc/ssl/mail/cert.pem;
+        ssl_certificate_key /etc/ssl/mail/key.pem;
+
+        server_name {{ SERVER_NAME }};
+
+        include /etc/nginx/includes/sites-default.conf;
+    }
+    {% endfor %}
+
     # rspamd dynmaps:
     server {
         listen 8081;
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 7efbee166..73769d902 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2277,7 +2277,7 @@ function cors($action, $data = null) {
 }
 function getBaseURL() {
   $protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http';
-  $host = $_SERVER['HTTP_HOST'];
+  $host = $_SERVER['SERVER_NAME'];
   $base_url = $protocol . '://' . $host;
 
   return $base_url;
diff --git a/docker-compose.yml b/docker-compose.yml
index a11e02d1a..2b5e85cb9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -372,7 +372,7 @@ services:
         - php-fpm-mailcow
         - sogo-mailcow
         - rspamd-mailcow
-      image: mailcow/nginx:1.01
+      image: mailcow/nginx:1.02
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:

From 244d4b8c4c3973c4c5a88b269aff1a230c160468 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 29 Jan 2025 13:46:53 +0100
Subject: [PATCH 455/755] compose: rollback clamd version until next major...
 accidentally pushed

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 706a02309..cd85304b4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -64,7 +64,7 @@ services:
             - redis
 
     clamd-mailcow:
-      image: mailcow/clamd:1.70
+      image: mailcow/clamd:1.66
       restart: always
       depends_on:
         unbound-mailcow:

From a2e87e0880e8a882cffd47d50d17cd26e3e8846d Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 30 Jan 2025 11:47:55 +0100
Subject: [PATCH 456/755] [Web] Add validation for server_name against allow
 list

---
 data/web/inc/functions.inc.php | 22 +++++++++++++++++++---
 docker-compose.yml             |  1 +
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 73769d902..0a9b94fc2 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2275,9 +2275,25 @@ function cors($action, $data = null) {
     break;
   }
 }
-function getBaseURL() {
-  $protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http';
-  $host = $_SERVER['SERVER_NAME'];
+function getBaseURL($protocol = null) {
+  // Get current server name
+  $host = strtolower($_SERVER['SERVER_NAME']);
+
+  // craft allowed server name list
+  $mailcow_hostname = strtolower(getenv("MAILCOW_HOSTNAME"));
+  $additional_server_names = strtolower(getenv("ADDITIONAL_SERVER_NAMES")) ?: "";
+  $additional_server_names = preg_replace('/\s+/', '', $additional_server_names);
+  $allowed_server_names = $additional_server_names !== "" ? explode(',', $additional_server_names) : array();
+  array_push($allowed_server_names, $mailcow_hostname);
+
+  // Fallback to MAILCOW HOSTNAME if current server name is not in allowed list
+  if (!in_array($host, $allowed_server_names)) {
+    $host = $mailcow_hostname;
+  }
+
+  if (!isset($protocol)) {
+    $protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http';
+  }
   $base_url = $protocol . '://' . $host;
 
   return $base_url;
diff --git a/docker-compose.yml b/docker-compose.yml
index 2b5e85cb9..c5fae01a7 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -174,6 +174,7 @@ services:
         - DEMO_MODE=${DEMO_MODE:-n}
         - WEBAUTHN_ONLY_TRUSTED_VENDORS=${WEBAUTHN_ONLY_TRUSTED_VENDORS:-n}
         - CLUSTERMODE=${CLUSTERMODE:-}
+        - ADDITIONAL_SERVER_NAMES=${ADDITIONAL_SERVER_NAMES:-}
       restart: always
       networks:
         mailcow-network:

From 3a81b84cf7af2ed7787446a154710f0c34ffe92c Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 30 Jan 2025 14:49:18 +0100
Subject: [PATCH 457/755] [Nginx] Fix #6275

---
 data/conf/nginx/templates/sites-default.conf.j2 | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/data/conf/nginx/templates/sites-default.conf.j2 b/data/conf/nginx/templates/sites-default.conf.j2
index 783723bfc..23bce6cea 100644
--- a/data/conf/nginx/templates/sites-default.conf.j2
+++ b/data/conf/nginx/templates/sites-default.conf.j2
@@ -137,13 +137,22 @@ location ~ /(?:m|M)ail/(?:c|C)onfig-v1.1.xml {
 
 {% if not SKIP_RSPAMD %}
 location /rspamd/ {
+    location /rspamd/auth {
+      # proxy_pass is not inherited
+      proxy_pass       http://{{ RSPAMDHOST }}:11334/auth;
+      proxy_intercept_errors on;
+      proxy_set_header Host      $http_host;
+      proxy_set_header X-Forwarded-For {% if not NGINX_USE_PROXY_PROTOCOL %}$proxy_add_x_forwarded_for{% else %}$proxy_protocol_addr{%endif%};
+      proxy_set_header X-Real-IP {% if not NGINX_USE_PROXY_PROTOCOL %}$remote_addr{% else %}$proxy_protocol_addr{%endif%};
+      proxy_redirect off;
+      error_page 401 /_rspamderror.php;
+    }
+
     proxy_pass       http://{{ RSPAMDHOST }}:11334/;
     proxy_set_header Host      $http_host;
     proxy_set_header X-Forwarded-For {% if not NGINX_USE_PROXY_PROTOCOL %}$proxy_add_x_forwarded_for{% else %}$proxy_protocol_addr{%endif%};
     proxy_set_header X-Real-IP {% if not NGINX_USE_PROXY_PROTOCOL %}$remote_addr{% else %}$proxy_protocol_addr{%endif%};
     proxy_redirect off;
-    proxy_intercept_errors on;
-    error_page 401 /_rspamderror.php;
 }
 {% endif %}
 

From aac4c6b5f41abd640436fcb75b9376fedfce5d15 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Fri, 31 Jan 2025 12:49:39 +0100
Subject: [PATCH 458/755] postfix: added master.pid removal and startsecs to
 supervisord (#6284)

---
 data/Dockerfiles/postfix/postfix.sh       | 5 +++++
 data/Dockerfiles/postfix/supervisord.conf | 1 +
 2 files changed, 6 insertions(+)

diff --git a/data/Dockerfiles/postfix/postfix.sh b/data/Dockerfiles/postfix/postfix.sh
index 2960444cb..9a4c023f1 100755
--- a/data/Dockerfiles/postfix/postfix.sh
+++ b/data/Dockerfiles/postfix/postfix.sh
@@ -509,6 +509,11 @@ chgrp -R postdrop /var/spool/postfix/public
 chgrp -R postdrop /var/spool/postfix/maildrop
 postfix set-permissions
 
+# Checking if there is a leftover of a crashed postfix container before starting a new one
+if [ -e /var/spool/postfix/pid/master.pid ]; then
+  rm -rf /var/spool/postfix/pid/master.pid
+fi
+
 # Check Postfix configuration
 postconf -c /opt/postfix/conf > /dev/null
 
diff --git a/data/Dockerfiles/postfix/supervisord.conf b/data/Dockerfiles/postfix/supervisord.conf
index 134a6c6d1..ba70f8edf 100644
--- a/data/Dockerfiles/postfix/supervisord.conf
+++ b/data/Dockerfiles/postfix/supervisord.conf
@@ -18,6 +18,7 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 autorestart=true
+startsecs=10
 
 [eventlistener:processes]
 command=/usr/local/sbin/stop-supervisor.sh

From 83fc2c6387cb5558c929cf5a81fba73a22f08932 Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Fri, 31 Jan 2025 17:20:28 +0100
Subject: [PATCH 459/755] It's github-token now

---
 .github/workflows/check_prs_if_on_staging.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/check_prs_if_on_staging.yml b/.github/workflows/check_prs_if_on_staging.yml
index 7f840c568..d951e2819 100644
--- a/.github/workflows/check_prs_if_on_staging.yml
+++ b/.github/workflows/check_prs_if_on_staging.yml
@@ -12,7 +12,7 @@ jobs:
       - name: Send message
         uses: thollander/actions-comment-pull-request@v3.0.1
         with:
-          GITHUB_TOKEN: ${{ secrets.CHECKIFPRISSTAGING_ACTION_PAT }}
+          github-token: ${{ secrets.CHECKIFPRISSTAGING_ACTION_PAT }}
           message: |
                    Thanks for contributing!
 

From 41ba7d97fa943ea7f6709cbb72eeb135bfc13300 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sat, 1 Feb 2025 17:06:07 +0100
Subject: [PATCH 460/755] update postscreen_access.cidr (#6287)

---
 data/conf/postfix/postscreen_access.cidr | 33 +++++++++++-------------
 1 file changed, 15 insertions(+), 18 deletions(-)

diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr
index 741b32298..69be54247 100644
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@@ -1,6 +1,6 @@
-# Whitelist generated by Postwhite v3.4 on Wed Jan  1 00:18:52 UTC 2025
+# Whitelist generated by Postwhite v3.4 on Sat Feb  1 00:18:03 UTC 2025
 # https://github.com/stevejenkins/postwhite/
-# 2014 total rules
+# 1984 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
 2a01:111:f403:8000::/50	permit
@@ -19,10 +19,6 @@
 8.20.114.31	permit
 8.25.194.0/23	permit
 8.25.196.0/23	permit
-8.39.54.0/23	permit
-8.39.54.250/31	permit
-8.40.222.0/23	permit
-8.40.222.250/31	permit
 10.162.0.0/16	permit
 12.130.86.238	permit
 13.110.208.0/21	permit
@@ -98,6 +94,7 @@
 27.123.206.76/30	permit
 27.123.206.80/28	permit
 31.25.48.222	permit
+31.47.251.17	permit
 34.195.217.107	permit
 34.212.163.75	permit
 34.215.104.144	permit
@@ -110,6 +107,7 @@
 35.191.0.0/16	permit
 35.205.92.9	permit
 35.242.169.159	permit
+37.188.97.188	permit
 37.218.248.47	permit
 37.218.249.47	permit
 37.218.251.62	permit
@@ -448,6 +446,7 @@
 69.171.244.0/23	permit
 70.37.151.128/25	permit
 70.42.149.35	permit
+72.3.185.0/24	permit
 72.14.192.0/18	permit
 72.21.192.0/19	permit
 72.21.217.142	permit
@@ -508,6 +507,9 @@
 72.30.239.228/31	permit
 72.30.239.244/30	permit
 72.30.239.248/31	permit
+72.32.154.0/24	permit
+72.32.217.0/24	permit
+72.32.243.0/24	permit
 72.52.72.32/28	permit
 74.6.128.0/24	permit
 74.6.129.0/24	permit
@@ -623,6 +625,7 @@
 89.22.108.0/24	permit
 91.211.240.0/22	permit
 94.169.2.0/23	permit
+94.236.119.0/26	permit
 94.245.112.0/27	permit
 94.245.112.10/31	permit
 95.131.104.0/21	permit
@@ -1121,6 +1124,7 @@
 103.28.42.0/24	permit
 103.151.192.0/23	permit
 103.168.172.128/27	permit
+103.237.104.0/22	permit
 104.43.243.237	permit
 104.44.112.128/25	permit
 104.47.0.0/17	permit
@@ -1335,6 +1339,8 @@
 130.61.9.72	permit
 130.162.39.83	permit
 130.211.0.0/22	permit
+130.248.172.0/24	permit
+130.248.173.0/24	permit
 131.253.30.0/24	permit
 131.253.121.0/26	permit
 132.145.13.209	permit
@@ -1476,9 +1482,6 @@
 163.114.135.16	permit
 164.152.23.32	permit
 164.177.132.168/30	permit
-165.173.128.0/24	permit
-165.173.180.250/31	permit
-165.173.182.250/31	permit
 166.78.68.0/22	permit
 166.78.68.221	permit
 166.78.69.169	permit
@@ -1507,12 +1510,6 @@
 168.245.12.252	permit
 168.245.46.9	permit
 168.245.127.231	permit
-169.148.129.0/24	permit
-169.148.131.0/24	permit
-169.148.142.10	permit
-169.148.144.0/25	permit
-169.148.144.10	permit
-169.148.146.0/23	permit
 170.10.128.0/24	permit
 170.10.129.0/24	permit
 170.10.132.56/29	permit
@@ -1553,6 +1550,7 @@
 183.240.219.64/29	permit
 185.4.120.0/22	permit
 185.12.80.0/22	permit
+185.28.196.0/22	permit
 185.58.84.93	permit
 185.80.93.204	permit
 185.80.93.227	permit
@@ -1618,6 +1616,7 @@
 192.18.139.154	permit
 192.18.145.36	permit
 192.18.152.58	permit
+192.28.128.0/18	permit
 192.29.103.128/25	permit
 192.30.252.0/22	permit
 192.161.144.0/20	permit
@@ -1658,6 +1657,7 @@
 198.244.60.0/22	permit
 198.245.80.0/20	permit
 198.245.81.0/24	permit
+199.15.212.0/22	permit
 199.15.213.187	permit
 199.15.226.37	permit
 199.16.156.0/22	permit
@@ -1972,9 +1972,6 @@
 2603:1030:20e:3::23c	permit
 2603:1030:b:3::152	permit
 2603:1030:c02:8::14	permit
-2607:13c0:0001:0000:0000:0000:0000:7000/116	permit
-2607:13c0:0002:0000:0000:0000:0000:1000/116	permit
-2607:13c0:0004:0000:0000:0000:0000:0000/116	permit
 2607:f8b0:4000::/36	permit
 2620:109:c003:104::/64	permit
 2620:109:c003:104::215	permit

From e645f931dc04c8b8754927d90275a2e77a03931d Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 3 Feb 2025 12:05:08 +0100
Subject: [PATCH 461/755] [Nginx] Add env var for HTTP to HTTPS redirection

---
 data/Dockerfiles/nginx/bootstrap.py     |  1 +
 data/conf/nginx/templates/nginx.conf.j2 | 40 +++++++++++++++++++++++++
 docker-compose.yml                      |  1 +
 generate_config.sh                      |  3 ++
 update.sh                               |  9 +++++-
 5 files changed, 53 insertions(+), 1 deletion(-)

diff --git a/data/Dockerfiles/nginx/bootstrap.py b/data/Dockerfiles/nginx/bootstrap.py
index f294e7cce..aa85c8b2b 100644
--- a/data/Dockerfiles/nginx/bootstrap.py
+++ b/data/Dockerfiles/nginx/bootstrap.py
@@ -58,6 +58,7 @@ def prepare_template_vars():
     'RSPAMDHOST': os.getenv("RSPAMDHOST", "rspamd-mailcow"),
     'PHPFPMHOST': os.getenv("PHPFPMHOST", "php-fpm-mailcow"),
     'DISABLE_IPv6': os.getenv("DISABLE_IPv6", "n").lower() in ("y", "yes"),
+    'HTTP_REDIRECT': os.getenv("HTTP_REDIRECT", "n").lower() in ("y", "yes"),
   }
 
   ssl_dir = '/etc/ssl/mail/'
diff --git a/data/conf/nginx/templates/nginx.conf.j2 b/data/conf/nginx/templates/nginx.conf.j2
index b35aeeea3..2bb601c50 100644
--- a/data/conf/nginx/templates/nginx.conf.j2
+++ b/data/conf/nginx/templates/nginx.conf.j2
@@ -41,15 +41,42 @@ http {
         https https;
     }
 
+    {% if HTTP_REDIRECT %}
+    # HTTP to HTTPS redirect
+    server {
+        root /web;
+        listen {{ HTTP_PORT }} default_server;
+        listen [::]:{{ HTTP_PORT }} default_server;
+
+        server_name {{ MAILCOW_HOSTNAME }} autodiscover.* autoconfig.* {{ ADDITIONAL_SERVER_NAMES | join(' ') }};
+
+        if ( $request_uri ~* "%0A|%0D" ) { return 403; }
+        location ^~ /.well-known/acme-challenge/ {
+            allow all;
+            default_type "text/plain";
+        }
+        location / {
+            return 301 https://$host$uri$is_args$args;
+        }
+    }
+    {%endif%}
+
     # Default Server Name
     server {
         listen 127.0.0.1:65510; # sogo-auth verify internal
+
+        {% if not HTTP_REDIRECT %}
         listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
+        {%endif%}
         listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
+
         {% if not DISABLE_IPv6 %}
+        {% if not HTTP_REDIRECT %}
         listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
+        {%endif%}
         listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
         {%endif%}
+
         http2 on;
 
         ssl_certificate /etc/ssl/mail/cert.pem;
@@ -64,12 +91,19 @@ http {
     {% for SERVER_NAME in ADDITIONAL_SERVER_NAMES %}
     server {
         listen 127.0.0.1:65510; # sogo-auth verify internal
+
+        {% if not HTTP_REDIRECT %}
         listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
+        {%endif%}
         listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
+
         {% if not DISABLE_IPv6 %}
+        {% if not HTTP_REDIRECT %}
         listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
+        {%endif%}
         listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
         {%endif%}
+
         http2 on;
 
         ssl_certificate /etc/ssl/mail/cert.pem;
@@ -127,12 +161,18 @@ http {
 
     {% for cert in valid_cert_dirs %}
     server {
+        {% if not HTTP_REDIRECT %}
         listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
+        {%endif%}
         listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
+
         {% if not DISABLE_IPv6 %}
+        {% if not HTTP_REDIRECT %}
         listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
+        {%endif%}
         listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
         {%endif%}
+
         http2 on;
 
         ssl_certificate {{ cert.cert_path }}cert.pem;
diff --git a/docker-compose.yml b/docker-compose.yml
index 626c957c0..421610bac 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -385,6 +385,7 @@ services:
         - SKIP_SOGO=${SKIP_SOGO:-n}
         - SKIP_RSPAMD=${SKIP_RSPAMD:-n}
         - DISABLE_IPv6=${DISABLE_IPv6:-n}
+        - HTTP_REDIRECT=${HTTP_REDIRECT:-n}
         - PHPFPMHOST=${PHPFPMHOST:-}
         - SOGOHOST=${SOGOHOST:-}
         - RSPAMDHOST=${RSPAMDHOST:-}
diff --git a/generate_config.sh b/generate_config.sh
index 8f03e3899..e3faf7bb7 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -267,6 +267,9 @@ HTTP_BIND=
 HTTPS_PORT=443
 HTTPS_BIND=
 
+# Redirect HTTP connections to HTTPS - y/n
+HTTP_REDIRECT=n
+
 # ------------------------------
 # Other bindings
 # ------------------------------
diff --git a/update.sh b/update.sh
index 4240dad37..c11179c5e 100755
--- a/update.sh
+++ b/update.sh
@@ -352,6 +352,7 @@ adapt_new_options() {
   "SPAMHAUS_DQS_KEY"
   "SKIP_UNBOUND_HEALTHCHECK"
   "DISABLE_NETFILTER_ISOLATION_RULE"
+  "HTTP_REDIRECT"
   )
 
   sed -i --follow-symlinks '$a\' mailcow.conf
@@ -637,7 +638,13 @@ adapt_new_options() {
         echo '# Prevent netfilter from setting an iptables/nftables rule to isolate the mailcow docker network - y/n' >> mailcow.conf
         echo '# CAUTION: Disabling this may expose container ports to other neighbors on the same subnet, even if the ports are bound to localhost' >> mailcow.conf
         echo 'DISABLE_NETFILTER_ISOLATION_RULE=n' >> mailcow.conf
-      fi 
+      fi
+    elif [[ ${option} == "HTTP_REDIRECT" ]]; then
+      if ! grep -q ${option} mailcow.conf; then
+        echo "Adding new option \"${option}\" to mailcow.conf"
+        echo '# Redirect HTTP connections to HTTPS - y/n' >> mailcow.conf
+        echo 'HTTP_REDIRECT=n' >> mailcow.conf
+      fi
     elif ! grep -q ${option} mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo "${option}=n" >> mailcow.conf

From 97890b71f1f328fe3c9a101a6eece7e3bdb954e6 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 3 Feb 2025 12:22:13 +0100
Subject: [PATCH 462/755] [Nginx] Invert SKIP container condition

---
 data/Dockerfiles/nginx/docker-entrypoint.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/nginx/docker-entrypoint.sh b/data/Dockerfiles/nginx/docker-entrypoint.sh
index ea2e048e9..45e327ede 100755
--- a/data/Dockerfiles/nginx/docker-entrypoint.sh
+++ b/data/Dockerfiles/nginx/docker-entrypoint.sh
@@ -8,13 +8,13 @@ until ping ${PHPFPMHOST} -c1 > /dev/null; do
   echo "Waiting for PHP..."
   sleep 1
 done
-if printf "%s\n" "${SKIP_SOGO}" | grep -E '^([yY][eE][sS]|[yY])+$' >/dev/null; then
+if ! printf "%s\n" "${SKIP_SOGO}" | grep -E '^([yY][eE][sS]|[yY])+$' >/dev/null; then
   until ping ${SOGOHOST} -c1 > /dev/null; do
     echo "Waiting for SOGo..."
     sleep 1
   done
 fi
-if printf "%s\n" "${SKIP_RSPAMD}" | grep -E '^([yY][eE][sS]|[yY])+$' >/dev/null; then
+if ! printf "%s\n" "${SKIP_RSPAMD}" | grep -E '^([yY][eE][sS]|[yY])+$' >/dev/null; then
   until ping ${RSPAMDHOST} -c1 > /dev/null; do
     echo "Waiting for Rspamd..."
     sleep 1

From 3544a2246eaa60a1218fac7d55f5feb453ee8dc2 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 4 Feb 2025 13:30:00 +0100
Subject: [PATCH 463/755] [Nginx] fix ADDITIONAL_SERVER_NAMES array

---
 data/Dockerfiles/nginx/bootstrap.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/nginx/bootstrap.py b/data/Dockerfiles/nginx/bootstrap.py
index aa85c8b2b..ab95c2a6b 100644
--- a/data/Dockerfiles/nginx/bootstrap.py
+++ b/data/Dockerfiles/nginx/bootstrap.py
@@ -51,7 +51,7 @@ def prepare_template_vars():
     'SKIP_SOGO': os.getenv("SKIP_SOGO", "n").lower() in ("y", "yes"),
     'NGINX_USE_PROXY_PROTOCOL': os.getenv("NGINX_USE_PROXY_PROTOCOL", "n").lower() in ("y", "yes"),
     'MAILCOW_HOSTNAME': os.getenv("MAILCOW_HOSTNAME", ""),
-    'ADDITIONAL_SERVER_NAMES': [item.strip() for item in additional_server_names.split(",")],
+    'ADDITIONAL_SERVER_NAMES': [item.strip() for item in additional_server_names.split(",") if item.strip()],
     'HTTP_PORT': os.getenv("HTTP_PORT", "80"),
     'HTTPS_PORT': os.getenv("HTTPS_PORT", "443"),
     'SOGOHOST': os.getenv("SOGOHOST", ipv4_network + ".248"),

From f0016eeecdaa74ad28d3e63914895d05f43c8196 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 7 Feb 2025 14:19:20 +0100
Subject: [PATCH 464/755] [Web] Add german translation for idp settings

---
 data/web/lang/lang.de-de.json                 | 37 +++++++++++++++++++
 data/web/lang/lang.en-gb.json                 |  3 ++
 .../admin/tab-config-identity-provider.twig   |  8 ++--
 data/web/templates/admin_index.twig           |  2 +-
 data/web/templates/domainadmin_index.twig     |  2 +-
 data/web/templates/user_index.twig            |  2 +-
 6 files changed, 47 insertions(+), 7 deletions(-)

diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 782e4e689..8e164b444 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -206,6 +206,39 @@
         "help_text": "Hilfstext unter Login-Maske (HTML ist zulässig)",
         "host": "Host",
         "html": "HTML",
+        "iam": "Identity Provider",
+        "iam_attribute_field": "Attribut Feld",
+        "iam_authorize_url": "Authorization Endpunkt",
+        "iam_auth_flow": "Authentication Flow",
+        "iam_auth_flow_info": "Zusätzlich zum Authorization Code Flow (dem Standard-Flow in Keycloak), der für Single-Sign-On-Logins verwendet wird, unterstützt mailcow auch den Authentication Flow mit direkten Anmeldeinformationen. Der Mailpassword Flow versucht, die Anmeldedaten des Benutzers über die Keycloak Admin REST API zu validieren. Dabei ruft mailcow das gehashte Passwort aus dem <code>mailcow_password</code> Attribut ab, das in Keycloak zugewiesen ist.",
+        "iam_basedn": "Base DN",
+        "iam_client_id": "Client ID",
+        "iam_client_secret": "Client Secret",
+        "iam_client_scopes": "Client Scopes",
+        "iam_description": "Konfiguriere einen externen Identity Provider für die Authentifizierung<br>Die Mailboxen der Benutzer werden bei ihrer ersten Anmeldung automatisch erstellt, vorausgesetzt, dass ein Attribut Mapping festgelegt wurde.",
+        "iam_extra_permission": "Damit die folgenden Einstellungen funktionieren, benötigt der mailcow Client in Keycloak ein <code>Service-Konto</code> und die Berechtigung <code>view-users</code>.",
+        "iam_host": "Host",
+        "iam_host_info": "Gib einen oder mehrere LDAP-Hosts ein, getrennt durch Kommas.",
+        "iam_import_users": "Import Users",
+        "iam_mapping": "Attribut Mapping",
+        "iam_bindpass": "Bind Passwort",
+        "iam_periodic_full_sync": "Periodic Full Sync",
+        "iam_port": "Port",
+        "iam_realm": "Realm",
+        "iam_redirect_url": "Redirect Url",
+        "iam_rest_flow": "Mailpassword Flow",
+        "iam_server_url": "Server Url",
+        "iam_sso": "Single Sign-On",
+        "iam_sync_interval": "Sync / Import interval (min)",
+        "iam_test_connection": "Verbindung Testen",
+        "iam_token_url": "Token Endpunkt",
+        "iam_userinfo_url": "User info Endpunkt",
+        "iam_username_field": "Username Feld",
+        "iam_binddn": "Bind DN",
+        "iam_use_ssl": "Benutze SSL",
+        "iam_use_tls": "Benutze TLS",
+        "iam_version": "Version",
+        "ignore_ssl_error": "Ignoriere SSL Errors",
         "import": "Importieren",
         "import_private_key": "Private Key importieren",
         "in_use_by": "Verwendet von",
@@ -403,6 +436,7 @@
         "goto_empty": "Eine Alias-Adresse muss auf mindestens eine gültige Ziel-Adresse zeigen",
         "goto_invalid": "Ziel-Adresse %s ist ungültig",
         "ham_learn_error": "Ham Lernfehler: %s",
+        "iam_test_connection": "Verbindung fehlgeschlagen",
         "imagick_exception": "Fataler Bildverarbeitungsfehler",
         "img_dimensions_exceeded": "Grafik überschreitet die maximale Bildgröße",
         "img_invalid": "Grafik konnte nicht validiert werden",
@@ -766,6 +800,9 @@
         "forgot_password": "> Passwort vergessen?",
         "invalid_pass_reset_token": "Der Rücksetz-Token für das Passwort ist ungültig oder abgelaufen.<br>Bitte fordern Sie einen neuen Link zur Passwortwiederherstellung an.",
         "login": "Anmelden",
+        "login_user": "Benutzer Anmelden",
+        "login_dadmin": "Domain-Administrator Anmelden",
+        "login_admin": "Administrator Anmelden",
         "mobileconfig_info": "Bitte als Mailbox-Benutzer einloggen, um das Verbindungsprofil herunterzuladen.",
         "new_password": "Neues Passwort",
         "new_password_confirm": "Neues Passwort bestätigen",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 6d3580e16..362262bff 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -804,6 +804,9 @@
         "forgot_password": "> Forgot Password?",
         "invalid_pass_reset_token": "The reset password token is invalid or has expired.<br>Please request a new password reset link.",
         "login": "Login",
+        "login_user": "User Login",
+        "login_dadmin": "Domain-Administrator Login",
+        "login_admin": "Administrator Login",
         "mobileconfig_info": "Please login as mailbox user to download the requested Apple connection profile.",
         "new_password": "New Password",
         "new_password_confirm": "Confirm new password",
diff --git a/data/web/templates/admin/tab-config-identity-provider.twig b/data/web/templates/admin/tab-config-identity-provider.twig
index e2cea7fa2..3381fe4d6 100644
--- a/data/web/templates/admin/tab-config-identity-provider.twig
+++ b/data/web/templates/admin/tab-config-identity-provider.twig
@@ -84,7 +84,7 @@
             </div>
             <div class="col-12 col-md-9 col-lg-4">
               <div class="row px-2 align-items-center">
-                <span class="col-5 p-0 pe-2">Attribute</span>
+                <span class="col-5 p-0 pe-2">{{ lang.user.attribute }}</span>
                 <span class="col-5 p-0 pe-2">{{ lang.mailbox.template }}</span>
                 <div class="col-2 p-0 d-flex">
                   <button class="btn btn-sm d-block d-sm-inline btn-secondary ms-auto iam_rolemap_add_keycloak"><i class="bi bi-plus-lg"></i></button>
@@ -274,8 +274,8 @@
             </div>
             <div class="col-12 col-md-9 col-lg-4">
               <div class="row px-2 align-items-center">
-                <span class="col-5 p-0 pe-2">Attribute</span>
-                <span class="col-5 p-0 pe-2">Template</span>
+                <span class="col-5 p-0 pe-2">{{ lang.user.attribute }}</span>
+                <span class="col-5 p-0 pe-2">{{ lang.mailbox.template }}</span>
                 <div class="col-2 p-0 d-flex">
                   <button class="btn btn-sm d-block d-sm-inline btn-secondary ms-auto iam_rolemap_add_generic"><i class="bi bi-plus-lg"></i></button>
                 </div>
@@ -454,7 +454,7 @@
             </div>
             <div class="col-12 col-md-9 col-lg-4">
               <div class="row px-2 align-items-center">
-                <span class="col-5 p-0 pe-2">Attribute</span>
+                <span class="col-5 p-0 pe-2">{{ lang.user.attribute }}</span>
                 <span class="col-5 p-0 pe-2">{{ lang.mailbox.template }}</span>
                 <div class="col-2 p-0 d-flex">
                   <button class="btn btn-sm d-block d-sm-inline btn-secondary ms-auto iam_rolemap_add_ldap"><i class="bi bi-plus-lg"></i></button>
diff --git a/data/web/templates/admin_index.twig b/data/web/templates/admin_index.twig
index 4127a6a21..93a892842 100644
--- a/data/web/templates/admin_index.twig
+++ b/data/web/templates/admin_index.twig
@@ -7,7 +7,7 @@
   <div class="col-12 col-md-7 col-lg-6 col-xl-5 ms-auto me-auto">
     <div class="card">
       <div class="card-header d-flex align-items-center">
-        <i class="bi bi-person-fill me-2"></i> {{ lang.login.login }}
+        <i class="bi bi-person-fill me-2"></i> {{ lang.login.login_admin }}
         <div class="ms-auto form-check form-switch my-auto d-flex align-items-center">
           <label class="form-check-label"><i class="bi bi-moon-fill"></i></label>
           <input class="form-check-input ms-2" type="checkbox" id="dark-mode-toggle">
diff --git a/data/web/templates/domainadmin_index.twig b/data/web/templates/domainadmin_index.twig
index 4127a6a21..41a9f2597 100644
--- a/data/web/templates/domainadmin_index.twig
+++ b/data/web/templates/domainadmin_index.twig
@@ -7,7 +7,7 @@
   <div class="col-12 col-md-7 col-lg-6 col-xl-5 ms-auto me-auto">
     <div class="card">
       <div class="card-header d-flex align-items-center">
-        <i class="bi bi-person-fill me-2"></i> {{ lang.login.login }}
+        <i class="bi bi-person-fill me-2"></i> {{ lang.login.login_dadmin }}
         <div class="ms-auto form-check form-switch my-auto d-flex align-items-center">
           <label class="form-check-label"><i class="bi bi-moon-fill"></i></label>
           <input class="form-check-input ms-2" type="checkbox" id="dark-mode-toggle">
diff --git a/data/web/templates/user_index.twig b/data/web/templates/user_index.twig
index 07274e6bd..950482c9a 100644
--- a/data/web/templates/user_index.twig
+++ b/data/web/templates/user_index.twig
@@ -7,7 +7,7 @@
   <div class="col-12 col-md-7 col-lg-6 col-xl-5 ms-auto me-auto">
     <div class="card">
       <div class="card-header d-flex align-items-center">
-        <i class="bi bi-person-fill me-2"></i> {{ lang.login.login }}
+        <i class="bi bi-person-fill me-2"></i> {{ lang.login.login_user }}
         <div class="ms-auto form-check form-switch my-auto d-flex align-items-center">
           <label class="form-check-label"><i class="bi bi-moon-fill"></i></label>
           <input class="form-check-input ms-2" type="checkbox" id="dark-mode-toggle">

From 55dcae4a01998b3d9ed861a3f833b6b4df2567e0 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 7 Feb 2025 15:05:43 +0100
Subject: [PATCH 465/755] [Web] Fix Generic-OIDC connection test

---
 data/web/inc/functions.inc.php | 30 ++++++++++++++++++++++++------
 data/web/lang/lang.de-de.json  |  1 +
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index a434582c5..7969c6bb4 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2337,12 +2337,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
 
       switch ($_data['authsource']) {
         case 'keycloak':
-        case 'generic-oidc':
-          if ($_data['authsource'] == 'keycloak') {
-            $url = "{$_data['server_url']}/realms/{$_data['realm']}/protocol/openid-connect/token";
-          } else {
-            $url = $_data['token_url'];
-          }
+          $url = "{$_data['server_url']}/realms/{$_data['realm']}/protocol/openid-connect/token";
           $req = http_build_query(array(
             'grant_type'    => 'client_credentials',
             'client_id'     => $_data['client_id'],
@@ -2355,6 +2350,29 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
           curl_setopt($curl, CURLOPT_POSTFIELDS, $req);
           curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
           curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
+          if ($_data['ignore_ssl_error'] == "1"){
+            curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
+            curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
+          }
+          $res = curl_exec($curl);
+          $code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
+          curl_close ($curl);
+
+          if ($code != 200) {
+            return false;
+          }
+        break;
+        case 'generic-oidc':
+          $url = $_data['token_url'];
+          $curl = curl_init();
+          curl_setopt($curl, CURLOPT_URL, $url);
+          curl_setopt($curl, CURLOPT_TIMEOUT, 7);
+          curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
+          curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "OPTIONS");
+          if ($_data['ignore_ssl_error'] == "1"){
+            curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
+            curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
+          }
           $res = curl_exec($curl);
           $code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
           curl_close ($curl);
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 8e164b444..9c54d3fc8 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -1114,6 +1114,7 @@
         "forwarding_host_removed": "Weiterleitungs-Host %s wurde entfernt",
         "global_filter_written": "Filterdatei wurde erfolgreich geschrieben",
         "hash_deleted": "Hash wurde gelöscht",
+        "iam_test_connection": "Verbindung erfolgreich",
         "ip_check_opt_in_modified": "IP Check wurde erfolgreich gespeichert",
         "item_deleted": "Objekt %s wurde entfernt",
         "item_released": "Objekt %s freigegeben",

From 743e88fd67c35759686ef8e81c26e5d0d6810419 Mon Sep 17 00:00:00 2001
From: Henry Williams <github@digitalhen.com>
Date: Tue, 11 Feb 2025 07:55:03 -0500
Subject: [PATCH 466/755] Update generate_config.sh version checking for wider
 compatibility (#6270)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Update generate_config.sh version checking for wider compatibility

fix: replace `grep -oP` with `grep -oE` for broader compatibility

The `-P` option (Perl-compatible regex) is not supported in all versions of `grep`, particularly the default BSD `grep` on macOS. This change replaces `-P` with `-E` (extended regex), which is more widely available and ensures compatibility across different environments.

Tested on macOS and Linux.

* Update generate_config.sh to remove use of platform dependent grep

Replaced version checking using free-form text. Instead, uses Docker’s built-in templating instead of parsing free-form text. This gives cross-platform consistency without dependency on particular versions of grep.
---
 generate_config.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/generate_config.sh b/generate_config.sh
index e3faf7bb7..4a4236ed6 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -26,7 +26,7 @@ for bin in openssl curl docker git awk sha1sum grep cut; do
 done
 
 # Check Docker Version (need at least 24.X)
-docker_version=$(docker -v | grep -oP '\d+\.\d+\.\d+' | head -n 1 | cut -d '.' -f 1)
+docker_version=$(docker version --format '{{.Server.Version}}' | cut -d '.' -f 1)
 
 if [[ $docker_version -lt 24 ]]; then
   echo -e "\e[31mCannot find Docker with a Version higher or equals 24.0.0\e[0m"

From 54728bf7809dbeb334d526421857647fe092bff9 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 11 Feb 2025 14:40:38 +0100
Subject: [PATCH 467/755] [Dovecot] Fix create sogo-sso.conf

---
 data/Dockerfiles/dovecot/docker-entrypoint.sh | 7 +++++++
 docker-compose.yml                            | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index 8ab57d20b..85a0bab06 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -206,6 +206,13 @@ RAND_PASS=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 32 | head -n 1)
 echo -n ${RAND_PASS} > /etc/phpfpm/sogo-sso.pass
 # Creating additional creds file for SOGo notify crons (calendars, etc)
 echo -n ${RAND_USER}@mailcow.local:${RAND_PASS} > /etc/sogo/cron.creds
+cat <<EOF > /etc/dovecot/sogo-sso.conf
+# Autogenerated by mailcow
+passdb {
+  driver = static
+  args = allow_real_nets=${IPV4_NETWORK}.248/32 password={plain}${RAND_PASS}
+}
+EOF
 
 if [[ "${MASTER}" =~ ^([nN][oO]|[nN])+$ ]]; then
   # Toggling MASTER will result in a rebuild of containers, so the quota script will be recreated
diff --git a/docker-compose.yml b/docker-compose.yml
index e87dce8f5..a37c6982f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -246,7 +246,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:nightly-20250123
+      image: mailcow/dovecot:nightly-20250211
       depends_on:
         - mysql-mailcow
         - netfilter-mailcow

From ef2f5f7be0c2992580c1290e36d08bb73348600e Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 11 Feb 2025 16:59:18 +0100
Subject: [PATCH 468/755] [Dovecot] Use Redis ACL user quota_notify with
 restricted access

---
 data/Dockerfiles/dovecot/quota_notify.py | 2 +-
 data/conf/redis/redis-conf.sh            | 1 +
 docker-compose.yml                       | 4 ++--
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/data/Dockerfiles/dovecot/quota_notify.py b/data/Dockerfiles/dovecot/quota_notify.py
index c2c73e7a9..598134e22 100755
--- a/data/Dockerfiles/dovecot/quota_notify.py
+++ b/data/Dockerfiles/dovecot/quota_notify.py
@@ -23,7 +23,7 @@ else:
 
 while True:
   try:
-    r = redis.StrictRedis(host='redis', decode_responses=True, port=6379, db=0, password=os.environ['REDISPASS'])
+    r = redis.StrictRedis(host='redis', decode_responses=True, port=6379, db=0, username='quota_notify', password='')
     r.ping()
   except Exception as ex:
     print('%s - trying again...'  % (ex))
diff --git a/data/conf/redis/redis-conf.sh b/data/conf/redis/redis-conf.sh
index 95d50a39a..89b2a3bab 100755
--- a/data/conf/redis/redis-conf.sh
+++ b/data/conf/redis/redis-conf.sh
@@ -2,6 +2,7 @@
 
 cat <<EOF > /redis.conf
 requirepass $REDISPASS
+user quota_notify on nopass ~QW_* -@all +get +hget +ping
 EOF
 
 exec redis-server /redis.conf
diff --git a/docker-compose.yml b/docker-compose.yml
index 421610bac..f43edc0cf 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -43,7 +43,7 @@ services:
 
     redis-mailcow:
       image: redis:7-alpine
-      entrypoint: /redis-conf.sh
+      entrypoint: ["/bin/sh","/redis-conf.sh"]
       volumes:
         - redis-vol-1:/data/
         - ./data/conf/redis/redis-conf.sh:/redis-conf.sh:z
@@ -230,7 +230,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:2.3
+      image: mailcow/dovecot:2.31
       depends_on:
         - mysql-mailcow
         - netfilter-mailcow

From 4ed3017a02267ed8c02baec46da40ad9661aadb1 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 12 Feb 2025 06:56:10 +0100
Subject: [PATCH 469/755] chore(deps): update devops-infra/action-pull-request
 action to v0.6.0 (#6302)

---
 .github/workflows/pr_to_nightly.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr_to_nightly.yml b/.github/workflows/pr_to_nightly.yml
index e629e5e9a..0cf59eeac 100644
--- a/.github/workflows/pr_to_nightly.yml
+++ b/.github/workflows/pr_to_nightly.yml
@@ -12,7 +12,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Run the Action
-        uses: devops-infra/action-pull-request@v0.5.5
+        uses: devops-infra/action-pull-request@v0.6.0
         with:
           github_token: ${{ secrets.PRTONIGHTLY_ACTION_PAT }}
           title: Automatic PR to nightly from ${{ github.event.repository.updated_at}}

From 3912341b326fab912ddf47260640cde89fce3bf5 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 12 Feb 2025 11:31:14 +0100
Subject: [PATCH 470/755] [SOGo] rename custom logo

---
 .gitignore                              | 4 +++-
 data/Dockerfiles/sogo/bootstrap-sogo.sh | 6 +++---
 docker-compose.yml                      | 2 +-
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/.gitignore b/.gitignore
index 7894407ae..c1c5e1b8f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -47,7 +47,9 @@ data/conf/sogo/custom-theme.js
 data/conf/sogo/plist_ldap
 data/conf/sogo/sieve.creds
 data/conf/sogo/cron.creds
-data/conf/sogo/sogo-full.svg
+data/conf/sogo/custom-fulllogo.svg
+data/conf/sogo/custom-shortlogo.svg
+data/conf/sogo/custom-fulllogo.png
 data/gitea/
 data/gogs/
 data/hooks/dovecot/*
diff --git a/data/Dockerfiles/sogo/bootstrap-sogo.sh b/data/Dockerfiles/sogo/bootstrap-sogo.sh
index 51880ea60..9cf36a805 100755
--- a/data/Dockerfiles/sogo/bootstrap-sogo.sh
+++ b/data/Dockerfiles/sogo/bootstrap-sogo.sh
@@ -30,7 +30,7 @@ if [[ "${MASTER}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
   mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP VIEW IF EXISTS sogo_view"
   while [[ ${VIEW_OK} != 'OK' ]]; do
     mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
-CREATE VIEW sogo_view (c_uid, domain, c_name, c_password, c_cn, mail, aliases, ad_aliases, ext_acl, kind, multiple_bookings) AS 
+CREATE VIEW sogo_view (c_uid, domain, c_name, c_password, c_cn, mail, aliases, ad_aliases, ext_acl, kind, multiple_bookings) AS
 SELECT
    mailbox.username,
    mailbox.domain,
@@ -240,8 +240,8 @@ chmod 600 /var/lib/sogo/GNUstep/Defaults/sogod.plist
 #  fi
 #fi
 
-# Copy logo, if any
-[[ -f /etc/sogo/sogo-full.svg ]] && cp /etc/sogo/sogo-full.svg /usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-full.svg
+# Rename custom logo, if any
+[[ -f /etc/sogo/sogo-full.svg ]] && mv /etc/sogo/sogo-full.svg /etc/sogo/custom-fulllogo.svg
 
 # Rsync web content
 echo "Syncing web content with named volume"
diff --git a/docker-compose.yml b/docker-compose.yml
index f5f27ff86..3e413a4f7 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -182,7 +182,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.128
+      image: mailcow/sogo:1.129
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}

From aaa7e4a184e2126bc0fa76e600cebb984aff29dc Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 13 Feb 2025 11:54:55 +0100
Subject: [PATCH 471/755] [Web] Fix incorrect session lifetime in sogo-auth.php

---
 data/web/sogo-auth.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/data/web/sogo-auth.php b/data/web/sogo-auth.php
index 40fff5856..7ccea95d3 100644
--- a/data/web/sogo-auth.php
+++ b/data/web/sogo-auth.php
@@ -72,7 +72,12 @@ elseif (isset($_GET['login'])) {
 // only check for admin-login on sogo GUI requests
 elseif (isset($_SERVER['HTTP_X_ORIGINAL_URI']) && strcasecmp(substr($_SERVER['HTTP_X_ORIGINAL_URI'], 0, 9), "/SOGo/so/") === 0) {
   // this is an nginx auth_request call, we check for existing sogo-sso session variables
-  session_start();
+  require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/vars.inc.php';
+  if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/inc/vars.local.inc.php')) {
+    include_once $_SERVER['DOCUMENT_ROOT'] . '/inc/vars.local.inc.php';
+  }
+  require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/sessions.inc.php';
+
   // extract email address from "/SOGo/so/user@domain/xy"
   $url_parts = explode("/", $_SERVER['HTTP_X_ORIGINAL_URI']);
   $email_list = array(

From 836e3f15b71169d87afa93280cc36c8c14e808a3 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Thu, 13 Feb 2025 19:32:39 +0100
Subject: [PATCH 472/755] [Web] Updated lang.es-es.json (#6307)

Co-authored-by: Julie GINESTIERE <julien.ginestiere+git@gmail.com>
---
 data/web/lang/lang.es-es.json | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/data/web/lang/lang.es-es.json b/data/web/lang/lang.es-es.json
index f0c015d57..5547692ff 100644
--- a/data/web/lang/lang.es-es.json
+++ b/data/web/lang/lang.es-es.json
@@ -24,7 +24,9 @@
         "protocol_access": "Cambiar protocolo de acceso",
         "quarantine_category": "Cambiar categoría de las notificaciones de cuarentena",
         "domain_relayhost": "Cambiar relayhost por un dominio",
-        "extend_sender_acl": "Permitir extender la ACL del remitente por direcciones externas"
+        "extend_sender_acl": "Permitir extender la ACL del remitente por direcciones externas",
+        "pw_reset": "Permitir el reset  de la contraseña del usario mailcow",
+        "sogo_access": "Permitir la gestión del acceso a SOGo"
     },
     "add": {
         "activate_filter_warn": "Todos los demás filtros se desactivarán cuando este filtro se active.",
@@ -95,7 +97,10 @@
         "app_password": "Añadir contraseña para la app",
         "public_comment": "Comentarios públicos",
         "disable_login": "Desactivar login (el correo entrante seguirá activo)",
-        "comment_info": "Los comentarios privados no son visibles al usuario, mientras que los comentarios públicos aparecerán sobre la información general del usuario"
+        "comment_info": "Los comentarios privados no son visibles al usuario, mientras que los comentarios públicos aparecerán sobre la información general del usuario",
+        "dry": "Simular la sincronización",
+        "private_comment": "Comentario privado",
+        "app_passwd_protocols": "Protocolos autorizados para la contraseña de la aplicación"
     },
     "admin": {
         "access": "Acceso",
@@ -777,4 +782,4 @@
         "fuzzy_learn_error": "Error aprendiendo hash: %s",
         "ip_invalid": "IP inválida omitida: %s"
     }
-}
\ No newline at end of file
+}

From d8afa6f393eae461010431a9296df03d1fdbf197 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 14 Feb 2025 13:12:12 +0100
Subject: [PATCH 473/755] [Dovecot][Netfilter] Fix dovecot failed login regex

---
 data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf | 5 +++++
 data/Dockerfiles/dovecot/syslog-ng.conf             | 5 +++++
 data/Dockerfiles/netfilter/main.py                  | 8 +++-----
 data/conf/dovecot/dovecot.conf                      | 1 +
 docker-compose.yml                                  | 2 +-
 5 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf b/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf
index 4b9bf287c..c028bcdbf 100644
--- a/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf
+++ b/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf
@@ -38,8 +38,13 @@ filter f_replica {
   not match("User has no mail_replica in userdb" value("MESSAGE"));
   not match("Error: sync: Unknown user in remote" value("MESSAGE"));
 };
+filter f_dovecot_auth_try {
+  not match("- trying the next passdb" value("MESSAGE")) and
+  not match("- trying the next userdb" value("MESSAGE"));
+};
 log {
   source(s_dgram);
+  filter(f_dovecot_auth_try);
   filter(f_replica);
   destination(d_stdout);
   filter(f_mail);
diff --git a/data/Dockerfiles/dovecot/syslog-ng.conf b/data/Dockerfiles/dovecot/syslog-ng.conf
index c79eb92ee..1918f4a23 100644
--- a/data/Dockerfiles/dovecot/syslog-ng.conf
+++ b/data/Dockerfiles/dovecot/syslog-ng.conf
@@ -38,8 +38,13 @@ filter f_replica {
   not match("User has no mail_replica in userdb" value("MESSAGE"));
   not match("Error: sync: Unknown user in remote" value("MESSAGE"));
 };
+filter f_dovecot_auth_try {
+  not match("- trying the next passdb" value("MESSAGE")) and
+  not match("- trying the next userdb" value("MESSAGE"));
+};
 log {
   source(s_dgram);
+  filter(f_dovecot_auth_try);
   filter(f_replica);
   destination(d_stdout);
   filter(f_mail);
diff --git a/data/Dockerfiles/netfilter/main.py b/data/Dockerfiles/netfilter/main.py
index 36304bf0c..5238d54d9 100644
--- a/data/Dockerfiles/netfilter/main.py
+++ b/data/Dockerfiles/netfilter/main.py
@@ -85,11 +85,9 @@ def refreshF2bregex():
     f2bregex[3] = r'warning: .*\[([0-9a-f\.:]+)\]: SASL .+ authentication failed: (?!.*Connection lost to authentication server).+'
     f2bregex[4] = r'warning: non-SMTP command from .*\[([0-9a-f\.:]+)]:.+'
     f2bregex[5] = r'NOQUEUE: reject: RCPT from \[([0-9a-f\.:]+)].+Protocol error.+'
-    f2bregex[6] = r'-login: Disconnected.+ \(auth failed, .+\): user=.*, method=.+, rip=([0-9a-f\.:]+),'
-    f2bregex[7] = r'-login: Aborted login.+ \(auth failed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
-    f2bregex[8] = r'-login: Aborted login.+ \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
-    f2bregex[9] = r'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked'
-    f2bregex[10] = r'([0-9a-f\.:]+) \"GET \/SOGo\/.* HTTP.+\" 403 .+'
+    f2bregex[6] = r'auth: static\([^,]+,([0-9a-f\.:]+),<[^>]+>\): Password mismatch \(SHA1 of given password: [a-f0-9]+\)'
+    f2bregex[7] = r'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked'
+    f2bregex[8] = r'([0-9a-f\.:]+) \"GET \/SOGo\/.* HTTP.+\" 403 .+'
     r.set('F2B_REGEX', json.dumps(f2bregex, ensure_ascii=False))
   else:
     try:
diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf
index c230c3495..52c258fc1 100644
--- a/data/conf/dovecot/dovecot.conf
+++ b/data/conf/dovecot/dovecot.conf
@@ -278,6 +278,7 @@ imap_max_line_length = 2 M
 #auth_cache_negative_ttl = 0
 #auth_cache_ttl = 30 s
 #auth_cache_size = 2 M
+auth_verbose_passwords = sha1:6
 service replicator {
   process_min_avail = 1
 }
diff --git a/docker-compose.yml b/docker-compose.yml
index 3e413a4f7..df1c5228e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -454,7 +454,7 @@ services:
             - acme
 
     netfilter-mailcow:
-      image: mailcow/netfilter:1.60
+      image: mailcow/netfilter:1.61
       stop_grace_period: 30s
       restart: always
       privileged: true

From 16e22e23dcb4bb9accff060503bb85dec478498d Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Mon, 17 Feb 2025 14:31:50 +0100
Subject: [PATCH 474/755] sogo: switched apt source to sogo again (supports
 aarch64 now)

---
 data/Dockerfiles/sogo/Dockerfile | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/data/Dockerfiles/sogo/Dockerfile b/data/Dockerfiles/sogo/Dockerfile
index 78da39bec..a749ee80c 100644
--- a/data/Dockerfiles/sogo/Dockerfile
+++ b/data/Dockerfiles/sogo/Dockerfile
@@ -4,7 +4,7 @@ LABEL maintainer="The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
 ARG DEBIAN_VERSION=bookworm
-ARG SOGO_DEBIAN_REPOSITORY=http://www.axis.cz/linux/debian
+ARG SOGO_DEBIAN_REPOSITORY=https://packagingv2.sogo.nu/sogo-nightly-debian/
 # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced extractVersion=^(?<version>.*)$
 ARG GOSU_VERSION=1.17
 ENV LC_ALL=C
@@ -33,9 +33,8 @@ RUN echo "Building from repository $SOGO_DEBIAN_REPOSITORY" \
   && gosu nobody true \
   && mkdir /usr/share/doc/sogo \
   && touch /usr/share/doc/sogo/empty.sh \
-  && wget http://www.axis.cz/linux/debian/axis-archive-keyring.deb -O /tmp/axis-archive-keyring.deb \
-  && apt install -y /tmp/axis-archive-keyring.deb \
-  && echo "deb [trusted=yes] ${SOGO_DEBIAN_REPOSITORY} ${DEBIAN_VERSION} sogo-v5" > /etc/apt/sources.list.d/sogo.list \
+  && wget -O- https://keys.openpgp.org/vks/v1/by-fingerprint/74FFC6D72B925A34B5D356BDF8A27B36A6E2EAE9 | gpg --dearmor | apt-key add - \
+  && echo "deb [trusted=yes] ${SOGO_DEBIAN_REPOSITORY} ${DEBIAN_VERSION} main" > /etc/apt/sources.list.d/sogo.list \
   && apt-get update && apt-get install -y --no-install-recommends \
     sogo \
     sogo-activesync \

From f6dc0b463ff80a5fefb645099c3a466ff17fa637 Mon Sep 17 00:00:00 2001
From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com>
Date: Mon, 17 Feb 2025 14:41:39 +0100
Subject: [PATCH 475/755] Update Rspamd to 3.11.0 and enable SMTPUTF8 for
 outgoing mail (#6216)

* Update Rspamd to 3.11

* Enable SMTPUTF8 and hide it from SMTPD greeting

* Update options.inc

* compose: increased rspamd tag
---
 data/Dockerfiles/rspamd/Dockerfile   | 2 +-
 data/conf/postfix/main.cf            | 5 ++---
 data/conf/rspamd/local.d/options.inc | 1 +
 docker-compose.yml                   | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/data/Dockerfiles/rspamd/Dockerfile b/data/Dockerfiles/rspamd/Dockerfile
index 64376bbd3..564ca2d72 100644
--- a/data/Dockerfiles/rspamd/Dockerfile
+++ b/data/Dockerfiles/rspamd/Dockerfile
@@ -2,7 +2,7 @@ FROM debian:bookworm-slim
 LABEL maintainer="The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG RSPAMD_VER=rspamd_3.10.2-1~b8a232043
+ARG RSPAMD_VER=rspamd_3.11.0-1~90a175b45
 ARG CODENAME=bookworm
 ENV LC_ALL=C
 
diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index 6721204cb..07065f045 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -162,10 +162,9 @@ transport_maps = pcre:/opt/postfix/conf/custom_transport.pcre,
   proxy:mysql:/opt/postfix/conf/sql/mysql_relay_ne.cf,
   proxy:mysql:/opt/postfix/conf/sql/mysql_transport_maps.cf
 smtp_sasl_auth_soft_bounce = no
-postscreen_discard_ehlo_keywords = silent-discard, dsn, chunking
-smtpd_discard_ehlo_keywords = chunking, silent-discard
+postscreen_discard_ehlo_keywords = chunking, silent-discard, smtputf8, dsn
+smtpd_discard_ehlo_keywords = chunking, silent-discard, smtputf8
 compatibility_level = 3.7
-smtputf8_enable = no
 # Define protocols for SMTPS and submission service
 submission_smtpd_tls_mandatory_protocols = >=TLSv1.2
 smtps_smtpd_tls_mandatory_protocols = >=TLSv1.2
diff --git a/data/conf/rspamd/local.d/options.inc b/data/conf/rspamd/local.d/options.inc
index 99197ff55..f83ddf0fc 100644
--- a/data/conf/rspamd/local.d/options.inc
+++ b/data/conf/rspamd/local.d/options.inc
@@ -3,6 +3,7 @@ dns {
 }
 map_watch_interval = 30s;
 task_timeout = 30s;
+enable_mime_utf = true;
 disable_monitoring = true;
 # In case a task times out (like DNS lookup), soft reject the message
 # instead of silently accepting the message without further processing.
diff --git a/docker-compose.yml b/docker-compose.yml
index 3e413a4f7..09c2781b4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -83,7 +83,7 @@ services:
             - clamd
 
     rspamd-mailcow:
-      image: mailcow/rspamd:1.99
+      image: mailcow/rspamd:2.0
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow

From 4ac541f67143888b16f70154af9b2b9b5ead9977 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Mon, 17 Feb 2025 15:48:25 +0100
Subject: [PATCH 476/755] [Mariadb] Update to 10.11 (LTS) (#5152)

* [Mariadb] Update to 10.11 (LTS)

* mysql: set default collation to general_ci
---
 data/conf/mysql/my.cnf | 4 ++--
 docker-compose.yml     | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/data/conf/mysql/my.cnf b/data/conf/mysql/my.cnf
index 489b973c4..24d6123bb 100644
--- a/data/conf/mysql/my.cnf
+++ b/data/conf/mysql/my.cnf
@@ -1,7 +1,7 @@
 [mysqld]
 character-set-client-handshake = FALSE
 character-set-server           = utf8mb4
-collation-server               = utf8mb4_unicode_ci
+collation-server               = utf8mb4_general_ci
 #innodb_file_per_table          = TRUE
 #innodb_file_format             = barracuda
 #innodb_large_prefix            = TRUE
@@ -20,7 +20,7 @@ thread_cache_size       = 8
 query_cache_type        = 0
 query_cache_size        = 0
 max_heap_table_size     = 48M
-thread_stack            = 192K
+thread_stack            = 256K
 skip-host-cache
 skip-name-resolve
 log-warnings            = 0
diff --git a/docker-compose.yml b/docker-compose.yml
index 09c2781b4..2cb6b98f1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -17,7 +17,7 @@ services:
             - unbound
 
     mysql-mailcow:
-      image: mariadb:10.5
+      image: mariadb:10.11
       depends_on:
         - unbound-mailcow
         - netfilter-mailcow

From a567d5dc3193286684fdf0b7cf287817bdfe6581 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 18 Feb 2025 11:03:34 +0100
Subject: [PATCH 477/755] [Nginx] Add support for trusted proxies via env var

---
 data/Dockerfiles/nginx/bootstrap.py             | 3 ++-
 data/conf/nginx/templates/sites-default.conf.j2 | 6 ++++--
 docker-compose.yml                              | 4 +++-
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/data/Dockerfiles/nginx/bootstrap.py b/data/Dockerfiles/nginx/bootstrap.py
index ab95c2a6b..11e6fc202 100644
--- a/data/Dockerfiles/nginx/bootstrap.py
+++ b/data/Dockerfiles/nginx/bootstrap.py
@@ -43,10 +43,11 @@ def nginx_conf(env, template_vars):
 def prepare_template_vars():
   ipv4_network = os.getenv("IPV4_NETWORK", "172.22.1")
   additional_server_names = os.getenv("ADDITIONAL_SERVER_NAMES", "")
+  trusted_proxies = os.getenv("TRUSTED_PROXIES", "")
 
   template_vars = {
     'IPV4_NETWORK': ipv4_network,
-    'TRUSTED_NETWORK': os.getenv("TRUSTED_NETWORK", False),
+    'TRUSTED_PROXIES': [item.strip() for item in trusted_proxies.split(",") if item.strip()],
     'SKIP_RSPAMD': os.getenv("SKIP_RSPAMD", "n").lower() in ("y", "yes"),
     'SKIP_SOGO': os.getenv("SKIP_SOGO", "n").lower() in ("y", "yes"),
     'NGINX_USE_PROXY_PROTOCOL': os.getenv("NGINX_USE_PROXY_PROTOCOL", "n").lower() in ("y", "yes"),
diff --git a/data/conf/nginx/templates/sites-default.conf.j2 b/data/conf/nginx/templates/sites-default.conf.j2
index 23bce6cea..574bdb052 100644
--- a/data/conf/nginx/templates/sites-default.conf.j2
+++ b/data/conf/nginx/templates/sites-default.conf.j2
@@ -52,10 +52,12 @@ set_real_ip_from 10.0.0.0/8;
 set_real_ip_from 172.16.0.0/12;
 set_real_ip_from 192.168.0.0/16;
 set_real_ip_from fc00::/7;
-{% if not TRUSTED_NETWORK %}
+{% for TRUSTED_PROXY in TRUSTED_PROXIES %}
+set_real_ip_from {{ TRUSTED_PROXY }};
+{% endfor %}
+{% if not NGINX_USE_PROXY_PROTOCOL %}
 real_ip_header X-Forwarded-For;
 {% else %}
-set_real_ip_from {{ TRUSTED_NETWORK }};
 real_ip_header proxy_protocol;
 {% endif %}
 real_ip_recursive on;
diff --git a/docker-compose.yml b/docker-compose.yml
index 2cb6b98f1..cc4ee2b45 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -376,7 +376,7 @@ services:
         - php-fpm-mailcow
         - sogo-mailcow
         - rspamd-mailcow
-      image: mailcow/nginx:1.02
+      image: mailcow/nginx:1.03
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:
@@ -394,6 +394,8 @@ services:
         - RSPAMDHOST=${RSPAMDHOST:-}
         - REDISHOST=${REDISHOST:-}
         - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
+        - NGINX_USE_PROXY_PROTOCOL=${NGINX_USE_PROXY_PROTOCOL:-n}
+        - TRUSTED_PROXIES=${TRUSTED_PROXIES:-}
       volumes:
         - ./data/web:/web:ro,z
         - ./data/conf/rspamd/dynmaps:/dynmaps:ro,z

From 351f4ce787542b05dab8ad5c39c00429ef02233b Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 18 Feb 2025 11:16:06 +0100
Subject: [PATCH 478/755] [Redis] Add support for masterauth via env var

---
 data/conf/redis/redis-conf.sh | 4 ++++
 docker-compose.yml            | 1 +
 2 files changed, 5 insertions(+)

diff --git a/data/conf/redis/redis-conf.sh b/data/conf/redis/redis-conf.sh
index 89b2a3bab..7e2672a31 100755
--- a/data/conf/redis/redis-conf.sh
+++ b/data/conf/redis/redis-conf.sh
@@ -5,4 +5,8 @@ requirepass $REDISPASS
 user quota_notify on nopass ~QW_* -@all +get +hget +ping
 EOF
 
+if [ -n "$REDISMASTERPASS" ]; then
+  echo "masterauth $REDISMASTERPASS" >> /redis.conf
+fi
+
 exec redis-server /redis.conf
diff --git a/docker-compose.yml b/docker-compose.yml
index cc4ee2b45..3440a99a8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -55,6 +55,7 @@ services:
       environment:
         - TZ=${TZ}
         - REDISPASS=${REDISPASS}
+        - REDISMASTERPASS=${REDISMASTERPASS:-}
       sysctls:
         - net.core.somaxconn=4096
       networks:

From 7bce5d836b2e53a256b8e9c3f40b1942491227da Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Tue, 18 Feb 2025 11:20:03 +0100
Subject: [PATCH 479/755] Move sed cmd to remove discontinued DNSBLs (#6315)

* Move sed cmd to remove discontinued DNSBLs

* compose: bump postfix version

---------

Co-authored-by: DerLinkman <niklas.meyer@servercow.de>
---
 data/Dockerfiles/postfix/postfix.sh | 7 ++++---
 docker-compose.yml                  | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/data/Dockerfiles/postfix/postfix.sh b/data/Dockerfiles/postfix/postfix.sh
index 9a4c023f1..e5dbf88fc 100755
--- a/data/Dockerfiles/postfix/postfix.sh
+++ b/data/Dockerfiles/postfix/postfix.sh
@@ -416,10 +416,11 @@ postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
   bl.mailspike.net=127.0.0.[10;11;12]*4
 EOF
 fi
-DNSBL_CONFIG=$(grep -v '^#' /opt/postfix/conf/dns_blocklists.cf | grep '\S')
 
-# Remove discontinued Nixspam DNSBL from existing dns_blocklists.cf
-sed -i '/ix\.dnsbl\.manitu\.net\*2/d' /opt/postfix/conf/dns_blocklists.cf
+# Remove discontinued DNSBLs from existing dns_blocklists.cf
+sed -i '/ix\.dnsbl\.manitu\.net\*2/d' /opt/postfix/conf/dns_blocklists.cf # Nixspam
+
+DNSBL_CONFIG=$(grep -v '^#' /opt/postfix/conf/dns_blocklists.cf | grep '\S')
 
 if [ ! -z "$DNSBL_CONFIG" ]; then
   echo -e "\e[33mChecking if ASN for your IP is listed for Spamhaus Bad ASN List...\e[0m"
diff --git a/docker-compose.yml b/docker-compose.yml
index 3440a99a8..6d645c599 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -321,7 +321,7 @@ services:
             - dovecot
 
     postfix-mailcow:
-      image: mailcow/postfix:1.79
+      image: mailcow/postfix:1.80
       depends_on:
         mysql-mailcow:
           condition: service_started

From 321965adee95aeb417720bee909fa961fdbb6aa3 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 18 Feb 2025 15:05:59 +0100
Subject: [PATCH 480/755] [Netfilter] Fix dovecot password mismatch regex

---
 data/Dockerfiles/netfilter/main.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/netfilter/main.py b/data/Dockerfiles/netfilter/main.py
index 5238d54d9..01878c04f 100644
--- a/data/Dockerfiles/netfilter/main.py
+++ b/data/Dockerfiles/netfilter/main.py
@@ -85,7 +85,7 @@ def refreshF2bregex():
     f2bregex[3] = r'warning: .*\[([0-9a-f\.:]+)\]: SASL .+ authentication failed: (?!.*Connection lost to authentication server).+'
     f2bregex[4] = r'warning: non-SMTP command from .*\[([0-9a-f\.:]+)]:.+'
     f2bregex[5] = r'NOQUEUE: reject: RCPT from \[([0-9a-f\.:]+)].+Protocol error.+'
-    f2bregex[6] = r'auth: static\([^,]+,([0-9a-f\.:]+),<[^>]+>\): Password mismatch \(SHA1 of given password: [a-f0-9]+\)'
+    f2bregex[6] = r'auth: \w+\([^,]+,([0-9a-f\.:]+),<[^>]+>\): Password mismatch \(SHA1 of given password: [a-f0-9]+\)'
     f2bregex[7] = r'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked'
     f2bregex[8] = r'([0-9a-f\.:]+) \"GET \/SOGo\/.* HTTP.+\" 403 .+'
     r.set('F2B_REGEX', json.dumps(f2bregex, ensure_ascii=False))

From 7d356463426fbccdc0c5c868d4cfba19eca0f211 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 24 Feb 2025 09:20:41 +0100
Subject: [PATCH 481/755] [Netfilter] adjust dovecot failed login regex

---
 data/Dockerfiles/netfilter/main.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/data/Dockerfiles/netfilter/main.py b/data/Dockerfiles/netfilter/main.py
index 01878c04f..2b332d205 100644
--- a/data/Dockerfiles/netfilter/main.py
+++ b/data/Dockerfiles/netfilter/main.py
@@ -85,9 +85,10 @@ def refreshF2bregex():
     f2bregex[3] = r'warning: .*\[([0-9a-f\.:]+)\]: SASL .+ authentication failed: (?!.*Connection lost to authentication server).+'
     f2bregex[4] = r'warning: non-SMTP command from .*\[([0-9a-f\.:]+)]:.+'
     f2bregex[5] = r'NOQUEUE: reject: RCPT from \[([0-9a-f\.:]+)].+Protocol error.+'
-    f2bregex[6] = r'auth: \w+\([^,]+,([0-9a-f\.:]+),<[^>]+>\): Password mismatch \(SHA1 of given password: [a-f0-9]+\)'
-    f2bregex[7] = r'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked'
-    f2bregex[8] = r'([0-9a-f\.:]+) \"GET \/SOGo\/.* HTTP.+\" 403 .+'
+    f2bregex[6] = r'\w+\([^,]+,([0-9a-f\.:]+),<[^>]+>\): Password mismatch \(SHA1 of given password: [a-f0-9]+\)'
+    f2bregex[7] = r'\w+\([^,]+,([0-9a-f\.:]+),<[^>]+>\): unknown user \(SHA1 of given password: [a-f0-9]+\)'
+    f2bregex[8] = r'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked'
+    f2bregex[9] = r'([0-9a-f\.:]+) \"GET \/SOGo\/.* HTTP.+\" 403 .+'
     r.set('F2B_REGEX', json.dumps(f2bregex, ensure_ascii=False))
   else:
     try:

From f15ee39b63463563a3430dc28188635c1e6bb654 Mon Sep 17 00:00:00 2001
From: PseudoResonance <kaio11604@gmail.com>
Date: Mon, 11 Nov 2024 22:00:27 -0800
Subject: [PATCH 482/755] Fix #2752: Domain recipient for address rewrite

(cherry picked from commit 40f6d691d8774d6f813153974f8fe462a8db9ab3)
---
 .../inc/functions.address_rewriting.inc.php   | 20 +++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/data/web/inc/functions.address_rewriting.inc.php b/data/web/inc/functions.address_rewriting.inc.php
index 140ae4764..87b882782 100644
--- a/data/web/inc/functions.address_rewriting.inc.php
+++ b/data/web/inc/functions.address_rewriting.inc.php
@@ -285,7 +285,13 @@ function recipient_map($_action, $_data = null, $attr = null) {
         );
         return false;
       }
-      if (!filter_var($new_dest, FILTER_VALIDATE_EMAIL)) {
+      if (is_valid_domain_name($new_dest)) {
+        $new_dest_sane = '@' . idn_to_ascii($new_dest, 0, INTL_IDNA_VARIANT_UTS46);
+      }
+      elseif (filter_var($new_dest, FILTER_VALIDATE_EMAIL)) {
+        $new_dest_sane = $new_dest;
+      }
+      else {
         $_SESSION['return'][] = array(
           'type' => 'danger',
           'log' => array(__FUNCTION__, $_action, $_data, $_attr),
@@ -308,7 +314,7 @@ function recipient_map($_action, $_data = null, $attr = null) {
         (:old_dest, :new_dest, :active)");
       $stmt->execute(array(
         ':old_dest' => $old_dest_sane,
-        ':new_dest' => $new_dest,
+        ':new_dest' => $new_dest_sane,
         ':active' => $active
       ));
       $_SESSION['return'][] = array(
@@ -351,7 +357,13 @@ function recipient_map($_action, $_data = null, $attr = null) {
           );
           continue;
         }
-        if (!filter_var($new_dest, FILTER_VALIDATE_EMAIL)) {
+        if (is_valid_domain_name($new_dest)) {
+          $new_dest_sane = '@' . idn_to_ascii($new_dest, 0, INTL_IDNA_VARIANT_UTS46);
+        }
+        elseif (filter_var($new_dest, FILTER_VALIDATE_EMAIL)) {
+          $new_dest_sane = $new_dest;
+        }
+        else {
           $_SESSION['return'][] = array(
             'type' => 'danger',
             'log' => array(__FUNCTION__, $_action, $_data, $_attr),
@@ -378,7 +390,7 @@ function recipient_map($_action, $_data = null, $attr = null) {
             WHERE `id`= :id");
         $stmt->execute(array(
           ':old_dest' => $old_dest_sane,
-          ':new_dest' => $new_dest,
+          ':new_dest' => $new_dest_sane,
           ':active' => $active,
           ':id' => $id
         ));

From e52323bf1dc6f0097d7dc7d103aa770c155b1c7f Mon Sep 17 00:00:00 2001
From: PseudoResonance <kaio11604@gmail.com>
Date: Mon, 24 Feb 2025 22:36:17 -0800
Subject: [PATCH 483/755] Fix @ prefixing domain rewrite and update
 localization

---
 data/web/edit.php                                | 3 +++
 data/web/inc/functions.address_rewriting.inc.php | 6 ++++++
 data/web/lang/lang.cs-cz.json                    | 4 ++--
 data/web/lang/lang.da-dk.json                    | 4 ++--
 data/web/lang/lang.de-de.json                    | 4 ++--
 data/web/lang/lang.en-gb.json                    | 6 +++---
 data/web/lang/lang.es-es.json                    | 2 +-
 data/web/lang/lang.fi-fi.json                    | 4 ++--
 data/web/lang/lang.fr-fr.json                    | 4 ++--
 data/web/lang/lang.it-it.json                    | 6 +++---
 data/web/lang/lang.ja-jp.json                    | 2 +-
 data/web/lang/lang.ko-kr.json                    | 6 +++---
 data/web/lang/lang.nl-nl.json                    | 4 ++--
 data/web/lang/lang.pt-br.json                    | 4 ++--
 data/web/lang/lang.ro-ro.json                    | 4 ++--
 data/web/lang/lang.ru-ru.json                    | 4 ++--
 data/web/lang/lang.sk-sk.json                    | 4 ++--
 data/web/lang/lang.sv-se.json                    | 4 ++--
 18 files changed, 42 insertions(+), 33 deletions(-)

diff --git a/data/web/edit.php b/data/web/edit.php
index 4c5cd89e9..b7544a5af 100644
--- a/data/web/edit.php
+++ b/data/web/edit.php
@@ -166,6 +166,9 @@ if (isset($_SESSION['mailcow_cc_role'])) {
         if (substr($result['recipient_map_old'], 0, 1) == '@') {
           $result['recipient_map_old'] = substr($result['recipient_map_old'], 1);
         }
+        if (substr($result['recipient_map_new'], 0, 1) == '@') {
+          $result['recipient_map_new'] = substr($result['recipient_map_new'], 1);
+        }
         $template = 'edit/recipient_map.twig';
         $template_data = ['map' => $map];
     }
diff --git a/data/web/inc/functions.address_rewriting.inc.php b/data/web/inc/functions.address_rewriting.inc.php
index 87b882782..0c89d001e 100644
--- a/data/web/inc/functions.address_rewriting.inc.php
+++ b/data/web/inc/functions.address_rewriting.inc.php
@@ -270,6 +270,9 @@ function recipient_map($_action, $_data = null, $attr = null) {
         $old_dest = substr($old_dest, 1);
       }
       $new_dest = strtolower(trim($_data['recipient_map_new']));
+      if (substr($new_dest, 0, 1) == '@') {
+        $new_dest = substr($new_dest, 1);
+      }
       $active = intval($_data['active']);
       if (is_valid_domain_name($old_dest)) {
         $old_dest_sane = '@' . idn_to_ascii($old_dest, 0, INTL_IDNA_VARIANT_UTS46);
@@ -331,6 +334,9 @@ function recipient_map($_action, $_data = null, $attr = null) {
           $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
           $new_dest = (!empty($_data['recipient_map_new'])) ? $_data['recipient_map_new'] : $is_now['recipient_map_new'];
           $old_dest = (!empty($_data['recipient_map_old'])) ? $_data['recipient_map_old'] : $is_now['recipient_map_old'];
+          if (substr($new_dest, 0, 1) == '@') {
+            $new_dest = substr($new_dest, 1);
+          }
           if (substr($old_dest, 0, 1) == '@') {
             $old_dest = substr($old_dest, 1);
           }
diff --git a/data/web/lang/lang.cs-cz.json b/data/web/lang/lang.cs-cz.json
index e75601b5a..32b74efde 100644
--- a/data/web/lang/lang.cs-cz.json
+++ b/data/web/lang/lang.cs-cz.json
@@ -869,7 +869,7 @@
         "recipient_map": "Mapa příjemce",
         "recipient_map_info": "Mapy příjemců slouží k nahrazení cílové adresy zprávy před doručením.",
         "recipient_map_new": "Nový přijemce",
-        "recipient_map_new_info": "Cílová adresa mapy příjemce musí být platná emailová adresa.",
+        "recipient_map_new_info": "Cílová adresa mapy příjemce musí být emailová adresa nebo název domény.",
         "recipient_map_old": "Původní příjemce",
         "recipient_map_old_info": "Původní příjemce musí být platná emailová adresa nebo název domény.",
         "recipient_maps": "Mapy příjemců",
@@ -1307,4 +1307,4 @@
         "session_token": "Token formuláře není platný: Token mismatch",
         "session_ua": "Token formuláře není platný: User-Agent validation error"
     }
-}
\ No newline at end of file
+}
diff --git a/data/web/lang/lang.da-dk.json b/data/web/lang/lang.da-dk.json
index 9e7977e69..da97c1794 100644
--- a/data/web/lang/lang.da-dk.json
+++ b/data/web/lang/lang.da-dk.json
@@ -706,7 +706,7 @@
         "recipient_map": "Modtagerkort",
         "recipient_map_info": "Modtagerkort bruges til at erstatte destinationsadressen i en meddelelse, før den leveres.",
         "recipient_map_new": "Ny modtager",
-        "recipient_map_new_info": "Modtagerkortdestination skal være en gyldig e-mail-adresse.",
+        "recipient_map_new_info": "Modtagerkortdestination skal være gyldige e-mail-adresser eller et domænenavn.",
         "recipient_map_old": "Original modtager",
         "recipient_map_old_info": "En modtager kortlægger den originale destination, skal være gyldige e-mail-adresser eller et domænenavn.",
         "recipient_maps": "Modtagerkort",
@@ -1089,4 +1089,4 @@
             "first": "Først"
         }
     }
-}
\ No newline at end of file
+}
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index d80799947..6047e9ef5 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -881,7 +881,7 @@
         "recipient_map": "Empfängerumschreibung",
         "recipient_map_info": "Empfängerumschreibung ersetzen den Empfänger einer E-Mail vor dem Versand.",
         "recipient_map_new": "Neuer Empfänger",
-        "recipient_map_new_info": "Der neue Empfänger muss eine E-Mail-Adresse sein.",
+        "recipient_map_new_info": "Der neue Empfänger muss eine E-Mail-Adresse oder ein Domainname sein.",
         "recipient_map_old": "Original-Empfänger",
         "recipient_map_old_info": "Der originale Empfänger muss eine E-Mail-Adresse oder ein Domainname sein.",
         "recipient_maps": "Empfängerumschreibungen",
@@ -1336,4 +1336,4 @@
         "hour": "Nachrichten / Stunde",
         "day": "Nachrichten / Tag"
     }
-}
\ No newline at end of file
+}
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 6b1cdf00f..4138210ec 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -887,9 +887,9 @@
         "recipient_map": "Recipient map",
         "recipient_map_info": "Recipient maps are used to replace the destination address on a message before it is delivered.",
         "recipient_map_new": "New recipient",
-        "recipient_map_new_info": "Recipient map destination must be a valid email address.",
+        "recipient_map_new_info": "Recipient map destination must be a valid email addresses or a domain name.",
         "recipient_map_old": "Original recipient",
-        "recipient_map_old_info": "A recipient maps original destination must be valid email addresses or a domain name.",
+        "recipient_map_old_info": "A recipient maps original destination must be a valid email addresses or a domain name.",
         "recipient_maps": "Recipient maps",
         "relay_all": "Relay all recipients",
         "relay_unknown": "Relay unknown mailboxes",
@@ -1336,4 +1336,4 @@
         "session_token": "Form token invalid: Token mismatch",
         "session_ua": "Form token invalid: User-Agent validation error"
     }
-}
\ No newline at end of file
+}
diff --git a/data/web/lang/lang.es-es.json b/data/web/lang/lang.es-es.json
index 5547692ff..0bb1312b1 100644
--- a/data/web/lang/lang.es-es.json
+++ b/data/web/lang/lang.es-es.json
@@ -544,7 +544,7 @@
         "recipient_map": "Regla de destinatario",
         "recipient_map_info": "Las reglas de destinatarios se utilizan para reemplazar la dirección de destino en un mensaje antes de que se entregue.",
         "recipient_map_new": "Destinatario nuevo",
-        "recipient_map_new_info": "El destino de la regla debe ser una dirección de correo válida.",
+        "recipient_map_new_info": "El destino de la regla debe ser una dirección de correo electrónico válida o un nombre de dominio.",
         "recipient_map_old": "Destinatario original",
         "recipient_map_old_info": "El destino original de una regla de destinatario debe ser una dirección de correo electrónico válida o un nombre de dominio.",
         "recipient_maps": "Reglas de destinatario",
diff --git a/data/web/lang/lang.fi-fi.json b/data/web/lang/lang.fi-fi.json
index 6919e1f73..9cb71cf38 100644
--- a/data/web/lang/lang.fi-fi.json
+++ b/data/web/lang/lang.fi-fi.json
@@ -607,7 +607,7 @@
         "recipient_map": "Vastaanottajien yhdistämis määritykset",
         "recipient_map_info": "Vastaanottajan karttoja käytetään korvaamaan viestin kohde osoite ennen sen toimittamista.",
         "recipient_map_new": "Uusi vastaanottaja",
-        "recipient_map_new_info": "Vastaanottajan yhdistämis kartan kohteen on oltava kelvollinen sähköposti osoite.",
+        "recipient_map_new_info": "Vastaanottajan yhdistämis kartan kohteen on oltava kelvollinen sähköposti osoite tai verkkotunnus alueen nimi.",
         "recipient_map_old": "Alkuperäinen vastaanottaja",
         "recipient_map_old_info": "Vastaanottajan yhdistämis määritysten alkuperäisen kohteen on oltava kelvollinen sähköposti osoite tai verkkotunnus alueen nimi.",
         "recipient_maps": "Vastaanottajien yhdistämis määritykset",
@@ -906,4 +906,4 @@
             "last": "Edellinen"
         }
     }
-}
\ No newline at end of file
+}
diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index 61d62fca3..d531cdc53 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -834,7 +834,7 @@
         "recipient_map": "Carte du destinataire",
         "recipient_map_info": "Les cartes des destinataires sont utilisées pour remplacer l’adresse de destination d’un message avant sa livraison.",
         "recipient_map_new": "Nouveau destinataire",
-        "recipient_map_new_info": "La destination de la carte du destinataire doit être une adresse de courriel valide.",
+        "recipient_map_new_info": "La destination de la carte du destinataire doit être une adresse de courriel valide ou un nom de domaine.",
         "recipient_map_old": "Destinataire original",
         "recipient_map_old_info": "Une carte de destination originale doit être une adresse de courriel valide ou un nom de domaine.",
         "recipient_maps": "Cartes des bénéficiaires",
@@ -1335,4 +1335,4 @@
         "hour": "msgs / heure",
         "day": "msgs / jour"
     }
-}
\ No newline at end of file
+}
diff --git a/data/web/lang/lang.it-it.json b/data/web/lang/lang.it-it.json
index 59a53c09d..69219864f 100644
--- a/data/web/lang/lang.it-it.json
+++ b/data/web/lang/lang.it-it.json
@@ -822,9 +822,9 @@
         "recipient_map": "Recipient map",
         "recipient_map_info": "Recipient maps are used to replace the destination address on a message before it is delivered.",
         "recipient_map_new": "New recipient",
-        "recipient_map_new_info": "Recipient map destination must be a valid email address.",
+        "recipient_map_new_info": "Recipient map destination must be a valid email addresses or a domain name.",
         "recipient_map_old": "Original recipient",
-        "recipient_map_old_info": "A recipient maps original destination must be valid email addresses or a domain name.",
+        "recipient_map_old_info": "A recipient maps original destination must be a valid email addresses or a domain name.",
         "recipient_maps": "Recipient maps",
         "relay_all": "Trasmettere a tutti i destinatari",
         "remove": "Rimuovi",
@@ -1306,4 +1306,4 @@
         },
         "decimal": "."
     }
-}
\ No newline at end of file
+}
diff --git a/data/web/lang/lang.ja-jp.json b/data/web/lang/lang.ja-jp.json
index c6efbb579..683cae373 100644
--- a/data/web/lang/lang.ja-jp.json
+++ b/data/web/lang/lang.ja-jp.json
@@ -887,7 +887,7 @@
         "recipient_map": "受信者マップ",
         "recipient_map_info": "受信者マップは、メッセージが配信される前に宛先アドレスを置き換えるために使用されます。",
         "recipient_map_new": "新しい受信者",
-        "recipient_map_new_info": "受信者マップの宛先は有効なメールアドレスである必要があります。",
+        "recipient_map_new_info": "受信者マップの宛先は有効なメールアドレスまたはドメイン名である必要があります。",
         "recipient_map_old": "元の受信者",
         "recipient_map_old_info": "受信者マップの元の宛先は有効なメールアドレスまたはドメイン名である必要があります。",
         "recipient_maps": "受信者マップ",
diff --git a/data/web/lang/lang.ko-kr.json b/data/web/lang/lang.ko-kr.json
index a79793970..27b028cd4 100644
--- a/data/web/lang/lang.ko-kr.json
+++ b/data/web/lang/lang.ko-kr.json
@@ -673,9 +673,9 @@
         "recipient_map": "Recipient map",
         "recipient_map_info": "Recipient maps are used to replace the destination address on a message before it is delivered.",
         "recipient_map_new": "New recipient",
-        "recipient_map_new_info": "Recipient map destination must be a valid email address.",
+        "recipient_map_new_info": "Recipient map destination must be a valid email addresses or a domain name.",
         "recipient_map_old": "Original recipient",
-        "recipient_map_old_info": "A recipient maps original destination must be valid email addresses or a domain name.",
+        "recipient_map_old_info": "A recipient maps original destination must be a valid email addresses or a domain name.",
         "recipient_maps": "Recipient maps",
         "relay_all": "모든 수신자에게 릴레이",
         "remove": "Remove",
@@ -1018,4 +1018,4 @@
         "session_token": "Form token invalid: Token mismatch",
         "session_ua": "Form token invalid: User-Agent validation error"
     }
-}
\ No newline at end of file
+}
diff --git a/data/web/lang/lang.nl-nl.json b/data/web/lang/lang.nl-nl.json
index 79c8baa9a..e7308c379 100644
--- a/data/web/lang/lang.nl-nl.json
+++ b/data/web/lang/lang.nl-nl.json
@@ -764,7 +764,7 @@
         "recipient_map": "Ontvanger-map",
         "recipient_map_info": "Ontvanger-maps worden gebruikt om het doeladres van een bericht te vervangen voordat het in een mailbox terecht komt.",
         "recipient_map_new": "Nieuwe ontvanger",
-        "recipient_map_new_info": "De bestemming van een ontvanger-map dient een geldig mailadres te zijn.",
+        "recipient_map_new_info": "De bestemming van een ontvanger-map dient een geldig mailadres of domeinnaam te zijn.",
         "recipient_map_old": "Oorspronkelijke ontvanger",
         "recipient_map_old_info": "De oorspronkelijke bestemming van een ontvanger-map dient een geldig mailadres of domeinnaam te zijn.",
         "recipient_maps": "Ontvanger-maps",
@@ -1165,4 +1165,4 @@
         "search": "Zoeken:",
         "zeroRecords": "Geen overeenkomsten gevonden"
     }
-}
\ No newline at end of file
+}
diff --git a/data/web/lang/lang.pt-br.json b/data/web/lang/lang.pt-br.json
index b29298171..a8bdf06f4 100644
--- a/data/web/lang/lang.pt-br.json
+++ b/data/web/lang/lang.pt-br.json
@@ -882,7 +882,7 @@
         "recipient_map": "Mapa do destinatário",
         "recipient_map_info": "Os mapas de destinatários são usados para substituir o endereço de destino em uma mensagem antes que ela seja entregue.",
         "recipient_map_new": "Novo destinatário",
-        "recipient_map_new_info": "O destino do mapa do destinatário deve ser um endereço de e-mail válido.",
+        "recipient_map_new_info": "O destino do mapa do destinatário deve ser um endereço de e-mail válido ou um nome de domínio.",
         "recipient_map_old": "Destinatário original",
         "recipient_map_old_info": "O destino original do mapa de um destinatário deve ser um endereço de e-mail válido ou um nome de domínio.",
         "recipient_maps": "Mapas de destinatários",
@@ -1330,4 +1330,4 @@
         "session_token": "Token de formulário inválido: incompatibilidade de token",
         "session_ua": "Token de formulário inválido: erro de validação do agente de usuário"
     }
-}
\ No newline at end of file
+}
diff --git a/data/web/lang/lang.ro-ro.json b/data/web/lang/lang.ro-ro.json
index 0a3ef4ba3..9a8736c10 100644
--- a/data/web/lang/lang.ro-ro.json
+++ b/data/web/lang/lang.ro-ro.json
@@ -789,7 +789,7 @@
         "recipient_map": "Hartă destinatar",
         "recipient_map_info": "Hărțile destinatarilor sunt folosite pentru a înlocui adresa de destinație a unui mesaj înainte de a fi livrat.",
         "recipient_map_new": "Destinatar nou",
-        "recipient_map_new_info": "Destinația hărții destinatarului trebuie să fie o adresă de email validă.",
+        "recipient_map_new_info": "Destinația hărții destinatarului trebuie să fie adrese de email valide sau nume de domeniu.",
         "recipient_map_old": "Destinatar original",
         "recipient_map_old_info": "Destinația originală a hărților destinatarilor trebuie să fie adrese de email valide sau nume de domeniu.",
         "recipient_maps": "Hărți destinatar",
@@ -1208,4 +1208,4 @@
         "expand_all": "Expandează tot",
         "decimal": ","
     }
-}
\ No newline at end of file
+}
diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index a275d6dd5..6591a6028 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -887,7 +887,7 @@
         "recipient_map": "Перезапись получателя",
         "recipient_map_info": "Перезапись получателя используются для замены получателя в сообщении до его доставки.",
         "recipient_map_new": "Перезапись на",
-        "recipient_map_new_info": "Должен быть действующим почтовым ящиком.",
+        "recipient_map_new_info": "Должен быть действующим почтовым ящиком или доменом.",
         "recipient_map_old": "Получатель",
         "recipient_map_old_info": "Должен быть действующим почтовым ящиком или доменом.",
         "recipient_maps": "Перезапись получателя",
@@ -1336,4 +1336,4 @@
         "session_token": "Неверный токен формы: несоответствие токена",
         "session_ua": "Неверный токен формы: ошибка проверки User-Agent"
     }
-}
\ No newline at end of file
+}
diff --git a/data/web/lang/lang.sk-sk.json b/data/web/lang/lang.sk-sk.json
index 06343b732..d79b6ae03 100644
--- a/data/web/lang/lang.sk-sk.json
+++ b/data/web/lang/lang.sk-sk.json
@@ -822,7 +822,7 @@
         "recipient_map": "Mapa príjemcu",
         "recipient_map_info": "Mapy príjemcov sú používané ako náhrada cieľovej adresy u správy pred doručením.",
         "recipient_map_new": "Nový príjemca",
-        "recipient_map_new_info": "Mapový cieľ príjemcu musí byť platná emailová adresa.",
+        "recipient_map_new_info": "Mapový cieľ príjemcu musí byť platná emailová adresa alebo meno domény.",
         "recipient_map_old": "Originálny príjemca",
         "recipient_map_old_info": "Originálny cieľ mapy príjemcu musí byť platná emailová adresa alebo meno domény.",
         "recipient_maps": "Mapy príjemcov",
@@ -1256,4 +1256,4 @@
         "session_token": "Formulárový token neplatný: Tokenová nezhoda",
         "session_ua": "Formulárový token neplatný: User-Agent validation error"
     }
-}
\ No newline at end of file
+}
diff --git a/data/web/lang/lang.sv-se.json b/data/web/lang/lang.sv-se.json
index f9cf25d5e..7b1cf4994 100644
--- a/data/web/lang/lang.sv-se.json
+++ b/data/web/lang/lang.sv-se.json
@@ -726,7 +726,7 @@
         "recipient_map": "Mottagaromskrivning",
         "recipient_map_info": "En omskrivning av mottagaradressen används för att ersätta destinationsadressen i ett meddelande innan den levereras.",
         "recipient_map_new": "Ny mottagare",
-        "recipient_map_new_info": "Den ursprungliga mottagaren måste vara en giltig e-postadress.",
+        "recipient_map_new_info": "Den ursprungliga mottagaren måste vara en giltiga e-postadresser eller ett domännamn.",
         "recipient_map_old": "Ursprunglig mottagaren",
         "recipient_map_old_info": "Den ursprungliga mottagaren måste vara en giltiga e-postadresser eller ett domännamn.",
         "recipient_maps": "Skriv om mottagaradressen",
@@ -1110,4 +1110,4 @@
         "session_token": "Formulär-nyckeln är ogiltig: Nyckeln matchar inte",
         "session_ua": "Formulär-nyckeln är ogiltig: User-Agenten kunde inte valideras"
     }
-}
\ No newline at end of file
+}

From a6c38590cae713e1c8b54efd570092dbe45b9bc4 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Tue, 25 Feb 2025 09:23:10 +0100
Subject: [PATCH 484/755] rspamd: upgraded rspamd to 3.11.0-2 (incl. NIXSPAM
 Removal) (#6328)

---
 data/Dockerfiles/rspamd/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/rspamd/Dockerfile b/data/Dockerfiles/rspamd/Dockerfile
index 564ca2d72..248312094 100644
--- a/data/Dockerfiles/rspamd/Dockerfile
+++ b/data/Dockerfiles/rspamd/Dockerfile
@@ -2,7 +2,7 @@ FROM debian:bookworm-slim
 LABEL maintainer="The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG RSPAMD_VER=rspamd_3.11.0-1~90a175b45
+ARG RSPAMD_VER=rspamd_3.11.0-2~90a175b45
 ARG CODENAME=bookworm
 ENV LC_ALL=C
 

From 787fa49d0c060da5d330d1f104ff7bae666754b0 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 25 Feb 2025 12:08:21 +0100
Subject: [PATCH 485/755] prompt user before applying major updates

---
 update.sh | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/update.sh b/update.sh
index c11179c5e..94ffaf698 100755
--- a/update.sh
+++ b/update.sh
@@ -710,6 +710,43 @@ migrate_solr_config_options() {
   fi
 }
 
+detect_major_update() {
+  if [ ${BRANCH} == "master" ]; then
+    # Array with major versions
+    # Add major versions here
+    MAJOR_VERSIONS=(
+    )
+
+    current_version=$(git describe --tags $(git rev-list --tags --max-count=1))
+    release_url="https://github.com/mailcow/mailcow-dockerized/releases/tag"
+
+    updates_to_apply=()
+
+    for version in "${MAJOR_VERSIONS[@]}"; do
+      if [[ "$current_version" < "$version" ]]; then
+        updates_to_apply+=("$version")
+      fi
+    done
+
+    if [[ ${#updates_to_apply[@]} -gt 0 ]]; then
+      echo -e "\e[33m\nMAJOR UPDATES to be applied:\e[0m"
+      for update in "${updates_to_apply[@]}"; do
+        echo "$update - $release_url/$update"
+      done
+
+      echo -e "\n⚠️  Please read the release notes before proceeding.\n"
+
+      read -p "Do you want to proceed with the update? [y/n] " response
+      if [[ "${response}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+        echo "Proceeding with the update..."
+      else
+        echo "Update canceled. Exiting."
+        exit 1
+      fi
+    fi
+  fi
+}
+
 ############## End Function Section ##############
 
 # Check permissions
@@ -1345,6 +1382,7 @@ if [ ! "$FORCE" ]; then
     echo "OK, exiting."
     exit 0
   fi
+  detect_major_update
   migrate_docker_nat
 fi
 

From b77ff2f51ce3491beb5aee30434619ddc79aba73 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 26 Feb 2025 09:47:59 +0100
Subject: [PATCH 486/755] Add switch to legacy version

---
 data/web/templates/base.twig |  8 ++++++++
 generate_config.sh           |  8 ++++++++
 update.sh                    | 37 ++++++++++++++++++++++++++++++++++--
 3 files changed, 51 insertions(+), 2 deletions(-)

diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig
index 4d0a30251..87bdddab5 100644
--- a/data/web/templates/base.twig
+++ b/data/web/templates/base.twig
@@ -569,6 +569,14 @@ function recursiveBase64StrToArrayBuffer(obj) {
     <span style="text-align:right;display:block;">Build: {{ mailcow_info.git_commit_date }}</span>
   </span>
   {% endif %}
+  {% if mailcow_cc_username and mailcow_info.mailcow_branch|lower == "legacy" and mailcow_info.version_tag|default %}
+  <span class="version">
+    🛠️🐮 + 🐋 = 💕
+        Legacy: <a href="{{ mailcow_info.git_project_url }}/commit/{{ mailcow_info.git_commit }}" target="_blank">{{ mailcow_info.version_tag }}
+    </a><br>
+    <span style="text-align:right;display:block;">Build: {{ mailcow_info.git_commit_date }}</span>
+  </span>
+  {% endif %}
 </div>
 </body>
 </html>
diff --git a/generate_config.sh b/generate_config.sh
index 052764a6b..e9a82ff5a 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -181,11 +181,15 @@ if [[ ${SKIP_BRANCH} != y ]]; then
   echo "Available Branches:"
   echo "- master branch (stable updates) | default, recommended [1]"
   echo "- nightly branch (unstable updates, testing) | not-production ready [2]"
+  echo "- legacy branch (supported until February 2026) | deprecated, security updates only [3]"
   sleep 1
 
   while [ -z "${MAILCOW_BRANCH}" ]; do
     read -r -p  "Choose the Branch with it's number [1/2] " branch
     case $branch in
+      [3])
+        MAILCOW_BRANCH="legacy"
+        ;;
       [2])
         MAILCOW_BRANCH="nightly"
         ;;
@@ -534,6 +538,10 @@ case ${git_branch} in
     mailcow_git_version=$(git rev-parse --short $(git rev-parse @{upstream}))
     mailcow_last_git_version=""
     ;;
+  legacy)
+    mailcow_git_version=$(git rev-parse --short $(git rev-parse @{upstream}))
+    mailcow_last_git_version=""
+    ;;
   *)
     mailcow_git_version=$(git rev-parse --short HEAD)
     mailcow_last_git_version=""
diff --git a/update.sh b/update.sh
index c11179c5e..985d2cd1c 100755
--- a/update.sh
+++ b/update.sh
@@ -845,8 +845,12 @@ while (($#)); do
       echo -e "\e[32mRunning in Developer mode...\e[0m"
       DEV=y
     ;;
+    --legacy)
+      CURRENT_BRANCH="$(cd "${SCRIPT_DIR}"; git rev-parse --abbrev-ref HEAD)"
+      NEW_BRANCH="legacy"
+    ;;
     --help|-h)
-    echo './update.sh [-c|--check, --check-tags, --ours, --gc, --nightly, --prefetch, --skip-start, --skip-ping-check, --stable, -f|--force, -d|--dev, -h|--help]
+    echo './update.sh [-c|--check, --check-tags, --ours, --gc, --nightly, --prefetch, --skip-start, --skip-ping-check, --stable, --legacy, -f|--force, -d|--dev, -h|--help]
 
   -c|--check           -   Check for updates and exit (exit codes => 0: update available, 3: no updates)
   --check-tags         -   Check for newer tags and exit (exit codes => 0: newer tag available, 3: no newer tag)
@@ -856,7 +860,8 @@ while (($#)); do
   --prefetch           -   Only prefetch new images and exit (useful to prepare updates)
   --skip-start         -   Do not start mailcow after update
   --skip-ping-check    -   Skip ICMP Check to public DNS resolvers (Use it only if you'\''ve blocked any ICMP Connections to your mailcow machine)
-  --stable             -   Switch your mailcow updates to the stable (master) branch. Default unless you changed it with --nightly.
+  --stable             -   Switch your mailcow updates to the stable (master) branch. Default unless you changed it with --nightly or --legacy.
+  --legacy             -   Switch your mailcow updates to the legacy branch. The legacy branch will only recieve security updates until February 2026.
   -f|--force           -   Force update, do not ask questions
   -d|--dev             -   Enables Developer Mode (No Checkout of update.sh for tests)
 '
@@ -1262,6 +1267,11 @@ if ! [ "$NEW_BRANCH" ]; then
     sleep 1
     echo -e "\e[33mTo change that run the update.sh Script one time with the --stable parameter to switch to stable builds.\e[0m"
 
+  elif [ "${BRANCH}" == "legcy" ]; then
+    echo -e "\e[31mYou are receiving legacy updates. The legacy branch will only recieve security updates until February 2026.\e[0m"
+    sleep 1
+    echo -e "\e[33mTo change that run the update.sh Script one time with the --stable parameter to switch to stable builds.\e[0m"
+
   else
     echo -e "\e[33mYou are receiving updates from an unsupported branch.\e[0m"
     sleep 1
@@ -1324,6 +1334,29 @@ elif [ "$NEW_BRANCH" == "nightly" ] && [ "$CURRENT_BRANCH" != "nightly" ]; then
   fi
   git fetch origin
   git checkout -f "${BRANCH}"
+elif [ "$NEW_BRANCH" == "legacy" ] && [ "$CURRENT_BRANCH" != "legacy" ]; then
+  echo -e "\e[33mYou are about to switch your mailcow Updates to the legacy branch.\e[0m"
+  sleep 1
+  echo -e "\e[33mBefore you do: Please take a backup of all components to ensure that no Data is lost...\e[0m"
+  sleep 1
+  echo -e "\e[31mWARNING: A switch to stable or nightly is possible any time.\e[0m"
+  read -r -p "Are you sure you that want to continue upgrading to the legacy branch? [y/N] " response
+  if [[ ! "${response}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+    echo "OK. If you prepared yourself for that please run the update.sh Script with the --legacy parameter again to trigger this process here."
+    exit 0
+  fi
+  BRANCH=$NEW_BRANCH
+  DIFF_DIRECTORY=update_diffs
+  DIFF_FILE=${DIFF_DIRECTORY}/diff_before_upgrade_to_legacy_$(date +"%Y-%m-%d-%H-%M-%S")
+  mv diff_before_upgrade* ${DIFF_DIRECTORY}/ 2> /dev/null
+  if ! git diff-index --quiet HEAD; then
+    echo -e "\e[32mSaving diff to ${DIFF_FILE}...\e[0m"
+    mkdir -p ${DIFF_DIRECTORY}
+    git diff "${BRANCH}" --stat > "${DIFF_FILE}"
+    git diff "${BRANCH}" >> "${DIFF_FILE}"
+  fi
+  git fetch origin
+  git checkout -f "${BRANCH}"
 fi
 
 if [ ! "$DEV" ]; then

From 8d0c03b2fcaea088e1ece18faccde9a2d404a13d Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 26 Feb 2025 10:39:41 +0100
Subject: [PATCH 487/755] small adjustment for legacy version

---
 data/web/templates/base.twig | 2 +-
 generate_config.sh           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig
index 87bdddab5..eb8d3711a 100644
--- a/data/web/templates/base.twig
+++ b/data/web/templates/base.twig
@@ -571,7 +571,7 @@ function recursiveBase64StrToArrayBuffer(obj) {
   {% endif %}
   {% if mailcow_cc_username and mailcow_info.mailcow_branch|lower == "legacy" and mailcow_info.version_tag|default %}
   <span class="version">
-    🛠️🐮 + 🐋 = 💕
+    ⚰️🐮 + 🐋 = 💕
         Legacy: <a href="{{ mailcow_info.git_project_url }}/commit/{{ mailcow_info.git_commit }}" target="_blank">{{ mailcow_info.version_tag }}
     </a><br>
     <span style="text-align:right;display:block;">Build: {{ mailcow_info.git_commit_date }}</span>
diff --git a/generate_config.sh b/generate_config.sh
index e9a82ff5a..c7a7cb64f 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -185,7 +185,7 @@ if [[ ${SKIP_BRANCH} != y ]]; then
   sleep 1
 
   while [ -z "${MAILCOW_BRANCH}" ]; do
-    read -r -p  "Choose the Branch with it's number [1/2] " branch
+    read -r -p  "Choose the Branch with it's number [1/2/3] " branch
     case $branch in
       [3])
         MAILCOW_BRANCH="legacy"

From 704dd50262215da1d696739ddd6b04f6e2746e45 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 26 Feb 2025 15:20:57 +0100
Subject: [PATCH 488/755] compose: use ghcr.io for new/current mailcow docker
 images instead of docker hub (#6332)

---
 docker-compose.yml | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index cec1fbca1..adb57f9b5 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,7 @@
 services:
 
     unbound-mailcow:
-      image: mailcow/unbound:1.23
+      image: ghcr.io/mailcow/unbound:1.23
       environment:
         - TZ=${TZ}
         - SKIP_UNBOUND_HEALTHCHECK=${SKIP_UNBOUND_HEALTHCHECK:-n}
@@ -65,7 +65,7 @@ services:
             - redis
 
     clamd-mailcow:
-      image: mailcow/clamd:1.70
+      image: ghcr.io/mailcow/clamd:1.70
       restart: always
       depends_on:
         unbound-mailcow:
@@ -84,7 +84,7 @@ services:
             - clamd
 
     rspamd-mailcow:
-      image: mailcow/rspamd:2.0
+      image: ghcr.io/mailcow/rspamd:2.0
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow
@@ -117,7 +117,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.92
+      image: ghcr.io/mailcow/phpfpm:1.92
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow
@@ -183,7 +183,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.129
+      image: ghcr.io/mailcow/sogo:1.129
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}
@@ -234,7 +234,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:2.31
+      image: ghcr.io/mailcow/dovecot:2.31
       depends_on:
         - mysql-mailcow
         - netfilter-mailcow
@@ -321,7 +321,7 @@ services:
             - dovecot
 
     postfix-mailcow:
-      image: mailcow/postfix:1.80
+      image: ghcr.io/mailcow/postfix:1.80
       depends_on:
         mysql-mailcow:
           condition: service_started
@@ -377,7 +377,7 @@ services:
         - php-fpm-mailcow
         - sogo-mailcow
         - rspamd-mailcow
-      image: mailcow/nginx:1.03
+      image: ghcr.io/mailcow/nginx:1.03
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:
@@ -419,7 +419,7 @@ services:
           condition: service_started
         unbound-mailcow:
           condition: service_healthy
-      image: mailcow/acme:1.91
+      image: ghcr.io/mailcow/acme:1.91
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:
@@ -457,7 +457,7 @@ services:
             - acme
 
     netfilter-mailcow:
-      image: mailcow/netfilter:1.61
+      image: ghcr.io/mailcow/netfilter:1.61
       stop_grace_period: 30s
       restart: always
       privileged: true
@@ -477,7 +477,7 @@ services:
         - /lib/modules:/lib/modules:ro
 
     watchdog-mailcow:
-      image: mailcow/watchdog:2.06
+      image: ghcr.io/mailcow/watchdog:2.06
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       tmpfs:
@@ -549,7 +549,7 @@ services:
             - watchdog
 
     dockerapi-mailcow:
-      image: mailcow/dockerapi:2.10
+      image: ghcr.io/mailcow/dockerapi:2.10
       security_opt:
         - label=disable
       restart: always
@@ -569,7 +569,7 @@ services:
             - dockerapi
 
     olefy-mailcow:
-      image: mailcow/olefy:1.13
+      image: ghcr.io/mailcow/olefy:1.13
       restart: always
       environment:
         - TZ=${TZ}

From 3d9cc2f6dd5aa950977ee9fb59e13ad212c3f57e Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 27 Feb 2025 08:14:34 +0100
Subject: [PATCH 489/755] add 2025-02 to major versions

---
 update.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/update.sh b/update.sh
index 94ffaf698..9cfb02fd1 100755
--- a/update.sh
+++ b/update.sh
@@ -715,6 +715,7 @@ detect_major_update() {
     # Array with major versions
     # Add major versions here
     MAJOR_VERSIONS=(
+      "2025-02"
     )
 
     current_version=$(git describe --tags $(git rev-list --tags --max-count=1))

From 35a6f81d0d4f97375274d0e6f4fb03819b7cb642 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 27 Feb 2025 09:28:52 +0100
Subject: [PATCH 490/755] [Redis] use 7.4.2-alpine image

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index adb57f9b5..4c470f5bd 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -42,7 +42,7 @@ services:
             - mysql
 
     redis-mailcow:
-      image: redis:7-alpine
+      image: redis:7.4.2-alpine
       entrypoint: ["/bin/sh","/redis-conf.sh"]
       volumes:
         - redis-vol-1:/data/

From 3c9d0c9d577a3ac8a159a34c7851b14cd6d4ecb1 Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Thu, 27 Feb 2025 10:58:23 +0100
Subject: [PATCH 491/755] use ghcr.io for backupimage (#6333)

* use ghcr.io for backup image

* backup script: use renamed script + improved build of image

---------

Co-authored-by: DerLinkman <niklas.meyer@servercow.de>
---
 .github/workflows/rebuild_backup_image.yml | 14 +++++++++-----
 data/Dockerfiles/backup/Dockerfile         |  2 +-
 helper-scripts/backup_and_restore.sh       |  2 +-
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/rebuild_backup_image.yml b/.github/workflows/rebuild_backup_image.yml
index bf5caddf0..111b055de 100644
--- a/.github/workflows/rebuild_backup_image.yml
+++ b/.github/workflows/rebuild_backup_image.yml
@@ -9,6 +9,8 @@ on:
 jobs:
   docker_image_build:
     runs-on: ubuntu-latest
+    permissions:
+      packages: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -19,17 +21,19 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Login to Docker Hub
+      - name: Login to GHCR
+        if: github.event_name != 'pull_request'
         uses: docker/login-action@v3
         with:
-          username: ${{ secrets.BACKUPIMAGEBUILD_ACTION_DOCKERHUB_USERNAME }}
-          password: ${{ secrets.BACKUPIMAGEBUILD_ACTION_DOCKERHUB_TOKEN }}
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v5
         with:
           context: .
           platforms: linux/amd64,linux/arm64
           file: data/Dockerfiles/backup/Dockerfile
           push: true
-          tags: mailcow/backup:latest
+          tags: ghcr.io/mailcow/backup:latest
\ No newline at end of file
diff --git a/data/Dockerfiles/backup/Dockerfile b/data/Dockerfiles/backup/Dockerfile
index 61c8bbe58..6234e725b 100644
--- a/data/Dockerfiles/backup/Dockerfile
+++ b/data/Dockerfiles/backup/Dockerfile
@@ -1,3 +1,3 @@
 FROM debian:bookworm-slim
 
-RUN apt update && apt install pigz
\ No newline at end of file
+RUN apt update && apt install pigz -y --no-install-recommends
\ No newline at end of file
diff --git a/helper-scripts/backup_and_restore.sh b/helper-scripts/backup_and_restore.sh
index 581a84091..0cb37fce3 100755
--- a/helper-scripts/backup_and_restore.sh
+++ b/helper-scripts/backup_and_restore.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-DEBIAN_DOCKER_IMAGE="mailcow/backup:latest"
+DEBIAN_DOCKER_IMAGE="ghcr.io/mailcow/backup:latest"
 
 if [[ ! -z ${MAILCOW_BACKUP_LOCATION} ]]; then
   BACKUP_LOCATION="${MAILCOW_BACKUP_LOCATION}"

From a4c2cf4c67fa4a73ca4d933e675a8c58c00618ba Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 27 Feb 2025 11:44:52 +0100
Subject: [PATCH 492/755] scripts: adapted new docker image names to
 docker_garbage function + removed dup

---
 helper-scripts/_cold-standby.sh | 40 ---------------------------------
 update.sh                       | 16 ++++++++++---
 2 files changed, 13 insertions(+), 43 deletions(-)

diff --git a/helper-scripts/_cold-standby.sh b/helper-scripts/_cold-standby.sh
index e2e5f1556..9e7362ec6 100755
--- a/helper-scripts/_cold-standby.sh
+++ b/helper-scripts/_cold-standby.sh
@@ -10,46 +10,6 @@ echo "If this script is run automatically by cron or a timer AND you are using b
 echo "The snapshots of your backup destination should run AFTER the cold standby script finished to ensure consistent snapshots."
 echo
 
-function docker_garbage() {
-  IMGS_TO_DELETE=()
-
-  for container in $(grep -oP "image: \Kmailcow.+" docker-compose.yml); do
-
-    REPOSITORY=${container/:*}
-    TAG=${container/*:}
-    V_MAIN=${container/*.}
-    V_SUB=${container/*.}
-    EXISTING_TAGS=$(docker images | grep ${REPOSITORY} | awk '{ print $2 }')
-
-    for existing_tag in ${EXISTING_TAGS[@]}; do
-
-      V_MAIN_EXISTING=${existing_tag/*.}
-      V_SUB_EXISTING=${existing_tag/*.}
-
-      # Not an integer
-      [[ ! ${V_MAIN_EXISTING} =~ ^[0-9]+$ ]] && continue
-      [[ ! ${V_SUB_EXISTING} =~ ^[0-9]+$ ]] && continue
-
-      if [[ ${V_MAIN_EXISTING} == "latest" ]]; then
-        echo "Found deprecated label \"latest\" for repository ${REPOSITORY}, it should be deleted."
-        IMGS_TO_DELETE+=(${REPOSITORY}:${existing_tag})
-      elif [[ ${V_MAIN_EXISTING} -lt ${V_MAIN} ]]; then
-        echo "Found tag ${existing_tag} for ${REPOSITORY}, which is older than the current tag ${TAG} and should be deleted."
-        IMGS_TO_DELETE+=(${REPOSITORY}:${existing_tag})
-      elif [[ ${V_SUB_EXISTING} -lt ${V_SUB} ]]; then
-        echo "Found tag ${existing_tag} for ${REPOSITORY}, which is older than the current tag ${TAG} and should be deleted."
-        IMGS_TO_DELETE+=(${REPOSITORY}:${existing_tag})
-      fi
-
-    done
-
-  done
-
-  if [[ ! -z ${IMGS_TO_DELETE[*]} ]]; then
-    docker rmi ${IMGS_TO_DELETE[*]}
-  fi
-}
-
 function preflight_local_checks() {
   if [[ -z "${REMOTE_SSH_KEY}" ]]; then
     >&2 echo -e "\e[31mREMOTE_SSH_KEY is not set\e[0m"
diff --git a/update.sh b/update.sh
index 9cfb02fd1..27972e82a 100755
--- a/update.sh
+++ b/update.sh
@@ -36,13 +36,23 @@ docker_garbage() {
   IMGS_TO_DELETE=()
 
   declare -A IMAGES_INFO
-  COMPOSE_IMAGES=($(grep -oP "image: \Kmailcow.+" "${SCRIPT_DIR}/docker-compose.yml"))
+  # Erfasse alle in docker-compose verwendeten Images (sowohl mailcow/... als auch ghcr.io/mailcow/...)
+  COMPOSE_IMAGES=($(grep -oP "image: \K(ghcr\.io/)?mailcow.+" "${SCRIPT_DIR}/docker-compose.yml"))
 
-  for existing_image in $(docker images --format "{{.ID}}:{{.Repository}}:{{.Tag}}" | grep 'mailcow/'); do
+  # Durchlaufe alle vorhandenen Images, die mailcow/ oder ghcr.io/mailcow/ beinhalten
+  for existing_image in $(docker images --format "{{.ID}}:{{.Repository}}:{{.Tag}}" | grep -E '(mailcow/|ghcr\.io/mailcow/)'); do
       ID=$(echo "$existing_image" | cut -d ':' -f 1)
       REPOSITORY=$(echo "$existing_image" | cut -d ':' -f 2)
       TAG=$(echo "$existing_image" | cut -d ':' -f 3)
 
+      # Für das Image mailcow/backup: nur löschen, wenn es untagged ist (TAG gleich "<none>")
+      if [[ "$REPOSITORY" == "mailcow/backup" || "$REPOSITORY" == "ghcr.io/mailcow/backup" ]]; then
+          if [[ "$TAG" != "<none>" ]]; then
+              continue
+          fi
+      fi
+
+      # Überspringe Images, die in der docker-compose.yml verwendet werden
       if [[ " ${COMPOSE_IMAGES[@]} " =~ " ${REPOSITORY}:${TAG} " ]]; then
           continue
       else
@@ -57,7 +67,7 @@ docker_garbage() {
           echo "    ${IMAGES_INFO[$id]} ($id)"
       done
 
-      if [ ! $FORCE ]; then
+      if [ -z "$FORCE" ]; then
           read -r -p "Do you want to delete them to free up some space? [y/N] " response
           if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
               docker rmi ${IMGS_TO_DELETE[*]}

From 5296085189fd6ca6938734a0a112b53d41b9adc0 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 27 Feb 2025 11:47:08 +0100
Subject: [PATCH 493/755] update.sh: corrected typos inside update.sh

---
 update.sh | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/update.sh b/update.sh
index 27972e82a..838899f8b 100755
--- a/update.sh
+++ b/update.sh
@@ -36,23 +36,19 @@ docker_garbage() {
   IMGS_TO_DELETE=()
 
   declare -A IMAGES_INFO
-  # Erfasse alle in docker-compose verwendeten Images (sowohl mailcow/... als auch ghcr.io/mailcow/...)
   COMPOSE_IMAGES=($(grep -oP "image: \K(ghcr\.io/)?mailcow.+" "${SCRIPT_DIR}/docker-compose.yml"))
 
-  # Durchlaufe alle vorhandenen Images, die mailcow/ oder ghcr.io/mailcow/ beinhalten
   for existing_image in $(docker images --format "{{.ID}}:{{.Repository}}:{{.Tag}}" | grep -E '(mailcow/|ghcr\.io/mailcow/)'); do
       ID=$(echo "$existing_image" | cut -d ':' -f 1)
       REPOSITORY=$(echo "$existing_image" | cut -d ':' -f 2)
       TAG=$(echo "$existing_image" | cut -d ':' -f 3)
 
-      # Für das Image mailcow/backup: nur löschen, wenn es untagged ist (TAG gleich "<none>")
       if [[ "$REPOSITORY" == "mailcow/backup" || "$REPOSITORY" == "ghcr.io/mailcow/backup" ]]; then
           if [[ "$TAG" != "<none>" ]]; then
               continue
           fi
       fi
 
-      # Überspringe Images, die in der docker-compose.yml verwendet werden
       if [[ " ${COMPOSE_IMAGES[@]} " =~ " ${REPOSITORY}:${TAG} " ]]; then
           continue
       else

From 70190e52301197eb05b4a58f220db66457d27710 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Fri, 28 Feb 2025 15:38:05 +0100
Subject: [PATCH 494/755] rspamd: remove .info from fishy tlds (default)

---
 data/conf/rspamd/custom/fishy_tlds.map | 1 -
 1 file changed, 1 deletion(-)

diff --git a/data/conf/rspamd/custom/fishy_tlds.map b/data/conf/rspamd/custom/fishy_tlds.map
index 1b8b2b0d7..f19f70da5 100644
--- a/data/conf/rspamd/custom/fishy_tlds.map
+++ b/data/conf/rspamd/custom/fishy_tlds.map
@@ -24,7 +24,6 @@
 /.+\.guru$/i
 /.+\.icu$/i
 /.+\.id$/i
-/.+\.info$/i
 /.+\.in.net$/i
 /.+\.ir$/i
 /.+\.jetzt$/i

From 4bd267515ac9c08ae967c0a20315b32b5cf595b6 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sat, 1 Mar 2025 13:32:21 +0100
Subject: [PATCH 495/755] update postscreen_access.cidr (#6345)

---
 data/conf/postfix/postscreen_access.cidr | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr
index 69be54247..c6ed2be93 100644
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@@ -1,6 +1,6 @@
-# Whitelist generated by Postwhite v3.4 on Sat Feb  1 00:18:03 UTC 2025
+# Whitelist generated by Postwhite v3.4 on Sat Mar  1 00:19:29 UTC 2025
 # https://github.com/stevejenkins/postwhite/
-# 1984 total rules
+# 2000 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
 2a01:111:f403:8000::/50	permit
@@ -8,6 +8,13 @@
 2a01:111:f403::/49	permit
 2a01:111:f403:c000::/51	permit
 2a01:111:f403:f000::/52	permit
+2a01:b747:3000:200::/56	permit
+2a01:b747:3001:200::/56	permit
+2a01:b747:3002:200::/56	permit
+2a01:b747:3003:200::/56	permit
+2a01:b747:3004:200::/56	permit
+2a01:b747:3005:200::/56	permit
+2a01:b747:3006:200::/56	permit
 2a02:a60:0:5::/64	permit
 2c0f:fb50:4000::/36	permit
 2.207.151.53	permit
@@ -19,7 +26,6 @@
 8.20.114.31	permit
 8.25.194.0/23	permit
 8.25.196.0/23	permit
-10.162.0.0/16	permit
 12.130.86.238	permit
 13.110.208.0/21	permit
 13.110.209.0/24	permit
@@ -35,7 +41,9 @@
 17.57.156.0/24	permit
 17.58.0.0/16	permit
 17.142.0.0/15	permit
-17.143.234.140/30	permit
+18.97.0.8/30	permit
+18.97.1.184/29	permit
+18.97.2.64/26	permit
 18.156.89.250	permit
 18.157.243.190	permit
 18.194.95.56	permit
@@ -283,6 +291,9 @@
 64.207.219.13	permit
 64.207.219.14	permit
 64.207.219.15	permit
+64.207.219.24	permit
+64.207.219.25	permit
+64.207.219.26	permit
 64.207.219.71	permit
 64.207.219.72	permit
 64.207.219.73	permit
@@ -292,6 +303,9 @@
 64.207.219.77	permit
 64.207.219.78	permit
 64.207.219.79	permit
+64.207.219.88	permit
+64.207.219.89	permit
+64.207.219.90	permit
 64.207.219.135	permit
 64.207.219.136	permit
 64.207.219.137	permit
@@ -1464,6 +1478,8 @@
 159.135.224.0/20	permit
 159.135.228.10	permit
 159.183.0.0/16	permit
+159.183.68.71	permit
+159.183.79.38	permit
 160.1.62.192	permit
 161.38.192.0/20	permit
 161.38.204.0/22	permit

From 81803836f073b355f7d86f703e2265c3c365ff0a Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Mon, 3 Mar 2025 22:49:23 +0100
Subject: [PATCH 496/755] [Web] Updated lang.ko-kr.json (#6350)

Co-authored-by: dongsu8142 <dongsu8142@naver.com>
---
 data/web/lang/lang.ko-kr.json | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/data/web/lang/lang.ko-kr.json b/data/web/lang/lang.ko-kr.json
index 27b028cd4..4bc14ab69 100644
--- a/data/web/lang/lang.ko-kr.json
+++ b/data/web/lang/lang.ko-kr.json
@@ -25,7 +25,10 @@
         "syncjobs": "동기화 작업",
         "tls_policy": "TLS 정책",
         "unlimited_quota": "메일에 무제한 할당",
-        "domain_desc": "도메인 설명 변경"
+        "domain_desc": "도메인 설명 변경",
+        "pw_reset": "mailcow 사용자 비밀번호 재설정 허용",
+        "domain_relayhost": "도메인의 릴레이 호스트 변경",
+        "mailbox_relayhost": "메일함의 릴레이 호스트 변경"
     },
     "add": {
         "activate_filter_warn": "활성화가 체크되어 있으면 모든 다른 필터들은 비활성화됩니다.",

From 79f4cf40211afc9c5010acb3c888a96bfff44a17 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 5 Mar 2025 16:35:46 +0100
Subject: [PATCH 497/755] chore(deps): update docker/build-push-action action
 to v6 (#6334)

---
 .github/workflows/rebuild_backup_image.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/rebuild_backup_image.yml b/.github/workflows/rebuild_backup_image.yml
index 111b055de..adf69eb35 100644
--- a/.github/workflows/rebuild_backup_image.yml
+++ b/.github/workflows/rebuild_backup_image.yml
@@ -30,7 +30,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           platforms: linux/amd64,linux/arm64

From 0435766c171f6ede78c6b57e15ac543bb42a5a64 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Wed, 5 Mar 2025 17:43:37 +0100
Subject: [PATCH 498/755] [Web] Updated lang.ko-kr.json (#6353)

Co-authored-by: dongsu8142 <dongsu8142@naver.com>
---
 data/web/lang/lang.ko-kr.json | 88 ++++++++++++++++++++++++++++++++---
 1 file changed, 81 insertions(+), 7 deletions(-)

diff --git a/data/web/lang/lang.ko-kr.json b/data/web/lang/lang.ko-kr.json
index 4bc14ab69..546ccdfcc 100644
--- a/data/web/lang/lang.ko-kr.json
+++ b/data/web/lang/lang.ko-kr.json
@@ -28,7 +28,8 @@
         "domain_desc": "도메인 설명 변경",
         "pw_reset": "mailcow 사용자 비밀번호 재설정 허용",
         "domain_relayhost": "도메인의 릴레이 호스트 변경",
-        "mailbox_relayhost": "메일함의 릴레이 호스트 변경"
+        "mailbox_relayhost": "메일함의 릴레이 호스트 변경",
+        "quarantine_category": "검역소 알림 카테고리 변경"
     },
     "add": {
         "activate_filter_warn": "활성화가 체크되어 있으면 모든 다른 필터들은 비활성화됩니다.",
@@ -104,7 +105,9 @@
         "timeout2": "로컬 호스트 연결 시간 초과",
         "username": "사용자명",
         "validate": "확인하기",
-        "validation_success": "성공적으로 확인됨"
+        "validation_success": "성공적으로 확인됨",
+        "tags": "태그",
+        "app_passwd_protocols": "앱 비밀번호에 대해 허용되는 프로토콜"
     },
     "admin": {
         "access": "접근",
@@ -304,7 +307,50 @@
         "username": "사용자 이름",
         "validate_license_now": "라이선스 서버와 GUID 확인",
         "verify": "확인",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "domain_admin": "도메인 관리자",
+        "f2b_filter": "정규식 필터",
+        "f2b_manage_external": "외부에서 Fail2Ban 관리",
+        "f2b_max_ban_time": "최대 차단 시간(초)",
+        "f2b_regex_info": "고려되는 로그: SOGo, Postfix, Dovecot, PHP-FPM.",
+        "html": "HTML",
+        "oauth2_apps": "OAuth2 앱",
+        "oauth2_add_client": "OAuth2 클라이언트 추가",
+        "optional": "선택 사항",
+        "options": "옵션",
+        "password_length": "비밀번호 길이",
+        "password_policy_chars": "하나 이상의 알파벳 문자를 포함해야 합니다.",
+        "password_policy_length": "최소 암호 길이가 %d입니다.",
+        "password_policy_numbers": "숫자 하나 이상을 포함해야 합니다.",
+        "password_policy_special_chars": "특수 문자를 포함해야 합니다.",
+        "password_reset_info": "복구 이메일이 제공되지 않으면 이 기능을 사용할 수 없습니다.",
+        "password_reset_settings": "비밀번호 복구 설정",
+        "password_reset_tmpl_html": "HTML 템플릿",
+        "password_reset_tmpl_text": "Text 템플릿",
+        "password_settings": "비밀번호 설정",
+        "queue_unban": "차단 해제",
+        "restore_template": "기본 템플릿을 복원하려면 비워둡니다.",
+        "service": "서비스",
+        "success": "성공",
+        "dkim_overwrite_key": "기존 DKIM 키 덮어쓰기",
+        "f2b_ban_time_increment": "차단 시간은 차단될 때마다 증가합니다.",
+        "password_policy": "비밀번호 정책",
+        "quarantine_max_score": "메일의 스팸 점수가 이 값보다 높으면 알림을 삭제합니다:<br><small>기본값: 9999.0</small>",
+        "f2b_manage_external_info": "Fail2ban은 차단 목록을 유지하지만 트래픽을 차단하는 규칙을 능동적으로 설정하지는 않습니다. 트래픽을 외부에서 차단하려면 아래 생성된 차단 목록을 사용하세요.",
+        "password_policy_lowerupper": "소문자 및 대문자를 포함해야 합니다.",
+        "transport_test_rcpt_info": "&#8226; null@hosted.mailcow.de 을 사용하여 해외 목적지로 릴레이를 테스트하세요.",
+        "ip_check_disabled": "IP 확인이 비활성화됩니다. 아래에서 활성화할 수 있습니다<br> <strong>시스템 > 구성 > 옵션 > 사용자 정의</strong>",
+        "logo_normal_label": "일반",
+        "logo_dark_label": "다크 모드의 경우 반전",
+        "convert_html_to_text": "HTML을 일반 텍스트로 변환",
+        "copy_to_clipboard": "클립보드에 텍스트가 복사되었습니다!",
+        "cors_settings": "CORS 설정",
+        "rsettings_preset_4": "도메인에 대해 Rspamd 비활성화",
+        "ip_check": "IP 확인",
+        "admins": "관리자",
+        "admins_ldap": "LDAP 관리자",
+        "api_read_only": "읽기 전용 액세스",
+        "api_read_write": "읽기-쓰기 액세스"
     },
     "danger": {
         "access_denied": "접근이 거부되거나 잘못된 데이터 양식",
@@ -418,7 +464,28 @@
         "username_invalid": "%s는 사용지 이름으로 사용할 수 없습니다.",
         "validity_missing": "유효 기간을 지정해주세요.",
         "value_missing": "모든 값을 입력해주세요.",
-        "yotp_verification_failed": "Yubico OTP 검증 실패: %s"
+        "yotp_verification_failed": "Yubico OTP 검증 실패: %s",
+        "dkim_domain_or_sel_exists": "“%s\"에 대한 DKIM 키가 존재하며 덮어쓰지 않습니다.",
+        "img_size_exceeded": "이미지가 최대 파일 크기를 초과합니다.",
+        "invalid_reset_token": "잘못된 리셋 토큰",
+        "nginx_reload_failed": "Nginx 리로드 실패: %s",
+        "password_reset_na": "현재 비밀번호 복구를 사용할 수 없습니다. 관리자에게 문의하세요.",
+        "reset_f2b_regex": "정규식 필터를 제때 재설정하지 못했습니다. 다시 시도하거나 몇 초 더 기다렸다가 웹사이트를 다시 로드하세요.",
+        "template_exists": "템플릿 %s이(가) 이미 존재합니다.",
+        "template_id_invalid": "템플릿 ID %s가 잘못되었습니다.",
+        "template_name_invalid": "템플릿 이름이 잘못되었습니다.",
+        "tfa_token_invalid": "TFA 토큰이 유효하지 않습니다.",
+        "to_invalid": "수신자가 비어 있지 않아야 합니다.",
+        "webauthn_authenticator_failed": "선택한 인증기를 찾을 수 없습니다.",
+        "webauthn_username_failed": "선택한 인증기가 다른 계정에 속해 있습니다.",
+        "demo_mode_enabled": "데모 모드가 활성화됨",
+        "recovery_email_failed": "복구 이메일을 보낼 수 없습니다. 관리자에게 문의하세요.",
+        "password_reset_invalid_user": "사서함을 찾을 수 없거나 복구 이메일이 설정되어 있지 않습니다.",
+        "webauthn_publickey_failed": "선택한 인증기에 대한 공개 키가 저장되지 않았습니다.",
+        "fido2_verification_failed": "FIDO2 인증 실패: %s",
+        "extended_sender_acl_denied": "외부 발신자 주소를 설정하는 ACL 누락",
+        "img_dimensions_exceeded": "이미지가 최대 이미지 크기를 초과합니다.",
+        "reset_token_limit_exceeded": "토큰 재설정 한도를 초과했습니다. 나중에 다시 시도해 주세요."
     },
     "debug": {
         "chart_this_server": "Chart (this server)",
@@ -437,7 +504,9 @@
         "uptime": "Uptime",
         "started_on": "Started on",
         "static_logs": "Static logs",
-        "system_containers": "System & Containers"
+        "system_containers": "System & Containers",
+        "current_time": "시스템 시간",
+        "no_update_available": "시스템이 최신 버전입니다."
     },
     "diagnostics": {
         "cname_from_a": "Value derived from A/AAAA record. This is supported as long as the record points to the correct resource.",
@@ -563,13 +632,14 @@
     "header": {
         "administration": "Configuration & Details",
         "apps": "Apps",
-        "debug": "System Information",
+        "debug": "정보",
         "email": "E-Mail",
         "mailcow_config": "Configuration",
         "quarantine": "Quarantine",
         "restart_netfilter": "Restart netfilter",
         "restart_sogo": "Restart SOGo",
-        "user_settings": "User Settings"
+        "user_settings": "User Settings",
+        "mailcow_system": "시스템"
     },
     "info": {
         "awaiting_tfa_confirmation": "Awaiting TFA confirmation",
@@ -1020,5 +1090,9 @@
         "quota_exceeded_scope": "Domain quota exceeded: Only unlimited mailboxes can be created in this domain scope.",
         "session_token": "Form token invalid: Token mismatch",
         "session_ua": "Form token invalid: User-Agent validation error"
+    },
+    "datatables": {
+        "collapse_all": "모두 접기",
+        "decimal": "."
     }
 }

From 8761d8fc47bc43b1a97fd7e08670586145f2c259 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 7 Mar 2025 09:54:35 +0100
Subject: [PATCH 499/755] [Web] Fix app layout issue

---
 data/web/css/build/015-responsive.css     | 32 ++++-------------------
 data/web/templates/admin_index.twig       |  2 +-
 data/web/templates/domainadmin_index.twig |  2 +-
 data/web/templates/user_index.twig        |  4 +--
 4 files changed, 9 insertions(+), 31 deletions(-)

diff --git a/data/web/css/build/015-responsive.css b/data/web/css/build/015-responsive.css
index 57ce80233..82be71069 100644
--- a/data/web/css/build/015-responsive.css
+++ b/data/web/css/build/015-responsive.css
@@ -6,15 +6,9 @@
   max-width: 350px;
 }
 
-.card-login .apps .btn {
-  width: auto;
-  float: left;
-  margin-right: 10px;
-  margin-top: auto;
-}
-.card-login .apps .btn:hover {
-  margin-top: 1px !important;
-  border-bottom-width: 3px;
+.card .apps {
+  display: flex;
+  flex-wrap: wrap;
 }
 
 .responsive-tabs .nav-tabs {
@@ -43,16 +37,6 @@
       opacity: 1;
   }
 
-  .card-login .apps .btn {
-    width: 100%;
-    float: none;
-    margin-bottom: 10px;
-  }
-
-  .card-login .apps .btn {
-    border-bottom-width: 4px;
-  }
-
   .xs-show {
     display: block !important;
   }
@@ -113,9 +97,6 @@
   .btn-group.nowrap .dropdown-menu {
     width: 100%;
   }
-  .card-login .btn-group {
-    display: block;
-  }
   .mass-actions-user .btn-group {
     float: none;
   }
@@ -191,9 +172,6 @@
   .btn-group .btn i {
     margin-right: 5px;
   }
-  .card-login .btn-group .btn {
-    display: block !important;
-  }
 
   .dt-sm-head-hidden .dtr-title {
     display: none !important;
@@ -206,7 +184,7 @@
   .senders-mw220 {
     max-width: 100% !important;
   }
-  
+
   table.dataTable.dtr-inline.collapsed>tbody>tr>td.dtr-control:before,
   table.dataTable.dtr-inline.collapsed>tbody>tr>th.dtr-control:before,
   table.dataTable td.dt-control:before {
@@ -215,7 +193,7 @@
       line-height: 2rem;
       margin-top: -15px;
   }
-  
+
   li .dtr-data {
       padding: 0;
   }
diff --git a/data/web/templates/admin_index.twig b/data/web/templates/admin_index.twig
index 93a892842..6f223889e 100644
--- a/data/web/templates/admin_index.twig
+++ b/data/web/templates/admin_index.twig
@@ -63,7 +63,7 @@
         <div class="my-4" id="fido2-alerts"></div>
         {% if (mailcow_apps or app_links) and not hide_mailcow_apps %}
         <legend><i class="bi bi-link-45deg"></i> {{ ui_texts.apps_name|raw }}</legend><hr />
-        <div class="my-2 d-grid gap-2 d-sm-block apps">
+        <div class="my-2 apps">
           {% for app in mailcow_apps %}
             {% if not app.hide %}
               {% if not skip_sogo or not is_uri('SOGo', app.link) %}
diff --git a/data/web/templates/domainadmin_index.twig b/data/web/templates/domainadmin_index.twig
index 41a9f2597..003fdba1f 100644
--- a/data/web/templates/domainadmin_index.twig
+++ b/data/web/templates/domainadmin_index.twig
@@ -63,7 +63,7 @@
         <div class="my-4" id="fido2-alerts"></div>
         {% if (mailcow_apps or app_links) and not hide_mailcow_apps %}
         <legend><i class="bi bi-link-45deg"></i> {{ ui_texts.apps_name|raw }}</legend><hr />
-        <div class="my-2 d-grid gap-2 d-sm-block apps">
+        <div class="my-2 apps">
           {% for app in mailcow_apps %}
             {% if not app.hide %}
               {% if not skip_sogo or not is_uri('SOGo', app.link) %}
diff --git a/data/web/templates/user_index.twig b/data/web/templates/user_index.twig
index 950482c9a..ee54c0e93 100644
--- a/data/web/templates/user_index.twig
+++ b/data/web/templates/user_index.twig
@@ -65,10 +65,10 @@
         </div>
         <div class="hr-title mt-5"><strong>{{ lang.login.other_logins }}</strong></div>
         <div class="d-flex flex-column align-items-center">
-          <a class="btn btn-xs-lg btn-secondary w-100" style="max-width: 400px;" href="#" id="fido2-login"><i class="bi bi-shield-fill-check"></i> {{ lang.login.fido2_webauthn }}</a>
           {% if has_iam_sso %}
           <a class="btn btn-xs-lg btn-secondary w-100 mt-2" style="max-width: 400px;" href="/?iam_sso=1"><i class="bi bi-cloud-arrow-up-fill"></i> {{ lang.admin.iam_sso }}</a>
           {% endif %}
+          <a class="btn btn-xs-lg btn-secondary w-100 mt-2" style="max-width: 400px;" href="#" id="fido2-login"><i class="bi bi-shield-fill-check"></i> {{ lang.login.fido2_webauthn }}</a>
         </div>
         {% if login_delay %}
         <p><div class="my-4 alert alert-info">{{ lang.login.delayed|format(login_delay) }}</b></div></p>
@@ -76,7 +76,7 @@
         <div class="my-4" id="fido2-alerts"></div>
         {% if not oauth2_request and (mailcow_apps or app_links) and not hide_mailcow_apps %}
         <legend><i class="bi bi-link-45deg"></i> {{ ui_texts.apps_name|raw }}</legend><hr />
-        <div class="my-2 d-grid gap-2 d-sm-block apps">
+        <div class="my-2 apps">
           {% for app in mailcow_apps %}
             {% if not app.hide %}
               {% if not skip_sogo or not is_uri('SOGo', app.link) %}

From 6f9c8deab76a652f23d2db18df7c1b43019765c3 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 7 Mar 2025 09:56:20 +0100
Subject: [PATCH 500/755] [Web] Support old style app links

---
 data/web/inc/functions.customize.inc.php | 15 ++++++++-------
 data/web/inc/header.inc.php              | 12 ++++++++++--
 data/web/templates/base.twig             |  2 +-
 3 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/data/web/inc/functions.customize.inc.php b/data/web/inc/functions.customize.inc.php
index 5aef7d720..8c0feb69f 100644
--- a/data/web/inc/functions.customize.inc.php
+++ b/data/web/inc/functions.customize.inc.php
@@ -3,7 +3,7 @@ function customize($_action, $_item, $_data = null) {
 	global $redis;
 	global $lang;
   global $LOGO_LIMITS;
-  
+
   switch ($_action) {
     case 'add':
       // disable functionality when demo mode is enabled
@@ -267,12 +267,13 @@ function customize($_action, $_item, $_data = null) {
             return false;
           }
 
-          foreach($app_links as $key => $value){
-            foreach($value as $app => $details){
-              if (empty($details['user_link']) || empty($_SESSION['mailcow_cc_username'])){
-                $app_links[$key][$app]['user_link'] = $app_links[$key][$app]['link'];
-              } else {
-                $app_links[$key][$app]['user_link'] = str_replace('%u', $_SESSION['mailcow_cc_username'], $app_links[$key][$app]['user_link']);
+          // convert from old style
+          foreach($app_links as $i => $entry){
+            foreach($entry as $app => $link){
+              if (empty($link['link']) && empty($link['user_link'])){
+                $app_links[$i][$app] = array();
+                $app_links[$i][$app]['link'] = $link;
+                $app_links[$i][$app]['user_link'] = $link;
               }
             }
           }
diff --git a/data/web/inc/header.inc.php b/data/web/inc/header.inc.php
index b93787b02..9ab2ad174 100644
--- a/data/web/inc/header.inc.php
+++ b/data/web/inc/header.inc.php
@@ -39,7 +39,11 @@ for ($i = 0; $i < count($mailcow_apps_processed); $i++) {
     $hide_mailcow_apps = false;
   }
   if (!empty($_SESSION['mailcow_cc_username'])){
-    $mailcow_apps_processed[$i]['user_link'] = str_replace('%u', $_SESSION['mailcow_cc_username'], $mailcow_apps_processed[$i]['user_link']);
+    if ($app_links_processed[$i]['user_link']) {
+      $mailcow_apps_processed[$i]['user_link'] = str_replace('%u', $_SESSION['mailcow_cc_username'], $mailcow_apps_processed[$i]['user_link']);
+    } else {
+      $mailcow_apps_processed[$i]['user_link'] = $mailcow_apps_processed[$i]['link'];
+    }
   }
 }
 if ($app_links_processed){
@@ -49,7 +53,11 @@ if ($app_links_processed){
       $hide_mailcow_apps = false;
     }
     if (!empty($_SESSION['mailcow_cc_username'])){
-      $app_links_processed[$i][$key]['user_link'] = str_replace('%u', $_SESSION['mailcow_cc_username'], $app_links_processed[$i][$key]['user_link']);
+      if ($app_links_processed[$i][$key]['user_link']) {
+        $app_links_processed[$i][$key]['user_link'] = str_replace('%u', $_SESSION['mailcow_cc_username'], $app_links_processed[$i][$key]['user_link']);
+      } else {
+        $app_links_processed[$i][$key]['user_link'] = $app_links_processed[$i][$key]['link'];
+      }
     }
   }
 }
diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig
index 4d0a30251..0ef5f668e 100644
--- a/data/web/templates/base.twig
+++ b/data/web/templates/base.twig
@@ -118,7 +118,7 @@
               </li>
               {% endif %}
             {% endfor %}
-            {% for row in app_links %}
+            {% for row in app_links_processed %}
               {% for key, val in row %}
               <li><a href="{{ val.user_link }}" class="dropdown-item">{{ key }}</a></li>
               {% endfor %}

From bc21e7fe503dcb0271a4cefaa53f6591d7792637 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 7 Mar 2025 13:12:48 +0100
Subject: [PATCH 501/755] [Web] Separate FIDO2 logins

---
 data/web/inc/functions.inc.php            | 76 +++++++++++++++++++++++
 data/web/inc/triggers.admin.inc.php       |  8 +++
 data/web/inc/triggers.domainadmin.inc.php |  8 +++
 data/web/inc/triggers.user.inc.php        |  8 +++
 data/web/json_api.php                     | 75 ----------------------
 data/web/templates/base.twig              | 16 +++--
 6 files changed, 107 insertions(+), 84 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 8358f1bed..2a6968fe2 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1250,6 +1250,7 @@ function set_tfa($_data) {
 }
 function fido2($_data) {
   global $pdo;
+  global $WebAuthn;
   $_data_log = $_data;
   // Not logging registration data, only actions
   // Silent errors for "get" requests
@@ -1383,6 +1384,81 @@ function fido2($_data) {
         'msg' => array('object_modified', htmlspecialchars($username))
       );
     break;
+    case "verify":
+      $tokenData = json_decode($_data['token']);
+      $clientDataJSON = base64_decode($tokenData->clientDataJSON);
+      $authenticatorData = base64_decode($tokenData->authenticatorData);
+      $signature = base64_decode($tokenData->signature);
+      $id = base64_decode($tokenData->id);
+      $challenge = $_SESSION['challenge'];
+      $process_fido2 = fido2(array("action" => "get_by_b64cid", "cid" => $tokenData->id));
+      if ($process_fido2['pub_key'] === false) {
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array("fido2_login", $_data['user'], $process_fido2['username']),
+          'msg' => "login_failed"
+        );
+        return false;
+      }
+      try {
+        $WebAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $process_fido2['pub_key'], $challenge, null, $GLOBALS['FIDO2_UV_FLAG_LOGIN'], $GLOBALS['FIDO2_USER_PRESENT_FLAG']);
+      }
+      catch (Throwable $ex) {
+        unset($process_fido2);
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array("fido2_login", $_data['user'], $process_fido2['username'], $ex->getMessage()),
+          'msg' => "login_failed"
+        );
+        return false;
+      }
+      $return = new stdClass();
+      $return->success = true;
+      $stmt = $pdo->prepare("SELECT `superadmin` FROM `admin` WHERE `username` = :username");
+      $stmt->execute(array(':username' => $process_fido2['username']));
+      $obj_props = $stmt->fetch(PDO::FETCH_ASSOC);
+      if ($obj_props['superadmin'] === 1 && (!$_data['user'] || $_data['user'] == "admin")) {
+        $_SESSION["mailcow_cc_role"] = "admin";
+      }
+      elseif ($obj_props['superadmin'] === 0 && (!$_data['user'] || $_data['user'] == "domainadmin")) {
+        $_SESSION["mailcow_cc_role"] = "domainadmin";
+      }
+      elseif (!isset($obj_props['superadmin']) && (!$_data['user'] || $_data['user'] == "user")) {
+        $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `username` = :username");
+        $stmt->execute(array(':username' => $process_fido2['username']));
+        $row = $stmt->fetch(PDO::FETCH_ASSOC);
+        if ($row['username'] == $process_fido2['username']) {
+          $_SESSION["mailcow_cc_role"] = "user";
+        }
+      }
+      else {
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array("fido2_login", $_data['user'], $process_fido2['username']),
+          'msg' => 'login_failed'
+        );
+        return false;
+      }
+      if (empty($_SESSION["mailcow_cc_role"])) {
+        session_unset();
+        session_destroy();
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array("fido2_login", $_data['user'], $process_fido2['username']),
+          'msg' => 'login_failed'
+        );
+        return false;
+      }
+      $_SESSION["mailcow_cc_username"] = $process_fido2['username'];
+      $_SESSION["fido2_cid"] = $process_fido2['cid'];
+      unset($_SESSION["challenge"]);
+      $_SESSION['return'][] =  array(
+        'type' => 'success',
+        'log' => array("fido2_login", $_data['user'], $process_fido2['username']),
+        'msg' => array('logged_in_as', $process_fido2['username'])
+      );
+      return true;
+    break;
   }
 }
 function unset_tfa_key($_data) {
diff --git a/data/web/inc/triggers.admin.inc.php b/data/web/inc/triggers.admin.inc.php
index 5b1061f7e..883d9fd5c 100644
--- a/data/web/inc/triggers.admin.inc.php
+++ b/data/web/inc/triggers.admin.inc.php
@@ -18,6 +18,14 @@ if (isset($_POST["verify_tfa_login"])) {
   unset($_SESSION['pending_mailcow_cc_role']);
   unset($_SESSION['pending_tfa_methods']);
 }
+if (isset($_POST["verify_fido2_login"])) {
+  fido2(array(
+    "action" => "verify",
+    "token" => $_POST["token"],
+    "user" => "admin"
+  ));
+  exit;
+}
 
 if (isset($_GET["cancel_tfa_login"])) {
   unset($_SESSION['pending_pw_reset_token']);
diff --git a/data/web/inc/triggers.domainadmin.inc.php b/data/web/inc/triggers.domainadmin.inc.php
index 9ee53d67a..dd1c653bd 100644
--- a/data/web/inc/triggers.domainadmin.inc.php
+++ b/data/web/inc/triggers.domainadmin.inc.php
@@ -29,6 +29,14 @@ if (isset($_POST["verify_tfa_login"])) {
   unset($_SESSION['pending_mailcow_cc_role']);
   unset($_SESSION['pending_tfa_methods']);
 }
+if (isset($_POST["verify_fido2_login"])) {
+  fido2(array(
+    "action" => "verify",
+    "token" => $_POST["token"],
+    "user" => "domainadmin"
+  ));
+  exit;
+}
 
 if (isset($_GET["cancel_tfa_login"])) {
   unset($_SESSION['pending_pw_reset_token']);
diff --git a/data/web/inc/triggers.user.inc.php b/data/web/inc/triggers.user.inc.php
index c16edc10e..64282b075 100644
--- a/data/web/inc/triggers.user.inc.php
+++ b/data/web/inc/triggers.user.inc.php
@@ -83,6 +83,14 @@ if (isset($_POST["verify_tfa_login"])) {
   unset($_SESSION['pending_mailcow_cc_role']);
   unset($_SESSION['pending_tfa_methods']);
 }
+if (isset($_POST["verify_fido2_login"])) {
+  fido2(array(
+    "action" => "verify",
+    "token" => $_POST["token"],
+    "user" => "user"
+  ));
+  exit;
+}
 
 if (isset($_GET["cancel_tfa_login"])) {
   unset($_SESSION['pending_pw_reset_token']);
diff --git a/data/web/json_api.php b/data/web/json_api.php
index 14e7c47d3..f2a222b85 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -334,81 +334,6 @@ if (isset($_GET['query'])) {
           exit();
       }
     break;
-    case "process":
-      // only allow POST requests to process API endpoints
-      if ($_SERVER['REQUEST_METHOD'] != 'POST') {
-        http_response_code(405);
-        echo json_encode(array(
-            'type' => 'error',
-            'msg' => 'only POST method is allowed'
-        ));
-        exit();
-      }
-      switch ($category) {
-        case "fido2-args":
-          header('Content-Type: application/json');
-          $post = trim(file_get_contents('php://input'));
-          if ($post) {
-            $post = json_decode($post);
-          }
-          $clientDataJSON = base64_decode($post->clientDataJSON);
-          $authenticatorData = base64_decode($post->authenticatorData);
-          $signature = base64_decode($post->signature);
-          $id = base64_decode($post->id);
-          $challenge = $_SESSION['challenge'];
-          $process_fido2 = fido2(array("action" => "get_by_b64cid", "cid" => $post->id));
-          if ($process_fido2['pub_key'] === false) {
-            $return = new stdClass();
-            $return->success = false;
-            echo json_encode($return);
-            exit;
-          }
-          try {
-            $WebAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $process_fido2['pub_key'], $challenge, null, $GLOBALS['FIDO2_UV_FLAG_LOGIN'], $GLOBALS['FIDO2_USER_PRESENT_FLAG']);
-          }
-          catch (Throwable $ex) {
-            unset($process_fido2);
-            $return = new stdClass();
-            $return->success = false;
-            echo json_encode($return);
-            exit;
-          }
-          $return = new stdClass();
-          $return->success = true;
-          $stmt = $pdo->prepare("SELECT `superadmin` FROM `admin` WHERE `username` = :username");
-          $stmt->execute(array(':username' => $process_fido2['username']));
-          $obj_props = $stmt->fetch(PDO::FETCH_ASSOC);
-          if ($obj_props['superadmin'] === 1) {
-            $_SESSION["mailcow_cc_role"] = "admin";
-          }
-          elseif ($obj_props['superadmin'] === 0) {
-            $_SESSION["mailcow_cc_role"] = "domainadmin";
-          }
-          else {
-            $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `username` = :username");
-            $stmt->execute(array(':username' => $process_fido2['username']));
-            $row = $stmt->fetch(PDO::FETCH_ASSOC);
-            if ($row['username'] == $process_fido2['username']) {
-              $_SESSION["mailcow_cc_role"] = "user";
-            }
-          }
-          if (empty($_SESSION["mailcow_cc_role"])) {
-            session_unset();
-            session_destroy();
-            exit;
-          }
-          $_SESSION["mailcow_cc_username"] = $process_fido2['username'];
-          $_SESSION["fido2_cid"] = $process_fido2['cid'];
-          unset($_SESSION["challenge"]);
-          $_SESSION['return'][] =  array(
-            'type' => 'success',
-            'log' => array("fido2_login"),
-            'msg' => array('logged_in_as', $process_fido2['username'])
-          );
-          echo json_encode($return);
-        break;
-      }
-    break;
     case "get":
       function process_get_return($data, $object = true) {
         if ($object === true) {
diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig
index 0ef5f668e..8ec8e4159 100644
--- a/data/web/templates/base.twig
+++ b/data/web/templates/base.twig
@@ -391,16 +391,14 @@ function recursiveBase64StrToArrayBuffer(obj) {
         signature : cred.response.signature ? arrayBufferToBase64(cred.response.signature) : null
       };
     }).then(JSON.stringify).then(function(AuthenticatorAttestationResponse) {
-      return window.fetch("/api/v1/process/fido2-args", {method:'POST', body: AuthenticatorAttestationResponse, cache:'no-cache'});
+      var formData = new FormData();
+      formData.append("token", AuthenticatorAttestationResponse);
+      formData.append("verify_fido2_login", "true");
+
+      return window.fetch(window.location.href, {method:'POST', body: formData, cache:'no-cache'});
     }).then(function(response) {
-      return response.json();
-    }).then(function(json) {
-      if (json.success) {
-        window.location = window.location.href.split("#")[0];
-  } else {
-    throw new Error();
-  }
-  }).catch(function(err) {
+      window.location = window.location.href.split("#")[0];
+    }).catch(function(err) {
     if (typeof err.message === 'undefined') {
       mailcow_alert_box(lang_fido2.fido2_validation_failed, "danger");
     } else {

From 82eb3c64cd6c1eea94f450b22bf0de3e29f7eaa1 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 7 Mar 2025 13:15:27 +0100
Subject: [PATCH 502/755] [Web] Use SQL password only when authsource is
 mailcow

---
 data/web/inc/functions.auth.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 62329e305..8e695c359 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -277,7 +277,7 @@ function user_login($user, $pass, $extra = null){
       }
       return $result;
     break;
-    default:
+    case 'mailcow':
       // verify password
       if (verify_hash($row['password'], $pass) !== false) {
         // check for tfa authenticators

From 25d34b5acfcd881e1ffd41b20dcc73f42b4618ef Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 7 Mar 2025 14:52:08 +0100
Subject: [PATCH 503/755] [Web] Remove default ui help text

---
 data/web/lang/lang.ca-es.json      |  4 +---
 data/web/lang/lang.cs-cz.json      |  4 +---
 data/web/lang/lang.da-dk.json      |  4 +---
 data/web/lang/lang.de-de.json      |  4 +---
 data/web/lang/lang.en-gb.json      |  4 +---
 data/web/lang/lang.es-es.json      |  4 +---
 data/web/lang/lang.fi-fi.json      |  4 +---
 data/web/lang/lang.fr-fr.json      |  4 +---
 data/web/lang/lang.hu-hu.json      |  4 +---
 data/web/lang/lang.it-it.json      |  4 +---
 data/web/lang/lang.ja-jp.json      |  4 +---
 data/web/lang/lang.ko-kr.json      |  4 +---
 data/web/lang/lang.lv-lv.json      |  4 +---
 data/web/lang/lang.nl-nl.json      |  4 +---
 data/web/lang/lang.pl-pl.json      |  4 +---
 data/web/lang/lang.pt-br.json      |  4 +---
 data/web/lang/lang.pt-pt.json      |  4 +---
 data/web/lang/lang.ro-ro.json      |  4 +---
 data/web/lang/lang.ru-ru.json      |  4 +---
 data/web/lang/lang.sk-sk.json      |  4 +---
 data/web/lang/lang.sv-se.json      |  4 +---
 data/web/lang/lang.tr-tr.json      |  2 --
 data/web/lang/lang.uk-ua.json      |  4 +---
 data/web/lang/lang.zh-cn.json      |  4 +---
 data/web/lang/lang.zh-tw.json      |  4 +---
 data/web/templates/user_index.twig | 11 ++---------
 26 files changed, 26 insertions(+), 83 deletions(-)

diff --git a/data/web/lang/lang.ca-es.json b/data/web/lang/lang.ca-es.json
index 43079339d..af7cbd5fb 100644
--- a/data/web/lang/lang.ca-es.json
+++ b/data/web/lang/lang.ca-es.json
@@ -414,9 +414,7 @@
         "queue_manager": "Queue Manager"
     },
     "start": {
-        "help": "Mostrar/Ocultar panell d'ajuda",
-        "mailcow_apps_detail": "Tria una aplicació (de moment només SOGo) per a accedir als teus correus, calendari, contactes i més.",
-        "mailcow_panel_detail": "Els <b>administradors del domini</b> poden crear, modificar o esborrar bústies i àlies, configurar i obtenir informació detallada sobre els seus dominis<br>\r\n\tEls <b>usuaris d'e-mail</b> poden crear àlies temporals (spam àlies), canviar la seva contrasenya i la configuració del seu filtre anti-spam."
+        "help": "Mostrar/Ocultar panell d'ajuda"
     },
     "success": {
         "admin_modified": "Els canvis fets a l'administrador s'han desat",
diff --git a/data/web/lang/lang.cs-cz.json b/data/web/lang/lang.cs-cz.json
index c087c84fb..67eb52baa 100644
--- a/data/web/lang/lang.cs-cz.json
+++ b/data/web/lang/lang.cs-cz.json
@@ -1016,9 +1016,7 @@
     },
     "start": {
         "help": "Zobrazit/skrýt panel nápovědy",
-        "imap_smtp_server_auth_info": "Použijte celou e-mailovou adresu a zvolte způsob ověření PLAIN.<br>\r\nPřihlašovací údaje budou zašifrovány na straně serveru.",
-        "mailcow_apps_detail": "Použijte aplikace pro přístup k e-mailům, kalendáři, kontaktům atd.",
-        "mailcow_panel_detail": "<b>Správci domén</b> mohou vytvářet, upravovat nebo mazat schránky a aliasy, upravovat parametry domén a zobrazovat další informace o svých přidělených doménách.<br>\r\n<b>Uživatelé</b> mohou vytvářet dočasné aliasy (spam aliases), měnit svá hesla a nastavovat filtr spamu."
+        "imap_smtp_server_auth_info": "Použijte celou e-mailovou adresu a zvolte způsob ověření PLAIN.<br>\r\nPřihlašovací údaje budou zašifrovány na straně serveru."
     },
     "success": {
         "acl_saved": "ACL pro objekt %s uloženo",
diff --git a/data/web/lang/lang.da-dk.json b/data/web/lang/lang.da-dk.json
index 69dacffc9..f71fcfec2 100644
--- a/data/web/lang/lang.da-dk.json
+++ b/data/web/lang/lang.da-dk.json
@@ -822,9 +822,7 @@
     },
     "start": {
         "help": "Vis / skjul hjælpepanel",
-        "imap_smtp_server_auth_info": "Brug din fulde e-mail-adresse og PLAIN-godkendelsesmekanismen.<br>\r\nDine login-data bliver krypteret af den obligatoriske kryptering på serversiden.",
-        "mailcow_apps_detail": "Brug en mailcow-app til at få adgang til dine mails, kalender, kontakter og mere.",
-        "mailcow_panel_detail": "<b>Domæneadministratorer</b> oprette, ændre eller slette postkasser og aliasser, ændre domæner og læse yderligere information om deres tildelte domæner.<br>\r\n<b>Mailbox-brugere</b>er i stand til at oprette tidsbegrænsede aliaser (spamaliaser), ændre deres adgangskode og spamfilterindstillinger."
+        "imap_smtp_server_auth_info": "Brug din fulde e-mail-adresse og PLAIN-godkendelsesmekanismen.<br>\r\nDine login-data bliver krypteret af den obligatoriske kryptering på serversiden."
     },
     "success": {
         "acl_saved": "ACL til objekt %s gemt",
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index b8c7c3ac2..85a713c67 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -1067,9 +1067,7 @@
     },
     "start": {
         "help": "Hilfe ein-/ausblenden",
-        "imap_smtp_server_auth_info": "Bitte verwenden Sie Ihre vollständige E-Mail-Adresse sowie das PLAIN-Authentifizierungsverfahren.<br>\r\nIhre Anmeldedaten werden durch die obligatorische Verschlüsselung entgegen des Begriffes \"PLAIN\" nicht unverschlüsselt übertragen.",
-        "mailcow_apps_detail": "Verwenden Sie mailcow-Apps, um E-Mails abzurufen, Kalender und Kontakte zu verwalten und vieles mehr.",
-        "mailcow_panel_detail": "<b>Domain-Administratoren</b> erstellen, verändern oder löschen Mailboxen, verwalten die Domäne und sehen sonstige Einstellungen ein.<br>\r\n\tAls <b>Mailbox-Benutzer</b> erstellen Sie hier zeitlich limitierte Aliasse, ändern das Verhalten des Spamfilters, setzen ein neues Passwort und vieles mehr."
+        "imap_smtp_server_auth_info": "Bitte verwenden Sie Ihre vollständige E-Mail-Adresse sowie das PLAIN-Authentifizierungsverfahren.<br>\r\nIhre Anmeldedaten werden durch die obligatorische Verschlüsselung entgegen des Begriffes \"PLAIN\" nicht unverschlüsselt übertragen."
     },
     "success": {
         "acl_saved": "ACL für Objekt %s wurde gesetzt",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 7d87b4358..5f8e78a9b 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -1079,9 +1079,7 @@
     },
     "start": {
         "help": "Show/Hide help panel",
-        "imap_smtp_server_auth_info": "Please use your full email address and the PLAIN authentication mechanism.<br>\r\nYour login data will be encrypted by the server-side mandatory encryption.",
-        "mailcow_apps_detail": "Use a mailcow app to access your mails, calendar, contacts and more.",
-        "mailcow_panel_detail": "<b>Domain administrators</b> create, modify or delete mailboxes and aliases, change domains and read further information about their assigned domains.<br>\r\n<b>Mailbox users</b> are able to create time-limited aliases (spam aliases), change their password and spam filter settings."
+        "imap_smtp_server_auth_info": "Please use your full email address and the PLAIN authentication mechanism.<br>\r\nYour login data will be encrypted by the server-side mandatory encryption."
     },
     "success": {
         "acl_saved": "ACL for object %s saved",
diff --git a/data/web/lang/lang.es-es.json b/data/web/lang/lang.es-es.json
index 0bb1312b1..814142cc6 100644
--- a/data/web/lang/lang.es-es.json
+++ b/data/web/lang/lang.es-es.json
@@ -621,9 +621,7 @@
     },
     "start": {
         "help": "Mostrar/Ocultar panel de ayuda",
-        "imap_smtp_server_auth_info": "Por favor utiliza tu dirección de correo completa y el mecanismo de autenticación PLAIN.<br>\r\nTus datos para iniciar sesión serán cifrados por el cifrado obligatorio del servidor",
-        "mailcow_apps_detail": "Utiliza una aplicación de mailcow para acceder a tus correos, calendario, contactos y más.",
-        "mailcow_panel_detail": "<b>Administradores por dominio</b> pueden crear, modificar o eliminar buzones y alias, modificar los dominios asignados y ver información más detallada sobre los dominios asignados<br>\r\n\t<b>Usuarios de buzón</b> son capaces de crear alias de tiempo limitado (spam alias), cambiar su contraseña y la configuración del filtro de spam del buzón."
+        "imap_smtp_server_auth_info": "Por favor utiliza tu dirección de correo completa y el mecanismo de autenticación PLAIN.<br>\r\nTus datos para iniciar sesión serán cifrados por el cifrado obligatorio del servidor"
     },
     "success": {
         "acl_saved": "ACL para el objeto %s guardado",
diff --git a/data/web/lang/lang.fi-fi.json b/data/web/lang/lang.fi-fi.json
index 9cb71cf38..5dd6a9b2d 100644
--- a/data/web/lang/lang.fi-fi.json
+++ b/data/web/lang/lang.fi-fi.json
@@ -691,9 +691,7 @@
     },
     "start": {
         "help": "Näytä/Piilota help paneeli",
-        "imap_smtp_server_auth_info": "Käytä täydellistä sähkö posti osoitetta ja tavallista todennus mekanismia.<br>\r\nPalvelin puolen pakollinen salaus salaa kirjautumistietosi.",
-        "mailcow_apps_detail": "Käytä mailcow-sovellusta, kun haluat käyttää sähköposteja, kalenteria, yhteys tietoja ja paljon muuta",
-        "mailcow_panel_detail": "<b>Verkkotunnus alueen järjestelmänvalvojat</b> Luo, muokkaa tai poistaa posti laatikoita ja aliaksia, muita verkko tunnuksia ja lue lisä tietoja niiden määritetyista verkko tunnuksista.<br>\r\n<b>Posti laatikon käyttäjät</b> pystyvät luomaan rajoitetun ajan aliaksia (roska posti asetuksia), muuttamaan salasanaa ja roska posti suodattimen asetuksia."
+        "imap_smtp_server_auth_info": "Käytä täydellistä sähkö posti osoitetta ja tavallista todennus mekanismia.<br>\r\nPalvelin puolen pakollinen salaus salaa kirjautumistietosi."
     },
     "success": {
         "acl_saved": "Objektin ACL %s tallenettu",
diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index e79abc3f7..e9bff05d5 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -987,9 +987,7 @@
     },
     "start": {
         "help": "Afficher/masquer le panneau d’aide",
-        "imap_smtp_server_auth_info": "Veuillez utiliser votre adresse courriel complète et le mécanisme d’authentification PLAIN.<br>\nVos données de connexion seront cryptées par le cryptage obligatoire côté serveur.",
-        "mailcow_apps_detail": "Utiliser une application mailcow pour accéder à vos messages, vos calendriers, vos contacts et plus.",
-        "mailcow_panel_detail": "<b>Les administrateurs de domaines</b> peuvent créer, modifier, ou supprimer des boîtes de réception et alias, changer de domaines et lire de plus amples renseignements sur les domaines qui leur sont attribués.<br>\n<b>Les utilisateurs de boîtes de réception</b> sont en mesure de créer des alias limités dans le temps (alias spam), de modifier leurs mots de passe et les paramètres du filtre anti-spam."
+        "imap_smtp_server_auth_info": "Veuillez utiliser votre adresse courriel complète et le mécanisme d’authentification PLAIN.<br>\nVos données de connexion seront cryptées par le cryptage obligatoire côté serveur."
     },
     "success": {
         "acl_saved": "ACL (Access Control List) pour l'objet %s enregistré",
diff --git a/data/web/lang/lang.hu-hu.json b/data/web/lang/lang.hu-hu.json
index 5737794fd..97f575a69 100644
--- a/data/web/lang/lang.hu-hu.json
+++ b/data/web/lang/lang.hu-hu.json
@@ -331,9 +331,7 @@
     },
     "start": {
         "help": "Súgó panel megjelenítése/elrejtése",
-        "imap_smtp_server_auth_info": "Kérjük használja a teljes email címét és a PLAIN hitelesítési mechanizmust.<br>\r\nAdatai el lesznek kódolva szerver-oldali kötelező titkosítással.",
-        "mailcow_apps_detail": "Használja a webmail appokat levelei, naptára és címjegyzéke eléréséhez.",
-        "mailcow_panel_detail": "<b>Domain adminisztrátorok</b> létre tudnak hozni, tudnak módosítani vagy törölni postafiókokat és aliasokat, módosíthatnak domaineket és hozzáférnek további információhoz a domainükről.<br>\r\n<b>Postafiók-felhasználók</b> létre tudnak hozni időkorlátos alias-okat (spam alias-okat), le tudják cserélni jelszavakat, valamint spam szűrőket állíthatnak be."
+        "imap_smtp_server_auth_info": "Kérjük használja a teljes email címét és a PLAIN hitelesítési mechanizmust.<br>\r\nAdatai el lesznek kódolva szerver-oldali kötelező titkosítással."
     },
     "success": {
         "admin_added": "Adminisztrátor %s hozzáadva",
diff --git a/data/web/lang/lang.it-it.json b/data/web/lang/lang.it-it.json
index ade6bc980..fdfa78161 100644
--- a/data/web/lang/lang.it-it.json
+++ b/data/web/lang/lang.it-it.json
@@ -974,9 +974,7 @@
     },
     "start": {
         "help": "Mostra/Nascondi pannello di aiuto",
-        "imap_smtp_server_auth_info": "Please use your full email address and the PLAIN authentication mechanism.<br />\r\nYour login data will be encrypted by the server-side mandatory encryption.",
-        "mailcow_apps_detail": "Usa l'app mailcow per accedere alla posta, calendari, contatti ed altro.",
-        "mailcow_panel_detail": "<b>Amministratori di dominio</b> crea, modifica od elimina caselle ed alias, cambia i domini e informazioni relative ai domini associati.<br />\r\n\t<b>Utenti di caselle</b> possono creare degli alias temporanei (spam aliases), cambiare la loro password e le impostazioni relative ai filtri spam."
+        "imap_smtp_server_auth_info": "Please use your full email address and the PLAIN authentication mechanism.<br />\r\nYour login data will be encrypted by the server-side mandatory encryption."
     },
     "success": {
         "acl_saved": "ACL for object %s saved",
diff --git a/data/web/lang/lang.ja-jp.json b/data/web/lang/lang.ja-jp.json
index 683cae373..ffd0a5bd3 100644
--- a/data/web/lang/lang.ja-jp.json
+++ b/data/web/lang/lang.ja-jp.json
@@ -1035,9 +1035,7 @@
     },
     "start": {
         "help": "ヘルプパネルを表示/非表示",
-        "imap_smtp_server_auth_info": "メールアドレス全体を使用し、PLAIN認証メカニズムを使用してください。<br>\r\nログインデータはサーバー側の強制暗号化により保護されます。",
-        "mailcow_apps_detail": "mailcowアプリを使用して、メール、カレンダー、連絡先などにアクセスできます。",
-        "mailcow_panel_detail": "<b>ドメイン管理者</b>は、メールボックスやエイリアスを作成、変更、削除したり、ドメインを変更したり、割り当てられたドメインに関する情報を確認できます。<br>\r\n<b>メールボックスユーザー</b>は、期間限定のエイリアス（スパムエイリアス）を作成したり、パスワードやスパムフィルターの設定を変更したりできます。"
+        "imap_smtp_server_auth_info": "メールアドレス全体を使用し、PLAIN認証メカニズムを使用してください。<br>\r\nログインデータはサーバー側の強制暗号化により保護されます。"
     },
     "success": {
         "acl_saved": "オブジェクト %s のACLを保存しました",
diff --git a/data/web/lang/lang.ko-kr.json b/data/web/lang/lang.ko-kr.json
index 27b028cd4..33afe448c 100644
--- a/data/web/lang/lang.ko-kr.json
+++ b/data/web/lang/lang.ko-kr.json
@@ -778,9 +778,7 @@
     },
     "start": {
         "help": "Show/Hide help panel",
-        "imap_smtp_server_auth_info": "Please use your full email address and the PLAIN authentication mechanism.<br>\r\nYour login data will be encrypted by the server-side mandatory encryption.",
-        "mailcow_apps_detail": "Use a mailcow app to access your mails, calendar, contacts and more.",
-        "mailcow_panel_detail": "<b>Domain administrators</b> create, modify or delete mailboxes and aliases, change domains and read further information about their assigned domains.<br>\r\n<b>Mailbox users</b> are able to create time-limited aliases (spam aliases), change their password and spam filter settings."
+        "imap_smtp_server_auth_info": "Please use your full email address and the PLAIN authentication mechanism.<br>\r\nYour login data will be encrypted by the server-side mandatory encryption."
     },
     "success": {
         "acl_saved": "ACL for object %s saved",
diff --git a/data/web/lang/lang.lv-lv.json b/data/web/lang/lang.lv-lv.json
index 6a3e179de..545bbe475 100644
--- a/data/web/lang/lang.lv-lv.json
+++ b/data/web/lang/lang.lv-lv.json
@@ -467,9 +467,7 @@
     },
     "start": {
         "help": "Rādīt/Paslēpt palīdzības paneli",
-        "imap_smtp_server_auth_info": "Lūgums izmantot pilnu e-pasta adresi un PLAIN autentificēšanās mehānismu.<br>\nPieteikšanās dati tiks šifrēti ar servera puses obligātu šifrēšanu.",
-        "mailcow_apps_detail": "Izmantojiet lietotni mailcow, lai piekļūtu savam pastam, kalendāram, kontaktiem un citām lietām.",
-        "mailcow_panel_detail": "<b>Domēna pārvaldītāji</b> izveido, maina vai izdzēš pastkastes un aizstājvārdus, maina domēnus un lasa papildu informāciju par piešķirtajiem domēniem.<br>\n<b>Pastkastes lietotāji</b> var izveidot laikā ierobežotus aizstājvārdus (surogātpasta aizstājvārdus), mainīt savu paroli un surogātpasta atlasīšanas iestatījumus."
+        "imap_smtp_server_auth_info": "Lūgums izmantot pilnu e-pasta adresi un PLAIN autentificēšanās mehānismu.<br>\nPieteikšanās dati tiks šifrēti ar servera puses obligātu šifrēšanu."
     },
     "success": {
         "admin_modified": "Izmaiņas administrātoram ir saglabātas",
diff --git a/data/web/lang/lang.nl-nl.json b/data/web/lang/lang.nl-nl.json
index 907a46d60..71ec97209 100644
--- a/data/web/lang/lang.nl-nl.json
+++ b/data/web/lang/lang.nl-nl.json
@@ -878,9 +878,7 @@
     },
     "start": {
         "help": "Toon/verberg hulppaneel",
-        "imap_smtp_server_auth_info": "Gebruik je volledige mailadres en het bijbehorende (onversleutelde) verificatiemechanisme.<br>De aanmeldgegevens worden versleuteld verzonden.",
-        "mailcow_apps_detail": "Gebruik een Mailcow-app om je mails, agenda, contacten en meer te bekijken.",
-        "mailcow_panel_detail": "<b>Domeinadministrators</b> kunnen mailboxen en aliassen aanmaken, wijzigen en verwijderen. Ook kunnen ze domeinen weergeven en aanpassen.<br><b>Gebruikers</b> kunnen tijdelijke aliassen aanmaken, hun wachtwoord aanpassen en de spamfilterinstellingen wijzigen."
+        "imap_smtp_server_auth_info": "Gebruik je volledige mailadres en het bijbehorende (onversleutelde) verificatiemechanisme.<br>De aanmeldgegevens worden versleuteld verzonden."
     },
     "success": {
         "acl_saved": "Toegangscontrole voor object %s is opgeslagen",
diff --git a/data/web/lang/lang.pl-pl.json b/data/web/lang/lang.pl-pl.json
index cba7372a0..521c17779 100644
--- a/data/web/lang/lang.pl-pl.json
+++ b/data/web/lang/lang.pl-pl.json
@@ -290,9 +290,7 @@
     },
     "start": {
         "help": "Pokaż/Ukryj panel pomocy",
-        "imap_smtp_server_auth_info": "Proszę korzystać z pełnego adresu email i mechanizmu uwierzytelniania PLAIN.<br>\r\nTwoje dane logowania zostaną zaszyfrowane przez obowiązkowe szyfrowanie po stronie serwera.",
-        "mailcow_apps_detail": "Użyj aplikacji mailcow, aby mieć dostęp do wiadomości, kalendarza, kontaktów i innych.",
-        "mailcow_panel_detail": "<b>Administratorzy domeny</b> tworzą, modyfikują lub usuwają skrzynki i aliasy, zmieniają domeny i czytają dalsze informacje o przypisanych im domenach.<br>\r\n\t<b>Użytkownicy skrzynek</b> mogą tworzyć ograniczone czasowo aliasy (aliasy spam), zmieniać swoje hasła i ustawienia filtru spam."
+        "imap_smtp_server_auth_info": "Proszę korzystać z pełnego adresu email i mechanizmu uwierzytelniania PLAIN.<br>\r\nTwoje dane logowania zostaną zaszyfrowane przez obowiązkowe szyfrowanie po stronie serwera."
     },
     "success": {
         "admin_modified": "Zapisano zmiany w administratorze",
diff --git a/data/web/lang/lang.pt-br.json b/data/web/lang/lang.pt-br.json
index a0448c188..57e79ede8 100644
--- a/data/web/lang/lang.pt-br.json
+++ b/data/web/lang/lang.pt-br.json
@@ -1030,9 +1030,7 @@
     },
     "start": {
         "help": "Mostrar/ocultar painel de ajuda",
-        "imap_smtp_server_auth_info": "Use seu endereço de e-mail completo e o mecanismo de autenticação PLAIN. <br>\r\nSeus dados de login serão criptografados pela criptografia obrigatória do lado do servidor.",
-        "mailcow_apps_detail": "Use um aplicativo mailcow para acessar seus e-mails, calendário, contatos e muito mais.",
-        "mailcow_panel_detail": "<b>Os administradores de domínio</b> criam, modificam ou excluem mailboxes e aliases, alteram domínios e leem mais informações sobre seus domínios atribuídos. <br>\n<b>Os usuários de mailbox </b> podem criar aliases com limite de tempo (aliases de spam), alterar suas configurações de senha e filtro de spam."
+        "imap_smtp_server_auth_info": "Use seu endereço de e-mail completo e o mecanismo de autenticação PLAIN. <br>\r\nSeus dados de login serão criptografados pela criptografia obrigatória do lado do servidor."
     },
     "success": {
         "acl_saved": "ACL para o objeto %s salvo",
diff --git a/data/web/lang/lang.pt-pt.json b/data/web/lang/lang.pt-pt.json
index 2279c2cec..baa90f797 100644
--- a/data/web/lang/lang.pt-pt.json
+++ b/data/web/lang/lang.pt-pt.json
@@ -197,9 +197,7 @@
     },
     "start": {
         "help": "Mostrar/Ocultar painel de ajuda",
-        "imap_smtp_server_auth_info": "Utilize o endereço de email completo com o método de autentucação PLAIN.<br>\r\nOs dados de login serão encryptados pelo servidor.",
-        "mailcow_apps_detail": "Use um mailcow app para acessar seus emails, calendário, contatos e outras informações.",
-        "mailcow_panel_detail": "<b>Administradores:</b> podem criar, alterar ou apagar contas e apelidos , alterar domínios e outras informações de seus domínios atribuídos.<br>\r\n\t<b>utilizadors:</b> podem criar apelidos por tempo determinado , alterar senha e configuração do nível do filtro de spam."
+        "imap_smtp_server_auth_info": "Utilize o endereço de email completo com o método de autentucação PLAIN.<br>\r\nOs dados de login serão encryptados pelo servidor."
     },
     "success": {
         "admin_modified": "Administrador alterado com sucesso",
diff --git a/data/web/lang/lang.ro-ro.json b/data/web/lang/lang.ro-ro.json
index 6a552a1b1..8b002fdf5 100644
--- a/data/web/lang/lang.ro-ro.json
+++ b/data/web/lang/lang.ro-ro.json
@@ -921,9 +921,7 @@
     },
     "start": {
         "help": "Afișează/Ascunde panoul de ajutor",
-        "imap_smtp_server_auth_info": "Utilizează adresa completă de email și mecanismul de autentificare SIMPLU.<br>\nDatele tale de conectare vor fi criptate prin criptarea obligatorie de la server.",
-        "mailcow_apps_detail": "Utilizează o aplicație mailcow pentru a accesa mailurile, agenda, contactele și altele.",
-        "mailcow_panel_detail": "<b>Administratorii de domeniu</b> creează, modifică sau șterg căsuțe poștale și aliasuri, modifică domenii și citesc informații suplimentare despre domeniile lor atribuite.<br>\n<b>Utilizatorii cu cutii poștale</b> pot să creeze aliasuri limitate în timp (aliasuri spam), să își schimbe parola și setările pentru filtrul de spam."
+        "imap_smtp_server_auth_info": "Utilizează adresa completă de email și mecanismul de autentificare SIMPLU.<br>\nDatele tale de conectare vor fi criptate prin criptarea obligatorie de la server."
     },
     "success": {
         "acl_saved": "ACL pentru obiectul %s a fost salvat",
diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index c3a17f432..e9d856924 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -1035,9 +1035,7 @@
     },
     "start": {
         "help": "Справка",
-        "imap_smtp_server_auth_info": "Пожалуйста, используйте свой полный адрес электронной почты в формате <code>user@example.com</code> и PLAIN механизм авторизации.<br>\r\nВаши данные авторизации будут зашифрованы на уровне шифрования канала подключения к серверу, поэтому убедитесь, что вы используете надежное TLS подключение.",
-        "mailcow_apps_detail": "Используйте приложения для доступа к вашей почте, календарю, контактам, и прочим функциям.",
-        "mailcow_panel_detail": "<b>Администраторы домена</b> могут создавать, изменять или удалять почтовые ящики и псевдонимы, измененять домены и смотреть информацию о своих назначенных доменах. <br><b>Пользователи почтовых ящиков</b> имеют возможность создавать временные псевдонимы (спам псевдонимы), менять свой пароль и настройки фильтра спама."
+        "imap_smtp_server_auth_info": "Пожалуйста, используйте свой полный адрес электронной почты в формате <code>user@example.com</code> и PLAIN механизм авторизации.<br>\r\nВаши данные авторизации будут зашифрованы на уровне шифрования канала подключения к серверу, поэтому убедитесь, что вы используете надежное TLS подключение."
     },
     "success": {
         "acl_saved": "ACL для %s сохранено",
diff --git a/data/web/lang/lang.sk-sk.json b/data/web/lang/lang.sk-sk.json
index f84d83eae..cf480cc70 100644
--- a/data/web/lang/lang.sk-sk.json
+++ b/data/web/lang/lang.sk-sk.json
@@ -968,9 +968,7 @@
     },
     "start": {
         "help": "Zobraziť/Skryť panel nápoveď",
-        "imap_smtp_server_auth_info": "Prosím použite celú vašu emailovú adresu a metódu overenia PLAIN.<br>\r\n Vaše prihlasovacie údaje budú zašifrované na strane servera.",
-        "mailcow_apps_detail": "Použite mailcow aplikácie pre prístup k vašej mailovej schránke, kalendáru, kontaktom a viac.",
-        "mailcow_panel_detail": "<b>Administrátori domény</b> môžu vytvárať, modifikovať alebo mazať schránky a aliasy, meniť domény a zobraziť informácie o priradených doménach.<br>\r\n<b>Bežný používatelia</b> majú možnosť vytvoriť časovo obmedzené aliasy (spam aliasy), meniť heslá a nastavenia spam filtra."
+        "imap_smtp_server_auth_info": "Prosím použite celú vašu emailovú adresu a metódu overenia PLAIN.<br>\r\n Vaše prihlasovacie údaje budú zašifrované na strane servera."
     },
     "success": {
         "acl_saved": "ACL pre objekt %s uložený",
diff --git a/data/web/lang/lang.sv-se.json b/data/web/lang/lang.sv-se.json
index c889a57cb..56618938a 100644
--- a/data/web/lang/lang.sv-se.json
+++ b/data/web/lang/lang.sv-se.json
@@ -841,9 +841,7 @@
     },
     "start": {
         "help": "Visa/dölj hjälppanel",
-        "imap_smtp_server_auth_info": "Använd din fullständiga e-postadress och PLAIN-autentiseringsmekanism.<br>\r\nInloggningsuppgifterna överförs krypterat eftersom obligatorisk kryptering sker till servern.",
-        "mailcow_apps_detail": "Använd Mailcow-applikationen för att läsa e-postmeddelanden, kalender, kontakter och mer.",
-        "mailcow_panel_detail": "<b>Domänadministratörer</b> skapar, ändrar eller kan ta bort postlådor eller aliasadresser. Dom administrerar och felsöker sina tilldelade domäner.<br>\r\n<b>Användare av påstlådor</b> kan skapa tidsbegränsade aliasadresser (skräppostalias), ändra sitt lösenord och hantera spamfilterinställningar."
+        "imap_smtp_server_auth_info": "Använd din fullständiga e-postadress och PLAIN-autentiseringsmekanism.<br>\r\nInloggningsuppgifterna överförs krypterat eftersom obligatorisk kryptering sker till servern."
     },
     "success": {
         "acl_saved": "Åtkomstlistan för objektet %s har sparats",
diff --git a/data/web/lang/lang.tr-tr.json b/data/web/lang/lang.tr-tr.json
index 22dd902f1..73513e3c0 100644
--- a/data/web/lang/lang.tr-tr.json
+++ b/data/web/lang/lang.tr-tr.json
@@ -1062,9 +1062,7 @@
         "tfa": "Çift faktörlü doğrulama"
     },
     "start": {
-        "mailcow_panel_detail": "<b>Etki alanı yöneticileri</b> posta kutuları ve takma adlar oluşturur, değiştirir veya siler, alan adlarını değiştirir ve atanan alan adları hakkında daha fazla bilgi okur.<br>\\r\\n<b>Posta kutusu kullanıcıları</b> zaman oluşturabilir -sınırlı takma adlar (spam takma adları), şifrelerini ve spam filtresi ayarlarını değiştirin.",
         "imap_smtp_server_auth_info": "Lütfen tam e-posta adresinizi ve PLAIN kimlik doğrulama mekanizmasını kullanın.<br>\\r\\nGiriş verileriniz, sunucu tarafı zorunlu şifreleme ile şifrelenecektir.",
-        "mailcow_apps_detail": "Postalarınıza, takviminize, kişilerinize ve daha fazlasına erişmek için bir mailcow uygulaması kullanın.",
         "help": "Yardım panelini göster/gizle"
     },
     "queue": {
diff --git a/data/web/lang/lang.uk-ua.json b/data/web/lang/lang.uk-ua.json
index 2ca81e478..c6ded247b 100644
--- a/data/web/lang/lang.uk-ua.json
+++ b/data/web/lang/lang.uk-ua.json
@@ -987,9 +987,7 @@
     },
     "start": {
         "help": "Довідка",
-        "mailcow_apps_detail": "Використовуйте mailcow, щоб отримати доступ до своєї пошти, календаря, контактів тощо.",
-        "imap_smtp_server_auth_info": "Будь ласка, використовуйте повну адресу електронної пошти у форматі <code>user@example.com</code> та PLAIN механізм авторизації.<br>\nВаші дані авторизації будуть зашифровані на рівні шифрування каналу підключення до сервера, тому переконайтеся, що ви використовуєте надійне підключення TLS.",
-        "mailcow_panel_detail": "<b>Адміністратори домену</b> можуть створювати, змінювати або видаляти поштові скриньки та псевдоніми, змінювати домени та дивитися інформацію про свої призначені домени. <br><b>Користувачі поштових скриньок</b> мають можливість створювати тимчасові псевдоніми (спам псевдоніми), змінювати свій пароль та налаштування фільтра спаму."
+        "imap_smtp_server_auth_info": "Будь ласка, використовуйте повну адресу електронної пошти у форматі <code>user@example.com</code> та PLAIN механізм авторизації.<br>\nВаші дані авторизації будуть зашифровані на рівні шифрування каналу підключення до сервера, тому переконайтеся, що ви використовуєте надійне підключення TLS."
     },
     "success": {
         "acl_saved": "ACL для %s збережено",
diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index 9a1927391..0740253a1 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -1008,9 +1008,7 @@
     },
     "start": {
         "help": "显示/隐藏 帮助面板",
-        "imap_smtp_server_auth_info": "请使用你的完整邮箱地址并使用 PLAIN (明文) 认证方法。<br>\r\n你的登录数据会被服务端强制加密。",
-        "mailcow_apps_detail": "使用 Mailcow 应用访问你的邮件、日历、联系人以及更多内容。",
-        "mailcow_panel_detail": "<b>域名管理员</b>可以创建、修改或删除邮箱的别名，更改分配给用户的域名并读取更多域名相关信息。<br>\r\n<b>邮箱用户</b>可以创建临时别名 (垃圾邮件别名)，更改密码以及设置垃圾邮件过滤器。"
+        "imap_smtp_server_auth_info": "请使用你的完整邮箱地址并使用 PLAIN (明文) 认证方法。<br>\r\n你的登录数据会被服务端强制加密。"
     },
     "success": {
         "acl_saved": "已保存对象 %s 的 ACL 设置",
diff --git a/data/web/lang/lang.zh-tw.json b/data/web/lang/lang.zh-tw.json
index 600664891..63ac5df04 100644
--- a/data/web/lang/lang.zh-tw.json
+++ b/data/web/lang/lang.zh-tw.json
@@ -985,9 +985,7 @@
     },
     "start": {
         "help": "顯示/隱藏 幫助面板",
-        "imap_smtp_server_auth_info": "請使用完整的信箱地址及明文認證 (PLAIN) 來登入。<br>\r\n你的登入資訊會在伺服器端被加密。",
-        "mailcow_apps_detail": "使用 mailcow 應用程式來存取你的郵件、行事曆、聯絡資訊及其他更多功能。",
-        "mailcow_panel_detail": "<b>域名管理員</b> 可以創建、修改、刪除信箱別名，以及讀取並修改被指定他們名下的域名。<br>\r\n<b>信箱使用者</b> 可以創建臨時別名 (垃圾郵件別名)，更改密碼和垃圾郵件過濾器設定。"
+        "imap_smtp_server_auth_info": "請使用完整的信箱地址及明文認證 (PLAIN) 來登入。<br>\r\n你的登入資訊會在伺服器端被加密。"
     },
     "success": {
         "acl_saved": "%s 的存取權限表已儲存",
diff --git a/data/web/templates/user_index.twig b/data/web/templates/user_index.twig
index ee54c0e93..4ed942143 100644
--- a/data/web/templates/user_index.twig
+++ b/data/web/templates/user_index.twig
@@ -101,7 +101,7 @@
     </div>
   </div>
 </div>
-{% if not oauth2_request %}
+{% if not oauth2_request and ui_texts.help_text %}
 <div class="row">
   <div class="col-12 col-md-7 col-lg-6 col-xl-5 ms-auto me-auto">
     <div class="card">
@@ -110,18 +110,11 @@
       </div>
       <div id="collapse1" class="card-collapse collapse">
         <div class="card-body">
-          {% if ui_texts.help_text %}
           <p>{{ ui_texts.help_text|raw }}</p>
-          {% else %}
-          <p><span style="border-bottom: 1px dotted #999;">{{ ui_texts.main_name|raw }}</span></p>
-          <p>{{ lang.start.mailcow_panel_detail|raw }}</p>
-          <p><span style="border-bottom: 1px dotted #999;">{{ ui_texts.apps_name|raw }}</span></p>
-          <p>{{ lang.start.mailcow_apps_detail|raw }}</p>
-          {% endif %}
         </div>
       </div>
     </div>
   </div>
-  {% endif %}
 </div>
+{% endif %}
 {% endblock %}

From 5f15475b55b91485781cb6a46f1ec43fb92719e7 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 7 Mar 2025 15:18:42 +0100
Subject: [PATCH 504/755] [Rspamd] Remove redis.conf from tracking

---
 data/conf/rspamd/local.d/redis.conf | 2 --
 1 file changed, 2 deletions(-)
 delete mode 100644 data/conf/rspamd/local.d/redis.conf

diff --git a/data/conf/rspamd/local.d/redis.conf b/data/conf/rspamd/local.d/redis.conf
deleted file mode 100644
index 5ee0ac196..000000000
--- a/data/conf/rspamd/local.d/redis.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-servers = "redis:6379";
-timeout = 10;

From 03565df48dd5dd818899e8794cbef4ac1e6029c4 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 7 Mar 2025 21:37:31 +0100
Subject: [PATCH 505/755] [Web] Updated lang.ko-kr.json (#6356)

Co-authored-by: dongsu8142 <dongsu8142@naver.com>
---
 data/web/lang/lang.ko-kr.json | 54 +++++++++++++++++++++++++++++++----
 1 file changed, 48 insertions(+), 6 deletions(-)

diff --git a/data/web/lang/lang.ko-kr.json b/data/web/lang/lang.ko-kr.json
index 546ccdfcc..9e281584b 100644
--- a/data/web/lang/lang.ko-kr.json
+++ b/data/web/lang/lang.ko-kr.json
@@ -201,7 +201,7 @@
         "link": "Link",
         "loading": "잠시만 기다려주세요...",
         "logo_info": "이미지 크기는 상단 탐색 막대의 경우 40px, 시작 페이지의 경우 최대 너비 250px로 조정됩니다. 확장 가능한 그래픽을 권장합니다.",
-        "lookup_mx": "MX와 목적지 일치 (.outlook.com이 홉을 통해서 MX *.outlook.com을 대상으로 하는 모든 메일을 라우트한다.)",
+        "lookup_mx": "목적지가 MX 이름과 일치하는 정규 표현식입니다. (<code>.*\\.google\\.com</code>를 사용하여 이 홉을 통해 google.com으로 끝나는 모든 메일을 대상으로 하는 MX로 라우팅합니다.)",
         "main_name": "\"mailcow UI\" 이름",
         "merged_vars_hint": "회색으로 표시된 행은 <code>vars.(local.)php</code> 에서 병합되었고 이는 수정할 수 없습니다.",
         "message": "메세지",
@@ -350,7 +350,10 @@
         "admins": "관리자",
         "admins_ldap": "LDAP 관리자",
         "api_read_only": "읽기 전용 액세스",
-        "api_read_write": "읽기-쓰기 액세스"
+        "api_read_write": "읽기-쓰기 액세스",
+        "is_mx_based": "MX 기반",
+        "login_time": "로그인 시간",
+        "ip_check_opt_in": "외부 IP 주소 확인을 위해 타사 서비스 <strong>ipv4.mailcow.email</strong> 및 <strong>ipv6.mailcow.email</strong>을 사용하도록 설정합니다."
     },
     "danger": {
         "access_denied": "접근이 거부되거나 잘못된 데이터 양식",
@@ -485,7 +488,9 @@
         "fido2_verification_failed": "FIDO2 인증 실패: %s",
         "extended_sender_acl_denied": "외부 발신자 주소를 설정하는 ACL 누락",
         "img_dimensions_exceeded": "이미지가 최대 이미지 크기를 초과합니다.",
-        "reset_token_limit_exceeded": "토큰 재설정 한도를 초과했습니다. 나중에 다시 시도해 주세요."
+        "reset_token_limit_exceeded": "토큰 재설정 한도를 초과했습니다. 나중에 다시 시도해 주세요.",
+        "cors_invalid_method": "잘못된 허용 메서드를 지정했습니다.",
+        "cors_invalid_origin": "잘못된 허용 원본을 지정했습니다."
     },
     "debug": {
         "chart_this_server": "Chart (this server)",
@@ -506,7 +511,22 @@
         "static_logs": "Static logs",
         "system_containers": "System & Containers",
         "current_time": "시스템 시간",
-        "no_update_available": "시스템이 최신 버전입니다."
+        "no_update_available": "시스템이 최신 버전입니다.",
+        "architecture": "아키텍처",
+        "container_running": "실행 중",
+        "container_disabled": "컨테이너 중지 또는 비활성화",
+        "container_stopped": "중지됨",
+        "online_users": "온라인 사용자",
+        "service": "서비스",
+        "success": "성공",
+        "show_ip": "공인 IP 표시",
+        "timezone": "시간대",
+        "update_available": "사용 가능한 업데이트가 있습니다.",
+        "update_failed": "업데이트를 확인할 수 없습니다",
+        "username": "사용자 이름",
+        "memory": "메모리",
+        "error_show_ip": "공인 IP 주소를 확인할 수 없습니다",
+        "login_time": "시간"
     },
     "diagnostics": {
         "cname_from_a": "Value derived from A/AAAA record. This is supported as long as the record points to the correct resource.",
@@ -614,7 +634,13 @@
         "title": "Edit object",
         "unchanged_if_empty": "If unchanged leave blank",
         "username": "Username",
-        "validate_save": "Validate and save"
+        "validate_save": "Validate and save",
+        "allow_from_smtp": "다음 IP만 <b>SMTP</b>를 사용하도록 허용합니다.",
+        "allow_from_smtp_info": "모든 발신자를 허용하려면 비워둡니다.<br>IPv4/IPv6 주소 및 네트워크.",
+        "allowed_protocols": "허용된 프로토콜",
+        "app_passwd_protocols": "앱 비밀번호에 대해 허용되는 프로토콜",
+        "acl": "ACL (권한)",
+        "admin": "관리자 수정"
     },
     "footer": {
         "cancel": "Cancel",
@@ -1093,6 +1119,22 @@
     },
     "datatables": {
         "collapse_all": "모두 접기",
-        "decimal": "."
+        "decimal": ".",
+        "emptyTable": "테이블에 사용 가능한 데이터가 없습니다.",
+        "expand_all": "모두 펼치기",
+        "infoEmpty": "0개 항목 중 0개부터 0개까지 표시",
+        "infoFiltered": "(_MAX_ 총 항목에서 필터링됨)",
+        "thousands": ",",
+        "lengthMenu": "_MENU_ 항목 표시",
+        "loadingRecords": "로딩 중...",
+        "processing": "잠시만 기다려 주세요...",
+        "search": "검색:",
+        "zeroRecords": "일치하는 레코드가 없습니다.",
+        "paginate": {
+            "first": "처음",
+            "last": "마지막",
+            "next": "다음",
+            "previous": "이전"
+        }
     }
 }

From aac0a900cea3e57dafc80a0593c3ea6cc5d95645 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 10 Mar 2025 10:49:27 +0100
Subject: [PATCH 506/755] [Web] Fix JSON parsing issue for api requests

---
 data/web/js/build/011-api.js | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/data/web/js/build/011-api.js b/data/web/js/build/011-api.js
index c657c1344..1fe595c69 100644
--- a/data/web/js/build/011-api.js
+++ b/data/web/js/build/011-api.js
@@ -158,9 +158,11 @@ $(document).ready(function() {
         var attr_to_merge = $(this).closest("form").serializeObject();
         // parse possible JSON Strings
         for (var [key, value] of Object.entries(attr_to_merge)) {
-          try {
-            attr_to_merge[key] = JSON.parse(attr_to_merge[key]);
-          } catch {}
+          if (typeof value === "string" && /^[\[\{"].*[\}\]"]$/.test(value.trim())) {
+            try {
+              attr_to_merge[key] = JSON.parse(attr_to_merge[key]);
+            } catch {}
+          }
         }
         var api_attr = $.extend(api_attr, attr_to_merge)
       } else {
@@ -271,9 +273,11 @@ $(document).ready(function() {
         var attr_to_merge = $(this).closest("form").serializeObject();
         // parse possible JSON Strings
         for (var [key, value] of Object.entries(attr_to_merge)) {
-          try {
-            attr_to_merge[key] = JSON.parse(attr_to_merge[key]);
-          } catch {}
+          if (typeof value === "string" && /^[\[\{"].*[\}\]"]$/.test(value.trim())) {
+            try {
+              attr_to_merge[key] = JSON.parse(attr_to_merge[key]);
+            } catch {}
+          }
         }
         var api_attr = $.extend(api_attr, attr_to_merge)
       } else {
@@ -312,7 +316,7 @@ $(document).ready(function() {
                 var key = localStorage.key(i);
                 if(/formcache/.test(key)) {
                   localStorage.removeItem(key);
-                }  
+                }
               }
             }
           }

From 86df78255d8bc558ddcf23bfae0d2ef8313072ed Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 10 Mar 2025 11:39:19 +0100
Subject: [PATCH 507/755] chore(deps): update dependency composer/composer to
 v2.8.6 (#5719)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 data/Dockerfiles/phpfpm/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index 038c586a8..f5ae3fbd7 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -13,7 +13,7 @@ ARG MEMCACHED_PECL_VERSION=3.2.0
 # renovate: datasource=github-tags depName=phpredis/phpredis versioning=semver-coerced extractVersion=(?<version>.*)$
 ARG REDIS_PECL_VERSION=6.1.0
 # renovate: datasource=github-tags depName=composer/composer versioning=semver-coerced extractVersion=(?<version>.*)$
-ARG COMPOSER_VERSION=2.6.6
+ARG COMPOSER_VERSION=2.8.6
 
 RUN apk add -U --no-cache autoconf \
   aspell-dev \

From 0860a7503e29cf268a58e1a593367ea8f9f9816d Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Mon, 10 Mar 2025 11:56:12 +0100
Subject: [PATCH 508/755] os: updated alpine containers to 3.21

---
 data/Dockerfiles/acme/Dockerfile      |  4 ++--
 data/Dockerfiles/dockerapi/Dockerfile |  2 +-
 data/Dockerfiles/dovecot/Dockerfile   |  4 ++--
 data/Dockerfiles/netfilter/Dockerfile |  2 +-
 data/Dockerfiles/olefy/Dockerfile     |  2 +-
 data/Dockerfiles/phpfpm/Dockerfile    |  2 +-
 data/Dockerfiles/unbound/Dockerfile   |  2 +-
 data/Dockerfiles/watchdog/Dockerfile  |  2 +-
 docker-compose.yml                    | 16 ++++++++--------
 9 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/data/Dockerfiles/acme/Dockerfile b/data/Dockerfiles/acme/Dockerfile
index 8aa16ad58..5b7378c7b 100644
--- a/data/Dockerfiles/acme/Dockerfile
+++ b/data/Dockerfiles/acme/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.20
+FROM alpine:3.21
 
 LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
@@ -15,7 +15,7 @@ RUN apk upgrade --no-cache \
   tini \
   tzdata \
   python3 \
-  acme-tiny --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community/
+  acme-tiny
 
 COPY acme.sh /srv/acme.sh
 COPY functions.sh /srv/functions.sh
diff --git a/data/Dockerfiles/dockerapi/Dockerfile b/data/Dockerfiles/dockerapi/Dockerfile
index bbd4542e6..872764317 100644
--- a/data/Dockerfiles/dockerapi/Dockerfile
+++ b/data/Dockerfiles/dockerapi/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.20
+FROM alpine:3.21
 
 LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index 1c35639e9..6b846cec8 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.20
+FROM alpine:3.21
 
 LABEL maintainer="The Infrastructure Company GmbH <info@servercow.de>"
 
@@ -65,7 +65,7 @@ RUN addgroup -g 5000 vmail \
   perl-par-packer \
   perl-parse-recdescent \
   perl-lockfile-simple \
-  libproc \
+  libproc2 \
   perl-readonly \
   perl-regexp-common \
   perl-sys-meminfo \
diff --git a/data/Dockerfiles/netfilter/Dockerfile b/data/Dockerfiles/netfilter/Dockerfile
index 86f9e3f69..57dbd6e94 100644
--- a/data/Dockerfiles/netfilter/Dockerfile
+++ b/data/Dockerfiles/netfilter/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.20
+FROM alpine:3.21
 
 LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
diff --git a/data/Dockerfiles/olefy/Dockerfile b/data/Dockerfiles/olefy/Dockerfile
index 3b2729134..845b125f6 100644
--- a/data/Dockerfiles/olefy/Dockerfile
+++ b/data/Dockerfiles/olefy/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.20
+FROM alpine:3.21
 
 LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index f5ae3fbd7..4ba8349f9 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:8.2-fpm-alpine3.20
+FROM php:8.2-fpm-alpine3.21
 
 LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
diff --git a/data/Dockerfiles/unbound/Dockerfile b/data/Dockerfiles/unbound/Dockerfile
index 7e4f18dec..4903750ed 100644
--- a/data/Dockerfiles/unbound/Dockerfile
+++ b/data/Dockerfiles/unbound/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.20
+FROM alpine:3.21
 
 LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
diff --git a/data/Dockerfiles/watchdog/Dockerfile b/data/Dockerfiles/watchdog/Dockerfile
index f8aa262bb..a55a97a4c 100644
--- a/data/Dockerfiles/watchdog/Dockerfile
+++ b/data/Dockerfiles/watchdog/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.20
+FROM alpine:3.21
 
 LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 4c470f5bd..7ddbd1240 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,7 @@
 services:
 
     unbound-mailcow:
-      image: ghcr.io/mailcow/unbound:1.23
+      image: ghcr.io/mailcow/unbound:1.24
       environment:
         - TZ=${TZ}
         - SKIP_UNBOUND_HEALTHCHECK=${SKIP_UNBOUND_HEALTHCHECK:-n}
@@ -117,7 +117,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: ghcr.io/mailcow/phpfpm:1.92
+      image: ghcr.io/mailcow/phpfpm:1.93
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow
@@ -234,7 +234,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: ghcr.io/mailcow/dovecot:2.31
+      image: ghcr.io/mailcow/dovecot:2.32
       depends_on:
         - mysql-mailcow
         - netfilter-mailcow
@@ -419,7 +419,7 @@ services:
           condition: service_started
         unbound-mailcow:
           condition: service_healthy
-      image: ghcr.io/mailcow/acme:1.91
+      image: ghcr.io/mailcow/acme:1.92
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:
@@ -457,7 +457,7 @@ services:
             - acme
 
     netfilter-mailcow:
-      image: ghcr.io/mailcow/netfilter:1.61
+      image: ghcr.io/mailcow/netfilter:1.62
       stop_grace_period: 30s
       restart: always
       privileged: true
@@ -477,7 +477,7 @@ services:
         - /lib/modules:/lib/modules:ro
 
     watchdog-mailcow:
-      image: ghcr.io/mailcow/watchdog:2.06
+      image: ghcr.io/mailcow/watchdog:2.07
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       tmpfs:
@@ -549,7 +549,7 @@ services:
             - watchdog
 
     dockerapi-mailcow:
-      image: ghcr.io/mailcow/dockerapi:2.10
+      image: ghcr.io/mailcow/dockerapi:2.11
       security_opt:
         - label=disable
       restart: always
@@ -569,7 +569,7 @@ services:
             - dockerapi
 
     olefy-mailcow:
-      image: ghcr.io/mailcow/olefy:1.13
+      image: ghcr.io/mailcow/olefy:1.14
       restart: always
       environment:
         - TZ=${TZ}

From 2f93f1d0c5b9642190c1358a03038be4c3f4bb43 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Mon, 10 Mar 2025 16:45:57 +0100
Subject: [PATCH 509/755] os: fixes for newer mariadb-client versions
 (especially on alpine 3.21)

---
 data/Dockerfiles/acme/Dockerfile              |  1 -
 data/Dockerfiles/acme/acme.sh                 |  4 +--
 data/Dockerfiles/dovecot/clean_q_aged.sh      |  4 +--
 data/Dockerfiles/dovecot/docker-entrypoint.sh | 10 +++----
 data/Dockerfiles/phpfpm/docker-entrypoint.sh  | 12 ++++----
 data/Dockerfiles/sogo/bootstrap-sogo.sh       | 28 +++++++++----------
 .../watchdog/check_mysql_slavestatus.sh       |  4 +--
 data/Dockerfiles/watchdog/watchdog.sh         |  2 +-
 8 files changed, 32 insertions(+), 33 deletions(-)

diff --git a/data/Dockerfiles/acme/Dockerfile b/data/Dockerfiles/acme/Dockerfile
index 5b7378c7b..f6e990e57 100644
--- a/data/Dockerfiles/acme/Dockerfile
+++ b/data/Dockerfiles/acme/Dockerfile
@@ -2,7 +2,6 @@ FROM alpine:3.21
 
 LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
-
 RUN apk upgrade --no-cache \
   && apk add --update --no-cache \
   bash \
diff --git a/data/Dockerfiles/acme/acme.sh b/data/Dockerfiles/acme/acme.sh
index 64a4d1765..a6766efd0 100755
--- a/data/Dockerfiles/acme/acme.sh
+++ b/data/Dockerfiles/acme/acme.sh
@@ -138,7 +138,7 @@ log_f "Resolver OK"
 log_f "Waiting for domain table..."
 while [[ -z ${DOMAIN_TABLE} ]]; do
   curl --silent http://nginx.${COMPOSE_PROJECT_NAME}_mailcow-network/ >/dev/null 2>&1
-  DOMAIN_TABLE=$(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SHOW TABLES LIKE 'domain'" -Bs)
+  DOMAIN_TABLE=$(mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SHOW TABLES LIKE 'domain'" -Bs)
   [[ -z ${DOMAIN_TABLE} ]] && sleep 10
 done
 log_f "OK" no_date
@@ -231,7 +231,7 @@ while true; do
 
   #########################################
   # IP and webroot challenge verification #
-  SQL_DOMAINS=$(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT domain FROM domain WHERE backupmx=0 and active=1" -Bs)
+  SQL_DOMAINS=$(mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT domain FROM domain WHERE backupmx=0 and active=1" -Bs)
   if [[ ! $? -eq 0 ]]; then
     log_f "Failed to read SQL domains, retrying in 1 minute..."
     sleep 1m
diff --git a/data/Dockerfiles/dovecot/clean_q_aged.sh b/data/Dockerfiles/dovecot/clean_q_aged.sh
index 3fa8a7ddb..ebedc8999 100755
--- a/data/Dockerfiles/dovecot/clean_q_aged.sh
+++ b/data/Dockerfiles/dovecot/clean_q_aged.sh
@@ -15,6 +15,6 @@ if ! [[ ${MAX_AGE} =~ ${NUM_REGEXP} ]] ; then
   exit 1
 fi
 
-TO_DELETE=$(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT COUNT(id) FROM quarantine WHERE created < NOW() - INTERVAL ${MAX_AGE//[!0-9]/} DAY" -BN)
-mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM quarantine WHERE created < NOW() - INTERVAL ${MAX_AGE//[!0-9]/} DAY"
+TO_DELETE=$(mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT COUNT(id) FROM quarantine WHERE created < NOW() - INTERVAL ${MAX_AGE//[!0-9]/} DAY" -BN)
+mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM quarantine WHERE created < NOW() - INTERVAL ${MAX_AGE//[!0-9]/} DAY"
 echo "Deleted ${TO_DELETE} items from quarantine table (max age is ${MAX_AGE//[!0-9]/} days)"
diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index af67579f1..9a4e2f252 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -414,15 +414,15 @@ printenv | sed 's/^\(.*\)$/export \1/g' > /source_env.sh
 
 # Clean stopped imapsync jobs
 rm -f /tmp/imapsync_busy.lock
-IMAPSYNC_TABLE=$(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SHOW TABLES LIKE 'imapsync'" -Bs)
-[[ ! -z ${IMAPSYNC_TABLE} ]] && mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "UPDATE imapsync SET is_running='0'"
+IMAPSYNC_TABLE=$(mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SHOW TABLES LIKE 'imapsync'" -Bs)
+[[ ! -z ${IMAPSYNC_TABLE} ]] && mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "UPDATE imapsync SET is_running='0'"
 
 # Envsubst maildir_gc
 echo "$(envsubst < /usr/local/bin/maildir_gc.sh)" > /usr/local/bin/maildir_gc.sh
 
 # GUID generation
 while [[ ${VERSIONS_OK} != 'OK' ]]; do
-  if [[ ! -z $(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "SELECT 'OK' FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA = \"${DBNAME}\" AND TABLE_NAME = 'versions'") ]]; then
+  if [[ ! -z $(mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "SELECT 'OK' FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA = \"${DBNAME}\" AND TABLE_NAME = 'versions'") ]]; then
     VERSIONS_OK=OK
   else
     echo "Waiting for versions table to be created..."
@@ -433,11 +433,11 @@ PUBKEY_MCRYPT=$(doveconf -P 2> /dev/null | grep -i mail_crypt_global_public_key
 if [ -f ${PUBKEY_MCRYPT} ]; then
   GUID=$(cat <(echo ${MAILCOW_HOSTNAME}) /mail_crypt/ecpubkey.pem | sha256sum | cut -d ' ' -f1 | tr -cd "[a-fA-F0-9.:/] ")
   if [ ${#GUID} -eq 64 ]; then
-    mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
+    mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
 REPLACE INTO versions (application, version) VALUES ("GUID", "${GUID}");
 EOF
   else
-    mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
+    mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
 REPLACE INTO versions (application, version) VALUES ("GUID", "INVALID");
 EOF
   fi
diff --git a/data/Dockerfiles/phpfpm/docker-entrypoint.sh b/data/Dockerfiles/phpfpm/docker-entrypoint.sh
index e6510de7a..0d09ac5fc 100755
--- a/data/Dockerfiles/phpfpm/docker-entrypoint.sh
+++ b/data/Dockerfiles/phpfpm/docker-entrypoint.sh
@@ -81,7 +81,7 @@ if [ ${SQL_CHANGED} -eq 1 ]; then
 fi
 
 # Check mysql tz import (master and slave)
-TZ_CHECK=$(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT CONVERT_TZ('2019-11-02 23:33:00','Europe/Berlin','UTC') AS time;" -BN 2> /dev/null)
+TZ_CHECK=$(mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT CONVERT_TZ('2019-11-02 23:33:00','Europe/Berlin','UTC') AS time;" -BN 2> /dev/null)
 if [[ -z ${TZ_CHECK} ]] || [[ "${TZ_CHECK}" == "NULL" ]]; then
   SQL_FULL_TZINFO_IMPORT_RETURN=$(curl --silent --insecure -XPOST https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/${CONTAINER_ID}/exec -d '{"cmd":"system", "task":"mysql_tzinfo_to_sql"}' --silent -H 'Content-type: application/json')
   echo "MySQL mysql_tzinfo_to_sql - debug output:"
@@ -120,11 +120,11 @@ if [[ "${MASTER}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
   while read line
   do
     DOMAIN_ARR+=("$line")
-  done < <(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT domain FROM domain" -Bs)
+  done < <(mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT domain FROM domain" -Bs)
   while read line
   do
     DOMAIN_ARR+=("$line")
-  done < <(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT alias_domain FROM alias_domain" -Bs)
+  done < <(mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT alias_domain FROM alias_domain" -Bs)
 
   if [[ ! -z ${DOMAIN_ARR} ]]; then
   for domain in "${DOMAIN_ARR[@]}"; do
@@ -146,13 +146,13 @@ if [[ "${MASTER}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
     VALIDATED_IPS=$(array_by_comma ${VALIDATED_API_ALLOW_FROM_ARR[*]})
     if [[ ! -z ${VALIDATED_IPS} ]]; then
       if [[ ${API_KEY} != "invalid" ]] && [[ ! -z ${API_KEY} ]]; then
-        mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
+        mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
 DELETE FROM api WHERE access = 'rw';
 INSERT INTO api (api_key, active, allow_from, access) VALUES ("${API_KEY}", "1", "${VALIDATED_IPS}", "rw");
 EOF
       fi
       if [[ ${API_KEY_READ_ONLY} != "invalid" ]] && [[ ! -z ${API_KEY_READ_ONLY} ]]; then
-        mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
+        mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
 DELETE FROM api WHERE access = 'ro';
 INSERT INTO api (api_key, active, allow_from, access) VALUES ("${API_KEY_READ_ONLY}", "1", "${VALIDATED_IPS}", "ro");
 EOF
@@ -161,7 +161,7 @@ EOF
   fi
 
   # Create events (master only, STATUS for event on slave will be SLAVESIDE_DISABLED)
-  mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
+  mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
 DROP EVENT IF EXISTS clean_spamalias;
 DELIMITER //
 CREATE EVENT clean_spamalias
diff --git a/data/Dockerfiles/sogo/bootstrap-sogo.sh b/data/Dockerfiles/sogo/bootstrap-sogo.sh
index 9cf36a805..dcf91b499 100755
--- a/data/Dockerfiles/sogo/bootstrap-sogo.sh
+++ b/data/Dockerfiles/sogo/bootstrap-sogo.sh
@@ -14,11 +14,11 @@ do
 done
 
 # Wait for updated schema
-DBV_NOW=$(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT version FROM versions WHERE application = 'db_schema';" -BN)
+DBV_NOW=$(mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT version FROM versions WHERE application = 'db_schema';" -BN)
 DBV_NEW=$(grep -oE '\$db_version = .*;' init_db.inc.php | sed 's/$db_version = //g;s/;//g' | cut -d \" -f2)
 while [[ "${DBV_NOW}" != "${DBV_NEW}" ]]; do
   echo "Waiting for schema update..."
-  DBV_NOW=$(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT version FROM versions WHERE application = 'db_schema';" -BN)
+  DBV_NOW=$(mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT version FROM versions WHERE application = 'db_schema';" -BN)
   DBV_NEW=$(grep -oE '\$db_version = .*;' init_db.inc.php | sed 's/$db_version = //g;s/;//g' | cut -d \" -f2)
   sleep 5
 done
@@ -27,9 +27,9 @@ echo "DB schema is ${DBV_NOW}"
 # Recreate view
 if [[ "${MASTER}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
   echo "We are master, preparing sogo_view..."
-  mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP VIEW IF EXISTS sogo_view"
+  mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP VIEW IF EXISTS sogo_view"
   while [[ ${VIEW_OK} != 'OK' ]]; do
-    mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
+    mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
 CREATE VIEW sogo_view (c_uid, domain, c_name, c_password, c_cn, mail, aliases, ad_aliases, ext_acl, kind, multiple_bookings) AS
 SELECT
    mailbox.username,
@@ -59,7 +59,7 @@ WHERE
 GROUP BY
    mailbox.username;
 EOF
-    if [[ ! -z $(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "SELECT 'OK' FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = 'sogo_view'") ]]; then
+    if [[ ! -z $(mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "SELECT 'OK' FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = 'sogo_view'") ]]; then
       VIEW_OK=OK
     else
       echo "Will retry to setup SOGo view in 3s..."
@@ -68,7 +68,7 @@ EOF
   done
 else
   while [[ ${VIEW_OK} != 'OK' ]]; do
-    if [[ ! -z $(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "SELECT 'OK' FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = 'sogo_view'") ]]; then
+    if [[ ! -z $(mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "SELECT 'OK' FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = 'sogo_view'") ]]; then
       VIEW_OK=OK
     else
       echo "Waiting for SOGo view to be created by master..."
@@ -81,12 +81,12 @@ fi
 if [[ "${MASTER}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
   echo "We are master, preparing _sogo_static_view..."
   while [[ ${STATIC_VIEW_OK} != 'OK' ]]; do
-    if [[ ! -z $(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "SELECT 'OK' FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '_sogo_static_view'") ]]; then
+    if [[ ! -z $(mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "SELECT 'OK' FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '_sogo_static_view'") ]]; then
       STATIC_VIEW_OK=OK
       echo "Updating _sogo_static_view content..."
       # If changed, also update init_db.inc.php
-      mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "REPLACE INTO _sogo_static_view (c_uid, domain, c_name, c_password, c_cn, mail, aliases, ad_aliases, ext_acl, kind, multiple_bookings) SELECT c_uid, domain, c_name, c_password, c_cn, mail, aliases, ad_aliases, ext_acl, kind, multiple_bookings from sogo_view;"
-      mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "DELETE FROM _sogo_static_view WHERE c_uid NOT IN (SELECT username FROM mailbox WHERE active = '1')"
+      mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "REPLACE INTO _sogo_static_view (c_uid, domain, c_name, c_password, c_cn, mail, aliases, ad_aliases, ext_acl, kind, multiple_bookings) SELECT c_uid, domain, c_name, c_password, c_cn, mail, aliases, ad_aliases, ext_acl, kind, multiple_bookings from sogo_view;"
+      mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "DELETE FROM _sogo_static_view WHERE c_uid NOT IN (SELECT username FROM mailbox WHERE active = '1')"
     else
       echo "Waiting for database initialization..."
       sleep 3
@@ -94,7 +94,7 @@ if [[ "${MASTER}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
   done
 else
   while [[ ${STATIC_VIEW_OK} != 'OK' ]]; do
-    if [[ ! -z $(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "SELECT 'OK' FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '_sogo_static_view'") ]]; then
+    if [[ ! -z $(mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "SELECT 'OK' FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '_sogo_static_view'") ]]; then
       STATIC_VIEW_OK=OK
     else
       echo "Waiting for database initialization by master..."
@@ -107,9 +107,9 @@ fi
 # Recreate password update trigger
 if [[ "${MASTER}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
   echo "We are master, preparing update trigger..."
-  mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP TRIGGER IF EXISTS sogo_update_password"
+  mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP TRIGGER IF EXISTS sogo_update_password"
   while [[ ${TRIGGER_OK} != 'OK' ]]; do
-  mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
+  mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
 DELIMITER -
 CREATE TRIGGER sogo_update_password AFTER UPDATE ON _sogo_static_view
 FOR EACH ROW
@@ -119,7 +119,7 @@ END;
 -
 DELIMITER ;
 EOF
-    if [[ ! -z $(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "SELECT 'OK' FROM INFORMATION_SCHEMA.TRIGGERS WHERE TRIGGER_NAME = 'sogo_update_password'") ]]; then
+    if [[ ! -z $(mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "SELECT 'OK' FROM INFORMATION_SCHEMA.TRIGGERS WHERE TRIGGER_NAME = 'sogo_update_password'") ]]; then
       TRIGGER_OK=OK
     else
       echo "Will retry to setup SOGo password update trigger in 3s"
@@ -216,7 +216,7 @@ while read -r line gal
   line=${line} envsubst < /etc/sogo/plist_ldap >> /var/lib/sogo/GNUstep/Defaults/sogod.plist
   echo "            </array>
         </dict>" >> /var/lib/sogo/GNUstep/Defaults/sogod.plist
-done < <(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT domain, CASE gal WHEN '1' THEN 'YES' ELSE 'NO' END AS gal FROM domain;" -B -N)
+done < <(mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT domain, CASE gal WHEN '1' THEN 'YES' ELSE 'NO' END AS gal FROM domain;" -B -N)
 
 # Generate footer
 echo '    </dict>
diff --git a/data/Dockerfiles/watchdog/check_mysql_slavestatus.sh b/data/Dockerfiles/watchdog/check_mysql_slavestatus.sh
index ed4f0db4d..4788b9b70 100755
--- a/data/Dockerfiles/watchdog/check_mysql_slavestatus.sh
+++ b/data/Dockerfiles/watchdog/check_mysql_slavestatus.sh
@@ -132,9 +132,9 @@ fi
 
 # Connect to the DB server and store output in vars
 if [[ -n $socket ]]; then 
-  ConnectionResult=$(mysql ${optfile} ${socket} ${user} -e "show slave ${connection} status\G" 2>&1)
+  ConnectionResult=$(mariadb --skip-ssl ${optfile} ${socket} ${user} -e "show slave ${connection} status\G" 2>&1)
 else
-  ConnectionResult=$(mysql ${optfile} ${host} ${port} ${user} -e "show slave ${connection} status\G" 2>&1)
+  ConnectionResult=$(mariadb --skip-ssl ${optfile} ${host} ${port} ${user} -e "show slave ${connection} status\G" 2>&1)
 fi
 
 if [ -z "`echo "${ConnectionResult}" |grep Slave_IO_State`" ]; then
diff --git a/data/Dockerfiles/watchdog/watchdog.sh b/data/Dockerfiles/watchdog/watchdog.sh
index dac0335fb..9d6f6609f 100755
--- a/data/Dockerfiles/watchdog/watchdog.sh
+++ b/data/Dockerfiles/watchdog/watchdog.sh
@@ -234,7 +234,7 @@ external_checks() {
   diff_c=0
   THRESHOLD=${EXTERNAL_CHECKS_THRESHOLD}
   # Reduce error count by 2 after restarting an unhealthy container
-  GUID=$(mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT version FROM versions WHERE application = 'GUID'" -BN)
+  GUID=$(mariadb --skip-ssl -u${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT version FROM versions WHERE application = 'GUID'" -BN)
   trap "[ ${err_count} -gt 1 ] && err_count=$(( ${err_count} - 2 ))" USR1
   while [ ${err_count} -lt ${THRESHOLD} ]; do
     err_c_cur=${err_count}

From 18acbc7a4c68e7b31a6d5aa94ffb7d4ee2d9f577 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Tue, 11 Mar 2025 12:35:13 +0100
Subject: [PATCH 510/755] cold-standby: changed texts + removed --no-parallel
 for pull

---
 helper-scripts/_cold-standby.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/helper-scripts/_cold-standby.sh b/helper-scripts/_cold-standby.sh
index 9e7362ec6..bfda3ba94 100755
--- a/helper-scripts/_cold-standby.sh
+++ b/helper-scripts/_cold-standby.sh
@@ -99,11 +99,11 @@ EOF
 
 if [ $? = 0 ]; then
   COMPOSE_COMMAND="docker compose"
-  echo "DEBUG: Using native docker compose on remote"
+  echo "INFO: Using native docker compose on remote"
 
 elif [ $? = 1 ]; then
   COMPOSE_COMMAND="docker-compose"
-  echo "DEBUG: Using standalone docker compose on remote"
+  echo "INFO: Using standalone docker compose on remote"
 
 else
   echo -e "\e[31mCannot find any Docker Compose on remote, exiting...\e[0m"
@@ -284,7 +284,7 @@ echo "OK"
     -i "${REMOTE_SSH_KEY}" \
     ${REMOTE_SSH_HOST} \
     -p ${REMOTE_SSH_PORT} \
-    ${COMPOSE_COMMAND} -f "${SCRIPT_DIR}/../docker-compose.yml" pull --no-parallel --quiet 2>&1 ; then
+    ${COMPOSE_COMMAND} -f "${SCRIPT_DIR}/../docker-compose.yml" pull --quiet 2>&1 ; then
       >&2 echo -e "\e[31m[ERR]\e[0m - Could not pull images on remote"
   fi
 

From 062539b7d7ba3dcb883816ceb888c4f082a18364 Mon Sep 17 00:00:00 2001
From: "Marvin A. Ruder" <github@mruder.dev>
Date: Tue, 11 Mar 2025 15:30:46 +0100
Subject: [PATCH 511/755] dkim: Add support for 3072 and 4096 bit RSA keys
 (#6365)

* dkim: Add support for 3072 and 4096 bit RSA keys

Signed-off-by: Marvin A. Ruder <signed@mruder.dev>

* php: added missing ; in dkim function

* php: make 4096 DKIM default

* db: update schema to set dkim 4096 as default

* Revert "db: update schema to set dkim 4096 as default"

This reverts commit 790b40a69563722513cda540ba34e3ae30874e05.

* Revert "php: make 4096 DKIM default"

This reverts commit 7e643376c7e11d23b0dae95ae59a2a5cc195e057.

---------

Signed-off-by: Marvin A. Ruder <signed@mruder.dev>
Co-authored-by: DerLinkman <niklas.meyer@servercow.de>
---
 data/web/api/openapi.yaml                     | 2 +-
 data/web/inc/functions.dkim.inc.php           | 5 ++++-
 data/web/templates/admin/tab-config-dkim.twig | 2 ++
 data/web/templates/edit/domain-templates.twig | 2 ++
 data/web/templates/modals/mailbox.twig        | 6 ++++++
 5 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/data/web/api/openapi.yaml b/data/web/api/openapi.yaml
index 969aa7707..7fb4af308 100644
--- a/data/web/api/openapi.yaml
+++ b/data/web/api/openapi.yaml
@@ -409,7 +409,7 @@ paths:
                   description: a list of domains for which a dkim key should be generated
                   type: string
                 key_size:
-                  description: the key size (1024 or 2048)
+                  description: the key size (1024, 2048, 3072 or 4096)
                   type: number
               type: object
       summary: Generate DKIM Key
diff --git a/data/web/inc/functions.dkim.inc.php b/data/web/inc/functions.dkim.inc.php
index 8b1766a20..e7e411730 100644
--- a/data/web/inc/functions.dkim.inc.php
+++ b/data/web/inc/functions.dkim.inc.php
@@ -240,9 +240,12 @@ function dkim($_action, $_data = null, $privkey = false) {
         if (strlen($dkimdata['pubkey']) < 391) {
           $dkimdata['length'] = "1024";
         }
-        elseif (strlen($dkimdata['pubkey']) < 736) {
+        elseif (strlen($dkimdata['pubkey']) < 564) {
           $dkimdata['length'] = "2048";
         }
+        elseif (strlen($dkimdata['pubkey']) < 736) {
+          $dkimdata['length'] = "3072";
+        }
         elseif (strlen($dkimdata['pubkey']) < 1416) {
           $dkimdata['length'] = "4096";
         }
diff --git a/data/web/templates/admin/tab-config-dkim.twig b/data/web/templates/admin/tab-config-dkim.twig
index 85c6dc6ae..ec77139ed 100644
--- a/data/web/templates/admin/tab-config-dkim.twig
+++ b/data/web/templates/admin/tab-config-dkim.twig
@@ -117,6 +117,8 @@
             <select data-style="btn btn-light btn-sm" class="form-control" id="key_size" name="key_size" title="{{ lang.admin.dkim_key_length }}" required>
               <option data-subtext="bits">1024</option>
               <option data-subtext="bits">2048</option>
+              <option data-subtext="bits">3072</option>
+              <option data-subtext="bits">4096</option>
             </select>
           </div>
         </div>
diff --git a/data/web/templates/edit/domain-templates.twig b/data/web/templates/edit/domain-templates.twig
index 825e6674d..d4612a198 100644
--- a/data/web/templates/edit/domain-templates.twig
+++ b/data/web/templates/edit/domain-templates.twig
@@ -103,6 +103,8 @@
         <select data-style="btn btn-light" class="form-control" id="key_size" name="key_size">
           <option value="1024" data-subtext="bits" {% if template.attributes.key_size == 1024 %} selected{% endif %}>1024</option>
           <option value="2048" data-subtext="bits" {% if template.attributes.key_size == 2048 %} selected{% endif %}>2048</option>
+          <option value="3072" data-subtext="bits" {% if template.attributes.key_size == 3072 %} selected{% endif %}>3072</option>
+          <option value="4096" data-subtext="bits" {% if template.attributes.key_size == 4096 %} selected{% endif %}>4096</option>
         </select>
       </div>
     </div>
diff --git a/data/web/templates/modals/mailbox.twig b/data/web/templates/modals/mailbox.twig
index 0f1b23a7e..76f54ec31 100644
--- a/data/web/templates/modals/mailbox.twig
+++ b/data/web/templates/modals/mailbox.twig
@@ -490,6 +490,8 @@
               <select data-style="btn btn-light" class="form-control" id="key_size" name="key_size">
                 <option data-subtext="bits" value="1024">1024</option>
                 <option data-subtext="bits" value="2048" selected>2048</option>
+                <option data-subtext="bits" value="3072">3072</option>
+                <option data-subtext="bits" value="4096">4096</option>
               </select>
             </div>
           </div>
@@ -628,6 +630,8 @@
               <select data-style="btn btn-light" class="form-control" id="key_size" name="key_size">
                 <option data-subtext="bits">1024</option>
                 <option data-subtext="bits" selected>2048</option>
+                <option data-subtext="bits">3072</option>
+                <option data-subtext="bits">4096</option>
               </select>
             </div>
           </div>
@@ -843,6 +847,8 @@
               <select data-style="btn btn-light" class="form-control" id="key_size2" name="key_size">
                 <option data-subtext="bits">1024</option>
                 <option data-subtext="bits" selected>2048</option>
+                <option data-subtext="bits">3072</option>
+                <option data-subtext="bits">4096</option>
               </select>
             </div>
           </div>

From 2596b9d3860ed5804f25ae77c1d5f1e3af50c24f Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 12 Mar 2025 11:42:14 +0100
Subject: [PATCH 512/755] [Web] Improve auth logging and language strings

---
 data/web/inc/functions.auth.inc.php           | 66 ++++++++++++++-----
 data/web/inc/functions.inc.php                | 40 ++++++-----
 data/web/lang/lang.de-de.json                 |  8 ++-
 data/web/lang/lang.en-gb.json                 |  1 +
 .../admin/tab-config-identity-provider.twig   |  2 +-
 5 files changed, 75 insertions(+), 42 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 8e695c359..e047b83ba 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -216,7 +216,7 @@ function user_login($user, $pass, $extra = null){
             unset($_SESSION['ldelay']);
             $_SESSION['return'][] =  array(
               'type' => 'success',
-              'log' => array(__FUNCTION__, $user, '*'),
+              'log' => array(__FUNCTION__, $user, '*', 'Provider: Keycloak'),
               'msg' => array('logged_in_as', $user)
             );
             return "pending";
@@ -229,7 +229,7 @@ function user_login($user, $pass, $extra = null){
               $stmt->execute(array(':user' => $user));
               $_SESSION['return'][] =  array(
                 'type' => 'success',
-                'log' => array(__FUNCTION__, $user, '*'),
+                'log' => array(__FUNCTION__, $user, '*', 'Provider: Keycloak'),
                 'msg' => array('logged_in_as', $user)
               );
             }
@@ -255,7 +255,7 @@ function user_login($user, $pass, $extra = null){
           unset($_SESSION['ldelay']);
           $_SESSION['return'][] =  array(
             'type' => 'success',
-            'log' => array(__FUNCTION__, $user, '*'),
+            'log' => array(__FUNCTION__, $user, '*', 'Provider: LDAP'),
             'msg' => array('logged_in_as', $user)
           );
           return "pending";
@@ -268,7 +268,7 @@ function user_login($user, $pass, $extra = null){
             $stmt->execute(array(':user' => $user));
             $_SESSION['return'][] =  array(
               'type' => 'success',
-              'log' => array(__FUNCTION__, $user, '*'),
+              'log' => array(__FUNCTION__, $user, '*', 'Provider: LDAP'),
               'msg' => array('logged_in_as', $user)
             );
           }
@@ -290,7 +290,7 @@ function user_login($user, $pass, $extra = null){
           unset($_SESSION['ldelay']);
           $_SESSION['return'][] =  array(
             'type' => 'success',
-            'log' => array(__FUNCTION__, $user, '*'),
+            'log' => array(__FUNCTION__, $user, '*', 'Provider: mailcow'),
             'msg' => array('logged_in_as', $user)
           );
           return "pending";
@@ -303,7 +303,7 @@ function user_login($user, $pass, $extra = null){
             $stmt->execute(array(':user' => $user));
             $_SESSION['return'][] =  array(
               'type' => 'success',
-              'log' => array(__FUNCTION__, $user, '*'),
+              'log' => array(__FUNCTION__, $user, '*', 'Provider: mailcow'),
               'msg' => array('logged_in_as', $user)
             );
           }
@@ -434,12 +434,27 @@ function keycloak_mbox_login_rest($user, $pass, $extra = null){
   $code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
   curl_close($curl);
   if ($code != 200) {
+    $_SESSION['return'][] =  array(
+      'type' => 'danger',
+      'log' => array(__FUNCTION__, $user, '*', 'Identity Provider returned HTTP ' . $code),
+      'msg' => 'generic_server_error'
+    );
     return false;
   }
   if (!isset($user_res['attributes']['mailcow_password']) || !is_array($user_res['attributes']['mailcow_password'])){
+    $_SESSION['return'][] =  array(
+      'type' => 'danger',
+      'log' => array(__FUNCTION__, $user, '*', 'User has no mailcow_password attribute'),
+      'msg' => 'generic_server_error'
+    );
     return false;
   }
   if (empty($user_res['attributes']['mailcow_password'][0])){
+    $_SESSION['return'][] =  array(
+      'type' => 'danger',
+      'log' => array(__FUNCTION__, $user, '*', "User's mailcow_password attribute is empty"),
+      'msg' => 'generic_server_error'
+    );
     return false;
   }
 
@@ -469,8 +484,14 @@ function keycloak_mbox_login_rest($user, $pass, $extra = null){
   }
 
   // check if matching attribute exist
-  if (empty($iam_settings['mappers']) || !$user_template) return false;
-  if ($mapper_key === false) return false;
+  if (empty($iam_settings['mappers']) || !$user_template || $mapper_key === false) {
+    $_SESSION['return'][] =  array(
+      'type' => 'danger',
+      'log' => array(__FUNCTION__, $user, '*', 'No matching attribute mapping was found'),
+      'msg' => 'generic_server_error'
+    );
+    return false;
+  }
 
   // create mailbox
   $_SESSION['access_all_exception'] = '1';
@@ -484,6 +505,11 @@ function keycloak_mbox_login_rest($user, $pass, $extra = null){
   $_SESSION['access_all_exception'] = '0';
   if (!$create_res){
     clear_session();
+    $_SESSION['return'][] =  array(
+      'type' => 'danger',
+      'log' => array(__FUNCTION__, $user, '*', 'Could not create mailbox on login'),
+      'msg' => 'generic_server_error'
+    );
     return false;
   }
 
@@ -526,17 +552,12 @@ function ldap_mbox_login($user, $pass, $extra = null){
     $_SESSION['return'][] =  array(
       'type' => 'danger',
       'log' => array(__FUNCTION__, $user, '*', $e->getMessage()),
-      'msg' => 'ldap_error'
+      'msg' => 'generic_server_error'
     );
     return false;
   }
   try {
     if (!$iam_provider->auth()->attempt($user_res['dn'], $pass)) {
-      $_SESSION['return'][] =  array(
-        'type' => 'danger',
-        'log' => array(__FUNCTION__, $user, '*', $user_res),
-        'msg' => 'ldap_auth_failed'
-      );
       return false;
     }
   } catch (Exception $e) {
@@ -545,7 +566,7 @@ function ldap_mbox_login($user, $pass, $extra = null){
     $_SESSION['return'][] =  array(
       'type' => 'danger',
       'log' => array(__FUNCTION__, $user, '*', $e->getMessage()),
-      'msg' => 'ldap_error'
+      'msg' => 'generic_server_error'
     );
     return false;
   }
@@ -570,8 +591,14 @@ function ldap_mbox_login($user, $pass, $extra = null){
   }
 
   // check if matching attribute exist
-  if (empty($iam_settings['mappers']) || !$user_template) return false;
-  if ($mapper_key === false) return false;
+  if (empty($iam_settings['mappers']) || !$user_template || $mapper_key === false) {
+    $_SESSION['return'][] =  array(
+      'type' => 'danger',
+      'log' => array(__FUNCTION__, $user, '*', 'No matching attribute mapping was found'),
+      'msg' => 'generic_server_error'
+    );
+    return false;
+  }
 
   // create mailbox
   $_SESSION['access_all_exception'] = '1';
@@ -585,6 +612,11 @@ function ldap_mbox_login($user, $pass, $extra = null){
   $_SESSION['access_all_exception'] = '0';
   if (!$create_res){
     clear_session();
+    $_SESSION['return'][] =  array(
+      'type' => 'danger',
+      'log' => array(__FUNCTION__, $user, '*', 'Could not create mailbox on login'),
+      'msg' => 'generic_server_error'
+    );
     return false;
   }
 
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 2a6968fe2..187036b47 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2271,7 +2271,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       }
       // return default client_scopes for generic-oidc if none is set
       if ($settings["authsource"] == "generic-oidc" && empty($settings["client_scopes"])){
-        $settings["client_scopes"] = "openid profile email";
+        $settings["client_scopes"] = "openid profile email mailcow_template";
       }
       if ($_extra['hide_sensitive']){
         $settings['client_secret'] = '';
@@ -2348,7 +2348,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
           $_data['authorize_url']     = (!empty($_data['authorize_url'])) ? $_data['authorize_url'] : null;
           $_data['token_url']         = (!empty($_data['token_url'])) ? $_data['token_url'] : null;
           $_data['userinfo_url']      = (!empty($_data['userinfo_url'])) ? $_data['userinfo_url'] : null;
-          $_data['client_scopes']     = (!empty($_data['client_scopes'])) ? $_data['client_scopes'] : "openid profile email";
+          $_data['client_scopes']     = (!empty($_data['client_scopes'])) ? $_data['client_scopes'] : "openid profile email mailcow_template";
           $required_settings          = array('authsource', 'authorize_url', 'token_url', 'client_id', 'client_secret', 'redirect_url', 'userinfo_url', 'client_scopes', 'ignore_ssl_error');
         break;
         case "ldap":
@@ -2619,8 +2619,8 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       if ($iam_settings['authsource'] != 'keycloak' && $iam_settings['authsource'] != 'generic-oidc'){
         $_SESSION['return'][] =  array(
           'type' => 'danger',
-          'log' => array(__FUNCTION__),
-          'msg' => array('login_failed', "no OIDC provider configured")
+          'log' => array(__FUNCTION__, "no OIDC provider configured"),
+          'msg' => 'login_failed'
         );
         return false;
       }
@@ -2633,13 +2633,20 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       } catch (Throwable $e) {
         $_SESSION['return'][] =  array(
           'type' => 'danger',
-          'log' => array(__FUNCTION__),
-          'msg' => array('login_failed', $e->getMessage())
+          'log' => array(__FUNCTION__, $e->getMessage()),
+          'msg' => 'login_failed'
         );
         return false;
       }
       // check if email address is given
-      if (empty($info['email'])) return false;
+      if (empty($info['email'])) {
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, 'No email address found for user'),
+          'msg' => 'login_failed'
+        );
+        return false;
+      }
 
       // get mapped template
       $user_template = $info['mailcow_template'];
@@ -2678,21 +2685,12 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
         return true;
       }
 
-      if (empty($iam_settings['mappers']) || empty($user_template)){
+      if (empty($iam_settings['mappers']) || empty($user_template) || $mapper_key === false){
         clear_session();
         $_SESSION['return'][] =  array(
           'type' => 'danger',
-          'log' => array(__FUNCTION__, $info['email']),
-          'msg' => array('login_failed', 'empty attribute mapping or missing template attribute')
-        );
-        return false;
-      }
-      if ($mapper_key === false) {
-        clear_session();
-        $_SESSION['return'][] =  array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $info['email']),
-          'msg' => array('login_failed', 'specified template not found')
+          'log' => array(__FUNCTION__, $info['email'], 'No matching attribute mapping was found'),
+          'msg' => 'login_failed'
         );
         return false;
       }
@@ -2711,8 +2709,8 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
         clear_session();
         $_SESSION['return'][] =  array(
           'type' => 'danger',
-          'log' => array(__FUNCTION__, $info['email']),
-          'msg' => array('login_failed', 'mailbox creation failed')
+          'log' => array(__FUNCTION__, $info['email'], 'Could not create mailbox on login'),
+          'msg' => 'login_failed'
         );
         return false;
       }
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 85a713c67..0857bc5f7 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -219,10 +219,10 @@
         "iam_extra_permission": "Damit die folgenden Einstellungen funktionieren, benötigt der mailcow Client in Keycloak ein <code>Service-Konto</code> und die Berechtigung <code>view-users</code>.",
         "iam_host": "Host",
         "iam_host_info": "Gib einen oder mehrere LDAP-Hosts ein, getrennt durch Kommas.",
-        "iam_import_users": "Import Users",
+        "iam_import_users": "Importiere Benutzer",
         "iam_mapping": "Attribut Mapping",
         "iam_bindpass": "Bind Passwort",
-        "iam_periodic_full_sync": "Periodic Full Sync",
+        "iam_periodic_full_sync": "Vollsynchronisation",
         "iam_port": "Port",
         "iam_realm": "Realm",
         "iam_redirect_url": "Redirect Url",
@@ -238,7 +238,7 @@
         "iam_use_ssl": "Benutze SSL",
         "iam_use_tls": "Benutze TLS",
         "iam_version": "Version",
-        "ignore_ssl_error": "Ignoriere SSL Errors",
+        "ignore_ssl_error": "Ignoriere SSL Fehler",
         "import": "Importieren",
         "import_private_key": "Private Key importieren",
         "in_use_by": "Verwendet von",
@@ -406,6 +406,7 @@
         "aliases_in_use": "Maximale Anzahl an Aliassen muss größer oder gleich %d sein",
         "app_name_empty": "App-Name darf nicht leer sein",
         "app_passwd_id_invalid": "App-Passwort ID %s ist ungültig",
+        "authsource_in_use": "Der Identity Provider kann nicht geändert oder gelöscht werden, da er derzeit von einem oder mehreren Benutzern verwendet wird.",
         "bcc_empty": "BCC-Ziel darf nicht leer sein",
         "bcc_exists": "Ein BCC-Map-Eintrag %s existiert bereits als Typ %s",
         "bcc_must_be_email": "BCC-Ziel %s ist keine gültige E-Mail-Adresse",
@@ -430,6 +431,7 @@
         "file_open_error": "Datei kann nicht zum Schreiben geöffnet werden",
         "filter_type": "Falscher Filtertyp",
         "from_invalid": "Die Absenderadresse muss eine gültige E-Mail-Adresse sein",
+        "generic_server_error": "Ein unerwarteter Serverfehler ist aufgetreten. Bitte kontaktieren Sie Ihren Administrator.",
         "global_filter_write_error": "Kann Filterdatei nicht schreiben: %s",
         "global_map_invalid": "Rspamd-Map %s ist ungültig",
         "global_map_write_error": "Kann globale Map ID %s nicht schreiben: %s",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 5f8e78a9b..64baade92 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -433,6 +433,7 @@
         "file_open_error": "File cannot be opened for writing",
         "filter_type": "Wrong filter type",
         "from_invalid": "Sender must not be empty",
+        "generic_server_error": "An unexpected server error occurred. Please contact your administrator.",
         "global_filter_write_error": "Could not write filter file: %s",
         "global_map_invalid": "Global map ID %s invalid",
         "global_map_write_error": "Could not write global map ID %s: %s",
diff --git a/data/web/templates/admin/tab-config-identity-provider.twig b/data/web/templates/admin/tab-config-identity-provider.twig
index 3381fe4d6..4a85b42fc 100644
--- a/data/web/templates/admin/tab-config-identity-provider.twig
+++ b/data/web/templates/admin/tab-config-identity-provider.twig
@@ -265,7 +265,7 @@
               <label class="control-label" for="iam_client_scopes">{{ lang.admin.iam_client_scopes }}:</label>
             </div>
             <div class="col-12 col-md-9 col-lg-4">
-              <input type="text" placeholder="openid profile email" class="form-control" id="iam_client_scopes" name="client_scopes" value="{{ iam_settings.client_scopes }}">
+              <input type="text" placeholder="openid profile email mailcow_template" class="form-control" id="iam_client_scopes" name="client_scopes" value="{{ iam_settings.client_scopes }}">
             </div>
           </div>
           <div class="row mb-2">

From cb08132a74db2ccfacbacd558066be602b447cfa Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 13 Mar 2025 14:39:03 +0100
Subject: [PATCH 513/755] [Web] Fix authentication when mailbox or domain is
 deactivated

---
 data/web/inc/functions.auth.inc.php | 56 ++++++++++++++++++++++++---
 data/web/inc/functions.inc.php      | 59 ++++++++++++++++++++++++++---
 2 files changed, 103 insertions(+), 12 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index e047b83ba..7fd535be1 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -178,25 +178,40 @@ function user_login($user, $pass, $extra = null){
     return false;
   }
 
-  $stmt = $pdo->prepare("SELECT * FROM `mailbox`
+  $stmt = $pdo->prepare("SELECT
+      mailbox.*,
+      domain.active AS d_active
+      FROM `mailbox`
       INNER JOIN domain on mailbox.domain = domain.domain
       WHERE `kind` NOT REGEXP 'location|thing|group'
-        AND `domain`.`active`='1'
         AND `username` = :user");
   $stmt->execute(array(':user' => $user));
   $row = $stmt->fetch(PDO::FETCH_ASSOC);
 
   // user does not exist, try call idp login and create user if possible via rest flow
   if (!$row){
+    $result = false;
     if ($iam_settings['authsource'] == 'keycloak' && intval($iam_settings['mailpassword_flow']) == 1){
       $result = keycloak_mbox_login_rest($user, $pass, array('is_internal' => $is_internal, 'create' => true));
-      if ($result !== false) return $result;
     } else if ($iam_settings['authsource'] == 'ldap') {
       $result = ldap_mbox_login($user, $pass, array('is_internal' => $is_internal, 'create' => true));
-      if ($result !== false) return $result;
     }
-  }
-  if ($row['active'] != 1) {
+    if ($result !== false){
+      // double check if mailbox is active
+      $stmt = $pdo->prepare("SELECT * FROM `mailbox`
+      INNER JOIN domain on mailbox.domain = domain.domain
+      WHERE `kind` NOT REGEXP 'location|thing|group'
+        AND `mailbox`.`active`='1'
+        AND `domain`.`active`='1'
+        AND `username` = :user");
+      $stmt->execute(array(':user' => $user));
+      $row = $stmt->fetch(PDO::FETCH_ASSOC);
+
+      if (!empty($row)) {
+        return true;
+      }
+    }
+    clear_session();
     return false;
   }
 
@@ -206,6 +221,19 @@ function user_login($user, $pass, $extra = null){
       if (intval($iam_settings['mailpassword_flow']) == 1){
         $result = keycloak_mbox_login_rest($user, $pass, array('is_internal' => $is_internal));
         if ($result !== false) {
+          // double check if mailbox and domain is active
+          $stmt = $pdo->prepare("SELECT * FROM `mailbox`
+          INNER JOIN domain on mailbox.domain = domain.domain
+          WHERE `kind` NOT REGEXP 'location|thing|group'
+            AND `mailbox`.`active`='1'
+            AND `domain`.`active`='1'
+            AND `username` = :user");
+          $stmt->execute(array(':user' => $user));
+          $row = $stmt->fetch(PDO::FETCH_ASSOC);
+          if (empty($row)) {
+            return false;
+          }
+
           // check for tfa authenticators
           $authenticators = get_tfa($user);
           if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$is_internal) {
@@ -245,6 +273,19 @@ function user_login($user, $pass, $extra = null){
       // user authsource is ldap
       $result = ldap_mbox_login($user, $pass, array('is_internal' => $is_internal));
       if ($result !== false) {
+        // double check if mailbox and domain is active
+        $stmt = $pdo->prepare("SELECT * FROM `mailbox`
+        INNER JOIN domain on mailbox.domain = domain.domain
+        WHERE `kind` NOT REGEXP 'location|thing|group'
+          AND `mailbox`.`active`='1'
+          AND `domain`.`active`='1'
+          AND `username` = :user");
+        $stmt->execute(array(':user' => $user));
+        $row = $stmt->fetch(PDO::FETCH_ASSOC);
+        if (empty($row)) {
+          return false;
+        }
+
         // check for tfa authenticators
         $authenticators = get_tfa($user);
         if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$is_internal) {
@@ -278,6 +319,9 @@ function user_login($user, $pass, $extra = null){
       return $result;
     break;
     case 'mailcow':
+      if ($row['active'] != 1 || $row['d_active'] != 1) {
+        return false;
+      }
       // verify password
       if (verify_hash($row['password'], $pass) !== false) {
         // check for tfa authenticators
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 187036b47..5b67dd1e4 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2653,17 +2653,25 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       $mapper_key = array_search($user_template, $iam_settings['mappers']);
 
       // token valid, get mailbox
-      $stmt = $pdo->prepare("SELECT * FROM `mailbox`
+      $stmt = $pdo->prepare("SELECT
+        mailbox.*,
+        domain.active AS d_active
+        FROM `mailbox`
         INNER JOIN domain on mailbox.domain = domain.domain
         WHERE `kind` NOT REGEXP 'location|thing|group'
-          AND `mailbox`.`active`='1'
-          AND `domain`.`active`='1'
-          AND `username` = :user
-          AND (`authsource`='keycloak' OR `authsource`='generic-oidc')");
+          AND `username` = :user");
       $stmt->execute(array(':user' => $info['email']));
       $row = $stmt->fetch(PDO::FETCH_ASSOC);
       if ($row){
-        // success
+        if (!in_array($row['authsource'], array("keycloak", "generic-oidc"))) {
+          clear_session();
+          $_SESSION['return'][] =  array(
+            'type' => 'danger',
+            'log' => array(__FUNCTION__, $info['email'], "The user's authentication source is not of type OIDC"),
+            'msg' => 'login_failed'
+          );
+          return false;
+        }
         if ($mapper_key !== false) {
           // update user
           $_SESSION['access_all_exception'] = '1';
@@ -2673,6 +2681,26 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
             'template' => $iam_settings['templates'][$mapper_key]
           ));
           $_SESSION['access_all_exception'] = '0';
+
+          // get updated row
+          $stmt = $pdo->prepare("SELECT
+            mailbox.*,
+            domain.active AS d_active
+            FROM `mailbox`
+            INNER JOIN domain on mailbox.domain = domain.domain
+            WHERE `kind` NOT REGEXP 'location|thing|group'
+              AND `username` = :user");
+          $stmt->execute(array(':user' => $info['email']));
+          $row = $stmt->fetch(PDO::FETCH_ASSOC);
+        }
+        if ($row['active'] != 1 || $row['d_active'] != 1) {
+          clear_session();
+          $_SESSION['return'][] =  array(
+            'type' => 'danger',
+            'log' => array(__FUNCTION__, $info['email'], 'Domain or mailbox is inactive'),
+            'msg' => 'login_failed'
+          );
+          return false;
         }
         set_user_loggedin_session($info['email']);
         $_SESSION['iam_token'] = $plain_token;
@@ -2715,6 +2743,25 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
         return false;
       }
 
+      // double check if mailbox and domain is active
+      $stmt = $pdo->prepare("SELECT * FROM `mailbox`
+      INNER JOIN domain on mailbox.domain = domain.domain
+      WHERE `kind` NOT REGEXP 'location|thing|group'
+        AND `mailbox`.`active`='1'
+        AND `domain`.`active`='1'
+        AND `username` = :user");
+      $stmt->execute(array(':user' => $info['email']));
+      $row = $stmt->fetch(PDO::FETCH_ASSOC);
+      if (empty($row)) {
+        clear_session();
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $info['email'], 'Domain or mailbox is inactive'),
+          'msg' => 'login_failed'
+        );
+        return false;
+      }
+
       set_user_loggedin_session($info['email']);
       $_SESSION['iam_token'] = $plain_token;
       $_SESSION['iam_refresh_token'] = $plain_refreshtoken;

From c3aa4f7418c66f991e4a957fb741b9433ac9adc9 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 14 Mar 2025 09:17:51 +0100
Subject: [PATCH 514/755] [Web] Add authsource property to mailbox API
 Documentation

---
 data/web/api/openapi.yaml | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/data/web/api/openapi.yaml b/data/web/api/openapi.yaml
index 969aa7707..198257bec 100644
--- a/data/web/api/openapi.yaml
+++ b/data/web/api/openapi.yaml
@@ -1112,6 +1112,7 @@ paths:
                 domain: domain.tld
                 local_part: info
                 name: Full name
+                authsource: mailcow
                 password: atedismonsin
                 password2: atedismonsin
                 quota: "3072"
@@ -1132,11 +1133,16 @@ paths:
                 name:
                   description: Full name of the mailbox user
                   type: string
+                authsource:
+                  description: Specifies the authentication source for the mailbox.
+                  type: string
+                  enum: [mailcow, ldap, keycloak, generic-oidc]
+                  default: mailcow
                 password2:
                   description: mailbox password for confirmation
                   type: string
                 password:
-                  description: mailbox password
+                  description: mailbox password when using `mailcow` as the authentication source.
                   type: string
                 quota:
                   description: mailbox quota
@@ -3374,6 +3380,7 @@ paths:
                   active: "1"
                   force_pw_update: "0"
                   name: Full name
+                  authsource: mailcow
                   password: ""
                   password2: ""
                   quota: "3072"
@@ -3398,11 +3405,15 @@ paths:
                     name:
                       description: Full name of the mailbox user
                       type: string
+                    authsource:
+                      description: Specifies the authentication source for the mailbox.
+                      type: string
+                      enum: [mailcow, ldap, keycloak, generic-oidc]
                     password2:
                       description: new mailbox password for confirmation
                       type: string
                     password:
-                      description: new mailbox password
+                      description: new mailbox password when using `mailcow` as the authentication source.
                       type: string
                     quota:
                       description: mailbox quota
@@ -5755,8 +5766,8 @@ paths:
       tags:
         - Cross-Origin Resource Sharing (CORS)
       description: >-
-        This endpoint allows you to manage Cross-Origin Resource Sharing (CORS) settings for the API. 
-        CORS is a security feature implemented by web browsers to prevent unauthorized cross-origin requests. 
+        This endpoint allows you to manage Cross-Origin Resource Sharing (CORS) settings for the API.
+        CORS is a security feature implemented by web browsers to prevent unauthorized cross-origin requests.
         By editing the CORS settings, you can specify which domains and which methods are permitted to access the API resources from outside the mailcow domain.
       operationId: Edit Cross-Origin Resource Sharing (CORS) settings
       requestBody:

From 43c15970510ad305e2f67d7067b78967b32e0b7e Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 14 Mar 2025 09:19:39 +0100
Subject: [PATCH 515/755] [Web] Check if authsource is configured before adding
 or updating a mailbox

---
 data/web/inc/functions.mailbox.inc.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 6222e4aa9..54387f812 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -4,6 +4,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
   global $redis;
   global $lang;
   global $MAILBOX_DEFAULT_ATTRIBUTES;
+  global $iam_settings;
+
   $_data_log = $_data;
   !isset($_data_log['password']) ?: $_data_log['password'] = '*';
   !isset($_data_log['password2']) ?: $_data_log['password2'] = '*';
@@ -1022,7 +1024,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             );
             return false;
           }
-          if (in_array($_data['authsource'], array('mailcow', 'keycloak', 'generic-oidc', 'ldap'))){
+          if (in_array($_data['authsource'], array('mailcow', 'keycloak', 'generic-oidc', 'ldap')) &&
+              $iam_settings['authsource'] == $_data['authsource']){
             $authsource = $_data['authsource'];
           }
           if (empty($name)) {
@@ -2955,7 +2958,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               $tags                 = (is_array($_data['tags']) ? $_data['tags'] : array());
               $attribute_hash       = (!empty($_data['attribute_hash'])) ? $_data['attribute_hash'] : '';
               $authsource           = $is_now['authsource'];
-              if (in_array($_data['authsource'], array('mailcow', 'keycloak', 'generic-oidc', 'ldap'))){
+              if (in_array($_data['authsource'], array('mailcow', 'keycloak', 'generic-oidc', 'ldap')) &&
+                  $iam_settings['authsource'] == $_data['authsource']){
                 $authsource = $_data['authsource'];
               }
               if (in_array($authsource, array('keycloak', 'generic-oidc', 'ldap'))){

From c93106f9d6ae8b0c0a5282b9c62b3ca1b5fb5aa9 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 14 Mar 2025 09:29:02 +0100
Subject: [PATCH 516/755] [Web] Fix redirect after renaming mailbox

---
 data/web/templates/edit/mailbox.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/templates/edit/mailbox.twig b/data/web/templates/edit/mailbox.twig
index 2f93e6e5d..32a3706c1 100644
--- a/data/web/templates/edit/mailbox.twig
+++ b/data/web/templates/edit/mailbox.twig
@@ -25,7 +25,7 @@
                   <input type="hidden" value="default" name="sender_acl">
                   <input type="hidden" value="0" name="force_pw_update">
                   <input type="hidden" value="0" name="sogo_access">
-                  <input type="hidden" value="0" name="protocol_access">      
+                  <input type="hidden" value="0" name="protocol_access">
                   <div class="row mb-2">
                     <label class="control-label col-sm-2">{{ lang.admin.iam }}</label>
                     <div class="col-sm-10">
@@ -542,7 +542,7 @@
                     </div>
                     <div class="row mb-2">
                       <div class="col-sm-12 offset-md-2 col-md-10 col-xl-8">
-                        <button class="btn btn-xs-lg d-block d-sm-inline btn-secondary" data-action="edit_selected" data-id="mboxrename" data-item="{{ mailbox }}" data-api-url='edit/rename-mbox' data-api-attr='{}' data-api-reload-location="/mailbox" href="#">{{ lang.edit.save }}</button>
+                        <button class="btn btn-xs-lg d-block d-sm-inline btn-secondary" data-action="edit_selected" data-id="mboxrename" data-item="{{ mailbox }}" data-api-url='edit/rename-mbox' data-api-attr='{}' data-api-reload-location="/{{mailcow_cc_role}}/mailbox" href="#">{{ lang.edit.save }}</button>
                       </div>
                     </div>
                   </form>

From 5a7275843ad35a383e14c4d05cceffbec5d6db2d Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 14 Mar 2025 09:30:33 +0100
Subject: [PATCH 517/755] Add error message when mailbox creation fails

---
 data/conf/phpfpm/crons/keycloak-sync.php | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/data/conf/phpfpm/crons/keycloak-sync.php b/data/conf/phpfpm/crons/keycloak-sync.php
index 98010648b..cdc5a6e99 100644
--- a/data/conf/phpfpm/crons/keycloak-sync.php
+++ b/data/conf/phpfpm/crons/keycloak-sync.php
@@ -79,7 +79,7 @@ if ($iam_settings['authsource'] != "keycloak" || (intval($iam_settings['periodic
 
 // Set pagination variables
 $start = 0;
-$max = 25;
+$max = 100;
 
 // lock sync if already running
 $lock_file = '/tmp/iam-sync.lock';
@@ -167,11 +167,13 @@ while (true) {
     $mailcow_template = $user['attributes']['mailcow_template'];
 
     // try get mailbox user
-    $stmt = $pdo->prepare("SELECT `mailbox`.* FROM `mailbox`
-    INNER JOIN domain on mailbox.domain = domain.domain
-    WHERE `kind` NOT REGEXP 'location|thing|group'
-      AND `domain`.`active`='1'
-      AND `username` = :user");
+    $stmt = $pdo->prepare("SELECT
+      mailbox.*,
+      domain.active AS d_active
+      FROM `mailbox`
+      INNER JOIN domain on mailbox.domain = domain.domain
+      WHERE `kind` NOT REGEXP 'location|thing|group'
+        AND `username` = :user");
     $stmt->execute(array(':user' => $user['email']));
     $row = $stmt->fetch(PDO::FETCH_ASSOC);
 
@@ -192,13 +194,17 @@ while (true) {
     if (!$row && intval($iam_settings['import_users']) == 1){
       // mailbox user does not exist, create...
       logMsg("info", "Creating user " . $user['email']);
-      mailbox('add', 'mailbox_from_template', array(
+      $create_res = mailbox('add', 'mailbox_from_template', array(
         'domain' => explode('@', $user['email'])[1],
         'local_part' => explode('@', $user['email'])[0],
         'name' => $user['firstName'] . " " . $user['lastName'],
         'authsource' => 'keycloak',
         'template' => $mbox_template
       ));
+      if (!$create_res){
+        logMsg("err", "Could not create user " . $user['email']);
+        continue;
+      }
     } else if ($row && intval($iam_settings['periodic_sync']) == 1) {
       // mailbox user does exist, sync attribtues...
       logMsg("info", "Syncing attributes for user " . $user['email']);

From e21696ff27c8793ce41f836d02d284ea958555de Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 14 Mar 2025 09:36:40 +0100
Subject: [PATCH 518/755] Add error message when mailbox creation fails

---
 data/conf/phpfpm/crons/ldap-sync.php | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/data/conf/phpfpm/crons/ldap-sync.php b/data/conf/phpfpm/crons/ldap-sync.php
index 8f7a08bf5..17000997c 100644
--- a/data/conf/phpfpm/crons/ldap-sync.php
+++ b/data/conf/phpfpm/crons/ldap-sync.php
@@ -79,7 +79,7 @@ if ($iam_settings['authsource'] != "ldap" || (intval($iam_settings['periodic_syn
 
 // Set pagination variables
 $start = 0;
-$max = 25;
+$max = 100;
 
 // lock sync if already running
 $lock_file = '/tmp/iam-sync.lock';
@@ -126,11 +126,13 @@ foreach ($response as $user) {
   $mailcow_template = $user[$iam_settings['attribute_field']][0];
 
   // try get mailbox user
-  $stmt = $pdo->prepare("SELECT `mailbox`.* FROM `mailbox`
-  INNER JOIN domain on mailbox.domain = domain.domain
-  WHERE `kind` NOT REGEXP 'location|thing|group'
-    AND `domain`.`active`='1'
-    AND `username` = :user");
+  $stmt = $pdo->prepare("SELECT
+    mailbox.*,
+    domain.active AS d_active
+    FROM `mailbox`
+    INNER JOIN domain on mailbox.domain = domain.domain
+    WHERE `kind` NOT REGEXP 'location|thing|group'
+      AND `username` = :user");
   $stmt->execute(array(':user' => $user[$iam_settings['username_field']][0]));
   $row = $stmt->fetch(PDO::FETCH_ASSOC);
 
@@ -156,13 +158,17 @@ foreach ($response as $user) {
   if (!$row && intval($iam_settings['import_users']) == 1){
     // mailbox user does not exist, create...
     logMsg("info", "Creating user " .  $user[$iam_settings['username_field']][0]);
-    mailbox('add', 'mailbox_from_template', array(
+    $create_res = mailbox('add', 'mailbox_from_template', array(
       'domain' => explode('@',  $user[$iam_settings['username_field']][0])[1],
       'local_part' => explode('@',  $user[$iam_settings['username_field']][0])[0],
       'name' => $user['displayname'][0],
       'authsource' => 'ldap',
       'template' => $mbox_template
     ));
+    if (!$create_res){
+      logMsg("err", "Could not create user " . $user[$iam_settings['username_field']][0]);
+      continue;
+    }
   } else if ($row && intval($iam_settings['periodic_sync']) == 1) {
     // mailbox user does exist, sync attribtues...
     logMsg("info", "Syncing attributes for user " . $user[$iam_settings['username_field']][0]);

From 2a15914324655af826255762722b5368ad623b2d Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 14 Mar 2025 11:22:57 +0100
Subject: [PATCH 519/755] Fix major update prompt

---
 update.sh | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/update.sh b/update.sh
index 838899f8b..b99dffe71 100755
--- a/update.sh
+++ b/update.sh
@@ -724,7 +724,13 @@ detect_major_update() {
       "2025-02"
     )
 
-    current_version=$(git describe --tags $(git rev-list --tags --max-count=1))
+    current_version=""
+    if [[ -f "${SCRIPT_DIR}/data/web/inc/app_info.inc.php" ]]; then
+      current_version=$(grep 'MAILCOW_GIT_VERSION' ${SCRIPT_DIR}/data/web/inc/app_info.inc.php | sed -E 's/.*MAILCOW_GIT_VERSION="([^"]+)".*/\1/')
+    fi
+    if [[ -z "$current_version" ]]; then
+      return 1
+    fi
     release_url="https://github.com/mailcow/mailcow-dockerized/releases/tag"
 
     updates_to_apply=()
@@ -741,8 +747,7 @@ detect_major_update() {
         echo "$update - $release_url/$update"
       done
 
-      echo -e "\n⚠️  Please read the release notes before proceeding.\n"
-
+      echo -e "\nPlease read the release notes before proceeding."
       read -p "Do you want to proceed with the update? [y/n] " response
       if [[ "${response}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
         echo "Proceeding with the update..."

From 463e3ab78c8c43095239dea4853467a7899df8f3 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Fri, 14 Mar 2025 12:18:59 +0100
Subject: [PATCH 520/755] rspamd: update rspamd to 3.11.1 (#6374)

---
 data/Dockerfiles/rspamd/Dockerfile | 2 +-
 docker-compose.yml                 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/rspamd/Dockerfile b/data/Dockerfiles/rspamd/Dockerfile
index 248312094..ac5c0f2a0 100644
--- a/data/Dockerfiles/rspamd/Dockerfile
+++ b/data/Dockerfiles/rspamd/Dockerfile
@@ -2,7 +2,7 @@ FROM debian:bookworm-slim
 LABEL maintainer="The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG RSPAMD_VER=rspamd_3.11.0-2~90a175b45
+ARG RSPAMD_VER=rspamd_3.11.1-1~ab0b44951
 ARG CODENAME=bookworm
 ENV LC_ALL=C
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 4c470f5bd..5a42c4101 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -84,7 +84,7 @@ services:
             - clamd
 
     rspamd-mailcow:
-      image: ghcr.io/mailcow/rspamd:2.0
+      image: ghcr.io/mailcow/rspamd:2.1
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow

From 8910135f02e54beb1ee4ab0698a9cbdd79c45111 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 17 Mar 2025 13:21:28 +0100
Subject: [PATCH 521/755] [Web] Add edit/identity-provider Api Documentation

---
 data/web/api/openapi.yaml | 213 +++++++++++++++++++++++++++++++++++++-
 1 file changed, 212 insertions(+), 1 deletion(-)

diff --git a/data/web/api/openapi.yaml b/data/web/api/openapi.yaml
index 198257bec..9eba76904 100644
--- a/data/web/api/openapi.yaml
+++ b/data/web/api/openapi.yaml
@@ -5698,7 +5698,7 @@ paths:
         - description: name of domain
           in: path
           name: domain
-          required: false
+          required: true
           schema:
             type: string
         - description: e.g. api-key-string
@@ -5825,6 +5825,215 @@ paths:
         Using this endpoint you can get the global spam filter score or the spam filter score of a certain mailbox.
       operationId: Get mailbox or global spam filter score
       summary: Get mailbox or global spam filter score
+  /api/v1/edit/identity-provider:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - type: "success"
+                      log:
+                        - "identity_provider"
+                        - "edit"
+                        - authsource: "keycloak"
+                          server_url: "https://auth.mailcow.tld"
+                          realm: "mailcow"
+                          client_id: "mailcow_client"
+                          client_secret: "*"
+                          redirect_url: "https://mail.mailcow.tld"
+                          version: "26.1.3"
+                          mappers:
+                            - "Default"
+                            - "small_mbox"
+                            - "medium_mbox"
+                          templates:
+                            - "Default"
+                            - "small"
+                            - "medium"
+                          ignore_ssl_error: true
+                          mailpassword_flow: true
+                          periodic_sync: true
+                          import_users: true
+                          sync_interval: 30
+                      msg:
+                        - "object_modified"
+                        - ""
+          description: OK
+          headers: { }
+      tags:
+        - Identity Provider
+      description: >-
+        Configure an external Identity Provider to use as user authentication
+      operationId: Edit external Identity Provider settings
+      requestBody:
+        content:
+          application/json:
+            schema:
+              properties:
+                items:
+                  type: array
+                  default: ["identity-provider"]
+                attr:
+                  type: object
+                  properties:
+                    authsource:
+                      description: Specifies the type of the Identity Provider
+                      type: string
+                      enum: [ldap, keycloak, generic-oidc]
+                    server_url:
+                      description: The base URL of your Keycloak server. Required if `authsource` is keycloak.
+                      type: string
+                    realm:
+                      description: The Keycloak realm where the mailcow client is configured. Required if `authsource` is keycloak.
+                      type: string
+                    client_id:
+                      description: The Client ID assigned to mailcow Client in OIDC Provider. Required if `authsource` is keycloak or generic-oidc.
+                      type: string
+                    client_secret:
+                      description: The Client Secret assigned to mailcow Client in OIDC Provider. Required if `authsource` is keycloak or generic-oidc.
+                      type: string
+                    redirect_url:
+                      description: The redirect URL that OIDC Provider will use after authentication. Required if `authsource` is keycloak or generic-oidc.
+                      type: string
+                    version:
+                      description: Specifies the Keycloak version. Required if `authsource` is keycloak.
+                      type: string
+                    mappers:
+                      description: Attribute values used to match a mailbox template. Each element corresponds to the respective index in the templates array (i.e., the first element matches the first element of templates, the second matches the second, and so on).
+                      type: array
+                    templates:
+                      description: Defines the mailbox templates to be assigned. Each element corresponds to the respective index in the `mappers` array.
+                      type: array
+                    ignore_ssl_error:
+                      description: If enabled, SSL certificate validation is bypassed
+                      type: boolean
+                      default: false
+                    mailpassword_flow:
+                      description: If enabled, mailcow will attempt to validate user credentials using the Keycloak Admin REST API instead of relying solely on the Authorization Code Flow.
+                      type: boolean
+                      default: false
+                    periodic_sync:
+                      description: If enabled, mailcow periodically performs a full sync of all users from Keycloak or LDAP.
+                      type: boolean
+                      default: false
+                    import_users:
+                      description: If enabled, new users are automatically imported from Keycloak or LDAP into mailcow.
+                      type: boolean
+                      default: false
+                    sync_interval:
+                      description: Defines the time interval (in minutes) for periodic synchronization and user imports.
+                      type: number
+                      default: 15
+                    host:
+                      description: The address of your LDAP server. You can provide a single hostname or a comma-separated list of hosts for fallback in case the primary server is unreachable. Required if `authsource` is ldap.
+                      type: string
+                    port:
+                      description: The port used to connect to the LDAP server. Required if `authsource` is ldap.
+                      type: string
+                    use_ssl:
+                      description: enable LDAPS connection. If Port is set to 389 it will be overriden to 636.
+                      type: boolean
+                      default: false
+                    use_tls:
+                      description: enable TLS connection. TLS is recommended over SSL. SSL Ports cannot be used.
+                      type: boolean
+                      default: false
+                    basedn:
+                      description: The Distinguished Name (DN) from which searches will be performed. Required if `authsource` is ldap.
+                      type: string
+                    username_field:
+                      description: The LDAP attribute used to identify users during authentication. Required if `authsource` is ldap.
+                      type: string
+                      default: mail
+                    filter:
+                      description: An optional LDAP search filter to refine which users can authenticate.
+                      type: string
+                    attribute_field:
+                      description: Specifies an LDAP attribute that holds a specific value which can be mapped to a mailbox template using the Attribute Mapping section. Required if `authsource` is ldap.
+                      type: string
+                    binddn:
+                      description: The Distinguished Name (DN) of the LDAP user that will be used to authenticate and perform LDAP searches. This account should have sufficient permissions to read the required attributes. Required if `authsource` is ldap.
+                      type: string
+                    bindpass:
+                      description: The password for the Bind DN user. It is required for authentication when connecting to the LDAP server. Required if `authsource` is ldap.
+                      type: string
+                    authorize_url:
+                      description: The OIDC provider's authorization server URL. Required if `authsource` is generic-oidc.
+                      type: string
+                    token_url:
+                      description: The OIDC provider's token server URL. Required if `authsource` is generic-oidc.
+                      type: string
+                    userinfo_url:
+                      description: The OIDC provider's user info server URL. Required if `authsource` is generic-oidc.
+                      type: string
+                    client_scopes:
+                      description: Specifies the OIDC scopes requested during authentication.
+                      type: string
+                      default: "openid profile email mailcow_template"
+            examples:
+              keycloak:
+                value:
+                  items:
+                    - "identity-provider"
+                  attr:
+                    authsource: "keycloak"
+                    server_url: "https://auth.mailcow.tld"
+                    realm: "mailcow"
+                    client_id: "mailcow_client"
+                    client_secret: "Xy7GdPqvJ9m3R8sT2LkVZ5W1oNbCaYQf"
+                    redirect_url: "https://mail.mailcow.tld"
+                    version: "26.1.3"
+                    mappers: ["Default", "small_mbox", "medium_mbox"]
+                    templates: ["Default", "small", "medium"]
+                    ignore_ssl_error: true
+                    mailpassword_flow: true
+                    periodic_sync: true
+                    import_users: true
+                    sync_interval: 30
+              ldap:
+                value:
+                  items:
+                    - "identity-provider"
+                  attr:
+                    authsource: "ldap"
+                    host: "127.0.0.1"
+                    port: "389"
+                    use_ssl: false
+                    use_tls: false
+                    ignore_ssl_error: false
+                    basedn: "DC=mailcow,DC=local"
+                    username_field: "mail"
+                    filter: "(memberOf:1.2.840.113556.1.4.1941:=DC=mailcow,DC=local)"
+                    attribute_field: "othermailbox"
+                    binddn: "CN=LDAP Read Only,CN=Users,DC=mailcow,DC=local"
+                    bindpass: "moohoo"
+                    mappers: ["Default", "small_mbox", "medium_mbox"]
+                    templates: ["Default", "small", "medium"]
+                    periodic_sync: true
+                    import_users: true
+                    sync_interval: 30
+              generic-oidc:
+                value:
+                  items:
+                    - "identity-provider"
+                  attr:
+                    authsource: "generic-oidc"
+                    authorize_url: "https://auth.mailcow.tld/application/o/authorize/"
+                    token_url: "https://auth.mailcow.tld/application/o/token/"
+                    userinfo_url: "https://auth.mailcow.tld/application/o/userinfo/"
+                    client_id: "mailcow_client"
+                    client_secret: "Xy7GdPqvJ9m3R8sT2LkVZ5W1oNbCaYQf"
+                    redirect_url: "https://mail.mailcow.tld"
+                    client_scopes: "openid profile email mailcow_template"
+                    mappers: ["Default", "small_mbox", "medium_mbox"]
+                    templates: ["Default", "small", "medium"]
+                    ignore_ssl_error: true
+      summary: Edit external Identity Provider
 
 tags:
   - name: Domains
@@ -5871,3 +6080,5 @@ tags:
     description: Edit domain ratelimits
   - name: Cross-Origin Resource Sharing (CORS)
     description: Manage Cross-Origin Resource Sharing (CORS) settings
+  - name: Identity Provider
+    description: Manage external Identity Provider settings

From ceebc56e62b8845241325e6d29b585cdbd0c1bbd Mon Sep 17 00:00:00 2001
From: Nick Bouwhuis <2922075+NickBouwhuis@users.noreply.github.com>
Date: Tue, 18 Mar 2025 10:08:08 +0000
Subject: [PATCH 522/755] feat/replace bgp.he.net with bgp.tools

---
 data/web/js/site/user.js                     | 2 +-
 data/web/templates/admin/tab-config-f2b.twig | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/data/web/js/site/user.js b/data/web/js/site/user.js
index 2a5eccdf8..497bdc7de 100644
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@@ -103,7 +103,7 @@ jQuery(function($){
               var local_datetime = datetime.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
               var service = '<div class="badge fs-6 bg-secondary">' + item.service.toUpperCase() + '</div>';
               var app_password = item.app_password ? ' <a href="/edit/app-passwd/' + item.app_password + '"><i class="bi bi-app-indicator"></i> ' + escapeHtml(item.app_password_name || "App") + '</a>' : '';
-              var real_rip = item.real_rip.startsWith("Web") ? item.real_rip : '<a href="https://bgp.he.net/ip/' + item.real_rip + '" target="_blank">' + item.real_rip + "</a>";
+              var real_rip = item.real_rip.startsWith("Web") ? item.real_rip : '<a href="https://bgp.tools/prefix/' + item.real_rip + '" target="_blank">' + item.real_rip + "</a>";
               var ip_location = item.location ? ' <span class="flag-icon flag-icon-' + item.location.toLowerCase() + '"></span>' : '';
               var ip_data = real_rip + ip_location + app_password;
               $(".last-login").append('<li class="list-group-item">' + local_datetime + " " + service + " " + lang.from + " " + ip_data + "</li>");
diff --git a/data/web/templates/admin/tab-config-f2b.twig b/data/web/templates/admin/tab-config-f2b.twig
index 75c626641..d33c242a8 100644
--- a/data/web/templates/admin/tab-config-f2b.twig
+++ b/data/web/templates/admin/tab-config-f2b.twig
@@ -110,7 +110,7 @@
         <p>
           <span class="badge fs-7 bg-info d-block d-sm-inline-block">
             <i class="bi bi-funnel-fill"></i>
-            <a href="https://bgp.he.net/ip/{{ active_ban.ip }}" target="_blank">
+            <a href="https://bgp.tools/prefix/{{ active_ban.ip }}" target="_blank">
               {{ active_ban.network }}
             </a>
             ({{ active_ban.banned_until }})
@@ -130,7 +130,7 @@
         <p>
           <span class="badge fs-7 bg-danger d-block d-sm-inline-block">
             <i class="bi bi-funnel-fill"></i>
-            <a href="https://bgp.he.net/ip/{{ perm_ban.ip }}" target="_blank">
+            <a href="https://bgp.tools/prefix/{{ perm_ban.ip }}" target="_blank">
               {{ perm_ban.network }}
             </a>
           </span>

From 887b7114a8bdd74a81f9ce7a6c5e006e28e135c0 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 19 Mar 2025 14:35:32 +0100
Subject: [PATCH 523/755] Add default template for IdP attribute mapping

---
 data/conf/phpfpm/crons/keycloak-sync.php      |  40 +++----
 data/conf/phpfpm/crons/ldap-sync.php          |  28 +++--
 data/web/inc/functions.auth.inc.php           |  40 ++++---
 data/web/inc/functions.inc.php                |  32 ++++--
 data/web/js/site/admin.js                     | 106 +++++++-----------
 data/web/lang/lang.de-de.json                 |   2 +
 data/web/lang/lang.en-gb.json                 |   2 +
 .../admin/tab-config-identity-provider.twig   |  90 ++++++++++++---
 8 files changed, 201 insertions(+), 139 deletions(-)

diff --git a/data/conf/phpfpm/crons/keycloak-sync.php b/data/conf/phpfpm/crons/keycloak-sync.php
index cdc5a6e99..8c2e66584 100644
--- a/data/conf/phpfpm/crons/keycloak-sync.php
+++ b/data/conf/phpfpm/crons/keycloak-sync.php
@@ -154,17 +154,6 @@ while (true) {
       logMsg("warning", "No email address in keycloak found for user " . $user['name']);
       continue;
     }
-    if (!isset($user['attributes'])){
-      logMsg("warning", "No attributes in keycloak found for user " . $user['email']);
-      continue;
-    }
-    if (!isset($user['attributes']['mailcow_template']) ||
-        !is_array($user['attributes']['mailcow_template']) ||
-        count($user['attributes']['mailcow_template']) == 0) {
-      logMsg("warning", "No mailcow_template in keycloak found for user " . $user['email']);
-      continue;
-    }
-    $mailcow_template = $user['attributes']['mailcow_template'];
 
     // try get mailbox user
     $stmt = $pdo->prepare("SELECT
@@ -178,20 +167,22 @@ while (true) {
     $row = $stmt->fetch(PDO::FETCH_ASSOC);
 
     // check if matching attribute mapping exists
-    $mbox_template = null;
-    foreach ($iam_settings['mappers'] as $index => $mapper){
-      if (in_array($mapper, $user['attributes']['mailcow_template'])) {
-        $mbox_template = $mapper;
-        break;
-      }
-    }
-    if (!$mbox_template){
-      logMsg("warning", "No matching attribute mapping found for user " . $user['email']);
-      continue;
-    }
+    $user_template = $user['attributes']['mailcow_template'][0];
+    $mapper_key = array_search($user_template, $iam_settings['mappers']);
 
     $_SESSION['access_all_exception'] = '1';
     if (!$row && intval($iam_settings['import_users']) == 1){
+      if ($mapper_key === false){
+        if (!empty($iam_settings['default_template'])) {
+          $mbox_template = $iam_settings['default_template'];
+          logMsg("warning", "Using default template for user " . $user['email']);
+        } else {
+          logMsg("warning", "No matching attribute mapping found for user " . $user['email']);
+          continue;
+        }
+      } else {
+        $mbox_template = $iam_settings['templates'][$mapper_key];
+      }
       // mailbox user does not exist, create...
       logMsg("info", "Creating user " . $user['email']);
       $create_res = mailbox('add', 'mailbox_from_template', array(
@@ -206,6 +197,11 @@ while (true) {
         continue;
       }
     } else if ($row && intval($iam_settings['periodic_sync']) == 1) {
+      if ($mapper_key === false){
+        logMsg("warning", "No matching attribute mapping found for user " . $user['email']);
+        continue;
+      }
+      $mbox_template = $iam_settings['templates'][$mapper_key];
       // mailbox user does exist, sync attribtues...
       logMsg("info", "Syncing attributes for user " . $user['email']);
       mailbox('edit', 'mailbox_from_template', array(
diff --git a/data/conf/phpfpm/crons/ldap-sync.php b/data/conf/phpfpm/crons/ldap-sync.php
index 17000997c..648f46c95 100644
--- a/data/conf/phpfpm/crons/ldap-sync.php
+++ b/data/conf/phpfpm/crons/ldap-sync.php
@@ -137,17 +137,8 @@ foreach ($response as $user) {
   $row = $stmt->fetch(PDO::FETCH_ASSOC);
 
   // check if matching attribute mapping exists
-  $mbox_template = null;
-  foreach ($iam_settings['mappers'] as $index => $mapper){
-    if ($mapper ==  $mailcow_template) {
-      $mbox_template = $iam_settings['templates'][$index];
-      break;
-    }
-  }
-  if (!$mbox_template){
-    logMsg("warning", "No matching attribute mapping found for user " . $user[$iam_settings['username_field']][0]);
-    continue;
-  }
+  $user_template = $user_res[$iam_settings['attribute_field']][0];
+  $mapper_key = array_search($user_template, $iam_settings['mappers']);
 
   if (empty($user[$iam_settings['username_field']][0])){
     logMsg("warning", "Skipping user " . $user['displayname'][0] . " due to empty LDAP ". $iam_settings['username_field'] . " property.");
@@ -156,6 +147,16 @@ foreach ($response as $user) {
 
   $_SESSION['access_all_exception'] = '1';
   if (!$row && intval($iam_settings['import_users']) == 1){
+    if ($mapper_key === false){
+      if (!empty($iam_settings['default_template'])) {
+        $mbox_template = $iam_settings['default_template'];
+      } else {
+        logMsg("warning", "No matching attribute mapping found for user " . $user[$iam_settings['username_field']][0]);
+        continue;
+      }
+    } else {
+      $mbox_template = $iam_settings['templates'][$mapper_key];
+    }
     // mailbox user does not exist, create...
     logMsg("info", "Creating user " .  $user[$iam_settings['username_field']][0]);
     $create_res = mailbox('add', 'mailbox_from_template', array(
@@ -170,6 +171,11 @@ foreach ($response as $user) {
       continue;
     }
   } else if ($row && intval($iam_settings['periodic_sync']) == 1) {
+    if ($mapper_key === false){
+      logMsg("warning", "No matching attribute mapping found for user " . $user[$iam_settings['username_field']][0]);
+      continue;
+    }
+    $mbox_template = $iam_settings['templates'][$mapper_key];
     // mailbox user does exist, sync attribtues...
     logMsg("info", "Syncing attributes for user " . $user[$iam_settings['username_field']][0]);
     mailbox('edit', 'mailbox_from_template', array(
diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 7fd535be1..f432c3834 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -529,12 +529,18 @@ function keycloak_mbox_login_rest($user, $pass, $extra = null){
 
   // check if matching attribute exist
   if (empty($iam_settings['mappers']) || !$user_template || $mapper_key === false) {
-    $_SESSION['return'][] =  array(
-      'type' => 'danger',
-      'log' => array(__FUNCTION__, $user, '*', 'No matching attribute mapping was found'),
-      'msg' => 'generic_server_error'
-    );
-    return false;
+    if (!empty($iam_settings['default_template'])) {
+      $mbox_template = $iam_settings['default_template'];
+    } else {
+      $_SESSION['return'][] =  array(
+        'type' => 'danger',
+        'log' => array(__FUNCTION__, $user, '*', 'No matching attribute mapping was found'),
+        'msg' => 'generic_server_error'
+      );
+      return false;
+    }
+  } else {
+    $mbox_template = $iam_settings['templates'][$mapper_key];
   }
 
   // create mailbox
@@ -544,7 +550,7 @@ function keycloak_mbox_login_rest($user, $pass, $extra = null){
     'local_part' => explode('@', $user)[0],
     'name' => $user_res['name'],
     'authsource' => 'keycloak',
-    'template' => $iam_settings['templates'][$mapper_key]
+    'template' => $mbox_template
   ));
   $_SESSION['access_all_exception'] = '0';
   if (!$create_res){
@@ -636,12 +642,18 @@ function ldap_mbox_login($user, $pass, $extra = null){
 
   // check if matching attribute exist
   if (empty($iam_settings['mappers']) || !$user_template || $mapper_key === false) {
-    $_SESSION['return'][] =  array(
-      'type' => 'danger',
-      'log' => array(__FUNCTION__, $user, '*', 'No matching attribute mapping was found'),
-      'msg' => 'generic_server_error'
-    );
-    return false;
+    if (!empty($iam_settings['default_tempalte'])) {
+      $mbox_template = $iam_settings['default_tempalte'];
+    } else {
+      $_SESSION['return'][] =  array(
+        'type' => 'danger',
+        'log' => array(__FUNCTION__, $user, '*', 'No matching attribute mapping was found'),
+        'msg' => 'generic_server_error'
+      );
+      return false;
+    }
+  } else {
+    $mbox_template = $iam_settings['templates'][$mapper_key];
   }
 
   // create mailbox
@@ -651,7 +663,7 @@ function ldap_mbox_login($user, $pass, $extra = null){
     'local_part' => explode('@', $user)[0],
     'name' => $user_res['displayname'][0],
     'authsource' => 'ldap',
-    'template' => $iam_settings['templates'][$mapper_key]
+    'template' => $mbox_template
   ));
   $_SESSION['access_all_exception'] = '0';
   if (!$create_res){
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 5b67dd1e4..3593ff2c4 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2387,8 +2387,16 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       }
       $pdo->commit();
 
+      // add default template
+      if (isset($_data['default_template'])) {
+        $_data['default_template'] = (empty($_data['default_template'])) ? "" : $_data['default_template'];
+        $stmt = $pdo->prepare("INSERT INTO identity_provider (`key`, `value`) VALUES ('default_template', :value) ON DUPLICATE KEY UPDATE `value` = VALUES(`value`);");
+        $stmt->bindParam(':value', $_data['default_template']);
+        $stmt->execute();
+      }
+
       // add mappers
-      if ($_data['mappers'] && $_data['templates']){
+      if (isset($_data['mappers']) && isset($_data['templates'])){
         $_data['mappers'] = (!is_array($_data['mappers'])) ? array($_data['mappers']) : $_data['mappers'];
         $_data['templates'] = (!is_array($_data['templates'])) ? array($_data['templates']) : $_data['templates'];
 
@@ -2714,13 +2722,19 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       }
 
       if (empty($iam_settings['mappers']) || empty($user_template) || $mapper_key === false){
-        clear_session();
-        $_SESSION['return'][] =  array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $info['email'], 'No matching attribute mapping was found'),
-          'msg' => 'login_failed'
-        );
-        return false;
+        if (!empty($iam_settings['default_template'])) {
+          $mbox_template = $iam_settings['default_template'];
+        } else {
+          clear_session();
+          $_SESSION['return'][] =  array(
+            'type' => 'danger',
+            'log' => array(__FUNCTION__, $info['email'], 'No matching attribute mapping was found'),
+            'msg' => 'login_failed'
+          );
+          return false;
+        }
+      } else {
+        $mbox_template = $iam_settings['templates'][$mapper_key];
       }
 
       // create mailbox
@@ -2730,7 +2744,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
         'local_part' => explode('@', $info['email'])[0],
         'name' => $info['name'],
         'authsource' => $iam_settings['authsource'],
-        'template' => $iam_settings['templates'][$mapper_key]
+        'template' => $mbox_template
       ));
       $_SESSION['access_all_exception'] = '0';
       if (!$create_res){
diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index 5a5f37955..90c00002a 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -711,7 +711,7 @@ jQuery(function($){
   // App links
   // setup eventlistener
   setAppHideEvent();
-  function setAppHideEvent(){ 
+  function setAppHideEvent(){
     $('.app_hide').off('change');
     $('.app_hide').on('change', function (e) {
       var value = $(this).is(':checked') ? '1' : '0';
@@ -756,13 +756,13 @@ jQuery(function($){
   $('.iam_test_connection').click(async function(e){
     e.preventDefault();
     var data = { attr: $('form[data-id="' + $(this).data('id') + '"]').serializeObject() };
-    var res = await fetch("/api/v1/edit/identity-provider-test", { 
+    var res = await fetch("/api/v1/edit/identity-provider-test", {
       headers: {
         "Content-Type": "application/json",
       },
-      method:'POST', 
-      cache:'no-cache', 
-      body: JSON.stringify(data) 
+      method:'POST',
+      cache:'no-cache',
+      body: JSON.stringify(data)
     });
     res = await res.json();
     if (res.type === 'success'){
@@ -772,79 +772,22 @@ jQuery(function($){
   });
 
   $('.iam_rolemap_add_keycloak').click(async function(e){
-    e.preventDefault();
-
-    var parent = $('#iam_keycloak_mapping_list')
-    $(parent).children().last().clone().appendTo(parent);
-    var newChild = $(parent).children().last();
-    $(newChild).find('input').val('');
-    $(newChild).find('.dropdown-toggle').remove();
-    $(newChild).find('.dropdown-menu').remove();
-    $(newChild).find('.bs-title-option').remove();
-    $(newChild).find('select').selectpicker('destroy');
-    $(newChild).find('select').selectpicker();
-
-    $('.iam_keycloak_rolemap_del').off('click');
-    $('.iam_keycloak_rolemap_del').click(async function(e){
-      e.preventDefault();
-      if ($(this).parent().parent().parent().parent().children().length > 1)
-        $(this).parent().parent().parent().remove();
-    });
+    addAttributeMappingRow('#iam_keycloak_mapping_list', '.iam_keycloak_rolemap_del', e);
   });
   $('.iam_rolemap_add_generic').click(async function(e){
-    e.preventDefault();
-
-    var parent = $('#iam_generic_mapping_list')
-    $(parent).children().last().clone().appendTo(parent);
-    var newChild = $(parent).children().last();
-    $(newChild).find('input').val('');
-    $(newChild).find('.dropdown-toggle').remove();
-    $(newChild).find('.dropdown-menu').remove();
-    $(newChild).find('.bs-title-option').remove();
-    $(newChild).find('select').selectpicker('destroy');
-    $(newChild).find('select').selectpicker();
-
-    $('.iam_generic_rolemap_del').off('click');
-    $('.iam_generic_rolemap_del').click(async function(e){
-      e.preventDefault();
-      if ($(this).parent().parent().parent().parent().children().length > 1)
-        $(this).parent().parent().parent().remove();
-    });
+    addAttributeMappingRow('#iam_generic_mapping_list', '.iam_generic_rolemap_del', e);
   });
   $('.iam_rolemap_add_ldap').click(async function(e){
-    e.preventDefault();
-
-    var parent = $('#iam_ldap_mapping_list')
-    $(parent).children().last().clone().appendTo(parent);
-    var newChild = $(parent).children().last();
-    $(newChild).find('input').val('');
-    $(newChild).find('.dropdown-toggle').remove();
-    $(newChild).find('.dropdown-menu').remove();
-    $(newChild).find('.bs-title-option').remove();
-    $(newChild).find('select').selectpicker('destroy');
-    $(newChild).find('select').selectpicker();
-
-    $('.iam_ldap_rolemap_del').off('click');
-    $('.iam_ldap_rolemap_del').click(async function(e){
-      e.preventDefault();
-      if ($(this).parent().parent().parent().parent().children().length > 1)
-        $(this).parent().parent().parent().remove();
-    });
+    addAttributeMappingRow('#iam_ldap_mapping_list', '.iam_ldap_rolemap_del', e);
   });
   $('.iam_keycloak_rolemap_del').click(async function(e){
-    e.preventDefault();
-    if ($(this).parent().parent().parent().parent().children().length > 1)
-      $(this).parent().parent().parent().remove();
+    deleteAttributeMappingRow(this, e);
   });
   $('.iam_generic_rolemap_del').click(async function(e){
-    e.preventDefault();
-    if ($(this).parent().parent().parent().parent().children().length > 1)
-      $(this).parent().parent().parent().remove();
+    deleteAttributeMappingRow(this, e);
   });
   $('.iam_ldap_rolemap_del').click(async function(e){
-    e.preventDefault();
-    if ($(this).parent().parent().parent().parent().children().length > 1)
-      $(this).parent().parent().parent().remove();
+    deleteAttributeMappingRow(this, e);
   });
   // selecting identity provider
   $('#iam_provider').on('change', function(){
@@ -863,4 +806,31 @@ jQuery(function($){
       $('#keycloak_settings').addClass('d-none');
     }
   });
+  function addAttributeMappingRow(list_id, del_class, e) {
+    e.preventDefault();
+
+    var parent = $(list_id)
+    $(parent).children().last().clone().appendTo(parent);
+    var newChild = $(parent).children().last();
+    $(newChild).find('input').val('');
+    $(newChild).find('input').val('').prop('required', true);
+    $(newChild).find('.dropdown-toggle').remove();
+    $(newChild).find('.dropdown-menu').remove();
+    $(newChild).find('.bs-title-option').remove();
+    $(newChild).find('select').selectpicker('destroy');
+    $(newChild).find('select').selectpicker();
+    $(newChild).find('select').selectpicker().prop('required', true);
+
+    $(del_class).off('click');
+    $(del_class).click(async function(e){
+      deleteAttributeMappingRow(this, e);
+    });
+  }
+  function deleteAttributeMappingRow(elem, e) {
+    e.preventDefault();
+    if(!$(elem).parent().parent().parent().find('select').prop('required'))
+      return true;
+    if ($(elem).parent().parent().parent().parent().children().length > 1)
+      $(elem).parent().parent().parent().remove();
+  }
 });
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 0857bc5f7..45c6e9f50 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -215,6 +215,8 @@
         "iam_client_id": "Client ID",
         "iam_client_secret": "Client Secret",
         "iam_client_scopes": "Client Scopes",
+        "iam_default_template": "Standardvorlage",
+        "iam_default_template_description": "Falls für einen Benutzer kein Template hinterlegt ist, wird die Standardvorlage zum Erstellen der Mailbox verwendet, jedoch nicht zum Aktualisieren der Mailbox.",
         "iam_description": "Konfiguriere einen externen Identity Provider für die Authentifizierung<br>Die Mailboxen der Benutzer werden bei ihrer ersten Anmeldung automatisch erstellt, vorausgesetzt, dass ein Attribut Mapping festgelegt wurde.",
         "iam_extra_permission": "Damit die folgenden Einstellungen funktionieren, benötigt der mailcow Client in Keycloak ein <code>Service-Konto</code> und die Berechtigung <code>view-users</code>.",
         "iam_host": "Host",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 64baade92..1876836de 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -222,6 +222,8 @@
         "iam_client_id": "Client ID",
         "iam_client_secret": "Client Secret",
         "iam_client_scopes": "Client Scopes",
+        "iam_default_template": "Default Template",
+        "iam_default_template_description": "If no template is assigned to a user, the default template will be used for creating the mailbox, but not for updating the mailbox.",
         "iam_description": "Configure an external Provider for Authentication<br>User's mailboxes will be automatically created upon their first login, provided that an attribute mapping has been set.",
         "iam_extra_permission": "For the following settings to work, the mailcow client in Keycloak needs a <code>Service account</code> and the permission to <code>view-users</code>.",
         "iam_host": "Host",
diff --git a/data/web/templates/admin/tab-config-identity-provider.twig b/data/web/templates/admin/tab-config-identity-provider.twig
index 4a85b42fc..9d4dcd286 100644
--- a/data/web/templates/admin/tab-config-identity-provider.twig
+++ b/data/web/templates/admin/tab-config-identity-provider.twig
@@ -93,6 +93,27 @@
             </div>
           </div>
           <div class="row mb-2" id="iam_keycloak_mapping_list">
+            <input type="hidden" name="mappers" value="">
+            <input type="hidden" name="templates" value="">
+            <div class="offset-md-3 col-12 col-md-9 col-lg-4 mb-2">
+              <div class="row px-2">
+                <div class="col-5 p-0 pe-2">
+                  <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.admin.iam_default_template_description }}"></i>
+                  <span>{{ lang.admin.iam_default_template}}</span>
+                </div>
+                <div class="col-5 p-0 pe-2 align-content-end">
+                  <select data-live-search="true" name="default_template" class="form-control" title="-- {{ lang.mailbox.template }} --">
+                  <option value="" {% if not iam_settings.default_template %}selected{% endif %}>-- {{ lang.mailbox.template }} --</option>
+                  {% for mbox_template in mbox_templates %}
+                    <option {% if mbox_template.template == iam_settings.default_template %}selected{% endif %}>
+                      {{ mbox_template.template }}
+                    </option>
+                  {% endfor %}
+                  </select>
+                </div>
+                <div class="col-2 p-0 d-flex"></div>
+              </div>
+            </div>
             {% for key, role in iam_settings.mappers %}
             <div class="offset-md-3 col-12 col-md-9 col-lg-4 mb-2">
               <div class="row px-2">
@@ -100,7 +121,7 @@
                   <input type="text" class="form-control me-2" name="mappers" value="{{ iam_settings.mappers[key] }}" required>
                 </div>
                 <div class="col-5 p-0 pe-2">
-                  <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
+                  <select data-live-search="true" name="templates" class="form-control" title="-- {{ lang.mailbox.template }} --" required>
                   {% for mbox_template in mbox_templates %}
                     <option{% if mbox_template.template == iam_settings.templates[key] %} selected{% endif %}>
                       {{ mbox_template.template }}
@@ -114,14 +135,14 @@
               </div>
             </div>
             {% endfor %}
-            {% if not iam_settings.mappers %}
             <div class="offset-md-3 col-12 col-md-9 col-lg-4 mb-2">
               <div class="row px-2">
                 <div class="col-5 p-0 pe-2">
-                  <input type="text" class="form-control me-2" name="mappers" value="" required>
+                  <input type="text" class="form-control me-2" name="mappers" value="">
                 </div>
                 <div class="col-5 p-0 pe-2">
-                  <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
+                  <select data-live-search="true" name="templates" class="form-control" title="-- {{ lang.mailbox.template }} --">
+                  <option value="" selected>-- {{ lang.mailbox.template }} --</option>
                   {% for mbox_template in mbox_templates %}
                     <option>
                       {{ mbox_template.template }}
@@ -134,7 +155,6 @@
                 </div>
               </div>
             </div>
-            {% endif %}
           </div>
           <div class="row mb-2 mt-4">
             <div class="col-md-3 d-flex align-items-center justify-content-md-end"></div>
@@ -283,6 +303,27 @@
             </div>
           </div>
           <div class="row mb-2" id="iam_generic_mapping_list">
+            <input type="hidden" name="mappers" value="">
+            <input type="hidden" name="templates" value="">
+            <div class="offset-md-3 col-12 col-md-9 col-lg-4 mb-2">
+              <div class="row px-2">
+                <div class="col-5 p-0 pe-2">
+                  <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.admin.iam_default_template_description }}"></i>
+                  <span>{{ lang.admin.iam_default_template}}</span>
+                </div>
+                <div class="col-5 p-0 pe-2 align-content-end">
+                  <select data-live-search="true" name="default_template" class="form-control" title="-- {{ lang.mailbox.template }} --">
+                  <option value="" {% if not iam_settings.default_template %}selected{% endif %}>-- {{ lang.mailbox.template }} --</option>
+                  {% for mbox_template in mbox_templates %}
+                    <option {% if mbox_template.template == iam_settings.default_template %}selected{% endif %}>
+                      {{ mbox_template.template }}
+                    </option>
+                  {% endfor %}
+                  </select>
+                </div>
+                <div class="col-2 p-0 d-flex"></div>
+              </div>
+            </div>
             {% for key, role in iam_settings.mappers %}
             <div class="offset-md-3 col-12 col-md-9 col-lg-4 mb-2">
               <div class="row px-2">
@@ -290,7 +331,7 @@
                   <input type="text" class="form-control me-2" name="mappers" value="{{ iam_settings.mappers[key] }}" required>
                 </div>
                 <div class="col-5 p-0 pe-2">
-                  <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
+                  <select data-live-search="true" name="templates" class="form-control" title="-- {{ lang.mailbox.template }} --" required>
                   {% for mbox_template in mbox_templates %}
                     <option{% if mbox_template.template == iam_settings.templates[key] %} selected{% endif %}>
                       {{ mbox_template.template }}
@@ -304,14 +345,14 @@
               </div>
             </div>
             {% endfor %}
-            {% if not iam_settings.mappers %}
             <div class="offset-md-3 col-12 col-md-9 col-lg-4 mb-2">
               <div class="row px-2">
                 <div class="col-5 p-0 pe-2">
-                  <input type="text" class="form-control me-2" name="mappers" value="" required>
+                  <input type="text" class="form-control me-2" name="mappers" value="">
                 </div>
                 <div class="col-5 p-0 pe-2">
-                  <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
+                  <select data-live-search="true" name="templates" class="form-control" title="-- {{ lang.mailbox.template }} --">
+                  <option value="" selected>-- {{ lang.mailbox.template }} --</option>
                   {% for mbox_template in mbox_templates %}
                     <option>
                       {{ mbox_template.template }}
@@ -324,7 +365,6 @@
                 </div>
               </div>
             </div>
-            {% endif %}
           </div>
           <div class="row mb-4">
             <div class="col-md-3 d-flex align-items-center justify-content-md-end">
@@ -463,6 +503,27 @@
             </div>
           </div>
           <div class="row mb-2" id="iam_ldap_mapping_list">
+            <input type="hidden" name="mappers" value="">
+            <input type="hidden" name="templates" value="">
+            <div class="offset-md-3 col-12 col-md-9 col-lg-4 mb-2">
+              <div class="row px-2">
+                <div class="col-5 p-0 pe-2">
+                  <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.admin.iam_default_template_description }}"></i>
+                  <span>{{ lang.admin.iam_default_template }}</span>
+                </div>
+                <div class="col-5 p-0 pe-2 align-content-end">
+                  <select data-live-search="true" name="default_template" class="form-control" title="-- {{ lang.mailbox.template }} --">
+                  <option value="" {% if not iam_settings.default_template %}selected{% endif %}>-- {{ lang.mailbox.template }} --</option>
+                  {% for mbox_template in mbox_templates %}
+                    <option {% if mbox_template.template == iam_settings.default_template %}selected{% endif %}>
+                      {{ mbox_template.template }}
+                    </option>
+                  {% endfor %}
+                  </select>
+                </div>
+                <div class="col-2 p-0 d-flex"></div>
+              </div>
+            </div>
             {% for key, role in iam_settings.mappers %}
             <div class="offset-md-3 col-12 col-md-9 col-lg-4 mb-2">
               <div class="row px-2">
@@ -470,7 +531,7 @@
                   <input type="text" class="form-control me-2" name="mappers" value="{{ iam_settings.mappers[key] }}" required>
                 </div>
                 <div class="col-5 p-0 pe-2">
-                  <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
+                  <select data-live-search="true" name="templates" class="form-control" title="-- {{ lang.mailbox.template }} --" required>
                   {% for mbox_template in mbox_templates %}
                     <option{% if mbox_template.template == iam_settings.templates[key] %} selected{% endif %}>
                       {{ mbox_template.template }}
@@ -484,14 +545,14 @@
               </div>
             </div>
             {% endfor %}
-            {% if not iam_settings.mappers %}
             <div class="offset-md-3 col-12 col-md-9 col-lg-4 mb-2">
               <div class="row px-2">
                 <div class="col-5 p-0 pe-2">
-                  <input type="text" class="form-control me-2" name="mappers" value="" required>
+                  <input type="text" class="form-control me-2" name="mappers" value="">
                 </div>
                 <div class="col-5 p-0 pe-2">
-                  <select data-live-search="true" name="templates" class="form-control" title="{{ lang.mailbox.template }}" required>
+                  <select data-live-search="true" name="templates" class="form-control" title="-- {{ lang.mailbox.template }} --">
+                  <option value="" selected>-- {{ lang.mailbox.template }} --</option>
                   {% for mbox_template in mbox_templates %}
                     <option>
                       {{ mbox_template.template }}
@@ -504,7 +565,6 @@
                 </div>
               </div>
             </div>
-            {% endif %}
           </div>
           <div class="row mb-2">
             <div class="col-md-3 d-flex align-items-center justify-content-md-end">

From 72ced70e338b35ae1a099c1a8f390ec17d0035e7 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 20 Mar 2025 13:08:42 +0100
Subject: [PATCH 524/755] [Web] Fix mailbox authsource selection

---
 data/web/inc/functions.mailbox.inc.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 54387f812..bb9b23045 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1024,8 +1024,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             );
             return false;
           }
-          if (in_array($_data['authsource'], array('mailcow', 'keycloak', 'generic-oidc', 'ldap')) &&
-              $iam_settings['authsource'] == $_data['authsource']){
+          if ($_data['authsource'] == "mailcow" ||
+              in_array($_data['authsource'], array('keycloak', 'generic-oidc', 'ldap')) && $iam_settings['authsource'] == $_data['authsource']){
             $authsource = $_data['authsource'];
           }
           if (empty($name)) {
@@ -2958,8 +2958,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               $tags                 = (is_array($_data['tags']) ? $_data['tags'] : array());
               $attribute_hash       = (!empty($_data['attribute_hash'])) ? $_data['attribute_hash'] : '';
               $authsource           = $is_now['authsource'];
-              if (in_array($_data['authsource'], array('mailcow', 'keycloak', 'generic-oidc', 'ldap')) &&
-                  $iam_settings['authsource'] == $_data['authsource']){
+              if ($_data['authsource'] == "mailcow" ||
+                  in_array($_data['authsource'], array('keycloak', 'generic-oidc', 'ldap')) && $iam_settings['authsource'] == $_data['authsource']){
                 $authsource = $_data['authsource'];
               }
               if (in_array($authsource, array('keycloak', 'generic-oidc', 'ldap'))){

From 94d4817ecb8d0cb21ff8cc393499dc5538dc8d3f Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 20 Mar 2025 13:38:27 +0100
Subject: [PATCH 525/755] [Web] Add default_template parameter to
 edit/identity-provider documentation

---
 data/web/api/openapi.yaml | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/data/web/api/openapi.yaml b/data/web/api/openapi.yaml
index 9eba76904..40887c11f 100644
--- a/data/web/api/openapi.yaml
+++ b/data/web/api/openapi.yaml
@@ -5847,12 +5847,11 @@ paths:
                           client_secret: "*"
                           redirect_url: "https://mail.mailcow.tld"
                           version: "26.1.3"
+                          default_template: "Default"
                           mappers:
-                            - "Default"
                             - "small_mbox"
                             - "medium_mbox"
                           templates:
-                            - "Default"
                             - "small"
                             - "medium"
                           ignore_ssl_error: true
@@ -5903,11 +5902,14 @@ paths:
                     version:
                       description: Specifies the Keycloak version. Required if `authsource` is keycloak.
                       type: string
+                    default_template:
+                      description: (Optional) If no matching Attribute Mapping exists for a User, the default template will be used for creating the mailbox, but not for updating the mailbox.
+                      type: string
                     mappers:
-                      description: Attribute values used to match a mailbox template. Each element corresponds to the respective index in the templates array (i.e., the first element matches the first element of templates, the second matches the second, and so on).
+                      description: (Optional) Attribute values used to match a mailbox template. Each element corresponds to the respective index in the templates array (i.e., the first element matches the first element of templates, the second matches the second, and so on).
                       type: array
                     templates:
-                      description: Defines the mailbox templates to be assigned. Each element corresponds to the respective index in the `mappers` array.
+                      description: (Optional) Defines the mailbox templates to be assigned. Each element corresponds to the respective index in the `mappers` array.
                       type: array
                     ignore_ssl_error:
                       description: If enabled, SSL certificate validation is bypassed
@@ -5988,8 +5990,9 @@ paths:
                     client_secret: "Xy7GdPqvJ9m3R8sT2LkVZ5W1oNbCaYQf"
                     redirect_url: "https://mail.mailcow.tld"
                     version: "26.1.3"
-                    mappers: ["Default", "small_mbox", "medium_mbox"]
-                    templates: ["Default", "small", "medium"]
+                    default_template: "Default"
+                    mappers: ["small_mbox", "medium_mbox"]
+                    templates: ["small", "medium"]
                     ignore_ssl_error: true
                     mailpassword_flow: true
                     periodic_sync: true
@@ -6012,8 +6015,9 @@ paths:
                     attribute_field: "othermailbox"
                     binddn: "CN=LDAP Read Only,CN=Users,DC=mailcow,DC=local"
                     bindpass: "moohoo"
-                    mappers: ["Default", "small_mbox", "medium_mbox"]
-                    templates: ["Default", "small", "medium"]
+                    default_template: "Default"
+                    mappers: ["small_mbox", "medium_mbox"]
+                    templates: ["small", "medium"]
                     periodic_sync: true
                     import_users: true
                     sync_interval: 30
@@ -6030,8 +6034,9 @@ paths:
                     client_secret: "Xy7GdPqvJ9m3R8sT2LkVZ5W1oNbCaYQf"
                     redirect_url: "https://mail.mailcow.tld"
                     client_scopes: "openid profile email mailcow_template"
-                    mappers: ["Default", "small_mbox", "medium_mbox"]
-                    templates: ["Default", "small", "medium"]
+                    default_template: "Default"
+                    mappers: ["small_mbox", "medium_mbox"]
+                    templates: ["small", "medium"]
                     ignore_ssl_error: true
       summary: Edit external Identity Provider
 

From 70ba3615837f4039941f51ad4b150255c480f5ad Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 20 Mar 2025 14:15:15 +0100
Subject: [PATCH 526/755] update.sh: Fix text in legacy update prompt

---
 update.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/update.sh b/update.sh
index 985d2cd1c..3a43dc288 100755
--- a/update.sh
+++ b/update.sh
@@ -1340,7 +1340,7 @@ elif [ "$NEW_BRANCH" == "legacy" ] && [ "$CURRENT_BRANCH" != "legacy" ]; then
   echo -e "\e[33mBefore you do: Please take a backup of all components to ensure that no Data is lost...\e[0m"
   sleep 1
   echo -e "\e[31mWARNING: A switch to stable or nightly is possible any time.\e[0m"
-  read -r -p "Are you sure you that want to continue upgrading to the legacy branch? [y/N] " response
+  read -r -p "Are you sure you want to continue upgrading to the legacy branch? [y/N] " response
   if [[ ! "${response}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
     echo "OK. If you prepared yourself for that please run the update.sh Script with the --legacy parameter again to trigger this process here."
     exit 0

From 684256b66ea073b6efc22edeb754fee87d55e7a8 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 20 Mar 2025 14:23:28 +0100
Subject: [PATCH 527/755] update.sh: Fix legacy typo

---
 update.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/update.sh b/update.sh
index 3a43dc288..cac1450c1 100755
--- a/update.sh
+++ b/update.sh
@@ -1267,7 +1267,7 @@ if ! [ "$NEW_BRANCH" ]; then
     sleep 1
     echo -e "\e[33mTo change that run the update.sh Script one time with the --stable parameter to switch to stable builds.\e[0m"
 
-  elif [ "${BRANCH}" == "legcy" ]; then
+  elif [ "${BRANCH}" == "legacy" ]; then
     echo -e "\e[31mYou are receiving legacy updates. The legacy branch will only recieve security updates until February 2026.\e[0m"
     sleep 1
     echo -e "\e[33mTo change that run the update.sh Script one time with the --stable parameter to switch to stable builds.\e[0m"

From ad5f07f0778c4fa586865c5fa5810e34a6670f88 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 24 Mar 2025 11:47:27 +0100
Subject: [PATCH 528/755] update.sh: add 2025-03 as major version

---
 update.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/update.sh b/update.sh
index b99dffe71..681a825d0 100755
--- a/update.sh
+++ b/update.sh
@@ -722,6 +722,7 @@ detect_major_update() {
     # Add major versions here
     MAJOR_VERSIONS=(
       "2025-02"
+      "2025-03"
     )
 
     current_version=""

From 986b0afbfadeeddd220a95c1d7dba50b87ce9512 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 24 Mar 2025 15:33:42 +0100
Subject: [PATCH 529/755] ldap-sync: Fix template selection

---
 data/conf/phpfpm/crons/ldap-sync.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/data/conf/phpfpm/crons/ldap-sync.php b/data/conf/phpfpm/crons/ldap-sync.php
index 648f46c95..66b76e64a 100644
--- a/data/conf/phpfpm/crons/ldap-sync.php
+++ b/data/conf/phpfpm/crons/ldap-sync.php
@@ -123,8 +123,6 @@ $response = $ldap_query->where($iam_settings['username_field'], "*")
 
 // Process the users
 foreach ($response as $user) {
-  $mailcow_template = $user[$iam_settings['attribute_field']][0];
-
   // try get mailbox user
   $stmt = $pdo->prepare("SELECT
     mailbox.*,
@@ -137,7 +135,7 @@ foreach ($response as $user) {
   $row = $stmt->fetch(PDO::FETCH_ASSOC);
 
   // check if matching attribute mapping exists
-  $user_template = $user_res[$iam_settings['attribute_field']][0];
+  $user_template = $user[$iam_settings['attribute_field']][0];
   $mapper_key = array_search($user_template, $iam_settings['mappers']);
 
   if (empty($user[$iam_settings['username_field']][0])){

From cd3b1ab828bdaacacbffebfd755c0fa919610f1c Mon Sep 17 00:00:00 2001
From: "Marvin A. Ruder" <signed@mruder.dev>
Date: Tue, 25 Mar 2025 20:24:33 +0100
Subject: [PATCH 530/755] Allow disabling Olefy

* Fixes #6389

Signed-off-by: Marvin A. Ruder <signed@mruder.dev>
---
 data/Dockerfiles/olefy/olefy.py       | 9 ++++++++-
 data/Dockerfiles/watchdog/watchdog.sh | 2 ++
 data/web/admin/dashboard.php          | 3 +++
 docker-compose.yml                    | 3 +++
 generate_config.sh                    | 4 ++++
 update.sh                             | 2 ++
 6 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/data/Dockerfiles/olefy/olefy.py b/data/Dockerfiles/olefy/olefy.py
index 776e78648..7c6880929 100644
--- a/data/Dockerfiles/olefy/olefy.py
+++ b/data/Dockerfiles/olefy/olefy.py
@@ -32,6 +32,13 @@ import time
 import magic
 import re
 
+skip_olefy = os.getenv('SKIP_OLEFY', '')
+
+if skip_olefy.lower() in ['yes', 'y']:
+    print("SKIP_OLEFY=y, skipping Olefy...")
+    time.sleep(365 * 24 * 60 * 60)
+    sys.exit(0)
+
 # merge variables from /etc/olefy.conf and the defaults
 olefy_listen_addr_string = os.getenv('OLEFY_BINDADDRESS', '127.0.0.1,::1')
 olefy_listen_port = int(os.getenv('OLEFY_BINDPORT', '10050'))
@@ -113,7 +120,7 @@ def oletools( stream, tmp_file_name, lid ):
         out = bytes(out.decode('utf-8', 'ignore').replace('  ', ' ').replace('\t', '').replace('\n', '').replace('XLMMacroDeobfuscator: pywin32 is not installed (only is required if you want to use MS Excel)', ''), encoding="utf-8")
         failed = False
         if out.__len__() < 30:
-            logger.error('{} olevba returned <30 chars - rc: {!r}, response: {!r}, error: {!r}'.format(lid,cmd_tmp.returncode, 
+            logger.error('{} olevba returned <30 chars - rc: {!r}, response: {!r}, error: {!r}'.format(lid,cmd_tmp.returncode,
                 out.decode('utf-8', 'ignore'), err.decode('utf-8', 'ignore')))
             out = b'[ { "error": "Unhandled error - too short olevba response" } ]'
             failed = True
diff --git a/data/Dockerfiles/watchdog/watchdog.sh b/data/Dockerfiles/watchdog/watchdog.sh
index 9d6f6609f..d1c659ce8 100755
--- a/data/Dockerfiles/watchdog/watchdog.sh
+++ b/data/Dockerfiles/watchdog/watchdog.sh
@@ -994,6 +994,7 @@ PID=$!
 echo "Spawned cert_checks with PID ${PID}"
 BACKGROUND_TASKS+=(${PID})
 
+if [[ "${SKIP_OLEFY}" =~ ^([nN][oO]|[nN])+$ ]]; then
 (
 while true; do
   if ! olefy_checks; then
@@ -1005,6 +1006,7 @@ done
 PID=$!
 echo "Spawned olefy_checks with PID ${PID}"
 BACKGROUND_TASKS+=(${PID})
+fi
 
 (
 while true; do
diff --git a/data/web/admin/dashboard.php b/data/web/admin/dashboard.php
index 473f28de2..443c2ea2a 100644
--- a/data/web/admin/dashboard.php
+++ b/data/web/admin/dashboard.php
@@ -18,6 +18,7 @@ elseif (!isset($_SESSION['mailcow_cc_role']) || $_SESSION['mailcow_cc_role'] !=
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';
 $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
 $clamd_status = (preg_match("/^([yY][eE][sS]|[yY])+$/", $_ENV["SKIP_CLAMD"])) ? false : true;
+$olefy_status = (preg_match("/^([yY][eE][sS]|[yY])+$/", $_ENV["SKIP_OLEFY"])) ? false : true;
 
 
 if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CACHE')) {
@@ -33,6 +34,7 @@ $vmail_df = explode(',', (string)json_decode(docker('post', 'dovecot-mailcow', '
 // containers
 $containers_info = (array) docker('info');
 if ($clamd_status === false) unset($containers_info['clamd-mailcow']);
+if ($olefy_status === false) unset($containers_info['olefy-mailcow']);
 ksort($containers_info);
 $containers = array();
 foreach ($containers_info as $container => $container_info) {
@@ -77,6 +79,7 @@ $template_data = [
   'gal' => @$_SESSION['gal'],
   'license_guid' => license('guid'),
   'clamd_status' => $clamd_status,
+  'olefy_status' => $olefy_status,
   'containers' => $containers,
   'ip_check' => customize('get', 'ip_check'),
   'lang_admin' => json_encode($lang['admin']),
diff --git a/docker-compose.yml b/docker-compose.yml
index 2d68b80ce..76739a09c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -176,6 +176,7 @@ services:
         - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
         - SKIP_FTS=${SKIP_FTS:-y}
         - SKIP_CLAMD=${SKIP_CLAMD:-n}
+        - SKIP_OLEFY=${SKIP_OLEFY:-n}
         - SKIP_SOGO=${SKIP_SOGO:-n}
         - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
         - MASTER=${MASTER:-y}
@@ -538,6 +539,7 @@ services:
         - IP_BY_DOCKER_API=${IP_BY_DOCKER_API:-0}
         - CHECK_UNBOUND=${CHECK_UNBOUND:-1}
         - SKIP_CLAMD=${SKIP_CLAMD:-n}
+        - SKIP_OLEFY=${SKIP_OLEFY:-n}
         - SKIP_LETS_ENCRYPT=${SKIP_LETS_ENCRYPT:-n}
         - SKIP_SOGO=${SKIP_SOGO:-n}
         - HTTPS_PORT=${HTTPS_PORT:-443}
@@ -601,6 +603,7 @@ services:
         - OLEFY_LOGLVL=20
         - OLEFY_MINLENGTH=500
         - OLEFY_DEL_TMP=1
+        - SKIP_OLEFY=${SKIP_OLEFY:-n}
       networks:
         mailcow-network:
           aliases:
diff --git a/generate_config.sh b/generate_config.sh
index c7a7cb64f..c4396a9ce 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -382,6 +382,10 @@ SKIP_UNBOUND_HEALTHCHECK=n
 
 SKIP_CLAMD=${SKIP_CLAMD}
 
+# Skip Olefy (olefy-mailcow) anti-virus for Office documents (Rspamd will auto-detect a missing Olefy container) - y/n
+
+SKIP_OLEFY=n
+
 # Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n
 
 SKIP_SOGO=n
diff --git a/update.sh b/update.sh
index 5a258b529..bf5229653 100755
--- a/update.sh
+++ b/update.sh
@@ -323,6 +323,7 @@ adapt_new_options() {
   "WATCHDOG_EXTERNAL_CHECKS"
   "WATCHDOG_SUBJECT"
   "SKIP_CLAMD"
+  "SKIP_OLEFY"
   "SKIP_IP_CHECK"
   "ADDITIONAL_SAN"
   "DOVEADM_PORT"
@@ -967,6 +968,7 @@ CONFIG_ARRAY=(
   "WATCHDOG_EXTERNAL_CHECKS"
   "WATCHDOG_SUBJECT"
   "SKIP_CLAMD"
+  "SKIP_OLEFY"
   "SKIP_IP_CHECK"
   "ADDITIONAL_SAN"
   "AUTODISCOVER_SAN"

From 05fc4f7aba5bfb9e2db596d11d6beab00ae70320 Mon Sep 17 00:00:00 2001
From: "Marvin A. Ruder" <signed@mruder.dev>
Date: Tue, 25 Mar 2025 21:24:22 +0100
Subject: [PATCH 531/755] fix(ui): Swap translations for oversized dropdown

* Fix other typos
* Fixes #6400

Signed-off-by: Marvin A. Ruder <signed@mruder.dev>
---
 data/Dockerfiles/dockerapi/main.py            |  4 ++--
 .../watchdog/check_mysql_slavestatus.sh       | 22 +++++++++----------
 data/conf/phpfpm/crons/keycloak-sync.php      |  4 ++--
 data/web/inc/triggers.user.inc.php            |  2 +-
 data/web/lang/lang.en-gb.json                 |  4 ++--
 data/web/lang/lang.ja-jp.json                 |  4 ++--
 data/web/lang/lang.pt-br.json                 |  4 ++--
 data/web/lang/lang.tr-tr.json                 |  4 ++--
 data/web/lang/lang.zh-cn.json                 |  4 ++--
 data/web/lang/lang.zh-tw.json                 |  4 ++--
 update.sh                                     |  4 ++--
 11 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/data/Dockerfiles/dockerapi/main.py b/data/Dockerfiles/dockerapi/main.py
index 00c2ad5e3..57e262864 100644
--- a/data/Dockerfiles/dockerapi/main.py
+++ b/data/Dockerfiles/dockerapi/main.py
@@ -241,9 +241,9 @@ async def handle_pubsub_messages(channel: aioredis.client.PubSub):
               else:
                 dockerapi.logger.error("api call: missing container_name, post_action or request")
             else:
-              dockerapi.logger.error("Unknwon PubSub recieved - %s" % json.dumps(data_json))
+              dockerapi.logger.error("Unknown PubSub received - %s" % json.dumps(data_json))
           else:
-            dockerapi.logger.error("Unknwon PubSub recieved - %s" % json.dumps(data_json))
+            dockerapi.logger.error("Unknown PubSub received - %s" % json.dumps(data_json))
 
         await asyncio.sleep(0.0)
     except asyncio.TimeoutError:
diff --git a/data/Dockerfiles/watchdog/check_mysql_slavestatus.sh b/data/Dockerfiles/watchdog/check_mysql_slavestatus.sh
index 4788b9b70..42eec59bb 100755
--- a/data/Dockerfiles/watchdog/check_mysql_slavestatus.sh
+++ b/data/Dockerfiles/watchdog/check_mysql_slavestatus.sh
@@ -49,7 +49,7 @@
 # 2013101601 Optical clean up                                           #
 # 2013101602 Rewrite help output                                        #
 # 2013101700 Handle Slave IO in 'Connecting' state                      #
-# 2013101701 Minor changes in output, handling UNKWNON situations now   #
+# 2013101701 Minor changes in output, handling UNKNOWN situations now   #
 # 2013101702 Exit CRITICAL when Slave IO in Connecting state            #
 # 2013123000 Slave_SQL_Running also matched Slave_SQL_Running_State     #
 # 2015011600 Added 'moving' check to catch possible connection issues   #
@@ -131,7 +131,7 @@ elif [[ -n "${socket}" && (-z "${user}" || -z "${password}") ]]; then
 fi
 
 # Connect to the DB server and store output in vars
-if [[ -n $socket ]]; then 
+if [[ -n $socket ]]; then
   ConnectionResult=$(mariadb --skip-ssl ${optfile} ${socket} ${user} -e "show slave ${connection} status\G" 2>&1)
 else
   ConnectionResult=$(mariadb --skip-ssl ${optfile} ${host} ${port} ${user} -e "show slave ${connection} status\G" 2>&1)
@@ -178,33 +178,33 @@ if [ ${check} = ${ok} ] && [ ${checkio} = ${ok} ]; then
   then echo "CRITICAL: Slave is ${delayinfo} seconds behind Master | delay=${delayinfo}s"; exit ${STATE_CRITICAL}
   elif [[ ${delayinfo} -ge ${warn_delay} ]]
   then echo "WARNING: Slave is ${delayinfo} seconds behind Master | delay=${delayinfo}s"; exit ${STATE_WARNING}
-  else 
+  else
     # Everything looks OK here but now let us check if the replication is moving
     if [[ -n ${moving} ]] && [[ -n ${tmpfile} ]] && [[ $readpos -eq $execpos ]]
-    then  
-      #echo "Debug: Read pos is $readpos - Exec pos is $execpos" 
+    then
+      #echo "Debug: Read pos is $readpos - Exec pos is $execpos"
       # Check if tmp file exists
       curtime=`date +%s`
-      if [[ -w $tmpfile ]] 
-      then 
+      if [[ -w $tmpfile ]]
+      then
         tmpfiletime=`date +%s -r $tmpfile`
         if [[ `expr $curtime - $tmpfiletime` -gt ${moving} ]]
         then
           exectmp=`cat $tmpfile`
           #echo "Debug: Exec pos in tmpfile is $exectmp"
           if [[ $exectmp -eq $execpos ]]
-          then 
+          then
             # The value read from the tmp file and from db are the same. Replication hasnt moved!
             echo "WARNING: Slave replication has not moved in ${moving} seconds. Manual check required."; exit ${STATE_WARNING}
-          else 
+          else
             # Replication has moved since the tmp file was written. Delete tmp file and output OK.
             rm $tmpfile
             echo "OK: Slave SQL running: ${check} Slave IO running: ${checkio} / master: ${masterinfo} / slave is ${delayinfo} seconds behind master | delay=${delayinfo}s"; exit ${STATE_OK};
           fi
-        else 
+        else
           echo "OK: Slave SQL running: ${check} Slave IO running: ${checkio} / master: ${masterinfo} / slave is ${delayinfo} seconds behind master | delay=${delayinfo}s"; exit ${STATE_OK};
         fi
-      else 
+      else
         echo "$execpos" > $tmpfile
         echo "OK: Slave SQL running: ${check} Slave IO running: ${checkio} / master: ${masterinfo} / slave is ${delayinfo} seconds behind master | delay=${delayinfo}s"; exit ${STATE_OK};
       fi
diff --git a/data/conf/phpfpm/crons/keycloak-sync.php b/data/conf/phpfpm/crons/keycloak-sync.php
index 8c2e66584..c9655a8ec 100644
--- a/data/conf/phpfpm/crons/keycloak-sync.php
+++ b/data/conf/phpfpm/crons/keycloak-sync.php
@@ -130,7 +130,7 @@ while (true) {
   curl_close($ch);
 
   if ($code != 200){
-    logMsg("err", "Recieved HTTP {$code}");
+    logMsg("err", "Received HTTP {$code}");
     session_destroy();
     exit;
   }
@@ -141,7 +141,7 @@ while (true) {
     break;
   }
   if (!is_array($response)){
-    logMsg("err", "Recieved malformed response from keycloak api");
+    logMsg("err", "Received malformed response from keycloak api");
     break;
   }
   if (count($response) == 0) {
diff --git a/data/web/inc/triggers.user.inc.php b/data/web/inc/triggers.user.inc.php
index 64282b075..5c66e8b92 100644
--- a/data/web/inc/triggers.user.inc.php
+++ b/data/web/inc/triggers.user.inc.php
@@ -21,7 +21,7 @@ if ($iam_provider){
     }
   } elseif ($_GET['code'] && $_GET['state'] === $_SESSION['oauth2state']) {
     // Check given state against previously stored one to mitigate CSRF attack
-    // Recieved access token in $_GET['code']
+    // Received access token in $_GET['code']
     // extract info and verify user
     identity_provider('verify-sso');
   }
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 1876836de..5d6911e91 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -624,7 +624,7 @@
         "alias": "Edit alias",
         "allow_from_smtp": "Only allow these IPs to use <b>SMTP</b>",
         "allow_from_smtp_info": "Leave empty to allow all senders.<br>IPv4/IPv6 addresses and networks.",
-        "allowed_protocols": "Allowed protocols",
+        "allowed_protocols": "Allowed protocols for direct user access (does not affect app password protocols)",
         "app_name": "App name",
         "app_passwd": "App password",
         "app_passwd_protocols": "Allowed protocols for app password",
@@ -844,7 +844,7 @@
         "all_domains": "All Domains",
         "allow_from_smtp": "Only allow these IPs to use <b>SMTP</b>",
         "allow_from_smtp_info": "Leave empty to allow all senders.<br>IPv4/IPv6 addresses and networks.",
-        "allowed_protocols": "Allowed protocols for direct user access (does not affect app password protocols)",
+        "allowed_protocols": "Allowed protocols",
         "backup_mx": "Relay domain",
         "bcc": "BCC",
         "bcc_destination": "BCC destination",
diff --git a/data/web/lang/lang.ja-jp.json b/data/web/lang/lang.ja-jp.json
index ffd0a5bd3..74c04248c 100644
--- a/data/web/lang/lang.ja-jp.json
+++ b/data/web/lang/lang.ja-jp.json
@@ -581,7 +581,7 @@
         "alias": "エイリアスを編集",
         "allow_from_smtp": "<b>SMTP</b>を使用するこれらのIPのみを許可",
         "allow_from_smtp_info": "すべての送信者を許可するには空欄にしてください。<br>IPv4/IPv6アドレスおよびネットワークを指定できます。",
-        "allowed_protocols": "許可されたプロトコル",
+        "allowed_protocols": "直接ユーザーアクセスで許可されるプロトコル（アプリパスワードプロトコルには影響しません）",
         "app_name": "アプリ名",
         "app_passwd": "アプリパスワード",
         "app_passwd_protocols": "アプリパスワードで許可されるプロトコル",
@@ -798,7 +798,7 @@
         "all_domains": "すべてのドメイン",
         "allow_from_smtp": "<b>SMTP</b>を使用するこれらのIPのみを許可",
         "allow_from_smtp_info": "すべての送信者を許可するには空欄にしてください。<br>IPv4/IPv6アドレスおよびネットワークを指定可能。",
-        "allowed_protocols": "直接ユーザーアクセスで許可されるプロトコル（アプリパスワードプロトコルには影響しません）",
+        "allowed_protocols": "許可されたプロトコル",
         "backup_mx": "リレードメイン",
         "bcc": "BCC",
         "bcc_destination": "BCC送信先",
diff --git a/data/web/lang/lang.pt-br.json b/data/web/lang/lang.pt-br.json
index 57e79ede8..57a4abd3d 100644
--- a/data/web/lang/lang.pt-br.json
+++ b/data/web/lang/lang.pt-br.json
@@ -581,7 +581,7 @@
         "alias": "Editar alias",
         "allow_from_smtp": "<b>Permita que esses IPs usem apenas SMTP</b>",
         "allow_from_smtp_info": "Deixe em branco para permitir todos os remetentes. Endereços e <br>redes IPv4/IPv6.",
-        "allowed_protocols": "Protocolos permitidos",
+        "allowed_protocols": "Protocolos permitidos para acesso direto do usuário (não afeta os protocolos de senha do aplicativo)",
         "app_name": "Nome do aplicativo",
         "app_passwd": "Senha do aplicativo",
         "app_passwd_protocols": "Protocolos permitidos para a senha do aplicativo",
@@ -793,7 +793,7 @@
         "all_domains": "Todos os domínios",
         "allow_from_smtp": "<b>Permita que esses IPs usem apenas SMTP</b>",
         "allow_from_smtp_info": "Deixe em branco para permitir todos os remetentes. Endereços e <br>redes IPv4/IPv6.",
-        "allowed_protocols": "Protocolos permitidos para acesso direto do usuário (não afeta os protocolos de senha do aplicativo)",
+        "allowed_protocols": "Protocolos permitidos",
         "backup_mx": "Domínio de retransmissão",
         "bcc": "BCC",
         "bcc_destination": "Destino BCC",
diff --git a/data/web/lang/lang.tr-tr.json b/data/web/lang/lang.tr-tr.json
index 73513e3c0..aa1b90df1 100644
--- a/data/web/lang/lang.tr-tr.json
+++ b/data/web/lang/lang.tr-tr.json
@@ -482,7 +482,7 @@
         "sender_acl_disabled": "<span class=\\\"label label-danger\\\">Gönderen denetimi devre dışı</span>",
         "allow_from_smtp": "Yalnızca bu IP'lerin <b>SMTP</b> kullanmasına izin verin",
         "allow_from_smtp_info": "Tüm gönderenlere izin vermek için boş bırakın.<br>IPv4/IPv6 adresleri ve ağları.",
-        "allowed_protocols": "İzin verilen protokoller",
+        "allowed_protocols": "Doğrudan kullanıcı erişimi için izin verilen protokoller (uygulama parola protokollerini etkilemez)",
         "app_name": "Uygulama adı",
         "app_passwd": "Uygulama şifresi",
         "app_passwd_protocols": "Uygulama şifresi için izin verilen protokoller",
@@ -782,7 +782,7 @@
         "aliases": "Takma Adlar",
         "all_domains": "Tüm Alan Adları",
         "allow_from_smtp": "Yalnızca bu IP'lerin <b>SMTP</b> kullanmasına izin verin",
-        "allowed_protocols": "Doğrudan kullanıcı erişimi için izin verilen protokoller (uygulama parola protokollerini etkilemez)",
+        "allowed_protocols": "İzin verilen protokoller",
         "backup_mx": "Geçiş alanı",
         "bcc": "BCC",
         "bcc_destination": "Gizli hedef",
diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index 0740253a1..70a48a91a 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -554,7 +554,7 @@
         "alias": "编辑别名",
         "allow_from_smtp": "只允许这些 IP 使用 <b>SMTP</b>",
         "allow_from_smtp_info": "留空以允许所有发送者。<br>IPv4/IPv6 地址和网络。",
-        "allowed_protocols": "允许的协议",
+        "allowed_protocols": "允许用户直接访问的协议 (不会影响应用的密码协议)",
         "app_name": "应用名称",
         "app_passwd": "应用密码",
         "app_passwd_protocols": "应用密码允许的协议",
@@ -770,7 +770,7 @@
         "all_domains": "全部域名",
         "allow_from_smtp": "只允许这些 IP 使用 <b>SMTP</b>",
         "allow_from_smtp_info": "留空以允许所有发送者。<br>IPv4/IPv6 地址或网络。",
-        "allowed_protocols": "允许用户直接访问的协议 (不会影响应用的密码协议)",
+        "allowed_protocols": "允许的协议",
         "backup_mx": "中继域名",
         "bcc": "BCC",
         "bcc_destination": "BCC 目标地址",
diff --git a/data/web/lang/lang.zh-tw.json b/data/web/lang/lang.zh-tw.json
index 63ac5df04..aaa6d756f 100644
--- a/data/web/lang/lang.zh-tw.json
+++ b/data/web/lang/lang.zh-tw.json
@@ -553,7 +553,7 @@
         "alias": "編輯別名",
         "allow_from_smtp": "只允許這些 IP 使用 <b>SMTP</b>",
         "allow_from_smtp_info": "留空將允許所有寄件人<br>IPv4/IPv6 地址或網路",
-        "allowed_protocols": "允許的協定",
+        "allowed_protocols": "使用者直接存取時允許的協定 (不影響應用程式密碼所能使用的協定)",
         "app_name": "應用程式名稱",
         "app_passwd": "應用程式密碼",
         "app_passwd_protocols": "應用程式密碼允許的協定",
@@ -763,7 +763,7 @@
         "all_domains": "所有域名",
         "allow_from_smtp": "只允許這些 IP 使用<b>SMTP</b>",
         "allow_from_smtp_info": "留空以允許所有發送者<br>IPv4/IPv6 地址或網路",
-        "allowed_protocols": "使用者直接存取時允許的協定 (不影響應用程式密碼所能使用的協定)",
+        "allowed_protocols": "允許的協定",
         "backup_mx": "中繼域名",
         "bcc": "密件副本",
         "bcc_destination": "密件副本目標地址",
diff --git a/update.sh b/update.sh
index 5a258b529..ea2fcf17f 100755
--- a/update.sh
+++ b/update.sh
@@ -911,7 +911,7 @@ while (($#)); do
   --skip-start         -   Do not start mailcow after update
   --skip-ping-check    -   Skip ICMP Check to public DNS resolvers (Use it only if you'\''ve blocked any ICMP Connections to your mailcow machine)
   --stable             -   Switch your mailcow updates to the stable (master) branch. Default unless you changed it with --nightly or --legacy.
-  --legacy             -   Switch your mailcow updates to the legacy branch. The legacy branch will only recieve security updates until February 2026.
+  --legacy             -   Switch your mailcow updates to the legacy branch. The legacy branch will only receive security updates until February 2026.
   -f|--force           -   Force update, do not ask questions
   -d|--dev             -   Enables Developer Mode (No Checkout of update.sh for tests)
 '
@@ -1318,7 +1318,7 @@ if ! [ "$NEW_BRANCH" ]; then
     echo -e "\e[33mTo change that run the update.sh Script one time with the --stable parameter to switch to stable builds.\e[0m"
 
   elif [ "${BRANCH}" == "legacy" ]; then
-    echo -e "\e[31mYou are receiving legacy updates. The legacy branch will only recieve security updates until February 2026.\e[0m"
+    echo -e "\e[31mYou are receiving legacy updates. The legacy branch will only receive security updates until February 2026.\e[0m"
     sleep 1
     echo -e "\e[33mTo change that run the update.sh Script one time with the --stable parameter to switch to stable builds.\e[0m"
 

From fcb1b29c890ca2cd5e6718b7cec9c078d3a5251a Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 26 Mar 2025 08:32:34 +0100
Subject: [PATCH 532/755] [Web] Fix SOGo access after Passwordless auth

---
 data/web/inc/functions.inc.php            | 17 ++++++++++-------
 data/web/inc/triggers.admin.inc.php       |  7 ++++++-
 data/web/inc/triggers.domainadmin.inc.php |  7 ++++++-
 data/web/inc/triggers.user.inc.php        |  6 +++++-
 4 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 3593ff2c4..6a70eb6e3 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1385,6 +1385,7 @@ function fido2($_data) {
       );
     break;
     case "verify":
+      $role = "";
       $tokenData = json_decode($_data['token']);
       $clientDataJSON = base64_decode($tokenData->clientDataJSON);
       $authenticatorData = base64_decode($tokenData->authenticatorData);
@@ -1418,17 +1419,17 @@ function fido2($_data) {
       $stmt->execute(array(':username' => $process_fido2['username']));
       $obj_props = $stmt->fetch(PDO::FETCH_ASSOC);
       if ($obj_props['superadmin'] === 1 && (!$_data['user'] || $_data['user'] == "admin")) {
-        $_SESSION["mailcow_cc_role"] = "admin";
+        $role = "admin";
       }
       elseif ($obj_props['superadmin'] === 0 && (!$_data['user'] || $_data['user'] == "domainadmin")) {
-        $_SESSION["mailcow_cc_role"] = "domainadmin";
+        $role = "domainadmin";
       }
       elseif (!isset($obj_props['superadmin']) && (!$_data['user'] || $_data['user'] == "user")) {
         $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `username` = :username");
         $stmt->execute(array(':username' => $process_fido2['username']));
         $row = $stmt->fetch(PDO::FETCH_ASSOC);
         if ($row['username'] == $process_fido2['username']) {
-          $_SESSION["mailcow_cc_role"] = "user";
+          $role = "user";
         }
       }
       else {
@@ -1439,7 +1440,7 @@ function fido2($_data) {
         );
         return false;
       }
-      if (empty($_SESSION["mailcow_cc_role"])) {
+      if (empty($role)) {
         session_unset();
         session_destroy();
         $_SESSION['return'][] =  array(
@@ -1449,15 +1450,17 @@ function fido2($_data) {
         );
         return false;
       }
-      $_SESSION["mailcow_cc_username"] = $process_fido2['username'];
-      $_SESSION["fido2_cid"] = $process_fido2['cid'];
       unset($_SESSION["challenge"]);
       $_SESSION['return'][] =  array(
         'type' => 'success',
         'log' => array("fido2_login", $_data['user'], $process_fido2['username']),
         'msg' => array('logged_in_as', $process_fido2['username'])
       );
-      return true;
+      return array(
+        "role" => $role,
+        "username" => $process_fido2['username'],
+        "cid" => $process_fido2['cid']
+      );
     break;
   }
 }
diff --git a/data/web/inc/triggers.admin.inc.php b/data/web/inc/triggers.admin.inc.php
index 883d9fd5c..df46a459c 100644
--- a/data/web/inc/triggers.admin.inc.php
+++ b/data/web/inc/triggers.admin.inc.php
@@ -19,11 +19,16 @@ if (isset($_POST["verify_tfa_login"])) {
   unset($_SESSION['pending_tfa_methods']);
 }
 if (isset($_POST["verify_fido2_login"])) {
-  fido2(array(
+  $res = fido2(array(
     "action" => "verify",
     "token" => $_POST["token"],
     "user" => "admin"
   ));
+  if (is_array($res) && $res['role'] == "admin" && !empty($res['username'])){
+    $_SESSION["mailcow_cc_username"] = $res['username'];
+    $_SESSION["mailcow_cc_role"] = $res['role'];
+    $_SESSION["fido2_cid"] = $res['cid'];
+  }
   exit;
 }
 
diff --git a/data/web/inc/triggers.domainadmin.inc.php b/data/web/inc/triggers.domainadmin.inc.php
index dd1c653bd..a9f913688 100644
--- a/data/web/inc/triggers.domainadmin.inc.php
+++ b/data/web/inc/triggers.domainadmin.inc.php
@@ -30,11 +30,16 @@ if (isset($_POST["verify_tfa_login"])) {
   unset($_SESSION['pending_tfa_methods']);
 }
 if (isset($_POST["verify_fido2_login"])) {
-  fido2(array(
+  $res = fido2(array(
     "action" => "verify",
     "token" => $_POST["token"],
     "user" => "domainadmin"
   ));
+  if (is_array($res) && $res['role'] == "domainadmin" && !empty($res['username'])){
+    $_SESSION["mailcow_cc_username"] = $res['username'];
+    $_SESSION["mailcow_cc_role"] = $res['role'];
+    $_SESSION["fido2_cid"] = $res['cid'];
+  }
   exit;
 }
 
diff --git a/data/web/inc/triggers.user.inc.php b/data/web/inc/triggers.user.inc.php
index 64282b075..842fad14a 100644
--- a/data/web/inc/triggers.user.inc.php
+++ b/data/web/inc/triggers.user.inc.php
@@ -84,11 +84,15 @@ if (isset($_POST["verify_tfa_login"])) {
   unset($_SESSION['pending_tfa_methods']);
 }
 if (isset($_POST["verify_fido2_login"])) {
-  fido2(array(
+  $res = fido2(array(
     "action" => "verify",
     "token" => $_POST["token"],
     "user" => "user"
   ));
+  if (is_array($res) && $res['role'] == "user" && !empty($res['username'])){
+    set_user_loggedin_session($res['username']);
+    $_SESSION["fido2_cid"] = $res['cid'];
+  }
   exit;
 }
 

From 348107dae84119f824b1e100073d8d30edcb2a05 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 26 Mar 2025 09:13:05 +0100
Subject: [PATCH 533/755] [Web] Fix oauth2 redirect after user login

---
 data/web/inc/triggers.user.inc.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/data/web/inc/triggers.user.inc.php b/data/web/inc/triggers.user.inc.php
index 64282b075..c6835037f 100644
--- a/data/web/inc/triggers.user.inc.php
+++ b/data/web/inc/triggers.user.inc.php
@@ -66,6 +66,14 @@ if (isset($_POST["verify_tfa_login"])) {
         die();
       } else {
         set_user_loggedin_session($_SESSION['pending_mailcow_cc_username']);
+
+        if (isset($_SESSION['oauth2_request'])) {
+          $oauth2_request = $_SESSION['oauth2_request'];
+          unset($_SESSION['oauth2_request']);
+          header('Location: ' . $oauth2_request);
+          die();
+        }
+
         $user_details = mailbox("get", "mailbox_details", $_SESSION['mailcow_cc_username']);
         $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
         if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual) {
@@ -118,6 +126,12 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
         header("Location: /mobileconfig.php");
         die();
     }
+    if (isset($_SESSION['oauth2_request'])) {
+      $oauth2_request = $_SESSION['oauth2_request'];
+      unset($_SESSION['oauth2_request']);
+      header('Location: ' . $oauth2_request);
+      die();
+    }
 
     $user_details = mailbox("get", "mailbox_details", $login_user);
     $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;

From 21b11ed99923a0c26b32f26b6663d2dbbab7ce81 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 26 Mar 2025 09:24:03 +0100
Subject: [PATCH 534/755] [Swagger] Fix type property for /api/v1/add/bcc
 endpoint

---
 data/web/api/openapi.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/data/web/api/openapi.yaml b/data/web/api/openapi.yaml
index f1ad31eb3..afab5fb0c 100644
--- a/data/web/api/openapi.yaml
+++ b/data/web/api/openapi.yaml
@@ -346,7 +346,8 @@ paths:
                   description: the domain which emails should be forwarded
                   type: string
                 type:
-                  description: the type of bcc map can be `sender` or `recipient`
+                  description: the type of bcc map can be `sender` or `rcpt`
+                  enum: [sender, rcpt]
                   type: string
               type: object
       summary: Create BCC Map

From 95aa35e133d4c23498ce21d977478c038f7b1f8d Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 26 Mar 2025 10:10:22 +0100
Subject: [PATCH 535/755] [Web] Check if mailbox is active before renaming

---
 data/web/inc/functions.mailbox.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index bb9b23045..d5daeddcd 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -3324,7 +3324,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           }
 
           $is_now = mailbox('get', 'mailbox_details', $old_username);
-          if (empty($is_now)) {
+          if (empty($is_now) || ($is_now['active'] != '1' && $is_now['active'] != '2')) {
             $_SESSION['return'][] = array(
               'type' => 'danger',
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),

From a5ca3353dae37b338778b7faf6f9d471f5081701 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 26 Mar 2025 10:59:56 +0100
Subject: [PATCH 536/755] [Web] Use absolute paths for flag SVGs

---
 data/web/css/build/007-languages.min.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/css/build/007-languages.min.css b/data/web/css/build/007-languages.min.css
index 864e338df..9d8cb205d 100644
--- a/data/web/css/build/007-languages.min.css
+++ b/data/web/css/build/007-languages.min.css
@@ -1 +1 @@
-.flag-icon-background{background-size:contain;background-position:50%;background-repeat:no-repeat}.flag-icon{background-size:contain;background-position:50%;background-repeat:no-repeat;position:relative;display:inline-block;width:1.33333333em;line-height:1em}.flag-icon:before{content:'\00a0'}.flag-icon.flag-icon-squared{width:1em}.flag-icon-ad{background-image:url(../flags/4x3/ad.svg)}.flag-icon-ad.flag-icon-squared{background-image:url(../flags/1x1/ad.svg)}.flag-icon-ae{background-image:url(../flags/4x3/ae.svg)}.flag-icon-ae.flag-icon-squared{background-image:url(../flags/1x1/ae.svg)}.flag-icon-af{background-image:url(../flags/4x3/af.svg)}.flag-icon-af.flag-icon-squared{background-image:url(../flags/1x1/af.svg)}.flag-icon-ag{background-image:url(../flags/4x3/ag.svg)}.flag-icon-ag.flag-icon-squared{background-image:url(../flags/1x1/ag.svg)}.flag-icon-ai{background-image:url(../flags/4x3/ai.svg)}.flag-icon-ai.flag-icon-squared{background-image:url(../flags/1x1/ai.svg)}.flag-icon-al{background-image:url(../flags/4x3/al.svg)}.flag-icon-al.flag-icon-squared{background-image:url(../flags/1x1/al.svg)}.flag-icon-am{background-image:url(../flags/4x3/am.svg)}.flag-icon-am.flag-icon-squared{background-image:url(../flags/1x1/am.svg)}.flag-icon-ao{background-image:url(../flags/4x3/ao.svg)}.flag-icon-ao.flag-icon-squared{background-image:url(../flags/1x1/ao.svg)}.flag-icon-aq{background-image:url(../flags/4x3/aq.svg)}.flag-icon-aq.flag-icon-squared{background-image:url(../flags/1x1/aq.svg)}.flag-icon-ar{background-image:url(../flags/4x3/ar.svg)}.flag-icon-ar.flag-icon-squared{background-image:url(../flags/1x1/ar.svg)}.flag-icon-as{background-image:url(../flags/4x3/as.svg)}.flag-icon-as.flag-icon-squared{background-image:url(../flags/1x1/as.svg)}.flag-icon-at{background-image:url(../flags/4x3/at.svg)}.flag-icon-at.flag-icon-squared{background-image:url(../flags/1x1/at.svg)}.flag-icon-au{background-image:url(../flags/4x3/au.svg)}.flag-icon-au.flag-icon-squared{background-image:url(../flags/1x1/au.svg)}.flag-icon-aw{background-image:url(../flags/4x3/aw.svg)}.flag-icon-aw.flag-icon-squared{background-image:url(../flags/1x1/aw.svg)}.flag-icon-ax{background-image:url(../flags/4x3/ax.svg)}.flag-icon-ax.flag-icon-squared{background-image:url(../flags/1x1/ax.svg)}.flag-icon-az{background-image:url(../flags/4x3/az.svg)}.flag-icon-az.flag-icon-squared{background-image:url(../flags/1x1/az.svg)}.flag-icon-ba{background-image:url(../flags/4x3/ba.svg)}.flag-icon-ba.flag-icon-squared{background-image:url(../flags/1x1/ba.svg)}.flag-icon-bb{background-image:url(../flags/4x3/bb.svg)}.flag-icon-bb.flag-icon-squared{background-image:url(../flags/1x1/bb.svg)}.flag-icon-bd{background-image:url(../flags/4x3/bd.svg)}.flag-icon-bd.flag-icon-squared{background-image:url(../flags/1x1/bd.svg)}.flag-icon-be{background-image:url(../flags/4x3/be.svg)}.flag-icon-be.flag-icon-squared{background-image:url(../flags/1x1/be.svg)}.flag-icon-bf{background-image:url(../flags/4x3/bf.svg)}.flag-icon-bf.flag-icon-squared{background-image:url(../flags/1x1/bf.svg)}.flag-icon-bg{background-image:url(../flags/4x3/bg.svg)}.flag-icon-bg.flag-icon-squared{background-image:url(../flags/1x1/bg.svg)}.flag-icon-bh{background-image:url(../flags/4x3/bh.svg)}.flag-icon-bh.flag-icon-squared{background-image:url(../flags/1x1/bh.svg)}.flag-icon-bi{background-image:url(../flags/4x3/bi.svg)}.flag-icon-bi.flag-icon-squared{background-image:url(../flags/1x1/bi.svg)}.flag-icon-bj{background-image:url(../flags/4x3/bj.svg)}.flag-icon-bj.flag-icon-squared{background-image:url(../flags/1x1/bj.svg)}.flag-icon-bl{background-image:url(../flags/4x3/bl.svg)}.flag-icon-bl.flag-icon-squared{background-image:url(../flags/1x1/bl.svg)}.flag-icon-bm{background-image:url(../flags/4x3/bm.svg)}.flag-icon-bm.flag-icon-squared{background-image:url(../flags/1x1/bm.svg)}.flag-icon-bn{background-image:url(../flags/4x3/bn.svg)}.flag-icon-bn.flag-icon-squared{background-image:url(../flags/1x1/bn.svg)}.flag-icon-bo{background-image:url(../flags/4x3/bo.svg)}.flag-icon-bo.flag-icon-squared{background-image:url(../flags/1x1/bo.svg)}.flag-icon-bq{background-image:url(../flags/4x3/bq.svg)}.flag-icon-bq.flag-icon-squared{background-image:url(../flags/1x1/bq.svg)}.flag-icon-br{background-image:url(../flags/4x3/br.svg)}.flag-icon-br.flag-icon-squared{background-image:url(../flags/1x1/br.svg)}.flag-icon-bs{background-image:url(../flags/4x3/bs.svg)}.flag-icon-bs.flag-icon-squared{background-image:url(../flags/1x1/bs.svg)}.flag-icon-bt{background-image:url(../flags/4x3/bt.svg)}.flag-icon-bt.flag-icon-squared{background-image:url(../flags/1x1/bt.svg)}.flag-icon-bv{background-image:url(../flags/4x3/bv.svg)}.flag-icon-bv.flag-icon-squared{background-image:url(../flags/1x1/bv.svg)}.flag-icon-bw{background-image:url(../flags/4x3/bw.svg)}.flag-icon-bw.flag-icon-squared{background-image:url(../flags/1x1/bw.svg)}.flag-icon-by{background-image:url(../flags/4x3/by.svg)}.flag-icon-by.flag-icon-squared{background-image:url(../flags/1x1/by.svg)}.flag-icon-bz{background-image:url(../flags/4x3/bz.svg)}.flag-icon-bz.flag-icon-squared{background-image:url(../flags/1x1/bz.svg)}.flag-icon-ca{background-image:url(../flags/4x3/ca.svg)}.flag-icon-ca.flag-icon-squared{background-image:url(../flags/1x1/ca.svg)}.flag-icon-cc{background-image:url(../flags/4x3/cc.svg)}.flag-icon-cc.flag-icon-squared{background-image:url(../flags/1x1/cc.svg)}.flag-icon-cd{background-image:url(../flags/4x3/cd.svg)}.flag-icon-cd.flag-icon-squared{background-image:url(../flags/1x1/cd.svg)}.flag-icon-cf{background-image:url(../flags/4x3/cf.svg)}.flag-icon-cf.flag-icon-squared{background-image:url(../flags/1x1/cf.svg)}.flag-icon-cg{background-image:url(../flags/4x3/cg.svg)}.flag-icon-cg.flag-icon-squared{background-image:url(../flags/1x1/cg.svg)}.flag-icon-ch{background-image:url(../flags/4x3/ch.svg)}.flag-icon-ch.flag-icon-squared{background-image:url(../flags/1x1/ch.svg)}.flag-icon-ci{background-image:url(../flags/4x3/ci.svg)}.flag-icon-ci.flag-icon-squared{background-image:url(../flags/1x1/ci.svg)}.flag-icon-ck{background-image:url(../flags/4x3/ck.svg)}.flag-icon-ck.flag-icon-squared{background-image:url(../flags/1x1/ck.svg)}.flag-icon-cl{background-image:url(../flags/4x3/cl.svg)}.flag-icon-cl.flag-icon-squared{background-image:url(../flags/1x1/cl.svg)}.flag-icon-cm{background-image:url(../flags/4x3/cm.svg)}.flag-icon-cm.flag-icon-squared{background-image:url(../flags/1x1/cm.svg)}.flag-icon-zh{background-image:url(../flags/4x3/zh.svg)}.flag-iconzh.flag-icon-squared{background-image:url(../flags/1x1/zh.svg)}.flag-icon-cn{background-image:url(../flags/4x3/cn.svg)}.flag-icon-cn.flag-icon-squared{background-image:url(../flags/1x1/cn.svg)}.flag-icon-co{background-image:url(../flags/4x3/co.svg)}.flag-icon-co.flag-icon-squared{background-image:url(../flags/1x1/co.svg)}.flag-icon-cr{background-image:url(../flags/4x3/cr.svg)}.flag-icon-cr.flag-icon-squared{background-image:url(../flags/1x1/cr.svg)}.flag-icon-cu{background-image:url(../flags/4x3/cu.svg)}.flag-icon-cu.flag-icon-squared{background-image:url(../flags/1x1/cu.svg)}.flag-icon-cv{background-image:url(../flags/4x3/cv.svg)}.flag-icon-cv.flag-icon-squared{background-image:url(../flags/1x1/cv.svg)}.flag-icon-cw{background-image:url(../flags/4x3/cw.svg)}.flag-icon-cw.flag-icon-squared{background-image:url(../flags/1x1/cw.svg)}.flag-icon-cx{background-image:url(../flags/4x3/cx.svg)}.flag-icon-cx.flag-icon-squared{background-image:url(../flags/1x1/cx.svg)}.flag-icon-cy{background-image:url(../flags/4x3/cy.svg)}.flag-icon-cy.flag-icon-squared{background-image:url(../flags/1x1/cy.svg)}.flag-icon-cz{background-image:url(../flags/4x3/cz.svg)}.flag-icon-cz.flag-icon-squared{background-image:url(../flags/1x1/cz.svg)}.flag-icon-cs{background-image:url(../flags/4x3/cs.svg)}.flag-icon-cs.flag-icon-squared{background-image:url(../flags/1x1/cs.svg)}.flag-icon-de{background-image:url(../flags/4x3/de.svg)}.flag-icon-de.flag-icon-squared{background-image:url(../flags/1x1/de.svg)}.flag-icon-dj{background-image:url(../flags/4x3/dj.svg)}.flag-icon-dj.flag-icon-squared{background-image:url(../flags/1x1/dj.svg)}.flag-icon-da{background-image:url(../flags/4x3/da.svg)}.flag-icon-da.flag-icon-squared{background-image:url(../flags/1x1/d.svg)}.flag-icon-dk{background-image:url(../flags/4x3/dk.svg)}.flag-icon-dk.flag-icon-squared{background-image:url(../flags/1x1/dk.svg)}.flag-icon-dm{background-image:url(../flags/4x3/dm.svg)}.flag-icon-dm.flag-icon-squared{background-image:url(../flags/1x1/dm.svg)}.flag-icon-do{background-image:url(../flags/4x3/do.svg)}.flag-icon-do.flag-icon-squared{background-image:url(../flags/1x1/do.svg)}.flag-icon-dz{background-image:url(../flags/4x3/dz.svg)}.flag-icon-dz.flag-icon-squared{background-image:url(../flags/1x1/dz.svg)}.flag-icon-ec{background-image:url(../flags/4x3/ec.svg)}.flag-icon-ec.flag-icon-squared{background-image:url(../flags/1x1/ec.svg)}.flag-icon-ee{background-image:url(../flags/4x3/ee.svg)}.flag-icon-ee.flag-icon-squared{background-image:url(../flags/1x1/ee.svg)}.flag-icon-eg{background-image:url(../flags/4x3/eg.svg)}.flag-icon-eg.flag-icon-squared{background-image:url(../flags/1x1/eg.svg)}.flag-icon-eh{background-image:url(../flags/4x3/eh.svg)}.flag-icon-eh.flag-icon-squared{background-image:url(../flags/1x1/eh.svg)}.flag-icon-er{background-image:url(../flags/4x3/er.svg)}.flag-icon-er.flag-icon-squared{background-image:url(../flags/1x1/er.svg)}.flag-icon-es{background-image:url(../flags/4x3/es.svg)}.flag-icon-es.flag-icon-squared{background-image:url(../flags/1x1/es.svg)}.flag-icon-et{background-image:url(../flags/4x3/et.svg)}.flag-icon-et.flag-icon-squared{background-image:url(../flags/1x1/et.svg)}.flag-icon-fi{background-image:url(../flags/4x3/fi.svg)}.flag-icon-fi.flag-icon-squared{background-image:url(../flags/1x1/fi.svg)}.flag-icon-fj{background-image:url(../flags/4x3/fj.svg)}.flag-icon-fj.flag-icon-squared{background-image:url(../flags/1x1/fj.svg)}.flag-icon-fk{background-image:url(../flags/4x3/fk.svg)}.flag-icon-fk.flag-icon-squared{background-image:url(../flags/1x1/fk.svg)}.flag-icon-fm{background-image:url(../flags/4x3/fm.svg)}.flag-icon-fm.flag-icon-squared{background-image:url(../flags/1x1/fm.svg)}.flag-icon-fo{background-image:url(../flags/4x3/fo.svg)}.flag-icon-fo.flag-icon-squared{background-image:url(../flags/1x1/fo.svg)}.flag-icon-fr{background-image:url(../flags/4x3/fr.svg)}.flag-icon-fr.flag-icon-squared{background-image:url(../flags/1x1/fr.svg)}.flag-icon-ga{background-image:url(../flags/4x3/ga.svg)}.flag-icon-ga.flag-icon-squared{background-image:url(../flags/1x1/ga.svg)}.flag-icon-gb{background-image:url(../flags/4x3/en.svg)}.flag-icon-gb.flag-icon-squared{background-image:url(../flags/1x1/en.svg)}.flag-icon-gd{background-image:url(../flags/4x3/gd.svg)}.flag-icon-gd.flag-icon-squared{background-image:url(../flags/1x1/gd.svg)}.flag-icon-ge{background-image:url(../flags/4x3/ge.svg)}.flag-icon-ge.flag-icon-squared{background-image:url(../flags/1x1/ge.svg)}.flag-icon-gf{background-image:url(../flags/4x3/gf.svg)}.flag-icon-gf.flag-icon-squared{background-image:url(../flags/1x1/gf.svg)}.flag-icon-gg{background-image:url(../flags/4x3/gg.svg)}.flag-icon-gg.flag-icon-squared{background-image:url(../flags/1x1/gg.svg)}.flag-icon-gh{background-image:url(../flags/4x3/gh.svg)}.flag-icon-gh.flag-icon-squared{background-image:url(../flags/1x1/gh.svg)}.flag-icon-gi{background-image:url(../flags/4x3/gi.svg)}.flag-icon-gi.flag-icon-squared{background-image:url(../flags/1x1/gi.svg)}.flag-icon-gl{background-image:url(../flags/4x3/gl.svg)}.flag-icon-gl.flag-icon-squared{background-image:url(../flags/1x1/gl.svg)}.flag-icon-gm{background-image:url(../flags/4x3/gm.svg)}.flag-icon-gm.flag-icon-squared{background-image:url(../flags/1x1/gm.svg)}.flag-icon-gn{background-image:url(../flags/4x3/gn.svg)}.flag-icon-gn.flag-icon-squared{background-image:url(../flags/1x1/gn.svg)}.flag-icon-gp{background-image:url(../flags/4x3/gp.svg)}.flag-icon-gp.flag-icon-squared{background-image:url(../flags/1x1/gp.svg)}.flag-icon-gq{background-image:url(../flags/4x3/gq.svg)}.flag-icon-gq.flag-icon-squared{background-image:url(../flags/1x1/gq.svg)}.flag-icon-gr{background-image:url(../flags/4x3/gr.svg)}.flag-icon-gr.flag-icon-squared{background-image:url(../flags/1x1/gr.svg)}.flag-icon-gs{background-image:url(../flags/4x3/gs.svg)}.flag-icon-gs.flag-icon-squared{background-image:url(../flags/1x1/gs.svg)}.flag-icon-gt{background-image:url(../flags/4x3/gt.svg)}.flag-icon-gt.flag-icon-squared{background-image:url(../flags/1x1/gt.svg)}.flag-icon-gu{background-image:url(../flags/4x3/gu.svg)}.flag-icon-gu.flag-icon-squared{background-image:url(../flags/1x1/gu.svg)}.flag-icon-gw{background-image:url(../flags/4x3/gw.svg)}.flag-icon-gw.flag-icon-squared{background-image:url(../flags/1x1/gw.svg)}.flag-icon-gy{background-image:url(../flags/4x3/gy.svg)}.flag-icon-gy.flag-icon-squared{background-image:url(../flags/1x1/gy.svg)}.flag-icon-hk{background-image:url(../flags/4x3/hk.svg)}.flag-icon-hk.flag-icon-squared{background-image:url(../flags/1x1/hk.svg)}.flag-icon-hm{background-image:url(../flags/4x3/hm.svg)}.flag-icon-hm.flag-icon-squared{background-image:url(../flags/1x1/hm.svg)}.flag-icon-hn{background-image:url(../flags/4x3/hn.svg)}.flag-icon-hn.flag-icon-squared{background-image:url(../flags/1x1/hn.svg)}.flag-icon-hr{background-image:url(../flags/4x3/hr.svg)}.flag-icon-hr.flag-icon-squared{background-image:url(../flags/1x1/hr.svg)}.flag-icon-ht{background-image:url(../flags/4x3/ht.svg)}.flag-icon-ht.flag-icon-squared{background-image:url(../flags/1x1/ht.svg)}.flag-icon-hu{background-image:url(../flags/4x3/hu.svg)}.flag-icon-hu.flag-icon-squared{background-image:url(../flags/1x1/hu.svg)}.flag-icon-id{background-image:url(../flags/4x3/id.svg)}.flag-icon-id.flag-icon-squared{background-image:url(../flags/1x1/id.svg)}.flag-icon-ie{background-image:url(../flags/4x3/ie.svg)}.flag-icon-ie.flag-icon-squared{background-image:url(../flags/1x1/ie.svg)}.flag-icon-il{background-image:url(../flags/4x3/il.svg)}.flag-icon-il.flag-icon-squared{background-image:url(../flags/1x1/il.svg)}.flag-icon-im{background-image:url(../flags/4x3/im.svg)}.flag-icon-im.flag-icon-squared{background-image:url(../flags/1x1/im.svg)}.flag-icon-in{background-image:url(../flags/4x3/in.svg)}.flag-icon-in.flag-icon-squared{background-image:url(../flags/1x1/in.svg)}.flag-icon-io{background-image:url(../flags/4x3/io.svg)}.flag-icon-io.flag-icon-squared{background-image:url(../flags/1x1/io.svg)}.flag-icon-iq{background-image:url(../flags/4x3/iq.svg)}.flag-icon-iq.flag-icon-squared{background-image:url(../flags/1x1/iq.svg)}.flag-icon-ir{background-image:url(../flags/4x3/ir.svg)}.flag-icon-ir.flag-icon-squared{background-image:url(../flags/1x1/ir.svg)}.flag-icon-is{background-image:url(../flags/4x3/is.svg)}.flag-icon-is.flag-icon-squared{background-image:url(../flags/1x1/is.svg)}.flag-icon-it{background-image:url(../flags/4x3/it.svg)}.flag-icon-it.flag-icon-squared{background-image:url(../flags/1x1/it.svg)}.flag-icon-je{background-image:url(../flags/4x3/je.svg)}.flag-icon-je.flag-icon-squared{background-image:url(../flags/1x1/je.svg)}.flag-icon-jm{background-image:url(../flags/4x3/jm.svg)}.flag-icon-jm.flag-icon-squared{background-image:url(../flags/1x1/jm.svg)}.flag-icon-jo{background-image:url(../flags/4x3/jo.svg)}.flag-icon-jo.flag-icon-squared{background-image:url(../flags/1x1/jo.svg)}.flag-icon-jp{background-image:url(../flags/4x3/jp.svg)}.flag-icon-jp.flag-icon-squared{background-image:url(../flags/1x1/jp.svg)}.flag-icon-ke{background-image:url(../flags/4x3/ke.svg)}.flag-icon-ke.flag-icon-squared{background-image:url(../flags/1x1/ke.svg)}.flag-icon-kg{background-image:url(../flags/4x3/kg.svg)}.flag-icon-kg.flag-icon-squared{background-image:url(../flags/1x1/kg.svg)}.flag-icon-kh{background-image:url(../flags/4x3/kh.svg)}.flag-icon-kh.flag-icon-squared{background-image:url(../flags/1x1/kh.svg)}.flag-icon-ki{background-image:url(../flags/4x3/ki.svg)}.flag-icon-ki.flag-icon-squared{background-image:url(../flags/1x1/ki.svg)}.flag-icon-km{background-image:url(../flags/4x3/km.svg)}.flag-icon-km.flag-icon-squared{background-image:url(../flags/1x1/km.svg)}.flag-icon-kn{background-image:url(../flags/4x3/kn.svg)}.flag-icon-kn.flag-icon-squared{background-image:url(../flags/1x1/kn.svg)}.flag-icon-kp{background-image:url(../flags/4x3/kp.svg)}.flag-icon-kp.flag-icon-squared{background-image:url(../flags/1x1/kp.svg)}.flag-icon-ko{background-image:url(../flags/4x3/ko.svg)}.flag-icon-ko.flag-icon-squared{background-image:url(../flags/1x1/ko.svg)}.flag-icon-kr{background-image:url(../flags/4x3/kr.svg)}.flag-icon-kr.flag-icon-squared{background-image:url(../flags/1x1/kr.svg)}.flag-icon-kw{background-image:url(../flags/4x3/kw.svg)}.flag-icon-kw.flag-icon-squared{background-image:url(../flags/1x1/kw.svg)}.flag-icon-ky{background-image:url(../flags/4x3/ky.svg)}.flag-icon-ky.flag-icon-squared{background-image:url(../flags/1x1/ky.svg)}.flag-icon-kz{background-image:url(../flags/4x3/kz.svg)}.flag-icon-kz.flag-icon-squared{background-image:url(../flags/1x1/kz.svg)}.flag-icon-la{background-image:url(../flags/4x3/la.svg)}.flag-icon-la.flag-icon-squared{background-image:url(../flags/1x1/la.svg)}.flag-icon-lb{background-image:url(../flags/4x3/lb.svg)}.flag-icon-lb.flag-icon-squared{background-image:url(../flags/1x1/lb.svg)}.flag-icon-lc{background-image:url(../flags/4x3/lc.svg)}.flag-icon-lc.flag-icon-squared{background-image:url(../flags/1x1/lc.svg)}.flag-icon-li{background-image:url(../flags/4x3/li.svg)}.flag-icon-li.flag-icon-squared{background-image:url(../flags/1x1/li.svg)}.flag-icon-lk{background-image:url(../flags/4x3/lk.svg)}.flag-icon-lk.flag-icon-squared{background-image:url(../flags/1x1/lk.svg)}.flag-icon-lr{background-image:url(../flags/4x3/lr.svg)}.flag-icon-lr.flag-icon-squared{background-image:url(../flags/1x1/lr.svg)}.flag-icon-ls{background-image:url(../flags/4x3/ls.svg)}.flag-icon-ls.flag-icon-squared{background-image:url(../flags/1x1/ls.svg)}.flag-icon-lt{background-image:url(../flags/4x3/lt.svg)}.flag-icon-lt.flag-icon-squared{background-image:url(../flags/1x1/lt.svg)}.flag-icon-lu{background-image:url(../flags/4x3/lu.svg)}.flag-icon-lu.flag-icon-squared{background-image:url(../flags/1x1/lu.svg)}.flag-icon-lv{background-image:url(../flags/4x3/lv.svg)}.flag-icon-lv.flag-icon-squared{background-image:url(../flags/1x1/lv.svg)}.flag-icon-ly{background-image:url(../flags/4x3/ly.svg)}.flag-icon-ly.flag-icon-squared{background-image:url(../flags/1x1/ly.svg)}.flag-icon-ma{background-image:url(../flags/4x3/ma.svg)}.flag-icon-ma.flag-icon-squared{background-image:url(../flags/1x1/ma.svg)}.flag-icon-mc{background-image:url(../flags/4x3/mc.svg)}.flag-icon-mc.flag-icon-squared{background-image:url(../flags/1x1/mc.svg)}.flag-icon-md{background-image:url(../flags/4x3/md.svg)}.flag-icon-md.flag-icon-squared{background-image:url(../flags/1x1/md.svg)}.flag-icon-me{background-image:url(../flags/4x3/me.svg)}.flag-icon-me.flag-icon-squared{background-image:url(../flags/1x1/me.svg)}.flag-icon-mf{background-image:url(../flags/4x3/mf.svg)}.flag-icon-mf.flag-icon-squared{background-image:url(../flags/1x1/mf.svg)}.flag-icon-mg{background-image:url(../flags/4x3/mg.svg)}.flag-icon-mg.flag-icon-squared{background-image:url(../flags/1x1/mg.svg)}.flag-icon-mh{background-image:url(../flags/4x3/mh.svg)}.flag-icon-mh.flag-icon-squared{background-image:url(../flags/1x1/mh.svg)}.flag-icon-mk{background-image:url(../flags/4x3/mk.svg)}.flag-icon-mk.flag-icon-squared{background-image:url(../flags/1x1/mk.svg)}.flag-icon-ml{background-image:url(../flags/4x3/ml.svg)}.flag-icon-ml.flag-icon-squared{background-image:url(../flags/1x1/ml.svg)}.flag-icon-mm{background-image:url(../flags/4x3/mm.svg)}.flag-icon-mm.flag-icon-squared{background-image:url(../flags/1x1/mm.svg)}.flag-icon-mn{background-image:url(../flags/4x3/mn.svg)}.flag-icon-mn.flag-icon-squared{background-image:url(../flags/1x1/mn.svg)}.flag-icon-mo{background-image:url(../flags/4x3/mo.svg)}.flag-icon-mo.flag-icon-squared{background-image:url(../flags/1x1/mo.svg)}.flag-icon-mp{background-image:url(../flags/4x3/mp.svg)}.flag-icon-mp.flag-icon-squared{background-image:url(../flags/1x1/mp.svg)}.flag-icon-mq{background-image:url(../flags/4x3/mq.svg)}.flag-icon-mq.flag-icon-squared{background-image:url(../flags/1x1/mq.svg)}.flag-icon-mr{background-image:url(../flags/4x3/mr.svg)}.flag-icon-mr.flag-icon-squared{background-image:url(../flags/1x1/mr.svg)}.flag-icon-ms{background-image:url(../flags/4x3/ms.svg)}.flag-icon-ms.flag-icon-squared{background-image:url(../flags/1x1/ms.svg)}.flag-icon-mt{background-image:url(../flags/4x3/mt.svg)}.flag-icon-mt.flag-icon-squared{background-image:url(../flags/1x1/mt.svg)}.flag-icon-mu{background-image:url(../flags/4x3/mu.svg)}.flag-icon-mu.flag-icon-squared{background-image:url(../flags/1x1/mu.svg)}.flag-icon-mv{background-image:url(../flags/4x3/mv.svg)}.flag-icon-mv.flag-icon-squared{background-image:url(../flags/1x1/mv.svg)}.flag-icon-mw{background-image:url(../flags/4x3/mw.svg)}.flag-icon-mw.flag-icon-squared{background-image:url(../flags/1x1/mw.svg)}.flag-icon-mx{background-image:url(../flags/4x3/mx.svg)}.flag-icon-mx.flag-icon-squared{background-image:url(../flags/1x1/mx.svg)}.flag-icon-my{background-image:url(../flags/4x3/my.svg)}.flag-icon-my.flag-icon-squared{background-image:url(../flags/1x1/my.svg)}.flag-icon-mz{background-image:url(../flags/4x3/mz.svg)}.flag-icon-mz.flag-icon-squared{background-image:url(../flags/1x1/mz.svg)}.flag-icon-na{background-image:url(../flags/4x3/na.svg)}.flag-icon-na.flag-icon-squared{background-image:url(../flags/1x1/na.svg)}.flag-icon-nc{background-image:url(../flags/4x3/nc.svg)}.flag-icon-nc.flag-icon-squared{background-image:url(../flags/1x1/nc.svg)}.flag-icon-ne{background-image:url(../flags/4x3/ne.svg)}.flag-icon-ne.flag-icon-squared{background-image:url(../flags/1x1/ne.svg)}.flag-icon-nf{background-image:url(../flags/4x3/nf.svg)}.flag-icon-nf.flag-icon-squared{background-image:url(../flags/1x1/nf.svg)}.flag-icon-ng{background-image:url(../flags/4x3/ng.svg)}.flag-icon-ng.flag-icon-squared{background-image:url(../flags/1x1/ng.svg)}.flag-icon-ni{background-image:url(../flags/4x3/ni.svg)}.flag-icon-ni.flag-icon-squared{background-image:url(../flags/1x1/ni.svg)}.flag-icon-nl{background-image:url(../flags/4x3/nl.svg)}.flag-icon-nl.flag-icon-squared{background-image:url(../flags/1x1/nl.svg)}.flag-icon-no{background-image:url(../flags/4x3/no.svg)}.flag-icon-no.flag-icon-squared{background-image:url(../flags/1x1/no.svg)}.flag-icon-np{background-image:url(../flags/4x3/np.svg)}.flag-icon-np.flag-icon-squared{background-image:url(../flags/1x1/np.svg)}.flag-icon-nr{background-image:url(../flags/4x3/nr.svg)}.flag-icon-nr.flag-icon-squared{background-image:url(../flags/1x1/nr.svg)}.flag-icon-nu{background-image:url(../flags/4x3/nu.svg)}.flag-icon-nu.flag-icon-squared{background-image:url(../flags/1x1/nu.svg)}.flag-icon-nz{background-image:url(../flags/4x3/nz.svg)}.flag-icon-nz.flag-icon-squared{background-image:url(../flags/1x1/nz.svg)}.flag-icon-om{background-image:url(../flags/4x3/om.svg)}.flag-icon-om.flag-icon-squared{background-image:url(../flags/1x1/om.svg)}.flag-icon-pa{background-image:url(../flags/4x3/pa.svg)}.flag-icon-pa.flag-icon-squared{background-image:url(../flags/1x1/pa.svg)}.flag-icon-pe{background-image:url(../flags/4x3/pe.svg)}.flag-icon-pe.flag-icon-squared{background-image:url(../flags/1x1/pe.svg)}.flag-icon-pf{background-image:url(../flags/4x3/pf.svg)}.flag-icon-pf.flag-icon-squared{background-image:url(../flags/1x1/pf.svg)}.flag-icon-pg{background-image:url(../flags/4x3/pg.svg)}.flag-icon-pg.flag-icon-squared{background-image:url(../flags/1x1/pg.svg)}.flag-icon-ph{background-image:url(../flags/4x3/ph.svg)}.flag-icon-ph.flag-icon-squared{background-image:url(../flags/1x1/ph.svg)}.flag-icon-pk{background-image:url(../flags/4x3/pk.svg)}.flag-icon-pk.flag-icon-squared{background-image:url(../flags/1x1/pk.svg)}.flag-icon-pl{background-image:url(../flags/4x3/pl.svg)}.flag-icon-pl.flag-icon-squared{background-image:url(../flags/1x1/pl.svg)}.flag-icon-pm{background-image:url(../flags/4x3/pm.svg)}.flag-icon-pm.flag-icon-squared{background-image:url(../flags/1x1/pm.svg)}.flag-icon-pn{background-image:url(../flags/4x3/pn.svg)}.flag-icon-pn.flag-icon-squared{background-image:url(../flags/1x1/pn.svg)}.flag-icon-pr{background-image:url(../flags/4x3/pr.svg)}.flag-icon-pr.flag-icon-squared{background-image:url(../flags/1x1/pr.svg)}.flag-icon-ps{background-image:url(../flags/4x3/ps.svg)}.flag-icon-ps.flag-icon-squared{background-image:url(../flags/1x1/ps.svg)}.flag-icon-pt{background-image:url(../flags/4x3/pt.svg)}.flag-icon-pt.flag-icon-squared{background-image:url(../flags/1x1/pt.svg)}.flag-icon-pw{background-image:url(../flags/4x3/pw.svg)}.flag-icon-pw.flag-icon-squared{background-image:url(../flags/1x1/pw.svg)}.flag-icon-py{background-image:url(../flags/4x3/py.svg)}.flag-icon-py.flag-icon-squared{background-image:url(../flags/1x1/py.svg)}.flag-icon-qa{background-image:url(../flags/4x3/qa.svg)}.flag-icon-qa.flag-icon-squared{background-image:url(../flags/1x1/qa.svg)}.flag-icon-re{background-image:url(../flags/4x3/re.svg)}.flag-icon-re.flag-icon-squared{background-image:url(../flags/1x1/re.svg)}.flag-icon-ro{background-image:url(../flags/4x3/ro.svg)}.flag-icon-ro.flag-icon-squared{background-image:url(../flags/1x1/ro.svg)}.flag-icon-rs{background-image:url(../flags/4x3/rs.svg)}.flag-icon-rs.flag-icon-squared{background-image:url(../flags/1x1/rs.svg)}.flag-icon-ru{background-image:url(../flags/4x3/ru.svg)}.flag-icon-ru.flag-icon-squared{background-image:url(../flags/1x1/ru.svg)}.flag-icon-rw{background-image:url(../flags/4x3/rw.svg)}.flag-icon-rw.flag-icon-squared{background-image:url(../flags/1x1/rw.svg)}.flag-icon-sa{background-image:url(../flags/4x3/sa.svg)}.flag-icon-sa.flag-icon-squared{background-image:url(../flags/1x1/sa.svg)}.flag-icon-sb{background-image:url(../flags/4x3/sb.svg)}.flag-icon-sb.flag-icon-squared{background-image:url(../flags/1x1/sb.svg)}.flag-icon-sc{background-image:url(../flags/4x3/sc.svg)}.flag-icon-sc.flag-icon-squared{background-image:url(../flags/1x1/sc.svg)}.flag-icon-sd{background-image:url(../flags/4x3/sd.svg)}.flag-icon-sd.flag-icon-squared{background-image:url(../flags/1x1/sd.svg)}.flag-icon-se{background-image:url(../flags/4x3/se.svg)}.flag-icon-se.flag-icon-squared{background-image:url(../flags/1x1/se.svg)}.flag-icon-sg{background-image:url(../flags/4x3/sg.svg)}.flag-icon-sg.flag-icon-squared{background-image:url(../flags/1x1/sg.svg)}.flag-icon-sh{background-image:url(../flags/4x3/sh.svg)}.flag-icon-sh.flag-icon-squared{background-image:url(../flags/1x1/sh.svg)}.flag-icon-si{background-image:url(../flags/4x3/si.svg)}.flag-icon-si.flag-icon-squared{background-image:url(../flags/1x1/si.svg)}.flag-icon-sj{background-image:url(../flags/4x3/sj.svg)}.flag-icon-sj.flag-icon-squared{background-image:url(../flags/1x1/sj.svg)}.flag-icon-sk{background-image:url(../flags/4x3/sk.svg)}.flag-icon-sk.flag-icon-squared{background-image:url(../flags/1x1/sk.svg)}.flag-icon-sl{background-image:url(../flags/4x3/sl.svg)}.flag-icon-sl.flag-icon-squared{background-image:url(../flags/1x1/sl.svg)}.flag-icon-sm{background-image:url(../flags/4x3/sm.svg)}.flag-icon-sm.flag-icon-squared{background-image:url(../flags/1x1/sm.svg)}.flag-icon-sn{background-image:url(../flags/4x3/sn.svg)}.flag-icon-sn.flag-icon-squared{background-image:url(../flags/1x1/sn.svg)}.flag-icon-so{background-image:url(../flags/4x3/so.svg)}.flag-icon-so.flag-icon-squared{background-image:url(../flags/1x1/so.svg)}.flag-icon-sr{background-image:url(../flags/4x3/sr.svg)}.flag-icon-sr.flag-icon-squared{background-image:url(../flags/1x1/sr.svg)}.flag-icon-ss{background-image:url(../flags/4x3/ss.svg)}.flag-icon-ss.flag-icon-squared{background-image:url(../flags/1x1/ss.svg)}.flag-icon-st{background-image:url(../flags/4x3/st.svg)}.flag-icon-st.flag-icon-squared{background-image:url(../flags/1x1/st.svg)}.flag-icon-sv{background-image:url(../flags/4x3/sv.svg)}.flag-icon-sv.flag-icon-squared{background-image:url(../flags/1x1/sv.svg)}.flag-icon-sx{background-image:url(../flags/4x3/sx.svg)}.flag-icon-sx.flag-icon-squared{background-image:url(../flags/1x1/sx.svg)}.flag-icon-sy{background-image:url(../flags/4x3/sy.svg)}.flag-icon-sy.flag-icon-squared{background-image:url(../flags/1x1/sy.svg)}.flag-icon-sz{background-image:url(../flags/4x3/sz.svg)}.flag-icon-sz.flag-icon-squared{background-image:url(../flags/1x1/sz.svg)}.flag-icon-tc{background-image:url(../flags/4x3/tc.svg)}.flag-icon-tc.flag-icon-squared{background-image:url(../flags/1x1/tc.svg)}.flag-icon-td{background-image:url(../flags/4x3/td.svg)}.flag-icon-td.flag-icon-squared{background-image:url(../flags/1x1/td.svg)}.flag-icon-tf{background-image:url(../flags/4x3/tf.svg)}.flag-icon-tf.flag-icon-squared{background-image:url(../flags/1x1/tf.svg)}.flag-icon-tg{background-image:url(../flags/4x3/tg.svg)}.flag-icon-tg.flag-icon-squared{background-image:url(../flags/1x1/tg.svg)}.flag-icon-th{background-image:url(../flags/4x3/th.svg)}.flag-icon-th.flag-icon-squared{background-image:url(../flags/1x1/th.svg)}.flag-icon-tj{background-image:url(../flags/4x3/tj.svg)}.flag-icon-tj.flag-icon-squared{background-image:url(../flags/1x1/tj.svg)}.flag-icon-tk{background-image:url(../flags/4x3/tk.svg)}.flag-icon-tk.flag-icon-squared{background-image:url(../flags/1x1/tk.svg)}.flag-icon-tl{background-image:url(../flags/4x3/tl.svg)}.flag-icon-tl.flag-icon-squared{background-image:url(../flags/1x1/tl.svg)}.flag-icon-tm{background-image:url(../flags/4x3/tm.svg)}.flag-icon-tm.flag-icon-squared{background-image:url(../flags/1x1/tm.svg)}.flag-icon-tn{background-image:url(../flags/4x3/tn.svg)}.flag-icon-tn.flag-icon-squared{background-image:url(../flags/1x1/tn.svg)}.flag-icon-to{background-image:url(../flags/4x3/to.svg)}.flag-icon-to.flag-icon-squared{background-image:url(../flags/1x1/to.svg)}.flag-icon-tr{background-image:url(../flags/4x3/tr.svg)}.flag-icon-tr.flag-icon-squared{background-image:url(../flags/1x1/tr.svg)}.flag-icon-tt{background-image:url(../flags/4x3/tt.svg)}.flag-icon-tt.flag-icon-squared{background-image:url(../flags/1x1/tt.svg)}.flag-icon-tv{background-image:url(../flags/4x3/tv.svg)}.flag-icon-tv.flag-icon-squared{background-image:url(../flags/1x1/tv.svg)}.flag-icon-tw{background-image:url(../flags/4x3/tw.svg)}.flag-icon-tw.flag-icon-squared{background-image:url(../flags/1x1/tw.svg)}.flag-icon-tz{background-image:url(../flags/4x3/tz.svg)}.flag-icon-tz.flag-icon-squared{background-image:url(../flags/1x1/tz.svg)}.flag-icon-ua{background-image:url(../flags/4x3/ua.svg)}.flag-icon-ua.flag-icon-squared{background-image:url(../flags/1x1/ua.svg)}.flag-icon-ug{background-image:url(../flags/4x3/ug.svg)}.flag-icon-ug.flag-icon-squared{background-image:url(../flags/1x1/ug.svg)}.flag-icon-um{background-image:url(../flags/4x3/um.svg)}.flag-icon-um.flag-icon-squared{background-image:url(../flags/1x1/um.svg)}.flag-icon-us{background-image:url(../flags/4x3/us.svg)}.flag-icon-us.flag-icon-squared{background-image:url(../flags/1x1/us.svg)}.flag-icon-uy{background-image:url(../flags/4x3/uy.svg)}.flag-icon-uy.flag-icon-squared{background-image:url(../flags/1x1/uy.svg)}.flag-icon-uz{background-image:url(../flags/4x3/uz.svg)}.flag-icon-uz.flag-icon-squared{background-image:url(../flags/1x1/uz.svg)}.flag-icon-va{background-image:url(../flags/4x3/va.svg)}.flag-icon-va.flag-icon-squared{background-image:url(../flags/1x1/va.svg)}.flag-icon-vc{background-image:url(../flags/4x3/vc.svg)}.flag-icon-vc.flag-icon-squared{background-image:url(../flags/1x1/vc.svg)}.flag-icon-ve{background-image:url(../flags/4x3/ve.svg)}.flag-icon-ve.flag-icon-squared{background-image:url(../flags/1x1/ve.svg)}.flag-icon-vg{background-image:url(../flags/4x3/vg.svg)}.flag-icon-vg.flag-icon-squared{background-image:url(../flags/1x1/vg.svg)}.flag-icon-vi{background-image:url(../flags/4x3/vi.svg)}.flag-icon-vi.flag-icon-squared{background-image:url(../flags/1x1/vi.svg)}.flag-icon-vn{background-image:url(../flags/4x3/vn.svg)}.flag-icon-vn.flag-icon-squared{background-image:url(../flags/1x1/vn.svg)}.flag-icon-vu{background-image:url(../flags/4x3/vu.svg)}.flag-icon-vu.flag-icon-squared{background-image:url(../flags/1x1/vu.svg)}.flag-icon-wf{background-image:url(../flags/4x3/wf.svg)}.flag-icon-wf.flag-icon-squared{background-image:url(../flags/1x1/wf.svg)}.flag-icon-ws{background-image:url(../flags/4x3/ws.svg)}.flag-icon-ws.flag-icon-squared{background-image:url(../flags/1x1/ws.svg)}.flag-icon-ye{background-image:url(../flags/4x3/ye.svg)}.flag-icon-ye.flag-icon-squared{background-image:url(../flags/1x1/ye.svg)}.flag-icon-yt{background-image:url(../flags/4x3/yt.svg)}.flag-icon-yt.flag-icon-squared{background-image:url(../flags/1x1/yt.svg)}.flag-icon-za{background-image:url(../flags/4x3/za.svg)}.flag-icon-za.flag-icon-squared{background-image:url(../flags/1x1/za.svg)}.flag-icon-zm{background-image:url(../flags/4x3/zm.svg)}.flag-icon-zm.flag-icon-squared{background-image:url(../flags/1x1/zm.svg)}.flag-icon-zw{background-image:url(../flags/4x3/zw.svg)}.flag-icon-zw.flag-icon-squared{background-image:url(../flags/1x1/zw.svg)}.flag-icon-es-ct{background-image:url(../flags/4x3/es-ct.svg)}.flag-icon-es-ct.flag-icon-squared{background-image:url(../flags/1x1/es-ct.svg)}.flag-icon-es-ga{background-image:url(../flags/4x3/es-ga.svg)}.flag-icon-es-ga.flag-icon-squared{background-image:url(../flags/1x1/es-ga.svg)}.flag-icon-eu{background-image:url(../flags/4x3/eu.svg)}.flag-icon-eu.flag-icon-squared{background-image:url(../flags/1x1/eu.svg)}.flag-icon-gb-eng{background-image:url(../flags/4x3/gb-eng.svg)}.flag-icon-gb-eng.flag-icon-squared{background-image:url(../flags/1x1/gb-eng.svg)}.flag-icon-gb-nir{background-image:url(../flags/4x3/gb-nir.svg)}.flag-icon-gb-nir.flag-icon-squared{background-image:url(../flags/1x1/gb-nir.svg)}.flag-icon-gb-sct{background-image:url(../flags/4x3/gb-sct.svg)}.flag-icon-gb-sct.flag-icon-squared{background-image:url(../flags/1x1/gb-sct.svg)}.flag-icon-gb-wls{background-image:url(../flags/4x3/gb-wls.svg)}.flag-icon-gb-wls.flag-icon-squared{background-image:url(../flags/1x1/gb-wls.svg)}.flag-icon-un{background-image:url(../flags/4x3/un.svg)}.flag-icon-un.flag-icon-squared{background-image:url(../flags/1x1/un.svg)}.flag-icon-xk{background-image:url(../flags/4x3/xk.svg)}.flag-icon-xk.flag-icon-squared{background-image:url(../flags/1x1/xk.svg)}
+.flag-icon-background{background-size:contain;background-position:50%;background-repeat:no-repeat}.flag-icon{background-size:contain;background-position:50%;background-repeat:no-repeat;position:relative;display:inline-block;width:1.33333333em;line-height:1em}.flag-icon:before{content:'\00a0'}.flag-icon.flag-icon-squared{width:1em}.flag-icon-ad{background-image:url(/css/flags/4x3/ad.svg)}.flag-icon-ad.flag-icon-squared{background-image:url(/css/flags/1x1/ad.svg)}.flag-icon-ae{background-image:url(/css/flags/4x3/ae.svg)}.flag-icon-ae.flag-icon-squared{background-image:url(/css/flags/1x1/ae.svg)}.flag-icon-af{background-image:url(/css/flags/4x3/af.svg)}.flag-icon-af.flag-icon-squared{background-image:url(/css/flags/1x1/af.svg)}.flag-icon-ag{background-image:url(/css/flags/4x3/ag.svg)}.flag-icon-ag.flag-icon-squared{background-image:url(/css/flags/1x1/ag.svg)}.flag-icon-ai{background-image:url(/css/flags/4x3/ai.svg)}.flag-icon-ai.flag-icon-squared{background-image:url(/css/flags/1x1/ai.svg)}.flag-icon-al{background-image:url(/css/flags/4x3/al.svg)}.flag-icon-al.flag-icon-squared{background-image:url(/css/flags/1x1/al.svg)}.flag-icon-am{background-image:url(/css/flags/4x3/am.svg)}.flag-icon-am.flag-icon-squared{background-image:url(/css/flags/1x1/am.svg)}.flag-icon-ao{background-image:url(/css/flags/4x3/ao.svg)}.flag-icon-ao.flag-icon-squared{background-image:url(/css/flags/1x1/ao.svg)}.flag-icon-aq{background-image:url(/css/flags/4x3/aq.svg)}.flag-icon-aq.flag-icon-squared{background-image:url(/css/flags/1x1/aq.svg)}.flag-icon-ar{background-image:url(/css/flags/4x3/ar.svg)}.flag-icon-ar.flag-icon-squared{background-image:url(/css/flags/1x1/ar.svg)}.flag-icon-as{background-image:url(/css/flags/4x3/as.svg)}.flag-icon-as.flag-icon-squared{background-image:url(/css/flags/1x1/as.svg)}.flag-icon-at{background-image:url(/css/flags/4x3/at.svg)}.flag-icon-at.flag-icon-squared{background-image:url(/css/flags/1x1/at.svg)}.flag-icon-au{background-image:url(/css/flags/4x3/au.svg)}.flag-icon-au.flag-icon-squared{background-image:url(/css/flags/1x1/au.svg)}.flag-icon-aw{background-image:url(/css/flags/4x3/aw.svg)}.flag-icon-aw.flag-icon-squared{background-image:url(/css/flags/1x1/aw.svg)}.flag-icon-ax{background-image:url(/css/flags/4x3/ax.svg)}.flag-icon-ax.flag-icon-squared{background-image:url(/css/flags/1x1/ax.svg)}.flag-icon-az{background-image:url(/css/flags/4x3/az.svg)}.flag-icon-az.flag-icon-squared{background-image:url(/css/flags/1x1/az.svg)}.flag-icon-ba{background-image:url(/css/flags/4x3/ba.svg)}.flag-icon-ba.flag-icon-squared{background-image:url(/css/flags/1x1/ba.svg)}.flag-icon-bb{background-image:url(/css/flags/4x3/bb.svg)}.flag-icon-bb.flag-icon-squared{background-image:url(/css/flags/1x1/bb.svg)}.flag-icon-bd{background-image:url(/css/flags/4x3/bd.svg)}.flag-icon-bd.flag-icon-squared{background-image:url(/css/flags/1x1/bd.svg)}.flag-icon-be{background-image:url(/css/flags/4x3/be.svg)}.flag-icon-be.flag-icon-squared{background-image:url(/css/flags/1x1/be.svg)}.flag-icon-bf{background-image:url(/css/flags/4x3/bf.svg)}.flag-icon-bf.flag-icon-squared{background-image:url(/css/flags/1x1/bf.svg)}.flag-icon-bg{background-image:url(/css/flags/4x3/bg.svg)}.flag-icon-bg.flag-icon-squared{background-image:url(/css/flags/1x1/bg.svg)}.flag-icon-bh{background-image:url(/css/flags/4x3/bh.svg)}.flag-icon-bh.flag-icon-squared{background-image:url(/css/flags/1x1/bh.svg)}.flag-icon-bi{background-image:url(/css/flags/4x3/bi.svg)}.flag-icon-bi.flag-icon-squared{background-image:url(/css/flags/1x1/bi.svg)}.flag-icon-bj{background-image:url(/css/flags/4x3/bj.svg)}.flag-icon-bj.flag-icon-squared{background-image:url(/css/flags/1x1/bj.svg)}.flag-icon-bl{background-image:url(/css/flags/4x3/bl.svg)}.flag-icon-bl.flag-icon-squared{background-image:url(/css/flags/1x1/bl.svg)}.flag-icon-bm{background-image:url(/css/flags/4x3/bm.svg)}.flag-icon-bm.flag-icon-squared{background-image:url(/css/flags/1x1/bm.svg)}.flag-icon-bn{background-image:url(/css/flags/4x3/bn.svg)}.flag-icon-bn.flag-icon-squared{background-image:url(/css/flags/1x1/bn.svg)}.flag-icon-bo{background-image:url(/css/flags/4x3/bo.svg)}.flag-icon-bo.flag-icon-squared{background-image:url(/css/flags/1x1/bo.svg)}.flag-icon-bq{background-image:url(/css/flags/4x3/bq.svg)}.flag-icon-bq.flag-icon-squared{background-image:url(/css/flags/1x1/bq.svg)}.flag-icon-br{background-image:url(/css/flags/4x3/br.svg)}.flag-icon-br.flag-icon-squared{background-image:url(/css/flags/1x1/br.svg)}.flag-icon-bs{background-image:url(/css/flags/4x3/bs.svg)}.flag-icon-bs.flag-icon-squared{background-image:url(/css/flags/1x1/bs.svg)}.flag-icon-bt{background-image:url(/css/flags/4x3/bt.svg)}.flag-icon-bt.flag-icon-squared{background-image:url(/css/flags/1x1/bt.svg)}.flag-icon-bv{background-image:url(/css/flags/4x3/bv.svg)}.flag-icon-bv.flag-icon-squared{background-image:url(/css/flags/1x1/bv.svg)}.flag-icon-bw{background-image:url(/css/flags/4x3/bw.svg)}.flag-icon-bw.flag-icon-squared{background-image:url(/css/flags/1x1/bw.svg)}.flag-icon-by{background-image:url(/css/flags/4x3/by.svg)}.flag-icon-by.flag-icon-squared{background-image:url(/css/flags/1x1/by.svg)}.flag-icon-bz{background-image:url(/css/flags/4x3/bz.svg)}.flag-icon-bz.flag-icon-squared{background-image:url(/css/flags/1x1/bz.svg)}.flag-icon-ca{background-image:url(/css/flags/4x3/ca.svg)}.flag-icon-ca.flag-icon-squared{background-image:url(/css/flags/1x1/ca.svg)}.flag-icon-cc{background-image:url(/css/flags/4x3/cc.svg)}.flag-icon-cc.flag-icon-squared{background-image:url(/css/flags/1x1/cc.svg)}.flag-icon-cd{background-image:url(/css/flags/4x3/cd.svg)}.flag-icon-cd.flag-icon-squared{background-image:url(/css/flags/1x1/cd.svg)}.flag-icon-cf{background-image:url(/css/flags/4x3/cf.svg)}.flag-icon-cf.flag-icon-squared{background-image:url(/css/flags/1x1/cf.svg)}.flag-icon-cg{background-image:url(/css/flags/4x3/cg.svg)}.flag-icon-cg.flag-icon-squared{background-image:url(/css/flags/1x1/cg.svg)}.flag-icon-ch{background-image:url(/css/flags/4x3/ch.svg)}.flag-icon-ch.flag-icon-squared{background-image:url(/css/flags/1x1/ch.svg)}.flag-icon-ci{background-image:url(/css/flags/4x3/ci.svg)}.flag-icon-ci.flag-icon-squared{background-image:url(/css/flags/1x1/ci.svg)}.flag-icon-ck{background-image:url(/css/flags/4x3/ck.svg)}.flag-icon-ck.flag-icon-squared{background-image:url(/css/flags/1x1/ck.svg)}.flag-icon-cl{background-image:url(/css/flags/4x3/cl.svg)}.flag-icon-cl.flag-icon-squared{background-image:url(/css/flags/1x1/cl.svg)}.flag-icon-cm{background-image:url(/css/flags/4x3/cm.svg)}.flag-icon-cm.flag-icon-squared{background-image:url(/css/flags/1x1/cm.svg)}.flag-icon-zh{background-image:url(/css/flags/4x3/zh.svg)}.flag-iconzh.flag-icon-squared{background-image:url(/css/flags/1x1/zh.svg)}.flag-icon-cn{background-image:url(/css/flags/4x3/cn.svg)}.flag-icon-cn.flag-icon-squared{background-image:url(/css/flags/1x1/cn.svg)}.flag-icon-co{background-image:url(/css/flags/4x3/co.svg)}.flag-icon-co.flag-icon-squared{background-image:url(/css/flags/1x1/co.svg)}.flag-icon-cr{background-image:url(/css/flags/4x3/cr.svg)}.flag-icon-cr.flag-icon-squared{background-image:url(/css/flags/1x1/cr.svg)}.flag-icon-cu{background-image:url(/css/flags/4x3/cu.svg)}.flag-icon-cu.flag-icon-squared{background-image:url(/css/flags/1x1/cu.svg)}.flag-icon-cv{background-image:url(/css/flags/4x3/cv.svg)}.flag-icon-cv.flag-icon-squared{background-image:url(/css/flags/1x1/cv.svg)}.flag-icon-cw{background-image:url(/css/flags/4x3/cw.svg)}.flag-icon-cw.flag-icon-squared{background-image:url(/css/flags/1x1/cw.svg)}.flag-icon-cx{background-image:url(/css/flags/4x3/cx.svg)}.flag-icon-cx.flag-icon-squared{background-image:url(/css/flags/1x1/cx.svg)}.flag-icon-cy{background-image:url(/css/flags/4x3/cy.svg)}.flag-icon-cy.flag-icon-squared{background-image:url(/css/flags/1x1/cy.svg)}.flag-icon-cz{background-image:url(/css/flags/4x3/cz.svg)}.flag-icon-cz.flag-icon-squared{background-image:url(/css/flags/1x1/cz.svg)}.flag-icon-cs{background-image:url(/css/flags/4x3/cs.svg)}.flag-icon-cs.flag-icon-squared{background-image:url(/css/flags/1x1/cs.svg)}.flag-icon-de{background-image:url(/css/flags/4x3/de.svg)}.flag-icon-de.flag-icon-squared{background-image:url(/css/flags/1x1/de.svg)}.flag-icon-dj{background-image:url(/css/flags/4x3/dj.svg)}.flag-icon-dj.flag-icon-squared{background-image:url(/css/flags/1x1/dj.svg)}.flag-icon-da{background-image:url(/css/flags/4x3/da.svg)}.flag-icon-da.flag-icon-squared{background-image:url(/css/flags/1x1/d.svg)}.flag-icon-dk{background-image:url(/css/flags/4x3/dk.svg)}.flag-icon-dk.flag-icon-squared{background-image:url(/css/flags/1x1/dk.svg)}.flag-icon-dm{background-image:url(/css/flags/4x3/dm.svg)}.flag-icon-dm.flag-icon-squared{background-image:url(/css/flags/1x1/dm.svg)}.flag-icon-do{background-image:url(/css/flags/4x3/do.svg)}.flag-icon-do.flag-icon-squared{background-image:url(/css/flags/1x1/do.svg)}.flag-icon-dz{background-image:url(/css/flags/4x3/dz.svg)}.flag-icon-dz.flag-icon-squared{background-image:url(/css/flags/1x1/dz.svg)}.flag-icon-ec{background-image:url(/css/flags/4x3/ec.svg)}.flag-icon-ec.flag-icon-squared{background-image:url(/css/flags/1x1/ec.svg)}.flag-icon-ee{background-image:url(/css/flags/4x3/ee.svg)}.flag-icon-ee.flag-icon-squared{background-image:url(/css/flags/1x1/ee.svg)}.flag-icon-eg{background-image:url(/css/flags/4x3/eg.svg)}.flag-icon-eg.flag-icon-squared{background-image:url(/css/flags/1x1/eg.svg)}.flag-icon-eh{background-image:url(/css/flags/4x3/eh.svg)}.flag-icon-eh.flag-icon-squared{background-image:url(/css/flags/1x1/eh.svg)}.flag-icon-er{background-image:url(/css/flags/4x3/er.svg)}.flag-icon-er.flag-icon-squared{background-image:url(/css/flags/1x1/er.svg)}.flag-icon-es{background-image:url(/css/flags/4x3/es.svg)}.flag-icon-es.flag-icon-squared{background-image:url(/css/flags/1x1/es.svg)}.flag-icon-et{background-image:url(/css/flags/4x3/et.svg)}.flag-icon-et.flag-icon-squared{background-image:url(/css/flags/1x1/et.svg)}.flag-icon-fi{background-image:url(/css/flags/4x3/fi.svg)}.flag-icon-fi.flag-icon-squared{background-image:url(/css/flags/1x1/fi.svg)}.flag-icon-fj{background-image:url(/css/flags/4x3/fj.svg)}.flag-icon-fj.flag-icon-squared{background-image:url(/css/flags/1x1/fj.svg)}.flag-icon-fk{background-image:url(/css/flags/4x3/fk.svg)}.flag-icon-fk.flag-icon-squared{background-image:url(/css/flags/1x1/fk.svg)}.flag-icon-fm{background-image:url(/css/flags/4x3/fm.svg)}.flag-icon-fm.flag-icon-squared{background-image:url(/css/flags/1x1/fm.svg)}.flag-icon-fo{background-image:url(/css/flags/4x3/fo.svg)}.flag-icon-fo.flag-icon-squared{background-image:url(/css/flags/1x1/fo.svg)}.flag-icon-fr{background-image:url(/css/flags/4x3/fr.svg)}.flag-icon-fr.flag-icon-squared{background-image:url(/css/flags/1x1/fr.svg)}.flag-icon-ga{background-image:url(/css/flags/4x3/ga.svg)}.flag-icon-ga.flag-icon-squared{background-image:url(/css/flags/1x1/ga.svg)}.flag-icon-gb{background-image:url(/css/flags/4x3/en.svg)}.flag-icon-gb.flag-icon-squared{background-image:url(/css/flags/1x1/en.svg)}.flag-icon-gd{background-image:url(/css/flags/4x3/gd.svg)}.flag-icon-gd.flag-icon-squared{background-image:url(/css/flags/1x1/gd.svg)}.flag-icon-ge{background-image:url(/css/flags/4x3/ge.svg)}.flag-icon-ge.flag-icon-squared{background-image:url(/css/flags/1x1/ge.svg)}.flag-icon-gf{background-image:url(/css/flags/4x3/gf.svg)}.flag-icon-gf.flag-icon-squared{background-image:url(/css/flags/1x1/gf.svg)}.flag-icon-gg{background-image:url(/css/flags/4x3/gg.svg)}.flag-icon-gg.flag-icon-squared{background-image:url(/css/flags/1x1/gg.svg)}.flag-icon-gh{background-image:url(/css/flags/4x3/gh.svg)}.flag-icon-gh.flag-icon-squared{background-image:url(/css/flags/1x1/gh.svg)}.flag-icon-gi{background-image:url(/css/flags/4x3/gi.svg)}.flag-icon-gi.flag-icon-squared{background-image:url(/css/flags/1x1/gi.svg)}.flag-icon-gl{background-image:url(/css/flags/4x3/gl.svg)}.flag-icon-gl.flag-icon-squared{background-image:url(/css/flags/1x1/gl.svg)}.flag-icon-gm{background-image:url(/css/flags/4x3/gm.svg)}.flag-icon-gm.flag-icon-squared{background-image:url(/css/flags/1x1/gm.svg)}.flag-icon-gn{background-image:url(/css/flags/4x3/gn.svg)}.flag-icon-gn.flag-icon-squared{background-image:url(/css/flags/1x1/gn.svg)}.flag-icon-gp{background-image:url(/css/flags/4x3/gp.svg)}.flag-icon-gp.flag-icon-squared{background-image:url(/css/flags/1x1/gp.svg)}.flag-icon-gq{background-image:url(/css/flags/4x3/gq.svg)}.flag-icon-gq.flag-icon-squared{background-image:url(/css/flags/1x1/gq.svg)}.flag-icon-gr{background-image:url(/css/flags/4x3/gr.svg)}.flag-icon-gr.flag-icon-squared{background-image:url(/css/flags/1x1/gr.svg)}.flag-icon-gs{background-image:url(/css/flags/4x3/gs.svg)}.flag-icon-gs.flag-icon-squared{background-image:url(/css/flags/1x1/gs.svg)}.flag-icon-gt{background-image:url(/css/flags/4x3/gt.svg)}.flag-icon-gt.flag-icon-squared{background-image:url(/css/flags/1x1/gt.svg)}.flag-icon-gu{background-image:url(/css/flags/4x3/gu.svg)}.flag-icon-gu.flag-icon-squared{background-image:url(/css/flags/1x1/gu.svg)}.flag-icon-gw{background-image:url(/css/flags/4x3/gw.svg)}.flag-icon-gw.flag-icon-squared{background-image:url(/css/flags/1x1/gw.svg)}.flag-icon-gy{background-image:url(/css/flags/4x3/gy.svg)}.flag-icon-gy.flag-icon-squared{background-image:url(/css/flags/1x1/gy.svg)}.flag-icon-hk{background-image:url(/css/flags/4x3/hk.svg)}.flag-icon-hk.flag-icon-squared{background-image:url(/css/flags/1x1/hk.svg)}.flag-icon-hm{background-image:url(/css/flags/4x3/hm.svg)}.flag-icon-hm.flag-icon-squared{background-image:url(/css/flags/1x1/hm.svg)}.flag-icon-hn{background-image:url(/css/flags/4x3/hn.svg)}.flag-icon-hn.flag-icon-squared{background-image:url(/css/flags/1x1/hn.svg)}.flag-icon-hr{background-image:url(/css/flags/4x3/hr.svg)}.flag-icon-hr.flag-icon-squared{background-image:url(/css/flags/1x1/hr.svg)}.flag-icon-ht{background-image:url(/css/flags/4x3/ht.svg)}.flag-icon-ht.flag-icon-squared{background-image:url(/css/flags/1x1/ht.svg)}.flag-icon-hu{background-image:url(/css/flags/4x3/hu.svg)}.flag-icon-hu.flag-icon-squared{background-image:url(/css/flags/1x1/hu.svg)}.flag-icon-id{background-image:url(/css/flags/4x3/id.svg)}.flag-icon-id.flag-icon-squared{background-image:url(/css/flags/1x1/id.svg)}.flag-icon-ie{background-image:url(/css/flags/4x3/ie.svg)}.flag-icon-ie.flag-icon-squared{background-image:url(/css/flags/1x1/ie.svg)}.flag-icon-il{background-image:url(/css/flags/4x3/il.svg)}.flag-icon-il.flag-icon-squared{background-image:url(/css/flags/1x1/il.svg)}.flag-icon-im{background-image:url(/css/flags/4x3/im.svg)}.flag-icon-im.flag-icon-squared{background-image:url(/css/flags/1x1/im.svg)}.flag-icon-in{background-image:url(/css/flags/4x3/in.svg)}.flag-icon-in.flag-icon-squared{background-image:url(/css/flags/1x1/in.svg)}.flag-icon-io{background-image:url(/css/flags/4x3/io.svg)}.flag-icon-io.flag-icon-squared{background-image:url(/css/flags/1x1/io.svg)}.flag-icon-iq{background-image:url(/css/flags/4x3/iq.svg)}.flag-icon-iq.flag-icon-squared{background-image:url(/css/flags/1x1/iq.svg)}.flag-icon-ir{background-image:url(/css/flags/4x3/ir.svg)}.flag-icon-ir.flag-icon-squared{background-image:url(/css/flags/1x1/ir.svg)}.flag-icon-is{background-image:url(/css/flags/4x3/is.svg)}.flag-icon-is.flag-icon-squared{background-image:url(/css/flags/1x1/is.svg)}.flag-icon-it{background-image:url(/css/flags/4x3/it.svg)}.flag-icon-it.flag-icon-squared{background-image:url(/css/flags/1x1/it.svg)}.flag-icon-je{background-image:url(/css/flags/4x3/je.svg)}.flag-icon-je.flag-icon-squared{background-image:url(/css/flags/1x1/je.svg)}.flag-icon-jm{background-image:url(/css/flags/4x3/jm.svg)}.flag-icon-jm.flag-icon-squared{background-image:url(/css/flags/1x1/jm.svg)}.flag-icon-jo{background-image:url(/css/flags/4x3/jo.svg)}.flag-icon-jo.flag-icon-squared{background-image:url(/css/flags/1x1/jo.svg)}.flag-icon-jp{background-image:url(/css/flags/4x3/jp.svg)}.flag-icon-jp.flag-icon-squared{background-image:url(/css/flags/1x1/jp.svg)}.flag-icon-ke{background-image:url(/css/flags/4x3/ke.svg)}.flag-icon-ke.flag-icon-squared{background-image:url(/css/flags/1x1/ke.svg)}.flag-icon-kg{background-image:url(/css/flags/4x3/kg.svg)}.flag-icon-kg.flag-icon-squared{background-image:url(/css/flags/1x1/kg.svg)}.flag-icon-kh{background-image:url(/css/flags/4x3/kh.svg)}.flag-icon-kh.flag-icon-squared{background-image:url(/css/flags/1x1/kh.svg)}.flag-icon-ki{background-image:url(/css/flags/4x3/ki.svg)}.flag-icon-ki.flag-icon-squared{background-image:url(/css/flags/1x1/ki.svg)}.flag-icon-km{background-image:url(/css/flags/4x3/km.svg)}.flag-icon-km.flag-icon-squared{background-image:url(/css/flags/1x1/km.svg)}.flag-icon-kn{background-image:url(/css/flags/4x3/kn.svg)}.flag-icon-kn.flag-icon-squared{background-image:url(/css/flags/1x1/kn.svg)}.flag-icon-kp{background-image:url(/css/flags/4x3/kp.svg)}.flag-icon-kp.flag-icon-squared{background-image:url(/css/flags/1x1/kp.svg)}.flag-icon-ko{background-image:url(/css/flags/4x3/ko.svg)}.flag-icon-ko.flag-icon-squared{background-image:url(/css/flags/1x1/ko.svg)}.flag-icon-kr{background-image:url(/css/flags/4x3/kr.svg)}.flag-icon-kr.flag-icon-squared{background-image:url(/css/flags/1x1/kr.svg)}.flag-icon-kw{background-image:url(/css/flags/4x3/kw.svg)}.flag-icon-kw.flag-icon-squared{background-image:url(/css/flags/1x1/kw.svg)}.flag-icon-ky{background-image:url(/css/flags/4x3/ky.svg)}.flag-icon-ky.flag-icon-squared{background-image:url(/css/flags/1x1/ky.svg)}.flag-icon-kz{background-image:url(/css/flags/4x3/kz.svg)}.flag-icon-kz.flag-icon-squared{background-image:url(/css/flags/1x1/kz.svg)}.flag-icon-la{background-image:url(/css/flags/4x3/la.svg)}.flag-icon-la.flag-icon-squared{background-image:url(/css/flags/1x1/la.svg)}.flag-icon-lb{background-image:url(/css/flags/4x3/lb.svg)}.flag-icon-lb.flag-icon-squared{background-image:url(/css/flags/1x1/lb.svg)}.flag-icon-lc{background-image:url(/css/flags/4x3/lc.svg)}.flag-icon-lc.flag-icon-squared{background-image:url(/css/flags/1x1/lc.svg)}.flag-icon-li{background-image:url(/css/flags/4x3/li.svg)}.flag-icon-li.flag-icon-squared{background-image:url(/css/flags/1x1/li.svg)}.flag-icon-lk{background-image:url(/css/flags/4x3/lk.svg)}.flag-icon-lk.flag-icon-squared{background-image:url(/css/flags/1x1/lk.svg)}.flag-icon-lr{background-image:url(/css/flags/4x3/lr.svg)}.flag-icon-lr.flag-icon-squared{background-image:url(/css/flags/1x1/lr.svg)}.flag-icon-ls{background-image:url(/css/flags/4x3/ls.svg)}.flag-icon-ls.flag-icon-squared{background-image:url(/css/flags/1x1/ls.svg)}.flag-icon-lt{background-image:url(/css/flags/4x3/lt.svg)}.flag-icon-lt.flag-icon-squared{background-image:url(/css/flags/1x1/lt.svg)}.flag-icon-lu{background-image:url(/css/flags/4x3/lu.svg)}.flag-icon-lu.flag-icon-squared{background-image:url(/css/flags/1x1/lu.svg)}.flag-icon-lv{background-image:url(/css/flags/4x3/lv.svg)}.flag-icon-lv.flag-icon-squared{background-image:url(/css/flags/1x1/lv.svg)}.flag-icon-ly{background-image:url(/css/flags/4x3/ly.svg)}.flag-icon-ly.flag-icon-squared{background-image:url(/css/flags/1x1/ly.svg)}.flag-icon-ma{background-image:url(/css/flags/4x3/ma.svg)}.flag-icon-ma.flag-icon-squared{background-image:url(/css/flags/1x1/ma.svg)}.flag-icon-mc{background-image:url(/css/flags/4x3/mc.svg)}.flag-icon-mc.flag-icon-squared{background-image:url(/css/flags/1x1/mc.svg)}.flag-icon-md{background-image:url(/css/flags/4x3/md.svg)}.flag-icon-md.flag-icon-squared{background-image:url(/css/flags/1x1/md.svg)}.flag-icon-me{background-image:url(/css/flags/4x3/me.svg)}.flag-icon-me.flag-icon-squared{background-image:url(/css/flags/1x1/me.svg)}.flag-icon-mf{background-image:url(/css/flags/4x3/mf.svg)}.flag-icon-mf.flag-icon-squared{background-image:url(/css/flags/1x1/mf.svg)}.flag-icon-mg{background-image:url(/css/flags/4x3/mg.svg)}.flag-icon-mg.flag-icon-squared{background-image:url(/css/flags/1x1/mg.svg)}.flag-icon-mh{background-image:url(/css/flags/4x3/mh.svg)}.flag-icon-mh.flag-icon-squared{background-image:url(/css/flags/1x1/mh.svg)}.flag-icon-mk{background-image:url(/css/flags/4x3/mk.svg)}.flag-icon-mk.flag-icon-squared{background-image:url(/css/flags/1x1/mk.svg)}.flag-icon-ml{background-image:url(/css/flags/4x3/ml.svg)}.flag-icon-ml.flag-icon-squared{background-image:url(/css/flags/1x1/ml.svg)}.flag-icon-mm{background-image:url(/css/flags/4x3/mm.svg)}.flag-icon-mm.flag-icon-squared{background-image:url(/css/flags/1x1/mm.svg)}.flag-icon-mn{background-image:url(/css/flags/4x3/mn.svg)}.flag-icon-mn.flag-icon-squared{background-image:url(/css/flags/1x1/mn.svg)}.flag-icon-mo{background-image:url(/css/flags/4x3/mo.svg)}.flag-icon-mo.flag-icon-squared{background-image:url(/css/flags/1x1/mo.svg)}.flag-icon-mp{background-image:url(/css/flags/4x3/mp.svg)}.flag-icon-mp.flag-icon-squared{background-image:url(/css/flags/1x1/mp.svg)}.flag-icon-mq{background-image:url(/css/flags/4x3/mq.svg)}.flag-icon-mq.flag-icon-squared{background-image:url(/css/flags/1x1/mq.svg)}.flag-icon-mr{background-image:url(/css/flags/4x3/mr.svg)}.flag-icon-mr.flag-icon-squared{background-image:url(/css/flags/1x1/mr.svg)}.flag-icon-ms{background-image:url(/css/flags/4x3/ms.svg)}.flag-icon-ms.flag-icon-squared{background-image:url(/css/flags/1x1/ms.svg)}.flag-icon-mt{background-image:url(/css/flags/4x3/mt.svg)}.flag-icon-mt.flag-icon-squared{background-image:url(/css/flags/1x1/mt.svg)}.flag-icon-mu{background-image:url(/css/flags/4x3/mu.svg)}.flag-icon-mu.flag-icon-squared{background-image:url(/css/flags/1x1/mu.svg)}.flag-icon-mv{background-image:url(/css/flags/4x3/mv.svg)}.flag-icon-mv.flag-icon-squared{background-image:url(/css/flags/1x1/mv.svg)}.flag-icon-mw{background-image:url(/css/flags/4x3/mw.svg)}.flag-icon-mw.flag-icon-squared{background-image:url(/css/flags/1x1/mw.svg)}.flag-icon-mx{background-image:url(/css/flags/4x3/mx.svg)}.flag-icon-mx.flag-icon-squared{background-image:url(/css/flags/1x1/mx.svg)}.flag-icon-my{background-image:url(/css/flags/4x3/my.svg)}.flag-icon-my.flag-icon-squared{background-image:url(/css/flags/1x1/my.svg)}.flag-icon-mz{background-image:url(/css/flags/4x3/mz.svg)}.flag-icon-mz.flag-icon-squared{background-image:url(/css/flags/1x1/mz.svg)}.flag-icon-na{background-image:url(/css/flags/4x3/na.svg)}.flag-icon-na.flag-icon-squared{background-image:url(/css/flags/1x1/na.svg)}.flag-icon-nc{background-image:url(/css/flags/4x3/nc.svg)}.flag-icon-nc.flag-icon-squared{background-image:url(/css/flags/1x1/nc.svg)}.flag-icon-ne{background-image:url(/css/flags/4x3/ne.svg)}.flag-icon-ne.flag-icon-squared{background-image:url(/css/flags/1x1/ne.svg)}.flag-icon-nf{background-image:url(/css/flags/4x3/nf.svg)}.flag-icon-nf.flag-icon-squared{background-image:url(/css/flags/1x1/nf.svg)}.flag-icon-ng{background-image:url(/css/flags/4x3/ng.svg)}.flag-icon-ng.flag-icon-squared{background-image:url(/css/flags/1x1/ng.svg)}.flag-icon-ni{background-image:url(/css/flags/4x3/ni.svg)}.flag-icon-ni.flag-icon-squared{background-image:url(/css/flags/1x1/ni.svg)}.flag-icon-nl{background-image:url(/css/flags/4x3/nl.svg)}.flag-icon-nl.flag-icon-squared{background-image:url(/css/flags/1x1/nl.svg)}.flag-icon-no{background-image:url(/css/flags/4x3/no.svg)}.flag-icon-no.flag-icon-squared{background-image:url(/css/flags/1x1/no.svg)}.flag-icon-np{background-image:url(/css/flags/4x3/np.svg)}.flag-icon-np.flag-icon-squared{background-image:url(/css/flags/1x1/np.svg)}.flag-icon-nr{background-image:url(/css/flags/4x3/nr.svg)}.flag-icon-nr.flag-icon-squared{background-image:url(/css/flags/1x1/nr.svg)}.flag-icon-nu{background-image:url(/css/flags/4x3/nu.svg)}.flag-icon-nu.flag-icon-squared{background-image:url(/css/flags/1x1/nu.svg)}.flag-icon-nz{background-image:url(/css/flags/4x3/nz.svg)}.flag-icon-nz.flag-icon-squared{background-image:url(/css/flags/1x1/nz.svg)}.flag-icon-om{background-image:url(/css/flags/4x3/om.svg)}.flag-icon-om.flag-icon-squared{background-image:url(/css/flags/1x1/om.svg)}.flag-icon-pa{background-image:url(/css/flags/4x3/pa.svg)}.flag-icon-pa.flag-icon-squared{background-image:url(/css/flags/1x1/pa.svg)}.flag-icon-pe{background-image:url(/css/flags/4x3/pe.svg)}.flag-icon-pe.flag-icon-squared{background-image:url(/css/flags/1x1/pe.svg)}.flag-icon-pf{background-image:url(/css/flags/4x3/pf.svg)}.flag-icon-pf.flag-icon-squared{background-image:url(/css/flags/1x1/pf.svg)}.flag-icon-pg{background-image:url(/css/flags/4x3/pg.svg)}.flag-icon-pg.flag-icon-squared{background-image:url(/css/flags/1x1/pg.svg)}.flag-icon-ph{background-image:url(/css/flags/4x3/ph.svg)}.flag-icon-ph.flag-icon-squared{background-image:url(/css/flags/1x1/ph.svg)}.flag-icon-pk{background-image:url(/css/flags/4x3/pk.svg)}.flag-icon-pk.flag-icon-squared{background-image:url(/css/flags/1x1/pk.svg)}.flag-icon-pl{background-image:url(/css/flags/4x3/pl.svg)}.flag-icon-pl.flag-icon-squared{background-image:url(/css/flags/1x1/pl.svg)}.flag-icon-pm{background-image:url(/css/flags/4x3/pm.svg)}.flag-icon-pm.flag-icon-squared{background-image:url(/css/flags/1x1/pm.svg)}.flag-icon-pn{background-image:url(/css/flags/4x3/pn.svg)}.flag-icon-pn.flag-icon-squared{background-image:url(/css/flags/1x1/pn.svg)}.flag-icon-pr{background-image:url(/css/flags/4x3/pr.svg)}.flag-icon-pr.flag-icon-squared{background-image:url(/css/flags/1x1/pr.svg)}.flag-icon-ps{background-image:url(/css/flags/4x3/ps.svg)}.flag-icon-ps.flag-icon-squared{background-image:url(/css/flags/1x1/ps.svg)}.flag-icon-pt{background-image:url(/css/flags/4x3/pt.svg)}.flag-icon-pt.flag-icon-squared{background-image:url(/css/flags/1x1/pt.svg)}.flag-icon-pw{background-image:url(/css/flags/4x3/pw.svg)}.flag-icon-pw.flag-icon-squared{background-image:url(/css/flags/1x1/pw.svg)}.flag-icon-py{background-image:url(/css/flags/4x3/py.svg)}.flag-icon-py.flag-icon-squared{background-image:url(/css/flags/1x1/py.svg)}.flag-icon-qa{background-image:url(/css/flags/4x3/qa.svg)}.flag-icon-qa.flag-icon-squared{background-image:url(/css/flags/1x1/qa.svg)}.flag-icon-re{background-image:url(/css/flags/4x3/re.svg)}.flag-icon-re.flag-icon-squared{background-image:url(/css/flags/1x1/re.svg)}.flag-icon-ro{background-image:url(/css/flags/4x3/ro.svg)}.flag-icon-ro.flag-icon-squared{background-image:url(/css/flags/1x1/ro.svg)}.flag-icon-rs{background-image:url(/css/flags/4x3/rs.svg)}.flag-icon-rs.flag-icon-squared{background-image:url(/css/flags/1x1/rs.svg)}.flag-icon-ru{background-image:url(/css/flags/4x3/ru.svg)}.flag-icon-ru.flag-icon-squared{background-image:url(/css/flags/1x1/ru.svg)}.flag-icon-rw{background-image:url(/css/flags/4x3/rw.svg)}.flag-icon-rw.flag-icon-squared{background-image:url(/css/flags/1x1/rw.svg)}.flag-icon-sa{background-image:url(/css/flags/4x3/sa.svg)}.flag-icon-sa.flag-icon-squared{background-image:url(/css/flags/1x1/sa.svg)}.flag-icon-sb{background-image:url(/css/flags/4x3/sb.svg)}.flag-icon-sb.flag-icon-squared{background-image:url(/css/flags/1x1/sb.svg)}.flag-icon-sc{background-image:url(/css/flags/4x3/sc.svg)}.flag-icon-sc.flag-icon-squared{background-image:url(/css/flags/1x1/sc.svg)}.flag-icon-sd{background-image:url(/css/flags/4x3/sd.svg)}.flag-icon-sd.flag-icon-squared{background-image:url(/css/flags/1x1/sd.svg)}.flag-icon-se{background-image:url(/css/flags/4x3/se.svg)}.flag-icon-se.flag-icon-squared{background-image:url(/css/flags/1x1/se.svg)}.flag-icon-sg{background-image:url(/css/flags/4x3/sg.svg)}.flag-icon-sg.flag-icon-squared{background-image:url(/css/flags/1x1/sg.svg)}.flag-icon-sh{background-image:url(/css/flags/4x3/sh.svg)}.flag-icon-sh.flag-icon-squared{background-image:url(/css/flags/1x1/sh.svg)}.flag-icon-si{background-image:url(/css/flags/4x3/si.svg)}.flag-icon-si.flag-icon-squared{background-image:url(/css/flags/1x1/si.svg)}.flag-icon-sj{background-image:url(/css/flags/4x3/sj.svg)}.flag-icon-sj.flag-icon-squared{background-image:url(/css/flags/1x1/sj.svg)}.flag-icon-sk{background-image:url(/css/flags/4x3/sk.svg)}.flag-icon-sk.flag-icon-squared{background-image:url(/css/flags/1x1/sk.svg)}.flag-icon-sl{background-image:url(/css/flags/4x3/sl.svg)}.flag-icon-sl.flag-icon-squared{background-image:url(/css/flags/1x1/sl.svg)}.flag-icon-sm{background-image:url(/css/flags/4x3/sm.svg)}.flag-icon-sm.flag-icon-squared{background-image:url(/css/flags/1x1/sm.svg)}.flag-icon-sn{background-image:url(/css/flags/4x3/sn.svg)}.flag-icon-sn.flag-icon-squared{background-image:url(/css/flags/1x1/sn.svg)}.flag-icon-so{background-image:url(/css/flags/4x3/so.svg)}.flag-icon-so.flag-icon-squared{background-image:url(/css/flags/1x1/so.svg)}.flag-icon-sr{background-image:url(/css/flags/4x3/sr.svg)}.flag-icon-sr.flag-icon-squared{background-image:url(/css/flags/1x1/sr.svg)}.flag-icon-ss{background-image:url(/css/flags/4x3/ss.svg)}.flag-icon-ss.flag-icon-squared{background-image:url(/css/flags/1x1/ss.svg)}.flag-icon-st{background-image:url(/css/flags/4x3/st.svg)}.flag-icon-st.flag-icon-squared{background-image:url(/css/flags/1x1/st.svg)}.flag-icon-sv{background-image:url(/css/flags/4x3/sv.svg)}.flag-icon-sv.flag-icon-squared{background-image:url(/css/flags/1x1/sv.svg)}.flag-icon-sx{background-image:url(/css/flags/4x3/sx.svg)}.flag-icon-sx.flag-icon-squared{background-image:url(/css/flags/1x1/sx.svg)}.flag-icon-sy{background-image:url(/css/flags/4x3/sy.svg)}.flag-icon-sy.flag-icon-squared{background-image:url(/css/flags/1x1/sy.svg)}.flag-icon-sz{background-image:url(/css/flags/4x3/sz.svg)}.flag-icon-sz.flag-icon-squared{background-image:url(/css/flags/1x1/sz.svg)}.flag-icon-tc{background-image:url(/css/flags/4x3/tc.svg)}.flag-icon-tc.flag-icon-squared{background-image:url(/css/flags/1x1/tc.svg)}.flag-icon-td{background-image:url(/css/flags/4x3/td.svg)}.flag-icon-td.flag-icon-squared{background-image:url(/css/flags/1x1/td.svg)}.flag-icon-tf{background-image:url(/css/flags/4x3/tf.svg)}.flag-icon-tf.flag-icon-squared{background-image:url(/css/flags/1x1/tf.svg)}.flag-icon-tg{background-image:url(/css/flags/4x3/tg.svg)}.flag-icon-tg.flag-icon-squared{background-image:url(/css/flags/1x1/tg.svg)}.flag-icon-th{background-image:url(/css/flags/4x3/th.svg)}.flag-icon-th.flag-icon-squared{background-image:url(/css/flags/1x1/th.svg)}.flag-icon-tj{background-image:url(/css/flags/4x3/tj.svg)}.flag-icon-tj.flag-icon-squared{background-image:url(/css/flags/1x1/tj.svg)}.flag-icon-tk{background-image:url(/css/flags/4x3/tk.svg)}.flag-icon-tk.flag-icon-squared{background-image:url(/css/flags/1x1/tk.svg)}.flag-icon-tl{background-image:url(/css/flags/4x3/tl.svg)}.flag-icon-tl.flag-icon-squared{background-image:url(/css/flags/1x1/tl.svg)}.flag-icon-tm{background-image:url(/css/flags/4x3/tm.svg)}.flag-icon-tm.flag-icon-squared{background-image:url(/css/flags/1x1/tm.svg)}.flag-icon-tn{background-image:url(/css/flags/4x3/tn.svg)}.flag-icon-tn.flag-icon-squared{background-image:url(/css/flags/1x1/tn.svg)}.flag-icon-to{background-image:url(/css/flags/4x3/to.svg)}.flag-icon-to.flag-icon-squared{background-image:url(/css/flags/1x1/to.svg)}.flag-icon-tr{background-image:url(/css/flags/4x3/tr.svg)}.flag-icon-tr.flag-icon-squared{background-image:url(/css/flags/1x1/tr.svg)}.flag-icon-tt{background-image:url(/css/flags/4x3/tt.svg)}.flag-icon-tt.flag-icon-squared{background-image:url(/css/flags/1x1/tt.svg)}.flag-icon-tv{background-image:url(/css/flags/4x3/tv.svg)}.flag-icon-tv.flag-icon-squared{background-image:url(/css/flags/1x1/tv.svg)}.flag-icon-tw{background-image:url(/css/flags/4x3/tw.svg)}.flag-icon-tw.flag-icon-squared{background-image:url(/css/flags/1x1/tw.svg)}.flag-icon-tz{background-image:url(/css/flags/4x3/tz.svg)}.flag-icon-tz.flag-icon-squared{background-image:url(/css/flags/1x1/tz.svg)}.flag-icon-ua{background-image:url(/css/flags/4x3/ua.svg)}.flag-icon-ua.flag-icon-squared{background-image:url(/css/flags/1x1/ua.svg)}.flag-icon-ug{background-image:url(/css/flags/4x3/ug.svg)}.flag-icon-ug.flag-icon-squared{background-image:url(/css/flags/1x1/ug.svg)}.flag-icon-um{background-image:url(/css/flags/4x3/um.svg)}.flag-icon-um.flag-icon-squared{background-image:url(/css/flags/1x1/um.svg)}.flag-icon-us{background-image:url(/css/flags/4x3/us.svg)}.flag-icon-us.flag-icon-squared{background-image:url(/css/flags/1x1/us.svg)}.flag-icon-uy{background-image:url(/css/flags/4x3/uy.svg)}.flag-icon-uy.flag-icon-squared{background-image:url(/css/flags/1x1/uy.svg)}.flag-icon-uz{background-image:url(/css/flags/4x3/uz.svg)}.flag-icon-uz.flag-icon-squared{background-image:url(/css/flags/1x1/uz.svg)}.flag-icon-va{background-image:url(/css/flags/4x3/va.svg)}.flag-icon-va.flag-icon-squared{background-image:url(/css/flags/1x1/va.svg)}.flag-icon-vc{background-image:url(/css/flags/4x3/vc.svg)}.flag-icon-vc.flag-icon-squared{background-image:url(/css/flags/1x1/vc.svg)}.flag-icon-ve{background-image:url(/css/flags/4x3/ve.svg)}.flag-icon-ve.flag-icon-squared{background-image:url(/css/flags/1x1/ve.svg)}.flag-icon-vg{background-image:url(/css/flags/4x3/vg.svg)}.flag-icon-vg.flag-icon-squared{background-image:url(/css/flags/1x1/vg.svg)}.flag-icon-vi{background-image:url(/css/flags/4x3/vi.svg)}.flag-icon-vi.flag-icon-squared{background-image:url(/css/flags/1x1/vi.svg)}.flag-icon-vn{background-image:url(/css/flags/4x3/vn.svg)}.flag-icon-vn.flag-icon-squared{background-image:url(/css/flags/1x1/vn.svg)}.flag-icon-vu{background-image:url(/css/flags/4x3/vu.svg)}.flag-icon-vu.flag-icon-squared{background-image:url(/css/flags/1x1/vu.svg)}.flag-icon-wf{background-image:url(/css/flags/4x3/wf.svg)}.flag-icon-wf.flag-icon-squared{background-image:url(/css/flags/1x1/wf.svg)}.flag-icon-ws{background-image:url(/css/flags/4x3/ws.svg)}.flag-icon-ws.flag-icon-squared{background-image:url(/css/flags/1x1/ws.svg)}.flag-icon-ye{background-image:url(/css/flags/4x3/ye.svg)}.flag-icon-ye.flag-icon-squared{background-image:url(/css/flags/1x1/ye.svg)}.flag-icon-yt{background-image:url(/css/flags/4x3/yt.svg)}.flag-icon-yt.flag-icon-squared{background-image:url(/css/flags/1x1/yt.svg)}.flag-icon-za{background-image:url(/css/flags/4x3/za.svg)}.flag-icon-za.flag-icon-squared{background-image:url(/css/flags/1x1/za.svg)}.flag-icon-zm{background-image:url(/css/flags/4x3/zm.svg)}.flag-icon-zm.flag-icon-squared{background-image:url(/css/flags/1x1/zm.svg)}.flag-icon-zw{background-image:url(/css/flags/4x3/zw.svg)}.flag-icon-zw.flag-icon-squared{background-image:url(/css/flags/1x1/zw.svg)}.flag-icon-es-ct{background-image:url(/css/flags/4x3/es-ct.svg)}.flag-icon-es-ct.flag-icon-squared{background-image:url(/css/flags/1x1/es-ct.svg)}.flag-icon-es-ga{background-image:url(/css/flags/4x3/es-ga.svg)}.flag-icon-es-ga.flag-icon-squared{background-image:url(/css/flags/1x1/es-ga.svg)}.flag-icon-eu{background-image:url(/css/flags/4x3/eu.svg)}.flag-icon-eu.flag-icon-squared{background-image:url(/css/flags/1x1/eu.svg)}.flag-icon-gb-eng{background-image:url(/css/flags/4x3/gb-eng.svg)}.flag-icon-gb-eng.flag-icon-squared{background-image:url(/css/flags/1x1/gb-eng.svg)}.flag-icon-gb-nir{background-image:url(/css/flags/4x3/gb-nir.svg)}.flag-icon-gb-nir.flag-icon-squared{background-image:url(/css/flags/1x1/gb-nir.svg)}.flag-icon-gb-sct{background-image:url(/css/flags/4x3/gb-sct.svg)}.flag-icon-gb-sct.flag-icon-squared{background-image:url(/css/flags/1x1/gb-sct.svg)}.flag-icon-gb-wls{background-image:url(/css/flags/4x3/gb-wls.svg)}.flag-icon-gb-wls.flag-icon-squared{background-image:url(/css/flags/1x1/gb-wls.svg)}.flag-icon-un{background-image:url(/css/flags/4x3/un.svg)}.flag-icon-un.flag-icon-squared{background-image:url(/css/flags/1x1/un.svg)}.flag-icon-xk{background-image:url(/css/flags/4x3/xk.svg)}.flag-icon-xk.flag-icon-squared{background-image:url(/css/flags/1x1/xk.svg)}

From 65fb4c2aa81cb779bed1a4ad75836a151eab46db Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 26 Mar 2025 13:04:43 +0100
Subject: [PATCH 537/755] [Nginx] Move conf.d include before SNI vhosts

---
 data/conf/nginx/templates/nginx.conf.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/conf/nginx/templates/nginx.conf.j2 b/data/conf/nginx/templates/nginx.conf.j2
index a4ff70e51..ff5f8f184 100644
--- a/data/conf/nginx/templates/nginx.conf.j2
+++ b/data/conf/nginx/templates/nginx.conf.j2
@@ -182,6 +182,8 @@ http {
         }
     }
 
+    include /etc/nginx/conf.d/*.conf;
+
     {% for cert in valid_cert_dirs %}
     server {
         {% if not HTTP_REDIRECT %}
@@ -206,6 +208,4 @@ http {
         include /etc/nginx/includes/sites-default.conf;
     }
     {% endfor %}
-
-    include /etc/nginx/conf.d/*.conf;
 }

From 8408b82e9c92d34f65f5aae31d6840704764e231 Mon Sep 17 00:00:00 2001
From: "Marvin A. Ruder" <signed@mruder.dev>
Date: Wed, 26 Mar 2025 17:17:13 +0100
Subject: [PATCH 538/755] Add new option with description to existing
 configuration files during next update

* Remove Olefy settings file from rspamd configuration
* Have rspamd container generate Olefy settings file at startup if not disabled

Signed-off-by: Marvin A. Ruder <signed@mruder.dev>
---
 data/Dockerfiles/rspamd/docker-entrypoint.sh  | 21 +++++++++++++++++++
 .../rspamd/local.d/external_services.conf     | 12 -----------
 update.sh                                     | 12 +++++++++++
 3 files changed, 33 insertions(+), 12 deletions(-)
 delete mode 100644 data/conf/rspamd/local.d/external_services.conf

diff --git a/data/Dockerfiles/rspamd/docker-entrypoint.sh b/data/Dockerfiles/rspamd/docker-entrypoint.sh
index cf44c3063..7385488b0 100755
--- a/data/Dockerfiles/rspamd/docker-entrypoint.sh
+++ b/data/Dockerfiles/rspamd/docker-entrypoint.sh
@@ -81,6 +81,27 @@ EOF
   redis-cli -h redis-mailcow -a ${REDISPASS} --no-auth-warning SLAVEOF NO ONE
 fi
 
+if [[ "${SKIP_OLEFY}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+  if [[ -f /etc/rspamd/local.d/external_services.conf ]]; then
+    rm /etc/rspamd/local.d/external_services.conf
+  fi
+else
+  cat <<EOF > /etc/rspamd/local.d/external_services.conf
+oletools {
+  # default olefy settings
+  servers = "olefy:10055";
+  # needs to be set explicitly for Rspamd < 1.9.5
+  scan_mime_parts = true;
+  # mime-part regex matching in content-type or filename
+  # block all macros
+  extended = true;
+  max_size = 3145728;
+  timeout = 20.0;
+  retransmits = 1;
+}
+EOF
+fi
+
 # Provide additional lua modules
 ln -s /usr/lib/$(uname -m)-linux-gnu/liblua5.1-cjson.so.0.0.0 /usr/lib/rspamd/cjson.so
 
diff --git a/data/conf/rspamd/local.d/external_services.conf b/data/conf/rspamd/local.d/external_services.conf
deleted file mode 100644
index 2b091ff23..000000000
--- a/data/conf/rspamd/local.d/external_services.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-oletools {
-  # default olefy settings
-  servers = "olefy:10055";
-  # needs to be set explicitly for Rspamd < 1.9.5
-  scan_mime_parts = true;
-  # mime-part regex matching in content-type or filename
-  # block all macros
-  extended = true;
-  max_size = 3145728;
-  timeout = 20.0;
-  retransmits = 1;
-}
diff --git a/update.sh b/update.sh
index bf5229653..c39d37834 100755
--- a/update.sh
+++ b/update.sh
@@ -1280,6 +1280,18 @@ for option in "${CONFIG_ARRAY[@]}"; do
       echo '# CAUTION: Disabling this may expose container ports to other neighbors on the same subnet, even if the ports are bound to localhost' >> mailcow.conf
       echo 'DISABLE_NETFILTER_ISOLATION_RULE=n' >> mailcow.conf
     fi
+  elif [[ "${option}" == "SKIP_CLAMD" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
+      echo "Adding new option \"${option}\" to mailcow.conf"
+      echo '# Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n' >> mailcow.conf
+      echo 'SKIP_CLAMD=n' >> mailcow.conf
+    fi
+  elif [[ "${option}" == "SKIP_OLEFY" ]]; then
+    if ! grep -q "${option}" mailcow.conf; then
+      echo "Adding new option \"${option}\" to mailcow.conf"
+      echo '# Skip Olefy (olefy-mailcow) anti-virus for Office documents (Rspamd will auto-detect a missing Olefy container) - y/n' >> mailcow.conf
+      echo 'SKIP_OLEFY=n' >> mailcow.conf
+    fi
   elif [[ "${option}" == "REDISPASS" ]]; then
     if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"

From 4ad24228108aadf7a915bda7af0a3ef9ecffb92c Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 27 Mar 2025 16:52:15 +0100
Subject: [PATCH 539/755] [Dovecot] Increase Timeout for HTTP Login Request

---
 data/conf/dovecot/auth/passwd-verify.lua | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/data/conf/dovecot/auth/passwd-verify.lua b/data/conf/dovecot/auth/passwd-verify.lua
index cb2e928d0..d235173da 100644
--- a/data/conf/dovecot/auth/passwd-verify.lua
+++ b/data/conf/dovecot/auth/passwd-verify.lua
@@ -3,10 +3,10 @@ function auth_password_verify(request, password)
     return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "No such user"
   end
 
-  json = require "cjson"
-  ltn12 = require "ltn12"
-  https = require "ssl.https"
-  https.TIMEOUT = 5
+  local json = require "cjson"
+  local ltn12 = require "ltn12"
+  local https = require "ssl.https"
+  https.TIMEOUT = 30
 
   local req = {
     username = request.user,
@@ -16,8 +16,7 @@ function auth_password_verify(request, password)
   }
   req.protocol[request.service] = true
   local req_json = json.encode(req)
-  local res = {} 
-  
+  local res = {}
   local b, c = https.request {
     method = "POST",
     url = "https://nginx:9082",
@@ -29,11 +28,16 @@ function auth_password_verify(request, password)
     sink = ltn12.sink.table(res),
     insecure = true
   }
+
+  if c ~= 200 then
+    dovecot.i_info("HTTP request failed with " .. c .. " for user " .. request.user)
+    return dovecot.auth.PASSDB_RESULT_INTERNAL_FAILURE, "Upstream error"
+  end
+
   local api_response = json.decode(table.concat(res))
   if api_response.success == true then
     return dovecot.auth.PASSDB_RESULT_OK, ""
   end
-  
   return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, "Failed to authenticate"
 end
 

From 65d872cc1487380e488e26d27a26154a12753f5f Mon Sep 17 00:00:00 2001
From: Bruno Antunes <bruno@nootch.net>
Date: Thu, 27 Mar 2025 20:21:25 +0000
Subject: [PATCH 540/755] Fix tiny typo

---
 helper-scripts/backup_and_restore.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helper-scripts/backup_and_restore.sh b/helper-scripts/backup_and_restore.sh
index 0cb37fce3..c7615c294 100755
--- a/helper-scripts/backup_and_restore.sh
+++ b/helper-scripts/backup_and_restore.sh
@@ -236,7 +236,7 @@ function restore() {
       if [[ $(find "${RESTORE_LOCATION}" \( -name '*x86*' -o -name '*aarch*' \) -exec basename {} \; | sed 's/^\.//' | sed 's/^\.//') == "" ]]; then
         echo -e "\e[33mCould not find a architecture signature of the loaded backup... Maybe the backup was done before the multiarch update?"
         sleep 2
-        echo -e "Continuing anyhow. If rspamd is crashing opon boot try remove the rspamd volume with docker volume rm ${CMPS_PRJ}_rspamd-vol-1 after you've stopped the stack.\e[0m"
+        echo -e "Continuing anyhow. If rspamd is crashing upon boot try remove the rspamd volume with docker volume rm ${CMPS_PRJ}_rspamd-vol-1 after you've stopped the stack.\e[0m"
         sleep 2
         docker stop $(docker ps -qf name=rspamd-mailcow)
         docker run -i --name mailcow-backup --rm \

From 0157cbddafe59b253b8186d7e29a63da85a964d7 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 31 Mar 2025 10:36:20 +0200
Subject: [PATCH 541/755] [Netfilter] Downgrade to 1.61

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 2d68b80ce..4907b592d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -477,7 +477,7 @@ services:
             - acme
 
     netfilter-mailcow:
-      image: ghcr.io/mailcow/netfilter:1.62
+      image: ghcr.io/mailcow/netfilter:1.61
       stop_grace_period: 30s
       restart: always
       privileged: true

From f37961b7d06b1e0f0fdb2f893f5dfa295c00f86f Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 31 Mar 2025 11:32:01 +0200
Subject: [PATCH 542/755] [SOGo] Use JS for mailcow logout

---
 data/Dockerfiles/sogo/navMailcowBtns.diff |  6 +-----
 data/conf/sogo/custom-sogo.js             | 10 ++++++++++
 docker-compose.yml                        |  2 +-
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/data/Dockerfiles/sogo/navMailcowBtns.diff b/data/Dockerfiles/sogo/navMailcowBtns.diff
index 1b469aa60..563818fb6 100644
--- a/data/Dockerfiles/sogo/navMailcowBtns.diff
+++ b/data/Dockerfiles/sogo/navMailcowBtns.diff
@@ -7,14 +7,10 @@
 <     </md-button>
 <     <md-button class="md-icon-button"
 83c76
-<                onclick="document.getElementById('mc_logout').setAttribute('action', '/'); document.getElementById('mc_logout').submit();"
+<                onclick="mc_logout();"
 ---
 >                ng-show="::activeUser.path.logoff.length"
 85c78
 <                ng-href="#">
 ---
 >                ng-href="{{::activeUser.path.logoff}}">
-89,91d81
-<     <form method="POST" id="mc_logout" action="user">
-<       <input type="hidden" name="logout" value="1">
-<     </form>
diff --git a/data/conf/sogo/custom-sogo.js b/data/conf/sogo/custom-sogo.js
index e1f27e8ff..d3b90b085 100644
--- a/data/conf/sogo/custom-sogo.js
+++ b/data/conf/sogo/custom-sogo.js
@@ -5,6 +5,16 @@ document.addEventListener('DOMContentLoaded', function () {
         window.location.href = '/user';
     }
 });
+// logout function
+function mc_logout() {
+    fetch("/", {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded"
+        },
+        body: "logout=1"
+    }).then(() => window.location.href = '/');
+}
 
 // Custom SOGo JS
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 2d68b80ce..dea033a11 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -199,7 +199,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: ghcr.io/mailcow/sogo:1.131
+      image: ghcr.io/mailcow/sogo:1.133
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}

From e452917de9786663dd9eb0af371dd916ab6d63be Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 31 Mar 2025 12:14:43 +0200
Subject: [PATCH 543/755] [SOGo] Show mailcow Settings Button to SOGoSuperUsers

---
 data/Dockerfiles/sogo/navMailcowBtns.diff | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/data/Dockerfiles/sogo/navMailcowBtns.diff b/data/Dockerfiles/sogo/navMailcowBtns.diff
index 563818fb6..2107b5b1f 100644
--- a/data/Dockerfiles/sogo/navMailcowBtns.diff
+++ b/data/Dockerfiles/sogo/navMailcowBtns.diff
@@ -1,9 +1,8 @@
-59,65d58
-<                ng-show="::!activeUser.isSuperUser"
+60,65d58
 <                var:ng-click="navButtonClick"
 <                ng-href="/user">
 <       <md-icon>build</md-icon>
-<       <md-tooltip><var:string label:value="mailcow"/></md-tooltip>
+<       <md-tooltip>mailcow <var:string label:value="Preferences"/></md-tooltip>
 <     </md-button>
 <     <md-button class="md-icon-button"
 83c76

From db3a577ae3b1cd8211bf88da7d8bedaddda31e3a Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 1 Apr 2025 16:39:15 +0200
Subject: [PATCH 544/755] [Web] Fix password reset

---
 data/web/reset-password.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/web/reset-password.php b/data/web/reset-password.php
index 7544d40c3..d717d9d8b 100644
--- a/data/web/reset-password.php
+++ b/data/web/reset-password.php
@@ -1,5 +1,6 @@
 <?php
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.user.inc.php';
 
 if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'admin') {
   header('Location: /admin/dashboard');

From 4c5f48558782320905b10d7d10962fd509f68fbd Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Tue, 1 Apr 2025 22:00:11 +0200
Subject: [PATCH 545/755] update postscreen_access.cidr (#6443)

---
 data/conf/postfix/postscreen_access.cidr | 83 +++++++++++++++++++++---
 1 file changed, 75 insertions(+), 8 deletions(-)

diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr
index c6ed2be93..36c7e9fca 100644
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@@ -1,6 +1,6 @@
-# Whitelist generated by Postwhite v3.4 on Sat Mar  1 00:19:29 UTC 2025
+# Whitelist generated by Postwhite v3.4 on Tue Apr  1 00:20:51 UTC 2025
 # https://github.com/stevejenkins/postwhite/
-# 2000 total rules
+# 2067 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
 2a01:111:f403:8000::/50	permit
@@ -26,7 +26,12 @@
 8.20.114.31	permit
 8.25.194.0/23	permit
 8.25.196.0/23	permit
+8.39.54.0/23	permit
+8.39.54.250/31	permit
+8.40.222.0/23	permit
+8.40.222.250/31	permit
 12.130.86.238	permit
+13.107.246.59	permit
 13.110.208.0/21	permit
 13.110.209.0/24	permit
 13.110.216.0/22	permit
@@ -60,8 +65,6 @@
 20.59.80.4/30	permit
 20.63.210.192/28	permit
 20.69.8.108/30	permit
-20.70.246.20	permit
-20.76.201.171	permit
 20.83.222.104/30	permit
 20.88.157.184/30	permit
 20.94.180.64/28	permit
@@ -70,14 +73,11 @@
 20.98.194.68/30	permit
 20.105.209.76/30	permit
 20.107.239.64/30	permit
-20.112.250.133	permit
 20.118.139.208/30	permit
 20.141.10.196	permit
 20.185.214.0/27	permit
 20.185.214.32/27	permit
 20.185.214.64/27	permit
-20.231.239.246	permit
-20.236.44.162	permit
 23.103.224.0/19	permit
 23.249.208.0/20	permit
 23.251.224.0/19	permit
@@ -103,6 +103,24 @@
 27.123.206.80/28	permit
 31.25.48.222	permit
 31.47.251.17	permit
+34.2.64.0/22	permit
+34.2.68.0/23	permit
+34.2.70.0/23	permit
+34.2.71.64/26	permit
+34.2.72.0/22	permit
+34.2.75.0/26	permit
+34.2.78.0/23	permit
+34.2.80.0/23	permit
+34.2.82.0/23	permit
+34.2.84.0/24	permit
+34.2.84.64/26	permit
+34.2.85.0/24	permit
+34.2.85.64/26	permit
+34.2.86.0/23	permit
+34.2.88.0/23	permit
+34.2.90.0/23	permit
+34.2.92.0/23	permit
+34.2.94.0/23	permit
 34.195.217.107	permit
 34.212.163.75	permit
 34.215.104.144	permit
@@ -215,7 +233,6 @@
 52.95.49.88/29	permit
 52.96.91.34	permit
 52.96.111.82	permit
-52.96.172.98	permit
 52.96.214.50	permit
 52.96.222.194	permit
 52.96.222.226	permit
@@ -255,6 +272,7 @@
 54.244.54.130	permit
 54.244.242.0/24	permit
 54.255.61.23	permit
+56.124.6.228	permit
 57.103.64.0/18	permit
 62.13.128.0/24	permit
 62.13.129.128/25	permit
@@ -341,6 +359,7 @@
 65.110.161.77	permit
 65.123.29.213	permit
 65.123.29.220	permit
+65.154.166.0/24	permit
 65.212.180.36	permit
 66.102.0.0/20	permit
 66.119.150.192/26	permit
@@ -1304,6 +1323,9 @@
 117.120.16.0/21	permit
 119.42.242.52/31	permit
 119.42.242.156	permit
+121.244.91.48	permit
+121.244.91.52	permit
+122.15.156.182	permit
 123.126.78.64/29	permit
 124.108.96.24/31	permit
 124.108.96.28/31	permit
@@ -1366,7 +1388,21 @@
 134.170.141.64/26	permit
 134.170.143.0/24	permit
 134.170.174.0/24	permit
+135.84.80.0/24	permit
+135.84.81.0/24	permit
+135.84.82.0/24	permit
+135.84.83.0/24	permit
 135.84.216.0/22	permit
+136.143.160.0/24	permit
+136.143.161.0/24	permit
+136.143.162.0/24	permit
+136.143.176.0/24	permit
+136.143.177.0/24	permit
+136.143.178.49	permit
+136.143.182.0/23	permit
+136.143.184.0/24	permit
+136.143.188.0/24	permit
+136.143.190.0/23	permit
 136.147.128.0/20	permit
 136.147.135.0/24	permit
 136.147.176.0/20	permit
@@ -1381,6 +1417,7 @@
 139.138.46.219	permit
 139.138.57.55	permit
 139.138.58.119	permit
+139.167.79.86	permit
 139.180.17.0/24	permit
 140.238.148.191	permit
 141.148.159.229	permit
@@ -1498,6 +1535,9 @@
 163.114.135.16	permit
 164.152.23.32	permit
 164.177.132.168/30	permit
+165.173.128.0/24	permit
+165.173.180.250/31	permit
+165.173.182.250/31	permit
 166.78.68.0/22	permit
 166.78.68.221	permit
 166.78.69.169	permit
@@ -1526,6 +1566,12 @@
 168.245.12.252	permit
 168.245.46.9	permit
 168.245.127.231	permit
+169.148.129.0/24	permit
+169.148.131.0/24	permit
+169.148.142.10	permit
+169.148.144.0/25	permit
+169.148.144.10	permit
+169.148.146.0/23	permit
 170.10.128.0/24	permit
 170.10.129.0/24	permit
 170.10.132.56/29	permit
@@ -1667,6 +1713,14 @@
 198.61.254.231	permit
 198.178.234.57	permit
 198.244.48.0/20	permit
+198.244.56.107	permit
+198.244.56.108	permit
+198.244.56.109	permit
+198.244.56.111	permit
+198.244.56.112	permit
+198.244.56.113	permit
+198.244.56.114	permit
+198.244.56.115	permit
 198.244.59.30	permit
 198.244.59.33	permit
 198.244.59.35	permit
@@ -1679,7 +1733,15 @@
 199.16.156.0/22	permit
 199.33.145.1	permit
 199.33.145.32	permit
+199.34.22.36	permit
 199.59.148.0/22	permit
+199.67.80.2	permit
+199.67.80.20	permit
+199.67.82.2	permit
+199.67.82.20	permit
+199.67.84.0/24	permit
+199.67.86.0/24	permit
+199.67.88.0/24	permit
 199.101.161.130	permit
 199.101.162.0/25	permit
 199.122.120.0/21	permit
@@ -1736,6 +1798,8 @@
 204.92.114.187	permit
 204.92.114.203	permit
 204.92.114.204/31	permit
+204.141.32.0/23	permit
+204.141.42.0/23	permit
 204.220.160.0/21	permit
 204.220.168.0/21	permit
 204.220.176.0/20	permit
@@ -1988,6 +2052,9 @@
 2603:1030:20e:3::23c	permit
 2603:1030:b:3::152	permit
 2603:1030:c02:8::14	permit
+2607:13c0:0001:0000:0000:0000:0000:7000/116	permit
+2607:13c0:0002:0000:0000:0000:0000:1000/116	permit
+2607:13c0:0004:0000:0000:0000:0000:0000/116	permit
 2607:f8b0:4000::/36	permit
 2620:109:c003:104::/64	permit
 2620:109:c003:104::215	permit

From a92832d115922cb11b2387c25919da804f708c4d Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 2 Apr 2025 14:39:24 +0200
Subject: [PATCH 546/755] update README.md to include first 50 and 100$ monthly
 sponsors

---
 README.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/README.md b/README.md
index dc9b76be0..40288f10e 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,22 @@ You can also [get a SAL](https://www.servercow.de/mailcow?lang=en#sal) which is
 
 Or just spread the word: moo.
 
+## Many thanks to our GitHub Sponsors ❤️
+A big thank you to everyone supporting us on GitHub Sponsors—your contributions mean the world to us! Special thanks to the following amazing supporters:
+
+### 100$/Month Sponsors
+  <a href="https://www.colba.net/" target=_blank><img
+    src="https://avatars.githubusercontent.com/u/204464723" height="58"
+  /></a>
+  <a href="https://www.maehdros.com/" target=_blank><img
+    src="https://avatars.githubusercontent.com/u/173894712" height="58"
+  /></a>
+
+### 50$/Month Sponsors
+  <a href="https://github.com/vnukhr" target=_blank><img
+    src="https://avatars.githubusercontent.com/u/7805987?s=52&v=4" height="58"
+  /></a>
+
 ## Info, documentation and support
 
 Please see [the official documentation](https://docs.mailcow.email/) for installation and support instructions. 🐄

From 805634f9a94529a2c611100aed22f5c0b2d11b34 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 3 Apr 2025 10:19:30 +0200
Subject: [PATCH 547/755] Fix sasl_logs

---
 data/conf/dovecot/auth/mailcowauth.php     | 15 ++++---
 data/conf/dovecot/auth/passwd-verify.lua   |  9 ++--
 data/web/inc/functions.auth.inc.php        | 50 ++++++++++++++--------
 data/web/inc/functions.inc.php             | 28 ++++++++++++
 data/web/js/site/user.js                   |  6 ---
 data/web/templates/user/tab-user-auth.twig |  3 +-
 6 files changed, 74 insertions(+), 37 deletions(-)

diff --git a/data/conf/dovecot/auth/mailcowauth.php b/data/conf/dovecot/auth/mailcowauth.php
index fc17df724..667419c57 100644
--- a/data/conf/dovecot/auth/mailcowauth.php
+++ b/data/conf/dovecot/auth/mailcowauth.php
@@ -69,29 +69,34 @@ require_once 'functions.acl.inc.php';
 
 $isSOGoRequest = $post['real_rip'] == getenv('IPV4_NETWORK') . '.248';
 $result = false;
-$protocol = $post['protocol'];
 if ($isSOGoRequest) {
-  $protocol = null;
   // This is a SOGo Auth request. First check for SSO password.
   $sogo_sso_pass = file_get_contents("/etc/sogo-sso/sogo-sso.pass");
   if ($sogo_sso_pass === $post['password']){
     error_log('MAILCOWAUTH: SOGo SSO auth for user ' . $post['username']);
+    set_sasl_log($post['username'], $post['real_rip'], "SOGO");
     $result = true;
   }
 }
 if ($result === false){
-  $result = apppass_login($post['username'], $post['password'], $protocol, array(
+  $result = apppass_login($post['username'], $post['password'], array($post['service'] => true), array(
     'is_internal' => true,
     'remote_addr' => $post['real_rip']
   ));
-  if ($result) error_log('MAILCOWAUTH: App auth for user ' . $post['username']);
+  if ($result) {
+    error_log('MAILCOWAUTH: App auth for user ' . $post['username']);
+    set_sasl_log($post['username'], $post['real_rip'], $post['service']);
+  }
 }
 if ($result === false){
   // Init Identity Provider
   $iam_provider = identity_provider('init');
   $iam_settings = identity_provider('get');
   $result = user_login($post['username'], $post['password'], array('is_internal' => true));
-  if ($result) error_log('MAILCOWAUTH: User auth for user ' . $post['username']);
+  if ($result) {
+    error_log('MAILCOWAUTH: User auth for user ' . $post['username']);
+    set_sasl_log($post['username'], $post['real_rip'], $post['service']);
+  }
 }
 
 if ($result) {
diff --git a/data/conf/dovecot/auth/passwd-verify.lua b/data/conf/dovecot/auth/passwd-verify.lua
index cb2e928d0..a6cb988d7 100644
--- a/data/conf/dovecot/auth/passwd-verify.lua
+++ b/data/conf/dovecot/auth/passwd-verify.lua
@@ -12,12 +12,11 @@ function auth_password_verify(request, password)
     username = request.user,
     password = password,
     real_rip = request.real_rip,
-    protocol = {}
+    service = request.service
   }
-  req.protocol[request.service] = true
   local req_json = json.encode(req)
-  local res = {} 
-  
+  local res = {}
+
   local b, c = https.request {
     method = "POST",
     url = "https://nginx:9082",
@@ -33,7 +32,7 @@ function auth_password_verify(request, password)
   if api_response.success == true then
     return dovecot.auth.PASSDB_RESULT_OK, ""
   end
-  
+
   return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, "Failed to authenticate"
 end
 
diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index f432c3834..30d5943c4 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -9,25 +9,51 @@ function check_login($user, $pass, $app_passwd_data = false, $extra = null) {
   // Try validate admin
   if (!isset($role) || $role == "admin") {
     $result = admin_login($user, $pass);
-    if ($result !== false) return $result;
+    if ($result !== false){
+      return $result;
+    }
   }
 
   // Try validate domain admin
   if (!isset($role) || $role == "domain_admin") {
     $result = domainadmin_login($user, $pass);
-    if ($result !== false) return $result;
+    if ($result !== false) {
+      return $result;
+    }
   }
 
   // Try validate user
   if (!isset($role) || $role == "user") {
     $result = user_login($user, $pass);
-    if ($result !== false) return $result;
+    if ($result !== false) {
+      if ($app_passwd_data['eas'] === true) {
+        $service = 'EAS';
+      } elseif ($app_passwd_data['dav'] === true) {
+        $service = 'DAV';
+      } else {
+        $service = 'MAILCOWUI';
+      }
+      $real_rip = ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR']);
+      set_sasl_log($user, $real_rip, $service);
+      return $result;
+    }
   }
 
   // Try validate app password
   if (!isset($role) || $role == "app") {
     $result = apppass_login($user, $pass, $app_passwd_data);
-    if ($result !== false) return $result;
+    if ($result !== false) {
+      if ($app_passwd_data['eas'] === true) {
+        $service = 'EAS';
+      } elseif ($app_passwd_data['dav'] === true) {
+        $service = 'DAV';
+      } else {
+        $service = 'NONE';
+      }
+      $real_rip = ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR']);
+      set_sasl_log($user, $real_rip, $service, $pass);
+      return $result;
+    }
   }
 
   // skip log and only return false if it's an internal request
@@ -415,21 +441,7 @@ function apppass_login($user, $pass, $app_passwd_data, $extra = null){
 
     // verify password
     if (verify_hash($row['password'], $pass) !== false) {
-      if ($is_internal){
-        $remote_addr = $extra['remote_addr'];
-      } else {
-        $remote_addr = ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR']);
-      }
-
-      $service = strtoupper($is_app_passwd);
-      $stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES (:service, :app_id, :username, :remote_addr)");
-      $stmt->execute(array(
-        ':service' => $service,
-        ':app_id' => $row['app_passwd_id'],
-        ':username' => $user,
-        ':remote_addr' => $remote_addr
-      ));
-
+      $_SESSION['app_passwd_id'] = $row['app_passwd_id'];
       unset($_SESSION['ldelay']);
       return "user";
     }
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 6a70eb6e3..49e26b978 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -350,6 +350,34 @@ function last_login($action, $username, $sasl_limit_days = 7, $ui_offset = 1) {
   }
 
 }
+function set_sasl_log($username, $real_rip, $service){
+  global $pdo;
+
+  try {
+    if (!empty($_SESSION['app_passwd_id'])) {
+      $app_password = $_SESSION['app_passwd_id'];
+    } else {
+      $app_password = 0;
+    }
+
+    $stmt = $pdo->prepare('REPLACE INTO `sasl_log` (`username`, `real_rip`, `service`, `app_password`) VALUES (:username, :real_rip, :service, :app_password)');
+    $stmt->execute(array(
+      ':username' => $username,
+      ':real_rip' => $real_rip,
+      ':service' => $service,
+      ':app_password' => $app_password
+    ));
+  } catch (PDOException $e) {
+    $_SESSION['return'][] =  array(
+      'type' => 'danger',
+      'log' => array(__FUNCTION__, $_data_log),
+      'msg' => array('mysql_error', $e)
+    );
+    return false;
+  }
+
+  return true;
+}
 function flush_memcached() {
   try {
     $m = new Memcached();
diff --git a/data/web/js/site/user.js b/data/web/js/site/user.js
index 8f64d4e20..678e23b19 100644
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@@ -90,13 +90,7 @@ jQuery(function($){
           console.log('error reading last logins');
         },
         success: function (data) {
-          $('.last-ui-login').html('');
           $('.last-sasl-login').html('');
-          if (data.ui.time) {
-            $('.last-ui-login').html('<i class="bi bi-person-fill"></i> ' + lang.last_ui_login + ': ' + unix_time_format(data.ui.time));
-          } else {
-            $('.last-ui-login').text(lang.no_last_login);
-          }
           if (data.sasl) {
             $('.last-sasl-login').append('<ul class="list-group">');
             $.each(data.sasl, function (i, item) {
diff --git a/data/web/templates/user/tab-user-auth.twig b/data/web/templates/user/tab-user-auth.twig
index a7e025431..bace33489 100644
--- a/data/web/templates/user/tab-user-auth.twig
+++ b/data/web/templates/user/tab-user-auth.twig
@@ -184,7 +184,7 @@
           </div>
           {% endif %}
         </div>
-        <div class="ms-auto col-xl-3 col-lg-5 col-md-12 col-12 d-flex flex-column well flex-grow-1">
+        <div class="ms-auto col-xl-3 col-lg-5 col-md-12 col-12 d-flex flex-column well flex-grow-1" id="recent-logins">
           <legend class="d-flex">
             <span>{{ lang.user.recent_successful_connections }}</span>
             <div id="spinner-last-login" class="ms-auto my-auto spinner-border spinner-border-sm d-none" role="status">
@@ -192,7 +192,6 @@
             </div>
           </legend>
           <hr>
-          <h6 class="last-ui-login"></h6>
           <div class="d-flex">
             <span class="clear-last-logins mt-auto mb-2">
               {{ lang.user.clear_recent_successful_connections }}

From ceeabded73c66c8022eeac69721908f3f1c90d46 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 3 Apr 2025 10:29:47 +0200
Subject: [PATCH 548/755] [Web] Fix transport routing test

---
 data/web/js/site/admin.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index 90c00002a..847c25aa8 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -681,7 +681,7 @@ jQuery(function($){
     $(this).html('<div class="spinner-border" role="status"><span class="visually-hidden">Loading...</span></div> ');
     $.ajax({
       type: 'GET',
-      url: 'inc/ajax/transport_check.php',
+      url: '/inc/ajax/transport_check.php',
       dataType: 'text',
       data: $('#test_transport_form').serialize(),
       complete: function (data) {

From e65478076b48e6986f0bec0e8b5020697192340d Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 3 Apr 2025 11:58:35 +0200
Subject: [PATCH 549/755] [Web] Prevent user sync for mismatched authsource

---
 data/conf/phpfpm/crons/keycloak-sync.php | 2 +-
 data/conf/phpfpm/crons/ldap-sync.php     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/conf/phpfpm/crons/keycloak-sync.php b/data/conf/phpfpm/crons/keycloak-sync.php
index c9655a8ec..f09a47d79 100644
--- a/data/conf/phpfpm/crons/keycloak-sync.php
+++ b/data/conf/phpfpm/crons/keycloak-sync.php
@@ -196,7 +196,7 @@ while (true) {
         logMsg("err", "Could not create user " . $user['email']);
         continue;
       }
-    } else if ($row && intval($iam_settings['periodic_sync']) == 1) {
+    } else if ($row && intval($iam_settings['periodic_sync']) == 1 && $row['authsource'] == "keycloak") {
       if ($mapper_key === false){
         logMsg("warning", "No matching attribute mapping found for user " . $user['email']);
         continue;
diff --git a/data/conf/phpfpm/crons/ldap-sync.php b/data/conf/phpfpm/crons/ldap-sync.php
index 66b76e64a..32026c071 100644
--- a/data/conf/phpfpm/crons/ldap-sync.php
+++ b/data/conf/phpfpm/crons/ldap-sync.php
@@ -168,7 +168,7 @@ foreach ($response as $user) {
       logMsg("err", "Could not create user " . $user[$iam_settings['username_field']][0]);
       continue;
     }
-  } else if ($row && intval($iam_settings['periodic_sync']) == 1) {
+  } else if ($row && intval($iam_settings['periodic_sync']) == 1 && $row['authsource'] == "ldap") {
     if ($mapper_key === false){
       logMsg("warning", "No matching attribute mapping found for user " . $user[$iam_settings['username_field']][0]);
       continue;

From 62f816e64a964a0eb3c9243595b6ffedff897cc6 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 3 Apr 2025 12:19:04 +0200
Subject: [PATCH 550/755] [Web] Check app password before user password on web
 login

---
 data/web/inc/functions.auth.inc.php | 33 +++++++++++++++--------------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 30d5943c4..994915efc 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -22,22 +22,6 @@ function check_login($user, $pass, $app_passwd_data = false, $extra = null) {
     }
   }
 
-  // Try validate user
-  if (!isset($role) || $role == "user") {
-    $result = user_login($user, $pass);
-    if ($result !== false) {
-      if ($app_passwd_data['eas'] === true) {
-        $service = 'EAS';
-      } elseif ($app_passwd_data['dav'] === true) {
-        $service = 'DAV';
-      } else {
-        $service = 'MAILCOWUI';
-      }
-      $real_rip = ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR']);
-      set_sasl_log($user, $real_rip, $service);
-      return $result;
-    }
-  }
 
   // Try validate app password
   if (!isset($role) || $role == "app") {
@@ -56,6 +40,23 @@ function check_login($user, $pass, $app_passwd_data = false, $extra = null) {
     }
   }
 
+  // Try validate user
+  if (!isset($role) || $role == "user") {
+    $result = user_login($user, $pass);
+    if ($result !== false) {
+      if ($app_passwd_data['eas'] === true) {
+        $service = 'EAS';
+      } elseif ($app_passwd_data['dav'] === true) {
+        $service = 'DAV';
+      } else {
+        $service = 'MAILCOWUI';
+      }
+      $real_rip = ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR']);
+      set_sasl_log($user, $real_rip, $service);
+      return $result;
+    }
+  }
+
   // skip log and only return false if it's an internal request
   if ($is_internal == true) return false;
 

From 6794e6ff43449d34397e40931310169658c84ac4 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 3 Apr 2025 12:31:43 +0200
Subject: [PATCH 551/755] [Dovecot] Add service for authentication cache_key

---
 data/conf/dovecot/dovecot.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf
index 15be77fce..05d9264fa 100644
--- a/data/conf/dovecot/dovecot.conf
+++ b/data/conf/dovecot/dovecot.conf
@@ -53,7 +53,7 @@ mail_shared_explicit_inbox = yes
 mail_prefetch_count = 30
 passdb {
   driver = lua
-  args = file=/etc/dovecot/auth/passwd-verify.lua blocking=yes cache_key=%u:%w
+  args = file=/etc/dovecot/auth/passwd-verify.lua blocking=yes cache_key=%s:%u:%w
   result_success = return-ok
   result_failure = continue
   result_internalfail = continue

From 402bf53a5c24ac34ca7df63396640c9c0f2dc21c Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 4 Apr 2025 13:18:42 +0200
Subject: [PATCH 552/755] [Web] Improve clarity of LDAP SSL/TLS settings

---
 data/web/lang/lang.de-de.json                 |  4 ++-
 data/web/lang/lang.en-gb.json                 |  4 ++-
 .../admin/tab-config-identity-provider.twig   | 28 +++++++++++++++----
 3 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 45c6e9f50..98d601738 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -238,7 +238,9 @@
         "iam_username_field": "Username Feld",
         "iam_binddn": "Bind DN",
         "iam_use_ssl": "Benutze SSL",
-        "iam_use_tls": "Benutze TLS",
+        "iam_use_ssl_info": "TLS wird gegenüber SSL empfohlen. SSL gilt als veralteter Mechanismus für die sichere Ausführung von LDAP-Operationen.<br><br>Wenn SSL aktiviert ist und der Port auf 389 gesetzt wurde, wird dieser automatisch auf 636 geändert.",
+        "iam_use_tls": "Benutze StartTLS",
+        "iam_use_tls_info": "Wenn TLS aktiviert wird, muss der Standardport deines LDAP-Servers (389) verwendet werden. SSL-Ports können dabei nicht verwendet werden.",
         "iam_version": "Version",
         "ignore_ssl_error": "Ignoriere SSL Fehler",
         "import": "Importieren",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 5d6911e91..9c1f30483 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -245,7 +245,9 @@
         "iam_username_field": "Username Field",
         "iam_binddn": "Bind DN",
         "iam_use_ssl": "Use SSL",
-        "iam_use_tls": "Use TLS",
+        "iam_use_ssl_info": "TLS is recommended over SSL. SSL is labelled as a deprecated mechanism for securely running LDAP operations.<br><br>If enabling SSL, and port is set to 389, it will be automatically overridden to use 636.",
+        "iam_use_tls": "Use StartTLS",
+        "iam_use_tls_info": "If enabling TLS, you must use the default port for your LDAP server (389). SSL ports cannot be used.",
         "iam_version": "Version",
         "ignore_ssl_error": "Ignore SSL Errors",
         "import": "Import",
diff --git a/data/web/templates/admin/tab-config-identity-provider.twig b/data/web/templates/admin/tab-config-identity-provider.twig
index 9d4dcd286..dce26f8c3 100644
--- a/data/web/templates/admin/tab-config-identity-provider.twig
+++ b/data/web/templates/admin/tab-config-identity-provider.twig
@@ -392,11 +392,11 @@
           <input type="hidden" name="authsource" value="ldap">
           <div class="row mb-2">
             <div class="col-md-3 d-flex align-items-center justify-content-md-end">
-              <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill m-2 ms-0" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.admin.iam_host_info }}"></i>
+              <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill mx-2 ms-0" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.admin.iam_host_info }}"></i>
               <label class="control-label" for="iam_ldap_host">{{ lang.admin.iam_host }}:</label>
             </div>
             <div class="col-12 col-md-9 col-lg-4 d-flex">
-            <input type="text" class="form-control" id="iam_ldap_host" name="host" value="{{ iam_settings.host }}" required>
+              <input type="text" class="form-control" id="iam_ldap_host" name="host" value="{{ iam_settings.host }}" required>
             </div>
           </div>
           <div class="row mb-2">
@@ -409,21 +409,37 @@
           </div>
           <div class="row mb-2">
             <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill mx-2 ms-0" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.admin.iam_use_ssl_info }}"></i>
               <label class="control-label">{{ lang.admin.iam_use_ssl }}</label>
             </div>
-            <div class="col-12 col-md-9">
+            <div class="col-12 col-md-9 d-flex align-items-center">
               <div class="form-check form-switch">
-                <input class="form-check-input" type="checkbox" role="switch" name="use_ssl" value="1" {% if iam_settings.use_ssl == 1 %}checked{% endif %}>
+                <input class="form-check-input"
+                       type="checkbox"
+                       role="switch"
+                       id="use_ssl"
+                       name="use_ssl"
+                       value="1"
+                       onchange="if(this.checked) document.getElementById('use_tls').checked = false"
+                       {% if iam_settings.use_ssl == 1 %}checked{% endif %}>
               </div>
             </div>
           </div>
           <div class="row mb-2">
             <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill mx-2 ms-0" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.admin.iam_use_tls_info }}"></i>
               <label class="control-label">{{ lang.admin.iam_use_tls }}</label>
             </div>
-            <div class="col-12 col-md-9">
+            <div class="col-12 col-md-9 d-flex align-items-center">
               <div class="form-check form-switch">
-                <input class="form-check-input" type="checkbox" role="switch" name="use_tls" value="1" {% if iam_settings.use_tls == 1 %}checked{% endif %}>
+                <input class="form-check-input"
+                       type="checkbox"
+                       role="switch"
+                       id="use_tls"
+                       name="use_tls"
+                       value="1"
+                       onchange="if(this.checked) document.getElementById('use_ssl').checked = false"
+                       {% if iam_settings.use_tls == 1 %}checked{% endif %}>
               </div>
             </div>
           </div>

From 0eb8f3879264288c5d586f8086a419cd8d03c008 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 7 Apr 2025 07:59:43 +0200
Subject: [PATCH 553/755] [Web] Update LDAP SSL/TLS tooltips

---
 data/web/lang/lang.de-de.json | 2 +-
 data/web/lang/lang.en-gb.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 98d601738..f37c1d849 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -238,7 +238,7 @@
         "iam_username_field": "Username Feld",
         "iam_binddn": "Bind DN",
         "iam_use_ssl": "Benutze SSL",
-        "iam_use_ssl_info": "TLS wird gegenüber SSL empfohlen. SSL gilt als veralteter Mechanismus für die sichere Ausführung von LDAP-Operationen.<br><br>Wenn SSL aktiviert ist und der Port auf 389 gesetzt wurde, wird dieser automatisch auf 636 geändert.",
+        "iam_use_ssl_info": "Wenn SSL aktiviert ist und der Port auf 389 gesetzt wurde, wird dieser automatisch auf 636 geändert.",
         "iam_use_tls": "Benutze StartTLS",
         "iam_use_tls_info": "Wenn TLS aktiviert wird, muss der Standardport deines LDAP-Servers (389) verwendet werden. SSL-Ports können dabei nicht verwendet werden.",
         "iam_version": "Version",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 9c1f30483..3b5ff3fb4 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -245,7 +245,7 @@
         "iam_username_field": "Username Field",
         "iam_binddn": "Bind DN",
         "iam_use_ssl": "Use SSL",
-        "iam_use_ssl_info": "TLS is recommended over SSL. SSL is labelled as a deprecated mechanism for securely running LDAP operations.<br><br>If enabling SSL, and port is set to 389, it will be automatically overridden to use 636.",
+        "iam_use_ssl_info": "If enabling SSL, and port is set to 389, it will be automatically overridden to use 636.",
         "iam_use_tls": "Use StartTLS",
         "iam_use_tls_info": "If enabling TLS, you must use the default port for your LDAP server (389). SSL ports cannot be used.",
         "iam_version": "Version",

From 2c10c39bc4def2ecde8c1df9cf40487a0a4c08dd Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 7 Apr 2025 08:06:43 +0200
Subject: [PATCH 554/755] [Web] Update 2FA Info tooltip

---
 data/web/lang/lang.de-de.json | 2 +-
 data/web/lang/lang.en-gb.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index f37c1d849..747f7cf84 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -1335,7 +1335,7 @@
         "tag_in_subfolder": "In Unterordner",
         "tag_in_subject": "In Betreff",
         "text": "Text",
-        "tfa_info": "Zwei-Faktor-Authentifizierung hilft dabei, Ihr Konto zu schützen. Wenn Sie sie aktivieren, benötigen Sie möglicherweise App-Passwörter, um sich bei Apps oder Diensten anzumelden, die die Zwei-Faktor-Authentifizierung nicht unterstützen (z.B. Mailclients).",
+        "tfa_info": "Zwei-Faktor-Authentifizierung hilft dabei, Ihr Konto zu schützen. Wenn Sie sie aktivieren, benötigen Sie App-Passwörter, um sich bei Apps oder Diensten anzumelden, die die Zwei-Faktor-Authentifizierung nicht unterstützen (z.B. Mailclients).",
         "title": "Title",
         "tls_enforce_in": "TLS eingehend erzwingen",
         "tls_enforce_out": "TLS ausgehend erzwingen",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 3b5ff3fb4..ca8bb3adf 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -1357,7 +1357,7 @@
         "tag_in_subfolder": "In subfolder",
         "tag_in_subject": "In subject",
         "text": "Text",
-        "tfa_info": "Two-factor authentication helps protect your account. If you enable it, you may need app passwords to log in to apps or services that don't support two-factor authentication (e.g. Mailclients).",
+        "tfa_info": "Two-factor authentication helps protect your account. If you enable it, you need app passwords to log in to apps or services that don't support two-factor authentication (e.g. Mailclients).",
         "title": "Title",
         "tls_enforce_in": "Enforce TLS incoming",
         "tls_enforce_out": "Enforce TLS outgoing",

From 766c5e85801b9719e3447b935f03bb5dd84fda9e Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 9 Apr 2025 08:02:30 +0200
Subject: [PATCH 555/755] [Dovecot] Ignore app passwords protocol access on
 SOGo request

---
 data/conf/dovecot/auth/mailcowauth.php   | 4 +++-
 data/conf/dovecot/auth/passwd-verify.lua | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/data/conf/dovecot/auth/mailcowauth.php b/data/conf/dovecot/auth/mailcowauth.php
index 667419c57..4eda382b7 100644
--- a/data/conf/dovecot/auth/mailcowauth.php
+++ b/data/conf/dovecot/auth/mailcowauth.php
@@ -79,7 +79,9 @@ if ($isSOGoRequest) {
   }
 }
 if ($result === false){
-  $result = apppass_login($post['username'], $post['password'], array($post['service'] => true), array(
+  // If it's a SOGo Request, don't check for protocol access
+  $service = (isSOGoRequest) ? false : array($post['service'] => true);
+  $result = apppass_login($post['username'], $post['password'], $service, array(
     'is_internal' => true,
     'remote_addr' => $post['real_rip']
   ));
diff --git a/data/conf/dovecot/auth/passwd-verify.lua b/data/conf/dovecot/auth/passwd-verify.lua
index 18c18dbe3..19dcc4bd6 100644
--- a/data/conf/dovecot/auth/passwd-verify.lua
+++ b/data/conf/dovecot/auth/passwd-verify.lua
@@ -29,7 +29,7 @@ function auth_password_verify(request, password)
     insecure = true
   }
 
-  if c ~= 200 then
+  if c ~= 200 and c ~= 401 then
     dovecot.i_info("HTTP request failed with " .. c .. " for user " .. request.user)
     return dovecot.auth.PASSDB_RESULT_INTERNAL_FAILURE, "Upstream error"
   end

From b96a5b1efd50f95711c630e7f26e5636a6fd8850 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 9 Apr 2025 08:07:46 +0200
Subject: [PATCH 556/755] [Web] Fix AJAX urls to absolute path

---
 data/web/js/site/admin.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index 847c25aa8..b6edf6f80 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -51,7 +51,7 @@ jQuery(function($){
     $('.submit_rspamd_regex').attr({"disabled": true});
   });
   $("#show_rspamd_global_filters").click(function() {
-    $.get("inc/ajax/show_rspamd_global_filters.php");
+    $.get("/inc/ajax/show_rspamd_global_filters.php");
     $("#confirm_show_rspamd_global_filters").hide();
     $("#rspamd_global_filters").removeClass("d-none");
   });
@@ -655,7 +655,7 @@ jQuery(function($){
     $(this).html('<i class="bi bi-arrow-repeat icon-spin"></i> ');
     $.ajax({
       type: 'GET',
-      url: 'inc/ajax/relay_check.php',
+      url: '/inc/ajax/relay_check.php',
       dataType: 'text',
       data: $('#test_relayhost_form').serialize(),
       complete: function (data) {

From 4ac839cf492a6428a30d0bd17e30184fbd7aa80f Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Thu, 10 Apr 2025 17:11:30 +0200
Subject: [PATCH 557/755] Translations update from Weblate (#6463)

* [Web] Updated lang.hu-hu.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.lv-lv.json

[Web] Updated lang.lv-lv.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Edgars Andersons <Edgars+Mailcow+Weblate@gaitenis.id.lv>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Added lang.bg-bg.json

Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.tr-tr.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.uk-ua.json

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.zh-cn.json

Co-authored-by: Easton Man <me@eastonman.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

---------

Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Edgars Andersons <Edgars+Mailcow+Weblate@gaitenis.id.lv>
Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: Easton Man <me@eastonman.com>
---
 data/web/lang/lang.bg-bg.json |  1 +
 data/web/lang/lang.hu-hu.json |  2 +-
 data/web/lang/lang.lv-lv.json | 63 ++++++++++++++++++++++++-----------
 data/web/lang/lang.tr-tr.json |  2 +-
 data/web/lang/lang.uk-ua.json |  2 +-
 data/web/lang/lang.zh-cn.json | 63 +++++++++++++++++++++++++++++++----
 6 files changed, 103 insertions(+), 30 deletions(-)
 create mode 100644 data/web/lang/lang.bg-bg.json

diff --git a/data/web/lang/lang.bg-bg.json b/data/web/lang/lang.bg-bg.json
new file mode 100644
index 000000000..0967ef424
--- /dev/null
+++ b/data/web/lang/lang.bg-bg.json
@@ -0,0 +1 @@
+{}
diff --git a/data/web/lang/lang.hu-hu.json b/data/web/lang/lang.hu-hu.json
index 97f575a69..3b9eb5fbc 100644
--- a/data/web/lang/lang.hu-hu.json
+++ b/data/web/lang/lang.hu-hu.json
@@ -590,4 +590,4 @@
         "app_name": "Alkalmazás neve",
         "app_passwd_protocols": "Engedélyezett protokollok az alkalmazás jelszavához"
     }
-}
\ No newline at end of file
+}
diff --git a/data/web/lang/lang.lv-lv.json b/data/web/lang/lang.lv-lv.json
index 545bbe475..2b433b8e8 100644
--- a/data/web/lang/lang.lv-lv.json
+++ b/data/web/lang/lang.lv-lv.json
@@ -16,7 +16,16 @@
         "login_as": "Pieteikšanās kā pastkastes lietotājam",
         "mailbox_relayhost": "Pasta kastītes relayhost maiņa",
         "prohibited": "Aizliegts ar ACL",
-        "protocol_access": "Protokola piekļuves maiņa"
+        "protocol_access": "Protokola piekļuves maiņa",
+        "pw_reset": "Ļaut atiestatīt mailcow lietotāja paroli",
+        "ratelimit": "Piekļuves biežuma ierobežojums",
+        "quarantine": "Karantīnas darbības",
+        "quarantine_attachments": "Karantīnas pielikumi",
+        "quarantine_category": "Mainīt karantīnas paziņojumu kategoriju",
+        "quarantine_notification": "Mainīt karantīnas paziņojumus",
+        "smtp_ip_access": "Mainīt SMTP atļautos saimniekdatorus",
+        "sogo_access": "Atļaut SOGo piekļuves pārvaldību",
+        "sogo_profile_reset": "Atiestatīt SOGo profilu"
     },
     "add": {
         "activate_filter_warn": "Visi pārējie filtri tiks deaktivizēti, kad aktīvs ir atzīmēts.",
@@ -24,8 +33,8 @@
         "add": "Pievienot",
         "add_domain_only": "Tikai pievienot domēnu",
         "add_domain_restart": "Pievienot domēnu un restartēt SOGo",
-        "alias_address": "Aizstājaddrese/s",
-        "alias_address_info": "<small>Pilna epasta addrese/s vai @piemērs.com, lai notvertu visas domēna ziņas (komatu atdalītas). <b>tikai mailcow domēni</b>.</small>",
+        "alias_address": "Aizstājadrese/s",
+        "alias_address_info": "<small>Pilna epasta adrese/s vai @example.com, lai notvertu visus domēna ziņojumus (atdalītas ar komatu). <b>Tikai mailcow domēni</b>.</small>",
         "alias_domain": "Aizstājdomēni",
         "alias_domain_info": "<small>Tikai derīgi domēna vārdi (komatu atdalīti).</small>",
         "automap": "Mēģiniet automatizēt mapes (\"Nosūtītie vienumi\", \"Nosūtītie\" => \"Nosūtītie\" etc.)",
@@ -63,15 +72,17 @@
         "skipcrossduplicates": "Izlaist dublētus ziņojumus pa mapēm (pirmais nāk, pirmais kalpo)",
         "syncjob": "Pievienot sinhronizācijas darbu",
         "syncjob_hint": "Ņemiet vērā, ka parole ir jāuzglabā vienkāršā tekstā!",
-        "target_address": "Iet uz adresēm",
-        "target_address_info": "<small>Pilna epasta addrese/s (comma-separated).</small>",
+        "target_address": "Mērķa adreses",
+        "target_address_info": "<small>Pilna epasta adrese/s (atdalītas ar komatu).</small>",
         "target_domain": "Mērķa domēns",
         "username": "Lietotājvārds",
         "validate": "Apstiprināt",
         "validation_success": "Apstiprināts veiksmīgi",
         "bcc_dest_format": "BCC galamērķim ir jābūt vienai derīgai e-pasta adresei.<br>Ja ir nepieciešams nosūtīt kopiju vairākām adresēm, jāizveido aizstājvārds un jāizmanto tas šeit.",
         "domain_matches_hostname": "Domēns %s atbilst saimniekdatora nosaukumam",
-        "disable_login": "Neļaut pieteikšanos (ienākošais pasts joprojām tiks pieņemts)"
+        "disable_login": "Neļaut pieteikšanos (ienākošais pasts joprojām tiks pieņemts)",
+        "app_password": "Pievienot lietotnes paroli",
+        "app_passwd_protocols": "Atļautie lietotnes paroles protokoli"
     },
     "admin": {
         "access": "Pieeja",
@@ -114,7 +125,7 @@
         "f2b_whitelist": "Baltā saraksta tīkls/hosts",
         "filter_table": "Filtru tabula",
         "forwarding_hosts": "Hostu pārsūtīšana",
-        "forwarding_hosts_add_hint": "Var norādīt vai nu IPv4/IPv6 addreses, tīklu ar CIDR apzīmējumu, saimniekdatoru nosaukumus (kas tiks atrisināti IP adresēs) vai arī domēna vārdus (kas tiks atrisināti IP adresēs, vaicājot SPF ierakstus, vai, ja tādu nav, MX ierakstus).",
+        "forwarding_hosts_add_hint": "Var norādīt vai nu IPv4/IPv6 adreses, tīklu ar CIDR apzīmējumu, saimniekdatoru nosaukumus (kas tiks atrisināti IP adresēs) vai arī domēna vārdus (kas tiks atrisināti IP adresēs, vaicājot SPF ierakstus, vai, ja tādu nav, MX ierakstus).",
         "forwarding_hosts_hint": "Ienākošie ziņojumi tiek bez nosacījumiem pieņemti no visiem šeit norādītajiem saimniekdatoriem. Tie tad netiek pārbaudīti pret DNSBL vai pakļauti ievietošanai pelēkajā sarakstā. No tiem saņemtās mēstules nekad netiek noraidītas, bet pēc izvēles tās var pārvietot mapē \"Nevēlams\". Visbiežāk to izmanto, lai norādītu pasta serverus, kuros ir uzstādīts nosacījums, kas pārsūta ienākošās e-pasta vēstules uz Tavu mailcow serveri.",
         "help_text": "Pārrakstīt palīdzības tekstu zem pieteikšanās maskas (var izmantot HTML)",
         "host": "Hosts",
@@ -142,7 +153,7 @@
         "recipients": "Adresāts",
         "refresh": "Atsvaidzināt",
         "regen_api_key": "Reģenerēt API atslēgu",
-        "relay_from": "\"No:\" addrese",
+        "relay_from": "\"No:\" adrese",
         "relay_run": "Palaist testu",
         "relayhosts_hint": "Norādīt no sūtītāja atkarīgas piegādes, lai varētu tos atlasīt domēnu konfigurācijas uzvednē.<br>\n  Piegādes pakalpojums vienmēr ir \"smtp\", tādējādi tiks mēģināts TLS, kad piedāvāts. Iekļautais TLS (SMTPS) netiek atbalstīts. Tiek ņemts vērā lietotāja atsevišķais izejošā TLS nosacījuma iestatījums.<br>\n  Ietekmē atlasītos domēnus, tajā skaitā aizstājdomēnus.",
         "remove": "Noņemt",
@@ -222,7 +233,8 @@
         "targetd_not_found": "Mērķa domēns nav atrasts",
         "username_invalid": "Lietotājvārds nevar tikt izmantots",
         "validity_missing": "Lūdzu piešķiriet derīguma termiņu",
-        "domain_cannot_match_hostname": "Domēns nevar atbilst saimniekdatora nosaukumam"
+        "domain_cannot_match_hostname": "Domēns nevar atbilst saimniekdatora nosaukumam",
+        "app_passwd_id_invalid": "Lietotnes paroles Id %s ir nederīgs"
     },
     "diagnostics": {
         "cname_from_a": "Vērtība, kas iegūta no A/AAAA ieraksta. Tas tiek atbalstīts tik ilgi, kamēr ieraksts norāda uz pareizo resursu.",
@@ -257,7 +269,7 @@
         "hostname": "Saimniekdatora nosaukums",
         "inactive": "Neaktīvs",
         "kind": "Veids",
-        "mailbox": "Rediģēt pastkasti",
+        "mailbox": "Labot pastkasti",
         "max_aliases": "Lielākais aizstājvārdu skaits",
         "max_mailboxes": "Maks. iespējamās pastkastes",
         "max_quota": "Maks. kvota uz pastkasti (MiB)",
@@ -283,8 +295,8 @@
         "spam_policy": "Pievienot vai noņemt vienumus baltajā-/melnajā sarakstā",
         "spam_score": "Iestatīt pielāgotu surogātpasta vērtējumu",
         "subfolder2": "Sinhronizēt galamērķa apakšmapē<br><small>(tukšs = neizmantot apakšmapi)</small>",
-        "syncjob": "Rediģēt sinhronizācijas darbu",
-        "target_address": "Iet uz adresi/ēm <small>(komatu atdalītas)</small>",
+        "syncjob": "Labot sinhronizācijas darbu",
+        "target_address": "Mērķa adrese/s <small>(atdalītas ar komatu)</small>",
         "target_domain": "Mērķa domēns",
         "title": "Labot priekšmetu",
         "unchanged_if_empty": "Ja neizmainīts atstājiet tukšu",
@@ -300,8 +312,11 @@
         "sogo_visible": "Aizstājvārds ir redzams SOGo",
         "sogo_visible_info": "Šī iespēja ietekmē tikai tos objektus, kurus var parādīt SOGo (koplietojamās vai nekoplietojamās aizstājadreses, kas norāda uz vismaz vienu vietējo pastkasti). Ja paslēpts, netiks parādīts SOGo kā atlasāms sūtītājs.",
         "mbox_rl_info": "Šis pieprasījumu ierobežojums tiek piemērots SASL pieteikšanās vārdam, tas atbilst jebkurai \"from\" adresei, ko izmanto lietotājs, kurš ir pieteicies. Pastkastes pieprasījumu ierobežojums pārraksta domēna mēroga pieprasījumu ierobežojumu.",
-        "sogo_access": "Nodrošināt tiešu pieteikšanās piekļuvi SOGo",
-        "disable_login": "Neļaut pieteikšanos (ienākošais pasts joprojām tiks pieņemts)"
+        "sogo_access": "Tieša pārvirzīšana uz SOGo",
+        "disable_login": "Neļaut pieteikšanos (ienākošais pasts joprojām tiks pieņemts)",
+        "app_passwd_protocols": "Atļautie lietotnes paroles protokoli",
+        "allowed_protocols": "Atļautie protokoli tiešai lietotāja piekļuvei (neietekmē lietotnes paroles protokolus)",
+        "app_passwd": "Lietotnes parole"
     },
     "footer": {
         "cancel": "Atcelt",
@@ -508,7 +523,9 @@
         "verified_fido2_login": "Apliecināta FIDO2 pieteikšanās",
         "verified_webauthn_login": "Apliecināta WebAuthn pieteikšanās",
         "verified_totp_login": "Apliecināta TOTP pieteikšanās",
-        "verified_yotp_login": "Apliecināta Yubico OTP pieteikšanās"
+        "verified_yotp_login": "Apliecināta Yubico OTP pieteikšanās",
+        "app_passwd_removed": "Noņemta lietotnes parole ar Id %s",
+        "app_passwd_added": "Pievienota jauna lietotnes parole"
     },
     "tfa": {
         "api_register": "%s izmanto Yubico Cloud API. Lūdzu iegūstiet API atslēgu priekš Jūsu atslēgas<a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">here</a>",
@@ -523,7 +540,7 @@
         "scan_qr_code": "Lūdzu, skenējiet šo kodu ar savu autentifikācijas lietojumprogrammu vai ievadiet kodu manuāli.",
         "select": "Lūdzu izvēlaties",
         "set_tfa": "Uzstādīt difi faktoru autentifik;acijas metodi",
-        "tfa": "Divu faktoru autentifikācija",
+        "tfa": "Divpakāpju pieteikšanās",
         "totp": "Uz laiku bāzēta vienreizēja parole (Google Autentifikātors utt.)",
         "webauthn": "WebAuthn autentifikācija",
         "waiting_usb_auth": "<i>Gaida USB ierīci...</i><br><br>Lūdzu, tagad nospiežiet pogu uz Jūsu WebAuthn USB ierīces.",
@@ -618,12 +635,18 @@
         "apple_connection_profile_mailonly": "Šis savienojuma profils iekļauj IMAP un SMTP konfigurācijas parametrus Apple ierīcei.",
         "pushover_info": "Pašpiegādes paziņojumu iestatījumi attieksies uz visu tīro (ne surogātpasta) pastu, kas piegādāts uz <b>%s</b>, ieskaitot aizstājvārdus (kopīgotus, nekopīgotus, ar birkām).",
         "app_hint": "Lietotņu paroles ir aizstājējparoles, lai pieteiktos IMAP, SMTP, CalDAV, CardDAV un EAS. Lietotājvārds paliek nemainīgs. SOGo tīmekļa pasts nav pieejams ar lietotņu parolēm.",
-        "direct_protocol_access": "Šim pastkastes lietotājam ir <b> tieša, ārēja piekļuve</b> zemāk uzskaitītajiem protokoliem un lietotnēm. Šo iestatījumu pārrauga pārvaldītājs. Lietotņu paroles var izveidot, lai nodrošinātu piekļuvi atsevišķiem protokoliem un lietotnēm.<br>Poga \"Pieteikties tīmekļa pastā\" nodrošina vienotu pieteikšanos SOGo un vienmēr ir pieejama.",
+        "direct_protocol_access": "Šim pastkastes lietotājam ir <b> tieša, ārēja piekļuve</b> zemāk uzskaitītajiem protokoliem un lietotnēm. Šo iestatījumu pārrauga pārvaldītājs. Lietotņu paroles var izveidot, lai nodrošinātu piekļuvi atsevišķiem protokoliem un lietotnēm.<br>Poga \"Tīmekļa pasts\" nodrošina vienotu pieteikšanos SOGo un vienmēr ir pieejama.",
         "last_ui_login": "Pēdējā pieteikšanās saskarnē",
         "login_history": "Pieteikšanās vēsture",
         "no_last_login": "Nav informācijas par pēdējām pieteikšanās saskarnē reizēm",
-        "open_webmail_sso": "Pieteikšanās tīmekļa pastā",
-        "last_mail_login": "Pēdējā pasta pieteikšanās"
+        "open_webmail_sso": "Tīmekļa pasts",
+        "last_mail_login": "Pēdējā pasta pieteikšanās",
+        "change_password_hint_app_passwords": "Kontā ir %d lietotņu paroles, kas netiks mainītas. Lai pārvaldītu tās, jādodas uz cilni \"Lietotņu paroles\".",
+        "with_app_password": "ar lietotnes paroli",
+        "apple_connection_profile_with_app_password": "Jauna lietotnes parole ir izveidota un pievienota profilam, lai ierīces iestatīšanas laikā nebūtu nepieciešams ievadīt paroli. Lūgums nekopīgot datni, jo tā nodrošina pilnu piekļuvi pastkastei.",
+        "tfa_info": "Divpakāpju autentificēšanās palīdz aizsargāt kontu.Ja tā ir iespējota, var būt nepieciešamas lietotņu paroles, lai pieteiktos lietotnēs vai pakalpojumos, kas nenodrošina divpakāpju autentificēšanos (piem., e-pasta klienti).",
+        "app_passwds": "Lietotņu paroles",
+        "create_app_passwd": "Izveidot lietotnes paroli"
     },
     "datatables": {
         "paginate": {
@@ -657,4 +680,4 @@
     "fido2": {
         "fido2_auth": "Pieteikties ar FIDO2"
     }
-}
\ No newline at end of file
+}
diff --git a/data/web/lang/lang.tr-tr.json b/data/web/lang/lang.tr-tr.json
index aa1b90df1..bc1da77e7 100644
--- a/data/web/lang/lang.tr-tr.json
+++ b/data/web/lang/lang.tr-tr.json
@@ -1309,4 +1309,4 @@
         "q_reject": "Reddedildi",
         "week": "Hafta"
     }
-}
\ No newline at end of file
+}
diff --git a/data/web/lang/lang.uk-ua.json b/data/web/lang/lang.uk-ua.json
index c6ded247b..61c401a07 100644
--- a/data/web/lang/lang.uk-ua.json
+++ b/data/web/lang/lang.uk-ua.json
@@ -1307,4 +1307,4 @@
         },
         "collapse_all": "Згорнути все"
     }
-}
\ No newline at end of file
+}
diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index 70a48a91a..f9bb481da 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -358,7 +358,43 @@
         "ip_check_disabled": "IP 检查已禁用。你可透过以下路径启用<br> <strong>系统 > 配置 > 选项 > 页面自定义</strong>",
         "queue_unban": "解除封禁",
         "allowed_methods": "访问控制允许方式",
-        "allowed_origins": "访问控制允许原"
+        "allowed_origins": "访问控制允许原",
+        "iam": "身份识别提供者",
+        "iam_attribute_field": "Attribute 域",
+        "iam_authorize_url": "Authorization endpoint",
+        "iam_auth_flow": "认证流程",
+        "iam_basedn": "Base DN",
+        "iam_client_id": "客户端 ID",
+        "iam_client_secret": "客户端凭据",
+        "iam_client_scopes": "客户端 Scopes",
+        "iam_default_template": "默认模板",
+        "iam_default_template_description": "如果未为用户分配模板，则在创建邮箱时将使用默认模板，但在更新邮箱时不会使用默认模板。",
+        "iam_description": "配置外部认证提供者<br>如果已设置好属性映射，用户在首次登录时将会自动创建其 Mailbox。",
+        "iam_host": "Host",
+        "iam_host_info": "请输入一个或多个 LDAP 主机，使用英文逗号分隔。",
+        "iam_import_users": "导入用户",
+        "iam_mapping": "属性映射",
+        "iam_bindpass": "密码绑定（Bind Password）",
+        "iam_periodic_full_sync": "周期性全量同步",
+        "iam_port": "端口",
+        "iam_realm": "Realm",
+        "iam_redirect_url": "重定向 Url",
+        "iam_rest_flow": "Mailpassword 流程",
+        "iam_server_url": "服务器 Url",
+        "iam_sso": "单点登录（SSO）",
+        "iam_sync_interval": "同步/导入周期（min）",
+        "iam_test_connection": "测试连接",
+        "iam_token_url": "Token endpoint",
+        "iam_userinfo_url": "User info endpoint",
+        "iam_username_field": "Username 域",
+        "iam_binddn": "Bind DN",
+        "iam_use_ssl": "使用 SSL",
+        "iam_use_tls": "使用 TLS",
+        "iam_version": "版本",
+        "ignore_ssl_error": "忽略 SSL 错误",
+        "iam_auth_flow_info": "除了在单点登录（SSO）中使用的 Authorization Code 流程（在 Keycloak 中是标准流程）之外，mailcow 还支持使用 Credentials 的身份认证流程。Mailpassword 流程尝试通过 Keycloak 的 Admin REST API 验证用户凭据，mailcow 会从 Keycloak 中的 <code>mailcow_password</code> 属性中获取哈希后的密码。",
+        "filter": "过滤",
+        "iam_extra_permission": "要使以下设置生效，Keycloak 中的 mailcow 客户端需要一个 <code>服务账户（Service account）</code> 以及 <code>查看用户（view-users）</code> 的权限。"
     },
     "danger": {
         "access_denied": "访问被拒绝或者表单数据无效",
@@ -495,7 +531,11 @@
         "webauthn_authenticator_failed": "找不到所选的 authenticator",
         "webauthn_publickey_failed": "没有为选定的身份验证器保存公钥",
         "webauthn_username_failed": "所选的 authenticator 属于另一个账户",
-        "demo_mode_enabled": "演示模式已开启"
+        "demo_mode_enabled": "演示模式已开启",
+        "generic_server_error": "服务器错误。请联系您的管理员。",
+        "authsource_in_use": "由于当前有一个或多个用户正在使用该身份提供者（IDP），因此无法更改或删除。",
+        "iam_test_connection": "连接失败",
+        "required_data_missing": "缺少需要的 %s 数据"
     },
     "debug": {
         "chart_this_server": "图表 (此服务器)",
@@ -744,7 +784,10 @@
         "new_password_confirm": "确认新密码",
         "reset_password": "重置密码",
         "request_reset_password": "请求重置密码",
-        "invalid_pass_reset_token": "密码重置 token 无效或已过期。<br> 请重新获取新的密码重置链接。"
+        "invalid_pass_reset_token": "密码重置 token 无效或已过期。<br> 请重新获取新的密码重置链接。",
+        "login_user": "用户登录",
+        "login_dadmin": "域管理员登录",
+        "login_admin": "管理员登录"
     },
     "mailbox": {
         "action": "操作",
@@ -919,7 +962,8 @@
         "max_quota": "每个信箱的最大容量配额",
         "relay_unknown": "转发未知信箱",
         "templates": "模板",
-        "template": "模板"
+        "template": "模板",
+        "iam": "身份提供者（IDP）"
     },
     "oauth2": {
         "access_denied": "请作为邮箱所有者登录以使用 OAuth2 授权。",
@@ -1097,7 +1141,8 @@
         "recovery_email_sent": "重置邮件已发送至 %s",
         "template_added": "新增了模板 %s",
         "template_modified": "模板 %s 的修改已保存",
-        "template_removed": "模板 ID %s 已删除"
+        "template_removed": "模板 ID %s 已删除",
+        "iam_test_connection": "连接成功"
     },
     "tfa": {
         "api_register": "%s 使用了 Yubico Cloud API，请<a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">在此</a>为你的密钥获取 API 密钥",
@@ -1292,7 +1337,11 @@
         "password_reset_info": "如果不提供密码重置邮箱，此功能将无法使用。",
         "pushover_sound": "声音",
         "value": "值",
-        "attribute": "属性"
+        "attribute": "属性",
+        "protocols": "协议",
+        "authentication": "认证",
+        "tfa_info": "两步验证有助于保护您的账户安全。启用后，对于不支持两步验证的应用程序或服务（例如邮件客户端），需要使用应用专用密码进行登录。",
+        "overview": "概览"
     },
     "warning": {
         "cannot_delete_self": "不能删除已登录的用户",
@@ -1332,4 +1381,4 @@
         "loadingRecords": "加载中...",
         "zeroRecords": "未找到符合条件的记录"
     }
-}
\ No newline at end of file
+}

From 84f67d66082b79e2e9c495ca7944bd55a3497104 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Thu, 10 Apr 2025 17:16:44 +0200
Subject: [PATCH 558/755] Translations update from Weblate (#6478)

* [Web] Updated lang.de-de.json

Co-authored-by: Jonas Leiner <jonas.leiner.123@gmail.com>

* [Web] Updated lang.fr-fr.json

Co-authored-by: Neuronnexion <support@nnx.com>

---------

Co-authored-by: Jonas Leiner <jonas.leiner.123@gmail.com>
Co-authored-by: Neuronnexion <support@nnx.com>
---
 data/web/lang/lang.de-de.json | 12 +++++++-----
 data/web/lang/lang.fr-fr.json |  5 ++++-
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 747f7cf84..911ebfc67 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -398,7 +398,8 @@
         "allowed_methods": "Access-Control-Allow-Methods",
         "allowed_origins": "Access-Control-Allow-Origin",
         "logo_dark_label": "Invertiert für den Darkmode",
-        "logo_normal_label": "Normal"
+        "logo_normal_label": "Normal",
+        "user_link": "Nutzer-Link"
     },
     "danger": {
         "access_denied": "Zugriff verweigert oder unvollständige/ungültige Daten",
@@ -806,9 +807,9 @@
         "forgot_password": "> Passwort vergessen?",
         "invalid_pass_reset_token": "Der Rücksetz-Token für das Passwort ist ungültig oder abgelaufen.<br>Bitte fordern Sie einen neuen Link zur Passwortwiederherstellung an.",
         "login": "Anmelden",
-        "login_user": "Benutzer Anmelden",
-        "login_dadmin": "Domain-Administrator Anmelden",
-        "login_admin": "Administrator Anmelden",
+        "login_user": "Anmeldung als Benutzer",
+        "login_dadmin": "Anmeldung als Domain-Administrator",
+        "login_admin": "Anmeldung als Administrator",
         "mobileconfig_info": "Bitte als Mailbox-Benutzer einloggen, um das Verbindungsprofil herunterzuladen.",
         "new_password": "Neues Passwort",
         "new_password_confirm": "Neues Passwort bestätigen",
@@ -991,7 +992,8 @@
         "syncjob_EXIT_TLS_FAILURE": "Problem mit verschlüsselter Verbindung",
         "syncjob_EXIT_AUTHENTICATION_FAILURE": "Authentifizierungsproblem",
         "syncjob_EXIT_OVERQUOTA": "Ziel Mailbox ist über dem Limit",
-        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Kann keine Verbindung zum Zielserver herstellen"
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Kann keine Verbindung zum Zielserver herstellen",
+        "iam": "Identitätsanbieter"
     },
     "oauth2": {
         "access_denied": "Bitte als Mailbox-Nutzer einloggen, um den Zugriff via OAuth2 zu erlauben.",
diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index e9bff05d5..58300c0d4 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -730,7 +730,10 @@
         "new_password": "Nouveau mot de passe",
         "new_password_confirm": "Confirmer le nouveau mot de passe",
         "reset_password": "Réinitialiser le mot de passe",
-        "request_reset_password": "Demander le changement du mot de passe"
+        "request_reset_password": "Demander le changement du mot de passe",
+        "login_user": "Connexion Utilisateur",
+        "login_dadmin": "Connexion Administrateur de domaine",
+        "login_admin": "Connexion Administrateur"
     },
     "mailbox": {
         "action": "Action",

From a370499aaafade9527ebb2a8282033a4f42a2fc1 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 11 Apr 2025 08:30:54 +0200
Subject: [PATCH 559/755] Update dependency Imagick/imagick to v3.8.0 (#6480)

---
 data/Dockerfiles/phpfpm/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index 4ba8349f9..ff333f5b3 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -5,7 +5,7 @@ LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 # renovate: datasource=github-tags depName=krakjoe/apcu versioning=semver-coerced extractVersion=^v(?<version>.*)$
 ARG APCU_PECL_VERSION=5.1.24
 # renovate: datasource=github-tags depName=Imagick/imagick versioning=semver-coerced extractVersion=(?<version>.*)$
-ARG IMAGICK_PECL_VERSION=3.7.0
+ARG IMAGICK_PECL_VERSION=3.8.0
 # renovate: datasource=github-tags depName=php/pecl-mail-mailparse versioning=semver-coerced extractVersion=^v(?<version>.*)$
 ARG MAILPARSE_PECL_VERSION=3.1.8
 # renovate: datasource=github-tags depName=php-memcached-dev/php-memcached versioning=semver-coerced extractVersion=^v(?<version>.*)$

From 692355a08ad935b147ef8e877635d247a0e5aac3 Mon Sep 17 00:00:00 2001
From: PseudoResonance <75700a85-1205-4740-aebf-4413a352e81b@otake.pw>
Date: Sat, 12 Apr 2025 06:24:37 -0700
Subject: [PATCH 560/755] Allow additional domains in OAuth2 redirect URLs

---
 data/web/api/openapi.yaml                     |  6 ++
 data/web/inc/functions.inc.php                | 27 ++++++-
 data/web/js/site/admin.js                     | 30 ++++++++
 .../admin/tab-config-identity-provider.twig   | 72 +++++++++++++++++--
 4 files changed, 130 insertions(+), 5 deletions(-)

diff --git a/data/web/api/openapi.yaml b/data/web/api/openapi.yaml
index afab5fb0c..f207ee6a1 100644
--- a/data/web/api/openapi.yaml
+++ b/data/web/api/openapi.yaml
@@ -5847,6 +5847,7 @@ paths:
                           client_id: "mailcow_client"
                           client_secret: "*"
                           redirect_url: "https://mail.mailcow.tld"
+                          redirect_url_extra: ["https://extramail.mailcow.tld"]
                           version: "26.1.3"
                           default_template: "Default"
                           mappers:
@@ -5900,6 +5901,9 @@ paths:
                     redirect_url:
                       description: The redirect URL that OIDC Provider will use after authentication. Required if `authsource` is keycloak or generic-oidc.
                       type: string
+                    redirect_url_extra:
+                      description: Additional redirect URLs that OIDC Provider can use after authentication if valid.
+                      type: array
                     version:
                       description: Specifies the Keycloak version. Required if `authsource` is keycloak.
                       type: string
@@ -5990,6 +5994,7 @@ paths:
                     client_id: "mailcow_client"
                     client_secret: "Xy7GdPqvJ9m3R8sT2LkVZ5W1oNbCaYQf"
                     redirect_url: "https://mail.mailcow.tld"
+                    redirect_url_extra: ["https://extramail.mailcow.tld"]
                     version: "26.1.3"
                     default_template: "Default"
                     mappers: ["small_mbox", "medium_mbox"]
@@ -6034,6 +6039,7 @@ paths:
                     client_id: "mailcow_client"
                     client_secret: "Xy7GdPqvJ9m3R8sT2LkVZ5W1oNbCaYQf"
                     redirect_url: "https://mail.mailcow.tld"
+                    redirect_url_extra: ["https://extramail.mailcow.tld"]
                     client_scopes: "openid profile email mailcow_template"
                     default_template: "Default"
                     mappers: ["small_mbox", "medium_mbox"]
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 49e26b978..5f9c772d0 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2286,6 +2286,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
       foreach($rows as $row){
         switch ($row["key"]) {
+          case "redirect_url_extra":
           case "mappers":
           case "templates":
             $settings[$row["key"]] = json_decode($row["value"]);
@@ -2418,6 +2419,18 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
       }
       $pdo->commit();
 
+      // add redirect_url_extra
+      if (isset($_data['redirect_url_extra'])){
+        $_data['redirect_url_extra'] = (!is_array($_data['redirect_url_extra'])) ? array($_data['redirect_url_extra']) : $_data['redirect_url_extra'];
+
+        $redirect_url_extra = array_filter($_data['redirect_url_extra']);
+        $redirect_url_extra = json_encode($redirect_url_extra);
+
+        $stmt = $pdo->prepare("INSERT INTO identity_provider (`key`, `value`) VALUES ('redirect_url_extra', :value) ON DUPLICATE KEY UPDATE `value` = VALUES(`value`);");
+        $stmt->bindParam(':value', $redirect_url_extra);
+        $stmt->execute();
+      }
+
       // add default template
       if (isset($_data['default_template'])) {
         $_data['default_template'] = (empty($_data['default_template'])) ? "" : $_data['default_template'];
@@ -2851,7 +2864,19 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
     case "get-redirect":
       if ($iam_settings['authsource'] != 'keycloak' && $iam_settings['authsource'] != 'generic-oidc')
         return false;
-      $authUrl = $iam_provider->getAuthorizationUrl();
+      $options = [];
+      if (isset($iam_settings['redirect_url_extra'])) {
+        // check if the current domain is used in an extra redirect URL
+        $targetDomain = strtolower($_SERVER['HTTP_HOST']);
+        foreach ($iam_settings['redirect_url_extra'] as $testUrl) {
+          $testUrlParsed = parse_url($testUrl);
+          if (isset($testUrlParsed['host']) && strtolower($testUrlParsed['host']) == $targetDomain) {
+            $options['redirect_uri'] = $testUrl;
+            break;
+          }
+        }
+      }
+      $authUrl = $iam_provider->getAuthorizationUrl($options);
       $_SESSION['oauth2state'] = $iam_provider->getState();
       return $authUrl;
     break;
diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index b6edf6f80..cf1efd823 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -789,6 +789,18 @@ jQuery(function($){
   $('.iam_ldap_rolemap_del').click(async function(e){
     deleteAttributeMappingRow(this, e);
   });
+  $('.iam_redirect_add_keycloak').click(async function(e){
+    addRedirectUrlRow('#iam_keycloak_redirect_list', '.iam_keycloak_redirect_del', e);
+  });
+  $('.iam_redirect_add_generic').click(async function(e){
+    addRedirectUrlRow('#iam_generic_redirect_list', '.iam_generic_redirect_del', e);
+  });
+  $('.iam_keycloak_redirect_del').click(async function(e){
+    deleteRedirectUrlRow(this, e);
+  });
+  $('.iam_generic_redirect_del').click(async function(e){
+    deleteRedirectUrlRow(this, e);
+  });
   // selecting identity provider
   $('#iam_provider').on('change', function(){
     // toggle password fields
@@ -833,4 +845,22 @@ jQuery(function($){
     if ($(elem).parent().parent().parent().parent().children().length > 1)
       $(elem).parent().parent().parent().remove();
   }
+  function addRedirectUrlRow(list_id, del_class, e) {
+    e.preventDefault();
+
+    var parent = $(list_id)
+    $(parent).children().last().clone().appendTo(parent);
+    var newChild = $(parent).children().last();
+    $(newChild).find('input').val('');
+
+    $(del_class).off('click');
+    $(del_class).click(async function(e){
+      deleteRedirectUrlRow(this, e);
+    });
+  }
+  function deleteRedirectUrlRow(elem, e) {
+    e.preventDefault();
+    if ($(elem).parent().parent().parent().parent().children().length > 2)
+      $(elem).parent().parent().parent().remove();
+  }
 });
diff --git a/data/web/templates/admin/tab-config-identity-provider.twig b/data/web/templates/admin/tab-config-identity-provider.twig
index dce26f8c3..a93002257 100644
--- a/data/web/templates/admin/tab-config-identity-provider.twig
+++ b/data/web/templates/admin/tab-config-identity-provider.twig
@@ -64,10 +64,42 @@
           </div>
           <div class="row mb-2">
             <div class="col-md-3 d-flex align-items-center justify-content-md-end">
-              <label class="control-label" for="iam_keycloak_redirecturl">{{ lang.admin.iam_redirect_url }}:</label>
+              <label class="control-label">{{ lang.admin.iam_redirect_url }}:</label>
             </div>
             <div class="col-12 col-md-9 col-lg-4">
-              <input type="text" class="form-control" id="iam_keycloak_redirecturl" name="redirect_url" value="{{ iam_settings.redirect_url }}" required>
+              <div class="row px-2 align-items-center">
+                <span class="col-10 p-0 pe-2">
+                  <input type="text" class="form-control"  name="redirect_url" value="{{ iam_settings.redirect_url }}" required>
+                </span>
+                <div class="col-2 p-0 d-flex">
+                  <button class="btn btn-sm d-block d-sm-inline btn-secondary ms-auto iam_redirect_add_keycloak"><i class="bi bi-plus-lg"></i></button>
+                </div>
+              </div>
+            </div>
+          </div>
+          <div class="row mb-2" id="iam_keycloak_redirect_list">
+            <input type="hidden" name="redirect_url_extra" value="">
+            {% for key, url in iam_settings.redirect_url_extra %}
+            <div class="offset-md-3 col-12 col-md-9 col-lg-4 mb-2">
+              <div class="row px-2">
+                <div class="col-10 p-0 pe-2">
+                  <input type="text" class="form-control me-2" name="redirect_url_extra" value="{{ iam_settings.redirect_url_extra[key] }}">
+                </div>
+                <div class="col-2 p-0 d-flex">
+                  <button class="iam_keycloak_redirect_del btn btn-sm d-block d-sm-inline btn-secondary ms-auto"><i class="bi bi-x-lg"></i></button>
+                </div>
+              </div>
+            </div>
+            {% endfor %}
+            <div class="offset-md-3 col-12 col-md-9 col-lg-4 mb-2">
+              <div class="row px-2">
+                <div class="col-10 p-0 pe-2">
+                  <input type="text" class="form-control me-2" name="redirect_url_extra" value="">
+                </div>
+                <div class="col-2 p-0 d-flex">
+                  <button class="iam_keycloak_redirect_del btn btn-sm d-block d-sm-inline btn-secondary ms-auto"><i class="bi bi-x-lg"></i></button>
+                </div>
+              </div>
             </div>
           </div>
           <div class="row mb-4">
@@ -274,10 +306,42 @@
           </div>
           <div class="row mb-2">
             <div class="col-md-3 d-flex align-items-center justify-content-md-end">
-              <label class="control-label" for="iam_redirect_url">{{ lang.admin.iam_redirect_url }}:</label>
+              <label class="control-label">{{ lang.admin.iam_redirect_url }}:</label>
             </div>
             <div class="col-12 col-md-9 col-lg-4">
-              <input type="text" class="form-control" id="iam_redirect_url" name="redirect_url" value="{{ iam_settings.redirect_url }}" required>
+              <div class="row px-2 align-items-center">
+                <span class="col-10 p-0 pe-2">
+                  <input type="text" class="form-control" name="redirect_url" value="{{ iam_settings.redirect_url }}" required>
+                </span>
+                <div class="col-2 p-0 d-flex">
+                  <button class="btn btn-sm d-block d-sm-inline btn-secondary ms-auto iam_redirect_add_generic"><i class="bi bi-plus-lg"></i></button>
+                </div>
+              </div>
+            </div>
+          </div>
+          <div class="row mb-2" id="iam_generic_redirect_list">
+            <input type="hidden" name="redirect_url_extra" value="">
+            {% for key, url in iam_settings.redirect_url_extra %}
+            <div class="offset-md-3 col-12 col-md-9 col-lg-4 mb-2">
+              <div class="row px-2">
+                <div class="col-10 p-0 pe-2">
+                  <input type="text" class="form-control me-2" name="redirect_url_extra" value="{{ iam_settings.redirect_url_extra[key] }}">
+                </div>
+                <div class="col-2 p-0 d-flex">
+                  <button class="iam_generic_redirect_del btn btn-sm d-block d-sm-inline btn-secondary ms-auto"><i class="bi bi-x-lg"></i></button>
+                </div>
+              </div>
+            </div>
+            {% endfor %}
+            <div class="offset-md-3 col-12 col-md-9 col-lg-4 mb-2">
+              <div class="row px-2">
+                <div class="col-10 p-0 pe-2">
+                  <input type="text" class="form-control me-2" name="redirect_url_extra" value="">
+                </div>
+                <div class="col-2 p-0 d-flex">
+                  <button class="iam_generic_redirect_del btn btn-sm d-block d-sm-inline btn-secondary ms-auto"><i class="bi bi-x-lg"></i></button>
+                </div>
+              </div>
             </div>
           </div>
           <div class="row mb-4">

From 0d3e8dd73896dfe87a4a652f56a37a74df28bdc6 Mon Sep 17 00:00:00 2001
From: Habetdin <15926758+Habetdin@users.noreply.github.com>
Date: Sun, 13 Apr 2025 16:09:47 +0300
Subject: [PATCH 561/755] Update legacy admin dashboard links

---
 data/web/autoconfig.php   | 2 +-
 data/web/js/site/admin.js | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/data/web/autoconfig.php b/data/web/autoconfig.php
index 95952df0d..6a528d4a2 100644
--- a/data/web/autoconfig.php
+++ b/data/web/autoconfig.php
@@ -85,7 +85,7 @@ if (count($records) == 0 || $records[0]['target'] != '') { ?>
          <authentication>password-cleartext</authentication>
       </outgoingServer>
 
-      <enable visiturl="https://<?=$mailcow_hostname; ?><?php if ($port != 443) echo ':'.$port; ?>/admin.php">
+      <enable visiturl="https://<?=$mailcow_hostname; ?><?php if ($port != 443) echo ':'.$port; ?>/admin">
          <instruction>If you didn't change the password given to you by the administrator or if you didn't change it in a long time, please consider doing that now.</instruction>
          <instruction lang="de">Sollten Sie das Ihnen durch den Administrator vergebene Passwort noch nicht geändert haben, empfehlen wir dies nun zu tun. Auch ein altes Passwort sollte aus Sicherheitsgründen geändert werden.</instruction>
       </enable>
diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index b6edf6f80..0195a9c3c 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -558,7 +558,7 @@ jQuery(function($){
     } else if (table == 'oauth2clientstable') {
       $.each(data, function (i, item) {
         item.action = '<div class="btn-group">' +
-          '<a href="/edit.php?oauth2client=' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-lg btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+          '<a href="/edit/oauth2client/' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-lg btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
           '<a href="#" data-action="delete_selected" data-id="single-oauth2-client" data-api-url="delete/oauth2-client" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-lg btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
           '</div>';
         item.scope = "profile";
@@ -573,7 +573,7 @@ jQuery(function($){
         item.action = '<div class="btn-group">' +
           '<a href="/edit/domainadmin/' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-lg btn-xs-third btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
           '<a href="#" data-action="delete_selected" data-id="single-domain-admin" data-api-url="delete/domain-admin" data-item="' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-lg btn-xs-third btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-          '<a href="/index.php?duallogin=' + encodeURIComponent(item.username) + '" class="btn btn-xs btn-xs-lg btn-xs-third btn-success"><i class="bi bi-person-fill"></i> Login</a>' +
+          '<a href="/domainadmin/?duallogin=' + encodeURIComponent(item.username) + '" class="btn btn-xs btn-xs-lg btn-xs-third btn-success"><i class="bi bi-person-fill"></i> Login</a>' +
           '</div>';
       });
     } else if (table == 'adminstable') {

From c4d0f35008b9dfa1f8f2e87e55d308cc220bf181 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 15 Apr 2025 10:49:56 +0200
Subject: [PATCH 562/755] [Dovecot] Fix EAS login and improve logging

---
 data/conf/dovecot/auth/mailcowauth.php   |  2 +-
 data/conf/dovecot/auth/passwd-verify.lua | 11 +++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/data/conf/dovecot/auth/mailcowauth.php b/data/conf/dovecot/auth/mailcowauth.php
index 4eda382b7..c625522ba 100644
--- a/data/conf/dovecot/auth/mailcowauth.php
+++ b/data/conf/dovecot/auth/mailcowauth.php
@@ -80,7 +80,7 @@ if ($isSOGoRequest) {
 }
 if ($result === false){
   // If it's a SOGo Request, don't check for protocol access
-  $service = (isSOGoRequest) ? false : array($post['service'] => true);
+  $service = ($isSOGoRequest) ? false : array($post['service'] => true);
   $result = apppass_login($post['username'], $post['password'], $service, array(
     'is_internal' => true,
     'remote_addr' => $post['real_rip']
diff --git a/data/conf/dovecot/auth/passwd-verify.lua b/data/conf/dovecot/auth/passwd-verify.lua
index 19dcc4bd6..b8843c996 100644
--- a/data/conf/dovecot/auth/passwd-verify.lua
+++ b/data/conf/dovecot/auth/passwd-verify.lua
@@ -34,8 +34,15 @@ function auth_password_verify(request, password)
     return dovecot.auth.PASSDB_RESULT_INTERNAL_FAILURE, "Upstream error"
   end
 
-  local api_response = json.decode(table.concat(res))
-  if api_response.success == true then
+  local response_str = table.concat(res)
+  local is_response_valid, response_json = pcall(json.decode, response_str)
+
+  if not is_response_valid then
+    dovecot.i_info("Invalid JSON received: " .. response_str)
+    return dovecot.auth.PASSDB_RESULT_INTERNAL_FAILURE, "Invalid response format"
+  end
+
+  if response_json.success == true then
     return dovecot.auth.PASSDB_RESULT_OK, ""
   end
 

From cb47fa406f10ce929543e3e918c11b985a500ab2 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 15 Apr 2025 13:48:13 +0200
Subject: [PATCH 563/755] [Web] Fix force password update at next login

---
 data/web/inc/functions.auth.inc.php | 14 ++++++++++++++
 data/web/inc/functions.inc.php      |  1 +
 data/web/inc/triggers.user.inc.php  |  8 ++++++--
 data/web/sogo-auth.php              |  3 ++-
 4 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 994915efc..57dec808d 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -242,6 +242,7 @@ function user_login($user, $pass, $extra = null){
     return false;
   }
 
+  $row['attributes'] = json_decode($row['attributes'], true);
   switch ($row['authsource']) {
     case 'keycloak':
       // user authsource is keycloak, try using via rest flow
@@ -261,6 +262,10 @@ function user_login($user, $pass, $extra = null){
             return false;
           }
 
+          if (intval($row['attributes']['force_pw_update']) == 1) {
+            $_SESSION['pending_pw_update'] = true;
+          }
+
           // check for tfa authenticators
           $authenticators = get_tfa($user);
           if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$is_internal) {
@@ -313,6 +318,10 @@ function user_login($user, $pass, $extra = null){
           return false;
         }
 
+        if (intval($row['attributes']['force_pw_update']) == 1) {
+          $_SESSION['pending_pw_update'] = true;
+        }
+
         // check for tfa authenticators
         $authenticators = get_tfa($user);
         if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$is_internal) {
@@ -351,6 +360,11 @@ function user_login($user, $pass, $extra = null){
       }
       // verify password
       if (verify_hash($row['password'], $pass) !== false) {
+
+        if (intval($row['attributes']['force_pw_update']) == 1) {
+          $_SESSION['pending_pw_update'] = true;
+        }
+
         // check for tfa authenticators
         $authenticators = get_tfa($user);
         if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$is_internal) {
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 49e26b978..334b99e64 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1001,6 +1001,7 @@ function edit_user_account($_data) {
       ':password_hashed' => $password_hashed,
       ':username' => $username
     ));
+    $_SESSION['pending_pw_update'] = false;
 
     update_sogo_static_view();
   }
diff --git a/data/web/inc/triggers.user.inc.php b/data/web/inc/triggers.user.inc.php
index 33eb83e7b..30bf0fe64 100644
--- a/data/web/inc/triggers.user.inc.php
+++ b/data/web/inc/triggers.user.inc.php
@@ -76,7 +76,9 @@ if (isset($_POST["verify_tfa_login"])) {
 
         $user_details = mailbox("get", "mailbox_details", $_SESSION['mailcow_cc_username']);
         $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
-        if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual) {
+        if (intval($user_details['attributes']['sogo_access']) == 1 &&
+            intval($user_details['attributes']['force_pw_update']) != 1 &&
+            !$is_dual) {
           header("Location: /SOGo/so/{$_SESSION['mailcow_cc_username']}");
           die();
         } else {
@@ -139,7 +141,9 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
 
     $user_details = mailbox("get", "mailbox_details", $login_user);
     $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
-    if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual) {
+    if (intval($user_details['attributes']['sogo_access']) == 1 &&
+        intval($user_details['attributes']['force_pw_update']) != 1 &&
+        !$is_dual) {
       header("Location: /SOGo/so/{$login_user}");
       die();
     } else {
diff --git a/data/web/sogo-auth.php b/data/web/sogo-auth.php
index 5e0f3c39b..00709fe5f 100644
--- a/data/web/sogo-auth.php
+++ b/data/web/sogo-auth.php
@@ -94,7 +94,8 @@ elseif (isset($_SERVER['HTTP_X_ORIGINAL_URI']) && strcasecmp(substr($_SERVER['HT
         !empty($email) &&
         filter_var($email, FILTER_VALIDATE_EMAIL) &&
         is_array($_SESSION[$session_var_user_allowed]) &&
-        in_array($email, $_SESSION[$session_var_user_allowed])
+        in_array($email, $_SESSION[$session_var_user_allowed]) &&
+        !$_SESSION['pending_pw_update']
     ) {
       $username = $email;
       $password = file_get_contents("/etc/sogo-sso/sogo-sso.pass");

From d8c6ed919144b0b97eaa9a329fe3366a04c422e7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20K=C3=BChn?= <Andreas.Kuehn@diekuehnen.com>
Date: Tue, 22 Apr 2025 14:23:33 +0200
Subject: [PATCH 564/755] Check if skip_sogo is not set before redirecting to
 SOGo

---
 data/web/inc/triggers.user.inc.php | 4 ++--
 data/web/index.php                 | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/data/web/inc/triggers.user.inc.php b/data/web/inc/triggers.user.inc.php
index 33eb83e7b..07dc0372e 100644
--- a/data/web/inc/triggers.user.inc.php
+++ b/data/web/inc/triggers.user.inc.php
@@ -76,7 +76,7 @@ if (isset($_POST["verify_tfa_login"])) {
 
         $user_details = mailbox("get", "mailbox_details", $_SESSION['mailcow_cc_username']);
         $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
-        if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual) {
+        if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual && getenv('SKIP_SOGO') != "y") {
           header("Location: /SOGo/so/{$_SESSION['mailcow_cc_username']}");
           die();
         } else {
@@ -139,7 +139,7 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
 
     $user_details = mailbox("get", "mailbox_details", $login_user);
     $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
-    if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual) {
+    if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual && getenv('SKIP_SOGO') != "y") {
       header("Location: /SOGo/so/{$login_user}");
       die();
     } else {
diff --git a/data/web/index.php b/data/web/index.php
index 1e91cb785..f306f1aed 100644
--- a/data/web/index.php
+++ b/data/web/index.php
@@ -11,7 +11,7 @@ if (isset($_SESSION['mailcow_cc_role']) && isset($_SESSION['oauth2_request'])) {
 elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
   $user_details = mailbox("get", "mailbox_details", $_SESSION['mailcow_cc_username']);
   $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
-  if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual) {
+  if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual && getenv('SKIP_SOGO') != "y") {
     header("Location: /SOGo/so/{$_SESSION['mailcow_cc_username']}");
   } else {
     header("Location: /user");

From aa4125fe62d3a0e7ebfe5899ab614fb9f3ba01ec Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 23 Apr 2025 15:13:52 +0200
Subject: [PATCH 565/755] sogo: enabled SOGoEnableMailCleaning per default

---
 data/conf/sogo/sogo.conf | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/data/conf/sogo/sogo.conf b/data/conf/sogo/sogo.conf
index 8455f0cf3..2c8d80a12 100644
--- a/data/conf/sogo/sogo.conf
+++ b/data/conf/sogo/sogo.conf
@@ -16,6 +16,9 @@
     SOGoFoldersSendEMailNotifications = YES;
     SOGoForwardEnabled = YES;
 
+    // Added with SOGo 5.12 - Allows users to cleanup there maildirectories by deleting mails oder than X
+    SOGoEnableMailCleaning = YES;
+
     // Fixes "MODIFICATION_FAILED" error (HTTP 412) in Clients when accepting invitations from external services
     SOGoDisableOrganizerEventCheck = YES;
 
@@ -91,7 +94,7 @@
   //SoDebugBaseURL = YES;
   //ImapDebugEnabled = YES;
   //SOGoEASDebugEnabled = YES;
-  SOGoEASSearchInBody = YES; // Experimental. Enabled since 2023-10
+  SOGoEASSearchInBody = YES;
   //LDAPDebugEnabled = YES;
   //PGDebugEnabled = YES;
   //MySQL4DebugEnabled = YES;

From 06b3ba91a045330daaa786203c897c4df7174653 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sun, 27 Apr 2025 18:47:08 +0200
Subject: [PATCH 566/755] [Web] Updated lang.zh-cn.json (#6502)

Co-authored-by: Easton Man <me@eastonman.com>
---
 data/web/lang/lang.zh-cn.json | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index f9bb481da..486e8dcc3 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -108,7 +108,8 @@
         "timeout2": "本地主机连接超时时间",
         "username": "用户名",
         "validate": "验证",
-        "validation_success": "验证成功"
+        "validation_success": "验证成功",
+        "dry": "模拟同步（Dry run）"
     },
     "admin": {
         "access": "权限管理",
@@ -994,7 +995,7 @@
         "neutral_danger": "无危险等级",
         "notified": "已发送通知",
         "qhandler_success": "已成功向系统发送请求，现在你可以关闭这个窗口了。",
-        "qid": "Rspamd QID",
+        "qid": "Rspamd 队列ID（QID）",
         "qinfo": "隔离系统会把已被拒绝接收的邮件以及作为拷贝发送到垃圾箱的邮件保存到数据库中 (发件人<em>不</em>会知道)。\r\n  <br>\"学习为垃圾并删除\" 会根据贝叶斯定理将消息作为垃圾学习并计算其模糊特征以拒绝未来收到相似消息。\r\n  <br>请注意，这取决于你的系统资源，学习多个消息可能会花费较长时间。<br>黑名单中项目会被隔离系统排除。",
         "qitem": "隔离项目",
         "quarantine": "隔离",

From d55f0fc36618a41ae68a9475826d003ee11a89e7 Mon Sep 17 00:00:00 2001
From: Marcel Schuster <mrclschstr@users.noreply.github.com>
Date: Tue, 29 Apr 2025 22:14:43 +0200
Subject: [PATCH 567/755] Update functions.quarantine.inc.php

Fix regex for quarantine release functions
---
 data/web/inc/functions.quarantine.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/inc/functions.quarantine.inc.php b/data/web/inc/functions.quarantine.inc.php
index f4f49de49..39606f271 100644
--- a/data/web/inc/functions.quarantine.inc.php
+++ b/data/web/inc/functions.quarantine.inc.php
@@ -169,7 +169,7 @@ function quarantine($_action, $_data = null) {
           }
         }
         elseif ($release_format == 'raw') {
-          $detail_row['msg'] = preg_replace('/^X-Spam-Flag: (.*)/', 'X-Pre-Release-Spam-Flag $1', $detail_row['msg']);
+          $detail_row['msg'] = preg_replace('/^X-Spam-Flag: (.*)/m', 'X-Pre-Release-Spam-Flag: $1', $detail_row['msg']);
           $postfix_talk = array(
             array('220', 'HELO quarantine' . chr(10)),
             array('250', 'MAIL FROM: ' . $sender . chr(10)),
@@ -464,7 +464,7 @@ function quarantine($_action, $_data = null) {
             }
           }
           elseif ($release_format == 'raw') {
-            $row['msg'] = preg_replace('/^X-Spam-Flag: (.*)/', 'X-Pre-Release-Spam-Flag $1', $row['msg']);
+            $row['msg'] = preg_replace('/^X-Spam-Flag: (.*)/m', 'X-Pre-Release-Spam-Flag: $1', $row['msg']);
             $postfix_talk = array(
               array('220', 'HELO quarantine' . chr(10)),
               array('250', 'MAIL FROM: ' . $sender . chr(10)),

From 0c83255573914e91a047e6238c69e8cc9a480e8f Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Thu, 1 May 2025 00:21:11 +0000
Subject: [PATCH 568/755] update postscreen_access.cidr

---
 data/conf/postfix/postscreen_access.cidr | 99 +++++++++++-------------
 1 file changed, 45 insertions(+), 54 deletions(-)

diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr
index 36c7e9fca..10c609097 100644
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@@ -1,6 +1,6 @@
-# Whitelist generated by Postwhite v3.4 on Tue Apr  1 00:20:51 UTC 2025
+# Whitelist generated by Postwhite v3.4 on Thu May  1 00:21:10 UTC 2025
 # https://github.com/stevejenkins/postwhite/
-# 2067 total rules
+# 2058 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
 2a01:111:f403:8000::/50	permit
@@ -18,6 +18,7 @@
 2a02:a60:0:5::/64	permit
 2c0f:fb50:4000::/36	permit
 2.207.151.53	permit
+2.207.217.30	permit
 3.70.123.177	permit
 3.93.157.0/24	permit
 3.94.40.108	permit
@@ -26,10 +27,8 @@
 8.20.114.31	permit
 8.25.194.0/23	permit
 8.25.196.0/23	permit
-8.39.54.0/23	permit
-8.39.54.250/31	permit
-8.40.222.0/23	permit
-8.40.222.250/31	permit
+8.36.116.0/24	permit
+8.39.144.0/24	permit
 12.130.86.238	permit
 13.107.246.59	permit
 13.110.208.0/21	permit
@@ -103,6 +102,7 @@
 27.123.206.80/28	permit
 31.25.48.222	permit
 31.47.251.17	permit
+31.186.239.0/24	permit
 34.2.64.0/22	permit
 34.2.68.0/23	permit
 34.2.70.0/23	permit
@@ -121,6 +121,10 @@
 34.2.90.0/23	permit
 34.2.92.0/23	permit
 34.2.94.0/23	permit
+34.70.158.162	permit
+34.74.74.140	permit
+34.83.159.189	permit
+34.141.160.224	permit
 34.195.217.107	permit
 34.212.163.75	permit
 34.215.104.144	permit
@@ -132,6 +136,7 @@
 35.190.247.0/24	permit
 35.191.0.0/16	permit
 35.205.92.9	permit
+35.228.216.85	permit
 35.242.169.159	permit
 37.188.97.188	permit
 37.218.248.47	permit
@@ -233,6 +238,7 @@
 52.95.49.88/29	permit
 52.96.91.34	permit
 52.96.111.82	permit
+52.96.172.98	permit
 52.96.214.50	permit
 52.96.222.194	permit
 52.96.222.226	permit
@@ -272,7 +278,6 @@
 54.244.54.130	permit
 54.244.242.0/24	permit
 54.255.61.23	permit
-56.124.6.228	permit
 57.103.64.0/18	permit
 62.13.128.0/24	permit
 62.13.129.128/25	permit
@@ -309,9 +314,6 @@
 64.207.219.13	permit
 64.207.219.14	permit
 64.207.219.15	permit
-64.207.219.24	permit
-64.207.219.25	permit
-64.207.219.26	permit
 64.207.219.71	permit
 64.207.219.72	permit
 64.207.219.73	permit
@@ -321,9 +323,6 @@
 64.207.219.77	permit
 64.207.219.78	permit
 64.207.219.79	permit
-64.207.219.88	permit
-64.207.219.89	permit
-64.207.219.90	permit
 64.207.219.135	permit
 64.207.219.136	permit
 64.207.219.137	permit
@@ -359,7 +358,6 @@
 65.110.161.77	permit
 65.123.29.213	permit
 65.123.29.220	permit
-65.154.166.0/24	permit
 65.212.180.36	permit
 66.102.0.0/20	permit
 66.119.150.192/26	permit
@@ -1323,9 +1321,6 @@
 117.120.16.0/21	permit
 119.42.242.52/31	permit
 119.42.242.156	permit
-121.244.91.48	permit
-121.244.91.52	permit
-122.15.156.182	permit
 123.126.78.64/29	permit
 124.108.96.24/31	permit
 124.108.96.28/31	permit
@@ -1388,21 +1383,7 @@
 134.170.141.64/26	permit
 134.170.143.0/24	permit
 134.170.174.0/24	permit
-135.84.80.0/24	permit
-135.84.81.0/24	permit
-135.84.82.0/24	permit
-135.84.83.0/24	permit
 135.84.216.0/22	permit
-136.143.160.0/24	permit
-136.143.161.0/24	permit
-136.143.162.0/24	permit
-136.143.176.0/24	permit
-136.143.177.0/24	permit
-136.143.178.49	permit
-136.143.182.0/23	permit
-136.143.184.0/24	permit
-136.143.188.0/24	permit
-136.143.190.0/23	permit
 136.147.128.0/20	permit
 136.147.135.0/24	permit
 136.147.176.0/20	permit
@@ -1417,7 +1398,6 @@
 139.138.46.219	permit
 139.138.57.55	permit
 139.138.58.119	permit
-139.167.79.86	permit
 139.180.17.0/24	permit
 140.238.148.191	permit
 141.148.159.229	permit
@@ -1452,6 +1432,7 @@
 146.20.215.0/24	permit
 146.20.215.182	permit
 146.88.28.0/24	permit
+146.148.116.76	permit
 147.154.32.0/25	permit
 147.243.1.47	permit
 147.243.1.48	permit
@@ -1533,11 +1514,10 @@
 163.114.132.120	permit
 163.114.134.16	permit
 163.114.135.16	permit
+163.116.128.0/17	permit
 164.152.23.32	permit
+164.152.25.241	permit
 164.177.132.168/30	permit
-165.173.128.0/24	permit
-165.173.180.250/31	permit
-165.173.182.250/31	permit
 166.78.68.0/22	permit
 166.78.68.221	permit
 166.78.69.169	permit
@@ -1566,12 +1546,6 @@
 168.245.12.252	permit
 168.245.46.9	permit
 168.245.127.231	permit
-169.148.129.0/24	permit
-169.148.131.0/24	permit
-169.148.142.10	permit
-169.148.144.0/25	permit
-169.148.144.10	permit
-169.148.146.0/23	permit
 170.10.128.0/24	permit
 170.10.129.0/24	permit
 170.10.132.56/29	permit
@@ -1697,6 +1671,21 @@
 193.123.56.63	permit
 194.19.134.0/25	permit
 194.64.234.129	permit
+194.97.196.0/24	permit
+194.97.196.3	permit
+194.97.196.4	permit
+194.97.196.11	permit
+194.97.196.12	permit
+194.97.204.0/24	permit
+194.97.204.3	permit
+194.97.204.4	permit
+194.97.204.11	permit
+194.97.204.12	permit
+194.97.212.0/24	permit
+194.97.212.3	permit
+194.97.212.4	permit
+194.97.212.11	permit
+194.97.212.12	permit
 194.106.220.0/23	permit
 194.113.24.0/22	permit
 194.154.193.192/27	permit
@@ -1733,15 +1722,7 @@
 199.16.156.0/22	permit
 199.33.145.1	permit
 199.33.145.32	permit
-199.34.22.36	permit
 199.59.148.0/22	permit
-199.67.80.2	permit
-199.67.80.20	permit
-199.67.82.2	permit
-199.67.82.20	permit
-199.67.84.0/24	permit
-199.67.86.0/24	permit
-199.67.88.0/24	permit
 199.101.161.130	permit
 199.101.162.0/25	permit
 199.122.120.0/21	permit
@@ -1798,8 +1779,6 @@
 204.92.114.187	permit
 204.92.114.203	permit
 204.92.114.204/31	permit
-204.141.32.0/23	permit
-204.141.42.0/23	permit
 204.220.160.0/21	permit
 204.220.168.0/21	permit
 204.220.176.0/20	permit
@@ -2046,15 +2025,27 @@
 2001:0868:0100:0600::/64	permit
 2001:4860:4000::/36	permit
 2001:748:100:40::2:0/112	permit
+2001:748:400:1300::3	permit
+2001:748:400:1300::4	permit
+2001:748:400:1301::0/64	permit
+2001:748:400:1301::3	permit
+2001:748:400:1301::4	permit
+2001:748:400:2300::3	permit
+2001:748:400:2300::4	permit
+2001:748:400:2301::0/64	permit
+2001:748:400:2301::3	permit
+2001:748:400:2301::4	permit
+2001:748:400:3300::3	permit
+2001:748:400:3300::4	permit
+2001:748:400:3301::0/64	permit
+2001:748:400:3301::3	permit
+2001:748:400:3301::4	permit
 2404:6800:4000::/36	permit
 2603:1010:3:3::5b	permit
 2603:1020:201:10::10f	permit
 2603:1030:20e:3::23c	permit
 2603:1030:b:3::152	permit
 2603:1030:c02:8::14	permit
-2607:13c0:0001:0000:0000:0000:0000:7000/116	permit
-2607:13c0:0002:0000:0000:0000:0000:1000/116	permit
-2607:13c0:0004:0000:0000:0000:0000:0000/116	permit
 2607:f8b0:4000::/36	permit
 2620:109:c003:104::/64	permit
 2620:109:c003:104::215	permit

From 401b744808ff127b625001d8512d80d108d58a6a Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 8 May 2025 11:38:29 +0200
Subject: [PATCH 569/755] [Dovecot] return PASSDB_RESULT_PASSWORD_MISMATCH
 instead of PASSDB_RESULT_INTERNAL_FAILURE

---
 data/conf/dovecot/auth/passwd-verify.lua | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/data/conf/dovecot/auth/passwd-verify.lua b/data/conf/dovecot/auth/passwd-verify.lua
index b8843c996..ea847932d 100644
--- a/data/conf/dovecot/auth/passwd-verify.lua
+++ b/data/conf/dovecot/auth/passwd-verify.lua
@@ -29,9 +29,12 @@ function auth_password_verify(request, password)
     insecure = true
   }
 
+  -- Returning PASSDB_RESULT_PASSWORD_MISMATCH will reset the user's auth cache entry.
+  -- Returning PASSDB_RESULT_INTERNAL_FAILURE keeps the existing cache entry,
+  -- even if the TTL has expired. Useful to avoid cache eviction during backend issues.
   if c ~= 200 and c ~= 401 then
     dovecot.i_info("HTTP request failed with " .. c .. " for user " .. request.user)
-    return dovecot.auth.PASSDB_RESULT_INTERNAL_FAILURE, "Upstream error"
+    return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, "Upstream error"
   end
 
   local response_str = table.concat(res)
@@ -39,7 +42,7 @@ function auth_password_verify(request, password)
 
   if not is_response_valid then
     dovecot.i_info("Invalid JSON received: " .. response_str)
-    return dovecot.auth.PASSDB_RESULT_INTERNAL_FAILURE, "Invalid response format"
+    return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, "Invalid response format"
   end
 
   if response_json.success == true then

From cb6ffe65c8fb0ec4b96abfd45c352f89a52bf40b Mon Sep 17 00:00:00 2001
From: Kai Biebel <38378574+seclution@users.noreply.github.com>
Date: Fri, 9 May 2025 11:24:49 +0200
Subject: [PATCH 570/755] fix: typo in default_template

---
 data/web/inc/functions.auth.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 57dec808d..ec32e6610 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -669,8 +669,8 @@ function ldap_mbox_login($user, $pass, $extra = null){
 
   // check if matching attribute exist
   if (empty($iam_settings['mappers']) || !$user_template || $mapper_key === false) {
-    if (!empty($iam_settings['default_tempalte'])) {
-      $mbox_template = $iam_settings['default_tempalte'];
+    if (!empty($iam_settings['default_template'])) {
+      $mbox_template = $iam_settings['default_template'];
     } else {
       $_SESSION['return'][] =  array(
         'type' => 'danger',

From ea0944d743c0f261cea57693dd1da9970206e99c Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 9 May 2025 15:13:44 +0200
Subject: [PATCH 571/755] [Web] Add quick links to other login pages and option
 to disable mailcow login form

---
 data/web/admin/index.php                      |  3 +-
 data/web/admin/system.php                     |  1 +
 data/web/domainadmin/index.php                |  1 +
 data/web/inc/functions.customize.inc.php      | 43 +++++++++++++
 data/web/index.php                            |  8 ++-
 data/web/json_api.php                         |  3 +
 data/web/lang/lang.de-de.json                 | 12 ++++
 data/web/lang/lang.en-gb.json                 | 12 ++++
 .../templates/admin/tab-config-customize.twig | 36 ++++++++++-
 data/web/templates/admin_index.twig           | 43 ++++++++-----
 data/web/templates/domainadmin_index.twig     | 43 ++++++++-----
 data/web/templates/user_index.twig            | 60 ++++++++++++-------
 12 files changed, 206 insertions(+), 59 deletions(-)

diff --git a/data/web/admin/index.php b/data/web/admin/index.php
index 05ba70337..9ae4a0380 100644
--- a/data/web/admin/index.php
+++ b/data/web/admin/index.php
@@ -22,7 +22,8 @@ $_SESSION['index_query_string'] = $_SERVER['QUERY_STRING'];
 
 $template = 'admin_index.twig';
 $template_data = [
-  'login_delay' => @$_SESSION['ldelay']
+  'login_delay' => @$_SESSION['ldelay'],
+  'custom_login' => customize('get', 'custom_login'),
 ];
 
 $js_minifier->add('/web/js/site/index.js');
diff --git a/data/web/admin/system.php b/data/web/admin/system.php
index c21d43f0d..9fd44e0d8 100644
--- a/data/web/admin/system.php
+++ b/data/web/admin/system.php
@@ -125,6 +125,7 @@ $template_data = [
   'logo_specs' => customize('get', 'main_logo_specs'),
   'logo_dark_specs' => customize('get', 'main_logo_dark_specs'),
   'ip_check' => customize('get', 'ip_check'),
+  'custom_login' => customize('get', 'custom_login'),
   'password_complexity' => password_complexity('get'),
   'show_rspamd_global_filters' => @$_SESSION['show_rspamd_global_filters'],
   'cors_settings' => $cors_settings,
diff --git a/data/web/domainadmin/index.php b/data/web/domainadmin/index.php
index 2d909f97f..0d70ec3ae 100644
--- a/data/web/domainadmin/index.php
+++ b/data/web/domainadmin/index.php
@@ -22,6 +22,7 @@ $_SESSION['index_query_string'] = $_SERVER['QUERY_STRING'];
 $template = 'domainadmin_index.twig';
 $template_data = [
   'login_delay' => @$_SESSION['ldelay'],
+  'custom_login' => customize('get', 'custom_login'),
 ];
 
 $js_minifier->add('/web/js/site/index.js');
diff --git a/data/web/inc/functions.customize.inc.php b/data/web/inc/functions.customize.inc.php
index 8c0feb69f..dc86bfe65 100644
--- a/data/web/inc/functions.customize.inc.php
+++ b/data/web/inc/functions.customize.inc.php
@@ -204,6 +204,35 @@ function customize($_action, $_item, $_data = null) {
             'msg' => 'ip_check_opt_in_modified'
           );
         break;
+        case 'custom_login':
+          $hide_user_quicklink        = ($_data['hide_user_quicklink'] == "1") ? 1 : 0;
+          $hide_domainadmin_quicklink = ($_data['hide_domainadmin_quicklink'] == "1") ? 1 : 0;
+          $hide_admin_quicklink       = ($_data['hide_admin_quicklink'] == "1") ? 1 : 0;
+          $force_sso                  = ($_data['force_sso'] == "1") ? 1 : 0;
+
+          $custom_login = array(
+            "hide_user_quicklink" => $hide_user_quicklink,
+            "hide_domainadmin_quicklink" => $hide_domainadmin_quicklink,
+            "hide_admin_quicklink" => $hide_admin_quicklink,
+            "force_sso" => $force_sso,
+          );
+          try {
+            $redis->set('CUSTOM_LOGIN', json_encode($custom_login));
+          }
+          catch (RedisException $e) {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_item, $_data),
+              'msg' => array('redis_error', $e)
+            );
+            return false;
+          }
+          $_SESSION['return'][] = array(
+            'type' => 'success',
+            'log' => array(__FUNCTION__, $_action, $_item, $_data),
+            'msg' => 'custom_login_modified'
+          );
+        break;
       }
     break;
     case 'delete':
@@ -357,6 +386,20 @@ function customize($_action, $_item, $_data = null) {
             return false;
           }
         break;
+        case 'custom_login':
+          try {
+            $custom_login = ($custom_login = $redis->get('CUSTOM_LOGIN')) ? $custom_login : array();
+            return json_decode($custom_login, true);
+          }
+          catch (RedisException $e) {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_item, $_data),
+              'msg' => array('redis_error', $e)
+            );
+            return false;
+          }
+        break;
       }
     break;
   }
diff --git a/data/web/index.php b/data/web/index.php
index f306f1aed..d21e54364 100644
--- a/data/web/index.php
+++ b/data/web/index.php
@@ -33,16 +33,18 @@ $_SESSION['index_query_string'] = $_SERVER['QUERY_STRING'];
 
 $has_iam_sso = false;
 if ($iam_provider){
-  $has_iam_sso = identity_provider("get-redirect") ? true : false;
+  $iam_redirect_url = identity_provider("get-redirect");
+  $has_iam_sso = $iam_redirect_url ? true : false;
 }
-
+$custom_login = customize('get', 'custom_login');
 
 $template = 'user_index.twig';
 $template_data = [
   'oauth2_request' => @$_SESSION['oauth2_request'],
   'is_mobileconfig' => str_contains($_SESSION['index_query_string'], 'mobileconfig'),
   'login_delay' => @$_SESSION['ldelay'],
-  'has_iam_sso' => $has_iam_sso
+  'has_iam_sso' => $has_iam_sso,
+  'custom_login' => $custom_login,
 ];
 
 $js_minifier->add('/web/js/site/index.js');
diff --git a/data/web/json_api.php b/data/web/json_api.php
index f2a222b85..a480b0ae0 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -1976,6 +1976,9 @@ if (isset($_GET['query'])) {
         case "ip_check":
           process_edit_return(customize('edit', 'ip_check', $attr));
         break;
+        case "custom_login":
+          process_edit_return(customize('edit', 'custom_login', $attr));
+        break;
         case "self":
           if ($_SESSION['mailcow_cc_role'] == "domainadmin") {
             process_edit_return(domain_admin('edit', $attr));
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 911ebfc67..06d43b565 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -134,6 +134,7 @@
         "admin_domains": "Domain-Zuweisungen",
         "admins": "Administratoren",
         "admins_ldap": "LDAP-Administratoren",
+        "admin_quicklink": "Quicklink zur Admin-Loginseite ausblenden",
         "advanced_settings": "Erweiterte Einstellungen",
         "api_allow_from": "IP-Adressen oder Netzwerke (CIDR Notation) für Zugriff auf API",
         "api_info": "Die API befindet sich noch in Entwicklung, die Dokumentation kann unter <a href=\"/api\">/api</a> abgerufen werden.",
@@ -155,6 +156,7 @@
         "credentials_transport_warning": "<b>Warnung</b>: Das Hinzufügen einer neuen Regel bewirkt die Aktualisierung der Authentifizierungsdaten aller vorhandenen Einträge mit identischem Next Hop.",
         "customer_id": "Kunde",
         "customize": "UI-Anpassung",
+        "login_page": "Login-Seite",
         "destination": "Ziel",
         "dkim_add_key": "ARC/DKIM-Key hinzufügen",
         "dkim_domains_selector": "Selector",
@@ -173,6 +175,7 @@
         "domain": "Domain",
         "domain_admin": "Administrator hinzufügen",
         "domain_admins": "Domain-Administratoren",
+        "domainadmin_quicklink": "Quicklink zur Domainadmin-Loginseite ausblenden",
         "domain_s": "Domain(s)",
         "duplicate": "Duplizieren",
         "duplicate_dkim": "DKIM duplizieren",
@@ -195,6 +198,8 @@
         "f2b_retry_window": "Wiederholungen im Zeitraum von (s)",
         "f2b_whitelist": "Whitelist für Netzwerke und Hosts",
         "filter_table": "Tabelle filtern",
+        "force_sso_text": "Wenn ein externer OIDC-Provider konfiguriert ist, blendet diese Option die mailcow Loginform aus und zeigt nur den Single Sign-On-Button an.",
+        "force_sso": "mailcow Login deaktivieren und nur Single Sign-On anzeigen",
         "forwarding_hosts": "Weiterleitungs-Hosts",
         "forwarding_hosts_add_hint": "Sie können entweder IPv4-/IPv6-Adressen, Netzwerke in CIDR-Notation, Hostnamen (die zu IP-Adressen aufgelöst werden), oder Domainnamen (die zu IP-Adressen aufgelöst werden, indem ihr SPF-Record abgefragt wird oder, in dessen Abwesenheit, ihre MX-Records) angeben.",
         "forwarding_hosts_hint": "Eingehende Nachrichten werden von den hier gelisteten Hosts bedingungslos akzeptiert. Diese Hosts werden dann nicht mit DNSBLs abgeglichen oder Greylisting unterworfen. Von ihnen empfangener Spam wird nie abgelehnt, optional kann er aber in den Spam-Ordner einsortiert werden. Die übliche Verwendung für diese Funktion ist, um Mailserver anzugeben, auf denen eine Weiterleitung zu Ihrem mailcow-Server eingerichtet wurde.",
@@ -308,6 +313,7 @@
         "quarantine_release_format_att": "Als Anhang",
         "quarantine_release_format_raw": "Unverändertes Original",
         "quarantine_retention_size": "Rückhaltungen pro Mailbox:<br><small>0 bedeutet <b>inaktiv</b>.</small>",
+        "quicklink_text": "Quicklinks zu anderen Login-Seiten unter der Loginform ein- oder ausblenden",
         "quota_notification_html": "Benachrichtigungs-E-Mail Inhalt:<br><small>Leer lassen, um Standard-Template wiederherzustellen.</small>",
         "quota_notification_sender": "Benachrichtigungs-E-Mail Absender",
         "quota_notification_subject": "Benachrichtigungs-E-Mail Betreff",
@@ -387,6 +393,7 @@
         "unchanged_if_empty": "Unverändert, wenn leer",
         "upload": "Hochladen",
         "username": "Benutzername",
+        "user_quicklink": "Quicklink zur Benutzer-Loginseite ausblenden",
         "validate_license_now": "GUID erneut verifizieren",
         "verify": "Verifizieren",
         "yes": "&#10003;",
@@ -807,6 +814,10 @@
         "forgot_password": "> Passwort vergessen?",
         "invalid_pass_reset_token": "Der Rücksetz-Token für das Passwort ist ungültig oder abgelaufen.<br>Bitte fordern Sie einen neuen Link zur Passwortwiederherstellung an.",
         "login": "Anmelden",
+        "login_linkstext": "Nicht der richtige Login?",
+        "login_usertext": "Als Benutzer anmelden",
+        "login_domainadmintext": "Als Domainadmin anmelden",
+        "login_admintext": "Als Admin anmelden",
         "login_user": "Anmeldung als Benutzer",
         "login_dadmin": "Anmeldung als Domain-Administrator",
         "login_admin": "Anmeldung als Administrator",
@@ -1096,6 +1107,7 @@
         "bcc_edited": "BCC-Map-Eintrag %s wurde geändert",
         "bcc_saved": "BCC- Map-Eintrag wurde gespeichert",
         "cors_headers_edited": "CORS Einstellungen wurden erfolgreich gespeichert",
+        "custom_login_modified": "Login Anpassung wurde erfolgreich gespeichert",
         "db_init_complete": "Datenbankinitialisierung abgeschlossen",
         "delete_filter": "Filter-ID %s wurde gelöscht",
         "delete_filters": "Filter gelöscht: %s",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index ca8bb3adf..707e2a60e 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -134,6 +134,7 @@
         "admin_domains": "Domain assignments",
         "admins": "Administrators",
         "admins_ldap": "LDAP Administrators",
+        "admin_quicklink": "Hide Quicklink to Admin Login Page",
         "advanced_settings": "Advanced settings",
         "allowed_methods": "Access-Control-Allow-Methods",
         "allowed_origins": "Access-Control-Allow-Origin",
@@ -161,6 +162,7 @@
         "credentials_transport_warning": "<b>Warning</b>: Adding a new transport map entry will update the credentials for all entries with a matching next hop column.",
         "customer_id": "Customer ID",
         "customize": "Customize",
+        "login_page": "Login Page",
         "destination": "Destination",
         "dkim_add_key": "Add ARC/DKIM key",
         "dkim_domains_selector": "Selector",
@@ -179,6 +181,7 @@
         "domain": "Domain",
         "domain_admin": "Domain administrator",
         "domain_admins": "Domain administrators",
+        "domainadmin_quicklink": "Hide Quicklink to Domainadmin Login Page",
         "domain_s": "Domain/s",
         "duplicate": "Duplicate",
         "duplicate_dkim": "Duplicate DKIM record",
@@ -202,6 +205,8 @@
         "f2b_whitelist": "Whitelisted networks/hosts",
         "filter": "Filter",
         "filter_table": "Filter table",
+        "force_sso_text": "If an external OIDC provider is configured, this option hides the default mailcow login froms and only shows the Singe Sign-On button",
+        "force_sso": "Disable mailcow Login and show only Singe Sign-On",
         "forwarding_hosts": "Forwarding Hosts",
         "forwarding_hosts_add_hint": "You can either specify IPv4/IPv6 addresses, networks in CIDR notation, host names (which will be resolved to IP addresses), or domain names (which will be resolved to IP addresses by querying SPF records or, in their absence, MX records).",
         "forwarding_hosts_hint": "Incoming messages are unconditionally accepted from any hosts listed here. These hosts are then not checked against DNSBLs or subjected to greylisting. Spam received from them is never rejected, but optionally it can be filed into the Junk folder. The most common use for this is to specify mail servers on which you have set up a rule that forwards incoming emails to your mailcow server.",
@@ -317,6 +322,7 @@
         "quarantine_release_format_att": "As attachment",
         "quarantine_release_format_raw": "Unmodified original",
         "quarantine_retention_size": "Retentions per mailbox:<br><small>0 indicates <b>inactive</b>.</small>",
+        "quicklink_text": "Show or hide quick links to other login pages under the login form",
         "quota_notification_html": "Notification email template:<br><small>Leave empty to restore default template.</small>",
         "quota_notification_sender": "Notification email sender",
         "quota_notification_subject": "Notification email subject",
@@ -398,6 +404,7 @@
         "upload": "Upload",
         "username": "Username",
         "user_link": "User-Link",
+        "user_quicklink": "Hide Quicklink to User Login Page",
         "validate_license_now": "Validate GUID against license server",
         "verify": "Verify",
         "yes": "&#10003;"
@@ -809,6 +816,10 @@
         "forgot_password": "> Forgot Password?",
         "invalid_pass_reset_token": "The reset password token is invalid or has expired.<br>Please request a new password reset link.",
         "login": "Login",
+        "login_linkstext": "Not the correct login?",
+        "login_usertext": "Log in as user",
+        "login_domainadmintext": "Log in as domain admin",
+        "login_admintext": "Log in as admin",
         "login_user": "User Login",
         "login_dadmin": "Domain-Administrator Login",
         "login_admin": "Administrator Login",
@@ -1105,6 +1116,7 @@
         "bcc_edited": "BCC map entry %s edited",
         "bcc_saved": "BCC map entry saved",
         "cors_headers_edited": "CORS settings have been saved",
+        "custom_login_modified": "Login customisation was saved successfully",
         "db_init_complete": "Database initialization completed",
         "delete_filter": "Deleted filters ID %s",
         "delete_filters": "Deleted filters: %s",
diff --git a/data/web/templates/admin/tab-config-customize.twig b/data/web/templates/admin/tab-config-customize.twig
index c2071c399..aecf1846e 100644
--- a/data/web/templates/admin/tab-config-customize.twig
+++ b/data/web/templates/admin/tab-config-customize.twig
@@ -51,7 +51,41 @@
           </div></p>
         </form>
       </div>
-      <legend>{{ lang.admin.app_links }}</legend><hr />
+      <legend style="padding-top:20px" unselectable="on">{{ lang.admin.login_page }}</legend><hr />
+      <div>
+        <form class="form" data-id="custom_login" role="form" method="post">
+          <p class="text-muted">{{ lang.admin.quicklink_text }}</p>
+          <div class="ms-2 mb-1">
+            <input class="form-check-input" type="checkbox" value="1" name="hide_user_quicklink" id="hide_user_quicklink" {% if custom_login.hide_user_quicklink == 1 %}checked{% endif %}>
+            <label class="form-check-label" for="hide_user_quicklink">
+              {{ lang.admin.user_quicklink|raw }}
+            </label>
+          </div>
+          <div class="ms-2 mb-1">
+            <input class="form-check-input" type="checkbox" value="1" name="hide_domainadmin_quicklink" id="hide_domainadmin_quicklink" {% if custom_login.hide_domainadmin_quicklink == 1 %}checked{% endif %}>
+            <label class="form-check-label" for="hide_domainadmin_quicklink">
+              {{ lang.admin.domainadmin_quicklink|raw }}
+            </label>
+          </div>
+          <div class="ms-2 mb-4">
+            <input class="form-check-input" type="checkbox" value="1" name="hide_admin_quicklink" id="hide_admin_quicklink" {% if custom_login.hide_admin_quicklink == 1 %}checked{% endif %}>
+            <label class="form-check-label" for="hide_admin_quicklink">
+              {{ lang.admin.admin_quicklink|raw }}
+            </label>
+          </div>
+          <p class="text-muted">{{ lang.admin.force_sso_text|raw }}</p>
+          <div class="ms-2 mb-4">
+            <input class="form-check-input" type="checkbox" value="1" name="force_sso" id="force_sso" {% if custom_login.force_sso == 1 %}checked{% endif %}>
+            <label class="form-check-label" for="force_sso">
+              {{ lang.admin.force_sso|raw }}
+            </label>
+          </div>
+          <p><div class="btn-group">
+            <button class="btn btn-sm btn-xs-half d-block d-sm-inline btn-success" data-action="edit_selected" data-item="admin" data-id="custom_login" data-reload="no" data-api-url='edit/custom_login' data-api-attr='{}' href="#"><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
+          </div></p>
+        </form>
+      </div>
+      <legend style="padding-top:20px">{{ lang.admin.app_links }}</legend><hr />
       <p class="text-muted">{{ lang.admin.merged_vars_hint|raw }}</p>
       <form class="form-inline" data-id="app_links" role="form" method="post">
         <table class="table table-condensed" style="white-space: nowrap;" id="app_link_table">
diff --git a/data/web/templates/admin_index.twig b/data/web/templates/admin_index.twig
index 6f223889e..0dcb9145e 100644
--- a/data/web/templates/admin_index.twig
+++ b/data/web/templates/admin_index.twig
@@ -5,13 +5,28 @@
 {% block content %}
 <div class="row mb-4" style="margin-top: 60px">
   <div class="col-12 col-md-7 col-lg-6 col-xl-5 ms-auto me-auto">
+
     <div class="card">
-      <div class="card-header d-flex align-items-center">
+      <div class="card-header d-flex align-items-center text-break">
         <i class="bi bi-person-fill me-2"></i> {{ lang.login.login_admin }}
         <div class="ms-auto form-check form-switch my-auto d-flex align-items-center">
           <label class="form-check-label"><i class="bi bi-moon-fill"></i></label>
           <input class="form-check-input ms-2" type="checkbox" id="dark-mode-toggle">
         </div>
+        <div class="ms-4 d-grid d-sm-block">
+          <button type="button" {% if available_languages|length == 1 %}disabled="true"{% endif %} class="text-secondary btn p-0 border-0 bg-transparent ms-auto dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+            <span class="flag-icon flag-icon-{{ mailcow_locale[-2:] }}"></span>
+          </button>
+          <ul class="dropdown-menu ms-auto login">
+            {% for key, val in available_languages %}
+              <li>
+                <a class="dropdown-item {% if mailcow_locale == key %}active{% endif %}" href="?{{ query_string({'lang': key}) }}">
+                  <span class="flag-icon flag-icon-{{ key[-2:] }}"></span>{{ val }}
+                </a>
+              </li>
+            {% endfor %}
+          </ul>
+        </div>
       </div>
       <div class="card-body">
         <div class="text-center mailcow-logo mb-4">
@@ -37,23 +52,10 @@
             </div>
           </div>
           <div class="d-flex justify-content-between mt-4" style="position: relative">
-            <button type="submit" class="btn btn-xs-lg btn-success" value="Login">{{ lang.login.login }}</button>            <div class="d-grid d-sm-block">
-            <button type="button" {% if available_languages|length == 1 %}disabled="true"{% endif %} class="btn btn-secondary ms-auto dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
-              <span class="flag-icon flag-icon-{{ mailcow_locale[-2:] }}"></span>
-            </button>
-            <ul class="dropdown-menu ms-auto login">
-              {% for key, val in available_languages %}
-                <li>
-                  <a class="dropdown-item {% if mailcow_locale == key %}active{% endif %}" href="?{{ query_string({'lang': key}) }}">
-                    <span class="flag-icon flag-icon-{{ key[-2:] }}"></span>{{ val }}
-                  </a>
-                </li>
-              {% endfor %}
-            </ul>
-            </div>
+            <button type="submit" class="btn btn-xs-lg btn-success w-100 mt-2 mx-auto" style="max-width: 400px;" value="Login">{{ lang.login.login }}</button>
           </div>
         </form>
-        <div class="hr-title mt-5"><strong>{{ lang.login.other_logins }}</strong></div>
+        <div class="hr-title"><strong>{{ lang.login.other_logins }}</strong></div>
         <div class="d-flex flex-column align-items-center">
           <a class="btn btn-xs-lg btn-secondary w-100" style="max-width: 400px;" href="#" id="fido2-login"><i class="bi bi-shield-fill-check"></i> {{ lang.login.fido2_webauthn }}</a>
         </div>
@@ -86,6 +88,15 @@
         {% endif %}
       </div>
     </div>
+
+    {% if custom_login.hide_user_quicklink != 1 or custom_login.hide_domainadmin_quicklink != 1 %}
+    <p class="text-center mt-3 text-muted" style="font-size: 0.9rem;">
+      {{ lang.login.login_linkstext }}<br>
+      {% if custom_login.hide_user_quicklink != 1 %}<a href="/">{{ lang.login.login_usertext }}</a>{% endif %}
+      {% if custom_login.hide_user_quicklink != 1 and custom_login.hide_domainadmin_quicklink != 1 %}|{% endif %}
+      {% if custom_login.hide_domainadmin_quicklink != 1 %}<a href="/domainadmin">{{ lang.login.login_domainadmintext }}</a>{% endif %}
+    </p>
+    {% endif %}
   </div>
 </div>
 {% endblock %}
diff --git a/data/web/templates/domainadmin_index.twig b/data/web/templates/domainadmin_index.twig
index 003fdba1f..2fc7bad98 100644
--- a/data/web/templates/domainadmin_index.twig
+++ b/data/web/templates/domainadmin_index.twig
@@ -5,13 +5,28 @@
 {% block content %}
 <div class="row mb-4" style="margin-top: 60px">
   <div class="col-12 col-md-7 col-lg-6 col-xl-5 ms-auto me-auto">
+
     <div class="card">
-      <div class="card-header d-flex align-items-center">
+      <div class="card-header d-flex align-items-center text-break">
         <i class="bi bi-person-fill me-2"></i> {{ lang.login.login_dadmin }}
         <div class="ms-auto form-check form-switch my-auto d-flex align-items-center">
           <label class="form-check-label"><i class="bi bi-moon-fill"></i></label>
           <input class="form-check-input ms-2" type="checkbox" id="dark-mode-toggle">
         </div>
+        <div class="ms-4 d-grid d-sm-block">
+          <button type="button" {% if available_languages|length == 1 %}disabled="true"{% endif %} class="text-secondary btn p-0 border-0 bg-transparent ms-auto dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+            <span class="flag-icon flag-icon-{{ mailcow_locale[-2:] }}"></span>
+          </button>
+          <ul class="dropdown-menu ms-auto login">
+            {% for key, val in available_languages %}
+              <li>
+                <a class="dropdown-item {% if mailcow_locale == key %}active{% endif %}" href="?{{ query_string({'lang': key}) }}">
+                  <span class="flag-icon flag-icon-{{ key[-2:] }}"></span>{{ val }}
+                </a>
+              </li>
+            {% endfor %}
+          </ul>
+        </div>
       </div>
       <div class="card-body">
         <div class="text-center mailcow-logo mb-4">
@@ -37,23 +52,10 @@
             </div>
           </div>
           <div class="d-flex justify-content-between mt-4" style="position: relative">
-            <button type="submit" class="btn btn-xs-lg btn-success" value="Login">{{ lang.login.login }}</button>            <div class="d-grid d-sm-block">
-            <button type="button" {% if available_languages|length == 1 %}disabled="true"{% endif %} class="btn btn-secondary ms-auto dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
-              <span class="flag-icon flag-icon-{{ mailcow_locale[-2:] }}"></span>
-            </button>
-            <ul class="dropdown-menu ms-auto login">
-              {% for key, val in available_languages %}
-                <li>
-                  <a class="dropdown-item {% if mailcow_locale == key %}active{% endif %}" href="?{{ query_string({'lang': key}) }}">
-                    <span class="flag-icon flag-icon-{{ key[-2:] }}"></span>{{ val }}
-                  </a>
-                </li>
-              {% endfor %}
-            </ul>
-            </div>
+            <button type="submit" class="btn btn-xs-lg btn-success w-100 mt-2 mx-auto" style="max-width: 400px;" value="Login">{{ lang.login.login }}</button>
           </div>
         </form>
-        <div class="hr-title mt-5"><strong>{{ lang.login.other_logins }}</strong></div>
+        <div class="hr-title"><strong>{{ lang.login.other_logins }}</strong></div>
         <div class="d-flex flex-column align-items-center">
           <a class="btn btn-xs-lg btn-secondary w-100" style="max-width: 400px;" href="#" id="fido2-login"><i class="bi bi-shield-fill-check"></i> {{ lang.login.fido2_webauthn }}</a>
         </div>
@@ -86,6 +88,15 @@
         {% endif %}
       </div>
     </div>
+
+    {% if custom_login.hide_user_quicklink != 1 or custom_login.hide_admin_quicklink != 1 %}
+    <p class="text-center mt-3 text-muted" style="font-size: 0.9rem;">
+      {{ lang.login.login_linkstext }}<br>
+      {% if custom_login.hide_user_quicklink != 1 %}<a href="/">{{ lang.login.login_usertext }}</a>{% endif %}
+      {% if custom_login.hide_user_quicklink != 1 and custom_login.hide_admin_quicklink != 1 %}|{% endif %}
+      {% if custom_login.hide_admin_quicklink != 1 %}<a href="/admin">{{ lang.login.login_admintext }}</a>{% endif %}
+    </p>
+    {% endif %}
   </div>
 </div>
 {% endblock %}
diff --git a/data/web/templates/user_index.twig b/data/web/templates/user_index.twig
index 4ed942143..234aa01cb 100644
--- a/data/web/templates/user_index.twig
+++ b/data/web/templates/user_index.twig
@@ -5,13 +5,30 @@
 {% block content %}
 <div class="row mb-4" style="margin-top: 60px">
   <div class="col-12 col-md-7 col-lg-6 col-xl-5 ms-auto me-auto">
+
     <div class="card">
-      <div class="card-header d-flex align-items-center">
+      <div class="card-header d-flex align-items-center text-break">
         <i class="bi bi-person-fill me-2"></i> {{ lang.login.login_user }}
         <div class="ms-auto form-check form-switch my-auto d-flex align-items-center">
           <label class="form-check-label"><i class="bi bi-moon-fill"></i></label>
           <input class="form-check-input ms-2" type="checkbox" id="dark-mode-toggle">
         </div>
+        {% if not oauth2_request %}
+        <div class="ms-4 d-grid d-sm-block">
+          <button type="button" {% if available_languages|length == 1 %}disabled="true"{% endif %} class="text-secondary btn p-0 border-0 bg-transparent ms-auto dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+            <span class="flag-icon flag-icon-{{ mailcow_locale[-2:] }}"></span>
+          </button>
+          <ul class="dropdown-menu ms-auto login">
+            {% for key, val in available_languages %}
+              <li>
+                <a class="dropdown-item {% if mailcow_locale == key %}active{% endif %}" href="?{{ query_string({'lang': key}) }}">
+                  <span class="flag-icon flag-icon-{{ key[-2:] }}"></span>{{ val }}
+                </a>
+              </li>
+            {% endfor %}
+          </ul>
+        </div>
+        {% endif %}
       </div>
       <div class="card-body">
         <div class="text-center mailcow-logo mb-4">
@@ -25,6 +42,7 @@
         {% if is_mobileconfig %}
         <div class="my-4 alert alert-info ">{{ lang.login.mobileconfig_info }}</div>
         {% endif %}
+        {% if custom_login.force_sso != 1 %}
         <form method="post" autofill="off">
           <div class="d-flex mt-3">
             <label class="visually-hidden" for="login_user">{{ lang.login.username }}</label>
@@ -40,35 +58,22 @@
               <input name="pass_user" type="password" id="pass_user" class="form-control" placeholder="{{ lang.login.password }}" required="" autocomplete="current-password">
             </div>
           </div>
+          <div class="mt-2 text-muted" style="font-size: 0.9rem;">
+            <a href="/reset-password">{{ lang.login.forgot_password }}</a>
+          </div>
           <div class="d-flex justify-content-between mt-4" style="position: relative">
-            <button type="submit" class="btn btn-xs-lg btn-success" value="Login">{{ lang.login.login }}</button>
-            {% if not oauth2_request %}
-            <div class="d-grid d-sm-block">
-            <button type="button" {% if available_languages|length == 1 %}disabled="true"{% endif %} class="btn btn-secondary ms-auto dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
-              <span class="flag-icon flag-icon-{{ mailcow_locale[-2:] }}"></span>
-            </button>
-            <ul class="dropdown-menu ms-auto login">
-              {% for key, val in available_languages %}
-                <li>
-                  <a class="dropdown-item {% if mailcow_locale == key %}active{% endif %}" href="?{{ query_string({'lang': key}) }}">
-                    <span class="flag-icon flag-icon-{{ key[-2:] }}"></span>{{ val }}
-                  </a>
-                </li>
-              {% endfor %}
-            </ul>
-            </div>
-            {% endif %}
+            <button type="submit" class="btn btn-xs-lg btn-success w-100 mt-2 mx-auto" style="max-width: 400px;" value="Login">{{ lang.login.login }}</button>
           </div>
         </form>
-        <div class="mt-3">
-          <a href="/reset-password">{{ lang.login.forgot_password }}</a>
-        </div>
-        <div class="hr-title mt-5"><strong>{{ lang.login.other_logins }}</strong></div>
+        <div class="hr-title"><strong>{{ lang.login.other_logins }}</strong></div>
+        {% endif %}
         <div class="d-flex flex-column align-items-center">
           {% if has_iam_sso %}
           <a class="btn btn-xs-lg btn-secondary w-100 mt-2" style="max-width: 400px;" href="/?iam_sso=1"><i class="bi bi-cloud-arrow-up-fill"></i> {{ lang.admin.iam_sso }}</a>
           {% endif %}
+          {% if custom_login.force_sso != 1 %}
           <a class="btn btn-xs-lg btn-secondary w-100 mt-2" style="max-width: 400px;" href="#" id="fido2-login"><i class="bi bi-shield-fill-check"></i> {{ lang.login.fido2_webauthn }}</a>
+          {% endif %}
         </div>
         {% if login_delay %}
         <p><div class="my-4 alert alert-info">{{ lang.login.delayed|format(login_delay) }}</b></div></p>
@@ -96,9 +101,20 @@
             {% endfor %}
           {% endfor %}
         </div>
+        <div>
+        </div>
         {% endif %}
       </div>
     </div>
+
+    {% if custom_login.hide_admin_quicklink != 1 or custom_login.hide_domainadmin_quicklink != 1 %}
+    <p class="text-center mt-3 text-muted" style="font-size: 0.9rem;">
+      {{ lang.login.login_linkstext }}<br>
+      {% if custom_login.hide_admin_quicklink != 1 %}<a href="/admin">{{ lang.login.login_admintext }}</a>{% endif %}
+      {% if custom_login.hide_admin_quicklink != 1 and custom_login.hide_domainadmin_quicklink != 1 %}|{% endif %}
+      {% if custom_login.hide_domainadmin_quicklink != 1 %}<a href="/domainadmin">{{ lang.login.login_domainadmintext }}</a>{% endif %}
+    </p>
+    {% endif %}
   </div>
 </div>
 {% if not oauth2_request and ui_texts.help_text %}

From 486b2974092dc5a42178204ff587650a8452c9c0 Mon Sep 17 00:00:00 2001
From: krzsztf1 <131195155+krzsztf1@users.noreply.github.com>
Date: Fri, 9 May 2025 18:33:19 +0200
Subject: [PATCH 572/755] Fix typo in rspamd rule in composites.conf (#6515)

Co-authored-by: Krzysztof Nowak <k.nowak@intalio.pl>
---
 data/conf/rspamd/local.d/composites.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/conf/rspamd/local.d/composites.conf b/data/conf/rspamd/local.d/composites.conf
index 9bb84424a..4ce042aab 100644
--- a/data/conf/rspamd/local.d/composites.conf
+++ b/data/conf/rspamd/local.d/composites.conf
@@ -8,7 +8,7 @@ VIRUS_FOUND {
 }
 # Bad policy from free mail providers
 FREEMAIL_POLICY_FAILURE {
-  expression = "FREEMAIL_FROM & !DMARC_POLICY_ALLOW & !MAILLIST& !WHITELISTED_FWD_HOST & -g+:policies";
+  expression = "FREEMAIL_FROM & !DMARC_POLICY_ALLOW & !MAILLIST & !WHITELISTED_FWD_HOST & -g+:policies";
   score = 16.0;
 }
 # Applies to freemail with undisclosed recipients

From 1b2f424edc7b5f91c450b36b5cf64f012e7b821b Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 12 May 2025 12:20:23 +0200
Subject: [PATCH 573/755] [Web] Add identity_provider option to disable
 auto-creation of users on login

---
 data/web/inc/functions.auth.inc.php           | 33 ++++++++++++++-----
 data/web/inc/functions.inc.php                | 24 +++++++++++---
 data/web/lang/lang.de-de.json                 |  1 +
 data/web/lang/lang.en-gb.json                 |  1 +
 .../admin/tab-config-identity-provider.twig   | 32 +++++++++++++++++-
 5 files changed, 78 insertions(+), 13 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 57dec808d..ebc432a1f 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -262,10 +262,6 @@ function user_login($user, $pass, $extra = null){
             return false;
           }
 
-          if (intval($row['attributes']['force_pw_update']) == 1) {
-            $_SESSION['pending_pw_update'] = true;
-          }
-
           // check for tfa authenticators
           $authenticators = get_tfa($user);
           if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$is_internal) {
@@ -318,10 +314,6 @@ function user_login($user, $pass, $extra = null){
           return false;
         }
 
-        if (intval($row['attributes']['force_pw_update']) == 1) {
-          $_SESSION['pending_pw_update'] = true;
-        }
-
         // check for tfa authenticators
         $authenticators = get_tfa($user);
         if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$is_internal) {
@@ -485,6 +477,9 @@ function keycloak_mbox_login_rest($user, $pass, $extra = null){
     }
     return false;
   }
+  if (!$iam_provider) {
+    return false;
+  }
 
   // get access_token for service account of mailcow client
   $admin_token = identity_provider("get-keycloak-admin-token");
@@ -554,6 +549,17 @@ function keycloak_mbox_login_rest($user, $pass, $extra = null){
     return 'user';
   }
 
+  // check if login provisioning is enabled before creating user
+  if (!$iam_settings['login_provisioning']){
+    if (!$is_internal){
+      $_SESSION['return'][] =  array(
+        'type' => 'danger',
+        'log' => array(__FUNCTION__, "Auto-create users on login is deactivated"),
+        'msg' => 'login_failed'
+      );
+    }
+    return false;
+  }
   // check if matching attribute exist
   if (empty($iam_settings['mappers']) || !$user_template || $mapper_key === false) {
     if (!empty($iam_settings['default_template'])) {
@@ -667,6 +673,17 @@ function ldap_mbox_login($user, $pass, $extra = null){
     return 'user';
   }
 
+  // check if login provisioning is enabled before creating user
+  if (!$iam_settings['login_provisioning']){
+    if (!$is_internal){
+      $_SESSION['return'][] =  array(
+        'type' => 'danger',
+        'log' => array(__FUNCTION__, "Auto-create users on login is deactivated"),
+        'msg' => 'login_failed'
+      );
+    }
+    return false;
+  }
   // check if matching attribute exist
   if (empty($iam_settings['mappers']) || !$user_template || $mapper_key === false) {
     if (!empty($iam_settings['default_tempalte'])) {
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index aab579284..edf428d5a 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2294,6 +2294,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
           break;
           case "use_ssl":
           case "use_tls":
+          case "login_provisioning":
           case "ignore_ssl_errors":
             $settings[$row["key"]] = boolval($row["value"]);
           break;
@@ -2302,6 +2303,10 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
           break;
         }
       }
+      // set login_provisioning if not exists
+      if (!array_key_exists('login_provisioning', $settings)) {
+        $settings['login_provisioning'] = 1;
+      }
       // return default client_scopes for generic-oidc if none is set
       if ($settings["authsource"] == "generic-oidc" && empty($settings["client_scopes"])){
         $settings["client_scopes"] = "openid profile email mailcow_template";
@@ -2366,7 +2371,8 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
         return false;
       }
 
-      $_data['ignore_ssl_error']  = isset($_data['ignore_ssl_error']) ? boolval($_data['ignore_ssl_error']) : false;
+      $_data['ignore_ssl_error']    = isset($_data['ignore_ssl_error']) ? boolval($_data['ignore_ssl_error']) : false;
+      $_data['login_provisioning']  = isset($_data['login_provisioning']) ? boolval($_data['login_provisioning']) : false;
       switch ($_data['authsource']) {
         case "keycloak":
           $_data['server_url']        = (!empty($_data['server_url'])) ? rtrim($_data['server_url'], '/') : null;
@@ -2375,14 +2381,14 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
           $_data['import_users']      = isset($_data['import_users']) ? intval($_data['import_users']) : 0;
           $_data['sync_interval']     = (!empty($_data['sync_interval'])) ? intval($_data['sync_interval']) : 15;
           $_data['sync_interval']     = $_data['sync_interval'] < 1 ? 1 : $_data['sync_interval'];
-          $required_settings          = array('authsource', 'server_url', 'realm', 'client_id', 'client_secret', 'redirect_url', 'version', 'mailpassword_flow', 'periodic_sync', 'import_users', 'sync_interval', 'ignore_ssl_error');
+          $required_settings          = array('authsource', 'server_url', 'realm', 'client_id', 'client_secret', 'redirect_url', 'version', 'mailpassword_flow', 'periodic_sync', 'import_users', 'sync_interval', 'ignore_ssl_error', 'login_provisioning');
         break;
         case "generic-oidc":
           $_data['authorize_url']     = (!empty($_data['authorize_url'])) ? $_data['authorize_url'] : null;
           $_data['token_url']         = (!empty($_data['token_url'])) ? $_data['token_url'] : null;
           $_data['userinfo_url']      = (!empty($_data['userinfo_url'])) ? $_data['userinfo_url'] : null;
           $_data['client_scopes']     = (!empty($_data['client_scopes'])) ? $_data['client_scopes'] : "openid profile email mailcow_template";
-          $required_settings          = array('authsource', 'authorize_url', 'token_url', 'client_id', 'client_secret', 'redirect_url', 'userinfo_url', 'client_scopes', 'ignore_ssl_error');
+          $required_settings          = array('authsource', 'authorize_url', 'token_url', 'client_id', 'client_secret', 'redirect_url', 'userinfo_url', 'client_scopes', 'ignore_ssl_error', 'login_provisioning');
         break;
         case "ldap":
           $_data['host']              = (!empty($_data['host'])) ? str_replace(" ", "", $_data['host']) : "";
@@ -2396,7 +2402,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
           $_data['use_tls']           = isset($_data['use_tls']) && !$_data['use_ssl'] ? boolval($_data['use_tls']) : false;
           $_data['sync_interval']     = (!empty($_data['sync_interval'])) ? intval($_data['sync_interval']) : 15;
           $_data['sync_interval']     = $_data['sync_interval'] < 1 ? 1 : $_data['sync_interval'];
-          $required_settings          = array('authsource', 'host', 'port', 'basedn', 'username_field', 'filter', 'attribute_field', 'binddn', 'bindpass', 'periodic_sync', 'import_users', 'sync_interval', 'use_ssl', 'use_tls', 'ignore_ssl_error');
+          $required_settings          = array('authsource', 'host', 'port', 'basedn', 'username_field', 'filter', 'attribute_field', 'binddn', 'bindpass', 'periodic_sync', 'import_users', 'sync_interval', 'use_ssl', 'use_tls', 'ignore_ssl_error', 'login_provisioning');
         break;
       }
 
@@ -2766,6 +2772,16 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
         return true;
       }
 
+      // user doesn't exist, check if login provisioning is enabled
+      if (!$iam_settings['login_provisioning']){
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, "Auto-create users on login is deactivated"),
+          'msg' => 'login_failed'
+        );
+        return false;
+      }
+
       if (empty($iam_settings['mappers']) || empty($user_template) || $mapper_key === false){
         if (!empty($iam_settings['default_template'])) {
           $mbox_template = $iam_settings['default_template'];
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 06d43b565..6e1b4d4c2 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -227,6 +227,7 @@
         "iam_host": "Host",
         "iam_host_info": "Gib einen oder mehrere LDAP-Hosts ein, getrennt durch Kommas.",
         "iam_import_users": "Importiere Benutzer",
+        "iam_login_provisioning": "Benutzer beim Login erstellen",
         "iam_mapping": "Attribut Mapping",
         "iam_bindpass": "Bind Passwort",
         "iam_periodic_full_sync": "Vollsynchronisation",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 707e2a60e..fb8fbb6e4 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -234,6 +234,7 @@
         "iam_host": "Host",
         "iam_host_info": "Enter one or more LDAP hosts, separated by commas.",
         "iam_import_users": "Import Users",
+        "iam_login_provisioning": "Auto-create users on login",
         "iam_mapping": "Attribute Mapping",
         "iam_bindpass": "Bind Password",
         "iam_periodic_full_sync": "Periodic Full Sync",
diff --git a/data/web/templates/admin/tab-config-identity-provider.twig b/data/web/templates/admin/tab-config-identity-provider.twig
index a93002257..4572d7fb5 100644
--- a/data/web/templates/admin/tab-config-identity-provider.twig
+++ b/data/web/templates/admin/tab-config-identity-provider.twig
@@ -219,6 +219,16 @@
               </div>
             </div>
           </div>
+          <div class="row mb-2">
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label">{{ lang.admin.iam_login_provisioning }}</label>
+            </div>
+            <div class="col-12 col-md-9">
+              <div class="form-check form-switch">
+                <input class="form-check-input" type="checkbox" role="switch" name="login_provisioning"  value="1" {% if iam_settings.login_provisioning == 1 %}checked{% endif %}>
+              </div>
+            </div>
+          </div>
           <div class="row mb-2">
             <div class="col-md-3 d-flex align-items-center justify-content-md-end">
               <label class="control-label">{{ lang.admin.iam_periodic_full_sync }}</label>
@@ -430,7 +440,7 @@
               </div>
             </div>
           </div>
-          <div class="row mb-4">
+          <div class="row mb-2">
             <div class="col-md-3 d-flex align-items-center justify-content-md-end">
               <label class="control-label">{{ lang.admin.ignore_ssl_error }}</label>
             </div>
@@ -440,6 +450,16 @@
               </div>
             </div>
           </div>
+          <div class="row mb-4">
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label">{{ lang.admin.iam_login_provisioning }}</label>
+            </div>
+            <div class="col-12 col-md-9">
+              <div class="form-check form-switch">
+                <input class="form-check-input" type="checkbox" role="switch" name="login_provisioning"  value="1" {% if iam_settings.login_provisioning == 1 %}checked{% endif %}>
+              </div>
+            </div>
+          </div>
           <div class="row mt-4 mb-2">
             <div class="offset-md-3 col-12 col-md-9 d-flex flex-wrap">
               <div class="btn-group mb-2">
@@ -646,6 +666,16 @@
               </div>
             </div>
           </div>
+          <div class="row mb-2">
+            <div class="col-md-3 d-flex align-items-center justify-content-md-end">
+              <label class="control-label">{{ lang.admin.iam_login_provisioning }}</label>
+            </div>
+            <div class="col-12 col-md-9">
+              <div class="form-check form-switch">
+                <input class="form-check-input" type="checkbox" role="switch" name="login_provisioning"  value="1" {% if iam_settings.login_provisioning == 1 %}checked{% endif %}>
+              </div>
+            </div>
+          </div>
           <div class="row mb-2">
             <div class="col-md-3 d-flex align-items-center justify-content-md-end">
               <label class="control-label">{{ lang.admin.iam_periodic_full_sync }}</label>

From ffa29338737069d7e15fe26933cbb3aa8b8fcc2b Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 13 May 2025 09:49:53 +0200
Subject: [PATCH 574/755] increase Olefy, Rspamd and Watchdog docker images

---
 docker-compose.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 3b27a09a9..8f31c69c8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -84,7 +84,7 @@ services:
             - clamd
 
     rspamd-mailcow:
-      image: ghcr.io/mailcow/rspamd:2.1
+      image: ghcr.io/mailcow/rspamd:2.2
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow
@@ -498,7 +498,7 @@ services:
         - /lib/modules:/lib/modules:ro
 
     watchdog-mailcow:
-      image: ghcr.io/mailcow/watchdog:2.07
+      image: ghcr.io/mailcow/watchdog:2.08
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       tmpfs:
@@ -591,7 +591,7 @@ services:
             - dockerapi
 
     olefy-mailcow:
-      image: ghcr.io/mailcow/olefy:1.14
+      image: ghcr.io/mailcow/olefy:1.15
       restart: always
       environment:
         - TZ=${TZ}

From 03d979c089a5bda1608c5e55b47e16c191036a25 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 13 May 2025 10:14:58 +0200
Subject: [PATCH 575/755] [Web] Fix get custom_login

---
 data/web/inc/functions.customize.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/inc/functions.customize.inc.php b/data/web/inc/functions.customize.inc.php
index dc86bfe65..1d19066d2 100644
--- a/data/web/inc/functions.customize.inc.php
+++ b/data/web/inc/functions.customize.inc.php
@@ -388,8 +388,8 @@ function customize($_action, $_item, $_data = null) {
         break;
         case 'custom_login':
           try {
-            $custom_login = ($custom_login = $redis->get('CUSTOM_LOGIN')) ? $custom_login : array();
-            return json_decode($custom_login, true);
+            $custom_login = $redis->get('CUSTOM_LOGIN');
+            return $custom_login ? json_decode($custom_login, true) : array();
           }
           catch (RedisException $e) {
             $_SESSION['return'][] = array(

From 3bd01190bf84e67764801f64dd011b88603a10a3 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 16 May 2025 23:07:25 +0200
Subject: [PATCH 576/755] Translations update from Weblate (#6548)

* [Web] Updated lang.fr-fr.json

[Web] Updated lang.fr-fr.json

Co-authored-by: Samuel F. <20537389+samuelfranzini@users.noreply.github.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.ru-ru.json

[Web] Updated lang.ru-ru.json

[Web] Updated lang.ru-ru.json

Co-authored-by: Habetdin <15926758+Habetdin@users.noreply.github.com>
Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.zh-cn.json

Co-authored-by: Easton Man <me@eastonman.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.en-gb.json

Co-authored-by: Habetdin <15926758+Habetdin@users.noreply.github.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

---------

Co-authored-by: Samuel F. <20537389+samuelfranzini@users.noreply.github.com>
Co-authored-by: Habetdin <15926758+Habetdin@users.noreply.github.com>
Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: Easton Man <me@eastonman.com>
---
 data/web/lang/lang.en-gb.json |  2 +-
 data/web/lang/lang.fr-fr.json | 84 ++++++++++++++++++++++++++++++-----
 data/web/lang/lang.ru-ru.json | 83 ++++++++++++++++++++++++++++++----
 data/web/lang/lang.zh-cn.json | 20 +++++++--
 4 files changed, 165 insertions(+), 24 deletions(-)

diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index fb8fbb6e4..a04234610 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -205,7 +205,7 @@
         "f2b_whitelist": "Whitelisted networks/hosts",
         "filter": "Filter",
         "filter_table": "Filter table",
-        "force_sso_text": "If an external OIDC provider is configured, this option hides the default mailcow login froms and only shows the Singe Sign-On button",
+        "force_sso_text": "If an external OIDC provider is configured, this option hides the default mailcow login forms and only shows the Singe Sign-On button",
         "force_sso": "Disable mailcow Login and show only Singe Sign-On",
         "forwarding_hosts": "Forwarding Hosts",
         "forwarding_hosts_add_hint": "You can either specify IPv4/IPv6 addresses, networks in CIDR notation, host names (which will be resolved to IP addresses), or domain names (which will be resolved to IP addresses by querying SPF records or, in their absence, MX records).",
diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index 58300c0d4..313d6663c 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -359,7 +359,54 @@
         "service": "Service",
         "success": "Succès",
         "cors_settings": "Paramètres CORS",
-        "login_time": "Horodatage de connexion"
+        "login_time": "Horodatage de connexion",
+        "domainadmin_quicklink": "Masquer le lien rapide vers la page de connexion de l'administrateur du domaine",
+        "force_sso_text": "Si un fournisseur OIDC externe est configuré, cette option masque les formulaires de connexion par défaut de mailcow et n'affiche que le bouton Singe Sign-On",
+        "app_hide": "Masquer pour la connexion",
+        "admin_quicklink": "Masquer le lien rapide vers la page de connexion de l'administrateur",
+        "login_page": "Page de connexion",
+        "force_sso": "Désactiver la connexion mailcow et n'afficher que Singe Sign-On",
+        "iam_attribute_field": "Champ d'attribut",
+        "iam_authorize_url": "Endpoint d'autorisation",
+        "iam_auth_flow": "Flow d'authentification",
+        "iam_auth_flow_info": "Outre le flux de code d'autorisation (flux standard dans Keycloak), qui est utilisé pour la connexion unique, mailcow prend également en charge le flux d'authentification avec des informations d'identification directes. Le flux Mailpassword tente de valider les informations d'identification de l'utilisateur en utilisant l'API REST de Keycloak Admin. mailcow récupère le mot de passe haché dans l'attribut <code>mailcow_password</code>, qui est mappé dans Keycloak.",
+        "iam_basedn": "Base DN",
+        "iam_client_id": "ID Client",
+        "iam_client_secret": "Secret Client",
+        "iam_use_ssl": "Utiliser SSL",
+        "iam_redirect_url": "Url de redirection",
+        "iam_use_ssl_info": "Si le protocole SSL est activé et que le port est défini sur 389, il sera automatiquement remplacé par 636.",
+        "iam_use_tls_info": "Si vous activez TLS, vous devez utiliser le port par défaut de votre serveur LDAP (389). Les ports SSL ne peuvent pas être utilisés.",
+        "iam_version": "Version",
+        "ignore_ssl_error": "Ignorer les erreurs SSL",
+        "iam_login_provisioning": "Créer automatiquement l'utilisateur à la connexion",
+        "iam_mapping": "Mapping des attributs",
+        "iam_bindpass": "Lier le mot de passe",
+        "iam_periodic_full_sync": "Synchronisation complète périodique",
+        "iam_port": "Port",
+        "iam_realm": "Realm",
+        "iam_rest_flow": "Flow Mailpassword",
+        "iam_server_url": "URL du serveur",
+        "iam_sso": "Single Sign-On",
+        "iam_sync_interval": "Interval de Sync / Import (min)",
+        "iam_test_connection": "Test de connexion",
+        "iam_token_url": "Endpoint Token",
+        "iam_userinfo_url": "Endpoint User info",
+        "iam_username_field": "Champ du nom d'utilisateur",
+        "iam_binddn": "Bind DN",
+        "iam_use_tls": "Utiliser StartTLS",
+        "quicklink_text": "Afficher ou masquer les liens rapides vers d'autres pages de connexion sous le formulaire de connexion",
+        "task": "Tâche",
+        "user_link": "Lien utilisateur",
+        "user_quicklink": "Masquer le lien rapide vers la page de connexion de l'utilisateur",
+        "iam_client_scopes": "Scopes Client",
+        "iam_default_template": "Template par défaut",
+        "iam_default_template_description": "Si aucun modèle n'est attribué à un utilisateur, le modèle par défaut sera utilisé pour créer la boîte aux lettres, mais pas pour la mettre à jour.",
+        "iam_description": "Configurer un fournisseur externe pour l'authentification<br>Les boîtes aux lettres des utilisateurs seront automatiquement créées lors de leur première connexion, à condition qu'un mappage d'attributs ait été défini.",
+        "iam_extra_permission": "Pour que les paramètres suivants fonctionnent, le client mailcow dans Keycloak a besoin d'un <code>Compte de service</code> et de l'autorisation de <code>voir les utilisateurs</code>.",
+        "iam_host": "Hôte",
+        "iam_host_info": "Saisissez un ou plusieurs hôtes LDAP, séparés par des virgules.",
+        "iam_import_users": "Importer des utilisateurs"
     },
     "danger": {
         "access_denied": "Accès refusé ou données de formulaire non valides",
@@ -496,7 +543,11 @@
         "password_reset_invalid_user": "Boîte mail introuvable ou aucune adresse de récupération n'a été définie",
         "password_reset_na": "La réinitialisation des mots de passe est actuellement indisponible. Veuillez contacter votre administrateur.",
         "reset_token_limit_exceeded": "Le nombre limite de jetons de réinitialisation a été dépassé. Veuillez réessayer plus tard.",
-        "to_invalid": "Le destinataire ne doit pas être vide"
+        "to_invalid": "Le destinataire ne doit pas être vide",
+        "generic_server_error": "Une erreur de serveur inattendue s'est produite. Veuillez contacter votre administrateur.",
+        "authsource_in_use": "Le fournisseur d'identité ne peut pas être modifié ou supprimé car il est actuellement utilisé par un ou plusieurs utilisateurs.",
+        "iam_test_connection": "Échec de la connexion",
+        "required_data_missing": "La donnée requise %s est manquante"
     },
     "debug": {
         "chart_this_server": "Graphique (ce serveur)",
@@ -553,7 +604,7 @@
         "alias": "Éditer les alias",
         "allow_from_smtp": "Restreindre l'utilisation de <b>SMTP</b> à ces adresses IP",
         "allow_from_smtp_info": "Laissez vide pour autoriser tous les expéditeurs.<br>Adresses IPv4/IPv6 et réseaux.",
-        "allowed_protocols": "Protocoles autorisés",
+        "allowed_protocols": "Protocoles autorisés pour l'accès direct de l'utilisateur (n'affecte pas les protocoles de mot de passe de l'application)",
         "app_name": "Nom de l'application",
         "app_passwd": "Mot de passe de l'application",
         "automap": "Tenter de cibler automatiquement les dossiers (« Sent items », « Sent » => « Sent » etc.)",
@@ -672,7 +723,7 @@
         "none_inherit": "Aucun / Héritage",
         "quota_warning_bcc": "Avertissement sur les quotas BCC",
         "quota_warning_bcc_info": "Les avertissements seront envoyés en copies séparées aux destinataires suivants. Le sujet sera précédé du nom d'utilisateur correspondant entre parenthèses, par exemple : <code>Avertissement sur les quotas (user@example.com)</code>.",
-        "sogo_access_info": "L'authentification unique à partir de l'interface de messagerie reste opérationnelle. Ce paramètre n'affecte pas l'accès à tous les autres services et ne supprime ni, ne modifie le profil SOGo existant d'un utilisateur.",
+        "sogo_access_info": "Après s'être connecté, l'utilisateur est automatiquement redirigé vers SOGo.",
         "admin": "Modifier l'administrateur",
         "password_recovery_email": "Adresse email de récupération",
         "mailbox_rename_title": "Nouveau nom de la partie locale de la boîte de réception",
@@ -680,7 +731,7 @@
         "mailbox_rename_agree": "J'ai fait une sauvegarde.",
         "mailbox_rename_warning": "IMPORTANT ! Faites une sauvegarde avant de renommer la boîte de réception.",
         "mailbox_rename_alias": "Créer un alias automatiquement",
-        "sogo_access": "Autoriser la connexion directe à SOGo",
+        "sogo_access": "Redirection directe vers SOGo",
         "pushover": "Pushover",
         "pushover_sound": "Son"
     },
@@ -733,7 +784,11 @@
         "request_reset_password": "Demander le changement du mot de passe",
         "login_user": "Connexion Utilisateur",
         "login_dadmin": "Connexion Administrateur de domaine",
-        "login_admin": "Connexion Administrateur"
+        "login_admin": "Connexion Administrateur",
+        "login_linkstext": "L'identifiant n'est pas correct ?",
+        "login_usertext": "Se connecter en tant qu'utilisateur",
+        "login_domainadmintext": "Se connecter en tant qu'administrateur du domaine",
+        "login_admintext": "Se connecter en tant qu'administrateur"
     },
     "mailbox": {
         "action": "Action",
@@ -839,7 +894,7 @@
         "recipient_map_new": "Nouveau destinataire",
         "recipient_map_new_info": "La destination de la carte du destinataire doit être une adresse de courriel valide ou un nom de domaine.",
         "recipient_map_old": "Destinataire original",
-        "recipient_map_old_info": "Une carte de destination originale doit être une adresse de courriel valide ou un nom de domaine.",
+        "recipient_map_old_info": "La destination originale des cartes des destinataires doit être une adresse de courriel valide ou un nom de domaine.",
         "recipient_maps": "Cartes des bénéficiaires",
         "relay_all": "Relayer tous les destinataires",
         "remove": "Supprimer",
@@ -908,7 +963,8 @@
         "template": "Modèle",
         "syncjob_check_log": "Vérifier le journal",
         "recipient": "Destinataire",
-        "open_logs": "Afficher les journaux"
+        "open_logs": "Afficher les journaux",
+        "iam": "Fournisseur d'identité"
     },
     "oauth2": {
         "access_denied": "Veuillez vous connecter en tant que propriétaire de la boîte de réception pour accorder l’accès via Oauth2.",
@@ -1079,7 +1135,9 @@
         "recovery_email_sent": "Email de réinitialisation envoyé à %s",
         "mailbox_renamed": "La boîte de réception a été renommée de %s à %s",
         "template_modified": "Les modifications au modèle %s ont été enregistrées",
-        "password_policy_saved": "La politique de mot de passe a été enregistrée avec succès"
+        "password_policy_saved": "La politique de mot de passe a été enregistrée avec succès",
+        "custom_login_modified": "La personnalisation de la connexion a été sauvegardée avec succès",
+        "iam_test_connection": "Connexion réussie"
     },
     "tfa": {
         "api_register": "%s utilise l'API Yubico Cloud. Veuillez obtenir une clé API pour votre clé <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">ici</a>",
@@ -1259,8 +1317,8 @@
         "with_app_password": "avec le mot de passe de l'application",
         "apple_connection_profile_with_app_password": "Un nouveau mot de passe est généré et ajouté au profil, de sorte qu'aucun mot de passe ne doit être saisi lors de la configuration de votre appareil. Ne partagez pas le fichier car il vous donne un accès complet à votre boîte de réception.",
         "attribute": "Attribut",
-        "direct_protocol_access": "Cet utilisateur de la boîte aux lettres dispose d'un <b>accès externe direct</b> aux protocoles et applications suivants. Votre administrateur contrôle ce paramètre. Il est possible de créer des mots de passe d'application pour accorder l'accès à des protocoles et des applications individuels.<br>Le bouton « Connexion au webmail » permet une connexion unique à SOGo et est toujours disponible.",
-        "open_webmail_sso": "Connexion au webmail",
+        "direct_protocol_access": "Cet utilisateur de la boîte aux lettres dispose d'un <b>accès externe direct</b> aux protocoles et applications suivants. Votre administrateur contrôle ce paramètre. Il est possible de créer des mots de passe d'application pour accorder l'accès à des protocoles et des applications individuels.<br>Le bouton « Connexion au Webmail » permet une connexion unique à SOGo et est toujours disponible.",
+        "open_webmail_sso": "Connexion au Webmail",
         "recent_successful_connections": "Voir les connexions réussies",
         "syncjob_EXIT_TLS_FAILURE": "Problème de connexion chiffrée",
         "syncjob_EXIT_AUTHENTICATION_FAILURE": "Problème d'authentification",
@@ -1289,7 +1347,9 @@
         "open_logs": "Afficher les journaux",
         "pushover_sound": "Son",
         "mailbox_general": "Général",
-        "mailbox_settings": "Paramètres"
+        "mailbox_settings": "Paramètres",
+        "tfa_info": "L'authentification à deux facteurs permet de protéger votre compte. Si vous l'activez, vous aurez besoin de mots de passe d'application pour vous connecter à des applications ou des services qui ne prennent pas en charge l'authentification à deux facteurs (par exemple les clients e-mails).",
+        "overview": "Vue d'ensemble"
     },
     "warning": {
         "cannot_delete_self": "Impossible de supprimer l’utilisateur connecté",
diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index e9d856924..e17327978 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -359,7 +359,56 @@
         "username": "Имя пользователя",
         "validate_license_now": "Получить лицензию на основе GUID с сервера лицензий",
         "verify": "Проверить",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "force_sso_text": "Если настроен внешний провайдер OIDC, эта опция скрывает стандартные формы входа mailcow и показывает только кнопку Singe Sign-On",
+        "domainadmin_quicklink": "Скрыть ссылку на вход для администраторов домена",
+        "iam_periodic_full_sync": "Периодическая полная синхронизация",
+        "iam_sync_interval": "Интервал синхронизации/импорта (мин)",
+        "iam_use_tls_info": "При включённом TLS необходимо использовать стандартный порт LDAP-сервера (389). Порты SSL не подходят.",
+        "iam_use_ssl_info": "При включённом SSL, если указан порт 389, то вместо него автоматически будет использоваться порт 636.",
+        "quicklink_text": "Показать или скрыть ссылки для быстрого перехода к другим страницам входа под формой авторизации",
+        "iam_login_provisioning": "Автоматическое создание пользователей при входе в систему",
+        "iam_mapping": "Сопоставление атрибутов",
+        "iam_bindpass": "Bind пароль",
+        "iam_port": "Порт",
+        "iam_realm": "Realm",
+        "iam_redirect_url": "URL переадресации",
+        "iam_rest_flow": "Поток Mailpassword",
+        "iam_server_url": "URL сервера",
+        "iam_sso": "Технология единого входа (SSO)",
+        "iam_token_url": "Token endpoint",
+        "iam_userinfo_url": "User info endpoint",
+        "iam_username_field": "Поле имени пользователя",
+        "iam_binddn": "Bind DN",
+        "iam_use_ssl": "Использовать SSL",
+        "iam_use_tls": "Использовать StartTLS",
+        "iam_version": "Версия",
+        "ignore_ssl_error": "Игнорировать ошибки SSL",
+        "task": "Задача",
+        "user_link": "Пользовательская ссылка",
+        "user_quicklink": "Скрыть ссылку на вход для пользователей",
+        "app_hide": "Скрыть для входа",
+        "iam_test_connection": "Проверка соединения",
+        "login_page": "Страница входа",
+        "filter": "Фильтр",
+        "force_sso": "Отключить mailcow авторизацию и показывать только Singe Sign-On",
+        "iam": "Провайдер идентификации",
+        "iam_attribute_field": "Поле атрибута",
+        "iam_authorize_url": "Конечная точка авторизации",
+        "iam_auth_flow": "Процесс аутентификации",
+        "iam_auth_flow_info": "В дополнение к потоку кода авторизации (стандартный поток в Keycloak), который используется для Single-Sign On входа, mailcow также поддерживает поток аутентификации с непосредственными учетными данными. Поток Mailpassword пытается проверить учетные данные пользователя с помощью REST API администратора Keycloak. mailcow извлекает хешированный пароль из атрибута <code>mailcow_password</code>, который отображается в Keycloak.",
+        "iam_basedn": "Base DN",
+        "iam_client_id": "ID клиента",
+        "iam_client_secret": "Секрет клиента",
+        "iam_client_scopes": "Области действия клиента",
+        "iam_default_template": "Шаблон по умолчанию",
+        "iam_default_template_description": "Если пользователю не назначен шаблон, шаблон по умолчанию будет использоваться при создании почтового ящика, но не при обновлении почтового ящика.",
+        "iam_description": "Настройка внешнего провайдера для аутентификации<br>Почтовые ящики пользователей будут автоматически создаваться при первом входе в систему, если было задано сопоставление атрибутов.",
+        "iam_extra_permission": "Для работы следующих настроек клиенту mailcow в Keycloak необходима <code>служебная учетная запись</code> и разрешение на <code>просмотр пользователей</code>.",
+        "iam_host": "Хост",
+        "iam_host_info": "Укажите один или несколько LDAP-хостов через запятую.",
+        "iam_import_users": "Импорт пользователей",
+        "admin_quicklink": "Скрыть ссылку на вход для администраторов"
     },
     "danger": {
         "access_denied": "Доступ запрещён, или указаны неверные данные",
@@ -496,7 +545,11 @@
         "webauthn_publickey_failed": "Для выбранного аутентификатора не был сохранен открытый ключ",
         "webauthn_username_failed": "Выбранный аутентификатор принадлежит другой учетной записи",
         "webauthn_verification_failed": "Ошибка валидации WebAuthn: %s",
-        "yotp_verification_failed": "Ошибка валидации Yubico OTP: %s"
+        "yotp_verification_failed": "Ошибка валидации Yubico OTP: %s",
+        "generic_server_error": "На сервере произошла непредвиденная ошибка. Пожалуйста, свяжитесь с вашим администратором.",
+        "authsource_in_use": "Поставщик идентификационных данных не может быть изменен или удален, так как в данный момент он используется одним или несколькими пользователями.",
+        "iam_test_connection": "Ошибка соединения",
+        "required_data_missing": "Отсутствуют необходимые данные %s"
     },
     "datatables": {
         "collapse_all": "Свернуть все",
@@ -581,7 +634,7 @@
         "alias": "Изменить псевдоним",
         "allow_from_smtp": "Разрешить использование <b>SMTP</b> только для этих IP",
         "allow_from_smtp_info": "Укажите IPv4/IPv6 адреса и/или подсети.<br>Оставьте поле пустым, чтобы разрешить отправку с любых адресов.",
-        "allowed_protocols": "Разрешённые протоколы",
+        "allowed_protocols": "Разрешённые протоколы для прямого доступа пользователей (не влияет на протоколы паролей приложений)",
         "app_name": "Название приложения",
         "app_passwd": "Пароль приложения",
         "app_passwd_protocols": "Разрешенные протоколы для пароля приложения",
@@ -771,7 +824,14 @@
         "password": "Пароль",
         "request_reset_password": "Запросить восстановление пароля",
         "reset_password": "Восстановление пароля",
-        "username": "Имя пользователя"
+        "username": "Имя пользователя",
+        "login_linkstext": "Неправильный логин?",
+        "login_usertext": "Войти как пользователь",
+        "login_domainadmintext": "Войти как администратор домена",
+        "login_admintext": "Войти как администратор",
+        "login_user": "Вход для пользователей",
+        "login_dadmin": "Вход для администраторов домена",
+        "login_admin": "Вход для администраторов"
     },
     "mailbox": {
         "action": "Действия",
@@ -946,7 +1006,8 @@
         "username": "Имя пользователя",
         "waiting": "В ожидании",
         "weekly": "Раз в неделю",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "iam": "Поставщик идентификационных данных"
     },
     "oauth2": {
         "access_denied": "Пожалуйста, войдите в систему как владелец почтового аккаунта, чтобы получить доступ через OAuth2.",
@@ -1124,7 +1185,9 @@
         "verified_fido2_login": "Авторизация FIDO2 пройдена",
         "verified_totp_login": "Авторизация TOTP пройдена",
         "verified_webauthn_login": "Авторизация WebAuthn пройдена",
-        "verified_yotp_login": "Авторизация Yubico OTP пройдена"
+        "verified_yotp_login": "Авторизация Yubico OTP пройдена",
+        "iam_test_connection": "Успешное соединение",
+        "custom_login_modified": "Настройки входа успешно сохранены"
     },
     "tfa": {
         "api_register": "%s использует Yubico Cloud API. Пожалуйста, получите ключ API для вашего ключа <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">здесь</a>",
@@ -1191,7 +1254,7 @@
         "delete_ays": "Пожалуйста, подтвердите удаление",
         "direct_aliases": "Личные псевдонимы",
         "direct_aliases_desc": "На личные псевдонимы распространяются фильтры нежелательной почты и параметры политики TLS.",
-        "direct_protocol_access": "Этот пользователь почтового ящика имеет <b>прямой, внешний доступ</b> к следующим протоколам и приложениям. Эта настройка контролируется вашим администратором. Для предоставления доступа к отдельным протоколам и приложениям могут быть созданы пароли приложений.<br> Кнопка \"Вход в веб-почту\" обеспечивает единый вход в SOGo и всегда доступна.",
+        "direct_protocol_access": "Этот пользователь почтового ящика имеет <b>прямой, внешний доступ</b> к следующим протоколам и приложениям. Эта настройка контролируется вашим администратором. Для предоставления доступа к отдельным протоколам и приложениям могут быть созданы пароли приложений.<br> Кнопка \"Веб-почта\" обеспечивает единый вход в SOGo и всегда доступна.",
         "eas_reset": "Сбросить кеш ActiveSync устройств",
         "eas_reset_help": "Во многих случаях сброс кеша устройств помогает восстановить повреждённый профиль ActiveSync.<br><b>Внимание:</b> все письма, календари и контакты будут загружены заново на все ваши устройства!",
         "eas_reset_now": "Сбросить кеш сейчас",
@@ -1319,7 +1382,11 @@
         "weeks": "недели",
         "with_app_password": "с паролем приложения",
         "year": "год",
-        "years": "лет"
+        "years": "лет",
+        "authentication": "Аутентификация",
+        "tfa_info": "Двухфакторная аутентификация помогает защитить вашу учетную запись. Если вы включите эту функцию, вам понадобятся пароли приложений для входа в приложения или службы, которые не поддерживают двухфакторную аутентификацию (например, почтовые клиенты).",
+        "protocols": "Протоколы",
+        "overview": "Обзор"
     },
     "warning": {
         "cannot_delete_self": "Вы не можете удалить сами себя",
diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index 486e8dcc3..44541f7d1 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -395,7 +395,16 @@
         "ignore_ssl_error": "忽略 SSL 错误",
         "iam_auth_flow_info": "除了在单点登录（SSO）中使用的 Authorization Code 流程（在 Keycloak 中是标准流程）之外，mailcow 还支持使用 Credentials 的身份认证流程。Mailpassword 流程尝试通过 Keycloak 的 Admin REST API 验证用户凭据，mailcow 会从 Keycloak 中的 <code>mailcow_password</code> 属性中获取哈希后的密码。",
         "filter": "过滤",
-        "iam_extra_permission": "要使以下设置生效，Keycloak 中的 mailcow 客户端需要一个 <code>服务账户（Service account）</code> 以及 <code>查看用户（view-users）</code> 的权限。"
+        "iam_extra_permission": "要使以下设置生效，Keycloak 中的 mailcow 客户端需要一个 <code>服务账户（Service account）</code> 以及 <code>查看用户（view-users）</code> 的权限。",
+        "domainadmin_quicklink": "隐藏指向域管理员登陆页面的快捷链接",
+        "force_sso_text": "如果配置了外部的 OIDC 认证，这个选项隐藏默认的 mailcow 登陆界面，只显示单点登录（SSO）的按钮",
+        "iam_login_provisioning": "登录时自动创建用户",
+        "login_page": "登陆页面",
+        "iam_use_ssl_info": "如果使用了 SSL，且端口被设置为 389，该端口将自动被覆盖为 636。",
+        "quicklink_text": "显示或隐藏登陆表单下面指向其他登陆页面的快捷链接",
+        "user_quicklink": "隐藏指向用户登陆页面的快捷链接",
+        "admin_quicklink": "隐藏指向管理员登陆页面的快捷链接",
+        "force_sso": "强制要求单点登录（SSO）"
     },
     "danger": {
         "access_denied": "访问被拒绝或者表单数据无效",
@@ -788,7 +797,11 @@
         "invalid_pass_reset_token": "密码重置 token 无效或已过期。<br> 请重新获取新的密码重置链接。",
         "login_user": "用户登录",
         "login_dadmin": "域管理员登录",
-        "login_admin": "管理员登录"
+        "login_admin": "管理员登录",
+        "login_linkstext": "不是正确的登陆页面？",
+        "login_usertext": "以用户身份登陆",
+        "login_domainadmintext": "以域管理员身份登陆",
+        "login_admintext": "以管理员身份登陆"
     },
     "mailbox": {
         "action": "操作",
@@ -1143,7 +1156,8 @@
         "template_added": "新增了模板 %s",
         "template_modified": "模板 %s 的修改已保存",
         "template_removed": "模板 ID %s 已删除",
-        "iam_test_connection": "连接成功"
+        "iam_test_connection": "连接成功",
+        "custom_login_modified": "登陆选项保存成功"
     },
     "tfa": {
         "api_register": "%s 使用了 Yubico Cloud API，请<a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">在此</a>为你的密钥获取 API 密钥",

From 372923ae2fca354e843c8aa90dc3e32be86f8c37 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Mon, 19 May 2025 13:36:15 +0200
Subject: [PATCH 577/755] [Web] Updated lang.zh-cn.json (#6552)

Co-authored-by: Easton Man <me@eastonman.com>
---
 data/web/lang/lang.zh-cn.json | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index 44541f7d1..3c46eb8a4 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -390,7 +390,7 @@
         "iam_username_field": "Username 域",
         "iam_binddn": "Bind DN",
         "iam_use_ssl": "使用 SSL",
-        "iam_use_tls": "使用 TLS",
+        "iam_use_tls": "使用  StartTLS",
         "iam_version": "版本",
         "ignore_ssl_error": "忽略 SSL 错误",
         "iam_auth_flow_info": "除了在单点登录（SSO）中使用的 Authorization Code 流程（在 Keycloak 中是标准流程）之外，mailcow 还支持使用 Credentials 的身份认证流程。Mailpassword 流程尝试通过 Keycloak 的 Admin REST API 验证用户凭据，mailcow 会从 Keycloak 中的 <code>mailcow_password</code> 属性中获取哈希后的密码。",
@@ -404,7 +404,8 @@
         "quicklink_text": "显示或隐藏登陆表单下面指向其他登陆页面的快捷链接",
         "user_quicklink": "隐藏指向用户登陆页面的快捷链接",
         "admin_quicklink": "隐藏指向管理员登陆页面的快捷链接",
-        "force_sso": "强制要求单点登录（SSO）"
+        "force_sso": "强制要求单点登录（SSO）",
+        "user_link": "自定义链接"
     },
     "danger": {
         "access_denied": "访问被拒绝或者表单数据无效",
@@ -690,7 +691,7 @@
         "sieve_desc": "简短描述",
         "sieve_type": "过滤器类型",
         "skipcrossduplicates": "跳过其他文件夹中已存在的邮件(保留已经存在的邮件)",
-        "sogo_access": "直接转发给 SOGo",
+        "sogo_access": "直接转到 SOGo",
         "sogo_access_info": "登录后，用户会自动跳转到 SOGo。",
         "sogo_visible": "SOGo 显示的别名",
         "sogo_visible_info": "此设置只影响 SOGo 上可显示的对象 (指向本地邮箱的共享或非共享别名地址)。如果设置为隐藏，则别名地址不会作为可选发件人的下拉项显示。",
@@ -905,7 +906,7 @@
         "recipient_map": "收件人映射",
         "recipient_map_info": "收件人映射用于在邮件被发送前替换收件人的地址。",
         "recipient_map_new": "新收件人",
-        "recipient_map_new_info": "新收件人必须为合法的邮箱地址。",
+        "recipient_map_new_info": "收件人映射的目标必须为合法的邮件地址或域名。",
         "recipient_map_old": "原收件人",
         "recipient_map_old_info": "原收件人必须为合法的邮箱地址。",
         "recipient_maps": "收件人映射",

From d4f899b091ed48e01fea3a674dd3278bf8b68caf Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Mon, 26 May 2025 11:35:34 +0200
Subject: [PATCH 578/755] compose: add selinux label to mysql-socket-vol to
 prevent "access denied" (#6560)

---
 docker-compose.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 8f31c69c8..a67475316 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -24,7 +24,7 @@ services:
       stop_grace_period: 45s
       volumes:
         - mysql-vol-1:/var/lib/mysql/
-        - mysql-socket-vol-1:/var/run/mysqld/
+        - mysql-socket-vol-1:/var/run/mysqld/:z
         - ./data/conf/mysql/:/etc/mysql/conf.d/:ro,Z
       environment:
         - TZ=${TZ}
@@ -134,7 +134,7 @@ services:
         - ./data/web/inc/functions.ratelimit.inc.php:/mailcowauth/functions.ratelimit.inc.php:z
         - ./data/web/inc/functions.acl.inc.php:/mailcowauth/functions.acl.inc.php:z
         - rspamd-vol-1:/var/lib/rspamd
-        - mysql-socket-vol-1:/var/run/mysqld/
+        - mysql-socket-vol-1:/var/run/mysqld/:z
         - ./data/conf/sogo/:/etc/sogo/:z
         - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
         - ./data/conf/phpfpm/crons:/crons:z
@@ -230,7 +230,7 @@ services:
         - ./data/conf/sogo/custom-fulllogo.png:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-logo.png:z
         - ./data/conf/sogo/custom-theme.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/theme.js:z
         - ./data/conf/sogo/custom-sogo.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/custom-sogo.js:z
-        - mysql-socket-vol-1:/var/run/mysqld/
+        - mysql-socket-vol-1:/var/run/mysqld/:z
         - sogo-web-vol-1:/sogo_web
         - sogo-userdata-backup-vol-1:/sogo_backup
       labels:
@@ -272,7 +272,7 @@ services:
         - ./data/conf/rspamd/custom/:/etc/rspamd/custom:z
         - ./data/assets/templates:/templates:z
         - rspamd-vol-1:/var/lib/rspamd
-        - mysql-socket-vol-1:/var/run/mysqld/
+        - mysql-socket-vol-1:/var/run/mysqld/:z
       environment:
         - DOVECOT_MASTER_USER=${DOVECOT_MASTER_USER:-}
         - DOVECOT_MASTER_PASS=${DOVECOT_MASTER_PASS:-}
@@ -351,7 +351,7 @@ services:
         - postfix-vol-1:/var/spool/postfix
         - crypt-vol-1:/var/lib/zeyple
         - rspamd-vol-1:/var/lib/rspamd
-        - mysql-socket-vol-1:/var/run/mysqld/
+        - mysql-socket-vol-1:/var/run/mysqld/:z
       environment:
         - LOG_LINES=${LOG_LINES:-9999}
         - TZ=${TZ}
@@ -470,7 +470,7 @@ services:
         - ./data/web/.well-known/acme-challenge:/var/www/acme:z
         - ./data/assets/ssl:/var/lib/acme/:z
         - ./data/assets/ssl-example:/var/lib/ssl-example/:ro,Z
-        - mysql-socket-vol-1:/var/run/mysqld/
+        - mysql-socket-vol-1:/var/run/mysqld/:z
       restart: always
       networks:
         mailcow-network:
@@ -505,7 +505,7 @@ services:
         - /tmp
       volumes:
         - rspamd-vol-1:/var/lib/rspamd
-        - mysql-socket-vol-1:/var/run/mysqld/
+        - mysql-socket-vol-1:/var/run/mysqld/:z
         - postfix-vol-1:/var/spool/postfix
         - ./data/assets/ssl:/etc/ssl/mail/:ro,z
       restart: always

From 407e9d358488f6fde5ce000eff14943ec362be97 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Thu, 12 Jun 2025 13:13:57 +0200
Subject: [PATCH 579/755] Translations update from Weblate (#6582)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Web] Updated lang.en-gb.json

[Web] Updated lang.en-gb.json

Co-authored-by: Filip Hajny <filip@hajny.net>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.cs-cz.json

Co-authored-by: Filip Hajny <filip@hajny.net>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.si-si.json

[Web] Updated lang.si-si.json

Co-authored-by: Matjaž Tekavec <matjaz@moj-svet.si>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.it-it.json

Co-authored-by: Stefano <stefano.vassena@gmail.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

---------

Co-authored-by: Filip Hajny <filip@hajny.net>
Co-authored-by: Matjaž Tekavec <matjaz@moj-svet.si>
Co-authored-by: Stefano <stefano.vassena@gmail.com>
---
 data/web/lang/lang.cs-cz.json | 183 ++++++++++++++-----
 data/web/lang/lang.en-gb.json |   4 +-
 data/web/lang/lang.it-it.json |  42 ++++-
 data/web/lang/lang.si-si.json | 334 ++++++++++++++++++++++++++++++++--
 4 files changed, 498 insertions(+), 65 deletions(-)

diff --git a/data/web/lang/lang.cs-cz.json b/data/web/lang/lang.cs-cz.json
index 67eb52baa..b33332f66 100644
--- a/data/web/lang/lang.cs-cz.json
+++ b/data/web/lang/lang.cs-cz.json
@@ -1,7 +1,7 @@
 {
     "acl": {
         "alias_domains": "Doménové aliasy",
-        "app_passwds": "Hesla aplikací",
+        "app_passwds": "Správa hesel aplikací",
         "bcc_maps": "BCC mapy",
         "delimiter_action": "Zacházení s označkovanou poštou",
         "domain_desc": "Změnit popis domény",
@@ -82,12 +82,12 @@
         "password": "Heslo",
         "password_repeat": "Potvrzení nového hesla (opakujte)",
         "port": "Port",
-        "post_domain_add": "Po přidání nové domény je nutné restartovat SOGo kontejner!",
+        "post_domain_add": "Po přidání nové domény se musí restartovat kontejner SOGo!<br><br>Je také třeba ověřit nastavení DNS nové domény. Po ověření restartujte kontejner \"acme-mailcow\", aby se vygenerovaly certifikáty domény (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;).<br>Tento krok je volitelný, a provede se automaticky každých 24 hodin.",
         "private_comment": "Soukromý komentář",
         "public_comment": "Veřejný komentář",
         "quota_mb": "Kvóta (MiB)",
         "relay_all": "Předávání všech příjemců",
-        "relay_all_info": "<small>Pokud se rozhodnete <b>nepředávat</b> všechny příjemce, musíte přidat prázdnou mailovou schránku pro každého příjemce, který se má předávat.</small>",
+        "relay_all_info": "↪Pokud se rozhodnete <b>nepředávat</b> všechny příjemce, musíte přidat prázdnou mailovou schránku pro každého příjemce, který se má předávat.",
         "relay_domain": "Předávání domény",
         "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Info</div> U této domény lze pro konkrétní cíl nastavit transportní mapu. Není-li nastavena, použije se MX záznam.",
         "relay_unknown_only": "Předávat jen neexistující schránky. Doručení do existujících proběhne lokálně.",
@@ -183,7 +183,7 @@
         "f2b_ban_time": "Doba blokování (s)",
         "f2b_blacklist": "Sítě/hostitelé na blacklistu",
         "f2b_filter": "Regex filtre",
-        "f2b_list_info": "Síť nebo hostitelé na blacklistu mají vždy větší váhu než položky na whitelistu. Blacklist se sestavuje vždy při startu kontejneru.",
+        "f2b_list_info": "Síť nebo hostitelé na blacklistu mají vždy větší váhu než položky na whitelistu. <b>Každá úprava seznamů trvá pár sekund.</b>",
         "f2b_max_attempts": "Max. pokusů",
         "f2b_netban_ipv4": "Rozsah IPv4 podsítě k zablokování (8-32)",
         "f2b_netban_ipv6": "Rozsah IPv6 podsítě k zablokování (8-128)",
@@ -256,7 +256,7 @@
         "quarantine_exclude_domains": "Vyloučené domény a doménové aliasy",
         "quarantine_max_age": "Maximální stáří ve dnech<br><small>Hodnota musí být rovna nebo větší než 1 den.</small>",
         "quarantine_max_score": "Neposílat notifikace pokud je spam skóre větší než hodnota:<br><small>Výchozí je 9999.0</small>",
-        "quarantine_max_size": "Maximální velikost v MiB (větší prvky budou smazány)<br />0 <b>neznamená</b> neomezeno.",
+        "quarantine_max_size": "Maximální velikost v MiB (větší prvky budou smazány)<br /><small>0 <b>neznamená</b> neomezeno.</small>",
         "quarantine_notification_html": "Šablona upozornění:<br><small>Ponechte prázdné, aby se obnovila výchozí šablona.</small>",
         "quarantine_notification_sender": "Odesílatel upozornění",
         "quarantine_notification_subject": "Předmět upozornění",
@@ -264,7 +264,7 @@
         "quarantine_release_format": "Formát propuštěných položek",
         "quarantine_release_format_att": "Jako příloha",
         "quarantine_release_format_raw": "Nezměněný originál",
-        "quarantine_retention_size": "Počet zadržených zpráv na mailovou schránku<br />0 znamená <b>neaktivní</b>.",
+        "quarantine_retention_size": "Počet zadržených zpráv na mailovou schránku<br /><small>0 znamená <b>neaktivní</b>.</small>",
         "quota_notification_html": "Šablona upozornění:<br><small>Ponechte prázdné, aby se obnovila výchozí šablona.</small>",
         "quota_notification_sender": "Odesílatel upozornění",
         "quota_notification_subject": "Předmět upozornění",
@@ -283,7 +283,7 @@
         "relay_rcpt": "\"Komu:\" adresa",
         "relay_run": "Provést test",
         "relayhosts": "Transporty podle odesílatele",
-        "relayhosts_hint": "Zde definujte transporty podle odesílatele, jež pak můžete použít v nastavení domény.<br>\r\nProtokol transportu je vždy \"smtp:\". Bere se v potaz uživatelské nastavení odchozího TLS.",
+        "relayhosts_hint": "Zde definujte transporty podle odesílatele, jež pak můžete použít v nastavení domény.<br>\nProtokol transportu je vždy \"smtp:\" a použije se TLS, je-li nabídnuto. Zabalené TLS (SMTPS) se nepodporuje. Bere se v potaz uživatelské nastavení odchozího TLS.<br>\nTýká se vybraných domén včetně doménových aliasů.",
         "remove": "Smazat",
         "remove_row": "Smazat řádek",
         "reset_default": "Obnovit výchozí nastavení",
@@ -299,7 +299,7 @@
         "rsettings_preset_2": "Postmasteři chtějí dostávat spam",
         "rsettings_preset_3": "Povolit jen určité odesílatele pro schránku (např. jen interní schránka)",
         "rsettings_preset_4": "Deaktivujte Rspamd pro doménu",
-        "rspamd_com_settings": "<a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd dokumentace</a>\r\n  - Název nastavení bude automaticky vygenerován, viz níže uvedené předvolby.",
+        "rspamd_com_settings": "Název nastavení se vygeneruje automaticky, viz ukázky nastavení níže. Více informací viz <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd dokumentace</a>",
         "rspamd_global_filters": "Mapa globálních filtrů",
         "rspamd_global_filters_agree": "Budu opatrný!",
         "rspamd_global_filters_info": "Mapa globálních filtrů obsahuje jiné globální black- a whitelisty.",
@@ -324,8 +324,8 @@
         "to_top": "Zpět na začátek",
         "transport_dest_format": "Formát: example.org, .example.org, *, box@example.org (vícero položek lze oddělit čárkou)",
         "transport_maps": "Transportní mapy",
-        "transport_test_rcpt_info": "&#8226; Na otestování odchozí pošty je možné použít null@hosted.mailcow.de jako adresáta",
-        "transports_hint": "→ Položka transportní mapy <b>přebíjí</b> transportní mapu podle odesílatele</b>.<br>\r\n→ Uživatelské nastavení odchozího TLS se ignoruje a lze je výhradně vynutit mapováním TLS pravidel.<br>\r\n→ Protokol transportu je vždy \"smtp:\".<br>\r\n→ Adresy, jež odpovídají výrazu \"/localhost$/\", se vždy předají přes \"local:\", takže nejsou zahrnuty do definice cíle \"*\".<br>\r\n→ Pro stanovení přihlašovacích údajů dalšího skoku, např. \"[host]:25\", bude Postfix <b>vždy</b> hledat nejdříve \"host\" a teprve pak \"[host]:25\". Kvůli tomu nelze použít současně \"host\" a \"[host]:25\"",
+        "transport_test_rcpt_info": "&#8226; K otestování předávání pošty ven použijte null@hosted.mailcow.de.",
+        "transports_hint": "&#8226; Položka transportní mapy <b>přebíjí</b> transportní mapu podle odesílatele</b>.<br>\n&#8226; Transporty založené na MX mají přednost.<br>\n&#8226; Uživatelské nastavení odchozího TLS se ignoruje a lze je vynutit výhradně mapou TLS pravidel.<br>\n&#8226; Transportní služnou pro tyto transporty je vždy \"smtp:\" a použije se TLS, je-li nabídnuto. Zabalené TLS (SMTPS) se nepodporuje.<br>\n&#8226; Adresy, jež odpovídají výrazu \"/localhost$/\", se vždy předají přes \"local:\", takže nejsou zahrnuty do definice cíle \"*\".<br>\n&#8226; Pro stanovení přihlašovacích údajů dalšího skoku, např. \"[host]:25\", bude Postfix <b>vždy</b> hledat nejdříve \"host\" a teprve pak \"[host]:25\". Kvůli tomu nelze použít současně \"host\" a \"[host]:25\".",
         "ui_footer": "Pata stránka (HTML povoleno)",
         "ui_header_announcement": "Oznámení",
         "ui_header_announcement_active": "Nastavit jako aktivní",
@@ -344,17 +344,70 @@
         "validate_license_now": "Ověřit GUID na licenčním serveru",
         "verify": "Ověřit",
         "yes": "&#10003;",
-        "f2b_ban_time_increment": "Délka banu je prodlužována s každým dalším banem",
-        "f2b_max_ban_time": "Maximální délka banu (s)",
+        "f2b_ban_time_increment": "Délka bloku se prodlužuje s každým dalším zablokováním",
+        "f2b_max_ban_time": "Maximální délka bloku (s)",
         "cors_settings": "Nastavení CORS",
-        "queue_unban": "zrušit ban",
+        "queue_unban": "odblokovat",
         "password_reset_info": "Pokud není zadán žádný e-mail pro obnovení, nelze tuto funkci použít.",
         "password_reset_settings": "Nastavení obnovení hesla",
         "password_settings": "Nastavení hesel",
         "password_reset_tmpl_html": "HTML šablona",
         "password_reset_tmpl_text": "Textová šablona",
         "reset_password_vars": "<code>{{link}}</code> Vygenerovaný odkaz pro obnovení hesla<br><code>{{username}}</code> Název mailboxu uživatele, který požádal o resetování hesla.<br><code>{{username2}}</code> Název schránky pro obnovení<br><code>{{date}}</code> Datum podání žádosti o obnovení hesla<br><code>{{token_lifetime}}</code> Délka životnosti tokenu v minutách<br><code>{{hostname}}</code> Název serveru mailcow",
-        "restore_template": "Ponechte prázdné pro obnovení výchozí šablony."
+        "restore_template": "Ponechte prázdné pro obnovení výchozí šablony.",
+        "copy_to_clipboard": "Text zkopírován do schránky!",
+        "iam_login_provisioning": "Automaticky vytvořit uživatele při přihlášení",
+        "user_quicklink": "Skrýt zkratku na přihlášení uživatele",
+        "domainadmin_quicklink": "Skrýt zkratku na přihlášení správce domény",
+        "iam_auth_flow_info": "Kromě metody autorizačního kódu (Authorization Code Flow, výchozího v Keycloaku), jež se používá pro SSO, podporuje mailcow také metody autentizaci přímo pomocí přihlašovacích údajů. The metoda Mailpassword Flow se pokusí ověřit přihlašovací údaje uživatele přímo v Admin REST API Keycloaku. mailcow získá hash hesla z atributu <code>mailcow_password</code> , namapovaného v Keycloaku.",
+        "iam_default_template_description": "Nemá-li uživatel přiřazenu šablonu, použije se výchozí šablona k vytvoření schránky, ale ne k její úpravě či aktualizaci.",
+        "iam_userinfo_url": "Koncový bod pro informace o uživatelích",
+        "iam_redirect_url": "URL přesměrování",
+        "user_link": "Odkaz pro uživatele",
+        "force_sso_text": "Je-li nastaven externí poskytovatel OIDC, zapnutím této volby skryjete výchozí přihlašovací formulář. Zůstane vidět jen tlačítko pro SSO",
+        "iam_mapping": "Mapování atributů",
+        "iam_bindpass": "Heslo pro bind",
+        "iam_periodic_full_sync": "Pravidelná úplná synchronizace",
+        "iam_port": "Port",
+        "iam_realm": "Realm",
+        "iam_rest_flow": "Mailpassword Flow",
+        "iam_server_url": "URL serveru",
+        "iam_sso": "Single Sign-On",
+        "iam_sync_interval": "Interval synchronizace/importu (min)",
+        "iam_test_connection": "Test spojení",
+        "iam_token_url": "Koncový bod pro tokeny",
+        "iam_username_field": "Pole uživatelského jména",
+        "iam_binddn": "Doména pro bind",
+        "iam_use_ssl": "Používat SSL",
+        "iam_use_tls": "Používat StartTLS",
+        "iam_version": "Verze",
+        "quicklink_text": "Zobrazení zkratek k dalším přihlašovacím stránkám",
+        "iam_use_tls_info": "Je-li zapnuto TLS, musí se používat standardní port pro LDAP (389). Port SSL nelze použít.",
+        "ignore_ssl_error": "Ignorovat chyby SSL",
+        "iam_use_ssl_info": "Je-li zapnuto SSL a nastaven port 389, použije se automaticky port 636.",
+        "task": "Úloha",
+        "app_hide": "Skrýt při přihlášení",
+        "admin_quicklink": "Skrýt zkratku na přihlášení správce",
+        "allowed_methods": "Access-Control-Allow-Methods",
+        "allowed_origins": "Access-Control-Allow-Origin",
+        "login_page": "Přihlašovací stránka",
+        "f2b_manage_external": "Spravovat Fail2Ban externě",
+        "f2b_manage_external_info": "Fail2ban bude udržovat seznam zakázaných adres, ale nebude aktivně nastavovat pravidla blokování. Pro blokování použijte seznam adres níže.",
+        "filter": "Filtr",
+        "force_sso": "Vypnout přihlášení mailcow a ponechat jen SSO",
+        "iam": "Poskytovatel identity",
+        "iam_attribute_field": "Pole atributu",
+        "iam_authorize_url": "Autorizační koncový bod",
+        "iam_basedn": "Doména (Base DN)",
+        "iam_client_id": "ID klienta",
+        "iam_client_secret": "Tajný kód klienta",
+        "iam_client_scopes": "Scopes klienta",
+        "iam_default_template": "Výchozí šablona",
+        "iam_description": "Nastavení externího poskytovatele ověření<br>Schránky uživatele se vytvoří po prvním přihlášení automaticky, pokud je tedy nastaveno mapování atributů.",
+        "iam_extra_permission": "Aby vše fungovalo, musí mít mailcow klient v Keycloaku nastavený  <code>servisní účet</code> a povolení <code>view-users</code>.",
+        "iam_host": "Hostitel",
+        "iam_host_info": "Zadejte jeden či více hostitelů, oddělte čárkou",
+        "iam_import_users": "Importovat uživatele"
     },
     "danger": {
         "access_denied": "Přístup odepřen nebo jsou neplatná data ve formuláři",
@@ -408,7 +461,7 @@
         "is_alias": "%s je již známa jako adresa aliasu",
         "is_alias_or_mailbox": "%s je již známa jako adresa aliasu, mailové schránky nebo aliasu rozvedeného z aliasu domény.",
         "is_spam_alias": "%s je již známa jako adresa spamového aliasu",
-        "last_key": "Nelze smazat poslední klíč",
+        "last_key": "Nelze smazat poslední klíč, vypněte tedy celé TFA.",
         "login_failed": "Přihlášení selhalo",
         "mailbox_defquota_exceeds_mailbox_maxquota": "Výchozí kvóta překračuje maximální kvótu schránky\"",
         "mailbox_invalid": "Název mailové schránky je neplatný",
@@ -486,7 +539,16 @@
         "demo_mode_enabled": "Demo režim je zapnutý",
         "recovery_email_failed": "Nepodařilo se odeslat e-mail pro obnovení. Obraťte se prosím na svého správce.",
         "password_reset_invalid_user": "Mailbox nebyl nalezen nebo není nastaven žádný e-mail pro obnovu",
-        "password_reset_na": "Obnovení hesla není v současné době k dispozici. Obraťte se prosím na svého správce."
+        "password_reset_na": "Obnovení hesla není v současné době k dispozici. Obraťte se prosím na svého správce.",
+        "generic_server_error": "Došlo k nečekané chybě. Obraťte se na vašeho správce.",
+        "to_invalid": "Adresát nemůže být prázdný",
+        "authsource_in_use": "Poskytovatele identity nelze změnit nebo odstranit, neboť se právě používá pro jednoho či více uživatelů.",
+        "iam_test_connection": "Spojení selhalo",
+        "img_dimensions_exceeded": "Obrázek je větší než povolené rozměry",
+        "img_size_exceeded": "Obrázek má větší než povolenou velikost souboru",
+        "invalid_reset_token": "Neplatný resetovací token",
+        "required_data_missing": "Chybí potřebný údaj %s",
+        "reset_token_limit_exceeded": "Byl překročen limit na reset tokeny. Zkuste to později."
     },
     "datatables": {
         "emptyTable": "Tabulka neobsahuje žádná data",
@@ -548,7 +610,8 @@
         "update_failed": "Nepodařilo se zkontrolovat aktualizace",
         "wip": "Nedokončená vývojová verze",
         "memory": "Paměť",
-        "container_disabled": "Kontejner je zastaven nebo zakázán"
+        "container_disabled": "Kontejner je zastaven nebo zakázán",
+        "cores": "jádra"
     },
     "diagnostics": {
         "cname_from_a": "Hodnota odvozena z A/AAAA záznamu. Lze použít, pokud záznam ukazuje na správný zdroj.",
@@ -569,7 +632,7 @@
         "alias": "Upravit alias",
         "allow_from_smtp": "Umožnit pouze těmto IP adresám používat <b>SMTP</b>",
         "allow_from_smtp_info": "Nechte prázdné pro povolení všech odesílatelů.<br>IPv4/IPv6 adresy a sítě.",
-        "allowed_protocols": "Povolené protokoly",
+        "allowed_protocols": "Povolené protokoly pro přímá spojení (netýká se protokolů na změnu hesla)",
         "app_name": "Název aplikace",
         "app_passwd": "Heslo aplikace",
         "app_passwd_protocols": "Povolené protokoly pro hesla aplikací",
@@ -607,7 +670,7 @@
         "inactive": "Neaktivní",
         "kind": "Druh",
         "last_modified": "Naposledy změněn",
-        "lookup_mx": "Cíl je regulární výraz který se shoduje s MX záznamem (<code>.*\\.google\\.com</code> směřuje veškerou poštu na MX které jsou cílem pro google.com přes tento skok)",
+        "lookup_mx": "Cíl je regulární výraz, jenž se porovná s MX záznamem (např. <code>.*\\.google\\.com</code> na tento skok nasměruje veškerou poštu s MX, jež končí na *.google.com)",
         "mailbox": "Úprava mailové schránky",
         "mailbox_quota_def": "Výchozí kvóta schránky",
         "mailbox_relayhost_info": "Aplikované jen na uživatelskou schránku a přímé aliasy, přepisuje předávající server domény.",
@@ -641,7 +704,7 @@
         "ratelimit": "Omezení přenosu",
         "redirect_uri": "URL přesměrování/odvolání",
         "relay_all": "Předávání všech příjemců",
-        "relay_all_info": "<small>Pokud se rozhodnete <b>nepředávat</b> všechny příjemce, musíte přidat prázdnou mailovou schránku pro každého příjemce, který se má předávat.</small>",
+        "relay_all_info": "↪ Pokud se rozhodnete <b>nepředávat</b> všechny příjemce, musíte přidat prázdnou mailovou schránku pro každého příjemce, který se má předávat.",
         "relay_domain": "Předávání domény",
         "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Info</div> U této domény lze pro konkrétní cíl nastavit transportní mapu. Není-li nastavena, použije se MX záznam.",
         "relay_unknown_only": "Předávat jen neexistující schránky. Doručení do existujících proběhne lokálně.",
@@ -666,7 +729,7 @@
         "spam_score": "Nastavte vlastní skóre spamu",
         "subfolder2": "Synchronizace do podsložky v cílovém umístění<br><small>(prázdné = nepoužívat podsložku)</small>",
         "syncjob": "Upravit synchronizační úlohu",
-        "target_address": "Cílová adresa/y<br /> <small>(oddělte čárkou)</small>",
+        "target_address": "Cílová adresa/y <small>(oddělte čárkou)</small>",
         "target_domain": "Cílová doména",
         "timeout1": "Časový limit pro připojení ke vzdálenému serveru",
         "timeout2": "Časový limit pro připojení k lokálnímu serveru",
@@ -690,7 +753,13 @@
         "custom_attributes": "Vlastní atributy",
         "footer_exclude": "Vyloučit ze zápatí",
         "domain_footer_skip_replies": "Ignorovat patičku u odpovědí na e-maily",
-        "password_recovery_email": "E-mail pro obnovu hesla"
+        "password_recovery_email": "E-mail pro obnovu hesla",
+        "mailbox_rename": "Přejmenovat schránku",
+        "mailbox_rename_agree": "Mám vytvořenou zálohu.",
+        "mailbox_rename_warning": "DŮLEŽITÉ! Vytvořte si zálohu schránky, než ji přejmenujete.",
+        "mailbox_rename_alias": "Automaticky vytvořit alias",
+        "mailbox_rename_title": "Nový název zdejší schránky",
+        "pushover": "Pushover"
     },
     "fido2": {
         "confirm": "Potvrdit",
@@ -711,7 +780,7 @@
         "cancel": "Zrušit",
         "confirm_delete": "Potvdit smazání",
         "delete_now": "Smazat",
-        "delete_these_items": "Prosím potvrďte změny objektu id:",
+        "delete_these_items": "Prosím potvrďte změny objektu id",
         "hibp_check": "Ověřit heslo v databázi hacknutých hesel haveibeenpwned.com",
         "hibp_nok": "Nalezeno! Toto je potenciálně nebezpečné heslo!",
         "hibp_ok": "Nebyla nalezena žádná shoda.",
@@ -720,12 +789,12 @@
         "restart_container": "Restartovat kontejner",
         "restart_container_info": "<b>Důležité:</b> Šetrný restart může chvíli trvat, prosím čekejte...",
         "restart_now": "Restartovat nyní",
-        "restarting_container": "Restartuje se kontejner, může to chvilku trvat..."
+        "restarting_container": "Restartuje se kontejner, může to chvilku trvat"
     },
     "header": {
         "administration": "Hlavní nastavení",
         "apps": "Aplikace",
-        "debug": "Systémové informace",
+        "debug": "Informace",
         "email": "E-Mail",
         "mailcow_system": "Systém",
         "mailcow_config": "Nastavení",
@@ -753,7 +822,14 @@
         "new_password": "Nové heslo",
         "new_password_confirm": "Ověření nového hesla",
         "reset_password": "Obnovit heslo",
-        "request_reset_password": "Požádat o změnu hesla"
+        "request_reset_password": "Požádat o změnu hesla",
+        "login_domainadmintext": "Přihlášení správce domény",
+        "login_linkstext": "Hledáte jinou přihlašovací stránku?",
+        "login_usertext": "Přihlášení uživatele",
+        "login_admintext": "Přihlášení správce",
+        "login_user": "Přihlášení uživatele",
+        "login_dadmin": "Přihlášení správce domény",
+        "login_admin": "Přihlášení správce"
     },
     "mailbox": {
         "action": "Akce",
@@ -785,7 +861,7 @@
         "bcc": "BCC",
         "bcc_destination": "Cíl kopie",
         "bcc_destinations": "Cíl kopií",
-        "bcc_info": "Skryté kopie (Mapa BCC) se používá pro tiché předávání kopií všech zpráv na jinou adresu. Při použití skryté kopie typu <i>Přijatý e-mail</i> budou přeposlány všechny maily směřující na dotyčnou adresu nebo doménu.\nU typu <i>Odeslaný e-mail</i> budou přeposlány všechny maily odeslané z dotyčné adresy nebo domény.\nPokud selže přeposlání na cílovou adresu, tak odesílatel o tom nebude informován.",
+        "bcc_info": "Skrytá kopie (mapa BCC) se používá pro tiché předávání kopií všech zpráv na jinou adresu. Mapa příjemců se použije, funguje-li je místní cíl jako adresát zprávy. Totéž platí pro mapy odesílatelů.\nMístní cíl se nedozví, selže-li doručení na cíl BCC.",
         "bcc_local_dest": "Týká se",
         "bcc_map": "Skrytá kopie",
         "bcc_map_type": "Typ skryté kopie",
@@ -840,7 +916,7 @@
         "last_run_reset": "Znovu naplánovat",
         "mailbox": "Mailová schránka",
         "mailbox_defaults": "Výchozí nastavení",
-        "mailbox_defaults_info": "Definuje výchozí nastavení pro nové schránky",
+        "mailbox_defaults_info": "Definuje výchozí nastavení pro nové schránky.",
         "mailbox_defquota": "Výchozí velikost schránky",
         "mailbox_templates": "Šablony schránek",
         "mailbox_quota": "Max. velikost schránky",
@@ -860,7 +936,7 @@
         "private_comment": "Soukromý komentář",
         "public_comment": "Veřejný komentář",
         "q_add_header": "Složka nevyžádaná pošta",
-        "q_all": "Všechny kategorie",
+        "q_all": " Nevyžádaná pošta a Odmítnuta",
         "q_reject": "Odmítnuta",
         "quarantine_category": "Kategorie oznámení karantény",
         "quarantine_notification": "Upozornění z karantény",
@@ -869,7 +945,7 @@
         "recipient_map": "Mapa příjemce",
         "recipient_map_info": "Mapy příjemců slouží k nahrazení cílové adresy zprávy před doručením.",
         "recipient_map_new": "Nový přijemce",
-        "recipient_map_new_info": "Cílová adresa mapy příjemce musí být emailová adresa nebo název domény.",
+        "recipient_map_new_info": "Cílovou adresou mapy příjemců musí být emailová adresa nebo název domény.",
         "recipient_map_old": "Původní příjemce",
         "recipient_map_old_info": "Původní příjemce musí být platná emailová adresa nebo název domény.",
         "recipient_maps": "Mapy příjemců",
@@ -888,7 +964,7 @@
         "sieve_preset_5": "Automatický odpovídač (dovolená)",
         "sieve_preset_6": "Odmítnout zprávu s odpovědí",
         "sieve_preset_7": "Přesměrovat a ponechat/zahodit",
-        "sieve_preset_8": "Zahodit zprávu poslanou na alias, do něhož patří i odesílatel",
+        "sieve_preset_8": "Zprávu od určitého odesílatele přesměrovat, označit jako přečtenou a uložit do složky",
         "sieve_preset_header": "Vizte následující ukázková pravidla. Více informací na <a href=\"https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)\" target=\"_blank\">Wikipedii</a>.",
         "sogo_visible": "Alias dostupný v SOGo",
         "sogo_visible_n": "Skrýt alias v SOGo",
@@ -928,7 +1004,8 @@
         "waiting": "Čekání",
         "weekly": "Každý týden",
         "yes": "&#10003;",
-        "relay_unknown": "Předávání neexistujících schránek"
+        "relay_unknown": "Předávání neexistujících schránek",
+        "iam": "Poskytovatel identity"
     },
     "oauth2": {
         "access_denied": "K udělení přístupu se přihlašte jako vlastník mailové schránky.",
@@ -936,7 +1013,7 @@
         "deny": "Zamítnout",
         "permit": "Ověřit aplikaci",
         "profile": "Profil",
-        "profile_desc": "Zobrazit osobní údaje: uživ. jméno, jméno, datum vytvoření a úpravy, stav",
+        "profile_desc": "Zobrazit osobní údaje: uživ. jméno, celé jméno, datum vytvoření a úpravy, stav",
         "scope_ask_permission": "Aplikace požádala o následující oprávnění"
     },
     "quarantine": {
@@ -1066,7 +1143,7 @@
         "logged_in_as": "Přihlášen jako %s",
         "mailbox_added": "Mailová schránka %s přidána",
         "mailbox_modified": "Změny mailové schránky %s uloženy",
-        "mailbox_removed": "Mailová schránka %s  odebrána",
+        "mailbox_removed": "Mailová schránka %s odstraněna",
         "nginx_reloaded": "Nginx reload byl úspěšný",
         "object_modified": "Změny objektu %s uloženy",
         "password_policy_saved": "Politika hesel byla úspěšně uložena",
@@ -1100,7 +1177,14 @@
         "verified_yotp_login": "Yubico OTP přihlášení ověřeno",
         "cors_headers_edited": "Nastavení CORS byla uložena",
         "domain_footer_modified": "Změny patičky domény %s byly uloženy",
-        "recovery_email_sent": "E-mail k obnovení byl odeslán na adresu %s"
+        "recovery_email_sent": "E-mail k obnovení byl odeslán na adresu %s",
+        "custom_login_modified": "Úpravy přihlašování úspěšně uloženy",
+        "domain_add_dkim_available": "Klíč DKIM už existoval",
+        "f2b_banlist_refreshed": "Seznam zákazů úspěšně obnoven",
+        "iam_test_connection": "Spojení úspěšně navázano",
+        "ip_check_opt_in_modified": "Kontrola IP adresy úspěšně uložena",
+        "mailbox_renamed": "Schránka přejmenována z %s na %s",
+        "password_changed_success": "Heslo úspěšně změněno"
     },
     "tfa": {
         "api_register": "%s používá Yubico Cloud API. Prosím získejte API klíč pro své Yubico <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">ZDE</a>",
@@ -1116,7 +1200,7 @@
         "none": "Deaktivovat",
         "reload_retry": "- (znovu načtěte stránku, opakuje-li se chyba)",
         "scan_qr_code": "Prosím načtěte následující kód svou aplikací na ověření nebo zadejte kód ručně.",
-        "select": "Prosím vyberte...",
+        "select": "Vyberte prosím",
         "set_tfa": "Nastavení způsobu dvoufaktorového ověření",
         "start_webauthn_validation": "Zahájit inicializaci",
         "tfa": "Dvoufaktorové ověření (TFA)",
@@ -1125,7 +1209,10 @@
         "webauthn": "WebAuthn ověření",
         "waiting_usb_auth": "<i>Čeká se na USB zařízení...</i><br><br>Prosím stiskněte tlačítko na svém WebAuthn USB zařízení.",
         "waiting_usb_register": "<i>Čeká se na USB zařízení...</i><br><br>Prosím zadejte své heslo výše a potvrďte WebAuthn registraci stiskem tlačítka na svém WebAuthn USB zařízení.",
-        "yubi_otp": "Yubico OTP ověření"
+        "yubi_otp": "Yubico OTP ověření",
+        "u2f_deprecated": "Zdá se, že váš klíč byl registrován zastaralou metodou U2F. Dojde k deaktivaci dvoufaktorové autentifikace a smazání klíče.",
+        "authenticators": "Autentifikátory",
+        "u2f_deprecated_important": "Registrujte svůj klíč novou metodou WebAuthn ve správě správců"
     },
     "user": {
         "action": "Akce",
@@ -1141,7 +1228,7 @@
         "alias_time_left": "Zbývající čas",
         "alias_valid_until": "Platný do",
         "aliases_also_send_as": "Smí odesílat také jako uživatel",
-        "aliases_send_as_all": "Nekontrolovat přístup odesílatele pro následující doménu(y) a jejich aliasy domény:",
+        "aliases_send_as_all": "Nekontrolovat přístup odesílatele pro následující doménu(y) a jejich aliasy",
         "allowed_protocols": "Povolené protokoly",
         "app_hint": "Hesla aplikací jsou alternativní heslo pro přihlášení k IMAP, SMTP, CalDAV, CardDAV a EAS. Uživatelské jméno zůstává stejné.<br>SOGo však nelze s heslem aplikace použít.",
         "app_name": "Název aplikace",
@@ -1162,8 +1249,8 @@
         "description": "Popis",
         "delete_ays": "Potvrďte odstranění.",
         "direct_aliases": "Přímé aliasy",
-        "direct_aliases_desc": "Na přímé aliasy se uplatňuje filtr spamu a nastavení pravidel TLS",
-        "direct_protocol_access": "Tento uživatel mailové schránky má <b>přímý externí přístup</b> k následujícím protokolům a aplikacím. Toto nastavení je řízeno správcem. Pro udělení přístupu k jednotlivým protokolům a aplikacím lze vytvořit hesla aplikací.<br>Tlačítko \"Webmailu\" zajišťuje jednotné přihlášení k SOGo a je vždy k dispozici.",
+        "direct_aliases_desc": "Na přímé aliasy se uplatňuje filtr spamu a nastavení pravidel TLS.",
+        "direct_protocol_access": "Tento uživatel mailové schránky má <b>přímý externí přístup</b> k následujícím protokolům a aplikacím. Toto nastavení je řízeno správcem. Pro udělení přístupu k jednotlivým protokolům a aplikacím lze vytvořit hesla aplikací.<br>Tlačítko \"Webmail\" zajišťuje jednotné přihlášení k SOGo a je vždy k dispozici.",
         "eas_reset": "Smazat mezipaměť zařízení ActiveSync",
         "eas_reset_help": "Obnovení mezipaměti zařízení pomůže zpravidla obnovit poškozený profil služby ActiveSync.<br><b>Upozornění:</b> Všechna data budou opětovně stažena!",
         "eas_reset_now": "Smazat",
@@ -1204,7 +1291,7 @@
         "no_last_login": "Žádný záznam o přihlášení",
         "no_record": "Žádný záznam",
         "open_logs": "Otevřít záznam",
-        "open_webmail_sso": "Webmailu",
+        "open_webmail_sso": "Webmail",
         "password": "Heslo",
         "password_now": "Současné heslo (pro potvrzení změny)",
         "password_repeat": "Heslo (znovu)",
@@ -1241,8 +1328,8 @@
         "spamfilter": "Filtr spamu",
         "spamfilter_behavior": "Hodnocení",
         "spamfilter_bl": "Seznam zakázaných adres (blacklist)",
-        "spamfilter_bl_desc": "Zakázané emailové adresy <b>budou vždy klasifikovány jako spam a odmítnuty</b>. Lze použít zástupné znaky (*). Filtr se použije pouze na přímé aliasy (s jednou cílovou mailovou schránkou), s výjimkou doménových košů a samotné mailové schránky.",
-        "spamfilter_default_score": "Výchozí hodnoty:",
+        "spamfilter_bl_desc": "Zakázané emailové adresy budou <b>vždy</b> klasifikovány jako spam a odmítnuty. Odmítnutá pošta <b>nebude</b> uložena do karantény. Lze použít zástupné znaky (*). Filtr se použije pouze na přímé aliasy (s jednou cílovou poštovní schránkou), s výjimkou doménových košů a samotné poštovní schránky.",
+        "spamfilter_default_score": "Výchozí hodnoty",
         "spamfilter_green": "Zelená: tato zpráva není spam",
         "spamfilter_hint": "První hodnota představuje \"nízké spam skóre\" a druhá \"vysoké spam skóre\".",
         "spamfilter_red": "Červená: Tato zpráva je spam a server ji odmítne",
@@ -1274,7 +1361,7 @@
         "tag_in_subject": "V předmětu",
         "text": "Text",
         "title": "Předmět",
-        "tls_enforce_in": "Vynutit TLS pro příchozí poštu ",
+        "tls_enforce_in": "Vynutit TLS pro příchozí poštu",
         "tls_enforce_out": "Vynutit TLS pro odchozí poštu",
         "tls_policy": "Politika šifrování",
         "tls_policy_warning": "<strong>Varování:</strong> Pokud se rozhodnete vynutit šifrovaný přenos pošty, může dojít ke ztrátě e-mailů.<br>Zprávy, které nesplňují tuto politiku, budou mailovým systémem odmítnuty.<br>Tato volba ovlivňuje primární e-mailovou adresu (přihlašovací jméno), všechny adresy odvozené z doménových aliasů i aliasy, jež mají tuto mailovou schránku jako cíl.",
@@ -1290,7 +1377,13 @@
         "years": "let",
         "pushover_sound": "Zvukové upozornění",
         "password_reset_info": "Pokud není zadán e-mail pro obnovení hesla, nelze tuto funkci použít.",
-        "pw_recovery_email": "E-mail pro obnovení hesla"
+        "pw_recovery_email": "E-mail pro obnovení hesla",
+        "tfa_info": "Dvoufaktorová autentizace vám pomáhá chránit svůj účet. Je-li zapnuta, musíte si vytvořit aplikační hesla pro aplikace, jež dvoufaktorovou autentizaci nepodporují (např. poštovní klienti).",
+        "attribute": "Atribut",
+        "authentication": "Autentifikace",
+        "overview": "Přehled",
+        "protocols": "Protokoly",
+        "value": "Hodnota"
     },
     "warning": {
         "cannot_delete_self": "Nelze smazat právě přihlášeného uživatele",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index a04234610..21d26d8c8 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -205,8 +205,8 @@
         "f2b_whitelist": "Whitelisted networks/hosts",
         "filter": "Filter",
         "filter_table": "Filter table",
-        "force_sso_text": "If an external OIDC provider is configured, this option hides the default mailcow login forms and only shows the Singe Sign-On button",
-        "force_sso": "Disable mailcow Login and show only Singe Sign-On",
+        "force_sso_text": "If an external OIDC provider is configured, this option hides the default mailcow login forms and only shows the Single Sign-On button",
+        "force_sso": "Disable mailcow Login and show only Single Sign-On",
         "forwarding_hosts": "Forwarding Hosts",
         "forwarding_hosts_add_hint": "You can either specify IPv4/IPv6 addresses, networks in CIDR notation, host names (which will be resolved to IP addresses), or domain names (which will be resolved to IP addresses by querying SPF records or, in their absence, MX records).",
         "forwarding_hosts_hint": "Incoming messages are unconditionally accepted from any hosts listed here. These hosts are then not checked against DNSBLs or subjected to greylisting. Spam received from them is never rejected, but optionally it can be filed into the Junk folder. The most common use for this is to specify mail servers on which you have set up a rule that forwards incoming emails to your mailcow server.",
diff --git a/data/web/lang/lang.it-it.json b/data/web/lang/lang.it-it.json
index fdfa78161..a2f0a87e3 100644
--- a/data/web/lang/lang.it-it.json
+++ b/data/web/lang/lang.it-it.json
@@ -353,7 +353,30 @@
         "password_settings": "Impostazioni della password",
         "queue_unban": "sblocca",
         "restore_template": "Lasciare vuoto per ripristinare il modello predefinito.",
-        "logo_normal_label": "Normale"
+        "logo_normal_label": "Normale",
+        "app_hide": "Nascondi per il login",
+        "ip_check_disabled": "Il controllo IP è disabilitato. Puoi abilitarlo sotto <br><strong>Sistema > Configurazione > Opzioni > Personalizza </strong>",
+        "ip_check_opt_in": "Attiva l'utilizzo dei servizi di terze parti <strong>ipv4.mailcow.email</strong> e <strong> ipv6.mailcow.email</strong> per risolvere gli indirizzi IP esterni",
+        "iam_login_provisioning": "Creazione automatica di utenti al login",
+        "iam_port": "Porta",
+        "iam_redirect_url": "URL di reindirizzamento",
+        "iam_server_url": "URL server",
+        "iam_sso": "Single Sign-On",
+        "iam_test_connection": "Test connessione",
+        "iam_use_ssl": "Usa SSL",
+        "iam_use_tls": "Usa StartTLS",
+        "iam_version": "Versione",
+        "ignore_ssl_error": "Ignorare gli errori SSL",
+        "task": "Attività",
+        "login_page": "Pagina di accesso",
+        "filter": "Filtro",
+        "iam_attribute_field": "Campo attributo",
+        "iam_authorize_url": "Endpoint di autorizzazione",
+        "iam_auth_flow": "Flusso di autenticazione",
+        "iam_client_id": "ID cliente",
+        "iam_default_template": "Template predefinito",
+        "iam_host": "Host",
+        "iam_import_users": "Importa utenti"
     },
     "danger": {
         "access_denied": "Accesso negato o form di login non corretto",
@@ -484,7 +507,11 @@
         "password_reset_invalid_user": "La casella di posta elettronica non è stata trovata o non è stata impostata un'e-mail di recupero",
         "password_reset_na": "Il recupero della password non è attualmente disponibile. Contattare l'amministratore.",
         "recovery_email_failed": "Impossibile inviare un'e-mail di recupero. Contattare l'amministratore.",
-        "to_invalid": "Il destinatario non deve essere vuoto"
+        "to_invalid": "Il destinatario non deve essere vuoto",
+        "iam_test_connection": "Connessione non riuscita",
+        "webauthn_authenticator_failed": "L'autenticator selezionato non è stato trovato",
+        "webauthn_username_failed": "L'authenticator selezionato appartiene ad un altro account",
+        "webauthn_publickey_failed": "Nessuna chiave pubblica è stata salvata per l'authenticator selezionato"
     },
     "debug": {
         "chart_this_server": "Grafico (questo server)",
@@ -655,7 +682,10 @@
         "domain_footer_html": "Piè di pagina HTML",
         "domain_footer_plain": "Piè di pagina PLAIN",
         "footer_exclude": "Escludi dal piè di pagina",
-        "password_recovery_email": "E-mail di recupero password"
+        "password_recovery_email": "E-mail di recupero password",
+        "mailbox_rename": "Rinominare la casella mail",
+        "mailbox_rename_agree": "Ho creato un backup.",
+        "mailbox_rename_alias": "Creare alias automaticamente"
     },
     "fido2": {
         "confirm": "Conferma",
@@ -717,7 +747,11 @@
         "forgot_password": "> Password dimenticata?",
         "new_password": "Nuova password",
         "new_password_confirm": "Conferma la nuova password",
-        "reset_password": "Ripristino della password"
+        "reset_password": "Ripristino della password",
+        "login_linkstext": "Non è il login corretto?",
+        "login_usertext": "Accedere come utente",
+        "login_domainadmintext": "Accedere come domain admin",
+        "login_admintext": "Accedere come admin"
     },
     "mailbox": {
         "action": "Azione",
diff --git a/data/web/lang/lang.si-si.json b/data/web/lang/lang.si-si.json
index b5a093a35..2028996aa 100644
--- a/data/web/lang/lang.si-si.json
+++ b/data/web/lang/lang.si-si.json
@@ -352,13 +352,68 @@
         "allowed_origins": "Upravljanje-dostopa-Dovoljeni-Viri",
         "copy_to_clipboard": "Besedilo kopirano v odložišče!",
         "f2b_manage_external": "Zunanje upravljanje Fail2Ban",
-        "f2b_manage_external_info": "Fail2ban bo še vedno vzdrževal seznam prepovedi, vendar ne bo aktivno nastavil pravil za blokiranje prometa. Uporabite spodnji ustvarjeni seznam prepovedi za zunanje blokiranje prometa."
+        "f2b_manage_external_info": "Fail2ban bo še vedno vzdrževal seznam prepovedi, vendar ne bo aktivno nastavil pravil za blokiranje prometa. Uporabite spodnji ustvarjeni seznam prepovedi za zunanje blokiranje prometa.",
+        "force_sso_text": "Če je konfiguriran zunanji ponudnik OIDC, ta možnost skrije privzete obrazce za prijavo v Mailcow in prikaže samo gumb za enkratno prijavo.",
+        "app_hide": "Skrij za prijavo",
+        "iam_login_provisioning": "Samodejno ustvarjanje uporabnikov ob prijavi",
+        "admin_quicklink": "Skrij hitro povezavo do strani za prijavo skrbnika",
+        "login_page": "Prijavna stran",
+        "domainadmin_quicklink": "Skrij hitro povezavo do strani za prijavo v Skrbnik domen",
+        "filter": "Filter",
+        "force_sso": "Onemogoči prijavo v Mailcow in prikaži samo enotno prijavo",
+        "iam": "Ponudnik identitete",
+        "iam_attribute_field": "Polje atributa",
+        "iam_authorize_url": "Končna točka avtorizacije",
+        "iam_auth_flow": "Potek preverjanja pristnosti",
+        "iam_auth_flow_info": "Poleg toka avtorizacijske kode (standardni tok v Keycloaku), ki se uporablja za prijavo z enotno prijavo, mailcow podpira tudi tok preverjanja pristnosti z neposrednimi poverilnicami. Tok Mailpassword poskuša preveriti uporabnikove poverilnice z uporabo REST API-ja Keycloak Admin. mailcow pridobi zgoščeno geslo iz atributa <code>mailcow_password</code>, ki je preslikan v Keycloaku.",
+        "iam_basedn": "Osnovni DN",
+        "iam_client_id": "ID odjemalca",
+        "iam_client_secret": "Skrivnost odjemalca",
+        "iam_client_scopes": "Obsegi odjemalcev",
+        "iam_default_template": "Privzeta predloga",
+        "iam_default_template_description": "Če uporabniku ni dodeljena nobena predloga, bo privzeta predloga uporabljena za ustvarjanje nabiralnika, ne pa za posodabljanje nabiralnika.",
+        "iam_description": "Konfigurirajte zunanjega ponudnika za preverjanje pristnosti<br>Uporabnikovi poštni nabiralniki bodo samodejno ustvarjeni ob prvi prijavi, če je nastavljeno preslikavanje atributov.",
+        "iam_extra_permission": "Za delovanje naslednjih nastavitev potrebuje odjemalec mailcow v Keycloaku <code>Servisni račun</code> in dovoljenje za <code>ogled uporabnikov</code>.",
+        "iam_host": "Gostitelj",
+        "iam_host_info": "Vnesite enega ali več gostiteljev LDAP, ločenih z vejicami.",
+        "iam_import_users": "Uvozi uporabnike",
+        "iam_use_tls_info": "Če omogočite TLS, morate uporabiti privzeta vrata za strežnik LDAP (389). Vrat SSL ni mogoče uporabiti.",
+        "iam_sync_interval": "Interval sinhronizacije / uvoza (min)",
+        "user_quicklink": "Skrij hitro povezavo do strani za prijavo uporabnika",
+        "iam_use_ssl_info": "Če omogočite SSL in so vrata nastavljena na 389, bodo samodejno prepisana na uporabo 636.",
+        "iam_mapping": "Preslikava atributov",
+        "iam_bindpass": "Vezano geslo",
+        "iam_periodic_full_sync": "Periodična popolna sinhronizacija",
+        "iam_port": "Vrata",
+        "iam_redirect_url": "Preusmeri URL",
+        "iam_rest_flow": "Tok gesla za pošto",
+        "iam_server_url": "URL strežnika",
+        "iam_sso": "Enotna prijava",
+        "iam_test_connection": "Preizkus povezave",
+        "iam_token_url": "Končna točka žetona",
+        "iam_userinfo_url": "Končna točka z uporabniškimi podatki",
+        "iam_username_field": "Polje z uporabniškim imenom",
+        "iam_binddn": "Povezava DN",
+        "iam_use_ssl": "Uporabi SSL",
+        "iam_use_tls": "Uporabi StartTLS",
+        "iam_version": "Različica",
+        "ignore_ssl_error": "Prezri napake SSL",
+        "password_reset_info": "Če ni naveden e-poštni naslov za obnovitev, te funkcije ni mogoče uporabiti.",
+        "password_reset_settings": "Nastavitve za obnovitev gesla",
+        "password_reset_tmpl_html": "Predloga HTML",
+        "password_reset_tmpl_text": "Predloga besedila",
+        "password_settings": "Nastavitve gesla",
+        "quicklink_text": "Prikaži ali skrij hitre povezave do drugih strani za prijavo pod prijavnim obrazcem",
+        "reset_password_vars": "<code>{{link}}<code> Ustvarjena povezava za ponastavitev gesla<br><code>{{username}}<code> Ime nabiralnika uporabnika, ki je zahteval ponastavitev gesla<br><code>{{username2}}<code> Ime obnovitvenega nabiralnika<br><code>{{date}}<code> Datum zahteve za ponastavitev gesla<br><code>{{token_lifetime}}<code> Življenjska doba žetona v minutah<br><code>{{hostname}}<code> Ime gostitelja mailcow",
+        "restore_template": "Za obnovitev privzete predloge pustite polje prazno.",
+        "task": "Naloga",
+        "user_link": "Uporabniška povezava"
     },
     "danger": {
         "alias_goto_identical": "Alias in goto naslov morata biti identična",
         "aliasd_targetd_identical": "Alias domena ne sme biti enaka ciljni domeni: %s",
         "bcc_exists": "BCC preslikava obstaja za vrsto %s",
-        "dkim_domain_or_sel_exists": "DKIM ključ za \"%s\" obstaja in ne bo prepisan.",
+        "dkim_domain_or_sel_exists": "DKIM ključ za \"%s\" obstaja in ne bo prepisan",
         "domain_quota_m_in_use": "Kvota domene mora biti večja ali enaka %s MiB",
         "extra_acl_invalid_domain": "Zunanji pošiljatelj \"%s\" uporablja neveljavno domeno",
         "global_map_write_error": "Ni mogoče zapisati ID globalne preslikave %s: %s",
@@ -375,8 +430,8 @@
         "app_passwd_id_invalid": "ID gesla aplikacije %s je neveljaven",
         "bcc_empty": "BCC cilj ne more biti prazen",
         "bcc_must_be_email": "BCC cilj %s ni veljaven e-poštni naslov",
-        "comment_too_long": "Komentar je predolg, dovoljeno je največ 100 znakov.",
-        "defquota_empty": "Privzeta kvota na poštni predal ne more biti 0",
+        "comment_too_long": "Komentar je predolg, dovoljeno je največ 160 znakov",
+        "defquota_empty": "Privzeta kvota na poštni predal ne more biti 0.",
         "description_invalid": "Opis resursa za %s ni veljaven",
         "dkim_domain_or_sel_invalid": "Domena ali izbirnik DKIM ni veljaven: %s",
         "domain_cannot_match_hostname": "Domena se ne more ujemati z imenom gostitelja",
@@ -414,9 +469,9 @@
         "invalid_recipient_map_old": "Naveden neveljaven izvirni prejemnik: %s",
         "ip_list_empty": "Seznam dovoljenih IPjev ne sme biti prazen",
         "is_alias": "%s je že znan kot alias naslov",
-        "is_alias_or_mailbox": "%s je že znan kot alias, poštni naslov, ali alias izveden iz alias domene",
+        "is_alias_or_mailbox": "%s je že znan kot alias, poštni naslov, ali alias izveden iz alias domene.",
         "is_spam_alias": "%s že obstaja kot začasen alias (spam alias naslov)",
-        "last_key": "Zadnji ključ ne more biti izbrisan, prosim raje deaktivirajte dvofaktorsko avtentikacijo (TFA)",
+        "last_key": "Zadnji ključ ne more biti izbrisan, prosim raje deaktivirajte dvofaktorsko avtentikacijo (TFA).",
         "login_failed": "Prijava ni uspela",
         "mailbox_defquota_exceeds_mailbox_maxquota": "Privzeta kvota presega najvišjo omejitev",
         "mailbox_invalid": "Ime poštnega predala ni veljavno",
@@ -428,7 +483,7 @@
         "map_content_empty": "Preslikava vsebine ne more biti prazna",
         "max_alias_exceeded": "Preseženo največje število aliasov",
         "max_mailbox_exceeded": "Preseženo največje število poštnih predalov (%d od %d)",
-        "maxquota_empty": "Največja kvota na poštni predal ne more biti 0",
+        "maxquota_empty": "Največja kvota na poštni predal ne more biti 0.",
         "mysql_error": "Napaka MySQL: %s",
         "network_host_invalid": "Nepravilno omrežje ali gostitel: %s",
         "next_hop_interferes": "% moti naslednji skok %s",
@@ -483,7 +538,17 @@
         "cors_invalid_origin": "Naveden neveljaven Allow-Origin",
         "invalid_recipient_map_new": "Naveden neveljaven nov prejemnik: %s",
         "img_dimensions_exceeded": "Slika presega največje dovoljene dimenzije",
-        "img_size_exceeded": "Slika presega največjo dovoljeno velikost datoteke"
+        "img_size_exceeded": "Slika presega največjo dovoljeno velikost datoteke",
+        "iam_test_connection": "Povezava ni uspela",
+        "authsource_in_use": "Ponudnika identitete ni mogoče spremeniti ali izbrisati, ker ga trenutno uporablja eden ali več uporabnikov.",
+        "password_reset_na": "Obnovitev gesla trenutno ni na voljo. Obrnite se na skrbnika.",
+        "generic_server_error": "Prišlo je do nepričakovane napake strežnika. Obrnite se na skrbnika.",
+        "invalid_reset_token": "Neveljaven žeton za ponastavitev",
+        "password_reset_invalid_user": "Poštni predal ni bil najden ali pa ni nastavljen e-poštni naslov za obnovitev",
+        "recovery_email_failed": "E-poštnega sporočila za obnovitev ni bilo mogoče poslati. Obrnite se na skrbnika.",
+        "required_data_missing": "Manjkajo zahtevani podatki %s",
+        "reset_token_limit_exceeded": "Omejitev žetonov za ponastavitev je bila presežena. Poskusite znova pozneje.",
+        "to_invalid": "Polje za prejemnika ne sme biti prazno"
     },
     "debug": {
         "containers_info": "Informacije o vsebniku (containerju)",
@@ -583,8 +648,8 @@
         "pushover_sender_array": "Upoštevaj samo sledeče e-poštne naslove pošiljateljev <small>(ločeni z vejico)</small>",
         "mbox_rl_info": "Ta omejitev velja za SASL uporabniško ime, preverja se ujemanje s katerim koli \"from\" naslovom, ki ga uporablja prijavljeni uporabnik. Omejitev pošiljanja za poštni predal preglasi pravilo omejitve za domeno.",
         "kind": "Tip",
-        "client_secret": "Client secret",
-        "comment_info": "Zasebni komentar ni viden uporabniku, javni komentar pa je viden kot tooltip v uporabnikovem pregledu.",
+        "client_secret": "Skrivnost odjemalca",
+        "comment_info": "Zasebni komentar ni viden uporabniku, javni komentar pa se prikaže kot opis orodja, ko nanj v pregledu uporabnika zadržite miško",
         "created_on": "Ustvarjeno",
         "custom_attributes": "Atributi po meri",
         "delete1": "Izbriši na viru, ko je končano",
@@ -601,11 +666,11 @@
         "pushover_verify": "Preveri poverilnice",
         "quota_mb": "Omejitev (MiB)",
         "quota_warning_bcc": "BCC za sporočilo z opozorilom omejitve",
-        "quota_warning_bcc_info": "Opozorila bodo poslana kot ločene kopije sledečim prejemnikom. K naslovu sporočila bo dodano uporabniško ime v oklepajih, npr. <code>Opozorilo omejitve (user@example.com)</code>",
+        "quota_warning_bcc_info": "Opozorila bodo poslana kot ločene kopije naslednjim prejemnikom. Zadevi bo v oklepaju dodano ustrezno uporabniško ime, na primer: <code>Opozorilo o kvoti (uporabnik@example.com)</code>.",
         "ratelimit": "Omejitev pošiljanja",
         "advanced_settings": "Napredne nastavitve",
         "allow_from_smtp_info": "Pustite prazno da dovolite vse pošiljatelje.<br>IPv4/IPv6 naslovi in omrežja.",
-        "allowed_protocols": "Dovoljeni protokoli",
+        "allowed_protocols": "Dovoljeni protokoli za neposreden dostop uporabnikov (ne vpliva na protokole za gesla aplikacij)",
         "app_name": "Ime aplikacije",
         "app_passwd": "Geslo aplikacije",
         "app_passwd_protocols": "Dovoljeni protokoli za geslo aplikacije",
@@ -647,12 +712,253 @@
         "public_comment": "Javni komentar",
         "pushover": "Pushover",
         "pushover_evaluate_x_prio": "Eskaliraj visoko prednostno pošto [<code>X-Priority: 1</code>]",
-        "pushover_info": "Nastavitve potisnih obvestil bodo veljala za vsa čisto (ne spam) elektronsko pošto dostavljeno v <b>%s</b> vključno z aliasi (deljeni, nedeljeni, označeni)",
+        "pushover_info": "Nastavitve potisnih obvestil bodo veljale za vso čisto (ne neželeno) pošto, dostavljeno na <b>%s</b>, vključno z vzdevki (v skupni rabi, brez skupne rabe, označeni).",
         "pushover_only_x_prio": "Upoštevaj samo pošto z visoko prioriteto [<code>X-Priority: 1</code>]",
         "pushover_sender_regex": "Upoštevaj sledeči regex za pošiljatelja",
         "pushover_text": "Besedilo obvestila",
         "pushover_sound": "Zvok",
         "encryption": "Šifriranje",
-        "alias": "Uredi alias"
+        "alias": "Uredi alias",
+        "relayhost": "Prenosi, odvisni od pošiljatelja",
+        "mailbox_rename_alias": "Samodejno ustvari vzdevek",
+        "sender_acl_info": "Če lahko uporabnik poštnega predala A pošilja kot uporabnik poštnega predala B, se naslov pošiljatelja v SOGo ne prikaže samodejno kot izbirno polje \"od\".<br>\n  Uporabnik poštnega predala B mora v SOGo ustvariti pooblastilo, da lahko uporabnik poštnega predala A izbere svoj naslov kot pošiljatelja. Če želite pooblastiti poštni predal v SOGo, uporabite meni (tri pike) desno od imena vašega poštnega predala v zgornjem levem kotu v pogledu pošte. To vedenje ne velja za vzdevke.",
+        "redirect_uri": "URL za preusmeritev/povratni klic",
+        "relay_all": "Posreduj vsem prejemnikom",
+        "relay_unknown_only": "Posreduj samo neobstoječe poštne nabiralnike. Obstoječi poštni nabiralniki bodo dostavljeni lokalno.",
+        "relay_domain": "Posreduj to domeno",
+        "remove": "Odstrani",
+        "resource": "Vir",
+        "mailbox_rename_title": "Novo ime lokalnega poštnega predala",
+        "password_recovery_email": "E-poštno sporočilo za obnovitev gesla",
+        "relay_all_info": "↪ Če se odločite, da <b>ne</b> želite posredovati vseh prejemnikov, boste morali za vsakega posameznega prejemnika, ki ga želite posredovati, dodati (\"slepi\") poštni predal.",
+        "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Informacije</div> Za to domeno lahko določite transportne zemljevide za cilj po meri. Če niso nastavljeni, bo izvedeno iskanje MX.",
+        "save": "Shrani spremembe",
+        "scope": "Obseg",
+        "sender_acl": "Dovoli pošiljanje kot",
+        "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">Preverjanje pošiljatelja je onemogočeno</span>",
+        "sieve_type": "Vrsta filtra",
+        "skipcrossduplicates": "Preskoči podvojena sporočila med mapami (po principu \"kdor prej pride, prej melje\")",
+        "sogo_access": "Neposredno posredovanje na SOGo",
+        "sogo_access_info": "Po prijavi je uporabnik samodejno preusmerjen na SOGo.",
+        "sogo_visible": "Vzdevek je viden v SOGo",
+        "sogo_visible_info": "Ta možnost vpliva samo na objekte, ki jih je mogoče prikazati v SOGo (naslovi aliasov v skupni rabi ali brez nje, ki kažejo na vsaj en lokalni poštni predal). Če je skrita, vzdevek ne bo prikazan kot izbirni pošiljatelj v SOGo.",
+        "spam_alias": "Ustvarjanje ali spreminjanje časovno omejenih vzdevkovnih naslovov",
+        "spam_filter": "Filter neželene pošte",
+        "spam_policy": "Dodajanje ali odstranjevanje elementov na beli/črni seznam",
+        "spam_score": "Nastavite oceno neželene pošte po meri",
+        "subfolder2": "Sinhroniziraj v podmapo na cilju<br><small>(prazno = ne uporabi podmape)</small>",
+        "syncjob": "Urejanje sinhronizacijskega opravila",
+        "target_address": "Pojdi na naslov/e <small>(ločeno z vejico)</small>",
+        "target_domain": "Ciljna domena",
+        "timeout1": "Časovna omejitev za povezavo z oddaljenim gostiteljem",
+        "timeout2": "Časovna omejitev za povezavo z lokalnim gostiteljem",
+        "title": "Urejanje predmeta",
+        "unchanged_if_empty": "Če ni spremenjeno, pustite prazno",
+        "username": "Uporabniško ime",
+        "validate_save": "Potrdi in shrani",
+        "mailbox_rename": "Preimenuj poštni predal",
+        "mailbox_rename_agree": "Ustvaril/a sem varnostno kopijo.",
+        "mailbox_rename_warning": "POMEMBNO! Pred preimenovanjem nabiralnika ustvarite varnostno kopijo.",
+        "sieve_desc": "Kratek opis"
+    },
+    "footer": {
+        "restart_container_info": "<b>Pomembno:</b> Ugoden ponovni zagon lahko traja nekaj časa, zato počakajte, da se konča.",
+        "delete_these_items": "Prosimo, potrdite spremembe naslednjega ID-ja objekta",
+        "confirm_delete": "Potrdi brisanje",
+        "delete_now": "Izbriši zdaj",
+        "hibp_check": "Preverite na haveibeenpwned.com",
+        "hibp_nok": "Ujema se! To je potencialno nevarno geslo!",
+        "hibp_ok": "Ni najdenega ujemanja.",
+        "loading": "Prosim, počakajte...",
+        "nothing_selected": "Nič izbranega",
+        "restart_container": "Znova zaženite zabojnik",
+        "restart_now": "Znova zaženi zdaj",
+        "restarting_container": "Ponovni zagon zabojnika, to lahko traja nekaj časa",
+        "cancel": "Prekliči"
+    },
+    "login": {
+        "password": "Geslo",
+        "invalid_pass_reset_token": "Žeton za ponastavitev gesla je neveljaven ali je potekel.<br>Zahtevajte novo povezavo za ponastavitev gesla.",
+        "back_to_mailcow": "Nazaj v mailcow",
+        "delayed": "Prijava je bila zakasnjena za %s sekund.",
+        "fido2_webauthn": "Prijava FIDO2/WebAuthent",
+        "forgot_password": "> Ste pozabili geslo?",
+        "login": "Prijava",
+        "login_linkstext": "Ni pravilna prijava?",
+        "login_usertext": "Prijava kot uporabnik",
+        "login_domainadmintext": "Prijava kot skrbnik domene",
+        "login_admintext": "Prijava kot skrbnik",
+        "login_user": "Prijava uporabnika",
+        "login_dadmin": "Prijava skrbnika domene",
+        "login_admin": "Prijava skrbnika",
+        "mobileconfig_info": "Za prenos zahtevanega profila povezave Apple se prijavite kot uporabnik poštnega predala.",
+        "new_password": "Novo geslo",
+        "new_password_confirm": "Potrdi novo geslo",
+        "other_logins": "ali se prijavite s/z",
+        "reset_password": "Ponastavi geslo",
+        "request_reset_password": "Zahteva za spremembo gesla",
+        "username": "Uporabniško ime"
+    },
+    "mailbox": {
+        "last_mail_login": "Zadnja prijava v e-pošto",
+        "deactivate": "Deaktiviraj",
+        "domain_admins": "Skrbniki domen",
+        "kind": "Prijazno",
+        "mailbox_defaults_info": "Določite privzete nastavitve za nove poštne nabiralnike.",
+        "allowed_protocols": "Dovoljeni protokoli",
+        "add_alias": "Dodaj vzdevek",
+        "mins_interval": "Interval (min)",
+        "recipient_map_info": "Zemljevidi prejemnikov se uporabljajo za zamenjavo naslova prejemnika v sporočilu, preden je dostavljeno.",
+        "add_domain_record_first": "Najprej dodajte domeno",
+        "booking_ltnull": "Neomejeno, vendar se ob rezervaciji prikaži kot zasedeno",
+        "alias_domain_alias_hint": "Vzdevki se na vzdevke domen samodejno <b>ne</b> uporabijo. Naslov vzdevka <code>my-alias@domain</code> <b>ne</b> pokriva naslova <code>my-alias@alias-domain</code> (kjer je \"vzdevek domene\" namišljeni vzdevek domene za \"domeno\").<br>Za preusmeritev pošte v zunanji nabiralnik uporabite filter sito (glejte zavihek »Filtri« ali uporabite SOGo -> Posrednik). Za samodejno dodajanje manjkajočih vzdevkov uporabite \"Razširi vzdevek čez domene vzdevkov\".",
+        "q_all": " ob premiku v mapo Neželena pošta in ob zavrnitvi",
+        "bcc_info": "BCC zemljevidi se uporabljajo za tiho posredovanje kopij vseh sporočil na drug naslov. Vnos vrste preslikave prejemnika se uporablja, kadar lokalni cilj deluje kot prejemnik pošte. Preslikave pošiljatelja delujejo po istem načelu.<br>\nLokalni cilj ne bo obveščen o neuspeli dostavi.",
+        "force_pw_update": "Vsiljena posodobitev gesla ob naslednji prijavi",
+        "recipient_map_new_info": "Cilj zemljevida prejemnika mora biti veljaven e-poštni naslov ali ime domene.",
+        "recipient_map_old_info": "Izvirni cilj prejemnika mora biti veljaven e-poštni naslov ali ime domene.",
+        "action": "Dejanje",
+        "activate": "Aktiviraj",
+        "active": "Aktivno",
+        "add": "Dodaj",
+        "add_alias_expand": "Razširi vzdevek nad vzdevki domen",
+        "add_bcc_entry": "Dodaj zemljevid BCC",
+        "add_domain": "Dodaj domeno",
+        "add_domain_alias": "Dodaj vzdevek domene",
+        "add_filter": "Dodaj filter",
+        "add_mailbox": "Dodaj poštni predal",
+        "add_recipient_map_entry": "Dodaj zemljevid prejemnikov",
+        "add_resource": "Dodaj vir",
+        "add_template": "Dodaj predlogo",
+        "add_tls_policy_map": "Dodaj zemljevid pravilnikov TLS",
+        "address_rewriting": "Prepisovanje naslovov",
+        "alias": "Vzdevek",
+        "alias_domain_backupmx": "Vzdevek domene ni aktiven za posredovalno domeno",
+        "aliases": "Vzdevki",
+        "all_domains": "Vse domene",
+        "allow_from_smtp": "Dovoli samo tem IP-jem uporabo <b>SMTP</b>",
+        "allow_from_smtp_info": "Pustite prazno, da dovolite vse pošiljatelje.<br>Naslovi in omrežja IPv4/IPv6.",
+        "backup_mx": "Posredovalna domena",
+        "bcc": "BCC",
+        "bcc_destination": "Ciljna stran BCC",
+        "bcc_destinations": "Ciljna stran BCC",
+        "bcc_local_dest": "Lokalni cilj",
+        "bcc_map": "BCC zemljevid",
+        "bcc_map_type": "BCC tip",
+        "bcc_maps": "BCC zemljevidi",
+        "bcc_rcpt_map": "Zemljevid prejemnikov",
+        "bcc_sender_map": "Zemljevid pošiljatelja",
+        "bcc_to_rcpt": "Preklopi na vrsto zemljevida prejemnika",
+        "bcc_to_sender": "Preklopi na vrsto zemljevida pošiljatelja",
+        "bcc_type": "BCC tip",
+        "booking_null": "Vedno prikaži kot brezplačno",
+        "booking_0_short": "Vedno prost",
+        "booking_custom": "Točna omejitev na število rezervacij po meri",
+        "booking_custom_short": "Trda omejitev",
+        "booking_lt0_short": "Mehka omejitev",
+        "catch_all": "Zajemi vse",
+        "created_on": "Ustvarjeno dne",
+        "daily": "Dnevno",
+        "description": "Opis",
+        "disable_login": "Prepreči prijavo (dohodna pošta je še vedno sprejeta)",
+        "disable_x": "Onemogoči",
+        "dkim_domains_selector": "Izbirnik",
+        "dkim_key_length": "Dolžina ključa DKIM (biti)",
+        "domain": "Domena",
+        "domain_aliases": "Vzdevki domen",
+        "domain_templates": "Predloge domen",
+        "domain_quota": "Kvota",
+        "domain_quota_total": "Celotna kvota domene",
+        "domains": "Domene",
+        "edit": "Uredi",
+        "empty": "Ni rezultatov",
+        "enable_x": "Omogoči",
+        "filters": "Filtri",
+        "fname": "Polno ime",
+        "gal": "Globalni seznam naslovov",
+        "goto_ham": "Uči se kot <b>ham</b>",
+        "goto_spam": "Uči se kot <b>spam</b>",
+        "hourly": "Urno",
+        "iam": "Ponudnik identitete",
+        "in_use": "V uporabi (%)",
+        "inactive": "Neaktivno",
+        "insert_preset": "Vstavi primer prednastavitve \"%s\"",
+        "last_modified": "Zadnja sprememba",
+        "last_pw_change": "Zadnja sprememba gesla",
+        "last_run_reset": "Načrtuj naslednje",
+        "mailbox": "Poštni nabiralnik",
+        "mailbox_defaults": "Privzete nastavitve",
+        "mailbox_defquota": "Privzeta velikost poštnega nabiralnika",
+        "mailbox_templates": "Predloge poštnih nabiralnikov",
+        "mailbox_quota": "Največja velikost poštnega nabiralnika",
+        "mailboxes": "Poštni nabiralniki",
+        "max_aliases": "Največje število vzdevkov",
+        "max_mailboxes": "Največje možno število poštnih predalov",
+        "max_quota": "Največja kvota na poštni predal",
+        "msg_num": "Sporočilo #",
+        "multiple_bookings": "Več rezervacij",
+        "never": "Nikoli",
+        "no": "&#10005;",
+        "no_record": "Ni zapisa za objekt %s",
+        "no_record_single": "Ni zapisa",
+        "open_logs": "Odpri dnevnike",
+        "owner": "Lastnik",
+        "private_comment": "Zasebni komentar",
+        "public_comment": "Javni komentar",
+        "q_add_header": "ko je premaknjeno v mapo Neželena pošta",
+        "q_reject": "ob zavrnitvi",
+        "quarantine_category": "Kategorija obvestil o karanteni",
+        "quarantine_notification": "Obvestila o karanteni",
+        "quick_actions": "Dejanja",
+        "recipient": "Prejemnik",
+        "recipient_map": "Zemljevid prejemnikov",
+        "recipient_map_new": "Nov prejemnik",
+        "recipient_map_old": "Prvotni prejemnik",
+        "recipient_maps": "Zemljevidi prejemnikov",
+        "relay_all": "Posreduj vsem prejemnikom",
+        "relay_unknown": "Posredovanje neznanih poštnih predalov",
+        "remove": "Odstrani",
+        "resources": "Viri",
+        "running": "V teku",
+        "sender": "Pošiljatelj",
+        "set_postfilter": "Označi kot postfilter",
+        "set_prefilter": "Označi kot predfilter",
+        "sieve_preset_1": "Zavrzi pošto z verjetno nevarnimi vrstami datotek",
+        "filter_table": "Filtriraj tabelo",
+        "excludes": "Izključuje",
+        "last_run": "Zadnji zagon",
+        "sieve_preset_2": "Vedno označi e-pošto določenega pošiljatelja kot videno"
+    },
+    "fido2": {
+        "known_ids": "Znani ID-ji",
+        "set_fido2_touchid": "Registrirajte Touch ID na Apple M1",
+        "confirm": "Potrdi",
+        "fido2_auth": "Prijava s FIDO2",
+        "fido2_success": "Naprava je bila uspešno registrirana",
+        "fido2_validation_failed": "Preverjanje ni uspelo",
+        "fn": "Prijazno ime",
+        "none": "Onemogočeno",
+        "register_status": "Status registracije",
+        "rename": "Preimenuj",
+        "set_fido2": "Registrirajte napravo FIDO2",
+        "set_fn": "Nastavi prijazno ime",
+        "start_fido2_validation": "Začni validacijo FIDO2"
+    },
+    "info": {
+        "session_expires": "Vaša seja bo potekla čez približno 15 sekund",
+        "awaiting_tfa_confirmation": "Čakam na potrditev TFA",
+        "no_action": "Ni veljavnih ukrepov"
+    },
+    "header": {
+        "administration": "Konfiguracija in podrobnosti",
+        "apps": "Aplikacije",
+        "debug": "Informacije",
+        "email": "E-pošta",
+        "mailcow_system": "Sistem",
+        "mailcow_config": "Konfiguracija",
+        "quarantine": "Karantena",
+        "restart_netfilter": "Znova zaženite omrežni filter",
+        "restart_sogo": "Znova zaženite SOGo",
+        "user_settings": "Uporabniške nastavitve"
     }
 }

From dd475c0ab341398113cda317417ef7827dfbc19d Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Thu, 12 Jun 2025 13:14:20 +0200
Subject: [PATCH 580/755] update postscreen_access.cidr (#6573)

---
 data/conf/postfix/postscreen_access.cidr | 86 ++++++++++++++++++++++--
 1 file changed, 80 insertions(+), 6 deletions(-)

diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr
index 10c609097..57425e5df 100644
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@@ -1,6 +1,6 @@
-# Whitelist generated by Postwhite v3.4 on Thu May  1 00:21:10 UTC 2025
+# Whitelist generated by Postwhite v3.4 on Sun Jun  1 00:24:21 UTC 2025
 # https://github.com/stevejenkins/postwhite/
-# 2058 total rules
+# 2132 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
 2a01:111:f403:8000::/50	permit
@@ -19,24 +19,37 @@
 2c0f:fb50:4000::/36	permit
 2.207.151.53	permit
 2.207.217.30	permit
+3.65.3.180	permit
 3.70.123.177	permit
+3.72.182.33	permit
+3.74.81.189	permit
+3.75.33.185	permit
 3.93.157.0/24	permit
 3.94.40.108	permit
 3.129.120.190	permit
 3.210.190.0/24	permit
+3.211.80.218	permit
+3.216.221.67	permit
+3.221.209.22	permit
 8.20.114.31	permit
 8.25.194.0/23	permit
 8.25.196.0/23	permit
 8.36.116.0/24	permit
+8.39.54.0/23	permit
+8.39.54.250/31	permit
 8.39.144.0/24	permit
+8.40.222.0/23	permit
+8.40.222.250/31	permit
 12.130.86.238	permit
-13.107.246.59	permit
+13.107.246.38	permit
 13.110.208.0/21	permit
 13.110.209.0/24	permit
 13.110.216.0/22	permit
 13.110.224.0/20	permit
 13.111.0.0/16	permit
 13.111.191.0/24	permit
+13.216.7.111	permit
+13.216.54.180	permit
 15.200.21.50	permit
 15.200.44.248	permit
 15.200.201.185	permit
@@ -49,9 +62,12 @@
 18.97.1.184/29	permit
 18.97.2.64/26	permit
 18.156.89.250	permit
+18.156.205.64	permit
 18.157.243.190	permit
 18.194.95.56	permit
+18.197.217.180	permit
 18.198.96.88	permit
+18.207.52.234	permit
 18.208.124.128/25	permit
 18.216.232.154	permit
 18.235.27.253	permit
@@ -88,6 +104,7 @@
 23.253.183.147	permit
 23.253.183.148	permit
 23.253.183.150	permit
+24.110.64.0/18	permit
 27.123.204.128/30	permit
 27.123.204.132/31	permit
 27.123.204.148/30	permit
@@ -125,15 +142,16 @@
 34.74.74.140	permit
 34.83.159.189	permit
 34.141.160.224	permit
+34.193.58.168	permit
 34.195.217.107	permit
 34.212.163.75	permit
 34.215.104.144	permit
 34.218.116.3	permit
 34.225.212.172	permit
+35.158.23.94	permit
 35.161.32.253	permit
 35.167.93.243	permit
 35.176.132.251	permit
-35.190.247.0/24	permit
 35.191.0.0/16	permit
 35.205.92.9	permit
 35.228.216.85	permit
@@ -154,6 +172,10 @@
 44.217.45.156	permit
 44.236.56.93	permit
 44.238.220.251	permit
+44.245.243.92	permit
+44.246.1.125	permit
+44.246.68.102	permit
+44.246.77.92	permit
 45.14.148.0/22	permit
 46.19.170.16	permit
 46.226.48.0/21	permit
@@ -221,11 +243,15 @@
 50.56.130.222	permit
 52.1.14.157	permit
 52.5.230.59	permit
+52.13.214.179	permit
+52.26.1.71	permit
 52.27.5.72	permit
 52.27.28.47	permit
 52.28.63.81	permit
+52.34.181.151	permit
 52.36.138.31	permit
 52.37.142.146	permit
+52.42.203.116	permit
 52.50.24.208	permit
 52.58.216.183	permit
 52.59.143.3	permit
@@ -272,12 +298,12 @@
 54.213.20.246	permit
 54.214.39.184	permit
 54.240.0.0/18	permit
-54.240.64.0/19	permit
-54.240.96.0/19	permit
+54.240.64.0/18	permit
 54.241.16.209	permit
 54.244.54.130	permit
 54.244.242.0/24	permit
 54.255.61.23	permit
+56.124.6.228	permit
 57.103.64.0/18	permit
 62.13.128.0/24	permit
 62.13.129.128/25	permit
@@ -293,6 +319,7 @@
 63.128.21.0/24	permit
 63.143.57.128/25	permit
 63.143.59.128/25	permit
+63.176.194.123	permit
 64.18.0.0/20	permit
 64.20.241.45	permit
 64.69.212.0/24	permit
@@ -358,6 +385,7 @@
 65.110.161.77	permit
 65.123.29.213	permit
 65.123.29.220	permit
+65.154.166.0/24	permit
 65.212.180.36	permit
 66.102.0.0/20	permit
 66.119.150.192/26	permit
@@ -1153,6 +1181,7 @@
 99.83.190.102	permit
 103.9.96.0/22	permit
 103.28.42.0/24	permit
+103.122.78.238	permit
 103.151.192.0/23	permit
 103.168.172.128/27	permit
 103.237.104.0/22	permit
@@ -1287,6 +1316,7 @@
 106.50.16.0/28	permit
 107.20.18.111	permit
 107.20.210.250	permit
+107.22.191.150	permit
 108.174.0.0/24	permit
 108.174.0.215	permit
 108.174.3.0/24	permit
@@ -1321,6 +1351,9 @@
 117.120.16.0/21	permit
 119.42.242.52/31	permit
 119.42.242.156	permit
+121.244.91.48	permit
+121.244.91.52	permit
+122.15.156.182	permit
 123.126.78.64/29	permit
 124.108.96.24/31	permit
 124.108.96.28/31	permit
@@ -1383,7 +1416,21 @@
 134.170.141.64/26	permit
 134.170.143.0/24	permit
 134.170.174.0/24	permit
+135.84.80.0/24	permit
+135.84.81.0/24	permit
+135.84.82.0/24	permit
+135.84.83.0/24	permit
 135.84.216.0/22	permit
+136.143.160.0/24	permit
+136.143.161.0/24	permit
+136.143.162.0/24	permit
+136.143.176.0/24	permit
+136.143.177.0/24	permit
+136.143.178.49	permit
+136.143.182.0/23	permit
+136.143.184.0/24	permit
+136.143.188.0/24	permit
+136.143.190.0/23	permit
 136.147.128.0/20	permit
 136.147.135.0/24	permit
 136.147.176.0/20	permit
@@ -1398,6 +1445,7 @@
 139.138.46.219	permit
 139.138.57.55	permit
 139.138.58.119	permit
+139.167.79.86	permit
 139.180.17.0/24	permit
 140.238.148.191	permit
 141.148.159.229	permit
@@ -1518,6 +1566,9 @@
 164.152.23.32	permit
 164.152.25.241	permit
 164.177.132.168/30	permit
+165.173.128.0/24	permit
+165.173.180.250/31	permit
+165.173.182.250/31	permit
 166.78.68.0/22	permit
 166.78.68.221	permit
 166.78.69.169	permit
@@ -1546,6 +1597,13 @@
 168.245.12.252	permit
 168.245.46.9	permit
 168.245.127.231	permit
+169.148.129.0/24	permit
+169.148.131.0/24	permit
+169.148.142.10	permit
+169.148.144.0/25	permit
+169.148.144.10	permit
+169.148.146.0/23	permit
+169.148.188.182	permit
 170.10.128.0/24	permit
 170.10.129.0/24	permit
 170.10.132.56/29	permit
@@ -1722,7 +1780,16 @@
 199.16.156.0/22	permit
 199.33.145.1	permit
 199.33.145.32	permit
+199.34.22.36	permit
 199.59.148.0/22	permit
+199.67.80.2	permit
+199.67.80.20	permit
+199.67.82.2	permit
+199.67.82.20	permit
+199.67.84.0/24	permit
+199.67.86.0/24	permit
+199.67.88.0/24	permit
+199.67.90.0/24	permit
 199.101.161.130	permit
 199.101.162.0/25	permit
 199.122.120.0/21	permit
@@ -1779,6 +1846,8 @@
 204.92.114.187	permit
 204.92.114.203	permit
 204.92.114.204/31	permit
+204.141.32.0/23	permit
+204.141.42.0/23	permit
 204.220.160.0/21	permit
 204.220.168.0/21	permit
 204.220.176.0/20	permit
@@ -1998,6 +2067,8 @@
 216.99.5.68	permit
 216.109.114.32/27	permit
 216.109.114.64/29	permit
+216.113.162.65	permit
+216.113.163.65	permit
 216.128.126.97	permit
 216.136.162.65	permit
 216.136.162.120/29	permit
@@ -2046,6 +2117,9 @@
 2603:1030:20e:3::23c	permit
 2603:1030:b:3::152	permit
 2603:1030:c02:8::14	permit
+2607:13c0:0001:0000:0000:0000:0000:7000/116	permit
+2607:13c0:0002:0000:0000:0000:0000:1000/116	permit
+2607:13c0:0004:0000:0000:0000:0000:0000/116	permit
 2607:f8b0:4000::/36	permit
 2620:109:c003:104::/64	permit
 2620:109:c003:104::215	permit

From 5861c9af29d7902995426d0779fefeedc11d2282 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Mon, 16 Jun 2025 19:45:13 +0200
Subject: [PATCH 581/755] [Web] Updated lang.cs-cz.json (#6589)

---
 data/web/lang/lang.cs-cz.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/data/web/lang/lang.cs-cz.json b/data/web/lang/lang.cs-cz.json
index b33332f66..9ef0304c8 100644
--- a/data/web/lang/lang.cs-cz.json
+++ b/data/web/lang/lang.cs-cz.json
@@ -404,9 +404,9 @@
         "iam_client_scopes": "Scopes klienta",
         "iam_default_template": "Výchozí šablona",
         "iam_description": "Nastavení externího poskytovatele ověření<br>Schránky uživatele se vytvoří po prvním přihlášení automaticky, pokud je tedy nastaveno mapování atributů.",
-        "iam_extra_permission": "Aby vše fungovalo, musí mít mailcow klient v Keycloaku nastavený  <code>servisní účet</code> a povolení <code>view-users</code>.",
+        "iam_extra_permission": "Aby vše fungovalo, musí mít mailcow klient v Keycloaku nastavený <code>servisní účet</code> a povolení <code>view-users</code>.",
         "iam_host": "Hostitel",
-        "iam_host_info": "Zadejte jeden či více hostitelů, oddělte čárkou",
+        "iam_host_info": "Zadejte jeden či více hostitelů, oddělte čárkou.",
         "iam_import_users": "Importovat uživatele"
     },
     "danger": {
@@ -1180,7 +1180,7 @@
         "recovery_email_sent": "E-mail k obnovení byl odeslán na adresu %s",
         "custom_login_modified": "Úpravy přihlašování úspěšně uloženy",
         "domain_add_dkim_available": "Klíč DKIM už existoval",
-        "f2b_banlist_refreshed": "Seznam zákazů úspěšně obnoven",
+        "f2b_banlist_refreshed": "Seznam zákazů úspěšně obnoven.",
         "iam_test_connection": "Spojení úspěšně navázano",
         "ip_check_opt_in_modified": "Kontrola IP adresy úspěšně uložena",
         "mailbox_renamed": "Schránka přejmenována z %s na %s",
@@ -1212,7 +1212,7 @@
         "yubi_otp": "Yubico OTP ověření",
         "u2f_deprecated": "Zdá se, že váš klíč byl registrován zastaralou metodou U2F. Dojde k deaktivaci dvoufaktorové autentifikace a smazání klíče.",
         "authenticators": "Autentifikátory",
-        "u2f_deprecated_important": "Registrujte svůj klíč novou metodou WebAuthn ve správě správců"
+        "u2f_deprecated_important": "Registrujte svůj klíč novou metodou WebAuthn ve správě správců."
     },
     "user": {
         "action": "Akce",

From cc0e4fee9dbaf99e02a5369ce5e4e17d016075aa Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 20 Jun 2025 18:14:22 +0200
Subject: [PATCH 582/755] [Web] Updated lang.si-si.json (#6599)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Matjaž Tekavec <matjaz@moj-svet.si>
---
 data/web/lang/lang.si-si.json | 43 ++++++++++++++++++++++++++++++++---
 1 file changed, 40 insertions(+), 3 deletions(-)

diff --git a/data/web/lang/lang.si-si.json b/data/web/lang/lang.si-si.json
index 2028996aa..dd1c13607 100644
--- a/data/web/lang/lang.si-si.json
+++ b/data/web/lang/lang.si-si.json
@@ -353,14 +353,14 @@
         "copy_to_clipboard": "Besedilo kopirano v odložišče!",
         "f2b_manage_external": "Zunanje upravljanje Fail2Ban",
         "f2b_manage_external_info": "Fail2ban bo še vedno vzdrževal seznam prepovedi, vendar ne bo aktivno nastavil pravil za blokiranje prometa. Uporabite spodnji ustvarjeni seznam prepovedi za zunanje blokiranje prometa.",
-        "force_sso_text": "Če je konfiguriran zunanji ponudnik OIDC, ta možnost skrije privzete obrazce za prijavo v Mailcow in prikaže samo gumb za enkratno prijavo.",
+        "force_sso_text": "Če je konfiguriran zunanji ponudnik OIDC, ta možnost skrije privzete obrazce za prijavo v Mailcow in prikaže samo gumb za enotno prijavo",
         "app_hide": "Skrij za prijavo",
         "iam_login_provisioning": "Samodejno ustvarjanje uporabnikov ob prijavi",
         "admin_quicklink": "Skrij hitro povezavo do strani za prijavo skrbnika",
         "login_page": "Prijavna stran",
         "domainadmin_quicklink": "Skrij hitro povezavo do strani za prijavo v Skrbnik domen",
         "filter": "Filter",
-        "force_sso": "Onemogoči prijavo v Mailcow in prikaži samo enotno prijavo",
+        "force_sso": "Onemogoči prijavo v mailcow in prikaži samo enotno prijavo",
         "iam": "Ponudnik identitete",
         "iam_attribute_field": "Polje atributa",
         "iam_authorize_url": "Končna točka avtorizacije",
@@ -927,7 +927,44 @@
         "filter_table": "Filtriraj tabelo",
         "excludes": "Izključuje",
         "last_run": "Zadnji zagon",
-        "sieve_preset_2": "Vedno označi e-pošto določenega pošiljatelja kot videno"
+        "sieve_preset_2": "Vedno označi e-pošto določenega pošiljatelja kot videno",
+        "target_address": "Pojdi na naslov",
+        "syncjob_EXIT_TLS_FAILURE": "Težava s šifrirano povezavo",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Ni mogoče vzpostaviti povezave z oddaljenim strežnikom",
+        "tls_map_parameters_info": "Prazno ali parametri, na primer: protocols=!SSLv2 ciphers=medium exclude=3DES",
+        "tls_policy_maps_enforced_tls": "Ti pravilniki bodo preglasili tudi vedenje uporabnikov poštnih predalov, ki vsiljujejo odhodne povezave TLS. Če spodaj ni pravilnika, bodo ti uporabniki uporabili privzete vrednosti, določene kot <code>smtp_tls_mandatory_protocols</code> in <code>smtp_tls_mandatory_ciphers</code>.",
+        "spam_aliases": "Začasni vzdevek",
+        "sieve_preset_3": "Tiho zavrzite, ustavite vso nadaljnjo obdelavo s presejanjem",
+        "sieve_preset_4": "Vloži v mapo PREJETO, preskoči nadaljnjo obdelavo s sitastimi filtri",
+        "sieve_preset_5": "Samodejni odzivnik (dopust)",
+        "sieve_preset_6": "Zavrni pošto z odgovorom",
+        "sieve_preset_7": "Preusmeritev in ohrani/opusti",
+        "sieve_preset_8": "Preusmeritev e-pošte od določenega pošiljatelja, označitev kot prebrano in razvrščanje v podmapo",
+        "sieve_preset_header": "Spodaj si oglejte primere prednastavitev. Za več podrobnosti glejte <a href=\"https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)\" target=\"_blank\">Wikipedijo</a>.",
+        "sogo_visible": "Vzdevek je viden v SOGo",
+        "sogo_visible_n": "Skrij vzdevek v SOGo",
+        "sogo_visible_y": "Prikaži vzdevek v SOGo",
+        "stats": "Statistika",
+        "status": "Stanje",
+        "sync_jobs": "Sinhronizacija opravil",
+        "syncjob_check_log": "Preveri dnevnik",
+        "syncjob_last_run_result": "Rezultat zadnjega zagona",
+        "syncjob_EX_OK": "Uspešno",
+        "syncjob_EXIT_CONNECTION_FAILURE": "Težava s povezavo",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Težava z overjanjem",
+        "syncjob_EXIT_OVERQUOTA": "Ciljni poštni predal presega kvoto",
+        "table_size_show_n": "Prikaži %s elementov",
+        "target_domain": "Ciljna domena",
+        "template": "Predloga",
+        "tls_enforce_in": "Uveljavi dohodni TLS",
+        "tls_enforce_out": "Uveljavi odhodni TLS",
+        "tls_map_dest": "Cilj",
+        "tls_map_dest_info": "Primeri: example.org, .example.org, [mail.example.org]:25",
+        "tls_map_parameters": "Parametri",
+        "tls_map_policy": "Politika",
+        "tls_policy_maps": "Zemljevidi pravilnikov TLS",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Napačno uporabniško ime ali geslo",
+        "templates": "Predloge"
     },
     "fido2": {
         "known_ids": "Znani ID-ji",

From 8a89f5c685869c4fb28165751d1602cd5ad87deb Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Mon, 23 Jun 2025 10:36:49 +0200
Subject: [PATCH 583/755] updated Readme (sponsors)

---
 README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.md b/README.md
index 40288f10e..2aad841c2 100644
--- a/README.md
+++ b/README.md
@@ -23,6 +23,9 @@ A big thank you to everyone supporting us on GitHub Sponsors—your contribution
   <a href="https://www.maehdros.com/" target=_blank><img
     src="https://avatars.githubusercontent.com/u/173894712" height="58"
   /></a>
+  <a href="https://macarne.com/" target=_blank><img
+    src="https://avatars.githubusercontent.com/u/149550368?s=200&v=4" height="58"
+  /></a>
 
 ### 50$/Month Sponsors
   <a href="https://github.com/vnukhr" target=_blank><img

From 4c64cf18a69464a1f8c30e1e87433bf3241bc205 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Mon, 23 Jun 2025 21:58:50 +0200
Subject: [PATCH 584/755] [Web] Updated lang.si-si.json (#6600)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Matjaž Tekavec <matjaz@moj-svet.si>
---
 data/web/lang/lang.si-si.json | 42 ++++++++++++++++++++++++++++++++++-
 1 file changed, 41 insertions(+), 1 deletion(-)

diff --git a/data/web/lang/lang.si-si.json b/data/web/lang/lang.si-si.json
index dd1c13607..e3e35b508 100644
--- a/data/web/lang/lang.si-si.json
+++ b/data/web/lang/lang.si-si.json
@@ -964,7 +964,14 @@
         "tls_map_policy": "Politika",
         "tls_policy_maps": "Zemljevidi pravilnikov TLS",
         "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Napačno uporabniško ime ali geslo",
-        "templates": "Predloge"
+        "templates": "Predloge",
+        "tls_policy_maps_long": "Preglasitve zemljevidov pravilnikov odhodnega TLS",
+        "table_size": "Velikost tabele",
+        "toggle_all": "Preklopi vse",
+        "username": "Uporabniško ime",
+        "waiting": "Čakanje",
+        "yes": "&#10003;",
+        "weekly": "Tedensko"
     },
     "fido2": {
         "known_ids": "Znani ID-ji",
@@ -997,5 +1004,38 @@
         "restart_netfilter": "Znova zaženite omrežni filter",
         "restart_sogo": "Znova zaženite SOGo",
         "user_settings": "Uporabniške nastavitve"
+    },
+    "quarantine": {
+        "learn_spam_delete": "Uči se kot neželena pošta in izbriši",
+        "medium_danger": "Srednje",
+        "notified": "Obveščen",
+        "low_danger": "Nizko",
+        "qinfo": "Sistem karantene bo zavrnjeno pošto shranil v zbirko podatkov (pošiljatelj ne bo imel vtisa, da je bila pošta dostavljena), prav tako pa bo pošto, ki bo dostavljena kot kopija, shranil v mapo »Neželena pošta« v nabiralniku.\n<br>»Uči kot neželeno pošto in izbriši« bo sporočilo prepoznal kot neželeno pošto prek Bayesovega izreka in izračunal tudi mehke zgoščene vrednosti, da bi v prihodnje zavrnil podobna sporočila.\n<br>Upoštevajte, da je učenje več sporočil lahko – odvisno od vašega sistema – zamudno.<br>Elementi na črnem seznamu so izključeni iz karantene.",
+        "junk_folder": "Mapa z neželeno pošto",
+        "action": "Dejanje",
+        "atts": "Priloge",
+        "check_hash": "Iskanje zgoščene vrednosti datoteke @ VT",
+        "confirm": "Potrdi",
+        "confirm_delete": "Potrdite brisanje tega elementa.",
+        "danger": "Nevarnost",
+        "deliver_inbox": "Dostavi v mapo »Prejeto«",
+        "disabled_by_config": "Trenutna konfiguracija sistema onemogoča funkcionalnost karantene. Nastavite »število hranjenj na poštni predal« in »največjo velikost« za elemente karantene.",
+        "download_eml": "Prenesi (.eml)",
+        "empty": "Ni rezultatov",
+        "high_danger": "Visoko",
+        "info": "Informacija",
+        "neutral_danger": "Nevtralno",
+        "qhandler_success": "Zahteva je bila uspešno poslana v sistem. Zdaj lahko zaprete okno.",
+        "qid": "Rspamd QID",
+        "qitem": "Predmet iz karantene"
+    },
+    "oauth2": {
+        "access_denied": "Za odobritev dostopa prek OAuth2 se prijavite kot lastnik poštnega predala.",
+        "authorize_app": "Avtorizacija aplikacije",
+        "deny": "Zavrni",
+        "permit": "Avtorizacija aplikacije",
+        "profile": "Profil",
+        "profile_desc": "Ogled osebnih podatkov: uporabniško ime, polno ime, ustvarjeno, spremenjeno, aktivno",
+        "scope_ask_permission": "Aplikacija je zahtevala naslednja dovoljenja"
     }
 }

From 4e7adacda9643f5c91dd64350e4f4a6a0573afef Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Tue, 24 Jun 2025 20:06:38 +0200
Subject: [PATCH 585/755] [Web] Updated lang.si-si.json (#6601)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Matjaž Tekavec <matjaz@moj-svet.si>
---
 data/web/lang/lang.si-si.json | 162 +++++++++++++++++++++++++++++++++-
 1 file changed, 160 insertions(+), 2 deletions(-)

diff --git a/data/web/lang/lang.si-si.json b/data/web/lang/lang.si-si.json
index e3e35b508..91d4916ac 100644
--- a/data/web/lang/lang.si-si.json
+++ b/data/web/lang/lang.si-si.json
@@ -971,7 +971,9 @@
         "username": "Uporabniško ime",
         "waiting": "Čakanje",
         "yes": "&#10003;",
-        "weekly": "Tedensko"
+        "weekly": "Tedensko",
+        "sieve_info": "Na uporabnika lahko shranite več filtrov, vendar je lahko hkrati aktiven le en predfilter in en postfilter.<br>\nVsak filter bo obdelan v opisanem vrstnem redu. Niti neuspešen skript niti izdan ukaz »keep;« ne bosta ustavila obdelave nadaljnjih skript. Spremembe globalnih skriptov sita bodo sprožile ponovni zagon Dovecota.<br><br>Globalni predfilter sita &#8226; Predfilter &#8226; Uporabniški skripti &#8226; Postfilter &#8226; Globalni postfilter sita",
+        "tls_policy_maps_info": "Ta preslikava pravilnikov preglasi pravila odhodnega prenosa TLS neodvisno od uporabnikovih nastavitev pravilnikov TLS.<br>\n  Za več informacij preverite <a href=\"http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps\" target=\"_blank\">dokumentacijo »smtp_tls_policy_maps«</a>."
     },
     "fido2": {
         "known_ids": "Znani ID-ji",
@@ -1027,7 +1029,36 @@
         "neutral_danger": "Nevtralno",
         "qhandler_success": "Zahteva je bila uspešno poslana v sistem. Zdaj lahko zaprete okno.",
         "qid": "Rspamd QID",
-        "qitem": "Predmet iz karantene"
+        "qitem": "Predmet iz karantene",
+        "spam_score": "Rezultat",
+        "text_from_html_content": "Vsebina (pretvorjen html)",
+        "quarantine": "Karantena",
+        "quick_delete_link": "Odpri povezavo za hitro brisanje",
+        "quick_info_link": "Odpri povezavo z informacijami",
+        "quick_release_link": "Odpri povezavo za hitro objavo",
+        "rcpt": "Prejemnik",
+        "received": "Prejeto",
+        "recipients": "Prejemniki",
+        "refresh": "Osveži",
+        "rejected": "Zavrnjeno",
+        "release": "Izdaja",
+        "release_body": "Vaše sporočilo smo priložili kot datoteko eml temu sporočilu.",
+        "release_subject": "Potencialno škodljiv predmet v karanteni %s",
+        "remove": "Odstrani",
+        "rewrite_subject": "Prepiši zadevo",
+        "rspamd_result": "Rezultat Rspamd",
+        "sender": "Pošiljatelj (SMTP)",
+        "sender_header": "Pošiljatelj (glava »Od«)",
+        "settings_info": "Največje število elementov za karanteno: %s<br>Največja velikost e-pošte: %s MiB",
+        "show_item": "Prikaži element",
+        "spam": "Neželena pošta",
+        "subj": "Zadeva",
+        "table_size": "Velikost tabele",
+        "table_size_show_n": "Prikaži %s elementov",
+        "text_plain_content": "Vsebina (besedilo/navadno)",
+        "toggle_all": "Preklopi vse",
+        "type": "Vrsta",
+        "quick_actions": "Dejanja"
     },
     "oauth2": {
         "access_denied": "Za odobritev dostopa prek OAuth2 se prijavite kot lastnik poštnega predala.",
@@ -1037,5 +1068,132 @@
         "profile": "Profil",
         "profile_desc": "Ogled osebnih podatkov: uporabniško ime, polno ime, ustvarjeno, spremenjeno, aktivno",
         "scope_ask_permission": "Aplikacija je zahtevala naslednja dovoljenja"
+    },
+    "queue": {
+        "info": "Čakalna vrsta pošte vsebuje vsa e-poštna sporočila, ki čakajo na dostavo. Če je e-poštno sporočilo dlje časa obtičalo v čakalni vrsti, ga sistem samodejno izbriše.<br>Sporočilo o napaki ustreznega e-poštnega sporočila vsebuje informacije o tem, zakaj sporočila ni bilo mogoče dostaviti.",
+        "delete": "Izbriši vse",
+        "flush": "Izprazni čakalno vrsto",
+        "legend": "Funkcije dejanj čakalne vrste pošte:",
+        "ays": "Potrdite, da želite izbrisati vse elemente iz trenutne čakalne vrste.",
+        "deliver_mail": "Dostavi",
+        "deliver_mail_legend": "Poskusi ponovne dostave izbranih e-poštnih sporočil.",
+        "hold_mail": "Zadrži",
+        "hold_mail_legend": "Zadrži izbrano pošto. (Prepreči nadaljnje poskuse dostave)",
+        "queue_manager": "Upravitelj čakalnih vrst",
+        "show_message": "Prikaži sporočilo",
+        "unban": "odblokiraj čakalno vrsto",
+        "unhold_mail": "Nezadrži",
+        "unhold_mail_legend": "Sprosti izbrana sporočila za dostavo. (Zahteva predhodno zadržanje)"
+    },
+    "success": {
+        "eas_reset": "Naprave ActiveSync za uporabnika %s so bile ponastavljene",
+        "alias_added": "Dodan je bil vzdevek %s (%d)",
+        "app_passwd_added": "Dodano novo geslo za aplikacijo",
+        "domain_add_dkim_available": "Ključ DKIM je že obstajal",
+        "custom_login_modified": "Prilagoditev prijave je bila uspešno shranjena",
+        "rl_saved": "Omejitev hitrosti za objekt %s je shranjena",
+        "domain_admin_modified": "Spremembe skrbnika domene %s so bile shranjene",
+        "license_modified": "Spremembe licence so bile shranjene",
+        "pushover_settings_edited": "Nastavitve Pushoverja so bile uspešno nastavljene, preverite poverilnice.",
+        "mailbox_renamed": "Poštni nabiralnik je bil preimenovan iz %s v %s",
+        "recovery_email_sent": "E-poštno sporočilo za obnovitev je bilo poslano na %s",
+        "relayhost_removed": "Vnos na zemljevidu %s je bil odstranjen",
+        "acl_saved": "ACL za objekt %s shranjen",
+        "admin_added": "Dodan je bil skrbnik %s",
+        "admin_api_modified": "Spremembe API-ja so bile shranjene",
+        "admin_modified": "Spremembe skrbnika so bile shranjene",
+        "admin_removed": "Administrator %s je bil odstranjen",
+        "alias_domain_removed": "Vzdevek domene %s je bil odstranjen",
+        "alias_modified": "Spremembe vzdevka %s so bile shranjene",
+        "alias_removed": "Vzdevek %s je bil odstranjen",
+        "aliasd_added": "Dodan vzdevek domene %s",
+        "aliasd_modified": "Spremembe vzdevka domene %s so bile shranjene",
+        "app_links": "Shranjene spremembe povezav aplikacij",
+        "app_passwd_removed": "Odstranjen ID gesla za aplikacijo %s",
+        "bcc_deleted": "Vnosi na zemljevidu BCC so izbrisani: %s",
+        "bcc_edited": "Vnos na zemljevidu BCC %s je bil urejen",
+        "db_init_complete": "Inicializacija baze podatkov končana",
+        "delete_filter": "Izbrisani filtri ID %s",
+        "delete_filters": "Izbrisani filtri: %s",
+        "deleted_syncjob": "Izbrisan ID sinhronizacijskega opravila %s",
+        "deleted_syncjobs": "Izbrisana opravila sinhronizacije: %s",
+        "dkim_added": "Ključ DKIM %s je bil shranjen",
+        "dkim_duplicated": "Ključ DKIM za domeno %s je bil kopiran v %s",
+        "dkim_removed": "Ključ DKIM %s je bil odstranjen",
+        "domain_added": "Dodana domena %s",
+        "domain_admin_added": "Dodan je bil skrbnik domene %s",
+        "domain_admin_removed": "Skrbnik domene %s je bil odstranjen",
+        "domain_footer_modified": "Spremembe v nogi domene %s so bile shranjene",
+        "domain_modified": "Spremembe domene %s so bile shranjene",
+        "domain_removed": "Domena %s je bila odstranjena",
+        "dovecot_restart_success": "Dovecot je bil uspešno ponovno zagnan",
+        "f2b_banlist_refreshed": "ID seznama prepovedanih je bil uspešno osvežen.",
+        "f2b_modified": "Spremembe parametrov Fail2ban so bile shranjene",
+        "forwarding_host_added": "Dodan je bil posredovalni gostitelj %s",
+        "forwarding_host_removed": "Gostitelj za posredovanje %s je bil odstranjen",
+        "global_filter_written": "Filter je bil uspešno zapisan v datoteko",
+        "hash_deleted": "Zgoščena vrednost je izbrisana",
+        "iam_test_connection": "Povezava je bila uspešna",
+        "ip_check_opt_in_modified": "Preverjanje IP-ja je bilo uspešno shranjeno",
+        "item_deleted": "Element %s je bil uspešno izbrisan",
+        "items_deleted": "Element %s je bil uspešno izbrisan",
+        "items_released": "Izbrani elementi so bili izdani",
+        "logged_in_as": "Prijavljen kot %s",
+        "mailbox_added": "Dodan je bil poštni predal %s",
+        "mailbox_modified": "Spremembe poštnega nabiralnika %s so bile shranjene",
+        "mailbox_removed": "Poštni nabiralnik %s je bil odstranjen",
+        "nginx_reloaded": "Nginx je bil ponovno naložen",
+        "object_modified": "Spremembe objekta %s so bile shranjene",
+        "password_policy_saved": "Pravilnik o geslih je bil uspešno shranjen",
+        "password_changed_success": "Geslo je bilo uspešno spremenjeno",
+        "qlearn_spam": "Sporočilo z ID-jem %s je bilo prepoznano kot neželena pošta in izbrisano",
+        "queue_command_success": "Ukaz za čakalno vrsto je bil uspešno zaključen",
+        "recipient_map_entry_deleted": "ID zemljevida prejemnika %s je bil izbrisan",
+        "recipient_map_entry_saved": "Vnos zemljevida prejemnika »%s« je bil shranjen",
+        "relayhost_added": "Dodan je bil vnos na zemljevid %s",
+        "reset_main_logo": "Ponastavi na privzeti logotip",
+        "resource_added": "Dodan je bil vir %s",
+        "resource_modified": "Spremembe poštnega nabiralnika %s so bile shranjene",
+        "resource_removed": "Vir %s je bil odstranjen",
+        "rspamd_ui_pw_set": "Geslo uporabniškega vmesnika Rspamd je bilo uspešno nastavljeno",
+        "settings_map_added": "Dodan vnos nastavitev zemljevida",
+        "settings_map_removed": "Odstranjen ID zemljevida nastavitev %s",
+        "sogo_profile_reset": "Profil SOGo za uporabnika %s je bil ponastavljen",
+        "template_added": "Dodana predloga %s",
+        "template_modified": "Spremembe predloge %s so bile shranjene",
+        "template_removed": "ID predloge %s je bil izbrisan",
+        "tls_policy_map_entry_deleted": "ID zemljevida pravilnika TLS %s je bil izbrisan",
+        "tls_policy_map_entry_saved": "Vnos zemljevida pravilnika TLS »%s« je bil shranjen",
+        "ui_texts": "Shranjene spremembe besedil uporabniškega vmesnika",
+        "upload_success": "Datoteka je bila uspešno naložena",
+        "verified_fido2_login": "Preverjena prijava v FIDO2",
+        "verified_totp_login": "Preverjena prijava v TOTP",
+        "verified_webauthn_login": "Preverjena prijava v WebAuth",
+        "verified_yotp_login": "Preverjena prijava z enkratnim geslom Yubico",
+        "bcc_saved": "Vnos na zemljevidu BCC je shranjen",
+        "cors_headers_edited": "Nastavitve CORS so bile shranjene",
+        "item_released": "Izdan je bil element %s",
+        "saved_settings": "Shranjene nastavitve"
+    },
+    "start": {
+        "imap_smtp_server_auth_info": "Prosimo, uporabite svoj celoten e-poštni naslov in mehanizem za preverjanje pristnosti PLAIN.<br>\nVaši podatki za prijavo bodo šifrirani z obveznim šifriranjem na strani strežnika.",
+        "help": "Prikaži/skrij ploščo s pomočjo"
+    },
+    "tfa": {
+        "api_register": "%s uporablja Yubico Cloud API. Pridobite API ključ za svoj ključ <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">tukaj</a>",
+        "authenticators": "Preverjevalniki pristnosti",
+        "confirm": "Potrdi",
+        "delete_tfa": "Onemogoči TFA",
+        "disable_tfa": "Onemogoči TFA do naslednje uspešne prijave",
+        "enter_qr_code": "Vaša koda TOTP, če vaša naprava ne more skenirati kod QR",
+        "error_code": "Koda napake",
+        "confirm_totp_token": "Spremembe potrdite z vnosom ustvarjenega žetona."
+    },
+    "ratelimit": {
+        "disabled": "Onemogočeno",
+        "second": "sporočil / sekundo",
+        "minute": "sporočil / minuto",
+        "hour": "sporočil / uro",
+        "day": "sporočil / dan"
     }
 }

From a0f5454c2a980c9de255fdc4b777bf1aad958858 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sun, 29 Jun 2025 18:12:59 +0200
Subject: [PATCH 586/755] [Web] Updated lang.si-si.json (#6609)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Matjaž Tekavec <matjaz@moj-svet.si>
---
 data/web/lang/lang.si-si.json | 212 +++++++++++++++++++++++++++++++++-
 1 file changed, 208 insertions(+), 4 deletions(-)

diff --git a/data/web/lang/lang.si-si.json b/data/web/lang/lang.si-si.json
index 91d4916ac..474328e38 100644
--- a/data/web/lang/lang.si-si.json
+++ b/data/web/lang/lang.si-si.json
@@ -407,7 +407,8 @@
         "reset_password_vars": "<code>{{link}}<code> Ustvarjena povezava za ponastavitev gesla<br><code>{{username}}<code> Ime nabiralnika uporabnika, ki je zahteval ponastavitev gesla<br><code>{{username2}}<code> Ime obnovitvenega nabiralnika<br><code>{{date}}<code> Datum zahteve za ponastavitev gesla<br><code>{{token_lifetime}}<code> Življenjska doba žetona v minutah<br><code>{{hostname}}<code> Ime gostitelja mailcow",
         "restore_template": "Za obnovitev privzete predloge pustite polje prazno.",
         "task": "Naloga",
-        "user_link": "Uporabniška povezava"
+        "user_link": "Uporabniška povezava",
+        "iam_realm": "Realm"
     },
     "danger": {
         "alias_goto_identical": "Alias in goto naslov morata biti identična",
@@ -813,7 +814,7 @@
         "booking_ltnull": "Neomejeno, vendar se ob rezervaciji prikaži kot zasedeno",
         "alias_domain_alias_hint": "Vzdevki se na vzdevke domen samodejno <b>ne</b> uporabijo. Naslov vzdevka <code>my-alias@domain</code> <b>ne</b> pokriva naslova <code>my-alias@alias-domain</code> (kjer je \"vzdevek domene\" namišljeni vzdevek domene za \"domeno\").<br>Za preusmeritev pošte v zunanji nabiralnik uporabite filter sito (glejte zavihek »Filtri« ali uporabite SOGo -> Posrednik). Za samodejno dodajanje manjkajočih vzdevkov uporabite \"Razširi vzdevek čez domene vzdevkov\".",
         "q_all": " ob premiku v mapo Neželena pošta in ob zavrnitvi",
-        "bcc_info": "BCC zemljevidi se uporabljajo za tiho posredovanje kopij vseh sporočil na drug naslov. Vnos vrste preslikave prejemnika se uporablja, kadar lokalni cilj deluje kot prejemnik pošte. Preslikave pošiljatelja delujejo po istem načelu.<br>\nLokalni cilj ne bo obveščen o neuspeli dostavi.",
+        "bcc_info": "BCC zemljevidi se uporabljajo za tiho posredovanje kopij vseh sporočil na drug naslov. Vnos vrste preslikave prejemnika se uporablja, kadar lokalni cilj deluje kot prejemnik pošte. Preslikave pošiljatelja delujejo po istem načelu.<br>\n  Lokalni cilj ne bo obveščen o neuspeli dostavi.",
         "force_pw_update": "Vsiljena posodobitev gesla ob naslednji prijavi",
         "recipient_map_new_info": "Cilj zemljevida prejemnika mora biti veljaven e-poštni naslov ali ime domene.",
         "recipient_map_old_info": "Izvirni cilj prejemnika mora biti veljaven e-poštni naslov ali ime domene.",
@@ -1173,7 +1174,8 @@
         "bcc_saved": "Vnos na zemljevidu BCC je shranjen",
         "cors_headers_edited": "Nastavitve CORS so bile shranjene",
         "item_released": "Izdan je bil element %s",
-        "saved_settings": "Shranjene nastavitve"
+        "saved_settings": "Shranjene nastavitve",
+        "learned_ham": "Uspešno naučen ID %s kot zaželjen"
     },
     "start": {
         "imap_smtp_server_auth_info": "Prosimo, uporabite svoj celoten e-poštni naslov in mehanizem za preverjanje pristnosti PLAIN.<br>\nVaši podatki za prijavo bodo šifrirani z obveznim šifriranjem na strani strežnika.",
@@ -1187,7 +1189,25 @@
         "disable_tfa": "Onemogoči TFA do naslednje uspešne prijave",
         "enter_qr_code": "Vaša koda TOTP, če vaša naprava ne more skenirati kod QR",
         "error_code": "Koda napake",
-        "confirm_totp_token": "Spremembe potrdite z vnosom ustvarjenega žetona."
+        "confirm_totp_token": "Spremembe potrdite z vnosom ustvarjenega žetona",
+        "tfa": "Dvofaktorska avtentikacija",
+        "webauthn": "Preverjanje pristnosti WebAuthn",
+        "none": "Deaktiviraj",
+        "init_webauthn": "Inicializacija, prosim počakajte...",
+        "key_id": "Identifikator za vašo napravo",
+        "key_id_totp": "Identifikator za vaš ključ",
+        "reload_retry": "- (če napaka vztraja, znova zaženite brskalnik)",
+        "scan_qr_code": "Prosimo, skenirajte naslednjo kodo z aplikacijo za preverjanje pristnosti ali jo vnesite ročno.",
+        "select": "Prosimo, izberite",
+        "set_tfa": "Nastavite metodo dvofaktorske avtentikacije",
+        "start_webauthn_validation": "Začni validacijo",
+        "tfa_token_invalid": "Žeton TFA neveljaven",
+        "totp": "Enkratno geslo na podlagi časa (Google Authenticator, Authy itd.)",
+        "u2f_deprecated": "Zdi se, da je bil vaš ključ registriran z zastarelo metodo U2F. Deaktivirali bomo dvofaktorsko overjanje in izbrisali vaš ključ.",
+        "u2f_deprecated_important": "Prosimo, registrirajte svoj ključ v skrbniški plošči z novo metodo WebAuthn.",
+        "waiting_usb_auth": "<i>Čakanje na napravo USB ...</i><br><br>Zdaj se dotaknite gumba na napravi USB.",
+        "waiting_usb_register": "<i>Čakanje na napravo USB ...</i><br><br>Vnesite svoje geslo zgoraj in potrdite registracijo tako, da tapnete gumb na napravi USB.",
+        "yubi_otp": "Avtentikacija z enkratnim geslom Yubico"
     },
     "ratelimit": {
         "disabled": "Onemogočeno",
@@ -1195,5 +1215,189 @@
         "minute": "sporočil / minuto",
         "hour": "sporočil / uro",
         "day": "sporočil / dan"
+    },
+    "user": {
+        "create_syncjob": "Ustvari novo sinhronizacijsko opravilo",
+        "open_webmail_sso": "Spletna pošta",
+        "attribute": "Atribut",
+        "description": "Opis",
+        "direct_aliases_desc": "Na neposredne vzdevke vplivajo nastavitve filtra neželene pošte in pravilnika TLS.",
+        "direct_protocol_access": "Ta uporabnik poštnega predala ima <b>neposreden zunanji dostop</b> do naslednjih protokolov in aplikacij. To nastavitev nadzoruje vaš skrbnik. Za dostop do posameznih protokolov in aplikacij je mogoče ustvariti gesla za aplikacije.<br>Gumb »Spletna pošta« omogoča enotno prijavo v SOGo in je vedno na voljo.",
+        "shared_aliases_desc": "Na uporabniške nastavitve, kot sta filter neželene pošte ali pravilnik za šifriranje, ne vplivajo skupni vzdevki. Ustrezne filtre neželene pošte lahko nastavi le skrbnik kot pravilnik za celotno domeno.",
+        "force_pw_update": "Za dostop do storitev, povezanih s skupinsko programsko opremo, <b>morate</b> nastaviti novo geslo.",
+        "new_password": "Novo geslo",
+        "password_reset_info": "Če ni naveden e-poštni naslov za obnovitev gesla, te funkcije ni mogoče uporabiti.",
+        "pushover_sender_array": "Upoštevajte naslednje e-poštne naslove pošiljateljev <small>(ločeni z vejico)</small>",
+        "tag_help_explain": "V podmapi: pod mapo INBOX (\"INBOX/Facebook\") bo ustvarjena nova podmapa, poimenovana po oznaki.<br>\nV zadevi: ime oznake bo dodano pred zadevo e-poštnega sporočila, na primer: \"[Facebook] Moje novice\".",
+        "pushover_vars": "Če filter pošiljatelja ni definiran, bodo upoštevana vsa e-poštna sporočila.<br>Filtre regularnih izrazov in natančna preverjanja pošiljateljev je mogoče definirati posamično in bodo obravnavana zaporedno. Niso odvisna drug od drugega.<br>Uporabne spremenljivke za besedilo in naslov (upoštevajte pravilnike o varstvu podatkov)",
+        "quarantine_notification_info": "Ko je obvestilo poslano, bodo elementi označeni kot »obveščeni« in za ta določen element ne bodo poslana nobena nadaljnja obvestila.",
+        "verify": "Preveri",
+        "spamfilter_bl_desc": "E-poštni naslovi na črnem seznamu, ki jih <b>vedno</b> razvrstite kot neželeno pošto in zavrnete. Zavrnjena pošta <b>ne</b> bo kopirana v karanteno. Uporabite lahko nadomestne znake. Filter se uporabi samo za neposredne vzdevke (vzdevke z enim samim ciljnim nabiralnikom), izključujoč vseobsegajoče vzdevke in sam nabiralnik.",
+        "spamfilter_wl_desc": "E-poštni naslovi na belem seznamu so programirani tako, da se <b>nikoli</b> ne razvrstijo kot neželena pošta. Uporabijo se lahko nadomestni znaki. Filter se uporabi samo za neposredne vzdevke (vzdevke z enim samim ciljnim poštnim predalom), izključujoč vseobsegajoče vzdevke in sam poštni predal.",
+        "tls_policy_warning": "<strong>Opozorilo:</strong> Če se odločite za uveljavitev šifriranega prenosa pošte, lahko izgubite e-pošto.<br>Sporočila, ki ne ustrezajo pravilniku, bo poštni sistem zavrnil s popolno napako.<br>Ta možnost velja za vaš primarni e-poštni naslov (prijavno ime), vse naslove, izpeljane iz vzdevkov domen, in vzdevke, <b>ki imajo samo ta en poštni predal</b> kot cilj.",
+        "allowed_protocols": "Dovoljeni protokoli",
+        "title": "Naslov",
+        "action": "Dejanje",
+        "active": "Aktivno",
+        "active_sieve": "Aktiven filter",
+        "advanced_settings": "Napredne nastavitve",
+        "alias": "Vzdevek",
+        "alias_create_random": "Generiraj naključne vzdevke",
+        "alias_extend_all": "Podaljšaj vzdevek za 1 uro",
+        "alias_full_date": "d.m.Y, H:i:s T",
+        "alias_remove_all": "Odstrani vse vzdevke",
+        "alias_select_validity": "Obdobje veljavnosti",
+        "alias_time_left": "Preostali čas",
+        "alias_valid_until": "Veljavno do",
+        "aliases_also_send_as": "Pošiljanje je dovoljeno tudi kot uporabnik",
+        "aliases_send_as_all": "Ne preverjaj dostopa pošiljatelja za naslednje domene in njihove vzdevke",
+        "app_hint": "Gesla aplikacij so alternativna gesla za prijavo v IMAP, SMTP, CalDAV, CardDAV in EAS. Uporabniško ime ostane nespremenjeno. Spletna pošta SOGo ni na voljo prek gesel aplikacij.",
+        "app_name": "Ime aplikacije",
+        "app_passwds": "Gesla aplikacij",
+        "apple_connection_profile": "Profil povezave Apple",
+        "apple_connection_profile_complete": "Ta profil povezave vključuje parametre IMAP in SMTP ter poti CalDAV (koledarji) in CardDAV (stiki) za napravo Apple.",
+        "apple_connection_profile_mailonly": "Ta profil povezave vključuje konfiguracijske parametre IMAP in SMTP za napravo Apple.",
+        "apple_connection_profile_with_app_password": "Novo geslo za aplikacijo se ustvari in doda v profil, tako da pri nastavitvi naprave ni treba vnesti gesla. Datoteke ne delite, saj omogoča poln dostop do vašega nabiralnika.",
+        "authentication": "Avtentikacija",
+        "change_password": "Spremeni geslo",
+        "change_password_hint_app_passwords": "Vaš račun ima %d gesel aplikacij, ki ne bodo spremenjena. Če jih želite upravljati, odprite zavihek Gesla aplikacij.",
+        "clear_recent_successful_connections": "Jasno vidne uspešne povezave",
+        "client_configuration": "Prikaži vodnike za konfiguracijo e-poštnih odjemalcev in pametnih telefonov",
+        "create_app_passwd": "Ustvari geslo za aplikacijo",
+        "created_on": "Ustvarjeno dne",
+        "daily": "Dnevno",
+        "day": "dan",
+        "delete_ays": "Prosimo, potrdite postopek brisanja.",
+        "direct_aliases": "Neposredni vzdevki",
+        "eas_reset": "Ponastavi predpomnilnik naprave ActiveSync",
+        "eas_reset_help": "V mnogih primerih bo ponastavitev predpomnilnika naprave pomagala obnoviti pokvarjen profil ActiveSync.<br><b>Pozor:</b> Vsi elementi bodo ponovno preneseni!",
+        "eas_reset_now": "Ponastavi zdaj",
+        "edit": "Uredi",
+        "email": "E-pošta",
+        "email_and_dav": "E-pošta, koledarji in stiki",
+        "empty": "Ni rezultatov",
+        "encryption": "Šifriranje",
+        "excludes": "Izključuje",
+        "expire_in": "Poteče čez",
+        "fido2_webauthn": "FIDO2/WebAuthn",
+        "from": "od",
+        "generate": "ustvari",
+        "hour": "ura",
+        "hourly": "Urno",
+        "hours": "ure",
+        "in_use": "Uporabljeno",
+        "interval": "Interval",
+        "is_catch_all": "Vseobsegajoča povezava za domeno/e",
+        "last_mail_login": "Zadnja prijava v e-pošto",
+        "last_pw_change": "Zadnja sprememba gesla",
+        "last_run": "Zadnji zagon",
+        "last_ui_login": "Zadnja prijava v uporabniški vmesnik",
+        "loading": "Nalaganje ...",
+        "login_history": "Zgodovina prijav",
+        "mailbox": "Poštni nabiralnik",
+        "mailbox_details": "Podrobnosti",
+        "mailbox_general": "Splošno",
+        "mailbox_settings": "Nastavitve",
+        "messages": "sporočila",
+        "month": "mesec",
+        "months": "meseci",
+        "never": "Nikoli",
+        "new_password_repeat": "Potrditveno geslo (ponovite)",
+        "no_active_filter": "Ni aktivnega filtra",
+        "no_last_login": "Ni zadnjih podatkov za prijavo v uporabniški vmesnik",
+        "no_record": "Ni zapisa",
+        "open_logs": "Odpri dnevnike",
+        "overview": "Pregled",
+        "password": "Geslo",
+        "password_now": "Trenutno geslo (potrdite spremembe)",
+        "password_repeat": "Geslo (ponovite)",
+        "protocols": "Protokoli",
+        "pushover_evaluate_x_prio": "Eskalacija e-pošte z visoko prioriteto [<code>X-Priority: 1</code>]",
+        "pushover_info": "Nastavitve potisnih obvestil bodo veljale za vso čisto (ne neželeno) pošto, dostavljeno na <b>%s</b>, vključno z vzdevki (v skupni rabi, brez skupne rabe, označeni).",
+        "pushover_only_x_prio": "Upoštevaj samo pošto z visoko prioriteto [<code>X-Priority: 1</code>]",
+        "pushover_sender_regex": "Poišči ujemanje pošiljateljev z naslednjim regularnim izrazom",
+        "pushover_text": "Besedilo obvestila",
+        "pushover_title": "Naslov obvestila",
+        "pushover_sound": "Zvok",
+        "pushover_verify": "Preverite poverilnice",
+        "pw_recovery_email": "E-poštno sporočilo za obnovitev gesla",
+        "q_add_header": "Mapa z neželeno pošto",
+        "q_reject": "Zavrnjeno",
+        "quarantine_category": "Kategorija obvestil o karanteni",
+        "quarantine_category_info": "Kategorija obvestil »Zavrnjeno« vključuje zavrnjeno pošto, medtem ko »Mapa z neželeno pošto« obvesti uporabnika o e-pošti, ki je bila premaknjena v mapo z neželeno pošto.",
+        "quarantine_notification": "Obvestila o karanteni",
+        "recent_successful_connections": "Videne uspešne povezave",
+        "remove": "Odstrani",
+        "running": "V teku",
+        "save": "Shrani spremembe",
+        "save_changes": "Shrani spremembe",
+        "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">Preverjanje pošiljatelja je onemogočeno</span>",
+        "shared_aliases": "Skupni vzdevki",
+        "show_sieve_filters": "Prikaži filter sita aktivnega uporabnika",
+        "sogo_profile_reset": "Ponastavi profil SOGo",
+        "sogo_profile_reset_help": "S tem boste uničili uporabnikov profil SOGo in <b>nepovratno izbrisali vse stike in podatke koledarja</b>.",
+        "sogo_profile_reset_now": "Ponastavi profil zdaj",
+        "spam_aliases": "Začasni vzdevki e-pošte",
+        "spam_score_reset": "Ponastavi na privzete nastavitve strežnika",
+        "spamfilter": "Filter neželene pošte",
+        "spamfilter_behavior": "Ocena",
+        "spamfilter_bl": "Črna lista",
+        "spamfilter_default_score": "Privzete vrednosti",
+        "spamfilter_green": "Zelena: to sporočilo ni neželena pošta",
+        "spamfilter_hint": "Prva vrednost opisuje »nizko oceno neželene pošte«, druga pa »visoko oceno neželene pošte«.",
+        "spamfilter_red": "Rdeča: To sporočilo je neželena pošta in ga bo strežnik zavrnil.",
+        "spamfilter_table_action": "Dejanje",
+        "spamfilter_table_add": "Dodaj element",
+        "spamfilter_table_domain_policy": "ni na voljo (pravilnik domene)",
+        "spamfilter_table_empty": "Ni podatkov za prikaz",
+        "spamfilter_table_remove": "odstrani",
+        "spamfilter_table_rule": "Pravilo",
+        "spamfilter_wl": "Bela lista",
+        "spamfilter_yellow": "Rumena: to sporočilo je morda neželena pošta, označeno bo kot neželena pošta in premaknjeno v mapo z neželeno pošto",
+        "status": "Stanje",
+        "sync_jobs": "Sinhronizacija opravil",
+        "syncjob_check_log": "Preveri dnevnik",
+        "syncjob_last_run_result": "Rezultat zadnjega zagona",
+        "syncjob_EXIT_CONNECTION_FAILURE": "Težava s povezavo",
+        "syncjob_EXIT_TLS_FAILURE": "Težava s šifrirano povezavo",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Težava z overjanjem",
+        "syncjob_EXIT_OVERQUOTA": "Ciljni poštni predal presega kvoto",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Ni mogoče vzpostaviti povezave z oddaljenim strežnikom",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Napačno uporabniško ime ali geslo",
+        "tag_handling": "Nastavitev obravnave označene pošte",
+        "tag_help_example": "Primer označenega e-poštnega naslova: jaz<b>+Facebook</b>@example.org",
+        "tag_in_none": "Ne naredi ničesar",
+        "tag_in_subfolder": "V podmapi",
+        "tag_in_subject": "V zadevi",
+        "text": "Besedilo",
+        "tfa_info": "Dvofaktorska avtentikacija pomaga zaščititi vaš račun. Če jo omogočite, boste za prijavo v aplikacije ali storitve, ki ne podpirajo dvofaktorske avtentikacije (npr. poštni odjemalci), potrebovali gesla za aplikacije.",
+        "tls_enforce_in": "Uveljavi dohodni TLS",
+        "tls_enforce_out": "Uveljavi odhodni TLS",
+        "tls_policy": "Pravilnik o šifriranju",
+        "user_settings": "Uporabniške nastavitve",
+        "username": "Uporabniško ime",
+        "value": "Vrednost",
+        "week": "teden",
+        "weekly": "Tedensko",
+        "weeks": "tedni",
+        "with_app_password": "z geslom za aplikacijo",
+        "year": "leto",
+        "years": "leta",
+        "waiting": "Čakanje",
+        "q_all": "Vse kategorije",
+        "syncjob_EX_OK": "Uspeh"
+    },
+    "warning": {
+        "cannot_delete_self": "Prijavljenega uporabnika ni mogoče izbrisati",
+        "domain_added_sogo_failed": "Domena je bila dodana, vendar ponovni zagon SOGo ni uspel. Preverite dnevnike strežnika.",
+        "dovecot_restart_failed": "Dovecota ni uspelo znova zagnati, preverite dnevnike.",
+        "fuzzy_learn_error": "Napaka učenja mehkega zgoščevanja: %s",
+        "hash_not_found": "Zgoščena vrednost ni bila najdena ali je bila že izbrisana",
+        "ip_invalid": "Preskočen neveljaven IP: %s",
+        "is_not_primary_alias": "Preskočen neprimarni vzdevek %s",
+        "no_active_admin": "Zadnjega aktivnega skrbnika ni mogoče deaktivirati",
+        "quota_exceeded_scope": "Kvota domene presežena: V tem obsegu domene je mogoče ustvariti le neomejeno število poštnih predalov.",
+        "session_token": "Neveljaven žeton obrazca: Neujemanje žetonov",
+        "session_ua": "Neveljaven žeton obrazca: Napaka pri preverjanju uporabniškega agenta"
     }
 }

From 1e4f3c55d82503dffa7987499c877780ae7d00d6 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Tue, 1 Jul 2025 17:14:24 +0200
Subject: [PATCH 587/755] [Web] Updated lang.pt-pt.json (#6614)

Co-authored-by: luiscanato <luiscanato@gmail.com>
---
 data/web/lang/lang.pt-pt.json | 65 +++++++++++++++++++++++++++++++----
 1 file changed, 59 insertions(+), 6 deletions(-)

diff --git a/data/web/lang/lang.pt-pt.json b/data/web/lang/lang.pt-pt.json
index baa90f797..fafb957c9 100644
--- a/data/web/lang/lang.pt-pt.json
+++ b/data/web/lang/lang.pt-pt.json
@@ -1,7 +1,7 @@
 {
     "add": {
         "active": "Ativo",
-        "add": "Salvar",
+        "add": "Guardar",
         "alias_address": "Apelidos:",
         "alias_address_info": "<small>Endereço de email completo ou @example.com, para uma conta coringa -catch all. (separado por vírgula). <b>apenas domínios cadastrados</b>.</small>",
         "alias_domain": "Encaminhamento de Domínio",
@@ -17,7 +17,7 @@
         "max_mailboxes": "Máximo de contas:",
         "password": "Senha:",
         "password_repeat": "Confirmar a senha (repetir):",
-        "port": "Port",
+        "port": "Porta",
         "quota_mb": "Espaço (MiB):",
         "relay_all": "Relay para todas as contas",
         "relay_all_info": "<small>Se <b>não</b> selecionar para retransmitir todas as contas, você deve adicionar uma (\"blind\") para cada conta que será direcionada.</small>",
@@ -27,13 +27,25 @@
         "target_address": "Encaminhar para:",
         "target_address_info": "<small>Endereço de email completo (separado por vírgulas).</small>",
         "target_domain": "Domínio de Destino:",
-        "username": "Administrador"
+        "username": "Nome de utilizador",
+        "app_name": "Nome da App",
+        "destination": "Destino",
+        "generate": "gerar",
+        "private_comment": "Comentário privado",
+        "inactive": "Inativo",
+        "public_comment": "Comentário público",
+        "sieve_desc": "Breve descrição",
+        "sieve_type": "Tipo de filtro",
+        "subscribeall": "Subscrever todas as pastas",
+        "syncjob": "Adicionar sincronização",
+        "validate": "Validar",
+        "validation_success": "Validado com sucesso"
     },
     "admin": {
         "access": "Acessos",
         "action": "Ação",
         "active": "Ativo",
-        "add": "Salvar",
+        "add": "Adicionar",
         "add_domain_admin": "Adicionar administrador de domínio(s)",
         "admin": "Administrador",
         "admin_details": "Editar informações do administrator",
@@ -58,7 +70,43 @@
         "search_domain_da": "Selecione o(s) domínio(s)",
         "spamfilter": "Filtro de Spam",
         "unchanged_if_empty": "Deixar em branco para não alterar",
-        "username": "Administrador"
+        "username": "Administrador",
+        "add_row": "Adicionar linha",
+        "add_transport": "Adicionar transporte",
+        "change_logo": "Alterar logo",
+        "filter": "Filtro",
+        "iam_port": "Porta",
+        "iam_use_ssl": "Usar SSL",
+        "iam_version": "Versão",
+        "import": "Importar",
+        "import_private_key": "Importar chave privada",
+        "message": "Mensagem",
+        "dkim_private_key": "Chave privada",
+        "customize": "Personalizar",
+        "destination": "Destino",
+        "dkim_from": "De",
+        "activate_api": "Ativar API",
+        "add_admin": "Adicionar administrador",
+        "admins": "Administradores",
+        "advanced_settings": "Configurações avançadas",
+        "api_key": "Chave API",
+        "api_read_only": "Acesso leitura",
+        "api_read_write": "Acesso leitura e escrita",
+        "login_page": "Página de login",
+        "dkim_key_missing": "Chave em falta",
+        "dkim_key_valid": "Chave válida",
+        "dkim_to": "Para",
+        "domain_admin": "Administrador de dominio",
+        "domain_s": "Dominio(s)",
+        "duplicate": "Duplicar",
+        "duplicate_dkim": "Duplicar registo DKIM",
+        "empty": "Sem resultados",
+        "excludes": "Excluir estes recipientes",
+        "f2b_filter": "Filtros de regex",
+        "from": "De",
+        "generate": "gerar",
+        "html": "HTML",
+        "iam_import_users": "Importar Utilizadores"
     },
     "danger": {
         "access_denied": "Acesso negado ou dados inválidos",
@@ -270,5 +318,10 @@
         "username": "Administrador",
         "week": "Semana",
         "weeks": "Semanas"
+    },
+    "acl": {
+        "tls_policy": "Política de TLS",
+        "quarantine_attachments": "Anexos de quarentena",
+        "filters": "Filtros"
     }
-}
\ No newline at end of file
+}

From 2fbbbbe9a981ed90834ee838016a3842915a00bd Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Wed, 2 Jul 2025 08:59:29 +0200
Subject: [PATCH 588/755] [Dovecot] Use Jinja2 sandbox for rendering quota and
 quarantine notifications

---
 data/Dockerfiles/dovecot/quarantine_notify.py | 26 ++++++++++++-------
 data/Dockerfiles/dovecot/quota_notify.py      | 22 +++++++++++-----
 docker-compose.yml                            |  2 +-
 3 files changed, 32 insertions(+), 18 deletions(-)

diff --git a/data/Dockerfiles/dovecot/quarantine_notify.py b/data/Dockerfiles/dovecot/quarantine_notify.py
index dfcb1f2c6..824d4092f 100755
--- a/data/Dockerfiles/dovecot/quarantine_notify.py
+++ b/data/Dockerfiles/dovecot/quarantine_notify.py
@@ -8,7 +8,8 @@ from email.mime.multipart import MIMEMultipart
 from email.mime.text import MIMEText
 from email.utils import COMMASPACE, formatdate
 import jinja2
-from jinja2 import Template
+from jinja2 import TemplateError
+from jinja2.sandbox import SandboxedEnvironment
 import json
 import redis
 import time
@@ -80,17 +81,22 @@ try:
     if len(meta_query) == 0:
       return
     msg_count = len(meta_query)
+    env = SandboxedEnvironment()
     if r.get('Q_HTML'):
-      try:
-        template = Template(r.get('Q_HTML'))
-      except:
-        print("Error: Cannot parse quarantine template, falling back to default template.")
-        with open('/templates/quarantine.tpl') as file_:
-          template = Template(file_.read())
+        try:
+            template = env.from_string(r.get('Q_HTML'))
+        except Exception:
+            print("Error: Cannot parse quarantine template, falling back to default template.")
+            with open('/templates/quarantine.tpl') as file_:
+                template = env.from_string(file_.read())
     else:
-      with open('/templates/quarantine.tpl') as file_:
-        template = Template(file_.read())
-    html = template.render(meta=meta_query, username=rcpt, counter=msg_count, hostname=mailcow_hostname, quarantine_acl=quarantine_acl)
+        with open('/templates/quarantine.tpl') as file_:
+            template = env.from_string(file_.read())
+    try:
+        html = template.render(meta=meta_query, username=rcpt, counter=msg_count, hostname=mailcow_hostname, quarantine_acl=quarantine_acl)
+    except (jinja2.exceptions.SecurityError, TemplateError) as ex:
+        print(f"SecurityError or TemplateError in template rendering: {ex}")
+        return
     text = html2text.html2text(html)
     count = 0
     while count < 15:
diff --git a/data/Dockerfiles/dovecot/quota_notify.py b/data/Dockerfiles/dovecot/quota_notify.py
index 598134e22..99be7cc68 100755
--- a/data/Dockerfiles/dovecot/quota_notify.py
+++ b/data/Dockerfiles/dovecot/quota_notify.py
@@ -6,7 +6,7 @@ from email.mime.multipart import MIMEMultipart
 from email.mime.text import MIMEText
 from email.utils import COMMASPACE, formatdate
 import jinja2
-from jinja2 import Template
+from jinja2.sandbox import SandboxedEnvironment
 import redis
 import time
 import json
@@ -33,16 +33,24 @@ while True:
 
 if r.get('QW_HTML'):
   try:
-    template = Template(r.get('QW_HTML'))
-  except:
-    print("Error: Cannot parse quarantine template, falling back to default template.")
+    env = SandboxedEnvironment()
+    template = env.from_string(r.get('QW_HTML'))
+  except Exception:
+    print("Error: Cannot parse quota template, falling back to default template.")
     with open('/templates/quota.tpl') as file_:
-      template = Template(file_.read())
+      env = SandboxedEnvironment()
+      template = env.from_string(file_.read())
 else:
   with open('/templates/quota.tpl') as file_:
-    template = Template(file_.read())
+    env = SandboxedEnvironment()
+    template = env.from_string(file_.read())
+
+try:
+  html = template.render(username=username, percent=percent)
+except (jinja2.exceptions.SecurityError, jinja2.TemplateError) as ex:
+  print(f"SecurityError or TemplateError in template rendering: {ex}")
+  sys.exit(1)
 
-html = template.render(username=username, percent=percent)
 text = html2text.html2text(html)
 
 try:
diff --git a/docker-compose.yml b/docker-compose.yml
index a67475316..6db20454e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -251,7 +251,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: ghcr.io/mailcow/dovecot:2.33
+      image: ghcr.io/mailcow/dovecot:2.34
       depends_on:
         - mysql-mailcow
         - netfilter-mailcow

From ec6dbb099aa4ae559b10217906a62da694c6f182 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Wed, 2 Jul 2025 10:37:23 +0200
Subject: [PATCH 589/755] [ACME] Remove deprecated ACME_CONTACT variable

---
 data/Dockerfiles/acme/acme.sh               | 14 +------
 data/Dockerfiles/acme/obtain-certificate.sh |  4 +-
 docker-compose.yml                          |  3 +-
 generate_config.sh                          |  7 ----
 update.sh                                   | 44 ++++++++++-----------
 5 files changed, 25 insertions(+), 47 deletions(-)

diff --git a/data/Dockerfiles/acme/acme.sh b/data/Dockerfiles/acme/acme.sh
index a6766efd0..15b757ff9 100755
--- a/data/Dockerfiles/acme/acme.sh
+++ b/data/Dockerfiles/acme/acme.sh
@@ -159,18 +159,6 @@ while true; do
   fi
   if [[ ! -f ${ACME_BASE}/acme/account.pem ]]; then
     log_f "Generating missing Lets Encrypt account key..."
-    if [[ ! -z ${ACME_CONTACT} ]]; then
-      if ! verify_email "${ACME_CONTACT}"; then
-        log_f "Invalid email address, will not start registration!"
-        sleep 365d
-        exec $(readlink -f "$0")
-      else
-        ACME_CONTACT_PARAMETER="--contact mailto:${ACME_CONTACT}"
-        log_f "Valid email address, using ${ACME_CONTACT} for registration"
-      fi
-    else
-      ACME_CONTACT_PARAMETER=""
-    fi
     openssl genrsa 4096 > ${ACME_BASE}/acme/account.pem
   else
     log_f "Using existing Lets Encrypt account key ${ACME_BASE}/acme/account.pem"
@@ -299,7 +287,7 @@ while true; do
     VALIDATED_CERTIFICATES+=("${CERT_NAME}")
 
     # obtain server certificate if required
-    ACME_CONTACT_PARAMETER=${ACME_CONTACT_PARAMETER} DOMAINS=${SERVER_SAN_VALIDATED[@]} /srv/obtain-certificate.sh rsa
+    DOMAINS=${SERVER_SAN_VALIDATED[@]} /srv/obtain-certificate.sh rsa
     RETURN="$?"
     if [[ "$RETURN" == "0" ]]; then # 0 = cert created successfully
       CERT_AMOUNT_CHANGED=1
diff --git a/data/Dockerfiles/acme/obtain-certificate.sh b/data/Dockerfiles/acme/obtain-certificate.sh
index 16c4e2588..f476bf666 100644
--- a/data/Dockerfiles/acme/obtain-certificate.sh
+++ b/data/Dockerfiles/acme/obtain-certificate.sh
@@ -93,8 +93,8 @@ until dig letsencrypt.org +time=3 +tries=1 @unbound > /dev/null; do
   sleep 2
 done
 log_f "Resolver OK"
-log_f "Using command acme-tiny ${DIRECTORY_URL} ${ACME_CONTACT_PARAMETER} --account-key ${ACME_BASE}/acme/account.pem --disable-check --csr ${CSR} --acme-dir /var/www/acme/"
-ACME_RESPONSE=$(acme-tiny ${DIRECTORY_URL} ${ACME_CONTACT_PARAMETER} \
+log_f "Using command acme-tiny ${DIRECTORY_URL} --account-key ${ACME_BASE}/acme/account.pem --disable-check --csr ${CSR} --acme-dir /var/www/acme/"
+ACME_RESPONSE=$(acme-tiny ${DIRECTORY_URL} \
   --account-key ${ACME_BASE}/acme/account.pem \
   --disable-check \
   --csr ${CSR} \
diff --git a/docker-compose.yml b/docker-compose.yml
index a67475316..edc2b10ff 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -440,12 +440,11 @@ services:
           condition: service_started
         unbound-mailcow:
           condition: service_healthy
-      image: ghcr.io/mailcow/acme:1.92
+      image: ghcr.io/mailcow/acme:1.93
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:
         - LOG_LINES=${LOG_LINES:-9999}
-        - ACME_CONTACT=${ACME_CONTACT:-}
         - ADDITIONAL_SAN=${ADDITIONAL_SAN}
         - AUTODISCOVER_SAN=${AUTODISCOVER_SAN:-y}
         - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
diff --git a/generate_config.sh b/generate_config.sh
index c4396a9ce..61b72109c 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -498,13 +498,6 @@ DOVECOT_MASTER_USER=
 # LEAVE EMPTY IF UNSURE
 DOVECOT_MASTER_PASS=
 
-# Let's Encrypt registration contact information
-# Optional: Leave empty for none
-# This value is only used on first order!
-# Setting it at a later point will require the following steps:
-# https://docs.mailcow.email/troubleshooting/debug-reset_tls/
-ACME_CONTACT=
-
 # WebAuthn device manufacturer verification
 # After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed
 # root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates
diff --git a/update.sh b/update.sh
index e4e88afb3..2c6cbaff2 100755
--- a/update.sh
+++ b/update.sh
@@ -353,7 +353,6 @@ adapt_new_options() {
   "DOVECOT_MASTER_PASS"
   "MAILCOW_PASS_SCHEME"
   "ADDITIONAL_SERVER_NAMES"
-  "ACME_CONTACT"
   "WATCHDOG_VERBOSE"
   "WEBAUTHN_ONLY_TRUSTED_VENDORS"
   "SPAMHAUS_DQS_KEY"
@@ -599,16 +598,6 @@ adapt_new_options() {
         echo '# Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f' >> mailcow.conf
         echo 'ADDITIONAL_SERVER_NAMES=' >> mailcow.conf
       fi
-    elif [[ ${option} == "ACME_CONTACT" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Lets Encrypt registration contact information' >> mailcow.conf
-        echo '# Optional: Leave empty for none' >> mailcow.conf
-        echo '# This value is only used on first order!' >> mailcow.conf
-        echo '# Setting it at a later point will require the following steps:' >> mailcow.conf
-        echo '# https://docs.mailcow.email/troubleshooting/debug-reset_tls/' >> mailcow.conf
-        echo 'ACME_CONTACT=' >> mailcow.conf
-      fi
     elif [[ ${option} == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then
       if ! grep -q ${option} mailcow.conf; then
         echo "Adding new option \"${option}\" to mailcow.conf"
@@ -761,6 +750,26 @@ detect_major_update() {
   fi
 }
 
+remove_obsolete_options() {
+  OBSOLETE_OPTIONS=(
+    "ACME_CONTACT"
+  )
+
+  for option in "${OBSOLETE_OPTIONS[@]}"; do
+    if [[ "$option" == "ACME_CONTACT" ]]; then
+      sed -i '/^# Lets Encrypt registration contact information/d' mailcow.conf
+      sed -i '/^# Optional: Leave empty for none/d' mailcow.conf
+      sed -i '/^# This value is only used on first order!/d' mailcow.conf
+      sed -i '/^# Setting it at a later point will require the following steps:/d' mailcow.conf
+      sed -i '/^# https:\/\/docs.mailcow.email\/troubleshooting\/debug-reset_tls\//d' mailcow.conf
+      sed -i '/^ACME_CONTACT=.*/d' mailcow.conf
+      sed -i '/^#ACME_CONTACT=.*/d' mailcow.conf
+    else
+      sed -i "/^${option}=.*/d" mailcow.conf
+      sed -i "/^#${option}=.*/d" mailcow.conf
+    fi
+  done
+}
 ############## End Function Section ##############
 
 # Check permissions
@@ -996,7 +1005,6 @@ CONFIG_ARRAY=(
   "DOVECOT_MASTER_PASS"
   "MAILCOW_PASS_SCHEME"
   "ADDITIONAL_SERVER_NAMES"
-  "ACME_CONTACT"
   "WATCHDOG_VERBOSE"
   "WEBAUTHN_ONLY_TRUSTED_VENDORS"
   "SPAMHAUS_DQS_KEY"
@@ -1232,17 +1240,6 @@ for option in "${CONFIG_ARRAY[@]}"; do
       echo '# in the reverse proxy.' >> mailcow.conf
       echo 'AUTODISCOVER_SAN=y' >> mailcow.conf
     fi
-
-  elif [[ "${option}" == "ACME_CONTACT" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Lets Encrypt registration contact information' >> mailcow.conf
-      echo '# Optional: Leave empty for none' >> mailcow.conf
-      echo '# This value is only used on first order!' >> mailcow.conf
-      echo '# Setting it at a later point will require the following steps:' >> mailcow.conf
-      echo '# https://docs.mailcow.email/troubleshooting/debug-reset_tls/' >> mailcow.conf
-      echo 'ACME_CONTACT=' >> mailcow.conf
-    fi
   elif [[ "${option}" == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then
     if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
@@ -1488,6 +1485,7 @@ done
 [[ -f data/conf/nginx/ZZZ-ejabberd.conf ]] && rm data/conf/nginx/ZZZ-ejabberd.conf
 migrate_solr_config_options
 adapt_new_options
+remove_obsolete_options
 
 # Silently fixing remote url from andryyy to mailcow
 # git remote set-url origin https://github.com/mailcow/mailcow-dockerized

From b12ce1eacd6ae74c9eb3d1570c8cbc79a7a7a174 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Wed, 2 Jul 2025 17:12:06 +0200
Subject: [PATCH 590/755] update postscreen_access.cidr (#6611)

---
 data/conf/postfix/postscreen_access.cidr | 38 ++++++++++++++++++------
 1 file changed, 29 insertions(+), 9 deletions(-)

diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr
index 57425e5df..259bd062b 100644
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@@ -1,6 +1,6 @@
-# Whitelist generated by Postwhite v3.4 on Sun Jun  1 00:24:21 UTC 2025
+# Whitelist generated by Postwhite v3.4 on Tue Jul  1 00:22:55 UTC 2025
 # https://github.com/stevejenkins/postwhite/
-# 2132 total rules
+# 2105 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
 2a01:111:f403:8000::/50	permit
@@ -19,6 +19,7 @@
 2c0f:fb50:4000::/36	permit
 2.207.151.53	permit
 2.207.217.30	permit
+3.64.237.68	permit
 3.65.3.180	permit
 3.70.123.177	permit
 3.72.182.33	permit
@@ -41,7 +42,7 @@
 8.40.222.0/23	permit
 8.40.222.250/31	permit
 12.130.86.238	permit
-13.107.246.38	permit
+13.107.246.51	permit
 13.110.208.0/21	permit
 13.110.209.0/24	permit
 13.110.216.0/22	permit
@@ -64,9 +65,11 @@
 18.156.89.250	permit
 18.156.205.64	permit
 18.157.243.190	permit
+18.158.153.154	permit
 18.194.95.56	permit
 18.197.217.180	permit
 18.198.96.88	permit
+18.199.210.3	permit
 18.207.52.234	permit
 18.208.124.128/25	permit
 18.216.232.154	permit
@@ -144,15 +147,22 @@
 34.141.160.224	permit
 34.193.58.168	permit
 34.195.217.107	permit
+34.197.10.50	permit
+34.197.254.9	permit
+34.198.94.229	permit
+34.198.218.121	permit
 34.212.163.75	permit
 34.215.104.144	permit
+34.218.115.239	permit
 34.218.116.3	permit
 34.225.212.172	permit
+35.83.148.184	permit
+35.155.198.111	permit
 35.158.23.94	permit
 35.161.32.253	permit
+35.162.73.231	permit
 35.167.93.243	permit
 35.176.132.251	permit
-35.191.0.0/16	permit
 35.205.92.9	permit
 35.228.216.85	permit
 35.242.169.159	permit
@@ -169,6 +179,7 @@
 40.233.83.78	permit
 40.233.88.28	permit
 44.206.138.57	permit
+44.210.169.44	permit
 44.217.45.156	permit
 44.236.56.93	permit
 44.238.220.251	permit
@@ -228,6 +239,7 @@
 46.243.88.177	permit
 46.243.95.179	permit
 46.243.95.180	permit
+50.16.246.183	permit
 50.18.45.249	permit
 50.18.121.236	permit
 50.18.121.248	permit
@@ -241,18 +253,23 @@
 50.56.130.220	permit
 50.56.130.221	permit
 50.56.130.222	permit
+50.112.246.219	permit
 52.1.14.157	permit
 52.5.230.59	permit
+52.12.53.23	permit
 52.13.214.179	permit
 52.26.1.71	permit
 52.27.5.72	permit
 52.27.28.47	permit
 52.28.63.81	permit
+52.28.197.132	permit
 52.34.181.151	permit
+52.35.192.45	permit
 52.36.138.31	permit
 52.37.142.146	permit
 52.42.203.116	permit
 52.50.24.208	permit
+52.57.120.243	permit
 52.58.216.183	permit
 52.59.143.3	permit
 52.60.41.5	permit
@@ -295,6 +312,7 @@
 54.174.63.0/24	permit
 54.186.193.102	permit
 54.191.223.56	permit
+54.211.126.101	permit
 54.213.20.246	permit
 54.214.39.184	permit
 54.240.0.0/18	permit
@@ -320,6 +338,8 @@
 63.143.57.128/25	permit
 63.143.59.128/25	permit
 63.176.194.123	permit
+63.178.132.221	permit
+63.178.143.178	permit
 64.18.0.0/20	permit
 64.20.241.45	permit
 64.69.212.0/24	permit
@@ -388,8 +408,8 @@
 65.154.166.0/24	permit
 65.212.180.36	permit
 66.102.0.0/20	permit
+66.102.0.0/21	permit
 66.119.150.192/26	permit
-66.162.193.226/31	permit
 66.163.184.0/24	permit
 66.163.185.0/24	permit
 66.163.186.0/24	permit
@@ -595,7 +615,6 @@
 74.86.241.250/31	permit
 74.112.67.243	permit
 74.125.0.0/16	permit
-74.202.227.40	permit
 74.208.4.200	permit
 74.208.4.201	permit
 74.208.4.220	permit
@@ -1402,7 +1421,6 @@
 129.213.195.191	permit
 130.61.9.72	permit
 130.162.39.83	permit
-130.211.0.0/22	permit
 130.248.172.0/24	permit
 130.248.173.0/24	permit
 131.253.30.0/24	permit
@@ -1593,6 +1611,7 @@
 168.138.5.36	permit
 168.138.73.51	permit
 168.138.77.31	permit
+168.138.237.153	permit
 168.245.0.0/17	permit
 168.245.12.252	permit
 168.245.46.9	permit
@@ -1846,11 +1865,11 @@
 204.92.114.187	permit
 204.92.114.203	permit
 204.92.114.204/31	permit
-204.141.32.0/23	permit
-204.141.42.0/23	permit
+204.216.164.202	permit
 204.220.160.0/21	permit
 204.220.168.0/21	permit
 204.220.176.0/20	permit
+204.220.181.105	permit
 204.232.168.0/24	permit
 205.139.110.0/24	permit
 205.201.128.0/20	permit
@@ -2030,6 +2049,7 @@
 216.17.150.242	permit
 216.17.150.251	permit
 216.24.224.0/20	permit
+216.27.86.152/31	permit
 216.39.60.154/31	permit
 216.39.60.156/30	permit
 216.39.60.160/30	permit

From fc43c26c4852d741311a867cf5aa39ae58b77a14 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Thu, 3 Jul 2025 12:38:28 +0200
Subject: [PATCH 591/755] Remove obsolete ACME_CONTACT option and related
 comments from mailcow.conf

---
 update.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/update.sh b/update.sh
index 2c6cbaff2..b7d22bf8a 100755
--- a/update.sh
+++ b/update.sh
@@ -758,6 +758,7 @@ remove_obsolete_options() {
   for option in "${OBSOLETE_OPTIONS[@]}"; do
     if [[ "$option" == "ACME_CONTACT" ]]; then
       sed -i '/^# Lets Encrypt registration contact information/d' mailcow.conf
+      sed -i "/^# Let's Encrypt registration contact information/d" mailcow.conf
       sed -i '/^# Optional: Leave empty for none/d' mailcow.conf
       sed -i '/^# This value is only used on first order!/d' mailcow.conf
       sed -i '/^# Setting it at a later point will require the following steps:/d' mailcow.conf

From d5b30a7a0870ba14377ab02e143ec25d3c2b1c6d Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sun, 6 Jul 2025 16:42:58 +0200
Subject: [PATCH 592/755] [Web] Updated lang.pt-pt.json (#6622)

Co-authored-by: luiscanato <luiscanato@gmail.com>
---
 data/web/lang/lang.pt-pt.json | 50 +++++++++++++++++++++++++++++------
 1 file changed, 42 insertions(+), 8 deletions(-)

diff --git a/data/web/lang/lang.pt-pt.json b/data/web/lang/lang.pt-pt.json
index fafb957c9..e86391fa7 100644
--- a/data/web/lang/lang.pt-pt.json
+++ b/data/web/lang/lang.pt-pt.json
@@ -39,7 +39,8 @@
         "subscribeall": "Subscrever todas as pastas",
         "syncjob": "Adicionar sincronização",
         "validate": "Validar",
-        "validation_success": "Validado com sucesso"
+        "validation_success": "Validado com sucesso",
+        "app_passwd_protocols": "Protocolos permitidos para senha de aplicação"
     },
     "admin": {
         "access": "Acessos",
@@ -106,7 +107,11 @@
         "from": "De",
         "generate": "gerar",
         "html": "HTML",
-        "iam_import_users": "Importar Utilizadores"
+        "iam_import_users": "Importar Utilizadores",
+        "ui_header_announcement_content": "Texto (HTML permitido)",
+        "ui_footer": "Rodapé (HTML permitido)",
+        "activate_send": "Ativar botão de envio",
+        "help_text": "Anular texto de ajuda abaixo da máscara de login (HTML permitido)"
     },
     "danger": {
         "access_denied": "Acesso negado ou dados inválidos",
@@ -145,7 +150,10 @@
         "target_domain_invalid": "O endereço de Domínio Destino é inválido",
         "targetd_not_found": "Domínio de Destino não encontrado",
         "username_invalid": "Nome de utilizador inválido",
-        "validity_missing": "Você deve definir um período de validade"
+        "validity_missing": "Você deve definir um período de validade",
+        "comment_too_long": "Comentário demasiado longo, máximo 160 chars permitidos",
+        "ip_list_empty": "Lista de IPs permitidos não pode estar vazia",
+        "last_key": "A última tecla não pode ser apagada, por favor desactivar a TFA."
     },
     "edit": {
         "active": "Ativo",
@@ -177,7 +185,9 @@
         "target_domain": "Domínio de Destino:",
         "title": "Editar dos Objetos",
         "unchanged_if_empty": "Deixar em branco para não modificar",
-        "username": "Administrador"
+        "username": "Administrador",
+        "app_passwd_protocols": "Protocolos permitidos para palavra-passe de aplicação",
+        "allowed_protocols": "Protocolos permitidos para acesso direto do utilizador (não afeta os protocolos de palavra-passe da aplicação)"
     },
     "footer": {
         "loading": "Aguarde..."
@@ -234,11 +244,15 @@
         "target_domain": "Domínio Destino",
         "tls_enforce_in": "Forçar TLS na entrada",
         "tls_enforce_out": "Forçar TLS na saída",
-        "username": "Utilizador"
+        "username": "Utilizador",
+        "allowed_protocols": "Protocolos permitidos",
+        "activate": "Ativar",
+        "deactivate": "Desativar"
     },
     "quarantine": {
         "action": "Ação",
-        "remove": "Remover"
+        "remove": "Remover",
+        "check_hash": "Pesquisar hash de ficheiro @ VT"
     },
     "queue": {
         "queue_manager": "Queue Manager"
@@ -317,11 +331,31 @@
         "user_settings": "Configurações do utilizador",
         "username": "Administrador",
         "week": "Semana",
-        "weeks": "Semanas"
+        "weeks": "Semanas",
+        "aliases_also_send_as": "Também autorizado a enviar como utilizador",
+        "app_hint": "As senhas de aplicação são senhas alternativas para o seu login IMAP, SMTP, CalDAV, CardDAV e EAS. O nome de utilizador permanece inalterado. O webmail SOGo não está disponível através de passwords de aplicação.",
+        "allowed_protocols": "Protocolos permitidos"
     },
     "acl": {
         "tls_policy": "Política de TLS",
         "quarantine_attachments": "Anexos de quarentena",
-        "filters": "Filtros"
+        "filters": "Filtros",
+        "smtp_ip_access": "Mudar anfitriões permitidos para SMTP"
+    },
+    "warning": {
+        "no_active_admin": "Não é possível desactivar o último administrador activo"
+    },
+    "tfa": {
+        "u2f_deprecated": "Parece que a sua chave foi registada usando o método U2F depreciado. Desactivaremos dois factores-autenticação para si e apagaremos a sua Chave.",
+        "none": "Desativar"
+    },
+    "datatables": {
+        "search": "Procurar:",
+        "info": "A mostrar _START_ a _END_ de _TOTAL_ entradas",
+        "infoEmpty": "A mostrar 0 a 0 de 0 entradas",
+        "aria": {
+            "sortAscending": ": activar para ordenar a coluna ascendente",
+            "sortDescending": ": activar para ordenar a coluna descendente"
+        }
     }
 }

From 4c7a9ed1953e986ee76dc68a74a78d18414bd053 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sun, 13 Jul 2025 16:20:40 +0200
Subject: [PATCH 593/755] Translations update from Weblate (#6629)

* [Web] Updated lang.fr-fr.json

Co-authored-by: Tagada <githubtagada@cant.at>

* [Web] Updated lang.pl-pl.json

Co-authored-by: robsonek <admin@licytant.pl>

---------

Co-authored-by: Tagada <githubtagada@cant.at>
Co-authored-by: robsonek <admin@licytant.pl>
---
 data/web/lang/lang.fr-fr.json | 3 ++-
 data/web/lang/lang.pl-pl.json | 5 +++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index 313d6663c..07ac641b8 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -406,7 +406,8 @@
         "iam_extra_permission": "Pour que les paramètres suivants fonctionnent, le client mailcow dans Keycloak a besoin d'un <code>Compte de service</code> et de l'autorisation de <code>voir les utilisateurs</code>.",
         "iam_host": "Hôte",
         "iam_host_info": "Saisissez un ou plusieurs hôtes LDAP, séparés par des virgules.",
-        "iam_import_users": "Importer des utilisateurs"
+        "iam_import_users": "Importer des utilisateurs",
+        "filter": "Filtrer"
     },
     "danger": {
         "access_denied": "Accès refusé ou données de formulaire non valides",
diff --git a/data/web/lang/lang.pl-pl.json b/data/web/lang/lang.pl-pl.json
index 521c17779..02c892c64 100644
--- a/data/web/lang/lang.pl-pl.json
+++ b/data/web/lang/lang.pl-pl.json
@@ -2,7 +2,8 @@
     "acl": {
         "sogo_profile_reset": "Usuń profil SOGo (webmail)",
         "syncjobs": "Polecenie synchronizacji",
-        "alias_domains": "Dodaj aliasy domen"
+        "alias_domains": "Dodaj aliasy domen",
+        "delimiter_action": "Akcja oparta na separatorze"
     },
     "add": {
         "active": "Aktywny",
@@ -430,4 +431,4 @@
         "weekly": "Co tydzień",
         "weeks": "Tygodnie"
     }
-}
\ No newline at end of file
+}

From 1e5fcfe3922a4eeb755f0c2a218ea948820e0101 Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Wed, 16 Jul 2025 09:29:35 +0200
Subject: [PATCH 594/755] Bulgarian language added (#6623)

---
 data/web/inc/vars.inc.php     |    1 +
 data/web/lang/lang.bg-bg.json | 1398 ++++++++++++++++++++++++++++++++-
 2 files changed, 1398 insertions(+), 1 deletion(-)

diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php
index 62197e54a..802a41f95 100644
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@@ -83,6 +83,7 @@ $DEFAULT_LANG = 'en-gb';
 // https://en.wikipedia.org/wiki/IETF_language_tag
 $AVAILABLE_LANGUAGES = array(
   // 'ca-es' => 'Català (Catalan)',
+  'bg-bg' => 'Български (Bulgarian)',
   'cs-cz' => 'Čeština (Czech)',
   'da-dk' => 'Danish (Dansk)',
   'de-de' => 'Deutsch (German)',
diff --git a/data/web/lang/lang.bg-bg.json b/data/web/lang/lang.bg-bg.json
index 0967ef424..0d8632859 100644
--- a/data/web/lang/lang.bg-bg.json
+++ b/data/web/lang/lang.bg-bg.json
@@ -1 +1,1397 @@
-{}
+{
+  "acl": {
+    "alias_domains": "Добавяне на домейни за псевдоними",
+    "app_passwds": "Управление на пароли за приложения",
+    "bcc_maps": "BCC карти",
+    "delimiter_action": "Действие на разделител",
+    "domain_desc": "Промяна на описанието на домейна",
+    "domain_relayhost": "Промяна на релеен хост за домейн",
+    "eas_reset": "Нулиране на устройствата с ActiveSync",
+    "extend_sender_acl": "Разрешаване на разширяване на ACL на изпращащите от външни адреси",
+    "filters": "Филтри",
+    "login_as": "Вход като потребител на пощенска кутия",
+    "mailbox_relayhost": "Промяна на релеен хост за пощенска кутия",
+    "prohibited": "Забранено от ACL",
+    "protocol_access": "Промяна на достъпа до протоколи",
+    "pushover": "Pushover",
+    "pw_reset": "Разрешаване на нулиране на паролата на потребител на mailcow",
+    "quarantine": "Действия с карантина",
+    "quarantine_attachments": "Прикачени файлове в карантина",
+    "quarantine_category": "Промяна на категорията на уведомленията за карантина",
+    "quarantine_notification": "Промяна на уведомленията за карантина",
+    "ratelimit": "Ограничение на скоростта",
+    "recipient_maps": "Карти на получатели",
+    "smtp_ip_access": "Промяна на разрешените хостове за SMTP",
+    "sogo_access": "Разрешаване на управление на достъпа до SOGo",
+    "sogo_profile_reset": "Нулиране на профила на SOGo",
+    "spam_alias": "Временни псевдоними",
+    "spam_policy": "Черен/Бял списък",
+    "spam_score": "Резултат за спам",
+    "syncjobs": "Синхронизиращи задачи",
+    "tls_policy": "Политика за TLS",
+    "unlimited_quota": "Неограничена квота за пощенски кутии"
+  },
+  "add": {
+    "activate_filter_warn": "Всички други филтри ще бъдат деактивирани, когато активното е отбелязано.",
+    "active": "Активен",
+    "add": "Добавяне",
+    "add_domain_only": "Добавяне само на домейн",
+    "add_domain_restart": "Добавяне на домейн и рестартиране на SOGo",
+    "alias_address": "Адрес/и за псевдоним",
+    "alias_address_info": "<small>Пълни имейл адреси или @example.com, за да хванете всички съобщения за домейн (разделени с запетая). <b>само домейни на mailcow</b>.</small>",
+    "alias_domain": "Домейн за псевдоним",
+    "alias_domain_info": "<small>Валидни имена на домейни (разделени с запетая).</small>",
+    "app_name": "Име на приложението",
+    "app_password": "Добавяне на парола за приложение",
+    "app_passwd_protocols": "Разрешени протоколи за паролата на приложението",
+    "automap": "Опит за автоматично картографиране на папки (\"Изпратени\", \"Изпратени\" => \"Изпратени\" и т.н.)",
+    "backup_mx_options": "Опции за реле",
+    "bcc_dest_format": "BCC дестинацията трябва да бъде един валиден имейл адрес.<br>Ако имате нужда да изпратите копие до множество адреси, създайте псевдоним и го използвайте тук.",
+    "comment_info": "Частен коментар не е видим за потребителя, докато публичен коментар се показва като подсказка при преминаване с мишката върху него в прегледа на потребителя",
+    "custom_params": "Персонализирани параметри",
+    "custom_params_hint": "Дясно: --param=xy, грешно: --param xy",
+    "delete1": "Изтриване от източника след завършване",
+    "delete2": "Изтриване на съобщенията в дестинацията, които не са в източника",
+    "delete2duplicates": "Изтриване на дубликати в дестинацията",
+    "description": "Описание",
+    "destination": "Дестинация",
+    "disable_login": "Забраняване на вход (входящите съобщения все още се приемат)",
+    "domain": "Домейн",
+    "domain_matches_hostname": "Домейнът %s съвпада с името на хоста",
+    "domain_quota_m": "Обща квота на домейна (MiB)",
+    "dry": "Симулиране на синхронизация",
+    "enc_method": "Метод на криптиране",
+    "exclude": "Изключване на обекти (regex)",
+    "full_name": "Пълно име",
+    "gal": "Глобален адресен списък",
+    "gal_info": "Глобалният адресен списък съдържа всички обекти на домейна и не може да бъде редактиран от нито един потребител. Липсва информация за заетост/свободно време в SOGo, ако е деактивирано! <b>Рестартирайте SOGo, за да приложите промените.</b>",
+    "generate": "генериране",
+    "goto_ham": "Учен като <span class=\"text-success\"><b>не е спам</b></span>",
+    "goto_null": "Тихо изхвърляне на имейла",
+    "goto_spam": "Учен като <span class=\"text-danger\"><b>спам</b></span>",
+    "hostname": "Хост",
+    "inactive": "Неактивен",
+    "kind": "Вид",
+    "mailbox_quota_def": "Квота по подразбиране за пощенска кутия",
+    "mailbox_quota_m": "Макс. квота за пощенска кутия (MiB)",
+    "mailbox_username": "Потребителско име (лява част на имейл адрес)",
+    "max_aliases": "Макс. възможни псевдоними",
+    "max_mailboxes": "Макс. възможни пощенски кутии",
+    "mins_interval": "Интервал за проверка (минути)",
+    "multiple_bookings": "Множествени резервации",
+    "nexthop": "Следващ хоп",
+    "password": "Парола",
+    "password_repeat": "Потвърждаване на паролата (повторете)",
+    "port": "Порт",
+    "post_domain_add": "След добавянето на нов домейн, контейнерът на SOGo, \"sogo-mailcow\", трябва да бъде рестартиран!<br><br>Освен това, конфигурацията на DNS на домейна трябва да бъде прегледана. След като конфигурацията на DNS бъде одобрена, рестартирайте \"acme-mailcow\", за да генерирате автоматично сертификати за вашия нов домейн (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;).<br>Тази стъпка е опционална и ще бъде повторена всеки 24 часа.",
+    "private_comment": "Частен коментар",
+    "public_comment": "Публичен коментар",
+    "quota_mb": "Квота (MiB)",
+    "relay_all": "Реле на всички получатели",
+    "relay_all_info": "↪ Ако изберете да <b>не</b> релеирате всички получатели, ще трябва да добавите (\"скрита\") пощенска кутия за всеки отделен получател, който трябва да бъде релеиран.",
+    "relay_domain": "Реле на този домейн",
+    "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Инфо</div> Можете да дефинирате транспортни карти за персонализирана дестинация за този домейн. Ако не е зададено, ще бъде направен MX lookup.",
+    "relay_unknown_only": "Реле на несъществуващи пощенски кутии. Съществуващите пощенски кутии ще бъдат доставени локално.",
+    "relayhost_wrapped_tls_info": "Моля, <b>не</b> използвайте TLS-wrapped портове (най-често използвани на порт 465).<br>\r\nИзползвайте всеки не-wrapped порт и издайте STARTTLS. Политика за TLS може да бъде създадена в \"TLS политики\", за да се наложи TLS.",
+    "select": "Моля, изберете...",
+    "select_domain": "Моля, изберете първо домейн",
+    "sieve_desc": "Кратко описание",
+    "sieve_type": "Тип на филтър",
+    "skipcrossduplicates": "Пропускане на дублирани съобщения между папки (първи дошъл, първи обслужен)",
+    "subscribeall": "Абониране за всички папки",
+    "syncjob": "Добавяне на синхронизираща задача",
+    "syncjob_hint": "Имайте предвид, че паролите трябва да бъдат запазени като обикновен текст!",
+    "tags": "Тагове",
+    "target_address": "Адреси за пренасочване",
+    "target_address_info": "<small>Пълни имейл адреси (разделени с запетая).</small>",
+    "target_domain": "Целеви домейн",
+    "timeout1": "Таймаут за връзка с отдалечен хост",
+    "timeout2": "Таймаут за връзка с локален хост",
+    "username": "Потребителско име",
+    "validate": "Валидиране",
+    "validation_success": "Успешно валидиране"
+  },
+  "admin": {
+    "access": "Достъп",
+    "action": "Действие",
+    "activate_api": "Активиране на API",
+    "activate_send": "Активиране на бутона за изпращане",
+    "active": "Активен",
+    "active_rspamd_settings_map": "Активна карта с настройки",
+    "add": "Добавяне",
+    "add_admin": "Добавяне на администратор",
+    "add_domain_admin": "Добавяне на администратор на домейн",
+    "add_forwarding_host": "Добавяне на хост за препращане",
+    "add_relayhost": "Добавяне на транспорт, зависим от изпращач",
+    "add_relayhost_hint": "Имайте предвид, че данните за удостоверяване, ако има такива, ще бъдат запазени като обикновен текст.",
+    "add_row": "Добавяне на ред",
+    "add_settings_rule": "Добавяне на правило за настройки",
+    "add_transport": "Добавяне на транспорт",
+    "add_transports_hint": "Имайте предвид, че данните за удостоверяване, ако има такива, ще бъдат запазени като обикновен текст.",
+    "additional_rows": "добавени допълнителни редове",
+    "admin": "Администратор",
+    "admin_details": "Редактиране на детайлите на администратора",
+    "admin_domains": "Назначения на домейни",
+    "admins": "Администратори",
+    "admins_ldap": "LDAP администратори",
+    "advanced_settings": "Разширени настройки",
+    "allowed_methods": "Access-Control-Allow-Methods",
+    "allowed_origins": "Access-Control-Allow-Origin",
+    "api_allow_from": "Разрешаване на API достъп от тези IP адреси/CIDR мрежови нотации",
+    "api_info": "API е в процес на разработка. Документацията може да бъде намерена на <a href=\"/api\">/api</a>",
+    "api_key": "API ключ",
+    "api_read_only": "Достъп само за четене",
+    "api_read_write": "Достъп за четене и писане",
+    "api_skip_ip_check": "Пропускане на IP проверка за API",
+    "app_hide": "Скриване за вход",
+    "app_links": "Връзки към приложения",
+    "app_name": "Име на приложението",
+    "apps_name": "Име на \"mailcow приложенията\"",
+    "arrival_time": "Време на пристигане (време на сървъра)",
+    "authed_user": "Удостоверен потребител",
+    "ays": "Сигурни ли сте, че искате да продължите?",
+    "ban_list_info": "Вижте списък с блокирани IP адреси по-долу: <b>мрежа (оставащо време за блокиране) - [действия]</b>.<br />IP адресите в опашката за разблокиране ще бъдат премахнати от активния списък с блокирани в рамките на няколко секунди.<br />Червените етикети показват активни постоянни блокирания от черния списък.",
+    "change_logo": "Промяна на логото",
+    "logo_normal_label": "Нормално",
+    "logo_dark_label": "Обърнато за тъмен режим",
+    "configuration": "Конфигурация",
+    "convert_html_to_text": "Конвертиране на HTML в обикновен текст",
+    "copy_to_clipboard": "Текстът е копиран в клипборда!",
+    "cors_settings": "Настройки на CORS",
+    "credentials_transport_warning": "<b>Внимание</b>: Добавянето на нов запис в картата на транспорта ще обнови данните за удостоверяване за всички записи с съвпадаща колона за следващ хоп.",
+    "customer_id": "Идентификатор на клиента",
+    "customize": "Персонализиране",
+    "destination": "Дестинация",
+    "dkim_add_key": "Добавяне на ARC/DKIM ключ",
+    "dkim_domains_selector": "Селектор",
+    "dkim_domains_wo_keys": "Избор на домейни без ключове",
+    "dkim_from": "От",
+    "dkim_from_title": "Източник на домейн за копиране на данни",
+    "dkim_key_length": "Дължина на DKIM ключа (битове)",
+    "dkim_key_missing": "Липсващ ключ",
+    "dkim_key_unused": "Неизползван ключ",
+    "dkim_key_valid": "Валиден ключ",
+    "dkim_keys": "ARC/DKIM ключове",
+    "dkim_overwrite_key": "Презаписване на съществуващ DKIM ключ",
+    "dkim_private_key": "Частен ключ",
+    "dkim_to": "До",
+    "dkim_to_title": "Целеви домейн/и - ще бъде презаписан",
+    "domain": "Домейн",
+    "domain_admin": "Администратор на домейн",
+    "domain_admins": "Администратори на домейн",
+    "domain_s": "Домейн/и",
+    "duplicate": "Дублиране",
+    "duplicate_dkim": "Дублиране на DKIM запис",
+    "edit": "Редактиране",
+    "empty": "Няма резултати",
+    "excludes": "Изключване на тези получатели",
+    "f2b_ban_time": "Време за блокиране (с)",
+    "f2b_ban_time_increment": "Времето за блокиране се увеличава с всяко блокиране",
+    "f2b_blacklist": "Черни списъци/хостове",
+    "f2b_filter": "Филтри с регулярни изрази",
+    "f2b_list_info": "Черният списък на хостове или мрежи винаги ще надделява над белия списък. <b>Актуализациите на списъка отнемат няколко секунди, за да бъдат приложени.</b>",
+    "f2b_manage_external": "Управление на Fail2Ban външно",
+    "f2b_manage_external_info": "Fail2ban все още ще поддържа черния списък, но няма да задава правила за блокиране на трафика. Използвайте генерирания черн списък по-долу, за да блокирате трафика външно.",
+    "f2b_max_attempts": "Макс. опити",
+    "f2b_max_ban_time": "Макс. време за блокиране (с)",
+    "f2b_netban_ipv4": "IPv4 размер на подмрежа за прилагане на блокиране (8-32)",
+    "f2b_netban_ipv6": "IPv6 размер на подмрежа за прилагане на блокиране (8-128)",
+    "f2b_parameters": "Параметри на Fail2ban",
+    "f2b_regex_info": "Логовете, които се вземат предвид: SOGo, Postfix, Dovecot, PHP-FPM.",
+    "f2b_retry_window": "Прозорец за повторен опит (с) за макс. опити",
+    "f2b_whitelist": "Бели списъци/хостове",
+    "filter": "Филтър",
+    "filter_table": "Таблица с филтри",
+    "forwarding_hosts": "Хостове за препращане",
+    "forwarding_hosts_add_hint": "Можете да посочите IPv4/IPv6 адреси, мрежи в CIDR нотация, имена на хостове (които ще бъдат разрешени в IP адреси), или имена на домейни (които ще бъдат разрешени в IP адреси чрез заявки към SPF записи или, при липсата им, MX записи).",
+    "forwarding_hosts_hint": "Входящите съобщения се приемат безрезервно от всички хостове, изброени тук. Тези хостове след това не се проверяват срещу DNSBL или подлагат на сиво списък. Спамът, получен от тях, никога не се отхвърля, но опционално може да бъде поставен във файла за нежелана поща. Най-често използваната употреба за това е да се посочат пощенски сървъри, на които сте настроили правило, което препраща входящите имейли към вашия mailcow сървър.",
+    "from": "От",
+    "generate": "генериране",
+    "guid": "GUID - уникален инстанционен идентификатор",
+    "guid_and_license": "GUID & Лиценз",
+    "hash_remove_info": "Премахването на хеш за ограничение на скоростта (ако все още съществува) ще нулира неговия брояч напълно.<br>\r\nВсеки хеш е показан с индивидуален цвят.",
+    "help_text": "Презаписване на помощния текст под маската за вход (разрешен е HTML)",
+    "host": "Хост",
+    "html": "HTML",
+    "iam": "Доставчик на идентичност",
+    "iam_attribute_field": "Поле за атрибут",
+    "iam_authorize_url": "Крайна точка за удостоверяване",
+    "iam_auth_flow": "Поток за удостоверяване",
+    "iam_auth_flow_info": "Освен стандартния поток за удостоверяване (поток с код за удостоверяване в Keycloak), който се използва за единичен вход, mailcow поддържа и поток за удостоверяване с пряки удостоверения. Потокът за удостоверяване с пароли за поща проверява удостоверенията на потребителя, като използва Keycloak Admin REST API. mailcow извлича хешираната парола от атрибута <code>mailcow_password</code>, който е картиран в Keycloak.",
+    "iam_basedn": "Основен DN",
+    "iam_client_id": "Идентификатор на клиента",
+    "iam_client_secret": "Тайна на клиента",
+    "iam_client_scopes": "Обхват на клиента",
+    "iam_default_template": "Шаблон по подразбиране",
+    "iam_default_template_description": "Ако няма зададен шаблон за потребител, шаблонът по подразбиране ще бъде използван за създаване на пощенската кутия, но не и за актуализиране на пощенската кутия.",
+    "iam_description": "Конфигуриране на външен доставчик за удостоверяване<br>Потребителските пощенски кутии ще бъдат създавани автоматично при първия им вход, при условие че е зададено картиране на атрибути.",
+    "iam_extra_permission": "За да работят следните настройки, клиентът на mailcow в Keycloak трябва да има <code>услуга акаунт</code> и разрешението да <code>вижда потребители</code>.",
+    "iam_host": "Хост",
+    "iam_host_info": "Въведете един или повече LDAP хостове, разделени с запетаи.",
+    "iam_import_users": "Импортиране на потребители",
+    "iam_mapping": "Картиране на атрибути",
+    "iam_bindpass": "Парола за свързване",
+    "iam_periodic_full_sync": "Периодичен пълен синхрон",
+    "iam_port": "Порт",
+    "iam_realm": "Реалм",
+    "iam_redirect_url": "URL за пренасочване",
+    "iam_rest_flow": "Поток за пароли за поща",
+    "iam_server_url": "URL на сървъра",
+    "iam_sso": "Единичен вход",
+    "iam_sync_interval": "Интервал за синхронизиране/импортиране (мин)",
+    "iam_test_connection": "Тест на връзката",
+    "iam_token_url": "Крайна точка за токени",
+    "iam_userinfo_url": "Крайна точка за информация за потребителя",
+    "iam_username_field": "Поле за потребителско име",
+    "iam_binddn": "DN за свързване",
+    "iam_use_ssl": "Използване на SSL",
+    "iam_use_ssl_info": "Ако активирате SSL и портът е зададен на 389, той ще бъде автоматично променен на 636.",
+    "iam_use_tls": "Използване на StartTLS",
+    "iam_use_tls_info": "Ако активирате TLS, трябва да използвате стандартния порт за вашия LDAP сървър (389). SSL портовете не могат да бъдат използвани.",
+    "iam_version": "Версия",
+    "ignore_ssl_error": "Игнориране на SSL грешки",
+    "import": "Импортиране",
+    "import_private_key": "Импортиране на частен ключ",
+    "in_use_by": "Използван от",
+    "inactive": "Неактивен",
+    "include_exclude": "Включване/Изключване",
+    "include_exclude_info": "По подразбиране - без избор - <b>всички пощенски кутии</b> се адресират",
+    "includes": "Включване на тези получатели",
+    "ip_check": "Проверка на IP",
+    "ip_check_disabled": "Проверката на IP е деактивирана. Можете да я активирате в <br> <strong>Система > Конфигурация > Опции > Персонализиране</strong>",
+    "ip_check_opt_in": "Оптиране за използване на услугата на трета страна <strong>ipv4.mailcow.email</strong> и <strong>ipv6.mailcow.email</strong>, за да разрешавате външни IP адреси.",
+    "is_mx_based": "MX базиран",
+    "last_applied": "Последно приложено",
+    "license_info": "Лицензът не е задължителен, но помага за по-нататъшното развитие.<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL поръчка\">Регистрирайте вашия GUID тук</a> или <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Поддръжка поръчка\">купете поддръжка за вашата инсталация на mailcow.</a>",
+    "link": "Връзка",
+    "loading": "Моля, изчакайте...",
+    "login_time": "Време за вход",
+    "logo_info": "Вашето изображение ще бъде мащабирано до височина 40 px за горната навигационна лента и макс. ширина 250 px за началната страница. Препоръчва се използването на скалируема графика.",
+    "lookup_mx": "Дестинацията е регулярен израз за съвпадение с MX име (<code>.*\\.google\\.com</code> за пренасочване на всички съобщения, предназначени за MX, завършващ на google.com, през този хоп)",
+    "main_name": "Име на \"mailcow UI\"",
+    "merged_vars_hint": "Редовете в сиво са сляти от <code>vars.(local.)inc.php</code> и не могат да бъдат променени.",
+    "message": "Съобщение",
+    "message_size": "Размер на съобщението",
+    "nexthop": "Следващ хоп",
+    "no": "&#10005;",
+    "no_active_bans": "Няма активни блокирания",
+    "no_new_rows": "Няма допълнителни редове",
+    "no_record": "Няма запис",
+    "oauth2_apps": "OAuth2 приложения",
+    "oauth2_add_client": "Добавяне на OAuth2 клиент",
+    "oauth2_client_id": "Идентификатор на клиента",
+    "oauth2_client_secret": "Тайна на клиента",
+    "oauth2_info": "Реализацията на OAuth2 поддържа типа разрешение \"Код за удостоверяване\" и издава токени за презареждане.<br>\r\nСървърът автоматично издава нови токени за презареждане, след като токен за презареждане е бил използван.<br><br>\r\n&#8226; Обхватът по подразбиране е <i>профил</i>. Само потребителите на пощенски кутии могат да бъдат удостоверени срещу OAuth2. Ако параметърът за обхват е пропуснат, той се връща към <i>профил</i>.<br>\r\n&#8226; Параметърът <i>state</i> трябва да бъде изпратен от клиента като част от заявката за удостоверяване.<br><br>\r\nПътища за заявки към OAuth2 API: <br>\r\n<ul>\r\n  <li>Крайна точка за удостоверяване: <code>/oauth/authorize</code></li>\r\n  <li>Крайна точка за токени: <code>/oauth/token</code></li>\r\n  <li>Страница с ресурси:  <code>/oauth/profile</code></li>\r\n</ul>\r\nГенерирането на нова тайна на клиента няма да анулира съществуващите кодове за удостоверяване, но те няма да могат да подновят своя токен.<br><br>\r\nАнулирането на токените на клиента ще доведе до незабавно прекратяване на всички активни сесии. Всички клиенти ще трябва да се преудостоверят.",
+    "oauth2_redirect_uri": "URI за пренасочване",
+    "oauth2_renew_secret": "Генериране на нова тайна на клиента",
+    "oauth2_revoke_tokens": "Анулиране на всички токени на клиента",
+    "optional": "опционално",
+    "options": "Опции",
+    "password": "Парола",
+    "password_length": "Дължина на паролата",
+    "password_policy": "Политика за пароли",
+    "password_policy_chars": "Трябва да съдържа поне една буквена буква",
+    "password_policy_length": "Минималната дължина на паролата е %d",
+    "password_policy_lowerupper": "Трябва да съдържа малки и главни букви",
+    "password_policy_numbers": "Трябва да съдържа поне една цифра",
+    "password_policy_special_chars": "Трябва да съдържа специални символи",
+    "password_repeat": "Потвърждаване на паролата (повторете)",
+    "password_reset_info": "Ако не е зададен имейл за възстановяване, тази функция не може да бъде използвана.",
+    "password_reset_settings": "Настройки за възстановяване на парола",
+    "password_reset_tmpl_html": "HTML шаблон",
+    "password_reset_tmpl_text": "Текстов шаблон",
+    "password_settings": "Настройки на паролата",
+    "priority": "Приоритет",
+    "private_key": "Частен ключ",
+    "quarantine": "Карантина",
+    "quarantine_bcc": "Изпращане на копие от всички уведомления (BCC) до този получател:<br><small>Оставете празно, за да деактивирате. <b>Неподписано, непроверено имейл. Трябва да бъде доставено само вътрешно.</b></small>",
+    "quarantine_exclude_domains": "Изключване на домейни и домейни на псевдоними",
+    "quarantine_max_age": "Максимална възраст в дни<br><small>Стойността трябва да бъде равна или по-голяма от 1 ден.</small>",
+    "quarantine_max_score": "Изхвърляне на уведомление, ако резултатът за спам на имейла е по-висок от тази стойност:<br><small>По подразбиране е 9999.0</small>",
+    "quarantine_max_size": "Максимален размер в MiB (по-големи елементи се изхвърлят):<br><small>0 не означава неограничен.</small>",
+    "quarantine_notification_html": "Шаблон на имейл за уведомление:<br><small>Оставете празно, за да възстановите шаблона по подразбиране.</small>",
+    "quarantine_notification_sender": "Изпращач на имейл за уведомление",
+    "quarantine_notification_subject": "Тема на имейл за уведомление",
+    "quarantine_redirect": "<b>Пренасочване на всички уведомления</b> към този получател:<br><small>Оставете празно, за да деактивирате. <b>Неподписано, непроверено имейл. Трябва да бъде доставено само вътрешно.</b></small>",
+    "quarantine_release_format": "Формат на освободените елементи",
+    "quarantine_release_format_att": "Като прикачен файл",
+    "quarantine_release_format_raw": "Непроменен оригинал",
+    "quarantine_retention_size": "Задържания за пощенска кутия:<br><small>0 показва <b>неактивен</b>.</small>",
+    "quota_notification_html": "Шаблон на имейл за уведомление:<br><small>Оставете празно, за да възстановите шаблона по подразбиране.</small>",
+    "quota_notification_sender": "Изпращач на имейл за уведомление",
+    "quota_notification_subject": "Тема на имейл за уведомление",
+    "quota_notifications": "Уведомления за квота",
+    "quota_notifications_info": "Уведомленията за квота се изпращат на потребителите веднъж при преминаване на 80% и веднъж при преминаване на 95% използване.",
+    "quota_notifications_vars": "{{percent}} е равно на текущата квота на потребителя<br>{{username}} е името на пощенската кутия",
+    "queue_unban": "разблокиране",
+    "r_active": "Активни ограничения",
+    "r_inactive": "Неактивни ограничения",
+    "r_info": "Елементите в сиво в списъка с активни ограничения не са известни като валидни ограничения за mailcow и не могат да бъдат преместени. Неизвестните ограничения ще бъдат зададени в реда на появяване все пак.<br>Можете да добавяте нови елементи в <code>inc/vars.local.inc.php</code>, за да можете да ги превключвате.",
+    "rate_name": "Име на ограничението",
+    "recipients": "Получатели",
+    "refresh": "Опресняване",
+    "regen_api_key": "Регенериране на API ключ",
+    "regex_maps": "Карти с регулярни изрази",
+    "relay_from": "Адрес \"From:\"",
+    "relay_rcpt": "Адрес \"To:\"",
+    "relay_run": "Изпълнение на тест",
+    "relayhosts": "Транспорти, зависими от изпращач",
+    "relayhosts_hint": "Дефинирайте транспорти, зависими от изпращач, за да можете да ги избирате в диалоговия прозорец за конфигурация на домейн.<br>\r\n  Услугата за транспорт винаги е \"smtp:\" и ще се опита да използва TLS, ако бъде предложена. Wrapped TLS (SMTPS) не се поддържа. Политиката за TLS на потребителя ще бъде взета предвид.<br>\r\n  Засегнатите домейни, включително домейни на псевдоними.",
+    "remove": "Премахване",
+    "remove_row": "Премахване на ред",
+    "reset_default": "Нулиране до подразбиране",
+    "reset_limit": "Премахване на хеш",
+    "reset_password_vars": "<code>{{link}}</code> Генерираната връзка за нулиране на парола<br><code>{{username}}</code> Името на пощенската кутия на потребителя, който е поискал нулиране на парола<br><code>{{username2}}</code> Името на пощенската кутия за възстановяване<br><code>{{date}}</code> Датата на заявката за нулиране на парола<br><code>{{token_lifetime}}</code> Времетраенето на токена в минути<br><code>{{hostname}}</code> Името на хоста на mailcow",
+    "restore_template": "Оставете празно, за да възстановите шаблона по подразбиране.",
+    "routing": "Маршрутизация",
+    "rsetting_add_rule": "Добавяне на правило",
+    "rsetting_content": "Съдържание на правилото",
+    "rsetting_desc": "Кратко описание",
+    "rsetting_no_selection": "Моля, изберете правило",
+    "rsetting_none": "Няма налични правила",
+    "rsettings_insert_preset": "Вмъкване на примерен предефиниран набор \"%s\"",
+    "rsettings_preset_1": "Деактивиране на всичко, освен DKIM и ограничение на скоростта за удостоверени потребители",
+    "rsettings_preset_2": "Пощенските администратори искат спам",
+    "rsettings_preset_3": "Разрешаване само на определени изпращачи за пощенска кутия (напр. използване като вътрешна пощенска кутия)",
+    "rsettings_preset_4": "Деактивиране на Rspamd за домейн",
+    "rspamd_com_settings": "Името на настройката ще бъде автоматично генерирано, моля, вижте примерните предефинирани набори по-долу. За повече детайли вижте <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">документацията на Rspamd</a>",
+    "rspamd_global_filters": "Глобални карти на филтри",
+    "rspamd_global_filters_agree": "Ще бъда внимателен!",
+    "rspamd_global_filters_info": "Глобалните карти на филтри съдържат различни видове глобални черни и бели списъци.",
+    "rspamd_global_filters_regex": "Имената им обясняват тяхната цел. Всичкото съдържание трябва да съдържа валиден регулярен израз във формат \"/pattern/options\" (напр. <code>/.+@domain\\.tld/i</code>).<br>\r\n  Въпреки че се извършват основни проверки за всеки ред с регулярен израз, функционалността на Rspamd може да бъде нарушена, ако не успява да прочете синтаксиса коректно.<br>\r\n  Rspamd ще се опита да прочете съдържанието на картата при промяна. Ако срещнете проблеми, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">рестартирайте Rspamd</a>, за да наложите презареждане на картата.<br>Елементите в черния списък са изключени от карантина.",
+    "rspamd_settings_map": "Карта с настройки на Rspamd",
+    "sal_level": "Ниво на Moo",
+    "save": "Запазване на промените",
+    "search_domain_da": "Търсене на домейни",
+    "send": "Изпращане",
+    "sender": "Изпращач",
+    "service": "Услуга",
+    "service_id": "Идентификатор на услугата",
+    "source": "Източник",
+    "spamfilter": "Филтър за спам",
+    "subject": "Тема",
+    "success": "Успех",
+    "sys_mails": "Системни имейли",
+    "task": "Задача",
+    "text": "Текст",
+    "time": "Време",
+    "title": "Заглавие",
+    "title_name": "Име на уеб страницата на \"mailcow UI\"",
+    "to_top": "Обратно нагоре",
+    "transport_dest_format": "Регулярен израз или синтаксис: example.org, .example.org, *, box@example.org (няколко стойности могат да бъдат разделени с запетая)",
+    "transport_maps": "Карти за транспорт",
+    "transport_test_rcpt_info": "&#8226; Използвайте null@hosted.mailcow.de, за да тествате препращането към чуждестранна дестинация.",
+    "transports_hint": "&#8226; Записът в картата на транспорта <b>пренарежда</b> запис в картата на транспорт, зависим от изпращач</b>.<br>\r\n&#8226; Транспортите, базирани на MX, се използват предимно.<br>\r\n&#8226; Настройките за политика на TLS на потребителя се игнорират и могат да бъдат приложени само чрез записи в картите на политиката на TLS.<br>\r\n&#8226; Услугата за транспорт за дефинираните транспорти винаги е \"smtp:\" и ще се опита да използва TLS, ако бъде предложена. Wrapped TLS (SMTPS) не се поддържа.<br>\r\n&#8226; Адресите, съвпадащи с \"/localhost$/\", винаги ще бъдат транспортирани през \"local:\", следователно записът \"*\" няма да се приложи към тези адреси.<br>\r\n&#8226; За да определите удостоверения за следващ хоп \"[host]:25\", Postfix <b>винаги</b> заявява за \"host\", преди да търси за \"[host]:25\". Това поведение прави невъзможно да се използват \"host\" и \"[host]:25\" едновременно.",
+    "ui_footer": "Подвал (разрешен е HTML)",
+    "ui_header_announcement": "Обяви",
+    "ui_header_announcement_active": "Задаване на активна обява",
+    "ui_header_announcement_content": "Текст (разрешен е HTML)",
+    "ui_header_announcement_help": "Обявата е видима за всички влезли потребители и на екрана за вход на UI.",
+    "ui_header_announcement_select": "Избор на тип обява",
+    "ui_header_announcement_type": "Тип",
+    "ui_header_announcement_type_danger": "Много важно",
+    "ui_header_announcement_type_info": "Информация",
+    "ui_header_announcement_type_warning": "Важно",
+    "ui_texts": "Етикети и текстове на UI",
+    "unban_pending": "разблокиране в опашката",
+    "unchanged_if_empty": "Ако не е променено, оставете празно",
+    "upload": "Качване",
+    "username": "Потребителско име",
+    "user_link": "Връзка към потребител",
+    "validate_license_now": "Валидиране на GUID срещу лицензен сървър",
+    "verify": "Проверка",
+    "yes": "&#10003;"
+  },
+  "danger": {
+    "access_denied": "Достъпът е отказан или данните от формуляра са невалидни",
+    "alias_domain_invalid": "Домейнът на псевдонима %s е невалиден",
+    "alias_empty": "Адресът на псевдонима не трябва да е празен",
+    "alias_goto_identical": "Адресът на псевдонима и адресът за пренасочване не трябва да са идентични",
+    "alias_invalid": "Адресът на псевдонима %s е невалиден",
+    "aliasd_targetd_identical": "Домейнът на псевдонима не трябва да е равен на целевия домейн: %s",
+    "aliases_in_use": "Макс. псевдоними трябва да бъдат по-големи или равни на %d",
+    "app_name_empty": "Името на приложението не може да бъде празно",
+    "app_passwd_id_invalid": "Идентификаторът на паролата за приложението %s е невалиден",
+    "authsource_in_use": "Доставчикът на идентичност не може да бъде променен или изтрит, тъй като се използва в момента от един или повече потребители.",
+    "bcc_empty": "BCC дестинацията не може да бъде празна",
+    "bcc_exists": "Картата BCC %s съществува за тип %s",
+    "bcc_must_be_email": "BCC дестинацията %s не е валиден имейл адрес",
+    "comment_too_long": "Коментарът е твърде дълъг, разрешени са макс. 160 символа",
+    "cors_invalid_method": "Зададен е невалиден метод за разрешаване",
+    "cors_invalid_origin": "Зададен е невалиден източник за разрешаване",
+    "defquota_empty": "Квотата по подразбиране за пощенска кутия не трябва да бъде 0.",
+    "demo_mode_enabled": "Режимът на демонстрация е активиран",
+    "description_invalid": "Описанието на ресурса за %s е невалидно",
+    "dkim_domain_or_sel_exists": "Съществува DKIM ключ за \"%s\", който няма да бъде презаписан",
+    "dkim_domain_or_sel_invalid": "DKIM домейн или селектор е невалиден: %s",
+    "domain_cannot_match_hostname": "Домейнът не може да съвпада с името на хоста",
+    "domain_exists": "Домейнът %s вече съществува",
+    "domain_invalid": "Името на домейна е празно или невалидно",
+    "domain_not_empty": "Не може да бъде премахнат непразен домейн %s",
+    "domain_not_found": "Домейнът %s не е намерен",
+    "domain_quota_m_in_use": "Квотата на домейна трябва да бъде по-голяма или равна на %s MiB",
+    "extended_sender_acl_denied": "липсва ACL за задаване на външни адреси на изпращач",
+    "extra_acl_invalid": "Външният адрес на изпращач \"%s\" е невалиден",
+    "extra_acl_invalid_domain": "Външният изпращач \"%s\" използва невалиден домейн",
+    "fido2_verification_failed": "Проверката на FIDO2 е неуспешна: %s",
+    "file_open_error": "Файлът не може да бъде отворен за писане",
+    "filter_type": "Грешен тип на филтър",
+    "from_invalid": "Изпращачът не трябва да бъде празен",
+    "generic_server_error": "Възникна неочаквана грешка на сървъра. Моля, свържете се с вашия администратор.",
+    "global_filter_write_error": "Файлът с филтър не може да бъде записан: %s",
+    "global_map_invalid": "Идентификаторът на глобалната карта %s е невалиден",
+    "global_map_write_error": "Глобалният идентификатор на картата %s не може да бъде записан: %s",
+    "goto_empty": "Адресът на псевдоним трябва да съдържа поне един валиден адрес за пренасочване",
+    "goto_invalid": "Адресът за пренасочване %s е невалиден",
+    "ham_learn_error": "Грешка при обучение за не-спам: %s",
+    "iam_test_connection": "Връзката е неуспешна",
+    "imagick_exception": "Грешка: Грешка при четене на изображение с Imagick",
+    "img_dimensions_exceeded": "Изображението надхвърля максималния размер",
+    "img_invalid": "Не може да се валидира файл с изображение",
+    "img_size_exceeded": "Изображението надхвърля максималния размер на файла",
+    "img_tmp_missing": "Не може да се валидира файл с изображение: Липсва временен файл",
+    "invalid_bcc_map_type": "Невалиден тип на картата BCC",
+    "invalid_destination": "Форматът на дестинацията \"%s\" е невалиден",
+    "invalid_filter_type": "Невалиден тип на филтър",
+    "invalid_host": "Зададен е невалиден хост: %s",
+    "invalid_mime_type": "Невалиден MIME тип",
+    "invalid_nexthop": "Форматът на следващия хоп е невалиден",
+    "invalid_nexthop_authenticated": "Следващият хоп съществува с различни удостоверения, моля, актуализирайте съществуващите удостоверения за този следващ хоп първо.",
+    "invalid_recipient_map_new": "Зададен е невалиден нов получател: %s",
+    "invalid_recipient_map_old": "Зададен е невалиден оригинален получател: %s",
+    "invalid_reset_token": "Невалиден токен за нулиране",
+    "ip_list_empty": "Списъкът с разрешени IP адреси не може да бъде празен",
+    "is_alias": "%s вече е известен като адрес на псевдоним",
+    "is_alias_or_mailbox": "%s вече е известен като адрес на псевдоним, пощенска кутия или адрес на псевдоним, разширен от домейн на псевдоним.",
+    "is_spam_alias": "%s вече е известен като временен адрес на псевдоним (спам адрес на псевдоним)",
+    "last_key": "Последното ключове не може да бъде изтрито, моля, деактивирайте TFA вместо това.",
+    "login_failed": "Неуспешен вход",
+    "mailbox_defquota_exceeds_mailbox_maxquota": "Квотата по подразбиране надхвърля лимита на макс. квота",
+    "mailbox_invalid": "Името на пощенската кутия е невалидно",
+    "mailbox_quota_exceeded": "Квотата надхвърля лимита на домейна (макс. %d MiB)",
+    "mailbox_quota_exceeds_domain_quota": "Макс. квотата надхвърля лимита на квотата на домейна",
+    "mailbox_quota_left_exceeded": "Няма достатъчно място (оставащо място: %d MiB)",
+    "mailboxes_in_use": "Макс. пощенски кутии трябва да бъдат по-големи или равни на %d",
+    "malformed_username": "Неправилно формирано потребителско име",
+    "map_content_empty": "Съдържанието на картата не може да бъде празно",
+    "max_alias_exceeded": "Макс. псевдоними са надхвърлени",
+    "max_mailbox_exceeded": "Макс. пощенски кутии са надхвърлени (%d от %d)",
+    "max_quota_in_use": "Квотата на пощенската кутия трябва да бъде по-голяма или равна на %d MiB",
+    "maxquota_empty": "Макс. квотата за пощенска кутия не трябва да бъде 0.",
+    "mysql_error": "Грешка на MySQL: %s",
+    "network_host_invalid": "Невалидна мрежа или хост: %s",
+    "next_hop_interferes": "%s се намесва с nexthop %s",
+    "next_hop_interferes_any": "Съществуващ следващ хоп се намесва с %s",
+    "nginx_reload_failed": "Презареждането на Nginx е неуспешно: %s",
+    "no_user_defined": "Няма зададен потребител",
+    "object_exists": "Обектът %s вече съществува",
+    "object_is_not_numeric": "Стойността %s не е числова",
+    "password_complexity": "Паролата не отговаря на изискванията",
+    "password_empty": "Паролата не трябва да бъде празна",
+    "password_mismatch": "Паролата за потвърждение не съвпада",
+    "password_reset_invalid_user": "Пощенската кутия не е намерена или не е зададен имейл за възстановяване",
+    "password_reset_na": "Възстановяването на парола в момента е недостъпно. Моля, свържете се с вашия администратор.",
+    "policy_list_from_exists": "Съществува запис с даденото име",
+    "policy_list_from_invalid": "Записът има невалиден формат",
+    "private_key_error": "Грешка с частен ключ: %s",
+    "pushover_credentials_missing": "Липсва токен или ключ на Pushover",
+    "pushover_key": "Ключът на Pushover има грешен формат",
+    "pushover_token": "Токенът на Pushover има грешен формат",
+    "quota_not_0_not_numeric": "Квотата трябва да бъде числова и >= 0",
+    "recipient_map_entry_exists": "Съществува запис в картата на получатели \"%s\"",
+    "recovery_email_failed": "Не може да бъде изпратен имейл за възстановяване. Моля, свържете се с вашия администратор.",
+    "redis_error": "Грешка на Redis: %s",
+    "relayhost_invalid": "Записът в картата %s е невалиден",
+    "release_send_failed": "Съобщението не може да бъде освободено: %s",
+    "required_data_missing": "Липсват необходими данни %s",
+    "reset_f2b_regex": "Регулярният филтър не може да бъде нулиран навреме, моля, опитайте отново или изчакайте още няколко секунди и презаредете уеб сайта.",
+    "reset_token_limit_exceeded": "Лимитът на токена за нулиране е надхвърлен. Моля, опитайте по-късно.",
+    "resource_invalid": "Името на ресурса %s е невалидно",
+    "rl_timeframe": "Временният интервал за ограничение на скоростта е некоректен",
+    "rspamd_ui_pw_length": "Паролата на UI на Rspamd трябва да бъде поне 6 символа",
+    "script_empty": "Скриптът не може да бъде празен",
+    "sender_acl_invalid": "Стойността на ACL на изпращач %s е невалидна",
+    "set_acl_failed": "Неуспешно задаване на ACL",
+    "settings_map_invalid": "Идентификаторът на картата с настройки %s е невалиден",
+    "sieve_error": "Грешка при синтаксиса на Sieve: %s",
+    "spam_learn_error": "Грешка при обучение за спам: %s",
+    "subject_empty": "Темата не трябва да бъде празна",
+    "target_domain_invalid": "Целевият домейн %s е невалиден",
+    "targetd_not_found": "Целевият домейн %s не е намерен",
+    "targetd_relay_domain": "Целевият домейн %s е домейн за реле",
+    "template_exists": "Шаблонът %s вече съществува",
+    "template_id_invalid": "Идентификаторът на шаблона %s е невалиден",
+    "template_name_invalid": "Името на шаблона е невалидно",
+    "temp_error": "Временна грешка",
+    "text_empty": "Текстът не трябва да бъде празен",
+    "tfa_token_invalid": "Токенът за TFA е невалиден",
+    "tls_policy_map_dest_invalid": "Дестинацията на политиката е невалидна",
+    "tls_policy_map_entry_exists": "Съществува запис в картата на политиката на TLS \"%s\"",
+    "tls_policy_map_parameter_invalid": "Параметърът на политиката е невалиден",
+    "to_invalid": "Получателят не трябва да бъде празен",
+    "totp_verification_failed": "Проверката на TOTP е неуспешна",
+    "transport_dest_exists": "Дестинацията на транспорта \"%s\" съществува",
+    "webauthn_verification_failed": "Проверката на WebAuthn е неуспешна: %s",
+    "webauthn_authenticator_failed": "Избраният аутентикатор не е намерен",
+    "webauthn_publickey_failed": "Не е запазен публичен ключ за избрания аутентикатор",
+    "webauthn_username_failed": "Избраният аутентикатор принадлежи на друга сметка",
+    "unknown": "Възникна неизвестна грешка",
+    "unknown_tfa_method": "Неизвестен метод за TFA",
+    "unlimited_quota_acl": "Неограничената квота е забранена от ACL",
+    "username_invalid": "Потребителското име %s не може да бъде използвано",
+    "validity_missing": "Моля, задайте период на валидност",
+    "value_missing": "Моля, предоставете всички стойности",
+    "yotp_verification_failed": "Проверката на Yubico OTP е неуспешна: %s"
+  },
+  "datatables": {
+    "collapse_all": "Свиване на всичко",
+    "decimal": ".",
+    "emptyTable": "Няма данни в таблицата",
+    "expand_all": "Разширяване на всичко",
+    "info": "Показване на _START_ до _END_ от _TOTAL_ записа",
+    "infoEmpty": "Показване на 0 до 0 от 0 записа",
+    "infoFiltered": "(филтрирани от общо _MAX_ записа)",
+    "infoPostFix": "",
+    "thousands": ",",
+    "lengthMenu": "Показване на _MENU_ записа",
+    "loadingRecords": "Зареждане...",
+    "processing": "Моля, изчакайте...",
+    "search": "Търсене:",
+    "zeroRecords": "Няма съвпадащи записи",
+    "paginate": {
+      "first": "Първи",
+      "last": "Последен",
+      "next": "Следващ",
+      "previous": "Предишен"
+    },
+    "aria": {
+      "sortAscending": ": активиране за сортиране на колоната във възходящ ред",
+      "sortDescending": ": активиране за сортиране на колоната в низходящ ред"
+    }
+  },
+  "debug": {
+    "architecture": "Архитектура",
+    "chart_this_server": "Графика (този сървър)",
+    "containers_info": "Информация за контейнерите",
+    "container_running": "Изпълнява се",
+    "container_disabled": "Контейнерът е спрян или деактивиран",
+    "container_stopped": "Спрян",
+    "cores": "Ядра",
+    "current_time": "Системно време",
+    "disk_usage": "Използване на диска",
+    "docs": "Документи",
+    "error_show_ip": "Не може да се разреши публичния IP адрес",
+    "external_logs": "Външни логове",
+    "history_all_servers": "История (всички сървъри)",
+    "in_memory_logs": "Логове в паметта",
+    "last_modified": "Последно модифициране",
+    "log_info": "<p>Логовете на mailcow <b>в паметта</b> се събират в списъци на Redis и се подрязват до LOG_LINES (%d) на всяка минута, за да се намали натоварването.<br>Логовете в паметта не са предназначени да бъдат постоянни. Всички приложения, които записват в паметта, също записват в демона на Docker и следователно в основния драйвер за логсване.<br>Логовете в паметта трябва да се използват за отстраняване на леки проблеми с контейнери.</p>\r\n  <p><b>Външните логове</b> се събират чрез API на даденото приложение.</p>\r\n  <p><b>Статичните логове</b> са най-вече логове на активност, които не се записват в демона на Docker, но все още трябва да бъдат постоянни (с изключение на логовете на API).</p>",
+    "login_time": "Време",
+    "logs": "Логове",
+    "memory": "Памет",
+    "online_users": "Потребители онлайн",
+    "restart_container": "Рестартиране",
+    "service": "Услуга",
+    "show_ip": "Показване на публичен IP",
+    "size": "Размер",
+    "started_at": "Стартирано в",
+    "started_on": "Стартирано на",
+    "static_logs": "Статични логове",
+    "success": "Успех",
+    "system_containers": "Система & Контейнери",
+    "timezone": "Часова зона",
+    "uptime": "Време на работа",
+    "update_available": "Има налична актуализация",
+    "no_update_available": "Системата е на последното издание",
+    "update_failed": "Не може да се провери за актуализация",
+    "username": "Потребителско име",
+    "wip": "В момента се работи"
+  },
+  "diagnostics": {
+    "cname_from_a": "Стойността е извлечена от A/AAAA запис. Това се поддържа, докато записът сочи към правилния ресурс.",
+    "dns_records": "DNS записи",
+    "dns_records_24hours": "Моля, имайте предвид, че промените в DNS може да отнемат до 24 часа, за да имат актуалното си състояние правилно отразено на тази страница. Тя е предназначена да ви позволи лесно да видите как да конфигурирате вашите DNS записи и да проверите дали всичките ви записи са правилно запазени в DNS.",
+    "dns_records_data": "Правилни данни",
+    "dns_records_docs": "Моля, вижте и <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">документацията</a>.",
+    "dns_records_name": "Име",
+    "dns_records_status": "Текущо състояние",
+    "dns_records_type": "Тип",
+    "optional": "Този запис е опционален."
+  },
+  "edit": {
+    "acl": "ACL (Разрешение)",
+    "active": "Активен",
+    "admin": "Редактиране на администратор",
+    "advanced_settings": "Разширени настройки",
+    "alias": "Редактиране на псевдоним",
+    "allow_from_smtp": "Разрешаване само на тези IP адреси да използват <b>SMTP</b>",
+    "allow_from_smtp_info": "Оставете празно, за да разрешите всички изпращачи.<br>IPv4/IPv6 адреси и мрежи.",
+    "allowed_protocols": "Разрешени протоколи за пряк потребителски достъп (не засяга протоколите за пароли на приложения)",
+    "app_name": "Име на приложението",
+    "app_passwd": "Парола за приложение",
+    "app_passwd_protocols": "Разрешени протоколи за паролата на приложението",
+    "automap": "Опит за автоматично картографиране на папки (\"Изпратени\", \"Изпратени\" => \"Изпратени\" и т.н.)",
+    "backup_mx_options": "Опции за реле",
+    "bcc_dest_format": "BCC дестинацията трябва да бъде един валиден имейл адрес.<br>Ако имате нужда да изпратите копие до множество адреси, създайте псевдоним и го използвайте тук.",
+    "client_id": "Идентификатор на клиента",
+    "client_secret": "Тайна на клиента",
+    "comment_info": "Частен коментар не е видим за потребителя, докато публичен коментар се показва като подсказка при преминаване с мишката върху него в прегледа на потребителя",
+    "created_on": "Създаден на",
+    "custom_attributes": "Персонализирани атрибути",
+    "delete1": "Изтриване от източника след завършване",
+    "delete2": "Изтриване на съобщенията в дестинацията, които не са в източника",
+    "delete2duplicates": "Изтриване на дубликати в дестинацията",
+    "delete_ays": "Моля, потвърдете процеса на изтриване.",
+    "description": "Описание",
+    "disable_login": "Забраняване на вход (входящите съобщения все още се приемат)",
+    "domain": "Редактиране на домейн",
+    "domain_admin": "Редактиране на администратор на домейн",
+    "domain_footer": "Подвал за домейн",
+    "domain_footer_html": "HTML подвал",
+    "domain_footer_info": "Подвалите за домейн се добавят към всички изходящи имейли, свързани с адрес в този домейн. Следните променливи могат да бъдат използвани за подвала:",
+    "domain_footer_info_vars": {
+      "auth_user": "{= auth_user =}   - Удостоверен потребител, посочен от MTA",
+      "from_user": "{= from_user =}   - Потребителска част на обвивката, напр. за \"moo@mailcow.tld\" връща \"moo\"",
+      "from_name": "{= from_name =}   - Име на обвивката, напр. за \"Mailcow &lt;moo@mailcow.tld&gt;\" връща \"Mailcow\"",
+      "from_addr": "{= from_addr =}   - Адресна част на обвивката",
+      "from_domain": "{= from_domain =} - Домейна част на обвивката",
+      "custom": "{= foo =}         - Ако пощенската кутия има персонализиран атрибут \"foo\" със стойност \"bar\", ще върне \"bar\""
+    },
+    "domain_footer_plain": "PLAIN подвал",
+    "domain_footer_skip_replies": "Игнориране на подвал в отговорни имейли",
+    "domain_quota": "Квота на домейна",
+    "domains": "Домейни",
+    "dont_check_sender_acl": "Деактивиране на проверката на изпращач за домейн %s (+ домейни на псевдоними)",
+    "edit_alias_domain": "Редактиране на домейн на псевдоним",
+    "encryption": "Криптиране",
+    "exclude": "Изключване на обекти (regex)",
+    "extended_sender_acl": "Външни адреси на изпращач",
+    "extended_sender_acl_info": "Трябва да бъде импортиран DKIM домейн ключ, ако е наличен.<br>\r\n  Помнете да добавите този сървър към съответния SPF TXT запис.<br>\r\n  Когато домейн или домейн на псевдоним бъде добавен към този сървър, който се припокрива с външен адрес, външният адрес ще бъде премахнат.<br>\r\n  Използвайте @domain.tld, за да разрешите изпращане като *@domain.tld.",
+    "footer_exclude": "Изключване от подвал",
+    "force_pw_update": "Принудително обновяване на парола при следващия вход",
+    "force_pw_update_info": "Този потребител ще може да влезе само в %s. Паролите за приложения остават използваеми.",
+    "full_name": "Пълно име",
+    "gal": "Глобален адресен списък",
+    "gal_info": "Глобалният адресен списък съдържа всички обекти на домейна и не може да бъде редактиран от нито един потребител. Липсва информация за заетост/свободно време в SOGo, ако е деактивирано! <b>Рестартирайте SOGo, за да приложите промените.</b>",
+    "generate": "генериране",
+    "grant_types": "Типове разрешения",
+    "hostname": "Име на хост",
+    "inactive": "Неактивен",
+    "kind": "Вид",
+    "last_modified": "Последно модифициране",
+    "lookup_mx": "Дестинацията е регулярен израз за съвпадение с MX име (<code>.*\\.google\\.com</code> за пренасочване на всички съобщения, предназначени за MX, завършващ на google.com, през този хоп)",
+    "mailbox": "Редактиране на пощенска кутия",
+    "mailbox_quota_def": "Квота по подразбиране за пощенска кутия",
+    "mailbox_relayhost_info": "Прилага се за пощенската кутия и директните псевдоними само, пренарежда запис в картата на транспорта за домейн.",
+    "mailbox_rename": "Преименуване на пощенска кутия",
+    "mailbox_rename_agree": "Създадох резервно копие.",
+    "mailbox_rename_alias": "Автоматично създаване на псевдоним",
+    "mailbox_rename_title": "Ново локално име на пощенска кутия",
+    "mailbox_rename_warning": "ВНИМАНИЕ! Създайте резервно копие преди преименуване на пощенската кутия.",
+    "max_aliases": "Макс. псевдоними",
+    "max_mailboxes": "Макс. възможни пощенски кутии",
+    "max_quota": "Макс. квота за пощенска кутия (MiB)",
+    "maxage": "Максимална възраст на съобщенията в дни, които ще бъдат проверени от отдалечен<br><small>(0 = игнорирай възраст)</small>",
+    "maxbytespersecond": "Макс. байтове за секунда <br><small>(0 = неограничен)</small>",
+    "mbox_rl_info": "Това ограничение на скоростта се прилага върху SASL името за вход, то съвпада с всеки \"от\" адрес, използван от влезлия потребител. Ограничението на скоростта на пощенска кутия пренарежда ограничението на скоростта за домейн.",
+    "mins_interval": "Интервал (мин)",
+    "multiple_bookings": "Множествени резервации",
+    "nexthop": "Следващ хоп",
+    "none_inherit": "Без / Наследяване",
+    "password": "Парола",
+    "password_recovery_email": "Имейл за възстановяване на парола",
+    "password_repeat": "Потвърждаване на паролата (повторете)",
+    "previous": "Предишна страница",
+    "private_comment": "Частен коментар",
+    "public_comment": "Публичен коментар",
+    "pushover": "Pushover",
+    "pushover_evaluate_x_prio": "Ескалиране на високоприоритетни съобщения [<code>X-Priority: 1</code>]",
+    "pushover_info": "Настройките за известия на Pushover ще се прилагат за всички чисти (не-спам) съобщения, доставени до <b>%s</b>, включително псевдоними (споделени, несподелени, таговани).",
+    "pushover_only_x_prio": "Разглеждане само на високоприоритетни съобщения [<code>X-Priority: 1</code>]",
+    "pushover_sender_array": "Разглеждане само на следните адреси на изпращач <small>(разделени с запетая)</small>",
+    "pushover_sender_regex": "Разглеждане на следния regex на изпращач",
+    "pushover_sound": "Звук",
+    "pushover_text": "Текст на известието",
+    "pushover_title": "Заглавие на известието",
+    "pushover_vars": "Когато не е зададен филтър на изпращач, всички съобщения ще бъдат разглеждани.<br>Филтрите с регулярен израз, както и точните проверки на изпращач, могат да бъдат дефинирани индивидуално и ще бъдат разглеждани последователно. Те не зависят един от друг.<br>Използвайте следните променливи за текст и заглавие (моля, вземете предвид политиките за поверителност на данните)",
+    "pushover_verify": "Проверка на удостоверения",
+    "quota_mb": "Квота (MiB)",
+    "quota_warning_bcc": "Предупреждения за квота ще бъдат изпращани като отделни копия до следните получатели:",
+    "quota_warning_bcc_info": "Съобщенията ще бъдат изпратени с тема, допълнена с името на потребителя в скоби, например: <code>Предупреждение за квота (user@example.com)</code>.",
+    "ratelimit": "Ограничение на скоростта",
+    "redirect_uri": "URI за пренасочване/обратно извикване",
+    "relay_all": "Реле на всички получатели",
+    "relay_all_info": "↪ Ако изберете да <b>не</b> релеирате всички получатели, ще трябва да добавите (\"скрита\") пощенска кутия за всеки отделен получател, който трябва да бъде релеиран.",
+    "relay_domain": "Реле на този домейн",
+    "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Инфо</div> Можете да дефинирате транспортни карти за персонализирана дестинация за този домейн. Ако не е зададено, ще бъде направен MX lookup.",
+    "relay_unknown_only": "Реле на несъществуващи пощенски кутии. Съществуващите пощенски кутии ще бъдат доставени локално.",
+    "relayhost": "Транспорти, зависими от изпращач",
+    "remove": "Премахване",
+    "resource": "Ресурс",
+    "save": "Запазване на промените",
+    "scope": "Обхват",
+    "sender_acl": "Разрешаване на изпращане като",
+    "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">Проверката на изпращач е деактивирана</span>",
+    "sender_acl_info": "Ако потребителят на пощенска кутия A е разрешен да изпраща като потребителя на пощенска кутия B, адресът на изпращач не се показва автоматично като избираем \"от\" поле в SOGo.<br>\r\n  Потребителят на пощенска кутия B трябва да създаде делегация в SOGo, за да разреши на потребителя на пощенска кутия A да избира техния адрес като изпращач. За да делегирате пощенска кутия в SOGo, използвайте менюто (три точки) вдясно от името на пощенската кутия в горния ляв ъгъл, докато сте в режим на поща. Това поведение не се прилага за адреси на псевдоними.",
+    "sieve_desc": "Кратко описание",
+    "sieve_type": "Тип на филтър",
+    "skipcrossduplicates": "Пропускане на дублирани съобщения между папки (първи дошъл, първи обслужен)",
+    "sogo_access": "Директно препращане към SOGo",
+    "sogo_access_info": "След влизане, потребителят се пренасочва автоматично към SOGo.",
+    "sogo_visible": "Псевдонимът е видим в SOGo",
+    "sogo_visible_info": "Тази опция засяга само обекти, които могат да бъдат показани в SOGo (споделени или несподелени адреси на псевдоними, сочещи поне една локална пощенска кутия). Ако е скрит, псевдонимът няма да се появи като избираем адрес на изпращач в SOGo.",
+    "spam_alias": "Създаване или промяна на временни псевдоними",
+    "spam_filter": "Филтър за спам",
+    "spam_policy": "Добавяне или премахване на елементи към черния/бял списък",
+    "spam_score": "Задаване на персонализиран резултат за спам",
+    "subfolder2": "Синхронизиране в подпапка в дестинацията<br><small>(празно = не използвай подпапка)</small>",
+    "syncjob": "Редактиране на синхронизираща задача",
+    "target_address": "Адрес/и за пренасочване <small>(разделени с запетая)</small>",
+    "target_domain": "Целеви домейн",
+    "timeout1": "Таймаут за връзка с отдалечен хост",
+    "timeout2": "Таймаут за връзка с локален хост",
+    "title": "Редактиране на обект",
+    "unchanged_if_empty": "Ако не е променено, оставете празно",
+    "username": "Потребителско име",
+    "validate_save": "Валидиране и запазване"
+  },
+  "fido2": {
+    "confirm": "Потвърждаване",
+    "fido2_auth": "Вход с FIDO2",
+    "fido2_success": "Устройството е регистрирано успешно",
+    "fido2_validation_failed": "Проверката е неуспешна",
+    "fn": "Приятелско име",
+    "known_ids": "Известни идентификатори",
+    "none": "Деактивирано",
+    "register_status": "Състояние на регистрация",
+    "rename": "Преименуване",
+    "set_fido2": "Регистриране на FIDO2 устройство",
+    "set_fido2_touchid": "Регистриране на Touch ID на Apple M1",
+    "set_fn": "Задаване на приятелско име",
+    "start_fido2_validation": "Стартиране на проверка на FIDO2"
+  },
+  "footer": {
+    "cancel": "Отказ",
+    "confirm_delete": "Потвърждаване на изтриването",
+    "delete_now": "Изтриване сега",
+    "delete_these_items": "Моля, потвърдете промените за следния идентификатор на обект",
+    "hibp_check": "Проверка срещу haveibeenpwned.com",
+    "hibp_nok": "Съвпадение! Това е потенциално опасна парола!",
+    "hibp_ok": "Няма съвпадение.",
+    "loading": "Моля, изчакайте...",
+    "nothing_selected": "Няма избрани елементи",
+    "restart_container": "Рестартиране на контейнер",
+    "restart_container_info": "<b>Важно:</b> Грациозното рестартиране може да отнеме известно време за завършване, моля, изчакайте да приключи.",
+    "restart_now": "Рестартиране сега",
+    "restarting_container": "Рестартиране на контейнера, това може да отнеме известно време"
+  },
+  "header": {
+    "administration": "Конфигурация & Детайли",
+    "apps": "Приложения",
+    "debug": "Информация",
+    "email": "Имейл",
+    "mailcow_system": "Система",
+    "mailcow_config": "Конфигурация",
+    "quarantine": "Карантина",
+    "restart_netfilter": "Рестартиране на netfilter",
+    "restart_sogo": "Рестартиране на SOGo",
+    "user_settings": "Настройки на потребителя"
+  },
+  "info": {
+    "awaiting_tfa_confirmation": "Изчакване на потвърждение за TFA",
+    "no_action": "Няма приложимо действие",
+    "session_expires": "Вашата сесия ще изтече след около 15 секунди"
+  },
+  "login": {
+    "back_to_mailcow": "Обратно към mailcow",
+    "delayed": "Входът е забавен с %s секунди.",
+    "fido2_webauthn": "Вход с FIDO2/WebAuthn",
+    "forgot_password": "> Забравена парола?",
+    "invalid_pass_reset_token": "Токенът за нулиране на парола е невалиден или е изтекъл.<br>Моля, заявете нов линк за нулиране на парола.",
+    "login": "Вход",
+    "login_admin": "Вход на администратор",
+    "login_dadmin": "Вход на администратор на домейн",
+    "login_user": "Потребителски вход",
+    "mobileconfig_info": "Моля, влезте като потребител на пощенска кутия, за да изтеглите поискания Apple профил за връзка.",
+    "new_password": "Нова парола",
+    "new_password_confirm": "Потвърждаване на новата парола",
+    "other_logins": "или вход с",
+    "password": "Парола",
+    "request_reset_password": "Заявка за промяна на парола",
+    "reset_password": "Нулиране на парола",
+    "username": "Потребителско име"
+  },
+  "mailbox": {
+    "action": "Действие",
+    "activate": "Активиране",
+    "active": "Активен",
+    "add": "Добавяне",
+    "add_alias": "Добавяне на псевдоним",
+    "add_alias_expand": "Разширяване на псевдоним над домейни на псевдоними",
+    "add_bcc_entry": "Добавяне на запис в картата BCC",
+    "add_domain": "Добавяне на домейн",
+    "add_domain_alias": "Добавяне на псевдоним на домейн",
+    "add_domain_record_first": "Моля, добавете първо домейн",
+    "add_filter": "Добавяне на филтър",
+    "add_mailbox": "Добавяне на пощенска кутия",
+    "add_recipient_map_entry": "Добавяне на запис в картата на получатели",
+    "add_resource": "Добавяне на ресурс",
+    "add_template": "Добавяне на шаблон",
+    "add_tls_policy_map": "Добавяне на карта на политиката на TLS",
+    "address_rewriting": "Презаписване на адрес",
+    "alias": "Псевдоним",
+    "alias_domain_alias_hint": "Псевдонимите <b>не</b> се прилагат автоматично към домейни на псевдоними. Псевдонимът <code>my-alias@domain</code> <b>не</b> покрива адреса <code>my-alias@alias-domain</code> (където \"alias-domain\" е имагинерен псевдоним на домейн).<br>Моля, използвайте филтър на Sieve, за да пренасочите имейл към външна пощенска кутия (вижте раздела \"Филтри\" или SOGo -> Пренасочвач). Използвайте \"Разширяване на псевдоним над домейни на псевдоними\", за да добавите автоматично липсващи псевдоними.",
+    "alias_domain_backupmx": "Псевдонимът на домейн е неактивен за домейн за реле",
+    "aliases": "Псевдоними",
+    "all_domains": "Всички домейни",
+    "allow_from_smtp": "Разрешаване само на тези IP адреси да използват <b>SMTP</b>",
+    "allow_from_smtp_info": "Оставете празно, за да разрешите всички изпращачи.<br>IPv4/IPv6 адреси и мрежи.",
+    "allowed_protocols": "Разрешени протоколи",
+    "backup_mx": "Домейн за реле",
+    "bcc": "BCC",
+    "bcc_destination": "BCC дестинация",
+    "bcc_destinations": "BCC дестинации",
+    "bcc_info": "Картите BCC се използват, за да препращат тихо копия от всички съобщения до друг адрес. Записът от тип получател на карта се използва, когато локалната дестинация действа като получател на имейл. Записът от тип изпращач на карта се използва, когато локалната дестинация действа като изпращач на имейл. Локалната дестинация няма да бъде информирана за неуспешна доставка.",
+    "bcc_local_dest": "Локална дестинация",
+    "bcc_map": "Карта BCC",
+    "bcc_map_type": "Тип BCC",
+    "bcc_maps": "Карти BCC",
+    "bcc_rcpt_map": "Карта на получател",
+    "bcc_sender_map": "Карта на изпращач",
+    "bcc_to_rcpt": "Превключване към карта на получател",
+    "bcc_to_sender": "Превключване към карта на изпращач",
+    "bcc_type": "Тип BCC",
+    "booking_null": "Винаги показване като свободен",
+    "booking_0_short": "Винаги свободен",
+    "booking_custom": "Твърдо ограничение до определен брой резервации",
+    "booking_custom_short": "Твърдо ограничение",
+    "booking_ltnull": "Неограничено, но показване като заето, когато е резервирано",
+    "booking_lt0_short": "Меко ограничение",
+    "catch_all": "Catch-All",
+    "created_on": "Създаден на",
+    "daily": "Ежедневно",
+    "deactivate": "Деактивиране",
+    "description": "Описание",
+    "disable_login": "Забраняване на вход (входящите съобщения все още се приемат)",
+    "disable_x": "Деактивиране",
+    "dkim_domains_selector": "Селектор",
+    "dkim_key_length": "Дължина на DKIM ключа (битове)",
+    "domain": "Домейн",
+    "domain_admins": "Администратори на домейн",
+    "domain_aliases": "Псевдоними на домейн",
+    "domain_templates": "Шаблони за домейн",
+    "domain_quota": "Квота",
+    "domain_quota_total": "Обща квота на домейна",
+    "domains": "Домейни",
+    "edit": "Редактиране",
+    "empty": "Няма резултати",
+    "enable_x": "Активиране",
+    "excludes": "Изключване",
+    "filter_table": "Таблица с филтри",
+    "filters": "Филтри",
+    "fname": "Пълно име",
+    "force_pw_update": "Принудително обновяване на парола при следващия вход",
+    "gal": "Глобален адресен списък",
+    "goto_ham": "Учен като <span class=\"text-success\"><b>не е спам</b></span>",
+    "goto_spam": "Учен като <span class=\"text-danger\"><b>спам</b></span>",
+    "hourly": "Часово",
+    "iam": "Доставчик на идентичност",
+    "in_use": "В употреба (%)",
+    "inactive": "Неактивен",
+    "insert_preset": "Вмъкване на примерен предефиниран набор \"%s\"",
+    "kind": "Вид",
+    "last_mail_login": "Последен вход в пощата",
+    "last_modified": "Последно модифициране",
+    "last_pw_change": "Последна промяна на парола",
+    "last_run": "Последно изпълнение",
+    "last_run_reset": "Задаване на следващо",
+    "mailbox": "Пощенска кутия",
+    "mailbox_defaults": "Настройки по подразбиране",
+    "mailbox_defaults_info": "Дефинирайте настройки по подразбиране за нови пощенски кутии.",
+    "mailbox_defquota": "Размер по подразбиране на пощенска кутия",
+    "mailbox_templates": "Шаблони за пощенска кутия",
+    "mailbox_quota": "Макс. размер на пощенска кутия",
+    "mailboxes": "Пощенски кутии",
+    "max_aliases": "Макс. псевдоними",
+    "max_mailboxes": "Макс. възможни пощенски кутии",
+    "max_quota": "Макс. квота за пощенска кутия",
+    "mins_interval": "Интервал (мин)",
+    "msg_num": "Съобщение №",
+    "multiple_bookings": "Множествени резервации",
+    "never": "Никога",
+    "no": "&#10005;",
+    "no_record": "Няма запис за обект %s",
+    "no_record_single": "Няма запис",
+    "open_logs": "Отваряне на логове",
+    "owner": "Собственик",
+    "private_comment": "Частен коментар",
+    "public_comment": "Публичен коментар",
+    "q_add_header": "при преместване в папката за нежелана поща",
+    "q_all": " при преместване в папката за нежелана поща и при отхвърляне",
+    "q_reject": "при отхвърляне",
+    "quarantine_category": "Категория на уведомленията за карантина",
+    "quarantine_notification": "Уведомления за карантина",
+    "quick_actions": "Действия",
+    "recipient": "Получател",
+    "recipient_map": "Карта на получател",
+    "recipient_map_info": "Картите на получател се използват, за да се замени адресът на дестинация на съобщението, преди да бъде доставено.",
+    "recipient_map_new": "Нов получател",
+    "recipient_map_new_info": "Дестинацията на картата на получател трябва да бъде валиден имейл адрес или име на домейн.",
+    "recipient_map_old": "Оригинален получател",
+    "recipient_map_old_info": "Оригиналната дестинация на картата на получател трябва да бъде валиден имейл адрес или име на домейн.",
+    "recipient_maps": "Карти на получател",
+    "relay_all": "Реле на всички получатели",
+    "relay_unknown": "Реле на несъществуващи пощенски кутии",
+    "remove": "Премахване",
+    "resources": "Ресурси",
+    "running": "Изпълнява се",
+    "sender": "Изпращач",
+    "set_postfilter": "Маркиране като постфилтър",
+    "set_prefilter": "Маркиране като префилтър",
+    "sieve_info": "Можете да запазите множество филтри за всеки потребител, но само един префилтър и един постфилтър могат да бъдат активни едновременно.<br>\r\nВсеки филтър ще бъде обработен в описания ред. Нито един неуспешен скрипт, нито издадена команда \"keep;\" няма да спре обработката на следващите скриптове. Промените в глобалните филтри на sieve ще предизвикат рестартиране на Dovecot.<br><br>Глобален префилтър на sieve &#8226; Префилтър &#8226; Потребителски скриптове &#8226; Постфилтър &#8226; Глобален постфилтър на sieve",
+    "sieve_preset_1": "Изтриване на съобщения с потенциално опасни типове файлове",
+    "sieve_preset_2": "Винаги маркиране на имейла на определен изпращач като прочетен",
+    "sieve_preset_3": "Тихо изтриване, спиране на всякаква допълнителна обработка на sieve филтри",
+    "sieve_preset_4": "Архивиране на съобщението във ВХОДНА, пропускане на допълнителна обработка от sieve филтри",
+    "sieve_preset_5": "Автоотговор (ваканция)",
+    "sieve_preset_6": "Отхвърляне на съобщение с отговор",
+    "sieve_preset_7": "Пренасочване и запазване/изтриване",
+    "sieve_preset_8": "Пренасочване на имейл от определен изпращач, маркиране като прочетен и сортиране в подпапка",
+    "sieve_preset_header": "Моля, вижте примерните предефинирани набори по-долу. За повече детайли вижте <a href=\"https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)\" target=\"_blank\">Wikipedia</a>.",
+    "sogo_visible": "Псевдонимът е видим в SOGo",
+    "sogo_visible_n": "Скриване на псевдоним в SOGo",
+    "sogo_visible_y": "Показване на псевдоним в SOGo",
+    "spam_aliases": "Времеви псевдоними",
+    "stats": "Статистика",
+    "status": "Статус",
+    "sync_jobs": "Синхронизиращи задачи",
+    "syncjob_check_log": "Проверка на лога",
+    "syncjob_last_run_result": "Резултат от последното изпълнение",
+    "syncjob_EX_OK": "Успех",
+    "syncjob_EXIT_CONNECTION_FAILURE": "Проблем с връзката",
+    "syncjob_EXIT_TLS_FAILURE": "Проблем с криптираната връзка",
+    "syncjob_EXIT_AUTHENTICATION_FAILURE": "Проблем с удостоверяването",
+    "syncjob_EXIT_OVERQUOTA": "Целевата пощенска кутия е над квотата",
+    "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Не може да се свърже с отдалечен сървър",
+    "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Грешно потребителско име или парола",
+    "table_size": "Размер на таблицата",
+    "table_size_show_n": "Показване на %s елемента",
+    "target_address": "Адрес за пренасочване",
+    "target_domain": "Целеви домейн",
+    "templates": "Шаблони",
+    "template": "Шаблон",
+    "tls_enforce_in": "Принудително използване на TLS за входящи",
+    "tls_enforce_out": "Принудително използване на TLS за изходящи",
+    "tls_map_dest": "Дестинация",
+    "tls_map_dest_info": "Примери: example.org, .example.org, [mail.example.org]:25",
+    "tls_map_parameters": "Параметри",
+    "tls_map_parameters_info": "Празно или параметри, например: protocols=!SSLv2 ciphers=medium exclude=3DES",
+    "tls_map_policy": "Политика",
+    "tls_policy_maps": "Пренареждания на политиката на TLS",
+    "tls_policy_maps_enforced_tls": "Тези политики ще пренареждат и поведението за потребители на пощенски кутии, които принудително използват изходящи TLS връзки. Ако няма политика, съществуваща по-долу, тези потребители ще приложат стойностите по подразбиране, зададени като <code>smtp_tls_mandatory_protocols</code> и <code>smtp_tls_mandatory_ciphers</code>.",
+    "tls_policy_maps_info": "Тази политика за пренареждане на TLS транспортни правила е независима от настройките за политика на TLS на потребителя.<br>\r\n  Моля, вижте <a href=\"http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps\" target=\"_blank\">документацията за \"smtp_tls_policy_maps\"</a> за повече информация.",
+    "tls_policy_maps_long": "Пренареждания на политиката на TLS за изходящи",
+    "toggle_all": "Превключване на всички",
+    "username": "Потребителско име",
+    "waiting": "Изчакване",
+    "weekly": "Седмично",
+    "yes": "&#10003;"
+  },
+  "oauth2": {
+    "access_denied": "Моля, влезте като собственик на пощенска кутия, за да удостоверите чрез OAuth2.",
+    "authorize_app": "Удостоверяване на приложение",
+    "deny": "Отказ",
+    "permit": "Удостоверяване на приложение",
+    "profile": "Профил",
+    "profile_desc": "Преглед на лични данни: потребителско име, пълно име, създадено, модифицирано, активно",
+    "scope_ask_permission": "Приложението заявява следните разрешения",
+    "client_id": "Идентификатор на клиента",
+    "client_secret": "Тайна на клиента",
+    "redirect_uri": "URI за пренасочване",
+    "renew_secret": "Генериране на нова тайна на клиента",
+    "revoke_tokens": "Анулиране на всички токени на клиента"
+  },
+  "quarantine": {
+    "action": "Действие",
+    "atts": "Прикачени файлове",
+    "check_hash": "Търсене на файлов хеш в VirusTotal",
+    "confirm": "Потвърждаване",
+    "confirm_delete": "Потвърждаване на изтриването на този елемент.",
+    "danger": "Опасност",
+    "deliver_inbox": "Доставяне в пощенската кутия",
+    "disabled_by_config": "Текущата системна конфигурация деактивира функционалността на карантината. Моля, задайте \"задържания за пощенска кутия\" и \"максимален размер\" за елементите на карантината.",
+    "download_eml": "Изтегляне (.eml)",
+    "empty": "Няма резултати",
+    "high_danger": "Висока",
+    "info": "Информация",
+    "junk_folder": "Папка за нежелана поща",
+    "learn_spam_delete": "Учен като спам и изтриване",
+    "low_danger": "Ниска",
+    "medium_danger": "Средна",
+    "neutral_danger": "Неутрална",
+    "notified": "Уведомен",
+    "qhandler_success": "Заявката е изпратена успешно до системата. Можете да затворите прозореца сега.",
+    "qid": "QID на Rspamd",
+    "qinfo": "Системата за карантина ще запази отхвърлените съобщения в базата данни (изпращачът няма да бъде информиран за доставеното съобщение) както и съобщенията, доставени като копие в папката за нежелана поща на пощенска кутия.<br> <br>\"Учен като спам и изтриване\" ще научи съобщението като спам чрез теоремата на Бейс и също ще изчисли размити хешове, за да отхвърли подобни съобщения в бъдеще.<br> <br>Моля, имайте предвид, че обучаването на множество съобщения може да бъде - в зависимост от вашата система - времеемко.<br>Елементите в черния списък са изключени от карантината.",
+    "qitem": "Елемент в карантина",
+    "quarantine": "Карантина",
+    "quick_actions": "Действия",
+    "quick_delete_link": "Отваряне на бърз линк за изтриване",
+    "quick_info_link": "Отваряне на бърз информационен линк",
+    "quick_release_link": "Отваряне на бърз линк за освобождане",
+    "rcpt": "Получател",
+    "received": "Получено",
+    "recipients": "Получатели",
+    "refresh": "Опресняване",
+    "rejected": "Отхвърлено",
+    "release": "Освобождане",
+    "release_body": "Прикаченото съобщение е добавено към това съобщение.",
+    "release_subject": "Потенциално вреден елемент в карантина %s",
+    "remove": "Премахване",
+    "rewrite_subject": "Презаписване на темата",
+    "rspamd_result": "Резултат от Rspamd",
+    "sender": "Изпращач (SMTP)",
+    "sender_header": "Изпращач (\"From\" заглавие)",
+    "settings_info": "Максимален брой елементи за карантиниране: %s<br>Максимален размер на имейл: %s MiB",
+    "show_item": "Показване на елемент",
+    "spam": "Спам",
+    "spam_score": "Резултат",
+    "subj": "Тема",
+    "table_size": "Размер на таблицата",
+    "table_size_show_n": "Показване на %s елемента",
+    "text_from_html_content": "Съдържание (конвертиран HTML)",
+    "text_plain_content": "Съдържание (обикновен текст)",
+    "toggle_all": "Превключване на всички",
+    "type": "Тип"
+  },
+  "queue": {
+    "delete": "Изтриване на всички",
+    "flush": "Изчистване на опашката",
+    "info": "Опашката на имейлите съдържа всички имейли, които чакат за доставка. Ако имейлът е засечен в опашката за дълго време, той автоматично се изтрива от системата.<br>Съобщението за грешка на съответния имейл дава информация защо имейлът не може да бъде доставен.",
+    "legend": "Функции на действията в опашката на имейлите:",
+    "ays": "Моля, потвърдете, че искате да изтриете всички елементи от текущата опашка.",
+    "deliver_mail": "Доставяне",
+    "deliver_mail_legend": "Опит за повторно доставяне на избраните съобщения.",
+    "hold_mail": "Задържане",
+    "hold_mail_legend": "Задържа избраните съобщения. (Предотвратява допълнителни опити за доставяне)",
+    "queue_manager": "Мениджър на опашката",
+    "show_message": "Показване на съобщение",
+    "unban": "разблокиране на опашката",
+    "unhold_mail": "Освобождаване",
+    "unhold_mail_legend": "Освобождава избраните съобщения за доставка. (Изисква предварително задържане)"
+  },
+  "ratelimit": {
+    "disabled": "Деактивирано",
+    "second": "съобщения/секунда",
+    "minute": "съобщения/минута",
+    "hour": "съобщения/час",
+    "day": "съобщения/ден"
+  },
+  "start": {
+    "help": "Показване/Скриване на панела за помощ",
+    "imap_smtp_server_auth_info": "Моля, използвайте пълния си имейл адрес и механизма за удостоверяване PLAIN.<br>\r\nВашите данни за вход ще бъдат криптирани от сървърната страна чрез задължително сървърно криптиране."
+  },
+  "success": {
+    "acl_saved": "ACL за обект %s е запазен",
+    "admin_added": "Администраторът %s е добавен",
+    "admin_api_modified": "Промените в API са запазени",
+    "admin_modified": "Промените в администратора са запазени",
+    "admin_removed": "Администраторът %s е премахнат",
+    "alias_added": "Адресът на псевдонима %s (%d) е добавен",
+    "alias_domain_removed": "Домейнът на псевдонима %s е премахнат",
+    "alias_modified": "Промените в адреса на псевдонима %s са запазени",
+    "alias_removed": "Псевдонимът %s е премахнат",
+    "aliasd_added": "Добавен домейн на псевдоним %s",
+    "aliasd_modified": "Промените в домейна на псевдоним %s са запазени",
+    "app_links": "Запазени промени в линковете на приложенията",
+    "app_passwd_added": "Добавена нова парола за приложение",
+    "app_passwd_removed": "Премахната парола за приложение с ID %s",
+    "bcc_deleted": "Записи в картата BCC са изтрити: %s",
+    "bcc_edited": "Записът в картата BCC %s е редактиран",
+    "bcc_saved": "Записът в картата BCC е запазен",
+    "cors_headers_edited": "Настройките на CORS са запазени",
+    "db_init_complete": "Инициализацията на базата данни е завършена",
+    "delete_filter": "Изтрити филтри с ID %s",
+    "delete_filters": "Изтрити филтри: %s",
+    "deleted_syncjob": "Изтрита синхронизираща задача с ID %s",
+    "deleted_syncjobs": "Изтрити синхронизиращи задачи: %s",
+    "dkim_added": "Добавен DKIM ключ %s",
+    "dkim_duplicated": "DKIM ключът за домейн %s е копиран в %s",
+    "dkim_removed": "DKIM ключът %s е премахнат",
+    "domain_add_dkim_available": "DKIM ключът вече съществува",
+    "domain_added": "Добавен домейн %s",
+    "domain_admin_added": "Добавен администратор на домейн %s",
+    "domain_admin_modified": "Промените в администратора на домейн %s са запазени",
+    "domain_admin_removed": "Администраторът на домейн %s е премахнат",
+    "domain_footer_modified": "Промените в подвала на домейн %s са запазени",
+    "domain_modified": "Промените в домейн %s са запазени",
+    "domain_removed": "Домейнът %s е премахнат",
+    "dovecot_restart_success": "Dovecot е рестартиран успешно",
+    "eas_reset": "Устройствата с ActiveSync за потребителя %s са нулирани",
+    "f2b_banlist_refreshed": "Списъкът с ID на блокираните е актуализиран успешно.",
+    "f2b_modified": "Промените в параметрите на Fail2ban са запазени",
+    "forwarding_host_added": "Добавен хост за препращане %s",
+    "forwarding_host_removed": "Премахнат хост за препращане %s",
+    "global_filter_written": "Филтърът е записан успешно във файл",
+    "hash_deleted": "Хешът е изтрит",
+    "iam_test_connection": "Връзката е успешна",
+    "ip_check_opt_in": "Оптирането за използване на услугата на трета страна е запазено успешно",
+    "ip_check_opt_in_modified": "Проверката на IP беше успешно запазена",
+    "item_deleted": "Елементът %s е изтрит успешно",
+    "item_released": "Елементът %s е освободен",
+    "items_deleted": "Елементът %s е изтрит успешно",
+    "items_released": "Избраните елементи са освободени",
+    "learned_ham": "Успешно научен ID %s като не е спам",
+    "license_modified": "Промените в лиценза са запазени",
+    "logged_in_as": "Вписан като %s",
+    "mailbox_added": "Пощенската кутия %s е добавена",
+    "mailbox_modified": "Промените в пощенската кутия %s са запазени",
+    "mailbox_removed": "Пощенската кутия %s е премахната",
+    "mailbox_renamed": "Пощенската кутия е преименувана от %s на %s",
+    "nginx_reloaded": "Nginx е презареден",
+    "object_modified": "Промените в обект %s са запазени",
+    "password_changed_success": "Паролата е променена успешно",
+    "password_policy_saved": "Политиката за парола е запазена успешно",
+    "pushover_settings_edited": "Настройките на Pushover са запазени успешно, моля, проверете удостоверенията.",
+    "qlearn_spam": "Съобщението с ID %s е научено като спам и изтрито",
+    "queue_command_success": "Командата на опашката е завършена успешно",
+    "recipient_map_entry_deleted": "Записът в картата на получател с ID %s е изтрит",
+    "recipient_map_entry_saved": "Записът в картата на получател \"%s\" е запазен",
+    "recovery_email_sent": "Изпратен имейл за възстановяване до %s",
+    "relayhost_added": "Записът в картата %s е добавен",
+    "relayhost_removed": "Записът в картата %s е премахнат",
+    "reset_main_logo": "Нулиране на логото по подразбиране",
+    "resource_added": "Ресурсът %s е добавен",
+    "resource_modified": "Промените в пощенската кутия %s са запазени",
+    "resource_removed": "Ресурсът %s е премахнат",
+    "rl_saved": "Ограничението на скоростта за обект %s е запазено",
+    "rspamd_ui_pw_set": "Паролата на UI на Rspamd е зададена успешно",
+    "saved_settings": "Запазени настройки",
+    "settings_map_added": "Добавен запис в картата с настройки",
+    "settings_map_removed": "Премахнат запис в картата с настройки с ID %s",
+    "sogo_profile_reset": "Профилът на SOGo за потребителя %s е нулиран",
+    "template_added": "Добавен шаблон %s",
+    "template_modified": "Промените в шаблон %s са запазени",
+    "template_removed": "Шаблонът с ID %s е премахнат",
+    "tls_policy_map_entry_deleted": "Записът в картата на политиката на TLS с ID %s е изтрит",
+    "tls_policy_map_entry_saved": "Записът в картата на политиката на TLS \"%s\" е запазен",
+    "ui_texts": "Запазени промени в текстовете на UI",
+    "upload_success": "Файлът е качен успешно",
+    "verified_fido2_login": "Потвърдено вход с FIDO2",
+    "verified_totp_login": "Потвърдено вход с TOTP",
+    "verified_webauthn_login": "Потвърдено вход с WebAuthn",
+    "verified_yotp_login": "Потвърдено вход с Yubico OTP"
+  },
+  "tfa": {
+    "authenticators": "Аутентикатори",
+    "api_register": "%s използва облачното API на Yubico. Моля, вземете API ключ за вашия ключ <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">тук</a>",
+    "confirm": "Потвърждаване",
+    "confirm_totp_token": "Моля, потвърдете промените, като въведете генерирания токен",
+    "delete_tfa": "Деактивиране на TFA",
+    "disable_tfa": "Деактивиране на TFA до следващия успешен вход",
+    "enter_qr_code": "Вашият TOTP код, ако вашето устройство не може да сканира QR кодове",
+    "error_code": "Код на грешка",
+    "init_webauthn": "Инициализиране, моля, изчакайте...",
+    "key_id": "Идентификатор за вашето устройство",
+    "key_id_totp": "Идентификатор за вашия ключ",
+    "none": "Деактивиране",
+    "reload_retry": "- (презаредете браузъра, ако грешката продължи)",
+    "scan_qr_code": "Моля, сканирайте следния код с вашето приложение за аутентикация или въведете кода ръчно.",
+    "select": "Моля, изберете",
+    "set_tfa": "Задаване на метод за двуфакторно удостоверяване",
+    "start_webauthn_validation": "Стартиране на проверка",
+    "tfa": "Двуфакторно удостоверяване",
+    "tfa_token_invalid": "Невалиден токен за TFA",
+    "totp": "Временен OTP (Google Authenticator, Authy и др.)",
+    "u2f_deprecated": "Изглежда, че вашият ключ е регистриран с депрекирания метод U2F. Ще деактивираме двуфакторното удостоверяване за вас и ще изтрием вашия ключ.",
+    "u2f_deprecated_important": "Моля, регистрирайте вашия ключ в административния панел с новия метод WebAuthn.",
+    "webauthn": "Удостоверяване с WebAuthn",
+    "waiting_usb_auth": "<i>Изчакване на USB устройство...</i><br><br>Моля, докоснете бутона на вашето USB устройство сега.",
+    "waiting_usb_register": "<i>Изчакване на USB устройство...</i><br><br>Моля, въведете паролата си по-горе и потвърдете регистрацията си, като докоснете бутона на вашето USB устройство.",
+    "yubi_otp": "Удостоверяване с Yubico OTP"
+  },
+  "user": {
+    "action": "Действие",
+    "active": "Активен",
+    "active_sieve": "Активен филтър",
+    "advanced_settings": "Разширени настройки",
+    "alias": "Псевдоним",
+    "alias_create_random": "Генериране на случаен псевдоним",
+    "alias_extend_all": "Удължаване на всички псевдоними с 1 час",
+    "alias_full_date": "d.m.Y, H:i:s T",
+    "alias_remove_all": "Премахване на всички псевдоними",
+    "alias_select_validity": "Период на валидност",
+    "alias_time_left": "Оставащо време",
+    "alias_valid_until": "Валиден до",
+    "aliases_also_send_as": "Разрешено да изпраща и като потребител",
+    "aliases_send_as_all": "Не проверявай достъпа на изпращач за следните домейни и техните псевдоними",
+    "allowed_protocols": "Разрешени протоколи",
+    "app_hint": "Паролите за приложения са алтернативни пароли за вашия IMAP, SMTP, CalDAV, CardDAV и EAS вход. Потребителското име остава непроменено. SOGo уеб пощата не е достъпна чрез пароли за приложения.",
+    "app_name": "Име на приложението",
+    "app_passwds": "Пароли за приложения",
+    "apple_connection_profile": "Профил за връзка на Apple",
+    "apple_connection_profile_complete": "Този профил за връзка включва настройки за IMAP и SMTP, както и пътища за CalDAV (календари) и CardDAV (контакти) за устройство на Apple.",
+    "apple_connection_profile_mailonly": "Този профил за връзка включва настройки за IMAP и SMTP за устройство на Apple.",
+    "apple_connection_profile_with_app_password": "Генерирана е нова парола за приложение и е добавена към профила, така че не е необходимо да се въвежда парола при настройката на вашето устройство. Моля, не споделяйте файла, тъй като той предоставя пълен достъп до вашата пощенска кутия.",
+    "attribute": "Атрибут",
+    "authentication": "Удостоверяване",
+    "change_password": "Промяна на парола",
+    "change_password_hint_app_passwords": "Вашият акаунт има %d пароли за приложения, които няма да бъдат променени. За управление на тях, отидете в раздела \"Пароли за приложения\".",
+    "clear_recent_successful_connections": "Изчистване на видимите успешни връзки",
+    "client_configuration": "Показване на ръководства за настройка на пощенски клиенти и смартфони",
+    "create_app_passwd": "Създаване на парола за приложение",
+    "create_syncjob": "Създаване на нова синхронизираща задача",
+    "created_on": "Създаден на",
+    "daily": "Ежедневно",
+    "day": "ден",
+    "delete_ays": "Моля, потвърдете процеса на изтриване.",
+    "description": "Описание",
+    "direct_aliases": "Директни адреси на псевдоними",
+    "direct_aliases_desc": "Директните адреси на псевдоними се засягат от настройките за филтър за спам и политика за TLS.",
+    "direct_protocol_access": "Този потребител на пощенска кутия има <b>директен, външен достъп</b> до следните протоколи и приложения. Тази настройка се контролира от вашия администратор. Паролите за приложения могат да бъдат създадени, за да се предостави достъп до отделни протоколи и приложения.<br>Бутонът \"Уеб поща\" предоставя еднократно удостоверяване към SOGo и винаги е достъпен.",
+    "eas_reset": "Нулиране на кеша на устройствата с ActiveSync",
+    "eas_reset_help": "В много случаи нулирането на кеша на устройството ще помогне за възстановяването на повреден профил на ActiveSync.<br><b>Внимание:</b> Всички елементи ще бъдат презаредени!",
+    "eas_reset_now": "Нулиране сега",
+    "edit": "Редактиране",
+    "email": "Имейл",
+    "email_and_dav": "Имейл, календари и контакти",
+    "empty": "Няма резултати",
+    "encryption": "Криптиране",
+    "excludes": "Изключване",
+    "expire_in": "Изтича след",
+    "fido2_webauthn": "FIDO2/WebAuthn",
+    "force_pw_update": "Трябва да зададете нова парола, за да имате достъп до груповите услуги.",
+    "from": "от",
+    "generate": "генериране",
+    "hour": "час",
+    "hourly": "Часово",
+    "hours": "часа",
+    "in_use": "В употреба",
+    "interval": "Интервал",
+    "is_catch_all": "Catch-all за домейн/и",
+    "last_mail_login": "Последен вход в пощата",
+    "last_pw_change": "Последна промяна на парола",
+    "last_run": "Последно изпълнение",
+    "last_ui_login": "Последен вход в UI",
+    "loading": "Зареждане...",
+    "login_history": "История на входовете",
+    "mailbox": "Пощенска кутия",
+    "mailbox_details": "Детайли",
+    "mailbox_general": "Общи",
+    "mailbox_settings": "Настройки",
+    "messages": "съобщения",
+    "month": "месец",
+    "months": "месеца",
+    "never": "Никога",
+    "new_password": "Нова парола",
+    "new_password_repeat": "Потвърждаване на новата парола",
+    "no_active_filter": "Няма активен филтър",
+    "no_last_login": "Няма информация за последен вход в UI",
+    "no_record": "Няма запис",
+    "open_logs": "Отваряне на логове",
+    "open_webmail_sso": "Уеб поща",
+    "overview": "Преглед",
+    "password": "Парола",
+    "password_now": "Текуща парола (потвърждаване на промените)",
+    "password_repeat": "Парола (повторете)",
+    "password_reset_info": "Ако не е зададен имейл за възстановяване на парола, тази функция не може да бъде използвана.",
+    "protocols": "Протоколи",
+    "pushover_evaluate_x_prio": "Ескалиране на високоприоритетни съобщения [<code>X-Priority: 1</code>]",
+    "pushover_info": "Настройките за известия на Pushover ще се прилагат за всички чисти (не-спам) съобщения, доставени до <b>%s</b>, включително псевдоними (споделени, несподелени, таговани).",
+    "pushover_only_x_prio": "Разглеждане само на високоприоритетни съобщения [<code>X-Priority: 1</code>]",
+    "pushover_sender_array": "Разглеждане на следните адреси на изпращач <small>(разделени с запетая)</small>",
+    "pushover_sender_regex": "Съвпадение на изпращач с следния regex",
+    "pushover_sound": "Звук",
+    "pushover_text": "Текст на известието",
+    "pushover_title": "Заглавие на известието",
+    "pushover_vars": "Когато не е зададен филтър на изпращач, всички съобщения ще бъдат разглеждани.<br>Филтрите с регулярен израз, както и точните проверки на изпращач, могат да бъдат дефинирани индивидуално и ще бъдат разглеждани последователно. Те не зависят един от друг.<br>Използвайте следните променливи за текст и заглавие (моля, вземете предвид политиките за поверителност на данните)",
+    "pushover_verify": "Проверка на удостоверения",
+    "pw_recovery_email": "Имейл за възстановяване на парола",
+    "q_add_header": "Папка за нежелана поща",
+    "q_all": "Всички категории",
+    "q_reject": "Отхвърлени",
+    "quarantine_category": "Категория на уведомленията за карантина",
+    "quarantine_category_info": "Категорията \"Отхвърлени\" включва съобщения, които са били отхвърлени, докато категорията \"Папка за нежелана поща\" ще уведоми потребителя за съобщения, които са били поставени в папката за нежелана поща.",
+    "quarantine_notification": "Уведомления за карантина",
+    "quarantine_notification_info": "След като уведомлението е изпратено, елементите ще бъдат маркирани като \"уведомени\" и няма да бъдат изпращани допълнителни уведомления за този конкретен елемент.",
+    "recent_successful_connections": "Видими успешни връзки",
+    "remove": "Премахване",
+    "running": "Изпълнява се",
+    "save": "Запазване на промените",
+    "save_changes": "Запазване на промените",
+    "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">Проверката на изпращач е деактивирана</span>",
+    "shared_aliases": "Споделени адреси на псевдоними",
+    "shared_aliases_desc": "Споделените псевдоними не се засягат от настройките за филтър за спам и политика за TLS на потребителя. Съответните настройки за спам филтър могат да бъдат направени само от администратор като настройка за домейн.",
+    "show_sieve_filters": "Показване на активния потребителски филтър на sieve",
+    "sogo_profile_reset": "Нулиране на профила на SOGo",
+    "sogo_profile_reset_help": "Това ще унищожи профила на SOGo и <b>ще изтрие всички данни за контакти и календар безвъзвратно</b>.",
+    "sogo_profile_reset_now": "Нулиране сега",
+    "spam_aliases": "Временни адреси на псевдоними",
+    "spam_score_reset": "Нулиране до настройките на сървъра по подразбиране",
+    "spamfilter": "Филтър за спам",
+    "spamfilter_behavior": "Рейтинг",
+    "spamfilter_bl": "Черен списък",
+    "spamfilter_bl_desc": "Адресите в черния списък <b>винаги</b> ще бъдат класифицирани като спам и отхвърлени. Отхвърлените съобщения <b>не</b> ще бъдат копирани в карантина. Поддържат се уайлдкардове.<br>Отхвърлените съобщения няма да бъдат доставени до папката за нежелана поща.",
+    "spamfilter_default_score": "Стойности по подразбиране",
+    "spamfilter_green": "Зелено: това съобщение не е спам",
+    "spamfilter_hint": "Първата стойност описва \"нисък резултат за спам\", втората представлява \"висок резултат за спам\".",
+    "spamfilter_red": "Червено: това съобщение е спам и ще бъде отхвърлено от сървъра",
+    "spamfilter_table_action": "Действие",
+    "spamfilter_table_add": "Добавяне на елемент",
+    "spamfilter_table_domain_policy": "политика на домейна",
+    "spamfilter_table_empty": "Няма данни за показване",
+    "spamfilter_table_remove": "премахване",
+    "spamfilter_table_rule": "Правило",
+    "spamfilter_wl": "Бял списък",
+    "spamfilter_wl_desc": "Адресите в белия списък <b>никога</b> ще бъдат класифицирани като спам. Поддържат се уайлдкардове.<br>Съобщенията, които не са класифицирани като спам, ще бъдат доставени в папката за нежелана поща, ако резултатът за спам е над стойността за висок резултат за спам.",
+    "spamfilter_yellow": "Жълто: това съобщение може да е спам, ще бъде маркирано като спам и преместено в папката за нежелана поща",
+    "status": "Статус",
+    "sync_jobs": "Синхронизиращи задачи",
+    "syncjob_EXIT_AUTHENTICATION_FAILURE": "Проблем с удостоверяването",
+    "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Грешно потребителско име или парола",
+    "syncjob_EXIT_CONNECTION_FAILURE": "Проблем с връзката",
+    "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Не може да се свърже с отдалечен сървър",
+    "syncjob_EXIT_OVERQUOTA": "Целевата пощенска кутия е над квотата",
+    "syncjob_EXIT_TLS_FAILURE": "Проблем с криптираната връзка",
+    "syncjob_EX_OK": "Успех",
+    "syncjob_check_log": "Проверка на лога",
+    "syncjob_last_run_result": "Резултат от последното изпълнение",
+    "tag_handling": "Настройка за тагове",
+    "tag_help_example": "Пример за тагован имейл адрес: me<b>+Facebook</b>@example.org",
+    "tag_help_explain": "В подпапка: ще бъде създадена нова подпапка под INBOX (\"INBOX/Facebook\").<br>\r\nВ тема: първото име на тага ще бъде добавено към темата на съобщението, например: \"[Facebook] Моите новини\".",
+    "tag_in_none": "Не прави нищо",
+    "tag_in_subfolder": "В подпапка",
+    "tag_in_subject": "В тема",
+    "text": "Текст",
+    "tfa_info": "Двуфакторното удостоверяване помага за защита на вашия акаунт. Ако го активирате, ще ви трябват пароли за приложения, за да влезете в приложения или услуги, които не поддържат двуфакторно удостоверяване (напр. пощенски клиенти).",
+    "title": "Заглавие",
+    "tls_enforce_in": "Принудително използване на TLS за входящи",
+    "tls_enforce_out": "Принудително използване на TLS за изходящи",
+    "tls_policy": "Политика за криптиране",
+    "tls_policy_warning": "<strong>Внимание:</strong> Ако решите да принудите преноса на криптирани съобщения, може да загубите съобщения.<br>Съобщенията, които не удовлетворяват политиката, ще бъдат върнати с твърдо отхвърляне от системата за поща.<br>Тази опция засяга вашия основен адрес на пощенска кутия (логин име), всички адреси, произтичащи от домейни на псевдоними, както и адреси на псевдоними, <b>с единствена целева пощенска кутия</b>.",
+    "user_settings": "Настройки на потребителя",
+    "username": "Потребителско име",
+    "value": "Стойност",
+    "verify": "Проверка",
+    "waiting": "Изчакване",
+    "week": "седмица",
+    "weekly": "Weekly",
+    "weeks": "седмици",
+    "with_app_password": "с парола за приложение",
+    "year": "година",
+    "years": "години"
+  },
+  "warning": {
+    "cannot_delete_self": "Не може да изтриете влезлия потребител",
+    "domain_added_sogo_failed": "Добавен домейн, но неуспешно рестартиране на SOGo, моля, проверете системните логове.",
+    "dovecot_restart_failed": "Dovecot не успя да рестартира, моля, проверете логовете",
+    "fuzzy_learn_error": "Грешка при обучение на размит хеш: %s",
+    "hash_not_found": "Хешът не е намерен или вече е изтрит",
+    "ip_invalid": "Пропуснат невалиден IP: %s",
+    "is_not_primary_alias": "Пропуснат неосновен псевдоним %s",
+    "no_active_admin": "Не може да деактивирате последния активен администратор",
+    "quota_exceeded_scope": "Квотата на домейна е надвишена: Само неограничени пощенски кутии могат да бъдат създадени в този домейн.",
+    "session_token": "Невалиден формулярен токен: Несъответствие на токена.",
+    "session_ua": "Невалиден формулярен токен: Грешка при проверка на User-Agent."
+  }
+}
\ No newline at end of file

From 95eb350f15a3ceade4854a8c143a4624d0fbd48d Mon Sep 17 00:00:00 2001
From: Denis Evers <denis-ev@users.noreply.github.com>
Date: Wed, 16 Jul 2025 16:08:55 +0800
Subject: [PATCH 595/755] [netfilter] fix negative timer, no unbanning of IPs
 (#6575)

* [netfilter] added debug logs and updated autopurge

* updated "Allow/Blacklist" terms

* netfilter: bumped compose version

* netfilter: changed black/whitelist terms in code

---------

Co-authored-by: Denis Evers <git@evers.sh>
Co-authored-by: DerLinkman <niklas.meyer@servercow.de>
---
 data/Dockerfiles/netfilter/main.py           | 163 ++++++++++++-------
 data/web/inc/vars.inc.php                    |  12 +-
 data/web/lang/lang.de-de.json                |  23 +--
 data/web/lang/lang.en-gb.json                |  27 +--
 data/web/templates/admin/tab-config-f2b.twig |   4 +-
 docker-compose.yml                           |   2 +-
 6 files changed, 137 insertions(+), 94 deletions(-)

diff --git a/data/Dockerfiles/netfilter/main.py b/data/Dockerfiles/netfilter/main.py
index 2b332d205..2232d0d1d 100644
--- a/data/Dockerfiles/netfilter/main.py
+++ b/data/Dockerfiles/netfilter/main.py
@@ -1,5 +1,7 @@
 #!/usr/bin/env python3
 
+DEBUG = False
+
 import re
 import os
 import sys
@@ -20,10 +22,13 @@ from modules.Logger import Logger
 from modules.IPTables import IPTables
 from modules.NFTables import NFTables
 
+def logdebug(msg):
+  if DEBUG:
+    logger.logInfo("DEBUG: %s" % msg)
 
-# globals
+# Globals
 WHITELIST = []
-BLACKLIST= []
+BLACKLIST = []
 bans = {}
 quit_now = False
 exit_code = 0
@@ -33,12 +38,10 @@ r = None
 pubsub = None
 clear_before_quit = False
 
-
 def refreshF2boptions():
   global f2boptions
   global quit_now
   global exit_code
-
   f2boptions = {}
 
   if not r.get('F2B_OPTIONS'):
@@ -52,8 +55,9 @@ def refreshF2boptions():
   else:
     try:
       f2boptions = json.loads(r.get('F2B_OPTIONS'))
-    except ValueError:
-      logger.logCrit('Error loading F2B options: F2B_OPTIONS is not json')
+    except ValueError as e:
+      logger.logCrit(
+        'Error loading F2B options: F2B_OPTIONS is not json. Exception: %s' % e)
       quit_now = True
       exit_code = 2
 
@@ -61,15 +65,15 @@ def refreshF2boptions():
   r.set('F2B_OPTIONS', json.dumps(f2boptions, ensure_ascii=False))
 
 def verifyF2boptions(f2boptions):
-  verifyF2boption(f2boptions,'ban_time', 1800)
-  verifyF2boption(f2boptions,'max_ban_time', 10000)
-  verifyF2boption(f2boptions,'ban_time_increment', True)
-  verifyF2boption(f2boptions,'max_attempts', 10)
-  verifyF2boption(f2boptions,'retry_window', 600)
-  verifyF2boption(f2boptions,'netban_ipv4', 32)
-  verifyF2boption(f2boptions,'netban_ipv6', 128)
-  verifyF2boption(f2boptions,'banlist_id', str(uuid.uuid4()))
-  verifyF2boption(f2boptions,'manage_external', 0)
+  verifyF2boption(f2boptions, 'ban_time', 1800)
+  verifyF2boption(f2boptions, 'max_ban_time', 10000)
+  verifyF2boption(f2boptions, 'ban_time_increment', True)
+  verifyF2boption(f2boptions, 'max_attempts', 10)
+  verifyF2boption(f2boptions, 'retry_window', 600)
+  verifyF2boption(f2boptions, 'netban_ipv4', 32)
+  verifyF2boption(f2boptions, 'netban_ipv6', 128)
+  verifyF2boption(f2boptions, 'banlist_id', str(uuid.uuid4()))
+  verifyF2boption(f2boptions, 'manage_external', 0)
 
 def verifyF2boption(f2boptions, f2boption, f2bdefault):
   f2boptions[f2boption] = f2boptions[f2boption] if f2boption in f2boptions and f2boptions[f2boption] is not None else f2bdefault
@@ -111,7 +115,7 @@ def get_ip(address):
 def ban(address):
   global f2boptions
   global lock
-
+  logdebug("ban() called with address=%s" % address)
   refreshF2boptions()
   MAX_ATTEMPTS = int(f2boptions['max_attempts'])
   RETRY_WINDOW = int(f2boptions['retry_window'])
@@ -119,31 +123,43 @@ def ban(address):
   NETBAN_IPV6 = '/' + str(f2boptions['netban_ipv6'])
 
   ip = get_ip(address)
-  if not ip: return
+  if not ip:
+    logdebug("No valid IP -- skipping ban()")
+    return
   address = str(ip)
   self_network = ipaddress.ip_network(address)
 
   with lock:
     temp_whitelist = set(WHITELIST)
-  if temp_whitelist:
-    for wl_key in temp_whitelist:
-      wl_net = ipaddress.ip_network(wl_key, False)
-      if wl_net.overlaps(self_network):
-        logger.logInfo('Address %s is whitelisted by rule %s' % (self_network, wl_net))
-        return
+    logdebug("Checking if %s overlaps with any WHITELIST entries" % self_network)
+    if temp_whitelist:
+      for wl_key in temp_whitelist:
+        wl_net = ipaddress.ip_network(wl_key, False)
+        logdebug("Checking overlap between %s and %s" % (self_network, wl_net))
+        if wl_net.overlaps(self_network):
+          logger.logInfo(
+            'Address %s is allowlisted by rule %s' % (self_network, wl_net))
+          return
 
-  net = ipaddress.ip_network((address + (NETBAN_IPV4 if type(ip) is ipaddress.IPv4Address else NETBAN_IPV6)), strict=False)
+  net = ipaddress.ip_network(
+    (address + (NETBAN_IPV4 if type(ip) is ipaddress.IPv4Address else NETBAN_IPV6)), strict=False)
   net = str(net)
+  logdebug("Ban net: %s" % net)
 
   if not net in bans:
     bans[net] = {'attempts': 0, 'last_attempt': 0, 'ban_counter': 0}
+    logdebug("Initing new ban counter for %s" % net)
 
   current_attempt = time.time()
+  logdebug("Current attempt ts=%s, previous: %s, retry_window: %s" %
+           (current_attempt, bans[net]['last_attempt'], RETRY_WINDOW))
   if current_attempt - bans[net]['last_attempt'] > RETRY_WINDOW:
     bans[net]['attempts'] = 0
+    logdebug("Ban counter for %s reset as window expired" % net)
 
   bans[net]['attempts'] += 1
   bans[net]['last_attempt'] = current_attempt
+  logdebug("%s attempts now %d" % (net, bans[net]['attempts']))
 
   if bans[net]['attempts'] >= MAX_ATTEMPTS:
     cur_time = int(round(time.time()))
@@ -151,34 +167,41 @@ def ban(address):
     logger.logCrit('Banning %s for %d minutes' % (net, NET_BAN_TIME / 60 ))
     if type(ip) is ipaddress.IPv4Address and int(f2boptions['manage_external']) != 1:
       with lock:
+        logdebug("Calling tables.banIPv4(%s)" % net)
         tables.banIPv4(net)
     elif int(f2boptions['manage_external']) != 1:
       with lock:
+        logdebug("Calling tables.banIPv6(%s)" % net)
         tables.banIPv6(net)
 
+    logdebug("Updating F2B_ACTIVE_BANS[%s]=%d" %
+              (net, cur_time + NET_BAN_TIME))
     r.hset('F2B_ACTIVE_BANS', '%s' % net, cur_time + NET_BAN_TIME)
   else:
-    logger.logWarn('%d more attempts in the next %d seconds until %s is banned' % (MAX_ATTEMPTS - bans[net]['attempts'], RETRY_WINDOW, net))
+    logger.logWarn('%d more attempts in the next %d seconds until %s is banned' % (
+      MAX_ATTEMPTS - bans[net]['attempts'], RETRY_WINDOW, net))
 
 def unban(net):
   global lock
-
+  logdebug("Calling unban() with net=%s" % net)
   if not net in bans:
-   logger.logInfo('%s is not banned, skipping unban and deleting from queue (if any)' % net)
-   r.hdel('F2B_QUEUE_UNBAN', '%s' % net)
-   return
-
+    logger.logInfo(
+      '%s is not banned, skipping unban and deleting from queue (if any)' % net)
+    r.hdel('F2B_QUEUE_UNBAN', '%s' % net)
+    return
   logger.logInfo('Unbanning %s' % net)
   if type(ipaddress.ip_network(net)) is ipaddress.IPv4Network:
     with lock:
+      logdebug("Calling tables.unbanIPv4(%s)" % net)
       tables.unbanIPv4(net)
   else:
     with lock:
+      logdebug("Calling tables.unbanIPv6(%s)" % net)
       tables.unbanIPv6(net)
-
   r.hdel('F2B_ACTIVE_BANS', '%s' % net)
   r.hdel('F2B_QUEUE_UNBAN', '%s' % net)
   if net in bans:
+    logdebug("Unban for %s, setting attempts=0, ban_counter+=1" % net)
     bans[net]['attempts'] = 0
     bans[net]['ban_counter'] += 1
 
@@ -204,17 +227,19 @@ def permBan(net, unban=False):
 
   if is_unbanned:
     r.hdel('F2B_PERM_BANS', '%s' % net)
-    logger.logCrit('Removed host/network %s from blacklist' % net)
+    logger.logCrit('Removed host/network %s from denylist' % net)
   elif is_banned:
     r.hset('F2B_PERM_BANS', '%s' % net, int(round(time.time())))
-    logger.logCrit('Added host/network %s to blacklist' % net)
+    logger.logCrit('Added host/network %s to denylist' % net)
 
 def clear():
   global lock
   logger.logInfo('Clearing all bans')
   for net in bans.copy():
+    logdebug("Unbanning net: %s" % net)
     unban(net)
   with lock:
+    logdebug("Clearing IPv4/IPv6 table")
     tables.clearIPv4Table()
     tables.clearIPv6Table()
     try:
@@ -275,21 +300,35 @@ def snat6(snat_target):
 
 def autopurge():
   global f2boptions
-
+  logdebug("autopurge thread started")
   while not quit_now:
+    logdebug("autopurge tick")
     time.sleep(10)
     refreshF2boptions()
     MAX_ATTEMPTS = int(f2boptions['max_attempts'])
     QUEUE_UNBAN = r.hgetall('F2B_QUEUE_UNBAN')
+    logdebug("QUEUE_UNBAN: %s" % QUEUE_UNBAN)
     if QUEUE_UNBAN:
       for net in QUEUE_UNBAN:
+        logdebug("Autopurge: unbanning queued net: %s" % net)
         unban(str(net))
-    for net in bans.copy():
-      if bans[net]['attempts'] >= MAX_ATTEMPTS:
-        NET_BAN_TIME = calcNetBanTime(bans[net]['ban_counter'])
-        TIME_SINCE_LAST_ATTEMPT = time.time() - bans[net]['last_attempt']
-        if TIME_SINCE_LAST_ATTEMPT > NET_BAN_TIME:
-          unban(net)
+    # Only check expiry for actively banned IPs:
+    active_bans = r.hgetall('F2B_ACTIVE_BANS')
+    now = time.time()
+    for net_str, expire_str in active_bans.items():
+      logdebug("Checking ban expiry for (actively banned): %s" % net_str)
+      # Defensive: always process if timer missing or expired
+      try:
+        expire = float(expire_str)
+      except Exception:
+        logdebug("Invalid expire time for %s; unbanning" % net_str)
+        unban(net_str)
+        continue
+      time_left = expire - now
+      logdebug("Time left for %s: %.1f seconds" % (net_str, time_left))
+      if time_left <= 0:
+        logdebug("Ban expired for %s" % net_str)
+        unban(net_str)
 
 def mailcowChainOrder():
   global lock
@@ -359,7 +398,7 @@ def whitelistUpdate():
     with lock:
       if Counter(new_whitelist) != Counter(WHITELIST):
         WHITELIST = new_whitelist
-        logger.logInfo('Whitelist was changed, it has %s entries' % len(WHITELIST))
+        logger.logInfo('Allowlist was changed, it has %s entries' % len(WHITELIST))
     time.sleep(60.0 - ((time.time() - start_time) % 60.0))
 
 def blacklistUpdate():
@@ -375,7 +414,7 @@ def blacklistUpdate():
       addban = set(new_blacklist).difference(BLACKLIST)
       delban = set(BLACKLIST).difference(new_blacklist)
       BLACKLIST = new_blacklist
-      logger.logInfo('Blacklist was changed, it has %s entries' % len(BLACKLIST))
+      logger.logInfo('Denylist was changed, it has %s entries' % len(BLACKLIST))
       if addban:
         for net in addban:
           permBan(net=net)
@@ -386,25 +425,25 @@ def blacklistUpdate():
 
 def sigterm_quit(signum, frame):
   global clear_before_quit
+  logdebug("SIGTERM received, setting clear_before_quit to True and exiting")
   clear_before_quit = True
   sys.exit(exit_code)
 
-def berfore_quit():
+def before_quit():
+  logdebug("before_quit called, clear_before_quit=%s" % clear_before_quit)
   if clear_before_quit:
     clear()
   if pubsub is not None:
     pubsub.unsubscribe()
 
-
 if __name__ == '__main__':
-  atexit.register(berfore_quit)
+  logger = Logger()
+  logdebug("Sys.argv: %s" % sys.argv)
+  atexit.register(before_quit)
   signal.signal(signal.SIGTERM, sigterm_quit)
 
-  # init Logger
-  logger = Logger()
-
-  # init backend
   backend = sys.argv[1]
+  logdebug("Backend: %s" % backend)
   if backend == "nftables":
     logger.logInfo('Using NFTables backend')
     tables = NFTables(chain_name, logger)
@@ -412,16 +451,12 @@ if __name__ == '__main__':
     logger.logInfo('Using IPTables backend')
     tables = IPTables(chain_name, logger)
 
-  # In case a previous session was killed without cleanup
   clear()
-
-  # Reinit MAILCOW chain
-  # Is called before threads start, no locking
   logger.logInfo("Initializing mailcow netfilter chain")
   tables.initChainIPv4()
   tables.initChainIPv6()
 
-  if os.getenv("DISABLE_NETFILTER_ISOLATION_RULE").lower() in ("y", "yes"):
+  if os.getenv("DISABLE_NETFILTER_ISOLATION_RULE", "").lower() in ("y", "yes"):
     logger.logInfo(f"Skipping {chain_name} isolation")
   else:
     logger.logInfo(f"Setting {chain_name} isolation")
@@ -432,23 +467,28 @@ if __name__ == '__main__':
     try:
       redis_slaveof_ip = os.getenv('REDIS_SLAVEOF_IP', '')
       redis_slaveof_port = os.getenv('REDIS_SLAVEOF_PORT', '')
+      logdebug(
+        "Connecting redis (SLAVEOF_IP:%s, PORT:%s)" % (redis_slaveof_ip, redis_slaveof_port))
       if "".__eq__(redis_slaveof_ip):
-        r = redis.StrictRedis(host=os.getenv('IPV4_NETWORK', '172.22.1') + '.249', decode_responses=True, port=6379, db=0, password=os.environ['REDISPASS'])
+        r = redis.StrictRedis(
+          host=os.getenv('IPV4_NETWORK', '172.22.1') + '.249', decode_responses=True, port=6379, db=0, password=os.environ['REDISPASS'])
       else:
-        r = redis.StrictRedis(host=redis_slaveof_ip, decode_responses=True, port=redis_slaveof_port, db=0, password=os.environ['REDISPASS'])
+        r = redis.StrictRedis(
+          host=redis_slaveof_ip, decode_responses=True, port=redis_slaveof_port, db=0, password=os.environ['REDISPASS'])
       r.ping()
       pubsub = r.pubsub()
     except Exception as ex:
-      print('%s - trying again in 3 seconds'  % (ex))
+      logdebug(
+        'Redis connection failed: %s - trying again in 3 seconds' % (ex))
       time.sleep(3)
     else:
       break
   logger.set_redis(r)
+  logdebug("Redis connection established, setting up F2B keys")
 
-  # rename fail2ban to netfilter
   if r.exists('F2B_LOG'):
+    logdebug("Renaming F2B_LOG to NETFILTER_LOG")
     r.rename('F2B_LOG', 'NETFILTER_LOG')
-  # clear bans in redis
   r.delete('F2B_ACTIVE_BANS')
   r.delete('F2B_PERM_BANS')
 
@@ -463,7 +503,7 @@ if __name__ == '__main__':
       snat_ip = os.getenv('SNAT_TO_SOURCE')
       snat_ipo = ipaddress.ip_address(snat_ip)
       if type(snat_ipo) is ipaddress.IPv4Address:
-        snat4_thread = Thread(target=snat4,args=(snat_ip,))
+        snat4_thread = Thread(target=snat4, args=(snat_ip,))
         snat4_thread.daemon = True
         snat4_thread.start()
     except ValueError:
@@ -499,4 +539,5 @@ if __name__ == '__main__':
   while not quit_now:
     time.sleep(0.5)
 
-  sys.exit(exit_code)
+  logdebug("Exiting with code %s" % exit_code)
+  sys.exit(exit_code)
\ No newline at end of file
diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php
index 802a41f95..671e20334 100644
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@@ -238,12 +238,12 @@ $FIDO2_FORMATS = array('apple', 'android-key', 'android-safetynet', 'fido-u2f',
 // Set visible Rspamd maps in mailcow UI, do not change unless you know what you are doing
 $RSPAMD_MAPS = array(
   'regex' => array(
-    'Header-From: Blacklist' => 'global_mime_from_blacklist.map',
-    'Header-From: Whitelist' => 'global_mime_from_whitelist.map',
-    'Envelope Sender Blacklist' => 'global_smtp_from_blacklist.map',
-    'Envelope Sender Whitelist' => 'global_smtp_from_whitelist.map',
-    'Recipient Blacklist' => 'global_rcpt_blacklist.map',
-    'Recipient Whitelist' => 'global_rcpt_whitelist.map',
+    'Header-From: Denylist' => 'global_mime_from_blacklist.map',
+    'Header-From: Allowlist' => 'global_mime_from_whitelist.map',
+    'Envelope Sender Denylist' => 'global_smtp_from_blacklist.map',
+    'Envelope Sender Allowlist' => 'global_smtp_from_whitelist.map',
+    'Recipient Denylist' => 'global_rcpt_blacklist.map',
+    'Recipient Allowlist' => 'global_rcpt_whitelist.map',
     'Fishy TLDS (only fired in combination with bad words)' => 'fishy_tlds.map',
     'Bad Words (only fired in combination with fishy TLDs)' => 'bad_words.map',
     'Bad Words DE (only fired in combination with fishy TLDs)' => 'bad_words_de.map',
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 6e1b4d4c2..df41b8946 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -25,7 +25,7 @@
         "sogo_access": "Verwalten des SOGo-Zugriffsrechts erlauben",
         "sogo_profile_reset": "SOGo-Profil zurücksetzen",
         "spam_alias": "Temporäre E-Mail-Aliasse",
-        "spam_policy": "Blacklist/Whitelist",
+        "spam_policy": "Deny/Allowlist",
         "spam_score": "Spam-Bewertung",
         "syncjobs": "Sync Jobs",
         "tls_policy": "Verschlüsselungsrichtlinie",
@@ -147,7 +147,7 @@
         "arrival_time": "Ankunftszeit (Serverzeit)",
         "authed_user": "Auth. Benutzer",
         "ays": "Soll der Vorgang wirklich ausgeführt werden?",
-        "ban_list_info": "Übersicht ausgesperrter Netzwerke: <b>Netzwerk (verbleibende Bannzeit) - [Aktionen]</b>.<br />IPs, die zum Entsperren eingereiht werden, verlassen die Liste aktiver Banns nach wenigen Sekunden.<br />Rote Labels sind Indikatoren für aktive Blacklist-Einträge.",
+        "ban_list_info": "Übersicht ausgesperrter Netzwerke: <b>Netzwerk (verbleibende Bannzeit) - [Aktionen]</b>.<br />IPs, die zum Entsperren eingereiht werden, verlassen die Liste aktiver Banns nach wenigen Sekunden.<br />Rote Labels sind Indikatoren für aktive Allowlist-Einträge.",
         "change_logo": "Logo ändern",
         "configuration": "Konfiguration",
         "convert_html_to_text": "Konvertiere HTML zu reinem Text",
@@ -184,9 +184,9 @@
         "excludes": "Diese Empfänger ausschließen",
         "f2b_ban_time": "Bannzeit in Sekunden",
         "f2b_ban_time_increment": "Bannzeit erhöht sich mit jedem Bann",
-        "f2b_blacklist": "Blacklist für Netzwerke und Hosts",
+        "f2b_blacklist": "Denyliste für Netzwerke und Hosts",
         "f2b_filter": "Regex-Filter",
-        "f2b_list_info": "Ein Host oder Netzwerk auf der Blacklist wird immer eine Whitelist-Einheit überwiegen. <b>Die Aktualisierung der Liste dauert einige Sekunden.</b>",
+        "f2b_list_info": "Ein Host oder Netzwerk auf der Denyliste wird immer eine Allowlist-Einheit überwiegen. <b>Die Aktualisierung der Liste dauert einige Sekunden.</b>",
         "f2b_manage_external": "Fail2Ban extern verwalten",
         "f2b_manage_external_info": "Fail2ban wird die Banlist weiterhin pflegen, jedoch werden keine aktiven Regeln zum blockieren gesetzt. Die unten generierte Banlist, kann verwendet werden, um den Datenverkehr extern zu blockieren.",
         "f2b_max_attempts": "Max. Versuche",
@@ -196,7 +196,7 @@
         "f2b_parameters": "Fail2ban-Parameter",
         "f2b_regex_info": "Berücksichtigte Logs: SOGo, Postfix, Dovecot, PHP-FPM.",
         "f2b_retry_window": "Wiederholungen im Zeitraum von (s)",
-        "f2b_whitelist": "Whitelist für Netzwerke und Hosts",
+        "f2b_whitelist": "Allowliste für Netzwerke und Hosts",
         "filter_table": "Tabelle filtern",
         "force_sso_text": "Wenn ein externer OIDC-Provider konfiguriert ist, blendet diese Option die mailcow Loginform aus und zeigt nur den Single Sign-On-Button an.",
         "force_sso": "mailcow Login deaktivieren und nur Single Sign-On anzeigen",
@@ -272,6 +272,7 @@
         "message": "Nachricht",
         "message_size": "Nachrichtengröße",
         "nexthop": "Next Hop",
+        "needs_restart": "benötigt Neustart",
         "no": "&#10005;",
         "no_active_bans": "Keine aktiven Banns",
         "no_new_rows": "Keine weiteren Zeilen vorhanden",
@@ -354,8 +355,8 @@
         "rspamd_com_settings": "Ein Name wird automatisch generiert. Beispielinhalte zur Einsicht stehen nachstehend bereit. Siehe auch <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd docs</a>",
         "rspamd_global_filters": "Globale Filter-Maps",
         "rspamd_global_filters_agree": "Ich werde vorsichtig sein!",
-        "rspamd_global_filters_info": "Globale Filter-Maps steuern globales White- und Blacklisting dieses Servers.",
-        "rspamd_global_filters_regex": "Die akzeptierte Form für Einträge sind <b>ausschließlich</b> Regular Expressions.\r\n  Trotz rudimentärer Überprüfung der Map, kann es zu fehlerhaften Einträgen kommen, die Rspamd im schlechtesten Fall mit unvorhersehbarer Funktionalität bestraft.<br>\r\n  Das korrekte Format lautet \"/pattern/options\" (Beispiel: <code>/.+@domain\\.tld/i</code>).<br>\r\n  Der Name der Map beschreibt die jeweilige Funktion.<br>\r\n  Rspamd versucht die Maps umgehend aufzulösen. Bei Problemen sollte <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">Rspamd manuell neugestartet werden</a>.<br>Elemente auf Blacklists sind von der Quarantäne ausgeschlossen.",
+        "rspamd_global_filters_info": "Globale Filter-Maps steuern globales Allow- und Denylisting dieses Servers.",
+        "rspamd_global_filters_regex": "Die akzeptierte Form für Einträge sind <b>ausschließlich</b> Regular Expressions.\r\n  Trotz rudimentärer Überprüfung der Map, kann es zu fehlerhaften Einträgen kommen, die Rspamd im schlechtesten Fall mit unvorhersehbarer Funktionalität bestraft.<br>\r\n  Das korrekte Format lautet \"/pattern/options\" (Beispiel: <code>/.+@domain\\.tld/i</code>).<br>\r\n  Der Name der Map beschreibt die jeweilige Funktion.<br>\r\n  Rspamd versucht die Maps umgehend aufzulösen. Bei Problemen sollte <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">Rspamd manuell neugestartet werden</a>.<br>Elemente auf Denylisten sind von der Quarantäne ausgeschlossen.",
         "rspamd_settings_map": "Rspamd-Settings-Map",
         "sal_level": "Moo-Level",
         "save": "Änderungen speichern",
@@ -747,7 +748,7 @@
         "sogo_visible_info": "Diese Option hat lediglich Einfluss auf Objekte, die in SOGo darstellbar sind (geteilte oder nicht-geteilte Alias-Adressen mit dem Ziel mindestens einer lokalen Mailbox).",
         "spam_alias": "Anpassen temporärer Alias-Adressen",
         "spam_filter": "Spamfilter",
-        "spam_policy": "Hinzufügen und Entfernen von Einträgen in White- und Blacklists",
+        "spam_policy": "Hinzufügen und Entfernen von Einträgen in Allow- und Denylisten",
         "spam_score": "Einen benutzerdefiniterten Spam-Score festlegen",
         "subfolder2": "Ziel-Ordner<br><small>(leer = kein Unterordner)</small>",
         "syncjob": "Sync-Job bearbeiten",
@@ -1037,7 +1038,7 @@
         "notified": "Benachrichtigt",
         "qhandler_success": "Aktion wurde an das System übergeben. Sie dürfen dieses Fenster nun schließen.",
         "qid": "Rspamd QID",
-        "qinfo": "Das Quarantänesystem speichert abgelehnte Nachrichten in der Datenbank (dem Sender wird <em>nicht</em> signalisiert, dass seine E-Mail zugestellt wurde) als auch diese, die als Kopie in den Junk-Ordner der jeweiligen Mailbox zugestellt wurden.\r\n  <br>\"Als Spam lernen und löschen\" lernt Nachrichten nach bayesscher Statistik als Spam und erstellt Fuzzy Hashes ausgehend von der jeweiligen Nachricht, um ähnliche Inhalte zukünftig zu unterbinden.\r\n  <br>Der Prozess des Lernens kann abhängig vom System zeitintensiv sein.<br>Auf Blacklists vorkommende Elemente sind von der Quarantäne ausgeschlossen.",
+        "qinfo": "Das Quarantänesystem speichert abgelehnte Nachrichten in der Datenbank (dem Sender wird <em>nicht</em> signalisiert, dass seine E-Mail zugestellt wurde) als auch diese, die als Kopie in den Junk-Ordner der jeweiligen Mailbox zugestellt wurden.\r\n  <br>\"Als Spam lernen und löschen\" lernt Nachrichten nach bayesscher Statistik als Spam und erstellt Fuzzy Hashes ausgehend von der jeweiligen Nachricht, um ähnliche Inhalte zukünftig zu unterbinden.\r\n  <br>Der Prozess des Lernens kann abhängig vom System zeitintensiv sein.<br>Auf Denylisten vorkommende Elemente sind von der Quarantäne ausgeschlossen.",
         "qitem": "Quarantäneeintrag",
         "quarantine": "Quarantäne",
         "quick_actions": "Aktionen",
@@ -1326,7 +1327,7 @@
         "spam_score_reset": "Auf Server-Standard zurücksetzen",
         "spamfilter": "Spamfilter",
         "spamfilter_behavior": "Bewertung",
-        "spamfilter_bl": "Blacklist",
+        "spamfilter_bl": "Denyliste",
         "spamfilter_bl_desc": "Für E-Mail-Adressen, die vom Spamfilter <b>immer</b> als Spam erfasst und abgelehnt werden. Die Quarantäne-Funktion ist für diese Nachrichten deaktiviert. Die Verwendung von Wildcards ist gestattet. Ein Filter funktioniert lediglich für direkte nicht-\"Catch All\" Alias-Adressen (Alias-Adressen mit lediglich einer Mailbox als Ziel-Adresse) sowie die Mailbox-Adresse selbst.",
         "spamfilter_default_score": "Standardwert",
         "spamfilter_green": "Grün: Die Nachricht ist kein Spam",
@@ -1338,7 +1339,7 @@
         "spamfilter_table_empty": "Keine Einträge vorhanden",
         "spamfilter_table_remove": "Entfernen",
         "spamfilter_table_rule": "Regel",
-        "spamfilter_wl": "Whitelist",
+        "spamfilter_wl": "Allowliste",
         "spamfilter_wl_desc": "Für E-Mail-Adressen, die vom Spamfilter <b>nicht</b> erfasst werden sollen. Die Verwendung von Wildcards ist gestattet. Ein Filter funktioniert lediglich für direkte nicht-\"Catch All\" Alias-Adressen (Alias-Adressen mit lediglich einer Mailbox als Ziel-Adresse) sowie die Mailbox-Adresse selbst.",
         "spamfilter_yellow": "Gelb: Die Nachricht ist vielleicht Spam, wird als Spam markiert und in den Junk-Ordner verschoben",
         "status": "Status",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 21d26d8c8..727fd687c 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -25,7 +25,7 @@
         "sogo_access": "Allow management of SOGo access",
         "sogo_profile_reset": "Reset SOGo profile",
         "spam_alias": "Temporary aliases",
-        "spam_policy": "Blacklist/Whitelist",
+        "spam_policy": "Denylist/Allowlist",
         "spam_score": "Spam score",
         "syncjobs": "Sync jobs",
         "tls_policy": "TLS policy",
@@ -151,7 +151,7 @@
         "arrival_time": "Arrival time (server time)",
         "authed_user": "Auth. user",
         "ays": "Are you sure you want to proceed?",
-        "ban_list_info": "See a list of banned IPs below: <b>network (remaining ban time) - [actions]</b>.<br />IPs queued to be unbanned will be removed from the active ban list within a few seconds.<br />Red labels indicate active permanent bans by blacklisting.",
+        "ban_list_info": "See a list of banned IPs below: <b>network (remaining ban time) - [actions]</b>.<br />IPs queued to be unbanned will be removed from the active ban list within a few seconds.<br />Red labels indicate active permanent bans by denylisting.",
         "change_logo": "Change logo",
         "logo_normal_label": "Normal",
         "logo_dark_label": "Inverted for dark mode",
@@ -190,9 +190,9 @@
         "excludes": "Excludes these recipients",
         "f2b_ban_time": "Ban time (s)",
         "f2b_ban_time_increment": "Ban time is incremented with each ban",
-        "f2b_blacklist": "Blacklisted networks/hosts",
+        "f2b_blacklist": "Denylisted networks/hosts",
         "f2b_filter": "Regex filters",
-        "f2b_list_info": "A blacklisted host or network will always outweigh a whitelist entity. <b>List updates will take a few seconds to be applied.</b>",
+        "f2b_list_info": "A denylisted host or network will always outweigh a allowlist entity. <b>List updates will take a few seconds to be applied.</b>",
         "f2b_manage_external": "Manage Fail2Ban externally",
         "f2b_manage_external_info": "Fail2ban will still maintain the banlist, but it will not actively set rules to block traffic. Use the generated banlist below to externally block the traffic.",
         "f2b_max_attempts": "Max. attempts",
@@ -202,7 +202,7 @@
         "f2b_parameters": "Fail2ban parameters",
         "f2b_regex_info": "Logs taken into consideration: SOGo, Postfix, Dovecot, PHP-FPM.",
         "f2b_retry_window": "Retry window (s) for max. attempts",
-        "f2b_whitelist": "Whitelisted networks/hosts",
+        "f2b_whitelist": "Allowlisted networks/hosts",
         "filter": "Filter",
         "filter_table": "Filter table",
         "force_sso_text": "If an external OIDC provider is configured, this option hides the default mailcow login forms and only shows the Single Sign-On button",
@@ -279,6 +279,7 @@
         "message": "Message",
         "message_size": "Message size",
         "nexthop": "Next hop",
+        "needs_restart": "needs restart",
         "no": "&#10005;",
         "no_active_bans": "No active bans",
         "no_new_rows": "No further rows available",
@@ -364,8 +365,8 @@
         "rspamd_com_settings": "A setting name will be auto-generated, please see the example presets below. For more details see <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd docs</a>",
         "rspamd_global_filters": "Global filter maps",
         "rspamd_global_filters_agree": "I will be careful!",
-        "rspamd_global_filters_info": "Global filter maps contain different kind of global black and whitelists.",
-        "rspamd_global_filters_regex": "Their names explain their purpose. All content must contain valid regular expression in the format of \"/pattern/options\" (e.g. <code>/.+@domain\\.tld/i</code>).<br>\r\n  Although rudimentary checks are being executed on each line of regex, Rspamds functionality can be broken, if it fails to read the syntax correctly.<br>\r\n  Rspamd will try to read the map content when changed. If you experience problems, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">restart Rspamd</a> to enforce a map reload.<br>Blacklisted elements are excluded from quarantine.",
+        "rspamd_global_filters_info": "Global filter maps contain different kind of global deny and allowlists.",
+        "rspamd_global_filters_regex": "Their names explain their purpose. All content must contain valid regular expression in the format of \"/pattern/options\" (e.g. <code>/.+@domain\\.tld/i</code>).<br>\r\n  Although rudimentary checks are being executed on each line of regex, Rspamds functionality can be broken, if it fails to read the syntax correctly.<br>\r\n  Rspamd will try to read the map content when changed. If you experience problems, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">restart Rspamd</a> to enforce a map reload.<br>Denylisted elements are excluded from quarantine.",
         "rspamd_settings_map": "Rspamd settings map",
         "sal_level": "Moo level",
         "save": "Save changes",
@@ -750,7 +751,7 @@
         "sogo_visible_info": "This option only affects objects, that can be displayed in SOGo (shared or non-shared alias addresses pointing to at least one local mailbox). If hidden, an alias will not appear as selectable sender in SOGo.",
         "spam_alias": "Create or change time limited alias addresses",
         "spam_filter": "Spam filter",
-        "spam_policy": "Add or remove items to white-/blacklist",
+        "spam_policy": "Add or remove items to allow-/denylist",
         "spam_score": "Set a custom spam score",
         "subfolder2": "Sync into subfolder on destination<br><small>(empty = do not use subfolder)</small>",
         "syncjob": "Edit sync job",
@@ -1039,7 +1040,7 @@
         "notified": "Notified",
         "qhandler_success": "Request successfully sent to the system. You can now close the window.",
         "qid": "Rspamd QID",
-        "qinfo": "The quarantine system will save rejected mail to the database (the sender will <em>not</em> be given the impression of a delivered mail) as well as mail, that is delivered as copy into the Junk folder of a mailbox.\r\n  <br>\"Learn as spam and delete\" will learn a message as spam via Bayesian theorem and also calculate fuzzy hashes to deny similar messages in the future.\r\n  <br>Please be aware that learning multiple messages can be - depending on your system - time consuming.<br>Blacklisted elements are excluded from the quarantine.",
+        "qinfo": "The quarantine system will save rejected mail to the database (the sender will <em>not</em> be given the impression of a delivered mail) as well as mail, that is delivered as copy into the Junk folder of a mailbox.\r\n  <br>\"Learn as spam and delete\" will learn a message as spam via Bayesian theorem and also calculate fuzzy hashes to deny similar messages in the future.\r\n  <br>Please be aware that learning multiple messages can be - depending on your system - time consuming.<br>Denylisted elements are excluded from the quarantine.",
         "qitem": "Quarantine item",
         "quarantine": "Quarantine",
         "quick_actions": "Actions",
@@ -1337,8 +1338,8 @@
         "spam_score_reset": "Reset to server default",
         "spamfilter": "Spam filter",
         "spamfilter_behavior": "Rating",
-        "spamfilter_bl": "Blacklist",
-        "spamfilter_bl_desc": "Blacklisted email addresses to <b>always</b> classify as spam and reject. Rejected mail will <b>not</b> be copied to quarantine. Wildcards may be used. A filter is only applied to direct aliases (aliases with a single target mailbox) excluding catch-all aliases and a mailbox itself.",
+        "spamfilter_bl": "Denylist",
+        "spamfilter_bl_desc": "Denylisted email addresses to <b>always</b> classify as spam and reject. Rejected mail will <b>not</b> be copied to quarantine. Wildcards may be used. A filter is only applied to direct aliases (aliases with a single target mailbox) excluding catch-all aliases and a mailbox itself.",
         "spamfilter_default_score": "Default values",
         "spamfilter_green": "Green: this message is not spam",
         "spamfilter_hint": "The first value describes the \"low spam score\", the second represents the \"high spam score\".",
@@ -1349,8 +1350,8 @@
         "spamfilter_table_empty": "No data to display",
         "spamfilter_table_remove": "remove",
         "spamfilter_table_rule": "Rule",
-        "spamfilter_wl": "Whitelist",
-        "spamfilter_wl_desc": "Whitelisted email addresses are programmed to <b>never</b> classify as spam. Wildcards may be used. A filter is only applied to direct aliases (aliases with a single target mailbox) excluding catch-all aliases and a mailbox itself.",
+        "spamfilter_wl": "Allowlist",
+        "spamfilter_wl_desc": "Allowlisted email addresses are programmed to <b>never</b> classify as spam. Wildcards may be used. A filter is only applied to direct aliases (aliases with a single target mailbox) excluding catch-all aliases and a mailbox itself.",
         "spamfilter_yellow": "Yellow: this message may be spam, will be tagged as spam and moved to your junk folder",
         "status": "Status",
         "sync_jobs": "Sync jobs",
diff --git a/data/web/templates/admin/tab-config-f2b.twig b/data/web/templates/admin/tab-config-f2b.twig
index d33c242a8..29535b723 100644
--- a/data/web/templates/admin/tab-config-f2b.twig
+++ b/data/web/templates/admin/tab-config-f2b.twig
@@ -118,8 +118,8 @@
           <span class="d-none d-sm-inline"> - </span>
             {% if active_ban.queued_for_unban == 0 %}
             <a data-action="edit_selected" data-item="{{ active_ban.network }}" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"unban"}' href="#">[{{ lang.admin.queue_unban }}]</a>
-            <a data-action="edit_selected" data-item="{{ active_ban.network }}" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"whitelist"}' href="#">[whitelist]</a>
-            <a data-action="edit_selected" data-item="{{ active_ban.network }}" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"blacklist"}' href="#">[blacklist (<b>needs restart</b>)]</a>
+            <a data-action="edit_selected" data-item="{{ active_ban.network }}" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"whitelist"}' href="#">[allowlist]</a>
+            <a data-action="edit_selected" data-item="{{ active_ban.network }}" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"blacklist"}' href="#">[denylist (<b>{{ lang.admin.needs_restart }}</b>)]</a>
             {% else %}
             <i>{{ lang.admin.unban_pending }}</i>
             {% endif %}
diff --git a/docker-compose.yml b/docker-compose.yml
index d95241462..f447dea4a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -477,7 +477,7 @@ services:
             - acme
 
     netfilter-mailcow:
-      image: ghcr.io/mailcow/netfilter:1.61
+      image: ghcr.io/mailcow/netfilter:1.62
       stop_grace_period: 30s
       restart: always
       privileged: true

From 3ee3d7d969aad4c13b7045821f4315561b9f36f4 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Wed, 16 Jul 2025 20:31:58 +0200
Subject: [PATCH 596/755] Translations update from Weblate (#6637)

* [Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.zh-tw.json

Co-authored-by: Anonymous <noreply@weblate.org>

* [Web] Updated lang.ca-es.json

Co-authored-by: Anonymous <noreply@weblate.org>

---------

Co-authored-by: Anonymous <noreply@weblate.org>
---
 data/web/lang/lang.bg-bg.json | 2782 ++++++++++++++++-----------------
 data/web/lang/lang.ca-es.json |    2 +-
 data/web/lang/lang.zh-tw.json |    2 +-
 3 files changed, 1390 insertions(+), 1396 deletions(-)

diff --git a/data/web/lang/lang.bg-bg.json b/data/web/lang/lang.bg-bg.json
index 0d8632859..d17c4dd2b 100644
--- a/data/web/lang/lang.bg-bg.json
+++ b/data/web/lang/lang.bg-bg.json
@@ -1,1397 +1,1391 @@
 {
-  "acl": {
-    "alias_domains": "Добавяне на домейни за псевдоними",
-    "app_passwds": "Управление на пароли за приложения",
-    "bcc_maps": "BCC карти",
-    "delimiter_action": "Действие на разделител",
-    "domain_desc": "Промяна на описанието на домейна",
-    "domain_relayhost": "Промяна на релеен хост за домейн",
-    "eas_reset": "Нулиране на устройствата с ActiveSync",
-    "extend_sender_acl": "Разрешаване на разширяване на ACL на изпращащите от външни адреси",
-    "filters": "Филтри",
-    "login_as": "Вход като потребител на пощенска кутия",
-    "mailbox_relayhost": "Промяна на релеен хост за пощенска кутия",
-    "prohibited": "Забранено от ACL",
-    "protocol_access": "Промяна на достъпа до протоколи",
-    "pushover": "Pushover",
-    "pw_reset": "Разрешаване на нулиране на паролата на потребител на mailcow",
-    "quarantine": "Действия с карантина",
-    "quarantine_attachments": "Прикачени файлове в карантина",
-    "quarantine_category": "Промяна на категорията на уведомленията за карантина",
-    "quarantine_notification": "Промяна на уведомленията за карантина",
-    "ratelimit": "Ограничение на скоростта",
-    "recipient_maps": "Карти на получатели",
-    "smtp_ip_access": "Промяна на разрешените хостове за SMTP",
-    "sogo_access": "Разрешаване на управление на достъпа до SOGo",
-    "sogo_profile_reset": "Нулиране на профила на SOGo",
-    "spam_alias": "Временни псевдоними",
-    "spam_policy": "Черен/Бял списък",
-    "spam_score": "Резултат за спам",
-    "syncjobs": "Синхронизиращи задачи",
-    "tls_policy": "Политика за TLS",
-    "unlimited_quota": "Неограничена квота за пощенски кутии"
-  },
-  "add": {
-    "activate_filter_warn": "Всички други филтри ще бъдат деактивирани, когато активното е отбелязано.",
-    "active": "Активен",
-    "add": "Добавяне",
-    "add_domain_only": "Добавяне само на домейн",
-    "add_domain_restart": "Добавяне на домейн и рестартиране на SOGo",
-    "alias_address": "Адрес/и за псевдоним",
-    "alias_address_info": "<small>Пълни имейл адреси или @example.com, за да хванете всички съобщения за домейн (разделени с запетая). <b>само домейни на mailcow</b>.</small>",
-    "alias_domain": "Домейн за псевдоним",
-    "alias_domain_info": "<small>Валидни имена на домейни (разделени с запетая).</small>",
-    "app_name": "Име на приложението",
-    "app_password": "Добавяне на парола за приложение",
-    "app_passwd_protocols": "Разрешени протоколи за паролата на приложението",
-    "automap": "Опит за автоматично картографиране на папки (\"Изпратени\", \"Изпратени\" => \"Изпратени\" и т.н.)",
-    "backup_mx_options": "Опции за реле",
-    "bcc_dest_format": "BCC дестинацията трябва да бъде един валиден имейл адрес.<br>Ако имате нужда да изпратите копие до множество адреси, създайте псевдоним и го използвайте тук.",
-    "comment_info": "Частен коментар не е видим за потребителя, докато публичен коментар се показва като подсказка при преминаване с мишката върху него в прегледа на потребителя",
-    "custom_params": "Персонализирани параметри",
-    "custom_params_hint": "Дясно: --param=xy, грешно: --param xy",
-    "delete1": "Изтриване от източника след завършване",
-    "delete2": "Изтриване на съобщенията в дестинацията, които не са в източника",
-    "delete2duplicates": "Изтриване на дубликати в дестинацията",
-    "description": "Описание",
-    "destination": "Дестинация",
-    "disable_login": "Забраняване на вход (входящите съобщения все още се приемат)",
-    "domain": "Домейн",
-    "domain_matches_hostname": "Домейнът %s съвпада с името на хоста",
-    "domain_quota_m": "Обща квота на домейна (MiB)",
-    "dry": "Симулиране на синхронизация",
-    "enc_method": "Метод на криптиране",
-    "exclude": "Изключване на обекти (regex)",
-    "full_name": "Пълно име",
-    "gal": "Глобален адресен списък",
-    "gal_info": "Глобалният адресен списък съдържа всички обекти на домейна и не може да бъде редактиран от нито един потребител. Липсва информация за заетост/свободно време в SOGo, ако е деактивирано! <b>Рестартирайте SOGo, за да приложите промените.</b>",
-    "generate": "генериране",
-    "goto_ham": "Учен като <span class=\"text-success\"><b>не е спам</b></span>",
-    "goto_null": "Тихо изхвърляне на имейла",
-    "goto_spam": "Учен като <span class=\"text-danger\"><b>спам</b></span>",
-    "hostname": "Хост",
-    "inactive": "Неактивен",
-    "kind": "Вид",
-    "mailbox_quota_def": "Квота по подразбиране за пощенска кутия",
-    "mailbox_quota_m": "Макс. квота за пощенска кутия (MiB)",
-    "mailbox_username": "Потребителско име (лява част на имейл адрес)",
-    "max_aliases": "Макс. възможни псевдоними",
-    "max_mailboxes": "Макс. възможни пощенски кутии",
-    "mins_interval": "Интервал за проверка (минути)",
-    "multiple_bookings": "Множествени резервации",
-    "nexthop": "Следващ хоп",
-    "password": "Парола",
-    "password_repeat": "Потвърждаване на паролата (повторете)",
-    "port": "Порт",
-    "post_domain_add": "След добавянето на нов домейн, контейнерът на SOGo, \"sogo-mailcow\", трябва да бъде рестартиран!<br><br>Освен това, конфигурацията на DNS на домейна трябва да бъде прегледана. След като конфигурацията на DNS бъде одобрена, рестартирайте \"acme-mailcow\", за да генерирате автоматично сертификати за вашия нов домейн (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;).<br>Тази стъпка е опционална и ще бъде повторена всеки 24 часа.",
-    "private_comment": "Частен коментар",
-    "public_comment": "Публичен коментар",
-    "quota_mb": "Квота (MiB)",
-    "relay_all": "Реле на всички получатели",
-    "relay_all_info": "↪ Ако изберете да <b>не</b> релеирате всички получатели, ще трябва да добавите (\"скрита\") пощенска кутия за всеки отделен получател, който трябва да бъде релеиран.",
-    "relay_domain": "Реле на този домейн",
-    "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Инфо</div> Можете да дефинирате транспортни карти за персонализирана дестинация за този домейн. Ако не е зададено, ще бъде направен MX lookup.",
-    "relay_unknown_only": "Реле на несъществуващи пощенски кутии. Съществуващите пощенски кутии ще бъдат доставени локално.",
-    "relayhost_wrapped_tls_info": "Моля, <b>не</b> използвайте TLS-wrapped портове (най-често използвани на порт 465).<br>\r\nИзползвайте всеки не-wrapped порт и издайте STARTTLS. Политика за TLS може да бъде създадена в \"TLS политики\", за да се наложи TLS.",
-    "select": "Моля, изберете...",
-    "select_domain": "Моля, изберете първо домейн",
-    "sieve_desc": "Кратко описание",
-    "sieve_type": "Тип на филтър",
-    "skipcrossduplicates": "Пропускане на дублирани съобщения между папки (първи дошъл, първи обслужен)",
-    "subscribeall": "Абониране за всички папки",
-    "syncjob": "Добавяне на синхронизираща задача",
-    "syncjob_hint": "Имайте предвид, че паролите трябва да бъдат запазени като обикновен текст!",
-    "tags": "Тагове",
-    "target_address": "Адреси за пренасочване",
-    "target_address_info": "<small>Пълни имейл адреси (разделени с запетая).</small>",
-    "target_domain": "Целеви домейн",
-    "timeout1": "Таймаут за връзка с отдалечен хост",
-    "timeout2": "Таймаут за връзка с локален хост",
-    "username": "Потребителско име",
-    "validate": "Валидиране",
-    "validation_success": "Успешно валидиране"
-  },
-  "admin": {
-    "access": "Достъп",
-    "action": "Действие",
-    "activate_api": "Активиране на API",
-    "activate_send": "Активиране на бутона за изпращане",
-    "active": "Активен",
-    "active_rspamd_settings_map": "Активна карта с настройки",
-    "add": "Добавяне",
-    "add_admin": "Добавяне на администратор",
-    "add_domain_admin": "Добавяне на администратор на домейн",
-    "add_forwarding_host": "Добавяне на хост за препращане",
-    "add_relayhost": "Добавяне на транспорт, зависим от изпращач",
-    "add_relayhost_hint": "Имайте предвид, че данните за удостоверяване, ако има такива, ще бъдат запазени като обикновен текст.",
-    "add_row": "Добавяне на ред",
-    "add_settings_rule": "Добавяне на правило за настройки",
-    "add_transport": "Добавяне на транспорт",
-    "add_transports_hint": "Имайте предвид, че данните за удостоверяване, ако има такива, ще бъдат запазени като обикновен текст.",
-    "additional_rows": "добавени допълнителни редове",
-    "admin": "Администратор",
-    "admin_details": "Редактиране на детайлите на администратора",
-    "admin_domains": "Назначения на домейни",
-    "admins": "Администратори",
-    "admins_ldap": "LDAP администратори",
-    "advanced_settings": "Разширени настройки",
-    "allowed_methods": "Access-Control-Allow-Methods",
-    "allowed_origins": "Access-Control-Allow-Origin",
-    "api_allow_from": "Разрешаване на API достъп от тези IP адреси/CIDR мрежови нотации",
-    "api_info": "API е в процес на разработка. Документацията може да бъде намерена на <a href=\"/api\">/api</a>",
-    "api_key": "API ключ",
-    "api_read_only": "Достъп само за четене",
-    "api_read_write": "Достъп за четене и писане",
-    "api_skip_ip_check": "Пропускане на IP проверка за API",
-    "app_hide": "Скриване за вход",
-    "app_links": "Връзки към приложения",
-    "app_name": "Име на приложението",
-    "apps_name": "Име на \"mailcow приложенията\"",
-    "arrival_time": "Време на пристигане (време на сървъра)",
-    "authed_user": "Удостоверен потребител",
-    "ays": "Сигурни ли сте, че искате да продължите?",
-    "ban_list_info": "Вижте списък с блокирани IP адреси по-долу: <b>мрежа (оставащо време за блокиране) - [действия]</b>.<br />IP адресите в опашката за разблокиране ще бъдат премахнати от активния списък с блокирани в рамките на няколко секунди.<br />Червените етикети показват активни постоянни блокирания от черния списък.",
-    "change_logo": "Промяна на логото",
-    "logo_normal_label": "Нормално",
-    "logo_dark_label": "Обърнато за тъмен режим",
-    "configuration": "Конфигурация",
-    "convert_html_to_text": "Конвертиране на HTML в обикновен текст",
-    "copy_to_clipboard": "Текстът е копиран в клипборда!",
-    "cors_settings": "Настройки на CORS",
-    "credentials_transport_warning": "<b>Внимание</b>: Добавянето на нов запис в картата на транспорта ще обнови данните за удостоверяване за всички записи с съвпадаща колона за следващ хоп.",
-    "customer_id": "Идентификатор на клиента",
-    "customize": "Персонализиране",
-    "destination": "Дестинация",
-    "dkim_add_key": "Добавяне на ARC/DKIM ключ",
-    "dkim_domains_selector": "Селектор",
-    "dkim_domains_wo_keys": "Избор на домейни без ключове",
-    "dkim_from": "От",
-    "dkim_from_title": "Източник на домейн за копиране на данни",
-    "dkim_key_length": "Дължина на DKIM ключа (битове)",
-    "dkim_key_missing": "Липсващ ключ",
-    "dkim_key_unused": "Неизползван ключ",
-    "dkim_key_valid": "Валиден ключ",
-    "dkim_keys": "ARC/DKIM ключове",
-    "dkim_overwrite_key": "Презаписване на съществуващ DKIM ключ",
-    "dkim_private_key": "Частен ключ",
-    "dkim_to": "До",
-    "dkim_to_title": "Целеви домейн/и - ще бъде презаписан",
-    "domain": "Домейн",
-    "domain_admin": "Администратор на домейн",
-    "domain_admins": "Администратори на домейн",
-    "domain_s": "Домейн/и",
-    "duplicate": "Дублиране",
-    "duplicate_dkim": "Дублиране на DKIM запис",
-    "edit": "Редактиране",
-    "empty": "Няма резултати",
-    "excludes": "Изключване на тези получатели",
-    "f2b_ban_time": "Време за блокиране (с)",
-    "f2b_ban_time_increment": "Времето за блокиране се увеличава с всяко блокиране",
-    "f2b_blacklist": "Черни списъци/хостове",
-    "f2b_filter": "Филтри с регулярни изрази",
-    "f2b_list_info": "Черният списък на хостове или мрежи винаги ще надделява над белия списък. <b>Актуализациите на списъка отнемат няколко секунди, за да бъдат приложени.</b>",
-    "f2b_manage_external": "Управление на Fail2Ban външно",
-    "f2b_manage_external_info": "Fail2ban все още ще поддържа черния списък, но няма да задава правила за блокиране на трафика. Използвайте генерирания черн списък по-долу, за да блокирате трафика външно.",
-    "f2b_max_attempts": "Макс. опити",
-    "f2b_max_ban_time": "Макс. време за блокиране (с)",
-    "f2b_netban_ipv4": "IPv4 размер на подмрежа за прилагане на блокиране (8-32)",
-    "f2b_netban_ipv6": "IPv6 размер на подмрежа за прилагане на блокиране (8-128)",
-    "f2b_parameters": "Параметри на Fail2ban",
-    "f2b_regex_info": "Логовете, които се вземат предвид: SOGo, Postfix, Dovecot, PHP-FPM.",
-    "f2b_retry_window": "Прозорец за повторен опит (с) за макс. опити",
-    "f2b_whitelist": "Бели списъци/хостове",
-    "filter": "Филтър",
-    "filter_table": "Таблица с филтри",
-    "forwarding_hosts": "Хостове за препращане",
-    "forwarding_hosts_add_hint": "Можете да посочите IPv4/IPv6 адреси, мрежи в CIDR нотация, имена на хостове (които ще бъдат разрешени в IP адреси), или имена на домейни (които ще бъдат разрешени в IP адреси чрез заявки към SPF записи или, при липсата им, MX записи).",
-    "forwarding_hosts_hint": "Входящите съобщения се приемат безрезервно от всички хостове, изброени тук. Тези хостове след това не се проверяват срещу DNSBL или подлагат на сиво списък. Спамът, получен от тях, никога не се отхвърля, но опционално може да бъде поставен във файла за нежелана поща. Най-често използваната употреба за това е да се посочат пощенски сървъри, на които сте настроили правило, което препраща входящите имейли към вашия mailcow сървър.",
-    "from": "От",
-    "generate": "генериране",
-    "guid": "GUID - уникален инстанционен идентификатор",
-    "guid_and_license": "GUID & Лиценз",
-    "hash_remove_info": "Премахването на хеш за ограничение на скоростта (ако все още съществува) ще нулира неговия брояч напълно.<br>\r\nВсеки хеш е показан с индивидуален цвят.",
-    "help_text": "Презаписване на помощния текст под маската за вход (разрешен е HTML)",
-    "host": "Хост",
-    "html": "HTML",
-    "iam": "Доставчик на идентичност",
-    "iam_attribute_field": "Поле за атрибут",
-    "iam_authorize_url": "Крайна точка за удостоверяване",
-    "iam_auth_flow": "Поток за удостоверяване",
-    "iam_auth_flow_info": "Освен стандартния поток за удостоверяване (поток с код за удостоверяване в Keycloak), който се използва за единичен вход, mailcow поддържа и поток за удостоверяване с пряки удостоверения. Потокът за удостоверяване с пароли за поща проверява удостоверенията на потребителя, като използва Keycloak Admin REST API. mailcow извлича хешираната парола от атрибута <code>mailcow_password</code>, който е картиран в Keycloak.",
-    "iam_basedn": "Основен DN",
-    "iam_client_id": "Идентификатор на клиента",
-    "iam_client_secret": "Тайна на клиента",
-    "iam_client_scopes": "Обхват на клиента",
-    "iam_default_template": "Шаблон по подразбиране",
-    "iam_default_template_description": "Ако няма зададен шаблон за потребител, шаблонът по подразбиране ще бъде използван за създаване на пощенската кутия, но не и за актуализиране на пощенската кутия.",
-    "iam_description": "Конфигуриране на външен доставчик за удостоверяване<br>Потребителските пощенски кутии ще бъдат създавани автоматично при първия им вход, при условие че е зададено картиране на атрибути.",
-    "iam_extra_permission": "За да работят следните настройки, клиентът на mailcow в Keycloak трябва да има <code>услуга акаунт</code> и разрешението да <code>вижда потребители</code>.",
-    "iam_host": "Хост",
-    "iam_host_info": "Въведете един или повече LDAP хостове, разделени с запетаи.",
-    "iam_import_users": "Импортиране на потребители",
-    "iam_mapping": "Картиране на атрибути",
-    "iam_bindpass": "Парола за свързване",
-    "iam_periodic_full_sync": "Периодичен пълен синхрон",
-    "iam_port": "Порт",
-    "iam_realm": "Реалм",
-    "iam_redirect_url": "URL за пренасочване",
-    "iam_rest_flow": "Поток за пароли за поща",
-    "iam_server_url": "URL на сървъра",
-    "iam_sso": "Единичен вход",
-    "iam_sync_interval": "Интервал за синхронизиране/импортиране (мин)",
-    "iam_test_connection": "Тест на връзката",
-    "iam_token_url": "Крайна точка за токени",
-    "iam_userinfo_url": "Крайна точка за информация за потребителя",
-    "iam_username_field": "Поле за потребителско име",
-    "iam_binddn": "DN за свързване",
-    "iam_use_ssl": "Използване на SSL",
-    "iam_use_ssl_info": "Ако активирате SSL и портът е зададен на 389, той ще бъде автоматично променен на 636.",
-    "iam_use_tls": "Използване на StartTLS",
-    "iam_use_tls_info": "Ако активирате TLS, трябва да използвате стандартния порт за вашия LDAP сървър (389). SSL портовете не могат да бъдат използвани.",
-    "iam_version": "Версия",
-    "ignore_ssl_error": "Игнориране на SSL грешки",
-    "import": "Импортиране",
-    "import_private_key": "Импортиране на частен ключ",
-    "in_use_by": "Използван от",
-    "inactive": "Неактивен",
-    "include_exclude": "Включване/Изключване",
-    "include_exclude_info": "По подразбиране - без избор - <b>всички пощенски кутии</b> се адресират",
-    "includes": "Включване на тези получатели",
-    "ip_check": "Проверка на IP",
-    "ip_check_disabled": "Проверката на IP е деактивирана. Можете да я активирате в <br> <strong>Система > Конфигурация > Опции > Персонализиране</strong>",
-    "ip_check_opt_in": "Оптиране за използване на услугата на трета страна <strong>ipv4.mailcow.email</strong> и <strong>ipv6.mailcow.email</strong>, за да разрешавате външни IP адреси.",
-    "is_mx_based": "MX базиран",
-    "last_applied": "Последно приложено",
-    "license_info": "Лицензът не е задължителен, но помага за по-нататъшното развитие.<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL поръчка\">Регистрирайте вашия GUID тук</a> или <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Поддръжка поръчка\">купете поддръжка за вашата инсталация на mailcow.</a>",
-    "link": "Връзка",
-    "loading": "Моля, изчакайте...",
-    "login_time": "Време за вход",
-    "logo_info": "Вашето изображение ще бъде мащабирано до височина 40 px за горната навигационна лента и макс. ширина 250 px за началната страница. Препоръчва се използването на скалируема графика.",
-    "lookup_mx": "Дестинацията е регулярен израз за съвпадение с MX име (<code>.*\\.google\\.com</code> за пренасочване на всички съобщения, предназначени за MX, завършващ на google.com, през този хоп)",
-    "main_name": "Име на \"mailcow UI\"",
-    "merged_vars_hint": "Редовете в сиво са сляти от <code>vars.(local.)inc.php</code> и не могат да бъдат променени.",
-    "message": "Съобщение",
-    "message_size": "Размер на съобщението",
-    "nexthop": "Следващ хоп",
-    "no": "&#10005;",
-    "no_active_bans": "Няма активни блокирания",
-    "no_new_rows": "Няма допълнителни редове",
-    "no_record": "Няма запис",
-    "oauth2_apps": "OAuth2 приложения",
-    "oauth2_add_client": "Добавяне на OAuth2 клиент",
-    "oauth2_client_id": "Идентификатор на клиента",
-    "oauth2_client_secret": "Тайна на клиента",
-    "oauth2_info": "Реализацията на OAuth2 поддържа типа разрешение \"Код за удостоверяване\" и издава токени за презареждане.<br>\r\nСървърът автоматично издава нови токени за презареждане, след като токен за презареждане е бил използван.<br><br>\r\n&#8226; Обхватът по подразбиране е <i>профил</i>. Само потребителите на пощенски кутии могат да бъдат удостоверени срещу OAuth2. Ако параметърът за обхват е пропуснат, той се връща към <i>профил</i>.<br>\r\n&#8226; Параметърът <i>state</i> трябва да бъде изпратен от клиента като част от заявката за удостоверяване.<br><br>\r\nПътища за заявки към OAuth2 API: <br>\r\n<ul>\r\n  <li>Крайна точка за удостоверяване: <code>/oauth/authorize</code></li>\r\n  <li>Крайна точка за токени: <code>/oauth/token</code></li>\r\n  <li>Страница с ресурси:  <code>/oauth/profile</code></li>\r\n</ul>\r\nГенерирането на нова тайна на клиента няма да анулира съществуващите кодове за удостоверяване, но те няма да могат да подновят своя токен.<br><br>\r\nАнулирането на токените на клиента ще доведе до незабавно прекратяване на всички активни сесии. Всички клиенти ще трябва да се преудостоверят.",
-    "oauth2_redirect_uri": "URI за пренасочване",
-    "oauth2_renew_secret": "Генериране на нова тайна на клиента",
-    "oauth2_revoke_tokens": "Анулиране на всички токени на клиента",
-    "optional": "опционално",
-    "options": "Опции",
-    "password": "Парола",
-    "password_length": "Дължина на паролата",
-    "password_policy": "Политика за пароли",
-    "password_policy_chars": "Трябва да съдържа поне една буквена буква",
-    "password_policy_length": "Минималната дължина на паролата е %d",
-    "password_policy_lowerupper": "Трябва да съдържа малки и главни букви",
-    "password_policy_numbers": "Трябва да съдържа поне една цифра",
-    "password_policy_special_chars": "Трябва да съдържа специални символи",
-    "password_repeat": "Потвърждаване на паролата (повторете)",
-    "password_reset_info": "Ако не е зададен имейл за възстановяване, тази функция не може да бъде използвана.",
-    "password_reset_settings": "Настройки за възстановяване на парола",
-    "password_reset_tmpl_html": "HTML шаблон",
-    "password_reset_tmpl_text": "Текстов шаблон",
-    "password_settings": "Настройки на паролата",
-    "priority": "Приоритет",
-    "private_key": "Частен ключ",
-    "quarantine": "Карантина",
-    "quarantine_bcc": "Изпращане на копие от всички уведомления (BCC) до този получател:<br><small>Оставете празно, за да деактивирате. <b>Неподписано, непроверено имейл. Трябва да бъде доставено само вътрешно.</b></small>",
-    "quarantine_exclude_domains": "Изключване на домейни и домейни на псевдоними",
-    "quarantine_max_age": "Максимална възраст в дни<br><small>Стойността трябва да бъде равна или по-голяма от 1 ден.</small>",
-    "quarantine_max_score": "Изхвърляне на уведомление, ако резултатът за спам на имейла е по-висок от тази стойност:<br><small>По подразбиране е 9999.0</small>",
-    "quarantine_max_size": "Максимален размер в MiB (по-големи елементи се изхвърлят):<br><small>0 не означава неограничен.</small>",
-    "quarantine_notification_html": "Шаблон на имейл за уведомление:<br><small>Оставете празно, за да възстановите шаблона по подразбиране.</small>",
-    "quarantine_notification_sender": "Изпращач на имейл за уведомление",
-    "quarantine_notification_subject": "Тема на имейл за уведомление",
-    "quarantine_redirect": "<b>Пренасочване на всички уведомления</b> към този получател:<br><small>Оставете празно, за да деактивирате. <b>Неподписано, непроверено имейл. Трябва да бъде доставено само вътрешно.</b></small>",
-    "quarantine_release_format": "Формат на освободените елементи",
-    "quarantine_release_format_att": "Като прикачен файл",
-    "quarantine_release_format_raw": "Непроменен оригинал",
-    "quarantine_retention_size": "Задържания за пощенска кутия:<br><small>0 показва <b>неактивен</b>.</small>",
-    "quota_notification_html": "Шаблон на имейл за уведомление:<br><small>Оставете празно, за да възстановите шаблона по подразбиране.</small>",
-    "quota_notification_sender": "Изпращач на имейл за уведомление",
-    "quota_notification_subject": "Тема на имейл за уведомление",
-    "quota_notifications": "Уведомления за квота",
-    "quota_notifications_info": "Уведомленията за квота се изпращат на потребителите веднъж при преминаване на 80% и веднъж при преминаване на 95% използване.",
-    "quota_notifications_vars": "{{percent}} е равно на текущата квота на потребителя<br>{{username}} е името на пощенската кутия",
-    "queue_unban": "разблокиране",
-    "r_active": "Активни ограничения",
-    "r_inactive": "Неактивни ограничения",
-    "r_info": "Елементите в сиво в списъка с активни ограничения не са известни като валидни ограничения за mailcow и не могат да бъдат преместени. Неизвестните ограничения ще бъдат зададени в реда на появяване все пак.<br>Можете да добавяте нови елементи в <code>inc/vars.local.inc.php</code>, за да можете да ги превключвате.",
-    "rate_name": "Име на ограничението",
-    "recipients": "Получатели",
-    "refresh": "Опресняване",
-    "regen_api_key": "Регенериране на API ключ",
-    "regex_maps": "Карти с регулярни изрази",
-    "relay_from": "Адрес \"From:\"",
-    "relay_rcpt": "Адрес \"To:\"",
-    "relay_run": "Изпълнение на тест",
-    "relayhosts": "Транспорти, зависими от изпращач",
-    "relayhosts_hint": "Дефинирайте транспорти, зависими от изпращач, за да можете да ги избирате в диалоговия прозорец за конфигурация на домейн.<br>\r\n  Услугата за транспорт винаги е \"smtp:\" и ще се опита да използва TLS, ако бъде предложена. Wrapped TLS (SMTPS) не се поддържа. Политиката за TLS на потребителя ще бъде взета предвид.<br>\r\n  Засегнатите домейни, включително домейни на псевдоними.",
-    "remove": "Премахване",
-    "remove_row": "Премахване на ред",
-    "reset_default": "Нулиране до подразбиране",
-    "reset_limit": "Премахване на хеш",
-    "reset_password_vars": "<code>{{link}}</code> Генерираната връзка за нулиране на парола<br><code>{{username}}</code> Името на пощенската кутия на потребителя, който е поискал нулиране на парола<br><code>{{username2}}</code> Името на пощенската кутия за възстановяване<br><code>{{date}}</code> Датата на заявката за нулиране на парола<br><code>{{token_lifetime}}</code> Времетраенето на токена в минути<br><code>{{hostname}}</code> Името на хоста на mailcow",
-    "restore_template": "Оставете празно, за да възстановите шаблона по подразбиране.",
-    "routing": "Маршрутизация",
-    "rsetting_add_rule": "Добавяне на правило",
-    "rsetting_content": "Съдържание на правилото",
-    "rsetting_desc": "Кратко описание",
-    "rsetting_no_selection": "Моля, изберете правило",
-    "rsetting_none": "Няма налични правила",
-    "rsettings_insert_preset": "Вмъкване на примерен предефиниран набор \"%s\"",
-    "rsettings_preset_1": "Деактивиране на всичко, освен DKIM и ограничение на скоростта за удостоверени потребители",
-    "rsettings_preset_2": "Пощенските администратори искат спам",
-    "rsettings_preset_3": "Разрешаване само на определени изпращачи за пощенска кутия (напр. използване като вътрешна пощенска кутия)",
-    "rsettings_preset_4": "Деактивиране на Rspamd за домейн",
-    "rspamd_com_settings": "Името на настройката ще бъде автоматично генерирано, моля, вижте примерните предефинирани набори по-долу. За повече детайли вижте <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">документацията на Rspamd</a>",
-    "rspamd_global_filters": "Глобални карти на филтри",
-    "rspamd_global_filters_agree": "Ще бъда внимателен!",
-    "rspamd_global_filters_info": "Глобалните карти на филтри съдържат различни видове глобални черни и бели списъци.",
-    "rspamd_global_filters_regex": "Имената им обясняват тяхната цел. Всичкото съдържание трябва да съдържа валиден регулярен израз във формат \"/pattern/options\" (напр. <code>/.+@domain\\.tld/i</code>).<br>\r\n  Въпреки че се извършват основни проверки за всеки ред с регулярен израз, функционалността на Rspamd може да бъде нарушена, ако не успява да прочете синтаксиса коректно.<br>\r\n  Rspamd ще се опита да прочете съдържанието на картата при промяна. Ако срещнете проблеми, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">рестартирайте Rspamd</a>, за да наложите презареждане на картата.<br>Елементите в черния списък са изключени от карантина.",
-    "rspamd_settings_map": "Карта с настройки на Rspamd",
-    "sal_level": "Ниво на Moo",
-    "save": "Запазване на промените",
-    "search_domain_da": "Търсене на домейни",
-    "send": "Изпращане",
-    "sender": "Изпращач",
-    "service": "Услуга",
-    "service_id": "Идентификатор на услугата",
-    "source": "Източник",
-    "spamfilter": "Филтър за спам",
-    "subject": "Тема",
-    "success": "Успех",
-    "sys_mails": "Системни имейли",
-    "task": "Задача",
-    "text": "Текст",
-    "time": "Време",
-    "title": "Заглавие",
-    "title_name": "Име на уеб страницата на \"mailcow UI\"",
-    "to_top": "Обратно нагоре",
-    "transport_dest_format": "Регулярен израз или синтаксис: example.org, .example.org, *, box@example.org (няколко стойности могат да бъдат разделени с запетая)",
-    "transport_maps": "Карти за транспорт",
-    "transport_test_rcpt_info": "&#8226; Използвайте null@hosted.mailcow.de, за да тествате препращането към чуждестранна дестинация.",
-    "transports_hint": "&#8226; Записът в картата на транспорта <b>пренарежда</b> запис в картата на транспорт, зависим от изпращач</b>.<br>\r\n&#8226; Транспортите, базирани на MX, се използват предимно.<br>\r\n&#8226; Настройките за политика на TLS на потребителя се игнорират и могат да бъдат приложени само чрез записи в картите на политиката на TLS.<br>\r\n&#8226; Услугата за транспорт за дефинираните транспорти винаги е \"smtp:\" и ще се опита да използва TLS, ако бъде предложена. Wrapped TLS (SMTPS) не се поддържа.<br>\r\n&#8226; Адресите, съвпадащи с \"/localhost$/\", винаги ще бъдат транспортирани през \"local:\", следователно записът \"*\" няма да се приложи към тези адреси.<br>\r\n&#8226; За да определите удостоверения за следващ хоп \"[host]:25\", Postfix <b>винаги</b> заявява за \"host\", преди да търси за \"[host]:25\". Това поведение прави невъзможно да се използват \"host\" и \"[host]:25\" едновременно.",
-    "ui_footer": "Подвал (разрешен е HTML)",
-    "ui_header_announcement": "Обяви",
-    "ui_header_announcement_active": "Задаване на активна обява",
-    "ui_header_announcement_content": "Текст (разрешен е HTML)",
-    "ui_header_announcement_help": "Обявата е видима за всички влезли потребители и на екрана за вход на UI.",
-    "ui_header_announcement_select": "Избор на тип обява",
-    "ui_header_announcement_type": "Тип",
-    "ui_header_announcement_type_danger": "Много важно",
-    "ui_header_announcement_type_info": "Информация",
-    "ui_header_announcement_type_warning": "Важно",
-    "ui_texts": "Етикети и текстове на UI",
-    "unban_pending": "разблокиране в опашката",
-    "unchanged_if_empty": "Ако не е променено, оставете празно",
-    "upload": "Качване",
-    "username": "Потребителско име",
-    "user_link": "Връзка към потребител",
-    "validate_license_now": "Валидиране на GUID срещу лицензен сървър",
-    "verify": "Проверка",
-    "yes": "&#10003;"
-  },
-  "danger": {
-    "access_denied": "Достъпът е отказан или данните от формуляра са невалидни",
-    "alias_domain_invalid": "Домейнът на псевдонима %s е невалиден",
-    "alias_empty": "Адресът на псевдонима не трябва да е празен",
-    "alias_goto_identical": "Адресът на псевдонима и адресът за пренасочване не трябва да са идентични",
-    "alias_invalid": "Адресът на псевдонима %s е невалиден",
-    "aliasd_targetd_identical": "Домейнът на псевдонима не трябва да е равен на целевия домейн: %s",
-    "aliases_in_use": "Макс. псевдоними трябва да бъдат по-големи или равни на %d",
-    "app_name_empty": "Името на приложението не може да бъде празно",
-    "app_passwd_id_invalid": "Идентификаторът на паролата за приложението %s е невалиден",
-    "authsource_in_use": "Доставчикът на идентичност не може да бъде променен или изтрит, тъй като се използва в момента от един или повече потребители.",
-    "bcc_empty": "BCC дестинацията не може да бъде празна",
-    "bcc_exists": "Картата BCC %s съществува за тип %s",
-    "bcc_must_be_email": "BCC дестинацията %s не е валиден имейл адрес",
-    "comment_too_long": "Коментарът е твърде дълъг, разрешени са макс. 160 символа",
-    "cors_invalid_method": "Зададен е невалиден метод за разрешаване",
-    "cors_invalid_origin": "Зададен е невалиден източник за разрешаване",
-    "defquota_empty": "Квотата по подразбиране за пощенска кутия не трябва да бъде 0.",
-    "demo_mode_enabled": "Режимът на демонстрация е активиран",
-    "description_invalid": "Описанието на ресурса за %s е невалидно",
-    "dkim_domain_or_sel_exists": "Съществува DKIM ключ за \"%s\", който няма да бъде презаписан",
-    "dkim_domain_or_sel_invalid": "DKIM домейн или селектор е невалиден: %s",
-    "domain_cannot_match_hostname": "Домейнът не може да съвпада с името на хоста",
-    "domain_exists": "Домейнът %s вече съществува",
-    "domain_invalid": "Името на домейна е празно или невалидно",
-    "domain_not_empty": "Не може да бъде премахнат непразен домейн %s",
-    "domain_not_found": "Домейнът %s не е намерен",
-    "domain_quota_m_in_use": "Квотата на домейна трябва да бъде по-голяма или равна на %s MiB",
-    "extended_sender_acl_denied": "липсва ACL за задаване на външни адреси на изпращач",
-    "extra_acl_invalid": "Външният адрес на изпращач \"%s\" е невалиден",
-    "extra_acl_invalid_domain": "Външният изпращач \"%s\" използва невалиден домейн",
-    "fido2_verification_failed": "Проверката на FIDO2 е неуспешна: %s",
-    "file_open_error": "Файлът не може да бъде отворен за писане",
-    "filter_type": "Грешен тип на филтър",
-    "from_invalid": "Изпращачът не трябва да бъде празен",
-    "generic_server_error": "Възникна неочаквана грешка на сървъра. Моля, свържете се с вашия администратор.",
-    "global_filter_write_error": "Файлът с филтър не може да бъде записан: %s",
-    "global_map_invalid": "Идентификаторът на глобалната карта %s е невалиден",
-    "global_map_write_error": "Глобалният идентификатор на картата %s не може да бъде записан: %s",
-    "goto_empty": "Адресът на псевдоним трябва да съдържа поне един валиден адрес за пренасочване",
-    "goto_invalid": "Адресът за пренасочване %s е невалиден",
-    "ham_learn_error": "Грешка при обучение за не-спам: %s",
-    "iam_test_connection": "Връзката е неуспешна",
-    "imagick_exception": "Грешка: Грешка при четене на изображение с Imagick",
-    "img_dimensions_exceeded": "Изображението надхвърля максималния размер",
-    "img_invalid": "Не може да се валидира файл с изображение",
-    "img_size_exceeded": "Изображението надхвърля максималния размер на файла",
-    "img_tmp_missing": "Не може да се валидира файл с изображение: Липсва временен файл",
-    "invalid_bcc_map_type": "Невалиден тип на картата BCC",
-    "invalid_destination": "Форматът на дестинацията \"%s\" е невалиден",
-    "invalid_filter_type": "Невалиден тип на филтър",
-    "invalid_host": "Зададен е невалиден хост: %s",
-    "invalid_mime_type": "Невалиден MIME тип",
-    "invalid_nexthop": "Форматът на следващия хоп е невалиден",
-    "invalid_nexthop_authenticated": "Следващият хоп съществува с различни удостоверения, моля, актуализирайте съществуващите удостоверения за този следващ хоп първо.",
-    "invalid_recipient_map_new": "Зададен е невалиден нов получател: %s",
-    "invalid_recipient_map_old": "Зададен е невалиден оригинален получател: %s",
-    "invalid_reset_token": "Невалиден токен за нулиране",
-    "ip_list_empty": "Списъкът с разрешени IP адреси не може да бъде празен",
-    "is_alias": "%s вече е известен като адрес на псевдоним",
-    "is_alias_or_mailbox": "%s вече е известен като адрес на псевдоним, пощенска кутия или адрес на псевдоним, разширен от домейн на псевдоним.",
-    "is_spam_alias": "%s вече е известен като временен адрес на псевдоним (спам адрес на псевдоним)",
-    "last_key": "Последното ключове не може да бъде изтрито, моля, деактивирайте TFA вместо това.",
-    "login_failed": "Неуспешен вход",
-    "mailbox_defquota_exceeds_mailbox_maxquota": "Квотата по подразбиране надхвърля лимита на макс. квота",
-    "mailbox_invalid": "Името на пощенската кутия е невалидно",
-    "mailbox_quota_exceeded": "Квотата надхвърля лимита на домейна (макс. %d MiB)",
-    "mailbox_quota_exceeds_domain_quota": "Макс. квотата надхвърля лимита на квотата на домейна",
-    "mailbox_quota_left_exceeded": "Няма достатъчно място (оставащо място: %d MiB)",
-    "mailboxes_in_use": "Макс. пощенски кутии трябва да бъдат по-големи или равни на %d",
-    "malformed_username": "Неправилно формирано потребителско име",
-    "map_content_empty": "Съдържанието на картата не може да бъде празно",
-    "max_alias_exceeded": "Макс. псевдоними са надхвърлени",
-    "max_mailbox_exceeded": "Макс. пощенски кутии са надхвърлени (%d от %d)",
-    "max_quota_in_use": "Квотата на пощенската кутия трябва да бъде по-голяма или равна на %d MiB",
-    "maxquota_empty": "Макс. квотата за пощенска кутия не трябва да бъде 0.",
-    "mysql_error": "Грешка на MySQL: %s",
-    "network_host_invalid": "Невалидна мрежа или хост: %s",
-    "next_hop_interferes": "%s се намесва с nexthop %s",
-    "next_hop_interferes_any": "Съществуващ следващ хоп се намесва с %s",
-    "nginx_reload_failed": "Презареждането на Nginx е неуспешно: %s",
-    "no_user_defined": "Няма зададен потребител",
-    "object_exists": "Обектът %s вече съществува",
-    "object_is_not_numeric": "Стойността %s не е числова",
-    "password_complexity": "Паролата не отговаря на изискванията",
-    "password_empty": "Паролата не трябва да бъде празна",
-    "password_mismatch": "Паролата за потвърждение не съвпада",
-    "password_reset_invalid_user": "Пощенската кутия не е намерена или не е зададен имейл за възстановяване",
-    "password_reset_na": "Възстановяването на парола в момента е недостъпно. Моля, свържете се с вашия администратор.",
-    "policy_list_from_exists": "Съществува запис с даденото име",
-    "policy_list_from_invalid": "Записът има невалиден формат",
-    "private_key_error": "Грешка с частен ключ: %s",
-    "pushover_credentials_missing": "Липсва токен или ключ на Pushover",
-    "pushover_key": "Ключът на Pushover има грешен формат",
-    "pushover_token": "Токенът на Pushover има грешен формат",
-    "quota_not_0_not_numeric": "Квотата трябва да бъде числова и >= 0",
-    "recipient_map_entry_exists": "Съществува запис в картата на получатели \"%s\"",
-    "recovery_email_failed": "Не може да бъде изпратен имейл за възстановяване. Моля, свържете се с вашия администратор.",
-    "redis_error": "Грешка на Redis: %s",
-    "relayhost_invalid": "Записът в картата %s е невалиден",
-    "release_send_failed": "Съобщението не може да бъде освободено: %s",
-    "required_data_missing": "Липсват необходими данни %s",
-    "reset_f2b_regex": "Регулярният филтър не може да бъде нулиран навреме, моля, опитайте отново или изчакайте още няколко секунди и презаредете уеб сайта.",
-    "reset_token_limit_exceeded": "Лимитът на токена за нулиране е надхвърлен. Моля, опитайте по-късно.",
-    "resource_invalid": "Името на ресурса %s е невалидно",
-    "rl_timeframe": "Временният интервал за ограничение на скоростта е некоректен",
-    "rspamd_ui_pw_length": "Паролата на UI на Rspamd трябва да бъде поне 6 символа",
-    "script_empty": "Скриптът не може да бъде празен",
-    "sender_acl_invalid": "Стойността на ACL на изпращач %s е невалидна",
-    "set_acl_failed": "Неуспешно задаване на ACL",
-    "settings_map_invalid": "Идентификаторът на картата с настройки %s е невалиден",
-    "sieve_error": "Грешка при синтаксиса на Sieve: %s",
-    "spam_learn_error": "Грешка при обучение за спам: %s",
-    "subject_empty": "Темата не трябва да бъде празна",
-    "target_domain_invalid": "Целевият домейн %s е невалиден",
-    "targetd_not_found": "Целевият домейн %s не е намерен",
-    "targetd_relay_domain": "Целевият домейн %s е домейн за реле",
-    "template_exists": "Шаблонът %s вече съществува",
-    "template_id_invalid": "Идентификаторът на шаблона %s е невалиден",
-    "template_name_invalid": "Името на шаблона е невалидно",
-    "temp_error": "Временна грешка",
-    "text_empty": "Текстът не трябва да бъде празен",
-    "tfa_token_invalid": "Токенът за TFA е невалиден",
-    "tls_policy_map_dest_invalid": "Дестинацията на политиката е невалидна",
-    "tls_policy_map_entry_exists": "Съществува запис в картата на политиката на TLS \"%s\"",
-    "tls_policy_map_parameter_invalid": "Параметърът на политиката е невалиден",
-    "to_invalid": "Получателят не трябва да бъде празен",
-    "totp_verification_failed": "Проверката на TOTP е неуспешна",
-    "transport_dest_exists": "Дестинацията на транспорта \"%s\" съществува",
-    "webauthn_verification_failed": "Проверката на WebAuthn е неуспешна: %s",
-    "webauthn_authenticator_failed": "Избраният аутентикатор не е намерен",
-    "webauthn_publickey_failed": "Не е запазен публичен ключ за избрания аутентикатор",
-    "webauthn_username_failed": "Избраният аутентикатор принадлежи на друга сметка",
-    "unknown": "Възникна неизвестна грешка",
-    "unknown_tfa_method": "Неизвестен метод за TFA",
-    "unlimited_quota_acl": "Неограничената квота е забранена от ACL",
-    "username_invalid": "Потребителското име %s не може да бъде използвано",
-    "validity_missing": "Моля, задайте период на валидност",
-    "value_missing": "Моля, предоставете всички стойности",
-    "yotp_verification_failed": "Проверката на Yubico OTP е неуспешна: %s"
-  },
-  "datatables": {
-    "collapse_all": "Свиване на всичко",
-    "decimal": ".",
-    "emptyTable": "Няма данни в таблицата",
-    "expand_all": "Разширяване на всичко",
-    "info": "Показване на _START_ до _END_ от _TOTAL_ записа",
-    "infoEmpty": "Показване на 0 до 0 от 0 записа",
-    "infoFiltered": "(филтрирани от общо _MAX_ записа)",
-    "infoPostFix": "",
-    "thousands": ",",
-    "lengthMenu": "Показване на _MENU_ записа",
-    "loadingRecords": "Зареждане...",
-    "processing": "Моля, изчакайте...",
-    "search": "Търсене:",
-    "zeroRecords": "Няма съвпадащи записи",
-    "paginate": {
-      "first": "Първи",
-      "last": "Последен",
-      "next": "Следващ",
-      "previous": "Предишен"
+    "acl": {
+        "alias_domains": "Добавяне на домейни за псевдоними",
+        "app_passwds": "Управление на пароли за приложения",
+        "bcc_maps": "BCC карти",
+        "delimiter_action": "Действие на разделител",
+        "domain_desc": "Промяна на описанието на домейна",
+        "domain_relayhost": "Промяна на релеен хост за домейн",
+        "eas_reset": "Нулиране на устройствата с ActiveSync",
+        "extend_sender_acl": "Разрешаване на разширяване на ACL на изпращащите от външни адреси",
+        "filters": "Филтри",
+        "login_as": "Вход като потребител на пощенска кутия",
+        "mailbox_relayhost": "Промяна на релеен хост за пощенска кутия",
+        "prohibited": "Забранено от ACL",
+        "protocol_access": "Промяна на достъпа до протоколи",
+        "pushover": "Pushover",
+        "pw_reset": "Разрешаване на нулиране на паролата на потребител на mailcow",
+        "quarantine": "Действия с карантина",
+        "quarantine_attachments": "Прикачени файлове в карантина",
+        "quarantine_category": "Промяна на категорията на уведомленията за карантина",
+        "quarantine_notification": "Промяна на уведомленията за карантина",
+        "ratelimit": "Ограничение на скоростта",
+        "recipient_maps": "Карти на получатели",
+        "smtp_ip_access": "Промяна на разрешените хостове за SMTP",
+        "sogo_access": "Разрешаване на управление на достъпа до SOGo",
+        "sogo_profile_reset": "Нулиране на профила на SOGo",
+        "spam_alias": "Временни псевдоними",
+        "spam_policy": "Черен/Бял списък",
+        "spam_score": "Резултат за спам",
+        "syncjobs": "Синхронизиращи задачи",
+        "tls_policy": "Политика за TLS",
+        "unlimited_quota": "Неограничена квота за пощенски кутии"
     },
-    "aria": {
-      "sortAscending": ": активиране за сортиране на колоната във възходящ ред",
-      "sortDescending": ": активиране за сортиране на колоната в низходящ ред"
+    "add": {
+        "activate_filter_warn": "Всички други филтри ще бъдат деактивирани, когато активното е отбелязано.",
+        "active": "Активен",
+        "add": "Добавяне",
+        "add_domain_only": "Добавяне само на домейн",
+        "add_domain_restart": "Добавяне на домейн и рестартиране на SOGo",
+        "alias_address": "Адрес/и за псевдоним",
+        "alias_address_info": "<small>Пълни имейл адреси или @example.com, за да хванете всички съобщения за домейн (разделени с запетая). <b>само домейни на mailcow</b>.</small>",
+        "alias_domain": "Домейн за псевдоним",
+        "alias_domain_info": "<small>Валидни имена на домейни (разделени с запетая).</small>",
+        "app_name": "Име на приложението",
+        "app_password": "Добавяне на парола за приложение",
+        "app_passwd_protocols": "Разрешени протоколи за паролата на приложението",
+        "automap": "Опит за автоматично картографиране на папки (\"Изпратени\", \"Изпратени\" => \"Изпратени\" и т.н.)",
+        "backup_mx_options": "Опции за реле",
+        "bcc_dest_format": "BCC дестинацията трябва да бъде един валиден имейл адрес.<br>Ако имате нужда да изпратите копие до множество адреси, създайте псевдоним и го използвайте тук.",
+        "comment_info": "Частен коментар не е видим за потребителя, докато публичен коментар се показва като подсказка при преминаване с мишката върху него в прегледа на потребителя",
+        "custom_params": "Персонализирани параметри",
+        "custom_params_hint": "Дясно: --param=xy, грешно: --param xy",
+        "delete1": "Изтриване от източника след завършване",
+        "delete2": "Изтриване на съобщенията в дестинацията, които не са в източника",
+        "delete2duplicates": "Изтриване на дубликати в дестинацията",
+        "description": "Описание",
+        "destination": "Дестинация",
+        "disable_login": "Забраняване на вход (входящите съобщения все още се приемат)",
+        "domain": "Домейн",
+        "domain_matches_hostname": "Домейнът %s съвпада с името на хоста",
+        "domain_quota_m": "Обща квота на домейна (MiB)",
+        "dry": "Симулиране на синхронизация",
+        "enc_method": "Метод на криптиране",
+        "exclude": "Изключване на обекти (regex)",
+        "full_name": "Пълно име",
+        "gal": "Глобален адресен списък",
+        "gal_info": "Глобалният адресен списък съдържа всички обекти на домейна и не може да бъде редактиран от нито един потребител. Липсва информация за заетост/свободно време в SOGo, ако е деактивирано! <b>Рестартирайте SOGo, за да приложите промените.</b>",
+        "generate": "генериране",
+        "goto_ham": "Учен като <span class=\"text-success\"><b>не е спам</b></span>",
+        "goto_null": "Тихо изхвърляне на имейла",
+        "goto_spam": "Учен като <span class=\"text-danger\"><b>спам</b></span>",
+        "hostname": "Хост",
+        "inactive": "Неактивен",
+        "kind": "Вид",
+        "mailbox_quota_def": "Квота по подразбиране за пощенска кутия",
+        "mailbox_quota_m": "Макс. квота за пощенска кутия (MiB)",
+        "mailbox_username": "Потребителско име (лява част на имейл адрес)",
+        "max_aliases": "Макс. възможни псевдоними",
+        "max_mailboxes": "Макс. възможни пощенски кутии",
+        "mins_interval": "Интервал за проверка (минути)",
+        "multiple_bookings": "Множествени резервации",
+        "nexthop": "Следващ хоп",
+        "password": "Парола",
+        "password_repeat": "Потвърждаване на паролата (повторете)",
+        "port": "Порт",
+        "post_domain_add": "След добавянето на нов домейн, контейнерът на SOGo, \"sogo-mailcow\", трябва да бъде рестартиран!<br><br>Освен това, конфигурацията на DNS на домейна трябва да бъде прегледана. След като конфигурацията на DNS бъде одобрена, рестартирайте \"acme-mailcow\", за да генерирате автоматично сертификати за вашия нов домейн (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;).<br>Тази стъпка е опционална и ще бъде повторена всеки 24 часа.",
+        "private_comment": "Частен коментар",
+        "public_comment": "Публичен коментар",
+        "quota_mb": "Квота (MiB)",
+        "relay_all": "Реле на всички получатели",
+        "relay_all_info": "↪ Ако изберете да <b>не</b> релеирате всички получатели, ще трябва да добавите (\"скрита\") пощенска кутия за всеки отделен получател, който трябва да бъде релеиран.",
+        "relay_domain": "Реле на този домейн",
+        "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Инфо</div> Можете да дефинирате транспортни карти за персонализирана дестинация за този домейн. Ако не е зададено, ще бъде направен MX lookup.",
+        "relay_unknown_only": "Реле на несъществуващи пощенски кутии. Съществуващите пощенски кутии ще бъдат доставени локално.",
+        "relayhost_wrapped_tls_info": "Моля, <b>не</b> използвайте TLS-wrapped портове (най-често използвани на порт 465).<br>\r\nИзползвайте всеки не-wrapped порт и издайте STARTTLS. Политика за TLS може да бъде създадена в \"TLS политики\", за да се наложи TLS.",
+        "select": "Моля, изберете...",
+        "select_domain": "Моля, изберете първо домейн",
+        "sieve_desc": "Кратко описание",
+        "sieve_type": "Тип на филтър",
+        "skipcrossduplicates": "Пропускане на дублирани съобщения между папки (първи дошъл, първи обслужен)",
+        "subscribeall": "Абониране за всички папки",
+        "syncjob": "Добавяне на синхронизираща задача",
+        "syncjob_hint": "Имайте предвид, че паролите трябва да бъдат запазени като обикновен текст!",
+        "tags": "Тагове",
+        "target_address": "Адреси за пренасочване",
+        "target_address_info": "<small>Пълни имейл адреси (разделени с запетая).</small>",
+        "target_domain": "Целеви домейн",
+        "timeout1": "Таймаут за връзка с отдалечен хост",
+        "timeout2": "Таймаут за връзка с локален хост",
+        "username": "Потребителско име",
+        "validate": "Валидиране",
+        "validation_success": "Успешно валидиране"
+    },
+    "admin": {
+        "access": "Достъп",
+        "action": "Действие",
+        "activate_api": "Активиране на API",
+        "activate_send": "Активиране на бутона за изпращане",
+        "active": "Активен",
+        "active_rspamd_settings_map": "Активна карта с настройки",
+        "add": "Добавяне",
+        "add_admin": "Добавяне на администратор",
+        "add_domain_admin": "Добавяне на администратор на домейн",
+        "add_forwarding_host": "Добавяне на хост за препращане",
+        "add_relayhost": "Добавяне на транспорт, зависим от изпращач",
+        "add_relayhost_hint": "Имайте предвид, че данните за удостоверяване, ако има такива, ще бъдат запазени като обикновен текст.",
+        "add_row": "Добавяне на ред",
+        "add_settings_rule": "Добавяне на правило за настройки",
+        "add_transport": "Добавяне на транспорт",
+        "add_transports_hint": "Имайте предвид, че данните за удостоверяване, ако има такива, ще бъдат запазени като обикновен текст.",
+        "additional_rows": "добавени допълнителни редове",
+        "admin": "Администратор",
+        "admin_details": "Редактиране на детайлите на администратора",
+        "admin_domains": "Назначения на домейни",
+        "admins": "Администратори",
+        "admins_ldap": "LDAP администратори",
+        "advanced_settings": "Разширени настройки",
+        "allowed_methods": "Access-Control-Allow-Methods",
+        "allowed_origins": "Access-Control-Allow-Origin",
+        "api_allow_from": "Разрешаване на API достъп от тези IP адреси/CIDR мрежови нотации",
+        "api_info": "API е в процес на разработка. Документацията може да бъде намерена на <a href=\"/api\">/api</a>",
+        "api_key": "API ключ",
+        "api_read_only": "Достъп само за четене",
+        "api_read_write": "Достъп за четене и писане",
+        "api_skip_ip_check": "Пропускане на IP проверка за API",
+        "app_hide": "Скриване за вход",
+        "app_links": "Връзки към приложения",
+        "app_name": "Име на приложението",
+        "apps_name": "Име на \"mailcow приложенията\"",
+        "arrival_time": "Време на пристигане (време на сървъра)",
+        "authed_user": "Удостоверен потребител",
+        "ays": "Сигурни ли сте, че искате да продължите?",
+        "ban_list_info": "Вижте списък с блокирани IP адреси по-долу: <b>мрежа (оставащо време за блокиране) - [действия]</b>.<br />IP адресите в опашката за разблокиране ще бъдат премахнати от активния списък с блокирани в рамките на няколко секунди.<br />Червените етикети показват активни постоянни блокирания от черния списък.",
+        "change_logo": "Промяна на логото",
+        "logo_normal_label": "Нормално",
+        "logo_dark_label": "Обърнато за тъмен режим",
+        "configuration": "Конфигурация",
+        "convert_html_to_text": "Конвертиране на HTML в обикновен текст",
+        "copy_to_clipboard": "Текстът е копиран в клипборда!",
+        "cors_settings": "Настройки на CORS",
+        "credentials_transport_warning": "<b>Внимание</b>: Добавянето на нов запис в картата на транспорта ще обнови данните за удостоверяване за всички записи с съвпадаща колона за следващ хоп.",
+        "customer_id": "Идентификатор на клиента",
+        "customize": "Персонализиране",
+        "destination": "Дестинация",
+        "dkim_add_key": "Добавяне на ARC/DKIM ключ",
+        "dkim_domains_selector": "Селектор",
+        "dkim_domains_wo_keys": "Избор на домейни без ключове",
+        "dkim_from": "От",
+        "dkim_from_title": "Източник на домейн за копиране на данни",
+        "dkim_key_length": "Дължина на DKIM ключа (битове)",
+        "dkim_key_missing": "Липсващ ключ",
+        "dkim_key_unused": "Неизползван ключ",
+        "dkim_key_valid": "Валиден ключ",
+        "dkim_keys": "ARC/DKIM ключове",
+        "dkim_overwrite_key": "Презаписване на съществуващ DKIM ключ",
+        "dkim_private_key": "Частен ключ",
+        "dkim_to": "До",
+        "dkim_to_title": "Целеви домейн/и - ще бъде презаписан",
+        "domain": "Домейн",
+        "domain_admin": "Администратор на домейн",
+        "domain_admins": "Администратори на домейн",
+        "domain_s": "Домейн/и",
+        "duplicate": "Дублиране",
+        "duplicate_dkim": "Дублиране на DKIM запис",
+        "edit": "Редактиране",
+        "empty": "Няма резултати",
+        "excludes": "Изключване на тези получатели",
+        "f2b_ban_time": "Време за блокиране (с)",
+        "f2b_ban_time_increment": "Времето за блокиране се увеличава с всяко блокиране",
+        "f2b_blacklist": "Черни списъци/хостове",
+        "f2b_filter": "Филтри с регулярни изрази",
+        "f2b_list_info": "Черният списък на хостове или мрежи винаги ще надделява над белия списък. <b>Актуализациите на списъка отнемат няколко секунди, за да бъдат приложени.</b>",
+        "f2b_manage_external": "Управление на Fail2Ban външно",
+        "f2b_manage_external_info": "Fail2ban все още ще поддържа черния списък, но няма да задава правила за блокиране на трафика. Използвайте генерирания черн списък по-долу, за да блокирате трафика външно.",
+        "f2b_max_attempts": "Макс. опити",
+        "f2b_max_ban_time": "Макс. време за блокиране (с)",
+        "f2b_netban_ipv4": "IPv4 размер на подмрежа за прилагане на блокиране (8-32)",
+        "f2b_netban_ipv6": "IPv6 размер на подмрежа за прилагане на блокиране (8-128)",
+        "f2b_parameters": "Параметри на Fail2ban",
+        "f2b_regex_info": "Логовете, които се вземат предвид: SOGo, Postfix, Dovecot, PHP-FPM.",
+        "f2b_retry_window": "Прозорец за повторен опит (с) за макс. опити",
+        "f2b_whitelist": "Бели списъци/хостове",
+        "filter": "Филтър",
+        "filter_table": "Таблица с филтри",
+        "forwarding_hosts": "Хостове за препращане",
+        "forwarding_hosts_add_hint": "Можете да посочите IPv4/IPv6 адреси, мрежи в CIDR нотация, имена на хостове (които ще бъдат разрешени в IP адреси), или имена на домейни (които ще бъдат разрешени в IP адреси чрез заявки към SPF записи или, при липсата им, MX записи).",
+        "forwarding_hosts_hint": "Входящите съобщения се приемат безрезервно от всички хостове, изброени тук. Тези хостове след това не се проверяват срещу DNSBL или подлагат на сиво списък. Спамът, получен от тях, никога не се отхвърля, но опционално може да бъде поставен във файла за нежелана поща. Най-често използваната употреба за това е да се посочат пощенски сървъри, на които сте настроили правило, което препраща входящите имейли към вашия mailcow сървър.",
+        "from": "От",
+        "generate": "генериране",
+        "guid": "GUID - уникален инстанционен идентификатор",
+        "guid_and_license": "GUID & Лиценз",
+        "hash_remove_info": "Премахването на хеш за ограничение на скоростта (ако все още съществува) ще нулира неговия брояч напълно.<br>\r\nВсеки хеш е показан с индивидуален цвят.",
+        "help_text": "Презаписване на помощния текст под маската за вход (разрешен е HTML)",
+        "host": "Хост",
+        "html": "HTML",
+        "iam": "Доставчик на идентичност",
+        "iam_attribute_field": "Поле за атрибут",
+        "iam_authorize_url": "Крайна точка за удостоверяване",
+        "iam_auth_flow": "Поток за удостоверяване",
+        "iam_auth_flow_info": "Освен стандартния поток за удостоверяване (поток с код за удостоверяване в Keycloak), който се използва за единичен вход, mailcow поддържа и поток за удостоверяване с пряки удостоверения. Потокът за удостоверяване с пароли за поща проверява удостоверенията на потребителя, като използва Keycloak Admin REST API. mailcow извлича хешираната парола от атрибута <code>mailcow_password</code>, който е картиран в Keycloak.",
+        "iam_basedn": "Основен DN",
+        "iam_client_id": "Идентификатор на клиента",
+        "iam_client_secret": "Тайна на клиента",
+        "iam_client_scopes": "Обхват на клиента",
+        "iam_default_template": "Шаблон по подразбиране",
+        "iam_default_template_description": "Ако няма зададен шаблон за потребител, шаблонът по подразбиране ще бъде използван за създаване на пощенската кутия, но не и за актуализиране на пощенската кутия.",
+        "iam_description": "Конфигуриране на външен доставчик за удостоверяване<br>Потребителските пощенски кутии ще бъдат създавани автоматично при първия им вход, при условие че е зададено картиране на атрибути.",
+        "iam_extra_permission": "За да работят следните настройки, клиентът на mailcow в Keycloak трябва да има <code>услуга акаунт</code> и разрешението да <code>вижда потребители</code>.",
+        "iam_host": "Хост",
+        "iam_host_info": "Въведете един или повече LDAP хостове, разделени с запетаи.",
+        "iam_import_users": "Импортиране на потребители",
+        "iam_mapping": "Картиране на атрибути",
+        "iam_bindpass": "Парола за свързване",
+        "iam_periodic_full_sync": "Периодичен пълен синхрон",
+        "iam_port": "Порт",
+        "iam_realm": "Реалм",
+        "iam_redirect_url": "URL за пренасочване",
+        "iam_rest_flow": "Поток за пароли за поща",
+        "iam_server_url": "URL на сървъра",
+        "iam_sso": "Единичен вход",
+        "iam_sync_interval": "Интервал за синхронизиране/импортиране (мин)",
+        "iam_test_connection": "Тест на връзката",
+        "iam_token_url": "Крайна точка за токени",
+        "iam_userinfo_url": "Крайна точка за информация за потребителя",
+        "iam_username_field": "Поле за потребителско име",
+        "iam_binddn": "DN за свързване",
+        "iam_use_ssl": "Използване на SSL",
+        "iam_use_ssl_info": "Ако активирате SSL и портът е зададен на 389, той ще бъде автоматично променен на 636.",
+        "iam_use_tls": "Използване на StartTLS",
+        "iam_use_tls_info": "Ако активирате TLS, трябва да използвате стандартния порт за вашия LDAP сървър (389). SSL портовете не могат да бъдат използвани.",
+        "iam_version": "Версия",
+        "ignore_ssl_error": "Игнориране на SSL грешки",
+        "import": "Импортиране",
+        "import_private_key": "Импортиране на частен ключ",
+        "in_use_by": "Използван от",
+        "inactive": "Неактивен",
+        "include_exclude": "Включване/Изключване",
+        "include_exclude_info": "По подразбиране - без избор - <b>всички пощенски кутии</b> се адресират",
+        "includes": "Включване на тези получатели",
+        "ip_check": "Проверка на IP",
+        "ip_check_disabled": "Проверката на IP е деактивирана. Можете да я активирате в <br> <strong>Система > Конфигурация > Опции > Персонализиране</strong>",
+        "ip_check_opt_in": "Оптиране за използване на услугата на трета страна <strong>ipv4.mailcow.email</strong> и <strong>ipv6.mailcow.email</strong>, за да разрешавате външни IP адреси.",
+        "is_mx_based": "MX базиран",
+        "last_applied": "Последно приложено",
+        "license_info": "Лицензът не е задължителен, но помага за по-нататъшното развитие.<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL поръчка\">Регистрирайте вашия GUID тук</a> или <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Поддръжка поръчка\">купете поддръжка за вашата инсталация на mailcow.</a>",
+        "link": "Връзка",
+        "loading": "Моля, изчакайте...",
+        "login_time": "Време за вход",
+        "logo_info": "Вашето изображение ще бъде мащабирано до височина 40 px за горната навигационна лента и макс. ширина 250 px за началната страница. Препоръчва се използването на скалируема графика.",
+        "lookup_mx": "Дестинацията е регулярен израз за съвпадение с MX име (<code>.*\\.google\\.com</code> за пренасочване на всички съобщения, предназначени за MX, завършващ на google.com, през този хоп)",
+        "main_name": "Име на \"mailcow UI\"",
+        "merged_vars_hint": "Редовете в сиво са сляти от <code>vars.(local.)inc.php</code> и не могат да бъдат променени.",
+        "message": "Съобщение",
+        "message_size": "Размер на съобщението",
+        "nexthop": "Следващ хоп",
+        "no": "&#10005;",
+        "no_active_bans": "Няма активни блокирания",
+        "no_new_rows": "Няма допълнителни редове",
+        "no_record": "Няма запис",
+        "oauth2_apps": "OAuth2 приложения",
+        "oauth2_add_client": "Добавяне на OAuth2 клиент",
+        "oauth2_client_id": "Идентификатор на клиента",
+        "oauth2_client_secret": "Тайна на клиента",
+        "oauth2_info": "Реализацията на OAuth2 поддържа типа разрешение \"Код за удостоверяване\" и издава токени за презареждане.<br>\r\nСървърът автоматично издава нови токени за презареждане, след като токен за презареждане е бил използван.<br><br>\r\n&#8226; Обхватът по подразбиране е <i>профил</i>. Само потребителите на пощенски кутии могат да бъдат удостоверени срещу OAuth2. Ако параметърът за обхват е пропуснат, той се връща към <i>профил</i>.<br>\r\n&#8226; Параметърът <i>state</i> трябва да бъде изпратен от клиента като част от заявката за удостоверяване.<br><br>\r\nПътища за заявки към OAuth2 API: <br>\r\n<ul>\r\n  <li>Крайна точка за удостоверяване: <code>/oauth/authorize</code></li>\r\n  <li>Крайна точка за токени: <code>/oauth/token</code></li>\r\n  <li>Страница с ресурси:  <code>/oauth/profile</code></li>\r\n</ul>\r\nГенерирането на нова тайна на клиента няма да анулира съществуващите кодове за удостоверяване, но те няма да могат да подновят своя токен.<br><br>\r\nАнулирането на токените на клиента ще доведе до незабавно прекратяване на всички активни сесии. Всички клиенти ще трябва да се преудостоверят.",
+        "oauth2_redirect_uri": "URI за пренасочване",
+        "oauth2_renew_secret": "Генериране на нова тайна на клиента",
+        "oauth2_revoke_tokens": "Анулиране на всички токени на клиента",
+        "optional": "опционално",
+        "options": "Опции",
+        "password": "Парола",
+        "password_length": "Дължина на паролата",
+        "password_policy": "Политика за пароли",
+        "password_policy_chars": "Трябва да съдържа поне една буквена буква",
+        "password_policy_length": "Минималната дължина на паролата е %d",
+        "password_policy_lowerupper": "Трябва да съдържа малки и главни букви",
+        "password_policy_numbers": "Трябва да съдържа поне една цифра",
+        "password_policy_special_chars": "Трябва да съдържа специални символи",
+        "password_repeat": "Потвърждаване на паролата (повторете)",
+        "password_reset_info": "Ако не е зададен имейл за възстановяване, тази функция не може да бъде използвана.",
+        "password_reset_settings": "Настройки за възстановяване на парола",
+        "password_reset_tmpl_html": "HTML шаблон",
+        "password_reset_tmpl_text": "Текстов шаблон",
+        "password_settings": "Настройки на паролата",
+        "priority": "Приоритет",
+        "private_key": "Частен ключ",
+        "quarantine": "Карантина",
+        "quarantine_bcc": "Изпращане на копие от всички уведомления (BCC) до този получател:<br><small>Оставете празно, за да деактивирате. <b>Неподписано, непроверено имейл. Трябва да бъде доставено само вътрешно.</b></small>",
+        "quarantine_exclude_domains": "Изключване на домейни и домейни на псевдоними",
+        "quarantine_max_age": "Максимална възраст в дни<br><small>Стойността трябва да бъде равна или по-голяма от 1 ден.</small>",
+        "quarantine_max_score": "Изхвърляне на уведомление, ако резултатът за спам на имейла е по-висок от тази стойност:<br><small>По подразбиране е 9999.0</small>",
+        "quarantine_max_size": "Максимален размер в MiB (по-големи елементи се изхвърлят):<br><small>0 не означава неограничен.</small>",
+        "quarantine_notification_html": "Шаблон на имейл за уведомление:<br><small>Оставете празно, за да възстановите шаблона по подразбиране.</small>",
+        "quarantine_notification_sender": "Изпращач на имейл за уведомление",
+        "quarantine_notification_subject": "Тема на имейл за уведомление",
+        "quarantine_redirect": "<b>Пренасочване на всички уведомления</b> към този получател:<br><small>Оставете празно, за да деактивирате. <b>Неподписано, непроверено имейл. Трябва да бъде доставено само вътрешно.</b></small>",
+        "quarantine_release_format": "Формат на освободените елементи",
+        "quarantine_release_format_att": "Като прикачен файл",
+        "quarantine_release_format_raw": "Непроменен оригинал",
+        "quarantine_retention_size": "Задържания за пощенска кутия:<br><small>0 показва <b>неактивен</b>.</small>",
+        "quota_notification_html": "Шаблон на имейл за уведомление:<br><small>Оставете празно, за да възстановите шаблона по подразбиране.</small>",
+        "quota_notification_sender": "Изпращач на имейл за уведомление",
+        "quota_notification_subject": "Тема на имейл за уведомление",
+        "quota_notifications": "Уведомления за квота",
+        "quota_notifications_info": "Уведомленията за квота се изпращат на потребителите веднъж при преминаване на 80% и веднъж при преминаване на 95% използване.",
+        "quota_notifications_vars": "{{percent}} е равно на текущата квота на потребителя<br>{{username}} е името на пощенската кутия",
+        "queue_unban": "разблокиране",
+        "r_active": "Активни ограничения",
+        "r_inactive": "Неактивни ограничения",
+        "r_info": "Елементите в сиво в списъка с активни ограничения не са известни като валидни ограничения за mailcow и не могат да бъдат преместени. Неизвестните ограничения ще бъдат зададени в реда на появяване все пак.<br>Можете да добавяте нови елементи в <code>inc/vars.local.inc.php</code>, за да можете да ги превключвате.",
+        "rate_name": "Име на ограничението",
+        "recipients": "Получатели",
+        "refresh": "Опресняване",
+        "regen_api_key": "Регенериране на API ключ",
+        "regex_maps": "Карти с регулярни изрази",
+        "relay_from": "Адрес \"From:\"",
+        "relay_rcpt": "Адрес \"To:\"",
+        "relay_run": "Изпълнение на тест",
+        "relayhosts": "Транспорти, зависими от изпращач",
+        "relayhosts_hint": "Дефинирайте транспорти, зависими от изпращач, за да можете да ги избирате в диалоговия прозорец за конфигурация на домейн.<br>\r\n  Услугата за транспорт винаги е \"smtp:\" и ще се опита да използва TLS, ако бъде предложена. Wrapped TLS (SMTPS) не се поддържа. Политиката за TLS на потребителя ще бъде взета предвид.<br>\r\n  Засегнатите домейни, включително домейни на псевдоними.",
+        "remove": "Премахване",
+        "remove_row": "Премахване на ред",
+        "reset_default": "Нулиране до подразбиране",
+        "reset_limit": "Премахване на хеш",
+        "reset_password_vars": "<code>{{link}}</code> Генерираната връзка за нулиране на парола<br><code>{{username}}</code> Името на пощенската кутия на потребителя, който е поискал нулиране на парола<br><code>{{username2}}</code> Името на пощенската кутия за възстановяване<br><code>{{date}}</code> Датата на заявката за нулиране на парола<br><code>{{token_lifetime}}</code> Времетраенето на токена в минути<br><code>{{hostname}}</code> Името на хоста на mailcow",
+        "restore_template": "Оставете празно, за да възстановите шаблона по подразбиране.",
+        "routing": "Маршрутизация",
+        "rsetting_add_rule": "Добавяне на правило",
+        "rsetting_content": "Съдържание на правилото",
+        "rsetting_desc": "Кратко описание",
+        "rsetting_no_selection": "Моля, изберете правило",
+        "rsetting_none": "Няма налични правила",
+        "rsettings_insert_preset": "Вмъкване на примерен предефиниран набор \"%s\"",
+        "rsettings_preset_1": "Деактивиране на всичко, освен DKIM и ограничение на скоростта за удостоверени потребители",
+        "rsettings_preset_2": "Пощенските администратори искат спам",
+        "rsettings_preset_3": "Разрешаване само на определени изпращачи за пощенска кутия (напр. използване като вътрешна пощенска кутия)",
+        "rsettings_preset_4": "Деактивиране на Rspamd за домейн",
+        "rspamd_com_settings": "Името на настройката ще бъде автоматично генерирано, моля, вижте примерните предефинирани набори по-долу. За повече детайли вижте <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">документацията на Rspamd</a>",
+        "rspamd_global_filters": "Глобални карти на филтри",
+        "rspamd_global_filters_agree": "Ще бъда внимателен!",
+        "rspamd_global_filters_info": "Глобалните карти на филтри съдържат различни видове глобални черни и бели списъци.",
+        "rspamd_global_filters_regex": "Имената им обясняват тяхната цел. Всичкото съдържание трябва да съдържа валиден регулярен израз във формат \"/pattern/options\" (напр. <code>/.+@domain\\.tld/i</code>).<br>\r\n  Въпреки че се извършват основни проверки за всеки ред с регулярен израз, функционалността на Rspamd може да бъде нарушена, ако не успява да прочете синтаксиса коректно.<br>\r\n  Rspamd ще се опита да прочете съдържанието на картата при промяна. Ако срещнете проблеми, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">рестартирайте Rspamd</a>, за да наложите презареждане на картата.<br>Елементите в черния списък са изключени от карантина.",
+        "rspamd_settings_map": "Карта с настройки на Rspamd",
+        "sal_level": "Ниво на Moo",
+        "save": "Запазване на промените",
+        "search_domain_da": "Търсене на домейни",
+        "send": "Изпращане",
+        "sender": "Изпращач",
+        "service": "Услуга",
+        "service_id": "Идентификатор на услугата",
+        "source": "Източник",
+        "spamfilter": "Филтър за спам",
+        "subject": "Тема",
+        "success": "Успех",
+        "sys_mails": "Системни имейли",
+        "task": "Задача",
+        "text": "Текст",
+        "time": "Време",
+        "title": "Заглавие",
+        "title_name": "Име на уеб страницата на \"mailcow UI\"",
+        "to_top": "Обратно нагоре",
+        "transport_dest_format": "Регулярен израз или синтаксис: example.org, .example.org, *, box@example.org (няколко стойности могат да бъдат разделени с запетая)",
+        "transport_maps": "Карти за транспорт",
+        "transport_test_rcpt_info": "&#8226; Използвайте null@hosted.mailcow.de, за да тествате препращането към чуждестранна дестинация.",
+        "transports_hint": "&#8226; Записът в картата на транспорта <b>пренарежда</b> запис в картата на транспорт, зависим от изпращач</b>.<br>\r\n&#8226; Транспортите, базирани на MX, се използват предимно.<br>\r\n&#8226; Настройките за политика на TLS на потребителя се игнорират и могат да бъдат приложени само чрез записи в картите на политиката на TLS.<br>\r\n&#8226; Услугата за транспорт за дефинираните транспорти винаги е \"smtp:\" и ще се опита да използва TLS, ако бъде предложена. Wrapped TLS (SMTPS) не се поддържа.<br>\r\n&#8226; Адресите, съвпадащи с \"/localhost$/\", винаги ще бъдат транспортирани през \"local:\", следователно записът \"*\" няма да се приложи към тези адреси.<br>\r\n&#8226; За да определите удостоверения за следващ хоп \"[host]:25\", Postfix <b>винаги</b> заявява за \"host\", преди да търси за \"[host]:25\". Това поведение прави невъзможно да се използват \"host\" и \"[host]:25\" едновременно.",
+        "ui_footer": "Подвал (разрешен е HTML)",
+        "ui_header_announcement": "Обяви",
+        "ui_header_announcement_active": "Задаване на активна обява",
+        "ui_header_announcement_content": "Текст (разрешен е HTML)",
+        "ui_header_announcement_help": "Обявата е видима за всички влезли потребители и на екрана за вход на UI.",
+        "ui_header_announcement_select": "Избор на тип обява",
+        "ui_header_announcement_type": "Тип",
+        "ui_header_announcement_type_danger": "Много важно",
+        "ui_header_announcement_type_info": "Информация",
+        "ui_header_announcement_type_warning": "Важно",
+        "ui_texts": "Етикети и текстове на UI",
+        "unban_pending": "разблокиране в опашката",
+        "unchanged_if_empty": "Ако не е променено, оставете празно",
+        "upload": "Качване",
+        "username": "Потребителско име",
+        "user_link": "Връзка към потребител",
+        "validate_license_now": "Валидиране на GUID срещу лицензен сървър",
+        "verify": "Проверка",
+        "yes": "&#10003;"
+    },
+    "danger": {
+        "access_denied": "Достъпът е отказан или данните от формуляра са невалидни",
+        "alias_domain_invalid": "Домейнът на псевдонима %s е невалиден",
+        "alias_empty": "Адресът на псевдонима не трябва да е празен",
+        "alias_goto_identical": "Адресът на псевдонима и адресът за пренасочване не трябва да са идентични",
+        "alias_invalid": "Адресът на псевдонима %s е невалиден",
+        "aliasd_targetd_identical": "Домейнът на псевдонима не трябва да е равен на целевия домейн: %s",
+        "aliases_in_use": "Макс. псевдоними трябва да бъдат по-големи или равни на %d",
+        "app_name_empty": "Името на приложението не може да бъде празно",
+        "app_passwd_id_invalid": "Идентификаторът на паролата за приложението %s е невалиден",
+        "authsource_in_use": "Доставчикът на идентичност не може да бъде променен или изтрит, тъй като се използва в момента от един или повече потребители.",
+        "bcc_empty": "BCC дестинацията не може да бъде празна",
+        "bcc_exists": "Картата BCC %s съществува за тип %s",
+        "bcc_must_be_email": "BCC дестинацията %s не е валиден имейл адрес",
+        "comment_too_long": "Коментарът е твърде дълъг, разрешени са макс. 160 символа",
+        "cors_invalid_method": "Зададен е невалиден метод за разрешаване",
+        "cors_invalid_origin": "Зададен е невалиден източник за разрешаване",
+        "defquota_empty": "Квотата по подразбиране за пощенска кутия не трябва да бъде 0.",
+        "demo_mode_enabled": "Режимът на демонстрация е активиран",
+        "description_invalid": "Описанието на ресурса за %s е невалидно",
+        "dkim_domain_or_sel_exists": "Съществува DKIM ключ за \"%s\", който няма да бъде презаписан",
+        "dkim_domain_or_sel_invalid": "DKIM домейн или селектор е невалиден: %s",
+        "domain_cannot_match_hostname": "Домейнът не може да съвпада с името на хоста",
+        "domain_exists": "Домейнът %s вече съществува",
+        "domain_invalid": "Името на домейна е празно или невалидно",
+        "domain_not_empty": "Не може да бъде премахнат непразен домейн %s",
+        "domain_not_found": "Домейнът %s не е намерен",
+        "domain_quota_m_in_use": "Квотата на домейна трябва да бъде по-голяма или равна на %s MiB",
+        "extended_sender_acl_denied": "липсва ACL за задаване на външни адреси на изпращач",
+        "extra_acl_invalid": "Външният адрес на изпращач \"%s\" е невалиден",
+        "extra_acl_invalid_domain": "Външният изпращач \"%s\" използва невалиден домейн",
+        "fido2_verification_failed": "Проверката на FIDO2 е неуспешна: %s",
+        "file_open_error": "Файлът не може да бъде отворен за писане",
+        "filter_type": "Грешен тип на филтър",
+        "from_invalid": "Изпращачът не трябва да бъде празен",
+        "generic_server_error": "Възникна неочаквана грешка на сървъра. Моля, свържете се с вашия администратор.",
+        "global_filter_write_error": "Файлът с филтър не може да бъде записан: %s",
+        "global_map_invalid": "Идентификаторът на глобалната карта %s е невалиден",
+        "global_map_write_error": "Глобалният идентификатор на картата %s не може да бъде записан: %s",
+        "goto_empty": "Адресът на псевдоним трябва да съдържа поне един валиден адрес за пренасочване",
+        "goto_invalid": "Адресът за пренасочване %s е невалиден",
+        "ham_learn_error": "Грешка при обучение за не-спам: %s",
+        "iam_test_connection": "Връзката е неуспешна",
+        "imagick_exception": "Грешка: Грешка при четене на изображение с Imagick",
+        "img_dimensions_exceeded": "Изображението надхвърля максималния размер",
+        "img_invalid": "Не може да се валидира файл с изображение",
+        "img_size_exceeded": "Изображението надхвърля максималния размер на файла",
+        "img_tmp_missing": "Не може да се валидира файл с изображение: Липсва временен файл",
+        "invalid_bcc_map_type": "Невалиден тип на картата BCC",
+        "invalid_destination": "Форматът на дестинацията \"%s\" е невалиден",
+        "invalid_filter_type": "Невалиден тип на филтър",
+        "invalid_host": "Зададен е невалиден хост: %s",
+        "invalid_mime_type": "Невалиден MIME тип",
+        "invalid_nexthop": "Форматът на следващия хоп е невалиден",
+        "invalid_nexthop_authenticated": "Следващият хоп съществува с различни удостоверения, моля, актуализирайте съществуващите удостоверения за този следващ хоп първо.",
+        "invalid_recipient_map_new": "Зададен е невалиден нов получател: %s",
+        "invalid_recipient_map_old": "Зададен е невалиден оригинален получател: %s",
+        "invalid_reset_token": "Невалиден токен за нулиране",
+        "ip_list_empty": "Списъкът с разрешени IP адреси не може да бъде празен",
+        "is_alias": "%s вече е известен като адрес на псевдоним",
+        "is_alias_or_mailbox": "%s вече е известен като адрес на псевдоним, пощенска кутия или адрес на псевдоним, разширен от домейн на псевдоним.",
+        "is_spam_alias": "%s вече е известен като временен адрес на псевдоним (спам адрес на псевдоним)",
+        "last_key": "Последното ключове не може да бъде изтрито, моля, деактивирайте TFA вместо това.",
+        "login_failed": "Неуспешен вход",
+        "mailbox_defquota_exceeds_mailbox_maxquota": "Квотата по подразбиране надхвърля лимита на макс. квота",
+        "mailbox_invalid": "Името на пощенската кутия е невалидно",
+        "mailbox_quota_exceeded": "Квотата надхвърля лимита на домейна (макс. %d MiB)",
+        "mailbox_quota_exceeds_domain_quota": "Макс. квотата надхвърля лимита на квотата на домейна",
+        "mailbox_quota_left_exceeded": "Няма достатъчно място (оставащо място: %d MiB)",
+        "mailboxes_in_use": "Макс. пощенски кутии трябва да бъдат по-големи или равни на %d",
+        "malformed_username": "Неправилно формирано потребителско име",
+        "map_content_empty": "Съдържанието на картата не може да бъде празно",
+        "max_alias_exceeded": "Макс. псевдоними са надхвърлени",
+        "max_mailbox_exceeded": "Макс. пощенски кутии са надхвърлени (%d от %d)",
+        "max_quota_in_use": "Квотата на пощенската кутия трябва да бъде по-голяма или равна на %d MiB",
+        "maxquota_empty": "Макс. квотата за пощенска кутия не трябва да бъде 0.",
+        "mysql_error": "Грешка на MySQL: %s",
+        "network_host_invalid": "Невалидна мрежа или хост: %s",
+        "next_hop_interferes": "%s се намесва с nexthop %s",
+        "next_hop_interferes_any": "Съществуващ следващ хоп се намесва с %s",
+        "nginx_reload_failed": "Презареждането на Nginx е неуспешно: %s",
+        "no_user_defined": "Няма зададен потребител",
+        "object_exists": "Обектът %s вече съществува",
+        "object_is_not_numeric": "Стойността %s не е числова",
+        "password_complexity": "Паролата не отговаря на изискванията",
+        "password_empty": "Паролата не трябва да бъде празна",
+        "password_mismatch": "Паролата за потвърждение не съвпада",
+        "password_reset_invalid_user": "Пощенската кутия не е намерена или не е зададен имейл за възстановяване",
+        "password_reset_na": "Възстановяването на парола в момента е недостъпно. Моля, свържете се с вашия администратор.",
+        "policy_list_from_exists": "Съществува запис с даденото име",
+        "policy_list_from_invalid": "Записът има невалиден формат",
+        "private_key_error": "Грешка с частен ключ: %s",
+        "pushover_credentials_missing": "Липсва токен или ключ на Pushover",
+        "pushover_key": "Ключът на Pushover има грешен формат",
+        "pushover_token": "Токенът на Pushover има грешен формат",
+        "quota_not_0_not_numeric": "Квотата трябва да бъде числова и >= 0",
+        "recipient_map_entry_exists": "Съществува запис в картата на получатели \"%s\"",
+        "recovery_email_failed": "Не може да бъде изпратен имейл за възстановяване. Моля, свържете се с вашия администратор.",
+        "redis_error": "Грешка на Redis: %s",
+        "relayhost_invalid": "Записът в картата %s е невалиден",
+        "release_send_failed": "Съобщението не може да бъде освободено: %s",
+        "required_data_missing": "Липсват необходими данни %s",
+        "reset_f2b_regex": "Регулярният филтър не може да бъде нулиран навреме, моля, опитайте отново или изчакайте още няколко секунди и презаредете уеб сайта.",
+        "reset_token_limit_exceeded": "Лимитът на токена за нулиране е надхвърлен. Моля, опитайте по-късно.",
+        "resource_invalid": "Името на ресурса %s е невалидно",
+        "rl_timeframe": "Временният интервал за ограничение на скоростта е некоректен",
+        "rspamd_ui_pw_length": "Паролата на UI на Rspamd трябва да бъде поне 6 символа",
+        "script_empty": "Скриптът не може да бъде празен",
+        "sender_acl_invalid": "Стойността на ACL на изпращач %s е невалидна",
+        "set_acl_failed": "Неуспешно задаване на ACL",
+        "settings_map_invalid": "Идентификаторът на картата с настройки %s е невалиден",
+        "sieve_error": "Грешка при синтаксиса на Sieve: %s",
+        "spam_learn_error": "Грешка при обучение за спам: %s",
+        "subject_empty": "Темата не трябва да бъде празна",
+        "target_domain_invalid": "Целевият домейн %s е невалиден",
+        "targetd_not_found": "Целевият домейн %s не е намерен",
+        "targetd_relay_domain": "Целевият домейн %s е домейн за реле",
+        "template_exists": "Шаблонът %s вече съществува",
+        "template_id_invalid": "Идентификаторът на шаблона %s е невалиден",
+        "template_name_invalid": "Името на шаблона е невалидно",
+        "temp_error": "Временна грешка",
+        "text_empty": "Текстът не трябва да бъде празен",
+        "tfa_token_invalid": "Токенът за TFA е невалиден",
+        "tls_policy_map_dest_invalid": "Дестинацията на политиката е невалидна",
+        "tls_policy_map_entry_exists": "Съществува запис в картата на политиката на TLS \"%s\"",
+        "tls_policy_map_parameter_invalid": "Параметърът на политиката е невалиден",
+        "to_invalid": "Получателят не трябва да бъде празен",
+        "totp_verification_failed": "Проверката на TOTP е неуспешна",
+        "transport_dest_exists": "Дестинацията на транспорта \"%s\" съществува",
+        "webauthn_verification_failed": "Проверката на WebAuthn е неуспешна: %s",
+        "webauthn_authenticator_failed": "Избраният аутентикатор не е намерен",
+        "webauthn_publickey_failed": "Не е запазен публичен ключ за избрания аутентикатор",
+        "webauthn_username_failed": "Избраният аутентикатор принадлежи на друга сметка",
+        "unknown": "Възникна неизвестна грешка",
+        "unknown_tfa_method": "Неизвестен метод за TFA",
+        "unlimited_quota_acl": "Неограничената квота е забранена от ACL",
+        "username_invalid": "Потребителското име %s не може да бъде използвано",
+        "validity_missing": "Моля, задайте период на валидност",
+        "value_missing": "Моля, предоставете всички стойности",
+        "yotp_verification_failed": "Проверката на Yubico OTP е неуспешна: %s"
+    },
+    "datatables": {
+        "collapse_all": "Свиване на всичко",
+        "decimal": ".",
+        "emptyTable": "Няма данни в таблицата",
+        "expand_all": "Разширяване на всичко",
+        "info": "Показване на _START_ до _END_ от _TOTAL_ записа",
+        "infoEmpty": "Показване на 0 до 0 от 0 записа",
+        "infoFiltered": "(филтрирани от общо _MAX_ записа)",
+        "infoPostFix": "",
+        "thousands": ",",
+        "lengthMenu": "Показване на _MENU_ записа",
+        "loadingRecords": "Зареждане...",
+        "processing": "Моля, изчакайте...",
+        "search": "Търсене:",
+        "zeroRecords": "Няма съвпадащи записи",
+        "paginate": {
+            "first": "Първи",
+            "last": "Последен",
+            "next": "Следващ",
+            "previous": "Предишен"
+        },
+        "aria": {
+            "sortAscending": ": активиране за сортиране на колоната във възходящ ред",
+            "sortDescending": ": активиране за сортиране на колоната в низходящ ред"
+        }
+    },
+    "debug": {
+        "architecture": "Архитектура",
+        "chart_this_server": "Графика (този сървър)",
+        "containers_info": "Информация за контейнерите",
+        "container_running": "Изпълнява се",
+        "container_disabled": "Контейнерът е спрян или деактивиран",
+        "container_stopped": "Спрян",
+        "cores": "Ядра",
+        "current_time": "Системно време",
+        "disk_usage": "Използване на диска",
+        "docs": "Документи",
+        "error_show_ip": "Не може да се разреши публичния IP адрес",
+        "external_logs": "Външни логове",
+        "history_all_servers": "История (всички сървъри)",
+        "in_memory_logs": "Логове в паметта",
+        "last_modified": "Последно модифициране",
+        "log_info": "<p>Логовете на mailcow <b>в паметта</b> се събират в списъци на Redis и се подрязват до LOG_LINES (%d) на всяка минута, за да се намали натоварването.<br>Логовете в паметта не са предназначени да бъдат постоянни. Всички приложения, които записват в паметта, също записват в демона на Docker и следователно в основния драйвер за логсване.<br>Логовете в паметта трябва да се използват за отстраняване на леки проблеми с контейнери.</p>\r\n  <p><b>Външните логове</b> се събират чрез API на даденото приложение.</p>\r\n  <p><b>Статичните логове</b> са най-вече логове на активност, които не се записват в демона на Docker, но все още трябва да бъдат постоянни (с изключение на логовете на API).</p>",
+        "login_time": "Време",
+        "logs": "Логове",
+        "memory": "Памет",
+        "online_users": "Потребители онлайн",
+        "restart_container": "Рестартиране",
+        "service": "Услуга",
+        "show_ip": "Показване на публичен IP",
+        "size": "Размер",
+        "started_at": "Стартирано в",
+        "started_on": "Стартирано на",
+        "static_logs": "Статични логове",
+        "success": "Успех",
+        "system_containers": "Система & Контейнери",
+        "timezone": "Часова зона",
+        "uptime": "Време на работа",
+        "update_available": "Има налична актуализация",
+        "no_update_available": "Системата е на последното издание",
+        "update_failed": "Не може да се провери за актуализация",
+        "username": "Потребителско име",
+        "wip": "В момента се работи"
+    },
+    "diagnostics": {
+        "cname_from_a": "Стойността е извлечена от A/AAAA запис. Това се поддържа, докато записът сочи към правилния ресурс.",
+        "dns_records": "DNS записи",
+        "dns_records_24hours": "Моля, имайте предвид, че промените в DNS може да отнемат до 24 часа, за да имат актуалното си състояние правилно отразено на тази страница. Тя е предназначена да ви позволи лесно да видите как да конфигурирате вашите DNS записи и да проверите дали всичките ви записи са правилно запазени в DNS.",
+        "dns_records_data": "Правилни данни",
+        "dns_records_docs": "Моля, вижте и <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">документацията</a>.",
+        "dns_records_name": "Име",
+        "dns_records_status": "Текущо състояние",
+        "dns_records_type": "Тип",
+        "optional": "Този запис е опционален."
+    },
+    "edit": {
+        "acl": "ACL (Разрешение)",
+        "active": "Активен",
+        "admin": "Редактиране на администратор",
+        "advanced_settings": "Разширени настройки",
+        "alias": "Редактиране на псевдоним",
+        "allow_from_smtp": "Разрешаване само на тези IP адреси да използват <b>SMTP</b>",
+        "allow_from_smtp_info": "Оставете празно, за да разрешите всички изпращачи.<br>IPv4/IPv6 адреси и мрежи.",
+        "allowed_protocols": "Разрешени протоколи за пряк потребителски достъп (не засяга протоколите за пароли на приложения)",
+        "app_name": "Име на приложението",
+        "app_passwd": "Парола за приложение",
+        "app_passwd_protocols": "Разрешени протоколи за паролата на приложението",
+        "automap": "Опит за автоматично картографиране на папки (\"Изпратени\", \"Изпратени\" => \"Изпратени\" и т.н.)",
+        "backup_mx_options": "Опции за реле",
+        "bcc_dest_format": "BCC дестинацията трябва да бъде един валиден имейл адрес.<br>Ако имате нужда да изпратите копие до множество адреси, създайте псевдоним и го използвайте тук.",
+        "client_id": "Идентификатор на клиента",
+        "client_secret": "Тайна на клиента",
+        "comment_info": "Частен коментар не е видим за потребителя, докато публичен коментар се показва като подсказка при преминаване с мишката върху него в прегледа на потребителя",
+        "created_on": "Създаден на",
+        "custom_attributes": "Персонализирани атрибути",
+        "delete1": "Изтриване от източника след завършване",
+        "delete2": "Изтриване на съобщенията в дестинацията, които не са в източника",
+        "delete2duplicates": "Изтриване на дубликати в дестинацията",
+        "delete_ays": "Моля, потвърдете процеса на изтриване.",
+        "description": "Описание",
+        "disable_login": "Забраняване на вход (входящите съобщения все още се приемат)",
+        "domain": "Редактиране на домейн",
+        "domain_admin": "Редактиране на администратор на домейн",
+        "domain_footer": "Подвал за домейн",
+        "domain_footer_html": "HTML подвал",
+        "domain_footer_info": "Подвалите за домейн се добавят към всички изходящи имейли, свързани с адрес в този домейн. Следните променливи могат да бъдат използвани за подвала:",
+        "domain_footer_info_vars": {
+            "auth_user": "{= auth_user =}   - Удостоверен потребител, посочен от MTA",
+            "from_user": "{= from_user =}   - Потребителска част на обвивката, напр. за \"moo@mailcow.tld\" връща \"moo\"",
+            "from_name": "{= from_name =}   - Име на обвивката, напр. за \"Mailcow &lt;moo@mailcow.tld&gt;\" връща \"Mailcow\"",
+            "from_addr": "{= from_addr =}   - Адресна част на обвивката",
+            "from_domain": "{= from_domain =} - Домейна част на обвивката",
+            "custom": "{= foo =}         - Ако пощенската кутия има персонализиран атрибут \"foo\" със стойност \"bar\", ще върне \"bar\""
+        },
+        "domain_footer_plain": "PLAIN подвал",
+        "domain_footer_skip_replies": "Игнориране на подвал в отговорни имейли",
+        "domain_quota": "Квота на домейна",
+        "domains": "Домейни",
+        "dont_check_sender_acl": "Деактивиране на проверката на изпращач за домейн %s (+ домейни на псевдоними)",
+        "edit_alias_domain": "Редактиране на домейн на псевдоним",
+        "encryption": "Криптиране",
+        "exclude": "Изключване на обекти (regex)",
+        "extended_sender_acl": "Външни адреси на изпращач",
+        "extended_sender_acl_info": "Трябва да бъде импортиран DKIM домейн ключ, ако е наличен.<br>\r\n  Помнете да добавите този сървър към съответния SPF TXT запис.<br>\r\n  Когато домейн или домейн на псевдоним бъде добавен към този сървър, който се припокрива с външен адрес, външният адрес ще бъде премахнат.<br>\r\n  Използвайте @domain.tld, за да разрешите изпращане като *@domain.tld.",
+        "footer_exclude": "Изключване от подвал",
+        "force_pw_update": "Принудително обновяване на парола при следващия вход",
+        "force_pw_update_info": "Този потребител ще може да влезе само в %s. Паролите за приложения остават използваеми.",
+        "full_name": "Пълно име",
+        "gal": "Глобален адресен списък",
+        "gal_info": "Глобалният адресен списък съдържа всички обекти на домейна и не може да бъде редактиран от нито един потребител. Липсва информация за заетост/свободно време в SOGo, ако е деактивирано! <b>Рестартирайте SOGo, за да приложите промените.</b>",
+        "generate": "генериране",
+        "grant_types": "Типове разрешения",
+        "hostname": "Име на хост",
+        "inactive": "Неактивен",
+        "kind": "Вид",
+        "last_modified": "Последно модифициране",
+        "lookup_mx": "Дестинацията е регулярен израз за съвпадение с MX име (<code>.*\\.google\\.com</code> за пренасочване на всички съобщения, предназначени за MX, завършващ на google.com, през този хоп)",
+        "mailbox": "Редактиране на пощенска кутия",
+        "mailbox_quota_def": "Квота по подразбиране за пощенска кутия",
+        "mailbox_relayhost_info": "Прилага се за пощенската кутия и директните псевдоними само, пренарежда запис в картата на транспорта за домейн.",
+        "mailbox_rename": "Преименуване на пощенска кутия",
+        "mailbox_rename_agree": "Създадох резервно копие.",
+        "mailbox_rename_alias": "Автоматично създаване на псевдоним",
+        "mailbox_rename_title": "Ново локално име на пощенска кутия",
+        "mailbox_rename_warning": "ВНИМАНИЕ! Създайте резервно копие преди преименуване на пощенската кутия.",
+        "max_aliases": "Макс. псевдоними",
+        "max_mailboxes": "Макс. възможни пощенски кутии",
+        "max_quota": "Макс. квота за пощенска кутия (MiB)",
+        "maxage": "Максимална възраст на съобщенията в дни, които ще бъдат проверени от отдалечен<br><small>(0 = игнорирай възраст)</small>",
+        "maxbytespersecond": "Макс. байтове за секунда <br><small>(0 = неограничен)</small>",
+        "mbox_rl_info": "Това ограничение на скоростта се прилага върху SASL името за вход, то съвпада с всеки \"от\" адрес, използван от влезлия потребител. Ограничението на скоростта на пощенска кутия пренарежда ограничението на скоростта за домейн.",
+        "mins_interval": "Интервал (мин)",
+        "multiple_bookings": "Множествени резервации",
+        "nexthop": "Следващ хоп",
+        "none_inherit": "Без / Наследяване",
+        "password": "Парола",
+        "password_recovery_email": "Имейл за възстановяване на парола",
+        "password_repeat": "Потвърждаване на паролата (повторете)",
+        "previous": "Предишна страница",
+        "private_comment": "Частен коментар",
+        "public_comment": "Публичен коментар",
+        "pushover": "Pushover",
+        "pushover_evaluate_x_prio": "Ескалиране на високоприоритетни съобщения [<code>X-Priority: 1</code>]",
+        "pushover_info": "Настройките за известия на Pushover ще се прилагат за всички чисти (не-спам) съобщения, доставени до <b>%s</b>, включително псевдоними (споделени, несподелени, таговани).",
+        "pushover_only_x_prio": "Разглеждане само на високоприоритетни съобщения [<code>X-Priority: 1</code>]",
+        "pushover_sender_array": "Разглеждане само на следните адреси на изпращач <small>(разделени с запетая)</small>",
+        "pushover_sender_regex": "Разглеждане на следния regex на изпращач",
+        "pushover_sound": "Звук",
+        "pushover_text": "Текст на известието",
+        "pushover_title": "Заглавие на известието",
+        "pushover_vars": "Когато не е зададен филтър на изпращач, всички съобщения ще бъдат разглеждани.<br>Филтрите с регулярен израз, както и точните проверки на изпращач, могат да бъдат дефинирани индивидуално и ще бъдат разглеждани последователно. Те не зависят един от друг.<br>Използвайте следните променливи за текст и заглавие (моля, вземете предвид политиките за поверителност на данните)",
+        "pushover_verify": "Проверка на удостоверения",
+        "quota_mb": "Квота (MiB)",
+        "quota_warning_bcc": "Предупреждения за квота ще бъдат изпращани като отделни копия до следните получатели:",
+        "quota_warning_bcc_info": "Съобщенията ще бъдат изпратени с тема, допълнена с името на потребителя в скоби, например: <code>Предупреждение за квота (user@example.com)</code>.",
+        "ratelimit": "Ограничение на скоростта",
+        "redirect_uri": "URI за пренасочване/обратно извикване",
+        "relay_all": "Реле на всички получатели",
+        "relay_all_info": "↪ Ако изберете да <b>не</b> релеирате всички получатели, ще трябва да добавите (\"скрита\") пощенска кутия за всеки отделен получател, който трябва да бъде релеиран.",
+        "relay_domain": "Реле на този домейн",
+        "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Инфо</div> Можете да дефинирате транспортни карти за персонализирана дестинация за този домейн. Ако не е зададено, ще бъде направен MX lookup.",
+        "relay_unknown_only": "Реле на несъществуващи пощенски кутии. Съществуващите пощенски кутии ще бъдат доставени локално.",
+        "relayhost": "Транспорти, зависими от изпращач",
+        "remove": "Премахване",
+        "resource": "Ресурс",
+        "save": "Запазване на промените",
+        "scope": "Обхват",
+        "sender_acl": "Разрешаване на изпращане като",
+        "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">Проверката на изпращач е деактивирана</span>",
+        "sender_acl_info": "Ако потребителят на пощенска кутия A е разрешен да изпраща като потребителя на пощенска кутия B, адресът на изпращач не се показва автоматично като избираем \"от\" поле в SOGo.<br>\r\n  Потребителят на пощенска кутия B трябва да създаде делегация в SOGo, за да разреши на потребителя на пощенска кутия A да избира техния адрес като изпращач. За да делегирате пощенска кутия в SOGo, използвайте менюто (три точки) вдясно от името на пощенската кутия в горния ляв ъгъл, докато сте в режим на поща. Това поведение не се прилага за адреси на псевдоними.",
+        "sieve_desc": "Кратко описание",
+        "sieve_type": "Тип на филтър",
+        "skipcrossduplicates": "Пропускане на дублирани съобщения между папки (първи дошъл, първи обслужен)",
+        "sogo_access": "Директно препращане към SOGo",
+        "sogo_access_info": "След влизане, потребителят се пренасочва автоматично към SOGo.",
+        "sogo_visible": "Псевдонимът е видим в SOGo",
+        "sogo_visible_info": "Тази опция засяга само обекти, които могат да бъдат показани в SOGo (споделени или несподелени адреси на псевдоними, сочещи поне една локална пощенска кутия). Ако е скрит, псевдонимът няма да се появи като избираем адрес на изпращач в SOGo.",
+        "spam_alias": "Създаване или промяна на временни псевдоними",
+        "spam_filter": "Филтър за спам",
+        "spam_policy": "Добавяне или премахване на елементи към черния/бял списък",
+        "spam_score": "Задаване на персонализиран резултат за спам",
+        "subfolder2": "Синхронизиране в подпапка в дестинацията<br><small>(празно = не използвай подпапка)</small>",
+        "syncjob": "Редактиране на синхронизираща задача",
+        "target_address": "Адрес/и за пренасочване <small>(разделени с запетая)</small>",
+        "target_domain": "Целеви домейн",
+        "timeout1": "Таймаут за връзка с отдалечен хост",
+        "timeout2": "Таймаут за връзка с локален хост",
+        "title": "Редактиране на обект",
+        "unchanged_if_empty": "Ако не е променено, оставете празно",
+        "username": "Потребителско име",
+        "validate_save": "Валидиране и запазване"
+    },
+    "fido2": {
+        "confirm": "Потвърждаване",
+        "fido2_auth": "Вход с FIDO2",
+        "fido2_success": "Устройството е регистрирано успешно",
+        "fido2_validation_failed": "Проверката е неуспешна",
+        "fn": "Приятелско име",
+        "known_ids": "Известни идентификатори",
+        "none": "Деактивирано",
+        "register_status": "Състояние на регистрация",
+        "rename": "Преименуване",
+        "set_fido2": "Регистриране на FIDO2 устройство",
+        "set_fido2_touchid": "Регистриране на Touch ID на Apple M1",
+        "set_fn": "Задаване на приятелско име",
+        "start_fido2_validation": "Стартиране на проверка на FIDO2"
+    },
+    "footer": {
+        "cancel": "Отказ",
+        "confirm_delete": "Потвърждаване на изтриването",
+        "delete_now": "Изтриване сега",
+        "delete_these_items": "Моля, потвърдете промените за следния идентификатор на обект",
+        "hibp_check": "Проверка срещу haveibeenpwned.com",
+        "hibp_nok": "Съвпадение! Това е потенциално опасна парола!",
+        "hibp_ok": "Няма съвпадение.",
+        "loading": "Моля, изчакайте...",
+        "nothing_selected": "Няма избрани елементи",
+        "restart_container": "Рестартиране на контейнер",
+        "restart_container_info": "<b>Важно:</b> Грациозното рестартиране може да отнеме известно време за завършване, моля, изчакайте да приключи.",
+        "restart_now": "Рестартиране сега",
+        "restarting_container": "Рестартиране на контейнера, това може да отнеме известно време"
+    },
+    "header": {
+        "administration": "Конфигурация & Детайли",
+        "apps": "Приложения",
+        "debug": "Информация",
+        "email": "Имейл",
+        "mailcow_system": "Система",
+        "mailcow_config": "Конфигурация",
+        "quarantine": "Карантина",
+        "restart_netfilter": "Рестартиране на netfilter",
+        "restart_sogo": "Рестартиране на SOGo",
+        "user_settings": "Настройки на потребителя"
+    },
+    "info": {
+        "awaiting_tfa_confirmation": "Изчакване на потвърждение за TFA",
+        "no_action": "Няма приложимо действие",
+        "session_expires": "Вашата сесия ще изтече след около 15 секунди"
+    },
+    "login": {
+        "back_to_mailcow": "Обратно към mailcow",
+        "delayed": "Входът е забавен с %s секунди.",
+        "fido2_webauthn": "Вход с FIDO2/WebAuthn",
+        "forgot_password": "> Забравена парола?",
+        "invalid_pass_reset_token": "Токенът за нулиране на парола е невалиден или е изтекъл.<br>Моля, заявете нов линк за нулиране на парола.",
+        "login": "Вход",
+        "login_admin": "Вход на администратор",
+        "login_dadmin": "Вход на администратор на домейн",
+        "login_user": "Потребителски вход",
+        "mobileconfig_info": "Моля, влезте като потребител на пощенска кутия, за да изтеглите поискания Apple профил за връзка.",
+        "new_password": "Нова парола",
+        "new_password_confirm": "Потвърждаване на новата парола",
+        "other_logins": "или вход с",
+        "password": "Парола",
+        "request_reset_password": "Заявка за промяна на парола",
+        "reset_password": "Нулиране на парола",
+        "username": "Потребителско име"
+    },
+    "mailbox": {
+        "action": "Действие",
+        "activate": "Активиране",
+        "active": "Активен",
+        "add": "Добавяне",
+        "add_alias": "Добавяне на псевдоним",
+        "add_alias_expand": "Разширяване на псевдоним над домейни на псевдоними",
+        "add_bcc_entry": "Добавяне на запис в картата BCC",
+        "add_domain": "Добавяне на домейн",
+        "add_domain_alias": "Добавяне на псевдоним на домейн",
+        "add_domain_record_first": "Моля, добавете първо домейн",
+        "add_filter": "Добавяне на филтър",
+        "add_mailbox": "Добавяне на пощенска кутия",
+        "add_recipient_map_entry": "Добавяне на запис в картата на получатели",
+        "add_resource": "Добавяне на ресурс",
+        "add_template": "Добавяне на шаблон",
+        "add_tls_policy_map": "Добавяне на карта на политиката на TLS",
+        "address_rewriting": "Презаписване на адрес",
+        "alias": "Псевдоним",
+        "alias_domain_alias_hint": "Псевдонимите <b>не</b> се прилагат автоматично към домейни на псевдоними. Псевдонимът <code>my-alias@domain</code> <b>не</b> покрива адреса <code>my-alias@alias-domain</code> (където \"alias-domain\" е имагинерен псевдоним на домейн).<br>Моля, използвайте филтър на Sieve, за да пренасочите имейл към външна пощенска кутия (вижте раздела \"Филтри\" или SOGo -> Пренасочвач). Използвайте \"Разширяване на псевдоним над домейни на псевдоними\", за да добавите автоматично липсващи псевдоними.",
+        "alias_domain_backupmx": "Псевдонимът на домейн е неактивен за домейн за реле",
+        "aliases": "Псевдоними",
+        "all_domains": "Всички домейни",
+        "allow_from_smtp": "Разрешаване само на тези IP адреси да използват <b>SMTP</b>",
+        "allow_from_smtp_info": "Оставете празно, за да разрешите всички изпращачи.<br>IPv4/IPv6 адреси и мрежи.",
+        "allowed_protocols": "Разрешени протоколи",
+        "backup_mx": "Домейн за реле",
+        "bcc": "BCC",
+        "bcc_destination": "BCC дестинация",
+        "bcc_destinations": "BCC дестинации",
+        "bcc_info": "Картите BCC се използват, за да препращат тихо копия от всички съобщения до друг адрес. Записът от тип получател на карта се използва, когато локалната дестинация действа като получател на имейл. Записът от тип изпращач на карта се използва, когато локалната дестинация действа като изпращач на имейл. Локалната дестинация няма да бъде информирана за неуспешна доставка.",
+        "bcc_local_dest": "Локална дестинация",
+        "bcc_map": "Карта BCC",
+        "bcc_map_type": "Тип BCC",
+        "bcc_maps": "Карти BCC",
+        "bcc_rcpt_map": "Карта на получател",
+        "bcc_sender_map": "Карта на изпращач",
+        "bcc_to_rcpt": "Превключване към карта на получател",
+        "bcc_to_sender": "Превключване към карта на изпращач",
+        "bcc_type": "Тип BCC",
+        "booking_null": "Винаги показване като свободен",
+        "booking_0_short": "Винаги свободен",
+        "booking_custom": "Твърдо ограничение до определен брой резервации",
+        "booking_custom_short": "Твърдо ограничение",
+        "booking_ltnull": "Неограничено, но показване като заето, когато е резервирано",
+        "booking_lt0_short": "Меко ограничение",
+        "catch_all": "Catch-All",
+        "created_on": "Създаден на",
+        "daily": "Ежедневно",
+        "deactivate": "Деактивиране",
+        "description": "Описание",
+        "disable_login": "Забраняване на вход (входящите съобщения все още се приемат)",
+        "disable_x": "Деактивиране",
+        "dkim_domains_selector": "Селектор",
+        "dkim_key_length": "Дължина на DKIM ключа (битове)",
+        "domain": "Домейн",
+        "domain_admins": "Администратори на домейн",
+        "domain_aliases": "Псевдоними на домейн",
+        "domain_templates": "Шаблони за домейн",
+        "domain_quota": "Квота",
+        "domain_quota_total": "Обща квота на домейна",
+        "domains": "Домейни",
+        "edit": "Редактиране",
+        "empty": "Няма резултати",
+        "enable_x": "Активиране",
+        "excludes": "Изключване",
+        "filter_table": "Таблица с филтри",
+        "filters": "Филтри",
+        "fname": "Пълно име",
+        "force_pw_update": "Принудително обновяване на парола при следващия вход",
+        "gal": "Глобален адресен списък",
+        "goto_ham": "Учен като <span class=\"text-success\"><b>не е спам</b></span>",
+        "goto_spam": "Учен като <span class=\"text-danger\"><b>спам</b></span>",
+        "hourly": "Часово",
+        "iam": "Доставчик на идентичност",
+        "in_use": "В употреба (%)",
+        "inactive": "Неактивен",
+        "insert_preset": "Вмъкване на примерен предефиниран набор \"%s\"",
+        "kind": "Вид",
+        "last_mail_login": "Последен вход в пощата",
+        "last_modified": "Последно модифициране",
+        "last_pw_change": "Последна промяна на парола",
+        "last_run": "Последно изпълнение",
+        "last_run_reset": "Задаване на следващо",
+        "mailbox": "Пощенска кутия",
+        "mailbox_defaults": "Настройки по подразбиране",
+        "mailbox_defaults_info": "Дефинирайте настройки по подразбиране за нови пощенски кутии.",
+        "mailbox_defquota": "Размер по подразбиране на пощенска кутия",
+        "mailbox_templates": "Шаблони за пощенска кутия",
+        "mailbox_quota": "Макс. размер на пощенска кутия",
+        "mailboxes": "Пощенски кутии",
+        "max_aliases": "Макс. псевдоними",
+        "max_mailboxes": "Макс. възможни пощенски кутии",
+        "max_quota": "Макс. квота за пощенска кутия",
+        "mins_interval": "Интервал (мин)",
+        "msg_num": "Съобщение №",
+        "multiple_bookings": "Множествени резервации",
+        "never": "Никога",
+        "no": "&#10005;",
+        "no_record": "Няма запис за обект %s",
+        "no_record_single": "Няма запис",
+        "open_logs": "Отваряне на логове",
+        "owner": "Собственик",
+        "private_comment": "Частен коментар",
+        "public_comment": "Публичен коментар",
+        "q_add_header": "при преместване в папката за нежелана поща",
+        "q_all": " при преместване в папката за нежелана поща и при отхвърляне",
+        "q_reject": "при отхвърляне",
+        "quarantine_category": "Категория на уведомленията за карантина",
+        "quarantine_notification": "Уведомления за карантина",
+        "quick_actions": "Действия",
+        "recipient": "Получател",
+        "recipient_map": "Карта на получател",
+        "recipient_map_info": "Картите на получател се използват, за да се замени адресът на дестинация на съобщението, преди да бъде доставено.",
+        "recipient_map_new": "Нов получател",
+        "recipient_map_new_info": "Дестинацията на картата на получател трябва да бъде валиден имейл адрес или име на домейн.",
+        "recipient_map_old": "Оригинален получател",
+        "recipient_map_old_info": "Оригиналната дестинация на картата на получател трябва да бъде валиден имейл адрес или име на домейн.",
+        "recipient_maps": "Карти на получател",
+        "relay_all": "Реле на всички получатели",
+        "relay_unknown": "Реле на несъществуващи пощенски кутии",
+        "remove": "Премахване",
+        "resources": "Ресурси",
+        "running": "Изпълнява се",
+        "sender": "Изпращач",
+        "set_postfilter": "Маркиране като постфилтър",
+        "set_prefilter": "Маркиране като префилтър",
+        "sieve_info": "Можете да запазите множество филтри за всеки потребител, но само един префилтър и един постфилтър могат да бъдат активни едновременно.<br>\r\nВсеки филтър ще бъде обработен в описания ред. Нито един неуспешен скрипт, нито издадена команда \"keep;\" няма да спре обработката на следващите скриптове. Промените в глобалните филтри на sieve ще предизвикат рестартиране на Dovecot.<br><br>Глобален префилтър на sieve &#8226; Префилтър &#8226; Потребителски скриптове &#8226; Постфилтър &#8226; Глобален постфилтър на sieve",
+        "sieve_preset_1": "Изтриване на съобщения с потенциално опасни типове файлове",
+        "sieve_preset_2": "Винаги маркиране на имейла на определен изпращач като прочетен",
+        "sieve_preset_3": "Тихо изтриване, спиране на всякаква допълнителна обработка на sieve филтри",
+        "sieve_preset_4": "Архивиране на съобщението във ВХОДНА, пропускане на допълнителна обработка от sieve филтри",
+        "sieve_preset_5": "Автоотговор (ваканция)",
+        "sieve_preset_6": "Отхвърляне на съобщение с отговор",
+        "sieve_preset_7": "Пренасочване и запазване/изтриване",
+        "sieve_preset_8": "Пренасочване на имейл от определен изпращач, маркиране като прочетен и сортиране в подпапка",
+        "sieve_preset_header": "Моля, вижте примерните предефинирани набори по-долу. За повече детайли вижте <a href=\"https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)\" target=\"_blank\">Wikipedia</a>.",
+        "sogo_visible": "Псевдонимът е видим в SOGo",
+        "sogo_visible_n": "Скриване на псевдоним в SOGo",
+        "sogo_visible_y": "Показване на псевдоним в SOGo",
+        "spam_aliases": "Времеви псевдоними",
+        "stats": "Статистика",
+        "status": "Статус",
+        "sync_jobs": "Синхронизиращи задачи",
+        "syncjob_check_log": "Проверка на лога",
+        "syncjob_last_run_result": "Резултат от последното изпълнение",
+        "syncjob_EX_OK": "Успех",
+        "syncjob_EXIT_CONNECTION_FAILURE": "Проблем с връзката",
+        "syncjob_EXIT_TLS_FAILURE": "Проблем с криптираната връзка",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Проблем с удостоверяването",
+        "syncjob_EXIT_OVERQUOTA": "Целевата пощенска кутия е над квотата",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Не може да се свърже с отдалечен сървър",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Грешно потребителско име или парола",
+        "table_size": "Размер на таблицата",
+        "table_size_show_n": "Показване на %s елемента",
+        "target_address": "Адрес за пренасочване",
+        "target_domain": "Целеви домейн",
+        "templates": "Шаблони",
+        "template": "Шаблон",
+        "tls_enforce_in": "Принудително използване на TLS за входящи",
+        "tls_enforce_out": "Принудително използване на TLS за изходящи",
+        "tls_map_dest": "Дестинация",
+        "tls_map_dest_info": "Примери: example.org, .example.org, [mail.example.org]:25",
+        "tls_map_parameters": "Параметри",
+        "tls_map_parameters_info": "Празно или параметри, например: protocols=!SSLv2 ciphers=medium exclude=3DES",
+        "tls_map_policy": "Политика",
+        "tls_policy_maps": "Пренареждания на политиката на TLS",
+        "tls_policy_maps_enforced_tls": "Тези политики ще пренареждат и поведението за потребители на пощенски кутии, които принудително използват изходящи TLS връзки. Ако няма политика, съществуваща по-долу, тези потребители ще приложат стойностите по подразбиране, зададени като <code>smtp_tls_mandatory_protocols</code> и <code>smtp_tls_mandatory_ciphers</code>.",
+        "tls_policy_maps_info": "Тази политика за пренареждане на TLS транспортни правила е независима от настройките за политика на TLS на потребителя.<br>\r\n  Моля, вижте <a href=\"http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps\" target=\"_blank\">документацията за \"smtp_tls_policy_maps\"</a> за повече информация.",
+        "tls_policy_maps_long": "Пренареждания на политиката на TLS за изходящи",
+        "toggle_all": "Превключване на всички",
+        "username": "Потребителско име",
+        "waiting": "Изчакване",
+        "weekly": "Седмично",
+        "yes": "&#10003;"
+    },
+    "oauth2": {
+        "access_denied": "Моля, влезте като собственик на пощенска кутия, за да удостоверите чрез OAuth2.",
+        "authorize_app": "Удостоверяване на приложение",
+        "deny": "Отказ",
+        "permit": "Удостоверяване на приложение",
+        "profile": "Профил",
+        "profile_desc": "Преглед на лични данни: потребителско име, пълно име, създадено, модифицирано, активно",
+        "scope_ask_permission": "Приложението заявява следните разрешения"
+    },
+    "quarantine": {
+        "action": "Действие",
+        "atts": "Прикачени файлове",
+        "check_hash": "Търсене на файлов хеш в VirusTotal",
+        "confirm": "Потвърждаване",
+        "confirm_delete": "Потвърждаване на изтриването на този елемент.",
+        "danger": "Опасност",
+        "deliver_inbox": "Доставяне в пощенската кутия",
+        "disabled_by_config": "Текущата системна конфигурация деактивира функционалността на карантината. Моля, задайте \"задържания за пощенска кутия\" и \"максимален размер\" за елементите на карантината.",
+        "download_eml": "Изтегляне (.eml)",
+        "empty": "Няма резултати",
+        "high_danger": "Висока",
+        "info": "Информация",
+        "junk_folder": "Папка за нежелана поща",
+        "learn_spam_delete": "Учен като спам и изтриване",
+        "low_danger": "Ниска",
+        "medium_danger": "Средна",
+        "neutral_danger": "Неутрална",
+        "notified": "Уведомен",
+        "qhandler_success": "Заявката е изпратена успешно до системата. Можете да затворите прозореца сега.",
+        "qid": "QID на Rspamd",
+        "qinfo": "Системата за карантина ще запази отхвърлените съобщения в базата данни (изпращачът няма да бъде информиран за доставеното съобщение) както и съобщенията, доставени като копие в папката за нежелана поща на пощенска кутия.<br> <br>\"Учен като спам и изтриване\" ще научи съобщението като спам чрез теоремата на Бейс и също ще изчисли размити хешове, за да отхвърли подобни съобщения в бъдеще.<br> <br>Моля, имайте предвид, че обучаването на множество съобщения може да бъде - в зависимост от вашата система - времеемко.<br>Елементите в черния списък са изключени от карантината.",
+        "qitem": "Елемент в карантина",
+        "quarantine": "Карантина",
+        "quick_actions": "Действия",
+        "quick_delete_link": "Отваряне на бърз линк за изтриване",
+        "quick_info_link": "Отваряне на бърз информационен линк",
+        "quick_release_link": "Отваряне на бърз линк за освобождане",
+        "rcpt": "Получател",
+        "received": "Получено",
+        "recipients": "Получатели",
+        "refresh": "Опресняване",
+        "rejected": "Отхвърлено",
+        "release": "Освобождане",
+        "release_body": "Прикаченото съобщение е добавено към това съобщение.",
+        "release_subject": "Потенциално вреден елемент в карантина %s",
+        "remove": "Премахване",
+        "rewrite_subject": "Презаписване на темата",
+        "rspamd_result": "Резултат от Rspamd",
+        "sender": "Изпращач (SMTP)",
+        "sender_header": "Изпращач (\"From\" заглавие)",
+        "settings_info": "Максимален брой елементи за карантиниране: %s<br>Максимален размер на имейл: %s MiB",
+        "show_item": "Показване на елемент",
+        "spam": "Спам",
+        "spam_score": "Резултат",
+        "subj": "Тема",
+        "table_size": "Размер на таблицата",
+        "table_size_show_n": "Показване на %s елемента",
+        "text_from_html_content": "Съдържание (конвертиран HTML)",
+        "text_plain_content": "Съдържание (обикновен текст)",
+        "toggle_all": "Превключване на всички",
+        "type": "Тип"
+    },
+    "queue": {
+        "delete": "Изтриване на всички",
+        "flush": "Изчистване на опашката",
+        "info": "Опашката на имейлите съдържа всички имейли, които чакат за доставка. Ако имейлът е засечен в опашката за дълго време, той автоматично се изтрива от системата.<br>Съобщението за грешка на съответния имейл дава информация защо имейлът не може да бъде доставен.",
+        "legend": "Функции на действията в опашката на имейлите:",
+        "ays": "Моля, потвърдете, че искате да изтриете всички елементи от текущата опашка.",
+        "deliver_mail": "Доставяне",
+        "deliver_mail_legend": "Опит за повторно доставяне на избраните съобщения.",
+        "hold_mail": "Задържане",
+        "hold_mail_legend": "Задържа избраните съобщения. (Предотвратява допълнителни опити за доставяне)",
+        "queue_manager": "Мениджър на опашката",
+        "show_message": "Показване на съобщение",
+        "unban": "разблокиране на опашката",
+        "unhold_mail": "Освобождаване",
+        "unhold_mail_legend": "Освобождава избраните съобщения за доставка. (Изисква предварително задържане)"
+    },
+    "ratelimit": {
+        "disabled": "Деактивирано",
+        "second": "съобщения/секунда",
+        "minute": "съобщения/минута",
+        "hour": "съобщения/час",
+        "day": "съобщения/ден"
+    },
+    "start": {
+        "help": "Показване/Скриване на панела за помощ",
+        "imap_smtp_server_auth_info": "Моля, използвайте пълния си имейл адрес и механизма за удостоверяване PLAIN.<br>\r\nВашите данни за вход ще бъдат криптирани от сървърната страна чрез задължително сървърно криптиране."
+    },
+    "success": {
+        "acl_saved": "ACL за обект %s е запазен",
+        "admin_added": "Администраторът %s е добавен",
+        "admin_api_modified": "Промените в API са запазени",
+        "admin_modified": "Промените в администратора са запазени",
+        "admin_removed": "Администраторът %s е премахнат",
+        "alias_added": "Адресът на псевдонима %s (%d) е добавен",
+        "alias_domain_removed": "Домейнът на псевдонима %s е премахнат",
+        "alias_modified": "Промените в адреса на псевдонима %s са запазени",
+        "alias_removed": "Псевдонимът %s е премахнат",
+        "aliasd_added": "Добавен домейн на псевдоним %s",
+        "aliasd_modified": "Промените в домейна на псевдоним %s са запазени",
+        "app_links": "Запазени промени в линковете на приложенията",
+        "app_passwd_added": "Добавена нова парола за приложение",
+        "app_passwd_removed": "Премахната парола за приложение с ID %s",
+        "bcc_deleted": "Записи в картата BCC са изтрити: %s",
+        "bcc_edited": "Записът в картата BCC %s е редактиран",
+        "bcc_saved": "Записът в картата BCC е запазен",
+        "cors_headers_edited": "Настройките на CORS са запазени",
+        "db_init_complete": "Инициализацията на базата данни е завършена",
+        "delete_filter": "Изтрити филтри с ID %s",
+        "delete_filters": "Изтрити филтри: %s",
+        "deleted_syncjob": "Изтрита синхронизираща задача с ID %s",
+        "deleted_syncjobs": "Изтрити синхронизиращи задачи: %s",
+        "dkim_added": "Добавен DKIM ключ %s",
+        "dkim_duplicated": "DKIM ключът за домейн %s е копиран в %s",
+        "dkim_removed": "DKIM ключът %s е премахнат",
+        "domain_add_dkim_available": "DKIM ключът вече съществува",
+        "domain_added": "Добавен домейн %s",
+        "domain_admin_added": "Добавен администратор на домейн %s",
+        "domain_admin_modified": "Промените в администратора на домейн %s са запазени",
+        "domain_admin_removed": "Администраторът на домейн %s е премахнат",
+        "domain_footer_modified": "Промените в подвала на домейн %s са запазени",
+        "domain_modified": "Промените в домейн %s са запазени",
+        "domain_removed": "Домейнът %s е премахнат",
+        "dovecot_restart_success": "Dovecot е рестартиран успешно",
+        "eas_reset": "Устройствата с ActiveSync за потребителя %s са нулирани",
+        "f2b_banlist_refreshed": "Списъкът с ID на блокираните е актуализиран успешно.",
+        "f2b_modified": "Промените в параметрите на Fail2ban са запазени",
+        "forwarding_host_added": "Добавен хост за препращане %s",
+        "forwarding_host_removed": "Премахнат хост за препращане %s",
+        "global_filter_written": "Филтърът е записан успешно във файл",
+        "hash_deleted": "Хешът е изтрит",
+        "iam_test_connection": "Връзката е успешна",
+        "ip_check_opt_in_modified": "Проверката на IP беше успешно запазена",
+        "item_deleted": "Елементът %s е изтрит успешно",
+        "item_released": "Елементът %s е освободен",
+        "items_deleted": "Елементът %s е изтрит успешно",
+        "items_released": "Избраните елементи са освободени",
+        "learned_ham": "Успешно научен ID %s като не е спам",
+        "license_modified": "Промените в лиценза са запазени",
+        "logged_in_as": "Вписан като %s",
+        "mailbox_added": "Пощенската кутия %s е добавена",
+        "mailbox_modified": "Промените в пощенската кутия %s са запазени",
+        "mailbox_removed": "Пощенската кутия %s е премахната",
+        "mailbox_renamed": "Пощенската кутия е преименувана от %s на %s",
+        "nginx_reloaded": "Nginx е презареден",
+        "object_modified": "Промените в обект %s са запазени",
+        "password_changed_success": "Паролата е променена успешно",
+        "password_policy_saved": "Политиката за парола е запазена успешно",
+        "pushover_settings_edited": "Настройките на Pushover са запазени успешно, моля, проверете удостоверенията.",
+        "qlearn_spam": "Съобщението с ID %s е научено като спам и изтрито",
+        "queue_command_success": "Командата на опашката е завършена успешно",
+        "recipient_map_entry_deleted": "Записът в картата на получател с ID %s е изтрит",
+        "recipient_map_entry_saved": "Записът в картата на получател \"%s\" е запазен",
+        "recovery_email_sent": "Изпратен имейл за възстановяване до %s",
+        "relayhost_added": "Записът в картата %s е добавен",
+        "relayhost_removed": "Записът в картата %s е премахнат",
+        "reset_main_logo": "Нулиране на логото по подразбиране",
+        "resource_added": "Ресурсът %s е добавен",
+        "resource_modified": "Промените в пощенската кутия %s са запазени",
+        "resource_removed": "Ресурсът %s е премахнат",
+        "rl_saved": "Ограничението на скоростта за обект %s е запазено",
+        "rspamd_ui_pw_set": "Паролата на UI на Rspamd е зададена успешно",
+        "saved_settings": "Запазени настройки",
+        "settings_map_added": "Добавен запис в картата с настройки",
+        "settings_map_removed": "Премахнат запис в картата с настройки с ID %s",
+        "sogo_profile_reset": "Профилът на SOGo за потребителя %s е нулиран",
+        "template_added": "Добавен шаблон %s",
+        "template_modified": "Промените в шаблон %s са запазени",
+        "template_removed": "Шаблонът с ID %s е премахнат",
+        "tls_policy_map_entry_deleted": "Записът в картата на политиката на TLS с ID %s е изтрит",
+        "tls_policy_map_entry_saved": "Записът в картата на политиката на TLS \"%s\" е запазен",
+        "ui_texts": "Запазени промени в текстовете на UI",
+        "upload_success": "Файлът е качен успешно",
+        "verified_fido2_login": "Потвърдено вход с FIDO2",
+        "verified_totp_login": "Потвърдено вход с TOTP",
+        "verified_webauthn_login": "Потвърдено вход с WebAuthn",
+        "verified_yotp_login": "Потвърдено вход с Yubico OTP"
+    },
+    "tfa": {
+        "authenticators": "Аутентикатори",
+        "api_register": "%s използва облачното API на Yubico. Моля, вземете API ключ за вашия ключ <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">тук</a>",
+        "confirm": "Потвърждаване",
+        "confirm_totp_token": "Моля, потвърдете промените, като въведете генерирания токен",
+        "delete_tfa": "Деактивиране на TFA",
+        "disable_tfa": "Деактивиране на TFA до следващия успешен вход",
+        "enter_qr_code": "Вашият TOTP код, ако вашето устройство не може да сканира QR кодове",
+        "error_code": "Код на грешка",
+        "init_webauthn": "Инициализиране, моля, изчакайте...",
+        "key_id": "Идентификатор за вашето устройство",
+        "key_id_totp": "Идентификатор за вашия ключ",
+        "none": "Деактивиране",
+        "reload_retry": "- (презаредете браузъра, ако грешката продължи)",
+        "scan_qr_code": "Моля, сканирайте следния код с вашето приложение за аутентикация или въведете кода ръчно.",
+        "select": "Моля, изберете",
+        "set_tfa": "Задаване на метод за двуфакторно удостоверяване",
+        "start_webauthn_validation": "Стартиране на проверка",
+        "tfa": "Двуфакторно удостоверяване",
+        "tfa_token_invalid": "Невалиден токен за TFA",
+        "totp": "Временен OTP (Google Authenticator, Authy и др.)",
+        "u2f_deprecated": "Изглежда, че вашият ключ е регистриран с депрекирания метод U2F. Ще деактивираме двуфакторното удостоверяване за вас и ще изтрием вашия ключ.",
+        "u2f_deprecated_important": "Моля, регистрирайте вашия ключ в административния панел с новия метод WebAuthn.",
+        "webauthn": "Удостоверяване с WebAuthn",
+        "waiting_usb_auth": "<i>Изчакване на USB устройство...</i><br><br>Моля, докоснете бутона на вашето USB устройство сега.",
+        "waiting_usb_register": "<i>Изчакване на USB устройство...</i><br><br>Моля, въведете паролата си по-горе и потвърдете регистрацията си, като докоснете бутона на вашето USB устройство.",
+        "yubi_otp": "Удостоверяване с Yubico OTP"
+    },
+    "user": {
+        "action": "Действие",
+        "active": "Активен",
+        "active_sieve": "Активен филтър",
+        "advanced_settings": "Разширени настройки",
+        "alias": "Псевдоним",
+        "alias_create_random": "Генериране на случаен псевдоним",
+        "alias_extend_all": "Удължаване на всички псевдоними с 1 час",
+        "alias_full_date": "d.m.Y, H:i:s T",
+        "alias_remove_all": "Премахване на всички псевдоними",
+        "alias_select_validity": "Период на валидност",
+        "alias_time_left": "Оставащо време",
+        "alias_valid_until": "Валиден до",
+        "aliases_also_send_as": "Разрешено да изпраща и като потребител",
+        "aliases_send_as_all": "Не проверявай достъпа на изпращач за следните домейни и техните псевдоними",
+        "allowed_protocols": "Разрешени протоколи",
+        "app_hint": "Паролите за приложения са алтернативни пароли за вашия IMAP, SMTP, CalDAV, CardDAV и EAS вход. Потребителското име остава непроменено. SOGo уеб пощата не е достъпна чрез пароли за приложения.",
+        "app_name": "Име на приложението",
+        "app_passwds": "Пароли за приложения",
+        "apple_connection_profile": "Профил за връзка на Apple",
+        "apple_connection_profile_complete": "Този профил за връзка включва настройки за IMAP и SMTP, както и пътища за CalDAV (календари) и CardDAV (контакти) за устройство на Apple.",
+        "apple_connection_profile_mailonly": "Този профил за връзка включва настройки за IMAP и SMTP за устройство на Apple.",
+        "apple_connection_profile_with_app_password": "Генерирана е нова парола за приложение и е добавена към профила, така че не е необходимо да се въвежда парола при настройката на вашето устройство. Моля, не споделяйте файла, тъй като той предоставя пълен достъп до вашата пощенска кутия.",
+        "attribute": "Атрибут",
+        "authentication": "Удостоверяване",
+        "change_password": "Промяна на парола",
+        "change_password_hint_app_passwords": "Вашият акаунт има %d пароли за приложения, които няма да бъдат променени. За управление на тях, отидете в раздела \"Пароли за приложения\".",
+        "clear_recent_successful_connections": "Изчистване на видимите успешни връзки",
+        "client_configuration": "Показване на ръководства за настройка на пощенски клиенти и смартфони",
+        "create_app_passwd": "Създаване на парола за приложение",
+        "create_syncjob": "Създаване на нова синхронизираща задача",
+        "created_on": "Създаден на",
+        "daily": "Ежедневно",
+        "day": "ден",
+        "delete_ays": "Моля, потвърдете процеса на изтриване.",
+        "description": "Описание",
+        "direct_aliases": "Директни адреси на псевдоними",
+        "direct_aliases_desc": "Директните адреси на псевдоними се засягат от настройките за филтър за спам и политика за TLS.",
+        "direct_protocol_access": "Този потребител на пощенска кутия има <b>директен, външен достъп</b> до следните протоколи и приложения. Тази настройка се контролира от вашия администратор. Паролите за приложения могат да бъдат създадени, за да се предостави достъп до отделни протоколи и приложения.<br>Бутонът \"Уеб поща\" предоставя еднократно удостоверяване към SOGo и винаги е достъпен.",
+        "eas_reset": "Нулиране на кеша на устройствата с ActiveSync",
+        "eas_reset_help": "В много случаи нулирането на кеша на устройството ще помогне за възстановяването на повреден профил на ActiveSync.<br><b>Внимание:</b> Всички елементи ще бъдат презаредени!",
+        "eas_reset_now": "Нулиране сега",
+        "edit": "Редактиране",
+        "email": "Имейл",
+        "email_and_dav": "Имейл, календари и контакти",
+        "empty": "Няма резултати",
+        "encryption": "Криптиране",
+        "excludes": "Изключване",
+        "expire_in": "Изтича след",
+        "fido2_webauthn": "FIDO2/WebAuthn",
+        "force_pw_update": "Трябва да зададете нова парола, за да имате достъп до груповите услуги.",
+        "from": "от",
+        "generate": "генериране",
+        "hour": "час",
+        "hourly": "Часово",
+        "hours": "часа",
+        "in_use": "В употреба",
+        "interval": "Интервал",
+        "is_catch_all": "Catch-all за домейн/и",
+        "last_mail_login": "Последен вход в пощата",
+        "last_pw_change": "Последна промяна на парола",
+        "last_run": "Последно изпълнение",
+        "last_ui_login": "Последен вход в UI",
+        "loading": "Зареждане...",
+        "login_history": "История на входовете",
+        "mailbox": "Пощенска кутия",
+        "mailbox_details": "Детайли",
+        "mailbox_general": "Общи",
+        "mailbox_settings": "Настройки",
+        "messages": "съобщения",
+        "month": "месец",
+        "months": "месеца",
+        "never": "Никога",
+        "new_password": "Нова парола",
+        "new_password_repeat": "Потвърждаване на новата парола",
+        "no_active_filter": "Няма активен филтър",
+        "no_last_login": "Няма информация за последен вход в UI",
+        "no_record": "Няма запис",
+        "open_logs": "Отваряне на логове",
+        "open_webmail_sso": "Уеб поща",
+        "overview": "Преглед",
+        "password": "Парола",
+        "password_now": "Текуща парола (потвърждаване на промените)",
+        "password_repeat": "Парола (повторете)",
+        "password_reset_info": "Ако не е зададен имейл за възстановяване на парола, тази функция не може да бъде използвана.",
+        "protocols": "Протоколи",
+        "pushover_evaluate_x_prio": "Ескалиране на високоприоритетни съобщения [<code>X-Priority: 1</code>]",
+        "pushover_info": "Настройките за известия на Pushover ще се прилагат за всички чисти (не-спам) съобщения, доставени до <b>%s</b>, включително псевдоними (споделени, несподелени, таговани).",
+        "pushover_only_x_prio": "Разглеждане само на високоприоритетни съобщения [<code>X-Priority: 1</code>]",
+        "pushover_sender_array": "Разглеждане на следните адреси на изпращач <small>(разделени с запетая)</small>",
+        "pushover_sender_regex": "Съвпадение на изпращач с следния regex",
+        "pushover_sound": "Звук",
+        "pushover_text": "Текст на известието",
+        "pushover_title": "Заглавие на известието",
+        "pushover_vars": "Когато не е зададен филтър на изпращач, всички съобщения ще бъдат разглеждани.<br>Филтрите с регулярен израз, както и точните проверки на изпращач, могат да бъдат дефинирани индивидуално и ще бъдат разглеждани последователно. Те не зависят един от друг.<br>Използвайте следните променливи за текст и заглавие (моля, вземете предвид политиките за поверителност на данните)",
+        "pushover_verify": "Проверка на удостоверения",
+        "pw_recovery_email": "Имейл за възстановяване на парола",
+        "q_add_header": "Папка за нежелана поща",
+        "q_all": "Всички категории",
+        "q_reject": "Отхвърлени",
+        "quarantine_category": "Категория на уведомленията за карантина",
+        "quarantine_category_info": "Категорията \"Отхвърлени\" включва съобщения, които са били отхвърлени, докато категорията \"Папка за нежелана поща\" ще уведоми потребителя за съобщения, които са били поставени в папката за нежелана поща.",
+        "quarantine_notification": "Уведомления за карантина",
+        "quarantine_notification_info": "След като уведомлението е изпратено, елементите ще бъдат маркирани като \"уведомени\" и няма да бъдат изпращани допълнителни уведомления за този конкретен елемент.",
+        "recent_successful_connections": "Видими успешни връзки",
+        "remove": "Премахване",
+        "running": "Изпълнява се",
+        "save": "Запазване на промените",
+        "save_changes": "Запазване на промените",
+        "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">Проверката на изпращач е деактивирана</span>",
+        "shared_aliases": "Споделени адреси на псевдоними",
+        "shared_aliases_desc": "Споделените псевдоними не се засягат от настройките за филтър за спам и политика за TLS на потребителя. Съответните настройки за спам филтър могат да бъдат направени само от администратор като настройка за домейн.",
+        "show_sieve_filters": "Показване на активния потребителски филтър на sieve",
+        "sogo_profile_reset": "Нулиране на профила на SOGo",
+        "sogo_profile_reset_help": "Това ще унищожи профила на SOGo и <b>ще изтрие всички данни за контакти и календар безвъзвратно</b>.",
+        "sogo_profile_reset_now": "Нулиране сега",
+        "spam_aliases": "Временни адреси на псевдоними",
+        "spam_score_reset": "Нулиране до настройките на сървъра по подразбиране",
+        "spamfilter": "Филтър за спам",
+        "spamfilter_behavior": "Рейтинг",
+        "spamfilter_bl": "Черен списък",
+        "spamfilter_bl_desc": "Адресите в черния списък <b>винаги</b> ще бъдат класифицирани като спам и отхвърлени. Отхвърлените съобщения <b>не</b> ще бъдат копирани в карантина. Поддържат се уайлдкардове.<br>Отхвърлените съобщения няма да бъдат доставени до папката за нежелана поща.",
+        "spamfilter_default_score": "Стойности по подразбиране",
+        "spamfilter_green": "Зелено: това съобщение не е спам",
+        "spamfilter_hint": "Първата стойност описва \"нисък резултат за спам\", втората представлява \"висок резултат за спам\".",
+        "spamfilter_red": "Червено: това съобщение е спам и ще бъде отхвърлено от сървъра",
+        "spamfilter_table_action": "Действие",
+        "spamfilter_table_add": "Добавяне на елемент",
+        "spamfilter_table_domain_policy": "политика на домейна",
+        "spamfilter_table_empty": "Няма данни за показване",
+        "spamfilter_table_remove": "премахване",
+        "spamfilter_table_rule": "Правило",
+        "spamfilter_wl": "Бял списък",
+        "spamfilter_wl_desc": "Адресите в белия списък <b>никога</b> ще бъдат класифицирани като спам. Поддържат се уайлдкардове.<br>Съобщенията, които не са класифицирани като спам, ще бъдат доставени в папката за нежелана поща, ако резултатът за спам е над стойността за висок резултат за спам.",
+        "spamfilter_yellow": "Жълто: това съобщение може да е спам, ще бъде маркирано като спам и преместено в папката за нежелана поща",
+        "status": "Статус",
+        "sync_jobs": "Синхронизиращи задачи",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Проблем с удостоверяването",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Грешно потребителско име или парола",
+        "syncjob_EXIT_CONNECTION_FAILURE": "Проблем с връзката",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Не може да се свърже с отдалечен сървър",
+        "syncjob_EXIT_OVERQUOTA": "Целевата пощенска кутия е над квотата",
+        "syncjob_EXIT_TLS_FAILURE": "Проблем с криптираната връзка",
+        "syncjob_EX_OK": "Успех",
+        "syncjob_check_log": "Проверка на лога",
+        "syncjob_last_run_result": "Резултат от последното изпълнение",
+        "tag_handling": "Настройка за тагове",
+        "tag_help_example": "Пример за тагован имейл адрес: me<b>+Facebook</b>@example.org",
+        "tag_help_explain": "В подпапка: ще бъде създадена нова подпапка под INBOX (\"INBOX/Facebook\").<br>\r\nВ тема: първото име на тага ще бъде добавено към темата на съобщението, например: \"[Facebook] Моите новини\".",
+        "tag_in_none": "Не прави нищо",
+        "tag_in_subfolder": "В подпапка",
+        "tag_in_subject": "В тема",
+        "text": "Текст",
+        "tfa_info": "Двуфакторното удостоверяване помага за защита на вашия акаунт. Ако го активирате, ще ви трябват пароли за приложения, за да влезете в приложения или услуги, които не поддържат двуфакторно удостоверяване (напр. пощенски клиенти).",
+        "title": "Заглавие",
+        "tls_enforce_in": "Принудително използване на TLS за входящи",
+        "tls_enforce_out": "Принудително използване на TLS за изходящи",
+        "tls_policy": "Политика за криптиране",
+        "tls_policy_warning": "<strong>Внимание:</strong> Ако решите да принудите преноса на криптирани съобщения, може да загубите съобщения.<br>Съобщенията, които не удовлетворяват политиката, ще бъдат върнати с твърдо отхвърляне от системата за поща.<br>Тази опция засяга вашия основен адрес на пощенска кутия (логин име), всички адреси, произтичащи от домейни на псевдоними, както и адреси на псевдоними, <b>с единствена целева пощенска кутия</b>.",
+        "user_settings": "Настройки на потребителя",
+        "username": "Потребителско име",
+        "value": "Стойност",
+        "verify": "Проверка",
+        "waiting": "Изчакване",
+        "week": "седмица",
+        "weekly": "Weekly",
+        "weeks": "седмици",
+        "with_app_password": "с парола за приложение",
+        "year": "година",
+        "years": "години"
+    },
+    "warning": {
+        "cannot_delete_self": "Не може да изтриете влезлия потребител",
+        "domain_added_sogo_failed": "Добавен домейн, но неуспешно рестартиране на SOGo, моля, проверете системните логове.",
+        "dovecot_restart_failed": "Dovecot не успя да рестартира, моля, проверете логовете",
+        "fuzzy_learn_error": "Грешка при обучение на размит хеш: %s",
+        "hash_not_found": "Хешът не е намерен или вече е изтрит",
+        "ip_invalid": "Пропуснат невалиден IP: %s",
+        "is_not_primary_alias": "Пропуснат неосновен псевдоним %s",
+        "no_active_admin": "Не може да деактивирате последния активен администратор",
+        "quota_exceeded_scope": "Квотата на домейна е надвишена: Само неограничени пощенски кутии могат да бъдат създадени в този домейн.",
+        "session_token": "Невалиден формулярен токен: Несъответствие на токена.",
+        "session_ua": "Невалиден формулярен токен: Грешка при проверка на User-Agent."
     }
-  },
-  "debug": {
-    "architecture": "Архитектура",
-    "chart_this_server": "Графика (този сървър)",
-    "containers_info": "Информация за контейнерите",
-    "container_running": "Изпълнява се",
-    "container_disabled": "Контейнерът е спрян или деактивиран",
-    "container_stopped": "Спрян",
-    "cores": "Ядра",
-    "current_time": "Системно време",
-    "disk_usage": "Използване на диска",
-    "docs": "Документи",
-    "error_show_ip": "Не може да се разреши публичния IP адрес",
-    "external_logs": "Външни логове",
-    "history_all_servers": "История (всички сървъри)",
-    "in_memory_logs": "Логове в паметта",
-    "last_modified": "Последно модифициране",
-    "log_info": "<p>Логовете на mailcow <b>в паметта</b> се събират в списъци на Redis и се подрязват до LOG_LINES (%d) на всяка минута, за да се намали натоварването.<br>Логовете в паметта не са предназначени да бъдат постоянни. Всички приложения, които записват в паметта, също записват в демона на Docker и следователно в основния драйвер за логсване.<br>Логовете в паметта трябва да се използват за отстраняване на леки проблеми с контейнери.</p>\r\n  <p><b>Външните логове</b> се събират чрез API на даденото приложение.</p>\r\n  <p><b>Статичните логове</b> са най-вече логове на активност, които не се записват в демона на Docker, но все още трябва да бъдат постоянни (с изключение на логовете на API).</p>",
-    "login_time": "Време",
-    "logs": "Логове",
-    "memory": "Памет",
-    "online_users": "Потребители онлайн",
-    "restart_container": "Рестартиране",
-    "service": "Услуга",
-    "show_ip": "Показване на публичен IP",
-    "size": "Размер",
-    "started_at": "Стартирано в",
-    "started_on": "Стартирано на",
-    "static_logs": "Статични логове",
-    "success": "Успех",
-    "system_containers": "Система & Контейнери",
-    "timezone": "Часова зона",
-    "uptime": "Време на работа",
-    "update_available": "Има налична актуализация",
-    "no_update_available": "Системата е на последното издание",
-    "update_failed": "Не може да се провери за актуализация",
-    "username": "Потребителско име",
-    "wip": "В момента се работи"
-  },
-  "diagnostics": {
-    "cname_from_a": "Стойността е извлечена от A/AAAA запис. Това се поддържа, докато записът сочи към правилния ресурс.",
-    "dns_records": "DNS записи",
-    "dns_records_24hours": "Моля, имайте предвид, че промените в DNS може да отнемат до 24 часа, за да имат актуалното си състояние правилно отразено на тази страница. Тя е предназначена да ви позволи лесно да видите как да конфигурирате вашите DNS записи и да проверите дали всичките ви записи са правилно запазени в DNS.",
-    "dns_records_data": "Правилни данни",
-    "dns_records_docs": "Моля, вижте и <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">документацията</a>.",
-    "dns_records_name": "Име",
-    "dns_records_status": "Текущо състояние",
-    "dns_records_type": "Тип",
-    "optional": "Този запис е опционален."
-  },
-  "edit": {
-    "acl": "ACL (Разрешение)",
-    "active": "Активен",
-    "admin": "Редактиране на администратор",
-    "advanced_settings": "Разширени настройки",
-    "alias": "Редактиране на псевдоним",
-    "allow_from_smtp": "Разрешаване само на тези IP адреси да използват <b>SMTP</b>",
-    "allow_from_smtp_info": "Оставете празно, за да разрешите всички изпращачи.<br>IPv4/IPv6 адреси и мрежи.",
-    "allowed_protocols": "Разрешени протоколи за пряк потребителски достъп (не засяга протоколите за пароли на приложения)",
-    "app_name": "Име на приложението",
-    "app_passwd": "Парола за приложение",
-    "app_passwd_protocols": "Разрешени протоколи за паролата на приложението",
-    "automap": "Опит за автоматично картографиране на папки (\"Изпратени\", \"Изпратени\" => \"Изпратени\" и т.н.)",
-    "backup_mx_options": "Опции за реле",
-    "bcc_dest_format": "BCC дестинацията трябва да бъде един валиден имейл адрес.<br>Ако имате нужда да изпратите копие до множество адреси, създайте псевдоним и го използвайте тук.",
-    "client_id": "Идентификатор на клиента",
-    "client_secret": "Тайна на клиента",
-    "comment_info": "Частен коментар не е видим за потребителя, докато публичен коментар се показва като подсказка при преминаване с мишката върху него в прегледа на потребителя",
-    "created_on": "Създаден на",
-    "custom_attributes": "Персонализирани атрибути",
-    "delete1": "Изтриване от източника след завършване",
-    "delete2": "Изтриване на съобщенията в дестинацията, които не са в източника",
-    "delete2duplicates": "Изтриване на дубликати в дестинацията",
-    "delete_ays": "Моля, потвърдете процеса на изтриване.",
-    "description": "Описание",
-    "disable_login": "Забраняване на вход (входящите съобщения все още се приемат)",
-    "domain": "Редактиране на домейн",
-    "domain_admin": "Редактиране на администратор на домейн",
-    "domain_footer": "Подвал за домейн",
-    "domain_footer_html": "HTML подвал",
-    "domain_footer_info": "Подвалите за домейн се добавят към всички изходящи имейли, свързани с адрес в този домейн. Следните променливи могат да бъдат използвани за подвала:",
-    "domain_footer_info_vars": {
-      "auth_user": "{= auth_user =}   - Удостоверен потребител, посочен от MTA",
-      "from_user": "{= from_user =}   - Потребителска част на обвивката, напр. за \"moo@mailcow.tld\" връща \"moo\"",
-      "from_name": "{= from_name =}   - Име на обвивката, напр. за \"Mailcow &lt;moo@mailcow.tld&gt;\" връща \"Mailcow\"",
-      "from_addr": "{= from_addr =}   - Адресна част на обвивката",
-      "from_domain": "{= from_domain =} - Домейна част на обвивката",
-      "custom": "{= foo =}         - Ако пощенската кутия има персонализиран атрибут \"foo\" със стойност \"bar\", ще върне \"bar\""
-    },
-    "domain_footer_plain": "PLAIN подвал",
-    "domain_footer_skip_replies": "Игнориране на подвал в отговорни имейли",
-    "domain_quota": "Квота на домейна",
-    "domains": "Домейни",
-    "dont_check_sender_acl": "Деактивиране на проверката на изпращач за домейн %s (+ домейни на псевдоними)",
-    "edit_alias_domain": "Редактиране на домейн на псевдоним",
-    "encryption": "Криптиране",
-    "exclude": "Изключване на обекти (regex)",
-    "extended_sender_acl": "Външни адреси на изпращач",
-    "extended_sender_acl_info": "Трябва да бъде импортиран DKIM домейн ключ, ако е наличен.<br>\r\n  Помнете да добавите този сървър към съответния SPF TXT запис.<br>\r\n  Когато домейн или домейн на псевдоним бъде добавен към този сървър, който се припокрива с външен адрес, външният адрес ще бъде премахнат.<br>\r\n  Използвайте @domain.tld, за да разрешите изпращане като *@domain.tld.",
-    "footer_exclude": "Изключване от подвал",
-    "force_pw_update": "Принудително обновяване на парола при следващия вход",
-    "force_pw_update_info": "Този потребител ще може да влезе само в %s. Паролите за приложения остават използваеми.",
-    "full_name": "Пълно име",
-    "gal": "Глобален адресен списък",
-    "gal_info": "Глобалният адресен списък съдържа всички обекти на домейна и не може да бъде редактиран от нито един потребител. Липсва информация за заетост/свободно време в SOGo, ако е деактивирано! <b>Рестартирайте SOGo, за да приложите промените.</b>",
-    "generate": "генериране",
-    "grant_types": "Типове разрешения",
-    "hostname": "Име на хост",
-    "inactive": "Неактивен",
-    "kind": "Вид",
-    "last_modified": "Последно модифициране",
-    "lookup_mx": "Дестинацията е регулярен израз за съвпадение с MX име (<code>.*\\.google\\.com</code> за пренасочване на всички съобщения, предназначени за MX, завършващ на google.com, през този хоп)",
-    "mailbox": "Редактиране на пощенска кутия",
-    "mailbox_quota_def": "Квота по подразбиране за пощенска кутия",
-    "mailbox_relayhost_info": "Прилага се за пощенската кутия и директните псевдоними само, пренарежда запис в картата на транспорта за домейн.",
-    "mailbox_rename": "Преименуване на пощенска кутия",
-    "mailbox_rename_agree": "Създадох резервно копие.",
-    "mailbox_rename_alias": "Автоматично създаване на псевдоним",
-    "mailbox_rename_title": "Ново локално име на пощенска кутия",
-    "mailbox_rename_warning": "ВНИМАНИЕ! Създайте резервно копие преди преименуване на пощенската кутия.",
-    "max_aliases": "Макс. псевдоними",
-    "max_mailboxes": "Макс. възможни пощенски кутии",
-    "max_quota": "Макс. квота за пощенска кутия (MiB)",
-    "maxage": "Максимална възраст на съобщенията в дни, които ще бъдат проверени от отдалечен<br><small>(0 = игнорирай възраст)</small>",
-    "maxbytespersecond": "Макс. байтове за секунда <br><small>(0 = неограничен)</small>",
-    "mbox_rl_info": "Това ограничение на скоростта се прилага върху SASL името за вход, то съвпада с всеки \"от\" адрес, използван от влезлия потребител. Ограничението на скоростта на пощенска кутия пренарежда ограничението на скоростта за домейн.",
-    "mins_interval": "Интервал (мин)",
-    "multiple_bookings": "Множествени резервации",
-    "nexthop": "Следващ хоп",
-    "none_inherit": "Без / Наследяване",
-    "password": "Парола",
-    "password_recovery_email": "Имейл за възстановяване на парола",
-    "password_repeat": "Потвърждаване на паролата (повторете)",
-    "previous": "Предишна страница",
-    "private_comment": "Частен коментар",
-    "public_comment": "Публичен коментар",
-    "pushover": "Pushover",
-    "pushover_evaluate_x_prio": "Ескалиране на високоприоритетни съобщения [<code>X-Priority: 1</code>]",
-    "pushover_info": "Настройките за известия на Pushover ще се прилагат за всички чисти (не-спам) съобщения, доставени до <b>%s</b>, включително псевдоними (споделени, несподелени, таговани).",
-    "pushover_only_x_prio": "Разглеждане само на високоприоритетни съобщения [<code>X-Priority: 1</code>]",
-    "pushover_sender_array": "Разглеждане само на следните адреси на изпращач <small>(разделени с запетая)</small>",
-    "pushover_sender_regex": "Разглеждане на следния regex на изпращач",
-    "pushover_sound": "Звук",
-    "pushover_text": "Текст на известието",
-    "pushover_title": "Заглавие на известието",
-    "pushover_vars": "Когато не е зададен филтър на изпращач, всички съобщения ще бъдат разглеждани.<br>Филтрите с регулярен израз, както и точните проверки на изпращач, могат да бъдат дефинирани индивидуално и ще бъдат разглеждани последователно. Те не зависят един от друг.<br>Използвайте следните променливи за текст и заглавие (моля, вземете предвид политиките за поверителност на данните)",
-    "pushover_verify": "Проверка на удостоверения",
-    "quota_mb": "Квота (MiB)",
-    "quota_warning_bcc": "Предупреждения за квота ще бъдат изпращани като отделни копия до следните получатели:",
-    "quota_warning_bcc_info": "Съобщенията ще бъдат изпратени с тема, допълнена с името на потребителя в скоби, например: <code>Предупреждение за квота (user@example.com)</code>.",
-    "ratelimit": "Ограничение на скоростта",
-    "redirect_uri": "URI за пренасочване/обратно извикване",
-    "relay_all": "Реле на всички получатели",
-    "relay_all_info": "↪ Ако изберете да <b>не</b> релеирате всички получатели, ще трябва да добавите (\"скрита\") пощенска кутия за всеки отделен получател, който трябва да бъде релеиран.",
-    "relay_domain": "Реле на този домейн",
-    "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Инфо</div> Можете да дефинирате транспортни карти за персонализирана дестинация за този домейн. Ако не е зададено, ще бъде направен MX lookup.",
-    "relay_unknown_only": "Реле на несъществуващи пощенски кутии. Съществуващите пощенски кутии ще бъдат доставени локално.",
-    "relayhost": "Транспорти, зависими от изпращач",
-    "remove": "Премахване",
-    "resource": "Ресурс",
-    "save": "Запазване на промените",
-    "scope": "Обхват",
-    "sender_acl": "Разрешаване на изпращане като",
-    "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">Проверката на изпращач е деактивирана</span>",
-    "sender_acl_info": "Ако потребителят на пощенска кутия A е разрешен да изпраща като потребителя на пощенска кутия B, адресът на изпращач не се показва автоматично като избираем \"от\" поле в SOGo.<br>\r\n  Потребителят на пощенска кутия B трябва да създаде делегация в SOGo, за да разреши на потребителя на пощенска кутия A да избира техния адрес като изпращач. За да делегирате пощенска кутия в SOGo, използвайте менюто (три точки) вдясно от името на пощенската кутия в горния ляв ъгъл, докато сте в режим на поща. Това поведение не се прилага за адреси на псевдоними.",
-    "sieve_desc": "Кратко описание",
-    "sieve_type": "Тип на филтър",
-    "skipcrossduplicates": "Пропускане на дублирани съобщения между папки (първи дошъл, първи обслужен)",
-    "sogo_access": "Директно препращане към SOGo",
-    "sogo_access_info": "След влизане, потребителят се пренасочва автоматично към SOGo.",
-    "sogo_visible": "Псевдонимът е видим в SOGo",
-    "sogo_visible_info": "Тази опция засяга само обекти, които могат да бъдат показани в SOGo (споделени или несподелени адреси на псевдоними, сочещи поне една локална пощенска кутия). Ако е скрит, псевдонимът няма да се появи като избираем адрес на изпращач в SOGo.",
-    "spam_alias": "Създаване или промяна на временни псевдоними",
-    "spam_filter": "Филтър за спам",
-    "spam_policy": "Добавяне или премахване на елементи към черния/бял списък",
-    "spam_score": "Задаване на персонализиран резултат за спам",
-    "subfolder2": "Синхронизиране в подпапка в дестинацията<br><small>(празно = не използвай подпапка)</small>",
-    "syncjob": "Редактиране на синхронизираща задача",
-    "target_address": "Адрес/и за пренасочване <small>(разделени с запетая)</small>",
-    "target_domain": "Целеви домейн",
-    "timeout1": "Таймаут за връзка с отдалечен хост",
-    "timeout2": "Таймаут за връзка с локален хост",
-    "title": "Редактиране на обект",
-    "unchanged_if_empty": "Ако не е променено, оставете празно",
-    "username": "Потребителско име",
-    "validate_save": "Валидиране и запазване"
-  },
-  "fido2": {
-    "confirm": "Потвърждаване",
-    "fido2_auth": "Вход с FIDO2",
-    "fido2_success": "Устройството е регистрирано успешно",
-    "fido2_validation_failed": "Проверката е неуспешна",
-    "fn": "Приятелско име",
-    "known_ids": "Известни идентификатори",
-    "none": "Деактивирано",
-    "register_status": "Състояние на регистрация",
-    "rename": "Преименуване",
-    "set_fido2": "Регистриране на FIDO2 устройство",
-    "set_fido2_touchid": "Регистриране на Touch ID на Apple M1",
-    "set_fn": "Задаване на приятелско име",
-    "start_fido2_validation": "Стартиране на проверка на FIDO2"
-  },
-  "footer": {
-    "cancel": "Отказ",
-    "confirm_delete": "Потвърждаване на изтриването",
-    "delete_now": "Изтриване сега",
-    "delete_these_items": "Моля, потвърдете промените за следния идентификатор на обект",
-    "hibp_check": "Проверка срещу haveibeenpwned.com",
-    "hibp_nok": "Съвпадение! Това е потенциално опасна парола!",
-    "hibp_ok": "Няма съвпадение.",
-    "loading": "Моля, изчакайте...",
-    "nothing_selected": "Няма избрани елементи",
-    "restart_container": "Рестартиране на контейнер",
-    "restart_container_info": "<b>Важно:</b> Грациозното рестартиране може да отнеме известно време за завършване, моля, изчакайте да приключи.",
-    "restart_now": "Рестартиране сега",
-    "restarting_container": "Рестартиране на контейнера, това може да отнеме известно време"
-  },
-  "header": {
-    "administration": "Конфигурация & Детайли",
-    "apps": "Приложения",
-    "debug": "Информация",
-    "email": "Имейл",
-    "mailcow_system": "Система",
-    "mailcow_config": "Конфигурация",
-    "quarantine": "Карантина",
-    "restart_netfilter": "Рестартиране на netfilter",
-    "restart_sogo": "Рестартиране на SOGo",
-    "user_settings": "Настройки на потребителя"
-  },
-  "info": {
-    "awaiting_tfa_confirmation": "Изчакване на потвърждение за TFA",
-    "no_action": "Няма приложимо действие",
-    "session_expires": "Вашата сесия ще изтече след около 15 секунди"
-  },
-  "login": {
-    "back_to_mailcow": "Обратно към mailcow",
-    "delayed": "Входът е забавен с %s секунди.",
-    "fido2_webauthn": "Вход с FIDO2/WebAuthn",
-    "forgot_password": "> Забравена парола?",
-    "invalid_pass_reset_token": "Токенът за нулиране на парола е невалиден или е изтекъл.<br>Моля, заявете нов линк за нулиране на парола.",
-    "login": "Вход",
-    "login_admin": "Вход на администратор",
-    "login_dadmin": "Вход на администратор на домейн",
-    "login_user": "Потребителски вход",
-    "mobileconfig_info": "Моля, влезте като потребител на пощенска кутия, за да изтеглите поискания Apple профил за връзка.",
-    "new_password": "Нова парола",
-    "new_password_confirm": "Потвърждаване на новата парола",
-    "other_logins": "или вход с",
-    "password": "Парола",
-    "request_reset_password": "Заявка за промяна на парола",
-    "reset_password": "Нулиране на парола",
-    "username": "Потребителско име"
-  },
-  "mailbox": {
-    "action": "Действие",
-    "activate": "Активиране",
-    "active": "Активен",
-    "add": "Добавяне",
-    "add_alias": "Добавяне на псевдоним",
-    "add_alias_expand": "Разширяване на псевдоним над домейни на псевдоними",
-    "add_bcc_entry": "Добавяне на запис в картата BCC",
-    "add_domain": "Добавяне на домейн",
-    "add_domain_alias": "Добавяне на псевдоним на домейн",
-    "add_domain_record_first": "Моля, добавете първо домейн",
-    "add_filter": "Добавяне на филтър",
-    "add_mailbox": "Добавяне на пощенска кутия",
-    "add_recipient_map_entry": "Добавяне на запис в картата на получатели",
-    "add_resource": "Добавяне на ресурс",
-    "add_template": "Добавяне на шаблон",
-    "add_tls_policy_map": "Добавяне на карта на политиката на TLS",
-    "address_rewriting": "Презаписване на адрес",
-    "alias": "Псевдоним",
-    "alias_domain_alias_hint": "Псевдонимите <b>не</b> се прилагат автоматично към домейни на псевдоними. Псевдонимът <code>my-alias@domain</code> <b>не</b> покрива адреса <code>my-alias@alias-domain</code> (където \"alias-domain\" е имагинерен псевдоним на домейн).<br>Моля, използвайте филтър на Sieve, за да пренасочите имейл към външна пощенска кутия (вижте раздела \"Филтри\" или SOGo -> Пренасочвач). Използвайте \"Разширяване на псевдоним над домейни на псевдоними\", за да добавите автоматично липсващи псевдоними.",
-    "alias_domain_backupmx": "Псевдонимът на домейн е неактивен за домейн за реле",
-    "aliases": "Псевдоними",
-    "all_domains": "Всички домейни",
-    "allow_from_smtp": "Разрешаване само на тези IP адреси да използват <b>SMTP</b>",
-    "allow_from_smtp_info": "Оставете празно, за да разрешите всички изпращачи.<br>IPv4/IPv6 адреси и мрежи.",
-    "allowed_protocols": "Разрешени протоколи",
-    "backup_mx": "Домейн за реле",
-    "bcc": "BCC",
-    "bcc_destination": "BCC дестинация",
-    "bcc_destinations": "BCC дестинации",
-    "bcc_info": "Картите BCC се използват, за да препращат тихо копия от всички съобщения до друг адрес. Записът от тип получател на карта се използва, когато локалната дестинация действа като получател на имейл. Записът от тип изпращач на карта се използва, когато локалната дестинация действа като изпращач на имейл. Локалната дестинация няма да бъде информирана за неуспешна доставка.",
-    "bcc_local_dest": "Локална дестинация",
-    "bcc_map": "Карта BCC",
-    "bcc_map_type": "Тип BCC",
-    "bcc_maps": "Карти BCC",
-    "bcc_rcpt_map": "Карта на получател",
-    "bcc_sender_map": "Карта на изпращач",
-    "bcc_to_rcpt": "Превключване към карта на получател",
-    "bcc_to_sender": "Превключване към карта на изпращач",
-    "bcc_type": "Тип BCC",
-    "booking_null": "Винаги показване като свободен",
-    "booking_0_short": "Винаги свободен",
-    "booking_custom": "Твърдо ограничение до определен брой резервации",
-    "booking_custom_short": "Твърдо ограничение",
-    "booking_ltnull": "Неограничено, но показване като заето, когато е резервирано",
-    "booking_lt0_short": "Меко ограничение",
-    "catch_all": "Catch-All",
-    "created_on": "Създаден на",
-    "daily": "Ежедневно",
-    "deactivate": "Деактивиране",
-    "description": "Описание",
-    "disable_login": "Забраняване на вход (входящите съобщения все още се приемат)",
-    "disable_x": "Деактивиране",
-    "dkim_domains_selector": "Селектор",
-    "dkim_key_length": "Дължина на DKIM ключа (битове)",
-    "domain": "Домейн",
-    "domain_admins": "Администратори на домейн",
-    "domain_aliases": "Псевдоними на домейн",
-    "domain_templates": "Шаблони за домейн",
-    "domain_quota": "Квота",
-    "domain_quota_total": "Обща квота на домейна",
-    "domains": "Домейни",
-    "edit": "Редактиране",
-    "empty": "Няма резултати",
-    "enable_x": "Активиране",
-    "excludes": "Изключване",
-    "filter_table": "Таблица с филтри",
-    "filters": "Филтри",
-    "fname": "Пълно име",
-    "force_pw_update": "Принудително обновяване на парола при следващия вход",
-    "gal": "Глобален адресен списък",
-    "goto_ham": "Учен като <span class=\"text-success\"><b>не е спам</b></span>",
-    "goto_spam": "Учен като <span class=\"text-danger\"><b>спам</b></span>",
-    "hourly": "Часово",
-    "iam": "Доставчик на идентичност",
-    "in_use": "В употреба (%)",
-    "inactive": "Неактивен",
-    "insert_preset": "Вмъкване на примерен предефиниран набор \"%s\"",
-    "kind": "Вид",
-    "last_mail_login": "Последен вход в пощата",
-    "last_modified": "Последно модифициране",
-    "last_pw_change": "Последна промяна на парола",
-    "last_run": "Последно изпълнение",
-    "last_run_reset": "Задаване на следващо",
-    "mailbox": "Пощенска кутия",
-    "mailbox_defaults": "Настройки по подразбиране",
-    "mailbox_defaults_info": "Дефинирайте настройки по подразбиране за нови пощенски кутии.",
-    "mailbox_defquota": "Размер по подразбиране на пощенска кутия",
-    "mailbox_templates": "Шаблони за пощенска кутия",
-    "mailbox_quota": "Макс. размер на пощенска кутия",
-    "mailboxes": "Пощенски кутии",
-    "max_aliases": "Макс. псевдоними",
-    "max_mailboxes": "Макс. възможни пощенски кутии",
-    "max_quota": "Макс. квота за пощенска кутия",
-    "mins_interval": "Интервал (мин)",
-    "msg_num": "Съобщение №",
-    "multiple_bookings": "Множествени резервации",
-    "never": "Никога",
-    "no": "&#10005;",
-    "no_record": "Няма запис за обект %s",
-    "no_record_single": "Няма запис",
-    "open_logs": "Отваряне на логове",
-    "owner": "Собственик",
-    "private_comment": "Частен коментар",
-    "public_comment": "Публичен коментар",
-    "q_add_header": "при преместване в папката за нежелана поща",
-    "q_all": " при преместване в папката за нежелана поща и при отхвърляне",
-    "q_reject": "при отхвърляне",
-    "quarantine_category": "Категория на уведомленията за карантина",
-    "quarantine_notification": "Уведомления за карантина",
-    "quick_actions": "Действия",
-    "recipient": "Получател",
-    "recipient_map": "Карта на получател",
-    "recipient_map_info": "Картите на получател се използват, за да се замени адресът на дестинация на съобщението, преди да бъде доставено.",
-    "recipient_map_new": "Нов получател",
-    "recipient_map_new_info": "Дестинацията на картата на получател трябва да бъде валиден имейл адрес или име на домейн.",
-    "recipient_map_old": "Оригинален получател",
-    "recipient_map_old_info": "Оригиналната дестинация на картата на получател трябва да бъде валиден имейл адрес или име на домейн.",
-    "recipient_maps": "Карти на получател",
-    "relay_all": "Реле на всички получатели",
-    "relay_unknown": "Реле на несъществуващи пощенски кутии",
-    "remove": "Премахване",
-    "resources": "Ресурси",
-    "running": "Изпълнява се",
-    "sender": "Изпращач",
-    "set_postfilter": "Маркиране като постфилтър",
-    "set_prefilter": "Маркиране като префилтър",
-    "sieve_info": "Можете да запазите множество филтри за всеки потребител, но само един префилтър и един постфилтър могат да бъдат активни едновременно.<br>\r\nВсеки филтър ще бъде обработен в описания ред. Нито един неуспешен скрипт, нито издадена команда \"keep;\" няма да спре обработката на следващите скриптове. Промените в глобалните филтри на sieve ще предизвикат рестартиране на Dovecot.<br><br>Глобален префилтър на sieve &#8226; Префилтър &#8226; Потребителски скриптове &#8226; Постфилтър &#8226; Глобален постфилтър на sieve",
-    "sieve_preset_1": "Изтриване на съобщения с потенциално опасни типове файлове",
-    "sieve_preset_2": "Винаги маркиране на имейла на определен изпращач като прочетен",
-    "sieve_preset_3": "Тихо изтриване, спиране на всякаква допълнителна обработка на sieve филтри",
-    "sieve_preset_4": "Архивиране на съобщението във ВХОДНА, пропускане на допълнителна обработка от sieve филтри",
-    "sieve_preset_5": "Автоотговор (ваканция)",
-    "sieve_preset_6": "Отхвърляне на съобщение с отговор",
-    "sieve_preset_7": "Пренасочване и запазване/изтриване",
-    "sieve_preset_8": "Пренасочване на имейл от определен изпращач, маркиране като прочетен и сортиране в подпапка",
-    "sieve_preset_header": "Моля, вижте примерните предефинирани набори по-долу. За повече детайли вижте <a href=\"https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)\" target=\"_blank\">Wikipedia</a>.",
-    "sogo_visible": "Псевдонимът е видим в SOGo",
-    "sogo_visible_n": "Скриване на псевдоним в SOGo",
-    "sogo_visible_y": "Показване на псевдоним в SOGo",
-    "spam_aliases": "Времеви псевдоними",
-    "stats": "Статистика",
-    "status": "Статус",
-    "sync_jobs": "Синхронизиращи задачи",
-    "syncjob_check_log": "Проверка на лога",
-    "syncjob_last_run_result": "Резултат от последното изпълнение",
-    "syncjob_EX_OK": "Успех",
-    "syncjob_EXIT_CONNECTION_FAILURE": "Проблем с връзката",
-    "syncjob_EXIT_TLS_FAILURE": "Проблем с криптираната връзка",
-    "syncjob_EXIT_AUTHENTICATION_FAILURE": "Проблем с удостоверяването",
-    "syncjob_EXIT_OVERQUOTA": "Целевата пощенска кутия е над квотата",
-    "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Не може да се свърже с отдалечен сървър",
-    "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Грешно потребителско име или парола",
-    "table_size": "Размер на таблицата",
-    "table_size_show_n": "Показване на %s елемента",
-    "target_address": "Адрес за пренасочване",
-    "target_domain": "Целеви домейн",
-    "templates": "Шаблони",
-    "template": "Шаблон",
-    "tls_enforce_in": "Принудително използване на TLS за входящи",
-    "tls_enforce_out": "Принудително използване на TLS за изходящи",
-    "tls_map_dest": "Дестинация",
-    "tls_map_dest_info": "Примери: example.org, .example.org, [mail.example.org]:25",
-    "tls_map_parameters": "Параметри",
-    "tls_map_parameters_info": "Празно или параметри, например: protocols=!SSLv2 ciphers=medium exclude=3DES",
-    "tls_map_policy": "Политика",
-    "tls_policy_maps": "Пренареждания на политиката на TLS",
-    "tls_policy_maps_enforced_tls": "Тези политики ще пренареждат и поведението за потребители на пощенски кутии, които принудително използват изходящи TLS връзки. Ако няма политика, съществуваща по-долу, тези потребители ще приложат стойностите по подразбиране, зададени като <code>smtp_tls_mandatory_protocols</code> и <code>smtp_tls_mandatory_ciphers</code>.",
-    "tls_policy_maps_info": "Тази политика за пренареждане на TLS транспортни правила е независима от настройките за политика на TLS на потребителя.<br>\r\n  Моля, вижте <a href=\"http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps\" target=\"_blank\">документацията за \"smtp_tls_policy_maps\"</a> за повече информация.",
-    "tls_policy_maps_long": "Пренареждания на политиката на TLS за изходящи",
-    "toggle_all": "Превключване на всички",
-    "username": "Потребителско име",
-    "waiting": "Изчакване",
-    "weekly": "Седмично",
-    "yes": "&#10003;"
-  },
-  "oauth2": {
-    "access_denied": "Моля, влезте като собственик на пощенска кутия, за да удостоверите чрез OAuth2.",
-    "authorize_app": "Удостоверяване на приложение",
-    "deny": "Отказ",
-    "permit": "Удостоверяване на приложение",
-    "profile": "Профил",
-    "profile_desc": "Преглед на лични данни: потребителско име, пълно име, създадено, модифицирано, активно",
-    "scope_ask_permission": "Приложението заявява следните разрешения",
-    "client_id": "Идентификатор на клиента",
-    "client_secret": "Тайна на клиента",
-    "redirect_uri": "URI за пренасочване",
-    "renew_secret": "Генериране на нова тайна на клиента",
-    "revoke_tokens": "Анулиране на всички токени на клиента"
-  },
-  "quarantine": {
-    "action": "Действие",
-    "atts": "Прикачени файлове",
-    "check_hash": "Търсене на файлов хеш в VirusTotal",
-    "confirm": "Потвърждаване",
-    "confirm_delete": "Потвърждаване на изтриването на този елемент.",
-    "danger": "Опасност",
-    "deliver_inbox": "Доставяне в пощенската кутия",
-    "disabled_by_config": "Текущата системна конфигурация деактивира функционалността на карантината. Моля, задайте \"задържания за пощенска кутия\" и \"максимален размер\" за елементите на карантината.",
-    "download_eml": "Изтегляне (.eml)",
-    "empty": "Няма резултати",
-    "high_danger": "Висока",
-    "info": "Информация",
-    "junk_folder": "Папка за нежелана поща",
-    "learn_spam_delete": "Учен като спам и изтриване",
-    "low_danger": "Ниска",
-    "medium_danger": "Средна",
-    "neutral_danger": "Неутрална",
-    "notified": "Уведомен",
-    "qhandler_success": "Заявката е изпратена успешно до системата. Можете да затворите прозореца сега.",
-    "qid": "QID на Rspamd",
-    "qinfo": "Системата за карантина ще запази отхвърлените съобщения в базата данни (изпращачът няма да бъде информиран за доставеното съобщение) както и съобщенията, доставени като копие в папката за нежелана поща на пощенска кутия.<br> <br>\"Учен като спам и изтриване\" ще научи съобщението като спам чрез теоремата на Бейс и също ще изчисли размити хешове, за да отхвърли подобни съобщения в бъдеще.<br> <br>Моля, имайте предвид, че обучаването на множество съобщения може да бъде - в зависимост от вашата система - времеемко.<br>Елементите в черния списък са изключени от карантината.",
-    "qitem": "Елемент в карантина",
-    "quarantine": "Карантина",
-    "quick_actions": "Действия",
-    "quick_delete_link": "Отваряне на бърз линк за изтриване",
-    "quick_info_link": "Отваряне на бърз информационен линк",
-    "quick_release_link": "Отваряне на бърз линк за освобождане",
-    "rcpt": "Получател",
-    "received": "Получено",
-    "recipients": "Получатели",
-    "refresh": "Опресняване",
-    "rejected": "Отхвърлено",
-    "release": "Освобождане",
-    "release_body": "Прикаченото съобщение е добавено към това съобщение.",
-    "release_subject": "Потенциално вреден елемент в карантина %s",
-    "remove": "Премахване",
-    "rewrite_subject": "Презаписване на темата",
-    "rspamd_result": "Резултат от Rspamd",
-    "sender": "Изпращач (SMTP)",
-    "sender_header": "Изпращач (\"From\" заглавие)",
-    "settings_info": "Максимален брой елементи за карантиниране: %s<br>Максимален размер на имейл: %s MiB",
-    "show_item": "Показване на елемент",
-    "spam": "Спам",
-    "spam_score": "Резултат",
-    "subj": "Тема",
-    "table_size": "Размер на таблицата",
-    "table_size_show_n": "Показване на %s елемента",
-    "text_from_html_content": "Съдържание (конвертиран HTML)",
-    "text_plain_content": "Съдържание (обикновен текст)",
-    "toggle_all": "Превключване на всички",
-    "type": "Тип"
-  },
-  "queue": {
-    "delete": "Изтриване на всички",
-    "flush": "Изчистване на опашката",
-    "info": "Опашката на имейлите съдържа всички имейли, които чакат за доставка. Ако имейлът е засечен в опашката за дълго време, той автоматично се изтрива от системата.<br>Съобщението за грешка на съответния имейл дава информация защо имейлът не може да бъде доставен.",
-    "legend": "Функции на действията в опашката на имейлите:",
-    "ays": "Моля, потвърдете, че искате да изтриете всички елементи от текущата опашка.",
-    "deliver_mail": "Доставяне",
-    "deliver_mail_legend": "Опит за повторно доставяне на избраните съобщения.",
-    "hold_mail": "Задържане",
-    "hold_mail_legend": "Задържа избраните съобщения. (Предотвратява допълнителни опити за доставяне)",
-    "queue_manager": "Мениджър на опашката",
-    "show_message": "Показване на съобщение",
-    "unban": "разблокиране на опашката",
-    "unhold_mail": "Освобождаване",
-    "unhold_mail_legend": "Освобождава избраните съобщения за доставка. (Изисква предварително задържане)"
-  },
-  "ratelimit": {
-    "disabled": "Деактивирано",
-    "second": "съобщения/секунда",
-    "minute": "съобщения/минута",
-    "hour": "съобщения/час",
-    "day": "съобщения/ден"
-  },
-  "start": {
-    "help": "Показване/Скриване на панела за помощ",
-    "imap_smtp_server_auth_info": "Моля, използвайте пълния си имейл адрес и механизма за удостоверяване PLAIN.<br>\r\nВашите данни за вход ще бъдат криптирани от сървърната страна чрез задължително сървърно криптиране."
-  },
-  "success": {
-    "acl_saved": "ACL за обект %s е запазен",
-    "admin_added": "Администраторът %s е добавен",
-    "admin_api_modified": "Промените в API са запазени",
-    "admin_modified": "Промените в администратора са запазени",
-    "admin_removed": "Администраторът %s е премахнат",
-    "alias_added": "Адресът на псевдонима %s (%d) е добавен",
-    "alias_domain_removed": "Домейнът на псевдонима %s е премахнат",
-    "alias_modified": "Промените в адреса на псевдонима %s са запазени",
-    "alias_removed": "Псевдонимът %s е премахнат",
-    "aliasd_added": "Добавен домейн на псевдоним %s",
-    "aliasd_modified": "Промените в домейна на псевдоним %s са запазени",
-    "app_links": "Запазени промени в линковете на приложенията",
-    "app_passwd_added": "Добавена нова парола за приложение",
-    "app_passwd_removed": "Премахната парола за приложение с ID %s",
-    "bcc_deleted": "Записи в картата BCC са изтрити: %s",
-    "bcc_edited": "Записът в картата BCC %s е редактиран",
-    "bcc_saved": "Записът в картата BCC е запазен",
-    "cors_headers_edited": "Настройките на CORS са запазени",
-    "db_init_complete": "Инициализацията на базата данни е завършена",
-    "delete_filter": "Изтрити филтри с ID %s",
-    "delete_filters": "Изтрити филтри: %s",
-    "deleted_syncjob": "Изтрита синхронизираща задача с ID %s",
-    "deleted_syncjobs": "Изтрити синхронизиращи задачи: %s",
-    "dkim_added": "Добавен DKIM ключ %s",
-    "dkim_duplicated": "DKIM ключът за домейн %s е копиран в %s",
-    "dkim_removed": "DKIM ключът %s е премахнат",
-    "domain_add_dkim_available": "DKIM ключът вече съществува",
-    "domain_added": "Добавен домейн %s",
-    "domain_admin_added": "Добавен администратор на домейн %s",
-    "domain_admin_modified": "Промените в администратора на домейн %s са запазени",
-    "domain_admin_removed": "Администраторът на домейн %s е премахнат",
-    "domain_footer_modified": "Промените в подвала на домейн %s са запазени",
-    "domain_modified": "Промените в домейн %s са запазени",
-    "domain_removed": "Домейнът %s е премахнат",
-    "dovecot_restart_success": "Dovecot е рестартиран успешно",
-    "eas_reset": "Устройствата с ActiveSync за потребителя %s са нулирани",
-    "f2b_banlist_refreshed": "Списъкът с ID на блокираните е актуализиран успешно.",
-    "f2b_modified": "Промените в параметрите на Fail2ban са запазени",
-    "forwarding_host_added": "Добавен хост за препращане %s",
-    "forwarding_host_removed": "Премахнат хост за препращане %s",
-    "global_filter_written": "Филтърът е записан успешно във файл",
-    "hash_deleted": "Хешът е изтрит",
-    "iam_test_connection": "Връзката е успешна",
-    "ip_check_opt_in": "Оптирането за използване на услугата на трета страна е запазено успешно",
-    "ip_check_opt_in_modified": "Проверката на IP беше успешно запазена",
-    "item_deleted": "Елементът %s е изтрит успешно",
-    "item_released": "Елементът %s е освободен",
-    "items_deleted": "Елементът %s е изтрит успешно",
-    "items_released": "Избраните елементи са освободени",
-    "learned_ham": "Успешно научен ID %s като не е спам",
-    "license_modified": "Промените в лиценза са запазени",
-    "logged_in_as": "Вписан като %s",
-    "mailbox_added": "Пощенската кутия %s е добавена",
-    "mailbox_modified": "Промените в пощенската кутия %s са запазени",
-    "mailbox_removed": "Пощенската кутия %s е премахната",
-    "mailbox_renamed": "Пощенската кутия е преименувана от %s на %s",
-    "nginx_reloaded": "Nginx е презареден",
-    "object_modified": "Промените в обект %s са запазени",
-    "password_changed_success": "Паролата е променена успешно",
-    "password_policy_saved": "Политиката за парола е запазена успешно",
-    "pushover_settings_edited": "Настройките на Pushover са запазени успешно, моля, проверете удостоверенията.",
-    "qlearn_spam": "Съобщението с ID %s е научено като спам и изтрито",
-    "queue_command_success": "Командата на опашката е завършена успешно",
-    "recipient_map_entry_deleted": "Записът в картата на получател с ID %s е изтрит",
-    "recipient_map_entry_saved": "Записът в картата на получател \"%s\" е запазен",
-    "recovery_email_sent": "Изпратен имейл за възстановяване до %s",
-    "relayhost_added": "Записът в картата %s е добавен",
-    "relayhost_removed": "Записът в картата %s е премахнат",
-    "reset_main_logo": "Нулиране на логото по подразбиране",
-    "resource_added": "Ресурсът %s е добавен",
-    "resource_modified": "Промените в пощенската кутия %s са запазени",
-    "resource_removed": "Ресурсът %s е премахнат",
-    "rl_saved": "Ограничението на скоростта за обект %s е запазено",
-    "rspamd_ui_pw_set": "Паролата на UI на Rspamd е зададена успешно",
-    "saved_settings": "Запазени настройки",
-    "settings_map_added": "Добавен запис в картата с настройки",
-    "settings_map_removed": "Премахнат запис в картата с настройки с ID %s",
-    "sogo_profile_reset": "Профилът на SOGo за потребителя %s е нулиран",
-    "template_added": "Добавен шаблон %s",
-    "template_modified": "Промените в шаблон %s са запазени",
-    "template_removed": "Шаблонът с ID %s е премахнат",
-    "tls_policy_map_entry_deleted": "Записът в картата на политиката на TLS с ID %s е изтрит",
-    "tls_policy_map_entry_saved": "Записът в картата на политиката на TLS \"%s\" е запазен",
-    "ui_texts": "Запазени промени в текстовете на UI",
-    "upload_success": "Файлът е качен успешно",
-    "verified_fido2_login": "Потвърдено вход с FIDO2",
-    "verified_totp_login": "Потвърдено вход с TOTP",
-    "verified_webauthn_login": "Потвърдено вход с WebAuthn",
-    "verified_yotp_login": "Потвърдено вход с Yubico OTP"
-  },
-  "tfa": {
-    "authenticators": "Аутентикатори",
-    "api_register": "%s използва облачното API на Yubico. Моля, вземете API ключ за вашия ключ <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">тук</a>",
-    "confirm": "Потвърждаване",
-    "confirm_totp_token": "Моля, потвърдете промените, като въведете генерирания токен",
-    "delete_tfa": "Деактивиране на TFA",
-    "disable_tfa": "Деактивиране на TFA до следващия успешен вход",
-    "enter_qr_code": "Вашият TOTP код, ако вашето устройство не може да сканира QR кодове",
-    "error_code": "Код на грешка",
-    "init_webauthn": "Инициализиране, моля, изчакайте...",
-    "key_id": "Идентификатор за вашето устройство",
-    "key_id_totp": "Идентификатор за вашия ключ",
-    "none": "Деактивиране",
-    "reload_retry": "- (презаредете браузъра, ако грешката продължи)",
-    "scan_qr_code": "Моля, сканирайте следния код с вашето приложение за аутентикация или въведете кода ръчно.",
-    "select": "Моля, изберете",
-    "set_tfa": "Задаване на метод за двуфакторно удостоверяване",
-    "start_webauthn_validation": "Стартиране на проверка",
-    "tfa": "Двуфакторно удостоверяване",
-    "tfa_token_invalid": "Невалиден токен за TFA",
-    "totp": "Временен OTP (Google Authenticator, Authy и др.)",
-    "u2f_deprecated": "Изглежда, че вашият ключ е регистриран с депрекирания метод U2F. Ще деактивираме двуфакторното удостоверяване за вас и ще изтрием вашия ключ.",
-    "u2f_deprecated_important": "Моля, регистрирайте вашия ключ в административния панел с новия метод WebAuthn.",
-    "webauthn": "Удостоверяване с WebAuthn",
-    "waiting_usb_auth": "<i>Изчакване на USB устройство...</i><br><br>Моля, докоснете бутона на вашето USB устройство сега.",
-    "waiting_usb_register": "<i>Изчакване на USB устройство...</i><br><br>Моля, въведете паролата си по-горе и потвърдете регистрацията си, като докоснете бутона на вашето USB устройство.",
-    "yubi_otp": "Удостоверяване с Yubico OTP"
-  },
-  "user": {
-    "action": "Действие",
-    "active": "Активен",
-    "active_sieve": "Активен филтър",
-    "advanced_settings": "Разширени настройки",
-    "alias": "Псевдоним",
-    "alias_create_random": "Генериране на случаен псевдоним",
-    "alias_extend_all": "Удължаване на всички псевдоними с 1 час",
-    "alias_full_date": "d.m.Y, H:i:s T",
-    "alias_remove_all": "Премахване на всички псевдоними",
-    "alias_select_validity": "Период на валидност",
-    "alias_time_left": "Оставащо време",
-    "alias_valid_until": "Валиден до",
-    "aliases_also_send_as": "Разрешено да изпраща и като потребител",
-    "aliases_send_as_all": "Не проверявай достъпа на изпращач за следните домейни и техните псевдоними",
-    "allowed_protocols": "Разрешени протоколи",
-    "app_hint": "Паролите за приложения са алтернативни пароли за вашия IMAP, SMTP, CalDAV, CardDAV и EAS вход. Потребителското име остава непроменено. SOGo уеб пощата не е достъпна чрез пароли за приложения.",
-    "app_name": "Име на приложението",
-    "app_passwds": "Пароли за приложения",
-    "apple_connection_profile": "Профил за връзка на Apple",
-    "apple_connection_profile_complete": "Този профил за връзка включва настройки за IMAP и SMTP, както и пътища за CalDAV (календари) и CardDAV (контакти) за устройство на Apple.",
-    "apple_connection_profile_mailonly": "Този профил за връзка включва настройки за IMAP и SMTP за устройство на Apple.",
-    "apple_connection_profile_with_app_password": "Генерирана е нова парола за приложение и е добавена към профила, така че не е необходимо да се въвежда парола при настройката на вашето устройство. Моля, не споделяйте файла, тъй като той предоставя пълен достъп до вашата пощенска кутия.",
-    "attribute": "Атрибут",
-    "authentication": "Удостоверяване",
-    "change_password": "Промяна на парола",
-    "change_password_hint_app_passwords": "Вашият акаунт има %d пароли за приложения, които няма да бъдат променени. За управление на тях, отидете в раздела \"Пароли за приложения\".",
-    "clear_recent_successful_connections": "Изчистване на видимите успешни връзки",
-    "client_configuration": "Показване на ръководства за настройка на пощенски клиенти и смартфони",
-    "create_app_passwd": "Създаване на парола за приложение",
-    "create_syncjob": "Създаване на нова синхронизираща задача",
-    "created_on": "Създаден на",
-    "daily": "Ежедневно",
-    "day": "ден",
-    "delete_ays": "Моля, потвърдете процеса на изтриване.",
-    "description": "Описание",
-    "direct_aliases": "Директни адреси на псевдоними",
-    "direct_aliases_desc": "Директните адреси на псевдоними се засягат от настройките за филтър за спам и политика за TLS.",
-    "direct_protocol_access": "Този потребител на пощенска кутия има <b>директен, външен достъп</b> до следните протоколи и приложения. Тази настройка се контролира от вашия администратор. Паролите за приложения могат да бъдат създадени, за да се предостави достъп до отделни протоколи и приложения.<br>Бутонът \"Уеб поща\" предоставя еднократно удостоверяване към SOGo и винаги е достъпен.",
-    "eas_reset": "Нулиране на кеша на устройствата с ActiveSync",
-    "eas_reset_help": "В много случаи нулирането на кеша на устройството ще помогне за възстановяването на повреден профил на ActiveSync.<br><b>Внимание:</b> Всички елементи ще бъдат презаредени!",
-    "eas_reset_now": "Нулиране сега",
-    "edit": "Редактиране",
-    "email": "Имейл",
-    "email_and_dav": "Имейл, календари и контакти",
-    "empty": "Няма резултати",
-    "encryption": "Криптиране",
-    "excludes": "Изключване",
-    "expire_in": "Изтича след",
-    "fido2_webauthn": "FIDO2/WebAuthn",
-    "force_pw_update": "Трябва да зададете нова парола, за да имате достъп до груповите услуги.",
-    "from": "от",
-    "generate": "генериране",
-    "hour": "час",
-    "hourly": "Часово",
-    "hours": "часа",
-    "in_use": "В употреба",
-    "interval": "Интервал",
-    "is_catch_all": "Catch-all за домейн/и",
-    "last_mail_login": "Последен вход в пощата",
-    "last_pw_change": "Последна промяна на парола",
-    "last_run": "Последно изпълнение",
-    "last_ui_login": "Последен вход в UI",
-    "loading": "Зареждане...",
-    "login_history": "История на входовете",
-    "mailbox": "Пощенска кутия",
-    "mailbox_details": "Детайли",
-    "mailbox_general": "Общи",
-    "mailbox_settings": "Настройки",
-    "messages": "съобщения",
-    "month": "месец",
-    "months": "месеца",
-    "never": "Никога",
-    "new_password": "Нова парола",
-    "new_password_repeat": "Потвърждаване на новата парола",
-    "no_active_filter": "Няма активен филтър",
-    "no_last_login": "Няма информация за последен вход в UI",
-    "no_record": "Няма запис",
-    "open_logs": "Отваряне на логове",
-    "open_webmail_sso": "Уеб поща",
-    "overview": "Преглед",
-    "password": "Парола",
-    "password_now": "Текуща парола (потвърждаване на промените)",
-    "password_repeat": "Парола (повторете)",
-    "password_reset_info": "Ако не е зададен имейл за възстановяване на парола, тази функция не може да бъде използвана.",
-    "protocols": "Протоколи",
-    "pushover_evaluate_x_prio": "Ескалиране на високоприоритетни съобщения [<code>X-Priority: 1</code>]",
-    "pushover_info": "Настройките за известия на Pushover ще се прилагат за всички чисти (не-спам) съобщения, доставени до <b>%s</b>, включително псевдоними (споделени, несподелени, таговани).",
-    "pushover_only_x_prio": "Разглеждане само на високоприоритетни съобщения [<code>X-Priority: 1</code>]",
-    "pushover_sender_array": "Разглеждане на следните адреси на изпращач <small>(разделени с запетая)</small>",
-    "pushover_sender_regex": "Съвпадение на изпращач с следния regex",
-    "pushover_sound": "Звук",
-    "pushover_text": "Текст на известието",
-    "pushover_title": "Заглавие на известието",
-    "pushover_vars": "Когато не е зададен филтър на изпращач, всички съобщения ще бъдат разглеждани.<br>Филтрите с регулярен израз, както и точните проверки на изпращач, могат да бъдат дефинирани индивидуално и ще бъдат разглеждани последователно. Те не зависят един от друг.<br>Използвайте следните променливи за текст и заглавие (моля, вземете предвид политиките за поверителност на данните)",
-    "pushover_verify": "Проверка на удостоверения",
-    "pw_recovery_email": "Имейл за възстановяване на парола",
-    "q_add_header": "Папка за нежелана поща",
-    "q_all": "Всички категории",
-    "q_reject": "Отхвърлени",
-    "quarantine_category": "Категория на уведомленията за карантина",
-    "quarantine_category_info": "Категорията \"Отхвърлени\" включва съобщения, които са били отхвърлени, докато категорията \"Папка за нежелана поща\" ще уведоми потребителя за съобщения, които са били поставени в папката за нежелана поща.",
-    "quarantine_notification": "Уведомления за карантина",
-    "quarantine_notification_info": "След като уведомлението е изпратено, елементите ще бъдат маркирани като \"уведомени\" и няма да бъдат изпращани допълнителни уведомления за този конкретен елемент.",
-    "recent_successful_connections": "Видими успешни връзки",
-    "remove": "Премахване",
-    "running": "Изпълнява се",
-    "save": "Запазване на промените",
-    "save_changes": "Запазване на промените",
-    "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">Проверката на изпращач е деактивирана</span>",
-    "shared_aliases": "Споделени адреси на псевдоними",
-    "shared_aliases_desc": "Споделените псевдоними не се засягат от настройките за филтър за спам и политика за TLS на потребителя. Съответните настройки за спам филтър могат да бъдат направени само от администратор като настройка за домейн.",
-    "show_sieve_filters": "Показване на активния потребителски филтър на sieve",
-    "sogo_profile_reset": "Нулиране на профила на SOGo",
-    "sogo_profile_reset_help": "Това ще унищожи профила на SOGo и <b>ще изтрие всички данни за контакти и календар безвъзвратно</b>.",
-    "sogo_profile_reset_now": "Нулиране сега",
-    "spam_aliases": "Временни адреси на псевдоними",
-    "spam_score_reset": "Нулиране до настройките на сървъра по подразбиране",
-    "spamfilter": "Филтър за спам",
-    "spamfilter_behavior": "Рейтинг",
-    "spamfilter_bl": "Черен списък",
-    "spamfilter_bl_desc": "Адресите в черния списък <b>винаги</b> ще бъдат класифицирани като спам и отхвърлени. Отхвърлените съобщения <b>не</b> ще бъдат копирани в карантина. Поддържат се уайлдкардове.<br>Отхвърлените съобщения няма да бъдат доставени до папката за нежелана поща.",
-    "spamfilter_default_score": "Стойности по подразбиране",
-    "spamfilter_green": "Зелено: това съобщение не е спам",
-    "spamfilter_hint": "Първата стойност описва \"нисък резултат за спам\", втората представлява \"висок резултат за спам\".",
-    "spamfilter_red": "Червено: това съобщение е спам и ще бъде отхвърлено от сървъра",
-    "spamfilter_table_action": "Действие",
-    "spamfilter_table_add": "Добавяне на елемент",
-    "spamfilter_table_domain_policy": "политика на домейна",
-    "spamfilter_table_empty": "Няма данни за показване",
-    "spamfilter_table_remove": "премахване",
-    "spamfilter_table_rule": "Правило",
-    "spamfilter_wl": "Бял списък",
-    "spamfilter_wl_desc": "Адресите в белия списък <b>никога</b> ще бъдат класифицирани като спам. Поддържат се уайлдкардове.<br>Съобщенията, които не са класифицирани като спам, ще бъдат доставени в папката за нежелана поща, ако резултатът за спам е над стойността за висок резултат за спам.",
-    "spamfilter_yellow": "Жълто: това съобщение може да е спам, ще бъде маркирано като спам и преместено в папката за нежелана поща",
-    "status": "Статус",
-    "sync_jobs": "Синхронизиращи задачи",
-    "syncjob_EXIT_AUTHENTICATION_FAILURE": "Проблем с удостоверяването",
-    "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Грешно потребителско име или парола",
-    "syncjob_EXIT_CONNECTION_FAILURE": "Проблем с връзката",
-    "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Не може да се свърже с отдалечен сървър",
-    "syncjob_EXIT_OVERQUOTA": "Целевата пощенска кутия е над квотата",
-    "syncjob_EXIT_TLS_FAILURE": "Проблем с криптираната връзка",
-    "syncjob_EX_OK": "Успех",
-    "syncjob_check_log": "Проверка на лога",
-    "syncjob_last_run_result": "Резултат от последното изпълнение",
-    "tag_handling": "Настройка за тагове",
-    "tag_help_example": "Пример за тагован имейл адрес: me<b>+Facebook</b>@example.org",
-    "tag_help_explain": "В подпапка: ще бъде създадена нова подпапка под INBOX (\"INBOX/Facebook\").<br>\r\nВ тема: първото име на тага ще бъде добавено към темата на съобщението, например: \"[Facebook] Моите новини\".",
-    "tag_in_none": "Не прави нищо",
-    "tag_in_subfolder": "В подпапка",
-    "tag_in_subject": "В тема",
-    "text": "Текст",
-    "tfa_info": "Двуфакторното удостоверяване помага за защита на вашия акаунт. Ако го активирате, ще ви трябват пароли за приложения, за да влезете в приложения или услуги, които не поддържат двуфакторно удостоверяване (напр. пощенски клиенти).",
-    "title": "Заглавие",
-    "tls_enforce_in": "Принудително използване на TLS за входящи",
-    "tls_enforce_out": "Принудително използване на TLS за изходящи",
-    "tls_policy": "Политика за криптиране",
-    "tls_policy_warning": "<strong>Внимание:</strong> Ако решите да принудите преноса на криптирани съобщения, може да загубите съобщения.<br>Съобщенията, които не удовлетворяват политиката, ще бъдат върнати с твърдо отхвърляне от системата за поща.<br>Тази опция засяга вашия основен адрес на пощенска кутия (логин име), всички адреси, произтичащи от домейни на псевдоними, както и адреси на псевдоними, <b>с единствена целева пощенска кутия</b>.",
-    "user_settings": "Настройки на потребителя",
-    "username": "Потребителско име",
-    "value": "Стойност",
-    "verify": "Проверка",
-    "waiting": "Изчакване",
-    "week": "седмица",
-    "weekly": "Weekly",
-    "weeks": "седмици",
-    "with_app_password": "с парола за приложение",
-    "year": "година",
-    "years": "години"
-  },
-  "warning": {
-    "cannot_delete_self": "Не може да изтриете влезлия потребител",
-    "domain_added_sogo_failed": "Добавен домейн, но неуспешно рестартиране на SOGo, моля, проверете системните логове.",
-    "dovecot_restart_failed": "Dovecot не успя да рестартира, моля, проверете логовете",
-    "fuzzy_learn_error": "Грешка при обучение на размит хеш: %s",
-    "hash_not_found": "Хешът не е намерен или вече е изтрит",
-    "ip_invalid": "Пропуснат невалиден IP: %s",
-    "is_not_primary_alias": "Пропуснат неосновен псевдоним %s",
-    "no_active_admin": "Не може да деактивирате последния активен администратор",
-    "quota_exceeded_scope": "Квотата на домейна е надвишена: Само неограничени пощенски кутии могат да бъдат създадени в този домейн.",
-    "session_token": "Невалиден формулярен токен: Несъответствие на токена.",
-    "session_ua": "Невалиден формулярен токен: Грешка при проверка на User-Agent."
-  }
-}
\ No newline at end of file
+}
diff --git a/data/web/lang/lang.ca-es.json b/data/web/lang/lang.ca-es.json
index af7cbd5fb..ba84543a2 100644
--- a/data/web/lang/lang.ca-es.json
+++ b/data/web/lang/lang.ca-es.json
@@ -557,4 +557,4 @@
         "week": "Setmana",
         "weeks": "Setmanes"
     }
-}
\ No newline at end of file
+}
diff --git a/data/web/lang/lang.zh-tw.json b/data/web/lang/lang.zh-tw.json
index aaa6d756f..592efa809 100644
--- a/data/web/lang/lang.zh-tw.json
+++ b/data/web/lang/lang.zh-tw.json
@@ -1324,4 +1324,4 @@
         "hold_mail": "保留",
         "unhold_mail": "取消保留"
     }
-}
\ No newline at end of file
+}

From 2f1eb4b004a6882f7e0875632b1b5d5498a5caca Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Thu, 24 Jul 2025 21:42:00 +0200
Subject: [PATCH 597/755] Translations update from Weblate (#6649)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Web] Updated lang.es-es.json

Co-authored-by: sariegos <informatica@sariegos.es>

* [Web] Updated lang.si-si.json

Co-authored-by: Matjaž Tekavec <matjaz@moj-svet.si>

* [Web] Updated lang.pt-br.json

[Web] Updated lang.pt-br.json

Co-authored-by: Bruno Zouein Pereira <zopostyle@gmail.com>
Co-authored-by: Peter <magic@kthx.at>

---------

Co-authored-by: sariegos <informatica@sariegos.es>
Co-authored-by: Matjaž Tekavec <matjaz@moj-svet.si>
Co-authored-by: Bruno Zouein Pereira <zopostyle@gmail.com>
Co-authored-by: Peter <magic@kthx.at>
---
 data/web/lang/lang.es-es.json | 492 +++++++++++++++++++++++++++++++---
 data/web/lang/lang.pt-br.json |   9 +-
 data/web/lang/lang.si-si.json |  29 +-
 3 files changed, 478 insertions(+), 52 deletions(-)

diff --git a/data/web/lang/lang.es-es.json b/data/web/lang/lang.es-es.json
index 814142cc6..f357b9a80 100644
--- a/data/web/lang/lang.es-es.json
+++ b/data/web/lang/lang.es-es.json
@@ -10,11 +10,11 @@
         "quarantine": "Acciones de cuarentena",
         "quarantine_attachments": "Archivos ajuntos en cuarentena",
         "quarantine_notification": "Notificaciones de cuarentena",
-        "ratelimit": "Rate limit",
+        "ratelimit": "Límite de peticiones",
         "recipient_maps": "Rutas del destinatario",
         "sogo_profile_reset": "Resetear perfil SOGo",
         "spam_alias": "Aliases temporales",
-        "spam_policy": "Lista blanca/negra",
+        "spam_policy": "Lista de bloqueo/desbloqueo",
         "spam_score": "Puntuación de spam",
         "syncjobs": "Trabajos de sincronización",
         "tls_policy": "Póliza de TLS",
@@ -25,8 +25,10 @@
         "quarantine_category": "Cambiar categoría de las notificaciones de cuarentena",
         "domain_relayhost": "Cambiar relayhost por un dominio",
         "extend_sender_acl": "Permitir extender la ACL del remitente por direcciones externas",
-        "pw_reset": "Permitir el reset  de la contraseña del usario mailcow",
-        "sogo_access": "Permitir la gestión del acceso a SOGo"
+        "pw_reset": "Permitir el restablecimiento de la contraseña del usuario mailcow",
+        "sogo_access": "Permitir la gestión del acceso a SOGo",
+        "mailbox_relayhost": "Cambiar el host de reenvío para un buzón",
+        "smtp_ip_access": "Cambiar hosts permitidos para SMTP"
     },
     "add": {
         "activate_filter_warn": "Todos los demás filtros se desactivarán cuando este filtro se active.",
@@ -34,7 +36,7 @@
         "add": "Agregar",
         "add_domain_only": "Agregar dominio solamente",
         "add_domain_restart": "Agregar dominio y reiniciar SOGo",
-        "alias_address": "Dirección(es) alias:",
+        "alias_address": "Dirección(es) alias",
         "alias_address_info": "<small>Dirección(es) de correo completa(s) ó @dominio.com, para atrapar todos los mensajes para un dominio (separado por coma). <b>Dominios que existan en mailcow solamente</b>.</small>",
         "alias_domain": "Dominio alias",
         "alias_domain_info": "<small>Nombres de dominio válidos solamente (separado por coma).</small>",
@@ -45,13 +47,13 @@
         "delete1": "Eliminar de la fuente cuando se complete",
         "delete2": "Eliminar mensajes en el destino que no están en la fuente",
         "delete2duplicates": "Eliminar duplicados en el destino",
-        "description": "Descripción:",
+        "description": "Descripción",
         "destination": "Destino",
         "domain": "Dominio",
-        "domain_quota_m": "Cuota total del dominio (MiB):",
+        "domain_quota_m": "Cuota total del dominio (MiB)",
         "enc_method": "Método de cifrado",
         "exclude": "Excluir objectos (regex)",
-        "full_name": "Nombre completo:",
+        "full_name": "Nombre completo",
         "gal": "Lista global de direcciones (GAL)",
         "gal_info": "El GAL contiene todos los objetos de un dominio y no puede ser editado por ningún usuario. Falta información de disponibilidad en SOGo, si está desactivada. <b>Reinicia SOGo para aplicar los cambios.</b>",
         "generate": "Generar",
@@ -61,20 +63,20 @@
         "hostname": "Host",
         "kind": "Tipo",
         "mailbox_quota_def": "Cuota de buzón predeterminada",
-        "mailbox_quota_m": "Máx. cuota por buzón (MiB):",
-        "mailbox_username": "Nombre de usuario (parte izquierda de una dirección de correo):",
-        "max_aliases": "Máx. alias posibles:",
-        "max_mailboxes": "Máx. buzones posibles:",
+        "mailbox_quota_m": "Máx. cuota por buzón (MiB)",
+        "mailbox_username": "Nombre de usuario (parte izquierda de una dirección de correo)",
+        "max_aliases": "Máx. alias posibles",
+        "max_mailboxes": "Máx. buzones posibles",
         "mins_interval": "Intervalo de sondeo (minutos)",
         "multiple_bookings": "Múltiples reservas",
         "nexthop": "Siguiente destino",
-        "password": "Constraseña:",
-        "password_repeat": "Confirmación de contraseña (repetir):",
+        "password": "Contraseña",
+        "password_repeat": "Confirmación de contraseña (repetir)",
         "port": "Puerto",
-        "post_domain_add": "<b>Nota:</b> Necesitarás reiniciar el contenedor del servicio SOGo despues de agregar un nuevo dominio",
-        "quota_mb": "Cuota (MiB):",
+        "post_domain_add": "Es necesario reiniciar el contenedor del servicio SOGo, \"sogo-mailcow\", tras agregar un nuevo dominio.<br><br>Además, la configuración DNS de los dominios debería ser comprobada. En cuanto la configuración DNS se apruebe, reinicie \"acme-mailcow\" para generar automáticamente certificados para su nuevo dominio (autoconfig.&lt;dominio&gt;, autodiscover.&lt;dominio&gt;).<br>Este paso es opcional y se reintentará cada 24 horas.",
+        "quota_mb": "Cuota (MiB)",
         "relay_all": "Retransmitir todos los destinatarios",
-        "relay_all_info": "<small>Si eliges <b>no</b> retransmitir a todos los destinatarios, necesitas agregar un buzón \"ciego\" por cada destinatario que debe ser retransmitido.</small>",
+        "relay_all_info": "↪ Si se elige <b>no</b> retransmitir todos los destinatarios, será necesario agregar un buzón \"ciego\" por cada destinatario que deba ser retransmitido.",
         "relay_domain": "Retransmitir este dominio",
         "select": "Por favor selecciona...",
         "select_domain": "Por favor elige un dominio primero",
@@ -83,7 +85,7 @@
         "skipcrossduplicates": "Omitir mensajes duplicados en carpetas (orden de llegada)",
         "subscribeall": "Suscribirse a todas las carpetas",
         "syncjob": "Añadir trabajo de sincronización",
-        "syncjob_hint": "Ten en cuenta que las contraseñas deben guardarse en texto sin cifrado",
+        "syncjob_hint": "Tenga en cuenta que las contraseñas deben guardarse en texto plano sin cifrar",
         "target_address": "Direcciones destino:",
         "target_address_info": "<small>Dirección(es) de correo completa(s) (separado por coma).</small>",
         "target_domain": "Dominio destino:",
@@ -100,7 +102,13 @@
         "comment_info": "Los comentarios privados no son visibles al usuario, mientras que los comentarios públicos aparecerán sobre la información general del usuario",
         "dry": "Simular la sincronización",
         "private_comment": "Comentario privado",
-        "app_passwd_protocols": "Protocolos autorizados para la contraseña de la aplicación"
+        "app_passwd_protocols": "Protocolos autorizados para la contraseña de la aplicación",
+        "relay_transport_info": "<div class=\"label label-info\">Información</div> Puede definir mapas de transporte para un destino personalizado para este dominio. En caso de no definirlo, se realizará una búsqueda MX.",
+        "bcc_dest_format": "El destino del CCO debe ser una única dirección de correo electrónico válida.<br>Si necesita enviar una copia a varias direcciones, cree un alias y utilícelo aquí.",
+        "domain_matches_hostname": "El dominio %s coincide con el nombre de host",
+        "relay_unknown_only": "Reenviar sólo los buzones no existentes. Los buzones existentes se entregarán localmente.",
+        "relayhost_wrapped_tls_info": "Por favor, no utilice puertos con TLS (habitualmente, el puerto 465). <br>Utilice cualquier puerto no cifrado y emita STARTTLS. Se puede crear una política para imponer TLS en \"TLS policy maps\".",
+        "tags": "Etiquetas"
     },
     "admin": {
         "access": "Acceso",
@@ -129,7 +137,7 @@
         "app_name": "Nombre de la app",
         "apps_name": "Nombre \"mailcow Apps\"",
         "arrival_time": "Tiempo de llegada (hora del servidor)",
-        "ban_list_info": "Lista de IPs bloqueadas: <b>red (tiempo de prohibición restante) - [acciones]</b>.<br />Las IPs en cola para ser desbloqueadas se eliminarán de la lista de bloqueos en unos pocos segundos.<br />Las etiquetas rojas indican bloqueos permanentes mediante la inclusión en la lista negra.",
+        "ban_list_info": "Lista de direcciones IP bloqueadas: <b>red (tiempo de prohibición restante) - [acciones]</b>.<br />Las direcciones IP en cola para ser desbloqueadas se eliminarán de la lista de bloqueos en unos segundos.<br />Las etiquetas rojas indican bloqueos permanentes por inclusión en la lista de bloqueo.",
         "change_logo": "Cambiar logo",
         "configuration": "Configuración",
         "credentials_transport_warning": "<b>Advertencia</b>: al agregar una nueva entrada de ruta de transporte se actualizarán las credenciales para todas las entradas con una columna de \"siguiente destino\" coincidente.",
@@ -157,15 +165,15 @@
         "excludes": "Excluye a estos destinatarios",
         "f2b_ban_time": "Tiempo de restricción (s)",
         "f2b_ban_time_increment": "Tiempo de restricción se incrementa con cada restricción",
-        "f2b_blacklist": "Redes y hosts en lista negra",
-        "f2b_list_info": "Un host o red en lista negra siempre superará a una entidad de la lista blanca. <b>Las actualizaciones de la lista tardarán unos segundos en aplicarse.</b>",
+        "f2b_blacklist": "Redes y hosts en lista de bloqueo",
+        "f2b_list_info": "Un host o red en lista de bloqueo siempre tendrá prioridad sobre una entidad de la lista de desbloqueo. <b>Las actualizaciones de la lista tardarán unos segundos en aplicarse.</b>",
         "f2b_max_attempts": "Max num. de intentos",
         "f2b_max_ban_time": "Max tiempo de restricción (s)",
         "f2b_netban_ipv4": "Tamaño de subred IPv4 para aplicar la restricción (8-32)",
         "f2b_netban_ipv6": "Tamaño de subred IPv6 para aplicar la restricción (8-128)",
         "f2b_parameters": "Parametros Fail2ban",
         "f2b_retry_window": "Ventana de tiempo entre reintentos",
-        "f2b_whitelist": "Redes y hosts en lista blanca",
+        "f2b_whitelist": "Redes y hosts en lista de desbloqueo",
         "filter_table": "Filtrar tabla",
         "forwarding_hosts": "Hosts de reenvío",
         "forwarding_hosts_add_hint": "Se puede especificar direcciones IPv4 / IPv6, redes en notación CIDR, nombres de host (que se resolverán en direcciones IP) o dominios (que se resolverán en direcciones IP consultando registros SPF o, en su defecto, registros MX)",
@@ -253,7 +261,146 @@
         "unban_pending": "Desbloqueo pendiente",
         "unchanged_if_empty": "Si no hay cambios déjalo en blanco",
         "upload": "Cargar",
-        "username": "Nombre de usuario"
+        "username": "Nombre de usuario",
+        "force_sso_text": "Si se configura un proveedor OIDC externo, esta opción oculta los formularios por defecto de inicio de sesión y muestra solamente el botón de inicio de sesión único",
+        "admin_quicklink": "Ocultar enlace rápido a página de inicio de sesión para administradores",
+        "iam_default_template_description": "Si no se asigna una plantilla a un usuario, se utilizará la plantilla por defecto para crear el buzón, pero no para actualizarlo.",
+        "reset_password_vars": "<code>{{link}}</code> El enlace generado para el restablecimiento de contraseña<br><code>{{username}}</code> El buzón del usuario que ha solicitado el restablecimiento de contraseña<br><code>{{username2}}</code> La dirección del buzón de recuperación de contraseña<br><code>{{date}}</code> La fecha en que se realizó la solicitud de restablecimiento de contraseña<br><code>{{token_lifetime}}</code> El periodo de vigencia del token en minutos<br><code>{{hostname}}</code> El servidor Mailcow",
+        "api_info": "La API es un trabajo en curso. La documentación se puede encontrar en <a href=\"/api\">/api</a>",
+        "iam_description": "Configurar un proveedor de autenticación externo<br>Los buzones de usuario se crearán automáticamente la primera vez que se inicie sesión, siempre que se hayan configurado las equivalencias de atributos",
+        "ui_header_announcement_help": "El anuncio será visible para todos los usuarios conectados y también en la pantalla de inicio de sesión.",
+        "html": "HTML",
+        "oauth2_redirect_uri": "URI de redirección",
+        "quarantine_bcc": "Remitir una copia de todas las notificaciones (CCO) a este destinatario: <br><small>Dejar en blanco para desactivar. <b>Correo sin firmar y sin comprobar. Debe entregarse solo internamente.</b></small>",
+        "quarantine_redirect": "<b>Redirigir todas las notificaciones</b> a este destinatario:<br><small>Dejar en blanco para desactivar. <b>Correo sin firmar y sin comprobar. Debe entregarse sólo internamente.</b></small>",
+        "iam_authorize_url": "Endpoint de autorización",
+        "sal_level": "Nivel de Moo",
+        "ui_footer": "Pie de página (se permite HTML)",
+        "is_mx_based": "Basado en MX",
+        "password_reset_tmpl_text": "Plantilla de texto",
+        "password_length": "Longitud de la contraseña",
+        "quicklink_text": "Mostrar u ocultar enlaces rápidos a otras páginas de inicio bajo el formulario de inicio de sesión",
+        "password_policy_lowerupper": "Debe contener caracteres en minúsculas y mayúsculas",
+        "rspamd_global_filters_regex": "Sus nombres indican su propósito. Todo el contenido debe constar de expresiones regulares válidas con el formato \"/patrón/opciones\" (por ejemplo, <code>/.+@domain\\.tld/i</code>).<br>\n  Si bien se llevan a cabo comprobaciones básicas de cada expresión regular, la funcionalidad de Rspamd puede verse inutilizada, si no consigue interpretar correctamente la sintaxis utilizada.<br>\n  Rspamd intentará leer el contenido del mapa cuando éste se modifique. En caso de de problemas, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">reinicie Rspamd</a> para forzar una recarga del mapa.<br>Los elementos incluidos en listas de bloqueo se excluyen de la cuarentena.",
+        "iam_use_ssl_info": "Si se habilita SSL y el puerto se establece en el 389, se cambiará automáticamente al 636.",
+        "iam_login_provisioning": "Crear usuarios automáticamente al iniciar sesión",
+        "iam_periodic_full_sync": "Sincronización completa periódica",
+        "iam_port": "Puerto",
+        "iam_realm": "Ámbito",
+        "iam_redirect_url": "URL de redirección",
+        "iam_server_url": "URL del servidor",
+        "iam_sso": "Inicio de sesión único (SSO)",
+        "iam_sync_interval": "Intervalo de sincronización/importación (minutos)",
+        "iam_test_connection": "Comprobar conexión",
+        "iam_token_url": "Endpoint del token",
+        "iam_username_field": "Campo de nombre de usuario",
+        "iam_use_ssl": "Utilizar SSL",
+        "iam_use_tls": "Utilizar STARTTLS",
+        "iam_userinfo_url": "Endopint de información de usuario",
+        "iam_use_tls_info": "Si se habilita TLS, se debe utilizar el puerto por defecto del servidor LDAP (389). No se permiten puertos SSL.",
+        "iam_version": "Versión",
+        "ignore_ssl_error": "Ignorar errores de SSL",
+        "ip_check": "Comprobación IP",
+        "ip_check_disabled": "La comprobación de IP está desactivada. Puede activarla en<br> <strong>Sistema > Configuración > Opciones > Personalizar</strong>.",
+        "ip_check_opt_in": "Aceptar utilizar el servicio de terceros <strong>ipv4.mailcow.email</strong> y <strong>ipv6.mailcow.email</strong> para resolver direcciones IP externas.",
+        "last_applied": "Aplicado por última vez",
+        "license_info": "No es obligatorio contar con una licencia, pero ayuda a continuar el desarrollo.<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL order\">Indique aquí su GUID</a> o <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Support order\">adquiera servicios de soporte para su instalación de Mailcow.</a>",
+        "login_time": "Hora de inicio de sesión",
+        "lookup_mx": "Destino es una expresión regular con la que contrastar el nombre MX (<code>.*\\.google\\.com</code> para dirigir todo el tráfico dirigido a un MX que termina en google.com a través de este salto)",
+        "message": "Mensaje",
+        "no": "&#10005;",
+        "optional": "opcional",
+        "app_hide": "Ocultar para inicio de sesión",
+        "convert_html_to_text": "Convertir HTML a texto plano",
+        "cors_settings": "Configuración de CORS",
+        "customer_id": "ID de cliente",
+        "dkim_overwrite_key": "Sobrescribir la clave DKIM existente",
+        "domain_admin": "Administrador de dominio",
+        "f2b_manage_external": "Gestionar Fail2Ban de manera externa",
+        "f2b_manage_external_info": "Fail2Ban conservará la lista de bloqueo, pero no establecerá activamente reglas para bloquear el tráfico. Utilizar la lista de bloqueo siguiente para bloquear externamente el tráfico.",
+        "filter": "Filtrar",
+        "admins": "Administradores",
+        "admins_ldap": "Administradores de LDAP",
+        "advanced_settings": "Configuración avanzada",
+        "allowed_methods": "Access-Control-Allow-Methods",
+        "allowed_origins": "Access-Control-Allow-Origin",
+        "api_read_only": "Acceso de sólo lectura",
+        "api_read_write": "Acceso de lectura y escritura",
+        "api_skip_ip_check": "Omitir la comprobación de la IP para la API",
+        "authed_user": "Usuario autentificado",
+        "ays": "¿Está seguro de querer continuar?",
+        "logo_normal_label": "Normal",
+        "logo_dark_label": "Invertido para modo oscuro",
+        "copy_to_clipboard": "¡Texto copiado al portapapeles!",
+        "login_page": "Inicio de sesión",
+        "domainadmin_quicklink": "Ocultar enlace rápido a página de inicio de sesión para administradores de dominios",
+        "domain_s": "Dominio(s)",
+        "f2b_filter": "Filtros regex",
+        "f2b_regex_info": "Registros tomados en consideración: SOGo, Postfix, Dovecot, PHP-FPM.",
+        "force_sso": "Deshabilitar el inicio de sesión de Mailcow y mostrar solamente el inicio de sesión único",
+        "guid": "GUID - ID de instancia único",
+        "guid_and_license": "GUID y licencia",
+        "hash_remove_info": "Al eliminar un hash de límite de velocidad (si todavía existe) se reiniciará su contador por completo.<br> Cada hash se indica con un color individual.",
+        "iam": "Proveedor de identidad",
+        "iam_attribute_field": "Campo de atributo",
+        "iam_auth_flow": "Flujo de autenticación",
+        "iam_basedn": "DN de base",
+        "iam_client_id": "ID de cliente",
+        "iam_client_secret": "Secreto de cliente",
+        "iam_client_scopes": "Ámbitos de cliente",
+        "iam_default_template": "Plantilla por defecto",
+        "iam_host": "Host",
+        "iam_host_info": "Introduzca uno o más hosts de LDAP, separados por comas.",
+        "iam_import_users": "Importar usuarios",
+        "iam_mapping": "Equivalencias de atributos",
+        "needs_restart": "necesita reinicio",
+        "oauth2_apps": "Aplicaciones OAuth2",
+        "oauth2_add_client": "Añadir cliente OAuth2",
+        "oauth2_renew_secret": "Generar nuevo secreto de cliente",
+        "oauth2_revoke_tokens": "Revocar todos los tokens de cliente",
+        "options": "Opciones",
+        "password_policy": "Política de contraseñas",
+        "password_policy_chars": "Debe contener al menos un caracter alfabético",
+        "password_policy_length": "La longitud mínima de la contraseña es %d",
+        "password_policy_numbers": "Debe contener al menos un número",
+        "password_policy_special_chars": "Debe contener caracteres especiales",
+        "password_reset_info": "Si no se indica una dirección para la recuperación de contraseñas, esta función no puede utilizarse.",
+        "password_reset_settings": "Configuración de recuperación de contraseña",
+        "password_reset_tmpl_html": "Plantilla HTML",
+        "password_settings": "Configuración de contraseña",
+        "priority": "Prioridad",
+        "quarantine_max_score": "Descartar notificación si la puntuación de spam de un mensaje de correo es mayor que este valor:<br><small>Por defecto 9999.0</small>",
+        "queue_unban": "desbloquear",
+        "regex_maps": "Mapas regex",
+        "relay_rcpt": "Dirección \"Para:\"",
+        "reset_limit": "Eliminar hash",
+        "restore_template": "Dejar en blanco para restablecer la plantilla por defecto",
+        "rsetting_no_selection": "Seleccione una regla",
+        "rsettings_preset_3": "Permitir solamente remitentes específicos para un buzón (utilizar únicamente como buzón interno)",
+        "rsettings_preset_4": "Deshabilitar Rspamd para un dominio",
+        "rspamd_global_filters": "Mapas de filtrado globales",
+        "rspamd_global_filters_agree": "¡Tendré cuidado!",
+        "rspamd_global_filters_info": "Los mapas de filtrado globales contienen distintos tipos de listos de bloqueo y desbloqueo.",
+        "service": "Servicio",
+        "service_id": "ID de servicio",
+        "success": "Éxito",
+        "task": "Tarea",
+        "time": "Tiempo",
+        "title": "Título",
+        "transport_dest_format": "Regex o sintaxis: ejemplo.org, .ejemplo.org, *, buzon@ejemplo.org (se pueden introducir varios valores separados por comas)",
+        "transport_test_rcpt_info": "&#8226; Utilizar null@hosted.mailcow.de para comprobar la retransmisión a un destino externo.",
+        "ui_header_announcement": "Anuncios",
+        "ui_header_announcement_content": "Texto (se permite HTML)",
+        "ui_header_announcement_select": "Seleccionar tipo de anuncio",
+        "ui_header_announcement_type": "Tipo",
+        "ui_header_announcement_type_danger": "Muy importante",
+        "ui_header_announcement_type_info": "Información",
+        "ui_header_announcement_type_warning": "Importante",
+        "user_link": "Enlace de usuario",
+        "user_quicklink": "Ocultar enlace rápido a página de inicio de sesión de usuario",
+        "validate_license_now": "Validar el GUID contra el servidor de licencias",
+        "verify": "Verificar",
+        "yes": "&#10003;"
     },
     "danger": {
         "access_denied": "Acceso denegado o datos del formulario inválidos",
@@ -341,7 +488,60 @@
         "username_invalid": "Nombre de usuario no se puede utilizar",
         "validity_missing": "Por favor asigna un periodo de validez",
         "value_missing": "Por favor proporcione todos los valores",
-        "yotp_verification_failed": "Verificación Yubico OTP fallida: %s"
+        "yotp_verification_failed": "Verificación Yubico OTP fallida: %s",
+        "last_key": "La última clave no se puede eliminar, en su lugar desactive la autenticación de doble factor.",
+        "img_dimensions_exceeded": "La imagen excede el tamaño máximo permitido",
+        "authsource_in_use": "El proveedor de identidades no se puede cambiar al estar en uso por uno o más usuario(s).",
+        "app_name_empty": "El nombre de la aplicación no puede quedar vacío",
+        "recovery_email_failed": "No se ha podido enviar un correo de recuperación. Contacte con su administrador.",
+        "tls_policy_map_dest_invalid": "Destino de política no válido",
+        "cors_invalid_method": "Allow-Method especificado no válido",
+        "dkim_domain_or_sel_exists": "Ya existe una clave DKIM para \"%s\" y no será sobrescrita",
+        "webauthn_publickey_failed": "No se ha almacenado ninguna clave pública para el autenticador seleccionado",
+        "invalid_reset_token": "Token de restablecimiento no válido",
+        "password_reset_na": "El restablecimiento de contraseña no está disponible en estos momentos. Contacte con su administrador.",
+        "generic_server_error": "Se ha producido un error inesperado en el servidor. Contacte con su administrador.",
+        "reset_f2b_regex": "El filtro Regex no se ha podido restablecer a tiempo, inténtelo de nuevo o espere unos segundos y vuelva a cargar la página web.",
+        "extra_acl_invalid": "Dirección de remitente externo \"%s\" no válida",
+        "extra_acl_invalid_domain": "El remitente externo \"%s\" utiliza un dominio no válido",
+        "max_alias_exceeded": "Se ha excedido el número máximo de alias",
+        "app_passwd_id_invalid": "Contraseña de aplicación con ID %s no válida",
+        "comment_too_long": "Comentario demasiado largo, máximo de 160 caracteres permitidos",
+        "cors_invalid_origin": "Allow-Origin especificado no válido",
+        "demo_mode_enabled": "Modo demo activado",
+        "description_invalid": "Descripción de recurso para %s no válida",
+        "extended_sender_acl_denied": "no se encuentra ACL para establecer direcciones de remitente externo",
+        "fido2_verification_failed": "Verificación FIDO2 fallida: %s",
+        "file_open_error": "El archivo no se puede abrir para escritura",
+        "global_filter_write_error": "No se ha podido escribir el archivo de filtro: %s",
+        "global_map_invalid": "Mapa global con ID %s no válido",
+        "global_map_write_error": "No se ha podido guardar el mapa global con ID %s: %s",
+        "ham_learn_error": "Error de aprendizaje de correo deseado: %s",
+        "iam_test_connection": "Conexión fallida",
+        "imagick_exception": "Error: Excepción en Imagick al leer la imagen",
+        "img_invalid": "No se ha podido validar el archivo de imagen",
+        "img_size_exceeded": "La imagen excede el tamaño máximo de archivo",
+        "img_tmp_missing": "No se ha podido validar el archivo de imagen: archivo temporal no encontrado",
+        "invalid_filter_type": "Tipo de filtro no válido",
+        "invalid_mime_type": "Tipo MIME no válido",
+        "maxquota_empty": "La cuota máxima por buzón no debe ser cero.",
+        "nginx_reload_failed": "Recarga de Nginx fallida: %s",
+        "password_reset_invalid_user": "Buzón no encontrado o dirección de correo para recuperación no establecida",
+        "pushover_credentials_missing": "Falta el token y/o la clave de Pushover",
+        "pushover_key": "La clave de Pushover tiene un formato incorrecto",
+        "pushover_token": "El token de Pushover tiene un formato incorrecto",
+        "required_data_missing": "Datos necesarios %s no proporcionados",
+        "reset_token_limit_exceeded": "Se ha superado el límite de tokens de restablecimiento. Inténtelo más tarde.",
+        "resource_invalid": "Nombre de recurso %s no válido",
+        "targetd_relay_domain": "El dominio de destino %s es un dominio de retransmisión",
+        "template_exists": "La plantilla %s ya existe",
+        "template_id_invalid": "Plantilla con ID %s no válida",
+        "template_name_invalid": "Nombre de plantilla no válido",
+        "temp_error": "Error transitorio",
+        "tfa_token_invalid": "Token de autenticación de doble factor no válido",
+        "to_invalid": "El destinatario no puede quedar en blanco",
+        "webauthn_authenticator_failed": "No se ha localizado el autenticador seleccionado",
+        "webauthn_username_failed": "El autenticador seleccionado pertenece a otra cuenta"
     },
     "debug": {
         "containers_info": "Información de los contenedores",
@@ -357,7 +557,29 @@
         "started_at": "Iniciado el",
         "uptime": "Uptime",
         "static_logs": "Logs estáticos",
-        "system_containers": "Sistema y Contenedores"
+        "system_containers": "Sistema y Contenedores",
+        "show_ip": "Mostrar IP pública",
+        "wip": "Actualmente incompleto",
+        "current_time": "Hora del sistema",
+        "service": "Servicio",
+        "timezone": "Huso horario",
+        "update_available": "Hay una actualización disponible",
+        "update_failed": "No se han podido comprobar las actualizaciones",
+        "architecture": "Arquitectura",
+        "chart_this_server": "Gráfico (este servidor)",
+        "container_running": "En ejecución",
+        "container_disabled": "Contenedor detenido o desactivado",
+        "container_stopped": "Detenido",
+        "cores": "Núcleos",
+        "error_show_ip": "No se han podido resolver las direcciones IP públicas",
+        "history_all_servers": "Historial (todos los servidores)",
+        "login_time": "Tiempo",
+        "memory": "Memoria",
+        "online_users": "Usuarios conectados",
+        "started_on": "Iniciado",
+        "success": "Éxito",
+        "no_update_available": "El sistema está actualizado",
+        "username": "Nombre de usuario"
     },
     "diagnostics": {
         "cname_from_a": "Valor derivado del registro A / AAAA. Esto es permitido siempre que el registro apunte al recurso correcto.",
@@ -367,7 +589,8 @@
         "dns_records_name": "Nombre",
         "dns_records_status": "Información actual",
         "dns_records_type": "Tipo",
-        "optional": "Este récord es opcional."
+        "optional": "Este récord es opcional.",
+        "dns_records_docs": "Consulte también <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">la documentación</a>."
     },
     "edit": {
         "active": "Activo",
@@ -435,13 +658,79 @@
         "title": "Editar objeto",
         "unchanged_if_empty": "Si no hay cambios dejalo en blanco",
         "username": "Nombre de usuario",
-        "validate_save": "Validar y guardar"
+        "validate_save": "Validar y guardar",
+        "app_passwd_protocols": "Protocolos permitidos con contraseña de aplicación",
+        "domain_footer_info": "Los pies de página de dominio se añaden a todos los mensajes salientes remitidos por una dirección de dicho dominio.<br> Están disponibles las siguientes variables para el pie de página:",
+        "sender_acl_info": "Si el usuario del buzón A tiene permitido enviar como el buzón B, la dirección de remitente no se mostrará automáticamente como seleccionable en el campo \"De\" en SOGo.<br>\n  El usuario del buzón B necesitará crear una delegación en SOGo para permitir al usuario A seleccionar su dirección como remitente. Para delegar un buzón en SOGo, utilice el menú (tres puntos) a la derecha del nombre del buzón en la esquina superior izquierda, en la vista de correo. Este comportamiento no se aplica a direcciones alias.",
+        "sogo_access_info": "Tras iniciar sesión, el usuario será redirigido automáticamente a SOGo.",
+        "comment_info": "Un comentario privado no es visible para el usuario, mientras que un comentario público se muestra como descripción emergente al pasar el ratón en la vista general del usuario",
+        "quota_warning_bcc_info": "Los avisos se enviarán como copias separadas a los siguientes destinatarios. Se indicará en el asunto el usuario afectado entre paréntesis, como por ejemplo: <code>Aviso de cuota (usuario@ejemplo.com)</code>.",
+        "sogo_access": "Redirección directa a SOGo",
+        "sogo_visible_info": "Esta opción solamente afecta a objetos que puedan ser visualizados en SOGo (alias compartidos o no compartidos que apunten al menos a un buzón interno). Si se oculta, el alias no aparecerá como seleccionable en SOGo.",
+        "extended_sender_acl_info": "Se aconseja importar una clave de dominio DKIM, si está disponible.<br>\n  Recuerde añadir este servidor al registro SPF correspondiente.<br>\n  Siempre que se añada un dominio o alias a este servidor, que se superponga con una dirección externa, se eliminará la dirección externa.<br>\n  Utilice @dominio.tld para permitir enviar como *@dominio.tld.",
+        "pushover_info": "La configuración de notificaciones push se aplicará a todos los mensajes limpios (no spam) entregados a <b>%s</b> incluyendo alias (compartidos, no compartidos, etiquetados).",
+        "mbox_rl_info": "Este límite de peticiones se aplica al nombre de inicio de sesión SASL, coincide con cualquier dirección \"de\" que utilice el usuario conectado. Un límite de buzón tiene precedencia sobre un límite del dominio.",
+        "admin": "Editar administrador",
+        "none_inherit": "Ninguno / heredar",
+        "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">Comprobación de remitente desactivada</span>",
+        "footer_exclude": "Excluir del pie de página",
+        "acl": "ACL (permisos)",
+        "advanced_settings": "Configuración avanzada",
+        "allow_from_smtp": "Permitir únicamente a las siguientes direcciones IP utilizar <b>SMTP</b>",
+        "allow_from_smtp_info": "Dejar en blanco para permitir cualquier remitente.<br>Direcciones y redes IPv4/IPv6.",
+        "allowed_protocols": "Protocolos permitidos para acceso directo del usuario (no afecta a protocolos con contraseña de aplicación)",
+        "app_name": "Nombre de aplicación",
+        "app_passwd": "Contraseña de aplicación",
+        "created_on": "Creado",
+        "custom_attributes": "Atributos personalizados",
+        "delete_ays": "Por favor, confirme el proceso de eliminación.",
+        "disable_login": "Deshabilitar inicio de sesión (se aceptará el correo entrante)",
+        "domain_footer": "Pie de página para todos los usuarios del dominio",
+        "domain_footer_html": "Pie de página HTML",
+        "domain_footer_skip_replies": "Descartar pie de página en correos de respuesta",
+        "extended_sender_acl": "Direcciones de remisión externas",
+        "generate": "generar",
+        "lookup_mx": "El destino es una expresión regular con la que contrastar el nombre MX (<code>.*\\.google\\.com</code> para dirigir todo el correo enviado a un MX que termine en google.com a través de este salto)",
+        "mailbox_relayhost_info": "Aplicable únicamente al buzón y sus alias directos, anula el host de retransmisión para el dominio",
+        "mailbox_rename": "Renombrar buzón",
+        "mailbox_rename_agree": "He creado una copia de seguridad.",
+        "mailbox_rename_warning": "¡IMPORTANTE! Realice una copia de seguridad antes de renombrar el buzón.",
+        "mailbox_rename_alias": "Crear alias automáticamente",
+        "mailbox_rename_title": "Nuevo nombre de buzón local",
+        "password_recovery_email": "Dirección de correo para recuperación de contraseña",
+        "private_comment": "Comentario privado",
+        "public_comment": "Comentario público",
+        "pushover": "Pushover",
+        "pushover_evaluate_x_prio": "Escalar correo de alta prioridad [<code>X-Priority: 1</code>]",
+        "pushover_sender_array": "Tener en cuenta únicamente las siguientes direcciones de correo de remitente <small>(separados por comas)</small>",
+        "pushover_text": "Texto de notificación",
+        "pushover_title": "Título de notificación",
+        "pushover_sound": "Sonido",
+        "pushover_verify": "Verificar credenciales",
+        "quota_warning_bcc": "CCO de aviso de cuota",
+        "ratelimit": "Límite de peticiones",
+        "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Información</div> Puede definir mapas de transporte para destinatarios personalizados para este dominio. Si no se establece, se realizará una búsqueda MX.",
+        "relay_unknown_only": "Reenviar solamente los buzones no existentes. Los buzones existentes se entregarán localmente.",
+        "sogo_visible": "Alias visible en SOGo.",
+        "spam_alias": "Crear o modificar alias temporales (con caducidad)",
+        "spam_filter": "Filtro de spam",
+        "spam_policy": "Añadir o eliminar elementos de la lista de bloqueo/desbloqueo",
+        "spam_score": "Establecer una puntuación de spam personalizada"
     },
     "footer": {
         "hibp_nok": "¡Se encontró coincidencia - esta es una contraseña <b>no segura</b>, selecciona otra!",
         "hibp_ok": "No se encontraron coincidencias",
         "loading": "Espera por favor...",
-        "restart_now": "Reiniciar ahora"
+        "restart_now": "Reiniciar ahora",
+        "restart_container": "Reiniciar contenedor",
+        "restart_container_info": "<b>Importante:</b> Un reinicio limpio puede llevar un tiempo. Por favor, espere a que finalice.",
+        "cancel": "Cancelar",
+        "confirm_delete": "Confirmar eliminación",
+        "delete_now": "Eliminar ahora",
+        "delete_these_items": "Confirme sus cambios para el siguiente ID de objeto",
+        "hibp_check": "Comprobar en haveibeenpwned.com",
+        "nothing_selected": "Nada seleccionado",
+        "restarting_container": "Reiniciando contenedor, puede llevar un tiempo"
     },
     "header": {
         "administration": "Administración",
@@ -450,17 +739,38 @@
         "mailcow_config": "Configuración",
         "quarantine": "Cuarentena",
         "restart_sogo": "Reiniciar SOGo",
-        "user_settings": "Configuraciones de usuario"
+        "user_settings": "Configuraciones de usuario",
+        "mailcow_system": "Sistema",
+        "apps": "Aplicaciones",
+        "restart_netfilter": "Reiniciar netfilter"
     },
     "info": {
         "awaiting_tfa_confirmation": "En espera de confirmación de TFA",
-        "no_action": "No hay acción aplicable"
+        "no_action": "No hay acción aplicable",
+        "session_expires": "Su sesión expirará en unos 15 segundos"
     },
     "login": {
         "delayed": "El inicio de sesión ha sido retrasado %s segundos.",
         "login": "Inicio de sesión",
         "password": "Contraseña",
-        "username": "Nombre de usuario"
+        "username": "Nombre de usuario",
+        "login_admin": "Inicio de sesión de administrador",
+        "invalid_pass_reset_token": "El token de restablecimiento de contraseña no es válido o ha caducado.<br>Solicite un nuevo enlace de restablecimiento de contraseña.",
+        "fido2_webauthn": "Inicio de sesión FIDO2/WebAuthn",
+        "forgot_password": "> ¿Contraseña olvidada?",
+        "mobileconfig_info": "Inicie sesión como usuario de buzón para descargar el perfil de conexión solicitado para dispositivos Apple.",
+        "new_password": "Nueva contraseña",
+        "back_to_mailcow": "Volver a mailcow",
+        "login_linkstext": "¿Sesión incorrecta?",
+        "login_usertext": "Iniciar sesión como usuario",
+        "login_domainadmintext": "Iniciar sesión como administrador de dominio",
+        "login_admintext": "Iniciar sesión como administrador",
+        "login_user": "Inicio de sesión de usuario",
+        "login_dadmin": "Inicio de sesión de administrador de dominio",
+        "new_password_confirm": "Confirmar nueva contraseña",
+        "other_logins": "o iniciar sesión con",
+        "reset_password": "Restablecer contraseña",
+        "request_reset_password": "Solicitar cambio de contraseña"
     },
     "mailbox": {
         "action": "Acción",
@@ -572,7 +882,67 @@
         "toggle_all": "Selecionar todo",
         "username": "Nombre de usuario",
         "waiting": "Esperando",
-        "weekly": "Cada semana"
+        "weekly": "Cada semana",
+        "sieve_preset_4": "Colocar en bandeja de entrada, omitir procesamiento posterior en filtros de sieve",
+        "goto_spam": "Aprender como <b>correo no deseado</b>",
+        "sieve_preset_header": "Vea los preajustes de ejemplo más abajo. Para más detalles, consulte <a href=\"https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)\" target=\"_blank\">Wikipedia</a>.",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Nombre de usuario o contraseña incorrectos",
+        "tls_policy_maps_enforced_tls": "Estas políticas tendrán precedencia también para aquellos usuarios de buzones en los que sea obligatoria una conexión TLS. Si no se indica ninguna política a continuación, dichos usuarios aplicarán los valores predeterminados que se especifiquen en <code>smtp_tls_mandatory_protocols</code> y <code>smtp_tls_mandatory_ciphers</code>.",
+        "alias_domain_alias_hint": "Los alias <b>no</b> se aplican a dominios de alias automáticamente. Una dirección alias <code>mi-alias@dominio</code> <b>no cubre</b> la dirección <code>mi-alias@dominio-alias</code> (donde \"dominio-alias\" es un hipotético alias para el dominio \"dominio\").<br>Utilice un filtro sieve para redirigir el correo a un buzón externo (ver la pestaña \"Filtros\" o utilice SOGo -> Desvío). Utilice \"expandir alias a dominio de alias\" para agregar automáticamente los alias que falten.",
+        "domain_templates": "Plantillas de dominio",
+        "sieve_preset_1": "Desechar correo con tipos de archivo probablemente peligrosos",
+        "created_on": "Creado",
+        "disable_login": "No permitir iniciar sesión (se seguirá aceptando el correo entrante)",
+        "mailbox": "Buzón",
+        "mailbox_defaults": "Ajustes por defecto",
+        "sogo_visible_y": "Mostrar alias en SOGo",
+        "spam_aliases": "Alias temporal",
+        "add_template": "Añadir plantilla",
+        "all_domains": "Todos los dominios",
+        "allow_from_smtp": "Permitir únicamente a estas direcciones IP utilizar <b>SMTP</b>",
+        "allow_from_smtp_info": "Dejar vacío para permitir cualquier remitente.<br>Direcciones y redes IPv4/IPv6.",
+        "allowed_protocols": "Protocolos permitidos",
+        "goto_ham": "Aprender como <b>correo deseado</b>",
+        "iam": "Proveedor de identidad",
+        "insert_preset": "Insertar valor predeterminado de ejemplo \"%s\"",
+        "last_mail_login": "Último acceso al correo",
+        "last_pw_change": "Último cambio de contraseña",
+        "mailbox_defaults_info": "Definir configuración por defecto para nuevos buzones.",
+        "mailbox_templates": "Plantillas de buzón",
+        "no": "&#10005;",
+        "open_logs": "Abrir registros",
+        "owner": "Propietario",
+        "private_comment": "Comentario privado",
+        "public_comment": "Comentario público",
+        "q_add_header": "al mover a carpeta de Spam",
+        "q_all": " al mover a carpeta de Spam y al rechazar",
+        "q_reject": "al rechazar",
+        "quarantine_category": "Categoría de notificación de cuarentena",
+        "recipient": "Destinatario",
+        "relay_unknown": "Retransmitir buzones desconocidos",
+        "sender": "Remitente",
+        "sieve_preset_2": "Marcar siempre el correo de un remitente específico como leído",
+        "sieve_preset_3": "Descartar silenciosamente, detener procesado de sieve",
+        "sieve_preset_5": "Respuesta automática (vacaciones)",
+        "sieve_preset_6": "Rechazar correo con respuesta",
+        "sieve_preset_7": "Redireccionar y guardar/descartar",
+        "sieve_preset_8": "Redirigir correo de un remitente específico, marcarlo como leído y clasificarlo en subcarpeta",
+        "sogo_visible": "Alias visible en SOGo",
+        "sogo_visible_n": "Ocultar alias en SOGo",
+        "stats": "Estadísticas",
+        "syncjob_check_log": "Comprobar registros",
+        "syncjob_last_run_result": "Resultado de la última ejecución",
+        "syncjob_EX_OK": "Éxito",
+        "syncjob_EXIT_CONNECTION_FAILURE": "Problema de conexión",
+        "syncjob_EXIT_TLS_FAILURE": "Problema con la conexión cifrada",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Problema de autenticación",
+        "syncjob_EXIT_OVERQUOTA": "El buzón de destino ha superado la cuota",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "No es posible conectar con el servidor remoto",
+        "table_size": "Tamaño de la tabla",
+        "table_size_show_n": "Mostrar %s elementos",
+        "templates": "Plantillas",
+        "template": "Plantilla",
+        "yes": "&#10003;"
     },
     "oauth2": {
         "access_denied": "Inicie sesión como propietario del buzón para otorgar acceso a través de OAuth2.",
@@ -614,7 +984,13 @@
         "subj": "Asunto",
         "text_from_html_content": "Contenido (html convertido)",
         "text_plain_content": "Contenido (text/plain)",
-        "toggle_all": "Seleccionar todos"
+        "toggle_all": "Seleccionar todos",
+        "confirm": "Confirmar",
+        "deliver_inbox": "Entregar en bandeja de entrada",
+        "download_eml": "Descargar (.eml)",
+        "info": "Información",
+        "junk_folder": "Carpeta de correo no deseado",
+        "notified": "Notificado"
     },
     "queue": {
         "queue_manager": "Administrador de cola"
@@ -773,11 +1149,55 @@
         "waiting": "Esperando",
         "week": "Semana",
         "weekly": "Cada semana",
-        "weeks": "Semanas"
+        "weeks": "Semanas",
+        "with_app_password": "con contraseña de aplicación",
+        "year": "año",
+        "years": "años"
     },
     "warning": {
         "domain_added_sogo_failed": "Se agregó el dominio pero no se pudo reiniciar SOGo, revisa los logs del servidor.",
         "fuzzy_learn_error": "Error aprendiendo hash: %s",
-        "ip_invalid": "IP inválida omitida: %s"
+        "ip_invalid": "IP inválida omitida: %s",
+        "cannot_delete_self": "No se puede eliminar el usuario conectado"
+    },
+    "datatables": {
+        "collapse_all": "Contraer todo",
+        "aria": {
+            "sortAscending": ": activar para ordenar ascendentemente según la columna",
+            "sortDescending": ": activar para ordenar descendentemente según la columna"
+        },
+        "infoEmpty": "Mostrando 0 a 0 de 0 apuntes",
+        "paginate": {
+            "last": "Última",
+            "next": "Siguiente",
+            "previous": "Anterior",
+            "first": "Primero"
+        },
+        "processing": "Espere, por favor...",
+        "decimal": ".",
+        "emptyTable": "Sin datos disponibles en la tabla",
+        "expand_all": "Ampliar todo",
+        "info": "Mostrando apuntes _START_ a _END_ de _TOTAL_",
+        "infoFiltered": "(filtrado a partir de _MAX_ entradas totales)",
+        "thousands": ",",
+        "lengthMenu": "Mostrar entradas de _MENU_",
+        "loadingRecords": "Cargando...",
+        "search": "Buscar:",
+        "zeroRecords": "No se han encontrado registros coincidentes"
+    },
+    "fido2": {
+        "set_fido2": "Registrar dispositivo FIDO2",
+        "set_fido2_touchid": "Registrar Touch ID en Apple M1",
+        "set_fn": "Establecer nombre amistoso (fácil de recordar)",
+        "confirm": "Confirmar",
+        "fido2_auth": "Iniciar sesión con FIDO2",
+        "fido2_success": "Dispositivo registrado con éxito",
+        "fido2_validation_failed": "Validación fallida",
+        "fn": "Nombre amistoso (fácil de recordar)",
+        "known_ids": "ID conocidas",
+        "none": "Deshabilitado",
+        "register_status": "Estado de registro",
+        "rename": "Renombrar",
+        "start_fido2_validation": "Iniciar validación FIDO2"
     }
 }
diff --git a/data/web/lang/lang.pt-br.json b/data/web/lang/lang.pt-br.json
index 57a4abd3d..f9c08ef02 100644
--- a/data/web/lang/lang.pt-br.json
+++ b/data/web/lang/lang.pt-br.json
@@ -359,7 +359,12 @@
         "username": "Nome de usuário",
         "validate_license_now": "Valide o GUID em relação ao servidor de licenças",
         "verify": "Verificar",
-        "yes": "✓"
+        "yes": "✓",
+        "iam_client_id": "ID de cliente",
+        "iam_client_secret": "Senha de cliente",
+        "iam_auth_flow": "Fluxo de autenticação",
+        "iam_client_scopes": "Escopo do cliente",
+        "iam_default_template": "Template Padrão"
     },
     "danger": {
         "access_denied": "Acesso negado ou dados de formulário inválidos",
@@ -508,7 +513,7 @@
         "infoFiltered": "(filtrado do total de entradas _MAX_)",
         "infoPostFix": "",
         "thousands": ",",
-        "lengthMenu": "Mostrar _ MENU_ entradas",
+        "lengthMenu": "Mostrar _MENU_ entradas",
         "loadingRecords": "Carregando...",
         "processing": "Por favor, aguarde...",
         "search": "Pesquisa:",
diff --git a/data/web/lang/lang.si-si.json b/data/web/lang/lang.si-si.json
index 474328e38..35c4eaa96 100644
--- a/data/web/lang/lang.si-si.json
+++ b/data/web/lang/lang.si-si.json
@@ -20,7 +20,7 @@
         "sogo_access": "Dovoli upravljanje SOGo dostopa",
         "sogo_profile_reset": "Ponastavi SOGo profil",
         "spam_alias": "Začasni vzdevki",
-        "spam_policy": "Črna lista/Bela lista",
+        "spam_policy": "Seznam zavrnjenih/dovoljenih",
         "spam_score": "Ocena neželene pošte",
         "tls_policy": "Politika TLS",
         "unlimited_quota": "Neomejena kvota za poštne predale",
@@ -172,7 +172,7 @@
         "excludes": "Izključuje te prejemnike",
         "f2b_ban_time": "Čas blokade (s)",
         "f2b_ban_time_increment": "Čas blokade se poveča z vsako blokado",
-        "f2b_blacklist": "Mreže/gostitelji na blacklisti",
+        "f2b_blacklist": "Omrežja/gostitelji na seznamu zavrnjenih",
         "f2b_filter": "Regex filtri",
         "f2b_max_attempts": "Največ poskusov",
         "f2b_max_ban_time": "Maksimalno trajanje blokade (s)",
@@ -181,7 +181,7 @@
         "f2b_parameters": "Fail2ban parametri",
         "f2b_regex_info": "Upoštevajo se dnevniki SOGo, Postfix, Dovecot, PHP-FPM.",
         "f2b_retry_window": "Upoštevan čas (s) za največ poskusov",
-        "f2b_whitelist": "Mreže/gostitelji na whitelisti",
+        "f2b_whitelist": "Omrežja/gostitelji na seznamu dovoljenih",
         "filter_table": "Filtriraj tabelo",
         "from": "Od",
         "generate": "ustvari",
@@ -281,16 +281,16 @@
         "rspamd_com_settings": "Ime nastavitve bo samodejno generirano. Prosim oglejte si primere nastavitev spodaj. Za več informacij si oglejte <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">dokumentacijo Rspamd</a>",
         "rspamd_global_filters": "Globalne preslikave filtrov",
         "rspamd_global_filters_agree": "Previden bom!",
-        "rspamd_global_filters_info": "Globalne preslikave filtrov vsebujejo različne vrste globalnih blacklist in whitelist.",
+        "rspamd_global_filters_info": "Globalni filtri vsebujejo različne vrste globalnih seznamov zavrnjenih in dovoljenih vsebin.",
         "add_admin": "Dodaj skrbnika",
         "add_relayhost_hint": "Prosimo zavedajte se, da se podatki za avtentikacijo, če obstajajo, shranijo v golo besedilo.",
         "admin": "Skrbnik",
         "api_allow_from": "Dovoli API dostop s teh IP naslovov / CIDR mrežnih zapisov",
         "apps_name": "Ime aplikacije v mailcow",
-        "ban_list_info": "Oglejte si seznam blokiranih IP naslovov spodaj: <b>network (remaining ban time) - [actions]</b>.<br />. IPji v vrsti za odstranitev blokade bodo odstranjeni iz aktivnega seznama blokad v nekaj sekundah.<br />Rdeče oznake prikazujejo trajne blokade z blacklisto.",
+        "ban_list_info": "Spodaj si oglejte seznam prepovedanih IP-jev: <b>omrežje (preostali čas prepovedi) - [dejanja]</b>.<br />IP-ji, ki so v čakalni vrsti za odpravo prepovedi, bodo v nekaj sekundah odstranjeni s seznama aktivnih prepovedi.<br />Rdeče oznake označujejo aktivne trajne prepovedi s seznama zavrnjenih.",
         "dkim_key_length": "Dolžina DKIM ključa (v bitih)",
         "dkim_to_title": "Ciljne domene bodo prepisane",
-        "f2b_list_info": "Gostitelj ali omrežje na blacklisti bo vedno prevladal zapis na whitelisti. <b>Apliciranje sprememb seznama traja nekaj sekund.</b>",
+        "f2b_list_info": "Gostitelj ali omrežje na seznamu zavrnjenih bo vedno imelo prednost pred entiteto na seznamu dovoljenih. <b>Posodobitve seznama bodo trajale nekaj sekund, da se uporabijo.</b>",
         "forwarding_hosts": "Gostitelji za posredovanje",
         "forwarding_hosts_add_hint": "Lahko vpišete IPv4/IPv6 naslove, mreže v CIDR obliki, imena gostiteljev (kateri se prevedejo v IP naslove) ali imena domen (katera se prevedejo v IP naslove glede na poizvedbo po SPF zapisih, v primeru manjkajočih zapisov pa MX zapisih).",
         "forwarding_hosts_hint": "Dohodna sporočila so brezpogojno sprejeta od katerih koli gostiteljev v tem seznamu. Ti gostitelji se ne bodo preverjali po DNSBL seznamih in ne bodo dodani v greyliste. Prejeti spam s teh gostiteljev ni nikoli zavrnjen, opcijsko pa se lahko premakne v mapo neželene pošte. Najpogostejša uporaba za to je navedba poštnih strežnikov, iz katerih ste nastavili pravilo za posredovanje pošte na vaš mailcow strežnik.",
@@ -306,7 +306,7 @@
         "relayhosts_hint": "Določite transporte glede na pošiljatelja, da jih lahko izberete v konfiguraciji domene.<br>\nTransportni servis je vedno \"smtp:\" in bo poskušal s TLS ko bo na voljo. Wrapped TLS (SMTPS) ni podprto. Upošteva se uporabnikova politika odhodnega TLS.<br>\nVpliva na izbrane domene vključno z alias domenami.",
         "transport_dest_format": "Regex ali sintaksa: example.org, .example.org, *, box@example.org (več vrednosti ločite z vejico)",
         "transport_test_rcpt_info": "&#8226; Uporabite null@hosted.mailcow.de za testiranje relaya na drugo destinacijo.",
-        "rspamd_global_filters_regex": "Njihovi nazivi pojasnijo njihov namen. Vsa vsebina mora imeti veljaven regular expression v obliki \"/pattern/options\" (npr. <code>/.+@domain\\.tld/i</code>).<br>\nČeprav se v vsaki vrstici regexa izvedejo osnovni pregledi, je lahko funkcionalnost programa Rspamd motena, če sintaksa ni pravilna.<br>\nRspamd bo poskušal prebrati vsebino preslikave, ko bo spremenjena. Če imate težave, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">ponovno zaženite Rspamd</a>, da prisilite ponovno nalaganje preslikav.<br> Elementi z Blackliste so izključeni iz karantene.",
+        "rspamd_global_filters_regex": "Njihovi nazivi pojasnijo njihov namen. Vsa vsebina mora imeti veljaven regular expression v obliki \"/pattern/options\" (npr. <code>/.+@domain\\.tld/i</code>).<br>\nČeprav se v vsaki vrstici regexa izvedejo osnovni pregledi, je lahko funkcionalnost programa Rspamd motena, če sintaksa ni pravilna.<br>\nRspamd bo poskušal prebrati vsebino preslikave, ko bo spremenjena. Če imate težave, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">ponovno zaženite Rspamd</a>, da prisilite ponovno nalaganje preslikav.<br> Elementi na seznamu zavrnjenih so izključeni iz karantene.",
         "rspamd_settings_map": "Preslikava nastavitev Rspamd",
         "sal_level": "Moo stopnja",
         "save": "Shrani spremembe",
@@ -408,7 +408,8 @@
         "restore_template": "Za obnovitev privzete predloge pustite polje prazno.",
         "task": "Naloga",
         "user_link": "Uporabniška povezava",
-        "iam_realm": "Realm"
+        "iam_realm": "Realm",
+        "needs_restart": "potreben je ponovni zagon"
     },
     "danger": {
         "alias_goto_identical": "Alias in goto naslov morata biti identična",
@@ -745,7 +746,7 @@
         "sogo_visible_info": "Ta možnost vpliva samo na objekte, ki jih je mogoče prikazati v SOGo (naslovi aliasov v skupni rabi ali brez nje, ki kažejo na vsaj en lokalni poštni predal). Če je skrita, vzdevek ne bo prikazan kot izbirni pošiljatelj v SOGo.",
         "spam_alias": "Ustvarjanje ali spreminjanje časovno omejenih vzdevkovnih naslovov",
         "spam_filter": "Filter neželene pošte",
-        "spam_policy": "Dodajanje ali odstranjevanje elementov na beli/črni seznam",
+        "spam_policy": "Dodajanje ali odstranjevanje elementov na seznam dovoljenih/zavrnjenih",
         "spam_score": "Nastavite oceno neželene pošte po meri",
         "subfolder2": "Sinhroniziraj v podmapo na cilju<br><small>(prazno = ne uporabi podmape)</small>",
         "syncjob": "Urejanje sinhronizacijskega opravila",
@@ -1013,7 +1014,7 @@
         "medium_danger": "Srednje",
         "notified": "Obveščen",
         "low_danger": "Nizko",
-        "qinfo": "Sistem karantene bo zavrnjeno pošto shranil v zbirko podatkov (pošiljatelj ne bo imel vtisa, da je bila pošta dostavljena), prav tako pa bo pošto, ki bo dostavljena kot kopija, shranil v mapo »Neželena pošta« v nabiralniku.\n<br>»Uči kot neželeno pošto in izbriši« bo sporočilo prepoznal kot neželeno pošto prek Bayesovega izreka in izračunal tudi mehke zgoščene vrednosti, da bi v prihodnje zavrnil podobna sporočila.\n<br>Upoštevajte, da je učenje več sporočil lahko – odvisno od vašega sistema – zamudno.<br>Elementi na črnem seznamu so izključeni iz karantene.",
+        "qinfo": "Sistem karantene bo zavrnjeno pošto shranil v zbirko podatkov (pošiljatelj ne bo imel vtisa, da je bila pošta dostavljena), prav tako pa bo pošto, ki bo dostavljena kot kopija, shranil v mapo »Neželena pošta« v nabiralniku.\n<br>»Uči kot neželeno pošto in izbriši« bo sporočilo prepoznal kot neželeno pošto prek Bayesovega izreka in izračunal tudi mehke zgoščene vrednosti, da bi v prihodnje zavrnil podobna sporočila.\n<br>Upoštevajte, da je učenje več sporočil lahko – odvisno od vašega sistema – zamudno.<br>Elementi na seznamu zavrnjenih so izključeni iz karantene.",
         "junk_folder": "Mapa z neželeno pošto",
         "action": "Dejanje",
         "atts": "Priloge",
@@ -1232,8 +1233,8 @@
         "pushover_vars": "Če filter pošiljatelja ni definiran, bodo upoštevana vsa e-poštna sporočila.<br>Filtre regularnih izrazov in natančna preverjanja pošiljateljev je mogoče definirati posamično in bodo obravnavana zaporedno. Niso odvisna drug od drugega.<br>Uporabne spremenljivke za besedilo in naslov (upoštevajte pravilnike o varstvu podatkov)",
         "quarantine_notification_info": "Ko je obvestilo poslano, bodo elementi označeni kot »obveščeni« in za ta določen element ne bodo poslana nobena nadaljnja obvestila.",
         "verify": "Preveri",
-        "spamfilter_bl_desc": "E-poštni naslovi na črnem seznamu, ki jih <b>vedno</b> razvrstite kot neželeno pošto in zavrnete. Zavrnjena pošta <b>ne</b> bo kopirana v karanteno. Uporabite lahko nadomestne znake. Filter se uporabi samo za neposredne vzdevke (vzdevke z enim samim ciljnim nabiralnikom), izključujoč vseobsegajoče vzdevke in sam nabiralnik.",
-        "spamfilter_wl_desc": "E-poštni naslovi na belem seznamu so programirani tako, da se <b>nikoli</b> ne razvrstijo kot neželena pošta. Uporabijo se lahko nadomestni znaki. Filter se uporabi samo za neposredne vzdevke (vzdevke z enim samim ciljnim poštnim predalom), izključujoč vseobsegajoče vzdevke in sam poštni predal.",
+        "spamfilter_bl_desc": "E-poštni naslovi na seznamu zavrnjenih, ki bodo <b>vedno</b> razvrščeni kot neželena pošta in zavrnjeni. Zavrnjena pošta <b>ne</b> bo kopirana v karanteno. Uporabite lahko nadomestne znake. Filter se uporabi samo za neposredne vzdevke (vzdevke z enim samim ciljnim nabiralnikom), izključujoč vseobsegajoče vzdevke in sam nabiralnik.",
+        "spamfilter_wl_desc": "E-poštni naslovi na seznamu dovoljenih so programirani tako, da se <b>nikoli</b> ne razvrstijo kot neželena pošta. Uporabijo se lahko nadomestni znaki. Filter se uporabi samo za neposredne vzdevke (vzdevke z enim samim ciljnim poštnim predalom), izključujoč vseobsegajoče vzdevke in sam poštni predal.",
         "tls_policy_warning": "<strong>Opozorilo:</strong> Če se odločite za uveljavitev šifriranega prenosa pošte, lahko izgubite e-pošto.<br>Sporočila, ki ne ustrezajo pravilniku, bo poštni sistem zavrnil s popolno napako.<br>Ta možnost velja za vaš primarni e-poštni naslov (prijavno ime), vse naslove, izpeljane iz vzdevkov domen, in vzdevke, <b>ki imajo samo ta en poštni predal</b> kot cilj.",
         "allowed_protocols": "Dovoljeni protokoli",
         "title": "Naslov",
@@ -1341,7 +1342,7 @@
         "spam_score_reset": "Ponastavi na privzete nastavitve strežnika",
         "spamfilter": "Filter neželene pošte",
         "spamfilter_behavior": "Ocena",
-        "spamfilter_bl": "Črna lista",
+        "spamfilter_bl": "Seznam zavrnjenih",
         "spamfilter_default_score": "Privzete vrednosti",
         "spamfilter_green": "Zelena: to sporočilo ni neželena pošta",
         "spamfilter_hint": "Prva vrednost opisuje »nizko oceno neželene pošte«, druga pa »visoko oceno neželene pošte«.",
@@ -1352,7 +1353,7 @@
         "spamfilter_table_empty": "Ni podatkov za prikaz",
         "spamfilter_table_remove": "odstrani",
         "spamfilter_table_rule": "Pravilo",
-        "spamfilter_wl": "Bela lista",
+        "spamfilter_wl": "Seznam dovoljenih",
         "spamfilter_yellow": "Rumena: to sporočilo je morda neželena pošta, označeno bo kot neželena pošta in premaknjeno v mapo z neželeno pošto",
         "status": "Stanje",
         "sync_jobs": "Sinhronizacija opravil",

From 6b8e981bdc4e647c9c39638c259d4ff7b1945e2d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Paul=20S=C3=BCtterlin?= <paul@paulsuetterlin.de>
Date: Sat, 26 Jul 2025 01:06:24 +0000
Subject: [PATCH 598/755] fix: Only use HTTP_ORIGIN if it is sent.

---
 data/web/inc/functions.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index edf428d5a..55329e73a 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2211,7 +2211,7 @@ function cors($action, $data = null) {
       $cors_settings['allowed_origins'] = $allowed_origins[0];
       if (in_array('*', $allowed_origins)){
         $cors_settings['allowed_origins'] = '*';
-      } else if (in_array($_SERVER['HTTP_ORIGIN'], $allowed_origins)) {
+      } else if (array_key_exists('HTTP_ORIGIN', $_SERVER) && in_array($_SERVER['HTTP_ORIGIN'], $allowed_origins)) {
         $cors_settings['allowed_origins'] = $_SERVER['HTTP_ORIGIN'];
       }
       // always allow OPTIONS for preflight request

From 3d5b57889a3169dbe835febd4a832701684af44b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Paul=20S=C3=BCtterlin?= <paul@paulsuetterlin.de>
Date: Sat, 26 Jul 2025 01:08:16 +0000
Subject: [PATCH 599/755] fix: Empty App Links

The return value of the function caused a warning
in header.inc.php:42 if no additional links were set.

header.inc.php is the only caller of this function,
thus it is safe to return an empty array here.
---
 data/web/inc/functions.customize.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/functions.customize.inc.php b/data/web/inc/functions.customize.inc.php
index 1d19066d2..56527ff96 100644
--- a/data/web/inc/functions.customize.inc.php
+++ b/data/web/inc/functions.customize.inc.php
@@ -293,7 +293,7 @@ function customize($_action, $_item, $_data = null) {
           }
 
           if (empty($app_links)){
-            return false;
+            return [];
           }
 
           // convert from old style

From ad9b328ed56316efbfb8606088897194ba2bb20f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Paul=20S=C3=BCtterlin?= <paul@paulsuetterlin.de>
Date: Sat, 26 Jul 2025 01:12:48 +0000
Subject: [PATCH 600/755] fix: Undefined array key "pending_tfa_methods" in
 /web/inc/footer.inc.php on line 29

---
 data/web/inc/footer.inc.php | 36 +++++++++++++++++++-----------------
 1 file changed, 19 insertions(+), 17 deletions(-)

diff --git a/data/web/inc/footer.inc.php b/data/web/inc/footer.inc.php
index ac1bff033..ecc4ddce1 100644
--- a/data/web/inc/footer.inc.php
+++ b/data/web/inc/footer.inc.php
@@ -26,23 +26,25 @@ if (is_array($alertbox_log_parser)) {
 
 // map tfa details for twig
 $pending_tfa_authmechs = [];
-foreach($_SESSION['pending_tfa_methods'] as $authdata){
-  $pending_tfa_authmechs[$authdata['authmech']] = false;
-}
-if (isset($pending_tfa_authmechs['webauthn'])) {
-  $pending_tfa_authmechs['webauthn'] = true;
-}
-if (!isset($pending_tfa_authmechs['webauthn']) 
-    && isset($pending_tfa_authmechs['yubi_otp'])) {
-  $pending_tfa_authmechs['yubi_otp'] = true;
-}
-if (!isset($pending_tfa_authmechs['webauthn']) 
-    && !isset($pending_tfa_authmechs['yubi_otp'])
-    && isset($pending_tfa_authmechs['totp'])) {
-  $pending_tfa_authmechs['totp'] = true;
-}
-if (isset($pending_tfa_authmechs['u2f'])) {
-  $pending_tfa_authmechs['u2f'] = true;
+if (array_key_exists('pending_tfa_methods', $_SESSION)) {
+  foreach($_SESSION['pending_tfa_methods'] as $authdata){
+    $pending_tfa_authmechs[$authdata['authmech']] = false;
+  }
+  if (isset($pending_tfa_authmechs['webauthn'])) {
+    $pending_tfa_authmechs['webauthn'] = true;
+  }
+  if (!isset($pending_tfa_authmechs['webauthn']) 
+      && isset($pending_tfa_authmechs['yubi_otp'])) {
+    $pending_tfa_authmechs['yubi_otp'] = true;
+  }
+  if (!isset($pending_tfa_authmechs['webauthn']) 
+      && !isset($pending_tfa_authmechs['yubi_otp'])
+      && isset($pending_tfa_authmechs['totp'])) {
+    $pending_tfa_authmechs['totp'] = true;
+  }
+  if (isset($pending_tfa_authmechs['u2f'])) {
+    $pending_tfa_authmechs['u2f'] = true;
+  }
 }
 
 // globals

From 795bcdc5d225f69eb64793adedb10041f46953a2 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sun, 27 Jul 2025 19:30:10 +0200
Subject: [PATCH 601/755] [Web] Updated lang.ru-ru.json (#6654)

---
 data/web/lang/lang.ru-ru.json | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index e17327978..b0180256d 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -184,7 +184,7 @@
         "excludes": "Исключает этих получателей",
         "f2b_ban_time": "Время бана (в секундах)",
         "f2b_ban_time_increment": "Время бана увеличивается с каждым баном",
-        "f2b_blacklist": "Черный список подсетей/хостов",
+        "f2b_blacklist": "Черный список сетей/хостов",
         "f2b_filter": "Правила фильтрации с помощью регулярных выражений",
         "f2b_list_info": "Хосты или подсети, занесенные в черный список, всегда будут перевешивать объекты из белого списка. <b>Обновление списка займет несколько секунд.</b>",
         "f2b_manage_external": "Внешнее управление Fail2Ban",
@@ -196,7 +196,7 @@
         "f2b_parameters": "Настройки Fail2ban",
         "f2b_regex_info": "Журналы которые принимаются во внимание: SOGo, Postfix, Dovecot, PHP-FPM.",
         "f2b_retry_window": "Промежуток времени для следующего бана (в секундах)",
-        "f2b_whitelist": "Белый список подсетей/хостов",
+        "f2b_whitelist": "Белый список сетей/хостов",
         "filter_table": "Поиск",
         "forwarding_hosts": "Переадресация хостов",
         "forwarding_hosts_add_hint": "Можно указывать: IPv4/IPv6 подсети в нотации CIDR, имена хостов (которые будут разрешаться в IP-адреса) или доменные имена (которые будут решаться с IP-адресами путем запроса SPF записей или, в случае их отсутствия - запросом MX записей).",
@@ -319,7 +319,7 @@
         "rspamd_global_filters": "Глобальные правила фильтрации",
         "rspamd_global_filters_agree": "Я понимаю, что я делаю, и буду осторожен!",
         "rspamd_global_filters_info": "Глобальные правила фильтрации содержат различные виды глобальных черных и белых списков.",
-        "rspamd_global_filters_regex": "Названия фильтров отражают их предназначение. Все правила должены состоять из регулярных выражений в формате \"/pattern/options\" (например: <code>/.+@domain\\.tld/i</code>).<br>\r\nНесмотря на то, что перед сохранением правил выполняется проверка регулярных выражений, функциональность Rspamds может быть нарушена, если будет использован<br>\r\n некорректный синтаксис. Будьте внимательны при написании правил.<br>Электронные письма от адресов электронной почты, проходящие по регулярным выражениям черных списков, будут отклонены без сохранения в карантин.<br>\r\n Rspamd попытается прочитать содержимое правил при их изменении. Но, если что, вы можете <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">перезапустить Rspamd</a>, чтобы принять последние изменения принудительно.",
+        "rspamd_global_filters_regex": "Названия фильтров отражают их предназначение. Все правила должны состоять из регулярных выражений в формате \"/pattern/options\" (например: <code>/.+@domain\\.tld/i</code>).<br>\nНесмотря на то, что перед сохранением правил выполняется проверка регулярных выражений, функциональность Rspamds может быть нарушена, если будет использован<br>\n некорректный синтаксис. Будьте внимательны при написании правил.<br>Электронные письма от адресов электронной почты, проходящие по регулярным выражениям черных списков, будут отклонены без сохранения в карантин.<br>\n Rspamd попытается прочитать содержимое правил при их изменении. Но, если что, вы можете <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">перезапустить Rspamd</a>, чтобы принять последние изменения принудительно.",
         "rspamd_settings_map": "Правила Rspamd",
         "sal_level": "Уровень Муу",
         "save": "Сохранить изменения",
@@ -408,7 +408,8 @@
         "iam_host": "Хост",
         "iam_host_info": "Укажите один или несколько LDAP-хостов через запятую.",
         "iam_import_users": "Импорт пользователей",
-        "admin_quicklink": "Скрыть ссылку на вход для администраторов"
+        "admin_quicklink": "Скрыть ссылку на вход для администраторов",
+        "needs_restart": "необходим перезапуск"
     },
     "danger": {
         "access_denied": "Доступ запрещён, или указаны неверные данные",
@@ -750,7 +751,7 @@
         "sogo_visible_info": "Влияет только на объекты, которые могут отображаться в SOGo (персональные или общие псевдонимы, указывающие как минимум на один локальный почтовый аккаунт). Учтите, что если функция отключена, у пользователей не будет возможности выбрать адрес псевдонима в качестве отправителя в SOGo.",
         "spam_alias": "Создать или изменить временные (спам) псевдонимы",
         "spam_filter": "Спам фильтр",
-        "spam_policy": "Добавление или удаление элементов в белом/черном списке",
+        "spam_policy": "Добавить или удалить элементы белого/черного списка",
         "spam_score": "Задать индивидуальное определение спама",
         "subfolder2": "Синхронизировать в подпапку<br><small>(пусто = в корень)</small>",
         "syncjob": "Изменить задание синхронизации",
@@ -1039,7 +1040,7 @@
         "notified": "Увед.",
         "qhandler_success": "Запрос успешно отправлен в систему. Теперь вы можете закрыть окно.",
         "qid": "Rspamd QID",
-        "qinfo": "Карантин сохраняет входящие сообщения, классифицированные как нежелательные, в базу данных.\r\n  <br>Отправители писем, которые помечены как отвергнутые, будут уверены что их письма <b>не</b> были доставлены вам.\r\n  <br>\"Освободить из карантина\" изучит сообщение как полезную почту; по теореме Байеса и доставит его вам в Inbox.\r\n  <br>\"Запомнить как спам и удалить\" изучит сообщение как спам по теореме Байеса, а также вычислит нечёткие хэши, чтобы лучше блокировать подобные сообщения в дальнейшем.\r\n  <br>Учтите, что в зависимости от технических характеристик вашей системы, изучение большого количества сообщений может занять много времени.",
+        "qinfo": "Карантин сохраняет входящие сообщения, классифицированные как нежелательные, в базу данных.\n  <br>Отправители писем, которые помечены как отвергнутые, будут уверены что их письма <b>не</b> были доставлены вам.\n  <br>\"Освободить из карантина\" изучит сообщение как полезную почту; по теореме Байеса и доставит его вам в Inbox.\n  <br>\"Запомнить как спам и удалить\" изучит сообщение как спам по теореме Байеса, а также вычислит нечёткие хэши, чтобы лучше блокировать подобные сообщения в дальнейшем.\n  <br>Учтите, что в зависимости от технических характеристик вашей системы, изучение большого количества сообщений может занять много времени.",
         "qitem": "Обьект карантина",
         "quarantine": "Карантин",
         "quick_actions": "Действия",

From 2e9ba1e9b31deec42b0cbdde4889bce3fb4a91b1 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Tue, 5 Aug 2025 00:37:47 +0200
Subject: [PATCH 602/755] update postscreen_access.cidr (#6660)

---
 data/conf/postfix/postscreen_access.cidr | 38 ++++++++++++++++--------
 1 file changed, 26 insertions(+), 12 deletions(-)

diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr
index 259bd062b..4453feca3 100644
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@@ -1,6 +1,6 @@
-# Whitelist generated by Postwhite v3.4 on Tue Jul  1 00:22:55 UTC 2025
+# Whitelist generated by Postwhite v3.4 on Fri Aug  1 00:24:14 UTC 2025
 # https://github.com/stevejenkins/postwhite/
-# 2105 total rules
+# 2166 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
 2a01:111:f403:8000::/50	permit
@@ -42,7 +42,7 @@
 8.40.222.0/23	permit
 8.40.222.250/31	permit
 12.130.86.238	permit
-13.107.246.51	permit
+13.107.253.40	permit
 13.110.208.0/21	permit
 13.110.209.0/24	permit
 13.110.216.0/22	permit
@@ -120,7 +120,6 @@
 27.123.206.56/29	permit
 27.123.206.76/30	permit
 27.123.206.80/28	permit
-31.25.48.222	permit
 31.47.251.17	permit
 31.186.239.0/24	permit
 34.2.64.0/22	permit
@@ -156,6 +155,7 @@
 34.218.115.239	permit
 34.218.116.3	permit
 34.225.212.172	permit
+34.241.242.183	permit
 35.83.148.184	permit
 35.155.198.111	permit
 35.158.23.94	permit
@@ -256,6 +256,7 @@
 50.112.246.219	permit
 52.1.14.157	permit
 52.5.230.59	permit
+52.6.74.205	permit
 52.12.53.23	permit
 52.13.214.179	permit
 52.26.1.71	permit
@@ -329,7 +330,6 @@
 62.13.144.0/21	permit
 62.13.152.0/21	permit
 62.17.146.128/26	permit
-62.179.121.0/24	permit
 62.201.172.0/27	permit
 62.201.172.32/27	permit
 62.253.227.114	permit
@@ -352,6 +352,7 @@
 64.127.115.252	permit
 64.132.88.0/23	permit
 64.132.92.0/24	permit
+64.181.194.190	permit
 64.207.219.7	permit
 64.207.219.8	permit
 64.207.219.9	permit
@@ -408,7 +409,6 @@
 65.154.166.0/24	permit
 65.212.180.36	permit
 66.102.0.0/20	permit
-66.102.0.0/21	permit
 66.119.150.192/26	permit
 66.163.184.0/24	permit
 66.163.185.0/24	permit
@@ -658,9 +658,6 @@
 82.165.159.45	permit
 82.165.159.130	permit
 82.165.159.131	permit
-84.116.6.0/23	permit
-84.116.36.0/24	permit
-84.116.50.0/23	permit
 85.158.136.0/21	permit
 86.61.88.25	permit
 87.238.80.0/21	permit
@@ -701,12 +698,13 @@
 87.248.117.205	permit
 87.253.232.0/21	permit
 89.22.108.0/24	permit
+91.198.2.0/24	permit
 91.211.240.0/22	permit
-94.169.2.0/23	permit
 94.236.119.0/26	permit
 94.245.112.0/27	permit
 94.245.112.10/31	permit
 95.131.104.0/21	permit
+95.217.114.154	permit
 96.43.144.0/20	permit
 96.43.144.64/28	permit
 96.43.144.64/31	permit
@@ -1344,7 +1342,7 @@
 108.174.6.215	permit
 108.175.18.45	permit
 108.175.30.45	permit
-108.177.8.0/21	permit
+108.177.8.0/22	permit
 108.177.96.0/19	permit
 108.179.144.0/20	permit
 109.237.142.0/24	permit
@@ -1429,6 +1427,8 @@
 132.226.26.225	permit
 132.226.49.32	permit
 132.226.56.24	permit
+134.128.64.0/19	permit
+134.128.96.0/19	permit
 134.170.27.8	permit
 134.170.113.0/26	permit
 134.170.141.64/26	permit
@@ -1618,10 +1618,14 @@
 168.245.127.231	permit
 169.148.129.0/24	permit
 169.148.131.0/24	permit
+169.148.138.0/24	permit
 169.148.142.10	permit
 169.148.144.0/25	permit
 169.148.144.10	permit
 169.148.146.0/23	permit
+169.148.174.33	permit
+169.148.175.3	permit
+169.148.188.0/24	permit
 169.148.188.182	permit
 170.10.128.0/24	permit
 170.10.129.0/24	permit
@@ -1662,6 +1666,8 @@
 182.50.78.64/28	permit
 183.240.219.64/29	permit
 185.4.120.0/22	permit
+185.11.253.128/27	permit
+185.11.255.0/24	permit
 185.12.80.0/22	permit
 185.28.196.0/22	permit
 185.58.84.93	permit
@@ -1672,6 +1678,8 @@
 185.138.56.128/25	permit
 185.189.236.0/22	permit
 185.211.120.0/22	permit
+185.233.188.0/23	permit
+185.233.190.0/23	permit
 185.250.236.0/22	permit
 185.250.239.148	permit
 185.250.239.168	permit
@@ -1746,6 +1754,9 @@
 193.109.254.0/23	permit
 193.122.128.100	permit
 193.123.56.63	permit
+193.142.157.0/24	permit
+193.142.157.191	permit
+193.142.157.198	permit
 194.19.134.0/25	permit
 194.64.234.129	permit
 194.97.196.0/24	permit
@@ -1865,6 +1876,8 @@
 204.92.114.187	permit
 204.92.114.203	permit
 204.92.114.204/31	permit
+204.141.32.0/23	permit
+204.141.42.0/23	permit
 204.216.164.202	permit
 204.220.160.0/21	permit
 204.220.168.0/21	permit
@@ -2039,7 +2052,8 @@
 212.227.126.225	permit
 212.227.126.226	permit
 212.227.126.227	permit
-213.46.255.0/24	permit
+213.95.19.64/27	permit
+213.95.135.4	permit
 213.199.128.139	permit
 213.199.128.145	permit
 213.199.138.181	permit

From 7557802933e3f454acae79fcd684441695c7b376 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Tue, 5 Aug 2025 06:37:55 +0200
Subject: [PATCH 603/755] [Web] Updated lang.de-de.json (#6661)

Co-authored-by: whitehotaru <whitehotaru@posteo.net>
---
 data/web/lang/lang.de-de.json | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index df41b8946..5887499b3 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -198,8 +198,8 @@
         "f2b_retry_window": "Wiederholungen im Zeitraum von (s)",
         "f2b_whitelist": "Allowliste für Netzwerke und Hosts",
         "filter_table": "Tabelle filtern",
-        "force_sso_text": "Wenn ein externer OIDC-Provider konfiguriert ist, blendet diese Option die mailcow Loginform aus und zeigt nur den Single Sign-On-Button an.",
-        "force_sso": "mailcow Login deaktivieren und nur Single Sign-On anzeigen",
+        "force_sso_text": "Wenn ein externer OIDC-Provider konfiguriert ist, blendet diese Option die mailcow-Loginform aus und zeigt nur den Single-Sign-On-Button an.",
+        "force_sso": "mailcow-Login deaktivieren und nur Single Sign-On anzeigen",
         "forwarding_hosts": "Weiterleitungs-Hosts",
         "forwarding_hosts_add_hint": "Sie können entweder IPv4-/IPv6-Adressen, Netzwerke in CIDR-Notation, Hostnamen (die zu IP-Adressen aufgelöst werden), oder Domainnamen (die zu IP-Adressen aufgelöst werden, indem ihr SPF-Record abgefragt wird oder, in dessen Abwesenheit, ihre MX-Records) angeben.",
         "forwarding_hosts_hint": "Eingehende Nachrichten werden von den hier gelisteten Hosts bedingungslos akzeptiert. Diese Hosts werden dann nicht mit DNSBLs abgeglichen oder Greylisting unterworfen. Von ihnen empfangener Spam wird nie abgelehnt, optional kann er aber in den Spam-Ordner einsortiert werden. Die übliche Verwendung für diese Funktion ist, um Mailserver anzugeben, auf denen eine Weiterleitung zu Ihrem mailcow-Server eingerichtet wurde.",
@@ -548,7 +548,8 @@
         "yotp_verification_failed": "Yubico OTP-Verifizierung fehlgeschlagen: %s",
         "template_exists": "Vorlage %s existiert bereits",
         "template_id_invalid": "Vorlagen-ID %s ungültig",
-        "template_name_invalid": "Name der Vorlage ungültig"
+        "template_name_invalid": "Name der Vorlage ungültig",
+        "required_data_missing": "Die benötigten Daten: %s fehlen"
     },
     "datatables": {
         "collapse_all": "Alle Einklappen",
@@ -942,7 +943,7 @@
         "recipient_map_new": "Neuer Empfänger",
         "recipient_map_new_info": "Der neue Empfänger muss eine E-Mail-Adresse oder ein Domainname sein.",
         "recipient_map_old": "Original-Empfänger",
-        "recipient_map_old_info": "Der originale Empfänger muss eine E-Mail-Adresse oder ein Domainname sein.",
+        "recipient_map_old_info": "Der originäre Empfänger muss eine E-Mail-Adresse oder ein Domainname sein.",
         "recipient_maps": "Empfängerumschreibungen",
         "relay_all": "Alle Empfänger-Adressen relayen",
         "relay_unknown": "Unbekannte Mailboxen relayen",
@@ -1328,7 +1329,7 @@
         "spamfilter": "Spamfilter",
         "spamfilter_behavior": "Bewertung",
         "spamfilter_bl": "Denyliste",
-        "spamfilter_bl_desc": "Für E-Mail-Adressen, die vom Spamfilter <b>immer</b> als Spam erfasst und abgelehnt werden. Die Quarantäne-Funktion ist für diese Nachrichten deaktiviert. Die Verwendung von Wildcards ist gestattet. Ein Filter funktioniert lediglich für direkte nicht-\"Catch All\" Alias-Adressen (Alias-Adressen mit lediglich einer Mailbox als Ziel-Adresse) sowie die Mailbox-Adresse selbst.",
+        "spamfilter_bl_desc": "Für E-Mail-Adressen, die vom Spamfilter <b>immer</b> als Spam erfasst und abgelehnt werden. Die Quarantäne-Funktion ist für diese Nachrichten <b>deaktiviert</b>. Die Verwendung von Wildcards ist gestattet. Ein Filter funktioniert lediglich für direkte Nicht-„Catch-All“-Alias-Adressen (Alias-Adressen mit lediglich einer Mailbox als Ziel-Adresse) sowie die Mailbox-Adresse selbst.",
         "spamfilter_default_score": "Standardwert",
         "spamfilter_green": "Grün: Die Nachricht ist kein Spam",
         "spamfilter_hint": "Der erste Wert beschreibt den \"low spam score\", der zweite Wert den \"high spam score\".",
@@ -1340,7 +1341,7 @@
         "spamfilter_table_remove": "Entfernen",
         "spamfilter_table_rule": "Regel",
         "spamfilter_wl": "Allowliste",
-        "spamfilter_wl_desc": "Für E-Mail-Adressen, die vom Spamfilter <b>nicht</b> erfasst werden sollen. Die Verwendung von Wildcards ist gestattet. Ein Filter funktioniert lediglich für direkte nicht-\"Catch All\" Alias-Adressen (Alias-Adressen mit lediglich einer Mailbox als Ziel-Adresse) sowie die Mailbox-Adresse selbst.",
+        "spamfilter_wl_desc": "Für E-Mail-Adressen, die vom Spamfilter <b>nicht</b> erfasst werden sollen. Die Verwendung von Wildcards ist gestattet. Ein Filter funktioniert lediglich für direkte Nicht-„Catch-All“-Alias-Adressen (Alias-Adressen mit lediglich einer Mailbox als Ziel-Adresse) sowie die Mailbox-Adresse selbst.",
         "spamfilter_yellow": "Gelb: Die Nachricht ist vielleicht Spam, wird als Spam markiert und in den Junk-Ordner verschoben",
         "status": "Status",
         "sync_jobs": "Sync Jobs",

From 360fe0349734098bd9da75841c8cd221fbf8c32f Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Tue, 5 Aug 2025 16:01:47 +0200
Subject: [PATCH 604/755] sogo: update to 5.12.3

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index f447dea4a..02ca8f9a2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -200,7 +200,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: ghcr.io/mailcow/sogo:1.133
+      image: ghcr.io/mailcow/sogo:1.134
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}

From 69420113f74bacf3264fd5bbb5c93202e4f43be8 Mon Sep 17 00:00:00 2001
From: Markus Machatschek <markus.machatschek@hey.com>
Date: Wed, 6 Aug 2025 08:33:11 +0200
Subject: [PATCH 605/755] rspamd: update rspamd to 3.12.1 (#6643)

* rspamd: update rspamd to 3.12.1

* compose: correct rspamd tag + pushed image

---------

Co-authored-by: DerLinkman <niklas.meyer@servercow.de>
---
 data/Dockerfiles/rspamd/Dockerfile | 2 +-
 docker-compose.yml                 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/rspamd/Dockerfile b/data/Dockerfiles/rspamd/Dockerfile
index 68b38d3a7..e46981aa4 100644
--- a/data/Dockerfiles/rspamd/Dockerfile
+++ b/data/Dockerfiles/rspamd/Dockerfile
@@ -2,7 +2,7 @@ FROM debian:bookworm-slim
 LABEL maintainer="The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG RSPAMD_VER=rspamd_3.11.1-1~ab0b44951
+ARG RSPAMD_VER=rspamd_3.12.1-1~6dbfca2fa
 ARG CODENAME=bookworm
 ENV LC_ALL=C
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 02ca8f9a2..e6b5dc20d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -84,7 +84,7 @@ services:
             - clamd
 
     rspamd-mailcow:
-      image: ghcr.io/mailcow/rspamd:2.2
+      image: ghcr.io/mailcow/rspamd:2.3
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow

From 1fc36263dce6312b0b7e403089d3880411cb1e1a Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 6 Aug 2025 08:33:41 +0200
Subject: [PATCH 606/755] chore(deps): update dependency krakjoe/apcu to
 v5.1.26 (#6656)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 data/Dockerfiles/phpfpm/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index ff333f5b3..6d0cfdd36 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -3,7 +3,7 @@ FROM php:8.2-fpm-alpine3.21
 LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
 # renovate: datasource=github-tags depName=krakjoe/apcu versioning=semver-coerced extractVersion=^v(?<version>.*)$
-ARG APCU_PECL_VERSION=5.1.24
+ARG APCU_PECL_VERSION=5.1.26
 # renovate: datasource=github-tags depName=Imagick/imagick versioning=semver-coerced extractVersion=(?<version>.*)$
 ARG IMAGICK_PECL_VERSION=3.8.0
 # renovate: datasource=github-tags depName=php/pecl-mail-mailparse versioning=semver-coerced extractVersion=^v(?<version>.*)$

From 728fcdb37537eab42bd7f00da30ec35f3a2f1805 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 6 Aug 2025 08:34:30 +0200
Subject: [PATCH 607/755] Update dependency tianon/gosu to v1.17 (#6640)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 data/Dockerfiles/dovecot/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index 9e49d88cc..10e141ab8 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -3,7 +3,7 @@ FROM alpine:3.21
 LABEL maintainer="The Infrastructure Company GmbH <info@servercow.de>"
 
 # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced extractVersion=^(?<version>.*)$
-ARG GOSU_VERSION=1.16
+ARG GOSU_VERSION=1.17
 
 ENV LANG=C.UTF-8
 ENV LC_ALL=C.UTF-8

From 14d58c8163b2b8d210e08adc1d1b32e294f6ebcc Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 6 Aug 2025 08:34:53 +0200
Subject: [PATCH 608/755] Update dependency phpredis/phpredis to v6.2.0 (#6639)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 data/Dockerfiles/phpfpm/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index 6d0cfdd36..483b90fcb 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -11,7 +11,7 @@ ARG MAILPARSE_PECL_VERSION=3.1.8
 # renovate: datasource=github-tags depName=php-memcached-dev/php-memcached versioning=semver-coerced extractVersion=^v(?<version>.*)$
 ARG MEMCACHED_PECL_VERSION=3.2.0
 # renovate: datasource=github-tags depName=phpredis/phpredis versioning=semver-coerced extractVersion=(?<version>.*)$
-ARG REDIS_PECL_VERSION=6.1.0
+ARG REDIS_PECL_VERSION=6.2.0
 # renovate: datasource=github-tags depName=composer/composer versioning=semver-coerced extractVersion=(?<version>.*)$
 ARG COMPOSER_VERSION=2.8.6
 

From 3803b5d3513ed64177bcef067b768408dab10fc2 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 6 Aug 2025 08:35:14 +0200
Subject: [PATCH 609/755] Update dependency php-memcached-dev/php-memcached to
 v3.3.0 (#6638)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 data/Dockerfiles/phpfpm/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index 483b90fcb..e7b43790b 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -9,7 +9,7 @@ ARG IMAGICK_PECL_VERSION=3.8.0
 # renovate: datasource=github-tags depName=php/pecl-mail-mailparse versioning=semver-coerced extractVersion=^v(?<version>.*)$
 ARG MAILPARSE_PECL_VERSION=3.1.8
 # renovate: datasource=github-tags depName=php-memcached-dev/php-memcached versioning=semver-coerced extractVersion=^v(?<version>.*)$
-ARG MEMCACHED_PECL_VERSION=3.2.0
+ARG MEMCACHED_PECL_VERSION=3.3.0
 # renovate: datasource=github-tags depName=phpredis/phpredis versioning=semver-coerced extractVersion=(?<version>.*)$
 ARG REDIS_PECL_VERSION=6.2.0
 # renovate: datasource=github-tags depName=composer/composer versioning=semver-coerced extractVersion=(?<version>.*)$

From 88bf9b02e112bced1d37c69a885d8dbad4cd657a Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 6 Aug 2025 08:36:40 +0200
Subject: [PATCH 610/755] core: modules splitting + ipv6 nat rewrite (#6634)

* ipv6: added ipv6 detection + removed ip6 nat container

* nginx: renamed DISABLE_IPv6 to ENABLE_IPV6 to align

* initial commit for script overhauls

* rewrite to scripts after testing (improved error handling)

* fixed missing fi in update.sh

* fixed/added comments for modules

* fix broken EXIT_CODE var handling

* added jq as dependancy

* fixed docker version check for daemon

* improved _modules handling while running

* reintegrated module loading (update.sh)

* added error handling for blank daemon.json

* adapted removal of ACME_CONTACT for nightly

* move detect_major_update func to core submodule

* removed unnecessary message on every call of function

* Update _modules/scripts/new_options.sh

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update _modules/scripts/core.sh

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* improve ENABLE_IPV6 check in nginx bootstrap

* improve detection of ENABLE_IPV6

* ip6_controller: moved docker major detection upwards

* Update _modules/scripts/new_options.sh

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update _modules/scripts/new_options.sh

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* reuse DOCKER_MAJOR Variable in ip6_controller

* fix some smaller typos in update.sh

* smaller bugfixes in submodules

* completely remove ACME_CONTACT Variable

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 _modules/scripts/core.sh            |  223 +++++
 _modules/scripts/ipv6_controller.sh |  168 ++++
 _modules/scripts/migrate_options.sh |   96 +++
 _modules/scripts/new_options.sh     |  299 +++++++
 data/Dockerfiles/nginx/bootstrap.py |    4 +-
 docker-compose.yml                  |   35 +-
 generate_config.sh                  |  104 +--
 update.sh                           | 1227 ++-------------------------
 8 files changed, 869 insertions(+), 1287 deletions(-)
 create mode 100644 _modules/scripts/core.sh
 create mode 100644 _modules/scripts/ipv6_controller.sh
 create mode 100644 _modules/scripts/migrate_options.sh
 create mode 100644 _modules/scripts/new_options.sh

diff --git a/_modules/scripts/core.sh b/_modules/scripts/core.sh
new file mode 100644
index 000000000..42133aa6b
--- /dev/null
+++ b/_modules/scripts/core.sh
@@ -0,0 +1,223 @@
+#!/usr/bin/env bash
+# _modules/scripts/core.sh
+# THIS SCRIPT IS DESIGNED TO BE RUNNING BY MAILCOW SCRIPTS ONLY!
+# DO NOT, AGAIN, NOT TRY TO RUN THIS SCRIPT STANDALONE!!!!!!
+
+# ANSI color for red errors
+RED='\e[31m'
+GREEN='\e[32m'
+YELLOW='\e[33m'
+BLUE='\e[34m'
+MAGENTA='\e[35m'
+LIGHT_RED='\e[91m'
+LIGHT_GREEN='\e[92m'
+NC='\e[0m'
+
+caller="${BASH_SOURCE[1]##*/}"
+
+get_installed_tools(){
+    for bin in openssl curl docker git awk sha1sum grep cut jq; do
+        if [[ -z $(command -v ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
+    done
+
+    if grep --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo -e "${LIGHT_RED}BusyBox grep detected, please install gnu grep, \"apk add --no-cache --upgrade grep\"${NC}"; exit 1; fi
+    # This will also cover sort
+    if cp --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo -e "${LIGHT_RED}BusyBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\"${NC}"; exit 1; fi
+    if sed --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo -e "${LIGHT_RED}BusyBox sed detected, please install gnu sed, \"apk add --no-cache --upgrade sed\"${NC}"; exit 1; fi
+}
+
+get_docker_version(){
+    # Check Docker Version (need at least 24.X)
+    docker_version=$(docker version --format '{{.Server.Version}}' | cut -d '.' -f 1)
+}
+
+get_compose_type(){
+    if docker compose > /dev/null 2>&1; then
+        if docker compose version --short | grep -e "^2." -e "^v2." > /dev/null 2>&1; then
+            COMPOSE_VERSION=native
+            COMPOSE_COMMAND="docker compose"
+            if [[ "$caller" == "update.sh" ]]; then
+                sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=native/' "$SCRIPT_DIR/mailcow.conf"
+            fi
+            echo -e "\e[33mFound Docker Compose Plugin (native).\e[0m"
+            echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
+            sleep 2
+            echo -e "\e[33mNotice: You'll have to update this Compose Version via your Package Manager manually!\e[0m"
+        else
+            echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
+            echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
+            exit 1
+        fi
+    elif docker-compose > /dev/null 2>&1; then
+    if ! [[ $(alias docker-compose 2> /dev/null) ]] ; then
+        if docker-compose version --short | grep "^2." > /dev/null 2>&1; then
+            COMPOSE_VERSION=standalone
+            COMPOSE_COMMAND="docker-compose"
+            if [[ "$caller" == "update.sh" ]]; then
+                sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=standalone/' "$SCRIPT_DIR/mailcow.conf"
+            fi
+            echo -e "\e[33mFound Docker Compose Standalone.\e[0m"
+            echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m"
+            sleep 2
+            echo -e "\e[33mNotice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.\e[0m"
+        else
+            echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
+            echo -e "\e[31mPlease update/install manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
+            exit 1
+        fi
+    fi
+    else
+        echo -e "\e[31mCannot find Docker Compose.\e[0m"
+        echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
+        exit 1
+    fi
+}
+
+detect_bad_asn() {
+  echo -e "\e[33mDetecting if your IP is listed on Spamhaus Bad ASN List...\e[0m"
+  response=$(curl --connect-timeout 15 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email")
+  if [ "$response" -eq 503 ]; then
+    if [ -z "$SPAMHAUS_DQS_KEY" ]; then
+      echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m"
+      echo -e "\e[33mmailcow did not detected a value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf!\e[0m"
+      sleep 2
+      echo ""
+      echo -e "\e[33mTo use the Spamhaus DNS Blocklists again, you will need to create a FREE account for their Data Query Service (DQS) at: https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account\e[0m"
+      echo -e "\e[33mOnce done, enter your DQS API key in mailcow.conf and mailcow will do the rest for you!\e[0m"
+      echo ""
+      sleep 2
+    else
+      echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m"
+      echo -e "\e[32mmailcow detected a Value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf. Postfix will use DQS with the given API key...\e[0m"
+    fi
+  elif [ "$response" -eq 200 ]; then
+    echo -e "\e[33mCheck completed! Your IP is \e[32mclean\e[0m"
+  elif [ "$response" -eq 429 ]; then
+    echo -e "\e[33mCheck completed! \e[31mYour IP seems to be rate limited on the ASN Check service... please try again later!\e[0m"
+  else
+    echo -e "\e[31mCheck failed! \e[0mMaybe a DNS or Network problem?\e[0m"
+  fi
+}
+
+check_online_status() {
+  CHECK_ONLINE_DOMAINS=('https://github.com' 'https://hub.docker.com')
+  for domain in "${CHECK_ONLINE_DOMAINS[@]}"; do
+    if timeout 6 curl --head --silent --output /dev/null ${domain}; then
+      return 0
+    fi
+  done
+  return 1
+}
+
+prefetch_images() {
+  [[ -z ${BRANCH} ]] && { echo -e "\e[33m\nUnknown branch...\e[0m"; exit 1; }
+  git fetch origin #${BRANCH}
+  while read image; do
+    RET_C=0
+    until docker pull "${image}"; do
+      RET_C=$((RET_C + 1))
+      echo -e "\e[33m\nError pulling $image, retrying...\e[0m"
+      [ ${RET_C} -gt 3 ] && { echo -e "\e[31m\nToo many failed retries, exiting\e[0m"; exit 1; }
+      sleep 1
+    done
+  done < <(git show "origin/${BRANCH}:docker-compose.yml" | grep "image:" | awk '{ gsub("image:","", $3); print $2 }')
+}
+
+docker_garbage() {
+  SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../.." && pwd )"
+  IMGS_TO_DELETE=()
+
+  declare -A IMAGES_INFO
+  COMPOSE_IMAGES=($(grep -oP "image: \K(ghcr\.io/)?mailcow.+" "${SCRIPT_DIR}/docker-compose.yml"))
+
+  for existing_image in $(docker images --format "{{.ID}}:{{.Repository}}:{{.Tag}}" | grep -E '(mailcow/|ghcr\.io/mailcow/)'); do
+      ID=$(echo "$existing_image" | cut -d ':' -f 1)
+      REPOSITORY=$(echo "$existing_image" | cut -d ':' -f 2)
+      TAG=$(echo "$existing_image" | cut -d ':' -f 3)
+
+      if [[ "$REPOSITORY" == "mailcow/backup" || "$REPOSITORY" == "ghcr.io/mailcow/backup" ]]; then
+          if [[ "$TAG" != "<none>" ]]; then
+              continue
+          fi
+      fi
+
+      if [[ " ${COMPOSE_IMAGES[@]} " =~ " ${REPOSITORY}:${TAG} " ]]; then
+          continue
+      else
+          IMGS_TO_DELETE+=("$ID")
+          IMAGES_INFO["$ID"]="$REPOSITORY:$TAG"
+      fi
+  done
+
+  if [[ ! -z ${IMGS_TO_DELETE[*]} ]]; then
+      echo "The following unused mailcow images were found:"
+      for id in "${IMGS_TO_DELETE[@]}"; do
+          echo "    ${IMAGES_INFO[$id]} ($id)"
+      done
+
+      if [ -z "$FORCE" ]; then
+          read -r -p "Do you want to delete them to free up some space? [y/N] " response
+          if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+              docker rmi ${IMGS_TO_DELETE[*]}
+          else
+              echo "OK, skipped."
+          fi
+      else
+          echo "Running in forced mode! Force removing old mailcow images..."
+          docker rmi ${IMGS_TO_DELETE[*]}
+      fi
+      echo -e "\e[32mFurther cleanup...\e[0m"
+      echo "If you want to cleanup further garbage collected by Docker, please make sure all containers are up and running before cleaning your system by executing \"docker system prune\""
+  fi
+}
+
+in_array() {
+  local e match="$1"
+  shift
+  for e; do [[ "$e" == "$match" ]] && return 0; done
+  return 1
+}
+
+detect_major_update() {
+  if [ ${BRANCH} == "master" ]; then
+    # Array with major versions
+    # Add major versions here
+    MAJOR_VERSIONS=(
+      "2025-02"
+      "2025-03"
+    )
+
+    current_version=""
+    if [[ -f "${SCRIPT_DIR}/data/web/inc/app_info.inc.php" ]]; then
+      current_version=$(grep 'MAILCOW_GIT_VERSION' ${SCRIPT_DIR}/data/web/inc/app_info.inc.php | sed -E 's/.*MAILCOW_GIT_VERSION="([^"]+)".*/\1/')
+    fi
+    if [[ -z "$current_version" ]]; then
+      return 1
+    fi
+    release_url="https://github.com/mailcow/mailcow-dockerized/releases/tag"
+
+    updates_to_apply=()
+
+    for version in "${MAJOR_VERSIONS[@]}"; do
+      if [[ "$current_version" < "$version" ]]; then
+        updates_to_apply+=("$version")
+      fi
+    done
+
+    if [[ ${#updates_to_apply[@]} -gt 0 ]]; then
+      echo -e "\e[33m\nMAJOR UPDATES to be applied:\e[0m"
+      for update in "${updates_to_apply[@]}"; do
+        echo "$update - $release_url/$update"
+      done
+
+      echo -e "\nPlease read the release notes before proceeding."
+      read -p "Do you want to proceed with the update? [y/n] " response
+      if [[ "${response}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+        echo "Proceeding with the update..."
+      else
+        echo "Update canceled. Exiting."
+        exit 1
+      fi
+    fi
+  fi
+}
\ No newline at end of file
diff --git a/_modules/scripts/ipv6_controller.sh b/_modules/scripts/ipv6_controller.sh
new file mode 100644
index 000000000..7fe7d3cbd
--- /dev/null
+++ b/_modules/scripts/ipv6_controller.sh
@@ -0,0 +1,168 @@
+#!/usr/bin/env bash
+# _modules/scripts/ipv6_controller.sh
+# THIS SCRIPT IS DESIGNED TO BE RUNNING BY MAILCOW SCRIPTS ONLY!
+# DO NOT, AGAIN, NOT TRY TO RUN THIS SCRIPT STANDALONE!!!!!!
+
+# 1) Check if the host supports IPv6
+get_ipv6_support() {
+  if grep -qs '^1' /proc/sys/net/ipv6/conf/all/disable_ipv6 2>/dev/null \
+    || ! ip -6 route show default &>/dev/null; then
+    DETECTED_IPV6=false
+    echo -e "${YELLOW}IPv6 not detected on host – ${LIGHT_RED}disabling IPv6 support${YELLOW}.${NC}"
+  else
+    DETECTED_IPV6=true
+    echo -e "IPv6 detected on host – ${LIGHT_GREEN}leaving IPv6 support enabled${YELLOW}.${NC}"
+  fi
+}
+
+# 2) Ensure Docker daemon.json has (or create) the required IPv6 settings
+docker_daemon_edit(){
+  DOCKER_DAEMON_CONFIG="/etc/docker/daemon.json"
+  DOCKER_MAJOR=$(docker version --format '{{.Server.Version}}' 2>/dev/null | cut -d. -f1)
+  MISSING=()
+
+  _has_kv() { grep -Eq "\"$1\"\s*:\s*$2" "$DOCKER_DAEMON_CONFIG" 2>/dev/null; }
+
+  if [[ -f "$DOCKER_DAEMON_CONFIG" ]]; then
+
+    # reject empty or whitespace-only file immediately
+    if [[ ! -s "$DOCKER_DAEMON_CONFIG" ]] || ! grep -Eq '[{}]' "$DOCKER_DAEMON_CONFIG"; then
+      echo -e "${RED}ERROR: $DOCKER_DAEMON_CONFIG exists but is empty or contains no JSON braces – please initialize it with valid JSON (e.g. {}).${NC}"
+      exit 1
+    fi
+
+    # Validate JSON if jq is present
+    if command -v jq &>/dev/null && ! jq empty "$DOCKER_DAEMON_CONFIG" &>/dev/null; then
+      echo -e "${RED}ERROR: Invalid JSON in $DOCKER_DAEMON_CONFIG – please correct manually.${NC}"
+      exit 1
+    fi
+
+    # Gather missing keys
+    ! _has_kv ipv6 true       && MISSING+=("ipv6: true")
+    ! grep -Eq '"fixed-cidr-v6"\s*:\s*".+"' "$DOCKER_DAEMON_CONFIG" \
+                              && MISSING+=('fixed-cidr-v6: "fd00:dead:beef:c0::/80"')
+    if [[ -n "$DOCKER_MAJOR" && "$DOCKER_MAJOR" -ge 27 ]]; then
+      _has_kv ipv6 true && ! _has_kv ip6tables true && MISSING+=("ip6tables: true")
+      ! _has_kv experimental true                 && MISSING+=("experimental: true")
+    fi
+
+    # Fix if needed
+    if ((${#MISSING[@]}>0)); then
+      echo -e "${MAGENTA}Your daemon.json is missing: ${YELLOW}${MISSING[*]}${NC}"
+      if [[ -n "$FORCE" ]]; then
+        ans=Y
+      else
+        read -p "Would you like to update $DOCKER_DAEMON_CONFIG now? [Y/n] " ans
+        ans=${ans:-Y}
+      fi
+
+      if [[ $ans =~ ^[Yy]$ ]]; then
+        cp "$DOCKER_DAEMON_CONFIG" "${DOCKER_DAEMON_CONFIG}.bak"
+        if command -v jq &>/dev/null; then
+          TMP=$(mktemp)
+          JQ_FILTER='.ipv6 = true | .["fixed-cidr-v6"] = "fd00:dead:beef:c0::/80"'
+          [[ "$DOCKER_MAJOR" && "$DOCKER_MAJOR" -lt 27 ]] \
+            && JQ_FILTER+=' | .ip6tables = true | .experimental = true'
+          jq "$JQ_FILTER" "$DOCKER_DAEMON_CONFIG" >"$TMP" && mv "$TMP" "$DOCKER_DAEMON_CONFIG"
+          echo -e "${LIGHT_GREEN}daemon.json updated. Restarting Docker...${NC}"
+          (command -v systemctl &>/dev/null && systemctl restart docker) || service docker restart
+          echo -e "${YELLOW}Docker restarted.${NC}"
+        else
+          echo -e "${RED}Please install jq or manually update daemon.json and restart Docker.${NC}"
+          exit 1
+        fi
+      else
+        echo -e "${YELLOW}User declined Docker update – please insert these changes manually:${NC}"
+        echo "${MISSING[*]}"
+        exit 1
+      fi
+    fi
+
+  else
+    # Create new daemon.json if missing
+    if [[ -n "$FORCE" ]]; then
+      ans=Y
+    else
+      read -p "$DOCKER_DAEMON_CONFIG not found. Create it with IPv6 settings? [Y/n] " ans
+      ans=${ans:-Y}
+    fi
+
+    if [[ $ans =~ ^[Yy]$ ]]; then
+      if [[ -n "$DOCKER_MAJOR" && "$DOCKER_MAJOR" -lt 27 ]]; then
+        cat > "$DOCKER_DAEMON_CONFIG" <<EOF
+{
+  "ipv6": true,
+  "fixed-cidr-v6": "fd00:dead:beef:c0::/80",
+  "ip6tables": true,
+  "experimental": true
+}
+EOF
+      else
+        cat > "$DOCKER_DAEMON_CONFIG" <<EOF
+{
+  "ipv6": true,
+  "fixed-cidr-v6": "fd00:dead:beef:c0::/80"
+}
+EOF
+      fi
+      echo -e "${GREEN}Created $DOCKER_DAEMON_CONFIG with IPv6 settings.${NC}"
+      echo "Restarting Docker..."
+      (command -v systemctl &>/dev/null && systemctl restart docker) || service docker restart
+      echo "Docker restarted."
+    else
+      echo "User declined to create daemon.json – please manually merge the docker daemon with these configs:"
+      echo "${MISSING[*]}"
+      exit 1
+    fi
+  fi
+}
+
+# 3) Main wrapper for generate_config.sh and update.sh
+configure_ipv6() {
+  # detect manual override if mailcow.conf is present
+  if [[ -n "$MAILCOW_CONF" && -f "$MAILCOW_CONF" ]] && grep -q '^ENABLE_IPV6=' "$MAILCOW_CONF"; then
+    MANUAL_SETTING=$(grep '^ENABLE_IPV6=' "$MAILCOW_CONF" | cut -d= -f2)
+  elif [[ -z "$MAILCOW_CONF" ]] && [[ ! -z "${ENABLE_IPV6:-}" ]]; then
+    MANUAL_SETTING="$ENABLE_IPV6"
+  else
+    MANUAL_SETTING=""
+  fi
+
+  get_ipv6_support
+
+  # if user manually set it, check for mismatch
+  if [[ -n "$MANUAL_SETTING" ]]; then
+    if [[ "$MANUAL_SETTING" == "false" && "$DETECTED_IPV6" == "true" ]]; then
+      echo -e "${RED}ERROR: You have ENABLE_IPV6=false but your host and Docker support IPv6.${NC}"
+      echo -e "${RED}This can create an open relay. Please set ENABLE_IPV6=true in your mailcow.conf and re-run.${NC}"
+      exit 1
+    elif [[ "$MANUAL_SETTING" == "true" && "$DETECTED_IPV6" == "false" ]]; then
+      echo -e "${RED}ERROR: You have ENABLE_IPV6=true but your host does not support IPv6.${NC}"
+      echo -e "${RED}Please disable or fix your host/Docker IPv6 support, or set ENABLE_IPV6=false.${NC}"
+      exit 1
+    else
+      return
+    fi
+  fi
+
+  # no manual override: proceed to set or export
+  if [[ "$DETECTED_IPV6" == "true" ]]; then
+    docker_daemon_edit
+  else
+    echo "Skipping Docker IPv6 configuration because host does not support IPv6."
+  fi
+
+  # now write into mailcow.conf or export
+  if [[ -n "$MAILCOW_CONF" && -f "$MAILCOW_CONF" ]]; then
+    LINE="ENABLE_IPV6=$DETECTED_IPV6"
+    if grep -q '^ENABLE_IPV6=' "$MAILCOW_CONF"; then
+      sed -i "s/^ENABLE_IPV6=.*/$LINE/" "$MAILCOW_CONF"
+    else
+      echo "$LINE" >> "$MAILCOW_CONF"
+    fi
+  else
+    export IPV6_BOOL="$DETECTED_IPV6"
+  fi
+
+  echo "IPv6 configuration complete: ENABLE_IPV6=$DETECTED_IPV6"
+}
\ No newline at end of file
diff --git a/_modules/scripts/migrate_options.sh b/_modules/scripts/migrate_options.sh
new file mode 100644
index 000000000..6a584b9f7
--- /dev/null
+++ b/_modules/scripts/migrate_options.sh
@@ -0,0 +1,96 @@
+#!/usr/bin/env bash
+# _modules/scripts/migrate_options.sh
+# THIS SCRIPT IS DESIGNED TO BE RUNNING BY MAILCOW SCRIPTS ONLY!
+# DO NOT, AGAIN, NOT TRY TO RUN THIS SCRIPT STANDALONE!!!!!!
+
+migrate_config_options() {
+
+  sed -i --follow-symlinks '$a\' mailcow.conf
+
+  KEYS=(
+    SOLR_HEAP
+    SKIP_SOLR
+    SOLR_PORT
+    FLATCURVE_EXPERIMENTAL
+    DISABLE_IPv6
+    ACME_CONTACT
+  )
+
+  for key in "${KEYS[@]}"; do
+    if grep -q "${key}" mailcow.conf; then
+      case "${key}" in
+        SOLR_HEAP)
+          echo "Removing ${key} in mailcow.conf"
+          sed -i '/# Solr heap size in MB\b/d' mailcow.conf
+          sed -i '/# Solr is a prone to run\b/d' mailcow.conf
+          sed -i '/SOLR_HEAP\b/d' mailcow.conf
+          ;;
+        SKIP_SOLR)
+          echo "Removing ${key} in mailcow.conf"
+          sed -i '/\bSkip Solr on low-memory\b/d' mailcow.conf
+          sed -i '/\bSolr is disabled by default\b/d' mailcow.conf
+          sed -i '/\bDisable Solr or\b/d' mailcow.conf
+          sed -i '/\bSKIP_SOLR\b/d' mailcow.conf
+          ;;
+        SOLR_PORT)
+          echo "Removing ${key} in mailcow.conf"
+          sed -i '/\bSOLR_PORT\b/d' mailcow.conf
+          ;;
+        FLATCURVE_EXPERIMENTAL)
+          echo "Removing ${key} in mailcow.conf"
+          sed -i '/\bFLATCURVE_EXPERIMENTAL\b/d' mailcow.conf
+          ;;
+        DISABLE_IPv6)
+          echo "Migrating ${key} to ENABLE_IPv6 in mailcow.conf"
+          local old=$(grep '^DISABLE_IPv6=' "mailcow.conf" | cut -d'=' -f2)
+          local new
+          if [[ "$old" == "y" ]]; then
+            new="false"
+          else
+            new="true"
+          fi
+          sed -i '/^DISABLE_IPv6=/d' "mailcow.conf"
+          echo "ENABLE_IPV6=$new" >> "mailcow.conf"
+          ;;
+        ACME_CONTACT)
+          echo "Deleting obsoleted ${key} in mailcow.conf"
+          sed -i '/^# Lets Encrypt registration contact information/d' mailcow.conf
+          sed -i '/^# Optional: Leave empty for none/d' mailcow.conf
+          sed -i '/^# This value is only used on first order!/d' mailcow.conf
+          sed -i '/^# Setting it at a later point will require the following steps:/d' mailcow.conf
+          sed -i '/^# https:\/\/docs.mailcow.email\/troubleshooting\/debug-reset_tls\//d' mailcow.conf
+          sed -i '/^ACME_CONTACT=.*/d' mailcow.conf
+          sed -i '/^#ACME_CONTACT=.*/d' mailcow.conf
+          ;;
+      esac
+    fi
+  done
+
+  solr_volume=$(docker volume ls -qf name=^${COMPOSE_PROJECT_NAME}_solr-vol-1)
+  if [[ -n $solr_volume ]]; then
+    echo -e "\e[34mSolr has been replaced within mailcow since 2025-01.\nThe volume $solr_volume is unused.\e[0m"
+    sleep 1
+    if [ ! "$FORCE" ]; then
+      read -r -p "Remove $solr_volume? [y/N] " response
+      if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+        echo -e "\e[33mRemoving $solr_volume...\e[0m"
+        docker volume rm $solr_volume || echo -e "\e[31mFailed to remove. Remove it manually!\e[0m"
+        echo -e "\e[32mSuccessfully removed $solr_volume!\e[0m"
+      else
+        echo -e "Not removing $solr_volume. Run \`docker volume rm $solr_volume\` manually if needed."
+      fi
+    else
+      echo -e "\e[33mForce removing $solr_volume...\e[0m"
+      docker volume rm $solr_volume || echo -e "\e[31mFailed to remove. Remove it manually!\e[0m"
+      echo -e "\e[32mSuccessfully removed $solr_volume!\e[0m"
+    fi
+  fi
+
+  # Delete old fts.conf before forced switch to flatcurve to ensure update is working properly
+  FTS_CONF_PATH="${SCRIPT_DIR}/data/conf/dovecot/conf.d/fts.conf"
+  if [[ -f "$FTS_CONF_PATH" ]]; then
+    if grep -q "Autogenerated by mailcow" "$FTS_CONF_PATH"; then
+      rm -rf $FTS_CONF_PATH
+    fi
+  fi
+}
\ No newline at end of file
diff --git a/_modules/scripts/new_options.sh b/_modules/scripts/new_options.sh
new file mode 100644
index 000000000..a3f47dc61
--- /dev/null
+++ b/_modules/scripts/new_options.sh
@@ -0,0 +1,299 @@
+#!/usr/bin/env bash
+# _modules/scripts/new_options.sh
+# THIS SCRIPT IS DESIGNED TO BE RUNNING BY MAILCOW SCRIPTS ONLY!
+# DO NOT, AGAIN, NOT TRY TO RUN THIS SCRIPT STANDALONE!!!!!!
+
+adapt_new_options() {
+
+  CONFIG_ARRAY=(
+  "AUTODISCOVER_SAN"
+  "SKIP_LETS_ENCRYPT"
+  "SKIP_SOGO"
+  "USE_WATCHDOG"
+  "WATCHDOG_NOTIFY_EMAIL"
+  "WATCHDOG_NOTIFY_WEBHOOK"
+  "WATCHDOG_NOTIFY_WEBHOOK_BODY"
+  "WATCHDOG_NOTIFY_BAN"
+  "WATCHDOG_NOTIFY_START"
+  "WATCHDOG_EXTERNAL_CHECKS"
+  "WATCHDOG_SUBJECT"
+  "SKIP_CLAMD"
+  "SKIP_OLEFY"
+  "SKIP_IP_CHECK"
+  "ADDITIONAL_SAN"
+  "DOVEADM_PORT"
+  "IPV4_NETWORK"
+  "IPV6_NETWORK"
+  "LOG_LINES"
+  "SNAT_TO_SOURCE"
+  "SNAT6_TO_SOURCE"
+  "COMPOSE_PROJECT_NAME"
+  "DOCKER_COMPOSE_VERSION"
+  "SQL_PORT"
+  "API_KEY"
+  "API_KEY_READ_ONLY"
+  "API_ALLOW_FROM"
+  "MAILDIR_GC_TIME"
+  "MAILDIR_SUB"
+  "ACL_ANYONE"
+  "FTS_HEAP"
+  "FTS_PROCS"
+  "SKIP_FTS"
+  "ENABLE_SSL_SNI"
+  "ALLOW_ADMIN_EMAIL_LOGIN"
+  "SKIP_HTTP_VERIFICATION"
+  "SOGO_EXPIRE_SESSION"
+  "REDIS_PORT"
+  "REDISPASS"
+  "DOVECOT_MASTER_USER"
+  "DOVECOT_MASTER_PASS"
+  "MAILCOW_PASS_SCHEME"
+  "ADDITIONAL_SERVER_NAMES"
+  "WATCHDOG_VERBOSE"
+  "WEBAUTHN_ONLY_TRUSTED_VENDORS"
+  "SPAMHAUS_DQS_KEY"
+  "SKIP_UNBOUND_HEALTHCHECK"
+  "DISABLE_NETFILTER_ISOLATION_RULE"
+  "HTTP_REDIRECT"
+  "ENABLE_IPV6"
+  )
+
+  sed -i --follow-symlinks '$a\' mailcow.conf
+  for option in ${CONFIG_ARRAY[@]}; do
+    if grep -q "${option}" mailcow.conf; then
+      continue
+    fi
+
+    echo "Adding new option \"${option}\" to mailcow.conf"
+
+    case "${option}" in
+        AUTODISCOVER_SAN)
+            echo '# Obtain certificates for autodiscover.* and autoconfig.* domains.' >> mailcow.conf
+            echo '# This can be useful to switch off in case you are in a scenario where a reverse proxy already handles those.' >> mailcow.conf
+            echo '# There are mixed scenarios where ports 80,443 are occupied and you do not want to share certs' >> mailcow.conf
+            echo '# between services. So acme-mailcow obtains for maildomains and all web-things get handled' >> mailcow.conf
+            echo '# in the reverse proxy.' >> mailcow.conf
+            echo 'AUTODISCOVER_SAN=y' >> mailcow.conf
+            ;;
+
+        DOCKER_COMPOSE_VERSION)
+            echo "# Used Docker Compose version" >> mailcow.conf
+            echo "# Switch here between native (compose plugin) and standalone" >> mailcow.conf
+            echo "# For more informations take a look at the mailcow docs regarding the configuration options." >> mailcow.conf
+            echo "# Normally this should be untouched but if you decided to use either of those you can switch it manually here." >> mailcow.conf
+            echo "# Please be aware that at least one of those variants should be installed on your machine or mailcow will fail." >> mailcow.conf
+            echo "" >> mailcow.conf
+            echo "DOCKER_COMPOSE_VERSION=${DOCKER_COMPOSE_VERSION}" >> mailcow.conf
+            ;;
+
+        DOVEADM_PORT)
+            echo "DOVEADM_PORT=127.0.0.1:19991" >> mailcow.conf
+            ;;
+
+        LOG_LINES)
+            echo '# Max log lines per service to keep in Redis logs' >> mailcow.conf
+            echo "LOG_LINES=9999" >> mailcow.conf
+            ;;
+        
+        IPV4_NETWORK)
+            echo '# Internal IPv4 /24 subnet, format n.n.n. (expands to n.n.n.0/24)' >> mailcow.conf
+            echo "IPV4_NETWORK=172.22.1" >> mailcow.conf
+            ;;
+        IPV6_NETWORK)
+            echo '# Internal IPv6 subnet in fc00::/7' >> mailcow.conf
+            echo "IPV6_NETWORK=fd4d:6169:6c63:6f77::/64" >> mailcow.conf
+            ;;
+        SQL_PORT)
+            echo '# Bind SQL to 127.0.0.1 on port 13306' >> mailcow.conf
+            echo "SQL_PORT=127.0.0.1:13306" >> mailcow.conf
+            ;;
+        API_KEY)
+            echo '# Create or override API key for web UI' >> mailcow.conf
+            echo "#API_KEY=" >> mailcow.conf
+            ;;
+        API_KEY_READ_ONLY)
+            echo '# Create or override read-only API key for web UI' >> mailcow.conf
+            echo "#API_KEY_READ_ONLY=" >> mailcow.conf
+            ;;
+        API_ALLOW_FROM)
+            echo '# Must be set for API_KEY to be active' >> mailcow.conf
+            echo '# IPs only, no networks (networks can be set via UI)' >> mailcow.conf
+            echo "#API_ALLOW_FROM=" >> mailcow.conf
+            ;;
+        SNAT_TO_SOURCE)
+            echo '# Use this IPv4 for outgoing connections (SNAT)' >> mailcow.conf
+            echo "#SNAT_TO_SOURCE=" >> mailcow.conf
+            ;;
+        SNAT6_TO_SOURCE)
+            echo '# Use this IPv6 for outgoing connections (SNAT)' >> mailcow.conf
+            echo "#SNAT6_TO_SOURCE=" >> mailcow.conf
+            ;;
+        MAILDIR_GC_TIME)
+            echo '# Garbage collector cleanup' >> mailcow.conf
+            echo '# Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring' >> mailcow.conf
+            echo '# How long should objects remain in the garbage until they are being deleted? (value in minutes)' >> mailcow.conf
+            echo '# Check interval is hourly' >> mailcow.conf
+            echo 'MAILDIR_GC_TIME=1440' >> mailcow.conf
+            ;;
+        ACL_ANYONE)
+            echo '# Set this to "allow" to enable the anyone pseudo user. Disabled by default.' >> mailcow.conf
+            echo '# When enabled, ACL can be created, that apply to "All authenticated users"' >> mailcow.conf
+            echo '# This should probably only be activated on mail hosts, that are used exclusively by one organisation.' >> mailcow.conf
+            echo '# Otherwise a user might share data with too many other users.' >> mailcow.conf
+            echo 'ACL_ANYONE=disallow' >> mailcow.conf
+            ;;
+        FTS_HEAP)
+            echo '# Dovecot Indexing (FTS) Process maximum heap size in MB, there is no recommendation, please see Dovecot docs.' >> mailcow.conf
+            echo '# Flatcurve is used as FTS Engine. It is supposed to be pretty efficient in CPU and RAM consumption.' >> mailcow.conf
+            echo '# Please always monitor your Resource consumption!' >> mailcow.conf
+            echo "FTS_HEAP=128" >> mailcow.conf
+            ;;
+        SKIP_FTS)
+            echo '# Skip FTS (Fulltext Search) for Dovecot on low-memory, low-threaded systems or if you simply want to disable it.' >> mailcow.conf
+            echo "# Dovecot inside mailcow use Flatcurve as FTS Backend." >> mailcow.conf
+            echo "SKIP_FTS=y" >> mailcow.conf
+            ;;
+        FTS_PROCS)
+            echo '# Controls how many processes the Dovecot indexing process can spawn at max.' >> mailcow.conf
+            echo '# Too many indexing processes can use a lot of CPU and Disk I/O' >> mailcow.conf
+            echo '# Please visit: https://doc.dovecot.org/configuration_manual/service_configuration/#indexer-worker for more informations' >> mailcow.conf
+            echo "FTS_PROCS=1" >> mailcow.conf
+            ;;
+        ENABLE_SSL_SNI)
+            echo '# Create seperate certificates for all domains - y/n' >> mailcow.conf
+            echo '# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames' >> mailcow.conf
+            echo '# see https://wiki.dovecot.org/SSL/SNIClientSupport' >> mailcow.conf
+            echo "ENABLE_SSL_SNI=n" >> mailcow.conf
+            ;;
+        SKIP_SOGO)
+            echo '# Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n' >> mailcow.conf
+            echo "SKIP_SOGO=n" >> mailcow.conf
+            ;;
+        MAILDIR_SUB)
+            echo '# MAILDIR_SUB defines a path in a users virtual home to keep the maildir in. Leave empty for updated setups.' >> mailcow.conf
+            echo "#MAILDIR_SUB=Maildir" >> mailcow.conf
+            echo "MAILDIR_SUB=" >> mailcow.conf
+            ;;
+        WATCHDOG_NOTIFY_WEBHOOK)
+            echo '# Send notifications to a webhook URL that receives a POST request with the content type "application/json".' >> mailcow.conf
+            echo '# You can use this to send notifications to services like Discord, Slack and others.' >> mailcow.conf
+            echo '#WATCHDOG_NOTIFY_WEBHOOK=https://discord.com/api/webhooks/XXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' >> mailcow.conf
+            ;;
+        WATCHDOG_NOTIFY_WEBHOOK_BODY)
+            echo '# JSON body included in the webhook POST request. Needs to be in single quotes.' >> mailcow.conf
+            echo '# Following variables are available: SUBJECT, BODY' >> mailcow.conf
+            WEBHOOK_BODY='{"username": "mailcow Watchdog", "content": "**${SUBJECT}**\n${BODY}"}'
+            echo "#WATCHDOG_NOTIFY_WEBHOOK_BODY='${WEBHOOK_BODY}'" >> mailcow.conf
+            ;;
+        WATCHDOG_NOTIFY_BAN)
+            echo '# Notify about banned IP. Includes whois lookup.' >> mailcow.conf
+            echo "WATCHDOG_NOTIFY_BAN=y" >> mailcow.conf
+            ;;
+        WATCHDOG_NOTIFY_START)
+            echo '# Send a notification when the watchdog is started.' >> mailcow.conf
+            echo "WATCHDOG_NOTIFY_START=y" >> mailcow.conf
+            ;;
+        WATCHDOG_SUBJECT)
+            echo '# Subject for watchdog mails. Defaults to "Watchdog ALERT" followed by the error message.' >> mailcow.conf
+            echo "#WATCHDOG_SUBJECT=" >> mailcow.conf
+            ;;
+        WATCHDOG_EXTERNAL_CHECKS)
+            echo '# Checks if mailcow is an open relay. Requires a SAL. More checks will follow.' >> mailcow.conf
+            echo '# No data is collected. Opt-in and anonymous.' >> mailcow.conf
+            echo '# Will only work with unmodified mailcow setups.' >> mailcow.conf
+            echo "WATCHDOG_EXTERNAL_CHECKS=n" >> mailcow.conf
+            ;;
+        SOGO_EXPIRE_SESSION)
+            echo '# SOGo session timeout in minutes' >> mailcow.conf
+            echo "SOGO_EXPIRE_SESSION=480" >> mailcow.conf
+            ;;
+        REDIS_PORT)
+            echo "REDIS_PORT=127.0.0.1:7654" >> mailcow.conf
+            ;;
+        DOVECOT_MASTER_USER)
+            echo '# DOVECOT_MASTER_USER and _PASS must _both_ be provided. No special chars.' >> mailcow.conf
+            echo '# Empty by default to auto-generate master user and password on start.' >> mailcow.conf
+            echo '# User expands to DOVECOT_MASTER_USER@mailcow.local' >> mailcow.conf
+            echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
+            echo "DOVECOT_MASTER_USER=" >> mailcow.conf
+            ;;
+        DOVECOT_MASTER_PASS)
+            echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
+            echo "DOVECOT_MASTER_PASS=" >> mailcow.conf
+            ;;
+        MAILCOW_PASS_SCHEME)
+            echo '# Password hash algorithm' >> mailcow.conf
+            echo '# Only certain password hash algorithm are supported. For a fully list of supported schemes,' >> mailcow.conf
+            echo '# see https://docs.mailcow.email/models/model-passwd/' >> mailcow.conf
+            echo "MAILCOW_PASS_SCHEME=BLF-CRYPT" >> mailcow.conf
+            ;;
+        ADDITIONAL_SERVER_NAMES)
+            echo '# Additional server names for mailcow UI' >> mailcow.conf
+            echo '#' >> mailcow.conf
+            echo '# Specify alternative addresses for the mailcow UI to respond to' >> mailcow.conf
+            echo '# This is useful when you set mail.* as ADDITIONAL_SAN and want to make sure mail.maildomain.com will always point to the mailcow UI.' >> mailcow.conf
+            echo '# If the server name does not match a known site, Nginx decides by best-guess and may redirect users to the wrong web root.' >> mailcow.conf
+            echo '# You can understand this as server_name directive in Nginx.' >> mailcow.conf
+            echo '# Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f' >> mailcow.conf
+            echo 'ADDITIONAL_SERVER_NAMES=' >> mailcow.conf
+            ;;
+        WEBAUTHN_ONLY_TRUSTED_VENDORS)
+            echo "# WebAuthn device manufacturer verification" >> mailcow.conf
+            echo '# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed' >> mailcow.conf
+            echo '# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates' >> mailcow.conf
+            echo 'WEBAUTHN_ONLY_TRUSTED_VENDORS=n' >> mailcow.conf
+            ;;
+        SPAMHAUS_DQS_KEY)
+            echo "# Spamhaus Data Query Service Key" >> mailcow.conf
+            echo '# Optional: Leave empty for none' >> mailcow.conf
+            echo '# Enter your key here if you are using a blocked ASN (OVH, AWS, Cloudflare e.g) for the unregistered Spamhaus Blocklist.' >> mailcow.conf
+            echo '# If empty, it will completely disable Spamhaus blocklists if it detects that you are running on a server using a blocked AS.' >> mailcow.conf
+            echo '# Otherwise it will work as usual.' >> mailcow.conf
+            echo 'SPAMHAUS_DQS_KEY=' >> mailcow.conf
+            ;;
+        WATCHDOG_VERBOSE)
+            echo '# Enable watchdog verbose logging' >> mailcow.conf
+            echo 'WATCHDOG_VERBOSE=n' >> mailcow.conf
+            ;;
+        SKIP_UNBOUND_HEALTHCHECK)
+            echo '# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n' >> mailcow.conf
+            echo 'SKIP_UNBOUND_HEALTHCHECK=n' >> mailcow.conf
+            ;;
+        DISABLE_NETFILTER_ISOLATION_RULE)
+            echo '# Prevent netfilter from setting an iptables/nftables rule to isolate the mailcow docker network - y/n' >> mailcow.conf
+            echo '# CAUTION: Disabling this may expose container ports to other neighbors on the same subnet, even if the ports are bound to localhost' >> mailcow.conf
+            echo 'DISABLE_NETFILTER_ISOLATION_RULE=n' >> mailcow.conf
+            ;;
+        HTTP_REDIRECT)
+            echo '# Redirect HTTP connections to HTTPS - y/n' >> mailcow.conf
+            echo 'HTTP_REDIRECT=n' >> mailcow.conf
+            ;;
+        ENABLE_IPV6)
+            echo '# IPv6 Controller Section' >> mailcow.conf
+            echo '# This variable controls the usage of IPv6 within mailcow.' >> mailcow.conf
+            echo '# Can either be true or false | Defaults to true' >> mailcow.conf
+            echo '# WARNING: MAKE SURE TO PROPERLY CONFIGURE IPv6 ON YOUR HOST FIRST BEFORE ENABLING THIS AS FAULTY CONFIGURATIONS CAN LEAD TO OPEN RELAYS!' >> mailcow.conf
+            echo '# A COMPLETE DOCKER STACK REBUILD (compose down && compose up -d) IS NEEDED TO APPLY THIS.' >> mailcow.conf
+            echo ENABLE_IPV6=${IPV6_BOOL} >> mailcow.conf
+            ;;
+    
+        SKIP_CLAMD)
+            echo '# Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n' >> mailcow.conf
+            echo 'SKIP_CLAMD=n' >> mailcow.conf
+            ;;
+
+        SKIP_OLEFY)
+            echo '# Skip Olefy (olefy-mailcow) anti-virus for Office documents (Rspamd will auto-detect a missing Olefy container) - y/n' >> mailcow.conf
+            echo 'SKIP_OLEFY=n' >> mailcow.conf
+            ;;
+        
+        REDISPASS)
+            echo "REDISPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2>/dev/null | head -c 28)" >> mailcow.conf
+            ;;
+                  
+        *)
+            echo "${option}=" >> mailcow.conf
+            ;;
+    esac
+  done
+}
\ No newline at end of file
diff --git a/data/Dockerfiles/nginx/bootstrap.py b/data/Dockerfiles/nginx/bootstrap.py
index 11e6fc202..d2d01c0b9 100644
--- a/data/Dockerfiles/nginx/bootstrap.py
+++ b/data/Dockerfiles/nginx/bootstrap.py
@@ -10,7 +10,7 @@ def includes_conf(env, template_vars):
   server_name_config = f"server_name {template_vars['MAILCOW_HOSTNAME']} autodiscover.* autoconfig.* {' '.join(template_vars['ADDITIONAL_SERVER_NAMES'])};"
   listen_plain_config = f"listen {template_vars['HTTP_PORT']};"
   listen_ssl_config = f"listen {template_vars['HTTPS_PORT']};"
-  if not template_vars['DISABLE_IPv6']:
+  if not template_vars['ENABLE_IPV6']:
     listen_plain_config += f"\nlisten [::]:{template_vars['HTTP_PORT']};"
     listen_ssl_config += f"\nlisten [::]:{template_vars['HTTPS_PORT']} ssl;"
   listen_ssl_config += "\nhttp2 on;"
@@ -58,7 +58,7 @@ def prepare_template_vars():
     'SOGOHOST': os.getenv("SOGOHOST", ipv4_network + ".248"),
     'RSPAMDHOST': os.getenv("RSPAMDHOST", "rspamd-mailcow"),
     'PHPFPMHOST': os.getenv("PHPFPMHOST", "php-fpm-mailcow"),
-    'DISABLE_IPv6': os.getenv("DISABLE_IPv6", "n").lower() in ("y", "yes"),
+    'ENABLE_IPV6': os.getenv("ENABLE_IPV6", "true").lower() != "false",
     'HTTP_REDIRECT': os.getenv("HTTP_REDIRECT", "n").lower() in ("y", "yes"),
   }
 
diff --git a/docker-compose.yml b/docker-compose.yml
index e6b5dc20d..c55158dbb 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -394,7 +394,7 @@ services:
         - php-fpm-mailcow
         - sogo-mailcow
         - rspamd-mailcow
-      image: ghcr.io/mailcow/nginx:1.03
+      image: ghcr.io/mailcow/nginx:1.04
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:
@@ -405,7 +405,7 @@ services:
         - TZ=${TZ}
         - SKIP_SOGO=${SKIP_SOGO:-n}
         - SKIP_RSPAMD=${SKIP_RSPAMD:-n}
-        - DISABLE_IPv6=${DISABLE_IPv6:-n}
+        - ENABLE_IPV6=${ENABLE_IPV6:-true}
         - HTTP_REDIRECT=${HTTP_REDIRECT:-n}
         - PHPFPMHOST=${PHPFPMHOST:-}
         - SOGOHOST=${SOGOHOST:-}
@@ -629,41 +629,12 @@ services:
           aliases:
             - ofelia
 
-    ipv6nat-mailcow:
-      depends_on:
-        - unbound-mailcow
-        - mysql-mailcow
-        - redis-mailcow
-        - clamd-mailcow
-        - rspamd-mailcow
-        - php-fpm-mailcow
-        - sogo-mailcow
-        - dovecot-mailcow
-        - postfix-mailcow
-        - memcached-mailcow
-        - nginx-mailcow
-        - acme-mailcow
-        - netfilter-mailcow
-        - watchdog-mailcow
-        - dockerapi-mailcow
-      environment:
-        - TZ=${TZ}
-      image: robbertkl/ipv6nat
-      security_opt:
-        - label=disable
-      restart: always
-      privileged: true
-      network_mode: "host"
-      volumes:
-        - /var/run/docker.sock:/var/run/docker.sock:ro
-        - /lib/modules:/lib/modules:ro
-
 networks:
   mailcow-network:
     driver: bridge
     driver_opts:
       com.docker.network.bridge.name: br-mailcow
-    enable_ipv6: true
+    enable_ipv6: ${ENABLE_IPV6:-true}
     ipam:
       driver: default
       config:
diff --git a/generate_config.sh b/generate_config.sh
index 61b72109c..9610bf18d 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -1,32 +1,13 @@
 #!/usr/bin/env bash
 
+# Load mailcow Generic Scripts
+source _modules/scripts/core.sh
+source _modules/scripts/ipv6_controller.sh
+
 set -o pipefail
 
-if [[ "$(uname -r)" =~ ^4\.15\.0-60 ]]; then
-  echo "DO NOT RUN mailcow ON THIS UBUNTU KERNEL!";
-  echo "Please update to 5.x or use another distribution."
-  exit 1
-fi
-
-if [[ "$(uname -r)" =~ ^4\.4\. ]]; then
-  if grep -q Ubuntu <<< "$(uname -a)"; then
-    echo "DO NOT RUN mailcow ON THIS UBUNTU KERNEL!";
-    echo "Please update to linux-generic-hwe-16.04 by running \"apt-get install --install-recommends linux-generic-hwe-16.04\""
-    exit 1
-  fi
-fi
-
-if grep --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox grep detected, please install gnu grep, \"apk add --no-cache --upgrade grep\""; exit 1; fi
-# This will also cover sort
-if cp --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\""; exit 1; fi
-if sed --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox sed detected, please install gnu sed, \"apk add --no-cache --upgrade sed\""; exit 1; fi
-
-for bin in openssl curl docker git awk sha1sum grep cut; do
-  if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
-done
-
-# Check Docker Version (need at least 24.X)
-docker_version=$(docker version --format '{{.Server.Version}}' | cut -d '.' -f 1)
+get_installed_tools
+get_docker_version
 
 if [[ $docker_version -lt 24 ]]; then
   echo -e "\e[31mCannot find Docker with a Version higher or equals 24.0.0\e[0m"
@@ -35,65 +16,7 @@ if [[ $docker_version -lt 24 ]]; then
   exit 1
 fi
 
-if docker compose > /dev/null 2>&1; then
-    if docker compose version --short | grep -e "^2." -e "^v2." > /dev/null 2>&1; then
-      COMPOSE_VERSION=native
-      echo -e "\e[33mFound Docker Compose Plugin (native).\e[0m"
-      echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
-      sleep 2
-      echo -e "\e[33mNotice: You'll have to update this Compose Version via your Package Manager manually!\e[0m"
-    else
-      echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
-      echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
-      exit 1
-    fi
-elif docker-compose > /dev/null 2>&1; then
-  if ! [[ $(alias docker-compose 2> /dev/null) ]] ; then
-    if docker-compose version --short | grep "^2." > /dev/null 2>&1; then
-      COMPOSE_VERSION=standalone
-      echo -e "\e[33mFound Docker Compose Standalone.\e[0m"
-      echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m"
-      sleep 2
-      echo -e "\e[33mNotice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.\e[0m"
-    else
-      echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
-      echo -e "\e[31mPlease update/install manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
-      exit 1
-    fi
-  fi
-
-else
-  echo -e "\e[31mCannot find Docker Compose.\e[0m"
-  echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
-  exit 1
-fi
-
-detect_bad_asn() {
-  echo -e "\e[33mDetecting if your IP is listed on Spamhaus Bad ASN List...\e[0m"
-  response=$(curl --connect-timeout 15 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email")
-  if [ "$response" -eq 503 ]; then
-    if [ -z "$SPAMHAUS_DQS_KEY" ]; then
-      echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m"
-      echo -e "\e[33mmailcow did not detected a value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf!\e[0m"
-      sleep 2
-      echo ""
-      echo -e "\e[33mTo use the Spamhaus DNS Blocklists again, you will need to create a FREE account for their Data Query Service (DQS) at: https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account\e[0m"
-      echo -e "\e[33mOnce done, enter your DQS API key in mailcow.conf and mailcow will do the rest for you!\e[0m"
-      echo ""
-      sleep 2
-
-    else
-      echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m"
-      echo -e "\e[32mmailcow detected a Value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf. Postfix will use DQS with the given API key...\e[0m"
-    fi
-  elif [ "$response" -eq 200 ]; then
-    echo -e "\e[33mCheck completed! Your IP is \e[32mclean\e[0m"
-  elif [ "$response" -eq 429 ]; then
-    echo -e "\e[33mCheck completed! \e[31mYour IP seems to be rate limited on the ASN Check service... please try again later!\e[0m"
-  else
-    echo -e "\e[31mCheck failed! \e[0mMaybe a DNS or Network problem?\e[0m"
-  fi
-}
+detect_bad_asn
 
 ### If generate_config.sh is started with --dev or -d it will not check out nightly or master branch and will keep on the current branch
 if [[ ${1} == "--dev" || ${1} == "-d" ]]; then
@@ -217,6 +140,8 @@ if [ ! -z "${MAILCOW_BRANCH}" ]; then
   git_branch=${MAILCOW_BRANCH}
 fi
 
+configure_ipv6
+
 [ ! -f ./data/conf/rspamd/override.d/worker-controller-password.inc ] && echo '# Placeholder' > ./data/conf/rspamd/override.d/worker-controller-password.inc
 
 cat << EOF > mailcow.conf
@@ -510,6 +435,13 @@ WEBAUTHN_ONLY_TRUSTED_VENDORS=n
 # Otherwise it will work normally.
 SPAMHAUS_DQS_KEY=
 
+# IPv6 Controller Section
+# This variable controls the usage of IPv6 within mailcow.
+# Can either be true or false | Defaults to true
+# WARNING: MAKE SURE TO PROPERLY CONFIGURE IPv6 ON YOUR HOST FIRST BEFORE ENABLING THIS AS FAULTY CONFIGURATIONS CAN LEAD TO OPEN RELAYS!
+# A COMPLETE DOCKER STACK REBUILD (compose down && compose up -d) IS NEEDED TO APPLY THIS.
+ENABLE_IPV6=${IPV6_BOOL}
+
 # Prevent netfilter from setting an iptables/nftables rule to isolate the mailcow docker network - y/n
 # CAUTION: Disabling this may expose container ports to other neighbors on the same subnet, even if the ports are bound to localhost
 DISABLE_NETFILTER_ISOLATION_RULE=n
@@ -588,6 +520,4 @@ else
   echo '  $MAILCOW_UPDATEDAT='$(date +%s)';' >> data/web/inc/app_info.inc.php
   echo '?>' >> data/web/inc/app_info.inc.php
   echo -e "\e[33mCannot determine current git repository version...\e[0m"
-fi
-
-detect_bad_asn
+fi
\ No newline at end of file
diff --git a/update.sh b/update.sh
index b7d22bf8a..89dec3e66 100755
--- a/update.sh
+++ b/update.sh
@@ -2,775 +2,23 @@
 
 ############## Begin Function Section ##############
 
-check_online_status() {
-  CHECK_ONLINE_DOMAINS=('https://github.com' 'https://hub.docker.com')
-  for domain in "${CHECK_ONLINE_DOMAINS[@]}"; do
-    if timeout 6 curl --head --silent --output /dev/null ${domain}; then
-      return 0
-    fi
-  done
-  return 1
-}
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+BRANCH="$(cd "${SCRIPT_DIR}" && git rev-parse --abbrev-ref HEAD)"
 
-prefetch_images() {
-  [[ -z ${BRANCH} ]] && { echo -e "\e[33m\nUnknown branch...\e[0m"; exit 1; }
-  git fetch origin #${BRANCH}
-  while read image; do
-    if [[ "${image}" == "robbertkl/ipv6nat" ]]; then
-      if ! grep -qi "ipv6nat-mailcow" docker-compose.yml || grep -qi "enable_ipv6: false" docker-compose.yml; then
-        continue
-      fi
-    fi
-    RET_C=0
-    until docker pull "${image}"; do
-      RET_C=$((RET_C + 1))
-      echo -e "\e[33m\nError pulling $image, retrying...\e[0m"
-      [ ${RET_C} -gt 3 ] && { echo -e "\e[31m\nToo many failed retries, exiting\e[0m"; exit 1; }
-      sleep 1
-    done
-  done < <(git show "origin/${BRANCH}:docker-compose.yml" | grep "image:" | awk '{ gsub("image:","", $3); print $2 }')
-}
-
-docker_garbage() {
-  SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-  IMGS_TO_DELETE=()
-
-  declare -A IMAGES_INFO
-  COMPOSE_IMAGES=($(grep -oP "image: \K(ghcr\.io/)?mailcow.+" "${SCRIPT_DIR}/docker-compose.yml"))
-
-  for existing_image in $(docker images --format "{{.ID}}:{{.Repository}}:{{.Tag}}" | grep -E '(mailcow/|ghcr\.io/mailcow/)'); do
-      ID=$(echo "$existing_image" | cut -d ':' -f 1)
-      REPOSITORY=$(echo "$existing_image" | cut -d ':' -f 2)
-      TAG=$(echo "$existing_image" | cut -d ':' -f 3)
-
-      if [[ "$REPOSITORY" == "mailcow/backup" || "$REPOSITORY" == "ghcr.io/mailcow/backup" ]]; then
-          if [[ "$TAG" != "<none>" ]]; then
-              continue
-          fi
-      fi
-
-      if [[ " ${COMPOSE_IMAGES[@]} " =~ " ${REPOSITORY}:${TAG} " ]]; then
-          continue
-      else
-          IMGS_TO_DELETE+=("$ID")
-          IMAGES_INFO["$ID"]="$REPOSITORY:$TAG"
-      fi
-  done
-
-  if [[ ! -z ${IMGS_TO_DELETE[*]} ]]; then
-      echo "The following unused mailcow images were found:"
-      for id in "${IMGS_TO_DELETE[@]}"; do
-          echo "    ${IMAGES_INFO[$id]} ($id)"
-      done
-
-      if [ -z "$FORCE" ]; then
-          read -r -p "Do you want to delete them to free up some space? [y/N] " response
-          if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-              docker rmi ${IMGS_TO_DELETE[*]}
-          else
-              echo "OK, skipped."
-          fi
-      else
-          echo "Running in forced mode! Force removing old mailcow images..."
-          docker rmi ${IMGS_TO_DELETE[*]}
-      fi
-      echo -e "\e[32mFurther cleanup...\e[0m"
-      echo "If you want to cleanup further garbage collected by Docker, please make sure all containers are up and running before cleaning your system by executing \"docker system prune\""
-  fi
-}
-
-in_array() {
-  local e match="$1"
-  shift
-  for e; do [[ "$e" == "$match" ]] && return 0; done
-  return 1
-}
-
-migrate_docker_nat() {
-  NAT_CONFIG='{"ipv6":true,"fixed-cidr-v6":"fd00:dead:beef:c0::/80","experimental":true,"ip6tables":true}'
-  # Min Docker version
-  DOCKERV_REQ=20.10.2
-  # Current Docker version
-  DOCKERV_CUR=$(docker version -f '{{.Server.Version}}')
-  if grep -qi "ipv6nat-mailcow" docker-compose.yml && grep -qi "enable_ipv6: true" docker-compose.yml; then
-    echo -e "\e[32mNative IPv6 implementation available.\e[0m"
-    echo "This will enable experimental features in the Docker daemon and configure Docker to do the IPv6 NATing instead of ipv6nat-mailcow."
-    echo '!!! This step is recommended !!!'
-    echo "mailcow will try to roll back the changes if starting Docker fails after modifying the daemon.json configuration file."
-    read -r -p "Should we try to enable the native IPv6 implementation in Docker now (recommended)? [y/N] " dockernatresponse
-    if [[ ! "${dockernatresponse}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-      echo "OK, skipping this step."
-      return 0
-    fi
-  fi
-  # Sort versions and check if we are running a newer or equal version to req
-  if [ $(printf "${DOCKERV_REQ}\n${DOCKERV_CUR}" | sort -V | tail -n1) == "${DOCKERV_CUR}" ]; then
-    # If Dockerd daemon json exists
-    if [ -s /etc/docker/daemon.json ]; then
-      IFS=',' read -r -a dockerconfig <<< $(cat /etc/docker/daemon.json | tr -cd '[:alnum:],')
-      if ! in_array ipv6true "${dockerconfig[@]}" || \
-        ! in_array experimentaltrue "${dockerconfig[@]}" || \
-        ! in_array ip6tablestrue "${dockerconfig[@]}" || \
-        ! grep -qi "fixed-cidr-v6" /etc/docker/daemon.json; then
-          echo -e "\e[33mWarning:\e[0m You seem to have modified the /etc/docker/daemon.json configuration by yourself and not fully/correctly activated the native IPv6 NAT implementation."
-          echo "You will need to merge your existing configuration manually or fix/delete the existing daemon.json configuration before trying the update process again."
-          echo -e "Please merge the following content and restart the Docker daemon:\n"
-          echo "${NAT_CONFIG}"
-          return 1
-      fi
-    else
-      echo "Working on IPv6 NAT, please wait..."
-      echo "${NAT_CONFIG}" > /etc/docker/daemon.json
-      ip6tables -F -t nat
-      [[ -e /etc/rc.conf ]] && rc-service docker restart || systemctl restart docker.service
-      if [[ $? -ne 0 ]]; then
-        echo -e "\e[31mError:\e[0m Failed to activate IPv6 NAT! Reverting and exiting."
-        rm /etc/docker/daemon.json
-        if [[ -e /etc/rc.conf ]]; then
-          rc-service docker restart
-        else
-          systemctl reset-failed docker.service
-          systemctl restart docker.service
-        fi
-        return 1
-      fi
-    fi
-    # Removing legacy container
-    sed -i '/ipv6nat-mailcow:$/,/^$/d' docker-compose.yml
-    if [ -s docker-compose.override.yml ]; then
-        sed -i '/ipv6nat-mailcow:$/,/^$/d' docker-compose.override.yml
-        if [[ "$(cat docker-compose.override.yml | sed '/^\s*$/d' | wc -l)" == "2" ]]; then
-            mv docker-compose.override.yml docker-compose.override.yml_backup
-        fi
-    fi
-    echo -e "\e[32mGreat! \e[0mNative IPv6 NAT is active.\e[0m"
-  else
-    echo -e "\e[31mPlease upgrade Docker to version ${DOCKERV_REQ} or above.\e[0m"
-    return 0
-  fi
-}
-
-remove_obsolete_nginx_ports() {
-    # Removing obsolete docker-compose.override.yml
-    for override in docker-compose.override.yml docker-compose.override.yaml; do
-    if [ -s $override ] ; then
-        if cat $override | grep nginx-mailcow > /dev/null 2>&1; then
-          if cat $override | grep -E '(\[::])' > /dev/null 2>&1; then
-            if cat $override | grep -w 80:80 > /dev/null 2>&1 && cat $override | grep -w 443:443 > /dev/null 2>&1 ; then
-              echo -e "\e[33mBacking up ${override} to preserve custom changes...\e[0m"
-              echo -e "\e[33m!!! Manual Merge needed (if other overrides are set) !!!\e[0m"
-              sleep 3
-              cp $override ${override}_backup
-              sed -i '/nginx-mailcow:$/,/^$/d' $override
-              echo -e "\e[33mRemoved obsolete NGINX IPv6 Bind from original override File.\e[0m"
-                if [[ "$(cat $override | sed '/^\s*$/d' | wc -l)" == "2" ]]; then
-                  mv $override ${override}_empty
-                  echo -e "\e[31m${override} is empty. Renamed it to ensure mailcow is startable.\e[0m"
-                fi
-            fi
-          fi
-        fi
-    fi
-    done
-}
-
-detect_docker_compose_command(){
-if ! [[ "${DOCKER_COMPOSE_VERSION}" =~ ^(native|standalone)$ ]]; then
-  if docker compose > /dev/null 2>&1; then
-      if docker compose version --short | grep -e "^2." -e "^v2." > /dev/null 2>&1; then
-        DOCKER_COMPOSE_VERSION=native
-        COMPOSE_COMMAND="docker compose"
-        echo -e "\e[33mFound Docker Compose Plugin (native).\e[0m"
-        echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
-        sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=native/' "$SCRIPT_DIR/mailcow.conf"
-        sleep 2
-        echo -e "\e[33mNotice: You'll have to update this Compose Version via your Package Manager manually!\e[0m"
-      else
-        echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
-        echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
-        exit 1
-      fi
-  elif docker-compose > /dev/null 2>&1; then
-    if ! [[ $(alias docker-compose 2> /dev/null) ]] ; then
-      if docker-compose version --short | grep "^2." > /dev/null 2>&1; then
-        DOCKER_COMPOSE_VERSION=standalone
-        COMPOSE_COMMAND="docker-compose"
-        echo -e "\e[33mFound Docker Compose Standalone.\e[0m"
-        echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m"
-        sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=standalone/' "$SCRIPT_DIR/mailcow.conf"
-        sleep 2
-        echo -e "\e[33mNotice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.\e[0m"
-      else
-        echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
-        echo -e "\e[31mPlease update/install regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
-        exit 1
-      fi
-    fi
-
-  else
-    echo -e "\e[31mCannot find Docker Compose.\e[0m"
-    echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
-    exit 1
-  fi
-
-elif [ "${DOCKER_COMPOSE_VERSION}" == "native" ]; then
-  COMPOSE_COMMAND="docker compose"
-  # Check if Native Compose works and has not been deleted
-  if ! $COMPOSE_COMMAND > /dev/null 2>&1; then
-    # IF it not exists/work anymore try the other command
-    COMPOSE_COMMAND="docker-compose"
-    if ! $COMPOSE_COMMAND > /dev/null 2>&1 || ! $COMPOSE_COMMAND --version | grep "^2." > /dev/null 2>&1; then
-      # IF it cannot find Standalone in > 2.X, then script stops
-      echo -e "\e[31mCannot find Docker Compose or the Version is lower then 2.X.X.\e[0m"
-      echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
-      exit 1
-    fi
-      # If it finds the standalone Plugin it will use this instead and change the mailcow.conf Variable accordingly
-      echo -e "\e[31mFound different Docker Compose Version then declared in mailcow.conf!\e[0m"
-      echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable from native to standalone\e[0m"
-      sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=standalone/' "$SCRIPT_DIR/mailcow.conf"
-      sleep 2
-  fi
-
-
-elif [ "${DOCKER_COMPOSE_VERSION}" == "standalone" ]; then
-  COMPOSE_COMMAND="docker-compose"
-  # Check if Standalone Compose works and has not been deleted
-  if ! $COMPOSE_COMMAND > /dev/null 2>&1 && ! $COMPOSE_COMMAND --version > /dev/null 2>&1 | grep "^2." > /dev/null 2>&1; then
-    # IF it not exists/work anymore try the other command
-    COMPOSE_COMMAND="docker compose"
-    if ! $COMPOSE_COMMAND > /dev/null 2>&1; then
-      # IF it cannot find Native in > 2.X, then script stops
-      echo -e "\e[31mCannot find Docker Compose.\e[0m"
-      echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
-      exit 1
-    fi
-      # If it finds the native Plugin it will use this instead and change the mailcow.conf Variable accordingly
-      echo -e "\e[31mFound different Docker Compose Version then declared in mailcow.conf!\e[0m"
-      echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable from standalone to native\e[0m"
-      sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=native/' "$SCRIPT_DIR/mailcow.conf"
-      sleep 2
-  fi
+MODULE_DIR="${SCRIPT_DIR}/_modules"
+if [[ ! -d "${MODULE_DIR}" || -z "$(ls -A "${MODULE_DIR}")" ]]; then
+  echo -e "\e[33m_modules is missing or empty – fetching all Modules from origin/${BRANCH}…\e[0m"
+  git fetch origin "${BRANCH}"
+  git checkout "origin/${BRANCH}" -- _modules
+  echo -e "\e[33mDone. Please restart the script...\e[0m"
+  exit 2
 fi
-}
 
-detect_bad_asn() {
-  echo -e "\e[33mDetecting if your IP is listed on Spamhaus Bad ASN List...\e[0m"
-  response=$(curl --connect-timeout 15 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email")
-  if [ "$response" -eq 503 ]; then
-    if [ -z "$SPAMHAUS_DQS_KEY" ]; then
-      echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m"
-      echo -e "\e[33mmailcow did not detected a value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf!\e[0m"
-      sleep 2
-      echo ""
-      echo -e "\e[33mTo use the Spamhaus DNS Blocklists again, you will need to create a FREE account for their Data Query Service (DQS) at: https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account\e[0m"
-      echo -e "\e[33mOnce done, enter your DQS API key in mailcow.conf and mailcow will do the rest for you!\e[0m"
-      echo ""
-      sleep 2
+source _modules/scripts/core.sh
+source _modules/scripts/ipv6_controller.sh
+source _modules/scripts/new_options.sh
+source _modules/scripts/migrate_options.sh
 
-    else
-      echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m"
-      echo -e "\e[32mmailcow detected a Value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf. Postfix will use DQS with the given API key...\e[0m"
-    fi
-  elif [ "$response" -eq 200 ]; then
-    echo -e "\e[33mCheck completed! Your IP is \e[32mclean\e[0m"
-  elif [ "$response" -eq 429 ]; then
-    echo -e "\e[33mCheck completed! \e[31mYour IP seems to be rate limited on the ASN Check service... please try again later!\e[0m"
-  else
-    echo -e "\e[31mCheck failed! \e[0mMaybe a DNS or Network problem?\e[0m"
-  fi
-}
-
-fix_broken_dnslist_conf() {
-
-# Fixing issue: #6143. To be removed in a later patch
-
-  local file="${SCRIPT_DIR}/data/conf/postfix/dns_blocklists.cf"
-    # Check if the file exists
-  if [[ ! -f "$file" ]]; then
-      return 1
-  fi
-
-  # Check if the file contains the autogenerated comment
-  if grep -q "# Autogenerated by mailcow" "$file"; then
-      # Ask the user if custom changes were made
-      echo -e "\e[91mWARNING!!! \e[31mAn old version of dns_blocklists.cf has been detected which may cause a broken postfix upon startup (see: https://github.com/mailcow/mailcow-dockerized/issues/6143)...\e[0m"
-      echo -e "\e[31mIf you have any custom settings in there you might copy it away and adapt the changes after the file is regenerated...\e[0m"
-      read -p "Do you want to delete the file now and let mailcow regenerate it properly? [y/n]" response
-      if [[ "${response}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-        rm "$file"
-        echo -e "\e[32mdns_blocklists.cf has been deleted and will be properly regenerated"
-        return 0
-      else
-        echo -e "\e[35mOk, not deleting it! Please make sure you take a look at postfix upon start then..."
-        return 2
-      fi
-  fi
-
-}
-
-adapt_new_options() {
-
-  CONFIG_ARRAY=(
-  "SKIP_LETS_ENCRYPT"
-  "SKIP_SOGO"
-  "USE_WATCHDOG"
-  "WATCHDOG_NOTIFY_EMAIL"
-  "WATCHDOG_NOTIFY_WEBHOOK"
-  "WATCHDOG_NOTIFY_WEBHOOK_BODY"
-  "WATCHDOG_NOTIFY_BAN"
-  "WATCHDOG_NOTIFY_START"
-  "WATCHDOG_EXTERNAL_CHECKS"
-  "WATCHDOG_SUBJECT"
-  "SKIP_CLAMD"
-  "SKIP_OLEFY"
-  "SKIP_IP_CHECK"
-  "ADDITIONAL_SAN"
-  "DOVEADM_PORT"
-  "IPV4_NETWORK"
-  "IPV6_NETWORK"
-  "LOG_LINES"
-  "SNAT_TO_SOURCE"
-  "SNAT6_TO_SOURCE"
-  "COMPOSE_PROJECT_NAME"
-  "DOCKER_COMPOSE_VERSION"
-  "SQL_PORT"
-  "API_KEY"
-  "API_KEY_READ_ONLY"
-  "API_ALLOW_FROM"
-  "MAILDIR_GC_TIME"
-  "MAILDIR_SUB"
-  "ACL_ANYONE"
-  "FTS_HEAP"
-  "FTS_PROCS"
-  "SKIP_FTS"
-  "ENABLE_SSL_SNI"
-  "ALLOW_ADMIN_EMAIL_LOGIN"
-  "SKIP_HTTP_VERIFICATION"
-  "SOGO_EXPIRE_SESSION"
-  "REDIS_PORT"
-  "DOVECOT_MASTER_USER"
-  "DOVECOT_MASTER_PASS"
-  "MAILCOW_PASS_SCHEME"
-  "ADDITIONAL_SERVER_NAMES"
-  "WATCHDOG_VERBOSE"
-  "WEBAUTHN_ONLY_TRUSTED_VENDORS"
-  "SPAMHAUS_DQS_KEY"
-  "SKIP_UNBOUND_HEALTHCHECK"
-  "DISABLE_NETFILTER_ISOLATION_RULE"
-  "HTTP_REDIRECT"
-  )
-
-  sed -i --follow-symlinks '$a\' mailcow.conf
-  for option in ${CONFIG_ARRAY[@]}; do
-    if [[ ${option} == "ADDITIONAL_SAN" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo "${option}=" >> mailcow.conf
-      fi
-    elif [[ ${option} == "COMPOSE_PROJECT_NAME" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo "COMPOSE_PROJECT_NAME=mailcowdockerized" >> mailcow.conf
-      fi
-    elif [[ ${option} == "DOCKER_COMPOSE_VERSION" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo "# Used Docker Compose version" >> mailcow.conf
-        echo "# Switch here between native (compose plugin) and standalone" >> mailcow.conf
-        echo "# For more informations take a look at the mailcow docs regarding the configuration options." >> mailcow.conf
-        echo "# Normally this should be untouched but if you decided to use either of those you can switch it manually here." >> mailcow.conf
-        echo "# Please be aware that at least one of those variants should be installed on your maschine or mailcow will fail." >> mailcow.conf
-        echo "" >> mailcow.conf
-        echo "DOCKER_COMPOSE_VERSION=${DOCKER_COMPOSE_VERSION}" >> mailcow.conf
-      fi
-    elif [[ ${option} == "DOVEADM_PORT" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo "DOVEADM_PORT=127.0.0.1:19991" >> mailcow.conf
-      fi
-    elif [[ ${option} == "WATCHDOG_NOTIFY_EMAIL" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo "WATCHDOG_NOTIFY_EMAIL=" >> mailcow.conf
-      fi
-    elif [[ ${option} == "LOG_LINES" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Max log lines per service to keep in Redis logs' >> mailcow.conf
-        echo "LOG_LINES=9999" >> mailcow.conf
-      fi
-    elif [[ ${option} == "IPV4_NETWORK" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Internal IPv4 /24 subnet, format n.n.n. (expands to n.n.n.0/24)' >> mailcow.conf
-        echo "IPV4_NETWORK=172.22.1" >> mailcow.conf
-      fi
-    elif [[ ${option} == "IPV6_NETWORK" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Internal IPv6 subnet in fc00::/7' >> mailcow.conf
-        echo "IPV6_NETWORK=fd4d:6169:6c63:6f77::/64" >> mailcow.conf
-      fi
-    elif [[ ${option} == "SQL_PORT" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Bind SQL to 127.0.0.1 on port 13306' >> mailcow.conf
-        echo "SQL_PORT=127.0.0.1:13306" >> mailcow.conf
-      fi
-    elif [[ ${option} == "API_KEY" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Create or override API key for web UI' >> mailcow.conf
-        echo "#API_KEY=" >> mailcow.conf
-      fi
-    elif [[ ${option} == "API_KEY_READ_ONLY" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Create or override read-only API key for web UI' >> mailcow.conf
-        echo "#API_KEY_READ_ONLY=" >> mailcow.conf
-      fi
-    elif [[ ${option} == "API_ALLOW_FROM" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Must be set for API_KEY to be active' >> mailcow.conf
-        echo '# IPs only, no networks (networks can be set via UI)' >> mailcow.conf
-        echo "#API_ALLOW_FROM=" >> mailcow.conf
-      fi
-    elif [[ ${option} == "SNAT_TO_SOURCE" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Use this IPv4 for outgoing connections (SNAT)' >> mailcow.conf
-        echo "#SNAT_TO_SOURCE=" >> mailcow.conf
-      fi
-    elif [[ ${option} == "SNAT6_TO_SOURCE" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Use this IPv6 for outgoing connections (SNAT)' >> mailcow.conf
-        echo "#SNAT6_TO_SOURCE=" >> mailcow.conf
-      fi
-    elif [[ ${option} == "MAILDIR_GC_TIME" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Garbage collector cleanup' >> mailcow.conf
-        echo '# Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring' >> mailcow.conf
-        echo '# How long should objects remain in the garbage until they are being deleted? (value in minutes)' >> mailcow.conf
-        echo '# Check interval is hourly' >> mailcow.conf
-        echo 'MAILDIR_GC_TIME=1440' >> mailcow.conf
-      fi
-    elif [[ ${option} == "ACL_ANYONE" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Set this to "allow" to enable the anyone pseudo user. Disabled by default.' >> mailcow.conf
-        echo '# When enabled, ACL can be created, that apply to "All authenticated users"' >> mailcow.conf
-        echo '# This should probably only be activated on mail hosts, that are used exclusivly by one organisation.' >> mailcow.conf
-        echo '# Otherwise a user might share data with too many other users.' >> mailcow.conf
-        echo 'ACL_ANYONE=disallow' >> mailcow.conf
-      fi
-    elif [[ ${option} == "FTS_HEAP" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Dovecot Indexing (FTS) Process maximum heap size in MB, there is no recommendation, please see Dovecot docs.' >> mailcow.conf
-        echo '# Flatcurve is used as FTS Engine. It is supposed to be pretty efficient in CPU and RAM consumption.' >> mailcow.conf
-        echo '# Please always monitor your Resource consumption!' >> mailcow.conf
-        echo "FTS_HEAP=128" >> mailcow.conf
-      fi
-    elif [[ ${option} == "SKIP_FTS" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Skip FTS (Fulltext Search) for Dovecot on low-memory, low-threaded systems or if you simply want to disable it.' >> mailcow.conf
-        echo "# Dovecot inside mailcow use Flatcurve as FTS Backend." >> mailcow.conf
-        echo "SKIP_FTS=y" >> mailcow.conf
-      fi
-    elif [[ ${option} == "FTS_PROCS" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Controls how many processes the Dovecot indexing process can spawn at max.' >> mailcow.conf
-        echo '# Too many indexing processes can use a lot of CPU and Disk I/O' >> mailcow.conf
-        echo '# Please visit: https://doc.dovecot.org/configuration_manual/service_configuration/#indexer-worker for more informations' >> mailcow.conf
-        echo "FTS_PROCS=1" >> mailcow.conf
-      fi
-    elif [[ ${option} == "ENABLE_SSL_SNI" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Create seperate certificates for all domains - y/n' >> mailcow.conf
-        echo '# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames' >> mailcow.conf
-        echo '# see https://wiki.dovecot.org/SSL/SNIClientSupport' >> mailcow.conf
-        echo "ENABLE_SSL_SNI=n" >> mailcow.conf
-      fi
-    elif [[ ${option} == "SKIP_SOGO" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n' >> mailcow.conf
-        echo "SKIP_SOGO=n" >> mailcow.conf
-      fi
-    elif [[ ${option} == "MAILDIR_SUB" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# MAILDIR_SUB defines a path in a users virtual home to keep the maildir in. Leave empty for updated setups.' >> mailcow.conf
-        echo "#MAILDIR_SUB=Maildir" >> mailcow.conf
-        echo "MAILDIR_SUB=" >> mailcow.conf
-      fi
-    elif [[ ${option} == "WATCHDOG_NOTIFY_WEBHOOK" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Send notifications to a webhook URL that receives a POST request with the content type "application/json".' >> mailcow.conf
-        echo '# You can use this to send notifications to services like Discord, Slack and others.' >> mailcow.conf
-        echo '#WATCHDOG_NOTIFY_WEBHOOK=https://discord.com/api/webhooks/XXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' >> mailcow.conf
-      fi
-    elif [[ ${option} == "WATCHDOG_NOTIFY_WEBHOOK_BODY" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# JSON body included in the webhook POST request. Needs to be in single quotes.' >> mailcow.conf
-        echo '# Following variables are available: SUBJECT, BODY' >> mailcow.conf
-        WEBHOOK_BODY='{"username": "mailcow Watchdog", "content": "**${SUBJECT}**\n${BODY}"}'
-        echo "#WATCHDOG_NOTIFY_WEBHOOK_BODY='${WEBHOOK_BODY}'" >> mailcow.conf
-      fi
-    elif [[ ${option} == "WATCHDOG_NOTIFY_BAN" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Notify about banned IP. Includes whois lookup.' >> mailcow.conf
-        echo "WATCHDOG_NOTIFY_BAN=y" >> mailcow.conf
-      fi
-    elif [[ ${option} == "WATCHDOG_NOTIFY_START" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Send a notification when the watchdog is started.' >> mailcow.conf
-        echo "WATCHDOG_NOTIFY_START=y" >> mailcow.conf
-      fi
-    elif [[ ${option} == "WATCHDOG_SUBJECT" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Subject for watchdog mails. Defaults to "Watchdog ALERT" followed by the error message.' >> mailcow.conf
-        echo "#WATCHDOG_SUBJECT=" >> mailcow.conf
-      fi
-    elif [[ ${option} == "WATCHDOG_EXTERNAL_CHECKS" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Checks if mailcow is an open relay. Requires a SAL. More checks will follow.' >> mailcow.conf
-        echo '# No data is collected. Opt-in and anonymous.' >> mailcow.conf
-        echo '# Will only work with unmodified mailcow setups.' >> mailcow.conf
-        echo "WATCHDOG_EXTERNAL_CHECKS=n" >> mailcow.conf
-      fi
-    elif [[ ${option} == "SOGO_EXPIRE_SESSION" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# SOGo session timeout in minutes' >> mailcow.conf
-        echo "SOGO_EXPIRE_SESSION=480" >> mailcow.conf
-      fi
-    elif [[ ${option} == "REDIS_PORT" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo "REDIS_PORT=127.0.0.1:7654" >> mailcow.conf
-      fi
-    elif [[ ${option} == "DOVECOT_MASTER_USER" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# DOVECOT_MASTER_USER and _PASS must _both_ be provided. No special chars.' >> mailcow.conf
-        echo '# Empty by default to auto-generate master user and password on start.' >> mailcow.conf
-        echo '# User expands to DOVECOT_MASTER_USER@mailcow.local' >> mailcow.conf
-        echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
-        echo "DOVECOT_MASTER_USER=" >> mailcow.conf
-      fi
-    elif [[ ${option} == "DOVECOT_MASTER_PASS" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
-        echo "DOVECOT_MASTER_PASS=" >> mailcow.conf
-      fi
-    elif [[ ${option} == "MAILCOW_PASS_SCHEME" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Password hash algorithm' >> mailcow.conf
-        echo '# Only certain password hash algorithm are supported. For a fully list of supported schemes,' >> mailcow.conf
-        echo '# see https://docs.mailcow.email/models/model-passwd/' >> mailcow.conf
-        echo "MAILCOW_PASS_SCHEME=BLF-CRYPT" >> mailcow.conf
-      fi
-    elif [[ ${option} == "ADDITIONAL_SERVER_NAMES" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Additional server names for mailcow UI' >> mailcow.conf
-        echo '#' >> mailcow.conf
-        echo '# Specify alternative addresses for the mailcow UI to respond to' >> mailcow.conf
-        echo '# This is useful when you set mail.* as ADDITIONAL_SAN and want to make sure mail.maildomain.com will always point to the mailcow UI.' >> mailcow.conf
-        echo '# If the server name does not match a known site, Nginx decides by best-guess and may redirect users to the wrong web root.' >> mailcow.conf
-        echo '# You can understand this as server_name directive in Nginx.' >> mailcow.conf
-        echo '# Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f' >> mailcow.conf
-        echo 'ADDITIONAL_SERVER_NAMES=' >> mailcow.conf
-      fi
-    elif [[ ${option} == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo "# WebAuthn device manufacturer verification" >> mailcow.conf
-        echo '# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed' >> mailcow.conf
-        echo '# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates' >> mailcow.conf
-        echo 'WEBAUTHN_ONLY_TRUSTED_VENDORS=n' >> mailcow.conf
-      fi
-    elif [[ ${option} == "SPAMHAUS_DQS_KEY" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo "# Spamhaus Data Query Service Key" >> mailcow.conf
-        echo '# Optional: Leave empty for none' >> mailcow.conf
-        echo '# Enter your key here if you are using a blocked ASN (OVH, AWS, Cloudflare e.g) for the unregistered Spamhaus Blocklist.' >> mailcow.conf
-        echo '# If empty, it will completely disable Spamhaus blocklists if it detects that you are running on a server using a blocked AS.' >> mailcow.conf
-        echo '# Otherwise it will work as usual.' >> mailcow.conf
-        echo 'SPAMHAUS_DQS_KEY=' >> mailcow.conf
-      fi
-    elif [[ ${option} == "WATCHDOG_VERBOSE" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Enable watchdog verbose logging' >> mailcow.conf
-        echo 'WATCHDOG_VERBOSE=n' >> mailcow.conf
-      fi
-    elif [[ ${option} == "SKIP_UNBOUND_HEALTHCHECK" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n' >> mailcow.conf
-        echo 'SKIP_UNBOUND_HEALTHCHECK=n' >> mailcow.conf
-      fi
-    elif [[ ${option} == "DISABLE_NETFILTER_ISOLATION_RULE" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Prevent netfilter from setting an iptables/nftables rule to isolate the mailcow docker network - y/n' >> mailcow.conf
-        echo '# CAUTION: Disabling this may expose container ports to other neighbors on the same subnet, even if the ports are bound to localhost' >> mailcow.conf
-        echo 'DISABLE_NETFILTER_ISOLATION_RULE=n' >> mailcow.conf
-      fi
-    elif [[ ${option} == "HTTP_REDIRECT" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Redirect HTTP connections to HTTPS - y/n' >> mailcow.conf
-        echo 'HTTP_REDIRECT=n' >> mailcow.conf
-      fi
-    elif ! grep -q ${option} mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo "${option}=n" >> mailcow.conf
-    fi
-  done
-}
-
-migrate_solr_config_options() {
-
-  sed -i --follow-symlinks '$a\' mailcow.conf
-
-  if grep -q "SOLR_HEAP" mailcow.conf; then
-    echo "Removing SOLR_HEAP in mailcow.conf"
-    sed -i '/# Solr heap size in MB\b/d' mailcow.conf
-    sed -i '/# Solr is a prone to run\b/d' mailcow.conf
-    sed -i '/SOLR_HEAP\b/d' mailcow.conf
-  fi
-
-  if grep -q "SKIP_SOLR" mailcow.conf; then
-    echo "Removing SKIP_SOLR in mailcow.conf"
-    sed -i '/\bSkip Solr on low-memory\b/d' mailcow.conf
-    sed -i '/\bSolr is disabled by default\b/d' mailcow.conf
-    sed -i '/\bDisable Solr or\b/d' mailcow.conf
-    sed -i '/\bSKIP_SOLR\b/d' mailcow.conf
-  fi
-
-  if grep -q "SOLR_PORT" mailcow.conf; then
-    echo "Removing SOLR_PORT in mailcow.conf"
-    sed -i '/\bSOLR_PORT\b/d' mailcow.conf
-  fi
-
-  if grep -q "FLATCURVE_EXPERIMENTAL" mailcow.conf; then
-    echo "Removing FLATCURVE_EXPERIMENTAL in mailcow.conf"
-    sed -i '/\bFLATCURVE_EXPERIMENTAL\b/d' mailcow.conf
-  fi
-
-  solr_volume=$(docker volume ls -qf name=^${COMPOSE_PROJECT_NAME}_solr-vol-1)
-  if [[ -n $solr_volume ]]; then
-    echo -e "\e[34mSolr has been replaced within mailcow since 2025-01.\nThe volume $solr_volume is unused.\e[0m"
-    sleep 1
-    if [ ! "$FORCE" ]; then
-      read -r -p "Remove $solr_volume? [y/N] " response
-      if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-        echo -e "\e[33mRemoving $solr_volume...\e[0m"
-        docker volume rm $solr_volume || echo -e "\e[31mFailed to remove. Remove it manually!\e[0m"
-        echo -e "\e[32mSuccessfully removed $solr_volume!\e[0m"
-      else
-        echo -e "Not removing $solr_volume. Run \`docker volume rm $solr_volume\` manually if needed."
-      fi
-    else
-      echo -e "\e[33mForce removing $solr_volume...\e[0m"
-      docker volume rm $solr_volume || echo -e "\e[31mFailed to remove. Remove it manually!\e[0m"
-      echo -e "\e[32mSuccessfully removed $solr_volume!\e[0m"
-    fi
-  fi
-
-  # Delete old fts.conf before forced switch to flatcurve to ensure update is working properly
-  FTS_CONF_PATH="${SCRIPT_DIR}/data/conf/dovecot/conf.d/fts.conf"
-  if [[ -f "$FTS_CONF_PATH" ]]; then
-    if grep -q "Autogenerated by mailcow" "$FTS_CONF_PATH"; then
-      rm -rf $FTS_CONF_PATH
-    fi
-  fi
-}
-
-detect_major_update() {
-  if [ ${BRANCH} == "master" ]; then
-    # Array with major versions
-    # Add major versions here
-    MAJOR_VERSIONS=(
-      "2025-02"
-      "2025-03"
-    )
-
-    current_version=""
-    if [[ -f "${SCRIPT_DIR}/data/web/inc/app_info.inc.php" ]]; then
-      current_version=$(grep 'MAILCOW_GIT_VERSION' ${SCRIPT_DIR}/data/web/inc/app_info.inc.php | sed -E 's/.*MAILCOW_GIT_VERSION="([^"]+)".*/\1/')
-    fi
-    if [[ -z "$current_version" ]]; then
-      return 1
-    fi
-    release_url="https://github.com/mailcow/mailcow-dockerized/releases/tag"
-
-    updates_to_apply=()
-
-    for version in "${MAJOR_VERSIONS[@]}"; do
-      if [[ "$current_version" < "$version" ]]; then
-        updates_to_apply+=("$version")
-      fi
-    done
-
-    if [[ ${#updates_to_apply[@]} -gt 0 ]]; then
-      echo -e "\e[33m\nMAJOR UPDATES to be applied:\e[0m"
-      for update in "${updates_to_apply[@]}"; do
-        echo "$update - $release_url/$update"
-      done
-
-      echo -e "\nPlease read the release notes before proceeding."
-      read -p "Do you want to proceed with the update? [y/n] " response
-      if [[ "${response}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-        echo "Proceeding with the update..."
-      else
-        echo "Update canceled. Exiting."
-        exit 1
-      fi
-    fi
-  fi
-}
-
-remove_obsolete_options() {
-  OBSOLETE_OPTIONS=(
-    "ACME_CONTACT"
-  )
-
-  for option in "${OBSOLETE_OPTIONS[@]}"; do
-    if [[ "$option" == "ACME_CONTACT" ]]; then
-      sed -i '/^# Lets Encrypt registration contact information/d' mailcow.conf
-      sed -i "/^# Let's Encrypt registration contact information/d" mailcow.conf
-      sed -i '/^# Optional: Leave empty for none/d' mailcow.conf
-      sed -i '/^# This value is only used on first order!/d' mailcow.conf
-      sed -i '/^# Setting it at a later point will require the following steps:/d' mailcow.conf
-      sed -i '/^# https:\/\/docs.mailcow.email\/troubleshooting\/debug-reset_tls\//d' mailcow.conf
-      sed -i '/^ACME_CONTACT=.*/d' mailcow.conf
-      sed -i '/^#ACME_CONTACT=.*/d' mailcow.conf
-    else
-      sed -i "/^${option}=.*/d" mailcow.conf
-      sed -i "/^#${option}=.*/d" mailcow.conf
-    fi
-  done
-}
 ############## End Function Section ##############
 
 # Check permissions
@@ -786,22 +34,6 @@ if [ -f "${SCRIPT_DIR}/pre_update_hook.sh" ]; then
   bash "${SCRIPT_DIR}/pre_update_hook.sh"
 fi
 
-if [[ "$(uname -r)" =~ ^4\.15\.0-60 ]]; then
-  echo "DO NOT RUN mailcow ON THIS UBUNTU KERNEL!";
-  echo "Please update to 5.x or use another distribution."
-  exit 1
-fi
-
-if [[ "$(uname -r)" =~ ^4\.4\. ]]; then
-  if grep -q Ubuntu <<< "$(uname -a)"; then
-    echo "DO NOT RUN mailcow ON THIS UBUNTU KERNEL!"
-    echo "Please update to linux-generic-hwe-16.04 by running \"apt-get install --install-recommends linux-generic-hwe-16.04\""
-    exit 1
-  fi
-  echo "mailcow on a 4.4.x kernel is not supported. It may or may not work, please upgrade your kernel or continue at your own risk."
-  read -p "Press any key to continue..." < /dev/tty
-fi
-
 # Exit on error and pipefail
 set -o pipefail
 
@@ -817,22 +49,9 @@ umask 0022
 unset COMPOSE_COMMAND
 unset DOCKER_COMPOSE_VERSION
 
-for bin in curl docker git awk sha1sum grep cut; do
-  if [[ -z $(command -v ${bin}) ]]; then
-  echo "Cannot find ${bin}, exiting..."
-  exit 1;
-  fi
-done
+get_installed_tools
 
-# Check Docker Version (need at least 24.X)
-docker_version=$(docker -v | grep -oP '\d+\.\d+\.\d+' | cut -d '.' -f 1 | head -1)
-
-if [[ $docker_version -lt 24 ]]; then
-  echo -e "\e[31mCannot find Docker with a Version higher or equals 24.0.0\e[0m"
-  echo -e "\e[33mmailcow needs a newer Docker version to work properly... continuing on your own risk!\e[0m"
-  echo -e "\e[31mPlease update your Docker installation... sleeping 10s\e[0m"
-  sleep 10
-fi
+get_docker_version
 
 export LC_ALL=C
 DATE=$(date +%Y-%m-%d_%H_%M_%S)
@@ -936,9 +155,7 @@ done
 chmod 600 mailcow.conf
 source mailcow.conf
 
-detect_docker_compose_command
-
-fix_broken_dnslist_conf
+get_compose_type
 
 DOTS=${MAILCOW_HOSTNAME//[^.]};
 if [ ${#DOTS} -lt 1 ]; then
@@ -961,349 +178,8 @@ elif [ ${#DOTS} -eq 1 ]; then
   fi
 fi
 
-if grep --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox grep detected, please install gnu grep, \"apk add --no-cache --upgrade grep\""; exit 1; fi
-# This will also cover sort
-if cp --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\""; exit 1; fi
-if sed --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox sed detected, please install gnu sed, \"apk add --no-cache --upgrade sed\""; exit 1; fi
-
-CONFIG_ARRAY=(
-  "SKIP_LETS_ENCRYPT"
-  "SKIP_SOGO"
-  "USE_WATCHDOG"
-  "WATCHDOG_NOTIFY_EMAIL"
-  "WATCHDOG_NOTIFY_WEBHOOK"
-  "WATCHDOG_NOTIFY_WEBHOOK_BODY"
-  "WATCHDOG_NOTIFY_BAN"
-  "WATCHDOG_NOTIFY_START"
-  "WATCHDOG_EXTERNAL_CHECKS"
-  "WATCHDOG_SUBJECT"
-  "SKIP_CLAMD"
-  "SKIP_OLEFY"
-  "SKIP_IP_CHECK"
-  "ADDITIONAL_SAN"
-  "AUTODISCOVER_SAN"
-  "DOVEADM_PORT"
-  "IPV4_NETWORK"
-  "IPV6_NETWORK"
-  "LOG_LINES"
-  "SNAT_TO_SOURCE"
-  "SNAT6_TO_SOURCE"
-  "COMPOSE_PROJECT_NAME"
-  "DOCKER_COMPOSE_VERSION"
-  "SQL_PORT"
-  "API_KEY"
-  "API_KEY_READ_ONLY"
-  "API_ALLOW_FROM"
-  "MAILDIR_GC_TIME"
-  "MAILDIR_SUB"
-  "ACL_ANYONE"
-  "ENABLE_SSL_SNI"
-  "ALLOW_ADMIN_EMAIL_LOGIN"
-  "SKIP_HTTP_VERIFICATION"
-  "SOGO_EXPIRE_SESSION"
-  "REDIS_PORT"
-  "DOVECOT_MASTER_USER"
-  "DOVECOT_MASTER_PASS"
-  "MAILCOW_PASS_SCHEME"
-  "ADDITIONAL_SERVER_NAMES"
-  "WATCHDOG_VERBOSE"
-  "WEBAUTHN_ONLY_TRUSTED_VENDORS"
-  "SPAMHAUS_DQS_KEY"
-  "SKIP_UNBOUND_HEALTHCHECK"
-  "DISABLE_NETFILTER_ISOLATION_RULE"
-  "REDISPASS"
-)
-
 detect_bad_asn
 
-sed -i --follow-symlinks '$a\' mailcow.conf
-for option in "${CONFIG_ARRAY[@]}"; do
-  if [[ ${option} == "ADDITIONAL_SAN" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo "${option}=" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "COMPOSE_PROJECT_NAME" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo "COMPOSE_PROJECT_NAME=mailcowdockerized" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "DOCKER_COMPOSE_VERSION" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo "# Used Docker Compose version" >> mailcow.conf
-      echo "# Switch here between native (compose plugin) and standalone" >> mailcow.conf
-      echo "# For more informations take a look at the mailcow docs regarding the configuration options." >> mailcow.conf
-      echo "# Normally this should be untouched but if you decided to use either of those you can switch it manually here." >> mailcow.conf
-      echo "# Please be aware that at least one of those variants should be installed on your maschine or mailcow will fail." >> mailcow.conf
-      echo "" >> mailcow.conf
-      echo "DOCKER_COMPOSE_VERSION=${DOCKER_COMPOSE_VERSION}" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "DOVEADM_PORT" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo "DOVEADM_PORT=127.0.0.1:19991" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "WATCHDOG_NOTIFY_EMAIL" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo "WATCHDOG_NOTIFY_EMAIL=" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "LOG_LINES" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Max log lines per service to keep in Redis logs' >> mailcow.conf
-      echo "LOG_LINES=9999" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "IPV4_NETWORK" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Internal IPv4 /24 subnet, format n.n.n. (expands to n.n.n.0/24)' >> mailcow.conf
-      echo "IPV4_NETWORK=172.22.1" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "IPV6_NETWORK" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Internal IPv6 subnet in fc00::/7' >> mailcow.conf
-      echo "IPV6_NETWORK=fd4d:6169:6c63:6f77::/64" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "SQL_PORT" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Bind SQL to 127.0.0.1 on port 13306' >> mailcow.conf
-      echo "SQL_PORT=127.0.0.1:13306" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "API_KEY" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Create or override API key for web UI' >> mailcow.conf
-      echo "#API_KEY=" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "API_KEY_READ_ONLY" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Create or override read-only API key for web UI' >> mailcow.conf
-      echo "#API_KEY_READ_ONLY=" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "API_ALLOW_FROM" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Must be set for API_KEY to be active' >> mailcow.conf
-      echo '# IPs only, no networks (networks can be set via UI)' >> mailcow.conf
-      echo "#API_ALLOW_FROM=" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "SNAT_TO_SOURCE" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Use this IPv4 for outgoing connections (SNAT)' >> mailcow.conf
-      echo "#SNAT_TO_SOURCE=" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "SNAT6_TO_SOURCE" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Use this IPv6 for outgoing connections (SNAT)' >> mailcow.conf
-      echo "#SNAT6_TO_SOURCE=" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "MAILDIR_GC_TIME" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Garbage collector cleanup' >> mailcow.conf
-      echo '# Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring' >> mailcow.conf
-      echo '# How long should objects remain in the garbage until they are being deleted? (value in minutes)' >> mailcow.conf
-      echo '# Check interval is hourly' >> mailcow.conf
-      echo 'MAILDIR_GC_TIME=1440' >> mailcow.conf
-    fi
-  elif [[ "${option}" == "ACL_ANYONE" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Set this to "allow" to enable the anyone pseudo user. Disabled by default.' >> mailcow.conf
-      echo '# When enabled, ACL can be created, that apply to "All authenticated users"' >> mailcow.conf
-      echo '# This should probably only be activated on mail hosts, that are used exclusivly by one organisation.' >> mailcow.conf
-      echo '# Otherwise a user might share data with too many other users.' >> mailcow.conf
-      echo 'ACL_ANYONE=disallow' >> mailcow.conf
-    fi
-  elif [[ "${option}" == "ENABLE_SSL_SNI" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Create seperate certificates for all domains - y/n' >> mailcow.conf
-      echo '# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames' >> mailcow.conf
-      echo '# see https://wiki.dovecot.org/SSL/SNIClientSupport' >> mailcow.conf
-      echo "ENABLE_SSL_SNI=n" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "SKIP_SOGO" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n' >> mailcow.conf
-      echo "SKIP_SOGO=n" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "MAILDIR_SUB" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# MAILDIR_SUB defines a path in a users virtual home to keep the maildir in. Leave empty for updated setups.' >> mailcow.conf
-      echo "#MAILDIR_SUB=Maildir" >> mailcow.conf
-      echo "MAILDIR_SUB=" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "WATCHDOG_NOTIFY_WEBHOOK" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Send notifications to a webhook URL that receives a POST request with the content type "application/json".' >> mailcow.conf
-      echo '# You can use this to send notifications to services like Discord, Slack and others.' >> mailcow.conf
-      echo '#WATCHDOG_NOTIFY_WEBHOOK=https://discord.com/api/webhooks/XXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' >> mailcow.conf
-    fi
-  elif [[ "${option}" == "WATCHDOG_NOTIFY_WEBHOOK_BODY" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# JSON body included in the webhook POST request. Needs to be in single quotes.' >> mailcow.conf
-      echo '# Following variables are available: SUBJECT, BODY' >> mailcow.conf
-      WEBHOOK_BODY='{"username": "mailcow Watchdog", "content": "**${SUBJECT}**\n${BODY}"}'
-      echo "#WATCHDOG_NOTIFY_WEBHOOK_BODY='${WEBHOOK_BODY}'" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "WATCHDOG_NOTIFY_BAN" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Notify about banned IP. Includes whois lookup.' >> mailcow.conf
-      echo "WATCHDOG_NOTIFY_BAN=y" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "WATCHDOG_NOTIFY_START" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Send a notification when the watchdog is started.' >> mailcow.conf
-      echo "WATCHDOG_NOTIFY_START=y" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "WATCHDOG_SUBJECT" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Subject for watchdog mails. Defaults to "Watchdog ALERT" followed by the error message.' >> mailcow.conf
-      echo "#WATCHDOG_SUBJECT=" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "WATCHDOG_EXTERNAL_CHECKS" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Checks if mailcow is an open relay. Requires a SAL. More checks will follow.' >> mailcow.conf
-      echo '# No data is collected. Opt-in and anonymous.' >> mailcow.conf
-      echo '# Will only work with unmodified mailcow setups.' >> mailcow.conf
-      echo "WATCHDOG_EXTERNAL_CHECKS=n" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "SOGO_EXPIRE_SESSION" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# SOGo session timeout in minutes' >> mailcow.conf
-      echo "SOGO_EXPIRE_SESSION=480" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "REDIS_PORT" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo "REDIS_PORT=127.0.0.1:7654" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "DOVECOT_MASTER_USER" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# DOVECOT_MASTER_USER and _PASS must _both_ be provided. No special chars.' >> mailcow.conf
-      echo '# Empty by default to auto-generate master user and password on start.' >> mailcow.conf
-      echo '# User expands to DOVECOT_MASTER_USER@mailcow.local' >> mailcow.conf
-      echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
-      echo "DOVECOT_MASTER_USER=" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "DOVECOT_MASTER_PASS" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
-      echo "DOVECOT_MASTER_PASS=" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "MAILCOW_PASS_SCHEME" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Password hash algorithm' >> mailcow.conf
-      echo '# Only certain password hash algorithm are supported. For a fully list of supported schemes,' >> mailcow.conf
-      echo '# see https://docs.mailcow.email/models/model-passwd/' >> mailcow.conf
-      echo "MAILCOW_PASS_SCHEME=BLF-CRYPT" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "ADDITIONAL_SERVER_NAMES" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Additional server names for mailcow UI' >> mailcow.conf
-      echo '#' >> mailcow.conf
-      echo '# Specify alternative addresses for the mailcow UI to respond to' >> mailcow.conf
-      echo '# This is useful when you set mail.* as ADDITIONAL_SAN and want to make sure mail.maildomain.com will always point to the mailcow UI.' >> mailcow.conf
-      echo '# If the server name does not match a known site, Nginx decides by best-guess and may redirect users to the wrong web root.' >> mailcow.conf
-      echo '# You can understand this as server_name directive in Nginx.' >> mailcow.conf
-      echo '# Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f' >> mailcow.conf
-      echo 'ADDITIONAL_SERVER_NAMES=' >> mailcow.conf
-    fi
-
-  elif [[ "${option}" == "AUTODISCOVER_SAN" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Obtain certificates for autodiscover.* and autoconfig.* domains.' >> mailcow.conf
-      echo '# This can be useful to switch off in case you are in a scenario where a reverse proxy already handles those.' >> mailcow.conf
-      echo '# There are mixed scenarios where ports 80,443 are occupied and you do not want to share certs' >> mailcow.conf
-      echo '# between services. So acme-mailcow obtains for maildomains and all web-things get handled' >> mailcow.conf
-      echo '# in the reverse proxy.' >> mailcow.conf
-      echo 'AUTODISCOVER_SAN=y' >> mailcow.conf
-    fi
-  elif [[ "${option}" == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo "# WebAuthn device manufacturer verification" >> mailcow.conf
-      echo '# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed' >> mailcow.conf
-      echo '# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates' >> mailcow.conf
-      echo 'WEBAUTHN_ONLY_TRUSTED_VENDORS=n' >> mailcow.conf
-    fi
-  elif [[ "${option}" == "SPAMHAUS_DQS_KEY" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo "# Spamhaus Data Query Service Key" >> mailcow.conf
-      echo '# Optional: Leave empty for none' >> mailcow.conf
-      echo '# Enter your key here if you are using a blocked ASN (OVH, AWS, Cloudflare e.g) for the unregistered Spamhaus Blocklist.' >> mailcow.conf
-      echo '# If empty, it will completely disable Spamhaus blocklists if it detects that you are running on a server using a blocked AS.' >> mailcow.conf
-      echo '# Otherwise it will work as usual.' >> mailcow.conf
-      echo 'SPAMHAUS_DQS_KEY=' >> mailcow.conf
-    fi
-  elif [[ "${option}" == "WATCHDOG_VERBOSE" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Enable watchdog verbose logging' >> mailcow.conf
-      echo 'WATCHDOG_VERBOSE=n' >> mailcow.conf
-    fi
-  elif [[ "${option}" == "SKIP_UNBOUND_HEALTHCHECK" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n' >> mailcow.conf
-      echo 'SKIP_UNBOUND_HEALTHCHECK=n' >> mailcow.conf
-    fi
-  elif [[ "${option}" == "DISABLE_NETFILTER_ISOLATION_RULE" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Prevent netfilter from setting an iptables/nftables rule to isolate the mailcow docker network - y/n' >> mailcow.conf
-      echo '# CAUTION: Disabling this may expose container ports to other neighbors on the same subnet, even if the ports are bound to localhost' >> mailcow.conf
-      echo 'DISABLE_NETFILTER_ISOLATION_RULE=n' >> mailcow.conf
-    fi
-  elif [[ "${option}" == "SKIP_CLAMD" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n' >> mailcow.conf
-      echo 'SKIP_CLAMD=n' >> mailcow.conf
-    fi
-  elif [[ "${option}" == "SKIP_OLEFY" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Skip Olefy (olefy-mailcow) anti-virus for Office documents (Rspamd will auto-detect a missing Olefy container) - y/n' >> mailcow.conf
-      echo 'SKIP_OLEFY=n' >> mailcow.conf
-    fi
-  elif [[ "${option}" == "REDISPASS" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo -e '\n# ------------------------------' >> mailcow.conf
-      echo '# REDIS configuration' >> mailcow.conf
-      echo -e '# ------------------------------\n' >> mailcow.conf
-      echo "REDISPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)" >> mailcow.conf
-    fi
-  elif ! grep -q "${option}" mailcow.conf; then
-    echo "Adding new option \"${option}\" to mailcow.conf"
-    echo "${option}=n" >> mailcow.conf
-  fi
-done
-
 if [[ ("${SKIP_PING_CHECK}" == "y") ]]; then
 echo -e "\e[32mSkipping Ping Check...\e[0m"
 
@@ -1422,16 +298,38 @@ elif [ "$NEW_BRANCH" == "legacy" ] && [ "$CURRENT_BRANCH" != "legacy" ]; then
 fi
 
 if [ ! "$DEV" ]; then
+  EXIT_COUNT=0
   echo -e "\e[32mChecking for newer update script...\e[0m"
   SHA1_1="$(sha1sum update.sh)"
-  git fetch origin #${BRANCH}
-  git checkout "origin/${BRANCH}" update.sh
-  SHA1_2=$(sha1sum update.sh)
+  git fetch origin
+  git checkout "origin/${BRANCH}" -- update.sh
+  SHA1_2="$(sha1sum update.sh)"
   if [[ "${SHA1_1}" != "${SHA1_2}" ]]; then
-    echo "update.sh changed, please run this script again, exiting."
     chmod +x update.sh
+    EXIT_COUNT+=1
+  fi
+
+  MODULE_DIR="$(dirname "$0")/_modules"
+  echo -e "\e[32mChecking for updates in _modules...\e[0m"
+  if [ ! -d "${MODULE_DIR}" ] || [ -z "$(ls -A "${MODULE_DIR}")" ]; then
+    echo -e "\e[33m_modules missing or empty — fetching from origin...\e[0m"
+    git checkout "origin/${BRANCH}" -- _modules
+  else
+    OLD_SUM="$(find "${MODULE_DIR}" -type f -exec sha1sum {} \; | sort | sha1sum)"
+    git fetch origin
+    git checkout "origin/${BRANCH}" -- _modules
+    NEW_SUM="$(find "${MODULE_DIR}" -type f -exec sha1sum {} \; | sort | sha1sum)"
+
+    if [[ "${OLD_SUM}" != "${NEW_SUM}" ]]; then
+      EXIT_COUNT+=1
+    fi
+  fi
+
+  if [ ${EXIT_COUNT} -ge 1 ]; then
+    echo "Changes for the update Script, please run this script again, exiting!"
     exit 2
   fi
+
 fi
 
 if [ ! "$FORCE" ]; then
@@ -1441,11 +339,8 @@ if [ ! "$FORCE" ]; then
     exit 0
   fi
   detect_major_update
-  migrate_docker_nat
 fi
 
-remove_obsolete_nginx_ports
-
 echo -e "\e[32mValidating docker-compose stack configuration...\e[0m"
 sed -i 's/HTTPS_BIND:-:/HTTPS_BIND:-/g' docker-compose.yml
 sed -i 's/HTTP_BIND:-:/HTTP_BIND:-/g' docker-compose.yml
@@ -1483,28 +378,28 @@ for container in "${MAILCOW_CONTAINERS[@]}"; do
   docker rm -f "$container" 2> /dev/null
 done
 
+configure_ipv6
+
 [[ -f data/conf/nginx/ZZZ-ejabberd.conf ]] && rm data/conf/nginx/ZZZ-ejabberd.conf
-migrate_solr_config_options
+migrate_config_options
 adapt_new_options
-remove_obsolete_options
 
-# Silently fixing remote url from andryyy to mailcow
-# git remote set-url origin https://github.com/mailcow/mailcow-dockerized
-
-DEFAULT_REPO="https://github.com/mailcow/mailcow-dockerized"
-CURRENT_REPO=$(git config --get remote.origin.url)
-if [ "$CURRENT_REPO" != "$DEFAULT_REPO" ]; then
-  echo "The Repository currently used is not the default Mailcow Repository."
-  echo "Currently Repository: $CURRENT_REPO"
-  echo "Default Repository:   $DEFAULT_REPO"
-  if [ ! "$FORCE" ]; then
-    read -r -p "Should it be changed back to default? [y/N] " repo_response
-    if [[ "$repo_response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-      git remote set-url origin $DEFAULT_REPO
+if [ ! "$DEV" ]; then
+  DEFAULT_REPO="https://github.com/mailcow/mailcow-dockerized"
+  CURRENT_REPO=$(git config --get remote.origin.url)
+  if [ "$CURRENT_REPO" != "$DEFAULT_REPO" ]; then
+    echo "The Repository currently used is not the default mailcow Repository."
+    echo "Currently Repository: $CURRENT_REPO"
+    echo "Default Repository:   $DEFAULT_REPO"
+    if [ ! "$FORCE" ]; then
+      read -r -p "Should it be changed back to default? [y/N] " repo_response
+      if [[ "$repo_response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+        git remote set-url origin $DEFAULT_REPO
+      fi
+    else
+        echo "Running in forced mode... setting Repo to default!"
+        git remote set-url origin $DEFAULT_REPO
     fi
-  else
-      echo "Running in forced mode... setting Repo to default!"
-      git remote set-url origin $DEFAULT_REPO
   fi
 fi
 
@@ -1538,7 +433,7 @@ if [ ! "$DEV" ]; then
     echo "Run $COMPOSE_COMMAND up -d to restart your stack without updates or try again after fixing the mentioned errors."
     exit 1
   fi
-elif [ "$DEV" ]; then
+else
   echo -e "\e[33mDEVELOPER MODE: Not creating a git diff and commiting it to prevent development stuff within a backup diff...\e[0m"
 fi
 

From ef5739c32fcf2607d19255fd9ca820e136e975a7 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 6 Aug 2025 08:39:21 +0200
Subject: [PATCH 611/755] add 2025-08 as breaking major release

---
 _modules/scripts/core.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/_modules/scripts/core.sh b/_modules/scripts/core.sh
index 42133aa6b..ab67f25c6 100644
--- a/_modules/scripts/core.sh
+++ b/_modules/scripts/core.sh
@@ -185,6 +185,7 @@ detect_major_update() {
     MAJOR_VERSIONS=(
       "2025-02"
       "2025-03"
+      "2025-08"
     )
 
     current_version=""

From e91d678bd16156ca80e63c16b559a5acd0946830 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 6 Aug 2025 09:36:05 +0200
Subject: [PATCH 612/755] fix docker version detection

---
 _modules/scripts/ipv6_controller.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_modules/scripts/ipv6_controller.sh b/_modules/scripts/ipv6_controller.sh
index 7fe7d3cbd..de5272048 100644
--- a/_modules/scripts/ipv6_controller.sh
+++ b/_modules/scripts/ipv6_controller.sh
@@ -41,7 +41,7 @@ docker_daemon_edit(){
     ! _has_kv ipv6 true       && MISSING+=("ipv6: true")
     ! grep -Eq '"fixed-cidr-v6"\s*:\s*".+"' "$DOCKER_DAEMON_CONFIG" \
                               && MISSING+=('fixed-cidr-v6: "fd00:dead:beef:c0::/80"')
-    if [[ -n "$DOCKER_MAJOR" && "$DOCKER_MAJOR" -ge 27 ]]; then
+    if [[ -n "$DOCKER_MAJOR" && "$DOCKER_MAJOR" -le 27 ]]; then
       _has_kv ipv6 true && ! _has_kv ip6tables true && MISSING+=("ip6tables: true")
       ! _has_kv experimental true                 && MISSING+=("experimental: true")
     fi

From 842cb235b610c54f7eb5ae9337ca36cfe997fb40 Mon Sep 17 00:00:00 2001
From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com>
Date: Wed, 6 Aug 2025 09:38:22 +0200
Subject: [PATCH 613/755] [Rspamd] Fill module name for set_pre_result actions
 (#6630)

* [Rspamd] Fill module name for postmaster handler

* Update rspamd.local.lua
---
 data/conf/rspamd/lua/rspamd.local.lua | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/conf/rspamd/lua/rspamd.local.lua b/data/conf/rspamd/lua/rspamd.local.lua
index 5f23ef6b8..5fe66f75f 100644
--- a/data/conf/rspamd/lua/rspamd.local.lua
+++ b/data/conf/rspamd/lua/rspamd.local.lua
@@ -102,7 +102,7 @@ rspamd_config:register_symbol({
       local rcpt_split = rspamd_str_split(rcpt['addr'], '@')
       if #rcpt_split == 2 then
         if rcpt_split[1] == 'postmaster' then
-          task:set_pre_result('accept', 'whitelisting postmaster smtp rcpt')
+          task:set_pre_result('accept', 'whitelisting postmaster smtp rcpt', 'postmaster')
           return
         end
       end
@@ -167,7 +167,7 @@ rspamd_config:register_symbol({
         for k,v in pairs(data) do
           if (v and v ~= userdata and v == '1') then
             rspamd_logger.infox(rspamd_config, "found ip in keep_spam map, setting pre-result")
-            task:set_pre_result('accept', 'ip matched with forward hosts')
+            task:set_pre_result('accept', 'ip matched with forward hosts', 'keep_spam')
           end
         end
       end

From 1e42b8dd21fb021e1ddcbb2cae94f79146fe4d39 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Wed, 6 Aug 2025 09:40:47 +0200
Subject: [PATCH 614/755] [Web] Add delimiter_action to mailbox and
 mailbox_template add/edit admin forms (#6620)

---
 data/web/edit.php                             |   1 +
 data/web/inc/functions.mailbox.inc.php        |  17 ++
 data/web/inc/vars.inc.php                     | 148 +++++++++---------
 data/web/js/site/mailbox.js                   |  18 +++
 .../web/templates/edit/mailbox-templates.twig |  17 ++
 data/web/templates/edit/mailbox.twig          |  31 +++-
 data/web/templates/modals/mailbox.twig        |  34 ++++
 7 files changed, 193 insertions(+), 73 deletions(-)

diff --git a/data/web/edit.php b/data/web/edit.php
index 9a1e5a5c1..7ce4d0c6a 100644
--- a/data/web/edit.php
+++ b/data/web/edit.php
@@ -125,6 +125,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
           'mailbox' => $mailbox,
           'rl' => $rl,
           'pushover_data' => $pushover_data,
+          'get_tagging_options' => mailbox('get', 'delimiter_action', $mailbox),
           'quarantine_notification' => $quarantine_notification,
           'quarantine_category' => $quarantine_category,
           'get_tls_policy' => $get_tls_policy,
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index d5daeddcd..6ea4f5717 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1223,6 +1223,14 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           $stmt->execute(array(
             ':username' => $username
           ));
+          // save delimiter_action
+          if (isset($_data['tagged_mail_handler'])) {
+            mailbox('edit', 'delimiter_action', array(
+              'username' => $username,
+              'tagged_mail_handler' => $_data['tagged_mail_handler']
+            ));
+          }
+
           // save tags
           foreach($tags as $index => $tag){
             if (empty($tag)) continue;
@@ -1613,6 +1621,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           $attr = array();
           $attr["quota"]                       = isset($_data['quota']) ? intval($_data['quota']) * 1048576 : 0;
           $attr['tags']                        = (isset($_data['tags'])) ? $_data['tags'] : array();
+          $attr["tagged_mail_handler"]         = (!empty($_data['tagged_mail_handler'])) ? $_data['tagged_mail_handler'] : strval($MAILBOX_DEFAULT_ATTRIBUTES['tagged_mail_handler']);
           $attr["quarantine_notification"]     = (!empty($_data['quarantine_notification'])) ? $_data['quarantine_notification'] : strval($MAILBOX_DEFAULT_ATTRIBUTES['quarantine_notification']);
           $attr["quarantine_category"]         = (!empty($_data['quarantine_category'])) ? $_data['quarantine_category'] : strval($MAILBOX_DEFAULT_ATTRIBUTES['quarantine_category']);
           $attr["rl_frame"]                    = (!empty($_data['rl_frame'])) ? $_data['rl_frame'] : "s";
@@ -3259,6 +3268,13 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               );
               return false;
             }
+            // save delimiter_action
+            if (isset($_data['tagged_mail_handler'])) {
+              mailbox('edit', 'delimiter_action', array(
+                'username' => $username,
+                'tagged_mail_handler' => $_data['tagged_mail_handler']
+              ));
+            }
             // save tags
             foreach($tags as $index => $tag){
               if (empty($tag)) continue;
@@ -3604,6 +3620,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             $attr = array();
             $attr["quota"]                       = isset($_data['quota']) ? intval($_data['quota']) * 1048576 : 0;
             $attr['tags']                        = (isset($_data['tags'])) ? $_data['tags'] : $is_now['tags'];
+            $attr["tagged_mail_handler"]         = (!empty($_data['tagged_mail_handler'])) ? $_data['tagged_mail_handler'] : $is_now['tagged_mail_handler'];
             $attr["quarantine_notification"]     = (!empty($_data['quarantine_notification'])) ? $_data['quarantine_notification'] : $is_now['quarantine_notification'];
             $attr["quarantine_category"]         = (!empty($_data['quarantine_category'])) ? $_data['quarantine_category'] : $is_now['quarantine_category'];
             $attr["rl_frame"]                    = (!empty($_data['rl_frame'])) ? $_data['rl_frame'] : $is_now['rl_frame'];
diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php
index 671e20334..568105308 100644
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@@ -186,6 +186,12 @@ $MAILBOX_DEFAULT_ATTRIBUTES['force_pw_update'] = false;
 // Enable SOGo access - Users will be redirected to SOGo after login (set to false to disable redirect by default)
 $MAILBOX_DEFAULT_ATTRIBUTES['sogo_access'] = true;
 
+// How to handle tagged emails
+// none      - No special handling
+// subfolder - Create subfolder under INBOX (e.g. "INBOX/Facebook")
+// subject   - Add tag to subject (e.g. "[Facebook] Subject")
+$MAILBOX_DEFAULT_ATTRIBUTES['tagged_mail_handler'] = "none";
+
 // Send notification when quarantine is not empty (never, hourly, daily, weekly)
 $MAILBOX_DEFAULT_ATTRIBUTES['quarantine_notification'] = 'hourly';
 
@@ -257,57 +263,57 @@ $RSPAMD_MAPS = array(
 
 $IMAPSYNC_OPTIONS = array(
   'whitelist' => array(
-    'abort',     
-    'authmd51',        
-    'authmd52',           
+    'abort',
+    'authmd51',
+    'authmd52',
     'authmech1',
     'authmech2',
-    'authuser1', 
-    'authuser2', 
-    'debug',   
-    'debugcontent', 
-    'debugcrossduplicates', 
-    'debugflags',    
-    'debugfolders',            
-    'debugimap',    
-    'debugimap1',     
-    'debugimap2',   
-    'debugmemory',       
-    'debugssl',              
+    'authuser1',
+    'authuser2',
+    'debug',
+    'debugcontent',
+    'debugcrossduplicates',
+    'debugflags',
+    'debugfolders',
+    'debugimap',
+    'debugimap1',
+    'debugimap2',
+    'debugmemory',
+    'debugssl',
     'delete1emptyfolders',
-    'delete2folders',    
-    'disarmreadreceipts', 
+    'delete2folders',
+    'disarmreadreceipts',
     'domain1',
     'domain2',
-    'domino1',   
-    'domino2',  
+    'domino1',
+    'domino2',
     'dry',
     'errorsmax',
-    'exchange1',   
-    'exchange2',   
+    'exchange1',
+    'exchange2',
     'exitwhenover',
     'expunge1',
-    'f1f2',  
-    'filterbuggyflags',  
+    'f1f2',
+    'filterbuggyflags',
     'folder',
     'folderfirst',
     'folderlast',
     'folderrec',
-    'gmail1',     
-    'gmail2',    
-    'idatefromheader',   
+    'gmail1',
+    'gmail2',
+    'idatefromheader',
     'include',
     'inet4',
     'inet6',
-    'justconnect',  
-    'justfolders',  
-    'justfoldersizes',  
-    'justlogin',   
-    'keepalive1',   
-    'keepalive2',   
+    'justconnect',
+    'justfolders',
+    'justfoldersizes',
+    'justlogin',
+    'keepalive1',
+    'keepalive2',
     'log',
     'logdir',
-    'logfile',        
+    'logfile',
     'maxbytesafter',
     'maxlinelength',
     'maxmessagespersecond',
@@ -315,62 +321,62 @@ $IMAPSYNC_OPTIONS = array(
     'maxsleep',
     'minage',
     'minsize',
-    'noabletosearch', 
-    'noabletosearch1',  
-    'noabletosearch2',   
-    'noexpunge1',        
-    'noexpunge2',   
+    'noabletosearch',
+    'noabletosearch1',
+    'noabletosearch2',
+    'noexpunge1',
+    'noexpunge2',
     'nofoldersizesatend',
-    'noid',       
-    'nolog',  
-    'nomixfolders',          
-    'noresyncflags',   
-    'nossl1',   
-    'nossl2',            
-    'nosyncacls',      
-    'notls1', 
-    'notls2',              
-    'nouidexpunge2',   
-    'nousecache',      
+    'noid',
+    'nolog',
+    'nomixfolders',
+    'noresyncflags',
+    'nossl1',
+    'nossl2',
+    'nosyncacls',
+    'notls1',
+    'notls2',
+    'nouidexpunge2',
+    'nousecache',
     'oauthaccesstoken1',
     'oauthaccesstoken2',
     'oauthdirect1',
     'oauthdirect2',
-    'office1',    
-    'office2',      
-    'pidfile', 
-    'pidfilelocking', 
+    'office1',
+    'office2',
+    'pidfile',
+    'pidfilelocking',
     'prefix1',
     'prefix2',
-    'proxyauth1',  
-    'proxyauth2',         
-    'resyncflags',     
-    'resynclabels',     
-    'search', 
+    'proxyauth1',
+    'proxyauth2',
+    'resyncflags',
+    'resynclabels',
+    'search',
     'search1',
-    'search2', 
+    'search2',
     'sep1',
     'sep2',
     'showpasswords',
     'skipemptyfolders',
-    'ssl2',            
+    'ssl2',
     'sslargs1',
-    'sslargs2', 
+    'sslargs2',
     'subfolder1',
-    'subscribe',   
+    'subscribe',
     'subscribed',
     'syncacls',
     'syncduplicates',
     'syncinternaldates',
-    'synclabels', 
-    'tests',     
-    'testslive',       
-    'testslive6',     
-    'tls2',             
-    'truncmess',  
-    'usecache', 
-    'useheader',  
-    'useuid'    
+    'synclabels',
+    'tests',
+    'testslive',
+    'testslive6',
+    'tls2',
+    'truncmess',
+    'usecache',
+    'useheader',
+    'useuid'
   ),
   'blacklist' => array(
     'skipmess',
diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index 28e6fd284..135ec764a 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -269,6 +269,24 @@ $(document).ready(function() {
   function setMailboxTemplateData(template){
     $("#addInputQuota").val(template.quota / 1048576);
 
+    if (template.tagged_mail_handler === "subfolder"){
+      $('#tagged_mail_handler_subfolder').prop('checked', true);
+      $('#tagged_mail_handler_subject').prop('checked', false);
+      $('#tagged_mail_handler_none').prop('checked', false);
+    } else if(template.tagged_mail_handler === "subject"){
+      $('#tagged_mail_handler_subfolder').prop('checked', false);
+      $('#tagged_mail_handler_subject').prop('checked', true);
+      $('#tagged_mail_handler_none').prop('checked', false);
+    } else if(template.tagged_mail_handler === "none"){
+      $('#tagged_mail_handler_subfolder').prop('checked', false);
+      $('#tagged_mail_handler_subject').prop('checked', false);
+      $('#tagged_mail_handler_none').prop('checked', true);
+    } else {
+      $('#tagged_mail_handler_subfolder').prop('checked', false);
+      $('#tagged_mail_handler_subject').prop('checked', false);
+      $('#tagged_mail_handler_none').prop('checked', true);
+    }
+
     if (template.quarantine_notification === "never"){
       $('#quarantine_notification_never').prop('checked', true);
       $('#quarantine_notification_hourly').prop('checked', false);
diff --git a/data/web/templates/edit/mailbox-templates.twig b/data/web/templates/edit/mailbox-templates.twig
index 6d150b263..65a83cd2a 100644
--- a/data/web/templates/edit/mailbox-templates.twig
+++ b/data/web/templates/edit/mailbox-templates.twig
@@ -36,6 +36,23 @@
         <small class="text-muted">0 = ∞</small>
       </div>
     </div>
+    <div class="row mb-2">
+      <label class="control-label col-sm-2">{{ lang.user.tag_handling }}</label>
+      <div class="col-sm-10">
+        <div class="btn-group">
+          <input type="radio" class="btn-check" name="tagged_mail_handler" id="tagged_mail_handler_subfolder" autocomplete="off" value="subfolder" {% if template.attributes.tagged_mail_handler == 'subfolder' %}checked{% endif %}>
+          <label class="btn btn-sm btn-xs-quart d-block d-sm-inline btn-light" for="tagged_mail_handler_subfolder">{{ lang.user.tag_in_subfolder }}</label>
+
+          <input type="radio" class="btn-check" name="tagged_mail_handler" id="tagged_mail_handler_subject" autocomplete="off" value="subject" {% if template.attributes.tagged_mail_handler == 'subject' %}checked{% endif %}>
+          <label class="btn btn-sm btn-xs-quart d-block d-sm-inline btn-light" for="tagged_mail_handler_subject">{{ lang.user.tag_in_subject }}</label>
+
+          <input type="radio" class="btn-check" name="tagged_mail_handler" id="tagged_mail_handler_none" autocomplete="off" value="none" {% if template.attributes.tagged_mail_handler == 'none' %}checked{% endif %}>
+          <label class="btn btn-sm btn-xs-quart d-block d-sm-inline btn-light" for="tagged_mail_handler_none">{{ lang.user.tag_in_none }}</label>
+        </div>
+        <p class="text-muted"><small>{{ lang.user.tag_help_explain|raw }}</small></p>
+        <p class="text-muted"><small>{{ lang.user.tag_help_example|raw }}</small></p>
+      </div>
+    </div>
     <div class="row mb-2">
       <label class="control-label col-sm-2">{{ lang.user.quarantine_notification }}</label>
       <div class="col-sm-10">
diff --git a/data/web/templates/edit/mailbox.twig b/data/web/templates/edit/mailbox.twig
index 32a3706c1..12c1f3b93 100644
--- a/data/web/templates/edit/mailbox.twig
+++ b/data/web/templates/edit/mailbox.twig
@@ -117,7 +117,7 @@
                   <div class="row mb-2">
                     <label class="control-label col-sm-2" for="relayhost">{{ lang.edit.relayhost }}</label>
                     <div class="col-sm-10">
-                      <select data-acl="{{ acl.mailbox_relayhost }}" data-live-search="true" id="relayhost" name="relayhost" class="form-control mb-4">
+                      <select data-acl="{{ acl.mailbox_relayhost }}" data-live-search="true" id="relayhost" name="relayhost" class="form-control">
                         {% for rlyhost in rlyhosts %}
                           <option
                             style="{% if rlyhost.active != '1' %}background: #ff4136; color: #fff{% endif %}"
@@ -131,7 +131,34 @@
                         </option>
                       </select>
                       <p class="d-block d-sm-none" style="margin: 0;padding: 0">&nbsp;</p>
-                      <small class="text-muted d-block">{{ lang.edit.mailbox_relayhost_info }}</small>
+                      <small class="text-muted d-block mb-4">{{ lang.edit.mailbox_relayhost_info }}</small>
+                    </div>
+                  </div>
+                  <div class="row mb-2">
+                    <label class="control-label col-sm-2">{{ lang.user.tag_handling }}</label>
+                    <div class="col-sm-10">
+                      <div class="btn-group" data-acl="{{ acl.delimiter_action }}">
+                        <button type="button" class="btn btn-sm btn-xs-third d-block d-sm-inline{% if get_tagging_options == 'subfolder' %} btn-dark{% else %} btn-light{% endif %}"
+                        data-action="edit_selected"
+                        data-item="{{ mailbox }}"
+                        data-id="delimiter_action"
+                        data-api-url='edit/delimiter_action'
+                        data-api-attr='{"tagged_mail_handler":"subfolder"}'>{{ lang.user.tag_in_subfolder }}</button>
+                        <button type="button" class="btn btn-sm btn-xs-third d-block d-sm-inline{% if get_tagging_options == 'subject' %} btn-dark{% else %} btn-light{% endif %}"
+                        data-action="edit_selected"
+                        data-item="{{ mailbox }}"
+                        data-id="delimiter_action"
+                        data-api-url='edit/delimiter_action'
+                        data-api-attr='{"tagged_mail_handler":"subject"}'>{{ lang.user.tag_in_subject }}</button>
+                        <button type="button" class="btn btn-sm btn-xs-third d-block d-sm-inline{% if get_tagging_options == 'none' %} btn-dark{% else %} btn-light{% endif %}"
+                        data-action="edit_selected"
+                        data-item="{{ mailbox }}"
+                        data-id="delimiter_action"
+                        data-api-url='edit/delimiter_action'
+                        data-api-attr='{"tagged_mail_handler":"none"}'>{{ lang.user.tag_in_none }}</button>
+                      </div>
+                      <p class="text-muted"><small>{{ lang.user.tag_help_explain|raw }}</small></p>
+                      <p class="text-muted"><small>{{ lang.user.tag_help_example|raw }}</small></p>
                     </div>
                   </div>
                   <div class="row mb-2">
diff --git a/data/web/templates/modals/mailbox.twig b/data/web/templates/modals/mailbox.twig
index 85091da41..0c164332b 100644
--- a/data/web/templates/modals/mailbox.twig
+++ b/data/web/templates/modals/mailbox.twig
@@ -76,6 +76,23 @@
               <div class="badge fs-5 bg-warning addInputQuotaExhausted" style="display:none;">{{ lang.warning.quota_exceeded_scope }}</div>
             </div>
           </div>
+          <div class="row mb-2">
+            <label class="control-label col-sm-2 text-sm-end text-sm-end">{{ lang.user.tag_handling }}</label>
+            <div class="col-sm-10">
+              <div class="btn-group">
+                <input type="radio" class="btn-check" name="tagged_mail_handler" id="tagged_mail_handler_subfolder" autocomplete="off" value="subfolder">
+                <label class="btn btn-sm btn-xs-quart d-block d-sm-inline btn-light" for="tagged_mail_handler_subfolder">{{ lang.user.tag_in_subfolder }}</label>
+
+                <input type="radio" class="btn-check" name="tagged_mail_handler" id="tagged_mail_handler_subject" autocomplete="off" value="subject">
+                <label class="btn btn-sm btn-xs-quart d-block d-sm-inline btn-light" for="tagged_mail_handler_subject">{{ lang.user.tag_in_subject }}</label>
+
+                <input type="radio" class="btn-check" name="tagged_mail_handler" id="tagged_mail_handler_none" autocomplete="off" value="none">
+                <label class="btn btn-sm btn-xs-quart d-block d-sm-inline btn-light" for="tagged_mail_handler_none">{{ lang.user.tag_in_none }}</label>
+              </div>
+              <p class="text-muted"><small>{{ lang.user.tag_help_explain|raw }}</small></p>
+              <p class="text-muted"><small>{{ lang.user.tag_help_example|raw }}</small></p>
+            </div>
+          </div>
           <div class="row mb-2">
             <label class="control-label col-sm-2 text-sm-end text-sm-end">{{ lang.user.quarantine_notification }}</label>
             <div class="col-sm-10">
@@ -246,6 +263,23 @@
               <small class="text-muted">0 = ∞</small>
             </div>
           </div>
+          <div class="row mb-2">
+            <label class="control-label col-sm-2 text-sm-end text-sm-end">{{ lang.user.tag_handling }}</label>
+            <div class="col-sm-10">
+              <div class="btn-group">
+                <input type="radio" class="btn-check" name="tagged_mail_handler" id="template_tagged_mail_handler_subfolder" autocomplete="off" value="subfolder">
+                <label class="btn btn-sm btn-xs-quart d-block d-sm-inline btn-light" for="template_tagged_mail_handler_subfolder">{{ lang.user.tag_in_subfolder }}</label>
+
+                <input type="radio" class="btn-check" name="tagged_mail_handler" id="template_tagged_mail_handler_subject" autocomplete="off" value="subject">
+                <label class="btn btn-sm btn-xs-quart d-block d-sm-inline btn-light" for="template_tagged_mail_handler_subject">{{ lang.user.tag_in_subject }}</label>
+
+                <input type="radio" class="btn-check" name="tagged_mail_handler" id="template_tagged_mail_handler_none" autocomplete="off" value="none">
+                <label class="btn btn-sm btn-xs-quart d-block d-sm-inline btn-light" for="template_tagged_mail_handler_none">{{ lang.user.tag_in_none }}</label>
+              </div>
+              <p class="text-muted"><small>{{ lang.user.tag_help_explain|raw }}</small></p>
+              <p class="text-muted"><small>{{ lang.user.tag_help_example|raw }}</small></p>
+            </div>
+          </div>
           <div class="row mb-2">
             <label class="control-label col-sm-2 text-sm-end text-sm-end">{{ lang.user.quarantine_notification }}</label>
             <div class="col-sm-10">

From 8cdb0b869e4a239ba760c5b294343f5cad44b043 Mon Sep 17 00:00:00 2001
From: CodeShell <122738806+CodeShellDev@users.noreply.github.com>
Date: Wed, 6 Aug 2025 09:42:43 +0200
Subject: [PATCH 615/755] fixed favicon.png (#6570)

---
 data/web/favicon.png | Bin 15428 -> 17611 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/data/web/favicon.png b/data/web/favicon.png
index 69eb2fcd1f25c33001a6e67f9b2a257a5fc5c8d9..5413613598da70cb968f7597c796422a6f3b9fa4 100644
GIT binary patch
literal 17611
zcmdsf`9G9h`2Rgpgz!{CNGgiSk|ax(l7tWj*_D0Ep507O;Yp|nWiKRSD{IzK9($H#
ztl8H{b_QeSdri;h^ZNV`-+rmr%W>{=pL4G3dN0@AliS*AhnS8tAqa9v{pNK&1fhd}
z(jklo;IDPRo*np$-u|lARRsAM9ki<(iy$Wv_3KwLe#wi&j?ei9UXN_e+KdRgEe4`$
zmUe6JxfW%8%<N)l`^&SL)%33ij|Jtgy>T<_XO(yHcR@>CwDFA<^}HF~{37hM<{8`9
z$uGjD?x<`=9#<~3al2FX@V-?1f!oYZDh4y=lFyWWh@^9#-?ACbt8AlkerA-u?KU%{
zY*f?PKFxa&*7g6%AF&Hb!*z+T)1p~krLMNiTDujcR;YGIX-M6T5{i_%XWJBY>qCnx
z9pdg|_%X7>)X}6j_418bm$y2RUp*$zo+T&Bj_gjyc{MiQw@czVf&9{JZ4XpnQxCXx
zgROa9vE|3vpK{hFXP+a;b8ctO{I3G1`AUiyY`>aDcoB|=Jh&T@VbcHnp*;2J#G-WC
zu6$8|;SDyPCpxPL5)@HdB)R$i!i+(~PW@+bQL1sg(LqUOWRt&Dp6b$Rxprl3OK{KN
zw7+o*GlJ8$wpIG@WcwXH6sx$(-!3Y(OVVOPT67G|<`%byBzG8Y%%s}!^CP%|dy8))
zw`)w2gMxnzEMtmUhe{AD>=|rG(JUeUE7dOYzEiIU3c;PpIX~dGUAx`1C!dhr8~EWJ
zJuXz?^MfSP=*xA7i_r`SQt)p_TO!qG`NwMc*HOLX&2tM($fn@*%-#sK{wDR&8LUDR
z+~%m_-dZ!vs^w;ou-xl+iayAzKu7oH03v^2W036P1q4wJ=p7vR*AHvG{+c<^+*yA=
z?jm+j{;!w6(zstUeDBGgnYJY>OUiN=hJ5}!cwGa}GYG*UnHrf;NX0ta#zwrv*v1yw
zTy~G*&+WRidzpbyy?QZ0au#u)(IJ|$1Z?@;c=oB+q9!)Ey8Cgpm7Wk+f)Q`5Fl!r{
zrDcl2#<Qk-kY5TxMB7>o#hZKMZP8vuasGnS#)98UT%_{PTsduO>iC;Gzcn=~jgRcP
zu90!617-DFJb)5+VMfU}fA_2U+TLn_+so0wjOtXL>5Y+-;;&w^XzoW4xwQQA=Zs~u
z{I)Y=reie>wM7nQXKv*0dI@n3HSMID%MLYj%J0Wj5azb!8((1)3kpjw?uZOi*`~He
z%L?idr0YUVgyG1ps~~zIuzl2I*IuPFj~sWykllrJdh4rZ7Ek0iuZ8(rF)n#?d!w=W
zF8!WO2vQ=EJJ-)&5J=LDxiEA2*ycKU_(pBnI5HMEQ!aS%d2PO?i>>zfo5IU`Cm0cA
z@f~@EpzAub@s6+4WG`bofg!wb!{^YSRr!DATC>a}<ZH&n=^Q;lJ}v+&Dit{!@^=0#
zwKk_oO43@xiTb^?w%`q76-i0hC|_4?S#5d@Cu)RGCOr|!P8s>(ocs~HWMYIW;6`RB
zZ~b!Pwt1q`dR(v81u*(uEvuZuFd)iRB3QDU9t(DIxh(l-aajP-9#!Cfrn7DD^1IKr
zAvIq<1e8$(xd}a1k9=BI4~8<Nou!A(wb&-H8SG6_z49bQq80I9x@yE!v3-MR!lEw`
zvC5Aubs~*mJ*MvZZ!5-?T{$h@x6nN`e-TAn-mC~e^$p%W<foxc<li5g;+Cq6Ln-o8
z)4Rvfu@%-U)7|<;JA1hYaNE?bwfC8(JhHk4B?ciML#jTvZM>JNFtsT7DAZ@hf{NRp
zEr%c`Ne0^){Fz*o)W1KTja#T$nNZ?9u;d|=yLGv6J<#Y7()iudZT(E>n<^#KBs8&*
zerlIT;c+IB-F+;#C{Fgz6tM=|{rvcVO~G=>NntLmNk!^{(pp=^2+#3arjyQvGEIdP
z796oSigy&v(uNLNxvMhCxnM-cq!PtD^Y%=lp5K`NF=jfXq=GoEH2ujqZN=dDXn~ny
z+jNNjc5RqgM_cQU@{)4j2~UD=17c;Vr!6^jT=r`1(hQnnp+NuZ7B^k$qy~bdD-3wo
zkG@LQI5ISyASPcf=(rJIS8B9&`9`CV-RyM8QUq$OI$-HVkJqAMmRV<S?&UEKOyUnw
zf=qYwxR}OU;rw4zKEZF1`g{nI)G8Da9nu#}3Y6U+D?iOJX+)JHoKxa*oqOeRkDu_P
z(DDL8lKtLQb-?28?MAkOZJ)+A;a8tF2|cp|tNw7xr{R<bA88%s+e>x2=q4A(U6^il
z&#0b1ey`icy6Mtp(Hc1db@HRS3aU<AI$k+5fbpD`O9H>yc2VOrJ0u?0yL|NosfvY(
zA@3*$KZ=R@X6Zxp0mQm}G3rv6U-8DiT@fv_pP$3f#nWp{Y(c8({aw-!KQ8A@_17uB
zKf($8J)?<e7CGW}sKBLFUfiXGv{|DN=DPQ94lYjXyRd)Sbb92>`2H*U$}%r4G)!Ey
zzP(s_|A69}Ejh^`qV?M|#5Sb#(;L;TNKEqR<>k;_CZk%qlYtv&cYA9)JQ@g^p$S;R
ziiwNQ3w8u?;B&6W{x;8+j71YI<8&^P`=VdCxg2QnAcwvViSt3emKHAZST?p@_Fir4
z3uJ0c!xU^C$S!&+V6|<t<Fya@V4<!$KJJ!pO{&U&wd-%Ok8NBtrsC@@f+zA}Gx5d0
zq|h+!ps0*<T!E*|8D&Uxu;LH0F%e(tM=@6jqdC7OmURO6?|rXsocWM&#!_Y=j*~8?
zVkSPMaq76-N-0sLj(F^7C9kQe5S)s%g`Tb-$(KW%_kqZoXU+V;YSs)3mN;7AeErmJ
zsOJ8t`{%1s^QL_74xv`M!?`#1BXxq((ML}N=&pPb$d(iD%kGXJmZV%#vUL0B7!%T+
z#qR!8KQ3PsEw}D-4G@k#4CaHu6Aaou7PXdHqE#k#Bu!CHB=f02I^m5iqZpo=MLXhw
zPcr0$Xj!8FHY!fYbT*cnc#H+{X?PK?7m8aRV~*gAw&~$O(s>33i@xmZ%;Kd~*^uwu
zNXhCeLMfXZLhbXd<PhWt4JTZMOem$gXIxw;Y^*qrndJyGc>oVQft<;aA>)`H`Brh{
zhvK#$4M^=r=9tPVdtTIAIz2*8s)xSW?GDAA9>uu+u5n4EL%d5gpLW1=7L3oi?JH45
zo_B}g65nnSwBP|UIc(I~xX1R%^Mke|P1mCcqyP!;G}CV;j55@PKfis{^tI`*SEDOw
zx8YkEH$^XLKcX(eGLrwLYwy0Qy4JVdQ3Kaaqd%))Ob8<kg?WW|U_SpFO&iN|;Lq6U
z6Le4x9xeR^+mqnqK~np!?UN9OEsk#*<#OdlGB+OMmhf_W8q!)QWKi$0ma{E&$-8|y
zA#-zqqz`Y};wKx|N%-#fLJOm~!w{26CT&K_?L$hQo=G(H8<QPqP1aB0zx7_~qn2dI
zjTGBl*Fq$(Woz`^M00(#f#GxpHhsQl<W>OWqVO|veR1`c^El)rY+g8TZeD9sZQ=ZY
zQs-MiMER-amy1kW*iv*jp=YKXQ4}4;R@nr_*^kEC@D!l2>xJ_hrnSjh)(9>>_OboZ
z6MhzDm2;Scg#o<Pua+`?iXH>(P3{mQ5By4uDI@8jjdQEpUR0h5to0w8?aVJK;_rAV
zI_mFEi>3NDisE$IwubX2<}zX;RpJb`Nd&{`_0D1^W~7TQX8H&dTW!|{EVT|fNmNmm
zpk)5IhQr9NSi@!Xe!sI!O>}V`$Pw!ceDwE9w!9NblkYfkM!3%_c!%A6b=2<rQN&9B
zU(KfZH1c;A>c_KFa+-rzn+_m9^#$rKlp1L7$s1^sb#IuX5NW+??_1yAaN0VfwS6GF
z%fl_>JAq`DvX6!QeCN57jZZ#9k0{Gm$&e?TbHqk{HPzU#Im~ppGt(NTaMARYVCl~!
z=b4b_S$^a0d#TunaZBv0>S7<bYV!i=Qon26RW`ngV-zX%k(G3ajevzr-tzM0tjq~a
z!V*EN;hUP|JigRh3weHqAeGbo@8(f~u>=w9x=KZ!D1!9!u8==_*JH;viCNR~TSe4t
z9|IVv#HGVY*Fn*nw#J@=9Vsao{89BYocduQW_2-tfeu%4oKDDB&TaHg%Ah7Af;(oA
z6lesQ@MhTz#)zvrcOi_>lLhfMR4?nwNUF7orQN4b_!O-C^fJK|BIqJ4$;XwpB$*gV
z`d|9q>stp=a4=5AZXy9ni^~M@i~<u&BL*br1f51~m2LIk`sS`PhhQl#MT5VRA{0rf
zYn>AiBjyTZLD;JnG)unXk>}F%|8n~rKt9C`e&zWYMqS>6NQ%=nT6~0ja55J-*${jd
zpeHdWSU8-zPlQDReznftFI0dA7A84U=AFEj&dIF?0$%7xVAMwVN50W!k?1RVU+Pi@
zq=;dRNZRD|?m{O$B%<_bv!EmBhULz!(ReL=*9gR&JK>sgOHP6GR`eH@(dRKvH&Rf_
zTlmyq;fCeQFv*u?0t;Oohu?NcT-mSqmWoiE-+0%&2nL?!5I;YVfT7GWL>t`rJZIgy
zHJYfdvlxxIb66CVhX~@JRwUUe)GPJ*>I*6O(9zXh$_qsR-C#JydG-9}7CMG*(;;Fx
z$&`xS<;yod_fN7=olhcCb!{8?5<ykQJ7i_JfUv*MuR#RRE_wMW>!XnhIc7^y@LG@w
z4@rgyn={^#y8$^%ZDX8zr2K8^_^4N~w3ZJS9qthTw;L8Abva@da_{EG`fQxhv|Ucg
z@LYYS&w|zYO#04(WuQmY8rc9DKsFK!%7j!5FZL;-^-0=$&v~665xrqpM`xJt9Gx;#
zqxd@}6yQ2IPP41i|LS05_b!&deOiyzgaHzC${LO0y=e!}vB(ky+s+<6LBhNE2xoL4
z>3c7qQ6(Cdw+s^dKQHS%K|ZiHq5+(JSD?>JHuPKehxu;8&E99wN$$>XCW+9nL8Se6
z4ChHC@4E@(GIPDQPfP1rSeSW7Z#Z=zAsHW;U`@J=LZu&!G`cNOp&8=QlOtxleSMrV
z8lV5wwuc)j5y@TsxRlLB@!x+$o|~ejj5r*goIZN%mpdEkTM3kyBTxcf00t}V%)u*?
zeVfIh02%oTAX48N*x4iD6~18<=wEi))8=AK%H*Z&55va(g(T*MxH*NBt-j=lJ$YB+
zIfmAF`xBxBr)76Ul|M+FxGb*q`yS~sH|ivFqmkpiBrnDfG|Zx?!-#bG8-`<DH?^{h
zO2?Nt4qSA~3;YWyDmqSQHmXy@Mfb&v`_ch~=WFlL;AQiz@g;`bg?tHeu`<#ev!XAm
z<JdOK0b3fgeCtLOs_wwYOR8$M8H2wHlUuvRs-hcVCc7*9Cv_^qar1Bgd%cpv(s8A&
z0{wxk@zFG0>*tIJkF_ZM`p6jO!3FyBX|3-sAk8;v@WAvp+|lC71(A9sXL?-Jy({~z
zbuyVz3~5G1L6RAbNP5fvp^vXq0gybsYPc_j>6}Jf&c%w+_r!CY2ztnlq;KROqK4LM
z+p<uj)R2Dn4ff|tRRcLrqV)f2^4s-rB6-iEPKSnDc%PtH6zC|#R&i5!B9RZmkr5fs
z;9`AyQwV2L!pox;!CLd)Z)M;Azz=iDiquHC`Z#t(TC0_vT@9{*==8+0rQ8h0*Mqd1
z1wSLg&xlTpbA<LBJf(f}(rlXx(&e%-6x&(FMkOQlw1bmQ(FKYzz3b+SFY=HjK9WYd
z&O^vt6692TfL~kPC!!@uzRZJ4S3RnB!jl!{m{ztQw^0e8MMs8cew@+}DW{Ubh=^v&
ztUh1;Uo=8}0;$Iqib_y)zL>}lD#zBiCD%PtIXj*5Q(;!6^e<z>f55;CH+VA}u|>&g
z7HY2w;&2sG=?@j0IWy{h+kHCa3>VwG!S$nUaM!v|A|>ww7(X@TH}@Xp+m2r=Fh$%&
z%Otax>x`1a36{Keq;d#FW;Dxi?jNWjZ9MFo1bZ(#Ur&_<BCMZc$!j3-dD+c?9(N3K
zIy#u~mA^vLJH$IG^Ga+8N$2<T6;E!Tu#Hnl$-{Mlu`Pp?!2~URAZdrS&_AfemuV0S
zTwz%BX{6-Imoan5fWPk88YpfCLzLR9OXV-u0qX`Tr1a{xqvzQ)@(_YbkDA(b)8wb?
zs7Y4WLF9A}r)nvY&z7k-cD}zTbp(~(p2>>hr!X6I*1n|uT<vh`U6Sv?f^Q{nf~c-B
zD+Z~-nlY}Q3drBs07;~_zrTnq<|&fX67t35h|>XOB3ywQl0olW&eG$gOUt6%@$6Pd
zrpqbQ5O!VBF>(4#Y#}M*qpBnxXY1|SBm>@HOpFH}%};$Hl8sG;R~ytW3i?}zV*U@I
zR5}3&<mdh)o`+CzN0a~{zh|R9vW(3am4^qpS&_<RDKm1)0M{XsM9djU#(=#X{DCSj
za8Yz5$V0r?K)zFeCR*8-j{s6Q1N&N%=lAo@UJ-V1e2G+iAU_=Gx;igVw-;juIhzrs
z%=siCT3BxVtqZR#aeC+eJ(4e6j_{TZvurD}<23}=rXf#W3obv$6>P>r?YN4}DOYsI
z_Xwm1k=3|;_FEM<Fo$#S?F8TfJWMjCJVv_Sh=n5M1{J`G->j}cSaIOm4~z2}`jL`~
zJOKHOV$t;kmA??VI|U`GSx**)uhoekL@6^E^H4NIw0*W8%42x_&tw#Q7+^&BI@lV&
zhvV3&S!RaZ^j!fH6<ghG)NzK3^Gx|Tq-%fgHQd6;526?L&FV*`qXLM7PHBZN$BAv}
zdj14eWbSZ?M8V016T`%un#V}`A>z!4f%lYrOuj6U<G>Q_gz1zySDv0`5&~qsq$%A3
z=h}{ur#@&M$CfjxY{Ak2*r&IdF`@jkE9ZL@Rn-V;jEIRDq)64J?A<9#u1bItT@j3k
zIb>%Vn{PzR5Q%mpm_M*X`6<4=HfL_%R=NdO2#$8XNLN<%mvq1#dXI6JVegqu`j+`W
zU4%JWVUD~LbPrlds@atQG9sdb+O`j$#<^g!H$?)dRUP$&=H(?PdYl*#iuv+=WGI@8
zM;eht^kR}6kd!!klJ6xt1ayam@_jI~sd3-(5<xWSU6(W?@_hX#`)yBrZhKAc^74|L
zxD=gLFy7u$;{rJfGMfZh;0c1$Sy|l^aUBqi^<qY?kWtr=4-fJ7*ql{0rRNLFY&ZDz
zYnOWS2CpRvAY&J+&D{20BYo^2-2Y)mTyQ(fzQcLBie#_g%eLJ|29KZ+%MZuss?7@Z
z%@yc_>ir8nkf@xH)urKZ!Ud+r6ZWJ@W=7=GdGWs7?szGIv47sGh##iI3FRhJUbpg7
zmF}xH0<+WuNL%d4<Qj$G(EkS_65o67*wX|d({F>zOBIUnew#2C{;9yp(It$pF#Tfy
z5Z>XfIZEmm$O=#;E|5J8=n=En70nHMy48K!J}cc9LK#vM@<kz+bq#<5mDk#$^Z+fH
zsxdkAa-l*DX1u_NIQ+Bnl*YPQX=oypfgogR3b!NuB81ePxbI57XcIn4h@&J7)`h|S
z4eYnMV1L7LoUrwex>>N+L2*K57s=lw=#b<*G(9gV!o}x8MhC9rHf1hcSaExoN$5c{
zn^2J>6W<faT8(Yl%qVnPPayz6T-$$0gYqBJ`1PDW5)!!FF%*&m;EW(MPkYVtfFQb3
zA)^XrC+=*GYlkW62_PpgO-?T)@O^)b+arjYzHWmBr`(Bqws#djo;I_~c1H!NtK<?-
z5Tn2Tor&#=8l!STu?YWeEna^&883E-`XX}Y+U1jo)o^5jzQj)o(hYA#%XR6Y1J{9z
zJ-<idG;||eAb(V(N2Ee8$if?DF`>}A1Q3lnVA%eF>)#kg^?i0Y{@{llM9f_lMm}57
z4@FF0>jUAthE&$iFBi7g{=__RB(d4`a8({cA?>A=T<QfS#GGIE7#TZldbqmiK>gSy
z%qo)il(R%TCCJ|}Fi+ab(MY8@N%|`~jLP;!G;onWxLuyy8p)q0R=-##!09eZkJy}c
zWqdDon6AtJKLJI0D^;Jnp5OQsa#FrgUxHHNS#wz?ZU6wto~3S4(5Z|@+@Y74qbGLG
z;@fK$Fm|2_8*LO8tj%Kt=fa&~_3Pjk`)yM|fX<JRlJd;AK!5%S6&EW~cg|AH+yLm%
zBQF2=gyEQ*iXEAopGTbzQ!+V@LU=My(5(iS%NT&z!5ongZTtP$a}*6X1P}X@0xJ|Z
zT>QhvpB=i2)E%HHjuR*7CT{+L(hkg=;nePMnpU9$T7?Z+572&^DvUEdgxV{YH!x>G
zF$3{pzN2JnYUsTjdbA#^oYi8_Md`l{OQFk{XjaL&rtC-J=}0hm80Eh5Aa3#^dSjfR
z*(h%Joy&bc3`&GCz+a{fU#{jjoz!%$S29-oNfRmz28)u$pMgPC_fCXmxbQ!4KvRNb
z2u6o&#=9#ygu|#)+T4ZDb?xhje<2@!LYB;t@Gdmf)iXCYj$+5P$3B?WAjlNSk=Gy)
z&3I6V=o<;YXH4~5pn8ZF22d73n<)5VIHS)>)!om6EdhVZ<i_1GF^+J4cQl;p61K_T
z_mY)@%XambeU?7_l+UmJZsC&@O3<}eo`g^nhWcQ@>))S$ZkjT$e7r2kV*K-L+;tEp
zLL9GU9faLyfM=c^#hUK0OYAv8b&QE|Fd2V1+kJ?-0;T-oJd3*;qO1v2=$+NNhx)sf
zQ%UFKb~<Sw!`O1pf-@ZJ-w5=)*dS|V5!S~G>oY7^655~ftVNi<86Wg(_c0<x99%93
zh*4?QX$Uz+J&eE9L4j=aBtCwjN*#)KjQU@69knlEz7xO-n6{|VyUR;8FUFt6H)3Bq
z_(Ns`lJxTgo#GBk09lC13wpaewpK)h%)hgYP5v`1#eo@gTaHMDMe@E<z#SNcwWpDl
z*UoAhYUi^;)K><Lwr`9tc`q>a`_UsMQ9Jb*D5NX=IglT@eL}Tgo=<x}y5@U=QvQC9
z{DbL(EbJXR#8DI9mjgNP8l$qxe^SLsQ&SIo8%=YW%Ybq&#g9T<o5Z#7QsWd8gFg&v
z+YPF1%1H~k`1>TbALF$T_J3%B$uyz1cK`ce)_^FIO-X?{V|0xi>><0VhFjdaKwiRl
zkUoQKP^5w=53N30!6e}^+SEvPT<1Rt(Y@hV02@$)Jw^$14u8S=FA-$kTHRB_vqOGl
zfb~BB#GnUZmlH-<lkQb!7C_P$iCc!FqLUoS^H92=E=wmhcCAi?sxYx(^)>L?KB40b
zToi{udc>Q)P~v^}RDrj^SpSwP<D4R30*LUiwPkS{;;l=8_jG}Cl?yZC!Z^0w=T>sZ
z=V~wJh9gNfJ=`W*i)8tTXmYBJvo=lrgTk7j!j5$5R+E+YG?XLQ*@KrAt|@cAZ?Aqc
zx90}@?b$iFZJ@~TJVS8NG#W2(vTqV&loafBiKZHawHqe+n}7Q@>dO*v14NU!CBmiR
zT3ov_qO4|O#3(aC`N^JNC|9cXjR9B=SKzJfTGJvY=6)%7lRq_bO3c5)0zko!DgXs)
z8jPrvw=jCzntDx}E%3Mwu=3W85x8u1cBhc^3>Zt30TLFx{-@q6y@=7ck#aW!(@FlL
zx@?V8Ga(Dw^>We>)|_9Xcuq+Jyjiuo-v*z@HRURN>UL;r6L#*7?R-69wi5I=ll>^f
z{IigOann{!7Lon=y*L?{+SZ&jJYYa!k^Hp~keT4wlY*tpOr48yTHETB384!f{Zk#!
z<7mTx&g=Ch%#P@9d|8>fL|<|eHa{^xG@@hCeCsU9@8>I^gKfR>Nj=;}da^6j0%ua8
za3`eq)f^#j`Vt`+9Us-kl)ZV*v3vT5&Gz-Z2Z%tr>cGyj(q6WfyoJ;*n)v0SmfVRh
z6L_JU(mCgn2Xiw6-sCiC#p|2{(laoBPygA|jUp(lkAzsMrS(D)??!L)YF*y?q|AI0
z7T%wUcW_FJX}u=Yr1RzC#t@3=63u3`F>a}_JIl?dXehOZpICK~ZeoxIv4gL{f_ztD
z*3cm+Tbwo;jVhSE>SdfeH^={p4ckO;OX@kQRr5Aea_PZ|^w7VME?Jki4)X>LU}e0v
zOvEg0U{x*df+F|i9k5dEg9+i6!=pI(_U!Rmgb9pYWMTKetQ=}5Jmk&w4E*jtJA9v-
zPP>2Hc?L4D3WwI5ue9*2)%v4}2-5IC8m*qQ(@7^salqXq+F5vsT(q$GJf*$;`PJ%P
zdBJJ=^Rh%#{yzwA(?0+0>&r*OXOmmWR<}T2iOIq8^!)hxZVHt0KfM6q^{lh(R%kC;
z(gLe4dH%Vcp1${#DZZToPxhl}6-sMcNlOHShH-}EXzR(MFJ6Ih%hHU4ypTCML=yK(
zozU4Sc-r*;vcB#dW|kJp?xro}u_-4}6|5MeqA!7yuQf!NMyX{$PGxCcO!w6N?S^r2
zvPH;P$5DZk81MVfT%sD@bk#zlvCgf>Za>zKv*b0DsNG|(r=FV31;seTu{%F$UT^OK
z&RWUgHi!gsJQ3!=Kl7HDjJc{O`lc9uWA4sbls|AnGj-P7VpJZ28|n&jbjBd9X5Pz=
zOsLx7JZ_n_;@Z05;v-j^pMUNO>F<dwYi*xTay;R{+00ia{(_WT%-3n=12>XoB;(7N
zf_9UR6YVZGH`->)rE|c^#JA3l>iYaVoqfDe;u93UC=M<NN__~*G4B(mrn=s9stuZI
zDf90B(yaP>{)uMKfB;NS^Ncc8Lg{4M=PQ?THpk+<<-wEm>FqGz1DMai=cfv7K3X1Y
z45uCkBQNlazoj3K8mvnToR9Lg@ry35#!%Rf%2R@~xhc*}^=#*q+{5*?^vv<$NLlm^
z9!Q$`m>Jgh^M3xrZCiz`)N8H9$M;)5Ly!7CH8qCYMe<GIzoU|pFLv(Aay8h>e^7^l
zY3hrF1@++H6U&dFO3q;P*-$@yQ|P4u*0^R!`YOjYY^69=2aU?Xx-y__z@T}<cnpXE
zwDZhcBM*c4;Tx3u_Qd9cHd2<))@`WQvg?9zAfpW)fJxpIx&IqXnhh`tzuHxz7;*ZU
zjOB^=d||m&KA=txCj2R1<2!-ra|n(bXUi2zq<6;)QG=f;;-TbeUsAWV_|}6iQqOk`
zMvNhLrwxupzn8>z<upzO9KH41X<p)vK5xkF(9cyrBEY<uTaqs{>vN595F)llSlqpn
z^~7A#;^R*R4mEzCkOODL(u|}^6WDR_Hvkjlik;B9K-Sz~sO$A$BbflUktawBC7s(D
zOUscfJ)87y(Co05@Rel_LEEMpUZ#2=2rpNXl*kM7ow!f6hYlxnq7y?@i#%=wqZXj-
zwc*A1^auREB`Cu~U$as#g}w<ia5uZET?D9`lcwLsrVbhuc>+2qY?b?6Hp^hmRF>&i
zRsUL7V&~IZCA)`IhI<4%uJ<~ujW*Xdxk~%ehN@+E%}$)*-7#&zOx}4W!vxA#amk-K
z!)MUhkWj9c6^&tL877&8%GzEzpP%nJ@4RqLCL9M;-sCVqqwIijYtZh%YVH5{rXH&m
zGR8V<K7A$!QaL_($MFDP>9eUXO&dCt=&FV7EcG~PPg3Cpnj4+674c7oqw4oU8d1Jb
z#|Lv|!CYXOc;a*1);%{$M~dTVdEr~r8Sd;#U{!k4|2`{r#5XiNRfC0Dl$C*T0G>-X
z>3etFrf2iupv7O&0_n$61?khX;NDA$9l{Q|N3E>FzV`Qw6NE;6i~s(3RA6kq(?F4;
zQb7(Zukxd$zpWQ<ZG53`UN9>M*voZf*|PW;9dCJbL8v_=%7Gie#N)x$7EHa;tA63a
z<pxoU%bEpSLLirDG%lLv2F!p(LBeX5t*I!x{x%O)3+eM;B!gZJE~qD^xIJ=(<JPa6
zoOE_0w=eHkEO~cqTl?DOT+uW=sWr6hA?zgjRe#99-tcA9g4uxm)&RLG5;$t8e8M?)
zJp(g<B0yj;?Vv`3%mWZltS=XBe9=N1GNFH{0F?07vk`V9pi?9P;np(Xr`%U!)N0kS
z-~s<91^8#Oit-}al!-0aysRu)*FGs51a1rnTeEGW8?$H=H#iB4`y1Rxo7kUE5Q5WR
zGa~&`rE%YXD<M%v)G6SJy+*}7X_!%gNk4*|1zCAKkdSre3P5L`^EtwDJG=N~vh{3t
ziQ65QlAYpnRZ|=XlIIyw{kMP<M40$VgESoF77M~QOhX(s@MS}(OJ%uJ-Goz>0PyqF
z8y-6f$5`sPCHQ<Tr}s|(mBzL{&Nr=9;keabL#ODiGJp|`&ljrH%sde8=Ykz?6W6lq
zyK{qVl~*hNaMH=Atc=E>FtQtGotnnk#ZM4htEe|WPHwixV7RK)RA&v2T~1qh3I#QK
zK^G&=dzRj+9;SRVv20d3uC$rynI$@KDgMGAsF=MQQ!1@HJ;jf{vi^2W!#}A}2%k)G
z+~cF-13PJf##MRwQKNKY1N-v@AAHqOI$RXcny@Dsj-dthmbn0IcE0Wmo(u8#RIBjO
z$h{zHmd$B;n5qw0QF1QN-^Jf>{4*yw8frQ5wfRdWbDvuDm?cBhfs%a>#mSZ%NIWco
z-Dm$Pt$Km!2LHl8<Ag>u3;v~N(mhjiJ#X-{K_Z{c^15iB4?0**oNtK!%EWFCt1hqq
zO<*vIKl*1bgs4M_er*QMPUT$f!DG)MHNMs?7oDG9UaAr<u9bfJA3S~iQvO)4-AGsK
z5cM{(7&~$p-P)kZ?_^7LgP0BPc)Hs|^c@5QKe9d|os_VUZ@J;YiuyfdwXc8?X~vkP
z>PwXxN#_9ERy#4@49jfW$gyur0HH{qI5b$)%D<OO9HL8FbG!g}1mHvHE>^82bn++b
zy&yP2AJV8#p~ew;Tk>0dbKCKMMApK=F?=rVhZgmY%`8fHaI%aTr+xsGVcTP{AQ1w&
z+8)3U{?nDDc`o2S5v*915UOjd<(AP)o)DR}EYH}u?*K3_8f050<PD83W^;=dS_PS!
z=KcI&L9^#uhM`*j@{Y?aa=)|cDZ=vO^<CdNLm>92a?YQ-Qm!VQBSVC|Hy1HZuyZ|I
z?=Yi9G}O*k)UIBCGjVz}UYJE#saC7vMbp&AaHd^;sy&(+h<*OxdTvC5qS@BUtpa<W
z-5GBq<-r#TOW=NFuWhN?-X}!PFPuW!A<upnBnpOt9ukhdJ4g9V7O<x|7CDmG+i{_%
z7vx^%f6evWnT3m1aqI3)N}c)Yu3K!MR|YhL-Kw?hW7;n*))t=~cRtOqn*4F1VGI7H
zS3IJ-1rlRpxvb^kCHjqUWnYmi<$XVQGp>|dN`@GPTH63^c&CBqoKJJ-E%z6t$>w9`
z+&;t;P=COE#9vu+9`G?Uv9w07;oGYV2EQ&OgnVmjo7xeh-Zs&T%eQzQRqvCws{wMu
zdzqL$*9gNIjxeZ%w*f?bU;Mbb?R&=h<x<t9`rlp9IpC0(S(fK6(y+{5U3Ge7?|ztB
z=f-N;CKN6$^^I$5I?pkGn${|2_;;NmEwSx|OYu<(ZckU4>p`)SQ#xsy8m!hxYTbD7
zTP3z%W|*h`8>XyGk2+=PwYz?Y>ytkC2H*-S(3&X96my|sCk<=p`)#8(T(%|asb2HB
zD!-p6Z$9}DVHX1UzUAxAwJn<D<igv#<k)MNJP$W1w<~O+#*N<E6NHhnfWjZa-_m=n
zFfg}*X`0W7V4*3gK^L?qNIL_TIc2NrcENAt*^v)o(ySb*!x@<~4=UtFu}Kl9+2Bgf
zHgC8XbovlJ?kpR5rOu5qhIm|uY4RDW#cD@K8I`zb4%kpyY$@dBlk`^Rq>k%O(qd>h
zp<vS1@YiKutLkc)DR;J#(6h>O3dj}I9DK>N<|@;pq+#u$<wpnMg2;y9u73l~w%%*t
zQdl%V2@w!n)SgTxuK$nRzqsyLW&pde|HzQR;Hn@P@I(!47~FT@gG8@kw{v}g^>*do
z<2|$TLA;UK6A?gimX9IH1DTa_WbluHuSt-T>cpd))B4|K23#d(S>r|1+$~%`%0`l{
z%t9XyO_!76o;-Mgb~OO(02rURT*;g(kS_JnJVfG!BX;gQ{hywZnw&7K#O7lzN;?o$
z(An<*ipMZ_;>%W_OgP9*hg~@&nM$7c2iDQLVU`e}a@x$8<~784G5+(;LSN!z4LaWN
zh8Gm;4^QhySNK-V9H0LEtqIKPe^%laDku|WE$Tk%0MXQabk%)~rCAqpcLj+%bSg$e
zSG)Wq8xtbMCpn=5)1tr#Uf$yF&5*lYD^GkfUo6yIRprUOvKxQ=5URHqG6*OX^>AC8
z2iX!Z^;oiFD*dRkMJ@HX^Dk^b`l~kbMU$(+e2lqJcs!X<-wQ>c*b`)u9kC8rGN$p8
zv8lfI{j{}cpAd<TWjFO1eQMPYr3{0f1nmcb){R02s``N(377p!)k^q6Bq!%x@*L*l
zF!hAmx`WgwsD&4_?uK!1fs;Asq2)&orIg}fD_uaiceGt5Zu|3{2x2>8rXDi(fQG;D
z6{Ip&0mMidshc(rBKWoD<kb?<_52QH<T}2NUAz9wnE5z!Zw5M~c5Z^n8uYV&wYi_!
zYd$=G^uUrfH{GUPan+eYfYxcHa%A&9t}UiV5NHzQhmpkc&f2z|#>N+4yu^>tEd#I#
z(x^0V{LeqIsSW~^Nh$${4RYj98b%LH_FcR_dkV3NGXShYjMtGh@ZWw&9Jg$KFODSW
zbA>2F;YoIyH}xglV#J-HLkx-GRQ2rR;-iJY&%%^Gs7KVZ72M|-{*+m!$A<EF1$quA
z_)kHU#h3Nigh+na3)~Ix9%-v?ZiF6`H+<|!rP(%l2rm{qg_)cV0Q<aUnZe|`$CLn=
zRi1ctJf|T|(yrt{r9X|E9nri@KI_{yr2zs=U5c*6=ABmd4^W$IdN@tEQR$j-vzxh<
zemyyjq^uoVY?xBl-@VuB4rv>x`+N+M$FX<$fJXvQUzymzmJG>B&#_Hx6U$(d2ypqa
zr$V2sfnZ!Hk^Of2d-0M}bjk@i=Xnin$AhyI!OWiCfwHCioeL!07L35j#6dO2xl>@K
z=o!o8wUPz0k56(MB>wok%rN)_WM&0ng49pUu>`Q-D;Z&77|v(V|5G(J%|M&QE;75D
zROT&UwPVoI2rjcBcw%(Kh76I;npuo>bv2YrZi=$JDKqNxCw*hyc2FbWY3}qmRwMHr
ziQ(n6AHszau)BzK<jT=oE&#Y><3J`x$7o49u_Q$yU7zus(YZkszU)NJdaO)F0pcQM
z?McJ);?Z)%2Ivj=*~f_DivXvMHV}eFzkQGmq|YvYn)9}_By&ZRaqc!e4`ZsB0}-Nq
zsc{Mlf;$CFuwX8zxA*Mv?CkB;!p2Fu_Wdj{P#*?5%oxS+*6K!C64aWP8RSMx7~O*#
zv&%e9AhSKjv0g*wPL{^$=pCX;=^WhWV7Xx*{2+@NRUEBk-Bkom-P<zHcc~pIVFcKm
z@2i?eUT^GAzr<bmp|V4bpl`l+Y_d?5(E$t3y3O1vlITCYD3J0J9g3RcO}K^|(nupR
zpH1eMys;nveWx;sdQvI(NmT_Ltm$i9O5o!9MzAk`Tyt)85Cw<zn3_IQwpqe2DF9yf
zq<x>7Ne^MmQ+#*x#DZ@!I#|OHjs*Mfho~Q$Qnr{Gy0&i>r~$6{d9CgT1tipXM#S};
zSf_}_M{Qq;omVs|3@-MA+5Aw1CIpIwq_;x!RbDfMaWmZyQZ8jzPBfox-57oeM<%B_
z$bQ?{&oXZN5vY{s*^$AUdard9$ZLD$v{|%iSvB!T+$nlqUEA@S5F#M4xt_{_zD^o+
zk)uHu8`3`andx1K6#<%<DYC|J5as$e(sdvPTnXqP3Zw38W&81h_OKKqt~|?wH~*r;
zYc|2nYrlp#ct9{vT9m}(i5y|S^+7HHjkQZuEEHF*Zw~zMG47Ze;&2yAIUr`x-5>ed
z!?NyAavY%18g4qp*7xW<PUs;JES+Aj$Igw=em$Q&aTEOFXgsH42mF`;mA+rF)Hc-K
zGCoQryAtvk3l@1z^GO@a)f;`^7m0M%!dYGg``+65&0DWP{X<mH3LvNv$hYsh|Bc27
zq?dWh71xeMBVE^AL@|E9ZDB&ttf{Ur70<g9bYQ*PKE9*+-Hn~j1R_ke|5M)bj}u$t
zpiDryg*78)skF{Oigzo!yHIg$mkhKNfEAt)*CQrFoZh{!>#_a~){e_v)1)=Cz3ww$
z?gUBmxC+v50~)?h3$4X21Kdqo)239TxGSWa$2PYnRi$;M_7Z_nJct@kWJHphg*X83
z!L7FX<)O|x>W(~r0f>mHG1Z$DHNNf~k@54_@p=Pj&Um6F0@|j5-fLfc+lE=wGDDXq
z<Qz1Y4|%}GI#j<9^tXd3t0VoH@BUz7LTPFdHw7`dz1KTs4Q4)Q77=Z;7Z;clpz*{C
zEElm(u-i3EA=ylmJ{&?^@`6USI@r#d@}Lu;^R3_NR&12bByn760W-sJgsBnc8dRxW
zvYYLTUEq)26v_D%EORa3*2}1(2ZhiqRw({yylDOy;!*&6O!I&4)6~ox=HuU?r{;4b
zQ?`XqNLPb+v?Li-k`F^fSd_*v`dH-vHUX=B?9iEW1c*I4`W@(k6YuF}H_A}yrAH6Y
z6toa97}4E<DV8t7c<7Yl4Z{fw5k?7R!_dRTg}5XGR_&0FvoJf6!v36_PT4LGum^^D
zxVL(fNd?ZDFPrB6Jo1$%_RDCLsxiU&G(U#=^v(&LCSw4kI8F$<M7JY%=y2`&T$Rt*
zyRI=JTIF)k)Iuv?(1{DR5akVZE*NB{-xzCW^kW<gJCfLnzq0!P?sx^w*MiQSlIZ`8
zFR4-;X;x?g+=Vgk6v?@q(ef~lVwe)H0BU5p9Ptd1rcn#fOC3a|tAo-87E^@<?Z@CM
z-2u3k;sn9udBfa?jZXQ<%h{3tl(;`$^)UF*kd4!c+@Kx_(z_g{tCNGOrth=zN<XS4
z4pJ<{cAXPr^M=_HCJw_1MgY_{quJ9)o{B9c9sg7<#pzZ-CWxJ20nsk+18A00dJS!g
zv08ZU4I<<UVS^dA9FWJL2C9ZBA!fZMjQ#U4*UZt>Ax*}c524czN}9njR(T@q%a{p#
za*+KJ?dpNo5b=t5XYr!6G;(Ji_`F(N0~_WwoUxY&X%?CynGm_hH2+j|^aB0A)5h0u
zr=k09enQt^W>cQX1p@59tnfIgRzHy_B|#-FUy-L7+^YJ8H>Eq?f9!y?a~t$ccvUa_
z1&ga$Eh(!^DztFtYo)cq>2T2fsYr*QGcdh!{RM350~kkBJz&nv(qnWHr?qW8{O(_(
zKf`^gmzxpkyKSoY28c<rQ*Rh_3_;R?UX4a0iH{cz82_OGakKrXF%c(d(Q7B0#JE;B
zlRyKODy~J+lX{dei!UwRcW)b*Za-#s=b*=--{&W5Um`Cg<Z@Avu3NOm{~rQ{5_1?M
z)9vfueicrw7guYtBVv>HoS?63D4G8b3Xyt8vDy&ZV*e1N@r^}bYz_J^^-X0n9A<o4
zD*yBy>aRX}^6U6MB(K(_=KD5r9;ga2w-Ow5(#su{(?7!q3#|qS&U^l8?xMzDblNh6
zZ$vP~a_0-9s^>``ng@&G?mHXpLwcJ?R~6`G#0pbqN`GssB3;>>(e8W{9T_(>6ygx=
z6N)q$n9J+-G2py4)e2atBRrA|%!s?IP#<)yoe$~S5J=D6r);K}c5jW5CbdFDIs7Hm
zmtp0Z9cc*-2Y-qc*lbS0<~+#6YVzAZ_2YEw)^M`1C4%?@&dzEvmkb%h7#Yh<RM!M%
z&$S}YF*6)m;L?C+M)S9pssy1)2w9l;Q@TWH?W(}?F~%}r=;h}w&?)N~WBkN`FoxXR
zrkK*MQWwhx`v<ftqs;sH2}r_DTIL+cd_DG=iym|}u`0bM*Dca+hl7x~(sL1dh@k~M
zd)Fn@$sCK@GNo$L!v9;lq9Fzlo6l`*&;f4V*d|Y;1=GeCXe%O`RGvcqL~6}>o+?%<
z$T`*W5PFF5>L1zFn+;X$mK!kcC#_ZbJemzrceV8)seuRhxe7*}rH$nIjAj9`PQcnz
z+h=;998=?d3OavP)EE$u<X_r>m6-!cg|^QAn?MRb|7l<D16I}gKDWK^BdV?-WL3ur
zTB~V>Ggrt-+MG$B*%|?{B}6XWw&iHA9{4DbetI7cS_buZe}rSH`67^B(@%rzqA{uS
zKlIcSikGxz(|!b$`_4tM$vtUqD;^NVpDo%CHiiOyKd{FIK2AD05d`>x6G-E3_elGc
z6P7h&p%T4}tY<Vkgz}JyGq>i+v!<&HpmDf6v>tF1-2!`Oz;fCIyv%$gd)Hs6Iw9iD
za^ZQXkpTskd=#OiMrcMvgS-edZCYxdOP)K;iMnMM?E12d4Ux_fNgPbLN3t~1!NT2|
zGx=jpLx-lr4oAcE04QXPu6#&dzHs7T_NSnc95JK8qJW>_<7~+A|CCobV*i<8vZLT4
z50o%)xn`Aupcx!G$I5pV!48dw{>tsU%cbma=`PNTm@dlhcZDTz0E*Rr%^#U7RT~A9
zk^bIU7-N$s_M}}M8j2T4-xGSHbySOxdXMx>_>~oDA5w5082#Gc?$S9uoN2jYc0C5t
zgU-hXuYX&2#)sOcK+$r*`=q0g;q2No<UQ?6(qe_R5hIEM>A`e3bMx2%e-hh8G78ZK
zvqg4^(Uc9f`?4n<szk-$Y2;3>!^|NNk>ulu<qy3_nU5nl`2I`yn)3VQUu~{`(G8wN
z?x+?Mv@ehu0NQmdGa#9UT$M(D$dn7Oh#UYrTEUSuxq{pQF<j3T%qoLm(o)Py1osAf
z;&BWpc8ZF!o~f?i=5#zON|X<Q45_>ErAhk|t;yp_3hcb{_oLzbnA)Xd*))9ypwPgl
zWG(%Lo+4B_5CMY(MNj<7YA^`n@hgvLQRAHp+2FT8dcf83iUd<h`aCqkC7yJ4q0MX8
zz<j4GKfz3AuSlt$AK(nlq1hOj!^C0|=8foLG`{Z|ck<j9_1&NTzf=lhw>;7kkRgK1
z(>`HasQH{Dlp_W@)#X_B=Z2d5aX^s_j*a-@FMz;Dt6r(JHH>|S>T?!)raE#&a=sRZ
z;Y@A>S2(^#ZX3(IZT)f=aKrLw18kRz1h6i3Xp@u!g66NPziV=ezT`Uc{yYt7Uj^#L
zF<-9){l7-gv>i%gUxNR!FMG&Ru`bEF)=|br$Oma--+eUM<Lja?{w`bzlfPFm$FU|M
z65~MB>^Zb+Du1(E_3097(a1veV_ox|+tX`Hazrk1OMXh|XP*=vP}wAE;bXKZhDoSK
zQl-b~dROksJw>cCowa?Pzcb+GL!SYXwYtXu+ty_g39@7ofFWRTTEdAT3O<YuBx5@3
z+UG|LxR5+4Z2OU>xE&)oyankFq?cr;K3XO7P~?Xkb<yI!k2bX7oA}-McB_)zD)s;;
zSJ4RPrf_YmC{oo`_m`21@+8eA4aX`NE40HFm6QZ9_KOutOhM6tGPG&rxp#Ybj_HxV
zHDUP;rL`Q1?2z{C$}H>dYRTGJe)et@dh*1zTzqTG>5w|R_e!~C(5en%BLFKiyG&Q_
z1G7HA*9hLzrikI8MS`=l=Ao3TW2rtA&Z>29LE7sn&b#F<zD(c;!XuhyQll|~@LXOO
z_+etO6H<F+Z`+b^4_S_MbU2%u88Dt`sZXP9A?=Hlu$B3QJ-*RGdL*60EWmbHlwN8l
z*({hMz5Hgd|5>}+Jo7$Ms}XXAuVPa->(dqAjnQZC^jWAxj(82z<Ao?By@88xhj5rC
z$>&<g6s&G<73^H{m`?1R?+g4e^XDVHIvwwgi-j5@vp!k$ht<9Va#g=f=Igt203OK=
zT(Ipvlx^=@(-r7v6PZ_rx;*kK$X8&wGM*0G&*R=YpODEBj;`&$Zl*{8LFJgR1k;VQ
z+hEp&A4lNp$`#H3dK`yJ%PRdaaohV6_G(N>p|d*$-kX+|zl{pHkW|tV=2CC%VDlU2
z@z<SXFEhnL2d6@49*I_*sctw0pSjkNvM{E7M#n~sY$;v#A);cPEscHTNHJ&IHIJfM
zPlE487B0%dDYIg5Rk)?sZC{VCoagB84>CLNSA#Fh65;bcZCVGV2995b2v9D!$o;2b
zi0k%s>(Is%zXKmk7Zq+;Dj;Vz?co#6#urZGXEj8ab2jC~;Cqoj7ASl+1D~Mgc29|M
z69DGCR(jt$!BC{GRXQDeh<GO#-QnRCb**^Wb4e|xKsKc&h~Q!tul2+5!1?GanL*S=
z?MpC0Rc2-8@{hJdg)`-i;?W}amr-^7jq+-Q1I`Z9@ZSVD(f(h6ql;BPmdrPpa2JY-
zcCMa2tB%)%HdG03T3+djs}3Rn?Y5zPK$B5#*{ycE^LnA#3c2sR4tdEW*aP)&<G&s<
z^LEAa@Bw8#nk5ImsF0<XY7FUng)Thm-Hu4C|C-QMr<T1Ig<c>#2<r3zMn<8s7QYI+
z6AuQC?k$;ZR7dePoM}-il5VIaB<ONg)4uUZ^f(9K?EXz_BmbE3T42odk&d|ehQ(DC
zl+|3@IFIC}Wnp;|fDp*5h*&+m9oMK3H`cuAV{eD>EOpX3*jxpr9CJ8{ybm3?n1U@h
zIf|_U?JG-^0a`(}KY!9VvcQbGv57q~_z^z!wCr<7xc2nCySetZauQcoTQ@#@WJ8d?
zd!E6oPf!1h$lq%i6R#h2p1V@el)B5Npd=-UZL7)ML9<oVCP8)_@z<w^<pSP{s4oV5
zVPZb1M6~v`U$t1hzErRrd!x2r7U{oCEdKCgm)~anQ=nUd-?rj*gRXyr?sh2ZwHdZJ
z4F>_Y-&l}n3-*NI^jbt)aRl1yzWi*+%JVlDT8bZaJ}$guGQo?SaU3tDd^@8NayRmX
zwm!DOj{G)~zlUn?8MC6q!{l<_Ip1bD{`djpq*r5tjo8KVd%`&_LL37!dWY2(csA4Q
zIa=r4Sc3hxN99YCHiMW8H=Yfi+YU{HW+_DZksd3yWn7@HlP4&^u@_TKIPWZ8)qWB|
znxjh}bO`M%IEE2QqS1(R%$9+f%+T)J7nGrm6U^{2<d<6eDQfnk&hs^Cn~V#ri1Q5f
z?Uqt;W61aBNa=-F2r_oq+1B>g<?sMQirU&^!(Okvckn@;TyeSY+n00YE^n!=uhz>s
z5v0yu(9mr*a(j1Qr&<3{<m9DGNS-Y9X=->)^7d%{I{y*a=$oA;f&Hyy%lgjq)VAEk
z-?JjI$Ok(Qw^0QT(e1z(O4$WFnKm!@B<$)v=Z);tgrMDRC1&c>WvsqdklP2b@5l$C
z?VN};g)G86_ma|!Z<etoKBqgF;mh(5dS`N#%DV|@`pwaGg&I%kwl&wA2&p<$Vb2#G
zU9K5$KK}Qb&F>H0K8@!H+<Wj%tZv@Ro14`(ic&Y!@`$Fj7u?phEd1)LG^eBHt@Y{Z
zrthG=W~OUDj{M6)d`Zvae_v^~u-{2`q}huOkv4j3miD!={p!N&{(u$ok9#tKeU_u2
juENdx|L9M`26f-FtS8FRn3TV1ucfZ4eZAnC)!+XQK_f`(

literal 15428
zcmeIZ`6HD77x#b7pzMT5GNZ*3Wl5oIqmAscR1!*|1&Qp;NLjO#gvee(QBigyYsnT#
zA!A0CD8|+d#>{=@{ki{y@AtR+hqBFeUFWr(=Q)pat{6*mLjm6Hya<8_oH9Co8bQ$T
zEgIq81Yec|zOKO+PB#NH0|a@K$j7+I1wZrLG&<*lAc9Tof2ger#sv7Kr0<EdzSdr@
zzWx_)T|sVMyz1$z?0Lmk=Ag2w@&UC4nX4%XqW$62aRZwG$G<;$l6DM+lDxm4GNyE+
z$9P2c7@_wB5Gsw9^cpiLp~*61#or(QIs4e-M~rF8mDMEU=a)b8UitLU`2A7q<EM)X
zI#O(8t&A58=E7Sk4w-z;5_~T?lOF{*Pw8E(uNzd)5wB&1YHvJud!9I7He>w=`7`_@
zD~rkUOPJ%jD}0oD=l}cf|GPO5X{)1cSWDEiPR?|gI`uUF4*x3uPNi`DbeZW&A=AG`
z|Ion!l6omCm=kw1;or)i2h1HfzO~cIYsBFd#@YuPryjf+jTYiD6Q3o~?^TfXnLpFl
znz@oy{>Yx{6Tgs}`C?FlalPK4bU?2(YHe^C&m!44&1ApJo)LJC_$Gug(m5W}{gI&;
zW%Bt`qpxXko=!c5x6f6%&8)P_Yo5Fk@{rjsbm0ZQN+lg@$Ew`p$&W}IqL8L$#;%um
zHH?W+fujlWL5<4W9+4ONj?|@j;+Lf)44pK{Jh65W<txF3aI08vN@#en_Vo)<|BAOu
zMWnX=2J?>4?}(1}WdV}>1`cV8KqJR-P8KIwG^P3au)eo#F9gnf#XC{U>OPQC*T^rW
zgk&BmAh?1@{TsR}QyK-251#a*B}+1>U2BmZ+1|%ccXx0h(Ro=#zD_fmT`HsTY9p%w
z^V9Pd^#xwNZ+>VB<Gx!Vgz3IS67v!%s>kF0ukO|m2eP|U&um{jT3A2~kr`Tcq1V&a
zgS|ZNPyU<wi!FF;x<dQ&(9`t1K-S9xQaz{B$yXF>S3@jZ`>R*<ImX61cQ0mhqzzJk
zU_0~vJYSl@zb79|!Az&PovmGd7Mrdagt>8l`rpJ~>^>vuzb5g~nt59};%xn9Pbd<n
zG;Fo#1&Y$EwzgqYCv44#1=sEoPq!=LOA-c{>I50vLF^V5Ec3S#`-S1+CmVdWf%8H(
ztFJ7IDda<n#Cc4LRJHMy$nK;mXTIlarzbk4unpB}#ly*a=PM!?1>7HBJym^Su!PcL
zUCj7bxO{RgR!_KI?#6M%;{*z+$+M$BFRoi(FV<R(QzZJo>+r0`^|U|EJ{<5l)3r*i
zG$J0u#7Z>e>T|@|OiW9(2%vMCVe++X9Ibx5O8w~5zgf4CrAJlgej+MduwI|MC7SeA
zXlZ)`t)ih~3*svXD;~b0s2`N7rSg=2nPKnZyIJ(7A~TL2zaxEc{rWSaxCSR7As0a|
zoYA7+)snwpwnD4Rz?=;+b_uBz*JYHYG@L4VJFJ|~iTpec_7-a`+}FaM|CYK|-p1{<
z|2H#>C`vRy6i_$`Sk%(1!&KVxFZ(cY=i>QeO3xXYzrCCvFs8(Rc$Cy7ni@%Q<D}Rh
zQ^oqHPUc=H%X-6iPd}CY$nV=GJU{UlG$`!f_eoI2dLY8$MQ3DxE3tB6R20X99En3C
zz77`|R^Ea`E5&`I!?xZufhN)?U(_~#=5fO6(fW_M>2cl94*Yw4<X^Ls%|J|{jh}lA
z-RlNe76p$?xV4?hQD3Z6Gn7%*E;m^Gr%inVFaL2l+t<aVU_CBdlQmKK@+GM%a;T-h
zhVvkPcjA&Uj+{Y><PcWnMS6G6+Fty##e43Yz&@LaQ2(c@PG*wAtXF?}q;~&w>f_MO
z78Mt@ZJ#A>Se(&be(9;`7Q-5qs|~!Tj3NnZ$PjQ~fnaYlp0z=#D?b2V>&snd-(X9x
zGtUtkvUKAg%&EXk;>9E~Kh*uxU*GgCP}Z5gV`28jj4UCU3&q|kL!GzjDyO$@-0pKY
zWL)d@kmwm%)bQ29N9wf6c9;6<wCfwQD$1P>rl*H|N&+|%OQgd}?};?3qj1BP2;pB*
zjR32&@sjOfDnZL4QJv_Z8T^;<2REM_|7Fx+6t8>xUPV%Y-?ZeyCi64ebtfk@o+^da
z$5)Sd9ikly97nqga3SuAGuIX8=idccxLOLa-bA$=K4R^;v`X2oZnpBQ;rq6~U9!5p
z>n|&MO@ENfTczX{j2kB>C`U9NAvtESW2u=@ti9NfC#8~I_&u+u=C|k9SMT^czq&gx
zS9I&iQZcXZnQ~6Ovd;Ia9t+4K?i{>`@JsPX{B4F+pl5gPfqyww-}Z&-21~(Zrtmy@
z<%7opmjxFh&zY6luI`tJo&9k+vd3!RkJCpfX#yU6h}OUv+pwNj6vo?6H?+)bh4hqr
zOr$pWZmZ98q|I2Qux~W2LJtRf2Nn!}NoimQMP7UFl|{ID;mkxzGHboWryj>IQN7&P
zLbQ*?nS0!)ttQXS|BzKaaO^L2i4uP;b}#C@iumBWTuuZ9C+L-rH1k+taAA+cluPoh
z^UA`5S-&^JzfQz2=;4<ocBEG~?&FASk^0qhB!%P`Q`d0s47$(h;XFUm#lE<xF7H;Y
zr`Xh^cuj_UmY8dv{=L7cF|$3szB#n_Z2{T(zZ<eDDn9y7Zcg${!Y9Z&yYs*_ad9Cx
z-6C1tvn{KaMZZ!td9_Qo5Zhs*gbuc?Gty^FY+Ft|S1Vji@l49NZKj$28;%2?0z#1T
zqO<O3rQYbgw|FfoOWZXlgHk%_+5Dv;8RG@x>|aGYSEUj<zNmck7a>$zAqeT(#C)+s
zIWf?}W%RYgFRJDx8-(8)tt>&zjt`WVl|`sAXoOA?U_B^lIegh=@=9+rDf%4hg_70{
zXJcec6!y=Pb*fWw6sw%_^1AIlJ_7kPx^L1Zc77u_U<#EMjz$hXvs+8(@H{WuBOT`_
zh~NF5tI>T;I-%bRO_+o|9C%oWMfMpw!iYaBf#g>$*)Oc0PZy!ixwUGG;yAdF*Tq|j
zfAtvW4_i4VUvfhDD@9(PO(Ct`4=6<UDj<!S*IK=b{ya`u40$sR6D4AW@EarSvn><b
z1V36M_bH{bt;3hD7&lrl>jUIDVostE*P^Wrxlycpi#l&UdK@XsZzdVppj2aPJ%zmz
z2O4+TG8g7!{WX%#iXmg1qf}CzL)LEb6*BQ;=DEL*s?g4sXaWM33mx~MOU3L%BG2=j
zePQesdb(~Yyam=g>)PCvlpnsOI-2`x4m09g#F6}pDe;B(KUPko5m4c;Q7r0#i+0~9
zG|DX7<(!1wtPA(lAltfS$GR+{wK<Zui6MI&4$%fa!elLQH7fkAK35mNv{!nys>&LP
z!J%+>Y|EXj(&J59e>jUiCVN>T+l_<0`YTKPzx~Y=l0{-ppm0a41zC)5DY=r&O<c}T
zz_G4)ES*OO+5R>p?wQ+zdufFv;Rcpd?YA+nxBlqgFGi3YF~%8hm0ua;)8-RC4;Gjn
z+IZN(zkiDx!E9R;(Eug<i1zcD*KS$lbsi#P0H^-F$+E*a&FkHFQC!Y~V0`ZqrJJJ#
zl!?dc@LHfQqenP#RpTNC3}|dpLUHi54trT=2H1_n5YFZzGN?K-k$iCBtXDG0uPAFb
zS(<GqW@3X@lR`N52x);>Lv88^gKt<xV(Qd)OXSIzJ(_nsF-Ci<FrOIGa(1G=r)YU>
zFXhcoImKpD4sx*QElY3y4z91~lJz#c%}6!jV?HAD9PIp<66APy{VMCX0-|Rls554V
zZZqXMtAAadV^=(yunkoDTqT(}uITM~SCXqyeoEvuE3Dqf3N5@Fo@2WDRAOZz^i2SN
zWekO?selM7x(F3_<}{lh<-uiIBEq{%n~7CRyD6E`XkJ2o$M<6ivSWIoV<BcEsBj|~
zr(B2rYQ;E}XqPEuWq@)Izs~b9ar6`qZrKVE=9s{;5-?0b>`DTieeeCn3Ho^^1eWG~
zOSEvH7;-#wiAuU1p(T_Ti54b&Gj61{NQ-jo@*=xlLdY=^$(jq`$48)rg~8@^@lcsi
z+Yy6sOBi;Zu@^H^k9ovl_6jYYvY=nAfS`&oAr4nGG8LJ1;JS~Ca3NcM9buRRFMHc-
z%^6B^$v8hk_H2URS_dtOt_6Ii>L;LkH?4@=tfBi1|MFwrIbyeZ-n*UaXcU^j4SO*y
zVC3EGKr_p3K?}QCjG$3uu2Xb?y>Q#$9^@m8&%yJ;iSynt<lV-|C75V#XL?UOy4UqN
z=jEu!(Zh{$mE+rOmGEaqa>Ffi5Sd@G$wUQ=)2mI(RP2TQn4a-SbT8`NF^k$1!h;e8
z6t@a5a`dHEwYg5IeL9&que_jzF%%;R=5osTDInZ?Bk?{8h_sFN@_lA?YV2^cT;&F@
zt<uK3s(g+M$51%#twOr;7{gba#ETc1!7bx{nO4Y=mwwad3PqBBzK<0l+=QjN94p!r
z-EN`eMJFj?%En>*TreIq7qYX7N=rod%D!vvDf&Y_OnLw2lV|<efmo6_7Qq?9LW<m5
zFl-%v#&#W`!~r4Zyu3Jx>Qq9U0%}?h49`*h7afpUafu$RfLw4j#(4&$SH(jJGkt^?
zskv6)PwnAXcBN}t!YBO#;yXN!Sd5r!{OI~@`-&<+4oCSST*!s|C>C?QWjxQ!m3rA$
zGT2B*P<{)S%$^aGMqXp2CIU?;b*68=hZf%D$n!m<p{o8yok$X^hKfTCMWYGkB@L5W
z42z3&5Q&TGt9O)9N-Z9)$>5}lCmkPS58|{fk=|25^eI}Ycp_fIm42ojo03?`V~FC0
z<;x?$9WK%<xwvFr`tp4As<s^Q({SYZ7-kzLj55eWazu;EX2|%cfV%SktI2X$Cvq-w
z_s1{$3uwF8;U2ki?;>TC(*vw2&Qbw!*HmZtllEbzZp<{ZyjQDYg)EV#1Q7ywmYk>C
zm>!0xXtXu@{e@kghEipm1;l;&RRlXLq*poRjE(1DJjJ_9PTe=M*j#5X)=-U)OXk40
z>J&n*Yz=3~sjwu}s~jXpx|2!@d>Wurev!TocM~&4j^0HRa?}{wv1sALvo;skuTV7J
zsmbQtTIO4f5WH!C!V%a?IFfL^Wjxi)Z`#y0Bfwb8?vkDu!RXdLl$3csr;L^u!r3Cl
z+<hjdeLn~-HppJ<WS*oL;bR_W&S%(!NHY=E_rY_M#*ZnKfA3%_Y;8x^GwIHpPfnt6
zao3*Bzj)cKa^Oe2i6j%1gS6m2<mwi7wW=wg*m}R88p(QZySVTvPmhtkHSr!b3N0-9
z2=N6+n6QmW#-XAg+-cT!?~jPHU47aUEp)mu7L9CvN2#>=M*j2s2ia#E6O|7R%X{h_
z<=^}5Ih>6sE=2F$L57gN3TA060WExNPIm0Xf&pK&0z%ETqsukxUsgcWY<;yd?1G$g
z6<Kuu*3Bxad|ZfGG05ZFjMUHV(s3itukf=p^1$PI4+>D;SHf7&i6I9+gwnGMqgdM)
zzDGJ+BA2?WIqNotDG`!%*s4n}CW(`J40%cB-;*dKq)?=nRKj*h^qfsPV#rw=AC;0$
z>H+fiOYL6Fr^ir6(S2FxTh>1$h#-8t$mEy~L-T*Sn0S#J!v#`f(x}hUUNA_wn~&fu
zyO><f`nwbmo^d<$>0;ksE|dsqo|C9X{((PdY+T1rFKoNiOr00x#i3LFjh4<wjGm)?
z3Q<65!DRGT{ilgR^s=pqw(cstxTA+t3D}Ld^f5y;>@Lf$kaRNEK#aiYvme!ZYGb9z
z0O2`?BG^Idc;J{xi_1NMX5u<L`3$DsnuL9XXyqV#vcN<8@igmmDj=4SK>S{BdB*ut
zREXDzn-`a7+mD~oW8hyTN;kdXetH5$Xs_lp)!B{Nk%Wj5T8ejU)OA1zt0VVamC<|;
zO%MWw{rhy&*%~6a2A&frqdik(VrYt9H~blPujnHh$%F?7elBMGf5MokIjzi#xO(qL
z-CJmHiP&^07M-M!LeqnVDWbTLBFR`sF(i6M*7-pI>4#VwcB>F3dM7XLQW`lMqjMsp
zb6D(Tsc@nS_hy)Oo5NH@7V*hP_S}IXdA|#AFbJ?joF^R6f;t64m{~VzQxHVL_ma9L
z$w>TtD@0Yr8hwBxu66y(a}dl>;atuZaW0u}9rJZBJ`<bAv&dLU*e8&=C3WzhMym>N
z$-H-n!h28MrYvxfkE3w?;JHGB&eq9c+=VZS5zZ>Ie)T6bv+NhD!l`*kV`>nO*10+h
zkH!3wy(oYW(N7l>@rFY9s3ih51HZ=#89NU-#04~isHUJFBrhvtu7JFu=zw2Qz{m@S
zi6L6KoCLHmmY;PQ?so1rV@siW#DqWTWmJ0!C7gT9QB?H3zKrbNL=%<-T1kzuI}uHI
zY$K#M=XX)qn61vcdIIV5)hBc?GWOuHBxPlC;cT~2H*+E3FH#Bpt?NT_m9v{}zg&zB
zARPS&pD%&UxVA9mPp3g5d%m?@KQ9JNXta^fvPs_=CGvVnLIGuU92H&A_rPfjHp;KQ
zxQ-^c;GH-P;gsbg0%tCAT(BA24{D-ijeZOJZT+WQ<&r&HB6V)=ybBLMy+$T(#roTE
z1kp2+19%dBj$^qH4=e5Eit{|%s$)fjw}LNHFfSFwdfB<s=W9(uLUv=ob}3_AC)gKG
zPOJtmZ|BI<OM6!#^!=+zBPn|G!MmJXGRv`1PQq9xI}W}TD)D@X&TdDztad2ZZDph0
zW<==5+hMyR``_A>aDkmT6!$wyOFw12!&rzFTOCwL)jG+5+irQ4LLiC@-JCwai*r|F
zeBtLsj<hMEnx~@IBLrk+3KWpsUk4cKY~0bfK^YfcfFRXyKu~|)4*lM-0D}0K%{sn3
zTr$4AE{U;;SP)^nO-S9YQ3YgL%NS=0()bKSlwS4b5?y{f$l*m$(f&Y6!$oTq6iHl&
zFs%yDt>R~Oj(sYItddSYegLdG^sf2(2s>ddwxdS|$Q<8ng&cLRSNub?2+8~oariOH
zxX34P{%5SvyY8cVukhn5B0)(@%w|Mh2i~j7{vIGJ!%A%m-y&^*n$DWJUi^CAal!jy
zvZT%l+jcB0qY;J|X}Y+`1#yI=<MZO`)QN~aLviR{>HlddR!C!o%zD9~AKL{Bi+MzF
z&qaJO%~%vHx&z<}#^V%<p38U&;m?_05pqKj=-zYxrMDgwrdRThn@`w5TUg!BFQ6{}
zH;>IpRzRM*K<JmzvN0M-7LtPJ$B4j&Cv<~=bWxa|&D8b~_<Y%?+ls`$BHpYwpZND%
z4J?~1eh~YRi&QvGY)u&sd|H(~d^xh)av(;2qJ3*GBo!a6&_}^=N0<Uh2;q8<@}#Zh
zh1@(btAKb|E8$bgiSHq@-1V)f>EGwp&`)i3g7y&RFUZ7+TOmVDY*~z5FaJ+DVM9{C
zqb@`I$}KBnqkx3_V3<;pOe&nP=r6L)zZAW*-vUJl#w%ca$<b)x7qGPyrz~%lOQp_`
zSud$)QGXPW=sl?-N#LbY2|Y2Joxs&{w(+z6yf>NH_;!b!Xa|w^xz?xHEwueg#<-jC
zjGGu{^JkmCR3C~9hdacv59~$)Usd7H0ayf=q=30k=HSY?@;|w}dj=Mzj-G}*flc`9
zP_1aTvopj3wqk_GAQ2<aeI%LOoLtBo%aPECs_b)+jV4>fZFV~tjvjkyM^|bm<Fks*
zO1EG+2u_e9oV*G#c7yAo*On=GhBn1u`%(^~RWv~?Wh>}<{t197{CLh-G~w*tztty3
zNG}yoo(f0<q`mu<zP|Y+(GrTe33mL^N+nc=S?jpF2#O(2u#;^4`d1g3ZXc+IwJ=(f
ziF*I(jhFu4!rTV`Q_}!yBmv!fP@SRP{P}KZw=(heGykhMu3|Ua!_973p@(2Ui$&@;
zu^+6II9k-lAt*cc5oF@<^IW8}<jJZ}%8x3W@9lpUhn26;^Z&w>*Dp5I?l8v1il}0F
z3AUi{vUBG(MyV`v&AD|o;e))0NN(LcW<EZwufg4V?Tbp>W`B1v!eLu=C%^4Xz#6|d
zQpkzj5X`G7uFv0A1Q89zi3={q7@~x2`&EiMdnG9imtB-^@BdqggE4_tZP0#;yfzw<
z_fSBgc^mh2H{*X9d*iu=z;m_~?FeXm#knKMQD<6SoNJ6TB|qC=im6>HPP5MWsel;m
z`JeuT_CE)989=qz!`ry|zogPT`_0}zRVPRE!_C2#H;}Lufmfg~uO8!Z&p`qd4OuN$
z=@R~q@^h)ULNLR<RF)l}Yw?TRL+2>YZ-g7yJ~E2bKMGNAOG$!$u}R}zO4v2<GqY|2
z_gahsP_Wl(y~Jq8a{2+eOgf<dkqV;>j+)@^@ZnaUlB};r(UQ_k>`d0Ny#T#)a)YR9
zm72HGMJz+jc8I-s+>5qk#*9-*K5<nf)X$?R<arS$WTc4m7p>IXk;ljxr9j-+TbO(*
z<==?noEJ_L7^7sJ$QU(nE{KPorKNRg??tX0#y>A@ewL%{P;f?7HtHuZ4Nf@9KaCsb
zGFF^JY<I}KNzOrA1}zP)Y|OHXA5MJHZrR}D2KuJD`G4xNF$mr{h4T^Nt{75C)_)D`
zZ-5fUbr&Mh*Ds`l>{AKqt)buL-1Md{1fJNT@a6#lZMpWPESgr9BFS8z6Q{|`m;!#$
znUQT|siWSgpwv{5$<w`k8`lOuQw=Y(!A<~H$XCmd@BldaKnH2-X47A-Rfw2S+1B|U
z*GGP&J#&UQNbHfgnHEuVEMI1+Bbs?~$H52U{pj8fNI(6VyLsUWJFbaN7U5ahoJp4}
zU!8u}=id@8dQNR0(i&6PvfiV=#6!?--QeYh&`}2Lwwupqk{E8HwIaeL=+}CUWRmkJ
ze-#Vk%|bU3&`77HHY2k`Fnj-8<*N?Qb48##JRAylE?FbrN}9emQ#J<PhMy?DHHPxm
z=ctKCBc|5cjJggFd%3xCgQ8S|7jJ~ZrAy%Nv=~wcAP~Ru$G{uUQ3HtV;8!^(%j&MF
zxb>10=6(x?Puw36oyV+5)udf}X1H={94BZ$l}7dL1Zn>41Wp=%d}N;B3ACu~m%T3I
zO!RuOndfJ&Vqmo?(t3uBU@2=fTTRGfTvp1+z<d#7`X^=MQu0DpAM1s`H}?0uN1ez`
zs#+k6qXx!hTDr8Ux*~fhtxT=;!%Hjt?=hVP5|Go>6P29D-yvyaBE%ZZ*J>OgYu2mg
zvd+y#qpi>NzS9WGAVfcwsXboxXGaV@I!(AHWg~uHACMcYN+HCX*dAJ%T71o0t{_h6
zC{ZM?%PoYxE)rrzSyU0@`{txt@obT*@qZeVejW7`a-2KA$wZHoD*TX9GmB$%otr^?
zl=LMr>e}Sz#a`Z$7h4G(N{Ukl85UN6W+&Fq`|L$cGDIeIMEipNJBXG+bT9vH%#6oH
zL*zqELH%j4>mS~!X50i6rBm0WV9eFX&ypUD9sb!C+%bB9k$C+d?#R>X22NRa5d*gi
zc(X9gBx8+=cXaT2{OO${_{6G&_`N7_9jQ@gzaK9^()v}WPL_&SR>mLZ@?9AdUEEMo
zn5#2)Xm88B(UIwEY%k=l34X3n_13d0i=i}8jzhYPM0Hu`VOdI$hAY)3ff=LKc~ln7
zm7~YlAdyDP)$}4+-mTJu(X&6&Ty}yXAf<T_SBuaL*@l=qc!f=dZc2@vwNKZ4T2I?d
zvE++Sl0bZhCSEqbr$w?_teZlAWHt%1dNcxL8w0T%BjAy?wMv7uoyc$&>}2Pv6O=W(
zh{6|(+Syy8&MVxlLekXtyH>8@|2<<q3YjhYT&w%pS5Ov_2FJgvN&v6UpS5MshrHMj
zvD|p+0y@lM$E^zzedsX()_#eO;r=G2V1rST;Il*#f;p`Izu4MR37Ub_yz~%CFk;*x
z3!_n(wI5uN_xIbj+<dtGtlRVaaTLFbkAf-#5t{TtGB7z&Vz!xQfA!k?&ZSeLG6<;P
zlh0JIl|y5zV*YD*ji%a)Kf^>>!TM4jV8xRS&);S+oIdZ=t}{)o_p9gW`Kv1fnJti&
zH@3G9|NfkG*yQ{=OrtVZ(u4-la|TgakXXuX1(!1OJG2}Uce+IqNf!QeS7QQ;wmVJK
zJl)6m<8|~a2uL0q2YZUsw55pI>z=k>$o#h)d9)VQyt(}xjCgT}mfV8q+52xO)vifO
zYcHRFKOVUARz|8dx>o~CHWy<*v*+}-XOIMH@oOt`ay3dZ*Us+p*e#`gR$GIS2uVMr
z$k8dlPg^&-TpN7qD>FXZPTZ%E-%%|8q$x`fX1-<z%?~EMk2l*;Ot`T9#pJ;+f`hSu
zNP3loDNhKyd67%`dW>MVzt=T>VwmmKBYyer-LfkD?FrMDP%r9O@}uP%eHw4nh~fSl
zl~<=koISN=5eU;{!~ySp3ZnNkv|O)zWY~3RW+RnwXRqqJmGa2T!?%kNo6(Jz7-nJY
zaFZNyC6CH)X^q~YEN#YvO9F%I7N@V(TdZQ4eJej}U)9Yk&+o?fdA#4dgZ@JDBc<_1
zhO!u8QClUb@YLh?;qj{qS%I1j6<xKhA)P%%oN2p6-)3`tfdf^LVmSYGJ-G+u!AOX;
zxpk!}r*7U8LS2$i#(y~Q=KB*-e7N6T7F8+ve@mAA1g07f$~I<hSk(N~m~^@K2&sVR
z<Krz1bF%Wv#d_7EKg6D^-zWSW#xHOhZqEsy1+Bw`888B;T+E64JV>f)Q#*4wbEMeO
z-+a+6Vp-~JxIF;1D#vZ<!`FD@=;dcG0~>%$ztv#-3v)5HQ}W8%vL&p0HLYLSWcbj1
z$aRb8KHn|Ty}Uq43+q^pETVJ<xeQ<O_#2=4(v5p2JgV5l5-7|rS_&9v@Znxj%~E`-
zLdvbad&gJlHg{$wXw`nf^QcNl=W#ZI7CxY8FoNsLlE1~>0k%7uA>NwZb<#_I>1*Jy
z-p<}O^jK)8S3awJU2^i^=RUvtcOYxEW>iD|&PGa?wd$2UBUuf#Eh~8~A(uWBak@jv
zIGAW=67gOZ0<M8U8}D1M8b}QN*^6l$PbxO@pjLNv{@SCy9ybU#7M~Cx?Ke^_i(1F>
zE^K4Ar;CcGi%NXbFL`?Sf+s{8$x)>x1ojC{Rjh0#8^;JtR&@0F#q9zd3^-dCcNB%2
zP9Oa6G?F!{4JLFdp#<F;wUzaQ3ZbU5U(lI!M-drVDPGQZ@;*}C<2|`1)b}s;?MzGZ
z=)m4**@JS%USY@mA#b_1GDwt&TkjpA9A+eznCp;z1sUT9)-*r&JxC0;sEp&NK8J$E
z_@eUS599{JKQgOGgPyWEP|NYwbq2(Fw1inxNg{iNN!6WjP%($f)B@&MUk~Z!pKozC
zY?u{My%$Ol?6L{=HeF%Lmm{t&S?<)Zym|3vtbdT-o(`|b<8BZH8<&>(%U`5p&wz^e
z7hQJih<7LgzAnVf-U2zm<YGP7d{-tj?x*i)QReQOM+<Wxrv9lJJBxyZAa`7cksR<k
z<KSQ#@$3jD>`G+MLaDO5a{2IA!_67{kV#SQXLzP<nY$5bP-ST`N-~=AFIo*F!427F
z?rD};J1b*^T_GAY;az%CR&l{0{eW{;o(hm~S~|mi;e1e9j{?_G)Qc2WGIKxcb1~za
zS5Xt)MX~np>3T;#i>02VVc$~PxxlMZdkla^WJw-#hAb_9=7ao>DEzYix-{p~gLcz6
zi&yMkh`0|2=Ic35x_<81-Olp&Te=lWTE&+?!H!OiREw1s-`8%?be(@i2{Hoyb2Qvv
zdvkt}CF|SYn{tOGtV4AT3-pCX8h7c|d5Ypk3vMxeJKaO{)le+RrE7*-tj)34l}=Ja
z=AT+-IOOBcH<*sN8q6F=sZO<(CFsjBGf%lGU;XPFcK^!&JOJ|Bn&PlF^(de0#G7s9
ztH7wnmmeCJ51mJXX1Njz8Lu+ClYT$NXfv_dEev?Vb{ZM~tP10*o|=AWSm~oCMS8Fl
z?L0c|HoBm^p_BIN)>xSC*9|A>WDx{zofkHs&XRwtX5rxj-*g6ZES^^ut1K$X;UgTT
zg$6F0FZ^pRtz%&dMTA>TF7E~e>zlcLyGN4w>VOyKv)8$zO1Ie_ZcbaI^G#!LGS-4t
zc~=A>f*A@+k19SxTvK}-uiLDzFu6N*@);^MF<E-h9yM)S-KDfltv*v1debG#VBx}?
zDUa4oVikr0b&7<ANGQ*F<6i^t{_=}&bd{r1<6m&`IT9C6=*h_BQvK(DPb|WsD>v`|
zFMQc@>d3nTGw?uefOQi`v$oI4_{g1HQhP(`P7EmArs4Hby{s$PEjwdjdC`V-ADzP*
z&CDl-EXrtyyzlU+ZVZ0>A@g2$-Li8><g)ITI(DTl^e7KO8pw{DUh3SfFWV#W+tS@G
z&0I^KO)zD#7Kw(HX*659GHP;{iHlI&?9MP?HA;iz?BTjhGB&IRiN+@+srED&C8_}U
zxdjkJFIgp^Y}J@XGz+CK`Fe9&BD-=b)?F98U0sZksY}uNyvR^9KV+jV>!WRAn<DWL
zz3*zOTR0t5_aluKYKdk~%a~c|Z7JsD>9VN7kJoqIS3tI$9=TmluPTR3-k`Kq_zb{t
z6CtQM#<i@E0C_wmMu_%S1aQ98Ew%GilsibZRzfo=<Z@?-silMH#gnLLnWZfjzrEd$
z@kGn>BIvi>+UfUworZzR_%sDYBfPld=}P;J6Ad$<VdQYQbtjyEM4h3sb>2<N$JjX%
zUjR(&<?Hcl3*J|grH@32u<LadogVb;XW(GA3?5^TqBN|?eO2v<L>c6f_6|Z{z$2RQ
z?mh!qj6k!#2GH*@8?;8&Cl{?v3dqgLgN&%hFNQdYx-G!O#5+v_N?O`W0A8)ZA1VLV
zb~fv~0%RoHqXV!OkJtn<++R2!z`9b%L;0%!)m#6nw-lDlaAxmJ0L(gKIwR6pts?@Z
zndgUU%T3#<iHCS`JKp(fSQz6T!Mcc5lJSaDTM{*SaSp#ll7?@E)2rU+avlc)zjUkS
z;kIUd9tFgE(jHxv=LUmup74{jDwWL=79&(aM7nfq!P^t&ZW9~c4*A3Z;)SVerUXSx
z1N{CfHyFTiA*gORjpEFEw?eK73h`D~=RGJJuFX`79l*W=WSxPZjgQJzP8>DHMFY@{
z>!)JRzJzo+c6R4`;M|u+M^c9?OhXvMmguH9Hh?xfGrL~s|83(6++!avuBqxV0T%o=
z&sq7>n7LeJj6=CuU-z|<t)PxfY1DUM$w?65x9C$A8t;e*>xm%&9qV)7XmQO{5*|*Q
zNH{vla`Gz?@{!?ZYqNV%7Y$GZ43jo}vB9z~d$NEPdW97VE{LBOcPCI5hiz{ik2rC0
zU2$XO5kVE$yF(zW-n^Nl<0A7a>Ub`)C$oCT>*{^412SJL+#s4d2mx_7dfgGeUSGKI
zY~9VAAJ5?DLgoNK8GGwO2bD~2W+Wb8rkFUow>0WFKw=l=m8X(Nj%m4mw?fy%p_6cv
zyMsNO@$bM=7`>3q1(QZ753Te9YrCt~tgl{mw$9>42h=$SkL6h*H_>IBY?>eWUCcl1
zxP#DNczP1V4Cc+miYYs9-8~pCq#OV<`7FA0>)^3<OGG5^2s7HhH0*Z+_?qTBus|zg
z<DRn4gDaFEcOh6rEg{xV&6rsfP=wA;4k9}00kHu$-sEz!jh_T*>^EcBEa<)7`?tZ$
zK`1Q}jVKL@SPuD=S7Gj)Kt-z!k}Wt40T-s7spqV!V;J#3YJ)Q!AVrU>GJt-RZsrEh
zVZ0&mv2OF;8*mnEo(7y2V)eKF1%w!70r0--73VU$DXVp*_Xsbp6WCZ&LP_fiyG#>O
z1hHiQsgDY%zXnj5g6=9s?TX_gqZ<5pEtpD8Fl5v}wF)z0g<NV1r28m)R^=m&r#9^O
z=#?Ec=HcGKC9?^R=|D4S;$dcL+$_qBP3c=FPXBV`sWNmBV#49>mSP5-Hy-{TNlt`z
zi(ZjJ5ohI7r9^XkAtoGc=$o3VyiiOG`}uMO$%c`n2ioiF_9|gYCJRh(|Lq)iC?Dlr
zi^{f!>R5}%^=7Ie0VMY>v}+V7ZpOf}`G6byrNgLnEFfl)6C1(9q(S5ynwiJxE5apn
z=~~p_3#flVrSOy2g`xyASU1ic5D&fR8`WN3=y2lsm?on7FR2RihwTor%&C~+emM|<
zNd2L3K>z8<Orv(SjLxx3#sm&toQ-M2*g=L*#+d*orBWU?XMPW@9Vc|Mex!+5O5@Ku
z2p!<Xi9xC!SY0LUv5o1j4t}}q6=x>pLa3#^P`MS-1TzA4TX&bN{m%6KE*NtO1+wt*
z3<24kKrw=9hQn-qn2LwKlscnpovY<g_!vx^U+V?U==Q@>K6{sEKD4*4P}Ri<uNNa(
z#@@p}erY@fSOW~KcT1OG@$UodGG`|=6d2Fe_53jz?rO`F%JHKIUewLm4+@t?>Av1N
zo)v!vEte%W$iXFZcNvObF;!hRwlSyC!23IjIQgF%@T9??Y<5Jk+MbQxM*TVz{yrDU
z83(T$({3PTOt_C0-acEWw0vr~0~QweLynSzG0ty1eeLXOMU~@eAoL$@(=()>kP}Pc
z!s~2z-F`yKxG_cn*=f10`t-<2jUTzPe?CrYK>YBLLGeuw2&o`T6lMcjKX);z+4>wm
z{w_2QT>#G+@cU~H;%jxWeSlrG=YQIraZXrV47p2K{l45vS?B`>7L_gf%>?R&sa2tw
z_sEHskbCXfVbVx_dmJC~1X=)EpAN<hx3p=$lWoS5K|i8_O0fPEol=I7S8%-UTl5wn
z@Xu0a3r*$b#b)4lw`$&Qg^xlqPM;P@f*>KI$HIXJ%rLr2Go$#uE^_*|xW!vn21<t9
z^798~KDUk+1EV-qbN>ie4hN*OTPwo_nz35|Bm`7HChV8k^Bg352$W65F6B*B>k2^_
zY#cG=`R-d9kogX<)VsweYDZD-`HR!iYi@s^u0Ti|#fqQ=;XcBS4uTR$rZJ&<Pw<Ed
z!j)s@5Qz_R-qMV<g0buY5eP^R8F?2S3<g#h1d=YSx%qBmvJVHxQFiX8>bCJ2a2XcA
zzf*Ro>+q(6Lu|o&4WM{M)nAfHgOj@xz)t~mm6@yzwwHmWXq!?0#Ad3~i;ngAt#F$J
zxQ&_w>cEnr4(9x?%2y(Taj?;GfQXkOtC!2WKS?oZ(X%M_c=rql>W<r>*-JiqVk?&n
z0?v~-7~F=l7mDVFgzmEv>X^x0m+}jl#xRr<DIC~=X8Z%XdbgPn>x(wb3^&Y7-!)MS
z=m%gUnG*tBIb5!Ew@u=4`lOL<%xD3)iOMHg0($HP6ejzrDu3%QI0!|{K$`x+;hJta
z*_WK=afV$vaI~>RcBJ($yKb@&$Cp;8lkpi<7-1_m?+0vD!<i|!qxNs7aLTth==-sl
zMC&r6@Ex^sgbEB)Gm#eKdd^HmOtS|Yu0Tr_FF|Nvp}nqT`ILU5*;QH>tW66z677MA
zHLZC|bf+xo*-8@t`+_y9MVmS5An@<A#>TKF2X|hz;A1;SnfJxx%JVCIvd&(<j&skD
z&fPIy{HQ08rN4wm6ZblD2HM%`X+Vbu-H?&L69;ZTTDLMWBtzt8RFz|zB{FHLf4D`G
z;!(M`?H9ilP80z8-KwnRc(lw-X{PsK-95c~fP3vuC=4w`IvZ{C2+yHKOkstOxVjHD
zSzNZWo+`!VyggEX45E`5(Lxa%%Ke3OSoc+M!my$oA^^*eA7~z-$&RfM%l;6Z9Lmls
zAWt+IQ9a^bg%Eg_WxT^A2}56*T_EYFAe5wwcW_(q7=@tVE~6fF;ExceW1%?@mzS<d
zPuE;KrG5!;IQ>PHW1(yf5X@{yp90ozES^_6-7Y7|G|~Zc%XDh&d${njGN8q_Z5Xk^
z*@6~v!qBhn(9kt;RF^RrdmRlWe58UcVu9>Zp-{~1ZQ}!cjlcL5D+8+oYHvV8r!$>H
zA3n65y$aPAUCh;QD66Tw8szz;gp@Wr;o&T@y9d&qLld8O*!MJ(PX7|lJtfFA$}_7e
z)icoy3Ou7Gn<!6kx7es2ns~*gqT{QFURHCysc_VmEkr;#&8E~CD5$Fmi}{mex<xZQ
z9}zB#5kB1>ZU0v=d@*^rqI11~P$dT`k!lnL+CHl<vB@gC#ievma6tu0Xx7*6q;8%x
zKq32@9MP8?5%9h5jTuahALM62bbY0lo1Nhe8P!C#LLYW<DLr`}%5YVVNtYau|4Mc(
z^B&FA&CrMfopg5S#})OQE$@*uaKofQx!MKO`B*|<5aJ3v+D!2V(IHb?V<r7-gOicV
zIRs8)EU6z#jdZv;<fanJ?cFO*-&aVQ|92D37q<7{ppkmy`f~@*6Vl*%y@|>TirqUi
z{+wLuTlS#@y;AtwaEcM8ej*QH2SyA>c6X6{7VH^kXnzh-_cA9Q&oqQ#_@Gr#Z}uXd
z*h;N<vJiv|h<RswzlzAzL$i8LPX9|aXT=EYUe5W8;{vRRMDRTB(9(PJO1F9K?Pprq
zH|om!H`$<fIU%viQx`NOoM2gB<v|B-uWX~k6}u<a8qYb?_=aPyul2q|CrRs_uQLdH
z^lxNesfRUju`izzgoJ?guNF%!Yma80(U`n$zaQ157mNu(ZL{Asn&Vo1!S9Pha5`Ct
z^DY|U{IGgp<vC}S)AI&4<@lK%vX$WLR4lXqz|-o*2fh(ctcHSX9rOLaJz<Zw4FjVc
zV_()%SL&5DlscJe7WUbAN(AK0*um#{{)TSi|LyCo-@E@-o?|G-x2_t4rHgcqTv%}Q
zF9-B{Xp3~!PY9?eqb0Drh9S$(@7txms#|NtcG|NH0oL;Wy3eXGgvU^QA*7e|K1p1U
zS?X-!_aPE(G}qrAE7iYk>r&T~?ThcxKNZ($BN=?Q&PpUwU-$@=sRTNC@JFoBoxuwQ
zw_Q6tOrQSPHoxRnT;^6^@zIoBKax6R4FPvhnu^$9S~8OcwL1t+*>zHPQHXpU6nixJ
ze6~7Vtv?6--mEaDQ*l?u+5lFCzRI>Yo%vOw;GXM&c^q_vA1sAL@M#5x01+2K<A6#s
zH2HmA863{$QO%A{Zt#0v#LRlr=I*8Z`@`2GS98<r5>>f1|7a~O*R#l^638LM2RVcl
zpnczUQt@4vo~{1Vz$jwHsP~HI*UwJDcN)I3uHFAPd1+Kt2D-^zZ@y{RdCLUK7AGi!
zT_868Y_p-OY8vr*XI}`Y?3%Z3bDfP$XqTz=Mo}uef&Iot_Z@sb@x`9~8rBnyhHgJq
zmmcVnnu$(qnQ?o?mE)m+;G)u?=6~cuTBzToVs&58WRO-LG5cyUk(Lgo>p@%h;ImfO
zCqFDZshU0fMl3(i`r?YpYE3aTH>4rcIe^)MZq_~`%$lEV4?$b3`Lp}&!=B*lr(U+5
zh3lDF`VYl3KUE~TB(J2RipLYR_*su=_HD~pL7XAXn_x*QVKOW@yE~J{qHn+VK&ch4
z-fx5NafkOFOxEI)OH;)kr49b=(iZ8u7gRv3R2$?>Yw$*V*$+qi96IlFB=oA>P+G~<
zlX8J4<>SV9{r)cvS!Eh0YlsT(#-^6h$?6i1E^B5@XfeFRH3bO?Iq)(G#U9Pbyhh(>
z5F+($`^`+AGYLIse~_CUVoGu0+QBU4V&aWCR_c_T^a0{W&9-V*fs<3ktz!KZm8Pcs
z><x{Bw@qG#%H~X!$6L)|E+EXpx~dG<ZVY$MZkSYVn>Nf>C@D%!?_W$e<FmMa-<y`E
z$?+sngqzf;30qYWUIEyHhF-#}_o?612S`h#yIx}^7o#>RB9S8rXyk5mzof5Q+RW_X
zCm4I*Yw)&97HwTGq*NJo_;<!3mj<8h9Miytg%6}~&?@cFYvyY!ZPS9vzr(YfM2SCi
zI;XaF3GLa)L2978?yl)=%HEXWI)}`{rJ32)%}%Mzm1H|dUezgHg}H_g+I$a}k8w<E
z!QIf%8d?IWLkj6uZdU4&(>PwxYwIS9Ben3RPvTHbj{MKmA;l0Er?*l)%cYkuo1+}0
z@!z$}A5>T&6<c9Js%{qtQF&}3a8jJ38*Q}cg{frdTRRn}{nr28*7m~Fsnd}C5)vH3
zFKC~W1%IeN6e}mtDWsq`9bV@rp3c)bYE;woKYP`4<B(hD?J)2H8zI6YwOg%Hc_FO4
z$K%MED^cC<q2GH7qVQ|+Uqj=!{A8wy<Pfip$s)KZ)0LGS>{s57`v%dm7L)U4JkyfG
zUSfn^@WEfM=*?-a1kH4}8O?=+9eF=?3=YY>k)|N73e@h!%#W1cP66I7V*Z-H8@?`C
zZ|Kf{(iFpOgTJ|}xlIg||C5>&SdCwhN~o*f`EHMHQqT!fW1|X&Qzifw@<_tJXD8oo
z)K_Yp^wjcM#s-&~)1EOmpFp^w2qzr2=3QeU#Jauz!cb-ZC(r468xpnby5Tb{FAk_Q
zq4&shd<;`RJv<q+G4A*DN15pAZ<<8N^t6<`?&CR=`aJxLN>@e_QUi|nZo3V>xFCwj
z8X*3~A0QUN8RL#Wb0C6G<<s&C<Ke%R{7_w1PTYqAW^PH}CR8u5ikzk899AlLBL5Y<
z=CjSG%YL(%o_;wrjisWRwlq__&g)WME3~W!fiC0|^YC)s+vL88IOWWsjbop~3qCQd
z=Vkk{IZjcTvqee;>AeuT(H#HHjh%8!4Asw#$ohY8c>e$Jf~&~$eP^jGlsvk?CIb<0
Sgg1VXQzy)immYP#^M3$sTufvD


From 2b2da1679e7f05a61c268db208c5e1fbacb70a78 Mon Sep 17 00:00:00 2001
From: Christoph Lechleitner <christoph.lechleitner@iteg.at>
Date: Wed, 6 Aug 2025 16:02:25 +0200
Subject: [PATCH 616/755] [DB][Web] optimize qhandler by keeping SHA2 in new
 column qhash (#6556)

* [DB][Web] optimize qhandler by keeping SHA2(id+qid) in new column quarantine.qhash, for feature #6555, might also help with #6361

* rspamd: only add qhash to new entries while passing rspamd not all existing

* compose: bump dovecot image + push to registry

---------

Co-authored-by: DerLinkman <niklas.meyer@servercow.de>
---
 data/Dockerfiles/dovecot/quarantine_notify.py |  2 +-
 data/conf/rspamd/meta_exporter/pipe.php       |  3 +++
 data/web/inc/functions.quarantine.inc.php     |  6 +++---
 data/web/inc/init_db.inc.php                  | 10 +++++++++-
 4 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/data/Dockerfiles/dovecot/quarantine_notify.py b/data/Dockerfiles/dovecot/quarantine_notify.py
index 824d4092f..a681c1fda 100755
--- a/data/Dockerfiles/dovecot/quarantine_notify.py
+++ b/data/Dockerfiles/dovecot/quarantine_notify.py
@@ -76,7 +76,7 @@ try:
 
   def notify_rcpt(rcpt, msg_count, quarantine_acl, category):
     if category == "add_header": category = "add header"
-    meta_query = query_mysql('SELECT SHA2(CONCAT(id, qid), 256) AS qhash, id, subject, score, sender, created, action FROM quarantine WHERE notified = 0 AND rcpt = "%s" AND score < %f AND (action = "%s" OR "all" = "%s")' % (rcpt, max_score, category, category))
+    meta_query = query_mysql('SELECT `qhash`, id, subject, score, sender, created, action FROM quarantine WHERE notified = 0 AND rcpt = "%s" AND score < %f AND (action = "%s" OR "all" = "%s")' % (rcpt, max_score, category, category))
     print("%s: %d of %d messages qualify for notification" % (rcpt, len(meta_query), msg_count))
     if len(meta_query) == 0:
       return
diff --git a/data/conf/rspamd/meta_exporter/pipe.php b/data/conf/rspamd/meta_exporter/pipe.php
index 4d8e2a132..bd5d875bd 100644
--- a/data/conf/rspamd/meta_exporter/pipe.php
+++ b/data/conf/rspamd/meta_exporter/pipe.php
@@ -236,6 +236,9 @@ foreach ($rcpt_final_mailboxes as $rcpt_final) {
       ':action' => $action,
       ':fuzzy_hashes' => $fuzzy
     ));
+    $lastId = $pdo->lastInsertId();
+    $stmt_update = $pdo->prepare("UPDATE `quarantine` SET `qhash` = SHA2(CONCAT(`id`, `qid`), 256) WHERE `id` = :id");
+    $stmt_update->execute(array(':id' => $lastId));
     $stmt = $pdo->prepare('DELETE FROM `quarantine` WHERE `rcpt` = :rcpt AND `id` NOT IN (
       SELECT `id`
       FROM (
diff --git a/data/web/inc/functions.quarantine.inc.php b/data/web/inc/functions.quarantine.inc.php
index 39606f271..5df86ef33 100644
--- a/data/web/inc/functions.quarantine.inc.php
+++ b/data/web/inc/functions.quarantine.inc.php
@@ -22,7 +22,7 @@ function quarantine($_action, $_data = null) {
         return false;
       }
       $stmt = $pdo->prepare('SELECT `id` FROM `quarantine` LEFT OUTER JOIN `user_acl` ON `user_acl`.`username` = `rcpt`
-        WHERE SHA2(CONCAT(`id`, `qid`), 256) = :hash
+        WHERE `qhash` = :hash
           AND user_acl.quarantine = 1
           AND rcpt IN (SELECT username FROM mailbox)');
       $stmt->execute(array(':hash' => $hash));
@@ -65,7 +65,7 @@ function quarantine($_action, $_data = null) {
         return false;
       }
       $stmt = $pdo->prepare('SELECT `id` FROM `quarantine` LEFT OUTER JOIN `user_acl` ON `user_acl`.`username` = `rcpt`
-        WHERE SHA2(CONCAT(`id`, `qid`), 256) = :hash
+        WHERE `qhash` = :hash
           AND `user_acl`.`quarantine` = 1
           AND `username` IN (SELECT `username` FROM `mailbox`)');
       $stmt->execute(array(':hash' => $hash));
@@ -833,7 +833,7 @@ function quarantine($_action, $_data = null) {
         )));
         return false;
       }
-      $stmt = $pdo->prepare('SELECT * FROM `quarantine` WHERE SHA2(CONCAT(`id`, `qid`), 256) = :hash');
+      $stmt = $pdo->prepare('SELECT * FROM `quarantine` WHERE `qhash` = :hash');
       $stmt->execute(array(':hash' => $hash));
       return $stmt->fetch(PDO::FETCH_ASSOC);
     break;
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 767a0024e..422c3f1aa 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -4,7 +4,7 @@ function init_db_schema()
   try {
     global $pdo;
 
-    $db_version = "27012025_1555";
+    $db_version = "21052025_2215";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -345,10 +345,14 @@ function init_db_schema()
           "notified" => "TINYINT(1) NOT NULL DEFAULT '0'",
           "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
           "user" => "VARCHAR(255) NOT NULL DEFAULT 'unknown'",
+          "qhash" => "VARCHAR(255)",
         ),
         "keys" => array(
           "primary" => array(
             "" => array("id")
+          ),
+          "key" => array(
+            "qhash" => array("qhash")
           )
         ),
         "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
@@ -1482,6 +1486,10 @@ function init_db_schema()
         'msg' => 'db_init_complete'
       );
     }
+
+    // fill quarantine.qhash
+    $pdo->query("UPDATE `quarantine` SET `qhash` = SHA2(CONCAT(`id`, `qid`), 256) WHERE ISNULL(`qhash`)");
+
   } catch (PDOException $e) {
     if (php_sapi_name() == "cli") {
       echo "DB initialization failed: " . print_r($e, true) . PHP_EOL;

From 2b93b59cdd006b973b52cdace418b139b72d6940 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 6 Aug 2025 16:11:23 +0200
Subject: [PATCH 617/755] db: change qhash varchar to 64 instead of 255

---
 data/web/inc/init_db.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 422c3f1aa..6a9d042a9 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -4,7 +4,7 @@ function init_db_schema()
   try {
     global $pdo;
 
-    $db_version = "21052025_2215";
+    $db_version = "06082025_1611";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -345,7 +345,7 @@ function init_db_schema()
           "notified" => "TINYINT(1) NOT NULL DEFAULT '0'",
           "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
           "user" => "VARCHAR(255) NOT NULL DEFAULT 'unknown'",
-          "qhash" => "VARCHAR(255)",
+          "qhash" => "VARCHAR(64)",
         ),
         "keys" => array(
           "primary" => array(

From af871fdacbff1464668f8e45982e98bfe7ece112 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 13 Aug 2025 18:47:28 +0200
Subject: [PATCH 618/755] chore(deps): update devops-infra/action-pull-request
 action to v0.6.1 (#6676)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/pr_to_nightly.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr_to_nightly.yml b/.github/workflows/pr_to_nightly.yml
index 0cf59eeac..51df14f6e 100644
--- a/.github/workflows/pr_to_nightly.yml
+++ b/.github/workflows/pr_to_nightly.yml
@@ -12,7 +12,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Run the Action
-        uses: devops-infra/action-pull-request@v0.6.0
+        uses: devops-infra/action-pull-request@v0.6.1
         with:
           github_token: ${{ secrets.PRTONIGHTLY_ACTION_PAT }}
           title: Automatic PR to nightly from ${{ github.event.repository.updated_at}}

From 53c35493a5c673968db35e8eb47463f673cfe3c0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Paul=20S=C3=BCtterlin?= <paul@paulsuetterlin.de>
Date: Thu, 21 Aug 2025 18:36:01 +0000
Subject: [PATCH 619/755] fix: imapsync gets correct timeouts

Previously imapsync only attached the timeout1 / timeout2 arguments if the argument was negative (which is not even possible). Now the argument is added for every positive number.

Fixes #6590
---
 data/Dockerfiles/dovecot/imapsync_runner.pl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/dovecot/imapsync_runner.pl b/data/Dockerfiles/dovecot/imapsync_runner.pl
index 9eaf5f431..1030603ce 100644
--- a/data/Dockerfiles/dovecot/imapsync_runner.pl
+++ b/data/Dockerfiles/dovecot/imapsync_runner.pl
@@ -132,8 +132,8 @@ while ($row = $sth->fetchrow_arrayref()) {
   "--tmpdir", "/tmp",
   "--nofoldersizes",
   "--addheader",
-  ($timeout1 gt "0" ? () : ('--timeout1', $timeout1)),
-  ($timeout2 gt "0" ? () : ('--timeout2', $timeout2)),
+  ($timeout1 le "0" ? () : ('--timeout1', $timeout1)),
+  ($timeout2 le "0" ? () : ('--timeout2', $timeout2)),
   ($exclude eq "" ? () : ("--exclude", $exclude)),
   ($subfolder2 eq "" ? () : ('--subfolder2', $subfolder2)),
   ($maxage eq "0" ? () : ('--maxage', $maxage)),

From c39712af671cc150595e6aadc7c31868eef14408 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Tue, 26 Aug 2025 09:57:05 +0200
Subject: [PATCH 620/755] pf/php: add mta-sts support (outbound) (#6686)

* added mta-sts-resolver into postfix config + daemon

* [Web] Add MTA-STS support

* [Web] Fix mta-sts server_name

* updated .gitignore

* [ACME] fetch cert for mta-sts subdomain

* [Web] change MTA-STS id to human-readable timestamp

* [Web] Remove MTA-STS version STSv2

* [Web] Fix MTA-STS DNS check

* [Web] add max_age limit for MTA-STS policy

* Added tooltips and info texts to mta-sts webui page

* postfix: replace mta-sts-resolver with postfix-tlspol

---------

Co-authored-by: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
---
 .gitignore                                    |   1 +
 data/Dockerfiles/acme/acme.sh                 |   2 +-
 data/Dockerfiles/postfix/Dockerfile           |  15 +-
 data/Dockerfiles/postfix/postfix.sh           |  24 +-
 data/Dockerfiles/postfix/supervisord.conf     |   9 +
 data/conf/nginx/templates/nginx.conf.j2       |  12 +-
 .../nginx/templates/sites-default.conf.j2     |   8 +
 data/conf/postfix/main.cf                     |   2 +-
 data/web/edit.php                             |   7 +
 data/web/inc/ajax/dns_diagnostics.php         |  46 +++-
 data/web/inc/functions.mailbox.inc.php        | 211 ++++++++++++++++++
 data/web/inc/init_db.inc.php                  |  19 +-
 data/web/json_api.php                         |   6 +
 data/web/lang/lang.de-de.json                 |  19 +-
 data/web/lang/lang.en-gb.json                 |  15 ++
 data/web/mta-sts.php                          |  30 +++
 data/web/templates/edit/domain.twig           |  77 +++++++
 docker-compose.yml                            |   4 +-
 18 files changed, 488 insertions(+), 19 deletions(-)
 create mode 100644 data/web/mta-sts.php

diff --git a/.gitignore b/.gitignore
index c225dc090..8d0fe16fd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -75,3 +75,4 @@ refresh_images.sh
 update_diffs/
 create_cold_standby.sh
 !data/conf/nginx/mailcow_auth.conf
+data/conf/postfix/mta-sts-resolver
\ No newline at end of file
diff --git a/data/Dockerfiles/acme/acme.sh b/data/Dockerfiles/acme/acme.sh
index 15b757ff9..69b18bc1f 100755
--- a/data/Dockerfiles/acme/acme.sh
+++ b/data/Dockerfiles/acme/acme.sh
@@ -206,7 +206,7 @@ while true; do
 
   if [[ ${AUTODISCOVER_SAN} == "y" ]]; then
   # Fetch certs for autoconfig and autodiscover subdomains
-  ADDITIONAL_WC_ARR+=('autodiscover' 'autoconfig')
+  ADDITIONAL_WC_ARR+=('autodiscover' 'autoconfig' 'mta-sts')
   fi
 
   if [[ ${SKIP_IP_CHECK} != "y" ]]; then
diff --git a/data/Dockerfiles/postfix/Dockerfile b/data/Dockerfiles/postfix/Dockerfile
index 5449360b3..d1a32917d 100644
--- a/data/Dockerfiles/postfix/Dockerfile
+++ b/data/Dockerfiles/postfix/Dockerfile
@@ -1,9 +1,19 @@
+FROM golang:1.25-bookworm AS builder
+WORKDIR /src
+
+ENV CGO_ENABLED=0 \
+    GO111MODULE=on
+
+RUN git clone https://github.com/Zuplu/postfix-tlspol.git && \
+	cd postfix-tlspol && \
+	scripts/build.sh build-only
+
 FROM debian:bookworm-slim
 
-LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
+LABEL maintainer="The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ENV LC_ALL C
+ENV LC_ALL=C
 
 RUN dpkg-divert --local --rename --add /sbin/initctl \
 	&& ln -sf /bin/true /sbin/initctl \
@@ -48,6 +58,7 @@ COPY rspamd-pipe-spam /usr/local/bin/rspamd-pipe-spam
 COPY whitelist_forwardinghosts.sh /usr/local/bin/whitelist_forwardinghosts.sh
 COPY stop-supervisor.sh /usr/local/sbin/stop-supervisor.sh
 COPY docker-entrypoint.sh /docker-entrypoint.sh
+COPY --from=builder /src/postfix-tlspol/build/postfix-tlspol /usr/local/bin/postfix-tlspol
 
 RUN chmod +x /opt/postfix.sh \
   /usr/local/bin/rspamd-pipe-ham \
diff --git a/data/Dockerfiles/postfix/postfix.sh b/data/Dockerfiles/postfix/postfix.sh
index e5dbf88fc..fcb6c26a2 100755
--- a/data/Dockerfiles/postfix/postfix.sh
+++ b/data/Dockerfiles/postfix/postfix.sh
@@ -3,6 +3,8 @@
 trap "postfix stop" EXIT
 
 [[ ! -d /opt/postfix/conf/sql/ ]] && mkdir -p /opt/postfix/conf/sql/
+[[ ! -d /etc/postfix-tlspol ]] && mkdir -p /etc/postfix-tlspol
+[[ ! -d /var/lib/postfix-tlspol ]] && mkdir -p /var/lib/postfix-tlspol
 
 # Wait for MySQL to warm-up
 while ! mariadb-admin status --ssl=false --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
@@ -503,6 +505,26 @@ if [[ ! -f /opt/postfix/conf/custom_postscreen_whitelist.cidr ]]; then
 EOF
 fi
 
+cat <<EOF > /opt/postfix/conf/postfix-tlspol/config.yaml
+server:
+  address: 127.0.0.1:8642
+
+  log-level: info
+
+  prefetch: true
+
+  cache-file: /var/lib/postfix-tlspol/cache.db
+
+dns:
+  # must support DNSSEC
+  address: 127.0.0.11:53
+EOF
+
+# Fixing local command execution of postfix-tlspol with symlink to config
+if [ ! -L /etc/postfix-tlspol/config.yaml ]; then
+  ln -s /opt/postfix/conf/postfix-tlspol/config.yaml /etc/postfix-tlspol/config.yaml
+fi
+
 # Fix Postfix permissions
 chown -R root:postfix /opt/postfix/conf/sql/ /opt/postfix/conf/custom_transport.pcre
 chmod 640 /opt/postfix/conf/sql/*.cf /opt/postfix/conf/custom_transport.pcre
@@ -524,4 +546,4 @@ if [[ $? != 0 ]]; then
 else
   postfix -c /opt/postfix/conf start
   sleep 126144000
-fi
+fi
\ No newline at end of file
diff --git a/data/Dockerfiles/postfix/supervisord.conf b/data/Dockerfiles/postfix/supervisord.conf
index ba70f8edf..26fec862c 100644
--- a/data/Dockerfiles/postfix/supervisord.conf
+++ b/data/Dockerfiles/postfix/supervisord.conf
@@ -11,6 +11,15 @@ stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 autostart=true
 
+[program:postfix-tlspol]
+startsecs=10
+autorestart=true
+command=/usr/local/bin/postfix-tlspol -config /opt/postfix/conf/postfix-tlspol/config.yaml
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
 [program:postfix]
 command=/opt/postfix.sh
 stdout_logfile=/dev/stdout
diff --git a/data/conf/nginx/templates/nginx.conf.j2 b/data/conf/nginx/templates/nginx.conf.j2
index ff5f8f184..d71d63e56 100644
--- a/data/conf/nginx/templates/nginx.conf.j2
+++ b/data/conf/nginx/templates/nginx.conf.j2
@@ -48,13 +48,21 @@ http {
         listen {{ HTTP_PORT }} default_server;
         listen [::]:{{ HTTP_PORT }} default_server;
 
-        server_name {{ MAILCOW_HOSTNAME }} autodiscover.* autoconfig.* {{ ADDITIONAL_SERVER_NAMES | join(' ') }};
+        server_name {{ MAILCOW_HOSTNAME }} autodiscover.* autoconfig.* mta-sts.* {{ ADDITIONAL_SERVER_NAMES | join(' ') }};
 
         if ( $request_uri ~* "%0A|%0D" ) { return 403; }
         location ^~ /.well-known/acme-challenge/ {
             allow all;
             default_type "text/plain";
         }
+        location ^~ /.well-known/mta-sts.txt {
+            allow all;
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            fastcgi_pass {{ PHPFPMHOST }}:9002;
+            include /etc/nginx/fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $document_root/mta-sts.php;
+            fastcgi_param PATH_INFO $fastcgi_path_info;
+        }
         location / {
             return 301 https://$host$uri$is_args$args;
         }
@@ -82,7 +90,7 @@ http {
         ssl_certificate /etc/ssl/mail/cert.pem;
         ssl_certificate_key /etc/ssl/mail/key.pem;
 
-        server_name {{ MAILCOW_HOSTNAME }} autodiscover.* autoconfig.*;
+        server_name {{ MAILCOW_HOSTNAME }} autodiscover.* autoconfig.* mta-sts.*;
 
         include /etc/nginx/includes/sites-default.conf;
     }
diff --git a/data/conf/nginx/templates/sites-default.conf.j2 b/data/conf/nginx/templates/sites-default.conf.j2
index 574bdb052..23fe7b788 100644
--- a/data/conf/nginx/templates/sites-default.conf.j2
+++ b/data/conf/nginx/templates/sites-default.conf.j2
@@ -76,6 +76,14 @@ location ^~ /.well-known/acme-challenge/ {
     allow all;
     default_type "text/plain";
 }
+location ^~ /.well-known/mta-sts.txt {
+    allow all;
+    fastcgi_split_path_info ^(.+\.php)(/.+)$;
+    fastcgi_pass {{ PHPFPMHOST }}:9002;
+    include /etc/nginx/fastcgi_params;
+    fastcgi_param SCRIPT_FILENAME $document_root/mta-sts.php;
+    fastcgi_param PATH_INFO $fastcgi_path_info;
+}
 
 rewrite ^/.well-known/caldav$ /SOGo/dav/ permanent;
 rewrite ^/.well-known/carddav$ /SOGo/dav/ permanent;
diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index 07065f045..e4354c40c 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -152,7 +152,7 @@ smtp_sasl_auth_enable = yes
 smtp_sasl_password_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps_sender_dependent.cf
 smtp_sasl_security_options =
 smtp_sasl_mechanism_filter = plain, login
-smtp_tls_policy_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_tls_policy_override_maps.cf
+smtp_tls_policy_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_tls_policy_override_maps.cf socketmap:inet:127.0.0.1:8642:QUERY
 smtp_header_checks = pcre:/opt/postfix/conf/anonymize_headers.pcre
 mail_name = Postcow
 # local_transport map catches local destinations and prevents routing local dests when the next map would route "*"
diff --git a/data/web/edit.php b/data/web/edit.php
index 7ce4d0c6a..57cf24bd2 100644
--- a/data/web/edit.php
+++ b/data/web/edit.php
@@ -48,6 +48,12 @@ if (isset($_SESSION['mailcow_cc_role'])) {
           $rl = ratelimit('get', 'domain', $domain);
           $rlyhosts = relayhost('get');
           $domain_footer = mailbox('get', 'domain_wide_footer', $domain);
+          $mta_sts = mailbox('get', 'mta_sts', $domain);
+          if (count($mta_sts) == 0) {
+            $mta_sts = false;
+          } elseif (isset($mta_sts['mx'])) {
+            $mta_sts['mx'] = implode(',', $mta_sts['mx']);
+          }
           $template = 'edit/domain.twig';
           $template_data = [
             'acl' => $_SESSION['acl'],
@@ -58,6 +64,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
             'dkim' => dkim('details', $domain),
             'domain_details' => $result,
             'domain_footer' => $domain_footer,
+            'mta_sts' => $mta_sts,
             'mailboxes' => mailbox('get', 'mailboxes', $_GET["domain"]),
             'aliases' => mailbox('get', 'aliases', $_GET["domain"], 'address'),
             'alias_domains' => mailbox('get', 'alias_domains', $_GET["domain"])
diff --git a/data/web/inc/ajax/dns_diagnostics.php b/data/web/inc/ajax/dns_diagnostics.php
index 15cb3a30f..b48239e10 100644
--- a/data/web/inc/ajax/dns_diagnostics.php
+++ b/data/web/inc/ajax/dns_diagnostics.php
@@ -71,6 +71,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
   // Init records array
   $spf_link = '<a href="http://www.open-spf.org/SPF_Record_Syntax/" target="_blank">SPF Record Syntax</a><br />';
   $dmarc_link = '<a href="https://www.kitterman.com/dmarc/assistant.html" target="_blank">DMARC Assistant</a>';
+  $mtasts_report_link = '<a href="https://mxtoolbox.com/dmarc/smtp-tls/how-to-setup-smtp-tls-reports" target="_blank">TLS Report Record Syntax</a>';
 
   $records = array();
 
@@ -128,6 +129,27 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
     );
   }
 
+  $mta_sts = mailbox('get', 'mta_sts', $domain);
+  if (count($mta_sts) > 0 && $mta_sts['active'] == 1) {
+    if (!in_array($domain, $alias_domains)) {
+      $records[] = array(
+        'mta-sts.' . $domain,
+        'CNAME',
+        $mailcow_hostname
+      );
+    }
+    $records[] = array(
+        '_mta-sts.' . $domain,
+        'TXT',
+        "v={$mta_sts['version']};id={$mta_sts['id']};",
+    );
+    $records[] = array(
+        '_smtp._tls.' . $domain,
+        'TXT',
+        $mtasts_report_link,
+    );
+  }
+
   $records[] = array(
     $domain,
     'TXT',
@@ -341,15 +363,25 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
         }
 
         foreach ($currents as &$current) {
+          if ($current['type'] == "TXT" &&
+              stripos(strtolower($current['txt']), 'v=sts') === 0) {
+            if (strtolower($current[$data_field[$current['type']]]) == strtolower($record[2])) {
+              $state = state_good;
+            }
+            else {
+              $state = state_nomatch;
+            }
+            $state .= '<br />' . $current[$data_field[$current['type']]];
+          }
           if ($current['type'] == 'TXT' &&
-          stripos($current['txt'], 'v=dmarc') === 0 &&
-          $record[2] == $dmarc_link) {
+              stripos($current['txt'], 'v=dmarc') === 0 &&
+              $record[2] == $dmarc_link) {
             $current['txt'] = str_replace(' ', '', $current['txt']);
             $state = $current[$data_field[$current['type']]] . state_optional;
           }
           elseif ($current['type'] == 'TXT' &&
-          stripos($current['txt'], 'v=spf') === 0 &&
-          $record[2] == $spf_link) {
+                  stripos($current['txt'], 'v=spf') === 0 &&
+                  $record[2] == $spf_link) {
             $state = state_nomatch;
             $rslt = get_spf_allowed_hosts($record[0], true);
             if (in_array($ip, $rslt) && in_array(expand_ipv6($ip6), $rslt)) {
@@ -358,8 +390,8 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
             $state .= '<br />' . $current[$data_field[$current['type']]] . state_optional;
           }
           elseif ($current['type'] == 'TXT' &&
-          stripos($current['txt'], 'v=dkim') === 0 &&
-          stripos($record[2], 'v=dkim') === 0) {
+                  stripos($current['txt'], 'v=dkim') === 0 &&
+                  stripos($record[2], 'v=dkim') === 0) {
             preg_match('/v=DKIM1;.*k=rsa;.*p=([^;]*).*/i', $current[$data_field[$current['type']]], $dkim_matches_current);
             preg_match('/v=DKIM1;.*k=rsa;.*p=([^;]*).*/i', $record[2], $dkim_matches_good);
             if ($dkim_matches_current[1] == $dkim_matches_good[1]) {
@@ -367,7 +399,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
             }
           }
           elseif ($current['type'] != 'TXT' &&
-          isset($data_field[$current['type']]) && $state != state_good) {
+                  isset($data_field[$current['type']]) && $state != state_good) {
             $state = state_nomatch;
             if ($current[$data_field[$current['type']]] == $record[2]) {
               $state = state_good;
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 6ea4f5717..a74d182cf 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1400,6 +1400,80 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
           return mailbox('add', 'mailbox', $mailbox_attributes);
         break;
+        case 'mta_sts':
+          $domain       = idn_to_ascii(strtolower(trim($_data['domain'])), 0, INTL_IDNA_VARIANT_UTS46);
+          $version      = strtolower($_data['version']);
+          $mode         = strtolower($_data['mode']);
+          $mx           = explode(",", preg_replace('/\s+/', '', $_data['mx']));
+          $max_age      = intval($_data['max_age']);
+          $active       = (intval($_data['active']) == 1) ? 1 : 0;
+          $id           = date('YmdHis');
+
+          if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_type, $_data, $_attr),
+              'msg' => 'access_denied'
+            );
+            return false;
+          }
+          if (empty($version) || !in_array($version, array('stsv1'))) {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_type, $_data, $_attr),
+              'msg' => array('version_invalid', htmlspecialchars($domain))
+            );
+            return false;
+          }
+          if (empty($mode) || !in_array($mode, array('enforce', 'testing', 'none'))) {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_type, $_data, $_attr),
+              'msg' => array('mode_invalid', htmlspecialchars($domain))
+            );
+            return false;
+          }
+          if (empty($max_age) || $max_age < 0 || $max_age > 31536000) {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_type, $_data, $_attr),
+              'msg' => array('max_age_invalid', htmlspecialchars($domain))
+            );
+            return false;
+          }
+          foreach ($mx as $index => $mx_domain) {
+            $mx_domain = idn_to_ascii(strtolower(trim($mx_domain)), 0, INTL_IDNA_VARIANT_UTS46);
+            if (!is_valid_domain_name($mx_domain)) {
+              $_SESSION['return'][] = array(
+                'type' => 'danger',
+                'log' => array(__FUNCTION__, $_action, $_type, $_data, $_attr),
+                'msg' => array('mx_invalid', htmlspecialchars($mx_domain))
+              );
+              return false;
+            }
+          }
+
+          try {
+            $stmt = $pdo->prepare("INSERT INTO `mta_sts` (`id`, `domain`, `version`, `mode`, `mx`, `max_age`, `active`)
+              VALUES (:id, :domain, :version, :mode, :mx, :max_age, :active)");
+            $stmt->execute(array(
+              ':id' => $id,
+              ':domain' => $domain,
+              ':version' => $version,
+              ':mode' => $mode,
+              ':mx' => implode(",", $mx),
+              ':max_age' => $max_age,
+              ':active' => $active
+            ));
+          } catch (PDOException $e) {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_type, $_data),
+              'msg' => $e->getMessage()
+            );
+            return false;
+          }
+        break;
         case 'resource':
           $domain             = idn_to_ascii(strtolower(trim($_data['domain'])), 0, INTL_IDNA_VARIANT_UTS46);
           $description        = $_data['description'];
@@ -3741,6 +3815,125 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
           return true;
         break;
+        case 'mta_sts':
+          if (!is_array($_data['domains'])) {
+            $domains = array();
+            $domains[] = $_data['domains'];
+          }
+          else {
+            $domains = $_data['domains'];
+          }
+
+          foreach ($domains as $domain) {
+            $domain       = idn_to_ascii(strtolower(trim($domain)), 0, INTL_IDNA_VARIANT_UTS46);
+
+            if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+              $_SESSION['return'][] = array(
+                'type' => 'danger',
+                'log' => array(__FUNCTION__, $_action, $_type, $_data, $_attr),
+                'msg' => 'access_denied'
+              );
+              continue;
+            }
+
+            $is_now = mailbox('get', 'mta_sts', $domain);
+            if (!empty($is_now)) {
+              $version               = (isset($_data['version'])) ? strtolower($_data['version']) : $is_now['version'];
+              $active                = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
+              $active                = ($active == 1) ? 1 : 0;
+              $mode                  = (isset($_data['mode'])) ? strtolower($_data['mode']) : $is_now['mode'];
+              $mx                    = (isset($_data['mx'])) ? explode(",", preg_replace('/\s+/', '', $_data['mx'])) : $is_now['mx'];
+              $max_age               = (isset($_data['max_age'])) ? intval($_data['max_age']) : $is_now['max_age'];
+
+              // Update ID if neccesary
+              if ($version != strtolower($is_now['version']) ||
+                  $mode != strtolower($is_now['mode']) ||
+                  $mx != $is_now['mx'] ||
+                  $max_age != $is_now['max_age']) {
+                $id           = date('YmdHis');
+              } else {
+                $id           = $is_now['id'];
+              }
+
+            } else {
+              $_SESSION['return'][] = array(
+                'type' => 'danger',
+                'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+                'msg' => 'access_denied'
+              );
+              continue;
+            }
+
+            if (empty($version) || !in_array($version, array('stsv1'))) {
+              $_SESSION['return'][] = array(
+                'type' => 'danger',
+                'log' => array(__FUNCTION__, $_action, $_type, $_data, $_attr),
+                'msg' => array('version_invalid', htmlspecialchars($version))
+              );
+              continue;
+            }
+            if (empty($mode) || !in_array($mode, array('enforce', 'testing', 'none'))) {
+              $_SESSION['return'][] = array(
+                'type' => 'danger',
+                'log' => array(__FUNCTION__, $_action, $_type, $_data, $_attr),
+                'msg' => array('mode_invalid', htmlspecialchars($domain))
+              );
+              continue;
+            }
+            if (empty($max_age) || $max_age < 0 || $max_age > 31557600) {
+              $_SESSION['return'][] = array(
+                'type' => 'danger',
+                'log' => array(__FUNCTION__, $_action, $_type, $_data, $_attr),
+                'msg' => array('max_age_invalid', htmlspecialchars($domain))
+              );
+              continue;
+            }
+            foreach ($mx as $index => $mx_domain) {
+              $mx_domain = idn_to_ascii(strtolower(trim($mx_domain)), 0, INTL_IDNA_VARIANT_UTS46);
+              $invalid_mx = false;
+              if (!is_valid_domain_name($mx_domain)) {
+                $invalid_mx = $mx_domain;
+                break;
+              }
+            }
+            if ($invalid_mx) {
+              $_SESSION['return'][] = array(
+                'type' => 'danger',
+                'log' => array(__FUNCTION__, $_action, $_type, $_data, $_attr),
+                'msg' => array('mx_invalid', htmlspecialchars($invalid_mx))
+              );
+              continue;
+            }
+
+            try {
+              $stmt = $pdo->prepare("UPDATE `mta_sts` SET `id` = :id, `version` = :version, `mode` = :mode, `mx` = :mx, `max_age` = :max_age, `active` = :active WHERE `domain` = :domain");
+              $stmt->execute(array(
+                ':id' => $id,
+                ':domain' => $domain,
+                ':version' => $version,
+                ':mode' => $mode,
+                ':mx' => implode(",", $mx),
+                ':max_age' => $max_age,
+                ':active' => $active
+              ));
+            } catch (PDOException $e) {
+              $_SESSION['return'][] = array(
+                'type' => 'danger',
+                'log' => array(__FUNCTION__, $_action, $_type, $_data),
+                'msg' => $e->getMessage()
+              );
+              continue;
+            }
+
+            $_SESSION['return'][] = array(
+              'type' => 'success',
+              'log' => array(__FUNCTION__, $_action, $_type, $_data, $_attr),
+              'msg' => array('object_modified', $domain)
+            );
+          }
+
+          return true;
+        break;
         case 'resource':
           if (!is_array($_data['name'])) {
             $names = array();
@@ -5029,6 +5222,20 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             return $rows;
           }
         break;
+        case 'mta_sts':
+          $stmt = $pdo->prepare("SELECT * FROM `mta_sts` WHERE `domain` = :domain");
+          $stmt->execute(array(
+            ':domain' => $_data,
+          ));
+          $row = $stmt->fetch(PDO::FETCH_ASSOC);
+          if (empty($row)){
+            return [];
+          }
+          $row['mx'] = explode(',', $row['mx']);
+          $row['version'] = strtoupper(substr($row['version'], 0, 3)) . substr($row['version'], 3);
+
+          return $row;
+        break;
         case 'resource_details':
           $resourcedata = array();
           if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
@@ -5414,6 +5621,10 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             $stmt->execute(array(
               ':domain' => $domain,
             ));
+            $stmt = $pdo->prepare("DELETE FROM `mta_sts` WHERE `domain` = :domain");
+            $stmt->execute(array(
+              ':domain' => $domain,
+            ));
             $stmt = $pdo->query("DELETE FROM `admin` WHERE `superadmin` = 0 AND `username` NOT IN (SELECT `username`FROM `domain_admins`);");
             $stmt = $pdo->query("DELETE FROM `da_acl` WHERE `username` NOT IN (SELECT `username`FROM `domain_admins`);");
             try {
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 6a9d042a9..ecb87c380 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -4,7 +4,7 @@ function init_db_schema()
   try {
     global $pdo;
 
-    $db_version = "06082025_1611";
+    $db_version = "19082025_1436";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -475,6 +475,23 @@ function init_db_schema()
         ),
         "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
       ),
+      "mta_sts" => array(
+        "cols" => array(
+          "id" => "BIGINT NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "version" => "VARCHAR(255) NOT NULL",
+          "mode" => "VARCHAR(255) NOT NULL",
+          "mx" => "VARCHAR(255) NOT NULL",
+          "max_age" => "VARCHAR(255) NOT NULL",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
       "user_acl" => array(
         "cols" => array(
           "username" => "VARCHAR(255) NOT NULL",
diff --git a/data/web/json_api.php b/data/web/json_api.php
index a480b0ae0..4d7159ad2 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -324,6 +324,9 @@ if (isset($_GET['query'])) {
         case "app-passwd":
           process_add_return(app_passwd('add', $attr));
         break;
+        case "mta-sts":
+          process_add_return(mailbox('add', 'mta_sts', $attr));
+        break;
         // return no route found if no case is matched
         default:
           http_response_code(404);
@@ -2001,6 +2004,9 @@ if (isset($_GET['query'])) {
         case "reset-password-notification":
           process_edit_return(reset_password('edit_notification', $attr));
         break;
+        case "mta-sts":
+          process_edit_return(mailbox('edit', 'mta_sts', array_merge(array('domains' => $items), $attr)));
+        break;
         // return no route found if no case is matched
         default:
           http_response_code(404);
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 5887499b3..1d2edc1b4 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -482,10 +482,13 @@
         "mailboxes_in_use": "Maximale Anzahl an Mailboxen muss größer oder gleich %d sein",
         "malformed_username": "Benutzername hat ein falsches Format",
         "map_content_empty": "Inhalt darf nicht leer sein",
+        "max_age_invalid": "Maximales Alter %s ist ungültig",
         "max_alias_exceeded": "Anzahl an Alias-Adressen überschritten",
         "max_mailbox_exceeded": "Anzahl an Mailboxen überschritten (%d von %d)",
         "max_quota_in_use": "Mailbox-Speicherplatzlimit muss größer oder gleich %d MiB sein",
         "maxquota_empty": "Max. Speicherplatz pro Mailbox darf nicht 0 sein.",
+        "mode_invalid": "Modus %s ist ungültig",
+        "mx_invalid": "MX-Eintrag %s ist ungültig",
         "mysql_error": "MySQL-Fehler: %s",
         "network_host_invalid": "Netzwerk oder Host ungültig: %s",
         "next_hop_interferes": "%s verhindert das Hinzufügen von Next Hop %s",
@@ -545,6 +548,7 @@
         "username_invalid": "Benutzername %s kann nicht verwendet werden",
         "validity_missing": "Bitte geben Sie eine Gültigkeitsdauer an",
         "value_missing": "Bitte alle Felder ausfüllen",
+        "version_invalid": "Version %s ist ungültig",
         "yotp_verification_failed": "Yubico OTP-Verifizierung fehlgeschlagen: %s",
         "template_exists": "Vorlage %s existiert bereits",
         "template_id_invalid": "Vorlagen-ID %s ungültig",
@@ -703,6 +707,17 @@
         "maxbytespersecond": "Max. Übertragungsrate in Bytes/s (0 für unlimitiert)",
         "mbox_rl_info": "Dieses Limit wird auf den SASL Loginnamen angewendet und betrifft daher alle Absenderadressen, die der eingeloggte Benutzer verwendet. Bei Mailbox Ratelimit überwiegt ein Domain-weites Ratelimit.",
         "mins_interval": "Intervall (min)",
+        "mta_sts": "MTA-STS",
+        "mta_sts_info": "<a href='https://de.wikipedia.org/wiki/STARTTLS#MTA-STS' target='_blank'>MTA-STS</a> ist ein Standard, der den E-Mail-Versand zwischen Mailservern zwingt, TLS mit gültigen Zertifikaten zu verwenden. <br>Er wird verwendet, wenn <a target='_blank' href='https://de.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities'>DANE</a> aufgrund fehlender oder nicht unterstützter DNSSEC nicht möglich ist.<br><b>Hinweis</b>: Wenn die empfangende Domain DANE mit DNSSEC unterstützt, wird DANE <b>immer</b> bevorzugt – MTA-STS fungiert nur als Fallback.",
+        "mta_sts_version": "Version",
+        "mta_sts_version_info": "Definiert die Version des MTA-STS-Standards – derzeit ist nur <code>STSv1</code> gültig.",
+        "mta_sts_mode": "Modus",
+        "mta_sts_mode_info": "Es gibt drei Modi zur Auswahl:<ul><li><em>testing</em> – Die Richtlinie wird nur überwacht, Verstöße haben keine Auswirkungen.</li><li><em>enforce</em> – Die Richtlinie wird strikt durchgesetzt, Verbindungen ohne gültiges TLS werden abgelehnt.</li><li><em>none</em> – Die Richtlinie wird veröffentlicht, aber nicht angewendet.</li></ul>",
+        "mta_sts_max_age": "Maximales Alter",
+        "mta_sts_max_age_info": "Zeit in Sekunden, die empfangende Mailserver diese Richtlinie zwischenspeichern dürfen, bevor sie erneut abgerufen wird.",
+        "mta_sts_mx": "MX-Server",
+        "mta_sts_mx_info": "Erlaubt das Senden nur an explizit aufgeführte Mailserver-Hostnamen; der sendende MTA überprüft, ob der DNS-MX-Hostname mit der Richtlinienliste übereinstimmt, und erlaubt die Zustellung nur mit einem gültigen TLS-Zertifikat (schützt vor MITM).",
+        "mta_sts_mx_notice": "Es können mehrere MX-Server angegeben werden (durch Kommas getrennt).",
         "multiple_bookings": "Mehrfaches Buchen",
         "nexthop": "Next Hop",
         "none_inherit": "Keine Auswahl / Erben",
@@ -852,7 +867,7 @@
         "add_tls_policy_map": "TLS-Richtlinieneintrag hinzufügen",
         "address_rewriting": "Adressumschreibung",
         "alias": "Alias",
-        "alias_domain_alias_hint": "Alias-Adressen werden <b>nicht</b> automatisch auch auf Domain-Alias Adressen angewendet. Eine Alias-Adresse <code>mein-alias@domain</code> bildet demnach <b>nicht</b> die Adresse <code>mein-alias@alias-domain</code> ab.<br>E-Mail-Weiterleitungen an externe Postfächer sollten über Sieve (SOGo Weiterleitung oder im Reiter \"Filter\") angelegt werden. Der Button \"Alias über Alias-Domains expandieren\" erstellt fehlende Alias-Adressen in Alias-Domains.",
+        "alias_domain_alias_hint": "Alias-Adressen werden <b>nicht</b> automatisch auch auf Domain-Alias Adressen angewendet. Eine Alias-Adresse <code>mein-alias@domain</code> bildet demnach <b>nicht</b> die Adresse <code>mein-alias@alias-domain</code> ab.<br>E-Mail-Weiterleitungen an externe Postfächer sollten über Sieve (SOGo Weiterleitung oder im Reiter Filter) angelegt werden. Der Button Alias über Alias-Domains expandieren erstellt fehlende Alias-Adressen in Alias-Domains.",
         "alias_domain_backupmx": "Alias-Domain für Relay-Domain inaktiv",
         "aliases": "Aliasse",
         "allow_from_smtp": "Nur folgende IPs für <b>SMTP</b> erlauben",
@@ -1248,7 +1263,7 @@
         "delete_ays": "Soll der Löschvorgang wirklich ausgeführt werden?",
         "direct_aliases": "Direkte Alias-Adressen",
         "direct_aliases_desc": "Nur direkte Alias-Adressen werden für benutzerdefinierte Einstellungen berücksichtigt.",
-        "direct_protocol_access": "Der Hauptbenutzer hat <b>direkten, externen Zugriff</b> auf folgende Protokolle und Anwendungen. Diese Einstellung wird vom Administrator gesteuert. App-Passwörter können verwendet werden, um individuelle Zugänge für Protokolle und Anwendungen zu erstellen.<br>Der Button \"Webmail\" kann unabhängig der Einstellung immer verwendet werden.",
+        "direct_protocol_access": "Der Hauptbenutzer hat <b>direkten, externen Zugriff</b> auf folgende Protokolle und Anwendungen. Diese Einstellung wird vom Administrator gesteuert. App-Passwörter können verwendet werden, um individuelle Zugänge für Protokolle und Anwendungen zu erstellen.<br>Der Button Webmail kann unabhängig der Einstellung immer verwendet werden.",
         "eas_reset": "ActiveSync-Geräte-Cache zurücksetzen",
         "eas_reset_help": "In vielen Fällen kann ein ActiveSync-Profil durch das Zurücksetzen des Caches repariert werden.<br><b>Vorsicht:</b> Alle Elemente werden erneut heruntergeladen!",
         "eas_reset_now": "Jetzt zurücksetzen",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 727fd687c..78059c0b8 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -483,10 +483,13 @@
         "mailboxes_in_use": "Max. mailboxes must be greater or equal to %d",
         "malformed_username": "Malformed username",
         "map_content_empty": "Map content cannot be empty",
+        "max_age_invalid": "Max age %s is invalid",
         "max_alias_exceeded": "Max. aliases exceeded",
         "max_mailbox_exceeded": "Max. mailboxes exceeded (%d of %d)",
         "max_quota_in_use": "Mailbox quota must be greater or equal to %d MiB",
         "maxquota_empty": "Max. quota per mailbox must not be 0.",
+        "mode_invalid": "Mode %s is invalid",
+        "mx_invalid": "MX record %s is invalid",
         "mysql_error": "MySQL error: %s",
         "network_host_invalid": "Invalid network or host: %s",
         "next_hop_interferes": "%s interferes with nexthop %s",
@@ -550,6 +553,7 @@
         "username_invalid": "Username %s cannot be used",
         "validity_missing": "Please assign a period of validity",
         "value_missing": "Please provide all values",
+        "version_invalid": "Version %s is invalid",
         "yotp_verification_failed": "Yubico OTP verification failed: %s"
     },
     "datatables": {
@@ -704,6 +708,17 @@
         "maxbytespersecond": "Max. bytes per second <br><small>(0 = unlimited)</small>",
         "mbox_rl_info": "This rate limit is applied on the SASL login name, it matches any \"from\" address used by the logged-in user. A mailbox rate limit overrides a domain-wide rate limit.",
         "mins_interval": "Interval (min)",
+        "mta_sts": "MTA-STS",
+        "mta_sts_info": "<a href='https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#SMTP_MTA_Strict_Transport_Security' target='_blank'>MTA-STS</a> is a standard that enforces email delivery between mail servers to use TLS with valid certificates. <br>It is used when <a target='_blank' href='https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities'>DANE</a> is not possible due to missing or unsupported DNSSEC.<br><b>Note</b>: If the receiving domain supports DANE with DNSSEC, DANE is <b>always</b> preferred – MTA-STS only acts as a fallback.",
+        "mta_sts_version": "Version",
+        "mta_sts_version_info": "Defines the version of the MTA-STS standard – currently only <code>STSv1</code> is valid." ,
+        "mta_sts_mode": "Mode",
+        "mta_sts_mode_info": "There are three modes to choose from:<ul><li><em>testing</em> – policy is only monitored, violations have no impact.</li><li><em>enforce</em> – policy is strictly enforced, connections without valid TLS are rejected.</li><li><em>none</em> – policy is published but not applied.</li></ul>",
+        "mta_sts_max_age": "Max age",
+        "mta_sts_max_age_info": "Time in seconds that receiving mail servers may cache this policy until refetching.",
+        "mta_sts_mx": "MX server",
+        "mta_sts_mx_info": "Allows sending only to explicitly listed mail server hostnames; the sending MTA checks if the DNS MX hostname matches the policy list, and only allows delivery with a valid TLS certificate (guards against MITM).",
+        "mta_sts_mx_notice": "Multiple MX servers can be specified (separated by commas).",
         "multiple_bookings": "Multiple bookings",
         "none_inherit": "None / Inherit",
         "nexthop": "Next hop",
diff --git a/data/web/mta-sts.php b/data/web/mta-sts.php
new file mode 100644
index 000000000..51c39eb2f
--- /dev/null
+++ b/data/web/mta-sts.php
@@ -0,0 +1,30 @@
+<?php
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+
+if (!isset($_SERVER['HTTP_HOST']) || strpos($_SERVER['HTTP_HOST'], 'mta-sts.') !== 0) {
+  http_response_code(404);
+  exit;
+}
+
+$domain = str_replace('mta-sts.', '', $_SERVER['HTTP_HOST']);
+$mta_sts = mailbox('get', 'mta_sts', $domain);
+
+if (count($mta_sts) == 0 ||
+    !isset($mta_sts['version']) ||
+    !isset($mta_sts['mode']) ||
+    !isset($mta_sts['max_age']) ||
+    !isset($mta_sts['mx']) ||
+    $mta_sts['active'] != 1) {
+  http_response_code(404);
+  exit;
+}
+
+header('Content-Type: text/plain; charset=utf-8');
+echo "version: {$mta_sts['version']}\n";
+echo "mode: {$mta_sts['mode']}\n";
+echo "max_age: {$mta_sts['max_age']}\n";
+foreach ($mta_sts['mx'] as $mx) {
+  echo "mx: {$mx}\n";
+}
+
+?>
diff --git a/data/web/templates/edit/domain.twig b/data/web/templates/edit/domain.twig
index 6d1d85c73..774b30996 100644
--- a/data/web/templates/edit/domain.twig
+++ b/data/web/templates/edit/domain.twig
@@ -8,6 +8,7 @@
       <li role="presentation" class="nav-item"><button class="nav-link" data-bs-toggle="tab" data-bs-target="#dratelimit">{{ lang.edit.ratelimit }}</button></li>
       <li role="presentation" class="nav-item"><button class="nav-link" data-bs-toggle="tab" data-bs-target="#dspamfilter">{{ lang.edit.spam_filter }}</button></li>
       <li role="presentation" class="nav-item"><button class="nav-link" data-bs-toggle="tab" data-bs-target="#dqwbcc">{{ lang.edit.quota_warning_bcc }}</button></li>
+      <li role="presentation" class="nav-item"><button class="nav-link" data-bs-toggle="tab" data-bs-target="#dmtasts">{{ lang.edit.mta_sts }}</button></li>
       <li role="presentation" class="nav-item"><button class="nav-link" data-bs-toggle="tab" data-bs-target="#dfooter">{{ lang.edit.domain_footer }}</button></li>
     </ul>
     <hr class="d-none d-md-block">
@@ -278,6 +279,82 @@
             </div>
         </div>
       </div>
+      <div id="dmtasts" class="tab-pane fade" role="tabpanel" aria-labelledby="domain-mtasts">
+        <div class="card mb-4">
+            <div class="card-header d-flex d-md-none fs-5">
+              <button class="btn flex-grow-1 text-start" data-bs-target="#collapse-tab-mtasts" data-bs-toggle="collapse" aria-controls="collapse-tab-mtasts">
+                {{ lang.edit.mta_sts }} <span class="badge bg-info table-lines"></span>
+              </button>
+            </div>
+            <div id="collapse-tab-mtasts" class="card-body collapse" data-bs-parent="#domain-content">
+                <h4>{{ lang.edit.mta_sts }}</h4>
+                <p>{{ lang.edit.mta_sts_info|raw }}</p>
+                <form data-id="dommtasts" method="post">
+                  <input type="hidden" value="0" name="active">
+                  <input type="hidden" value="{{ domain }}" name="domain">
+                  <div class="row mb-2">
+                    <label class="control-label col-sm-2" for="version"> 
+                      <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill m-2 ms-0" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.edit.mta_sts_version_info|raw }}"></i>
+                      {{ lang.edit.mta_sts_version }}
+                    </label>
+                    <div class="col-sm-10">
+                      <select data-style="btn btn-light" class="form-control" name="version" title="" required>
+                        <option value="stsv1"{% if mta_sts.version == 'STSv1' %} selected{% endif %}>STSv1</option>
+                      </select>
+                    </div>
+                  </div>
+                  <div class="row mb-2">
+                    <label class="control-label col-sm-2" for="mode">
+                    <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill m-2 ms-0" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.edit.mta_sts_mode_info|raw }}"></i>
+                      {{ lang.edit.mta_sts_mode }}
+                    </label>
+                    <div class="col-sm-10">
+                      <select data-style="btn btn-light" class="form-control" name="mode" title="" required>
+                        <option value="enforce"{% if mta_sts.mode == 'enforce' %} selected{% endif %}>enforce</option>
+                        <option value="testing"{% if mta_sts.mode == 'testing' %} selected{% endif %}>testing</option>
+                        <option value="none"{% if mta_sts.mode == 'none' %} selected{% endif %}>none</option>
+                      </select>
+                    </div>
+                  </div>
+                  <div class="row mb-2">
+                    <label class="control-label col-sm-2" for="max_age">
+                      <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill m-2 ms-0" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.edit.mta_sts_max_age_info|raw }}"></i>
+                      {{ lang.edit.mta_sts_max_age }}
+                    </label>
+                    <div class="col-sm-10">
+                      <input type="number" class="form-control" name="max_age" value="{{ mta_sts.max_age }}">
+                    </div>
+                  </div>
+                  <div class="row mb-2">
+                    <label class="control-label col-sm-2" for="mx">
+                      <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill m-2 ms-0" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.edit.mta_sts_mx_info|raw }}"></i>
+                      {{ lang.edit.mta_sts_mx }}
+                    </label>
+                    <div class="col-sm-10">
+                      <textarea autocorrect="off" autocapitalize="none" class="form-control" rows="5" name="mx">{{ mta_sts.mx }}</textarea>
+                      <small class="text-muted">{{ lang.edit.mta_sts_mx_notice|raw }}</small>
+                    </div>
+                  </div>
+                  <div class="row mb-4">
+                    <div class="offset-sm-2 col-sm-10">
+                      <div class="form-check">
+                        <label><input type="checkbox" class="form-check-input" value="1" name="active"{% if mta_sts.active == '1' %} checked{% endif %}> {{ lang.edit.active }}</label>
+                      </div>
+                    </div>
+                  </div>
+                  <div class="row mb-2">
+                    <div class="offset-sm-2 col-sm-10">
+                      {% if mta_sts == false %}
+                      <button class="btn btn-xs-lg d-block d-sm-inline btn-secondary" data-action="add_item" data-id="dommtasts" data-item="{{ domain }}" data-api-url='add/mta-sts' data-api-attr='{}' href="#">{{ lang.admin.save }}</button>
+                      {% else %}
+                      <button class="btn btn-xs-lg d-block d-sm-inline btn-secondary" data-action="edit_selected" data-id="dommtasts" data-item="{{ domain }}" data-api-url='edit/mta-sts' data-api-attr='{}' href="#">{{ lang.admin.save }}</button>
+                      {% endif %}
+                    </div>
+                  </div>
+                </form>
+            </div>
+        </div>
+      </div>
       <div id="dfooter" class="tab-pane fade" role="tabpanel" aria-labelledby="domain-footer">
         <div class="card mb-4">
             <div class="card-header d-flex d-md-none fs-5">
diff --git a/docker-compose.yml b/docker-compose.yml
index c55158dbb..cbccbcde4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -338,7 +338,7 @@ services:
             - dovecot
 
     postfix-mailcow:
-      image: ghcr.io/mailcow/postfix:1.80
+      image: ghcr.io/mailcow/postfix:1.81
       depends_on:
         mysql-mailcow:
           condition: service_started
@@ -440,7 +440,7 @@ services:
           condition: service_started
         unbound-mailcow:
           condition: service_healthy
-      image: ghcr.io/mailcow/acme:1.93
+      image: ghcr.io/mailcow/acme:1.94
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:

From e1410baaebbf3a67dc0e558a8cc2cd0b1652b45d Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Tue, 26 Aug 2025 09:58:18 +0200
Subject: [PATCH 621/755] fix gitignore

---
 .gitignore | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 8d0fe16fd..a06c3da7f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -75,4 +75,4 @@ refresh_images.sh
 update_diffs/
 create_cold_standby.sh
 !data/conf/nginx/mailcow_auth.conf
-data/conf/postfix/mta-sts-resolver
\ No newline at end of file
+data/conf/postfix/postfix-tlspol
\ No newline at end of file

From 3826c4b5be9d04805a807b922dc96b41128814af Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Tue, 26 Aug 2025 10:10:16 +0200
Subject: [PATCH 622/755] fix postfix tlspol missing folders for config

---
 data/Dockerfiles/postfix/postfix.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/Dockerfiles/postfix/postfix.sh b/data/Dockerfiles/postfix/postfix.sh
index fcb6c26a2..44b7d7d39 100755
--- a/data/Dockerfiles/postfix/postfix.sh
+++ b/data/Dockerfiles/postfix/postfix.sh
@@ -3,6 +3,7 @@
 trap "postfix stop" EXIT
 
 [[ ! -d /opt/postfix/conf/sql/ ]] && mkdir -p /opt/postfix/conf/sql/
+[[ ! -d /opt/postfix/conf/postfix-tlspol ]] && mkdir -p /opt/postfix/conf/postfix-tlspol
 [[ ! -d /etc/postfix-tlspol ]] && mkdir -p /etc/postfix-tlspol
 [[ ! -d /var/lib/postfix-tlspol ]] && mkdir -p /var/lib/postfix-tlspol
 

From 169aafec505ca1fd69e303c7eab6c53d63d14867 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 27 Aug 2025 14:09:29 +0200
Subject: [PATCH 623/755] compose: fix dovecot image tag

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index cbccbcde4..5878a8b49 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -251,7 +251,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: ghcr.io/mailcow/dovecot:2.34
+      image: ghcr.io/mailcow/dovecot:2.35
       depends_on:
         - mysql-mailcow
         - netfilter-mailcow

From 1cb38bacdb0d652781007175fc37eb0361da6aa4 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 28 Aug 2025 10:18:18 +0200
Subject: [PATCH 624/755] Postfix: Split TLSPol companion app into separate
 container (#6688)

* postfix: split postfix-tlspol service into new container

* postfix-tls-pol: added debug mode

* pf-tlspol: removed obsoleted standalone conf from Dockerfiles

* pf-tlspol: use git instead of wget
---
 data/Dockerfiles/postfix-tlspol/Dockerfile    | 49 +++++++++++++++++
 .../postfix-tlspol/docker-entrypoint.sh       |  7 +++
 .../postfix-tlspol/postfix-tlspol.sh          | 52 +++++++++++++++++++
 .../postfix-tlspol/stop-supervisor.sh         |  8 +++
 .../postfix-tlspol/supervisord.conf           | 25 +++++++++
 .../postfix-tlspol/syslog-ng-redis_slave.conf | 45 ++++++++++++++++
 .../Dockerfiles/postfix-tlspol/syslog-ng.conf | 45 ++++++++++++++++
 data/Dockerfiles/postfix/Dockerfile           | 11 ----
 data/Dockerfiles/postfix/postfix.sh           | 23 --------
 data/Dockerfiles/postfix/supervisord.conf     |  9 ----
 data/conf/postfix/main.cf                     |  2 +-
 docker-compose.yml                            | 25 +++++++++
 12 files changed, 257 insertions(+), 44 deletions(-)
 create mode 100644 data/Dockerfiles/postfix-tlspol/Dockerfile
 create mode 100755 data/Dockerfiles/postfix-tlspol/docker-entrypoint.sh
 create mode 100755 data/Dockerfiles/postfix-tlspol/postfix-tlspol.sh
 create mode 100755 data/Dockerfiles/postfix-tlspol/stop-supervisor.sh
 create mode 100644 data/Dockerfiles/postfix-tlspol/supervisord.conf
 create mode 100644 data/Dockerfiles/postfix-tlspol/syslog-ng-redis_slave.conf
 create mode 100644 data/Dockerfiles/postfix-tlspol/syslog-ng.conf

diff --git a/data/Dockerfiles/postfix-tlspol/Dockerfile b/data/Dockerfiles/postfix-tlspol/Dockerfile
new file mode 100644
index 000000000..95a035265
--- /dev/null
+++ b/data/Dockerfiles/postfix-tlspol/Dockerfile
@@ -0,0 +1,49 @@
+FROM golang:1.25-bookworm AS builder
+WORKDIR /src
+
+ENV CGO_ENABLED=0 \
+    GO111MODULE=on \
+    VERSION=1.8.14
+
+RUN git clone --branch v${VERSION} https://github.com/Zuplu/postfix-tlspol && \
+    cd /src/postfix-tlspol && \
+    scripts/build.sh build-only
+
+
+FROM debian:bookworm-slim
+LABEL maintainer="The Infrastructure Company GmbH <info@servercow.de>"
+
+ARG DEBIAN_FRONTEND=noninteractive
+ENV LC_ALL=C
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+	ca-certificates \
+	dirmngr \
+  	dnsutils \
+	iputils-ping \
+	sudo \
+	supervisor \
+	redis-tools \
+	syslog-ng \
+	syslog-ng-core \
+	syslog-ng-mod-redis \
+  	tzdata \
+	&& rm -rf /var/lib/apt/lists/* \
+	&& touch /etc/default/locale
+
+COPY supervisord.conf /etc/supervisor/supervisord.conf
+COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
+COPY syslog-ng-redis_slave.conf /etc/syslog-ng/syslog-ng-redis_slave.conf
+COPY postfix-tlspol.sh /opt/postfix-tlspol.sh
+COPY stop-supervisor.sh /usr/local/sbin/stop-supervisor.sh
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+COPY --from=builder /src/postfix-tlspol/build/postfix-tlspol /usr/local/bin/postfix-tlspol
+
+RUN chmod +x /opt/postfix-tlspol.sh \
+  /usr/local/sbin/stop-supervisor.sh \
+  /docker-entrypoint.sh
+RUN rm -rf /tmp/* /var/tmp/*
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
+
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
\ No newline at end of file
diff --git a/data/Dockerfiles/postfix-tlspol/docker-entrypoint.sh b/data/Dockerfiles/postfix-tlspol/docker-entrypoint.sh
new file mode 100755
index 000000000..8c4f2c43e
--- /dev/null
+++ b/data/Dockerfiles/postfix-tlspol/docker-entrypoint.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
+  cp /etc/syslog-ng/syslog-ng-redis_slave.conf /etc/syslog-ng/syslog-ng.conf
+fi
+
+exec "$@"
\ No newline at end of file
diff --git a/data/Dockerfiles/postfix-tlspol/postfix-tlspol.sh b/data/Dockerfiles/postfix-tlspol/postfix-tlspol.sh
new file mode 100755
index 000000000..407a08f6f
--- /dev/null
+++ b/data/Dockerfiles/postfix-tlspol/postfix-tlspol.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+
+LOGLVL=info
+
+if [ ${DEV_MODE} != "n" ]; then
+  echo -e "\e[31mEnabling debug mode\e[0m"
+  set -x
+  LOGLVL=debug
+fi
+
+[[ ! -d /etc/postfix-tlspol ]] && mkdir -p /etc/postfix-tlspol
+[[ ! -d /var/lib/postfix-tlspol ]] && mkdir -p /var/lib/postfix-tlspol
+
+until dig +short mailcow.email > /dev/null; do
+  echo "Waiting for DNS..."
+  sleep 1
+done
+
+# Do not attempt to write to slave
+if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
+  export REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS} --no-auth-warning"
+else
+  export REDIS_CMDLINE="redis-cli -h redis -p 6379 -a ${REDISPASS} --no-auth-warning"
+fi
+
+until [[ $(${REDIS_CMDLINE} PING) == "PONG" ]]; do
+  echo "Waiting for Redis..."
+  sleep 2
+done
+
+echo "Waiting for Postfix..."
+until ping postfix -c1 > /dev/null; do
+  sleep 1
+done
+echo "Postfix OK"
+
+cat <<EOF > /etc/postfix-tlspol/config.yaml
+server:
+  address: 0.0.0.0:8642
+
+  log-level: ${LOGLVL}
+
+  prefetch: true
+
+  cache-file: /var/lib/postfix-tlspol/cache.db
+
+dns:
+  # must support DNSSEC
+  address: 127.0.0.11:53
+EOF
+
+/usr/local/bin/postfix-tlspol -config /etc/postfix-tlspol/config.yaml
\ No newline at end of file
diff --git a/data/Dockerfiles/postfix-tlspol/stop-supervisor.sh b/data/Dockerfiles/postfix-tlspol/stop-supervisor.sh
new file mode 100755
index 000000000..5394490ce
--- /dev/null
+++ b/data/Dockerfiles/postfix-tlspol/stop-supervisor.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+printf "READY\n";
+
+while read line; do
+  echo "Processing Event: $line" >&2;
+  kill -3 $(cat "/var/run/supervisord.pid")
+done < /dev/stdin
diff --git a/data/Dockerfiles/postfix-tlspol/supervisord.conf b/data/Dockerfiles/postfix-tlspol/supervisord.conf
new file mode 100644
index 000000000..90cf785ad
--- /dev/null
+++ b/data/Dockerfiles/postfix-tlspol/supervisord.conf
@@ -0,0 +1,25 @@
+[supervisord]
+pidfile=/var/run/supervisord.pid
+nodaemon=true
+user=root
+
+[program:syslog-ng]
+command=/usr/sbin/syslog-ng --foreground  --no-caps
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+autostart=true
+
+[program:postfix-tlspol]
+startsecs=10
+autorestart=true
+command=/opt/postfix-tlspol.sh
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[eventlistener:processes]
+command=/usr/local/sbin/stop-supervisor.sh
+events=PROCESS_STATE_STOPPED, PROCESS_STATE_EXITED, PROCESS_STATE_FATAL
\ No newline at end of file
diff --git a/data/Dockerfiles/postfix-tlspol/syslog-ng-redis_slave.conf b/data/Dockerfiles/postfix-tlspol/syslog-ng-redis_slave.conf
new file mode 100644
index 000000000..3862a3547
--- /dev/null
+++ b/data/Dockerfiles/postfix-tlspol/syslog-ng-redis_slave.conf
@@ -0,0 +1,45 @@
+@version: 3.38
+@include "scl.conf"
+options {
+  chain_hostnames(off);
+  flush_lines(0);
+  use_dns(no);
+  dns_cache(no);
+  use_fqdn(no);
+  owner("root"); group("adm"); perm(0640);
+  stats_freq(0);
+  bad_hostname("^gconfd$");
+};
+source s_src {
+  unix-stream("/dev/log");
+  internal();
+};
+destination d_stdout { pipe("/dev/stdout"); };
+destination d_redis_ui_log {
+  redis(
+    host("`REDIS_SLAVEOF_IP`")
+    persist-name("redis1")
+    port(`REDIS_SLAVEOF_PORT`)
+    auth("`REDISPASS`")
+    command("LPUSH" "POSTFIX_MAILLOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
+  );
+};
+filter f_mail { facility(mail); };
+# start
+# overriding warnings are still displayed when the entrypoint runs its initial check
+# warnings logged by postfix-mailcow to syslog are hidden to reduce repeating msgs
+# Some other warnings are ignored
+filter f_ignore {
+  not match("overriding earlier entry" value("MESSAGE"));
+  not match("TLS SNI from checks.mailcow.email" value("MESSAGE"));
+  not match("no SASL support" value("MESSAGE"));
+  not facility (local0, local1, local2, local3, local4, local5, local6, local7);
+};
+# end
+log {
+  source(s_src);
+  filter(f_ignore);
+  destination(d_stdout);
+  filter(f_mail);
+  destination(d_redis_ui_log);
+};
diff --git a/data/Dockerfiles/postfix-tlspol/syslog-ng.conf b/data/Dockerfiles/postfix-tlspol/syslog-ng.conf
new file mode 100644
index 000000000..7126c1250
--- /dev/null
+++ b/data/Dockerfiles/postfix-tlspol/syslog-ng.conf
@@ -0,0 +1,45 @@
+@version: 3.38
+@include "scl.conf"
+options {
+  chain_hostnames(off);
+  flush_lines(0);
+  use_dns(no);
+  dns_cache(no);
+  use_fqdn(no);
+  owner("root"); group("adm"); perm(0640);
+  stats_freq(0);
+  bad_hostname("^gconfd$");
+};
+source s_src {
+  unix-stream("/dev/log");
+  internal();
+};
+destination d_stdout { pipe("/dev/stdout"); };
+destination d_redis_ui_log {
+  redis(
+    host("redis-mailcow")
+    persist-name("redis1")
+    port(6379)
+    auth("`REDISPASS`")
+    command("LPUSH" "POSTFIX_MAILLOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
+  );
+};
+filter f_mail { facility(mail); };
+# start
+# overriding warnings are still displayed when the entrypoint runs its initial check
+# warnings logged by postfix-mailcow to syslog are hidden to reduce repeating msgs
+# Some other warnings are ignored
+filter f_ignore {
+  not match("overriding earlier entry" value("MESSAGE"));
+  not match("TLS SNI from checks.mailcow.email" value("MESSAGE"));
+  not match("no SASL support" value("MESSAGE"));
+  not facility (local0, local1, local2, local3, local4, local5, local6, local7);
+};
+# end
+log {
+  source(s_src);
+  filter(f_ignore);
+  destination(d_stdout);
+  filter(f_mail);
+  destination(d_redis_ui_log);
+};
diff --git a/data/Dockerfiles/postfix/Dockerfile b/data/Dockerfiles/postfix/Dockerfile
index d1a32917d..994612ec4 100644
--- a/data/Dockerfiles/postfix/Dockerfile
+++ b/data/Dockerfiles/postfix/Dockerfile
@@ -1,13 +1,3 @@
-FROM golang:1.25-bookworm AS builder
-WORKDIR /src
-
-ENV CGO_ENABLED=0 \
-    GO111MODULE=on
-
-RUN git clone https://github.com/Zuplu/postfix-tlspol.git && \
-	cd postfix-tlspol && \
-	scripts/build.sh build-only
-
 FROM debian:bookworm-slim
 
 LABEL maintainer="The Infrastructure Company GmbH <info@servercow.de>"
@@ -58,7 +48,6 @@ COPY rspamd-pipe-spam /usr/local/bin/rspamd-pipe-spam
 COPY whitelist_forwardinghosts.sh /usr/local/bin/whitelist_forwardinghosts.sh
 COPY stop-supervisor.sh /usr/local/sbin/stop-supervisor.sh
 COPY docker-entrypoint.sh /docker-entrypoint.sh
-COPY --from=builder /src/postfix-tlspol/build/postfix-tlspol /usr/local/bin/postfix-tlspol
 
 RUN chmod +x /opt/postfix.sh \
   /usr/local/bin/rspamd-pipe-ham \
diff --git a/data/Dockerfiles/postfix/postfix.sh b/data/Dockerfiles/postfix/postfix.sh
index 44b7d7d39..0a6494ed6 100755
--- a/data/Dockerfiles/postfix/postfix.sh
+++ b/data/Dockerfiles/postfix/postfix.sh
@@ -3,9 +3,6 @@
 trap "postfix stop" EXIT
 
 [[ ! -d /opt/postfix/conf/sql/ ]] && mkdir -p /opt/postfix/conf/sql/
-[[ ! -d /opt/postfix/conf/postfix-tlspol ]] && mkdir -p /opt/postfix/conf/postfix-tlspol
-[[ ! -d /etc/postfix-tlspol ]] && mkdir -p /etc/postfix-tlspol
-[[ ! -d /var/lib/postfix-tlspol ]] && mkdir -p /var/lib/postfix-tlspol
 
 # Wait for MySQL to warm-up
 while ! mariadb-admin status --ssl=false --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
@@ -506,26 +503,6 @@ if [[ ! -f /opt/postfix/conf/custom_postscreen_whitelist.cidr ]]; then
 EOF
 fi
 
-cat <<EOF > /opt/postfix/conf/postfix-tlspol/config.yaml
-server:
-  address: 127.0.0.1:8642
-
-  log-level: info
-
-  prefetch: true
-
-  cache-file: /var/lib/postfix-tlspol/cache.db
-
-dns:
-  # must support DNSSEC
-  address: 127.0.0.11:53
-EOF
-
-# Fixing local command execution of postfix-tlspol with symlink to config
-if [ ! -L /etc/postfix-tlspol/config.yaml ]; then
-  ln -s /opt/postfix/conf/postfix-tlspol/config.yaml /etc/postfix-tlspol/config.yaml
-fi
-
 # Fix Postfix permissions
 chown -R root:postfix /opt/postfix/conf/sql/ /opt/postfix/conf/custom_transport.pcre
 chmod 640 /opt/postfix/conf/sql/*.cf /opt/postfix/conf/custom_transport.pcre
diff --git a/data/Dockerfiles/postfix/supervisord.conf b/data/Dockerfiles/postfix/supervisord.conf
index 26fec862c..ba70f8edf 100644
--- a/data/Dockerfiles/postfix/supervisord.conf
+++ b/data/Dockerfiles/postfix/supervisord.conf
@@ -11,15 +11,6 @@ stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 autostart=true
 
-[program:postfix-tlspol]
-startsecs=10
-autorestart=true
-command=/usr/local/bin/postfix-tlspol -config /opt/postfix/conf/postfix-tlspol/config.yaml
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
-
 [program:postfix]
 command=/opt/postfix.sh
 stdout_logfile=/dev/stdout
diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index e4354c40c..f091cb3f9 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -152,7 +152,7 @@ smtp_sasl_auth_enable = yes
 smtp_sasl_password_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps_sender_dependent.cf
 smtp_sasl_security_options =
 smtp_sasl_mechanism_filter = plain, login
-smtp_tls_policy_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_tls_policy_override_maps.cf socketmap:inet:127.0.0.1:8642:QUERY
+smtp_tls_policy_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_tls_policy_override_maps.cf socketmap:inet:postfix-tlspol:8642:QUERY
 smtp_header_checks = pcre:/opt/postfix/conf/anonymize_headers.pcre
 mail_name = Postcow
 # local_transport map catches local destinations and prevents routing local dests when the next map would route "*"
diff --git a/docker-compose.yml b/docker-compose.yml
index 5878a8b49..1b47cf592 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -378,6 +378,30 @@ services:
           aliases:
             - postfix
 
+    postfix-tlspol-mailcow:
+      image: ghcr.io/mailcow/postfix-tlspol:1.0
+      depends_on:
+        unbound-mailcow:
+          condition: service_healthy
+        postfix-mailcow:
+          condition: service_started
+      volumes:
+        - postfix-tlspol-vol-1:/var/lib/postfix-tlspol
+      environment:
+        - LOG_LINES=${LOG_LINES:-9999}
+        - TZ=${TZ}
+        - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
+        - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
+        - REDISPASS=${REDISPASS}
+        - DEV_MODE=${DEV_MODE:-n}
+      restart: always
+      dns:
+        - ${IPV4_NETWORK:-172.22.1}.254
+      networks:
+        mailcow-network:
+          aliases:
+            - postfix-tlspol
+
     memcached-mailcow:
       image: memcached:alpine
       restart: always
@@ -649,6 +673,7 @@ volumes:
   redis-vol-1:
   rspamd-vol-1:
   postfix-vol-1:
+  postfix-tlspol-vol-1:
   crypt-vol-1:
   sogo-web-vol-1:
   sogo-userdata-backup-vol-1:

From 29e28b47ed3dac40c8f7522e3dbddad965ff2992 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 28 Aug 2025 10:20:21 +0200
Subject: [PATCH 625/755] compose: add depends on for postfix-tlspol

---
 docker-compose.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 1b47cf592..8fa7e0606 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -344,6 +344,8 @@ services:
           condition: service_started
         unbound-mailcow:
           condition: service_healthy
+        postfix-tlspol-mailcow:
+          condition: service_started
       volumes:
         - ./data/hooks/postfix:/hooks:Z
         - ./data/conf/postfix:/opt/postfix/conf:z
@@ -383,8 +385,6 @@ services:
       depends_on:
         unbound-mailcow:
           condition: service_healthy
-        postfix-mailcow:
-          condition: service_started
       volumes:
         - postfix-tlspol-vol-1:/var/lib/postfix-tlspol
       environment:

From 4d88e191068c0b17a3e0e00d73f417788c756ae2 Mon Sep 17 00:00:00 2001
From: Sajjad hassanzadeh <32982356+Hassanzadeh-sd@users.noreply.github.com>
Date: Thu, 28 Aug 2025 14:06:43 +0330
Subject: [PATCH 626/755] Feat/prometheus-exporter : Add prometheus exporter
 and grafana dashboard for mailcow. (#6314)

* add : readme for prometheus exporter configs

* add : grafana dashboard json file

* add: prometheus exporter service on docker-compose.override.yml

* migrate: doc files into docs.mailcow.email project

* add : security configs in prometheus exporter compose file

* add : explain more in my comment part in prometheus override compose file

* remove : mailcow dockerized docs

---------

Co-authored-by: Saji <saji@abrnoc>
---
 .../docker-compose.override.yml                | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 helper-scripts/docker-compose.override.yml.d/PROMETHEUS_EXPORTER/docker-compose.override.yml

diff --git a/helper-scripts/docker-compose.override.yml.d/PROMETHEUS_EXPORTER/docker-compose.override.yml b/helper-scripts/docker-compose.override.yml.d/PROMETHEUS_EXPORTER/docker-compose.override.yml
new file mode 100644
index 000000000..6fd4e8e08
--- /dev/null
+++ b/helper-scripts/docker-compose.override.yml.d/PROMETHEUS_EXPORTER/docker-compose.override.yml
@@ -0,0 +1,18 @@
+services:
+    prometheus-exporter-mailcow:
+      image: ghcr.io/mailcow/prometheus-exporter:2
+      ports:
+        - "9099:9099"
+      restart: always
+      environment:
+        MAILCOW_EXPORTER_HOST: "<your-mail-domain>" # Replace with your Mailcow hostname
+        MAILCOW_EXPORTER_API_KEY: "<your-API-Key>" # Replace with your API key
+        MAILCOW_EXPORTER_TOKEN: "<your-secure-token>" # Replace with your secure key
+        # MAILCOW_EXPORTER_TOKEN_DISABLE: "true" # Uncomment only if it is safe to disable token authentication (e.g., internal network only)
+      dns:
+        - ${IPV4_NETWORK:-172.22.1}.254
+      networks:
+        mailcow-network:
+          ipv4_address: ${IPV4_NETWORK:-172.22.1}.209
+          aliases:
+            - prometheus-exporter

From 5e66ffa36604e8c41bb23c7606ad951ed888b6b4 Mon Sep 17 00:00:00 2001
From: maxi322 <66129899+maxi322@users.noreply.github.com>
Date: Thu, 28 Aug 2025 12:56:37 +0200
Subject: [PATCH 627/755] watchdog: use dig instead of check_dns (#6685)

* watchdog: use dig instead of check_dns

check_dns is slower and uses more system resources,
dig wrapped in a script is a more performant approach and uses
fewer system resources

* added debug mode + compose image bump

---------

Co-authored-by: maxi322 <maxi322@users.noreply.github.com>
Co-authored-by: DerLinkman <niklas.meyer@servercow.de>
---
 data/Dockerfiles/watchdog/Dockerfile   |  5 ++--
 data/Dockerfiles/watchdog/check_dns.sh | 39 ++++++++++++++++++++++++++
 data/Dockerfiles/watchdog/watchdog.sh  |  7 ++++-
 docker-compose.yml                     |  3 +-
 4 files changed, 50 insertions(+), 4 deletions(-)
 create mode 100755 data/Dockerfiles/watchdog/check_dns.sh

diff --git a/data/Dockerfiles/watchdog/Dockerfile b/data/Dockerfiles/watchdog/Dockerfile
index a55a97a4c..6d8541d79 100644
--- a/data/Dockerfiles/watchdog/Dockerfile
+++ b/data/Dockerfiles/watchdog/Dockerfile
@@ -16,7 +16,6 @@ RUN apk add --update \
   fcgi \
   openssl \
   nagios-plugins-mysql \
-  nagios-plugins-dns \
   nagios-plugins-disk \
   bind-tools \
   redis \
@@ -32,9 +31,11 @@ RUN apk add --update \
   tzdata \
   whois \
   && curl https://raw.githubusercontent.com/mludvig/smtp-cli/v3.10/smtp-cli -o /smtp-cli \
-  && chmod +x smtp-cli
+  && chmod +x smtp-cli \
+  && mkdir /usr/lib/mailcow
 
 COPY watchdog.sh /watchdog.sh
 COPY check_mysql_slavestatus.sh /usr/lib/nagios/plugins/check_mysql_slavestatus.sh
+COPY check_dns.sh /usr/lib/mailcow/check_dns.sh
 
 CMD ["/watchdog.sh"]
diff --git a/data/Dockerfiles/watchdog/check_dns.sh b/data/Dockerfiles/watchdog/check_dns.sh
new file mode 100755
index 000000000..ce4cfa3b1
--- /dev/null
+++ b/data/Dockerfiles/watchdog/check_dns.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+while getopts "H:s:" opt; do
+  case "$opt" in
+    H) HOST="$OPTARG" ;;
+    s) SERVER="$OPTARG" ;;
+    *) echo "Usage: $0 -H host -s server"; exit 3 ;;
+  esac
+done
+
+if [ -z "$SERVER" ]; then
+  echo "No DNS Server provided"
+  exit 3
+fi
+
+if [ -z "$HOST" ]; then
+  echo "No host to test provided"
+  exit 3
+fi
+
+# run dig and measure the time it takes to run
+START_TIME=$(date +%s%3N)
+dig_output=$(dig +short +timeout=2 +tries=1 "$HOST" @"$SERVER" 2>/dev/null)
+dig_rc=$?
+dig_output_ips=$(echo "$dig_output" | grep -E '^[0-9.]+$' | sort | paste -sd ',' -)
+END_TIME=$(date +%s%3N)
+ELAPSED_TIME=$((END_TIME - START_TIME))
+
+# validate and perform nagios like output and exit codes
+if [ $dig_rc -ne 0 ] || [ -z "$dig_output" ]; then
+  echo "Domain $HOST was not found by the server"
+  exit 2
+elif [ $dig_rc -eq 0 ]; then
+  echo "DNS OK: $ELAPSED_TIME ms response time. $HOST returns $dig_output_ips"
+  exit 0
+else
+  echo "Unknown error"
+  exit 3
+fi
diff --git a/data/Dockerfiles/watchdog/watchdog.sh b/data/Dockerfiles/watchdog/watchdog.sh
index d1c659ce8..a087ca5f1 100755
--- a/data/Dockerfiles/watchdog/watchdog.sh
+++ b/data/Dockerfiles/watchdog/watchdog.sh
@@ -1,5 +1,10 @@
 #!/bin/bash
 
+if [ "${DEV_MODE}" != "n" ]; then
+  echo -e "\e[31mEnabled Debug Mode\e[0m"
+  set -x
+fi
+
 trap "exit" INT TERM
 trap "kill 0" EXIT
 
@@ -297,7 +302,7 @@ unbound_checks() {
     touch /tmp/unbound-mailcow; echo "$(tail -50 /tmp/unbound-mailcow)" > /tmp/unbound-mailcow
     host_ip=$(get_container_ip unbound-mailcow)
     err_c_cur=${err_count}
-    /usr/lib/nagios/plugins/check_dns -s ${host_ip} -H stackoverflow.com 2>> /tmp/unbound-mailcow 1>&2; err_count=$(( ${err_count} + $? ))
+    /usr/lib/mailcow/check_dns.sh -s ${host_ip} -H stackoverflow.com 2>> /tmp/unbound-mailcow 1>&2; err_count=$(( ${err_count} + $? ))
     DNSSEC=$(dig com +dnssec | egrep 'flags:.+ad')
     if [[ -z ${DNSSEC} ]]; then
       echo "DNSSEC failure" 2>> /tmp/unbound-mailcow 1>&2
diff --git a/docker-compose.yml b/docker-compose.yml
index 8fa7e0606..ce33e3d93 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -521,7 +521,7 @@ services:
         - /lib/modules:/lib/modules:ro
 
     watchdog-mailcow:
-      image: ghcr.io/mailcow/watchdog:2.08
+      image: ghcr.io/mailcow/watchdog:2.09
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       tmpfs:
@@ -588,6 +588,7 @@ services:
         - OLEFY_THRESHOLD=${OLEFY_THRESHOLD:-5}
         - MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20}
         - MAILQ_CRIT=${MAILQ_CRIT:-30}
+        - DEV_MODE=${DEV_MODE:-n}
       networks:
         mailcow-network:
           aliases:

From 6c5d82c4df2cf24be38608e45b4e1e6bed6e61b2 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 28 Aug 2025 14:06:17 +0200
Subject: [PATCH 628/755] expanded postscreen whitelist with modern freemailers
 + included checks.mailcow.email

---
 data/conf/postfix/postscreen_access.cidr      | 98 +++++++++++++++----
 helper-scripts/update_postscreen_whitelist.sh |  5 +-
 2 files changed, 82 insertions(+), 21 deletions(-)

diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr
index 4453feca3..1783620dd 100644
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@@ -1,13 +1,25 @@
-# Whitelist generated by Postwhite v3.4 on Fri Aug  1 00:24:14 UTC 2025
+# Whitelist generated by Postwhite v3.4 on Do 28. Aug 14:05:16 CEST 2025
 # https://github.com/stevejenkins/postwhite/
-# 2166 total rules
+# 2225 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
+2a01:111:f403::/49	permit
 2a01:111:f403:8000::/50	permit
 2a01:111:f403:8000::/51	permit
-2a01:111:f403::/49	permit
 2a01:111:f403:c000::/51	permit
 2a01:111:f403:f000::/52	permit
+2a01:238:20a:202:5370::1	permit
+2a01:238:20a:202:5372::1	permit
+2a01:238:20a:202:5373::1	permit
+2a01:238:400:101:53::1	permit
+2a01:238:400:102:53::1	permit
+2a01:238:400:103:53::1	permit
+2a01:238:400:301:53::1	permit
+2a01:238:400:302:53::1	permit
+2a01:238:400:303:53::1	permit
+2a01:238:400:470:53::1	permit
+2a01:238:400:471:53::1	permit
+2a01:238:400:472:53::1	permit
 2a01:b747:3000:200::/56	permit
 2a01:b747:3001:200::/56	permit
 2a01:b747:3002:200::/56	permit
@@ -17,16 +29,17 @@
 2a01:b747:3006:200::/56	permit
 2a02:a60:0:5::/64	permit
 2c0f:fb50:4000::/36	permit
-2.207.151.53	permit
 2.207.217.30	permit
 3.64.237.68	permit
 3.65.3.180	permit
 3.70.123.177	permit
 3.72.182.33	permit
 3.74.81.189	permit
+3.74.125.228	permit
 3.75.33.185	permit
 3.93.157.0/24	permit
 3.94.40.108	permit
+3.121.107.214	permit
 3.129.120.190	permit
 3.210.190.0/24	permit
 3.211.80.218	permit
@@ -42,7 +55,7 @@
 8.40.222.0/23	permit
 8.40.222.250/31	permit
 12.130.86.238	permit
-13.107.253.40	permit
+13.107.253.44	permit
 13.110.208.0/21	permit
 13.110.209.0/24	permit
 13.110.216.0/22	permit
@@ -64,6 +77,8 @@
 18.97.2.64/26	permit
 18.156.89.250	permit
 18.156.205.64	permit
+18.157.70.148	permit
+18.157.114.255	permit
 18.157.243.190	permit
 18.158.153.154	permit
 18.194.95.56	permit
@@ -75,9 +90,7 @@
 18.216.232.154	permit
 18.235.27.253	permit
 18.236.40.242	permit
-18.236.56.161	permit
 20.51.6.32/30	permit
-20.51.98.61	permit
 20.52.52.2	permit
 20.52.128.133	permit
 20.59.80.4/30	permit
@@ -153,7 +166,6 @@
 34.212.163.75	permit
 34.215.104.144	permit
 34.218.115.239	permit
-34.218.116.3	permit
 34.225.212.172	permit
 34.241.242.183	permit
 35.83.148.184	permit
@@ -171,6 +183,7 @@
 37.218.249.47	permit
 37.218.251.62	permit
 39.156.163.64/29	permit
+40.90.65.81	permit
 40.92.0.0/15	permit
 40.92.0.0/16	permit
 40.107.0.0/16	permit
@@ -178,6 +191,7 @@
 40.233.64.216	permit
 40.233.83.78	permit
 40.233.88.28	permit
+43.239.212.33	permit
 44.206.138.57	permit
 44.210.169.44	permit
 44.217.45.156	permit
@@ -188,7 +202,10 @@
 44.246.68.102	permit
 44.246.77.92	permit
 45.14.148.0/22	permit
-46.19.170.16	permit
+45.143.132.0/24	permit
+45.143.133.0/24	permit
+45.143.134.0/24	permit
+45.143.135.0/24	permit
 46.226.48.0/21	permit
 46.228.36.37	permit
 46.228.36.38/31	permit
@@ -254,6 +271,9 @@
 50.56.130.221	permit
 50.56.130.222	permit
 50.112.246.219	permit
+51.77.79.158	permit
+51.83.17.38	permit
+51.89.119.103	permit
 52.1.14.157	permit
 52.5.230.59	permit
 52.6.74.205	permit
@@ -304,6 +324,8 @@
 52.234.172.96/28	permit
 52.235.253.128	permit
 52.236.28.240/28	permit
+54.36.149.183	permit
+54.38.221.122	permit
 54.90.148.255	permit
 54.165.19.38	permit
 54.174.52.0/24	permit
@@ -324,6 +346,7 @@
 54.255.61.23	permit
 56.124.6.228	permit
 57.103.64.0/18	permit
+57.129.93.249	permit
 62.13.128.0/24	permit
 62.13.129.128/25	permit
 62.13.136.0/21	permit
@@ -643,6 +666,11 @@
 77.238.189.142	permit
 77.238.189.146/31	permit
 77.238.189.148/30	permit
+79.135.106.0/24	permit
+79.135.107.0/24	permit
+81.169.146.243	permit
+81.169.146.245	permit
+81.169.146.246	permit
 81.223.46.0/27	permit
 82.165.159.2	permit
 82.165.159.3	permit
@@ -658,7 +686,17 @@
 82.165.159.45	permit
 82.165.159.130	permit
 82.165.159.131	permit
+85.9.206.169	permit
+85.9.210.45	permit
 85.158.136.0/21	permit
+85.215.255.39	permit
+85.215.255.40	permit
+85.215.255.41	permit
+85.215.255.45	permit
+85.215.255.46	permit
+85.215.255.47	permit
+85.215.255.48	permit
+85.215.255.49	permit
 86.61.88.25	permit
 87.238.80.0/21	permit
 87.248.103.12	permit
@@ -698,6 +736,7 @@
 87.248.117.205	permit
 87.253.232.0/21	permit
 89.22.108.0/24	permit
+91.134.188.129	permit
 91.198.2.0/24	permit
 91.211.240.0/22	permit
 94.236.119.0/26	permit
@@ -1342,9 +1381,9 @@
 108.174.6.215	permit
 108.175.18.45	permit
 108.175.30.45	permit
-108.177.8.0/22	permit
-108.177.96.0/19	permit
+108.177.96.0/20	permit
 108.179.144.0/20	permit
+109.224.244.0/24	permit
 109.237.142.0/24	permit
 111.221.23.128/25	permit
 111.221.26.0/27	permit
@@ -1508,7 +1547,6 @@
 148.105.0.0/16	permit
 148.105.8.0/21	permit
 149.72.0.0/16	permit
-149.72.223.204	permit
 149.72.248.236	permit
 149.97.173.180	permit
 150.230.98.160	permit
@@ -1623,7 +1661,6 @@
 169.148.144.0/25	permit
 169.148.144.10	permit
 169.148.146.0/23	permit
-169.148.174.33	permit
 169.148.175.3	permit
 169.148.188.0/24	permit
 169.148.188.182	permit
@@ -1671,6 +1708,9 @@
 185.12.80.0/22	permit
 185.28.196.0/22	permit
 185.58.84.93	permit
+185.70.40.0/24	permit
+185.70.41.0/24	permit
+185.70.43.0/24	permit
 185.80.93.204	permit
 185.80.93.227	permit
 185.80.95.31	permit
@@ -1732,6 +1772,7 @@
 188.125.85.234/31	permit
 188.125.85.236/31	permit
 188.125.85.238	permit
+188.165.51.139	permit
 188.172.128.0/20	permit
 192.0.64.0/18	permit
 192.18.139.154	permit
@@ -1757,7 +1798,11 @@
 193.142.157.0/24	permit
 193.142.157.191	permit
 193.142.157.198	permit
+193.201.168.38	permit
+193.201.168.170/31	permit
 194.19.134.0/25	permit
+194.25.134.16/28	permit
+194.25.134.80/28	permit
 194.64.234.129	permit
 194.97.196.0/24	permit
 194.97.196.3	permit
@@ -1957,8 +2002,6 @@
 208.71.42.212/31	permit
 208.71.42.214	permit
 208.72.249.240/29	permit
-208.74.204.5	permit
-208.74.204.9	permit
 208.75.120.0/22	permit
 208.76.62.0/24	permit
 208.76.63.0/24	permit
@@ -2022,6 +2065,8 @@
 212.227.15.4	permit
 212.227.15.5	permit
 212.227.15.6	permit
+212.227.15.7	permit
+212.227.15.8	permit
 212.227.15.14	permit
 212.227.15.15	permit
 212.227.15.18	permit
@@ -2038,16 +2083,30 @@
 212.227.15.53	permit
 212.227.15.54	permit
 212.227.15.55	permit
+212.227.17.1	permit
+212.227.17.2	permit
+212.227.17.7	permit
 212.227.17.11	permit
 212.227.17.12	permit
+212.227.17.16	permit
+212.227.17.17	permit
 212.227.17.18	permit
 212.227.17.19	permit
 212.227.17.20	permit
 212.227.17.21	permit
 212.227.17.22	permit
 212.227.17.26	permit
+212.227.17.27	permit
 212.227.17.28	permit
 212.227.17.29	permit
+212.227.126.206	permit
+212.227.126.207	permit
+212.227.126.208	permit
+212.227.126.209	permit
+212.227.126.220	permit
+212.227.126.221	permit
+212.227.126.222	permit
+212.227.126.223	permit
 212.227.126.224	permit
 212.227.126.225	permit
 212.227.126.226	permit
@@ -2155,16 +2214,17 @@
 2607:13c0:0002:0000:0000:0000:0000:1000/116	permit
 2607:13c0:0004:0000:0000:0000:0000:0000/116	permit
 2607:f8b0:4000::/36	permit
-2620:109:c003:104::/64	permit
 2620:109:c003:104::215	permit
-2620:109:c006:104::/64	permit
+2620:109:c003:104::/64	permit
 2620:109:c006:104::215	permit
+2620:109:c006:104::/64	permit
 2620:109:c00d:104::/64	permit
 2620:10d:c090:400::8:1	permit
 2620:10d:c091:400::8:1	permit
 2620:10d:c09b:400::8:1	permit
 2620:10d:c09c:400::8:1	permit
-2620:119:50c0:207::/64	permit
 2620:119:50c0:207::215	permit
+2620:119:50c0:207::/64	permit
 2800:3f0:4000::/36	permit
-194.25.134.0/24 permit # t-online.de
+49.12.4.251 permit # checks.mailcow.email
+2a01:4f8:c17:7906::10 permit # checks.mailcow.email
diff --git a/helper-scripts/update_postscreen_whitelist.sh b/helper-scripts/update_postscreen_whitelist.sh
index 04335bda5..dda64b263 100644
--- a/helper-scripts/update_postscreen_whitelist.sh
+++ b/helper-scripts/update_postscreen_whitelist.sh
@@ -6,9 +6,10 @@ SPFTOOLS_DIR=${WORKING_DIR}/spf-tools
 POSTWHITE_DIR=${WORKING_DIR}/postwhite
 POSTWHITE_CONF=${POSTWHITE_DIR}/postwhite.conf
 
-CUSTOM_HOSTS='"web.de gmx.net mail.de freenet.de arcor.de unity-mail.de"'
+CUSTOM_HOSTS='"web.de gmx.net mail.de freenet.de arcor.de unity-mail.de protonmail.ch ionos.com strato.com t-online.de"'
 STATIC_HOSTS=(
-    "194.25.134.0/24 permit # t-online.de"
+    "49.12.4.251 permit # checks.mailcow.email"
+    "2a01:4f8:c17:7906::10 permit # checks.mailcow.email"
 )
 
 mkdir ${SCRIPT_DIR}/postwhite_tmp

From 0b0a65a3f338a2e3b191841d6322d4dcc4834e70 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 28 Aug 2025 17:02:16 +0200
Subject: [PATCH 629/755] web: rename login placeholder for mailbox to email
 address (#6693)

---
 data/web/lang/lang.de-de.json      | 3 ++-
 data/web/lang/lang.en-gb.json      | 3 ++-
 data/web/templates/user_index.twig | 2 +-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 1d2edc1b4..55fc11ab4 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -846,7 +846,8 @@
         "password": "Passwort",
         "reset_password": "Passwort zurücksetzen",
         "request_reset_password": "Passwortänderung anfordern",
-        "username": "Benutzername"
+        "username": "Benutzername",
+        "email": "E-Mail-Adresse"
     },
     "mailbox": {
         "action": "Aktion",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 78059c0b8..4ee5675be 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -847,7 +847,8 @@
         "password": "Password",
         "reset_password": "Reset Password",
         "request_reset_password": "Request password change",
-        "username": "Username"
+        "username": "Username",
+        "email": "Email address"
     },
     "mailbox": {
         "action": "Action",
diff --git a/data/web/templates/user_index.twig b/data/web/templates/user_index.twig
index 234aa01cb..28eb6389c 100644
--- a/data/web/templates/user_index.twig
+++ b/data/web/templates/user_index.twig
@@ -48,7 +48,7 @@
             <label class="visually-hidden" for="login_user">{{ lang.login.username }}</label>
             <div class="input-group">
               <div class="input-group-text"><i class="bi bi-person-fill"></i></div>
-              <input name="login_user" autocorrect="off" autocapitalize="none" type="{% if is_mobileconfig %}email{% else %}text{% endif %}" id="login_user" class="form-control" placeholder="{{ lang.login.username }}" required="" autofocus="" autocomplete="username">
+              <input name="login_user" autocorrect="off" autocapitalize="none" type="{% if is_mobileconfig %}email{% else %}text{% endif %}" id="login_user" class="form-control" placeholder="{{ lang.login.email }}" required="" autofocus="" autocomplete="username">
             </div>
           </div>
           <div class="d-flex mt-3">

From 6dc90186f937ab9fa23db850abee0a3220641389 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 29 Aug 2025 16:22:28 +0000
Subject: [PATCH 630/755] chore(deps): update dependency krakjoe/apcu to
 v5.1.27

Signed-off-by: milkmaker <milkmaker@mailcow.de>
---
 data/Dockerfiles/phpfpm/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index e7b43790b..262da24f4 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -3,7 +3,7 @@ FROM php:8.2-fpm-alpine3.21
 LABEL maintainer = "The Infrastructure Company GmbH <info@servercow.de>"
 
 # renovate: datasource=github-tags depName=krakjoe/apcu versioning=semver-coerced extractVersion=^v(?<version>.*)$
-ARG APCU_PECL_VERSION=5.1.26
+ARG APCU_PECL_VERSION=5.1.27
 # renovate: datasource=github-tags depName=Imagick/imagick versioning=semver-coerced extractVersion=(?<version>.*)$
 ARG IMAGICK_PECL_VERSION=3.8.0
 # renovate: datasource=github-tags depName=php/pecl-mail-mailparse versioning=semver-coerced extractVersion=^v(?<version>.*)$

From c0b7a98e6c44c62ee06eb7462ac05d313e2a808e Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 29 Aug 2025 18:23:56 +0200
Subject: [PATCH 631/755] chore(deps): update actions/checkout action to v5
 (#6671)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/image_builds.yml                  | 2 +-
 .github/workflows/pr_to_nightly.yml                 | 2 +-
 .github/workflows/rebuild_backup_image.yml          | 2 +-
 .github/workflows/update_postscreen_access_list.yml | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/image_builds.yml b/.github/workflows/image_builds.yml
index 27fc9a2d5..a5ebb902f 100644
--- a/.github/workflows/image_builds.yml
+++ b/.github/workflows/image_builds.yml
@@ -27,7 +27,7 @@ jobs:
           - "watchdog-mailcow"
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Setup Docker
         run: |
           curl -sSL https://get.docker.com/ | CHANNEL=stable sudo sh
diff --git a/.github/workflows/pr_to_nightly.yml b/.github/workflows/pr_to_nightly.yml
index 51df14f6e..334dcf69a 100644
--- a/.github/workflows/pr_to_nightly.yml
+++ b/.github/workflows/pr_to_nightly.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
       - name: Run the Action
diff --git a/.github/workflows/rebuild_backup_image.yml b/.github/workflows/rebuild_backup_image.yml
index adf69eb35..a8679d980 100644
--- a/.github/workflows/rebuild_backup_image.yml
+++ b/.github/workflows/rebuild_backup_image.yml
@@ -13,7 +13,7 @@ jobs:
       packages: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
diff --git a/.github/workflows/update_postscreen_access_list.yml b/.github/workflows/update_postscreen_access_list.yml
index 3d79e801b..eed07876e 100644
--- a/.github/workflows/update_postscreen_access_list.yml
+++ b/.github/workflows/update_postscreen_access_list.yml
@@ -15,7 +15,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
 
     - name: Generate postscreen_access.cidr
       run: |

From 48e90a72dce562eef8cf237faffe2b03f32d8a28 Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Fri, 29 Aug 2025 18:27:34 +0200
Subject: [PATCH 632/755] Changed clamavs tmp folder structure

---
 data/Dockerfiles/clamd/clamd.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/clamd/clamd.sh b/data/Dockerfiles/clamd/clamd.sh
index 2c6e75dc6..c656be065 100755
--- a/data/Dockerfiles/clamd/clamd.sh
+++ b/data/Dockerfiles/clamd/clamd.sh
@@ -8,7 +8,7 @@ fi
 
 # Cleaning up garbage
 echo "Cleaning up tmp files..."
-rm -rf /var/lib/clamav/clamav-*.tmp
+rm -rf /var/lib/clamav/tmp.*
 
 # Prepare whitelist
 

From 921de02a2b09d1a80cc68dca811cbf892b44ee2f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A1ndor?= <9724897+sandroshu@users.noreply.github.com>
Date: Fri, 29 Aug 2025 18:32:17 +0200
Subject: [PATCH 633/755] Update lang.hu-hu.json (#6697)

Extended Hungarian translation
---
 data/web/lang/lang.hu-hu.json | 624 +++++++++++++++++++++++++++++++---
 1 file changed, 586 insertions(+), 38 deletions(-)

diff --git a/data/web/lang/lang.hu-hu.json b/data/web/lang/lang.hu-hu.json
index 3b9eb5fbc..6ec3ed68a 100644
--- a/data/web/lang/lang.hu-hu.json
+++ b/data/web/lang/lang.hu-hu.json
@@ -9,11 +9,11 @@
         "source": "Forrás",
         "spamfilter": "Spam szűrő",
         "subject": "Tárgy",
-        "sys_mails": "Rendszer-üzenetek",
+        "sys_mails": "Rendszerüzenetek",
         "text": "Szöveg",
         "time": "Idő",
         "title": "Cím",
-        "title_name": "\"mailcow UI\" website címe",
+        "title_name": "\"mailcow UI\" weboldal címe",
         "to_top": "Vissza a tetejére",
         "transport_dest_format": "Szintaxis: pelda.hu, .pelda.hu, *, fiok@pelda.hu (több érték esetén vesszővel elválasztva)",
         "upload": "Feltöltés",
@@ -29,14 +29,14 @@
         "logo_dark_label": "Sötét üzemmódhoz invertálva",
         "f2b_regex_info": "Figyelembe vett naplók: SOGo, Postfix, Dovecot, PHP-FPM.",
         "f2b_retry_window": "Újrapróbálkozási ablak (s) a maximális próbálkozásokhoz",
-        "f2b_whitelist": "Fehérlistás hálózatok/hostok",
+        "f2b_whitelist": "Engedélyezési listás hálózatok/hostok",
         "filter_table": "Szűrő táblázat",
         "forwarding_hosts": "Továbbító hostok",
-        "forwarding_hosts_add_hint": "Megadhat IPv4/IPv6 címeket, hálózatokat CIDR jelölésben, állomásneveket (amelyek IP-címekre lesznek feloldva) vagy tartományneveket (amelyek IP-címekre lesznek feloldva az SPF rekordok vagy ezek hiányában az MX rekordok lekérdezésével).",
+        "forwarding_hosts_add_hint": "Megadhat IPv4/IPv6 címeket, hálózatokat CIDR jelölésben, állomásneveket (amelyek IP címekre lesznek feloldva) vagy tartományneveket (amelyek IP címekre lesznek feloldva az SPF rekordok vagy ezek hiányában az MX rekordok lekérdezésével).",
         "from": "A címről",
         "copy_to_clipboard": "Szöveg másolva a vágólapra!",
         "f2b_manage_external": "A Fail2Ban külső kezelése",
-        "f2b_manage_external_info": "A Fail2ban továbbra is karbantartja a tiltólistát, de nem állít be aktívan szabályokat a forgalom blokkolására. Használja az alábbi generált tiltólistát a forgalom külső blokkolásához.",
+        "f2b_manage_external_info": "A Fail2ban továbbra is karbantartja a tiltólistát, de nem állít be aktívan szabályokat a forgalom blokkolásához. Használja az alábbi generált tiltólistát a forgalom külső blokkolásához.",
         "f2b_max_ban_time": "Maximális tiltási idő (s)",
         "f2b_netban_ipv4": "IPv4 alhálózat mérete, amelyre tilalmat kell alkalmazni (8-32)",
         "f2b_netban_ipv6": "IPv6 alhálózat mérete, amelyre tilalmat kell alkalmazni (8-128)",
@@ -47,13 +47,13 @@
         "html": "HTML",
         "import": "Import",
         "ip_check": "IP ellenőrzés",
-        "ip_check_disabled": "Az IP-ellenőrzés le van tiltva. Bekapcsolhatja a következő menüpont alatt<br> <strong>Rendszer > Beállítások > Opciók > Személyreszabás</strong>",
+        "ip_check_disabled": "Az IP ellenőrzés le van tiltva. Bekapcsolhatja a következő menüpont alatt<br> <strong>Rendszer > Beállítások > Opciók > Személyreszabás</strong>",
         "is_mx_based": "MX alapú",
         "last_applied": "Utoljára alkalmazott",
         "link": "Link",
         "loading": "Kérjük, várj...",
         "login_time": "Bejelentkezési idő",
-        "f2b_list_info": "Egy feketelistán szereplő állomás vagy hálózat mindig nagyobb súlyú, mint egy fehérlistás entitás. <b>A lista frissítései néhány másodpercig tartanak.</b>",
+        "f2b_list_info": "Egy tiltólistán szereplő állomás vagy hálózat mindig nagyobb súlyú, mint egy engedélyezési listás elem. <b>A lista frissítései néhány másodpercig tartanak.</b>",
         "f2b_ban_time_increment": "A tiltási idő minden egyes tiltással növekszik",
         "additional_rows": " - további sorokat adtak hozzá",
         "admin": "Adminisztrátor",
@@ -68,7 +68,7 @@
         "api_key": "API-kulcs",
         "api_read_only": "Csak olvasható hozzáférés",
         "api_read_write": "Olvasás-írás hozzáférés",
-        "api_skip_ip_check": "IP-ellenőrzés kihagyása az API esetében",
+        "api_skip_ip_check": "IP ellenőrzés kihagyása az API esetében",
         "cors_settings": "CORS beállítások",
         "guid": "GUID - egyedi példányazonosító",
         "dkim_to": "A címre",
@@ -82,8 +82,8 @@
         "edit": "Szerkesztés",
         "empty": "Nincs eredmény",
         "excludes": "Kizárja ezeket a kedvezményezetteket",
-        "f2b_ban_time": "Tilalmi idő (s)",
-        "f2b_blacklist": "Feketelistás hálózatok/hostok",
+        "f2b_ban_time": "Tiltás időtartam (s)",
+        "f2b_blacklist": "Tiltólistás címek",
         "f2b_filter": "Regex szűrők",
         "logo_info": "A képed 40px magasságúra lesz méretezve a felső navigációs sávhoz és max. 250px szélességűre a kezdőlaphoz. A skálázható grafika használata erősen ajánlott.",
         "dkim_add_key": "ARC/DKIM kulcs hozzáadása",
@@ -122,21 +122,187 @@
         "arrival_time": "Érkezési idő (szerveridő)",
         "authed_user": "Azonosított felhasználó",
         "ays": "Biztos, hogy folytatni akarod?",
-        "ban_list_info": "A tiltott IP-címek listáját lásd alább: <b>hálózat (fennmaradó tiltási idő) - [akciók]</b>.<br />A tiltás feloldására várakozó IP-ket néhány másodpercen belül eltávolítjuk az aktív tiltási listáról.<br />A piros címkék a feketelistán szereplő aktív állandó tiltásokat jelzik.",
+        "ban_list_info": "A tiltott IP címek listáját lásd alább: <b>hálózat (fennmaradó tiltási idő) - [akciók]</b>.<br />A tiltás feloldására várakozó IP-ket néhány másodpercen belül eltávolítjuk az aktív tiltási listáról.<br />A piros címkék a tiltólistán szereplő aktív állandó tiltásokat jelzik.",
         "configuration": "Konfiguráció",
         "convert_html_to_text": "HTML átalakítása egyszerű szöveggé",
         "credentials_transport_warning": "<b>Figyelmeztetés</b>: Egy új közlekedési térképbejegyzés hozzáadása frissíti a hitelesítő adatokat minden olyan bejegyzéshez, amelynek a következő ugrás oszlopa megegyezik.",
         "customize": "Testreszabás",
         "destination": "Célállomás",
         "customer_id": "Ügyfél azonosító",
-        "apps_name": "\"mailcow Apps\" név"
+        "apps_name": "\"mailcow Apps\" név",
+        "admin_quicklink": "Gyorshivatkozás elrejtése az Adminisztrátori bejelentkezési oldalra",
+        "app_hide": "Elrejtés a bejelentkezéshez",
+        "domainadmin_quicklink": "Gyorshivatkozás elrejtése a Domain adminisztrátori bejelentkezési oldalra",
+        "filter": "Szűrő",
+        "force_sso_text": "Ha egy külső OIDC-szolgáltató van beállítva, ez az opció elrejti az alapértelmezett mailcow bejelentkezési űrlapokat, és csak az egységes bejelentkezési (Single Sign-On) gombot jeleníti meg",
+        "force_sso": "A mailcow bejelentkezés letiltása és csak az egységes bejelentkezés megjelenítése",
+        "hash_remove_info": "Egy arányszám-korlát hash eltávolítása (ha még létezik) teljesen visszaállítja a számlálóját.<br>\r\n  Minden hash-t egyedi szín jelöl.",
+        "iam": "Azonosítási szolgáltató",
+        "iam_attribute_field": "Attribútum mező",
+        "iam_authorize_url": "Engedélyezési végpont",
+        "iam_auth_flow": "Azonosítási folyamat",
+        "iam_auth_flow_info": "Az engedélyezési kód áramláson (Authorization Code Flow) kívül, amelyet az egységes bejelentkezéshez (Single-Sign On) használnak (ez a standard áramlás Keycloak-ban), a mailcow támogatja a közvetlen hitelesítő adatokkal történő hitelesítési áramlást is. A Jelszóáramlás (Mailpassword Flow) megpróbálja érvényesíteni a felhasználó hitelesítő adatait a Keycloak Admin REST API használatával. A mailcow a <code>mailcow_password</code> attribútumból olvassa be a hash-elt jelszót, amely a Keycloak-ban van leképezve.",
+        "iam_basedn": "Bázis DN",
+        "iam_client_id": "Kliens azonosító",
+        "iam_client_secret": "Kliens titok",
+        "iam_client_scopes": "Kliens hatókörök",
+        "iam_default_template": "Alapértelmezett sablon",
+        "iam_default_template_description": "Ha nincs sablon hozzárendelve egy felhasználóhoz, az alapértelmezett sablon lesz felhasználva a postafiók létrehozásához, de a postafiók frissítéséhez nem.",
+        "iam_description": "Külső azonosítási szolgáltató konfigurálása.<br>A felhasználók postafiókjai automatikusan létrejönnek az első bejelentkezéskor, feltéve, hogy van attribútum-hozzárendelés beállítva.",
+        "iam_extra_permission": "A következő beállításokhoz a Keycloak-ban lévő mailcow kliensnek szüksége van egy <code>Service account</code>-ra és a <code>view-users</code> engedélyre.",
+        "iam_host": "Házigazda",
+        "iam_host_info": "Adjon meg egy vagy több LDAP állomást, vesszővel elválasztva.",
+        "iam_import_users": "Felhasználók importálása",
+        "iam_login_provisioning": "Felhasználók automatikus létrehozása bejelentkezéskor",
+        "iam_mapping": "Attribútum-hozzárendelés",
+        "iam_bindpass": "Bind jelszó",
+        "iam_periodic_full_sync": "Időszakos teljes szinkronizálás",
+        "iam_port": "Port",
+        "iam_realm": "Tartomány",
+        "iam_redirect_url": "Átirányítási URL",
+        "iam_rest_flow": "Mailpassword Flow",
+        "iam_server_url": "Szerver URL",
+        "iam_sso": "Egységes bejelentkezés",
+        "iam_sync_interval": "Szinkronizálási / importálási időtartam (perc)",
+        "iam_test_connection": "Kapcsolat tesztelése",
+        "iam_token_url": "Token végpont",
+        "iam_userinfo_url": "Felhasználói információ végpont",
+        "iam_username_field": "Felhasználónév mező",
+        "iam_binddn": "Bind DN",
+        "iam_use_ssl": "SSL használata",
+        "iam_use_ssl_info": "Ha az SSL-t engedélyezi, és a port 389-re van állítva, az automatikusan felülíródik 636-ra.",
+        "iam_use_tls": "StartTLS használata",
+        "iam_use_tls_info": "Ha a TLS-t engedélyezi, az LDAP szerver alapértelmezett portját kell használnia (389). Az SSL portok nem használhatók.",
+        "iam_version": "Verzió",
+        "ignore_ssl_error": "SSL hibák figyelmen kívül hagyása",
+        "ip_check_opt_in": "Választás a harmadik féltől származó <strong>ipv4.mailcow.email</strong> és <strong>ipv6.mailcow.email</strong> szolgáltatás használatára a külső IP címek feloldásához.",
+        "license_info": "A licensz nem kötelező, de segít a további fejlesztésben.<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL order\">Regisztrálja a GUID-ját itt</a> vagy <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Support order\">vásároljon támogatást a mailcow telepítéséhez.</a>",
+        "lookup_mx": "A cél egy reguláris kifejezés, amely illeszkedik az MX névre (<code>.*\\.google\\.com</code>, hogy a google.com-ra végződő MX-en keresztül továbbítsa az összes levelet)",
+        "main_name": "\"mailcow UI\" név",
+        "merged_vars_hint": "A szürkével jelölt sorok a <code>vars.(local.)inc.php</code> fájlból lettek összevonva, és nem módosíthatók.",
+        "message": "Üzenet",
+        "message_size": "Üzenet mérete",
+        "nexthop": "Következő ugrás",
+        "no": "&#10005;",
+        "no_active_bans": "Nincs aktív tiltás",
+        "no_new_rows": "Nincs több sor elérhető",
+        "no_record": "Nincs bejegyzés",
+        "oauth2_apps": "OAuth2 alkalmazások",
+        "oauth2_add_client": "OAuth2 kliens hozzáadása",
+        "oauth2_client_id": "Kliens azonosító",
+        "oauth2_client_secret": "Kliens titok",
+        "oauth2_info": "Az OAuth2 implementáció támogatja az \"Authorization Code\" engedélyezési típust és frissítési tokeneket ad ki.<br>\r\nA szerver automatikusan új frissítési tokeneket is kiad, miután egy frissítési token fel lett használva.<br><br>\r\n&#8226; Az alapértelmezett hatókör a <i>profile</i>. Csak postafiók-felhasználók hitelesíthetők az OAuth2-vel szemben. Ha a scope paraméter elmarad, az visszaesik a <i>profile</i>-ra.<br>\r\n&#8226; A <i>state</i> paramétert a kliensnek kötelező elküldenie az engedélyezési kérelem részeként.<br><br>\r\nAz OAuth2 API-hoz intézett kérések útvonalai: <br>\r\n<ul>\r\n  <li>Engedélyezési végpont: <code>/oauth/authorize</code></li>\r\n  <li>Token végpont: <code>/oauth/token</code></li>\r\n  <li>Erőforrás oldal:  <code>/oauth/profile</code></li>\r\n</ul>\r\nA kliens titok újragenerálása nem jár le a meglévő engedélyezési kódok lejáratával, de azok nem tudják megújítani a tokenjüket.<br><br>\r\nA kliens tokenek visszavonása az összes aktív munkamenet azonnali leállítását okozza. Minden kliensnek újra kell hitelesítenie magát.",
+        "oauth2_redirect_uri": "Átirányítási URI",
+        "oauth2_renew_secret": "Új kliens titok generálása",
+        "oauth2_revoke_tokens": "Minden kliens token visszavonása",
+        "optional": "opcionális",
+        "options": "Opciók",
+        "password": "Jelszó",
+        "password_length": "Jelszó hossza",
+        "password_policy": "Jelszó házirend",
+        "password_policy_chars": "Legalább egy betűkaraktert kell tartalmaznia",
+        "password_policy_length": "A jelszó minimális hossza %d",
+        "password_policy_lowerupper": "Kis- és nagybetűket kell tartalmaznia",
+        "password_policy_numbers": "Legalább egy számot kell tartalmaznia",
+        "password_policy_special_chars": "Speciális karaktereket kell tartalmaznia",
+        "password_repeat": "Megerősítő jelszó (ismétlés)",
+        "password_reset_info": "Ha nincs megadva helyreállítási e-mail cím, ez a funkció nem használható.",
+        "password_reset_settings": "Jelszó-helyreállítási beállítások",
+        "password_reset_tmpl_html": "HTML sablon",
+        "password_reset_tmpl_text": "Szöveges sablon",
+        "password_settings": "Jelszó beállítások",
+        "priority": "Prioritás",
+        "private_key": "Privát kulcs",
+        "quarantine": "Karantén",
+        "quarantine_bcc": "Az összes értesítés másolatának elküldése (BCC) erre a címzettnek:<br><small>Hagyja üresen a letiltáshoz. <b>Aláíratlan, nem ellenőrzött levél. Csak belső kézbesítésre alkalmas.</b></small>",
+        "quarantine_exclude_domains": "Tartományok és alias-tartományok kizárása",
+        "quarantine_max_age": "Maximális életkor napokban<br><small>Az értéknek legalább 1 napnak kell lennie.</small>",
+        "quarantine_max_score": "Az értesítés elvetése, ha egy levél spam pontszáma magasabb ennél az értéknél:<br><small>Alapértelmezett értéke 9999.0</small>",
+        "quarantine_max_size": "Maximális méret MiB-ban (a nagyobb elemeket elveti):<br><small>A 0 <b>nem</b> jelent korlátlant.</small>",
+        "quarantine_notification_html": "Értesítő e-mail sablon:<br><small>Hagyja üresen az alapértelmezett sablon visszaállításához.</small>",
+        "quarantine_notification_sender": "Értesítő e-mail feladója",
+        "quarantine_notification_subject": "Értesítő e-mail tárgya",
+        "quarantine_redirect": "<b>Az összes értesítés átirányítása</b> erre a címzettnek:<br><small>Hagyja üresen a letiltáshoz. <b>Aláíratlan, nem ellenőrzött levél. Csak belső kézbesítésre alkalmas.</b></small>",
+        "quarantine_release_format": "A feloldott elemek formátuma",
+        "quarantine_release_format_att": "Csatolmányként",
+        "quarantine_release_format_raw": "Eredeti, módosítatlan formában",
+        "quarantine_retention_size": "Megőrzések postafiókonként:<br><small>A 0 <b>inaktívat</b> jelent.</small>",
+        "quicklink_text": "A gyorshivatkozások megjelenítése vagy elrejtése a bejelentkezési űrlap alatt",
+        "quota_notification_html": "Értesítő e-mail sablon:<br><small>Hagyja üresen az alapértelmezett sablon visszaállításához.</small>",
+        "quota_notification_sender": "Kvóta értesítő e-mail feladója",
+        "quota_notification_subject": "Kvóta értesítő e-mail tárgya",
+        "quota_notifications": "Kvóta értesítések",
+        "quota_notifications_info": "A kvóta értesítéseket a felhasználók egyszer kapják meg, amikor a 80%-os határt, majd a 95%-os határt átlépik.",
+        "quota_notifications_vars": "{{percent}} a felhasználó aktuális kvótáját jelenti<br>{{username}} a postafiók neve",
+        "queue_unban": "tiltás feloldása",
+        "r_active": "Aktív korlátozások",
+        "r_inactive": "Inaktív korlátozások",
+        "r_info": "A szürkével/letiltva jelölt elemek az aktív korlátozások listáján a mailcow számára nem érvényes korlátozások, és nem mozgathatók. Az ismeretlen korlátozások a megjelenési sorrendben lesznek beállítva. <br>Új elemeket adhat hozzá a <code>inc/vars.local.inc.php</code> fájlban, hogy váltani tudja őket.",
+        "rate_name": "Arányszám neve",
+        "recipients": "Címzettek",
+        "refresh": "Frissítés",
+        "regen_api_key": "API kulcs újragenerálása",
+        "regex_maps": "Regex térképek",
+        "relay_from": "\"Feladó:\" cím",
+        "relay_rcpt": "\"Címzett:\" cím",
+        "relay_run": "Teszt futtatása",
+        "relayhosts": "Feladófüggő szállítások",
+        "relayhosts_hint": "Határozzon meg feladófüggő szállításokat, hogy kiválaszthassa őket egy tartomány konfigurációs párbeszédpanelén.<br>\r\n  A szállítási szolgáltatás mindig \"smtp:\" és ezért megpróbálja a TLS-t, ha felajánlják. A becsomagolt TLS (SMTPS) nem támogatott. A felhasználók egyéni kimenő TLS-szabályzati beállításai figyelembe vételre kerülnek.<br>\r\n  Érintik a kiválasztott tartományokat, beleértve az alias tartományokat is.",
+        "remove": "Eltávolítás",
+        "remove_row": "Sor eltávolítása",
+        "reset_default": "Visszaállítás alapértelmezettre",
+        "reset_limit": "Hash eltávolítása",
+        "reset_password_vars": "<code>{{link}}</code> A generált jelszó-helyreállítási link<br><code>{{username}}</code> A jelszó-helyreállítást kérő felhasználó postafiók neve<br><code>{{username2}}</code> A helyreállítási postafiók neve<br><code>{{date}}</code> A jelszó-helyreállítási kérelem dátuma<br><code>{{token_lifetime}}</code> A token élettartama percekben<br><code>{{hostname}}</code> A mailcow hosztnév",
+        "restore_template": "Hagyja üresen az alapértelmezett sablon visszaállításához.",
+        "routing": "Útválasztás",
+        "rsetting_add_rule": "Szabály hozzáadása",
+        "rsetting_content": "Szabály tartalma",
+        "rsetting_desc": "Rövid leírás",
+        "rsetting_no_selection": "Kérjük, válasszon egy szabályt",
+        "rsetting_none": "Nincsenek elérhető szabályok",
+        "rsettings_insert_preset": "Példa előre beállított \"%s\" beillesztése",
+        "rsettings_preset_1": "Minden letiltása, kivéve a DKIM és az arányszám-korlátot a hitelesített felhasználók számára",
+        "rsettings_preset_2": "A Postmasterek spamet akarnak",
+        "rsettings_preset_3": "Csak bizonyos feladókat engedélyezzen egy postafiók számára (pl. csak belső postafiókként használva)",
+        "rsettings_preset_4": "Rspamd letiltása egy tartomány számára",
+        "rspamd_com_settings": "A beállítás neve automatikusan generálódik, kérjük, nézze meg a lenti példa-előrebeállításokat. További részletekért lásd a <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd dokumentációját</a>",
+        "rspamd_global_filters": "Globális szűrőtérképek",
+        "rspamd_global_filters_agree": "Óvatos leszek!",
+        "rspamd_global_filters_info": "A globális szűrőtérképek különböző típusú globális tiltó- és engedélyezési listákat tartalmaznak.",
+        "rspamd_global_filters_regex": "A nevük elmagyarázza a céljukat. Minden tartalomnak érvényes reguláris kifejezést kell tartalmaznia \"/pattern/options\" formátumban (pl. <code>/.+@domain\\.tld/i</code>).<br>\r\n  Bár alapvető ellenőrzések történnek minden regex soron, az Rspamd funkcionalitása megszakadhat, ha nem sikerül helyesen értelmeznie a szintaxist.<br>\r\n  Az Rspamd megpróbálja elolvasni a térkép tartalmát, amikor az megváltozik. Ha problémákat tapasztal, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">indítsa újra az Rspamd-et</a>, hogy kikényszerítse a térkép újratöltését.<br>A tiltólistára került elemek ki vannak zárva a karanténból.",
+        "rspamd_settings_map": "Rspamd beállítási térkép",
+        "sal_level": "Moo szint",
+        "service": "Szolgáltatás",
+        "service_id": "Szolgáltatás azonosító",
+        "sys_mails": "Rendszer e-mailek",
+        "task": "Feladat",
+        "transport_maps": "Szállítási térképek",
+        "transport_test_rcpt_info": "&#8226; Használja a null@hosted.mailcow.de címet a külföldi célra történő továbbítás teszteléséhez.",
+        "transports_hint": "&#8226; Egy szállítási térkép bejegyzés <b>felülírja</b> a feladófüggő szállítási térképet</b>.<br>\r\n&#8226; Az MX-alapú szállítások előnyben részesítettek.<br>\r\n&#8226; A felhasználónkénti kimenő TLS-szabályzati beállítások figyelmen kívül hagyódnak, és csak a TLS-szabályzati térkép bejegyzései kényszeríthetik ki őket.<br>\r\n&#8226; A definiált szállításokhoz a szállítási szolgáltatás mindig \"smtp:\" és ezért megpróbálja a TLS-t, ha felajánlják. A becsomagolt TLS (SMTPS) nem támogatott.<br>\r\n&#8226; A \"/localhost$/\"-nek megfelelő címek mindig \"local:\"-on keresztül lesznek szállítva, ezért a \"*\" cél nem vonatkozik ezekre a címekre.<br>\r\n&#8226; A hitelesítő adatok meghatározásához egy példa következő ugráshoz \"[host]:25\", a Postfix <b>mindig</b> lekérdezi a \"host\"-ot, mielőtt a \"[host]:25\"-re keresne. Ez a viselkedés lehetetlenné teszi a \"host\" és a \"[host]:25\" egyidejű használatát.",
+        "ui_footer": "Lábléc (HTML engedélyezett)",
+        "ui_header_announcement": "Közlemények",
+        "ui_header_announcement_active": "Közlemény beállítása aktívra",
+        "ui_header_announcement_content": "Szöveg (HTML engedélyezett)",
+        "ui_header_announcement_help": "A közlemény minden bejelentkezett felhasználó számára látható, valamint a felhasználói felület bejelentkezési képernyőjén.",
+        "ui_header_announcement_select": "Válassza ki a közlemény típusát",
+        "ui_header_announcement_type": "Típus",
+        "ui_header_announcement_type_danger": "Nagyon fontos",
+        "ui_header_announcement_type_info": "Információ",
+        "ui_header_announcement_type_warning": "Fontos",
+        "ui_texts": "Felhasználói felület címkéi és szövegei",
+        "unban_pending": "tiltás feloldása függőben",
+        "unchanged_if_empty": "Ha nem változik, hagyja üresen",
+        "user_link": "Felhasználói-link",
+        "user_quicklink": "Gyorshivatkozás elrejtése a Felhasználói bejelentkezési oldalra",
+        "validate_license_now": "GUID érvényesítése a licenszszerverrel szemben",
+        "yes": "&#10003;"
     },
     "edit": {
         "active": "Aktív",
         "advanced_settings": "Haladó beállítások",
         "alias": "Alias szerkesztése",
-        "allow_from_smtp": "Kizárólag ezen IP-címek használhatnak <b>SMTP</b>-t",
-        "allow_from_smtp_info": "Leave empty to allow all senders.<br>IPv4/IPv6 addresses and networks.",
+        "allow_from_smtp": "Kizárólag ezen IP címek használhatnak <b>SMTP</b>-t",
+        "allow_from_smtp_info": "Hagyja üresen minden feladó engedélyezéséhez.<br>IPv4/IPv6 címek és hálózatok.",
         "allowed_protocols": "Engedélyezett protokollok",
         "app_name": "Applikáció neve",
         "app_passwd": "Applikáció jelszava",
@@ -146,7 +312,127 @@
         "description": "Leírás",
         "domain_quota": "Domain kvóta",
         "domains": "Domainek",
-        "edit_alias_domain": "Alias domain szerkesztése"
+        "edit_alias_domain": "Alias domain szerkesztése",
+        "acl": "ACL (Engedélyek)",
+        "admin": "Adminisztrátor szerkesztése",
+        "app_passwd_protocols": "Engedélyezett protokollok az alkalmazás jelszavához",
+        "automap": "Próbálja automatikusan feltérképezni a mappákat (\"Elküldött elemek\", \"Elküldött\" => \"Elküldött\" stb.)",
+        "bcc_dest_format": "A BCC-célpontnak egyetlen érvényes e-mail címnek kell lennie.<br>Ha több címre kell másolatot küldenie, hozzon létre egy aliast, és használja azt itt.",
+        "comment_info": "A privát megjegyzés nem látható a felhasználó számára, míg a nyilvános megjegyzés tooltip-ként jelenik meg, amikor a felhasználó áttekintésében a megjegyzésre mutat.",
+        "created_on": "Létrehozva",
+        "custom_attributes": "Egyéni attribútumok",
+        "delete1": "Törlés a forrásból, ha befejeződött",
+        "delete2": "Üzenetek törlése a célállomáson, amelyek nincsenek a forráson",
+        "delete2duplicates": "Duplikáltak törlése a célállomáson",
+        "delete_ays": "Erősítse meg a törlési folyamatot.",
+        "disable_login": "Bejelentkezés letiltása (a bejövő leveleket továbbra is elfogadja)",
+        "domain": "Domain szerkesztése",
+        "domain_admin": "Domain adminisztrátor szerkesztése",
+        "domain_footer": "Tartományszintű lábléc",
+        "domain_footer_html": "HTML lábléc",
+        "domain_footer_info": "A tartományszintű lábléceket a tartományon belüli címmel társított összes kimenő e-mailhez hozzáadják. <br> A következő változók használhatók a lábléchez:",
+        "domain_footer_info_vars": {
+            "auth_user": "{= auth_user =}   - Hitelesített felhasználónév az MTA által megadott",
+            "from_user": "{= from_user =}   - A boríték feladójának felhasználói része, pl. a \"moo@mailcow.tld\" esetén \"moo\"-t ad vissza",
+            "from_name": "{= from_name =}   - A boríték feladójának neve, pl. a \"Mailcow &lt;moo@mailcow.tld&gt;\" esetén \"Mailcow\"-t ad vissza",
+            "from_addr": "{= from_addr =}   - A boríték feladójának címe",
+            "from_domain": "{= from_domain =} - A boríték feladójának tartománya",
+            "custom": "{= foo =}         - Ha a postafiók rendelkezik a \"foo\" egyéni attribútummal, amelynek értéke \"bar\", akkor \"bar\"-t ad vissza"
+        },
+        "domain_footer_plain": "Egyszerű szöveges lábléc",
+        "domain_footer_skip_replies": "Lábléc figyelmen kívül hagyása válasz e-maileknél",
+        "dont_check_sender_acl": "Küldő ellenőrzés letiltása a(z) %s tartományhoz (+ alias tartományok)",
+        "encryption": "Titkosítás",
+        "exclude": "Objektumok kizárása (regex)",
+        "extended_sender_acl": "Külső feladói címek",
+        "extended_sender_acl_info": "Importálni kell egy DKIM tartomány kulcsot, ha elérhető.<br>\r\n  Ne felejtse el hozzáadni ezt a szervert a megfelelő SPF TXT rekordhoz.<br>\r\n  Amikor egy tartományt vagy alias tartományt ad hozzá ehhez a szerverhez, amely átfedésben van egy külső címmel, a külső cím eltávolításra kerül.<br>\r\n  Használja a @domain.tld címet, hogy engedélyezze a küldést *@domain.tld néven.",
+        "force_pw_update": "Jelszófrissítés kényszerítése a következő bejelentkezéskor",
+        "force_pw_update_info": "Ez a felhasználó csak a(z) %s címre tud bejelentkezni. Az alkalmazás jelszavak használhatóak maradnak.",
+        "footer_exclude": "Kizárás a láblécből",
+        "full_name": "Teljes név",
+        "gal": "Globális címlista",
+        "gal_info": "A GAL tartalmazza a tartomány összes objektumát, és egyetlen felhasználó sem szerkesztheti. A Szabad/Foglalt információ a SOGo-ban hiányzik, ha le van tiltva! <b>Indítsa újra a SOGo-t a változások alkalmazásához.</b>",
+        "generate": "generál",
+        "grant_types": "Engedélyezési típusok",
+        "hostname": "Hosztnév",
+        "inactive": "Inaktív",
+        "kind": "Típus",
+        "last_modified": "Utoljára módosítva",
+        "lookup_mx": "A cél egy reguláris kifejezés, amely illeszkedik az MX névre (<code>.*\\.google\\.com</code>, hogy a google.com-ra végződő MX-en keresztül továbbítsa az összes levelet)",
+        "mailbox": "Postafiók szerkesztése",
+        "mailbox_quota_def": "Alapértelmezett postafiók kvóta",
+        "mailbox_relayhost_info": "A postafiókra és csak a közvetlen aliasokra vonatkozik, felülírja a tartományi továbbító hostot.",
+        "mailbox_rename": "Postafiók átnevezése",
+        "mailbox_rename_agree": "Készítettem biztonsági másolatot.",
+        "mailbox_rename_warning": "FONTOS! Hozzon létre biztonsági másolatot a postafiók átnevezése előtt.",
+        "mailbox_rename_alias": "Alias automatikus létrehozása",
+        "mailbox_rename_title": "Új helyi postafiók neve",
+        "max_aliases": "Max. aliasok",
+        "max_mailboxes": "Max. lehetséges postafiókok",
+        "max_quota": "Max. kvóta postafiókonként (MiB)",
+        "maxage": "Üzenetek maximális életkora napokban, amelyek lekérdezésre kerülnek a távolról<br><small>(0 = figyelmen kívül hagyás)</small>",
+        "maxbytespersecond": "Max. bájt/másodperc <br><small>(0 = korlátlan)</small>",
+        "mbox_rl_info": "Ez a sebességkorlátozás a SASL bejelentkezési névre vonatkozik, és illeszkedik minden, a bejelentkezett felhasználó által használt \"from\" címre. Egy postafiók sebességkorlátozása felülírja a tartományszintű sebességkorlátozást.",
+        "mins_interval": "Időköz (perc)",
+        "multiple_bookings": "Több foglalás",
+        "none_inherit": "Nincs / Örökölt",
+        "nexthop": "Következő ugrás",
+        "password": "Jelszó",
+        "password_recovery_email": "Jelszó-helyreállítási e-mail",
+        "password_repeat": "Megerősítő jelszó (ismétlés)",
+        "previous": "Előző oldal",
+        "private_comment": "Privát megjegyzés",
+        "public_comment": "Nyilvános megjegyzés",
+        "pushover": "Pushover",
+        "pushover_evaluate_x_prio": "Magas prioritású levelek továbbítása [<code>X-Priority: 1</code>]",
+        "pushover_info": "A push értesítési beállítások az összes tiszta (nem-spam) levélre vonatkoznak, amelyeket a <b>%s</b> címre kézbesítettek, beleértve az aliasokat is (megosztott, nem megosztott, címkézett).",
+        "pushover_only_x_prio": "Csak a magas prioritású leveleket vegye figyelembe [<code>X-Priority: 1</code>]",
+        "pushover_sender_array": "Csak a következő feladói e-mail címeket vegye figyelembe <small>(vesszővel elválasztva)</small>",
+        "pushover_sender_regex": "Feladók egyeztetése a következő regex-szel",
+        "pushover_text": "Értesítési szöveg",
+        "pushover_title": "Értesítési cím",
+        "pushover_sound": "Hang",
+        "pushover_vars": "Ha nincs feladói szűrő meghatározva, minden e-mail figyelembe vételre kerül.<br>A Regex szűrők, valamint a pontos feladói ellenőrzések egyénileg definiálhatók, és sorban lesznek figyelembe véve. Nem függenek egymástól.<br>Használható változók a szöveghez és a címhez (kérjük, vegye figyelembe az adatvédelmi szabályzatokat)",
+        "pushover_verify": "Hitelesítő adatok ellenőrzése",
+        "quota_mb": "Kvóta (MiB)",
+        "quota_warning_bcc": "Kvóta figyelmeztetés BCC",
+        "quota_warning_bcc_info": "A figyelmeztetések külön másolatként lesznek elküldve a következő címzetteknek. A tárgyat a megfelelő felhasználónévvel egészítik ki zárójelben, például: <code>Quota warning (user@example.com)</code>.",
+        "ratelimit": "Arányszám-korlát",
+        "redirect_uri": "Átirányítási/Visszahívási URL",
+        "relay_all": "Az összes címzett továbbítása",
+        "relay_all_info": "↪ Ha úgy döntesz, hogy <b>nem</b> továbbítod az összes címzettet, akkor minden egyes címzett számára, akit továbbítani kell, létre kell hoznod egy (\"vak\") postafiókot.",
+        "relay_domain": "Továbbítsa ezt a tartományt",
+        "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Információ</div> Definiálhatsz szállítási térképeket ehhez a tartományhoz egyedi célállomásra. Ha nincs beállítva, egy MX lekérdezés történik.",
+        "relay_unknown_only": "Csak a nem létező postafiókok továbbítása. A létező postafiókok helyben lesznek kézbesítve.",
+        "relayhost": "Feladófüggő szállítások",
+        "remove": "Eltávolítás",
+        "resource": "Erőforrás",
+        "save": "Módosítások mentése",
+        "scope": "Hatókör",
+        "sender_acl": "Engedélyezés küldésre mint",
+        "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">A küldő ellenőrzése le van tiltva</span>",
+        "sender_acl_info": "Ha az A postafiók felhasználója küldhet a B postafiók felhasználójaként, a feladói cím nem jelenik meg automatikusan választható \"from\" mezőként a SOGo-ban.<br>\r\n  A B postafiók felhasználójának delegálást kell létrehoznia a SOGo-ban, hogy az A postafiók felhasználója kiválaszthassa a címét feladóként. A SOGo-ban egy postafiók delegálásához használja a menüt (három pont) a postafiók neve jobb oldalán a bal felső sarokban, a levélnézetben. Ez a viselkedés nem vonatkozik az alias címekre.",
+        "sieve_desc": "Rövid leírás",
+        "sieve_type": "Szűrő típusa",
+        "skipcrossduplicates": "Átugrani a duplikált üzeneteket a mappák között (aki előbb jön, előbb kapja)",
+        "sogo_access": "Közvetlen továbbítás a SOGo-ra",
+        "sogo_access_info": "A bejelentkezés után a felhasználó automatikusan átirányításra kerül a SOGo-ra.",
+        "sogo_visible": "Alias látható a SOGo-ban",
+        "sogo_visible_info": "Ez az opció csak azokra az objektumokra vonatkozik, amelyek megjeleníthetők a SOGo-ban (megosztott vagy nem megosztott alias címek, amelyek legalább egy helyi postafiókra mutatnak). Ha el van rejtve, egy alias nem jelenik meg választható feladóként a SOGo-ban.",
+        "spam_alias": "Időkorlátos alias címek létrehozása vagy módosítása",
+        "spam_filter": "Spam szűrő",
+        "spam_policy": "Elemek hozzáadása vagy eltávolítása a tiltó- vagy engedélyezési listán",
+        "spam_score": "Egyéni spam pontszám beállítása",
+        "subfolder2": "Szinkronizálás a célállomáson egy almappába<br><small>(üres = ne használjon almappát)</small>",
+        "syncjob": "Szinkronizálási feladat szerkesztése",
+        "target_address": "Célcím(ek) <small>(vesszővel elválasztva)</small>",
+        "target_domain": "Cél domain",
+        "timeout1": "Időtúllépés a távoli állomáshoz való csatlakozáskor",
+        "timeout2": "Időtúllépés a helyi állomáshoz való csatlakozáskor",
+        "title": "Objektum szerkesztése",
+        "unchanged_if_empty": "Ha nem változik, hagyja üresen",
+        "username": "Felhasználónév",
+        "validate_save": "Érvényesítés és mentés"
     },
     "footer": {
         "cancel": "Mégse",
@@ -159,7 +445,9 @@
         "restart_container": "Konténer újraindítása",
         "restart_container_info": "<b>Fontos:</b> A teljes újraindulás eltarthat egy ideig, kérjük várjon, amíg befejeződik!",
         "restart_now": "Újraindítás most",
-        "restarting_container": "Konténer újraindítása. Ez eltarthat egy darabig."
+        "restarting_container": "Konténer újraindítása. Ez eltarthat egy darabig.",
+        "hibp_check": "Ellenőrzés a haveibeenpwned.com-on",
+        "nothing_selected": "Nincs semmi kiválasztva"
     },
     "header": {
         "administration": "Beállítások és részletek",
@@ -170,7 +458,8 @@
         "quarantine": "Karantén",
         "restart_netfilter": "Netfilter újraindítása",
         "restart_sogo": "SOGo újraindítása",
-        "user_settings": "Felhasználó beállításai"
+        "user_settings": "Felhasználó beállításai",
+        "mailcow_system": "Rendszer"
     },
     "info": {
         "awaiting_tfa_confirmation": "TFA megerősítésre várakozás",
@@ -182,7 +471,23 @@
         "login": "Bejelentkezés",
         "mobileconfig_info": "A kért Apple kapcsolat profil letöltéséhez jelentkezzen be, mint postafiók-felhasználó.",
         "password": "Jelszó",
-        "username": "Felhasználónév"
+        "username": "Felhasználónév",
+        "back_to_mailcow": "Vissza a mailcow-hoz",
+        "fido2_webauthn": "FIDO2/WebAuthn bejelentkezés",
+        "forgot_password": "> Elfelejtett jelszó?",
+        "invalid_pass_reset_token": "A jelszó-helyreállítási token érvénytelen vagy lejárt.<br>Kérjen új jelszó-helyreállítási linket.",
+        "login_linkstext": "Nem a megfelelő bejelentkezés?",
+        "login_usertext": "Bejelentkezés felhasználóként",
+        "login_domainadmintext": "Bejelentkezés domain adminisztrátorként",
+        "login_admintext": "Bejelentkezés adminisztrátorként",
+        "login_user": "Felhasználói bejelentkezés",
+        "login_dadmin": "Domain-adminisztrátori bejelentkezés",
+        "login_admin": "Adminisztrátori bejelentkezés",
+        "new_password": "Új jelszó",
+        "new_password_confirm": "Új jelszó megerősítése",
+        "other_logins": "vagy bejelentkezés",
+        "reset_password": "Jelszó visszaállítása",
+        "request_reset_password": "Jelszó módosítás kérése"
     },
     "mailbox": {
         "action": "Művelet",
@@ -200,10 +505,10 @@
         "add_resource": "Erőforrás hozzáadása",
         "add_tls_policy_map": "TLS irányelv-térkép hozzáadása",
         "address_rewriting": "Címátírás",
-        "alias": "Alias",
+        "alias": "Álnév",
         "alias_domain_backupmx": "Alias domain inaktív a továbbító domain részére",
-        "aliases": "Alias-ok",
-        "allow_from_smtp": "Kizárólag ezek az IP-címek használhatják az <b>SMTP</b>-t",
+        "aliases": "Álnevek",
+        "allow_from_smtp": "Kizárólag ezek az IP címek használhatják az <b>SMTP</b>-t",
         "allow_from_smtp_info": "Hagyja üresen minden feladó engedélyezéséhez.<br>IPv4/IPv6 címek és hálózatok.",
         "allowed_protocols": "Engedélyezett protokollok",
         "backup_mx": "Továbbító domain",
@@ -221,7 +526,7 @@
         "domain_admins": "Domain adminisztrátorok",
         "domain_aliases": "Domain alias-ok",
         "domain_quota": "Kvóta",
-        "domains": "Domain-ek",
+        "domains": "Domainek",
         "edit": "Szerkesztés",
         "empty": "Nincs találat",
         "enable_x": "Engedélyezés",
@@ -277,7 +582,88 @@
         "toggle_all": "Összes átváltása",
         "username": "Felhasználónév",
         "waiting": "Várakozás",
-        "weekly": "Hetente"
+        "weekly": "Hetente",
+        "add_alias_expand": "Alias kiterjesztése alias tartományokra",
+        "alias_domain_alias_hint": "Az aliasok <b>nem</b> vonatkoznak automatikusan a domain aliasokra. Egy <code>my-alias@domain</code> alias cím <b>nem</b> fedezi a <code>my-alias@alias-domain</code> címet (ahol az \"alias-domain\" a \"domain\" képzeletbeli alias tartománya).<br>Kérjük, használjon sieve szűrőt a levél külső postafiókba történő átirányításához (lásd a \"Szűrők\" fület vagy a SOGo -> Továbbító). Használja az \"Alias kiterjesztése alias tartományokra\" opciót a hiányzó aliasok automatikus hozzáadásához.",
+        "all_domains": "Minden tartomány",
+        "bcc_info": "A BCC térképek arra szolgálnak, hogy csendesen továbbítsák az összes üzenet másolatát egy másik címre. A címzett térkép típust akkor használják, ha a helyi célpont egy levél címzettjeként működik. A feladói térképek ugyanazon elv szerint működnek.<br/>\r\n  A helyi célpontot nem értesítik a sikertelen kézbesítésről.",
+        "bcc_map_type": "BCC típus",
+        "bcc_maps": "BCC térképek",
+        "bcc_rcpt_map": "Címzett térkép",
+        "bcc_sender_map": "Feladó térkép",
+        "bcc_to_rcpt": "Váltás címzett térkép típusra",
+        "bcc_to_sender": "Váltás feladó térkép típusra",
+        "bcc_type": "BCC típus",
+        "booking_null": "Mindig szabadként mutat",
+        "booking_0_short": "Mindig szabad",
+        "booking_custom": "Kemény korlát a foglalások egyéni számára",
+        "booking_custom_short": "Kemény korlát",
+        "booking_ltnull": "Korlátlan, de foglaltnak mutatja magát, ha le van foglalva",
+        "booking_lt0_short": "Lágy korlát",
+        "catch_all": "Catch-All",
+        "created_on": "Létrehozva",
+        "dkim_domains_selector": "Válogató",
+        "dkim_key_length": "DKIM kulcs hossza (bit)",
+        "domain_templates": "Domain sablonok",
+        "domain_quota_total": "Teljes domain kvóta",
+        "gal": "Globális címlista",
+        "goto_ham": "Tanulás <b>ham</b>-ként",
+        "goto_spam": "Tanulás <b>spam</b>-ként",
+        "iam": "Azonosítási szolgáltató",
+        "last_modified": "Utoljára módosítva",
+        "last_pw_change": "Utolsó jelszócsere",
+        "mailbox_defaults": "Alapértelmezett beállítások",
+        "mailbox_defaults_info": "Alapértelmezett beállítások meghatározása az új postafiókokhoz.",
+        "mailbox_templates": "Postafiók sablonok",
+        "max_aliases": "Max. aliasok",
+        "max_mailboxes": "Max. lehetséges postafiókok",
+        "max_quota": "Max. kvóta postafiókonként",
+        "no": "&#10005;",
+        "open_logs": "Naplók megnyitása",
+        "q_add_header": "amikor a levélszemét mappába kerül",
+        "q_all": " amikor a levélszemét mappába kerül és elutasításkor",
+        "q_reject": "elutasításkor",
+        "quarantine_category": "Karantén értesítési kategória",
+        "recipient": "Címzett",
+        "recipient_map_info": "A címzett térképeket arra használják, hogy egy üzenet célcímét kicseréljék, mielőtt azt kézbesítenék.",
+        "recipient_map_new_info": "A címzett térkép célja érvényes e-mail címnek vagy tartománynévnek kell lennie.",
+        "recipient_map_old_info": "Egy címzett térkép eredeti céljának érvényes e-mail címnek vagy tartománynévnek kell lennie.",
+        "relay_all": "Az összes címzett továbbítása",
+        "relay_unknown": "Ismeretlen postafiókok továbbítása",
+        "sender": "Feladó",
+        "set_postfilter": "Megjelölés poszt-szűrőként",
+        "set_prefilter": "Megjelölés pre-szűrőként",
+        "sieve_info": "Több szűrőt is tárolhatsz felhasználónként, de egyszerre csak egy pre-szűrő és egy poszt-szűrő lehet aktív.<br>\r\nMinden szűrő a leírt sorrendben lesz feldolgozva. Sem a sikertelen szkript, sem a kiadott \"keep;\" parancs nem állítja le a további szkriptek feldolgozását. A globális sieve szkriptek változásai a Dovecot újraindítását váltják ki.<br><br>Globális sieve pre-szűrő &#8226; Pre-szűrő &#8226; Felhasználói szkriptek &#8226; Poszt-szűrő &#8226; Globális sieve poszt-szűrő",
+        "sieve_preset_1": "Levél eldobása valószínűleg veszélyes fájltípusokkal",
+        "sieve_preset_2": "Egy adott feladó e-mailjét mindig olvasottként jelölje meg",
+        "sieve_preset_3": "Csendesen elvetni, leállítani minden további sieve feldolgozást",
+        "sieve_preset_4": "Fájl az INBOX-ba, kihagyni a további feldolgozást a sieve szűrőkkel",
+        "sieve_preset_5": "Auto válaszadó (szabadság)",
+        "sieve_preset_6": "Levél elutasítása válasszal",
+        "sieve_preset_7": "Átirányítás és megtartás/eldobás",
+        "sieve_preset_8": "E-mail átirányítása egy adott feladótól, olvasottként jelölés és almappába rendezés",
+        "sieve_preset_header": "Kérjük, nézze meg az alábbi példa-előrebeállításokat. További részletekért lásd a <a href=\"https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)\" target=\"_blank\">Wikipedia</a>-t.",
+        "sogo_visible": "Alias látható a SOGo-ban",
+        "sogo_visible_n": "Alias elrejtése a SOGo-ban",
+        "sogo_visible_y": "Alias megjelenítése a SOGo-ban",
+        "sender": "Feladó",
+        "syncjob_check_log": "Napló ellenőrzése",
+        "syncjob_last_run_result": "Utolsó futás eredménye",
+        "syncjob_EX_OK": "Siker",
+        "syncjob_EXIT_CONNECTION_FAILURE": "Kapcsolati probléma",
+        "syncjob_EXIT_TLS_FAILURE": "Probléma a titkosított kapcsolattal",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Hitelesítési probléma",
+        "syncjob_EXIT_OVERQUOTA": "A cél postafiók túllépte a kvótát",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Nem lehet csatlakozni a távoli szerverhez",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Hibás felhasználónév vagy jelszó",
+        "templates": "Sablonok",
+        "template": "Sablon",
+        "tls_map_policy": "Irányelv",
+        "tls_policy_maps": "TLS irányelv térképek",
+        "tls_policy_maps_enforced_tls": "Ezek az irányelvek felülírják a kimenő TLS szállítási szabályokat függetlenül a felhasználó TLS irányelvi beállításaitól. Ha nincs alább egyetlen irányelv sem, ezek a felhasználók az alapértelmezett értékeket alkalmazzák, amelyeket a <code>smtp_tls_mandatory_protocols</code> és a <code>smtp_tls_mandatory_ciphers</code> határoz meg.",
+        "tls_policy_maps_info": "Ez az irányelv térkép felülírja a kimenő TLS szállítási szabályokat függetlenül a felhasználó TLS irányelvi beállításaitól.<br>\r\n  Kérjük, ellenőrizze a <a href=\"http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps\" target=\"_blank\">\"smtp_tls_policy_maps\" dokumentációját</a> további információkért.",
+        "tls_policy_maps_long": "Kimenő TLS irányelv térkép felülírások",
+        "yes": "&#10003;"
     },
     "oauth2": {
         "access_denied": "Kérjük jelentkezzen be postafiók felhasználójával az OAuth2 használatához.",
@@ -301,7 +687,7 @@
         "medium_danger": "Közepes veszély",
         "neutral_danger": "Semleges",
         "notified": "Értesítve",
-        "qinfo": "A karantén-rendszer elmenti a visszautasított leveleket az adatbázisba, miközben a feladónak nem lesz az a benyomása, hogy a levelet kézbesítették.\r\n  <br>\"Spamnek jelölés és törlés\" spam-ként jegyzi meg az üzenetet a Bayes-tétel segítségével, illetve fuzzy hash-eket számít, hogy hasonló üzenetek is spam-be kerüljenek a jövőben.\r\n  <br>Több üzenet spamként való megjegyzése időigényes lehet.<br>Feketelistára vett levelek nem kerülnek karanténba.",
+        "qinfo": "A karantén-rendszer elmenti a visszautasított leveleket az adatbázisba, miközben a feladónak nem lesz az a benyomása, hogy a levelet kézbesítették.\r\n  <br>\"Spamnek jelölés és törlés\" spam-ként jegyzi meg az üzenetet a Bayes-tétel segítségével, illetve fuzzy hash-eket számít, hogy hasonló üzenetek is spam-be kerüljenek a jövőben.\r\n  <br>Több üzenet spamként való megjegyzése időigényes lehet.<br>Tiltólistára vett levelek nem kerülnek karanténba.",
         "qitem": "Tétel",
         "quarantine": "Karantén",
         "quick_actions": "Műveletek",
@@ -324,10 +710,38 @@
         "table_size_show_n": "%s tétel mutatása",
         "text_from_html_content": "Tartalom (konvertált html)",
         "text_plain_content": "Tartalom (sima szöveg)",
-        "toggle_all": "Összes átkapcsolása"
+        "toggle_all": "Összes átkapcsolása",
+        "check_hash": "Fájl hash keresése @ VT",
+        "confirm": "Megerősítés",
+        "deliver_inbox": "Kézbesítés a beérkező mappába",
+        "disabled_by_config": "A jelenlegi rendszerkonfiguráció letiltja a karantén funkcionalitást. Kérjük, állítsa be a \"megőrzéseket postafiókonként\" és a \"maximális méretet\" a karantén elemek számára.",
+        "info": "Információ",
+        "junk_folder": "Levélszemét mappa",
+        "qhandler_success": "A kérés sikeresen elküldve a rendszernek. Most már bezárhatja az ablakot.",
+        "qid": "Rspamd QID",
+        "rejected": "Elutasítva",
+        "release_body": "A levelét eml fájlként csatoltuk ehhez az üzenethez.",
+        "rewrite_subject": "Tárgy átírása",
+        "settings_info": "A karanténba helyezhető elemek maximális száma: %s<br>Maximális e-mail méret: %s MiB",
+        "spam": "Spam",
+        "quick_info_link": "Információs link megnyitása",
+        "type": "Típus"
     },
     "queue": {
-        "queue_manager": "Queue Manager"
+        "queue_manager": "Queue Manager",
+        "delete": "Összes törlése",
+        "flush": "Üzenetsor ürítése",
+        "info": "A levelezési üzenetsor tartalmazza az összes kézbesítésre váró e-mailt. Ha egy e-mail hosszú ideig ragad az üzenetsorban, a rendszer automatikusan törli.<br>A megfelelő levél hibaüzenete tájékoztatást ad arról, miért nem lehetett a levelet kézbesíteni.",
+        "legend": "A levelezési üzenetsor műveleti funkciói:",
+        "ays": "Kérjük, erősítse meg, hogy törölni szeretné az összes elemet az aktuális üzenetsorból.",
+        "deliver_mail": "Kézbesítés",
+        "deliver_mail_legend": "Megpróbálja újra kézbesíteni a kiválasztott leveleket.",
+        "hold_mail": "Visszatartás",
+        "hold_mail_legend": "Visszatartja a kiválasztott leveleket. (Megakadályozza a további kézbesítési kísérleteket)",
+        "show_message": "Üzenet megjelenítése",
+        "unban": "üzenetsor tiltás feloldása",
+        "unhold_mail": "Visszatartás feloldása",
+        "unhold_mail_legend": "Kiadja a kiválasztott leveleket a kézbesítéshez. (Előzetes visszatartás szükséges)"
     },
     "start": {
         "help": "Súgó panel megjelenítése/elrejtése",
@@ -380,7 +794,49 @@
         "resource_modified": "Postafiók %s módosításai mentve",
         "resource_removed": "Erőforrás %s eltávolítva",
         "saved_settings": "Beállítások mentve",
-        "upload_success": "File sikeresen feltöltve"
+        "upload_success": "File sikeresen feltöltve",
+        "acl_saved": "Az ACL a(z) %s objektumhoz mentve",
+        "bcc_deleted": "BCC térkép bejegyzések törölve: %s",
+        "bcc_edited": "BCC térkép bejegyzés %s szerkesztve",
+        "bcc_saved": "BCC térkép bejegyzés mentve",
+        "cors_headers_edited": "A CORS beállítások mentve",
+        "custom_login_modified": "A bejelentkezési testreszabás sikeresen mentve",
+        "domain_add_dkim_available": "Egy DKIM kulcs már létezett",
+        "dkim_duplicated": "A DKIM kulcs a(z) %s tartományhoz sikeresen átmásolva a(z) %s tartományba",
+        "domain_footer_modified": "A(z) %s tartományi lábléc módosításai mentve",
+        "f2b_banlist_refreshed": "A tiltólista azonosítója sikeresen frissítve.",
+        "f2b_modified": "A Fail2ban paraméterek módosításai mentve",
+        "forwarding_host_added": "A továbbító állomás %s hozzáadva",
+        "forwarding_host_removed": "A továbbító állomás %s eltávolítva",
+        "iam_test_connection": "Kapcsolat sikeres",
+        "ip_check_opt_in_modified": "Az IP ellenőrzés sikeresen mentve",
+        "nginx_reloaded": "Az Nginx újra lett töltve",
+        "password_policy_saved": "A jelszó házirend sikeresen mentve",
+        "password_changed_success": "A jelszó sikeresen megváltoztatva",
+        "pushover_settings_edited": "A Pushover beállítások sikeresen elmentve, kérjük, ellenőrizze a hitelesítő adatokat.",
+        "queue_command_success": "A sor parancs sikeresen befejeződött",
+        "recipient_map_entry_deleted": "A címzett térkép ID %s törölve",
+        "recipient_map_entry_saved": "A címzett térkép bejegyzés \"%s\" mentve",
+        "recovery_email_sent": "Helyreállítási e-mail elküldve a(z) %s címre",
+        "relayhost_added": "A térkép bejegyzés %s hozzáadva",
+        "relayhost_removed": "A térkép bejegyzés %s eltávolítva",
+        "reset_main_logo": "Visszaállítás alapértelmezett logóra",
+        "rl_saved": "Arányszám-korlát a(z) %s objektumhoz mentve",
+        "rspamd_ui_pw_set": "Rspamd UI jelszó sikeresen beállítva",
+        "settings_map_added": "Hozzáadott beállítási térkép bejegyzés",
+        "settings_map_removed": "Eltávolított beállítási térkép ID %s",
+        "sogo_profile_reset": "A SOGo profil a(z) %s felhasználóhoz visszaállítva",
+        "template_added": "Hozzáadott sablon %s",
+        "template_modified": "A(z) %s sablon módosításai mentve",
+        "template_removed": "A sablon ID %s törölve",
+        "tls_policy_map_entry_deleted": "TLS irányelv térkép ID %s törölve",
+        "tls_policy_map_entry_saved": "TLS irányelv térkép bejegyzés \"%s\" mentve",
+        "ui_texts": "A felhasználói felület szövegeinek módosításai mentve",
+        "verified_fido2_login": "FIDO2 bejelentkezés ellenőrizve",
+        "verified_totp_login": "TOTP bejelentkezés ellenőrizve",
+        "verified_webauthn_login": "WebAuthn bejelentkezés ellenőrizve",
+        "verified_yotp_login": "Yubico OTP bejelentkezés ellenőrizve",
+        "mailbox_renamed": "A postafiók átnevezve %s-ről %s-re"
     },
     "user": {
         "action": "Művelet",
@@ -449,15 +905,14 @@
         "spam_score_reset": "Szerver szerinti alapértelmezésre visszaállítás",
         "spamfilter": "Spam szűrő",
         "spamfilter_behavior": "Osztályozás",
-        "spamfilter_bl": "Feketelista",
-        "spamfilter_bl_desc": "A feketelistán szereplő email címek mindig spam-ként lesznek kezelve és vissza lesznek utasítva.  Joker karakter használható. A szűrő csak közvetlen aliasokra vonatkozik (alias egyetlen cél-postafiókkal), magára a postafiókra, illetve mindent elkapó aliasokra nem.",
+        "spamfilter_bl": "Tiltólista",
+        "spamfilter_bl_desc": "A tiltólistán szereplő email címek mindig spam-ként lesznek kezelve és vissza lesznek utasítva.  Joker karakter használható. A szűrő csak közvetlen aliasokra vonatkozik (alias egyetlen cél-postafiókkal), magára a postafiókra, illetve mindent elkapó aliasokra nem.",
         "spamfilter_default_score": "Alapértelmezett értékek",
         "spamfilter_green": "Zöld: ez az üzenet nem spam",
         "spamfilter_hint": "Az első érték az alacsony spam pontszámot, a második a magas spam pontszámot jelöli.",
         "spamfilter_red": "Vörös: Ez az üzenet spam, a szerver el fogja vetni.",
         "spamfilter_table_action": "Művelet",
         "spamfilter_table_add": "Tétel hozzáadása",
-        "spamfilter_table_empty": "Nincs megjeleníthető adat",
         "spamfilter_table_remove": "eltávolítás",
         "spamfilter_table_rule": "Szabály",
         "spamfilter_wl": "Engedélyezőlista",
@@ -482,15 +937,90 @@
         "waiting": "Várakozás",
         "week": "hét",
         "weekly": "heti",
-        "weeks": "hét"
+        "weeks": "hét",
+        "aliases_also_send_as": "Küldhet még mint felhasználó",
+        "aliases_send_as_all": "Ne ellenőrizze a küldő hozzáférését a következő tartomány(ok) és annak alias tartományai számára",
+        "app_hint": "Az alkalmazás jelszavak alternatív jelszavak az IMAP, SMTP, CalDAV, CardDAV és EAS bejelentkezéshez. A felhasználónév változatlan marad. A SOGo webmail nem érhető el az alkalmazás jelszavakon keresztül.",
+        "allowed_protocols": "Engedélyezett protokollok",
+        "apple_connection_profile_complete": "Ez a kapcsolati profil tartalmazza az IMAP és SMTP paramétereket, valamint a CalDAV (naptárak) és CardDAV (névjegyek) útvonalakat egy Apple eszközhöz.",
+        "apple_connection_profile_mailonly": "Ez a kapcsolati profil csak IMAP és SMTP konfigurációs paramétereket tartalmaz egy Apple eszközhöz.",
+        "apple_connection_profile_with_app_password": "Új alkalmazás jelszó generálódik és hozzáadódik a profilhoz, így nem kell jelszót megadni az eszköz beállításakor. Kérjük, ne ossza meg a fájlt, mivel teljes hozzáférést biztosít a postafiókjához.",
+        "attribute": "Attribútum",
+        "authentication": "Hitelesítés",
+        "change_password_hint_app_passwords": "Fiókodnak %d alkalmazás jelszava van, amelyek nem lesznek megváltoztatva. Ezek kezeléséhez menj az Alkalmazás jelszavak fülre.",
+        "clear_recent_successful_connections": "Sikeres kapcsolatok törlése",
+        "created_on": "Létrehozva",
+        "direct_aliases_desc": "A közvetlen alias címeket érintik a spam szűrő és a TLS irányelv beállításai.",
+        "direct_protocol_access": "Ennek a postafiók felhasználónak <b>közvetlen, külső hozzáférése</b> van a következő protokollokhoz és alkalmazásokhoz. Ezt a beállítást az adminisztrátor vezérli. Az alkalmazás jelszavak létrehozhatók, hogy hozzáférést biztosítsanak az egyedi protokollokhoz és alkalmazásokhoz.<br>A \"Webmail\" gomb egységes bejelentkezést biztosít a SOGo-ra, és mindig elérhető.",
+        "eas_reset_help": "Sok esetben a eszköz gyorsítótárának visszaállítása segít egy sérült ActiveSync profil helyreállításában.<br><b>Figyelem:</b> Minden elem újra letöltődik!",
+        "empty": "Nincs eredmény",
+        "from": "feladó",
+        "is_catch_all": "Catch-all a tartomány(ok)hoz",
+        "last_pw_change": "Utolsó jelszócsere",
+        "last_ui_login": "Utolsó UI bejelentkezés",
+        "login_history": "Bejelentkezési előzmények",
+        "mailbox": "Postafiók",
+        "mailbox_general": "Általános",
+        "mailbox_settings": "Beállítások",
+        "month": "hónap",
+        "months": "hónap",
+        "open_logs": "Naplók megnyitása",
+        "open_webmail_sso": "Webmail",
+        "overview": "Áttekintés",
+        "password_reset_info": "Ha nincs megadva e-mail a jelszó-helyreállításhoz, ez a funkció nem használható.",
+        "protocols": "Protokollok",
+        "pushover_evaluate_x_prio": "Magas prioritású levelek továbbítása [<code>X-Priority: 1</code>]",
+        "pushover_info": "A push értesítési beállítások az összes tiszta (nem-spam) levélre vonatkoznak, amelyeket a <b>%s</b> címre kézbesítettek, beleértve az aliasokat is (megosztott, nem megosztott, címkézett).",
+        "pushover_only_x_prio": "Csak a magas prioritású leveleket vegye figyelembe [<code>X-Priority: 1</code>]",
+        "pushover_sender_array": "A következő feladói e-mail címek figyelembe vétele <small>(vesszővel elválasztva)</small>",
+        "pushover_sender_regex": "Feladók egyeztetése a következő regex-szel",
+        "pushover_text": "Értesítési szöveg",
+        "pushover_title": "Értesítési cím",
+        "pushover_sound": "Hang",
+        "pushover_vars": "Ha nincs feladói szűrő meghatározva, minden e-mail figyelembe vételre kerül.<br>A Regex szűrők, valamint a pontos feladói ellenőrzések egyénileg definiálhatók, és sorban lesznek figyelembe véve. Nem függenek egymástól.<br>Használható változók a szöveghez és a címhez (kérjük, vegye figyelembe az adatvédelmi szabályzatokat)",
+        "pushover_verify": "Hitelesítő adatok ellenőrzése",
+        "pw_recovery_email": "Jelszó-helyreállítási e-mail",
+        "q_add_header": "Levélszemét mappa",
+        "q_all": "Összes kategória",
+        "q_reject": "Elutasítva",
+        "quarantine_category": "Karantén értesítési kategória",
+        "quarantine_category_info": "Az \"Elutasítva\" értesítési kategória magában foglalja azokat a leveleket, amelyeket elutasítottak, míg a \"Levélszemét mappa\" értesíti a felhasználót a levélszemét mappába helyezett levelekről.",
+        "recent_successful_connections": "Látott sikeres kapcsolatok",
+        "shared_aliases_desc": "A megosztott aliasokat nem érintik a felhasználóspecifikus beállítások, mint a spam szűrő vagy a titkosítási szabályzat. A megfelelő spam szűrőket csak egy adminisztrátor hozhatja létre tartományszintű szabályzatként.",
+        "sogo_profile_reset": "SOGo profil visszaállítása",
+        "sogo_profile_reset_help": "Ez tönkreteszi a felhasználó SOGo profilját, és <b>visszavonhatatlanul törli az összes névjegy- és naptáradatot</b>.",
+        "sogo_profile_reset_now": "Profil visszaállítása most",
+        "spamfilter_table_domain_policy": "n/a (tartományi szabályzat)",
+        "syncjob_check_log": "Napló ellenőrzése",
+        "syncjob_last_run_result": "Utolsó futás eredménye",
+        "syncjob_EX_OK": "Siker",
+        "syncjob_EXIT_CONNECTION_FAILURE": "Kapcsolati probléma",
+        "syncjob_EXIT_TLS_FAILURE": "Probléma a titkosított kapcsolattal",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Hitelesítési probléma",
+        "syncjob_EXIT_OVERQUOTA": "A cél postafiók túllépte a kvótát",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Nem lehet csatlakozni a távoli szerverhez",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Hibás felhasználónév vagy jelszó",
+        "text": "Szöveg",
+        "tfa_info": "A kétlépcsős hitelesítés segít megvédeni a fiókodat. Ha engedélyezed, alkalmazás jelszavakra lesz szükséged, hogy bejelentkezz olyan alkalmazásokba vagy szolgáltatásokba, amelyek nem támogatják a kétlépcsős hitelesítést (pl. levelező kliensek).",
+        "tls_policy_warning": "<strong>Figyelem:</strong> Ha titkosított levélátvitelt kényszerítesz ki, elveszíthetsz e-maileket.<br>Azok az üzenetek, amelyek nem felelnek meg a szabályzatnak, kemény hibával visszapattannak a levelezőrendszerből.<br>Ez az opció a fő e-mail címedre (bejelentkezési név), az alias tartományokból származó összes címre, valamint az alias címekre vonatkozik, amelyeknek <b>csak ez az egy postafiók</b> a célja.",
+        "value": "Érték",
+        "with_app_password": "alkalmazás jelszóval",
+        "year": "év",
+        "years": "év"
     },
     "warning": {
         "cannot_delete_self": "Bejelentkezett felhasználó nem törölhető.",
-        "ip_invalid": "Érvénytelen IP-cím átugorva: %s",
+        "ip_invalid": "Érvénytelen IP cím átugorva: %s",
         "no_active_admin": "Utolsó aktív admin felhasználó nem deaktiválható.",
         "quota_exceeded_scope": "Domain kvóta átlépve: csak korlátok nélküli postafiókok hozhatók létre ebben a domain-ben.",
-        "session_token": "Űrlap-token érvénytelen: Tokenek nem egyeznek",
-        "session_ua": "Űrlap-token érvénytelen: User-Agent hitelesítési probléma"
+        "session_token": "Űrlaptoken érvénytelen: Tokenek nem egyeznek",
+        "session_ua": "Űrlaptoken érvénytelen: User-Agent hitelesítési probléma",
+        "domain_added_sogo_failed": "A tartomány hozzáadva, de a SOGo újraindítása sikertelen, kérjük, ellenőrizze a szerver naplókat.",
+        "dovecot_restart_failed": "A Dovecot újraindítása sikertelen, kérjük, ellenőrizze a naplókat",
+        "fuzzy_learn_error": "Fuzzy hash tanulási hiba: %s",
+        "hash_not_found": "A hash nem található vagy már törölve lett",
+        "is_not_primary_alias": "Nem elsődleges alias %s kihagyva",
+        "mailbox_renamed_alias": "A postafiók át lett nevezve, de az alias nem lett automatikusan létrehozva. Kérjük, hozza létre kézzel: %s"
     },
     "acl": {
         "delimiter_action": "Elhatárolás",
@@ -516,15 +1046,24 @@
         "smtp_ip_access": "Az SMTP engedélyezett állomásainak módosítása",
         "sogo_profile_reset": "SOGo profil visszaállítása",
         "spam_alias": "Ideiglenes álnevek",
-        "spam_policy": "Fekete/Fehér lista",
+        "spam_policy": "Tiltó/engedélyezési lista",
         "spam_score": "Spam pontszám",
         "syncjobs": "Szinkronizálási feladatok",
         "tls_policy": "TLS szabályzat",
         "unlimited_quota": "Korlátlan kvóta a postafiókok számára",
-        "sogo_access": "A SOGo-hozzáférés kezelésének lehetővé tétele"
+        "sogo_access": "A SOGo-hozzáférés kezelésének lehetővé tétele",
+        "pw_reset": "Lehetővé teszi a mailcow felhasználói jelszavak visszaállítását"
     },
     "diagnostics": {
-        "dns_records": "DNS bejegyzések"
+        "dns_records": "DNS bejegyzések",
+        "cname_from_a": "Az A/AAAA rekordból származó érték. Ez addig támogatott, amíg a rekord a megfelelő erőforrásra mutat.",
+        "dns_records_24hours": "Kérjük, vegye figyelembe, hogy a DNS-ben végrehajtott változtatások akár 24 órát is igénybe vehetnek, amíg a jelenlegi állapotuk helyesen megjelenik ezen az oldalon. Ez a célja, hogy könnyen láthassa, hogyan kell konfigurálnia a DNS rekordokat, és ellenőrizze, hogy az összes rekordja helyesen van-e tárolva a DNS-ben.",
+        "dns_records_data": "Helyes adatok",
+        "dns_records_docs": "Kérjük, konzultáljon a <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">dokumentációval</a> is.",
+        "dns_records_name": "Név",
+        "dns_records_status": "Jelenlegi állapot",
+        "dns_records_type": "Típus",
+        "optional": "Ez a rekord opcionális."
     },
     "add": {
         "username": "Felhasználónév",
@@ -588,6 +1127,15 @@
         "alias_domain": "Alias domain",
         "alias_domain_info": "<small>Csak érvényes tartománynevek (vesszővel elválasztva).</small>",
         "app_name": "Alkalmazás neve",
-        "app_passwd_protocols": "Engedélyezett protokollok az alkalmazás jelszavához"
+        "app_passwd_protocols": "Engedélyezett protokollok az alkalmazás jelszavához",
+        "automap": "Próbálja automatikusan feltérképezni a mappákat (\"Elküldött elemek\", \"Elküldött\" => \"Elküldött\" stb.)",
+        "multiple_bookings": "Több foglalás",
+        "quota_mb": "Kvóta (MiB)",
+        "relay_all": "Az összes címzett továbbítása",
+        "relay_all_info": "↪ Ha úgy döntesz, hogy <b>nem</b> továbbítod az összes címzettet, akkor minden egyes címzett számára, akit továbbítani kell, létre kell hoznod egy (\"vak\") postafiókot.",
+        "relay_domain": "Továbbítsa ezt a tartományt",
+        "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Információ</div> Definiálhatsz szállítási térképeket ehhez a tartományhoz egyedi célállomásra. Ha nincs beállítva, egy MX lekérdezés történik.",
+        "relay_unknown_only": "Csak a nem létező postafiókok továbbítása. A létező postafiókok helyben lesznek kézbesítve.",
+        "relayhost_wrapped_tls_info": "Kérjük, <b>ne</b> használjon TLS-be csomagolt portokat (többnyire a 465-ös porton használatosak).<br>\r\nHasználjon bármilyen nem csomagolt portot és adjon ki STARTTLS-t. A TLS kikényszerítésére egy TLS irányelv hozható létre a \"TLS irányelv térképek\" alatt."
     }
 }

From 0997548d7f3e7aa004cbae3b1062332f53163c90 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 29 Aug 2025 22:38:06 +0200
Subject: [PATCH 634/755] Translations update from Weblate (#6699)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Web] Updated lang.de-de.json

Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.en-gb.json

Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.hu-hu.json

[Web] Language file updated by 'Cleanup translation files' addon

Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.si-si.json

Co-authored-by: Matjaž Tekavec <matjaz@moj-svet.si>

---------

Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: Matjaž Tekavec <matjaz@moj-svet.si>
---
 data/web/lang/lang.de-de.json |  3 ++-
 data/web/lang/lang.en-gb.json |  2 +-
 data/web/lang/lang.hu-hu.json | 20 ++++++++++++--------
 data/web/lang/lang.si-si.json | 22 +++++++++++++++++++---
 4 files changed, 34 insertions(+), 13 deletions(-)

diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 55fc11ab4..93b908d6c 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -408,7 +408,8 @@
         "allowed_origins": "Access-Control-Allow-Origin",
         "logo_dark_label": "Invertiert für den Darkmode",
         "logo_normal_label": "Normal",
-        "user_link": "Nutzer-Link"
+        "user_link": "Nutzer-Link",
+        "filter": "Filter"
     },
     "danger": {
         "access_denied": "Zugriff verweigert oder unvollständige/ungültige Daten",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 4ee5675be..0af0e59b0 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -711,7 +711,7 @@
         "mta_sts": "MTA-STS",
         "mta_sts_info": "<a href='https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#SMTP_MTA_Strict_Transport_Security' target='_blank'>MTA-STS</a> is a standard that enforces email delivery between mail servers to use TLS with valid certificates. <br>It is used when <a target='_blank' href='https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities'>DANE</a> is not possible due to missing or unsupported DNSSEC.<br><b>Note</b>: If the receiving domain supports DANE with DNSSEC, DANE is <b>always</b> preferred – MTA-STS only acts as a fallback.",
         "mta_sts_version": "Version",
-        "mta_sts_version_info": "Defines the version of the MTA-STS standard – currently only <code>STSv1</code> is valid." ,
+        "mta_sts_version_info": "Defines the version of the MTA-STS standard – currently only <code>STSv1</code> is valid.",
         "mta_sts_mode": "Mode",
         "mta_sts_mode_info": "There are three modes to choose from:<ul><li><em>testing</em> – policy is only monitored, violations have no impact.</li><li><em>enforce</em> – policy is strictly enforced, connections without valid TLS are rejected.</li><li><em>none</em> – policy is published but not applied.</li></ul>",
         "mta_sts_max_age": "Max age",
diff --git a/data/web/lang/lang.hu-hu.json b/data/web/lang/lang.hu-hu.json
index 6ec3ed68a..2f78d5b21 100644
--- a/data/web/lang/lang.hu-hu.json
+++ b/data/web/lang/lang.hu-hu.json
@@ -9,7 +9,7 @@
         "source": "Forrás",
         "spamfilter": "Spam szűrő",
         "subject": "Tárgy",
-        "sys_mails": "Rendszerüzenetek",
+        "sys_mails": "Rendszer e-mailek",
         "text": "Szöveg",
         "time": "Idő",
         "title": "Cím",
@@ -274,7 +274,6 @@
         "sal_level": "Moo szint",
         "service": "Szolgáltatás",
         "service_id": "Szolgáltatás azonosító",
-        "sys_mails": "Rendszer e-mailek",
         "task": "Feladat",
         "transport_maps": "Szállítási térképek",
         "transport_test_rcpt_info": "&#8226; Használja a null@hosted.mailcow.de címet a külföldi célra történő továbbítás teszteléséhez.",
@@ -295,7 +294,8 @@
         "user_link": "Felhasználói-link",
         "user_quicklink": "Gyorshivatkozás elrejtése a Felhasználói bejelentkezési oldalra",
         "validate_license_now": "GUID érvényesítése a licenszszerverrel szemben",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "success": "Siker"
     },
     "edit": {
         "active": "Aktív",
@@ -646,7 +646,6 @@
         "sogo_visible": "Alias látható a SOGo-ban",
         "sogo_visible_n": "Alias elrejtése a SOGo-ban",
         "sogo_visible_y": "Alias megjelenítése a SOGo-ban",
-        "sender": "Feladó",
         "syncjob_check_log": "Napló ellenőrzése",
         "syncjob_last_run_result": "Utolsó futás eredménye",
         "syncjob_EX_OK": "Siker",
@@ -1000,7 +999,6 @@
         "syncjob_EXIT_OVERQUOTA": "A cél postafiók túllépte a kvótát",
         "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Nem lehet csatlakozni a távoli szerverhez",
         "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Hibás felhasználónév vagy jelszó",
-        "text": "Szöveg",
         "tfa_info": "A kétlépcsős hitelesítés segít megvédeni a fiókodat. Ha engedélyezed, alkalmazás jelszavakra lesz szükséged, hogy bejelentkezz olyan alkalmazásokba vagy szolgáltatásokba, amelyek nem támogatják a kétlépcsős hitelesítést (pl. levelező kliensek).",
         "tls_policy_warning": "<strong>Figyelem:</strong> Ha titkosított levélátvitelt kényszerítesz ki, elveszíthetsz e-maileket.<br>Azok az üzenetek, amelyek nem felelnek meg a szabályzatnak, kemény hibával visszapattannak a levelezőrendszerből.<br>Ez az opció a fő e-mail címedre (bejelentkezési név), az alias tartományokból származó összes címre, valamint az alias címekre vonatkozik, amelyeknek <b>csak ez az egy postafiók</b> a célja.",
         "value": "Érték",
@@ -1019,8 +1017,7 @@
         "dovecot_restart_failed": "A Dovecot újraindítása sikertelen, kérjük, ellenőrizze a naplókat",
         "fuzzy_learn_error": "Fuzzy hash tanulási hiba: %s",
         "hash_not_found": "A hash nem található vagy már törölve lett",
-        "is_not_primary_alias": "Nem elsődleges alias %s kihagyva",
-        "mailbox_renamed_alias": "A postafiók át lett nevezve, de az alias nem lett automatikusan létrehozva. Kérjük, hozza létre kézzel: %s"
+        "is_not_primary_alias": "Nem elsődleges alias %s kihagyva"
     },
     "acl": {
         "delimiter_action": "Elhatárolás",
@@ -1136,6 +1133,13 @@
         "relay_domain": "Továbbítsa ezt a tartományt",
         "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Információ</div> Definiálhatsz szállítási térképeket ehhez a tartományhoz egyedi célállomásra. Ha nincs beállítva, egy MX lekérdezés történik.",
         "relay_unknown_only": "Csak a nem létező postafiókok továbbítása. A létező postafiókok helyben lesznek kézbesítve.",
-        "relayhost_wrapped_tls_info": "Kérjük, <b>ne</b> használjon TLS-be csomagolt portokat (többnyire a 465-ös porton használatosak).<br>\r\nHasználjon bármilyen nem csomagolt portot és adjon ki STARTTLS-t. A TLS kikényszerítésére egy TLS irányelv hozható létre a \"TLS irányelv térképek\" alatt."
+        "relayhost_wrapped_tls_info": "Kérjük, <b>ne</b> használjon TLS-be csomagolt portokat (többnyire a 465-ös porton használatosak).<br>\r\nHasználjon bármilyen nem csomagolt portot és adjon ki STARTTLS-t. A TLS kikényszerítésére egy TLS irányelv hozható létre a \"TLS irányelv térképek\" alatt.",
+        "select": "Kérjük, válasszon...",
+        "select_domain": "Kérjük, először válasszon egy domaint",
+        "sieve_desc": "Rövid leírás",
+        "sieve_type": "Szűrő típusa",
+        "skipcrossduplicates": "Duplikált üzenetek átugrása mappák között (érkezési sorrendben)",
+        "subscribeall": "Feliratkozás minden mappára",
+        "syncjob": "Szinkronizálási feladat hozzáadása"
     }
 }
diff --git a/data/web/lang/lang.si-si.json b/data/web/lang/lang.si-si.json
index 35c4eaa96..56da00f74 100644
--- a/data/web/lang/lang.si-si.json
+++ b/data/web/lang/lang.si-si.json
@@ -550,7 +550,11 @@
         "recovery_email_failed": "E-poštnega sporočila za obnovitev ni bilo mogoče poslati. Obrnite se na skrbnika.",
         "required_data_missing": "Manjkajo zahtevani podatki %s",
         "reset_token_limit_exceeded": "Omejitev žetonov za ponastavitev je bila presežena. Poskusite znova pozneje.",
-        "to_invalid": "Polje za prejemnika ne sme biti prazno"
+        "to_invalid": "Polje za prejemnika ne sme biti prazno",
+        "max_age_invalid": "Najvišja starost %s je neveljavna",
+        "mode_invalid": "Način %s ni veljaven",
+        "mx_invalid": "Zapis MX %s je neveljaven",
+        "version_invalid": "Različica %s je neveljavna"
     },
     "debug": {
         "containers_info": "Informacije o vsebniku (containerju)",
@@ -761,7 +765,18 @@
         "mailbox_rename": "Preimenuj poštni predal",
         "mailbox_rename_agree": "Ustvaril/a sem varnostno kopijo.",
         "mailbox_rename_warning": "POMEMBNO! Pred preimenovanjem nabiralnika ustvarite varnostno kopijo.",
-        "sieve_desc": "Kratek opis"
+        "sieve_desc": "Kratek opis",
+        "mta_sts": "MTA-STS",
+        "mta_sts_info": "<a href='https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#SMTP_MTA_Strict_Transport_Security' target='_blank'>MTA-STS</a> je standard, ki vsiljuje dostavo e-pošte med poštnimi strežniki z uporabo TLS z veljavnimi potrdili. <br>Uporablja se, kadar <a target='_blank' href='https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities'>DANE</a> ni mogoč zaradi manjkajočega ali nepodprtega DNSSEC.<br><b>Opomba</b>: Če prejemna domena podpira DANE z DNSSEC, je DANE <b>vedno</b> prednost – MTA-STS deluje le kot rezervna možnost.",
+        "mta_sts_version": "Različica",
+        "mta_sts_version_info": "Določa različico standarda MTA-STS – trenutno je veljavna samo različica <code>STSv1</code>.",
+        "mta_sts_mode": "Način",
+        "mta_sts_mode_info": "Na voljo so trije načini:<ul><li><em>testiranje</em> – pravilnik se samo spremlja, kršitve nimajo vpliva.</li><li><em>uveljavljanje</em> – pravilnik se strogo uveljavlja, povezave brez veljavnega TLS so zavrnjene.</li><li><em>brez</em> – pravilnik je objavljen, vendar se ne uporablja.</li></ul>",
+        "mta_sts_max_age": "Najvišja starost",
+        "mta_sts_max_age_info": "Čas v sekundah, ki ga lahko prejemni poštni strežniki shranijo v predpomnilnik, dokler se ne ponovno naloži.",
+        "mta_sts_mx": "MX strežnik",
+        "mta_sts_mx_info": "Omogoča pošiljanje samo na izrecno navedena imena gostiteljskih strežnikov poštnih strežnikov; pošiljajoči MTA preveri, ali se ime gostitelja DNS MX ujema s seznamom pravilnikov, in dovoljuje dostavo le z veljavnim potrdilom TLS (zaščita pred MITM).",
+        "mta_sts_mx_notice": "Določiti je mogoče več strežnikov MX (ločenih z vejicami)."
     },
     "footer": {
         "restart_container_info": "<b>Pomembno:</b> Ugoden ponovni zagon lahko traja nekaj časa, zato počakajte, da se konča.",
@@ -799,7 +814,8 @@
         "other_logins": "ali se prijavite s/z",
         "reset_password": "Ponastavi geslo",
         "request_reset_password": "Zahteva za spremembo gesla",
-        "username": "Uporabniško ime"
+        "username": "Uporabniško ime",
+        "email": "E-poštni naslov"
     },
     "mailbox": {
         "last_mail_login": "Zadnja prijava v e-pošto",

From 5361a4a4ee0e3c9a6434b3728b00e3f9bcf34f1f Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Mon, 1 Sep 2025 12:32:27 +0200
Subject: [PATCH 635/755] updated sponsors in Readme.md

---
 README.md | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/README.md b/README.md
index 2aad841c2..40288f10e 100644
--- a/README.md
+++ b/README.md
@@ -23,9 +23,6 @@ A big thank you to everyone supporting us on GitHub Sponsors—your contribution
   <a href="https://www.maehdros.com/" target=_blank><img
     src="https://avatars.githubusercontent.com/u/173894712" height="58"
   /></a>
-  <a href="https://macarne.com/" target=_blank><img
-    src="https://avatars.githubusercontent.com/u/149550368?s=200&v=4" height="58"
-  /></a>
 
 ### 50$/Month Sponsors
   <a href="https://github.com/vnukhr" target=_blank><img

From dbde14401461f64b9ddf5c502223809e7e66cda5 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Wed, 3 Sep 2025 08:14:14 +0200
Subject: [PATCH 636/755] update postscreen_access.cidr (#6703)

---
 data/conf/postfix/postscreen_access.cidr | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr
index 1783620dd..35fc1a802 100644
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@@ -1,6 +1,6 @@
-# Whitelist generated by Postwhite v3.4 on Do 28. Aug 14:05:16 CEST 2025
+# Whitelist generated by Postwhite v3.4 on Mon Sep  1 00:23:07 UTC 2025
 # https://github.com/stevejenkins/postwhite/
-# 2225 total rules
+# 2165 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
 2a01:111:f403::/49	permit
@@ -55,7 +55,7 @@
 8.40.222.0/23	permit
 8.40.222.250/31	permit
 12.130.86.238	permit
-13.107.253.44	permit
+13.107.246.40	permit
 13.110.208.0/21	permit
 13.110.209.0/24	permit
 13.110.216.0/22	permit
@@ -686,8 +686,6 @@
 82.165.159.45	permit
 82.165.159.130	permit
 82.165.159.131	permit
-85.9.206.169	permit
-85.9.210.45	permit
 85.158.136.0/21	permit
 85.215.255.39	permit
 85.215.255.40	permit
@@ -736,7 +734,6 @@
 87.248.117.205	permit
 87.253.232.0/21	permit
 89.22.108.0/24	permit
-91.134.188.129	permit
 91.198.2.0/24	permit
 91.211.240.0/22	permit
 94.236.119.0/26	permit
@@ -1669,7 +1666,7 @@
 170.10.132.56/29	permit
 170.10.132.64/29	permit
 170.10.133.0/24	permit
-172.217.0.0/19	permit
+172.217.0.0/20	permit
 172.217.32.0/20	permit
 172.217.128.0/19	permit
 172.217.160.0/20	permit
@@ -1798,8 +1795,6 @@
 193.142.157.0/24	permit
 193.142.157.191	permit
 193.142.157.198	permit
-193.201.168.38	permit
-193.201.168.170/31	permit
 194.19.134.0/25	permit
 194.25.134.16/28	permit
 194.25.134.80/28	permit

From 34877ecf9c976f52ccff73311a1424021d4b2e68 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 3 Sep 2025 08:18:04 +0200
Subject: [PATCH 637/755] watchdog: added postfix-tlspol check (#6691)

---
 data/Dockerfiles/watchdog/watchdog.sh | 37 +++++++++++++++++++++++++++
 docker-compose.yml                    |  1 +
 2 files changed, 38 insertions(+)

diff --git a/data/Dockerfiles/watchdog/watchdog.sh b/data/Dockerfiles/watchdog/watchdog.sh
index a087ca5f1..558aaa197 100755
--- a/data/Dockerfiles/watchdog/watchdog.sh
+++ b/data/Dockerfiles/watchdog/watchdog.sh
@@ -450,6 +450,31 @@ postfix_checks() {
   return 1
 }
 
+postfix-tlspol_checks() {
+  err_count=0
+  diff_c=0
+  THRESHOLD=${POSTFIX_TLSPOL_THRESHOLD}
+  # Reduce error count by 2 after restarting an unhealthy container
+  trap "[ ${err_count} -gt 1 ] && err_count=$(( ${err_count} - 2 ))" USR1
+  while [ ${err_count} -lt ${THRESHOLD} ]; do
+    touch /tmp/postfix-tlspol-mailcow; echo "$(tail -50 /tmp/postfix-tlspol-mailcow)" > /tmp/postfix-tlspol-mailcow
+    host_ip=$(get_container_ip postfix-tlspol-mailcow)
+    err_c_cur=${err_count}
+    /usr/lib/nagios/plugins/check_tcp -4 -H ${host_ip} -p 8642 2>> /tmp/postfix-tlspol-mailcow 1>&2; err_count=$(( ${err_count} + $? ))
+    [ ${err_c_cur} -eq ${err_count} ] && [ ! $((${err_count} - 1)) -lt 0 ] && err_count=$((${err_count} - 1)) diff_c=1
+    [ ${err_c_cur} -ne ${err_count} ] && diff_c=$(( ${err_c_cur} - ${err_count} ))
+    progress "Postfix TLS Policy companion" ${THRESHOLD} $(( ${THRESHOLD} - ${err_count} )) ${diff_c}
+    if [[ $? == 10 ]]; then
+      diff_c=0
+      sleep 1
+    else
+      diff_c=0
+      sleep $(( ( RANDOM % 60 ) + 20 ))
+    fi
+  done
+  return 1
+}
+
 clamd_checks() {
   err_count=0
   diff_c=0
@@ -927,6 +952,18 @@ PID=$!
 echo "Spawned mailq_checks with PID ${PID}"
 BACKGROUND_TASKS+=(${PID})
 
+(
+while true; do
+  if ! postfix-tlspol_checks; then
+    log_msg "Postfix TLS Policy hit error limit"
+    echo postfix-tlspol-mailcow > /tmp/com_pipe
+  fi
+done
+) &
+PID=$!
+echo "Spawned postfix-tlspol_checks with PID ${PID}"
+BACKGROUND_TASKS+=(${PID})
+
 (
 while true; do
   if ! dovecot_checks; then
diff --git a/docker-compose.yml b/docker-compose.yml
index ce33e3d93..0501e43fa 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -577,6 +577,7 @@ services:
         - MYSQL_REPLICATION_THRESHOLD=${MYSQL_REPLICATION_THRESHOLD:-1}
         - SOGO_THRESHOLD=${SOGO_THRESHOLD:-3}
         - POSTFIX_THRESHOLD=${POSTFIX_THRESHOLD:-8}
+        - POSTFIX_TLSPOL_THRESHOLD=${POSTFIX_TLSPOL_THRESHOLD:-8}
         - CLAMD_THRESHOLD=${CLAMD_THRESHOLD:-15}
         - DOVECOT_THRESHOLD=${DOVECOT_THRESHOLD:-12}
         - DOVECOT_REPL_THRESHOLD=${DOVECOT_REPL_THRESHOLD:-20}

From 81775ab4d59c4ee3bf2fa113a3388097164a3ca5 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 4 Sep 2025 18:02:11 +0200
Subject: [PATCH 638/755] chore(deps): update actions/stale action to v10
 (#6708)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/close_old_issues_and_prs.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/close_old_issues_and_prs.yml b/.github/workflows/close_old_issues_and_prs.yml
index af5fd807d..91870fd1d 100644
--- a/.github/workflows/close_old_issues_and_prs.yml
+++ b/.github/workflows/close_old_issues_and_prs.yml
@@ -14,7 +14,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Mark/Close Stale Issues and Pull Requests 🗑️
-        uses: actions/stale@v9.1.0
+        uses: actions/stale@v10.0.0
         with:
           repo-token: ${{ secrets.STALE_ACTION_PAT }}
           days-before-stale: 60

From 06db1d6a72ce65cd5e464eab7f2b1970da555b49 Mon Sep 17 00:00:00 2001
From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com>
Date: Fri, 5 Sep 2025 03:37:59 +0200
Subject: [PATCH 639/755] [Rspamd] Do not increment rate limit for emails from
 user to himself (#6706)

* [Rspamd] Do not increment rate limit for emails from user to himself

* Lowercase username and recipient address for comparison

Normalize username and recipient address comparison to lowercase.
---
 data/conf/rspamd/lua/rspamd.local.lua | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/data/conf/rspamd/lua/rspamd.local.lua b/data/conf/rspamd/lua/rspamd.local.lua
index 5fe66f75f..2bf328e5b 100644
--- a/data/conf/rspamd/lua/rspamd.local.lua
+++ b/data/conf/rspamd/lua/rspamd.local.lua
@@ -454,12 +454,18 @@ rspamd_config:register_symbol({
     local redis_params = rspamd_parse_redis_server('dyn_rl')
     local rspamd_logger = require "rspamd_logger"
     local envfrom = task:get_from(1)
+    local envrcpt = task:get_recipients(1) or {}
     local uname = task:get_user()
     if not envfrom or not uname then
       return false
     end
+
     local uname = uname:lower()
 
+    if #envrcpt == 1 and envrcpt[1].addr:lower() == uname then
+      return false
+    end
+
     local env_from_domain = envfrom[1].domain:lower() -- get smtp from domain in lower case
 
     local function redis_cb_user(err, data)

From f67c0530f56495d4b7a2c3b8816a8140c2f25586 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Tue, 9 Sep 2025 10:37:54 +0200
Subject: [PATCH 640/755] [Rspamd][Web] Internal alias support

---
 data/conf/rspamd/dynmaps/settings.php  | 38 ++++++++++++++++++++++++--
 data/web/inc/functions.mailbox.inc.php | 28 ++++++++++++-------
 data/web/inc/init_db.inc.php           |  1 +
 data/web/js/site/mailbox.js            |  9 ++++++
 data/web/lang/lang.de-de.json          |  5 ++++
 data/web/lang/lang.en-gb.json          |  5 ++++
 data/web/templates/edit/alias.twig     |  7 ++++-
 data/web/templates/modals/mailbox.twig |  9 ++++--
 8 files changed, 86 insertions(+), 16 deletions(-)

diff --git a/data/conf/rspamd/dynmaps/settings.php b/data/conf/rspamd/dynmaps/settings.php
index 274e9da28..1b0e6b6e4 100644
--- a/data/conf/rspamd/dynmaps/settings.php
+++ b/data/conf/rspamd/dynmaps/settings.php
@@ -56,7 +56,7 @@ function normalize_email($email) {
     $email = explode('@', $email);
     $email[0] = str_replace('.', '', $email[0]);
     $email = implode('@', $email);
-  } 
+  }
   $gm_alt = "@googlemail.com";
   if (substr_compare($email, $gm_alt, -strlen($gm_alt)) == 0) {
     $email = explode('@', $email);
@@ -114,7 +114,7 @@ function ucl_rcpts($object, $type) {
       $rcpt[] = str_replace('/', '\/', $row['address']);
     }
     // Aliases by alias domains
-    $stmt = $pdo->prepare("SELECT CONCAT(`local_part`, '@', `alias_domain`.`alias_domain`) AS `alias` FROM `mailbox` 
+    $stmt = $pdo->prepare("SELECT CONCAT(`local_part`, '@', `alias_domain`.`alias_domain`) AS `alias` FROM `mailbox`
       LEFT OUTER JOIN `alias_domain` ON `mailbox`.`domain` = `alias_domain`.`target_domain`
       WHERE `mailbox`.`username` = :object");
     $stmt->execute(array(
@@ -184,7 +184,7 @@ while ($row = array_shift($rows)) {
     rcpt = <?=json_encode($rcpt, JSON_UNESCAPED_SLASHES);?>;
 <?php
   }
-  $stmt = $pdo->prepare("SELECT `option`, `value` FROM `filterconf` 
+  $stmt = $pdo->prepare("SELECT `option`, `value` FROM `filterconf`
     WHERE (`option` = 'highspamlevel' OR `option` = 'lowspamlevel')
       AND `object`= :object");
   $stmt->execute(array(':object' => $row['object']));
@@ -468,4 +468,36 @@ while ($row = array_shift($rows)) {
 <?php
 }
 ?>
+
+<?php
+// Start internal aliases
+
+$stmt = $pdo->query("SELECT `id`, `address`, `domain` FROM `alias` WHERE `active` = '1' AND `internal` = '1'");
+$aliases = $stmt->fetchAll(PDO::FETCH_ASSOC);
+while ($alias = array_shift($aliases)) {
+  // build allowed_domains regex and add target domain and alias domains
+  $stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain` WHERE `active` = '1' AND `target_domain` = :target_domain");
+  $stmt->execute(array(':target_domain' => $alias['domain']));
+  $allowed_domains = $stmt->fetchAll(PDO::FETCH_ASSOC);
+  $allowed_domains = array_map(function($item) {
+    return str_replace('.', '\.', $item['alias_domain']);
+  }, $allowed_domains);
+  $allowed_domains[] = str_replace('.', '\.', $alias['domain']);
+  $allowed_domains = implode('|', $allowed_domains);
+?>
+  internal_alias_<?=$alias['id'];?> {
+    priority = 10;
+    rcpt = "<?=$alias['address'];?>";
+    from = "/^((?!.*@(<?=$allowed_domains;?>)).)*$/";
+    apply "default" {
+      MAILCOW_INTERNAL_ALIAS = 9999.0;
+    }
+    symbols [
+      "MAILCOW_INTERNAL_ALIAS"
+    ]
+  }
+<?php
+}
+?>
+
 }
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index a74d182cf..a0199fbdc 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -684,15 +684,16 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           return true;
         break;
         case 'alias':
-          $addresses  = array_map('trim', preg_split( "/( |,|;|\n)/", $_data['address']));
-          $gotos      = array_map('trim', preg_split( "/( |,|;|\n)/", $_data['goto']));
-          $active = intval($_data['active']);
-          $sogo_visible = intval($_data['sogo_visible']);
-          $goto_null = intval($_data['goto_null']);
-          $goto_spam = intval($_data['goto_spam']);
-          $goto_ham = intval($_data['goto_ham']);
+          $addresses       = array_map('trim', preg_split( "/( |,|;|\n)/", $_data['address']));
+          $gotos           = array_map('trim', preg_split( "/( |,|;|\n)/", $_data['goto']));
+          $internal        = intval($_data['internal']);
+          $active          = intval($_data['active']);
+          $sogo_visible    = intval($_data['sogo_visible']);
+          $goto_null       = intval($_data['goto_null']);
+          $goto_spam       = intval($_data['goto_spam']);
+          $goto_ham        = intval($_data['goto_ham']);
           $private_comment = $_data['private_comment'];
-          $public_comment = $_data['public_comment'];
+          $public_comment  = $_data['public_comment'];
           if (strlen($private_comment) > 160 | strlen($public_comment) > 160){
             $_SESSION['return'][] = array(
               'type' => 'danger',
@@ -842,8 +843,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               );
               continue;
             }
-            $stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `public_comment`, `private_comment`, `goto`, `domain`, `sogo_visible`, `active`)
-              VALUES (:address, :public_comment, :private_comment, :goto, :domain, :sogo_visible, :active)");
+            $stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `public_comment`, `private_comment`, `goto`, `domain`, `sogo_visible`, `internal`, `active`)
+              VALUES (:address, :public_comment, :private_comment, :goto, :domain, :sogo_visible, :internal, :active)");
             if (!filter_var($address, FILTER_VALIDATE_EMAIL) === true) {
               $stmt->execute(array(
                 ':address' => '@'.$domain,
@@ -853,6 +854,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                 ':goto' => $goto,
                 ':domain' => $domain,
                 ':sogo_visible' => $sogo_visible,
+                ':internal' => $internal,
                 ':active' => $active
               ));
             }
@@ -864,6 +866,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                 ':goto' => $goto,
                 ':domain' => $domain,
                 ':sogo_visible' => $sogo_visible,
+                ':internal' => $internal,
                 ':active' => $active
               ));
             }
@@ -2481,6 +2484,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           foreach ($ids as $id) {
             $is_now = mailbox('get', 'alias_details', $id);
             if (!empty($is_now)) {
+              $internal = (isset($_data['internal'])) ? intval($_data['internal']) : $is_now['internal'];
               $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
               $sogo_visible = (isset($_data['sogo_visible'])) ? intval($_data['sogo_visible']) : $is_now['sogo_visible'];
               $goto_null = (isset($_data['goto_null'])) ? intval($_data['goto_null']) : 0;
@@ -2666,6 +2670,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                 `domain` = :domain,
                 `goto` = :goto,
                 `sogo_visible`= :sogo_visible,
+                `internal`= :internal,
                 `active`= :active
                   WHERE `id` = :id");
               $stmt->execute(array(
@@ -2675,6 +2680,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                 ':domain' => $domain,
                 ':goto' => $goto,
                 ':sogo_visible' => $sogo_visible,
+                ':internal' => $internal,
                 ':active' => $active,
                 ':id' => $is_now['id']
               ));
@@ -4700,6 +4706,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             `address`,
             `public_comment`,
             `private_comment`,
+            `internal`,
             `active`,
             `sogo_visible`,
             `created`,
@@ -4730,6 +4737,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           $aliasdata['goto'] = $row['goto'];
           $aliasdata['address'] = $row['address'];
           (!filter_var($aliasdata['address'], FILTER_VALIDATE_EMAIL)) ? $aliasdata['is_catch_all'] = 1 : $aliasdata['is_catch_all'] = 0;
+          $aliasdata['internal'] = $row['internal'];
           $aliasdata['active'] = $row['active'];
           $aliasdata['active_int'] = $row['active'];
           $aliasdata['sogo_visible'] = $row['sogo_visible'];
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index ecb87c380..1c4f0ebf2 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -184,6 +184,7 @@ function init_db_schema()
           "private_comment" => "TEXT",
           "public_comment" => "TEXT",
           "sogo_visible" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "internal" => "TINYINT(1) NOT NULL DEFAULT '0'",
           "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
         ),
         "keys" => array(
diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index 135ec764a..6a04eb241 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -1972,6 +1972,15 @@ jQuery(function($){
           data: 'private_comment',
           defaultContent: ''
         },
+        {
+          title: lang.internal,
+          data: 'internal',
+          defaultContent: '',
+          responsivePriority: 6,
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"><span class="sorting-value">1</span></i>':0==data&&'<i class="bi bi-x-lg"><span class="sorting-value">0</span></i>';
+          }
+        },
         {
           title: lang.active,
           data: 'active',
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 93b908d6c..b5f3f325d 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -71,6 +71,8 @@
         "goto_spam": "Nachrichten als <span class=\"text-danger\"><b>Spam</b></span> lernen",
         "hostname": "Host",
         "inactive": "Inaktiv",
+        "internal": "Intern",
+        "internal_info": "Interne Aliasse sind nur von der eigenen Domäne oder Alias-Domänen erreichbar.",
         "kind": "Art",
         "mailbox_quota_def": "Standard-Quota einer Mailbox",
         "mailbox_quota_m": "Max. Speicherplatz pro Mailbox (MiB)",
@@ -690,6 +692,8 @@
         "grant_types": "Grant-types",
         "hostname": "Servername",
         "inactive": "Inaktiv",
+        "internal": "Intern",
+        "internal_info": "Interne Aliasse sind nur von der eigenen Domäne oder Alias-Domänen erreichbar.",
         "kind": "Art",
         "last_modified": "Zuletzt geändert",
         "lookup_mx": "Ziel mit MX vergleichen (Regex, etwa <code>.*\\.google\\.com</code>, um alle Ziele mit MX *google.com zu routen)",
@@ -923,6 +927,7 @@
         "in_use": "Prozentualer Gebrauch",
         "inactive": "Inaktiv",
         "insert_preset": "Beispiel \"%s\" laden",
+        "internal": "Intern",
         "kind": "Art",
         "last_mail_login": "Letzter Mail-Login",
         "last_modified": "Zuletzt geändert",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 0af0e59b0..d46e4606c 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -71,6 +71,8 @@
         "goto_spam": "Learn as <span class=\"text-danger\"><b>spam</b></span>",
         "hostname": "Host",
         "inactive": "Inactive",
+        "internal": "Internal",
+        "internal_info": "Internal aliases are only accessible from the own domain or alias domains.",
         "kind": "Kind",
         "mailbox_quota_def": "Default mailbox quota",
         "mailbox_quota_m": "Max. quota per mailbox (MiB)",
@@ -690,6 +692,8 @@
         "grant_types": "Grant types",
         "hostname": "Hostname",
         "inactive": "Inactive",
+        "internal": "Internal",
+        "internal_info": "Internal aliases are only accessible from the own domain or alias domains.",
         "kind": "Kind",
         "last_modified": "Last modified",
         "lookup_mx": "Destination is a regular expression to match against MX name (<code>.*\\.google\\.com</code> to route all mail targeted to a MX ending in google.com over this hop)",
@@ -928,6 +932,7 @@
         "in_use": "In use (%)",
         "inactive": "Inactive",
         "insert_preset": "Insert example preset \"%s\"",
+        "internal": "Internal",
         "kind": "Kind",
         "last_mail_login": "Last mail login",
         "last_modified": "Last modified",
diff --git a/data/web/templates/edit/alias.twig b/data/web/templates/edit/alias.twig
index 48d19617b..64a6e706b 100644
--- a/data/web/templates/edit/alias.twig
+++ b/data/web/templates/edit/alias.twig
@@ -6,6 +6,7 @@
 <br>
 <form class="form-horizontal" data-id="editalias" role="form" method="post">
   <input type="hidden" value="0" name="active">
+  <input type="hidden" value="0" name="internal">
   {% if not skip_sogo %}
   <input type="hidden" value="0" name="sogo_visible">
   {% endif %}
@@ -33,8 +34,12 @@
       <div class="form-check">
         <label><input type="checkbox" class="form-check-input" value="1" name="sogo_visible"{% if result.sogo_visible == '1' %} checked{% endif %}> {{ lang.edit.sogo_visible }}</label>
       </div>
-      <p class="text-muted">{{ lang.edit.sogo_visible_info }}</p>
+      <small class="text-muted d-block mb-2">{{ lang.edit.sogo_visible_info }}</small>
       {% endif %}
+      <div class="form-check">
+        <label><input type="checkbox" class="form-check-input" value="1" name="internal"{% if result.internal == '1' %} checked{% endif %}> {{ lang.edit.internal }}</label>
+      </div>
+      <small class="text-muted d-block">{{ lang.edit.internal_info }}</small>
     </div>
   </div>
   <hr>
diff --git a/data/web/templates/modals/mailbox.twig b/data/web/templates/modals/mailbox.twig
index 0c164332b..1e8ee53fa 100644
--- a/data/web/templates/modals/mailbox.twig
+++ b/data/web/templates/modals/mailbox.twig
@@ -777,6 +777,7 @@
       <div class="modal-body">
         <form class="form-horizontal" data-cached-form="true" role="form" data-id="add_alias">
           <input type="hidden" value="0" name="active">
+          <input type="hidden" value="0" name="internal">
           <div class="row mb-2">
             <label class="control-label col-sm-2 text-sm-end" for="address">{{ lang.add.alias_address }}</label>
             <div class="col-sm-10">
@@ -803,11 +804,15 @@
               <div class="form-check">
                 <label><input type="checkbox" class="form-check-input" value="1" name="sogo_visible" checked> {{ lang.edit.sogo_visible }}</label>
               </div>
-              <p class="text-muted">{{ lang.edit.sogo_visible_info }}</p>
+              <small class="text-muted d-block mb-2">{{ lang.edit.sogo_visible_info }}</small>
               {% endif %}
+              <div class="form-check">
+                <label><input type="checkbox" class="form-check-input" value="1" name="internal"> {{ lang.add.internal }}</label>
+              </div>
+              <small class="text-muted d-block">{{ lang.edit.internal_info }}</small>
             </div>
           </div>
-          <div class="row mb-2">
+          <div class="row mb-4">
             <div class="offset-sm-2 col-sm-10">
               <div class="form-check">
                 <label><input type="checkbox" class="form-check-input" value="1" name="active" checked> {{ lang.add.active }}</label>

From 8d7235b5356f61e6a4a822b1bbeffba32b476e57 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Tue, 9 Sep 2025 10:52:19 +0200
Subject: [PATCH 641/755] [RSPAMD] Add boundary if present when applying
 domain-wide footer

---
 data/conf/rspamd/lua/rspamd.local.lua | 32 +++++++++++++++------------
 1 file changed, 18 insertions(+), 14 deletions(-)

diff --git a/data/conf/rspamd/lua/rspamd.local.lua b/data/conf/rspamd/lua/rspamd.local.lua
index 2bf328e5b..9d0a58bcf 100644
--- a/data/conf/rspamd/lua/rspamd.local.lua
+++ b/data/conf/rspamd/lua/rspamd.local.lua
@@ -550,13 +550,13 @@ rspamd_config:register_symbol({
     -- determine newline type
     local function newline(task)
       local t = task:get_newlines_type()
-    
+
       if t == 'cr' then
         return '\r'
       elseif t == 'lf' then
         return '\n'
       end
-    
+
       return '\r\n'
     end
     -- retrieve footer
@@ -564,7 +564,7 @@ rspamd_config:register_symbol({
       if err or type(data) ~= 'string' then
         rspamd_logger.infox(rspamd_config, "domain wide footer request for user %s returned invalid or empty data (\"%s\") or error (\"%s\")", uname, data, err)
       else
-        
+
         -- parse json string
         local footer = cjson.decode(data)
         if not footer then
@@ -613,26 +613,30 @@ rspamd_config:register_symbol({
             if footer.plain and footer.plain ~= "" then
               footer.plain = lua_util.jinja_template(footer.plain, replacements, true)
             end
-  
+
             -- add footer
             local out = {}
             local rewrite = lua_mime.add_text_footer(task, footer.html, footer.plain) or {}
-        
+
             local seen_cte
             local newline_s = newline(task)
-        
+
             local function rewrite_ct_cb(name, hdr)
               if rewrite.need_rewrite_ct then
                 if name:lower() == 'content-type' then
-                  local nct = string.format('%s: %s/%s; charset=utf-8',
-                      'Content-Type', rewrite.new_ct.type, rewrite.new_ct.subtype)
+                  -- include boundary if present
+                  local boundary_part = rewrite.new_ct.boundary and
+                    string.format('; boundary="%s"', rewrite.new_ct.boundary) or ''
+                  local nct = string.format('%s: %s/%s; charset=utf-8%s',
+                      'Content-Type', rewrite.new_ct.type, rewrite.new_ct.subtype, boundary_part)
                   out[#out + 1] = nct
-                  -- update Content-Type header
+                  -- update Content-Type header (include boundary if present)
                   task:set_milter_reply({
                     remove_headers = {['Content-Type'] = 0},
                   })
                   task:set_milter_reply({
-                    add_headers = {['Content-Type'] = string.format('%s/%s; charset=utf-8', rewrite.new_ct.type, rewrite.new_ct.subtype)}
+                    add_headers = {['Content-Type'] = string.format('%s/%s; charset=utf-8%s',
+                      rewrite.new_ct.type, rewrite.new_ct.subtype, boundary_part)}
                   })
                   return
                 elseif name:lower() == 'content-transfer-encoding' then
@@ -651,16 +655,16 @@ rspamd_config:register_symbol({
               end
               out[#out + 1] = hdr.raw:gsub('\r?\n?$', '')
             end
-        
+
             task:headers_foreach(rewrite_ct_cb, {full = true})
-        
+
             if not seen_cte and rewrite.need_rewrite_ct then
               out[#out + 1] = string.format('%s: %s', 'Content-Transfer-Encoding', 'quoted-printable')
             end
-        
+
             -- End of headers
             out[#out + 1] = newline_s
-        
+
             if rewrite.out then
               for _,o in ipairs(rewrite.out) do
                 out[#out + 1] = o

From 1e192e14f4e16d7644a7efd5594e5c31f70a0fe4 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Tue, 9 Sep 2025 11:09:09 +0200
Subject: [PATCH 642/755] [Web] Only include mailcow_info in JS when
 mailcow_cc_username is set

---
 data/web/templates/base.twig | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig
index 642d130a5..a8d0f6f39 100644
--- a/data/web/templates/base.twig
+++ b/data/web/templates/base.twig
@@ -166,6 +166,7 @@
   var lang_danger = {{ lang_danger|raw }};
   var docker_timeout = {{ docker_timeout|raw }} * 1000;
   var mailcow_cc_role = '{{ mailcow_cc_role }}';
+  {% if mailcow_cc_username %}
   var mailcow_info = {
     version_tag: '{{ mailcow_info.version_tag }}',
     last_version_tag: '{{ mailcow_info.last_version_tag }}',
@@ -175,6 +176,17 @@
     project_repo: '{{ mailcow_info.git_repo }}',
     branch: '{{ mailcow_info.mailcow_branch }}'
   };
+  {% else %}
+  var mailcow_info = {
+    version_tag: '',
+    last_version_tag: '',
+    updatedAt: '',
+    project_url: '',
+    project_owner: '',
+    project_repo: '',
+    branch: ''
+  };
+  {% endif %}
 
 $(window).scroll(function() {
   sessionStorage.scrollTop = $(this).scrollTop();

From 13f7f9830b056e1a1fe8aee51884323cb5bcebae Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Tue, 9 Sep 2025 12:11:19 +0200
Subject: [PATCH 643/755] Prevent user login if protocol access has been
 disabled

---
 data/conf/dovecot/auth/mailcowauth.php |  8 ++++----
 data/web/inc/functions.auth.inc.php    | 16 ++++++++++++++++
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/data/conf/dovecot/auth/mailcowauth.php b/data/conf/dovecot/auth/mailcowauth.php
index c625522ba..06c0bd995 100644
--- a/data/conf/dovecot/auth/mailcowauth.php
+++ b/data/conf/dovecot/auth/mailcowauth.php
@@ -86,7 +86,7 @@ if ($result === false){
     'remote_addr' => $post['real_rip']
   ));
   if ($result) {
-    error_log('MAILCOWAUTH: App auth for user ' . $post['username']);
+    error_log('MAILCOWAUTH: App auth for user ' . $post['username'] . " with service " . $post['service'] . " from IP " . $post['real_rip']);
     set_sasl_log($post['username'], $post['real_rip'], $post['service']);
   }
 }
@@ -94,9 +94,9 @@ if ($result === false){
   // Init Identity Provider
   $iam_provider = identity_provider('init');
   $iam_settings = identity_provider('get');
-  $result = user_login($post['username'], $post['password'], array('is_internal' => true));
+  $result = user_login($post['username'], $post['password'], array('is_internal' => true, 'service' => $post['service']));
   if ($result) {
-    error_log('MAILCOWAUTH: User auth for user ' . $post['username']);
+    error_log('MAILCOWAUTH: User auth for user ' . $post['username'] . " with service " . $post['service'] . " from IP " . $post['real_rip']);
     set_sasl_log($post['username'], $post['real_rip'], $post['service']);
   }
 }
@@ -105,7 +105,7 @@ if ($result) {
   http_response_code(200); // OK
   $return['success'] = true;
 } else {
-  error_log("MAILCOWAUTH: Login failed for user " . $post['username']);
+  error_log("MAILCOWAUTH: Login failed for user " . $post['username'] . " with service " . $post['service'] . " from IP " . $post['real_rip']);
   http_response_code(401); // Unauthorized
 }
 
diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index f1c70103e..059dd4cd9 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -193,6 +193,7 @@ function user_login($user, $pass, $extra = null){
   global $iam_settings;
 
   $is_internal = $extra['is_internal'];
+  $service = $extra['service'];
 
   if (!filter_var($user, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) {
     if (!$is_internal){
@@ -235,6 +236,14 @@ function user_login($user, $pass, $extra = null){
       $row = $stmt->fetch(PDO::FETCH_ASSOC);
 
       if (!empty($row)) {
+        // check if user has access to service (imap, smtp, pop3, sieve) if service is set
+        $row['attributes'] = json_decode($row['attributes'], true);
+        if (isset($service)) {
+          $key = strtolower($service) . "_access";
+          if (isset($row['attributes'][$key]) && $row['attributes'][$key] != '1') {
+            return false;
+          }
+        }
         return true;
       }
     }
@@ -242,7 +251,14 @@ function user_login($user, $pass, $extra = null){
     return false;
   }
 
+  // check if user has access to service (imap, smtp, pop3, sieve) if service is set
   $row['attributes'] = json_decode($row['attributes'], true);
+  if (isset($service)) {
+    $key = strtolower($service) . "_access";
+    if (isset($row['attributes'][$key]) && $row['attributes'][$key] != '1') {
+      return false;
+    }
+  }
   switch ($row['authsource']) {
     case 'keycloak':
       // user authsource is keycloak, try using via rest flow

From 8c8497d885b816397b36bc11470e11c459a6b98c Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Tue, 9 Sep 2025 12:50:19 +0200
Subject: [PATCH 644/755] [Rspamd] only recreate external_services.conf file if
 it was deleted

---
 data/Dockerfiles/rspamd/docker-entrypoint.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/data/Dockerfiles/rspamd/docker-entrypoint.sh b/data/Dockerfiles/rspamd/docker-entrypoint.sh
index 7385488b0..a764725cb 100755
--- a/data/Dockerfiles/rspamd/docker-entrypoint.sh
+++ b/data/Dockerfiles/rspamd/docker-entrypoint.sh
@@ -86,7 +86,8 @@ if [[ "${SKIP_OLEFY}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
     rm /etc/rspamd/local.d/external_services.conf
   fi
 else
-  cat <<EOF > /etc/rspamd/local.d/external_services.conf
+  if [[ ! -f /etc/rspamd/local.d/external_services.conf ]]; then
+    cat <<EOF > /etc/rspamd/local.d/external_services.conf
 oletools {
   # default olefy settings
   servers = "olefy:10055";
@@ -100,6 +101,7 @@ oletools {
   retransmits = 1;
 }
 EOF
+  fi
 fi
 
 # Provide additional lua modules

From 8cb25709aea2f715cbac5ba7fd89130181fd98ec Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Wed, 10 Sep 2025 08:23:22 +0200
Subject: [PATCH 645/755] [Clamd] update to 1.71

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 0501e43fa..874933bf0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -65,7 +65,7 @@ services:
             - redis
 
     clamd-mailcow:
-      image: ghcr.io/mailcow/clamd:1.70
+      image: ghcr.io/mailcow/clamd:1.71
       restart: always
       depends_on:
         unbound-mailcow:

From 1c438330c6c21f6b5b065aee65adef453b4dc4ce Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Wed, 10 Sep 2025 10:14:37 +0200
Subject: [PATCH 646/755] [postfix-tlspol] build with NOOPT=1 for wider CPU
 compatibility

---
 data/Dockerfiles/postfix-tlspol/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/Dockerfiles/postfix-tlspol/Dockerfile b/data/Dockerfiles/postfix-tlspol/Dockerfile
index 95a035265..c32f86f57 100644
--- a/data/Dockerfiles/postfix-tlspol/Dockerfile
+++ b/data/Dockerfiles/postfix-tlspol/Dockerfile
@@ -3,6 +3,7 @@ WORKDIR /src
 
 ENV CGO_ENABLED=0 \
     GO111MODULE=on \
+		NOOPT=1 \
     VERSION=1.8.14
 
 RUN git clone --branch v${VERSION} https://github.com/Zuplu/postfix-tlspol && \

From 262fe04286cab6d9d1690699022ac19808cfe26c Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Wed, 10 Sep 2025 11:17:34 +0200
Subject: [PATCH 647/755] change MAJOR_VERSIONS 2025-08 to 2025-09

---
 _modules/scripts/core.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_modules/scripts/core.sh b/_modules/scripts/core.sh
index ab67f25c6..f71368d24 100644
--- a/_modules/scripts/core.sh
+++ b/_modules/scripts/core.sh
@@ -185,7 +185,7 @@ detect_major_update() {
     MAJOR_VERSIONS=(
       "2025-02"
       "2025-03"
-      "2025-08"
+      "2025-09"
     )
 
     current_version=""

From 94c1a6c4e1f8901e38e4562dd208cc026277fab8 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 10 Sep 2025 16:20:58 +0200
Subject: [PATCH 648/755] scripts:  ipv6_controller improvement + fix modules
 handling (#6722)

* Fix subscript handling for modules

* ipv6: detect case when link local is present

* v6-controller: removed fixed-cidr for docker 28+
---
 _modules/scripts/ipv6_controller.sh | 148 ++++++++++++++++++++--------
 generate_config.sh                  |  21 ++++
 helper-scripts/_cold-standby.sh     |   2 +-
 update.sh                           |  16 ++-
 4 files changed, 145 insertions(+), 42 deletions(-)

diff --git a/_modules/scripts/ipv6_controller.sh b/_modules/scripts/ipv6_controller.sh
index de5272048..1ff5eb198 100644
--- a/_modules/scripts/ipv6_controller.sh
+++ b/_modules/scripts/ipv6_controller.sh
@@ -5,14 +5,65 @@
 
 # 1) Check if the host supports IPv6
 get_ipv6_support() {
-  if grep -qs '^1' /proc/sys/net/ipv6/conf/all/disable_ipv6 2>/dev/null \
-    || ! ip -6 route show default &>/dev/null; then
+  # ---- helper: probe external IPv6 connectivity without DNS ----
+  _probe_ipv6_connectivity() {
+    # Use literal, always-on IPv6 echo responders (no DNS required)
+    local PROBE_IPS=("2001:4860:4860::8888" "2606:4700:4700::1111")
+    local ip rc=1
+
+    for ip in "${PROBE_IPS[@]}"; do
+      if command -v ping6 &>/dev/null; then
+        ping6 -c1 -W2 "$ip" &>/dev/null || ping6 -c1 -w2 "$ip" &>/dev/null
+        rc=$?
+      elif command -v ping &>/dev/null; then
+        ping -6 -c1 -W2 "$ip" &>/dev/null || ping -6 -c1 -w2 "$ip" &>/dev/null
+        rc=$?
+      else
+        rc=1
+      fi
+      [[ $rc -eq 0 ]] && return 0
+    done
+    return 1
+  }
+
+  if [[ ! -f /proc/net/if_inet6 ]] || grep -qs '^1' /proc/sys/net/ipv6/conf/all/disable_ipv6 2>/dev/null; then
     DETECTED_IPV6=false
-    echo -e "${YELLOW}IPv6 not detected on host – ${LIGHT_RED}disabling IPv6 support${YELLOW}.${NC}"
-  else
-    DETECTED_IPV6=true
-    echo -e "IPv6 detected on host – ${LIGHT_GREEN}leaving IPv6 support enabled${YELLOW}.${NC}"
+    echo -e "${YELLOW}IPv6 not detected on host – ${LIGHT_RED}IPv6 is administratively disabled${YELLOW}.${NC}"
+    return
   fi
+
+  if ip -6 route show default 2>/dev/null | grep -qE '^default'; then
+    echo -e "${YELLOW}Default IPv6 route found – testing external IPv6 connectivity...${NC}"
+    if _probe_ipv6_connectivity; then
+      DETECTED_IPV6=true
+      echo -e "IPv6 detected on host – ${LIGHT_GREEN}leaving IPv6 support enabled${YELLOW}.${NC}"
+    else
+      DETECTED_IPV6=false
+      echo -e "${YELLOW}Default IPv6 route present but external IPv6 connectivity failed – ${LIGHT_RED}disabling IPv6 support${YELLOW}.${NC}"
+    fi
+    return
+  fi
+
+  if ip -6 addr show scope global 2>/dev/null | grep -q 'inet6'; then
+    DETECTED_IPV6=false
+    echo -e "${YELLOW}Global IPv6 address present but no default route – ${LIGHT_RED}disabling IPv6 support${YELLOW}.${NC}"
+    return
+  fi
+
+  if ip -6 addr show scope link 2>/dev/null | grep -q 'inet6'; then
+    echo -e "${YELLOW}Only link-local IPv6 addresses found – testing external IPv6 connectivity...${NC}"
+    if _probe_ipv6_connectivity; then
+      DETECTED_IPV6=true
+      echo -e "External IPv6 connectivity available – ${LIGHT_GREEN}leaving IPv6 support enabled${YELLOW}.${NC}"
+    else
+      DETECTED_IPV6=false
+      echo -e "${YELLOW}Only link-local IPv6 present and no external connectivity – ${LIGHT_RED}disabling IPv6 support${YELLOW}.${NC}"
+    fi
+    return
+  fi
+
+  DETECTED_IPV6=false
+  echo -e "${YELLOW}IPv6 not detected on host – ${LIGHT_RED}disabling IPv6 support${YELLOW}.${NC}"
 }
 
 # 2) Ensure Docker daemon.json has (or create) the required IPv6 settings
@@ -21,7 +72,7 @@ docker_daemon_edit(){
   DOCKER_MAJOR=$(docker version --format '{{.Server.Version}}' 2>/dev/null | cut -d. -f1)
   MISSING=()
 
-  _has_kv() { grep -Eq "\"$1\"\s*:\s*$2" "$DOCKER_DAEMON_CONFIG" 2>/dev/null; }
+  _has_kv() { grep -Eq "\"$1\"[[:space:]]*:[[:space:]]*$2" "$DOCKER_DAEMON_CONFIG" 2>/dev/null; }
 
   if [[ -f "$DOCKER_DAEMON_CONFIG" ]]; then
 
@@ -38,12 +89,18 @@ docker_daemon_edit(){
     fi
 
     # Gather missing keys
-    ! _has_kv ipv6 true       && MISSING+=("ipv6: true")
-    ! grep -Eq '"fixed-cidr-v6"\s*:\s*".+"' "$DOCKER_DAEMON_CONFIG" \
-                              && MISSING+=('fixed-cidr-v6: "fd00:dead:beef:c0::/80"')
-    if [[ -n "$DOCKER_MAJOR" && "$DOCKER_MAJOR" -le 27 ]]; then
+    ! _has_kv ipv6 true && MISSING+=("ipv6: true")
+
+    # For Docker < 28, keep requiring fixed-cidr-v6 (default bridge needs it on old engines)
+    if [[ -n "$DOCKER_MAJOR" && "$DOCKER_MAJOR" -lt 28 ]]; then
+      ! grep -Eq '"fixed-cidr-v6"[[:space:]]*:[[:space:]]*".+"' "$DOCKER_DAEMON_CONFIG" \
+                                && MISSING+=('fixed-cidr-v6: "fd00:dead:beef:c0::/80"')
+    fi
+
+    # For Docker < 27, ip6tables needed and was tied to experimental in older releases
+    if [[ -n "$DOCKER_MAJOR" && "$DOCKER_MAJOR" -lt 27 ]]; then
       _has_kv ipv6 true && ! _has_kv ip6tables true && MISSING+=("ip6tables: true")
-      ! _has_kv experimental true                 && MISSING+=("experimental: true")
+      ! _has_kv experimental true && MISSING+=("experimental: true")
     fi
 
     # Fix if needed
@@ -60,9 +117,19 @@ docker_daemon_edit(){
         cp "$DOCKER_DAEMON_CONFIG" "${DOCKER_DAEMON_CONFIG}.bak"
         if command -v jq &>/dev/null; then
           TMP=$(mktemp)
-          JQ_FILTER='.ipv6 = true | .["fixed-cidr-v6"] = "fd00:dead:beef:c0::/80"'
-          [[ "$DOCKER_MAJOR" && "$DOCKER_MAJOR" -lt 27 ]] \
-            && JQ_FILTER+=' | .ip6tables = true | .experimental = true'
+          # Base filter: ensure ipv6 = true
+          JQ_FILTER='.ipv6 = true'
+
+          # Add fixed-cidr-v6 only for Docker < 28
+          if [[ -n "$DOCKER_MAJOR" && "$DOCKER_MAJOR" -lt 28 ]]; then
+            JQ_FILTER+=' | .["fixed-cidr-v6"] = (.["fixed-cidr-v6"] // "fd00:dead:beef:c0::/80")'
+          fi
+
+          # Add ip6tables/experimental only for Docker < 27
+          if [[ -n "$DOCKER_MAJOR" && "$DOCKER_MAJOR" -lt 27 ]]; then
+            JQ_FILTER+=' | .ip6tables = true | .experimental = true'
+          fi
+
           jq "$JQ_FILTER" "$DOCKER_DAEMON_CONFIG" >"$TMP" && mv "$TMP" "$DOCKER_DAEMON_CONFIG"
           echo -e "${LIGHT_GREEN}daemon.json updated. Restarting Docker...${NC}"
           (command -v systemctl &>/dev/null && systemctl restart docker) || service docker restart
@@ -97,12 +164,19 @@ docker_daemon_edit(){
   "experimental": true
 }
 EOF
-      else
+      elif [[ -n "$DOCKER_MAJOR" && "$DOCKER_MAJOR" -lt 28 ]]; then
         cat > "$DOCKER_DAEMON_CONFIG" <<EOF
 {
   "ipv6": true,
   "fixed-cidr-v6": "fd00:dead:beef:c0::/80"
 }
+EOF
+      else
+        # Docker 28+: ipv6 works without fixed-cidr-v6
+        cat > "$DOCKER_DAEMON_CONFIG" <<EOF
+{
+  "ipv6": true
+}
 EOF
       fi
       echo -e "${GREEN}Created $DOCKER_DAEMON_CONFIG with IPv6 settings.${NC}"
@@ -122,7 +196,7 @@ configure_ipv6() {
   # detect manual override if mailcow.conf is present
   if [[ -n "$MAILCOW_CONF" && -f "$MAILCOW_CONF" ]] && grep -q '^ENABLE_IPV6=' "$MAILCOW_CONF"; then
     MANUAL_SETTING=$(grep '^ENABLE_IPV6=' "$MAILCOW_CONF" | cut -d= -f2)
-  elif [[ -z "$MAILCOW_CONF" ]] && [[ ! -z "${ENABLE_IPV6:-}" ]]; then
+  elif [[ -z "$MAILCOW_CONF" ]] && [[ -n "${ENABLE_IPV6:-}" ]]; then
     MANUAL_SETTING="$ENABLE_IPV6"
   else
     MANUAL_SETTING=""
@@ -131,38 +205,34 @@ configure_ipv6() {
   get_ipv6_support
 
   # if user manually set it, check for mismatch
-  if [[ -n "$MANUAL_SETTING" ]]; then
-    if [[ "$MANUAL_SETTING" == "false" && "$DETECTED_IPV6" == "true" ]]; then
-      echo -e "${RED}ERROR: You have ENABLE_IPV6=false but your host and Docker support IPv6.${NC}"
-      echo -e "${RED}This can create an open relay. Please set ENABLE_IPV6=true in your mailcow.conf and re-run.${NC}"
-      exit 1
-    elif [[ "$MANUAL_SETTING" == "true" && "$DETECTED_IPV6" == "false" ]]; then
-      echo -e "${RED}ERROR: You have ENABLE_IPV6=true but your host does not support IPv6.${NC}"
-      echo -e "${RED}Please disable or fix your host/Docker IPv6 support, or set ENABLE_IPV6=false.${NC}"
-      exit 1
+  if [[ "$DETECTED_IPV6" != "true" ]]; then
+    if [[ -n "$MAILCOW_CONF" && -f "$MAILCOW_CONF" ]]; then
+      if grep -q '^ENABLE_IPV6=' "$MAILCOW_CONF"; then
+        sed -i 's/^ENABLE_IPV6=.*/ENABLE_IPV6=false/' "$MAILCOW_CONF"
+      else
+        echo "ENABLE_IPV6=false" >> "$MAILCOW_CONF"
+      fi
     else
-      return
+      export IPV6_BOOL=false
     fi
-  fi
-
-  # no manual override: proceed to set or export
-  if [[ "$DETECTED_IPV6" == "true" ]]; then
-    docker_daemon_edit
-  else
     echo "Skipping Docker IPv6 configuration because host does not support IPv6."
+    echo "Make sure to check if your docker daemon.json does not include \"enable_ipv6\": true if you do not want IPv6."
+    echo "IPv6 configuration complete: ENABLE_IPV6=false"
+    sleep 2
+    return
   fi
 
-  # now write into mailcow.conf or export
+  docker_daemon_edit
+
   if [[ -n "$MAILCOW_CONF" && -f "$MAILCOW_CONF" ]]; then
-    LINE="ENABLE_IPV6=$DETECTED_IPV6"
     if grep -q '^ENABLE_IPV6=' "$MAILCOW_CONF"; then
-      sed -i "s/^ENABLE_IPV6=.*/$LINE/" "$MAILCOW_CONF"
+      sed -i 's/^ENABLE_IPV6=.*/ENABLE_IPV6=true/' "$MAILCOW_CONF"
     else
-      echo "$LINE" >> "$MAILCOW_CONF"
+      echo "ENABLE_IPV6=true" >> "$MAILCOW_CONF"
     fi
   else
-    export IPV6_BOOL="$DETECTED_IPV6"
+    export IPV6_BOOL=true
   fi
 
-  echo "IPv6 configuration complete: ENABLE_IPV6=$DETECTED_IPV6"
+  echo "IPv6 configuration complete: ENABLE_IPV6=true"
 }
\ No newline at end of file
diff --git a/generate_config.sh b/generate_config.sh
index 9610bf18d..2dba91d51 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -1,5 +1,26 @@
 #!/usr/bin/env bash
 
+# Ensure the script is run from the directory that contains a link of .env
+# Resolve the directory this script lives in for consistent behavior when invoked from elsewhere
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]:-$0}")" >/dev/null 2>&1 && pwd)"
+
+# Ensure script is executed in the mailcow installation directory by checking for a .env symlink that points to mailcow.conf
+if [ ! -L "${PWD}/.env" ]; then
+  echo -e "\e[33mPlease run this script from the mailcow installation directory.\e[0m"
+  echo -e "  \e[36mcd /path/to/mailcow && ./generate_config.sh\e[0m"
+  exit 1
+fi
+
+# Verify the .env symlink points to a mailcow.conf file
+env_target="$(readlink -f "${PWD}/.env" 2>/dev/null || true)"
+if [ -z "$env_target" ] || [ "$(basename "$env_target")" != "mailcow.conf" ]; then
+  echo -e "\e[31mThe found .env symlink does not point to a mailcow.conf file.\e[0m"
+  echo -e "\e[33mPlease create a symbolic link .env -> mailcow.conf inside the mailcow directory and run this script there.\e[0m"
+  echo -e "\e[33mNote: 'ln -s mailcow.conf .env' will create the symlink even if mailcow.conf does not yet exist.\e[0m"
+  echo -e "  \e[36mcd /path/to/mailcow && ln -s mailcow.conf .env && ./generate_config.sh\e[0m"
+  exit 1
+fi
+
 # Load mailcow Generic Scripts
 source _modules/scripts/core.sh
 source _modules/scripts/ipv6_controller.sh
diff --git a/helper-scripts/_cold-standby.sh b/helper-scripts/_cold-standby.sh
index bfda3ba94..f02436a95 100755
--- a/helper-scripts/_cold-standby.sh
+++ b/helper-scripts/_cold-standby.sh
@@ -293,7 +293,7 @@ if ! ssh -o StrictHostKeyChecking=no \
   -i "${REMOTE_SSH_KEY}" \
   ${REMOTE_SSH_HOST} \
   -p ${REMOTE_SSH_PORT} \
-  ${SCRIPT_DIR}/../update.sh -f --gc ; then
+  "cd \"${SCRIPT_DIR}/../\" && ./update.sh -f --gc" ; then
     >&2 echo -e "\e[31m[ERR]\e[0m - Could not cleanup old images on remote"
 fi
 
diff --git a/update.sh b/update.sh
index 89dec3e66..4ec0e7e40 100755
--- a/update.sh
+++ b/update.sh
@@ -3,6 +3,20 @@
 ############## Begin Function Section ##############
 
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+MAILCOW_CONF="${SCRIPT_DIR}/mailcow.conf"
+
+# Ensure the script is run from the directory that contains mailcow.conf
+if [ ! -f "${PWD}/mailcow.conf" ]; then
+  if [ -f "${SCRIPT_DIR}/mailcow.conf" ]; then
+    echo -e "\e[33mPlease run this script directly from the mailcow installation directory:\e[0m"
+    echo -e "  \e[36mcd ${SCRIPT_DIR} && ./update.sh\e[0m"
+    exit 1
+  else
+    echo -e "\e[31mmailcow.conf not found in current directory or script directory (\e[36m${SCRIPT_DIR}\e[31m).\e[0m"
+    echo -e "\e[33mRun this script directly from your mailcow installation directory.\e[0m"
+    exit 1
+  fi
+fi
 BRANCH="$(cd "${SCRIPT_DIR}" && git rev-parse --abbrev-ref HEAD)"
 
 MODULE_DIR="${SCRIPT_DIR}/_modules"
@@ -27,8 +41,6 @@ if [ "$(id -u)" -ne "0" ]; then
   exit 1
 fi
 
-SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-
 # Run pre-update-hook
 if [ -f "${SCRIPT_DIR}/pre_update_hook.sh" ]; then
   bash "${SCRIPT_DIR}/pre_update_hook.sh"

From 4db1569c93ce41467f32a34007b081c179dc9645 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 10 Sep 2025 16:22:19 +0200
Subject: [PATCH 649/755] Squashed commit of the following:

commit 94c1a6c4e1f8901e38e4562dd208cc026277fab8
Author: DerLinkman <niklas.meyer@servercow.de>
Date:   Wed Sep 10 16:20:58 2025 +0200

    scripts:  ipv6_controller improvement + fix modules handling (#6722)

    * Fix subscript handling for modules

    * ipv6: detect case when link local is present

    * v6-controller: removed fixed-cidr for docker 28+
---
 _modules/scripts/ipv6_controller.sh | 148 ++++++++++++++++++++--------
 generate_config.sh                  |  21 ++++
 helper-scripts/_cold-standby.sh     |   2 +-
 update.sh                           |  16 ++-
 4 files changed, 145 insertions(+), 42 deletions(-)

diff --git a/_modules/scripts/ipv6_controller.sh b/_modules/scripts/ipv6_controller.sh
index de5272048..1ff5eb198 100644
--- a/_modules/scripts/ipv6_controller.sh
+++ b/_modules/scripts/ipv6_controller.sh
@@ -5,14 +5,65 @@
 
 # 1) Check if the host supports IPv6
 get_ipv6_support() {
-  if grep -qs '^1' /proc/sys/net/ipv6/conf/all/disable_ipv6 2>/dev/null \
-    || ! ip -6 route show default &>/dev/null; then
+  # ---- helper: probe external IPv6 connectivity without DNS ----
+  _probe_ipv6_connectivity() {
+    # Use literal, always-on IPv6 echo responders (no DNS required)
+    local PROBE_IPS=("2001:4860:4860::8888" "2606:4700:4700::1111")
+    local ip rc=1
+
+    for ip in "${PROBE_IPS[@]}"; do
+      if command -v ping6 &>/dev/null; then
+        ping6 -c1 -W2 "$ip" &>/dev/null || ping6 -c1 -w2 "$ip" &>/dev/null
+        rc=$?
+      elif command -v ping &>/dev/null; then
+        ping -6 -c1 -W2 "$ip" &>/dev/null || ping -6 -c1 -w2 "$ip" &>/dev/null
+        rc=$?
+      else
+        rc=1
+      fi
+      [[ $rc -eq 0 ]] && return 0
+    done
+    return 1
+  }
+
+  if [[ ! -f /proc/net/if_inet6 ]] || grep -qs '^1' /proc/sys/net/ipv6/conf/all/disable_ipv6 2>/dev/null; then
     DETECTED_IPV6=false
-    echo -e "${YELLOW}IPv6 not detected on host – ${LIGHT_RED}disabling IPv6 support${YELLOW}.${NC}"
-  else
-    DETECTED_IPV6=true
-    echo -e "IPv6 detected on host – ${LIGHT_GREEN}leaving IPv6 support enabled${YELLOW}.${NC}"
+    echo -e "${YELLOW}IPv6 not detected on host – ${LIGHT_RED}IPv6 is administratively disabled${YELLOW}.${NC}"
+    return
   fi
+
+  if ip -6 route show default 2>/dev/null | grep -qE '^default'; then
+    echo -e "${YELLOW}Default IPv6 route found – testing external IPv6 connectivity...${NC}"
+    if _probe_ipv6_connectivity; then
+      DETECTED_IPV6=true
+      echo -e "IPv6 detected on host – ${LIGHT_GREEN}leaving IPv6 support enabled${YELLOW}.${NC}"
+    else
+      DETECTED_IPV6=false
+      echo -e "${YELLOW}Default IPv6 route present but external IPv6 connectivity failed – ${LIGHT_RED}disabling IPv6 support${YELLOW}.${NC}"
+    fi
+    return
+  fi
+
+  if ip -6 addr show scope global 2>/dev/null | grep -q 'inet6'; then
+    DETECTED_IPV6=false
+    echo -e "${YELLOW}Global IPv6 address present but no default route – ${LIGHT_RED}disabling IPv6 support${YELLOW}.${NC}"
+    return
+  fi
+
+  if ip -6 addr show scope link 2>/dev/null | grep -q 'inet6'; then
+    echo -e "${YELLOW}Only link-local IPv6 addresses found – testing external IPv6 connectivity...${NC}"
+    if _probe_ipv6_connectivity; then
+      DETECTED_IPV6=true
+      echo -e "External IPv6 connectivity available – ${LIGHT_GREEN}leaving IPv6 support enabled${YELLOW}.${NC}"
+    else
+      DETECTED_IPV6=false
+      echo -e "${YELLOW}Only link-local IPv6 present and no external connectivity – ${LIGHT_RED}disabling IPv6 support${YELLOW}.${NC}"
+    fi
+    return
+  fi
+
+  DETECTED_IPV6=false
+  echo -e "${YELLOW}IPv6 not detected on host – ${LIGHT_RED}disabling IPv6 support${YELLOW}.${NC}"
 }
 
 # 2) Ensure Docker daemon.json has (or create) the required IPv6 settings
@@ -21,7 +72,7 @@ docker_daemon_edit(){
   DOCKER_MAJOR=$(docker version --format '{{.Server.Version}}' 2>/dev/null | cut -d. -f1)
   MISSING=()
 
-  _has_kv() { grep -Eq "\"$1\"\s*:\s*$2" "$DOCKER_DAEMON_CONFIG" 2>/dev/null; }
+  _has_kv() { grep -Eq "\"$1\"[[:space:]]*:[[:space:]]*$2" "$DOCKER_DAEMON_CONFIG" 2>/dev/null; }
 
   if [[ -f "$DOCKER_DAEMON_CONFIG" ]]; then
 
@@ -38,12 +89,18 @@ docker_daemon_edit(){
     fi
 
     # Gather missing keys
-    ! _has_kv ipv6 true       && MISSING+=("ipv6: true")
-    ! grep -Eq '"fixed-cidr-v6"\s*:\s*".+"' "$DOCKER_DAEMON_CONFIG" \
-                              && MISSING+=('fixed-cidr-v6: "fd00:dead:beef:c0::/80"')
-    if [[ -n "$DOCKER_MAJOR" && "$DOCKER_MAJOR" -le 27 ]]; then
+    ! _has_kv ipv6 true && MISSING+=("ipv6: true")
+
+    # For Docker < 28, keep requiring fixed-cidr-v6 (default bridge needs it on old engines)
+    if [[ -n "$DOCKER_MAJOR" && "$DOCKER_MAJOR" -lt 28 ]]; then
+      ! grep -Eq '"fixed-cidr-v6"[[:space:]]*:[[:space:]]*".+"' "$DOCKER_DAEMON_CONFIG" \
+                                && MISSING+=('fixed-cidr-v6: "fd00:dead:beef:c0::/80"')
+    fi
+
+    # For Docker < 27, ip6tables needed and was tied to experimental in older releases
+    if [[ -n "$DOCKER_MAJOR" && "$DOCKER_MAJOR" -lt 27 ]]; then
       _has_kv ipv6 true && ! _has_kv ip6tables true && MISSING+=("ip6tables: true")
-      ! _has_kv experimental true                 && MISSING+=("experimental: true")
+      ! _has_kv experimental true && MISSING+=("experimental: true")
     fi
 
     # Fix if needed
@@ -60,9 +117,19 @@ docker_daemon_edit(){
         cp "$DOCKER_DAEMON_CONFIG" "${DOCKER_DAEMON_CONFIG}.bak"
         if command -v jq &>/dev/null; then
           TMP=$(mktemp)
-          JQ_FILTER='.ipv6 = true | .["fixed-cidr-v6"] = "fd00:dead:beef:c0::/80"'
-          [[ "$DOCKER_MAJOR" && "$DOCKER_MAJOR" -lt 27 ]] \
-            && JQ_FILTER+=' | .ip6tables = true | .experimental = true'
+          # Base filter: ensure ipv6 = true
+          JQ_FILTER='.ipv6 = true'
+
+          # Add fixed-cidr-v6 only for Docker < 28
+          if [[ -n "$DOCKER_MAJOR" && "$DOCKER_MAJOR" -lt 28 ]]; then
+            JQ_FILTER+=' | .["fixed-cidr-v6"] = (.["fixed-cidr-v6"] // "fd00:dead:beef:c0::/80")'
+          fi
+
+          # Add ip6tables/experimental only for Docker < 27
+          if [[ -n "$DOCKER_MAJOR" && "$DOCKER_MAJOR" -lt 27 ]]; then
+            JQ_FILTER+=' | .ip6tables = true | .experimental = true'
+          fi
+
           jq "$JQ_FILTER" "$DOCKER_DAEMON_CONFIG" >"$TMP" && mv "$TMP" "$DOCKER_DAEMON_CONFIG"
           echo -e "${LIGHT_GREEN}daemon.json updated. Restarting Docker...${NC}"
           (command -v systemctl &>/dev/null && systemctl restart docker) || service docker restart
@@ -97,12 +164,19 @@ docker_daemon_edit(){
   "experimental": true
 }
 EOF
-      else
+      elif [[ -n "$DOCKER_MAJOR" && "$DOCKER_MAJOR" -lt 28 ]]; then
         cat > "$DOCKER_DAEMON_CONFIG" <<EOF
 {
   "ipv6": true,
   "fixed-cidr-v6": "fd00:dead:beef:c0::/80"
 }
+EOF
+      else
+        # Docker 28+: ipv6 works without fixed-cidr-v6
+        cat > "$DOCKER_DAEMON_CONFIG" <<EOF
+{
+  "ipv6": true
+}
 EOF
       fi
       echo -e "${GREEN}Created $DOCKER_DAEMON_CONFIG with IPv6 settings.${NC}"
@@ -122,7 +196,7 @@ configure_ipv6() {
   # detect manual override if mailcow.conf is present
   if [[ -n "$MAILCOW_CONF" && -f "$MAILCOW_CONF" ]] && grep -q '^ENABLE_IPV6=' "$MAILCOW_CONF"; then
     MANUAL_SETTING=$(grep '^ENABLE_IPV6=' "$MAILCOW_CONF" | cut -d= -f2)
-  elif [[ -z "$MAILCOW_CONF" ]] && [[ ! -z "${ENABLE_IPV6:-}" ]]; then
+  elif [[ -z "$MAILCOW_CONF" ]] && [[ -n "${ENABLE_IPV6:-}" ]]; then
     MANUAL_SETTING="$ENABLE_IPV6"
   else
     MANUAL_SETTING=""
@@ -131,38 +205,34 @@ configure_ipv6() {
   get_ipv6_support
 
   # if user manually set it, check for mismatch
-  if [[ -n "$MANUAL_SETTING" ]]; then
-    if [[ "$MANUAL_SETTING" == "false" && "$DETECTED_IPV6" == "true" ]]; then
-      echo -e "${RED}ERROR: You have ENABLE_IPV6=false but your host and Docker support IPv6.${NC}"
-      echo -e "${RED}This can create an open relay. Please set ENABLE_IPV6=true in your mailcow.conf and re-run.${NC}"
-      exit 1
-    elif [[ "$MANUAL_SETTING" == "true" && "$DETECTED_IPV6" == "false" ]]; then
-      echo -e "${RED}ERROR: You have ENABLE_IPV6=true but your host does not support IPv6.${NC}"
-      echo -e "${RED}Please disable or fix your host/Docker IPv6 support, or set ENABLE_IPV6=false.${NC}"
-      exit 1
+  if [[ "$DETECTED_IPV6" != "true" ]]; then
+    if [[ -n "$MAILCOW_CONF" && -f "$MAILCOW_CONF" ]]; then
+      if grep -q '^ENABLE_IPV6=' "$MAILCOW_CONF"; then
+        sed -i 's/^ENABLE_IPV6=.*/ENABLE_IPV6=false/' "$MAILCOW_CONF"
+      else
+        echo "ENABLE_IPV6=false" >> "$MAILCOW_CONF"
+      fi
     else
-      return
+      export IPV6_BOOL=false
     fi
-  fi
-
-  # no manual override: proceed to set or export
-  if [[ "$DETECTED_IPV6" == "true" ]]; then
-    docker_daemon_edit
-  else
     echo "Skipping Docker IPv6 configuration because host does not support IPv6."
+    echo "Make sure to check if your docker daemon.json does not include \"enable_ipv6\": true if you do not want IPv6."
+    echo "IPv6 configuration complete: ENABLE_IPV6=false"
+    sleep 2
+    return
   fi
 
-  # now write into mailcow.conf or export
+  docker_daemon_edit
+
   if [[ -n "$MAILCOW_CONF" && -f "$MAILCOW_CONF" ]]; then
-    LINE="ENABLE_IPV6=$DETECTED_IPV6"
     if grep -q '^ENABLE_IPV6=' "$MAILCOW_CONF"; then
-      sed -i "s/^ENABLE_IPV6=.*/$LINE/" "$MAILCOW_CONF"
+      sed -i 's/^ENABLE_IPV6=.*/ENABLE_IPV6=true/' "$MAILCOW_CONF"
     else
-      echo "$LINE" >> "$MAILCOW_CONF"
+      echo "ENABLE_IPV6=true" >> "$MAILCOW_CONF"
     fi
   else
-    export IPV6_BOOL="$DETECTED_IPV6"
+    export IPV6_BOOL=true
   fi
 
-  echo "IPv6 configuration complete: ENABLE_IPV6=$DETECTED_IPV6"
+  echo "IPv6 configuration complete: ENABLE_IPV6=true"
 }
\ No newline at end of file
diff --git a/generate_config.sh b/generate_config.sh
index 9610bf18d..2dba91d51 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -1,5 +1,26 @@
 #!/usr/bin/env bash
 
+# Ensure the script is run from the directory that contains a link of .env
+# Resolve the directory this script lives in for consistent behavior when invoked from elsewhere
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]:-$0}")" >/dev/null 2>&1 && pwd)"
+
+# Ensure script is executed in the mailcow installation directory by checking for a .env symlink that points to mailcow.conf
+if [ ! -L "${PWD}/.env" ]; then
+  echo -e "\e[33mPlease run this script from the mailcow installation directory.\e[0m"
+  echo -e "  \e[36mcd /path/to/mailcow && ./generate_config.sh\e[0m"
+  exit 1
+fi
+
+# Verify the .env symlink points to a mailcow.conf file
+env_target="$(readlink -f "${PWD}/.env" 2>/dev/null || true)"
+if [ -z "$env_target" ] || [ "$(basename "$env_target")" != "mailcow.conf" ]; then
+  echo -e "\e[31mThe found .env symlink does not point to a mailcow.conf file.\e[0m"
+  echo -e "\e[33mPlease create a symbolic link .env -> mailcow.conf inside the mailcow directory and run this script there.\e[0m"
+  echo -e "\e[33mNote: 'ln -s mailcow.conf .env' will create the symlink even if mailcow.conf does not yet exist.\e[0m"
+  echo -e "  \e[36mcd /path/to/mailcow && ln -s mailcow.conf .env && ./generate_config.sh\e[0m"
+  exit 1
+fi
+
 # Load mailcow Generic Scripts
 source _modules/scripts/core.sh
 source _modules/scripts/ipv6_controller.sh
diff --git a/helper-scripts/_cold-standby.sh b/helper-scripts/_cold-standby.sh
index bfda3ba94..f02436a95 100755
--- a/helper-scripts/_cold-standby.sh
+++ b/helper-scripts/_cold-standby.sh
@@ -293,7 +293,7 @@ if ! ssh -o StrictHostKeyChecking=no \
   -i "${REMOTE_SSH_KEY}" \
   ${REMOTE_SSH_HOST} \
   -p ${REMOTE_SSH_PORT} \
-  ${SCRIPT_DIR}/../update.sh -f --gc ; then
+  "cd \"${SCRIPT_DIR}/../\" && ./update.sh -f --gc" ; then
     >&2 echo -e "\e[31m[ERR]\e[0m - Could not cleanup old images on remote"
 fi
 
diff --git a/update.sh b/update.sh
index 89dec3e66..4ec0e7e40 100755
--- a/update.sh
+++ b/update.sh
@@ -3,6 +3,20 @@
 ############## Begin Function Section ##############
 
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+MAILCOW_CONF="${SCRIPT_DIR}/mailcow.conf"
+
+# Ensure the script is run from the directory that contains mailcow.conf
+if [ ! -f "${PWD}/mailcow.conf" ]; then
+  if [ -f "${SCRIPT_DIR}/mailcow.conf" ]; then
+    echo -e "\e[33mPlease run this script directly from the mailcow installation directory:\e[0m"
+    echo -e "  \e[36mcd ${SCRIPT_DIR} && ./update.sh\e[0m"
+    exit 1
+  else
+    echo -e "\e[31mmailcow.conf not found in current directory or script directory (\e[36m${SCRIPT_DIR}\e[31m).\e[0m"
+    echo -e "\e[33mRun this script directly from your mailcow installation directory.\e[0m"
+    exit 1
+  fi
+fi
 BRANCH="$(cd "${SCRIPT_DIR}" && git rev-parse --abbrev-ref HEAD)"
 
 MODULE_DIR="${SCRIPT_DIR}/_modules"
@@ -27,8 +41,6 @@ if [ "$(id -u)" -ne "0" ]; then
   exit 1
 fi
 
-SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-
 # Run pre-update-hook
 if [ -f "${SCRIPT_DIR}/pre_update_hook.sh" ]; then
   bash "${SCRIPT_DIR}/pre_update_hook.sh"

From 642ac6d02cac69eec7c323ca4b582b72ff73416d Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Thu, 11 Sep 2025 10:34:35 +0200
Subject: [PATCH 650/755] [Web] remove unused bcc dest column from alias table

---
 data/web/js/site/mailbox.js | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index 6a04eb241..df61f8720 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -1949,11 +1949,6 @@ jQuery(function($){
           defaultContent: '',
           responsivePriority: 5,
         },
-        {
-          title: lang.bcc_destinations,
-          data: 'bcc_dest',
-          defaultContent: ''
-        },
         {
           title: lang.sogo_visible,
           data: 'sogo_visible',

From 0d900d4fc8559072c5365f374f6025ebe1961638 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Thu, 11 Sep 2025 11:01:50 +0200
Subject: [PATCH 651/755] [SOGo] Drop deprecated `sogo_update_password` sql
 trigger if it still exists

---
 data/Dockerfiles/sogo/bootstrap-sogo.sh | 4 ++++
 docker-compose.yml                      | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/data/Dockerfiles/sogo/bootstrap-sogo.sh b/data/Dockerfiles/sogo/bootstrap-sogo.sh
index abd398b34..96d8a6919 100755
--- a/data/Dockerfiles/sogo/bootstrap-sogo.sh
+++ b/data/Dockerfiles/sogo/bootstrap-sogo.sh
@@ -24,6 +24,10 @@ while [[ "${DBV_NOW}" != "${DBV_NEW}" ]]; do
 done
 echo "DB schema is ${DBV_NOW}"
 
+if [[ "${MASTER}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+  mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP TRIGGER IF EXISTS sogo_update_password"
+fi
+
 # cat /dev/urandom seems to hang here occasionally and is not recommended anyway, better use openssl
 RAND_PASS=$(openssl rand -base64 16 | tr -dc _A-Z-a-z-0-9)
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 874933bf0..215a196f9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -200,7 +200,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: ghcr.io/mailcow/sogo:1.134
+      image: ghcr.io/mailcow/sogo:1.135
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}

From 84e230de8f68705f8cf9b7ef20bc18525275bd35 Mon Sep 17 00:00:00 2001
From: patr_ <30580969+p-atr@users.noreply.github.com>
Date: Fri, 12 Sep 2025 11:17:18 +0200
Subject: [PATCH 652/755] [Nginx] fix: Disable IPv6 support in Nginx
 configuration (#6736)

Co-authored-by: patr_ <patbernh@gmail.com>
---
 data/conf/nginx/templates/nginx.conf.j2 | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/data/conf/nginx/templates/nginx.conf.j2 b/data/conf/nginx/templates/nginx.conf.j2
index d71d63e56..4b32ff15b 100644
--- a/data/conf/nginx/templates/nginx.conf.j2
+++ b/data/conf/nginx/templates/nginx.conf.j2
@@ -78,7 +78,7 @@ http {
         {%endif%}
         listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
 
-        {% if not DISABLE_IPv6 %}
+        {% if ENABLE_IPV6 %}
         {% if not HTTP_REDIRECT %}
         listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
         {%endif%}
@@ -105,7 +105,7 @@ http {
         {%endif%}
         listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
 
-        {% if not DISABLE_IPv6 %}
+        {% if ENABLE_IPV6 %}
         {% if not HTTP_REDIRECT %}
         listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
         {%endif%}
@@ -126,7 +126,7 @@ http {
     # rspamd dynmaps:
     server {
         listen 8081;
-        {% if not DISABLE_IPv6 %}
+        {% if ENABLE_IPV6 %}
         listen [::]:8081;
         {%endif%}
         index index.php index.html;
@@ -199,7 +199,7 @@ http {
         {%endif%}
         listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
 
-        {% if not DISABLE_IPv6 %}
+        {% if ENABLE_IPV6 %}
         {% if not HTTP_REDIRECT %}
         listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
         {%endif%}

From eb26bcbc9417c6d0d2fa35db7ea5e648b48e016f Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sat, 13 Sep 2025 21:41:59 +0200
Subject: [PATCH 653/755] Translations update from Weblate (#6743)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Web] Updated lang.zh-cn.json

Co-authored-by: Easton Man <me@eastonman.com>

* [Web] Updated lang.si-si.json

[Web] Updated lang.si-si.json

Co-authored-by: Matjaž Tekavec <matjaz@moj-svet.si>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

---------

Co-authored-by: Easton Man <me@eastonman.com>
Co-authored-by: Matjaž Tekavec <matjaz@moj-svet.si>
---
 data/web/lang/lang.si-si.json | 15 ++++++++++-----
 data/web/lang/lang.zh-cn.json | 23 ++++++++++++++++++-----
 2 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/data/web/lang/lang.si-si.json b/data/web/lang/lang.si-si.json
index 56da00f74..95e23a5cb 100644
--- a/data/web/lang/lang.si-si.json
+++ b/data/web/lang/lang.si-si.json
@@ -109,7 +109,9 @@
         "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Info</div> Definirate lahko preslikave transportov za cilj po meri za to domeno. Če ni nastavljena, se ustvari MX poizvedba.",
         "syncjob_hint": "Pozor! Gesla se morajo shraniti v golo besedilo!",
         "timeout2": "Časovna omejitev za povezavo do lokalnega gostitelja",
-        "dry": "Simuliraj sinhronizacijo"
+        "dry": "Simuliraj sinhronizacijo",
+        "internal": "Notranje",
+        "internal_info": "Notranji vzdevki so dostopni samo iz lastne domene ali vzdevkov domen."
     },
     "admin": {
         "access": "Dostop",
@@ -776,7 +778,9 @@
         "mta_sts_max_age_info": "Čas v sekundah, ki ga lahko prejemni poštni strežniki shranijo v predpomnilnik, dokler se ne ponovno naloži.",
         "mta_sts_mx": "MX strežnik",
         "mta_sts_mx_info": "Omogoča pošiljanje samo na izrecno navedena imena gostiteljskih strežnikov poštnih strežnikov; pošiljajoči MTA preveri, ali se ime gostitelja DNS MX ujema s seznamom pravilnikov, in dovoljuje dostavo le z veljavnim potrdilom TLS (zaščita pred MITM).",
-        "mta_sts_mx_notice": "Določiti je mogoče več strežnikov MX (ločenih z vejicami)."
+        "mta_sts_mx_notice": "Določiti je mogoče več strežnikov MX (ločenih z vejicami).",
+        "internal": "Notranje",
+        "internal_info": "Notranji vzdevki so dostopni samo iz lastne domene ali vzdevkov domen."
     },
     "footer": {
         "restart_container_info": "<b>Pomembno:</b> Ugoden ponovni zagon lahko traja nekaj časa, zato počakajte, da se konča.",
@@ -991,7 +995,8 @@
         "yes": "&#10003;",
         "weekly": "Tedensko",
         "sieve_info": "Na uporabnika lahko shranite več filtrov, vendar je lahko hkrati aktiven le en predfilter in en postfilter.<br>\nVsak filter bo obdelan v opisanem vrstnem redu. Niti neuspešen skript niti izdan ukaz »keep;« ne bosta ustavila obdelave nadaljnjih skript. Spremembe globalnih skriptov sita bodo sprožile ponovni zagon Dovecota.<br><br>Globalni predfilter sita &#8226; Predfilter &#8226; Uporabniški skripti &#8226; Postfilter &#8226; Globalni postfilter sita",
-        "tls_policy_maps_info": "Ta preslikava pravilnikov preglasi pravila odhodnega prenosa TLS neodvisno od uporabnikovih nastavitev pravilnikov TLS.<br>\n  Za več informacij preverite <a href=\"http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps\" target=\"_blank\">dokumentacijo »smtp_tls_policy_maps«</a>."
+        "tls_policy_maps_info": "Ta preslikava pravilnikov preglasi pravila odhodnega prenosa TLS neodvisno od uporabnikovih nastavitev pravilnikov TLS.<br>\n  Za več informacij preverite <a href=\"http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps\" target=\"_blank\">dokumentacijo »smtp_tls_policy_maps«</a>.",
+        "internal": "Notranje"
     },
     "fido2": {
         "known_ids": "Znani ID-ji",
@@ -1362,7 +1367,7 @@
         "spamfilter_default_score": "Privzete vrednosti",
         "spamfilter_green": "Zelena: to sporočilo ni neželena pošta",
         "spamfilter_hint": "Prva vrednost opisuje »nizko oceno neželene pošte«, druga pa »visoko oceno neželene pošte«.",
-        "spamfilter_red": "Rdeča: To sporočilo je neželena pošta in ga bo strežnik zavrnil.",
+        "spamfilter_red": "Rdeča: To sporočilo je neželena pošta in ga bo strežnik zavrnil",
         "spamfilter_table_action": "Dejanje",
         "spamfilter_table_add": "Dodaj element",
         "spamfilter_table_domain_policy": "ni na voljo (pravilnik domene)",
@@ -1407,7 +1412,7 @@
     "warning": {
         "cannot_delete_self": "Prijavljenega uporabnika ni mogoče izbrisati",
         "domain_added_sogo_failed": "Domena je bila dodana, vendar ponovni zagon SOGo ni uspel. Preverite dnevnike strežnika.",
-        "dovecot_restart_failed": "Dovecota ni uspelo znova zagnati, preverite dnevnike.",
+        "dovecot_restart_failed": "Dovecota ni uspelo znova zagnati, preverite dnevnike",
         "fuzzy_learn_error": "Napaka učenja mehkega zgoščevanja: %s",
         "hash_not_found": "Zgoščena vrednost ni bila najdena ali je bila že izbrisana",
         "ip_invalid": "Preskočen neveljaven IP: %s",
diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index 3c46eb8a4..c2f9cdc35 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -109,7 +109,9 @@
         "username": "用户名",
         "validate": "验证",
         "validation_success": "验证成功",
-        "dry": "模拟同步（Dry run）"
+        "dry": "模拟同步（Dry run）",
+        "internal_info": "内部的别名只能在域内部或者别名域内部访问。",
+        "internal": "内部的"
     },
     "admin": {
         "access": "权限管理",
@@ -405,7 +407,9 @@
         "user_quicklink": "隐藏指向用户登陆页面的快捷链接",
         "admin_quicklink": "隐藏指向管理员登陆页面的快捷链接",
         "force_sso": "强制要求单点登录（SSO）",
-        "user_link": "自定义链接"
+        "user_link": "自定义链接",
+        "app_hide": "在登入界面隐藏",
+        "needs_restart": "需要重启"
     },
     "danger": {
         "access_denied": "访问被拒绝或者表单数据无效",
@@ -546,7 +550,11 @@
         "generic_server_error": "服务器错误。请联系您的管理员。",
         "authsource_in_use": "由于当前有一个或多个用户正在使用该身份提供者（IDP），因此无法更改或删除。",
         "iam_test_connection": "连接失败",
-        "required_data_missing": "缺少需要的 %s 数据"
+        "required_data_missing": "缺少需要的 %s 数据",
+        "max_age_invalid": "最大有效时间 %s 无效",
+        "mode_invalid": "模式 %s 无效",
+        "mx_invalid": "MX 记录 %s 无效",
+        "version_invalid": "版本 %s 无效"
     },
     "debug": {
         "chart_this_server": "图表 (此服务器)",
@@ -732,7 +740,11 @@
         "domain_footer_skip_replies": "在回信中忽略 footer",
         "footer_exclude": "从 footer 中排除",
         "last_modified": "上次修改时间",
-        "pushover_sound": "声音"
+        "pushover_sound": "声音",
+        "internal": "内部的",
+        "internal_info": "内部的别名只能在域内部或者别名域内部访问。",
+        "mta_sts": "邮件传输代理严格传输安全协议（MTA-STS）",
+        "mta_sts_version": "版本"
     },
     "fido2": {
         "confirm": "确认",
@@ -978,7 +990,8 @@
         "relay_unknown": "转发未知信箱",
         "templates": "模板",
         "template": "模板",
-        "iam": "身份提供者（IDP）"
+        "iam": "身份提供者（IDP）",
+        "internal": "内部的"
     },
     "oauth2": {
         "access_denied": "请作为邮箱所有者登录以使用 OAuth2 授权。",

From 2891bbf82ad35a1f8aa3d302c36c7e9e909ccba2 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Tue, 16 Sep 2025 18:24:12 +0200
Subject: [PATCH 654/755] Translations update from Weblate (#6749)

* [Web] Updated lang.cs-cz.json

Co-authored-by: Filip Hajny <filip@hajny.net>

* [Web] Updated lang.lv-lv.json

Co-authored-by: Edgars Andersons <Edgars+Mailcow+Weblate@gaitenis.id.lv>

---------

Co-authored-by: Filip Hajny <filip@hajny.net>
Co-authored-by: Edgars Andersons <Edgars+Mailcow+Weblate@gaitenis.id.lv>
---
 data/web/lang/lang.cs-cz.json |  44 ++++++++++---
 data/web/lang/lang.lv-lv.json | 112 +++++++++++++++++++++-------------
 2 files changed, 103 insertions(+), 53 deletions(-)

diff --git a/data/web/lang/lang.cs-cz.json b/data/web/lang/lang.cs-cz.json
index 9ef0304c8..b3068ab0f 100644
--- a/data/web/lang/lang.cs-cz.json
+++ b/data/web/lang/lang.cs-cz.json
@@ -24,7 +24,7 @@
         "sogo_access": "Správa přístupu do SOGo",
         "sogo_profile_reset": "Resetování profilu SOGo",
         "spam_alias": "Dočasné aliasy",
-        "spam_policy": "Blacklist/Whitelist",
+        "spam_policy": "Denylist/Allowlist",
         "spam_score": "Skóre spamu",
         "syncjobs": "Synchronizační úlohy",
         "tls_policy": "Pravidla TLS",
@@ -109,7 +109,9 @@
         "validate": "Ověřit",
         "validation_success": "Úspěšně ověřeno",
         "tags": "Štítky",
-        "dry": "Simulovat synchronizaci"
+        "dry": "Simulovat synchronizaci",
+        "internal": "Interní",
+        "internal_info": "Interní aliasy jsou přístupné jen z vlastních domén nebo jejich aliasů."
     },
     "admin": {
         "access": "Přístupy",
@@ -303,7 +305,7 @@
         "rspamd_global_filters": "Mapa globálních filtrů",
         "rspamd_global_filters_agree": "Budu opatrný!",
         "rspamd_global_filters_info": "Mapa globálních filtrů obsahuje jiné globální black- a whitelisty.",
-        "rspamd_global_filters_regex": "Názvy jsou dostatečným vysvětlením. Musí obsahovat jen platné regulární výrazy ve formátu \"/vyraz/parametry\" (e.g. <code>/.+@domena\\.tld/i</code>).<br>\r\n  Každý výraz bude podroben základní kontrole, přesto je možné Rspamd 'rozbít', nebude-li syntax zcela korektní.<br>\r\n  Rspamd se pokusí načíst mapu po každé změně. V případě potíží, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">restartujte Rspamd</a>, aby se konfigurace načetla explicitně.",
+        "rspamd_global_filters_regex": "Názvy stačí k vysvětlení. Položky musejí obsahovat jen platné regulární výrazy ve tvaru \"/vyraz/parametry\" (e.g. <code>/.+@domena\\.tld/i</code>).<br>\n  Každý výraz bude podroben základní kontrole, přesto je možné Rspamd 'rozbít', nebude-li syntax zcela korektní.<br>\n  Rspamd se pokusí po každé změně načíst mapu znovu. V případě potíží <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">restartujte Rspamd</a>, aby se konfigurace načetla explicitně.",
         "rspamd_settings_map": "Nastavení Rspamd",
         "sal_level": "Úroveň 'Moo'",
         "save": "Uložit změny",
@@ -407,7 +409,9 @@
         "iam_extra_permission": "Aby vše fungovalo, musí mít mailcow klient v Keycloaku nastavený <code>servisní účet</code> a povolení <code>view-users</code>.",
         "iam_host": "Hostitel",
         "iam_host_info": "Zadejte jeden či více hostitelů, oddělte čárkou.",
-        "iam_import_users": "Importovat uživatele"
+        "iam_import_users": "Importovat uživatele",
+        "iam_auth_flow": "Proces autentizace",
+        "needs_restart": "potřebuje restart"
     },
     "danger": {
         "access_denied": "Přístup odepřen nebo jsou neplatná data ve formuláři",
@@ -548,7 +552,11 @@
         "img_size_exceeded": "Obrázek má větší než povolenou velikost souboru",
         "invalid_reset_token": "Neplatný resetovací token",
         "required_data_missing": "Chybí potřebný údaj %s",
-        "reset_token_limit_exceeded": "Byl překročen limit na reset tokeny. Zkuste to později."
+        "reset_token_limit_exceeded": "Byl překročen limit na reset tokeny. Zkuste to později.",
+        "max_age_invalid": "Maximální životnost %s není platná",
+        "mode_invalid": "Mód %s není platný",
+        "mx_invalid": "Záznam MX %s není platný",
+        "version_invalid": "Verze %s není platná"
     },
     "datatables": {
         "emptyTable": "Tabulka neobsahuje žádná data",
@@ -759,7 +767,20 @@
         "mailbox_rename_warning": "DŮLEŽITÉ! Vytvořte si zálohu schránky, než ji přejmenujete.",
         "mailbox_rename_alias": "Automaticky vytvořit alias",
         "mailbox_rename_title": "Nový název zdejší schránky",
-        "pushover": "Pushover"
+        "pushover": "Pushover",
+        "internal": "Interní",
+        "internal_info": "Interní aliasy jsou přístupné jen z vlastních domén nebo jejich aliasů.",
+        "mta_sts": "MTA-STS",
+        "mta_sts_info": "<a href='https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#SMTP_MTA_Strict_Transport_Security' target='_blank'>MTA-STS</a> je standard, jenž říká poštovním serverům, aby komunikovaly pomocí TLS s platnými certifikáty. <br>Používá se, pokud není k dispozici <a target='_blank' href='https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities'>DANE</a>, např. chybí-li či není podporováno DNSSEC.<br><b>Pozn.</b>: Podporuje-li přijímající doména DANE a DNSSEC, bude <b>vždy</b> použito DANE; MTA-STS zůstane jako plán B.",
+        "mta_sts_version": "Verze",
+        "mta_sts_version_info": "Určuje verzi standardu MTA-STS – zatím je podporována jen <code>STSv1</code>.",
+        "mta_sts_mode": "Mód",
+        "mta_sts_mode_info": "K dispozici jsou tři módy:<ul><li><em>testing</em> – pravidlo se jen sleduje, porušení je bez následků.</li><li><em>enforce</em> – pravidlo je důsledně dodržováno, spojení bez platného TLS jsou odmítána.</li><li><em>none</em> – pravidlo je zveřejněno, ale neuplatňuje se.</li></ul>",
+        "mta_sts_max_age": "Maximální životnost",
+        "mta_sts_max_age_info": "Doba v sekundách, po niž poštovní servery mohou toho pravidlo držet v mezipaměti bez nutnosti obnovení.",
+        "mta_sts_mx": "Server MX",
+        "mta_sts_mx_info": "Dovoluje odesílání jen výslovně vypsaným poštovním serverům; odesílající server kontroluje, že server MX určený v DNS odpovídá pravidlu, a povolí doručení jen s platným certifikátem TLS (chrání přes útokem typu MITM).",
+        "mta_sts_mx_notice": "Lze zadat více serverů MX (oddělte čárkou)."
     },
     "fido2": {
         "confirm": "Potvrdit",
@@ -829,7 +850,8 @@
         "login_admintext": "Přihlášení správce",
         "login_user": "Přihlášení uživatele",
         "login_dadmin": "Přihlášení správce domény",
-        "login_admin": "Přihlášení správce"
+        "login_admin": "Přihlášení správce",
+        "email": "Mailová adresa"
     },
     "mailbox": {
         "action": "Akce",
@@ -861,7 +883,7 @@
         "bcc": "BCC",
         "bcc_destination": "Cíl kopie",
         "bcc_destinations": "Cíl kopií",
-        "bcc_info": "Skrytá kopie (mapa BCC) se používá pro tiché předávání kopií všech zpráv na jinou adresu. Mapa příjemců se použije, funguje-li je místní cíl jako adresát zprávy. Totéž platí pro mapy odesílatelů.\nMístní cíl se nedozví, selže-li doručení na cíl BCC.",
+        "bcc_info": "<br/>Skrytá kopie (mapa BCC) se používá pro tiché předávání kopií všech zpráv na jinou adresu. Mapa příjemců se použije, funguje-li je místní cíl jako adresát zprávy. Totéž platí pro mapy odesílatelů.<br/>\n  Místní cíl se nedozví, selže-li doručení na cíl BCC.",
         "bcc_local_dest": "Týká se",
         "bcc_map": "Skrytá kopie",
         "bcc_map_type": "Typ skryté kopie",
@@ -1005,7 +1027,8 @@
         "weekly": "Každý týden",
         "yes": "&#10003;",
         "relay_unknown": "Předávání neexistujících schránek",
-        "iam": "Poskytovatel identity"
+        "iam": "Poskytovatel identity",
+        "internal": "Interní"
     },
     "oauth2": {
         "access_denied": "K udělení přístupu se přihlašte jako vlastník mailové schránky.",
@@ -1082,7 +1105,8 @@
         "hold_mail_legend": "Podrží vybrané e-maily. (Zabrání dalším pokusům o doručení)",
         "show_message": "Zobrazit zprávu",
         "unhold_mail": "Uvolnit",
-        "unhold_mail_legend": "Uvolnit vybrané e-maily k doručení. (Pouze v případě předchozího podržení)"
+        "unhold_mail_legend": "Uvolnit vybrané e-maily k doručení. (Pouze v případě předchozího podržení)",
+        "unban": "odblokovat"
     },
     "ratelimit": {
         "disabled": "Vypnuto",
diff --git a/data/web/lang/lang.lv-lv.json b/data/web/lang/lang.lv-lv.json
index 2b433b8e8..86eb91a66 100644
--- a/data/web/lang/lang.lv-lv.json
+++ b/data/web/lang/lang.lv-lv.json
@@ -39,16 +39,16 @@
         "alias_domain_info": "<small>Tikai derīgi domēna vārdi (komatu atdalīti).</small>",
         "automap": "Mēģiniet automatizēt mapes (\"Nosūtītie vienumi\", \"Nosūtītie\" => \"Nosūtītie\" etc.)",
         "backup_mx_options": "Dublējuma MX iespējas",
-        "delete1": "Dzēst no avota, kad tas ir pabeigts",
+        "delete1": "Izdzēst no avota pēc pabeigšanas",
         "delete2": "Dzēsiet ziņojumus galamērķī, kas nav avotā",
-        "delete2duplicates": "Dzēst dublikātus galamērķī",
+        "delete2duplicates": "Izdzēst atkārtojošos vienumus galamērķī",
         "description": "Apraksts",
         "domain": "Domēns",
         "domain_quota_m": "Kopējā domēna kvota (MiB)",
         "enc_method": "Šifrēšanas metode",
         "exclude": "Izslēgt objektus (regex)",
         "full_name": "Pilns vārds",
-        "goto_null": "Klusām dzēst pastu",
+        "goto_null": "Klusām atmest pastu",
         "hostname": "Saimniekdators",
         "kind": "Veids",
         "mailbox_quota_m": "Maks. kvota pastkastei (MiB)",
@@ -77,12 +77,13 @@
         "target_domain": "Mērķa domēns",
         "username": "Lietotājvārds",
         "validate": "Apstiprināt",
-        "validation_success": "Apstiprināts veiksmīgi",
+        "validation_success": "Sekmīgi apstiprināts",
         "bcc_dest_format": "BCC galamērķim ir jābūt vienai derīgai e-pasta adresei.<br>Ja ir nepieciešams nosūtīt kopiju vairākām adresēm, jāizveido aizstājvārds un jāizmanto tas šeit.",
         "domain_matches_hostname": "Domēns %s atbilst saimniekdatora nosaukumam",
         "disable_login": "Neļaut pieteikšanos (ienākošais pasts joprojām tiks pieņemts)",
         "app_password": "Pievienot lietotnes paroli",
-        "app_passwd_protocols": "Atļautie lietotnes paroles protokoli"
+        "app_passwd_protocols": "Atļautie lietotnes paroles protokoli",
+        "goto_spam": "Apgūt kā <span class=\"text-danger\"><b>mēstuli</b></span>"
     },
     "admin": {
         "access": "Pieeja",
@@ -115,14 +116,14 @@
         "domain": "Domēns",
         "domain_admins": "Domēna administratori",
         "edit": "Labot",
-        "empty": "Nav rezultātu",
+        "empty": "Nav iznākuma",
         "f2b_ban_time": "Aizlieguma laiks (s)",
         "f2b_max_attempts": "Maks. piegājieni",
         "f2b_netban_ipv4": "IPv4 apakštīkla izmērs, lai piemērotu aizliegumu uz (8-32)",
         "f2b_netban_ipv6": "IPv6 apakštīkla izmērs, lai piemērotu aizliegumu uz (8-128)",
         "f2b_parameters": "Fail2ban parametri",
         "f2b_retry_window": "Atkārtošanas logs (s) priekš maks. piegājiena",
-        "f2b_whitelist": "Baltā saraksta tīkls/hosts",
+        "f2b_whitelist": "Atļautie tīkli/resursdatori",
         "filter_table": "Filtru tabula",
         "forwarding_hosts": "Hostu pārsūtīšana",
         "forwarding_hosts_add_hint": "Var norādīt vai nu IPv4/IPv6 adreses, tīklu ar CIDR apzīmējumu, saimniekdatoru nosaukumus (kas tiks atrisināti IP adresēs) vai arī domēna vārdus (kas tiks atrisināti IP adresēs, vaicājot SPF ierakstus, vai, ja tādu nav, MX ierakstus).",
@@ -181,7 +182,10 @@
         "rspamd_com_settings": "Iestatījuma nosaukums tiks izveidots automātiski. Lūgums zemāk skatīt priekšiestatījumu piemērus. Vairāk informācijas ir <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd dokumentācijā</a>",
         "reset_password_vars": "<code>{{link}}</code> Izveidotā paroles atiestatīšanas saite<br><code>{{username}}</code> Lietotāja, kurš pieprasīja paroles atiestatīšanu, pastkastes nosaukums<br><code>{{username2}}</code> Atkopšanas pastkastes nosaukums<br><code>{{date}}</code> Paroles atiestatīšanas pieprasījuma veikšanas datums<br><code>{{token_lifetime}}</code> Pilnvaras derīgums minūtēs<br><code>{{hostname}}</code> mailcow saimniekdatora nosaukums",
         "ui_header_announcement_help": "Paziņojums ir redzams visiem lietotājiem, kuri ir pieteikušies, un pieteikšanās ekrānā saskarnē.",
-        "login_time": "Pieteikšanās laiks"
+        "login_time": "Pieteikšanās laiks",
+        "iam_version": "Versija",
+        "quarantine_max_age": "Lielākais pieļaujamais vecums dienās<br><small>Vērtībai jābūt vienādai ar vai lielākai par 1 dienu.</small>",
+        "quarantine_max_score": "Atmest paziņojumu, ja e-pasta ziņojuma mēstuļu novērtējums ir augstāks par šo vērtību:<br><small>Noklusējums ir 9999.0</small>"
     },
     "danger": {
         "access_denied": "Piekļuve liegta, vai nepareizi dati",
@@ -201,8 +205,8 @@
         "goto_empty": "Aizstājādresei jāsatur vismaz viena derīga mērķa adrese",
         "goto_invalid": "Goto adrese nepareiza",
         "imagick_exception": "Kļūda: Imagick izņēmums, lasot attēlu",
-        "img_invalid": "Nevar apstiprināt attēla failu",
-        "img_tmp_missing": "Nevar apstiprināt attēla failu: pagaidu failu nav atrasts",
+        "img_invalid": "Nevar apstiprināt attēla datni",
+        "img_tmp_missing": "Nevar apstiprināt attēla datni: pagaidu datne nav atrasta",
         "invalid_mime_type": "Nederīgs mime tips",
         "is_alias": "%s jau ir zināma kā aizstājadrese",
         "is_alias_or_mailbox": "%s jau ir zināms kā aizstājvārds, pastkaste vai aizstājadrese, kas ir izvērsta no aizstājdomēna.",
@@ -234,7 +238,10 @@
         "username_invalid": "Lietotājvārds nevar tikt izmantots",
         "validity_missing": "Lūdzu piešķiriet derīguma termiņu",
         "domain_cannot_match_hostname": "Domēns nevar atbilst saimniekdatora nosaukumam",
-        "app_passwd_id_invalid": "Lietotnes paroles Id %s ir nederīgs"
+        "app_passwd_id_invalid": "Lietotnes paroles Id %s ir nederīgs",
+        "img_dimensions_exceeded": "Attēls pārsniedz lielāko pieļaujamo attēla lielumu",
+        "img_size_exceeded": "Attēls pārsniedz lielāko pieļaujamo datnes lielumu",
+        "version_invalid": "Versija %s ir nederīga"
     },
     "diagnostics": {
         "cname_from_a": "Vērtība, kas iegūta no A/AAAA ieraksta. Tas tiek atbalstīts tik ilgi, kamēr ieraksts norāda uz pareizo resursu.",
@@ -251,9 +258,9 @@
         "alias": "Labot aizstājvārdu",
         "automap": "Mēģiniet automatizēt mapes (\"Nosūtītie vienumi\", \"Nosūtītie\" => \"Nosūtītie\" utt.)",
         "backup_mx_options": "Dublēt MX iespējas",
-        "delete1": "Dzēst no avota, kad pabeigts",
+        "delete1": "Izdzēst no avota pēc pabeigšanas",
         "delete2": "Dzēsiet ziņojumus galamērķī, kas nav avotā",
-        "delete2duplicates": "Dzēst dublikātus galamērķī",
+        "delete2duplicates": "Izdzēst atkārtojošos vienumus galamērķī",
         "description": "Apraksts",
         "domain": "Labot domēnu",
         "domain_admin": "Labot domēna administratoru",
@@ -273,7 +280,7 @@
         "max_aliases": "Lielākais aizstājvārdu skaits",
         "max_mailboxes": "Maks. iespējamās pastkastes",
         "max_quota": "Maks. kvota uz pastkasti (MiB)",
-        "maxage": "Lielākais ziņojumu, kuri tiks vaicāti attālajā serverī, vecums dienās<br><small>(0 = neņemt vērā vecumu)</small>",
+        "maxage": "Lielākais pieļaujamais ziņojumu, kuri tiks vaicāti attālajā serverī, vecums dienās<br><small>(0 = neņemt vērā vecumu)</small>",
         "maxbytespersecond": "Maks. baiti sekundē (0 ir vienāds ar neierobežotu skaitu)",
         "mins_interval": "Intervāls (min)",
         "multiple_bookings": "Vairāki rezervējumi",
@@ -292,8 +299,8 @@
         "sieve_type": "Filtra tips",
         "skipcrossduplicates": "Izlaist dublētus ziņojumus pa mapēm (pirmais nāk, pirmais kalpo)",
         "spam_alias": "Izveidot vai mainīt laika ierobežotas aizstājadreses",
-        "spam_policy": "Pievienot vai noņemt vienumus baltajā-/melnajā sarakstā",
-        "spam_score": "Iestatīt pielāgotu surogātpasta vērtējumu",
+        "spam_policy": "Pievienot vai noņemt vienumus atļautajā/liegumu sarakstā",
+        "spam_score": "Iestatīt pielāgotu mēstules vērtējumu",
         "subfolder2": "Sinhronizēt galamērķa apakšmapē<br><small>(tukšs = neizmantot apakšmapi)</small>",
         "syncjob": "Labot sinhronizācijas darbu",
         "target_address": "Mērķa adrese/s <small>(atdalītas ar komatu)</small>",
@@ -316,17 +323,21 @@
         "disable_login": "Neļaut pieteikšanos (ienākošais pasts joprojām tiks pieņemts)",
         "app_passwd_protocols": "Atļautie lietotnes paroles protokoli",
         "allowed_protocols": "Atļautie protokoli tiešai lietotāja piekļuvei (neietekmē lietotnes paroles protokolus)",
-        "app_passwd": "Lietotnes parole"
+        "app_passwd": "Lietotnes parole",
+        "mta_sts_version": "Versija",
+        "mta_sts_version_info": "Norāda MTA-STS standarta versiju – pašreiz ir derīga tikai <code>STSv1</code>.",
+        "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">Sūtītāja pārbaude ir atspējota</span>"
     },
     "footer": {
         "cancel": "Atcelt",
-        "confirm_delete": "Apstiprināt dzēšanu",
-        "delete_now": "Dzēst tagad",
+        "confirm_delete": "Apstiprināt izdzēšanu",
+        "delete_now": "Izdzēst tagad",
         "delete_these_items": "Lūgums apstiprināt izmaiņas šim objekta Id",
         "loading": "Lūgums uzgaidīt...",
         "restart_container": "Restartēt konteineri",
         "restart_container_info": "<b>Svarīgi:</b> nesteidzīga pārsāknēšana var aizņemt ilgāku laiku. Lūgums uzgaidīt, līdz tā tiek pabeigta.",
-        "restart_now": "Pārsāknēt tagad"
+        "restart_now": "Pārsāknēt tagad",
+        "hibp_nok": "Sakrīt. Šī, iespējams, ir bīstama parole."
     },
     "header": {
         "administration": "Konfigurācija un informācija",
@@ -389,7 +400,7 @@
         "domain_quota_total": "Kopējais domēna ierobežojums",
         "domains": "Domēns",
         "edit": "Labot",
-        "empty": "Nav rezultātu",
+        "empty": "Nav iznākuma",
         "excludes": "Izslēdzot",
         "filter_table": "Filtra tabula",
         "filters": "Filtri",
@@ -448,13 +459,15 @@
         "add_alias_expand": "Izvērst aizstājvārdu pār aizstājdomēniem",
         "alias_domain_alias_hint": "Aizstājvārdi <b>netiek</b> automātiski piemēroti domēnu aizstājvārdiem. Aizstājadrese <code>my-alias@domain</code> <b>nenosedz</b> adresi <code>my-alias@alias-domain</code> (kur \"alias-domain\" ir iedomāts \"domain\" aizstājdomēns).<br>Lūgums izmantot sieta atlasi, lai pārvirzītu pastu uz ārēju pastkasti (skatīt cilti \"Atlasīšana\" vai izmantot SOGo -> Pārsūtītājs). \"Izvērst aizstājvārdu pār aizstājdomēniem\" ir izmantojams, lai automātiski pievienotu trūkstošos aiztājvārdus.",
         "alias_domain_backupmx": "Aizstājdomēns ir neaktīvs retranslācijas domēnam",
-        "disable_login": "Neļaut pieteikšanos (ienākošais pasts joprojām tiks pieņemts)"
+        "disable_login": "Neļaut pieteikšanos (ienākošais pasts joprojām tiks pieņemts)",
+        "sieve_preset_1": "Atmest e-pasta vēstules ar iespējami bīstamiem datņu veidiem",
+        "syncjob_last_run_result": "Pēdējās izpildes iznākums"
     },
     "quarantine": {
         "action": "Darbības",
         "atts": "Pielikumi",
-        "check_hash": "Meklēt faila hašu @ VT",
-        "empty": "Nav rezultātu",
+        "check_hash": "Meklēt datnes jaucējvērtību @ VT",
+        "empty": "Nav iznākuma",
         "qid": "Rspamd QID",
         "qitem": "Karantīnas vienumi",
         "quarantine": "Karantīna",
@@ -463,7 +476,7 @@
         "received": "Saņemtie",
         "recipients": "Adresāts",
         "release": "Atbrīvot",
-        "release_body": "Šim ziņojumam mēs esam pievienojuši jūsu ziņojumu kā eml failu.",
+        "release_body": "Mēs pievienojām Tavu ziņojumu kā .eml datni šim ziņojumam.",
         "release_subject": "Potenciāli kaitīgs karantīnas vienums %s",
         "remove": "Noņemt",
         "sender": "Sūtītājs (SMTP)",
@@ -473,8 +486,14 @@
         "text_plain_content": "Saturs (teksts/vienkāršs)",
         "toggle_all": "Pārslēgt visu",
         "disabled_by_config": "Pašreizējā sistēmas konfigurācija atspējo karantīnu. Lūgums iestatīt \"saglabāšanu katrai pastkastītei\" un \"lielākais pieļaujamais lielums\" karantīnas vienumiem.",
-        "qhandler_success": "Pieprasījums veiksmīgi nosūtīts sistēmai. Tagad var aizvērt logu.",
-        "qinfo": "Karantīnas sistēma datubāzē saglabās noraidīto pastu (sūtītājam <em>netiks</em> radīts iespaids par piegādātu pastu), kā arī pastu, kas tiek piegādāts kā kopija pastkastes mēstuļu mapē.\n  <br>\"Apgūt kā surogātpastu un izdzēst\" apgūs ziņojumu kā surogātpastu ar Bajesa teorēmu un aprēķinās arī nestriktas jaucējvērtības, lai nākotnē noraidītu līdzīgus ziņojumus.\n  <br>Lūgums apzināties, ka vairāku ziņojumu apgūšana var būt laikietilpīga atkarībā no sistēmas.<br>Melnā saraksta vienumi karantīnā netiek iekļauti."
+        "qhandler_success": "Pieprasījums sekmīgi nosūtīts sistēmai. Logu tagad var aizvērt.",
+        "qinfo": "Karantīnas sistēma datubāzē saglabās noraidīto pastu (sūtītājam <em>netiks</em> radīts iespaids par piegādātu pastu), kā arī pastu, kas tiek piegādāts kā kopija pastkastes mēstuļu mapē.\n  <br>\"Apgūt kā surogātpastu un izdzēst\" apgūs ziņojumu kā surogātpastu ar Bajesa teorēmu un aprēķinās arī nestriktas jaucējvērtības, lai nākotnē noraidītu līdzīgus ziņojumus.\n  <br>Lūgums apzināties, ka vairāku ziņojumu apgūšana var būt laikietilpīga atkarībā no sistēmas.<br>Lieguma saraksta vienumi karantīnā netiek iekļauti.",
+        "danger": "Bīstamība",
+        "notified": "Paziņots",
+        "refresh": "Atsvaidzināt",
+        "rspamd_result": "Rspamd iznākums",
+        "settings_info": "Lielākais pieļaujamais karantējamo vienumu daudzums: %s<br>Lielākais pieļaujamais e-pasta lielums: %s MiB",
+        "spam_score": "Novērtējums"
     },
     "queue": {
         "queue_manager": "Rindas pārvaldnieks",
@@ -505,8 +524,8 @@
         "f2b_modified": "Fail2ban parametru izmaiņas tika saglabātas",
         "forwarding_host_added": "Pāradresācijas hosts %s pievienotsd",
         "forwarding_host_removed": "Pāradresācijas hosts %s noņemts",
-        "item_deleted": "Vērtība %s veiksmīgi dzēsta",
-        "items_deleted": "Vērtība %s veiksmīgi dzēsta",
+        "item_deleted": "Vienums %s izdzēsts sekmīgi",
+        "items_deleted": "Vienums %s izdzēsts sekmīgi",
         "items_released": "Atlasītie vienumi tika izlaisti",
         "mailbox_added": "Pastkaste %s ir pievienota",
         "mailbox_modified": "Izmaiņas pastkastei %s ir saglabātas",
@@ -519,20 +538,21 @@
         "resource_modified": "Izmaiņas %s ir saglabātas",
         "resource_removed": "Resurs %s tika noņemts",
         "ui_texts": "Saglabāt UI izmaiņas tekstiem",
-        "upload_success": "Faila augšupielāde veiksmīga",
+        "upload_success": "Datne sekmīgi augšupielādēta",
         "verified_fido2_login": "Apliecināta FIDO2 pieteikšanās",
         "verified_webauthn_login": "Apliecināta WebAuthn pieteikšanās",
         "verified_totp_login": "Apliecināta TOTP pieteikšanās",
         "verified_yotp_login": "Apliecināta Yubico OTP pieteikšanās",
         "app_passwd_removed": "Noņemta lietotnes parole ar Id %s",
-        "app_passwd_added": "Pievienota jauna lietotnes parole"
+        "app_passwd_added": "Pievienota jauna lietotnes parole",
+        "f2b_banlist_refreshed": "Liegumu saraksta Id tika sekmīgi atsvaidzināts."
     },
     "tfa": {
         "api_register": "%s izmanto Yubico Cloud API. Lūdzu iegūstiet API atslēgu priekš Jūsu atslēgas<a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">here</a>",
         "confirm": "Apstiprināt",
-        "confirm_totp_token": "Lūdzu apstipriniet Jūsu izmaiņas ievadot uzģenerēto tekstu",
+        "confirm_totp_token": "Lūgums apstiprināt savas izmaiņas ar izveidotās tekstvienības ievadīšanu",
         "delete_tfa": "Atspējot TFA",
-        "disable_tfa": "Atspējot TFA līdz nākamajai veiksmīgajai pieteikšanās reizei",
+        "disable_tfa": "Atspējot TFA līdz nākamajai sekmīgajai pieteikšanās reizei",
         "enter_qr_code": "TOTP kods, ja Tava ierīce nevar nolasīt kvadrātkodus",
         "key_id": "Jūsu YubiKey identifikators",
         "key_id_totp": "Identifikators Jūsu atslēgai",
@@ -544,7 +564,7 @@
         "totp": "Uz laiku bāzēta vienreizēja parole (Google Autentifikātors utt.)",
         "webauthn": "WebAuthn autentifikācija",
         "waiting_usb_auth": "<i>Gaida USB ierīci...</i><br><br>Lūdzu, tagad nospiežiet pogu uz Jūsu WebAuthn USB ierīces.",
-        "waiting_usb_register": "<i>Gaida USB ierīci...</i><br><br>Lūdzu augšā ievadiet Jūsu paroli un apstipriniet WebAuthn reģistrāciju nospiežot pogu uz Jūsu WebAuthn USB ierīces.",
+        "waiting_usb_register": "<i>Gaida USB ierīci...</i><br><br>Lūgums augstāk ievadīt savu paroli un apstiprināt reģistrēšanos ar USB ierīces pogas nospiešanu.",
         "yubi_otp": "Yubico OTP autentifikators",
         "authenticators": "Autentificētāji"
     },
@@ -589,7 +609,7 @@
         "new_password_repeat": "Paroles apstiprinājums (atkārtoti)",
         "no_active_filter": "Nav pieejami aktīvi filtri",
         "no_record": "Nav ieraksta",
-        "password_now": "Pašreizējā parole (Apstiprināt izmaiņas)",
+        "password_now": "Pašreizējā parole (apstiprināt izmaiņas)",
         "remove": "Noņemt",
         "running": "Darbojas",
         "save_changes": "Saglabāt izmaiņas",
@@ -599,11 +619,11 @@
         "spam_aliases": "Pagaidu e-pasta aizstājvārdi",
         "spamfilter": "Mēstuļu filtrs",
         "spamfilter_behavior": "Reitings",
-        "spamfilter_bl": "Melnais saraksts",
-        "spamfilter_bl_desc": "No melnajā sarakstā iekļautajām e-pasta adresēm saņemtās vēstules <b>vienmēr</b> tiks atzīmētas kā mēstules un noraidītas. Noraidītais pasts <b>netiks</b> ievietots karantīnā. Var izmantot aizstājzīmes. Atlasīšana tiek pielietota tikai tiešiem aizstājvārdiem (aizstājvārdiem ar vienu mērķa pastkasti), izņemot visu tverošos aizstājvārdus un pašu pastkasti.",
+        "spamfilter_bl": "Liegumu saraksts",
+        "spamfilter_bl_desc": "No lieguma sarakstā iekļautajām e-pasta adresēm saņemtās vēstules <b>vienmēr</b> tiks atzīmētas kā mēstules un noraidītas. Noraidītais pasts <b>netiks</b> ievietots karantīnā. Var izmantot aizstājzīmes. Atlasīšana tiek pielietota tikai tiešiem aizstājvārdiem (aizstājvārdiem ar vienu mērķa pastkasti), izņemot visu tverošos aizstājvārdus un pašu pastkasti.",
         "spamfilter_default_score": "Noklusējuma vērtības",
         "spamfilter_green": "Zaļš: šī nav mēstule",
-        "spamfilter_hint": "Pirmā vērtība norāda uz zemu \"Spam vērtējumu\" vērtējumu, otra vērtība par \"Augstu spam vērtējumu\".",
+        "spamfilter_hint": "Pirmā vērtība norāda uz zemu \"mēstules novērtējumu\", otrā atspoguļo \"augstu mēstules novērtējumu\".",
         "spamfilter_red": "Sarkans: Šī vēstule noteikti ir spams un tiek nekavējoties noraidīta",
         "spamfilter_table_action": "Darbība",
         "spamfilter_table_add": "Pievienot vienību",
@@ -611,8 +631,8 @@
         "spamfilter_table_empty": "Nav datu ko parādīt",
         "spamfilter_table_remove": "noņemt",
         "spamfilter_table_rule": "Noteikums",
-        "spamfilter_wl": "Baltais saraksts",
-        "spamfilter_wl_desc": "No baltā saraksta e-pasta adresēm saņemtās vēstules <b>nekad</b> netiks atzīmētas kā mēstules. Var tikt izmantotas aizstājzīmes. Atlase tiek piemērota tikai tiešiem aizstājvārdiem (aizstājvārdiem ar vienu mērķa pastkasti), izņemot visu tverošos aizstājvārdus un pašu pastkasti.",
+        "spamfilter_wl": "Atļautais saraksts",
+        "spamfilter_wl_desc": "No atļautā saraksta e-pasta adresēm saņemtās vēstules <b>nekad</b> netiks atzīmētas kā mēstules. Var tikt izmantotas aizstājzīmes. Atlase tiek piemērota tikai tiešiem aizstājvārdiem (aizstājvārdiem ar vienu mērķa pastkasti), izņemot visu tverošos aizstājvārdus un pašu pastkasti.",
         "spamfilter_yellow": "Dzeltens: šī vēstule visticamāk ir spams un tiks pārvietota uz Junk mapi",
         "status": "Status",
         "sync_jobs": "Sinhronizācijas uzdevumi",
@@ -644,15 +664,21 @@
         "change_password_hint_app_passwords": "Kontā ir %d lietotņu paroles, kas netiks mainītas. Lai pārvaldītu tās, jādodas uz cilni \"Lietotņu paroles\".",
         "with_app_password": "ar lietotnes paroli",
         "apple_connection_profile_with_app_password": "Jauna lietotnes parole ir izveidota un pievienota profilam, lai ierīces iestatīšanas laikā nebūtu nepieciešams ievadīt paroli. Lūgums nekopīgot datni, jo tā nodrošina pilnu piekļuvi pastkastei.",
-        "tfa_info": "Divpakāpju autentificēšanās palīdz aizsargāt kontu.Ja tā ir iespējota, var būt nepieciešamas lietotņu paroles, lai pieteiktos lietotnēs vai pakalpojumos, kas nenodrošina divpakāpju autentificēšanos (piem., e-pasta klienti).",
+        "tfa_info": "Divpakāpju autentificēšanās palīdz aizsargāt kontu.Ja tā ir iespējota, ir nepieciešamas lietotņu paroles, lai pieteiktos lietotnēs vai pakalpojumos, kas nenodrošina divpakāpju autentificēšanos (piem., e-pasta klienti).",
         "app_passwds": "Lietotņu paroles",
-        "create_app_passwd": "Izveidot lietotnes paroli"
+        "create_app_passwd": "Izveidot lietotnes paroli",
+        "empty": "Nav iznākuma",
+        "quarantine_notification_info": "Tiklīdz paziņojums ir nosūtīts, vienumi tiks atzīmēti kā \"paziņoti\", un par šo vienumu vairs netiks sūtīti paziņojumi.",
+        "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">Sūtītāja pārbaude ir atspējota</span>",
+        "syncjob_last_run_result": "Pēdējās izpildes iznākums"
     },
     "datatables": {
         "paginate": {
             "first": "Pirmā",
             "last": "Pēdējā"
-        }
+        },
+        "emptyTable": "Tabulā nav datu",
+        "search": "Meklēt:"
     },
     "debug": {
         "last_modified": "Pēdējoreiz mainīts",

From 260906e3501048bb6909a0d8329926e17cf2377f Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Mon, 22 Sep 2025 12:28:09 +0200
Subject: [PATCH 655/755] [SOGo][Web] Enable SOGo URL Encryption

---
 data/Dockerfiles/sogo/bootstrap-sogo.sh | 4 ++++
 data/web/inc/triggers.user.inc.php      | 4 ++--
 data/web/sogo-auth.php                  | 5 +----
 docker-compose.yml                      | 2 +-
 4 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/data/Dockerfiles/sogo/bootstrap-sogo.sh b/data/Dockerfiles/sogo/bootstrap-sogo.sh
index 96d8a6919..ad667fca6 100755
--- a/data/Dockerfiles/sogo/bootstrap-sogo.sh
+++ b/data/Dockerfiles/sogo/bootstrap-sogo.sh
@@ -50,6 +50,10 @@ cat <<EOF > /var/lib/sogo/GNUstep/Defaults/sogod.plist
     <string>YES</string>
     <key>SOGoEncryptionKey</key>
     <string>${RAND_PASS}</string>
+    <key>SOGoURLEncryptionEnabled</key>
+    <string>YES</string>
+    <key>SOGoURLEncryptionPassphrase</key>
+    <string>${RAND_PASS}</string>
     <key>OCSAdminURL</key>
     <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_admin</string>
     <key>OCSCacheFolderURL</key>
diff --git a/data/web/inc/triggers.user.inc.php b/data/web/inc/triggers.user.inc.php
index 4dee75a37..36176c694 100644
--- a/data/web/inc/triggers.user.inc.php
+++ b/data/web/inc/triggers.user.inc.php
@@ -80,7 +80,7 @@ if (isset($_POST["verify_tfa_login"])) {
             intval($user_details['attributes']['force_pw_update']) != 1 &&
             getenv('SKIP_SOGO') != "y" &&
             !$is_dual) {
-          header("Location: /SOGo/so/{$_SESSION['mailcow_cc_username']}");
+          header("Location: /SOGo/so/");
           die();
         } else {
           header("Location: /user");
@@ -146,7 +146,7 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
         intval($user_details['attributes']['force_pw_update']) != 1 &&
         getenv('SKIP_SOGO') != "y" &&
         !$is_dual) {
-      header("Location: /SOGo/so/{$login_user}");
+      header("Location: /SOGo/so/");
       die();
     } else {
       header("Location: /user");
diff --git a/data/web/sogo-auth.php b/data/web/sogo-auth.php
index 00709fe5f..962627baf 100644
--- a/data/web/sogo-auth.php
+++ b/data/web/sogo-auth.php
@@ -64,7 +64,7 @@ elseif (isset($_GET['login'])) {
           ':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'])
         ));
         // redirect to sogo (sogo will get the correct credentials via nginx auth_request
-        header("Location: /SOGo/so/{$login}");
+        header("Location: /SOGo/so/");
         exit;
       }
     }
@@ -81,10 +81,7 @@ elseif (isset($_SERVER['HTTP_X_ORIGINAL_URI']) && strcasecmp(substr($_SERVER['HT
   }
   require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/sessions.inc.php';
 
-  // extract email address from "/SOGo/so/user@domain/xy"
-  $url_parts = explode("/", $_SERVER['HTTP_X_ORIGINAL_URI']);
   $email_list = array(
-      $url_parts[3],                                // Requested mailbox
       ($_SESSION['mailcow_cc_username'] ?? ''),     // Current user
       ($_SESSION["dual-login"]["username"] ?? ''),  // Dual login user
   );
diff --git a/docker-compose.yml b/docker-compose.yml
index 215a196f9..eab49fd69 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -200,7 +200,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: ghcr.io/mailcow/sogo:1.135
+      image: ghcr.io/mailcow/sogo:1.136
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}

From 610609378f2138aac35abd23db8063fdc63d7ef1 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Mon, 22 Sep 2025 12:58:05 +0200
Subject: [PATCH 656/755] [SOGo][Web] Set URL encryption key in mailcow.conf

---
 _modules/scripts/new_options.sh         | 11 ++++++-----
 data/Dockerfiles/sogo/bootstrap-sogo.sh |  2 +-
 docker-compose.yml                      |  1 +
 generate_config.sh                      |  4 ++++
 4 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/_modules/scripts/new_options.sh b/_modules/scripts/new_options.sh
index a3f47dc61..30c747b70 100644
--- a/_modules/scripts/new_options.sh
+++ b/_modules/scripts/new_options.sh
@@ -43,6 +43,7 @@ adapt_new_options() {
   "ALLOW_ADMIN_EMAIL_LOGIN"
   "SKIP_HTTP_VERIFICATION"
   "SOGO_EXPIRE_SESSION"
+  "SOGO_URL_ENCRYPTION_KEY"
   "REDIS_PORT"
   "REDISPASS"
   "DOVECOT_MASTER_USER"
@@ -94,7 +95,6 @@ adapt_new_options() {
             echo '# Max log lines per service to keep in Redis logs' >> mailcow.conf
             echo "LOG_LINES=9999" >> mailcow.conf
             ;;
-        
         IPV4_NETWORK)
             echo '# Internal IPv4 /24 subnet, format n.n.n. (expands to n.n.n.0/24)' >> mailcow.conf
             echo "IPV4_NETWORK=172.22.1" >> mailcow.conf
@@ -276,21 +276,22 @@ adapt_new_options() {
             echo '# A COMPLETE DOCKER STACK REBUILD (compose down && compose up -d) IS NEEDED TO APPLY THIS.' >> mailcow.conf
             echo ENABLE_IPV6=${IPV6_BOOL} >> mailcow.conf
             ;;
-    
         SKIP_CLAMD)
             echo '# Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n' >> mailcow.conf
             echo 'SKIP_CLAMD=n' >> mailcow.conf
             ;;
-
         SKIP_OLEFY)
             echo '# Skip Olefy (olefy-mailcow) anti-virus for Office documents (Rspamd will auto-detect a missing Olefy container) - y/n' >> mailcow.conf
             echo 'SKIP_OLEFY=n' >> mailcow.conf
             ;;
-        
         REDISPASS)
             echo "REDISPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2>/dev/null | head -c 28)" >> mailcow.conf
             ;;
-                  
+        SOGO_URL_ENCRYPTION_KEY)
+            echo '# SOGo URL encryption key (exactly 16 characters, limited to A–Z, a–z, 0–9)' >> mailcow.conf
+            echo '# This key is used to encrypt email addresses within SOGo URLs' >> mailcow.conf
+            echo "SOGO_URL_ENCRYPTION_KEY=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2>/dev/null | head -c 16)" >> mailcow.conf
+            ;;
         *)
             echo "${option}=" >> mailcow.conf
             ;;
diff --git a/data/Dockerfiles/sogo/bootstrap-sogo.sh b/data/Dockerfiles/sogo/bootstrap-sogo.sh
index ad667fca6..af7d2a4db 100755
--- a/data/Dockerfiles/sogo/bootstrap-sogo.sh
+++ b/data/Dockerfiles/sogo/bootstrap-sogo.sh
@@ -53,7 +53,7 @@ cat <<EOF > /var/lib/sogo/GNUstep/Defaults/sogod.plist
     <key>SOGoURLEncryptionEnabled</key>
     <string>YES</string>
     <key>SOGoURLEncryptionPassphrase</key>
-    <string>${RAND_PASS}</string>
+    <string>${SOGO_URL_ENCRYPTION_KEY}</string>
     <key>OCSAdminURL</key>
     <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_admin</string>
     <key>OCSCacheFolderURL</key>
diff --git a/docker-compose.yml b/docker-compose.yml
index eab49fd69..a0cf85e6a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -213,6 +213,7 @@ services:
         - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
         - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
         - SOGO_EXPIRE_SESSION=${SOGO_EXPIRE_SESSION:-480}
+        - SOGO_URL_ENCRYPTION_KEY=${SOGO_URL_ENCRYPTION_KEY:-SOGoSuperSecret0}
         - SKIP_SOGO=${SKIP_SOGO:-n}
         - MASTER=${MASTER:-y}
         - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
diff --git a/generate_config.sh b/generate_config.sh
index 2dba91d51..9a0bd132b 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -436,6 +436,10 @@ MAILDIR_SUB=Maildir
 # SOGo session timeout in minutes
 SOGO_EXPIRE_SESSION=480
 
+# SOGo URL encryption key (exactly 16 characters, limited to A–Z, a–z, 0–9)
+# This key is used to encrypt email addresses within SOGo URLs
+SOGO_URL_ENCRYPTION_KEY=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2>/dev/null | head -c 16)
+
 # DOVECOT_MASTER_USER and DOVECOT_MASTER_PASS must both be provided. No special chars.
 # Empty by default to auto-generate master user and password on start.
 # User expands to DOVECOT_MASTER_USER@mailcow.local

From a36485f0f1fe7ac2599a7c49b3604282b0391d90 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Mon, 22 Sep 2025 13:55:18 +0200
Subject: [PATCH 657/755] [Web] Allow wildcard subdomains for MTA-STS

---
 data/web/inc/functions.inc.php         | 12 +++++++++++-
 data/web/inc/functions.mailbox.inc.php |  4 ++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 55329e73a..2631f1214 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1107,11 +1107,21 @@ function user_get_alias_details($username) {
   }
   return $data;
 }
-function is_valid_domain_name($domain_name) {
+function is_valid_domain_name($domain_name, $options = array()) {
   if (empty($domain_name)) {
     return false;
   }
+
+  // Convert domain name to ASCII for validation
   $domain_name = idn_to_ascii($domain_name, 0, INTL_IDNA_VARIANT_UTS46);
+
+  // Remove '*.' if wildcard subdomains are allowed
+  if (isset($options['allow_wildcard']) &&
+      $options['allow_wildcard'] == true &&
+      strpos($domain_name, '*.') === 0) {
+    $domain_name = substr($domain_name, 2);
+  }
+
   return (preg_match("/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i", $domain_name)
        && preg_match("/^.{1,253}$/", $domain_name)
        && preg_match("/^[^\.]{1,63}(\.[^\.]{1,63})*$/", $domain_name));
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index a0199fbdc..7638c9bbf 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1446,7 +1446,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           }
           foreach ($mx as $index => $mx_domain) {
             $mx_domain = idn_to_ascii(strtolower(trim($mx_domain)), 0, INTL_IDNA_VARIANT_UTS46);
-            if (!is_valid_domain_name($mx_domain)) {
+            if (!is_valid_domain_name($mx_domain, array('allow_wildcard' => true))) {
               $_SESSION['return'][] = array(
                 'type' => 'danger',
                 'log' => array(__FUNCTION__, $_action, $_type, $_data, $_attr),
@@ -3897,7 +3897,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             foreach ($mx as $index => $mx_domain) {
               $mx_domain = idn_to_ascii(strtolower(trim($mx_domain)), 0, INTL_IDNA_VARIANT_UTS46);
               $invalid_mx = false;
-              if (!is_valid_domain_name($mx_domain)) {
+              if (!is_valid_domain_name($mx_domain, array('allow_wildcard' => true))) {
                 $invalid_mx = $mx_domain;
                 break;
               }

From 4b2862cb3c2e8825620989aac42a735d16fe4313 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Mon, 22 Sep 2025 14:07:17 +0200
Subject: [PATCH 658/755] [Web] Remove Port from HTTP_HOST

---
 data/web/mta-sts.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/data/web/mta-sts.php b/data/web/mta-sts.php
index 51c39eb2f..650b8b583 100644
--- a/data/web/mta-sts.php
+++ b/data/web/mta-sts.php
@@ -6,7 +6,8 @@ if (!isset($_SERVER['HTTP_HOST']) || strpos($_SERVER['HTTP_HOST'], 'mta-sts.') !
   exit;
 }
 
-$domain = str_replace('mta-sts.', '', $_SERVER['HTTP_HOST']);
+$host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
+$domain = str_replace('mta-sts.', '', $host);
 $mta_sts = mailbox('get', 'mta_sts', $domain);
 
 if (count($mta_sts) == 0 ||

From 9940c503a2f9410cf802ed4a014699349c738099 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Mon, 22 Sep 2025 14:16:42 +0200
Subject: [PATCH 659/755] [Nginx] do not invert ENABLE_IPV6

---
 data/Dockerfiles/nginx/bootstrap.py | 2 +-
 docker-compose.yml                  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/nginx/bootstrap.py b/data/Dockerfiles/nginx/bootstrap.py
index d2d01c0b9..97ce7a4e1 100644
--- a/data/Dockerfiles/nginx/bootstrap.py
+++ b/data/Dockerfiles/nginx/bootstrap.py
@@ -10,7 +10,7 @@ def includes_conf(env, template_vars):
   server_name_config = f"server_name {template_vars['MAILCOW_HOSTNAME']} autodiscover.* autoconfig.* {' '.join(template_vars['ADDITIONAL_SERVER_NAMES'])};"
   listen_plain_config = f"listen {template_vars['HTTP_PORT']};"
   listen_ssl_config = f"listen {template_vars['HTTPS_PORT']};"
-  if not template_vars['ENABLE_IPV6']:
+  if template_vars['ENABLE_IPV6']:
     listen_plain_config += f"\nlisten [::]:{template_vars['HTTP_PORT']};"
     listen_ssl_config += f"\nlisten [::]:{template_vars['HTTPS_PORT']} ssl;"
   listen_ssl_config += "\nhttp2 on;"
diff --git a/docker-compose.yml b/docker-compose.yml
index a0cf85e6a..86a4f401a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -419,7 +419,7 @@ services:
         - php-fpm-mailcow
         - sogo-mailcow
         - rspamd-mailcow
-      image: ghcr.io/mailcow/nginx:1.04
+      image: ghcr.io/mailcow/nginx:1.05
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:

From ed4dcff63b67366ca3974ec3b048bb2299d16c06 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Mon, 22 Sep 2025 14:42:14 +0200
Subject: [PATCH 660/755] [Web] allow "*" as wildcard domain

---
 data/web/inc/functions.inc.php | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 2631f1214..bb2d35ea3 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1115,11 +1115,15 @@ function is_valid_domain_name($domain_name, $options = array()) {
   // Convert domain name to ASCII for validation
   $domain_name = idn_to_ascii($domain_name, 0, INTL_IDNA_VARIANT_UTS46);
 
-  // Remove '*.' if wildcard subdomains are allowed
-  if (isset($options['allow_wildcard']) &&
-      $options['allow_wildcard'] == true &&
-      strpos($domain_name, '*.') === 0) {
-    $domain_name = substr($domain_name, 2);
+  if (isset($options['allow_wildcard']) && $options['allow_wildcard'] == true) {
+    // Remove '*.' if wildcard domains are allowed
+    if (strpos($domain_name, '*.') === 0) {
+      $domain_name = substr($domain_name, 2);
+    }
+    // Allow '*' as wildcard domain
+    if ($domain_name === "*") {
+      return true;
+    }
   }
 
   return (preg_match("/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i", $domain_name)

From 383b5affb52cd20a87cdfd6235df7e51d4ad31b1 Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Mon, 22 Sep 2025 19:49:31 +0200
Subject: [PATCH 661/755] More clearer message to install required tool

---
 _modules/scripts/core.sh | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/_modules/scripts/core.sh b/_modules/scripts/core.sh
index f71368d24..e86c2afc9 100644
--- a/_modules/scripts/core.sh
+++ b/_modules/scripts/core.sh
@@ -17,7 +17,12 @@ caller="${BASH_SOURCE[1]##*/}"
 
 get_installed_tools(){
     for bin in openssl curl docker git awk sha1sum grep cut jq; do
-        if [[ -z $(command -v ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
+        if [[ -z $(command -v ${bin}) ]]; then
+          echo "Error: Cannot find command '${bin}'. Cannot proceed."
+          echo "Solution: Please install accordingly and re-run the script."
+          echo "Exiting..."
+          exit 1
+        fi
     done
 
     if grep --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo -e "${LIGHT_RED}BusyBox grep detected, please install gnu grep, \"apk add --no-cache --upgrade grep\"${NC}"; exit 1; fi
@@ -221,4 +226,4 @@ detect_major_update() {
       fi
     fi
   fi
-}
\ No newline at end of file
+}

From f2c4697ca3df548c6f56b5d2bf686c78bba8c573 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20=F0=9F=A6=84?=
 <43847817+codiflow@users.noreply.github.com>
Date: Mon, 22 Sep 2025 23:45:54 +0200
Subject: [PATCH 662/755] Fixed typo in lang de-de (#6765)

---
 data/web/lang/lang.de-de.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index b5f3f325d..dbc6b2f93 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -1100,7 +1100,7 @@
         "legend": "Funktionen der Mailqueue Aktionen:",
         "ays": "Soll die derzeitige Queue wirklich komplett bereinigt werden?",
         "deliver_mail": "Ausliefern",
-        "deliver_mail_legend": "Versucht eine erneute Zustellung der ausgwählten Mails.",
+        "deliver_mail_legend": "Versucht eine erneute Zustellung der ausgewählten Mails.",
         "hold_mail": "Zurückhalten",
         "hold_mail_legend": "Hält die ausgewählten Mails zurück. (Verhindert weitere Zustellversuche)",
         "queue_manager": "Queue Manager",

From 28985973eb746ea5486aa5377fd426ce7a5f5ab1 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Tue, 23 Sep 2025 10:07:33 +0200
Subject: [PATCH 663/755] [Web] Revert - allow "*" as wildcard domain

---
 data/web/inc/functions.inc.php | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index bb2d35ea3..5ac72ed24 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1116,14 +1116,10 @@ function is_valid_domain_name($domain_name, $options = array()) {
   $domain_name = idn_to_ascii($domain_name, 0, INTL_IDNA_VARIANT_UTS46);
 
   if (isset($options['allow_wildcard']) && $options['allow_wildcard'] == true) {
-    // Remove '*.' if wildcard domains are allowed
+    // Remove '*.' if wildcard subdomains are allowed
     if (strpos($domain_name, '*.') === 0) {
       $domain_name = substr($domain_name, 2);
     }
-    // Allow '*' as wildcard domain
-    if ($domain_name === "*") {
-      return true;
-    }
   }
 
   return (preg_match("/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i", $domain_name)

From 4440bd46adc73cd9be69f5f5716dbec4c92c7b73 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Tue, 23 Sep 2025 12:24:25 +0200
Subject: [PATCH 664/755] [Web] set cookie SameSite attribute to Lax

---
 data/web/inc/sessions.inc.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/web/inc/sessions.inc.php b/data/web/inc/sessions.inc.php
index bbc08cf13..1bb29d410 100644
--- a/data/web/inc/sessions.inc.php
+++ b/data/web/inc/sessions.inc.php
@@ -2,6 +2,7 @@
 // Start session
 if (session_status() !== PHP_SESSION_ACTIVE) {
   ini_set("session.cookie_httponly", 1);
+  ini_set("session.cookie_samesite", "Lax");
   ini_set('session.gc_maxlifetime', $SESSION_LIFETIME);
 }
 

From 8ead77083ff5ac58ab640f9fa9a8d58fec10b617 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Tue, 23 Sep 2025 12:39:48 +0200
Subject: [PATCH 665/755] [Web] Rename PHP Cookie to MCSESSID

---
 data/web/inc/sessions.inc.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/web/inc/sessions.inc.php b/data/web/inc/sessions.inc.php
index 1bb29d410..68b3d5585 100644
--- a/data/web/inc/sessions.inc.php
+++ b/data/web/inc/sessions.inc.php
@@ -1,6 +1,7 @@
 <?php
 // Start session
 if (session_status() !== PHP_SESSION_ACTIVE) {
+  session_name('MCSESSID');
   ini_set("session.cookie_httponly", 1);
   ini_set("session.cookie_samesite", "Lax");
   ini_set('session.gc_maxlifetime', $SESSION_LIFETIME);

From 011edd5ac9b6cdd73b9b01a4cc9528fa6b92e6e9 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Wed, 24 Sep 2025 17:36:09 +0200
Subject: [PATCH 666/755] [Web] Updated lang.si-si.json (#6771)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Matjaž Tekavec <matjaz@moj-svet.si>
---
 data/web/lang/lang.si-si.json | 108 +++++++++++++++++-----------------
 1 file changed, 54 insertions(+), 54 deletions(-)

diff --git a/data/web/lang/lang.si-si.json b/data/web/lang/lang.si-si.json
index 95e23a5cb..0b6626127 100644
--- a/data/web/lang/lang.si-si.json
+++ b/data/web/lang/lang.si-si.json
@@ -42,7 +42,7 @@
         "app_name": "Ime aplikacije",
         "app_password": "Dodaj geslo aplikacije",
         "app_passwd_protocols": "Dovoljeni protokoli za geslo aplikacije",
-        "automap": "Poskusi samodejno preslikati mape (\"Sent items\", \"Sent\" => \"Poslano\" ipd.)",
+        "automap": "Poskusi samodejno preslikati mape (\"Poslani elementi\", \"Poslano\" => \"Poslano\" ipd.)",
         "backup_mx_options": "Možnosti posredovanja (relay)",
         "comment_info": "Zasebni komentarji niso vidni uporabnikom, javni komentarji pa so prikazani kot opis, ko se z miško postavimo nad uporabnika v pregledu",
         "custom_params": "Parametri po meri",
@@ -152,7 +152,7 @@
         "customize": "Prilagodi",
         "destination": "Cilj",
         "dkim_add_key": "Dodaj ARC/DKIM ključ",
-        "dkim_domains_selector": "Izbira",
+        "dkim_domains_selector": "Izbirnik",
         "dkim_domains_wo_keys": "Izberi domene z manjkajočimi ključi",
         "dkim_from": "Od",
         "dkim_from_title": "Izvorna domena od katere prekopiram podatke",
@@ -178,8 +178,8 @@
         "f2b_filter": "Regex filtri",
         "f2b_max_attempts": "Največ poskusov",
         "f2b_max_ban_time": "Maksimalno trajanje blokade (s)",
-        "f2b_netban_ipv4": "velikost subneta IPv4 za blokiranje (8-32)",
-        "f2b_netban_ipv6": "Velikost subneta IPv6 za blokiranje (8-128)",
+        "f2b_netban_ipv4": "velikost podomrežja IPv4 za blokiranje (8-32)",
+        "f2b_netban_ipv6": "Velikost podomrežja IPv6 za blokiranje (8-128)",
         "f2b_parameters": "Fail2ban parametri",
         "f2b_regex_info": "Upoštevajo se dnevniki SOGo, Postfix, Dovecot, PHP-FPM.",
         "f2b_retry_window": "Upoštevan čas (s) za največ poskusov",
@@ -189,41 +189,41 @@
         "generate": "ustvari",
         "guid": "GUID - enolični ID instance",
         "guid_and_license": "GUID & licenca",
-        "hash_remove_info": "Odstranitev hasha za omejitev (če obstaja) bo povsem ponastavilo njen števec.<br>\n  Vsak hash je prikazan z individualno barvo.",
-        "help_text": "Zamenjaj tekst za pomoč pod masko za prijavo (HTML je dovoljen)",
+        "hash_remove_info": "Odstranitev zgoščene vrednosti za omejitev (če obstaja) bo povsem ponastavilo njen števec.<br>\n  Vsaka zgoščena vrednost je prikazana z individualno barvo.",
+        "help_text": "Preglasi besedilo za pomoč pod masko za prijavo (HTML je dovoljen)",
         "host": "Gostitelj",
         "html": "HTML",
         "import": "Uvozi",
         "import_private_key": "Uvozi zasebni ključ",
-        "in_use_by": "V uporabi",
+        "in_use_by": "V uporabi od",
         "inactive": "Neaktivno",
         "include_exclude": "Vključi/Izključi",
         "include_exclude_info": "Privzeto - če ni izbire - so vključeni <b>vsi poštni predali</b>",
         "includes": "Vključi te prejemnike",
-        "ip_check": "Kontrola IP",
-        "ip_check_disabled": "Kontrola IP je onemogočena. Lahko jo omogočite pod <br/> <strong>Sistem > Konfiguracija > Možnosti > Prilagodi</strong>",
-        "ip_check_opt_in": "Opt-in za uporabo zunanje storitve <strong>ipv4.mailcow.email</strong> in <strong>ipv6.mailcow.email</strong> za razreševanje zunanjih IP.",
-        "is_mx_based": "Glede na MX",
-        "last_applied": "Nazadnje aplicirano",
+        "ip_check": "Preverjanje IP-ja",
+        "ip_check_disabled": "Preverjanje IP-ja je onemogočeno. Lahko ga omogočite pod <br/> <strong>Sistem > Konfiguracija > Možnosti > Prilagodi</strong>",
+        "ip_check_opt_in": "Prijavite se za uporabo storitev tretjih oseb <strong>ipv4.mailcow.email</strong> in <strong>ipv6.mailcow.email</strong> za razreševanje zunanjih IP naslovov.",
+        "is_mx_based": "Glede na MX zapis",
+        "last_applied": "Nazadnje uporabljeno",
         "link": "Povezava",
         "loading": "Prosim počakajte...",
         "login_time": "Čas prijave",
-        "logo_info": "Vaša slika bo pomanjšana na velikost 40px za zgornjo navigacijo in največjo velikost 250px za začetno stran. Zelo priporočena je uporaba grafike brez izgube kakovosti ob spremembi velikosti.",
+        "logo_info": "Vaša slika bo pomanjšana na višino 40 slikovnih pik za zgornjo navigacijsko vrstico in na največjo širino 250 slikovnih pik za začetno stran. Zelo priporočljiva je skalabilna grafika.",
         "message": "Sporočilo",
         "message_size": "Velikost sporočila",
         "nexthop": "Naslednji skok",
         "no": "&#10005;",
         "no_active_bans": "Ni aktivnih blokad",
-        "no_new_rows": "Ni dodatnih vrstic",
+        "no_new_rows": "Nadaljnjih vrstic ni na voljo",
         "no_record": "Ni zapisa",
         "oauth2_apps": "OAuth2 aplikacije",
         "oauth2_add_client": "Dodaj OAuth2 klienta",
-        "oauth2_client_id": "ID klienta",
-        "oauth2_client_secret": "Skrivnost (secret)",
+        "oauth2_client_id": "ID odjemalca",
+        "oauth2_client_secret": "Skrivnost odjemalca",
         "oauth2_redirect_uri": "URI za preusmeritev",
-        "oauth2_renew_secret": "Generiraj nov client secret",
-        "oauth2_revoke_tokens": "Zavrni vse tokene klientov",
-        "optional": "opcijsko",
+        "oauth2_renew_secret": "Generiraj novo skrivnost odjemalca",
+        "oauth2_revoke_tokens": "Prekliči vse žetone odjemalca",
+        "optional": "neobvezno",
         "options": "Možnosti",
         "password": "Geslo",
         "password_length": "Dolžina gesla",
@@ -238,21 +238,21 @@
         "private_key": "Zasebni ključ",
         "quarantine": "Karantena",
         "quarantine_bcc": "Pošlji kopijo vseh obvestil (BCC) temu prejemniku:<br><small>Pustite prazno za izklop te funkcije. <b>Nepodpisana, nepreverjena pošta. Uporabljalo naj bi se samo za interno dostavo.</b></small>",
-        "quarantine_exclude_domains": "Izključi domene in alias-domene",
-        "quarantine_max_age": "Maksimalna starost v dnevnih<br><small>Vrednost mora biti večja ali enaka 1 dnevu</small>",
-        "quarantine_max_score": "Opusti obvestilo, če je ocena spama večja od te vrednosti:<br><small>Privzeto 9999.0</small>",
-        "quarantine_max_size": "Največja velikost v MiB (Večji elementi so zavrženi):<br><small>0 <b>ne</b> pomeni neomejeno.</small>",
-        "quarantine_notification_html": "Predloga sporočila za obvestilo:<br><small>Pustite prazno za obnovitev privzete predloge.</small>",
-        "quarantine_notification_sender": "Pošiljatelj obvestila",
-        "quarantine_notification_subject": "Naslov obvestila",
-        "quarantine_release_format": "Oblika sproščenih elementov",
+        "quarantine_exclude_domains": "Izključi domene in vzdevke domen",
+        "quarantine_max_age": "Najvišja starost v dneh<br><small>Vrednost mora biti enaka ali večja od 1 dneva.</small>",
+        "quarantine_max_score": "Zavrzi obvestilo, če je ocena neželene pošte višja od te vrednosti:<br><small>Privzeto 9999,0</small>",
+        "quarantine_max_size": "Največja velikost v MiB (večji elementi so zavrženi):<br><small>0 <b>ne</b> pomeni neomejeno.</small>",
+        "quarantine_notification_html": "Predloga za obvestilo po e-pošti:<br><small>Pustite prazno, če želite obnoviti privzeto predlogo.</small>",
+        "quarantine_notification_sender": "Pošiljatelj obvestil po e-pošti",
+        "quarantine_notification_subject": "Zadeva e-poštnega obvestila",
+        "quarantine_release_format": "Oblika izdanih elementov",
         "quarantine_release_format_att": "Kot priponka",
-        "quarantine_release_format_raw": "Nespremenjen original",
-        "quarantine_retention_size": "Število zadržanj na poštni predal: <br><small>0 pomeni <b>neaktivno</b>,</small>",
+        "quarantine_release_format_raw": "Nespremenjen izvirnik",
+        "quarantine_retention_size": "Hrambe na poštni predal:<br><small>0 pomeni <b>neaktivno</b>.</small>",
         "quota_notification_sender": "Pošiljatelj obvestila",
         "quota_notification_subject": "Predmet obvestila",
-        "quota_notifications": "Obvestila o omejitvi",
-        "quota_notifications_info": "Obvestila o omejitvi so poslana uporabnikom enkrat, ko presežejo 80% in enkrat ko presežejo 95% zasedenosti.",
+        "quota_notifications": "Obvestila o kvotah",
+        "quota_notifications_info": "Obvestila o kvoti se uporabnikom pošljejo enkrat, ko presežejo 80 % in enkrat, ko presežejo 95 % porabe.",
         "queue_unban": "odblokiraj",
         "r_active": "Aktivne omejitve",
         "r_inactive": "Neaktivne omejitve",
@@ -268,8 +268,8 @@
         "remove": "Odstrani",
         "remove_row": "Odstrani vrstico",
         "reset_default": "Ponastavi na privzeto",
-        "reset_limit": "Odstrani hash",
-        "routing": "Routing",
+        "reset_limit": "Odstrani zgoščeno vrednost",
+        "routing": "Usmerjanje",
         "rsetting_add_rule": "Dodaj pravilo",
         "rsetting_content": "Vsebina pravila",
         "rsetting_desc": "Kratek opis",
@@ -277,10 +277,10 @@
         "rsetting_none": "Ni pravil na voljo",
         "rsettings_insert_preset": "Vstavi prednastavljen primer \"%s\"",
         "rsettings_preset_1": "Onemogoči vse razen DKIM in omejitve za prijavljene uporabnike",
-        "rsettings_preset_2": "Postmasterji želijo spam",
-        "rsettings_preset_3": "Dovoli samo specifične pošiljatelje za poštni predal (npr. uporaba samo kot interni poštni predal)",
+        "rsettings_preset_2": "Poštni upravitelji želijo neželeno pošto",
+        "rsettings_preset_3": "Dovoli samo določene pošiljatelje za poštni predal (tj. uporabo samo kot notranji poštni predal)",
         "rsettings_preset_4": "Onemogoči Rspamd za domeno",
-        "rspamd_com_settings": "Ime nastavitve bo samodejno generirano. Prosim oglejte si primere nastavitev spodaj. Za več informacij si oglejte <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">dokumentacijo Rspamd</a>",
+        "rspamd_com_settings": "Ime nastavitve bo samodejno ustvarjeno, oglejte si spodnje primere prednastavitev. Za več podrobnosti glejte <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">dokumentacijo Rspamd</a>",
         "rspamd_global_filters": "Globalne preslikave filtrov",
         "rspamd_global_filters_agree": "Previden bom!",
         "rspamd_global_filters_info": "Globalni filtri vsebujejo različne vrste globalnih seznamov zavrnjenih in dovoljenih vsebin.",
@@ -295,30 +295,30 @@
         "f2b_list_info": "Gostitelj ali omrežje na seznamu zavrnjenih bo vedno imelo prednost pred entiteto na seznamu dovoljenih. <b>Posodobitve seznama bodo trajale nekaj sekund, da se uporabijo.</b>",
         "forwarding_hosts": "Gostitelji za posredovanje",
         "forwarding_hosts_add_hint": "Lahko vpišete IPv4/IPv6 naslove, mreže v CIDR obliki, imena gostiteljev (kateri se prevedejo v IP naslove) ali imena domen (katera se prevedejo v IP naslove glede na poizvedbo po SPF zapisih, v primeru manjkajočih zapisov pa MX zapisih).",
-        "forwarding_hosts_hint": "Dohodna sporočila so brezpogojno sprejeta od katerih koli gostiteljev v tem seznamu. Ti gostitelji se ne bodo preverjali po DNSBL seznamih in ne bodo dodani v greyliste. Prejeti spam s teh gostiteljev ni nikoli zavrnjen, opcijsko pa se lahko premakne v mapo neželene pošte. Najpogostejša uporaba za to je navedba poštnih strežnikov, iz katerih ste nastavili pravilo za posredovanje pošte na vaš mailcow strežnik.",
-        "license_info": "Licenca ni zahtevana, a pomaga pri nadaljnjem razvoju. <br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"Naročilo SAL\">Registrirajte svoj GUID tukaj</a> ali <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Naročilo podpora\">Kupite podporo za svojo namestitev Mailcow.</a>",
-        "lookup_mx": "Cilj je regular expression za ujemanje MX zapisov (<code>.*\\.google\\.com</code> za usmeritev vse pošte na MX, ki se konča z google.com, preko tega skoka)",
+        "forwarding_hosts_hint": "Dohodna sporočila so brezpogojno sprejeta od katerih koli gostiteljev v tem seznamu. Ti gostitelji se ne bodo preverjali po DNSBL seznamih in ne bodo dodani v listo sivih. Prejeta neželena pošta s teh gostiteljev ni nikoli zavrnjena, opcijsko pa se lahko premakne v mapo neželene pošte. Najpogostejša uporaba za to je navedba poštnih strežnikov, iz katerih ste nastavili pravilo za posredovanje pošte na vaš mailcow strežnik.",
+        "license_info": "Licenca ni zahtevana, a pomaga pri nadaljnjem razvoju. <br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"Naročilo SAL\">Registrirajte svoj GUID tukaj</a> ali <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Naročilo podpore\">Kupite podporo za svojo namestitev Mailcow.</a>",
+        "lookup_mx": "Cilj je regularni izraz, ki se ujema z imenom MX (<code>.*\\.google\\.com</code> za usmerjanje vse pošte, usmerjene na MX, ki se konča na google.com, prek tega skoka).",
         "main_name": "Naziv \"mailcow UI\"",
         "merged_vars_hint": "Sive vrstice so združene iz <code>vars.(local.)inc.php</code> in jih ni mogoče spremeniti.",
-        "oauth2_info": "OAuth2 implementacija omogoča grant vrste \"Authorization code\" in izdaja refresh tokene.<br>\nStrežnik prav tako izda nove refresh tokene, ko je bil refresh token uporabljen<br><br>\n&#8226; Privzeti obseg je <i>profile</i>. Samo uporabniki poštnih predalov se lahko prijavijo s pomočjo OAuth2. Če parameter obsega ni vnesen, se nastavi na <i>profile</i>.<br>\n&#8226; Parameter <i>state</i> mora biti poslan s strani klienta kot del zahtevka za avtorizacijo .<br><br>\nPoti za OAuth2 API: <br>\n<ul>\n  <li>Endpoint za avtorizacijo: <code>/oauth/authorize</code></li>\n  <li>Endpoint za tokene: <code>/oauth/token</code></li>\n  <li>Stran vira: <code>/oauth/profile</code></li>\n</ul>\nPonovno generiranje client secret ne bo razveljavilo obstoječih avtorizacijskih kod, ne bodo pa mogle obnoviti svoje tokene.<br><br>\nZavrnitev client tokenov bo povzročilo tekojčno prekinitev aktivnih sej. Vsi klienti se bodo morali ponovno prijaviti.",
-        "quarantine_redirect": "<b>Preusmeri vsa obvestila</b> k temu prejemniku:<br><small>Pustite prazno, da onemogočite. <b>Nepodpisana, nepreverjena pošta. Uporabljalo bi se naj samo za interno dostavo.</b></small>",
+        "oauth2_info": "Implementacija OAuth2 podpira vrsto odobritve »Avtorizacijska koda« in izda osvežilne žetone.<br>\nStrežnik samodejno izda tudi nove osvežilne žetone, ko je žeton za osvežitev uporabljen.<br><br>\n&#8226; Privzeti obseg je <i>profile</i>. Prek OAuth2 je mogoče overiti samo uporabnike poštnega predala. Če parameter obsega izpustite, se vrne na <i>profile</i>.<br>\n&#8226; Parameter <i>state</i> mora odjemalec poslati kot del zahteve za avtorizacijo.<br><br>\nPoti za zahteve do API-ja OAuth2: <br>\n<ul>\n<li>Končna točka avtorizacije: <code>/oauth/authorize</code></li>\n<li>Končna točka žetona: <code>/oauth/token</code></li>\n<li>Stran z viri: <code>/oauth/profile</code></li>\n</ul>\nPonovno ustvarjanje skrivnosti odjemalca ne bo poteklo obstoječih kod za avtorizacijo, vendar ne bo obnovilo žetona.<br><br>\nPreklic žetonov odjemalca bo povzročil takojšnjo prekinitev vseh aktivnih sej. Vse stranke se morajo ponovno overiti.",
+        "quarantine_redirect": "<b>Preusmerite vsa obvestila</b> temu prejemniku:<br><small>Pustite prazno, če želite onemogočiti. <b>Nepodpisana, nepreverjena pošta. Dostavljeno samo interno.</b></small>",
         "quota_notification_html": "Predloga sporočila za obvestilo:<br><small>Pustite prazno za obnovitev privzete predloge.</small>",
-        "quota_notifications_vars": "{{percent}} pomeni trenutna omejitev uporabnika<br>{{username}} je ime poštnega predala",
-        "r_info": "Sivi/onemogočeni elementi v seznamu aktivnih omejitev niso znane kot veljavne omejitve za mailcow in ne morejo biti premaknjene. Neznane omejitve bodo kljub temu nastavljene po vrstnem redu pojavitve. <br>Nove elemente lahko dodate v <code>inc/vars.local.inc.php</code> da jih lahko vklopite ali izklopite.",
-        "relayhosts_hint": "Določite transporte glede na pošiljatelja, da jih lahko izberete v konfiguraciji domene.<br>\nTransportni servis je vedno \"smtp:\" in bo poskušal s TLS ko bo na voljo. Wrapped TLS (SMTPS) ni podprto. Upošteva se uporabnikova politika odhodnega TLS.<br>\nVpliva na izbrane domene vključno z alias domenami.",
-        "transport_dest_format": "Regex ali sintaksa: example.org, .example.org, *, box@example.org (več vrednosti ločite z vejico)",
-        "transport_test_rcpt_info": "&#8226; Uporabite null@hosted.mailcow.de za testiranje relaya na drugo destinacijo.",
-        "rspamd_global_filters_regex": "Njihovi nazivi pojasnijo njihov namen. Vsa vsebina mora imeti veljaven regular expression v obliki \"/pattern/options\" (npr. <code>/.+@domain\\.tld/i</code>).<br>\nČeprav se v vsaki vrstici regexa izvedejo osnovni pregledi, je lahko funkcionalnost programa Rspamd motena, če sintaksa ni pravilna.<br>\nRspamd bo poskušal prebrati vsebino preslikave, ko bo spremenjena. Če imate težave, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">ponovno zaženite Rspamd</a>, da prisilite ponovno nalaganje preslikav.<br> Elementi na seznamu zavrnjenih so izključeni iz karantene.",
+        "quota_notifications_vars": "{{percent}} je enako trenutni kvoti uporabnika<br>{{username}} je ime poštnega predala",
+        "r_info": "Sivi/onemogočeni elementi v seznamu aktivnih omejitev niso znane kot veljavne omejitve za mailcow in ne morejo biti premaknjene. Neznane omejitve bodo kljub temu nastavljene po vrstnem redu pojavljanja. <br>Nove elemente lahko dodate v <code>inc/vars.local.inc.php</code> da jih lahko vklopite ali izklopite.",
+        "relayhosts_hint": "Določite transporte, odvisne od pošiljatelja, da jih boste lahko izbrali v pogovornem oknu za konfiguracijo domen.<br>\n  Transportna storitev je vedno »smtp:« in bo zato poskusila s TLS, ko bo ponujena. Zaviti TLS (SMTPS) ni podprt. Upošteva se individualna nastavitev pravilnika za odhodni TLS uporabnika.<br>\n  Vpliva na izbrane domene, vključno z vzdevki domen.",
+        "transport_dest_format": "Regex ali sintaksa: example.org, .example.org, *, box@example.org (več vrednosti je lahko ločenih z vejicami)",
+        "transport_test_rcpt_info": "&#8226; Za preizkus posredovanja v tujino uporabite null@hosted.mailcow.de.",
+        "rspamd_global_filters_regex": "Njihova imena pojasnjujejo njihov namen. Vsa vsebina mora vsebovati veljaven regularni izraz v obliki »/vzorec/možnosti« (npr. <code>/.+@domena\\.tld/i</code>).<br>\n  Čeprav se v vsaki vrstici regularnega izraza izvajajo osnovna preverjanja, je lahko funkcionalnost Rspamdsa pokvarjena, če sintakse ne prebere pravilno.<br>\n  Rspamd bo poskušal prebrati vsebino zemljevida, ko se bo spremenila. Če pride do težav, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">znova zaženite Rspamd</a>, da uveljavite ponovno nalaganje zemljevida.<br>Elementi na seznamu zavrnjenih so izključeni iz karantene.",
         "rspamd_settings_map": "Preslikava nastavitev Rspamd",
         "sal_level": "Moo stopnja",
         "save": "Shrani spremembe",
         "search_domain_da": "Išči domene",
         "send": "Pošlji",
         "sender": "Pošiljatelj",
-        "service": "Servis",
-        "service_id": "ID servisa",
+        "service": "Storitev",
+        "service_id": "ID storitve",
         "source": "Vir",
-        "spamfilter": "Spam filter",
+        "spamfilter": "Filter neželene pošte",
         "subject": "Predmet",
         "success": "Uspešno",
         "sys_mails": "Sistemska pošta",
@@ -328,7 +328,7 @@
         "title_name": "Naziv spletnega mesta \"mailcow UI\"",
         "to_top": "Nazaj na vrh",
         "transport_maps": "Preslikave transportov",
-        "transports_hint": "&#8226; Vpis preslikave transporta <b>nadredi</b> preslikavo transporta odvisno od pošiljatelja.<br>\n&#8226; Preferenčno se uporabljajo transporti glede na MX zapise.<br>\n&#8226; Izhodne TLS politike na uporabnika so ignorirane in se lahko vsilijo samo s preslikavami TLS politik.<br>\n&#8226; Transportni servis za definirane transporte je vedno \"smtp:\" in bo posledično poskušal TLS ko bo ponujeno. Wrapped TLS (SMTPS) ni podprto.<br>\n&#8226; Naslovi, ki se ujemajo z \"/localhost$/\" bodo vedno preneseni preko \"local:\", in zato destinacija \"*\" ne bo vplivala na te naslove.<br>\n&#8226; Za določitev poverilnic za naslednji skok (npr. \"[host]:25\"), Postfix <b>vedno</b> preveri \"host\" preden išče \"[host]:25\". Zaradi takšnega obnašanja je nemogoče hkrati uporabiti \"host\" in \"[host]:25\".",
+        "transports_hint": "&#8226; Vnos preslikave transporta <b>preglasi</b> preslikavo transporta, ki je odvisen od pošiljatelja.<br>\n&#8226; Po možnosti se uporabljajo transporti, ki temeljijo na MX.<br>\n&#8226; Nastavitve pravilnika TLS za odhodne uporabnike se prezrejo in jih je mogoče uveljaviti le z vnosi v zemljevidu pravilnika TLS.<br>\n&#8226; Storitev transporta za definirane transporte je vedno »smtp:« in bo zato poskusila s TLS, ko bo ponujena. Zaviti TLS (SMTPS) ni podprt.<br>\n&#8226; Naslovi, ki se ujemajo z \"/localhost$/\" bodo vedno preneseni preko \"local:\", in zato cilj \"*\" ne bo veljal za te naslove.<br>\n&#8226; Za določitev poverilnic za zgledni naslednji skok \"[host]:25\", Postfix <b>vedno</b> poišče \"host\" preden poišče \"[host]:25\". Zaradi tega vedenja je nemogoče hkrati uporabljati \"host\" in \"[host]:25\".",
         "ui_footer": "Noga (HTML dovoljen)",
         "ui_header_announcement": "Obvestila",
         "ui_header_announcement_active": "Nastavi obvestilo kot aktivno",
@@ -340,7 +340,7 @@
         "ui_header_announcement_type_info": "Info",
         "ui_header_announcement_type_warning": "Pomembno",
         "ui_texts": "Oznake in besedila UI",
-        "unban_pending": "unban v postopku",
+        "unban_pending": "odblokada v teku",
         "unchanged_if_empty": "Če je nespremenjeno, pustite prazno",
         "upload": "Naloži",
         "username": "Uporabniško ime",
@@ -395,7 +395,7 @@
         "iam_token_url": "Končna točka žetona",
         "iam_userinfo_url": "Končna točka z uporabniškimi podatki",
         "iam_username_field": "Polje z uporabniškim imenom",
-        "iam_binddn": "Povezava DN",
+        "iam_binddn": "Vezava DN",
         "iam_use_ssl": "Uporabi SSL",
         "iam_use_tls": "Uporabi StartTLS",
         "iam_version": "Različica",
@@ -559,7 +559,7 @@
         "version_invalid": "Različica %s je neveljavna"
     },
     "debug": {
-        "containers_info": "Informacije o vsebniku (containerju)",
+        "containers_info": "Informacije o zabojniku",
         "architecture": "Arhitektura",
         "chart_this_server": "Diagram (ta strežnik)",
         "container_running": "Aktiven",

From c915bf2ee20aa54482b2701f0e8220ea02f14ebe Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Wed, 24 Sep 2025 19:06:47 +0200
Subject: [PATCH 667/755] Add docs link to get_installed_tools() message

---
 _modules/scripts/core.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/_modules/scripts/core.sh b/_modules/scripts/core.sh
index e86c2afc9..f776c6212 100644
--- a/_modules/scripts/core.sh
+++ b/_modules/scripts/core.sh
@@ -19,7 +19,8 @@ get_installed_tools(){
     for bin in openssl curl docker git awk sha1sum grep cut jq; do
         if [[ -z $(command -v ${bin}) ]]; then
           echo "Error: Cannot find command '${bin}'. Cannot proceed."
-          echo "Solution: Please install accordingly and re-run the script."
+          echo "Solution: Please review system requirements and install requirements. Then, re-run the script."
+          echo "See System Requirements: https://docs.mailcow.email/getstarted/install/"
           echo "Exiting..."
           exit 1
         fi

From 7028619742d2f8c962e7fcef269936511fdc7eb9 Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Wed, 24 Sep 2025 21:17:29 +0200
Subject: [PATCH 668/755] Update GitHub's issue template

---
 .github/ISSUE_TEMPLATE/Bug_report.yml | 77 ++++++++++++++-------------
 1 file changed, 41 insertions(+), 36 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.yml b/.github/ISSUE_TEMPLATE/Bug_report.yml
index afa1a27f8..df2acdb6b 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/Bug_report.yml
@@ -11,22 +11,35 @@ body:
         required: true
   - type: checkboxes
     attributes:
-      label: I've found a bug and checked that ...
-      description: Prior to placing the issue, please check following:** *(fill out each checkbox with an `X` once done)*
+      label: Checklist prior issue creation
+      description: Prior to creating the issue...
       options:
-      - label: ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
-        required: true
-      - label: ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
-        required: true
-      - label: ... I have understood that answers are voluntary and community-driven, and not commercial support.
-        required: true
-      - label: ... I have verified that my issue has not been already answered in the past. I also checked previous [issues](https://github.com/mailcow/mailcow-dockerized/issues).
-        required: true
+        - label: I understand that failure to follow below instructions may cause this issue to be closed.
+          required: true
+        - label: I understand that vague, incomplete or inaccurate information may cause this issue to be closed.
+          required: true
+        - label: I understand that this form is intended solely for reporting software bugs and not for support-related inquiries.
+          required: true
+        - label: I understand that all responses are voluntary and community-driven, and do not constitute commercial support.
+          required: true
+        - label: I confirm that I have reviewed previous [issues](https://github.com/mailcow/mailcow-dockerized/issues) to ensure this matter has not already been addressed.
+          required: true
+        - label: I confirm that my environment meets all [prerequisite requirements](https://docs.mailcow.email/getstarted/prerequisite-system/) as specified in the official documentation.
+          required: true
   - type: textarea
     attributes:
       label: Description
-      description: Please provide a brief description of the bug in 1-2 sentences. If applicable, add screenshots to help explain your problem. Very useful for bugs in mailcow UI.
-      render: plain text
+      description: Please provide a brief description of the bug. If applicable, add screenshots to help explain your problem. (Very useful for bugs in mailcow UI.)
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Steps to reproduce:"
+      description: "Please describe the steps to reproduce the bug. Screenshots can be added, if helpful."
+      placeholder: |-
+        1. ...
+        2. ...
+        3. ...
     validations:
       required: true
   - type: textarea
@@ -36,45 +49,36 @@ body:
       render: plain text
     validations:
       required: true
-  - type: textarea
-    attributes:
-      label: "Steps to reproduce:"
-      description: "Please describe the steps to reproduce the bug. Screenshots can be added, if helpful."
-      render: plain text
-      placeholder: |-
-        1. ...
-        2. ...
-        3. ...
-    validations:
-      required: true
   - type: markdown
     attributes:
       value: |
         ## System information
-        ### In this stage we would kindly ask you to attach general system information about your setup.
+        In this stage we would kindly ask you to attach general system information about your setup.
   - type: dropdown
     attributes:
       label: "Which branch are you using?"
-      description: "#### `git rev-parse --abbrev-ref HEAD`"
+      description: "#### Run: `git rev-parse --abbrev-ref HEAD`"
       multiple: false
       options:
-        - master
+        - master (stable)
+        - staging
         - nightly
     validations:
       required: true
   - type: dropdown
     attributes:
       label: "Which architecture are you using?"
-      description: "#### `uname -m`"
+      description: "#### Run: `uname -m`"
       multiple: false
       options:
-        - x86
+        - x86_64
         - ARM64 (aarch64)
     validations:
       required: true
   - type: input
     attributes:
       label: "Operating System:"
+      description: "#### Run: `lsb_release -ds`"
       placeholder: "e.g. Ubuntu 22.04 LTS"
     validations:
       required: true
@@ -93,43 +97,44 @@ body:
   - type: input
     attributes:
       label: "Virtualization technology:"
-      placeholder: "KVM, VMware, Xen, etc - **LXC and OpenVZ are not supported**"
+      description: "LXC and OpenVZ are not supported!"
+      placeholder: "KVM, VMware ESXi, Xen, etc"
     validations:
       required: true
   - type: input
     attributes:
       label: "Docker version:"
-      description: "#### `docker version`"
+      description: "#### Run: `docker version`"
       placeholder: "20.10.21"
     validations:
       required: true
   - type: input
     attributes:
       label: "docker-compose version or docker compose version:"
-      description: "#### `docker-compose version` or `docker compose version`"
+      description: "#### Run: `docker-compose version` or `docker compose version`"
       placeholder: "v2.12.2"
     validations:
       required: true
   - type: input
     attributes:
       label: "mailcow version:"
-      description: "#### ```git describe --tags `git rev-list --tags --max-count=1` ```"
-      placeholder: "2022-08"
+      description: "#### Run: ```git describe --tags `git rev-list --tags --max-count=1` ```"
+      placeholder: "2022-08x"
     validations:
       required: true
   - type: input
     attributes:
       label: "Reverse proxy:"
-      placeholder: "e.g. Nginx/Traefik"
+      placeholder: "e.g. nginx/Traefik, or none"
     validations:
       required: true
   - type: textarea
     attributes:
       label: "Logs of git diff:"
-      description: "#### Output of `git diff origin/master`, any other changes to the code? If so, **please post them**:"
+      description: "#### Output of `git diff origin/master`, any other changes to the code? Sanitize if needed. If so, **please post them**:"
       render: plain text
     validations:
-      required: true
+      required: false
   - type: textarea
     attributes:
       label: "Logs of iptables -L -vn:"

From eabd22188b8c58fec533ef815fca59ddd676c121 Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Wed, 24 Sep 2025 21:20:48 +0200
Subject: [PATCH 669/755] Re-intend checkboxes

---
 .github/ISSUE_TEMPLATE/Bug_report.yml | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.yml b/.github/ISSUE_TEMPLATE/Bug_report.yml
index df2acdb6b..f6fb7d280 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/Bug_report.yml
@@ -14,18 +14,18 @@ body:
       label: Checklist prior issue creation
       description: Prior to creating the issue...
       options:
-        - label: I understand that failure to follow below instructions may cause this issue to be closed.
-          required: true
-        - label: I understand that vague, incomplete or inaccurate information may cause this issue to be closed.
-          required: true
-        - label: I understand that this form is intended solely for reporting software bugs and not for support-related inquiries.
-          required: true
-        - label: I understand that all responses are voluntary and community-driven, and do not constitute commercial support.
-          required: true
-        - label: I confirm that I have reviewed previous [issues](https://github.com/mailcow/mailcow-dockerized/issues) to ensure this matter has not already been addressed.
-          required: true
-        - label: I confirm that my environment meets all [prerequisite requirements](https://docs.mailcow.email/getstarted/prerequisite-system/) as specified in the official documentation.
-          required: true
+      - label: I understand that failure to follow below instructions may cause this issue to be closed.
+        required: true
+      - label: I understand that vague, incomplete or inaccurate information may cause this issue to be closed.
+        required: true
+      - label: I understand that this form is intended solely for reporting software bugs and not for support-related inquiries.
+        required: true
+      - label: I understand that all responses are voluntary and community-driven, and do not constitute commercial support.
+        required: true
+      - label: I confirm that I have reviewed previous [issues](https://github.com/mailcow/mailcow-dockerized/issues) to ensure this matter has not already been addressed.
+        required: true
+      - label: I confirm that my environment meets all [prerequisite requirements](https://docs.mailcow.email/getstarted/prerequisite-system/) as specified in the official documentation.
+        required: true
   - type: textarea
     attributes:
       label: Description

From 171c591da42a83bd9bd053ff8b1f15be1b10b231 Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Fri, 26 Sep 2025 01:14:23 +0200
Subject: [PATCH 670/755] Enable REDIRECT_HTTP=y by default

---
 generate_config.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/generate_config.sh b/generate_config.sh
index 9a0bd132b..3711c1138 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -218,7 +218,7 @@ HTTPS_PORT=443
 HTTPS_BIND=
 
 # Redirect HTTP connections to HTTPS - y/n
-HTTP_REDIRECT=n
+HTTP_REDIRECT=y
 
 # ------------------------------
 # Other bindings

From 5f4a4fd759b0ad3671e59b092cb2a2f571c4cb53 Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Fri, 26 Sep 2025 01:14:33 +0200
Subject: [PATCH 671/755] Removed new lines for consistency

---
 generate_config.sh | 33 +--------------------------------
 1 file changed, 1 insertion(+), 32 deletions(-)

diff --git a/generate_config.sh b/generate_config.sh
index 3711c1138..6b193f84d 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -172,7 +172,6 @@ cat << EOF > mailcow.conf
 # example.org is _not_ a valid hostname, use a fqdn here.
 # Default admin user is "admin"
 # Default password is "moohoo"
-
 MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
 
 # Password hash algorithm
@@ -183,19 +182,16 @@ MAILCOW_PASS_SCHEME=BLF-CRYPT
 # ------------------------------
 # SQL database configuration
 # ------------------------------
-
 DBNAME=mailcow
 DBUSER=mailcow
 
 # Please use long, random alphanumeric strings (A-Za-z0-9)
-
 DBPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
 DBROOT=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
 
 # ------------------------------
 # REDIS configuration
 # ------------------------------
-
 REDISPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
 
 # ------------------------------
@@ -210,7 +206,6 @@ REDISPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
 # Example: HTTP_BIND=1.2.3.4
 # For IPv4 leave it as it is: HTTP_BIND= & HTTPS_PORT=
 # For IPv6 see https://docs.mailcow.email/post_installation/firststeps-ip_bindings/
-
 HTTP_PORT=80
 HTTP_BIND=
 
@@ -225,7 +220,6 @@ HTTP_REDIRECT=y
 # ------------------------------
 # You should leave that alone
 # Format: 11.22.33.44:25 or 12.34.56.78:465 etc.
-
 SMTP_PORT=25
 SMTPS_PORT=465
 SUBMISSION_PORT=587
@@ -241,12 +235,10 @@ REDIS_PORT=127.0.0.1:7654
 # Your timezone
 # See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones for a list of timezones
 # Use the column named 'TZ identifier' + pay attention for the column named 'Notes'
-
 TZ=${MAILCOW_TZ}
 
 # Fixed project name
 # Please use lowercase letters only
-
 COMPOSE_PROJECT_NAME=mailcowdockerized
 
 # Used Docker Compose version
@@ -254,7 +246,6 @@ COMPOSE_PROJECT_NAME=mailcowdockerized
 # For more informations take a look at the mailcow docs regarding the configuration options.
 # Normally this should be untouched but if you decided to use either of those you can switch it manually here.
 # Please be aware that at least one of those variants should be installed on your machine or mailcow will fail.
-
 DOCKER_COMPOSE_VERSION=${COMPOSE_VERSION}
 
 # Set this to "allow" to enable the anyone pseudo user. Disabled by default.
@@ -267,7 +258,6 @@ ACL_ANYONE=disallow
 # Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring
 # How long should objects remain in the garbage until they are being deleted? (value in minutes)
 # Check interval is hourly
-
 MAILDIR_GC_TIME=7200
 
 # Additional SAN for the certificate
@@ -282,8 +272,6 @@ MAILDIR_GC_TIME=7200
 #ADDITIONAL_SAN=srv1.example.net
 # ...or combine wildcard and static names:
 #ADDITIONAL_SAN=imap.*,srv1.example.com
-#
-
 ADDITIONAL_SAN=
 
 # Obtain certificates for autodiscover.* and autoconfig.* domains.
@@ -300,11 +288,9 @@ AUTODISCOVER_SAN=y
 # If the server name does not match a known site, Nginx decides by best-guess and may redirect users to the wrong web root.
 # You can understand this as server_name directive in Nginx.
 # Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f
-
 ADDITIONAL_SERVER_NAMES=
 
 # Skip running ACME (acme-mailcow, Let's Encrypt certs) - y/n
-
 SKIP_LETS_ENCRYPT=n
 
 # Create seperate certificates for all domains - y/n
@@ -313,52 +299,41 @@ SKIP_LETS_ENCRYPT=n
 ENABLE_SSL_SNI=n
 
 # Skip IPv4 check in ACME container - y/n
-
 SKIP_IP_CHECK=n
 
 # Skip HTTP verification in ACME container - y/n
-
 SKIP_HTTP_VERIFICATION=n
 
 # Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n
-
 SKIP_UNBOUND_HEALTHCHECK=n
 
 # Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n
-
 SKIP_CLAMD=${SKIP_CLAMD}
 
 # Skip Olefy (olefy-mailcow) anti-virus for Office documents (Rspamd will auto-detect a missing Olefy container) - y/n
-
 SKIP_OLEFY=n
 
 # Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n
-
 SKIP_SOGO=n
 
 # Skip FTS (Fulltext Search) for Dovecot on low-memory, low-threaded systems or if you simply want to disable it.
 # Dovecot inside mailcow use Flatcurve as FTS Backend.
-
 SKIP_FTS=n
 
 # Dovecot Indexing (FTS) Process maximum heap size in MB, there is no recommendation, please see Dovecot docs.
 # Flatcurve (Xapian backend) is used as the FTS Indexer. It is supposed to be efficient in CPU and RAM consumption.
 # However: Please always monitor your Resource consumption!
-
 FTS_HEAP=128
 
 # Controls how many processes the Dovecot indexing process can spawn at max.
 # Too many indexing processes can use a lot of CPU and Disk I/O.
 # Please visit: https://doc.dovecot.org/configuration_manual/service_configuration/#indexer-worker for more informations
-
 FTS_PROCS=1
 
 # Allow admins to log into SOGo as email user (without any password)
-
 ALLOW_ADMIN_EMAIL_LOGIN=n
 
 # Enable watchdog (watchdog-mailcow) to restart unhealthy containers
-
 USE_WATCHDOG=y
 
 # Send watchdog notifications by mail (sent from watchdog@MAILCOW_HOSTNAME)
@@ -367,7 +342,6 @@ USE_WATCHDOG=y
 # 2. Mails are sent unsigned (no DKIM)
 # 3. If you use DMARC, create a separate DMARC policy ("v=DMARC1; p=none;" in _dmarc.MAILCOW_HOSTNAME)
 # Multiple rcpts allowed, NO quotation marks, NO spaces
-
 #WATCHDOG_NOTIFY_EMAIL=a@example.com,b@example.com,c@example.com
 #WATCHDOG_NOTIFY_EMAIL=
 
@@ -398,25 +372,20 @@ WATCHDOG_EXTERNAL_CHECKS=n
 WATCHDOG_VERBOSE=n
 
 # Max log lines per service to keep in Redis logs
-
 LOG_LINES=9999
 
 # Internal IPv4 /24 subnet, format n.n.n (expands to n.n.n.0/24)
 # Use private IPv4 addresses only, see https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses
-
 IPV4_NETWORK=172.22.1
 
 # Internal IPv6 subnet in fc00::/7
 # Use private IPv6 addresses only, see https://en.wikipedia.org/wiki/Private_network#Private_IPv6_addresses
-
 IPV6_NETWORK=fd4d:6169:6c63:6f77::/64
 
 # Use this IPv4 for outgoing connections (SNAT)
-
 #SNAT_TO_SOURCE=
 
 # Use this IPv6 for outgoing connections (SNAT)
-
 #SNAT6_TO_SOURCE=
 
 # Create or override an API key for the web UI
@@ -545,4 +514,4 @@ else
   echo '  $MAILCOW_UPDATEDAT='$(date +%s)';' >> data/web/inc/app_info.inc.php
   echo '?>' >> data/web/inc/app_info.inc.php
   echo -e "\e[33mCannot determine current git repository version...\e[0m"
-fi
\ No newline at end of file
+fi

From 8978a9ad7903b42533d3bfd2e9a1e9f273026f10 Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Fri, 26 Sep 2025 02:13:22 +0200
Subject: [PATCH 672/755] Remove debug console.log() lines

---
 data/web/js/site/admin.js     |  1 -
 data/web/js/site/dashboard.js | 11 ++---------
 data/web/js/site/edit.js      |  1 -
 data/web/js/site/user.js      |  5 -----
 4 files changed, 2 insertions(+), 16 deletions(-)

diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index f4258ff48..009a27fbb 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -715,7 +715,6 @@ jQuery(function($){
     $('.app_hide').off('change');
     $('.app_hide').on('change', function (e) {
       var value = $(this).is(':checked') ? '1' : '0';
-      console.log(value)
       $(this).parent().children(':first-child').val(value);
     })
   }
diff --git a/data/web/js/site/dashboard.js b/data/web/js/site/dashboard.js
index 182a09a5b..32c04b518 100644
--- a/data/web/js/site/dashboard.js
+++ b/data/web/js/site/dashboard.js
@@ -47,8 +47,6 @@ $(document).ready(function() {
     window.fetch("/api/v1/get/status/host/ip", { method:'GET', cache:'no-cache' }).then(function(response) {
       return response.json();
     }).then(function(data) {
-      console.log(data);
-
       // display host ips
       if (data.ipv4)
         $("#host_ipv4").text(data.ipv4);
@@ -1007,7 +1005,7 @@ jQuery(function($){
               "data-order": cellData.sortBy,
               "data-sort": cellData.sortBy
             });
-          },    
+          },
           render: function (data) {
             return data.value;
           }
@@ -1032,7 +1030,7 @@ jQuery(function($){
               "data-order": cellData.sortBy,
               "data-sort": cellData.sortBy
             });
-          },    
+          },
           render: function (data) {
             return data.value;
           }
@@ -1347,9 +1345,6 @@ function update_stats(timeout=5){
 
   window.fetch("/api/v1/get/status/host", {method:'GET',cache:'no-cache'}).then(function(response) {
     return response.json();
-  }).then(function(data) {
-    console.log(data);
-
     if (data){
       // display table data
       $("#host_date").text(data.system_time);
@@ -1399,8 +1394,6 @@ function update_container_stats(timeout=5){
         var diskIOCtx = Chart.getChart(container + "_DiskIOChart");
         var netIOCtx = Chart.getChart(container + "_NetIOChart");
 
-        console.log(container);
-        console.log(data);
         prev_stats = null;
         if (data.length >= 2){
           prev_stats = data[data.length -2];
diff --git a/data/web/js/site/edit.js b/data/web/js/site/edit.js
index f9fe707c6..308ec8c13 100644
--- a/data/web/js/site/edit.js
+++ b/data/web/js/site/edit.js
@@ -66,7 +66,6 @@ $(document).ready(function() {
   // load tags
   if ($('#tags').length){
     var tagsEl = $('#tags').parent().find('.tag-values')[0];
-    console.log($(tagsEl).val())
     var tags = JSON.parse($(tagsEl).val());
     $(tagsEl).val("");
 
diff --git a/data/web/js/site/user.js b/data/web/js/site/user.js
index 1d227469a..d7625151d 100644
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@@ -169,7 +169,6 @@ jQuery(function($){
         type: "GET",
         url: "/api/v1/get/time_limited_aliases",
         dataSrc: function(data){
-          console.log(data);
           $.each(data, function (i, item) {
             if (acl_data.spam_alias === 1) {
               item.action = '<div class="btn-group">' +
@@ -262,7 +261,6 @@ jQuery(function($){
         type: "GET",
         url: '/api/v1/get/syncjobs/' + encodeURIComponent(mailcow_cc_username) + '/no_log',
         dataSrc: function(data){
-          console.log(data);
           $.each(data, function (i, item) {
             item.user1 = escapeHtml(item.user1);
             item.log = '<a href="#syncjobLogModal" data-bs-toggle="modal" data-syncjob-id="' + item.id + '">' + lang.open_logs + '</a>'
@@ -418,7 +416,6 @@ jQuery(function($){
         type: "GET",
         url: '/api/v1/get/app-passwd/all',
         dataSrc: function(data){
-          console.log(data);
           $.each(data, function (i, item) {
             item.name = escapeHtml(item.name)
             item.protocols = []
@@ -514,7 +511,6 @@ jQuery(function($){
         type: "GET",
         url: '/api/v1/get/policy_wl_mailbox',
         dataSrc: function(data){
-          console.log(data);
           $.each(data, function (i, item) {
             if (validateEmail(item.object)) {
               item.chkbox = '<input type="checkbox" class="form-check-input" data-id="policy_wl_mailbox" name="multi_select" value="' + item.prefid + '" />';
@@ -585,7 +581,6 @@ jQuery(function($){
         type: "GET",
         url: '/api/v1/get/policy_bl_mailbox',
         dataSrc: function(data){
-          console.log(data);
           $.each(data, function (i, item) {
             if (validateEmail(item.object)) {
               item.chkbox = '<input type="checkbox" class="form-check-input" data-id="policy_bl_mailbox" name="multi_select" value="' + item.prefid + '" />';

From 5b1b49a418a711c2be040b191a4b91f7be4e7b54 Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Fri, 26 Sep 2025 02:37:02 +0200
Subject: [PATCH 673/755] Fixed password complexity check for AppPasswords

---
 data/web/inc/functions.app_passwd.inc.php | 48 +++++------------------
 1 file changed, 10 insertions(+), 38 deletions(-)

diff --git a/data/web/inc/functions.app_passwd.inc.php b/data/web/inc/functions.app_passwd.inc.php
index b493fc914..161d4d1cd 100644
--- a/data/web/inc/functions.app_passwd.inc.php
+++ b/data/web/inc/functions.app_passwd.inc.php
@@ -1,7 +1,7 @@
 <?php
 function app_passwd($_action, $_data = null) {
-	global $pdo;
-	global $lang;
+  global $pdo;
+  global $lang;
   $_data_log = $_data;
   !isset($_data_log['app_passwd']) ?: $_data_log['app_passwd'] = '*';
   !isset($_data_log['app_passwd2']) ?: $_data_log['app_passwd2'] = '*';
@@ -43,20 +43,7 @@ function app_passwd($_action, $_data = null) {
         );
         return false;
       }
-      if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'password_complexity'
-        );
-        return false;
-      }
-      if ($password != $password2) {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'password_mismatch'
-        );
+      if (password_check($password, $password2) !== true) {
         return false;
       }
       $password_hashed = hash_password($password);
@@ -88,7 +75,7 @@ function app_passwd($_action, $_data = null) {
         'log' => array(__FUNCTION__, $_action, $_data_log),
         'msg' => 'app_passwd_added'
       );
-    break;
+      break;
     case 'edit':
       $ids = (array)$_data['id'];
       foreach ($ids as $id) {
@@ -126,20 +113,7 @@ function app_passwd($_action, $_data = null) {
         }
         $app_name = htmlspecialchars(trim($app_name));
         if (!empty($password) && !empty($password2)) {
-          if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) {
-            $_SESSION['return'][] = array(
-              'type' => 'danger',
-              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-              'msg' => 'password_complexity'
-            );
-            continue;
-          }
-          if ($password != $password2) {
-            $_SESSION['return'][] = array(
-              'type' => 'danger',
-              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-              'msg' => 'password_mismatch'
-            );
+          if (password_check($password, $password2) !== true) {
             continue;
           }
           $password_hashed = hash_password($password);
@@ -182,7 +156,7 @@ function app_passwd($_action, $_data = null) {
           'msg' => array('object_modified', htmlspecialchars(implode(', ', $ids)))
         );
       }
-    break;
+      break;
     case 'delete':
       $ids = (array)$_data['id'];
       foreach ($ids as $id) {
@@ -213,19 +187,17 @@ function app_passwd($_action, $_data = null) {
           'msg' => array('app_passwd_removed', htmlspecialchars($id))
         );
       }
-    break;
+      break;
     case 'get':
       $app_passwds = array();
       $stmt = $pdo->prepare("SELECT `id`, `name` FROM `app_passwd` WHERE `mailbox` = :username");
       $stmt->execute(array(':username' => $username));
       $app_passwds = $stmt->fetchAll(PDO::FETCH_ASSOC);
       return $app_passwds;
-    break;
+      break;
     case 'details':
       $app_passwd_data = array();
-      $stmt = $pdo->prepare("SELECT *
-          FROM `app_passwd`
-            WHERE `id` = :id");
+      $stmt = $pdo->prepare("SELECT * FROM `app_passwd` WHERE `id` = :id");
       $stmt->execute(array(':id' => $_data));
       $app_passwd_data = $stmt->fetch(PDO::FETCH_ASSOC);
       if (empty($app_passwd_data)) {
@@ -237,6 +209,6 @@ function app_passwd($_action, $_data = null) {
       }
       $app_passwd_data['name'] = htmlspecialchars(trim($app_passwd_data['name']));
       return $app_passwd_data;
-    break;
+      break;
   }
 }

From ce219668cf066309cc7978613975eb3189f23cc2 Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Fri, 26 Sep 2025 03:37:49 +0200
Subject: [PATCH 674/755] Rename AppPasswds fields uniquely like 'add'

---
 data/web/inc/functions.app_passwd.inc.php | 4 ++--
 data/web/templates/edit/app-passwd.twig   | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/data/web/inc/functions.app_passwd.inc.php b/data/web/inc/functions.app_passwd.inc.php
index b493fc914..51b7c33b3 100644
--- a/data/web/inc/functions.app_passwd.inc.php
+++ b/data/web/inc/functions.app_passwd.inc.php
@@ -95,8 +95,8 @@ function app_passwd($_action, $_data = null) {
         $is_now = app_passwd('details', $id);
         if (!empty($is_now)) {
           $app_name = (!empty($_data['app_name'])) ? $_data['app_name'] : $is_now['name'];
-          $password = (!empty($_data['password'])) ? $_data['password'] : null;
-          $password2 = (!empty($_data['password2'])) ? $_data['password2'] : null;
+          $password = (!empty($_data['app_passwd'])) ? $_data['app_passwd'] : null;
+          $password2 = (!empty($_data['app_passwd2'])) ? $_data['app_passwd2'] : null;
           if (isset($_data['protocols'])) {
             $protocols = (array)$_data['protocols'];
             $imap_access = (in_array('imap_access', $protocols)) ? 1 : 0;
diff --git a/data/web/templates/edit/app-passwd.twig b/data/web/templates/edit/app-passwd.twig
index 46dc648db..efab8876b 100644
--- a/data/web/templates/edit/app-passwd.twig
+++ b/data/web/templates/edit/app-passwd.twig
@@ -13,15 +13,15 @@
     </div>
   </div>
   <div class="row mb-2">
-    <label class="control-label col-sm-2" for="password">{{ lang.edit.password }} (<a href="#" class="generate_password">{{ lang.edit.generate }}</a>)</label>
+    <label class="control-label col-sm-2" for="app_passwd">{{ lang.edit.password }} (<a href="#" class="generate_password">{{ lang.edit.generate }}</a>)</label>
     <div class="col-sm-10">
-      <input type="password" data-pwgen-field="true" data-hibp="true" class="form-control" name="password" placeholder="" autocomplete="new-password">
+      <input type="password" data-pwgen-field="true" data-hibp="true" class="form-control" name="app_passwd" placeholder="" autocomplete="new-password">
     </div>
   </div>
   <div class="row mb-4">
-    <label class="control-label col-sm-2" for="password2">{{ lang.edit.password_repeat }}</label>
+    <label class="control-label col-sm-2" for="app_passwd2">{{ lang.edit.password_repeat }}</label>
     <div class="col-sm-10">
-      <input type="password" data-pwgen-field="true" class="form-control" name="password2" autocomplete="new-password">
+      <input type="password" data-pwgen-field="true" class="form-control" name="app_passwd2" autocomplete="new-password">
     </div>
   </div>
   <div class="row mb-2">

From 83ba8d5840b76639623c4bac46dfd48c815c9464 Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Fri, 26 Sep 2025 04:01:17 +0200
Subject: [PATCH 675/755] Optimize opcache settings, enable JIT

---
 data/conf/phpfpm/php-conf.d/opcache-recommended.ini | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/data/conf/phpfpm/php-conf.d/opcache-recommended.ini b/data/conf/phpfpm/php-conf.d/opcache-recommended.ini
index 3c51e11b7..1128d2174 100644
--- a/data/conf/phpfpm/php-conf.d/opcache-recommended.ini
+++ b/data/conf/phpfpm/php-conf.d/opcache-recommended.ini
@@ -1,7 +1,12 @@
+# opcache
 opcache.enable=1
 opcache.enable_cli=1
 opcache.interned_strings_buffer=16
 opcache.max_accelerated_files=10000
 opcache.memory_consumption=128
 opcache.save_comments=1
-opcache.revalidate_freq=1
+opcache.revalidate_freq=120
+opcache.validate_timestamps=0
+# jit
+opcache.jit = 1255
+opcache.jit_buffer_size = 8M

From 5c5287ca21da04d9efa5058b200aa3df6aeb8305 Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Fri, 26 Sep 2025 04:04:45 +0200
Subject: [PATCH 676/755] Fixed wrong footer escaping

---
 data/web/js/build/013-mailcow.js | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/data/web/js/build/013-mailcow.js b/data/web/js/build/013-mailcow.js
index f09098310..53e48d60a 100644
--- a/data/web/js/build/013-mailcow.js
+++ b/data/web/js/build/013-mailcow.js
@@ -22,8 +22,8 @@ $(document).ready(function() {
     $.notify({message: msg},{z_index: 20000, delay: auto_hide, type: type,placement: {from: "bottom",align: "right"},animate: {enter: 'animated fadeInUp',exit: 'animated fadeOutDown'}});
   }
 
-  $(".generate_password").click(async function( event ) {   
-    try { 
+  $(".generate_password").click(async function( event ) {
+    try {
       var password_policy = await window.fetch("/api/v1/get/passwordpolicy", { method:'GET', cache:'no-cache' });
       var password_policy = await password_policy.json();
       random_passwd_length = password_policy.length;
@@ -48,7 +48,7 @@ $(document).ready(function() {
     })
   }
   $(".rot-enc").html(function(){
-    return str_rot13($(this).html())
+    return str_rot13($(this).text())
   });
   // https://stackoverflow.com/questions/4399005/implementing-jquerys-shake-effect-with-animate
   function shake(div,interval,distance,times) {
@@ -125,7 +125,7 @@ $(document).ready(function() {
         }
       });
   })();
-  
+
   // responsive tabs, scroll to opened tab
   $(document).on("shown.bs.collapse shown.bs.tab", function (e) {
 	  var target = $(e.target);
@@ -409,4 +409,4 @@ function copyToClipboard(id) {
   // only works with https connections
   navigator.clipboard.writeText(copyText.value);
   mailcow_alert_box(lang.copy_to_clipboard, "success");
-}
\ No newline at end of file
+}

From 2f8a1812816bcf1629365023c4415c14189b1e39 Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Fri, 26 Sep 2025 04:16:57 +0200
Subject: [PATCH 677/755] Fix comments, added some comments

---
 data/conf/phpfpm/php-conf.d/opcache-recommended.ini | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/data/conf/phpfpm/php-conf.d/opcache-recommended.ini b/data/conf/phpfpm/php-conf.d/opcache-recommended.ini
index 1128d2174..5e8fe4556 100644
--- a/data/conf/phpfpm/php-conf.d/opcache-recommended.ini
+++ b/data/conf/phpfpm/php-conf.d/opcache-recommended.ini
@@ -1,4 +1,6 @@
-# opcache
+; NOTE: Restart phpfpm on ANY manual changes to PHP files!
+
+; opcache
 opcache.enable=1
 opcache.enable_cli=1
 opcache.interned_strings_buffer=16
@@ -7,6 +9,7 @@ opcache.memory_consumption=128
 opcache.save_comments=1
 opcache.revalidate_freq=120
 opcache.validate_timestamps=0
-# jit
-opcache.jit = 1255
-opcache.jit_buffer_size = 8M
+
+; JIT
+opcache.jit=1255
+opcache.jit_buffer_size=8M

From 8abe74a5622a71d5ba2691e0e7c0d1067dea3ccc Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 26 Sep 2025 10:57:32 +0200
Subject: [PATCH 678/755] [Web] Updated lang.si-si.json (#6785)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Matjaž Tekavec <matjaz@moj-svet.si>
---
 data/web/lang/lang.si-si.json | 42 +++++++++++++++++------------------
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/data/web/lang/lang.si-si.json b/data/web/lang/lang.si-si.json
index 0b6626127..e54c3b11f 100644
--- a/data/web/lang/lang.si-si.json
+++ b/data/web/lang/lang.si-si.json
@@ -414,9 +414,9 @@
         "needs_restart": "potreben je ponovni zagon"
     },
     "danger": {
-        "alias_goto_identical": "Alias in goto naslov morata biti identična",
-        "aliasd_targetd_identical": "Alias domena ne sme biti enaka ciljni domeni: %s",
-        "bcc_exists": "BCC preslikava obstaja za vrsto %s",
+        "alias_goto_identical": "Vzdevek in ciljni naslov se ne smeta ujemati.",
+        "aliasd_targetd_identical": "Vzdevek domene ne sme biti enak ciljni domeni: %s",
+        "bcc_exists": "Za tip %s obstaja BCC preslikava %s",
         "dkim_domain_or_sel_exists": "DKIM ključ za \"%s\" obstaja in ne bo prepisan",
         "domain_quota_m_in_use": "Kvota domene mora biti večja ali enaka %s MiB",
         "extra_acl_invalid_domain": "Zunanji pošiljatelj \"%s\" uporablja neveljavno domeno",
@@ -425,42 +425,42 @@
         "invalid_nexthop": "Oblika naslednjega skoka ni veljavna",
         "invalid_nexthop_authenticated": "Naslednji skok obstaja z drugačnimi poverilnicami. Prosim najprej posodobite obstoječe poverilnice za ta naslednji skok.",
         "demo_mode_enabled": "Demo način je omogočen",
-        "access_denied": "Dostop zavrnjen ali pa so podatki obrazca napačni",
-        "alias_domain_invalid": "Alias domena %s ni veljavna",
-        "alias_empty": "Alias naslov ne sme biti prazen",
-        "alias_invalid": "Alias naslov %s ni veljaven",
-        "aliases_in_use": "Max. aliasov mora biti večje ali enako %d",
-        "app_name_empty": "Naziv aplikacije ne more biti prazno",
-        "app_passwd_id_invalid": "ID gesla aplikacije %s je neveljaven",
-        "bcc_empty": "BCC cilj ne more biti prazen",
-        "bcc_must_be_email": "BCC cilj %s ni veljaven e-poštni naslov",
+        "access_denied": "Dostop zavrnjen ali neveljavni podatki obrazca",
+        "alias_domain_invalid": "Vzdevek domene %s ni veljaven",
+        "alias_empty": "Naslov vzdevka ne sme biti prazen",
+        "alias_invalid": "Naslov vzdevka %s ni veljaven",
+        "aliases_in_use": "Največje število vzdevkov mora biti večje ali enako %d",
+        "app_name_empty": "Ime aplikacije ne sme biti prazno",
+        "app_passwd_id_invalid": "ID gesla za aplikacijo %s neveljaven",
+        "bcc_empty": "Polje za prejemnika BCC ne sme biti prazno",
+        "bcc_must_be_email": "Cilj BCC %s ni veljaven e-poštni naslov",
         "comment_too_long": "Komentar je predolg, dovoljeno je največ 160 znakov",
         "defquota_empty": "Privzeta kvota na poštni predal ne more biti 0.",
-        "description_invalid": "Opis resursa za %s ni veljaven",
+        "description_invalid": "Opis vira za %s je neveljaven",
         "dkim_domain_or_sel_invalid": "Domena ali izbirnik DKIM ni veljaven: %s",
         "domain_cannot_match_hostname": "Domena se ne more ujemati z imenom gostitelja",
         "domain_exists": "Domena %s že obstaja",
-        "domain_invalid": "Manjka ali napačno ime domene",
-        "domain_not_empty": "Ne morem odstraniti ne-prazno domeno %s",
+        "domain_invalid": "Ime domene je prazno ali neveljavno",
+        "domain_not_empty": "Neprazne domene %s ni mogoče odstraniti",
         "domain_not_found": "Domene %s ni bilo mogoče najti",
         "extended_sender_acl_denied": "manjka ACL za določitev naslovov zunanjih pošiljateljev",
         "extra_acl_invalid": "Naslov zunanjega pošiljatelja \"%s\" ni veljaven",
         "fido2_verification_failed": "Preverjanje FIDO2 ni uspelo: %s",
-        "file_open_error": "Datoteka ne more biti odprta za urejanje",
+        "file_open_error": "Datoteke ni mogoče odpreti za pisanje",
         "filter_type": "Napačna vrsta filtra",
-        "from_invalid": "Pošiljatelj ne sme biti prazno",
+        "from_invalid": "Polje za pošiljatelja ne sme biti prazno",
         "global_filter_write_error": "Ni mogoče zapisati datoteke filtra: %s",
         "global_map_invalid": "ID globalne preslikave %s ni veljaven",
-        "goto_empty": "Alias naslov mora vsebovati vsaj en veljaven goto naslov",
-        "goto_invalid": "Goto naslov %s ni veljaven",
+        "goto_empty": "Naslov vzdevka mora vsebovati vsaj en veljaven ciljni naslov",
+        "goto_invalid": "Ciljni naslov %s ni veljaven",
         "ham_learn_error": "Napaka pri učenju Ham: %s",
-        "imagick_exception": "Napaka: Imagick napaka pri branju slike",
+        "imagick_exception": "Napaka: Izjema Imagick med branjem slike",
         "img_invalid": "Ni možno preveriti slikovne datoteke",
         "invalid_bcc_map_type": "Neveljavna vrsta preslikave BCC",
         "invalid_destination": "Ciljna oblika \"%s\" ni veljavna",
         "invalid_filter_type": "Neveljavna vrsta filtra",
         "invalid_host": "Naveden je neveljaven gostitelj (host): %s",
-        "invalid_mime_type": "Neveljaven mime type",
+        "invalid_mime_type": "Neveljavna vrsta MIME",
         "max_quota_in_use": "Kvota poštnega predala mora biti večja ali enaka %d MB",
         "password_complexity": "Geslo ne ustreza varnostni politiki",
         "pushover_credentials_missing": "Manjka Pushover token ali ključ",

From 702ed85dfd0747216da1b74fb535e58f8c19ca40 Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Fri, 26 Sep 2025 14:41:19 +0200
Subject: [PATCH 679/755] Fixed footer escaping

---
 data/web/inc/header.inc.php      | 6 +++++-
 data/web/js/build/013-mailcow.js | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/data/web/inc/header.inc.php b/data/web/inc/header.inc.php
index 9ab2ad174..d2ce6f3d0 100644
--- a/data/web/inc/header.inc.php
+++ b/data/web/inc/header.inc.php
@@ -62,7 +62,11 @@ if ($app_links_processed){
   }
 }
 
-
+// Workaround to get text with <br> straight to twig.
+// Using "nl2br" doesn't work with Twig as it would escape everything by default.
+if (isset($UI_TEXTS["ui_footer"])) {
+  $UI_TEXTS["ui_footer"] = nl2br($UI_TEXTS["ui_footer"]);
+}
 
 $globalVariables = [
   'mailcow_hostname' => getenv('MAILCOW_HOSTNAME'),
diff --git a/data/web/js/build/013-mailcow.js b/data/web/js/build/013-mailcow.js
index 53e48d60a..d897f23ea 100644
--- a/data/web/js/build/013-mailcow.js
+++ b/data/web/js/build/013-mailcow.js
@@ -48,7 +48,11 @@ $(document).ready(function() {
     })
   }
   $(".rot-enc").html(function(){
-    return str_rot13($(this).text())
+    footer_html = $(this).html();
+    footer_html = footer_html.replace(/&lt;/g, '<').replace(/&gt;/g, '>')
+                             .replace(/&amp;/g, '&').replace(/&nzc;/g, '&')
+                             .replace(/&quot;/g, '"').replace(/&#x27;/g, "'");
+    return str_rot13(footer_html)
   });
   // https://stackoverflow.com/questions/4399005/implementing-jquerys-shake-effect-with-animate
   function shake(div,interval,distance,times) {

From d06d23bbaf528f5edfb26d32d3d693b8005fc81e Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Fri, 26 Sep 2025 14:58:04 +0200
Subject: [PATCH 680/755] Fix several SQL statements

---
 data/conf/rspamd/dynmaps/aliasexp.php       | 2 +-
 data/conf/rspamd/meta_exporter/pipe.php     | 2 +-
 data/conf/rspamd/meta_exporter/pushover.php | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/data/conf/rspamd/dynmaps/aliasexp.php b/data/conf/rspamd/dynmaps/aliasexp.php
index 824037cf1..814c0d38c 100644
--- a/data/conf/rspamd/dynmaps/aliasexp.php
+++ b/data/conf/rspamd/dynmaps/aliasexp.php
@@ -133,7 +133,7 @@ try {
             error_log("ALIAS EXPANDER: http pipe: goto address " . $goto . " is an alias branch for " . $goto_branch . PHP_EOL);
             $goto_branch_array = explode(',', $goto_branch);
           } else {
-            $stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` = :domain AND `active` AND '1'");
+            $stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` = :domain AND `active` = '1'");
             $stmt->execute(array(':domain' => $parsed_goto['domain']));
             $goto_branch = $stmt->fetch(PDO::FETCH_ASSOC)['target_domain'];
             if ($goto_branch) {
diff --git a/data/conf/rspamd/meta_exporter/pipe.php b/data/conf/rspamd/meta_exporter/pipe.php
index bd5d875bd..003639b08 100644
--- a/data/conf/rspamd/meta_exporter/pipe.php
+++ b/data/conf/rspamd/meta_exporter/pipe.php
@@ -182,7 +182,7 @@ foreach (json_decode($rcpts, true) as $rcpt) {
               error_log("RCPT RESOVLER: http pipe: goto address " . $goto . " is an alias branch for " . $goto_branch . PHP_EOL);
               $goto_branch_array = explode(',', $goto_branch);
             } else {
-              $stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` = :domain AND `active` AND '1'");
+              $stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` = :domain AND `active` = '1'");
               $stmt->execute(array(':domain' => $parsed_goto['domain']));
               $goto_branch = $stmt->fetch(PDO::FETCH_ASSOC)['target_domain'];
               if ($goto_branch) {
diff --git a/data/conf/rspamd/meta_exporter/pushover.php b/data/conf/rspamd/meta_exporter/pushover.php
index af1b21ebc..efe5fdd52 100644
--- a/data/conf/rspamd/meta_exporter/pushover.php
+++ b/data/conf/rspamd/meta_exporter/pushover.php
@@ -167,7 +167,7 @@ foreach (json_decode($rcpts, true) as $rcpt) {
               error_log("RCPT RESOVLER: http pipe: goto address " . $goto . " is an alias branch for " . $goto_branch . PHP_EOL);
               $goto_branch_array = explode(',', $goto_branch);
             } else {
-              $stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` = :domain AND `active` AND '1'");
+              $stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` = :domain AND `active` = '1'");
               $stmt->execute(array(':domain' => $parsed_goto['domain']));
               $goto_branch = $stmt->fetch(PDO::FETCH_ASSOC)['target_domain'];
               if ($goto_branch) {

From 85ca197615a490b7ad1bb2a418ad3fec2a734ef4 Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Fri, 26 Sep 2025 16:50:58 +0200
Subject: [PATCH 681/755] Hide relayhosts when ACL does not allow

---
 data/web/templates/edit/domain.twig  | 4 +++-
 data/web/templates/edit/mailbox.twig | 2 ++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/data/web/templates/edit/domain.twig b/data/web/templates/edit/domain.twig
index 774b30996..8bd7ab253 100644
--- a/data/web/templates/edit/domain.twig
+++ b/data/web/templates/edit/domain.twig
@@ -58,6 +58,7 @@
                       </div>
                     </div>
                   </div>
+                  {% if acl.domain_relayhost == '1' %}
                   <div class="row mb-2">
                     <label class="control-label col-sm-2" for="relayhost">{{ lang.edit.relayhost }}</label>
                     <div class="col-sm-10">
@@ -76,6 +77,7 @@
                       </select>
                     </div>
                   </div>
+                  {% endif %}
                   {% if mailcow_cc_role == 'admin' %}
                   <div class="row mb-2">
                     <label class="control-label col-sm-2" for="aliases">{{ lang.edit.max_aliases }}</label>
@@ -293,7 +295,7 @@
                   <input type="hidden" value="0" name="active">
                   <input type="hidden" value="{{ domain }}" name="domain">
                   <div class="row mb-2">
-                    <label class="control-label col-sm-2" for="version"> 
+                    <label class="control-label col-sm-2" for="version">
                       <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill m-2 ms-0" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.edit.mta_sts_version_info|raw }}"></i>
                       {{ lang.edit.mta_sts_version }}
                     </label>
diff --git a/data/web/templates/edit/mailbox.twig b/data/web/templates/edit/mailbox.twig
index 12c1f3b93..bb8971a07 100644
--- a/data/web/templates/edit/mailbox.twig
+++ b/data/web/templates/edit/mailbox.twig
@@ -114,6 +114,7 @@
                       <small class="text-muted d-block">{{ lang.edit.sender_acl_info|raw }}</small>
                     </div>
                   </div>
+                  {% if acl.mailbox_relayhost == '1' %}
                   <div class="row mb-2">
                     <label class="control-label col-sm-2" for="relayhost">{{ lang.edit.relayhost }}</label>
                     <div class="col-sm-10">
@@ -134,6 +135,7 @@
                       <small class="text-muted d-block mb-4">{{ lang.edit.mailbox_relayhost_info }}</small>
                     </div>
                   </div>
+                  {% endif %}
                   <div class="row mb-2">
                     <label class="control-label col-sm-2">{{ lang.user.tag_handling }}</label>
                     <div class="col-sm-10">

From ff43799763fd563a38585a693dda62702b97d78b Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Fri, 26 Sep 2025 17:02:22 +0200
Subject: [PATCH 682/755] Show "Never" by default if no last-modified date

---
 data/web/templates/edit/domain.twig  | 4 ++--
 data/web/templates/edit/mailbox.twig | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/data/web/templates/edit/domain.twig b/data/web/templates/edit/domain.twig
index 774b30996..dbc62a774 100644
--- a/data/web/templates/edit/domain.twig
+++ b/data/web/templates/edit/domain.twig
@@ -147,7 +147,7 @@
                   <div class="row">
                     <div class="offset-sm-2 col-sm-10">
                       <small class="fst-italic d-block">{{ lang.edit.created_on }}: {{ result.created }}</small>
-                      <small class="fst-italic d-block">{{ lang.edit.last_modified }}: {{ result.modified }}</small>
+                      <small class="fst-italic d-block">{{ lang.edit.last_modified }}: {{ result.modified|default(lang.user.never) }}</small>
                     </div>
                   </div>
                 </form>
@@ -293,7 +293,7 @@
                   <input type="hidden" value="0" name="active">
                   <input type="hidden" value="{{ domain }}" name="domain">
                   <div class="row mb-2">
-                    <label class="control-label col-sm-2" for="version"> 
+                    <label class="control-label col-sm-2" for="version">
                       <i style="font-size: 16px; cursor: pointer;" class="bi bi-patch-question-fill m-2 ms-0" data-bs-toggle="tooltip" data-bs-html="true" data-bs-placement="bottom" title="{{ lang.edit.mta_sts_version_info|raw }}"></i>
                       {{ lang.edit.mta_sts_version }}
                     </label>
diff --git a/data/web/templates/edit/mailbox.twig b/data/web/templates/edit/mailbox.twig
index 12c1f3b93..1ca846512 100644
--- a/data/web/templates/edit/mailbox.twig
+++ b/data/web/templates/edit/mailbox.twig
@@ -325,7 +325,7 @@
                   <div class="row">
                     <div class="offset-sm-2 col-sm-10">
                       <small class="fst-italic d-block">{{ lang.edit.created_on }}: {{ result.created }}</small>
-                      <small class="fst-italic d-block">{{ lang.edit.last_modified }}: {{ result.modified }}</small>
+                      <small class="fst-italic d-block">{{ lang.edit.last_modified }}: {{ result.modified|default(lang.user.never) }}</small>
                     </div>
                   </div>
                 </form>

From 20f04ecf6b764f43fc0a2116fdad6f9630f9ed1f Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Fri, 26 Sep 2025 17:13:24 +0200
Subject: [PATCH 683/755] Make domain description field readonly when no ACL

---
 data/web/templates/edit/domain.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/templates/edit/domain.twig b/data/web/templates/edit/domain.twig
index 774b30996..0f90080bb 100644
--- a/data/web/templates/edit/domain.twig
+++ b/data/web/templates/edit/domain.twig
@@ -39,7 +39,7 @@
                   <div class="row mb-2" data-acl="{{ acl.domain_desc }}">
                     <label class="control-label col-sm-2" for="description">{{ lang.edit.description }}</label>
                     <div class="col-sm-10">
-                      <input type="text" class="form-control" name="description" value="{{ result.description }}">
+                      <input type="text" class="form-control" name="description" value="{{ result.description }}"{% if acl.domain_desc == '0' %} readonly{% endif %}>
                     </div>
                   </div>
                   <div class="row mb-4">

From 46f05819368d88938aa121b8a813f2eed09632f3 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 26 Sep 2025 19:14:07 +0200
Subject: [PATCH 684/755] [Web] Updated lang.si-si.json (#6790)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Matjaž Tekavec <matjaz@moj-svet.si>
---
 data/web/lang/lang.si-si.json | 48 +++++++++++++++++------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/data/web/lang/lang.si-si.json b/data/web/lang/lang.si-si.json
index e54c3b11f..ecc2d5f24 100644
--- a/data/web/lang/lang.si-si.json
+++ b/data/web/lang/lang.si-si.json
@@ -463,33 +463,33 @@
         "invalid_mime_type": "Neveljavna vrsta MIME",
         "max_quota_in_use": "Kvota poštnega predala mora biti večja ali enaka %d MB",
         "password_complexity": "Geslo ne ustreza varnostni politiki",
-        "pushover_credentials_missing": "Manjka Pushover token ali ključ",
+        "pushover_credentials_missing": "Manjka žeton in/ali ključ Pushover",
         "release_send_failed": "Sporočila ni bilo mogoče sprostiti: %s",
-        "tls_policy_map_dest_invalid": "Cilj politike ni veljaven",
+        "tls_policy_map_dest_invalid": "Cilj pravilnika je neveljaven",
         "webauthn_authenticator_failed": "Izbrani avtentikator ni bil najden",
         "reset_f2b_regex": "Regex filter ni bilo možno ponastaviti v ustreznem času. Prosim poskusite ponovno ali počakajte nekaj sekund in ponovno naložite stran.",
         "target_domain_invalid": "Ciljna domena %s ni veljavna",
-        "validity_missing": "Prosim nastavite obdobje veljavnosti",
+        "validity_missing": "Prosim določite obdobje veljavnosti",
         "invalid_recipient_map_old": "Naveden neveljaven izvirni prejemnik: %s",
-        "ip_list_empty": "Seznam dovoljenih IPjev ne sme biti prazen",
-        "is_alias": "%s je že znan kot alias naslov",
-        "is_alias_or_mailbox": "%s je že znan kot alias, poštni naslov, ali alias izveden iz alias domene.",
-        "is_spam_alias": "%s že obstaja kot začasen alias (spam alias naslov)",
+        "ip_list_empty": "Seznam dovoljenih IP-jev ne sme biti prazen",
+        "is_alias": "%s je že znan kot naslov vzdevka",
+        "is_alias_or_mailbox": "%s je že znan kot vzdevek, poštni predal ali naslov vzdevka, razširjen iz vzdevka domene.",
+        "is_spam_alias": "%s je že znan kot začasni vzdevek (neželeni vzdevek)",
         "last_key": "Zadnji ključ ne more biti izbrisan, prosim raje deaktivirajte dvofaktorsko avtentikacijo (TFA).",
         "login_failed": "Prijava ni uspela",
         "mailbox_defquota_exceeds_mailbox_maxquota": "Privzeta kvota presega najvišjo omejitev",
         "mailbox_invalid": "Ime poštnega predala ni veljavno",
-        "mailbox_quota_exceeded": "Kvota presega omejitev domene (maksimalno %d MB)",
+        "mailbox_quota_exceeded": "Kvota presega omejitev domene (največ %d MB)",
         "mailbox_quota_exceeds_domain_quota": "Najvišja kvota presega omejitev domene",
         "mailbox_quota_left_exceeded": "Ni dovolj prostora (preostali prostor: %d MB)",
         "mailboxes_in_use": "Največje število poštnih predalov mora biti večje ali enako %d",
         "malformed_username": "Nepravilno oblikovano uporabniško ime",
         "map_content_empty": "Preslikava vsebine ne more biti prazna",
-        "max_alias_exceeded": "Preseženo največje število aliasov",
+        "max_alias_exceeded": "Preseženo največje število vzdevkov",
         "max_mailbox_exceeded": "Preseženo največje število poštnih predalov (%d od %d)",
         "maxquota_empty": "Največja kvota na poštni predal ne more biti 0.",
         "mysql_error": "Napaka MySQL: %s",
-        "network_host_invalid": "Nepravilno omrežje ali gostitel: %s",
+        "network_host_invalid": "Nepravilno omrežje ali gostitelj: %s",
         "next_hop_interferes": "% moti naslednji skok %s",
         "next_hop_interferes_any": "Obstoječi naslednji skok moti %s",
         "nginx_reload_failed": "Ponovni zagon Nginx ni uspel: %s",
@@ -502,30 +502,30 @@
         "policy_list_from_invalid": "Zapis ima nepravilno obliko",
         "private_key_error": "Napaka zasebnega ključa: %s",
         "pushover_key": "Pushover ključ ni v pravilni obliki",
-        "pushover_token": "Pushover token ni v pravilni obliki",
-        "quota_not_0_not_numeric": "Quota mora biti število in večje ali enako 0",
+        "pushover_token": "Pushover žeton ni v pravilni obliki",
+        "quota_not_0_not_numeric": "Kvota mora biti numerična in >= 0",
         "recipient_map_entry_exists": "Preslikava prejemnika \"%s\" že obstaja",
         "redis_error": "Napaka Redis: %s",
         "relayhost_invalid": "Vnos preslikave %s ni pravilen",
-        "resource_invalid": "Ime vira je neveljavno",
-        "rl_timeframe": "Časovni okvir za rate limit je nepravilen",
+        "resource_invalid": "Ime vira %s je neveljavno",
+        "rl_timeframe": "Časovni okvir omejitve je nepravilen",
         "rspamd_ui_pw_length": "Rspamd UI geslo mora biti dolgo vsaj 6 znakov",
-        "script_empty": "Script ne more biti prazen",
+        "script_empty": "Skripta ne sme biti prazna",
         "sender_acl_invalid": "Vrednost ACL pošiljatelja %s ni veljavna",
         "set_acl_failed": "Ni uspelo nastaviti ACL",
         "settings_map_invalid": "ID preslikave nastavitev %s ni veljaven",
-        "sieve_error": "Napaka Sieve parserja: %s",
-        "spam_learn_error": "Napaka pri učenju spama: %s",
-        "subject_empty": "Predmet ne sme biti prazno",
+        "sieve_error": "Napaka Sieve razčlenjevalnika: %s",
+        "spam_learn_error": "Napaka pri učenju neželene pošte: %s",
+        "subject_empty": "Zadeva ne sme biti prazna",
         "targetd_not_found": "Ciljna domena %s ni bila najdena",
-        "targetd_relay_domain": "Ciljna domena %s je relay domena",
+        "targetd_relay_domain": "Ciljna domena %s je posredovalna domena",
         "template_exists": "Predloga %s že obstaja",
         "template_id_invalid": "ID predloge %s ni veljaven",
         "template_name_invalid": "Ime predloge ni veljavno",
         "text_empty": "Besedilo ne sme biti prazno",
-        "tfa_token_invalid": "Neveljaven token TFA",
-        "tls_policy_map_entry_exists": "Vpis preslikave TLS \"%s\" že obstaja",
-        "tls_policy_map_parameter_invalid": "Parameter politike ni pravilen",
+        "tfa_token_invalid": "Neveljaven TFA žeton",
+        "tls_policy_map_entry_exists": "Vnos pravilnika preslikave TLS \"%s\" obstaja",
+        "tls_policy_map_parameter_invalid": "Parameter pravilnika je neveljaven",
         "totp_verification_failed": "Neuspešno preverjanje TOTP",
         "transport_dest_exists": "Cilj transporta \"%s\" že obstaja",
         "webauthn_verification_failed": "Preverjanje WebAuthn ni uspelo: %s",
@@ -573,7 +573,7 @@
         "external_logs": "Zunanji dnevniki",
         "last_modified": "Nazadnje spremenjeno",
         "history_all_servers": "Zgodovina (vsi strežniki)",
-        "in_memory_logs": "In-memory dnevniki",
+        "in_memory_logs": "Dnevniki v pomnilniku",
         "service": "Servis",
         "show_ip": "Prikaži javni IP",
         "size": "Velikost",
@@ -600,7 +600,7 @@
         "infoFiltered": "(filtrirano od _MAX_ skupaj zapisov)",
         "collapse_all": "Strni vse",
         "decimal": ",",
-        "emptyTable": "Ni podatkov",
+        "emptyTable": "V tabeli ni na voljo podatkov",
         "expand_all": "Razširi vse",
         "info": "Prikazano _START_ do _END_ od _TOTAL_ zapisov",
         "infoEmpty": "Prikazano 0 do 0 od 0 zapisov",

From 4e0f435d12c8a2990bbe5494ae6b2dca7a6fe485 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sun, 28 Sep 2025 15:12:14 +0200
Subject: [PATCH 685/755] [Web] Updated lang.si-si.json (#6793)

---
 data/web/lang/lang.si-si.json | 84 +++++++++++++++++------------------
 1 file changed, 42 insertions(+), 42 deletions(-)

diff --git a/data/web/lang/lang.si-si.json b/data/web/lang/lang.si-si.json
index ecc2d5f24..b523ac8bd 100644
--- a/data/web/lang/lang.si-si.json
+++ b/data/web/lang/lang.si-si.json
@@ -574,22 +574,22 @@
         "last_modified": "Nazadnje spremenjeno",
         "history_all_servers": "Zgodovina (vsi strežniki)",
         "in_memory_logs": "Dnevniki v pomnilniku",
-        "service": "Servis",
+        "service": "Storitev",
         "show_ip": "Prikaži javni IP",
         "size": "Velikost",
         "started_at": "Zagnano ob",
         "started_on": "Zagnano na",
         "static_logs": "Statični dnevniki",
         "success": "Uspešno",
-        "system_containers": "Sistem in Containerji",
+        "system_containers": "Sistem in zabojniki",
         "timezone": "Časovni pas",
         "uptime": "Čas delovanja",
         "update_available": "Posodobitev je na voljo",
         "no_update_available": "Sistem je na najnovejši verziji",
         "update_failed": "Ni mogoče preveriti za posodobitve",
         "username": "Uporabniško ime",
-        "wip": "Trenutno v delu",
-        "log_info": "<p>mailcow <b>in-memory dnevniki</b> se zbirajo v Redis seznamih in se vsako minuto omejijo na LOG_LINES (%d) da se zmanjša obremenitev.\n  <br>In-memory dnevniki niso namenjeni trajnemu shranjevanju. Vse aplikacije, ki beležijo dnevnike in-memory, tudi beležijo v Docker daemon in posledično v privzeti gonilnik za dnevnik.\n  <br>In-memory dnevniki se naj uporabljajo za odpravljanje manjših napak s containerji.</p>\n  <p><b>Eksterni dnevniki</b> se zbirajo preko API-ja posamezne aplikacije.</p>\n  <p><b>Statični dnevniki</b> so večinoma dnevniki aktivnosti, ki se ne beležijo v Dockerd, a jih je vseeno treba hraniti (razen API dnevnikov).</p>",
+        "wip": "Trenutno delo v teku",
+        "log_info": "<p>Dnevniki v pomnilniku mailcow se zbirajo na seznamih Redis in vsako minuto skrajšajo na LOG_LINES (%d), da se zmanjša preobremenitev.\n  <br>Dnevniki v pomnilniku niso namenjeni trajnemu beleženju. Vse aplikacije, ki se beležijo v pomnilnik, se beležijo tudi v Dockerjev demon in s tem v privzeti gonilnik beleženja.</p>\n  </p>Vrsta dnevnika v pomnilniku se mora uporabljati za odpravljanje manjših težav s kontejnerji.</p>\n  <p><b>Zunanji dnevniki</b> se zbirajo prek API-ja dane aplikacije.</p>\n  <p><b>Statični dnevniki</b> so večinoma dnevniki dejavnosti, ki se ne beležijo v Dockerd, vendar morajo biti še vedno trajni (razen dnevnikov API-ja).</p>",
         "login_time": "Čas",
         "logs": "Dnevniki",
         "memory": "Spomin",
@@ -622,9 +622,9 @@
         }
     },
     "diagnostics": {
-        "cname_from_a": "Vrednost pridobljena iz A/AAAA zapisa. To je podprto, če zapis kaže na pravilen resurs.",
+        "cname_from_a": "Vrednost, izpeljana iz zapisa A/AAAA. To je podprto, če zapis kaže na pravilen vir.",
         "dns_records": "DNS zapisi",
-        "dns_records_24hours": "Prosim upoštevajte, da lahko traja do 24 ur da se spremembe v DNS pravilno prikažejo na tej strani. Namen je da lahko enostavno vidite, kako konfigurirati svoje DNS zapise in preverite ali so vaši zapisi pravilno shranjeni v DNS.",
+        "dns_records_24hours": "Upoštevajte, da se lahko spremembe DNS-a pravilno odražajo na tej strani v 24 urah. Namenjena je temu, da si preprosto ogledate, kako konfigurirati zapise DNS, in preverite, ali so vsi vaši zapisi pravilno shranjeni v DNS-u.",
         "dns_records_data": "Pravilni podatki",
         "dns_records_docs": "Prosim preverite tudi <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">dokumentacijo</a>.",
         "dns_records_name": "Ime",
@@ -635,60 +635,60 @@
     "edit": {
         "acl": "ACL (Dovoljenje)",
         "active": "Aktivno",
-        "allow_from_smtp": "Dovoli samo tem IP naslovom da uporabijo <b>SMTP</b>",
-        "bcc_dest_format": "Cilj BCC mora biti en veljaven email naslov.<br>Če morate poslati kopijo na več naslovov, ustvarite alias in ga uporabite tukaj.",
-        "automap": "Poskušaj samodejno preslikati mape (\"Sent items\", \"Sent\" => \"Poslano\" ipd.)",
+        "allow_from_smtp": "Dovoli samo tem IP naslovom uporabo <b>SMTP</b>",
+        "bcc_dest_format": "Ciljna stran za polje SKP (BCC) mora biti en veljaven e-poštni naslov.<br>Če morate kopijo poslati na več naslovov, ustvarite vzdevek in ga uporabite tukaj.",
+        "automap": "Poskusite samodejno preslikati mape (\"Poslani predmeti\", \"Poslano\" => \"Poslano\" itd.)",
         "admin": "Uredi skrbnika",
         "domain_footer_info_vars": {
-            "custom": "{= foo =}         - Če ima poštni predal atribut po meri \"foo\" z vrednostjo \"bar\", spremenljivka vrne \"bar\"",
-            "auth_user": "{= auth_user =}   - Prijavljeno uporabniško ime, ki ga določi MTA",
-            "from_user": "{= from_user =}   - leva stran email naslova uporabnika, npr. za \"moo@mailcow.tld\" vrne \"moo\"",
-            "from_name": "{= from_name =}   - Prikazno ime, npr. za \"Mailcow &lt;moo@mailcow.tld&gt;\" vrne \"Mailcow\"",
-            "from_addr": "{= from_addr =}   - e-poštni naslov \"Od\"",
-            "from_domain": "{= from_domain =} - domena e-poštnega naslova \"Od\""
+            "custom": "{= foo =}         - Če ima poštni predal atribut po meri \"foo\" z vrednostjo \"bar\", vrne \"bar\"",
+            "auth_user": "{= auth_user =}    - Preverjeno uporabniško ime, ki ga določi MTA",
+            "from_user": "{= from_user =}    - Iz uporabniškega dela ovojnice, npr. za \"moo@mailcow.tld\" vrne \"moo\"",
+            "from_name": "{= from_name =}    - Iz imena ovojnice, npr. za \"Mailcow &lt;moo@mailcow.tld&gt;\" vrne \"Mailcow\"",
+            "from_addr": "{= from_addr =}    - Del ovojnice z naslovom od",
+            "from_domain": "{= from_domain =} - Iz domenskega dela ovojnice"
         },
-        "dont_check_sender_acl": "Onemogoči kontrolo pošiljatelja za domeno %s (+ alias domene)",
+        "dont_check_sender_acl": "Onemogoči preverjanje pošiljatelja za domeno %s (+ vzdevki domen)",
         "pushover_title": "Naslov obvestila",
         "domains": "Domene",
-        "extended_sender_acl_info": "Če je DKIM domenski ključ na voljo, ga uvozite.<br>\n  Ne pozabite dodati ta strežnik k ustreznemu SPF TXT zapisu.<br>\n  Kadar koli je domena ali alias domena dodana k tem strežniku, ki se prekriva z zunanjim naslovom, je zunanji naslov odstranjen.<br>\n  uporabite @domain.tld da dovolite pošiljanje kot *@domain.tld.",
-        "lookup_mx": "Cilj je regular expression za ujemanje MX zapisov (<code>.*\\.google\\.com</code> za usmeritev vse pošte na MX, ki se konča z google.com, preko tega skoka)",
-        "maxbytespersecond": "Največ bytov na sekundo <br><small>(0 = neomejeno)</small>",
+        "extended_sender_acl_info": "Uvoziti je treba ključ domene DKIM, če je na voljo.<br>\n  Ne pozabite dodati tega strežnika v ustrezni zapis SPF TXT.<br>\n  Kadar koli je temu strežniku dodana domena ali vzdevek domene, ki se prekriva z zunanjim naslovom, se zunanji naslov odstrani.<br>\n  Uporabite @domain.tld, da omogočite pošiljanje kot *@domain.tld.",
+        "lookup_mx": "Cilj je regularni izraz, ki se ujema z imenom MX (<code>.*\\.google\\.com</code> za usmerjanje vse pošte, usmerjene na MX, ki se konča na google.com, prek tega skoka).",
+        "maxbytespersecond": "Največ bajtov na sekundo <br><small>(0 = neomejeno)</small>",
         "pushover_sender_array": "Upoštevaj samo sledeče e-poštne naslove pošiljateljev <small>(ločeni z vejico)</small>",
-        "mbox_rl_info": "Ta omejitev velja za SASL uporabniško ime, preverja se ujemanje s katerim koli \"from\" naslovom, ki ga uporablja prijavljeni uporabnik. Omejitev pošiljanja za poštni predal preglasi pravilo omejitve za domeno.",
+        "mbox_rl_info": "Ta omejitev se uporabi za prijavno ime SASL in se ujema z naslovom \"od\", ki ga uporablja prijavljeni uporabnik. Omejitev poštnega nabiralnika preglasi omejitev za celotno domeno.",
         "kind": "Tip",
         "client_secret": "Skrivnost odjemalca",
         "comment_info": "Zasebni komentar ni viden uporabniku, javni komentar pa se prikaže kot opis orodja, ko nanj v pregledu uporabnika zadržite miško",
         "created_on": "Ustvarjeno",
         "custom_attributes": "Atributi po meri",
-        "delete1": "Izbriši na viru, ko je končano",
-        "delete2": "Izbriši sporočila na cilju, ki ne obstajajo na viru",
+        "delete1": "Izbriši iz vira, ko je končano",
+        "delete2": "Izbriši sporočila na cilju, ki niso na izvoru",
         "delete2duplicates": "Izbriši dvojnike na cilju",
         "delete_ays": "Prosim potrdite proces izbrisa.",
         "description": "Opis",
         "disable_login": "Onemogoči prijavo (dohodna pošta je še vedno sprejeta)",
         "domain": "Uredi domeno",
-        "domain_admin": "Uredi domenskega skrbnika",
+        "domain_admin": "Uredi skrbnika domene",
         "domain_footer": "Noga za celo domeno",
         "domain_footer_html": "HTML noga",
-        "pushover_vars": "Če ni definiran noben filter pošiljatelja, bodo upoštevana vsa sporočila.<br>Regex filtre in natančna preverjanja pošiljateljev je mogoče definirati posamezno in bodo obravnavani v nadaljevanju. Niso odvisni drug od drugega.<br>Uporabne spremenljivke za besedilo in naslov (prosimo, upoštevajte politike varstva podatkov)",
+        "pushover_vars": "Če filter pošiljatelja ni definiran, bodo upoštevana vsa e-poštna sporočila.<br>Filtre regularnih izrazov in natančna preverjanja pošiljateljev je mogoče definirati posamično in bodo obravnavana zaporedno. Niso odvisna drug od drugega.<br>Uporabne spremenljivke za besedilo in naslov (upoštevajte pravilnike o varstvu podatkov)",
         "pushover_verify": "Preveri poverilnice",
         "quota_mb": "Omejitev (MiB)",
-        "quota_warning_bcc": "BCC za sporočilo z opozorilom omejitve",
+        "quota_warning_bcc": "Opozorilo o kvoti BCC",
         "quota_warning_bcc_info": "Opozorila bodo poslana kot ločene kopije naslednjim prejemnikom. Zadevi bo v oklepaju dodano ustrezno uporabniško ime, na primer: <code>Opozorilo o kvoti (uporabnik@example.com)</code>.",
         "ratelimit": "Omejitev pošiljanja",
         "advanced_settings": "Napredne nastavitve",
-        "allow_from_smtp_info": "Pustite prazno da dovolite vse pošiljatelje.<br>IPv4/IPv6 naslovi in omrežja.",
+        "allow_from_smtp_info": "Pustite prazno, da dovolite vse pošiljatelje.<br>Naslovi in omrežja IPv4/IPv6.",
         "allowed_protocols": "Dovoljeni protokoli za neposreden dostop uporabnikov (ne vpliva na protokole za gesla aplikacij)",
         "app_name": "Ime aplikacije",
         "app_passwd": "Geslo aplikacije",
         "app_passwd_protocols": "Dovoljeni protokoli za geslo aplikacije",
-        "backup_mx_options": "Možnosti posredovanja (relay)",
-        "client_id": "Client ID",
-        "domain_footer_info": "Noge za celo domeno so dodane k vsem izhodnim e-poštnim sporočilom v tej domeni.<br> V nogi se lahko uporabijo sledeče spremenljivke:",
-        "domain_footer_plain": "PLAIN noga",
-        "domain_footer_skip_replies": "Ne dodajaj noge v odgovorih na e-poštna sporočila",
-        "domain_quota": "Omejitev (kvota) domene",
-        "edit_alias_domain": "Uredi alias domeno",
+        "backup_mx_options": "Možnosti posredovanja",
+        "client_id": "ID odjemalca",
+        "domain_footer_info": "Noge za celotno domeno so dodane vsem odhodnim e-poštnim sporočilom, povezanim z naslovom znotraj te domene. <br> Za nogo se lahko uporabijo naslednje spremenljivke:",
+        "domain_footer_plain": "NAVADNA noga",
+        "domain_footer_skip_replies": "Prezri nogo v odgovorih na e-poštna sporočila",
+        "domain_quota": "Kvota domene",
+        "edit_alias_domain": "Uredi vzdevek domene",
         "exclude": "Izključi objekte (regex)",
         "extended_sender_acl": "Naslovi zunanjih pošiljateljev",
         "force_pw_update": "Obvezna zamenjava gesla ob naslednji prijavi",
@@ -697,18 +697,18 @@
         "full_name": "Polno ime",
         "gal": "Globalni seznam naslovov (GAL)",
         "gal_info": "GAL vsebuje vse objekte v domeni in jih uporabniki ne morejo urejati. Če je onemogočeno, ni podatkov o o zasedenosti objekta! <b>Ponovno zaženite SOGo za uveljavitev sprememb.</b>",
-        "generate": "generiraj",
+        "generate": "ustvari",
         "grant_types": "Vrste dovoljenj",
         "hostname": "Ime gostitelja",
         "inactive": "Neaktivno",
         "last_modified": "Nazadnje spremenjeno",
         "mailbox": "Uredi poštni predal",
-        "mailbox_quota_def": "Privzeta omejitev/kvota za poštni predal",
-        "mailbox_relayhost_info": "Velja samo za poštni predal in neposredne aliase. Ne prepiše domenskega relay gostitelja.",
-        "max_aliases": "Največ aliasov",
-        "max_mailboxes": "Največ možnih poštnih predalov",
-        "max_quota": "Največja omejitev/kvota na poštni predal (MiB)",
-        "maxage": "Največja starost sporočil (v dnevih), po katerih bo poizvedeno iz oddaljenega vira <br><small>(0 = ne omejuj)</small>",
+        "mailbox_quota_def": "Privzeta kvota nabiralnika",
+        "mailbox_relayhost_info": "Uporablja se samo za poštni nabiralnik in neposredne vzdevke, preglasi gostitelja posredovalne domene.",
+        "max_aliases": "Največje število vzdevkov",
+        "max_mailboxes": "Največje možno število poštnih predalov",
+        "max_quota": "Največja kvota na poštni predal (MiB)",
+        "maxage": "Najvišja starost sporočil v dnevih, ki bodo prebrana z oddaljenega strežnika<br><small>(0 = prezri starost)</small>",
         "mins_interval": "Interval (min)",
         "multiple_bookings": "Več rezervacij",
         "none_inherit": "Brez / podeduj",
@@ -726,7 +726,7 @@
         "pushover_text": "Besedilo obvestila",
         "pushover_sound": "Zvok",
         "encryption": "Šifriranje",
-        "alias": "Uredi alias",
+        "alias": "Uredi vzdevek",
         "relayhost": "Prenosi, odvisni od pošiljatelja",
         "mailbox_rename_alias": "Samodejno ustvari vzdevek",
         "sender_acl_info": "Če lahko uporabnik poštnega predala A pošilja kot uporabnik poštnega predala B, se naslov pošiljatelja v SOGo ne prikaže samodejno kot izbirno polje \"od\".<br>\n  Uporabnik poštnega predala B mora v SOGo ustvariti pooblastilo, da lahko uporabnik poštnega predala A izbere svoj naslov kot pošiljatelja. Če želite pooblastiti poštni predal v SOGo, uporabite meni (tri pike) desno od imena vašega poštnega predala v zgornjem levem kotu v pogledu pošte. To vedenje ne velja za vzdevke.",
@@ -775,7 +775,7 @@
         "mta_sts_mode": "Način",
         "mta_sts_mode_info": "Na voljo so trije načini:<ul><li><em>testiranje</em> – pravilnik se samo spremlja, kršitve nimajo vpliva.</li><li><em>uveljavljanje</em> – pravilnik se strogo uveljavlja, povezave brez veljavnega TLS so zavrnjene.</li><li><em>brez</em> – pravilnik je objavljen, vendar se ne uporablja.</li></ul>",
         "mta_sts_max_age": "Najvišja starost",
-        "mta_sts_max_age_info": "Čas v sekundah, ki ga lahko prejemni poštni strežniki shranijo v predpomnilnik, dokler se ne ponovno naloži.",
+        "mta_sts_max_age_info": "Čas v sekundah, ki ga lahko prejemni poštni strežniki shranijo v predpomnilnik, dokler se ne naloži ponovno.",
         "mta_sts_mx": "MX strežnik",
         "mta_sts_mx_info": "Omogoča pošiljanje samo na izrecno navedena imena gostiteljskih strežnikov poštnih strežnikov; pošiljajoči MTA preveri, ali se ime gostitelja DNS MX ujema s seznamom pravilnikov, in dovoljuje dostavo le z veljavnim potrdilom TLS (zaščita pred MITM).",
         "mta_sts_mx_notice": "Določiti je mogoče več strežnikov MX (ločenih z vejicami).",

From c51a769aecd3e7dff38662d97c72572bf1a5fd74 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Mon, 29 Sep 2025 18:10:39 +0200
Subject: [PATCH 686/755] [Web] Updated lang.si-si.json (#6794)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Matjaž Tekavec <matjaz@moj-svet.si>
---
 data/web/lang/lang.si-si.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/lang/lang.si-si.json b/data/web/lang/lang.si-si.json
index b523ac8bd..4b1c78fae 100644
--- a/data/web/lang/lang.si-si.json
+++ b/data/web/lang/lang.si-si.json
@@ -749,7 +749,7 @@
         "sogo_access": "Neposredno posredovanje na SOGo",
         "sogo_access_info": "Po prijavi je uporabnik samodejno preusmerjen na SOGo.",
         "sogo_visible": "Vzdevek je viden v SOGo",
-        "sogo_visible_info": "Ta možnost vpliva samo na objekte, ki jih je mogoče prikazati v SOGo (naslovi aliasov v skupni rabi ali brez nje, ki kažejo na vsaj en lokalni poštni predal). Če je skrita, vzdevek ne bo prikazan kot izbirni pošiljatelj v SOGo.",
+        "sogo_visible_info": "Ta možnost vpliva samo na objekte, ki jih je mogoče prikazati v SOGo (naslovi vzdevkov v skupni rabi ali brez nje, ki kažejo na vsaj en lokalni poštni predal). Če je skrita, vzdevek ne bo prikazan kot izbirni pošiljatelj v SOGo.",
         "spam_alias": "Ustvarjanje ali spreminjanje časovno omejenih vzdevkovnih naslovov",
         "spam_filter": "Filter neželene pošte",
         "spam_policy": "Dodajanje ali odstranjevanje elementov na seznam dovoljenih/zavrnjenih",
@@ -783,7 +783,7 @@
         "internal_info": "Notranji vzdevki so dostopni samo iz lastne domene ali vzdevkov domen."
     },
     "footer": {
-        "restart_container_info": "<b>Pomembno:</b> Ugoden ponovni zagon lahko traja nekaj časa, zato počakajte, da se konča.",
+        "restart_container_info": "<b>Pomembno:</b> Eleganten ponovni zagon lahko traja nekaj časa, zato počakajte, da se konča.",
         "delete_these_items": "Prosimo, potrdite spremembe naslednjega ID-ja objekta",
         "confirm_delete": "Potrdi brisanje",
         "delete_now": "Izbriši zdaj",

From 732b321962c817b9d21de10208f0d88d192a1f63 Mon Sep 17 00:00:00 2001
From: Hobby-Student <6012744+Hobby-Student@users.noreply.github.com>
Date: Tue, 30 Sep 2025 14:37:19 +0200
Subject: [PATCH 687/755] fix autodiscover when using ldap with attribute
 mapping templates

---
 data/web/autodiscover.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/data/web/autodiscover.php b/data/web/autodiscover.php
index 9526313ae..224f94f71 100644
--- a/data/web/autodiscover.php
+++ b/data/web/autodiscover.php
@@ -7,6 +7,8 @@ if(file_exists('inc/vars.local.inc.php')) {
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.auth.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/sessions.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.mailbox.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.ratelimit.inc.php';
 $default_autodiscover_config = $autodiscover_config;
 $autodiscover_config = array_merge($default_autodiscover_config, $autodiscover_config);
 

From dd160cd508c20f2cbb03141f17537a6b07dbdfa7 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 30 Sep 2025 13:42:36 +0000
Subject: [PATCH 688/755] Update dependency php/pecl-mail-mailparse to v3.1.9

Signed-off-by: milkmaker <milkmaker@mailcow.de>
---
 data/Dockerfiles/phpfpm/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index e7b43790b..7b57ea606 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -7,7 +7,7 @@ ARG APCU_PECL_VERSION=5.1.26
 # renovate: datasource=github-tags depName=Imagick/imagick versioning=semver-coerced extractVersion=(?<version>.*)$
 ARG IMAGICK_PECL_VERSION=3.8.0
 # renovate: datasource=github-tags depName=php/pecl-mail-mailparse versioning=semver-coerced extractVersion=^v(?<version>.*)$
-ARG MAILPARSE_PECL_VERSION=3.1.8
+ARG MAILPARSE_PECL_VERSION=3.1.9
 # renovate: datasource=github-tags depName=php-memcached-dev/php-memcached versioning=semver-coerced extractVersion=^v(?<version>.*)$
 ARG MEMCACHED_PECL_VERSION=3.3.0
 # renovate: datasource=github-tags depName=phpredis/phpredis versioning=semver-coerced extractVersion=(?<version>.*)$

From 796e131c3af59fb36714818b2e03cbf5f60d9e0c Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Wed, 1 Oct 2025 11:14:57 +0200
Subject: [PATCH 689/755] update postscreen_access.cidr (#6801)

---
 data/conf/postfix/postscreen_access.cidr | 42 +++++++++++-------------
 1 file changed, 19 insertions(+), 23 deletions(-)

diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr
index 35fc1a802..9249520bc 100644
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@@ -1,12 +1,13 @@
-# Whitelist generated by Postwhite v3.4 on Mon Sep  1 00:23:07 UTC 2025
+# Whitelist generated by Postwhite v3.4 on Wed Oct  1 00:21:33 UTC 2025
 # https://github.com/stevejenkins/postwhite/
-# 2165 total rules
+# 2216 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
-2a01:111:f403::/49	permit
-2a01:111:f403:8000::/50	permit
+2a01:111:f403:2800::/53	permit
 2a01:111:f403:8000::/51	permit
+2a01:111:f403::/49	permit
 2a01:111:f403:c000::/51	permit
+2a01:111:f403:d000::/53	permit
 2a01:111:f403:f000::/52	permit
 2a01:238:20a:202:5370::1	permit
 2a01:238:20a:202:5372::1	permit
@@ -55,7 +56,8 @@
 8.40.222.0/23	permit
 8.40.222.250/31	permit
 12.130.86.238	permit
-13.107.246.40	permit
+13.107.213.41	permit
+13.107.246.41	permit
 13.110.208.0/21	permit
 13.110.209.0/24	permit
 13.110.216.0/22	permit
@@ -174,6 +176,7 @@
 35.161.32.253	permit
 35.162.73.231	permit
 35.167.93.243	permit
+35.174.145.124	permit
 35.176.132.251	permit
 35.205.92.9	permit
 35.228.216.85	permit
@@ -183,7 +186,6 @@
 37.218.249.47	permit
 37.218.251.62	permit
 39.156.163.64/29	permit
-40.90.65.81	permit
 40.92.0.0/15	permit
 40.92.0.0/16	permit
 40.107.0.0/16	permit
@@ -271,9 +273,6 @@
 50.56.130.221	permit
 50.56.130.222	permit
 50.112.246.219	permit
-51.77.79.158	permit
-51.83.17.38	permit
-51.89.119.103	permit
 52.1.14.157	permit
 52.5.230.59	permit
 52.6.74.205	permit
@@ -324,8 +323,6 @@
 52.234.172.96/28	permit
 52.235.253.128	permit
 52.236.28.240/28	permit
-54.36.149.183	permit
-54.38.221.122	permit
 54.90.148.255	permit
 54.165.19.38	permit
 54.174.52.0/24	permit
@@ -686,6 +683,8 @@
 82.165.159.45	permit
 82.165.159.130	permit
 82.165.159.131	permit
+85.9.206.169	permit
+85.9.210.45	permit
 85.158.136.0/21	permit
 85.215.255.39	permit
 85.215.255.40	permit
@@ -1234,16 +1233,14 @@
 99.83.190.102	permit
 103.9.96.0/22	permit
 103.28.42.0/24	permit
-103.122.78.238	permit
+103.84.217.238	permit
+103.89.75.238	permit
 103.151.192.0/23	permit
 103.168.172.128/27	permit
 103.237.104.0/22	permit
 104.43.243.237	permit
 104.44.112.128/25	permit
 104.47.0.0/17	permit
-104.47.20.0/23	permit
-104.47.75.0/24	permit
-104.47.108.0/23	permit
 104.130.96.0/28	permit
 104.130.122.0/23	permit
 106.10.144.64/27	permit
@@ -1378,7 +1375,6 @@
 108.174.6.215	permit
 108.175.18.45	permit
 108.175.30.45	permit
-108.177.96.0/20	permit
 108.179.144.0/20	permit
 109.224.244.0/24	permit
 109.237.142.0/24	permit
@@ -1544,6 +1540,7 @@
 148.105.0.0/16	permit
 148.105.8.0/21	permit
 149.72.0.0/16	permit
+149.72.234.184	permit
 149.72.248.236	permit
 149.97.173.180	permit
 150.230.98.160	permit
@@ -1599,6 +1596,7 @@
 159.183.0.0/16	permit
 159.183.68.71	permit
 159.183.79.38	permit
+159.183.129.172	permit
 160.1.62.192	permit
 161.38.192.0/20	permit
 161.38.204.0/22	permit
@@ -1616,6 +1614,7 @@
 163.114.134.16	permit
 163.114.135.16	permit
 163.116.128.0/17	permit
+163.192.116.87	permit
 164.152.23.32	permit
 164.152.25.241	permit
 164.177.132.168/30	permit
@@ -1655,6 +1654,7 @@
 169.148.131.0/24	permit
 169.148.138.0/24	permit
 169.148.142.10	permit
+169.148.142.33	permit
 169.148.144.0/25	permit
 169.148.144.10	permit
 169.148.146.0/23	permit
@@ -1666,11 +1666,7 @@
 170.10.132.56/29	permit
 170.10.132.64/29	permit
 170.10.133.0/24	permit
-172.217.0.0/20	permit
 172.217.32.0/20	permit
-172.217.128.0/19	permit
-172.217.160.0/20	permit
-172.217.192.0/19	permit
 172.253.56.0/21	permit
 172.253.112.0/20	permit
 173.0.84.0/29	permit
@@ -2209,17 +2205,17 @@
 2607:13c0:0002:0000:0000:0000:0000:1000/116	permit
 2607:13c0:0004:0000:0000:0000:0000:0000/116	permit
 2607:f8b0:4000::/36	permit
-2620:109:c003:104::215	permit
 2620:109:c003:104::/64	permit
-2620:109:c006:104::215	permit
+2620:109:c003:104::215	permit
 2620:109:c006:104::/64	permit
+2620:109:c006:104::215	permit
 2620:109:c00d:104::/64	permit
 2620:10d:c090:400::8:1	permit
 2620:10d:c091:400::8:1	permit
 2620:10d:c09b:400::8:1	permit
 2620:10d:c09c:400::8:1	permit
-2620:119:50c0:207::215	permit
 2620:119:50c0:207::/64	permit
+2620:119:50c0:207::215	permit
 2800:3f0:4000::/36	permit
 49.12.4.251 permit # checks.mailcow.email
 2a01:4f8:c17:7906::10 permit # checks.mailcow.email

From 3cc28af607194eda0a624413c7be2b168e0a5ba8 Mon Sep 17 00:00:00 2001
From: sdsys-ch <100968265+sdsys-ch@users.noreply.github.com>
Date: Thu, 2 Oct 2025 09:21:26 +0200
Subject: [PATCH 690/755] [Helper] Fix cold-standby script to support digits
 and override files (#6800)

This commit fixes two bugs in the cold-standby script:

1. Support digits in COMPOSE_PROJECT_NAME
   The script was stripping digits from COMPOSE_PROJECT_NAME, while
   backup_and_restore.sh (fixed in a71d991c) correctly supports them.
   Added '0-9' to the tr character set to align behavior.

2. Support docker-compose.override.yml on remote
   Lines 172 and 287 explicitly used '-f docker-compose.yml' which
   causes Docker Compose to ignore docker-compose.override.yml even
   when present. Changed to 'cd && compose' pattern (matching line 296)
   to auto-discover override files.

   Impact: Users with custom volumes/services in override file would
   experience silent failures - volumes not created, images not pulled,
   data syncing to wrong locations.

Both fixes ensure cold-standby works correctly with standard Docker
Compose conventions and user customizations.

Co-authored-by: Christophe Neuerburg <c.neuerburg@sdsys.ch>
---
 helper-scripts/_cold-standby.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/helper-scripts/_cold-standby.sh b/helper-scripts/_cold-standby.sh
index f02436a95..d4c3d0cf2 100755
--- a/helper-scripts/_cold-standby.sh
+++ b/helper-scripts/_cold-standby.sh
@@ -117,7 +117,7 @@ fi
 SCRIPT_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
 source "${SCRIPT_DIR}/../mailcow.conf"
 COMPOSE_FILE="${SCRIPT_DIR}/../docker-compose.yml"
-CMPS_PRJ=$(echo ${COMPOSE_PROJECT_NAME} | tr -cd 'A-Za-z-_')
+CMPS_PRJ=$(echo ${COMPOSE_PROJECT_NAME} | tr -cd '0-9A-Za-z-_')
 SQLIMAGE=$(grep -iEo '(mysql|mariadb)\:.+' "${COMPOSE_FILE}")
 
 preflight_local_checks
@@ -169,7 +169,7 @@ if ! ssh -o StrictHostKeyChecking=no \
   -i "${REMOTE_SSH_KEY}" \
   ${REMOTE_SSH_HOST} \
   -p ${REMOTE_SSH_PORT} \
-  ${COMPOSE_COMMAND} -f "${SCRIPT_DIR}/../docker-compose.yml" create 2>&1 ; then
+  "cd \"${SCRIPT_DIR}/../\" && ${COMPOSE_COMMAND} create 2>&1" ; then
     >&2 echo -e "\e[31m[ERR]\e[0m - Could not create networks, volumes and containers on remote"
 fi
 
@@ -284,7 +284,7 @@ echo "OK"
     -i "${REMOTE_SSH_KEY}" \
     ${REMOTE_SSH_HOST} \
     -p ${REMOTE_SSH_PORT} \
-    ${COMPOSE_COMMAND} -f "${SCRIPT_DIR}/../docker-compose.yml" pull --quiet 2>&1 ; then
+    "cd \"${SCRIPT_DIR}/../\" && ${COMPOSE_COMMAND} pull --quiet 2>&1" ; then
       >&2 echo -e "\e[31m[ERR]\e[0m - Could not pull images on remote"
   fi
 

From 871c422ec1cc1afaaba73b40eac5061623fd83fb Mon Sep 17 00:00:00 2001
From: Jonas <jonasc@users.noreply.github.com>
Date: Thu, 2 Oct 2025 09:22:35 +0200
Subject: [PATCH 691/755] Fix typos in config (#6792)

Co-authored-by: DerLinkman <niklas.meyer@servercow.de>
---
 generate_config.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/generate_config.sh b/generate_config.sh
index 6b193f84d..393d2fced 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -243,14 +243,14 @@ COMPOSE_PROJECT_NAME=mailcowdockerized
 
 # Used Docker Compose version
 # Switch here between native (compose plugin) and standalone
-# For more informations take a look at the mailcow docs regarding the configuration options.
+# For more information take a look at the mailcow docs regarding the configuration options.
 # Normally this should be untouched but if you decided to use either of those you can switch it manually here.
 # Please be aware that at least one of those variants should be installed on your machine or mailcow will fail.
 DOCKER_COMPOSE_VERSION=${COMPOSE_VERSION}
 
 # Set this to "allow" to enable the anyone pseudo user. Disabled by default.
 # When enabled, ACL can be created, that apply to "All authenticated users"
-# This should probably only be activated on mail hosts, that are used exclusivly by one organisation.
+# This should probably only be activated on mail hosts, that are used exclusively by one organisation.
 # Otherwise a user might share data with too many other users.
 ACL_ANYONE=disallow
 
@@ -293,7 +293,7 @@ ADDITIONAL_SERVER_NAMES=
 # Skip running ACME (acme-mailcow, Let's Encrypt certs) - y/n
 SKIP_LETS_ENCRYPT=n
 
-# Create seperate certificates for all domains - y/n
+# Create separate certificates for all domains - y/n
 # this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames
 # see https://doc.dovecot.org/admin_manual/ssl/sni_support
 ENABLE_SSL_SNI=n
@@ -327,7 +327,7 @@ FTS_HEAP=128
 
 # Controls how many processes the Dovecot indexing process can spawn at max.
 # Too many indexing processes can use a lot of CPU and Disk I/O.
-# Please visit: https://doc.dovecot.org/configuration_manual/service_configuration/#indexer-worker for more informations
+# Please visit: https://doc.dovecot.org/configuration_manual/service_configuration/#indexer-worker for more information
 FTS_PROCS=1
 
 # Allow admins to log into SOGo as email user (without any password)

From c217be06c6ced586976e4e900701c84d51f6e35c Mon Sep 17 00:00:00 2001
From: Colin Kubon <colin1207@gmx.net>
Date: Thu, 2 Oct 2025 09:24:06 +0200
Subject: [PATCH 692/755] scripts: make sure /etc/docker exists (#6791)

---
 _modules/scripts/ipv6_controller.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/_modules/scripts/ipv6_controller.sh b/_modules/scripts/ipv6_controller.sh
index 1ff5eb198..a025ee178 100644
--- a/_modules/scripts/ipv6_controller.sh
+++ b/_modules/scripts/ipv6_controller.sh
@@ -155,6 +155,7 @@ docker_daemon_edit(){
     fi
 
     if [[ $ans =~ ^[Yy]$ ]]; then
+      mkdir -p "$(dirname "$DOCKER_DAEMON_CONFIG")"
       if [[ -n "$DOCKER_MAJOR" && "$DOCKER_MAJOR" -lt 27 ]]; then
         cat > "$DOCKER_DAEMON_CONFIG" <<EOF
 {

From 721ee2394ec991c68c96ab484be3e851c0dc2a02 Mon Sep 17 00:00:00 2001
From: Valentin Brandl <mail+github@vbrandl.net>
Date: Fri, 3 Oct 2025 19:03:03 +0200
Subject: [PATCH 693/755] Update variable name for prometheus-exporter security
 token (#6776)

* update variable name for prometheus-exporter security token

* update `MAILCOW_EXPORTER_TOKEN_DISABLE` variable name
---
 .../PROMETHEUS_EXPORTER/docker-compose.override.yml           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/helper-scripts/docker-compose.override.yml.d/PROMETHEUS_EXPORTER/docker-compose.override.yml b/helper-scripts/docker-compose.override.yml.d/PROMETHEUS_EXPORTER/docker-compose.override.yml
index 6fd4e8e08..26532bc39 100644
--- a/helper-scripts/docker-compose.override.yml.d/PROMETHEUS_EXPORTER/docker-compose.override.yml
+++ b/helper-scripts/docker-compose.override.yml.d/PROMETHEUS_EXPORTER/docker-compose.override.yml
@@ -7,8 +7,8 @@ services:
       environment:
         MAILCOW_EXPORTER_HOST: "<your-mail-domain>" # Replace with your Mailcow hostname
         MAILCOW_EXPORTER_API_KEY: "<your-API-Key>" # Replace with your API key
-        MAILCOW_EXPORTER_TOKEN: "<your-secure-token>" # Replace with your secure key
-        # MAILCOW_EXPORTER_TOKEN_DISABLE: "true" # Uncomment only if it is safe to disable token authentication (e.g., internal network only)
+        MAILCOW_EXPORTER_SECURITY_TOKEN: "<your-secure-token>" # Replace with your secure key
+        # MAILCOW_EXPORTER_SECURITY_DISABLE_ACCESS_PROTECTION: "true" # Uncomment only if it is safe to disable token authentication (e.g., internal network only)
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       networks:

From fd088cb504027c9f3ca8472b02b2dd3dff751a91 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sat, 4 Oct 2025 14:13:48 +0200
Subject: [PATCH 694/755] chore(deps): update actions/stale action to v10.1.0
 (#6806)

---
 .github/workflows/close_old_issues_and_prs.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/close_old_issues_and_prs.yml b/.github/workflows/close_old_issues_and_prs.yml
index 91870fd1d..85094394a 100644
--- a/.github/workflows/close_old_issues_and_prs.yml
+++ b/.github/workflows/close_old_issues_and_prs.yml
@@ -14,7 +14,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Mark/Close Stale Issues and Pull Requests 🗑️
-        uses: actions/stale@v10.0.0
+        uses: actions/stale@v10.1.0
         with:
           repo-token: ${{ secrets.STALE_ACTION_PAT }}
           days-before-stale: 60

From 922d173540a109def012aa4b1530a6a813791e9c Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Mon, 6 Oct 2025 10:58:35 +0200
Subject: [PATCH 695/755] [Web] include hostname in default website title

---
 data/web/inc/functions.customize.inc.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/data/web/inc/functions.customize.inc.php b/data/web/inc/functions.customize.inc.php
index 56527ff96..b396eec21 100644
--- a/data/web/inc/functions.customize.inc.php
+++ b/data/web/inc/functions.customize.inc.php
@@ -325,8 +325,10 @@ function customize($_action, $_item, $_data = null) {
         break;
         case 'ui_texts':
           try {
-            $data['title_name'] = ($title_name = $redis->get('TITLE_NAME')) ? $title_name : 'mailcow UI';
-            $data['main_name'] = ($main_name = $redis->get('MAIN_NAME')) ? $main_name : 'mailcow UI';
+            $mailcow_hostname = strtolower(getenv("MAILCOW_HOSTNAME"));
+
+            $data['title_name'] = ($title_name = $redis->get('TITLE_NAME')) ? $title_name : "$mailcow_hostname - mail UI";
+            $data['main_name'] = ($main_name = $redis->get('MAIN_NAME')) ? $main_name : "$mailcow_hostname - mail UI";
             $data['apps_name'] = ($apps_name = $redis->get('APPS_NAME')) ? $apps_name : $lang['header']['apps'];
             $data['help_text'] = ($help_text = $redis->get('HELP_TEXT')) ? $help_text : false;
             if (!empty($redis->get('UI_IMPRESS'))) {

From 1ef014907625d39232ab6df6145419d7b3af32c4 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Mon, 6 Oct 2025 11:00:03 +0200
Subject: [PATCH 696/755] [Web] make SameSite policy and cookie name
 configurable via vars.local.inc

---
 data/web/inc/sessions.inc.php | 4 ++--
 data/web/inc/vars.inc.php     | 7 +++++++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/data/web/inc/sessions.inc.php b/data/web/inc/sessions.inc.php
index 68b3d5585..8f3192d70 100644
--- a/data/web/inc/sessions.inc.php
+++ b/data/web/inc/sessions.inc.php
@@ -1,9 +1,9 @@
 <?php
 // Start session
 if (session_status() !== PHP_SESSION_ACTIVE) {
-  session_name('MCSESSID');
+  session_name($SESSION_NAME);
   ini_set("session.cookie_httponly", 1);
-  ini_set("session.cookie_samesite", "Lax");
+  ini_set("session.cookie_samesite", $SESSION_SAMESITE_POLICY);
   ini_set('session.gc_maxlifetime', $SESSION_LIFETIME);
 }
 
diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php
index 568105308..a24752a6d 100644
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@@ -153,6 +153,13 @@ $LOG_PAGINATION_SIZE = 50;
 // Session lifetime in seconds
 $SESSION_LIFETIME = 10800;
 
+// Session SameSite Policy
+// Use "None", "Lax" or "Strict"
+$SESSION_SAMESITE_POLICY = "Lax";
+
+// Name of the session cookie
+$SESSION_NAME = "MCSESSID";
+
 // Label for OTP devices
 $OTP_LABEL = "mailcow UI";
 

From c2948735f233eec177dd4aab194f71956f1b8661 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Tue, 7 Oct 2025 10:18:07 +0200
Subject: [PATCH 697/755] [Web] clear old app_passwd log entries

---
 data/web/inc/init_db.inc.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 1c4f0ebf2..83b27fbe1 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -4,7 +4,7 @@ function init_db_schema()
   try {
     global $pdo;
 
-    $db_version = "19082025_1436";
+    $db_version = "07102025_1015";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -1337,6 +1337,14 @@ function init_db_schema()
       $pdo->query($create);
     }
 
+    // Clear old app_passwd log entries
+    if ($db_version == "07102025_1015") {
+      $pdo->query("DELETE FROM logs
+        WHERE JSON_EXTRACT(`call`, '$[0]') = 'app_passwd'
+          AND JSON_EXTRACT(`call`, '$[1]') = 'edit'
+          AND role != 'unauthenticated';");
+    }
+
     // Mitigate imapsync argument injection issue
     $pdo->query("UPDATE `imapsync` SET `custom_params` = ''
       WHERE `custom_params` LIKE '%pipemess%'

From 455ef084b4a4af4173b471d671a1d77b397aefe2 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Tue, 7 Oct 2025 10:37:44 +0200
Subject: [PATCH 698/755] [Web] clear old app_passwd log entries

---
 data/web/inc/init_db.inc.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 83b27fbe1..b8ab85253 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -1338,12 +1338,12 @@ function init_db_schema()
     }
 
     // Clear old app_passwd log entries
-    if ($db_version == "07102025_1015") {
-      $pdo->query("DELETE FROM logs
-        WHERE JSON_EXTRACT(`call`, '$[0]') = 'app_passwd'
-          AND JSON_EXTRACT(`call`, '$[1]') = 'edit'
-          AND role != 'unauthenticated';");
-    }
+    $pdo->exec("DELETE FROM logs
+      WHERE role != 'unauthenticated'
+        AND JSON_EXTRACT(`call`, '$[0]') = 'app_passwd'
+        AND JSON_EXTRACT(`call`, '$[1]') = 'edit'
+        AND (JSON_CONTAINS_PATH(`call`, 'one', '$[2].password')
+          OR JSON_CONTAINS_PATH(`call`, 'one', '$[2].password2'));");
 
     // Mitigate imapsync argument injection issue
     $pdo->query("UPDATE `imapsync` SET `custom_params` = ''

From df4d3bb6e0ed5fb81e9053487e1ff12d5205b0e6 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Tue, 7 Oct 2025 11:41:57 +0200
Subject: [PATCH 699/755] [Web] Fix dashboard host stats

---
 data/web/js/site/dashboard.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/web/js/site/dashboard.js b/data/web/js/site/dashboard.js
index 32c04b518..760e878f1 100644
--- a/data/web/js/site/dashboard.js
+++ b/data/web/js/site/dashboard.js
@@ -1345,6 +1345,7 @@ function update_stats(timeout=5){
 
   window.fetch("/api/v1/get/status/host", {method:'GET',cache:'no-cache'}).then(function(response) {
     return response.json();
+  }).then(function(data) {
     if (data){
       // display table data
       $("#host_date").text(data.system_time);

From e9414d17e47d00a155382b1e200535068570f40c Mon Sep 17 00:00:00 2001
From: Thomas Mills <accounts+github@tomjmills.co.uk>
Date: Wed, 8 Oct 2025 11:34:27 +0100
Subject: [PATCH 700/755] Show app password for last logins

---
 data/web/js/site/user.js | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/data/web/js/site/user.js b/data/web/js/site/user.js
index d7625151d..145c9cdb4 100644
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@@ -105,10 +105,9 @@ jQuery(function($){
               $(".last-sasl-login").append(`
                 <li class="list-group-item d-flex justify-content-between align-items-start">
                   <div class="ms-2 me-auto d-flex flex-column">
-                    <div class="fw-bold">` + real_rip + `</div>
-                    <small class="fst-italic mt-2">` + service + ` ` + local_datetime + `</small>
+                    <div class="fw-bold">` + real_rip + ip_location + `</div>
+                    <small class="fst-italic mt-2">` + service + ` ` + local_datetime + `</small>` + app_password + `
                   </div>
-                  <span>` + ip_location + `</span>
                 </li>
               `);
             })

From 5c9f387d940bad5bca9a8463c1cc49510bdfdc5b Mon Sep 17 00:00:00 2001
From: Thomas Mills <accounts+github@tomjmills.co.uk>
Date: Wed, 8 Oct 2025 17:55:00 +0100
Subject: [PATCH 701/755] Add margin

---
 data/web/js/site/user.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/js/site/user.js b/data/web/js/site/user.js
index 145c9cdb4..92e495956 100644
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@@ -97,7 +97,7 @@ jQuery(function($){
               var datetime = new Date(item.datetime.replace(/-/g, "/"));
               var local_datetime = datetime.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
               var service = '<div class="badge bg-secondary">' + item.service.toUpperCase() + '</div>';
-              var app_password = item.app_password ? ' <a href="/edit/app-passwd/' + item.app_password + '"><i class="bi bi-app-indicator"></i> ' + escapeHtml(item.app_password_name || "App") + '</a>' : '';
+              var app_password = item.app_password ? ' <a href="/edit/app-passwd/' + item.app_password + '"><i class="bi bi-key"></i><span class="ms-2">' + escapeHtml(item.app_password_name || "App") + '</span></a>' : '';
               var real_rip = item.real_rip.startsWith("Web") ? item.real_rip : '<a href="https://bgp.tools/prefix/' + item.real_rip + '" target="_blank">' + item.real_rip + "</a>";
               var ip_location = item.location ? ' <span class="flag-icon flag-icon-' + item.location.toLowerCase() + '"></span>' : '';
               var ip_data = real_rip + ip_location + app_password;

From c443a9400a0ad3d3e10e54890b42e1e32e84e478 Mon Sep 17 00:00:00 2001
From: Thomas Mills <accounts+github@tomjmills.co.uk>
Date: Wed, 8 Oct 2025 21:16:32 +0100
Subject: [PATCH 702/755] Move flag in front of IP

---
 data/web/js/site/user.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/js/site/user.js b/data/web/js/site/user.js
index 92e495956..0bff5e058 100644
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@@ -105,7 +105,7 @@ jQuery(function($){
               $(".last-sasl-login").append(`
                 <li class="list-group-item d-flex justify-content-between align-items-start">
                   <div class="ms-2 me-auto d-flex flex-column">
-                    <div class="fw-bold">` + real_rip + ip_location + `</div>
+                    <div class="fw-bold">` + ip_location + real_rip + `</div>
                     <small class="fst-italic mt-2">` + service + ` ` + local_datetime + `</small>` + app_password + `
                   </div>
                 </li>

From 69f0552d4f668472816dc5169175327bfe6bae50 Mon Sep 17 00:00:00 2001
From: Thomas Mills <accounts+github@tomjmills.co.uk>
Date: Wed, 8 Oct 2025 21:20:10 +0100
Subject: [PATCH 703/755] Decrease margin size

---
 data/web/js/site/user.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/js/site/user.js b/data/web/js/site/user.js
index 0bff5e058..0080a7c01 100644
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@@ -97,7 +97,7 @@ jQuery(function($){
               var datetime = new Date(item.datetime.replace(/-/g, "/"));
               var local_datetime = datetime.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
               var service = '<div class="badge bg-secondary">' + item.service.toUpperCase() + '</div>';
-              var app_password = item.app_password ? ' <a href="/edit/app-passwd/' + item.app_password + '"><i class="bi bi-key"></i><span class="ms-2">' + escapeHtml(item.app_password_name || "App") + '</span></a>' : '';
+              var app_password = item.app_password ? ' <a href="/edit/app-passwd/' + item.app_password + '"><i class="bi bi-key"></i><span class="ms-1">' + escapeHtml(item.app_password_name || "App") + '</span></a>' : '';
               var real_rip = item.real_rip.startsWith("Web") ? item.real_rip : '<a href="https://bgp.tools/prefix/' + item.real_rip + '" target="_blank">' + item.real_rip + "</a>";
               var ip_location = item.location ? ' <span class="flag-icon flag-icon-' + item.location.toLowerCase() + '"></span>' : '';
               var ip_data = real_rip + ip_location + app_password;

From 3dcacc41873eb5676614aeb2a071a2e403025c7d Mon Sep 17 00:00:00 2001
From: Thomas Mills <accounts+github@tomjmills.co.uk>
Date: Thu, 9 Oct 2025 11:39:24 +0100
Subject: [PATCH 704/755] Change icon to filled key

---
 data/web/js/site/user.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/js/site/user.js b/data/web/js/site/user.js
index 0080a7c01..10960c5d9 100644
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@@ -97,7 +97,7 @@ jQuery(function($){
               var datetime = new Date(item.datetime.replace(/-/g, "/"));
               var local_datetime = datetime.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
               var service = '<div class="badge bg-secondary">' + item.service.toUpperCase() + '</div>';
-              var app_password = item.app_password ? ' <a href="/edit/app-passwd/' + item.app_password + '"><i class="bi bi-key"></i><span class="ms-1">' + escapeHtml(item.app_password_name || "App") + '</span></a>' : '';
+              var app_password = item.app_password ? ' <a href="/edit/app-passwd/' + item.app_password + '"><i class="bi bi-key-fill"></i><span class="ms-1">' + escapeHtml(item.app_password_name || "App") + '</span></a>' : '';
               var real_rip = item.real_rip.startsWith("Web") ? item.real_rip : '<a href="https://bgp.tools/prefix/' + item.real_rip + '" target="_blank">' + item.real_rip + "</a>";
               var ip_location = item.location ? ' <span class="flag-icon flag-icon-' + item.location.toLowerCase() + '"></span>' : '';
               var ip_data = real_rip + ip_location + app_password;

From 417835dea83ca5abb57542d1f5ae49811781e694 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 9 Oct 2025 16:37:05 +0200
Subject: [PATCH 705/755] netfilter: improve logging and mark iptables-legacy
 as deprecated

---
 .../netfilter/docker-entrypoint.sh            |  2 +-
 data/Dockerfiles/netfilter/main.py            |  5 ++++
 data/Dockerfiles/netfilter/modules/Logger.py  | 26 ++++++++++++++-----
 docker-compose.yml                            |  2 +-
 4 files changed, 26 insertions(+), 9 deletions(-)

diff --git a/data/Dockerfiles/netfilter/docker-entrypoint.sh b/data/Dockerfiles/netfilter/docker-entrypoint.sh
index 47370a1fe..98cab0a72 100755
--- a/data/Dockerfiles/netfilter/docker-entrypoint.sh
+++ b/data/Dockerfiles/netfilter/docker-entrypoint.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-backend=iptables
+backend=nftables
 
 nft list table ip filter &>/dev/null
 nftables_found=$?
diff --git a/data/Dockerfiles/netfilter/main.py b/data/Dockerfiles/netfilter/main.py
index 2232d0d1d..5b718a94b 100644
--- a/data/Dockerfiles/netfilter/main.py
+++ b/data/Dockerfiles/netfilter/main.py
@@ -449,6 +449,11 @@ if __name__ == '__main__':
     tables = NFTables(chain_name, logger)
   else:
     logger.logInfo('Using IPTables backend')
+    logger.logWarn(
+        "DEPRECATION: iptables-legacy is deprecated and will be removed in future releases. "
+        "Please switch to nftables on your host to ensure complete compatibility."
+    )
+    time.sleep(5)
     tables = IPTables(chain_name, logger)
 
   clear()
diff --git a/data/Dockerfiles/netfilter/modules/Logger.py b/data/Dockerfiles/netfilter/modules/Logger.py
index 0ba2f42ad..b5114539b 100644
--- a/data/Dockerfiles/netfilter/modules/Logger.py
+++ b/data/Dockerfiles/netfilter/modules/Logger.py
@@ -1,5 +1,6 @@
 import time
 import json
+import datetime
 
 class Logger:
   def __init__(self):
@@ -8,17 +9,28 @@ class Logger:
   def set_redis(self, redis):
     self.r = redis
 
+  def _format_timestamp(self):
+    # Local time with milliseconds
+    return datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")
+
   def log(self, priority, message):
-    tolog = {}
-    tolog['time'] = int(round(time.time()))
-    tolog['priority'] = priority
-    tolog['message'] = message
-    print(message)
+    # build redis-friendly dict
+    tolog = {
+      'time': int(round(time.time())),  # keep raw timestamp for Redis
+      'priority': priority,
+      'message': message
+    }
+
+    # print human-readable message with timestamp
+    ts = self._format_timestamp()
+    print(f"{ts} {priority.upper()}: {message}", flush=True)
+
+    # also push JSON to Redis if connected
     if self.r is not None:
       try:
         self.r.lpush('NETFILTER_LOG', json.dumps(tolog, ensure_ascii=False))
       except Exception as ex:
-        print('Failed logging to redis: %s'  % (ex))
+        print(f'{ts} WARN: Failed logging to redis: {ex}', flush=True)
 
   def logWarn(self, message):
     self.log('warn', message)
@@ -27,4 +39,4 @@ class Logger:
     self.log('crit', message)
 
   def logInfo(self, message):
-    self.log('info', message)
+    self.log('info', message)
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 86a4f401a..adff3931e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -502,7 +502,7 @@ services:
             - acme
 
     netfilter-mailcow:
-      image: ghcr.io/mailcow/netfilter:1.62
+      image: ghcr.io/mailcow/netfilter:1.63
       stop_grace_period: 30s
       restart: always
       privileged: true

From 7de70322d606ed8acf273780c52c4794404d1db3 Mon Sep 17 00:00:00 2001
From: Olavo Rocha Neto <olavo@exodus.eti.br>
Date: Thu, 9 Oct 2025 14:36:36 -0300
Subject: [PATCH 706/755] Update pt-br lang (#6803)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Web] Updated lang.si-si.json

Co-authored-by: Matjaž Tekavec <matjaz@moj-svet.si>

* Update pt-br lang

* Complimentary adjustments

* Revert "[Web] Updated lang.si-si.json"

This reverts commit b23848e0f20d6fdb86d75bc97171303e3d64e7bc.

---------

Co-authored-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: Matjaž Tekavec <matjaz@moj-svet.si>
---
 data/web/lang/lang.pt-br.json | 120 +++++++++++++++++++++++++++++-----
 1 file changed, 105 insertions(+), 15 deletions(-)

diff --git a/data/web/lang/lang.pt-br.json b/data/web/lang/lang.pt-br.json
index f9c08ef02..b01d97656 100644
--- a/data/web/lang/lang.pt-br.json
+++ b/data/web/lang/lang.pt-br.json
@@ -1,7 +1,7 @@
 {
     "acl": {
-        "alias_domains": "Adicionar domínios alias",
-        "app_passwds": "Gerenciar senhas de aplicativos",
+        "alias_domains": "Adicionar alias de domínios",
+        "app_passwds": "Gerenciar senhas de app",
         "bcc_maps": "Mapas BCC",
         "delimiter_action": "Ação delimitadora",
         "domain_desc": "Alterar descrição do domínio",
@@ -9,7 +9,7 @@
         "eas_reset": "Redefinir dispositivos EAS",
         "extend_sender_acl": "Permitir estender a ACL do remetente por endereços externos",
         "filters": "Filtros",
-        "login_as": "Faça login como usuário da mailbox",
+        "login_as": "Fazer login como usuário da mailbox",
         "mailbox_relayhost": "Alterar relayhost para uma mailbox",
         "prohibited": "Proibido pela ACL",
         "protocol_access": "Alterar o acesso ao protocolo",
@@ -109,7 +109,9 @@
         "username": "Nome de usuário",
         "validate": "Validar",
         "validation_success": "Validado com sucesso",
-        "dry": "Simular sincronização"
+        "dry": "Simular sincronização",
+        "internal": "Interno",
+        "internal_info": "Aliases internos são acessíveis apenas a partir do próprio domínio ou alias de domínio."
     },
     "admin": {
         "access": "Acesso",
@@ -364,7 +366,52 @@
         "iam_client_secret": "Senha de cliente",
         "iam_auth_flow": "Fluxo de autenticação",
         "iam_client_scopes": "Escopo do cliente",
-        "iam_default_template": "Template Padrão"
+        "iam_default_template": "Template Padrão",
+        "admin_quicklink": "Ocultar link rápido para página de login do administrador",
+        "app_hide": "Ocultar para login",
+        "login_page": "Página de login",
+        "domainadmin_quicklink": "Ocultar link rápido para página de login do administrador de domínio",
+        "filter": "Filtro",
+        "force_sso_text": "Se um provedor OIDC externo for configurado, esta opção oculta os formulários de login padrão do mailcow e mostra apenas o botão de single sign-on",
+        "force_sso": "Desabilitar login do mailcow e mostrar apenas single sign-on",
+        "iam": "Provedor de identidade",
+        "iam_attribute_field": "Campo de atributo",
+        "iam_authorize_url": "Endpoint de autorização",
+        "iam_auth_flow_info": "Além do fluxo de código de autorização (fluxo padrão no Keycloak), que é usado para login de single sign-on, o mailcow também suporta fluxo de autenticação com credenciais diretas. O fluxo Mailpassword tenta validar as credenciais do usuário usando a API REST do administrador do Keycloak. O mailcow recupera a senha hash do atributo <code>mailcow_password</code>, que é mapeado no Keycloak.",
+        "iam_basedn": "DN base",
+        "iam_default_template_description": "Se nenhum template for atribuído a um usuário, o template padrão será usado para criar a caixa de correio, mas não para atualizar a caixa de correio.",
+        "iam_description": "Configure um provedor externo para autenticação<br>As caixas de correio dos usuários serão criadas automaticamente no primeiro login, desde que um mapeamento de atributos tenha sido definido.",
+        "iam_extra_permission": "Para que as configurações a seguir funcionem, o cliente mailcow no Keycloak precisa de uma <code>conta de serviço</code> e a permissão para <code>visualizar usuários</code>.",
+        "iam_host": "Host",
+        "iam_host_info": "Digite um ou mais hosts LDAP, separados por vírgulas.",
+        "iam_import_users": "Importar usuários",
+        "iam_login_provisioning": "Criar usuários automaticamente no login",
+        "iam_mapping": "Mapeamento de atributos",
+        "iam_bindpass": "Senha de vinculação",
+        "iam_periodic_full_sync": "Sincronização completa periódica",
+        "iam_port": "Porta",
+        "iam_realm": "Realm",
+        "iam_redirect_url": "URL de redirecionamento",
+        "iam_rest_flow": "Fluxo Mailpassword",
+        "iam_server_url": "URL do servidor",
+        "iam_sso": "Single sign-on",
+        "iam_sync_interval": "Intervalo de sincronização/importação (min)",
+        "iam_test_connection": "Testar conexão",
+        "iam_token_url": "Endpoint de token",
+        "iam_userinfo_url": "Endpoint de informações do usuário",
+        "iam_username_field": "Campo de nome de usuário",
+        "iam_binddn": "DN de vinculação",
+        "iam_use_ssl": "Usar SSL",
+        "iam_use_ssl_info": "Se habilitar SSL e a porta estiver definida como 389, ela será automaticamente substituída para usar 636.",
+        "iam_use_tls": "Usar StartTLS",
+        "iam_use_tls_info": "Se habilitar TLS, você deve usar a porta padrão para seu servidor LDAP (389). Portas SSL não podem ser usadas.",
+        "iam_version": "Versão",
+        "ignore_ssl_error": "Ignorar erros SSL",
+        "needs_restart": "precisa reiniciar",
+        "quicklink_text": "Mostrar ou ocultar links rápidos para outras páginas de login abaixo do formulário de login",
+        "task": "Tarefa",
+        "user_link": "Link do usuário",
+        "user_quicklink": "Ocultar link rápido para página de login do usuário"
     },
     "danger": {
         "access_denied": "Acesso negado ou dados de formulário inválidos",
@@ -501,7 +548,15 @@
         "username_invalid": "O nome de usuário %s não pode ser usado",
         "validity_missing": "Por favor, atribua um período de validade",
         "value_missing": "Forneça todos os valores",
-        "yotp_verification_failed": "Falha na verificação do Yubico OTP: %s"
+        "yotp_verification_failed": "Falha na verificação do Yubico OTP: %s",
+        "authsource_in_use": "O provedor de identidade não pode ser alterado ou excluído pois está sendo usado por um ou mais usuários.",
+        "generic_server_error": "Ocorreu um erro inesperado no servidor. Entre em contato com seu administrador.",
+        "iam_test_connection": "Falha na conexão",
+        "max_age_invalid": "Idade máxima %s é inválida",
+        "mode_invalid": "Modo %s é inválido",
+        "mx_invalid": "Registro MX %s é inválido",
+        "required_data_missing": "Dados obrigatórios %s estão ausentes",
+        "version_invalid": "Versão %s é inválida"
     },
     "datatables": {
         "collapse_all": "Recolher tudo",
@@ -708,7 +763,25 @@
         "title": "Editar objeto",
         "unchanged_if_empty": "Se inalterado, deixe em branco",
         "username": "Nome de usuário",
-        "validate_save": "Valide e salve"
+        "validate_save": "Validar e salvar",
+        "internal": "Interno",
+        "internal_info": "Aliases internos são acessíveis apenas a partir do próprio domínio ou domínios alias.",
+        "mailbox_rename": "Renomear caixa de correio",
+        "mailbox_rename_agree": "Eu criei um backup.",
+        "mailbox_rename_warning": "IMPORTANTE! Crie um backup antes de renomear a caixa de correio.",
+        "mailbox_rename_alias": "Criar alias automaticamente",
+        "mailbox_rename_title": "Novo nome da caixa de correio local",
+        "mta_sts": "MTA-STS",
+        "mta_sts_info": "<a href='https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#SMTP_MTA_Strict_Transport_Security' target='_blank'>MTA-STS</a> é um padrão que força a entrega de email entre servidores de email para usar TLS com certificados válidos. <br>É usado quando <a target='_blank' href='https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities'>DANE</a> não é possível devido ao DNSSEC ausente ou não suportado.<br><b>Nota</b>: Se o domínio de recepção suporta DANE com DNSSEC, DANE é <b>sempre</b> preferido – MTA-STS atua apenas como fallback.",
+        "mta_sts_version": "Versão",
+        "mta_sts_version_info": "Define a versão do padrão MTA-STS – atualmente apenas <code>STSv1</code> é válido.",
+        "mta_sts_mode": "Modo",
+        "mta_sts_mode_info": "Há três modos para escolher:<ul><li><em>testing</em> – política é apenas monitorada, violações não têm impacto.</li><li><em>enforce</em> – política é rigorosamente aplicada, conexões sem TLS válido são rejeitadas.</li><li><em>none</em> – política é publicada mas não aplicada.</li></ul>",
+        "mta_sts_max_age": "Idade máxima",
+        "mta_sts_max_age_info": "Tempo em segundos que servidores de email de recepção podem armazenar esta política em cache até buscar novamente.",
+        "mta_sts_mx": "Servidor MX",
+        "mta_sts_mx_info": "Permite envio apenas para nomes de host de servidor de email explicitamente listados; o MTA de envio verifica se o nome do host DNS MX corresponde à lista de políticas e permite entrega apenas com certificado TLS válido (protege contra MITM).",
+        "mta_sts_mx_notice": "Múltiplos servidores MX podem ser especificados (separados por vírgulas)."
     },
     "fido2": {
         "confirm": "Confirme",
@@ -771,7 +844,15 @@
         "password": "Senha",
         "reset_password": "Recuperar a senha",
         "request_reset_password": "Solicitar troca de senha",
-        "username": "Nome de usuário"
+        "username": "Nome de usuário",
+        "login_linkstext": "Login incorreto?",
+        "login_usertext": "Entrar como usuário",
+        "login_domainadmintext": "Entrar como administrador de domínio",
+        "login_admintext": "Entrar como administrador",
+        "login_user": "Login de usuário",
+        "login_dadmin": "Login como administrador de domínio",
+        "login_admin": "Login como administrador",
+        "email": "Endereço de email"
     },
     "mailbox": {
         "action": "Ação",
@@ -946,7 +1027,9 @@
         "username": "Nome de usuário",
         "waiting": "Esperando",
         "weekly": "Semanalmente",
-        "yes": "✓"
+        "yes": "✓",
+        "iam": "Provedor de Identidade",
+        "internal": "Interno"
     },
     "oauth2": {
         "access_denied": "Faça login como proprietário da mailbox para conceder acesso via OAuth2.",
@@ -961,8 +1044,8 @@
         "action": "Ação",
         "atts": "Anexos",
         "check_hash": "Arquivo de pesquisa hash @ VT",
-        "confirm": "Confirme",
-        "confirm_delete": "Confirme a exclusão desse elemento.",
+        "confirm": "Confirmar",
+        "confirm_delete": "Confirmar exclusão desse elemento.",
         "danger": "Perigo",
         "deliver_inbox": "Entregar na caixa de entrada",
         "disabled_by_config": "A configuração atual do sistema desativa a funcionalidade de quarentena. Defina “retenções por mailbox” e um “tamanho máximo” para os elementos de quarentena.",
@@ -1123,12 +1206,15 @@
         "verified_fido2_login": "Login FIDO2 verificado",
         "verified_totp_login": "Login TOTP verificado",
         "verified_webauthn_login": "Login verificado do WebAuthn",
-        "verified_yotp_login": "Login OTP verificado do Yubico"
+        "verified_yotp_login": "Login OTP verificado do Yubico",
+        "custom_login_modified": "Personalização de login foi salva com sucesso",
+        "iam_test_connection": "Conexão bem-sucedida",
+        "mailbox_renamed": "Caixa de correio foi renomeada de %s para %s"
     },
     "tfa": {
         "authenticators": "Autenticadores",
         "api_register": "%s usa a API Yubico Cloud. Obtenha uma chave de API para sua chave <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">aqui</a>",
-        "confirm": "Confirme",
+        "confirm": "Confirmar",
         "confirm_totp_token": "Confirme suas alterações inserindo o token gerado",
         "delete_tfa": "Desativar o TFA",
         "disable_tfa": "Desative o TFA até o próximo login bem-sucedido",
@@ -1141,7 +1227,7 @@
         "reload_retry": "- (recarregue o navegador se o erro persistir)",
         "scan_qr_code": "Escaneie o código a seguir com seu aplicativo autenticador ou insira o código manualmente.",
         "select": "Por favor, selecione",
-        "set_tfa": "Defina o método de autenticação de dois fatores",
+        "set_tfa": "Método de autenticação de dois fatores",
         "start_webauthn_validation": "Iniciar validação",
         "tfa": "Autenticação de dois fatores",
         "tfa_token_invalid": "Token TFA inválido",
@@ -1318,7 +1404,11 @@
         "weeks": "semanas",
         "with_app_password": "com senha do aplicativo",
         "year": "ano",
-        "years": "anos"
+        "years": "anos",
+        "authentication": "Autenticação",
+        "overview": "Visão geral",
+        "protocols": "Protocolos",
+        "tfa_info": "A autenticação de dois fatores ajuda a proteger sua conta. Se você habilitá-la, precisará de senhas de aplicativo para fazer login em aplicativos ou serviços que não suportam autenticação de dois fatores (por exemplo, clientes de email)."
     },
     "warning": {
         "cannot_delete_self": "Não é possível excluir o usuário conectado",

From 79cf0abc6e264d6ce461646932a6f2d481f71cec Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Thu, 9 Oct 2025 19:54:12 +0200
Subject: [PATCH 707/755] [Web] Updated lang.zh-cn.json (#6826)

Co-authored-by: Easton Man <me@eastonman.com>
---
 data/web/lang/lang.zh-cn.json | 43 ++++++++++++++++++++++-------------
 1 file changed, 27 insertions(+), 16 deletions(-)

diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index c2f9cdc35..94473a405 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -24,7 +24,7 @@
         "sogo_access": "允许管理 SOGo 访问权限",
         "sogo_profile_reset": "重置 SOGo 个人资料",
         "spam_alias": "临时别名",
-        "spam_policy": "黑名单/白名单",
+        "spam_policy": "阻止名单/允许名单",
         "spam_score": "垃圾邮件分数",
         "syncjobs": "同步任务",
         "tls_policy": "TLS 策略",
@@ -149,7 +149,7 @@
         "arrival_time": "到达时间 (服务器时间)",
         "authed_user": "已认证用户",
         "ays": "确定继续操作?",
-        "ban_list_info": "以下为被封禁的 IP 列表: <b>网络 (剩余封禁时间) - [操作]</b>。<br />被取消封禁的 IP 将会在几秒之内从封禁列表中移除<br />红色标签表示因黑名单而导致的永久封禁。",
+        "ban_list_info": "以下为被封禁的 IP 列表: <b>网络 (剩余封禁时间) - [操作]</b>。<br />被取消封禁的 IP 将会在几秒之内从封禁列表中移除<br />红色标签表示因阻止名单而导致的永久封禁。",
         "change_logo": "更改 Logo",
         "configuration": "配置",
         "convert_html_to_text": "将 HTML 转换为纯文本内容",
@@ -181,16 +181,16 @@
         "empty": "结果为空",
         "excludes": "除了",
         "f2b_ban_time": "封禁时间 (秒)",
-        "f2b_blacklist": "网络/主机黑名单",
+        "f2b_blacklist": "网络/主机阻止名单",
         "f2b_filter": "正则表达式过滤器",
-        "f2b_list_info": "黑名单的优先级总是高于白名单。 <b>列表更新将会在几秒之后完成。</b>",
+        "f2b_list_info": "阻止名单的优先级总是高于允许名单。 <b>列表更新将会在几秒之后完成。</b>",
         "f2b_max_attempts": "最多尝试次数",
         "f2b_netban_ipv4": "应用封禁的 IPv4 子网大小 (8-32)",
         "f2b_netban_ipv6": "应用封禁的 IPv6 子网大小 (8-128)",
         "f2b_parameters": "Fail2ban 参数",
         "f2b_regex_info": "将会过滤这些应用的日志: SOGo，Postfix，Dovecot 和 PHP-FPM。",
         "f2b_retry_window": "最多尝试次数重试窗口 (秒)",
-        "f2b_whitelist": "网络/主机白名单",
+        "f2b_whitelist": "网络/主机允许名单",
         "filter_table": "筛选表格",
         "forwarding_hosts": "转发主机",
         "forwarding_hosts_add_hint": "你可以指定 IPv4/IPv6 地址、CIDR 表示的网络、主机名 (解析为 IP 地址)，或者邮箱域名 (查询 SPF 记录或 MX 记录并解析为 IP 地址)。",
@@ -298,8 +298,8 @@
         "rspamd_com_settings": "设置名称将会自动生成，请看参考下方的示例预设。查看<a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd 文档</a>以了解更多的细节",
         "rspamd_global_filters": "全局过滤规则",
         "rspamd_global_filters_agree": "我会小心谨慎的!",
-        "rspamd_global_filters_info": "全局过滤规则包含了不同类型的全局黑名单和白名单。",
-        "rspamd_global_filters_regex": "它们的名字解释了它们的用途。所有内容必须包含 \"/pattern/options\" 格式的合法表达式 (例如 <code>/.+@domain\\.tld/i</code>)。<br>\r\n 因为仅对正则表达式执行了基本的检查，Rspamd 的功能仍可能因正则表达式语法问题出现错误。<br>\r\n  Rspamd 会在规则更改后读取其内容。 如果你遇到了问题，<a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">重启 Rspamd</a> 以强制重载规则。<br>黑名单中的项目会被系统排除。",
+        "rspamd_global_filters_info": "全局过滤规则包含了不同类型的全局阻止名单和允许名单。",
+        "rspamd_global_filters_regex": "它们的名字解释了它们的用途。所有内容必须包含 \"/pattern/options\" 格式的合法表达式 (例如 <code>/.+@domain\\.tld/i</code>)。<br>\n 因为仅对正则表达式执行了基本的检查，Rspamd 的功能仍可能因正则表达式语法问题出现错误。<br>\n  Rspamd 会在规则更改后读取其内容。 如果你遇到了问题，<a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">重启 Rspamd</a> 以强制重载规则。<br>阻止名单中的项目会被系统排除。",
         "rspamd_settings_map": "Rspamd 设置",
         "sal_level": "Moo 等级",
         "save": "保存更改",
@@ -409,7 +409,8 @@
         "force_sso": "强制要求单点登录（SSO）",
         "user_link": "自定义链接",
         "app_hide": "在登入界面隐藏",
-        "needs_restart": "需要重启"
+        "needs_restart": "需要重启",
+        "iam_use_tls_info": "如果使用了 TLS，必须使用 LDAP 服务器的默认端口（389）。SSL 的端口不能使用。"
     },
     "danger": {
         "access_denied": "访问被拒绝或者表单数据无效",
@@ -744,7 +745,16 @@
         "internal": "内部的",
         "internal_info": "内部的别名只能在域内部或者别名域内部访问。",
         "mta_sts": "邮件传输代理严格传输安全协议（MTA-STS）",
-        "mta_sts_version": "版本"
+        "mta_sts_version": "版本",
+        "mta_sts_info": "<a href='https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#SMTP_MTA_Strict_Transport_Security' target='_blank'>MTA-STS</a> 是一项 MTA 标准，它强制要求 MTA 间传输必须使用 TLS 和有效的证书。<br>当因没有 DNSSEC 而无法使用 <a target='_blank' href='https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities'>DANE</a> 时，该标准将被启用。<br><b>注意</b>：若收件域支持基于 DNSSEC 的 DANE 协议，则系统将<b>始终</b>优先采用 DANE —— MTA-STS 仅作为备用机制存在。",
+        "mta_sts_version_info": "定义 MTA-STS 标准的版本——当前仅 <code>STSv1</code> 为有效版本。",
+        "mta_sts_mode": "模式",
+        "mta_sts_mode_info": "提供三种可选模式：<ul><li><em>测试模式</em>——仅监控策略执行情况，违反策略不会产生实际影响。</li><li><em>强制模式</em>——严格执行策略，拒绝所有未使用有效 TLS 加密的连接。</li><li><em>禁用模式</em>——发布策略但不生效。</li></ul>",
+        "mta_sts_max_age": "最长有效期",
+        "mta_sts_max_age_info": "接收方邮件服务器可缓存该策略的时长（秒），超出后需重新获取策略。",
+        "mta_sts_mx": "MX 服务器",
+        "mta_sts_mx_info": "仅允许向明确列出的邮件服务器发送邮件；发送方 MTA 会验证 DNS MX 记录的主机名是否与策略列表匹配，并仅允许携带有效 TLS 证书的投递（可防范中间人攻击）。",
+        "mta_sts_mx_notice": "可配置多个 MX 服务器（以逗号分隔）。"
     },
     "fido2": {
         "confirm": "确认",
@@ -814,7 +824,8 @@
         "login_linkstext": "不是正确的登陆页面？",
         "login_usertext": "以用户身份登陆",
         "login_domainadmintext": "以域管理员身份登陆",
-        "login_admintext": "以管理员身份登陆"
+        "login_admintext": "以管理员身份登陆",
+        "email": "邮箱地址"
     },
     "mailbox": {
         "action": "操作",
@@ -920,7 +931,7 @@
         "recipient_map_new": "新收件人",
         "recipient_map_new_info": "收件人映射的目标必须为合法的邮件地址或域名。",
         "recipient_map_old": "原收件人",
-        "recipient_map_old_info": "原收件人必须为合法的邮箱地址。",
+        "recipient_map_old_info": "原收件人必须为合法的邮箱地址或域名。",
         "recipient_maps": "收件人映射",
         "relay_all": "中继所有收件人",
         "remove": "删除",
@@ -1023,7 +1034,7 @@
         "notified": "已发送通知",
         "qhandler_success": "已成功向系统发送请求，现在你可以关闭这个窗口了。",
         "qid": "Rspamd 队列ID（QID）",
-        "qinfo": "隔离系统会把已被拒绝接收的邮件以及作为拷贝发送到垃圾箱的邮件保存到数据库中 (发件人<em>不</em>会知道)。\r\n  <br>\"学习为垃圾并删除\" 会根据贝叶斯定理将消息作为垃圾学习并计算其模糊特征以拒绝未来收到相似消息。\r\n  <br>请注意，这取决于你的系统资源，学习多个消息可能会花费较长时间。<br>黑名单中项目会被隔离系统排除。",
+        "qinfo": "隔离系统会把已被拒绝接收的邮件以及作为拷贝发送到垃圾箱的邮件保存到数据库中 (发件人<em>不</em>会知道)。\n  <br>\"学习为垃圾并删除\" 会根据贝叶斯定理将消息作为垃圾学习并计算其模糊特征以拒绝未来收到相似消息。\n  <br>请注意，这取决于你的系统资源，学习多个消息可能会花费较长时间。<br>阻止名单中项目会被隔离系统排除。",
         "qitem": "隔离项目",
         "quarantine": "隔离",
         "quick_actions": "操作",
@@ -1314,8 +1325,8 @@
         "spam_score_reset": "重置为服务器默认值",
         "spamfilter": "垃圾邮件过滤器",
         "spamfilter_behavior": "分数",
-        "spamfilter_bl": "黑名单",
-        "spamfilter_bl_desc": "黑名单中地址<b>总是会</b>被标记为垃圾邮件。被拒绝的邮件<b>不会</b>进入隔离区。此处可以使用通配符 \"*\"。此过滤器也会应用到直接别名 (只指向一个目标邮箱)，但不会应用到\"接收所有\"别名和邮箱地址本身。",
+        "spamfilter_bl": "阻止名单",
+        "spamfilter_bl_desc": "阻止名单中地址<b>总是会</b>被标记为垃圾邮件。被拒绝的邮件<b>不会</b>进入隔离区。此处可以使用通配符 \"*\"。此过滤器也会应用到直接别名 (只指向一个目标邮箱)，但不会应用到\"接收所有\"别名和邮箱地址本身。",
         "spamfilter_default_score": "默认值",
         "spamfilter_green": "绿色: 此消息不是垃圾邮件",
         "spamfilter_hint": "第一个值表示\"低垃圾邮件分数\"，第二个值表示\"高垃圾邮件分数\"。",
@@ -1326,8 +1337,8 @@
         "spamfilter_table_empty": "数据为空",
         "spamfilter_table_remove": "删除",
         "spamfilter_table_rule": "规则",
-        "spamfilter_wl": "白名单",
-        "spamfilter_wl_desc": "白名单中地址<b>永远不会</b>被标记为垃圾邮件。此处可以使用通配符 \"*\"。此过滤器也会应用到直接别名 (只指向一个目标邮箱)，但不会应用到\"接收所有\"别名和邮箱地址本身。",
+        "spamfilter_wl": "允许名单",
+        "spamfilter_wl_desc": "允许名单中地址<b>永远不会</b>被标记为垃圾邮件。此处可以使用通配符 \"*\"。此过滤器也会应用到直接别名 (只指向一个目标邮箱)，但不会应用到\"接收所有\"别名和邮箱地址本身。",
         "spamfilter_yellow": "黄色: 此为垃圾邮件，会被标记为垃圾邮件并且移入垃圾邮件文件夹",
         "status": "状态",
         "sync_jobs": "同步任务",

From 6708b94ebb47bd8106f670a3ff95b7b54153ac57 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Fri, 10 Oct 2025 10:05:56 +0200
Subject: [PATCH 708/755] [Web] Fix SOGo redirection after login

---
 data/web/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/index.php b/data/web/index.php
index d21e54364..d4fa46e74 100644
--- a/data/web/index.php
+++ b/data/web/index.php
@@ -12,7 +12,7 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
   $user_details = mailbox("get", "mailbox_details", $_SESSION['mailcow_cc_username']);
   $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
   if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual && getenv('SKIP_SOGO') != "y") {
-    header("Location: /SOGo/so/{$_SESSION['mailcow_cc_username']}");
+    header("Location: /SOGo/so/");
   } else {
     header("Location: /user");
   }

From 2642d9109efe0c934b93988f88cbf3b0aed8d0d7 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Fri, 10 Oct 2025 12:48:57 +0200
Subject: [PATCH 709/755] [Redis] Update to Redis 7.4.6

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index adff3931e..be9ebb02d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -42,7 +42,7 @@ services:
             - mysql
 
     redis-mailcow:
-      image: redis:7.4.2-alpine
+      image: redis:7.4.6-alpine
       entrypoint: ["/bin/sh","/redis-conf.sh"]
       volumes:
         - redis-vol-1:/data/

From f47df263d7a2cf05598e65f0601e2c471bf5d2af Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Fri, 10 Oct 2025 13:04:01 +0200
Subject: [PATCH 710/755] [Rspamd] Update to 3.13.2

---
 data/Dockerfiles/rspamd/Dockerfile | 6 +++---
 docker-compose.yml                 | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/data/Dockerfiles/rspamd/Dockerfile b/data/Dockerfiles/rspamd/Dockerfile
index e46981aa4..061f3d1cb 100644
--- a/data/Dockerfiles/rspamd/Dockerfile
+++ b/data/Dockerfiles/rspamd/Dockerfile
@@ -2,7 +2,7 @@ FROM debian:bookworm-slim
 LABEL maintainer="The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG RSPAMD_VER=rspamd_3.12.1-1~6dbfca2fa
+ARG RSPAMD_VER=rspamd_3.13.2-1~8bf602278
 ARG CODENAME=bookworm
 ENV LC_ALL=C
 
@@ -14,8 +14,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
   dnsutils \
   netcat-traditional \
   wget \
-  redis-tools \ 
-  procps \ 
+  redis-tools \
+  procps \
   nano \
   lua-cjson \
   && arch=$(arch | sed s/aarch64/arm64/ | sed s/x86_64/amd64/) \
diff --git a/docker-compose.yml b/docker-compose.yml
index adff3931e..904b8d2ee 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -84,7 +84,7 @@ services:
             - clamd
 
     rspamd-mailcow:
-      image: ghcr.io/mailcow/rspamd:2.3
+      image: ghcr.io/mailcow/rspamd:2.4
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow

From b85837c803f06643ee6bb466ef8957414e3e910a Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Mon, 13 Oct 2025 12:05:17 +0200
Subject: [PATCH 711/755] [Web] Add password verification when setting recovery
 email

---
 data/web/inc/functions.inc.php      | 17 ++++++++++++++++-
 data/web/templates/modals/user.twig |  6 ++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 5ac72ed24..81b3f7e08 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1006,7 +1006,7 @@ function edit_user_account($_data) {
     update_sogo_static_view();
   }
   // edit password recovery email
-  elseif (isset($pw_recovery_email)) {
+  elseif (!empty($password_old) && isset($pw_recovery_email)) {
     if (!isset($_SESSION['acl']['pw_reset']) || $_SESSION['acl']['pw_reset'] != "1" ) {
       $_SESSION['return'][] = array(
         'type' => 'danger',
@@ -1016,6 +1016,21 @@ function edit_user_account($_data) {
       return false;
     }
 
+    $stmt = $pdo->prepare("SELECT `password` FROM `mailbox`
+        WHERE `kind` NOT REGEXP 'location|thing|group'
+          AND `username` = :user AND authsource = 'mailcow'");
+    $stmt->execute(array(':user' => $username));
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);
+
+    if (!verify_hash($row['password'], $password_old)) {
+      $_SESSION['return'][] =  array(
+        'type' => 'danger',
+        'log' => array(__FUNCTION__, $_data_log),
+        'msg' => 'access_denied'
+      );
+      return false;
+    }
+
     $pw_recovery_email = (!filter_var($pw_recovery_email, FILTER_VALIDATE_EMAIL)) ? '' : $pw_recovery_email;
     $stmt = $pdo->prepare("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.recovery_email', :recovery_email)
       WHERE `username` = :username AND authsource = 'mailcow'");
diff --git a/data/web/templates/modals/user.twig b/data/web/templates/modals/user.twig
index b8e3bf3ab..41f173adb 100644
--- a/data/web/templates/modals/user.twig
+++ b/data/web/templates/modals/user.twig
@@ -326,6 +326,12 @@
               <small class="text-muted">{{ lang.user.password_reset_info }}</small>
             </div>
           </div>
+          <div class="row mb-4">
+            <label class="control-label col-sm-3" for="user_old_pass">{{ lang.user.password_now }}</label>
+            <div class="col-sm-9">
+              <input type="password" class="form-control" name="user_old_pass" autocomplete="off" required>
+            </div>
+          </div>
           <div class="row">
             <div class="offset-sm-3 col-sm-9">
               <button class="btn btn-xs-lg d-block d-sm-inline btn-success" data-action="edit_selected" data-id="pw_recovery_change" data-item="null" data-api-url='edit/self' data-api-attr='{}' href="#">{{ lang.user.save }}</button>

From 6af2addf3c0e8990714f17fcd8af446479185fa8 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Tue, 14 Oct 2025 10:25:06 +0200
Subject: [PATCH 712/755] [PHPFPM] Update Image to Version 1.94

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index a60171910..f38b8937c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -117,7 +117,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: ghcr.io/mailcow/phpfpm:1.93
+      image: ghcr.io/mailcow/phpfpm:1.94
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow

From 4132f6bd480ad3a72784b17811b39abdf1e15159 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 16 Oct 2025 07:28:57 +0200
Subject: [PATCH 713/755] chore(deps): update devops-infra/action-pull-request
 action to v1 (#6840)

---
 .github/workflows/pr_to_nightly.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr_to_nightly.yml b/.github/workflows/pr_to_nightly.yml
index 334dcf69a..47f4b1f9a 100644
--- a/.github/workflows/pr_to_nightly.yml
+++ b/.github/workflows/pr_to_nightly.yml
@@ -12,7 +12,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Run the Action
-        uses: devops-infra/action-pull-request@v0.6.1
+        uses: devops-infra/action-pull-request@v1.0.0
         with:
           github_token: ${{ secrets.PRTONIGHTLY_ACTION_PAT }}
           title: Automatic PR to nightly from ${{ github.event.repository.updated_at}}

From a4970397f1fe2b30647ffd741d7f4cd1e70fd823 Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Fri, 17 Oct 2025 13:17:56 +0200
Subject: [PATCH 714/755] Disable PHP opcache.jit

---
 data/conf/phpfpm/php-conf.d/opcache-recommended.ini | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/data/conf/phpfpm/php-conf.d/opcache-recommended.ini b/data/conf/phpfpm/php-conf.d/opcache-recommended.ini
index 5e8fe4556..452b45484 100644
--- a/data/conf/phpfpm/php-conf.d/opcache-recommended.ini
+++ b/data/conf/phpfpm/php-conf.d/opcache-recommended.ini
@@ -7,9 +7,10 @@ opcache.interned_strings_buffer=16
 opcache.max_accelerated_files=10000
 opcache.memory_consumption=128
 opcache.save_comments=1
-opcache.revalidate_freq=120
 opcache.validate_timestamps=0
 
 ; JIT
-opcache.jit=1255
-opcache.jit_buffer_size=8M
+; Disabled for now due to some PHP segmentation faults observed
+; in certain environments. Possibly some PHP or PHP extension bug.
+opcache.jit=disable
+opcache.jit_buffer_size=0

From 3507ff277362acb29f6793f152f2339bd1b99ed1 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sun, 19 Oct 2025 23:18:09 +0200
Subject: [PATCH 715/755] chore(deps): update devops-infra/action-pull-request
 action to v1.0.2 (#6850)

---
 .github/workflows/pr_to_nightly.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr_to_nightly.yml b/.github/workflows/pr_to_nightly.yml
index 47f4b1f9a..d234be3fe 100644
--- a/.github/workflows/pr_to_nightly.yml
+++ b/.github/workflows/pr_to_nightly.yml
@@ -12,7 +12,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Run the Action
-        uses: devops-infra/action-pull-request@v1.0.0
+        uses: devops-infra/action-pull-request@v1.0.2
         with:
           github_token: ${{ secrets.PRTONIGHTLY_ACTION_PAT }}
           title: Automatic PR to nightly from ${{ github.event.repository.updated_at}}

From 23fb5e2fca33def39750a4bf0422f5ec077f027f Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Mon, 20 Oct 2025 18:35:00 +0200
Subject: [PATCH 716/755] Add Vietnamese language (#6854)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Web] Updated lang.vi-vn.json

[Web] Added lang.vi-vn.json

Co-authored-by: Nguyễn Thái Dũng <nguyenthaidung.work+mailcow.email@gmail.com>
Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* Add Vietnamese language

---------

Co-authored-by: Nguyễn Thái Dũng <nguyenthaidung.work+mailcow.email@gmail.com>
Co-authored-by: Peter <magic@kthx.at>
---
 data/web/inc/vars.inc.php     |   1 +
 data/web/lang/lang.vi-vn.json | 436 ++++++++++++++++++++++++++++++++++
 2 files changed, 437 insertions(+)
 create mode 100644 data/web/lang/lang.vi-vn.json

diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php
index a24752a6d..f8d760081 100644
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@@ -110,6 +110,7 @@ $AVAILABLE_LANGUAGES = array(
   'sv-se' => 'Svenska (Swedish)',
   'tr-tr' => 'Türkçe (Turkish)',
   'uk-ua' => 'Українська (Ukrainian)',
+  'vi-vn' => 'Tiếng Việt (Vietnamese)',
   'zh-cn' => '简体中文 (Simplified Chinese)',
   'zh-tw' => '繁體中文 (Traditional Chinese)',
 );
diff --git a/data/web/lang/lang.vi-vn.json b/data/web/lang/lang.vi-vn.json
new file mode 100644
index 000000000..d492ac08a
--- /dev/null
+++ b/data/web/lang/lang.vi-vn.json
@@ -0,0 +1,436 @@
+{
+    "acl": {
+        "alias_domains": "Thêm tên miền bí danh",
+        "app_passwds": "Quản lý mật khẩu ứng dụng",
+        "bcc_maps": "Ánh xạ BCC",
+        "delimiter_action": "Hành động phân cách",
+        "domain_desc": "Thay đổi mô tả tên miền",
+        "domain_relayhost": "Thay đổi máy chủ chuyển tiếp cho tên miền",
+        "eas_reset": "Đặt lại thiết bị EAS",
+        "extend_sender_acl": "Cho phép mở rộng ACL người gửi bằng địa chỉ bên ngoài",
+        "filters": "Bộ lọc",
+        "login_as": "Đăng nhập với tư cách người dùng hộp thư",
+        "mailbox_relayhost": "Thay đổi máy chủ chuyển tiếp cho hộp thư",
+        "prohibited": "Bị cấm bởi ACL",
+        "protocol_access": "Thay đổi quyền truy cập giao thức",
+        "pushover": "Thông báo đẩy",
+        "pw_reset": "Cho phép đặt lại mật khẩu người dùng mailcow",
+        "quarantine": "Hành động cách ly",
+        "quarantine_attachments": "Cách ly tệp đính kèm",
+        "quarantine_category": "Thay đổi danh mục thông báo cách ly",
+        "quarantine_notification": "Thay đổi thông báo cách ly",
+        "ratelimit": "Giới hạn tốc độ",
+        "recipient_maps": "Ánh xạ người nhận",
+        "smtp_ip_access": "Thay đổi máy chủ được phép cho SMTP",
+        "sogo_access": "Cho phép quản lý truy cập SOGo",
+        "sogo_profile_reset": "Đặt lại hồ sơ SOGo",
+        "spam_alias": "Bí danh tạm thời",
+        "spam_policy": "Danh sách chặn/Danh sách cho phép",
+        "spam_score": "Điểm thư rác",
+        "syncjobs": "Công việc đồng bộ",
+        "tls_policy": "Chính sách TLS",
+        "unlimited_quota": "Hạn ngạch không giới hạn cho hộp thư"
+    },
+    "add": {
+        "activate_filter_warn": "Tất cả các bộ lọc khác sẽ bị vô hiệu hóa khi tùy chọn kích hoạt được chọn.",
+        "active": "Đang hoạt động",
+        "add": "Thêm",
+        "add_domain_only": "Chỉ thêm tên miền",
+        "add_domain_restart": "Thêm tên miền và khởi động lại SOGo",
+        "alias_address": "Địa chỉ bí danh",
+        "alias_address_info": "<small>Địa chỉ email đầy đủ hoặc @example.com để bắt tất cả thư cho một tên miền (phân cách bằng dấu phẩy). <b>Chỉ áp dụng cho tên miền mailcow</b>.</small>",
+        "alias_domain": "Tên miền bí danh",
+        "alias_domain_info": "<small>Chỉ cho phép tên miền hợp lệ (phân cách bằng dấu phẩy).</small>",
+        "app_name": "Tên ứng dụng",
+        "app_password": "Thêm mật khẩu ứng dụng",
+        "app_passwd_protocols": "Các giao thức được phép cho mật khẩu ứng dụng",
+        "automap": "Thử tự động ánh xạ thư mục (\"Mục đã gửi\", \"Đã gửi\" => \"Đã gửi\" v.v.)",
+        "backup_mx_options": "Tùy chọn chuyển tiếp",
+        "bcc_dest_format": "Địa chỉ BCC phải là một địa chỉ email hợp lệ duy nhất.<br>Nếu bạn cần gửi bản sao đến nhiều địa chỉ, hãy tạo một bí danh và sử dụng nó ở đây.",
+        "comment_info": "Bình luận riêng tư không hiển thị với người dùng, trong khi bình luận công khai được hiển thị dưới dạng chú thích khi di chuột qua trong tổng quan người dùng",
+        "custom_params": "Tham số tùy chỉnh",
+        "custom_params_hint": "Đúng: --param=xy, sai: --param xy",
+        "delete1": "Xóa từ nguồn khi hoàn thành",
+        "delete2": "Xóa thư ở đích không có ở nguồn",
+        "delete2duplicates": "Xóa các bản sao ở đích",
+        "description": "Mô tả",
+        "destination": "Đích",
+        "disable_login": "Không cho phép đăng nhập (vẫn nhận được thư đến)",
+        "domain": "Tên miền",
+        "domain_matches_hostname": "Tên miền %s khớp với tên máy chủ",
+        "domain_quota_m": "Tổng hạn ngạch tên miền (MiB)",
+        "dry": "Mô phỏng đồng bộ hóa",
+        "enc_method": "Phương thức mã hóa",
+        "exclude": "Loại trừ đối tượng (biểu thức chính quy)",
+        "full_name": "Tên đầy đủ",
+        "gal": "Danh sách địa chỉ toàn cục",
+        "gal_info": "GAL chứa tất cả các đối tượng của một tên miền và không thể được chỉnh sửa bởi bất kỳ người dùng nào. Thông tin rảnh/bận trong SOGo sẽ bị thiếu nếu vô hiệu hóa! <b>Khởi động lại SOGo để áp dụng thay đổi.</b>",
+        "generate": "Tạo",
+        "goto_ham": "\"Học là <span class=\"text-success\"><b>thư bình thường</b></span>",
+        "goto_null": "Loại bỏ thư một cách thầm lặng",
+        "goto_spam": "Học là <span class=\"text-danger\"><b>thư rác</b></span>",
+        "hostname": "Máy chủ",
+        "inactive": "Không hoạt động",
+        "internal": "Nội bộ",
+        "internal_info": "Bí danh nội bộ chỉ có thể truy cập từ tên miền sở hữu hoặc tên miền bí danh.",
+        "kind": "Loại",
+        "mailbox_quota_def": "Hạn ngạch hộp thư mặc định",
+        "mailbox_quota_m": "Hạn ngạch tối đa mỗi hộp thư (MiB)",
+        "mailbox_username": "Tên người dùng (phần bên trái của địa chỉ email)",
+        "max_aliases": "Số lượng bí danh tối đa có thể tạo",
+        "max_mailboxes": "Số lượng hộp thư tối đa có thể tạo",
+        "mins_interval": "Khoảng thời gian kiểm tra (phút)",
+        "multiple_bookings": "Đặt chỗ nhiều lần",
+        "nexthop": "Bước nhảy tiếp theo",
+        "password": "Mật khẩu",
+        "password_repeat": "Xác nhận mật khẩu (nhập lại)",
+        "port": "Cổng",
+        "post_domain_add": "Container SOGo, \\\"sogo-mailcow\\\", cần được khởi động lại sau khi thêm tên miền mới!<br><br>Ngoài ra, cấu hình DNS của tên miền cần được xem xét. Khi cấu hình DNS được phê duyệt, khởi động lại \\\"acme-mailcow\\\" để tự động tạo chứng chỉ cho tên miền mới của bạn (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;).<br>Bước này là tùy chọn và sẽ được thử lại sau mỗi 24 giờ.",
+        "private_comment": "Bình luận riêng tư",
+        "public_comment": "Bình luận công khai",
+        "quota_mb": "Hạn ngạch (MiB)",
+        "relay_all": "Chuyển tiếp tất cả người nhận",
+        "relay_all_info": "↪ Nếu bạn chọn <b>không</b> chuyển tiếp tất cả người nhận, bạn sẽ cần thêm một hộp thư (\"ẩn\") cho từng người nhận cần được chuyển tiếp.",
+        "relay_domain": "Chuyển tiếp tên miền này",
+        "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Thông tin</div> Bạn có thể định nghĩa ánh xạ vận chuyển cho đích tùy chỉnh cho tên miền này. Nếu không được đặt, tra cứu MX sẽ được thực hiện.",
+        "relay_unknown_only": "Chỉ chuyển tiếp hộp thư không tồn tại. Hộp thư hiện có sẽ được gửi cục bộ.",
+        "relayhost_wrapped_tls_info": "Vui lòng <b>không</b> sử dụng các cổng được bọc TLS (thường được sử dụng trên cổng 465).<br>\nSử dụng bất kỳ cổng không được bọc nào và sử dụng STARTTLS. Chính sách TLS để thực thi TLS có thể được tạo trong \"Ánh xạ chính sách TLS\".",
+        "select": "Vui lòng chọn...",
+        "select_domain": "Vui lòng chọn tên miền trước",
+        "sieve_desc": "Mô tả ngắn",
+        "sieve_type": "Loại bộ lọc",
+        "skipcrossduplicates": "Bỏ qua tin nhắn trùng lặp giữa các thư mục (ai đến trước được phục vụ trước)",
+        "subscribeall": "Đăng ký tất cả thư mục",
+        "syncjob": "Thêm công việc đồng bộ",
+        "syncjob_hint": "Lưu ý rằng mật khẩu cần được lưu dưới dạng văn bản thuần!",
+        "tags": "Thẻ",
+        "target_address": "Địa chỉ chuyển tiếp",
+        "target_address_info": "<small>Địa chỉ email đầy đủ (phân cách bằng dấu phẩy).</small>",
+        "target_domain": "Tên miền đích",
+        "timeout1": "Thời gian chờ kết nối đến máy chủ từ xa",
+        "timeout2": "Thời gian chờ kết nối đến máy chủ cục bộ",
+        "username": "Tên người dùng",
+        "validate": "Xác thực",
+        "validation_success": "Xác thực thành công"
+    },
+    "admin": {
+        "access": "Truy cập",
+        "action": "Hành động",
+        "activate_api": "Kích hoạt API",
+        "activate_send": "Kích hoạt nút gửi",
+        "active": "Đang hoạt động",
+        "active_rspamd_settings_map": "Ánh xạ cài đặt đang hoạt động",
+        "add": "Thêm",
+        "add_admin": "Thêm quản trị viên",
+        "add_domain_admin": "Thêm quản trị viên tên miền",
+        "add_forwarding_host": "Thêm máy chủ chuyển tiếp",
+        "add_relayhost": "Thêm vận chuyển phụ thuộc người gửi",
+        "add_relayhost_hint": "Vui lòng lưu ý rằng dữ liệu xác thực, nếu có, sẽ được lưu trữ dưới dạng văn bản thuần.",
+        "add_row": "Thêm hàng",
+        "add_settings_rule": "Thêm quy tắc cài đặt",
+        "add_transport": "Thêm vận chuyển",
+        "add_transports_hint": "Vui lòng lưu ý rằng dữ liệu xác thực, nếu có, sẽ được lưu trữ dưới dạng văn bản thuần.",
+        "additional_rows": " hàng bổ sung đã được thêm",
+        "admin": "Quản trị viên",
+        "admin_details": "Chỉnh sửa chi tiết quản trị viên",
+        "admin_domains": "Gán tên miền",
+        "admins": "Những quản trị viên",
+        "admins_ldap": "Quản trị viên LDAP",
+        "admin_quicklink": "Ẩn liên kết nhanh đến trang đăng nhập quản trị",
+        "advanced_settings": "Cài đặt nâng cao",
+        "allowed_methods": "Phương thức cho phép kiểm soát truy cập",
+        "allowed_origins": "Nguồn gốc cho phép kiểm soát truy cập",
+        "api_allow_from": "Cho phép truy cập API từ các IP/ký hiệu mạng CIDR này",
+        "api_info": "API đang được phát triển. Tài liệu có thể được tìm thấy tại <a href=\"/api\">/api</a>",
+        "api_key": "Khóa API",
+        "api_read_only": "Truy cập chỉ đọc",
+        "api_read_write": "Truy cập đọc-ghi",
+        "api_skip_ip_check": "Bỏ qua kiểm tra IP cho API",
+        "app_hide": "Ẩn khi đăng nhập",
+        "app_links": "Liên kết ứng dụng",
+        "app_name": "Tên ứng dụng",
+        "apps_name": "Tên \"Ứng dụng mailcow\"",
+        "arrival_time": "Thời gian đến (giờ máy chủ)",
+        "authed_user": "Người dùng đã xác thực",
+        "ays": "Bạn có chắc chắn muốn tiếp tục không?",
+        "ban_list_info": "Xem danh sách IP bị cấm bên dưới: <b>mạng (thời gian cấm còn lại) - [hành động]</b>.<br />IP trong hàng đợi bỏ cấm sẽ được xóa khỏi danh sách cấm hoạt động trong vài giây.<br />Nhãn đỏ cho biết lệnh cấm vĩnh viễn đang hoạt động bởi danh sách từ chối.",
+        "change_logo": "Thay đổi logo",
+        "logo_normal_label": "Bình thường",
+        "logo_dark_label": "Đảo ngược cho chế độ tối",
+        "configuration": "Cấu hình",
+        "convert_html_to_text": "Chuyển đổi HTML thành văn bản thuần",
+        "copy_to_clipboard": "Văn bản đã được sao chép vào bộ nhớ tạm!",
+        "cors_settings": "Cài đặt CORS",
+        "credentials_transport_warning": "<b>Cảnh báo</b>: Thêm một mục ánh xạ vận chuyển mới sẽ cập nhật thông tin xác thực cho tất cả các mục có cột bước nhảy tiếp theo khớp.",
+        "customer_id": "ID Khách hàng",
+        "customize": "Tùy chỉnh",
+        "login_page": "Trang đăng nhập",
+        "destination": "Đích đến",
+        "dkim_add_key": "Thêm khóa ARC/DKIM",
+        "dkim_domains_selector": "Bộ chọn",
+        "dkim_domains_wo_keys": "Chọn tên miền thiếu khóa",
+        "dkim_from": "Từ",
+        "dkim_from_title": "Tên miền nguồn để sao chép dữ liệu",
+        "dkim_key_length": "Độ dài khóa DKIM (bits)",
+        "dkim_key_missing": "Thiếu khóa",
+        "dkim_key_unused": "Khóa không được sử dụng",
+        "dkim_key_valid": "Khóa hợp lệ",
+        "dkim_keys": "Khóa ARC/DKIM",
+        "dkim_overwrite_key": "Ghi đè khóa DKIM hiện có",
+        "dkim_private_key": "Khóa riêng tư",
+        "dkim_to": "Đến",
+        "dkim_to_title": "Tên miền đích - sẽ bị ghi đè",
+        "domain": "Tên miền",
+        "domain_admin": "Quản trị viên tên miền",
+        "domain_admins": "Các quản trị viên tên miền",
+        "domainadmin_quicklink": "Ẩn liên kết nhanh đến trang đăng nhập quản trị viên tên miền",
+        "domain_s": "Tên miền/s",
+        "duplicate": "Nhân bản",
+        "duplicate_dkim": "Nhân bản bản ghi DKIM",
+        "edit": "Chỉnh sửa",
+        "empty": "Không có kết quả",
+        "excludes": "Loại trừ những người nhận này",
+        "f2b_ban_time": "Thời gian cấm (giây)",
+        "f2b_ban_time_increment": "Thời gian cấm tăng dần với mỗi lần cấm",
+        "f2b_blacklist": "Mạng/máy chủ bị từ chối",
+        "f2b_filter": "Bộ lọc biểu thức chính quy",
+        "f2b_list_info": "Một máy chủ hoặc mạng bị từ chối sẽ luôn có quyền ưu tiên cao hơn một thực thể trong danh sách cho phép. <b>Cập nhật danh sách sẽ mất vài giây để được áp dụng.</b>",
+        "f2b_manage_external": "Quản lý Fail2Ban từ bên ngoài",
+        "f2b_manage_external_info": "Fail2ban sẽ vẫn duy trì danh sách cấm, nhưng sẽ không chủ động đặt quy tắc để chặn lưu lượng. Sử dụng danh sách cấm được tạo bên dưới để chặn lưu lượng từ bên ngoài.",
+        "f2b_max_attempts": "Số lần thử tối đa",
+        "f2b_max_ban_time": "Thời gian cấm tối đa (giây)",
+        "f2b_netban_ipv4": "Kích thước mạng con IPv4 để áp dụng lệnh cấm (8-32)",
+        "f2b_netban_ipv6": "Kích thước mạng con IPv6 để áp dụng lệnh cấm (8-128",
+        "f2b_parameters": "Tham số Fail2ban",
+        "f2b_regex_info": "Nhật ký được xem xét: SOGo, Postfix, Dovecot, PHP-FPM.",
+        "f2b_retry_window": "Cửa sổ thử lại (giây) cho số lần thử tối đa",
+        "f2b_whitelist": "Mạng/máy chủ được cho phép",
+        "filter": "Bộ lọc",
+        "filter_table": "Bảng bộ lọc",
+        "force_sso_text": "Nếu nhà cung cấp OIDC bên ngoài được cấu hình, tùy chọn này sẽ ẩn biểu mẫu đăng nhập mailcow mặc định và chỉ hiển thị nút Đăng nhập một lần",
+        "force_sso": "Vô hiệu hóa đăng nhập mailcow và chỉ hiển thị Đăng nhập một lần",
+        "forwarding_hosts": "Máy chủ chuyển tiếp",
+        "forwarding_hosts_add_hint": "Bạn có thể chỉ định địa chỉ IPv4/IPv6, mạng theo ký hiệu CIDR, tên máy chủ (sẽ được phân giải thành địa chỉ IP), hoặc tên miền (sẽ được phân giải thành địa chỉ IP bằng cách truy vấn bản ghi SPF hoặc, nếu không có, bản ghi MX).",
+        "forwarding_hosts_hint": "Tin nhắn đến được chấp nhận vô điều kiện từ bất kỳ máy chủ nào được liệt kê ở đây. Các máy chủ này sau đó không bị kiểm tra với DNSBL hoặc danh sách xám. Thư rác nhận từ chúng không bao giờ bị từ chối, nhưng có thể được chuyển vào thư mục Rác. Công dụng phổ biến nhất cho việc này là chỉ định các máy chủ thư mà bạn đã thiết lập quy tắc chuyển tiếp email đến cho máy chủ mailcow của bạn.",
+        "from": "Từ",
+        "generate": "tạo",
+        "guid": "GUID - ID phiên bản duy nhất",
+        "guid_and_license": "GUID & Giấy phép",
+        "hash_remove_info": "Xóa một giá trị băm giới hạn tốc độ (nếu vẫn tồn tại) sẽ đặt lại hoàn toàn bộ đếm của nó.<br\n  Mỗi giá trị băm được chỉ định bằng một màu riêng biệt.",
+        "help_text": "Ghi đè văn bản trợ giúp bên dưới mặt nạ đăng nhập (cho phép HTML)",
+        "host": "Máy chủ",
+        "html": "HTML",
+        "iam": "Nhà cung cấp danh tính",
+        "iam_attribute_field": "Trường thuộc tính",
+        "iam_authorize_url": "Điểm cuối ủy quyền",
+        "iam_auth_flow": "Luồng xác thực",
+        "iam_auth_flow_info": "Ngoài Luồng mã ủy quyền (Luồng chuẩn trong Keycloak), được sử dụng cho đăng nhập một lần, mailcow còn hỗ trợ Luồng xác thực với thông tin xác thực trực tiếp. Luồng mật khẩu thư cố gắng xác thực thông tin người dùng bằng cách sử dụng API REST quản trị Keycloak. mailcow lấy mật khẩu đã băm từ thuộc tính <code>mailcow_password</code>, được ánh xạ trong Keycloak.",
+        "iam_basedn": "DN cơ sở",
+        "iam_client_id": "ID khách hàng",
+        "iam_client_secret": "Bí mật khách hàng",
+        "iam_client_scopes": "Phạm vi khách hàng",
+        "iam_default_template": "Mẫu mặc định",
+        "iam_default_template_description": "Nếu không có mẫu nào được gán cho người dùng, mẫu mặc định sẽ được sử dụng để tạo hộp thư, nhưng không dùng để cập nhật hộp thư.",
+        "iam_description": "Cấu hình Nhà cung cấp bên ngoài cho Xác thực<br>Hộp thư của người dùng sẽ được tự động tạo khi họ đăng nhập lần đầu, với điều kiện ánh xạ thuộc tính đã được thiết lập.",
+        "iam_extra_permission": "Để các cài đặt sau hoạt động, ứng dụng khách mailcow trong Keycloak cần một <code>Tài khoản dịch vụ</code> và quyền <code>xem người dùng</code>.",
+        "iam_host": "Máy chủ",
+        "iam_host_info": "Nhập một hoặc nhiều máy chủ LDAP, phân cách bằng dấu phẩy.",
+        "iam_import_users": "Nhập người dùng",
+        "iam_login_provisioning": "Tự động tạo người dùng khi đăng nhập",
+        "iam_mapping": "Ánh xạ thuộc tính",
+        "iam_bindpass": "Mật khẩu ràng buộc",
+        "iam_periodic_full_sync": "Đồng bộ hóa đầy đủ định kỳ",
+        "iam_port": "Cổng",
+        "iam_realm": "Vùng",
+        "iam_redirect_url": "URL chuyển hướng",
+        "iam_rest_flow": "Luồng mật khẩu thư",
+        "iam_server_url": "URL máy chủ",
+        "iam_sso": "Đăng nhập một lần",
+        "iam_sync_interval": "Khoảng thời gian đồng bộ / nhập (phút)",
+        "iam_test_connection": "Kiểm tra kết nối",
+        "iam_token_url": "Điểm cuối token",
+        "iam_userinfo_url": "Điểm cuối thông tin người dùng",
+        "iam_username_field": "Trường tên người dùng",
+        "iam_binddn": "DN ràng buộc",
+        "iam_use_ssl": "Sử dụng SSL",
+        "iam_use_ssl_info": "Nếu bật SSL và cổng được đặt là 389, nó sẽ tự động được ghi đè để sử dụng cổng 636.",
+        "iam_use_tls": "Sử dụng StartTLS",
+        "iam_use_tls_info": "Nếu bật TLS, bạn phải sử dụng cổng mặc định cho máy chủ LDAP của bạn (389). Không thể sử dụng các cổng SSL.",
+        "iam_version": "Phiên bản",
+        "ignore_ssl_error": "Bỏ qua lỗi SSL",
+        "import": "Nhập",
+        "import_private_key": "Nhập khóa riêng tư",
+        "in_use_by": "Đang được sử dụng bởi",
+        "inactive": "Không hoạt động",
+        "include_exclude": "Bao gồm/Loại trừ",
+        "include_exclude_info": "Mặc định - khi không có lựa chọn - <b>tất cả hộp thư</b> được đề cập",
+        "includes": "Bao gồm những người nhận này",
+        "ip_check": "Kiểm tra IP",
+        "ip_check_disabled": "Kiểm tra IP đã bị vô hiệu hóa. Bạn có thể bật nó trong<br> <strong>Hệ thống > Cấu hình > Tùy chọn > Tùy chỉnh</strong>",
+        "ip_check_opt_in": "Chọn tham gia sử dụng dịch vụ bên thứ ba <strong>ipv4.mailcow.email</strong> và <strong>ipv6.mailcow.email</strong> để phân giải địa chỉ IP bên ngoài.",
+        "is_mx_based": "Dựa trên MX",
+        "last_applied": "Áp dụng lần cuối",
+        "license_info": "Giấy phép không bắt buộc nhưng giúp phát triển thêm.<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"Đặt hàng SAL\">Đăng ký GUID của bạn tại đây</a> hoặc <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Đặt hàng hỗ trợ\">mua hỗ trợ cho cài đặt mailcow của bạn.</a>",
+        "link": "Liên kết",
+        "loading": "Vui lòng đợi...",
+        "login_time": "Thời gian đăng nhập",
+        "logo_info": "Hình ảnh của bạn sẽ được điều chỉnh theo chiều cao 40px cho thanh điều hướng trên cùng và chiều rộng tối đa 250px cho trang bắt đầu. Khuyến nghị sử dụng đồ họa có thể thay đổi kích thước.",
+        "lookup_mx": "Đích đến là một biểu thức chính quy để so khớp với tên MX (<code>.*.google.com</code> để định tuyến tất cả thư nhắm đến MX kết thúc bằng google.com qua bước nhảy này)",
+        "main_name": "Tên \"Giao diện mailcow\"",
+        "merged_vars_hint": "Các hàng bị mờ đã được hợp nhất từ <code>vars.(local.)inc.php</code> và không thể sửa đổi.",
+        "message": "Tin nhắn",
+        "message_size": "Kích thước tin nhắn",
+        "nexthop": "Bước nhảy tiếp theo",
+        "needs_restart": "cần khởi động lại",
+        "no_active_bans": "Không có lệnh cấm đang hoạt động",
+        "no_new_rows": "Không có hàng nào khác",
+        "no_record": "Không có bản ghi",
+        "oauth2_apps": "Ứng dụng OAuth2",
+        "oauth2_add_client": "Thêm ứng dụng khách OAuth2",
+        "oauth2_client_id": "ID ứng dụng khách",
+        "oauth2_client_secret": "Bí mật ứng dụng khách",
+        "oauth2_info": "Triển khai OAuth2 hỗ trợ loại cấp phép \"Mã ủy quyền\" và cấp token làm mới.<br>\nMáy chủ cũng tự động cấp token làm mới mới sau khi token làm mới đã được sử dụng.<br><br>\n&#8226; Phạm vi mặc định là <i>profile</i>. Chỉ người dùng hộp thư mới có thể được xác thực qua OAuth2. Nếu tham số phạm vi bị bỏ qua, nó sẽ trở về <i>profile</i>.<br>\n&#8226; Tham số <i>state</i> phải được gửi bởi ứng dụng khách như một phần của yêu cầu ủy quyền.<br><br>\nĐường dẫn cho các yêu cầu đến API OAuth2: <br>\n<ul>\n<li>Điểm cuối ủy quyền: <code>/oauth/authorize</code></li>\n<li>Điểm cuối token: <code>/oauth/token</code></li>\n<li>Trang tài nguyên: <code>/oauth/profile</code></li>\n</ul>\nTạo lại bí mật ứng dụng khách sẽ không làm hết hạn các mã ủy quyền hiện có, nhưng chúng sẽ không thể làm mới token của họ.<br><br>\nThu hồi token ứng dụng khách sẽ gây ra việc chấm dứt ngay lập tức tất cả các phiên hoạt động. Tất cả ứng dụng khách cần xác thực lại.",
+        "oauth2_redirect_uri": "URI chuyển hướng",
+        "oauth2_renew_secret": "Tạo bí mật ứng dụng khách mới",
+        "oauth2_revoke_tokens": "Thu hồi tất cả token ứng dụng khách",
+        "optional": "tùy chọn",
+        "options": "Các tùy chọn",
+        "password": "Mật khẩu",
+        "password_length": "Độ dài mật khẩu",
+        "password_policy": "Chính sách mật khẩu",
+        "password_policy_chars": "Phải chứa ít nhất một ký tự chữ cái",
+        "password_policy_length": "Độ dài mật khẩu tối thiểu là %d",
+        "password_policy_lowerupper": "Phải chứa ký tự viết thường và viết hoa",
+        "password_policy_numbers": "Phải chứa ít nhất một số",
+        "password_policy_special_chars": "Phải chứa ký tự đặc biệt",
+        "password_repeat": "Xác nhận mật khẩu (nhập lại)",
+        "password_reset_info": "Nếu không cung cấp email khôi phục, chức năng này không thể được sử dụng.",
+        "password_reset_settings": "Cài đặt khôi phục mật khẩu",
+        "password_reset_tmpl_html": "Mẫu HTML",
+        "password_reset_tmpl_text": "Mẫu văn bản",
+        "password_settings": "Cài đặt mật khẩu",
+        "priority": "Độ ưu tiên",
+        "private_key": "Khóa riêng tư",
+        "quarantine": "Cách ly",
+        "quarantine_bcc": "Gửi một bản sao của tất cả thông báo (BCC) đến người nhận này:<br><small>Để trống để vô hiệu hóa. <b>Thư không ký, không kiểm tra. Chỉ nên gửi nội bộ.</b></small>",
+        "quarantine_exclude_domains": "Loại trừ tên miền và tên miền bí danh",
+        "quarantine_max_age": "Tuổi tối đa theo ngày<br><small>Giá trị phải bằng hoặc lớn hơn 1 ngày.</small>",
+        "quarantine_max_score": "Bỏ thông báo nếu điểm thư rác của một thư cao hơn giá trị này:<br><small>Mặc định là 9999.0</small>",
+        "quarantine_max_size": "Kích thước tối đa tính bằng MiB (các phần tử lớn hơn sẽ bị loại bỏ):<br><small>0 <b>không</b> có nghĩa là không giới hạn.</small>",
+        "quarantine_notification_html": "Mẫu email thông báo:<br><small>Để trống để khôi phục mẫu mặc định.</small>",
+        "quarantine_notification_sender": "Người gửi email thông báo",
+        "quarantine_notification_subject": "Chủ đề email thông báo",
+        "quarantine_redirect": "<b>Chuyển hướng tất cả thông báo</b> đến người nhận này:<br><small>Để trống để vô hiệu hóa. <b>Thư không ký, không kiểm tra. Chỉ nên gửi nội bộ.</b></small>",
+        "quarantine_release_format": "Định dạng của các mục được phát hành",
+        "quarantine_release_format_att": "Dưới dạng tệp đính kèm",
+        "quarantine_release_format_raw": "Bản gốc không sửa đổi",
+        "quarantine_retention_size": "ưu giữ cho mỗi hộp thư:<br><small>0 có nghĩa là <b>không hoạt động</b>.</small>",
+        "quicklink_text": "Hiển thị hoặc ẩn liên kết nhanh đến các trang đăng nhập khác dưới biểu mẫu đăng nhập",
+        "quota_notification_html": "Mẫu email thông báo:<br><small>Để trống để khôi phục mẫu mặc định.</small>",
+        "quota_notification_sender": "Người gửi email thông báo",
+        "quota_notification_subject": "Chủ đề email thông báo",
+        "quota_notifications": "Thông báo hạn ngạch",
+        "quota_notifications_info": "Thông báo hạn ngạch được gửi cho người dùng một lần khi vượt quá 80% và một lần khi vượt quá 95% mức sử dụng.",
+        "quota_notifications_vars": "{{percent}} bằng hạn ngạch hiện tại của người dùng<br>{{username}} là tên hộp thư",
+        "queue_unban": "bỏ cấm",
+        "r_active": "Hạn chế đang hoạt động",
+        "r_inactive": "Hạn chế không hoạt động",
+        "r_info": "Các phần tử bị mờ/vô hiệu hóa trong danh sách hạn chế đang hoạt động không được mailcow công nhận là hạn chế hợp lệ và không thể di chuyển. Các hạn chế không xác định sẽ vẫn được đặt theo thứ tự xuất hiện. <br>Bạn có thể thêm phần tử mới trong <code>inc/vars.local.inc.php</code> để có thể bật/tắt chúng.",
+        "rate_name": "Tên tỷ lệ",
+        "recipients": "Người nhận",
+        "refresh": "Làm mới",
+        "regen_api_key": "Tạo lại khóa API",
+        "regex_maps": "Ánh xạ biểu thức chính quy",
+        "relay_from": "Địa chỉ \"Từ:\"",
+        "relay_rcpt": "Địa chỉ \"Đến:\"",
+        "relay_run": "Chạy thử",
+        "relayhosts": "Vận chuyển phụ thuộc người gửi",
+        "relayhosts_hint": "Xác định vận chuyển phụ thuộc người gửi để có thể chọn chúng trong hộp thoại cấu hình tên miền.<br>\nDịch vụ vận chuyển luôn là \"smtp:\" và do đó sẽ thử TLS khi được cung cấp. TLS được bọc (SMTPS) không được hỗ trợ. Cài đặt chính sách TLS gửi đi riêng của người dùng được tính đến.<br>\nẢnh hưởng đến các tên miền được chọn bao gồm cả tên miền bí danh.",
+        "remove": "Xóa",
+        "remove_row": "Xóa hàng",
+        "reset_default": "Đặt lại về mặc định",
+        "reset_limit": "Xóa giá trị băm",
+        "reset_password_vars": "<code>{{link}}</code> Liên kết đặt lại mật khẩu đã tạo<br><code>{{username}}</code> Tên hộp thư của người dùng yêu cầu đặt lại mật khẩu<br><code>{{username2}}</code> Tên hộp thư khôi phục<br><code>{{date}}</code> Ngày yêu cầu đặt lại mật khẩu được thực hiện<br><code>{{token_lifetime}}</code> Thời gian sống của token tính bằng phút<br><code>{{hostname}}</code> Tên máy chủ mailcow",
+        "restore_template": "Để trống để khôi phục mẫu mặc định.",
+        "routing": "Định tuyến",
+        "rsetting_add_rule": "Thêm quy tắc",
+        "rsetting_content": "Nội dung quy tắc",
+        "rsetting_desc": "Mô tả ngắn",
+        "rsetting_no_selection": "Vui lòng chọn một quy tắc",
+        "rsetting_none": "Không có quy tắc nào",
+        "rsettings_insert_preset": "Chèn mẫu ví dụ \"%s\"",
+        "rsettings_preset_1": "Vô hiệu hóa tất cả trừ DKIM và giới hạn tốc độ cho người dùng đã xác thực",
+        "rsettings_preset_2": "Quản trị viên bưu điện muốn thư rác",
+        "rsettings_preset_3": "Chỉ cho phép người gửi cụ thể cho một hộp thư (ví dụ: sử dụng như hộp thư nội bộ)",
+        "rsettings_preset_4": "Vô hiệu hóa Rspamd cho một tên miền",
+        "rspamd_com_settings": "Tên cài đặt sẽ được tự động tạo, vui lòng xem các mẫu ví dụ bên dưới. Để biết thêm chi tiết, xem <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Tài liệu Rspamd</a>",
+        "rspamd_global_filters": "Ánh xạ bộ lọc toàn cục",
+        "rspamd_global_filters_agree": "Tôi sẽ cẩn thận!",
+        "rspamd_global_filters_info": "Ánh xạ bộ lọc toàn cục chứa các loại danh sách từ chối và cho phép toàn cục khác nhau.",
+        "rspamd_global_filters_regex": "Tên của chúng giải thích mục đích sử dụng. Tất cả nội dung phải chứa biểu thức chính quy hợp lệ theo định dạng \"/mẫu/tùy chọn\" (ví dụ: <code>/.+@domain.tld/i</code>).<br>\nMặc dù kiểm tra cơ bản được thực hiện trên mỗi dòng của regex, chức năng của Rspamd có thể bị hỏng nếu nó không đọc được cú pháp chính xác.<br>\nRspamd sẽ cố gắng đọc nội dung ánh xạ khi thay đổi. Nếu bạn gặp vấn đề, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">khởi động lại Rspamd</a> để bắt buộc tải lại ánh xạ.<br>Các phần tử trong danh sách từ chối được loại trừ khỏi cách ly.",
+        "rspamd_settings_map": "Ánh xạ cài đặt Rspamd",
+        "sal_level": "Cấp độ Moo",
+        "save": "Lưu thay đổi",
+        "search_domain_da": "Tìm kiếm tên miền",
+        "send": "Gửi",
+        "sender": "Người gửi",
+        "service": "Dịch vụ",
+        "service_id": "ID Dịch vụ",
+        "source": "Nguồn",
+        "spamfilter": "Bộ lọc thư rác",
+        "subject": "Chủ đề",
+        "success": "Thành công",
+        "sys_mails": "Thư hệ thống",
+        "task": "Nhiệm vụ",
+        "text": "Văn bản",
+        "time": "Thời gian",
+        "title": "Tiêu đề",
+        "title_name": "Tiêu đề trang web \"Giao diện mailcow\"",
+        "to_top": "Về đầu trang",
+        "transport_dest_format": "Regex hoặc cú pháp: example.org, .example.org, *, box@example.org (nhiều giá trị có thể được phân cách bằng dấu phẩy)",
+        "transport_maps": "Ánh xạ vận chuyển",
+        "transport_test_rcpt_info": "&#8226; Sử dụng null@hosted.mailcow.de để kiểm tra chuyển tiếp đến đích nước ngoài.",
+        "transports_hint": "&#8226; Một mục ánh xạ vận chuyển <b>ghi đè</b> một ánh xạ vận chuyển phụ thuộc người gửi</b>.<br>\n&#8226; Vận chuyển dựa trên MX được ưu tiên sử dụng.<br>\n&#8226; Cài đặt chính sách TLS gửi đi cho từng người dùng bị bỏ qua và chỉ có thể được thực thi bởi các mục ánh xạ chính sách TLS.<br>\n&#8226; Dịch vụ vận chuyển cho các vận chuyển đã định nghĩa luôn là \"smtp:\" và do đó sẽ thử TLS khi được cung cấp. TLS được bọc (SMTPS) không được hỗ trợ.<br>\n&#8226; Địa chỉ khớp với \"/localhost$/\" sẽ luôn được vận chuyển qua \"local:\", do đó đích \"*\" sẽ không áp dụng cho những địa chỉ đó.<br>\n&#8226; Để xác định thông tin xác thực cho bước nhảy tiếp theo ví dụ \"[host]:25\", Postfix <b>luôn</b> truy vấn \"host\" trước khi tìm kiếm \"[host]:25\". Hành vi này khiến không thể sử dụng \"host\" và \"[host]:25\" cùng một lúc.",
+        "ui_footer": "Chân trang (cho phép HTML)",
+        "ui_header_announcement": "Thông báo",
+        "ui_header_announcement_active": "Đặt thông báo hoạt động",
+        "ui_header_announcement_content": "Văn bản (cho phép HTML)",
+        "ui_header_announcement_help": "Thông báo hiển thị cho tất cả người dùng đã đăng nhập và trên màn hình đăng nhập của giao diện người dùng.",
+        "ui_header_announcement_select": "Chọn loại thông báo",
+        "ui_header_announcement_type": "Loại",
+        "ui_header_announcement_type_danger": "Rất quan trọng",
+        "ui_header_announcement_type_info": "Thông tin",
+        "ui_header_announcement_type_warning": "Quan trọng",
+        "ui_texts": "Nhãn và văn bản giao diện người dùng",
+        "unban_pending": "đang chờ bỏ cấm",
+        "unchanged_if_empty": "Nếu không thay đổi hãy để trống",
+        "upload": "Tải lên",
+        "username": "Tên người dùng",
+        "user_link": "Liên kết người dùng",
+        "user_quicklink": "Ẩn liên kết nhanh đến trang đăng nhập người dùng",
+        "validate_license_now": "Xác thực GUID với máy chủ giấy phép",
+        "verify": "Xác minh",
+        "yes": "&#10003;"
+    },
+    "danger": {
+        "access_denied": "Truy cập bị từ chối hoặc dữ liệu biểu mẫu không hợp lệ",
+        "alias_domain_invalid": "Tên miền bí danh %s không hợp lệ",
+        "alias_empty": "Địa chỉ bí danh không được để trống",
+        "alias_goto_identical": "Địa chỉ bí danh và địa chỉ chuyển tiếp không được giống nhau",
+        "alias_invalid": "Địa chỉ bí danh %s không hợp lệ",
+        "aliasd_targetd_identical": "Tên miền bí danh không được giống với tên miền đích: %s",
+        "aliases_in_use": "Số bí danh tối đa phải lớn hơn hoặc bằng %d",
+        "app_name_empty": "Tên ứng dụng không được để trống",
+        "app_passwd_id_invalid": "ID mật khẩu ứng dụng %s không hợp lệ",
+        "authsource_in_use": "Nhà cung cấp danh tính không thể thay đổi hoặc xóa vì hiện đang được sử dụng bởi một hoặc nhiều người dùng.",
+        "bcc_empty": "Đích BCC không được để trống",
+        "bcc_exists": "Một ánh xạ BCC %s đã tồn tại cho loại %s",
+        "bcc_must_be_email": "Đích BCC %s không phải là địa chỉ email hợp lệ",
+        "comment_too_long": "Bình luận quá dài, cho phép tối đa 160 ký tự",
+        "cors_invalid_method": "Phương thức Allow-Method được chỉ định không hợp lệ",
+        "cors_invalid_origin": "Allow-Origin được chỉ định không hợp lệ",
+        "defquota_empty": "Hạn ngạch mặc định cho mỗi hộp thư không được là 0.",
+        "demo_mode_enabled": "Chế độ Demo đang được bật",
+        "description_invalid": "Mô tả tài nguyên cho %s không hợp lệ"
+    }
+}

From 0338a36ecfb8ba33fe8c811afe7107c99093890c Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 21 Oct 2025 18:03:02 +0200
Subject: [PATCH 717/755] chore(deps): update alpine docker tag to v3.22
 (#6417)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .../EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml b/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml
index 5e0e98f44..a0b63b3a6 100644
--- a/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml
+++ b/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml
@@ -25,6 +25,6 @@ services:
         - /var/run/mysqld/mysqld.sock:/var/run/mysqld/mysqld.sock
 
     mysql-mailcow:
-      image: alpine:3.20
+      image: alpine:3.22
       command: /bin/true
       restart: "no"

From fbcb8cbeb9cd86ce07ed2776a5a377d4b2c2961c Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Tue, 21 Oct 2025 18:03:22 +0200
Subject: [PATCH 718/755] [Web] Updated lang.vi-vn.json (#6861)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Nguyễn Thái Dũng <nguyenthaidung.work+mailcow.email@gmail.com>
---
 data/web/lang/lang.vi-vn.json | 262 +++++++++++++++++++++++++++++++++-
 1 file changed, 261 insertions(+), 1 deletion(-)

diff --git a/data/web/lang/lang.vi-vn.json b/data/web/lang/lang.vi-vn.json
index d492ac08a..54e0b99b2 100644
--- a/data/web/lang/lang.vi-vn.json
+++ b/data/web/lang/lang.vi-vn.json
@@ -431,6 +431,266 @@
         "cors_invalid_origin": "Allow-Origin được chỉ định không hợp lệ",
         "defquota_empty": "Hạn ngạch mặc định cho mỗi hộp thư không được là 0.",
         "demo_mode_enabled": "Chế độ Demo đang được bật",
-        "description_invalid": "Mô tả tài nguyên cho %s không hợp lệ"
+        "description_invalid": "Mô tả tài nguyên cho %s không hợp lệ",
+        "dkim_domain_or_sel_exists": "Một khóa DKIM cho \"%s\" đã tồn tại và sẽ không bị ghi đè",
+        "dkim_domain_or_sel_invalid": "Tên miền hoặc bộ chọn DKIM không hợp lệ: %s",
+        "domain_cannot_match_hostname": "Tên miền không thể trùng với tên máy chủ",
+        "domain_exists": "Tên miền %s đã tồn tại",
+        "domain_invalid": "Tên miền trống hoặc không hợp lệ",
+        "domain_not_empty": "Không thể xóa tên miền %s không trống",
+        "domain_not_found": "Không tìm thấy tên miền %s",
+        "domain_quota_m_in_use": "Hạn ngạch tên miền phải lớn hơn hoặc bằng %s MiB",
+        "extended_sender_acl_denied": "thiếu ACL để đặt địa chỉ người gửi bên ngoài",
+        "extra_acl_invalid": "Địa chỉ người gửi bên ngoài \"%s\" không hợp lệ",
+        "extra_acl_invalid_domain": "Người gửi bên ngoài \"%s\" sử dụng tên miền không hợp lệ",
+        "fido2_verification_failed": "Xác minh FIDO2 thất bại: %s",
+        "file_open_error": "Không thể mở tệp để ghi",
+        "filter_type": "Loại bộ lọc không đúng",
+        "from_invalid": "Người gửi không được để trống",
+        "generic_server_error": "Đã xảy ra lỗi máy chủ không mong đợi. Vui lòng liên hệ quản trị viên của bạn.",
+        "global_filter_write_error": "Không thể ghi tệp bộ lọc: %s",
+        "global_map_invalid": "ID ánh xạ toàn cục %s không hợp lệ",
+        "global_map_write_error": "Không thể ghi ID ánh xạ toàn cục %s: %s",
+        "goto_empty": "Một địa chỉ bí danh phải chứa ít nhất một địa chỉ chuyển tiếp hợp lệ",
+        "goto_invalid": "Địa chỉ chuyển tiếp %s không hợp lệ",
+        "ham_learn_error": "Lỗi học thư hợp lệ: %s",
+        "iam_test_connection": "Kết nối thất bại",
+        "imagick_exception": "Lỗi: Ngoại lệ Imagick khi đọc hình ảnh",
+        "img_dimensions_exceeded": "Hình ảnh vượt quá kích thước tối đa cho phép",
+        "img_invalid": "Không thể xác thực tệp hình ảnh",
+        "img_size_exceeded": "Hình ảnh vượt quá kích thước tệp tối đa",
+        "img_tmp_missing": "Không thể xác thực tệp hình ảnh: Không tìm thấy tệp tạm thời",
+        "invalid_bcc_map_type": "Loại ánh xạ BCC không hợp lệ",
+        "invalid_destination": "Định dạng đích \"%s\" không hợp lệ",
+        "invalid_filter_type": "Loại bộ lọc không hợp lệ",
+        "invalid_host": "Máy chủ được chỉ định không hợp lệ: %s",
+        "invalid_mime_type": "Kiểu MIME không hợp lệ",
+        "invalid_nexthop": "Định dạng bước nhảy tiếp theo không hợp lệ",
+        "invalid_nexthop_authenticated": "Bước nhảy tiếp theo tồn tại với thông tin xác thực khác, vui lòng cập nhật thông tin xác thực hiện có cho bước nhảy này trước.",
+        "invalid_recipient_map_new": "Người nhận mới được chỉ định không hợp lệ: %s",
+        "invalid_recipient_map_old": "Người nhận gốc được chỉ định không hợp lệ: %s",
+        "invalid_reset_token": "Token đặt lại không hợp lệ",
+        "ip_list_empty": "Danh sách IP được phép không được để trống",
+        "is_alias": "%s đã được biết đến như một địa chỉ bí danh",
+        "is_alias_or_mailbox": "%s đã được biết đến như một bí danh, một hộp thư hoặc một địa chỉ bí danh được mở rộng từ một tên miền bí danh.",
+        "is_spam_alias": "%s đã được biết đến như một địa chỉ bí danh tạm thời (địa chỉ bí danh thư rác)",
+        "last_key": "Không thể xóa khóa cuối cùng, vui lòng vô hiệu hóa TFA thay thế.",
+        "login_failed": "Đăng nhập không thành công",
+        "mailbox_defquota_exceeds_mailbox_maxquota": "Hạn ngạch mặc định vượt quá giới hạn hạn ngạch tối đa",
+        "mailbox_invalid": "Tên hộp thư không hợp lệ",
+        "mailbox_quota_exceeded": "Hạn ngạch vượt quá giới hạn tên miền (tối đa %d MiB)",
+        "mailbox_quota_exceeds_domain_quota": "Hạn ngạch tối đa vượt quá giới hạn hạn ngạch tên miền",
+        "mailbox_quota_left_exceeded": "Không đủ dung lượng còn lại (dung lượng còn lại: %d MiB)",
+        "mailboxes_in_use": "Số hộp thư tối đa phải lớn hơn hoặc bằng %d",
+        "malformed_username": "Tên người dùng không đúng định dạng",
+        "map_content_empty": "Nội dung ánh xạ không được để trống",
+        "max_age_invalid": "Tuổi tối đa %s không hợp lệ",
+        "max_alias_exceeded": "Vượt quá số bí danh tối đa",
+        "max_mailbox_exceeded": "Vượt quá số hộp thư tối đa (%d trên %d)",
+        "max_quota_in_use": "Hạn ngạch hộp thư phải lớn hơn hoặc bằng %d MiB",
+        "maxquota_empty": "Hạn ngạch tối đa cho mỗi hộp thư không được là 0.",
+        "mode_invalid": "Chế độ %s không hợp lệ",
+        "mx_invalid": "Bản ghi MX %s không hợp lệ",
+        "mysql_error": "Lỗi MySQL: %s",
+        "network_host_invalid": "Mạng hoặc máy chủ không hợp lệ: %s",
+        "next_hop_interferes": "%s xung đột với bước nhảy tiếp theo %s",
+        "next_hop_interferes_any": "Một bước nhảy tiếp theo hiện có xung đột với %s",
+        "nginx_reload_failed": "Tải lại Nginx thất bại: %s",
+        "no_user_defined": "Không có người dùng được định nghĩa",
+        "object_exists": "Đối tượng %s đã tồn tại",
+        "object_is_not_numeric": "Giá trị %s không phải là số",
+        "password_complexity": "Mật khẩu không đáp ứng chính sách",
+        "password_empty": "Mật khẩu không được để trống",
+        "password_mismatch": "Mật khẩu xác nhận không khớp",
+        "password_reset_invalid_user": "Không tìm thấy hộp thư hoặc không có email khôi phục được thiết lập",
+        "password_reset_na": "Tính năng khôi phục mật khẩu hiện không khả dụng. Vui lòng liên hệ quản trị viên của bạn.",
+        "policy_list_from_exists": "Một bản ghi với tên đã cho tồn tại",
+        "policy_list_from_invalid": "Bản ghi có định dạng không hợp lệ",
+        "private_key_error": "Lỗi khóa riêng tư: %s",
+        "pushover_credentials_missing": "Thiếu token hoặc khóa Pushover",
+        "pushover_key": "Khóa Pushover có định dạng không đúng",
+        "pushover_token": "Token Pushover có định dạng không đúng",
+        "quota_not_0_not_numeric": "Hạn ngạch phải là số và >= 0",
+        "recipient_map_entry_exists": "Mục ánh xạ người nhận \"%s\" đã tồn tại",
+        "recovery_email_failed": "Không thể gửi email khôi phục. Vui lòng liên hệ quản trị viên của bạn.",
+        "redis_error": "Lỗi Redis: %s",
+        "relayhost_invalid": "Mục ánh xạ %s không hợp lệ",
+        "release_send_failed": "Không thể phát hành thư: %s",
+        "required_data_missing": "Thiếu dữ liệu bắt buộc %s",
+        "reset_f2b_regex": "Không thể đặt lại bộ lọc biểu thức chính quy kịp thời, vui lòng thử lại hoặc đợi thêm vài giây và tải lại trang web.",
+        "reset_token_limit_exceeded": "Đã vượt quá giới hạn token đặt lại. Vui lòng thử lại sau.",
+        "resource_invalid": "Tên tài nguyên %s không hợp lệ",
+        "rl_timeframe": "Khung thời gian giới hạn tốc độ không chính xác",
+        "rspamd_ui_pw_length": "Mật khẩu giao diện Rspamd phải có ít nhất 6 ký tự",
+        "script_empty": "Tập lệnh không được để trống",
+        "sender_acl_invalid": "Giá trị ACL người gửi %s không hợp lệ",
+        "set_acl_failed": "Không thể thiết lập ACL",
+        "settings_map_invalid": "ID ánh xạ cài đặt %s không hợp lệ",
+        "sieve_error": "Lỗi phân tích cú pháp Sieve: %s",
+        "spam_learn_error": "Lỗi học thư rác: %s",
+        "subject_empty": "Tiêu đề không được để trống",
+        "target_domain_invalid": "Tên miền đích %s không hợp lệ",
+        "targetd_not_found": "Không tìm thấy tên miền đích %s",
+        "targetd_relay_domain": "Tên miền đích %s là tên miền chuyển tiếp",
+        "template_exists": "Mẫu %s đã tồn tại",
+        "template_id_invalid": "ID mẫu %s không hợp lệ",
+        "template_name_invalid": "Tên mẫu không hợp lệ",
+        "temp_error": "Lỗi tạm thời",
+        "text_empty": "Văn bản không được để trống",
+        "tfa_token_invalid": "Token xác thực hai yếu tố không hợp lệ",
+        "tls_policy_map_dest_invalid": "Đích chính sách TLS không hợp lệ",
+        "tls_policy_map_entry_exists": "Mục ánh xạ chính sách TLS \"%s\" đã tồn tại",
+        "tls_policy_map_parameter_invalid": "Tham số chính sách không hợp lệ",
+        "to_invalid": "Người nhận không được để trống",
+        "totp_verification_failed": "Xác thực TOTP thất bại",
+        "transport_dest_exists": "Đích vận chuyển \"%s\" đã tồn tại",
+        "webauthn_verification_failed": "Xác thực WebAuthn thất bại: %s",
+        "webauthn_authenticator_failed": "Không tìm thấy trình xác thực đã chọn",
+        "webauthn_publickey_failed": "Không có khóa công khai nào được lưu cho trình xác thực đã chọn",
+        "webauthn_username_failed": "Trình xác thực đã chọn thuộc về tài khoản khác",
+        "unknown": "Đã xảy ra lỗi không xác định",
+        "unknown_tfa_method": "Phương thức xác thực hai yếu tố không xác định",
+        "unlimited_quota_acl": "Hạn ngạch không giới hạn bị cấm bởi ACL",
+        "username_invalid": "Tên người dùng %s không thể sử dụng được",
+        "validity_missing": "Vui lòng gán thời hạn hiệu lực",
+        "value_missing": "Vui lòng cung cấp tất cả các giá trị",
+        "version_invalid": "Phiên bản %s không hợp lệ",
+        "yotp_verification_failed": "Xác thực Yubico OTP thất bại: %s"
+    },
+    "datatables": {
+        "collapse_all": "Thu gọn tất cả",
+        "emptyTable": "Không có dữ liệu trong bảng",
+        "expand_all": "Mở rộng tất cả",
+        "info": "Hiển thị từ _START_ đến _END_ của _TOTAL_ mục",
+        "infoEmpty": "Hiển thị 0 đến 0 của 0 mục",
+        "infoFiltered": "(được lọc từ tổng số _MAX_ mục)",
+        "lengthMenu": "Hiển thị _MENU_ mục",
+        "loadingRecords": "Đang tải...",
+        "processing": "Vui lòng đợi...",
+        "search": "Tìm kiếm:",
+        "zeroRecords": "Không tìm thấy bản ghi phù hợp",
+        "paginate": {
+            "first": "Đầu",
+            "last": "Cuối",
+            "next": "Tiếp",
+            "previous": "Trước"
+        },
+        "aria": {
+            "sortAscending": ": kích hoạt để sắp xếp cột tăng dần",
+            "sortDescending": ": kích hoạt để sắp xếp cột giảm dần"
+        }
+    },
+    "debug": {
+        "architecture": "Kiến trúc",
+        "chart_this_server": "Biểu đồ (máy chủ này)",
+        "containers_info": "Thông tin container",
+        "container_running": "Đang chạy",
+        "container_disabled": "Container đã dừng hoặc bị vô hiệu hóa",
+        "container_stopped": "Đã dừng",
+        "cores": "Nhân CPU",
+        "current_time": "Thời gian hệ thống",
+        "disk_usage": "Sử dụng ổ đĩa",
+        "docs": "Tài liệu",
+        "error_show_ip": "Không thể phân giải địa chỉ IP công khai",
+        "external_logs": "Nhật ký ngoài",
+        "history_all_servers": "Lịch sử (tất cả máy chủ)",
+        "in_memory_logs": "Nhật ký trong bộ nhớ",
+        "last_modified": "Sửa đổi lần cuối",
+        "log_info": "<p>mailcow <b>nhật ký trong bộ nhớ</b> được thu thập trong danh sách Redis và được cắt giảm xuống LOG_LINES (%d) mỗi phút để giảm tải.\n<br>Nhật ký trong bộ nhớ không nhằm mục đích lưu trữ lâu dài. Tất cả các ứng dụng ghi nhật ký trong bộ nhớ cũng ghi vào Docker daemon và do đó vào trình điều khiển ghi nhật ký mặc định.r\n<br>Loại nhật ký trong bộ nhớ nên được sử dụng để gỡ lỗi các vấn đề nhỏ với các container.</p>\n<p><b>Nhật ký bên ngoài</b> được thu thập thông qua API của ứng dụng đã cho.</p>\n<p><b>Nhật ký tĩnh</b> chủ yếu là nhật ký hoạt động, không được ghi vào Dockerd nhưng vẫn cần được lưu trữ lâu dài (ngoại trừ nhật ký API).</p>",
+        "login_time": "Thời gian",
+        "logs": "Nhật ký",
+        "memory": "Bộ nhớ",
+        "online_users": "Người dùng trực tuyến",
+        "restart_container": "Khởi động lại",
+        "service": "Dịch vụ",
+        "show_ip": "Hiển thị IP công khai",
+        "size": "Kích thước",
+        "started_at": "Bắt đầu lúc",
+        "started_on": "Bắt đầu vào",
+        "static_logs": "Nhật ký tĩnh",
+        "success": "Thành công",
+        "system_containers": "Hệ thống & Container",
+        "timezone": "Múi giờ",
+        "uptime": "Thời gian hoạt động",
+        "update_available": "Có bản cập nhật mới",
+        "no_update_available": "Hệ thống đang ở phiên bản mới nhất",
+        "update_failed": "Không thể kiểm tra cập nhật",
+        "username": "Tên người dùng",
+        "wip": "Đang trong quá trình phát triển"
+    },
+    "diagnostics": {
+        "cname_from_a": "Giá trị được lấy từ bản ghi A/AAAA. Điều này được hỗ trợ miễn là bản ghi trỏ đến tài nguyên chính xác.",
+        "dns_records": "Bản ghi DNS",
+        "dns_records_24hours": "Xin lưu ý rằng các thay đổi được thực hiện đối với DNS có thể mất tới 24 giờ để phản ánh chính xác trạng thái hiện tại của chúng trên trang này. Trang này nhằm giúp bạn dễ dàng xem cách cấu hình bản ghi DNS và kiểm tra xem tất cả bản ghi của bạn có được lưu trữ chính xác trong DNS hay không.",
+        "dns_records_data": "Dữ liệu chính xác",
+        "dns_records_docs": "Vui lòng tham khảo thêm <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">tài liệu hướng dẫn</a>.",
+        "dns_records_name": "Tên",
+        "dns_records_status": "Trạng thái hiện tại",
+        "dns_records_type": "Loại",
+        "optional": "Bản ghi này là tùy chọn."
+    },
+    "edit": {
+        "acl": "ACL (Quyền hạn)",
+        "active": "Hoạt động",
+        "admin": "Chỉnh sửa quản trị viên",
+        "advanced_settings": "Cài đặt nâng cao",
+        "alias": "Chỉnh sửa bí danh",
+        "allow_from_smtp": "Chỉ cho phép các IP sau sử dụng <b>SMTP</b>",
+        "allow_from_smtp_info": "Để trống để cho phép tất cả người gửi.<br>Địa chỉ và mạng IPv4/IPv6.",
+        "allowed_protocols": "Các giao thức được phép truy cập trực tiếp của người dùng (không ảnh hưởng đến giao thức mật khẩu ứng dụng)",
+        "app_name": "Tên ứng dụng",
+        "app_passwd": "Mật khẩu ứng dụng",
+        "app_passwd_protocols": "Các giao thức được phép cho mật khẩu ứng dụng",
+        "automap": "Thử tự động ánh xạ thư mục (\"Mục đã gửi\", \"Đã gửi\" => \"Đã gửi\" v.v.)",
+        "backup_mx_options": "Tùy chọn chuyển tiếp",
+        "bcc_dest_format": "Đích BCC phải là một địa chỉ email hợp lệ duy nhất.<br>Nếu bạn cần gửi bản sao đến nhiều địa chỉ, hãy tạo một bí danh và sử dụng nó ở đây.",
+        "client_id": "ID khách hàng",
+        "client_secret": "Khóa bí mật khách hàng",
+        "comment_info": "Bình luận riêng tư không hiển thị với người dùng, trong khi bình luận công khai được hiển thị dưới dạng chú thích khi di chuột qua trong tổng quan người dùng",
+        "created_on": "Được tạo vào",
+        "custom_attributes": "Thuộc tính tùy chỉnh",
+        "delete1": "Xóa từ nguồn khi hoàn thành",
+        "delete2": "Xóa thư ở đích không có ở nguồn",
+        "delete2duplicates": "Xóa các bản sao ở đích",
+        "delete_ays": "Vui lòng xác nhận quá trình xóa.",
+        "description": "Mô tả",
+        "disable_login": "Không cho phép đăng nhập (vẫn nhận được thư đến)",
+        "domain": "Chỉnh sửa tên miền",
+        "domain_admin": "Chỉnh sửa quản trị viên tên miền",
+        "domain_footer": "Chân trang toàn tên miền",
+        "domain_footer_html": "Chân trang HTML",
+        "domain_footer_info": "Chân trang toàn tên miền được thêm vào tất cả các email gửi đi liên quan đến một địa chỉ trong tên miền này. <br> Các biến sau có thể được sử dụng cho chân trang:",
+        "domain_footer_info_vars": {
+            "auth_user": "{= auth_user =}   - Tên người dùng đã xác thực được chỉ định bởi MTA",
+            "from_user": "{= from_user =}   - Phần người dùng của phong bì, ví dụ \"moo@mailcow.tld\" sẽ trả về \"moo\"",
+            "from_name": "{= from_name =}   - Tên từ phong bì, ví dụ \"Mailcow &lt;moo@mailcow.tld&gt;\" sẽ trả về \"Mailcow\"",
+            "from_addr": "{= from_addr =}   - Phần địa chỉ của phong bì",
+            "from_domain": "{= from_domain =} - Phần tên miền của phong bì",
+            "custom": "{= foo =}         - Nếu hộp thư có thuộc tính tùy chỉnh \"foo\" với giá trị \"bar\" sẽ trả về \"bar\""
+        },
+        "domain_footer_plain": "Chân trang văn bản thuần",
+        "domain_footer_skip_replies": "Bỏ qua chân trang trong email trả lời",
+        "domain_quota": "Hạn ngạch tên miền",
+        "domains": "Các tên miền",
+        "dont_check_sender_acl": "Tắt kiểm tra người gửi cho tên miền %s (+ tên miền bí danh)",
+        "edit_alias_domain": "Chỉnh sửa tên miền bí danh",
+        "encryption": "Mã hóa",
+        "exclude": "Loại trừ đối tượng (biểu thức chính quy)",
+        "extended_sender_acl": "Địa chỉ người gửi bên ngoài",
+        "extended_sender_acl_info": "Khóa tên miền DKIM nên được nhập vào, nếu có sẵn.<br>\n  Nhớ thêm máy chủ này vào bản ghi SPF TXT tương ứng.<br>\n  Khi một tên miền hoặc tên miền bí danh được thêm vào máy chủ này, mà trùng với một địa chỉ bên ngoài, địa chỉ bên ngoài sẽ bị xóa.<br>\n  Sử dụng @domain.tld để cho phép gửi dưới dạng *@domain.tld.",
+        "force_pw_update": "Bắt buộc cập nhật mật khẩu trong lần đăng nhập tiếp theo",
+        "force_pw_update_info": "Người dùng này sẽ chỉ có thể đăng nhập vào %s. Mật khẩu ứng dụng vẫn có thể sử dụng được.",
+        "footer_exclude": "Loại trừ khỏi chân trang",
+        "full_name": "Tên đầy đủ",
+        "gal": "Danh sách địa chỉ toàn cục",
+        "gal_info": "GAL chứa tất cả các đối tượng của một tên miền và không thể được chỉnh sửa bởi bất kỳ người dùng nào. Thông tin rảnh/bận trong SOGo sẽ bị thiếu nếu vô hiệu hóa! <b>Khởi động lại SOGo để áp dụng thay đổi.</b>",
+        "generate": "tạo",
+        "grant_types": "Các loại cấp quyền",
+        "hostname": "Tên máy chủ",
+        "inactive": "Không hoạt động",
+        "internal": "Nội bộ",
+        "internal_info": "Bí danh nội bộ chỉ có thể truy cập từ tên miền sở hữu hoặc tên miền bí danh.",
+        "kind": "Loại",
+        "last_modified": "Sửa đổi lần cuối"
     }
 }

From 22a09b9795d26021da5c706dc5b8ff038448374f Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Thu, 23 Oct 2025 15:16:24 +0200
Subject: [PATCH 719/755] [PHP] re-add opcache.revalidate_freq setting

---
 data/conf/phpfpm/php-conf.d/opcache-recommended.ini | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/conf/phpfpm/php-conf.d/opcache-recommended.ini b/data/conf/phpfpm/php-conf.d/opcache-recommended.ini
index 452b45484..1af81b85a 100644
--- a/data/conf/phpfpm/php-conf.d/opcache-recommended.ini
+++ b/data/conf/phpfpm/php-conf.d/opcache-recommended.ini
@@ -7,6 +7,7 @@ opcache.interned_strings_buffer=16
 opcache.max_accelerated_files=10000
 opcache.memory_consumption=128
 opcache.save_comments=1
+opcache.revalidate_freq=1
 opcache.validate_timestamps=0
 
 ; JIT

From 9a806e64cef1ab96d8ca0c4a247dc9dafb352f4b Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Fri, 24 Oct 2025 08:18:49 +0200
Subject: [PATCH 720/755] [PHP] remove opcache.revalidate_freq

---
 data/conf/phpfpm/php-conf.d/opcache-recommended.ini | 1 -
 1 file changed, 1 deletion(-)

diff --git a/data/conf/phpfpm/php-conf.d/opcache-recommended.ini b/data/conf/phpfpm/php-conf.d/opcache-recommended.ini
index 1af81b85a..452b45484 100644
--- a/data/conf/phpfpm/php-conf.d/opcache-recommended.ini
+++ b/data/conf/phpfpm/php-conf.d/opcache-recommended.ini
@@ -7,7 +7,6 @@ opcache.interned_strings_buffer=16
 opcache.max_accelerated_files=10000
 opcache.memory_consumption=128
 opcache.save_comments=1
-opcache.revalidate_freq=1
 opcache.validate_timestamps=0
 
 ; JIT

From 04200c99a4b3605c6c6bd583affdbd6343a8f5e7 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Mon, 27 Oct 2025 20:00:29 +0100
Subject: [PATCH 721/755] Translations update from Weblate (#6880)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Web] Updated lang.vi-vn.json

Co-authored-by: Nguyễn Thái Dũng <nguyenthaidung.work+mailcow.email@gmail.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.nb-no.json

Co-authored-by: Runar Ingebrigtsen <runar@rin.no>

---------

Co-authored-by: Nguyễn Thái Dũng <nguyenthaidung.work+mailcow.email@gmail.com>
Co-authored-by: Runar Ingebrigtsen <runar@rin.no>
---
 data/web/lang/lang.nb-no.json | 5 +++--
 data/web/lang/lang.vi-vn.json | 3 ++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/data/web/lang/lang.nb-no.json b/data/web/lang/lang.nb-no.json
index 3b267b9ea..bca608745 100644
--- a/data/web/lang/lang.nb-no.json
+++ b/data/web/lang/lang.nb-no.json
@@ -185,11 +185,12 @@
         "protocol_access": "Endre protokolltilgang",
         "pushover": "Pushover",
         "quarantine": "Karantenehandlinger",
-        "quarantine_attachments": "Sett vedlegg i karantene",
+        "quarantine_attachments": "Se vedlegg i karantene",
         "quarantine_category": "Endre varslingskategori for karantene",
         "quarantine_notification": "Endre karantenevarslinger",
         "domain_desc": "Endre domenebeskrivelse",
-        "extend_sender_acl": "Tillat utvidelse av sender-ACL fra eksterne adresser"
+        "extend_sender_acl": "Tillat utvidelse av sender-ACL fra eksterne adresser",
+        "pw_reset": "Tillat endring av brukerpassord"
     },
     "add": {
         "app_passwd_protocols": "Tillatte protokoller for app-passord",
diff --git a/data/web/lang/lang.vi-vn.json b/data/web/lang/lang.vi-vn.json
index 54e0b99b2..0e9e6a2c4 100644
--- a/data/web/lang/lang.vi-vn.json
+++ b/data/web/lang/lang.vi-vn.json
@@ -691,6 +691,7 @@
         "internal": "Nội bộ",
         "internal_info": "Bí danh nội bộ chỉ có thể truy cập từ tên miền sở hữu hoặc tên miền bí danh.",
         "kind": "Loại",
-        "last_modified": "Sửa đổi lần cuối"
+        "last_modified": "Sửa đổi lần cuối",
+        "lookup_mx": "Đích là một biểu thức chính quy để khớp với tên MX (<code>.*.google.com</code> để định tuyến tất cả thư nhắm đến MX kết thúc bằng google.com qua bước nhảy này)"
     }
 }

From 9912e41f787a92b6e002d98b833076d15efed0bc Mon Sep 17 00:00:00 2001
From: Josh <75700a85-1205-4740-aebf-4413a352e81b@otake.pw>
Date: Mon, 3 Nov 2025 12:07:20 -0800
Subject: [PATCH 722/755] [Web] Correct order of Dansk/Danish in UI (#6887)

---
 data/web/inc/vars.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php
index f8d760081..9f3208e3d 100644
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@@ -85,7 +85,7 @@ $AVAILABLE_LANGUAGES = array(
   // 'ca-es' => 'Català (Catalan)',
   'bg-bg' => 'Български (Bulgarian)',
   'cs-cz' => 'Čeština (Czech)',
-  'da-dk' => 'Danish (Dansk)',
+  'da-dk' => 'Dansk (Danish)',
   'de-de' => 'Deutsch (German)',
   'en-gb' => 'English',
   'es-es' => 'Español (Spanish)',

From d3065612fd5defb91d569ca1e4b71c148235a8a4 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Mon, 3 Nov 2025 21:07:40 +0100
Subject: [PATCH 723/755] update postscreen_access.cidr (#6886)

---
 data/conf/postfix/postscreen_access.cidr | 71 +++---------------------
 1 file changed, 8 insertions(+), 63 deletions(-)

diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr
index 9249520bc..3511c6ae4 100644
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@@ -1,6 +1,6 @@
-# Whitelist generated by Postwhite v3.4 on Wed Oct  1 00:21:33 UTC 2025
+# Whitelist generated by Postwhite v3.4 on Sat Nov  1 00:21:43 UTC 2025
 # https://github.com/stevejenkins/postwhite/
-# 2216 total rules
+# 2161 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
 2a01:111:f403:2800::/53	permit
@@ -50,14 +50,11 @@
 8.25.194.0/23	permit
 8.25.196.0/23	permit
 8.36.116.0/24	permit
-8.39.54.0/23	permit
-8.39.54.250/31	permit
 8.39.144.0/24	permit
-8.40.222.0/23	permit
-8.40.222.250/31	permit
 12.130.86.238	permit
-13.107.213.41	permit
-13.107.246.41	permit
+13.107.213.69	permit
+13.107.246.69	permit
+13.108.16.0/20	permit
 13.110.208.0/21	permit
 13.110.209.0/24	permit
 13.110.216.0/22	permit
@@ -169,7 +166,6 @@
 34.215.104.144	permit
 34.218.115.239	permit
 34.225.212.172	permit
-34.241.242.183	permit
 35.83.148.184	permit
 35.155.198.111	permit
 35.158.23.94	permit
@@ -193,7 +189,6 @@
 40.233.64.216	permit
 40.233.83.78	permit
 40.233.88.28	permit
-43.239.212.33	permit
 44.206.138.57	permit
 44.210.169.44	permit
 44.217.45.156	permit
@@ -275,7 +270,6 @@
 50.112.246.219	permit
 52.1.14.157	permit
 52.5.230.59	permit
-52.6.74.205	permit
 52.12.53.23	permit
 52.13.214.179	permit
 52.26.1.71	permit
@@ -302,7 +296,6 @@
 52.96.91.34	permit
 52.96.111.82	permit
 52.96.172.98	permit
-52.96.214.50	permit
 52.96.222.194	permit
 52.96.222.226	permit
 52.96.223.2	permit
@@ -341,7 +334,6 @@
 54.244.54.130	permit
 54.244.242.0/24	permit
 54.255.61.23	permit
-56.124.6.228	permit
 57.103.64.0/18	permit
 57.129.93.249	permit
 62.13.128.0/24	permit
@@ -426,7 +418,6 @@
 65.110.161.77	permit
 65.123.29.213	permit
 65.123.29.220	permit
-65.154.166.0/24	permit
 65.212.180.36	permit
 66.102.0.0/20	permit
 66.119.150.192/26	permit
@@ -1233,8 +1224,6 @@
 99.83.190.102	permit
 103.9.96.0/22	permit
 103.28.42.0/24	permit
-103.84.217.238	permit
-103.89.75.238	permit
 103.151.192.0/23	permit
 103.168.172.128/27	permit
 103.237.104.0/22	permit
@@ -1400,9 +1389,6 @@
 117.120.16.0/21	permit
 119.42.242.52/31	permit
 119.42.242.156	permit
-121.244.91.48	permit
-121.244.91.52	permit
-122.15.156.182	permit
 123.126.78.64/29	permit
 124.108.96.24/31	permit
 124.108.96.28/31	permit
@@ -1430,6 +1416,7 @@
 128.245.248.0/21	permit
 129.41.77.70	permit
 129.41.169.249	permit
+129.77.16.0/20	permit
 129.80.5.164	permit
 129.80.64.36	permit
 129.80.67.121	permit
@@ -1466,21 +1453,8 @@
 134.170.141.64/26	permit
 134.170.143.0/24	permit
 134.170.174.0/24	permit
-135.84.80.0/24	permit
-135.84.81.0/24	permit
-135.84.82.0/24	permit
-135.84.83.0/24	permit
 135.84.216.0/22	permit
-136.143.160.0/24	permit
-136.143.161.0/24	permit
-136.143.162.0/24	permit
-136.143.176.0/24	permit
-136.143.177.0/24	permit
-136.143.178.49	permit
-136.143.182.0/23	permit
-136.143.184.0/24	permit
-136.143.188.0/24	permit
-136.143.190.0/23	permit
+136.146.128.0/20	permit
 136.147.128.0/20	permit
 136.147.135.0/24	permit
 136.147.176.0/20	permit
@@ -1495,7 +1469,6 @@
 139.138.46.219	permit
 139.138.57.55	permit
 139.138.58.119	permit
-139.167.79.86	permit
 139.180.17.0/24	permit
 140.238.148.191	permit
 141.148.159.229	permit
@@ -1618,9 +1591,6 @@
 164.152.23.32	permit
 164.152.25.241	permit
 164.177.132.168/30	permit
-165.173.128.0/24	permit
-165.173.180.250/31	permit
-165.173.182.250/31	permit
 166.78.68.0/22	permit
 166.78.68.221	permit
 166.78.69.169	permit
@@ -1650,23 +1620,12 @@
 168.245.12.252	permit
 168.245.46.9	permit
 168.245.127.231	permit
-169.148.129.0/24	permit
-169.148.131.0/24	permit
-169.148.138.0/24	permit
-169.148.142.10	permit
-169.148.142.33	permit
-169.148.144.0/25	permit
-169.148.144.10	permit
-169.148.146.0/23	permit
-169.148.175.3	permit
-169.148.188.0/24	permit
-169.148.188.182	permit
 170.10.128.0/24	permit
 170.10.129.0/24	permit
 170.10.132.56/29	permit
 170.10.132.64/29	permit
 170.10.133.0/24	permit
-172.217.32.0/20	permit
+172.217.32.0/21	permit
 172.253.56.0/21	permit
 172.253.112.0/20	permit
 173.0.84.0/29	permit
@@ -1846,16 +1805,7 @@
 199.16.156.0/22	permit
 199.33.145.1	permit
 199.33.145.32	permit
-199.34.22.36	permit
 199.59.148.0/22	permit
-199.67.80.2	permit
-199.67.80.20	permit
-199.67.82.2	permit
-199.67.82.20	permit
-199.67.84.0/24	permit
-199.67.86.0/24	permit
-199.67.88.0/24	permit
-199.67.90.0/24	permit
 199.101.161.130	permit
 199.101.162.0/25	permit
 199.122.120.0/21	permit
@@ -1912,8 +1862,6 @@
 204.92.114.187	permit
 204.92.114.203	permit
 204.92.114.204/31	permit
-204.141.32.0/23	permit
-204.141.42.0/23	permit
 204.216.164.202	permit
 204.220.160.0/21	permit
 204.220.168.0/21	permit
@@ -2201,9 +2149,6 @@
 2603:1030:20e:3::23c	permit
 2603:1030:b:3::152	permit
 2603:1030:c02:8::14	permit
-2607:13c0:0001:0000:0000:0000:0000:7000/116	permit
-2607:13c0:0002:0000:0000:0000:0000:1000/116	permit
-2607:13c0:0004:0000:0000:0000:0000:0000/116	permit
 2607:f8b0:4000::/36	permit
 2620:109:c003:104::/64	permit
 2620:109:c003:104::215	permit

From b0f5aee62867c6ae25c50617b0c5c914ed09abda Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Wed, 5 Nov 2025 17:37:26 +0100
Subject: [PATCH 724/755] [Web] Updated lang.pl-pl.json (#6898)

Co-authored-by: Monika Bark <rychert.monika@wp.pl>
---
 data/web/lang/lang.pl-pl.json | 282 ++++++++++++++++++++++++++++++----
 1 file changed, 248 insertions(+), 34 deletions(-)

diff --git a/data/web/lang/lang.pl-pl.json b/data/web/lang/lang.pl-pl.json
index 02c892c64..775fd0c7f 100644
--- a/data/web/lang/lang.pl-pl.json
+++ b/data/web/lang/lang.pl-pl.json
@@ -1,50 +1,117 @@
 {
     "acl": {
-        "sogo_profile_reset": "Usuń profil SOGo (webmail)",
-        "syncjobs": "Polecenie synchronizacji",
+        "sogo_profile_reset": "Zresetuj profil SOGo",
+        "syncjobs": "Zadania doryczące synchronizacji kont",
         "alias_domains": "Dodaj aliasy domen",
-        "delimiter_action": "Akcja oparta na separatorze"
+        "delimiter_action": "Akcja oparta na separatorze",
+        "app_passwds": "Zarządzaj hasłami do aplikacji",
+        "bcc_maps": "mapy do BCC",
+        "domain_desc": "Zmień opis dotyczący domeny",
+        "domain_relayhost": "Zmień serwer przekazujący dla tej domeny",
+        "eas_reset": "Resetuj urządzenia EAS",
+        "extend_sender_acl": "Zezwalaj na rozszerzenie listy kontroli dostępu nadawców(ACL) o adresy zewnętrzne",
+        "filters": "Dostępne filtry",
+        "login_as": "Zaloguj się jako użytkownik poczty",
+        "mailbox_relayhost": "Zmień serwer pocztowy(relayhost) dla skrzynki pocztowej",
+        "prohibited": "Zakazane przez liste kontroli dostępu(ACL)",
+        "protocol_access": "Zakazane przez ACL",
+        "pushover": "Pushover(powiadomienia push w czasie rzeczywistym)",
+        "pw_reset": "Zezwalaj na resetowanie hasła użytkownika mailcow",
+        "quarantine": "Akcje kwarantanny",
+        "quarantine_attachments": "Załączniki do kwarantanny",
+        "quarantine_category": "Zmień kategorię dotyczącą powiadomień o kwarantannie",
+        "quarantine_notification": "Zmień powiadomienia o kwarantannie",
+        "ratelimit": "Ograniczenie liczby zapytań",
+        "recipient_maps": "Mapy odbiorców",
+        "smtp_ip_access": "Zmiana dozwolonych hostów SMTP",
+        "sogo_access": "Zezwól na zarządzanie dostępem SOGo",
+        "spam_alias": "Tymczasowe aliasy",
+        "spam_policy": "Zablokowane adresy/Dozwolone adresy",
+        "spam_score": "Wskaźnik spam",
+        "tls_policy": "Polityka TLS",
+        "unlimited_quota": "Nieograniczony limit dla skrzynek pocztowych"
     },
     "add": {
         "active": "Aktywny",
         "add": "Dodaj",
-        "alias_address": "Alias/y:",
+        "alias_address": "Alias/y",
         "alias_address_info": "<small>Pełny/e adres/y email lub @example.com, aby przejąć wszystkie wiadomości dla domeny (oddzielone przecinkami). <b>tylko domeny mailcow</b>.</small>",
         "alias_domain": "Alias domeny",
         "alias_domain_info": "<small>Tylko prawidłowe nazwy domen (oddzielone przecinkami).</small>",
-        "backup_mx_options": "Opcje Backup MX:",
+        "backup_mx_options": "Opcje Backup MX",
         "delete1": "Usuń ze źródła po zakończeniu",
         "delete2duplicates": "Usuń duplikaty w miejscu docelowym",
-        "description": "Opis:",
+        "description": "Opis",
         "domain": "Domena",
-        "domain_quota_m": "Łączny limit domeny (MiB):",
+        "domain_quota_m": "Łączny limit domeny (MiB)",
         "enc_method": "Metoda szyfrowania",
         "exclude": "Wyklucz obiekty (regex)",
-        "full_name": "Pełna nazwa:",
+        "full_name": "Pełna nazwa",
         "hostname": "Nazwa hosta",
         "kind": "Rodzaj",
-        "mailbox_quota_m": "Maks. wielkość skrzynki (MiB):",
-        "mailbox_username": "Nazwa użytkownika (lewa strona adresu email):",
-        "max_aliases": "Maks. liczba aliasów:",
-        "max_mailboxes": "Maks. liczba skrzynek:",
+        "mailbox_quota_m": "Maks. wielkość skrzynki (MiB)",
+        "mailbox_username": "Nazwa użytkownika (lewa strona adresu email)",
+        "max_aliases": "Maks. liczba aliasów",
+        "max_mailboxes": "Maks. liczba skrzynek",
         "mins_interval": "Zakres pobierania (minuty)",
         "multiple_bookings": "Wielokrotne rejestracje",
-        "password": "Hasło:",
-        "password_repeat": "Potwierdź hasło(powtórz):",
+        "password": "Hasło",
+        "password_repeat": "Potwierdź hasło(powtórz)",
         "port": "Port",
-        "post_domain_add": "Po dodaniu nowej domeny będziesz musiał ponownie uruchomić kontener serwisowy SOGo!",
-        "quota_mb": "Limit wielkości (MiB):",
+        "post_domain_add": "Kontener SOGo, \"sogo-mailcow\", musi zostać ponownie uruchomiony po dodaniu nowej domeny!<br><br>Dodatkowo należy przejrzeć konfigurację DNS domeny. Po zatwierdzeniu konfiguracji DNS uruchom ponownie \"acme-mailcow\", aby automatycznie wygenerować certyfikaty dla nowej domeny (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;).<br>Ten krok jest opcjonalny i będzie ponownie wykonywany co 24 godziny.",
+        "quota_mb": "Limit wielkości (MiB)",
         "relay_all": "Przekaż wszystkim odbiorcom",
-        "relay_all_info": "<small>Jeśli decydujesz się <b>nie</b> przekazywać wszystkim odbiorcom, musisz dodać (\"ślepą\")skrzynkę dla każdego poszczególnego odbiorcy, któremu należy przekazać.</small>",
+        "relay_all_info": "↪Jeśli wybierzesz <b>not</b>, aby przekazać wszystkich odbiorców, musisz dodać (\"ślepą\") skrzynkę pocztową dla każdego pojedynczego odbiorcy, która powinna być przekazywana.",
         "relay_domain": "Domena przekaźnikowa",
         "select": "Proszę wybrać...",
         "select_domain": "Proszę najpierw wybrać domenę",
         "syncjob": "Dodaj polecenie synchronizacji",
         "syncjob_hint": "Pamiętaj, że hasła należy zapisywać w zwykłym tekście!",
-        "target_address": "Adresy Idź do:",
+        "target_address": "Adresy Idź do",
         "target_address_info": "<small> Pełny/e adres/y email (oddzielone przecinkami).</small>",
-        "target_domain": "Domena docelowa:",
-        "username": "Nazwa użytkownika"
+        "target_domain": "Domena docelowa",
+        "username": "Nazwa użytkownika",
+        "activate_filter_warn": "Wszystkie pozostałe filtry zostaną wyłączone, gdy opcja active zostanie zaznaczona.",
+        "add_domain_only": "Dodaj wyłącznie domene",
+        "add_domain_restart": "Dodaj domenę i uruchom ponownie SOGo",
+        "app_name": "Nazwa aplikacji",
+        "app_password": "Dodaj hasło do aplikacji",
+        "app_passwd_protocols": "Dozwolone protokoły dla hasła aplikacji",
+        "automap": "Spróbuj automatycznie mapować foldery (\"Wysłane elementy\", \"Wysłane\" => \"Wysłane\" itp.)",
+        "bcc_dest_format": "Miejscem docelowym BCC musi być jeden prawidłowy adres e-mail.<br>Jeśli chcesz wysłać kopię do wielu adresów, utwórz alias i użyj go tutaj.",
+        "comment_info": "Prywatny komentarz nie jest widoczny dla użytkownika, podczas gdy publiczny komentarz jest wyświetlany jako podpowiedź, które pojawia się, gdy użytkownik najedzie myszką nad elementem",
+        "custom_params": "Niestandardowe parametry",
+        "custom_params_hint": "Właściwa: --param=xy, błędna: --param xy",
+        "delete2": "Usuń wiadomości w miejscu docelowym, które nie znajdują się w źródle",
+        "destination": "Miejsce docelowe",
+        "disable_login": "Nie pozwalaj na logowanie(poczta przychodząca jest nadal akceptowana)",
+        "domain_matches_hostname": "Domena %s pasuje do nazwy hosta",
+        "dry": "Symulacja synchronizacji",
+        "gal": "Globalna lista adresów",
+        "gal_info": "GAL zawiera wszystkie obiekty domeny i nie może być edytowany przez żadnego użytkownika. Wolne/zajęte logi w SOGo bedą nidostępne, jeśli są wyłączone! <b>Uruchom ponownie SOGo, aby zastosować zmiany.</b>",
+        "generate": "generuj",
+        "goto_ham": "Ucz się jako <span class=\"text-success\"><b>ham</b></span>",
+        "goto_null": "Odrzucaj pocztę \"po cichu\"",
+        "goto_spam": "Ucz się jako <span class=\"text-danger\"><b>spam</b></span>",
+        "inactive": "Nieaktywny",
+        "internal": "Wewnętrzny",
+        "internal_info": "Aliasy wewnętrzne są dostępne tylko z domeny własnej lub domeny aliasów.",
+        "mailbox_quota_def": "Domyślny przydział skrzynki pocztowej",
+        "nexthop": "Następny hop",
+        "private_comment": "Prywatny komentarz",
+        "public_comment": "Komentarz publiczny",
+        "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Info</div>Możesz transports maps dla niestandardowego miejsca docelowego dla tej domeny. Jeśli nie jest ustawiony, zostanie aktywowany lookup MX.",
+        "relay_unknown_only": "Przekaż tylko nieistniejące skrzynki pocztowe. Istniejące skrzynki pocztowe będą dostarczane lokalnie.",
+        "relayhost_wrapped_tls_info": "Proszę <b>nie</b> używać portów owiniętych TLS (głównie używanych na porcie 465).<br>\nUżyj dowolnego portu niezawiniętego i uruchom STARTTLS. Polityka TLS w celu egzekwowania TLS może być utworzona w \"mapie zasad TLS\".",
+        "sieve_desc": "Krótki opis",
+        "sieve_type": "Typ filtra",
+        "skipcrossduplicates": "Pomiń duplikaty wiadomości w folderach (na zasadzie kolejności zgłoszeń)",
+        "subscribeall": "Subskrybuj wszystkie foldery",
+        "tags": "Tagi",
+        "timeout1": "Limit czasu połączenia z hostem zdalnym",
+        "timeout2": "Limit czasu połączenia dla lokalnego hosta",
+        "validate": "Zatwierdź",
+        "validation_success": "Zatwierdzone z powodzeniem"
     },
     "admin": {
         "access": "Dostęp",
@@ -100,7 +167,136 @@
         "spamfilter": "Filtr spamu",
         "time": "Czas",
         "unchanged_if_empty": "W przypadku braku zmian, nie wypełniaj",
-        "username": "Nazwa użytkownika"
+        "username": "Nazwa użytkownika",
+        "activate_api": "Aktywuj API",
+        "activate_send": "Aktywuj przycisk wysyłania",
+        "active_rspamd_settings_map": "Aktywne ustawienia mapy",
+        "add_admin": "Dodaj administratora",
+        "add_relayhost": "Dodaj transport zależny od nadawcy",
+        "add_relayhost_hint": "Miej na uwadze, że dane uwierzytelniające, jeśli takie istnieją, będą przechowywane w postaci zwykłego tekstu",
+        "add_row": "Dodaj wiersz",
+        "add_settings_rule": "Dodaj regułę ustawień",
+        "add_transport": "Dodaj transport",
+        "add_transports_hint": "Należy pamiętać, że dane uwierzytelniające, jeśli takie istnieją, będą przechowywane jako zwykły tekst.",
+        "additional_rows": " Dodano kolejne rzędy",
+        "admins": "Administratorzy",
+        "admins_ldap": "Administratorzy LDAP",
+        "admin_quicklink": "Ukryj szybki link do strony logowania administratora",
+        "advanced_settings": "Ustawienia zaawansowane",
+        "allowed_methods": "Dostęp-kontrola-zezwolenie-metody",
+        "allowed_origins": "Dostęp-Kontrola-Zezwolenia-Pochodzenie",
+        "api_allow_from": "Zezwalaj na dostęp API z tych notacji sieciowych IP/CIDR",
+        "api_info": "API jest w trakcie prac. Dokumentację można znaleźć pod adresem <a href=\"/api\">/api</a>",
+        "api_key": "klucz API",
+        "api_read_only": "Dostęp tylko do odczytu",
+        "api_read_write": "Dostęp tylko do odczytu",
+        "api_skip_ip_check": "Pomiń sprawdzenie IP dla API",
+        "app_hide": "Ukryj dla logowania",
+        "app_links": "Linki aplikacji",
+        "app_name": "Nazwa aplikacji",
+        "apps_name": "Nazwa \"aplikacji mailcow\"",
+        "arrival_time": "Czas serwera",
+        "authed_user": "Autoryzowany użytkownik",
+        "ays": "Jesteś pewien, że chcesz kontynuować?",
+        "ban_list_info": "Zobacz listę zakazanych adresów IP poniżej: <b>network (pozostały czas zakazu) - [działania]</b>.<br/>IP kolejkowane do odbanowania zostaną usunięte z listy aktywnych zakazów w ciągu kilku sekund.<br/>Czerwone etykiety wskazują aktywny stałe zakazy poprzez odmowę wpisu.",
+        "change_logo": "Zmień logo",
+        "logo_normal_label": "Normalna",
+        "logo_dark_label": "Odwrócony dla trybu ciemnego",
+        "convert_html_to_text": "Konwertuj HTML na zwykły tekst",
+        "copy_to_clipboard": "Tekst skopiowany do schowka!",
+        "cors_settings": "Ustawienia CORS",
+        "credentials_transport_warning": "Ostrzeżenie</b>: Dodanie nowego wpisu mapy transportu spowoduje aktualizację danych uwierzytelniających dla wszystkich wpisów z pasującą kolumną hop.",
+        "customer_id": "Identyfikator klienta",
+        "customize": "Dostosuj",
+        "login_page": "Strona logowania",
+        "destination": "Miejsce docelowe",
+        "dkim_domains_selector": "Selektor",
+        "dkim_domains_wo_keys": "Wybierz domeny z brakującymi kluczami",
+        "dkim_from": "Od",
+        "dkim_from_title": "Domena źródłowa do kopiowania danych z",
+        "dkim_overwrite_key": "Nadpisanie istniejącego klucza DKIM",
+        "dkim_to": "Do",
+        "dkim_to_title": "Domeny docelowe - zostaną nadpisane",
+        "domain_admin": "Administrator domeny",
+        "domainadmin_quicklink": "Ukryj szybki link do strony logowania administratora domeny",
+        "domain_s": "Domena/y",
+        "duplicate": "Duplikat",
+        "duplicate_dkim": "Duplikat rekordu DKIM",
+        "excludes": "Wyklucza tych odbiorców",
+        "f2b_ban_time_increment": "Czas zakazu jest zwiększany z każdym zakazem",
+        "f2b_blacklist": "Lista odrzuconych sieci/hostów",
+        "f2b_filter": "Filtry Regex",
+        "f2b_list_info": "Odrzucony host lub sieć zawsze będzie przewyższać jednostkę zezwalającą.</b>Zastosowanie aktualizacji listy zajmie kilka sekund.</b><b>",
+        "f2b_manage_external": "Zarządzaj Fail2Ban zewnętrznie",
+        "f2b_manage_external_info": "Fail2ban nadal będzie utrzymywać listę banów, ale nie będzie aktywnie ustalać zasad blokowania ruchu. Użyj wygenerowane listy banów poniżej, aby zewnętrznie zablokować ruch.",
+        "f2b_max_ban_time": "Max. czas bana (s)",
+        "f2b_netban_ipv4": "Rozmiar podsieci IPv4 do zastosowania zakazu (8-32)",
+        "f2b_netban_ipv6": "Rozmiar podsieci IPv6 do zastosowania zakazu (8-128)",
+        "f2b_regex_info": "Logi brane pod uwagę: SOGo, Postfix, Dovecot, PHP-FPM.",
+        "filter": "Filtr",
+        "force_sso_text": "Jeśli skonfigurowany jest zewnętrzny dostawca OIDC, ta opcja ukrywa domyślne formularze logowania mailcow i pokazuje tylko przycisk logowania pojedynczego",
+        "force_sso": "Wyłącz logowanie mailcow i pokaż tylko pojedyncze logowanie",
+        "from": "Od",
+        "generate": "Generuj",
+        "guid": "GUID - unikalny identyfikator instancji",
+        "guid_and_license": "GUID & licencja",
+        "hash_remove_info": "Usunięcie hasha z limitem współczynnika (jeśli nadal istnieje) spowoduje całkowite zresetowanie jego licznika.<br>\n\nKażdy hash jest oznaczony indywidualnym kolorem.",
+        "help_text": "Zastąp tekst pomocy poniżej maski logowania (dozwolone HTML)",
+        "html": "HTML",
+        "iam": "Dostawca tożsamości",
+        "iam_attribute_field": "Pole atrybutów",
+        "iam_authorize_url": "Punkt końcowy autoryzacji",
+        "iam_auth_flow": "Przepływ uwierzytelniania",
+        "iam_auth_flow_info": "Oprócz przepływu kodu autoryzacyjnego (Standardowy przepływ w Keycloak), który służy do logowania jednokrotnego logowania, mailcow obsługuje również przepływ uwierzytelniania z bezpośrednimi poświadczeniami. Mailpassword Flow próbuje zweryfikować dane uwierzytelniające użytkownika za pomocą Keycloak Admin REST API. mailcow pobiera hashowane hasło z atrybutu <code>mailcow_password</code>, który jest mapowany w Keycloak.",
+        "iam_basedn": "Baza DN",
+        "iam_client_id": "ID klienta",
+        "iam_client_secret": "Sekret klienta",
+        "iam_client_scopes": "Zakresy klientów",
+        "iam_default_template": "Domyślny szablon",
+        "iam_default_template_description": "Jeśli użytkownikowi nie zostanie przypisany żaden szablon, domyślny szablon zostanie użyty do utworzenia skrzynki pocztowej, ale nie do aktualizacji skrzynki pocztowej.",
+        "iam_description": "Skonfiguruj zewnętrznego dostawce uwierzytelniania<br>Skrzynki pocztowe użytkownika zostaną automatycznie utworzone przy pierwszym logowaniu, pod warunkiem, że zostało ustawione mapowanie atrybutów.",
+        "iam_extra_permission": "Aby następujące ustawienia działały, klient mailcow w Keycloak potrzebuje <code>konta serwisowego</code> oraz uprawnień do <code>podgląd-użytkowników</code>.",
+        "iam_host": "Host",
+        "iam_host_info": "Wprowadź jeden lub więcej hostów LDAP, oddzielonych przecinkami.",
+        "iam_import_users": "Zaimportuj użytkowników",
+        "iam_login_provisioning": "Automatyczne tworzenie użytkowników przy logowaniu",
+        "iam_mapping": "Mapowanie atrybutów",
+        "iam_bindpass": "Powiąż hasło",
+        "iam_periodic_full_sync": "Okresowa pełna synchronizacja",
+        "iam_port": "Port",
+        "iam_realm": "Realm",
+        "iam_redirect_url": "Przekierowanie Url",
+        "iam_rest_flow": "Mailpassword Flow",
+        "iam_server_url": "Adres URL serwera",
+        "iam_sso": "Pojedyncze logowanie",
+        "iam_sync_interval": "Interwał synchronizacji / importu (min)",
+        "iam_test_connection": "Test połączenia",
+        "iam_token_url": "Tokenowy punkt końcowy",
+        "iam_userinfo_url": "Endpoint informacji o użytkowniku",
+        "iam_username_field": "Pole nazwy użytkownika",
+        "iam_binddn": "Powiąź DN",
+        "iam_use_ssl": "Używaj SSL",
+        "iam_use_ssl_info": "Jeśli włączysz SSL, a port zostanie ustawiony na 389, zostanie automatycznie nadpisany, aby użyć 636.",
+        "iam_use_tls": "Używaj StartTLS",
+        "iam_use_tls_info": "Jeśli włączono TLS, należy użyć domyślnego portu dla serwera LDAP (389). Nie można używać portów SSL.",
+        "iam_version": "Wersja",
+        "ignore_ssl_error": "Ignoruj błędy SSL",
+        "in_use_by": "W użyciu przez",
+        "include_exclude": "Uwzględnij/Nie uwzględniaj",
+        "include_exclude_info": "Domyślnie - bez zaznaczenia - <b>wszystkie skrzynki pocztowe</b> są adresowane",
+        "includes": "Uwzględnij tych odbiorców",
+        "ip_check": "Sprawdź IP",
+        "ip_check_disabled": "Sprawdzenie IP jest wyłączone. Możesz go włączyć w obszarze <br> <strong>System > Konfiguracja > Opcje > Dostosuj</strong>",
+        "ip_check_opt_in": "Opt-In korzystania z usług stron trzecich <strong>ipv4.mailcow.email</strong> i <strong>ipv6.mailcow.email</strong> w celu rozwiązania zewnętrznych adresów IP.",
+        "is_mx_based": "Bazuje na MX",
+        "last_applied": "ostatnio zastosowany",
+        "license_info": "Licencja nie jest wymagana, ale pomaga w dalszym rozwoju.<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL order\">Zarejestruj swój GUID tutaj</a> lub <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Zamówienie wsparcia\">kup wsparcie dla instalacji mailcow.</a>",
+        "link": "Link",
+        "login_time": "Cześć logowania",
+        "logo_info": "Twój obraz zostanie przeskalowany do wysokości 40px dla górnego paska nawigacyjnego i max. szerokości 250px dla strony startowej. Zalecana jest skalowalna grafika.",
+        "recipients": "Odbiorcy",
+        "send": "Wyślij",
+        "sender": "Nadawca"
     },
     "danger": {
         "access_denied": "Odmowa dostępu lub nieprawidłowe dane w formularzu",
@@ -146,7 +342,8 @@
         "target_domain_invalid": "Domena Idź do jest nieprawidłowa",
         "targetd_not_found": "Nie znaleziono domeny docelowej",
         "username_invalid": "Nie można użyć nazwy użytkownika",
-        "validity_missing": "Proszę wyznaczyć termin ważności"
+        "validity_missing": "Proszę wyznaczyć termin ważności",
+        "to_invalid": "Pole odbiorca nie może być puste"
     },
     "edit": {
         "active": "Aktywny",
@@ -191,13 +388,14 @@
         "target_domain": "Domena docelowa",
         "title": "Edytuj obiekt",
         "unchanged_if_empty": "Jeżli bez zmian, nie wypełniaj",
-        "username": "Nazwa użytkownika"
+        "username": "Nazwa użytkownika",
+        "delete_ays": "Proszę o potwierdzenie procesu usuwania."
     },
     "footer": {
         "cancel": "Anuluj",
         "confirm_delete": "Potwierdź usunięcie",
         "delete_now": "Usuń teraz",
-        "delete_these_items": "Czy jesteś pewien, że chcesz usunąć następujące elementy?",
+        "delete_these_items": "Proszę potwierdzić zmiany w poniższym identyfikatorze obiektu",
         "loading": "Proszę czekać...",
         "restart_now": "Uruchom ponownie teraz"
     },
@@ -216,7 +414,14 @@
         "delayed": "Logowanie zostało opóźnione o %s sekund.",
         "login": "Zaloguj się",
         "password": "Hasło",
-        "username": "Nazwa użytkownika"
+        "username": "Nazwa użytkownika",
+        "forgot_password": "Zapomniałeś hasła?",
+        "login_linkstext": "Login nieprawidłowy?",
+        "login_usertext": "Zaloguj się jako użytkownik",
+        "login_domainadmintext": "Zaloguj się jako administrator domeny",
+        "login_admintext": "Zaloguj się jako admin",
+        "other_logins": "lub zaloguj za pomocą",
+        "email": "Adres e-mail"
     },
     "mailbox": {
         "action": "Działanie",
@@ -284,10 +489,15 @@
         "quarantine": "Kwarantanna",
         "quick_actions": "Szybkie działania",
         "remove": "Usuń",
-        "toggle_all": "Zaznacz wszystkie"
+        "toggle_all": "Zaznacz wszystkie",
+        "confirm_delete": "Potwierdź usunięcie tego elementu.",
+        "learn_spam_delete": "Zapamiętaj jako spam i usuwaj w przyszłości",
+        "quick_delete_link": "Otwórz szybki link do usuwania"
     },
     "queue": {
-        "queue_manager": "Queue Manager"
+        "queue_manager": "Menedżer kolejki",
+        "delete": "Usuń wszystko",
+        "ays": "Potwierdź, że chcesz usunąć wszystkie elementy z bieżącej kolejki."
     },
     "start": {
         "help": "Pokaż/Ukryj panel pomocy",
@@ -298,7 +508,7 @@
         "alias_added": "Alias/y został/y dodany/e",
         "alias_domain_removed": "Usunięto alias domeny %s",
         "alias_modified": "Zapisano zmiany w aliasie/ach %s",
-        "alias_removed": "Usunięto alias %s ",
+        "alias_removed": "Usunięto alias %s",
         "aliasd_added": "Dodano alias domeny %s",
         "aliasd_modified": "Zapisano zmiany w aliasie domeny %s",
         "dkim_added": "Klucz DKIM został zapisany",
@@ -314,7 +524,7 @@
         "forwarding_host_added": "Dodano hosta przekazującego %s",
         "forwarding_host_removed": "Usunięto hosta przekazującego %s",
         "item_deleted": "",
-        "items_deleted": "Item %s successfully deleted",
+        "items_deleted": "Elementy %s skutecznie usunięte",
         "mailbox_added": "Dodano skrzynkę %s",
         "mailbox_modified": "Zapisano zmiany w skrzynce %s",
         "mailbox_removed": "Usunięto skrzynkę %s",
@@ -340,7 +550,7 @@
         "totp": "Time-based OTP (Google Authenticator itd.)",
         "webauthn": "Uwierzytelnianie WebAuthn",
         "waiting_usb_auth": "<i>Czekam na urządzenie USB...</i><br><br>Wciśnij teraz przycisk na urządzeniu WebAuthn USB.",
-        "waiting_usb_register": "<i> Czekam na urządzenie USB...</i><br><br>Wprowadź swoje  hasło powyżej i potwierdź rejestrację WebAuthn przez naciśnięcie przycisku na urządzeniu WebAuthn USB.",
+        "waiting_usb_register": "<i> Czekam na urządzenie USB...</i><br><br>Wprowadź swoje hasło powyżej i potwierdź rejestrację przez naciśnięcie przycisku na urządzeniu USB.",
         "yubi_otp": "Uwierzytelnianie Yubico OTP"
     },
     "user": {
@@ -379,7 +589,7 @@
         "interval": "Zakres",
         "is_catch_all": "Funkcja catch-all dla domen/y",
         "last_run": "Ostatnie uruchomienie",
-        "mailbox_details": " Szczegóły skrzynki",
+        "mailbox_details": "Szczegóły",
         "messages": "wiadomości",
         "never": "Nigdy",
         "new_password": "Nowe hasło",
@@ -398,10 +608,10 @@
         "sogo_profile_reset_now": "Usuń profil teraz",
         "spam_aliases": "Tymczasowy alias email",
         "spamfilter": "Filtr spamu",
-        "spamfilter_behavior": "Rating",
+        "spamfilter_behavior": "Ocena",
         "spamfilter_bl": "Czarna lista",
         "spamfilter_bl_desc": "Adresy email z czarnej listy <b>zawsze</b> klasyfikuj jako spam i odrzucaj. Można użyć wildcards.",
-        "spamfilter_default_score": "Wartości domyślne:",
+        "spamfilter_default_score": "Wartości domyślne",
         "spamfilter_green": "Zielony: ta wiadomość nie jest spamem",
         "spamfilter_hint": "Pierwsza wartość oznacza \"niską punktację spam\", druga wartość oznacza \"wysoką punktację spam\".",
         "spamfilter_red": "Czerwony: ta wiadomość jest spamem i zostanie odrzucona przez serwer",
@@ -429,6 +639,10 @@
         "username": "Nazwa użytkownika",
         "week": "Tydzień",
         "weekly": "Co tydzień",
-        "weeks": "Tygodnie"
+        "weeks": "Tygodnie",
+        "q_add_header": "Spam"
+    },
+    "warning": {
+        "session_ua": "Nieprawidłowy token formularza: Błąd walidacji User-Agent"
     }
 }

From 07d7e3dc30d00f4d43327f18089ec3e1c3fbdd5e Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sun, 9 Nov 2025 23:03:00 +0100
Subject: [PATCH 725/755] [Web] Updated lang.pl-pl.json (#6906)

[Web] Updated lang.pl-pl.json

[Web] Updated lang.pl-pl.json

[Web] Updated lang.pl-pl.json

[Web] Updated lang.pl-pl.json

[Web] Updated lang.pl-pl.json

[Web] Updated lang.pl-pl.json

[Web] Updated lang.pl-pl.json

[Web] Updated lang.pl-pl.json

[Web] Updated lang.pl-pl.json

[Web] Updated lang.pl-pl.json

Co-authored-by: Monika Bark <rychert.monika@wp.pl>
---
 data/web/lang/lang.pl-pl.json | 496 ++++++++++++++++++++++++++++++++--
 1 file changed, 468 insertions(+), 28 deletions(-)

diff --git a/data/web/lang/lang.pl-pl.json b/data/web/lang/lang.pl-pl.json
index 775fd0c7f..4d68d0dd0 100644
--- a/data/web/lang/lang.pl-pl.json
+++ b/data/web/lang/lang.pl-pl.json
@@ -2,10 +2,10 @@
     "acl": {
         "sogo_profile_reset": "Zresetuj profil SOGo",
         "syncjobs": "Zadania doryczące synchronizacji kont",
-        "alias_domains": "Dodaj aliasy domen",
+        "alias_domains": "Dodaj domeny aliasowe",
         "delimiter_action": "Akcja oparta na separatorze",
         "app_passwds": "Zarządzaj hasłami do aplikacji",
-        "bcc_maps": "mapy do BCC",
+        "bcc_maps": "Mapy BCC",
         "domain_desc": "Zmień opis dotyczący domeny",
         "domain_relayhost": "Zmień serwer przekazujący dla tej domeny",
         "eas_reset": "Resetuj urządzenia EAS",
@@ -14,7 +14,7 @@
         "login_as": "Zaloguj się jako użytkownik poczty",
         "mailbox_relayhost": "Zmień serwer pocztowy(relayhost) dla skrzynki pocztowej",
         "prohibited": "Zakazane przez liste kontroli dostępu(ACL)",
-        "protocol_access": "Zakazane przez ACL",
+        "protocol_access": "Zmień dostęp do protokołów",
         "pushover": "Pushover(powiadomienia push w czasie rzeczywistym)",
         "pw_reset": "Zezwalaj na resetowanie hasła użytkownika mailcow",
         "quarantine": "Akcje kwarantanny",
@@ -296,7 +296,122 @@
         "logo_info": "Twój obraz zostanie przeskalowany do wysokości 40px dla górnego paska nawigacyjnego i max. szerokości 250px dla strony startowej. Zalecana jest skalowalna grafika.",
         "recipients": "Odbiorcy",
         "send": "Wyślij",
-        "sender": "Nadawca"
+        "sender": "Nadawca",
+        "lookup_mx": "Destynacja jest regularnym wyrażeniem, które pasuje do nazwy MX (<code>.*\\\\.google\\.com</code>, aby przekierować całą pocztę skierowaną do MX kończącego się na google.com w tym hopie)",
+        "main_name": "Nazwa \"mailcow UI\"",
+        "merged_vars_hint": "Wyszarzone wiersze zostały połączone z <code>vars. (local.) inc.php</code> i nie można ich modyfikować.",
+        "message_size": "Rozmiar wiadomości",
+        "nexthop": "Następny hop",
+        "needs_restart": "potrzebny restart",
+        "no": "&#10005;",
+        "no_active_bans": "Brak aktywnych banów",
+        "no_new_rows": "Brak dostępnych kolejnych wierszy",
+        "oauth2_apps": "Aplikacje OAuth2",
+        "oauth2_add_client": "Dodaj klienta OAuth2",
+        "oauth2_client_id": "ID klienta",
+        "oauth2_client_secret": "Sekret klienta",
+        "oauth2_info": "Implementacja OAuth2 obsługuje typ grantu \"Kod autoryzacji\" i wydaje tokeny odświeżania.<br>\nSerwer automatycznie wydaje również nowe tokeny odświeżania, po użyciu tokena odświeżania.<br><br>\n&#8226; Domyślnym zakresem jest <i>profil</i>. Tylko użytkownicy skrzynek pocztowych mogą być uwierzytelniani w OAuth2. Jeśli parametr zakresu zostanie pominięty, wraca do <i>profil</i>.<br>\n\nParametr <i>state</i> musi zostać wysłany przez klienta w ramach żądania autoryzacji.<br><br>>\nŚcieżki zapytań do API OAuth2: <br>\n<ul>\nPunkt końcowy autoryzacji: <kod>/autoryzuj</koduj</koduj</li>\nPunkt końcowy tokena: <kod>/autoth/token</kod></li>\nStrona zasobów: <kod>/prawo/profil</kod>>\n</ul>\nRegeneracja tajemnicy klienta nie spowoduje wygaśnięcia istniejących kodów autoryzacyjnych, ale nie odnowi ich tokena.<br><br>\nOdwołanie tokenów klienta spowoduje natychmiastowe zakończenie wszystkich aktywnych sesji. Wszyscy klienci muszą się ponownie uwierzytelnić.",
+        "oauth2_redirect_uri": "Przekieruj URI",
+        "oauth2_renew_secret": "Wygeneruj sekret nowego klienta",
+        "oauth2_revoke_tokens": "Unieważnij wszystkie tokeny klienta",
+        "optional": "Opcjonalny",
+        "options": "Opcje",
+        "password_length": "Długość hasła",
+        "password_policy": "Polityka haseł",
+        "password_policy_chars": "Musi zawierać co najmniej jeden znak alfabetyczny",
+        "password_policy_length": "Minimalna długość hasła to %d",
+        "password_policy_lowerupper": "Musi zawierać małe i duże litery",
+        "password_policy_numbers": "Musi zawierać co najmniej jeden numer",
+        "password_policy_special_chars": "Musi zawierać znaki specjalne",
+        "password_reset_info": "Jeśli nie jest udostępniony e-mail zapasowy, ta funkcja nie może być używana.",
+        "password_reset_settings": "Ustawienia odzyskiwania haseł",
+        "password_reset_tmpl_html": "Szablon HTML",
+        "password_reset_tmpl_text": "Szablon tekstu",
+        "password_settings": "Ustawienia hasła",
+        "quarantine_bcc": "Wyślij kopię wszystkich powiadomień (BCC) do tego odbiorcy: <br><small>Pozostaw pustą aby wyłączyć. <b>Niepodpisana, niezaznaczona poczta. Powinna być dostarczana tylko wewnętrznie.</b></small>",
+        "quarantine_exclude_domains": "Wyklucz domeny i domeny aliasowe",
+        "quarantine_max_age": "Maksymalny wiek w dniach <br><small>Wartość musi być równa lub większa niż 1 dzień.</small>",
+        "quarantine_max_score": "Odrzuć powiadomienie, jeśli wskaźnik spamu wiadomości jest wyższy niż ta wartość: <br><small>Domyślne do 9999.0</small>",
+        "quarantine_max_size": "Maksymalny rozmiar w MiB (większe elementy są odrzucane):<br><small>0 oznacza, że <b>nie</b> oznacza nieograniczony.</small>",
+        "quarantine_notification_html": "Szablon wiadomości e-mail z powiadomieniem:<br><small> Pozostaw puste, aby przywrócić szablon domyślny.</small>",
+        "quarantine_notification_sender": "Powiadomienie nadawcy wiadomości e-mail",
+        "quarantine_notification_subject": "Powiadomienie E-mail Temat",
+        "quarantine_redirect": "<b>Przekieruj wszystkie powiadomienia </b> do tego odbiorcy:<br><small> Pozostaw pusty aby wyłączyć. <b>Niepodpisana, niezaznaczona poczta. Powinny być dostarczane tylko wewnętrznie.</b></small>",
+        "quarantine_release_format": "Format zwolnionych przedmiotów",
+        "quarantine_release_format_att": "Jako załącznik",
+        "quarantine_release_format_raw": "Niezmodyfikowany oryginał",
+        "quarantine_retention_size": "Retencje na skrzynkę pocztową: <br><small>0 oznacza <b>nieaktywne</b>.</small>",
+        "quicklink_text": "Pokaż lub ukryj szybkie linki do innych stron logowania pod formularzem logowania",
+        "quota_notification_html": "Szablon wiadomości e-mail z powiadomieniem:<br><small> Pozostaw puste, aby przywrócić szablon domyślny.</small>",
+        "quota_notification_sender": "Powiadomienie nadawcy wiadomości e-mail",
+        "quota_notification_subject": "Temat powiadomienia e-mail",
+        "quota_notifications": "Powiadomienia o limitach",
+        "quota_notifications_info": "Powiadomienia o limktach są wysyłane do użytkowników raz przy przekroczaniu 80% i raz przy przekraczaniu 95% zużycia.",
+        "quota_notifications_vars": "{{percent}} równa się aktualnemu limitowi użytkownika<br>{{username}} jest nazwą skrzynki pocztowej",
+        "queue_unban": "Zdejmij bana",
+        "rate_name": "Nazwa oceny",
+        "regen_api_key": "Regeneruj klucz API",
+        "regex_maps": "Mapy Regex",
+        "relay_from": "\"Od:\" adres",
+        "relay_rcpt": "\"Do:\"Adres",
+        "relay_run": "Uruchom test",
+        "relayhosts": "Transporty zależne od nadawcy",
+        "relayhosts_hint": "Zdefiniuj transporty zależne od nadawcy, aby móc wybrać je w oknie dialogowym konfiguracji domeny.<br>\nUsługa transportu jest zawsze \"smtp:\" i dlatego uruchomj TLS, gdy będzie oferowana. Owinięty TLS (SMTPS) nie jest obsługiwany. Pod uwagę brane jest indywidualne ustawienie polityki wychodzącej TLS użytkownika.<br>\nDotyczy wybranych domen, w tym domen aliasowych.",
+        "remove_row": "Usuń wiersz",
+        "reset_default": "Zresetuj do ustawień domyślnych",
+        "reset_limit": "Usuń hash",
+        "reset_password_vars": "<code>{{link}}</code> Wygenerowany link do resetu hasła <br><code>{{username}}</code> Nazwa skrzynki pocztowej użytkownika, który poprosił o zresetowanie hasła<br><code>{{username2}}</code> Nazwa skrzynki pocztowej do odzyskiwania <br><code>{{date}}</code> Data złożenia żądania resetowania hasła<br><code>{{token_lifetime}}</code>Żywotność tokena w minutach<br><code>{{hostname}}</code> Nazwa hosta mailcow",
+        "restore_template": "Pozostaw puste, aby przywrócić szablon domyślny.",
+        "routing": "Routing",
+        "rsetting_add_rule": "Dodaj regułę",
+        "rsetting_content": "Zawartość reguły",
+        "rsetting_desc": "Krótki opis",
+        "rsetting_no_selection": "Proszę zaznaczyć regułę",
+        "rsetting_none": "Brak dostępnych reguł",
+        "rsettings_insert_preset": "Wstaw przykład presetowany \"%s\"",
+        "rsettings_preset_1": "Wyłącz wszystkie z wyjątkiem DKIM i limitu stawek dla uwierzytelnionych użytkowników",
+        "rsettings_preset_2": "Administratorzy poczty pozwalają na spam",
+        "rsettings_preset_3": "Zezwalaj tylko określonym nadawcom na skrzynkę pocztową (tj. używaj tylko jako wewnętrznej skrzynki pocztowej)",
+        "rsettings_preset_4": "Wyłącz Rspamd dla domeny",
+        "rspamd_com_settings": "Nazwa ustawienia zostanie automatycznie wygenerowana, zobacz przykładowe ustawienia wstępne poniżej. Aby uzyskać więcej informacji, zobacz <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd docs</a>",
+        "rspamd_global_filters": "Globalne mapy filtrów",
+        "rspamd_global_filters_agree": "Będę ostrożny!",
+        "rspamd_global_filters_info": "Globalne mapy filtrów zawierają różne rodzaje globalnych list dozwolonych i zablokowanych adresów.",
+        "rspamd_global_filters_regex": "Ich imiona wyjaśniają ich cel. Cała zawartość musi zawierać ważne wyrażenie regularne w formacie \"/pattern/options\" (e.g. <code>/.+@domain\\.tld/i</code>).<br>\nChociaż podstawowe kontrole są wykonywane na każdej linii regex, funkcja Rspamd może zostać złamana, jeśli nie odczyta poprawnie składni.<br>>\nRspamd po zmianie spróbuje odczytać zawartość mapy. Jeśli wystąpią problemy, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">restart Rspamd</a>, aby wymusić ponowne ładowanie mapy.<br> Elementy z listy odrzuconych są wyłączone z kwarantanny.",
+        "rspamd_settings_map": "Mapa ustawień Rspamd",
+        "sal_level": "Poziom Moo",
+        "service": "Usługa",
+        "service_id": "Id usługi",
+        "subject": "Temat",
+        "success": "Sukces",
+        "sys_mails": "Maile systemowe",
+        "task": "Zadanie",
+        "text": "Tekst",
+        "title": "Tytuł",
+        "title_name": "Tytuł strony internetowej \"mailcow UI\"",
+        "to_top": "Powrót na górę",
+        "transport_dest_format": "Regex lub syntax: example.org, .example.org, *, box@example.org\n(wiele wartości można rozdzielić przecinkami)",
+        "transport_maps": "Mapy transportu",
+        "transport_test_rcpt_info": "&#8226; Użyj null@hosted.mailcow.de aby przetestować przekazywanie do nieznanego miejsca docelowego.",
+        "transports_hint": "&#8226; Wpis mapy transportowej <b>overrules</b> mapa transportowa zależna od nadawcy</b>.<br>\nNajlepiej stosować transporty oparte na MX &#8226;.<br>\nUstawienia zasad Outbound TLS dotyczące użytkownika są ignorowane i mogą być egzekwowane tylko przez wpisy mapy zasad TLS\n&#8226; Usługa transportu dla zdefiniowanych transportów jest zawsze \"smtp:\" i dlatego uruchomi TLS, gdy będzie oferowana. Wrapped TLS (SMTPS) nie jest obsługiwany.<br>\nAdresy pasujące do \"/localhost$/\" będą zawsze transportowane przez \"lokalne:\", dlatego miejsce docelowe \"*\" nie będzie miało zastosowania do tych adresów.<br>\n&#8226; Aby określić poświadczenia dla przykładowego następnego hopa \"[host]:25\", Postfix <b>zawsze</b> kolejkuje zapytania o \"host\" przed wyszukaniem \"[host]:25\". Takie zachowanie uniemożliwia jednoczesne użycie \"host\" i \"[host]:25.",
+        "ui_footer": "Stopka (dozwolone HTML)",
+        "ui_header_announcement": "Ogłoszenia",
+        "ui_header_announcement_active": "Ustaw ogłoszenie jako aktywne",
+        "ui_header_announcement_content": "Tekst (dozwolony HTML)",
+        "ui_header_announcement_help": "Ogłoszenie jest widoczne dla wszystkich zalogowanych użytkowników oraz na ekranie logowania interfejsu użytkownika.",
+        "ui_header_announcement_select": "Wybierz typ ogłoszenia",
+        "ui_header_announcement_type": "Typ",
+        "ui_header_announcement_type_danger": "Bardzo ważne",
+        "ui_header_announcement_type_info": "Info",
+        "ui_header_announcement_type_warning": "Ważne",
+        "ui_texts": "Etykiety i teksty UI",
+        "unban_pending": "oczekuje na odblokowanie",
+        "upload": "Prześlij",
+        "user_link": "Link użytkownika",
+        "user_quicklink": "Ukryj Quicklink do strony logowania użytkownika",
+        "validate_license_now": "Sprawdź identyfikator GUID względem serwera licencji",
+        "verify": "Zweryfikuj",
+        "yes": "&#10003;"
     },
     "danger": {
         "access_denied": "Odmowa dostępu lub nieprawidłowe dane w formularzu",
@@ -309,17 +424,17 @@
         "description_invalid": "Nieprawidłowy opis źródła",
         "dkim_domain_or_sel_invalid": "Nieprawidłowa domena lub selektor DKIM",
         "domain_exists": "Domena %s już istnieje",
-        "domain_invalid": "Błędna nazwa domeny",
+        "domain_invalid": "Nazwa domeny jest pusta lub nieprawidłowa",
         "domain_not_empty": "Nie można usunąć niepustej domeny",
         "domain_not_found": "Nie znaleziono domeny %s",
-        "domain_quota_m_in_use": "Limit domeny %s MiB",
-        "goto_empty": "Adres Idź do nie może być pusty",
+        "domain_quota_m_in_use": "Limit domeny musi być większy lub równy do %s MiB",
+        "goto_empty": "Adres alias musi zawierać co najmniej jeden prawidłowy adres goto",
         "goto_invalid": "Adres Idź do jest nieprawidłowy",
         "is_alias": "%s został już podany jako alias",
         "is_alias_or_mailbox": "%s podano wcześniej jako alias lub skrzynkę",
         "is_spam_alias": "%s podano wcześniej jako alias dla spam",
-        "last_key": "Nie można usunąć ostatniego klucza",
-        "login_failed": "Niepowodzenie logowania",
+        "last_key": "Nie można usunąć ostatniego klucza, zamiast tego należy wyłączyć TFA.",
+        "login_failed": "Logowanie nie powiodło się",
         "mailbox_invalid": "Nieprawidłowa nazwa skrzynki",
         "mailbox_quota_exceeded": "Wielkość przekracza limit domeny (maks. %d MiB)",
         "mailbox_quota_exceeds_domain_quota": "Maksymalna wielkość przekracza limit domeny",
@@ -343,7 +458,105 @@
         "targetd_not_found": "Nie znaleziono domeny docelowej",
         "username_invalid": "Nie można użyć nazwy użytkownika",
         "validity_missing": "Proszę wyznaczyć termin ważności",
-        "to_invalid": "Pole odbiorca nie może być puste"
+        "to_invalid": "Pole odbiorca nie może być puste",
+        "app_name_empty": "Nazwa aplikacji nie może być pusta",
+        "app_passwd_id_invalid": "Identyfikator hasła aplikacji %s jest niepoprawny",
+        "authsource_in_use": "Nie można zmienić ani usunąć dostawcy tożsamości, ponieważ jest używany przez co najmniej jednego użytkownika.",
+        "bcc_empty": "Miejsce docelowe BCC nie może być puste",
+        "bcc_exists": "Mapa BCC %s istnieje dla typu %s",
+        "bcc_must_be_email": "Miejsce docelowe BCC %s nie jest prawidłowym adresem e-mail",
+        "comment_too_long": "Komentarz zbyt długi, maksymalnie 160 dozwolonych znaków.",
+        "cors_invalid_method": "Podano nieprawidłową metodę Allow-Method",
+        "cors_invalid_origin": "Podano nieprawidłową wartość Allow-Origin",
+        "defquota_empty": "Domyślny limit skrzynki pocztowej nie może wynosić 0",
+        "demo_mode_enabled": "Tryb demo jest włączony",
+        "dkim_domain_or_sel_exists": "Klucz DKIM dla \"%s\" istnieje i nie zostanie nadpisany",
+        "domain_cannot_match_hostname": "Domena nie może być taka sama jak nazwa hosta",
+        "extended_sender_acl_denied": "brak ACL do ustawiania adresów nadawcy zewnętrznego",
+        "extra_acl_invalid": "Adres nadawcy zewnętrznego \"%s\" jest nieważny",
+        "extra_acl_invalid_domain": "Nadawca zewnętrzny \"%s\" używa nieprawidłowej domeny",
+        "fido2_verification_failed": "Weryfikacja FIDO2 nie powiodła się: %s",
+        "file_open_error": "Nie można otworzyć pliku do zapisu",
+        "filter_type": "Niewłaściwy typ filtra",
+        "from_invalid": "Nadawca nie może być pusty",
+        "generic_server_error": "Wystąpił nieoczekiwany błąd serwera. Skontaktuj się z administratorem.",
+        "global_filter_write_error": "Nie można zapisać pliku filtra: %s",
+        "global_map_invalid": "Id mapy globalnej %s nieprawidłowe",
+        "global_map_write_error": "Nie można napisać globalnej mapy ID %s: %s",
+        "ham_learn_error": "Błąd uczenia ham: %s",
+        "iam_test_connection": "Połączenie nie powiodło się",
+        "imagick_exception": "Błąd: wyjątek Imagick podczas odczytu obrazu",
+        "img_dimensions_exceeded": "Obraz przekracza maksymalny rozmiar obrazu",
+        "img_invalid": "Nie można zweryfikować pliku obrazu",
+        "img_size_exceeded": "Obraz przekracza maksymalny rozmiar pliku",
+        "img_tmp_missing": "Nie można zweryfikować pliku obrazu: Nie znaleziono pliku tymczasowego",
+        "invalid_bcc_map_type": "Nieprawidłowy typ mapy BCC",
+        "invalid_destination": "Format docelowy \"%s\" jest nieprawidłowy",
+        "invalid_filter_type": "Nieprawidłowy typ filtra",
+        "invalid_host": "Nieprawidłowy określony host: %s",
+        "invalid_mime_type": "Niepoprawny typ mime",
+        "invalid_nexthop": "Następny format hop jest nieprawidłowy",
+        "invalid_nexthop_authenticated": "Następny hop już istnieje z innymi danymi logowania — zaktualizuj najpierw istniejące dane uwierzytelniające dla tego hopa",
+        "invalid_recipient_map_new": "Określony nieprawidłowy nowy odbiorca: %s",
+        "invalid_recipient_map_old": "Określony nieprawidłowy pierwotny odbiorca: %s",
+        "invalid_reset_token": "Nieprawidłowy token resetu",
+        "ip_list_empty": "Lista dozwolonych adresów IP nie może być pusta",
+        "mailbox_defquota_exceeds_mailbox_maxquota": "Domyślny limit skrzynki pocztowej przekracza maksymalny dozwolony limit",
+        "malformed_username": "Nieprawidłowy format nazwy użytkownika.",
+        "map_content_empty": "Zawartość mapy nie może być pusta",
+        "max_age_invalid": "Nieprawidłowa wartość maksymalnego wieku: %s",
+        "mode_invalid": "Tryb %s jest nieprawidłowy",
+        "mx_invalid": "Rekord MX %s jest nieprawidłowy",
+        "mysql_error": "Błąd MySQL: %s",
+        "network_host_invalid": "Nieprawidłowa sieć lub host: %s",
+        "next_hop_interferes": "%s powoduje konflikt z nexthop %s.",
+        "next_hop_interferes_any": "Istniejący next hop koliduje z %s.”",
+        "nginx_reload_failed": "Nie udało się przeładować Nginx: %s",
+        "no_user_defined": "Brak zdefiniowanego użytkownika",
+        "password_reset_invalid_user": "Skrzynka pocztowa nie została znaleziona lub nie ustawiono adresu e-mail do odzyskiwania",
+        "password_reset_na": "Odzyskiwanie hasła jest obecnie niedostępne. Skontaktuj się ze swoim administratorem.",
+        "private_key_error": "Błąd klucza prywatnego: %s",
+        "pushover_credentials_missing": "Brak tokena i/lub klucza Pushover",
+        "pushover_key": "Klucz Pushover ma niewłaściwy format",
+        "pushover_token": "Token Pushover ma zły format",
+        "recipient_map_entry_exists": "Istnieje wpis mapy odbiorcy \"%s",
+        "recovery_email_failed": "Nie można wysłać e-maila odzyskiwania. Skontaktuj się ze swoim administratorem.",
+        "redis_error": "Błąd Redis: %s",
+        "relayhost_invalid": "Wpis mapy %s jest niepoprawny",
+        "release_send_failed": "Nie udało się zwolnić wiadomości: %s.",
+        "required_data_missing": "Brakuje wymaganych danych %s",
+        "reset_f2b_regex": "Filtr Regex nie mógł zostać zresetowany na czas, spróbuj ponownie lub poczekaj jeszcze kilka sekund i przeładuj stronę.",
+        "reset_token_limit_exceeded": "Limit tokenów Reset został przekroczony. Spróbuj ponownie później",
+        "rl_timeframe": "Nieprawidłowo ustawiony przedział czasu limitu",
+        "rspamd_ui_pw_length": "Hasło do Rspamd UI powinno mieć co najmniej 6 znaków długości",
+        "script_empty": "Skrypt nie może być pusty",
+        "set_acl_failed": "Nie udało się ustawić ACL",
+        "settings_map_invalid": "Ustawienia id mapy %s są nieprawidłowe",
+        "sieve_error": "Błąd podczas analizy skryptu Sieve: %s",
+        "spam_learn_error": "Błąd uczenia spamu: %s.",
+        "subject_empty": "Temat nie może być pusty",
+        "targetd_relay_domain": "Domena docelowa %s jest skonfigurowana jako domena przekazująca relay",
+        "template_exists": "Szablon %s już istnieje",
+        "template_id_invalid": "Identyfikator szablonu %s niepoprawny",
+        "template_name_invalid": "Nazwa szablonu niepoprawna",
+        "temp_error": "Tymczasowy błąd",
+        "text_empty": "Pole tekstowe nie może być puste",
+        "tfa_token_invalid": "Niepoprawny token TFA",
+        "tls_policy_map_dest_invalid": "Podano błędne lub nieobsługiwane miejsce docelowe dla tej polityki",
+        "tls_policy_map_entry_exists": "Istnieje mapa polityki TLS \"%s",
+        "tls_policy_map_parameter_invalid": "Parametr polityki jest nieprawidłowy",
+        "totp_verification_failed": "Weryfikacja TOTP nie powiodła się",
+        "transport_dest_exists": "Miejsce docelowe transportu „%s” już istnieje",
+        "webauthn_verification_failed": "Weryfikacja WebAuthn nie powiodła się: %s",
+        "webauthn_authenticator_failed": "Wybrany autoryzator nie został odnaleziony",
+        "webauthn_publickey_failed": "Nie przechowywano klucza publicznego dla wybranego uwierzytelniacza",
+        "webauthn_username_failed": "Wybrany autoryzator należy do innego konta",
+        "unknown": "Wystąpił nieznany błąd",
+        "unknown_tfa_method": "Nieznana metodą TFA",
+        "unlimited_quota_acl": "Ustawienie nieograniczonego limitu przestrzeni jest zabronione przez reguły ACL",
+        "value_missing": "Proszę o podanie wszystkich wartości",
+        "version_invalid": "Wersja %s jest niepoprawna",
+        "yotp_verification_failed": "Weryfikacja OTP Yubico nie powiodła się: %s"
     },
     "edit": {
         "active": "Aktywny",
@@ -389,7 +602,51 @@
         "title": "Edytuj obiekt",
         "unchanged_if_empty": "Jeżli bez zmian, nie wypełniaj",
         "username": "Nazwa użytkownika",
-        "delete_ays": "Proszę o potwierdzenie procesu usuwania."
+        "delete_ays": "Proszę o potwierdzenie procesu usuwania.",
+        "acl": "ACL (Pozwolenie)",
+        "admin": "Edytyj administratora",
+        "advanced_settings": "Ustawienia zaawansowane",
+        "allow_from_smtp": "Zezwalaj tylko tym adresom IP na używanie <b>SMTP</b>",
+        "allow_from_smtp_info": "Pozostaw puste, aby zezwolić na wszystkich nadawców.<br>adresy IPv4/IPv6 i sieci.",
+        "allowed_protocols": "Dozwolone protokoły dla bezpośredniego dostępu użytkownika (nie wpływa na protokoły haseł aplikacji).",
+        "app_name": "Nazwa aplikacji",
+        "app_passwd": "Hasło do aplikacji",
+        "app_passwd_protocols": "Dozwolone protokoły dla hasła aplikacji",
+        "automap": "Spróbuj automatycznie mapować foldery (np. „Sent items”, „Sent” ⇒ „Sent” itp.)",
+        "bcc_dest_format": "Miejscem docelowym BCC musi być jeden prawidłowy adres e-mail.<br>Jeśli chcesz wysłać kopię na wiele adresów, utwórz alias i użyj go tutaj.",
+        "client_id": "Id klienta",
+        "client_secret": "Tajny klucz klienta(sekret)",
+        "comment_info": "Komentarz prywatny nie jest widoczny dla użytkownika, natomiast komentarz publiczny jest wyświetlany jako podpowiedź po najechaniu kursorem w widoku użytkownika.",
+        "created_on": "Stworzony na",
+        "custom_attributes": "Niestandardowe atrybuty",
+        "delete2": "Usunąć wiadomości na koncie docelowym, które nie występują na koncie źródłowym?",
+        "disable_login": "Zablokuj logowanie (przychodząca poczta nadal będzie przyjmowana)",
+        "domain_footer": "Stopka dla całej domeny",
+        "domain_footer_html": "Stopka HTML",
+        "domain_footer_info": "Stopki dla całej domeny są dodawane do wszystkich wychodzących wiadomości e-mail powiązanych z adresami w tej domenie.<br>W stopce można użyć następujących zmiennych:",
+        "domain_footer_info_vars": {
+            "auth_user": "{= auth_user =} - Uwierzytelniona nazwa użytkownika określona przez MTA",
+            "from_user": "{= from_user =} – część użytkownika (local-part) adresu nadawcy; np. dla „moo@mailcow.tld\n” zwróci „moo”",
+            "from_name": "{= from_name =} – nazwa nadawcy (From name) z nagłówka wiadomości; np. dla „Mailcow <moo@mailcow.tld\n>” zwróci „Mailcow”.",
+            "from_addr": "{= from_addr =} – pełny adres nadawcy (z części envelope)",
+            "from_domain": "{= from_domain =} – część domenowa adresu nadawcy (z envelope).",
+            "custom": "{= foo =}         - jeśli skrzynka pocztowa ma niestandardowy atrybut „foo” o wartości „bar”, zwraca „bar”."
+        },
+        "domain_footer_plain": "Stopka w formacie tekstowym(PLAIN)",
+        "domain_footer_skip_replies": "Nie dodawaj stopki do odpowiedzi na e-maile",
+        "extended_sender_acl": "Adresy nadawców zewnętrznych",
+        "extended_sender_acl_info": "Klucz DKIM dla domeny powinien zostać zaimportowany, jeśli jest dostępny.\nPamiętaj, aby dodać ten serwer do odpowiadającego rekordu SPF typu TXT.\nKiedy domena lub domena aliasu zostanie dodana do tego serwera i pokrywa się z zewnętrznym adresem, zewnętrzny adres zostanie usunięty.",
+        "force_pw_update": "Wymuszenie aktualizacji hasła przy następnym logowaniu",
+        "force_pw_update_info": "Ten użytkownik będzie mógł logować się wyłącznie do %s. Hasła aplikacyjne pozostają aktywne.",
+        "footer_exclude": "Wyklucz ze stopki",
+        "gal": "Globalna lista adresowa",
+        "gal_info": "GAL zawiera wszystkie obiekty domeny i nie może być edytowana przez żadnego użytkownika. Informacje o dostępności (free/busy) w SOGo są niedostępne, jeśli funkcja jest wyłączona!<b>Uruchom ponownie SOGo, aby zastosować zmiany.</b>",
+        "generate": "generuj",
+        "grant_types": "Rodzaje grantów(Typy przyznawania dostępu)",
+        "internal": "Wewnętrzny",
+        "internal_info": "Aliasów wewnętrznych można używać tylko w obrębie własnej domeny lub domen aliasów.",
+        "last_modified": "Ostatnio modyfikowany",
+        "lookup_mx": "Destination to wyrażenie regularne dopasowujące nazwę serwera MX (np. <code>.*.google.com</code> — aby kierować całą pocztę wysyłaną do MX kończących się na google.com przez ten hop)."
     },
     "footer": {
         "cancel": "Anuluj",
@@ -531,16 +788,25 @@
         "object_modified": "Zapisano zmiany w obiekcie %s",
         "resource_added": "Dodano śródło %s",
         "resource_modified": "Zapisano zmiany w skrzynce %s",
-        "resource_removed": "Usunięto zasób %s"
+        "resource_removed": "Usunięto zasób %s",
+        "template_removed": "Szablon o identyfikatorze %s został usunięty.",
+        "tls_policy_map_entry_deleted": "Mapa polityki TLS o identyfikatorze %s została usunięta",
+        "tls_policy_map_entry_saved": "Wpis mapy polityki TLS \"%s\" został zapisany",
+        "ui_texts": "Zapisane zmiany w tekstach UI",
+        "upload_success": "Plik przesłany pomyślnie",
+        "verified_fido2_login": "Zweryfikowany login FIDO2",
+        "verified_totp_login": "Zweryfikowany login TOTP",
+        "verified_webauthn_login": "Zweryfikowany login WebAuthn",
+        "verified_yotp_login": "Zweryfikowany login Yubico OTP"
     },
     "tfa": {
-        "api_register": "%s używa Yubico Cloud API. Proszę pobrać klucz API dla Twojego klucza <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">here</a>",
+        "api_register": "%s używa Yubico Cloud API. Proszę pobrać klucz API dla Twojego klucza <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">tutaj</a>",
         "confirm": "Potwierdź",
         "confirm_totp_token": "Potwierdź zmiany przez wprowadzenie wygenerowanego tokenu",
         "delete_tfa": "Wyłącz TFA",
         "disable_tfa": "Wyłącz TFA do kolejnego udanego logowania",
         "enter_qr_code": "Twój kod TOTP, jeśli Twoje urządzenie nie skanuje kodów QR.",
-        "key_id": "Identyfikator dla Twojego YubiKey",
+        "key_id": "Identyfikator dla twojego urządzenia",
         "key_id_totp": "Identyfikator dla Twojego klucza",
         "none": "Deaktywuj",
         "scan_qr_code": "Zeskanuj następujący kod aplikacją uwierzytelniającą lub wprowadź kod ręcznie.",
@@ -551,7 +817,15 @@
         "webauthn": "Uwierzytelnianie WebAuthn",
         "waiting_usb_auth": "<i>Czekam na urządzenie USB...</i><br><br>Wciśnij teraz przycisk na urządzeniu WebAuthn USB.",
         "waiting_usb_register": "<i> Czekam na urządzenie USB...</i><br><br>Wprowadź swoje hasło powyżej i potwierdź rejestrację przez naciśnięcie przycisku na urządzeniu USB.",
-        "yubi_otp": "Uwierzytelnianie Yubico OTP"
+        "yubi_otp": "Uwierzytelnianie Yubico OTP",
+        "authenticators": "Uwierzytelniacze",
+        "error_code": "Kod błędu",
+        "init_webauthn": "Inicjalizacja, proszę czekać...",
+        "reload_retry": "- (przeładuj przeglądarkę, jeśli błąd nadal występuje)",
+        "start_webauthn_validation": "Rozpocznij walidację",
+        "tfa_token_invalid": "Token TFA nieprawidłowy",
+        "u2f_deprecated": "Wygląda na to, że Twój klucz został zarejestrowany przy użyciu przestarzałej metody U2F. Dezaktywujemy dla Ciebie uwierzytelnianie dwuskładnikowe i usuniemy Twój klucz.",
+        "u2f_deprecated_important": "Zarejestruj swój klucz w panelu administracyjnym za pomocą nowej metody WebAuthn."
     },
     "user": {
         "action": "Działanie",
@@ -581,7 +855,7 @@
         "edit": "Edytuj",
         "encryption": "Szyfrowanie",
         "excludes": "Wyłączenia",
-        "force_pw_update": "<b>Musisz</b> zmienić hasło, aby używać webmaila.",
+        "force_pw_update": "<b>Musisz</b> ustawić nowe hasło, aby mieć dostęp do usług groupware.",
         "hour": "Godzina",
         "hourly": "Co godzinę",
         "hours": "Godziny",
@@ -601,16 +875,16 @@
         "remove": "Usuń",
         "save_changes": "Zapisz zmiany",
         "shared_aliases": "Aliasy współdzielone",
-        "shared_aliases_desc": "Na aliasy współdzielone nie wpływają filtry spamu i ustawienia TLS.",
-        "show_sieve_filters": "Twój filtr sieve",
-        "sogo_profile_reset": "Usuń profil SOGo (webmail)",
-        "sogo_profile_reset_help": "To usunie ustawienia SOGo <b>bezpowrotnie</b>.",
-        "sogo_profile_reset_now": "Usuń profil teraz",
-        "spam_aliases": "Tymczasowy alias email",
+        "shared_aliases_desc": "Współdzielone aliasy nie są objęte ustawieniami specyficznymi dla użytkownika, takimi jak filtr antyspamowy czy polityka szyfrowania.\nOdpowiadające im filtry antyspamowe mogą być tworzone wyłącznie przez administratora — jako polityki obowiązujące dla całej domeny.",
+        "show_sieve_filters": "Pokaż filtr sieve aktywnego użytkownika",
+        "sogo_profile_reset": "Zresetuj profil SOGo",
+        "sogo_profile_reset_help": "Spowoduje to usunięcie profilu użytkownika SOGo oraz bezpowrotne <b>usunięcie wszystkich danych kontaktów i kalendarza.</b>",
+        "sogo_profile_reset_now": "Zresetuj profil teraz",
+        "spam_aliases": "Tymczasowe aliasy email",
         "spamfilter": "Filtr spamu",
         "spamfilter_behavior": "Ocena",
         "spamfilter_bl": "Czarna lista",
-        "spamfilter_bl_desc": "Adresy email z czarnej listy <b>zawsze</b> klasyfikuj jako spam i odrzucaj. Można użyć wildcards.",
+        "spamfilter_bl_desc": "Adresy e-mail znajdujące się na liście zablokowanych (denylist) są <b>zawsze</b>klasyfikowane jako spam i odrzucane.\nOdrzucone wiadomości <b>nie są</b>kopiowane do kwarantanny.\nMożna używać symboli wieloznacznych (wildcardów).\nFiltr jest stosowany wyłącznie do bezpośrednich aliasów (aliasów kierujących do jednej skrzynki pocztowej), z wyłączeniem aliasów typu „catch-all” oraz samej skrzynki.",
         "spamfilter_default_score": "Wartości domyślne",
         "spamfilter_green": "Zielony: ta wiadomość nie jest spamem",
         "spamfilter_hint": "Pierwsza wartość oznacza \"niską punktację spam\", druga wartość oznacza \"wysoką punktację spam\".",
@@ -622,13 +896,13 @@
         "spamfilter_table_remove": "Usuń",
         "spamfilter_table_rule": "Zasada",
         "spamfilter_wl": "Biała lista",
-        "spamfilter_wl_desc": "Adresy email z białej listy <b>nigdy</b> nie klasyfikuj jako spam. Można użyć wildcards.",
+        "spamfilter_wl_desc": "Adresy e-mail znajdujące się na liście dozwolonych (allowlist) są zaprogramowane tak, aby <b> nigdy nie </b> były klasyfikowane jako spam.\nMożna używać symboli wieloznacznych (wildcardów).\nFiltr jest stosowany wyłącznie do bezpośrednich aliasów (aliasów wskazujących na jedną skrzynkę pocztową), z wyłączeniem aliasów typu „catch-all” oraz samej skrzynki pocztowej",
         "spamfilter_yellow": "Żółty: ta wiadomość może być spamem, zostanie oznaczona jako spam i przeniesiona do folderu spam",
-        "sync_jobs": "Polecenie synchronizacji",
+        "sync_jobs": "Zadania synchronizacji",
         "tag_handling": "Ustaw obsługę znaczników pocztowych",
         "tag_help_example": "Przykład adresu email z etykietą: ja<b>+Facebook</b>@example.org",
         "tag_help_explain": "W podfolderze: tworzy nowy podfolder z nazwą taką jak etykieta, który zostanie umieszczony pod Skrzynką odbiorczą (\"Skrzynka odbiorcza/Facebook\").<br>\r\nW temacie: nazwy etykiet zostaną dodane na początku tematów wiadomości, np.: \"[Facebook] Moje wiadomości\".",
-        "tag_in_none": "Nic nie robić",
+        "tag_in_none": "Nie wykonuj żadnej akcji",
         "tag_in_subfolder": "W podfolderze",
         "tag_in_subject": "W temacie",
         "tls_enforce_in": "Uruchom TLS przychodzące",
@@ -640,9 +914,175 @@
         "week": "Tydzień",
         "weekly": "Co tydzień",
         "weeks": "Tygodnie",
-        "q_add_header": "Spam"
+        "q_add_header": "Spam",
+        "advanced_settings": "Ustawienia zaawansowane",
+        "app_hint": "Hasła aplikacji są alternatywnymi hasłami dla logowania IMAP, SMTP, CalDAV, CardDAV i EAS. Nazwa użytkownika pozostaje niezmieniona. Webmail SOGo nie jest dostępny za pośrednictwem haseł aplikacji.",
+        "allowed_protocols": "Dozwolone protokoły",
+        "app_name": "Nazwa aplikacji",
+        "app_passwds": "Hasła do aplikacji",
+        "apple_connection_profile": "Profil połączenia Apple",
+        "apple_connection_profile_complete": "Ten profil połączenia obejmuje parametry IMAP i SMTP, a także ścieżki CalDAV (kalendarze) i CardDAV (kontakty) dla urządzenia Apple.",
+        "apple_connection_profile_mailonly": "Ten profil połączenia zawiera parametry konfiguracji IMAP i SMTP dla urządzenia Apple.",
+        "apple_connection_profile_with_app_password": "Nowe hasło aplikacji jest generowane i dodawane do profilu, dzięki czemu nie trzeba wprowadzać hasła podczas konfigurowania urządzenia. Proszę nie udostępniaj tego pliku, ponieważ zapewnia on pełny dostęp do skrzynki pocztowej.",
+        "attribute": "Atrybut",
+        "authentication": "Uwierzytelnianie",
+        "change_password_hint_app_passwords": "Twoje konto ma %d hasła aplikacji, które nie zostaną zmienione. Aby nimi zarządzać, przejdź do zakładki Hasła aplikacji.",
+        "clear_recent_successful_connections": "Wyczyść udane połączenia",
+        "create_app_passwd": "Stwórz hasło do aplikacji",
+        "created_on": "Stworzony na",
+        "delete_ays": "Proszę o potwierdzenie procesu usuwania.",
+        "direct_protocol_access": "Ten użytkownik skrzynki pocztowej ma <b>bezpośredni, zewnętrzny dostęp</b> do następujących protokołów i aplikacji. To ustawienie jest kontrolowane przez administratora. Można tworzyć hasła aplikacji, aby przyznać dostęp do poszczególnych protokołów i aplikacji.Przycisk „Webmail” umożliwia jednokrotne logowanie (SSO) do SOGo i jest zawsze dostępny.",
+        "email": "Email",
+        "email_and_dav": "E-maile, kalendarze i kontakty",
+        "empty": "Brak wyników",
+        "expire_in": "wygasa w",
+        "fido2_webauthn": "FIDO2/WebAuthn",
+        "from": "od",
+        "generate": "generuj",
+        "last_mail_login": "Ostatni login na skrzynkę pocztową",
+        "last_pw_change": "Ostatnia zmiana hasła",
+        "last_ui_login": "Ostatni login UI",
+        "loading": "Ładowanie...",
+        "login_history": "Historia logowania",
+        "mailbox": "Skrzynka pocztowa",
+        "mailbox_general": "Ogólne ustawienia skrzynki",
+        "mailbox_settings": "Ustawienia",
+        "month": "miesiąc",
+        "months": "miesiące",
+        "no_last_login": "Brak ostatnich danych logowania do interfejsu użytkownika",
+        "open_logs": "Otwórz logi użytkownika",
+        "open_webmail_sso": "­Webmail",
+        "overview": "Przegląd",
+        "password": "Hasło",
+        "password_repeat": "Hasło (powtórz)",
+        "password_reset_info": "Jeśli nie ma wiadomości e-mail do odzyskiwania hasła, ta funkcja nie może być używana.",
+        "protocols": "Protokoły",
+        "pushover_evaluate_x_prio": "Eskaluj wiadomości o wysokim priorytecie [<code>X-Priority: 1</code>]",
+        "pushover_info": "Ustawienia powiadomień push będą stosowane do wszystkich czystych (niebędących spamem) wiadomości dostarczonych do <b>%s</b>, w tym aliasów (współdzielonych, niewspółdzielonych i oznaczonych).",
+        "pushover_only_x_prio": "Uwzględniaj tylko wiadomości o wysokim priorytecie [<code>X-Priority: 1</code>]",
+        "pushover_sender_array": "Uwzględnij następujące adresy e-mail nadawców <small>(oddzielone przecinkami)</small>",
+        "pushover_sender_regex": "Dopasuj nadawców według następującego regexu",
+        "pushover_text": "Tekst powiadomienia",
+        "pushover_title": "Tytuł powiadomienia",
+        "pushover_sound": "Dźwięk powiadomienia",
+        "pushover_vars": "Jeśli nie zdefiniowano filtra nadawcy, wszystkie wiadomości będą brane pod uwagę.<br>Filtry regex oraz dokładne sprawdzanie nadawców można definiować indywidualnie – są one przetwarzane kolejno i nie zależą od siebie.</br>Dostępne zmienne dla treści i tytułu (prosimy pamiętać o zasadach ochrony danych osobowych).",
+        "pushover_verify": "Zweryfikuj dane logowania",
+        "pw_recovery_email": "E-mail do odzyskiwania hasła",
+        "q_all": "Wszystkie kategorie",
+        "q_reject": "Odrzucono",
+        "quarantine_category": "Kategoria powiadomień o kwarantannie",
+        "quarantine_category_info": "Kategoria powiadomień „Odrzucone” obejmuje wiadomości, które zostały odrzucone, natomiast „Folder spam” powiadamia użytkownika o wiadomościach umieszczonych w folderze spam.",
+        "quarantine_notification_info": "Po wysłaniu powiadomienia elementy zostaną oznaczone jako „powiadomione” i żadne kolejne powiadomienia nie zostaną wysłane dla danego elementu.",
+        "recent_successful_connections": "Zarejestrowano udane połączenia",
+        "running": "Uruchomiony",
+        "save": "Zapisz zmiany",
+        "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">Sprawdzenie nadawcy jest wyłączone</span>",
+        "spam_score_reset": "Przywróć domyślne ustawienia serwera",
+        "status": "Status",
+        "syncjob_check_log": "Sprawdź log",
+        "syncjob_last_run_result": "Wynik ostatniego uruchomienia",
+        "syncjob_EX_OK": "Sukces",
+        "syncjob_EXIT_CONNECTION_FAILURE": "Problem z połączeniem",
+        "syncjob_EXIT_TLS_FAILURE": "Problem z szyfrowanym połączeniem",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Problem uwierzytelniania",
+        "syncjob_EXIT_OVERQUOTA": "Docelowa skrzynka pocztowa przekroczyła limit pojemności",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Nie można połączyć się ze zdalnym serwerem",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Niewłaściwa nazwa użytkownika lub hasło",
+        "text": "Tekst",
+        "tfa_info": "Uwierzytelnianie dwuskładnikowe pomaga chronić Twoje konto.\nJeśli je włączysz, będziesz potrzebować haseł aplikacji, aby logować się do programów lub usług, które nie obsługują uwierzytelniania dwuskładnikowego (np. klientów poczty).",
+        "title": "Tytuł",
+        "value": "Wartość",
+        "verify": "Zweryfikuj",
+        "waiting": "Oczekuje",
+        "with_app_password": "z hasłem aplikacji",
+        "year": "rok",
+        "years": "lata"
     },
     "warning": {
-        "session_ua": "Nieprawidłowy token formularza: Błąd walidacji User-Agent"
+        "session_ua": "Nieprawidłowy token formularza: Błąd walidacji User-Agent",
+        "cannot_delete_self": "Nie można usunąć zalogowanego użytkownika",
+        "domain_added_sogo_failed": "Dodano domenę, ale nie udało się ponownie uruchomić SOGo, sprawdź logi serwera.",
+        "dovecot_restart_failed": "Nie udało się ponownie uruchomić Dovecota, sprawdź logi",
+        "fuzzy_learn_error": "Błąd uczenia fuzzy hash: %s",
+        "hash_not_found": "Hash nie został odnaleziony lub został już usunięty",
+        "ip_invalid": "Pominięto nieprawidłowe IP: %s",
+        "is_not_primary_alias": "Pominięto alias niebędący głównym: %s",
+        "no_active_admin": "Nie można dezaktywować ostatniego aktywnego administratora",
+        "quota_exceeded_scope": "Przekroczono limit pojemności domeny: w tym zakresie domeny można tworzyć tylko skrzynki o nieograniczonej pojemności.",
+        "session_token": "Nieprawidłowy token formularza: niedopasowanie tokenów"
+    },
+    "datatables": {
+        "collapse_all": "Zwiń wszystko",
+        "decimal": ".",
+        "emptyTable": "Brak danych w tabeli",
+        "expand_all": "Rozszerz wszystko",
+        "info": "Wyświetlanie od START do END z TOTAL wpisów.",
+        "infoEmpty": "Wyświetlanie od 0 do 0 z 0 wpisów",
+        "infoFiltered": "(filtrowane z _MAX_ suma wpisów)",
+        "thousands": ",",
+        "lengthMenu": "Pokaż wpisy _MENU_",
+        "loadingRecords": "Ładowanie...",
+        "processing": "Proszę czekać...",
+        "search": "Szukaj:",
+        "zeroRecords": "Nie znaleziono pasujących rekordów",
+        "paginate": {
+            "first": "Pierwszy",
+            "last": "Ostatni",
+            "next": "Następny",
+            "previous": "Poprzedni"
+        },
+        "aria": {
+            "sortAscending": "Aktywuj, aby posortować kolumnę rosnąco",
+            "sortDescending": "Aktywuj, aby posortować kolumnę malejąco"
+        }
+    },
+    "debug": {
+        "architecture": "Architektura",
+        "chart_this_server": "Wykres (ten serwer)",
+        "containers_info": "Informacje o kontenerze",
+        "container_running": "uruchomiony",
+        "container_disabled": "Kontener zatrzymany lub wyłączony",
+        "container_stopped": "Zatrzymany",
+        "cores": "rdzenie",
+        "current_time": "Czas systemowy",
+        "disk_usage": "Użycie dysku",
+        "docs": "Dokumentacja",
+        "error_show_ip": "Nie można ustalić publicznych adresów IP.",
+        "external_logs": "Logi zewnętrzne",
+        "history_all_servers": "Historia (wszystkie serwery)",
+        "in_memory_logs": "Logi w pamięci",
+        "last_modified": "Ostatnia modyfikacja",
+        "log_info": "<p>mailcow <b>logi w pamięci</b> są gromadzone na listach Redis i przycinane do wartości <code>LOG_LINES</code> (%d) co minutę, aby ograniczyć nadmierne obciążenie systemu.</p> <p>Logi w pamięci nie są przeznaczone do trwałego przechowywania. Wszystkie aplikacje, które zapisują logi w pamięci, wysyłają je również do daemon Dockera, a więc do domyślnego sterownika logowania.</p> <p>Ten typ logów należy wykorzystywać do <b>debugowania drobnych problemów z kontenerami</b>.</p> <p><b>Logi zewnętrzne</b> są zbierane za pośrednictwem API danej aplikacji.</p> <p><b>Logi statyczne</b> to głównie dzienniki aktywności, które nie są zapisywane przez Dockerd, ale powinny być trwałe (z wyjątkiem logów API).</p>",
+        "login_time": "Czas",
+        "logs": "Logi",
+        "memory": "Pamięć",
+        "online_users": "Użytkownik online",
+        "restart_container": "Restart",
+        "service": "Usługa",
+        "show_ip": "Pokaż publiczne IP",
+        "size": "Rozmiar",
+        "started_at": "Zaczęło się od",
+        "started_on": "Zaczęło się od",
+        "static_logs": "Logi statyczne",
+        "success": "Sukces",
+        "system_containers": "System i kontenery",
+        "timezone": "Strefa czasowa",
+        "uptime": "Czas pracy",
+        "update_available": "Dostępna jest aktualizacja",
+        "no_update_available": "System jest w najnowszej wersji",
+        "update_failed": "Nie można było sprawdzić aktualizacji",
+        "username": "Nazwa użytkownika",
+        "wip": "Obecnie praca w toku"
+    },
+    "diagnostics": {
+        "cname_from_a": "Wartość pochodzi z rekordu A/AAAA. Obsługiwane, o ile rekord wskazuje na prawidłowy zasób.",
+        "dns_records": "Rekordy DNS",
+        "dns_records_24hours": "Pamiętaj, że zmiany wprowadzone w DNS mogą zająć nawet do 24 godzin, zanim ich aktualny stan zostanie poprawnie odzwierciedlony na tej stronie.\nTa sekcja ma na celu ułatwienie Ci konfiguracji rekordów DNS oraz sprawdzenie, czy wszystkie rekordy zostały prawidłowo zapisane w DNS.",
+        "dns_records_data": "Poprawne dane",
+        "dns_records_docs": "Proszę skonsultuj również <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">dokumnetację</a>",
+        "dns_records_name": "Nazwa",
+        "dns_records_status": "Aktualny stan",
+        "dns_records_type": "Typ",
+        "optional": "Ten rekord jest opcjonalny."
     }
 }

From 2e1d98cc7ccd40a72a259b18172b11478b2e0e22 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Mon, 10 Nov 2025 21:06:13 +0100
Subject: [PATCH 726/755] [Web] Updated lang.pl-pl.json (#6908)

[Web] Updated lang.pl-pl.json

[Web] Updated lang.pl-pl.json

Co-authored-by: Monika Bark <rychert.monika@wp.pl>
---
 data/web/lang/lang.pl-pl.json | 127 ++++++++++++++++++++++++++++++++--
 1 file changed, 120 insertions(+), 7 deletions(-)

diff --git a/data/web/lang/lang.pl-pl.json b/data/web/lang/lang.pl-pl.json
index 4d68d0dd0..b08b115a8 100644
--- a/data/web/lang/lang.pl-pl.json
+++ b/data/web/lang/lang.pl-pl.json
@@ -646,7 +646,35 @@
         "internal": "Wewnętrzny",
         "internal_info": "Aliasów wewnętrznych można używać tylko w obrębie własnej domeny lub domen aliasów.",
         "last_modified": "Ostatnio modyfikowany",
-        "lookup_mx": "Destination to wyrażenie regularne dopasowujące nazwę serwera MX (np. <code>.*.google.com</code> — aby kierować całą pocztę wysyłaną do MX kończących się na google.com przez ten hop)."
+        "lookup_mx": "Destination to wyrażenie regularne dopasowujące nazwę serwera MX (np. <code>.*.google.com</code> — aby kierować całą pocztę wysyłaną do MX kończących się na google.com przez ten hop).",
+        "pushover_title": "Tytuł powiadomienia",
+        "pushover_sound": "Dźwięk powiadomienia",
+        "pushover_vars": "Gdy nie zdefiniowano żadnego filtra nadawcy, brane będą pod uwagę wszystkie wiadomości. Filtry oparte na wyrażeniach regularnych (regex) oraz dokładne dopasowania nadawców można definiować indywidualnie — będą one przetwarzane kolejno, niezależnie od siebie. Dostępne zmienne do użycia w treści i tytule (należy pamiętać o zasadach ochrony danych osobowych).",
+        "pushover_verify": "Zweryfikuj dane logowania",
+        "quota_warning_bcc": "Ukryta kopia ostrzeżenia o przekroczeniu limitu",
+        "quota_warning_bcc_info": "Ostrzeżenia będą wysyłane jako osobne kopie do poniższych odbiorców. Temat wiadomości zostanie rozszerzony o nazwę użytkownika w nawiasach, na przykład: <code>Ostrzeżenie o limicie (user@example.com\n)</code>.",
+        "ratelimit": "Limit wysyłania",
+        "redirect_uri": "Adres przekierowania / adres zwrotny (Redirect/Callback URL)",
+        "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Informacja</div> **Możesz zdefiniować mapy transportu (transport maps) dla niestandardowego miejsca docelowego tej domeny.** Jeśli nie zostanie to ustawione, zostanie wykonane wyszukiwanie",
+        "relay_unknown_only": "Przekazuj (relay) tylko nieistniejące skrzynki pocztowe. Istniejące skrzynki będą dostarczane lokalnie.",
+        "relayhost": "Transporty przypisane do nadawcy",
+        "scope": "Zakres",
+        "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">Sprawdzanie nadawcy jest wyłączone</span>",
+        "sender_acl_info": "Jeżeli użytkownik skrzynki pocztowej A ma pozwolenie na wysyłkę jako użytkownik skrzynki B, adres nadawcy nie jest automatycznie wyświetlany jako opcja w polu „Od” w SOGo.<br>\nUżytkownik skrzynki B musi utworzyć delegację w SOGo, aby użytkownik A mógł wybrać ich adres jako nadawcę. Aby zdelegować skrzynkę w SOGo, użyj menu (trzy kropki) po prawej stronie nazwy skrzynki w lewym górnym rogu, będąc w widoku poczty. To zachowanie nie dotyczy adresów aliasów.",
+        "sieve_desc": "Krótki opis",
+        "sieve_type": "Typ filtra",
+        "skipcrossduplicates": "Pomijaj duplikaty wiadomości w różnych folderach (pierwsza napotkana wiadomość zostaje zachowana).",
+        "sogo_access": "Bezpośrednie przekazywanie do SOGo",
+        "sogo_access_info": "Po zalogowaniu użytkownik jest automatycznie przekierowywany do SOGo.",
+        "sogo_visible": "Alias jest widoczny w SOGO",
+        "sogo_visible_info": "Ta opcja dotyczy tylko obiektów, które mogą być wyświetlane w SOGo (aliasy współdzielone lub nie współdzielone, wskazujące przynajmniej na jedną lokalną skrzynkę).\nJeśli obiekt zostanie ukryty, alias nie będzie dostępny jako wybieralny nadawca w SOGo.",
+        "spam_alias": "Tworzenie lub zmiana ograniczonych czasowo adresów aliasów",
+        "spam_filter": "Filtr spam",
+        "spam_policy": "Dodaj lub usuń elementy z listy dozwolonych / zablokowanych",
+        "spam_score": "Ustaw własny poziom punktacji spamu",
+        "timeout1": "Limit czasu połączenia z serwerem zdalnym",
+        "timeout2": "Limit czasu połączenia z serwerem lokalnym",
+        "validate_save": "Zatwierdź i zapisz"
     },
     "footer": {
         "cancel": "Anuluj",
@@ -654,7 +682,14 @@
         "delete_now": "Usuń teraz",
         "delete_these_items": "Proszę potwierdzić zmiany w poniższym identyfikatorze obiektu",
         "loading": "Proszę czekać...",
-        "restart_now": "Uruchom ponownie teraz"
+        "restart_now": "Uruchom ponownie teraz",
+        "hibp_check": "Sprawdź w stosunku do haveibeenpwned.com",
+        "hibp_nok": "Dopasowano! To potencjalnie niebezpieczne hasło!",
+        "hibp_ok": "Nie znaleziono żadnego dopasowania.",
+        "nothing_selected": "Nic wybranego",
+        "restart_container": "Zresetuj kontener",
+        "restart_container_info": "<b>Ważne:</b> Łagodne ponowne uruchomienie może zająć trochę czasu — proszę poczekać na jego zakończenie.",
+        "restarting_container": "Ponowne uruchomienie kontenera, może to zająć trochę czasu"
     },
     "header": {
         "administration": "Administrowanie",
@@ -662,10 +697,16 @@
         "mailcow_config": "Konfiguracja",
         "quarantine": "Kwarantanna",
         "restart_sogo": "Uruchom ponownie SOGo",
-        "user_settings": "Ustawienia użytkownika"
+        "user_settings": "Ustawienia użytkownika",
+        "apps": "Aplikacje",
+        "debug": "Informacja",
+        "mailcow_system": "System",
+        "restart_netfilter": "Uruchom ponownie netfilter"
     },
     "info": {
-        "no_action": "Żadne działanie nie ma zastosowania"
+        "no_action": "Żadne działanie nie ma zastosowania",
+        "awaiting_tfa_confirmation": "Oczekiwanie na potwierdzenie TFA",
+        "session_expires": "Twoja sesja wygaśnie za około 15 sekund"
     },
     "login": {
         "delayed": "Logowanie zostało opóźnione o %s sekund.",
@@ -678,7 +719,18 @@
         "login_domainadmintext": "Zaloguj się jako administrator domeny",
         "login_admintext": "Zaloguj się jako admin",
         "other_logins": "lub zaloguj za pomocą",
-        "email": "Adres e-mail"
+        "email": "Adres e-mail",
+        "back_to_mailcow": "Wróć do mailcow",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
+        "invalid_pass_reset_token": "Token resetowania hasła jest nieprawidłowy lub wygasł.<br>Proszę poprosić o nowy link do resetowania hasła.",
+        "login_user": "Logowanie użytkownika",
+        "login_dadmin": "Logowanie administratora domeny",
+        "login_admin": "Login Administratora",
+        "mobileconfig_info": "Zaloguj się jako użytkownik skrzynki pocztowej, aby pobrać żądany profil połączenia Apple.",
+        "new_password": "Nowe hasło",
+        "new_password_confirm": "Potwierdź nowe hasło",
+        "reset_password": "Zresetuj hasło",
+        "request_reset_password": "Poproś o zmianę hasła"
     },
     "mailbox": {
         "action": "Działanie",
@@ -738,7 +790,48 @@
         "tls_enforce_out": "Uruchom TLS wychodzące",
         "toggle_all": "Zaznacz wszystkie",
         "username": "Nazwa użytkownika",
-        "weekly": "Co tydzień"
+        "weekly": "Co tydzień",
+        "add_alias_expand": "Rozszerz alias na domeny alias",
+        "add_bcc_entry": "Dodaj mapę BCC",
+        "add_filter": "Dodaj filtr",
+        "recipient_map_old_info": "Mapa odbiorcy (pierwotne miejsce docelowe) musi być prawidłowym adresem e-mail lub nazwą domeny.",
+        "recipient_maps": "Mapy odbiorców",
+        "relay_unknown": "Przekazuj nieznane skrzynki pocztowe",
+        "running": "Uruchomione",
+        "sender": "Nadawca",
+        "set_postfilter": "Oznacz jako postfilter",
+        "set_prefilter": "Oznacz jako prefilter",
+        "sieve_info": "Możesz przechowywać wiele filtrów dla każdego użytkownika, jednak w danym momencie aktywny może być tylko jeden prefilter i jeden postfilter<br>\nKażdy filtr będzie przetwarzany w opisanej kolejności. Ani błędny skrypt, ani polecenie „keep;” nie zatrzymają przetwarzania kolejnych skryptów.\nZmiany w globalnych skryptach Sieve spowodują ponowne uruchomienie usługi Dovecot.<br><br>\nGlobalny prefiltr Sieve • Prefilter • Skrypty użytkownika • Postfilter • Globalny postfilter Sieve",
+        "sieve_preset_1": "Odrzuć pocztę z prawdopodobnymi niebezpiecznymi typami plików",
+        "sieve_preset_2": "Zawsze zaznaczaj e-mail konkretnego nadawcy jako odczytane",
+        "sieve_preset_3": "Odrzuć po cichu, zatrzymaj cały proces sieve",
+        "sieve_preset_4": "Plik do INBOX, pomiń dalszy proces przez filtry sieve",
+        "sieve_preset_5": "Automatyczna odpowiedź (urlopowa)",
+        "sieve_preset_6": "Odrzuć pocztę z odpowiedzią",
+        "sieve_preset_7": "Przekierowanie wiadomości z możliwością zachowania lub usunięcia kopii",
+        "sieve_preset_8": "Przekieruj wiadomość e-mail od określonego nadawcy, oznacz jako odczytaną i posortuj do podfoldera",
+        "sieve_preset_header": "Zbacz przykładowe ustawienia poniżej. Więcej szczegółów znajdziesz w <a href=\"https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)\" target=\"_blank\">Wikipedii</a>.",
+        "sogo_visible": "Alias jest widoczny w SOGo",
+        "sogo_visible_n": "Ukryj alias w SOGo",
+        "sogo_visible_y": "Pokaż alias w SOGo",
+        "stats": "Statystyki",
+        "status": "Status",
+        "syncjob_check_log": "Sprawdź log",
+        "syncjob_last_run_result": "Wynik ostatniego uruchomienia",
+        "syncjob_EX_OK": "Sukces",
+        "syncjob_EXIT_CONNECTION_FAILURE": "Problem z połączeniem",
+        "syncjob_EXIT_TLS_FAILURE": "Problem z szyfrowanym połączeniem",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Problem uwierzytelniania",
+        "syncjob_EXIT_OVERQUOTA": "Docelowa skrzynka pocztowa przekroczyła limit pojemności",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Nie można połączyć się ze zdalnym serwerem",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Niewłaściwa nazwa użytkownika lub hasło",
+        "table_size": "Rozmiar tabeli",
+        "table_size_show_n": "Pokaż %s elementy",
+        "templates": "Szablony",
+        "template": "Szablon",
+        "tls_map_dest": "Miejsce docelowe",
+        "tls_map_dest_info": "Przykłady: example.org, .example.org, [mail.example.org]:25",
+        "tls_map_parameters": "Parametry"
     },
     "quarantine": {
         "action": "Działanie",
@@ -749,7 +842,12 @@
         "toggle_all": "Zaznacz wszystkie",
         "confirm_delete": "Potwierdź usunięcie tego elementu.",
         "learn_spam_delete": "Zapamiętaj jako spam i usuwaj w przyszłości",
-        "quick_delete_link": "Otwórz szybki link do usuwania"
+        "quick_delete_link": "Otwórz szybki link do usuwania",
+        "refresh": "Odśwież",
+        "rejected": "Odrzucony",
+        "release": "Zwolnij",
+        "release_body": "Dołączyliśmy Twoją wiadomość jako plik eml do tej wiadomości.",
+        "release_subject": "Potencjalnie szkodliwa pozycja kwarantanny %s"
     },
     "queue": {
         "queue_manager": "Menedżer kolejki",
@@ -1084,5 +1182,20 @@
         "dns_records_status": "Aktualny stan",
         "dns_records_type": "Typ",
         "optional": "Ten rekord jest opcjonalny."
+    },
+    "fido2": {
+        "confirm": "Potwierdź",
+        "fido2_auth": "Logowanie za pomocą FIDO2",
+        "fido2_success": "Urządzenie pomyślnie zarejestrowane",
+        "fido2_validation_failed": "Walidacja nie powiodła się",
+        "fn": "Przyjazna nazwa FIDO",
+        "known_ids": "Znane Id",
+        "none": "Wyłączony",
+        "register_status": "Status rejestracji",
+        "rename": "Zmień nazwę",
+        "set_fido2": "Zarejestruj urządzenie FIDO2",
+        "set_fido2_touchid": "Zarejestruj Touch ID w Apple M1",
+        "set_fn": "Ustaw przyjazną nazwę w FIDO",
+        "start_fido2_validation": "Rozpocznij walidację FIDO2"
     }
 }

From ec472f13cf6b974818a4a13d2388215bd68b528c Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 12 Nov 2025 09:50:41 +0100
Subject: [PATCH 727/755] sogo: removed URLDecrpytion by default, make it
 configurable in sogo.conf

---
 data/Dockerfiles/sogo/bootstrap-sogo.sh | 4 ----
 data/conf/sogo/sogo.conf                | 6 ++++++
 docker-compose.yml                      | 3 ++-
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/data/Dockerfiles/sogo/bootstrap-sogo.sh b/data/Dockerfiles/sogo/bootstrap-sogo.sh
index af7d2a4db..96d8a6919 100755
--- a/data/Dockerfiles/sogo/bootstrap-sogo.sh
+++ b/data/Dockerfiles/sogo/bootstrap-sogo.sh
@@ -50,10 +50,6 @@ cat <<EOF > /var/lib/sogo/GNUstep/Defaults/sogod.plist
     <string>YES</string>
     <key>SOGoEncryptionKey</key>
     <string>${RAND_PASS}</string>
-    <key>SOGoURLEncryptionEnabled</key>
-    <string>YES</string>
-    <key>SOGoURLEncryptionPassphrase</key>
-    <string>${SOGO_URL_ENCRYPTION_KEY}</string>
     <key>OCSAdminURL</key>
     <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_admin</string>
     <key>OCSCacheFolderURL</key>
diff --git a/data/conf/sogo/sogo.conf b/data/conf/sogo/sogo.conf
index 2c8d80a12..6854569f5 100644
--- a/data/conf/sogo/sogo.conf
+++ b/data/conf/sogo/sogo.conf
@@ -86,6 +86,12 @@
     SOGoMaximumFailedLoginInterval = 900;
     SOGoFailedLoginBlockInterval = 900;
 
+    // Enable SOGo URL Description for GDPR compliance, this may cause some issues with calendars and contacts. Also uncomment the encryption key below to use it.
+    //SOGoURLEncryptionEnabled = NO;
+
+    // Set a 16 character encryption key for SOGo URL Description, change this to your own value
+    //SOGoURLPathEncryptionKey = "SOGoSuperSecret0";
+
     GCSChannelCollectionTimer = 60;
     GCSChannelExpireAge = 60;
 
diff --git a/docker-compose.yml b/docker-compose.yml
index f38b8937c..317fba269 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -200,7 +200,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: ghcr.io/mailcow/sogo:1.136
+      image: ghcr.io/mailcow/sogo:5.12.4
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}
@@ -681,3 +681,4 @@ volumes:
   sogo-web-vol-1:
   sogo-userdata-backup-vol-1:
   clamd-db-vol-1:
+  mlmmj-vol-1:

From 88adb1adf559ac08cd6a66434783a520f1dfc78c Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 12 Nov 2025 09:54:35 +0100
Subject: [PATCH 728/755] remove dev docker volume from upstream

---
 docker-compose.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 317fba269..0522a6a2b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -681,4 +681,3 @@ volumes:
   sogo-web-vol-1:
   sogo-userdata-backup-vol-1:
   clamd-db-vol-1:
-  mlmmj-vol-1:

From 1b833be760a5e48b9f4d4eb97495ae9c9a4696c8 Mon Sep 17 00:00:00 2001
From: Claas Flint <claas.flint@akator.de>
Date: Wed, 12 Nov 2025 10:06:36 +0100
Subject: [PATCH 729/755] Replace pigz with zstd for backup compression (#6897)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Replace pigz with zstd for backup compression

This change replaces pigz (parallel gzip) with zstd (Zstandard) as the
compression algorithm for mailcow backups while maintaining full backward
compatibility with existing .tar.gz backups.

Benefits:
- Better compression ratios (12-37% improvement in tests)
- Improved compression speed with modern algorithm
- Maintains rsyncable functionality for incremental backups
- Full backward compatibility for restoring old .tar.gz backups
- Wide industry adoption and active development

Changes:
- Backup compression: pigz --rsyncable -p → zstd --rsyncable -T
- Backup decompression: pigz -d -p → zstd -d -T
- File extensions: .tar.gz → .tar.zst
- Added get_archive_info() function for intelligent format detection
- Updated backup Dockerfile to install zstd alongside pigz
- Restore function now auto-detects and handles both formats
- Updated FILE_SELECTION regex to recognize both .tar.zst and .tar.gz
- Updated comments to reflect new file extension

Backward Compatibility:
- Restore automatically detects .tar.zst (preferred) or .tar.gz (legacy)
- Existing .tar.gz backups can still be restored without issues
- pigz remains installed in backup image for legacy support
- Graceful fallback if backup file format not found

Testing:
- Added comprehensive test suite (test_backup_and_restore.sh)
- 12 automated tests covering all scenarios:
  * Backup creation (both formats)
  * Restore (both formats)
  * Format detection and priority
  * Error handling (missing files, empty dirs)
  * Content integrity verification
  * Multi-threading configuration
  * Large file compression (8.59 MB realistic data)

Test Results:
✓ zstd compression working
✓ pigz compression working (legacy)
✓ zstd decompression working
✓ pigz decompression working (backward compatible)
✓ Archive detection working
✓ Content integrity verified
✓ Format priority correct (.tar.zst preferred)
✓ Error handling for missing files
✓ Error handling for empty directories
✓ Multi-threading configuration verified
✓ Large file compression: 37.05% improvement
✓ Small file compression: 12.18% improvement

* move testing script into development folder

---------

Co-authored-by: DerLinkman <niklas.meyer@servercow.de>
---
 data/Dockerfiles/backup/Dockerfile            |   2 +-
 helper-scripts/backup_and_restore.sh          | 123 +++++--
 .../dev_tests/test_backup_and_restore.sh      | 301 ++++++++++++++++++
 3 files changed, 390 insertions(+), 36 deletions(-)
 create mode 100755 helper-scripts/dev_tests/test_backup_and_restore.sh

diff --git a/data/Dockerfiles/backup/Dockerfile b/data/Dockerfiles/backup/Dockerfile
index 6234e725b..7f989c399 100644
--- a/data/Dockerfiles/backup/Dockerfile
+++ b/data/Dockerfiles/backup/Dockerfile
@@ -1,3 +1,3 @@
 FROM debian:bookworm-slim
 
-RUN apt update && apt install pigz -y --no-install-recommends
\ No newline at end of file
+RUN apt update && apt install pigz zstd -y --no-install-recommends
\ No newline at end of file
diff --git a/helper-scripts/backup_and_restore.sh b/helper-scripts/backup_and_restore.sh
index c7615c294..7b75272cf 100755
--- a/helper-scripts/backup_and_restore.sh
+++ b/helper-scripts/backup_and_restore.sh
@@ -110,32 +110,32 @@ function backup() {
       docker run --name mailcow-backup --rm \
         -v ${BACKUP_LOCATION}/mailcow-${DATE}:/backup:z \
         -v $(docker volume ls -qf name=^${CMPS_PRJ}_vmail-vol-1$):/vmail:ro,z \
-        ${DEBIAN_DOCKER_IMAGE} /bin/tar --warning='no-file-ignored' --use-compress-program="pigz --rsyncable -p ${THREADS}" -Pcvpf /backup/backup_vmail.tar.gz /vmail
+        ${DEBIAN_DOCKER_IMAGE} /bin/tar --warning='no-file-ignored' --use-compress-program="zstd --rsyncable -T${THREADS}" -Pcvpf /backup/backup_vmail.tar.zst /vmail
       ;;&
     crypt|all)
       docker run --name mailcow-backup --rm \
         -v ${BACKUP_LOCATION}/mailcow-${DATE}:/backup:z \
         -v $(docker volume ls -qf name=^${CMPS_PRJ}_crypt-vol-1$):/crypt:ro,z \
-        ${DEBIAN_DOCKER_IMAGE} /bin/tar --warning='no-file-ignored' --use-compress-program="pigz --rsyncable -p ${THREADS}" -Pcvpf /backup/backup_crypt.tar.gz /crypt
+        ${DEBIAN_DOCKER_IMAGE} /bin/tar --warning='no-file-ignored' --use-compress-program="zstd --rsyncable -T${THREADS}" -Pcvpf /backup/backup_crypt.tar.zst /crypt
       ;;&
     redis|all)
       docker exec $(docker ps -qf name=redis-mailcow) redis-cli -a ${REDISPASS} --no-auth-warning save
       docker run --name mailcow-backup --rm \
         -v ${BACKUP_LOCATION}/mailcow-${DATE}:/backup:z \
         -v $(docker volume ls -qf name=^${CMPS_PRJ}_redis-vol-1$):/redis:ro,z \
-        ${DEBIAN_DOCKER_IMAGE} /bin/tar --warning='no-file-ignored' --use-compress-program="pigz --rsyncable -p ${THREADS}" -Pcvpf /backup/backup_redis.tar.gz /redis
+        ${DEBIAN_DOCKER_IMAGE} /bin/tar --warning='no-file-ignored' --use-compress-program="zstd --rsyncable -T${THREADS}" -Pcvpf /backup/backup_redis.tar.zst /redis
       ;;&
     rspamd|all)
       docker run --name mailcow-backup --rm \
         -v ${BACKUP_LOCATION}/mailcow-${DATE}:/backup:z \
         -v $(docker volume ls -qf name=^${CMPS_PRJ}_rspamd-vol-1$):/rspamd:ro,z \
-        ${DEBIAN_DOCKER_IMAGE} /bin/tar --warning='no-file-ignored' --use-compress-program="pigz --rsyncable -p ${THREADS}" -Pcvpf /backup/backup_rspamd.tar.gz /rspamd
+        ${DEBIAN_DOCKER_IMAGE} /bin/tar --warning='no-file-ignored' --use-compress-program="zstd --rsyncable -T${THREADS}" -Pcvpf /backup/backup_rspamd.tar.zst /rspamd
       ;;&
     postfix|all)
       docker run --name mailcow-backup --rm \
         -v ${BACKUP_LOCATION}/mailcow-${DATE}:/backup:z \
         -v $(docker volume ls -qf name=^${CMPS_PRJ}_postfix-vol-1$):/postfix:ro,z \
-        ${DEBIAN_DOCKER_IMAGE} /bin/tar --warning='no-file-ignored' --use-compress-program="pigz --rsyncable -p ${THREADS}" -Pcvpf /backup/backup_postfix.tar.gz /postfix
+        ${DEBIAN_DOCKER_IMAGE} /bin/tar --warning='no-file-ignored' --use-compress-program="zstd --rsyncable -T${THREADS}" -Pcvpf /backup/backup_postfix.tar.zst /postfix
       ;;&
     mysql|all)
       SQLIMAGE=$(grep -iEo '(mysql|mariadb)\:.+' ${COMPOSE_FILE})
@@ -154,7 +154,7 @@ function backup() {
           ${SQLIMAGE} /bin/sh -c "mariabackup --host mysql --user root --password ${DBROOT} --backup --rsync --target-dir=/backup_mariadb ; \
           mariabackup --prepare --target-dir=/backup_mariadb ; \
           chown -R 999:999 /backup_mariadb ; \
-          /bin/tar --warning='no-file-ignored' --use-compress-program='gzip --rsyncable' -Pcvpf /backup/backup_mariadb.tar.gz /backup_mariadb ;"
+          /bin/tar --warning='no-file-ignored' --use-compress-program='zstd --rsyncable' -Pcvpf /backup/backup_mariadb.tar.zst /backup_mariadb ;"
       fi
       ;;&
     --delete-days)
@@ -170,6 +170,19 @@ function backup() {
   done
 }
 
+function get_archive_info() {
+  local backup_name="$1"
+  local location="$2"
+
+  if [[ -f "${location}/${backup_name}.tar.zst" ]]; then
+    echo "${backup_name}.tar.zst|zstd -d -T${THREADS}"
+  elif [[ -f "${location}/${backup_name}.tar.gz" ]]; then
+    echo "${backup_name}.tar.gz|pigz -d -p ${THREADS}"
+  else
+    echo ""
+  fi
+}
+
 function restore() {
   for bin in docker; do
   if [[ -z $(which ${bin}) ]]; then
@@ -199,10 +212,17 @@ function restore() {
     case "$1" in
     vmail)
       docker stop $(docker ps -qf name=dovecot-mailcow)
-      docker run -i --name mailcow-backup --rm \
-        -v ${RESTORE_LOCATION}:/backup:z \
-        -v $(docker volume ls -qf name=^${CMPS_PRJ}_vmail-vol-1$):/vmail:z \
-        ${DEBIAN_DOCKER_IMAGE} /bin/tar --use-compress-program="pigz -d -p ${THREADS}" -Pxvf /backup/backup_vmail.tar.gz
+      ARCHIVE_INFO=$(get_archive_info "backup_vmail" "${RESTORE_LOCATION}")
+      if [[ -z "${ARCHIVE_INFO}" ]]; then
+        echo -e "\e[31mError: No backup file found for vmail (searched for .tar.zst and .tar.gz)\e[0m"
+      else
+        ARCHIVE_FILE=$(echo "${ARCHIVE_INFO}" | cut -d'|' -f1)
+        DECOMPRESS_PROG=$(echo "${ARCHIVE_INFO}" | cut -d'|' -f2)
+        docker run -i --name mailcow-backup --rm \
+          -v ${RESTORE_LOCATION}:/backup:z \
+          -v $(docker volume ls -qf name=^${CMPS_PRJ}_vmail-vol-1$):/vmail:z \
+          ${DEBIAN_DOCKER_IMAGE} /bin/tar --use-compress-program="${DECOMPRESS_PROG}" -Pxvf /backup/${ARCHIVE_FILE}
+      fi
       docker start $(docker ps -aqf name=dovecot-mailcow)
       echo
       echo "In most cases it is not required to run a full resync, you can run the command printed below at any time after testing wether the restore process broke a mailbox:"
@@ -218,31 +238,50 @@ function restore() {
       ;;
     redis)
       docker stop $(docker ps -qf name=redis-mailcow)
-      docker run -i --name mailcow-backup --rm \
-        -v ${RESTORE_LOCATION}:/backup:z \
-        -v $(docker volume ls -qf name=^${CMPS_PRJ}_redis-vol-1$):/redis:z \
-        ${DEBIAN_DOCKER_IMAGE} /bin/tar --use-compress-program="pigz -d -p ${THREADS}" -Pxvf /backup/backup_redis.tar.gz
+      ARCHIVE_INFO=$(get_archive_info "backup_redis" "${RESTORE_LOCATION}")
+      if [[ -z "${ARCHIVE_INFO}" ]]; then
+        echo -e "\e[31mError: No backup file found for redis (searched for .tar.zst and .tar.gz)\e[0m"
+      else
+        ARCHIVE_FILE=$(echo "${ARCHIVE_INFO}" | cut -d'|' -f1)
+        DECOMPRESS_PROG=$(echo "${ARCHIVE_INFO}" | cut -d'|' -f2)
+        docker run -i --name mailcow-backup --rm \
+          -v ${RESTORE_LOCATION}:/backup:z \
+          -v $(docker volume ls -qf name=^${CMPS_PRJ}_redis-vol-1$):/redis:z \
+          ${DEBIAN_DOCKER_IMAGE} /bin/tar --use-compress-program="${DECOMPRESS_PROG}" -Pxvf /backup/${ARCHIVE_FILE}
+      fi
       docker start $(docker ps -aqf name=redis-mailcow)
       ;;
     crypt)
       docker stop $(docker ps -qf name=dovecot-mailcow)
-      docker run -i --name mailcow-backup --rm \
-        -v ${RESTORE_LOCATION}:/backup:z \
-        -v $(docker volume ls -qf name=^${CMPS_PRJ}_crypt-vol-1$):/crypt:z \
-        ${DEBIAN_DOCKER_IMAGE} /bin/tar --use-compress-program="pigz -d -p ${THREADS}" -Pxvf /backup/backup_crypt.tar.gz
+      ARCHIVE_INFO=$(get_archive_info "backup_crypt" "${RESTORE_LOCATION}")
+      if [[ -z "${ARCHIVE_INFO}" ]]; then
+        echo -e "\e[31mError: No backup file found for crypt (searched for .tar.zst and .tar.gz)\e[0m"
+      else
+        ARCHIVE_FILE=$(echo "${ARCHIVE_INFO}" | cut -d'|' -f1)
+        DECOMPRESS_PROG=$(echo "${ARCHIVE_INFO}" | cut -d'|' -f2)
+        docker run -i --name mailcow-backup --rm \
+          -v ${RESTORE_LOCATION}:/backup:z \
+          -v $(docker volume ls -qf name=^${CMPS_PRJ}_crypt-vol-1$):/crypt:z \
+          ${DEBIAN_DOCKER_IMAGE} /bin/tar --use-compress-program="${DECOMPRESS_PROG}" -Pxvf /backup/${ARCHIVE_FILE}
+      fi
       docker start $(docker ps -aqf name=dovecot-mailcow)
       ;;
     rspamd)
-      if [[ $(find "${RESTORE_LOCATION}" \( -name '*x86*' -o -name '*aarch*' \) -exec basename {} \; | sed 's/^\.//' | sed 's/^\.//') == "" ]]; then
+      ARCHIVE_INFO=$(get_archive_info "backup_rspamd" "${RESTORE_LOCATION}")
+      if [[ -z "${ARCHIVE_INFO}" ]]; then
+        echo -e "\e[31mError: No backup file found for rspamd (searched for .tar.zst and .tar.gz)\e[0m"
+      elif [[ $(find "${RESTORE_LOCATION}" \( -name '*x86*' -o -name '*aarch*' \) -exec basename {} \; | sed 's/^\.//' | sed 's/^\.//') == "" ]]; then
         echo -e "\e[33mCould not find a architecture signature of the loaded backup... Maybe the backup was done before the multiarch update?"
         sleep 2
         echo -e "Continuing anyhow. If rspamd is crashing upon boot try remove the rspamd volume with docker volume rm ${CMPS_PRJ}_rspamd-vol-1 after you've stopped the stack.\e[0m"
         sleep 2
         docker stop $(docker ps -qf name=rspamd-mailcow)
+        ARCHIVE_FILE=$(echo "${ARCHIVE_INFO}" | cut -d'|' -f1)
+        DECOMPRESS_PROG=$(echo "${ARCHIVE_INFO}" | cut -d'|' -f2)
         docker run -i --name mailcow-backup --rm \
           -v ${RESTORE_LOCATION}:/backup:z \
           -v $(docker volume ls -qf name=^${CMPS_PRJ}_rspamd-vol-1$):/rspamd:z \
-          ${DEBIAN_DOCKER_IMAGE} /bin/tar --use-compress-program="pigz -d -p ${THREADS}" -Pxvf /backup/backup_rspamd.tar.gz
+          ${DEBIAN_DOCKER_IMAGE} /bin/tar --use-compress-program="${DECOMPRESS_PROG}" -Pxvf /backup/${ARCHIVE_FILE}
         docker start $(docker ps -aqf name=rspamd-mailcow)
       elif [[ $ARCH != $(find "${RESTORE_LOCATION}" \( -name '*x86*' -o -name '*aarch*' \) -exec basename {} \; | sed 's/^\.//' | sed 's/^\.//') ]]; then
         echo -e "\e[31mThe Architecture of the backed up mailcow OS is different then your restoring mailcow OS..."
@@ -250,19 +289,28 @@ function restore() {
         echo -e "Skipping rspamd due to compatibility issues!\e[0m"
       else
         docker stop $(docker ps -qf name=rspamd-mailcow)
+        ARCHIVE_FILE=$(echo "${ARCHIVE_INFO}" | cut -d'|' -f1)
+        DECOMPRESS_PROG=$(echo "${ARCHIVE_INFO}" | cut -d'|' -f2)
         docker run -i --name mailcow-backup --rm \
           -v ${RESTORE_LOCATION}:/backup:z \
           -v $(docker volume ls -qf name=^${CMPS_PRJ}_rspamd-vol-1$):/rspamd:z \
-          ${DEBIAN_DOCKER_IMAGE} /bin/tar --use-compress-program="pigz -d -p ${THREADS}" -Pxvf /backup/backup_rspamd.tar.gz
+          ${DEBIAN_DOCKER_IMAGE} /bin/tar --use-compress-program="${DECOMPRESS_PROG}" -Pxvf /backup/${ARCHIVE_FILE}
         docker start $(docker ps -aqf name=rspamd-mailcow)
       fi
       ;;
     postfix)
       docker stop $(docker ps -qf name=postfix-mailcow)
-      docker run -i --name mailcow-backup --rm \
-        -v ${RESTORE_LOCATION}:/backup:z \
-        -v $(docker volume ls -qf name=^${CMPS_PRJ}_postfix-vol-1$):/postfix:z \
-        ${DEBIAN_DOCKER_IMAGE} /bin/tar --use-compress-program="pigz -d -p ${THREADS}" -Pxvf /backup/backup_postfix.tar.gz
+      ARCHIVE_INFO=$(get_archive_info "backup_postfix" "${RESTORE_LOCATION}")
+      if [[ -z "${ARCHIVE_INFO}" ]]; then
+        echo -e "\e[31mError: No backup file found for postfix (searched for .tar.zst and .tar.gz)\e[0m"
+      else
+        ARCHIVE_FILE=$(echo "${ARCHIVE_INFO}" | cut -d'|' -f1)
+        DECOMPRESS_PROG=$(echo "${ARCHIVE_INFO}" | cut -d'|' -f2)
+        docker run -i --name mailcow-backup --rm \
+          -v ${RESTORE_LOCATION}:/backup:z \
+          -v $(docker volume ls -qf name=^${CMPS_PRJ}_postfix-vol-1$):/postfix:z \
+          ${DEBIAN_DOCKER_IMAGE} /bin/tar --use-compress-program="${DECOMPRESS_PROG}" -Pxvf /backup/${ARCHIVE_FILE}
+      fi
       docker start $(docker ps -aqf name=postfix-mailcow)
       ;;
     mysql|mariadb)
@@ -305,14 +353,19 @@ function restore() {
           echo Restoring... && \
           gunzip < backup/backup_mysql.gz | mysql -uroot && \
           mysql -uroot -e SHUTDOWN;"
-        elif [[ -f "${RESTORE_LOCATION}/backup_mariadb.tar.gz" ]]; then
-        docker run --name mailcow-backup --rm \
-          -v $(docker volume ls -qf name=^${CMPS_PRJ}_mysql-vol-1$):/backup_mariadb/:rw,z \
-          --entrypoint= \
-          -v ${RESTORE_LOCATION}:/backup:z \
-          ${SQLIMAGE} /bin/bash -c "shopt -s dotglob ; \
-            /bin/rm -rf /backup_mariadb/* ; \
-            /bin/tar -Pxvzf /backup/backup_mariadb.tar.gz"
+        else
+          ARCHIVE_INFO=$(get_archive_info "backup_mariadb" "${RESTORE_LOCATION}")
+          if [[ -n "${ARCHIVE_INFO}" ]]; then
+            ARCHIVE_FILE=$(echo "${ARCHIVE_INFO}" | cut -d'|' -f1)
+            DECOMPRESS_PROG=$(echo "${ARCHIVE_INFO}" | cut -d'|' -f2)
+            docker run --name mailcow-backup --rm \
+              -v $(docker volume ls -qf name=^${CMPS_PRJ}_mysql-vol-1$):/backup_mariadb/:rw,z \
+              --entrypoint= \
+              -v ${RESTORE_LOCATION}:/backup:z \
+              ${SQLIMAGE} /bin/bash -c "shopt -s dotglob ; \
+                /bin/rm -rf /backup_mariadb/* ; \
+                /bin/tar --use-compress-program='${DECOMPRESS_PROG}' -Pxvf /backup/${ARCHIVE_FILE}"
+          fi
         fi
         echo "Modifying mailcow.conf..."
         source ${RESTORE_LOCATION}/mailcow.conf
@@ -363,8 +416,8 @@ elif [[ ${1} == "restore" ]]; then
   fi
 
   echo "[ 0 ] - all"
-  # find all files in folder with *.gz extension, print their base names, remove backup_, remove .tar (if present), remove .gz
-  FILE_SELECTION[0]=$(find "${FOLDER_SELECTION[${input_sel}]}" -maxdepth 1 \( -type d -o -type f \) \( -name '*.gz' -o -name 'mysql' \) -printf '%f\n' | sed 's/backup_*//' | sed 's/\.[^.]*$//' | sed 's/\.[^.]*$//')
+  # find all files in folder with *.zst or *.gz extension, print their base names, remove backup_, remove .tar (if present), remove .zst/.gz
+  FILE_SELECTION[0]=$(find "${FOLDER_SELECTION[${input_sel}]}" -maxdepth 1 \( -type d -o -type f \) \( -name '*.zst' -o -name '*.gz' -o -name 'mysql' \) -printf '%f\n' | sed 's/backup_*//' | sed 's/\.[^.]*$//' | sed 's/\.[^.]*$//' | sort -u)
   for file in $(ls -f "${FOLDER_SELECTION[${input_sel}]}"); do
     if [[ ${file} =~ vmail ]]; then
       echo "[ ${i} ] - Mail directory (/var/vmail)"
diff --git a/helper-scripts/dev_tests/test_backup_and_restore.sh b/helper-scripts/dev_tests/test_backup_and_restore.sh
new file mode 100755
index 000000000..3e39d0dbf
--- /dev/null
+++ b/helper-scripts/dev_tests/test_backup_and_restore.sh
@@ -0,0 +1,301 @@
+#!/usr/bin/env bash
+
+# Test script for backup_and_restore.sh
+# Tests backward compatibility with .tar.gz and new .tar.zst format
+
+set -e
+
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+BACKUP_IMAGE="${BACKUP_IMAGE:-ghcr.io/mailcow/backup:latest}"
+TEST_DIR="/tmp/mailcow_backup_test_$$"
+THREADS=2
+
+echo "=== Mailcow Backup & Restore Test Suite ==="
+echo "Test directory: ${TEST_DIR}"
+echo "Backup image: ${BACKUP_IMAGE}"
+echo ""
+
+# Cleanup function
+cleanup() {
+  echo "Cleaning up test files..."
+  rm -rf "${TEST_DIR}"
+  docker rmi mailcow-backup-test 2>/dev/null || true
+}
+trap cleanup EXIT
+
+# Create test directory structure
+mkdir -p "${TEST_DIR}"/{test_data,backup_zst,backup_gz,restore_zst,restore_gz,backup_large_zst,backup_large_gz}
+echo "Test data for mailcow backup compatibility test" > "${TEST_DIR}/test_data/test.txt"
+echo "Additional file to verify complete restore" > "${TEST_DIR}/test_data/test2.txt"
+
+# Build test backup image with zstd support
+echo "=== Building backup image with zstd support ==="
+docker build -t mailcow-backup-test "${SCRIPT_DIR}/../data/Dockerfiles/backup/" || {
+  echo "ERROR: Failed to build backup image"
+  exit 1
+}
+
+# Test 1: Create .tar.zst backup
+echo ""
+echo "=== Test 1: Creating .tar.zst backup ==="
+docker run --rm \
+  -w /data \
+  -v "${TEST_DIR}/test_data:/data:ro" \
+  -v "${TEST_DIR}/backup_zst:/backup" \
+  mailcow-backup-test \
+  /bin/tar --use-compress-program="zstd --rsyncable -T${THREADS}" \
+  -cvpf /backup/backup_test.tar.zst . \
+  > /dev/null
+echo "✓ .tar.zst backup created: $(ls -lh ${TEST_DIR}/backup_zst/backup_test.tar.zst | awk '{print $5}')"
+
+# Test 2: Create .tar.gz backup
+echo ""
+echo "=== Test 2: Creating .tar.gz backup (legacy) ==="
+docker run --rm \
+  -w /data \
+  -v "${TEST_DIR}/test_data:/data:ro" \
+  -v "${TEST_DIR}/backup_gz:/backup" \
+  mailcow-backup-test \
+  /bin/tar --use-compress-program="pigz --rsyncable -p ${THREADS}" \
+  -cvpf /backup/backup_test.tar.gz . \
+  > /dev/null
+echo "✓ .tar.gz backup created: $(ls -lh ${TEST_DIR}/backup_gz/backup_test.tar.gz | awk '{print $5}')"
+
+# Test 3: Test get_archive_info function
+echo ""
+echo "=== Test 3: Testing get_archive_info function ==="
+
+# Extract and test the function directly
+get_archive_info() {
+  local backup_name="$1"
+  local location="$2"
+
+  if [[ -f "${location}/${backup_name}.tar.zst" ]]; then
+    echo "${backup_name}.tar.zst|zstd -d -T${THREADS}"
+  elif [[ -f "${location}/${backup_name}.tar.gz" ]]; then
+    echo "${backup_name}.tar.gz|pigz -d -p ${THREADS}"
+  else
+    echo ""
+  fi
+}
+
+# Test with .tar.zst
+result=$(get_archive_info "backup_test" "${TEST_DIR}/backup_zst")
+if [[ "${result}" =~ "zstd" ]]; then
+  echo "✓ Correctly detects .tar.zst and returns zstd decompressor"
+else
+  echo "✗ Failed to detect .tar.zst"
+  exit 1
+fi
+
+# Test with .tar.gz
+result=$(get_archive_info "backup_test" "${TEST_DIR}/backup_gz")
+if [[ "${result}" =~ "pigz" ]]; then
+  echo "✓ Correctly detects .tar.gz and returns pigz decompressor"
+else
+  echo "✗ Failed to detect .tar.gz"
+  exit 1
+fi
+
+# Test with no file
+result=$(get_archive_info "backup_test" "${TEST_DIR}")
+if [[ -z "${result}" ]]; then
+  echo "✓ Correctly returns empty when no backup file found"
+else
+  echo "✗ Should return empty but got: ${result}"
+  exit 1
+fi
+
+# Test 4: Restore from .tar.zst
+echo ""
+echo "=== Test 4: Restoring from .tar.zst ==="
+docker run --rm \
+  -w /restore \
+  -v "${TEST_DIR}/backup_zst:/backup:ro" \
+  -v "${TEST_DIR}/restore_zst:/restore" \
+  mailcow-backup-test \
+  /bin/tar --use-compress-program="zstd -d -T${THREADS}" -xvpf /backup/backup_test.tar.zst \
+  > /dev/null 2>&1
+
+if [[ -f "${TEST_DIR}/restore_zst/test.txt" ]] && \
+   [[ -f "${TEST_DIR}/restore_zst/test2.txt" ]]; then
+  echo "✓ Successfully restored from .tar.zst"
+else
+  echo "✗ Failed to restore from .tar.zst"
+  ls -la "${TEST_DIR}/restore_zst/" || true
+  exit 1
+fi
+
+# Test 5: Restore from .tar.gz
+echo ""
+echo "=== Test 5: Restoring from .tar.gz (backward compatibility) ==="
+docker run --rm \
+  -w /restore \
+  -v "${TEST_DIR}/backup_gz:/backup:ro" \
+  -v "${TEST_DIR}/restore_gz:/restore" \
+  mailcow-backup-test \
+  /bin/tar --use-compress-program="pigz -d -p ${THREADS}" -xvpf /backup/backup_test.tar.gz \
+  > /dev/null 2>&1
+
+if [[ -f "${TEST_DIR}/restore_gz/test.txt" ]] && \
+   [[ -f "${TEST_DIR}/restore_gz/test2.txt" ]]; then
+  echo "✓ Successfully restored from .tar.gz (backward compatible)"
+else
+  echo "✗ Failed to restore from .tar.gz"
+  ls -la "${TEST_DIR}/restore_gz/" || true
+  exit 1
+fi
+
+# Test 6: Verify content integrity
+echo ""
+echo "=== Test 6: Verifying content integrity ==="
+original_content=$(cat "${TEST_DIR}/test_data/test.txt")
+zst_content=$(cat "${TEST_DIR}/restore_zst/test.txt")
+gz_content=$(cat "${TEST_DIR}/restore_gz/test.txt")
+
+if [[ "${original_content}" == "${zst_content}" ]] && \
+   [[ "${original_content}" == "${gz_content}" ]]; then
+  echo "✓ Content integrity verified for both formats"
+else
+  echo "✗ Content mismatch detected"
+  exit 1
+fi
+
+# Test 7: Compare compression ratios
+echo ""
+echo "=== Test 7: Compression comparison ==="
+zst_size=$(stat -f%z "${TEST_DIR}/backup_zst/backup_test.tar.zst" 2>/dev/null || stat -c%s "${TEST_DIR}/backup_zst/backup_test.tar.zst")
+gz_size=$(stat -f%z "${TEST_DIR}/backup_gz/backup_test.tar.gz" 2>/dev/null || stat -c%s "${TEST_DIR}/backup_gz/backup_test.tar.gz")
+improvement=$(echo "scale=2; (${gz_size} - ${zst_size}) * 100 / ${gz_size}" | bc)
+
+echo "  Small files - .tar.gz size: ${gz_size} bytes"
+echo "  Small files - .tar.zst size: ${zst_size} bytes"
+echo "  Small files - Improvement: ${improvement}% smaller with zstd"
+
+# Test 8: Error handling - missing backup file
+echo ""
+echo "=== Test 8: Error handling - Missing backup file ==="
+result=$(get_archive_info "nonexistent_backup" "${TEST_DIR}/backup_zst")
+if [[ -z "${result}" ]]; then
+  echo "✓ Correctly handles missing backup files"
+else
+  echo "✗ Should return empty for missing files"
+  exit 1
+fi
+
+# Test 9: Error handling - Empty directory
+echo ""
+echo "=== Test 9: Error handling - Empty directory ==="
+mkdir -p "${TEST_DIR}/empty_dir"
+result=$(get_archive_info "backup_test" "${TEST_DIR}/empty_dir")
+if [[ -z "${result}" ]]; then
+  echo "✓ Correctly handles empty directories"
+else
+  echo "✗ Should return empty for empty directories"
+  exit 1
+fi
+
+# Test 10: Priority test - .tar.zst preferred over .tar.gz
+echo ""
+echo "=== Test 10: Format priority - .tar.zst preferred ==="
+mkdir -p "${TEST_DIR}/both_formats"
+touch "${TEST_DIR}/both_formats/backup_test.tar.gz"
+touch "${TEST_DIR}/both_formats/backup_test.tar.zst"
+result=$(get_archive_info "backup_test" "${TEST_DIR}/both_formats")
+if [[ "${result}" =~ "zstd" ]]; then
+  echo "✓ Correctly prefers .tar.zst when both formats exist"
+else
+  echo "✗ Should prefer .tar.zst over .tar.gz"
+  exit 1
+fi
+
+# Test 11: Large file compression test
+echo ""
+echo "=== Test 11: Large file compression test ==="
+mkdir -p "${TEST_DIR}/large_data"
+# Create ~10MB of compressible data (log-like content)
+for i in {1..50000}; do
+  echo "[$(date '+%Y-%m-%d %H:%M:%S')] INFO: Processing email message $i from user@example.com to recipient@domain.com" >> "${TEST_DIR}/large_data/maillog.txt"
+  echo "[$(date '+%Y-%m-%d %H:%M:%S')] DEBUG: SMTP connection established from 192.168.1.$((i % 255))" >> "${TEST_DIR}/large_data/maillog.txt"
+done 2>/dev/null
+
+# Get size (portable: works on Linux and macOS)
+if du --version 2>/dev/null | grep -q GNU; then
+  original_size=$(du -sb "${TEST_DIR}/large_data" | cut -f1)
+else
+  # macOS
+  original_size=$(find "${TEST_DIR}/large_data" -type f -exec stat -f%z {} \; | awk '{sum+=$1} END {print sum}')
+fi
+echo "  Original data size: $(echo "scale=2; ${original_size} / 1024 / 1024" | bc) MB"
+
+# Backup with zstd
+docker run --rm \
+  -w /data \
+  -v "${TEST_DIR}/large_data:/data:ro" \
+  -v "${TEST_DIR}/backup_large_zst:/backup" \
+  mailcow-backup-test \
+  /bin/tar --use-compress-program="zstd --rsyncable -T${THREADS}" \
+  -cvpf /backup/backup_large.tar.zst . \
+  > /dev/null 2>&1
+
+# Backup with pigz
+docker run --rm \
+  -w /data \
+  -v "${TEST_DIR}/large_data:/data:ro" \
+  -v "${TEST_DIR}/backup_large_gz:/backup" \
+  mailcow-backup-test \
+  /bin/tar --use-compress-program="pigz --rsyncable -p ${THREADS}" \
+  -cvpf /backup/backup_large.tar.gz . \
+  > /dev/null 2>&1
+
+zst_large_size=$(stat -f%z "${TEST_DIR}/backup_large_zst/backup_large.tar.zst" 2>/dev/null || stat -c%s "${TEST_DIR}/backup_large_zst/backup_large.tar.zst" 2>/dev/null || echo "0")
+gz_large_size=$(stat -f%z "${TEST_DIR}/backup_large_gz/backup_large.tar.gz" 2>/dev/null || stat -c%s "${TEST_DIR}/backup_large_gz/backup_large.tar.gz" 2>/dev/null || echo "0")
+
+if [[ ${zst_large_size} -gt 0 ]] && [[ ${gz_large_size} -gt 0 ]]; then
+  large_improvement=$(echo "scale=2; (${gz_large_size} - ${zst_large_size}) * 100 / ${gz_large_size}" | bc)
+
+  echo "  .tar.gz compressed: $(echo "scale=2; ${gz_large_size} / 1024 / 1024" | bc) MB"
+  echo "  .tar.zst compressed: $(echo "scale=2; ${zst_large_size} / 1024 / 1024" | bc) MB"
+  echo "  Improvement: ${large_improvement}% smaller with zstd"
+else
+  echo "  ✗ Failed to get file sizes"
+  exit 1
+fi
+
+if [[ $(echo "${large_improvement} > 0" | bc) -eq 1 ]]; then
+  echo "✓ zstd provides better compression on realistic data"
+else
+  echo "⚠ zstd compression similar or worse than gzip (unusual but not critical)"
+fi
+
+# Test 12: Thread scaling test
+echo ""
+echo "=== Test 12: Multi-threading verification ==="
+# This test verifies that different thread counts work (not measuring speed difference)
+for thread_count in 1 4; do
+  THREADS=${thread_count}
+  result=$(get_archive_info "backup_test" "${TEST_DIR}/backup_zst")
+  if [[ "${result}" =~ "-T${thread_count}" ]]; then
+    echo "✓ Thread count ${thread_count} correctly configured"
+  else
+    echo "✗ Thread count not properly applied"
+    exit 1
+  fi
+done
+
+echo ""
+echo "=== All tests passed! ==="
+echo ""
+echo "Summary:"
+echo "  ✓ zstd compression working"
+echo "  ✓ pigz compression working (legacy)"
+echo "  ✓ zstd decompression working"
+echo "  ✓ pigz decompression working (backward compatible)"
+echo "  ✓ Archive detection working"
+echo "  ✓ Content integrity verified"
+echo "  ✓ Format priority correct (.tar.zst preferred)"
+echo "  ✓ Error handling for missing files"
+echo "  ✓ Error handling for empty directories"
+echo "  ✓ Multi-threading configuration verified"
+echo "  ✓ Large file compression: ${large_improvement}% improvement"
+echo "  ✓ Small file compression: ${improvement}% improvement"

From 674b41ce082990c13177684ac5fc4b72f55ecdeb Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 12 Nov 2025 10:16:54 +0100
Subject: [PATCH 730/755] updated the Contributing Guidelines

---
 CONTRIBUTING.md | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index fae8f1d5f..d27c09de8 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,11 +1,11 @@
 # Contribution Guidelines
-**_Last modified on 15th August 2024_**
+**_Last modified on 12th November 2025_**
 
 First of all, thank you for wanting to provide a bugfix or a new feature for the mailcow community, it's because of your help that the project can continue to grow!
 
 As we want to keep mailcow's development structured we setup these Guidelines which helps you to create your issue/pull request accordingly.
 
-**PLEASE NOTE, THAT WE MIGHT CLOSE ISSUES/PULL REQUESTS IF THEY DON'T FULLFIL OUR WRITTEN GUIDELINES WRITTEN INSIDE THIS DOCUMENT**. So please check this guidelines before you propose a Issue/Pull Request.
+**PLEASE NOTE, THAT WE WILL CLOSE ISSUES/PULL REQUESTS IF THEY DON'T FULLFIL OUR WRITTEN GUIDELINES WRITTEN INSIDE THIS DOCUMENT**. So please check this guidelines before you propose a Issue/Pull Request.
 
 ## Topics
 
@@ -27,14 +27,18 @@ However, please note the following regarding pull requests:
 6. Please **ALWAYS** create the actual pull request against the staging branch and **NEVER** directly against the master branch. *If you forget to do this, our moobot will remind you to switch the branch to staging.*
 7. Wait for a merge commit: It may happen that we do not accept your pull request immediately or sometimes not at all for various reasons. Please do not be disappointed if this is the case. We always endeavor to incorporate any meaningful changes from the community into the mailcow project.
 8. If you are planning larger and therefore more complex pull requests, it would be advisable to first announce this in a separate issue and then start implementing it after the idea has been accepted in order to avoid unnecessary frustration and effort!
+9. If your PR requires a Docker image rebuild (changes to Dockerfiles or files in data/Dockerfiles/), update the image tag in docker-compose.yml. Use the base-image versioning (e.g. ghcr.io/mailcow/sogo:5.12.4 → :5.12.5 for version bumps; append a letter for patch fixes, e.g. :5.12.4a). Follow this scheme.
 
 ---
 
 ## Issue Reporting
-**_Last modified on 15th August 2024_**
+**_Last modified on 12th November 2025_**
 
 If you plan to report a issue within mailcow please read and understand the following rules:
 
+### Security disclosures / Security-related fixes
+- Security vulnerabilities and security fixes must always be reported confidentially first to the contact address specified in SECURITY.md before they are integrated, published, or publicly disclosed in issues/PRs. Please wait for a response from the specified contact to ensure coordinated and responsible disclosure.
+
 ### Issue Reporting Guidelines
 
 1. **ONLY** use the issue tracker for bug reports or improvement requests and NOT for support questions. For support questions you can either contact the [mailcow community on Telegram](https://docs.mailcow.email/#community-support-and-chat) or the mailcow team directly in exchange for a [support fee](https://docs.mailcow.email/#commercial-support).

From 62d16c9e56918863c12e2d3115244615e2cfc8bf Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 13 Nov 2025 14:59:49 +0100
Subject: [PATCH 731/755] compose: changes cronjobs to regular cron syntax +
 fixed sogo creds for cronjobs (#6866)

* cron: restructure cron timer to time on second (instead of random)

* dovecot: fix clearance for cron.creds file
---
 data/Dockerfiles/dovecot/docker-entrypoint.sh |  7 ++--
 docker-compose.yml                            | 32 +++++++++----------
 2 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index fe2341bfa..e58abbb6a 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -204,16 +204,17 @@ EOF
 # Create random master Password for SOGo SSO
 RAND_PASS=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 32 | head -n 1)
 echo -n ${RAND_PASS} > /etc/phpfpm/sogo-sso.pass
-# Creating additional creds file for SOGo notify crons (calendars, etc)
-echo -n ${RAND_USER}@mailcow.local:${RAND_PASS} > /etc/sogo/cron.creds
 cat <<EOF > /etc/dovecot/sogo-sso.conf
 # Autogenerated by mailcow
 passdb {
   driver = static
-  args = allow_real_nets=${IPV4_NETWORK}.248/32 password={plain}${RAND_PASS}
+  args = allow_nets=${IPV4_NETWORK}.248/32 password={plain}${RAND_PASS}
 }
 EOF
 
+# Creating additional creds file for SOGo notify crons (calendars, etc) (dummy user, sso password)
+echo -n ${RAND_USER}@mailcow.local:${RAND_PASS} > /etc/sogo/cron.creds
+
 if [[ "${MASTER}" =~ ^([nN][oO]|[nN])+$ ]]; then
   # Toggling MASTER will result in a rebuild of containers, so the quota script will be recreated
   cat <<'EOF' > /usr/local/bin/quota_notify.py
diff --git a/docker-compose.yml b/docker-compose.yml
index 0522a6a2b..fef738365 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -188,10 +188,10 @@ services:
       restart: always
       labels:
         ofelia.enabled: "true"
-        ofelia.job-exec.phpfpm_keycloak_sync.schedule: "@every 1m"
+        ofelia.job-exec.phpfpm_keycloak_sync.schedule: "0 * * * * *"
         ofelia.job-exec.phpfpm_keycloak_sync.no-overlap: "true"
         ofelia.job-exec.phpfpm_keycloak_sync.command: "/bin/bash -c \"php /crons/keycloak-sync.php || exit 0\""
-        ofelia.job-exec.phpfpm_ldap_sync.schedule: "@every 1m"
+        ofelia.job-exec.phpfpm_ldap_sync.schedule: "0 * * * * *"
         ofelia.job-exec.phpfpm_ldap_sync.no-overlap: "true"
         ofelia.job-exec.phpfpm_ldap_sync.command: "/bin/bash -c \"php /crons/ldap-sync.php || exit 0\""
       networks:
@@ -236,13 +236,13 @@ services:
         - sogo-userdata-backup-vol-1:/sogo_backup
       labels:
         ofelia.enabled: "true"
-        ofelia.job-exec.sogo_sessions.schedule: "@every 1m"
+        ofelia.job-exec.sogo_sessions.schedule: "0 * * * * *"
         ofelia.job-exec.sogo_sessions.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool -v expire-sessions $${SOGO_EXPIRE_SESSION} || exit 0\""
-        ofelia.job-exec.sogo_ealarms.schedule: "@every 1m"
+        ofelia.job-exec.sogo_ealarms.schedule: "0 * * * * *"
         ofelia.job-exec.sogo_ealarms.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-ealarms-notify -p /etc/sogo/cron.creds || exit 0\""
-        ofelia.job-exec.sogo_eautoreply.schedule: "@every 5m"
-        ofelia.job-exec.sogo_eautoreply.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool update-autoreply -p /etc/sogo/cron.creds || exit 0\""
-        ofelia.job-exec.sogo_backup.schedule: "@every 24h"
+        ofelia.job-exec.sogo_eautoreply.schedule: "0 */5 * * * *"
+        ofelia.job-exec.sogo_eautoreply.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool update-autoreply -p /etc/sogo/sieve.creds || exit 0\""
+        ofelia.job-exec.sogo_backup.schedule: "0 0 0 * * *"
         ofelia.job-exec.sogo_backup.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool backup /sogo_backup ALL || exit 0\""
       restart: always
       networks:
@@ -252,7 +252,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: ghcr.io/mailcow/dovecot:2.35
+      image: ghcr.io/mailcow/dovecot:2.3.21.1
       depends_on:
         - mysql-mailcow
         - netfilter-mailcow
@@ -310,22 +310,22 @@ services:
       tty: true
       labels:
         ofelia.enabled: "true"
-        ofelia.job-exec.dovecot_imapsync_runner.schedule: "@every 1m"
+        ofelia.job-exec.dovecot_imapsync_runner.schedule: "0 * * * * *"
         ofelia.job-exec.dovecot_imapsync_runner.no-overlap: "true"
         ofelia.job-exec.dovecot_imapsync_runner.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu nobody /usr/local/bin/imapsync_runner.pl || exit 0\""
-        ofelia.job-exec.dovecot_trim_logs.schedule: "@every 1m"
+        ofelia.job-exec.dovecot_trim_logs.schedule: "0 * * * * *"
         ofelia.job-exec.dovecot_trim_logs.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/trim_logs.sh || exit 0\""
-        ofelia.job-exec.dovecot_quarantine.schedule: "@every 20m"
+        ofelia.job-exec.dovecot_quarantine.schedule: "0 */20 * * * *"
         ofelia.job-exec.dovecot_quarantine.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/quarantine_notify.py || exit 0\""
-        ofelia.job-exec.dovecot_clean_q_aged.schedule: "@every 24h"
+        ofelia.job-exec.dovecot_clean_q_aged.schedule: "0 0 0 * * *"
         ofelia.job-exec.dovecot_clean_q_aged.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/clean_q_aged.sh || exit 0\""
-        ofelia.job-exec.dovecot_maildir_gc.schedule: "@every 30m"
+        ofelia.job-exec.dovecot_maildir_gc.schedule: "0 */30 * * * *"
         ofelia.job-exec.dovecot_maildir_gc.command: "/bin/bash -c \"source /source_env.sh ; /usr/local/bin/gosu vmail /usr/local/bin/maildir_gc.sh\""
-        ofelia.job-exec.dovecot_sarules.schedule: "@every 24h"
+        ofelia.job-exec.dovecot_sarules.schedule: "0 0 0 * * *"
         ofelia.job-exec.dovecot_sarules.command: "/bin/bash -c \"/usr/local/bin/sa-rules.sh\""
-        ofelia.job-exec.dovecot_fts.schedule: "@every 24h"
+        ofelia.job-exec.dovecot_fts.schedule: "0 0 0 * * *"
         ofelia.job-exec.dovecot_fts.command: "/bin/bash -c \"/usr/local/bin/gosu vmail /usr/local/bin/optimize-fts.sh\""
-        ofelia.job-exec.dovecot_repl_health.schedule: "@every 5m"
+        ofelia.job-exec.dovecot_repl_health.schedule: "0 */5 * * * *"
         ofelia.job-exec.dovecot_repl_health.command: "/bin/bash -c \"/usr/local/bin/gosu vmail /usr/local/bin/repl_health.sh\""
       ulimits:
         nproc: 65535

From 7313f996d321a8e6e19a054f62d95aff4cc32711 Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Thu, 13 Nov 2025 15:16:00 +0100
Subject: [PATCH 732/755] Update to trixie (#6907)

---
 data/Dockerfiles/backup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/backup/Dockerfile b/data/Dockerfiles/backup/Dockerfile
index 7f989c399..9ff6bbb13 100644
--- a/data/Dockerfiles/backup/Dockerfile
+++ b/data/Dockerfiles/backup/Dockerfile
@@ -1,3 +1,3 @@
-FROM debian:bookworm-slim
+FROM debian:trixie-slim
 
 RUN apt update && apt install pigz zstd -y --no-install-recommends
\ No newline at end of file

From ae3ef391ee4bed52727274e04dca5f71091124a7 Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik+github@kernstock.net>
Date: Thu, 13 Nov 2025 15:16:44 +0100
Subject: [PATCH 733/755] Remove deprecated 'X-XSS-Protection' header (#6871)

---
 data/conf/nginx/templates/sites-default.conf.j2 | 1 -
 1 file changed, 1 deletion(-)

diff --git a/data/conf/nginx/templates/sites-default.conf.j2 b/data/conf/nginx/templates/sites-default.conf.j2
index 23fe7b788..f3d734528 100644
--- a/data/conf/nginx/templates/sites-default.conf.j2
+++ b/data/conf/nginx/templates/sites-default.conf.j2
@@ -14,7 +14,6 @@ ssl_session_tickets off;
 
 add_header Strict-Transport-Security "max-age=15768000;";
 add_header X-Content-Type-Options nosniff;
-add_header X-XSS-Protection "1; mode=block";
 add_header X-Robots-Tag none;
 add_header X-Download-Options noopen;
 add_header X-Frame-Options "SAMEORIGIN" always;

From 7b29c1f30401942ed39950a514fd59e0b8b4694d Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik+github@kernstock.net>
Date: Thu, 13 Nov 2025 15:19:11 +0100
Subject: [PATCH 734/755] Disable nginx server_tokens in http context (#6873)

---
 data/conf/nginx/templates/nginx.conf.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/conf/nginx/templates/nginx.conf.j2 b/data/conf/nginx/templates/nginx.conf.j2
index 4b32ff15b..08a85a144 100644
--- a/data/conf/nginx/templates/nginx.conf.j2
+++ b/data/conf/nginx/templates/nginx.conf.j2
@@ -13,6 +13,7 @@ events {
 http {
     include /etc/nginx/mime.types;
     default_type  application/octet-stream;
+    server_tokens off;
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '

From 0413d268552b845916b94eda54bc3dba0ee12798 Mon Sep 17 00:00:00 2001
From: Josh <75700a85-1205-4740-aebf-4413a352e81b@otake.pw>
Date: Thu, 13 Nov 2025 07:05:01 -0800
Subject: [PATCH 735/755] Allow making spam aliases permanent (#6888)

* Allow making spam aliases permanent

* added german translation

* updated Spamalias Twig + Rename in Spam Alias

* compose: update image tags to align to vendor version

---------

Co-authored-by: DerLinkman <niklas.meyer@servercow.de>
---
 data/Dockerfiles/phpfpm/docker-entrypoint.sh |  2 +-
 data/Dockerfiles/postfix/postfix.sh          |  4 +--
 data/web/inc/functions.mailbox.inc.php       | 37 ++++++++++++++------
 data/web/inc/init_db.inc.php                 |  5 +--
 data/web/js/site/user.js                     | 22 ++++++++++--
 data/web/lang/lang.de-de.json                |  7 ++--
 data/web/lang/lang.en-gb.json                |  5 ++-
 data/web/lang/lang.es-es.json                |  7 +++-
 data/web/lang/lang.ja-jp.json                |  3 ++
 data/web/templates/user/SpamAliases.twig     | 14 ++++----
 docker-compose.yml                           |  4 +--
 11 files changed, 80 insertions(+), 30 deletions(-)

diff --git a/data/Dockerfiles/phpfpm/docker-entrypoint.sh b/data/Dockerfiles/phpfpm/docker-entrypoint.sh
index 0d09ac5fc..d7fa15556 100755
--- a/data/Dockerfiles/phpfpm/docker-entrypoint.sh
+++ b/data/Dockerfiles/phpfpm/docker-entrypoint.sh
@@ -167,7 +167,7 @@ DELIMITER //
 CREATE EVENT clean_spamalias
 ON SCHEDULE EVERY 1 DAY DO
 BEGIN
-  DELETE FROM spamalias WHERE validity < UNIX_TIMESTAMP();
+  DELETE FROM spamalias WHERE validity < UNIX_TIMESTAMP() AND permanent = 0;
 END;
 //
 DELIMITER ;
diff --git a/data/Dockerfiles/postfix/postfix.sh b/data/Dockerfiles/postfix/postfix.sh
index 0a6494ed6..0a8ed736e 100755
--- a/data/Dockerfiles/postfix/postfix.sh
+++ b/data/Dockerfiles/postfix/postfix.sh
@@ -390,7 +390,7 @@ hosts = unix:/var/run/mysqld/mysqld.sock
 dbname = ${DBNAME}
 query = SELECT goto FROM spamalias
   WHERE address='%s'
-    AND validity >= UNIX_TIMESTAMP()
+    AND (validity >= UNIX_TIMESTAMP() OR permanent != 0)
 EOF
 
 if [ ! -f /opt/postfix/conf/dns_blocklists.cf ]; then
@@ -524,4 +524,4 @@ if [[ $? != 0 ]]; then
 else
   postfix -c /opt/postfix/conf start
   sleep 126144000
-fi
\ No newline at end of file
+fi
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 7638c9bbf..d8e4e178a 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -49,6 +49,12 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             // Default to 1 yr
             $_data["validity"] = 8760;
           }
+          if (isset($_data["permanent"]) && filter_var($_data["permanent"], FILTER_VALIDATE_BOOL)) {
+            $permanent = 1;
+          }
+          else {
+            $permanent = 0;
+          }
           $domain = $_data['domain'];
           $description = $_data['description'];
           $valid_domains[] = mailbox('get', 'mailbox_details', $username)['domain'];
@@ -65,13 +71,14 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             return false;
           }
           $validity = strtotime("+" . $_data["validity"] . " hour");
-          $stmt = $pdo->prepare("INSERT INTO `spamalias` (`address`, `description`, `goto`, `validity`) VALUES
-            (:address, :description, :goto, :validity)");
+          $stmt = $pdo->prepare("INSERT INTO `spamalias` (`address`, `description`, `goto`, `validity`, `permanent`) VALUES
+            (:address, :description, :goto, :validity, :permanent)");
           $stmt->execute(array(
             ':address' => readable_random_string(rand(rand(3, 9), rand(3, 9))) . '.' . readable_random_string(rand(rand(3, 9), rand(3, 9))) . '@' . $domain,
             ':description' => $description,
             ':goto' => $username,
-            ':validity' => $validity
+            ':validity' => $validity,
+            ':permanent' => $permanent
           ));
           $_SESSION['return'][] = array(
             'type' => 'success',
@@ -2103,15 +2110,23 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               );
               continue;
             }
-            if (empty($_data['validity'])) {
+            if (empty($_data['validity']) && empty($_data['permanent'])) {
               continue;
             }
-            $validity = round((int)time() + ($_data['validity'] * 3600));
-            $stmt = $pdo->prepare("UPDATE `spamalias` SET `validity` = :validity WHERE
+            if (isset($_data['permanent']) && filter_var($_data['permanent'], FILTER_VALIDATE_BOOL)) {
+              $permanent = 1;
+              $validity = 0;
+            }
+            else if (isset($_data['validity'])) {
+              $permanent = 0;
+              $validity = round((int)time() + ($_data['validity'] * 3600));
+            }
+            $stmt = $pdo->prepare("UPDATE `spamalias` SET `validity` = :validity, `permanent` = :permanent WHERE
               `address` = :address");
             $stmt->execute(array(
               ':address' => $address,
-              ':validity' => $validity
+              ':validity' => $validity,
+              ':permanent' => $permanent
             ));
             $_SESSION['return'][] = array(
               'type' => 'success',
@@ -4584,10 +4599,12 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             `description`,
             `validity`,
             `created`,
-            `modified`
+            `modified`,
+            `permanent`
               FROM `spamalias`
                 WHERE `goto` = :username
-                  AND `validity` >= :unixnow");
+                  AND (`validity` >= :unixnow
+                    OR `permanent` != 0)");
           $stmt->execute(array(':username' => $_data, ':unixnow' => time()));
           $tladata = $stmt->fetchAll(PDO::FETCH_ASSOC);
           return $tladata;
@@ -5162,7 +5179,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             $stmt = $pdo->prepare("SELECT COALESCE(SUM(`quota`), 0) as `in_use` FROM `mailbox` WHERE (`kind` = '' OR `kind` = NULL) AND `domain` = :domain AND `username` != :username");
             $stmt->execute(array(':domain' => $row['domain'], ':username' => $_data));
             $MailboxUsage = $stmt->fetch(PDO::FETCH_ASSOC);
-            $stmt = $pdo->prepare("SELECT IFNULL(COUNT(`address`), 0) AS `sa_count` FROM `spamalias` WHERE `goto` = :address AND `validity` >= :unixnow");
+            $stmt = $pdo->prepare("SELECT IFNULL(COUNT(`address`), 0) AS `sa_count` FROM `spamalias` WHERE `goto` = :address AND (`validity` >= :unixnow OR `permanent` != 0)");
             $stmt->execute(array(':address' => $_data, ':unixnow' => time()));
             $SpamaliasUsage = $stmt->fetch(PDO::FETCH_ASSOC);
             $mailboxdata['max_new_quota'] = ($DomainQuota['quota'] * 1048576) - $MailboxUsage['in_use'];
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index b8ab85253..ffaf12093 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -4,7 +4,7 @@ function init_db_schema()
   try {
     global $pdo;
 
-    $db_version = "07102025_1015";
+    $db_version = "10312025_0525";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -554,7 +554,8 @@ function init_db_schema()
           "description" => "TEXT NOT NULL",
           "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
           "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "validity" => "INT(11)"
+          "validity" => "INT(11)",
+          "permanent" => "TINYINT(1) NOT NULL DEFAULT '0'"
         ),
         "keys" => array(
           "primary" => array(
diff --git a/data/web/js/site/user.js b/data/web/js/site/user.js
index 10960c5d9..5eecf2080 100644
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@@ -175,6 +175,10 @@ jQuery(function($){
                 '</div>';
               item.chkbox = '<input type="checkbox" class="form-check-input" data-id="tla" name="multi_select" value="' + encodeURIComponent(item.address) + '" />';
               item.address = escapeHtml(item.address);
+              item.validity = {
+                value: item.validity,
+                permanent: item.permanent
+              };
             }
             else {
               item.chkbox = '<input type="checkbox" class="form-check-input" disabled />';
@@ -218,9 +222,21 @@ jQuery(function($){
           title: lang.alias_valid_until,
           data: 'validity',
           defaultContent: '',
-          createdCell: function(td, cellData) {
-            createSortableDate(td, cellData)
-          }
+          render: function (data, type) {
+            var date = new Date(data.value ? data.value * 1000 : 0);
+            switch (type) {
+              case "sort":
+                if (data.permanent) {
+                  return 0;
+                }
+                return date.getTime();
+              default:
+                if (data.permanent) {
+                  return lang.forever;
+                }
+                return date.toLocaleDateString(LOCALE, DATETIME_FORMAT);
+            }
+          },
         },
         {
           title: lang.created_on,
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index dbc6b2f93..762c055af 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -987,7 +987,7 @@
         "sogo_visible": "Alias Sichtbarkeit in SOGo",
         "sogo_visible_n": "Alias in SOGo verbergen",
         "sogo_visible_y": "Alias in SOGo anzeigen",
-        "spam_aliases": "Temp. Alias",
+        "spam_aliases": "Spam-Alias",
         "stats": "Statistik",
         "status": "Status",
         "sync_jobs": "Synchronisationen",
@@ -1281,7 +1281,9 @@
         "encryption": "Verschlüsselung",
         "excludes": "Ausschlüsse",
         "expire_in": "Ungültig in",
+        "expire_never": "Niemals ungültig",
         "fido2_webauthn": "FIDO2/WebAuthn",
+        "forever": "Für immer",
         "force_pw_update": "Das Passwort für diesen Benutzer <b>muss</b> geändert werden, damit die Zugriffssperre auf die Groupware-Komponenten wieder freigeschaltet wird.",
         "from": "von",
         "generate": "generieren",
@@ -1346,7 +1348,8 @@
         "sogo_profile_reset": "SOGo-Profil zurücksetzen",
         "sogo_profile_reset_help": "Das Profil wird inklusive <b>aller</b> Kalender- und Kontaktdaten <b>unwiederbringlich gelöscht</b>.",
         "sogo_profile_reset_now": "Profil jetzt zurücksetzen",
-        "spam_aliases": "Temporäre E-Mail-Aliasse",
+        "spam_aliases": "Spam E-Mail-Aliasse",
+        "spam_aliases_info": "Ein Spam-Alias ist eine temporäre E-Mailadresse, die benutzt werden kann, um eine echte E-Mail Adressen zu schützen. <br>Optional kann eine Ablaufzeit gesetzt werden, sodass der Alias nach dem definierten Zeitraum automatisch deaktiviert wird, was missbrauchte oder geleakte Adressen effektiv entsorgt.",
         "spam_score_reset": "Auf Server-Standard zurücksetzen",
         "spamfilter": "Spamfilter",
         "spamfilter_behavior": "Bewertung",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index d46e4606c..1e8525957 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -1288,7 +1288,9 @@
         "encryption": "Encryption",
         "excludes": "Excludes",
         "expire_in": "Expire in",
+        "expire_never": "Never Expire",
         "fido2_webauthn": "FIDO2/WebAuthn",
+        "forever": "Forever",
         "force_pw_update": "You <b>must</b> set a new password to be able to access groupware related services.",
         "from": "from",
         "generate": "generate",
@@ -1355,7 +1357,8 @@
         "sogo_profile_reset": "Reset SOGo profile",
         "sogo_profile_reset_help": "This will destroy a user's SOGo profile and <b>delete all contact and calendar data irretrievable</b>.",
         "sogo_profile_reset_now": "Reset profile now",
-        "spam_aliases": "Temporary email aliases",
+        "spam_aliases": "Spam email aliases",
+        "spam_aliases_info": "A spam alias is a temporary email address that can be used to protect real email addresses. <br>Optionally, an expiration time can be set so that the alias is automatically deactivated after the defined period, effectively disposing of abused or leaked addresses.",
         "spam_score_reset": "Reset to server default",
         "spamfilter": "Spam filter",
         "spamfilter_behavior": "Rating",
diff --git a/data/web/lang/lang.es-es.json b/data/web/lang/lang.es-es.json
index f357b9a80..7d86973ac 100644
--- a/data/web/lang/lang.es-es.json
+++ b/data/web/lang/lang.es-es.json
@@ -1084,6 +1084,7 @@
         "aliases_send_as_all": "No verificar permisos del remitente para los siguientes dominios (y sus aliases)",
         "change_password": "Cambiar contraseña",
         "create_syncjob": "Crear nuevo trabajo de sincronización",
+        "created_on": "Creado",
         "daily": "Cada día",
         "day": "Día",
         "description": "Descripción",
@@ -1095,6 +1096,9 @@
         "edit": "Editar",
         "encryption": "Cifrado",
         "excludes": "Excluye",
+        "expire_in": "Expirará en",
+        "expire_never": "Nunca expirará",
+        "forever": "Siempre",
         "hour": "Hora",
         "hourly": "Cada hora",
         "hours": "Horas",
@@ -1115,7 +1119,8 @@
         "shared_aliases": "Alias compartidos",
         "shared_aliases_desc": "Los alias compartidos no se ven afectados por la configuración específica del usuario, como el filtro de correo no deseado o la política de cifrado. Los filtros de spam correspondientes solo pueden ser realizados por un administrador como una política de dominio.",
         "sogo_profile_reset": "Resetear perfil SOGo",
-        "spam_aliases": "Alias de email temporales",
+        "spam_aliases": "Alias de email de spam",
+        "spam_aliases_info": "Un alias de spam es una dirección de correo electrónico temporal que se puede usar para proteger direcciones de correo electrónico reales. <br>Opcionalmente, se puede establecer un tiempo de expiración para que el alias se desactive automáticamente después del período definido, eliminando efectivamente las direcciones abusadas o filtradas.",
         "spamfilter": "Filtro anti-spam",
         "spamfilter_behavior": "Clasificación",
         "spamfilter_bl": "Lista negra",
diff --git a/data/web/lang/lang.ja-jp.json b/data/web/lang/lang.ja-jp.json
index 74c04248c..6dfa5d87b 100644
--- a/data/web/lang/lang.ja-jp.json
+++ b/data/web/lang/lang.ja-jp.json
@@ -1187,6 +1187,7 @@
         "created_on": "作成日",
         "daily": "毎日",
         "day": "日",
+        "description": "説明",
         "delete_ays": "削除プロセスを確認してください。",
         "direct_aliases": "直接エイリアスアドレス",
         "direct_aliases_desc": "直接エイリアスアドレスは、スパムフィルターおよびTLSポリシー設定の影響を受けます。",
@@ -1201,7 +1202,9 @@
         "encryption": "暗号化",
         "excludes": "除外",
         "expire_in": "有効期限まで",
+        "expire_never": "有効期限なし",
         "fido2_webauthn": "FIDO2/WebAuthn",
+        "forever": "有効期限なし",
         "force_pw_update": "グループウェア関連サービスにアクセスするには、新しいパスワードを<b>必ず</b>設定する必要があります。",
         "from": "送信元",
         "generate": "生成",
diff --git a/data/web/templates/user/SpamAliases.twig b/data/web/templates/user/SpamAliases.twig
index 83b056c34..466c283c1 100644
--- a/data/web/templates/user/SpamAliases.twig
+++ b/data/web/templates/user/SpamAliases.twig
@@ -8,6 +8,7 @@
     </div>
     <div id="collapse-tab-SpamAliases" class="card-body collapse" data-bs-parent="#user-content">
       <div class="row">
+        <p>{{ lang.user.spam_aliases_info|raw }}</p>
         <div class="col-md-12 col-sm-12 col-12">
           <table id="tla_table" class="table table-striped dt-responsive w-100"></table>
         </div>
@@ -18,12 +19,13 @@
             <a class="btn btn-sm btn-xs-half d-block d-sm-inline btn-secondary" id="toggle_multi_select_all" data-id="tla" href="#"><i class="bi bi-check-all"></i> {{ lang.mailbox.toggle_all }}</a>
             <a class="btn btn-sm btn-xs-half d-block d-sm-inline btn-secondary dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.quick_actions }}</a>
             <ul class="dropdown-menu">
-              <li><a class="dropdown-item" data-action="edit_selected" data-id="tla" data-api-url='edit/time_limited_alias' data-api-attr='{"validity":"1"}' href="#">{{ lang.user.expire_in }} 1 {{ lang.user.hour }}</a></li>
-              <li><a class="dropdown-item" data-action="edit_selected" data-id="tla" data-api-url='edit/time_limited_alias' data-api-attr='{"validity":"24"}' href="#">{{ lang.user.expire_in }} 1 {{ lang.user.day }}</a></li>
-              <li><a class="dropdown-item" data-action="edit_selected" data-id="tla" data-api-url='edit/time_limited_alias' data-api-attr='{"validity":"168"}' href="#">{{ lang.user.expire_in }} 1 {{ lang.user.week }}</a></li>
-              <li><a class="dropdown-item" data-action="edit_selected" data-id="tla" data-api-url='edit/time_limited_alias' data-api-attr='{"validity":"744"}' href="#">{{ lang.user.expire_in }} 1 {{ lang.user.month }}</a></li>
-              <li><a class="dropdown-item" data-action="edit_selected" data-id="tla" data-api-url='edit/time_limited_alias' data-api-attr='{"validity":"8760"}' href="#">{{ lang.user.expire_in }} 1 {{ lang.user.year }}</a></li>
-              <li><a class="dropdown-item" data-action="edit_selected" data-id="tla" data-api-url='edit/time_limited_alias' data-api-attr='{"validity":"87600"}' href="#">{{ lang.user.expire_in }} 10 {{ lang.user.years }}</a></li>
+              <li><a class="dropdown-item" data-action="edit_selected" data-id="tla" data-api-url='edit/time_limited_alias' data-api-attr='{"validity":"1","permanent":"0"}' href="#">{{ lang.user.expire_in }} 1 {{ lang.user.hour }}</a></li>
+              <li><a class="dropdown-item" data-action="edit_selected" data-id="tla" data-api-url='edit/time_limited_alias' data-api-attr='{"validity":"24","permanent":"0"}' href="#">{{ lang.user.expire_in }} 1 {{ lang.user.day }}</a></li>
+              <li><a class="dropdown-item" data-action="edit_selected" data-id="tla" data-api-url='edit/time_limited_alias' data-api-attr='{"validity":"168","permanent":"0"}' href="#">{{ lang.user.expire_in }} 1 {{ lang.user.week }}</a></li>
+              <li><a class="dropdown-item" data-action="edit_selected" data-id="tla" data-api-url='edit/time_limited_alias' data-api-attr='{"validity":"744","permanent":"0"}' href="#">{{ lang.user.expire_in }} 1 {{ lang.user.month }}</a></li>
+              <li><a class="dropdown-item" data-action="edit_selected" data-id="tla" data-api-url='edit/time_limited_alias' data-api-attr='{"validity":"8760","permanent":"0"}' href="#">{{ lang.user.expire_in }} 1 {{ lang.user.year }}</a></li>
+              <li><a class="dropdown-item" data-action="edit_selected" data-id="tla" data-api-url='edit/time_limited_alias' data-api-attr='{"validity":"87600","permanent":"0"}' href="#">{{ lang.user.expire_in }} 10 {{ lang.user.years }}</a></li>
+              <li><a class="dropdown-item" data-action="edit_selected" data-id="tla" data-api-url='edit/time_limited_alias' data-api-attr='{"permanent":"1"}' href="#">{{ lang.user.expire_never }}</a></li>
               <li><hr class="dropdown-divider"></li>
               <li><a class="dropdown-item" data-action="delete_selected" data-id="tla" data-api-url='delete/time_limited_alias' href="#">{{ lang.mailbox.remove }}</a></li>
             </ul>
diff --git a/docker-compose.yml b/docker-compose.yml
index fef738365..f7390c797 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -117,7 +117,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: ghcr.io/mailcow/phpfpm:1.94
+      image: ghcr.io/mailcow/phpfpm:8.2.29
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow
@@ -339,7 +339,7 @@ services:
             - dovecot
 
     postfix-mailcow:
-      image: ghcr.io/mailcow/postfix:1.81
+      image: ghcr.io/mailcow/postfix:3.7.11
       depends_on:
         mysql-mailcow:
           condition: service_started

From 98320061410e6795debe93456a5362edd0c3f379 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Mon, 17 Nov 2025 23:23:07 +0100
Subject: [PATCH 736/755] Translations update from Weblate (#6916)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Web] Updated lang.si-si.json

Co-authored-by: Matjaž Tekavec <matjaz@moj-svet.si>

* [Web] Updated lang.ru-ru.json

Co-authored-by: Habetdin <15926758+Habetdin@users.noreply.github.com>

* [Web] Updated lang.pl-pl.json

[Web] Updated lang.pl-pl.json

[Web] Updated lang.pl-pl.json

Co-authored-by: Monika Bark <rychert.monika@wp.pl>
Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

---------

Co-authored-by: Matjaž Tekavec <matjaz@moj-svet.si>
Co-authored-by: Habetdin <15926758+Habetdin@users.noreply.github.com>
Co-authored-by: Monika Bark <rychert.monika@wp.pl>
Co-authored-by: Peter <magic@kthx.at>
---
 data/web/lang/lang.pl-pl.json | 157 ++++++++++++++++++++++++++--------
 data/web/lang/lang.ru-ru.json |  38 ++++++--
 data/web/lang/lang.si-si.json |  13 +--
 3 files changed, 159 insertions(+), 49 deletions(-)

diff --git a/data/web/lang/lang.pl-pl.json b/data/web/lang/lang.pl-pl.json
index b08b115a8..61a17a749 100644
--- a/data/web/lang/lang.pl-pl.json
+++ b/data/web/lang/lang.pl-pl.json
@@ -85,7 +85,7 @@
         "delete2": "Usuń wiadomości w miejscu docelowym, które nie znajdują się w źródle",
         "destination": "Miejsce docelowe",
         "disable_login": "Nie pozwalaj na logowanie(poczta przychodząca jest nadal akceptowana)",
-        "domain_matches_hostname": "Domena %s pasuje do nazwy hosta",
+        "domain_matches_hostname": "Domena pasuje do nazwy hosta",
         "dry": "Symulacja synchronizacji",
         "gal": "Globalna lista adresów",
         "gal_info": "GAL zawiera wszystkie obiekty domeny i nie może być edytowany przez żadnego użytkownika. Wolne/zajęte logi w SOGo bedą nidostępne, jeśli są wyłączone! <b>Uruchom ponownie SOGo, aby zastosować zmiany.</b>",
@@ -139,7 +139,7 @@
         "f2b_max_attempts": "Max. ilość prób",
         "f2b_parameters": "Parametry Fail2ban",
         "f2b_retry_window": "Spróbuj ponownie (s) dla max. ilości prób",
-        "f2b_whitelist": "Biała lista sieci/hosty",
+        "f2b_whitelist": "Dozwolone sieci/hosty",
         "filter_table": "Tabela filtru",
         "forwarding_hosts": "Hosty przekazujące",
         "forwarding_hosts_add_hint": "Możesz albo wyszczególnić adresy IPv4/IPv6, sieci w notacji CIDR, nazwy hostów (które zostaną rozłożone na adresy IP), albo nazwy domen (które zostaną rozłożone na adresy IP poprzez sprawdzanie rekordów SPF lub, w razie ich braku, rekordów MX).",
@@ -205,7 +205,7 @@
         "convert_html_to_text": "Konwertuj HTML na zwykły tekst",
         "copy_to_clipboard": "Tekst skopiowany do schowka!",
         "cors_settings": "Ustawienia CORS",
-        "credentials_transport_warning": "Ostrzeżenie</b>: Dodanie nowego wpisu mapy transportu spowoduje aktualizację danych uwierzytelniających dla wszystkich wpisów z pasującą kolumną hop.",
+        "credentials_transport_warning": "<b>Ostrzeżenie</b>: Dodanie nowego wpisu mapy transportu spowoduje aktualizację danych uwierzytelniających dla wszystkich wpisów z pasującą kolumną hop.",
         "customer_id": "Identyfikator klienta",
         "customize": "Dostosuj",
         "login_page": "Strona logowania",
@@ -226,7 +226,7 @@
         "f2b_ban_time_increment": "Czas zakazu jest zwiększany z każdym zakazem",
         "f2b_blacklist": "Lista odrzuconych sieci/hostów",
         "f2b_filter": "Filtry Regex",
-        "f2b_list_info": "Odrzucony host lub sieć zawsze będzie przewyższać jednostkę zezwalającą.</b>Zastosowanie aktualizacji listy zajmie kilka sekund.</b><b>",
+        "f2b_list_info": "Odrzucony host lub sieć zawsze będzie przewyższać jednostkę zezwalającą.<b>Zastosowanie aktualizacji listy zajmie kilka sekund.</b>",
         "f2b_manage_external": "Zarządzaj Fail2Ban zewnętrznie",
         "f2b_manage_external_info": "Fail2ban nadal będzie utrzymywać listę banów, ale nie będzie aktywnie ustalać zasad blokowania ruchu. Użyj wygenerowane listy banów poniżej, aby zewnętrznie zablokować ruch.",
         "f2b_max_ban_time": "Max. czas bana (s)",
@@ -240,7 +240,7 @@
         "generate": "Generuj",
         "guid": "GUID - unikalny identyfikator instancji",
         "guid_and_license": "GUID & licencja",
-        "hash_remove_info": "Usunięcie hasha z limitem współczynnika (jeśli nadal istnieje) spowoduje całkowite zresetowanie jego licznika.<br>\n\nKażdy hash jest oznaczony indywidualnym kolorem.",
+        "hash_remove_info": "Usunięcie hasha z limitem współczynnika (jeśli nadal istnieje) spowoduje całkowite zresetowanie jego licznika.<br>\n\n    Każdy hash jest oznaczony indywidualnym kolorem.",
         "help_text": "Zastąp tekst pomocy poniżej maski logowania (dozwolone HTML)",
         "html": "HTML",
         "iam": "Dostawca tożsamości",
@@ -310,7 +310,7 @@
         "oauth2_add_client": "Dodaj klienta OAuth2",
         "oauth2_client_id": "ID klienta",
         "oauth2_client_secret": "Sekret klienta",
-        "oauth2_info": "Implementacja OAuth2 obsługuje typ grantu \"Kod autoryzacji\" i wydaje tokeny odświeżania.<br>\nSerwer automatycznie wydaje również nowe tokeny odświeżania, po użyciu tokena odświeżania.<br><br>\n&#8226; Domyślnym zakresem jest <i>profil</i>. Tylko użytkownicy skrzynek pocztowych mogą być uwierzytelniani w OAuth2. Jeśli parametr zakresu zostanie pominięty, wraca do <i>profil</i>.<br>\n\nParametr <i>state</i> musi zostać wysłany przez klienta w ramach żądania autoryzacji.<br><br>>\nŚcieżki zapytań do API OAuth2: <br>\n<ul>\nPunkt końcowy autoryzacji: <kod>/autoryzuj</koduj</koduj</li>\nPunkt końcowy tokena: <kod>/autoth/token</kod></li>\nStrona zasobów: <kod>/prawo/profil</kod>>\n</ul>\nRegeneracja tajemnicy klienta nie spowoduje wygaśnięcia istniejących kodów autoryzacyjnych, ale nie odnowi ich tokena.<br><br>\nOdwołanie tokenów klienta spowoduje natychmiastowe zakończenie wszystkich aktywnych sesji. Wszyscy klienci muszą się ponownie uwierzytelnić.",
+        "oauth2_info": "Implementacja OAuth2 obsługuje typ grantu \"Kod autoryzacji\" i wydaje tokeny odświeżania.<br>\nSerwer automatycznie wydaje również nowe tokeny odświeżania, po użyciu tokena odświeżania.<br><br>\n&#8226; Domyślnym zakresem jest <i>profil</i>. Tylko użytkownicy skrzynek pocztowych mogą być uwierzytelniani w OAuth2. Jeśli parametr zakresu zostanie pominięty, wraca do <i>profil</i>.<br>\n\nParametr <i>state</i> musi zostać wysłany przez klienta w ramach żądania autoryzacji.<br><br>>\nŚcieżki zapytań do API OAuth2: <br>\n<ul>\nPunkt końcowy autoryzacji\n<code>/oauth/authorize</code></li> <li>Token endpoint: <code>/oauth/token</code></li> <li>Resource page: <code>/oauth/profile</code></li>\n</ul>\nRegeneracja tajemnicy klienta nie spowoduje wygaśnięcia istniejących kodów autoryzacyjnych, ale nie odnowi ich tokena.<br><br>\nOdwołanie tokenów klienta spowoduje natychmiastowe zakończenie wszystkich aktywnych sesji. Wszyscy klienci muszą się ponownie uwierzytelnić.",
         "oauth2_redirect_uri": "Przekieruj URI",
         "oauth2_renew_secret": "Wygeneruj sekret nowego klienta",
         "oauth2_revoke_tokens": "Unieważnij wszystkie tokeny klienta",
@@ -368,7 +368,7 @@
         "rsetting_desc": "Krótki opis",
         "rsetting_no_selection": "Proszę zaznaczyć regułę",
         "rsetting_none": "Brak dostępnych reguł",
-        "rsettings_insert_preset": "Wstaw przykład presetowany \"%s\"",
+        "rsettings_insert_preset": "Wstaw przykładowy preset",
         "rsettings_preset_1": "Wyłącz wszystkie z wyjątkiem DKIM i limitu stawek dla uwierzytelnionych użytkowników",
         "rsettings_preset_2": "Administratorzy poczty pozwalają na spam",
         "rsettings_preset_3": "Zezwalaj tylko określonym nadawcom na skrzynkę pocztową (tj. używaj tylko jako wewnętrznej skrzynki pocztowej)",
@@ -418,21 +418,21 @@
         "alias_domain_invalid": "Alias domeny nieprawidłowy",
         "alias_empty": "Alias nie może być pusty",
         "alias_goto_identical": "Alias i Idź do nie mogą być identyczne",
-        "alias_invalid": "Alias nieprawidłowy",
+        "alias_invalid": "Adres aliasu jest nieprawidłowy",
         "aliasd_targetd_identical": "Alias domeny nie może być identyczny z domeną docelową",
         "aliases_in_use": "Maks. liczba aliasów musi być większa od lub równa %d",
         "description_invalid": "Nieprawidłowy opis źródła",
         "dkim_domain_or_sel_invalid": "Nieprawidłowa domena lub selektor DKIM",
-        "domain_exists": "Domena %s już istnieje",
+        "domain_exists": "Domena już istnieje",
         "domain_invalid": "Nazwa domeny jest pusta lub nieprawidłowa",
         "domain_not_empty": "Nie można usunąć niepustej domeny",
-        "domain_not_found": "Nie znaleziono domeny %s",
-        "domain_quota_m_in_use": "Limit domeny musi być większy lub równy do %s MiB",
+        "domain_not_found": "Nie znaleziono domeny",
+        "domain_quota_m_in_use": "Limit domeny musi być większy lub równy do MiB",
         "goto_empty": "Adres alias musi zawierać co najmniej jeden prawidłowy adres goto",
         "goto_invalid": "Adres Idź do jest nieprawidłowy",
-        "is_alias": "%s został już podany jako alias",
-        "is_alias_or_mailbox": "%s podano wcześniej jako alias lub skrzynkę",
-        "is_spam_alias": "%s podano wcześniej jako alias dla spam",
+        "is_alias": "został już podany jako alias",
+        "is_alias_or_mailbox": "jest już znany jako alias, skrzynka pocztowa lub adres aliasu rozwinięty z domeny aliasu.",
+        "is_spam_alias": "jest już znany jako tymczasowy adres aliasu (adres aliasu antyspamowego).",
         "last_key": "Nie można usunąć ostatniego klucza, zamiast tego należy wyłączyć TFA.",
         "login_failed": "Logowanie nie powiodło się",
         "mailbox_invalid": "Nieprawidłowa nazwa skrzynki",
@@ -456,34 +456,34 @@
         "sender_acl_invalid": "ACL Nadawcy jest nieprawidłowy",
         "target_domain_invalid": "Domena Idź do jest nieprawidłowa",
         "targetd_not_found": "Nie znaleziono domeny docelowej",
-        "username_invalid": "Nie można użyć nazwy użytkownika",
+        "username_invalid": "Nie można użyć tej nazwy użytkownika",
         "validity_missing": "Proszę wyznaczyć termin ważności",
         "to_invalid": "Pole odbiorca nie może być puste",
         "app_name_empty": "Nazwa aplikacji nie może być pusta",
-        "app_passwd_id_invalid": "Identyfikator hasła aplikacji %s jest niepoprawny",
+        "app_passwd_id_invalid": "Identyfikator hasła aplikacji jest niepoprawny",
         "authsource_in_use": "Nie można zmienić ani usunąć dostawcy tożsamości, ponieważ jest używany przez co najmniej jednego użytkownika.",
         "bcc_empty": "Miejsce docelowe BCC nie może być puste",
-        "bcc_exists": "Mapa BCC %s istnieje dla typu %s",
-        "bcc_must_be_email": "Miejsce docelowe BCC %s nie jest prawidłowym adresem e-mail",
+        "bcc_exists": "Mapa BCC istnieje już dla tego typu",
+        "bcc_must_be_email": "Miejsce docelowe BCC nie jest prawidłowym adresem e-mail",
         "comment_too_long": "Komentarz zbyt długi, maksymalnie 160 dozwolonych znaków.",
         "cors_invalid_method": "Podano nieprawidłową metodę Allow-Method",
         "cors_invalid_origin": "Podano nieprawidłową wartość Allow-Origin",
         "defquota_empty": "Domyślny limit skrzynki pocztowej nie może wynosić 0",
         "demo_mode_enabled": "Tryb demo jest włączony",
-        "dkim_domain_or_sel_exists": "Klucz DKIM dla \"%s\" istnieje i nie zostanie nadpisany",
+        "dkim_domain_or_sel_exists": "Klucz DKIM już istnieje i nie zostanie nadpisany",
         "domain_cannot_match_hostname": "Domena nie może być taka sama jak nazwa hosta",
         "extended_sender_acl_denied": "brak ACL do ustawiania adresów nadawcy zewnętrznego",
-        "extra_acl_invalid": "Adres nadawcy zewnętrznego \"%s\" jest nieważny",
-        "extra_acl_invalid_domain": "Nadawca zewnętrzny \"%s\" używa nieprawidłowej domeny",
-        "fido2_verification_failed": "Weryfikacja FIDO2 nie powiodła się: %s",
+        "extra_acl_invalid": "Adres nadawcy zewnętrznego jest nieprawidłowy",
+        "extra_acl_invalid_domain": "Nadawca zewnętrzny używa nieprawidłowej domeny",
+        "fido2_verification_failed": "Weryfikacja FIDO2 nie powiodła się",
         "file_open_error": "Nie można otworzyć pliku do zapisu",
         "filter_type": "Niewłaściwy typ filtra",
         "from_invalid": "Nadawca nie może być pusty",
         "generic_server_error": "Wystąpił nieoczekiwany błąd serwera. Skontaktuj się z administratorem.",
-        "global_filter_write_error": "Nie można zapisać pliku filtra: %s",
-        "global_map_invalid": "Id mapy globalnej %s nieprawidłowe",
-        "global_map_write_error": "Nie można napisać globalnej mapy ID %s: %s",
-        "ham_learn_error": "Błąd uczenia ham: %s",
+        "global_filter_write_error": "Nie można zapisać pliku filtra",
+        "global_map_invalid": "Id mapy globalnej nieprawidłowe",
+        "global_map_write_error": "Nie można zapisać globalnej mapy ID",
+        "ham_learn_error": "Błąd uczenia ham",
         "iam_test_connection": "Połączenie nie powiodło się",
         "imagick_exception": "Błąd: wyjątek Imagick podczas odczytu obrazu",
         "img_dimensions_exceeded": "Obraz przekracza maksymalny rozmiar obrazu",
@@ -491,14 +491,14 @@
         "img_size_exceeded": "Obraz przekracza maksymalny rozmiar pliku",
         "img_tmp_missing": "Nie można zweryfikować pliku obrazu: Nie znaleziono pliku tymczasowego",
         "invalid_bcc_map_type": "Nieprawidłowy typ mapy BCC",
-        "invalid_destination": "Format docelowy \"%s\" jest nieprawidłowy",
+        "invalid_destination": "Format docelowy jest nieprawidłowy",
         "invalid_filter_type": "Nieprawidłowy typ filtra",
-        "invalid_host": "Nieprawidłowy określony host: %s",
+        "invalid_host": "Nieprawidłowy określony host",
         "invalid_mime_type": "Niepoprawny typ mime",
         "invalid_nexthop": "Następny format hop jest nieprawidłowy",
         "invalid_nexthop_authenticated": "Następny hop już istnieje z innymi danymi logowania — zaktualizuj najpierw istniejące dane uwierzytelniające dla tego hopa",
-        "invalid_recipient_map_new": "Określony nieprawidłowy nowy odbiorca: %s",
-        "invalid_recipient_map_old": "Określony nieprawidłowy pierwotny odbiorca: %s",
+        "invalid_recipient_map_new": "Określony nieprawidłowy nowy odbiorca",
+        "invalid_recipient_map_old": "Określony nieprawidłowy pierwotny odbiorca",
         "invalid_reset_token": "Nieprawidłowy token resetu",
         "ip_list_empty": "Lista dozwolonych adresów IP nie może być pusta",
         "mailbox_defquota_exceeds_mailbox_maxquota": "Domyślny limit skrzynki pocztowej przekracza maksymalny dozwolony limit",
@@ -589,7 +589,7 @@
         "previous": "Poprzednia strona",
         "quota_mb": "Limit wielkośći (MiB)",
         "relay_all": "Przekaż wszystkim odbiorcom",
-        "relay_all_info": "<small>Jeśli decydujesz się <b>nie</b> przekazywać wszystkim odbiorcom, musisz dodać (\"ślepą\")skrzynkę dla każdego poszczególnego odbiorcy, któremu należy przekazać.</small>",
+        "relay_all_info": "↪ Jeśli zdecydujesz się <b>nie</b> przekazywać wszystkim odbiorcom, musisz dodać (\"ślepą\")skrzynkę dla każdego poszczególnego odbiorcy, któremu należy przekazać.",
         "relay_domain": "Domena przekaźnikowa",
         "remove": "Usuń",
         "resource": "Zasób",
@@ -637,7 +637,7 @@
         "extended_sender_acl": "Adresy nadawców zewnętrznych",
         "extended_sender_acl_info": "Klucz DKIM dla domeny powinien zostać zaimportowany, jeśli jest dostępny.\nPamiętaj, aby dodać ten serwer do odpowiadającego rekordu SPF typu TXT.\nKiedy domena lub domena aliasu zostanie dodana do tego serwera i pokrywa się z zewnętrznym adresem, zewnętrzny adres zostanie usunięty.",
         "force_pw_update": "Wymuszenie aktualizacji hasła przy następnym logowaniu",
-        "force_pw_update_info": "Ten użytkownik będzie mógł logować się wyłącznie do %s. Hasła aplikacyjne pozostają aktywne.",
+        "force_pw_update_info": "Ten użytkownik będzie mógł logować się wyłącznie tutaj %s. Hasła aplikacyjne pozostają aktywne.",
         "footer_exclude": "Wyklucz ze stopki",
         "gal": "Globalna lista adresowa",
         "gal_info": "GAL zawiera wszystkie obiekty domeny i nie może być edytowana przez żadnego użytkownika. Informacje o dostępności (free/busy) w SOGo są niedostępne, jeśli funkcja jest wyłączona!<b>Uruchom ponownie SOGo, aby zastosować zmiany.</b>",
@@ -674,7 +674,11 @@
         "spam_score": "Ustaw własny poziom punktacji spamu",
         "timeout1": "Limit czasu połączenia z serwerem zdalnym",
         "timeout2": "Limit czasu połączenia z serwerem lokalnym",
-        "validate_save": "Zatwierdź i zapisz"
+        "validate_save": "Zatwierdź i zapisz",
+        "pushover_info": "Ustawienia powiadomień push będą stosowane do wszystkich czystych (nie-spamowych) dostarczanych wiadomości w tym aliasów (współdzielonych, niewspółdzielonych, oznaczonych).",
+        "mailbox_quota_def": "Domyślny limit skrzynki pocztowej",
+        "mailbox_relayhost_info": "Dotyczy wyłącznie skrzynki pocztowej i bezpośrednich aliasów, nadpisuje ustawienie serwera pośredniczącego (relayhost) dla domeny.",
+        "maxbytespersecond": "Max. Ilość bajtów na sekundę <br><small>(0 = unlimited)</small>"
     },
     "footer": {
         "cancel": "Anuluj",
@@ -847,12 +851,32 @@
         "rejected": "Odrzucony",
         "release": "Zwolnij",
         "release_body": "Dołączyliśmy Twoją wiadomość jako plik eml do tej wiadomości.",
-        "release_subject": "Potencjalnie szkodliwa pozycja kwarantanny %s"
+        "release_subject": "Potencjalnie szkodliwa pozycja kwarantanny %s",
+        "show_item": "Pokaż element",
+        "spam": "Spam",
+        "spam_score": "Wskaźnik",
+        "subj": "Temat",
+        "table_size": "Rozmiar tabeli",
+        "table_size_show_n": "Pokaż %s elementy",
+        "text_from_html_content": "Zawartość (przekonwertowany HTML)",
+        "text_plain_content": "Zawartość (tekst zwykły)",
+        "type": "Typ"
     },
     "queue": {
         "queue_manager": "Menedżer kolejki",
         "delete": "Usuń wszystko",
-        "ays": "Potwierdź, że chcesz usunąć wszystkie elementy z bieżącej kolejki."
+        "ays": "Potwierdź, że chcesz usunąć wszystkie elementy z bieżącej kolejki.",
+        "flush": "Opróżnij kolejkę wiadomości",
+        "info": "Kolejka poczty zawiera wszystkie wiadomości e-mail oczekujące na dostarczenie.\nJeśli wiadomość e-mail pozostaje w kolejce przez dłuższy czas, system automatycznie ją usuwa.<br>\nKomunikat błędu dla danej wiadomości zawiera informacje o przyczynie, dla której nie mogła zostać dostarczona.",
+        "legend": "Funkcje zarządzania kolejką poczty",
+        "deliver_mail": "Dostarcz",
+        "deliver_mail_legend": "Próby ponownego dostarczenia wybranych wiadomości.",
+        "hold_mail": "Wstrzymane",
+        "hold_mail_legend": "Wstrzymuję wybrane maile. (Zapobiega dalszym próbom dostarczenia)",
+        "show_message": "Pokaż wiadomość",
+        "unban": "Usuń zablokowanie w kolejce",
+        "unhold_mail": "Zwolnij wiadomość",
+        "unhold_mail_legend": "Zwalnia wybrane wiadomości do dostarczenia (wymaga wcześniejszego wstrzymania)."
     },
     "start": {
         "help": "Pokaż/Ukryj panel pomocy",
@@ -878,7 +902,7 @@
         "f2b_modified": "Zmiany w Fail2ban zostały zapisane",
         "forwarding_host_added": "Dodano hosta przekazującego %s",
         "forwarding_host_removed": "Usunięto hosta przekazującego %s",
-        "item_deleted": "",
+        "item_deleted": "Element %s skutecznie usunięte",
         "items_deleted": "Elementy %s skutecznie usunięte",
         "mailbox_added": "Dodano skrzynkę %s",
         "mailbox_modified": "Zapisano zmiany w skrzynce %s",
@@ -895,7 +919,59 @@
         "verified_fido2_login": "Zweryfikowany login FIDO2",
         "verified_totp_login": "Zweryfikowany login TOTP",
         "verified_webauthn_login": "Zweryfikowany login WebAuthn",
-        "verified_yotp_login": "Zweryfikowany login Yubico OTP"
+        "verified_yotp_login": "Zweryfikowany login Yubico OTP",
+        "acl_saved": "ACL dla obiektu %s zapisany",
+        "admin_added": "Administrator %s został dodany",
+        "admin_api_modified": "Zmiany w API zostały zapisane",
+        "admin_removed": "Administrator %s został usunięty",
+        "app_links": "Zapisane zmiany w linkach aplikacji",
+        "app_passwd_added": "Dodano nowe hasło aplikacji",
+        "app_passwd_removed": "Usunięto ID hasła aplikacji %s",
+        "bcc_deleted": "Wpisy map BCC usunięte: %s",
+        "bcc_edited": "Wpis mapy BCC %s edytowany",
+        "bcc_saved": "Wpis mapy BCC zapisany",
+        "cors_headers_edited": "Ustawienia CORS zostały zapisane",
+        "custom_login_modified": "Dostosowanie logowania zostało pomyślnie zapisane",
+        "db_init_complete": "Inicjalizacja bazy danych zakończona",
+        "delete_filter": "Filtry %s ID usunięte",
+        "delete_filters": "Usunięte filtry: %s",
+        "deleted_syncjob": "Usunięte syncjob ID %s",
+        "deleted_syncjobs": "Usunięte syncjobs: %s”.",
+        "domain_add_dkim_available": "Klucz DKIM już istniał",
+        "dkim_duplicated": "Klucz DKIM dla domeny %s został skopiowany do %s",
+        "domain_footer_modified": "Zmiany w stopce domeny %s zostały zapisane",
+        "dovecot_restart_success": "Dovecot został pomyślnie zrestartowany",
+        "f2b_banlist_refreshed": "ID listy banów został pomyślnie odświeżony.",
+        "global_filter_written": "Filtr został pomyślnie zapisany do pliku",
+        "hash_deleted": "Hash usunięty",
+        "iam_test_connection": "Połączenie powiodło się",
+        "ip_check_opt_in_modified": "Sprawdzenie adresu IP zostało pomyślnie zapisane",
+        "item_released": "Pozycja %s zwolniona",
+        "items_released": "Wybrane elementy zostały zwolnione",
+        "learned_ham": "Pomyślnie nauczono ID %s jako ham",
+        "license_modified": "Zmiany w licencji zostały zapisane",
+        "logged_in_as": "Zalogowany jako %s",
+        "mailbox_renamed": "Nazwa skrzynki pocztowej została zmieniona z %s na %s",
+        "nginx_reloaded": "Nginx został przeładowany",
+        "password_policy_saved": "Polityka haseł została pomyślnie zapisana",
+        "password_changed_success": "Hasło zostało pomyślnie zmienione",
+        "pushover_settings_edited": "Ustawienia Pushover pomyślnie ustawione, proszę zweryfikować dane uwierzytelniające.",
+        "qlearn_spam": "Identyfikator wiadomości %s został nauczony jako spam i usunięty",
+        "queue_command_success": "Polecenie kolejki zostało pomyślnie wykonane",
+        "recipient_map_entry_deleted": "Id mapy odbiorcy %s został usunięty",
+        "recipient_map_entry_saved": "Wpis mapy odbiorcy \"%s\" został zapisany",
+        "recovery_email_sent": "E-mail do odzyskiwania wysłany do %s",
+        "relayhost_added": "Wpis mapy %s został dodany",
+        "relayhost_removed": "Wpis mapy %s został usunięty",
+        "reset_main_logo": "Reset do domyślnego logo",
+        "rl_saved": "Limit szybkości dla obiektu %s został zapisany",
+        "rspamd_ui_pw_set": "Hasło do Rspamd UI pomyślnie ustawione",
+        "saved_settings": "Zapisane ustawienia",
+        "settings_map_added": "Dodano ustawienia (wpis mapy)",
+        "settings_map_removed": "Usunięte ustawienia mapy ID %s",
+        "sogo_profile_reset": "Profil SOGo dla użytkownika/ów został zresetowany",
+        "template_added": "Dodano szablon",
+        "template_modified": "Zmiany w szablonie/ach zostały zapisane"
     },
     "tfa": {
         "api_register": "%s używa Yubico Cloud API. Proszę pobrać klucz API dla Twojego klucza <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">tutaj</a>",
@@ -1197,5 +1273,12 @@
         "set_fido2_touchid": "Zarejestruj Touch ID w Apple M1",
         "set_fn": "Ustaw przyjazną nazwę w FIDO",
         "start_fido2_validation": "Rozpocznij walidację FIDO2"
+    },
+    "ratelimit": {
+        "disabled": "Wyłączone",
+        "second": "wiadomości / sekundę",
+        "minute": "wiadomości / minutę",
+        "hour": "wiadomości / godzinę",
+        "day": "wiadomości/ dzień"
     }
 }
diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index b0180256d..e7d825639 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -109,7 +109,9 @@
         "timeout2": "Тайм-аут для подключения к локальному хосту",
         "username": "Имя пользователя",
         "validate": "Проверить",
-        "validation_success": "Проверка прошла успешно"
+        "validation_success": "Проверка прошла успешно",
+        "internal": "Внутренний",
+        "internal_info": "Внутренние псевдонимы доступны только из самого домена или доменов-псевдонимов."
     },
     "admin": {
         "access": "Настройки доступа",
@@ -550,7 +552,11 @@
         "generic_server_error": "На сервере произошла непредвиденная ошибка. Пожалуйста, свяжитесь с вашим администратором.",
         "authsource_in_use": "Поставщик идентификационных данных не может быть изменен или удален, так как в данный момент он используется одним или несколькими пользователями.",
         "iam_test_connection": "Ошибка соединения",
-        "required_data_missing": "Отсутствуют необходимые данные %s"
+        "required_data_missing": "Отсутствуют необходимые данные %s",
+        "max_age_invalid": "Максимальный возраст %s недействителен",
+        "mode_invalid": "Режим %s недействителен",
+        "mx_invalid": "Запись MX %s недействительна",
+        "version_invalid": "Версия %s недействительна"
     },
     "datatables": {
         "collapse_all": "Свернуть все",
@@ -762,7 +768,20 @@
         "title": "Изменение объекта",
         "unchanged_if_empty": "Если без изменений - оставьте пустым",
         "username": "Имя пользователя",
-        "validate_save": "Подтвердить и сохранить"
+        "validate_save": "Подтвердить и сохранить",
+        "internal": "Внутренний",
+        "internal_info": "Внутренние псевдонимы доступны только из самого домена или доменов-псевдонимов.",
+        "mta_sts": "MTA-STS",
+        "mta_sts_info": "<a href='https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#SMTP_MTA_Strict_Transport_Security' target='_blank'>MTA-STS</a> — это стандарт, который обязывает почтовые серверы использовать TLS с подлинными сертификатами для доставки электронной почты.<br>Он используется, когда <a target='_blank' href='https://ru.wikipedia.org/wiki/DANE'>DANE</a> невозможен из-за неиспользуемого или неподдерживаемого DNSSEC.<br><b>Примечание</b>: если принимающий домен поддерживает DANE с DNSSEC, <b>всегда</b> предпочитается DANE — MTA-STS действует только как резервный вариант.",
+        "mta_sts_version": "Версия",
+        "mta_sts_version_info": "Определяет версию стандарта MTA-STS – на данный момент существует только <code>STSv1</code>.",
+        "mta_sts_mode": "Режим",
+        "mta_sts_mode_info": "Есть три режима на выбор:<ul><li><em>testing</em> – политика только наблюдается, нарушения не имеют последствий.</li><li><em>enforce</em> – политика соблюдается строго, соединения без подлинного TLS отклоняются.</li><li><em>none</em> – политика опубликована, но не применяется.</li></ul>",
+        "mta_sts_max_age": "Максимальный возраст",
+        "mta_sts_max_age_info": "Время в секундах, в течение которого принимающие почтовые серверы могут кэшировать эту политику перед повторной загрузкой.",
+        "mta_sts_mx": "Сервер MX",
+        "mta_sts_mx_info": "Разрешает отправку только на явно указанные имена хостов почтовых серверов; отправляющий MTA проверяет, соответствует ли DNS-имя MX-хоста списку политик, и разрешает доставку только с подлинным TLS-сертификатом (защита от MITM).",
+        "mta_sts_mx_notice": "Можно указать несколько MX-серверов (через запятую)."
     },
     "fido2": {
         "confirm": "Подтвердить",
@@ -832,7 +851,8 @@
         "login_admintext": "Войти как администратор",
         "login_user": "Вход для пользователей",
         "login_dadmin": "Вход для администраторов домена",
-        "login_admin": "Вход для администраторов"
+        "login_admin": "Вход для администраторов",
+        "email": "Email-адрес"
     },
     "mailbox": {
         "action": "Действия",
@@ -1008,7 +1028,8 @@
         "waiting": "В ожидании",
         "weekly": "Раз в неделю",
         "yes": "&#10003;",
-        "iam": "Поставщик идентификационных данных"
+        "iam": "Поставщик идентификационных данных",
+        "internal": "Внутренний"
     },
     "oauth2": {
         "access_denied": "Пожалуйста, войдите в систему как владелец почтового аккаунта, чтобы получить доступ через OAuth2.",
@@ -1331,7 +1352,7 @@
         "sogo_profile_reset": "Сбросить профиль SOGo",
         "sogo_profile_reset_help": "<b>Внимание:</b> это удалит настройки профиля SOGo вместе с <b>всеми контактами, календарями и фильтрами безвозвратно</b>.",
         "sogo_profile_reset_now": "Сбросить профиль сейчас",
-        "spam_aliases": "Временные псевдонимы электронной почты",
+        "spam_aliases": "Псевдонимы для спама",
         "spam_score_reset": "Сброс на настройки по умолчанию",
         "spamfilter": "Спам фильтр",
         "spamfilter_behavior": "Фильтрация спама",
@@ -1387,7 +1408,10 @@
         "authentication": "Аутентификация",
         "tfa_info": "Двухфакторная аутентификация помогает защитить вашу учетную запись. Если вы включите эту функцию, вам понадобятся пароли приложений для входа в приложения или службы, которые не поддерживают двухфакторную аутентификацию (например, почтовые клиенты).",
         "protocols": "Протоколы",
-        "overview": "Обзор"
+        "overview": "Обзор",
+        "expire_never": "Никогда не истекает",
+        "forever": "Навсегда",
+        "spam_aliases_info": "Псевдоним для спама — это временный адрес электронной почты, который можно использовать для защиты реальных адресов.<br>При желании можно установить срок действия, по истечении которого псевдоним будет автоматически деактивирован, что позволяет эффективно избавляться от адресов, которые были использованы не по назначению или стали доступны посторонним лицам."
     },
     "warning": {
         "cannot_delete_self": "Вы не можете удалить сами себя",
diff --git a/data/web/lang/lang.si-si.json b/data/web/lang/lang.si-si.json
index 4b1c78fae..918fb8b1a 100644
--- a/data/web/lang/lang.si-si.json
+++ b/data/web/lang/lang.si-si.json
@@ -297,7 +297,7 @@
         "forwarding_hosts_add_hint": "Lahko vpišete IPv4/IPv6 naslove, mreže v CIDR obliki, imena gostiteljev (kateri se prevedejo v IP naslove) ali imena domen (katera se prevedejo v IP naslove glede na poizvedbo po SPF zapisih, v primeru manjkajočih zapisov pa MX zapisih).",
         "forwarding_hosts_hint": "Dohodna sporočila so brezpogojno sprejeta od katerih koli gostiteljev v tem seznamu. Ti gostitelji se ne bodo preverjali po DNSBL seznamih in ne bodo dodani v listo sivih. Prejeta neželena pošta s teh gostiteljev ni nikoli zavrnjena, opcijsko pa se lahko premakne v mapo neželene pošte. Najpogostejša uporaba za to je navedba poštnih strežnikov, iz katerih ste nastavili pravilo za posredovanje pošte na vaš mailcow strežnik.",
         "license_info": "Licenca ni zahtevana, a pomaga pri nadaljnjem razvoju. <br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"Naročilo SAL\">Registrirajte svoj GUID tukaj</a> ali <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Naročilo podpore\">Kupite podporo za svojo namestitev Mailcow.</a>",
-        "lookup_mx": "Cilj je regularni izraz, ki se ujema z imenom MX (<code>.*\\.google\\.com</code> za usmerjanje vse pošte, usmerjene na MX, ki se konča na google.com, prek tega skoka).",
+        "lookup_mx": "Cilj je regularni izraz, ki se ujema z imenom MX (<code>.*\\.google\\.com</code> za usmerjanje vse pošte, usmerjene na MX, ki se konča na google.com, prek tega skoka)",
         "main_name": "Naziv \"mailcow UI\"",
         "merged_vars_hint": "Sive vrstice so združene iz <code>vars.(local.)inc.php</code> in jih ni mogoče spremeniti.",
         "oauth2_info": "Implementacija OAuth2 podpira vrsto odobritve »Avtorizacijska koda« in izda osvežilne žetone.<br>\nStrežnik samodejno izda tudi nove osvežilne žetone, ko je žeton za osvežitev uporabljen.<br><br>\n&#8226; Privzeti obseg je <i>profile</i>. Prek OAuth2 je mogoče overiti samo uporabnike poštnega predala. Če parameter obsega izpustite, se vrne na <i>profile</i>.<br>\n&#8226; Parameter <i>state</i> mora odjemalec poslati kot del zahteve za avtorizacijo.<br><br>\nPoti za zahteve do API-ja OAuth2: <br>\n<ul>\n<li>Končna točka avtorizacije: <code>/oauth/authorize</code></li>\n<li>Končna točka žetona: <code>/oauth/token</code></li>\n<li>Stran z viri: <code>/oauth/profile</code></li>\n</ul>\nPonovno ustvarjanje skrivnosti odjemalca ne bo poteklo obstoječih kod za avtorizacijo, vendar ne bo obnovilo žetona.<br><br>\nPreklic žetonov odjemalca bo povzročil takojšnjo prekinitev vseh aktivnih sej. Vse stranke se morajo ponovno overiti.",
@@ -414,7 +414,7 @@
         "needs_restart": "potreben je ponovni zagon"
     },
     "danger": {
-        "alias_goto_identical": "Vzdevek in ciljni naslov se ne smeta ujemati.",
+        "alias_goto_identical": "Vzdevek in ciljni naslov se ne smeta ujemati",
         "aliasd_targetd_identical": "Vzdevek domene ne sme biti enak ciljni domeni: %s",
         "bcc_exists": "Za tip %s obstaja BCC preslikava %s",
         "dkim_domain_or_sel_exists": "DKIM ključ za \"%s\" obstaja in ne bo prepisan",
@@ -651,7 +651,7 @@
         "pushover_title": "Naslov obvestila",
         "domains": "Domene",
         "extended_sender_acl_info": "Uvoziti je treba ključ domene DKIM, če je na voljo.<br>\n  Ne pozabite dodati tega strežnika v ustrezni zapis SPF TXT.<br>\n  Kadar koli je temu strežniku dodana domena ali vzdevek domene, ki se prekriva z zunanjim naslovom, se zunanji naslov odstrani.<br>\n  Uporabite @domain.tld, da omogočite pošiljanje kot *@domain.tld.",
-        "lookup_mx": "Cilj je regularni izraz, ki se ujema z imenom MX (<code>.*\\.google\\.com</code> za usmerjanje vse pošte, usmerjene na MX, ki se konča na google.com, prek tega skoka).",
+        "lookup_mx": "Cilj je regularni izraz, ki se ujema z imenom MX (<code>.*\\.google\\.com</code> za usmerjanje vse pošte, usmerjene na MX, ki se konča na google.com, prek tega skoka)",
         "maxbytespersecond": "Največ bajtov na sekundo <br><small>(0 = neomejeno)</small>",
         "pushover_sender_array": "Upoštevaj samo sledeče e-poštne naslove pošiljateljev <small>(ločeni z vejico)</small>",
         "mbox_rl_info": "Ta omejitev se uporabi za prijavno ime SASL in se ujema z naslovom \"od\", ki ga uporablja prijavljeni uporabnik. Omejitev poštnega nabiralnika preglasi omejitev za celotno domeno.",
@@ -1359,7 +1359,7 @@
         "sogo_profile_reset": "Ponastavi profil SOGo",
         "sogo_profile_reset_help": "S tem boste uničili uporabnikov profil SOGo in <b>nepovratno izbrisali vse stike in podatke koledarja</b>.",
         "sogo_profile_reset_now": "Ponastavi profil zdaj",
-        "spam_aliases": "Začasni vzdevki e-pošte",
+        "spam_aliases": "Vzdevki neželene e-pošte",
         "spam_score_reset": "Ponastavi na privzete nastavitve strežnika",
         "spamfilter": "Filter neželene pošte",
         "spamfilter_behavior": "Ocena",
@@ -1407,7 +1407,10 @@
         "years": "leta",
         "waiting": "Čakanje",
         "q_all": "Vse kategorije",
-        "syncjob_EX_OK": "Uspeh"
+        "syncjob_EX_OK": "Uspeh",
+        "expire_never": "Nikoli ne poteče",
+        "forever": "Za vedno",
+        "spam_aliases_info": "Vzdevek za neželeno pošto je začasni e-poštni naslov, ki ga je mogoče uporabiti za zaščito pravih e-poštnih naslovov. <br>Po želji je mogoče nastaviti čas poteka veljavnosti, tako da se vzdevek po določenem obdobju samodejno deaktivira, s čimer se učinkovito znebite zlorabljenih ali razkritih naslovov."
     },
     "warning": {
         "cannot_delete_self": "Prijavljenega uporabnika ni mogoče izbrisati",

From 6f9ee2d15135e910672fa6d98a4095195d357f97 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 21 Nov 2025 10:55:12 +0100
Subject: [PATCH 737/755] chore(deps): update actions/checkout action to v6
 (#6920)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/image_builds.yml                  | 2 +-
 .github/workflows/pr_to_nightly.yml                 | 2 +-
 .github/workflows/rebuild_backup_image.yml          | 2 +-
 .github/workflows/update_postscreen_access_list.yml | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/image_builds.yml b/.github/workflows/image_builds.yml
index a5ebb902f..c8ec7ccae 100644
--- a/.github/workflows/image_builds.yml
+++ b/.github/workflows/image_builds.yml
@@ -27,7 +27,7 @@ jobs:
           - "watchdog-mailcow"
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Setup Docker
         run: |
           curl -sSL https://get.docker.com/ | CHANNEL=stable sudo sh
diff --git a/.github/workflows/pr_to_nightly.yml b/.github/workflows/pr_to_nightly.yml
index d234be3fe..548fabde6 100644
--- a/.github/workflows/pr_to_nightly.yml
+++ b/.github/workflows/pr_to_nightly.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
       - name: Run the Action
diff --git a/.github/workflows/rebuild_backup_image.yml b/.github/workflows/rebuild_backup_image.yml
index a8679d980..10edd5cd0 100644
--- a/.github/workflows/rebuild_backup_image.yml
+++ b/.github/workflows/rebuild_backup_image.yml
@@ -13,7 +13,7 @@ jobs:
       packages: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
diff --git a/.github/workflows/update_postscreen_access_list.yml b/.github/workflows/update_postscreen_access_list.yml
index eed07876e..80b218c1b 100644
--- a/.github/workflows/update_postscreen_access_list.yml
+++ b/.github/workflows/update_postscreen_access_list.yml
@@ -15,7 +15,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
     - name: Checkout
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
 
     - name: Generate postscreen_access.cidr
       run: |

From 514fefd2edcf97c083820afe44901109ab8b8533 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Mon, 24 Nov 2025 16:50:03 +0100
Subject: [PATCH 738/755] Translations update from Weblate (#6924)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Web] Updated lang.ca-es.json

Co-authored-by: Pere Montpeó <peremontpeo@gmail.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.gr-gr.json

Co-authored-by: Chris <chrismfz@gmail.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.cs-cz.json

Co-authored-by: Filip Hajny <filip@hajny.net>

* [Web] Updated lang.pl-pl.json

[Web] Updated lang.pl-pl.json

Co-authored-by: Monika Bark <rychert.monika@wp.pl>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

---------

Co-authored-by: Pere Montpeó <peremontpeo@gmail.com>
Co-authored-by: Chris <chrismfz@gmail.com>
Co-authored-by: Filip Hajny <filip@hajny.net>
Co-authored-by: Monika Bark <rychert.monika@wp.pl>
---
 data/web/lang/lang.ca-es.json | 31 +++++++++++++++--
 data/web/lang/lang.cs-cz.json | 29 +++++++++-------
 data/web/lang/lang.gr-gr.json |  3 +-
 data/web/lang/lang.pl-pl.json | 65 +++++++++++++++++++----------------
 4 files changed, 82 insertions(+), 46 deletions(-)

diff --git a/data/web/lang/lang.ca-es.json b/data/web/lang/lang.ca-es.json
index ba84543a2..5b8e9b64d 100644
--- a/data/web/lang/lang.ca-es.json
+++ b/data/web/lang/lang.ca-es.json
@@ -19,7 +19,16 @@
         "spam_alias": "Àlies temporals",
         "spam_score": "Puntuació de correu brossa",
         "tls_policy": "Política TLS",
-        "unlimited_quota": "Quota ilimitada per bústies de correo"
+        "unlimited_quota": "Quota ilimitada per bústies de correo",
+        "delimiter_action": "Acció delimitadora",
+        "domain_relayhost": "Canviar relayhost per un domini",
+        "extend_sender_acl": "Permetre extendre l'ACL del remitent per adreces externes",
+        "mailbox_relayhost": "Canvia el host de reenviament per una bústia",
+        "pushover": "Pushover",
+        "pw_reset": "Permetre el restabliment de la contrasenya de l'usuari mailcow",
+        "ratelimit": "Límit de peticions",
+        "smtp_ip_access": "Canvia hosts permesos per SMTP",
+        "sogo_access": "Permetre la gestió d'accés a SOGo"
     },
     "add": {
         "activate_filter_warn": "All other filters will be deactivated, when active is checked.",
@@ -73,7 +82,25 @@
         "validate": "Validar",
         "validation_success": "Validated successfully",
         "app_name": "Nom de l'aplicació",
-        "app_password": "Afegir contrasenya a l'aplicació"
+        "app_password": "Afegir contrasenya a l'aplicació",
+        "app_passwd_protocols": "Protocols autoritzats per la contrasenya de l'aplicació",
+        "bcc_dest_format": "La destinació c/o ha de ser una única adreça de correu vàlida.<br>Si necessiteu enviar una còpia a diverses adreces, creeu un àlies i utilitzeu-lo aquí.",
+        "comment_info": "Els comentaris privats no són visibles per l'usuari, mentre que els comentaris públics apareixen com una descripció emergent a la informació de l'usuari",
+        "custom_params": "Paràmetres personalitzats",
+        "custom_params_hint": "Correcte: --param=xy, incorrecte: --param xy",
+        "destination": "Destí",
+        "disable_login": "No permetre l'inici de sessió (els missatges entrants continuen sent acceptats)",
+        "domain_matches_hostname": "El domini %s coincideix amb el nom del servidor",
+        "dry": "Simular la sincronització",
+        "gal": "Llista d'adreces global",
+        "generate": "genereu",
+        "inactive": "Inactiu",
+        "internal": "Intern",
+        "internal_info": "Els àlies interns són només accessibles des del mateix domini o els àlies de dominis.",
+        "mailbox_quota_def": "Quota per defecte de la bústia",
+        "nexthop": "Següent salt",
+        "private_comment": "Comentari privat",
+        "public_comment": "Comentari púlbic"
     },
     "admin": {
         "access": "Accés",
diff --git a/data/web/lang/lang.cs-cz.json b/data/web/lang/lang.cs-cz.json
index b3068ab0f..b178720a9 100644
--- a/data/web/lang/lang.cs-cz.json
+++ b/data/web/lang/lang.cs-cz.json
@@ -149,7 +149,7 @@
         "arrival_time": "Čas zařazení do fronty (čas na serveru)",
         "authed_user": "Přihlášený uživatel",
         "ays": "Opravdu chcete pokračovat?",
-        "ban_list_info": "Seznam blokovaných IP adres je zobrazen níže: <b>síť (zbývající čas blokování) - [akce]</b>.<br />IP adresy zařazené pro odblokování budou z aktivního seznamu odebrány během několika sekund.<br />Červeně označené položky jsou pernamentní bloky z blacklistu.",
+        "ban_list_info": "Viz seznam zablokovaných IP níže: <b>síť (zbývající doba zablokování) - [akce]</b>.<br />IP adresy zařazené pro odblokování budou z aktivního seznamu odebrány během pár sekund.<br />Červeně označeny jsou položky z trvalých seznamů.",
         "change_logo": "Změnit logo",
         "logo_normal_label": "Normální",
         "logo_dark_label": "Inverzní pro tmavý režim",
@@ -183,16 +183,16 @@
         "empty": "Žádné výsledky",
         "excludes": "Vyloučit tyto příjemce",
         "f2b_ban_time": "Doba blokování (s)",
-        "f2b_blacklist": "Sítě/hostitelé na blacklistu",
+        "f2b_blacklist": "Sítě či hostitelé na seznamu zákazů",
         "f2b_filter": "Regex filtre",
-        "f2b_list_info": "Síť nebo hostitelé na blacklistu mají vždy větší váhu než položky na whitelistu. <b>Každá úprava seznamů trvá pár sekund.</b>",
+        "f2b_list_info": "Sítě či hostitelé na seznamu zákazů mají vždy větší váhu než položky na seznamu povolení. <b>Každá úprava seznamu trvá pár sekund.</b>",
         "f2b_max_attempts": "Max. pokusů",
         "f2b_netban_ipv4": "Rozsah IPv4 podsítě k zablokování (8-32)",
         "f2b_netban_ipv6": "Rozsah IPv6 podsítě k zablokování (8-128)",
         "f2b_parameters": "Parametry automatického firewallu",
         "f2b_regex_info": "Záznamy které se berou v úvahu: SOGo, Postfix, Dovecot, PHP-FPM.",
         "f2b_retry_window": "Časový horizont pro maximum pokusů (s)",
-        "f2b_whitelist": "Sítě/hostitelé na whitelistu",
+        "f2b_whitelist": "Sítě či hostitelé na seznamu povolení",
         "filter_table": "Tabulka filtrů",
         "forwarding_hosts": "Předávající servery",
         "forwarding_hosts_add_hint": "Lze zadat IPv4/IPv6 adresy, sítě ve formátu CIDR, názvy serverů (budou převedeny na IP adresy) nebo názvy domén (budou převedeny na IP pomocí SPF záznamů, příp. MX záznamů).",
@@ -304,7 +304,7 @@
         "rspamd_com_settings": "Název nastavení se vygeneruje automaticky, viz ukázky nastavení níže. Více informací viz <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd dokumentace</a>",
         "rspamd_global_filters": "Mapa globálních filtrů",
         "rspamd_global_filters_agree": "Budu opatrný!",
-        "rspamd_global_filters_info": "Mapa globálních filtrů obsahuje jiné globální black- a whitelisty.",
+        "rspamd_global_filters_info": "Mapa globálních filtrů obsahuje různé seznamy povolených a zakázaných serverů",
         "rspamd_global_filters_regex": "Názvy stačí k vysvětlení. Položky musejí obsahovat jen platné regulární výrazy ve tvaru \"/vyraz/parametry\" (e.g. <code>/.+@domena\\.tld/i</code>).<br>\n  Každý výraz bude podroben základní kontrole, přesto je možné Rspamd 'rozbít', nebude-li syntax zcela korektní.<br>\n  Rspamd se pokusí po každé změně načíst mapu znovu. V případě potíží <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">restartujte Rspamd</a>, aby se konfigurace načetla explicitně.",
         "rspamd_settings_map": "Nastavení Rspamd",
         "sal_level": "Úroveň 'Moo'",
@@ -733,7 +733,7 @@
         "sogo_visible_info": "Tato volba určuje objekty, jež lze zobrazit v SOGo (sdílené nebo nesdílené aliasy, jež ukazuje alespoň na jednu schránku).",
         "spam_alias": "Vytvořit nebo změnit dočasné aliasy",
         "spam_filter": "Spam filtr",
-        "spam_policy": "Přidat nebo odebrat položky whitelistu/blacklistu",
+        "spam_policy": "Přidat nebo odebrat položky seznamu",
         "spam_score": "Nastavte vlastní skóre spamu",
         "subfolder2": "Synchronizace do podsložky v cílovém umístění<br><small>(prázdné = nepoužívat podsložku)</small>",
         "syncjob": "Upravit synchronizační úlohu",
@@ -883,7 +883,7 @@
         "bcc": "BCC",
         "bcc_destination": "Cíl kopie",
         "bcc_destinations": "Cíl kopií",
-        "bcc_info": "<br/>Skrytá kopie (mapa BCC) se používá pro tiché předávání kopií všech zpráv na jinou adresu. Mapa příjemců se použije, funguje-li je místní cíl jako adresát zprávy. Totéž platí pro mapy odesílatelů.<br/>\n  Místní cíl se nedozví, selže-li doručení na cíl BCC.",
+        "bcc_info": "Skrytá kopie (mapa BCC) se používá pro tiché předávání kopií všech zpráv na jinou adresu. Mapa příjemců se použije, funguje-li je místní cíl jako adresát zprávy. Totéž platí pro mapy odesílatelů.<br/>\n  Místní cíl se nedozví, selže-li doručení na cíl BCC.",
         "bcc_local_dest": "Týká se",
         "bcc_map": "Skrytá kopie",
         "bcc_map_type": "Typ skryté kopie",
@@ -1060,7 +1060,7 @@
         "notified": "Oznámeno",
         "qhandler_success": "Požadavek úspěšně přijat. Můžete nyní zavřít okno.",
         "qid": "Rspamd QID",
-        "qinfo": "Karanténní systém uloží odmítnutou poštu do databáze (odesílatel se <em>nedozví</em>, že pošta byla doručena) jakož i pošta, která bude jako kopie doručena do složky Nevyžádaná pošta. \r\n<br>\"Naučit jako spam a smazat\" naučí zprávu jako spam přes Bayesian theorem a současně vypočítá fuzzy hashes pro odmítnutí podobných zpráv v budoucnosti. \r\n<br> Prosím, berte na vědomí, že naučení více zpráv může být - záleží na vašem systému - časově náročné . <br> Položky na černé listině jsou z karantény vyloučeny.",
+        "qinfo": "Karanténa uloží do databáze odmítnutou poštu  (odesílatel se <em>nedozví</em>, že pošta byla doručena) jakož i poštu, jež se jako kopie doručuje do složky Nevyžádaná pošta.\n  <br>\"Naučit jako spam a smazat\" předá zprávu systému k naučení bayesiánskou analýzou jako spam a současně stanoví fuzzy hashe pro odmítání podobných zpráv v budoucnosti.\n  <br> Vezměte na vědomí, že učení více zpráv může být podle výkonnosti systému zabrat více času. <br> Položky na seznamu zákazů jsou z karantény vyloučeny.",
         "qitem": "Položka v karanténě",
         "quarantine": "Karanténa",
         "quick_actions": "Akce",
@@ -1347,12 +1347,12 @@
         "sogo_profile_reset": "Resetovat profil SOGo",
         "sogo_profile_reset_help": "Tato volba odstraní uživatelský profil SOGo a <b>nenávratně vymaže všechna data</b>.",
         "sogo_profile_reset_now": "Resetovat profil",
-        "spam_aliases": "Dočasné e-mailové aliasy",
+        "spam_aliases": "Spam aliasy",
         "spam_score_reset": "Obnovit výchozí nastavení serveru",
         "spamfilter": "Filtr spamu",
         "spamfilter_behavior": "Hodnocení",
-        "spamfilter_bl": "Seznam zakázaných adres (blacklist)",
-        "spamfilter_bl_desc": "Zakázané emailové adresy budou <b>vždy</b> klasifikovány jako spam a odmítnuty. Odmítnutá pošta <b>nebude</b> uložena do karantény. Lze použít zástupné znaky (*). Filtr se použije pouze na přímé aliasy (s jednou cílovou poštovní schránkou), s výjimkou doménových košů a samotné poštovní schránky.",
+        "spamfilter_bl": "Seznam zákazů",
+        "spamfilter_bl_desc": "Zakázané emailové adresy budou <b>vždy</b> klasifikovány jako spam a odmítnuty. Odmítnutá pošta <b>se neukládá</b> do karantény. Lze použít zástupné znaky (*). Filtr se použije pouze na přímé aliasy (s jednou cílovou poštovní schránkou), s výjimkou doménových košů a samotné poštovní schránky.",
         "spamfilter_default_score": "Výchozí hodnoty",
         "spamfilter_green": "Zelená: tato zpráva není spam",
         "spamfilter_hint": "První hodnota představuje \"nízké spam skóre\" a druhá \"vysoké spam skóre\".",
@@ -1363,7 +1363,7 @@
         "spamfilter_table_empty": "Žádná data k zobrazení",
         "spamfilter_table_remove": "smazat",
         "spamfilter_table_rule": "Pravidlo",
-        "spamfilter_wl": "Seznam povolených adres (whitelist)",
+        "spamfilter_wl": "Seznam povolení",
         "spamfilter_wl_desc": "Povolené emailové adresy <b>nebudou nikdy klasifikovány jako spam</b>. Lze použít zástupné znaky (*). Filtr se použije pouze na přímé aliasy (s jednou cílovou mailovou schránkou), s výjimkou doménových košů a samotné mailové schránky.",
         "spamfilter_yellow": "Žlutá: tato zpráva může být spam, bude označena jako spam a přesunuta do složky nevyžádané pošty",
         "status": "Stav",
@@ -1407,7 +1407,10 @@
         "authentication": "Autentifikace",
         "overview": "Přehled",
         "protocols": "Protokoly",
-        "value": "Hodnota"
+        "value": "Hodnota",
+        "expire_never": "Nikdy nevyprší",
+        "forever": "Navždy",
+        "spam_aliases_info": "Spam alias je dočasná adresa, již lze použít k ochraně skutečných adres. <br>Případně lze nastavit také dobu platnosti, po níž je alias automaticky deaktivován, čímž se řeší případy zneužitých či odcizených adres."
     },
     "warning": {
         "cannot_delete_self": "Nelze smazat právě přihlášeného uživatele",
diff --git a/data/web/lang/lang.gr-gr.json b/data/web/lang/lang.gr-gr.json
index df9127aec..83008e63d 100644
--- a/data/web/lang/lang.gr-gr.json
+++ b/data/web/lang/lang.gr-gr.json
@@ -6,7 +6,8 @@
         "weeks": "Εβδομάδες",
         "with_app_password": "με κωδικό εφαρμογής",
         "year": "χρόνος",
-        "years": "χρόνια"
+        "years": "χρόνια",
+        "value": "Τιμή"
     },
     "warning": {
         "cannot_delete_self": "Αδυναμία διαγραφής συνδεδεμένου χρήστη",
diff --git a/data/web/lang/lang.pl-pl.json b/data/web/lang/lang.pl-pl.json
index 61a17a749..41cf10283 100644
--- a/data/web/lang/lang.pl-pl.json
+++ b/data/web/lang/lang.pl-pl.json
@@ -173,7 +173,7 @@
         "active_rspamd_settings_map": "Aktywne ustawienia mapy",
         "add_admin": "Dodaj administratora",
         "add_relayhost": "Dodaj transport zależny od nadawcy",
-        "add_relayhost_hint": "Miej na uwadze, że dane uwierzytelniające, jeśli takie istnieją, będą przechowywane w postaci zwykłego tekstu",
+        "add_relayhost_hint": "Miej na uwadze, że dane uwierzytelniające, jeśli takie istnieją, będą przechowywane w postaci zwykłego tekstu.",
         "add_row": "Dodaj wiersz",
         "add_settings_rule": "Dodaj regułę ustawień",
         "add_transport": "Dodaj transport",
@@ -240,7 +240,7 @@
         "generate": "Generuj",
         "guid": "GUID - unikalny identyfikator instancji",
         "guid_and_license": "GUID & licencja",
-        "hash_remove_info": "Usunięcie hasha z limitem współczynnika (jeśli nadal istnieje) spowoduje całkowite zresetowanie jego licznika.<br>\n\n    Każdy hash jest oznaczony indywidualnym kolorem.",
+        "hash_remove_info": "Usunięcie hasha z limitem współczynnika (jeśli nadal istnieje) spowoduje całkowite zresetowanie jego licznika.<br>\n\n\n\n    Każdy hash jest oznaczony indywidualnym kolorem.",
         "help_text": "Zastąp tekst pomocy poniżej maski logowania (dozwolone HTML)",
         "html": "HTML",
         "iam": "Dostawca tożsamości",
@@ -266,7 +266,7 @@
         "iam_port": "Port",
         "iam_realm": "Realm",
         "iam_redirect_url": "Przekierowanie Url",
-        "iam_rest_flow": "Mailpassword Flow",
+        "iam_rest_flow": "Procedura uwierzytelniania hasła pocztowego",
         "iam_server_url": "Adres URL serwera",
         "iam_sso": "Pojedyncze logowanie",
         "iam_sync_interval": "Interwał synchronizacji / importu (min)",
@@ -362,7 +362,7 @@
         "reset_limit": "Usuń hash",
         "reset_password_vars": "<code>{{link}}</code> Wygenerowany link do resetu hasła <br><code>{{username}}</code> Nazwa skrzynki pocztowej użytkownika, który poprosił o zresetowanie hasła<br><code>{{username2}}</code> Nazwa skrzynki pocztowej do odzyskiwania <br><code>{{date}}</code> Data złożenia żądania resetowania hasła<br><code>{{token_lifetime}}</code>Żywotność tokena w minutach<br><code>{{hostname}}</code> Nazwa hosta mailcow",
         "restore_template": "Pozostaw puste, aby przywrócić szablon domyślny.",
-        "routing": "Routing",
+        "routing": "Routowanie",
         "rsetting_add_rule": "Dodaj regułę",
         "rsetting_content": "Zawartość reguły",
         "rsetting_desc": "Krótki opis",
@@ -390,7 +390,7 @@
         "title": "Tytuł",
         "title_name": "Tytuł strony internetowej \"mailcow UI\"",
         "to_top": "Powrót na górę",
-        "transport_dest_format": "Regex lub syntax: example.org, .example.org, *, box@example.org\n(wiele wartości można rozdzielić przecinkami)",
+        "transport_dest_format": "Regex lub syntax: example.org, .example.org, *, box@example.org(wiele wartości można rozdzielić przecinkami)",
         "transport_maps": "Mapy transportu",
         "transport_test_rcpt_info": "&#8226; Użyj null@hosted.mailcow.de aby przetestować przekazywanie do nieznanego miejsca docelowego.",
         "transports_hint": "&#8226; Wpis mapy transportowej <b>overrules</b> mapa transportowa zależna od nadawcy</b>.<br>\nNajlepiej stosować transporty oparte na MX &#8226;.<br>\nUstawienia zasad Outbound TLS dotyczące użytkownika są ignorowane i mogą być egzekwowane tylko przez wpisy mapy zasad TLS\n&#8226; Usługa transportu dla zdefiniowanych transportów jest zawsze \"smtp:\" i dlatego uruchomi TLS, gdy będzie oferowana. Wrapped TLS (SMTPS) nie jest obsługiwany.<br>\nAdresy pasujące do \"/localhost$/\" będą zawsze transportowane przez \"lokalne:\", dlatego miejsce docelowe \"*\" nie będzie miało zastosowania do tych adresów.<br>\n&#8226; Aby określić poświadczenia dla przykładowego następnego hopa \"[host]:25\", Postfix <b>zawsze</b> kolejkuje zapytania o \"host\" przed wyszukaniem \"[host]:25\". Takie zachowanie uniemożliwia jednoczesne użycie \"host\" i \"[host]:25.",
@@ -432,7 +432,7 @@
         "goto_invalid": "Adres Idź do jest nieprawidłowy",
         "is_alias": "został już podany jako alias",
         "is_alias_or_mailbox": "jest już znany jako alias, skrzynka pocztowa lub adres aliasu rozwinięty z domeny aliasu.",
-        "is_spam_alias": "jest już znany jako tymczasowy adres aliasu (adres aliasu antyspamowego).",
+        "is_spam_alias": "jest już znany jako tymczasowy adres aliasu (adres aliasu antyspamowego)",
         "last_key": "Nie można usunąć ostatniego klucza, zamiast tego należy wyłączyć TFA.",
         "login_failed": "Logowanie nie powiodło się",
         "mailbox_invalid": "Nieprawidłowa nazwa skrzynki",
@@ -465,10 +465,10 @@
         "bcc_empty": "Miejsce docelowe BCC nie może być puste",
         "bcc_exists": "Mapa BCC istnieje już dla tego typu",
         "bcc_must_be_email": "Miejsce docelowe BCC nie jest prawidłowym adresem e-mail",
-        "comment_too_long": "Komentarz zbyt długi, maksymalnie 160 dozwolonych znaków.",
+        "comment_too_long": "Komentarz zbyt długi, maksymalnie 160 dozwolonych znaków",
         "cors_invalid_method": "Podano nieprawidłową metodę Allow-Method",
         "cors_invalid_origin": "Podano nieprawidłową wartość Allow-Origin",
-        "defquota_empty": "Domyślny limit skrzynki pocztowej nie może wynosić 0",
+        "defquota_empty": "Domyślny limit skrzynki pocztowej nie może wynosić 0.",
         "demo_mode_enabled": "Tryb demo jest włączony",
         "dkim_domain_or_sel_exists": "Klucz DKIM już istnieje i nie zostanie nadpisany",
         "domain_cannot_match_hostname": "Domena nie może być taka sama jak nazwa hosta",
@@ -496,20 +496,20 @@
         "invalid_host": "Nieprawidłowy określony host",
         "invalid_mime_type": "Niepoprawny typ mime",
         "invalid_nexthop": "Następny format hop jest nieprawidłowy",
-        "invalid_nexthop_authenticated": "Następny hop już istnieje z innymi danymi logowania — zaktualizuj najpierw istniejące dane uwierzytelniające dla tego hopa",
+        "invalid_nexthop_authenticated": "Następny hop już istnieje z innymi danymi logowania, zaktualizuj najpierw istniejące dane uwierzytelniające dla tego hopa.",
         "invalid_recipient_map_new": "Określony nieprawidłowy nowy odbiorca",
         "invalid_recipient_map_old": "Określony nieprawidłowy pierwotny odbiorca",
         "invalid_reset_token": "Nieprawidłowy token resetu",
         "ip_list_empty": "Lista dozwolonych adresów IP nie może być pusta",
         "mailbox_defquota_exceeds_mailbox_maxquota": "Domyślny limit skrzynki pocztowej przekracza maksymalny dozwolony limit",
-        "malformed_username": "Nieprawidłowy format nazwy użytkownika.",
+        "malformed_username": "Nieprawidłowy format nazwy użytkownika",
         "map_content_empty": "Zawartość mapy nie może być pusta",
         "max_age_invalid": "Nieprawidłowa wartość maksymalnego wieku: %s",
         "mode_invalid": "Tryb %s jest nieprawidłowy",
         "mx_invalid": "Rekord MX %s jest nieprawidłowy",
         "mysql_error": "Błąd MySQL: %s",
         "network_host_invalid": "Nieprawidłowa sieć lub host: %s",
-        "next_hop_interferes": "%s powoduje konflikt z nexthop %s.",
+        "next_hop_interferes": "%s powoduje konflikt z nexthopem %s",
         "next_hop_interferes_any": "Istniejący next hop koliduje z %s.”",
         "nginx_reload_failed": "Nie udało się przeładować Nginx: %s",
         "no_user_defined": "Brak zdefiniowanego użytkownika",
@@ -523,17 +523,17 @@
         "recovery_email_failed": "Nie można wysłać e-maila odzyskiwania. Skontaktuj się ze swoim administratorem.",
         "redis_error": "Błąd Redis: %s",
         "relayhost_invalid": "Wpis mapy %s jest niepoprawny",
-        "release_send_failed": "Nie udało się zwolnić wiadomości: %s.",
+        "release_send_failed": "Nie udało się zwolnić wiadomości: %s",
         "required_data_missing": "Brakuje wymaganych danych %s",
         "reset_f2b_regex": "Filtr Regex nie mógł zostać zresetowany na czas, spróbuj ponownie lub poczekaj jeszcze kilka sekund i przeładuj stronę.",
-        "reset_token_limit_exceeded": "Limit tokenów Reset został przekroczony. Spróbuj ponownie później",
+        "reset_token_limit_exceeded": "Limit tokenów Reset został przekroczony. Spróbuj ponownie później.",
         "rl_timeframe": "Nieprawidłowo ustawiony przedział czasu limitu",
         "rspamd_ui_pw_length": "Hasło do Rspamd UI powinno mieć co najmniej 6 znaków długości",
         "script_empty": "Skrypt nie może być pusty",
         "set_acl_failed": "Nie udało się ustawić ACL",
         "settings_map_invalid": "Ustawienia id mapy %s są nieprawidłowe",
         "sieve_error": "Błąd podczas analizy skryptu Sieve: %s",
-        "spam_learn_error": "Błąd uczenia spamu: %s.",
+        "spam_learn_error": "Błąd uczenia spamu: %s",
         "subject_empty": "Temat nie może być pusty",
         "targetd_relay_domain": "Domena docelowa %s jest skonfigurowana jako domena przekazująca relay",
         "template_exists": "Szablon %s już istnieje",
@@ -608,7 +608,7 @@
         "advanced_settings": "Ustawienia zaawansowane",
         "allow_from_smtp": "Zezwalaj tylko tym adresom IP na używanie <b>SMTP</b>",
         "allow_from_smtp_info": "Pozostaw puste, aby zezwolić na wszystkich nadawców.<br>adresy IPv4/IPv6 i sieci.",
-        "allowed_protocols": "Dozwolone protokoły dla bezpośredniego dostępu użytkownika (nie wpływa na protokoły haseł aplikacji).",
+        "allowed_protocols": "Dozwolone protokoły dla bezpośredniego dostępu użytkownika (nie wpływa na protokoły haseł aplikacji)",
         "app_name": "Nazwa aplikacji",
         "app_passwd": "Hasło do aplikacji",
         "app_passwd_protocols": "Dozwolone protokoły dla hasła aplikacji",
@@ -616,10 +616,10 @@
         "bcc_dest_format": "Miejscem docelowym BCC musi być jeden prawidłowy adres e-mail.<br>Jeśli chcesz wysłać kopię na wiele adresów, utwórz alias i użyj go tutaj.",
         "client_id": "Id klienta",
         "client_secret": "Tajny klucz klienta(sekret)",
-        "comment_info": "Komentarz prywatny nie jest widoczny dla użytkownika, natomiast komentarz publiczny jest wyświetlany jako podpowiedź po najechaniu kursorem w widoku użytkownika.",
+        "comment_info": "Komentarz prywatny nie jest widoczny dla użytkownika, natomiast komentarz publiczny jest wyświetlany jako podpowiedź po najechaniu kursorem w widoku użytkownika",
         "created_on": "Stworzony na",
         "custom_attributes": "Niestandardowe atrybuty",
-        "delete2": "Usunąć wiadomości na koncie docelowym, które nie występują na koncie źródłowym?",
+        "delete2": "Usuń wiadomości na koncie docelowym, które nie występują na koncie źródłowym",
         "disable_login": "Zablokuj logowanie (przychodząca poczta nadal będzie przyjmowana)",
         "domain_footer": "Stopka dla całej domeny",
         "domain_footer_html": "Stopka HTML",
@@ -627,10 +627,10 @@
         "domain_footer_info_vars": {
             "auth_user": "{= auth_user =} - Uwierzytelniona nazwa użytkownika określona przez MTA",
             "from_user": "{= from_user =} – część użytkownika (local-part) adresu nadawcy; np. dla „moo@mailcow.tld\n” zwróci „moo”",
-            "from_name": "{= from_name =} – nazwa nadawcy (From name) z nagłówka wiadomości; np. dla „Mailcow <moo@mailcow.tld\n>” zwróci „Mailcow”.",
+            "from_name": "{= from_name =} – nazwa nadawcy (From name) z nagłówka wiadomości; np. dla \"Mailcow &lt;moo@mailcow.tld&gt;\" zwróci \"Mailcow\"",
             "from_addr": "{= from_addr =} – pełny adres nadawcy (z części envelope)",
-            "from_domain": "{= from_domain =} – część domenowa adresu nadawcy (z envelope).",
-            "custom": "{= foo =}         - jeśli skrzynka pocztowa ma niestandardowy atrybut „foo” o wartości „bar”, zwraca „bar”."
+            "from_domain": "{= from_domain =} – część domenowa adresu nadawcy (z envelope)",
+            "custom": "{= foo =}         - jeśli skrzynka pocztowa ma niestandardowy atrybut „foo” o wartości „bar”, zwraca „bar”"
         },
         "domain_footer_plain": "Stopka w formacie tekstowym(PLAIN)",
         "domain_footer_skip_replies": "Nie dodawaj stopki do odpowiedzi na e-maile",
@@ -646,7 +646,7 @@
         "internal": "Wewnętrzny",
         "internal_info": "Aliasów wewnętrznych można używać tylko w obrębie własnej domeny lub domen aliasów.",
         "last_modified": "Ostatnio modyfikowany",
-        "lookup_mx": "Destination to wyrażenie regularne dopasowujące nazwę serwera MX (np. <code>.*.google.com</code> — aby kierować całą pocztę wysyłaną do MX kończących się na google.com przez ten hop).",
+        "lookup_mx": "Destination to wyrażenie regularne dopasowujące nazwę serwera MX (np. <code>.*.google.com</code> — aby kierować całą pocztę wysyłaną do MX kończących się na google.com przez ten hop)",
         "pushover_title": "Tytuł powiadomienia",
         "pushover_sound": "Dźwięk powiadomienia",
         "pushover_vars": "Gdy nie zdefiniowano żadnego filtra nadawcy, brane będą pod uwagę wszystkie wiadomości. Filtry oparte na wyrażeniach regularnych (regex) oraz dokładne dopasowania nadawców można definiować indywidualnie — będą one przetwarzane kolejno, niezależnie od siebie. Dostępne zmienne do użycia w treści i tytule (należy pamiętać o zasadach ochrony danych osobowych).",
@@ -675,10 +675,15 @@
         "timeout1": "Limit czasu połączenia z serwerem zdalnym",
         "timeout2": "Limit czasu połączenia z serwerem lokalnym",
         "validate_save": "Zatwierdź i zapisz",
-        "pushover_info": "Ustawienia powiadomień push będą stosowane do wszystkich czystych (nie-spamowych) dostarczanych wiadomości w tym aliasów (współdzielonych, niewspółdzielonych, oznaczonych).",
+        "pushover_info": "Ustawienia powiadomień push będą miały zastosowanie do wszystkich czystych (niespamowych) wiadomości dostarczanych do <b>%s</b>, w tym aliasów (współdzielonych, niewspółdzielonych, oznaczonych)",
         "mailbox_quota_def": "Domyślny limit skrzynki pocztowej",
         "mailbox_relayhost_info": "Dotyczy wyłącznie skrzynki pocztowej i bezpośrednich aliasów, nadpisuje ustawienie serwera pośredniczącego (relayhost) dla domeny.",
-        "maxbytespersecond": "Max. Ilość bajtów na sekundę <br><small>(0 = unlimited)</small>"
+        "maxbytespersecond": "Max. Ilość bajtów na sekundę <br><small>(0 = unlimited)</small>",
+        "mailbox_rename": "Zmień nazwę skrzynki pocztowej",
+        "mailbox_rename_agree": "Stworzyłem kopię zapasową.",
+        "mailbox_rename_warning": "WAŻNE! Utwórz kopię zapasową przed zmianą nazwy skrzynki pocztowej.",
+        "mailbox_rename_alias": "Tworzenie aliasów automatycznie",
+        "mailbox_rename_title": "Nowa nazwa lokalnej skrzynki pocztowej"
     },
     "footer": {
         "cancel": "Anuluj",
@@ -725,7 +730,7 @@
         "other_logins": "lub zaloguj za pomocą",
         "email": "Adres e-mail",
         "back_to_mailcow": "Wróć do mailcow",
-        "fido2_webauthn": "FIDO2/WebAuthn Login",
+        "fido2_webauthn": "Logowanie FIDO2/WebAuthn",
         "invalid_pass_reset_token": "Token resetowania hasła jest nieprawidłowy lub wygasł.<br>Proszę poprosić o nowy link do resetowania hasła.",
         "login_user": "Logowanie użytkownika",
         "login_dadmin": "Logowanie administratora domeny",
@@ -868,7 +873,7 @@
         "ays": "Potwierdź, że chcesz usunąć wszystkie elementy z bieżącej kolejki.",
         "flush": "Opróżnij kolejkę wiadomości",
         "info": "Kolejka poczty zawiera wszystkie wiadomości e-mail oczekujące na dostarczenie.\nJeśli wiadomość e-mail pozostaje w kolejce przez dłuższy czas, system automatycznie ją usuwa.<br>\nKomunikat błędu dla danej wiadomości zawiera informacje o przyczynie, dla której nie mogła zostać dostarczona.",
-        "legend": "Funkcje zarządzania kolejką poczty",
+        "legend": "Funkcje zarządzania kolejką poczty:",
         "deliver_mail": "Dostarcz",
         "deliver_mail_legend": "Próby ponownego dostarczenia wybranych wiadomości.",
         "hold_mail": "Wstrzymane",
@@ -1110,7 +1115,7 @@
         "email_and_dav": "E-maile, kalendarze i kontakty",
         "empty": "Brak wyników",
         "expire_in": "wygasa w",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn (standard uwierzytelniania)",
         "from": "od",
         "generate": "generuj",
         "last_mail_login": "Ostatni login na skrzynkę pocztową",
@@ -1163,7 +1168,7 @@
         "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Nie można połączyć się ze zdalnym serwerem",
         "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Niewłaściwa nazwa użytkownika lub hasło",
         "text": "Tekst",
-        "tfa_info": "Uwierzytelnianie dwuskładnikowe pomaga chronić Twoje konto.\nJeśli je włączysz, będziesz potrzebować haseł aplikacji, aby logować się do programów lub usług, które nie obsługują uwierzytelniania dwuskładnikowego (np. klientów poczty).",
+        "tfa_info": "Uwierzytelnianie dwuskładnikowe pomaga chronić Twoje konto. Jeśli je włączysz, będziesz potrzebować haseł aplikacji, aby logować się do programów lub usług, które nie obsługują uwierzytelniania dwuskładnikowego (np. klientów poczty).",
         "title": "Tytuł",
         "value": "Wartość",
         "verify": "Zweryfikuj",
@@ -1190,7 +1195,7 @@
         "decimal": ".",
         "emptyTable": "Brak danych w tabeli",
         "expand_all": "Rozszerz wszystko",
-        "info": "Wyświetlanie od START do END z TOTAL wpisów.",
+        "info": "Wyświetlanie od START do END z TOTAL wpisów",
         "infoEmpty": "Wyświetlanie od 0 do 0 z 0 wpisów",
         "infoFiltered": "(filtrowane z _MAX_ suma wpisów)",
         "thousands": ",",
@@ -1221,7 +1226,7 @@
         "current_time": "Czas systemowy",
         "disk_usage": "Użycie dysku",
         "docs": "Dokumentacja",
-        "error_show_ip": "Nie można ustalić publicznych adresów IP.",
+        "error_show_ip": "Nie można ustalić publicznych adresów IP",
         "external_logs": "Logi zewnętrzne",
         "history_all_servers": "Historia (wszystkie serwery)",
         "in_memory_logs": "Logi w pamięci",
@@ -1253,7 +1258,7 @@
         "dns_records": "Rekordy DNS",
         "dns_records_24hours": "Pamiętaj, że zmiany wprowadzone w DNS mogą zająć nawet do 24 godzin, zanim ich aktualny stan zostanie poprawnie odzwierciedlony na tej stronie.\nTa sekcja ma na celu ułatwienie Ci konfiguracji rekordów DNS oraz sprawdzenie, czy wszystkie rekordy zostały prawidłowo zapisane w DNS.",
         "dns_records_data": "Poprawne dane",
-        "dns_records_docs": "Proszę skonsultuj również <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">dokumnetację</a>",
+        "dns_records_docs": "Proszę skonsultuj również <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">dokumnetację</a>.",
         "dns_records_name": "Nazwa",
         "dns_records_status": "Aktualny stan",
         "dns_records_type": "Typ",

From b873812588ce293ed878b9cbca123e48896e171f Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sat, 29 Nov 2025 13:20:02 +0100
Subject: [PATCH 739/755] [Web] Updated lang.gr-gr.json (#6930)

Co-authored-by: ChD Computers <chdcomputers@gmail.com>
---
 data/web/lang/lang.gr-gr.json | 165 ++++++++++++++++++++++++++++++++++
 1 file changed, 165 insertions(+)

diff --git a/data/web/lang/lang.gr-gr.json b/data/web/lang/lang.gr-gr.json
index 83008e63d..a070ea820 100644
--- a/data/web/lang/lang.gr-gr.json
+++ b/data/web/lang/lang.gr-gr.json
@@ -17,5 +17,170 @@
         "hash_not_found": "Η κατακερματισμένη τιμή (hash value) δεν βρέθηκε ή έχει είδη διαγραφεί.",
         "ip_invalid": "Παραλείφθηκε μη έγκυρη διεύθυνση IP: %s",
         "is_not_primary_alias": "Παραλείφθηκε μη πρωτεύον ψευδώνυμο %s"
+    },
+    "acl": {
+        "alias_domains": "Προσθήκη ψευδωνύμων τομέων",
+        "app_passwds": "Διαχείριση κωδικών εφαρμογής",
+        "bcc_maps": "χαρτογράφηση BCC",
+        "delimiter_action": "Ενέργεια οριοθέτη",
+        "domain_desc": "Αλλαγή περιγραφής τομέα",
+        "domain_relayhost": "Αλλαγή του διακομιστή αναμετάδοσης για ένα τομέα",
+        "eas_reset": "Επαναφορά συσκευών EAS",
+        "extend_sender_acl": "Να επιτρέπεται η επέκταση ACL του αποστολέα με εξωτερικές διευθύνσεις",
+        "filters": "Φίλτρα",
+        "login_as": "Είσοδος ως χρήστης e-mail",
+        "mailbox_relayhost": "Αλλαγή διακομιστή αναμετάδοσης για ένα γραμματοκιβώτιο",
+        "prohibited": "Απαγορεύεται από την ACL",
+        "protocol_access": "Αλλαγή πρόσβασης πρωτοκόλλου",
+        "pushover": "Pushover",
+        "pw_reset": "Επιτρέψτε την επαναφορά κωδικού πρόσβασης του χρήστη",
+        "quarantine": "Ενέργειες καραντίνας",
+        "quarantine_attachments": "Συνημμένα καραντίνας",
+        "quarantine_category": "Αλλαγή κατηγορίας ειδοποιήσεων καραντίνας",
+        "quarantine_notification": "Αλλαγή ειδοποιήσεων καραντίνας",
+        "ratelimit": "Όριο τιμής",
+        "recipient_maps": "Χάρτες παραληπτών",
+        "smtp_ip_access": "Αλλαγή επιτρεπόμενων διακομιστών SMTP",
+        "sogo_access": "Επιτρέψτε τη διαχείριση της πρόσβασης στο SOGo",
+        "sogo_profile_reset": "Επαναφορά του προφίλ SOGo",
+        "spam_alias": "Προσωρινά ψευδώνυμα",
+        "spam_policy": "Λίστα απορρίψεων/Λίστα επιτρεπόμενων",
+        "spam_score": "Βαθμολογία ανεπιθύμητης αλληλογραφίας",
+        "syncjobs": "Εργασίες συγχρονισμού",
+        "tls_policy": "Πολιτική TLS",
+        "unlimited_quota": "Απεριόριστο όριο για γραμματοκιβώτια"
+    },
+    "add": {
+        "activate_filter_warn": "Όλα τα άλλα φίλτρα θα απενεργοποιηθούν, όταν επιλεγεί η επιλογή \"ενεργό\".",
+        "active": "Ενεργό",
+        "add": "Προσθήκη",
+        "add_domain_only": "Προσθήκη μόνο του τομέα",
+        "add_domain_restart": "Προσθήκη του τομέα και επανεκκίνηση του SOGo",
+        "alias_address": "Διευθύνσεις ψευδωνύμων",
+        "alias_address_info": "<small>Πλήρης διεύθυνση(εις)  e-mail ή @example.com, για να λαμβάνετε ΟΛΑ τα μηνύματα ενός τομέα (χωρισμένα με κόμα). <b>μόνο τομείς του mailcow</b>.</small>",
+        "alias_domain": "Ψευδώνυμο τομέα",
+        "alias_domain_info": "<small>Μόνο έγκυρα ονόματα τομέα (χωρισμένα με κόμα).</small>",
+        "app_name": "Όνομα εφαρμογής",
+        "app_password": "Προσθήκη κωδικού εφαρμογής",
+        "app_passwd_protocols": "Επιτρεπόμενα πρωτόκολλα για κωδικούς εφαρμογών",
+        "automap": "Αυτόματη αντιστοίχηση φακέλων (\"Απεσταλμένα μηνύματα\", \"Απεσταλμένα\" => \"Στάλθηκαν\" κ.τ.λ.)",
+        "backup_mx_options": "Επιλογές αναμετάδοσης",
+        "bcc_dest_format": "Η BCC διεύθυνση πρέπει να είναι μία και έγκυρη διεύθυνση e-mail.<br>Αν θέλετε να στείλετε αντίγραφα σε πολλούς παραλήπτες, δημιουργήστε ένα ψευδόνυμο για όλους και χρησιμοποιήστε το εδώ.",
+        "comment_info": "Τα προσωπικά σχόλια δεν είναι ορατά στον χρήστη. Τα δημόσια σχόλια εμφανίζονται ως tooltips.",
+        "custom_params": "Προσαρμοσμένες παράμετροι",
+        "custom_params_hint": "Σωστή σύνταξη: --param=xy, λάθος σύνταξη: --param xy",
+        "delete1": "Διαγραφή όταν ολοκληρωθεί",
+        "delete2": "Διαγραφή μηνυμάτων στον προορισμό που δεν βρίσκονται στην πηγή",
+        "delete2duplicates": "Διαγραφή διπλότυπων στον προορισμό",
+        "description": "Περιγραφή",
+        "destination": "Προορισμός",
+        "disable_login": "Απαγόρευση εισόδου (η εισερχόμενη αλληλογραφία εξακολουθεί να γίνεται δεκτή)",
+        "domain": "Τομέας",
+        "domain_matches_hostname": "Ο τομέας %s είναι ο ίδιος με το όνομα του διακομιστή",
+        "domain_quota_m": "Συνολικό όριο τομέα (MiB)",
+        "dry": "Προσομοίωση συγχρονισμού",
+        "enc_method": "Μέθοδος κρυπτογράφησης",
+        "exclude": "Εξαίρεση αντικειμένων (regex)",
+        "full_name": "Πλήρες όνομα",
+        "gal": "Κοινόχρηστη λίστα διευθύνσεων"
+    },
+    "danger": {
+        "unknown": "Παρουσιάστηκε κάποιο άγωνστο σφάλμα",
+        "unknown_tfa_method": "Άγνωστη μέθοδος TFA",
+        "unlimited_quota_acl": "Το απεριόριστο όριο απαγορεύεται από την ACL",
+        "username_invalid": "Το όνομα χρήστη %s δεν μπορεί να χρησιμοποιηθεί",
+        "validity_missing": "Παρακαλώ ορίστε μία περίοδο εγκυρότητας",
+        "value_missing": "Παρακαλώ συμπληρώστε όλα τα δεδομένα",
+        "version_invalid": "Η έκδοση %s δεν είναι έγκυρη",
+        "yotp_verification_failed": "Η επαλήθευση μέσω Yubico OTP απέτυχε: %s"
+    },
+    "datatables": {
+        "collapse_all": "Σύμπτυξη όλων",
+        "decimal": ".",
+        "emptyTable": "Δεν υπάρχουν εγγραφές",
+        "expand_all": "Επέκταση όλων",
+        "info": "Εμφανίζονται _START_ εώς _END_ από _TOTAL_ εγγραφές",
+        "infoEmpty": "Εμφανίζονται 0 εώς 0 από 0 εγγραφές",
+        "infoFiltered": "(φιλτραρισμένες από _MAX_ συνολικές εγγραφές)",
+        "thousands": ",",
+        "lengthMenu": "Εμφάνιση _MENU_ εγγραφών",
+        "loadingRecords": "Γίνεται φόρτωση...",
+        "processing": "Παρακαλώ περιμένετε...",
+        "search": "Αναζήτηση:",
+        "zeroRecords": "Δε βρέθηκαν εγγραφές",
+        "paginate": {
+            "first": "Πρώτη",
+            "last": "Τελευταία",
+            "next": "Επόμενη",
+            "previous": "Προηγούμενη"
+        },
+        "aria": {
+            "sortAscending": ": ενεργοποίηση αύξουσας ταξινόμησης",
+            "sortDescending": ": ενεργοποίηση φθίνουσας ταξινόμησης"
+        }
+    },
+    "debug": {
+        "architecture": "Αρχιτεκτονική",
+        "chart_this_server": "Γράφημα (αυτός ο διακομιστής)",
+        "containers_info": "Πληροφορίες για τον container",
+        "container_running": "Εκτελείται",
+        "container_disabled": "Ο container έχει σταματήσει ή απενεργοποιηθεί",
+        "container_stopped": "Σταματημένος",
+        "cores": "Πυρήνες",
+        "current_time": "Ώρα συστήματος",
+        "disk_usage": "Χρήση αποθ. χώρου",
+        "docs": "Έγγραφα",
+        "error_show_ip": "Δεν είναι δυνατή η επίλυση της δημόσιας IP διεύθυνσης",
+        "external_logs": "Εξωτερικά αρχεία καταγραφής",
+        "history_all_servers": "Ιστορικό (Όλοι οι διακομιστές)",
+        "in_memory_logs": "Αρχεία καταγραφής στη μνήμη",
+        "last_modified": "Τελευταία τροποποίηση",
+        "log_info": "<p>mailcow <b>in-memory logs</b> are collected in Redis lists and trimmed to LOG_LINES (%d) every minute to reduce hammering.\n  <br>In-memory logs are not meant to be persistent. All applications that log in-memory, also log to the Docker daemon and therefore to the default logging driver.\n  <br>The in-memory log type should be used for debugging minor issues with containers.</p>\n  <p><b>External logs</b> are collected via API of the given application.</p>\n  <p><b>Static logs</b> are mostly activity logs, that are not logged to the Dockerd but still need to be persistent (except for API logs).</p>",
+        "login_time": "Ώρα",
+        "logs": "Αρχεία καταγραφής",
+        "memory": "Μνήμη",
+        "online_users": "Συνδεδεμένοι χρήστες",
+        "restart_container": "Επανεκκίνηση",
+        "service": "Υπηρεσία",
+        "show_ip": "Εμφάνιση δημόσιας IP",
+        "size": "Μέγεθος",
+        "started_at": "Ξεκίνησε στις",
+        "started_on": "Ξεκίνησε στις",
+        "static_logs": "Στατικά αρχεία καταγραφής",
+        "success": "Επιτυχία",
+        "system_containers": "Σύστημα και Containers",
+        "timezone": "Ζώνη ώρας",
+        "uptime": "Χρόνος λειτουργίας",
+        "update_available": "Υπάρχει διαθέσιμη ενημέρωση",
+        "no_update_available": "Έχετε τη τελευταία έκδοση του συστήματος",
+        "update_failed": "Δεν ήταν δυνατός ο έλεγχος για ενημερώσεις",
+        "username": "Όνομα χρήστη",
+        "wip": "Currently Work in Progress"
+    },
+    "diagnostics": {
+        "cname_from_a": "Value derived from A/AAAA record. This is supported as long as the record points to the correct resource.",
+        "dns_records": "Εγγραφές DNS",
+        "dns_records_24hours": "Παρακαλώ σημειώστε ότι οι αλλαγές στο DNS μπορεί να χρειαστούν μέχρι 24 ώρες για να ενημερωθούν σωστά και να εμφανιστούν σε αυτή τη σελίδα. Ο σκοπός της είναι να δείτε πως μπορείτε να ρυθμίσετε σωστά τις εγγραφές DNS και να ελέγξετε αν είναι σωστές.",
+        "dns_records_data": "Σωστά δεδομένα",
+        "dns_records_docs": "Παρακαλώ συμβουλευτείτε επίσης <a target=\"_blank\" href=\"https://docs.mailcow.email/getstarted/prerequisite-dns\">την τεκμηρίωση</a>.",
+        "dns_records_name": "Όνομα",
+        "dns_records_status": "Τρέχουσα κατάσταση",
+        "dns_records_type": "Τύπος",
+        "optional": "Αυτή η εγγραφή είναι προαιρετική."
+    },
+    "edit": {
+        "acl": "ACL (Δικαίωμα)",
+        "active": "Ενεργό",
+        "admin": "Επεξεργασία διαχειριστή",
+        "advanced_settings": "Ρυθμίσεις για προχωρημένους",
+        "alias": "Επεξεργασία ψευδώνυμου",
+        "allow_from_smtp": "Επέτρεψε μόνο σε αυτές τις IPs να χρησιμοποιήσουν το <b>SMTP</b>",
+        "allow_from_smtp_info": "Αφήστε το κενό για να επιτρέψετε όλους τους αποστολείς.<br>IPv4/IPv6 διευθύνσεις και δίκτυα.",
+        "allowed_protocols": "Επιτρεπόμενα πρωτόκολλα για απ' ευθείας πρόσβαση από τους χρήστες (δεν επηρεάζει τα πρωτόκολλα κωδικών πρόσβασης εφαρμογής)",
+        "app_name": "Όνομα εφαρμογής",
+        "app_passwd": "Κωδικός πρόσβασης εφαρμογής",
+        "app_passwd_protocols": "Επιτρέπομενα πρωτόκολλα για τον κωδικό εφαρμογής",
+        "automap": "Αυτόματη αντιστοίχηση φακέλων (\"Απεσταλμένα μηνύματα\", \"Απεσταλμένα\" => \"Στάλθηκαν\" κ.τ.λ.)",
+        "backup_mx_options": "Επιλογές αναμετάδοσης"
     }
 }

From 3d6253a2b25e6ca844b24c9666f67532e2d85c4a Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Mon, 1 Dec 2025 08:48:22 +0100
Subject: [PATCH 740/755] update postscreen_access.cidr (#6933)

---
 data/conf/postfix/postscreen_access.cidr | 59 ++++++++----------------
 1 file changed, 18 insertions(+), 41 deletions(-)

diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr
index 3511c6ae4..694b98636 100644
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@@ -1,6 +1,6 @@
-# Whitelist generated by Postwhite v3.4 on Sat Nov  1 00:21:43 UTC 2025
+# Whitelist generated by Postwhite v3.4 on Mon Dec  1 00:24:43 UTC 2025
 # https://github.com/stevejenkins/postwhite/
-# 2161 total rules
+# 2186 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
 2a01:111:f403:2800::/53	permit
@@ -29,7 +29,9 @@
 2a01:b747:3005:200::/56	permit
 2a01:b747:3006:200::/56	permit
 2a02:a60:0:5::/64	permit
+2a0f:f640::/56	permit
 2c0f:fb50:4000::/36	permit
+2.207.151.53	permit
 2.207.217.30	permit
 3.64.237.68	permit
 3.65.3.180	permit
@@ -63,6 +65,7 @@
 13.111.191.0/24	permit
 13.216.7.111	permit
 13.216.54.180	permit
+13.247.164.219	permit
 15.200.21.50	permit
 15.200.44.248	permit
 15.200.201.185	permit
@@ -394,23 +397,15 @@
 64.207.219.143	permit
 64.233.160.0/19	permit
 65.52.80.137	permit
-65.54.51.64/26	permit
-65.54.61.64/26	permit
 65.54.121.120/29	permit
-65.54.190.0/24	permit
-65.54.241.0/24	permit
 65.55.29.77	permit
 65.55.33.64/28	permit
-65.55.34.0/24	permit
 65.55.42.224/28	permit
 65.55.52.224/27	permit
 65.55.78.128/25	permit
 65.55.81.48/28	permit
-65.55.90.0/24	permit
 65.55.94.0/25	permit
-65.55.111.0/24	permit
 65.55.113.64/26	permit
-65.55.116.0/25	permit
 65.55.126.0/25	permit
 65.55.174.0/25	permit
 65.55.178.128/27	permit
@@ -631,7 +626,6 @@
 74.208.4.220	permit
 74.208.4.221	permit
 74.209.250.0/24	permit
-75.2.70.75	permit
 76.223.128.0/19	permit
 76.223.176.0/20	permit
 77.238.176.0/24	permit
@@ -660,18 +654,12 @@
 81.169.146.245	permit
 81.169.146.246	permit
 81.223.46.0/27	permit
-82.165.159.2	permit
-82.165.159.3	permit
-82.165.159.4	permit
 82.165.159.12	permit
 82.165.159.13	permit
 82.165.159.14	permit
-82.165.159.34	permit
-82.165.159.35	permit
 82.165.159.40	permit
 82.165.159.41	permit
 82.165.159.42	permit
-82.165.159.45	permit
 82.165.159.130	permit
 82.165.159.131	permit
 85.9.206.169	permit
@@ -1221,7 +1209,6 @@
 98.139.245.208/30	permit
 98.139.245.212/31	permit
 99.78.197.208/28	permit
-99.83.190.102	permit
 103.9.96.0/22	permit
 103.28.42.0/24	permit
 103.151.192.0/23	permit
@@ -1454,6 +1441,16 @@
 134.170.143.0/24	permit
 134.170.174.0/24	permit
 135.84.216.0/22	permit
+136.143.160.0/24	permit
+136.143.161.0/24	permit
+136.143.162.0/24	permit
+136.143.176.0/24	permit
+136.143.177.0/24	permit
+136.143.178.49	permit
+136.143.182.0/23	permit
+136.143.184.0/24	permit
+136.143.188.0/24	permit
+136.143.190.0/23	permit
 136.146.128.0/20	permit
 136.147.128.0/20	permit
 136.147.135.0/24	permit
@@ -1525,9 +1522,6 @@
 155.248.220.138	permit
 155.248.234.149	permit
 155.248.237.141	permit
-157.55.0.192/26	permit
-157.55.1.128/26	permit
-157.55.2.0/25	permit
 157.55.9.128/25	permit
 157.55.11.0/25	permit
 157.55.49.0/25	permit
@@ -1625,13 +1619,11 @@
 170.10.132.56/29	permit
 170.10.132.64/29	permit
 170.10.133.0/24	permit
-172.217.32.0/21	permit
-172.253.56.0/21	permit
-172.253.112.0/20	permit
 173.0.84.0/29	permit
 173.0.84.224/27	permit
 173.0.94.244/30	permit
 173.194.0.0/16	permit
+173.194.0.0/17	permit
 173.203.79.182	permit
 173.203.81.39	permit
 173.224.161.128/25	permit
@@ -1771,6 +1763,7 @@
 194.97.212.12	permit
 194.106.220.0/23	permit
 194.113.24.0/22	permit
+194.113.42.0/26	permit
 194.154.193.192/27	permit
 195.4.92.0/23	permit
 195.54.172.0/23	permit
@@ -1784,6 +1777,7 @@
 198.61.254.21	permit
 198.61.254.231	permit
 198.178.234.57	permit
+198.202.211.1	permit
 198.244.48.0/20	permit
 198.244.56.107	permit
 198.244.56.108	permit
@@ -1894,7 +1888,6 @@
 207.46.52.79	permit
 207.46.58.128/25	permit
 207.46.116.128/29	permit
-207.46.117.0/24	permit
 207.46.132.128/27	permit
 207.46.198.0/25	permit
 207.46.200.0/27	permit
@@ -2000,19 +1993,11 @@
 212.82.111.228/31	permit
 212.82.111.230	permit
 212.123.28.40	permit
-212.227.15.3	permit
-212.227.15.4	permit
-212.227.15.5	permit
-212.227.15.6	permit
 212.227.15.7	permit
 212.227.15.8	permit
-212.227.15.14	permit
 212.227.15.15	permit
 212.227.15.18	permit
 212.227.15.19	permit
-212.227.15.25	permit
-212.227.15.26	permit
-212.227.15.29	permit
 212.227.15.44	permit
 212.227.15.45	permit
 212.227.15.46	permit
@@ -2020,17 +2005,11 @@
 212.227.15.50	permit
 212.227.15.52	permit
 212.227.15.53	permit
-212.227.15.54	permit
-212.227.15.55	permit
 212.227.17.1	permit
 212.227.17.2	permit
 212.227.17.7	permit
-212.227.17.11	permit
-212.227.17.12	permit
 212.227.17.16	permit
 212.227.17.17	permit
-212.227.17.18	permit
-212.227.17.19	permit
 212.227.17.20	permit
 212.227.17.21	permit
 212.227.17.22	permit
@@ -2115,8 +2094,6 @@
 216.205.24.0/24	permit
 216.221.160.0/19	permit
 216.239.32.0/19	permit
-217.72.192.77	permit
-217.72.192.78	permit
 217.77.141.52	permit
 217.77.141.59	permit
 217.175.194.0/24	permit

From 6c106b4e4dfffc2bd6fc87b60f7dbe12eb917d63 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Tue, 2 Dec 2025 16:40:36 +0100
Subject: [PATCH 741/755] [Web] Updated lang.fr-fr.json (#6936)

Co-authored-by: Neuronnexion <support@nnx.com>
---
 data/web/lang/lang.fr-fr.json | 30 ++++++++++++++++++++++++------
 1 file changed, 24 insertions(+), 6 deletions(-)

diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index 07ac641b8..107988bac 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -109,7 +109,9 @@
         "bcc_dest_format": "La destination Cci doit être une seule adresse de courriel valide.<br>Si vous avez besoin d'envoyer une copie à plusieurs adresses, créez un alias et utilisez-le ici.",
         "tags": "Etiquettes",
         "app_passwd_protocols": "Protocoles autorisés pour le mot de passe de l'application",
-        "dry": "Simuler la synchronisation"
+        "dry": "Simuler la synchronisation",
+        "internal": "Interne",
+        "internal_info": "Les alias internes sont accessibles uniquement depuis le domaine ou les alias du domaine."
     },
     "admin": {
         "access": "Accès",
@@ -407,7 +409,8 @@
         "iam_host": "Hôte",
         "iam_host_info": "Saisissez un ou plusieurs hôtes LDAP, séparés par des virgules.",
         "iam_import_users": "Importer des utilisateurs",
-        "filter": "Filtrer"
+        "filter": "Filtrer",
+        "needs_restart": "nécessite un redémarrage"
     },
     "danger": {
         "access_denied": "Accès refusé ou données de formulaire non valides",
@@ -548,7 +551,11 @@
         "generic_server_error": "Une erreur de serveur inattendue s'est produite. Veuillez contacter votre administrateur.",
         "authsource_in_use": "Le fournisseur d'identité ne peut pas être modifié ou supprimé car il est actuellement utilisé par un ou plusieurs utilisateurs.",
         "iam_test_connection": "Échec de la connexion",
-        "required_data_missing": "La donnée requise %s est manquante"
+        "required_data_missing": "La donnée requise %s est manquante",
+        "max_age_invalid": "L'âge maximum %s est invalide",
+        "mode_invalid": "Le mode %s est invalide",
+        "mx_invalid": "L'enregistrement MX %s est invalide",
+        "version_invalid": "La version %s est invalide"
     },
     "debug": {
         "chart_this_server": "Graphique (ce serveur)",
@@ -734,7 +741,16 @@
         "mailbox_rename_alias": "Créer un alias automatiquement",
         "sogo_access": "Redirection directe vers SOGo",
         "pushover": "Pushover",
-        "pushover_sound": "Son"
+        "pushover_sound": "Son",
+        "internal": "Interne",
+        "internal_info": "Les alias internes sont accessibles uniquement depuis le domaine ou les alias du domaine.",
+        "mta_sts": "MTA-STS",
+        "mta_sts_version": "Version",
+        "mta_sts_version_info": "Défini la version du standard MTA-STS – actuellement seul <code>STSv1</code> est valide.",
+        "mta_sts_mode": "Mode",
+        "mta_sts_max_age": "Âge maximum",
+        "mta_sts_mx": "Serveur MX",
+        "mta_sts_mx_notice": "Plusieurs serveurs MX peuvent être spécifiés (séparés par des virgules)."
     },
     "footer": {
         "cancel": "Annuler",
@@ -789,7 +805,8 @@
         "login_linkstext": "L'identifiant n'est pas correct ?",
         "login_usertext": "Se connecter en tant qu'utilisateur",
         "login_domainadmintext": "Se connecter en tant qu'administrateur du domaine",
-        "login_admintext": "Se connecter en tant qu'administrateur"
+        "login_admintext": "Se connecter en tant qu'administrateur",
+        "email": "Adresse de courriel"
     },
     "mailbox": {
         "action": "Action",
@@ -965,7 +982,8 @@
         "syncjob_check_log": "Vérifier le journal",
         "recipient": "Destinataire",
         "open_logs": "Afficher les journaux",
-        "iam": "Fournisseur d'identité"
+        "iam": "Fournisseur d'identité",
+        "internal": "Interne"
     },
     "oauth2": {
         "access_denied": "Veuillez vous connecter en tant que propriétaire de la boîte de réception pour accorder l’accès via Oauth2.",

From 470cfb00263551e205cbaf7908dedcf26364ce4a Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 3 Dec 2025 13:53:05 +0100
Subject: [PATCH 742/755] chore(deps): update actions/stale action to v10.1.1
 (#6937)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/close_old_issues_and_prs.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/close_old_issues_and_prs.yml b/.github/workflows/close_old_issues_and_prs.yml
index 85094394a..f3306b7df 100644
--- a/.github/workflows/close_old_issues_and_prs.yml
+++ b/.github/workflows/close_old_issues_and_prs.yml
@@ -14,7 +14,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Mark/Close Stale Issues and Pull Requests 🗑️
-        uses: actions/stale@v10.1.0
+        uses: actions/stale@v10.1.1
         with:
           repo-token: ${{ secrets.STALE_ACTION_PAT }}
           days-before-stale: 60

From 9950914086124be1c9abe9dd35aefa7d3b64ffab Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 3 Dec 2025 16:26:22 +0100
Subject: [PATCH 743/755] core: improved docker compose version check

---
 _modules/scripts/core.sh | 74 ++++++++++++++++++++--------------------
 1 file changed, 37 insertions(+), 37 deletions(-)

diff --git a/_modules/scripts/core.sh b/_modules/scripts/core.sh
index f776c6212..576967a48 100644
--- a/_modules/scripts/core.sh
+++ b/_modules/scripts/core.sh
@@ -38,45 +38,45 @@ get_docker_version(){
 }
 
 get_compose_type(){
-    if docker compose > /dev/null 2>&1; then
-        if docker compose version --short | grep -e "^2." -e "^v2." > /dev/null 2>&1; then
-            COMPOSE_VERSION=native
-            COMPOSE_COMMAND="docker compose"
-            if [[ "$caller" == "update.sh" ]]; then
-                sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=native/' "$SCRIPT_DIR/mailcow.conf"
-            fi
-            echo -e "\e[33mFound Docker Compose Plugin (native).\e[0m"
-            echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
-            sleep 2
-            echo -e "\e[33mNotice: You'll have to update this Compose Version via your Package Manager manually!\e[0m"
-        else
-            echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
-            echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
-            exit 1
-        fi
-    elif docker-compose > /dev/null 2>&1; then
-    if ! [[ $(alias docker-compose 2> /dev/null) ]] ; then
-        if docker-compose version --short | grep "^2." > /dev/null 2>&1; then
-            COMPOSE_VERSION=standalone
-            COMPOSE_COMMAND="docker-compose"
-            if [[ "$caller" == "update.sh" ]]; then
-                sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=standalone/' "$SCRIPT_DIR/mailcow.conf"
-            fi
-            echo -e "\e[33mFound Docker Compose Standalone.\e[0m"
-            echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m"
-            sleep 2
-            echo -e "\e[33mNotice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.\e[0m"
-        else
-            echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
-            echo -e "\e[31mPlease update/install manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
-            exit 1
-        fi
-    fi
+  if docker compose > /dev/null 2>&1; then
+    if docker compose version --short | grep -e "^[2-9]\." -e "^v[2-9]\." -e "^[1-9][0-9]\." -e "^v[1-9][0-9]\." > /dev/null 2>&1; then
+      COMPOSE_VERSION=native
+      COMPOSE_COMMAND="docker compose"
+      if [[ "$caller" == "update.sh" ]]; then
+        sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=native/' "$SCRIPT_DIR/mailcow.conf"
+      fi
+      echo -e "\e[33mFound Docker Compose Plugin (native).\e[0m"
+      echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
+      sleep 2
+      echo -e "\e[33mNotice: You'll have to update this Compose Version via your Package Manager manually!\e[0m"
     else
-        echo -e "\e[31mCannot find Docker Compose.\e[0m"
-        echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
-        exit 1
+      echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
+      echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
+      exit 1
     fi
+  elif docker-compose > /dev/null 2>&1; then
+  if ! [[ $(alias docker-compose 2> /dev/null) ]] ; then
+    if docker-compose version --short | grep -e "^[2-9]\." -e "^[1-9][0-9]\." > /dev/null 2>&1; then
+      COMPOSE_VERSION=standalone
+      COMPOSE_COMMAND="docker-compose"
+      if [[ "$caller" == "update.sh" ]]; then
+        sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=standalone/' "$SCRIPT_DIR/mailcow.conf"
+      fi
+      echo -e "\e[33mFound Docker Compose Standalone.\e[0m"
+      echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m"
+      sleep 2
+      echo -e "\e[33mNotice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.\e[0m"
+    else
+      echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
+      echo -e "\e[31mPlease update/install manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
+      exit 1
+    fi
+  fi
+  else
+    echo -e "\e[31mCannot find Docker Compose.\e[0m"
+    echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
+    exit 1
+  fi
 }
 
 detect_bad_asn() {

From 9a2887cf46074d1cb9ad17be5a3bbcdf662fd1cf Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 3 Dec 2025 16:26:22 +0100
Subject: [PATCH 744/755] core: improved docker compose version check

---
 _modules/scripts/core.sh | 74 ++++++++++++++++++++--------------------
 1 file changed, 37 insertions(+), 37 deletions(-)

diff --git a/_modules/scripts/core.sh b/_modules/scripts/core.sh
index f776c6212..576967a48 100644
--- a/_modules/scripts/core.sh
+++ b/_modules/scripts/core.sh
@@ -38,45 +38,45 @@ get_docker_version(){
 }
 
 get_compose_type(){
-    if docker compose > /dev/null 2>&1; then
-        if docker compose version --short | grep -e "^2." -e "^v2." > /dev/null 2>&1; then
-            COMPOSE_VERSION=native
-            COMPOSE_COMMAND="docker compose"
-            if [[ "$caller" == "update.sh" ]]; then
-                sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=native/' "$SCRIPT_DIR/mailcow.conf"
-            fi
-            echo -e "\e[33mFound Docker Compose Plugin (native).\e[0m"
-            echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
-            sleep 2
-            echo -e "\e[33mNotice: You'll have to update this Compose Version via your Package Manager manually!\e[0m"
-        else
-            echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
-            echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
-            exit 1
-        fi
-    elif docker-compose > /dev/null 2>&1; then
-    if ! [[ $(alias docker-compose 2> /dev/null) ]] ; then
-        if docker-compose version --short | grep "^2." > /dev/null 2>&1; then
-            COMPOSE_VERSION=standalone
-            COMPOSE_COMMAND="docker-compose"
-            if [[ "$caller" == "update.sh" ]]; then
-                sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=standalone/' "$SCRIPT_DIR/mailcow.conf"
-            fi
-            echo -e "\e[33mFound Docker Compose Standalone.\e[0m"
-            echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m"
-            sleep 2
-            echo -e "\e[33mNotice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.\e[0m"
-        else
-            echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
-            echo -e "\e[31mPlease update/install manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
-            exit 1
-        fi
-    fi
+  if docker compose > /dev/null 2>&1; then
+    if docker compose version --short | grep -e "^[2-9]\." -e "^v[2-9]\." -e "^[1-9][0-9]\." -e "^v[1-9][0-9]\." > /dev/null 2>&1; then
+      COMPOSE_VERSION=native
+      COMPOSE_COMMAND="docker compose"
+      if [[ "$caller" == "update.sh" ]]; then
+        sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=native/' "$SCRIPT_DIR/mailcow.conf"
+      fi
+      echo -e "\e[33mFound Docker Compose Plugin (native).\e[0m"
+      echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
+      sleep 2
+      echo -e "\e[33mNotice: You'll have to update this Compose Version via your Package Manager manually!\e[0m"
     else
-        echo -e "\e[31mCannot find Docker Compose.\e[0m"
-        echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
-        exit 1
+      echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
+      echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
+      exit 1
     fi
+  elif docker-compose > /dev/null 2>&1; then
+  if ! [[ $(alias docker-compose 2> /dev/null) ]] ; then
+    if docker-compose version --short | grep -e "^[2-9]\." -e "^[1-9][0-9]\." > /dev/null 2>&1; then
+      COMPOSE_VERSION=standalone
+      COMPOSE_COMMAND="docker-compose"
+      if [[ "$caller" == "update.sh" ]]; then
+        sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=standalone/' "$SCRIPT_DIR/mailcow.conf"
+      fi
+      echo -e "\e[33mFound Docker Compose Standalone.\e[0m"
+      echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m"
+      sleep 2
+      echo -e "\e[33mNotice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.\e[0m"
+    else
+      echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
+      echo -e "\e[31mPlease update/install manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
+      exit 1
+    fi
+  fi
+  else
+    echo -e "\e[31mCannot find Docker Compose.\e[0m"
+    echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
+    exit 1
+  fi
 }
 
 detect_bad_asn() {

From 930ca76ea768f6205c5041905afbc9e226cb3105 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 3 Dec 2025 16:54:26 +0100
Subject: [PATCH 745/755] update: moved _modules initialization and update at
 the beginning of update script

---
 update.sh | 47 +++++++++++++++++++++--------------------------
 1 file changed, 21 insertions(+), 26 deletions(-)

diff --git a/update.sh b/update.sh
index 4ec0e7e40..74eb8ff2c 100755
--- a/update.sh
+++ b/update.sh
@@ -20,11 +20,28 @@ fi
 BRANCH="$(cd "${SCRIPT_DIR}" && git rev-parse --abbrev-ref HEAD)"
 
 MODULE_DIR="${SCRIPT_DIR}/_modules"
+# Calculate hash before fetch
+if [[ -d "${MODULE_DIR}" && -n "$(ls -A "${MODULE_DIR}" 2>/dev/null)" ]]; then
+  MODULES_HASH_BEFORE=$(find "${MODULE_DIR}" -type f -exec sha256sum {} \; 2>/dev/null | sort | sha256sum | awk '{print $1}')
+else
+  MODULES_HASH_BEFORE="EMPTY"
+fi
+
+echo -e "\e[33mFetching latest _modules from origin/${BRANCH}…\e[0m"
+git fetch origin "${BRANCH}"
+git checkout "origin/${BRANCH}" -- _modules
+
 if [[ ! -d "${MODULE_DIR}" || -z "$(ls -A "${MODULE_DIR}")" ]]; then
-  echo -e "\e[33m_modules is missing or empty – fetching all Modules from origin/${BRANCH}…\e[0m"
-  git fetch origin "${BRANCH}"
-  git checkout "origin/${BRANCH}" -- _modules
-  echo -e "\e[33mDone. Please restart the script...\e[0m"
+  echo -e "\e[31mError: _modules is still missing or empty after fetch!\e[0m"
+  exit 2
+fi
+
+# Calculate hash after fetch
+MODULES_HASH_AFTER=$(find "${MODULE_DIR}" -type f -exec sha256sum {} \; 2>/dev/null | sort | sha256sum | awk '{print $1}')
+
+# Check if modules changed
+if [[ "${MODULES_HASH_BEFORE}" != "${MODULES_HASH_AFTER}" ]]; then
+  echo -e "\e[33m_modules have been updated. Please restart the update script.\e[0m"
   exit 2
 fi
 
@@ -320,28 +337,6 @@ if [ ! "$DEV" ]; then
     chmod +x update.sh
     EXIT_COUNT+=1
   fi
-
-  MODULE_DIR="$(dirname "$0")/_modules"
-  echo -e "\e[32mChecking for updates in _modules...\e[0m"
-  if [ ! -d "${MODULE_DIR}" ] || [ -z "$(ls -A "${MODULE_DIR}")" ]; then
-    echo -e "\e[33m_modules missing or empty — fetching from origin...\e[0m"
-    git checkout "origin/${BRANCH}" -- _modules
-  else
-    OLD_SUM="$(find "${MODULE_DIR}" -type f -exec sha1sum {} \; | sort | sha1sum)"
-    git fetch origin
-    git checkout "origin/${BRANCH}" -- _modules
-    NEW_SUM="$(find "${MODULE_DIR}" -type f -exec sha1sum {} \; | sort | sha1sum)"
-
-    if [[ "${OLD_SUM}" != "${NEW_SUM}" ]]; then
-      EXIT_COUNT+=1
-    fi
-  fi
-
-  if [ ${EXIT_COUNT} -ge 1 ]; then
-    echo "Changes for the update Script, please run this script again, exiting!"
-    exit 2
-  fi
-
 fi
 
 if [ ! "$FORCE" ]; then

From 32a6ecddb614acee1f2a70f2f0e1d0d23d5221ae Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 3 Dec 2025 23:30:46 +0100
Subject: [PATCH 746/755] chore(deps): update alpine docker tag to v3.23
 (#6940)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .../EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml b/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml
index a0b63b3a6..5ef729a48 100644
--- a/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml
+++ b/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml
@@ -25,6 +25,6 @@ services:
         - /var/run/mysqld/mysqld.sock:/var/run/mysqld/mysqld.sock
 
     mysql-mailcow:
-      image: alpine:3.22
+      image: alpine:3.23
       command: /bin/true
       restart: "no"

From 4e3294b273abf112a7ae3acf77d3ad6357ec700a Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Wed, 3 Dec 2025 23:31:37 +0100
Subject: [PATCH 747/755] [Web] Updated lang.fr-fr.json (#6941)

[Web] Updated lang.fr-fr.json

[Web] Updated lang.fr-fr.json

Co-authored-by: Neuronnexion <support@nnx.com>
---
 data/web/lang/lang.fr-fr.json | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index 107988bac..cf3ba7831 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -16,7 +16,7 @@
         "quarantine_notification": "Modifier la notification de quarantaine",
         "quarantine_category": "Modifier la catégorie de la notification de quarantaine",
         "ratelimit": "Limite d'envoi",
-        "recipient_maps": "Cartes destinataire",
+        "recipient_maps": "Cartes des destinataires",
         "smtp_ip_access": "Changer les hôtes autorisés pour SMTP",
         "sogo_access": "Autoriser la gestion des accès à SOGo",
         "sogo_profile_reset": "Réinitialiser le profil SOGo",
@@ -444,7 +444,7 @@
         "global_filter_write_error": "Impossible d’écrire le fichier de filtre : %s",
         "global_map_invalid": "ID de carte globale %s non valide",
         "global_map_write_error": "Impossible d’écrire l’ID de la carte globale %s : %s",
-        "goto_empty": "Une adresse alias doit contenir au moins une adresse 'goto'valide",
+        "goto_empty": "Une adresse alias doit contenir au moins une adresse 'goto' valide",
         "goto_invalid": "Adresse Goto %s non valide",
         "ham_learn_error": "Erreur d'apprentissage Ham : %s",
         "imagick_exception": "Erreur : Exception Imagick lors de la lecture de l’image",
@@ -700,7 +700,7 @@
         "spam_score": "Définir un score spam personnalisé",
         "subfolder2": "Synchronisation dans le sous-dossier sur la destination<br><small>(vide = ne pas utiliser de sous-dossier)</small>",
         "syncjob": "Modifier la tâche de synchronisation",
-        "target_address": "Adresse(s) Goto<small>(séparé(s) par des virgules)</small>",
+        "target_address": "Adresse(s) Goto <small>(séparé(s) par des virgules)</small>",
         "target_domain": "Domaine cible",
         "timeout1": "Délai de connexion à l’hôte distant",
         "timeout2": "Délai de connexion à l’hôte local",
@@ -750,7 +750,11 @@
         "mta_sts_mode": "Mode",
         "mta_sts_max_age": "Âge maximum",
         "mta_sts_mx": "Serveur MX",
-        "mta_sts_mx_notice": "Plusieurs serveurs MX peuvent être spécifiés (séparés par des virgules)."
+        "mta_sts_mx_notice": "Plusieurs serveurs MX peuvent être spécifiés (séparés par des virgules).",
+        "mta_sts_info": "<a href='https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#SMTP_MTA_Strict_Transport_Security' target='_blank'>MTA-STS</a> est un standard qui oblige la délivrance des courriels entre les serveurs de courriels à utiliser TLS avec des certificats valides. <br>Il est utilisé quand <a target='_blank' href='https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities'>DANE</a> n'est pas possible à cause d'un manque ou d'un non support de DNSSEC.<br><b>Note</b> : Si le domaine du destinataire supporte DANE avec DNSSEC, DANE est <b>toujours</b> préféré – MTA-STS sert seulement en secours.",
+        "mta_sts_mode_info": "Il y a trois modes parmi lesquels choisir :<ul><li><em>testing</em> – la politique est seulement surveillée, les violations n'ont pas d'impact.</li><li><em>enforce</em> – la politique est appliquée strictement, les connexions sans TLS valide sont rejetées.</li><li><em>none</em> – la politique est publiée mais non appliquée.</li></ul>",
+        "mta_sts_max_age_info": "Durée en secondes pendant laquelle les serveurs de courriel peuvent mettre en cache cette politique avant de revérifier.",
+        "mta_sts_mx_info": "Autoriser l'envoi uniquement aux noms d'hôtes des serveurs de courriels indiqués explicitement ; le MTA émetteur vérifie si le nom d'hôte DNS du MX correspond à la liste de la politique, et autorise la délivrance seulement avec un certificat TLS valide (protège contre le MITM)."
     },
     "footer": {
         "cancel": "Annuler",
@@ -913,7 +917,7 @@
         "recipient_map_new_info": "La destination de la carte du destinataire doit être une adresse de courriel valide ou un nom de domaine.",
         "recipient_map_old": "Destinataire original",
         "recipient_map_old_info": "La destination originale des cartes des destinataires doit être une adresse de courriel valide ou un nom de domaine.",
-        "recipient_maps": "Cartes des bénéficiaires",
+        "recipient_maps": "Cartes des destinataires",
         "relay_all": "Relayer tous les destinataires",
         "remove": "Supprimer",
         "resources": "Ressources",
@@ -1240,7 +1244,7 @@
         "email_and_dav": "Courriel, calendriers et contacts",
         "encryption": "Chiffrement",
         "excludes": "Exclus",
-        "expire_in": "Expire dans",
+        "expire_in": "Expirer dans",
         "force_pw_update": "Vous <b>devez</b> définir un nouveau mot de passe pour pouvoir accéder aux services liés aux logiciels de groupe.",
         "generate": "générer",
         "hour": "heure",
@@ -1368,7 +1372,10 @@
         "mailbox_general": "Général",
         "mailbox_settings": "Paramètres",
         "tfa_info": "L'authentification à deux facteurs permet de protéger votre compte. Si vous l'activez, vous aurez besoin de mots de passe d'application pour vous connecter à des applications ou des services qui ne prennent pas en charge l'authentification à deux facteurs (par exemple les clients e-mails).",
-        "overview": "Vue d'ensemble"
+        "overview": "Vue d'ensemble",
+        "expire_never": "Ne jamais expirer",
+        "forever": "Pour toujours",
+        "spam_aliases_info": "Un alias de spam est une adresse de courriel temporaire qui peut être utilisée pour protéger les véritables adresses de courriel. <br> De manière optionnelle, une durée d'expiration peut être définie afin que l'alias soit automatiquement désactivé après la période définie, éliminant ainsi les adresses étant abusées ou ayant fuité."
     },
     "warning": {
         "cannot_delete_self": "Impossible de supprimer l’utilisateur connecté",

From 79171ea6f546f561eeca83790623ca6077325b50 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Fri, 5 Dec 2025 14:40:45 +0100
Subject: [PATCH 748/755] [Web] Updated lang.fr-fr.json (#6943)

Co-authored-by: Neuronnexion <support@nnx.com>
---
 data/web/lang/lang.fr-fr.json | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index cf3ba7831..af0df47c9 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -410,7 +410,8 @@
         "iam_host_info": "Saisissez un ou plusieurs hôtes LDAP, séparés par des virgules.",
         "iam_import_users": "Importer des utilisateurs",
         "filter": "Filtrer",
-        "needs_restart": "nécessite un redémarrage"
+        "needs_restart": "nécessite un redémarrage",
+        "iam": "Fournisseur d'identité"
     },
     "danger": {
         "access_denied": "Accès refusé ou données de formulaire non valides",
@@ -1375,7 +1376,9 @@
         "overview": "Vue d'ensemble",
         "expire_never": "Ne jamais expirer",
         "forever": "Pour toujours",
-        "spam_aliases_info": "Un alias de spam est une adresse de courriel temporaire qui peut être utilisée pour protéger les véritables adresses de courriel. <br> De manière optionnelle, une durée d'expiration peut être définie afin que l'alias soit automatiquement désactivé après la période définie, éliminant ainsi les adresses étant abusées ou ayant fuité."
+        "spam_aliases_info": "Un alias de spam est une adresse de courriel temporaire qui peut être utilisée pour protéger les véritables adresses de courriel. <br> De manière optionnelle, une durée d'expiration peut être définie afin que l'alias soit automatiquement désactivé après la période définie, éliminant ainsi les adresses étant abusées ou ayant fuité.",
+        "authentication": "Authentification",
+        "protocols": "Protocoles"
     },
     "warning": {
         "cannot_delete_self": "Impossible de supprimer l’utilisateur connecté",

From ef010aa39c7e6e8ad228bd32165612a8749ed62b Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Mon, 8 Dec 2025 15:08:25 +0100
Subject: [PATCH 749/755] Update CONTRIBUTING.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 CONTRIBUTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index d27c09de8..5e194b20d 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -5,7 +5,7 @@ First of all, thank you for wanting to provide a bugfix or a new feature for the
 
 As we want to keep mailcow's development structured we setup these Guidelines which helps you to create your issue/pull request accordingly.
 
-**PLEASE NOTE, THAT WE WILL CLOSE ISSUES/PULL REQUESTS IF THEY DON'T FULLFIL OUR WRITTEN GUIDELINES WRITTEN INSIDE THIS DOCUMENT**. So please check this guidelines before you propose a Issue/Pull Request.
+**PLEASE NOTE, THAT WE WILL CLOSE ISSUES/PULL REQUESTS IF THEY DON'T FULFILL OUR WRITTEN GUIDELINES WRITTEN INSIDE THIS DOCUMENT**. So please check this guidelines before you propose a Issue/Pull Request.
 
 ## Topics
 

From f8eed8c78698ce492f176641bb75ccbeefd24546 Mon Sep 17 00:00:00 2001
From: Khurram Malik <khurram@khurram-malik.com>
Date: Tue, 9 Dec 2025 11:54:20 +0100
Subject: [PATCH 750/755] fix(api): add missing break in CORS switch block
 causing save to hang (#6926)

---
 data/web/json_api.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/web/json_api.php b/data/web/json_api.php
index 4d7159ad2..565246e58 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -1992,6 +1992,7 @@ if (isset($_GET['query'])) {
         break;
         case "cors":
           process_edit_return(cors('edit', $attr));
+        break;
         case "identity-provider":
           process_edit_return(identity_provider('edit', $attr));
         break;

From dbb9e474b0d171ddaee959c2cc30eb12691be836 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Tue, 9 Dec 2025 13:25:50 +0100
Subject: [PATCH 751/755] pf-tlspol: upgrade to 1.8.22 (#6951)

* postfix-tlspol: upgrade to 1.8.20

* pf-tlspol: update to 1.8.22
---
 data/Dockerfiles/postfix-tlspol/Dockerfile | 2 +-
 docker-compose.yml                         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/postfix-tlspol/Dockerfile b/data/Dockerfiles/postfix-tlspol/Dockerfile
index c32f86f57..68f6ecced 100644
--- a/data/Dockerfiles/postfix-tlspol/Dockerfile
+++ b/data/Dockerfiles/postfix-tlspol/Dockerfile
@@ -4,7 +4,7 @@ WORKDIR /src
 ENV CGO_ENABLED=0 \
     GO111MODULE=on \
 		NOOPT=1 \
-    VERSION=1.8.14
+    VERSION=1.8.22
 
 RUN git clone --branch v${VERSION} https://github.com/Zuplu/postfix-tlspol && \
     cd /src/postfix-tlspol && \
diff --git a/docker-compose.yml b/docker-compose.yml
index f7390c797..75d00af34 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -382,7 +382,7 @@ services:
             - postfix
 
     postfix-tlspol-mailcow:
-      image: ghcr.io/mailcow/postfix-tlspol:1.0
+      image: ghcr.io/mailcow/postfix-tlspol:1.8.22
       depends_on:
         unbound-mailcow:
           condition: service_healthy

From c11ed5dd1e899173500161ebf52e572de42917ca Mon Sep 17 00:00:00 2001
From: Copilot <198982749+Copilot@users.noreply.github.com>
Date: Fri, 12 Dec 2025 12:34:20 +0100
Subject: [PATCH 752/755] Prevent duplicate/plaintext login announcement
 rendering (#6963)

* Initial plan

* Fix duplicate login announcement display

Co-authored-by: DerLinkman <62480600+DerLinkman@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: DerLinkman <62480600+DerLinkman@users.noreply.github.com>
---
 data/web/templates/base.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig
index a8d0f6f39..98fdd86e4 100644
--- a/data/web/templates/base.twig
+++ b/data/web/templates/base.twig
@@ -144,7 +144,7 @@
 
 <form action="/" method="post" id="logout"><input type="hidden" name="logout"></form>
 
-{% if ui_texts.ui_announcement_text and ui_texts.ui_announcement_active and not is_root_uri %}
+{% if ui_texts.ui_announcement_text and ui_texts.ui_announcement_active and not is_root_uri and mailcow_cc_username %}
 <div class="container mt-4">
   <div class="alert alert-{{ ui_texts.ui_announcement_type }}">{{ ui_texts.ui_announcement_text }}</div>
 </div>

From e76f5237edcccd8fdcc613e22f9d9b84265459db Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Thu, 11 Dec 2025 13:29:11 +0100
Subject: [PATCH 753/755] ofelia: revert fixed cron syntax for sa-rules
 download

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 75d00af34..ae9a18d98 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -321,7 +321,7 @@ services:
         ofelia.job-exec.dovecot_clean_q_aged.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/clean_q_aged.sh || exit 0\""
         ofelia.job-exec.dovecot_maildir_gc.schedule: "0 */30 * * * *"
         ofelia.job-exec.dovecot_maildir_gc.command: "/bin/bash -c \"source /source_env.sh ; /usr/local/bin/gosu vmail /usr/local/bin/maildir_gc.sh\""
-        ofelia.job-exec.dovecot_sarules.schedule: "0 0 0 * * *"
+        ofelia.job-exec.dovecot_sarules.schedule: "@every 24h"
         ofelia.job-exec.dovecot_sarules.command: "/bin/bash -c \"/usr/local/bin/sa-rules.sh\""
         ofelia.job-exec.dovecot_fts.schedule: "0 0 0 * * *"
         ofelia.job-exec.dovecot_fts.command: "/bin/bash -c \"/usr/local/bin/gosu vmail /usr/local/bin/optimize-fts.sh\""

From d977ddb5017e27f817f09310dcb7056449cb88fd Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 10 Dec 2025 08:43:04 +0100
Subject: [PATCH 754/755] backup: add image prefetch function to verify latest
 image is used

---
 helper-scripts/backup_and_restore.sh | 38 ++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/helper-scripts/backup_and_restore.sh b/helper-scripts/backup_and_restore.sh
index 7b75272cf..2e65f1343 100755
--- a/helper-scripts/backup_and_restore.sh
+++ b/helper-scripts/backup_and_restore.sh
@@ -91,6 +91,44 @@ if grep --help 2>&1 | head -n 1 | grep -q -i "busybox"; then
   exit 1
 fi
 
+# Add image prefetch function
+function prefetch_image() {
+  echo "Checking Docker image: ${DEBIAN_DOCKER_IMAGE}"
+  
+  # Get local image digest if it exists
+  local local_digest=$(docker image inspect ${DEBIAN_DOCKER_IMAGE} --format='{{index .RepoDigests 0}}' 2>/dev/null | cut -d'@' -f2)
+  
+  # Get remote image digest without pulling
+  local remote_digest=$(docker manifest inspect ${DEBIAN_DOCKER_IMAGE} 2>/dev/null | grep -oP '"digest":\s*"\K[^"]+' | head -1)
+  
+  if [[ -z "${remote_digest}" ]]; then
+    echo "Warning: Unable to check remote image"
+    if [[ -n "${local_digest}" ]]; then
+      echo "Using cached version"
+      echo
+      return 0
+    else
+      echo "Error: Image ${DEBIAN_DOCKER_IMAGE} not found locally or remotely"
+      exit 1
+    fi
+  fi
+  
+  if [[ "${local_digest}" != "${remote_digest}" ]]; then
+    echo "Image update available, pulling ${DEBIAN_DOCKER_IMAGE}"
+    if docker pull ${DEBIAN_DOCKER_IMAGE} 2>/dev/null; then
+      echo "Successfully pulled ${DEBIAN_DOCKER_IMAGE}"
+    else
+      echo "Error: Failed to pull ${DEBIAN_DOCKER_IMAGE}"
+      exit 1
+    fi
+  else
+    echo "Image is up to date (${remote_digest:0:12}...)"
+  fi
+  echo
+}
+
+# Prefetch the image early in the script
+prefetch_image
 
 function backup() {
   DATE=$(date +"%Y-%m-%d-%H-%M-%S")

From e8d9315d4ad6ae886b8146f618df1813db546254 Mon Sep 17 00:00:00 2001
From: Ashitaka <65665184+Ashitaka57@users.noreply.github.com>
Date: Wed, 10 Dec 2025 11:41:06 +0100
Subject: [PATCH 755/755] Merge pull request #6905 from
 Ashitaka57/6646-pbkdf2-sha512-verify-hash

Support for PBKDF2-SHA512 hash algorithm in verify_hash() (FreeIPA compatibility) (issue 6646)
---
 data/web/inc/functions.inc.php | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 81b3f7e08..1947ec465 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -814,6 +814,32 @@ function verify_hash($hash, $password) {
         $hash = $components[4];
         return hash_equals(hash_pbkdf2('sha1', $password, $salt, $rounds), $hash);
 
+      case "PBKDF2-SHA512":
+        // Handle FreeIPA-style hash: {PBKDF2-SHA512}10000$<base64_salt>$<base64_hash>
+        $components = explode('$', $hash);
+        if (count($components) !== 3) return false;
+
+        // 1st part: iteration count (integer)
+        $iterations = intval($components[0]);
+        if ($iterations <= 0) return false;
+
+        // 2nd part: salt (base64-encoded)
+        $salt = $components[1];
+        // 3rd part: hash (base64-encoded)
+        $stored_hash_b64 = $components[2];
+
+        // Decode salt and hash from base64
+        $salt_bin = base64_decode($salt, true);
+        $hash_bin = base64_decode($stored_hash_b64, true);
+        if ($salt_bin === false || $hash_bin === false) return false;
+        // Get length of hash in bytes
+        $hash_len = strlen($hash_bin);
+        if ($hash_len === 0) return false;
+
+        // Calculate PBKDF2-SHA512 hash for provided password
+        $test_hash = hash_pbkdf2('sha512', $password, $salt_bin, $iterations, $hash_len, true);
+        return hash_equals($hash_bin, $test_hash);
+
       case "PLAIN-MD4":
         return hash_equals(hash('md4', $password), $hash);